net/base/x509_certificate_unittest.cc - Issue 8400075: Fix the "certificate is not yet valid" error for server certificates

Side by Side Diff: net/base/x509_certificate_unittest.cc

Issue 8400075: Fix the "certificate is not yet valid" error for server certificates (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/

Patch Set: Remove the unrelated sslsock.c from the CL Created 9 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "base/file_path.h"	5 #include "base/file_path.h"

6 #include "base/file_util.h"	6 #include "base/file_util.h"

7 #include "base/path_service.h"	7 #include "base/path_service.h"

8 #include "base/pickle.h"	8 #include "base/pickle.h"

9 #include "base/sha1.h"	9 #include "base/sha1.h"

10 #include "base/string_number_conversions.h"	10 #include "base/string_number_conversions.h"

(...skipping 418 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
429 reinterpret_cast<const char*>(paypal_null_der),	429 reinterpret_cast<const char*>(paypal_null_der),

430 sizeof(paypal_null_der)));	430 sizeof(paypal_null_der)));

431	431

432 static const uint8 paypal_null_serial[2] = {0xf0, 0x9b};	432 static const uint8 paypal_null_serial[2] = {0xf0, 0x9b};

433 ASSERT_EQ(sizeof(paypal_null_serial),	433 ASSERT_EQ(sizeof(paypal_null_serial),

434 paypal_null_cert->serial_number().size());	434 paypal_null_cert->serial_number().size());

435 EXPECT_TRUE(memcmp(paypal_null_cert->serial_number().data(),	435 EXPECT_TRUE(memcmp(paypal_null_cert->serial_number().data(),

436 paypal_null_serial, sizeof(paypal_null_serial)) == 0);	436 paypal_null_serial, sizeof(paypal_null_serial)) == 0);

437 }	437 }

438	438

	439 TEST(X509CertificateTest, ChainFingerprints) {

	440 FilePath certs_dir = GetTestCertsDirectory();

	441

	442 scoped_refptr<X509Certificate> server_cert =

	443 ImportCertFromFile(certs_dir, "salesforce_com_test.der");

	444 ASSERT_NE(static_cast<X509Certificate*>(NULL), server_cert);

	445

	446 scoped_refptr<X509Certificate> intermediate_cert1 =

	447 ImportCertFromFile(certs_dir, "verisign_intermediate_ca_2011.der");

	448 ASSERT_NE(static_cast<X509Certificate*>(NULL), intermediate_cert1);

	449

	450 scoped_refptr<X509Certificate> intermediate_cert2 =

	451 ImportCertFromFile(certs_dir, "verisign_intermediate_ca_2016.der");

	452 ASSERT_NE(static_cast<X509Certificate*>(NULL), intermediate_cert2);

	453

	454 X509Certificate::OSCertHandles intermediates;

	455 intermediates.push_back(intermediate_cert1->os_cert_handle());

	456 scoped_refptr<X509Certificate> cert_chain1 =

	457 X509Certificate::CreateFromHandle(server_cert->os_cert_handle(),

	458 intermediates);

	459

	460 intermediates.clear();

	461 intermediates.push_back(intermediate_cert2->os_cert_handle());

	462 scoped_refptr<X509Certificate> cert_chain2 =

	463 X509Certificate::CreateFromHandle(server_cert->os_cert_handle(),

	464 intermediates);

	465

	466 static const uint8 cert_chain1_fingerprint[20] = {

	467 0x67, 0x78, 0x81, 0xd7, 0x78, 0xca, 0xd5, 0x04, 0x73, 0xf8,

	468 0x95, 0xff, 0xf3, 0x39, 0xe4, 0xcd, 0x5e, 0xf0, 0x79, 0x76

	469 };

	470 static const uint8 cert_chain2_fingerprint[20] = {

	471 0x8c, 0x93, 0x85, 0xb0, 0x15, 0xd3, 0xa3, 0x0e, 0xe7, 0x4f,

	472 0x42, 0xf4, 0x30, 0xc3, 0xe9, 0x14, 0x12, 0x54, 0xb9, 0x9d

	473 };

	474 EXPECT_TRUE(memcmp(cert_chain1->chain_fingerprint().data,

	475 cert_chain1_fingerprint, 20) == 0);

	476 EXPECT_TRUE(memcmp(cert_chain2->chain_fingerprint().data,

	477 cert_chain2_fingerprint, 20) == 0);

	478 }

	479

439 // A regression test for http://crbug.com/31497.	480 // A regression test for http://crbug.com/31497.

440 // This certificate will expire on 2012-04-08.	481 // This certificate will expire on 2012-04-08.

441 TEST(X509CertificateTest, IntermediateCARequireExplicitPolicy) {	482 TEST(X509CertificateTest, IntermediateCARequireExplicitPolicy) {

442 FilePath certs_dir = GetTestCertsDirectory();	483 FilePath certs_dir = GetTestCertsDirectory();

443	484

444 scoped_refptr<X509Certificate> server_cert =	485 scoped_refptr<X509Certificate> server_cert =

445 ImportCertFromFile(certs_dir, "www_us_army_mil_cert.der");	486 ImportCertFromFile(certs_dir, "www_us_army_mil_cert.der");

446 ASSERT_NE(static_cast<X509Certificate*>(NULL), server_cert);	487 ASSERT_NE(static_cast<X509Certificate*>(NULL), server_cert);

447	488

448 // The intermediate CA certificate's policyConstraints extension has a	489 // The intermediate CA certificate's policyConstraints extension has a

(...skipping 1005 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1454 }	1495 }

1455	1496

1456 EXPECT_EQ(test_data.expected, X509Certificate::VerifyHostname(	1497 EXPECT_EQ(test_data.expected, X509Certificate::VerifyHostname(

1457 test_data.hostname, common_name, dns_names, ip_addressses));	1498 test_data.hostname, common_name, dns_names, ip_addressses));

1458 }	1499 }

1459	1500

1460 INSTANTIATE_TEST_CASE_P(, X509CertificateNameVerifyTest,	1501 INSTANTIATE_TEST_CASE_P(, X509CertificateNameVerifyTest,

1461 testing::ValuesIn(kNameVerifyTestData));	1502 testing::ValuesIn(kNameVerifyTestData));

1462	1503

1463 } // namespace net	1504 } // namespace net

OLD	NEW

« net/base/x509_certificate_openssl.cc ('K') | « net/base/x509_certificate_openssl.cc ('k') | net/base/x509_certificate_win.cc » ('j') | net/base/x509_certificate_win.cc » ('J')