| OLD | NEW |
|---|
| 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "base/file_path.h" | 5 #include "base/file_path.h" |
| 6 #include "base/file_util.h" | 6 #include "base/file_util.h" |
| 7 #include "base/path_service.h" | 7 #include "base/path_service.h" |
| 8 #include "base/pickle.h" | 8 #include "base/pickle.h" |
| 9 #include "net/base/cert_status_flags.h" | 9 #include "net/base/cert_status_flags.h" |
| 10 #include "net/base/cert_test_util.h" | |
| 11 #include "net/base/cert_verify_result.h" | 10 #include "net/base/cert_verify_result.h" |
| 12 #include "net/base/net_errors.h" | 11 #include "net/base/net_errors.h" |
| 13 #include "net/base/test_certificate_data.h" | 12 #include "net/base/test_certificate_data.h" |
| 13 #include "net/base/test_root_certs.h" |
| 14 #include "net/base/x509_certificate.h" | 14 #include "net/base/x509_certificate.h" |
| 15 #include "testing/gtest/include/gtest/gtest.h" | 15 #include "testing/gtest/include/gtest/gtest.h" |
| 16 | 16 |
| 17 // Unit tests aren't allowed to access external resources. Unfortunately, to | 17 // Unit tests aren't allowed to access external resources. Unfortunately, to |
| 18 // properly verify the EV-ness of a cert, we need to check for its revocation | 18 // properly verify the EV-ness of a cert, we need to check for its revocation |
| 19 // through online servers. If you're manually running unit tests, feel free to | 19 // through online servers. If you're manually running unit tests, feel free to |
| 20 // turn this on to test EV certs. But leave it turned off for the automated | 20 // turn this on to test EV certs. But leave it turned off for the automated |
| 21 // testing. | 21 // testing. |
| 22 #define ALLOW_EXTERNAL_ACCESS 0 | 22 #define ALLOW_EXTERNAL_ACCESS 0 |
| 23 | 23 |
| (...skipping 396 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 420 EXPECT_EQ(unosoft_hu_fingerprint[i], fingerprint.data[i]); | 420 EXPECT_EQ(unosoft_hu_fingerprint[i], fingerprint.data[i]); |
| 421 | 421 |
| 422 int flags = 0; | 422 int flags = 0; |
| 423 CertVerifyResult verify_result; | 423 CertVerifyResult verify_result; |
| 424 int error = unosoft_hu_cert->Verify("www.unosoft.hu", flags, | 424 int error = unosoft_hu_cert->Verify("www.unosoft.hu", flags, |
| 425 &verify_result); | 425 &verify_result); |
| 426 EXPECT_NE(OK, error); | 426 EXPECT_NE(OK, error); |
| 427 EXPECT_NE(0, verify_result.cert_status & CERT_STATUS_AUTHORITY_INVALID); | 427 EXPECT_NE(0, verify_result.cert_status & CERT_STATUS_AUTHORITY_INVALID); |
| 428 } | 428 } |
| 429 | 429 |
| 430 #if defined(USE_NSS) || defined(USE_OPENSSL) | |
| 431 // A regression test for http://crbug.com/31497. | 430 // A regression test for http://crbug.com/31497. |
| 432 // This certificate will expire on 2012-04-08. | 431 // This certificate will expire on 2012-04-08. |
| 433 // TODO(wtc): we can't run this test on Mac because MacTrustedCertificates | |
| 434 // can hold only one additional trusted root certificate for unit tests. | |
| 435 // TODO(wtc): we can't run this test on Windows because LoadTemporaryRootCert | |
| 436 // isn't implemented (http//crbug.com/8470). | |
| 437 TEST(X509CertificateTest, IntermediateCARequireExplicitPolicy) { | 432 TEST(X509CertificateTest, IntermediateCARequireExplicitPolicy) { |
| 438 FilePath certs_dir = GetTestCertsDirectory(); | 433 FilePath certs_dir = GetTestCertsDirectory(); |
| 439 | 434 |
| 440 scoped_refptr<X509Certificate> server_cert = | 435 scoped_refptr<X509Certificate> server_cert = |
| 441 ImportCertFromFile(certs_dir, "www_us_army_mil_cert.der"); | 436 ImportCertFromFile(certs_dir, "www_us_army_mil_cert.der"); |
| 442 ASSERT_NE(static_cast<X509Certificate*>(NULL), server_cert); | 437 ASSERT_NE(static_cast<X509Certificate*>(NULL), server_cert); |
| 443 | 438 |
| 444 // The intermediate CA certificate's policyConstraints extension has a | 439 // The intermediate CA certificate's policyConstraints extension has a |
| 445 // requireExplicitPolicy field with SkipCerts=0. | 440 // requireExplicitPolicy field with SkipCerts=0. |
| 446 scoped_refptr<X509Certificate> intermediate_cert = | 441 scoped_refptr<X509Certificate> intermediate_cert = |
| 447 ImportCertFromFile(certs_dir, "dod_ca_17_cert.der"); | 442 ImportCertFromFile(certs_dir, "dod_ca_17_cert.der"); |
| 448 ASSERT_NE(static_cast<X509Certificate*>(NULL), intermediate_cert); | 443 ASSERT_NE(static_cast<X509Certificate*>(NULL), intermediate_cert); |
| 449 | 444 |
| 450 FilePath root_cert_path = certs_dir.AppendASCII("dod_root_ca_2_cert.der"); | 445 FilePath root_cert_path = certs_dir.AppendASCII("dod_root_ca_2_cert.der"); |
| 451 scoped_refptr<X509Certificate> root_cert = | 446 TestRootCerts* root_certs = TestRootCerts::GetInstance(); |
| 452 LoadTemporaryRootCert(root_cert_path); | 447 ASSERT_TRUE(root_certs->AddFromFile(root_cert_path)); |
| 453 ASSERT_NE(static_cast<X509Certificate*>(NULL), root_cert); | |
| 454 | 448 |
| 455 X509Certificate::OSCertHandles intermediates; | 449 X509Certificate::OSCertHandles intermediates; |
| 456 intermediates.push_back(intermediate_cert->os_cert_handle()); | 450 intermediates.push_back(intermediate_cert->os_cert_handle()); |
| 457 scoped_refptr<X509Certificate> cert_chain = | 451 scoped_refptr<X509Certificate> cert_chain = |
| 458 X509Certificate::CreateFromHandle(server_cert->os_cert_handle(), | 452 X509Certificate::CreateFromHandle(server_cert->os_cert_handle(), |
| 459 X509Certificate::SOURCE_FROM_NETWORK, | 453 X509Certificate::SOURCE_FROM_NETWORK, |
| 460 intermediates); | 454 intermediates); |
| 461 | 455 |
| 462 int flags = 0; | 456 int flags = 0; |
| 463 CertVerifyResult verify_result; | 457 CertVerifyResult verify_result; |
| 464 int error = cert_chain->Verify("www.us.army.mil", flags, &verify_result); | 458 int error = cert_chain->Verify("www.us.army.mil", flags, &verify_result); |
| 465 EXPECT_EQ(OK, error); | 459 EXPECT_EQ(OK, error); |
| 466 EXPECT_EQ(0, verify_result.cert_status); | 460 EXPECT_EQ(0, verify_result.cert_status); |
| 461 root_certs->Clear(); |
| 467 } | 462 } |
| 468 #endif | |
| 469 | 463 |
| 470 // Tests X509Certificate::Cache via X509Certificate::CreateFromHandle. We | 464 // Tests X509Certificate::Cache via X509Certificate::CreateFromHandle. We |
| 471 // call X509Certificate::CreateFromHandle several times and observe whether | 465 // call X509Certificate::CreateFromHandle several times and observe whether |
| 472 // it returns a cached or new X509Certificate object. | 466 // it returns a cached or new X509Certificate object. |
| 473 // | 467 // |
| 474 // All the OS certificate handles in this test are actually from the same | 468 // All the OS certificate handles in this test are actually from the same |
| 475 // source (the bytes of a lone certificate), but we pretend that some of them | 469 // source (the bytes of a lone certificate), but we pretend that some of them |
| 476 // come from the network. | 470 // come from the network. |
| 477 TEST(X509CertificateTest, Cache) { | 471 TEST(X509CertificateTest, Cache) { |
| 478 X509Certificate::OSCertHandle google_cert_handle; | 472 X509Certificate::OSCertHandle google_cert_handle; |
| (...skipping 250 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 729 | 723 |
| 730 for (size_t j = 0; j < 20; ++j) | 724 for (size_t j = 0; j < 20; ++j) |
| 731 EXPECT_EQ(expected_fingerprint[j], actual_fingerprint.data[j]); | 725 EXPECT_EQ(expected_fingerprint[j], actual_fingerprint.data[j]); |
| 732 } | 726 } |
| 733 } | 727 } |
| 734 | 728 |
| 735 INSTANTIATE_TEST_CASE_P(, X509CertificateParseTest, | 729 INSTANTIATE_TEST_CASE_P(, X509CertificateParseTest, |
| 736 testing::ValuesIn(FormatTestData)); | 730 testing::ValuesIn(FormatTestData)); |
| 737 | 731 |
| 738 } // namespace net | 732 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 4646001:
Implement LoadTemporaryRoot for Windows (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/net/base