Only grant permissions to new extensions from sync if they have the expected version
[chromium-blink-merge.git] / net / http / disk_based_cert_cache_unittest.cc
blobb2b640b300e6abf6a1623887a7e0c287e56ecc3c
1 // Copyright (c) 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "net/http/disk_based_cert_cache.h"
7 #include "base/bind.h"
8 #include "base/callback_helpers.h"
9 #include "net/base/completion_callback.h"
10 #include "net/base/io_buffer.h"
11 #include "net/base/net_errors.h"
12 #include "net/base/test_completion_callback.h"
13 #include "net/base/test_data_directory.h"
14 #include "net/disk_cache/memory/mem_backend_impl.h"
15 #include "net/http/mock_http_cache.h"
16 #include "net/test/cert_test_util.h"
17 #include "testing/gtest/include/gtest/gtest.h"
19 namespace net {
21 namespace {
23 // Testing the DiskBasedCertCache requires constant use of the
24 // certificates in GetTestCertsDirectory(). The TestCertMetaData
25 // struct stores metadata relevant to the DiskBasedCertCache for
26 // each used test certificate.
27 struct TestCertMetaData {
28 const char* file_name;
29 const char* cache_key;
32 const TestCertMetaData kCert1 = {
33 "root_ca_cert.pem", "cert:738D348A8AFCEC4F79C3E4B1845D985AF601AB0F"};
35 const TestCertMetaData kCert2 = {
36 "ok_cert.pem", "cert:6C9DFD2CFA9885C71BE6DE0EA0CF962AC8F9131B"};
38 // MockTransactions are required to use the MockDiskCache backend.
39 // |key| is a cache key, and is equivalent to the key that will be
40 // used to store or retrieve certificates in the cache. |test_mode|
41 // is an integer that is used to indicate properties of the test
42 // transaction, mostly whether or not it is synchronous.
43 // For testing the DiskBasedCertCache, other data members of the struct
44 // are irrelevant. Only one MockTransaction per certificate can be used
45 // at a time.
46 MockTransaction CreateMockTransaction(const char* key, int test_mode) {
47 MockTransaction transaction = {key, "", base::Time(), "", LOAD_NORMAL,
48 "", "", base::Time(), "", test_mode,
49 NULL, 0, OK};
51 return transaction;
54 // Helper class, for use with DiskBasedCertCache::GetCertificate, that will
55 // store the returned certificate handle and allow users to WaitForResult of
56 // DiskBasedCertCache::GetCertificate.
57 class TestGetCallback {
58 public:
59 TestGetCallback() : cert_handle_(NULL) {}
60 ~TestGetCallback() {
61 if (cert_handle_)
62 X509Certificate::FreeOSCertHandle(cert_handle_);
65 // Blocks until the underlying GetCertificate() operation has succeeded.
66 void WaitForResult() { cb_.WaitForResult(); }
68 // Returns a Callback suitable for use with
69 // DiskBasedCertCache::GetCertificate(). The returned callback is only valid
70 // while the TestGetCallback object is still valid.
71 DiskBasedCertCache::GetCallback callback() {
72 return base::Bind(&TestGetCallback::OnGetComplete, base::Unretained(this));
75 // Returns the associated certificate handle.
76 const X509Certificate::OSCertHandle& cert_handle() const {
77 return cert_handle_;
80 private:
81 void OnGetComplete(const X509Certificate::OSCertHandle handle) {
82 if (handle)
83 cert_handle_ = X509Certificate::DupOSCertHandle(handle);
84 cb_.callback().Run(OK);
87 TestCompletionCallback cb_;
88 X509Certificate::OSCertHandle cert_handle_;
91 // Helper class, for use with DiskBasedCertCache::SetCertificate, that will
92 // store the returned key and allow a user to WaitForResult of
93 // DiskBasedCertCache::SetCertificate.
94 class TestSetCallback {
95 public:
96 TestSetCallback() {}
97 ~TestSetCallback() {}
99 // Blocks until the underlying SetCertificate() operation has succeeded.
100 void WaitForResult() { cb_.WaitForResult(); }
102 // Returns a Callback suitable for use with
103 // DiskBasedCertCache::SetCertificate(). The returned callback is only valid
104 // while the TestSetCallback object is still valid.
105 DiskBasedCertCache::SetCallback callback() {
106 return base::Bind(&TestSetCallback::OnSetComplete, base::Unretained(this));
109 // Returns the associated certificate handle.
110 const std::string& key() const { return key_; }
112 private:
113 void OnSetComplete(const std::string& key) {
114 key_ = key;
115 cb_.callback().Run(OK);
118 TestCompletionCallback cb_;
119 std::string key_;
122 // Stores the certificate corresponding to |cert_data| in |backend|. If
123 // |corrupt_data| is true, the certificate will be imported with errors
124 // so as to mimic a corrupted file on disk.
125 void ImportCert(disk_cache::Backend* backend,
126 const TestCertMetaData& cert_data,
127 bool corrupt_data) {
128 disk_cache::Entry* entry;
129 TestCompletionCallback callback;
130 int rv =
131 backend->CreateEntry(cert_data.cache_key, &entry, callback.callback());
132 EXPECT_EQ(OK, callback.GetResult(rv));
133 scoped_refptr<X509Certificate> cert(
134 ImportCertFromFile(GetTestCertsDirectory(), cert_data.file_name));
135 std::string write_data;
136 bool encoded =
137 X509Certificate::GetDEREncoded(cert->os_cert_handle(), &write_data);
138 ASSERT_TRUE(encoded);
139 if (corrupt_data) {
140 for (size_t i = 0; i < write_data.size(); i += 20)
141 ++write_data[i];
143 scoped_refptr<IOBuffer> buffer(new IOBuffer(write_data.size()));
144 memcpy(buffer->data(), write_data.data(), write_data.size());
145 rv = entry->WriteData(0 /* index */,
146 0 /* offset */,
147 buffer.get(),
148 write_data.size(),
149 callback.callback(),
150 true /* truncate */);
151 ASSERT_EQ(static_cast<int>(write_data.size()), callback.GetResult(rv));
152 entry->Close();
155 // Checks that the the certificate corresponding to |cert_data| is an existing,
156 // correctly cached entry in |backend|.
157 void CheckCertCached(disk_cache::Backend* backend,
158 const TestCertMetaData& cert_data) {
159 disk_cache::Entry* entry;
160 TestCompletionCallback callback;
161 int rv = backend->OpenEntry(cert_data.cache_key, &entry, callback.callback());
162 EXPECT_EQ(OK, callback.GetResult(rv));
163 scoped_refptr<X509Certificate> cert(
164 ImportCertFromFile(GetTestCertsDirectory(), cert_data.file_name));
165 std::string write_data;
166 bool encoded =
167 X509Certificate::GetDEREncoded(cert->os_cert_handle(), &write_data);
168 ASSERT_TRUE(encoded);
169 int entry_size = entry->GetDataSize(0 /* index */);
170 scoped_refptr<IOBuffer> buffer(new IOBuffer(entry_size));
171 rv = entry->ReadData(0 /* index */,
172 0 /* offset */,
173 buffer.get(),
174 entry_size,
175 callback.callback());
176 EXPECT_EQ(entry_size, callback.GetResult(rv));
177 entry->Close();
178 X509Certificate::OSCertHandle cached_cert_handle =
179 X509Certificate::CreateOSCertHandleFromBytes(buffer->data(), entry_size);
180 EXPECT_TRUE(X509Certificate::IsSameOSCert(cached_cert_handle,
181 cert->os_cert_handle()));
182 X509Certificate::FreeOSCertHandle(cached_cert_handle);
185 } // namespace
187 // ----------------------------------------------------------------------------
189 // Tests that a certificate can be stored in the cache.
190 TEST(DiskBasedCertCache, SetCert) {
191 ScopedMockTransaction trans1(
192 CreateMockTransaction(kCert1.cache_key, TEST_MODE_NORMAL));
193 MockDiskCache backend;
194 DiskBasedCertCache cache(&backend);
195 scoped_refptr<X509Certificate> cert(
196 ImportCertFromFile(GetTestCertsDirectory(), kCert1.file_name));
197 ASSERT_TRUE(cert.get());
198 TestSetCallback set_callback;
200 cache.SetCertificate(cert->os_cert_handle(), set_callback.callback());
201 set_callback.WaitForResult();
202 EXPECT_EQ(kCert1.cache_key, set_callback.key());
203 ASSERT_NO_FATAL_FAILURE(CheckCertCached(&backend, kCert1));
206 // Tests that a certificate can be retrieved from the cache.
207 TEST(DiskBasedCertCache, GetCert) {
208 ScopedMockTransaction trans1(
209 CreateMockTransaction(kCert1.cache_key, TEST_MODE_NORMAL));
210 MockDiskCache backend;
211 ASSERT_NO_FATAL_FAILURE(
212 ImportCert(&backend, kCert1, false /* not corrupted */));
213 DiskBasedCertCache cache(&backend);
214 TestGetCallback get_callback;
216 cache.GetCertificate(kCert1.cache_key, get_callback.callback());
217 get_callback.WaitForResult();
219 scoped_refptr<X509Certificate> cert(
220 ImportCertFromFile(GetTestCertsDirectory(), kCert1.file_name));
221 EXPECT_TRUE(X509Certificate::IsSameOSCert(get_callback.cert_handle(),
222 cert->os_cert_handle()));
225 // Tests that the DiskBasedCertCache successfully writes to the cache
226 // if the cache acts synchronously
227 TEST(DiskBasedCertCache, SyncSet) {
228 ScopedMockTransaction trans1(
229 CreateMockTransaction(kCert1.cache_key, TEST_MODE_SYNC_ALL));
230 MockDiskCache backend;
231 DiskBasedCertCache cache(&backend);
232 scoped_refptr<X509Certificate> cert(
233 ImportCertFromFile(GetTestCertsDirectory(), kCert1.file_name));
234 ASSERT_TRUE(cert.get());
236 TestSetCallback set_callback;
237 cache.SetCertificate(cert->os_cert_handle(), set_callback.callback());
238 set_callback.WaitForResult();
239 EXPECT_EQ(kCert1.cache_key, set_callback.key());
240 ASSERT_NO_FATAL_FAILURE(CheckCertCached(&backend, kCert1));
243 // Tests that the DiskBasedCertCache successfully reads from the cache
244 // if the cache acts synchronously
245 TEST(DiskBasedCertCache, SyncGet) {
246 ScopedMockTransaction trans1(
247 CreateMockTransaction(kCert1.cache_key, TEST_MODE_SYNC_ALL));
248 MockDiskCache backend;
249 ASSERT_NO_FATAL_FAILURE(
250 (ImportCert(&backend, kCert1, false /* not corrupted */)));
251 DiskBasedCertCache cache(&backend);
252 scoped_refptr<X509Certificate> cert(
253 ImportCertFromFile(GetTestCertsDirectory(), kCert1.file_name));
254 ASSERT_TRUE(cert.get());
256 TestGetCallback get_callback;
257 cache.GetCertificate(kCert1.cache_key, get_callback.callback());
258 get_callback.WaitForResult();
259 EXPECT_TRUE(X509Certificate::IsSameOSCert(get_callback.cert_handle(),
260 cert->os_cert_handle()));
263 // Tests that GetCertificate will fail on a corrupted certificate.
264 TEST(DiskBasedCertCache, GetBrokenCert) {
265 ScopedMockTransaction trans1(
266 CreateMockTransaction(kCert1.cache_key, TEST_MODE_NORMAL));
267 MockDiskCache backend;
268 ASSERT_NO_FATAL_FAILURE(ImportCert(&backend, kCert1, true /* corrupted */));
269 DiskBasedCertCache cache(&backend);
270 TestGetCallback get_callback;
272 cache.GetCertificate(kCert1.cache_key, get_callback.callback());
273 get_callback.WaitForResult();
275 EXPECT_FALSE(get_callback.cert_handle());
278 // Tests that attempting to retrieve a cert that is not in the cache will
279 // return NULL.
280 TEST(DiskBasedCertCache, GetUncachedCert) {
281 ScopedMockTransaction trans1(
282 CreateMockTransaction(kCert1.cache_key, TEST_MODE_NORMAL));
283 MockDiskCache backend;
284 DiskBasedCertCache cache(&backend);
285 TestGetCallback get_callback;
287 cache.GetCertificate(kCert1.cache_key, get_callback.callback());
288 get_callback.WaitForResult();
289 EXPECT_EQ(NULL, get_callback.cert_handle());
292 // Issues two requests to store a certificate in the cache
293 // (simultaneously), and checks that the DiskBasedCertCache stores the
294 // certificate to the cache (in one write rather than two).
295 TEST(DiskBasedCertCache, SetMultiple) {
296 ScopedMockTransaction trans1(
297 CreateMockTransaction(kCert1.cache_key, TEST_MODE_NORMAL));
298 MockDiskCache backend;
299 DiskBasedCertCache cache(&backend);
300 scoped_refptr<X509Certificate> cert(
301 ImportCertFromFile(GetTestCertsDirectory(), kCert1.file_name));
302 ASSERT_TRUE(cert.get());
303 TestSetCallback set_callback1, set_callback2;
305 // Behind the scenes, these two operations will be combined
306 // into one operation. IgnoreCallbacks guarantees that the
307 // first SetCertificate operation is not yet complete when the second
308 // SetCertificate is called, and then IgnoreCallbacks(false) continues the
309 // (combined) operation in the |cache|.
310 MockDiskEntry::IgnoreCallbacks(true);
311 cache.SetCertificate(cert->os_cert_handle(), set_callback1.callback());
312 cache.SetCertificate(cert->os_cert_handle(), set_callback2.callback());
313 MockDiskEntry::IgnoreCallbacks(false);
315 set_callback1.WaitForResult();
316 set_callback2.WaitForResult();
317 EXPECT_EQ(set_callback1.key(), set_callback2.key());
318 ASSERT_NO_FATAL_FAILURE(CheckCertCached(&backend, kCert1));
321 // Issues two requests to store a certificate in the cache
322 // because the first transaction finishes before the second
323 // one is issued, the first cache write is overwritten.
324 TEST(DiskBasedCertCache, SetOverwrite) {
325 ScopedMockTransaction trans1(
326 CreateMockTransaction(kCert1.cache_key, TEST_MODE_NORMAL));
327 MockDiskCache backend;
328 backend.set_double_create_check(false);
329 DiskBasedCertCache cache(&backend);
330 scoped_refptr<X509Certificate> cert(
331 ImportCertFromFile(GetTestCertsDirectory(), kCert1.file_name));
332 ASSERT_TRUE(cert.get());
333 TestSetCallback set_callback1, set_callback2;
335 cache.SetCertificate(cert->os_cert_handle(), set_callback1.callback());
336 set_callback1.WaitForResult();
337 cache.SetCertificate(cert->os_cert_handle(), set_callback2.callback());
338 set_callback2.WaitForResult();
340 EXPECT_EQ(set_callback1.key(), set_callback2.key());
341 ASSERT_NO_FATAL_FAILURE(CheckCertCached(&backend, kCert1));
344 // Stores a certificate in the DiskBasedCertCache, then retrieves it
345 // and makes sure it was retrieved successfully.
346 TEST(DiskBasedCertCache, SimpleSetAndGet) {
347 ScopedMockTransaction trans1(
348 CreateMockTransaction(kCert1.cache_key, TEST_MODE_NORMAL));
349 MockDiskCache backend;
350 DiskBasedCertCache cache(&backend);
351 scoped_refptr<X509Certificate> cert(
352 ImportCertFromFile(GetTestCertsDirectory(), kCert1.file_name));
353 ASSERT_TRUE(cert.get());
354 TestSetCallback set_callback;
355 TestGetCallback get_callback;
357 cache.SetCertificate(cert->os_cert_handle(), set_callback.callback());
358 set_callback.WaitForResult();
359 cache.GetCertificate(set_callback.key(), get_callback.callback());
360 get_callback.WaitForResult();
361 EXPECT_TRUE(X509Certificate::IsSameOSCert(get_callback.cert_handle(),
362 cert->os_cert_handle()));
365 // Tests some basic functionality of the DiskBasedCertCache, with multiple
366 // set and get operations.
367 TEST(DiskBasedCertCache, BasicUsage) {
368 ScopedMockTransaction trans1(
369 CreateMockTransaction(kCert1.cache_key, TEST_MODE_SYNC_CACHE_START));
370 ScopedMockTransaction trans2(
371 CreateMockTransaction(kCert2.cache_key, TEST_MODE_NORMAL));
372 MockDiskCache backend;
373 DiskBasedCertCache cache(&backend);
374 scoped_refptr<X509Certificate> cert1(
375 ImportCertFromFile(GetTestCertsDirectory(), kCert1.file_name));
376 scoped_refptr<X509Certificate> cert2(
377 ImportCertFromFile(GetTestCertsDirectory(), kCert2.file_name));
378 ASSERT_TRUE(cert1.get());
379 ASSERT_TRUE(cert2.get());
380 ASSERT_FALSE(X509Certificate::IsSameOSCert(cert1->os_cert_handle(),
381 cert2->os_cert_handle()));
382 TestSetCallback set_callback1, set_callback2;
384 // Callbacks are temporarily ignored here to guarantee the asynchronous
385 // operations of the DiskBasedCertCache are always executed in the same
386 // order.
387 MockDiskEntry::IgnoreCallbacks(true);
388 cache.SetCertificate(cert1->os_cert_handle(), set_callback1.callback());
389 cache.SetCertificate(cert2->os_cert_handle(), set_callback2.callback());
390 MockDiskEntry::IgnoreCallbacks(false);
391 set_callback1.WaitForResult();
392 set_callback2.WaitForResult();
394 TestGetCallback get_callback1, get_callback2;
396 MockDiskEntry::IgnoreCallbacks(true);
397 cache.GetCertificate(set_callback1.key(), get_callback1.callback());
398 cache.GetCertificate(set_callback2.key(), get_callback2.callback());
399 MockDiskEntry::IgnoreCallbacks(false);
400 get_callback1.WaitForResult();
401 get_callback2.WaitForResult();
403 EXPECT_TRUE(X509Certificate::IsSameOSCert(cert1->os_cert_handle(),
404 get_callback1.cert_handle()));
405 EXPECT_TRUE(X509Certificate::IsSameOSCert(cert2->os_cert_handle(),
406 get_callback2.cert_handle()));
409 // Test the result of simultaneous requests to store and retrieve a
410 // certificate from the cache, with the get operation attempting to
411 // open the cache first and therefore failing to open the entry.
412 TEST(DiskBasedCertCache, SimultaneousGetSet) {
413 ScopedMockTransaction trans1(
414 CreateMockTransaction(kCert1.cache_key, TEST_MODE_SYNC_CACHE_START));
415 MockDiskCache backend;
416 DiskBasedCertCache cache(&backend);
417 scoped_refptr<X509Certificate> cert(
418 ImportCertFromFile(GetTestCertsDirectory(), kCert1.file_name));
419 ASSERT_TRUE(cert.get());
421 TestGetCallback get_callback;
422 TestSetCallback set_callback;
424 MockDiskEntry::IgnoreCallbacks(true);
425 cache.GetCertificate(kCert1.cache_key, get_callback.callback());
426 cache.SetCertificate(cert->os_cert_handle(), set_callback.callback());
427 MockDiskEntry::IgnoreCallbacks(false);
428 get_callback.WaitForResult();
429 set_callback.WaitForResult();
431 EXPECT_EQ(NULL, get_callback.cert_handle());
432 EXPECT_EQ(kCert1.cache_key, set_callback.key());
435 // Test the result of simultaneous requests to store and retrieve a
436 // certificate from the cache, with the get operation opening the cache
437 // after the set operation, leading to a successful read.
438 TEST(DiskBasedCertCache, SimultaneousSetGet) {
439 ScopedMockTransaction trans1(
440 CreateMockTransaction(kCert1.cache_key, TEST_MODE_SYNC_CACHE_START));
441 MockDiskCache backend;
442 DiskBasedCertCache cache(&backend);
443 scoped_refptr<X509Certificate> cert(
444 ImportCertFromFile(GetTestCertsDirectory(), kCert1.file_name));
445 ASSERT_TRUE(cert.get());
447 TestSetCallback set_callback;
448 TestGetCallback get_callback;
450 MockDiskEntry::IgnoreCallbacks(true);
451 cache.SetCertificate(cert->os_cert_handle(), set_callback.callback());
452 cache.GetCertificate(kCert1.cache_key, get_callback.callback());
453 MockDiskEntry::IgnoreCallbacks(false);
454 set_callback.WaitForResult();
455 get_callback.WaitForResult();
457 EXPECT_EQ(kCert1.cache_key, set_callback.key());
458 EXPECT_TRUE(X509Certificate::IsSameOSCert(cert->os_cert_handle(),
459 get_callback.cert_handle()));
462 // Tests that the DiskBasedCertCache can be deleted without issues when
463 // there are pending operations in the disk cache.
464 TEST(DiskBasedCertCache, DeletedCertCache) {
465 ScopedMockTransaction trans1(
466 CreateMockTransaction(kCert1.cache_key, TEST_MODE_NORMAL));
467 MockDiskCache backend;
468 scoped_ptr<DiskBasedCertCache> cache(new DiskBasedCertCache(&backend));
469 scoped_refptr<X509Certificate> cert(
470 ImportCertFromFile(GetTestCertsDirectory(), kCert1.file_name));
471 ASSERT_TRUE(cert.get());
472 TestSetCallback set_callback;
474 cache->SetCertificate(cert->os_cert_handle(), set_callback.callback());
475 cache.reset();
476 set_callback.WaitForResult();
477 EXPECT_EQ(std::string(), set_callback.key());
480 // Issues two successive read requests for a certificate, and then
481 // checks that the DiskBasedCertCache correctly read and recorded
482 // reading through the in-memory MRU cache.
483 TEST(DiskBasedCertCache, MemCacheGet) {
484 ScopedMockTransaction trans1(
485 CreateMockTransaction(kCert1.cache_key, TEST_MODE_NORMAL));
486 MockDiskCache backend;
487 ASSERT_NO_FATAL_FAILURE(
488 ImportCert(&backend, kCert1, false /* not corrupted */));
489 DiskBasedCertCache cache(&backend);
491 TestGetCallback get_callback1, get_callback2;
492 cache.GetCertificate(kCert1.cache_key, get_callback1.callback());
493 get_callback1.WaitForResult();
494 EXPECT_EQ(0U, cache.mem_cache_hits_for_testing());
495 cache.GetCertificate(kCert1.cache_key, get_callback2.callback());
496 get_callback2.WaitForResult();
497 EXPECT_EQ(1U, cache.mem_cache_hits_for_testing());
498 EXPECT_TRUE(X509Certificate::IsSameOSCert(get_callback1.cert_handle(),
499 get_callback2.cert_handle()));
502 // Reads a corrupted certificate from the disk cache, and then overwrites
503 // it and checks that the uncorrupted version was stored in the in-memory
504 // cache.
505 TEST(DiskBasedCertCache, CorruptOverwrite) {
506 ScopedMockTransaction trans1(
507 CreateMockTransaction(kCert1.cache_key, TEST_MODE_NORMAL));
508 MockDiskCache backend;
509 backend.set_double_create_check(false);
510 ASSERT_NO_FATAL_FAILURE(ImportCert(&backend, kCert1, true /* corrupted */));
511 DiskBasedCertCache cache(&backend);
512 TestGetCallback get_callback1, get_callback2;
514 cache.GetCertificate(kCert1.cache_key, get_callback1.callback());
515 get_callback1.WaitForResult();
516 EXPECT_FALSE(get_callback2.cert_handle());
518 scoped_refptr<X509Certificate> cert(
519 ImportCertFromFile(GetTestCertsDirectory(), kCert1.file_name));
520 TestSetCallback set_callback;
522 cache.SetCertificate(cert->os_cert_handle(), set_callback.callback());
523 set_callback.WaitForResult();
524 EXPECT_EQ(kCert1.cache_key, set_callback.key());
525 EXPECT_EQ(0U, cache.mem_cache_hits_for_testing());
527 cache.GetCertificate(kCert1.cache_key, get_callback2.callback());
528 get_callback2.WaitForResult();
529 EXPECT_TRUE(X509Certificate::IsSameOSCert(get_callback2.cert_handle(),
530 cert->os_cert_handle()));
531 EXPECT_EQ(1U, cache.mem_cache_hits_for_testing());
532 ASSERT_NO_FATAL_FAILURE(CheckCertCached(&backend, kCert1));
535 } // namespace net