Chromium Code Reviews Chromium Code Reviews
Issue 11579002:
Add X509Certificate::IsIssuedByEncoded() (Closed)
Base URL: http://git.chromium.org/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/base/x509_certificate.h" | 5 #include "net/base/x509_certificate.h" |
| 6 | 6 |
| 7 #include "base/basictypes.h" | 7 #include "base/basictypes.h" |
| 8 #include "base/file_path.h" | 8 #include "base/file_path.h" |
| 9 #include "base/memory/scoped_ptr.h" | 9 #include "base/memory/scoped_ptr.h" |
| 10 #include "base/pickle.h" | 10 #include "base/pickle.h" |
| (...skipping 373 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 384 ASSERT_EQ(sizeof(paypal_null_serial), | 384 ASSERT_EQ(sizeof(paypal_null_serial), |
| 385 paypal_null_cert->serial_number().size()); | 385 paypal_null_cert->serial_number().size()); |
| 386 EXPECT_TRUE(memcmp(paypal_null_cert->serial_number().data(), | 386 EXPECT_TRUE(memcmp(paypal_null_cert->serial_number().data(), |
| 387 paypal_null_serial, sizeof(paypal_null_serial)) == 0); | 387 paypal_null_serial, sizeof(paypal_null_serial)) == 0); |
| 388 } | 388 } |
| 389 | 389 |
| 390 TEST(X509CertificateTest, CAFingerprints) { | 390 TEST(X509CertificateTest, CAFingerprints) { |
| 391 FilePath certs_dir = GetTestCertsDirectory(); | 391 FilePath certs_dir = GetTestCertsDirectory(); |
| 392 | 392 |
| 393 scoped_refptr<X509Certificate> server_cert = | 393 scoped_refptr<X509Certificate> server_cert = |
| 394 ImportCertFromFile(certs_dir, "salesforce_com_test.pem"); | 394 ImportCertFromFile(certs_dir, "salesforce_com_test.pem"); |
|
digit1
2013/01/08 14:37:23
mmm, I really don't know what caused this, I'll fi
| |
| 395 ASSERT_NE(static_cast<X509Certificate*>(NULL), server_cert); | 395 ASSERT_NE(static_cast<X509Certificate*>(NULL), server_cert); |
| 396 | 396 |
| 397 scoped_refptr<X509Certificate> intermediate_cert1 = | 397 scoped_refptr<X509Certificate> intermediate_cert1 = |
| 398 ImportCertFromFile(certs_dir, "verisign_intermediate_ca_2011.pem"); | 398 ImportCertFromFile(certs_dir, "verisign_intermediate_ca_2011.pem"); |
| 399 ASSERT_NE(static_cast<X509Certificate*>(NULL), intermediate_cert1); | 399 ASSERT_NE(static_cast<X509Certificate*>(NULL), intermediate_cert1); |
| 400 | 400 |
| 401 scoped_refptr<X509Certificate> intermediate_cert2 = | 401 scoped_refptr<X509Certificate> intermediate_cert2 = |
| 402 ImportCertFromFile(certs_dir, "verisign_intermediate_ca_2016.pem"); | 402 ImportCertFromFile(certs_dir, "verisign_intermediate_ca_2016.pem"); |
| 403 ASSERT_NE(static_cast<X509Certificate*>(NULL), intermediate_cert2); | 403 ASSERT_NE(static_cast<X509Certificate*>(NULL), intermediate_cert2); |
| 404 | 404 |
| (...skipping 319 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 724 both_issuers.push_back(mit_issuer); | 724 both_issuers.push_back(mit_issuer); |
| 725 both_issuers.push_back(foaf_issuer); | 725 both_issuers.push_back(foaf_issuer); |
| 726 EXPECT_TRUE(foaf_me_chromium_test_cert->IsIssuedBy(both_issuers)); | 726 EXPECT_TRUE(foaf_me_chromium_test_cert->IsIssuedBy(both_issuers)); |
| 727 EXPECT_TRUE(mit_davidben_cert->IsIssuedBy(both_issuers)); | 727 EXPECT_TRUE(mit_davidben_cert->IsIssuedBy(both_issuers)); |
| 728 EXPECT_FALSE(foaf_me_chromium_test_cert->IsIssuedBy(mit_issuers)); | 728 EXPECT_FALSE(foaf_me_chromium_test_cert->IsIssuedBy(mit_issuers)); |
| 729 EXPECT_FALSE(mit_davidben_cert->IsIssuedBy(foaf_issuers)); | 729 EXPECT_FALSE(mit_davidben_cert->IsIssuedBy(foaf_issuers)); |
| 730 } | 730 } |
| 731 #endif // defined(OS_MACOSX) | 731 #endif // defined(OS_MACOSX) |
| 732 #endif // !defined(OS_IOS) | 732 #endif // !defined(OS_IOS) |
| 733 | 733 |
| 734 TEST(X509CertificateTest, IsIssuedByEncoded) { | |
| 735 FilePath certs_dir = GetTestCertsDirectory(); | |
| 736 | |
| 737 // Test a client certificate from MIT. | |
| 738 scoped_refptr<X509Certificate> mit_davidben_cert( | |
| 739 ImportCertFromFile(certs_dir, "mit.davidben.der")); | |
| 740 ASSERT_NE(static_cast<X509Certificate*>(NULL), mit_davidben_cert); | |
| 741 | |
| 742 std::string mit_issuer(reinterpret_cast<const char*>(MITDN), | |
| 743 sizeof(MITDN)); | |
| 744 | |
| 745 // Test a certificate from Google, issued by Thawte | |
| 746 scoped_refptr<X509Certificate> google_cert( | |
| 747 ImportCertFromFile(certs_dir, "google.single.der")); | |
| 748 ASSERT_NE(static_cast<X509Certificate*>(NULL), google_cert); | |
| 749 | |
| 750 std::string thawte_issuer(reinterpret_cast<const char*>(ThawteDN), | |
| 751 sizeof(ThawteDN)); | |
| 752 | |
| 753 // Check that the David Ben certificate is issued by MIT, but not | |
| 754 // by Thawte. | |
| 755 std::vector<std::string> issuers; | |
| 756 issuers.clear(); | |
| 757 issuers.push_back(mit_issuer); | |
| 758 EXPECT_TRUE(mit_davidben_cert->IsIssuedByEncoded(issuers)); | |
| 759 EXPECT_FALSE(google_cert->IsIssuedByEncoded(issuers)); | |
| 760 | |
| 761 // Check that the Google certificate is issued by Thawte and not | |
| 762 // by MIT. | |
| 763 issuers.clear(); | |
| 764 issuers.push_back(thawte_issuer); | |
| 765 EXPECT_FALSE(mit_davidben_cert->IsIssuedByEncoded(issuers)); | |
| 766 EXPECT_TRUE(google_cert->IsIssuedByEncoded(issuers)); | |
| 767 | |
| 768 // Check that they both pass when given a list of the two issuers. | |
| 769 issuers.clear(); | |
| 770 issuers.push_back(mit_issuer); | |
| 771 issuers.push_back(thawte_issuer); | |
| 772 EXPECT_TRUE(mit_davidben_cert->IsIssuedByEncoded(issuers)); | |
| 773 EXPECT_TRUE(google_cert->IsIssuedByEncoded(issuers)); | |
| 774 } | |
| 775 | |
| 776 TEST(X509CertificateTest, IsIssuedByEncodedWithIntermediates) { | |
| 777 FilePath certs_dir = GetTestCertsDirectory(); | |
| 778 | |
| 779 scoped_refptr<X509Certificate> server_cert = | |
| 780 ImportCertFromFile(certs_dir, "www_us_army_mil_cert.der"); | |
| 781 ASSERT_NE(static_cast<X509Certificate*>(NULL), server_cert); | |
| 782 | |
| 783 // The intermediate CA certificate's policyConstraints extension has a | |
| 784 // requireExplicitPolicy field with SkipCerts=0. | |
| 785 scoped_refptr<X509Certificate> intermediate_cert = | |
| 786 ImportCertFromFile(certs_dir, "dod_ca_17_cert.der"); | |
| 787 ASSERT_NE(static_cast<X509Certificate*>(NULL), intermediate_cert); | |
| 788 | |
| 789 std::string dod_ca_17_issuer(reinterpret_cast<const char*>(DodCA17DN), | |
| 790 sizeof(DodCA17DN)); | |
| 791 | |
| 792 scoped_refptr<X509Certificate> root_cert = | |
| 793 ImportCertFromFile(certs_dir, "dod_root_ca_2_cert.der"); | |
| 794 | |
| 795 std::string dod_root_ca_2_issuer( | |
| 796 reinterpret_cast<const char*>(DodRootCA2DN), sizeof(DodRootCA2DN)); | |
| 797 | |
| 798 X509Certificate::OSCertHandles intermediates; | |
| 799 intermediates.push_back(intermediate_cert->os_cert_handle()); | |
| 800 scoped_refptr<X509Certificate> cert_chain = | |
| 801 X509Certificate::CreateFromHandle(server_cert->os_cert_handle(), | |
| 802 intermediates); | |
| 803 | |
| 804 std::vector<std::string> issuers; | |
| 805 | |
| 806 issuers.clear(); | |
| 807 issuers.push_back(dod_ca_17_issuer); | |
| 808 EXPECT_TRUE(cert_chain->IsIssuedByEncoded(issuers)); | |
| 809 | |
| 810 issuers.clear(); | |
| 811 issuers.push_back(dod_root_ca_2_issuer); | |
| 812 EXPECT_TRUE(cert_chain->IsIssuedByEncoded(issuers)); | |
| 813 | |
| 814 issuers.clear(); | |
| 815 issuers.push_back(dod_ca_17_issuer); | |
| 816 issuers.push_back(dod_root_ca_2_issuer); | |
| 817 EXPECT_TRUE(cert_chain->IsIssuedByEncoded(issuers)); | |
| 818 } | |
| 819 | |
| 734 #if !defined(OS_IOS) // TODO(ios): Unable to create certificates. | 820 #if !defined(OS_IOS) // TODO(ios): Unable to create certificates. |
| 735 #if defined(USE_NSS) || defined(OS_WIN) || defined(OS_MACOSX) | 821 #if defined(USE_NSS) || defined(OS_WIN) || defined(OS_MACOSX) |
| 736 // This test creates a self-signed cert from a private key and then verify the | 822 // This test creates a self-signed cert from a private key and then verify the |
| 737 // content of the certificate. | 823 // content of the certificate. |
| 738 TEST(X509CertificateTest, CreateSelfSigned) { | 824 TEST(X509CertificateTest, CreateSelfSigned) { |
| 739 scoped_ptr<crypto::RSAPrivateKey> private_key( | 825 scoped_ptr<crypto::RSAPrivateKey> private_key( |
| 740 crypto::RSAPrivateKey::Create(1024)); | 826 crypto::RSAPrivateKey::Create(1024)); |
| 741 scoped_refptr<X509Certificate> cert = | 827 scoped_refptr<X509Certificate> cert = |
| 742 X509Certificate::CreateSelfSigned( | 828 X509Certificate::CreateSelfSigned( |
| 743 private_key.get(), "CN=subject", 1, base::TimeDelta::FromDays(1)); | 829 private_key.get(), "CN=subject", 1, base::TimeDelta::FromDays(1)); |
| (...skipping 367 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1111 } | 1197 } |
| 1112 | 1198 |
| 1113 EXPECT_EQ(test_data.expected, X509Certificate::VerifyHostname( | 1199 EXPECT_EQ(test_data.expected, X509Certificate::VerifyHostname( |
| 1114 test_data.hostname, common_name, dns_names, ip_addressses)); | 1200 test_data.hostname, common_name, dns_names, ip_addressses)); |
| 1115 } | 1201 } |
| 1116 | 1202 |
| 1117 INSTANTIATE_TEST_CASE_P(, X509CertificateNameVerifyTest, | 1203 INSTANTIATE_TEST_CASE_P(, X509CertificateNameVerifyTest, |
| 1118 testing::ValuesIn(kNameVerifyTestData)); | 1204 testing::ValuesIn(kNameVerifyTestData)); |
| 1119 | 1205 |
| 1120 } // namespace net | 1206 } // namespace net |
| OLD | NEW |
