Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(477)

Side by Side Diff: net/base/cert_verify_proc_unittest.cc

Issue 10790129: net: fix a couple of broken certificate tests. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: ... Created 8 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | net/base/test_certificate_data.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/base/cert_verify_proc.h" 5 #include "net/base/cert_verify_proc.h"
6 6
7 #include <vector> 7 #include <vector>
8 8
9 #include "base/file_path.h" 9 #include "base/file_path.h"
10 #include "base/string_number_conversions.h" 10 #include "base/string_number_conversions.h"
(...skipping 390 matching lines...) Expand 10 before | Expand all | Expand 10 after
401 SHA1Fingerprint fingerprint; 401 SHA1Fingerprint fingerprint;
402 ASSERT_EQ(sizeof(fingerprint.data), spki_sha1.size()); 402 ASSERT_EQ(sizeof(fingerprint.data), spki_sha1.size());
403 memcpy(fingerprint.data, spki_sha1.data(), spki_sha1.size()); 403 memcpy(fingerprint.data, spki_sha1.data(), spki_sha1.size());
404 public_keys.push_back(fingerprint); 404 public_keys.push_back(fingerprint);
405 405
406 EXPECT_TRUE(CertVerifyProc::IsPublicKeyBlacklisted(public_keys)) << 406 EXPECT_TRUE(CertVerifyProc::IsPublicKeyBlacklisted(public_keys)) <<
407 "Public key not blocked for " << kDigiNotarFilenames[i]; 407 "Public key not blocked for " << kDigiNotarFilenames[i];
408 } 408 }
409 } 409 }
410 410
411 // Bug 111893: This test needs a new certificate. 411 TEST_F(CertVerifyProcTest, TestKnownRoot) {
412 TEST_F(CertVerifyProcTest, DISABLED_TestKnownRoot) {
413 FilePath certs_dir = GetTestCertsDirectory(); 412 FilePath certs_dir = GetTestCertsDirectory();
414 scoped_refptr<X509Certificate> cert = 413 CertificateList certs = CreateCertificateListFromFile(
415 ImportCertFromFile(certs_dir, "nist.der"); 414 certs_dir, "certse.pem", X509Certificate::FORMAT_AUTO);
416 ASSERT_NE(static_cast<X509Certificate*>(NULL), cert); 415 ASSERT_EQ(3U, certs.size());
417
418 // This intermediate is only needed for old Linux machines. Modern NSS
419 // includes it as a root already.
420 scoped_refptr<X509Certificate> intermediate_cert =
421 ImportCertFromFile(certs_dir, "nist_intermediate.der");
422 ASSERT_NE(static_cast<X509Certificate*>(NULL), intermediate_cert);
423 416
424 X509Certificate::OSCertHandles intermediates; 417 X509Certificate::OSCertHandles intermediates;
425 intermediates.push_back(intermediate_cert->os_cert_handle()); 418 intermediates.push_back(certs[1]->os_cert_handle());
419 intermediates.push_back(certs[2]->os_cert_handle());
420
426 scoped_refptr<X509Certificate> cert_chain = 421 scoped_refptr<X509Certificate> cert_chain =
427 X509Certificate::CreateFromHandle(cert->os_cert_handle(), 422 X509Certificate::CreateFromHandle(certs[0]->os_cert_handle(),
428 intermediates); 423 intermediates);
429 424
430 int flags = 0; 425 int flags = 0;
431 CertVerifyResult verify_result; 426 CertVerifyResult verify_result;
432 // This is going to blow up in Feb 2012. Sorry! Disable and file a bug 427 // This will blow up, June 8th, 2014. Sorry! Please disable and file a bug
433 // against agl. Also see PublicKeyHashes in this file. 428 // against agl. See also PublicKeyHashes.
434 int error = Verify(cert_chain, "www.nist.gov", flags, NULL, &verify_result); 429 int error = Verify(cert_chain, "cert.se", flags, NULL, &verify_result);
435 EXPECT_EQ(OK, error); 430 EXPECT_EQ(OK, error);
436 EXPECT_EQ(0U, verify_result.cert_status); 431 EXPECT_EQ(0U, verify_result.cert_status);
437 EXPECT_TRUE(verify_result.is_issued_by_known_root); 432 EXPECT_TRUE(verify_result.is_issued_by_known_root);
438 } 433 }
439 434
440 // Bug 111893: This test needs a new certificate. 435 TEST_F(CertVerifyProcTest, PublicKeyHashes) {
441 TEST_F(CertVerifyProcTest, DISABLED_PublicKeyHashes) {
442 FilePath certs_dir = GetTestCertsDirectory(); 436 FilePath certs_dir = GetTestCertsDirectory();
443 // This is going to blow up in Feb 2012. Sorry! Disable and file a bug 437 CertificateList certs = CreateCertificateListFromFile(
444 // against agl. Also see TestKnownRoot in this file. 438 certs_dir, "certse.pem", X509Certificate::FORMAT_AUTO);
445 scoped_refptr<X509Certificate> cert = 439 ASSERT_EQ(3U, certs.size());
446 ImportCertFromFile(certs_dir, "nist.der");
447 ASSERT_NE(static_cast<X509Certificate*>(NULL), cert);
448
449 // This intermediate is only needed for old Linux machines. Modern NSS
450 // includes it as a root already.
451 scoped_refptr<X509Certificate> intermediate_cert =
452 ImportCertFromFile(certs_dir, "nist_intermediate.der");
453 ASSERT_NE(static_cast<X509Certificate*>(NULL), intermediate_cert);
454
455 ScopedTestRoot scoped_intermediate(intermediate_cert);
456 440
457 X509Certificate::OSCertHandles intermediates; 441 X509Certificate::OSCertHandles intermediates;
458 intermediates.push_back(intermediate_cert->os_cert_handle()); 442 intermediates.push_back(certs[1]->os_cert_handle());
443 intermediates.push_back(certs[2]->os_cert_handle());
444
459 scoped_refptr<X509Certificate> cert_chain = 445 scoped_refptr<X509Certificate> cert_chain =
460 X509Certificate::CreateFromHandle(cert->os_cert_handle(), 446 X509Certificate::CreateFromHandle(certs[0]->os_cert_handle(),
461 intermediates); 447 intermediates);
462
463 int flags = 0; 448 int flags = 0;
464 CertVerifyResult verify_result; 449 CertVerifyResult verify_result;
465 450
466 int error = Verify(cert_chain, "www.nist.gov", flags, NULL, &verify_result); 451 // This will blow up, June 8th, 2014. Sorry! Please disable and file a bug
452 // against agl. See also TestKnownRoot.
453 int error = Verify(cert_chain, "cert.se", flags, NULL, &verify_result);
467 EXPECT_EQ(OK, error); 454 EXPECT_EQ(OK, error);
468 EXPECT_EQ(0U, verify_result.cert_status); 455 EXPECT_EQ(0U, verify_result.cert_status);
469 ASSERT_LE(2u, verify_result.public_key_hashes.size()); 456 ASSERT_LE(3u, verify_result.public_key_hashes.size());
470 EXPECT_EQ(HexEncode(kNistSPKIHash, base::kSHA1Length), 457 for (unsigned i = 0; i < 3; i++) {
471 HexEncode(verify_result.public_key_hashes[0].data, base::kSHA1Length)); 458 EXPECT_EQ(HexEncode(kCertSESPKIs[i], base::kSHA1Length),
472 EXPECT_EQ("83244223D6CBF0A26FC7DE27CEBCA4BDA32612AD", 459 HexEncode(verify_result.public_key_hashes[i].data, base::kSHA1Length));
473 HexEncode(verify_result.public_key_hashes[1].data, base::kSHA1Length)); 460 }
474 } 461 }
475 462
476 // A regression test for http://crbug.com/70293. 463 // A regression test for http://crbug.com/70293.
477 // The Key Usage extension in this RSA SSL server certificate does not have 464 // The Key Usage extension in this RSA SSL server certificate does not have
478 // the keyEncipherment bit. 465 // the keyEncipherment bit.
479 TEST_F(CertVerifyProcTest, InvalidKeyUsage) { 466 TEST_F(CertVerifyProcTest, InvalidKeyUsage) {
480 FilePath certs_dir = GetTestCertsDirectory(); 467 FilePath certs_dir = GetTestCertsDirectory();
481 468
482 scoped_refptr<X509Certificate> server_cert = 469 scoped_refptr<X509Certificate> server_cert =
483 ImportCertFromFile(certs_dir, "invalid_key_usage_cert.der"); 470 ImportCertFromFile(certs_dir, "invalid_key_usage_cert.der");
(...skipping 493 matching lines...) Expand 10 before | Expand all | Expand 10 after
977 #define MAYBE_VerifyMixed DISABLED_VerifyMixed 964 #define MAYBE_VerifyMixed DISABLED_VerifyMixed
978 #else 965 #else
979 #define MAYBE_VerifyMixed VerifyMixed 966 #define MAYBE_VerifyMixed VerifyMixed
980 #endif 967 #endif
981 WRAPPED_INSTANTIATE_TEST_CASE_P( 968 WRAPPED_INSTANTIATE_TEST_CASE_P(
982 MAYBE_VerifyMixed, 969 MAYBE_VerifyMixed,
983 CertVerifyProcWeakDigestTest, 970 CertVerifyProcWeakDigestTest,
984 testing::ValuesIn(kVerifyMixedTestData)); 971 testing::ValuesIn(kVerifyMixedTestData));
985 972
986 } // namespace net 973 } // namespace net
OLDNEW
« no previous file with comments | « no previous file | net/base/test_certificate_data.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698