diff options
| -rw-r--r-- | net/base/keygen_handler_openssl.cc | 32 | ||||
| -rw-r--r-- | net/base/keygen_handler_unittest.cc | 29 |
2 files changed, 37 insertions, 24 deletions
diff --git a/net/base/keygen_handler_openssl.cc b/net/base/keygen_handler_openssl.cc index ecbd683..b04f098 100644 --- a/net/base/keygen_handler_openssl.cc +++ b/net/base/keygen_handler_openssl.cc @@ -4,14 +4,40 @@ #include "net/base/keygen_handler.h" +#include <openssl/ssl.h> + +#include "base/crypto/rsa_private_key.h" #include "base/logging.h" +#include "base/openssl_util.h" +#include "base/scoped_ptr.h" namespace net { std::string KeygenHandler::GenKeyAndSignChallenge() { - // TODO(bulach): implement me. - NOTIMPLEMENTED(); - return ""; + scoped_ptr<base::RSAPrivateKey> key( + base::RSAPrivateKey::Create(key_size_in_bits_)); + EVP_PKEY* pkey = key->key(); + + if (stores_key_) { + // TODO(joth): Add an abstraction for persisting OpenSSL private keys. + // See http://crbug.com/64917 + NOTIMPLEMENTED(); + } + + base::ScopedOpenSSL<NETSCAPE_SPKI, NETSCAPE_SPKI_free> spki( + NETSCAPE_SPKI_new()); + ASN1_STRING_set(spki.get()->spkac->challenge, + challenge_.data(), challenge_.size()); + NETSCAPE_SPKI_set_pubkey(spki.get(), pkey); + // Using MD5 as this is what is required in HTML5, even though the SPKI + // structure does allow the use of a SHA-1 signature. + NETSCAPE_SPKI_sign(spki.get(), pkey, EVP_md5()); + char* spkistr = NETSCAPE_SPKI_b64_encode(spki.get()); + + std::string result(spkistr); + OPENSSL_free(spkistr); + + return result; } } // namespace net diff --git a/net/base/keygen_handler_unittest.cc b/net/base/keygen_handler_unittest.cc index 408eb76..f4251f2 100644 --- a/net/base/keygen_handler_unittest.cc +++ b/net/base/keygen_handler_unittest.cc @@ -4,14 +4,9 @@ #include "net/base/keygen_handler.h" -#include "build/build_config.h" // Needs to be imported early for USE_NSS - -#if defined(USE_NSS) -#include <private/pprthred.h> // PR_DetachThread -#endif - #include <string> +#include "build/build_config.h" #include "base/base64.h" #include "base/logging.h" #include "base/nss_util.h" @@ -21,6 +16,10 @@ #include "base/worker_pool.h" #include "testing/gtest/include/gtest/gtest.h" +#if defined(USE_NSS) +#include <private/pprthred.h> // PR_DetachThread +#endif + namespace net { namespace { @@ -73,13 +72,7 @@ void AssertValidSignedPublicKeyAndChallenge(const std::string& result, // openssl asn1parse -inform DER } -// Keygen not yet implemented for OpenSSL: http://crbug.com/64917 -#if defined(USE_OPENSSL) -#define MAYBE_SmokeTest FAILS_SmokeTest -#else -#define MAYBE_SmokeTest SmokeTest -#endif -TEST_F(KeygenHandlerTest, MAYBE_SmokeTest) { +TEST_F(KeygenHandlerTest, SmokeTest) { KeygenHandler handler(768, "some challenge", GURL("http://www.example.com")); handler.set_stores_key(false); // Don't leave the key-pair behind std::string result = handler.GenKeyAndSignChallenge(); @@ -102,7 +95,7 @@ class ConcurrencyTestTask : public Task { base::ThreadRestrictions::ScopedAllowSingleton scoped_allow_singleton; KeygenHandler handler(768, "some challenge", GURL("http://www.example.com")); - handler.set_stores_key(false); // Don't leave the key-pair behind. + handler.set_stores_key(false); // Don't leave the key-pair behind. *result_ = handler.GenKeyAndSignChallenge(); event_->Signal(); #if defined(USE_NSS) @@ -123,15 +116,9 @@ class ConcurrencyTestTask : public Task { std::string* result_; }; -// Keygen not yet implemented for OpenSSL: http://crbug.com/64917 -#if defined(USE_OPENSSL) -#define MAYBE_ConcurrencyTest FAILS_ConcurrencyTest -#else -#define MAYBE_ConcurrencyTest ConcurrencyTest -#endif // We asynchronously generate the keys so as not to hang up the IO thread. This // test tries to catch concurrency problems in the keygen implementation. -TEST_F(KeygenHandlerTest, MAYBE_ConcurrencyTest) { +TEST_F(KeygenHandlerTest, ConcurrencyTest) { const int NUM_HANDLERS = 5; base::WaitableEvent* events[NUM_HANDLERS] = { NULL }; std::string results[NUM_HANDLERS]; |