Home | History | Annotate | Download | only in ssl 
      1 // Copyright 2013 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef NET_SSL_CLIENT_CERT_STORE_UNITTEST_INL_H_
      6 #define NET_SSL_CLIENT_CERT_STORE_UNITTEST_INL_H_
      7 
      8 #include <string>
      9 #include <vector>
     10 
     11 #include "base/files/file_path.h"
     12 #include "base/memory/ref_counted.h"
     13 #include "base/memory/scoped_ptr.h"
     14 #include "net/base/test_data_directory.h"
     15 #include "net/test/cert_test_util.h"
     16 #include "testing/gtest/include/gtest/gtest.h"
     17 
     18 namespace net {
     19 
     20 namespace {
     21 
     22 // "CN=B CA" - DER encoded DN of the issuer of client_1.pem
     23 const unsigned char kAuthority1DN[] = {
     24   0x30, 0x0f, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c,
     25   0x04, 0x42, 0x20, 0x43, 0x41
     26 };
     27 
     28 // "CN=E CA" - DER encoded DN of the issuer of client_2.pem
     29 unsigned char kAuthority2DN[] = {
     30   0x30, 0x0f, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c,
     31   0x04, 0x45, 0x20, 0x43, 0x41
     32 };
     33 
     34 }  // namespace
     35 
     36 // Use a templated test to provide common testcases for all the platform
     37 // implementations of ClientCertStore. These cases test the client cert
     38 // filtering behavior.
     39 //
     40 // NOTE: If any test cases are added, removed, or renamed, the
     41 // REGISTER_TYPED_TEST_CASE_P macro at the bottom of this file must be updated.
     42 //
     43 // The type T provided as the third argument to INSTANTIATE_TYPED_TEST_CASE_P by
     44 // the platform implementation should implement this method:
     45 // bool SelectClientCerts(const CertificateList& input_certs,
     46 //                        const SSLCertRequestInfo& cert_request_info,
     47 //                        CertificateList* selected_certs);
     48 template <typename T>
     49 class ClientCertStoreTest : public ::testing::Test {
     50  public:
     51   T delegate_;
     52 };
     53 
     54 TYPED_TEST_CASE_P(ClientCertStoreTest);
     55 
     56 TYPED_TEST_P(ClientCertStoreTest, EmptyQuery) {
     57   std::vector<scoped_refptr<X509Certificate> > certs;
     58   scoped_refptr<SSLCertRequestInfo> request(new SSLCertRequestInfo());
     59 
     60   std::vector<scoped_refptr<X509Certificate> > selected_certs;
     61   bool rv = this->delegate_.SelectClientCerts(
     62       certs, *request.get(), &selected_certs);
     63   EXPECT_TRUE(rv);
     64   EXPECT_EQ(0u, selected_certs.size());
     65 }
     66 
     67 // Verify that CertRequestInfo with empty |cert_authorities| matches all
     68 // issuers, rather than no issuers.
     69 TYPED_TEST_P(ClientCertStoreTest, AllIssuersAllowed) {
     70   scoped_refptr<X509Certificate> cert(
     71       ImportCertFromFile(GetTestCertsDirectory(), "client_1.pem"));
     72   ASSERT_TRUE(cert.get());
     73 
     74   std::vector<scoped_refptr<X509Certificate> > certs;
     75   certs.push_back(cert);
     76   scoped_refptr<SSLCertRequestInfo> request(new SSLCertRequestInfo());
     77 
     78   std::vector<scoped_refptr<X509Certificate> > selected_certs;
     79   bool rv = this->delegate_.SelectClientCerts(
     80       certs, *request.get(), &selected_certs);
     81   EXPECT_TRUE(rv);
     82   ASSERT_EQ(1u, selected_certs.size());
     83   EXPECT_TRUE(selected_certs[0]->Equals(cert.get()));
     84 }
     85 
     86 // Verify that certificates are correctly filtered against CertRequestInfo with
     87 // |cert_authorities| containing only |authority_1_DN|.
     88 TYPED_TEST_P(ClientCertStoreTest, CertAuthorityFiltering) {
     89   scoped_refptr<X509Certificate> cert_1(
     90       ImportCertFromFile(GetTestCertsDirectory(), "client_1.pem"));
     91   ASSERT_TRUE(cert_1.get());
     92   scoped_refptr<X509Certificate> cert_2(
     93       ImportCertFromFile(GetTestCertsDirectory(), "client_2.pem"));
     94   ASSERT_TRUE(cert_2.get());
     95 
     96   std::vector<std::string> authority_1(
     97       1, std::string(reinterpret_cast<const char*>(kAuthority1DN),
     98                      sizeof(kAuthority1DN)));
     99   std::vector<std::string> authority_2(
    100       1, std::string(reinterpret_cast<const char*>(kAuthority2DN),
    101                      sizeof(kAuthority2DN)));
    102   EXPECT_TRUE(cert_1->IsIssuedByEncoded(authority_1));
    103   EXPECT_FALSE(cert_1->IsIssuedByEncoded(authority_2));
    104   EXPECT_TRUE(cert_2->IsIssuedByEncoded(authority_2));
    105   EXPECT_FALSE(cert_2->IsIssuedByEncoded(authority_1));
    106 
    107   std::vector<scoped_refptr<X509Certificate> > certs;
    108   certs.push_back(cert_1);
    109   certs.push_back(cert_2);
    110   scoped_refptr<SSLCertRequestInfo> request(new SSLCertRequestInfo());
    111   request->cert_authorities = authority_1;
    112 
    113   std::vector<scoped_refptr<X509Certificate> > selected_certs;
    114   bool rv = this->delegate_.SelectClientCerts(
    115       certs, *request.get(), &selected_certs);
    116   EXPECT_TRUE(rv);
    117   ASSERT_EQ(1u, selected_certs.size());
    118   EXPECT_TRUE(selected_certs[0]->Equals(cert_1.get()));
    119 }
    120 
    121 REGISTER_TYPED_TEST_CASE_P(ClientCertStoreTest,
    122                            EmptyQuery,
    123                            AllIssuersAllowed,
    124                            CertAuthorityFiltering);
    125 
    126 }  // namespace net
    127 
    128 #endif  // NET_SSL_CLIENT_CERT_STORE_UNITTEST_INL_H_
    129