1// Copyright 2013 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef NET_SSL_CLIENT_CERT_STORE_UNITTEST_INL_H_
6#define NET_SSL_CLIENT_CERT_STORE_UNITTEST_INL_H_
7
8#include <string>
9#include <vector>
10
11#include "base/files/file_path.h"
12#include "base/memory/ref_counted.h"
13#include "base/memory/scoped_ptr.h"
14#include "net/base/test_data_directory.h"
15#include "net/test/cert_test_util.h"
16#include "testing/gtest/include/gtest/gtest.h"
17
18namespace net {
19
20namespace {
21
22// "CN=B CA" - DER encoded DN of the issuer of client_1.pem
23const unsigned char kAuthority1DN[] = {
24  0x30, 0x0f, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c,
25  0x04, 0x42, 0x20, 0x43, 0x41
26};
27
28// "CN=E CA" - DER encoded DN of the issuer of client_2.pem
29unsigned char kAuthority2DN[] = {
30  0x30, 0x0f, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c,
31  0x04, 0x45, 0x20, 0x43, 0x41
32};
33
34}  // namespace
35
36// Use a templated test to provide common testcases for all the platform
37// implementations of ClientCertStore. These cases test the client cert
38// filtering behavior.
39//
40// NOTE: If any test cases are added, removed, or renamed, the
41// REGISTER_TYPED_TEST_CASE_P macro at the bottom of this file must be updated.
42//
43// The type T provided as the third argument to INSTANTIATE_TYPED_TEST_CASE_P by
44// the platform implementation should implement this method:
45// bool SelectClientCerts(const CertificateList& input_certs,
46//                        const SSLCertRequestInfo& cert_request_info,
47//                        CertificateList* selected_certs);
48template <typename T>
49class ClientCertStoreTest : public ::testing::Test {
50 public:
51  T delegate_;
52};
53
54TYPED_TEST_CASE_P(ClientCertStoreTest);
55
56TYPED_TEST_P(ClientCertStoreTest, EmptyQuery) {
57  std::vector<scoped_refptr<X509Certificate> > certs;
58  scoped_refptr<SSLCertRequestInfo> request(new SSLCertRequestInfo());
59
60  std::vector<scoped_refptr<X509Certificate> > selected_certs;
61  bool rv = this->delegate_.SelectClientCerts(
62      certs, *request.get(), &selected_certs);
63  EXPECT_TRUE(rv);
64  EXPECT_EQ(0u, selected_certs.size());
65}
66
67// Verify that CertRequestInfo with empty |cert_authorities| matches all
68// issuers, rather than no issuers.
69TYPED_TEST_P(ClientCertStoreTest, AllIssuersAllowed) {
70  scoped_refptr<X509Certificate> cert(
71      ImportCertFromFile(GetTestCertsDirectory(), "client_1.pem"));
72  ASSERT_TRUE(cert.get());
73
74  std::vector<scoped_refptr<X509Certificate> > certs;
75  certs.push_back(cert);
76  scoped_refptr<SSLCertRequestInfo> request(new SSLCertRequestInfo());
77
78  std::vector<scoped_refptr<X509Certificate> > selected_certs;
79  bool rv = this->delegate_.SelectClientCerts(
80      certs, *request.get(), &selected_certs);
81  EXPECT_TRUE(rv);
82  ASSERT_EQ(1u, selected_certs.size());
83  EXPECT_TRUE(selected_certs[0]->Equals(cert.get()));
84}
85
86// Verify that certificates are correctly filtered against CertRequestInfo with
87// |cert_authorities| containing only |authority_1_DN|.
88TYPED_TEST_P(ClientCertStoreTest, CertAuthorityFiltering) {
89  scoped_refptr<X509Certificate> cert_1(
90      ImportCertFromFile(GetTestCertsDirectory(), "client_1.pem"));
91  ASSERT_TRUE(cert_1.get());
92  scoped_refptr<X509Certificate> cert_2(
93      ImportCertFromFile(GetTestCertsDirectory(), "client_2.pem"));
94  ASSERT_TRUE(cert_2.get());
95
96  std::vector<std::string> authority_1(
97      1, std::string(reinterpret_cast<const char*>(kAuthority1DN),
98                     sizeof(kAuthority1DN)));
99  std::vector<std::string> authority_2(
100      1, std::string(reinterpret_cast<const char*>(kAuthority2DN),
101                     sizeof(kAuthority2DN)));
102  EXPECT_TRUE(cert_1->IsIssuedByEncoded(authority_1));
103  EXPECT_FALSE(cert_1->IsIssuedByEncoded(authority_2));
104  EXPECT_TRUE(cert_2->IsIssuedByEncoded(authority_2));
105  EXPECT_FALSE(cert_2->IsIssuedByEncoded(authority_1));
106
107  std::vector<scoped_refptr<X509Certificate> > certs;
108  certs.push_back(cert_1);
109  certs.push_back(cert_2);
110  scoped_refptr<SSLCertRequestInfo> request(new SSLCertRequestInfo());
111  request->cert_authorities = authority_1;
112
113  std::vector<scoped_refptr<X509Certificate> > selected_certs;
114  bool rv = this->delegate_.SelectClientCerts(
115      certs, *request.get(), &selected_certs);
116  EXPECT_TRUE(rv);
117  ASSERT_EQ(1u, selected_certs.size());
118  EXPECT_TRUE(selected_certs[0]->Equals(cert_1.get()));
119}
120
121REGISTER_TYPED_TEST_CASE_P(ClientCertStoreTest,
122                           EmptyQuery,
123                           AllIssuersAllowed,
124                           CertAuthorityFiltering);
125
126}  // namespace net
127
128#endif  // NET_SSL_CLIENT_CERT_STORE_UNITTEST_INL_H_
129