// Copyright 2024 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "components/enterprise/client_certificates/core/certificate_provisioning_service.h" #include <optional> #include <utility> #include "base/functional/bind.h" #include "base/functional/callback.h" #include "base/memory/raw_ptr.h" #include "base/test/gmock_callback_support.h" #include "base/test/gmock_expected_support.h" #include "base/test/gmock_move_support.h" #include "base/test/metrics/histogram_tester.h" #include "base/test/task_environment.h" #include "base/test/test_future.h" #include "base/types/expected.h" #include "base/values.h" #include "components/enterprise/client_certificates/core/certificate_store.h" #include "components/enterprise/client_certificates/core/client_identity.h" #include "components/enterprise/client_certificates/core/constants.h" #include "components/enterprise/client_certificates/core/context_delegate.h" #include "components/enterprise/client_certificates/core/key_upload_client.h" #include "components/enterprise/client_certificates/core/metrics_util.h" #include "components/enterprise/client_certificates/core/mock_certificate_store.h" #include "components/enterprise/client_certificates/core/mock_key_upload_client.h" #include "components/enterprise/client_certificates/core/mock_private_key.h" #include "components/enterprise/client_certificates/core/prefs.h" #include "components/enterprise/client_certificates/core/private_key.h" #include "components/enterprise/client_certificates/core/store_error.h" #include "components/prefs/testing_pref_service.h" #include "net/cert/x509_certificate.h" #include "net/test/cert_test_util.h" #include "net/test/test_data_directory.h" #include "testing/gmock/include/gmock/gmock.h" #include "testing/gtest/include/gtest/gtest.h" RunOnceCallback; _; StrictMock; namespace client_certificates { namespace { constexpr int kSuccessUploadCode = …; scoped_refptr<net::X509Certificate> LoadTestCert() { … } scoped_refptr<net::X509Certificate> LoadOtherTestCert() { … } class MockContextDelegate : public ContextDelegate { … }; } // namespace class CertificateProvisioningServiceTest : public testing::Test { … }; // Tests that the service will properly provision the identity when the policy // pref is already enabled and there is no pre-existing identity in the store. TEST_F(CertificateProvisioningServiceTest, CreatedWithPref_Empty_ProvisionsIdentity) { … } // Tests that the service will properly provision the identity when the policy // pref becomes enabled post-creation and there is no pre-existing identity in // the store. TEST_F(CertificateProvisioningServiceTest, CreatedWithoutPref_Empty_ProvisionsIdentity) { … } // When the policy pref is disabled, the service's creation doesn't trigger // certificate provisioning. TEST_F(CertificateProvisioningServiceTest, Created_PolicyDisabled_NothingHappens) { … } // When the service is created, the policy is enabled and the store has an // existing identity, the service will simply load it up and sync the key. TEST_F(CertificateProvisioningServiceTest, CreatedWithPref_ExistingIdentityLoaded) { … } // When the service is created, the policy is enabled and the store has an // existing identity that only has a private key, the service will get a new // certificate for that private key and then commit it. TEST_F(CertificateProvisioningServiceTest, CreatedWithPref_ExistingIdentity_NoCertificate) { … } // Tests what happens when the GetIdentity provisioning step fails. TEST_F(CertificateProvisioningServiceTest, CreatedWithPref_Empty_GetIdentityFails) { … } // Tests what happens when the CreateKey provisioning step fails. TEST_F(CertificateProvisioningServiceTest, CreatedWithPref_Empty_CreateKeyFails) { … } // Tests what happens when the CreateCertificate provisioning step fails. TEST_F(CertificateProvisioningServiceTest, CreatedWithPref_Empty_CreateCertificateFails) { … } // Tests what happens when the CreateCertificate provisioning step succeeds, but // doesn't return a certificate. TEST_F(CertificateProvisioningServiceTest, CreatedWithPref_Empty_CreateCertificateSucceeds_NoCert) { … } // Tests that the store returns "conflict" for attempting to create a temporary // key, so the code will just reuse that key and continue with the flow. TEST_F(CertificateProvisioningServiceTest, ConflictTemporaryKey_Resolves) { … } // Tests that the store returns "conflict" for attempting to create a temporary // key, and then the store fails to load the temporary identity. TEST_F(CertificateProvisioningServiceTest, ConflictTemporaryKey_FailsLoad) { … } // Tests that the store returns "conflict" for attempting to create a temporary // key, and then the store loads the temporary identity but it is empty. TEST_F(CertificateProvisioningServiceTest, ConflictTemporaryKey_LoadEmpty) { … } // Tests that the store returns "conflict" for attempting to create a temporary // key, and then the store loads the temporary identity but it has no private // key. TEST_F(CertificateProvisioningServiceTest, ConflictTemporaryKey_LoadNoPrivateKey) { … } // Tests what happens when the CommitIdentity provisioning step fails. TEST_F(CertificateProvisioningServiceTest, CreatedWithPref_Empty_CommitIdentityFails) { … } // Tests what happens when a private key already exists, but the // CommitCertificate provisioning step fails. TEST_F(CertificateProvisioningServiceTest, CreatedWithPref_ExistingIdentity_CommitCertificateFails) { … } // Tests that the provisioning flow will renew an expired certificate when // loading it, and only invoke the pending callback when the new certificate // is available. TEST_F(CertificateProvisioningServiceTest, CreatedWithPref_Empty_ProvisionsIdentity_RenewsExpiredCert) { … } // Tests that the provisioning flow will attempt to renew an expired certificate // when loading it, but fail to create a new certificate. It will then invoke // pending callbacks with the expired certificate, but will re-attempt to renew // the certificate on subsequent calls. TEST_F( CertificateProvisioningServiceTest, CreatedWithPref_Empty_ProvisionsIdentity_RenewsExpiredCert_FailsDownload) { … } // Tests that concurrent GetManagedIdentity calls don't provision multiple // managed identities, and will wait for existing provisioning processes. TEST_F(CertificateProvisioningServiceTest, ConcurrentGetManagedIdentityCalls) { … } } // namespace client_certificates
Codebase Browser
chromium