| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/base/transport_security_state.h" | 5 #include "net/base/transport_security_state.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 #include <string> | 8 #include <string> |
| 9 | 9 |
| 10 #include "base/base64.h" | 10 #include "base/base64.h" |
| 11 #include "base/file_path.h" | 11 #include "base/file_path.h" |
| 12 #include "base/sha1.h" | 12 #include "base/sha1.h" |
| 13 #include "base/string_piece.h" | 13 #include "base/string_piece.h" |
| 14 #include "net/base/asn1_util.h" | 14 #include "net/base/asn1_util.h" |
| 15 #include "net/base/cert_test_util.h" | 15 #include "net/base/cert_test_util.h" |
| 16 #include "net/base/cert_verifier.h" | 16 #include "net/base/cert_verifier.h" |
| 17 #include "net/base/cert_verify_result.h" | 17 #include "net/base/cert_verify_result.h" |
| 18 #include "net/base/net_errors.h" |
| 19 #include "net/base/net_log.h" |
| 18 #include "net/base/ssl_info.h" | 20 #include "net/base/ssl_info.h" |
| 21 #include "net/base/test_completion_callback.h" |
| 19 #include "net/base/test_root_certs.h" | 22 #include "net/base/test_root_certs.h" |
| 20 #include "net/base/x509_certificate.h" | 23 #include "net/base/x509_certificate.h" |
| 21 #include "net/http/http_util.h" | 24 #include "net/http/http_util.h" |
| 22 #include "testing/gtest/include/gtest/gtest.h" | 25 #include "testing/gtest/include/gtest/gtest.h" |
| 23 | 26 |
| 24 #if defined(USE_OPENSSL) | 27 #if defined(USE_OPENSSL) |
| 25 #include "crypto/openssl_util.h" | 28 #include "crypto/openssl_util.h" |
| 26 #else | 29 #else |
| 27 #include "crypto/nss_util.h" | 30 #include "crypto/nss_util.h" |
| 28 #endif | 31 #endif |
| (...skipping 251 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 280 | 283 |
| 281 // Add the root that signed the intermediate for this test. | 284 // Add the root that signed the intermediate for this test. |
| 282 scoped_refptr<X509Certificate> root_cert = | 285 scoped_refptr<X509Certificate> root_cert = |
| 283 ImportCertFromFile(certs_dir, "2048-rsa-root.pem"); | 286 ImportCertFromFile(certs_dir, "2048-rsa-root.pem"); |
| 284 ASSERT_NE(static_cast<X509Certificate*>(NULL), root_cert); | 287 ASSERT_NE(static_cast<X509Certificate*>(NULL), root_cert); |
| 285 ScopedTestRoot scoped_root(root_cert); | 288 ScopedTestRoot scoped_root(root_cert); |
| 286 | 289 |
| 287 // Verify has the side-effect of populating public_key_hashes, which | 290 // Verify has the side-effect of populating public_key_hashes, which |
| 288 // ParsePinsHeader needs. (It wants to check pins against the validated | 291 // ParsePinsHeader needs. (It wants to check pins against the validated |
| 289 // chain, not just the presented chain.) | 292 // chain, not just the presented chain.) |
| 293 int rv = ERR_FAILED; |
| 290 CertVerifyResult result; | 294 CertVerifyResult result; |
| 291 int rv = ssl_info.cert->Verify("127.0.0.1", 0, NULL, &result); | 295 scoped_ptr<CertVerifier> verifier(CertVerifier::CreateDefault()); |
| 292 ASSERT_EQ(0, rv); | 296 TestCompletionCallback callback; |
| 297 CertVerifier::RequestHandle handle = NULL; |
| 298 rv = verifier->Verify(ssl_info.cert, "127.0.0.1", 0, NULL, &result, |
| 299 callback.callback(), &handle, BoundNetLog()); |
| 300 rv = callback.GetResult(rv); |
| 301 ASSERT_EQ(OK, rv); |
| 293 // Normally, ssl_client_socket_nss would do this, but for a unit test we | 302 // Normally, ssl_client_socket_nss would do this, but for a unit test we |
| 294 // fake it. | 303 // fake it. |
| 295 ssl_info.public_key_hashes = result.public_key_hashes; | 304 ssl_info.public_key_hashes = result.public_key_hashes; |
| 296 std::string good_pin = GetPinFromCert(ssl_info.cert); | 305 std::string good_pin = GetPinFromCert(ssl_info.cert); |
| 297 | 306 |
| 298 // The backup pin is fake --- we just need an SPKI hash that does not match | 307 // The backup pin is fake --- we just need an SPKI hash that does not match |
| 299 // the hash of any SPKI in the certificate chain. | 308 // the hash of any SPKI in the certificate chain. |
| 300 std::string backup_pin = "pin-sha1=" + | 309 std::string backup_pin = "pin-sha1=" + |
| 301 HttpUtil::Quote("6dcfXufJLW3J6S/9rRe4vUlBj5g="); | 310 HttpUtil::Quote("6dcfXufJLW3J6S/9rRe4vUlBj5g="); |
| 302 | 311 |
| (...skipping 967 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1270 // Expect to fail for SNI hosts when not searching the SNI list: | 1279 // Expect to fail for SNI hosts when not searching the SNI list: |
| 1271 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty( | 1280 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty( |
| 1272 "gmail.com", false)); | 1281 "gmail.com", false)); |
| 1273 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty( | 1282 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty( |
| 1274 "googlegroups.com", false)); | 1283 "googlegroups.com", false)); |
| 1275 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty( | 1284 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty( |
| 1276 "www.googlegroups.com", false)); | 1285 "www.googlegroups.com", false)); |
| 1277 } | 1286 } |
| 1278 | 1287 |
| 1279 } // namespace net | 1288 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 9584041:
Create stubs for system certificate validation. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src