Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(327)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/base/crl_set_unittest.cc

Issue 9149010: net: allow CRLSets to block specific SPKIs. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: ... Created 8 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« net/base/crl_set.cc ('K') | « net/base/crl_set.cc ('k') | net/base/x509_certificate_nss.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/base/crl_set.h" 5 #include "net/base/crl_set.h"
6 #include "testing/gtest/include/gtest/gtest.h" 6 #include "testing/gtest/include/gtest/gtest.h"
7 7
8 // These data blocks were generated using a lot of code that is still in 8 // These data blocks were generated using a lot of code that is still in
9 // development. For now, if you need to update them, you have to contact agl. 9 // development. For now, if you need to update them, you have to contact agl.
10 static const uint8 kGIACRLSet[] = { 10 static const uint8 kGIACRLSet[] = {
11 0x4e, 0x00, 0x7b, 0x22, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0x3a, 11 0x60, 0x00, 0x7b, 0x22, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0x3a,
12 0x30, 0x2c, 0x22, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x54, 0x79, 0x70, 12 0x30, 0x2c, 0x22, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x54, 0x79, 0x70,
13 0x65, 0x22, 0x3a, 0x22, 0x43, 0x52, 0x4c, 0x53, 0x65, 0x74, 0x22, 0x2c, 0x22, 13 0x65, 0x22, 0x3a, 0x22, 0x43, 0x52, 0x4c, 0x53, 0x65, 0x74, 0x22, 0x2c, 0x22,
14 0x53, 0x65, 0x71, 0x75, 0x65, 0x6e, 0x63, 0x65, 0x22, 0x3a, 0x30, 0x2c, 0x22, 14 0x53, 0x65, 0x71, 0x75, 0x65, 0x6e, 0x63, 0x65, 0x22, 0x3a, 0x30, 0x2c, 0x22,
15 0x44, 0x65, 0x6c, 0x74, 0x61, 0x46, 0x72, 0x6f, 0x6d, 0x22, 0x3a, 0x30, 0x2c, 15 0x44, 0x65, 0x6c, 0x74, 0x61, 0x46, 0x72, 0x6f, 0x6d, 0x22, 0x3a, 0x30, 0x2c,
16 0x22, 0x4e, 0x75, 0x6d, 0x50, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x73, 0x22, 0x3a, 16 0x22, 0x4e, 0x75, 0x6d, 0x50, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x73, 0x22, 0x3a,
17 0x31, 0x7d, 0xb6, 0xb9, 0x54, 0x32, 0xab, 0xae, 0x57, 0xfe, 0x02, 0x0c, 0xb2, 17 0x31, 0x2c, 0x22, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x65, 0x64, 0x53, 0x50, 0x4b,
18 0xb7, 0x4f, 0x4f, 0x9f, 0x91, 0x73, 0xc8, 0xc7, 0x08, 0xaf, 0xc9, 0xe7, 0x32, 18 0x49, 0x73, 0x22, 0x3a, 0x5b, 0x5d, 0x7d, 0xb6, 0xb9, 0x54, 0x32, 0xab, 0xae,
19 0xac, 0xe2, 0x32, 0x79, 0x04, 0x7c, 0x6d, 0x05, 0x0d, 0x00, 0x00, 0x00, 0x0a, 19 0x57, 0xfe, 0x02, 0x0c, 0xb2, 0xb7, 0x4f, 0x4f, 0x9f, 0x91, 0x73, 0xc8, 0xc7,
20 0x10, 0x0d, 0x7f, 0x30, 0x00, 0x03, 0x00, 0x00, 0x23, 0xb0, 0x0a, 0x10, 0x0e, 20 0x08, 0xaf, 0xc9, 0xe7, 0x32, 0xac, 0xe2, 0x32, 0x79, 0x04, 0x7c, 0x6d, 0x05,
21 0x37, 0x06, 0x00, 0x03, 0x00, 0x00, 0x23, 0xb1, 0x0a, 0x16, 0x25, 0x42, 0x54, 21 0x0d, 0x00, 0x00, 0x00, 0x0a, 0x10, 0x0d, 0x7f, 0x30, 0x00, 0x03, 0x00, 0x00,
22 0x00, 0x03, 0x00, 0x00, 0x14, 0x51, 0x0a, 0x16, 0x69, 0xd1, 0xd7, 0x00, 0x03, 22 0x23, 0xb0, 0x0a, 0x10, 0x0e, 0x37, 0x06, 0x00, 0x03, 0x00, 0x00, 0x23, 0xb1,
23 0x00, 0x00, 0x14, 0x52, 0x0a, 0x16, 0x70, 0x8c, 0x22, 0x00, 0x03, 0x00, 0x00, 23 0x0a, 0x16, 0x25, 0x42, 0x54, 0x00, 0x03, 0x00, 0x00, 0x14, 0x51, 0x0a, 0x16,
24 0x14, 0x53, 0x0a, 0x16, 0x71, 0x31, 0x2c, 0x00, 0x03, 0x00, 0x00, 0x14, 0x54, 24 0x69, 0xd1, 0xd7, 0x00, 0x03, 0x00, 0x00, 0x14, 0x52, 0x0a, 0x16, 0x70, 0x8c,
25 0x0a, 0x16, 0x7d, 0x75, 0x9d, 0x00, 0x03, 0x00, 0x00, 0x14, 0x55, 0x0a, 0x1f, 25 0x22, 0x00, 0x03, 0x00, 0x00, 0x14, 0x53, 0x0a, 0x16, 0x71, 0x31, 0x2c, 0x00,
26 0xee, 0xf9, 0x49, 0x00, 0x03, 0x00, 0x00, 0x23, 0xae, 0x0a, 0x1f, 0xfc, 0xd1, 26 0x03, 0x00, 0x00, 0x14, 0x54, 0x0a, 0x16, 0x7d, 0x75, 0x9d, 0x00, 0x03, 0x00,
27 0x89, 0x00, 0x03, 0x00, 0x00, 0x23, 0xaf, 0x0a, 0x61, 0xdd, 0xc7, 0x48, 0x00, 27 0x00, 0x14, 0x55, 0x0a, 0x1f, 0xee, 0xf9, 0x49, 0x00, 0x03, 0x00, 0x00, 0x23,
28 0x03, 0x00, 0x00, 0x18, 0x0e, 0x0a, 0x61, 0xe6, 0x12, 0x64, 0x00, 0x03, 0x00, 28 0xae, 0x0a, 0x1f, 0xfc, 0xd1, 0x89, 0x00, 0x03, 0x00, 0x00, 0x23, 0xaf, 0x0a,
29 0x00, 0x18, 0x0f, 0x0a, 0x61, 0xe9, 0x46, 0x56, 0x00, 0x03, 0x00, 0x00, 0x18, 29 0x61, 0xdd, 0xc7, 0x48, 0x00, 0x03, 0x00, 0x00, 0x18, 0x0e, 0x0a, 0x61, 0xe6,
30 0x10, 0x0a, 0x64, 0x63, 0x49, 0xd2, 0x00, 0x03, 0x00, 0x00, 0x1d, 0x77, 30 0x12, 0x64, 0x00, 0x03, 0x00, 0x00, 0x18, 0x0f, 0x0a, 0x61, 0xe9, 0x46, 0x56,
31 0x00, 0x03, 0x00, 0x00, 0x18, 0x10, 0x0a, 0x64, 0x63, 0x49, 0xd2, 0x00, 0x03,
32 0x00, 0x00, 0x1d, 0x77,
31 }; 33 };
32 34
33 static const uint8 kNoopDeltaCRL[] = { 35 static const uint8 kNoopDeltaCRL[] = {
34 0xc3, 0x00, 0x7b, 0x22, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0x3a, 36 0xc3, 0x00, 0x7b, 0x22, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0x3a,
35 0x30, 0x2c, 0x22, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x54, 0x79, 0x70, 37 0x30, 0x2c, 0x22, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x54, 0x79, 0x70,
36 0x65, 0x22, 0x3a, 0x22, 0x43, 0x52, 0x4c, 0x53, 0x65, 0x74, 0x44, 0x65, 0x6c, 38 0x65, 0x22, 0x3a, 0x22, 0x43, 0x52, 0x4c, 0x53, 0x65, 0x74, 0x44, 0x65, 0x6c,
37 0x74, 0x61, 0x22, 0x2c, 0x22, 0x53, 0x65, 0x71, 0x75, 0x65, 0x6e, 0x63, 0x65, 39 0x74, 0x61, 0x22, 0x2c, 0x22, 0x53, 0x65, 0x71, 0x75, 0x65, 0x6e, 0x63, 0x65,
38 0x22, 0x3a, 0x30, 0x2c, 0x22, 0x4e, 0x65, 0x78, 0x74, 0x55, 0x70, 0x64, 0x61, 40 0x22, 0x3a, 0x30, 0x2c, 0x22, 0x4e, 0x65, 0x78, 0x74, 0x55, 0x70, 0x64, 0x61,
39 0x74, 0x65, 0x22, 0x3a, 0x31, 0x33, 0x31, 0x31, 0x31, 0x32, 0x33, 0x37, 0x39, 41 0x74, 0x65, 0x22, 0x3a, 0x31, 0x33, 0x31, 0x31, 0x31, 0x32, 0x33, 0x37, 0x39,
40 0x33, 0x2c, 0x22, 0x57, 0x69, 0x6e, 0x64, 0x6f, 0x77, 0x53, 0x65, 0x63, 0x73, 42 0x33, 0x2c, 0x22, 0x57, 0x69, 0x6e, 0x64, 0x6f, 0x77, 0x53, 0x65, 0x63, 0x73,
(...skipping 97 matching lines...) Expand 10 before | Expand all | Expand 10 after
138 0x00, 0x00, 0x23, 0xb0, 0x0a, 0x10, 0x0d, 0x7f, 0x30, 0x00, 0x03, 0x00, 0x00, 140 0x00, 0x00, 0x23, 0xb0, 0x0a, 0x10, 0x0d, 0x7f, 0x30, 0x00, 0x03, 0x00, 0x00,
139 0x23, 0xb0, 0x0a, 0x10, 0x0d, 0x7f, 0x30, 0x00, 0x03, 0x00, 0x00, 0x23, 0xb0, 141 0x23, 0xb0, 0x0a, 0x10, 0x0d, 0x7f, 0x30, 0x00, 0x03, 0x00, 0x00, 0x23, 0xb0,
140 0x0a, 0x10, 0x0d, 0x7f, 0x30, 0x00, 0x03, 0x00, 0x00, 0x23, 0xb0, 0x0a, 0x10, 142 0x0a, 0x10, 0x0d, 0x7f, 0x30, 0x00, 0x03, 0x00, 0x00, 0x23, 0xb0, 0x0a, 0x10,
141 0x0d, 0x7f, 0x30, 0x00, 0x03, 0x00, 0x00, 0x23, 0xb0, 0x0a, 0x10, 0x0d, 0x7f, 143 0x0d, 0x7f, 0x30, 0x00, 0x03, 0x00, 0x00, 0x23, 0xb0, 0x0a, 0x10, 0x0d, 0x7f,
142 0x30, 0x00, 0x03, 0x00, 0x00, 0x23, 0xb0, 0x0a, 0x10, 0x0d, 0x7f, 0x30, 0x00, 144 0x30, 0x00, 0x03, 0x00, 0x00, 0x23, 0xb0, 0x0a, 0x10, 0x0d, 0x7f, 0x30, 0x00,
143 0x03, 0x00, 0x00, 0x23, 0xb0, 0x0a, 0x10, 0x0d, 0x7f, 0x30, 0x00, 0x03, 0x00, 145 0x03, 0x00, 0x00, 0x23, 0xb0, 0x0a, 0x10, 0x0d, 0x7f, 0x30, 0x00, 0x03, 0x00,
144 0x00, 0x23, 0xb0, 0x0a, 0x10, 0x0d, 0x7f, 0x30, 0x00, 0x03, 0x00, 0x00, 0x23, 146 0x00, 0x23, 0xb0, 0x0a, 0x10, 0x0d, 0x7f, 0x30, 0x00, 0x03, 0x00, 0x00, 0x23,
145 0xb0, 147 0xb0,
146 }; 148 };
147 149
150 static const uint8 kBlockedSPKICRLSet[] = {
151 0x8e, 0x00, 0x7b, 0x22, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0x3a,
152 0x30, 0x2c, 0x22, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x54, 0x79, 0x70,
153 0x65, 0x22, 0x3a, 0x22, 0x43, 0x52, 0x4c, 0x53, 0x65, 0x74, 0x22, 0x2c, 0x22,
154 0x53, 0x65, 0x71, 0x75, 0x65, 0x6e, 0x63, 0x65, 0x22, 0x3a, 0x30, 0x2c, 0x22,
155 0x44, 0x65, 0x6c, 0x74, 0x61, 0x46, 0x72, 0x6f, 0x6d, 0x22, 0x3a, 0x30, 0x2c,
156 0x22, 0x4e, 0x75, 0x6d, 0x50, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x73, 0x22, 0x3a,
157 0x30, 0x2c, 0x22, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x65, 0x64, 0x53, 0x50, 0x4b,
158 0x49, 0x73, 0x22, 0x3a, 0x5b, 0x22, 0x34, 0x37, 0x44, 0x45, 0x51, 0x70, 0x6a,
159 0x38, 0x48, 0x42, 0x53, 0x61, 0x2b, 0x2f, 0x54, 0x49, 0x6d, 0x57, 0x2b, 0x35,
160 0x4a, 0x43, 0x65, 0x75, 0x51, 0x65, 0x52, 0x6b, 0x6d, 0x35, 0x4e, 0x4d, 0x70,
161 0x4a, 0x57, 0x5a, 0x47, 0x33, 0x68, 0x53, 0x75, 0x46, 0x55, 0x3d, 0x22, 0x5d,
162 0x7d,
163 };
164
148 // kGIASPKISHA256 is the SHA256 digest the Google Internet Authority's 165 // kGIASPKISHA256 is the SHA256 digest the Google Internet Authority's
149 // SubjectPublicKeyInfo. 166 // SubjectPublicKeyInfo.
150 static const uint8 kGIASPKISHA256[32] = { 167 static const uint8 kGIASPKISHA256[32] = {
151 0xb6, 0xb9, 0x54, 0x32, 0xab, 0xae, 0x57, 0xfe, 0x02, 0x0c, 0xb2, 0xb7, 0x4f, 168 0xb6, 0xb9, 0x54, 0x32, 0xab, 0xae, 0x57, 0xfe, 0x02, 0x0c, 0xb2, 0xb7, 0x4f,
152 0x4f, 0x9f, 0x91, 0x73, 0xc8, 0xc7, 0x08, 0xaf, 0xc9, 0xe7, 0x32, 0xac, 0xe2, 169 0x4f, 0x9f, 0x91, 0x73, 0xc8, 0xc7, 0x08, 0xaf, 0xc9, 0xe7, 0x32, 0xac, 0xe2,
153 0x32, 0x79, 0x04, 0x7c, 0x6d, 0x05, 170 0x32, 0x79, 0x04, 0x7c, 0x6d, 0x05,
154 }; 171 };
155 172
156 TEST(CRLSetTest, Parse) { 173 TEST(CRLSetTest, Parse) {
157 base::StringPiece s(reinterpret_cast<const char*>(kGIACRLSet), 174 base::StringPiece s(reinterpret_cast<const char*>(kGIACRLSet),
158 sizeof(kGIACRLSet)); 175 sizeof(kGIACRLSet));
159 scoped_refptr<net::CRLSet> set; 176 scoped_refptr<net::CRLSet> set;
160 EXPECT_TRUE(net::CRLSet::Parse(s, &set)); 177 EXPECT_TRUE(net::CRLSet::Parse(s, &set));
161 ASSERT_TRUE(set.get() != NULL); 178 ASSERT_TRUE(set.get() != NULL);
162 179
163 const net::CRLSet::CRLList& crls = set->crls(); 180 const net::CRLSet::CRLList& crls = set->crls();
164 ASSERT_EQ(1u, crls.size()); 181 ASSERT_EQ(1u, crls.size());
165 const std::vector<std::string>& serials = crls[0].second; 182 const std::vector<std::string>& serials = crls[0].second;
166 static const unsigned kExpectedNumSerials = 13; 183 static const unsigned kExpectedNumSerials = 13;
167 ASSERT_EQ(kExpectedNumSerials, serials.size()); 184 ASSERT_EQ(kExpectedNumSerials, serials.size());
168 EXPECT_EQ(std::string("\x10\x0D\x7F\x30\x00\x03\x00\x00\x23\xB0", 10), 185 EXPECT_EQ(std::string("\x10\x0D\x7F\x30\x00\x03\x00\x00\x23\xB0", 10),
169 serials[0]); 186 serials[0]);
170 EXPECT_EQ(std::string("\x64\x63\x49\xD2\x00\x03\x00\x00\x1D\x77", 10), 187 EXPECT_EQ(std::string("\x64\x63\x49\xD2\x00\x03\x00\x00\x1D\x77", 10),
171 serials[kExpectedNumSerials - 1]); 188 serials[kExpectedNumSerials - 1]);
172 189
173 const std::string gia_spki_hash( 190 const std::string gia_spki_hash(
174 reinterpret_cast<const char*>(kGIASPKISHA256), 191 reinterpret_cast<const char*>(kGIASPKISHA256),
175 sizeof(kGIASPKISHA256)); 192 sizeof(kGIASPKISHA256));
176 EXPECT_EQ(net::CRLSet::REVOKED, set->CheckCertificate( 193 EXPECT_EQ(net::CRLSet::REVOKED, set->CheckCertificate(
194 "",
177 std::string("\x16\x7D\x75\x9D\x00\x03\x00\x00\x14\x55", 10), 195 std::string("\x16\x7D\x75\x9D\x00\x03\x00\x00\x14\x55", 10),
178 gia_spki_hash)); 196 gia_spki_hash));
179 EXPECT_EQ(net::CRLSet::GOOD, set->CheckCertificate( 197 EXPECT_EQ(net::CRLSet::GOOD, set->CheckCertificate(
198 "",
180 std::string("\x47\x54\x3E\x79\x00\x03\x00\x00\x14\xF5", 10), 199 std::string("\x47\x54\x3E\x79\x00\x03\x00\x00\x14\xF5", 10),
181 gia_spki_hash)); 200 gia_spki_hash));
182 } 201 }
183 202
184 TEST(CRLSetTest, NoOpDeltaUpdate) { 203 TEST(CRLSetTest, NoOpDeltaUpdate) {
185 base::StringPiece s(reinterpret_cast<const char*>(kGIACRLSet), 204 base::StringPiece s(reinterpret_cast<const char*>(kGIACRLSet),
186 sizeof(kGIACRLSet)); 205 sizeof(kGIACRLSet));
187 scoped_refptr<net::CRLSet> set; 206 scoped_refptr<net::CRLSet> set;
188 EXPECT_TRUE(net::CRLSet::Parse(s, &set)); 207 EXPECT_TRUE(net::CRLSet::Parse(s, &set));
189 ASSERT_TRUE(set.get() != NULL); 208 ASSERT_TRUE(set.get() != NULL);
(...skipping 66 matching lines...) Expand 10 before | Expand all | Expand 10 after
256 base::StringPiece delta(reinterpret_cast<const char*>(kUpdateSerialsDelta), 275 base::StringPiece delta(reinterpret_cast<const char*>(kUpdateSerialsDelta),
257 sizeof(kUpdateSerialsDelta)); 276 sizeof(kUpdateSerialsDelta));
258 EXPECT_TRUE(set->ApplyDelta(delta, &delta_set)); 277 EXPECT_TRUE(set->ApplyDelta(delta, &delta_set));
259 ASSERT_TRUE(delta_set.get() != NULL); 278 ASSERT_TRUE(delta_set.get() != NULL);
260 279
261 const net::CRLSet::CRLList& crls = delta_set->crls(); 280 const net::CRLSet::CRLList& crls = delta_set->crls();
262 ASSERT_EQ(1u, crls.size()); 281 ASSERT_EQ(1u, crls.size());
263 const std::vector<std::string>& serials = crls[0].second; 282 const std::vector<std::string>& serials = crls[0].second;
264 EXPECT_EQ(45u, serials.size()); 283 EXPECT_EQ(45u, serials.size());
265 } 284 }
285
286 TEST(CRLSetTest, BlockedSPKIs) {
287 base::StringPiece s(reinterpret_cast<const char*>(kBlockedSPKICRLSet),
288 sizeof(kBlockedSPKICRLSet));
289 scoped_refptr<net::CRLSet> set;
290 EXPECT_TRUE(net::CRLSet::Parse(s, &set));
291 ASSERT_TRUE(set.get() != NULL);
292
293 const uint8 spki_hash[] = {
294 227, 176, 196, 66, 152, 252, 28, 20, 154, 251, 244, 200, 153, 111, 185, 36,
295 39, 174, 65, 228, 100, 155, 147, 76, 164, 149, 153, 27, 120, 82, 184, 85,
296 0,
297 };
298
299 EXPECT_EQ(net::CRLSet::GOOD, set->CheckCertificate(
300 "", "", ""));
301 EXPECT_EQ(net::CRLSet::REVOKED, set->CheckCertificate(
302 reinterpret_cast<const char*>(spki_hash), "", ""));
303 }
OLDNEW
« net/base/crl_set.cc ('K') | « net/base/crl_set.cc ('k') | net/base/x509_certificate_nss.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698