OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/base/cert_verify_proc.h" | 5 #include "net/base/cert_verify_proc.h" |
6 | 6 |
7 #include <vector> | 7 #include <vector> |
8 | 8 |
9 #include "base/file_path.h" | 9 #include "base/file_path.h" |
10 #include "base/string_number_conversions.h" | 10 #include "base/string_number_conversions.h" |
(...skipping 205 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
216 int flags = CertVerifier::VERIFY_REV_CHECKING_ENABLED | | 216 int flags = CertVerifier::VERIFY_REV_CHECKING_ENABLED | |
217 CertVerifier::VERIFY_EV_CERT; | 217 CertVerifier::VERIFY_EV_CERT; |
218 int error = Verify(cert_chain, "2029.globalsign.com", flags, NULL, | 218 int error = Verify(cert_chain, "2029.globalsign.com", flags, NULL, |
219 &verify_result); | 219 &verify_result); |
220 if (error == OK) | 220 if (error == OK) |
221 EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_IS_EV); | 221 EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_IS_EV); |
222 else | 222 else |
223 EXPECT_EQ(ERR_CERT_DATE_INVALID, error); | 223 EXPECT_EQ(ERR_CERT_DATE_INVALID, error); |
224 } | 224 } |
225 | 225 |
| 226 // Test that verifying an ECDSA certificate doesn't crash on XP. (See |
| 227 // crbug.com/144466). |
| 228 TEST_F(CertVerifyProcTest, ECDSA_RSA) { |
| 229 FilePath certs_dir = GetTestCertsDirectory(); |
| 230 |
| 231 scoped_refptr<X509Certificate> cert = |
| 232 ImportCertFromFile(certs_dir, |
| 233 "prime256v1-ecdsa-ee-by-1024-rsa-intermediate.pem"); |
| 234 |
| 235 CertVerifyResult verify_result; |
| 236 Verify(cert, "127.0.0.1", 0, NULL, &verify_result); |
| 237 |
| 238 // We don't check verify_result because the certificate is signed by an |
| 239 // unknown CA and will be considered invalid on XP because of the ECDSA |
| 240 // public key. |
| 241 } |
| 242 |
226 // Currently, only RSA and DSA keys are checked for weakness, and our example | 243 // Currently, only RSA and DSA keys are checked for weakness, and our example |
227 // weak size is 768. These could change in the future. | 244 // weak size is 768. These could change in the future. |
228 // | 245 // |
229 // Note that this means there may be false negatives: keys for other | 246 // Note that this means there may be false negatives: keys for other |
230 // algorithms and which are weak will pass this test. | 247 // algorithms and which are weak will pass this test. |
231 static bool IsWeakKeyType(const std::string& key_type) { | 248 static bool IsWeakKeyType(const std::string& key_type) { |
232 size_t pos = key_type.find("-"); | 249 size_t pos = key_type.find("-"); |
233 std::string size = key_type.substr(0, pos); | 250 std::string size = key_type.substr(0, pos); |
234 std::string type = key_type.substr(pos + 1); | 251 std::string type = key_type.substr(pos + 1); |
235 | 252 |
(...skipping 729 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
965 #define MAYBE_VerifyMixed DISABLED_VerifyMixed | 982 #define MAYBE_VerifyMixed DISABLED_VerifyMixed |
966 #else | 983 #else |
967 #define MAYBE_VerifyMixed VerifyMixed | 984 #define MAYBE_VerifyMixed VerifyMixed |
968 #endif | 985 #endif |
969 WRAPPED_INSTANTIATE_TEST_CASE_P( | 986 WRAPPED_INSTANTIATE_TEST_CASE_P( |
970 MAYBE_VerifyMixed, | 987 MAYBE_VerifyMixed, |
971 CertVerifyProcWeakDigestTest, | 988 CertVerifyProcWeakDigestTest, |
972 testing::ValuesIn(kVerifyMixedTestData)); | 989 testing::ValuesIn(kVerifyMixedTestData)); |
973 | 990 |
974 } // namespace net | 991 } // namespace net |
OLD | NEW |