Rename testCanSignHttpExchanges to canSignHttpExchangesDraft

The name of draft canSignHttpExchanges extension OID has renamed from id-ce-testCanSignHttpExchanges to id-ce-canSignHttpExchangesDraft in https://github.com/WICG/webpackage/pull/231. Bug: 851778 Change-Id: I1d6940d9f9028ea55d0ee2e86c854a02a9dd3b47 Reviewed-on: https://chromium-review.googlesource.com/1112894Reviewed-by: Ryan Sleevi <rsleevi@chromium.org> Reviewed-by: Kouhei Ueno <kouhei@chromium.org> Commit-Queue: Kunihiko Sakamoto <ksakamoto@chromium.org> Cr-Commit-Position: refs/heads/master@{#570316}

Rename testCanSignHttpExchanges to canSignHttpExchangesDraft
The name of draft canSignHttpExchanges extension OID has renamed from id-ce-testCanSignHttpExchanges to id-ce-canSignHttpExchangesDraft in https://github.com/WICG/webpackage/pull/231. Bug: 851778 Change-Id: I1d6940d9f9028ea55d0ee2e86c854a02a9dd3b47 Reviewed-on: https://chromium-review.googlesource.com/1112894Reviewed-by: Ryan Sleevi <rsleevi@chromium.org> Reviewed-by: Kouhei Ueno <kouhei@chromium.org> Commit-Queue: Kunihiko Sakamoto <ksakamoto@chromium.org> Cr-Commit-Position: refs/heads/master@{#570316}
97cfcf51 · Kunihiko Sakamoto · Commit Bot · 559f4a37 · 97cfcf51 · 97cfcf51
Commit 97cfcf51 authored Jun 26, 2018 by Kunihiko Sakamoto Committed by Commit Bot Jun 26, 2018
7 changed files
--- a/net/BUILD.gn
+++ b/net/BUILD.gn
@@ -2336,6 +2336,7 @@ bundle_data("test_support_bundle_data") {
    "data/ssl/certificates/aia-intermediate.der",
    "data/ssl/certificates/aia-root.pem",
    "data/ssl/certificates/bad_validity.pem",
+    "data/ssl/certificates/can_sign_http_exchanges_draft_extension.pem",
    "data/ssl/certificates/client-empty-password.p12",
    "data/ssl/certificates/client-nokey.p12",
    "data/ssl/certificates/client-null-password.p12",
@@ -2479,7 +2480,6 @@ bundle_data("test_support_bundle_data") {
    "data/ssl/certificates/start_after_expiry.pem",
    "data/ssl/certificates/subjectAltName_sanity_check.pem",
    "data/ssl/certificates/subjectAltName_www_example_com.pem",
-    "data/ssl/certificates/test_can_sign_http_exchanges_extension.pem",
    "data/ssl/certificates/thawte.single.pem",
    "data/ssl/certificates/tls_feature_extension.pem",
    "data/ssl/certificates/trustcenter.websecurity.symantec.com.pem",

--- a/net/cert/asn1_util.cc
+++ b/net/cert/asn1_util.cc
@@ -235,14 +235,14 @@ bool HasTLSFeatureExtension(base::StringPiece cert) {
  return HasExtensionWithOID(cert, der::Input(kTLSFeatureExtensionOID));
 }

-bool HasTestCanSignHttpExchangesExtension(base::StringPiece cert) {
-  // kTestCanSignHttpExchangesOid is the DER encoding of the OID for
-  // testCanSignHttpExchanges defined in:
+bool HasCanSignHttpExchangesDraftExtension(base::StringPiece cert) {
+  // kCanSignHttpExchangesDraftOid is the DER encoding of the OID for
+  // canSignHttpExchangesDraft defined in:
  // https://wicg.github.io/webpackage/draft-yasskin-http-origin-signed-responses.html
-  static const uint8_t kTestCanSignHttpExchangesOid[] = {
+  static const uint8_t kCanSignHttpExchangesDraftOid[] = {
      0x2B, 0x06, 0x01, 0x04, 0x01, 0xd6, 0x79, 0x02, 0x01, 0x16};

-  return HasExtensionWithOID(cert, der::Input(kTestCanSignHttpExchangesOid));
+  return HasExtensionWithOID(cert, der::Input(kCanSignHttpExchangesDraftOid));
 }

 bool ExtractSignatureAlgorithmsFromDERCert(

--- a/net/cert/asn1_util.h
+++ b/net/cert/asn1_util.h
@@ -41,12 +41,12 @@ NET_EXPORT_PRIVATE bool ExtractSubjectPublicKeyFromSPKI(
 // present or if there was a parsing failure.
 NET_EXPORT_PRIVATE bool HasTLSFeatureExtension(base::StringPiece cert);

-// HasTestCanSignHttpExchangesExtension parses the DER encoded certificate
-// in |cert| and extracts the testCanSignHttpExchangesExtension extension
+// HasCanSignHttpExchangesDraftExtension parses the DER encoded certificate
+// in |cert| and extracts the canSignHttpExchangesDraft extension
 // (https://wicg.github.io/webpackage/draft-yasskin-http-origin-signed-responses.html)
 // if present. Returns true if the extension was present, and false if
 // the extension was not present or if there was a parsing failure.
-NET_EXPORT bool HasTestCanSignHttpExchangesExtension(base::StringPiece cert);
+NET_EXPORT bool HasCanSignHttpExchangesDraftExtension(base::StringPiece cert);

 // Extracts the two (SEQUENCE) tag-length-values for the signature
 // AlgorithmIdentifiers in a DER encoded certificate. Does not use strict

--- a/net/cert/x509_certificate_unittest.cc
+++ b/net/cert/x509_certificate_unittest.cc
@@ -605,23 +605,23 @@ TEST(X509CertificateTest, DoesNotHaveTLSFeatureExtension) {
      x509_util::CryptoBufferAsStringPiece(cert->cert_buffer())));
 }

-TEST(X509CertificateTest, HasTestCanSignHttpExchangesExtension) {
+TEST(X509CertificateTest, HasCanSignHttpExchangesDraftExtension) {
  base::FilePath certs_dir = GetTestCertsDirectory();
  scoped_refptr<X509Certificate> cert = ImportCertFromFile(
-      certs_dir, "test_can_sign_http_exchanges_extension.pem");
+      certs_dir, "can_sign_http_exchanges_draft_extension.pem");
  ASSERT_NE(static_cast<X509Certificate*>(NULL), cert.get());

-  EXPECT_TRUE(asn1::HasTestCanSignHttpExchangesExtension(
+  EXPECT_TRUE(asn1::HasCanSignHttpExchangesDraftExtension(
      x509_util::CryptoBufferAsStringPiece(cert->cert_buffer())));
 }

-TEST(X509CertificateTest, DoesNotHaveTestCanSignHttpExchangesExtension) {
+TEST(X509CertificateTest, DoesNotHaveCanSignHttpExchangesDraftExtension) {
  base::FilePath certs_dir = GetTestCertsDirectory();
  scoped_refptr<X509Certificate> cert =
      ImportCertFromFile(certs_dir, "ok_cert.pem");
  ASSERT_NE(static_cast<X509Certificate*>(NULL), cert.get());

-  EXPECT_FALSE(asn1::HasTestCanSignHttpExchangesExtension(
+  EXPECT_FALSE(asn1::HasCanSignHttpExchangesDraftExtension(
      x509_util::CryptoBufferAsStringPiece(cert->cert_buffer())));
 }


--- a/net/data/ssl/certificates/test_can_sign_http_exchanges_extension.pem
+++ b/net/data/ssl/certificates/test_can_sign_http_exchanges_extension.pem
--- a/net/data/ssl/scripts/ee.cnf
+++ b/net/data/ssl/scripts/ee.cnf
@@ -65,7 +65,7 @@ subjectAltName = DNS:webmail
 subjectAltName = IP:127.0.0.1
 1.3.6.1.5.5.7.1.24=DER:30:03:02:01:05

-[req_extensions_with_test_can_sign_http_exchanges]
+[req_extensions_with_can_sign_http_exchanges_draft]
 subjectAltName = IP:127.0.0.1
 1.3.6.1.4.1.11129.2.1.22 = critical,ASN1:NULL


--- a/net/data/ssl/scripts/generate-test-certs.sh
+++ b/net/data/ssl/scripts/generate-test-certs.sh
@@ -472,12 +472,12 @@ openssl req -x509 -newkey rsa:2048 \
  -extensions req_extensions_with_tls_feature \
  -nodes -config ee.cnf

-# Includes the testCanSignHttpExchanges extension
+# Includes the canSignHttpExchangesDraft extension
 openssl req -x509 -newkey rsa:2048 \
-  -keyout out/test_can_sign_http_exchanges_extension.key \
-  -out ../certificates/test_can_sign_http_exchanges_extension.pem \
+  -keyout out/can_sign_http_exchanges_draft_extension.key \
+  -out ../certificates/can_sign_http_exchanges_draft_extension.pem \
  -days 365 \
-  -extensions req_extensions_with_test_can_sign_http_exchanges \
+  -extensions req_extensions_with_can_sign_http_exchanges_draft \
  -nodes -config ee.cnf

 # SHA-1 certificate issued by locally trusted CA