net/base/x509_util_nss_unittest.cc - Issue 8296014: Use NSS to generate Origin-Bound Certs on Win and Mac.

Side by Side Diff: net/base/x509_util_nss_unittest.cc

Issue 8296014: Use NSS to generate Origin-Bound Certs on Win and Mac. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: address other points of original review too Created 9 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
(Empty)
	1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #include "base/memory/scoped_ptr.h"

	6 #include "base/memory/ref_counted.h"

	7 #include "crypto/rsa_private_key.h"

	8 #include "net/base/x509_certificate.h"

	9 #include "net/base/x509_util.h"

	10 #include "net/base/x509_util_nss.h"

	11 #include "testing/gtest/include/gtest/gtest.h"

	12

	13 #include <cert.h>

	14 #include <secoid.h>
	wtc 2011/10/17 19:09:27 List the headers in this order: #include "net/bas List the headers in this order: #include "net/base/x509_util.h" #include "net/base/x509_util_nss.h" #include <cert.h> #include <secoid.h> #include "base/memory/scoped_ptr.h" #include "base/memory/ref_counted.h" #include "crypto/rsa_private_key.h" #include "net/base/x509_certificate.h" #include "testing/gtest/include/gtest/gtest.h" mattm 2011/10/17 22:54:19 Done. Show quoted text On 2011/10/17 19:09:27, wtc wrote: > > List the headers in this order: > > #include "net/base/x509_util.h" > #include "net/base/x509_util_nss.h" > > #include <cert.h> > #include <secoid.h> > > #include "base/memory/scoped_ptr.h" > > #include "base/memory/ref_counted.h" > #include "crypto/rsa_private_key.h" > #include "net/base/x509_certificate.h" > #include "testing/gtest/include/gtest/gtest.h" Done.
	15

	16 namespace {

	17

	18 CERTCertificate* CreateNSSCertHandleFromBytes(

	19 const char* data, int length) {
	wtc 2011/10/17 19:09:27 Nit: format this as follows: CERTCertificate* Cre Nit: format this as follows: CERTCertificate* CreateNSSCertHandleFromBytes(const char* data, int length) { \|length\| should ideally be size_t or unsigned int. mattm 2011/10/17 22:54:19 Done (actually it all fit on one line). Show quoted text On 2011/10/17 19:09:27, wtc wrote: > > Nit: format this as follows: > > CERTCertificate* CreateNSSCertHandleFromBytes(const char* data, > int length) { > > \|length\| should ideally be size_t or unsigned int. Done (actually it all fit on one line).
	20 SECItem der_cert;

	21 der_cert.data = reinterpret_cast<unsigned char>(const_cast<char>(data));

	22 der_cert.len = length;

	23 der_cert.type = siDERCertBuffer;

	24

	25 // Parse into a certificate structure.

	26 return CERT_NewTempCertificate(CERT_GetDefaultCertDB(), &der_cert, NULL,

	27 PR_FALSE, PR_TRUE);

	28 }

	29

	30 } // namespace

	31

	32 namespace net {

	33

	34 // This test creates an origin-bound cert from a private key and

	35 // then verifies the content of the certificate.

	36 TEST(X509UtilNSSTest, CreateOriginBoundCert) {

	37 // Origin Bound Cert OID.

	38 static const char oid_string[] = "1.3.6.1.4.1.11129.2.1.6";

	39

	40 // Create a sample ASCII weborigin.

	41 std::string origin = "http://weborigin.com:443";

	42

	43 // Create object neccessary for extension lookup call.

	44 SECItem extension_object = {

	45 siAsciiString,

	46 (unsigned char*)origin.data(),

	47 origin.size()

	48 };

	49

	50 scoped_ptr<crypto::RSAPrivateKey> private_key(

	51 crypto::RSAPrivateKey::Create(1024));

	52 std::string der_cert;

	53 ASSERT_TRUE(x509_util::CreateOriginBoundCert(private_key.get(),

	54 origin, 1,

	55 base::TimeDelta::FromDays(1),

	56 &der_cert));

	57

	58 scoped_refptr<X509Certificate> cert = X509Certificate::CreateFromBytes(

	59 der_cert.data(), der_cert.size());

	60

	61 EXPECT_EQ("anonymous.invalid", cert->subject().GetDisplayName());

	62 EXPECT_FALSE(cert->HasExpired());

	63

	64 // IA5Encode and arena allocate SECItem.

	65 PLArenaPool* arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);

	66 SECItem* expected = SEC_ASN1EncodeItem(arena,

	67 NULL,

	68 &extension_object,

	69 SEC_ASN1_GET(SEC_IA5StringTemplate));

	70

	71 ASSERT_NE(static_cast<SECItem*>(NULL), expected);

	72

	73 // Create OID SECItem.

	74 SECItem ob_cert_oid = { siDEROID, NULL, 0 };

	75 SECStatus ok = SEC_StringToOID(arena, &ob_cert_oid,

	76 oid_string, 0);

	77

	78 ASSERT_EQ(SECSuccess, ok);

	79

	80 SECOidTag ob_cert_oid_tag = SECOID_FindOIDTag(&ob_cert_oid);

	81

	82 ASSERT_NE(SEC_OID_UNKNOWN, ob_cert_oid_tag);

	83

	84 // This test is run on Mac and Win where X509Certificate::os_cert_handle isn't

	85 // an NSS type, so we have to manually create a NSS certificate object so we

	86 // can use CERT_FindCertExtension.

	87 CERTCertificate* nss_cert = CreateNSSCertHandleFromBytes(

	88 der_cert.data(), der_cert.size());

	89 // Lookup Origin Bound Cert extension in generated cert.

	90 SECItem actual = { siBuffer, NULL, 0 };

	91 ok = CERT_FindCertExtension(nss_cert,

	92 ob_cert_oid_tag,

	93 &actual);

	94 CERT_DestroyCertificate(nss_cert);

	95 ASSERT_EQ(SECSuccess, ok);

	96

	97 // Compare expected and actual extension values.

	98 PRBool result = SECITEM_ItemsAreEqual(expected, &actual);

	99 ASSERT_TRUE(result);

	100

	101 // Do Cleanup.

	102 SECITEM_FreeItem(&actual, PR_FALSE);

	103 PORT_FreeArena(arena, PR_FALSE);

	104 }

	105

	106 } // namespace net

OLD	NEW

« net/base/x509_util_nss.cc ('K') | « net/base/x509_util_nss.cc ('k') | net/base/x509_util_openssl.cc » ('j') | net/base/x509_util_openssl.cc » ('J')