| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/base/cert_verify_proc.h" | 5 #include "net/base/cert_verify_proc.h" |
| 6 | 6 |
| 7 #include <vector> | 7 #include <vector> |
| 8 | 8 |
| 9 #include "base/file_path.h" | 9 #include "base/file_path.h" |
| 10 #include "base/string_number_conversions.h" | 10 #include "base/string_number_conversions.h" |
| (...skipping 102 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 113 } | 113 } |
| 114 | 114 |
| 115 TEST_F(CertVerifyProcTest, PaypalNullCertParsing) { | 115 TEST_F(CertVerifyProcTest, PaypalNullCertParsing) { |
| 116 scoped_refptr<X509Certificate> paypal_null_cert( | 116 scoped_refptr<X509Certificate> paypal_null_cert( |
| 117 X509Certificate::CreateFromBytes( | 117 X509Certificate::CreateFromBytes( |
| 118 reinterpret_cast<const char*>(paypal_null_der), | 118 reinterpret_cast<const char*>(paypal_null_der), |
| 119 sizeof(paypal_null_der))); | 119 sizeof(paypal_null_der))); |
| 120 | 120 |
| 121 ASSERT_NE(static_cast<X509Certificate*>(NULL), paypal_null_cert); | 121 ASSERT_NE(static_cast<X509Certificate*>(NULL), paypal_null_cert); |
| 122 | 122 |
| 123 const SHA1Fingerprint& fingerprint = | 123 const SHA1HashValue& fingerprint = |
| 124 paypal_null_cert->fingerprint(); | 124 paypal_null_cert->fingerprint(); |
| 125 for (size_t i = 0; i < 20; ++i) | 125 for (size_t i = 0; i < 20; ++i) |
| 126 EXPECT_EQ(paypal_null_fingerprint[i], fingerprint.data[i]); | 126 EXPECT_EQ(paypal_null_fingerprint[i], fingerprint.data[i]); |
| 127 | 127 |
| 128 int flags = 0; | 128 int flags = 0; |
| 129 CertVerifyResult verify_result; | 129 CertVerifyResult verify_result; |
| 130 int error = Verify(paypal_null_cert, "www.paypal.com", flags, NULL, | 130 int error = Verify(paypal_null_cert, "www.paypal.com", flags, NULL, |
| 131 &verify_result); | 131 &verify_result); |
| 132 #if defined(USE_NSS) | 132 #if defined(USE_NSS) |
| 133 EXPECT_EQ(ERR_CERT_COMMON_NAME_INVALID, error); | 133 EXPECT_EQ(ERR_CERT_COMMON_NAME_INVALID, error); |
| (...skipping 256 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 390 ImportCertFromFile(certs_dir, kDigiNotarFilenames[i]); | 390 ImportCertFromFile(certs_dir, kDigiNotarFilenames[i]); |
| 391 std::string der_bytes; | 391 std::string der_bytes; |
| 392 ASSERT_TRUE(X509Certificate::GetDEREncoded( | 392 ASSERT_TRUE(X509Certificate::GetDEREncoded( |
| 393 diginotar_cert->os_cert_handle(), &der_bytes)); | 393 diginotar_cert->os_cert_handle(), &der_bytes)); |
| 394 | 394 |
| 395 base::StringPiece spki; | 395 base::StringPiece spki; |
| 396 ASSERT_TRUE(asn1::ExtractSPKIFromDERCert(der_bytes, &spki)); | 396 ASSERT_TRUE(asn1::ExtractSPKIFromDERCert(der_bytes, &spki)); |
| 397 | 397 |
| 398 std::string spki_sha1 = base::SHA1HashString(spki.as_string()); | 398 std::string spki_sha1 = base::SHA1HashString(spki.as_string()); |
| 399 | 399 |
| 400 std::vector<SHA1Fingerprint> public_keys; | 400 std::vector<HashValueVector> public_keys(HASH_VALUE_TAGS_COUNT); |
| 401 SHA1Fingerprint fingerprint; | 401 public_keys[HASH_VALUE_SHA1] = HashValueVector(); |
| 402 ASSERT_EQ(sizeof(fingerprint.data), spki_sha1.size()); | 402 HashValue fingerprint; |
| 403 memcpy(fingerprint.data, spki_sha1.data(), spki_sha1.size()); | 403 fingerprint.tag = HASH_VALUE_SHA1; |
| 404 public_keys.push_back(fingerprint); | 404 ASSERT_EQ(fingerprint.size(), spki_sha1.size()); |
| 405 memcpy(fingerprint.data(), spki_sha1.data(), spki_sha1.size()); |
| 406 public_keys[HASH_VALUE_SHA1].push_back(fingerprint); |
| 405 | 407 |
| 406 EXPECT_TRUE(CertVerifyProc::IsPublicKeyBlacklisted(public_keys)) << | 408 EXPECT_TRUE(CertVerifyProc::IsPublicKeyBlacklisted(public_keys)) << |
| 407 "Public key not blocked for " << kDigiNotarFilenames[i]; | 409 "Public key not blocked for " << kDigiNotarFilenames[i]; |
| 408 } | 410 } |
| 409 } | 411 } |
| 410 | 412 |
| 411 TEST_F(CertVerifyProcTest, TestKnownRoot) { | 413 TEST_F(CertVerifyProcTest, TestKnownRoot) { |
| 412 FilePath certs_dir = GetTestCertsDirectory(); | 414 FilePath certs_dir = GetTestCertsDirectory(); |
| 413 CertificateList certs = CreateCertificateListFromFile( | 415 CertificateList certs = CreateCertificateListFromFile( |
| 414 certs_dir, "certse.pem", X509Certificate::FORMAT_AUTO); | 416 certs_dir, "certse.pem", X509Certificate::FORMAT_AUTO); |
| (...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 446 X509Certificate::CreateFromHandle(certs[0]->os_cert_handle(), | 448 X509Certificate::CreateFromHandle(certs[0]->os_cert_handle(), |
| 447 intermediates); | 449 intermediates); |
| 448 int flags = 0; | 450 int flags = 0; |
| 449 CertVerifyResult verify_result; | 451 CertVerifyResult verify_result; |
| 450 | 452 |
| 451 // This will blow up, June 8th, 2014. Sorry! Please disable and file a bug | 453 // This will blow up, June 8th, 2014. Sorry! Please disable and file a bug |
| 452 // against agl. See also TestKnownRoot. | 454 // against agl. See also TestKnownRoot. |
| 453 int error = Verify(cert_chain, "cert.se", flags, NULL, &verify_result); | 455 int error = Verify(cert_chain, "cert.se", flags, NULL, &verify_result); |
| 454 EXPECT_EQ(OK, error); | 456 EXPECT_EQ(OK, error); |
| 455 EXPECT_EQ(0U, verify_result.cert_status); | 457 EXPECT_EQ(0U, verify_result.cert_status); |
| 456 ASSERT_LE(3u, verify_result.public_key_hashes.size()); | 458 ASSERT_LE(static_cast<size_t>(HASH_VALUE_TAGS_COUNT), |
| 457 for (unsigned i = 0; i < 3; i++) { | 459 verify_result.public_key_hashes.size()); |
| 460 const HashValueVector& sha1_hashes = |
| 461 verify_result.public_key_hashes[HASH_VALUE_SHA1]; |
| 462 ASSERT_LE(3u, sha1_hashes.size()); |
| 463 for (unsigned i = 0; i < 3; ++i) { |
| 458 EXPECT_EQ(HexEncode(kCertSESPKIs[i], base::kSHA1Length), | 464 EXPECT_EQ(HexEncode(kCertSESPKIs[i], base::kSHA1Length), |
| 459 HexEncode(verify_result.public_key_hashes[i].data, base::kSHA1Length)); | 465 HexEncode(sha1_hashes[i].data(), base::kSHA1Length)); |
| 460 } | 466 } |
| 461 } | 467 } |
| 462 | 468 |
| 463 // A regression test for http://crbug.com/70293. | 469 // A regression test for http://crbug.com/70293. |
| 464 // The Key Usage extension in this RSA SSL server certificate does not have | 470 // The Key Usage extension in this RSA SSL server certificate does not have |
| 465 // the keyEncipherment bit. | 471 // the keyEncipherment bit. |
| 466 TEST_F(CertVerifyProcTest, InvalidKeyUsage) { | 472 TEST_F(CertVerifyProcTest, InvalidKeyUsage) { |
| 467 FilePath certs_dir = GetTestCertsDirectory(); | 473 FilePath certs_dir = GetTestCertsDirectory(); |
| 468 | 474 |
| 469 scoped_refptr<X509Certificate> server_cert = | 475 scoped_refptr<X509Certificate> server_cert = |
| (...skipping 494 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 964 #define MAYBE_VerifyMixed DISABLED_VerifyMixed | 970 #define MAYBE_VerifyMixed DISABLED_VerifyMixed |
| 965 #else | 971 #else |
| 966 #define MAYBE_VerifyMixed VerifyMixed | 972 #define MAYBE_VerifyMixed VerifyMixed |
| 967 #endif | 973 #endif |
| 968 WRAPPED_INSTANTIATE_TEST_CASE_P( | 974 WRAPPED_INSTANTIATE_TEST_CASE_P( |
| 969 MAYBE_VerifyMixed, | 975 MAYBE_VerifyMixed, |
| 970 CertVerifyProcWeakDigestTest, | 976 CertVerifyProcWeakDigestTest, |
| 971 testing::ValuesIn(kVerifyMixedTestData)); | 977 testing::ValuesIn(kVerifyMixedTestData)); |
| 972 | 978 |
| 973 } // namespace net | 979 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 10825211:
Implement SHA-256 fingerprint support (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/