Chromium Code Reviews| Index: net/base/x509_certificate_unittest.cc |
| diff --git a/net/base/x509_certificate_unittest.cc b/net/base/x509_certificate_unittest.cc |
| index a8d6cf12f476d47e74ca1c30f38f055c7acc2160..39a1c8906aecdf9b3be40ebe3cec923d82019d3b 100644 |
| --- a/net/base/x509_certificate_unittest.cc |
| +++ b/net/base/x509_certificate_unittest.cc |
| @@ -534,6 +534,40 @@ TEST(X509CertificateTest, GoogleDigiNotarTest) { |
| EXPECT_NE(OK, error); |
| } |
| +TEST(X509CertificateTest, DigiNotarCerts) { |
| + static const char* kDigiNotarFilenames[] = { |
|
wtc
2011/09/12 18:59:53
Nit: need one more 'const', after '*'.
agl
2011/09/12 22:34:28
Done.
|
| + "diginotar_root_ca.pem", |
| + "diginotar_cyber_ca.pem", |
| + "diginotar_services_1024_ca.pem", |
| + "diginotar_pkioverheid.pem", |
| + "diginotar_pkioverheid_g2.pem", |
| + NULL, |
| + }; |
| + |
| + FilePath certs_dir = GetTestCertsDirectory(); |
| + |
| + for (size_t i = 0; kDigiNotarFilenames[i]; i++) { |
| + scoped_refptr<X509Certificate> diginotar_cert = |
| + ImportCertFromFile(certs_dir, kDigiNotarFilenames[i]); |
| + std::string der_bytes; |
| + ASSERT_TRUE(diginotar_cert->GetDEREncoded(&der_bytes)); |
| + |
| + base::StringPiece spki; |
| + ASSERT_TRUE(asn1::ExtractSPKIFromDERCert(der_bytes, &spki)); |
| + |
| + std::string spki_sha1 = base::SHA1HashString(spki.as_string()); |
| + |
| + std::vector<SHA1Fingerprint> public_keys; |
| + SHA1Fingerprint fingerprint; |
| + ASSERT_EQ(sizeof(fingerprint.data), spki_sha1.size()); |
| + memcpy(fingerprint.data, spki_sha1.data(), spki_sha1.size()); |
| + public_keys.push_back(fingerprint); |
| + |
| + EXPECT_TRUE(X509Certificate::IsPublicKeyBlacklisted(public_keys)) << |
| + "Public key not blocked for " << kDigiNotarFilenames[i]; |
| + } |
| +} |
| + |
| TEST(X509CertificateTest, TestKnownRoot) { |
| FilePath certs_dir = GetTestCertsDirectory(); |
| scoped_refptr<X509Certificate> cert = |