Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(391)

Side by Side Diff: net/base/x509_certificate_unittest.cc

Issue 7865027: net: update public key block for the correct Cyber CA certs. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: ... Created 9 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/base/x509_certificate.cc ('k') | net/data/ssl/certificates/diginotar_cyber_ca.pem » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "base/file_path.h" 5 #include "base/file_path.h"
6 #include "base/file_util.h" 6 #include "base/file_util.h"
7 #include "base/path_service.h" 7 #include "base/path_service.h"
8 #include "base/pickle.h" 8 #include "base/pickle.h"
9 #include "base/sha1.h" 9 #include "base/sha1.h"
10 #include "base/string_number_conversions.h" 10 #include "base/string_number_conversions.h"
(...skipping 516 matching lines...) Expand 10 before | Expand all | Expand 10 after
527 int error = cert_chain->Verify("mail.google.com", flags, &verify_result); 527 int error = cert_chain->Verify("mail.google.com", flags, &verify_result);
528 EXPECT_NE(OK, error); 528 EXPECT_NE(OK, error);
529 529
530 // Now turn off revocation checking. Certificate verification should still 530 // Now turn off revocation checking. Certificate verification should still
531 // fail. 531 // fail.
532 flags = 0; 532 flags = 0;
533 error = cert_chain->Verify("mail.google.com", flags, &verify_result); 533 error = cert_chain->Verify("mail.google.com", flags, &verify_result);
534 EXPECT_NE(OK, error); 534 EXPECT_NE(OK, error);
535 } 535 }
536 536
537 TEST(X509CertificateTest, DigiNotarCerts) {
538 static const char* const kDigiNotarFilenames[] = {
539 "diginotar_root_ca.pem",
540 "diginotar_cyber_ca.pem",
541 "diginotar_services_1024_ca.pem",
542 "diginotar_pkioverheid.pem",
543 "diginotar_pkioverheid_g2.pem",
544 NULL,
545 };
546
547 FilePath certs_dir = GetTestCertsDirectory();
548
549 for (size_t i = 0; kDigiNotarFilenames[i]; i++) {
550 scoped_refptr<X509Certificate> diginotar_cert =
551 ImportCertFromFile(certs_dir, kDigiNotarFilenames[i]);
552 std::string der_bytes;
553 ASSERT_TRUE(diginotar_cert->GetDEREncoded(&der_bytes));
554
555 base::StringPiece spki;
556 ASSERT_TRUE(asn1::ExtractSPKIFromDERCert(der_bytes, &spki));
557
558 std::string spki_sha1 = base::SHA1HashString(spki.as_string());
559
560 std::vector<SHA1Fingerprint> public_keys;
561 SHA1Fingerprint fingerprint;
562 ASSERT_EQ(sizeof(fingerprint.data), spki_sha1.size());
563 memcpy(fingerprint.data, spki_sha1.data(), spki_sha1.size());
564 public_keys.push_back(fingerprint);
565
566 EXPECT_TRUE(X509Certificate::IsPublicKeyBlacklisted(public_keys)) <<
567 "Public key not blocked for " << kDigiNotarFilenames[i];
568 }
569 }
570
537 TEST(X509CertificateTest, TestKnownRoot) { 571 TEST(X509CertificateTest, TestKnownRoot) {
538 FilePath certs_dir = GetTestCertsDirectory(); 572 FilePath certs_dir = GetTestCertsDirectory();
539 scoped_refptr<X509Certificate> cert = 573 scoped_refptr<X509Certificate> cert =
540 ImportCertFromFile(certs_dir, "nist.der"); 574 ImportCertFromFile(certs_dir, "nist.der");
541 ASSERT_NE(static_cast<X509Certificate*>(NULL), cert); 575 ASSERT_NE(static_cast<X509Certificate*>(NULL), cert);
542 576
543 // This intermediate is only needed for old Linux machines. Modern NSS 577 // This intermediate is only needed for old Linux machines. Modern NSS
544 // includes it as a root already. 578 // includes it as a root already.
545 scoped_refptr<X509Certificate> intermediate_cert = 579 scoped_refptr<X509Certificate> intermediate_cert =
546 ImportCertFromFile(certs_dir, "nist_intermediate.der"); 580 ImportCertFromFile(certs_dir, "nist_intermediate.der");
(...skipping 917 matching lines...) Expand 10 before | Expand all | Expand 10 after
1464 } 1498 }
1465 1499
1466 EXPECT_EQ(test_data.expected, X509Certificate::VerifyHostname( 1500 EXPECT_EQ(test_data.expected, X509Certificate::VerifyHostname(
1467 test_data.hostname, common_name, dns_names, ip_addressses)); 1501 test_data.hostname, common_name, dns_names, ip_addressses));
1468 } 1502 }
1469 1503
1470 INSTANTIATE_TEST_CASE_P(, X509CertificateNameVerifyTest, 1504 INSTANTIATE_TEST_CASE_P(, X509CertificateNameVerifyTest,
1471 testing::ValuesIn(kNameVerifyTestData)); 1505 testing::ValuesIn(kNameVerifyTestData));
1472 1506
1473 } // namespace net 1507 } // namespace net
OLDNEW
« no previous file with comments | « net/base/x509_certificate.cc ('k') | net/data/ssl/certificates/diginotar_cyber_ca.pem » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698