OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/cert_verify_proc.h" | 5 #include "net/cert/cert_verify_proc.h" |
6 | 6 |
7 #include <vector> | 7 #include <vector> |
8 | 8 |
9 #include "base/callback_helpers.h" | 9 #include "base/callback_helpers.h" |
10 #include "base/files/file_path.h" | 10 #include "base/files/file_path.h" |
(...skipping 23 matching lines...) Expand all Loading... | |
34 #elif defined(OS_ANDROID) | 34 #elif defined(OS_ANDROID) |
35 #include "base/android/build_info.h" | 35 #include "base/android/build_info.h" |
36 #endif | 36 #endif |
37 | 37 |
38 using base::HexEncode; | 38 using base::HexEncode; |
39 | 39 |
40 namespace net { | 40 namespace net { |
41 | 41 |
42 namespace { | 42 namespace { |
43 | 43 |
44 // A certificate for www.paypal.com with a NULL byte in the common name. | |
45 // From http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70363 | |
46 unsigned char paypal_null_fingerprint[] = { | |
47 0x4c, 0x88, 0x9e, 0x28, 0xd7, 0x7a, 0x44, 0x1e, 0x13, 0xf2, 0x6a, 0xba, | |
48 0x1f, 0xe8, 0x1b, 0xd6, 0xab, 0x7b, 0xe8, 0xd7 | |
49 }; | |
50 | |
51 // Mock CertVerifyProc that sets the CertVerifyResult to a given value for | 44 // Mock CertVerifyProc that sets the CertVerifyResult to a given value for |
52 // all certificates that are Verify()'d | 45 // all certificates that are Verify()'d |
53 class MockCertVerifyProc : public CertVerifyProc { | 46 class MockCertVerifyProc : public CertVerifyProc { |
54 public: | 47 public: |
55 explicit MockCertVerifyProc(const CertVerifyResult& result) | 48 explicit MockCertVerifyProc(const CertVerifyResult& result) |
56 : result_(result) {} | 49 : result_(result) {} |
57 // CertVerifyProc implementation: | 50 // CertVerifyProc implementation: |
58 bool SupportsAdditionalTrustAnchors() const override { return false; } | 51 bool SupportsAdditionalTrustAnchors() const override { return false; } |
59 bool SupportsOCSPStapling() const override { return false; } | 52 bool SupportsOCSPStapling() const override { return false; } |
60 | 53 |
(...skipping 141 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
202 &verify_result); | 195 &verify_result); |
203 EXPECT_EQ(OK, error); | 196 EXPECT_EQ(OK, error); |
204 EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_IS_EV); | 197 EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_IS_EV); |
205 } | 198 } |
206 | 199 |
207 // TODO(crbug.com/605457): the test expectation was incorrect on some | 200 // TODO(crbug.com/605457): the test expectation was incorrect on some |
208 // configurations, so disable the test until it is fixed (better to have | 201 // configurations, so disable the test until it is fixed (better to have |
209 // a bug to track a failing test than a false sense of security due to | 202 // a bug to track a failing test than a false sense of security due to |
210 // false positive). | 203 // false positive). |
211 TEST_F(CertVerifyProcTest, DISABLED_PaypalNullCertParsing) { | 204 TEST_F(CertVerifyProcTest, DISABLED_PaypalNullCertParsing) { |
205 // A certificate for www.paypal.com with a NULL byte in the common name. | |
206 // From http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70363 | |
207 SHA256HashValue paypal_null_fingerprint = {{0x00}}; | |
Ryan Sleevi
2016/05/20 06:02:31
See the TODO / crbug/605457 ; this test is already
| |
208 | |
212 scoped_refptr<X509Certificate> paypal_null_cert( | 209 scoped_refptr<X509Certificate> paypal_null_cert( |
213 X509Certificate::CreateFromBytes( | 210 X509Certificate::CreateFromBytes( |
214 reinterpret_cast<const char*>(paypal_null_der), | 211 reinterpret_cast<const char*>(paypal_null_der), |
215 sizeof(paypal_null_der))); | 212 sizeof(paypal_null_der))); |
216 | 213 |
217 ASSERT_NE(static_cast<X509Certificate*>(NULL), paypal_null_cert.get()); | 214 ASSERT_NE(static_cast<X509Certificate*>(NULL), paypal_null_cert.get()); |
218 | 215 |
219 const SHA1HashValue& fingerprint = | 216 EXPECT_EQ(paypal_null_fingerprint, X509Certificate::CalculateFingerprint256( |
220 paypal_null_cert->fingerprint(); | 217 paypal_null_cert->os_cert_handle())); |
221 for (size_t i = 0; i < 20; ++i) | |
222 EXPECT_EQ(paypal_null_fingerprint[i], fingerprint.data[i]); | |
223 | 218 |
224 int flags = 0; | 219 int flags = 0; |
225 CertVerifyResult verify_result; | 220 CertVerifyResult verify_result; |
226 int error = Verify(paypal_null_cert.get(), | 221 int error = Verify(paypal_null_cert.get(), |
227 "www.paypal.com", | 222 "www.paypal.com", |
228 flags, | 223 flags, |
229 NULL, | 224 NULL, |
230 empty_cert_list_, | 225 empty_cert_list_, |
231 &verify_result); | 226 &verify_result); |
232 #if defined(USE_NSS_CERTS) || defined(OS_ANDROID) | 227 #if defined(USE_NSS_CERTS) || defined(OS_ANDROID) |
(...skipping 1476 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1709 int flags = 0; | 1704 int flags = 0; |
1710 CertVerifyResult verify_result; | 1705 CertVerifyResult verify_result; |
1711 int error = Verify(cert.get(), "127.0.0.1", flags, NULL, empty_cert_list_, | 1706 int error = Verify(cert.get(), "127.0.0.1", flags, NULL, empty_cert_list_, |
1712 &verify_result); | 1707 &verify_result); |
1713 EXPECT_EQ(ERR_CERT_INVALID, error); | 1708 EXPECT_EQ(ERR_CERT_INVALID, error); |
1714 EXPECT_EQ(CERT_STATUS_INVALID, verify_result.cert_status); | 1709 EXPECT_EQ(CERT_STATUS_INVALID, verify_result.cert_status); |
1715 } | 1710 } |
1716 #endif // defined(OS_MACOSX) && !defined(OS_IOS) | 1711 #endif // defined(OS_MACOSX) && !defined(OS_IOS) |
1717 | 1712 |
1718 } // namespace net | 1713 } // namespace net |
OLD | NEW |