| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/x509_util.h" | 5 #include "net/cert/x509_util.h" |
| 6 #include "net/cert/x509_util_nss.h" | 6 #include "net/cert/x509_util_nss.h" |
| 7 | 7 |
| 8 #include <cert.h> | 8 #include <cert.h> |
| 9 #include <secoid.h> | 9 #include <secoid.h> |
| 10 | 10 |
| (...skipping 121 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 132 | 132 |
| 133 // Compare expected and actual extension values. | 133 // Compare expected and actual extension values. |
| 134 PRBool result = SECITEM_ItemsAreEqual(expected, &actual); | 134 PRBool result = SECITEM_ItemsAreEqual(expected, &actual); |
| 135 ASSERT_TRUE(result); | 135 ASSERT_TRUE(result); |
| 136 | 136 |
| 137 // Do Cleanup. | 137 // Do Cleanup. |
| 138 SECITEM_FreeItem(&actual, PR_FALSE); | 138 SECITEM_FreeItem(&actual, PR_FALSE); |
| 139 PORT_FreeArena(arena, PR_FALSE); | 139 PORT_FreeArena(arena, PR_FALSE); |
| 140 } | 140 } |
| 141 | 141 |
| 142 void VerifySelfSignedCert(const std::string& common_name, |
| 143 const std::string& der_cert) { |
| 144 // This test is run on Mac and Win where X509Certificate::os_cert_handle isn't |
| 145 // an NSS type, so we have to manually create a NSS certificate object so we |
| 146 // can use CERT_FindCertExtension. We also check the subject and validity |
| 147 // times using NSS since X509Certificate will fail with EC certs on OSX 10.5 |
| 148 // (http://crbug.com/101231). |
| 149 CERTCertificate* nss_cert = CreateNSSCertHandleFromBytes( |
| 150 der_cert.data(), der_cert.size()); |
| 151 |
| 152 char* actual = CERT_GetCommonName(&nss_cert->subject); |
| 153 ASSERT_TRUE(actual); |
| 154 EXPECT_STREQ(common_name.data(), actual); |
| 155 PORT_Free(actual); |
| 156 EXPECT_EQ(SECSuccess, CERT_CertTimesValid(nss_cert)); |
| 157 |
| 158 CERT_DestroyCertificate(nss_cert); |
| 159 } |
| 160 |
| 142 } // namespace | 161 } // namespace |
| 143 | 162 |
| 144 // This test creates a domain-bound cert from an EC private key and | 163 // This test creates a domain-bound cert from an EC private key and |
| 145 // then verifies the content of the certificate. | 164 // then verifies the content of the certificate. |
| 146 TEST(X509UtilNSSTest, CreateDomainBoundCertEC) { | 165 TEST(X509UtilNSSTest, CreateDomainBoundCertEC) { |
| 147 // Create a sample ASCII weborigin. | 166 // Create a sample ASCII weborigin. |
| 148 std::string domain = "weborigin.com"; | 167 std::string domain = "weborigin.com"; |
| 149 base::Time now = base::Time::Now(); | 168 base::Time now = base::Time::Now(); |
| 150 | 169 |
| 151 scoped_ptr<crypto::ECPrivateKey> private_key( | 170 scoped_ptr<crypto::ECPrivateKey> private_key( |
| 152 crypto::ECPrivateKey::Create()); | 171 crypto::ECPrivateKey::Create()); |
| 153 std::string der_cert; | 172 std::string der_cert; |
| 154 ASSERT_TRUE(x509_util::CreateDomainBoundCertEC( | 173 ASSERT_TRUE(x509_util::CreateDomainBoundCertEC( |
| 155 private_key.get(), | 174 private_key.get(), |
| 156 domain, 1, | 175 domain, 1, |
| 157 now, | 176 now, |
| 158 now + base::TimeDelta::FromDays(1), | 177 now + base::TimeDelta::FromDays(1), |
| 159 &der_cert)); | 178 &der_cert)); |
| 160 | 179 |
| 161 VerifyDomainBoundCert(domain, der_cert); | 180 VerifyDomainBoundCert(domain, der_cert); |
| 162 | 181 |
| 163 #if !defined(OS_WIN) && !defined(OS_MACOSX) | 182 #if !defined(OS_WIN) && !defined(OS_MACOSX) |
| 164 // signature_verifier_win and signature_verifier_mac can't handle EC certs. | 183 // signature_verifier_win and signature_verifier_mac can't handle EC certs. |
| 165 std::vector<uint8> spki; | 184 std::vector<uint8> spki; |
| 166 ASSERT_TRUE(private_key->ExportPublicKey(&spki)); | 185 ASSERT_TRUE(private_key->ExportPublicKey(&spki)); |
| 167 VerifyCertificateSignature(der_cert, spki); | 186 VerifyCertificateSignature(der_cert, spki); |
| 168 #endif | 187 #endif |
| 169 } | 188 } |
| 170 | 189 |
| 190 // This test creates a self-signed cert from an EC private key pair and |
| 191 // then verifies the content of the certificate. |
| 192 TEST(X509UtilNSSTest, CreateSelfSignedCertEC) { |
| 193 std::string common_name = "webrtc"; |
| 194 base::Time now = base::Time::Now(); |
| 195 |
| 196 scoped_ptr<crypto::ECPrivateKey> key(crypto::ECPrivateKey::Create()); |
| 197 ASSERT_TRUE(key); |
| 198 |
| 199 std::string der_cert; |
| 200 ASSERT_TRUE(x509_util::CreateSelfSignedCertEC( |
| 201 key.get(), |
| 202 common_name, 1, |
| 203 now, |
| 204 now + base::TimeDelta::FromDays(1), |
| 205 &der_cert)); |
| 206 |
| 207 VerifySelfSignedCert(common_name, der_cert); |
| 208 |
| 209 #if !defined(OS_WIN) && !defined(OS_MACOSX) |
| 210 // signature_verifier_win and signature_verifier_mac can't handle EC certs. |
| 211 std::vector<uint8> spki; |
| 212 ASSERT_TRUE(key->ExportPublicKey(&spki)); |
| 213 VerifyCertificateSignature(der_cert, spki); |
| 214 #endif |
| 215 } |
| 216 |
| 171 } // namespace net | 217 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 16158005:
Adds CreateSelfSignedCertEC to x509_util.h in preparation of persistent DTLS identity store for Web… (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master