Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(232)

Side by Side Diff: net/base/cert_verify_proc_unittest.cc

Issue 10790129: net: fix a couple of broken certificate tests. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 8 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | net/base/test_certificate_data.h » ('j') | net/data/ssl/certificates/certse.pem » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/base/cert_verify_proc.h" 5 #include "net/base/cert_verify_proc.h"
6 6
7 #include <vector> 7 #include <vector>
8 8
9 #include "base/file_path.h" 9 #include "base/file_path.h"
10 #include "base/string_number_conversions.h" 10 #include "base/string_number_conversions.h"
(...skipping 390 matching lines...) Expand 10 before | Expand all | Expand 10 after
401 SHA1Fingerprint fingerprint; 401 SHA1Fingerprint fingerprint;
402 ASSERT_EQ(sizeof(fingerprint.data), spki_sha1.size()); 402 ASSERT_EQ(sizeof(fingerprint.data), spki_sha1.size());
403 memcpy(fingerprint.data, spki_sha1.data(), spki_sha1.size()); 403 memcpy(fingerprint.data, spki_sha1.data(), spki_sha1.size());
404 public_keys.push_back(fingerprint); 404 public_keys.push_back(fingerprint);
405 405
406 EXPECT_TRUE(CertVerifyProc::IsPublicKeyBlacklisted(public_keys)) << 406 EXPECT_TRUE(CertVerifyProc::IsPublicKeyBlacklisted(public_keys)) <<
407 "Public key not blocked for " << kDigiNotarFilenames[i]; 407 "Public key not blocked for " << kDigiNotarFilenames[i];
408 } 408 }
409 } 409 }
410 410
411 // Bug 111893: This test needs a new certificate. 411 // Bug 111893: This test needs a new certificate.
Ryan Sleevi 2012/07/23 21:45:05 Seems like you should remove this BUG and should u
agl 2012/07/23 22:14:18 Ah, good point. Thanks.
412 TEST_F(CertVerifyProcTest, DISABLED_TestKnownRoot) { 412 TEST_F(CertVerifyProcTest, TestKnownRoot) {
413 FilePath certs_dir = GetTestCertsDirectory(); 413 FilePath certs_dir = GetTestCertsDirectory();
414 scoped_refptr<X509Certificate> cert = 414 CertificateList certs = CreateCertificateListFromFile(
415 ImportCertFromFile(certs_dir, "nist.der"); 415 certs_dir, "certse.pem",
416 ASSERT_NE(static_cast<X509Certificate*>(NULL), cert); 416 X509Certificate::FORMAT_AUTO);
Ryan Sleevi 2012/07/23 21:45:05 nit: move this to the previous line?
agl 2012/07/23 22:14:18 Done.
417 417 ASSERT_EQ(3U, certs.size());
418 // This intermediate is only needed for old Linux machines. Modern NSS
419 // includes it as a root already.
420 scoped_refptr<X509Certificate> intermediate_cert =
421 ImportCertFromFile(certs_dir, "nist_intermediate.der");
422 ASSERT_NE(static_cast<X509Certificate*>(NULL), intermediate_cert);
423 418
424 X509Certificate::OSCertHandles intermediates; 419 X509Certificate::OSCertHandles intermediates;
425 intermediates.push_back(intermediate_cert->os_cert_handle()); 420 intermediates.push_back(certs[1]->os_cert_handle());
421 intermediates.push_back(certs[2]->os_cert_handle());
422
426 scoped_refptr<X509Certificate> cert_chain = 423 scoped_refptr<X509Certificate> cert_chain =
427 X509Certificate::CreateFromHandle(cert->os_cert_handle(), 424 X509Certificate::CreateFromHandle(certs[0]->os_cert_handle(),
428 intermediates); 425 intermediates);
429 426
430 int flags = 0; 427 int flags = 0;
431 CertVerifyResult verify_result; 428 CertVerifyResult verify_result;
432 // This is going to blow up in Feb 2012. Sorry! Disable and file a bug 429 // This will blow up, June 8th, 2014. Sorry! Please disable and file a bug
433 // against agl. Also see PublicKeyHashes in this file. 430 // against agl. See also PublicKeyHashes.
434 int error = Verify(cert_chain, "www.nist.gov", flags, NULL, &verify_result); 431 int error = Verify(cert_chain, "cert.se", flags, NULL, &verify_result);
435 EXPECT_EQ(OK, error); 432 EXPECT_EQ(OK, error);
436 EXPECT_EQ(0U, verify_result.cert_status); 433 EXPECT_EQ(0U, verify_result.cert_status);
437 EXPECT_TRUE(verify_result.is_issued_by_known_root); 434 EXPECT_TRUE(verify_result.is_issued_by_known_root);
438 } 435 }
439 436
440 // Bug 111893: This test needs a new certificate. 437 // Bug 111893: This test needs a new certificate.
Ryan Sleevi 2012/07/23 21:45:05 Same here
agl 2012/07/23 22:14:18 Done.
441 TEST_F(CertVerifyProcTest, DISABLED_PublicKeyHashes) { 438 TEST_F(CertVerifyProcTest, PublicKeyHashes) {
442 FilePath certs_dir = GetTestCertsDirectory(); 439 FilePath certs_dir = GetTestCertsDirectory();
443 // This is going to blow up in Feb 2012. Sorry! Disable and file a bug 440 CertificateList certs = CreateCertificateListFromFile(
444 // against agl. Also see TestKnownRoot in this file. 441 certs_dir, "certse.pem",
445 scoped_refptr<X509Certificate> cert = 442 X509Certificate::FORMAT_AUTO);
Ryan Sleevi 2012/07/23 21:45:05 nit: same here
agl 2012/07/23 22:14:18 Done.
446 ImportCertFromFile(certs_dir, "nist.der"); 443 ASSERT_EQ(3U, certs.size());
447 ASSERT_NE(static_cast<X509Certificate*>(NULL), cert);
448
449 // This intermediate is only needed for old Linux machines. Modern NSS
450 // includes it as a root already.
451 scoped_refptr<X509Certificate> intermediate_cert =
452 ImportCertFromFile(certs_dir, "nist_intermediate.der");
453 ASSERT_NE(static_cast<X509Certificate*>(NULL), intermediate_cert);
454
455 ScopedTestRoot scoped_intermediate(intermediate_cert);
456 444
457 X509Certificate::OSCertHandles intermediates; 445 X509Certificate::OSCertHandles intermediates;
458 intermediates.push_back(intermediate_cert->os_cert_handle()); 446 intermediates.push_back(certs[1]->os_cert_handle());
447 intermediates.push_back(certs[2]->os_cert_handle());
448
459 scoped_refptr<X509Certificate> cert_chain = 449 scoped_refptr<X509Certificate> cert_chain =
460 X509Certificate::CreateFromHandle(cert->os_cert_handle(), 450 X509Certificate::CreateFromHandle(certs[0]->os_cert_handle(),
461 intermediates); 451 intermediates);
462
463 int flags = 0; 452 int flags = 0;
464 CertVerifyResult verify_result; 453 CertVerifyResult verify_result;
465 454
466 int error = Verify(cert_chain, "www.nist.gov", flags, NULL, &verify_result); 455 // This will blow up, June 8th, 2014. Sorry! Please disable and file a bug
456 // against agl. See also TestKnownRoot.
457 int error = Verify(cert_chain, "cert.se", flags, NULL, &verify_result);
467 EXPECT_EQ(OK, error); 458 EXPECT_EQ(OK, error);
468 EXPECT_EQ(0U, verify_result.cert_status); 459 EXPECT_EQ(0U, verify_result.cert_status);
469 ASSERT_LE(2u, verify_result.public_key_hashes.size()); 460 ASSERT_LE(3u, verify_result.public_key_hashes.size());
470 EXPECT_EQ(HexEncode(kNistSPKIHash, base::kSHA1Length), 461 for (unsigned i = 0; i < 3; i++) {
471 HexEncode(verify_result.public_key_hashes[0].data, base::kSHA1Length)); 462 EXPECT_EQ(HexEncode(kCertSESPKIs[i], base::kSHA1Length),
472 EXPECT_EQ("83244223D6CBF0A26FC7DE27CEBCA4BDA32612AD", 463 HexEncode(verify_result.public_key_hashes[i].data, base::kSHA1Length));
473 HexEncode(verify_result.public_key_hashes[1].data, base::kSHA1Length)); 464 }
474 } 465 }
475 466
476 // A regression test for http://crbug.com/70293. 467 // A regression test for http://crbug.com/70293.
477 // The Key Usage extension in this RSA SSL server certificate does not have 468 // The Key Usage extension in this RSA SSL server certificate does not have
478 // the keyEncipherment bit. 469 // the keyEncipherment bit.
479 TEST_F(CertVerifyProcTest, InvalidKeyUsage) { 470 TEST_F(CertVerifyProcTest, InvalidKeyUsage) {
480 FilePath certs_dir = GetTestCertsDirectory(); 471 FilePath certs_dir = GetTestCertsDirectory();
481 472
482 scoped_refptr<X509Certificate> server_cert = 473 scoped_refptr<X509Certificate> server_cert =
483 ImportCertFromFile(certs_dir, "invalid_key_usage_cert.der"); 474 ImportCertFromFile(certs_dir, "invalid_key_usage_cert.der");
(...skipping 493 matching lines...) Expand 10 before | Expand all | Expand 10 after
977 #define MAYBE_VerifyMixed DISABLED_VerifyMixed 968 #define MAYBE_VerifyMixed DISABLED_VerifyMixed
978 #else 969 #else
979 #define MAYBE_VerifyMixed VerifyMixed 970 #define MAYBE_VerifyMixed VerifyMixed
980 #endif 971 #endif
981 WRAPPED_INSTANTIATE_TEST_CASE_P( 972 WRAPPED_INSTANTIATE_TEST_CASE_P(
982 MAYBE_VerifyMixed, 973 MAYBE_VerifyMixed,
983 CertVerifyProcWeakDigestTest, 974 CertVerifyProcWeakDigestTest,
984 testing::ValuesIn(kVerifyMixedTestData)); 975 testing::ValuesIn(kVerifyMixedTestData));
985 976
986 } // namespace net 977 } // namespace net
OLDNEW
« no previous file with comments | « no previous file | net/base/test_certificate_data.h » ('j') | net/data/ssl/certificates/certse.pem » ('J')

Powered by Google App Engine
This is Rietveld 408576698