OLD | NEW |
1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/internal/verify_certificate_chain.h" | 5 #include "net/cert/internal/verify_certificate_chain.h" |
6 | 6 |
7 #include "net/cert/internal/parsed_certificate.h" | 7 #include "net/cert/internal/parsed_certificate.h" |
8 #include "net/cert/internal/signature_policy.h" | 8 #include "net/cert/internal/signature_policy.h" |
9 #include "net/cert/internal/trust_store.h" | 9 #include "net/cert/internal/trust_store.h" |
10 #include "net/der/input.h" | 10 #include "net/der/input.h" |
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
45 namespace { | 45 namespace { |
46 | 46 |
47 class VerifyCertificateChainPkitsTestDelegate { | 47 class VerifyCertificateChainPkitsTestDelegate { |
48 public: | 48 public: |
49 static bool Verify(std::vector<std::string> cert_ders, | 49 static bool Verify(std::vector<std::string> cert_ders, |
50 std::vector<std::string> crl_ders) { | 50 std::vector<std::string> crl_ders) { |
51 if (cert_ders.empty()) { | 51 if (cert_ders.empty()) { |
52 ADD_FAILURE() << "cert_ders is empty"; | 52 ADD_FAILURE() << "cert_ders is empty"; |
53 return false; | 53 return false; |
54 } | 54 } |
55 // First entry in the PKITS chain is the trust anchor. | |
56 TrustStore trust_store; | |
57 scoped_refptr<ParsedCertificate> anchor( | |
58 ParsedCertificate::CreateFromCertificateCopy(cert_ders[0], {})); | |
59 EXPECT_TRUE(anchor); | |
60 if (anchor) | |
61 trust_store.AddTrustedCertificate(std::move(anchor)); | |
62 | 55 |
63 // PKITS lists chains from trust anchor to target, VerifyCertificateChain | 56 // PKITS lists chains from trust anchor to target, VerifyCertificateChain |
64 // takes them starting with the target and not including the trust anchor. | 57 // takes them starting with the target and not including the trust anchor. |
65 std::vector<scoped_refptr<net::ParsedCertificate>> input_chain; | 58 std::vector<scoped_refptr<net::ParsedCertificate>> input_chain; |
66 for (size_t i = cert_ders.size() - 1; i > 0; --i) { | 59 for (auto i = cert_ders.rbegin(); i != cert_ders.rend(); ++i) { |
67 if (!net::ParsedCertificate::CreateAndAddToVector( | 60 if (!net::ParsedCertificate::CreateAndAddToVector( |
68 reinterpret_cast<const uint8_t*>(cert_ders[i].data()), | 61 reinterpret_cast<const uint8_t*>(i->data()), i->size(), |
69 cert_ders[i].size(), | |
70 net::ParsedCertificate::DataSource::EXTERNAL_REFERENCE, {}, | 62 net::ParsedCertificate::DataSource::EXTERNAL_REFERENCE, {}, |
71 &input_chain)) { | 63 &input_chain)) { |
72 ADD_FAILURE() << "cert " << i << " failed to parse"; | 64 ADD_FAILURE() << "cert failed to parse"; |
73 return false; | 65 return false; |
74 } | 66 } |
75 } | 67 } |
76 | 68 |
| 69 TrustStore trust_store; |
| 70 trust_store.AddTrustedCertificate(input_chain.back()); |
| 71 |
77 SimpleSignaturePolicy signature_policy(1024); | 72 SimpleSignaturePolicy signature_policy(1024); |
78 | 73 |
79 // Run all tests at the time the PKITS was published. | 74 // Run all tests at the time the PKITS was published. |
80 der::GeneralizedTime time = {2011, 4, 15, 0, 0, 0}; | 75 der::GeneralizedTime time = {2011, 4, 15, 0, 0, 0}; |
81 | 76 |
82 return VerifyCertificateChain(input_chain, trust_store, &signature_policy, | 77 return VerifyCertificateChainAssumingTrustedRoot(input_chain, trust_store, |
83 time, nullptr); | 78 &signature_policy, time); |
84 } | 79 } |
85 }; | 80 }; |
86 | 81 |
87 } // namespace | 82 } // namespace |
88 | 83 |
89 class PkitsTest01SignatureVerificationCustom | 84 class PkitsTest01SignatureVerificationCustom |
90 : public PkitsTest<VerifyCertificateChainPkitsTestDelegate> {}; | 85 : public PkitsTest<VerifyCertificateChainPkitsTestDelegate> {}; |
91 | 86 |
92 // Modified version of 4.1.4 Valid DSA Signatures Test4 | 87 // Modified version of 4.1.4 Valid DSA Signatures Test4 |
93 TEST_F(PkitsTest01SignatureVerificationCustom, | 88 TEST_F(PkitsTest01SignatureVerificationCustom, |
(...skipping 115 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
209 | 204 |
210 // TODO(mattm): CRL support: PkitsTest04BasicCertificateRevocationTests, | 205 // TODO(mattm): CRL support: PkitsTest04BasicCertificateRevocationTests, |
211 // PkitsTest05VerifyingPathswithSelfIssuedCertificates, | 206 // PkitsTest05VerifyingPathswithSelfIssuedCertificates, |
212 // PkitsTest14DistributionPoints, PkitsTest15DeltaCRLs | 207 // PkitsTest14DistributionPoints, PkitsTest15DeltaCRLs |
213 | 208 |
214 // TODO(mattm): Certificate Policies support: PkitsTest08CertificatePolicies, | 209 // TODO(mattm): Certificate Policies support: PkitsTest08CertificatePolicies, |
215 // PkitsTest09RequireExplicitPolicy PkitsTest10PolicyMappings, | 210 // PkitsTest09RequireExplicitPolicy PkitsTest10PolicyMappings, |
216 // PkitsTest11InhibitPolicyMapping, PkitsTest12InhibitAnyPolicy | 211 // PkitsTest11InhibitPolicyMapping, PkitsTest12InhibitAnyPolicy |
217 | 212 |
218 } // namespace net | 213 } // namespace net |
OLD | NEW |