| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/base/x509_certificate.h" | 5 #include "net/base/x509_certificate.h" |
| 6 | 6 |
| 7 #include "base/basictypes.h" | 7 #include "base/basictypes.h" |
| 8 #include "base/file_path.h" | 8 #include "base/file_path.h" |
| 9 #include "base/memory/scoped_ptr.h" | 9 #include "base/memory/scoped_ptr.h" |
| 10 #include "base/pickle.h" | 10 #include "base/pickle.h" |
| (...skipping 713 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 724 both_issuers.push_back(mit_issuer); | 724 both_issuers.push_back(mit_issuer); |
| 725 both_issuers.push_back(foaf_issuer); | 725 both_issuers.push_back(foaf_issuer); |
| 726 EXPECT_TRUE(foaf_me_chromium_test_cert->IsIssuedBy(both_issuers)); | 726 EXPECT_TRUE(foaf_me_chromium_test_cert->IsIssuedBy(both_issuers)); |
| 727 EXPECT_TRUE(mit_davidben_cert->IsIssuedBy(both_issuers)); | 727 EXPECT_TRUE(mit_davidben_cert->IsIssuedBy(both_issuers)); |
| 728 EXPECT_FALSE(foaf_me_chromium_test_cert->IsIssuedBy(mit_issuers)); | 728 EXPECT_FALSE(foaf_me_chromium_test_cert->IsIssuedBy(mit_issuers)); |
| 729 EXPECT_FALSE(mit_davidben_cert->IsIssuedBy(foaf_issuers)); | 729 EXPECT_FALSE(mit_davidben_cert->IsIssuedBy(foaf_issuers)); |
| 730 } | 730 } |
| 731 #endif // defined(OS_MACOSX) | 731 #endif // defined(OS_MACOSX) |
| 732 #endif // !defined(OS_IOS) | 732 #endif // !defined(OS_IOS) |
| 733 | 733 |
| 734 TEST(X509CertificateTest, IsIssuedByEncoded) { |
| 735 FilePath certs_dir = GetTestCertsDirectory(); |
| 736 |
| 737 // Test a client certificate from MIT. |
| 738 scoped_refptr<X509Certificate> mit_davidben_cert( |
| 739 ImportCertFromFile(certs_dir, "mit.davidben.der")); |
| 740 ASSERT_NE(static_cast<X509Certificate*>(NULL), mit_davidben_cert); |
| 741 |
| 742 std::string mit_issuer(reinterpret_cast<const char*>(MITDN), |
| 743 sizeof(MITDN)); |
| 744 |
| 745 // Test a certificate from Google, issued by Thawte |
| 746 scoped_refptr<X509Certificate> google_cert( |
| 747 ImportCertFromFile(certs_dir, "google.single.der")); |
| 748 ASSERT_NE(static_cast<X509Certificate*>(NULL), google_cert); |
| 749 |
| 750 std::string thawte_issuer(reinterpret_cast<const char*>(ThawteDN), |
| 751 sizeof(ThawteDN)); |
| 752 |
| 753 // Check that the David Ben certificate is issued by MIT, but not |
| 754 // by Thawte. |
| 755 std::vector<std::string> issuers; |
| 756 issuers.clear(); |
| 757 issuers.push_back(mit_issuer); |
| 758 EXPECT_TRUE(mit_davidben_cert->IsIssuedByEncoded(issuers)); |
| 759 EXPECT_FALSE(google_cert->IsIssuedByEncoded(issuers)); |
| 760 |
| 761 // Check that the Google certificate is issued by Thawte and not |
| 762 // by MIT. |
| 763 issuers.clear(); |
| 764 issuers.push_back(thawte_issuer); |
| 765 EXPECT_FALSE(mit_davidben_cert->IsIssuedByEncoded(issuers)); |
| 766 EXPECT_TRUE(google_cert->IsIssuedByEncoded(issuers)); |
| 767 |
| 768 // Check that they both pass when given a list of the two issuers. |
| 769 issuers.clear(); |
| 770 issuers.push_back(mit_issuer); |
| 771 issuers.push_back(thawte_issuer); |
| 772 EXPECT_TRUE(mit_davidben_cert->IsIssuedByEncoded(issuers)); |
| 773 EXPECT_TRUE(google_cert->IsIssuedByEncoded(issuers)); |
| 774 } |
| 775 |
| 776 TEST(X509CertificateTest, IsIssuedByEncodedWithIntermediates) { |
| 777 FilePath certs_dir = GetTestCertsDirectory(); |
| 778 |
| 779 scoped_refptr<X509Certificate> server_cert = |
| 780 ImportCertFromFile(certs_dir, "www_us_army_mil_cert.der"); |
| 781 ASSERT_NE(static_cast<X509Certificate*>(NULL), server_cert); |
| 782 |
| 783 // The intermediate CA certificate's policyConstraints extension has a |
| 784 // requireExplicitPolicy field with SkipCerts=0. |
| 785 scoped_refptr<X509Certificate> intermediate_cert = |
| 786 ImportCertFromFile(certs_dir, "dod_ca_17_cert.der"); |
| 787 ASSERT_NE(static_cast<X509Certificate*>(NULL), intermediate_cert); |
| 788 |
| 789 std::string dod_ca_17_issuer(reinterpret_cast<const char*>(DodCA17DN), |
| 790 sizeof(DodCA17DN)); |
| 791 |
| 792 scoped_refptr<X509Certificate> root_cert = |
| 793 ImportCertFromFile(certs_dir, "dod_root_ca_2_cert.der"); |
| 794 |
| 795 std::string dod_root_ca_2_issuer( |
| 796 reinterpret_cast<const char*>(DodRootCA2DN), sizeof(DodRootCA2DN)); |
| 797 |
| 798 X509Certificate::OSCertHandles intermediates; |
| 799 intermediates.push_back(intermediate_cert->os_cert_handle()); |
| 800 scoped_refptr<X509Certificate> cert_chain = |
| 801 X509Certificate::CreateFromHandle(server_cert->os_cert_handle(), |
| 802 intermediates); |
| 803 |
| 804 std::vector<std::string> issuers; |
| 805 |
| 806 // Check that the chain is issued by DOD CA-17. |
| 807 issuers.clear(); |
| 808 issuers.push_back(dod_ca_17_issuer); |
| 809 EXPECT_TRUE(cert_chain->IsIssuedByEncoded(issuers)); |
| 810 |
| 811 // Check that the chain is also issued by DoD Root CA 2. |
| 812 issuers.clear(); |
| 813 issuers.push_back(dod_root_ca_2_issuer); |
| 814 EXPECT_TRUE(cert_chain->IsIssuedByEncoded(issuers)); |
| 815 |
| 816 // Check that the chain is issued by either one of the two DOD issuers. |
| 817 issuers.clear(); |
| 818 issuers.push_back(dod_ca_17_issuer); |
| 819 issuers.push_back(dod_root_ca_2_issuer); |
| 820 EXPECT_TRUE(cert_chain->IsIssuedByEncoded(issuers)); |
| 821 |
| 822 // Check that an empty issuers list returns false. |
| 823 issuers.clear(); |
| 824 EXPECT_FALSE(cert_chain->IsIssuedByEncoded(issuers)); |
| 825 |
| 826 // Check that the chain is not issued by MIT |
| 827 std::string mit_issuer(reinterpret_cast<const char*>(MITDN), |
| 828 sizeof(MITDN)); |
| 829 issuers.clear(); |
| 830 issuers.push_back(mit_issuer); |
| 831 EXPECT_FALSE(cert_chain->IsIssuedByEncoded(issuers)); |
| 832 } |
| 833 |
| 734 #if !defined(OS_IOS) // TODO(ios): Unable to create certificates. | 834 #if !defined(OS_IOS) // TODO(ios): Unable to create certificates. |
| 735 #if defined(USE_NSS) || defined(OS_WIN) || defined(OS_MACOSX) | 835 #if defined(USE_NSS) || defined(OS_WIN) || defined(OS_MACOSX) |
| 736 // This test creates a self-signed cert from a private key and then verify the | 836 // This test creates a self-signed cert from a private key and then verify the |
| 737 // content of the certificate. | 837 // content of the certificate. |
| 738 TEST(X509CertificateTest, CreateSelfSigned) { | 838 TEST(X509CertificateTest, CreateSelfSigned) { |
| 739 scoped_ptr<crypto::RSAPrivateKey> private_key( | 839 scoped_ptr<crypto::RSAPrivateKey> private_key( |
| 740 crypto::RSAPrivateKey::Create(1024)); | 840 crypto::RSAPrivateKey::Create(1024)); |
| 741 scoped_refptr<X509Certificate> cert = | 841 scoped_refptr<X509Certificate> cert = |
| 742 X509Certificate::CreateSelfSigned( | 842 X509Certificate::CreateSelfSigned( |
| 743 private_key.get(), "CN=subject", 1, base::TimeDelta::FromDays(1)); | 843 private_key.get(), "CN=subject", 1, base::TimeDelta::FromDays(1)); |
| (...skipping 367 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1111 } | 1211 } |
| 1112 | 1212 |
| 1113 EXPECT_EQ(test_data.expected, X509Certificate::VerifyHostname( | 1213 EXPECT_EQ(test_data.expected, X509Certificate::VerifyHostname( |
| 1114 test_data.hostname, common_name, dns_names, ip_addressses)); | 1214 test_data.hostname, common_name, dns_names, ip_addressses)); |
| 1115 } | 1215 } |
| 1116 | 1216 |
| 1117 INSTANTIATE_TEST_CASE_P(, X509CertificateNameVerifyTest, | 1217 INSTANTIATE_TEST_CASE_P(, X509CertificateNameVerifyTest, |
| 1118 testing::ValuesIn(kNameVerifyTestData)); | 1218 testing::ValuesIn(kNameVerifyTestData)); |
| 1119 | 1219 |
| 1120 } // namespace net | 1220 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 11579002:
Add X509Certificate::IsIssuedByEncoded() (Closed)
Base URL: http://git.chromium.org/chromium/src.git@master