Chromium Code Reviews Chromium Code Reviews
Issue 7384002:
Added CreateOriginBound method to x509_certificate.h. (Closed)
Base URL: http://git.chromium.org/git/chromium.git@trunk| Index: net/base/x509_certificate_unittest.cc |
| diff --git a/net/base/x509_certificate_unittest.cc b/net/base/x509_certificate_unittest.cc |
| index 32417ac3e9394bb02a3aa1f9164f2c1a73373bd0..5ae918524ade208ddf9ece8921c7299806785333 100644 |
| --- a/net/base/x509_certificate_unittest.cc |
| +++ b/net/base/x509_certificate_unittest.cc |
| @@ -2,6 +2,9 @@ |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| +#include <cert.h> |
| +#include <secoid.h> |
| + |
| #include "base/file_path.h" |
| #include "base/file_util.h" |
| #include "base/path_service.h" |
| @@ -1119,6 +1122,68 @@ TEST(X509CertificateTest, CreateSelfSigned) { |
| EXPECT_FALSE(cert->HasExpired()); |
| } |
| +// This test creates an origin-bound cert from a private key and |
| +// then verifies the content of the certificate. |
| +TEST(X509CertificateTest, CreateOriginBound) { |
| + SECItem ob_cert_oid = { siDEROID, NULL, 0 }; |
| + SECItem* expected; |
| + SECItem actual = {siBuffer, NULL, 0}; |
|
wtc
2011/08/19 18:18:08
Add spaces after '{' and before '}'.
mdietz
2011/08/22 20:09:00
Done.
|
| + SECOidTag ob_cert_oid_tag; |
| + SECStatus ok; |
| + PRBool result; |
|
wtc
2011/08/19 18:18:08
This is C++ code, so please declare variables when
mdietz
2011/08/22 20:09:00
Done.
|
| + |
| + // Origin Bound Cert OID |
| + static const char oid_string[] = "1.3.6.1.4.1.11129.2.1.6"; |
| + |
| + // Sample ASCII weborigin |
| + std::string origin = "http://weborigin.com:443"; |
| + |
| + // Create object neccissary for extension lookup call |
| + SECItem extension_object = {siAsciiString, |
| + (unsigned char*)origin.data(), |
| + origin.size()}; |
|
wtc
2011/08/19 18:18:08
Please format this as follows:
SECItem extension
mdietz
2011/08/22 20:09:00
Done.
|
| + |
| + scoped_ptr<crypto::RSAPrivateKey> private_key( |
| + crypto::RSAPrivateKey::Create(1024)); |
| + scoped_refptr<X509Certificate> cert = |
| + X509Certificate::CreateOriginBound(private_key.get(), |
| + "CN=subject", |
| + origin, 1, |
| + base::TimeDelta::FromDays(1)); |
| + |
| + EXPECT_EQ("subject", cert->subject().GetDisplayName()); |
|
wtc
2011/08/19 18:18:08
Change "subject" to "anonymous.invalid".
mdietz
2011/08/22 20:09:00
Just removed subject since it's no longer passed a
wtc
2011/08/23 01:32:21
Right, but it is useful to verify that the subject
|
| + EXPECT_FALSE(cert->HasExpired()); |
| + |
| + // IA5Encode and arena allocate SECItem |
| + expected = SEC_ASN1EncodeItem(cert->os_cert_handle()->arena, NULL, |
|
wtc
2011/08/19 18:18:08
We should call PORT_NewArena() early and use 'aren
mdietz
2011/08/22 20:09:00
Done.
|
| + &extension_object, |
| + SEC_ASN1_GET(SEC_IA5StringTemplate)); |
| + |
| + ASSERT_NE(static_cast<SECItem*>(NULL), expected); |
| + |
| + // Create OID SECItem |
| + PLArenaPool* arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); |
| + ok = SEC_StringToOID(arena, &ob_cert_oid, |
| + oid_string, NULL); |
| + PORT_FreeArena(arena, PR_FALSE); |
| + |
| + ASSERT_EQ(SECSuccess, ok); |
| + |
| + ob_cert_oid_tag = SECOID_FindOIDTag(&ob_cert_oid); |
| + |
| + ASSERT_NE(SEC_OID_UNKNOWN, ob_cert_oid_tag); |
| + |
| + // Lookup Origin Bound Cert extension in generated cert |
| + ok = CERT_FindCertExtension(cert->os_cert_handle(), |
| + ob_cert_oid_tag, |
| + &actual); |
| + ASSERT_EQ(SECSuccess, ok); |
| + |
| + // Compare expected and actual extension values |
| + result = SECITEM_ItemsAreEqual(expected, &actual); |
| + ASSERT_TRUE(result); |
|
wtc
2011/08/19 18:18:08
Add
SECITEM_FreeItem(&actual, PR_FALSE);
otherwi
mdietz
2011/08/22 20:09:00
Done.
|
| +} |
| + |
| TEST(X509CertificateTest, GetDEREncoded) { |
| scoped_ptr<crypto::RSAPrivateKey> private_key( |
| crypto::RSAPrivateKey::Create(1024)); |
