| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/base/cert_verify_proc.h" | 5 #include "net/base/cert_verify_proc.h" |
| 6 | 6 |
| 7 #include <vector> | 7 #include <vector> |
| 8 | 8 |
| 9 #include "base/file_path.h" | 9 #include "base/file_path.h" |
| 10 #include "base/string_number_conversions.h" | 10 #include "base/string_number_conversions.h" |
| (...skipping 381 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 392 ImportCertFromFile(certs_dir, kDigiNotarFilenames[i]); | 392 ImportCertFromFile(certs_dir, kDigiNotarFilenames[i]); |
| 393 std::string der_bytes; | 393 std::string der_bytes; |
| 394 ASSERT_TRUE(X509Certificate::GetDEREncoded( | 394 ASSERT_TRUE(X509Certificate::GetDEREncoded( |
| 395 diginotar_cert->os_cert_handle(), &der_bytes)); | 395 diginotar_cert->os_cert_handle(), &der_bytes)); |
| 396 | 396 |
| 397 base::StringPiece spki; | 397 base::StringPiece spki; |
| 398 ASSERT_TRUE(asn1::ExtractSPKIFromDERCert(der_bytes, &spki)); | 398 ASSERT_TRUE(asn1::ExtractSPKIFromDERCert(der_bytes, &spki)); |
| 399 | 399 |
| 400 std::string spki_sha1 = base::SHA1HashString(spki.as_string()); | 400 std::string spki_sha1 = base::SHA1HashString(spki.as_string()); |
| 401 | 401 |
| 402 std::vector<SHA1Fingerprint> public_keys; | 402 std::vector<Fingerprint> public_keys; |
| 403 SHA1Fingerprint fingerprint; | 403 Fingerprint fingerprint; |
| 404 ASSERT_EQ(sizeof(fingerprint.data), spki_sha1.size()); | 404 fingerprint.tag = FINGERPRINT_SHA1; |
| 405 memcpy(fingerprint.data, spki_sha1.data(), spki_sha1.size()); | 405 ASSERT_EQ(fingerprint.size(), spki_sha1.size()); |
| 406 memcpy(fingerprint.data(), spki_sha1.data(), spki_sha1.size()); |
| 406 public_keys.push_back(fingerprint); | 407 public_keys.push_back(fingerprint); |
| 407 | 408 |
| 408 EXPECT_TRUE(CertVerifyProc::IsPublicKeyBlacklisted(public_keys)) << | 409 EXPECT_TRUE(CertVerifyProc::IsPublicKeyBlacklisted(public_keys)) << |
| 409 "Public key not blocked for " << kDigiNotarFilenames[i]; | 410 "Public key not blocked for " << kDigiNotarFilenames[i]; |
| 410 } | 411 } |
| 411 } | 412 } |
| 412 | 413 |
| 413 // Bug 111893: This test needs a new certificate. | 414 // Bug 111893: This test needs a new certificate. |
| 414 TEST_F(CertVerifyProcTest, DISABLED_TestKnownRoot) { | 415 TEST_F(CertVerifyProcTest, DISABLED_TestKnownRoot) { |
| 415 FilePath certs_dir = GetTestCertsDirectory(); | 416 FilePath certs_dir = GetTestCertsDirectory(); |
| (...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 463 intermediates); | 464 intermediates); |
| 464 | 465 |
| 465 int flags = 0; | 466 int flags = 0; |
| 466 CertVerifyResult verify_result; | 467 CertVerifyResult verify_result; |
| 467 | 468 |
| 468 int error = Verify(cert_chain, "www.nist.gov", flags, NULL, &verify_result); | 469 int error = Verify(cert_chain, "www.nist.gov", flags, NULL, &verify_result); |
| 469 EXPECT_EQ(OK, error); | 470 EXPECT_EQ(OK, error); |
| 470 EXPECT_EQ(0U, verify_result.cert_status); | 471 EXPECT_EQ(0U, verify_result.cert_status); |
| 471 ASSERT_LE(2u, verify_result.public_key_hashes.size()); | 472 ASSERT_LE(2u, verify_result.public_key_hashes.size()); |
| 472 EXPECT_EQ(HexEncode(kNistSPKIHash, base::kSHA1Length), | 473 EXPECT_EQ(HexEncode(kNistSPKIHash, base::kSHA1Length), |
| 473 HexEncode(verify_result.public_key_hashes[0].data, base::kSHA1Length)); | 474 HexEncode(verify_result.public_key_hashes[0].data(), base::kSHA1Length)); |
| 474 EXPECT_EQ("83244223D6CBF0A26FC7DE27CEBCA4BDA32612AD", | 475 EXPECT_EQ("83244223D6CBF0A26FC7DE27CEBCA4BDA32612AD", |
| 475 HexEncode(verify_result.public_key_hashes[1].data, base::kSHA1Length)); | 476 HexEncode(verify_result.public_key_hashes[1].data(), base::kSHA1Length)); |
| 476 } | 477 } |
| 477 | 478 |
| 478 // A regression test for http://crbug.com/70293. | 479 // A regression test for http://crbug.com/70293. |
| 479 // The Key Usage extension in this RSA SSL server certificate does not have | 480 // The Key Usage extension in this RSA SSL server certificate does not have |
| 480 // the keyEncipherment bit. | 481 // the keyEncipherment bit. |
| 481 TEST_F(CertVerifyProcTest, InvalidKeyUsage) { | 482 TEST_F(CertVerifyProcTest, InvalidKeyUsage) { |
| 482 FilePath certs_dir = GetTestCertsDirectory(); | 483 FilePath certs_dir = GetTestCertsDirectory(); |
| 483 | 484 |
| 484 scoped_refptr<X509Certificate> server_cert = | 485 scoped_refptr<X509Certificate> server_cert = |
| 485 ImportCertFromFile(certs_dir, "invalid_key_usage_cert.der"); | 486 ImportCertFromFile(certs_dir, "invalid_key_usage_cert.der"); |
| (...skipping 493 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 979 #define MAYBE_VerifyMixed DISABLED_VerifyMixed | 980 #define MAYBE_VerifyMixed DISABLED_VerifyMixed |
| 980 #else | 981 #else |
| 981 #define MAYBE_VerifyMixed VerifyMixed | 982 #define MAYBE_VerifyMixed VerifyMixed |
| 982 #endif | 983 #endif |
| 983 WRAPPED_INSTANTIATE_TEST_CASE_P( | 984 WRAPPED_INSTANTIATE_TEST_CASE_P( |
| 984 MAYBE_VerifyMixed, | 985 MAYBE_VerifyMixed, |
| 985 CertVerifyProcWeakDigestTest, | 986 CertVerifyProcWeakDigestTest, |
| 986 testing::ValuesIn(kVerifyMixedTestData)); | 987 testing::ValuesIn(kVerifyMixedTestData)); |
| 987 | 988 |
| 988 } // namespace net | 989 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 10545166:
Support SHA-256 in public key pins for HTTPS. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/