Index: net/base/keygen_handler_unittest.cc |
diff --git a/net/base/keygen_handler_unittest.cc b/net/base/keygen_handler_unittest.cc |
deleted file mode 100644 |
index af21274724ee871cf299fd97d7af93b997f8be5d..0000000000000000000000000000000000000000 |
--- a/net/base/keygen_handler_unittest.cc |
+++ /dev/null |
@@ -1,226 +0,0 @@ |
-// Copyright (c) 2011 The Chromium Authors. All rights reserved. |
-// Use of this source code is governed by a BSD-style license that can be |
-// found in the LICENSE file. |
- |
-#include "net/base/keygen_handler.h" |
- |
-#include <stdint.h> |
- |
-#include <string> |
-#include <utility> |
- |
-#include "base/base64.h" |
-#include "base/bind.h" |
-#include "base/location.h" |
-#include "base/logging.h" |
-#include "base/strings/string_piece.h" |
-#include "base/synchronization/waitable_event.h" |
-#include "base/threading/worker_pool.h" |
-#include "build/build_config.h" |
-#include "testing/gtest/include/gtest/gtest.h" |
-#include "third_party/boringssl/src/include/openssl/bytestring.h" |
-#include "third_party/boringssl/src/include/openssl/evp.h" |
- |
-#if defined(USE_NSS_CERTS) |
-#include <private/pprthred.h> // PR_DetachThread |
-#include "crypto/nss_crypto_module_delegate.h" |
-#include "crypto/scoped_test_nss_db.h" |
-#endif |
- |
-namespace net { |
- |
-namespace { |
- |
-#if defined(USE_NSS_CERTS) |
-class StubCryptoModuleDelegate : public crypto::NSSCryptoModuleDelegate { |
- public: |
- explicit StubCryptoModuleDelegate(crypto::ScopedPK11Slot slot) |
- : slot_(std::move(slot)) {} |
- |
- std::string RequestPassword(const std::string& slot_name, |
- bool retry, |
- bool* cancelled) override { |
- return std::string(); |
- } |
- |
- crypto::ScopedPK11Slot RequestSlot() override { |
- return crypto::ScopedPK11Slot(PK11_ReferenceSlot(slot_.get())); |
- } |
- |
- private: |
- crypto::ScopedPK11Slot slot_; |
-}; |
-#endif |
- |
-const char kChallenge[] = "some challenge"; |
- |
-class KeygenHandlerTest : public ::testing::Test { |
- public: |
- KeygenHandlerTest() {} |
- ~KeygenHandlerTest() override {} |
- |
- std::unique_ptr<KeygenHandler> CreateKeygenHandler() { |
- std::unique_ptr<KeygenHandler> handler( |
- new KeygenHandler(768, kChallenge, GURL("http://www.example.com"))); |
-#if defined(USE_NSS_CERTS) |
- handler->set_crypto_module_delegate( |
- std::unique_ptr<crypto::NSSCryptoModuleDelegate>( |
- new StubCryptoModuleDelegate(crypto::ScopedPK11Slot( |
- PK11_ReferenceSlot(test_nss_db_.slot()))))); |
-#endif |
- return handler; |
- } |
- |
- private: |
-#if defined(USE_NSS_CERTS) |
- crypto::ScopedTestNSSDB test_nss_db_; |
-#endif |
-}; |
- |
-base::StringPiece StringPieceFromCBS(const CBS& cbs) { |
- return base::StringPiece(reinterpret_cast<const char*>(CBS_data(&cbs)), |
- CBS_len(&cbs)); |
-} |
- |
-// Assert that |result| is a valid output for KeygenHandler given challenge |
-// string of |challenge|. |
-void AssertValidSignedPublicKeyAndChallenge(const std::string& result, |
- const std::string& challenge) { |
- // Verify it's valid base64: |
- std::string spkac; |
- ASSERT_TRUE(base::Base64Decode(result, &spkac)); |
- |
- // Parse the following structure: |
- // |
- // PublicKeyAndChallenge ::= SEQUENCE { |
- // spki SubjectPublicKeyInfo, |
- // challenge IA5STRING |
- // } |
- // SignedPublicKeyAndChallenge ::= SEQUENCE { |
- // publicKeyAndChallenge PublicKeyAndChallenge, |
- // signatureAlgorithm AlgorithmIdentifier, |
- // signature BIT STRING |
- // } |
- |
- CBS cbs; |
- CBS_init(&cbs, reinterpret_cast<const uint8_t*>(spkac.data()), spkac.size()); |
- |
- // The input should consist of a SEQUENCE. |
- CBS child; |
- ASSERT_TRUE(CBS_get_asn1(&cbs, &child, CBS_ASN1_SEQUENCE)); |
- ASSERT_EQ(0u, CBS_len(&cbs)); |
- |
- // Extract the raw PublicKeyAndChallenge. |
- CBS public_key_and_challenge_raw; |
- ASSERT_TRUE(CBS_get_asn1_element(&child, &public_key_and_challenge_raw, |
- CBS_ASN1_SEQUENCE)); |
- |
- // Parse out the PublicKeyAndChallenge. |
- CBS copy = public_key_and_challenge_raw; |
- CBS public_key_and_challenge; |
- ASSERT_TRUE( |
- CBS_get_asn1(©, &public_key_and_challenge, CBS_ASN1_SEQUENCE)); |
- ASSERT_EQ(0u, CBS_len(©)); |
- bssl::UniquePtr<EVP_PKEY> key( |
- EVP_parse_public_key(&public_key_and_challenge)); |
- ASSERT_TRUE(key); |
- CBS challenge_spkac; |
- ASSERT_TRUE(CBS_get_asn1(&public_key_and_challenge, &challenge_spkac, |
- CBS_ASN1_IA5STRING)); |
- ASSERT_EQ(0u, CBS_len(&public_key_and_challenge)); |
- |
- // The challenge must match. |
- ASSERT_EQ(challenge, StringPieceFromCBS(challenge_spkac)); |
- |
- // The next element must be the AlgorithmIdentifier for MD5 with RSA. |
- static const uint8_t kMd5WithRsaEncryption[] = { |
- 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, |
- 0xf7, 0x0d, 0x01, 0x01, 0x04, 0x05, 0x00, |
- }; |
- CBS algorithm; |
- ASSERT_TRUE(CBS_get_bytes(&child, &algorithm, sizeof(kMd5WithRsaEncryption))); |
- ASSERT_EQ( |
- base::StringPiece(reinterpret_cast<const char*>(kMd5WithRsaEncryption), |
- sizeof(kMd5WithRsaEncryption)), |
- StringPieceFromCBS(algorithm)); |
- |
- // Finally, parse the signature. |
- CBS signature; |
- ASSERT_TRUE(CBS_get_asn1(&child, &signature, CBS_ASN1_BITSTRING)); |
- ASSERT_EQ(0u, CBS_len(&child)); |
- uint8_t pad; |
- ASSERT_TRUE(CBS_get_u8(&signature, &pad)); |
- ASSERT_EQ(0u, pad); |
- |
- // Check the signature. |
- bssl::ScopedEVP_MD_CTX ctx; |
- ASSERT_TRUE( |
- EVP_DigestVerifyInit(ctx.get(), nullptr, EVP_md5(), nullptr, key.get())); |
- ASSERT_TRUE(EVP_DigestVerifyUpdate(ctx.get(), |
- CBS_data(&public_key_and_challenge_raw), |
- CBS_len(&public_key_and_challenge_raw))); |
- ASSERT_TRUE(EVP_DigestVerifyFinal(ctx.get(), CBS_data(&signature), |
- CBS_len(&signature))); |
-} |
- |
-TEST_F(KeygenHandlerTest, SmokeTest) { |
- std::unique_ptr<KeygenHandler> handler(CreateKeygenHandler()); |
- handler->set_stores_key(false); // Don't leave the key-pair behind |
- std::string result = handler->GenKeyAndSignChallenge(); |
- VLOG(1) << "KeygenHandler produced: " << result; |
- AssertValidSignedPublicKeyAndChallenge(result, kChallenge); |
-} |
- |
-void ConcurrencyTestCallback(const std::string& challenge, |
- base::WaitableEvent* event, |
- std::unique_ptr<KeygenHandler> handler, |
- std::string* result) { |
- handler->set_stores_key(false); // Don't leave the key-pair behind. |
- *result = handler->GenKeyAndSignChallenge(); |
- event->Signal(); |
-#if defined(USE_NSS_CERTS) |
- // Detach the thread from NSPR. |
- // Calling NSS functions attaches the thread to NSPR, which stores |
- // the NSPR thread ID in thread-specific data. |
- // The threads in our thread pool terminate after we have called |
- // PR_Cleanup. Unless we detach them from NSPR, net_unittests gets |
- // segfaults on shutdown when the threads' thread-specific data |
- // destructors run. |
- PR_DetachThread(); |
-#endif |
-} |
- |
-// We asynchronously generate the keys so as not to hang up the IO thread. This |
-// test tries to catch concurrency problems in the keygen implementation. |
-TEST_F(KeygenHandlerTest, ConcurrencyTest) { |
- const int NUM_HANDLERS = 5; |
- base::WaitableEvent* events[NUM_HANDLERS] = { NULL }; |
- std::string results[NUM_HANDLERS]; |
- for (int i = 0; i < NUM_HANDLERS; i++) { |
- std::unique_ptr<KeygenHandler> handler(CreateKeygenHandler()); |
- events[i] = new base::WaitableEvent( |
- base::WaitableEvent::ResetPolicy::AUTOMATIC, |
- base::WaitableEvent::InitialState::NOT_SIGNALED); |
- base::WorkerPool::PostTask(FROM_HERE, |
- base::Bind(ConcurrencyTestCallback, |
- "some challenge", |
- events[i], |
- base::Passed(&handler), |
- &results[i]), |
- true); |
- } |
- |
- for (int i = 0; i < NUM_HANDLERS; i++) { |
- // Make sure the job completed |
- events[i]->Wait(); |
- delete events[i]; |
- events[i] = NULL; |
- |
- VLOG(1) << "KeygenHandler " << i << " produced: " << results[i]; |
- AssertValidSignedPublicKeyAndChallenge(results[i], "some challenge"); |
- } |
-} |
- |
-} // namespace |
- |
-} // namespace net |