• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright (c) 2009 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #include "net/ssl/ssl_client_auth_cache.h"
6 
7 #include "base/time/time.h"
8 #include "net/cert/x509_certificate.h"
9 #include "testing/gtest/include/gtest/gtest.h"
10 
11 namespace net {
12 
TEST(SSLClientAuthCacheTest,LookupAddRemove)13 TEST(SSLClientAuthCacheTest, LookupAddRemove) {
14   SSLClientAuthCache cache;
15 
16   base::Time start_date = base::Time::Now();
17   base::Time expiration_date = start_date + base::TimeDelta::FromDays(1);
18 
19   HostPortPair server1("foo1", 443);
20   scoped_refptr<X509Certificate> cert1(
21       new X509Certificate("foo1", "CA", start_date, expiration_date));
22 
23   HostPortPair server2("foo2", 443);
24   scoped_refptr<X509Certificate> cert2(
25       new X509Certificate("foo2", "CA", start_date, expiration_date));
26 
27   HostPortPair server3("foo3", 443);
28   scoped_refptr<X509Certificate> cert3(
29     new X509Certificate("foo3", "CA", start_date, expiration_date));
30 
31   scoped_refptr<X509Certificate> cached_cert;
32   // Lookup non-existent client certificate.
33   cached_cert = NULL;
34   EXPECT_FALSE(cache.Lookup(server1, &cached_cert));
35 
36   // Add client certificate for server1.
37   cache.Add(server1, cert1.get());
38   cached_cert = NULL;
39   EXPECT_TRUE(cache.Lookup(server1, &cached_cert));
40   EXPECT_EQ(cert1, cached_cert);
41 
42   // Add client certificate for server2.
43   cache.Add(server2, cert2.get());
44   cached_cert = NULL;
45   EXPECT_TRUE(cache.Lookup(server1, &cached_cert));
46   EXPECT_EQ(cert1.get(), cached_cert.get());
47   cached_cert = NULL;
48   EXPECT_TRUE(cache.Lookup(server2, &cached_cert));
49   EXPECT_EQ(cert2, cached_cert);
50 
51   // Overwrite the client certificate for server1.
52   cache.Add(server1, cert3.get());
53   cached_cert = NULL;
54   EXPECT_TRUE(cache.Lookup(server1, &cached_cert));
55   EXPECT_EQ(cert3, cached_cert);
56   cached_cert = NULL;
57   EXPECT_TRUE(cache.Lookup(server2, &cached_cert));
58   EXPECT_EQ(cert2, cached_cert);
59 
60   // Remove client certificate of server1.
61   cache.Remove(server1);
62   cached_cert = NULL;
63   EXPECT_FALSE(cache.Lookup(server1, &cached_cert));
64   cached_cert = NULL;
65   EXPECT_TRUE(cache.Lookup(server2, &cached_cert));
66   EXPECT_EQ(cert2, cached_cert);
67 
68   // Remove non-existent client certificate.
69   cache.Remove(server1);
70   cached_cert = NULL;
71   EXPECT_FALSE(cache.Lookup(server1, &cached_cert));
72   cached_cert = NULL;
73   EXPECT_TRUE(cache.Lookup(server2, &cached_cert));
74   EXPECT_EQ(cert2, cached_cert);
75 }
76 
77 // Check that if the server differs only by port number, it is considered
78 // a separate server.
TEST(SSLClientAuthCacheTest,LookupWithPort)79 TEST(SSLClientAuthCacheTest, LookupWithPort) {
80   SSLClientAuthCache cache;
81 
82   base::Time start_date = base::Time::Now();
83   base::Time expiration_date = start_date + base::TimeDelta::FromDays(1);
84 
85   HostPortPair server1("foo", 443);
86   scoped_refptr<X509Certificate> cert1(
87       new X509Certificate("foo", "CA", start_date, expiration_date));
88 
89   HostPortPair server2("foo", 8443);
90   scoped_refptr<X509Certificate> cert2(
91       new X509Certificate("foo", "CA", start_date, expiration_date));
92 
93   cache.Add(server1, cert1.get());
94   cache.Add(server2, cert2.get());
95 
96   scoped_refptr<X509Certificate> cached_cert;
97   EXPECT_TRUE(cache.Lookup(server1, &cached_cert));
98   EXPECT_EQ(cert1.get(), cached_cert.get());
99   EXPECT_TRUE(cache.Lookup(server2, &cached_cert));
100   EXPECT_EQ(cert2.get(), cached_cert.get());
101 }
102 
103 // Check that the a NULL certificate, indicating the user has declined to send
104 // a certificate, is properly cached.
TEST(SSLClientAuthCacheTest,LookupNullPreference)105 TEST(SSLClientAuthCacheTest, LookupNullPreference) {
106   SSLClientAuthCache cache;
107   base::Time start_date = base::Time::Now();
108   base::Time expiration_date = start_date + base::TimeDelta::FromDays(1);
109 
110   HostPortPair server1("foo", 443);
111   scoped_refptr<X509Certificate> cert1(
112       new X509Certificate("foo", "CA", start_date, expiration_date));
113 
114   cache.Add(server1, NULL);
115 
116   scoped_refptr<X509Certificate> cached_cert(cert1);
117   // Make sure that |cached_cert| is updated to NULL, indicating the user
118   // declined to send a certificate to |server1|.
119   EXPECT_TRUE(cache.Lookup(server1, &cached_cert));
120   EXPECT_EQ(NULL, cached_cert.get());
121 
122   // Remove the existing cached certificate.
123   cache.Remove(server1);
124   cached_cert = NULL;
125   EXPECT_FALSE(cache.Lookup(server1, &cached_cert));
126 
127   // Add a new preference for a specific certificate.
128   cache.Add(server1, cert1.get());
129   cached_cert = NULL;
130   EXPECT_TRUE(cache.Lookup(server1, &cached_cert));
131   EXPECT_EQ(cert1, cached_cert);
132 
133   // Replace the specific preference with a NULL certificate.
134   cache.Add(server1, NULL);
135   cached_cert = NULL;
136   EXPECT_TRUE(cache.Lookup(server1, &cached_cert));
137   EXPECT_EQ(NULL, cached_cert.get());
138 }
139 
140 // Check that the OnCertAdded() method removes all cache entries.
TEST(SSLClientAuthCacheTest,OnCertAdded)141 TEST(SSLClientAuthCacheTest, OnCertAdded) {
142   SSLClientAuthCache cache;
143   base::Time start_date = base::Time::Now();
144   base::Time expiration_date = start_date + base::TimeDelta::FromDays(1);
145 
146   HostPortPair server1("foo", 443);
147   scoped_refptr<X509Certificate> cert1(
148       new X509Certificate("foo", "CA", start_date, expiration_date));
149 
150   cache.Add(server1, cert1.get());
151 
152   HostPortPair server2("foo2", 443);
153   cache.Add(server2, NULL);
154 
155   scoped_refptr<X509Certificate> cached_cert;
156 
157   // Demonstrate the set up is correct.
158   EXPECT_TRUE(cache.Lookup(server1, &cached_cert));
159   EXPECT_EQ(cert1, cached_cert);
160 
161   EXPECT_TRUE(cache.Lookup(server2, &cached_cert));
162   EXPECT_EQ(NULL, cached_cert.get());
163 
164   cache.OnCertAdded(NULL);
165 
166   // Check that we no longer have entries for either server.
167   EXPECT_FALSE(cache.Lookup(server1, &cached_cert));
168   EXPECT_FALSE(cache.Lookup(server2, &cached_cert));
169 }
170 
171 }  // namespace net
172