Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(97)

Side by Side Diff: net/base/x509_certificate_unittest.cc

Issue 6656015: Map Mac's CSSMERR_APPLETP_INVALID_EMPTY_SUBJECT error to... (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Run X509CertificateTest.EmptySubject on all platforms Created 9 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/base/x509_certificate_mac.cc ('k') | net/data/ssl/certificates/empty_subject_cert.der » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "base/crypto/rsa_private_key.h" 5 #include "base/crypto/rsa_private_key.h"
6 #include "base/file_path.h" 6 #include "base/file_path.h"
7 #include "base/file_util.h" 7 #include "base/file_util.h"
8 #include "base/path_service.h" 8 #include "base/path_service.h"
9 #include "base/pickle.h" 9 #include "base/pickle.h"
10 #include "base/string_split.h" 10 #include "base/string_split.h"
(...skipping 452 matching lines...) Expand 10 before | Expand all | Expand 10 after
463 EXPECT_EQ(ERR_CERT_INVALID, error); 463 EXPECT_EQ(ERR_CERT_INVALID, error);
464 EXPECT_NE(0, verify_result.cert_status & CERT_STATUS_INVALID); 464 EXPECT_NE(0, verify_result.cert_status & CERT_STATUS_INVALID);
465 // TODO(wtc): fix http://crbug.com/75520 to get all the certificate errors 465 // TODO(wtc): fix http://crbug.com/75520 to get all the certificate errors
466 // from NSS. 466 // from NSS.
467 #if !defined(USE_NSS) 467 #if !defined(USE_NSS)
468 // The certificate is issued by an unknown CA. 468 // The certificate is issued by an unknown CA.
469 EXPECT_NE(0, verify_result.cert_status & CERT_STATUS_AUTHORITY_INVALID); 469 EXPECT_NE(0, verify_result.cert_status & CERT_STATUS_AUTHORITY_INVALID);
470 #endif 470 #endif
471 } 471 }
472 472
473 // A regression test for http://crbug.com/63988.
474 // Do not report ERR_CERT_INVALID on a certificate with an empty Subject field
475 // and a subjectAltName extension that is not marked as critical.
476 TEST(X509CertificateTest, EmptySubject) {
477 FilePath certs_dir = GetTestCertsDirectory();
478
479 scoped_refptr<X509Certificate> server_cert =
480 ImportCertFromFile(certs_dir, "empty_subject_cert.der");
481 ASSERT_NE(static_cast<X509Certificate*>(NULL), server_cert);
482
483 int flags = 0;
484 CertVerifyResult verify_result;
485 int error = server_cert->Verify("1.1.1.1", flags, &verify_result);
486
487 // We no longer map the invalid subject error to CERT_STATUS_INVALID on the
488 // Mac.
489 EXPECT_NE(ERR_CERT_INVALID, error);
490 EXPECT_EQ(0, verify_result.cert_status & CERT_STATUS_INVALID);
491
492 // The subjectAltName extension contains an iPAddress of "1.1.1.1", but
493 // we map the invalid empty subject error to CERT_STATUS_COMMON_NAME_INVALID
494 // on the Mac.
495 #if defined(OS_MACOSX)
496 EXPECT_NE(0, verify_result.cert_status & CERT_STATUS_COMMON_NAME_INVALID);
497 #endif
498
499 // The certificate is self-signed.
500 EXPECT_NE(0, verify_result.cert_status & CERT_STATUS_AUTHORITY_INVALID);
501 }
502
473 // Tests X509Certificate::Cache via X509Certificate::CreateFromHandle. We 503 // Tests X509Certificate::Cache via X509Certificate::CreateFromHandle. We
474 // call X509Certificate::CreateFromHandle several times and observe whether 504 // call X509Certificate::CreateFromHandle several times and observe whether
475 // it returns a cached or new X509Certificate object. 505 // it returns a cached or new X509Certificate object.
476 // 506 //
477 // All the OS certificate handles in this test are actually from the same 507 // All the OS certificate handles in this test are actually from the same
478 // source (the bytes of a lone certificate), but we pretend that some of them 508 // source (the bytes of a lone certificate), but we pretend that some of them
479 // come from the network. 509 // come from the network.
480 TEST(X509CertificateTest, Cache) { 510 TEST(X509CertificateTest, Cache) {
481 X509Certificate::OSCertHandle google_cert_handle; 511 X509Certificate::OSCertHandle google_cert_handle;
482 512
(...skipping 469 matching lines...) Expand 10 before | Expand all | Expand 10 after
952 EXPECT_EQ(test_data.expected, 982 EXPECT_EQ(test_data.expected,
953 X509Certificate::VerifyHostname(test_data.hostname, cert_names)) 983 X509Certificate::VerifyHostname(test_data.hostname, cert_names))
954 << "Host [" << test_data.hostname 984 << "Host [" << test_data.hostname
955 << "], cert name [" << test_data.cert_names << "]"; 985 << "], cert name [" << test_data.cert_names << "]";
956 } 986 }
957 987
958 INSTANTIATE_TEST_CASE_P(, X509CertificateNameVerifyTest, 988 INSTANTIATE_TEST_CASE_P(, X509CertificateNameVerifyTest,
959 testing::ValuesIn(kNameVerifyTestData)); 989 testing::ValuesIn(kNameVerifyTestData));
960 990
961 } // namespace net 991 } // namespace net
OLDNEW
« no previous file with comments | « net/base/x509_certificate_mac.cc ('k') | net/data/ssl/certificates/empty_subject_cert.der » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698