Support sending client certificates when validating tokens.

I chose to add a new certificate auto-selection policy, because the existing certificate auto-selection is very coupled with Chrome. The existing AutoSelectCertificateUrls requires chrome/common/content_settings_pattern.h (which depends on other browser specific files, and is otherwise very browser-specific logic) to parse the URL pattern, and chrome/browser/chrome_content_browser_client.cc to match the certificate.

Also, URLFetcher doesn't support sending certificates, and supporting it is a strict non-goal ( https://codereview.chromium.org/136883010/ ), so I had to use the lower level URLRequest, and have tokenvalidator do its own buffering.

Finally, the client certificate store has some unpleasant lifetime requirements, so there are some hacks to deal with that as well.

BUG=315825

Review URL: https://codereview.chromium.org/133273025

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@246456 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 50 insertions, 21 deletions

diff --git a/remoting/host/token_validator_factory_impl_unittest.cc b/remoting/host/token_validator_factory_impl_unittest.cc
index 18208fa..4645711 100644
--- a/remoting/host/token_validator_factory_impl_unittest.cc
+++ b/remoting/host/token_validator_factory_impl_unittest.cc
@@ -9,8 +9,10 @@
 #include "base/json/json_writer.h"
 #include "base/values.h"
 #include "net/http/http_status_code.h"
-#include "net/url_request/test_url_fetcher_factory.h"
+#include "net/url_request/url_request_job_factory.h"
+#include "net/url_request/url_request_job_factory_impl.h"
 #include "net/url_request/url_request_status.h"
+#include "net/url_request/url_request_test_job.h"
 #include "net/url_request/url_request_test_util.h"
 #include "remoting/base/rsa_key_pair.h"
 #include "remoting/base/test_rsa_key_pair.h"
@@ -22,6 +24,7 @@ namespace {
 
 const char kTokenUrl[] = "https://example.com/token";
 const char kTokenValidationUrl[] = "https://example.com/validate";
+const char kTokenValidationCertIssuer[] = "";
 const char kLocalJid[] = "user@example.com/local";
 const char kRemoteJid[] = "user@example.com/remote";
 const char kToken[] = "xyz123456";
@@ -31,6 +34,24 @@ const char kSharedSecret[] = "abcdefgh";
 const char kBadScope[] =
     "client:user@example.com/local host:user@example.com/remote";
 
+class FakeProtocolHandler : public net::URLRequestJobFactory::ProtocolHandler {
+ public:
+  FakeProtocolHandler(const std::string& headers, const std::string& response)
+      : headers_(headers),
+        response_(response) {
+  }
+  virtual net::URLRequestJob* MaybeCreateJob(
+      net::URLRequest* request, net::NetworkDelegate* network_delegate) const
+      OVERRIDE {
+    return new net::URLRequestTestJob(
+        request, network_delegate, headers_, response_, true);
+  }
+
+ private:
+  std::string headers_;
+  std::string response_;
+};
+
 }  // namespace
 
 namespace remoting {
@@ -60,9 +81,12 @@ class TokenValidatorFactoryImplTest : public testing::Test {
     key_pair_ = RsaKeyPair::FromString(kTestRsaKeyPair);
     request_context_getter_ = new net::TestURLRequestContextGetter(
         message_loop_.message_loop_proxy());
+    ThirdPartyAuthConfig config;
+    config.token_url = GURL(kTokenUrl);
+    config.token_validation_url = GURL(kTokenValidationUrl);
+    config.token_validation_cert_issuer = kTokenValidationCertIssuer;
     token_validator_factory_.reset(new TokenValidatorFactoryImpl(
-        GURL(kTokenUrl), GURL(kTokenValidationUrl), key_pair_,
-        request_context_getter_));
+        config, key_pair_, request_context_getter_));
   }
 
   static std::string CreateResponse(const std::string& scope) {
@@ -83,6 +107,15 @@ class TokenValidatorFactoryImplTest : public testing::Test {
     return response;
   }
 
+
+  void SetResponse(const std::string& headers, const std::string& response) {
+    net::URLRequestJobFactoryImpl* factory =
+        new net::URLRequestJobFactoryImpl();
+    factory->SetProtocolHandler(
+        "https", new FakeProtocolHandler(headers, response));
+    request_context_getter_->GetURLRequestContext()->set_job_factory(factory);
+  }
+
   base::MessageLoop message_loop_;
   scoped_refptr<RsaKeyPair> key_pair_;
   scoped_refptr<net::URLRequestContextGetter> request_context_getter_;
@@ -92,13 +125,12 @@ class TokenValidatorFactoryImplTest : public testing::Test {
 };
 
 TEST_F(TokenValidatorFactoryImplTest, Success) {
-  net::FakeURLFetcherFactory factory(NULL);
   token_validator_ = token_validator_factory_->CreateTokenValidator(
       kLocalJid, kRemoteJid);
-  factory.SetFakeResponse(
-      GURL(kTokenValidationUrl),
-      CreateResponse(token_validator_->token_scope()),
-      net::HTTP_OK, net::URLRequestStatus::SUCCESS);
+
+  SetResponse(net::URLRequestTestJob::test_headers(),
+              CreateResponse(token_validator_->token_scope()));
+
   token_validator_->ValidateThirdPartyToken(
       kToken, base::Bind(&TokenValidatorFactoryImplTest::SuccessCallback,
                              base::Unretained(this)));
@@ -106,12 +138,11 @@ TEST_F(TokenValidatorFactoryImplTest, Success) {
 }
 
 TEST_F(TokenValidatorFactoryImplTest, BadToken) {
-  net::FakeURLFetcherFactory factory(NULL);
   token_validator_ = token_validator_factory_->CreateTokenValidator(
       kLocalJid, kRemoteJid);
-  factory.SetFakeResponse(GURL(kTokenValidationUrl), std::string(),
-                          net::HTTP_INTERNAL_SERVER_ERROR,
-                          net::URLRequestStatus::FAILED);
+
+  SetResponse(net::URLRequestTestJob::test_error_headers(), std::string());
+
   token_validator_->ValidateThirdPartyToken(
       kToken, base::Bind(&TokenValidatorFactoryImplTest::FailureCallback,
                              base::Unretained(this)));
@@ -119,12 +150,12 @@ TEST_F(TokenValidatorFactoryImplTest, BadToken) {
 }
 
 TEST_F(TokenValidatorFactoryImplTest, BadScope) {
-  net::FakeURLFetcherFactory factory(NULL);
   token_validator_ = token_validator_factory_->CreateTokenValidator(
       kLocalJid, kRemoteJid);
-  factory.SetFakeResponse(
-      GURL(kTokenValidationUrl), CreateResponse(kBadScope), net::HTTP_OK,
-           net::URLRequestStatus::SUCCESS);
+
+  SetResponse(net::URLRequestTestJob::test_headers(),
+              CreateResponse(kBadScope));
+
   token_validator_->ValidateThirdPartyToken(
       kToken, base::Bind(&TokenValidatorFactoryImplTest::FailureCallback,
                          base::Unretained(this)));
@@ -132,13 +163,11 @@ TEST_F(TokenValidatorFactoryImplTest, BadScope) {
 }
 
 TEST_F(TokenValidatorFactoryImplTest, DeleteOnFailure) {
-  net::FakeURLFetcherFactory factory(NULL);
   token_validator_ = token_validator_factory_->CreateTokenValidator(
       kLocalJid, kRemoteJid);
-  factory.SetFakeResponse(GURL(kTokenValidationUrl),
-                          std::string(),
-                          net::HTTP_INTERNAL_SERVER_ERROR,
-                          net::URLRequestStatus::FAILED);
+
+  SetResponse(net::URLRequestTestJob::test_error_headers(), std::string());
+
   token_validator_->ValidateThirdPartyToken(
       kToken, base::Bind(
           &TokenValidatorFactoryImplTest::DeleteOnFailureCallback,