OLD | NEW |
---|---|
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "base/file_path.h" | 5 #include "base/file_path.h" |
6 #include "base/file_util.h" | 6 #include "base/file_util.h" |
7 #include "base/path_service.h" | 7 #include "base/path_service.h" |
8 #include "base/pickle.h" | 8 #include "base/pickle.h" |
9 #include "base/sha1.h" | 9 #include "base/sha1.h" |
10 #include "base/string_number_conversions.h" | 10 #include "base/string_number_conversions.h" |
(...skipping 1482 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1493 } | 1493 } |
1494 } | 1494 } |
1495 | 1495 |
1496 EXPECT_EQ(test_data.expected, X509Certificate::VerifyHostname( | 1496 EXPECT_EQ(test_data.expected, X509Certificate::VerifyHostname( |
1497 test_data.hostname, common_name, dns_names, ip_addressses)); | 1497 test_data.hostname, common_name, dns_names, ip_addressses)); |
1498 } | 1498 } |
1499 | 1499 |
1500 INSTANTIATE_TEST_CASE_P(, X509CertificateNameVerifyTest, | 1500 INSTANTIATE_TEST_CASE_P(, X509CertificateNameVerifyTest, |
1501 testing::ValuesIn(kNameVerifyTestData)); | 1501 testing::ValuesIn(kNameVerifyTestData)); |
1502 | 1502 |
1503 // Not implemented on Mac or OpenSSL - http://crbug.com/101123 | 1503 // Not implemented on OpenSSL - http://crbug.com/101123 |
1504 #if defined(USE_NSS) || defined(OS_WIN) | 1504 #if defined(USE_NSS) || defined(OS_WIN) || defined(OS_MACOSX) |
1505 | 1505 |
1506 struct WeakDigestTestData { | 1506 struct WeakDigestTestData { |
1507 const char* root_cert_filename; | 1507 const char* root_cert_filename; |
1508 const char* intermediate_cert_filename; | 1508 const char* intermediate_cert_filename; |
1509 const char* ee_cert_filename; | 1509 const char* ee_cert_filename; |
1510 bool expected_has_md5; | 1510 bool expected_has_md5; |
1511 bool expected_has_md4; | 1511 bool expected_has_md4; |
1512 bool expected_has_md2; | 1512 bool expected_has_md2; |
1513 bool expected_has_md5_ca; | 1513 bool expected_has_md5_ca; |
1514 bool expected_has_md2_ca; | 1514 bool expected_has_md2_ca; |
(...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1578 // around this, indirect the macro for INSTANTIATE_TEST_CASE_P, so that the | 1578 // around this, indirect the macro for INSTANTIATE_TEST_CASE_P, so that the |
1579 // pre-processor will expand macros such as MAYBE_test_name before | 1579 // pre-processor will expand macros such as MAYBE_test_name before |
1580 // instantiating the test. | 1580 // instantiating the test. |
1581 #define WRAPPED_INSTANTIATE_TEST_CASE_P(prefix, test_case_name, generator) \ | 1581 #define WRAPPED_INSTANTIATE_TEST_CASE_P(prefix, test_case_name, generator) \ |
1582 INSTANTIATE_TEST_CASE_P(prefix, test_case_name, generator) | 1582 INSTANTIATE_TEST_CASE_P(prefix, test_case_name, generator) |
1583 | 1583 |
1584 // The signature algorithm of the root CA should not matter. | 1584 // The signature algorithm of the root CA should not matter. |
1585 const WeakDigestTestData kVerifyRootCATestData[] = { | 1585 const WeakDigestTestData kVerifyRootCATestData[] = { |
1586 { "weak_digest_md5_root.pem", "weak_digest_sha1_intermediate.pem", | 1586 { "weak_digest_md5_root.pem", "weak_digest_sha1_intermediate.pem", |
1587 "weak_digest_sha1_ee.pem", false, false, false, false, false }, | 1587 "weak_digest_sha1_ee.pem", false, false, false, false, false }, |
1588 #if !defined(OS_MACOSX) // OS X does not support MD4. | |
1588 { "weak_digest_md4_root.pem", "weak_digest_sha1_intermediate.pem", | 1589 { "weak_digest_md4_root.pem", "weak_digest_sha1_intermediate.pem", |
1589 "weak_digest_sha1_ee.pem", false, false, false, false, false }, | 1590 "weak_digest_sha1_ee.pem", false, false, false, false, false }, |
1591 #endif // !defined(OS_MACOSX) | |
1590 { "weak_digest_md2_root.pem", "weak_digest_sha1_intermediate.pem", | 1592 { "weak_digest_md2_root.pem", "weak_digest_sha1_intermediate.pem", |
1591 "weak_digest_sha1_ee.pem", false, false, false, false, false }, | 1593 "weak_digest_sha1_ee.pem", false, false, false, false, false }, |
1592 }; | 1594 }; |
1593 INSTANTIATE_TEST_CASE_P(VerifyRoot, X509CertificateWeakDigestTest, | 1595 INSTANTIATE_TEST_CASE_P(VerifyRoot, X509CertificateWeakDigestTest, |
1594 testing::ValuesIn(kVerifyRootCATestData)); | 1596 testing::ValuesIn(kVerifyRootCATestData)); |
1595 | 1597 |
1596 // The signature algorithm of intermediates should be properly detected. | 1598 // The signature algorithm of intermediates should be properly detected. |
1597 const WeakDigestTestData kVerifyIntermediateCATestData[] = { | 1599 const WeakDigestTestData kVerifyIntermediateCATestData[] = { |
1598 { "weak_digest_sha1_root.pem", "weak_digest_md5_intermediate.pem", | 1600 { "weak_digest_sha1_root.pem", "weak_digest_md5_intermediate.pem", |
1599 "weak_digest_sha1_ee.pem", true, false, false, true, false }, | 1601 "weak_digest_sha1_ee.pem", true, false, false, true, false }, |
1600 // NSS does not support MD4 and does not enable MD2 by policy. | 1602 #if !defined(USE_NSS) && !defined(OS_MACOSX) // NSS & OS X don't support MD4. |
wtc
2011/11/02 00:28:43
Nit: I suggest that you just say "MD4 is not suppo
| |
1601 #if !defined(USE_NSS) | |
1602 { "weak_digest_sha1_root.pem", "weak_digest_md4_intermediate.pem", | 1603 { "weak_digest_sha1_root.pem", "weak_digest_md4_intermediate.pem", |
1603 "weak_digest_sha1_ee.pem", false, true, false, false, false }, | 1604 "weak_digest_sha1_ee.pem", false, true, false, false, false }, |
1605 #endif | |
1606 #if !defined(USE_NSS) // NSS disables MD2 by policy. | |
wtc
2011/11/02 00:28:43
Nit: "by default" may be better than "by policy".
| |
1604 { "weak_digest_sha1_root.pem", "weak_digest_md2_intermediate.pem", | 1607 { "weak_digest_sha1_root.pem", "weak_digest_md2_intermediate.pem", |
1605 "weak_digest_sha1_ee.pem", false, false, true, false, true }, | 1608 "weak_digest_sha1_ee.pem", false, false, true, false, true }, |
1606 #endif | 1609 #endif |
1607 }; | 1610 }; |
1608 INSTANTIATE_TEST_CASE_P(VerifyIntermediate, X509CertificateWeakDigestTest, | 1611 INSTANTIATE_TEST_CASE_P(VerifyIntermediate, X509CertificateWeakDigestTest, |
1609 testing::ValuesIn(kVerifyIntermediateCATestData)); | 1612 testing::ValuesIn(kVerifyIntermediateCATestData)); |
1610 | 1613 |
1611 // The signature algorithm of end-entity should be properly detected. | 1614 // The signature algorithm of end-entity should be properly detected. |
1612 const WeakDigestTestData kVerifyEndEntityTestData[] = { | 1615 const WeakDigestTestData kVerifyEndEntityTestData[] = { |
1613 { "weak_digest_sha1_root.pem", "weak_digest_sha1_intermediate.pem", | 1616 { "weak_digest_sha1_root.pem", "weak_digest_sha1_intermediate.pem", |
1614 "weak_digest_md5_ee.pem", true, false, false, false, false }, | 1617 "weak_digest_md5_ee.pem", true, false, false, false, false }, |
1615 // NSS does not support MD4 and does not enable MD2 by policy. | 1618 #if !defined(USE_NSS) && !defined(OS_MACOSX) // NSS & OS X don't support MD4. |
1616 #if !defined(USE_NSS) | |
1617 { "weak_digest_sha1_root.pem", "weak_digest_sha1_intermediate.pem", | 1619 { "weak_digest_sha1_root.pem", "weak_digest_sha1_intermediate.pem", |
1618 "weak_digest_md4_ee.pem", false, true, false, false, false }, | 1620 "weak_digest_md4_ee.pem", false, true, false, false, false }, |
1621 #endif | |
1622 #if !defined(USE_NSS) // NSS disables MD2 by policy. | |
1619 { "weak_digest_sha1_root.pem", "weak_digest_sha1_intermediate.pem", | 1623 { "weak_digest_sha1_root.pem", "weak_digest_sha1_intermediate.pem", |
1620 "weak_digest_md2_ee.pem", false, false, true, false, false }, | 1624 "weak_digest_md2_ee.pem", false, false, true, false, false }, |
1621 #endif | 1625 #endif |
1622 }; | 1626 }; |
1623 // Disabled on NSS - NSS caches chains/signatures in such a way that cannot | 1627 // Disabled on NSS - NSS caches chains/signatures in such a way that cannot |
1624 // be cleared until NSS is cleanly shutdown, which is not presently supported | 1628 // be cleared until NSS is cleanly shutdown, which is not presently supported |
1625 // in Chromium. | 1629 // in Chromium. |
1626 #if defined(USE_NSS) | 1630 #if defined(USE_NSS) |
1627 #define MAYBE_VerifyEndEntity DISABLED_VerifyEndEntity | 1631 #define MAYBE_VerifyEndEntity DISABLED_VerifyEndEntity |
1628 #else | 1632 #else |
1629 #define MAYBE_VerifyEndEntity VerifyEndEntity | 1633 #define MAYBE_VerifyEndEntity VerifyEndEntity |
1630 #endif | 1634 #endif |
1631 WRAPPED_INSTANTIATE_TEST_CASE_P(MAYBE_VerifyEndEntity, | 1635 WRAPPED_INSTANTIATE_TEST_CASE_P(MAYBE_VerifyEndEntity, |
1632 X509CertificateWeakDigestTest, | 1636 X509CertificateWeakDigestTest, |
1633 testing::ValuesIn(kVerifyEndEntityTestData)); | 1637 testing::ValuesIn(kVerifyEndEntityTestData)); |
1634 | 1638 |
1635 // Incomplete chains should still report the status of the intermediate. | 1639 // Incomplete chains should still report the status of the intermediate. |
1636 const WeakDigestTestData kVerifyIncompleteIntermediateTestData[] = { | 1640 const WeakDigestTestData kVerifyIncompleteIntermediateTestData[] = { |
1637 { NULL, "weak_digest_md5_intermediate.pem", "weak_digest_sha1_ee.pem", | 1641 { NULL, "weak_digest_md5_intermediate.pem", "weak_digest_sha1_ee.pem", |
1638 true, false, false, true, false }, | 1642 true, false, false, true, false }, |
1643 #if !defined(OS_MACOSX) // OS X does not support MD4. | |
1639 { NULL, "weak_digest_md4_intermediate.pem", "weak_digest_sha1_ee.pem", | 1644 { NULL, "weak_digest_md4_intermediate.pem", "weak_digest_sha1_ee.pem", |
1640 false, true, false, false, false }, | 1645 false, true, false, false, false }, |
1646 #endif | |
1641 { NULL, "weak_digest_md2_intermediate.pem", "weak_digest_sha1_ee.pem", | 1647 { NULL, "weak_digest_md2_intermediate.pem", "weak_digest_sha1_ee.pem", |
1642 false, false, true, false, true }, | 1648 false, false, true, false, true }, |
1643 }; | 1649 }; |
1644 // Disabled on Windows - http://crbug.com/101123. The Windows implementation | 1650 // Disabled on Windows - http://crbug.com/101123. The Windows implementation |
1645 // does not report the status of the last intermediate for incomplete chains. | 1651 // does not report the status of the last intermediate for incomplete chains. |
1646 // Disabled on NSS - libpkix does not return constructed chains on error, | 1652 // Disabled on NSS - libpkix does not return constructed chains on error, |
1647 // preventing us from detecting/inspecting the verified chain. | 1653 // preventing us from detecting/inspecting the verified chain. |
1648 #if defined(OS_WIN) || defined(USE_NSS) | 1654 #if defined(OS_WIN) || defined(USE_NSS) |
1649 #define MAYBE_VerifyIncompleteIntermediate \ | 1655 #define MAYBE_VerifyIncompleteIntermediate \ |
1650 DISABLED_VerifyIncompleteIntermediate | 1656 DISABLED_VerifyIncompleteIntermediate |
1651 #else | 1657 #else |
1652 #define MAYBE_VerifyIncompleteIntermediate VerifyIncompleteIntermediate | 1658 #define MAYBE_VerifyIncompleteIntermediate VerifyIncompleteIntermediate |
1653 #endif | 1659 #endif |
1654 WRAPPED_INSTANTIATE_TEST_CASE_P( | 1660 WRAPPED_INSTANTIATE_TEST_CASE_P( |
1655 MAYBE_VerifyIncompleteIntermediate, | 1661 MAYBE_VerifyIncompleteIntermediate, |
1656 X509CertificateWeakDigestTest, | 1662 X509CertificateWeakDigestTest, |
1657 testing::ValuesIn(kVerifyIncompleteIntermediateTestData)); | 1663 testing::ValuesIn(kVerifyIncompleteIntermediateTestData)); |
1658 | 1664 |
1659 // Incomplete chains should still report the status of the end-entity. | 1665 // Incomplete chains should still report the status of the end-entity. |
1660 const WeakDigestTestData kVerifyIncompleteEETestData[] = { | 1666 const WeakDigestTestData kVerifyIncompleteEETestData[] = { |
1661 { NULL, "weak_digest_sha1_intermediate.pem", "weak_digest_md5_ee.pem", | 1667 { NULL, "weak_digest_sha1_intermediate.pem", "weak_digest_md5_ee.pem", |
1662 true, false, false, false, false }, | 1668 true, false, false, false, false }, |
1669 #if !defined(OS_MACOSX) // OS X does not support MD4. | |
1663 { NULL, "weak_digest_sha1_intermediate.pem", "weak_digest_md4_ee.pem", | 1670 { NULL, "weak_digest_sha1_intermediate.pem", "weak_digest_md4_ee.pem", |
1664 false, true, false, false, false }, | 1671 false, true, false, false, false }, |
1672 #endif | |
1665 { NULL, "weak_digest_sha1_intermediate.pem", "weak_digest_md2_ee.pem", | 1673 { NULL, "weak_digest_sha1_intermediate.pem", "weak_digest_md2_ee.pem", |
1666 false, false, true, false, false }, | 1674 false, false, true, false, false }, |
1667 }; | 1675 }; |
1668 // Disabled on NSS - libpkix does not return constructed chains on error, | 1676 // Disabled on NSS - libpkix does not return constructed chains on error, |
1669 // preventing us from detecting/inspecting the verified chain. | 1677 // preventing us from detecting/inspecting the verified chain. |
1670 #if defined(USE_NSS) | 1678 #if defined(USE_NSS) |
1671 #define MAYBE_VerifyIncompleteEndEntity DISABLED_VerifyIncompleteEndEntity | 1679 #define MAYBE_VerifyIncompleteEndEntity DISABLED_VerifyIncompleteEndEntity |
1672 #else | 1680 #else |
1673 #define MAYBE_VerifyIncompleteEndEntity VerifyIncompleteEndEntity | 1681 #define MAYBE_VerifyIncompleteEndEntity VerifyIncompleteEndEntity |
1674 #endif | 1682 #endif |
1675 WRAPPED_INSTANTIATE_TEST_CASE_P( | 1683 WRAPPED_INSTANTIATE_TEST_CASE_P( |
1676 MAYBE_VerifyIncompleteEndEntity, | 1684 MAYBE_VerifyIncompleteEndEntity, |
1677 X509CertificateWeakDigestTest, | 1685 X509CertificateWeakDigestTest, |
1678 testing::ValuesIn(kVerifyIncompleteEETestData)); | 1686 testing::ValuesIn(kVerifyIncompleteEETestData)); |
1679 | 1687 |
1680 // Differing algorithms between the intermediate and the EE should still be | 1688 // Differing algorithms between the intermediate and the EE should still be |
1681 // reported. | 1689 // reported. |
1682 const WeakDigestTestData kVerifyMixedTestData[] = { | 1690 const WeakDigestTestData kVerifyMixedTestData[] = { |
1683 { "weak_digest_sha1_root.pem", "weak_digest_md5_intermediate.pem", | 1691 { "weak_digest_sha1_root.pem", "weak_digest_md5_intermediate.pem", |
1684 "weak_digest_md2_ee.pem", true, false, true, true, false }, | 1692 "weak_digest_md2_ee.pem", true, false, true, true, false }, |
1685 { "weak_digest_sha1_root.pem", "weak_digest_md2_intermediate.pem", | 1693 { "weak_digest_sha1_root.pem", "weak_digest_md2_intermediate.pem", |
1686 "weak_digest_md5_ee.pem", true, false, true, false, true }, | 1694 "weak_digest_md5_ee.pem", true, false, true, false, true }, |
1695 #if !defined(OS_MACOSX) // OS X does not support MD4. | |
1687 { "weak_digest_sha1_root.pem", "weak_digest_md4_intermediate.pem", | 1696 { "weak_digest_sha1_root.pem", "weak_digest_md4_intermediate.pem", |
1688 "weak_digest_md2_ee.pem", false, true, true, false, false }, | 1697 "weak_digest_md2_ee.pem", false, true, true, false, false }, |
1698 #endif | |
1689 }; | 1699 }; |
1690 // NSS does not support MD4 and does not enable MD2 by policy, making all | 1700 // NSS does not support MD4 and does not enable MD2 by policy, making all |
1691 // permutations invalid. | 1701 // permutations invalid. |
1692 #if defined(USE_NSS) | 1702 #if defined(USE_NSS) |
1693 #define MAYBE_VerifyMixed DISABLED_VerifyMixed | 1703 #define MAYBE_VerifyMixed DISABLED_VerifyMixed |
1694 #else | 1704 #else |
1695 #define MAYBE_VerifyMixed VerifyMixed | 1705 #define MAYBE_VerifyMixed VerifyMixed |
1696 #endif | 1706 #endif |
1697 WRAPPED_INSTANTIATE_TEST_CASE_P( | 1707 WRAPPED_INSTANTIATE_TEST_CASE_P( |
1698 MAYBE_VerifyMixed, | 1708 MAYBE_VerifyMixed, |
1699 X509CertificateWeakDigestTest, | 1709 X509CertificateWeakDigestTest, |
1700 testing::ValuesIn(kVerifyMixedTestData)); | 1710 testing::ValuesIn(kVerifyMixedTestData)); |
1701 | 1711 |
1702 #endif // defined(USE_NSS) || defined(OS_WIN) | 1712 #endif // defined(USE_NSS) || defined(OS_WIN) || defined(OS_MACOSX) |
1703 | 1713 |
1704 } // namespace net | 1714 } // namespace net |
OLD | NEW |