// Copyright 2024 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "components/enterprise/client_certificates/core/certificate_store.h" #include <map> #include <memory> #include <optional> #include <string> #include <utility> #include "base/functional/bind.h" #include "base/functional/callback.h" #include "base/memory/raw_ptr.h" #include "base/pickle.h" #include "base/test/gmock_callback_support.h" #include "base/test/gmock_expected_support.h" #include "base/test/task_environment.h" #include "base/test/test_future.h" #include "base/types/expected.h" #include "components/enterprise/client_certificates/core/client_identity.h" #include "components/enterprise/client_certificates/core/mock_private_key.h" #include "components/enterprise/client_certificates/core/mock_private_key_factory.h" #include "components/enterprise/client_certificates/core/private_key.h" #include "components/enterprise/client_certificates/core/private_key_factory.h" #include "components/enterprise/client_certificates/core/store_error.h" #include "components/enterprise/client_certificates/proto/client_certificates_database.pb.h" #include "components/leveldb_proto/public/proto_database.h" #include "components/leveldb_proto/public/proto_database_provider.h" #include "components/leveldb_proto/public/shared_proto_database_client_list.h" #include "components/leveldb_proto/testing/fake_db.h" #include "net/cert/x509_certificate.h" #include "net/test/cert_test_util.h" #include "net/test/test_data_directory.h" #include "testing/gmock/include/gmock/gmock.h" #include "testing/gtest/include/gtest/gtest.h" namespace client_certificates { namespace { constexpr char kTestIdentityName[] = …; constexpr char kOtherTestIdentityName[] = …; constexpr char kFakeWrappedValue[] = …; client_certificates_pb::PrivateKey CreateFakeProtoKey() { … } scoped_refptr<net::X509Certificate> LoadTestCert() { … } void PersistCertificate(client_certificates_pb::ClientIdentity& identity, scoped_refptr<net::X509Certificate> certificate) { … } MATCHER_P(EqualsProto, expected, "") { … } } // namespace RunOnceCallback; InitStatus; ErrorIs; ValueIs; _; Return; StrictMock; class CertificateStoreTest : public testing::Test { … }; // Tests the success path of the CreatePrivateKey function: // - Database initialization succeeds, // - Parameters are valid, // - There is no preexisting valid identity with the same name, // - Private key creation succeeds, // - Private key serialization succeeds. TEST_F(CertificateStoreTest, CreatePrivateKey_Success) { … } // Tests that no key is returned when given an invalid identity name. TEST_F(CertificateStoreTest, CreatePrivateKey_InvalidIdentityNameFail) { … } // Tests that no key is returned when failing to initialize the database. TEST_F(CertificateStoreTest, CreatePrivateKey_DatabaseInitFail) { … } // Tests that no key is returned when failing to verify that the database // doesn't already have an identity with the same name. TEST_F(CertificateStoreTest, CreatePrivateKey_GetIdentityFail) { … } // Tests that no key is returned and the database is not modified when // the create key call fails. TEST_F(CertificateStoreTest, CreatePrivateKey_CreateKeyFail) { … } // Tests that no key is returned and the database is not modified when // attempting to create a private key using an identity name that is already // used. TEST_F(CertificateStoreTest, CreatePrivateKey_ConflictFail) { … } // Tests that no key is returned when failing to update the database. TEST_F(CertificateStoreTest, CreatePrivateKey_UpdateFail) { … } // Tests that a certificate can be saved to the database when a private key // already exists in the database. TEST_F(CertificateStoreTest, CommitCertificate_SuccessWithPrivateKey) { … } // Tests that a certificate can be saved to the database even when a private key // does not already exist in the database. TEST_F(CertificateStoreTest, CommitCertificate_SuccessWithoutPrivateKey) { … } // Tests that a certificate won't be saved to the database when the identity // name is invalid. TEST_F(CertificateStoreTest, CommitCertificate_InvalidIdentityNameFail) { … } // Tests that a certificate won't be saved to the database when the database // initialization failed. TEST_F(CertificateStoreTest, CommitCertificate_DatabaseInitFail) { … } // Tests that a certificate won't be saved to the database when failing to "get" // from the database. TEST_F(CertificateStoreTest, CommitCertificate_GetIdentityFail) { … } // Tests that a certificate won't be saved to the database when the given // certificate instance is invalid (nullptr). TEST_F(CertificateStoreTest, CommitCertificate_InvalidCertificateFail) { … } // Tests that a certificate won't be saved to the database when failing to // "update" the database. TEST_F(CertificateStoreTest, CommitCertificate_UpdateFail) { … } // Tests that an existing private key is moved and a certificate can be saved // to the database. TEST_F(CertificateStoreTest, CommitIdentity_SuccessWithPrivateKey) { … } // Tests that a certificate cannot be saved to the database when the temporary // identity does not already exist in the database. TEST_F(CertificateStoreTest, CommitIdentity_FailWithoutIdentity) { … } // Tests that a certificate won't be saved to the database when the temporary // identity name is invalid. TEST_F(CertificateStoreTest, CommitIdentity_InvalidTemporaryIdentityNameFail) { … } // Tests that a certificate won't be saved to the database when the database // initialization failed. TEST_F(CertificateStoreTest, CommitIdentity_DatabaseInitFail) { … } // Tests that a certificate won't be saved to the database when failing to "get" // from the database. TEST_F(CertificateStoreTest, CommitIdentity_GetIdentityFail) { … } // Tests that a certificate won't be saved to the database when the given // certificate instance is invalid (nullptr). TEST_F(CertificateStoreTest, CommitIdentity_InvalidCertificateFail) { … } // Tests that a certificate won't be saved to the database when the given // certificate instance is invalid (nullptr). TEST_F(CertificateStoreTest, CommitIdentity_InvalidFinalNameFail) { … } // Tests that a certificate won't be saved to the database when failing to // "update" the database. TEST_F(CertificateStoreTest, CommitIdentity_UpdateFail) { … } // Tests that an identity stored in the database with a private key and // certificate can be properly loaded into memory and returned. TEST_F(CertificateStoreTest, GetIdentity_FullIdentitySuccess) { … } // Tests that an identity stored in the database with only a private key can be // properly loaded into memory and returned. TEST_F(CertificateStoreTest, GetIdentity_OnlyPrivateKeySuccess) { … } // Tests that an identity stored in the database with only a certificate can be // properly loaded into memory and returned. TEST_F(CertificateStoreTest, GetIdentity_OnlyCertificateSuccess) { … } // Tests that an identity stored in the database with no private key nor // certificate can be properly loaded into memory and returned. TEST_F(CertificateStoreTest, GetIdentity_EmptySuccess) { … } // Tests that attempting to retrieve an identity using an unknown identity name // does not return an actual identity. TEST_F(CertificateStoreTest, GetIdentity_NotFoundSuccess) { … } // Tests that attempting to retrieve an identity using an invalid identity name // does not return an actual identity. TEST_F(CertificateStoreTest, GetIdentity_InvalidIdentityNameFail) { … } // Tests that attempting to retrieve an identity when the database failed to // initialize does not return an actual identity. TEST_F(CertificateStoreTest, GetIdentity_DatabaseInitFail) { … } // Tests that attempting to retrieve an identity when the database failed the // "get" request does not return an actual identity. TEST_F(CertificateStoreTest, GetIdentity_GetIdentityFail) { … } // Tests that attempting to retrieve an identity when failing to load a private // key into memory does not return an actual identity. TEST_F(CertificateStoreTest, GetIdentity_LoadPrivateKeyFail) { … } } // namespace client_certificates
Codebase Browser
chromium