| OLD | NEW |
|---|
| 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "base/file_path.h" | 5 #include "base/file_path.h" |
| 6 #include "base/file_util.h" | 6 #include "base/file_util.h" |
| 7 #include "base/path_service.h" | 7 #include "base/path_service.h" |
| 8 #include "base/pickle.h" | 8 #include "base/pickle.h" |
| 9 #include "net/base/cert_status_flags.h" | 9 #include "net/base/cert_status_flags.h" |
| 10 #include "net/base/cert_test_util.h" | 10 #include "net/base/cert_test_util.h" |
| (...skipping 90 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 101 } | 101 } |
| 102 | 102 |
| 103 } // namespace | 103 } // namespace |
| 104 | 104 |
| 105 TEST(X509CertificateTest, GoogleCertParsing) { | 105 TEST(X509CertificateTest, GoogleCertParsing) { |
| 106 scoped_refptr<X509Certificate> google_cert = X509Certificate::CreateFromBytes( | 106 scoped_refptr<X509Certificate> google_cert = X509Certificate::CreateFromBytes( |
| 107 reinterpret_cast<const char*>(google_der), sizeof(google_der)); | 107 reinterpret_cast<const char*>(google_der), sizeof(google_der)); |
| 108 | 108 |
| 109 ASSERT_NE(static_cast<X509Certificate*>(NULL), google_cert); | 109 ASSERT_NE(static_cast<X509Certificate*>(NULL), google_cert); |
| 110 | 110 |
| 111 const X509Certificate::Principal& subject = google_cert->subject(); | 111 const CertPrincipal& subject = google_cert->subject(); |
| 112 EXPECT_EQ("www.google.com", subject.common_name); | 112 EXPECT_EQ("www.google.com", subject.common_name); |
| 113 EXPECT_EQ("Mountain View", subject.locality_name); | 113 EXPECT_EQ("Mountain View", subject.locality_name); |
| 114 EXPECT_EQ("California", subject.state_or_province_name); | 114 EXPECT_EQ("California", subject.state_or_province_name); |
| 115 EXPECT_EQ("US", subject.country_name); | 115 EXPECT_EQ("US", subject.country_name); |
| 116 EXPECT_EQ(0U, subject.street_addresses.size()); | 116 EXPECT_EQ(0U, subject.street_addresses.size()); |
| 117 EXPECT_EQ(1U, subject.organization_names.size()); | 117 EXPECT_EQ(1U, subject.organization_names.size()); |
| 118 EXPECT_EQ("Google Inc", subject.organization_names[0]); | 118 EXPECT_EQ("Google Inc", subject.organization_names[0]); |
| 119 EXPECT_EQ(0U, subject.organization_unit_names.size()); | 119 EXPECT_EQ(0U, subject.organization_unit_names.size()); |
| 120 EXPECT_EQ(0U, subject.domain_components.size()); | 120 EXPECT_EQ(0U, subject.domain_components.size()); |
| 121 | 121 |
| 122 const X509Certificate::Principal& issuer = google_cert->issuer(); | 122 const CertPrincipal& issuer = google_cert->issuer(); |
| 123 EXPECT_EQ("Thawte SGC CA", issuer.common_name); | 123 EXPECT_EQ("Thawte SGC CA", issuer.common_name); |
| 124 EXPECT_EQ("", issuer.locality_name); | 124 EXPECT_EQ("", issuer.locality_name); |
| 125 EXPECT_EQ("", issuer.state_or_province_name); | 125 EXPECT_EQ("", issuer.state_or_province_name); |
| 126 EXPECT_EQ("ZA", issuer.country_name); | 126 EXPECT_EQ("ZA", issuer.country_name); |
| 127 EXPECT_EQ(0U, issuer.street_addresses.size()); | 127 EXPECT_EQ(0U, issuer.street_addresses.size()); |
| 128 EXPECT_EQ(1U, issuer.organization_names.size()); | 128 EXPECT_EQ(1U, issuer.organization_names.size()); |
| 129 EXPECT_EQ("Thawte Consulting (Pty) Ltd.", issuer.organization_names[0]); | 129 EXPECT_EQ("Thawte Consulting (Pty) Ltd.", issuer.organization_names[0]); |
| 130 EXPECT_EQ(0U, issuer.organization_unit_names.size()); | 130 EXPECT_EQ(0U, issuer.organization_unit_names.size()); |
| 131 EXPECT_EQ(0U, issuer.domain_components.size()); | 131 EXPECT_EQ(0U, issuer.domain_components.size()); |
| 132 | 132 |
| 133 // Use DoubleT because its epoch is the same on all platforms | 133 // Use DoubleT because its epoch is the same on all platforms |
| 134 const Time& valid_start = google_cert->valid_start(); | 134 const Time& valid_start = google_cert->valid_start(); |
| 135 EXPECT_EQ(1238192407, valid_start.ToDoubleT()); // Mar 27 22:20:07 2009 GMT | 135 EXPECT_EQ(1238192407, valid_start.ToDoubleT()); // Mar 27 22:20:07 2009 GMT |
| 136 | 136 |
| 137 const Time& valid_expiry = google_cert->valid_expiry(); | 137 const Time& valid_expiry = google_cert->valid_expiry(); |
| 138 EXPECT_EQ(1269728407, valid_expiry.ToDoubleT()); // Mar 27 22:20:07 2010 GMT | 138 EXPECT_EQ(1269728407, valid_expiry.ToDoubleT()); // Mar 27 22:20:07 2010 GMT |
| 139 | 139 |
| 140 const X509Certificate::Fingerprint& fingerprint = google_cert->fingerprint(); | 140 const SHA1Fingerprint& fingerprint = google_cert->fingerprint(); |
| 141 for (size_t i = 0; i < 20; ++i) | 141 for (size_t i = 0; i < 20; ++i) |
| 142 EXPECT_EQ(google_fingerprint[i], fingerprint.data[i]); | 142 EXPECT_EQ(google_fingerprint[i], fingerprint.data[i]); |
| 143 | 143 |
| 144 std::vector<std::string> dns_names; | 144 std::vector<std::string> dns_names; |
| 145 google_cert->GetDNSNames(&dns_names); | 145 google_cert->GetDNSNames(&dns_names); |
| 146 EXPECT_EQ(1U, dns_names.size()); | 146 EXPECT_EQ(1U, dns_names.size()); |
| 147 EXPECT_EQ("www.google.com", dns_names[0]); | 147 EXPECT_EQ("www.google.com", dns_names[0]); |
| 148 | 148 |
| 149 #if TEST_EV | 149 #if TEST_EV |
| 150 // TODO(avi): turn this on for the Mac once EV checking is implemented. | 150 // TODO(avi): turn this on for the Mac once EV checking is implemented. |
| 151 CertVerifyResult verify_result; | 151 CertVerifyResult verify_result; |
| 152 int flags = X509Certificate::VERIFY_REV_CHECKING_ENABLED | | 152 int flags = X509Certificate::VERIFY_REV_CHECKING_ENABLED | |
| 153 X509Certificate::VERIFY_EV_CERT; | 153 X509Certificate::VERIFY_EV_CERT; |
| 154 EXPECT_EQ(OK, google_cert->Verify("www.google.com", flags, &verify_result)); | 154 EXPECT_EQ(OK, google_cert->Verify("www.google.com", flags, &verify_result)); |
| 155 EXPECT_EQ(0, verify_result.cert_status & CERT_STATUS_IS_EV); | 155 EXPECT_EQ(0, verify_result.cert_status & CERT_STATUS_IS_EV); |
| 156 #endif | 156 #endif |
| 157 } | 157 } |
| 158 | 158 |
| 159 TEST(X509CertificateTest, WebkitCertParsing) { | 159 TEST(X509CertificateTest, WebkitCertParsing) { |
| 160 scoped_refptr<X509Certificate> webkit_cert = X509Certificate::CreateFromBytes( | 160 scoped_refptr<X509Certificate> webkit_cert = X509Certificate::CreateFromBytes( |
| 161 reinterpret_cast<const char*>(webkit_der), sizeof(webkit_der)); | 161 reinterpret_cast<const char*>(webkit_der), sizeof(webkit_der)); |
| 162 | 162 |
| 163 ASSERT_NE(static_cast<X509Certificate*>(NULL), webkit_cert); | 163 ASSERT_NE(static_cast<X509Certificate*>(NULL), webkit_cert); |
| 164 | 164 |
| 165 const X509Certificate::Principal& subject = webkit_cert->subject(); | 165 const CertPrincipal& subject = webkit_cert->subject(); |
| 166 EXPECT_EQ("Cupertino", subject.locality_name); | 166 EXPECT_EQ("Cupertino", subject.locality_name); |
| 167 EXPECT_EQ("California", subject.state_or_province_name); | 167 EXPECT_EQ("California", subject.state_or_province_name); |
| 168 EXPECT_EQ("US", subject.country_name); | 168 EXPECT_EQ("US", subject.country_name); |
| 169 EXPECT_EQ(0U, subject.street_addresses.size()); | 169 EXPECT_EQ(0U, subject.street_addresses.size()); |
| 170 EXPECT_EQ(1U, subject.organization_names.size()); | 170 EXPECT_EQ(1U, subject.organization_names.size()); |
| 171 EXPECT_EQ("Apple Inc.", subject.organization_names[0]); | 171 EXPECT_EQ("Apple Inc.", subject.organization_names[0]); |
| 172 EXPECT_EQ(1U, subject.organization_unit_names.size()); | 172 EXPECT_EQ(1U, subject.organization_unit_names.size()); |
| 173 EXPECT_EQ("Mac OS Forge", subject.organization_unit_names[0]); | 173 EXPECT_EQ("Mac OS Forge", subject.organization_unit_names[0]); |
| 174 EXPECT_EQ(0U, subject.domain_components.size()); | 174 EXPECT_EQ(0U, subject.domain_components.size()); |
| 175 | 175 |
| 176 const X509Certificate::Principal& issuer = webkit_cert->issuer(); | 176 const CertPrincipal& issuer = webkit_cert->issuer(); |
| 177 EXPECT_EQ("Go Daddy Secure Certification Authority", issuer.common_name); | 177 EXPECT_EQ("Go Daddy Secure Certification Authority", issuer.common_name); |
| 178 EXPECT_EQ("Scottsdale", issuer.locality_name); | 178 EXPECT_EQ("Scottsdale", issuer.locality_name); |
| 179 EXPECT_EQ("Arizona", issuer.state_or_province_name); | 179 EXPECT_EQ("Arizona", issuer.state_or_province_name); |
| 180 EXPECT_EQ("US", issuer.country_name); | 180 EXPECT_EQ("US", issuer.country_name); |
| 181 EXPECT_EQ(0U, issuer.street_addresses.size()); | 181 EXPECT_EQ(0U, issuer.street_addresses.size()); |
| 182 EXPECT_EQ(1U, issuer.organization_names.size()); | 182 EXPECT_EQ(1U, issuer.organization_names.size()); |
| 183 EXPECT_EQ("GoDaddy.com, Inc.", issuer.organization_names[0]); | 183 EXPECT_EQ("GoDaddy.com, Inc.", issuer.organization_names[0]); |
| 184 EXPECT_EQ(1U, issuer.organization_unit_names.size()); | 184 EXPECT_EQ(1U, issuer.organization_unit_names.size()); |
| 185 EXPECT_EQ("http://certificates.godaddy.com/repository", | 185 EXPECT_EQ("http://certificates.godaddy.com/repository", |
| 186 issuer.organization_unit_names[0]); | 186 issuer.organization_unit_names[0]); |
| 187 EXPECT_EQ(0U, issuer.domain_components.size()); | 187 EXPECT_EQ(0U, issuer.domain_components.size()); |
| 188 | 188 |
| 189 // Use DoubleT because its epoch is the same on all platforms | 189 // Use DoubleT because its epoch is the same on all platforms |
| 190 const Time& valid_start = webkit_cert->valid_start(); | 190 const Time& valid_start = webkit_cert->valid_start(); |
| 191 EXPECT_EQ(1205883319, valid_start.ToDoubleT()); // Mar 18 23:35:19 2008 GMT | 191 EXPECT_EQ(1205883319, valid_start.ToDoubleT()); // Mar 18 23:35:19 2008 GMT |
| 192 | 192 |
| 193 const Time& valid_expiry = webkit_cert->valid_expiry(); | 193 const Time& valid_expiry = webkit_cert->valid_expiry(); |
| 194 EXPECT_EQ(1300491319, valid_expiry.ToDoubleT()); // Mar 18 23:35:19 2011 GMT | 194 EXPECT_EQ(1300491319, valid_expiry.ToDoubleT()); // Mar 18 23:35:19 2011 GMT |
| 195 | 195 |
| 196 const X509Certificate::Fingerprint& fingerprint = webkit_cert->fingerprint(); | 196 const SHA1Fingerprint& fingerprint = webkit_cert->fingerprint(); |
| 197 for (size_t i = 0; i < 20; ++i) | 197 for (size_t i = 0; i < 20; ++i) |
| 198 EXPECT_EQ(webkit_fingerprint[i], fingerprint.data[i]); | 198 EXPECT_EQ(webkit_fingerprint[i], fingerprint.data[i]); |
| 199 | 199 |
| 200 std::vector<std::string> dns_names; | 200 std::vector<std::string> dns_names; |
| 201 webkit_cert->GetDNSNames(&dns_names); | 201 webkit_cert->GetDNSNames(&dns_names); |
| 202 EXPECT_EQ(2U, dns_names.size()); | 202 EXPECT_EQ(2U, dns_names.size()); |
| 203 EXPECT_EQ("*.webkit.org", dns_names[0]); | 203 EXPECT_EQ("*.webkit.org", dns_names[0]); |
| 204 EXPECT_EQ("webkit.org", dns_names[1]); | 204 EXPECT_EQ("webkit.org", dns_names[1]); |
| 205 | 205 |
| 206 #if TEST_EV | 206 #if TEST_EV |
| 207 int flags = X509Certificate::VERIFY_REV_CHECKING_ENABLED | | 207 int flags = X509Certificate::VERIFY_REV_CHECKING_ENABLED | |
| 208 X509Certificate::VERIFY_EV_CERT; | 208 X509Certificate::VERIFY_EV_CERT; |
| 209 CertVerifyResult verify_result; | 209 CertVerifyResult verify_result; |
| 210 EXPECT_EQ(OK, webkit_cert->Verify("webkit.org", flags, &verify_result)); | 210 EXPECT_EQ(OK, webkit_cert->Verify("webkit.org", flags, &verify_result)); |
| 211 EXPECT_EQ(0, verify_result.cert_status & CERT_STATUS_IS_EV); | 211 EXPECT_EQ(0, verify_result.cert_status & CERT_STATUS_IS_EV); |
| 212 #endif | 212 #endif |
| 213 } | 213 } |
| 214 | 214 |
| 215 TEST(X509CertificateTest, ThawteCertParsing) { | 215 TEST(X509CertificateTest, ThawteCertParsing) { |
| 216 scoped_refptr<X509Certificate> thawte_cert = X509Certificate::CreateFromBytes( | 216 scoped_refptr<X509Certificate> thawte_cert = X509Certificate::CreateFromBytes( |
| 217 reinterpret_cast<const char*>(thawte_der), sizeof(thawte_der)); | 217 reinterpret_cast<const char*>(thawte_der), sizeof(thawte_der)); |
| 218 | 218 |
| 219 ASSERT_NE(static_cast<X509Certificate*>(NULL), thawte_cert); | 219 ASSERT_NE(static_cast<X509Certificate*>(NULL), thawte_cert); |
| 220 | 220 |
| 221 const X509Certificate::Principal& subject = thawte_cert->subject(); | 221 const CertPrincipal& subject = thawte_cert->subject(); |
| 222 EXPECT_EQ("www.thawte.com", subject.common_name); | 222 EXPECT_EQ("www.thawte.com", subject.common_name); |
| 223 EXPECT_EQ("Mountain View", subject.locality_name); | 223 EXPECT_EQ("Mountain View", subject.locality_name); |
| 224 EXPECT_EQ("California", subject.state_or_province_name); | 224 EXPECT_EQ("California", subject.state_or_province_name); |
| 225 EXPECT_EQ("US", subject.country_name); | 225 EXPECT_EQ("US", subject.country_name); |
| 226 EXPECT_EQ(0U, subject.street_addresses.size()); | 226 EXPECT_EQ(0U, subject.street_addresses.size()); |
| 227 EXPECT_EQ(1U, subject.organization_names.size()); | 227 EXPECT_EQ(1U, subject.organization_names.size()); |
| 228 EXPECT_EQ("Thawte Inc", subject.organization_names[0]); | 228 EXPECT_EQ("Thawte Inc", subject.organization_names[0]); |
| 229 EXPECT_EQ(0U, subject.organization_unit_names.size()); | 229 EXPECT_EQ(0U, subject.organization_unit_names.size()); |
| 230 EXPECT_EQ(0U, subject.domain_components.size()); | 230 EXPECT_EQ(0U, subject.domain_components.size()); |
| 231 | 231 |
| 232 const X509Certificate::Principal& issuer = thawte_cert->issuer(); | 232 const CertPrincipal& issuer = thawte_cert->issuer(); |
| 233 EXPECT_EQ("thawte Extended Validation SSL CA", issuer.common_name); | 233 EXPECT_EQ("thawte Extended Validation SSL CA", issuer.common_name); |
| 234 EXPECT_EQ("", issuer.locality_name); | 234 EXPECT_EQ("", issuer.locality_name); |
| 235 EXPECT_EQ("", issuer.state_or_province_name); | 235 EXPECT_EQ("", issuer.state_or_province_name); |
| 236 EXPECT_EQ("US", issuer.country_name); | 236 EXPECT_EQ("US", issuer.country_name); |
| 237 EXPECT_EQ(0U, issuer.street_addresses.size()); | 237 EXPECT_EQ(0U, issuer.street_addresses.size()); |
| 238 EXPECT_EQ(1U, issuer.organization_names.size()); | 238 EXPECT_EQ(1U, issuer.organization_names.size()); |
| 239 EXPECT_EQ("thawte, Inc.", issuer.organization_names[0]); | 239 EXPECT_EQ("thawte, Inc.", issuer.organization_names[0]); |
| 240 EXPECT_EQ(1U, issuer.organization_unit_names.size()); | 240 EXPECT_EQ(1U, issuer.organization_unit_names.size()); |
| 241 EXPECT_EQ("Terms of use at https://www.thawte.com/cps (c)06", | 241 EXPECT_EQ("Terms of use at https://www.thawte.com/cps (c)06", |
| 242 issuer.organization_unit_names[0]); | 242 issuer.organization_unit_names[0]); |
| 243 EXPECT_EQ(0U, issuer.domain_components.size()); | 243 EXPECT_EQ(0U, issuer.domain_components.size()); |
| 244 | 244 |
| 245 // Use DoubleT because its epoch is the same on all platforms | 245 // Use DoubleT because its epoch is the same on all platforms |
| 246 const Time& valid_start = thawte_cert->valid_start(); | 246 const Time& valid_start = thawte_cert->valid_start(); |
| 247 EXPECT_EQ(1227052800, valid_start.ToDoubleT()); // Nov 19 00:00:00 2008 GMT | 247 EXPECT_EQ(1227052800, valid_start.ToDoubleT()); // Nov 19 00:00:00 2008 GMT |
| 248 | 248 |
| 249 const Time& valid_expiry = thawte_cert->valid_expiry(); | 249 const Time& valid_expiry = thawte_cert->valid_expiry(); |
| 250 EXPECT_EQ(1263772799, valid_expiry.ToDoubleT()); // Jan 17 23:59:59 2010 GMT | 250 EXPECT_EQ(1263772799, valid_expiry.ToDoubleT()); // Jan 17 23:59:59 2010 GMT |
| 251 | 251 |
| 252 const X509Certificate::Fingerprint& fingerprint = thawte_cert->fingerprint(); | 252 const SHA1Fingerprint& fingerprint = thawte_cert->fingerprint(); |
| 253 for (size_t i = 0; i < 20; ++i) | 253 for (size_t i = 0; i < 20; ++i) |
| 254 EXPECT_EQ(thawte_fingerprint[i], fingerprint.data[i]); | 254 EXPECT_EQ(thawte_fingerprint[i], fingerprint.data[i]); |
| 255 | 255 |
| 256 std::vector<std::string> dns_names; | 256 std::vector<std::string> dns_names; |
| 257 thawte_cert->GetDNSNames(&dns_names); | 257 thawte_cert->GetDNSNames(&dns_names); |
| 258 EXPECT_EQ(1U, dns_names.size()); | 258 EXPECT_EQ(1U, dns_names.size()); |
| 259 EXPECT_EQ("www.thawte.com", dns_names[0]); | 259 EXPECT_EQ("www.thawte.com", dns_names[0]); |
| 260 | 260 |
| 261 #if TEST_EV | 261 #if TEST_EV |
| 262 int flags = X509Certificate::VERIFY_REV_CHECKING_ENABLED | | 262 int flags = X509Certificate::VERIFY_REV_CHECKING_ENABLED | |
| (...skipping 11 matching lines...) Expand all Loading... |
| 274 } | 274 } |
| 275 | 275 |
| 276 TEST(X509CertificateTest, PaypalNullCertParsing) { | 276 TEST(X509CertificateTest, PaypalNullCertParsing) { |
| 277 scoped_refptr<X509Certificate> paypal_null_cert = | 277 scoped_refptr<X509Certificate> paypal_null_cert = |
| 278 X509Certificate::CreateFromBytes( | 278 X509Certificate::CreateFromBytes( |
| 279 reinterpret_cast<const char*>(paypal_null_der), | 279 reinterpret_cast<const char*>(paypal_null_der), |
| 280 sizeof(paypal_null_der)); | 280 sizeof(paypal_null_der)); |
| 281 | 281 |
| 282 ASSERT_NE(static_cast<X509Certificate*>(NULL), paypal_null_cert); | 282 ASSERT_NE(static_cast<X509Certificate*>(NULL), paypal_null_cert); |
| 283 | 283 |
| 284 const X509Certificate::Fingerprint& fingerprint = | 284 const SHA1Fingerprint& fingerprint = |
| 285 paypal_null_cert->fingerprint(); | 285 paypal_null_cert->fingerprint(); |
| 286 for (size_t i = 0; i < 20; ++i) | 286 for (size_t i = 0; i < 20; ++i) |
| 287 EXPECT_EQ(paypal_null_fingerprint[i], fingerprint.data[i]); | 287 EXPECT_EQ(paypal_null_fingerprint[i], fingerprint.data[i]); |
| 288 | 288 |
| 289 int flags = 0; | 289 int flags = 0; |
| 290 CertVerifyResult verify_result; | 290 CertVerifyResult verify_result; |
| 291 int error = paypal_null_cert->Verify("www.paypal.com", flags, | 291 int error = paypal_null_cert->Verify("www.paypal.com", flags, |
| 292 &verify_result); | 292 &verify_result); |
| 293 EXPECT_NE(OK, error); | 293 EXPECT_NE(OK, error); |
| 294 // Either the system crypto library should correctly report a certificate | 294 // Either the system crypto library should correctly report a certificate |
| 295 // name mismatch, or our certificate blacklist should cause us to report an | 295 // name mismatch, or our certificate blacklist should cause us to report an |
| 296 // invalid certificate. | 296 // invalid certificate. |
| 297 #if !defined(OS_MACOSX) | 297 #if !defined(OS_MACOSX) |
| 298 EXPECT_NE(0, verify_result.cert_status & | 298 EXPECT_NE(0, verify_result.cert_status & |
| 299 (CERT_STATUS_COMMON_NAME_INVALID | CERT_STATUS_INVALID)); | 299 (CERT_STATUS_COMMON_NAME_INVALID | CERT_STATUS_INVALID)); |
| 300 #endif | 300 #endif |
| 301 } | 301 } |
| 302 | 302 |
| 303 // A certificate whose AIA extension contains an LDAP URL without a host name. | 303 // A certificate whose AIA extension contains an LDAP URL without a host name. |
| 304 // This certificate will expire on 2011-09-08. | 304 // This certificate will expire on 2011-09-08. |
| 305 TEST(X509CertificateTest, UnoSoftCertParsing) { | 305 TEST(X509CertificateTest, UnoSoftCertParsing) { |
| 306 FilePath certs_dir = GetTestCertsDirectory(); | 306 FilePath certs_dir = GetTestCertsDirectory(); |
| 307 scoped_refptr<X509Certificate> unosoft_hu_cert = | 307 scoped_refptr<X509Certificate> unosoft_hu_cert = |
| 308 ImportCertFromFile(certs_dir, "unosoft_hu_cert.der"); | 308 ImportCertFromFile(certs_dir, "unosoft_hu_cert.der"); |
| 309 | 309 |
| 310 ASSERT_NE(static_cast<X509Certificate*>(NULL), unosoft_hu_cert); | 310 ASSERT_NE(static_cast<X509Certificate*>(NULL), unosoft_hu_cert); |
| 311 | 311 |
| 312 const X509Certificate::Fingerprint& fingerprint = | 312 const SHA1Fingerprint& fingerprint = |
| 313 unosoft_hu_cert->fingerprint(); | 313 unosoft_hu_cert->fingerprint(); |
| 314 for (size_t i = 0; i < 20; ++i) | 314 for (size_t i = 0; i < 20; ++i) |
| 315 EXPECT_EQ(unosoft_hu_fingerprint[i], fingerprint.data[i]); | 315 EXPECT_EQ(unosoft_hu_fingerprint[i], fingerprint.data[i]); |
| 316 | 316 |
| 317 int flags = 0; | 317 int flags = 0; |
| 318 CertVerifyResult verify_result; | 318 CertVerifyResult verify_result; |
| 319 int error = unosoft_hu_cert->Verify("www.unosoft.hu", flags, | 319 int error = unosoft_hu_cert->Verify("www.unosoft.hu", flags, |
| 320 &verify_result); | 320 &verify_result); |
| 321 EXPECT_NE(OK, error); | 321 EXPECT_NE(OK, error); |
| 322 EXPECT_NE(0, verify_result.cert_status & CERT_STATUS_AUTHORITY_INVALID); | 322 EXPECT_NE(0, verify_result.cert_status & CERT_STATUS_AUTHORITY_INVALID); |
| (...skipping 108 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 431 EXPECT_EQ(cert1, cert2); | 431 EXPECT_EQ(cert1, cert2); |
| 432 } | 432 } |
| 433 | 433 |
| 434 TEST(X509CertificateTest, Policy) { | 434 TEST(X509CertificateTest, Policy) { |
| 435 scoped_refptr<X509Certificate> google_cert = X509Certificate::CreateFromBytes( | 435 scoped_refptr<X509Certificate> google_cert = X509Certificate::CreateFromBytes( |
| 436 reinterpret_cast<const char*>(google_der), sizeof(google_der)); | 436 reinterpret_cast<const char*>(google_der), sizeof(google_der)); |
| 437 | 437 |
| 438 scoped_refptr<X509Certificate> webkit_cert = X509Certificate::CreateFromBytes( | 438 scoped_refptr<X509Certificate> webkit_cert = X509Certificate::CreateFromBytes( |
| 439 reinterpret_cast<const char*>(webkit_der), sizeof(webkit_der)); | 439 reinterpret_cast<const char*>(webkit_der), sizeof(webkit_der)); |
| 440 | 440 |
| 441 X509Certificate::Policy policy; | 441 CertPolicy policy; |
| 442 | 442 |
| 443 EXPECT_EQ(policy.Check(google_cert.get()), X509Certificate::Policy::UNKNOWN); | 443 EXPECT_EQ(policy.Check(google_cert.get()), CertPolicy::UNKNOWN); |
| 444 EXPECT_EQ(policy.Check(webkit_cert.get()), X509Certificate::Policy::UNKNOWN); | 444 EXPECT_EQ(policy.Check(webkit_cert.get()), CertPolicy::UNKNOWN); |
| 445 EXPECT_FALSE(policy.HasAllowedCert()); | 445 EXPECT_FALSE(policy.HasAllowedCert()); |
| 446 EXPECT_FALSE(policy.HasDeniedCert()); | 446 EXPECT_FALSE(policy.HasDeniedCert()); |
| 447 | 447 |
| 448 policy.Allow(google_cert.get()); | 448 policy.Allow(google_cert.get()); |
| 449 | 449 |
| 450 EXPECT_EQ(policy.Check(google_cert.get()), X509Certificate::Policy::ALLOWED); | 450 EXPECT_EQ(policy.Check(google_cert.get()), CertPolicy::ALLOWED); |
| 451 EXPECT_EQ(policy.Check(webkit_cert.get()), X509Certificate::Policy::UNKNOWN); | 451 EXPECT_EQ(policy.Check(webkit_cert.get()), CertPolicy::UNKNOWN); |
| 452 EXPECT_TRUE(policy.HasAllowedCert()); | 452 EXPECT_TRUE(policy.HasAllowedCert()); |
| 453 EXPECT_FALSE(policy.HasDeniedCert()); | 453 EXPECT_FALSE(policy.HasDeniedCert()); |
| 454 | 454 |
| 455 policy.Deny(google_cert.get()); | 455 policy.Deny(google_cert.get()); |
| 456 | 456 |
| 457 EXPECT_EQ(policy.Check(google_cert.get()), X509Certificate::Policy::DENIED); | 457 EXPECT_EQ(policy.Check(google_cert.get()), CertPolicy::DENIED); |
| 458 EXPECT_EQ(policy.Check(webkit_cert.get()), X509Certificate::Policy::UNKNOWN); | 458 EXPECT_EQ(policy.Check(webkit_cert.get()), CertPolicy::UNKNOWN); |
| 459 EXPECT_FALSE(policy.HasAllowedCert()); | 459 EXPECT_FALSE(policy.HasAllowedCert()); |
| 460 EXPECT_TRUE(policy.HasDeniedCert()); | 460 EXPECT_TRUE(policy.HasDeniedCert()); |
| 461 | 461 |
| 462 policy.Allow(webkit_cert.get()); | 462 policy.Allow(webkit_cert.get()); |
| 463 | 463 |
| 464 EXPECT_EQ(policy.Check(google_cert.get()), X509Certificate::Policy::DENIED); | 464 EXPECT_EQ(policy.Check(google_cert.get()), CertPolicy::DENIED); |
| 465 EXPECT_EQ(policy.Check(webkit_cert.get()), X509Certificate::Policy::ALLOWED); | 465 EXPECT_EQ(policy.Check(webkit_cert.get()), CertPolicy::ALLOWED); |
| 466 EXPECT_TRUE(policy.HasAllowedCert()); | 466 EXPECT_TRUE(policy.HasAllowedCert()); |
| 467 EXPECT_TRUE(policy.HasDeniedCert()); | 467 EXPECT_TRUE(policy.HasDeniedCert()); |
| 468 } | 468 } |
| 469 | 469 |
| 470 #if defined(OS_MACOSX) || defined(OS_WIN) | 470 #if defined(OS_MACOSX) || defined(OS_WIN) |
| 471 TEST(X509CertificateTest, IntermediateCertificates) { | 471 TEST(X509CertificateTest, IntermediateCertificates) { |
| 472 scoped_refptr<X509Certificate> webkit_cert = | 472 scoped_refptr<X509Certificate> webkit_cert = |
| 473 X509Certificate::CreateFromBytes( | 473 X509Certificate::CreateFromBytes( |
| 474 reinterpret_cast<const char*>(webkit_der), sizeof(webkit_der)); | 474 reinterpret_cast<const char*>(webkit_der), sizeof(webkit_der)); |
| 475 | 475 |
| (...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 522 | 522 |
| 523 // The cache should have returned cert2 'cause it has more intermediates: | 523 // The cache should have returned cert2 'cause it has more intermediates: |
| 524 EXPECT_EQ(cert3, cert2); | 524 EXPECT_EQ(cert3, cert2); |
| 525 | 525 |
| 526 // Cleanup | 526 // Cleanup |
| 527 X509Certificate::FreeOSCertHandle(google_handle); | 527 X509Certificate::FreeOSCertHandle(google_handle); |
| 528 } | 528 } |
| 529 #endif | 529 #endif |
| 530 | 530 |
| 531 } // namespace net | 531 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2815048:
Minor clean-up tasks that were TODO(snej) (Closed)
