Roll src/third_party/skia 7b05ff1:dab1f60
[chromium-blink-merge.git] / net / ssl / openssl_client_key_store_unittest.cc
blobf1d8a304b4c05fe9bab7c30f9c840bcfc5eb7f40
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "net/ssl/openssl_client_key_store.h"
7 #include "base/memory/ref_counted.h"
8 #include "crypto/scoped_openssl_types.h"
9 #include "net/base/test_data_directory.h"
10 #include "net/test/cert_test_util.h"
11 #include "testing/gtest/include/gtest/gtest.h"
13 namespace net {
15 namespace {
17 // Return the internal reference count of a given EVP_PKEY.
18 int EVP_PKEY_get_refcount(EVP_PKEY* pkey) {
19 return pkey->references;
22 // A common test class to ensure that the store is flushed after
23 // each test.
24 class OpenSSLClientKeyStoreTest : public ::testing::Test {
25 public:
26 OpenSSLClientKeyStoreTest()
27 : store_(OpenSSLClientKeyStore::GetInstance()) {
30 ~OpenSSLClientKeyStoreTest() override {
31 if (store_)
32 store_->Flush();
35 protected:
36 OpenSSLClientKeyStore* store_;
39 // Check that GetInstance() returns non-null
40 TEST_F(OpenSSLClientKeyStoreTest, GetInstance) {
41 ASSERT_TRUE(store_);
44 // Check that Flush() works correctly.
45 TEST_F(OpenSSLClientKeyStoreTest, Flush) {
46 ASSERT_TRUE(store_);
48 scoped_refptr<X509Certificate> cert_1(
49 ImportCertFromFile(GetTestCertsDirectory(), "client_1.pem"));
50 ASSERT_TRUE(cert_1.get());
52 crypto::ScopedEVP_PKEY priv_key(EVP_PKEY_new());
53 ASSERT_TRUE(priv_key.get());
55 ASSERT_TRUE(store_->RecordClientCertPrivateKey(cert_1.get(),
56 priv_key.get()));
58 store_->Flush();
60 // Retrieve the private key. This should fail because the store
61 // was flushed.
62 crypto::ScopedEVP_PKEY pkey = store_->FetchClientCertPrivateKey(cert_1.get());
63 ASSERT_FALSE(pkey.get());
66 // Check that trying to retrieve the private key of an unknown certificate
67 // simply fails by returning null.
68 TEST_F(OpenSSLClientKeyStoreTest, FetchEmptyPrivateKey) {
69 ASSERT_TRUE(store_);
71 scoped_refptr<X509Certificate> cert_1(
72 ImportCertFromFile(GetTestCertsDirectory(), "client_1.pem"));
73 ASSERT_TRUE(cert_1.get());
75 // Retrieve the private key now. This should fail because it was
76 // never recorded in the store.
77 crypto::ScopedEVP_PKEY pkey = store_->FetchClientCertPrivateKey(cert_1.get());
78 ASSERT_FALSE(pkey.get());
81 // Check that any private key recorded through RecordClientCertPrivateKey
82 // can be retrieved with FetchClientCertPrivateKey.
83 TEST_F(OpenSSLClientKeyStoreTest, RecordAndFetchPrivateKey) {
84 ASSERT_TRUE(store_);
86 // Any certificate / key pair will do, the store is not supposed to
87 // check that the private and certificate public keys match. This is
88 // by design since the private EVP_PKEY could be a wrapper around a
89 // JNI reference, with no way to access the real private key bits.
90 scoped_refptr<X509Certificate> cert_1(
91 ImportCertFromFile(GetTestCertsDirectory(), "client_1.pem"));
92 ASSERT_TRUE(cert_1.get());
94 crypto::ScopedEVP_PKEY priv_key(EVP_PKEY_new());
95 ASSERT_TRUE(priv_key.get());
96 ASSERT_EQ(1, EVP_PKEY_get_refcount(priv_key.get()));
98 // Add the key a first time, this should increment its reference count.
99 ASSERT_TRUE(store_->RecordClientCertPrivateKey(cert_1.get(),
100 priv_key.get()));
101 ASSERT_EQ(2, EVP_PKEY_get_refcount(priv_key.get()));
103 // Two successive calls with the same certificate / private key shall
104 // also succeed, but the key's reference count should not be incremented.
105 ASSERT_TRUE(store_->RecordClientCertPrivateKey(cert_1.get(),
106 priv_key.get()));
107 ASSERT_EQ(2, EVP_PKEY_get_refcount(priv_key.get()));
109 // Retrieve the private key. This should increment the private key's
110 // reference count.
111 crypto::ScopedEVP_PKEY pkey2 =
112 store_->FetchClientCertPrivateKey(cert_1.get());
113 ASSERT_EQ(pkey2.get(), priv_key.get());
114 ASSERT_EQ(3, EVP_PKEY_get_refcount(priv_key.get()));
116 // Flush the store explicitely, this should decrement the private
117 // key's reference count.
118 store_->Flush();
119 ASSERT_EQ(2, EVP_PKEY_get_refcount(priv_key.get()));
122 // Same test, but with two certificates / private keys.
123 TEST_F(OpenSSLClientKeyStoreTest, RecordAndFetchTwoPrivateKeys) {
124 scoped_refptr<X509Certificate> cert_1(
125 ImportCertFromFile(GetTestCertsDirectory(), "client_1.pem"));
126 ASSERT_TRUE(cert_1.get());
128 scoped_refptr<X509Certificate> cert_2(
129 ImportCertFromFile(GetTestCertsDirectory(), "client_2.pem"));
130 ASSERT_TRUE(cert_2.get());
132 crypto::ScopedEVP_PKEY priv_key1(EVP_PKEY_new());
133 ASSERT_TRUE(priv_key1.get());
134 ASSERT_EQ(1, EVP_PKEY_get_refcount(priv_key1.get()));
136 crypto::ScopedEVP_PKEY priv_key2(EVP_PKEY_new());
137 ASSERT_TRUE(priv_key2.get());
138 ASSERT_EQ(1, EVP_PKEY_get_refcount(priv_key2.get()));
140 ASSERT_NE(priv_key1.get(), priv_key2.get());
142 // Add the key a first time, this shall succeed, and increment the
143 // reference count.
144 EXPECT_TRUE(store_->RecordClientCertPrivateKey(cert_1.get(),
145 priv_key1.get()));
146 EXPECT_TRUE(store_->RecordClientCertPrivateKey(cert_2.get(),
147 priv_key2.get()));
148 EXPECT_EQ(2, EVP_PKEY_get_refcount(priv_key1.get()));
149 EXPECT_EQ(2, EVP_PKEY_get_refcount(priv_key2.get()));
151 // Retrieve the private key now. This shall succeed and increment
152 // the private key's reference count.
153 crypto::ScopedEVP_PKEY fetch_key1 =
154 store_->FetchClientCertPrivateKey(cert_1.get());
155 crypto::ScopedEVP_PKEY fetch_key2 =
156 store_->FetchClientCertPrivateKey(cert_2.get());
158 EXPECT_TRUE(fetch_key1.get());
159 EXPECT_TRUE(fetch_key2.get());
161 EXPECT_EQ(fetch_key1.get(), priv_key1.get());
162 EXPECT_EQ(fetch_key2.get(), priv_key2.get());
164 EXPECT_EQ(3, EVP_PKEY_get_refcount(priv_key1.get()));
165 EXPECT_EQ(3, EVP_PKEY_get_refcount(priv_key2.get()));
168 } // namespace
169 } // namespace net