Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(404)

Side by Side Diff: net/base/keygen_handler_unittest.cc

Issue 18121007: *WIP* Store NSS slots per profile. Move keygen to chrome. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: cleanups, add test for chrome keygen class Created 7 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/base/keygen_handler.h" 5 #include "net/base/keygen_handler.h"
6 6
7 #include <string> 7 #include <string>
8 8
9 #include "base/base64.h" 9 #include "base/base64.h"
10 #include "base/bind.h" 10 #include "base/bind.h"
11 #include "base/location.h" 11 #include "base/location.h"
12 #include "base/logging.h" 12 #include "base/logging.h"
13 #include "base/threading/worker_pool.h" 13 #include "base/threading/worker_pool.h"
14 #include "base/threading/thread_restrictions.h" 14 #include "base/threading/thread_restrictions.h"
15 #include "base/synchronization/waitable_event.h" 15 #include "base/synchronization/waitable_event.h"
16 #include "build/build_config.h" 16 #include "build/build_config.h"
17 #include "crypto/nss_util.h" 17 #include "crypto/nss_util.h"
18 #include "net/base/keygen_handler_test_util.h"
18 #include "testing/gtest/include/gtest/gtest.h" 19 #include "testing/gtest/include/gtest/gtest.h"
19 20
20 #if defined(USE_NSS) 21 #if defined(USE_NSS)
21 #include <private/pprthred.h> // PR_DetachThread 22 #include <private/pprthred.h> // PR_DetachThread
23
24 #include "crypto/nss_util.h"
25 #include "crypto/nss_util_internal.h"
22 #endif 26 #endif
23 27
24 namespace net { 28 namespace net {
25 29
26 namespace { 30 namespace {
27 31
28 class KeygenHandlerTest : public ::testing::Test { 32 class KeygenHandlerTest : public ::testing::Test {
29 public: 33 public:
30 KeygenHandlerTest() {} 34 KeygenHandlerTest() {}
31 virtual ~KeygenHandlerTest() {} 35 virtual ~KeygenHandlerTest() {}
32 36
33 virtual void SetUp() { 37 virtual void SetUp() {
38 #if defined(USE_NSS)
39 crypto::EnsureNSSInit();
40 #endif
34 #if defined(OS_CHROMEOS) 41 #if defined(OS_CHROMEOS)
35 crypto::OpenPersistentNSSDB(); 42 crypto::OpenPersistentNSSDB();
36 #endif 43 #endif
37 } 44 }
38 }; 45 };
39 46
40 // Assert that |result| is a valid output for KeygenHandler given challenge
41 // string of |challenge|.
42 void AssertValidSignedPublicKeyAndChallenge(const std::string& result,
43 const std::string& challenge) {
44 ASSERT_GT(result.length(), 0U);
45
46 // Verify it's valid base64:
47 std::string spkac;
48 ASSERT_TRUE(base::Base64Decode(result, &spkac));
49 // In lieu of actually parsing and validating the DER data,
50 // just check that it exists and has a reasonable length.
51 // (It's almost always 590 bytes, but the DER encoding of the random key
52 // and signature could sometimes be a few bytes different.)
53 ASSERT_GE(spkac.length(), 200U);
54 ASSERT_LE(spkac.length(), 300U);
55
56 // NOTE:
57 // The value of |result| can be validated by prefixing 'SPKAC=' to it
58 // and piping it through
59 // openssl spkac -verify
60 // whose output should look like:
61 // Netscape SPKI:
62 // Public Key Algorithm: rsaEncryption
63 // RSA Public Key: (2048 bit)
64 // Modulus (2048 bit):
65 // 00:b6:cc:14:c9:43:b5:2d:51:65:7e:11:8b:80:9e: .....
66 // Exponent: 65537 (0x10001)
67 // Challenge String: some challenge
68 // Signature Algorithm: md5WithRSAEncryption
69 // 92:f3:cc:ff:0b:d3:d0:4a:3a:4c:ba:ff:d6:38:7f:a5:4b:b5: .....
70 // Signature OK
71 //
72 // The value of |spkac| can be ASN.1-parsed with:
73 // openssl asn1parse -inform DER
74 }
75
76 TEST_F(KeygenHandlerTest, SmokeTest) { 47 TEST_F(KeygenHandlerTest, SmokeTest) {
77 KeygenHandler handler(768, "some challenge", GURL("http://www.example.com")); 48 KeygenHandler handler(768, "some challenge", GURL("http://www.example.com"));
49 #if defined(USE_NSS)
50 handler.set_key_slot(crypto::ScopedPK11Slot(crypto::GetPrivateNSSKeySlot()));
51 #endif
78 handler.set_stores_key(false); // Don't leave the key-pair behind 52 handler.set_stores_key(false); // Don't leave the key-pair behind
79 std::string result = handler.GenKeyAndSignChallenge(); 53 std::string result = handler.GenKeyAndSignChallenge();
80 VLOG(1) << "KeygenHandler produced: " << result; 54 VLOG(1) << "KeygenHandler produced: " << result;
81 AssertValidSignedPublicKeyAndChallenge(result, "some challenge"); 55 AssertValidSignedPublicKeyAndChallenge(result, 768, "some challenge");
82 } 56 }
83 57
84 void ConcurrencyTestCallback(base::WaitableEvent* event, 58 void ConcurrencyTestCallback(base::WaitableEvent* event,
85 const std::string& challenge, 59 const std::string& challenge,
86 std::string* result) { 60 std::string* result) {
87 // We allow Singleton use on the worker thread here since we use a 61 // We allow Singleton use on the worker thread here since we use a
88 // WaitableEvent to synchronize, so it's safe. 62 // WaitableEvent to synchronize, so it's safe.
89 base::ThreadRestrictions::ScopedAllowSingleton scoped_allow_singleton; 63 base::ThreadRestrictions::ScopedAllowSingleton scoped_allow_singleton;
90 KeygenHandler handler(768, challenge, GURL("http://www.example.com")); 64 KeygenHandler handler(768, challenge, GURL("http://www.example.com"));
65 #if defined(USE_NSS)
66 handler.set_key_slot(crypto::ScopedPK11Slot(crypto::GetPrivateNSSKeySlot()));
67 #endif
91 handler.set_stores_key(false); // Don't leave the key-pair behind. 68 handler.set_stores_key(false); // Don't leave the key-pair behind.
92 *result = handler.GenKeyAndSignChallenge(); 69 *result = handler.GenKeyAndSignChallenge();
93 event->Signal(); 70 event->Signal();
94 #if defined(USE_NSS) 71 #if defined(USE_NSS)
95 // Detach the thread from NSPR. 72 // Detach the thread from NSPR.
96 // Calling NSS functions attaches the thread to NSPR, which stores 73 // Calling NSS functions attaches the thread to NSPR, which stores
97 // the NSPR thread ID in thread-specific data. 74 // the NSPR thread ID in thread-specific data.
98 // The threads in our thread pool terminate after we have called 75 // The threads in our thread pool terminate after we have called
99 // PR_Cleanup. Unless we detach them from NSPR, net_unittests gets 76 // PR_Cleanup. Unless we detach them from NSPR, net_unittests gets
100 // segfaults on shutdown when the threads' thread-specific data 77 // segfaults on shutdown when the threads' thread-specific data
(...skipping 17 matching lines...) Expand all
118 true); 95 true);
119 } 96 }
120 97
121 for (int i = 0; i < NUM_HANDLERS; i++) { 98 for (int i = 0; i < NUM_HANDLERS; i++) {
122 // Make sure the job completed 99 // Make sure the job completed
123 events[i]->Wait(); 100 events[i]->Wait();
124 delete events[i]; 101 delete events[i];
125 events[i] = NULL; 102 events[i] = NULL;
126 103
127 VLOG(1) << "KeygenHandler " << i << " produced: " << results[i]; 104 VLOG(1) << "KeygenHandler " << i << " produced: " << results[i];
128 AssertValidSignedPublicKeyAndChallenge(results[i], "some challenge"); 105 AssertValidSignedPublicKeyAndChallenge(results[i], 768, "some challenge");
129 } 106 }
130 } 107 }
131 108
132 } // namespace 109 } // namespace
133 110
134 } // namespace net 111 } // namespace net
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698