| OLD | NEW |
| 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "base/crypto/rsa_private_key.h" | 5 #include "base/crypto/rsa_private_key.h" |
| 6 #include "base/file_path.h" | 6 #include "base/file_path.h" |
| 7 #include "base/file_util.h" | 7 #include "base/file_util.h" |
| 8 #include "base/path_service.h" | 8 #include "base/path_service.h" |
| 9 #include "base/pickle.h" | 9 #include "base/pickle.h" |
| 10 #include "net/base/cert_status_flags.h" | 10 #include "net/base/cert_status_flags.h" |
| (...skipping 428 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 439 intermediates); | 439 intermediates); |
| 440 | 440 |
| 441 int flags = 0; | 441 int flags = 0; |
| 442 CertVerifyResult verify_result; | 442 CertVerifyResult verify_result; |
| 443 int error = cert_chain->Verify("www.us.army.mil", flags, &verify_result); | 443 int error = cert_chain->Verify("www.us.army.mil", flags, &verify_result); |
| 444 EXPECT_EQ(OK, error); | 444 EXPECT_EQ(OK, error); |
| 445 EXPECT_EQ(0, verify_result.cert_status); | 445 EXPECT_EQ(0, verify_result.cert_status); |
| 446 root_certs->Clear(); | 446 root_certs->Clear(); |
| 447 } | 447 } |
| 448 | 448 |
| 449 // A regression test for http://crbug.com/70293. |
| 450 // The Key Usage extension in this RSA SSL server certificate does not have |
| 451 // the keyEncipherment bit. |
| 452 TEST(X509CertificateTest, InvalidKeyUsage) { |
| 453 FilePath certs_dir = GetTestCertsDirectory(); |
| 454 |
| 455 scoped_refptr<X509Certificate> server_cert = |
| 456 ImportCertFromFile(certs_dir, "invalid_key_usage_cert.der"); |
| 457 ASSERT_NE(static_cast<X509Certificate*>(NULL), server_cert); |
| 458 |
| 459 int flags = 0; |
| 460 CertVerifyResult verify_result; |
| 461 int error = server_cert->Verify("jira.aquameta.com", flags, &verify_result); |
| 462 EXPECT_EQ(ERR_CERT_INVALID, error); |
| 463 EXPECT_NE(0, verify_result.cert_status & CERT_STATUS_INVALID); |
| 464 // TODO(wtc): fix http://crbug.com/75520 to get all the certificate errors |
| 465 // from NSS. |
| 466 #if !defined(USE_NSS) |
| 467 // The certificate is issued by an unknown CA. |
| 468 EXPECT_NE(0, verify_result.cert_status & CERT_STATUS_AUTHORITY_INVALID); |
| 469 #endif |
| 470 } |
| 471 |
| 449 // Tests X509Certificate::Cache via X509Certificate::CreateFromHandle. We | 472 // Tests X509Certificate::Cache via X509Certificate::CreateFromHandle. We |
| 450 // call X509Certificate::CreateFromHandle several times and observe whether | 473 // call X509Certificate::CreateFromHandle several times and observe whether |
| 451 // it returns a cached or new X509Certificate object. | 474 // it returns a cached or new X509Certificate object. |
| 452 // | 475 // |
| 453 // All the OS certificate handles in this test are actually from the same | 476 // All the OS certificate handles in this test are actually from the same |
| 454 // source (the bytes of a lone certificate), but we pretend that some of them | 477 // source (the bytes of a lone certificate), but we pretend that some of them |
| 455 // come from the network. | 478 // come from the network. |
| 456 TEST(X509CertificateTest, Cache) { | 479 TEST(X509CertificateTest, Cache) { |
| 457 X509Certificate::OSCertHandle google_cert_handle; | 480 X509Certificate::OSCertHandle google_cert_handle; |
| 458 | 481 |
| (...skipping 372 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 831 | 854 |
| 832 for (size_t j = 0; j < 20; ++j) | 855 for (size_t j = 0; j < 20; ++j) |
| 833 EXPECT_EQ(expected_fingerprint[j], actual_fingerprint.data[j]); | 856 EXPECT_EQ(expected_fingerprint[j], actual_fingerprint.data[j]); |
| 834 } | 857 } |
| 835 } | 858 } |
| 836 | 859 |
| 837 INSTANTIATE_TEST_CASE_P(, X509CertificateParseTest, | 860 INSTANTIATE_TEST_CASE_P(, X509CertificateParseTest, |
| 838 testing::ValuesIn(FormatTestData)); | 861 testing::ValuesIn(FormatTestData)); |
| 839 | 862 |
| 840 } // namespace net | 863 } // namespace net |
| OLD | NEW |