net/ssl/openssl_client_key_store_unittest.cc

   1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "net/ssl/openssl_client_key_store.h"
   6
   7 #include "base/memory/ref_counted.h"
   8 #include "net/base/test_data_directory.h"
   9 #include "net/test/cert_test_util.h"
  10 #include "testing/gtest/include/gtest/gtest.h"
  11
  12 namespace net {
  13
  14 namespace {
  15
  16 typedef OpenSSLClientKeyStore::ScopedEVP_PKEY ScopedEVP_PKEY;
  17
  18 // Return the internal reference count of a given EVP_PKEY.
  19 int EVP_PKEY_get_refcount(EVP_PKEY* pkey) {
  20   return pkey->references;
  21 }
  22
  23 // A common test class to ensure that the store is flushed after
  24 // each test.
  25 class OpenSSLClientKeyStoreTest : public ::testing::Test {
  26  public:
  27   OpenSSLClientKeyStoreTest()
  28     : store_(OpenSSLClientKeyStore::GetInstance()) {
  29   }
  30
  31   virtual ~OpenSSLClientKeyStoreTest() {
  32     if (store_)
  33       store_->Flush();
  34   }
  35
  36  protected:
  37   OpenSSLClientKeyStore* store_;
  38 };
  39
  40 // Check that GetInstance() returns non-null
  41 TEST_F(OpenSSLClientKeyStoreTest, GetInstance) {
  42   ASSERT_TRUE(store_);
  43 }
  44
  45 // Check that Flush() works correctly.
  46 TEST_F(OpenSSLClientKeyStoreTest, Flush) {
  47   ASSERT_TRUE(store_);
  48
  49   scoped_refptr<X509Certificate> cert_1(
  50       ImportCertFromFile(GetTestCertsDirectory(), "client_1.pem"));
  51   ASSERT_TRUE(cert_1.get());
  52
  53   ScopedEVP_PKEY priv_key(EVP_PKEY_new());
  54   ASSERT_TRUE(priv_key.get());
  55
  56   ASSERT_TRUE(store_->RecordClientCertPrivateKey(cert_1.get(),
  57                                                  priv_key.get()));
  58
  59   store_->Flush();
  60
  61   // Retrieve the private key. This should fail because the store
  62   // was flushed.
  63   ScopedEVP_PKEY pkey;
  64   ASSERT_FALSE(store_->FetchClientCertPrivateKey(cert_1.get(), &pkey));
  65   ASSERT_FALSE(pkey.get());
  66 }
  67
  68 // Check that trying to retrieve the private key of an unknown certificate
  69 // simply fails by returning null.
  70 TEST_F(OpenSSLClientKeyStoreTest, FetchEmptyPrivateKey) {
  71   ASSERT_TRUE(store_);
  72
  73   scoped_refptr<X509Certificate> cert_1(
  74       ImportCertFromFile(GetTestCertsDirectory(), "client_1.pem"));
  75   ASSERT_TRUE(cert_1.get());
  76
  77   // Retrieve the private key now. This should fail because it was
  78   // never recorded in the store.
  79   ScopedEVP_PKEY pkey;
  80   ASSERT_FALSE(store_->FetchClientCertPrivateKey(cert_1.get(), &pkey));
  81   ASSERT_FALSE(pkey.get());
  82 }
  83
  84 // Check that any private key recorded through RecordClientCertPrivateKey
  85 // can be retrieved with FetchClientCertPrivateKey.
  86 TEST_F(OpenSSLClientKeyStoreTest, RecordAndFetchPrivateKey) {
  87   ASSERT_TRUE(store_);
  88
  89   // Any certificate / key pair will do, the store is not supposed to
  90   // check that the private and certificate public keys match. This is
  91   // by design since the private EVP_PKEY could be a wrapper around a
  92   // JNI reference, with no way to access the real private key bits.
  93   scoped_refptr<X509Certificate> cert_1(
  94       ImportCertFromFile(GetTestCertsDirectory(), "client_1.pem"));
  95   ASSERT_TRUE(cert_1.get());
  96
  97   ScopedEVP_PKEY priv_key(EVP_PKEY_new());
  98   ASSERT_TRUE(priv_key.get());
  99   ASSERT_EQ(1, EVP_PKEY_get_refcount(priv_key.get()));
 100
 101   // Add the key a first time, this should increment its reference count.
 102   ASSERT_TRUE(store_->RecordClientCertPrivateKey(cert_1.get(),
 103                                                  priv_key.get()));
 104   ASSERT_EQ(2, EVP_PKEY_get_refcount(priv_key.get()));
 105
 106   // Two successive calls with the same certificate / private key shall
 107   // also succeed, but the key's reference count should not be incremented.
 108   ASSERT_TRUE(store_->RecordClientCertPrivateKey(cert_1.get(),
 109                                                  priv_key.get()));
 110   ASSERT_EQ(2, EVP_PKEY_get_refcount(priv_key.get()));
 111
 112   // Retrieve the private key. This should increment the private key's
 113   // reference count.
 114   ScopedEVP_PKEY pkey2;
 115   ASSERT_TRUE(store_->FetchClientCertPrivateKey(cert_1.get(), &pkey2));
 116   ASSERT_EQ(pkey2.get(), priv_key.get());
 117   ASSERT_EQ(3, EVP_PKEY_get_refcount(priv_key.get()));
 118
 119   // Flush the store explicitely, this should decrement the private
 120   // key's reference count.
 121   store_->Flush();
 122   ASSERT_EQ(2, EVP_PKEY_get_refcount(priv_key.get()));
 123 }
 124
 125 // Same test, but with two certificates / private keys.
 126 TEST_F(OpenSSLClientKeyStoreTest, RecordAndFetchTwoPrivateKeys) {
 127   scoped_refptr<X509Certificate> cert_1(
 128       ImportCertFromFile(GetTestCertsDirectory(), "client_1.pem"));
 129   ASSERT_TRUE(cert_1.get());
 130
 131   scoped_refptr<X509Certificate> cert_2(
 132       ImportCertFromFile(GetTestCertsDirectory(), "client_2.pem"));
 133   ASSERT_TRUE(cert_2.get());
 134
 135   ScopedEVP_PKEY priv_key1(EVP_PKEY_new());
 136   ASSERT_TRUE(priv_key1.get());
 137   ASSERT_EQ(1, EVP_PKEY_get_refcount(priv_key1.get()));
 138
 139   ScopedEVP_PKEY priv_key2(EVP_PKEY_new());
 140   ASSERT_TRUE(priv_key2.get());
 141   ASSERT_EQ(1, EVP_PKEY_get_refcount(priv_key2.get()));
 142
 143   ASSERT_NE(priv_key1.get(), priv_key2.get());
 144
 145   // Add the key a first time, this shall succeed, and increment the
 146   // reference count.
 147   EXPECT_TRUE(store_->RecordClientCertPrivateKey(cert_1.get(),
 148                                                  priv_key1.get()));
 149   EXPECT_TRUE(store_->RecordClientCertPrivateKey(cert_2.get(),
 150                                                  priv_key2.get()));
 151   EXPECT_EQ(2, EVP_PKEY_get_refcount(priv_key1.get()));
 152   EXPECT_EQ(2, EVP_PKEY_get_refcount(priv_key2.get()));
 153
 154   // Retrieve the private key now. This shall succeed and increment
 155   // the private key's reference count.
 156   ScopedEVP_PKEY fetch_key1;
 157   ASSERT_TRUE(store_->FetchClientCertPrivateKey(cert_1.get(),
 158                                                 &fetch_key1));
 159   ScopedEVP_PKEY fetch_key2;
 160   ASSERT_TRUE(store_->FetchClientCertPrivateKey(cert_2.get(),
 161                                                 &fetch_key2));
 162   EXPECT_TRUE(fetch_key1.get());
 163   EXPECT_TRUE(fetch_key2.get());
 164
 165   EXPECT_EQ(fetch_key1.get(), priv_key1.get());
 166   EXPECT_EQ(fetch_key2.get(), priv_key2.get());
 167
 168   EXPECT_EQ(3, EVP_PKEY_get_refcount(priv_key1.get()));
 169   EXPECT_EQ(3, EVP_PKEY_get_refcount(priv_key2.get()));
 170 }
 171
 172 }  // namespace
 173 }  // namespace net