| OLD | NEW |
|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/internal/verify_certificate_chain.h" | 5 #include "net/cert/internal/verify_certificate_chain.h" |
| 6 | 6 |
| 7 #include "net/cert/internal/parse_certificate.h" | 7 #include "net/cert/internal/parsed_certificate.h" |
| 8 #include "net/cert/internal/signature_policy.h" | 8 #include "net/cert/internal/signature_policy.h" |
| 9 #include "net/cert/internal/trust_store.h" |
| 9 #include "net/der/input.h" | 10 #include "net/der/input.h" |
| 10 | 11 |
| 11 // Disable tests that require DSA signatures (DSA signatures are intentionally | 12 // Disable tests that require DSA signatures (DSA signatures are intentionally |
| 12 // unsupported). Custom versions of the DSA tests are defined below which expect | 13 // unsupported). Custom versions of the DSA tests are defined below which expect |
| 13 // verification to fail. | 14 // verification to fail. |
| 14 #define Section1ValidDSASignaturesTest4 DISABLED_Section1ValidDSASignaturesTest4 | 15 #define Section1ValidDSASignaturesTest4 DISABLED_Section1ValidDSASignaturesTest4 |
| 15 #define Section1ValidDSAParameterInheritanceTest5 \ | 16 #define Section1ValidDSAParameterInheritanceTest5 \ |
| 16 DISABLED_Section1ValidDSAParameterInheritanceTest5 | 17 DISABLED_Section1ValidDSAParameterInheritanceTest5 |
| 17 | 18 |
| 18 // Disable tests that require name constraints with name types that are | 19 // Disable tests that require name constraints with name types that are |
| (...skipping 27 matching lines...) Expand all Loading... |
| 46 class VerifyCertificateChainPkitsTestDelegate { | 47 class VerifyCertificateChainPkitsTestDelegate { |
| 47 public: | 48 public: |
| 48 static bool Verify(std::vector<std::string> cert_ders, | 49 static bool Verify(std::vector<std::string> cert_ders, |
| 49 std::vector<std::string> crl_ders) { | 50 std::vector<std::string> crl_ders) { |
| 50 if (cert_ders.empty()) { | 51 if (cert_ders.empty()) { |
| 51 ADD_FAILURE() << "cert_ders is empty"; | 52 ADD_FAILURE() << "cert_ders is empty"; |
| 52 return false; | 53 return false; |
| 53 } | 54 } |
| 54 // First entry in the PKITS chain is the trust anchor. | 55 // First entry in the PKITS chain is the trust anchor. |
| 55 TrustStore trust_store; | 56 TrustStore trust_store; |
| 56 EXPECT_TRUE(trust_store.AddTrustedCertificate(cert_ders[0])); | 57 scoped_refptr<ParsedCertificate> anchor( |
| 58 ParsedCertificate::CreateFromCertificateCopy(cert_ders[0])); |
| 59 EXPECT_TRUE(anchor); |
| 60 if (anchor) |
| 61 trust_store.AddTrustedCertificate(std::move(anchor)); |
| 57 | 62 |
| 58 // PKITS lists chains from trust anchor to target, VerifyCertificateChain | 63 // PKITS lists chains from trust anchor to target, VerifyCertificateChain |
| 59 // takes them starting with the target and not including the trust anchor. | 64 // takes them starting with the target and not including the trust anchor. |
| 60 std::vector<der::Input> input_chain; | 65 std::vector<scoped_refptr<net::ParsedCertificate>> input_chain; |
| 61 for (size_t i = cert_ders.size() - 1; i > 0; --i) | 66 for (size_t i = cert_ders.size() - 1; i > 0; --i) { |
| 62 input_chain.push_back(der::Input(&cert_ders[i])); | 67 if (!net::ParsedCertificate::CreateAndAddToVector( |
| 68 reinterpret_cast<const uint8_t*>(cert_ders[i].data()), |
| 69 cert_ders[i].size(), |
| 70 net::ParsedCertificate::DataSource::EXTERNAL_REFERENCE, |
| 71 &input_chain)) { |
| 72 ADD_FAILURE() << "cert " << i << " failed to parse"; |
| 73 return false; |
| 74 } |
| 75 } |
| 63 | 76 |
| 64 SimpleSignaturePolicy signature_policy(1024); | 77 SimpleSignaturePolicy signature_policy(1024); |
| 65 | 78 |
| 66 // Run all tests at the time the PKITS was published. | 79 // Run all tests at the time the PKITS was published. |
| 67 der::GeneralizedTime time = {2011, 4, 15, 0, 0, 0}; | 80 der::GeneralizedTime time = {2011, 4, 15, 0, 0, 0}; |
| 68 | 81 |
| 69 return VerifyCertificateChain(input_chain, trust_store, &signature_policy, | 82 return VerifyCertificateChain(input_chain, trust_store, &signature_policy, |
| 70 time); | 83 time); |
| 71 } | 84 } |
| 72 }; | 85 }; |
| (...skipping 123 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 196 | 209 |
| 197 // TODO(mattm): CRL support: PkitsTest04BasicCertificateRevocationTests, | 210 // TODO(mattm): CRL support: PkitsTest04BasicCertificateRevocationTests, |
| 198 // PkitsTest05VerifyingPathswithSelfIssuedCertificates, | 211 // PkitsTest05VerifyingPathswithSelfIssuedCertificates, |
| 199 // PkitsTest14DistributionPoints, PkitsTest15DeltaCRLs | 212 // PkitsTest14DistributionPoints, PkitsTest15DeltaCRLs |
| 200 | 213 |
| 201 // TODO(mattm): Certificate Policies support: PkitsTest08CertificatePolicies, | 214 // TODO(mattm): Certificate Policies support: PkitsTest08CertificatePolicies, |
| 202 // PkitsTest09RequireExplicitPolicy PkitsTest10PolicyMappings, | 215 // PkitsTest09RequireExplicitPolicy PkitsTest10PolicyMappings, |
| 203 // PkitsTest11InhibitPolicyMapping, PkitsTest12InhibitAnyPolicy | 216 // PkitsTest11InhibitPolicyMapping, PkitsTest12InhibitAnyPolicy |
| 204 | 217 |
| 205 } // namespace net | 218 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1976433002:
Add new ParsedCertificate class, move TrustStore to own file. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@cert-parsing-remove-old-parsedcertificate