| // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include "net/base/keygen_handler.h" |
| |
| #include <string> |
| |
| #include "build/build_config.h" |
| #include "base/base64.h" |
| #include "base/logging.h" |
| #include "base/task.h" |
| #include "base/threading/worker_pool.h" |
| #include "base/threading/thread_restrictions.h" |
| #include "base/synchronization/waitable_event.h" |
| #include "crypto/nss_util.h" |
| #include "testing/gtest/include/gtest/gtest.h" |
| |
| #if defined(USE_NSS) |
| #include <private/pprthred.h> // PR_DetachThread |
| #endif |
| |
| namespace net { |
| |
| namespace { |
| |
| class KeygenHandlerTest : public ::testing::Test { |
| public: |
| KeygenHandlerTest() {} |
| virtual ~KeygenHandlerTest() {} |
| |
| virtual void SetUp() { |
| #if defined(OS_CHROMEOS) |
| crypto::OpenPersistentNSSDB(); |
| #endif |
| } |
| }; |
| |
| // Assert that |result| is a valid output for KeygenHandler given challenge |
| // string of |challenge|. |
| void AssertValidSignedPublicKeyAndChallenge(const std::string& result, |
| const std::string& challenge) { |
| ASSERT_GT(result.length(), 0U); |
| |
| // Verify it's valid base64: |
| std::string spkac; |
| ASSERT_TRUE(base::Base64Decode(result, &spkac)); |
| // In lieu of actually parsing and validating the DER data, |
| // just check that it exists and has a reasonable length. |
| // (It's almost always 590 bytes, but the DER encoding of the random key |
| // and signature could sometimes be a few bytes different.) |
| ASSERT_GE(spkac.length(), 200U); |
| ASSERT_LE(spkac.length(), 300U); |
| |
| // NOTE: |
| // The value of |result| can be validated by prefixing 'SPKAC=' to it |
| // and piping it through |
| // openssl spkac -verify |
| // whose output should look like: |
| // Netscape SPKI: |
| // Public Key Algorithm: rsaEncryption |
| // RSA Public Key: (2048 bit) |
| // Modulus (2048 bit): |
| // 00:b6:cc:14:c9:43:b5:2d:51:65:7e:11:8b:80:9e: ..... |
| // Exponent: 65537 (0x10001) |
| // Challenge String: some challenge |
| // Signature Algorithm: md5WithRSAEncryption |
| // 92:f3:cc:ff:0b:d3:d0:4a:3a:4c:ba:ff:d6:38:7f:a5:4b:b5: ..... |
| // Signature OK |
| // |
| // The value of |spkac| can be ASN.1-parsed with: |
| // openssl asn1parse -inform DER |
| } |
| |
| TEST_F(KeygenHandlerTest, SmokeTest) { |
| KeygenHandler handler(768, "some challenge", GURL("http://www.example.com")); |
| handler.set_stores_key(false); // Don't leave the key-pair behind |
| std::string result = handler.GenKeyAndSignChallenge(); |
| VLOG(1) << "KeygenHandler produced: " << result; |
| AssertValidSignedPublicKeyAndChallenge(result, "some challenge"); |
| } |
| |
| class ConcurrencyTestTask : public Task { |
| public: |
| ConcurrencyTestTask(base::WaitableEvent* event, |
| const std::string& challenge, std::string* result) |
| : event_(event), |
| challenge_(challenge), |
| result_(result) { |
| } |
| |
| virtual void Run() { |
| // We allow Singleton use on the worker thread here since we use a |
| // WaitableEvent to synchronize, so it's safe. |
| base::ThreadRestrictions::ScopedAllowSingleton scoped_allow_singleton; |
| KeygenHandler handler(768, "some challenge", |
| GURL("http://www.example.com")); |
| handler.set_stores_key(false); // Don't leave the key-pair behind. |
| *result_ = handler.GenKeyAndSignChallenge(); |
| event_->Signal(); |
| #if defined(USE_NSS) |
| // Detach the thread from NSPR. |
| // Calling NSS functions attaches the thread to NSPR, which stores |
| // the NSPR thread ID in thread-specific data. |
| // The threads in our thread pool terminate after we have called |
| // PR_Cleanup. Unless we detach them from NSPR, net_unittests gets |
| // segfaults on shutdown when the threads' thread-specific data |
| // destructors run. |
| PR_DetachThread(); |
| #endif |
| } |
| |
| private: |
| base::WaitableEvent* event_; |
| std::string challenge_; |
| std::string* result_; |
| }; |
| |
| // We asynchronously generate the keys so as not to hang up the IO thread. This |
| // test tries to catch concurrency problems in the keygen implementation. |
| TEST_F(KeygenHandlerTest, ConcurrencyTest) { |
| const int NUM_HANDLERS = 5; |
| base::WaitableEvent* events[NUM_HANDLERS] = { NULL }; |
| std::string results[NUM_HANDLERS]; |
| for (int i = 0; i < NUM_HANDLERS; i++) { |
| events[i] = new base::WaitableEvent(false, false); |
| base::WorkerPool::PostTask( |
| FROM_HERE, |
| new ConcurrencyTestTask(events[i], "some challenge", &results[i]), |
| true); |
| } |
| |
| for (int i = 0; i < NUM_HANDLERS; i++) { |
| // Make sure the job completed |
| bool signaled = events[i]->Wait(); |
| EXPECT_TRUE(signaled); |
| delete events[i]; |
| events[i] = NULL; |
| |
| VLOG(1) << "KeygenHandler " << i << " produced: " << results[i]; |
| AssertValidSignedPublicKeyAndChallenge(results[i], "some challenge"); |
| } |
| } |
| |
| } // namespace |
| |
| } // namespace net |