| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/base/cert_verify_proc.h" | 5 #include "net/base/cert_verify_proc.h" |
| 6 | 6 |
| 7 #include <vector> | 7 #include <vector> |
| 8 | 8 |
| 9 #include "base/file_path.h" | 9 #include "base/file_path.h" |
| 10 #include "base/string_number_conversions.h" | 10 #include "base/string_number_conversions.h" |
| (...skipping 102 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 113 } | 113 } |
| 114 | 114 |
| 115 TEST_F(CertVerifyProcTest, PaypalNullCertParsing) { | 115 TEST_F(CertVerifyProcTest, PaypalNullCertParsing) { |
| 116 scoped_refptr<X509Certificate> paypal_null_cert( | 116 scoped_refptr<X509Certificate> paypal_null_cert( |
| 117 X509Certificate::CreateFromBytes( | 117 X509Certificate::CreateFromBytes( |
| 118 reinterpret_cast<const char*>(paypal_null_der), | 118 reinterpret_cast<const char*>(paypal_null_der), |
| 119 sizeof(paypal_null_der))); | 119 sizeof(paypal_null_der))); |
| 120 | 120 |
| 121 ASSERT_NE(static_cast<X509Certificate*>(NULL), paypal_null_cert); | 121 ASSERT_NE(static_cast<X509Certificate*>(NULL), paypal_null_cert); |
| 122 | 122 |
| 123 const SHA1HashValue& fingerprint = | 123 const SHA1Fingerprint& fingerprint = |
| 124 paypal_null_cert->fingerprint(); | 124 paypal_null_cert->fingerprint(); |
| 125 for (size_t i = 0; i < 20; ++i) | 125 for (size_t i = 0; i < 20; ++i) |
| 126 EXPECT_EQ(paypal_null_fingerprint[i], fingerprint.data[i]); | 126 EXPECT_EQ(paypal_null_fingerprint[i], fingerprint.data[i]); |
| 127 | 127 |
| 128 int flags = 0; | 128 int flags = 0; |
| 129 CertVerifyResult verify_result; | 129 CertVerifyResult verify_result; |
| 130 int error = Verify(paypal_null_cert, "www.paypal.com", flags, NULL, | 130 int error = Verify(paypal_null_cert, "www.paypal.com", flags, NULL, |
| 131 &verify_result); | 131 &verify_result); |
| 132 #if defined(USE_NSS) | 132 #if defined(USE_NSS) |
| 133 EXPECT_EQ(ERR_CERT_COMMON_NAME_INVALID, error); | 133 EXPECT_EQ(ERR_CERT_COMMON_NAME_INVALID, error); |
| (...skipping 256 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 390 ImportCertFromFile(certs_dir, kDigiNotarFilenames[i]); | 390 ImportCertFromFile(certs_dir, kDigiNotarFilenames[i]); |
| 391 std::string der_bytes; | 391 std::string der_bytes; |
| 392 ASSERT_TRUE(X509Certificate::GetDEREncoded( | 392 ASSERT_TRUE(X509Certificate::GetDEREncoded( |
| 393 diginotar_cert->os_cert_handle(), &der_bytes)); | 393 diginotar_cert->os_cert_handle(), &der_bytes)); |
| 394 | 394 |
| 395 base::StringPiece spki; | 395 base::StringPiece spki; |
| 396 ASSERT_TRUE(asn1::ExtractSPKIFromDERCert(der_bytes, &spki)); | 396 ASSERT_TRUE(asn1::ExtractSPKIFromDERCert(der_bytes, &spki)); |
| 397 | 397 |
| 398 std::string spki_sha1 = base::SHA1HashString(spki.as_string()); | 398 std::string spki_sha1 = base::SHA1HashString(spki.as_string()); |
| 399 | 399 |
| 400 std::vector<HashValueVector> public_keys(HASH_VALUE_TAGS_COUNT); | 400 std::vector<SHA1Fingerprint> public_keys; |
| 401 public_keys[HASH_VALUE_SHA1] = HashValueVector(); | 401 SHA1Fingerprint fingerprint; |
| 402 HashValue fingerprint; | 402 ASSERT_EQ(sizeof(fingerprint.data), spki_sha1.size()); |
| 403 fingerprint.tag = HASH_VALUE_SHA1; | 403 memcpy(fingerprint.data, spki_sha1.data(), spki_sha1.size()); |
| 404 ASSERT_EQ(fingerprint.size(), spki_sha1.size()); | 404 public_keys.push_back(fingerprint); |
| 405 memcpy(fingerprint.data(), spki_sha1.data(), spki_sha1.size()); | |
| 406 public_keys[HASH_VALUE_SHA1].push_back(fingerprint); | |
| 407 | 405 |
| 408 EXPECT_TRUE(CertVerifyProc::IsPublicKeyBlacklisted(public_keys)) << | 406 EXPECT_TRUE(CertVerifyProc::IsPublicKeyBlacklisted(public_keys)) << |
| 409 "Public key not blocked for " << kDigiNotarFilenames[i]; | 407 "Public key not blocked for " << kDigiNotarFilenames[i]; |
| 410 } | 408 } |
| 411 } | 409 } |
| 412 | 410 |
| 413 TEST_F(CertVerifyProcTest, TestKnownRoot) { | 411 TEST_F(CertVerifyProcTest, TestKnownRoot) { |
| 414 FilePath certs_dir = GetTestCertsDirectory(); | 412 FilePath certs_dir = GetTestCertsDirectory(); |
| 415 CertificateList certs = CreateCertificateListFromFile( | 413 CertificateList certs = CreateCertificateListFromFile( |
| 416 certs_dir, "certse.pem", X509Certificate::FORMAT_AUTO); | 414 certs_dir, "certse.pem", X509Certificate::FORMAT_AUTO); |
| (...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 448 X509Certificate::CreateFromHandle(certs[0]->os_cert_handle(), | 446 X509Certificate::CreateFromHandle(certs[0]->os_cert_handle(), |
| 449 intermediates); | 447 intermediates); |
| 450 int flags = 0; | 448 int flags = 0; |
| 451 CertVerifyResult verify_result; | 449 CertVerifyResult verify_result; |
| 452 | 450 |
| 453 // This will blow up, June 8th, 2014. Sorry! Please disable and file a bug | 451 // This will blow up, June 8th, 2014. Sorry! Please disable and file a bug |
| 454 // against agl. See also TestKnownRoot. | 452 // against agl. See also TestKnownRoot. |
| 455 int error = Verify(cert_chain, "cert.se", flags, NULL, &verify_result); | 453 int error = Verify(cert_chain, "cert.se", flags, NULL, &verify_result); |
| 456 EXPECT_EQ(OK, error); | 454 EXPECT_EQ(OK, error); |
| 457 EXPECT_EQ(0U, verify_result.cert_status); | 455 EXPECT_EQ(0U, verify_result.cert_status); |
| 458 ASSERT_LE(static_cast<size_t>(HASH_VALUE_TAGS_COUNT), | 456 ASSERT_LE(3u, verify_result.public_key_hashes.size()); |
| 459 verify_result.public_key_hashes.size()); | 457 for (unsigned i = 0; i < 3; i++) { |
| 460 const HashValueVector& sha1_hashes = | |
| 461 verify_result.public_key_hashes[HASH_VALUE_SHA1]; | |
| 462 ASSERT_LE(3u, sha1_hashes.size()); | |
| 463 for (unsigned i = 0; i < 3; ++i) { | |
| 464 EXPECT_EQ(HexEncode(kCertSESPKIs[i], base::kSHA1Length), | 458 EXPECT_EQ(HexEncode(kCertSESPKIs[i], base::kSHA1Length), |
| 465 HexEncode(sha1_hashes[i].data(), base::kSHA1Length)); | 459 HexEncode(verify_result.public_key_hashes[i].data, base::kSHA1Length)); |
| 466 } | 460 } |
| 467 } | 461 } |
| 468 | 462 |
| 469 // A regression test for http://crbug.com/70293. | 463 // A regression test for http://crbug.com/70293. |
| 470 // The Key Usage extension in this RSA SSL server certificate does not have | 464 // The Key Usage extension in this RSA SSL server certificate does not have |
| 471 // the keyEncipherment bit. | 465 // the keyEncipherment bit. |
| 472 TEST_F(CertVerifyProcTest, InvalidKeyUsage) { | 466 TEST_F(CertVerifyProcTest, InvalidKeyUsage) { |
| 473 FilePath certs_dir = GetTestCertsDirectory(); | 467 FilePath certs_dir = GetTestCertsDirectory(); |
| 474 | 468 |
| 475 scoped_refptr<X509Certificate> server_cert = | 469 scoped_refptr<X509Certificate> server_cert = |
| (...skipping 494 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 970 #define MAYBE_VerifyMixed DISABLED_VerifyMixed | 964 #define MAYBE_VerifyMixed DISABLED_VerifyMixed |
| 971 #else | 965 #else |
| 972 #define MAYBE_VerifyMixed VerifyMixed | 966 #define MAYBE_VerifyMixed VerifyMixed |
| 973 #endif | 967 #endif |
| 974 WRAPPED_INSTANTIATE_TEST_CASE_P( | 968 WRAPPED_INSTANTIATE_TEST_CASE_P( |
| 975 MAYBE_VerifyMixed, | 969 MAYBE_VerifyMixed, |
| 976 CertVerifyProcWeakDigestTest, | 970 CertVerifyProcWeakDigestTest, |
| 977 testing::ValuesIn(kVerifyMixedTestData)); | 971 testing::ValuesIn(kVerifyMixedTestData)); |
| 978 | 972 |
| 979 } // namespace net | 973 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 10836150:
Revert 150375 - Implement SHA-256 fingerprint support (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/