| OLD | NEW |
|---|
| 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "base/port.h" | 5 #include "base/port.h" |
| 6 #include "net/base/cert_status_flags.h" | 6 #include "net/base/cert_status_flags.h" |
| 7 #include "net/base/x509_certificate.h" | 7 #include "net/base/x509_certificate.h" |
| 8 #include "testing/gtest/include/gtest/gtest.h" | 8 #include "testing/gtest/include/gtest/gtest.h" |
| 9 | 9 |
| 10 // Unit tests aren't allowed to access external resources. Unfortunately, to | 10 // Unit tests aren't allowed to access external resources. Unfortunately, to |
| 11 // properly verify the EV-ness of a cert, we need to check for its revocation | 11 // properly verify the EV-ness of a cert, we need to check for its revocation |
| 12 // through online servers. If you're manually running unit tests, feel free to | 12 // through online servers. If you're manually running unit tests, feel free to |
| 13 // turn this on to test EV certs. But leave it turned off for the automated | 13 // turn this on to test EV certs. But leave it turned off for the automated |
| 14 // testing. | 14 // testing. |
| 15 #define ALLOW_EXTERNAL_ACCESS 0 | 15 #define ALLOW_EXTERNAL_ACCESS 0 |
| 16 | 16 |
| 17 using base::Time; | 17 using base::Time; |
| 18 | 18 |
| 19 namespace { | 19 namespace { |
| 20 | 20 |
| 21 class X509CertificateTest : public testing::Test { | |
| 22 }; | |
| 23 | |
| 24 // Certificates for test data. They're obtained with: | 21 // Certificates for test data. They're obtained with: |
| 25 // | 22 // |
| 26 // $ openssl s_client -connect [host]:443 -showcerts | 23 // $ openssl s_client -connect [host]:443 -showcerts |
| 27 // $ openssl x509 -inform PEM -outform DER > /tmp/host.der | 24 // $ openssl x509 -inform PEM -outform DER > /tmp/host.der |
| 28 // $ xxd -i /tmp/host.der | 25 // $ xxd -i /tmp/host.der |
| 29 | 26 |
| 30 // Google's cert. | 27 // Google's cert. |
| 31 | 28 |
| 32 unsigned char google_der[] = { | 29 unsigned char google_der[] = { |
| 33 0x30, 0x82, 0x03, 0x21, 0x30, 0x82, 0x02, 0x8a, 0xa0, 0x03, 0x02, 0x01, | 30 0x30, 0x82, 0x03, 0x21, 0x30, 0x82, 0x02, 0x8a, 0xa0, 0x03, 0x02, 0x01, |
| 34 0x02, 0x02, 0x10, 0x3c, 0x8d, 0x3a, 0x64, 0xee, 0x18, 0xdd, 0x1b, 0x73, | 31 0x02, 0x02, 0x10, 0x3c, 0x8d, 0x3a, 0x64, 0xee, 0x18, 0xdd, 0x1b, 0x73, |
| 35 0x0b, 0xa1, 0x92, 0xee, 0xf8, 0x98, 0x1b, 0x30, 0x0d, 0x06, 0x09, 0x2a, | 32 0x0b, 0xa1, 0x92, 0xee, 0xf8, 0x98, 0x1b, 0x30, 0x0d, 0x06, 0x09, 0x2a, |
| (...skipping 289 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 325 0xb2, 0x86, 0x04, 0x68, 0x06, 0xe6, 0xb6, 0x85, 0xc8, 0x9b, 0x50 | 322 0xb2, 0x86, 0x04, 0x68, 0x06, 0xe6, 0xb6, 0x85, 0xc8, 0x9b, 0x50 |
| 326 }; | 323 }; |
| 327 | 324 |
| 328 unsigned char thawte_fingerprint[] = { | 325 unsigned char thawte_fingerprint[] = { |
| 329 0x3a, 0xc0, 0x5d, 0x86, 0xb1, 0xd2, 0xee, 0x47, 0xc3, 0xf0, 0x4f, 0x24, | 326 0x3a, 0xc0, 0x5d, 0x86, 0xb1, 0xd2, 0xee, 0x47, 0xc3, 0xf0, 0x4f, 0x24, |
| 330 0x13, 0xb7, 0x6b, 0x79, 0x23, 0x6d, 0x68, 0x5d | 327 0x13, 0xb7, 0x6b, 0x79, 0x23, 0x6d, 0x68, 0x5d |
| 331 }; | 328 }; |
| 332 | 329 |
| 333 } // namespace | 330 } // namespace |
| 334 | 331 |
| 335 using net::X509Certificate; | 332 namespace net { |
| 336 | 333 |
| 337 TEST(X509CertificateTest, GoogleCertParsing) { | 334 TEST(X509CertificateTest, GoogleCertParsing) { |
| 338 scoped_refptr<X509Certificate> google_cert = X509Certificate::CreateFromBytes( | 335 scoped_refptr<X509Certificate> google_cert = X509Certificate::CreateFromBytes( |
| 339 reinterpret_cast<const char*>(google_der), sizeof(google_der)); | 336 reinterpret_cast<const char*>(google_der), sizeof(google_der)); |
| 340 | 337 |
| 341 ASSERT_NE(static_cast<X509Certificate *>(NULL), google_cert); | 338 ASSERT_NE(static_cast<X509Certificate*>(NULL), google_cert); |
| 342 | 339 |
| 343 const X509Certificate::Principal& subject = google_cert->subject(); | 340 const X509Certificate::Principal& subject = google_cert->subject(); |
| 344 EXPECT_EQ("www.google.com", subject.common_name); | 341 EXPECT_EQ("www.google.com", subject.common_name); |
| 345 EXPECT_EQ("Mountain View", subject.locality_name); | 342 EXPECT_EQ("Mountain View", subject.locality_name); |
| 346 EXPECT_EQ("California", subject.state_or_province_name); | 343 EXPECT_EQ("California", subject.state_or_province_name); |
| 347 EXPECT_EQ("US", subject.country_name); | 344 EXPECT_EQ("US", subject.country_name); |
| 348 EXPECT_EQ(0U, subject.street_addresses.size()); | 345 EXPECT_EQ(0U, subject.street_addresses.size()); |
| 349 EXPECT_EQ(1U, subject.organization_names.size()); | 346 EXPECT_EQ(1U, subject.organization_names.size()); |
| 350 EXPECT_EQ("Google Inc", subject.organization_names[0]); | 347 EXPECT_EQ("Google Inc", subject.organization_names[0]); |
| 351 EXPECT_EQ(0U, subject.organization_unit_names.size()); | 348 EXPECT_EQ(0U, subject.organization_unit_names.size()); |
| 352 EXPECT_EQ(0U, subject.domain_components.size()); | 349 EXPECT_EQ(0U, subject.domain_components.size()); |
| 353 | 350 |
| 354 const X509Certificate::Principal& issuer = google_cert->issuer(); | 351 const X509Certificate::Principal& issuer = google_cert->issuer(); |
| 355 EXPECT_EQ("Thawte SGC CA", issuer.common_name); | 352 EXPECT_EQ("Thawte SGC CA", issuer.common_name); |
| 356 EXPECT_EQ("", issuer.locality_name); | 353 EXPECT_EQ("", issuer.locality_name); |
| 357 EXPECT_EQ("", issuer.state_or_province_name); | 354 EXPECT_EQ("", issuer.state_or_province_name); |
| 358 EXPECT_EQ("ZA", issuer.country_name); | 355 EXPECT_EQ("ZA", issuer.country_name); |
| 359 EXPECT_EQ(0U, issuer.street_addresses.size()); | 356 EXPECT_EQ(0U, issuer.street_addresses.size()); |
| 360 EXPECT_EQ(1U, issuer.organization_names.size()); | 357 EXPECT_EQ(1U, issuer.organization_names.size()); |
| 361 EXPECT_EQ("Thawte Consulting (Pty) Ltd.", issuer.organization_names[0]); | 358 EXPECT_EQ("Thawte Consulting (Pty) Ltd.", issuer.organization_names[0]); |
| 362 EXPECT_EQ(0U, issuer.organization_unit_names.size()); | 359 EXPECT_EQ(0U, issuer.organization_unit_names.size()); |
| 363 EXPECT_EQ(0U, issuer.domain_components.size()); | 360 EXPECT_EQ(0U, issuer.domain_components.size()); |
| 364 | 361 |
| 365 // Use DoubleT because its epoch is the same on all platforms | 362 // Use DoubleT because its epoch is the same on all platforms |
| 366 const Time& valid_start = google_cert->valid_start(); | 363 const Time& valid_start = google_cert->valid_start(); |
| 367 EXPECT_EQ(1209747775, valid_start.ToDoubleT()); | 364 EXPECT_EQ(1209747775, valid_start.ToDoubleT()); |
| 368 | 365 |
| 369 const Time& valid_expiry = google_cert->valid_expiry(); | 366 const Time& valid_expiry = google_cert->valid_expiry(); |
| 370 EXPECT_EQ(1241283775, valid_expiry.ToDoubleT()); | 367 EXPECT_EQ(1241283775, valid_expiry.ToDoubleT()); |
| 371 | 368 |
| 372 const X509Certificate::Fingerprint& fingerprint = google_cert->fingerprint(); | 369 const X509Certificate::Fingerprint& fingerprint = google_cert->fingerprint(); |
| 373 for (size_t i = 0; i < 20; ++i) | 370 for (size_t i = 0; i < 20; ++i) |
| 374 EXPECT_EQ(google_fingerprint[i], fingerprint.data[i]); | 371 EXPECT_EQ(google_fingerprint[i], fingerprint.data[i]); |
| 375 | 372 |
| 376 std::vector<std::string> dns_names; | 373 std::vector<std::string> dns_names; |
| 377 google_cert->GetDNSNames(&dns_names); | 374 google_cert->GetDNSNames(&dns_names); |
| 378 EXPECT_EQ(1U, dns_names.size()); | 375 EXPECT_EQ(1U, dns_names.size()); |
| 379 EXPECT_EQ("www.google.com", dns_names[0]); | 376 EXPECT_EQ("www.google.com", dns_names[0]); |
| 380 | 377 |
| 381 #if ALLOW_EXTERNAL_ACCESS && defined(OS_WIN) | 378 #if ALLOW_EXTERNAL_ACCESS && defined(OS_WIN) |
| 382 // TODO(avi): turn this on for the Mac once EV checking is implemented. | 379 // TODO(avi): turn this on for the Mac once EV checking is implemented. |
| 383 EXPECT_EQ(false, google_cert->IsEV(net::CERT_STATUS_REV_CHECKING_ENABLED)); | 380 EXPECT_EQ(false, google_cert->IsEV(net::CERT_STATUS_REV_CHECKING_ENABLED)); |
| 384 #endif | 381 #endif |
| 385 } | 382 } |
| 386 | 383 |
| 387 TEST(X509CertificateTest, WebkitCertParsing) { | 384 TEST(X509CertificateTest, WebkitCertParsing) { |
| 388 scoped_refptr<X509Certificate> webkit_cert = X509Certificate::CreateFromBytes( | 385 scoped_refptr<X509Certificate> webkit_cert = X509Certificate::CreateFromBytes( |
| 389 reinterpret_cast<const char*>(webkit_der), sizeof(webkit_der)); | 386 reinterpret_cast<const char*>(webkit_der), sizeof(webkit_der)); |
| 390 | 387 |
| 391 ASSERT_NE(static_cast<X509Certificate *>(NULL), webkit_cert); | 388 ASSERT_NE(static_cast<X509Certificate*>(NULL), webkit_cert); |
| 392 | 389 |
| 393 const X509Certificate::Principal& subject = webkit_cert->subject(); | 390 const X509Certificate::Principal& subject = webkit_cert->subject(); |
| 394 EXPECT_EQ("Cupertino", subject.locality_name); | 391 EXPECT_EQ("Cupertino", subject.locality_name); |
| 395 EXPECT_EQ("California", subject.state_or_province_name); | 392 EXPECT_EQ("California", subject.state_or_province_name); |
| 396 EXPECT_EQ("US", subject.country_name); | 393 EXPECT_EQ("US", subject.country_name); |
| 397 EXPECT_EQ(0U, subject.street_addresses.size()); | 394 EXPECT_EQ(0U, subject.street_addresses.size()); |
| 398 EXPECT_EQ(1U, subject.organization_names.size()); | 395 EXPECT_EQ(1U, subject.organization_names.size()); |
| 399 EXPECT_EQ("Apple Inc.", subject.organization_names[0]); | 396 EXPECT_EQ("Apple Inc.", subject.organization_names[0]); |
| 400 EXPECT_EQ(1U, subject.organization_unit_names.size()); | 397 EXPECT_EQ(1U, subject.organization_unit_names.size()); |
| 401 EXPECT_EQ("Mac OS Forge", subject.organization_unit_names[0]); | 398 EXPECT_EQ("Mac OS Forge", subject.organization_unit_names[0]); |
| 402 EXPECT_EQ(0U, subject.domain_components.size()); | 399 EXPECT_EQ(0U, subject.domain_components.size()); |
| 403 | 400 |
| 404 const X509Certificate::Principal& issuer = webkit_cert->issuer(); | 401 const X509Certificate::Principal& issuer = webkit_cert->issuer(); |
| 405 EXPECT_EQ("Go Daddy Secure Certification Authority", issuer.common_name); | 402 EXPECT_EQ("Go Daddy Secure Certification Authority", issuer.common_name); |
| 406 EXPECT_EQ("Scottsdale", issuer.locality_name); | 403 EXPECT_EQ("Scottsdale", issuer.locality_name); |
| 407 EXPECT_EQ("Arizona", issuer.state_or_province_name); | 404 EXPECT_EQ("Arizona", issuer.state_or_province_name); |
| 408 EXPECT_EQ("US", issuer.country_name); | 405 EXPECT_EQ("US", issuer.country_name); |
| 409 EXPECT_EQ(0U, issuer.street_addresses.size()); | 406 EXPECT_EQ(0U, issuer.street_addresses.size()); |
| 410 EXPECT_EQ(1U, issuer.organization_names.size()); | 407 EXPECT_EQ(1U, issuer.organization_names.size()); |
| 411 EXPECT_EQ("GoDaddy.com, Inc.", issuer.organization_names[0]); | 408 EXPECT_EQ("GoDaddy.com, Inc.", issuer.organization_names[0]); |
| 412 EXPECT_EQ(1U, issuer.organization_unit_names.size()); | 409 EXPECT_EQ(1U, issuer.organization_unit_names.size()); |
| 413 EXPECT_EQ("http://certificates.godaddy.com/repository", | 410 EXPECT_EQ("http://certificates.godaddy.com/repository", |
| 414 issuer.organization_unit_names[0]); | 411 issuer.organization_unit_names[0]); |
| 415 EXPECT_EQ(0U, issuer.domain_components.size()); | 412 EXPECT_EQ(0U, issuer.domain_components.size()); |
| 416 | 413 |
| 417 // Use DoubleT because its epoch is the same on all platforms | 414 // Use DoubleT because its epoch is the same on all platforms |
| 418 const Time& valid_start = webkit_cert->valid_start(); | 415 const Time& valid_start = webkit_cert->valid_start(); |
| 419 EXPECT_EQ(1205883319, valid_start.ToDoubleT()); | 416 EXPECT_EQ(1205883319, valid_start.ToDoubleT()); |
| 420 | 417 |
| 421 const Time& valid_expiry = webkit_cert->valid_expiry(); | 418 const Time& valid_expiry = webkit_cert->valid_expiry(); |
| 422 EXPECT_EQ(1300491319, valid_expiry.ToDoubleT()); | 419 EXPECT_EQ(1300491319, valid_expiry.ToDoubleT()); |
| 423 | 420 |
| 424 const X509Certificate::Fingerprint& fingerprint = webkit_cert->fingerprint(); | 421 const X509Certificate::Fingerprint& fingerprint = webkit_cert->fingerprint(); |
| 425 for (size_t i = 0; i < 20; ++i) | 422 for (size_t i = 0; i < 20; ++i) |
| 426 EXPECT_EQ(webkit_fingerprint[i], fingerprint.data[i]); | 423 EXPECT_EQ(webkit_fingerprint[i], fingerprint.data[i]); |
| 427 | 424 |
| 428 std::vector<std::string> dns_names; | 425 std::vector<std::string> dns_names; |
| 429 webkit_cert->GetDNSNames(&dns_names); | 426 webkit_cert->GetDNSNames(&dns_names); |
| 430 EXPECT_EQ(2U, dns_names.size()); | 427 EXPECT_EQ(2U, dns_names.size()); |
| 431 EXPECT_EQ("*.webkit.org", dns_names[0]); | 428 EXPECT_EQ("*.webkit.org", dns_names[0]); |
| 432 EXPECT_EQ("webkit.org", dns_names[1]); | 429 EXPECT_EQ("webkit.org", dns_names[1]); |
| 433 | 430 |
| 434 #if ALLOW_EXTERNAL_ACCESS && defined(OS_WIN) | 431 #if ALLOW_EXTERNAL_ACCESS && defined(OS_WIN) |
| 435 EXPECT_EQ(false, webkit_cert->IsEV(net::CERT_STATUS_REV_CHECKING_ENABLED)); | 432 EXPECT_EQ(false, webkit_cert->IsEV(net::CERT_STATUS_REV_CHECKING_ENABLED)); |
| 436 #endif | 433 #endif |
| 437 } | 434 } |
| 438 | 435 |
| 439 TEST(X509CertificateTest, ThawteCertParsing) { | 436 TEST(X509CertificateTest, ThawteCertParsing) { |
| 440 scoped_refptr<X509Certificate> thawte_cert = X509Certificate::CreateFromBytes( | 437 scoped_refptr<X509Certificate> thawte_cert = X509Certificate::CreateFromBytes( |
| 441 reinterpret_cast<const char*>(thawte_der), sizeof(thawte_der)); | 438 reinterpret_cast<const char*>(thawte_der), sizeof(thawte_der)); |
| 442 | 439 |
| 443 ASSERT_NE(static_cast<X509Certificate *>(NULL), thawte_cert); | 440 ASSERT_NE(static_cast<X509Certificate*>(NULL), thawte_cert); |
| 444 | 441 |
| 445 const X509Certificate::Principal& subject = thawte_cert->subject(); | 442 const X509Certificate::Principal& subject = thawte_cert->subject(); |
| 446 EXPECT_EQ("www.thawte.com", subject.common_name); | 443 EXPECT_EQ("www.thawte.com", subject.common_name); |
| 447 EXPECT_EQ("Mountain View", subject.locality_name); | 444 EXPECT_EQ("Mountain View", subject.locality_name); |
| 448 EXPECT_EQ("California", subject.state_or_province_name); | 445 EXPECT_EQ("California", subject.state_or_province_name); |
| 449 EXPECT_EQ("US", subject.country_name); | 446 EXPECT_EQ("US", subject.country_name); |
| 450 EXPECT_EQ(0U, subject.street_addresses.size()); | 447 EXPECT_EQ(0U, subject.street_addresses.size()); |
| 451 EXPECT_EQ(1U, subject.organization_names.size()); | 448 EXPECT_EQ(1U, subject.organization_names.size()); |
| 452 EXPECT_EQ("Thawte Inc", subject.organization_names[0]); | 449 EXPECT_EQ("Thawte Inc", subject.organization_names[0]); |
| 453 EXPECT_EQ(0U, subject.organization_unit_names.size()); | 450 EXPECT_EQ(0U, subject.organization_unit_names.size()); |
| 454 EXPECT_EQ(0U, subject.domain_components.size()); | 451 EXPECT_EQ(0U, subject.domain_components.size()); |
| 455 | 452 |
| 456 const X509Certificate::Principal& issuer = thawte_cert->issuer(); | 453 const X509Certificate::Principal& issuer = thawte_cert->issuer(); |
| 457 EXPECT_EQ("thawte Extended Validation SSL CA", issuer.common_name); | 454 EXPECT_EQ("thawte Extended Validation SSL CA", issuer.common_name); |
| 458 EXPECT_EQ("", issuer.locality_name); | 455 EXPECT_EQ("", issuer.locality_name); |
| 459 EXPECT_EQ("", issuer.state_or_province_name); | 456 EXPECT_EQ("", issuer.state_or_province_name); |
| 460 EXPECT_EQ("US", issuer.country_name); | 457 EXPECT_EQ("US", issuer.country_name); |
| 461 EXPECT_EQ(0U, issuer.street_addresses.size()); | 458 EXPECT_EQ(0U, issuer.street_addresses.size()); |
| 462 EXPECT_EQ(1U, issuer.organization_names.size()); | 459 EXPECT_EQ(1U, issuer.organization_names.size()); |
| 463 EXPECT_EQ("thawte, Inc.", issuer.organization_names[0]); | 460 EXPECT_EQ("thawte, Inc.", issuer.organization_names[0]); |
| 464 EXPECT_EQ(1U, issuer.organization_unit_names.size()); | 461 EXPECT_EQ(1U, issuer.organization_unit_names.size()); |
| 465 EXPECT_EQ("Terms of use at https://www.thawte.com/cps (c)06", | 462 EXPECT_EQ("Terms of use at https://www.thawte.com/cps (c)06", |
| 466 issuer.organization_unit_names[0]); | 463 issuer.organization_unit_names[0]); |
| 467 EXPECT_EQ(0U, issuer.domain_components.size()); | 464 EXPECT_EQ(0U, issuer.domain_components.size()); |
| 468 | 465 |
| 469 // Use DoubleT because its epoch is the same on all platforms | 466 // Use DoubleT because its epoch is the same on all platforms |
| 470 const Time& valid_start = thawte_cert->valid_start(); | 467 const Time& valid_start = thawte_cert->valid_start(); |
| 471 EXPECT_EQ(1169078400, valid_start.ToDoubleT()); | 468 EXPECT_EQ(1169078400, valid_start.ToDoubleT()); |
| 472 | 469 |
| 473 const Time& valid_expiry = thawte_cert->valid_expiry(); | 470 const Time& valid_expiry = thawte_cert->valid_expiry(); |
| 474 EXPECT_EQ(1232236799, valid_expiry.ToDoubleT()); | 471 EXPECT_EQ(1232236799, valid_expiry.ToDoubleT()); |
| 475 | 472 |
| 476 const X509Certificate::Fingerprint& fingerprint = thawte_cert->fingerprint(); | 473 const X509Certificate::Fingerprint& fingerprint = thawte_cert->fingerprint(); |
| 477 for (size_t i = 0; i < 20; ++i) | 474 for (size_t i = 0; i < 20; ++i) |
| 478 EXPECT_EQ(thawte_fingerprint[i], fingerprint.data[i]); | 475 EXPECT_EQ(thawte_fingerprint[i], fingerprint.data[i]); |
| 479 | 476 |
| 480 std::vector<std::string> dns_names; | 477 std::vector<std::string> dns_names; |
| 481 thawte_cert->GetDNSNames(&dns_names); | 478 thawte_cert->GetDNSNames(&dns_names); |
| 482 EXPECT_EQ(1U, dns_names.size()); | 479 EXPECT_EQ(1U, dns_names.size()); |
| 483 EXPECT_EQ("www.thawte.com", dns_names[0]); | 480 EXPECT_EQ("www.thawte.com", dns_names[0]); |
| 484 | 481 |
| 485 #if ALLOW_EXTERNAL_ACCESS && defined(OS_WIN) | 482 #if ALLOW_EXTERNAL_ACCESS && defined(OS_WIN) |
| 486 // EV cert verification requires revocation checking. | 483 // EV cert verification requires revocation checking. |
| 487 EXPECT_EQ(true, thawte_cert->IsEV(net::CERT_STATUS_REV_CHECKING_ENABLED)); | 484 EXPECT_EQ(true, thawte_cert->IsEV(net::CERT_STATUS_REV_CHECKING_ENABLED)); |
| 488 // Consequently, if we don't have revocation checking enabled, we can't claim | 485 // Consequently, if we don't have revocation checking enabled, we can't claim |
| 489 // any cert is EV. | 486 // any cert is EV. |
| 490 EXPECT_EQ(false, thawte_cert->IsEV(0)); | 487 EXPECT_EQ(false, thawte_cert->IsEV(0)); |
| 491 #endif | 488 #endif |
| 492 } | 489 } |
| 490 |
| 491 // Tests X509Certificate::Cache via X509Certificate::CreateFromHandle. We |
| 492 // call X509Certificate::CreateFromHandle several times and observe whether |
| 493 // it returns a cached or new X509Certificate object. |
| 494 // |
| 495 // All the OS certificate handles in this test are actually from the same |
| 496 // source (the bytes of a lone certificate), but we pretend that some of them |
| 497 // come from the network. |
| 498 TEST(X509CertificateTest, Cache) { |
| 499 X509Certificate::OSCertHandle google_cert_handle; |
| 500 |
| 501 // Add a certificate from the source SOURCE_LONE_CERT_IMPORT to our |
| 502 // certificate cache. |
| 503 google_cert_handle = X509Certificate::CreateOSCertHandleFromBytes( |
| 504 reinterpret_cast<const char*>(google_der), sizeof(google_der)); |
| 505 scoped_refptr<X509Certificate> cert1 = X509Certificate::CreateFromHandle( |
| 506 google_cert_handle, X509Certificate::SOURCE_LONE_CERT_IMPORT); |
| 507 |
| 508 // Add a certificate from the same source (SOURCE_LONE_CERT_IMPORT). This |
| 509 // should return the cached certificate (cert1). |
| 510 google_cert_handle = X509Certificate::CreateOSCertHandleFromBytes( |
| 511 reinterpret_cast<const char*>(google_der), sizeof(google_der)); |
| 512 scoped_refptr<X509Certificate> cert2 = X509Certificate::CreateFromHandle( |
| 513 google_cert_handle, X509Certificate::SOURCE_LONE_CERT_IMPORT); |
| 514 |
| 515 EXPECT_EQ(cert1, cert2); |
| 516 |
| 517 // Add a certificate from the network. This should kick out the original |
| 518 // cached certificate (cert1) and return a new certificate. |
| 519 google_cert_handle = X509Certificate::CreateOSCertHandleFromBytes( |
| 520 reinterpret_cast<const char*>(google_der), sizeof(google_der)); |
| 521 scoped_refptr<X509Certificate> cert3 = X509Certificate::CreateFromHandle( |
| 522 google_cert_handle, X509Certificate::SOURCE_FROM_NETWORK); |
| 523 |
| 524 EXPECT_NE(cert1, cert3); |
| 525 |
| 526 // Add one certificate from each source. Both should return the new cached |
| 527 // certificate (cert3). |
| 528 google_cert_handle = X509Certificate::CreateOSCertHandleFromBytes( |
| 529 reinterpret_cast<const char*>(google_der), sizeof(google_der)); |
| 530 scoped_refptr<X509Certificate> cert4 = X509Certificate::CreateFromHandle( |
| 531 google_cert_handle, X509Certificate::SOURCE_FROM_NETWORK); |
| 532 |
| 533 EXPECT_EQ(cert3, cert4); |
| 534 |
| 535 google_cert_handle = X509Certificate::CreateOSCertHandleFromBytes( |
| 536 reinterpret_cast<const char*>(google_der), sizeof(google_der)); |
| 537 scoped_refptr<X509Certificate> cert5 = X509Certificate::CreateFromHandle( |
| 538 google_cert_handle, X509Certificate::SOURCE_FROM_NETWORK); |
| 539 |
| 540 EXPECT_EQ(cert3, cert5); |
| 541 } |
| 542 |
| 543 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 18836:
Work around our not caching the intermediate CA... (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/