Revert 98288 - Added CreateOriginBound method to x509_certificate.h.

net/base/x509_certificate_unittest.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "base/file_path.h"
 #include "base/file_util.h"
 #include "base/path_service.h"
 #include "base/pickle.h"
 #include "base/sha1.h"
 #include "base/string_number_conversions.h"
 #include "base/string_split.h"
 #include "crypto/rsa_private_key.h"
 #include "net/base/asn1_util.h"
 #include "net/base/cert_status_flags.h"
 #include "net/base/cert_test_util.h"
 #include "net/base/cert_verify_result.h"
 #include "net/base/net_errors.h"
 #include "net/base/test_certificate_data.h"
 #include "net/base/test_root_certs.h"
 #include "net/base/x509_certificate.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
-#if defined(USE_NSS)
-#include <cert.h>
-#include <secoid.h>
-#endif
-
 // Unit tests aren't allowed to access external resources. Unfortunately, to
 // properly verify the EV-ness of a cert, we need to check for its revocation
 // through online servers. If you're manually running unit tests, feel free to
 // turn this on to test EV certs. But leave it turned off for the automated
 // testing.
 #define ALLOW_EXTERNAL_ACCESS 0
 
 #if ALLOW_EXTERNAL_ACCESS && defined(OS_WIN)
 #define TEST_EV 1  // Test CERT_STATUS_IS_EV
 #endif
@@ skipping 1092 matching lines @@
   scoped_refptr<X509Certificate> cert =
       X509Certificate::CreateSelfSigned(
           private_key.get(), "CN=subject", 0, base::TimeDelta::FromDays(1));
 
   std::string der_cert;
   EXPECT_TRUE(cert->GetDEREncoded(&der_cert));
   EXPECT_FALSE(der_cert.empty());
 }
 #endif
 
-#if defined(USE_NSS)
-// This test creates an origin-bound cert from a private key and
-// then verifies the content of the certificate.
-TEST(X509CertificateTest, CreateOriginBound) {
-  // Origin Bound Cert OID.
-  static const char oid_string[] = "1.3.6.1.4.1.11129.2.1.6";
-
-  // Create a sample ASCII weborigin.
-  std::string origin = "http://weborigin.com:443";
-
-  // Create object neccissary for extension lookup call.
-  SECItem extension_object = {
-    siAsciiString,
-    (unsigned char*)origin.data(),
-    origin.size()
-  };
-
-  scoped_ptr<crypto::RSAPrivateKey> private_key(
-      crypto::RSAPrivateKey::Create(1024));
-  scoped_refptr<X509Certificate> cert =
-      X509Certificate::CreateOriginBound(private_key.get(),
-                                         origin, 1,
-                                         base::TimeDelta::FromDays(1));
-
-  EXPECT_EQ("anonymous.invalid", cert->subject().GetDisplayName());
-  EXPECT_FALSE(cert->HasExpired());
-
-  // IA5Encode and arena allocate SECItem.
-  PLArenaPool* arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-  SECItem* expected = SEC_ASN1EncodeItem(arena,
-                                         NULL,
-                                         &extension_object,
-                                         SEC_ASN1_GET(SEC_IA5StringTemplate));
-
-  ASSERT_NE(static_cast<SECItem*>(NULL), expected);
-
-  // Create OID SECItem.
-  SECItem ob_cert_oid = { siDEROID, NULL, 0 };
-  SECStatus ok = SEC_StringToOID(arena, &ob_cert_oid,
-                                 oid_string, NULL);
-
-  ASSERT_EQ(SECSuccess, ok);
-
-  SECOidTag ob_cert_oid_tag = SECOID_FindOIDTag(&ob_cert_oid);
-
-  ASSERT_NE(SEC_OID_UNKNOWN, ob_cert_oid_tag);
-
-  // Lookup Origin Bound Cert extension in generated cert.
-  SECItem actual = { siBuffer, NULL, 0 };
-  ok = CERT_FindCertExtension(cert->os_cert_handle(),
-                              ob_cert_oid_tag,
-                              &actual);
-  ASSERT_EQ(SECSuccess, ok);
-
-  // Compare expected and actual extension values.
-  PRBool result = SECITEM_ItemsAreEqual(expected, &actual);
-  ASSERT_TRUE(result);
-
-  // Do Cleanup.
-  SECITEM_FreeItem(&actual, PR_FALSE);
-  PORT_FreeArena(arena, PR_FALSE);
-}
-#else  // defined(USE_NSS)
-// On other platforms, X509Certificate::CreateOriginBound() is not implemented
-// and should return NULL.  This unit test ensures that a stub implementation
-// is present.
-TEST(X509CertificateTest, CreateOriginBoundNotImplemented) {
-  std::string origin = "http://weborigin.com:443";
-  scoped_ptr<crypto::RSAPrivateKey> private_key(
-      crypto::RSAPrivateKey::Create(1024));
-  scoped_refptr<X509Certificate> cert =
-      X509Certificate::CreateOriginBound(private_key.get(),
-                                         origin, 2,
-                                         base::TimeDelta::FromDays(1));
-  EXPECT_FALSE(cert);
-}
-#endif  // defined(USE_NSS)
-
 class X509CertificateParseTest
     : public testing::TestWithParam<CertificateFormatTestData> {
  public:
   virtual ~X509CertificateParseTest() {}
   virtual void SetUp() {
     test_data_ = GetParam();
   }
   virtual void TearDown() {}
 
  protected:
@@ skipping 228 matching lines @@
   }
 
   EXPECT_EQ(test_data.expected, X509Certificate::VerifyHostname(
       test_data.hostname, common_name, dns_names, ip_addressses));
 }
 
 INSTANTIATE_TEST_CASE_P(, X509CertificateNameVerifyTest,
                         testing::ValuesIn(kNameVerifyTestData));
 
 }  // namespace net