OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/cert_verify_proc.h" | 5 #include "net/cert/cert_verify_proc.h" |
6 | 6 |
7 #include <vector> | 7 #include <vector> |
8 | 8 |
9 #include "base/callback_helpers.h" | 9 #include "base/callback_helpers.h" |
10 #include "base/files/file_path.h" | 10 #include "base/files/file_path.h" |
(...skipping 292 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
303 certs[0]->os_cert_handle(), intermediates); | 303 certs[0]->os_cert_handle(), intermediates); |
304 | 304 |
305 int flags = 0; | 305 int flags = 0; |
306 CertVerifyResult verify_result; | 306 CertVerifyResult verify_result; |
307 int error = Verify(cert.get(), "127.0.0.1", flags, NULL, empty_cert_list_, | 307 int error = Verify(cert.get(), "127.0.0.1", flags, NULL, empty_cert_list_, |
308 &verify_result); | 308 &verify_result); |
309 EXPECT_EQ(ERR_CERT_DATE_INVALID, error); | 309 EXPECT_EQ(ERR_CERT_DATE_INVALID, error); |
310 EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_DATE_INVALID); | 310 EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_DATE_INVALID); |
311 } | 311 } |
312 | 312 |
313 // Test that verifying an ECDSA certificate doesn't crash on XP. (See | |
314 // crbug.com/144466). | |
315 TEST_F(CertVerifyProcTest, ECDSA_RSA) { | |
316 base::FilePath certs_dir = GetTestCertsDirectory(); | |
317 | |
318 scoped_refptr<X509Certificate> cert = | |
319 ImportCertFromFile(certs_dir, | |
320 "prime256v1-ecdsa-ee-by-1024-rsa-intermediate.pem"); | |
321 | |
322 CertVerifyResult verify_result; | |
323 Verify(cert.get(), "127.0.0.1", 0, NULL, empty_cert_list_, &verify_result); | |
324 | |
325 // We don't check verify_result because the certificate is signed by an | |
326 // unknown CA and will be considered invalid on XP because of the ECDSA | |
327 // public key. | |
328 } | |
329 | |
330 // Currently, only RSA and DSA keys are checked for weakness, and our example | 313 // Currently, only RSA and DSA keys are checked for weakness, and our example |
331 // weak size is 768. These could change in the future. | 314 // weak size is 768. These could change in the future. |
332 // | 315 // |
333 // Note that this means there may be false negatives: keys for other | 316 // Note that this means there may be false negatives: keys for other |
334 // algorithms and which are weak will pass this test. | 317 // algorithms and which are weak will pass this test. |
335 static bool IsWeakKeyType(const std::string& key_type) { | 318 static bool IsWeakKeyType(const std::string& key_type) { |
336 size_t pos = key_type.find("-"); | 319 size_t pos = key_type.find("-"); |
337 std::string size = key_type.substr(0, pos); | 320 std::string size = key_type.substr(0, pos); |
338 std::string type = key_type.substr(pos + 1); | 321 std::string type = key_type.substr(pos + 1); |
339 | 322 |
(...skipping 1360 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1700 int flags = 0; | 1683 int flags = 0; |
1701 CertVerifyResult verify_result; | 1684 CertVerifyResult verify_result; |
1702 int error = Verify(cert.get(), "127.0.0.1", flags, NULL, empty_cert_list_, | 1685 int error = Verify(cert.get(), "127.0.0.1", flags, NULL, empty_cert_list_, |
1703 &verify_result); | 1686 &verify_result); |
1704 EXPECT_EQ(ERR_CERT_INVALID, error); | 1687 EXPECT_EQ(ERR_CERT_INVALID, error); |
1705 EXPECT_EQ(CERT_STATUS_INVALID, verify_result.cert_status); | 1688 EXPECT_EQ(CERT_STATUS_INVALID, verify_result.cert_status); |
1706 } | 1689 } |
1707 #endif // defined(OS_MACOSX) && !defined(OS_IOS) | 1690 #endif // defined(OS_MACOSX) && !defined(OS_IOS) |
1708 | 1691 |
1709 } // namespace net | 1692 } // namespace net |
OLD | NEW |