Chromium Code Reviews Chromium Code Reviews
Issue 384413004:
Remove default key slot from KeygenHandler. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/base/keygen_handler.h" | 5 #include "net/base/keygen_handler.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 | 8 |
| 9 #include "base/base64.h" | 9 #include "base/base64.h" |
| 10 #include "base/bind.h" | 10 #include "base/bind.h" |
| 11 #include "base/location.h" | 11 #include "base/location.h" |
| 12 #include "base/logging.h" | 12 #include "base/logging.h" |
| 13 #include "base/memory/scoped_ptr.h" | |
| 13 #include "base/threading/worker_pool.h" | 14 #include "base/threading/worker_pool.h" |
| 14 #include "base/threading/thread_restrictions.h" | 15 #include "base/threading/thread_restrictions.h" |
| 15 #include "base/synchronization/waitable_event.h" | 16 #include "base/synchronization/waitable_event.h" |
| 16 #include "build/build_config.h" | 17 #include "build/build_config.h" |
| 17 #include "crypto/nss_util.h" | 18 #include "crypto/nss_util.h" |
| 19 #include "crypto/nss_util_internal.h" | |
| 18 #include "testing/gtest/include/gtest/gtest.h" | 20 #include "testing/gtest/include/gtest/gtest.h" |
| 19 | 21 |
| 20 #if defined(USE_NSS) | 22 #if defined(USE_NSS) |
| 21 #include <private/pprthred.h> // PR_DetachThread | 23 #include <private/pprthred.h> // PR_DetachThread |
| 22 #endif | 24 #endif |
| 23 | 25 |
| 24 namespace net { | 26 namespace net { |
| 25 | 27 |
| 26 namespace { | 28 namespace { |
| 27 | 29 |
| 28 class KeygenHandlerTest : public ::testing::Test { | 30 class KeygenHandlerTest : public ::testing::Test { |
| 29 public: | 31 public: |
| 30 KeygenHandlerTest() {} | 32 KeygenHandlerTest() {} |
| 31 virtual ~KeygenHandlerTest() {} | 33 virtual ~KeygenHandlerTest() {} |
| 32 | 34 |
| 33 private: | 35 protected: |
| 34 #if defined(OS_CHROMEOS) && defined(USE_NSS) | 36 #if defined(USE_NSS) |
| 37 crypto::ScopedPK11Slot GetKeySlot() { | |
| 38 return crypto::ScopedPK11Slot(crypto::GetPersistentNSSKeySlot()); | |
| 39 } | |
| 40 | |
| 41 #if defined(OS_CHROMEOS) | |
|
Ryan Sleevi
2014/07/14 21:54:25
Is there any reason you restrict this to ChromeOS?
pneubeck (no reviews)
2014/07/15 13:22:22
Ack. Not sure why the restriction was there before
| |
| 35 crypto::ScopedTestNSSDB test_nss_db_; | 42 crypto::ScopedTestNSSDB test_nss_db_; |
| 36 #endif | 43 #endif |
| 44 #endif | |
| 37 }; | 45 }; |
| 38 | 46 |
| 39 // Assert that |result| is a valid output for KeygenHandler given challenge | 47 // Assert that |result| is a valid output for KeygenHandler given challenge |
| 40 // string of |challenge|. | 48 // string of |challenge|. |
| 41 void AssertValidSignedPublicKeyAndChallenge(const std::string& result, | 49 void AssertValidSignedPublicKeyAndChallenge(const std::string& result, |
| 42 const std::string& challenge) { | 50 const std::string& challenge) { |
| 43 ASSERT_GT(result.length(), 0U); | 51 ASSERT_GT(result.length(), 0U); |
| 44 | 52 |
| 45 // Verify it's valid base64: | 53 // Verify it's valid base64: |
| 46 std::string spkac; | 54 std::string spkac; |
| (...skipping 20 matching lines...) Expand all Loading... | |
| 67 // Signature Algorithm: md5WithRSAEncryption | 75 // Signature Algorithm: md5WithRSAEncryption |
| 68 // 92:f3:cc:ff:0b:d3:d0:4a:3a:4c:ba:ff:d6:38:7f:a5:4b:b5: ..... | 76 // 92:f3:cc:ff:0b:d3:d0:4a:3a:4c:ba:ff:d6:38:7f:a5:4b:b5: ..... |
| 69 // Signature OK | 77 // Signature OK |
| 70 // | 78 // |
| 71 // The value of |spkac| can be ASN.1-parsed with: | 79 // The value of |spkac| can be ASN.1-parsed with: |
| 72 // openssl asn1parse -inform DER | 80 // openssl asn1parse -inform DER |
| 73 } | 81 } |
| 74 | 82 |
| 75 TEST_F(KeygenHandlerTest, SmokeTest) { | 83 TEST_F(KeygenHandlerTest, SmokeTest) { |
| 76 KeygenHandler handler(768, "some challenge", GURL("http://www.example.com")); | 84 KeygenHandler handler(768, "some challenge", GURL("http://www.example.com")); |
| 85 #if defined(USE_NSS) | |
| 86 handler.set_key_slot(GetKeySlot().get()); | |
| 87 #endif | |
| 77 handler.set_stores_key(false); // Don't leave the key-pair behind | 88 handler.set_stores_key(false); // Don't leave the key-pair behind |
| 78 std::string result = handler.GenKeyAndSignChallenge(); | 89 std::string result = handler.GenKeyAndSignChallenge(); |
| 79 VLOG(1) << "KeygenHandler produced: " << result; | 90 VLOG(1) << "KeygenHandler produced: " << result; |
| 80 AssertValidSignedPublicKeyAndChallenge(result, "some challenge"); | 91 AssertValidSignedPublicKeyAndChallenge(result, "some challenge"); |
| 81 } | 92 } |
| 82 | 93 |
| 83 void ConcurrencyTestCallback(base::WaitableEvent* event, | 94 void ConcurrencyTestCallback(base::WaitableEvent* event, |
| 84 const std::string& challenge, | 95 const std::string& challenge, |
| 96 #if defined(USE_NSS) | |
| 97 PK11SlotInfo* slot, | |
| 98 #endif | |
|
Ryan Sleevi
2014/07/14 21:54:25
I'm not at all a fan of embedding #ifdefs# like th
pneubeck (no reviews)
2014/07/15 13:22:21
Yeah, this was a rather quick hack to see whether
| |
| 85 std::string* result) { | 99 std::string* result) { |
| 86 // We allow Singleton use on the worker thread here since we use a | 100 // We allow Singleton use on the worker thread here since we use a |
| 87 // WaitableEvent to synchronize, so it's safe. | 101 // WaitableEvent to synchronize, so it's safe. |
| 88 base::ThreadRestrictions::ScopedAllowSingleton scoped_allow_singleton; | 102 base::ThreadRestrictions::ScopedAllowSingleton scoped_allow_singleton; |
| 89 KeygenHandler handler(768, challenge, GURL("http://www.example.com")); | 103 KeygenHandler handler(768, challenge, GURL("http://www.example.com")); |
| 104 #if defined(USE_NSS) | |
| 105 handler.set_key_slot(slot); | |
| 106 #endif | |
| 90 handler.set_stores_key(false); // Don't leave the key-pair behind. | 107 handler.set_stores_key(false); // Don't leave the key-pair behind. |
| 91 *result = handler.GenKeyAndSignChallenge(); | 108 *result = handler.GenKeyAndSignChallenge(); |
| 92 event->Signal(); | 109 event->Signal(); |
| 93 #if defined(USE_NSS) | 110 #if defined(USE_NSS) |
| 94 // Detach the thread from NSPR. | 111 // Detach the thread from NSPR. |
| 95 // Calling NSS functions attaches the thread to NSPR, which stores | 112 // Calling NSS functions attaches the thread to NSPR, which stores |
| 96 // the NSPR thread ID in thread-specific data. | 113 // the NSPR thread ID in thread-specific data. |
| 97 // The threads in our thread pool terminate after we have called | 114 // The threads in our thread pool terminate after we have called |
| 98 // PR_Cleanup. Unless we detach them from NSPR, net_unittests gets | 115 // PR_Cleanup. Unless we detach them from NSPR, net_unittests gets |
| 99 // segfaults on shutdown when the threads' thread-specific data | 116 // segfaults on shutdown when the threads' thread-specific data |
| 100 // destructors run. | 117 // destructors run. |
| 101 PR_DetachThread(); | 118 PR_DetachThread(); |
| 102 #endif | 119 #endif |
| 103 } | 120 } |
| 104 | 121 |
| 105 // We asynchronously generate the keys so as not to hang up the IO thread. This | 122 // We asynchronously generate the keys so as not to hang up the IO thread. This |
| 106 // test tries to catch concurrency problems in the keygen implementation. | 123 // test tries to catch concurrency problems in the keygen implementation. |
| 107 TEST_F(KeygenHandlerTest, ConcurrencyTest) { | 124 TEST_F(KeygenHandlerTest, ConcurrencyTest) { |
| 125 #if defined(USE_NSS) | |
| 126 crypto::ScopedPK11Slot slot = GetKeySlot(); | |
| 127 #endif | |
| 108 const int NUM_HANDLERS = 5; | 128 const int NUM_HANDLERS = 5; |
| 109 base::WaitableEvent* events[NUM_HANDLERS] = { NULL }; | 129 base::WaitableEvent* events[NUM_HANDLERS] = { NULL }; |
| 110 std::string results[NUM_HANDLERS]; | 130 std::string results[NUM_HANDLERS]; |
| 111 for (int i = 0; i < NUM_HANDLERS; i++) { | 131 for (int i = 0; i < NUM_HANDLERS; i++) { |
| 112 events[i] = new base::WaitableEvent(false, false); | 132 events[i] = new base::WaitableEvent(false, false); |
| 113 base::WorkerPool::PostTask( | 133 base::WorkerPool::PostTask(FROM_HERE, |
| 114 FROM_HERE, | 134 base::Bind(ConcurrencyTestCallback, |
| 115 base::Bind(ConcurrencyTestCallback, events[i], "some challenge", | 135 events[i], |
| 116 &results[i]), | 136 "some challenge", |
| 117 true); | 137 #if defined(USE_NSS) |
| 138 slot.get(), | |
| 139 #endif | |
| 140 &results[i]), | |
|
Ryan Sleevi
2014/07/14 21:54:25
Perhaps wrapping this base::Bind()ing into a helpe
pneubeck (no reviews)
2014/07/15 13:22:22
The handler doesn't have to be constructed in on t
| |
| 141 true); | |
| 118 } | 142 } |
| 119 | 143 |
| 120 for (int i = 0; i < NUM_HANDLERS; i++) { | 144 for (int i = 0; i < NUM_HANDLERS; i++) { |
| 121 // Make sure the job completed | 145 // Make sure the job completed |
| 122 events[i]->Wait(); | 146 events[i]->Wait(); |
| 123 delete events[i]; | 147 delete events[i]; |
| 124 events[i] = NULL; | 148 events[i] = NULL; |
| 125 | 149 |
| 126 VLOG(1) << "KeygenHandler " << i << " produced: " << results[i]; | 150 VLOG(1) << "KeygenHandler " << i << " produced: " << results[i]; |
| 127 AssertValidSignedPublicKeyAndChallenge(results[i], "some challenge"); | 151 AssertValidSignedPublicKeyAndChallenge(results[i], "some challenge"); |
| 128 } | 152 } |
| 129 } | 153 } |
| 130 | 154 |
| 131 } // namespace | 155 } // namespace |
| 132 | 156 |
| 133 } // namespace net | 157 } // namespace net |
| OLD | NEW |
