Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(934)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/cert/x509_util_nss_unittest.cc

Issue 16158005: Adds CreateSelfSignedCertEC to x509_util.h in preparation of persistent DTLS identity store for Web… (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 7 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« net/cert/x509_util_nss.cc ('K') | « net/cert/x509_util_nss.cc ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/cert/x509_util_nss_unittest.cc
diff --git a/net/cert/x509_util_nss_unittest.cc b/net/cert/x509_util_nss_unittest.cc
index 968cc147ec505ecd3d7ef408bb7854144a93c044..ad61fe431286576d4f02a6739a753281d56ab060 100644
--- a/net/cert/x509_util_nss_unittest.cc
+++ b/net/cert/x509_util_nss_unittest.cc
@@ -139,6 +139,25 @@ void VerifyDomainBoundCert(const std::string& domain,
PORT_FreeArena(arena, PR_FALSE);
}
+void VerifySelfSignedCert(const std::string& common_name,
+ const std::string& der_cert) {
+ // This test is run on Mac and Win where X509Certificate::os_cert_handle isn't
+ // an NSS type, so we have to manually create a NSS certificate object so we
+ // can use CERT_FindCertExtension. We also check the subject and validity
+ // times using NSS since X509Certificate will fail with EC certs on OSX 10.5
+ // (http://crbug.com/101231).
+ CERTCertificate* nss_cert = CreateNSSCertHandleFromBytes(
+ der_cert.data(), der_cert.size());
+
+ char* actual = CERT_GetCommonName(&nss_cert->subject);
+ ASSERT_TRUE(actual);
+ EXPECT_STREQ(common_name.data(), actual);
+ PORT_Free(actual);
+ EXPECT_EQ(SECSuccess, CERT_CertTimesValid(nss_cert));
+
+ CERT_DestroyCertificate(nss_cert);
+}
+
} // namespace
// This test creates a domain-bound cert from an EC private key and
@@ -168,4 +187,31 @@ TEST(X509UtilNSSTest, CreateDomainBoundCertEC) {
#endif
}
+// This test creates a self-signed cert from an EC private key pair and
+// then verifies the content of the certificate.
+TEST(X509UtilNSSTest, CreateSelfSignedCertEC) {
+ std::string common_name = "webrtc";
+ base::Time now = base::Time::Now();
+
+ scoped_ptr<crypto::ECPrivateKey> key(crypto::ECPrivateKey::Create());
+ ASSERT_TRUE(key);
+
+ std::string der_cert;
+ ASSERT_TRUE(x509_util::CreateSelfSignedCertEC(
+ key.get(),
+ common_name, 1,
+ now,
+ now + base::TimeDelta::FromDays(1),
+ &der_cert));
+
+ VerifySelfSignedCert(common_name, der_cert);
+
+#if !defined(OS_WIN) && !defined(OS_MACOSX)
+ // signature_verifier_win and signature_verifier_mac can't handle EC certs.
+ std::vector<uint8> spki;
+ ASSERT_TRUE(key->ExportPublicKey(&spki));
+ VerifyCertificateSignature(der_cert, spki);
+#endif
+}
+
} // namespace net
« net/cert/x509_util_nss.cc ('K') | « net/cert/x509_util_nss.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698