| OLD | NEW |
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "base/file_path.h" | 5 #include "base/file_path.h" |
| 6 #include "base/file_util.h" | 6 #include "base/file_util.h" |
| 7 #include "base/path_service.h" | 7 #include "base/path_service.h" |
| 8 #include "base/pickle.h" | 8 #include "base/pickle.h" |
| 9 #include "base/sha1.h" | 9 #include "base/sha1.h" |
| 10 #include "base/string_number_conversions.h" | 10 #include "base/string_number_conversions.h" |
| (...skipping 516 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 527 int error = cert_chain->Verify("mail.google.com", flags, &verify_result); | 527 int error = cert_chain->Verify("mail.google.com", flags, &verify_result); |
| 528 EXPECT_NE(OK, error); | 528 EXPECT_NE(OK, error); |
| 529 | 529 |
| 530 // Now turn off revocation checking. Certificate verification should still | 530 // Now turn off revocation checking. Certificate verification should still |
| 531 // fail. | 531 // fail. |
| 532 flags = 0; | 532 flags = 0; |
| 533 error = cert_chain->Verify("mail.google.com", flags, &verify_result); | 533 error = cert_chain->Verify("mail.google.com", flags, &verify_result); |
| 534 EXPECT_NE(OK, error); | 534 EXPECT_NE(OK, error); |
| 535 } | 535 } |
| 536 | 536 |
| 537 TEST(X509CertificateTest, DigiNotarCerts) { |
| 538 static const char* const kDigiNotarFilenames[] = { |
| 539 "diginotar_root_ca.pem", |
| 540 "diginotar_cyber_ca.pem", |
| 541 "diginotar_services_1024_ca.pem", |
| 542 "diginotar_pkioverheid.pem", |
| 543 "diginotar_pkioverheid_g2.pem", |
| 544 NULL, |
| 545 }; |
| 546 |
| 547 FilePath certs_dir = GetTestCertsDirectory(); |
| 548 |
| 549 for (size_t i = 0; kDigiNotarFilenames[i]; i++) { |
| 550 scoped_refptr<X509Certificate> diginotar_cert = |
| 551 ImportCertFromFile(certs_dir, kDigiNotarFilenames[i]); |
| 552 std::string der_bytes; |
| 553 ASSERT_TRUE(diginotar_cert->GetDEREncoded(&der_bytes)); |
| 554 |
| 555 base::StringPiece spki; |
| 556 ASSERT_TRUE(asn1::ExtractSPKIFromDERCert(der_bytes, &spki)); |
| 557 |
| 558 std::string spki_sha1 = base::SHA1HashString(spki.as_string()); |
| 559 |
| 560 std::vector<SHA1Fingerprint> public_keys; |
| 561 SHA1Fingerprint fingerprint; |
| 562 ASSERT_EQ(sizeof(fingerprint.data), spki_sha1.size()); |
| 563 memcpy(fingerprint.data, spki_sha1.data(), spki_sha1.size()); |
| 564 public_keys.push_back(fingerprint); |
| 565 |
| 566 EXPECT_TRUE(X509Certificate::IsPublicKeyBlacklisted(public_keys)) << |
| 567 "Public key not blocked for " << kDigiNotarFilenames[i]; |
| 568 } |
| 569 } |
| 570 |
| 537 TEST(X509CertificateTest, TestKnownRoot) { | 571 TEST(X509CertificateTest, TestKnownRoot) { |
| 538 FilePath certs_dir = GetTestCertsDirectory(); | 572 FilePath certs_dir = GetTestCertsDirectory(); |
| 539 scoped_refptr<X509Certificate> cert = | 573 scoped_refptr<X509Certificate> cert = |
| 540 ImportCertFromFile(certs_dir, "nist.der"); | 574 ImportCertFromFile(certs_dir, "nist.der"); |
| 541 ASSERT_NE(static_cast<X509Certificate*>(NULL), cert); | 575 ASSERT_NE(static_cast<X509Certificate*>(NULL), cert); |
| 542 | 576 |
| 543 // This intermediate is only needed for old Linux machines. Modern NSS | 577 // This intermediate is only needed for old Linux machines. Modern NSS |
| 544 // includes it as a root already. | 578 // includes it as a root already. |
| 545 scoped_refptr<X509Certificate> intermediate_cert = | 579 scoped_refptr<X509Certificate> intermediate_cert = |
| 546 ImportCertFromFile(certs_dir, "nist_intermediate.der"); | 580 ImportCertFromFile(certs_dir, "nist_intermediate.der"); |
| (...skipping 917 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1464 } | 1498 } |
| 1465 | 1499 |
| 1466 EXPECT_EQ(test_data.expected, X509Certificate::VerifyHostname( | 1500 EXPECT_EQ(test_data.expected, X509Certificate::VerifyHostname( |
| 1467 test_data.hostname, common_name, dns_names, ip_addressses)); | 1501 test_data.hostname, common_name, dns_names, ip_addressses)); |
| 1468 } | 1502 } |
| 1469 | 1503 |
| 1470 INSTANTIATE_TEST_CASE_P(, X509CertificateNameVerifyTest, | 1504 INSTANTIATE_TEST_CASE_P(, X509CertificateNameVerifyTest, |
| 1471 testing::ValuesIn(kNameVerifyTestData)); | 1505 testing::ValuesIn(kNameVerifyTestData)); |
| 1472 | 1506 |
| 1473 } // namespace net | 1507 } // namespace net |
| OLD | NEW |