OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "base/file_path.h" | 5 #include "base/file_path.h" |
6 #include "base/file_util.h" | 6 #include "base/file_util.h" |
7 #include "base/path_service.h" | 7 #include "base/path_service.h" |
8 #include "base/pickle.h" | 8 #include "base/pickle.h" |
9 #include "base/sha1.h" | 9 #include "base/sha1.h" |
10 #include "base/string_number_conversions.h" | 10 #include "base/string_number_conversions.h" |
(...skipping 19 matching lines...) Expand all Loading... |
30 // through online servers. If you're manually running unit tests, feel free to | 30 // through online servers. If you're manually running unit tests, feel free to |
31 // turn this on to test EV certs. But leave it turned off for the automated | 31 // turn this on to test EV certs. But leave it turned off for the automated |
32 // testing. | 32 // testing. |
33 #define ALLOW_EXTERNAL_ACCESS 0 | 33 #define ALLOW_EXTERNAL_ACCESS 0 |
34 | 34 |
35 #if ALLOW_EXTERNAL_ACCESS && defined(OS_WIN) | 35 #if ALLOW_EXTERNAL_ACCESS && defined(OS_WIN) |
36 #define TEST_EV 1 // Test CERT_STATUS_IS_EV | 36 #define TEST_EV 1 // Test CERT_STATUS_IS_EV |
37 #endif | 37 #endif |
38 | 38 |
39 using base::HexEncode; | 39 using base::HexEncode; |
40 using base::SHA1_LENGTH; | |
41 using base::Time; | 40 using base::Time; |
42 | 41 |
43 namespace net { | 42 namespace net { |
44 | 43 |
45 // Certificates for test data. They're obtained with: | 44 // Certificates for test data. They're obtained with: |
46 // | 45 // |
47 // $ openssl s_client -connect [host]:443 -showcerts > /tmp/host.pem < /dev/null | 46 // $ openssl s_client -connect [host]:443 -showcerts > /tmp/host.pem < /dev/null |
48 // $ openssl x509 -inform PEM -outform DER < /tmp/host.pem > /tmp/host.der | 47 // $ openssl x509 -inform PEM -outform DER < /tmp/host.pem > /tmp/host.der |
49 // | 48 // |
50 // For fingerprint | 49 // For fingerprint |
(...skipping 555 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
606 scoped_refptr<X509Certificate> cert = | 605 scoped_refptr<X509Certificate> cert = |
607 ImportCertFromFile(certs_dir, "nist.der"); | 606 ImportCertFromFile(certs_dir, "nist.der"); |
608 ASSERT_NE(static_cast<X509Certificate*>(NULL), cert); | 607 ASSERT_NE(static_cast<X509Certificate*>(NULL), cert); |
609 | 608 |
610 std::string derBytes; | 609 std::string derBytes; |
611 EXPECT_TRUE(cert->GetDEREncoded(&derBytes)); | 610 EXPECT_TRUE(cert->GetDEREncoded(&derBytes)); |
612 | 611 |
613 base::StringPiece spkiBytes; | 612 base::StringPiece spkiBytes; |
614 EXPECT_TRUE(asn1::ExtractSPKIFromDERCert(derBytes, &spkiBytes)); | 613 EXPECT_TRUE(asn1::ExtractSPKIFromDERCert(derBytes, &spkiBytes)); |
615 | 614 |
616 uint8 hash[base::SHA1_LENGTH]; | 615 uint8 hash[base::kSHA1Length]; |
617 base::SHA1HashBytes(reinterpret_cast<const uint8*>(spkiBytes.data()), | 616 base::SHA1HashBytes(reinterpret_cast<const uint8*>(spkiBytes.data()), |
618 spkiBytes.size(), hash); | 617 spkiBytes.size(), hash); |
619 | 618 |
620 EXPECT_TRUE(0 == memcmp(hash, nistSPKIHash, sizeof(hash))); | 619 EXPECT_TRUE(0 == memcmp(hash, nistSPKIHash, sizeof(hash))); |
621 } | 620 } |
622 | 621 |
623 TEST(X509CertificateTest, ExtractCRLURLsFromDERCert) { | 622 TEST(X509CertificateTest, ExtractCRLURLsFromDERCert) { |
624 FilePath certs_dir = GetTestCertsDirectory(); | 623 FilePath certs_dir = GetTestCertsDirectory(); |
625 scoped_refptr<X509Certificate> cert = | 624 scoped_refptr<X509Certificate> cert = |
626 ImportCertFromFile(certs_dir, "nist.der"); | 625 ImportCertFromFile(certs_dir, "nist.der"); |
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
661 X509Certificate::CreateFromHandle(cert->os_cert_handle(), | 660 X509Certificate::CreateFromHandle(cert->os_cert_handle(), |
662 intermediates); | 661 intermediates); |
663 | 662 |
664 int flags = 0; | 663 int flags = 0; |
665 CertVerifyResult verify_result; | 664 CertVerifyResult verify_result; |
666 | 665 |
667 int error = cert_chain->Verify("www.nist.gov", flags, &verify_result); | 666 int error = cert_chain->Verify("www.nist.gov", flags, &verify_result); |
668 EXPECT_EQ(OK, error); | 667 EXPECT_EQ(OK, error); |
669 EXPECT_EQ(0U, verify_result.cert_status); | 668 EXPECT_EQ(0U, verify_result.cert_status); |
670 ASSERT_LE(2u, verify_result.public_key_hashes.size()); | 669 ASSERT_LE(2u, verify_result.public_key_hashes.size()); |
671 EXPECT_EQ(HexEncode(nistSPKIHash, base::SHA1_LENGTH), | 670 EXPECT_EQ(HexEncode(nistSPKIHash, base::kSHA1Length), |
672 HexEncode(verify_result.public_key_hashes[0].data, SHA1_LENGTH)); | 671 HexEncode(verify_result.public_key_hashes[0].data, base::kSHA1Length)); |
673 EXPECT_EQ("83244223D6CBF0A26FC7DE27CEBCA4BDA32612AD", | 672 EXPECT_EQ("83244223D6CBF0A26FC7DE27CEBCA4BDA32612AD", |
674 HexEncode(verify_result.public_key_hashes[1].data, SHA1_LENGTH)); | 673 HexEncode(verify_result.public_key_hashes[1].data, base::kSHA1Length)); |
675 | 674 |
676 TestRootCerts::GetInstance()->Clear(); | 675 TestRootCerts::GetInstance()->Clear(); |
677 } | 676 } |
678 | 677 |
679 // A regression test for http://crbug.com/70293. | 678 // A regression test for http://crbug.com/70293. |
680 // The Key Usage extension in this RSA SSL server certificate does not have | 679 // The Key Usage extension in this RSA SSL server certificate does not have |
681 // the keyEncipherment bit. | 680 // the keyEncipherment bit. |
682 TEST(X509CertificateTest, InvalidKeyUsage) { | 681 TEST(X509CertificateTest, InvalidKeyUsage) { |
683 FilePath certs_dir = GetTestCertsDirectory(); | 682 FilePath certs_dir = GetTestCertsDirectory(); |
684 | 683 |
(...skipping 813 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1498 } | 1497 } |
1499 | 1498 |
1500 EXPECT_EQ(test_data.expected, X509Certificate::VerifyHostname( | 1499 EXPECT_EQ(test_data.expected, X509Certificate::VerifyHostname( |
1501 test_data.hostname, common_name, dns_names, ip_addressses)); | 1500 test_data.hostname, common_name, dns_names, ip_addressses)); |
1502 } | 1501 } |
1503 | 1502 |
1504 INSTANTIATE_TEST_CASE_P(, X509CertificateNameVerifyTest, | 1503 INSTANTIATE_TEST_CASE_P(, X509CertificateNameVerifyTest, |
1505 testing::ValuesIn(kNameVerifyTestData)); | 1504 testing::ValuesIn(kNameVerifyTestData)); |
1506 | 1505 |
1507 } // namespace net | 1506 } // namespace net |
OLD | NEW |