Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(163)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/common/experiments/api_key_unittest.cc

Issue 1522813002: Add public key and signature verification to browser-side API keys (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@keys
Patch Set: Addressing comments from PS#13 Created 4 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « content/common/experiments/api_key.cc ('k') | content/content_common.gypi » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/common/experiments/api_key_unittest.cc
diff --git a/content/common/experiments/api_key_unittest.cc b/content/common/experiments/api_key_unittest.cc
index 697456d3bf8cb807848ad7591713a1c036e130cf..a70ffcc92cf710e5d062295ddb6105c0cb21fee0 100644
--- a/content/common/experiments/api_key_unittest.cc
+++ b/content/common/experiments/api_key_unittest.cc
@@ -15,10 +15,28 @@ namespace content {
namespace {
-const char* kSampleAPIKey =
- "Signature|https://valid.example.com|Frobulate|1458766277";
+// This is a sample public key for testing the API. The corresponding private
+// key (use this to generate new samples for this test file) is:
+//
+// 0x83, 0x67, 0xf4, 0xcd, 0x2a, 0x1f, 0x0e, 0x04, 0x0d, 0x43, 0x13,
+// 0x4c, 0x67, 0xc4, 0xf4, 0x28, 0xc9, 0x90, 0x15, 0x02, 0xe2, 0xba,
+// 0xfd, 0xbb, 0xfa, 0xbc, 0x92, 0x76, 0x8a, 0x2c, 0x4b, 0xc7, 0x75,
+// 0x10, 0xac, 0xf9, 0x3a, 0x1c, 0xb8, 0xa9, 0x28, 0x70, 0xd2, 0x9a,
+// 0xd0, 0x0b, 0x59, 0xe1, 0xac, 0x2b, 0xb7, 0xd5, 0xca, 0x1f, 0x64,
+// 0x90, 0x08, 0x8e, 0xa8, 0xe0, 0x56, 0x3a, 0x04, 0xd0
+const uint8_t kTestPublicKey[] = {
+ 0x75, 0x10, 0xac, 0xf9, 0x3a, 0x1c, 0xb8, 0xa9, 0x28, 0x70, 0xd2,
+ 0x9a, 0xd0, 0x0b, 0x59, 0xe1, 0xac, 0x2b, 0xb7, 0xd5, 0xca, 0x1f,
+ 0x64, 0x90, 0x08, 0x8e, 0xa8, 0xe0, 0x56, 0x3a, 0x04, 0xd0,
+};
-const char* kExpectedAPIKeySignature = "Signature";
+// This is a good key, signed with the above test private key.
+const char* kSampleAPIKey =
+ "UsEO0cNxoUtBnHDJdGPWTlXuLENjXcEIPL7Bs7sbvicPCcvAtyqhQuTJ9h/u1R3VZpWigtI+S"
+ "dUwk7Dyk/qbDw==|https://valid.example.com|Frobulate|1458766277";
+const char* kExpectedAPIKeySignature =
+ "UsEO0cNxoUtBnHDJdGPWTlXuLENjXcEIPL7Bs7sbvicPCcvAtyqhQuTJ9h/u1R3VZpWigtI+S"
+ "dUwk7Dyk/qbDw==";
const char* kExpectedAPIKeyData =
"https://valid.example.com|Frobulate|1458766277";
const char* kExpectedAPIName = "Frobulate";
@@ -36,6 +54,11 @@ double kValidTimestamp = 1458766276.0;
// The key should be invalid if the current time is kInvalidTimestamp or later.
double kInvalidTimestamp = 1458766278.0;
+// Well-formed API key with an invalid signature.
+const char* kInvalidSignatureAPIKey =
+ "CO8hDne98QeFeOJ0DbRZCBN3uE0nyaPgaLlkYhSWnbRoDfEAg+TXELaYfQPfEvKYFauBg/hnx"
+ "mba765hz0mXMc==|https://valid.example.com|Frobulate|1458766277";
+
// Various ill-formed API keys. These should all fail to parse.
const char* kInvalidAPIKeys[] = {
// Invalid - only one part
@@ -62,6 +85,12 @@ const size_t kNumInvalidAPIKeys = arraysize(kInvalidAPIKeys);
} // namespace
class ApiKeyTest : public testing::Test {
+ public:
+ ApiKeyTest()
+ : public_key_(
+ base::StringPiece(reinterpret_cast<const char*>(kTestPublicKey),
+ arraysize(kTestPublicKey))) {}
+
protected:
bool ValidateOrigin(ApiKey* api_key, const char* origin) {
return api_key->ValidateOrigin(origin);
@@ -74,6 +103,15 @@ class ApiKeyTest : public testing::Test {
bool ValidateDate(ApiKey* api_key, const base::Time& now) {
return api_key->ValidateDate(now);
}
+
+ bool ValidateSignature(ApiKey* api_key, const base::StringPiece& public_key) {
+ return api_key->ValidateSignature(public_key);
+ }
+
+ const base::StringPiece& public_key() { return public_key_; };
+
+ private:
+ base::StringPiece public_key_;
};
TEST_F(ApiKeyTest, ParseEmptyString) {
@@ -126,4 +164,28 @@ TEST_F(ApiKeyTest, KeyIsAppropriateForOriginAndAPI) {
EXPECT_FALSE(key->IsAppropriate(kExpectedOrigin, kInvalidAPIName));
}
+TEST_F(ApiKeyTest, ValidateValidSignature) {
+ scoped_ptr<ApiKey> key = ApiKey::Parse(kSampleAPIKey);
+ ASSERT_TRUE(key);
+ EXPECT_TRUE(ValidateSignature(key.get(), public_key()));
+}
+
+TEST_F(ApiKeyTest, ValidateInvalidSignature) {
+ scoped_ptr<ApiKey> key = ApiKey::Parse(kInvalidSignatureAPIKey);
+ ASSERT_TRUE(key);
+ EXPECT_FALSE(ValidateSignature(key.get(), public_key()));
+}
+
+TEST_F(ApiKeyTest, ValidateSignatureOnWrongKey) {
+ scoped_ptr<ApiKey> key = ApiKey::Parse(kSampleAPIKey);
+ ASSERT_TRUE(key);
+ // Signature will be invalid if tested against the real public key
+ EXPECT_FALSE(key->IsValid(base::Time::FromDoubleT(kValidTimestamp)));
+}
+
+TEST_F(ApiKeyTest, ValidateWhenNotExpired) {
+ scoped_ptr<ApiKey> key = ApiKey::Parse(kSampleAPIKey);
+ ASSERT_TRUE(key);
+}
+
} // namespace content
« no previous file with comments | « content/common/experiments/api_key.cc ('k') | content/content_common.gypi » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698