OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/base/x509_util.h" | 5 #include "net/base/x509_util.h" |
6 #include "net/base/x509_util_nss.h" | 6 #include "net/base/x509_util_nss.h" |
7 | 7 |
8 #include <cert.h> | 8 #include <cert.h> |
9 #include <secoid.h> | 9 #include <secoid.h> |
10 | 10 |
(...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
67 der_spki.size()); | 67 der_spki.size()); |
68 | 68 |
69 ASSERT_TRUE(ok); | 69 ASSERT_TRUE(ok); |
70 verifier.VerifyUpdate(sd.data.data, | 70 verifier.VerifyUpdate(sd.data.data, |
71 sd.data.len); | 71 sd.data.len); |
72 | 72 |
73 ok = verifier.VerifyFinal(); | 73 ok = verifier.VerifyFinal(); |
74 EXPECT_TRUE(ok); | 74 EXPECT_TRUE(ok); |
75 } | 75 } |
76 | 76 |
77 void VerifyOriginBoundCert(const std::string& origin, | 77 void VerifyServerBoundCert(const std::string& server, |
wtc
2012/03/15 23:46:38
I believe in this file we should be referring to d
mattm
2012/03/16 22:22:00
Done.
| |
78 const std::string& der_cert) { | 78 const std::string& der_cert) { |
79 // Origin Bound Cert OID. | 79 // Origin Bound Cert OID. |
80 static const char oid_string[] = "1.3.6.1.4.1.11129.2.1.6"; | 80 static const char oid_string[] = "1.3.6.1.4.1.11129.2.1.6"; |
81 | 81 |
82 // Create object neccessary for extension lookup call. | 82 // Create object neccessary for extension lookup call. |
83 SECItem extension_object = { | 83 SECItem extension_object = { |
84 siAsciiString, | 84 siAsciiString, |
85 (unsigned char*)origin.data(), | 85 (unsigned char*)server.data(), |
86 origin.size() | 86 server.size() |
87 }; | 87 }; |
88 | 88 |
89 // IA5Encode and arena allocate SECItem. | 89 // IA5Encode and arena allocate SECItem. |
90 PLArenaPool* arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); | 90 PLArenaPool* arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); |
91 SECItem* expected = SEC_ASN1EncodeItem(arena, | 91 SECItem* expected = SEC_ASN1EncodeItem(arena, |
92 NULL, | 92 NULL, |
93 &extension_object, | 93 &extension_object, |
94 SEC_ASN1_GET(SEC_IA5StringTemplate)); | 94 SEC_ASN1_GET(SEC_IA5StringTemplate)); |
95 | 95 |
96 ASSERT_NE(static_cast<SECItem*>(NULL), expected); | 96 ASSERT_NE(static_cast<SECItem*>(NULL), expected); |
(...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
132 PRBool result = SECITEM_ItemsAreEqual(expected, &actual); | 132 PRBool result = SECITEM_ItemsAreEqual(expected, &actual); |
133 ASSERT_TRUE(result); | 133 ASSERT_TRUE(result); |
134 | 134 |
135 // Do Cleanup. | 135 // Do Cleanup. |
136 SECITEM_FreeItem(&actual, PR_FALSE); | 136 SECITEM_FreeItem(&actual, PR_FALSE); |
137 PORT_FreeArena(arena, PR_FALSE); | 137 PORT_FreeArena(arena, PR_FALSE); |
138 } | 138 } |
139 | 139 |
140 } // namespace | 140 } // namespace |
141 | 141 |
142 // This test creates an origin-bound cert from an EC private key and | 142 // This test creates a server-bound cert from an EC private key and |
143 // then verifies the content of the certificate. | 143 // then verifies the content of the certificate. |
144 TEST(X509UtilNSSTest, CreateOriginBoundCertEC) { | 144 TEST(X509UtilNSSTest, CreateServerBoundCertEC) { |
145 // Create a sample ASCII weborigin. | 145 // Create a sample ASCII weborigin. |
146 std::string origin = "http://weborigin.com:443"; | 146 std::string server = "http://weborigin.com:443"; |
147 base::Time now = base::Time::Now(); | 147 base::Time now = base::Time::Now(); |
148 | 148 |
149 scoped_ptr<crypto::ECPrivateKey> private_key( | 149 scoped_ptr<crypto::ECPrivateKey> private_key( |
150 crypto::ECPrivateKey::Create()); | 150 crypto::ECPrivateKey::Create()); |
151 std::string der_cert; | 151 std::string der_cert; |
152 ASSERT_TRUE(x509_util::CreateOriginBoundCertEC( | 152 ASSERT_TRUE(x509_util::CreateServerBoundCertEC( |
153 private_key.get(), | 153 private_key.get(), |
154 origin, 1, | 154 server, 1, |
155 now, | 155 now, |
156 now + base::TimeDelta::FromDays(1), | 156 now + base::TimeDelta::FromDays(1), |
157 &der_cert)); | 157 &der_cert)); |
158 | 158 |
159 VerifyOriginBoundCert(origin, der_cert); | 159 VerifyServerBoundCert(server, der_cert); |
160 | 160 |
161 #if !defined(OS_WIN) && !defined(OS_MACOSX) | 161 #if !defined(OS_WIN) && !defined(OS_MACOSX) |
162 // signature_verifier_win and signature_verifier_mac can't handle EC certs. | 162 // signature_verifier_win and signature_verifier_mac can't handle EC certs. |
163 std::vector<uint8> spki; | 163 std::vector<uint8> spki; |
164 ASSERT_TRUE(private_key->ExportPublicKey(&spki)); | 164 ASSERT_TRUE(private_key->ExportPublicKey(&spki)); |
165 VerifyCertificateSignature(der_cert, spki); | 165 VerifyCertificateSignature(der_cert, spki); |
166 #endif | 166 #endif |
167 } | 167 } |
168 | 168 |
169 } // namespace net | 169 } // namespace net |
OLD | NEW |