Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(279)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/base/x509_certificate_unittest.cc

Issue 9271060: Check cert->isRoot to skip extraneous root certificates in certificate (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Improve comments and add TODO for generating test certs Created 8 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/base/x509_certificate_nss.cc ('k') | net/data/ssl/certificates/README » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "base/file_path.h" 5 #include "base/file_path.h"
6 #include "base/file_util.h" 6 #include "base/file_util.h"
7 #include "base/path_service.h" 7 #include "base/path_service.h"
8 #include "base/pickle.h" 8 #include "base/pickle.h"
9 #include "base/sha1.h" 9 #include "base/sha1.h"
10 #include "base/string_number_conversions.h" 10 #include "base/string_number_conversions.h"
(...skipping 684 matching lines...) Expand 10 before | Expand all | Expand 10 after
695 } else { 695 } else {
696 EXPECT_EQ(OK, error); 696 EXPECT_EQ(OK, error);
697 EXPECT_EQ(0U, verify_result.cert_status & CERT_STATUS_WEAK_KEY); 697 EXPECT_EQ(0U, verify_result.cert_status & CERT_STATUS_WEAK_KEY);
698 } 698 }
699 } 699 }
700 } 700 }
701 701
702 TestRootCerts::GetInstance()->Clear(); 702 TestRootCerts::GetInstance()->Clear();
703 } 703 }
704 704
705 // Test for bug 108514.
706 // The certificate will expire on 2012-07-20. The test will still
707 // pass if error == ERR_CERT_DATE_INVALID. TODO(rsleevi): generate test
708 // certificates for this unit test. http://crbug.com/111730
709 TEST(X509CertificateTest, ExtraneousMD5RootCert) {
710 FilePath certs_dir = GetTestCertsDirectory();
711
712 scoped_refptr<X509Certificate> server_cert =
713 ImportCertFromFile(certs_dir, "images_etrade_wallst_com.pem");
714 ASSERT_NE(static_cast<X509Certificate*>(NULL), server_cert);
715
716 scoped_refptr<X509Certificate> intermediate_cert =
717 ImportCertFromFile(certs_dir, "globalsign_orgv1_ca.pem");
718 ASSERT_NE(static_cast<X509Certificate*>(NULL), intermediate_cert);
719
720 scoped_refptr<X509Certificate> md5_root_cert =
721 ImportCertFromFile(certs_dir, "globalsign_root_ca_md5.pem");
722 ASSERT_NE(static_cast<X509Certificate*>(NULL), md5_root_cert);
723
724 X509Certificate::OSCertHandles intermediates;
725 intermediates.push_back(intermediate_cert->os_cert_handle());
726 intermediates.push_back(md5_root_cert->os_cert_handle());
727 scoped_refptr<X509Certificate> cert_chain =
728 X509Certificate::CreateFromHandle(server_cert->os_cert_handle(),
729 intermediates);
730
731 CertVerifyResult verify_result;
732 int flags = 0;
733 int error = cert_chain->Verify("images.etrade.wallst.com", flags, NULL,
734 &verify_result);
735 if (error != OK)
736 EXPECT_EQ(ERR_CERT_DATE_INVALID, error);
737
738 EXPECT_FALSE(verify_result.has_md5);
739 EXPECT_FALSE(verify_result.has_md5_ca);
740 }
741
705 // Test for bug 94673. 742 // Test for bug 94673.
706 TEST(X509CertificateTest, GoogleDigiNotarTest) { 743 TEST(X509CertificateTest, GoogleDigiNotarTest) {
707 FilePath certs_dir = GetTestCertsDirectory(); 744 FilePath certs_dir = GetTestCertsDirectory();
708 745
709 scoped_refptr<X509Certificate> server_cert = 746 scoped_refptr<X509Certificate> server_cert =
710 ImportCertFromFile(certs_dir, "google_diginotar.pem"); 747 ImportCertFromFile(certs_dir, "google_diginotar.pem");
711 ASSERT_NE(static_cast<X509Certificate*>(NULL), server_cert); 748 ASSERT_NE(static_cast<X509Certificate*>(NULL), server_cert);
712 749
713 scoped_refptr<X509Certificate> intermediate_cert = 750 scoped_refptr<X509Certificate> intermediate_cert =
714 ImportCertFromFile(certs_dir, "diginotar_public_ca_2025.pem"); 751 ImportCertFromFile(certs_dir, "diginotar_public_ca_2025.pem");
(...skipping 1260 matching lines...) Expand 10 before | Expand all | Expand 10 after
1975 #define MAYBE_VerifyMixed DISABLED_VerifyMixed 2012 #define MAYBE_VerifyMixed DISABLED_VerifyMixed
1976 #else 2013 #else
1977 #define MAYBE_VerifyMixed VerifyMixed 2014 #define MAYBE_VerifyMixed VerifyMixed
1978 #endif 2015 #endif
1979 WRAPPED_INSTANTIATE_TEST_CASE_P( 2016 WRAPPED_INSTANTIATE_TEST_CASE_P(
1980 MAYBE_VerifyMixed, 2017 MAYBE_VerifyMixed,
1981 X509CertificateWeakDigestTest, 2018 X509CertificateWeakDigestTest,
1982 testing::ValuesIn(kVerifyMixedTestData)); 2019 testing::ValuesIn(kVerifyMixedTestData));
1983 2020
1984 } // namespace net 2021 } // namespace net
OLDNEW
« no previous file with comments | « net/base/x509_certificate_nss.cc ('k') | net/data/ssl/certificates/README » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698