OLD | NEW |
1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "base/file_path.h" | 5 #include "base/file_path.h" |
6 #include "base/file_util.h" | 6 #include "base/file_util.h" |
7 #include "base/path_service.h" | 7 #include "base/path_service.h" |
8 #include "base/pickle.h" | 8 #include "base/pickle.h" |
9 #include "net/base/cert_status_flags.h" | 9 #include "net/base/cert_status_flags.h" |
10 #include "net/base/cert_test_util.h" | 10 #include "net/base/cert_test_util.h" |
(...skipping 73 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
84 certs_dir = certs_dir.AppendASCII("net"); | 84 certs_dir = certs_dir.AppendASCII("net"); |
85 certs_dir = certs_dir.AppendASCII("data"); | 85 certs_dir = certs_dir.AppendASCII("data"); |
86 certs_dir = certs_dir.AppendASCII("ssl"); | 86 certs_dir = certs_dir.AppendASCII("ssl"); |
87 certs_dir = certs_dir.AppendASCII("certificates"); | 87 certs_dir = certs_dir.AppendASCII("certificates"); |
88 return certs_dir; | 88 return certs_dir; |
89 } | 89 } |
90 | 90 |
91 // Imports a certificate file in the src/net/data/ssl/certificates directory. | 91 // Imports a certificate file in the src/net/data/ssl/certificates directory. |
92 // certs_dir represents the test certificates directory. cert_file is the | 92 // certs_dir represents the test certificates directory. cert_file is the |
93 // name of the certificate file. | 93 // name of the certificate file. |
94 X509Certificate* ImportCertFromFile(const FilePath& certs_dir, | 94 X509Certificate* ImportCertFromFile( |
95 const std::string& cert_file) { | 95 const FilePath& certs_dir, |
| 96 const std::string& cert_file, |
| 97 X509Certificate::CertificateFormat format) { |
96 FilePath cert_path = certs_dir.AppendASCII(cert_file); | 98 FilePath cert_path = certs_dir.AppendASCII(cert_file); |
97 std::string cert_data; | 99 std::string cert_data; |
98 if (!file_util::ReadFileToString(cert_path, &cert_data)) | 100 if (!file_util::ReadFileToString(cert_path, &cert_data)) |
99 return NULL; | 101 return NULL; |
100 return X509Certificate::CreateFromBytes(cert_data.data(), cert_data.size()); | 102 return X509Certificate::CreateFromBytes(cert_data.data(), cert_data.size(), |
| 103 format); |
101 } | 104 } |
102 | 105 |
103 } // namespace | 106 void CheckGoogleCert(const scoped_refptr<X509Certificate>& google_cert, |
104 | 107 unsigned char* expected_fingerprint, |
105 TEST(X509CertificateTest, GoogleCertParsing) { | 108 double valid_from, double valid_to, |
106 scoped_refptr<X509Certificate> google_cert = X509Certificate::CreateFromBytes( | 109 bool check_chain) { |
107 reinterpret_cast<const char*>(google_der), sizeof(google_der)); | |
108 | |
109 ASSERT_NE(static_cast<X509Certificate*>(NULL), google_cert); | 110 ASSERT_NE(static_cast<X509Certificate*>(NULL), google_cert); |
110 | 111 |
111 const X509Certificate::Principal& subject = google_cert->subject(); | 112 const X509Certificate::Principal& subject = google_cert->subject(); |
112 EXPECT_EQ("www.google.com", subject.common_name); | 113 EXPECT_EQ("www.google.com", subject.common_name); |
113 EXPECT_EQ("Mountain View", subject.locality_name); | 114 EXPECT_EQ("Mountain View", subject.locality_name); |
114 EXPECT_EQ("California", subject.state_or_province_name); | 115 EXPECT_EQ("California", subject.state_or_province_name); |
115 EXPECT_EQ("US", subject.country_name); | 116 EXPECT_EQ("US", subject.country_name); |
116 EXPECT_EQ(0U, subject.street_addresses.size()); | 117 EXPECT_EQ(0U, subject.street_addresses.size()); |
117 EXPECT_EQ(1U, subject.organization_names.size()); | 118 EXPECT_EQ(1U, subject.organization_names.size()); |
118 EXPECT_EQ("Google Inc", subject.organization_names[0]); | 119 EXPECT_EQ("Google Inc", subject.organization_names[0]); |
119 EXPECT_EQ(0U, subject.organization_unit_names.size()); | 120 EXPECT_EQ(0U, subject.organization_unit_names.size()); |
120 EXPECT_EQ(0U, subject.domain_components.size()); | 121 EXPECT_EQ(0U, subject.domain_components.size()); |
121 | 122 |
122 const X509Certificate::Principal& issuer = google_cert->issuer(); | 123 const X509Certificate::Principal& issuer = google_cert->issuer(); |
123 EXPECT_EQ("Thawte SGC CA", issuer.common_name); | 124 EXPECT_EQ("Thawte SGC CA", issuer.common_name); |
124 EXPECT_EQ("", issuer.locality_name); | 125 EXPECT_EQ("", issuer.locality_name); |
125 EXPECT_EQ("", issuer.state_or_province_name); | 126 EXPECT_EQ("", issuer.state_or_province_name); |
126 EXPECT_EQ("ZA", issuer.country_name); | 127 EXPECT_EQ("ZA", issuer.country_name); |
127 EXPECT_EQ(0U, issuer.street_addresses.size()); | 128 EXPECT_EQ(0U, issuer.street_addresses.size()); |
128 EXPECT_EQ(1U, issuer.organization_names.size()); | 129 EXPECT_EQ(1U, issuer.organization_names.size()); |
129 EXPECT_EQ("Thawte Consulting (Pty) Ltd.", issuer.organization_names[0]); | 130 EXPECT_EQ("Thawte Consulting (Pty) Ltd.", issuer.organization_names[0]); |
130 EXPECT_EQ(0U, issuer.organization_unit_names.size()); | 131 EXPECT_EQ(0U, issuer.organization_unit_names.size()); |
131 EXPECT_EQ(0U, issuer.domain_components.size()); | 132 EXPECT_EQ(0U, issuer.domain_components.size()); |
132 | 133 |
133 // Use DoubleT because its epoch is the same on all platforms | 134 // Use DoubleT because its epoch is the same on all platforms |
134 const Time& valid_start = google_cert->valid_start(); | 135 const Time& valid_start = google_cert->valid_start(); |
135 EXPECT_EQ(1238192407, valid_start.ToDoubleT()); // Mar 27 22:20:07 2009 GMT | 136 EXPECT_EQ(valid_from, valid_start.ToDoubleT()); |
136 | 137 |
137 const Time& valid_expiry = google_cert->valid_expiry(); | 138 const Time& valid_expiry = google_cert->valid_expiry(); |
138 EXPECT_EQ(1269728407, valid_expiry.ToDoubleT()); // Mar 27 22:20:07 2010 GMT | 139 EXPECT_EQ(valid_to, valid_expiry.ToDoubleT()); |
139 | 140 |
140 const X509Certificate::Fingerprint& fingerprint = google_cert->fingerprint(); | 141 const X509Certificate::Fingerprint& fingerprint = google_cert->fingerprint(); |
141 for (size_t i = 0; i < 20; ++i) | 142 for (size_t i = 0; i < 20; ++i) |
142 EXPECT_EQ(google_fingerprint[i], fingerprint.data[i]); | 143 EXPECT_EQ(expected_fingerprint[i], fingerprint.data[i]); |
143 | 144 |
144 std::vector<std::string> dns_names; | 145 std::vector<std::string> dns_names; |
145 google_cert->GetDNSNames(&dns_names); | 146 google_cert->GetDNSNames(&dns_names); |
146 EXPECT_EQ(1U, dns_names.size()); | 147 EXPECT_EQ(1U, dns_names.size()); |
147 EXPECT_EQ("www.google.com", dns_names[0]); | 148 EXPECT_EQ("www.google.com", dns_names[0]); |
148 | 149 |
149 #if TEST_EV | 150 #if TEST_EV |
150 // TODO(avi): turn this on for the Mac once EV checking is implemented. | 151 // TODO(avi): turn this on for the Mac once EV checking is implemented. |
151 CertVerifyResult verify_result; | 152 CertVerifyResult verify_result; |
152 int flags = X509Certificate::VERIFY_REV_CHECKING_ENABLED | | 153 int flags = X509Certificate::VERIFY_REV_CHECKING_ENABLED | |
153 X509Certificate::VERIFY_EV_CERT; | 154 X509Certificate::VERIFY_EV_CERT; |
154 EXPECT_EQ(OK, google_cert->Verify("www.google.com", flags, &verify_result)); | 155 EXPECT_EQ(OK, google_cert->Verify("www.google.com", flags, &verify_result)); |
155 EXPECT_EQ(0, verify_result.cert_status & CERT_STATUS_IS_EV); | 156 EXPECT_EQ(0, verify_result.cert_status & CERT_STATUS_IS_EV); |
156 #endif | 157 #endif |
157 } | 158 } |
158 | 159 |
| 160 // The fingerprint for the parse tests is different than the fingerprint |
| 161 // included in test_certificate_data.h, as the parse test certificate is more |
| 162 // recent. |
| 163 unsigned char google_parse_fingerprint[] = { |
| 164 0x40, 0x50, 0x62, 0xe5, 0xbe, 0xfd, 0xe4, 0xaf, 0x97, 0xe9, 0x38, 0x2a, |
| 165 0xf1, 0x6c, 0xc8, 0x7c, 0x8f, 0xb7, 0xc4, 0xe2 |
| 166 }; |
| 167 |
| 168 // Dec 18 00:00:00 2009 GMT |
| 169 const double kGoogleParseValidFrom = 1261094400; |
| 170 // Dec 18 23:59:59 2011 GMT |
| 171 const double kGoogleParseValidTo = 1324252799; |
| 172 |
| 173 struct CertificateFormatTestData { |
| 174 const char* file_name; |
| 175 X509Certificate::CertificateFormat format; |
| 176 bool should_test_chain; |
| 177 }; |
| 178 |
| 179 const CertificateFormatTestData FormatTestData[] = { |
| 180 { "google.der", X509Certificate::FORMAT_DER, false }, |
| 181 { "google.single.pem", X509Certificate::FORMAT_DER, false }, |
| 182 |
| 183 { "google.single.pem", X509Certificate::FORMAT_PEM, false }, |
| 184 { "google.chain.pem", X509Certificate::FORMAT_PEM, true }, |
| 185 |
| 186 { "google.binary.p7b", X509Certificate::FORMAT_PKCS7, true }, |
| 187 { "google.pem_cert.p7b", X509Certificate::FORMAT_PKCS7, true }, |
| 188 { "google.pem_pkcs7.p7b", X509Certificate::FORMAT_PKCS7, true }, |
| 189 |
| 190 { "google.der", X509Certificate::FORMAT_AUTO, false }, |
| 191 { "google.single.pem", X509Certificate::FORMAT_AUTO, false }, |
| 192 { "google.single.pem", X509Certificate::FORMAT_AUTO, false }, |
| 193 { "google.chain.pem", X509Certificate::FORMAT_AUTO, true }, |
| 194 { "google.binary.p7b", X509Certificate::FORMAT_AUTO, true }, |
| 195 { "google.pem_cert.p7b", X509Certificate::FORMAT_AUTO, true }, |
| 196 { "google.pem_pkcs7.p7b", X509Certificate::FORMAT_AUTO, true } |
| 197 }; |
| 198 |
| 199 } // namespace |
| 200 |
| 201 TEST(X509CertificateTest, GoogleCertParsing) { |
| 202 scoped_refptr<X509Certificate> google_cert = |
| 203 X509Certificate::CreateFromBytes( |
| 204 reinterpret_cast<const char*>(google_der), sizeof(google_der), |
| 205 X509Certificate::FORMAT_DER); |
| 206 |
| 207 CheckGoogleCert(google_cert, google_fingerprint, |
| 208 1238192407, // Mar 27 22:20:07 2009 GMT |
| 209 1269728407, // Mar 27 22:20:07 2010 GMT |
| 210 false); |
| 211 } |
| 212 |
159 TEST(X509CertificateTest, WebkitCertParsing) { | 213 TEST(X509CertificateTest, WebkitCertParsing) { |
160 scoped_refptr<X509Certificate> webkit_cert = X509Certificate::CreateFromBytes( | 214 scoped_refptr<X509Certificate> webkit_cert = X509Certificate::CreateFromBytes( |
161 reinterpret_cast<const char*>(webkit_der), sizeof(webkit_der)); | 215 reinterpret_cast<const char*>(webkit_der), sizeof(webkit_der), |
| 216 X509Certificate::FORMAT_DER); |
162 | 217 |
163 ASSERT_NE(static_cast<X509Certificate*>(NULL), webkit_cert); | 218 ASSERT_NE(static_cast<X509Certificate*>(NULL), webkit_cert); |
164 | 219 |
165 const X509Certificate::Principal& subject = webkit_cert->subject(); | 220 const X509Certificate::Principal& subject = webkit_cert->subject(); |
166 EXPECT_EQ("Cupertino", subject.locality_name); | 221 EXPECT_EQ("Cupertino", subject.locality_name); |
167 EXPECT_EQ("California", subject.state_or_province_name); | 222 EXPECT_EQ("California", subject.state_or_province_name); |
168 EXPECT_EQ("US", subject.country_name); | 223 EXPECT_EQ("US", subject.country_name); |
169 EXPECT_EQ(0U, subject.street_addresses.size()); | 224 EXPECT_EQ(0U, subject.street_addresses.size()); |
170 EXPECT_EQ(1U, subject.organization_names.size()); | 225 EXPECT_EQ(1U, subject.organization_names.size()); |
171 EXPECT_EQ("Apple Inc.", subject.organization_names[0]); | 226 EXPECT_EQ("Apple Inc.", subject.organization_names[0]); |
(...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
207 int flags = X509Certificate::VERIFY_REV_CHECKING_ENABLED | | 262 int flags = X509Certificate::VERIFY_REV_CHECKING_ENABLED | |
208 X509Certificate::VERIFY_EV_CERT; | 263 X509Certificate::VERIFY_EV_CERT; |
209 CertVerifyResult verify_result; | 264 CertVerifyResult verify_result; |
210 EXPECT_EQ(OK, webkit_cert->Verify("webkit.org", flags, &verify_result)); | 265 EXPECT_EQ(OK, webkit_cert->Verify("webkit.org", flags, &verify_result)); |
211 EXPECT_EQ(0, verify_result.cert_status & CERT_STATUS_IS_EV); | 266 EXPECT_EQ(0, verify_result.cert_status & CERT_STATUS_IS_EV); |
212 #endif | 267 #endif |
213 } | 268 } |
214 | 269 |
215 TEST(X509CertificateTest, ThawteCertParsing) { | 270 TEST(X509CertificateTest, ThawteCertParsing) { |
216 scoped_refptr<X509Certificate> thawte_cert = X509Certificate::CreateFromBytes( | 271 scoped_refptr<X509Certificate> thawte_cert = X509Certificate::CreateFromBytes( |
217 reinterpret_cast<const char*>(thawte_der), sizeof(thawte_der)); | 272 reinterpret_cast<const char*>(thawte_der), sizeof(thawte_der), |
| 273 X509Certificate::FORMAT_DER); |
218 | 274 |
219 ASSERT_NE(static_cast<X509Certificate*>(NULL), thawte_cert); | 275 ASSERT_NE(static_cast<X509Certificate*>(NULL), thawte_cert); |
220 | 276 |
221 const X509Certificate::Principal& subject = thawte_cert->subject(); | 277 const X509Certificate::Principal& subject = thawte_cert->subject(); |
222 EXPECT_EQ("www.thawte.com", subject.common_name); | 278 EXPECT_EQ("www.thawte.com", subject.common_name); |
223 EXPECT_EQ("Mountain View", subject.locality_name); | 279 EXPECT_EQ("Mountain View", subject.locality_name); |
224 EXPECT_EQ("California", subject.state_or_province_name); | 280 EXPECT_EQ("California", subject.state_or_province_name); |
225 EXPECT_EQ("US", subject.country_name); | 281 EXPECT_EQ("US", subject.country_name); |
226 EXPECT_EQ(0U, subject.street_addresses.size()); | 282 EXPECT_EQ(0U, subject.street_addresses.size()); |
227 EXPECT_EQ(1U, subject.organization_names.size()); | 283 EXPECT_EQ(1U, subject.organization_names.size()); |
(...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
270 flags = X509Certificate::VERIFY_EV_CERT; | 326 flags = X509Certificate::VERIFY_EV_CERT; |
271 EXPECT_EQ(OK, thawte_cert->Verify("www.thawte.com", flags, &verify_result)); | 327 EXPECT_EQ(OK, thawte_cert->Verify("www.thawte.com", flags, &verify_result)); |
272 EXPECT_EQ(0, verify_result.cert_status & CERT_STATUS_IS_EV); | 328 EXPECT_EQ(0, verify_result.cert_status & CERT_STATUS_IS_EV); |
273 #endif | 329 #endif |
274 } | 330 } |
275 | 331 |
276 TEST(X509CertificateTest, PaypalNullCertParsing) { | 332 TEST(X509CertificateTest, PaypalNullCertParsing) { |
277 scoped_refptr<X509Certificate> paypal_null_cert = | 333 scoped_refptr<X509Certificate> paypal_null_cert = |
278 X509Certificate::CreateFromBytes( | 334 X509Certificate::CreateFromBytes( |
279 reinterpret_cast<const char*>(paypal_null_der), | 335 reinterpret_cast<const char*>(paypal_null_der), |
280 sizeof(paypal_null_der)); | 336 sizeof(paypal_null_der), |
| 337 X509Certificate::FORMAT_DER); |
281 | 338 |
282 ASSERT_NE(static_cast<X509Certificate*>(NULL), paypal_null_cert); | 339 ASSERT_NE(static_cast<X509Certificate*>(NULL), paypal_null_cert); |
283 | 340 |
284 const X509Certificate::Fingerprint& fingerprint = | 341 const X509Certificate::Fingerprint& fingerprint = |
285 paypal_null_cert->fingerprint(); | 342 paypal_null_cert->fingerprint(); |
286 for (size_t i = 0; i < 20; ++i) | 343 for (size_t i = 0; i < 20; ++i) |
287 EXPECT_EQ(paypal_null_fingerprint[i], fingerprint.data[i]); | 344 EXPECT_EQ(paypal_null_fingerprint[i], fingerprint.data[i]); |
288 | 345 |
289 int flags = 0; | 346 int flags = 0; |
290 CertVerifyResult verify_result; | 347 CertVerifyResult verify_result; |
291 int error = paypal_null_cert->Verify("www.paypal.com", flags, | 348 int error = paypal_null_cert->Verify("www.paypal.com", flags, |
292 &verify_result); | 349 &verify_result); |
293 EXPECT_NE(OK, error); | 350 EXPECT_NE(OK, error); |
294 // Either the system crypto library should correctly report a certificate | 351 // Either the system crypto library should correctly report a certificate |
295 // name mismatch, or our certificate blacklist should cause us to report an | 352 // name mismatch, or our certificate blacklist should cause us to report an |
296 // invalid certificate. | 353 // invalid certificate. |
297 #if !defined(OS_MACOSX) | 354 #if !defined(OS_MACOSX) |
298 EXPECT_NE(0, verify_result.cert_status & | 355 EXPECT_NE(0, verify_result.cert_status & |
299 (CERT_STATUS_COMMON_NAME_INVALID | CERT_STATUS_INVALID)); | 356 (CERT_STATUS_COMMON_NAME_INVALID | CERT_STATUS_INVALID)); |
300 #endif | 357 #endif |
301 } | 358 } |
302 | 359 |
303 // A certificate whose AIA extension contains an LDAP URL without a host name. | 360 // A certificate whose AIA extension contains an LDAP URL without a host name. |
304 // This certificate will expire on 2011-09-08. | 361 // This certificate will expire on 2011-09-08. |
305 TEST(X509CertificateTest, UnoSoftCertParsing) { | 362 TEST(X509CertificateTest, UnoSoftCertParsing) { |
306 FilePath certs_dir = GetTestCertsDirectory(); | 363 FilePath certs_dir = GetTestCertsDirectory(); |
307 scoped_refptr<X509Certificate> unosoft_hu_cert = | 364 scoped_refptr<X509Certificate> unosoft_hu_cert = |
308 ImportCertFromFile(certs_dir, "unosoft_hu_cert.der"); | 365 ImportCertFromFile(certs_dir, "unosoft_hu_cert.der", |
| 366 X509Certificate::FORMAT_DER); |
309 | 367 |
310 ASSERT_NE(static_cast<X509Certificate*>(NULL), unosoft_hu_cert); | 368 ASSERT_NE(static_cast<X509Certificate*>(NULL), unosoft_hu_cert); |
311 | 369 |
312 const X509Certificate::Fingerprint& fingerprint = | 370 const X509Certificate::Fingerprint& fingerprint = |
313 unosoft_hu_cert->fingerprint(); | 371 unosoft_hu_cert->fingerprint(); |
314 for (size_t i = 0; i < 20; ++i) | 372 for (size_t i = 0; i < 20; ++i) |
315 EXPECT_EQ(unosoft_hu_fingerprint[i], fingerprint.data[i]); | 373 EXPECT_EQ(unosoft_hu_fingerprint[i], fingerprint.data[i]); |
316 | 374 |
317 int flags = 0; | 375 int flags = 0; |
318 CertVerifyResult verify_result; | 376 CertVerifyResult verify_result; |
319 int error = unosoft_hu_cert->Verify("www.unosoft.hu", flags, | 377 int error = unosoft_hu_cert->Verify("www.unosoft.hu", flags, |
320 &verify_result); | 378 &verify_result); |
321 EXPECT_NE(OK, error); | 379 EXPECT_NE(OK, error); |
322 EXPECT_NE(0, verify_result.cert_status & CERT_STATUS_AUTHORITY_INVALID); | 380 EXPECT_NE(0, verify_result.cert_status & CERT_STATUS_AUTHORITY_INVALID); |
323 } | 381 } |
324 | 382 |
325 #if defined(USE_NSS) | 383 #if defined(USE_NSS) |
326 // A regression test for http://crbug.com/31497. | 384 // A regression test for http://crbug.com/31497. |
327 // This certificate will expire on 2012-04-08. | 385 // This certificate will expire on 2012-04-08. |
328 // TODO(wtc): we can't run this test on Mac because MacTrustedCertificates | 386 // TODO(wtc): we can't run this test on Mac because MacTrustedCertificates |
329 // can hold only one additional trusted root certificate for unit tests. | 387 // can hold only one additional trusted root certificate for unit tests. |
330 // TODO(wtc): we can't run this test on Windows because LoadTemporaryRootCert | 388 // TODO(wtc): we can't run this test on Windows because LoadTemporaryRootCert |
331 // isn't implemented (http//crbug.com/8470). | 389 // isn't implemented (http//crbug.com/8470). |
332 TEST(X509CertificateTest, IntermediateCARequireExplicitPolicy) { | 390 TEST(X509CertificateTest, IntermediateCARequireExplicitPolicy) { |
333 FilePath certs_dir = GetTestCertsDirectory(); | 391 FilePath certs_dir = GetTestCertsDirectory(); |
334 | 392 |
335 scoped_refptr<X509Certificate> server_cert = | 393 scoped_refptr<X509Certificate> server_cert = |
336 ImportCertFromFile(certs_dir, "www_us_army_mil_cert.der"); | 394 ImportCertFromFile(certs_dir, "www_us_army_mil_cert.der", |
| 395 X509Certificate::FORMAT_DER); |
337 ASSERT_NE(static_cast<X509Certificate*>(NULL), server_cert); | 396 ASSERT_NE(static_cast<X509Certificate*>(NULL), server_cert); |
338 | 397 |
339 // The intermediate CA certificate's policyConstraints extension has a | 398 // The intermediate CA certificate's policyConstraints extension has a |
340 // requireExplicitPolicy field with SkipCerts=0. | 399 // requireExplicitPolicy field with SkipCerts=0. |
341 scoped_refptr<X509Certificate> intermediate_cert = | 400 scoped_refptr<X509Certificate> intermediate_cert = |
342 ImportCertFromFile(certs_dir, "dod_ca_17_cert.der"); | 401 ImportCertFromFile(certs_dir, "dod_ca_17_cert.der", |
| 402 X509Certificate::FORMAT_DER); |
343 ASSERT_NE(static_cast<X509Certificate*>(NULL), intermediate_cert); | 403 ASSERT_NE(static_cast<X509Certificate*>(NULL), intermediate_cert); |
344 | 404 |
345 FilePath root_cert_path = certs_dir.AppendASCII("dod_root_ca_2_cert.der"); | 405 FilePath root_cert_path = certs_dir.AppendASCII("dod_root_ca_2_cert.der"); |
346 scoped_refptr<X509Certificate> root_cert = | 406 scoped_refptr<X509Certificate> root_cert = |
347 LoadTemporaryRootCert(root_cert_path); | 407 LoadTemporaryRootCert(root_cert_path); |
348 ASSERT_NE(static_cast<X509Certificate*>(NULL), root_cert); | 408 ASSERT_NE(static_cast<X509Certificate*>(NULL), root_cert); |
349 | 409 |
350 int flags = 0; | 410 int flags = 0; |
351 CertVerifyResult verify_result; | 411 CertVerifyResult verify_result; |
352 int error = server_cert->Verify("www.us.army.mil", flags, &verify_result); | 412 int error = server_cert->Verify("www.us.army.mil", flags, &verify_result); |
(...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
407 reinterpret_cast<const char*>(google_der), sizeof(google_der)); | 467 reinterpret_cast<const char*>(google_der), sizeof(google_der)); |
408 scoped_refptr<X509Certificate> cert5 = X509Certificate::CreateFromHandle( | 468 scoped_refptr<X509Certificate> cert5 = X509Certificate::CreateFromHandle( |
409 google_cert_handle, X509Certificate::SOURCE_FROM_NETWORK, | 469 google_cert_handle, X509Certificate::SOURCE_FROM_NETWORK, |
410 X509Certificate::OSCertHandles()); | 470 X509Certificate::OSCertHandles()); |
411 | 471 |
412 EXPECT_EQ(cert3, cert5); | 472 EXPECT_EQ(cert3, cert5); |
413 } | 473 } |
414 | 474 |
415 TEST(X509CertificateTest, Pickle) { | 475 TEST(X509CertificateTest, Pickle) { |
416 scoped_refptr<X509Certificate> cert1 = X509Certificate::CreateFromBytes( | 476 scoped_refptr<X509Certificate> cert1 = X509Certificate::CreateFromBytes( |
417 reinterpret_cast<const char*>(google_der), sizeof(google_der)); | 477 reinterpret_cast<const char*>(google_der), sizeof(google_der), |
| 478 X509Certificate::FORMAT_DER); |
418 | 479 |
419 Pickle pickle; | 480 Pickle pickle; |
420 cert1->Persist(&pickle); | 481 cert1->Persist(&pickle); |
421 | 482 |
422 void* iter = NULL; | 483 void* iter = NULL; |
423 scoped_refptr<X509Certificate> cert2 = | 484 scoped_refptr<X509Certificate> cert2 = |
424 X509Certificate::CreateFromPickle(pickle, &iter); | 485 X509Certificate::CreateFromPickle(pickle, &iter); |
425 | 486 |
426 EXPECT_EQ(cert1, cert2); | 487 EXPECT_EQ(cert1, cert2); |
427 } | 488 } |
428 | 489 |
429 TEST(X509CertificateTest, Policy) { | 490 TEST(X509CertificateTest, Policy) { |
430 scoped_refptr<X509Certificate> google_cert = X509Certificate::CreateFromBytes( | 491 scoped_refptr<X509Certificate> google_cert = X509Certificate::CreateFromBytes( |
431 reinterpret_cast<const char*>(google_der), sizeof(google_der)); | 492 reinterpret_cast<const char*>(google_der), sizeof(google_der), |
| 493 X509Certificate::FORMAT_DER); |
432 | 494 |
433 scoped_refptr<X509Certificate> webkit_cert = X509Certificate::CreateFromBytes( | 495 scoped_refptr<X509Certificate> webkit_cert = X509Certificate::CreateFromBytes( |
434 reinterpret_cast<const char*>(webkit_der), sizeof(webkit_der)); | 496 reinterpret_cast<const char*>(webkit_der), sizeof(webkit_der), |
| 497 X509Certificate::FORMAT_DER); |
435 | 498 |
436 X509Certificate::Policy policy; | 499 X509Certificate::Policy policy; |
437 | 500 |
438 EXPECT_EQ(policy.Check(google_cert.get()), X509Certificate::Policy::UNKNOWN); | 501 EXPECT_EQ(policy.Check(google_cert.get()), X509Certificate::Policy::UNKNOWN); |
439 EXPECT_EQ(policy.Check(webkit_cert.get()), X509Certificate::Policy::UNKNOWN); | 502 EXPECT_EQ(policy.Check(webkit_cert.get()), X509Certificate::Policy::UNKNOWN); |
440 EXPECT_FALSE(policy.HasAllowedCert()); | 503 EXPECT_FALSE(policy.HasAllowedCert()); |
441 EXPECT_FALSE(policy.HasDeniedCert()); | 504 EXPECT_FALSE(policy.HasDeniedCert()); |
442 | 505 |
443 policy.Allow(google_cert.get()); | 506 policy.Allow(google_cert.get()); |
444 | 507 |
(...skipping 10 matching lines...) Expand all Loading... |
455 EXPECT_TRUE(policy.HasDeniedCert()); | 518 EXPECT_TRUE(policy.HasDeniedCert()); |
456 | 519 |
457 policy.Allow(webkit_cert.get()); | 520 policy.Allow(webkit_cert.get()); |
458 | 521 |
459 EXPECT_EQ(policy.Check(google_cert.get()), X509Certificate::Policy::DENIED); | 522 EXPECT_EQ(policy.Check(google_cert.get()), X509Certificate::Policy::DENIED); |
460 EXPECT_EQ(policy.Check(webkit_cert.get()), X509Certificate::Policy::ALLOWED); | 523 EXPECT_EQ(policy.Check(webkit_cert.get()), X509Certificate::Policy::ALLOWED); |
461 EXPECT_TRUE(policy.HasAllowedCert()); | 524 EXPECT_TRUE(policy.HasAllowedCert()); |
462 EXPECT_TRUE(policy.HasDeniedCert()); | 525 EXPECT_TRUE(policy.HasDeniedCert()); |
463 } | 526 } |
464 | 527 |
465 #if defined(OS_MACOSX) || defined(OS_WIN) | |
466 TEST(X509CertificateTest, IntermediateCertificates) { | 528 TEST(X509CertificateTest, IntermediateCertificates) { |
467 X509Certificate::OSCertHandle handle1, handle2, handle3, handle4; | 529 X509Certificate::OSCertHandle handle1, handle2, handle3, handle4; |
468 | 530 |
469 // Create object with no intermediates: | 531 // Create object with no intermediates: |
470 handle1 = X509Certificate::CreateOSCertHandleFromBytes( | 532 handle1 = X509Certificate::CreateOSCertHandleFromBytes( |
471 reinterpret_cast<const char*>(google_der), sizeof(google_der)); | 533 reinterpret_cast<const char*>(google_der), sizeof(google_der)); |
472 X509Certificate::OSCertHandles intermediates1; | 534 X509Certificate::OSCertHandles intermediates1; |
473 scoped_refptr<X509Certificate> cert1; | 535 scoped_refptr<X509Certificate> cert1; |
474 cert1 = X509Certificate::CreateFromHandle(handle1, | 536 cert1 = X509Certificate::CreateFromHandle(handle1, |
475 X509Certificate::SOURCE_FROM_NETWORK, | 537 X509Certificate::SOURCE_FROM_NETWORK, |
(...skipping 20 matching lines...) Expand all Loading... |
496 // The cache should have stored cert2 'cause it has more intermediates: | 558 // The cache should have stored cert2 'cause it has more intermediates: |
497 EXPECT_NE(cert1, cert2); | 559 EXPECT_NE(cert1, cert2); |
498 | 560 |
499 // Verify it has all the intermediates: | 561 // Verify it has all the intermediates: |
500 EXPECT_TRUE(cert2->HasIntermediateCertificate(handle2)); | 562 EXPECT_TRUE(cert2->HasIntermediateCertificate(handle2)); |
501 EXPECT_TRUE(cert2->HasIntermediateCertificate(handle3)); | 563 EXPECT_TRUE(cert2->HasIntermediateCertificate(handle3)); |
502 handle4 = X509Certificate::CreateOSCertHandleFromBytes( | 564 handle4 = X509Certificate::CreateOSCertHandleFromBytes( |
503 reinterpret_cast<const char*>(paypal_null_der), sizeof(paypal_null_der)); | 565 reinterpret_cast<const char*>(paypal_null_der), sizeof(paypal_null_der)); |
504 EXPECT_FALSE(cert2->HasIntermediateCertificate(handle4)); | 566 EXPECT_FALSE(cert2->HasIntermediateCertificate(handle4)); |
505 | 567 |
| 568 X509Certificate::FreeOSCertHandle(handle2); |
| 569 X509Certificate::FreeOSCertHandle(handle3); |
| 570 X509Certificate::FreeOSCertHandle(handle4); |
| 571 |
506 // Create object with 1 intermediate: | 572 // Create object with 1 intermediate: |
507 handle3 = X509Certificate::CreateOSCertHandleFromBytes( | 573 handle3 = X509Certificate::CreateOSCertHandleFromBytes( |
508 reinterpret_cast<const char*>(thawte_der), sizeof(thawte_der)); | 574 reinterpret_cast<const char*>(thawte_der), sizeof(thawte_der)); |
509 X509Certificate::OSCertHandles intermediates3; | 575 X509Certificate::OSCertHandles intermediates3; |
510 intermediates2.push_back(handle3); | 576 intermediates2.push_back(handle3); |
511 scoped_refptr<X509Certificate> cert3; | 577 scoped_refptr<X509Certificate> cert3; |
512 cert3 = X509Certificate::CreateFromHandle( | 578 cert3 = X509Certificate::CreateFromHandle( |
513 X509Certificate::DupOSCertHandle(handle1), | 579 X509Certificate::DupOSCertHandle(handle1), |
514 X509Certificate::SOURCE_FROM_NETWORK, | 580 X509Certificate::SOURCE_FROM_NETWORK, |
515 intermediates3); | 581 intermediates3); |
516 | 582 |
| 583 X509Certificate::FreeOSCertHandle(handle1); |
| 584 X509Certificate::FreeOSCertHandle(handle3); |
| 585 |
517 // The cache should have returned cert2 'cause it has more intermediates: | 586 // The cache should have returned cert2 'cause it has more intermediates: |
518 EXPECT_EQ(cert3, cert2); | 587 EXPECT_EQ(cert3, cert2); |
519 } | 588 } |
520 #endif | 589 |
| 590 class X509CertificateParseTest : |
| 591 public testing::TestWithParam<CertificateFormatTestData> { |
| 592 public: |
| 593 virtual ~X509CertificateParseTest() { } |
| 594 virtual void SetUp() { |
| 595 test_data_ = GetParam(); |
| 596 } |
| 597 virtual void TearDown() { } |
| 598 |
| 599 protected: |
| 600 CertificateFormatTestData test_data_; |
| 601 }; |
| 602 |
| 603 TEST_P(X509CertificateParseTest, CanParseFormat) { |
| 604 FilePath certs_dir = GetTestCertsDirectory(); |
| 605 scoped_refptr<X509Certificate> google_cert = |
| 606 ImportCertFromFile(certs_dir, test_data_.file_name, test_data_.format); |
| 607 CheckGoogleCert(google_cert, google_parse_fingerprint, |
| 608 kGoogleParseValidFrom, kGoogleParseValidTo, |
| 609 test_data_.should_test_chain); |
| 610 } |
| 611 |
| 612 INSTANTIATE_TEST_CASE_P(, X509CertificateParseTest, |
| 613 testing::ValuesIn(FormatTestData)); |
521 | 614 |
522 } // namespace net | 615 } // namespace net |
OLD | NEW |