Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(344)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/base/x509_certificate_unittest.cc

Issue 2668005: Bring the handling of <keygen> and support for the application/x-x509-user-ce... (Closed) Base URL: http://src.chromium.org/svn/trunk/src/
Patch Set: Whitespace/style Created 10 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/base/x509_certificate_nss.cc ('k') | net/base/x509_certificate_win.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "base/file_path.h" 5 #include "base/file_path.h"
6 #include "base/file_util.h" 6 #include "base/file_util.h"
7 #include "base/path_service.h" 7 #include "base/path_service.h"
8 #include "base/pickle.h" 8 #include "base/pickle.h"
9 #include "net/base/cert_status_flags.h" 9 #include "net/base/cert_status_flags.h"
10 #include "net/base/cert_test_util.h" 10 #include "net/base/cert_test_util.h"
(...skipping 73 matching lines...) Expand 10 before | Expand all | Expand 10 after
84 certs_dir = certs_dir.AppendASCII("net"); 84 certs_dir = certs_dir.AppendASCII("net");
85 certs_dir = certs_dir.AppendASCII("data"); 85 certs_dir = certs_dir.AppendASCII("data");
86 certs_dir = certs_dir.AppendASCII("ssl"); 86 certs_dir = certs_dir.AppendASCII("ssl");
87 certs_dir = certs_dir.AppendASCII("certificates"); 87 certs_dir = certs_dir.AppendASCII("certificates");
88 return certs_dir; 88 return certs_dir;
89 } 89 }
90 90
91 // Imports a certificate file in the src/net/data/ssl/certificates directory. 91 // Imports a certificate file in the src/net/data/ssl/certificates directory.
92 // certs_dir represents the test certificates directory. cert_file is the 92 // certs_dir represents the test certificates directory. cert_file is the
93 // name of the certificate file. 93 // name of the certificate file.
94 X509Certificate* ImportCertFromFile(const FilePath& certs_dir, 94 X509Certificate* ImportCertFromFile(
95 const std::string& cert_file) { 95 const FilePath& certs_dir,
96 const std::string& cert_file,
97 X509Certificate::CertificateFormat format) {
96 FilePath cert_path = certs_dir.AppendASCII(cert_file); 98 FilePath cert_path = certs_dir.AppendASCII(cert_file);
97 std::string cert_data; 99 std::string cert_data;
98 if (!file_util::ReadFileToString(cert_path, &cert_data)) 100 if (!file_util::ReadFileToString(cert_path, &cert_data))
99 return NULL; 101 return NULL;
100 return X509Certificate::CreateFromBytes(cert_data.data(), cert_data.size()); 102 return X509Certificate::CreateFromBytes(cert_data.data(), cert_data.size(),
103 format);
101 } 104 }
102 105
103 } // namespace 106 void CheckGoogleCert(const scoped_refptr<X509Certificate>& google_cert,
104 107 unsigned char* expected_fingerprint,
105 TEST(X509CertificateTest, GoogleCertParsing) { 108 double valid_from, double valid_to,
106 scoped_refptr<X509Certificate> google_cert = X509Certificate::CreateFromBytes( 109 bool check_chain) {
107 reinterpret_cast<const char*>(google_der), sizeof(google_der));
108
109 ASSERT_NE(static_cast<X509Certificate*>(NULL), google_cert); 110 ASSERT_NE(static_cast<X509Certificate*>(NULL), google_cert);
110 111
111 const X509Certificate::Principal& subject = google_cert->subject(); 112 const X509Certificate::Principal& subject = google_cert->subject();
112 EXPECT_EQ("www.google.com", subject.common_name); 113 EXPECT_EQ("www.google.com", subject.common_name);
113 EXPECT_EQ("Mountain View", subject.locality_name); 114 EXPECT_EQ("Mountain View", subject.locality_name);
114 EXPECT_EQ("California", subject.state_or_province_name); 115 EXPECT_EQ("California", subject.state_or_province_name);
115 EXPECT_EQ("US", subject.country_name); 116 EXPECT_EQ("US", subject.country_name);
116 EXPECT_EQ(0U, subject.street_addresses.size()); 117 EXPECT_EQ(0U, subject.street_addresses.size());
117 EXPECT_EQ(1U, subject.organization_names.size()); 118 EXPECT_EQ(1U, subject.organization_names.size());
118 EXPECT_EQ("Google Inc", subject.organization_names[0]); 119 EXPECT_EQ("Google Inc", subject.organization_names[0]);
119 EXPECT_EQ(0U, subject.organization_unit_names.size()); 120 EXPECT_EQ(0U, subject.organization_unit_names.size());
120 EXPECT_EQ(0U, subject.domain_components.size()); 121 EXPECT_EQ(0U, subject.domain_components.size());
121 122
122 const X509Certificate::Principal& issuer = google_cert->issuer(); 123 const X509Certificate::Principal& issuer = google_cert->issuer();
123 EXPECT_EQ("Thawte SGC CA", issuer.common_name); 124 EXPECT_EQ("Thawte SGC CA", issuer.common_name);
124 EXPECT_EQ("", issuer.locality_name); 125 EXPECT_EQ("", issuer.locality_name);
125 EXPECT_EQ("", issuer.state_or_province_name); 126 EXPECT_EQ("", issuer.state_or_province_name);
126 EXPECT_EQ("ZA", issuer.country_name); 127 EXPECT_EQ("ZA", issuer.country_name);
127 EXPECT_EQ(0U, issuer.street_addresses.size()); 128 EXPECT_EQ(0U, issuer.street_addresses.size());
128 EXPECT_EQ(1U, issuer.organization_names.size()); 129 EXPECT_EQ(1U, issuer.organization_names.size());
129 EXPECT_EQ("Thawte Consulting (Pty) Ltd.", issuer.organization_names[0]); 130 EXPECT_EQ("Thawte Consulting (Pty) Ltd.", issuer.organization_names[0]);
130 EXPECT_EQ(0U, issuer.organization_unit_names.size()); 131 EXPECT_EQ(0U, issuer.organization_unit_names.size());
131 EXPECT_EQ(0U, issuer.domain_components.size()); 132 EXPECT_EQ(0U, issuer.domain_components.size());
132 133
133 // Use DoubleT because its epoch is the same on all platforms 134 // Use DoubleT because its epoch is the same on all platforms
134 const Time& valid_start = google_cert->valid_start(); 135 const Time& valid_start = google_cert->valid_start();
135 EXPECT_EQ(1238192407, valid_start.ToDoubleT()); // Mar 27 22:20:07 2009 GMT 136 EXPECT_EQ(valid_from, valid_start.ToDoubleT());
136 137
137 const Time& valid_expiry = google_cert->valid_expiry(); 138 const Time& valid_expiry = google_cert->valid_expiry();
138 EXPECT_EQ(1269728407, valid_expiry.ToDoubleT()); // Mar 27 22:20:07 2010 GMT 139 EXPECT_EQ(valid_to, valid_expiry.ToDoubleT());
139 140
140 const X509Certificate::Fingerprint& fingerprint = google_cert->fingerprint(); 141 const X509Certificate::Fingerprint& fingerprint = google_cert->fingerprint();
141 for (size_t i = 0; i < 20; ++i) 142 for (size_t i = 0; i < 20; ++i)
142 EXPECT_EQ(google_fingerprint[i], fingerprint.data[i]); 143 EXPECT_EQ(expected_fingerprint[i], fingerprint.data[i]);
143 144
144 std::vector<std::string> dns_names; 145 std::vector<std::string> dns_names;
145 google_cert->GetDNSNames(&dns_names); 146 google_cert->GetDNSNames(&dns_names);
146 EXPECT_EQ(1U, dns_names.size()); 147 EXPECT_EQ(1U, dns_names.size());
147 EXPECT_EQ("www.google.com", dns_names[0]); 148 EXPECT_EQ("www.google.com", dns_names[0]);
148 149
149 #if TEST_EV 150 #if TEST_EV
150 // TODO(avi): turn this on for the Mac once EV checking is implemented. 151 // TODO(avi): turn this on for the Mac once EV checking is implemented.
151 CertVerifyResult verify_result; 152 CertVerifyResult verify_result;
152 int flags = X509Certificate::VERIFY_REV_CHECKING_ENABLED | 153 int flags = X509Certificate::VERIFY_REV_CHECKING_ENABLED |
153 X509Certificate::VERIFY_EV_CERT; 154 X509Certificate::VERIFY_EV_CERT;
154 EXPECT_EQ(OK, google_cert->Verify("www.google.com", flags, &verify_result)); 155 EXPECT_EQ(OK, google_cert->Verify("www.google.com", flags, &verify_result));
155 EXPECT_EQ(0, verify_result.cert_status & CERT_STATUS_IS_EV); 156 EXPECT_EQ(0, verify_result.cert_status & CERT_STATUS_IS_EV);
156 #endif 157 #endif
157 } 158 }
158 159
160 // The fingerprint for the parse tests is different than the fingerprint
161 // included in test_certificate_data.h, as the parse test certificate is more
162 // recent.
163 unsigned char google_parse_fingerprint[] = {
164 0x40, 0x50, 0x62, 0xe5, 0xbe, 0xfd, 0xe4, 0xaf, 0x97, 0xe9, 0x38, 0x2a,
165 0xf1, 0x6c, 0xc8, 0x7c, 0x8f, 0xb7, 0xc4, 0xe2
166 };
167
168 // Dec 18 00:00:00 2009 GMT
169 const double kGoogleParseValidFrom = 1261094400;
170 // Dec 18 23:59:59 2011 GMT
171 const double kGoogleParseValidTo = 1324252799;
172
173 struct CertificateFormatTestData {
174 const char* file_name;
175 X509Certificate::CertificateFormat format;
176 bool should_test_chain;
177 };
178
179 const CertificateFormatTestData FormatTestData[] = {
180 { "google.der", X509Certificate::FORMAT_DER, false },
181 { "google.single.pem", X509Certificate::FORMAT_DER, false },
182
183 { "google.single.pem", X509Certificate::FORMAT_PEM, false },
184 { "google.chain.pem", X509Certificate::FORMAT_PEM, true },
185
186 { "google.binary.p7b", X509Certificate::FORMAT_PKCS7, true },
187 { "google.pem_cert.p7b", X509Certificate::FORMAT_PKCS7, true },
188 { "google.pem_pkcs7.p7b", X509Certificate::FORMAT_PKCS7, true },
189
190 { "google.der", X509Certificate::FORMAT_AUTO, false },
191 { "google.single.pem", X509Certificate::FORMAT_AUTO, false },
192 { "google.single.pem", X509Certificate::FORMAT_AUTO, false },
193 { "google.chain.pem", X509Certificate::FORMAT_AUTO, true },
194 { "google.binary.p7b", X509Certificate::FORMAT_AUTO, true },
195 { "google.pem_cert.p7b", X509Certificate::FORMAT_AUTO, true },
196 { "google.pem_pkcs7.p7b", X509Certificate::FORMAT_AUTO, true }
197 };
198
199 } // namespace
200
201 TEST(X509CertificateTest, GoogleCertParsing) {
202 scoped_refptr<X509Certificate> google_cert =
203 X509Certificate::CreateFromBytes(
204 reinterpret_cast<const char*>(google_der), sizeof(google_der),
205 X509Certificate::FORMAT_DER);
206
207 CheckGoogleCert(google_cert, google_fingerprint,
208 1238192407, // Mar 27 22:20:07 2009 GMT
209 1269728407, // Mar 27 22:20:07 2010 GMT
210 false);
211 }
212
159 TEST(X509CertificateTest, WebkitCertParsing) { 213 TEST(X509CertificateTest, WebkitCertParsing) {
160 scoped_refptr<X509Certificate> webkit_cert = X509Certificate::CreateFromBytes( 214 scoped_refptr<X509Certificate> webkit_cert = X509Certificate::CreateFromBytes(
161 reinterpret_cast<const char*>(webkit_der), sizeof(webkit_der)); 215 reinterpret_cast<const char*>(webkit_der), sizeof(webkit_der),
216 X509Certificate::FORMAT_DER);
162 217
163 ASSERT_NE(static_cast<X509Certificate*>(NULL), webkit_cert); 218 ASSERT_NE(static_cast<X509Certificate*>(NULL), webkit_cert);
164 219
165 const X509Certificate::Principal& subject = webkit_cert->subject(); 220 const X509Certificate::Principal& subject = webkit_cert->subject();
166 EXPECT_EQ("Cupertino", subject.locality_name); 221 EXPECT_EQ("Cupertino", subject.locality_name);
167 EXPECT_EQ("California", subject.state_or_province_name); 222 EXPECT_EQ("California", subject.state_or_province_name);
168 EXPECT_EQ("US", subject.country_name); 223 EXPECT_EQ("US", subject.country_name);
169 EXPECT_EQ(0U, subject.street_addresses.size()); 224 EXPECT_EQ(0U, subject.street_addresses.size());
170 EXPECT_EQ(1U, subject.organization_names.size()); 225 EXPECT_EQ(1U, subject.organization_names.size());
171 EXPECT_EQ("Apple Inc.", subject.organization_names[0]); 226 EXPECT_EQ("Apple Inc.", subject.organization_names[0]);
(...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after
207 int flags = X509Certificate::VERIFY_REV_CHECKING_ENABLED | 262 int flags = X509Certificate::VERIFY_REV_CHECKING_ENABLED |
208 X509Certificate::VERIFY_EV_CERT; 263 X509Certificate::VERIFY_EV_CERT;
209 CertVerifyResult verify_result; 264 CertVerifyResult verify_result;
210 EXPECT_EQ(OK, webkit_cert->Verify("webkit.org", flags, &verify_result)); 265 EXPECT_EQ(OK, webkit_cert->Verify("webkit.org", flags, &verify_result));
211 EXPECT_EQ(0, verify_result.cert_status & CERT_STATUS_IS_EV); 266 EXPECT_EQ(0, verify_result.cert_status & CERT_STATUS_IS_EV);
212 #endif 267 #endif
213 } 268 }
214 269
215 TEST(X509CertificateTest, ThawteCertParsing) { 270 TEST(X509CertificateTest, ThawteCertParsing) {
216 scoped_refptr<X509Certificate> thawte_cert = X509Certificate::CreateFromBytes( 271 scoped_refptr<X509Certificate> thawte_cert = X509Certificate::CreateFromBytes(
217 reinterpret_cast<const char*>(thawte_der), sizeof(thawte_der)); 272 reinterpret_cast<const char*>(thawte_der), sizeof(thawte_der),
273 X509Certificate::FORMAT_DER);
218 274
219 ASSERT_NE(static_cast<X509Certificate*>(NULL), thawte_cert); 275 ASSERT_NE(static_cast<X509Certificate*>(NULL), thawte_cert);
220 276
221 const X509Certificate::Principal& subject = thawte_cert->subject(); 277 const X509Certificate::Principal& subject = thawte_cert->subject();
222 EXPECT_EQ("www.thawte.com", subject.common_name); 278 EXPECT_EQ("www.thawte.com", subject.common_name);
223 EXPECT_EQ("Mountain View", subject.locality_name); 279 EXPECT_EQ("Mountain View", subject.locality_name);
224 EXPECT_EQ("California", subject.state_or_province_name); 280 EXPECT_EQ("California", subject.state_or_province_name);
225 EXPECT_EQ("US", subject.country_name); 281 EXPECT_EQ("US", subject.country_name);
226 EXPECT_EQ(0U, subject.street_addresses.size()); 282 EXPECT_EQ(0U, subject.street_addresses.size());
227 EXPECT_EQ(1U, subject.organization_names.size()); 283 EXPECT_EQ(1U, subject.organization_names.size());
(...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after
270 flags = X509Certificate::VERIFY_EV_CERT; 326 flags = X509Certificate::VERIFY_EV_CERT;
271 EXPECT_EQ(OK, thawte_cert->Verify("www.thawte.com", flags, &verify_result)); 327 EXPECT_EQ(OK, thawte_cert->Verify("www.thawte.com", flags, &verify_result));
272 EXPECT_EQ(0, verify_result.cert_status & CERT_STATUS_IS_EV); 328 EXPECT_EQ(0, verify_result.cert_status & CERT_STATUS_IS_EV);
273 #endif 329 #endif
274 } 330 }
275 331
276 TEST(X509CertificateTest, PaypalNullCertParsing) { 332 TEST(X509CertificateTest, PaypalNullCertParsing) {
277 scoped_refptr<X509Certificate> paypal_null_cert = 333 scoped_refptr<X509Certificate> paypal_null_cert =
278 X509Certificate::CreateFromBytes( 334 X509Certificate::CreateFromBytes(
279 reinterpret_cast<const char*>(paypal_null_der), 335 reinterpret_cast<const char*>(paypal_null_der),
280 sizeof(paypal_null_der)); 336 sizeof(paypal_null_der),
337 X509Certificate::FORMAT_DER);
281 338
282 ASSERT_NE(static_cast<X509Certificate*>(NULL), paypal_null_cert); 339 ASSERT_NE(static_cast<X509Certificate*>(NULL), paypal_null_cert);
283 340
284 const X509Certificate::Fingerprint& fingerprint = 341 const X509Certificate::Fingerprint& fingerprint =
285 paypal_null_cert->fingerprint(); 342 paypal_null_cert->fingerprint();
286 for (size_t i = 0; i < 20; ++i) 343 for (size_t i = 0; i < 20; ++i)
287 EXPECT_EQ(paypal_null_fingerprint[i], fingerprint.data[i]); 344 EXPECT_EQ(paypal_null_fingerprint[i], fingerprint.data[i]);
288 345
289 int flags = 0; 346 int flags = 0;
290 CertVerifyResult verify_result; 347 CertVerifyResult verify_result;
291 int error = paypal_null_cert->Verify("www.paypal.com", flags, 348 int error = paypal_null_cert->Verify("www.paypal.com", flags,
292 &verify_result); 349 &verify_result);
293 EXPECT_NE(OK, error); 350 EXPECT_NE(OK, error);
294 // Either the system crypto library should correctly report a certificate 351 // Either the system crypto library should correctly report a certificate
295 // name mismatch, or our certificate blacklist should cause us to report an 352 // name mismatch, or our certificate blacklist should cause us to report an
296 // invalid certificate. 353 // invalid certificate.
297 #if !defined(OS_MACOSX) 354 #if !defined(OS_MACOSX)
298 EXPECT_NE(0, verify_result.cert_status & 355 EXPECT_NE(0, verify_result.cert_status &
299 (CERT_STATUS_COMMON_NAME_INVALID | CERT_STATUS_INVALID)); 356 (CERT_STATUS_COMMON_NAME_INVALID | CERT_STATUS_INVALID));
300 #endif 357 #endif
301 } 358 }
302 359
303 // A certificate whose AIA extension contains an LDAP URL without a host name. 360 // A certificate whose AIA extension contains an LDAP URL without a host name.
304 // This certificate will expire on 2011-09-08. 361 // This certificate will expire on 2011-09-08.
305 TEST(X509CertificateTest, UnoSoftCertParsing) { 362 TEST(X509CertificateTest, UnoSoftCertParsing) {
306 FilePath certs_dir = GetTestCertsDirectory(); 363 FilePath certs_dir = GetTestCertsDirectory();
307 scoped_refptr<X509Certificate> unosoft_hu_cert = 364 scoped_refptr<X509Certificate> unosoft_hu_cert =
308 ImportCertFromFile(certs_dir, "unosoft_hu_cert.der"); 365 ImportCertFromFile(certs_dir, "unosoft_hu_cert.der",
366 X509Certificate::FORMAT_DER);
309 367
310 ASSERT_NE(static_cast<X509Certificate*>(NULL), unosoft_hu_cert); 368 ASSERT_NE(static_cast<X509Certificate*>(NULL), unosoft_hu_cert);
311 369
312 const X509Certificate::Fingerprint& fingerprint = 370 const X509Certificate::Fingerprint& fingerprint =
313 unosoft_hu_cert->fingerprint(); 371 unosoft_hu_cert->fingerprint();
314 for (size_t i = 0; i < 20; ++i) 372 for (size_t i = 0; i < 20; ++i)
315 EXPECT_EQ(unosoft_hu_fingerprint[i], fingerprint.data[i]); 373 EXPECT_EQ(unosoft_hu_fingerprint[i], fingerprint.data[i]);
316 374
317 int flags = 0; 375 int flags = 0;
318 CertVerifyResult verify_result; 376 CertVerifyResult verify_result;
319 int error = unosoft_hu_cert->Verify("www.unosoft.hu", flags, 377 int error = unosoft_hu_cert->Verify("www.unosoft.hu", flags,
320 &verify_result); 378 &verify_result);
321 EXPECT_NE(OK, error); 379 EXPECT_NE(OK, error);
322 EXPECT_NE(0, verify_result.cert_status & CERT_STATUS_AUTHORITY_INVALID); 380 EXPECT_NE(0, verify_result.cert_status & CERT_STATUS_AUTHORITY_INVALID);
323 } 381 }
324 382
325 #if defined(USE_NSS) 383 #if defined(USE_NSS)
326 // A regression test for http://crbug.com/31497. 384 // A regression test for http://crbug.com/31497.
327 // This certificate will expire on 2012-04-08. 385 // This certificate will expire on 2012-04-08.
328 // TODO(wtc): we can't run this test on Mac because MacTrustedCertificates 386 // TODO(wtc): we can't run this test on Mac because MacTrustedCertificates
329 // can hold only one additional trusted root certificate for unit tests. 387 // can hold only one additional trusted root certificate for unit tests.
330 // TODO(wtc): we can't run this test on Windows because LoadTemporaryRootCert 388 // TODO(wtc): we can't run this test on Windows because LoadTemporaryRootCert
331 // isn't implemented (http//crbug.com/8470). 389 // isn't implemented (http//crbug.com/8470).
332 TEST(X509CertificateTest, IntermediateCARequireExplicitPolicy) { 390 TEST(X509CertificateTest, IntermediateCARequireExplicitPolicy) {
333 FilePath certs_dir = GetTestCertsDirectory(); 391 FilePath certs_dir = GetTestCertsDirectory();
334 392
335 scoped_refptr<X509Certificate> server_cert = 393 scoped_refptr<X509Certificate> server_cert =
336 ImportCertFromFile(certs_dir, "www_us_army_mil_cert.der"); 394 ImportCertFromFile(certs_dir, "www_us_army_mil_cert.der",
395 X509Certificate::FORMAT_DER);
337 ASSERT_NE(static_cast<X509Certificate*>(NULL), server_cert); 396 ASSERT_NE(static_cast<X509Certificate*>(NULL), server_cert);
338 397
339 // The intermediate CA certificate's policyConstraints extension has a 398 // The intermediate CA certificate's policyConstraints extension has a
340 // requireExplicitPolicy field with SkipCerts=0. 399 // requireExplicitPolicy field with SkipCerts=0.
341 scoped_refptr<X509Certificate> intermediate_cert = 400 scoped_refptr<X509Certificate> intermediate_cert =
342 ImportCertFromFile(certs_dir, "dod_ca_17_cert.der"); 401 ImportCertFromFile(certs_dir, "dod_ca_17_cert.der",
402 X509Certificate::FORMAT_DER);
343 ASSERT_NE(static_cast<X509Certificate*>(NULL), intermediate_cert); 403 ASSERT_NE(static_cast<X509Certificate*>(NULL), intermediate_cert);
344 404
345 FilePath root_cert_path = certs_dir.AppendASCII("dod_root_ca_2_cert.der"); 405 FilePath root_cert_path = certs_dir.AppendASCII("dod_root_ca_2_cert.der");
346 scoped_refptr<X509Certificate> root_cert = 406 scoped_refptr<X509Certificate> root_cert =
347 LoadTemporaryRootCert(root_cert_path); 407 LoadTemporaryRootCert(root_cert_path);
348 ASSERT_NE(static_cast<X509Certificate*>(NULL), root_cert); 408 ASSERT_NE(static_cast<X509Certificate*>(NULL), root_cert);
349 409
350 int flags = 0; 410 int flags = 0;
351 CertVerifyResult verify_result; 411 CertVerifyResult verify_result;
352 int error = server_cert->Verify("www.us.army.mil", flags, &verify_result); 412 int error = server_cert->Verify("www.us.army.mil", flags, &verify_result);
(...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after
407 reinterpret_cast<const char*>(google_der), sizeof(google_der)); 467 reinterpret_cast<const char*>(google_der), sizeof(google_der));
408 scoped_refptr<X509Certificate> cert5 = X509Certificate::CreateFromHandle( 468 scoped_refptr<X509Certificate> cert5 = X509Certificate::CreateFromHandle(
409 google_cert_handle, X509Certificate::SOURCE_FROM_NETWORK, 469 google_cert_handle, X509Certificate::SOURCE_FROM_NETWORK,
410 X509Certificate::OSCertHandles()); 470 X509Certificate::OSCertHandles());
411 471
412 EXPECT_EQ(cert3, cert5); 472 EXPECT_EQ(cert3, cert5);
413 } 473 }
414 474
415 TEST(X509CertificateTest, Pickle) { 475 TEST(X509CertificateTest, Pickle) {
416 scoped_refptr<X509Certificate> cert1 = X509Certificate::CreateFromBytes( 476 scoped_refptr<X509Certificate> cert1 = X509Certificate::CreateFromBytes(
417 reinterpret_cast<const char*>(google_der), sizeof(google_der)); 477 reinterpret_cast<const char*>(google_der), sizeof(google_der),
478 X509Certificate::FORMAT_DER);
418 479
419 Pickle pickle; 480 Pickle pickle;
420 cert1->Persist(&pickle); 481 cert1->Persist(&pickle);
421 482
422 void* iter = NULL; 483 void* iter = NULL;
423 scoped_refptr<X509Certificate> cert2 = 484 scoped_refptr<X509Certificate> cert2 =
424 X509Certificate::CreateFromPickle(pickle, &iter); 485 X509Certificate::CreateFromPickle(pickle, &iter);
425 486
426 EXPECT_EQ(cert1, cert2); 487 EXPECT_EQ(cert1, cert2);
427 } 488 }
428 489
429 TEST(X509CertificateTest, Policy) { 490 TEST(X509CertificateTest, Policy) {
430 scoped_refptr<X509Certificate> google_cert = X509Certificate::CreateFromBytes( 491 scoped_refptr<X509Certificate> google_cert = X509Certificate::CreateFromBytes(
431 reinterpret_cast<const char*>(google_der), sizeof(google_der)); 492 reinterpret_cast<const char*>(google_der), sizeof(google_der),
493 X509Certificate::FORMAT_DER);
432 494
433 scoped_refptr<X509Certificate> webkit_cert = X509Certificate::CreateFromBytes( 495 scoped_refptr<X509Certificate> webkit_cert = X509Certificate::CreateFromBytes(
434 reinterpret_cast<const char*>(webkit_der), sizeof(webkit_der)); 496 reinterpret_cast<const char*>(webkit_der), sizeof(webkit_der),
497 X509Certificate::FORMAT_DER);
435 498
436 X509Certificate::Policy policy; 499 X509Certificate::Policy policy;
437 500
438 EXPECT_EQ(policy.Check(google_cert.get()), X509Certificate::Policy::UNKNOWN); 501 EXPECT_EQ(policy.Check(google_cert.get()), X509Certificate::Policy::UNKNOWN);
439 EXPECT_EQ(policy.Check(webkit_cert.get()), X509Certificate::Policy::UNKNOWN); 502 EXPECT_EQ(policy.Check(webkit_cert.get()), X509Certificate::Policy::UNKNOWN);
440 EXPECT_FALSE(policy.HasAllowedCert()); 503 EXPECT_FALSE(policy.HasAllowedCert());
441 EXPECT_FALSE(policy.HasDeniedCert()); 504 EXPECT_FALSE(policy.HasDeniedCert());
442 505
443 policy.Allow(google_cert.get()); 506 policy.Allow(google_cert.get());
444 507
(...skipping 10 matching lines...) Expand all
455 EXPECT_TRUE(policy.HasDeniedCert()); 518 EXPECT_TRUE(policy.HasDeniedCert());
456 519
457 policy.Allow(webkit_cert.get()); 520 policy.Allow(webkit_cert.get());
458 521
459 EXPECT_EQ(policy.Check(google_cert.get()), X509Certificate::Policy::DENIED); 522 EXPECT_EQ(policy.Check(google_cert.get()), X509Certificate::Policy::DENIED);
460 EXPECT_EQ(policy.Check(webkit_cert.get()), X509Certificate::Policy::ALLOWED); 523 EXPECT_EQ(policy.Check(webkit_cert.get()), X509Certificate::Policy::ALLOWED);
461 EXPECT_TRUE(policy.HasAllowedCert()); 524 EXPECT_TRUE(policy.HasAllowedCert());
462 EXPECT_TRUE(policy.HasDeniedCert()); 525 EXPECT_TRUE(policy.HasDeniedCert());
463 } 526 }
464 527
465 #if defined(OS_MACOSX) || defined(OS_WIN)
466 TEST(X509CertificateTest, IntermediateCertificates) { 528 TEST(X509CertificateTest, IntermediateCertificates) {
467 X509Certificate::OSCertHandle handle1, handle2, handle3, handle4; 529 X509Certificate::OSCertHandle handle1, handle2, handle3, handle4;
468 530
469 // Create object with no intermediates: 531 // Create object with no intermediates:
470 handle1 = X509Certificate::CreateOSCertHandleFromBytes( 532 handle1 = X509Certificate::CreateOSCertHandleFromBytes(
471 reinterpret_cast<const char*>(google_der), sizeof(google_der)); 533 reinterpret_cast<const char*>(google_der), sizeof(google_der));
472 X509Certificate::OSCertHandles intermediates1; 534 X509Certificate::OSCertHandles intermediates1;
473 scoped_refptr<X509Certificate> cert1; 535 scoped_refptr<X509Certificate> cert1;
474 cert1 = X509Certificate::CreateFromHandle(handle1, 536 cert1 = X509Certificate::CreateFromHandle(handle1,
475 X509Certificate::SOURCE_FROM_NETWORK, 537 X509Certificate::SOURCE_FROM_NETWORK,
(...skipping 20 matching lines...) Expand all
496 // The cache should have stored cert2 'cause it has more intermediates: 558 // The cache should have stored cert2 'cause it has more intermediates:
497 EXPECT_NE(cert1, cert2); 559 EXPECT_NE(cert1, cert2);
498 560
499 // Verify it has all the intermediates: 561 // Verify it has all the intermediates:
500 EXPECT_TRUE(cert2->HasIntermediateCertificate(handle2)); 562 EXPECT_TRUE(cert2->HasIntermediateCertificate(handle2));
501 EXPECT_TRUE(cert2->HasIntermediateCertificate(handle3)); 563 EXPECT_TRUE(cert2->HasIntermediateCertificate(handle3));
502 handle4 = X509Certificate::CreateOSCertHandleFromBytes( 564 handle4 = X509Certificate::CreateOSCertHandleFromBytes(
503 reinterpret_cast<const char*>(paypal_null_der), sizeof(paypal_null_der)); 565 reinterpret_cast<const char*>(paypal_null_der), sizeof(paypal_null_der));
504 EXPECT_FALSE(cert2->HasIntermediateCertificate(handle4)); 566 EXPECT_FALSE(cert2->HasIntermediateCertificate(handle4));
505 567
568 X509Certificate::FreeOSCertHandle(handle2);
569 X509Certificate::FreeOSCertHandle(handle3);
570 X509Certificate::FreeOSCertHandle(handle4);
571
506 // Create object with 1 intermediate: 572 // Create object with 1 intermediate:
507 handle3 = X509Certificate::CreateOSCertHandleFromBytes( 573 handle3 = X509Certificate::CreateOSCertHandleFromBytes(
508 reinterpret_cast<const char*>(thawte_der), sizeof(thawte_der)); 574 reinterpret_cast<const char*>(thawte_der), sizeof(thawte_der));
509 X509Certificate::OSCertHandles intermediates3; 575 X509Certificate::OSCertHandles intermediates3;
510 intermediates2.push_back(handle3); 576 intermediates2.push_back(handle3);
511 scoped_refptr<X509Certificate> cert3; 577 scoped_refptr<X509Certificate> cert3;
512 cert3 = X509Certificate::CreateFromHandle( 578 cert3 = X509Certificate::CreateFromHandle(
513 X509Certificate::DupOSCertHandle(handle1), 579 X509Certificate::DupOSCertHandle(handle1),
514 X509Certificate::SOURCE_FROM_NETWORK, 580 X509Certificate::SOURCE_FROM_NETWORK,
515 intermediates3); 581 intermediates3);
516 582
583 X509Certificate::FreeOSCertHandle(handle1);
584 X509Certificate::FreeOSCertHandle(handle3);
585
517 // The cache should have returned cert2 'cause it has more intermediates: 586 // The cache should have returned cert2 'cause it has more intermediates:
518 EXPECT_EQ(cert3, cert2); 587 EXPECT_EQ(cert3, cert2);
519 } 588 }
520 #endif 589
590 class X509CertificateParseTest :
591 public testing::TestWithParam<CertificateFormatTestData> {
592 public:
593 virtual ~X509CertificateParseTest() { }
594 virtual void SetUp() {
595 test_data_ = GetParam();
596 }
597 virtual void TearDown() { }
598
599 protected:
600 CertificateFormatTestData test_data_;
601 };
602
603 TEST_P(X509CertificateParseTest, CanParseFormat) {
604 FilePath certs_dir = GetTestCertsDirectory();
605 scoped_refptr<X509Certificate> google_cert =
606 ImportCertFromFile(certs_dir, test_data_.file_name, test_data_.format);
607 CheckGoogleCert(google_cert, google_parse_fingerprint,
608 kGoogleParseValidFrom, kGoogleParseValidTo,
609 test_data_.should_test_chain);
610 }
611
612 INSTANTIATE_TEST_CASE_P(, X509CertificateParseTest,
613 testing::ValuesIn(FormatTestData));
521 614
522 } // namespace net 615 } // namespace net
OLDNEW
« no previous file with comments | « net/base/x509_certificate_nss.cc ('k') | net/base/x509_certificate_win.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698