| Index: chrome/browser/safe_browsing/signature_util_win_unittest.cc
|
| ===================================================================
|
| --- chrome/browser/safe_browsing/signature_util_win_unittest.cc (revision 109680)
|
| +++ chrome/browser/safe_browsing/signature_util_win_unittest.cc (working copy)
|
| @@ -5,6 +5,8 @@
|
| #include "chrome/browser/safe_browsing/signature_util.h"
|
|
|
| #include <string>
|
| +#include <vector>
|
| +
|
| #include "base/base_paths.h"
|
| #include "base/file_path.h"
|
| #include "base/path_service.h"
|
| @@ -16,56 +18,87 @@
|
|
|
| namespace safe_browsing {
|
|
|
| -TEST(SignatureUtilWinTest, CheckSignature) {
|
| - FilePath source_path;
|
| - ASSERT_TRUE(PathService::Get(base::DIR_SOURCE_ROOT, &source_path));
|
| +class SignatureUtilWinTest : public testing::Test {
|
| + protected:
|
| + virtual void SetUp() {
|
| + FilePath source_path;
|
| + ASSERT_TRUE(PathService::Get(base::DIR_SOURCE_ROOT, &source_path));
|
| + testdata_path_ = source_path
|
| + .AppendASCII("chrome")
|
| + .AppendASCII("test")
|
| + .AppendASCII("data")
|
| + .AppendASCII("safe_browsing")
|
| + .AppendASCII("download_protection");
|
| + }
|
|
|
| - FilePath testdata_path = source_path
|
| - .AppendASCII("chrome")
|
| - .AppendASCII("test")
|
| - .AppendASCII("data")
|
| - .AppendASCII("safe_browsing")
|
| - .AppendASCII("download_protection");
|
| + // Given a certificate chain protobuf, parse it into X509Certificates.
|
| + void ParseCertificateChain(
|
| + const ClientDownloadRequest_CertificateChain& chain,
|
| + std::vector<scoped_refptr<net::X509Certificate> >* certs) {
|
| + for (int i = 0; i < chain.element_size(); ++i) {
|
| + certs->push_back(
|
| + net::X509Certificate::CreateFromBytes(
|
| + chain.element(i).certificate().data(),
|
| + chain.element(i).certificate().size()));
|
| + }
|
| + }
|
|
|
| - // signed.exe is signed with a self-signed certificate. The certificate
|
| - // should be returned, but it is not trusted.
|
| + FilePath testdata_path_;
|
| +};
|
| +
|
| +TEST_F(SignatureUtilWinTest, UntrustedSignedBinary) {
|
| + // signed.exe is signed by an untrusted root CA.
|
| scoped_refptr<SignatureUtil> signature_util(new SignatureUtil());
|
| ClientDownloadRequest_SignatureInfo signature_info;
|
| - signature_util->CheckSignature(testdata_path.Append(L"signed.exe"),
|
| - &signature_info);
|
| - EXPECT_FALSE(signature_info.certificate_contents().empty());
|
| - scoped_refptr<net::X509Certificate> cert(
|
| - net::X509Certificate::CreateFromBytes(
|
| - signature_info.certificate_contents().data(),
|
| - signature_info.certificate_contents().size()));
|
| - ASSERT_TRUE(cert.get());
|
| - EXPECT_EQ("Joe's-Software-Emporium", cert->subject().common_name);
|
| + signature_util->CheckSignature(testdata_path_.Append(L"signed.exe"),
|
| + &signature_info);
|
| + ASSERT_EQ(1, signature_info.certificate_chain_size());
|
| + std::vector<scoped_refptr<net::X509Certificate> > certs;
|
| + ParseCertificateChain(signature_info.certificate_chain(0), &certs);
|
| + ASSERT_EQ(2, certs.size());
|
| + EXPECT_EQ("Joe's-Software-Emporium", certs[0]->subject().common_name);
|
| + EXPECT_EQ("Root Agency", certs[1]->subject().common_name);
|
| +
|
| EXPECT_FALSE(signature_info.trusted());
|
| +}
|
|
|
| +TEST_F(SignatureUtilWinTest, TrustedBinary) {
|
| // wow_helper.exe is signed using Google's signing certifiacte.
|
| - signature_info.Clear();
|
| - signature_util->CheckSignature(testdata_path.Append(L"wow_helper.exe"),
|
| + scoped_refptr<SignatureUtil> signature_util(new SignatureUtil());
|
| + ClientDownloadRequest_SignatureInfo signature_info;
|
| + signature_util->CheckSignature(testdata_path_.Append(L"wow_helper.exe"),
|
| &signature_info);
|
| - EXPECT_TRUE(signature_info.has_certificate_contents());
|
| - cert = net::X509Certificate::CreateFromBytes(
|
| - signature_info.certificate_contents().data(),
|
| - signature_info.certificate_contents().size());
|
| - ASSERT_TRUE(cert.get());
|
| - EXPECT_EQ("Google Inc", cert->subject().common_name);
|
| + ASSERT_EQ(1, signature_info.certificate_chain_size());
|
| + std::vector<scoped_refptr<net::X509Certificate> > certs;
|
| + ParseCertificateChain(signature_info.certificate_chain(0), &certs);
|
| + ASSERT_EQ(3, certs.size());
|
| +
|
| + EXPECT_EQ("Google Inc", certs[0]->subject().common_name);
|
| + EXPECT_EQ("VeriSign Class 3 Code Signing 2009-2 CA",
|
| + certs[1]->subject().common_name);
|
| + EXPECT_EQ("Class 3 Public Primary Certification Authority",
|
| + certs[2]->subject().organization_unit_names[0]);
|
| +
|
| EXPECT_TRUE(signature_info.trusted());
|
| +}
|
|
|
| +TEST_F(SignatureUtilWinTest, UnsignedBinary) {
|
| // unsigned.exe has no signature information.
|
| - signature_info.Clear();
|
| - signature_util->CheckSignature(testdata_path.Append(L"unsigned.exe"),
|
| + scoped_refptr<SignatureUtil> signature_util(new SignatureUtil());
|
| + ClientDownloadRequest_SignatureInfo signature_info;
|
| + signature_util->CheckSignature(testdata_path_.Append(L"unsigned.exe"),
|
| &signature_info);
|
| - EXPECT_FALSE(signature_info.has_certificate_contents());
|
| + EXPECT_EQ(0, signature_info.certificate_chain_size());
|
| EXPECT_FALSE(signature_info.trusted());
|
| +}
|
|
|
| +TEST_F(SignatureUtilWinTest, NonExistentBinary) {
|
| // Test a file that doesn't exist.
|
| - signature_info.Clear();
|
| - signature_util->CheckSignature(testdata_path.Append(L"doesnotexist.exe"),
|
| + scoped_refptr<SignatureUtil> signature_util(new SignatureUtil());
|
| + ClientDownloadRequest_SignatureInfo signature_info;
|
| + signature_util->CheckSignature(testdata_path_.Append(L"doesnotexist.exe"),
|
| &signature_info);
|
| - EXPECT_FALSE(signature_info.has_certificate_contents());
|
| + EXPECT_EQ(0, signature_info.certificate_chain_size());
|
| EXPECT_FALSE(signature_info.trusted());
|
| }
|
|
|
|
|
Chromium Code Reviews
Issue 8536035:
Include the full certificate chain in the download pingback. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/