diff options
author | tbarzic@chromium.org <tbarzic@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-01-28 06:17:00 +0000 |
---|---|---|
committer | tbarzic@chromium.org <tbarzic@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-01-28 06:17:00 +0000 |
commit | 69295bad5da2d9ddc84f0ed196dc3efcce3e239c (patch) | |
tree | ea58a49fce76df7bcd43e083ca79003a4bd36e40 /chromeos/network/network_cert_migrator_unittest.cc | |
parent | fb7b39f067140c5bd66f38f23fcdb95eb0f71a78 (diff) | |
download | chromium_src-69295bad5da2d9ddc84f0ed196dc3efcce3e239c.zip chromium_src-69295bad5da2d9ddc84f0ed196dc3efcce3e239c.tar.gz chromium_src-69295bad5da2d9ddc84f0ed196dc3efcce3e239c.tar.bz2 |
Use user specific NSSDatabase in CertLoader.
CertLoader is still global object, but it now loads only primary
user's certificates. Loading only primary user's certificates
is ok, since shill only uses primary user's network profile
(and currently only network stack is interested in certificates from CertLoader).
Added some tests for CertLoader and NetworkConnectionHandler.
BUG=315343
Review URL: https://codereview.chromium.org/135193007
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@247414 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chromeos/network/network_cert_migrator_unittest.cc')
-rw-r--r-- | chromeos/network/network_cert_migrator_unittest.cc | 60 |
1 files changed, 28 insertions, 32 deletions
diff --git a/chromeos/network/network_cert_migrator_unittest.cc b/chromeos/network/network_cert_migrator_unittest.cc index 247bda5..3f94607 100644 --- a/chromeos/network/network_cert_migrator_unittest.cc +++ b/chromeos/network/network_cert_migrator_unittest.cc @@ -12,14 +12,14 @@ #include "chromeos/cert_loader.h" #include "chromeos/dbus/dbus_thread_manager.h" #include "chromeos/dbus/shill_service_client.h" -#include "chromeos/login/login_state.h" #include "chromeos/network/network_state_handler.h" #include "chromeos/tpm_token_loader.h" #include "crypto/nss_util.h" +#include "crypto/nss_util_internal.h" #include "net/base/crypto_module.h" #include "net/base/net_errors.h" #include "net/base/test_data_directory.h" -#include "net/cert/nss_cert_database.h" +#include "net/cert/nss_cert_database_chromeos.h" #include "net/cert/x509_certificate.h" #include "net/test/cert_test_util.h" #include "testing/gtest/include/gtest/gtest.h" @@ -38,40 +38,39 @@ const char* kFakePEM = "pem"; class NetworkCertMigratorTest : public testing::Test { public: - NetworkCertMigratorTest() {} + NetworkCertMigratorTest() : service_test_(NULL), + user_("user_hash") { + } virtual ~NetworkCertMigratorTest() {} virtual void SetUp() OVERRIDE { - ASSERT_TRUE(test_nssdb_.is_open()); - slot_ = net::NSSCertDatabase::GetInstance()->GetPublicModule(); - ASSERT_TRUE(slot_->os_module_handle()); - - LoginState::Initialize(); + // Initialize NSS db for the user. + ASSERT_TRUE(user_.constructed_successfully()); + user_.FinishInit(); + test_nssdb_.reset(new net::NSSCertDatabaseChromeOS( + crypto::GetPublicSlotForChromeOSUser(user_.username_hash()), + crypto::GetPrivateSlotForChromeOSUser( + user_.username_hash(), + base::Callback<void(crypto::ScopedPK11Slot)>()))); DBusThreadManager::InitializeWithStub(); service_test_ = DBusThreadManager::Get()->GetShillServiceClient()->GetTestInterface(); - message_loop_.RunUntilIdle(); + base::RunLoop().RunUntilIdle(); service_test_->ClearServices(); - message_loop_.RunUntilIdle(); - - TPMTokenLoader::Initialize(); - TPMTokenLoader* tpm_token_loader = TPMTokenLoader::Get(); - tpm_token_loader->InitializeTPMForTest(); - tpm_token_loader->SetCryptoTaskRunner(message_loop_.message_loop_proxy()); + base::RunLoop().RunUntilIdle(); CertLoader::Initialize(); - CertLoader::Get()->SetSlowTaskRunnerForTest( - message_loop_.message_loop_proxy()); + CertLoader* cert_loader_ = CertLoader::Get(); + cert_loader_->SetSlowTaskRunnerForTest(message_loop_.message_loop_proxy()); + cert_loader_->StartWithNSSDB(test_nssdb_.get()); } virtual void TearDown() OVERRIDE { network_cert_migrator_.reset(); network_state_handler_.reset(); CertLoader::Shutdown(); - TPMTokenLoader::Shutdown(); DBusThreadManager::Shutdown(); - LoginState::Shutdown(); CleanupTestCert(); } @@ -91,11 +90,10 @@ class NetworkCertMigratorTest : public testing::Test { test_ca_cert_ = net::X509Certificate::CreateFromBytesWithNickname( der_encoded.data(), der_encoded.size(), kNSSNickname); - net::NSSCertDatabase* cert_database = net::NSSCertDatabase::GetInstance(); net::CertificateList cert_list; cert_list.push_back(test_ca_cert_); net::NSSCertDatabase::ImportCertFailureList failures; - EXPECT_TRUE(cert_database->ImportCACerts( + EXPECT_TRUE(test_nssdb_->ImportCACerts( cert_list, net::NSSCertDatabase::TRUST_DEFAULT, &failures)); ASSERT_TRUE(failures.empty()) << net::ErrorToString(failures[0].net_error); } @@ -181,14 +179,13 @@ class NetworkCertMigratorTest : public testing::Test { private: void CleanupTestCert() { - ASSERT_TRUE(net::NSSCertDatabase::GetInstance()->DeleteCertAndKey( - test_ca_cert_.get())); + ASSERT_TRUE(test_nssdb_->DeleteCertAndKey(test_ca_cert_.get())); } scoped_ptr<NetworkStateHandler> network_state_handler_; scoped_ptr<NetworkCertMigrator> network_cert_migrator_; - scoped_refptr<net::CryptoModule> slot_; - crypto::ScopedTestNSSDB test_nssdb_; + crypto::ScopedTestNSSChromeOSUser user_; + scoped_ptr<net::NSSCertDatabaseChromeOS> test_nssdb_; DISALLOW_COPY_AND_ASSIGN(NetworkCertMigratorTest); }; @@ -199,7 +196,7 @@ TEST_F(NetworkCertMigratorTest, MigrateNssOnInitialization) { SetupTestCACert(); SetupNetworkHandlers(); - message_loop_.RunUntilIdle(); + base::RunLoop().RunUntilIdle(); std::string nss_nickname, ca_pem; GetEapCACertProperties(&nss_nickname, &ca_pem); EXPECT_TRUE(nss_nickname.empty()); @@ -209,12 +206,12 @@ TEST_F(NetworkCertMigratorTest, MigrateNssOnInitialization) { TEST_F(NetworkCertMigratorTest, MigrateNssOnNetworkAppearance) { SetupTestCACert(); SetupNetworkHandlers(); - message_loop_.RunUntilIdle(); + base::RunLoop().RunUntilIdle(); // Add a new network for migration after the handlers are initialized. SetupWifiWithNss(); - message_loop_.RunUntilIdle(); + base::RunLoop().RunUntilIdle(); std::string nss_nickname, ca_pem; GetEapCACertProperties(&nss_nickname, &ca_pem); EXPECT_TRUE(nss_nickname.empty()); @@ -231,7 +228,7 @@ TEST_F(NetworkCertMigratorTest, DoNotMigrateNssIfPemSet) { SetupTestCACert(); SetupNetworkHandlers(); - message_loop_.RunUntilIdle(); + base::RunLoop().RunUntilIdle(); std::string nss_nickname, ca_pem; GetEapCACertProperties(&nss_nickname, &ca_pem); @@ -246,7 +243,7 @@ TEST_F(NetworkCertMigratorTest, MigrateOpenVpn) { SetupTestCACert(); SetupNetworkHandlers(); - message_loop_.RunUntilIdle(); + base::RunLoop().RunUntilIdle(); std::string nss_nickname, ca_pem; GetVpnCACertProperties(true /* OpenVPN */, &nss_nickname, &ca_pem); EXPECT_TRUE(nss_nickname.empty()); @@ -260,12 +257,11 @@ TEST_F(NetworkCertMigratorTest, MigrateIpsecVpn) { SetupTestCACert(); SetupNetworkHandlers(); - message_loop_.RunUntilIdle(); + base::RunLoop().RunUntilIdle(); std::string nss_nickname, ca_pem; GetVpnCACertProperties(false /* not OpenVPN */, &nss_nickname, &ca_pem); EXPECT_TRUE(nss_nickname.empty()); EXPECT_EQ(test_ca_cert_pem_, ca_pem); } - } // namespace chromeos |