Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1147)

Side by Side Diff: net/base/x509_certificate_unittest.cc

Issue 6626033: An RSA SSL server certificate whose Key Usage extension... (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/
Patch Set: Comment out the untrusted CA check for USE_NSS Created 9 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/base/x509_certificate_nss.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "base/crypto/rsa_private_key.h" 5 #include "base/crypto/rsa_private_key.h"
6 #include "base/file_path.h" 6 #include "base/file_path.h"
7 #include "base/file_util.h" 7 #include "base/file_util.h"
8 #include "base/path_service.h" 8 #include "base/path_service.h"
9 #include "base/pickle.h" 9 #include "base/pickle.h"
10 #include "net/base/cert_status_flags.h" 10 #include "net/base/cert_status_flags.h"
(...skipping 428 matching lines...) Expand 10 before | Expand all | Expand 10 after
439 intermediates); 439 intermediates);
440 440
441 int flags = 0; 441 int flags = 0;
442 CertVerifyResult verify_result; 442 CertVerifyResult verify_result;
443 int error = cert_chain->Verify("www.us.army.mil", flags, &verify_result); 443 int error = cert_chain->Verify("www.us.army.mil", flags, &verify_result);
444 EXPECT_EQ(OK, error); 444 EXPECT_EQ(OK, error);
445 EXPECT_EQ(0, verify_result.cert_status); 445 EXPECT_EQ(0, verify_result.cert_status);
446 root_certs->Clear(); 446 root_certs->Clear();
447 } 447 }
448 448
449 // A regression test for http://crbug.com/70293.
450 // The Key Usage extension in this RSA SSL server certificate does not have
451 // the keyEncipherment bit.
452 TEST(X509CertificateTest, InvalidKeyUsage) {
453 FilePath certs_dir = GetTestCertsDirectory();
454
455 scoped_refptr<X509Certificate> server_cert =
456 ImportCertFromFile(certs_dir, "invalid_key_usage_cert.der");
457 ASSERT_NE(static_cast<X509Certificate*>(NULL), server_cert);
458
459 int flags = 0;
460 CertVerifyResult verify_result;
461 int error = server_cert->Verify("jira.aquameta.com", flags, &verify_result);
462 EXPECT_EQ(ERR_CERT_INVALID, error);
463 EXPECT_NE(0, verify_result.cert_status & CERT_STATUS_INVALID);
464 // TODO(wtc): fix http://crbug.com/75520 to get all the certificate errors
465 // from NSS.
466 #if !defined(USE_NSS)
467 // The certificate is issued by an unknown CA.
468 EXPECT_NE(0, verify_result.cert_status & CERT_STATUS_AUTHORITY_INVALID);
469 #endif
470 }
471
449 // Tests X509Certificate::Cache via X509Certificate::CreateFromHandle. We 472 // Tests X509Certificate::Cache via X509Certificate::CreateFromHandle. We
450 // call X509Certificate::CreateFromHandle several times and observe whether 473 // call X509Certificate::CreateFromHandle several times and observe whether
451 // it returns a cached or new X509Certificate object. 474 // it returns a cached or new X509Certificate object.
452 // 475 //
453 // All the OS certificate handles in this test are actually from the same 476 // All the OS certificate handles in this test are actually from the same
454 // source (the bytes of a lone certificate), but we pretend that some of them 477 // source (the bytes of a lone certificate), but we pretend that some of them
455 // come from the network. 478 // come from the network.
456 TEST(X509CertificateTest, Cache) { 479 TEST(X509CertificateTest, Cache) {
457 X509Certificate::OSCertHandle google_cert_handle; 480 X509Certificate::OSCertHandle google_cert_handle;
458 481
(...skipping 372 matching lines...) Expand 10 before | Expand all | Expand 10 after
831 854
832 for (size_t j = 0; j < 20; ++j) 855 for (size_t j = 0; j < 20; ++j)
833 EXPECT_EQ(expected_fingerprint[j], actual_fingerprint.data[j]); 856 EXPECT_EQ(expected_fingerprint[j], actual_fingerprint.data[j]);
834 } 857 }
835 } 858 }
836 859
837 INSTANTIATE_TEST_CASE_P(, X509CertificateParseTest, 860 INSTANTIATE_TEST_CASE_P(, X509CertificateParseTest,
838 testing::ValuesIn(FormatTestData)); 861 testing::ValuesIn(FormatTestData));
839 862
840 } // namespace net 863 } // namespace net
OLDNEW
« no previous file with comments | « net/base/x509_certificate_nss.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698