Index: net/base/x509_certificate_unittest.cc |
=================================================================== |
--- net/base/x509_certificate_unittest.cc (revision 49024) |
+++ net/base/x509_certificate_unittest.cc (working copy) |
@@ -91,21 +91,22 @@ |
// Imports a certificate file in the src/net/data/ssl/certificates directory. |
// certs_dir represents the test certificates directory. cert_file is the |
// name of the certificate file. |
-X509Certificate* ImportCertFromFile(const FilePath& certs_dir, |
- const std::string& cert_file) { |
+X509Certificate* ImportCertFromFile( |
+ const FilePath& certs_dir, |
+ const std::string& cert_file, |
+ X509Certificate::CertificateFormat format) { |
FilePath cert_path = certs_dir.AppendASCII(cert_file); |
std::string cert_data; |
if (!file_util::ReadFileToString(cert_path, &cert_data)) |
return NULL; |
- return X509Certificate::CreateFromBytes(cert_data.data(), cert_data.size()); |
+ return X509Certificate::CreateFromBytes(cert_data.data(), cert_data.size(), |
+ format); |
} |
-} // namespace |
- |
-TEST(X509CertificateTest, GoogleCertParsing) { |
- scoped_refptr<X509Certificate> google_cert = X509Certificate::CreateFromBytes( |
- reinterpret_cast<const char*>(google_der), sizeof(google_der)); |
- |
+void CheckGoogleCert(const scoped_refptr<X509Certificate>& google_cert, |
+ unsigned char* expected_fingerprint, |
+ double valid_from, double valid_to, |
+ bool check_chain) { |
ASSERT_NE(static_cast<X509Certificate*>(NULL), google_cert); |
const X509Certificate::Principal& subject = google_cert->subject(); |
@@ -132,14 +133,14 @@ |
// Use DoubleT because its epoch is the same on all platforms |
const Time& valid_start = google_cert->valid_start(); |
- EXPECT_EQ(1238192407, valid_start.ToDoubleT()); // Mar 27 22:20:07 2009 GMT |
+ EXPECT_EQ(valid_from, valid_start.ToDoubleT()); |
const Time& valid_expiry = google_cert->valid_expiry(); |
- EXPECT_EQ(1269728407, valid_expiry.ToDoubleT()); // Mar 27 22:20:07 2010 GMT |
+ EXPECT_EQ(valid_to, valid_expiry.ToDoubleT()); |
const X509Certificate::Fingerprint& fingerprint = google_cert->fingerprint(); |
for (size_t i = 0; i < 20; ++i) |
- EXPECT_EQ(google_fingerprint[i], fingerprint.data[i]); |
+ EXPECT_EQ(expected_fingerprint[i], fingerprint.data[i]); |
std::vector<std::string> dns_names; |
google_cert->GetDNSNames(&dns_names); |
@@ -156,9 +157,63 @@ |
#endif |
} |
+// The fingerprint for the parse tests is different than the fingerprint |
+// included in test_certificate_data.h, as the parse test certificate is more |
+// recent. |
+unsigned char google_parse_fingerprint[] = { |
+ 0x40, 0x50, 0x62, 0xe5, 0xbe, 0xfd, 0xe4, 0xaf, 0x97, 0xe9, 0x38, 0x2a, |
+ 0xf1, 0x6c, 0xc8, 0x7c, 0x8f, 0xb7, 0xc4, 0xe2 |
+}; |
+ |
+// Dec 18 00:00:00 2009 GMT |
+const double kGoogleParseValidFrom = 1261094400; |
+// Dec 18 23:59:59 2011 GMT |
+const double kGoogleParseValidTo = 1324252799; |
+ |
+struct CertificateFormatTestData { |
+ const char* file_name; |
+ X509Certificate::CertificateFormat format; |
+ bool should_test_chain; |
+}; |
+ |
+const CertificateFormatTestData FormatTestData[] = { |
+ { "google.der", X509Certificate::FORMAT_DER, false }, |
+ { "google.single.pem", X509Certificate::FORMAT_DER, false }, |
+ |
+ { "google.single.pem", X509Certificate::FORMAT_PEM, false }, |
+ { "google.chain.pem", X509Certificate::FORMAT_PEM, true }, |
+ |
+ { "google.binary.p7b", X509Certificate::FORMAT_PKCS7, true }, |
+ { "google.pem_cert.p7b", X509Certificate::FORMAT_PKCS7, true }, |
+ { "google.pem_pkcs7.p7b", X509Certificate::FORMAT_PKCS7, true }, |
+ |
+ { "google.der", X509Certificate::FORMAT_AUTO, false }, |
+ { "google.single.pem", X509Certificate::FORMAT_AUTO, false }, |
+ { "google.single.pem", X509Certificate::FORMAT_AUTO, false }, |
+ { "google.chain.pem", X509Certificate::FORMAT_AUTO, true }, |
+ { "google.binary.p7b", X509Certificate::FORMAT_AUTO, true }, |
+ { "google.pem_cert.p7b", X509Certificate::FORMAT_AUTO, true }, |
+ { "google.pem_pkcs7.p7b", X509Certificate::FORMAT_AUTO, true } |
+}; |
+ |
+} // namespace |
+ |
+TEST(X509CertificateTest, GoogleCertParsing) { |
+ scoped_refptr<X509Certificate> google_cert = |
+ X509Certificate::CreateFromBytes( |
+ reinterpret_cast<const char*>(google_der), sizeof(google_der), |
+ X509Certificate::FORMAT_DER); |
+ |
+ CheckGoogleCert(google_cert, google_fingerprint, |
+ 1238192407, // Mar 27 22:20:07 2009 GMT |
+ 1269728407, // Mar 27 22:20:07 2010 GMT |
+ false); |
+} |
+ |
TEST(X509CertificateTest, WebkitCertParsing) { |
scoped_refptr<X509Certificate> webkit_cert = X509Certificate::CreateFromBytes( |
- reinterpret_cast<const char*>(webkit_der), sizeof(webkit_der)); |
+ reinterpret_cast<const char*>(webkit_der), sizeof(webkit_der), |
+ X509Certificate::FORMAT_DER); |
ASSERT_NE(static_cast<X509Certificate*>(NULL), webkit_cert); |
@@ -214,7 +269,8 @@ |
TEST(X509CertificateTest, ThawteCertParsing) { |
scoped_refptr<X509Certificate> thawte_cert = X509Certificate::CreateFromBytes( |
- reinterpret_cast<const char*>(thawte_der), sizeof(thawte_der)); |
+ reinterpret_cast<const char*>(thawte_der), sizeof(thawte_der), |
+ X509Certificate::FORMAT_DER); |
ASSERT_NE(static_cast<X509Certificate*>(NULL), thawte_cert); |
@@ -277,7 +333,8 @@ |
scoped_refptr<X509Certificate> paypal_null_cert = |
X509Certificate::CreateFromBytes( |
reinterpret_cast<const char*>(paypal_null_der), |
- sizeof(paypal_null_der)); |
+ sizeof(paypal_null_der), |
+ X509Certificate::FORMAT_DER); |
ASSERT_NE(static_cast<X509Certificate*>(NULL), paypal_null_cert); |
@@ -305,7 +362,8 @@ |
TEST(X509CertificateTest, UnoSoftCertParsing) { |
FilePath certs_dir = GetTestCertsDirectory(); |
scoped_refptr<X509Certificate> unosoft_hu_cert = |
- ImportCertFromFile(certs_dir, "unosoft_hu_cert.der"); |
+ ImportCertFromFile(certs_dir, "unosoft_hu_cert.der", |
+ X509Certificate::FORMAT_DER); |
ASSERT_NE(static_cast<X509Certificate*>(NULL), unosoft_hu_cert); |
@@ -333,13 +391,15 @@ |
FilePath certs_dir = GetTestCertsDirectory(); |
scoped_refptr<X509Certificate> server_cert = |
- ImportCertFromFile(certs_dir, "www_us_army_mil_cert.der"); |
+ ImportCertFromFile(certs_dir, "www_us_army_mil_cert.der", |
+ X509Certificate::FORMAT_DER); |
ASSERT_NE(static_cast<X509Certificate*>(NULL), server_cert); |
// The intermediate CA certificate's policyConstraints extension has a |
// requireExplicitPolicy field with SkipCerts=0. |
scoped_refptr<X509Certificate> intermediate_cert = |
- ImportCertFromFile(certs_dir, "dod_ca_17_cert.der"); |
+ ImportCertFromFile(certs_dir, "dod_ca_17_cert.der", |
+ X509Certificate::FORMAT_DER); |
ASSERT_NE(static_cast<X509Certificate*>(NULL), intermediate_cert); |
FilePath root_cert_path = certs_dir.AppendASCII("dod_root_ca_2_cert.der"); |
@@ -414,7 +474,8 @@ |
TEST(X509CertificateTest, Pickle) { |
scoped_refptr<X509Certificate> cert1 = X509Certificate::CreateFromBytes( |
- reinterpret_cast<const char*>(google_der), sizeof(google_der)); |
+ reinterpret_cast<const char*>(google_der), sizeof(google_der), |
+ X509Certificate::FORMAT_DER); |
Pickle pickle; |
cert1->Persist(&pickle); |
@@ -428,10 +489,12 @@ |
TEST(X509CertificateTest, Policy) { |
scoped_refptr<X509Certificate> google_cert = X509Certificate::CreateFromBytes( |
- reinterpret_cast<const char*>(google_der), sizeof(google_der)); |
+ reinterpret_cast<const char*>(google_der), sizeof(google_der), |
+ X509Certificate::FORMAT_DER); |
scoped_refptr<X509Certificate> webkit_cert = X509Certificate::CreateFromBytes( |
- reinterpret_cast<const char*>(webkit_der), sizeof(webkit_der)); |
+ reinterpret_cast<const char*>(webkit_der), sizeof(webkit_der), |
+ X509Certificate::FORMAT_DER); |
X509Certificate::Policy policy; |
@@ -462,7 +525,6 @@ |
EXPECT_TRUE(policy.HasDeniedCert()); |
} |
-#if defined(OS_MACOSX) || defined(OS_WIN) |
TEST(X509CertificateTest, IntermediateCertificates) { |
X509Certificate::OSCertHandle handle1, handle2, handle3, handle4; |
@@ -503,6 +565,10 @@ |
reinterpret_cast<const char*>(paypal_null_der), sizeof(paypal_null_der)); |
EXPECT_FALSE(cert2->HasIntermediateCertificate(handle4)); |
+ X509Certificate::FreeOSCertHandle(handle2); |
+ X509Certificate::FreeOSCertHandle(handle3); |
+ X509Certificate::FreeOSCertHandle(handle4); |
+ |
// Create object with 1 intermediate: |
handle3 = X509Certificate::CreateOSCertHandleFromBytes( |
reinterpret_cast<const char*>(thawte_der), sizeof(thawte_der)); |
@@ -514,9 +580,36 @@ |
X509Certificate::SOURCE_FROM_NETWORK, |
intermediates3); |
+ X509Certificate::FreeOSCertHandle(handle1); |
+ X509Certificate::FreeOSCertHandle(handle3); |
+ |
// The cache should have returned cert2 'cause it has more intermediates: |
EXPECT_EQ(cert3, cert2); |
} |
-#endif |
+class X509CertificateParseTest : |
+ public testing::TestWithParam<CertificateFormatTestData> { |
+ public: |
+ virtual ~X509CertificateParseTest() { } |
+ virtual void SetUp() { |
+ test_data_ = GetParam(); |
+ } |
+ virtual void TearDown() { } |
+ |
+ protected: |
+ CertificateFormatTestData test_data_; |
+}; |
+ |
+TEST_P(X509CertificateParseTest, CanParseFormat) { |
+ FilePath certs_dir = GetTestCertsDirectory(); |
+ scoped_refptr<X509Certificate> google_cert = |
+ ImportCertFromFile(certs_dir, test_data_.file_name, test_data_.format); |
+ CheckGoogleCert(google_cert, google_parse_fingerprint, |
+ kGoogleParseValidFrom, kGoogleParseValidTo, |
+ test_data_.should_test_chain); |
+} |
+ |
+INSTANTIATE_TEST_CASE_P(, X509CertificateParseTest, |
+ testing::ValuesIn(FormatTestData)); |
+ |
} // namespace net |