OLD | NEW |
1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "base/file_path.h" | 5 #include "base/file_path.h" |
6 #include "base/file_util.h" | 6 #include "base/file_util.h" |
7 #include "base/path_service.h" | 7 #include "base/path_service.h" |
8 #include "base/pickle.h" | 8 #include "base/pickle.h" |
9 #include "net/base/cert_status_flags.h" | 9 #include "net/base/cert_status_flags.h" |
10 #include "net/base/cert_test_util.h" | |
11 #include "net/base/cert_verify_result.h" | 10 #include "net/base/cert_verify_result.h" |
12 #include "net/base/net_errors.h" | 11 #include "net/base/net_errors.h" |
| 12 #include "net/base/temporary_root_certs.h" |
13 #include "net/base/test_certificate_data.h" | 13 #include "net/base/test_certificate_data.h" |
14 #include "net/base/x509_certificate.h" | 14 #include "net/base/x509_certificate.h" |
15 #include "testing/gtest/include/gtest/gtest.h" | 15 #include "testing/gtest/include/gtest/gtest.h" |
16 | 16 |
17 // Unit tests aren't allowed to access external resources. Unfortunately, to | 17 // Unit tests aren't allowed to access external resources. Unfortunately, to |
18 // properly verify the EV-ness of a cert, we need to check for its revocation | 18 // properly verify the EV-ness of a cert, we need to check for its revocation |
19 // through online servers. If you're manually running unit tests, feel free to | 19 // through online servers. If you're manually running unit tests, feel free to |
20 // turn this on to test EV certs. But leave it turned off for the automated | 20 // turn this on to test EV certs. But leave it turned off for the automated |
21 // testing. | 21 // testing. |
22 #define ALLOW_EXTERNAL_ACCESS 0 | 22 #define ALLOW_EXTERNAL_ACCESS 0 |
(...skipping 397 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
420 EXPECT_EQ(unosoft_hu_fingerprint[i], fingerprint.data[i]); | 420 EXPECT_EQ(unosoft_hu_fingerprint[i], fingerprint.data[i]); |
421 | 421 |
422 int flags = 0; | 422 int flags = 0; |
423 CertVerifyResult verify_result; | 423 CertVerifyResult verify_result; |
424 int error = unosoft_hu_cert->Verify("www.unosoft.hu", flags, | 424 int error = unosoft_hu_cert->Verify("www.unosoft.hu", flags, |
425 &verify_result); | 425 &verify_result); |
426 EXPECT_NE(OK, error); | 426 EXPECT_NE(OK, error); |
427 EXPECT_NE(0, verify_result.cert_status & CERT_STATUS_AUTHORITY_INVALID); | 427 EXPECT_NE(0, verify_result.cert_status & CERT_STATUS_AUTHORITY_INVALID); |
428 } | 428 } |
429 | 429 |
430 #if defined(USE_NSS) || defined(USE_OPENSSL) | |
431 // A regression test for http://crbug.com/31497. | 430 // A regression test for http://crbug.com/31497. |
432 // This certificate will expire on 2012-04-08. | 431 // This certificate will expire on 2012-04-08. |
433 // TODO(wtc): we can't run this test on Mac because MacTrustedCertificates | |
434 // can hold only one additional trusted root certificate for unit tests. | |
435 // TODO(wtc): we can't run this test on Windows because LoadTemporaryRootCert | |
436 // isn't implemented (http//crbug.com/8470). | |
437 TEST(X509CertificateTest, IntermediateCARequireExplicitPolicy) { | 432 TEST(X509CertificateTest, IntermediateCARequireExplicitPolicy) { |
438 FilePath certs_dir = GetTestCertsDirectory(); | 433 FilePath certs_dir = GetTestCertsDirectory(); |
439 | 434 |
440 scoped_refptr<X509Certificate> server_cert = | 435 scoped_refptr<X509Certificate> server_cert = |
441 ImportCertFromFile(certs_dir, "www_us_army_mil_cert.der"); | 436 ImportCertFromFile(certs_dir, "www_us_army_mil_cert.der"); |
442 ASSERT_NE(static_cast<X509Certificate*>(NULL), server_cert); | 437 ASSERT_NE(static_cast<X509Certificate*>(NULL), server_cert); |
443 | 438 |
444 // The intermediate CA certificate's policyConstraints extension has a | 439 // The intermediate CA certificate's policyConstraints extension has a |
445 // requireExplicitPolicy field with SkipCerts=0. | 440 // requireExplicitPolicy field with SkipCerts=0. |
446 scoped_refptr<X509Certificate> intermediate_cert = | 441 scoped_refptr<X509Certificate> intermediate_cert = |
447 ImportCertFromFile(certs_dir, "dod_ca_17_cert.der"); | 442 ImportCertFromFile(certs_dir, "dod_ca_17_cert.der"); |
448 ASSERT_NE(static_cast<X509Certificate*>(NULL), intermediate_cert); | 443 ASSERT_NE(static_cast<X509Certificate*>(NULL), intermediate_cert); |
449 | 444 |
450 FilePath root_cert_path = certs_dir.AppendASCII("dod_root_ca_2_cert.der"); | 445 FilePath root_cert_path = certs_dir.AppendASCII("dod_root_ca_2_cert.der"); |
451 scoped_refptr<X509Certificate> root_cert = | 446 TemporaryRootCerts* root_certs = TemporaryRootCerts::GetInstance(); |
452 LoadTemporaryRootCert(root_cert_path); | 447 ASSERT_TRUE(root_certs->AddFromFile(root_cert_path)); |
453 ASSERT_NE(static_cast<X509Certificate*>(NULL), root_cert); | |
454 | 448 |
455 X509Certificate::OSCertHandles intermediates; | 449 X509Certificate::OSCertHandles intermediates; |
456 intermediates.push_back(intermediate_cert->os_cert_handle()); | 450 intermediates.push_back(intermediate_cert->os_cert_handle()); |
457 scoped_refptr<X509Certificate> cert_chain = | 451 scoped_refptr<X509Certificate> cert_chain = |
458 X509Certificate::CreateFromHandle(server_cert->os_cert_handle(), | 452 X509Certificate::CreateFromHandle(server_cert->os_cert_handle(), |
459 X509Certificate::SOURCE_FROM_NETWORK, | 453 X509Certificate::SOURCE_FROM_NETWORK, |
460 intermediates); | 454 intermediates); |
461 | 455 |
462 int flags = 0; | 456 int flags = 0; |
463 CertVerifyResult verify_result; | 457 CertVerifyResult verify_result; |
464 int error = cert_chain->Verify("www.us.army.mil", flags, &verify_result); | 458 int error = cert_chain->Verify("www.us.army.mil", flags, &verify_result); |
465 EXPECT_EQ(OK, error); | 459 EXPECT_EQ(OK, error); |
466 EXPECT_EQ(0, verify_result.cert_status); | 460 EXPECT_EQ(0, verify_result.cert_status); |
| 461 root_certs->RemoveFromFile(root_cert_path); |
467 } | 462 } |
468 #endif | |
469 | 463 |
470 // Tests X509Certificate::Cache via X509Certificate::CreateFromHandle. We | 464 // Tests X509Certificate::Cache via X509Certificate::CreateFromHandle. We |
471 // call X509Certificate::CreateFromHandle several times and observe whether | 465 // call X509Certificate::CreateFromHandle several times and observe whether |
472 // it returns a cached or new X509Certificate object. | 466 // it returns a cached or new X509Certificate object. |
473 // | 467 // |
474 // All the OS certificate handles in this test are actually from the same | 468 // All the OS certificate handles in this test are actually from the same |
475 // source (the bytes of a lone certificate), but we pretend that some of them | 469 // source (the bytes of a lone certificate), but we pretend that some of them |
476 // come from the network. | 470 // come from the network. |
477 TEST(X509CertificateTest, Cache) { | 471 TEST(X509CertificateTest, Cache) { |
478 X509Certificate::OSCertHandle google_cert_handle; | 472 X509Certificate::OSCertHandle google_cert_handle; |
(...skipping 250 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
729 | 723 |
730 for (size_t j = 0; j < 20; ++j) | 724 for (size_t j = 0; j < 20; ++j) |
731 EXPECT_EQ(expected_fingerprint[j], actual_fingerprint.data[j]); | 725 EXPECT_EQ(expected_fingerprint[j], actual_fingerprint.data[j]); |
732 } | 726 } |
733 } | 727 } |
734 | 728 |
735 INSTANTIATE_TEST_CASE_P(, X509CertificateParseTest, | 729 INSTANTIATE_TEST_CASE_P(, X509CertificateParseTest, |
736 testing::ValuesIn(FormatTestData)); | 730 testing::ValuesIn(FormatTestData)); |
737 | 731 |
738 } // namespace net | 732 } // namespace net |
OLD | NEW |