Add public key and signature verification to browser-side API keys

content/common/experiments/api_key_unittest.cc

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/common/experiments/api_key.h"
 
 #include "base/macros.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/strings/string_util.h"
 #include "base/test/simple_test_clock.h"
 #include "base/time/time.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
 namespace content {
 
 namespace {
 
+/*
+This is a sample public key for testing the API. The corresponding private
+key (use this to generate new samples for this test file) is
+
+    0x83, 0x67, 0xf4, 0xcd, 0x2a, 0x1f, 0x0e, 0x04, 0x0d, 0x43,
+    0x13, 0x4c, 0x67, 0xc4, 0xf4, 0x28, 0xc9, 0x90, 0x15, 0x02,
+    0xe2, 0xba, 0xfd, 0xbb, 0xfa, 0xbc, 0x92, 0x76, 0x8a, 0x2c,
+    0x4b, 0xc7, 0x75, 0x10, 0xac, 0xf9, 0x3a, 0x1c, 0xb8, 0xa9,
+    0x28, 0x70, 0xd2, 0x9a, 0xd0, 0x0b, 0x59, 0xe1, 0xac, 0x2b,
+    0xb7, 0xd5, 0xca, 0x1f, 0x64, 0x90, 0x08, 0x8e, 0xa8, 0xe0,
+    0x56, 0x3a, 0x04, 0xd0
+*/

[davidben, 2016/01/11 20:18:57]

Nit: I think // C++-style comments are more common.

[iclelland, 2016/01/12 14:52:49]

Switched. When this was a PEM-formatted RSA key, I wanted to make sure that
these lines could be cut-and-pasted into a text file by anyone. Now that it's
formatted this way, it doesn't matter so much.

+const uint8_t kTestPublicKey[] = {
+    0x75, 0x10, 0xac, 0xf9, 0x3a, 0x1c, 0xb8, 0xa9, 0x28, 0x70, 0xd2,
+    0x9a, 0xd0, 0x0b, 0x59, 0xe1, 0xac, 0x2b, 0xb7, 0xd5, 0xca, 0x1f,
+    0x64, 0x90, 0x08, 0x8e, 0xa8, 0xe0, 0x56, 0x3a, 0x04, 0xd0,
+};
+
+// This is a good key, signed with the above test private key.
 const char* kSampleAPIKey =
-    "Signature|https://valid.example.com|Frobulate|1458766277";
-
-const char* kExpectedAPIKeySignature = "Signature";
+    "UsEO0cNxoUtBnHDJdGPWTlXuLENjXcEIPL7Bs7sbvicPCcvAtyqhQuTJ9h/u1R3VZpWigtI+S"
+    "dUwk7Dyk/qbDw==|https://valid.example.com|Frobulate|1458766277";
+const char* kExpectedAPIKeySignature =
+    "UsEO0cNxoUtBnHDJdGPWTlXuLENjXcEIPL7Bs7sbvicPCcvAtyqhQuTJ9h/u1R3VZpWigtI+S"
+    "dUwk7Dyk/qbDw==";
 const char* kExpectedAPIKeyData =
     "https://valid.example.com|Frobulate|1458766277";
 const char* kExpectedAPIName = "Frobulate";
 const char* kExpectedOrigin = "https://valid.example.com";
 const uint64_t kExpectedExpiry = 1458766277;
 
 // The key should not be valid for this origin, or for this API.
 const char* kInvalidOrigin = "https://invalid.example.com";
 const char* kInsecureOrigin = "http://valid.example.com";
 const char* kInvalidAPIName = "Grokalyze";
 
 // The key should be valid if the current time is kValidTimestamp or earlier.
 double kValidTimestamp = 1458766276.0;
 
 // The key should be invalid if the current time is kInvalidTimestamp or later.
 double kInvalidTimestamp = 1458766278.0;
 
+// Well-formed API key with an invalid signature.
+const char* kInvalidSignatureAPIKey =
+    "CO8hDne98QeFeOJ0DbRZCBN3uE0nyaPgaLlkYhSWnbRoDfEAg+TXELaYfQPfEvKYFauBg/hnx"
+    "mba765hz0mXMc==|https://valid.example.com|Frobulate|1458766277";
+
 // Various ill-formed API keys. These should all fail to parse.
 const char* kInvalidAPIKeys[] = {
     // Invalid - only one part
     "abcde",
     // Not enough parts
     "https://valid.example.com|APIName|1458766277",
     // Delimiter in API Name
     "Signature|https://valid.example.com|API|Name|1458766277",
     // Extra string field
     "Signature|https://valid.example.com|APIName|1458766277|SomethingElse",
@@ skipping 18 matching lines @@
     return api_key->ValidateOrigin(origin);
   }
 
   bool ValidateApiName(ApiKey* api_key, const char* api_name) {
     return api_key->ValidateApiName(api_name);
   }
 
   bool ValidateDate(ApiKey* api_key, const base::Time& now) {
     return api_key->ValidateDate(now);
   }
+
+  bool ValidateSignature(ApiKey* api_key,
+                         const uint8_t* public_key) {
+    return api_key->ValidateSignature(public_key);
+  }
 };
 
 TEST_F(ApiKeyTest, ParseEmptyString) {
   scoped_ptr<ApiKey> empty_key = ApiKey::Parse("");
   EXPECT_FALSE(empty_key);
 }
 
 TEST_F(ApiKeyTest, ParseInvalidStrings) {
   for (size_t i = 0; i < kNumInvalidAPIKeys; ++i) {
     scoped_ptr<ApiKey> empty_key = ApiKey::Parse(kInvalidAPIKeys[i]);
@@ skipping 32 matching lines @@
   EXPECT_TRUE(key->IsAppropriate(kExpectedOrigin, kExpectedAPIName));
   EXPECT_TRUE(key->IsAppropriate(kExpectedOrigin,
                                  base::ToUpperASCII(kExpectedAPIName)));
   EXPECT_TRUE(key->IsAppropriate(kExpectedOrigin,
                                  base::ToLowerASCII(kExpectedAPIName)));
   EXPECT_FALSE(key->IsAppropriate(kInvalidOrigin, kExpectedAPIName));
   EXPECT_FALSE(key->IsAppropriate(kInsecureOrigin, kExpectedAPIName));
   EXPECT_FALSE(key->IsAppropriate(kExpectedOrigin, kInvalidAPIName));
 }
 
+TEST_F(ApiKeyTest, ValidateValidSignature) {
+  scoped_ptr<ApiKey> key = ApiKey::Parse(kSampleAPIKey);
+  ASSERT_TRUE(key);
+  EXPECT_TRUE(
+      ValidateSignature(key.get(), kTestPublicKey));
+}
+
+TEST_F(ApiKeyTest, ValidateInvalidSignature) {
+  scoped_ptr<ApiKey> key = ApiKey::Parse(kInvalidSignatureAPIKey);
+  ASSERT_TRUE(key);
+  EXPECT_FALSE(
+      ValidateSignature(key.get(), kTestPublicKey));
+}
+
+TEST_F(ApiKeyTest, ValidateSignatureOnWrongKey) {
+  scoped_ptr<ApiKey> key = ApiKey::Parse(kSampleAPIKey);
+  ASSERT_TRUE(key);
+  // Signature will be invalid if tested against the real public key
+  EXPECT_FALSE(key->IsValid(base::Time::FromDoubleT(kValidTimestamp)));
+}
+
+TEST_F(ApiKeyTest, ValidateWhenNotExpired) {
+  scoped_ptr<ApiKey> key = ApiKey::Parse(kSampleAPIKey);
+  ASSERT_TRUE(key);
+}
+
 }  // namespace content