Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(285)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/base/crl_set_unittest.cc

Issue 9149010: net: allow CRLSets to block specific SPKIs. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: ... Created 8 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/base/crl_set.cc ('k') | net/base/x509_certificate_nss.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/base/crl_set.h" 5 #include "net/base/crl_set.h"
6 #include "testing/gtest/include/gtest/gtest.h" 6 #include "testing/gtest/include/gtest/gtest.h"
7 7
8 // These data blocks were generated using a lot of code that is still in 8 // These data blocks were generated using a lot of code that is still in
9 // development. For now, if you need to update them, you have to contact agl. 9 // development. For now, if you need to update them, you have to contact agl.
10 static const uint8 kGIACRLSet[] = { 10 static const uint8 kGIACRLSet[] = {
11 0x4e, 0x00, 0x7b, 0x22, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0x3a, 11 0x60, 0x00, 0x7b, 0x22, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0x3a,
12 0x30, 0x2c, 0x22, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x54, 0x79, 0x70, 12 0x30, 0x2c, 0x22, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x54, 0x79, 0x70,
13 0x65, 0x22, 0x3a, 0x22, 0x43, 0x52, 0x4c, 0x53, 0x65, 0x74, 0x22, 0x2c, 0x22, 13 0x65, 0x22, 0x3a, 0x22, 0x43, 0x52, 0x4c, 0x53, 0x65, 0x74, 0x22, 0x2c, 0x22,
14 0x53, 0x65, 0x71, 0x75, 0x65, 0x6e, 0x63, 0x65, 0x22, 0x3a, 0x30, 0x2c, 0x22, 14 0x53, 0x65, 0x71, 0x75, 0x65, 0x6e, 0x63, 0x65, 0x22, 0x3a, 0x30, 0x2c, 0x22,
15 0x44, 0x65, 0x6c, 0x74, 0x61, 0x46, 0x72, 0x6f, 0x6d, 0x22, 0x3a, 0x30, 0x2c, 15 0x44, 0x65, 0x6c, 0x74, 0x61, 0x46, 0x72, 0x6f, 0x6d, 0x22, 0x3a, 0x30, 0x2c,
16 0x22, 0x4e, 0x75, 0x6d, 0x50, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x73, 0x22, 0x3a, 16 0x22, 0x4e, 0x75, 0x6d, 0x50, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x73, 0x22, 0x3a,
17 0x31, 0x7d, 0xb6, 0xb9, 0x54, 0x32, 0xab, 0xae, 0x57, 0xfe, 0x02, 0x0c, 0xb2, 17 0x31, 0x2c, 0x22, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x65, 0x64, 0x53, 0x50, 0x4b,
18 0xb7, 0x4f, 0x4f, 0x9f, 0x91, 0x73, 0xc8, 0xc7, 0x08, 0xaf, 0xc9, 0xe7, 0x32, 18 0x49, 0x73, 0x22, 0x3a, 0x5b, 0x5d, 0x7d, 0xb6, 0xb9, 0x54, 0x32, 0xab, 0xae,
19 0xac, 0xe2, 0x32, 0x79, 0x04, 0x7c, 0x6d, 0x05, 0x0d, 0x00, 0x00, 0x00, 0x0a, 19 0x57, 0xfe, 0x02, 0x0c, 0xb2, 0xb7, 0x4f, 0x4f, 0x9f, 0x91, 0x73, 0xc8, 0xc7,
20 0x10, 0x0d, 0x7f, 0x30, 0x00, 0x03, 0x00, 0x00, 0x23, 0xb0, 0x0a, 0x10, 0x0e, 20 0x08, 0xaf, 0xc9, 0xe7, 0x32, 0xac, 0xe2, 0x32, 0x79, 0x04, 0x7c, 0x6d, 0x05,
21 0x37, 0x06, 0x00, 0x03, 0x00, 0x00, 0x23, 0xb1, 0x0a, 0x16, 0x25, 0x42, 0x54, 21 0x0d, 0x00, 0x00, 0x00, 0x0a, 0x10, 0x0d, 0x7f, 0x30, 0x00, 0x03, 0x00, 0x00,
22 0x00, 0x03, 0x00, 0x00, 0x14, 0x51, 0x0a, 0x16, 0x69, 0xd1, 0xd7, 0x00, 0x03, 22 0x23, 0xb0, 0x0a, 0x10, 0x0e, 0x37, 0x06, 0x00, 0x03, 0x00, 0x00, 0x23, 0xb1,
23 0x00, 0x00, 0x14, 0x52, 0x0a, 0x16, 0x70, 0x8c, 0x22, 0x00, 0x03, 0x00, 0x00, 23 0x0a, 0x16, 0x25, 0x42, 0x54, 0x00, 0x03, 0x00, 0x00, 0x14, 0x51, 0x0a, 0x16,
24 0x14, 0x53, 0x0a, 0x16, 0x71, 0x31, 0x2c, 0x00, 0x03, 0x00, 0x00, 0x14, 0x54, 24 0x69, 0xd1, 0xd7, 0x00, 0x03, 0x00, 0x00, 0x14, 0x52, 0x0a, 0x16, 0x70, 0x8c,
25 0x0a, 0x16, 0x7d, 0x75, 0x9d, 0x00, 0x03, 0x00, 0x00, 0x14, 0x55, 0x0a, 0x1f, 25 0x22, 0x00, 0x03, 0x00, 0x00, 0x14, 0x53, 0x0a, 0x16, 0x71, 0x31, 0x2c, 0x00,
26 0xee, 0xf9, 0x49, 0x00, 0x03, 0x00, 0x00, 0x23, 0xae, 0x0a, 0x1f, 0xfc, 0xd1, 26 0x03, 0x00, 0x00, 0x14, 0x54, 0x0a, 0x16, 0x7d, 0x75, 0x9d, 0x00, 0x03, 0x00,
27 0x89, 0x00, 0x03, 0x00, 0x00, 0x23, 0xaf, 0x0a, 0x61, 0xdd, 0xc7, 0x48, 0x00, 27 0x00, 0x14, 0x55, 0x0a, 0x1f, 0xee, 0xf9, 0x49, 0x00, 0x03, 0x00, 0x00, 0x23,
28 0x03, 0x00, 0x00, 0x18, 0x0e, 0x0a, 0x61, 0xe6, 0x12, 0x64, 0x00, 0x03, 0x00, 28 0xae, 0x0a, 0x1f, 0xfc, 0xd1, 0x89, 0x00, 0x03, 0x00, 0x00, 0x23, 0xaf, 0x0a,
29 0x00, 0x18, 0x0f, 0x0a, 0x61, 0xe9, 0x46, 0x56, 0x00, 0x03, 0x00, 0x00, 0x18, 29 0x61, 0xdd, 0xc7, 0x48, 0x00, 0x03, 0x00, 0x00, 0x18, 0x0e, 0x0a, 0x61, 0xe6,
30 0x10, 0x0a, 0x64, 0x63, 0x49, 0xd2, 0x00, 0x03, 0x00, 0x00, 0x1d, 0x77, 30 0x12, 0x64, 0x00, 0x03, 0x00, 0x00, 0x18, 0x0f, 0x0a, 0x61, 0xe9, 0x46, 0x56,
31 0x00, 0x03, 0x00, 0x00, 0x18, 0x10, 0x0a, 0x64, 0x63, 0x49, 0xd2, 0x00, 0x03,
32 0x00, 0x00, 0x1d, 0x77,
31 }; 33 };
32 34
33 static const uint8 kNoopDeltaCRL[] = { 35 static const uint8 kNoopDeltaCRL[] = {
34 0xc3, 0x00, 0x7b, 0x22, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0x3a, 36 0xc3, 0x00, 0x7b, 0x22, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0x3a,
35 0x30, 0x2c, 0x22, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x54, 0x79, 0x70, 37 0x30, 0x2c, 0x22, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x54, 0x79, 0x70,
36 0x65, 0x22, 0x3a, 0x22, 0x43, 0x52, 0x4c, 0x53, 0x65, 0x74, 0x44, 0x65, 0x6c, 38 0x65, 0x22, 0x3a, 0x22, 0x43, 0x52, 0x4c, 0x53, 0x65, 0x74, 0x44, 0x65, 0x6c,
37 0x74, 0x61, 0x22, 0x2c, 0x22, 0x53, 0x65, 0x71, 0x75, 0x65, 0x6e, 0x63, 0x65, 39 0x74, 0x61, 0x22, 0x2c, 0x22, 0x53, 0x65, 0x71, 0x75, 0x65, 0x6e, 0x63, 0x65,
38 0x22, 0x3a, 0x30, 0x2c, 0x22, 0x4e, 0x65, 0x78, 0x74, 0x55, 0x70, 0x64, 0x61, 40 0x22, 0x3a, 0x30, 0x2c, 0x22, 0x4e, 0x65, 0x78, 0x74, 0x55, 0x70, 0x64, 0x61,
39 0x74, 0x65, 0x22, 0x3a, 0x31, 0x33, 0x31, 0x31, 0x31, 0x32, 0x33, 0x37, 0x39, 41 0x74, 0x65, 0x22, 0x3a, 0x31, 0x33, 0x31, 0x31, 0x31, 0x32, 0x33, 0x37, 0x39,
40 0x33, 0x2c, 0x22, 0x57, 0x69, 0x6e, 0x64, 0x6f, 0x77, 0x53, 0x65, 0x63, 0x73, 42 0x33, 0x2c, 0x22, 0x57, 0x69, 0x6e, 0x64, 0x6f, 0x77, 0x53, 0x65, 0x63, 0x73,
(...skipping 97 matching lines...) Expand 10 before | Expand all | Expand 10 after
138 0x00, 0x00, 0x23, 0xb0, 0x0a, 0x10, 0x0d, 0x7f, 0x30, 0x00, 0x03, 0x00, 0x00, 140 0x00, 0x00, 0x23, 0xb0, 0x0a, 0x10, 0x0d, 0x7f, 0x30, 0x00, 0x03, 0x00, 0x00,
139 0x23, 0xb0, 0x0a, 0x10, 0x0d, 0x7f, 0x30, 0x00, 0x03, 0x00, 0x00, 0x23, 0xb0, 141 0x23, 0xb0, 0x0a, 0x10, 0x0d, 0x7f, 0x30, 0x00, 0x03, 0x00, 0x00, 0x23, 0xb0,
140 0x0a, 0x10, 0x0d, 0x7f, 0x30, 0x00, 0x03, 0x00, 0x00, 0x23, 0xb0, 0x0a, 0x10, 142 0x0a, 0x10, 0x0d, 0x7f, 0x30, 0x00, 0x03, 0x00, 0x00, 0x23, 0xb0, 0x0a, 0x10,
141 0x0d, 0x7f, 0x30, 0x00, 0x03, 0x00, 0x00, 0x23, 0xb0, 0x0a, 0x10, 0x0d, 0x7f, 143 0x0d, 0x7f, 0x30, 0x00, 0x03, 0x00, 0x00, 0x23, 0xb0, 0x0a, 0x10, 0x0d, 0x7f,
142 0x30, 0x00, 0x03, 0x00, 0x00, 0x23, 0xb0, 0x0a, 0x10, 0x0d, 0x7f, 0x30, 0x00, 144 0x30, 0x00, 0x03, 0x00, 0x00, 0x23, 0xb0, 0x0a, 0x10, 0x0d, 0x7f, 0x30, 0x00,
143 0x03, 0x00, 0x00, 0x23, 0xb0, 0x0a, 0x10, 0x0d, 0x7f, 0x30, 0x00, 0x03, 0x00, 145 0x03, 0x00, 0x00, 0x23, 0xb0, 0x0a, 0x10, 0x0d, 0x7f, 0x30, 0x00, 0x03, 0x00,
144 0x00, 0x23, 0xb0, 0x0a, 0x10, 0x0d, 0x7f, 0x30, 0x00, 0x03, 0x00, 0x00, 0x23, 146 0x00, 0x23, 0xb0, 0x0a, 0x10, 0x0d, 0x7f, 0x30, 0x00, 0x03, 0x00, 0x00, 0x23,
145 0xb0, 147 0xb0,
146 }; 148 };
147 149
150 static const uint8 kBlockedSPKICRLSet[] = {
151 0x8e, 0x00, 0x7b, 0x22, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0x3a,
152 0x30, 0x2c, 0x22, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x54, 0x79, 0x70,
153 0x65, 0x22, 0x3a, 0x22, 0x43, 0x52, 0x4c, 0x53, 0x65, 0x74, 0x22, 0x2c, 0x22,
154 0x53, 0x65, 0x71, 0x75, 0x65, 0x6e, 0x63, 0x65, 0x22, 0x3a, 0x30, 0x2c, 0x22,
155 0x44, 0x65, 0x6c, 0x74, 0x61, 0x46, 0x72, 0x6f, 0x6d, 0x22, 0x3a, 0x30, 0x2c,
156 0x22, 0x4e, 0x75, 0x6d, 0x50, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x73, 0x22, 0x3a,
157 0x30, 0x2c, 0x22, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x65, 0x64, 0x53, 0x50, 0x4b,
158 0x49, 0x73, 0x22, 0x3a, 0x5b, 0x22, 0x34, 0x37, 0x44, 0x45, 0x51, 0x70, 0x6a,
159 0x38, 0x48, 0x42, 0x53, 0x61, 0x2b, 0x2f, 0x54, 0x49, 0x6d, 0x57, 0x2b, 0x35,
160 0x4a, 0x43, 0x65, 0x75, 0x51, 0x65, 0x52, 0x6b, 0x6d, 0x35, 0x4e, 0x4d, 0x70,
161 0x4a, 0x57, 0x5a, 0x47, 0x33, 0x68, 0x53, 0x75, 0x46, 0x55, 0x3d, 0x22, 0x5d,
162 0x7d,
163 };
164
148 // kGIASPKISHA256 is the SHA256 digest the Google Internet Authority's 165 // kGIASPKISHA256 is the SHA256 digest the Google Internet Authority's
149 // SubjectPublicKeyInfo. 166 // SubjectPublicKeyInfo.
150 static const uint8 kGIASPKISHA256[32] = { 167 static const uint8 kGIASPKISHA256[32] = {
151 0xb6, 0xb9, 0x54, 0x32, 0xab, 0xae, 0x57, 0xfe, 0x02, 0x0c, 0xb2, 0xb7, 0x4f, 168 0xb6, 0xb9, 0x54, 0x32, 0xab, 0xae, 0x57, 0xfe, 0x02, 0x0c, 0xb2, 0xb7, 0x4f,
152 0x4f, 0x9f, 0x91, 0x73, 0xc8, 0xc7, 0x08, 0xaf, 0xc9, 0xe7, 0x32, 0xac, 0xe2, 169 0x4f, 0x9f, 0x91, 0x73, 0xc8, 0xc7, 0x08, 0xaf, 0xc9, 0xe7, 0x32, 0xac, 0xe2,
153 0x32, 0x79, 0x04, 0x7c, 0x6d, 0x05, 170 0x32, 0x79, 0x04, 0x7c, 0x6d, 0x05,
154 }; 171 };
155 172
156 TEST(CRLSetTest, Parse) { 173 TEST(CRLSetTest, Parse) {
157 base::StringPiece s(reinterpret_cast<const char*>(kGIACRLSet), 174 base::StringPiece s(reinterpret_cast<const char*>(kGIACRLSet),
158 sizeof(kGIACRLSet)); 175 sizeof(kGIACRLSet));
159 scoped_refptr<net::CRLSet> set; 176 scoped_refptr<net::CRLSet> set;
160 EXPECT_TRUE(net::CRLSet::Parse(s, &set)); 177 EXPECT_TRUE(net::CRLSet::Parse(s, &set));
161 ASSERT_TRUE(set.get() != NULL); 178 ASSERT_TRUE(set.get() != NULL);
162 179
163 const net::CRLSet::CRLList& crls = set->crls(); 180 const net::CRLSet::CRLList& crls = set->crls();
164 ASSERT_EQ(1u, crls.size()); 181 ASSERT_EQ(1u, crls.size());
165 const std::vector<std::string>& serials = crls[0].second; 182 const std::vector<std::string>& serials = crls[0].second;
166 static const unsigned kExpectedNumSerials = 13; 183 static const unsigned kExpectedNumSerials = 13;
167 ASSERT_EQ(kExpectedNumSerials, serials.size()); 184 ASSERT_EQ(kExpectedNumSerials, serials.size());
168 EXPECT_EQ(std::string("\x10\x0D\x7F\x30\x00\x03\x00\x00\x23\xB0", 10), 185 EXPECT_EQ(std::string("\x10\x0D\x7F\x30\x00\x03\x00\x00\x23\xB0", 10),
169 serials[0]); 186 serials[0]);
170 EXPECT_EQ(std::string("\x64\x63\x49\xD2\x00\x03\x00\x00\x1D\x77", 10), 187 EXPECT_EQ(std::string("\x64\x63\x49\xD2\x00\x03\x00\x00\x1D\x77", 10),
171 serials[kExpectedNumSerials - 1]); 188 serials[kExpectedNumSerials - 1]);
172 189
173 const std::string gia_spki_hash( 190 const std::string gia_spki_hash(
174 reinterpret_cast<const char*>(kGIASPKISHA256), 191 reinterpret_cast<const char*>(kGIASPKISHA256),
175 sizeof(kGIASPKISHA256)); 192 sizeof(kGIASPKISHA256));
176 EXPECT_EQ(net::CRLSet::REVOKED, set->CheckCertificate( 193 EXPECT_EQ(net::CRLSet::REVOKED, set->CheckSerial(
177 std::string("\x16\x7D\x75\x9D\x00\x03\x00\x00\x14\x55", 10), 194 std::string("\x16\x7D\x75\x9D\x00\x03\x00\x00\x14\x55", 10),
178 gia_spki_hash)); 195 gia_spki_hash));
179 EXPECT_EQ(net::CRLSet::GOOD, set->CheckCertificate( 196 EXPECT_EQ(net::CRLSet::GOOD, set->CheckSerial(
180 std::string("\x47\x54\x3E\x79\x00\x03\x00\x00\x14\xF5", 10), 197 std::string("\x47\x54\x3E\x79\x00\x03\x00\x00\x14\xF5", 10),
181 gia_spki_hash)); 198 gia_spki_hash));
182 } 199 }
183 200
184 TEST(CRLSetTest, NoOpDeltaUpdate) { 201 TEST(CRLSetTest, NoOpDeltaUpdate) {
185 base::StringPiece s(reinterpret_cast<const char*>(kGIACRLSet), 202 base::StringPiece s(reinterpret_cast<const char*>(kGIACRLSet),
186 sizeof(kGIACRLSet)); 203 sizeof(kGIACRLSet));
187 scoped_refptr<net::CRLSet> set; 204 scoped_refptr<net::CRLSet> set;
188 EXPECT_TRUE(net::CRLSet::Parse(s, &set)); 205 EXPECT_TRUE(net::CRLSet::Parse(s, &set));
189 ASSERT_TRUE(set.get() != NULL); 206 ASSERT_TRUE(set.get() != NULL);
(...skipping 66 matching lines...) Expand 10 before | Expand all | Expand 10 after
256 base::StringPiece delta(reinterpret_cast<const char*>(kUpdateSerialsDelta), 273 base::StringPiece delta(reinterpret_cast<const char*>(kUpdateSerialsDelta),
257 sizeof(kUpdateSerialsDelta)); 274 sizeof(kUpdateSerialsDelta));
258 EXPECT_TRUE(set->ApplyDelta(delta, &delta_set)); 275 EXPECT_TRUE(set->ApplyDelta(delta, &delta_set));
259 ASSERT_TRUE(delta_set.get() != NULL); 276 ASSERT_TRUE(delta_set.get() != NULL);
260 277
261 const net::CRLSet::CRLList& crls = delta_set->crls(); 278 const net::CRLSet::CRLList& crls = delta_set->crls();
262 ASSERT_EQ(1u, crls.size()); 279 ASSERT_EQ(1u, crls.size());
263 const std::vector<std::string>& serials = crls[0].second; 280 const std::vector<std::string>& serials = crls[0].second;
264 EXPECT_EQ(45u, serials.size()); 281 EXPECT_EQ(45u, serials.size());
265 } 282 }
283
284 TEST(CRLSetTest, BlockedSPKIs) {
285 base::StringPiece s(reinterpret_cast<const char*>(kBlockedSPKICRLSet),
286 sizeof(kBlockedSPKICRLSet));
287 scoped_refptr<net::CRLSet> set;
288 EXPECT_TRUE(net::CRLSet::Parse(s, &set));
289 ASSERT_TRUE(set.get() != NULL);
290
291 const uint8 spki_hash[] = {
292 227, 176, 196, 66, 152, 252, 28, 20, 154, 251, 244, 200, 153, 111, 185, 36,
293 39, 174, 65, 228, 100, 155, 147, 76, 164, 149, 153, 27, 120, 82, 184, 85,
294 0,
295 };
296
297 EXPECT_EQ(net::CRLSet::GOOD, set->CheckSPKI(""));
298 EXPECT_EQ(net::CRLSet::REVOKED, set->CheckSPKI(
299 reinterpret_cast<const char*>(spki_hash)));
300 }
OLDNEW
« no previous file with comments | « net/base/crl_set.cc ('k') | net/base/x509_certificate_nss.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698