| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/base/cert_verify_proc.h" | 5 #include "net/base/cert_verify_proc.h" |
| 6 | 6 |
| 7 #include <vector> | 7 #include <vector> |
| 8 | 8 |
| 9 #include "base/file_path.h" | 9 #include "base/file_path.h" |
| 10 #include "base/string_number_conversions.h" | 10 #include "base/string_number_conversions.h" |
| (...skipping 103 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 114 } | 114 } |
| 115 | 115 |
| 116 TEST_F(CertVerifyProcTest, PaypalNullCertParsing) { | 116 TEST_F(CertVerifyProcTest, PaypalNullCertParsing) { |
| 117 scoped_refptr<X509Certificate> paypal_null_cert( | 117 scoped_refptr<X509Certificate> paypal_null_cert( |
| 118 X509Certificate::CreateFromBytes( | 118 X509Certificate::CreateFromBytes( |
| 119 reinterpret_cast<const char*>(paypal_null_der), | 119 reinterpret_cast<const char*>(paypal_null_der), |
| 120 sizeof(paypal_null_der))); | 120 sizeof(paypal_null_der))); |
| 121 | 121 |
| 122 ASSERT_NE(static_cast<X509Certificate*>(NULL), paypal_null_cert); | 122 ASSERT_NE(static_cast<X509Certificate*>(NULL), paypal_null_cert); |
| 123 | 123 |
| 124 const SHA1Fingerprint& fingerprint = | 124 const SHA1HashValue& fingerprint = |
| 125 paypal_null_cert->fingerprint(); | 125 paypal_null_cert->fingerprint(); |
| 126 for (size_t i = 0; i < 20; ++i) | 126 for (size_t i = 0; i < 20; ++i) |
| 127 EXPECT_EQ(paypal_null_fingerprint[i], fingerprint.data[i]); | 127 EXPECT_EQ(paypal_null_fingerprint[i], fingerprint.data[i]); |
| 128 | 128 |
| 129 int flags = 0; | 129 int flags = 0; |
| 130 CertVerifyResult verify_result; | 130 CertVerifyResult verify_result; |
| 131 int error = Verify(paypal_null_cert, "www.paypal.com", flags, NULL, | 131 int error = Verify(paypal_null_cert, "www.paypal.com", flags, NULL, |
| 132 &verify_result); | 132 &verify_result); |
| 133 #if defined(USE_NSS) | 133 #if defined(USE_NSS) |
| 134 EXPECT_EQ(ERR_CERT_COMMON_NAME_INVALID, error); | 134 EXPECT_EQ(ERR_CERT_COMMON_NAME_INVALID, error); |
| (...skipping 273 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 408 ImportCertFromFile(certs_dir, kDigiNotarFilenames[i]); | 408 ImportCertFromFile(certs_dir, kDigiNotarFilenames[i]); |
| 409 std::string der_bytes; | 409 std::string der_bytes; |
| 410 ASSERT_TRUE(X509Certificate::GetDEREncoded( | 410 ASSERT_TRUE(X509Certificate::GetDEREncoded( |
| 411 diginotar_cert->os_cert_handle(), &der_bytes)); | 411 diginotar_cert->os_cert_handle(), &der_bytes)); |
| 412 | 412 |
| 413 base::StringPiece spki; | 413 base::StringPiece spki; |
| 414 ASSERT_TRUE(asn1::ExtractSPKIFromDERCert(der_bytes, &spki)); | 414 ASSERT_TRUE(asn1::ExtractSPKIFromDERCert(der_bytes, &spki)); |
| 415 | 415 |
| 416 std::string spki_sha1 = base::SHA1HashString(spki.as_string()); | 416 std::string spki_sha1 = base::SHA1HashString(spki.as_string()); |
| 417 | 417 |
| 418 std::vector<SHA1Fingerprint> public_keys; | 418 HashValueVector public_keys; |
| 419 SHA1Fingerprint fingerprint; | 419 HashValue hash(HASH_VALUE_SHA1); |
| 420 ASSERT_EQ(sizeof(fingerprint.data), spki_sha1.size()); | 420 ASSERT_EQ(hash.size(), spki_sha1.size()); |
| 421 memcpy(fingerprint.data, spki_sha1.data(), spki_sha1.size()); | 421 memcpy(hash.data(), spki_sha1.data(), spki_sha1.size()); |
| 422 public_keys.push_back(fingerprint); | 422 public_keys.push_back(hash); |
| 423 | 423 |
| 424 EXPECT_TRUE(CertVerifyProc::IsPublicKeyBlacklisted(public_keys)) << | 424 EXPECT_TRUE(CertVerifyProc::IsPublicKeyBlacklisted(public_keys)) << |
| 425 "Public key not blocked for " << kDigiNotarFilenames[i]; | 425 "Public key not blocked for " << kDigiNotarFilenames[i]; |
| 426 } | 426 } |
| 427 } | 427 } |
| 428 | 428 |
| 429 TEST_F(CertVerifyProcTest, TestKnownRoot) { | 429 TEST_F(CertVerifyProcTest, TestKnownRoot) { |
| 430 FilePath certs_dir = GetTestCertsDirectory(); | 430 FilePath certs_dir = GetTestCertsDirectory(); |
| 431 CertificateList certs = CreateCertificateListFromFile( | 431 CertificateList certs = CreateCertificateListFromFile( |
| 432 certs_dir, "certse.pem", X509Certificate::FORMAT_AUTO); | 432 certs_dir, "certse.pem", X509Certificate::FORMAT_AUTO); |
| (...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 465 intermediates); | 465 intermediates); |
| 466 int flags = 0; | 466 int flags = 0; |
| 467 CertVerifyResult verify_result; | 467 CertVerifyResult verify_result; |
| 468 | 468 |
| 469 // This will blow up, June 8th, 2014. Sorry! Please disable and file a bug | 469 // This will blow up, June 8th, 2014. Sorry! Please disable and file a bug |
| 470 // against agl. See also TestKnownRoot. | 470 // against agl. See also TestKnownRoot. |
| 471 int error = Verify(cert_chain, "cert.se", flags, NULL, &verify_result); | 471 int error = Verify(cert_chain, "cert.se", flags, NULL, &verify_result); |
| 472 EXPECT_EQ(OK, error); | 472 EXPECT_EQ(OK, error); |
| 473 EXPECT_EQ(0U, verify_result.cert_status); | 473 EXPECT_EQ(0U, verify_result.cert_status); |
| 474 ASSERT_LE(3u, verify_result.public_key_hashes.size()); | 474 ASSERT_LE(3u, verify_result.public_key_hashes.size()); |
| 475 for (unsigned i = 0; i < 3; i++) { | 475 |
| 476 HashValueVector sha1_hashes; |
| 477 for (unsigned i = 0; i < verify_result.public_key_hashes.size(); ++i) { |
| 478 if (verify_result.public_key_hashes[i].tag != HASH_VALUE_SHA1) |
| 479 continue; |
| 480 sha1_hashes.push_back(verify_result.public_key_hashes[i]); |
| 481 } |
| 482 ASSERT_LE(3u, sha1_hashes.size()); |
| 483 |
| 484 for (unsigned i = 0; i < 3; ++i) { |
| 476 EXPECT_EQ(HexEncode(kCertSESPKIs[i], base::kSHA1Length), | 485 EXPECT_EQ(HexEncode(kCertSESPKIs[i], base::kSHA1Length), |
| 477 HexEncode(verify_result.public_key_hashes[i].data, base::kSHA1Length)); | 486 HexEncode(sha1_hashes[i].data(), base::kSHA1Length)); |
| 478 } | 487 } |
| 479 } | 488 } |
| 480 | 489 |
| 481 // A regression test for http://crbug.com/70293. | 490 // A regression test for http://crbug.com/70293. |
| 482 // The Key Usage extension in this RSA SSL server certificate does not have | 491 // The Key Usage extension in this RSA SSL server certificate does not have |
| 483 // the keyEncipherment bit. | 492 // the keyEncipherment bit. |
| 484 TEST_F(CertVerifyProcTest, InvalidKeyUsage) { | 493 TEST_F(CertVerifyProcTest, InvalidKeyUsage) { |
| 485 FilePath certs_dir = GetTestCertsDirectory(); | 494 FilePath certs_dir = GetTestCertsDirectory(); |
| 486 | 495 |
| 487 scoped_refptr<X509Certificate> server_cert = | 496 scoped_refptr<X509Certificate> server_cert = |
| (...skipping 494 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 982 #define MAYBE_VerifyMixed DISABLED_VerifyMixed | 991 #define MAYBE_VerifyMixed DISABLED_VerifyMixed |
| 983 #else | 992 #else |
| 984 #define MAYBE_VerifyMixed VerifyMixed | 993 #define MAYBE_VerifyMixed VerifyMixed |
| 985 #endif | 994 #endif |
| 986 WRAPPED_INSTANTIATE_TEST_CASE_P( | 995 WRAPPED_INSTANTIATE_TEST_CASE_P( |
| 987 MAYBE_VerifyMixed, | 996 MAYBE_VerifyMixed, |
| 988 CertVerifyProcWeakDigestTest, | 997 CertVerifyProcWeakDigestTest, |
| 989 testing::ValuesIn(kVerifyMixedTestData)); | 998 testing::ValuesIn(kVerifyMixedTestData)); |
| 990 | 999 |
| 991 } // namespace net | 1000 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 10826257:
Implement SHA-256 fingerprint support (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/