net/base/x509_certificate_unittest.cc - Issue 8296014: Use NSS to generate Origin-Bound Certs on Win and Mac.

Side by Side Diff: net/base/x509_certificate_unittest.cc

Issue 8296014: Use NSS to generate Origin-Bound Certs on Win and Mac. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: review changes Created 9 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "base/file_path.h"	5 #include "base/file_path.h"

6 #include "base/file_util.h"	6 #include "base/file_util.h"

7 #include "base/path_service.h"	7 #include "base/path_service.h"

8 #include "base/pickle.h"	8 #include "base/pickle.h"

9 #include "base/sha1.h"	9 #include "base/sha1.h"

10 #include "base/string_number_conversions.h"	10 #include "base/string_number_conversions.h"

11 #include "base/string_split.h"	11 #include "base/string_split.h"

12 #include "crypto/rsa_private_key.h"	12 #include "crypto/rsa_private_key.h"

13 #include "net/base/asn1_util.h"	13 #include "net/base/asn1_util.h"

14 #include "net/base/cert_status_flags.h"	14 #include "net/base/cert_status_flags.h"

15 #include "net/base/cert_test_util.h"	15 #include "net/base/cert_test_util.h"

16 #include "net/base/cert_verify_result.h"	16 #include "net/base/cert_verify_result.h"

17 #include "net/base/net_errors.h"	17 #include "net/base/net_errors.h"

18 #include "net/base/test_certificate_data.h"	18 #include "net/base/test_certificate_data.h"

19 #include "net/base/test_root_certs.h"	19 #include "net/base/test_root_certs.h"

20 #include "net/base/x509_certificate.h"	20 #include "net/base/x509_certificate.h"

21 #include "testing/gtest/include/gtest/gtest.h"	21 #include "testing/gtest/include/gtest/gtest.h"

22	22

23 #if defined(USE_NSS)	23 #if defined(USE_NSS)

24 #include <cert.h>	24 #include <cert.h>

25 #include <secoid.h>

26 #endif	25 #endif

27	26

28 // Unit tests aren't allowed to access external resources. Unfortunately, to	27 // Unit tests aren't allowed to access external resources. Unfortunately, to

29 // properly verify the EV-ness of a cert, we need to check for its revocation	28 // properly verify the EV-ness of a cert, we need to check for its revocation

30 // through online servers. If you're manually running unit tests, feel free to	29 // through online servers. If you're manually running unit tests, feel free to

31 // turn this on to test EV certs. But leave it turned off for the automated	30 // turn this on to test EV certs. But leave it turned off for the automated

32 // testing.	31 // testing.

33 #define ALLOW_EXTERNAL_ACCESS 0	32 #define ALLOW_EXTERNAL_ACCESS 0

34	33

35 #if ALLOW_EXTERNAL_ACCESS && defined(OS_WIN)	34 #if ALLOW_EXTERNAL_ACCESS && defined(OS_WIN)

(...skipping 1135 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1171 scoped_refptr<X509Certificate> cert =	1170 scoped_refptr<X509Certificate> cert =

1172 X509Certificate::CreateSelfSigned(	1171 X509Certificate::CreateSelfSigned(

1173 private_key.get(), "CN=subject", 0, base::TimeDelta::FromDays(1));	1172 private_key.get(), "CN=subject", 0, base::TimeDelta::FromDays(1));

1174	1173

1175 std::string der_cert;	1174 std::string der_cert;

1176 EXPECT_TRUE(cert->GetDEREncoded(&der_cert));	1175 EXPECT_TRUE(cert->GetDEREncoded(&der_cert));

1177 EXPECT_FALSE(der_cert.empty());	1176 EXPECT_FALSE(der_cert.empty());

1178 }	1177 }

1179 #endif	1178 #endif

1180	1179

1181 #if defined(USE_NSS)

1182 // This test creates an origin-bound cert from a private key and

1183 // then verifies the content of the certificate.

1184 TEST(X509CertificateTest, CreateOriginBound) {

1185 // Origin Bound Cert OID.

1186 static const char oid_string[] = "1.3.6.1.4.1.11129.2.1.6";

1187

1188 // Create a sample ASCII weborigin.

1189 std::string origin = "http://weborigin.com:443";

1190

1191 // Create object neccissary for extension lookup call.

1192 SECItem extension_object = {

1193 siAsciiString,

1194 (unsigned char*)origin.data(),

1195 origin.size()

1196 };

1197

1198 scoped_ptr<crypto::RSAPrivateKey> private_key(

1199 crypto::RSAPrivateKey::Create(1024));

1200 scoped_refptr<X509Certificate> cert =

1201 X509Certificate::CreateOriginBound(private_key.get(),

1202 origin, 1,

1203 base::TimeDelta::FromDays(1));

1204

1205 EXPECT_EQ("anonymous.invalid", cert->subject().GetDisplayName());

1206 EXPECT_FALSE(cert->HasExpired());

1207

1208 // IA5Encode and arena allocate SECItem.

1209 PLArenaPool* arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);

1210 SECItem* expected = SEC_ASN1EncodeItem(arena,

1211 NULL,

1212 &extension_object,

1213 SEC_ASN1_GET(SEC_IA5StringTemplate));

1214

1215 ASSERT_NE(static_cast<SECItem*>(NULL), expected);

1216

1217 // Create OID SECItem.

1218 SECItem ob_cert_oid = { siDEROID, NULL, 0 };

1219 SECStatus ok = SEC_StringToOID(arena, &ob_cert_oid,

1220 oid_string, 0);

1221

1222 ASSERT_EQ(SECSuccess, ok);

1223

1224 SECOidTag ob_cert_oid_tag = SECOID_FindOIDTag(&ob_cert_oid);

1225

1226 ASSERT_NE(SEC_OID_UNKNOWN, ob_cert_oid_tag);

1227

1228 // Lookup Origin Bound Cert extension in generated cert.

1229 SECItem actual = { siBuffer, NULL, 0 };

1230 ok = CERT_FindCertExtension(cert->os_cert_handle(),

1231 ob_cert_oid_tag,

1232 &actual);

1233 ASSERT_EQ(SECSuccess, ok);

1234

1235 // Compare expected and actual extension values.

1236 PRBool result = SECITEM_ItemsAreEqual(expected, &actual);

1237 ASSERT_TRUE(result);

1238

1239 // Do Cleanup.

1240 SECITEM_FreeItem(&actual, PR_FALSE);

1241 PORT_FreeArena(arena, PR_FALSE);

1242 }

1243 #else // defined(USE_NSS)

1244 // On other platforms, X509Certificate::CreateOriginBound() is not implemented

1245 // and should return NULL. This unit test ensures that a stub implementation

1246 // is present.

1247 TEST(X509CertificateTest, CreateOriginBoundNotImplemented) {

1248 std::string origin = "http://weborigin.com:443";

1249 scoped_ptr<crypto::RSAPrivateKey> private_key(

1250 crypto::RSAPrivateKey::Create(1024));

1251 scoped_refptr<X509Certificate> cert =

1252 X509Certificate::CreateOriginBound(private_key.get(),

1253 origin, 2,

1254 base::TimeDelta::FromDays(1));

1255 EXPECT_FALSE(cert);

1256 }

1257 #endif // defined(USE_NSS)

1258

1259 class X509CertificateParseTest	1180 class X509CertificateParseTest

1260 : public testing::TestWithParam<CertificateFormatTestData> {	1181 : public testing::TestWithParam<CertificateFormatTestData> {

1261 public:	1182 public:

1262 virtual ~X509CertificateParseTest() {}	1183 virtual ~X509CertificateParseTest() {}

1263 virtual void SetUp() {	1184 virtual void SetUp() {

1264 test_data_ = GetParam();	1185 test_data_ = GetParam();

1265 }	1186 }

1266 virtual void TearDown() {}	1187 virtual void TearDown() {}

1267	1188

1268 protected:	1189 protected:

(...skipping 246 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1515 }	1436 }

1516	1437

1517 EXPECT_EQ(test_data.expected, X509Certificate::VerifyHostname(	1438 EXPECT_EQ(test_data.expected, X509Certificate::VerifyHostname(

1518 test_data.hostname, common_name, dns_names, ip_addressses));	1439 test_data.hostname, common_name, dns_names, ip_addressses));

1519 }	1440 }

1520	1441

1521 INSTANTIATE_TEST_CASE_P(, X509CertificateNameVerifyTest,	1442 INSTANTIATE_TEST_CASE_P(, X509CertificateNameVerifyTest,

1522 testing::ValuesIn(kNameVerifyTestData));	1443 testing::ValuesIn(kNameVerifyTestData));

1523	1444

1524 } // namespace net	1445 } // namespace net

OLD	NEW

« net/base/net_error_list.h ('K') | « net/base/x509_certificate_openssl.cc ('k') | net/base/x509_certificate_win.cc » ('j') | no next file with comments »