| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/base/cert_verify_proc.h" | 5 #include "net/base/cert_verify_proc.h" |
| 6 | 6 |
| 7 #include <vector> | 7 #include <vector> |
| 8 | 8 |
| 9 #include "base/file_path.h" | 9 #include "base/file_path.h" |
| 10 #include "base/string_number_conversions.h" | 10 #include "base/string_number_conversions.h" |
| 11 #include "base/sha1.h" | 11 #include "base/sha1.h" |
| 12 #include "net/base/asn1_util.h" | 12 #include "net/base/asn1_util.h" |
| 13 #include "net/base/cert_status_flags.h" | 13 #include "net/base/cert_status_flags.h" |
| 14 #include "net/base/cert_test_util.h" | 14 #include "net/base/cert_test_util.h" |
| 15 #include "net/base/cert_verifier.h" |
| 15 #include "net/base/cert_verify_result.h" | 16 #include "net/base/cert_verify_result.h" |
| 16 #include "net/base/crl_set.h" | 17 #include "net/base/crl_set.h" |
| 17 #include "net/base/net_errors.h" | 18 #include "net/base/net_errors.h" |
| 18 #include "net/base/test_certificate_data.h" | 19 #include "net/base/test_certificate_data.h" |
| 19 #include "net/base/test_root_certs.h" | 20 #include "net/base/test_root_certs.h" |
| 20 #include "net/base/x509_certificate.h" | 21 #include "net/base/x509_certificate.h" |
| 21 #include "testing/gtest/include/gtest/gtest.h" | 22 #include "testing/gtest/include/gtest/gtest.h" |
| 22 | 23 |
| 23 #if defined(OS_WIN) | 24 #if defined(OS_WIN) |
| 24 #include "base/win/windows_version.h" | 25 #include "base/win/windows_version.h" |
| (...skipping 73 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 98 X509Certificate::OSCertHandles intermediates; | 99 X509Certificate::OSCertHandles intermediates; |
| 99 intermediates.push_back(certs[1]->os_cert_handle()); | 100 intermediates.push_back(certs[1]->os_cert_handle()); |
| 100 intermediates.push_back(certs[2]->os_cert_handle()); | 101 intermediates.push_back(certs[2]->os_cert_handle()); |
| 101 | 102 |
| 102 scoped_refptr<X509Certificate> comodo_chain = | 103 scoped_refptr<X509Certificate> comodo_chain = |
| 103 X509Certificate::CreateFromHandle(certs[0]->os_cert_handle(), | 104 X509Certificate::CreateFromHandle(certs[0]->os_cert_handle(), |
| 104 intermediates); | 105 intermediates); |
| 105 | 106 |
| 106 scoped_refptr<CRLSet> crl_set(CRLSet::EmptyCRLSetForTesting()); | 107 scoped_refptr<CRLSet> crl_set(CRLSet::EmptyCRLSetForTesting()); |
| 107 CertVerifyResult verify_result; | 108 CertVerifyResult verify_result; |
| 108 int flags = X509Certificate::VERIFY_EV_CERT; | 109 int flags = CertVerifier::VERIFY_EV_CERT; |
| 109 int error = Verify(comodo_chain, "comodo.com", flags, crl_set.get(), | 110 int error = Verify(comodo_chain, "comodo.com", flags, crl_set.get(), |
| 110 &verify_result); | 111 &verify_result); |
| 111 EXPECT_EQ(OK, error); | 112 EXPECT_EQ(OK, error); |
| 112 EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_IS_EV); | 113 EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_IS_EV); |
| 113 } | 114 } |
| 114 | 115 |
| 115 TEST_F(CertVerifyProcTest, PaypalNullCertParsing) { | 116 TEST_F(CertVerifyProcTest, PaypalNullCertParsing) { |
| 116 scoped_refptr<X509Certificate> paypal_null_cert( | 117 scoped_refptr<X509Certificate> paypal_null_cert( |
| 117 X509Certificate::CreateFromBytes( | 118 X509Certificate::CreateFromBytes( |
| 118 reinterpret_cast<const char*>(paypal_null_der), | 119 reinterpret_cast<const char*>(paypal_null_der), |
| (...skipping 86 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 205 ImportCertFromFile(certs_dir, "globalsign_ev_sha256_ca_cert.pem"); | 206 ImportCertFromFile(certs_dir, "globalsign_ev_sha256_ca_cert.pem"); |
| 206 ASSERT_NE(static_cast<X509Certificate*>(NULL), intermediate_cert); | 207 ASSERT_NE(static_cast<X509Certificate*>(NULL), intermediate_cert); |
| 207 | 208 |
| 208 X509Certificate::OSCertHandles intermediates; | 209 X509Certificate::OSCertHandles intermediates; |
| 209 intermediates.push_back(intermediate_cert->os_cert_handle()); | 210 intermediates.push_back(intermediate_cert->os_cert_handle()); |
| 210 scoped_refptr<X509Certificate> cert_chain = | 211 scoped_refptr<X509Certificate> cert_chain = |
| 211 X509Certificate::CreateFromHandle(server_cert->os_cert_handle(), | 212 X509Certificate::CreateFromHandle(server_cert->os_cert_handle(), |
| 212 intermediates); | 213 intermediates); |
| 213 | 214 |
| 214 CertVerifyResult verify_result; | 215 CertVerifyResult verify_result; |
| 215 int flags = X509Certificate::VERIFY_REV_CHECKING_ENABLED | | 216 int flags = CertVerifier::VERIFY_REV_CHECKING_ENABLED | |
| 216 X509Certificate::VERIFY_EV_CERT; | 217 CertVerifier::VERIFY_EV_CERT; |
| 217 int error = Verify(cert_chain, "2029.globalsign.com", flags, NULL, | 218 int error = Verify(cert_chain, "2029.globalsign.com", flags, NULL, |
| 218 &verify_result); | 219 &verify_result); |
| 219 if (error == OK) | 220 if (error == OK) |
| 220 EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_IS_EV); | 221 EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_IS_EV); |
| 221 else | 222 else |
| 222 EXPECT_EQ(ERR_CERT_DATE_INVALID, error); | 223 EXPECT_EQ(ERR_CERT_DATE_INVALID, error); |
| 223 } | 224 } |
| 224 | 225 |
| 225 // Currently, only RSA and DSA keys are checked for weakness, and our example | 226 // Currently, only RSA and DSA keys are checked for weakness, and our example |
| 226 // weak size is 768. These could change in the future. | 227 // weak size is 768. These could change in the future. |
| (...skipping 127 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 354 ImportCertFromFile(certs_dir, "diginotar_public_ca_2025.pem"); | 355 ImportCertFromFile(certs_dir, "diginotar_public_ca_2025.pem"); |
| 355 ASSERT_NE(static_cast<X509Certificate*>(NULL), intermediate_cert); | 356 ASSERT_NE(static_cast<X509Certificate*>(NULL), intermediate_cert); |
| 356 | 357 |
| 357 X509Certificate::OSCertHandles intermediates; | 358 X509Certificate::OSCertHandles intermediates; |
| 358 intermediates.push_back(intermediate_cert->os_cert_handle()); | 359 intermediates.push_back(intermediate_cert->os_cert_handle()); |
| 359 scoped_refptr<X509Certificate> cert_chain = | 360 scoped_refptr<X509Certificate> cert_chain = |
| 360 X509Certificate::CreateFromHandle(server_cert->os_cert_handle(), | 361 X509Certificate::CreateFromHandle(server_cert->os_cert_handle(), |
| 361 intermediates); | 362 intermediates); |
| 362 | 363 |
| 363 CertVerifyResult verify_result; | 364 CertVerifyResult verify_result; |
| 364 int flags = X509Certificate::VERIFY_REV_CHECKING_ENABLED; | 365 int flags = CertVerifier::VERIFY_REV_CHECKING_ENABLED; |
| 365 int error = Verify(cert_chain, "mail.google.com", flags, NULL, | 366 int error = Verify(cert_chain, "mail.google.com", flags, NULL, |
| 366 &verify_result); | 367 &verify_result); |
| 367 EXPECT_NE(OK, error); | 368 EXPECT_NE(OK, error); |
| 368 | 369 |
| 369 // Now turn off revocation checking. Certificate verification should still | 370 // Now turn off revocation checking. Certificate verification should still |
| 370 // fail. | 371 // fail. |
| 371 flags = 0; | 372 flags = 0; |
| 372 error = Verify(cert_chain, "mail.google.com", flags, NULL, &verify_result); | 373 error = Verify(cert_chain, "mail.google.com", flags, NULL, &verify_result); |
| 373 EXPECT_NE(OK, error); | 374 EXPECT_NE(OK, error); |
| 374 } | 375 } |
| (...skipping 589 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 964 #define MAYBE_VerifyMixed DISABLED_VerifyMixed | 965 #define MAYBE_VerifyMixed DISABLED_VerifyMixed |
| 965 #else | 966 #else |
| 966 #define MAYBE_VerifyMixed VerifyMixed | 967 #define MAYBE_VerifyMixed VerifyMixed |
| 967 #endif | 968 #endif |
| 968 WRAPPED_INSTANTIATE_TEST_CASE_P( | 969 WRAPPED_INSTANTIATE_TEST_CASE_P( |
| 969 MAYBE_VerifyMixed, | 970 MAYBE_VerifyMixed, |
| 970 CertVerifyProcWeakDigestTest, | 971 CertVerifyProcWeakDigestTest, |
| 971 testing::ValuesIn(kVerifyMixedTestData)); | 972 testing::ValuesIn(kVerifyMixedTestData)); |
| 972 | 973 |
| 973 } // namespace net | 974 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 10855168:
Rename X509Certificate::VerifyFlags to CertVerifier::VerifyFlags (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src