| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/internal/verify_certificate_chain.h" | 5 #include "net/cert/internal/verify_certificate_chain.h" |
| 6 | 6 |
| 7 #include "base/base_paths.h" | 7 #include "base/base_paths.h" |
| 8 #include "base/files/file_util.h" | 8 #include "base/files/file_util.h" |
| 9 #include "base/path_service.h" | 9 #include "base/path_service.h" |
| 10 #include "base/strings/string_split.h" | 10 #include "base/strings/string_split.h" |
| 11 #include "base/strings/string_util.h" | 11 #include "base/strings/string_util.h" |
| 12 #include "base/strings/stringprintf.h" | 12 #include "base/strings/stringprintf.h" |
| 13 #include "net/cert/internal/parse_certificate.h" | 13 #include "net/cert/internal/parsed_certificate.h" |
| 14 #include "net/cert/internal/signature_policy.h" | 14 #include "net/cert/internal/signature_policy.h" |
| 15 #include "net/cert/internal/test_helpers.h" | 15 #include "net/cert/internal/test_helpers.h" |
| 16 #include "net/cert/internal/trust_store.h" |
| 16 #include "net/cert/pem_tokenizer.h" | 17 #include "net/cert/pem_tokenizer.h" |
| 17 #include "net/der/input.h" | 18 #include "net/der/input.h" |
| 18 #include "testing/gtest/include/gtest/gtest.h" | 19 #include "testing/gtest/include/gtest/gtest.h" |
| 19 | 20 |
| 20 namespace net { | 21 namespace net { |
| 21 | 22 |
| 22 namespace { | 23 namespace { |
| 23 | 24 |
| 24 // Reads a data file from the unit-test data. | 25 // Reads a data file from the unit-test data. |
| 25 std::string ReadTestFileToString(const std::string& file_name) { | 26 std::string ReadTestFileToString(const std::string& file_name) { |
| (...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 68 bool has_result = false; | 69 bool has_result = false; |
| 69 | 70 |
| 70 PEMTokenizer pem_tokenizer(file_data, pem_headers); | 71 PEMTokenizer pem_tokenizer(file_data, pem_headers); |
| 71 while (pem_tokenizer.GetNext()) { | 72 while (pem_tokenizer.GetNext()) { |
| 72 const std::string& block_type = pem_tokenizer.block_type(); | 73 const std::string& block_type = pem_tokenizer.block_type(); |
| 73 const std::string& block_data = pem_tokenizer.data(); | 74 const std::string& block_data = pem_tokenizer.data(); |
| 74 | 75 |
| 75 if (block_type == kCertificateHeader) { | 76 if (block_type == kCertificateHeader) { |
| 76 chain->push_back(block_data); | 77 chain->push_back(block_data); |
| 77 } else if (block_type == kTrustedCertificateHeader) { | 78 } else if (block_type == kTrustedCertificateHeader) { |
| 78 ASSERT_TRUE(trust_store->AddTrustedCertificate(block_data)); | 79 scoped_refptr<ParsedCertificate> cert( |
| 80 ParsedCertificate::CreateFromCertificateCopy(block_data)); |
| 81 ASSERT_TRUE(cert); |
| 82 trust_store->AddTrustedCertificate(std::move(cert)); |
| 79 } else if (block_type == kTimeHeader) { | 83 } else if (block_type == kTimeHeader) { |
| 80 ASSERT_FALSE(has_time) << "Duplicate " << kTimeHeader; | 84 ASSERT_FALSE(has_time) << "Duplicate " << kTimeHeader; |
| 81 has_time = true; | 85 has_time = true; |
| 82 ASSERT_TRUE(der::ParseUTCTime(der::Input(&block_data), time)); | 86 ASSERT_TRUE(der::ParseUTCTime(der::Input(&block_data), time)); |
| 83 } else if (block_type == kResultHeader) { | 87 } else if (block_type == kResultHeader) { |
| 84 ASSERT_FALSE(has_result) << "Duplicate " << kResultHeader; | 88 ASSERT_FALSE(has_result) << "Duplicate " << kResultHeader; |
| 85 ASSERT_TRUE(block_data == "SUCCESS" || block_data == "FAIL") | 89 ASSERT_TRUE(block_data == "SUCCESS" || block_data == "FAIL") |
| 86 << "Unrecognized result: " << block_data; | 90 << "Unrecognized result: " << block_data; |
| 87 has_result = true; | 91 has_result = true; |
| 88 *verify_result = block_data == "SUCCESS"; | 92 *verify_result = block_data == "SUCCESS"; |
| 89 } | 93 } |
| 90 } | 94 } |
| 91 | 95 |
| 92 ASSERT_TRUE(has_time); | 96 ASSERT_TRUE(has_time); |
| 93 ASSERT_TRUE(has_result); | 97 ASSERT_TRUE(has_result); |
| 94 } | 98 } |
| 95 | 99 |
| 96 void RunTest(const char* file_name) { | 100 void RunTest(const char* file_name) { |
| 97 std::vector<std::string> chain; | 101 std::vector<std::string> chain; |
| 98 TrustStore trust_store; | 102 TrustStore trust_store; |
| 99 der::GeneralizedTime time; | 103 der::GeneralizedTime time; |
| 100 bool expected_result; | 104 bool expected_result; |
| 101 | 105 |
| 102 ReadTestFromFile(file_name, &chain, &trust_store, &time, &expected_result); | 106 ReadTestFromFile(file_name, &chain, &trust_store, &time, &expected_result); |
| 103 | 107 |
| 104 std::vector<der::Input> input_chain; | 108 std::vector<scoped_refptr<net::ParsedCertificate>> input_chain; |
| 105 for (const auto& cert_str : chain) | 109 for (const auto& cert_der : chain) { |
| 106 input_chain.push_back(der::Input(&cert_str)); | 110 ASSERT_TRUE(net::ParsedCertificate::CreateAndAddToVector( |
| 111 reinterpret_cast<const uint8_t*>(cert_der.data()), cert_der.size(), |
| 112 net::ParsedCertificate::DataSource::EXTERNAL_REFERENCE, &input_chain)); |
| 113 } |
| 107 | 114 |
| 108 SimpleSignaturePolicy signature_policy(1024); | 115 SimpleSignaturePolicy signature_policy(1024); |
| 109 | 116 |
| 110 bool result = | 117 bool result = |
| 111 VerifyCertificateChain(input_chain, trust_store, &signature_policy, time); | 118 VerifyCertificateChain(input_chain, trust_store, &signature_policy, time); |
| 112 | 119 |
| 113 ASSERT_EQ(expected_result, result); | 120 ASSERT_EQ(expected_result, result); |
| 114 } | 121 } |
| 115 | 122 |
| 116 TEST(VerifyCertificateChainTest, TargetAndIntermediary) { | 123 TEST(VerifyCertificateChainTest, TargetAndIntermediary) { |
| (...skipping 101 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 218 } | 225 } |
| 219 | 226 |
| 220 TEST(VerifyCertificateChainTest, NonSelfSignedRoot) { | 227 TEST(VerifyCertificateChainTest, NonSelfSignedRoot) { |
| 221 RunTest("non-self-signed-root.pem"); | 228 RunTest("non-self-signed-root.pem"); |
| 222 } | 229 } |
| 223 | 230 |
| 224 // Tests that verifying a chain with no certificates fails. | 231 // Tests that verifying a chain with no certificates fails. |
| 225 TEST(VerifyCertificateChainTest, EmptyChainIsInvalid) { | 232 TEST(VerifyCertificateChainTest, EmptyChainIsInvalid) { |
| 226 TrustStore trust_store; | 233 TrustStore trust_store; |
| 227 der::GeneralizedTime time; | 234 der::GeneralizedTime time; |
| 228 std::vector<der::Input> chain; | 235 std::vector<scoped_refptr<ParsedCertificate>> chain; |
| 229 SimpleSignaturePolicy signature_policy(2048); | 236 SimpleSignaturePolicy signature_policy(2048); |
| 230 | 237 |
| 231 ASSERT_FALSE( | 238 ASSERT_FALSE( |
| 232 VerifyCertificateChain(chain, trust_store, &signature_policy, time)); | 239 VerifyCertificateChain(chain, trust_store, &signature_policy, time)); |
| 233 } | 240 } |
| 234 | 241 |
| 235 // TODO(eroman): Add test that invalidate validity dates where the day or month | 242 // TODO(eroman): Add test that invalidate validity dates where the day or month |
| 236 // ordinal not in range, like "March 39, 2016" are rejected. | 243 // ordinal not in range, like "March 39, 2016" are rejected. |
| 237 | 244 |
| 238 } // namespace | 245 } // namespace |
| 239 | 246 |
| 240 } // namespace net | 247 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1976433002:
Add new ParsedCertificate class, move TrustStore to own file. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@cert-parsing-remove-old-parsedcertificate