net/base/x509_certificate_unittest.cc - Issue 7384002: Added CreateOriginBound method to x509_certificate.h.

Side by Side Diff: net/base/x509_certificate_unittest.cc

Issue 7384002: Added CreateOriginBound method to x509_certificate.h. (Closed) Base URL: http://git.chromium.org/git/chromium.git@trunk

Patch Set: Cleaned up the Threadsafe OID singleton wrapper class. Created 9 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

	5 #include <cert.h>

	6 #include <secoid.h>

	7

5 #include "base/file_path.h"	8 #include "base/file_path.h"

6 #include "base/file_util.h"	9 #include "base/file_util.h"

7 #include "base/path_service.h"	10 #include "base/path_service.h"

8 #include "base/pickle.h"	11 #include "base/pickle.h"

9 #include "base/sha1.h"	12 #include "base/sha1.h"

10 #include "base/string_number_conversions.h"	13 #include "base/string_number_conversions.h"

11 #include "base/string_split.h"	14 #include "base/string_split.h"

12 #include "crypto/rsa_private_key.h"	15 #include "crypto/rsa_private_key.h"

13 #include "net/base/asn1_util.h"	16 #include "net/base/asn1_util.h"

14 #include "net/base/cert_status_flags.h"	17 #include "net/base/cert_status_flags.h"

(...skipping 1097 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1112 private_key.reset(crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(input));	1115 private_key.reset(crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(input));

1113 ASSERT_TRUE(private_key.get());	1116 ASSERT_TRUE(private_key.get());

1114	1117

1115 cert = X509Certificate::CreateSelfSigned(	1118 cert = X509Certificate::CreateSelfSigned(

1116 private_key.get(), "CN=subject", 1, base::TimeDelta::FromDays(1));	1119 private_key.get(), "CN=subject", 1, base::TimeDelta::FromDays(1));

1117	1120

1118 EXPECT_EQ("subject", cert->subject().GetDisplayName());	1121 EXPECT_EQ("subject", cert->subject().GetDisplayName());

1119 EXPECT_FALSE(cert->HasExpired());	1122 EXPECT_FALSE(cert->HasExpired());

1120 }	1123 }

1121	1124

	1125 // This test creates an origin-bound cert from a private key and

	1126 // then verifies the content of the certificate.

	1127 TEST(X509CertificateTest, CreateOriginBound) {

	1128 SECItem ob_cert_oid = { siDEROID, NULL, 0 };

	1129 SECItem* expected;

	1130 SECItem actual = {siBuffer, NULL, 0};
	wtc 2011/08/19 18:18:08 Add spaces after '{' and before '}'. Add spaces after '{' and before '}'. mdietz 2011/08/22 20:09:00 Done. Show quoted text On 2011/08/19 18:18:08, wtc wrote: > Add spaces after '{' and before '}'. Done.
	1131 SECOidTag ob_cert_oid_tag;

	1132 SECStatus ok;

	1133 PRBool result;
	wtc 2011/08/19 18:18:08 This is C++ code, so please declare variables when This is C++ code, so please declare variables when they're first used. mdietz 2011/08/22 20:09:00 Done. Show quoted text On 2011/08/19 18:18:08, wtc wrote: > This is C++ code, so please declare variables when they're > first used. Done.
	1134

	1135 // Origin Bound Cert OID

	1136 static const char oid_string[] = "1.3.6.1.4.1.11129.2.1.6";

	1137

	1138 // Sample ASCII weborigin

	1139 std::string origin = "http://weborigin.com:443";

	1140

	1141 // Create object neccissary for extension lookup call

	1142 SECItem extension_object = {siAsciiString,

	1143 (unsigned char*)origin.data(),

	1144 origin.size()};
	wtc 2011/08/19 18:18:08 Please format this as follows: SECItem extension Please format this as follows: SECItem extension_object = { siAsciiString, (unsigned char)origin.data(), origin.size() }; mdietz* 2011/08/22 20:09:00 Done. Show quoted text On 2011/08/19 18:18:08, wtc wrote: > Please format this as follows: > SECItem extension_object = { > siAsciiString, > (unsigned char*)origin.data(), > origin.size() > }; Done.
	1145

	1146 scoped_ptr<crypto::RSAPrivateKey> private_key(

	1147 crypto::RSAPrivateKey::Create(1024));

	1148 scoped_refptr<X509Certificate> cert =

	1149 X509Certificate::CreateOriginBound(private_key.get(),

	1150 "CN=subject",

	1151 origin, 1,

	1152 base::TimeDelta::FromDays(1));

	1153

	1154 EXPECT_EQ("subject", cert->subject().GetDisplayName());
	wtc 2011/08/19 18:18:08 Change "subject" to "anonymous.invalid". Change "subject" to "anonymous.invalid". mdietz 2011/08/22 20:09:00 Just removed subject since it's no longer passed a Just removed subject since it's no longer passed as a parameter to CreateOriginBound(). On 2011/08/19 18:18:08, wtc wrote: Show quoted text > Change "subject" to "anonymous.invalid". wtc 2011/08/23 01:32:21 Right, but it is useful to verify that the subject Show quoted text On 2011/08/22 20:09:00, mdietz wrote: > Just removed subject since it's no longer passed as a parameter to > CreateOriginBound(). Right, but it is useful to verify that the subject in the generated cert matches the subject name recommended in Dirk's Internet-Draft.
	1155 EXPECT_FALSE(cert->HasExpired());

	1156

	1157 // IA5Encode and arena allocate SECItem

	1158 expected = SEC_ASN1EncodeItem(cert->os_cert_handle()->arena, NULL,
	wtc 2011/08/19 18:18:08 We should call PORT_NewArena() early and use 'aren We should call PORT_NewArena() early and use 'arena' instead of cert->os_cert_handle()->arena here. Move the PORT_FreeArena() call to the end of this unit test. We cannot free 'arena' while 'expected' and 'ob_cert_oid' are still in use. mdietz 2011/08/22 20:09:00 Done. Show quoted text On 2011/08/19 18:18:08, wtc wrote: > We should call PORT_NewArena() early and use 'arena' instead > of cert->os_cert_handle()->arena here. > > Move the PORT_FreeArena() call to the end of this unit test. > We cannot free 'arena' while 'expected' and 'ob_cert_oid' > are still in use. Done.
	1159 &extension_object,

	1160 SEC_ASN1_GET(SEC_IA5StringTemplate));

	1161

	1162 ASSERT_NE(static_cast<SECItem*>(NULL), expected);

	1163

	1164 // Create OID SECItem

	1165 PLArenaPool* arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);

	1166 ok = SEC_StringToOID(arena, &ob_cert_oid,

	1167 oid_string, NULL);

	1168 PORT_FreeArena(arena, PR_FALSE);

	1169

	1170 ASSERT_EQ(SECSuccess, ok);

	1171

	1172 ob_cert_oid_tag = SECOID_FindOIDTag(&ob_cert_oid);

	1173

	1174 ASSERT_NE(SEC_OID_UNKNOWN, ob_cert_oid_tag);

	1175

	1176 // Lookup Origin Bound Cert extension in generated cert

	1177 ok = CERT_FindCertExtension(cert->os_cert_handle(),

	1178 ob_cert_oid_tag,

	1179 &actual);

	1180 ASSERT_EQ(SECSuccess, ok);

	1181

	1182 // Compare expected and actual extension values

	1183 result = SECITEM_ItemsAreEqual(expected, &actual);

	1184 ASSERT_TRUE(result);
	wtc 2011/08/19 18:18:08 Add SECITEM_FreeItem(&actual, PR_FALSE); otherwi Add SECITEM_FreeItem(&actual, PR_FALSE); otherwise 'actual' is leaked. mdietz 2011/08/22 20:09:00 Done. Show quoted text On 2011/08/19 18:18:08, wtc wrote: > Add > SECITEM_FreeItem(&actual, PR_FALSE); > otherwise 'actual' is leaked. Done.
	1185 }

	1186

1122 TEST(X509CertificateTest, GetDEREncoded) {	1187 TEST(X509CertificateTest, GetDEREncoded) {

1123 scoped_ptr<crypto::RSAPrivateKey> private_key(	1188 scoped_ptr<crypto::RSAPrivateKey> private_key(

1124 crypto::RSAPrivateKey::Create(1024));	1189 crypto::RSAPrivateKey::Create(1024));

1125 scoped_refptr<X509Certificate> cert =	1190 scoped_refptr<X509Certificate> cert =

1126 X509Certificate::CreateSelfSigned(	1191 X509Certificate::CreateSelfSigned(

1127 private_key.get(), "CN=subject", 0, base::TimeDelta::FromDays(1));	1192 private_key.get(), "CN=subject", 0, base::TimeDelta::FromDays(1));

1128	1193

1129 std::string der_cert;	1194 std::string der_cert;

1130 EXPECT_TRUE(cert->GetDEREncoded(&der_cert));	1195 EXPECT_TRUE(cert->GetDEREncoded(&der_cert));

1131 EXPECT_FALSE(der_cert.empty());	1196 EXPECT_FALSE(der_cert.empty());

(...skipping 241 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1373 }	1438 }

1374	1439

1375 EXPECT_EQ(test_data.expected, X509Certificate::VerifyHostname(	1440 EXPECT_EQ(test_data.expected, X509Certificate::VerifyHostname(

1376 test_data.hostname, common_name, dns_names, ip_addressses));	1441 test_data.hostname, common_name, dns_names, ip_addressses));

1377 }	1442 }

1378	1443

1379 INSTANTIATE_TEST_CASE_P(, X509CertificateNameVerifyTest,	1444 INSTANTIATE_TEST_CASE_P(, X509CertificateNameVerifyTest,

1380 testing::ValuesIn(kNameVerifyTestData));	1445 testing::ValuesIn(kNameVerifyTestData));

1381	1446

1382 } // namespace net	1447 } // namespace net

OLD	NEW

« net/base/x509_certificate_nss.cc ('K') | « net/base/x509_certificate_nss.cc ('k') | no next file » | no next file with comments »