OLD | NEW |
---|---|
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "base/crypto/rsa_private_key.h" | 5 #include "base/crypto/rsa_private_key.h" |
6 #include "base/file_path.h" | 6 #include "base/file_path.h" |
7 #include "base/file_util.h" | 7 #include "base/file_util.h" |
8 #include "base/path_service.h" | 8 #include "base/path_service.h" |
9 #include "base/pickle.h" | 9 #include "base/pickle.h" |
10 #include "base/string_split.h" | 10 #include "base/string_split.h" |
(...skipping 463 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
474 intermediates); | 474 intermediates); |
475 | 475 |
476 int flags = 0; | 476 int flags = 0; |
477 CertVerifyResult verify_result; | 477 CertVerifyResult verify_result; |
478 int error = cert_chain->Verify("www.us.army.mil", flags, &verify_result); | 478 int error = cert_chain->Verify("www.us.army.mil", flags, &verify_result); |
479 EXPECT_EQ(OK, error); | 479 EXPECT_EQ(OK, error); |
480 EXPECT_EQ(0, verify_result.cert_status); | 480 EXPECT_EQ(0, verify_result.cert_status); |
481 root_certs->Clear(); | 481 root_certs->Clear(); |
482 } | 482 } |
483 | 483 |
484 TEST(X509CertificateTest, TestProbablyMITMCert) { | |
wtc
2011/04/06 04:28:38
Please document when this certificate will expire.
agl
2011/04/06 19:02:02
Done.
| |
485 FilePath certs_dir = GetTestCertsDirectory(); | |
486 scoped_refptr<X509Certificate> cert = | |
487 ImportCertFromFile(certs_dir, "nist.der"); | |
488 ASSERT_NE(static_cast<X509Certificate*>(NULL), cert); | |
489 | |
490 int flags = 0; | |
491 CertVerifyResult verify_result; | |
492 int error = cert->Verify("www.nist.gov", flags, &verify_result); | |
493 EXPECT_EQ(OK, error); | |
494 EXPECT_EQ(0, verify_result.cert_status); | |
495 EXPECT_FALSE(verify_result.is_probably_mitm_cert); | |
496 } | |
497 | |
484 // A regression test for http://crbug.com/70293. | 498 // A regression test for http://crbug.com/70293. |
485 // The Key Usage extension in this RSA SSL server certificate does not have | 499 // The Key Usage extension in this RSA SSL server certificate does not have |
486 // the keyEncipherment bit. | 500 // the keyEncipherment bit. |
487 TEST(X509CertificateTest, InvalidKeyUsage) { | 501 TEST(X509CertificateTest, InvalidKeyUsage) { |
488 FilePath certs_dir = GetTestCertsDirectory(); | 502 FilePath certs_dir = GetTestCertsDirectory(); |
489 | 503 |
490 scoped_refptr<X509Certificate> server_cert = | 504 scoped_refptr<X509Certificate> server_cert = |
491 ImportCertFromFile(certs_dir, "invalid_key_usage_cert.der"); | 505 ImportCertFromFile(certs_dir, "invalid_key_usage_cert.der"); |
492 ASSERT_NE(static_cast<X509Certificate*>(NULL), server_cert); | 506 ASSERT_NE(static_cast<X509Certificate*>(NULL), server_cert); |
493 | 507 |
(...skipping 499 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
993 EXPECT_EQ(test_data.expected, | 1007 EXPECT_EQ(test_data.expected, |
994 X509Certificate::VerifyHostname(test_data.hostname, cert_names)) | 1008 X509Certificate::VerifyHostname(test_data.hostname, cert_names)) |
995 << "Host [" << test_data.hostname | 1009 << "Host [" << test_data.hostname |
996 << "], cert name [" << test_data.cert_names << "]"; | 1010 << "], cert name [" << test_data.cert_names << "]"; |
997 } | 1011 } |
998 | 1012 |
999 INSTANTIATE_TEST_CASE_P(, X509CertificateNameVerifyTest, | 1013 INSTANTIATE_TEST_CASE_P(, X509CertificateNameVerifyTest, |
1000 testing::ValuesIn(kNameVerifyTestData)); | 1014 testing::ValuesIn(kNameVerifyTestData)); |
1001 | 1015 |
1002 } // namespace net | 1016 } // namespace net |
OLD | NEW |