Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(123)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/base/x509_util_nss_unittest.cc

Issue 8296014: Use NSS to generate Origin-Bound Certs on Win and Mac. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: review changes Created 9 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« net/base/net_error_list.h ('K') | « net/base/x509_util_nss.cc ('k') | net/base/x509_util_openssl.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/base/x509_util_nss_unittest.cc
diff --git a/net/base/x509_util_nss_unittest.cc b/net/base/x509_util_nss_unittest.cc
new file mode 100644
index 0000000000000000000000000000000000000000..79146b67ba87ad4aa8f4869a8757b1ee03f59f6c
--- /dev/null
+++ b/net/base/x509_util_nss_unittest.cc
@@ -0,0 +1,106 @@
+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "net/base/x509_util.h"
+#include "net/base/x509_util_nss.h"
+
+#include <cert.h>
+#include <secoid.h>
+
+#include "base/memory/scoped_ptr.h"
+#include "base/memory/ref_counted.h"
+#include "crypto/rsa_private_key.h"
+#include "net/base/x509_certificate.h"
+#include "testing/gtest/include/gtest/gtest.h"
+
+namespace {
+
+CERTCertificate* CreateNSSCertHandleFromBytes(const char* data, size_t length) {
+ SECItem der_cert;
+ der_cert.data = reinterpret_cast<unsigned char*>(const_cast<char*>(data));
+ der_cert.len = length;
+ der_cert.type = siDERCertBuffer;
+
+ // Parse into a certificate structure.
+ return CERT_NewTempCertificate(CERT_GetDefaultCertDB(), &der_cert, NULL,
+ PR_FALSE, PR_TRUE);
+}
+
+} // namespace
+
+namespace net {
+
+// This test creates an origin-bound cert from a private key and
+// then verifies the content of the certificate.
+TEST(X509UtilNSSTest, CreateOriginBoundCert) {
+ // Origin Bound Cert OID.
+ static const char oid_string[] = "1.3.6.1.4.1.11129.2.1.6";
+
+ // Create a sample ASCII weborigin.
+ std::string origin = "http://weborigin.com:443";
+
+ // Create object neccessary for extension lookup call.
+ SECItem extension_object = {
+ siAsciiString,
+ (unsigned char*)origin.data(),
+ origin.size()
+ };
+
+ scoped_ptr<crypto::RSAPrivateKey> private_key(
+ crypto::RSAPrivateKey::Create(1024));
+ std::string der_cert;
+ ASSERT_TRUE(x509_util::CreateOriginBoundCert(private_key.get(),
+ origin, 1,
+ base::TimeDelta::FromDays(1),
+ &der_cert));
+
+ scoped_refptr<X509Certificate> cert = X509Certificate::CreateFromBytes(
+ der_cert.data(), der_cert.size());
+
+ EXPECT_EQ("anonymous.invalid", cert->subject().GetDisplayName());
+ EXPECT_FALSE(cert->HasExpired());
+
+ // IA5Encode and arena allocate SECItem.
+ PLArenaPool* arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+ SECItem* expected = SEC_ASN1EncodeItem(arena,
+ NULL,
+ &extension_object,
+ SEC_ASN1_GET(SEC_IA5StringTemplate));
+
+ ASSERT_NE(static_cast<SECItem*>(NULL), expected);
+
+ // Create OID SECItem.
+ SECItem ob_cert_oid = { siDEROID, NULL, 0 };
+ SECStatus ok = SEC_StringToOID(arena, &ob_cert_oid,
+ oid_string, 0);
+
+ ASSERT_EQ(SECSuccess, ok);
+
+ SECOidTag ob_cert_oid_tag = SECOID_FindOIDTag(&ob_cert_oid);
+
+ ASSERT_NE(SEC_OID_UNKNOWN, ob_cert_oid_tag);
+
+ // This test is run on Mac and Win where X509Certificate::os_cert_handle isn't
+ // an NSS type, so we have to manually create a NSS certificate object so we
+ // can use CERT_FindCertExtension.
+ CERTCertificate* nss_cert = CreateNSSCertHandleFromBytes(
+ der_cert.data(), der_cert.size());
+ // Lookup Origin Bound Cert extension in generated cert.
+ SECItem actual = { siBuffer, NULL, 0 };
+ ok = CERT_FindCertExtension(nss_cert,
+ ob_cert_oid_tag,
+ &actual);
+ CERT_DestroyCertificate(nss_cert);
+ ASSERT_EQ(SECSuccess, ok);
+
+ // Compare expected and actual extension values.
+ PRBool result = SECITEM_ItemsAreEqual(expected, &actual);
+ ASSERT_TRUE(result);
+
+ // Do Cleanup.
+ SECITEM_FreeItem(&actual, PR_FALSE);
+ PORT_FreeArena(arena, PR_FALSE);
+}
+
+} // namespace net
« net/base/net_error_list.h ('K') | « net/base/x509_util_nss.cc ('k') | net/base/x509_util_openssl.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698