Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(412)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/base/x509_util_nss_unittest.cc

Issue 9617039: Change Origin bound certs -> Domain bound certs. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: address review comments, remove dead code from spdy_http_stream_spdy2_unittest.cc Created 8 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« chrome/common/extensions/api/browsingData.json ('K') | « net/base/x509_util_nss.cc ('k') | net/base/x509_util_openssl.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/base/x509_util.h" 5 #include "net/base/x509_util.h"
6 #include "net/base/x509_util_nss.h" 6 #include "net/base/x509_util_nss.h"
7 7
8 #include <cert.h> 8 #include <cert.h>
9 #include <secoid.h> 9 #include <secoid.h>
10 10
(...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after
67 der_spki.size()); 67 der_spki.size());
68 68
69 ASSERT_TRUE(ok); 69 ASSERT_TRUE(ok);
70 verifier.VerifyUpdate(sd.data.data, 70 verifier.VerifyUpdate(sd.data.data,
71 sd.data.len); 71 sd.data.len);
72 72
73 ok = verifier.VerifyFinal(); 73 ok = verifier.VerifyFinal();
74 EXPECT_TRUE(ok); 74 EXPECT_TRUE(ok);
75 } 75 }
76 76
77 void VerifyOriginBoundCert(const std::string& origin, 77 void VerifyServerBoundCert(const std::string& domain,
wtc 2012/03/19 22:59:36 This function should be named VerifyDomainBoundCer
78 const std::string& der_cert) { 78 const std::string& der_cert) {
79 // Origin Bound Cert OID. 79 // Origin Bound Cert OID.
80 static const char oid_string[] = "1.3.6.1.4.1.11129.2.1.6"; 80 static const char oid_string[] = "1.3.6.1.4.1.11129.2.1.6";
81 81
82 // Create object neccessary for extension lookup call. 82 // Create object neccessary for extension lookup call.
83 SECItem extension_object = { 83 SECItem extension_object = {
84 siAsciiString, 84 siAsciiString,
85 (unsigned char*)origin.data(), 85 (unsigned char*)domain.data(),
86 origin.size() 86 domain.size()
87 }; 87 };
88 88
89 // IA5Encode and arena allocate SECItem. 89 // IA5Encode and arena allocate SECItem.
90 PLArenaPool* arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); 90 PLArenaPool* arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
91 SECItem* expected = SEC_ASN1EncodeItem(arena, 91 SECItem* expected = SEC_ASN1EncodeItem(arena,
92 NULL, 92 NULL,
93 &extension_object, 93 &extension_object,
94 SEC_ASN1_GET(SEC_IA5StringTemplate)); 94 SEC_ASN1_GET(SEC_IA5StringTemplate));
95 95
96 ASSERT_NE(static_cast<SECItem*>(NULL), expected); 96 ASSERT_NE(static_cast<SECItem*>(NULL), expected);
(...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after
132 PRBool result = SECITEM_ItemsAreEqual(expected, &actual); 132 PRBool result = SECITEM_ItemsAreEqual(expected, &actual);
133 ASSERT_TRUE(result); 133 ASSERT_TRUE(result);
134 134
135 // Do Cleanup. 135 // Do Cleanup.
136 SECITEM_FreeItem(&actual, PR_FALSE); 136 SECITEM_FreeItem(&actual, PR_FALSE);
137 PORT_FreeArena(arena, PR_FALSE); 137 PORT_FreeArena(arena, PR_FALSE);
138 } 138 }
139 139
140 } // namespace 140 } // namespace
141 141
142 // This test creates an origin-bound cert from an EC private key and 142 // This test creates a domain-bound cert from an EC private key and
143 // then verifies the content of the certificate. 143 // then verifies the content of the certificate.
144 TEST(X509UtilNSSTest, CreateOriginBoundCertEC) { 144 TEST(X509UtilNSSTest, CreateDomainBoundCertEC) {
145 // Create a sample ASCII weborigin. 145 // Create a sample ASCII weborigin.
146 std::string origin = "http://weborigin.com:443"; 146 std::string domain = "weborigin.com";
147 base::Time now = base::Time::Now(); 147 base::Time now = base::Time::Now();
148 148
149 scoped_ptr<crypto::ECPrivateKey> private_key( 149 scoped_ptr<crypto::ECPrivateKey> private_key(
150 crypto::ECPrivateKey::Create()); 150 crypto::ECPrivateKey::Create());
151 std::string der_cert; 151 std::string der_cert;
152 ASSERT_TRUE(x509_util::CreateOriginBoundCertEC( 152 ASSERT_TRUE(x509_util::CreateDomainBoundCertEC(
153 private_key.get(), 153 private_key.get(),
154 origin, 1, 154 domain, 1,
155 now, 155 now,
156 now + base::TimeDelta::FromDays(1), 156 now + base::TimeDelta::FromDays(1),
157 &der_cert)); 157 &der_cert));
158 158
159 VerifyOriginBoundCert(origin, der_cert); 159 VerifyServerBoundCert(domain, der_cert);
160 160
161 #if !defined(OS_WIN) && !defined(OS_MACOSX) 161 #if !defined(OS_WIN) && !defined(OS_MACOSX)
162 // signature_verifier_win and signature_verifier_mac can't handle EC certs. 162 // signature_verifier_win and signature_verifier_mac can't handle EC certs.
163 std::vector<uint8> spki; 163 std::vector<uint8> spki;
164 ASSERT_TRUE(private_key->ExportPublicKey(&spki)); 164 ASSERT_TRUE(private_key->ExportPublicKey(&spki));
165 VerifyCertificateSignature(der_cert, spki); 165 VerifyCertificateSignature(der_cert, spki);
166 #endif 166 #endif
167 } 167 }
168 168
169 } // namespace net 169 } // namespace net
OLDNEW
« chrome/common/extensions/api/browsingData.json ('K') | « net/base/x509_util_nss.cc ('k') | net/base/x509_util_openssl.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698