| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "base/memory/scoped_ptr.h" | 5 #include "base/memory/scoped_ptr.h" |
| 6 #include "crypto/ec_private_key.h" | 6 #include "crypto/ec_private_key.h" |
| 7 #include "crypto/openssl_util.h" | 7 #include "crypto/openssl_util.h" |
| 8 #include "crypto/scoped_openssl_types.h" | 8 #include "crypto/scoped_openssl_types.h" |
| 9 #include "net/cert/x509_util.h" | 9 #include "net/cert/x509_util.h" |
| 10 #include "net/cert/x509_util_openssl.h" | 10 #include "net/cert/x509_util_openssl.h" |
| (...skipping 25 matching lines...) Expand all Loading... |
| 36 crypto::ScopedEVP_PKEY pub_key(d2i_PUBKEY(NULL, &pub_key_data, pub_key_len)); | 36 crypto::ScopedEVP_PKEY pub_key(d2i_PUBKEY(NULL, &pub_key_data, pub_key_len)); |
| 37 ASSERT_TRUE(pub_key.get()); | 37 ASSERT_TRUE(pub_key.get()); |
| 38 | 38 |
| 39 // NOTE: X509_verify() returns 1 in case of succes, 0 or -1 on error. | 39 // NOTE: X509_verify() returns 1 in case of succes, 0 or -1 on error. |
| 40 EXPECT_EQ(1, X509_verify(cert.get(), pub_key.get())); | 40 EXPECT_EQ(1, X509_verify(cert.get(), pub_key.get())); |
| 41 } | 41 } |
| 42 | 42 |
| 43 // Verify the attributes of a domain-bound certificate. | 43 // Verify the attributes of a domain-bound certificate. |
| 44 // |domain| is the bound domain name. | 44 // |domain| is the bound domain name. |
| 45 // |der_cert| is the DER-encoded X.509 certificate. | 45 // |der_cert| is the DER-encoded X.509 certificate. |
| 46 void VerifyDomainBoundCert(const std::string& domain, | 46 void VerifyChannelID(const std::string& domain, |
| 47 const std::string& der_cert) { | 47 const std::string& der_cert) { |
| 48 // Origin Bound Cert OID. | 48 // Origin Bound Cert OID. |
| 49 static const char oid_string[] = "1.3.6.1.4.1.11129.2.1.6"; | 49 static const char oid_string[] = "1.3.6.1.4.1.11129.2.1.6"; |
| 50 crypto::ScopedOpenSSL<ASN1_OBJECT, ASN1_OBJECT_free>::Type oid_obj( | 50 crypto::ScopedOpenSSL<ASN1_OBJECT, ASN1_OBJECT_free>::Type oid_obj( |
| 51 OBJ_txt2obj(oid_string, 0)); | 51 OBJ_txt2obj(oid_string, 0)); |
| 52 ASSERT_TRUE(oid_obj.get()); | 52 ASSERT_TRUE(oid_obj.get()); |
| 53 | 53 |
| 54 const unsigned char* cert_data = | 54 const unsigned char* cert_data = |
| 55 reinterpret_cast<const unsigned char*>(der_cert.data()); | 55 reinterpret_cast<const unsigned char*>(der_cert.data()); |
| 56 int cert_data_len = static_cast<int>(der_cert.size()); | 56 int cert_data_len = static_cast<int>(der_cert.size()); |
| 57 ScopedX509 cert(d2i_X509(NULL, &cert_data, cert_data_len)); | 57 ScopedX509 cert(d2i_X509(NULL, &cert_data, cert_data_len)); |
| (...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 105 base::Time too_late = base::Time::UnixEpoch() + | 105 base::Time too_late = base::Time::UnixEpoch() + |
| 106 base::TimeDelta::FromDays(kDaysFromUnixEpochToYear10000 + 1); | 106 base::TimeDelta::FromDays(kDaysFromUnixEpochToYear10000 + 1); |
| 107 | 107 |
| 108 EXPECT_FALSE(x509_util::IsSupportedValidityRange(too_old, too_old)); | 108 EXPECT_FALSE(x509_util::IsSupportedValidityRange(too_old, too_old)); |
| 109 EXPECT_FALSE(x509_util::IsSupportedValidityRange(too_old, now)); | 109 EXPECT_FALSE(x509_util::IsSupportedValidityRange(too_old, now)); |
| 110 | 110 |
| 111 EXPECT_FALSE(x509_util::IsSupportedValidityRange(now, too_late)); | 111 EXPECT_FALSE(x509_util::IsSupportedValidityRange(now, too_late)); |
| 112 EXPECT_FALSE(x509_util::IsSupportedValidityRange(too_late, too_late)); | 112 EXPECT_FALSE(x509_util::IsSupportedValidityRange(too_late, too_late)); |
| 113 } | 113 } |
| 114 | 114 |
| 115 TEST(X509UtilOpenSSLTest, CreateDomainBoundCertEC) { | 115 TEST(X509UtilOpenSSLTest, CreateChannelIDEC) { |
| 116 // Create a sample ASCII weborigin. | 116 // Create a sample ASCII weborigin. |
| 117 std::string domain = "weborigin.com"; | 117 std::string domain = "weborigin.com"; |
| 118 base::Time now = base::Time::Now(); | 118 base::Time now = base::Time::Now(); |
| 119 | 119 |
| 120 scoped_ptr<crypto::ECPrivateKey> private_key( | 120 scoped_ptr<crypto::ECPrivateKey> private_key( |
| 121 crypto::ECPrivateKey::Create()); | 121 crypto::ECPrivateKey::Create()); |
| 122 std::string der_cert; | 122 std::string der_cert; |
| 123 ASSERT_TRUE( | 123 ASSERT_TRUE( |
| 124 x509_util::CreateDomainBoundCertEC(private_key.get(), | 124 x509_util::CreateChannelIDEC(private_key.get(), |
| 125 x509_util::DIGEST_SHA1, | 125 x509_util::DIGEST_SHA1, |
| 126 domain, | 126 domain, |
| 127 1, | 127 1, |
| 128 now, | 128 now, |
| 129 now + base::TimeDelta::FromDays(1), | 129 now + base::TimeDelta::FromDays(1), |
| 130 &der_cert)); | 130 &der_cert)); |
| 131 | 131 |
| 132 VerifyDomainBoundCert(domain, der_cert); | 132 VerifyChannelID(domain, der_cert); |
| 133 | 133 |
| 134 // signature_verifier_win and signature_verifier_mac can't handle EC certs. | 134 // signature_verifier_win and signature_verifier_mac can't handle EC certs. |
| 135 std::vector<uint8> spki; | 135 std::vector<uint8> spki; |
| 136 ASSERT_TRUE(private_key->ExportPublicKey(&spki)); | 136 ASSERT_TRUE(private_key->ExportPublicKey(&spki)); |
| 137 VerifyCertificateSignature(der_cert, spki); | 137 VerifyCertificateSignature(der_cert, spki); |
| 138 } | 138 } |
| 139 | 139 |
| 140 } // namespace net | 140 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 356713005:
Rename ServerBoundCert => ChannelID to reflect the current name (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src