OLD | NEW |
---|---|
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "base/file_path.h" | 5 #include "base/file_path.h" |
6 #include "base/file_util.h" | 6 #include "base/file_util.h" |
7 #include "base/path_service.h" | 7 #include "base/path_service.h" |
8 #include "base/pickle.h" | 8 #include "base/pickle.h" |
9 #include "base/sha1.h" | 9 #include "base/sha1.h" |
10 #include "base/string_number_conversions.h" | 10 #include "base/string_number_conversions.h" |
(...skipping 802 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
813 webkit_cert->os_cert_handle())); | 813 webkit_cert->os_cert_handle())); |
814 EXPECT_TRUE(cert2->HasIntermediateCertificate( | 814 EXPECT_TRUE(cert2->HasIntermediateCertificate( |
815 thawte_cert->os_cert_handle())); | 815 thawte_cert->os_cert_handle())); |
816 EXPECT_FALSE(cert2->HasIntermediateCertificate( | 816 EXPECT_FALSE(cert2->HasIntermediateCertificate( |
817 paypal_cert->os_cert_handle())); | 817 paypal_cert->os_cert_handle())); |
818 | 818 |
819 // Cleanup | 819 // Cleanup |
820 X509Certificate::FreeOSCertHandle(google_handle); | 820 X509Certificate::FreeOSCertHandle(google_handle); |
821 } | 821 } |
822 | 822 |
823 // Basic test for returning the chain in CertVerifyResult. Note that the | |
824 // returned chain may just be a reflection of the originally supplied chain; | |
825 // that is, if any unrecoverable errors occur, the default chain returned is | |
wtc
2011/07/26 19:32:29
It's not clear what "unrecoverable errors" means h
| |
826 // an exact copy of the certificate to be verified. The remaining | |
827 // VerifyReturn* tests are used to ensure that the actual, verified chain is | |
828 // being returned by Verify(). | |
829 TEST(X509CertificateTest, VerifyReturnChainBasic) { | |
830 FilePath certs_dir = GetTestCertsDirectory(); | |
831 CertificateList certs = CreateCertificateListFromFile( | |
832 certs_dir, "x509_verify_results.chain.pem", | |
833 X509Certificate::FORMAT_AUTO); | |
834 ASSERT_EQ(3U, certs.size()); | |
835 | |
836 X509Certificate::OSCertHandles intermediates; | |
837 intermediates.push_back(certs[1]->os_cert_handle()); | |
838 intermediates.push_back(certs[2]->os_cert_handle()); | |
839 | |
840 TestRootCerts::GetInstance()->Add(certs[2]); | |
841 | |
842 scoped_refptr<X509Certificate> google_full_chain = | |
843 X509Certificate::CreateFromHandle(certs[0]->os_cert_handle(), | |
844 intermediates); | |
845 ASSERT_NE(static_cast<X509Certificate*>(NULL), google_full_chain); | |
846 ASSERT_EQ(2U, google_full_chain->GetIntermediateCertificates().size()); | |
847 | |
848 CertVerifyResult verify_result; | |
849 EXPECT_EQ(static_cast<X509Certificate*>(NULL), verify_result.verified_cert); | |
850 int error = google_full_chain->Verify("127.0.0.1", 0, &verify_result); | |
851 EXPECT_EQ(OK, error); | |
852 ASSERT_NE(static_cast<X509Certificate*>(NULL), verify_result.verified_cert); | |
853 | |
854 EXPECT_NE(google_full_chain, verify_result.verified_cert); | |
855 EXPECT_TRUE(X509Certificate::IsSameOSCert( | |
856 google_full_chain->os_cert_handle(), | |
857 verify_result.verified_cert->os_cert_handle())); | |
858 const X509Certificate::OSCertHandles& return_intermediates = | |
859 verify_result.verified_cert->GetIntermediateCertificates(); | |
860 ASSERT_EQ(2U, return_intermediates.size()); | |
861 EXPECT_TRUE(X509Certificate::IsSameOSCert(return_intermediates[0], | |
862 certs[1]->os_cert_handle())); | |
863 EXPECT_TRUE(X509Certificate::IsSameOSCert(return_intermediates[1], | |
864 certs[2]->os_cert_handle())); | |
865 | |
866 TestRootCerts::GetInstance()->Clear(); | |
867 } | |
868 | |
869 // Test that the certificate returned in CertVerifyResult is able to reorder | |
870 // certificates that are not ordered from end-entity to root. While this is | |
871 // a protocol violation if sent during a TLS handshake, if multiple sources | |
872 // of intermediate certificates are combined, it's possible that order may | |
873 // not be maintained. | |
874 TEST(X509CertificateTest, VerifyReturnChainProperlyOrders) { | |
wtc
2011/07/26 19:32:29
ProperlyOrders => ProperlyOrdered ?
| |
875 FilePath certs_dir = GetTestCertsDirectory(); | |
876 CertificateList certs = CreateCertificateListFromFile( | |
877 certs_dir, "x509_verify_results.chain.pem", | |
878 X509Certificate::FORMAT_AUTO); | |
879 ASSERT_EQ(3U, certs.size()); | |
880 | |
881 // Construct the chain out of order. | |
882 X509Certificate::OSCertHandles intermediates; | |
883 intermediates.push_back(certs[2]->os_cert_handle()); | |
884 intermediates.push_back(certs[1]->os_cert_handle()); | |
885 | |
886 TestRootCerts::GetInstance()->Add(certs[2]); | |
887 | |
888 scoped_refptr<X509Certificate> google_full_chain = | |
889 X509Certificate::CreateFromHandle(certs[0]->os_cert_handle(), | |
890 intermediates); | |
891 ASSERT_NE(static_cast<X509Certificate*>(NULL), google_full_chain); | |
892 ASSERT_EQ(2U, google_full_chain->GetIntermediateCertificates().size()); | |
893 | |
894 CertVerifyResult verify_result; | |
895 EXPECT_EQ(static_cast<X509Certificate*>(NULL), verify_result.verified_cert); | |
896 int error = google_full_chain->Verify("127.0.0.1", 0, &verify_result); | |
897 EXPECT_EQ(OK, error); | |
898 ASSERT_NE(static_cast<X509Certificate*>(NULL), verify_result.verified_cert); | |
899 | |
900 EXPECT_NE(google_full_chain, verify_result.verified_cert); | |
901 EXPECT_TRUE(X509Certificate::IsSameOSCert( | |
902 google_full_chain->os_cert_handle(), | |
903 verify_result.verified_cert->os_cert_handle())); | |
904 const X509Certificate::OSCertHandles& return_intermediates = | |
905 verify_result.verified_cert->GetIntermediateCertificates(); | |
906 ASSERT_EQ(2U, return_intermediates.size()); | |
907 EXPECT_TRUE(X509Certificate::IsSameOSCert(return_intermediates[0], | |
908 certs[1]->os_cert_handle())); | |
909 EXPECT_TRUE(X509Certificate::IsSameOSCert(return_intermediates[1], | |
910 certs[2]->os_cert_handle())); | |
911 | |
912 TestRootCerts::GetInstance()->Clear(); | |
913 } | |
914 | |
915 // Test that Verify() filters out certificates which are not related to | |
916 // or part of the certificate/chain being verified. | |
wtc
2011/07/26 19:32:29
Nit: remove '/'?
| |
917 TEST(X509CertificateTest, VerifyReturnChainFiltersUnrelatedCerts) { | |
918 FilePath certs_dir = GetTestCertsDirectory(); | |
919 CertificateList certs = CreateCertificateListFromFile( | |
920 certs_dir, "x509_verify_results.chain.pem", | |
921 X509Certificate::FORMAT_AUTO); | |
922 ASSERT_EQ(3U, certs.size()); | |
923 TestRootCerts::GetInstance()->Add(certs[2]); | |
924 | |
925 scoped_refptr<X509Certificate> unrelated_dod_certificate = | |
926 ImportCertFromFile(certs_dir, "dod_ca_17_cert.der"); | |
927 scoped_refptr<X509Certificate> unrelated_dod_certificate2 = | |
928 ImportCertFromFile(certs_dir, "dod_root_ca_2_cert.der"); | |
929 ASSERT_NE(static_cast<X509Certificate*>(NULL), unrelated_dod_certificate); | |
930 ASSERT_NE(static_cast<X509Certificate*>(NULL), unrelated_dod_certificate2); | |
931 | |
932 // Interject unrelated certificates into the list of intermediates. | |
933 X509Certificate::OSCertHandles intermediates; | |
934 intermediates.push_back(unrelated_dod_certificate->os_cert_handle()); | |
935 intermediates.push_back(certs[1]->os_cert_handle()); | |
936 intermediates.push_back(unrelated_dod_certificate2->os_cert_handle()); | |
937 intermediates.push_back(certs[2]->os_cert_handle()); | |
938 | |
939 scoped_refptr<X509Certificate> google_full_chain = | |
940 X509Certificate::CreateFromHandle(certs[0]->os_cert_handle(), | |
941 intermediates); | |
942 ASSERT_NE(static_cast<X509Certificate*>(NULL), google_full_chain); | |
943 ASSERT_EQ(4U, google_full_chain->GetIntermediateCertificates().size()); | |
944 | |
945 CertVerifyResult verify_result; | |
946 EXPECT_EQ(static_cast<X509Certificate*>(NULL), verify_result.verified_cert); | |
947 int error = google_full_chain->Verify("127.0.0.1", 0, &verify_result); | |
948 EXPECT_EQ(OK, error); | |
949 ASSERT_NE(static_cast<X509Certificate*>(NULL), verify_result.verified_cert); | |
950 | |
951 EXPECT_NE(google_full_chain, verify_result.verified_cert); | |
952 EXPECT_TRUE(X509Certificate::IsSameOSCert( | |
953 google_full_chain->os_cert_handle(), | |
954 verify_result.verified_cert->os_cert_handle())); | |
955 const X509Certificate::OSCertHandles& return_intermediates = | |
956 verify_result.verified_cert->GetIntermediateCertificates(); | |
957 ASSERT_EQ(2U, return_intermediates.size()); | |
958 EXPECT_TRUE(X509Certificate::IsSameOSCert(return_intermediates[0], | |
959 certs[1]->os_cert_handle())); | |
960 EXPECT_TRUE(X509Certificate::IsSameOSCert(return_intermediates[1], | |
961 certs[2]->os_cert_handle())); | |
962 TestRootCerts::GetInstance()->Clear(); | |
963 } | |
964 | |
823 #if defined(OS_MACOSX) | 965 #if defined(OS_MACOSX) |
824 TEST(X509CertificateTest, IsIssuedBy) { | 966 TEST(X509CertificateTest, IsIssuedBy) { |
825 FilePath certs_dir = GetTestCertsDirectory(); | 967 FilePath certs_dir = GetTestCertsDirectory(); |
826 | 968 |
827 // Test a client certificate from MIT. | 969 // Test a client certificate from MIT. |
828 scoped_refptr<X509Certificate> mit_davidben_cert( | 970 scoped_refptr<X509Certificate> mit_davidben_cert( |
829 ImportCertFromFile(certs_dir, "mit.davidben.der")); | 971 ImportCertFromFile(certs_dir, "mit.davidben.der")); |
830 ASSERT_NE(static_cast<X509Certificate*>(NULL), mit_davidben_cert); | 972 ASSERT_NE(static_cast<X509Certificate*>(NULL), mit_davidben_cert); |
831 | 973 |
832 CertPrincipal mit_issuer; | 974 CertPrincipal mit_issuer; |
(...skipping 398 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1231 } | 1373 } |
1232 | 1374 |
1233 EXPECT_EQ(test_data.expected, X509Certificate::VerifyHostname( | 1375 EXPECT_EQ(test_data.expected, X509Certificate::VerifyHostname( |
1234 test_data.hostname, common_name, dns_names, ip_addressses)); | 1376 test_data.hostname, common_name, dns_names, ip_addressses)); |
1235 } | 1377 } |
1236 | 1378 |
1237 INSTANTIATE_TEST_CASE_P(, X509CertificateNameVerifyTest, | 1379 INSTANTIATE_TEST_CASE_P(, X509CertificateNameVerifyTest, |
1238 testing::ValuesIn(kNameVerifyTestData)); | 1380 testing::ValuesIn(kNameVerifyTestData)); |
1239 | 1381 |
1240 } // namespace net | 1382 } // namespace net |
OLD | NEW |