1 // Copyright (c) 2009 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "net/base/ssl_client_auth_cache.h" 6 7 #include "base/time.h" 8 #include "net/base/x509_certificate.h" 9 #include "testing/gtest/include/gtest/gtest.h" 10 11 namespace net { 12 13 TEST(SSLClientAuthCacheTest, LookupAddRemove) { 14 SSLClientAuthCache cache; 15 16 base::Time start_date = base::Time::Now(); 17 base::Time expiration_date = start_date + base::TimeDelta::FromDays(1); 18 19 std::string server1("foo1:443"); 20 scoped_refptr<X509Certificate> cert1( 21 new X509Certificate("foo1", "CA", start_date, expiration_date)); 22 23 std::string server2("foo2:443"); 24 scoped_refptr<X509Certificate> cert2( 25 new X509Certificate("foo2", "CA", start_date, expiration_date)); 26 27 std::string server3("foo3:443"); 28 scoped_refptr<X509Certificate> cert3( 29 new X509Certificate("foo3", "CA", start_date, expiration_date)); 30 31 scoped_refptr<X509Certificate> cached_cert; 32 // Lookup non-existent client certificate. 33 cached_cert = NULL; 34 EXPECT_FALSE(cache.Lookup(server1, &cached_cert)); 35 36 // Add client certificate for server1. 37 cache.Add(server1, cert1); 38 cached_cert = NULL; 39 EXPECT_TRUE(cache.Lookup(server1, &cached_cert)); 40 EXPECT_EQ(cert1, cached_cert); 41 42 // Add client certificate for server2. 43 cache.Add(server2, cert2); 44 cached_cert = NULL; 45 EXPECT_TRUE(cache.Lookup(server1, &cached_cert)); 46 EXPECT_EQ(cert1, cached_cert.get()); 47 cached_cert = NULL; 48 EXPECT_TRUE(cache.Lookup(server2, &cached_cert)); 49 EXPECT_EQ(cert2, cached_cert); 50 51 // Overwrite the client certificate for server1. 52 cache.Add(server1, cert3); 53 cached_cert = NULL; 54 EXPECT_TRUE(cache.Lookup(server1, &cached_cert)); 55 EXPECT_EQ(cert3, cached_cert); 56 cached_cert = NULL; 57 EXPECT_TRUE(cache.Lookup(server2, &cached_cert)); 58 EXPECT_EQ(cert2, cached_cert); 59 60 // Remove client certificate of server1. 61 cache.Remove(server1); 62 cached_cert = NULL; 63 EXPECT_FALSE(cache.Lookup(server1, &cached_cert)); 64 cached_cert = NULL; 65 EXPECT_TRUE(cache.Lookup(server2, &cached_cert)); 66 EXPECT_EQ(cert2, cached_cert); 67 68 // Remove non-existent client certificate. 69 cache.Remove(server1); 70 cached_cert = NULL; 71 EXPECT_FALSE(cache.Lookup(server1, &cached_cert)); 72 cached_cert = NULL; 73 EXPECT_TRUE(cache.Lookup(server2, &cached_cert)); 74 EXPECT_EQ(cert2, cached_cert); 75 } 76 77 // Check that if the server differs only by port number, it is considered 78 // a separate server. 79 TEST(SSLClientAuthCacheTest, LookupWithPort) { 80 SSLClientAuthCache cache; 81 82 base::Time start_date = base::Time::Now(); 83 base::Time expiration_date = start_date + base::TimeDelta::FromDays(1); 84 85 std::string server1("foo:443"); 86 scoped_refptr<X509Certificate> cert1( 87 new X509Certificate("foo", "CA", start_date, expiration_date)); 88 89 std::string server2("foo:8443"); 90 scoped_refptr<X509Certificate> cert2( 91 new X509Certificate("foo", "CA", start_date, expiration_date)); 92 93 cache.Add(server1, cert1.get()); 94 cache.Add(server2, cert2.get()); 95 96 scoped_refptr<X509Certificate> cached_cert; 97 EXPECT_TRUE(cache.Lookup(server1, &cached_cert)); 98 EXPECT_EQ(cert1.get(), cached_cert); 99 EXPECT_TRUE(cache.Lookup(server2, &cached_cert)); 100 EXPECT_EQ(cert2.get(), cached_cert); 101 } 102 103 // Check that the a NULL certificate, indicating the user has declined to send 104 // a certificate, is properly cached. 105 TEST(SSLClientAuthCacheTest, LookupNullPreference) { 106 SSLClientAuthCache cache; 107 base::Time start_date = base::Time::Now(); 108 base::Time expiration_date = start_date + base::TimeDelta::FromDays(1); 109 110 std::string server1("foo:443"); 111 scoped_refptr<X509Certificate> cert1( 112 new X509Certificate("foo", "CA", start_date, expiration_date)); 113 114 cache.Add(server1, NULL); 115 116 scoped_refptr<X509Certificate> cached_cert(cert1); 117 // Make sure that |cached_cert| is updated to NULL, indicating the user 118 // declined to send a certificate to |server1|. 119 EXPECT_TRUE(cache.Lookup(server1, &cached_cert)); 120 EXPECT_EQ(NULL, cached_cert.get()); 121 122 // Remove the existing cached certificate. 123 cache.Remove(server1); 124 cached_cert = NULL; 125 EXPECT_FALSE(cache.Lookup(server1, &cached_cert)); 126 127 // Add a new preference for a specific certificate. 128 cache.Add(server1, cert1); 129 cached_cert = NULL; 130 EXPECT_TRUE(cache.Lookup(server1, &cached_cert)); 131 EXPECT_EQ(cert1, cached_cert); 132 133 // Replace the specific preference with a NULL certificate. 134 cache.Add(server1, NULL); 135 cached_cert = NULL; 136 EXPECT_TRUE(cache.Lookup(server1, &cached_cert)); 137 EXPECT_EQ(NULL, cached_cert.get()); 138 } 139 140 // Check that the OnUserCertAdded() method removes all cache entries. 141 TEST(SSLClientAuthCacheTest, OnUserCertAdded) { 142 SSLClientAuthCache cache; 143 base::Time start_date = base::Time::Now(); 144 base::Time expiration_date = start_date + base::TimeDelta::FromDays(1); 145 146 std::string server1("foo:443"); 147 scoped_refptr<X509Certificate> cert1( 148 new X509Certificate("foo", "CA", start_date, expiration_date)); 149 150 cache.Add(server1, cert1); 151 152 std::string server2("foo2:443"); 153 cache.Add(server2, NULL); 154 155 scoped_refptr<X509Certificate> cached_cert; 156 157 // Demonstrate the set up is correct. 158 EXPECT_TRUE(cache.Lookup(server1, &cached_cert)); 159 EXPECT_EQ(cert1, cached_cert); 160 161 EXPECT_TRUE(cache.Lookup(server2, &cached_cert)); 162 EXPECT_EQ(NULL, cached_cert.get()); 163 164 cache.OnUserCertAdded(NULL); 165 166 // Check that we no longer have entries for either server. 167 EXPECT_FALSE(cache.Lookup(server1, &cached_cert)); 168 EXPECT_FALSE(cache.Lookup(server2, &cached_cert)); 169 } 170 171 } // namespace net 172
