| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/cert_verify_proc.h" | 5 #include "net/cert/cert_verify_proc.h" |
| 6 | 6 |
| 7 #include <vector> | 7 #include <vector> |
| 8 | 8 |
| 9 #include "base/callback_helpers.h" | 9 #include "base/callback_helpers.h" |
| 10 #include "base/files/file_path.h" | 10 #include "base/files/file_path.h" |
| (...skipping 85 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 96 #endif | 96 #endif |
| 97 return true; | 97 return true; |
| 98 } | 98 } |
| 99 | 99 |
| 100 bool SupportsDetectingKnownRoots() { | 100 bool SupportsDetectingKnownRoots() { |
| 101 #if defined(OS_ANDROID) | 101 #if defined(OS_ANDROID) |
| 102 // Before API level 17, Android does not expose the APIs necessary to get at | 102 // Before API level 17, Android does not expose the APIs necessary to get at |
| 103 // the verified certificate chain and detect known roots. | 103 // the verified certificate chain and detect known roots. |
| 104 if (base::android::BuildInfo::GetInstance()->sdk_int() < 17) | 104 if (base::android::BuildInfo::GetInstance()->sdk_int() < 17) |
| 105 return false; | 105 return false; |
| 106 #elif defined(OS_IOS) && defined(USE_OPENSSL) | 106 #elif defined(OS_IOS) |
| 107 // iOS does not expose the APIs necessary to get the known system roots. | 107 // iOS does not expose the APIs necessary to get the known system roots. |
| 108 return false; | 108 return false; |
| 109 #endif | 109 #endif |
| 110 return true; | 110 return true; |
| 111 } | 111 } |
| 112 | 112 |
| 113 // Template helper to load a series of certificate files into a CertificateList. | 113 // Template helper to load a series of certificate files into a CertificateList. |
| 114 // Like CertTestUtil's CreateCertificateListFromFile, except it can load a | 114 // Like CertTestUtil's CreateCertificateListFromFile, except it can load a |
| 115 // series of individual certificates (to make the tests clearer). | 115 // series of individual certificates (to make the tests clearer). |
| 116 template <size_t N> | 116 template <size_t N> |
| (...skipping 100 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 217 EXPECT_EQ(paypal_null_fingerprint[i], fingerprint.data[i]); | 217 EXPECT_EQ(paypal_null_fingerprint[i], fingerprint.data[i]); |
| 218 | 218 |
| 219 int flags = 0; | 219 int flags = 0; |
| 220 CertVerifyResult verify_result; | 220 CertVerifyResult verify_result; |
| 221 int error = Verify(paypal_null_cert.get(), | 221 int error = Verify(paypal_null_cert.get(), |
| 222 "www.paypal.com", | 222 "www.paypal.com", |
| 223 flags, | 223 flags, |
| 224 NULL, | 224 NULL, |
| 225 empty_cert_list_, | 225 empty_cert_list_, |
| 226 &verify_result); | 226 &verify_result); |
| 227 #if defined(USE_NSS_VERIFIER) || defined(OS_ANDROID) | 227 #if defined(USE_NSS_CERTS) || defined(OS_ANDROID) |
| 228 EXPECT_EQ(ERR_CERT_COMMON_NAME_INVALID, error); | 228 EXPECT_EQ(ERR_CERT_COMMON_NAME_INVALID, error); |
| 229 #elif defined(OS_IOS) && TARGET_IPHONE_SIMULATOR | 229 #elif defined(OS_IOS) && TARGET_IPHONE_SIMULATOR |
| 230 // iOS returns a ERR_CERT_INVALID error on the simulator, while returning | 230 // iOS returns a ERR_CERT_INVALID error on the simulator, while returning |
| 231 // ERR_CERT_AUTHORITY_INVALID on the real device. | 231 // ERR_CERT_AUTHORITY_INVALID on the real device. |
| 232 EXPECT_EQ(ERR_CERT_INVALID, error); | 232 EXPECT_EQ(ERR_CERT_INVALID, error); |
| 233 #else | 233 #else |
| 234 // TOOD(bulach): investigate why macosx and win aren't returning | 234 // TOOD(bulach): investigate why macosx and win aren't returning |
| 235 // ERR_CERT_INVALID or ERR_CERT_COMMON_NAME_INVALID. | 235 // ERR_CERT_INVALID or ERR_CERT_COMMON_NAME_INVALID. |
| 236 EXPECT_EQ(ERR_CERT_AUTHORITY_INVALID, error); | 236 EXPECT_EQ(ERR_CERT_AUTHORITY_INVALID, error); |
| 237 #endif | 237 #endif |
| 238 // Either the system crypto library should correctly report a certificate | 238 // Either the system crypto library should correctly report a certificate |
| 239 // name mismatch, or our certificate blacklist should cause us to report an | 239 // name mismatch, or our certificate blacklist should cause us to report an |
| 240 // invalid certificate. | 240 // invalid certificate. |
| 241 #if defined(USE_NSS_VERIFIER) || defined(OS_WIN) | 241 #if defined(USE_NSS_CERTS) || defined(OS_WIN) |
| 242 EXPECT_TRUE(verify_result.cert_status & | 242 EXPECT_TRUE(verify_result.cert_status & |
| 243 (CERT_STATUS_COMMON_NAME_INVALID | CERT_STATUS_INVALID)); | 243 (CERT_STATUS_COMMON_NAME_INVALID | CERT_STATUS_INVALID)); |
| 244 #endif | 244 #endif |
| 245 } | 245 } |
| 246 | 246 |
| 247 // A regression test for http://crbug.com/31497. | 247 // A regression test for http://crbug.com/31497. |
| 248 #if defined(OS_ANDROID) | 248 #if defined(OS_ANDROID) |
| 249 // Disabled on Android, as the Android verification libraries require an | 249 // Disabled on Android, as the Android verification libraries require an |
| 250 // explicit policy to be specified, even when anyPolicy is permitted. | 250 // explicit policy to be specified, even when anyPolicy is permitted. |
| 251 #define MAYBE_IntermediateCARequireExplicitPolicy \ | 251 #define MAYBE_IntermediateCARequireExplicitPolicy \ |
| (...skipping 874 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1126 int flags = 0; | 1126 int flags = 0; |
| 1127 CertVerifyResult verify_result; | 1127 CertVerifyResult verify_result; |
| 1128 int error = Verify( | 1128 int error = Verify( |
| 1129 cert.get(), "127.0.0.1", flags, NULL, empty_cert_list_, &verify_result); | 1129 cert.get(), "127.0.0.1", flags, NULL, empty_cert_list_, &verify_result); |
| 1130 EXPECT_EQ(OK, error); | 1130 EXPECT_EQ(OK, error); |
| 1131 EXPECT_EQ(0U, verify_result.cert_status); | 1131 EXPECT_EQ(0U, verify_result.cert_status); |
| 1132 // But should not be marked as a known root. | 1132 // But should not be marked as a known root. |
| 1133 EXPECT_FALSE(verify_result.is_issued_by_known_root); | 1133 EXPECT_FALSE(verify_result.is_issued_by_known_root); |
| 1134 } | 1134 } |
| 1135 | 1135 |
| 1136 #if defined(USE_NSS_VERIFIER) || defined(OS_WIN) || \ | 1136 #if defined(USE_NSS_CERTS) || defined(OS_WIN) || \ |
| 1137 (defined(OS_MACOSX) && !defined(OS_IOS)) | 1137 (defined(OS_MACOSX) && !defined(OS_IOS)) |
| 1138 // Test that CRLSets are effective in making a certificate appear to be | 1138 // Test that CRLSets are effective in making a certificate appear to be |
| 1139 // revoked. | 1139 // revoked. |
| 1140 TEST_F(CertVerifyProcTest, CRLSet) { | 1140 TEST_F(CertVerifyProcTest, CRLSet) { |
| 1141 CertificateList ca_cert_list = | 1141 CertificateList ca_cert_list = |
| 1142 CreateCertificateListFromFile(GetTestCertsDirectory(), | 1142 CreateCertificateListFromFile(GetTestCertsDirectory(), |
| 1143 "root_ca_cert.pem", | 1143 "root_ca_cert.pem", |
| 1144 X509Certificate::FORMAT_AUTO); | 1144 X509Certificate::FORMAT_AUTO); |
| 1145 ASSERT_EQ(1U, ca_cert_list.size()); | 1145 ASSERT_EQ(1U, ca_cert_list.size()); |
| 1146 ScopedTestRoot test_root(ca_cert_list[0].get()); | 1146 ScopedTestRoot test_root(ca_cert_list[0].get()); |
| (...skipping 555 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1702 int flags = 0; | 1702 int flags = 0; |
| 1703 CertVerifyResult verify_result; | 1703 CertVerifyResult verify_result; |
| 1704 int error = Verify(cert.get(), "127.0.0.1", flags, NULL, empty_cert_list_, | 1704 int error = Verify(cert.get(), "127.0.0.1", flags, NULL, empty_cert_list_, |
| 1705 &verify_result); | 1705 &verify_result); |
| 1706 EXPECT_EQ(ERR_CERT_INVALID, error); | 1706 EXPECT_EQ(ERR_CERT_INVALID, error); |
| 1707 EXPECT_EQ(CERT_STATUS_INVALID, verify_result.cert_status); | 1707 EXPECT_EQ(CERT_STATUS_INVALID, verify_result.cert_status); |
| 1708 } | 1708 } |
| 1709 #endif // defined(OS_MACOSX) && !defined(OS_IOS) | 1709 #endif // defined(OS_MACOSX) && !defined(OS_IOS) |
| 1710 | 1710 |
| 1711 } // namespace net | 1711 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1882433002:
Removing NSS files and USE_OPENSSL flag (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master