Chromium Code Reviews Chromium Code Reviews
Issue 7972024:
Update SHA1_LENGTH -> kSHA1Length to match previous change to SHA256_LENGTH. (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "base/file_path.h" | 5 #include "base/file_path.h" |
| 6 #include "base/file_util.h" | 6 #include "base/file_util.h" |
| 7 #include "base/path_service.h" | 7 #include "base/path_service.h" |
| 8 #include "base/pickle.h" | 8 #include "base/pickle.h" |
| 9 #include "base/sha1.h" | 9 #include "base/sha1.h" |
| 10 #include "base/string_number_conversions.h" | 10 #include "base/string_number_conversions.h" |
| (...skipping 19 matching lines...) Expand all Loading... | |
| 30 // through online servers. If you're manually running unit tests, feel free to | 30 // through online servers. If you're manually running unit tests, feel free to |
| 31 // turn this on to test EV certs. But leave it turned off for the automated | 31 // turn this on to test EV certs. But leave it turned off for the automated |
| 32 // testing. | 32 // testing. |
| 33 #define ALLOW_EXTERNAL_ACCESS 0 | 33 #define ALLOW_EXTERNAL_ACCESS 0 |
| 34 | 34 |
| 35 #if ALLOW_EXTERNAL_ACCESS && defined(OS_WIN) | 35 #if ALLOW_EXTERNAL_ACCESS && defined(OS_WIN) |
| 36 #define TEST_EV 1 // Test CERT_STATUS_IS_EV | 36 #define TEST_EV 1 // Test CERT_STATUS_IS_EV |
| 37 #endif | 37 #endif |
| 38 | 38 |
| 39 using base::HexEncode; | 39 using base::HexEncode; |
| 40 using base::SHA1_LENGTH; | |
| 41 using base::Time; | 40 using base::Time; |
| 42 | 41 |
| 43 namespace net { | 42 namespace net { |
| 44 | 43 |
| 45 // Certificates for test data. They're obtained with: | 44 // Certificates for test data. They're obtained with: |
| 46 // | 45 // |
| 47 // $ openssl s_client -connect [host]:443 -showcerts > /tmp/host.pem < /dev/null | 46 // $ openssl s_client -connect [host]:443 -showcerts > /tmp/host.pem < /dev/null |
| 48 // $ openssl x509 -inform PEM -outform DER < /tmp/host.pem > /tmp/host.der | 47 // $ openssl x509 -inform PEM -outform DER < /tmp/host.pem > /tmp/host.der |
| 49 // | 48 // |
| 50 // For fingerprint | 49 // For fingerprint |
| (...skipping 555 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 606 scoped_refptr<X509Certificate> cert = | 605 scoped_refptr<X509Certificate> cert = |
| 607 ImportCertFromFile(certs_dir, "nist.der"); | 606 ImportCertFromFile(certs_dir, "nist.der"); |
| 608 ASSERT_NE(static_cast<X509Certificate*>(NULL), cert); | 607 ASSERT_NE(static_cast<X509Certificate*>(NULL), cert); |
| 609 | 608 |
| 610 std::string derBytes; | 609 std::string derBytes; |
| 611 EXPECT_TRUE(cert->GetDEREncoded(&derBytes)); | 610 EXPECT_TRUE(cert->GetDEREncoded(&derBytes)); |
| 612 | 611 |
| 613 base::StringPiece spkiBytes; | 612 base::StringPiece spkiBytes; |
| 614 EXPECT_TRUE(asn1::ExtractSPKIFromDERCert(derBytes, &spkiBytes)); | 613 EXPECT_TRUE(asn1::ExtractSPKIFromDERCert(derBytes, &spkiBytes)); |
| 615 | 614 |
| 616 uint8 hash[base::SHA1_LENGTH]; | 615 uint8 hash[base::kSHA1Length]; |
| 617 base::SHA1HashBytes(reinterpret_cast<const uint8*>(spkiBytes.data()), | 616 base::SHA1HashBytes(reinterpret_cast<const uint8*>(spkiBytes.data()), |
| 618 spkiBytes.size(), hash); | 617 spkiBytes.size(), hash); |
| 619 | 618 |
| 620 EXPECT_TRUE(0 == memcmp(hash, nistSPKIHash, sizeof(hash))); | 619 EXPECT_TRUE(0 == memcmp(hash, nistSPKIHash, sizeof(hash))); |
| 621 } | 620 } |
| 622 | 621 |
| 623 TEST(X509CertificateTest, ExtractCRLURLsFromDERCert) { | 622 TEST(X509CertificateTest, ExtractCRLURLsFromDERCert) { |
| 624 FilePath certs_dir = GetTestCertsDirectory(); | 623 FilePath certs_dir = GetTestCertsDirectory(); |
| 625 scoped_refptr<X509Certificate> cert = | 624 scoped_refptr<X509Certificate> cert = |
| 626 ImportCertFromFile(certs_dir, "nist.der"); | 625 ImportCertFromFile(certs_dir, "nist.der"); |
| (...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 661 X509Certificate::CreateFromHandle(cert->os_cert_handle(), | 660 X509Certificate::CreateFromHandle(cert->os_cert_handle(), |
| 662 intermediates); | 661 intermediates); |
| 663 | 662 |
| 664 int flags = 0; | 663 int flags = 0; |
| 665 CertVerifyResult verify_result; | 664 CertVerifyResult verify_result; |
| 666 | 665 |
| 667 int error = cert_chain->Verify("www.nist.gov", flags, &verify_result); | 666 int error = cert_chain->Verify("www.nist.gov", flags, &verify_result); |
| 668 EXPECT_EQ(OK, error); | 667 EXPECT_EQ(OK, error); |
| 669 EXPECT_EQ(0U, verify_result.cert_status); | 668 EXPECT_EQ(0U, verify_result.cert_status); |
| 670 ASSERT_LE(2u, verify_result.public_key_hashes.size()); | 669 ASSERT_LE(2u, verify_result.public_key_hashes.size()); |
| 671 EXPECT_EQ(HexEncode(nistSPKIHash, base::SHA1_LENGTH), | 670 EXPECT_EQ(HexEncode(nistSPKIHash, base::kSHA1Length), |
| 672 HexEncode(verify_result.public_key_hashes[0].data, SHA1_LENGTH)); | 671 HexEncode(verify_result.public_key_hashes[0].data, base::kSHA1Length)); |
| 673 EXPECT_EQ("83244223D6CBF0A26FC7DE27CEBCA4BDA32612AD", | 672 EXPECT_EQ("83244223D6CBF0A26FC7DE27CEBCA4BDA32612AD", |
| 674 HexEncode(verify_result.public_key_hashes[1].data, SHA1_LENGTH)); | 673 HexEncode(verify_result.public_key_hashes[1].data, base::kSHA1Length)); |
|
wtc
2011/09/24 01:39:41
Nit: I like the original indentation better. Will
Peter Kasting
2011/09/25 20:52:01
Yes.
| |
| 675 | 674 |
| 676 TestRootCerts::GetInstance()->Clear(); | 675 TestRootCerts::GetInstance()->Clear(); |
| 677 } | 676 } |
| 678 | 677 |
| 679 // A regression test for http://crbug.com/70293. | 678 // A regression test for http://crbug.com/70293. |
| 680 // The Key Usage extension in this RSA SSL server certificate does not have | 679 // The Key Usage extension in this RSA SSL server certificate does not have |
| 681 // the keyEncipherment bit. | 680 // the keyEncipherment bit. |
| 682 TEST(X509CertificateTest, InvalidKeyUsage) { | 681 TEST(X509CertificateTest, InvalidKeyUsage) { |
| 683 FilePath certs_dir = GetTestCertsDirectory(); | 682 FilePath certs_dir = GetTestCertsDirectory(); |
| 684 | 683 |
| (...skipping 813 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1498 } | 1497 } |
| 1499 | 1498 |
| 1500 EXPECT_EQ(test_data.expected, X509Certificate::VerifyHostname( | 1499 EXPECT_EQ(test_data.expected, X509Certificate::VerifyHostname( |
| 1501 test_data.hostname, common_name, dns_names, ip_addressses)); | 1500 test_data.hostname, common_name, dns_names, ip_addressses)); |
| 1502 } | 1501 } |
| 1503 | 1502 |
| 1504 INSTANTIATE_TEST_CASE_P(, X509CertificateNameVerifyTest, | 1503 INSTANTIATE_TEST_CASE_P(, X509CertificateNameVerifyTest, |
| 1505 testing::ValuesIn(kNameVerifyTestData)); | 1504 testing::ValuesIn(kNameVerifyTestData)); |
| 1506 | 1505 |
| 1507 } // namespace net | 1506 } // namespace net |
| OLD | NEW |
