Chromium Code Reviews Chromium Code Reviews
Issue 16158005:
Adds CreateSelfSignedCertEC to x509_util.h in preparation of persistent DTLS identity store for Web… (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/x509_util.h" | 5 #include "net/cert/x509_util.h" |
| 6 #include "net/cert/x509_util_nss.h" | 6 #include "net/cert/x509_util_nss.h" |
| 7 | 7 |
| 8 #include <cert.h> | 8 #include <cert.h> |
| 9 #include <secoid.h> | 9 #include <secoid.h> |
| 10 | 10 |
| (...skipping 121 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 132 | 132 |
| 133 // Compare expected and actual extension values. | 133 // Compare expected and actual extension values. |
| 134 PRBool result = SECITEM_ItemsAreEqual(expected, &actual); | 134 PRBool result = SECITEM_ItemsAreEqual(expected, &actual); |
| 135 ASSERT_TRUE(result); | 135 ASSERT_TRUE(result); |
| 136 | 136 |
| 137 // Do Cleanup. | 137 // Do Cleanup. |
| 138 SECITEM_FreeItem(&actual, PR_FALSE); | 138 SECITEM_FreeItem(&actual, PR_FALSE); |
| 139 PORT_FreeArena(arena, PR_FALSE); | 139 PORT_FreeArena(arena, PR_FALSE); |
| 140 } | 140 } |
| 141 | 141 |
| 142 void VerifySelfSignedCert(const std::string& common_name, | |
| 143 const std::string& der_cert) { | |
| 144 // This test is run on Mac and Win where X509Certificate::os_cert_handle isn't | |
| 145 // an NSS type, so we have to manually create a NSS certificate object so we | |
| 146 // can use CERT_FindCertExtension. We also check the subject and validity | |
| 147 // times using NSS since X509Certificate will fail with EC certs on OSX 10.5 | |
| 148 // (http://crbug.com/101231). | |
| 149 CERTCertificate* nss_cert = CreateNSSCertHandleFromBytes( | |
| 150 der_cert.data(), der_cert.size()); | |
| 151 | |
| 152 char* actual = CERT_GetCommonName(&nss_cert->subject); | |
| 153 ASSERT_TRUE(actual); | |
| 154 EXPECT_STREQ(common_name.data(), actual); | |
| 155 PORT_Free(actual); | |
| 156 EXPECT_EQ(SECSuccess, CERT_CertTimesValid(nss_cert)); | |
| 157 | |
| 158 CERT_DestroyCertificate(nss_cert); | |
| 159 } | |
| 160 | |
| 142 } // namespace | 161 } // namespace |
| 143 | 162 |
| 144 // This test creates a domain-bound cert from an EC private key and | 163 // This test creates a domain-bound cert from an EC private key and |
| 145 // then verifies the content of the certificate. | 164 // then verifies the content of the certificate. |
| 146 TEST(X509UtilNSSTest, CreateDomainBoundCertEC) { | 165 TEST(X509UtilNSSTest, CreateDomainBoundCertEC) { |
| 147 // Create a sample ASCII weborigin. | 166 // Create a sample ASCII weborigin. |
| 148 std::string domain = "weborigin.com"; | 167 std::string domain = "weborigin.com"; |
| 149 base::Time now = base::Time::Now(); | 168 base::Time now = base::Time::Now(); |
| 150 | 169 |
| 151 scoped_ptr<crypto::ECPrivateKey> private_key( | 170 scoped_ptr<crypto::ECPrivateKey> private_key( |
| 152 crypto::ECPrivateKey::Create()); | 171 crypto::ECPrivateKey::Create()); |
| 153 std::string der_cert; | 172 std::string der_cert; |
| 154 ASSERT_TRUE(x509_util::CreateDomainBoundCertEC( | 173 ASSERT_TRUE(x509_util::CreateDomainBoundCertEC( |
| 155 private_key.get(), | 174 private_key.get(), |
| 156 domain, 1, | 175 domain, 1, |
| 157 now, | 176 now, |
| 158 now + base::TimeDelta::FromDays(1), | 177 now + base::TimeDelta::FromDays(1), |
| 159 &der_cert)); | 178 &der_cert)); |
| 160 | 179 |
| 161 VerifyDomainBoundCert(domain, der_cert); | 180 VerifyDomainBoundCert(domain, der_cert); |
| 162 | 181 |
| 163 #if !defined(OS_WIN) && !defined(OS_MACOSX) | 182 #if !defined(OS_WIN) && !defined(OS_MACOSX) |
| 164 // signature_verifier_win and signature_verifier_mac can't handle EC certs. | 183 // signature_verifier_win and signature_verifier_mac can't handle EC certs. |
| 165 std::vector<uint8> spki; | 184 std::vector<uint8> spki; |
| 166 ASSERT_TRUE(private_key->ExportPublicKey(&spki)); | 185 ASSERT_TRUE(private_key->ExportPublicKey(&spki)); |
| 167 VerifyCertificateSignature(der_cert, spki); | 186 VerifyCertificateSignature(der_cert, spki); |
| 168 #endif | 187 #endif |
| 169 } | 188 } |
| 170 | 189 |
| 190 // This test creates a self-signed cert from an EC private key pair and | |
| 191 // then verifies the content of the certificate. | |
| 192 TEST(X509UtilNSSTest, CreateSelfSignedertEC) { | |
| 193 // Create a sample ASCII weborigin. | |
|
Ryan Sleevi
2013/06/06 23:26:15
I find this comment very confusing. There's nothin
jiayl
2013/06/06 23:45:37
Done.
| |
| 194 std::string common_name = "webrtc"; | |
| 195 base::Time now = base::Time::Now(); | |
| 196 | |
| 197 scoped_ptr<crypto::ECPrivateKey> key(crypto::ECPrivateKey::Create()); | |
|
Ryan Sleevi
2013/06/06 23:26:15
ASSERT_TRUE(key);
Your test will explode otherwis
jiayl
2013/06/06 23:45:37
Done.
| |
| 198 std::string der_cert; | |
| 199 ASSERT_TRUE(x509_util::CreateSelfSignedCertEC( | |
| 200 key.get(), | |
| 201 "CN=" + common_name, 1, | |
| 202 now, | |
| 203 now + base::TimeDelta::FromDays(1), | |
| 204 &der_cert)); | |
| 205 | |
| 206 VerifySelfSignedCert(common_name, der_cert); | |
| 207 | |
| 208 #if !defined(OS_WIN) && !defined(OS_MACOSX) | |
| 209 // signature_verifier_win and signature_verifier_mac can't handle EC certs. | |
| 210 std::vector<uint8> spki; | |
| 211 ASSERT_TRUE(key->ExportPublicKey(&spki)); | |
| 212 VerifyCertificateSignature(der_cert, spki); | |
| 213 #endif | |
| 214 } | |
| 215 | |
| 171 } // namespace net | 216 } // namespace net |
| OLD | NEW |
