// Copyright (c) 2011 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "net/base/keygen_handler.h"

#include <stdint.h>

#include <string>
#include <utility>

#include "base/base64.h"
#include "base/bind.h"
#include "base/location.h"
#include "base/logging.h"
#include "base/strings/string_piece.h"
#include "base/synchronization/waitable_event.h"
#include "base/threading/thread_restrictions.h"
#include "base/threading/worker_pool.h"
#include "build/build_config.h"
#include "testing/gtest/include/gtest/gtest.h"
#include "third_party/boringssl/src/include/openssl/bytestring.h"
#include "third_party/boringssl/src/include/openssl/evp.h"

#if defined(USE_NSS_CERTS)
#include <private/pprthred.h>  // PR_DetachThread
#include "crypto/nss_crypto_module_delegate.h"
#include "crypto/scoped_test_nss_db.h"
#endif

namespace net {

namespace {

#if defined(USE_NSS_CERTS)
class StubCryptoModuleDelegate : public crypto::NSSCryptoModuleDelegate {
  public:
   explicit StubCryptoModuleDelegate(crypto::ScopedPK11Slot slot)
       : slot_(std::move(slot)) {}

   std::string RequestPassword(const std::string& slot_name,
                               bool retry,
                               bool* cancelled) override {
     return std::string();
   }

   crypto::ScopedPK11Slot RequestSlot() override {
     return crypto::ScopedPK11Slot(PK11_ReferenceSlot(slot_.get()));
   }

  private:
   crypto::ScopedPK11Slot slot_;
};
#endif

const char kChallenge[] = "some challenge";

class KeygenHandlerTest : public ::testing::Test {
 public:
  KeygenHandlerTest() {}
  ~KeygenHandlerTest() override {}

  std::unique_ptr<KeygenHandler> CreateKeygenHandler() {
    std::unique_ptr<KeygenHandler> handler(
        new KeygenHandler(768, kChallenge, GURL("http://www.example.com")));
#if defined(USE_NSS_CERTS)
    handler->set_crypto_module_delegate(
        std::unique_ptr<crypto::NSSCryptoModuleDelegate>(
            new StubCryptoModuleDelegate(crypto::ScopedPK11Slot(
                PK11_ReferenceSlot(test_nss_db_.slot())))));
#endif
    return handler;
  }

 private:
#if defined(USE_NSS_CERTS)
  crypto::ScopedTestNSSDB test_nss_db_;
#endif
};

base::StringPiece StringPieceFromCBS(const CBS& cbs) {
  return base::StringPiece(reinterpret_cast<const char*>(CBS_data(&cbs)),
                           CBS_len(&cbs));
}

// Assert that |result| is a valid output for KeygenHandler given challenge
// string of |challenge|.
void AssertValidSignedPublicKeyAndChallenge(const std::string& result,
                                            const std::string& challenge) {
  // Verify it's valid base64:
  std::string spkac;
  ASSERT_TRUE(base::Base64Decode(result, &spkac));

  // Parse the following structure:
  //
  //   PublicKeyAndChallenge ::= SEQUENCE {
  //     spki SubjectPublicKeyInfo,
  //     challenge IA5STRING
  //   }
  //   SignedPublicKeyAndChallenge ::= SEQUENCE {
  //     publicKeyAndChallenge PublicKeyAndChallenge,
  //     signatureAlgorithm AlgorithmIdentifier,
  //     signature BIT STRING
  //   }

  CBS cbs;
  CBS_init(&cbs, reinterpret_cast<const uint8_t*>(spkac.data()), spkac.size());

  // The input should consist of a SEQUENCE.
  CBS child;
  ASSERT_TRUE(CBS_get_asn1(&cbs, &child, CBS_ASN1_SEQUENCE));
  ASSERT_EQ(0u, CBS_len(&cbs));

  // Extract the raw PublicKeyAndChallenge.
  CBS public_key_and_challenge_raw;
  ASSERT_TRUE(CBS_get_asn1_element(&child, &public_key_and_challenge_raw,
                                   CBS_ASN1_SEQUENCE));

  // Parse out the PublicKeyAndChallenge.
  CBS copy = public_key_and_challenge_raw;
  CBS public_key_and_challenge;
  ASSERT_TRUE(
      CBS_get_asn1(&copy, &public_key_and_challenge, CBS_ASN1_SEQUENCE));
  ASSERT_EQ(0u, CBS_len(&copy));
  bssl::UniquePtr<EVP_PKEY> key(
      EVP_parse_public_key(&public_key_and_challenge));
  ASSERT_TRUE(key);
  CBS challenge_spkac;
  ASSERT_TRUE(CBS_get_asn1(&public_key_and_challenge, &challenge_spkac,
                           CBS_ASN1_IA5STRING));
  ASSERT_EQ(0u, CBS_len(&public_key_and_challenge));

  // The challenge must match.
  ASSERT_EQ(challenge, StringPieceFromCBS(challenge_spkac));

  // The next element must be the AlgorithmIdentifier for MD5 with RSA.
  static const uint8_t kMd5WithRsaEncryption[] = {
      0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
      0xf7, 0x0d, 0x01, 0x01, 0x04, 0x05, 0x00,
  };
  CBS algorithm;
  ASSERT_TRUE(CBS_get_bytes(&child, &algorithm, sizeof(kMd5WithRsaEncryption)));
  ASSERT_EQ(
      base::StringPiece(reinterpret_cast<const char*>(kMd5WithRsaEncryption),
                        sizeof(kMd5WithRsaEncryption)),
      StringPieceFromCBS(algorithm));

  // Finally, parse the signature.
  CBS signature;
  ASSERT_TRUE(CBS_get_asn1(&child, &signature, CBS_ASN1_BITSTRING));
  ASSERT_EQ(0u, CBS_len(&child));
  uint8_t pad;
  ASSERT_TRUE(CBS_get_u8(&signature, &pad));
  ASSERT_EQ(0u, pad);

  // Check the signature.
  bssl::ScopedEVP_MD_CTX ctx;
  ASSERT_TRUE(
      EVP_DigestVerifyInit(ctx.get(), nullptr, EVP_md5(), nullptr, key.get()));
  ASSERT_TRUE(EVP_DigestVerifyUpdate(ctx.get(),
                                     CBS_data(&public_key_and_challenge_raw),
                                     CBS_len(&public_key_and_challenge_raw)));
  ASSERT_TRUE(EVP_DigestVerifyFinal(ctx.get(), CBS_data(&signature),
                                    CBS_len(&signature)));
}

TEST_F(KeygenHandlerTest, SmokeTest) {
  std::unique_ptr<KeygenHandler> handler(CreateKeygenHandler());
  handler->set_stores_key(false);  // Don't leave the key-pair behind
  std::string result = handler->GenKeyAndSignChallenge();
  VLOG(1) << "KeygenHandler produced: " << result;
  AssertValidSignedPublicKeyAndChallenge(result, kChallenge);
}

void ConcurrencyTestCallback(const std::string& challenge,
                             base::WaitableEvent* event,
                             std::unique_ptr<KeygenHandler> handler,
                             std::string* result) {
  // We allow Singleton use on the worker thread here since we use a
  // WaitableEvent to synchronize, so it's safe.
  base::ThreadRestrictions::ScopedAllowSingleton scoped_allow_singleton;
  handler->set_stores_key(false);  // Don't leave the key-pair behind.
  *result = handler->GenKeyAndSignChallenge();
  event->Signal();
#if defined(USE_NSS_CERTS)
  // Detach the thread from NSPR.
  // Calling NSS functions attaches the thread to NSPR, which stores
  // the NSPR thread ID in thread-specific data.
  // The threads in our thread pool terminate after we have called
  // PR_Cleanup.  Unless we detach them from NSPR, net_unittests gets
  // segfaults on shutdown when the threads' thread-specific data
  // destructors run.
  PR_DetachThread();
#endif
}

// We asynchronously generate the keys so as not to hang up the IO thread. This
// test tries to catch concurrency problems in the keygen implementation.
TEST_F(KeygenHandlerTest, ConcurrencyTest) {
  const int NUM_HANDLERS = 5;
  base::WaitableEvent* events[NUM_HANDLERS] = { NULL };
  std::string results[NUM_HANDLERS];
  for (int i = 0; i < NUM_HANDLERS; i++) {
    std::unique_ptr<KeygenHandler> handler(CreateKeygenHandler());
    events[i] = new base::WaitableEvent(
        base::WaitableEvent::ResetPolicy::AUTOMATIC,
        base::WaitableEvent::InitialState::NOT_SIGNALED);
    base::WorkerPool::PostTask(FROM_HERE,
                               base::Bind(ConcurrencyTestCallback,
                                          "some challenge",
                                          events[i],
                                          base::Passed(&handler),
                                          &results[i]),
                               true);
  }

  for (int i = 0; i < NUM_HANDLERS; i++) {
    // Make sure the job completed
    events[i]->Wait();
    delete events[i];
    events[i] = NULL;

    VLOG(1) << "KeygenHandler " << i << " produced: " << results[i];
    AssertValidSignedPublicKeyAndChallenge(results[i], "some challenge");
  }
}

}  // namespace

}  // namespace net