| // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include "base/bind.h" |
| #include "base/files/file_path.h" |
| #include "base/synchronization/waitable_event.h" |
| #include "chrome/browser/profiles/profile.h" |
| #include "chrome/browser/ssl/ssl_client_auth_requestor_mock.h" |
| #include "chrome/browser/ui/browser.h" |
| #include "chrome/browser/ui/tabs/tab_strip_model.h" |
| #include "chrome/browser/ui/views/ssl_client_certificate_selector.h" |
| #include "chrome/test/base/in_process_browser_test.h" |
| #include "chrome/test/base/interactive_test_utils.h" |
| #include "chrome/test/base/ui_test_utils.h" |
| #include "content/public/browser/client_certificate_delegate.h" |
| #include "content/public/browser/web_contents.h" |
| #include "content/public/test/browser_test_utils.h" |
| #include "net/base/request_priority.h" |
| #include "net/base/test_data_directory.h" |
| #include "net/cert/x509_certificate.h" |
| #include "net/http/http_transaction_factory.h" |
| #include "net/ssl/ssl_cert_request_info.h" |
| #include "net/test/cert_test_util.h" |
| #include "net/url_request/url_request.h" |
| #include "net/url_request/url_request_context.h" |
| #include "net/url_request/url_request_context_getter.h" |
| #include "testing/gtest/include/gtest/gtest.h" |
| |
| #if defined(USE_NSS_CERTS) |
| #include "crypto/scoped_test_nss_db.h" |
| #endif |
| |
| using ::testing::Mock; |
| using ::testing::StrictMock; |
| using content::BrowserThread; |
| |
| // We don't have a way to do end-to-end SSL client auth testing, so this test |
| // creates a certificate selector_ manually with a mocked |
| // SSLClientAuthHandler. |
| |
| class SSLClientCertificateSelectorTest : public InProcessBrowserTest { |
| public: |
| SSLClientCertificateSelectorTest() |
| : io_loop_finished_event_(false, false), |
| url_request_(NULL), |
| selector_(NULL) { |
| } |
| |
| void SetUpInProcessBrowserTestFixture() override { |
| base::FilePath certs_dir = net::GetTestCertsDirectory(); |
| |
| #if defined(USE_NSS_CERTS) |
| // If USE_NSS_CERTS, the selector tries to unlock the slot where the |
| // private key of each certificate is stored. If no private key is found, |
| // the slot would be null and the unlock will crash. |
| ASSERT_TRUE(test_nssdb_.is_open()); |
| client_cert_1_ = net::ImportClientCertAndKeyFromFile( |
| certs_dir, "client_1.pem", "client_1.pk8", test_nssdb_.slot()); |
| client_cert_2_ = net::ImportClientCertAndKeyFromFile( |
| certs_dir, "client_2.pem", "client_2.pk8", test_nssdb_.slot()); |
| #else |
| // No unlock is attempted if !USE_NSS_CERTS. Thus, there is no need to |
| // import a private key. |
| client_cert_1_ = net::ImportCertFromFile(certs_dir, "client_1.pem"); |
| client_cert_2_ = net::ImportCertFromFile(certs_dir, "client_2.pem"); |
| #endif |
| ASSERT_NE(nullptr, client_cert_1_.get()); |
| ASSERT_NE(nullptr, client_cert_2_.get()); |
| |
| cert_request_info_ = new net::SSLCertRequestInfo; |
| cert_request_info_->host_and_port = net::HostPortPair("foo", 123); |
| cert_request_info_->client_certs.push_back(client_cert_1_); |
| cert_request_info_->client_certs.push_back(client_cert_2_); |
| } |
| |
| void SetUpOnMainThread() override { |
| url_request_context_getter_ = browser()->profile()->GetRequestContext(); |
| |
| BrowserThread::PostTask( |
| BrowserThread::IO, FROM_HERE, |
| base::Bind(&SSLClientCertificateSelectorTest::SetUpOnIOThread, this)); |
| |
| io_loop_finished_event_.Wait(); |
| |
| content::WaitForLoadStop( |
| browser()->tab_strip_model()->GetActiveWebContents()); |
| selector_ = new SSLClientCertificateSelector( |
| browser()->tab_strip_model()->GetActiveWebContents(), |
| auth_requestor_->cert_request_info_, auth_requestor_->CreateDelegate()); |
| selector_->Init(); |
| selector_->Show(); |
| |
| EXPECT_EQ(client_cert_1_.get(), selector_->GetSelectedCert()); |
| } |
| |
| virtual void SetUpOnIOThread() { |
| url_request_ = MakeURLRequest(url_request_context_getter_.get()).release(); |
| |
| auth_requestor_ = new StrictMock<SSLClientAuthRequestorMock>( |
| url_request_, |
| cert_request_info_); |
| |
| io_loop_finished_event_.Signal(); |
| } |
| |
| // Have to release our reference to the auth handler during the test to allow |
| // it to be destroyed while the Browser and its IO thread still exist. |
| void TearDownOnMainThread() override { |
| BrowserThread::PostTask( |
| BrowserThread::IO, FROM_HERE, |
| base::Bind(&SSLClientCertificateSelectorTest::CleanUpOnIOThread, this)); |
| |
| io_loop_finished_event_.Wait(); |
| |
| auth_requestor_ = NULL; |
| } |
| |
| virtual void CleanUpOnIOThread() { |
| delete url_request_; |
| |
| io_loop_finished_event_.Signal(); |
| } |
| |
| protected: |
| scoped_ptr<net::URLRequest> MakeURLRequest( |
| net::URLRequestContextGetter* context_getter) { |
| return context_getter->GetURLRequestContext()->CreateRequest( |
| GURL("https://example"), net::DEFAULT_PRIORITY, NULL); |
| } |
| |
| base::WaitableEvent io_loop_finished_event_; |
| |
| scoped_refptr<net::URLRequestContextGetter> url_request_context_getter_; |
| net::URLRequest* url_request_; |
| |
| scoped_refptr<net::X509Certificate> client_cert_1_; |
| scoped_refptr<net::X509Certificate> client_cert_2_; |
| scoped_refptr<net::SSLCertRequestInfo> cert_request_info_; |
| scoped_refptr<StrictMock<SSLClientAuthRequestorMock> > auth_requestor_; |
| // The selector will be deleted when a cert is selected or the tab is closed. |
| SSLClientCertificateSelector* selector_; |
| #if defined(USE_NSS_CERTS) |
| crypto::ScopedTestNSSDB test_nssdb_; |
| #endif |
| }; |
| |
| class SSLClientCertificateSelectorMultiTabTest |
| : public SSLClientCertificateSelectorTest { |
| public: |
| void SetUpInProcessBrowserTestFixture() override { |
| SSLClientCertificateSelectorTest::SetUpInProcessBrowserTestFixture(); |
| |
| cert_request_info_1_ = new net::SSLCertRequestInfo; |
| cert_request_info_1_->host_and_port = net::HostPortPair("bar", 123); |
| cert_request_info_1_->client_certs.push_back(client_cert_1_); |
| cert_request_info_1_->client_certs.push_back(client_cert_2_); |
| |
| cert_request_info_2_ = new net::SSLCertRequestInfo; |
| cert_request_info_2_->host_and_port = net::HostPortPair("bar", 123); |
| cert_request_info_2_->client_certs.push_back(client_cert_1_); |
| cert_request_info_2_->client_certs.push_back(client_cert_2_); |
| } |
| |
| void SetUpOnMainThread() override { |
| // Also calls SetUpOnIOThread. |
| SSLClientCertificateSelectorTest::SetUpOnMainThread(); |
| |
| AddTabAtIndex(1, GURL("about:blank"), ui::PAGE_TRANSITION_LINK); |
| AddTabAtIndex(2, GURL("about:blank"), ui::PAGE_TRANSITION_LINK); |
| ASSERT_TRUE(NULL != browser()->tab_strip_model()->GetWebContentsAt(0)); |
| ASSERT_TRUE(NULL != browser()->tab_strip_model()->GetWebContentsAt(1)); |
| ASSERT_TRUE(NULL != browser()->tab_strip_model()->GetWebContentsAt(2)); |
| content::WaitForLoadStop(browser()->tab_strip_model()->GetWebContentsAt(1)); |
| content::WaitForLoadStop(browser()->tab_strip_model()->GetWebContentsAt(2)); |
| |
| selector_1_ = new SSLClientCertificateSelector( |
| browser()->tab_strip_model()->GetWebContentsAt(1), |
| auth_requestor_1_->cert_request_info_, |
| auth_requestor_1_->CreateDelegate()); |
| selector_1_->Init(); |
| selector_1_->Show(); |
| selector_2_ = new SSLClientCertificateSelector( |
| browser()->tab_strip_model()->GetWebContentsAt(2), |
| auth_requestor_2_->cert_request_info_, |
| auth_requestor_2_->CreateDelegate()); |
| selector_2_->Init(); |
| selector_2_->Show(); |
| |
| EXPECT_EQ(2, browser()->tab_strip_model()->active_index()); |
| EXPECT_EQ(client_cert_1_.get(), selector_1_->GetSelectedCert()); |
| EXPECT_EQ(client_cert_1_.get(), selector_2_->GetSelectedCert()); |
| } |
| |
| void SetUpOnIOThread() override { |
| url_request_1_ = |
| MakeURLRequest(url_request_context_getter_.get()).release(); |
| url_request_2_ = |
| MakeURLRequest(url_request_context_getter_.get()).release(); |
| |
| auth_requestor_1_ = new StrictMock<SSLClientAuthRequestorMock>( |
| url_request_1_, |
| cert_request_info_1_); |
| auth_requestor_2_ = new StrictMock<SSLClientAuthRequestorMock>( |
| url_request_2_, |
| cert_request_info_2_); |
| |
| SSLClientCertificateSelectorTest::SetUpOnIOThread(); |
| } |
| |
| void TearDownOnMainThread() override { |
| auth_requestor_2_ = NULL; |
| auth_requestor_1_ = NULL; |
| SSLClientCertificateSelectorTest::TearDownOnMainThread(); |
| } |
| |
| void CleanUpOnIOThread() override { |
| delete url_request_1_; |
| delete url_request_2_; |
| SSLClientCertificateSelectorTest::CleanUpOnIOThread(); |
| } |
| |
| protected: |
| net::URLRequest* url_request_1_; |
| net::URLRequest* url_request_2_; |
| scoped_refptr<net::SSLCertRequestInfo> cert_request_info_1_; |
| scoped_refptr<net::SSLCertRequestInfo> cert_request_info_2_; |
| scoped_refptr<StrictMock<SSLClientAuthRequestorMock> > auth_requestor_1_; |
| scoped_refptr<StrictMock<SSLClientAuthRequestorMock> > auth_requestor_2_; |
| SSLClientCertificateSelector* selector_1_; |
| SSLClientCertificateSelector* selector_2_; |
| }; |
| |
| class SSLClientCertificateSelectorMultiProfileTest |
| : public SSLClientCertificateSelectorTest { |
| public: |
| void SetUpInProcessBrowserTestFixture() override { |
| SSLClientCertificateSelectorTest::SetUpInProcessBrowserTestFixture(); |
| |
| cert_request_info_1_ = new net::SSLCertRequestInfo; |
| cert_request_info_1_->host_and_port = net::HostPortPair("foo", 123); |
| cert_request_info_1_->client_certs.push_back(client_cert_1_); |
| cert_request_info_1_->client_certs.push_back(client_cert_2_); |
| } |
| |
| void SetUpOnMainThread() override { |
| browser_1_ = CreateIncognitoBrowser(); |
| url_request_context_getter_1_ = browser_1_->profile()->GetRequestContext(); |
| |
| // Also calls SetUpOnIOThread. |
| SSLClientCertificateSelectorTest::SetUpOnMainThread(); |
| |
| selector_1_ = new SSLClientCertificateSelector( |
| browser_1_->tab_strip_model()->GetActiveWebContents(), |
| auth_requestor_1_->cert_request_info_, |
| auth_requestor_1_->CreateDelegate()); |
| selector_1_->Init(); |
| selector_1_->Show(); |
| |
| EXPECT_EQ(client_cert_1_.get(), selector_1_->GetSelectedCert()); |
| } |
| |
| void SetUpOnIOThread() override { |
| url_request_1_ = |
| MakeURLRequest(url_request_context_getter_1_.get()).release(); |
| |
| auth_requestor_1_ = new StrictMock<SSLClientAuthRequestorMock>( |
| url_request_1_, |
| cert_request_info_1_); |
| |
| SSLClientCertificateSelectorTest::SetUpOnIOThread(); |
| } |
| |
| void TearDownOnMainThread() override { |
| auth_requestor_1_ = NULL; |
| SSLClientCertificateSelectorTest::TearDownOnMainThread(); |
| } |
| |
| void CleanUpOnIOThread() override { |
| delete url_request_1_; |
| SSLClientCertificateSelectorTest::CleanUpOnIOThread(); |
| } |
| |
| protected: |
| Browser* browser_1_; |
| scoped_refptr<net::URLRequestContextGetter> url_request_context_getter_1_; |
| net::URLRequest* url_request_1_; |
| scoped_refptr<net::SSLCertRequestInfo> cert_request_info_1_; |
| scoped_refptr<StrictMock<SSLClientAuthRequestorMock> > auth_requestor_1_; |
| SSLClientCertificateSelector* selector_1_; |
| }; |
| |
| #if defined(OS_LINUX) && !defined(OS_CHROMEOS) && defined(USE_AURA) |
| // TODO(erg): linux_aura bringup: http://crbug.com/163931 |
| #define MAYBE_SelectNone DISABLED_SelectNone |
| #else |
| #define MAYBE_SelectNone SelectNone |
| #endif |
| |
| |
| IN_PROC_BROWSER_TEST_F(SSLClientCertificateSelectorTest, MAYBE_SelectNone) { |
| EXPECT_CALL(*auth_requestor_.get(), CancelCertificateSelection()); |
| |
| // Let the mock get checked on destruction. |
| } |
| |
| IN_PROC_BROWSER_TEST_F(SSLClientCertificateSelectorTest, Escape) { |
| EXPECT_CALL(*auth_requestor_.get(), CertificateSelected(NULL)); |
| |
| EXPECT_TRUE(ui_test_utils::SendKeyPressSync( |
| browser(), ui::VKEY_ESCAPE, false, false, false, false)); |
| |
| Mock::VerifyAndClear(auth_requestor_.get()); |
| } |
| |
| IN_PROC_BROWSER_TEST_F(SSLClientCertificateSelectorTest, SelectDefault) { |
| EXPECT_CALL(*auth_requestor_.get(), |
| CertificateSelected(client_cert_1_.get())); |
| |
| EXPECT_TRUE(ui_test_utils::SendKeyPressSync( |
| browser(), ui::VKEY_RETURN, false, false, false, false)); |
| |
| Mock::VerifyAndClear(auth_requestor_.get()); |
| } |
| |
| IN_PROC_BROWSER_TEST_F(SSLClientCertificateSelectorMultiTabTest, Escape) { |
| // auth_requestor_1_ should get selected automatically by the |
| // SSLClientAuthObserver when selector_2_ is accepted, since both 1 & 2 have |
| // the same host:port. |
| EXPECT_CALL(*auth_requestor_1_.get(), CertificateSelected(NULL)); |
| EXPECT_CALL(*auth_requestor_2_.get(), CertificateSelected(NULL)); |
| |
| EXPECT_TRUE(ui_test_utils::SendKeyPressSync( |
| browser(), ui::VKEY_ESCAPE, false, false, false, false)); |
| |
| Mock::VerifyAndClear(auth_requestor_.get()); |
| Mock::VerifyAndClear(auth_requestor_1_.get()); |
| Mock::VerifyAndClear(auth_requestor_2_.get()); |
| |
| // Now let the default selection for auth_requestor_ mock get checked on |
| // destruction. |
| EXPECT_CALL(*auth_requestor_.get(), CancelCertificateSelection()); |
| } |
| |
| IN_PROC_BROWSER_TEST_F(SSLClientCertificateSelectorMultiTabTest, SelectSecond) { |
| // auth_requestor_1_ should get selected automatically by the |
| // SSLClientAuthObserver when selector_2_ is accepted, since both 1 & 2 have |
| // the same host:port. |
| EXPECT_CALL(*auth_requestor_1_.get(), |
| CertificateSelected(client_cert_2_.get())); |
| EXPECT_CALL(*auth_requestor_2_.get(), |
| CertificateSelected(client_cert_2_.get())); |
| |
| EXPECT_TRUE(ui_test_utils::SendKeyPressSync( |
| browser(), ui::VKEY_DOWN, false, false, false, false)); |
| |
| EXPECT_EQ(client_cert_1_.get(), selector_->GetSelectedCert()); |
| EXPECT_EQ(client_cert_1_.get(), selector_1_->GetSelectedCert()); |
| EXPECT_EQ(client_cert_2_.get(), selector_2_->GetSelectedCert()); |
| |
| EXPECT_TRUE(ui_test_utils::SendKeyPressSync( |
| browser(), ui::VKEY_RETURN, false, false, false, false)); |
| |
| Mock::VerifyAndClear(auth_requestor_.get()); |
| Mock::VerifyAndClear(auth_requestor_1_.get()); |
| Mock::VerifyAndClear(auth_requestor_2_.get()); |
| |
| // Now let the default selection for auth_requestor_ mock get checked on |
| // destruction. |
| EXPECT_CALL(*auth_requestor_.get(), CancelCertificateSelection()); |
| } |
| |
| IN_PROC_BROWSER_TEST_F(SSLClientCertificateSelectorMultiProfileTest, Escape) { |
| EXPECT_CALL(*auth_requestor_1_.get(), CertificateSelected(NULL)); |
| |
| EXPECT_TRUE(ui_test_utils::SendKeyPressSync( |
| browser_1_, ui::VKEY_ESCAPE, false, false, false, false)); |
| |
| Mock::VerifyAndClear(auth_requestor_.get()); |
| Mock::VerifyAndClear(auth_requestor_1_.get()); |
| |
| // Now let the default selection for auth_requestor_ mock get checked on |
| // destruction. |
| EXPECT_CALL(*auth_requestor_.get(), CancelCertificateSelection()); |
| } |
| |
| IN_PROC_BROWSER_TEST_F(SSLClientCertificateSelectorMultiProfileTest, |
| SelectDefault) { |
| EXPECT_CALL(*auth_requestor_1_.get(), |
| CertificateSelected(client_cert_1_.get())); |
| |
| EXPECT_TRUE(ui_test_utils::SendKeyPressSync( |
| browser_1_, ui::VKEY_RETURN, false, false, false, false)); |
| |
| Mock::VerifyAndClear(auth_requestor_.get()); |
| Mock::VerifyAndClear(auth_requestor_1_.get()); |
| |
| // Now let the default selection for auth_requestor_ mock get checked on |
| // destruction. |
| EXPECT_CALL(*auth_requestor_.get(), CancelCertificateSelection()); |
| } |