| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "base/file_path.h" | 5 #include "base/file_path.h" |
| 6 #include "base/file_util.h" | 6 #include "base/file_util.h" |
| 7 #include "base/path_service.h" | 7 #include "base/path_service.h" |
| 8 #include "base/pickle.h" | 8 #include "base/pickle.h" |
| 9 #include "base/sha1.h" | 9 #include "base/sha1.h" |
| 10 #include "base/string_number_conversions.h" | 10 #include "base/string_number_conversions.h" |
| (...skipping 1471 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1482 } | 1482 } |
| 1483 } | 1483 } |
| 1484 | 1484 |
| 1485 EXPECT_EQ(test_data.expected, X509Certificate::VerifyHostname( | 1485 EXPECT_EQ(test_data.expected, X509Certificate::VerifyHostname( |
| 1486 test_data.hostname, common_name, dns_names, ip_addressses)); | 1486 test_data.hostname, common_name, dns_names, ip_addressses)); |
| 1487 } | 1487 } |
| 1488 | 1488 |
| 1489 INSTANTIATE_TEST_CASE_P(, X509CertificateNameVerifyTest, | 1489 INSTANTIATE_TEST_CASE_P(, X509CertificateNameVerifyTest, |
| 1490 testing::ValuesIn(kNameVerifyTestData)); | 1490 testing::ValuesIn(kNameVerifyTestData)); |
| 1491 | 1491 |
| 1492 // Not implemented on Mac or OpenSSL - http://crbug.com/101123 | 1492 // Not implemented on OpenSSL - http://crbug.com/101123 |
| 1493 #if defined(USE_NSS) || defined(OS_WIN) | 1493 #if defined(USE_NSS) || defined(OS_WIN) || defined(OS_MACOSX) |
| 1494 | 1494 |
| 1495 struct WeakDigestTestData { | 1495 struct WeakDigestTestData { |
| 1496 const char* root_cert_filename; | 1496 const char* root_cert_filename; |
| 1497 const char* intermediate_cert_filename; | 1497 const char* intermediate_cert_filename; |
| 1498 const char* ee_cert_filename; | 1498 const char* ee_cert_filename; |
| 1499 bool expected_has_md5; | 1499 bool expected_has_md5; |
| 1500 bool expected_has_md4; | 1500 bool expected_has_md4; |
| 1501 bool expected_has_md2; | 1501 bool expected_has_md2; |
| 1502 bool expected_has_md5_ca; | 1502 bool expected_has_md5_ca; |
| 1503 bool expected_has_md2_ca; | 1503 bool expected_has_md2_ca; |
| (...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1567 // around this, indirect the macro for INSTANTIATE_TEST_CASE_P, so that the | 1567 // around this, indirect the macro for INSTANTIATE_TEST_CASE_P, so that the |
| 1568 // pre-processor will expand macros such as MAYBE_test_name before | 1568 // pre-processor will expand macros such as MAYBE_test_name before |
| 1569 // instantiating the test. | 1569 // instantiating the test. |
| 1570 #define WRAPPED_INSTANTIATE_TEST_CASE_P(prefix, test_case_name, generator) \ | 1570 #define WRAPPED_INSTANTIATE_TEST_CASE_P(prefix, test_case_name, generator) \ |
| 1571 INSTANTIATE_TEST_CASE_P(prefix, test_case_name, generator) | 1571 INSTANTIATE_TEST_CASE_P(prefix, test_case_name, generator) |
| 1572 | 1572 |
| 1573 // The signature algorithm of the root CA should not matter. | 1573 // The signature algorithm of the root CA should not matter. |
| 1574 const WeakDigestTestData kVerifyRootCATestData[] = { | 1574 const WeakDigestTestData kVerifyRootCATestData[] = { |
| 1575 { "weak_digest_md5_root.pem", "weak_digest_sha1_intermediate.pem", | 1575 { "weak_digest_md5_root.pem", "weak_digest_sha1_intermediate.pem", |
| 1576 "weak_digest_sha1_ee.pem", false, false, false, false, false }, | 1576 "weak_digest_sha1_ee.pem", false, false, false, false, false }, |
| 1577 #if !defined(OS_MACOSX) // MD4 is not supported. |
| 1577 { "weak_digest_md4_root.pem", "weak_digest_sha1_intermediate.pem", | 1578 { "weak_digest_md4_root.pem", "weak_digest_sha1_intermediate.pem", |
| 1578 "weak_digest_sha1_ee.pem", false, false, false, false, false }, | 1579 "weak_digest_sha1_ee.pem", false, false, false, false, false }, |
| 1580 #endif |
| 1579 { "weak_digest_md2_root.pem", "weak_digest_sha1_intermediate.pem", | 1581 { "weak_digest_md2_root.pem", "weak_digest_sha1_intermediate.pem", |
| 1580 "weak_digest_sha1_ee.pem", false, false, false, false, false }, | 1582 "weak_digest_sha1_ee.pem", false, false, false, false, false }, |
| 1581 }; | 1583 }; |
| 1582 INSTANTIATE_TEST_CASE_P(VerifyRoot, X509CertificateWeakDigestTest, | 1584 INSTANTIATE_TEST_CASE_P(VerifyRoot, X509CertificateWeakDigestTest, |
| 1583 testing::ValuesIn(kVerifyRootCATestData)); | 1585 testing::ValuesIn(kVerifyRootCATestData)); |
| 1584 | 1586 |
| 1585 // The signature algorithm of intermediates should be properly detected. | 1587 // The signature algorithm of intermediates should be properly detected. |
| 1586 const WeakDigestTestData kVerifyIntermediateCATestData[] = { | 1588 const WeakDigestTestData kVerifyIntermediateCATestData[] = { |
| 1587 { "weak_digest_sha1_root.pem", "weak_digest_md5_intermediate.pem", | 1589 { "weak_digest_sha1_root.pem", "weak_digest_md5_intermediate.pem", |
| 1588 "weak_digest_sha1_ee.pem", true, false, false, true, false }, | 1590 "weak_digest_sha1_ee.pem", true, false, false, true, false }, |
| 1589 // NSS does not support MD4 and does not enable MD2 by policy. | 1591 #if !defined(USE_NSS) && !defined(OS_MACOSX) // MD4 is not supported. |
| 1590 #if !defined(USE_NSS) | |
| 1591 { "weak_digest_sha1_root.pem", "weak_digest_md4_intermediate.pem", | 1592 { "weak_digest_sha1_root.pem", "weak_digest_md4_intermediate.pem", |
| 1592 "weak_digest_sha1_ee.pem", false, true, false, false, false }, | 1593 "weak_digest_sha1_ee.pem", false, true, false, false, false }, |
| 1594 #endif |
| 1595 #if !defined(USE_NSS) // MD2 is disabled by default. |
| 1593 { "weak_digest_sha1_root.pem", "weak_digest_md2_intermediate.pem", | 1596 { "weak_digest_sha1_root.pem", "weak_digest_md2_intermediate.pem", |
| 1594 "weak_digest_sha1_ee.pem", false, false, true, false, true }, | 1597 "weak_digest_sha1_ee.pem", false, false, true, false, true }, |
| 1595 #endif | 1598 #endif |
| 1596 }; | 1599 }; |
| 1597 INSTANTIATE_TEST_CASE_P(VerifyIntermediate, X509CertificateWeakDigestTest, | 1600 INSTANTIATE_TEST_CASE_P(VerifyIntermediate, X509CertificateWeakDigestTest, |
| 1598 testing::ValuesIn(kVerifyIntermediateCATestData)); | 1601 testing::ValuesIn(kVerifyIntermediateCATestData)); |
| 1599 | 1602 |
| 1600 // The signature algorithm of end-entity should be properly detected. | 1603 // The signature algorithm of end-entity should be properly detected. |
| 1601 const WeakDigestTestData kVerifyEndEntityTestData[] = { | 1604 const WeakDigestTestData kVerifyEndEntityTestData[] = { |
| 1602 { "weak_digest_sha1_root.pem", "weak_digest_sha1_intermediate.pem", | 1605 { "weak_digest_sha1_root.pem", "weak_digest_sha1_intermediate.pem", |
| 1603 "weak_digest_md5_ee.pem", true, false, false, false, false }, | 1606 "weak_digest_md5_ee.pem", true, false, false, false, false }, |
| 1604 // NSS does not support MD4 and does not enable MD2 by policy. | 1607 #if !defined(USE_NSS) && !defined(OS_MACOSX) // MD4 is not supported. |
| 1605 #if !defined(USE_NSS) | |
| 1606 { "weak_digest_sha1_root.pem", "weak_digest_sha1_intermediate.pem", | 1608 { "weak_digest_sha1_root.pem", "weak_digest_sha1_intermediate.pem", |
| 1607 "weak_digest_md4_ee.pem", false, true, false, false, false }, | 1609 "weak_digest_md4_ee.pem", false, true, false, false, false }, |
| 1610 #endif |
| 1611 #if !defined(USE_NSS) // MD2 is disabled by default. |
| 1608 { "weak_digest_sha1_root.pem", "weak_digest_sha1_intermediate.pem", | 1612 { "weak_digest_sha1_root.pem", "weak_digest_sha1_intermediate.pem", |
| 1609 "weak_digest_md2_ee.pem", false, false, true, false, false }, | 1613 "weak_digest_md2_ee.pem", false, false, true, false, false }, |
| 1610 #endif | 1614 #endif |
| 1611 }; | 1615 }; |
| 1612 // Disabled on NSS - NSS caches chains/signatures in such a way that cannot | 1616 // Disabled on NSS - NSS caches chains/signatures in such a way that cannot |
| 1613 // be cleared until NSS is cleanly shutdown, which is not presently supported | 1617 // be cleared until NSS is cleanly shutdown, which is not presently supported |
| 1614 // in Chromium. | 1618 // in Chromium. |
| 1615 #if defined(USE_NSS) | 1619 #if defined(USE_NSS) |
| 1616 #define MAYBE_VerifyEndEntity DISABLED_VerifyEndEntity | 1620 #define MAYBE_VerifyEndEntity DISABLED_VerifyEndEntity |
| 1617 #else | 1621 #else |
| 1618 #define MAYBE_VerifyEndEntity VerifyEndEntity | 1622 #define MAYBE_VerifyEndEntity VerifyEndEntity |
| 1619 #endif | 1623 #endif |
| 1620 WRAPPED_INSTANTIATE_TEST_CASE_P(MAYBE_VerifyEndEntity, | 1624 WRAPPED_INSTANTIATE_TEST_CASE_P(MAYBE_VerifyEndEntity, |
| 1621 X509CertificateWeakDigestTest, | 1625 X509CertificateWeakDigestTest, |
| 1622 testing::ValuesIn(kVerifyEndEntityTestData)); | 1626 testing::ValuesIn(kVerifyEndEntityTestData)); |
| 1623 | 1627 |
| 1624 // Incomplete chains should still report the status of the intermediate. | 1628 // Incomplete chains should still report the status of the intermediate. |
| 1625 const WeakDigestTestData kVerifyIncompleteIntermediateTestData[] = { | 1629 const WeakDigestTestData kVerifyIncompleteIntermediateTestData[] = { |
| 1626 { NULL, "weak_digest_md5_intermediate.pem", "weak_digest_sha1_ee.pem", | 1630 { NULL, "weak_digest_md5_intermediate.pem", "weak_digest_sha1_ee.pem", |
| 1627 true, false, false, true, false }, | 1631 true, false, false, true, false }, |
| 1632 #if !defined(OS_MACOSX) // MD4 is not supported. |
| 1628 { NULL, "weak_digest_md4_intermediate.pem", "weak_digest_sha1_ee.pem", | 1633 { NULL, "weak_digest_md4_intermediate.pem", "weak_digest_sha1_ee.pem", |
| 1629 false, true, false, false, false }, | 1634 false, true, false, false, false }, |
| 1635 #endif |
| 1630 { NULL, "weak_digest_md2_intermediate.pem", "weak_digest_sha1_ee.pem", | 1636 { NULL, "weak_digest_md2_intermediate.pem", "weak_digest_sha1_ee.pem", |
| 1631 false, false, true, false, true }, | 1637 false, false, true, false, true }, |
| 1632 }; | 1638 }; |
| 1633 // Disabled on NSS - libpkix does not return constructed chains on error, | 1639 // Disabled on NSS - libpkix does not return constructed chains on error, |
| 1634 // preventing us from detecting/inspecting the verified chain. | 1640 // preventing us from detecting/inspecting the verified chain. |
| 1635 #if defined(USE_NSS) | 1641 #if defined(USE_NSS) |
| 1636 #define MAYBE_VerifyIncompleteIntermediate \ | 1642 #define MAYBE_VerifyIncompleteIntermediate \ |
| 1637 DISABLED_VerifyIncompleteIntermediate | 1643 DISABLED_VerifyIncompleteIntermediate |
| 1638 #else | 1644 #else |
| 1639 #define MAYBE_VerifyIncompleteIntermediate VerifyIncompleteIntermediate | 1645 #define MAYBE_VerifyIncompleteIntermediate VerifyIncompleteIntermediate |
| 1640 #endif | 1646 #endif |
| 1641 WRAPPED_INSTANTIATE_TEST_CASE_P( | 1647 WRAPPED_INSTANTIATE_TEST_CASE_P( |
| 1642 MAYBE_VerifyIncompleteIntermediate, | 1648 MAYBE_VerifyIncompleteIntermediate, |
| 1643 X509CertificateWeakDigestTest, | 1649 X509CertificateWeakDigestTest, |
| 1644 testing::ValuesIn(kVerifyIncompleteIntermediateTestData)); | 1650 testing::ValuesIn(kVerifyIncompleteIntermediateTestData)); |
| 1645 | 1651 |
| 1646 // Incomplete chains should still report the status of the end-entity. | 1652 // Incomplete chains should still report the status of the end-entity. |
| 1647 const WeakDigestTestData kVerifyIncompleteEETestData[] = { | 1653 const WeakDigestTestData kVerifyIncompleteEETestData[] = { |
| 1648 { NULL, "weak_digest_sha1_intermediate.pem", "weak_digest_md5_ee.pem", | 1654 { NULL, "weak_digest_sha1_intermediate.pem", "weak_digest_md5_ee.pem", |
| 1649 true, false, false, false, false }, | 1655 true, false, false, false, false }, |
| 1656 #if !defined(OS_MACOSX) // MD4 is not supported. |
| 1650 { NULL, "weak_digest_sha1_intermediate.pem", "weak_digest_md4_ee.pem", | 1657 { NULL, "weak_digest_sha1_intermediate.pem", "weak_digest_md4_ee.pem", |
| 1651 false, true, false, false, false }, | 1658 false, true, false, false, false }, |
| 1659 #endif |
| 1652 { NULL, "weak_digest_sha1_intermediate.pem", "weak_digest_md2_ee.pem", | 1660 { NULL, "weak_digest_sha1_intermediate.pem", "weak_digest_md2_ee.pem", |
| 1653 false, false, true, false, false }, | 1661 false, false, true, false, false }, |
| 1654 }; | 1662 }; |
| 1655 // Disabled on NSS - libpkix does not return constructed chains on error, | 1663 // Disabled on NSS - libpkix does not return constructed chains on error, |
| 1656 // preventing us from detecting/inspecting the verified chain. | 1664 // preventing us from detecting/inspecting the verified chain. |
| 1657 #if defined(USE_NSS) | 1665 #if defined(USE_NSS) |
| 1658 #define MAYBE_VerifyIncompleteEndEntity DISABLED_VerifyIncompleteEndEntity | 1666 #define MAYBE_VerifyIncompleteEndEntity DISABLED_VerifyIncompleteEndEntity |
| 1659 #else | 1667 #else |
| 1660 #define MAYBE_VerifyIncompleteEndEntity VerifyIncompleteEndEntity | 1668 #define MAYBE_VerifyIncompleteEndEntity VerifyIncompleteEndEntity |
| 1661 #endif | 1669 #endif |
| 1662 WRAPPED_INSTANTIATE_TEST_CASE_P( | 1670 WRAPPED_INSTANTIATE_TEST_CASE_P( |
| 1663 MAYBE_VerifyIncompleteEndEntity, | 1671 MAYBE_VerifyIncompleteEndEntity, |
| 1664 X509CertificateWeakDigestTest, | 1672 X509CertificateWeakDigestTest, |
| 1665 testing::ValuesIn(kVerifyIncompleteEETestData)); | 1673 testing::ValuesIn(kVerifyIncompleteEETestData)); |
| 1666 | 1674 |
| 1667 // Differing algorithms between the intermediate and the EE should still be | 1675 // Differing algorithms between the intermediate and the EE should still be |
| 1668 // reported. | 1676 // reported. |
| 1669 const WeakDigestTestData kVerifyMixedTestData[] = { | 1677 const WeakDigestTestData kVerifyMixedTestData[] = { |
| 1670 { "weak_digest_sha1_root.pem", "weak_digest_md5_intermediate.pem", | 1678 { "weak_digest_sha1_root.pem", "weak_digest_md5_intermediate.pem", |
| 1671 "weak_digest_md2_ee.pem", true, false, true, true, false }, | 1679 "weak_digest_md2_ee.pem", true, false, true, true, false }, |
| 1672 { "weak_digest_sha1_root.pem", "weak_digest_md2_intermediate.pem", | 1680 { "weak_digest_sha1_root.pem", "weak_digest_md2_intermediate.pem", |
| 1673 "weak_digest_md5_ee.pem", true, false, true, false, true }, | 1681 "weak_digest_md5_ee.pem", true, false, true, false, true }, |
| 1682 #if !defined(OS_MACOSX) // MD4 is not supported. |
| 1674 { "weak_digest_sha1_root.pem", "weak_digest_md4_intermediate.pem", | 1683 { "weak_digest_sha1_root.pem", "weak_digest_md4_intermediate.pem", |
| 1675 "weak_digest_md2_ee.pem", false, true, true, false, false }, | 1684 "weak_digest_md2_ee.pem", false, true, true, false, false }, |
| 1685 #endif |
| 1676 }; | 1686 }; |
| 1677 // NSS does not support MD4 and does not enable MD2 by policy, making all | 1687 // NSS does not support MD4 and does not enable MD2 by default, making all |
| 1678 // permutations invalid. | 1688 // permutations invalid. |
| 1679 #if defined(USE_NSS) | 1689 #if defined(USE_NSS) |
| 1680 #define MAYBE_VerifyMixed DISABLED_VerifyMixed | 1690 #define MAYBE_VerifyMixed DISABLED_VerifyMixed |
| 1681 #else | 1691 #else |
| 1682 #define MAYBE_VerifyMixed VerifyMixed | 1692 #define MAYBE_VerifyMixed VerifyMixed |
| 1683 #endif | 1693 #endif |
| 1684 WRAPPED_INSTANTIATE_TEST_CASE_P( | 1694 WRAPPED_INSTANTIATE_TEST_CASE_P( |
| 1685 MAYBE_VerifyMixed, | 1695 MAYBE_VerifyMixed, |
| 1686 X509CertificateWeakDigestTest, | 1696 X509CertificateWeakDigestTest, |
| 1687 testing::ValuesIn(kVerifyMixedTestData)); | 1697 testing::ValuesIn(kVerifyMixedTestData)); |
| 1688 | 1698 |
| 1689 #endif // defined(USE_NSS) || defined(OS_WIN) | 1699 #endif // defined(USE_NSS) || defined(OS_WIN) || defined(OS_MACOSX) |
| 1690 | 1700 |
| 1691 } // namespace net | 1701 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 8374019:
Record when certificates signed with md[2,4,5] are encountered on OS X. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src