| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/internal/verify_certificate_chain.h" | 5 #include "net/cert/internal/verify_certificate_chain.h" |
| 6 | 6 |
| 7 #include "base/base_paths.h" | 7 #include "base/base_paths.h" |
| 8 #include "base/files/file_util.h" | 8 #include "base/files/file_util.h" |
| 9 #include "base/path_service.h" | 9 #include "base/path_service.h" |
| 10 #include "base/strings/string_split.h" | 10 #include "base/strings/string_split.h" |
| (...skipping 25 matching lines...) Expand all Loading... |
| 36 // Read the full contents of the file. | 36 // Read the full contents of the file. |
| 37 std::string file_data; | 37 std::string file_data; |
| 38 if (!base::ReadFileToString(filepath, &file_data)) { | 38 if (!base::ReadFileToString(filepath, &file_data)) { |
| 39 ADD_FAILURE() << "Couldn't read file: " << filepath.value(); | 39 ADD_FAILURE() << "Couldn't read file: " << filepath.value(); |
| 40 return std::string(); | 40 return std::string(); |
| 41 } | 41 } |
| 42 | 42 |
| 43 return file_data; | 43 return file_data; |
| 44 } | 44 } |
| 45 | 45 |
| 46 // Adds the certificate |cert_der| as a trust anchor to |trust_store|. | |
| 47 void AddCertificateToTrustStore(const std::string& cert_der, | |
| 48 TrustStore* trust_store) { | |
| 49 ParsedCertificate cert; | |
| 50 ASSERT_TRUE(ParseCertificate(der::Input(&cert_der), &cert)); | |
| 51 | |
| 52 ParsedTbsCertificate tbs; | |
| 53 ASSERT_TRUE(ParseTbsCertificate(cert.tbs_certificate_tlv, &tbs)); | |
| 54 TrustAnchor anchor = {tbs.spki_tlv.AsString(), tbs.subject_tlv.AsString()}; | |
| 55 trust_store->anchors.push_back(anchor); | |
| 56 } | |
| 57 | |
| 58 // Reads a test case from |file_name|. Test cases are comprised of a | 46 // Reads a test case from |file_name|. Test cases are comprised of a |
| 59 // certificate chain, trust store, a timestamp to validate at, and the | 47 // certificate chain, trust store, a timestamp to validate at, and the |
| 60 // expected result of verification. | 48 // expected result of verification. |
| 61 void ReadTestFromFile(const std::string& file_name, | 49 void ReadTestFromFile(const std::string& file_name, |
| 62 std::vector<std::string>* chain, | 50 std::vector<std::string>* chain, |
| 63 TrustStore* trust_store, | 51 TrustStore* trust_store, |
| 64 der::GeneralizedTime* time, | 52 der::GeneralizedTime* time, |
| 65 bool* verify_result) { | 53 bool* verify_result) { |
| 66 chain->clear(); | 54 chain->clear(); |
| 67 *trust_store = TrustStore(); | 55 *trust_store = TrustStore(); |
| (...skipping 16 matching lines...) Expand all Loading... |
| 84 bool has_result = false; | 72 bool has_result = false; |
| 85 | 73 |
| 86 PEMTokenizer pem_tokenizer(file_data, pem_headers); | 74 PEMTokenizer pem_tokenizer(file_data, pem_headers); |
| 87 while (pem_tokenizer.GetNext()) { | 75 while (pem_tokenizer.GetNext()) { |
| 88 const std::string& block_type = pem_tokenizer.block_type(); | 76 const std::string& block_type = pem_tokenizer.block_type(); |
| 89 const std::string& block_data = pem_tokenizer.data(); | 77 const std::string& block_data = pem_tokenizer.data(); |
| 90 | 78 |
| 91 if (block_type == kCertificateHeader) { | 79 if (block_type == kCertificateHeader) { |
| 92 chain->push_back(block_data); | 80 chain->push_back(block_data); |
| 93 } else if (block_type == kTrustedCertificateHeader) { | 81 } else if (block_type == kTrustedCertificateHeader) { |
| 94 AddCertificateToTrustStore(block_data, trust_store); | 82 ASSERT_TRUE(trust_store->AddTrustedCertificate(block_data)); |
| 95 } else if (block_type == kTimeHeader) { | 83 } else if (block_type == kTimeHeader) { |
| 96 ASSERT_FALSE(has_time) << "Duplicate " << kTimeHeader; | 84 ASSERT_FALSE(has_time) << "Duplicate " << kTimeHeader; |
| 97 has_time = true; | 85 has_time = true; |
| 98 ASSERT_TRUE(der::ParseUTCTime(der::Input(&block_data), time)); | 86 ASSERT_TRUE(der::ParseUTCTime(der::Input(&block_data), time)); |
| 99 } else if (block_type == kResultHeader) { | 87 } else if (block_type == kResultHeader) { |
| 100 ASSERT_FALSE(has_result) << "Duplicate " << kResultHeader; | 88 ASSERT_FALSE(has_result) << "Duplicate " << kResultHeader; |
| 101 ASSERT_TRUE(block_data == "SUCCESS" || block_data == "FAIL") | 89 ASSERT_TRUE(block_data == "SUCCESS" || block_data == "FAIL") |
| 102 << "Unrecognized result: " << block_data; | 90 << "Unrecognized result: " << block_data; |
| 103 has_result = true; | 91 has_result = true; |
| 104 *verify_result = block_data == "SUCCESS"; | 92 *verify_result = block_data == "SUCCESS"; |
| (...skipping 132 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 237 } | 225 } |
| 238 | 226 |
| 239 // TODO(eroman): Add test that invalidate validity dates where the day or month | 227 // TODO(eroman): Add test that invalidate validity dates where the day or month |
| 240 // ordinal not in range, like "March 39, 2016" are rejected. | 228 // ordinal not in range, like "March 39, 2016" are rejected. |
| 241 | 229 |
| 242 } // namespace | 230 } // namespace |
| 243 | 231 |
| 244 } // namespace net | 232 } // namespace net |
| 245 | 233 |
| 246 #endif | 234 #endif |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1890193003:
Make Cast certificate verification enforce constraints specified in the trusted root certificate. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master