Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 1 | // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
| 5 | #include "net/ssl/server_bound_cert_service.h" |
| 6 | |
| 7 | #include <string> |
| 8 | #include <vector> |
| 9 | |
| 10 | #include "base/bind.h" |
| 11 | #include "base/memory/scoped_ptr.h" |
Ben Murdoch | 9ab5563 | 2013-07-18 11:57:30 +0100 | [diff] [blame] | 12 | #include "base/message_loop/message_loop.h" |
Ben Murdoch | bb1529c | 2013-08-08 10:24:53 +0100 | [diff] [blame^] | 13 | #include "base/task_runner.h" |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 14 | #include "base/threading/sequenced_worker_pool.h" |
| 15 | #include "crypto/ec_private_key.h" |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 16 | #include "net/base/net_errors.h" |
| 17 | #include "net/base/test_completion_callback.h" |
Torne (Richard Coles) | c2e0dbd | 2013-05-09 18:35:53 +0100 | [diff] [blame] | 18 | #include "net/cert/asn1_util.h" |
| 19 | #include "net/cert/x509_certificate.h" |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 20 | #include "net/ssl/default_server_bound_cert_store.h" |
| 21 | #include "testing/gtest/include/gtest/gtest.h" |
| 22 | |
| 23 | namespace net { |
| 24 | |
| 25 | namespace { |
| 26 | |
| 27 | void FailTest(int /* result */) { |
| 28 | FAIL(); |
| 29 | } |
| 30 | |
| 31 | class ServerBoundCertServiceTest : public testing::Test { |
Torne (Richard Coles) | b2df76e | 2013-05-13 16:52:09 +0100 | [diff] [blame] | 32 | public: |
| 33 | ServerBoundCertServiceTest() |
| 34 | : sequenced_worker_pool_(new base::SequencedWorkerPool( |
| 35 | 3, "ServerBoundCertServiceTest")), |
| 36 | service_(new ServerBoundCertService( |
| 37 | new DefaultServerBoundCertStore(NULL), |
| 38 | sequenced_worker_pool_)) { |
| 39 | } |
| 40 | |
| 41 | virtual ~ServerBoundCertServiceTest() { |
Torne (Richard Coles) | 868fa2f | 2013-06-11 10:57:03 +0100 | [diff] [blame] | 42 | if (sequenced_worker_pool_.get()) |
Torne (Richard Coles) | b2df76e | 2013-05-13 16:52:09 +0100 | [diff] [blame] | 43 | sequenced_worker_pool_->Shutdown(); |
| 44 | } |
| 45 | |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 46 | protected: |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 47 | scoped_refptr<base::SequencedWorkerPool> sequenced_worker_pool_; |
| 48 | scoped_ptr<ServerBoundCertService> service_; |
| 49 | }; |
| 50 | |
Ben Murdoch | bb1529c | 2013-08-08 10:24:53 +0100 | [diff] [blame^] | 51 | class MockServerBoundCertStoreWithAsyncGet |
| 52 | : public DefaultServerBoundCertStore { |
| 53 | public: |
| 54 | MockServerBoundCertStoreWithAsyncGet() |
| 55 | : DefaultServerBoundCertStore(NULL), cert_count_(0) {} |
| 56 | |
| 57 | virtual int GetServerBoundCert(const std::string& server_identifier, |
| 58 | base::Time* expiration_time, |
| 59 | std::string* private_key_result, |
| 60 | std::string* cert_result, |
| 61 | const GetCertCallback& callback) OVERRIDE; |
| 62 | |
| 63 | virtual void SetServerBoundCert(const std::string& server_identifier, |
| 64 | base::Time creation_time, |
| 65 | base::Time expiration_time, |
| 66 | const std::string& private_key, |
| 67 | const std::string& cert) OVERRIDE { |
| 68 | cert_count_ = 1; |
| 69 | } |
| 70 | |
| 71 | virtual int GetCertCount() OVERRIDE { return cert_count_; } |
| 72 | |
| 73 | void CallGetServerBoundCertCallbackWithResult(int err, |
| 74 | base::Time expiration_time, |
| 75 | const std::string& private_key, |
| 76 | const std::string& cert); |
| 77 | |
| 78 | private: |
| 79 | GetCertCallback callback_; |
| 80 | std::string server_identifier_; |
| 81 | int cert_count_; |
| 82 | }; |
| 83 | |
| 84 | int MockServerBoundCertStoreWithAsyncGet::GetServerBoundCert( |
| 85 | const std::string& server_identifier, |
| 86 | base::Time* expiration_time, |
| 87 | std::string* private_key_result, |
| 88 | std::string* cert_result, |
| 89 | const GetCertCallback& callback) { |
| 90 | server_identifier_ = server_identifier; |
| 91 | callback_ = callback; |
| 92 | // Reset the cert count, it'll get incremented in either SetServerBoundCert or |
| 93 | // CallGetServerBoundCertCallbackWithResult. |
| 94 | cert_count_ = 0; |
| 95 | // Do nothing else: the results to be provided will be specified through |
| 96 | // CallGetServerBoundCertCallbackWithResult. |
| 97 | return ERR_IO_PENDING; |
| 98 | } |
| 99 | |
| 100 | void |
| 101 | MockServerBoundCertStoreWithAsyncGet::CallGetServerBoundCertCallbackWithResult( |
| 102 | int err, |
| 103 | base::Time expiration_time, |
| 104 | const std::string& private_key, |
| 105 | const std::string& cert) { |
| 106 | if (err == OK) |
| 107 | cert_count_ = 1; |
| 108 | callback_.Run(err, server_identifier_, expiration_time, private_key, cert); |
| 109 | } |
| 110 | |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 111 | TEST_F(ServerBoundCertServiceTest, GetDomainForHost) { |
| 112 | EXPECT_EQ("google.com", |
| 113 | ServerBoundCertService::GetDomainForHost("google.com")); |
| 114 | EXPECT_EQ("google.com", |
| 115 | ServerBoundCertService::GetDomainForHost("www.google.com")); |
Torne (Richard Coles) | 90dce4d | 2013-05-29 14:40:03 +0100 | [diff] [blame] | 116 | EXPECT_EQ("foo.appspot.com", |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 117 | ServerBoundCertService::GetDomainForHost("foo.appspot.com")); |
Torne (Richard Coles) | 90dce4d | 2013-05-29 14:40:03 +0100 | [diff] [blame] | 118 | EXPECT_EQ("bar.appspot.com", |
| 119 | ServerBoundCertService::GetDomainForHost("foo.bar.appspot.com")); |
| 120 | EXPECT_EQ("appspot.com", |
| 121 | ServerBoundCertService::GetDomainForHost("appspot.com")); |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 122 | EXPECT_EQ("google.com", |
| 123 | ServerBoundCertService::GetDomainForHost("www.mail.google.com")); |
| 124 | EXPECT_EQ("goto", |
| 125 | ServerBoundCertService::GetDomainForHost("goto")); |
| 126 | EXPECT_EQ("127.0.0.1", |
| 127 | ServerBoundCertService::GetDomainForHost("127.0.0.1")); |
| 128 | } |
| 129 | |
| 130 | // See http://crbug.com/91512 - implement OpenSSL version of CreateSelfSigned. |
| 131 | #if !defined(USE_OPENSSL) |
| 132 | |
| 133 | TEST_F(ServerBoundCertServiceTest, CacheHit) { |
Torne (Richard Coles) | c2e0dbd | 2013-05-09 18:35:53 +0100 | [diff] [blame] | 134 | std::string host("encrypted.google.com"); |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 135 | |
| 136 | int error; |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 137 | TestCompletionCallback callback; |
| 138 | ServerBoundCertService::RequestHandle request_handle; |
| 139 | |
| 140 | // Asynchronous completion. |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 141 | std::string private_key_info1, der_cert1; |
| 142 | EXPECT_EQ(0, service_->cert_count()); |
| 143 | error = service_->GetDomainBoundCert( |
Ben Murdoch | bb1529c | 2013-08-08 10:24:53 +0100 | [diff] [blame^] | 144 | host, &private_key_info1, &der_cert1, |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 145 | callback.callback(), &request_handle); |
| 146 | EXPECT_EQ(ERR_IO_PENDING, error); |
| 147 | EXPECT_TRUE(request_handle.is_active()); |
| 148 | error = callback.WaitForResult(); |
| 149 | EXPECT_EQ(OK, error); |
| 150 | EXPECT_EQ(1, service_->cert_count()); |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 151 | EXPECT_FALSE(private_key_info1.empty()); |
| 152 | EXPECT_FALSE(der_cert1.empty()); |
| 153 | EXPECT_FALSE(request_handle.is_active()); |
| 154 | |
| 155 | // Synchronous completion. |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 156 | std::string private_key_info2, der_cert2; |
| 157 | error = service_->GetDomainBoundCert( |
Ben Murdoch | bb1529c | 2013-08-08 10:24:53 +0100 | [diff] [blame^] | 158 | host, &private_key_info2, &der_cert2, |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 159 | callback.callback(), &request_handle); |
| 160 | EXPECT_FALSE(request_handle.is_active()); |
| 161 | EXPECT_EQ(OK, error); |
| 162 | EXPECT_EQ(1, service_->cert_count()); |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 163 | EXPECT_EQ(private_key_info1, private_key_info2); |
| 164 | EXPECT_EQ(der_cert1, der_cert2); |
| 165 | |
| 166 | EXPECT_EQ(2u, service_->requests()); |
| 167 | EXPECT_EQ(1u, service_->cert_store_hits()); |
| 168 | EXPECT_EQ(0u, service_->inflight_joins()); |
| 169 | } |
| 170 | |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 171 | TEST_F(ServerBoundCertServiceTest, StoreCerts) { |
| 172 | int error; |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 173 | TestCompletionCallback callback; |
| 174 | ServerBoundCertService::RequestHandle request_handle; |
| 175 | |
Torne (Richard Coles) | c2e0dbd | 2013-05-09 18:35:53 +0100 | [diff] [blame] | 176 | std::string host1("encrypted.google.com"); |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 177 | std::string private_key_info1, der_cert1; |
| 178 | EXPECT_EQ(0, service_->cert_count()); |
| 179 | error = service_->GetDomainBoundCert( |
Ben Murdoch | bb1529c | 2013-08-08 10:24:53 +0100 | [diff] [blame^] | 180 | host1, &private_key_info1, &der_cert1, |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 181 | callback.callback(), &request_handle); |
| 182 | EXPECT_EQ(ERR_IO_PENDING, error); |
| 183 | EXPECT_TRUE(request_handle.is_active()); |
| 184 | error = callback.WaitForResult(); |
| 185 | EXPECT_EQ(OK, error); |
| 186 | EXPECT_EQ(1, service_->cert_count()); |
| 187 | |
Torne (Richard Coles) | c2e0dbd | 2013-05-09 18:35:53 +0100 | [diff] [blame] | 188 | std::string host2("www.verisign.com"); |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 189 | std::string private_key_info2, der_cert2; |
| 190 | error = service_->GetDomainBoundCert( |
Ben Murdoch | bb1529c | 2013-08-08 10:24:53 +0100 | [diff] [blame^] | 191 | host2, &private_key_info2, &der_cert2, |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 192 | callback.callback(), &request_handle); |
| 193 | EXPECT_EQ(ERR_IO_PENDING, error); |
| 194 | EXPECT_TRUE(request_handle.is_active()); |
| 195 | error = callback.WaitForResult(); |
| 196 | EXPECT_EQ(OK, error); |
| 197 | EXPECT_EQ(2, service_->cert_count()); |
| 198 | |
Torne (Richard Coles) | c2e0dbd | 2013-05-09 18:35:53 +0100 | [diff] [blame] | 199 | std::string host3("www.twitter.com"); |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 200 | std::string private_key_info3, der_cert3; |
| 201 | error = service_->GetDomainBoundCert( |
Ben Murdoch | bb1529c | 2013-08-08 10:24:53 +0100 | [diff] [blame^] | 202 | host3, &private_key_info3, &der_cert3, |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 203 | callback.callback(), &request_handle); |
| 204 | EXPECT_EQ(ERR_IO_PENDING, error); |
| 205 | EXPECT_TRUE(request_handle.is_active()); |
| 206 | error = callback.WaitForResult(); |
| 207 | EXPECT_EQ(OK, error); |
| 208 | EXPECT_EQ(3, service_->cert_count()); |
| 209 | |
| 210 | EXPECT_NE(private_key_info1, private_key_info2); |
| 211 | EXPECT_NE(der_cert1, der_cert2); |
| 212 | EXPECT_NE(private_key_info1, private_key_info3); |
| 213 | EXPECT_NE(der_cert1, der_cert3); |
| 214 | EXPECT_NE(private_key_info2, private_key_info3); |
| 215 | EXPECT_NE(der_cert2, der_cert3); |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 216 | } |
| 217 | |
| 218 | // Tests an inflight join. |
| 219 | TEST_F(ServerBoundCertServiceTest, InflightJoin) { |
Torne (Richard Coles) | c2e0dbd | 2013-05-09 18:35:53 +0100 | [diff] [blame] | 220 | std::string host("encrypted.google.com"); |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 221 | int error; |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 222 | |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 223 | std::string private_key_info1, der_cert1; |
| 224 | TestCompletionCallback callback1; |
| 225 | ServerBoundCertService::RequestHandle request_handle1; |
| 226 | |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 227 | std::string private_key_info2, der_cert2; |
| 228 | TestCompletionCallback callback2; |
| 229 | ServerBoundCertService::RequestHandle request_handle2; |
| 230 | |
| 231 | error = service_->GetDomainBoundCert( |
Ben Murdoch | bb1529c | 2013-08-08 10:24:53 +0100 | [diff] [blame^] | 232 | host, &private_key_info1, &der_cert1, |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 233 | callback1.callback(), &request_handle1); |
| 234 | EXPECT_EQ(ERR_IO_PENDING, error); |
| 235 | EXPECT_TRUE(request_handle1.is_active()); |
Ben Murdoch | bb1529c | 2013-08-08 10:24:53 +0100 | [diff] [blame^] | 236 | // Should join with the original request. |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 237 | error = service_->GetDomainBoundCert( |
Ben Murdoch | bb1529c | 2013-08-08 10:24:53 +0100 | [diff] [blame^] | 238 | host, &private_key_info2, &der_cert2, |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 239 | callback2.callback(), &request_handle2); |
| 240 | EXPECT_EQ(ERR_IO_PENDING, error); |
| 241 | EXPECT_TRUE(request_handle2.is_active()); |
| 242 | |
| 243 | error = callback1.WaitForResult(); |
| 244 | EXPECT_EQ(OK, error); |
| 245 | error = callback2.WaitForResult(); |
| 246 | EXPECT_EQ(OK, error); |
| 247 | |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 248 | EXPECT_EQ(2u, service_->requests()); |
| 249 | EXPECT_EQ(0u, service_->cert_store_hits()); |
| 250 | EXPECT_EQ(1u, service_->inflight_joins()); |
| 251 | } |
| 252 | |
| 253 | TEST_F(ServerBoundCertServiceTest, ExtractValuesFromBytesEC) { |
Torne (Richard Coles) | c2e0dbd | 2013-05-09 18:35:53 +0100 | [diff] [blame] | 254 | std::string host("encrypted.google.com"); |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 255 | std::string private_key_info, der_cert; |
| 256 | int error; |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 257 | TestCompletionCallback callback; |
| 258 | ServerBoundCertService::RequestHandle request_handle; |
| 259 | |
| 260 | error = service_->GetDomainBoundCert( |
Ben Murdoch | bb1529c | 2013-08-08 10:24:53 +0100 | [diff] [blame^] | 261 | host, &private_key_info, &der_cert, callback.callback(), |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 262 | &request_handle); |
| 263 | EXPECT_EQ(ERR_IO_PENDING, error); |
| 264 | EXPECT_TRUE(request_handle.is_active()); |
| 265 | error = callback.WaitForResult(); |
| 266 | EXPECT_EQ(OK, error); |
| 267 | |
| 268 | base::StringPiece spki_piece; |
| 269 | ASSERT_TRUE(asn1::ExtractSPKIFromDERCert(der_cert, &spki_piece)); |
| 270 | std::vector<uint8> spki( |
| 271 | spki_piece.data(), |
| 272 | spki_piece.data() + spki_piece.size()); |
| 273 | |
| 274 | // Check that we can retrieve the key from the bytes. |
| 275 | std::vector<uint8> key_vec(private_key_info.begin(), private_key_info.end()); |
| 276 | scoped_ptr<crypto::ECPrivateKey> private_key( |
| 277 | crypto::ECPrivateKey::CreateFromEncryptedPrivateKeyInfo( |
| 278 | ServerBoundCertService::kEPKIPassword, key_vec, spki)); |
| 279 | EXPECT_TRUE(private_key != NULL); |
| 280 | |
| 281 | // Check that we can retrieve the cert from the bytes. |
| 282 | scoped_refptr<X509Certificate> x509cert( |
| 283 | X509Certificate::CreateFromBytes(der_cert.data(), der_cert.size())); |
Torne (Richard Coles) | 868fa2f | 2013-06-11 10:57:03 +0100 | [diff] [blame] | 284 | EXPECT_TRUE(x509cert.get() != NULL); |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 285 | } |
| 286 | |
| 287 | // Tests that the callback of a canceled request is never made. |
| 288 | TEST_F(ServerBoundCertServiceTest, CancelRequest) { |
Torne (Richard Coles) | c2e0dbd | 2013-05-09 18:35:53 +0100 | [diff] [blame] | 289 | std::string host("encrypted.google.com"); |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 290 | std::string private_key_info, der_cert; |
| 291 | int error; |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 292 | ServerBoundCertService::RequestHandle request_handle; |
| 293 | |
Torne (Richard Coles) | c2e0dbd | 2013-05-09 18:35:53 +0100 | [diff] [blame] | 294 | error = service_->GetDomainBoundCert(host, |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 295 | &private_key_info, |
| 296 | &der_cert, |
| 297 | base::Bind(&FailTest), |
| 298 | &request_handle); |
| 299 | EXPECT_EQ(ERR_IO_PENDING, error); |
| 300 | EXPECT_TRUE(request_handle.is_active()); |
| 301 | request_handle.Cancel(); |
| 302 | EXPECT_FALSE(request_handle.is_active()); |
| 303 | |
| 304 | // Wait for generation to finish. |
| 305 | sequenced_worker_pool_->FlushForTesting(); |
| 306 | // Wait for reply from ServerBoundCertServiceWorker to be posted back to the |
| 307 | // ServerBoundCertService. |
Torne (Richard Coles) | 90dce4d | 2013-05-29 14:40:03 +0100 | [diff] [blame] | 308 | base::MessageLoop::current()->RunUntilIdle(); |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 309 | |
| 310 | // Even though the original request was cancelled, the service will still |
| 311 | // store the result, it just doesn't call the callback. |
| 312 | EXPECT_EQ(1, service_->cert_count()); |
| 313 | } |
| 314 | |
| 315 | // Tests that destructing the RequestHandle cancels the request. |
| 316 | TEST_F(ServerBoundCertServiceTest, CancelRequestByHandleDestruction) { |
Torne (Richard Coles) | c2e0dbd | 2013-05-09 18:35:53 +0100 | [diff] [blame] | 317 | std::string host("encrypted.google.com"); |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 318 | std::string private_key_info, der_cert; |
| 319 | int error; |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 320 | { |
| 321 | ServerBoundCertService::RequestHandle request_handle; |
| 322 | |
Torne (Richard Coles) | c2e0dbd | 2013-05-09 18:35:53 +0100 | [diff] [blame] | 323 | error = service_->GetDomainBoundCert(host, |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 324 | &private_key_info, |
| 325 | &der_cert, |
| 326 | base::Bind(&FailTest), |
| 327 | &request_handle); |
| 328 | EXPECT_EQ(ERR_IO_PENDING, error); |
| 329 | EXPECT_TRUE(request_handle.is_active()); |
| 330 | } |
| 331 | |
| 332 | // Wait for generation to finish. |
| 333 | sequenced_worker_pool_->FlushForTesting(); |
| 334 | // Wait for reply from ServerBoundCertServiceWorker to be posted back to the |
| 335 | // ServerBoundCertService. |
Torne (Richard Coles) | 90dce4d | 2013-05-29 14:40:03 +0100 | [diff] [blame] | 336 | base::MessageLoop::current()->RunUntilIdle(); |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 337 | |
| 338 | // Even though the original request was cancelled, the service will still |
| 339 | // store the result, it just doesn't call the callback. |
| 340 | EXPECT_EQ(1, service_->cert_count()); |
| 341 | } |
| 342 | |
| 343 | TEST_F(ServerBoundCertServiceTest, DestructionWithPendingRequest) { |
Torne (Richard Coles) | c2e0dbd | 2013-05-09 18:35:53 +0100 | [diff] [blame] | 344 | std::string host("encrypted.google.com"); |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 345 | std::string private_key_info, der_cert; |
| 346 | int error; |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 347 | ServerBoundCertService::RequestHandle request_handle; |
| 348 | |
Torne (Richard Coles) | c2e0dbd | 2013-05-09 18:35:53 +0100 | [diff] [blame] | 349 | error = service_->GetDomainBoundCert(host, |
Torne (Richard Coles) | c2e0dbd | 2013-05-09 18:35:53 +0100 | [diff] [blame] | 350 | &private_key_info, |
| 351 | &der_cert, |
| 352 | base::Bind(&FailTest), |
| 353 | &request_handle); |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 354 | EXPECT_EQ(ERR_IO_PENDING, error); |
| 355 | EXPECT_TRUE(request_handle.is_active()); |
| 356 | |
| 357 | // Cancel request and destroy the ServerBoundCertService. |
| 358 | request_handle.Cancel(); |
| 359 | service_.reset(); |
| 360 | |
| 361 | // Wait for generation to finish. |
| 362 | sequenced_worker_pool_->FlushForTesting(); |
| 363 | // ServerBoundCertServiceWorker should not post anything back to the |
| 364 | // non-existant ServerBoundCertService, but run the loop just to be sure it |
| 365 | // doesn't. |
Torne (Richard Coles) | 90dce4d | 2013-05-29 14:40:03 +0100 | [diff] [blame] | 366 | base::MessageLoop::current()->RunUntilIdle(); |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 367 | |
| 368 | // If we got here without crashing or a valgrind error, it worked. |
| 369 | } |
| 370 | |
Torne (Richard Coles) | b2df76e | 2013-05-13 16:52:09 +0100 | [diff] [blame] | 371 | // Tests that shutting down the sequenced worker pool and then making new |
| 372 | // requests gracefully fails. |
| 373 | // This is a regression test for http://crbug.com/236387 |
| 374 | TEST_F(ServerBoundCertServiceTest, RequestAfterPoolShutdown) { |
| 375 | // Shutdown the pool immediately. |
| 376 | sequenced_worker_pool_->Shutdown(); |
| 377 | sequenced_worker_pool_ = NULL; |
| 378 | |
| 379 | // Ensure any shutdown code is processed. |
Torne (Richard Coles) | 90dce4d | 2013-05-29 14:40:03 +0100 | [diff] [blame] | 380 | base::MessageLoop::current()->RunUntilIdle(); |
Torne (Richard Coles) | b2df76e | 2013-05-13 16:52:09 +0100 | [diff] [blame] | 381 | |
| 382 | // Make a request that will force synchronous completion. |
| 383 | std::string host("encrypted.google.com"); |
Torne (Richard Coles) | b2df76e | 2013-05-13 16:52:09 +0100 | [diff] [blame] | 384 | std::string private_key_info, der_cert; |
| 385 | int error; |
Torne (Richard Coles) | b2df76e | 2013-05-13 16:52:09 +0100 | [diff] [blame] | 386 | ServerBoundCertService::RequestHandle request_handle; |
| 387 | |
| 388 | error = service_->GetDomainBoundCert(host, |
Torne (Richard Coles) | b2df76e | 2013-05-13 16:52:09 +0100 | [diff] [blame] | 389 | &private_key_info, |
| 390 | &der_cert, |
| 391 | base::Bind(&FailTest), |
| 392 | &request_handle); |
| 393 | // If we got here without crashing or a valgrind error, it worked. |
| 394 | ASSERT_EQ(ERR_INSUFFICIENT_RESOURCES, error); |
| 395 | EXPECT_FALSE(request_handle.is_active()); |
| 396 | } |
| 397 | |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 398 | // Tests that simultaneous creation of different certs works. |
| 399 | TEST_F(ServerBoundCertServiceTest, SimultaneousCreation) { |
| 400 | int error; |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 401 | |
Torne (Richard Coles) | c2e0dbd | 2013-05-09 18:35:53 +0100 | [diff] [blame] | 402 | std::string host1("encrypted.google.com"); |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 403 | std::string private_key_info1, der_cert1; |
| 404 | TestCompletionCallback callback1; |
| 405 | ServerBoundCertService::RequestHandle request_handle1; |
| 406 | |
Torne (Richard Coles) | c2e0dbd | 2013-05-09 18:35:53 +0100 | [diff] [blame] | 407 | std::string host2("foo.com"); |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 408 | std::string private_key_info2, der_cert2; |
| 409 | TestCompletionCallback callback2; |
| 410 | ServerBoundCertService::RequestHandle request_handle2; |
| 411 | |
Torne (Richard Coles) | c2e0dbd | 2013-05-09 18:35:53 +0100 | [diff] [blame] | 412 | std::string host3("bar.com"); |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 413 | std::string private_key_info3, der_cert3; |
| 414 | TestCompletionCallback callback3; |
| 415 | ServerBoundCertService::RequestHandle request_handle3; |
| 416 | |
Torne (Richard Coles) | c2e0dbd | 2013-05-09 18:35:53 +0100 | [diff] [blame] | 417 | error = service_->GetDomainBoundCert(host1, |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 418 | &private_key_info1, |
| 419 | &der_cert1, |
| 420 | callback1.callback(), |
| 421 | &request_handle1); |
| 422 | EXPECT_EQ(ERR_IO_PENDING, error); |
| 423 | EXPECT_TRUE(request_handle1.is_active()); |
| 424 | |
Torne (Richard Coles) | c2e0dbd | 2013-05-09 18:35:53 +0100 | [diff] [blame] | 425 | error = service_->GetDomainBoundCert(host2, |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 426 | &private_key_info2, |
| 427 | &der_cert2, |
| 428 | callback2.callback(), |
| 429 | &request_handle2); |
| 430 | EXPECT_EQ(ERR_IO_PENDING, error); |
| 431 | EXPECT_TRUE(request_handle2.is_active()); |
| 432 | |
Torne (Richard Coles) | c2e0dbd | 2013-05-09 18:35:53 +0100 | [diff] [blame] | 433 | error = service_->GetDomainBoundCert(host3, |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 434 | &private_key_info3, |
| 435 | &der_cert3, |
| 436 | callback3.callback(), |
| 437 | &request_handle3); |
| 438 | EXPECT_EQ(ERR_IO_PENDING, error); |
| 439 | EXPECT_TRUE(request_handle3.is_active()); |
| 440 | |
| 441 | error = callback1.WaitForResult(); |
| 442 | EXPECT_EQ(OK, error); |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 443 | EXPECT_FALSE(private_key_info1.empty()); |
| 444 | EXPECT_FALSE(der_cert1.empty()); |
| 445 | |
| 446 | error = callback2.WaitForResult(); |
| 447 | EXPECT_EQ(OK, error); |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 448 | EXPECT_FALSE(private_key_info2.empty()); |
| 449 | EXPECT_FALSE(der_cert2.empty()); |
| 450 | |
| 451 | error = callback3.WaitForResult(); |
| 452 | EXPECT_EQ(OK, error); |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 453 | EXPECT_FALSE(private_key_info3.empty()); |
| 454 | EXPECT_FALSE(der_cert3.empty()); |
| 455 | |
| 456 | EXPECT_NE(private_key_info1, private_key_info2); |
| 457 | EXPECT_NE(der_cert1, der_cert2); |
| 458 | |
| 459 | EXPECT_NE(private_key_info1, private_key_info3); |
| 460 | EXPECT_NE(der_cert1, der_cert3); |
| 461 | |
| 462 | EXPECT_NE(private_key_info2, private_key_info3); |
| 463 | EXPECT_NE(der_cert2, der_cert3); |
| 464 | |
| 465 | EXPECT_EQ(3, service_->cert_count()); |
| 466 | } |
| 467 | |
| 468 | TEST_F(ServerBoundCertServiceTest, Expiration) { |
| 469 | ServerBoundCertStore* store = service_->GetCertStore(); |
| 470 | base::Time now = base::Time::Now(); |
| 471 | store->SetServerBoundCert("good", |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 472 | now, |
| 473 | now + base::TimeDelta::FromDays(1), |
| 474 | "a", |
| 475 | "b"); |
| 476 | store->SetServerBoundCert("expired", |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 477 | now - base::TimeDelta::FromDays(2), |
| 478 | now - base::TimeDelta::FromDays(1), |
| 479 | "c", |
| 480 | "d"); |
| 481 | EXPECT_EQ(2, service_->cert_count()); |
| 482 | |
| 483 | int error; |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 484 | TestCompletionCallback callback; |
| 485 | ServerBoundCertService::RequestHandle request_handle; |
| 486 | |
Torne (Richard Coles) | c2e0dbd | 2013-05-09 18:35:53 +0100 | [diff] [blame] | 487 | // Cert is valid - synchronous completion. |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 488 | std::string private_key_info1, der_cert1; |
| 489 | error = service_->GetDomainBoundCert( |
Ben Murdoch | bb1529c | 2013-08-08 10:24:53 +0100 | [diff] [blame^] | 490 | "good", &private_key_info1, &der_cert1, |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 491 | callback.callback(), &request_handle); |
| 492 | EXPECT_EQ(OK, error); |
| 493 | EXPECT_FALSE(request_handle.is_active()); |
| 494 | EXPECT_EQ(2, service_->cert_count()); |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 495 | EXPECT_STREQ("a", private_key_info1.c_str()); |
| 496 | EXPECT_STREQ("b", der_cert1.c_str()); |
| 497 | |
Torne (Richard Coles) | c2e0dbd | 2013-05-09 18:35:53 +0100 | [diff] [blame] | 498 | // Expired cert is valid as well - synchronous completion. |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 499 | std::string private_key_info2, der_cert2; |
| 500 | error = service_->GetDomainBoundCert( |
Ben Murdoch | bb1529c | 2013-08-08 10:24:53 +0100 | [diff] [blame^] | 501 | "expired", &private_key_info2, &der_cert2, |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 502 | callback.callback(), &request_handle); |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 503 | EXPECT_EQ(OK, error); |
Torne (Richard Coles) | c2e0dbd | 2013-05-09 18:35:53 +0100 | [diff] [blame] | 504 | EXPECT_FALSE(request_handle.is_active()); |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 505 | EXPECT_EQ(2, service_->cert_count()); |
Torne (Richard Coles) | c2e0dbd | 2013-05-09 18:35:53 +0100 | [diff] [blame] | 506 | EXPECT_STREQ("c", private_key_info2.c_str()); |
| 507 | EXPECT_STREQ("d", der_cert2.c_str()); |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 508 | } |
| 509 | |
Ben Murdoch | bb1529c | 2013-08-08 10:24:53 +0100 | [diff] [blame^] | 510 | TEST_F(ServerBoundCertServiceTest, AsyncStoreGetNoCertsInStore) { |
| 511 | MockServerBoundCertStoreWithAsyncGet* mock_store = |
| 512 | new MockServerBoundCertStoreWithAsyncGet(); |
| 513 | service_ = scoped_ptr<ServerBoundCertService>( |
| 514 | new ServerBoundCertService(mock_store, sequenced_worker_pool_)); |
| 515 | |
| 516 | std::string host("encrypted.google.com"); |
| 517 | |
| 518 | int error; |
| 519 | TestCompletionCallback callback; |
| 520 | ServerBoundCertService::RequestHandle request_handle; |
| 521 | |
| 522 | // Asynchronous completion with no certs in the store. |
| 523 | std::string private_key_info, der_cert; |
| 524 | EXPECT_EQ(0, service_->cert_count()); |
| 525 | error = service_->GetDomainBoundCert( |
| 526 | host, &private_key_info, &der_cert, callback.callback(), &request_handle); |
| 527 | EXPECT_EQ(ERR_IO_PENDING, error); |
| 528 | EXPECT_TRUE(request_handle.is_active()); |
| 529 | |
| 530 | mock_store->CallGetServerBoundCertCallbackWithResult( |
| 531 | ERR_FILE_NOT_FOUND, base::Time(), std::string(), std::string()); |
| 532 | |
| 533 | error = callback.WaitForResult(); |
| 534 | EXPECT_EQ(OK, error); |
| 535 | EXPECT_EQ(1, service_->cert_count()); |
| 536 | EXPECT_FALSE(private_key_info.empty()); |
| 537 | EXPECT_FALSE(der_cert.empty()); |
| 538 | EXPECT_FALSE(request_handle.is_active()); |
| 539 | } |
| 540 | |
| 541 | TEST_F(ServerBoundCertServiceTest, AsyncStoreGetOneCertInStore) { |
| 542 | MockServerBoundCertStoreWithAsyncGet* mock_store = |
| 543 | new MockServerBoundCertStoreWithAsyncGet(); |
| 544 | service_ = scoped_ptr<ServerBoundCertService>( |
| 545 | new ServerBoundCertService(mock_store, sequenced_worker_pool_)); |
| 546 | |
| 547 | std::string host("encrypted.google.com"); |
| 548 | |
| 549 | int error; |
| 550 | TestCompletionCallback callback; |
| 551 | ServerBoundCertService::RequestHandle request_handle; |
| 552 | |
| 553 | // Asynchronous completion with a cert in the store. |
| 554 | std::string private_key_info, der_cert; |
| 555 | EXPECT_EQ(0, service_->cert_count()); |
| 556 | error = service_->GetDomainBoundCert( |
| 557 | host, &private_key_info, &der_cert, callback.callback(), &request_handle); |
| 558 | EXPECT_EQ(ERR_IO_PENDING, error); |
| 559 | EXPECT_TRUE(request_handle.is_active()); |
| 560 | |
| 561 | mock_store->CallGetServerBoundCertCallbackWithResult( |
| 562 | OK, base::Time(), "ab", "cd"); |
| 563 | |
| 564 | error = callback.WaitForResult(); |
| 565 | EXPECT_EQ(OK, error); |
| 566 | EXPECT_EQ(1, service_->cert_count()); |
| 567 | EXPECT_EQ(1u, service_->requests()); |
| 568 | EXPECT_EQ(1u, service_->cert_store_hits()); |
| 569 | // Because the cert was found in the store, no new workers should have been |
| 570 | // created. |
| 571 | EXPECT_EQ(0u, service_->workers_created()); |
| 572 | EXPECT_STREQ("ab", private_key_info.c_str()); |
| 573 | EXPECT_STREQ("cd", der_cert.c_str()); |
| 574 | EXPECT_FALSE(request_handle.is_active()); |
| 575 | } |
| 576 | |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 577 | #endif // !defined(USE_OPENSSL) |
| 578 | |
| 579 | } // namespace |
| 580 | |
| 581 | } // namespace net |