*WIP* Store NSS slots per profile. Move keygen to chrome.

net/base/keygen_handler_unittest.cc

Index: net/base/keygen_handler_unittest.cc
diff --git a/net/base/keygen_handler_unittest.cc b/net/base/keygen_handler_unittest.cc
index 5188d9d745c37947c4ed9384af4e0eae149232bf..04e154e35296514494546e53c8057cfa663a31da 100644
--- a/net/base/keygen_handler_unittest.cc
+++ b/net/base/keygen_handler_unittest.cc
@@ -15,10 +15,14 @@
 #include "base/synchronization/waitable_event.h"
 #include "build/build_config.h"
 #include "crypto/nss_util.h"
+#include "net/base/keygen_handler_test_util.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
 #if defined(USE_NSS)
 #include <private/pprthred.h>  // PR_DetachThread
+
+#include "crypto/nss_util.h"
+#include "crypto/nss_util_internal.h"
 #endif
 
 namespace net {
@@ -31,54 +35,24 @@ class KeygenHandlerTest : public ::testing::Test {
   virtual ~KeygenHandlerTest() {}
 
   virtual void SetUp() {
+#if defined(USE_NSS)
+    crypto::EnsureNSSInit();
+#endif
 #if defined(OS_CHROMEOS)
-  crypto::OpenPersistentNSSDB();
+    crypto::OpenPersistentNSSDB();
 #endif
   }
 };
 
-// Assert that |result| is a valid output for KeygenHandler given challenge
-// string of |challenge|.
-void AssertValidSignedPublicKeyAndChallenge(const std::string& result,
-                                            const std::string& challenge) {
-  ASSERT_GT(result.length(), 0U);
-
-  // Verify it's valid base64:
-  std::string spkac;
-  ASSERT_TRUE(base::Base64Decode(result, &spkac));
-  // In lieu of actually parsing and validating the DER data,
-  // just check that it exists and has a reasonable length.
-  // (It's almost always 590 bytes, but the DER encoding of the random key
-  // and signature could sometimes be a few bytes different.)
-  ASSERT_GE(spkac.length(), 200U);
-  ASSERT_LE(spkac.length(), 300U);
-
-  // NOTE:
-  // The value of |result| can be validated by prefixing 'SPKAC=' to it
-  // and piping it through
-  //   openssl spkac -verify
-  // whose output should look like:
-  //   Netscape SPKI:
-  //     Public Key Algorithm: rsaEncryption
-  //     RSA Public Key: (2048 bit)
-  //     Modulus (2048 bit):
-  //         00:b6:cc:14:c9:43:b5:2d:51:65:7e:11:8b:80:9e: .....
-  //     Exponent: 65537 (0x10001)
-  //     Challenge String: some challenge
-  //     Signature Algorithm: md5WithRSAEncryption
-  //         92:f3:cc:ff:0b:d3:d0:4a:3a:4c:ba:ff:d6:38:7f:a5:4b:b5: .....
-  //   Signature OK
-  //
-  // The value of |spkac| can be ASN.1-parsed with:
-  //    openssl asn1parse -inform DER
-}
-
 TEST_F(KeygenHandlerTest, SmokeTest) {
   KeygenHandler handler(768, "some challenge", GURL("http://www.example.com"));
+#if defined(USE_NSS)
+  handler.set_key_slot(crypto::ScopedPK11Slot(crypto::GetPrivateNSSKeySlot()));
+#endif
   handler.set_stores_key(false);  // Don't leave the key-pair behind
   std::string result = handler.GenKeyAndSignChallenge();
   VLOG(1) << "KeygenHandler produced: " << result;
-  AssertValidSignedPublicKeyAndChallenge(result, "some challenge");
+  AssertValidSignedPublicKeyAndChallenge(result, 768, "some challenge");
 }
 
 void ConcurrencyTestCallback(base::WaitableEvent* event,
@@ -88,6 +62,9 @@ void ConcurrencyTestCallback(base::WaitableEvent* event,
   // WaitableEvent to synchronize, so it's safe.
   base::ThreadRestrictions::ScopedAllowSingleton scoped_allow_singleton;
   KeygenHandler handler(768, challenge, GURL("http://www.example.com"));
+#if defined(USE_NSS)
+  handler.set_key_slot(crypto::ScopedPK11Slot(crypto::GetPrivateNSSKeySlot()));
+#endif
   handler.set_stores_key(false);  // Don't leave the key-pair behind.
   *result = handler.GenKeyAndSignChallenge();
   event->Signal();
@@ -125,7 +102,7 @@ TEST_F(KeygenHandlerTest, ConcurrencyTest) {
     events[i] = NULL;
 
     VLOG(1) << "KeygenHandler " << i << " produced: " << results[i];
-    AssertValidSignedPublicKeyAndChallenge(results[i], "some challenge");
+    AssertValidSignedPublicKeyAndChallenge(results[i], 768, "some challenge");
   }
 }