OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/base/keygen_handler.h" | 5 #include "net/base/keygen_handler.h" |
6 | 6 |
7 #include <string> | 7 #include <string> |
8 | 8 |
9 #include "base/base64.h" | 9 #include "base/base64.h" |
10 #include "base/bind.h" | 10 #include "base/bind.h" |
11 #include "base/location.h" | 11 #include "base/location.h" |
12 #include "base/logging.h" | 12 #include "base/logging.h" |
13 #include "base/threading/worker_pool.h" | 13 #include "base/threading/worker_pool.h" |
14 #include "base/threading/thread_restrictions.h" | 14 #include "base/threading/thread_restrictions.h" |
15 #include "base/synchronization/waitable_event.h" | 15 #include "base/synchronization/waitable_event.h" |
16 #include "build/build_config.h" | 16 #include "build/build_config.h" |
17 #include "crypto/nss_util.h" | 17 #include "crypto/nss_util.h" |
| 18 #include "net/base/keygen_handler_test_util.h" |
18 #include "testing/gtest/include/gtest/gtest.h" | 19 #include "testing/gtest/include/gtest/gtest.h" |
19 | 20 |
20 #if defined(USE_NSS) | 21 #if defined(USE_NSS) |
21 #include <private/pprthred.h> // PR_DetachThread | 22 #include <private/pprthred.h> // PR_DetachThread |
| 23 |
| 24 #include "crypto/nss_util.h" |
| 25 #include "crypto/nss_util_internal.h" |
22 #endif | 26 #endif |
23 | 27 |
24 namespace net { | 28 namespace net { |
25 | 29 |
26 namespace { | 30 namespace { |
27 | 31 |
28 class KeygenHandlerTest : public ::testing::Test { | 32 class KeygenHandlerTest : public ::testing::Test { |
29 public: | 33 public: |
30 KeygenHandlerTest() {} | 34 KeygenHandlerTest() {} |
31 virtual ~KeygenHandlerTest() {} | 35 virtual ~KeygenHandlerTest() {} |
32 | 36 |
33 virtual void SetUp() { | 37 virtual void SetUp() { |
| 38 #if defined(USE_NSS) |
| 39 crypto::EnsureNSSInit(); |
| 40 #endif |
34 #if defined(OS_CHROMEOS) | 41 #if defined(OS_CHROMEOS) |
35 crypto::OpenPersistentNSSDB(); | 42 crypto::OpenPersistentNSSDB(); |
36 #endif | 43 #endif |
37 } | 44 } |
38 }; | 45 }; |
39 | 46 |
40 // Assert that |result| is a valid output for KeygenHandler given challenge | |
41 // string of |challenge|. | |
42 void AssertValidSignedPublicKeyAndChallenge(const std::string& result, | |
43 const std::string& challenge) { | |
44 ASSERT_GT(result.length(), 0U); | |
45 | |
46 // Verify it's valid base64: | |
47 std::string spkac; | |
48 ASSERT_TRUE(base::Base64Decode(result, &spkac)); | |
49 // In lieu of actually parsing and validating the DER data, | |
50 // just check that it exists and has a reasonable length. | |
51 // (It's almost always 590 bytes, but the DER encoding of the random key | |
52 // and signature could sometimes be a few bytes different.) | |
53 ASSERT_GE(spkac.length(), 200U); | |
54 ASSERT_LE(spkac.length(), 300U); | |
55 | |
56 // NOTE: | |
57 // The value of |result| can be validated by prefixing 'SPKAC=' to it | |
58 // and piping it through | |
59 // openssl spkac -verify | |
60 // whose output should look like: | |
61 // Netscape SPKI: | |
62 // Public Key Algorithm: rsaEncryption | |
63 // RSA Public Key: (2048 bit) | |
64 // Modulus (2048 bit): | |
65 // 00:b6:cc:14:c9:43:b5:2d:51:65:7e:11:8b:80:9e: ..... | |
66 // Exponent: 65537 (0x10001) | |
67 // Challenge String: some challenge | |
68 // Signature Algorithm: md5WithRSAEncryption | |
69 // 92:f3:cc:ff:0b:d3:d0:4a:3a:4c:ba:ff:d6:38:7f:a5:4b:b5: ..... | |
70 // Signature OK | |
71 // | |
72 // The value of |spkac| can be ASN.1-parsed with: | |
73 // openssl asn1parse -inform DER | |
74 } | |
75 | |
76 TEST_F(KeygenHandlerTest, SmokeTest) { | 47 TEST_F(KeygenHandlerTest, SmokeTest) { |
77 KeygenHandler handler(768, "some challenge", GURL("http://www.example.com")); | 48 KeygenHandler handler(768, "some challenge", GURL("http://www.example.com")); |
| 49 #if defined(USE_NSS) |
| 50 handler.set_key_slot(crypto::ScopedPK11Slot(crypto::GetPrivateNSSKeySlot())); |
| 51 #endif |
78 handler.set_stores_key(false); // Don't leave the key-pair behind | 52 handler.set_stores_key(false); // Don't leave the key-pair behind |
79 std::string result = handler.GenKeyAndSignChallenge(); | 53 std::string result = handler.GenKeyAndSignChallenge(); |
80 VLOG(1) << "KeygenHandler produced: " << result; | 54 VLOG(1) << "KeygenHandler produced: " << result; |
81 AssertValidSignedPublicKeyAndChallenge(result, "some challenge"); | 55 AssertValidSignedPublicKeyAndChallenge(result, 768, "some challenge"); |
82 } | 56 } |
83 | 57 |
84 void ConcurrencyTestCallback(base::WaitableEvent* event, | 58 void ConcurrencyTestCallback(base::WaitableEvent* event, |
85 const std::string& challenge, | 59 const std::string& challenge, |
86 std::string* result) { | 60 std::string* result) { |
87 // We allow Singleton use on the worker thread here since we use a | 61 // We allow Singleton use on the worker thread here since we use a |
88 // WaitableEvent to synchronize, so it's safe. | 62 // WaitableEvent to synchronize, so it's safe. |
89 base::ThreadRestrictions::ScopedAllowSingleton scoped_allow_singleton; | 63 base::ThreadRestrictions::ScopedAllowSingleton scoped_allow_singleton; |
90 KeygenHandler handler(768, challenge, GURL("http://www.example.com")); | 64 KeygenHandler handler(768, challenge, GURL("http://www.example.com")); |
| 65 #if defined(USE_NSS) |
| 66 handler.set_key_slot(crypto::ScopedPK11Slot(crypto::GetPrivateNSSKeySlot())); |
| 67 #endif |
91 handler.set_stores_key(false); // Don't leave the key-pair behind. | 68 handler.set_stores_key(false); // Don't leave the key-pair behind. |
92 *result = handler.GenKeyAndSignChallenge(); | 69 *result = handler.GenKeyAndSignChallenge(); |
93 event->Signal(); | 70 event->Signal(); |
94 #if defined(USE_NSS) | 71 #if defined(USE_NSS) |
95 // Detach the thread from NSPR. | 72 // Detach the thread from NSPR. |
96 // Calling NSS functions attaches the thread to NSPR, which stores | 73 // Calling NSS functions attaches the thread to NSPR, which stores |
97 // the NSPR thread ID in thread-specific data. | 74 // the NSPR thread ID in thread-specific data. |
98 // The threads in our thread pool terminate after we have called | 75 // The threads in our thread pool terminate after we have called |
99 // PR_Cleanup. Unless we detach them from NSPR, net_unittests gets | 76 // PR_Cleanup. Unless we detach them from NSPR, net_unittests gets |
100 // segfaults on shutdown when the threads' thread-specific data | 77 // segfaults on shutdown when the threads' thread-specific data |
(...skipping 17 matching lines...) Expand all Loading... |
118 true); | 95 true); |
119 } | 96 } |
120 | 97 |
121 for (int i = 0; i < NUM_HANDLERS; i++) { | 98 for (int i = 0; i < NUM_HANDLERS; i++) { |
122 // Make sure the job completed | 99 // Make sure the job completed |
123 events[i]->Wait(); | 100 events[i]->Wait(); |
124 delete events[i]; | 101 delete events[i]; |
125 events[i] = NULL; | 102 events[i] = NULL; |
126 | 103 |
127 VLOG(1) << "KeygenHandler " << i << " produced: " << results[i]; | 104 VLOG(1) << "KeygenHandler " << i << " produced: " << results[i]; |
128 AssertValidSignedPublicKeyAndChallenge(results[i], "some challenge"); | 105 AssertValidSignedPublicKeyAndChallenge(results[i], 768, "some challenge"); |
129 } | 106 } |
130 } | 107 } |
131 | 108 |
132 } // namespace | 109 } // namespace |
133 | 110 |
134 } // namespace net | 111 } // namespace net |
OLD | NEW |