| Index: net/base/x509_certificate_unittest.cc
|
| ===================================================================
|
| --- net/base/x509_certificate_unittest.cc (revision 49024)
|
| +++ net/base/x509_certificate_unittest.cc (working copy)
|
| @@ -91,21 +91,22 @@
|
| // Imports a certificate file in the src/net/data/ssl/certificates directory.
|
| // certs_dir represents the test certificates directory. cert_file is the
|
| // name of the certificate file.
|
| -X509Certificate* ImportCertFromFile(const FilePath& certs_dir,
|
| - const std::string& cert_file) {
|
| +X509Certificate* ImportCertFromFile(
|
| + const FilePath& certs_dir,
|
| + const std::string& cert_file,
|
| + X509Certificate::CertificateFormat format) {
|
| FilePath cert_path = certs_dir.AppendASCII(cert_file);
|
| std::string cert_data;
|
| if (!file_util::ReadFileToString(cert_path, &cert_data))
|
| return NULL;
|
| - return X509Certificate::CreateFromBytes(cert_data.data(), cert_data.size());
|
| + return X509Certificate::CreateFromBytes(cert_data.data(), cert_data.size(),
|
| + format);
|
| }
|
|
|
| -} // namespace
|
| -
|
| -TEST(X509CertificateTest, GoogleCertParsing) {
|
| - scoped_refptr<X509Certificate> google_cert = X509Certificate::CreateFromBytes(
|
| - reinterpret_cast<const char*>(google_der), sizeof(google_der));
|
| -
|
| +void CheckGoogleCert(const scoped_refptr<X509Certificate>& google_cert,
|
| + unsigned char* expected_fingerprint,
|
| + double valid_from, double valid_to,
|
| + bool check_chain) {
|
| ASSERT_NE(static_cast<X509Certificate*>(NULL), google_cert);
|
|
|
| const X509Certificate::Principal& subject = google_cert->subject();
|
| @@ -132,14 +133,14 @@
|
|
|
| // Use DoubleT because its epoch is the same on all platforms
|
| const Time& valid_start = google_cert->valid_start();
|
| - EXPECT_EQ(1238192407, valid_start.ToDoubleT()); // Mar 27 22:20:07 2009 GMT
|
| + EXPECT_EQ(valid_from, valid_start.ToDoubleT());
|
|
|
| const Time& valid_expiry = google_cert->valid_expiry();
|
| - EXPECT_EQ(1269728407, valid_expiry.ToDoubleT()); // Mar 27 22:20:07 2010 GMT
|
| + EXPECT_EQ(valid_to, valid_expiry.ToDoubleT());
|
|
|
| const X509Certificate::Fingerprint& fingerprint = google_cert->fingerprint();
|
| for (size_t i = 0; i < 20; ++i)
|
| - EXPECT_EQ(google_fingerprint[i], fingerprint.data[i]);
|
| + EXPECT_EQ(expected_fingerprint[i], fingerprint.data[i]);
|
|
|
| std::vector<std::string> dns_names;
|
| google_cert->GetDNSNames(&dns_names);
|
| @@ -156,9 +157,63 @@
|
| #endif
|
| }
|
|
|
| +// The fingerprint for the parse tests is different than the fingerprint
|
| +// included in test_certificate_data.h, as the parse test certificate is more
|
| +// recent.
|
| +unsigned char google_parse_fingerprint[] = {
|
| + 0x40, 0x50, 0x62, 0xe5, 0xbe, 0xfd, 0xe4, 0xaf, 0x97, 0xe9, 0x38, 0x2a,
|
| + 0xf1, 0x6c, 0xc8, 0x7c, 0x8f, 0xb7, 0xc4, 0xe2
|
| +};
|
| +
|
| +// Dec 18 00:00:00 2009 GMT
|
| +const double kGoogleParseValidFrom = 1261094400;
|
| +// Dec 18 23:59:59 2011 GMT
|
| +const double kGoogleParseValidTo = 1324252799;
|
| +
|
| +struct CertificateFormatTestData {
|
| + const char* file_name;
|
| + X509Certificate::CertificateFormat format;
|
| + bool should_test_chain;
|
| +};
|
| +
|
| +const CertificateFormatTestData FormatTestData[] = {
|
| + { "google.der", X509Certificate::FORMAT_DER, false },
|
| + { "google.single.pem", X509Certificate::FORMAT_DER, false },
|
| +
|
| + { "google.single.pem", X509Certificate::FORMAT_PEM, false },
|
| + { "google.chain.pem", X509Certificate::FORMAT_PEM, true },
|
| +
|
| + { "google.binary.p7b", X509Certificate::FORMAT_PKCS7, true },
|
| + { "google.pem_cert.p7b", X509Certificate::FORMAT_PKCS7, true },
|
| + { "google.pem_pkcs7.p7b", X509Certificate::FORMAT_PKCS7, true },
|
| +
|
| + { "google.der", X509Certificate::FORMAT_AUTO, false },
|
| + { "google.single.pem", X509Certificate::FORMAT_AUTO, false },
|
| + { "google.single.pem", X509Certificate::FORMAT_AUTO, false },
|
| + { "google.chain.pem", X509Certificate::FORMAT_AUTO, true },
|
| + { "google.binary.p7b", X509Certificate::FORMAT_AUTO, true },
|
| + { "google.pem_cert.p7b", X509Certificate::FORMAT_AUTO, true },
|
| + { "google.pem_pkcs7.p7b", X509Certificate::FORMAT_AUTO, true }
|
| +};
|
| +
|
| +} // namespace
|
| +
|
| +TEST(X509CertificateTest, GoogleCertParsing) {
|
| + scoped_refptr<X509Certificate> google_cert =
|
| + X509Certificate::CreateFromBytes(
|
| + reinterpret_cast<const char*>(google_der), sizeof(google_der),
|
| + X509Certificate::FORMAT_DER);
|
| +
|
| + CheckGoogleCert(google_cert, google_fingerprint,
|
| + 1238192407, // Mar 27 22:20:07 2009 GMT
|
| + 1269728407, // Mar 27 22:20:07 2010 GMT
|
| + false);
|
| +}
|
| +
|
| TEST(X509CertificateTest, WebkitCertParsing) {
|
| scoped_refptr<X509Certificate> webkit_cert = X509Certificate::CreateFromBytes(
|
| - reinterpret_cast<const char*>(webkit_der), sizeof(webkit_der));
|
| + reinterpret_cast<const char*>(webkit_der), sizeof(webkit_der),
|
| + X509Certificate::FORMAT_DER);
|
|
|
| ASSERT_NE(static_cast<X509Certificate*>(NULL), webkit_cert);
|
|
|
| @@ -214,7 +269,8 @@
|
|
|
| TEST(X509CertificateTest, ThawteCertParsing) {
|
| scoped_refptr<X509Certificate> thawte_cert = X509Certificate::CreateFromBytes(
|
| - reinterpret_cast<const char*>(thawte_der), sizeof(thawte_der));
|
| + reinterpret_cast<const char*>(thawte_der), sizeof(thawte_der),
|
| + X509Certificate::FORMAT_DER);
|
|
|
| ASSERT_NE(static_cast<X509Certificate*>(NULL), thawte_cert);
|
|
|
| @@ -277,7 +333,8 @@
|
| scoped_refptr<X509Certificate> paypal_null_cert =
|
| X509Certificate::CreateFromBytes(
|
| reinterpret_cast<const char*>(paypal_null_der),
|
| - sizeof(paypal_null_der));
|
| + sizeof(paypal_null_der),
|
| + X509Certificate::FORMAT_DER);
|
|
|
| ASSERT_NE(static_cast<X509Certificate*>(NULL), paypal_null_cert);
|
|
|
| @@ -305,7 +362,8 @@
|
| TEST(X509CertificateTest, UnoSoftCertParsing) {
|
| FilePath certs_dir = GetTestCertsDirectory();
|
| scoped_refptr<X509Certificate> unosoft_hu_cert =
|
| - ImportCertFromFile(certs_dir, "unosoft_hu_cert.der");
|
| + ImportCertFromFile(certs_dir, "unosoft_hu_cert.der",
|
| + X509Certificate::FORMAT_DER);
|
|
|
| ASSERT_NE(static_cast<X509Certificate*>(NULL), unosoft_hu_cert);
|
|
|
| @@ -333,13 +391,15 @@
|
| FilePath certs_dir = GetTestCertsDirectory();
|
|
|
| scoped_refptr<X509Certificate> server_cert =
|
| - ImportCertFromFile(certs_dir, "www_us_army_mil_cert.der");
|
| + ImportCertFromFile(certs_dir, "www_us_army_mil_cert.der",
|
| + X509Certificate::FORMAT_DER);
|
| ASSERT_NE(static_cast<X509Certificate*>(NULL), server_cert);
|
|
|
| // The intermediate CA certificate's policyConstraints extension has a
|
| // requireExplicitPolicy field with SkipCerts=0.
|
| scoped_refptr<X509Certificate> intermediate_cert =
|
| - ImportCertFromFile(certs_dir, "dod_ca_17_cert.der");
|
| + ImportCertFromFile(certs_dir, "dod_ca_17_cert.der",
|
| + X509Certificate::FORMAT_DER);
|
| ASSERT_NE(static_cast<X509Certificate*>(NULL), intermediate_cert);
|
|
|
| FilePath root_cert_path = certs_dir.AppendASCII("dod_root_ca_2_cert.der");
|
| @@ -414,7 +474,8 @@
|
|
|
| TEST(X509CertificateTest, Pickle) {
|
| scoped_refptr<X509Certificate> cert1 = X509Certificate::CreateFromBytes(
|
| - reinterpret_cast<const char*>(google_der), sizeof(google_der));
|
| + reinterpret_cast<const char*>(google_der), sizeof(google_der),
|
| + X509Certificate::FORMAT_DER);
|
|
|
| Pickle pickle;
|
| cert1->Persist(&pickle);
|
| @@ -428,10 +489,12 @@
|
|
|
| TEST(X509CertificateTest, Policy) {
|
| scoped_refptr<X509Certificate> google_cert = X509Certificate::CreateFromBytes(
|
| - reinterpret_cast<const char*>(google_der), sizeof(google_der));
|
| + reinterpret_cast<const char*>(google_der), sizeof(google_der),
|
| + X509Certificate::FORMAT_DER);
|
|
|
| scoped_refptr<X509Certificate> webkit_cert = X509Certificate::CreateFromBytes(
|
| - reinterpret_cast<const char*>(webkit_der), sizeof(webkit_der));
|
| + reinterpret_cast<const char*>(webkit_der), sizeof(webkit_der),
|
| + X509Certificate::FORMAT_DER);
|
|
|
| X509Certificate::Policy policy;
|
|
|
| @@ -462,7 +525,6 @@
|
| EXPECT_TRUE(policy.HasDeniedCert());
|
| }
|
|
|
| -#if defined(OS_MACOSX) || defined(OS_WIN)
|
| TEST(X509CertificateTest, IntermediateCertificates) {
|
| X509Certificate::OSCertHandle handle1, handle2, handle3, handle4;
|
|
|
| @@ -503,6 +565,10 @@
|
| reinterpret_cast<const char*>(paypal_null_der), sizeof(paypal_null_der));
|
| EXPECT_FALSE(cert2->HasIntermediateCertificate(handle4));
|
|
|
| + X509Certificate::FreeOSCertHandle(handle2);
|
| + X509Certificate::FreeOSCertHandle(handle3);
|
| + X509Certificate::FreeOSCertHandle(handle4);
|
| +
|
| // Create object with 1 intermediate:
|
| handle3 = X509Certificate::CreateOSCertHandleFromBytes(
|
| reinterpret_cast<const char*>(thawte_der), sizeof(thawte_der));
|
| @@ -514,9 +580,36 @@
|
| X509Certificate::SOURCE_FROM_NETWORK,
|
| intermediates3);
|
|
|
| + X509Certificate::FreeOSCertHandle(handle1);
|
| + X509Certificate::FreeOSCertHandle(handle3);
|
| +
|
| // The cache should have returned cert2 'cause it has more intermediates:
|
| EXPECT_EQ(cert3, cert2);
|
| }
|
| -#endif
|
|
|
| +class X509CertificateParseTest :
|
| + public testing::TestWithParam<CertificateFormatTestData> {
|
| + public:
|
| + virtual ~X509CertificateParseTest() { }
|
| + virtual void SetUp() {
|
| + test_data_ = GetParam();
|
| + }
|
| + virtual void TearDown() { }
|
| +
|
| + protected:
|
| + CertificateFormatTestData test_data_;
|
| +};
|
| +
|
| +TEST_P(X509CertificateParseTest, CanParseFormat) {
|
| + FilePath certs_dir = GetTestCertsDirectory();
|
| + scoped_refptr<X509Certificate> google_cert =
|
| + ImportCertFromFile(certs_dir, test_data_.file_name, test_data_.format);
|
| + CheckGoogleCert(google_cert, google_parse_fingerprint,
|
| + kGoogleParseValidFrom, kGoogleParseValidTo,
|
| + test_data_.should_test_chain);
|
| +}
|
| +
|
| +INSTANTIATE_TEST_CASE_P(, X509CertificateParseTest,
|
| + testing::ValuesIn(FormatTestData));
|
| +
|
| } // namespace net
|
|
|
Chromium Code Reviews
Issue 2668005:
Bring the handling of <keygen> and support for the application/x-x509-user-ce... (Closed)
Base URL: http://src.chromium.org/svn/trunk/src/