| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/ssl/client_cert_store_impl.h" | 5 #include "net/ssl/client_cert_store_impl.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 #include <vector> | 8 #include <vector> |
| 9 | 9 |
| 10 #include "base/files/file_path.h" | 10 #include "base/files/file_path.h" |
| (...skipping 14 matching lines...) Expand all Loading... |
| 25 }; | 25 }; |
| 26 | 26 |
| 27 // "CN=E CA" - DER encoded DN of the issuer of client_2.pem | 27 // "CN=E CA" - DER encoded DN of the issuer of client_2.pem |
| 28 unsigned char kAuthority2DN[] = { | 28 unsigned char kAuthority2DN[] = { |
| 29 0x30, 0x0f, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, | 29 0x30, 0x0f, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, |
| 30 0x04, 0x45, 0x20, 0x43, 0x41 | 30 0x04, 0x45, 0x20, 0x43, 0x41 |
| 31 }; | 31 }; |
| 32 | 32 |
| 33 } // namespace | 33 } // namespace |
| 34 | 34 |
| 35 TEST(ClientCertStoreImplTest, EmptyQuery) { | 35 class ClientCertStoreImplTest : public ::testing::Test { |
| 36 protected: |
| 37 bool SelectClientCerts(const CertificateList& input_certs, |
| 38 const SSLCertRequestInfo& cert_request_info, |
| 39 CertificateList* selected_certs) { |
| 40 return store_.SelectClientCertsForTesting( |
| 41 input_certs, cert_request_info, selected_certs); |
| 42 } |
| 43 |
| 44 #if defined(OS_MACOSX) && !defined(OS_IOS) |
| 45 bool SelectClientCertsGivenPreferred( |
| 46 const scoped_refptr<X509Certificate>& preferred_cert, |
| 47 const CertificateList& regular_certs, |
| 48 const SSLCertRequestInfo& request, |
| 49 CertificateList* selected_certs) { |
| 50 return store_.SelectClientCertsGivenPreferredForTesting( |
| 51 preferred_cert, regular_certs, request, selected_certs); |
| 52 } |
| 53 #endif |
| 54 |
| 55 private: |
| 56 ClientCertStoreImpl store_; |
| 57 }; |
| 58 |
| 59 TEST_F(ClientCertStoreImplTest, EmptyQuery) { |
| 36 std::vector<scoped_refptr<X509Certificate> > certs; | 60 std::vector<scoped_refptr<X509Certificate> > certs; |
| 37 scoped_refptr<SSLCertRequestInfo> request(new SSLCertRequestInfo()); | 61 scoped_refptr<SSLCertRequestInfo> request(new SSLCertRequestInfo()); |
| 38 | 62 |
| 39 ClientCertStoreImpl store; | |
| 40 std::vector<scoped_refptr<X509Certificate> > selected_certs; | 63 std::vector<scoped_refptr<X509Certificate> > selected_certs; |
| 41 bool rv = store.SelectClientCerts(certs, *request, &selected_certs); | 64 bool rv = SelectClientCerts(certs, *request, &selected_certs); |
| 42 EXPECT_TRUE(rv); | 65 EXPECT_TRUE(rv); |
| 43 EXPECT_EQ(0u, selected_certs.size()); | 66 EXPECT_EQ(0u, selected_certs.size()); |
| 44 } | 67 } |
| 45 | 68 |
| 46 // Verify that CertRequestInfo with empty |cert_authorities| matches all | 69 // Verify that CertRequestInfo with empty |cert_authorities| matches all |
| 47 // issuers, rather than no issuers. | 70 // issuers, rather than no issuers. |
| 48 TEST(ClientCertStoreImplTest, AllIssuersAllowed) { | 71 TEST_F(ClientCertStoreImplTest, AllIssuersAllowed) { |
| 49 scoped_refptr<X509Certificate> cert( | 72 scoped_refptr<X509Certificate> cert( |
| 50 ImportCertFromFile(GetTestCertsDirectory(), "client_1.pem")); | 73 ImportCertFromFile(GetTestCertsDirectory(), "client_1.pem")); |
| 51 ASSERT_TRUE(cert); | 74 ASSERT_TRUE(cert); |
| 52 | 75 |
| 53 std::vector<scoped_refptr<X509Certificate> > certs; | 76 std::vector<scoped_refptr<X509Certificate> > certs; |
| 54 certs.push_back(cert); | 77 certs.push_back(cert); |
| 55 scoped_refptr<SSLCertRequestInfo> request(new SSLCertRequestInfo()); | 78 scoped_refptr<SSLCertRequestInfo> request(new SSLCertRequestInfo()); |
| 56 | 79 |
| 57 ClientCertStoreImpl store; | |
| 58 std::vector<scoped_refptr<X509Certificate> > selected_certs; | 80 std::vector<scoped_refptr<X509Certificate> > selected_certs; |
| 59 bool rv = store.SelectClientCerts(certs, *request, &selected_certs); | 81 bool rv = SelectClientCerts(certs, *request, &selected_certs); |
| 60 EXPECT_TRUE(rv); | 82 EXPECT_TRUE(rv); |
| 61 ASSERT_EQ(1u, selected_certs.size()); | 83 ASSERT_EQ(1u, selected_certs.size()); |
| 62 EXPECT_TRUE(selected_certs[0]->Equals(cert)); | 84 EXPECT_TRUE(selected_certs[0]->Equals(cert)); |
| 63 } | 85 } |
| 64 | 86 |
| 65 // Verify that certificates are correctly filtered against CertRequestInfo with | 87 // Verify that certificates are correctly filtered against CertRequestInfo with |
| 66 // |cert_authorities| containing only |authority_1_DN|. | 88 // |cert_authorities| containing only |authority_1_DN|. |
| 67 TEST(ClientCertStoreImplTest, CertAuthorityFiltering) { | 89 TEST_F(ClientCertStoreImplTest, CertAuthorityFiltering) { |
| 68 scoped_refptr<X509Certificate> cert_1( | 90 scoped_refptr<X509Certificate> cert_1( |
| 69 ImportCertFromFile(GetTestCertsDirectory(), "client_1.pem")); | 91 ImportCertFromFile(GetTestCertsDirectory(), "client_1.pem")); |
| 70 ASSERT_TRUE(cert_1); | 92 ASSERT_TRUE(cert_1); |
| 71 scoped_refptr<X509Certificate> cert_2( | 93 scoped_refptr<X509Certificate> cert_2( |
| 72 ImportCertFromFile(GetTestCertsDirectory(), "client_2.pem")); | 94 ImportCertFromFile(GetTestCertsDirectory(), "client_2.pem")); |
| 73 ASSERT_TRUE(cert_2); | 95 ASSERT_TRUE(cert_2); |
| 74 | 96 |
| 75 std::vector<std::string> authority_1( | 97 std::vector<std::string> authority_1( |
| 76 1, std::string(reinterpret_cast<const char*>(kAuthority1DN), | 98 1, std::string(reinterpret_cast<const char*>(kAuthority1DN), |
| 77 sizeof(kAuthority1DN))); | 99 sizeof(kAuthority1DN))); |
| 78 std::vector<std::string> authority_2( | 100 std::vector<std::string> authority_2( |
| 79 1, std::string(reinterpret_cast<const char*>(kAuthority2DN), | 101 1, std::string(reinterpret_cast<const char*>(kAuthority2DN), |
| 80 sizeof(kAuthority2DN))); | 102 sizeof(kAuthority2DN))); |
| 81 EXPECT_TRUE(cert_1->IsIssuedByEncoded(authority_1)); | 103 EXPECT_TRUE(cert_1->IsIssuedByEncoded(authority_1)); |
| 82 EXPECT_FALSE(cert_1->IsIssuedByEncoded(authority_2)); | 104 EXPECT_FALSE(cert_1->IsIssuedByEncoded(authority_2)); |
| 83 EXPECT_TRUE(cert_2->IsIssuedByEncoded(authority_2)); | 105 EXPECT_TRUE(cert_2->IsIssuedByEncoded(authority_2)); |
| 84 EXPECT_FALSE(cert_2->IsIssuedByEncoded(authority_1)); | 106 EXPECT_FALSE(cert_2->IsIssuedByEncoded(authority_1)); |
| 85 | 107 |
| 86 std::vector<scoped_refptr<X509Certificate> > certs; | 108 std::vector<scoped_refptr<X509Certificate> > certs; |
| 87 certs.push_back(cert_1); | 109 certs.push_back(cert_1); |
| 88 certs.push_back(cert_2); | 110 certs.push_back(cert_2); |
| 89 scoped_refptr<SSLCertRequestInfo> request(new SSLCertRequestInfo()); | 111 scoped_refptr<SSLCertRequestInfo> request(new SSLCertRequestInfo()); |
| 90 request->cert_authorities = authority_1; | 112 request->cert_authorities = authority_1; |
| 91 | 113 |
| 92 ClientCertStoreImpl store; | |
| 93 std::vector<scoped_refptr<X509Certificate> > selected_certs; | 114 std::vector<scoped_refptr<X509Certificate> > selected_certs; |
| 94 bool rv = store.SelectClientCerts(certs, *request, &selected_certs); | 115 bool rv = SelectClientCerts(certs, *request, &selected_certs); |
| 95 EXPECT_TRUE(rv); | 116 EXPECT_TRUE(rv); |
| 96 ASSERT_EQ(1u, selected_certs.size()); | 117 ASSERT_EQ(1u, selected_certs.size()); |
| 97 EXPECT_TRUE(selected_certs[0]->Equals(cert_1)); | 118 EXPECT_TRUE(selected_certs[0]->Equals(cert_1)); |
| 98 } | 119 } |
| 99 | 120 |
| 100 #if defined(OS_MACOSX) && !defined(OS_IOS) | 121 #if defined(OS_MACOSX) && !defined(OS_IOS) |
| 101 // Verify that the preferred cert gets filtered out when it doesn't match the | 122 // Verify that the preferred cert gets filtered out when it doesn't match the |
| 102 // server criteria. | 123 // server criteria. |
| 103 TEST(ClientCertStoreImplTest, FilterOutThePreferredCert) { | 124 TEST_F(ClientCertStoreImplTest, FilterOutThePreferredCert) { |
| 104 scoped_refptr<X509Certificate> cert_1( | 125 scoped_refptr<X509Certificate> cert_1( |
| 105 ImportCertFromFile(GetTestCertsDirectory(), "client_1.pem")); | 126 ImportCertFromFile(GetTestCertsDirectory(), "client_1.pem")); |
| 106 ASSERT_TRUE(cert_1); | 127 ASSERT_TRUE(cert_1); |
| 107 | 128 |
| 108 std::vector<std::string> authority_2( | 129 std::vector<std::string> authority_2( |
| 109 1, std::string(reinterpret_cast<const char*>(kAuthority2DN), | 130 1, std::string(reinterpret_cast<const char*>(kAuthority2DN), |
| 110 sizeof(kAuthority2DN))); | 131 sizeof(kAuthority2DN))); |
| 111 EXPECT_FALSE(cert_1->IsIssuedByEncoded(authority_2)); | 132 EXPECT_FALSE(cert_1->IsIssuedByEncoded(authority_2)); |
| 112 | 133 |
| 113 std::vector<scoped_refptr<X509Certificate> > certs; | 134 std::vector<scoped_refptr<X509Certificate> > certs; |
| 114 scoped_refptr<SSLCertRequestInfo> request(new SSLCertRequestInfo()); | 135 scoped_refptr<SSLCertRequestInfo> request(new SSLCertRequestInfo()); |
| 115 request->cert_authorities = authority_2; | 136 request->cert_authorities = authority_2; |
| 116 | 137 |
| 117 ClientCertStoreImpl store; | |
| 118 std::vector<scoped_refptr<X509Certificate> > selected_certs; | 138 std::vector<scoped_refptr<X509Certificate> > selected_certs; |
| 119 bool rv = store.SelectClientCertsGivenPreferred(cert_1, certs, *request, | 139 bool rv = |
| 120 &selected_certs); | 140 SelectClientCertsGivenPreferred(cert_1, certs, *request, &selected_certs); |
| 121 EXPECT_TRUE(rv); | 141 EXPECT_TRUE(rv); |
| 122 EXPECT_EQ(0u, selected_certs.size()); | 142 EXPECT_EQ(0u, selected_certs.size()); |
| 123 } | 143 } |
| 124 | 144 |
| 125 // Verify that the preferred cert takes the first position in the output list, | 145 // Verify that the preferred cert takes the first position in the output list, |
| 126 // when it does not get filtered out. | 146 // when it does not get filtered out. |
| 127 TEST(ClientCertStoreImplTest, PreferredCertGoesFirst) { | 147 TEST_F(ClientCertStoreImplTest, PreferredCertGoesFirst) { |
| 128 scoped_refptr<X509Certificate> cert_1( | 148 scoped_refptr<X509Certificate> cert_1( |
| 129 ImportCertFromFile(GetTestCertsDirectory(), "client_1.pem")); | 149 ImportCertFromFile(GetTestCertsDirectory(), "client_1.pem")); |
| 130 ASSERT_TRUE(cert_1); | 150 ASSERT_TRUE(cert_1); |
| 131 scoped_refptr<X509Certificate> cert_2( | 151 scoped_refptr<X509Certificate> cert_2( |
| 132 ImportCertFromFile(GetTestCertsDirectory(), "client_2.pem")); | 152 ImportCertFromFile(GetTestCertsDirectory(), "client_2.pem")); |
| 133 ASSERT_TRUE(cert_2); | 153 ASSERT_TRUE(cert_2); |
| 134 | 154 |
| 135 std::vector<scoped_refptr<X509Certificate> > certs; | 155 std::vector<scoped_refptr<X509Certificate> > certs; |
| 136 certs.push_back(cert_2); | 156 certs.push_back(cert_2); |
| 137 scoped_refptr<SSLCertRequestInfo> request(new SSLCertRequestInfo()); | 157 scoped_refptr<SSLCertRequestInfo> request(new SSLCertRequestInfo()); |
| 138 | 158 |
| 139 ClientCertStoreImpl store; | |
| 140 std::vector<scoped_refptr<X509Certificate> > selected_certs; | 159 std::vector<scoped_refptr<X509Certificate> > selected_certs; |
| 141 bool rv = store.SelectClientCertsGivenPreferred(cert_1, certs, *request, | 160 bool rv = |
| 142 &selected_certs); | 161 SelectClientCertsGivenPreferred(cert_1, certs, *request, &selected_certs); |
| 143 EXPECT_TRUE(rv); | 162 EXPECT_TRUE(rv); |
| 144 ASSERT_EQ(2u, selected_certs.size()); | 163 ASSERT_EQ(2u, selected_certs.size()); |
| 145 EXPECT_TRUE(selected_certs[0]->Equals(cert_1)); | 164 EXPECT_TRUE(selected_certs[0]->Equals(cert_1)); |
| 146 EXPECT_TRUE(selected_certs[1]->Equals(cert_2)); | 165 EXPECT_TRUE(selected_certs[1]->Equals(cert_2)); |
| 147 } | 166 } |
| 148 #endif | 167 #endif |
| 149 | 168 |
| 150 } // namespace net | 169 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 14254003:
Clarify that ClientCertStoreImpl::SelectClientCerts is testing-only (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src