OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "base/file_path.h" | 5 #include "base/file_path.h" |
6 #include "base/file_util.h" | 6 #include "base/file_util.h" |
7 #include "base/path_service.h" | 7 #include "base/path_service.h" |
8 #include "base/pickle.h" | 8 #include "base/pickle.h" |
9 #include "base/sha1.h" | 9 #include "base/sha1.h" |
10 #include "base/string_number_conversions.h" | 10 #include "base/string_number_conversions.h" |
(...skipping 1471 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1482 } | 1482 } |
1483 } | 1483 } |
1484 | 1484 |
1485 EXPECT_EQ(test_data.expected, X509Certificate::VerifyHostname( | 1485 EXPECT_EQ(test_data.expected, X509Certificate::VerifyHostname( |
1486 test_data.hostname, common_name, dns_names, ip_addressses)); | 1486 test_data.hostname, common_name, dns_names, ip_addressses)); |
1487 } | 1487 } |
1488 | 1488 |
1489 INSTANTIATE_TEST_CASE_P(, X509CertificateNameVerifyTest, | 1489 INSTANTIATE_TEST_CASE_P(, X509CertificateNameVerifyTest, |
1490 testing::ValuesIn(kNameVerifyTestData)); | 1490 testing::ValuesIn(kNameVerifyTestData)); |
1491 | 1491 |
1492 // Not implemented on Mac or OpenSSL - http://crbug.com/101123 | 1492 // Not implemented on OpenSSL - http://crbug.com/101123 |
1493 #if defined(USE_NSS) || defined(OS_WIN) | 1493 #if defined(USE_NSS) || defined(OS_WIN) || defined(OS_MACOSX) |
1494 | 1494 |
1495 struct WeakDigestTestData { | 1495 struct WeakDigestTestData { |
1496 const char* root_cert_filename; | 1496 const char* root_cert_filename; |
1497 const char* intermediate_cert_filename; | 1497 const char* intermediate_cert_filename; |
1498 const char* ee_cert_filename; | 1498 const char* ee_cert_filename; |
1499 bool expected_has_md5; | 1499 bool expected_has_md5; |
1500 bool expected_has_md4; | 1500 bool expected_has_md4; |
1501 bool expected_has_md2; | 1501 bool expected_has_md2; |
1502 bool expected_has_md5_ca; | 1502 bool expected_has_md5_ca; |
1503 bool expected_has_md2_ca; | 1503 bool expected_has_md2_ca; |
(...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1567 // around this, indirect the macro for INSTANTIATE_TEST_CASE_P, so that the | 1567 // around this, indirect the macro for INSTANTIATE_TEST_CASE_P, so that the |
1568 // pre-processor will expand macros such as MAYBE_test_name before | 1568 // pre-processor will expand macros such as MAYBE_test_name before |
1569 // instantiating the test. | 1569 // instantiating the test. |
1570 #define WRAPPED_INSTANTIATE_TEST_CASE_P(prefix, test_case_name, generator) \ | 1570 #define WRAPPED_INSTANTIATE_TEST_CASE_P(prefix, test_case_name, generator) \ |
1571 INSTANTIATE_TEST_CASE_P(prefix, test_case_name, generator) | 1571 INSTANTIATE_TEST_CASE_P(prefix, test_case_name, generator) |
1572 | 1572 |
1573 // The signature algorithm of the root CA should not matter. | 1573 // The signature algorithm of the root CA should not matter. |
1574 const WeakDigestTestData kVerifyRootCATestData[] = { | 1574 const WeakDigestTestData kVerifyRootCATestData[] = { |
1575 { "weak_digest_md5_root.pem", "weak_digest_sha1_intermediate.pem", | 1575 { "weak_digest_md5_root.pem", "weak_digest_sha1_intermediate.pem", |
1576 "weak_digest_sha1_ee.pem", false, false, false, false, false }, | 1576 "weak_digest_sha1_ee.pem", false, false, false, false, false }, |
| 1577 #if !defined(OS_MACOSX) // MD4 is not supported. |
1577 { "weak_digest_md4_root.pem", "weak_digest_sha1_intermediate.pem", | 1578 { "weak_digest_md4_root.pem", "weak_digest_sha1_intermediate.pem", |
1578 "weak_digest_sha1_ee.pem", false, false, false, false, false }, | 1579 "weak_digest_sha1_ee.pem", false, false, false, false, false }, |
| 1580 #endif |
1579 { "weak_digest_md2_root.pem", "weak_digest_sha1_intermediate.pem", | 1581 { "weak_digest_md2_root.pem", "weak_digest_sha1_intermediate.pem", |
1580 "weak_digest_sha1_ee.pem", false, false, false, false, false }, | 1582 "weak_digest_sha1_ee.pem", false, false, false, false, false }, |
1581 }; | 1583 }; |
1582 INSTANTIATE_TEST_CASE_P(VerifyRoot, X509CertificateWeakDigestTest, | 1584 INSTANTIATE_TEST_CASE_P(VerifyRoot, X509CertificateWeakDigestTest, |
1583 testing::ValuesIn(kVerifyRootCATestData)); | 1585 testing::ValuesIn(kVerifyRootCATestData)); |
1584 | 1586 |
1585 // The signature algorithm of intermediates should be properly detected. | 1587 // The signature algorithm of intermediates should be properly detected. |
1586 const WeakDigestTestData kVerifyIntermediateCATestData[] = { | 1588 const WeakDigestTestData kVerifyIntermediateCATestData[] = { |
1587 { "weak_digest_sha1_root.pem", "weak_digest_md5_intermediate.pem", | 1589 { "weak_digest_sha1_root.pem", "weak_digest_md5_intermediate.pem", |
1588 "weak_digest_sha1_ee.pem", true, false, false, true, false }, | 1590 "weak_digest_sha1_ee.pem", true, false, false, true, false }, |
1589 // NSS does not support MD4 and does not enable MD2 by policy. | 1591 #if !defined(USE_NSS) && !defined(OS_MACOSX) // MD4 is not supported. |
1590 #if !defined(USE_NSS) | |
1591 { "weak_digest_sha1_root.pem", "weak_digest_md4_intermediate.pem", | 1592 { "weak_digest_sha1_root.pem", "weak_digest_md4_intermediate.pem", |
1592 "weak_digest_sha1_ee.pem", false, true, false, false, false }, | 1593 "weak_digest_sha1_ee.pem", false, true, false, false, false }, |
| 1594 #endif |
| 1595 #if !defined(USE_NSS) // MD2 is disabled by default. |
1593 { "weak_digest_sha1_root.pem", "weak_digest_md2_intermediate.pem", | 1596 { "weak_digest_sha1_root.pem", "weak_digest_md2_intermediate.pem", |
1594 "weak_digest_sha1_ee.pem", false, false, true, false, true }, | 1597 "weak_digest_sha1_ee.pem", false, false, true, false, true }, |
1595 #endif | 1598 #endif |
1596 }; | 1599 }; |
1597 INSTANTIATE_TEST_CASE_P(VerifyIntermediate, X509CertificateWeakDigestTest, | 1600 INSTANTIATE_TEST_CASE_P(VerifyIntermediate, X509CertificateWeakDigestTest, |
1598 testing::ValuesIn(kVerifyIntermediateCATestData)); | 1601 testing::ValuesIn(kVerifyIntermediateCATestData)); |
1599 | 1602 |
1600 // The signature algorithm of end-entity should be properly detected. | 1603 // The signature algorithm of end-entity should be properly detected. |
1601 const WeakDigestTestData kVerifyEndEntityTestData[] = { | 1604 const WeakDigestTestData kVerifyEndEntityTestData[] = { |
1602 { "weak_digest_sha1_root.pem", "weak_digest_sha1_intermediate.pem", | 1605 { "weak_digest_sha1_root.pem", "weak_digest_sha1_intermediate.pem", |
1603 "weak_digest_md5_ee.pem", true, false, false, false, false }, | 1606 "weak_digest_md5_ee.pem", true, false, false, false, false }, |
1604 // NSS does not support MD4 and does not enable MD2 by policy. | 1607 #if !defined(USE_NSS) && !defined(OS_MACOSX) // MD4 is not supported. |
1605 #if !defined(USE_NSS) | |
1606 { "weak_digest_sha1_root.pem", "weak_digest_sha1_intermediate.pem", | 1608 { "weak_digest_sha1_root.pem", "weak_digest_sha1_intermediate.pem", |
1607 "weak_digest_md4_ee.pem", false, true, false, false, false }, | 1609 "weak_digest_md4_ee.pem", false, true, false, false, false }, |
| 1610 #endif |
| 1611 #if !defined(USE_NSS) // MD2 is disabled by default. |
1608 { "weak_digest_sha1_root.pem", "weak_digest_sha1_intermediate.pem", | 1612 { "weak_digest_sha1_root.pem", "weak_digest_sha1_intermediate.pem", |
1609 "weak_digest_md2_ee.pem", false, false, true, false, false }, | 1613 "weak_digest_md2_ee.pem", false, false, true, false, false }, |
1610 #endif | 1614 #endif |
1611 }; | 1615 }; |
1612 // Disabled on NSS - NSS caches chains/signatures in such a way that cannot | 1616 // Disabled on NSS - NSS caches chains/signatures in such a way that cannot |
1613 // be cleared until NSS is cleanly shutdown, which is not presently supported | 1617 // be cleared until NSS is cleanly shutdown, which is not presently supported |
1614 // in Chromium. | 1618 // in Chromium. |
1615 #if defined(USE_NSS) | 1619 #if defined(USE_NSS) |
1616 #define MAYBE_VerifyEndEntity DISABLED_VerifyEndEntity | 1620 #define MAYBE_VerifyEndEntity DISABLED_VerifyEndEntity |
1617 #else | 1621 #else |
1618 #define MAYBE_VerifyEndEntity VerifyEndEntity | 1622 #define MAYBE_VerifyEndEntity VerifyEndEntity |
1619 #endif | 1623 #endif |
1620 WRAPPED_INSTANTIATE_TEST_CASE_P(MAYBE_VerifyEndEntity, | 1624 WRAPPED_INSTANTIATE_TEST_CASE_P(MAYBE_VerifyEndEntity, |
1621 X509CertificateWeakDigestTest, | 1625 X509CertificateWeakDigestTest, |
1622 testing::ValuesIn(kVerifyEndEntityTestData)); | 1626 testing::ValuesIn(kVerifyEndEntityTestData)); |
1623 | 1627 |
1624 // Incomplete chains should still report the status of the intermediate. | 1628 // Incomplete chains should still report the status of the intermediate. |
1625 const WeakDigestTestData kVerifyIncompleteIntermediateTestData[] = { | 1629 const WeakDigestTestData kVerifyIncompleteIntermediateTestData[] = { |
1626 { NULL, "weak_digest_md5_intermediate.pem", "weak_digest_sha1_ee.pem", | 1630 { NULL, "weak_digest_md5_intermediate.pem", "weak_digest_sha1_ee.pem", |
1627 true, false, false, true, false }, | 1631 true, false, false, true, false }, |
| 1632 #if !defined(OS_MACOSX) // MD4 is not supported. |
1628 { NULL, "weak_digest_md4_intermediate.pem", "weak_digest_sha1_ee.pem", | 1633 { NULL, "weak_digest_md4_intermediate.pem", "weak_digest_sha1_ee.pem", |
1629 false, true, false, false, false }, | 1634 false, true, false, false, false }, |
| 1635 #endif |
1630 { NULL, "weak_digest_md2_intermediate.pem", "weak_digest_sha1_ee.pem", | 1636 { NULL, "weak_digest_md2_intermediate.pem", "weak_digest_sha1_ee.pem", |
1631 false, false, true, false, true }, | 1637 false, false, true, false, true }, |
1632 }; | 1638 }; |
1633 // Disabled on NSS - libpkix does not return constructed chains on error, | 1639 // Disabled on NSS - libpkix does not return constructed chains on error, |
1634 // preventing us from detecting/inspecting the verified chain. | 1640 // preventing us from detecting/inspecting the verified chain. |
1635 #if defined(USE_NSS) | 1641 #if defined(USE_NSS) |
1636 #define MAYBE_VerifyIncompleteIntermediate \ | 1642 #define MAYBE_VerifyIncompleteIntermediate \ |
1637 DISABLED_VerifyIncompleteIntermediate | 1643 DISABLED_VerifyIncompleteIntermediate |
1638 #else | 1644 #else |
1639 #define MAYBE_VerifyIncompleteIntermediate VerifyIncompleteIntermediate | 1645 #define MAYBE_VerifyIncompleteIntermediate VerifyIncompleteIntermediate |
1640 #endif | 1646 #endif |
1641 WRAPPED_INSTANTIATE_TEST_CASE_P( | 1647 WRAPPED_INSTANTIATE_TEST_CASE_P( |
1642 MAYBE_VerifyIncompleteIntermediate, | 1648 MAYBE_VerifyIncompleteIntermediate, |
1643 X509CertificateWeakDigestTest, | 1649 X509CertificateWeakDigestTest, |
1644 testing::ValuesIn(kVerifyIncompleteIntermediateTestData)); | 1650 testing::ValuesIn(kVerifyIncompleteIntermediateTestData)); |
1645 | 1651 |
1646 // Incomplete chains should still report the status of the end-entity. | 1652 // Incomplete chains should still report the status of the end-entity. |
1647 const WeakDigestTestData kVerifyIncompleteEETestData[] = { | 1653 const WeakDigestTestData kVerifyIncompleteEETestData[] = { |
1648 { NULL, "weak_digest_sha1_intermediate.pem", "weak_digest_md5_ee.pem", | 1654 { NULL, "weak_digest_sha1_intermediate.pem", "weak_digest_md5_ee.pem", |
1649 true, false, false, false, false }, | 1655 true, false, false, false, false }, |
| 1656 #if !defined(OS_MACOSX) // MD4 is not supported. |
1650 { NULL, "weak_digest_sha1_intermediate.pem", "weak_digest_md4_ee.pem", | 1657 { NULL, "weak_digest_sha1_intermediate.pem", "weak_digest_md4_ee.pem", |
1651 false, true, false, false, false }, | 1658 false, true, false, false, false }, |
| 1659 #endif |
1652 { NULL, "weak_digest_sha1_intermediate.pem", "weak_digest_md2_ee.pem", | 1660 { NULL, "weak_digest_sha1_intermediate.pem", "weak_digest_md2_ee.pem", |
1653 false, false, true, false, false }, | 1661 false, false, true, false, false }, |
1654 }; | 1662 }; |
1655 // Disabled on NSS - libpkix does not return constructed chains on error, | 1663 // Disabled on NSS - libpkix does not return constructed chains on error, |
1656 // preventing us from detecting/inspecting the verified chain. | 1664 // preventing us from detecting/inspecting the verified chain. |
1657 #if defined(USE_NSS) | 1665 #if defined(USE_NSS) |
1658 #define MAYBE_VerifyIncompleteEndEntity DISABLED_VerifyIncompleteEndEntity | 1666 #define MAYBE_VerifyIncompleteEndEntity DISABLED_VerifyIncompleteEndEntity |
1659 #else | 1667 #else |
1660 #define MAYBE_VerifyIncompleteEndEntity VerifyIncompleteEndEntity | 1668 #define MAYBE_VerifyIncompleteEndEntity VerifyIncompleteEndEntity |
1661 #endif | 1669 #endif |
1662 WRAPPED_INSTANTIATE_TEST_CASE_P( | 1670 WRAPPED_INSTANTIATE_TEST_CASE_P( |
1663 MAYBE_VerifyIncompleteEndEntity, | 1671 MAYBE_VerifyIncompleteEndEntity, |
1664 X509CertificateWeakDigestTest, | 1672 X509CertificateWeakDigestTest, |
1665 testing::ValuesIn(kVerifyIncompleteEETestData)); | 1673 testing::ValuesIn(kVerifyIncompleteEETestData)); |
1666 | 1674 |
1667 // Differing algorithms between the intermediate and the EE should still be | 1675 // Differing algorithms between the intermediate and the EE should still be |
1668 // reported. | 1676 // reported. |
1669 const WeakDigestTestData kVerifyMixedTestData[] = { | 1677 const WeakDigestTestData kVerifyMixedTestData[] = { |
1670 { "weak_digest_sha1_root.pem", "weak_digest_md5_intermediate.pem", | 1678 { "weak_digest_sha1_root.pem", "weak_digest_md5_intermediate.pem", |
1671 "weak_digest_md2_ee.pem", true, false, true, true, false }, | 1679 "weak_digest_md2_ee.pem", true, false, true, true, false }, |
1672 { "weak_digest_sha1_root.pem", "weak_digest_md2_intermediate.pem", | 1680 { "weak_digest_sha1_root.pem", "weak_digest_md2_intermediate.pem", |
1673 "weak_digest_md5_ee.pem", true, false, true, false, true }, | 1681 "weak_digest_md5_ee.pem", true, false, true, false, true }, |
| 1682 #if !defined(OS_MACOSX) // MD4 is not supported. |
1674 { "weak_digest_sha1_root.pem", "weak_digest_md4_intermediate.pem", | 1683 { "weak_digest_sha1_root.pem", "weak_digest_md4_intermediate.pem", |
1675 "weak_digest_md2_ee.pem", false, true, true, false, false }, | 1684 "weak_digest_md2_ee.pem", false, true, true, false, false }, |
| 1685 #endif |
1676 }; | 1686 }; |
1677 // NSS does not support MD4 and does not enable MD2 by policy, making all | 1687 // NSS does not support MD4 and does not enable MD2 by default, making all |
1678 // permutations invalid. | 1688 // permutations invalid. |
1679 #if defined(USE_NSS) | 1689 #if defined(USE_NSS) |
1680 #define MAYBE_VerifyMixed DISABLED_VerifyMixed | 1690 #define MAYBE_VerifyMixed DISABLED_VerifyMixed |
1681 #else | 1691 #else |
1682 #define MAYBE_VerifyMixed VerifyMixed | 1692 #define MAYBE_VerifyMixed VerifyMixed |
1683 #endif | 1693 #endif |
1684 WRAPPED_INSTANTIATE_TEST_CASE_P( | 1694 WRAPPED_INSTANTIATE_TEST_CASE_P( |
1685 MAYBE_VerifyMixed, | 1695 MAYBE_VerifyMixed, |
1686 X509CertificateWeakDigestTest, | 1696 X509CertificateWeakDigestTest, |
1687 testing::ValuesIn(kVerifyMixedTestData)); | 1697 testing::ValuesIn(kVerifyMixedTestData)); |
1688 | 1698 |
1689 #endif // defined(USE_NSS) || defined(OS_WIN) | 1699 #endif // defined(USE_NSS) || defined(OS_WIN) || defined(OS_MACOSX) |
1690 | 1700 |
1691 } // namespace net | 1701 } // namespace net |
OLD | NEW |