net/base/keygen_handler_unittest.cc

   1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "net/base/keygen_handler.h"
   6
   7 #include <string>
   8
   9 #include "base/base64.h"
  10 #include "base/bind.h"
  11 #include "base/location.h"
  12 #include "base/logging.h"
  13 #include "base/threading/worker_pool.h"
  14 #include "base/threading/thread_restrictions.h"
  15 #include "base/synchronization/waitable_event.h"
  16 #include "build/build_config.h"
  17 #include "crypto/nss_util.h"
  18 #include "testing/gtest/include/gtest/gtest.h"
  19
  20 #if defined(USE_NSS)
  21 #include <private/pprthred.h>  // PR_DetachThread
  22 #endif
  23
  24 namespace net {
  25
  26 namespace {
  27
  28 class KeygenHandlerTest : public ::testing::Test {
  29  public:
  30   KeygenHandlerTest() {}
  31   virtual ~KeygenHandlerTest() {}
  32
  33   virtual void SetUp() {
  34 #if defined(OS_CHROMEOS) && defined(USE_NSS)
  35     crypto::OpenPersistentNSSDB();
  36 #endif
  37   }
  38 };
  39
  40 // Assert that |result| is a valid output for KeygenHandler given challenge
  41 // string of |challenge|.
  42 void AssertValidSignedPublicKeyAndChallenge(const std::string& result,
  43                                             const std::string& challenge) {
  44   ASSERT_GT(result.length(), 0U);
  45
  46   // Verify it's valid base64:
  47   std::string spkac;
  48   ASSERT_TRUE(base::Base64Decode(result, &spkac));
  49   // In lieu of actually parsing and validating the DER data,
  50   // just check that it exists and has a reasonable length.
  51   // (It's almost always 590 bytes, but the DER encoding of the random key
  52   // and signature could sometimes be a few bytes different.)
  53   ASSERT_GE(spkac.length(), 200U);
  54   ASSERT_LE(spkac.length(), 300U);
  55
  56   // NOTE:
  57   // The value of |result| can be validated by prefixing 'SPKAC=' to it
  58   // and piping it through
  59   //   openssl spkac -verify
  60   // whose output should look like:
  61   //   Netscape SPKI:
  62   //     Public Key Algorithm: rsaEncryption
  63   //     RSA Public Key: (2048 bit)
  64   //     Modulus (2048 bit):
  65   //         00:b6:cc:14:c9:43:b5:2d:51:65:7e:11:8b:80:9e: .....
  66   //     Exponent: 65537 (0x10001)
  67   //     Challenge String: some challenge
  68   //     Signature Algorithm: md5WithRSAEncryption
  69   //         92:f3:cc:ff:0b:d3:d0:4a:3a:4c:ba:ff:d6:38:7f:a5:4b:b5: .....
  70   //   Signature OK
  71   //
  72   // The value of |spkac| can be ASN.1-parsed with:
  73   //    openssl asn1parse -inform DER
  74 }
  75
  76 TEST_F(KeygenHandlerTest, SmokeTest) {
  77   KeygenHandler handler(768, "some challenge", GURL("http://www.example.com"));
  78   handler.set_stores_key(false);  // Don't leave the key-pair behind
  79   std::string result = handler.GenKeyAndSignChallenge();
  80   VLOG(1) << "KeygenHandler produced: " << result;
  81   AssertValidSignedPublicKeyAndChallenge(result, "some challenge");
  82 }
  83
  84 void ConcurrencyTestCallback(base::WaitableEvent* event,
  85                              const std::string& challenge,
  86                              std::string* result) {
  87   // We allow Singleton use on the worker thread here since we use a
  88   // WaitableEvent to synchronize, so it's safe.
  89   base::ThreadRestrictions::ScopedAllowSingleton scoped_allow_singleton;
  90   KeygenHandler handler(768, challenge, GURL("http://www.example.com"));
  91   handler.set_stores_key(false);  // Don't leave the key-pair behind.
  92   *result = handler.GenKeyAndSignChallenge();
  93   event->Signal();
  94 #if defined(USE_NSS)
  95   // Detach the thread from NSPR.
  96   // Calling NSS functions attaches the thread to NSPR, which stores
  97   // the NSPR thread ID in thread-specific data.
  98   // The threads in our thread pool terminate after we have called
  99   // PR_Cleanup.  Unless we detach them from NSPR, net_unittests gets
 100   // segfaults on shutdown when the threads' thread-specific data
 101   // destructors run.
 102   PR_DetachThread();
 103 #endif
 104 }
 105
 106 // We asynchronously generate the keys so as not to hang up the IO thread. This
 107 // test tries to catch concurrency problems in the keygen implementation.
 108 TEST_F(KeygenHandlerTest, ConcurrencyTest) {
 109   const int NUM_HANDLERS = 5;
 110   base::WaitableEvent* events[NUM_HANDLERS] = { NULL };
 111   std::string results[NUM_HANDLERS];
 112   for (int i = 0; i < NUM_HANDLERS; i++) {
 113     events[i] = new base::WaitableEvent(false, false);
 114     base::WorkerPool::PostTask(
 115         FROM_HERE,
 116         base::Bind(ConcurrencyTestCallback, events[i], "some challenge",
 117                    &results[i]),
 118         true);
 119   }
 120
 121   for (int i = 0; i < NUM_HANDLERS; i++) {
 122     // Make sure the job completed
 123     events[i]->Wait();
 124     delete events[i];
 125     events[i] = NULL;
 126
 127     VLOG(1) << "KeygenHandler " << i << " produced: " << results[i];
 128     AssertValidSignedPublicKeyAndChallenge(results[i], "some challenge");
 129   }
 130 }
 131
 132 }  // namespace
 133
 134 }  // namespace net