| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/base/cert_verifier.h" | 5 #include "net/base/cert_verifier.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/file_path.h" | 8 #include "base/file_path.h" |
| 9 #include "base/stringprintf.h" | 9 #include "base/stringprintf.h" |
| 10 #include "net/base/cert_test_util.h" | 10 #include "net/base/cert_test_util.h" |
| (...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 52 | 52 |
| 53 error = verifier.Verify(test_cert, "www.example.com", 0, NULL, &verify_result, | 53 error = verifier.Verify(test_cert, "www.example.com", 0, NULL, &verify_result, |
| 54 callback.callback(), &request_handle, BoundNetLog()); | 54 callback.callback(), &request_handle, BoundNetLog()); |
| 55 ASSERT_EQ(ERR_IO_PENDING, error); | 55 ASSERT_EQ(ERR_IO_PENDING, error); |
| 56 ASSERT_TRUE(request_handle != NULL); | 56 ASSERT_TRUE(request_handle != NULL); |
| 57 error = callback.WaitForResult(); | 57 error = callback.WaitForResult(); |
| 58 ASSERT_TRUE(IsCertificateError(error)); | 58 ASSERT_TRUE(IsCertificateError(error)); |
| 59 ASSERT_EQ(1u, verifier.requests()); | 59 ASSERT_EQ(1u, verifier.requests()); |
| 60 ASSERT_EQ(0u, verifier.cache_hits()); | 60 ASSERT_EQ(0u, verifier.cache_hits()); |
| 61 ASSERT_EQ(0u, verifier.inflight_joins()); | 61 ASSERT_EQ(0u, verifier.inflight_joins()); |
| 62 ASSERT_EQ(1u, verifier.GetCacheSize()); |
| 62 | 63 |
| 63 error = verifier.Verify(test_cert, "www.example.com", 0, NULL, &verify_result, | 64 error = verifier.Verify(test_cert, "www.example.com", 0, NULL, &verify_result, |
| 64 callback.callback(), &request_handle, BoundNetLog()); | 65 callback.callback(), &request_handle, BoundNetLog()); |
| 65 // Synchronous completion. | 66 // Synchronous completion. |
| 66 ASSERT_NE(ERR_IO_PENDING, error); | 67 ASSERT_NE(ERR_IO_PENDING, error); |
| 67 ASSERT_TRUE(IsCertificateError(error)); | 68 ASSERT_TRUE(IsCertificateError(error)); |
| 68 ASSERT_TRUE(request_handle == NULL); | 69 ASSERT_TRUE(request_handle == NULL); |
| 69 ASSERT_EQ(2u, verifier.requests()); | 70 ASSERT_EQ(2u, verifier.requests()); |
| 70 ASSERT_EQ(1u, verifier.cache_hits()); | 71 ASSERT_EQ(1u, verifier.cache_hits()); |
| 71 ASSERT_EQ(0u, verifier.inflight_joins()); | 72 ASSERT_EQ(0u, verifier.inflight_joins()); |
| 73 ASSERT_EQ(1u, verifier.GetCacheSize()); |
| 74 } |
| 75 |
| 76 // Tests the same server certificate with different intermediate CA |
| 77 // certificates. These should be treated as different certificate chains even |
| 78 // though the two X509Certificate objects contain the same server certificate. |
| 79 TEST(CertVerifierTest, DifferentCACerts) { |
| 80 TestTimeService* time_service = new TestTimeService; |
| 81 base::Time current_time = base::Time::Now(); |
| 82 time_service->set_current_time(current_time); |
| 83 CertVerifier verifier(time_service); |
| 84 |
| 85 FilePath certs_dir = GetTestCertsDirectory(); |
| 86 |
| 87 scoped_refptr<X509Certificate> server_cert = |
| 88 ImportCertFromFile(certs_dir, "salesforce_com_test.der"); |
| 89 ASSERT_NE(static_cast<X509Certificate*>(NULL), server_cert); |
| 90 |
| 91 scoped_refptr<X509Certificate> intermediate_cert1 = |
| 92 ImportCertFromFile(certs_dir, "verisign_intermediate_ca_2011.der"); |
| 93 ASSERT_NE(static_cast<X509Certificate*>(NULL), intermediate_cert1); |
| 94 |
| 95 scoped_refptr<X509Certificate> intermediate_cert2 = |
| 96 ImportCertFromFile(certs_dir, "verisign_intermediate_ca_2016.der"); |
| 97 ASSERT_NE(static_cast<X509Certificate*>(NULL), intermediate_cert2); |
| 98 |
| 99 X509Certificate::OSCertHandles intermediates; |
| 100 intermediates.push_back(intermediate_cert1->os_cert_handle()); |
| 101 scoped_refptr<X509Certificate> cert_chain1 = |
| 102 X509Certificate::CreateFromHandle(server_cert->os_cert_handle(), |
| 103 intermediates); |
| 104 |
| 105 intermediates.clear(); |
| 106 intermediates.push_back(intermediate_cert2->os_cert_handle()); |
| 107 scoped_refptr<X509Certificate> cert_chain2 = |
| 108 X509Certificate::CreateFromHandle(server_cert->os_cert_handle(), |
| 109 intermediates); |
| 110 |
| 111 int error; |
| 112 CertVerifyResult verify_result; |
| 113 TestCompletionCallback callback; |
| 114 CertVerifier::RequestHandle request_handle; |
| 115 |
| 116 error = verifier.Verify(cert_chain1, "www.example.com", 0, NULL, |
| 117 &verify_result, callback.callback(), |
| 118 &request_handle, BoundNetLog()); |
| 119 ASSERT_EQ(ERR_IO_PENDING, error); |
| 120 ASSERT_TRUE(request_handle != NULL); |
| 121 error = callback.WaitForResult(); |
| 122 ASSERT_TRUE(IsCertificateError(error)); |
| 123 ASSERT_EQ(1u, verifier.requests()); |
| 124 ASSERT_EQ(0u, verifier.cache_hits()); |
| 125 ASSERT_EQ(0u, verifier.inflight_joins()); |
| 126 ASSERT_EQ(1u, verifier.GetCacheSize()); |
| 127 |
| 128 error = verifier.Verify(cert_chain2, "www.example.com", 0, NULL, |
| 129 &verify_result, callback.callback(), |
| 130 &request_handle, BoundNetLog()); |
| 131 ASSERT_EQ(ERR_IO_PENDING, error); |
| 132 ASSERT_TRUE(request_handle != NULL); |
| 133 error = callback.WaitForResult(); |
| 134 ASSERT_TRUE(IsCertificateError(error)); |
| 135 ASSERT_EQ(2u, verifier.requests()); |
| 136 ASSERT_EQ(0u, verifier.cache_hits()); |
| 137 ASSERT_EQ(0u, verifier.inflight_joins()); |
| 138 ASSERT_EQ(2u, verifier.GetCacheSize()); |
| 72 } | 139 } |
| 73 | 140 |
| 74 // Tests an inflight join. | 141 // Tests an inflight join. |
| 75 TEST(CertVerifierTest, InflightJoin) { | 142 TEST(CertVerifierTest, InflightJoin) { |
| 76 TestTimeService* time_service = new TestTimeService; | 143 TestTimeService* time_service = new TestTimeService; |
| 77 base::Time current_time = base::Time::Now(); | 144 base::Time current_time = base::Time::Now(); |
| 78 time_service->set_current_time(current_time); | 145 time_service->set_current_time(current_time); |
| 79 CertVerifier verifier(time_service); | 146 CertVerifier verifier(time_service); |
| 80 | 147 |
| 81 FilePath certs_dir = GetTestCertsDirectory(); | 148 FilePath certs_dir = GetTestCertsDirectory(); |
| (...skipping 201 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 283 callback.callback(), &request_handle, BoundNetLog()); | 350 callback.callback(), &request_handle, BoundNetLog()); |
| 284 ASSERT_EQ(ERR_IO_PENDING, error); | 351 ASSERT_EQ(ERR_IO_PENDING, error); |
| 285 ASSERT_TRUE(request_handle != NULL); | 352 ASSERT_TRUE(request_handle != NULL); |
| 286 verifier.CancelRequest(request_handle); | 353 verifier.CancelRequest(request_handle); |
| 287 // Destroy |verifier| by going out of scope. | 354 // Destroy |verifier| by going out of scope. |
| 288 } | 355 } |
| 289 | 356 |
| 290 } // namespace | 357 } // namespace |
| 291 | 358 |
| 292 } // namespace net | 359 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 8400075:
Fix the "certificate is not yet valid" error for server certificates (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/