OLD | NEW |
---|---|
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "base/file_path.h" | 5 #include "base/file_path.h" |
6 #include "base/file_util.h" | 6 #include "base/file_util.h" |
7 #include "base/path_service.h" | 7 #include "base/path_service.h" |
8 #include "base/pickle.h" | 8 #include "base/pickle.h" |
9 #include "base/sha1.h" | 9 #include "base/sha1.h" |
10 #include "base/string_number_conversions.h" | 10 #include "base/string_number_conversions.h" |
(...skipping 1545 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1556 X509Certificate::OSCertHandles intermediates; | 1556 X509Certificate::OSCertHandles intermediates; |
1557 intermediates.push_back(intermediate_cert->os_cert_handle()); | 1557 intermediates.push_back(intermediate_cert->os_cert_handle()); |
1558 | 1558 |
1559 scoped_refptr<X509Certificate> ee_chain = | 1559 scoped_refptr<X509Certificate> ee_chain = |
1560 X509Certificate::CreateFromHandle(ee_cert->os_cert_handle(), | 1560 X509Certificate::CreateFromHandle(ee_cert->os_cert_handle(), |
1561 intermediates); | 1561 intermediates); |
1562 ASSERT_NE(static_cast<X509Certificate*>(NULL), ee_chain); | 1562 ASSERT_NE(static_cast<X509Certificate*>(NULL), ee_chain); |
1563 | 1563 |
1564 int flags = 0; | 1564 int flags = 0; |
1565 CertVerifyResult verify_result; | 1565 CertVerifyResult verify_result; |
1566 ee_chain->Verify("127.0.0.1", flags, NULL, &verify_result); | 1566 int rv = ee_chain->Verify("127.0.0.1", flags, NULL, &verify_result); |
1567 EXPECT_EQ(data.expected_has_md5, verify_result.has_md5); | 1567 EXPECT_EQ(data.expected_has_md5, verify_result.has_md5); |
1568 EXPECT_EQ(data.expected_has_md4, verify_result.has_md4); | 1568 EXPECT_EQ(data.expected_has_md4, verify_result.has_md4); |
1569 EXPECT_EQ(data.expected_has_md2, verify_result.has_md2); | 1569 EXPECT_EQ(data.expected_has_md2, verify_result.has_md2); |
1570 EXPECT_EQ(data.expected_has_md5_ca, verify_result.has_md5_ca); | 1570 EXPECT_EQ(data.expected_has_md5_ca, verify_result.has_md5_ca); |
1571 EXPECT_EQ(data.expected_has_md2_ca, verify_result.has_md2_ca); | 1571 EXPECT_EQ(data.expected_has_md2_ca, verify_result.has_md2_ca); |
1572 | |
1573 // Ensure that MD4 and MD2 are tagged as invalid. | |
1574 if (data.expected_has_md4 || data.expected_has_md2) { | |
1575 EXPECT_EQ(CERT_STATUS_INVALID, | |
1576 verify_result.cert_status & CERT_STATUS_INVALID); | |
1577 } | |
1578 | |
1579 // Ensure that MD5 is flagged as weak. | |
1580 if (data.expected_has_md5) { | |
1581 EXPECT_EQ( | |
1582 CERT_STATUS_WEAK_SIGNATURE_ALGORITHM, | |
1583 verify_result.cert_status & CERT_STATUS_WEAK_SIGNATURE_ALGORITHM); | |
1584 } | |
1585 | |
1586 // If a root cert is present, then check that the chain was rejected if any | |
1587 // weak algorithms are present. This is only checked when a root cert is | |
1588 // present, as the error reported for incomplete chains with weak algorithms | |
1589 // varies between implementations, dependent on the algorithm, although all | |
1590 // variations are fatal. | |
wtc
2011/12/02 23:04:59
The second sentence is hard to understand.
One po
Ryan Sleevi
2011/12/02 23:54:28
The latter. I blame serial commas - http://en.wiki
| |
1591 if (data.root_cert_filename) { | |
1592 if (data.expected_has_md4 || data.expected_has_md2) { | |
1593 EXPECT_EQ(ERR_CERT_INVALID, rv); | |
1594 } else if (data.expected_has_md5) { | |
1595 EXPECT_EQ(ERR_CERT_WEAK_SIGNATURE_ALGORITHM, rv); | |
1596 } else { | |
1597 EXPECT_EQ(OK, rv); | |
1598 } | |
1599 } | |
1572 } | 1600 } |
1573 | 1601 |
1574 // Unlike TEST/TEST_F, which are macros that expand to further macros, | 1602 // Unlike TEST/TEST_F, which are macros that expand to further macros, |
1575 // INSTANTIATE_TEST_CASE_P is a macro that expands directly to code that | 1603 // INSTANTIATE_TEST_CASE_P is a macro that expands directly to code that |
1576 // stringizes the arguments. As a result, macros passed as parameters (such as | 1604 // stringizes the arguments. As a result, macros passed as parameters (such as |
1577 // prefix or test_case_name) will not be expanded by the preprocessor. To work | 1605 // prefix or test_case_name) will not be expanded by the preprocessor. To work |
1578 // around this, indirect the macro for INSTANTIATE_TEST_CASE_P, so that the | 1606 // around this, indirect the macro for INSTANTIATE_TEST_CASE_P, so that the |
1579 // pre-processor will expand macros such as MAYBE_test_name before | 1607 // pre-processor will expand macros such as MAYBE_test_name before |
1580 // instantiating the test. | 1608 // instantiating the test. |
1581 #define WRAPPED_INSTANTIATE_TEST_CASE_P(prefix, test_case_name, generator) \ | 1609 #define WRAPPED_INSTANTIATE_TEST_CASE_P(prefix, test_case_name, generator) \ |
(...skipping 119 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1701 #define MAYBE_VerifyMixed DISABLED_VerifyMixed | 1729 #define MAYBE_VerifyMixed DISABLED_VerifyMixed |
1702 #else | 1730 #else |
1703 #define MAYBE_VerifyMixed VerifyMixed | 1731 #define MAYBE_VerifyMixed VerifyMixed |
1704 #endif | 1732 #endif |
1705 WRAPPED_INSTANTIATE_TEST_CASE_P( | 1733 WRAPPED_INSTANTIATE_TEST_CASE_P( |
1706 MAYBE_VerifyMixed, | 1734 MAYBE_VerifyMixed, |
1707 X509CertificateWeakDigestTest, | 1735 X509CertificateWeakDigestTest, |
1708 testing::ValuesIn(kVerifyMixedTestData)); | 1736 testing::ValuesIn(kVerifyMixedTestData)); |
1709 | 1737 |
1710 } // namespace net | 1738 } // namespace net |
OLD | NEW |