OLD | NEW |
1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "base/file_path.h" | 5 #include "base/file_path.h" |
6 #include "base/file_util.h" | 6 #include "base/file_util.h" |
7 #include "base/path_service.h" | 7 #include "base/path_service.h" |
8 #include "base/pickle.h" | 8 #include "base/pickle.h" |
9 #include "net/base/cert_status_flags.h" | 9 #include "net/base/cert_status_flags.h" |
10 #include "net/base/cert_test_util.h" | 10 #include "net/base/cert_test_util.h" |
11 #include "net/base/cert_verify_result.h" | 11 #include "net/base/cert_verify_result.h" |
12 #include "net/base/net_errors.h" | 12 #include "net/base/net_errors.h" |
13 #include "net/base/test_certificate_data.h" | 13 #include "net/base/test_certificate_data.h" |
| 14 #include "net/base/test_root_certs.h" |
14 #include "net/base/x509_certificate.h" | 15 #include "net/base/x509_certificate.h" |
15 #include "testing/gtest/include/gtest/gtest.h" | 16 #include "testing/gtest/include/gtest/gtest.h" |
16 | 17 |
17 // Unit tests aren't allowed to access external resources. Unfortunately, to | 18 // Unit tests aren't allowed to access external resources. Unfortunately, to |
18 // properly verify the EV-ness of a cert, we need to check for its revocation | 19 // properly verify the EV-ness of a cert, we need to check for its revocation |
19 // through online servers. If you're manually running unit tests, feel free to | 20 // through online servers. If you're manually running unit tests, feel free to |
20 // turn this on to test EV certs. But leave it turned off for the automated | 21 // turn this on to test EV certs. But leave it turned off for the automated |
21 // testing. | 22 // testing. |
22 #define ALLOW_EXTERNAL_ACCESS 0 | 23 #define ALLOW_EXTERNAL_ACCESS 0 |
23 | 24 |
(...skipping 130 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
154 { "google.pem_cert.p7b", X509Certificate::FORMAT_AUTO, | 155 { "google.pem_cert.p7b", X509Certificate::FORMAT_AUTO, |
155 { google_parse_fingerprint, | 156 { google_parse_fingerprint, |
156 thawte_parse_fingerprint, | 157 thawte_parse_fingerprint, |
157 NULL, } }, | 158 NULL, } }, |
158 { "google.pem_pkcs7.p7b", X509Certificate::FORMAT_AUTO, | 159 { "google.pem_pkcs7.p7b", X509Certificate::FORMAT_AUTO, |
159 { google_parse_fingerprint, | 160 { google_parse_fingerprint, |
160 thawte_parse_fingerprint, | 161 thawte_parse_fingerprint, |
161 NULL, } }, | 162 NULL, } }, |
162 }; | 163 }; |
163 | 164 |
164 // Returns a FilePath object representing the src/net/data/ssl/certificates | |
165 // directory in the source tree. | |
166 FilePath GetTestCertsDirectory() { | |
167 FilePath certs_dir; | |
168 PathService::Get(base::DIR_SOURCE_ROOT, &certs_dir); | |
169 certs_dir = certs_dir.AppendASCII("net"); | |
170 certs_dir = certs_dir.AppendASCII("data"); | |
171 certs_dir = certs_dir.AppendASCII("ssl"); | |
172 certs_dir = certs_dir.AppendASCII("certificates"); | |
173 return certs_dir; | |
174 } | |
175 | |
176 // Imports a certificate file in the src/net/data/ssl/certificates directory. | |
177 // certs_dir represents the test certificates directory. cert_file is the | |
178 // name of the certificate file. | |
179 X509Certificate* ImportCertFromFile(const FilePath& certs_dir, | |
180 const std::string& cert_file) { | |
181 FilePath cert_path = certs_dir.AppendASCII(cert_file); | |
182 std::string cert_data; | |
183 if (!file_util::ReadFileToString(cert_path, &cert_data)) | |
184 return NULL; | |
185 return X509Certificate::CreateFromBytes(cert_data.data(), cert_data.size()); | |
186 } | |
187 | |
188 CertificateList CreateCertificateListFromFile( | 165 CertificateList CreateCertificateListFromFile( |
189 const FilePath& certs_dir, | 166 const FilePath& certs_dir, |
190 const std::string& cert_file, | 167 const std::string& cert_file, |
191 int format) { | 168 int format) { |
192 FilePath cert_path = certs_dir.AppendASCII(cert_file); | 169 FilePath cert_path = certs_dir.AppendASCII(cert_file); |
193 std::string cert_data; | 170 std::string cert_data; |
194 if (!file_util::ReadFileToString(cert_path, &cert_data)) | 171 if (!file_util::ReadFileToString(cert_path, &cert_data)) |
195 return CertificateList(); | 172 return CertificateList(); |
196 return X509Certificate::CreateCertificateListFromBytes(cert_data.data(), | 173 return X509Certificate::CreateCertificateListFromBytes(cert_data.data(), |
197 cert_data.size(), | 174 cert_data.size(), |
(...skipping 222 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
420 EXPECT_EQ(unosoft_hu_fingerprint[i], fingerprint.data[i]); | 397 EXPECT_EQ(unosoft_hu_fingerprint[i], fingerprint.data[i]); |
421 | 398 |
422 int flags = 0; | 399 int flags = 0; |
423 CertVerifyResult verify_result; | 400 CertVerifyResult verify_result; |
424 int error = unosoft_hu_cert->Verify("www.unosoft.hu", flags, | 401 int error = unosoft_hu_cert->Verify("www.unosoft.hu", flags, |
425 &verify_result); | 402 &verify_result); |
426 EXPECT_NE(OK, error); | 403 EXPECT_NE(OK, error); |
427 EXPECT_NE(0, verify_result.cert_status & CERT_STATUS_AUTHORITY_INVALID); | 404 EXPECT_NE(0, verify_result.cert_status & CERT_STATUS_AUTHORITY_INVALID); |
428 } | 405 } |
429 | 406 |
430 #if defined(USE_NSS) || defined(USE_OPENSSL) | |
431 // A regression test for http://crbug.com/31497. | 407 // A regression test for http://crbug.com/31497. |
432 // This certificate will expire on 2012-04-08. | 408 // This certificate will expire on 2012-04-08. |
433 // TODO(wtc): we can't run this test on Mac because MacTrustedCertificates | |
434 // can hold only one additional trusted root certificate for unit tests. | |
435 // TODO(wtc): we can't run this test on Windows because LoadTemporaryRootCert | |
436 // isn't implemented (http//crbug.com/8470). | |
437 TEST(X509CertificateTest, IntermediateCARequireExplicitPolicy) { | 409 TEST(X509CertificateTest, IntermediateCARequireExplicitPolicy) { |
438 FilePath certs_dir = GetTestCertsDirectory(); | 410 FilePath certs_dir = GetTestCertsDirectory(); |
439 | 411 |
440 scoped_refptr<X509Certificate> server_cert = | 412 scoped_refptr<X509Certificate> server_cert = |
441 ImportCertFromFile(certs_dir, "www_us_army_mil_cert.der"); | 413 ImportCertFromFile(certs_dir, "www_us_army_mil_cert.der"); |
442 ASSERT_NE(static_cast<X509Certificate*>(NULL), server_cert); | 414 ASSERT_NE(static_cast<X509Certificate*>(NULL), server_cert); |
443 | 415 |
444 // The intermediate CA certificate's policyConstraints extension has a | 416 // The intermediate CA certificate's policyConstraints extension has a |
445 // requireExplicitPolicy field with SkipCerts=0. | 417 // requireExplicitPolicy field with SkipCerts=0. |
446 scoped_refptr<X509Certificate> intermediate_cert = | 418 scoped_refptr<X509Certificate> intermediate_cert = |
447 ImportCertFromFile(certs_dir, "dod_ca_17_cert.der"); | 419 ImportCertFromFile(certs_dir, "dod_ca_17_cert.der"); |
448 ASSERT_NE(static_cast<X509Certificate*>(NULL), intermediate_cert); | 420 ASSERT_NE(static_cast<X509Certificate*>(NULL), intermediate_cert); |
449 | 421 |
450 FilePath root_cert_path = certs_dir.AppendASCII("dod_root_ca_2_cert.der"); | 422 FilePath root_cert_path = certs_dir.AppendASCII("dod_root_ca_2_cert.der"); |
451 scoped_refptr<X509Certificate> root_cert = | 423 TestRootCerts* root_certs = TestRootCerts::GetInstance(); |
452 LoadTemporaryRootCert(root_cert_path); | 424 ASSERT_TRUE(root_certs->AddFromFile(root_cert_path)); |
453 ASSERT_NE(static_cast<X509Certificate*>(NULL), root_cert); | |
454 | 425 |
455 X509Certificate::OSCertHandles intermediates; | 426 X509Certificate::OSCertHandles intermediates; |
456 intermediates.push_back(intermediate_cert->os_cert_handle()); | 427 intermediates.push_back(intermediate_cert->os_cert_handle()); |
457 scoped_refptr<X509Certificate> cert_chain = | 428 scoped_refptr<X509Certificate> cert_chain = |
458 X509Certificate::CreateFromHandle(server_cert->os_cert_handle(), | 429 X509Certificate::CreateFromHandle(server_cert->os_cert_handle(), |
459 X509Certificate::SOURCE_FROM_NETWORK, | 430 X509Certificate::SOURCE_FROM_NETWORK, |
460 intermediates); | 431 intermediates); |
461 | 432 |
462 int flags = 0; | 433 int flags = 0; |
463 CertVerifyResult verify_result; | 434 CertVerifyResult verify_result; |
464 int error = cert_chain->Verify("www.us.army.mil", flags, &verify_result); | 435 int error = cert_chain->Verify("www.us.army.mil", flags, &verify_result); |
465 EXPECT_EQ(OK, error); | 436 EXPECT_EQ(OK, error); |
466 EXPECT_EQ(0, verify_result.cert_status); | 437 EXPECT_EQ(0, verify_result.cert_status); |
| 438 root_certs->Clear(); |
467 } | 439 } |
468 #endif | |
469 | 440 |
470 // Tests X509Certificate::Cache via X509Certificate::CreateFromHandle. We | 441 // Tests X509Certificate::Cache via X509Certificate::CreateFromHandle. We |
471 // call X509Certificate::CreateFromHandle several times and observe whether | 442 // call X509Certificate::CreateFromHandle several times and observe whether |
472 // it returns a cached or new X509Certificate object. | 443 // it returns a cached or new X509Certificate object. |
473 // | 444 // |
474 // All the OS certificate handles in this test are actually from the same | 445 // All the OS certificate handles in this test are actually from the same |
475 // source (the bytes of a lone certificate), but we pretend that some of them | 446 // source (the bytes of a lone certificate), but we pretend that some of them |
476 // come from the network. | 447 // come from the network. |
477 TEST(X509CertificateTest, Cache) { | 448 TEST(X509CertificateTest, Cache) { |
478 X509Certificate::OSCertHandle google_cert_handle; | 449 X509Certificate::OSCertHandle google_cert_handle; |
(...skipping 250 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
729 | 700 |
730 for (size_t j = 0; j < 20; ++j) | 701 for (size_t j = 0; j < 20; ++j) |
731 EXPECT_EQ(expected_fingerprint[j], actual_fingerprint.data[j]); | 702 EXPECT_EQ(expected_fingerprint[j], actual_fingerprint.data[j]); |
732 } | 703 } |
733 } | 704 } |
734 | 705 |
735 INSTANTIATE_TEST_CASE_P(, X509CertificateParseTest, | 706 INSTANTIATE_TEST_CASE_P(, X509CertificateParseTest, |
736 testing::ValuesIn(FormatTestData)); | 707 testing::ValuesIn(FormatTestData)); |
737 | 708 |
738 } // namespace net | 709 } // namespace net |
OLD | NEW |