OLD | NEW |
---|---|
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "base/file_path.h" | 5 #include "base/file_path.h" |
6 #include "base/file_util.h" | 6 #include "base/file_util.h" |
7 #include "base/path_service.h" | 7 #include "base/path_service.h" |
8 #include "base/pickle.h" | 8 #include "base/pickle.h" |
9 #include "base/sha1.h" | 9 #include "base/sha1.h" |
10 #include "base/string_number_conversions.h" | 10 #include "base/string_number_conversions.h" |
(...skipping 457 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
468 ASSERT_NE(static_cast<X509Certificate*>(NULL), intermediate_cert); | 468 ASSERT_NE(static_cast<X509Certificate*>(NULL), intermediate_cert); |
469 | 469 |
470 FilePath root_cert_path = certs_dir.AppendASCII("dod_root_ca_2_cert.der"); | 470 FilePath root_cert_path = certs_dir.AppendASCII("dod_root_ca_2_cert.der"); |
471 TestRootCerts* root_certs = TestRootCerts::GetInstance(); | 471 TestRootCerts* root_certs = TestRootCerts::GetInstance(); |
472 ASSERT_TRUE(root_certs->AddFromFile(root_cert_path)); | 472 ASSERT_TRUE(root_certs->AddFromFile(root_cert_path)); |
473 | 473 |
474 X509Certificate::OSCertHandles intermediates; | 474 X509Certificate::OSCertHandles intermediates; |
475 intermediates.push_back(intermediate_cert->os_cert_handle()); | 475 intermediates.push_back(intermediate_cert->os_cert_handle()); |
476 scoped_refptr<X509Certificate> cert_chain = | 476 scoped_refptr<X509Certificate> cert_chain = |
477 X509Certificate::CreateFromHandle(server_cert->os_cert_handle(), | 477 X509Certificate::CreateFromHandle(server_cert->os_cert_handle(), |
478 X509Certificate::SOURCE_FROM_NETWORK, | |
479 intermediates); | 478 intermediates); |
480 | 479 |
481 int flags = 0; | 480 int flags = 0; |
482 CertVerifyResult verify_result; | 481 CertVerifyResult verify_result; |
483 int error = cert_chain->Verify("www.us.army.mil", flags, &verify_result); | 482 int error = cert_chain->Verify("www.us.army.mil", flags, &verify_result); |
484 EXPECT_EQ(OK, error); | 483 EXPECT_EQ(OK, error); |
485 EXPECT_EQ(0, verify_result.cert_status); | 484 EXPECT_EQ(0, verify_result.cert_status); |
486 root_certs->Clear(); | 485 root_certs->Clear(); |
487 } | 486 } |
488 | 487 |
(...skipping 14 matching lines...) Expand all Loading... | |
503 ASSERT_NE(static_cast<X509Certificate*>(NULL), server_cert); | 502 ASSERT_NE(static_cast<X509Certificate*>(NULL), server_cert); |
504 | 503 |
505 scoped_refptr<X509Certificate> intermediate_cert = | 504 scoped_refptr<X509Certificate> intermediate_cert = |
506 ImportCertFromFile(certs_dir, "globalsign_ev_sha256_ca_cert.pem"); | 505 ImportCertFromFile(certs_dir, "globalsign_ev_sha256_ca_cert.pem"); |
507 ASSERT_NE(static_cast<X509Certificate*>(NULL), intermediate_cert); | 506 ASSERT_NE(static_cast<X509Certificate*>(NULL), intermediate_cert); |
508 | 507 |
509 X509Certificate::OSCertHandles intermediates; | 508 X509Certificate::OSCertHandles intermediates; |
510 intermediates.push_back(intermediate_cert->os_cert_handle()); | 509 intermediates.push_back(intermediate_cert->os_cert_handle()); |
511 scoped_refptr<X509Certificate> cert_chain = | 510 scoped_refptr<X509Certificate> cert_chain = |
512 X509Certificate::CreateFromHandle(server_cert->os_cert_handle(), | 511 X509Certificate::CreateFromHandle(server_cert->os_cert_handle(), |
513 X509Certificate::SOURCE_FROM_NETWORK, | |
514 intermediates); | 512 intermediates); |
515 | 513 |
516 CertVerifyResult verify_result; | 514 CertVerifyResult verify_result; |
517 int flags = X509Certificate::VERIFY_REV_CHECKING_ENABLED | | 515 int flags = X509Certificate::VERIFY_REV_CHECKING_ENABLED | |
518 X509Certificate::VERIFY_EV_CERT; | 516 X509Certificate::VERIFY_EV_CERT; |
519 int error = cert_chain->Verify("2029.globalsign.com", flags, &verify_result); | 517 int error = cert_chain->Verify("2029.globalsign.com", flags, &verify_result); |
520 if (error == OK) | 518 if (error == OK) |
521 EXPECT_NE(0, verify_result.cert_status & CERT_STATUS_IS_EV); | 519 EXPECT_NE(0, verify_result.cert_status & CERT_STATUS_IS_EV); |
522 else | 520 else |
523 EXPECT_EQ(ERR_CERT_DATE_INVALID, error); | 521 EXPECT_EQ(ERR_CERT_DATE_INVALID, error); |
524 } | 522 } |
525 | 523 |
526 TEST(X509CertificateTest, TestKnownRoot) { | 524 TEST(X509CertificateTest, TestKnownRoot) { |
527 FilePath certs_dir = GetTestCertsDirectory(); | 525 FilePath certs_dir = GetTestCertsDirectory(); |
528 scoped_refptr<X509Certificate> cert = | 526 scoped_refptr<X509Certificate> cert = |
529 ImportCertFromFile(certs_dir, "nist.der"); | 527 ImportCertFromFile(certs_dir, "nist.der"); |
530 ASSERT_NE(static_cast<X509Certificate*>(NULL), cert); | 528 ASSERT_NE(static_cast<X509Certificate*>(NULL), cert); |
531 | 529 |
532 // This intermediate is only needed for old Linux machines. Modern NSS | 530 // This intermediate is only needed for old Linux machines. Modern NSS |
533 // includes it as a root already. | 531 // includes it as a root already. |
534 scoped_refptr<X509Certificate> intermediate_cert = | 532 scoped_refptr<X509Certificate> intermediate_cert = |
535 ImportCertFromFile(certs_dir, "nist_intermediate.der"); | 533 ImportCertFromFile(certs_dir, "nist_intermediate.der"); |
536 ASSERT_NE(static_cast<X509Certificate*>(NULL), intermediate_cert); | 534 ASSERT_NE(static_cast<X509Certificate*>(NULL), intermediate_cert); |
537 | 535 |
538 X509Certificate::OSCertHandles intermediates; | 536 X509Certificate::OSCertHandles intermediates; |
539 intermediates.push_back(intermediate_cert->os_cert_handle()); | 537 intermediates.push_back(intermediate_cert->os_cert_handle()); |
540 scoped_refptr<X509Certificate> cert_chain = | 538 scoped_refptr<X509Certificate> cert_chain = |
541 X509Certificate::CreateFromHandle(cert->os_cert_handle(), | 539 X509Certificate::CreateFromHandle(cert->os_cert_handle(), |
542 X509Certificate::SOURCE_FROM_NETWORK, | |
543 intermediates); | 540 intermediates); |
544 | 541 |
545 int flags = 0; | 542 int flags = 0; |
546 CertVerifyResult verify_result; | 543 CertVerifyResult verify_result; |
547 // This is going to blow up in Feb 2012. Sorry! Disable and file a bug | 544 // This is going to blow up in Feb 2012. Sorry! Disable and file a bug |
548 // against agl. Also see PublicKeyHashes in this file. | 545 // against agl. Also see PublicKeyHashes in this file. |
549 int error = cert_chain->Verify("www.nist.gov", flags, &verify_result); | 546 int error = cert_chain->Verify("www.nist.gov", flags, &verify_result); |
550 EXPECT_EQ(OK, error); | 547 EXPECT_EQ(OK, error); |
551 EXPECT_EQ(0, verify_result.cert_status); | 548 EXPECT_EQ(0, verify_result.cert_status); |
552 EXPECT_TRUE(verify_result.is_issued_by_known_root); | 549 EXPECT_TRUE(verify_result.is_issued_by_known_root); |
(...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
608 scoped_refptr<X509Certificate> intermediate_cert = | 605 scoped_refptr<X509Certificate> intermediate_cert = |
609 ImportCertFromFile(certs_dir, "nist_intermediate.der"); | 606 ImportCertFromFile(certs_dir, "nist_intermediate.der"); |
610 ASSERT_NE(static_cast<X509Certificate*>(NULL), intermediate_cert); | 607 ASSERT_NE(static_cast<X509Certificate*>(NULL), intermediate_cert); |
611 | 608 |
612 TestRootCerts::GetInstance()->Add(intermediate_cert.get()); | 609 TestRootCerts::GetInstance()->Add(intermediate_cert.get()); |
613 | 610 |
614 X509Certificate::OSCertHandles intermediates; | 611 X509Certificate::OSCertHandles intermediates; |
615 intermediates.push_back(intermediate_cert->os_cert_handle()); | 612 intermediates.push_back(intermediate_cert->os_cert_handle()); |
616 scoped_refptr<X509Certificate> cert_chain = | 613 scoped_refptr<X509Certificate> cert_chain = |
617 X509Certificate::CreateFromHandle(cert->os_cert_handle(), | 614 X509Certificate::CreateFromHandle(cert->os_cert_handle(), |
618 X509Certificate::SOURCE_FROM_NETWORK, | |
619 intermediates); | 615 intermediates); |
620 | 616 |
621 int flags = 0; | 617 int flags = 0; |
622 CertVerifyResult verify_result; | 618 CertVerifyResult verify_result; |
623 | 619 |
624 int error = cert_chain->Verify("www.nist.gov", flags, &verify_result); | 620 int error = cert_chain->Verify("www.nist.gov", flags, &verify_result); |
625 EXPECT_EQ(OK, error); | 621 EXPECT_EQ(OK, error); |
626 EXPECT_EQ(0, verify_result.cert_status); | 622 EXPECT_EQ(0, verify_result.cert_status); |
627 ASSERT_LE(2u, verify_result.public_key_hashes.size()); | 623 ASSERT_LE(2u, verify_result.public_key_hashes.size()); |
628 EXPECT_EQ(HexEncode(nistSPKIHash, base::SHA1_LENGTH), | 624 EXPECT_EQ(HexEncode(nistSPKIHash, base::SHA1_LENGTH), |
(...skipping 27 matching lines...) Expand all Loading... | |
656 EXPECT_NE(0, verify_result.cert_status & CERT_STATUS_INVALID); | 652 EXPECT_NE(0, verify_result.cert_status & CERT_STATUS_INVALID); |
657 #endif | 653 #endif |
658 // TODO(wtc): fix http://crbug.com/75520 to get all the certificate errors | 654 // TODO(wtc): fix http://crbug.com/75520 to get all the certificate errors |
659 // from NSS. | 655 // from NSS. |
660 #if !defined(USE_NSS) | 656 #if !defined(USE_NSS) |
661 // The certificate is issued by an unknown CA. | 657 // The certificate is issued by an unknown CA. |
662 EXPECT_NE(0, verify_result.cert_status & CERT_STATUS_AUTHORITY_INVALID); | 658 EXPECT_NE(0, verify_result.cert_status & CERT_STATUS_AUTHORITY_INVALID); |
663 #endif | 659 #endif |
664 } | 660 } |
665 | 661 |
666 // Tests X509Certificate::Cache via X509Certificate::CreateFromHandle. We | 662 // Tests X509CertificateCache via X509Certificate::CreateFromHandle. We |
667 // call X509Certificate::CreateFromHandle several times and observe whether | 663 // call X509Certificate::CreateFromHandle several times and observe whether |
668 // it returns a cached or new X509Certificate object. | 664 // it returns a cached or new X509Certificate object. |
wtc
2011/07/17 01:55:32
The second sentence of this paragraph should be re
| |
669 // | 665 // |
670 // All the OS certificate handles in this test are actually from the same | 666 // All the OS certificate handles in this test are actually from the same |
671 // source (the bytes of a lone certificate), but we pretend that some of them | 667 // source (the bytes of a lone certificate), but we pretend that some of them |
672 // come from the network. | 668 // come from the network. |
wtc
2011/07/17 01:55:32
Delete this paragraph.
| |
673 TEST(X509CertificateTest, Cache) { | 669 TEST(X509CertificateTest, Cache) { |
674 X509Certificate::OSCertHandle google_cert_handle; | 670 X509Certificate::OSCertHandle google_cert_handle; |
671 X509Certificate::OSCertHandle thawte_cert_handle; | |
675 | 672 |
676 // Add a certificate from the source SOURCE_LONE_CERT_IMPORT to our | 673 // Add a single certificate to the certificate cache. |
677 // certificate cache. | |
678 google_cert_handle = X509Certificate::CreateOSCertHandleFromBytes( | 674 google_cert_handle = X509Certificate::CreateOSCertHandleFromBytes( |
679 reinterpret_cast<const char*>(google_der), sizeof(google_der)); | 675 reinterpret_cast<const char*>(google_der), sizeof(google_der)); |
680 scoped_refptr<X509Certificate> cert1(X509Certificate::CreateFromHandle( | 676 scoped_refptr<X509Certificate> cert1(X509Certificate::CreateFromHandle( |
681 google_cert_handle, X509Certificate::SOURCE_LONE_CERT_IMPORT, | 677 google_cert_handle, X509Certificate::OSCertHandles())); |
682 X509Certificate::OSCertHandles())); | |
683 X509Certificate::FreeOSCertHandle(google_cert_handle); | 678 X509Certificate::FreeOSCertHandle(google_cert_handle); |
684 | 679 |
685 // Add a certificate from the same source (SOURCE_LONE_CERT_IMPORT). This | 680 // Add the same certificate, but as a new handle. |
wtc
2011/07/17 01:55:32
Note: NSS should return the same handle here.
| |
686 // should return the cached certificate (cert1). | |
687 google_cert_handle = X509Certificate::CreateOSCertHandleFromBytes( | 681 google_cert_handle = X509Certificate::CreateOSCertHandleFromBytes( |
688 reinterpret_cast<const char*>(google_der), sizeof(google_der)); | 682 reinterpret_cast<const char*>(google_der), sizeof(google_der)); |
689 scoped_refptr<X509Certificate> cert2(X509Certificate::CreateFromHandle( | 683 scoped_refptr<X509Certificate> cert2(X509Certificate::CreateFromHandle( |
690 google_cert_handle, X509Certificate::SOURCE_LONE_CERT_IMPORT, | 684 google_cert_handle, X509Certificate::OSCertHandles())); |
691 X509Certificate::OSCertHandles())); | |
692 X509Certificate::FreeOSCertHandle(google_cert_handle); | 685 X509Certificate::FreeOSCertHandle(google_cert_handle); |
693 | 686 |
694 EXPECT_EQ(cert1, cert2); | 687 // A new X509Certificate should be returned. |
688 EXPECT_NE(cert1.get(), cert2.get()); | |
689 // But both instances should share the underlying OS certificate handle. | |
690 EXPECT_EQ(cert1->os_cert_handle(), cert2->os_cert_handle()); | |
691 EXPECT_TRUE(cert1->HasIntermediateCertificates( | |
692 cert2->GetIntermediateCertificates())); | |
wtc
2011/07/17 01:55:32
Since cert1 and cert2 don't have intermediate CA c
| |
695 | 693 |
696 // Add a certificate from the network. This should kick out the original | 694 // Add the same certificate, but this time with an intermediate. This |
697 // cached certificate (cert1) and return a new certificate. | 695 // should result in the intermediate being cached. Note that this is not |
696 // a legitimate chain, but is suitable for testing. | |
698 google_cert_handle = X509Certificate::CreateOSCertHandleFromBytes( | 697 google_cert_handle = X509Certificate::CreateOSCertHandleFromBytes( |
699 reinterpret_cast<const char*>(google_der), sizeof(google_der)); | 698 reinterpret_cast<const char*>(google_der), sizeof(google_der)); |
699 thawte_cert_handle = X509Certificate::CreateOSCertHandleFromBytes( | |
700 reinterpret_cast<const char*>(thawte_der), sizeof(thawte_der)); | |
701 X509Certificate::OSCertHandles intermediates; | |
702 intermediates.push_back(thawte_cert_handle); | |
700 scoped_refptr<X509Certificate> cert3(X509Certificate::CreateFromHandle( | 703 scoped_refptr<X509Certificate> cert3(X509Certificate::CreateFromHandle( |
701 google_cert_handle, X509Certificate::SOURCE_FROM_NETWORK, | 704 google_cert_handle, intermediates)); |
702 X509Certificate::OSCertHandles())); | |
703 X509Certificate::FreeOSCertHandle(google_cert_handle); | 705 X509Certificate::FreeOSCertHandle(google_cert_handle); |
706 X509Certificate::FreeOSCertHandle(thawte_cert_handle); | |
704 | 707 |
705 EXPECT_NE(cert1, cert3); | 708 // Test that the new certificate, even with intermediates, results in the |
706 | 709 // same underlying handle being used. |
707 // Add one certificate from each source. Both should return the new cached | 710 EXPECT_EQ(cert1->os_cert_handle(), cert3->os_cert_handle()); |
708 // certificate (cert3). | 711 // Though they use the same OS handle, the intermediates should be different. |
709 google_cert_handle = X509Certificate::CreateOSCertHandleFromBytes( | 712 EXPECT_FALSE(cert1->HasIntermediateCertificates( |
710 reinterpret_cast<const char*>(google_der), sizeof(google_der)); | 713 cert3->GetIntermediateCertificates())); |
711 scoped_refptr<X509Certificate> cert4(X509Certificate::CreateFromHandle( | |
712 google_cert_handle, X509Certificate::SOURCE_FROM_NETWORK, | |
713 X509Certificate::OSCertHandles())); | |
714 X509Certificate::FreeOSCertHandle(google_cert_handle); | |
715 | |
716 EXPECT_EQ(cert3, cert4); | |
717 | |
718 google_cert_handle = X509Certificate::CreateOSCertHandleFromBytes( | |
719 reinterpret_cast<const char*>(google_der), sizeof(google_der)); | |
720 scoped_refptr<X509Certificate> cert5(X509Certificate::CreateFromHandle( | |
721 google_cert_handle, X509Certificate::SOURCE_FROM_NETWORK, | |
722 X509Certificate::OSCertHandles())); | |
723 X509Certificate::FreeOSCertHandle(google_cert_handle); | |
724 | |
725 EXPECT_EQ(cert3, cert5); | |
726 } | 714 } |
727 | 715 |
728 TEST(X509CertificateTest, Pickle) { | 716 TEST(X509CertificateTest, Pickle) { |
729 X509Certificate::OSCertHandle google_cert_handle = | 717 X509Certificate::OSCertHandle google_cert_handle = |
730 X509Certificate::CreateOSCertHandleFromBytes( | 718 X509Certificate::CreateOSCertHandleFromBytes( |
731 reinterpret_cast<const char*>(google_der), sizeof(google_der)); | 719 reinterpret_cast<const char*>(google_der), sizeof(google_der)); |
732 X509Certificate::OSCertHandle thawte_cert_handle = | 720 X509Certificate::OSCertHandle thawte_cert_handle = |
733 X509Certificate::CreateOSCertHandleFromBytes( | 721 X509Certificate::CreateOSCertHandleFromBytes( |
734 reinterpret_cast<const char*>(thawte_der), sizeof(thawte_der)); | 722 reinterpret_cast<const char*>(thawte_der), sizeof(thawte_der)); |
735 | 723 |
736 X509Certificate::OSCertHandles intermediates; | 724 X509Certificate::OSCertHandles intermediates; |
737 intermediates.push_back(thawte_cert_handle); | 725 intermediates.push_back(thawte_cert_handle); |
738 // Faking SOURCE_LONE_CERT_IMPORT so that when the pickled certificate is | |
739 // read, it successfully evicts |cert| from the X509Certificate::Cache. | |
740 // This will be fixed when http://crbug.com/49377 is fixed. | |
741 scoped_refptr<X509Certificate> cert = X509Certificate::CreateFromHandle( | 726 scoped_refptr<X509Certificate> cert = X509Certificate::CreateFromHandle( |
742 google_cert_handle, | 727 google_cert_handle, intermediates); |
743 X509Certificate::SOURCE_LONE_CERT_IMPORT, | |
744 intermediates); | |
745 ASSERT_NE(static_cast<X509Certificate*>(NULL), cert.get()); | 728 ASSERT_NE(static_cast<X509Certificate*>(NULL), cert.get()); |
746 | 729 |
747 X509Certificate::FreeOSCertHandle(google_cert_handle); | 730 X509Certificate::FreeOSCertHandle(google_cert_handle); |
748 X509Certificate::FreeOSCertHandle(thawte_cert_handle); | 731 X509Certificate::FreeOSCertHandle(thawte_cert_handle); |
749 | 732 |
750 Pickle pickle; | 733 Pickle pickle; |
751 cert->Persist(&pickle); | 734 cert->Persist(&pickle); |
752 | 735 |
753 void* iter = NULL; | 736 void* iter = NULL; |
754 scoped_refptr<X509Certificate> cert_from_pickle = | 737 scoped_refptr<X509Certificate> cert_from_pickle = |
755 X509Certificate::CreateFromPickle( | 738 X509Certificate::CreateFromPickle( |
756 pickle, &iter, X509Certificate::PICKLETYPE_CERTIFICATE_CHAIN); | 739 pickle, &iter, X509Certificate::PICKLETYPE_CERTIFICATE_CHAIN); |
757 ASSERT_NE(static_cast<X509Certificate*>(NULL), cert_from_pickle); | 740 ASSERT_NE(static_cast<X509Certificate*>(NULL), cert_from_pickle); |
758 EXPECT_NE(cert.get(), cert_from_pickle.get()); | 741 EXPECT_NE(cert.get(), cert_from_pickle.get()); |
wtc
2011/07/17 01:55:32
Consider removing this check, irrelevant in the ne
| |
759 EXPECT_TRUE(X509Certificate::IsSameOSCert( | 742 EXPECT_TRUE(X509Certificate::IsSameOSCert( |
760 cert->os_cert_handle(), cert_from_pickle->os_cert_handle())); | 743 cert->os_cert_handle(), cert_from_pickle->os_cert_handle())); |
761 EXPECT_TRUE(cert->HasIntermediateCertificates( | 744 EXPECT_TRUE(cert->HasIntermediateCertificates( |
762 cert_from_pickle->GetIntermediateCertificates())); | 745 cert_from_pickle->GetIntermediateCertificates())); |
763 } | 746 } |
764 | 747 |
765 TEST(X509CertificateTest, Policy) { | 748 TEST(X509CertificateTest, Policy) { |
766 scoped_refptr<X509Certificate> google_cert(X509Certificate::CreateFromBytes( | 749 scoped_refptr<X509Certificate> google_cert(X509Certificate::CreateFromBytes( |
767 reinterpret_cast<const char*>(google_der), sizeof(google_der))); | 750 reinterpret_cast<const char*>(google_der), sizeof(google_der))); |
768 | 751 |
(...skipping 22 matching lines...) Expand all Loading... | |
791 EXPECT_TRUE(policy.HasDeniedCert()); | 774 EXPECT_TRUE(policy.HasDeniedCert()); |
792 | 775 |
793 policy.Allow(webkit_cert.get()); | 776 policy.Allow(webkit_cert.get()); |
794 | 777 |
795 EXPECT_EQ(policy.Check(google_cert.get()), CertPolicy::DENIED); | 778 EXPECT_EQ(policy.Check(google_cert.get()), CertPolicy::DENIED); |
796 EXPECT_EQ(policy.Check(webkit_cert.get()), CertPolicy::ALLOWED); | 779 EXPECT_EQ(policy.Check(webkit_cert.get()), CertPolicy::ALLOWED); |
797 EXPECT_TRUE(policy.HasAllowedCert()); | 780 EXPECT_TRUE(policy.HasAllowedCert()); |
798 EXPECT_TRUE(policy.HasDeniedCert()); | 781 EXPECT_TRUE(policy.HasDeniedCert()); |
799 } | 782 } |
800 | 783 |
801 #if defined(OS_MACOSX) || defined(OS_WIN) | |
802 TEST(X509CertificateTest, IntermediateCertificates) { | 784 TEST(X509CertificateTest, IntermediateCertificates) { |
803 scoped_refptr<X509Certificate> webkit_cert( | 785 scoped_refptr<X509Certificate> webkit_cert( |
804 X509Certificate::CreateFromBytes( | 786 X509Certificate::CreateFromBytes( |
805 reinterpret_cast<const char*>(webkit_der), sizeof(webkit_der))); | 787 reinterpret_cast<const char*>(webkit_der), sizeof(webkit_der))); |
806 | 788 |
807 scoped_refptr<X509Certificate> thawte_cert( | 789 scoped_refptr<X509Certificate> thawte_cert( |
808 X509Certificate::CreateFromBytes( | 790 X509Certificate::CreateFromBytes( |
809 reinterpret_cast<const char*>(thawte_der), sizeof(thawte_der))); | 791 reinterpret_cast<const char*>(thawte_der), sizeof(thawte_der))); |
810 | 792 |
811 scoped_refptr<X509Certificate> paypal_cert( | 793 scoped_refptr<X509Certificate> paypal_cert( |
812 X509Certificate::CreateFromBytes( | 794 X509Certificate::CreateFromBytes( |
813 reinterpret_cast<const char*>(paypal_null_der), | 795 reinterpret_cast<const char*>(paypal_null_der), |
814 sizeof(paypal_null_der))); | 796 sizeof(paypal_null_der))); |
815 | 797 |
816 X509Certificate::OSCertHandle google_handle; | 798 X509Certificate::OSCertHandle google_handle; |
817 // Create object with no intermediates: | 799 // Create object with no intermediates: |
818 google_handle = X509Certificate::CreateOSCertHandleFromBytes( | 800 google_handle = X509Certificate::CreateOSCertHandleFromBytes( |
819 reinterpret_cast<const char*>(google_der), sizeof(google_der)); | 801 reinterpret_cast<const char*>(google_der), sizeof(google_der)); |
820 X509Certificate::OSCertHandles intermediates1; | 802 X509Certificate::OSCertHandles intermediates1; |
821 scoped_refptr<X509Certificate> cert1; | 803 scoped_refptr<X509Certificate> cert1; |
822 cert1 = X509Certificate::CreateFromHandle( | 804 cert1 = X509Certificate::CreateFromHandle(google_handle, intermediates1); |
823 google_handle, X509Certificate::SOURCE_FROM_NETWORK, intermediates1); | |
824 EXPECT_TRUE(cert1->HasIntermediateCertificates(intermediates1)); | 805 EXPECT_TRUE(cert1->HasIntermediateCertificates(intermediates1)); |
825 EXPECT_FALSE(cert1->HasIntermediateCertificate( | 806 EXPECT_FALSE(cert1->HasIntermediateCertificate( |
826 webkit_cert->os_cert_handle())); | 807 webkit_cert->os_cert_handle())); |
827 | 808 |
828 // Create object with 2 intermediates: | 809 // Create object with 2 intermediates: |
829 X509Certificate::OSCertHandles intermediates2; | 810 X509Certificate::OSCertHandles intermediates2; |
830 intermediates2.push_back(webkit_cert->os_cert_handle()); | 811 intermediates2.push_back(webkit_cert->os_cert_handle()); |
831 intermediates2.push_back(thawte_cert->os_cert_handle()); | 812 intermediates2.push_back(thawte_cert->os_cert_handle()); |
832 scoped_refptr<X509Certificate> cert2; | 813 scoped_refptr<X509Certificate> cert2; |
833 cert2 = X509Certificate::CreateFromHandle( | 814 cert2 = X509Certificate::CreateFromHandle(google_handle, intermediates2); |
834 google_handle, X509Certificate::SOURCE_FROM_NETWORK, intermediates2); | |
835 | 815 |
836 // The cache should have stored cert2 'cause it has more intermediates: | 816 // The cache should have stored cert2 'cause it has more intermediates: |
837 EXPECT_NE(cert1, cert2); | 817 EXPECT_NE(cert1, cert2); |
wtc
2011/07/17 01:55:32
Delete this comment and check, just like you delet
| |
838 | 818 |
839 // Verify it has all the intermediates: | 819 // Verify it has all the intermediates: |
840 EXPECT_TRUE(cert2->HasIntermediateCertificate( | 820 EXPECT_TRUE(cert2->HasIntermediateCertificate( |
841 webkit_cert->os_cert_handle())); | 821 webkit_cert->os_cert_handle())); |
842 EXPECT_TRUE(cert2->HasIntermediateCertificate( | 822 EXPECT_TRUE(cert2->HasIntermediateCertificate( |
843 thawte_cert->os_cert_handle())); | 823 thawte_cert->os_cert_handle())); |
844 EXPECT_FALSE(cert2->HasIntermediateCertificate( | 824 EXPECT_FALSE(cert2->HasIntermediateCertificate( |
845 paypal_cert->os_cert_handle())); | 825 paypal_cert->os_cert_handle())); |
846 | 826 |
847 // Create object with 1 intermediate: | |
848 X509Certificate::OSCertHandles intermediates3; | |
849 intermediates2.push_back(thawte_cert->os_cert_handle()); | |
850 scoped_refptr<X509Certificate> cert3; | |
851 cert3 = X509Certificate::CreateFromHandle( | |
852 google_handle, X509Certificate::SOURCE_FROM_NETWORK, intermediates3); | |
853 | |
854 // The cache should have returned cert2 'cause it has more intermediates: | |
855 EXPECT_EQ(cert3, cert2); | |
856 | |
857 // Cleanup | 827 // Cleanup |
858 X509Certificate::FreeOSCertHandle(google_handle); | 828 X509Certificate::FreeOSCertHandle(google_handle); |
859 } | 829 } |
860 #endif | |
861 | 830 |
862 #if defined(OS_MACOSX) | 831 #if defined(OS_MACOSX) |
863 TEST(X509CertificateTest, IsIssuedBy) { | 832 TEST(X509CertificateTest, IsIssuedBy) { |
864 FilePath certs_dir = GetTestCertsDirectory(); | 833 FilePath certs_dir = GetTestCertsDirectory(); |
865 | 834 |
866 // Test a client certificate from MIT. | 835 // Test a client certificate from MIT. |
867 scoped_refptr<X509Certificate> mit_davidben_cert( | 836 scoped_refptr<X509Certificate> mit_davidben_cert( |
868 ImportCertFromFile(certs_dir, "mit.davidben.der")); | 837 ImportCertFromFile(certs_dir, "mit.davidben.der")); |
869 ASSERT_NE(static_cast<X509Certificate*>(NULL), mit_davidben_cert); | 838 ASSERT_NE(static_cast<X509Certificate*>(NULL), mit_davidben_cert); |
870 | 839 |
(...skipping 297 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1168 EXPECT_EQ(test_data.expected, | 1137 EXPECT_EQ(test_data.expected, |
1169 X509Certificate::VerifyHostname(test_data.hostname, cert_names)) | 1138 X509Certificate::VerifyHostname(test_data.hostname, cert_names)) |
1170 << "Host [" << test_data.hostname | 1139 << "Host [" << test_data.hostname |
1171 << "], cert name [" << test_data.cert_names << "]"; | 1140 << "], cert name [" << test_data.cert_names << "]"; |
1172 } | 1141 } |
1173 | 1142 |
1174 INSTANTIATE_TEST_CASE_P(, X509CertificateNameVerifyTest, | 1143 INSTANTIATE_TEST_CASE_P(, X509CertificateNameVerifyTest, |
1175 testing::ValuesIn(kNameVerifyTestData)); | 1144 testing::ValuesIn(kNameVerifyTestData)); |
1176 | 1145 |
1177 } // namespace net | 1146 } // namespace net |
OLD | NEW |