Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(66)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/x509_util_openssl_unittest.cc

Issue 361193003: Eliminate ScopedOpenSSL in favour of scoped_ptr<> specializations. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Rebase Created 6 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/cert/x509_util_openssl.cc ('k') | net/net.gyp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "base/memory/scoped_ptr.h" 5 #include "base/memory/scoped_ptr.h"
6 #include "crypto/ec_private_key.h" 6 #include "crypto/ec_private_key.h"
7 #include "crypto/openssl_util.h" 7 #include "crypto/openssl_util.h"
8 #include "crypto/scoped_openssl_types.h"
8 #include "net/cert/x509_util.h" 9 #include "net/cert/x509_util.h"
9 #include "net/cert/x509_util_openssl.h" 10 #include "net/cert/x509_util_openssl.h"
10 #include "testing/gtest/include/gtest/gtest.h" 11 #include "testing/gtest/include/gtest/gtest.h"
11 12
12 namespace net { 13 namespace net {
13 14
14 namespace { 15 namespace {
15 16
17 typedef crypto::ScopedOpenSSL<X509, X509_free>::Type ScopedX509;
18
16 // Verify that a given certificate was signed with the private key corresponding 19 // Verify that a given certificate was signed with the private key corresponding
17 // to a given public key. 20 // to a given public key.
18 // |der_cert| is the DER-encoded X.509 certificate. 21 // |der_cert| is the DER-encoded X.509 certificate.
19 // |der_spki| is the DER-encoded public key of the signer. 22 // |der_spki| is the DER-encoded public key of the signer.
20 void VerifyCertificateSignature(const std::string& der_cert, 23 void VerifyCertificateSignature(const std::string& der_cert,
21 const std::vector<uint8>& der_spki) { 24 const std::vector<uint8>& der_spki) {
22 const unsigned char* cert_data = 25 const unsigned char* cert_data =
23 reinterpret_cast<const unsigned char*>(der_cert.data()); 26 reinterpret_cast<const unsigned char*>(der_cert.data());
24 int cert_data_len = static_cast<int>(der_cert.size()); 27 int cert_data_len = static_cast<int>(der_cert.size());
25 crypto::ScopedOpenSSL<X509, X509_free> cert( 28 ScopedX509 cert(d2i_X509(NULL, &cert_data, cert_data_len));
26 d2i_X509(NULL, &cert_data, cert_data_len));
27 ASSERT_TRUE(cert.get()); 29 ASSERT_TRUE(cert.get());
28 30
29 // NOTE: SignatureVerifier wants the DER-encoded ASN.1 AlgorithmIdentifier 31 // NOTE: SignatureVerifier wants the DER-encoded ASN.1 AlgorithmIdentifier
30 // but there is no OpenSSL API to extract it from an X509 object (!?) 32 // but there is no OpenSSL API to extract it from an X509 object (!?)
31 // Use X509_verify() directly instead, which takes an EVP_PKEY. 33 // Use X509_verify() directly instead, which takes an EVP_PKEY.
32 const unsigned char* pub_key_data = &der_spki.front(); 34 const unsigned char* pub_key_data = &der_spki.front();
33 int pub_key_len = static_cast<int>(der_spki.size()); 35 int pub_key_len = static_cast<int>(der_spki.size());
34 crypto::ScopedOpenSSL<EVP_PKEY, EVP_PKEY_free> pub_key( 36 crypto::ScopedEVP_PKEY pub_key(d2i_PUBKEY(NULL, &pub_key_data, pub_key_len));
35 d2i_PUBKEY(NULL, &pub_key_data, pub_key_len));
36 ASSERT_TRUE(pub_key.get()); 37 ASSERT_TRUE(pub_key.get());
37 38
38 // NOTE: X509_verify() returns 1 in case of succes, 0 or -1 on error. 39 // NOTE: X509_verify() returns 1 in case of succes, 0 or -1 on error.
39 EXPECT_EQ(1, X509_verify(cert.get(), pub_key.get())); 40 EXPECT_EQ(1, X509_verify(cert.get(), pub_key.get()));
40 } 41 }
41 42
42 // Verify the attributes of a domain-bound certificate. 43 // Verify the attributes of a domain-bound certificate.
43 // |domain| is the bound domain name. 44 // |domain| is the bound domain name.
44 // |der_cert| is the DER-encoded X.509 certificate. 45 // |der_cert| is the DER-encoded X.509 certificate.
45 void VerifyDomainBoundCert(const std::string& domain, 46 void VerifyDomainBoundCert(const std::string& domain,
46 const std::string& der_cert) { 47 const std::string& der_cert) {
47 // Origin Bound Cert OID. 48 // Origin Bound Cert OID.
48 static const char oid_string[] = "1.3.6.1.4.1.11129.2.1.6"; 49 static const char oid_string[] = "1.3.6.1.4.1.11129.2.1.6";
49 crypto::ScopedOpenSSL<ASN1_OBJECT, ASN1_OBJECT_free> oid_obj( 50 crypto::ScopedOpenSSL<ASN1_OBJECT, ASN1_OBJECT_free>::Type oid_obj(
50 OBJ_txt2obj(oid_string, 0)); 51 OBJ_txt2obj(oid_string, 0));
51 ASSERT_TRUE(oid_obj.get()); 52 ASSERT_TRUE(oid_obj.get());
52 53
53 const unsigned char* cert_data = 54 const unsigned char* cert_data =
54 reinterpret_cast<const unsigned char*>(der_cert.data()); 55 reinterpret_cast<const unsigned char*>(der_cert.data());
55 int cert_data_len = static_cast<int>(der_cert.size()); 56 int cert_data_len = static_cast<int>(der_cert.size());
56 crypto::ScopedOpenSSL<X509, X509_free> cert( 57 ScopedX509 cert(d2i_X509(NULL, &cert_data, cert_data_len));
57 d2i_X509(NULL, &cert_data, cert_data_len));
58 ASSERT_TRUE(cert.get()); 58 ASSERT_TRUE(cert.get());
59 59
60 // Find the extension. 60 // Find the extension.
61 int ext_pos = X509_get_ext_by_OBJ(cert.get(), oid_obj.get(), -1); 61 int ext_pos = X509_get_ext_by_OBJ(cert.get(), oid_obj.get(), -1);
62 ASSERT_NE(-1, ext_pos); 62 ASSERT_NE(-1, ext_pos);
63 X509_EXTENSION* ext = X509_get_ext(cert.get(), ext_pos); 63 X509_EXTENSION* ext = X509_get_ext(cert.get(), ext_pos);
64 ASSERT_TRUE(ext); 64 ASSERT_TRUE(ext);
65 65
66 // Check its value, it must be an ASN.1 IA5STRING 66 // Check its value, it must be an ASN.1 IA5STRING
67 // Which means <tag> <length> <domain>, with: 67 // Which means <tag> <length> <domain>, with:
(...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after
131 131
132 VerifyDomainBoundCert(domain, der_cert); 132 VerifyDomainBoundCert(domain, der_cert);
133 133
134 // signature_verifier_win and signature_verifier_mac can't handle EC certs. 134 // signature_verifier_win and signature_verifier_mac can't handle EC certs.
135 std::vector<uint8> spki; 135 std::vector<uint8> spki;
136 ASSERT_TRUE(private_key->ExportPublicKey(&spki)); 136 ASSERT_TRUE(private_key->ExportPublicKey(&spki));
137 VerifyCertificateSignature(der_cert, spki); 137 VerifyCertificateSignature(der_cert, spki);
138 } 138 }
139 139
140 } // namespace net 140 } // namespace net
OLDNEW
« no previous file with comments | « net/cert/x509_util_openssl.cc ('k') | net/net.gyp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698