Chromium Code Reviews Chromium Code Reviews
Issue 384413004:
Remove default key slot from KeygenHandler. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/base/keygen_handler.h" | 5 #include "net/base/keygen_handler.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 | 8 |
| 9 #include "base/base64.h" | 9 #include "base/base64.h" |
| 10 #include "base/bind.h" | 10 #include "base/bind.h" |
| 11 #include "base/location.h" | 11 #include "base/location.h" |
| 12 #include "base/logging.h" | 12 #include "base/logging.h" |
| 13 #include "base/threading/worker_pool.h" | 13 #include "base/threading/worker_pool.h" |
| 14 #include "base/threading/thread_restrictions.h" | 14 #include "base/threading/thread_restrictions.h" |
| 15 #include "base/synchronization/waitable_event.h" | 15 #include "base/synchronization/waitable_event.h" |
| 16 #include "build/build_config.h" | 16 #include "build/build_config.h" |
| 17 #include "crypto/nss_util.h" | 17 #include "crypto/nss_util.h" |
| 18 #include "testing/gtest/include/gtest/gtest.h" | 18 #include "testing/gtest/include/gtest/gtest.h" |
| 19 | 19 |
| 20 #if defined(USE_NSS) | 20 #if defined(USE_NSS) |
| 21 #include <private/pprthred.h> // PR_DetachThread | 21 #include <private/pprthred.h> // PR_DetachThread |
| 22 #include "crypto/nss_crypto_module_delegate.h" | |
| 23 #include "crypto/nss_util_internal.h" | |
| 22 #endif | 24 #endif |
| 23 | 25 |
| 24 namespace net { | 26 namespace net { |
| 25 | 27 |
| 26 namespace { | 28 namespace { |
| 27 | 29 |
| 30 class StubCryptoModuleDelegate : public crypto::NSSCryptoModuleDelegate { | |
|
Ryan Sleevi
2014/07/16 20:05:42
#ifdefs ?
pneubeck (no reviews)
2014/07/16 20:40:18
Done.
| |
| 31 public: | |
| 32 explicit StubCryptoModuleDelegate(crypto::ScopedPK11Slot slot) | |
| 33 : slot_(slot.Pass()) {} | |
| 34 | |
| 35 virtual std::string RequestPassword(const std::string& slot_name, | |
| 36 bool retry, | |
| 37 bool* cancelled) OVERRIDE{ | |
| 38 return std::string(); | |
| 39 } | |
| 40 | |
| 41 virtual crypto::ScopedPK11Slot RequestSlot() OVERRIDE { | |
| 42 return crypto::ScopedPK11Slot(PK11_ReferenceSlot(slot_.get())); | |
| 43 } | |
| 44 | |
| 45 private: | |
| 46 crypto::ScopedPK11Slot slot_; | |
| 47 }; | |
| 48 | |
| 28 class KeygenHandlerTest : public ::testing::Test { | 49 class KeygenHandlerTest : public ::testing::Test { |
| 29 public: | 50 public: |
| 30 KeygenHandlerTest() {} | 51 KeygenHandlerTest() {} |
| 31 virtual ~KeygenHandlerTest() {} | 52 virtual ~KeygenHandlerTest() {} |
| 32 | 53 |
| 54 scoped_ptr<KeygenHandler> CreateKeygenHandler() { | |
| 55 scoped_ptr<KeygenHandler> handler(new KeygenHandler( | |
| 56 768, "some challenge", GURL("http://www.example.com"))); | |
| 57 #if defined(USE_NSS) | |
| 58 handler->set_crypto_module_delegate( | |
| 59 scoped_ptr<crypto::NSSCryptoModuleDelegate>( | |
| 60 new StubCryptoModuleDelegate( | |
| 61 crypto::ScopedPK11Slot(crypto::GetPersistentNSSKeySlot())))); | |
|
Ryan Sleevi
2014/07/16 20:05:42
Depending on ordering of your CLs, and to confirm
pneubeck (no reviews)
2014/07/16 20:19:50
Yes, exactly!
I didn't want to do that in one step
| |
| 62 #endif | |
| 63 return handler.Pass(); | |
| 64 } | |
| 65 | |
| 33 private: | 66 private: |
| 34 #if defined(OS_CHROMEOS) && defined(USE_NSS) | 67 #if defined(USE_NSS) |
| 35 crypto::ScopedTestNSSDB test_nss_db_; | 68 crypto::ScopedTestNSSDB test_nss_db_; |
| 36 #endif | 69 #endif |
| 37 }; | 70 }; |
| 38 | 71 |
| 39 // Assert that |result| is a valid output for KeygenHandler given challenge | 72 // Assert that |result| is a valid output for KeygenHandler given challenge |
| 40 // string of |challenge|. | 73 // string of |challenge|. |
| 41 void AssertValidSignedPublicKeyAndChallenge(const std::string& result, | 74 void AssertValidSignedPublicKeyAndChallenge(const std::string& result, |
| 42 const std::string& challenge) { | 75 const std::string& challenge) { |
| 43 ASSERT_GT(result.length(), 0U); | 76 ASSERT_GT(result.length(), 0U); |
| 44 | 77 |
| (...skipping 21 matching lines...) Expand all Loading... | |
| 66 // Challenge String: some challenge | 99 // Challenge String: some challenge |
| 67 // Signature Algorithm: md5WithRSAEncryption | 100 // Signature Algorithm: md5WithRSAEncryption |
| 68 // 92:f3:cc:ff:0b:d3:d0:4a:3a:4c:ba:ff:d6:38:7f:a5:4b:b5: ..... | 101 // 92:f3:cc:ff:0b:d3:d0:4a:3a:4c:ba:ff:d6:38:7f:a5:4b:b5: ..... |
| 69 // Signature OK | 102 // Signature OK |
| 70 // | 103 // |
| 71 // The value of |spkac| can be ASN.1-parsed with: | 104 // The value of |spkac| can be ASN.1-parsed with: |
| 72 // openssl asn1parse -inform DER | 105 // openssl asn1parse -inform DER |
| 73 } | 106 } |
| 74 | 107 |
| 75 TEST_F(KeygenHandlerTest, SmokeTest) { | 108 TEST_F(KeygenHandlerTest, SmokeTest) { |
| 76 KeygenHandler handler(768, "some challenge", GURL("http://www.example.com")); | 109 scoped_ptr<KeygenHandler> handler(CreateKeygenHandler()); |
| 77 handler.set_stores_key(false); // Don't leave the key-pair behind | 110 handler->set_stores_key(false); // Don't leave the key-pair behind |
| 78 std::string result = handler.GenKeyAndSignChallenge(); | 111 std::string result = handler->GenKeyAndSignChallenge(); |
| 79 VLOG(1) << "KeygenHandler produced: " << result; | 112 VLOG(1) << "KeygenHandler produced: " << result; |
| 80 AssertValidSignedPublicKeyAndChallenge(result, "some challenge"); | 113 AssertValidSignedPublicKeyAndChallenge(result, "some challenge"); |
| 81 } | 114 } |
| 82 | 115 |
| 83 void ConcurrencyTestCallback(base::WaitableEvent* event, | 116 void ConcurrencyTestCallback(const std::string& challenge, |
| 84 const std::string& challenge, | 117 base::WaitableEvent* event, |
| 118 scoped_ptr<KeygenHandler> handler, | |
| 85 std::string* result) { | 119 std::string* result) { |
| 86 // We allow Singleton use on the worker thread here since we use a | 120 // We allow Singleton use on the worker thread here since we use a |
| 87 // WaitableEvent to synchronize, so it's safe. | 121 // WaitableEvent to synchronize, so it's safe. |
| 88 base::ThreadRestrictions::ScopedAllowSingleton scoped_allow_singleton; | 122 base::ThreadRestrictions::ScopedAllowSingleton scoped_allow_singleton; |
| 89 KeygenHandler handler(768, challenge, GURL("http://www.example.com")); | 123 handler->set_stores_key(false); // Don't leave the key-pair behind. |
| 90 handler.set_stores_key(false); // Don't leave the key-pair behind. | 124 *result = handler->GenKeyAndSignChallenge(); |
| 91 *result = handler.GenKeyAndSignChallenge(); | |
| 92 event->Signal(); | 125 event->Signal(); |
| 93 #if defined(USE_NSS) | 126 #if defined(USE_NSS) |
| 94 // Detach the thread from NSPR. | 127 // Detach the thread from NSPR. |
| 95 // Calling NSS functions attaches the thread to NSPR, which stores | 128 // Calling NSS functions attaches the thread to NSPR, which stores |
| 96 // the NSPR thread ID in thread-specific data. | 129 // the NSPR thread ID in thread-specific data. |
| 97 // The threads in our thread pool terminate after we have called | 130 // The threads in our thread pool terminate after we have called |
| 98 // PR_Cleanup. Unless we detach them from NSPR, net_unittests gets | 131 // PR_Cleanup. Unless we detach them from NSPR, net_unittests gets |
| 99 // segfaults on shutdown when the threads' thread-specific data | 132 // segfaults on shutdown when the threads' thread-specific data |
| 100 // destructors run. | 133 // destructors run. |
| 101 PR_DetachThread(); | 134 PR_DetachThread(); |
| 102 #endif | 135 #endif |
| 103 } | 136 } |
| 104 | 137 |
| 105 // We asynchronously generate the keys so as not to hang up the IO thread. This | 138 // We asynchronously generate the keys so as not to hang up the IO thread. This |
| 106 // test tries to catch concurrency problems in the keygen implementation. | 139 // test tries to catch concurrency problems in the keygen implementation. |
| 107 TEST_F(KeygenHandlerTest, ConcurrencyTest) { | 140 TEST_F(KeygenHandlerTest, ConcurrencyTest) { |
| 108 const int NUM_HANDLERS = 5; | 141 const int NUM_HANDLERS = 5; |
| 109 base::WaitableEvent* events[NUM_HANDLERS] = { NULL }; | 142 base::WaitableEvent* events[NUM_HANDLERS] = { NULL }; |
| 110 std::string results[NUM_HANDLERS]; | 143 std::string results[NUM_HANDLERS]; |
| 111 for (int i = 0; i < NUM_HANDLERS; i++) { | 144 for (int i = 0; i < NUM_HANDLERS; i++) { |
| 145 scoped_ptr<KeygenHandler> handler(CreateKeygenHandler()); | |
| 112 events[i] = new base::WaitableEvent(false, false); | 146 events[i] = new base::WaitableEvent(false, false); |
| 113 base::WorkerPool::PostTask( | 147 base::WorkerPool::PostTask(FROM_HERE, |
| 114 FROM_HERE, | 148 base::Bind(ConcurrencyTestCallback, |
| 115 base::Bind(ConcurrencyTestCallback, events[i], "some challenge", | 149 "some challenge", |
| 116 &results[i]), | 150 events[i], |
| 117 true); | 151 base::Passed(&handler), |
| 152 &results[i]), | |
| 153 true); | |
| 118 } | 154 } |
| 119 | 155 |
| 120 for (int i = 0; i < NUM_HANDLERS; i++) { | 156 for (int i = 0; i < NUM_HANDLERS; i++) { |
| 121 // Make sure the job completed | 157 // Make sure the job completed |
| 122 events[i]->Wait(); | 158 events[i]->Wait(); |
| 123 delete events[i]; | 159 delete events[i]; |
| 124 events[i] = NULL; | 160 events[i] = NULL; |
| 125 | 161 |
| 126 VLOG(1) << "KeygenHandler " << i << " produced: " << results[i]; | 162 VLOG(1) << "KeygenHandler " << i << " produced: " << results[i]; |
| 127 AssertValidSignedPublicKeyAndChallenge(results[i], "some challenge"); | 163 AssertValidSignedPublicKeyAndChallenge(results[i], "some challenge"); |
| 128 } | 164 } |
| 129 } | 165 } |
| 130 | 166 |
| 131 } // namespace | 167 } // namespace |
| 132 | 168 |
| 133 } // namespace net | 169 } // namespace net |
| OLD | NEW |
