OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/base/default_origin_bound_cert_store.h" | 5 #include "net/base/default_origin_bound_cert_store.h" |
6 | 6 |
7 #include <map> | 7 #include <map> |
8 #include <string> | 8 #include <string> |
9 #include <vector> | 9 #include <vector> |
10 | 10 |
11 #include "base/bind.h" | 11 #include "base/bind.h" |
12 #include "base/compiler_specific.h" | 12 #include "base/compiler_specific.h" |
13 #include "base/logging.h" | 13 #include "base/logging.h" |
14 #include "base/memory/scoped_ptr.h" | 14 #include "base/memory/scoped_ptr.h" |
15 #include "testing/gtest/include/gtest/gtest.h" | 15 #include "testing/gtest/include/gtest/gtest.h" |
16 | 16 |
17 namespace net { | 17 namespace net { |
18 | 18 |
19 class MockPersistentStore | 19 class MockPersistentStore |
20 : public DefaultOriginBoundCertStore::PersistentStore { | 20 : public DefaultServerBoundCertStore::PersistentStore { |
21 public: | 21 public: |
22 MockPersistentStore(); | 22 MockPersistentStore(); |
23 virtual ~MockPersistentStore(); | 23 virtual ~MockPersistentStore(); |
24 | 24 |
25 // DefaultOriginBoundCertStore::PersistentStore implementation. | 25 // DefaultServerBoundCertStore::PersistentStore implementation. |
26 virtual bool Load( | 26 virtual bool Load( |
27 std::vector<DefaultOriginBoundCertStore::OriginBoundCert*>* certs) | 27 std::vector<DefaultServerBoundCertStore::ServerBoundCert*>* certs) |
28 OVERRIDE; | 28 OVERRIDE; |
29 virtual void AddOriginBoundCert( | 29 virtual void AddServerBoundCert( |
30 const DefaultOriginBoundCertStore::OriginBoundCert& cert) OVERRIDE; | 30 const DefaultServerBoundCertStore::ServerBoundCert& cert) OVERRIDE; |
31 virtual void DeleteOriginBoundCert( | 31 virtual void DeleteServerBoundCert( |
32 const DefaultOriginBoundCertStore::OriginBoundCert& cert) OVERRIDE; | 32 const DefaultServerBoundCertStore::ServerBoundCert& cert) OVERRIDE; |
33 virtual void SetClearLocalStateOnExit(bool clear_local_state) OVERRIDE; | 33 virtual void SetClearLocalStateOnExit(bool clear_local_state) OVERRIDE; |
34 virtual void Flush(const base::Closure& completion_task) OVERRIDE; | 34 virtual void Flush(const base::Closure& completion_task) OVERRIDE; |
35 | 35 |
36 private: | 36 private: |
37 typedef std::map<std::string, DefaultOriginBoundCertStore::OriginBoundCert> | 37 typedef std::map<std::string, DefaultServerBoundCertStore::ServerBoundCert> |
38 OriginBoundCertMap; | 38 ServerBoundCertMap; |
39 | 39 |
40 OriginBoundCertMap origin_certs_; | 40 ServerBoundCertMap origin_certs_; |
41 }; | 41 }; |
42 | 42 |
43 MockPersistentStore::MockPersistentStore() {} | 43 MockPersistentStore::MockPersistentStore() {} |
44 | 44 |
45 MockPersistentStore::~MockPersistentStore() {} | 45 MockPersistentStore::~MockPersistentStore() {} |
46 | 46 |
47 bool MockPersistentStore::Load( | 47 bool MockPersistentStore::Load( |
48 std::vector<DefaultOriginBoundCertStore::OriginBoundCert*>* certs) { | 48 std::vector<DefaultServerBoundCertStore::ServerBoundCert*>* certs) { |
49 OriginBoundCertMap::iterator it; | 49 ServerBoundCertMap::iterator it; |
50 | 50 |
51 for (it = origin_certs_.begin(); it != origin_certs_.end(); ++it) { | 51 for (it = origin_certs_.begin(); it != origin_certs_.end(); ++it) { |
52 certs->push_back( | 52 certs->push_back( |
53 new DefaultOriginBoundCertStore::OriginBoundCert(it->second)); | 53 new DefaultServerBoundCertStore::ServerBoundCert(it->second)); |
54 } | 54 } |
55 | 55 |
56 return true; | 56 return true; |
57 } | 57 } |
58 | 58 |
59 void MockPersistentStore::AddOriginBoundCert( | 59 void MockPersistentStore::AddServerBoundCert( |
60 const DefaultOriginBoundCertStore::OriginBoundCert& cert) { | 60 const DefaultServerBoundCertStore::ServerBoundCert& cert) { |
61 origin_certs_[cert.origin()] = cert; | 61 origin_certs_[cert.server_identifier()] = cert; |
62 } | 62 } |
63 | 63 |
64 void MockPersistentStore::DeleteOriginBoundCert( | 64 void MockPersistentStore::DeleteServerBoundCert( |
65 const DefaultOriginBoundCertStore::OriginBoundCert& cert) { | 65 const DefaultServerBoundCertStore::ServerBoundCert& cert) { |
66 origin_certs_.erase(cert.origin()); | 66 origin_certs_.erase(cert.server_identifier()); |
67 } | 67 } |
68 | 68 |
69 void MockPersistentStore::SetClearLocalStateOnExit(bool clear_local_state) {} | 69 void MockPersistentStore::SetClearLocalStateOnExit(bool clear_local_state) {} |
70 | 70 |
71 void MockPersistentStore::Flush(const base::Closure& completion_task) { | 71 void MockPersistentStore::Flush(const base::Closure& completion_task) { |
72 NOTREACHED(); | 72 NOTREACHED(); |
73 } | 73 } |
74 | 74 |
75 TEST(DefaultOriginBoundCertStoreTest, TestLoading) { | 75 TEST(DefaultServerBoundCertStoreTest, TestLoading) { |
76 scoped_refptr<MockPersistentStore> persistent_store(new MockPersistentStore); | 76 scoped_refptr<MockPersistentStore> persistent_store(new MockPersistentStore); |
77 | 77 |
78 persistent_store->AddOriginBoundCert( | 78 persistent_store->AddServerBoundCert( |
79 DefaultOriginBoundCertStore::OriginBoundCert( | 79 DefaultServerBoundCertStore::ServerBoundCert( |
80 "https://encrypted.google.com/", | 80 "google.com", |
81 CLIENT_CERT_RSA_SIGN, | 81 CLIENT_CERT_RSA_SIGN, |
82 base::Time(), | 82 base::Time(), |
83 base::Time(), | 83 base::Time(), |
84 "a", "b")); | 84 "a", "b")); |
85 persistent_store->AddOriginBoundCert( | 85 persistent_store->AddServerBoundCert( |
86 DefaultOriginBoundCertStore::OriginBoundCert( | 86 DefaultServerBoundCertStore::ServerBoundCert( |
87 "https://www.verisign.com/", | 87 "verisign.com", |
88 CLIENT_CERT_ECDSA_SIGN, | 88 CLIENT_CERT_ECDSA_SIGN, |
89 base::Time(), | 89 base::Time(), |
90 base::Time(), | 90 base::Time(), |
91 "c", "d")); | 91 "c", "d")); |
92 | 92 |
93 // Make sure certs load properly. | 93 // Make sure certs load properly. |
94 DefaultOriginBoundCertStore store(persistent_store.get()); | 94 DefaultServerBoundCertStore store(persistent_store.get()); |
95 EXPECT_EQ(2, store.GetCertCount()); | 95 EXPECT_EQ(2, store.GetCertCount()); |
96 store.SetOriginBoundCert( | 96 store.SetServerBoundCert( |
97 "https://www.verisign.com/", | 97 "verisign.com", |
98 CLIENT_CERT_RSA_SIGN, | 98 CLIENT_CERT_RSA_SIGN, |
99 base::Time(), | 99 base::Time(), |
100 base::Time(), | 100 base::Time(), |
101 "e", "f"); | 101 "e", "f"); |
102 EXPECT_EQ(2, store.GetCertCount()); | 102 EXPECT_EQ(2, store.GetCertCount()); |
103 store.SetOriginBoundCert( | 103 store.SetServerBoundCert( |
104 "https://www.twitter.com/", | 104 "twitter.com", |
105 CLIENT_CERT_RSA_SIGN, | 105 CLIENT_CERT_RSA_SIGN, |
106 base::Time(), | 106 base::Time(), |
107 base::Time(), | 107 base::Time(), |
108 "g", "h"); | 108 "g", "h"); |
109 EXPECT_EQ(3, store.GetCertCount()); | 109 EXPECT_EQ(3, store.GetCertCount()); |
110 } | 110 } |
111 | 111 |
112 TEST(DefaultOriginBoundCertStoreTest, TestSettingAndGetting) { | 112 TEST(DefaultServerBoundCertStoreTest, TestSettingAndGetting) { |
113 DefaultOriginBoundCertStore store(NULL); | 113 DefaultServerBoundCertStore store(NULL); |
114 SSLClientCertType type; | 114 SSLClientCertType type; |
115 base::Time creation_time; | 115 base::Time creation_time; |
116 base::Time expiration_time; | 116 base::Time expiration_time; |
117 std::string private_key, cert; | 117 std::string private_key, cert; |
118 EXPECT_EQ(0, store.GetCertCount()); | 118 EXPECT_EQ(0, store.GetCertCount()); |
119 EXPECT_FALSE(store.GetOriginBoundCert("https://www.verisign.com/", | 119 EXPECT_FALSE(store.GetServerBoundCert("verisign.com", |
120 &type, | 120 &type, |
121 &creation_time, | 121 &creation_time, |
122 &expiration_time, | 122 &expiration_time, |
123 &private_key, | 123 &private_key, |
124 &cert)); | 124 &cert)); |
125 EXPECT_TRUE(private_key.empty()); | 125 EXPECT_TRUE(private_key.empty()); |
126 EXPECT_TRUE(cert.empty()); | 126 EXPECT_TRUE(cert.empty()); |
127 store.SetOriginBoundCert( | 127 store.SetServerBoundCert( |
128 "https://www.verisign.com/", | 128 "verisign.com", |
129 CLIENT_CERT_RSA_SIGN, | 129 CLIENT_CERT_RSA_SIGN, |
130 base::Time::FromInternalValue(123), | 130 base::Time::FromInternalValue(123), |
131 base::Time::FromInternalValue(456), | 131 base::Time::FromInternalValue(456), |
132 "i", "j"); | 132 "i", "j"); |
133 EXPECT_TRUE(store.GetOriginBoundCert("https://www.verisign.com/", | 133 EXPECT_TRUE(store.GetServerBoundCert("verisign.com", |
134 &type, | 134 &type, |
135 &creation_time, | 135 &creation_time, |
136 &expiration_time, | 136 &expiration_time, |
137 &private_key, | 137 &private_key, |
138 &cert)); | 138 &cert)); |
139 EXPECT_EQ(CLIENT_CERT_RSA_SIGN, type); | 139 EXPECT_EQ(CLIENT_CERT_RSA_SIGN, type); |
140 EXPECT_EQ(123, creation_time.ToInternalValue()); | 140 EXPECT_EQ(123, creation_time.ToInternalValue()); |
141 EXPECT_EQ(456, expiration_time.ToInternalValue()); | 141 EXPECT_EQ(456, expiration_time.ToInternalValue()); |
142 EXPECT_EQ("i", private_key); | 142 EXPECT_EQ("i", private_key); |
143 EXPECT_EQ("j", cert); | 143 EXPECT_EQ("j", cert); |
144 } | 144 } |
145 | 145 |
146 TEST(DefaultOriginBoundCertStoreTest, TestDuplicateCerts) { | 146 TEST(DefaultServerBoundCertStoreTest, TestDuplicateCerts) { |
147 scoped_refptr<MockPersistentStore> persistent_store(new MockPersistentStore); | 147 scoped_refptr<MockPersistentStore> persistent_store(new MockPersistentStore); |
148 DefaultOriginBoundCertStore store(persistent_store.get()); | 148 DefaultServerBoundCertStore store(persistent_store.get()); |
149 | 149 |
150 SSLClientCertType type; | 150 SSLClientCertType type; |
151 base::Time creation_time; | 151 base::Time creation_time; |
152 base::Time expiration_time; | 152 base::Time expiration_time; |
153 std::string private_key, cert; | 153 std::string private_key, cert; |
154 EXPECT_EQ(0, store.GetCertCount()); | 154 EXPECT_EQ(0, store.GetCertCount()); |
155 store.SetOriginBoundCert( | 155 store.SetServerBoundCert( |
156 "https://www.verisign.com/", | 156 "verisign.com", |
157 CLIENT_CERT_RSA_SIGN, | 157 CLIENT_CERT_RSA_SIGN, |
158 base::Time::FromInternalValue(123), | 158 base::Time::FromInternalValue(123), |
159 base::Time::FromInternalValue(1234), | 159 base::Time::FromInternalValue(1234), |
160 "a", "b"); | 160 "a", "b"); |
161 store.SetOriginBoundCert( | 161 store.SetServerBoundCert( |
162 "https://www.verisign.com/", | 162 "verisign.com", |
163 CLIENT_CERT_ECDSA_SIGN, | 163 CLIENT_CERT_ECDSA_SIGN, |
164 base::Time::FromInternalValue(456), | 164 base::Time::FromInternalValue(456), |
165 base::Time::FromInternalValue(4567), | 165 base::Time::FromInternalValue(4567), |
166 "c", "d"); | 166 "c", "d"); |
167 | 167 |
168 EXPECT_EQ(1, store.GetCertCount()); | 168 EXPECT_EQ(1, store.GetCertCount()); |
169 EXPECT_TRUE(store.GetOriginBoundCert("https://www.verisign.com/", | 169 EXPECT_TRUE(store.GetServerBoundCert("verisign.com", |
170 &type, | 170 &type, |
171 &creation_time, | 171 &creation_time, |
172 &expiration_time, | 172 &expiration_time, |
173 &private_key, | 173 &private_key, |
174 &cert)); | 174 &cert)); |
175 EXPECT_EQ(CLIENT_CERT_ECDSA_SIGN, type); | 175 EXPECT_EQ(CLIENT_CERT_ECDSA_SIGN, type); |
176 EXPECT_EQ(456, creation_time.ToInternalValue()); | 176 EXPECT_EQ(456, creation_time.ToInternalValue()); |
177 EXPECT_EQ(4567, expiration_time.ToInternalValue()); | 177 EXPECT_EQ(4567, expiration_time.ToInternalValue()); |
178 EXPECT_EQ("c", private_key); | 178 EXPECT_EQ("c", private_key); |
179 EXPECT_EQ("d", cert); | 179 EXPECT_EQ("d", cert); |
180 } | 180 } |
181 | 181 |
182 TEST(DefaultOriginBoundCertStoreTest, TestDeleteAll) { | 182 TEST(DefaultServerBoundCertStoreTest, TestDeleteAll) { |
183 scoped_refptr<MockPersistentStore> persistent_store(new MockPersistentStore); | 183 scoped_refptr<MockPersistentStore> persistent_store(new MockPersistentStore); |
184 DefaultOriginBoundCertStore store(persistent_store.get()); | 184 DefaultServerBoundCertStore store(persistent_store.get()); |
185 | 185 |
186 EXPECT_EQ(0, store.GetCertCount()); | 186 EXPECT_EQ(0, store.GetCertCount()); |
187 store.SetOriginBoundCert( | 187 store.SetServerBoundCert( |
188 "https://www.verisign.com/", | 188 "verisign.com", |
189 CLIENT_CERT_RSA_SIGN, | 189 CLIENT_CERT_RSA_SIGN, |
190 base::Time(), | 190 base::Time(), |
191 base::Time(), | 191 base::Time(), |
192 "a", "b"); | 192 "a", "b"); |
193 store.SetOriginBoundCert( | 193 store.SetServerBoundCert( |
194 "https://www.google.com/", | 194 "google.com", |
195 CLIENT_CERT_RSA_SIGN, | 195 CLIENT_CERT_RSA_SIGN, |
196 base::Time(), | 196 base::Time(), |
197 base::Time(), | 197 base::Time(), |
198 "c", "d"); | 198 "c", "d"); |
199 store.SetOriginBoundCert( | 199 store.SetServerBoundCert( |
200 "https://www.harvard.com/", | 200 "harvard.com", |
201 CLIENT_CERT_RSA_SIGN, | 201 CLIENT_CERT_RSA_SIGN, |
202 base::Time(), | 202 base::Time(), |
203 base::Time(), | 203 base::Time(), |
204 "e", "f"); | 204 "e", "f"); |
205 | 205 |
206 EXPECT_EQ(3, store.GetCertCount()); | 206 EXPECT_EQ(3, store.GetCertCount()); |
207 store.DeleteAll(); | 207 store.DeleteAll(); |
208 EXPECT_EQ(0, store.GetCertCount()); | 208 EXPECT_EQ(0, store.GetCertCount()); |
209 } | 209 } |
210 | 210 |
211 TEST(DefaultOriginBoundCertStoreTest, TestDelete) { | 211 TEST(DefaultServerBoundCertStoreTest, TestDelete) { |
212 scoped_refptr<MockPersistentStore> persistent_store(new MockPersistentStore); | 212 scoped_refptr<MockPersistentStore> persistent_store(new MockPersistentStore); |
213 DefaultOriginBoundCertStore store(persistent_store.get()); | 213 DefaultServerBoundCertStore store(persistent_store.get()); |
214 | 214 |
215 SSLClientCertType type; | 215 SSLClientCertType type; |
216 base::Time creation_time; | 216 base::Time creation_time; |
217 base::Time expiration_time; | 217 base::Time expiration_time; |
218 std::string private_key, cert; | 218 std::string private_key, cert; |
219 EXPECT_EQ(0, store.GetCertCount()); | 219 EXPECT_EQ(0, store.GetCertCount()); |
220 store.SetOriginBoundCert( | 220 store.SetServerBoundCert( |
221 "https://www.verisign.com/", | 221 "verisign.com", |
222 CLIENT_CERT_RSA_SIGN, | 222 CLIENT_CERT_RSA_SIGN, |
223 base::Time(), | 223 base::Time(), |
224 base::Time(), | 224 base::Time(), |
225 "a", "b"); | 225 "a", "b"); |
226 store.SetOriginBoundCert( | 226 store.SetServerBoundCert( |
227 "https://www.google.com/", | 227 "google.com", |
228 CLIENT_CERT_ECDSA_SIGN, | 228 CLIENT_CERT_ECDSA_SIGN, |
229 base::Time(), | 229 base::Time(), |
230 base::Time(), | 230 base::Time(), |
231 "c", "d"); | 231 "c", "d"); |
232 | 232 |
233 EXPECT_EQ(2, store.GetCertCount()); | 233 EXPECT_EQ(2, store.GetCertCount()); |
234 store.DeleteOriginBoundCert("https://www.verisign.com/"); | 234 store.DeleteServerBoundCert("verisign.com"); |
235 EXPECT_EQ(1, store.GetCertCount()); | 235 EXPECT_EQ(1, store.GetCertCount()); |
236 EXPECT_FALSE(store.GetOriginBoundCert("https://www.verisign.com/", | 236 EXPECT_FALSE(store.GetServerBoundCert("verisign.com", |
237 &type, | 237 &type, |
238 &creation_time, | 238 &creation_time, |
239 &expiration_time, | 239 &expiration_time, |
240 &private_key, | 240 &private_key, |
241 &cert)); | 241 &cert)); |
242 EXPECT_TRUE(store.GetOriginBoundCert("https://www.google.com/", | 242 EXPECT_TRUE(store.GetServerBoundCert("google.com", |
243 &type, | 243 &type, |
244 &creation_time, | 244 &creation_time, |
245 &expiration_time, | 245 &expiration_time, |
246 &private_key, | 246 &private_key, |
247 &cert)); | 247 &cert)); |
248 store.DeleteOriginBoundCert("https://www.google.com/"); | 248 store.DeleteServerBoundCert("google.com"); |
249 EXPECT_EQ(0, store.GetCertCount()); | 249 EXPECT_EQ(0, store.GetCertCount()); |
250 EXPECT_FALSE(store.GetOriginBoundCert("https://www.google.com/", | 250 EXPECT_FALSE(store.GetServerBoundCert("google.com", |
251 &type, | 251 &type, |
252 &creation_time, | 252 &creation_time, |
253 &expiration_time, | 253 &expiration_time, |
254 &private_key, | 254 &private_key, |
255 &cert)); | 255 &cert)); |
256 } | 256 } |
257 | 257 |
258 TEST(DefaultOriginBoundCertStoreTest, TestGetAll) { | 258 TEST(DefaultServerBoundCertStoreTest, TestGetAll) { |
259 scoped_refptr<MockPersistentStore> persistent_store(new MockPersistentStore); | 259 scoped_refptr<MockPersistentStore> persistent_store(new MockPersistentStore); |
260 DefaultOriginBoundCertStore store(persistent_store.get()); | 260 DefaultServerBoundCertStore store(persistent_store.get()); |
261 | 261 |
262 EXPECT_EQ(0, store.GetCertCount()); | 262 EXPECT_EQ(0, store.GetCertCount()); |
263 store.SetOriginBoundCert( | 263 store.SetServerBoundCert( |
264 "https://www.verisign.com/", | 264 "verisign.com", |
265 CLIENT_CERT_RSA_SIGN, | 265 CLIENT_CERT_RSA_SIGN, |
266 base::Time(), | 266 base::Time(), |
267 base::Time(), | 267 base::Time(), |
268 "a", "b"); | 268 "a", "b"); |
269 store.SetOriginBoundCert( | 269 store.SetServerBoundCert( |
270 "https://www.google.com/", | 270 "google.com", |
271 CLIENT_CERT_ECDSA_SIGN, | 271 CLIENT_CERT_ECDSA_SIGN, |
272 base::Time(), | 272 base::Time(), |
273 base::Time(), | 273 base::Time(), |
274 "c", "d"); | 274 "c", "d"); |
275 store.SetOriginBoundCert( | 275 store.SetServerBoundCert( |
276 "https://www.harvard.com/", | 276 "harvard.com", |
277 CLIENT_CERT_RSA_SIGN, | 277 CLIENT_CERT_RSA_SIGN, |
278 base::Time(), | 278 base::Time(), |
279 base::Time(), | 279 base::Time(), |
280 "e", "f"); | 280 "e", "f"); |
281 store.SetOriginBoundCert( | 281 store.SetServerBoundCert( |
282 "https://www.mit.com/", | 282 "mit.com", |
283 CLIENT_CERT_RSA_SIGN, | 283 CLIENT_CERT_RSA_SIGN, |
284 base::Time(), | 284 base::Time(), |
285 base::Time(), | 285 base::Time(), |
286 "g", "h"); | 286 "g", "h"); |
287 | 287 |
288 EXPECT_EQ(4, store.GetCertCount()); | 288 EXPECT_EQ(4, store.GetCertCount()); |
289 std::vector<OriginBoundCertStore::OriginBoundCert> certs; | 289 std::vector<ServerBoundCertStore::ServerBoundCert> certs; |
290 store.GetAllOriginBoundCerts(&certs); | 290 store.GetAllServerBoundCerts(&certs); |
291 EXPECT_EQ(4u, certs.size()); | 291 EXPECT_EQ(4u, certs.size()); |
292 } | 292 } |
293 | 293 |
294 } // namespace net | 294 } // namespace net |
OLD | NEW |