| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "net/base/keygen_handler.h" | |
| 6 | |
| 7 #include <string> | |
| 8 | |
| 9 #include "base/base64.h" | |
| 10 #include "base/bind.h" | |
| 11 #include "base/location.h" | |
| 12 #include "base/logging.h" | |
| 13 #include "base/threading/worker_pool.h" | |
| 14 #include "base/threading/thread_restrictions.h" | |
| 15 #include "base/synchronization/waitable_event.h" | |
| 16 #include "build/build_config.h" | |
| 17 #include "testing/gtest/include/gtest/gtest.h" | |
| 18 | |
| 19 #if defined(USE_NSS) | |
| 20 #include <private/pprthred.h> // PR_DetachThread | |
| 21 #include "crypto/nss_crypto_module_delegate.h" | |
| 22 #include "crypto/scoped_test_nss_db.h" | |
| 23 #endif | |
| 24 | |
| 25 namespace net { | |
| 26 | |
| 27 namespace { | |
| 28 | |
| 29 #if defined(USE_NSS) | |
| 30 class StubCryptoModuleDelegate : public crypto::NSSCryptoModuleDelegate { | |
| 31 public: | |
| 32 explicit StubCryptoModuleDelegate(crypto::ScopedPK11Slot slot) | |
| 33 : slot_(slot.Pass()) {} | |
| 34 | |
| 35 std::string RequestPassword(const std::string& slot_name, | |
| 36 bool retry, | |
| 37 bool* cancelled) override { | |
| 38 return std::string(); | |
| 39 } | |
| 40 | |
| 41 crypto::ScopedPK11Slot RequestSlot() override { | |
| 42 return crypto::ScopedPK11Slot(PK11_ReferenceSlot(slot_.get())); | |
| 43 } | |
| 44 | |
| 45 private: | |
| 46 crypto::ScopedPK11Slot slot_; | |
| 47 }; | |
| 48 #endif | |
| 49 | |
| 50 class KeygenHandlerTest : public ::testing::Test { | |
| 51 public: | |
| 52 KeygenHandlerTest() {} | |
| 53 ~KeygenHandlerTest() override {} | |
| 54 | |
| 55 scoped_ptr<KeygenHandler> CreateKeygenHandler() { | |
| 56 scoped_ptr<KeygenHandler> handler(new KeygenHandler( | |
| 57 768, "some challenge", GURL("http://www.example.com"))); | |
| 58 #if defined(USE_NSS) | |
| 59 handler->set_crypto_module_delegate( | |
| 60 scoped_ptr<crypto::NSSCryptoModuleDelegate>( | |
| 61 new StubCryptoModuleDelegate(crypto::ScopedPK11Slot( | |
| 62 PK11_ReferenceSlot(test_nss_db_.slot()))))); | |
| 63 #endif | |
| 64 return handler.Pass(); | |
| 65 } | |
| 66 | |
| 67 private: | |
| 68 #if defined(USE_NSS) | |
| 69 crypto::ScopedTestNSSDB test_nss_db_; | |
| 70 #endif | |
| 71 }; | |
| 72 | |
| 73 // Assert that |result| is a valid output for KeygenHandler given challenge | |
| 74 // string of |challenge|. | |
| 75 void AssertValidSignedPublicKeyAndChallenge(const std::string& result, | |
| 76 const std::string& challenge) { | |
| 77 ASSERT_GT(result.length(), 0U); | |
| 78 | |
| 79 // Verify it's valid base64: | |
| 80 std::string spkac; | |
| 81 ASSERT_TRUE(base::Base64Decode(result, &spkac)); | |
| 82 // In lieu of actually parsing and validating the DER data, | |
| 83 // just check that it exists and has a reasonable length. | |
| 84 // (It's almost always 590 bytes, but the DER encoding of the random key | |
| 85 // and signature could sometimes be a few bytes different.) | |
| 86 ASSERT_GE(spkac.length(), 200U); | |
| 87 ASSERT_LE(spkac.length(), 300U); | |
| 88 | |
| 89 // NOTE: | |
| 90 // The value of |result| can be validated by prefixing 'SPKAC=' to it | |
| 91 // and piping it through | |
| 92 // openssl spkac -verify | |
| 93 // whose output should look like: | |
| 94 // Netscape SPKI: | |
| 95 // Public Key Algorithm: rsaEncryption | |
| 96 // RSA Public Key: (2048 bit) | |
| 97 // Modulus (2048 bit): | |
| 98 // 00:b6:cc:14:c9:43:b5:2d:51:65:7e:11:8b:80:9e: ..... | |
| 99 // Exponent: 65537 (0x10001) | |
| 100 // Challenge String: some challenge | |
| 101 // Signature Algorithm: md5WithRSAEncryption | |
| 102 // 92:f3:cc:ff:0b:d3:d0:4a:3a:4c:ba:ff:d6:38:7f:a5:4b:b5: ..... | |
| 103 // Signature OK | |
| 104 // | |
| 105 // The value of |spkac| can be ASN.1-parsed with: | |
| 106 // openssl asn1parse -inform DER | |
| 107 } | |
| 108 | |
| 109 TEST_F(KeygenHandlerTest, SmokeTest) { | |
| 110 scoped_ptr<KeygenHandler> handler(CreateKeygenHandler()); | |
| 111 handler->set_stores_key(false); // Don't leave the key-pair behind | |
| 112 std::string result = handler->GenKeyAndSignChallenge(); | |
| 113 VLOG(1) << "KeygenHandler produced: " << result; | |
| 114 AssertValidSignedPublicKeyAndChallenge(result, "some challenge"); | |
| 115 } | |
| 116 | |
| 117 void ConcurrencyTestCallback(const std::string& challenge, | |
| 118 base::WaitableEvent* event, | |
| 119 scoped_ptr<KeygenHandler> handler, | |
| 120 std::string* result) { | |
| 121 // We allow Singleton use on the worker thread here since we use a | |
| 122 // WaitableEvent to synchronize, so it's safe. | |
| 123 base::ThreadRestrictions::ScopedAllowSingleton scoped_allow_singleton; | |
| 124 handler->set_stores_key(false); // Don't leave the key-pair behind. | |
| 125 *result = handler->GenKeyAndSignChallenge(); | |
| 126 event->Signal(); | |
| 127 #if defined(USE_NSS) | |
| 128 // Detach the thread from NSPR. | |
| 129 // Calling NSS functions attaches the thread to NSPR, which stores | |
| 130 // the NSPR thread ID in thread-specific data. | |
| 131 // The threads in our thread pool terminate after we have called | |
| 132 // PR_Cleanup. Unless we detach them from NSPR, net_unittests gets | |
| 133 // segfaults on shutdown when the threads' thread-specific data | |
| 134 // destructors run. | |
| 135 PR_DetachThread(); | |
| 136 #endif | |
| 137 } | |
| 138 | |
| 139 // We asynchronously generate the keys so as not to hang up the IO thread. This | |
| 140 // test tries to catch concurrency problems in the keygen implementation. | |
| 141 TEST_F(KeygenHandlerTest, ConcurrencyTest) { | |
| 142 const int NUM_HANDLERS = 5; | |
| 143 base::WaitableEvent* events[NUM_HANDLERS] = { NULL }; | |
| 144 std::string results[NUM_HANDLERS]; | |
| 145 for (int i = 0; i < NUM_HANDLERS; i++) { | |
| 146 scoped_ptr<KeygenHandler> handler(CreateKeygenHandler()); | |
| 147 events[i] = new base::WaitableEvent(false, false); | |
| 148 base::WorkerPool::PostTask(FROM_HERE, | |
| 149 base::Bind(ConcurrencyTestCallback, | |
| 150 "some challenge", | |
| 151 events[i], | |
| 152 base::Passed(&handler), | |
| 153 &results[i]), | |
| 154 true); | |
| 155 } | |
| 156 | |
| 157 for (int i = 0; i < NUM_HANDLERS; i++) { | |
| 158 // Make sure the job completed | |
| 159 events[i]->Wait(); | |
| 160 delete events[i]; | |
| 161 events[i] = NULL; | |
| 162 | |
| 163 VLOG(1) << "KeygenHandler " << i << " produced: " << results[i]; | |
| 164 AssertValidSignedPublicKeyAndChallenge(results[i], "some challenge"); | |
| 165 } | |
| 166 } | |
| 167 | |
| 168 } // namespace | |
| 169 | |
| 170 } // namespace net | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 992733002:
Remove //net (except for Android test stuff) and sdch (Closed)
Base URL: git@github.com:domokit/mojo.git@master