| OLD | NEW |
| 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "base/crypto/rsa_private_key.h" | 5 #include "base/crypto/rsa_private_key.h" |
| 6 #include "base/file_path.h" | 6 #include "base/file_path.h" |
| 7 #include "base/file_util.h" | 7 #include "base/file_util.h" |
| 8 #include "base/path_service.h" | 8 #include "base/path_service.h" |
| 9 #include "base/pickle.h" | 9 #include "base/pickle.h" |
| 10 #include "base/string_split.h" | 10 #include "base/string_split.h" |
| (...skipping 452 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 463 EXPECT_EQ(ERR_CERT_INVALID, error); | 463 EXPECT_EQ(ERR_CERT_INVALID, error); |
| 464 EXPECT_NE(0, verify_result.cert_status & CERT_STATUS_INVALID); | 464 EXPECT_NE(0, verify_result.cert_status & CERT_STATUS_INVALID); |
| 465 // TODO(wtc): fix http://crbug.com/75520 to get all the certificate errors | 465 // TODO(wtc): fix http://crbug.com/75520 to get all the certificate errors |
| 466 // from NSS. | 466 // from NSS. |
| 467 #if !defined(USE_NSS) | 467 #if !defined(USE_NSS) |
| 468 // The certificate is issued by an unknown CA. | 468 // The certificate is issued by an unknown CA. |
| 469 EXPECT_NE(0, verify_result.cert_status & CERT_STATUS_AUTHORITY_INVALID); | 469 EXPECT_NE(0, verify_result.cert_status & CERT_STATUS_AUTHORITY_INVALID); |
| 470 #endif | 470 #endif |
| 471 } | 471 } |
| 472 | 472 |
| 473 // A regression test for http://crbug.com/63988. |
| 474 // Do not report ERR_CERT_INVALID on a certificate with an empty Subject field |
| 475 // and a subjectAltName extension that is not marked as critical. |
| 476 TEST(X509CertificateTest, EmptySubject) { |
| 477 FilePath certs_dir = GetTestCertsDirectory(); |
| 478 |
| 479 scoped_refptr<X509Certificate> server_cert = |
| 480 ImportCertFromFile(certs_dir, "empty_subject_cert.der"); |
| 481 ASSERT_NE(static_cast<X509Certificate*>(NULL), server_cert); |
| 482 |
| 483 int flags = 0; |
| 484 CertVerifyResult verify_result; |
| 485 int error = server_cert->Verify("1.1.1.1", flags, &verify_result); |
| 486 |
| 487 // We no longer map the invalid subject error to CERT_STATUS_INVALID on the |
| 488 // Mac. |
| 489 EXPECT_NE(ERR_CERT_INVALID, error); |
| 490 EXPECT_EQ(0, verify_result.cert_status & CERT_STATUS_INVALID); |
| 491 |
| 492 // The subjectAltName extension contains an iPAddress of "1.1.1.1", but |
| 493 // we map the invalid empty subject error to CERT_STATUS_COMMON_NAME_INVALID |
| 494 // on the Mac. |
| 495 #if defined(OS_MACOSX) |
| 496 EXPECT_NE(0, verify_result.cert_status & CERT_STATUS_COMMON_NAME_INVALID); |
| 497 #endif |
| 498 |
| 499 // The certificate is self-signed. |
| 500 EXPECT_NE(0, verify_result.cert_status & CERT_STATUS_AUTHORITY_INVALID); |
| 501 } |
| 502 |
| 473 // Tests X509Certificate::Cache via X509Certificate::CreateFromHandle. We | 503 // Tests X509Certificate::Cache via X509Certificate::CreateFromHandle. We |
| 474 // call X509Certificate::CreateFromHandle several times and observe whether | 504 // call X509Certificate::CreateFromHandle several times and observe whether |
| 475 // it returns a cached or new X509Certificate object. | 505 // it returns a cached or new X509Certificate object. |
| 476 // | 506 // |
| 477 // All the OS certificate handles in this test are actually from the same | 507 // All the OS certificate handles in this test are actually from the same |
| 478 // source (the bytes of a lone certificate), but we pretend that some of them | 508 // source (the bytes of a lone certificate), but we pretend that some of them |
| 479 // come from the network. | 509 // come from the network. |
| 480 TEST(X509CertificateTest, Cache) { | 510 TEST(X509CertificateTest, Cache) { |
| 481 X509Certificate::OSCertHandle google_cert_handle; | 511 X509Certificate::OSCertHandle google_cert_handle; |
| 482 | 512 |
| (...skipping 469 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 952 EXPECT_EQ(test_data.expected, | 982 EXPECT_EQ(test_data.expected, |
| 953 X509Certificate::VerifyHostname(test_data.hostname, cert_names)) | 983 X509Certificate::VerifyHostname(test_data.hostname, cert_names)) |
| 954 << "Host [" << test_data.hostname | 984 << "Host [" << test_data.hostname |
| 955 << "], cert name [" << test_data.cert_names << "]"; | 985 << "], cert name [" << test_data.cert_names << "]"; |
| 956 } | 986 } |
| 957 | 987 |
| 958 INSTANTIATE_TEST_CASE_P(, X509CertificateNameVerifyTest, | 988 INSTANTIATE_TEST_CASE_P(, X509CertificateNameVerifyTest, |
| 959 testing::ValuesIn(kNameVerifyTestData)); | 989 testing::ValuesIn(kNameVerifyTestData)); |
| 960 | 990 |
| 961 } // namespace net | 991 } // namespace net |
| OLD | NEW |