Roll src/third_party/skia d32087a:1052f51
[chromium-blink-merge.git] / net / ssl / client_cert_store_unittest-inl.h
blob8a8f98b35e4bb18f03d298708a71d651e09dc7fc
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef NET_SSL_CLIENT_CERT_STORE_UNITTEST_INL_H_
6 #define NET_SSL_CLIENT_CERT_STORE_UNITTEST_INL_H_
8 #include <string>
9 #include <vector>
11 #include "base/files/file_path.h"
12 #include "base/memory/ref_counted.h"
13 #include "base/memory/scoped_ptr.h"
14 #include "net/base/test_data_directory.h"
15 #include "net/ssl/ssl_cert_request_info.h"
16 #include "net/test/cert_test_util.h"
17 #include "testing/gtest/include/gtest/gtest.h"
19 namespace net {
21 namespace {
23 // "CN=B CA" - DER encoded DN of the issuer of client_1.pem
24 const unsigned char kAuthority1DN[] = {
25 0x30, 0x0f, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c,
26 0x04, 0x42, 0x20, 0x43, 0x41
29 // "CN=E CA" - DER encoded DN of the issuer of client_2.pem
30 unsigned char kAuthority2DN[] = {
31 0x30, 0x0f, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c,
32 0x04, 0x45, 0x20, 0x43, 0x41
35 } // namespace
37 // Use a templated test to provide common testcases for all the platform
38 // implementations of ClientCertStore. These cases test the client cert
39 // filtering behavior.
41 // NOTE: If any test cases are added, removed, or renamed, the
42 // REGISTER_TYPED_TEST_CASE_P macro at the bottom of this file must be updated.
44 // The type T provided as the third argument to INSTANTIATE_TYPED_TEST_CASE_P by
45 // the platform implementation should implement this method:
46 // bool SelectClientCerts(const CertificateList& input_certs,
47 // const SSLCertRequestInfo& cert_request_info,
48 // CertificateList* selected_certs);
49 template <typename T>
50 class ClientCertStoreTest : public ::testing::Test {
51 public:
52 T delegate_;
55 TYPED_TEST_CASE_P(ClientCertStoreTest);
57 TYPED_TEST_P(ClientCertStoreTest, EmptyQuery) {
58 std::vector<scoped_refptr<X509Certificate> > certs;
59 scoped_refptr<SSLCertRequestInfo> request(new SSLCertRequestInfo());
61 std::vector<scoped_refptr<X509Certificate> > selected_certs;
62 bool rv = this->delegate_.SelectClientCerts(
63 certs, *request.get(), &selected_certs);
64 EXPECT_TRUE(rv);
65 EXPECT_EQ(0u, selected_certs.size());
68 // Verify that CertRequestInfo with empty |cert_authorities| matches all
69 // issuers, rather than no issuers.
70 TYPED_TEST_P(ClientCertStoreTest, AllIssuersAllowed) {
71 scoped_refptr<X509Certificate> cert(
72 ImportCertFromFile(GetTestCertsDirectory(), "client_1.pem"));
73 ASSERT_TRUE(cert.get());
75 std::vector<scoped_refptr<X509Certificate> > certs;
76 certs.push_back(cert);
77 scoped_refptr<SSLCertRequestInfo> request(new SSLCertRequestInfo());
79 std::vector<scoped_refptr<X509Certificate> > selected_certs;
80 bool rv = this->delegate_.SelectClientCerts(
81 certs, *request.get(), &selected_certs);
82 EXPECT_TRUE(rv);
83 ASSERT_EQ(1u, selected_certs.size());
84 EXPECT_TRUE(selected_certs[0]->Equals(cert.get()));
87 // Verify that certificates are correctly filtered against CertRequestInfo with
88 // |cert_authorities| containing only |authority_1_DN|.
89 TYPED_TEST_P(ClientCertStoreTest, CertAuthorityFiltering) {
90 scoped_refptr<X509Certificate> cert_1(
91 ImportCertFromFile(GetTestCertsDirectory(), "client_1.pem"));
92 ASSERT_TRUE(cert_1.get());
93 scoped_refptr<X509Certificate> cert_2(
94 ImportCertFromFile(GetTestCertsDirectory(), "client_2.pem"));
95 ASSERT_TRUE(cert_2.get());
97 std::vector<std::string> authority_1(
98 1, std::string(reinterpret_cast<const char*>(kAuthority1DN),
99 sizeof(kAuthority1DN)));
100 std::vector<std::string> authority_2(
101 1, std::string(reinterpret_cast<const char*>(kAuthority2DN),
102 sizeof(kAuthority2DN)));
103 EXPECT_TRUE(cert_1->IsIssuedByEncoded(authority_1));
104 EXPECT_FALSE(cert_1->IsIssuedByEncoded(authority_2));
105 EXPECT_TRUE(cert_2->IsIssuedByEncoded(authority_2));
106 EXPECT_FALSE(cert_2->IsIssuedByEncoded(authority_1));
108 std::vector<scoped_refptr<X509Certificate> > certs;
109 certs.push_back(cert_1);
110 certs.push_back(cert_2);
111 scoped_refptr<SSLCertRequestInfo> request(new SSLCertRequestInfo());
112 request->cert_authorities = authority_1;
114 std::vector<scoped_refptr<X509Certificate> > selected_certs;
115 bool rv = this->delegate_.SelectClientCerts(
116 certs, *request.get(), &selected_certs);
117 EXPECT_TRUE(rv);
118 ASSERT_EQ(1u, selected_certs.size());
119 EXPECT_TRUE(selected_certs[0]->Equals(cert_1.get()));
122 REGISTER_TYPED_TEST_CASE_P(ClientCertStoreTest,
123 EmptyQuery,
124 AllIssuersAllowed,
125 CertAuthorityFiltering);
127 } // namespace net
129 #endif // NET_SSL_CLIENT_CERT_STORE_UNITTEST_INL_H_