OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/cert_verify_proc.h" | 5 #include "net/cert/cert_verify_proc.h" |
6 | 6 |
7 #include <vector> | 7 #include <vector> |
8 | 8 |
9 #include "base/callback_helpers.h" | 9 #include "base/callback_helpers.h" |
10 #include "base/files/file_path.h" | 10 #include "base/files/file_path.h" |
(...skipping 21 matching lines...) Expand all Loading... |
32 #if defined(OS_ANDROID) | 32 #if defined(OS_ANDROID) |
33 #include "base/android/build_info.h" | 33 #include "base/android/build_info.h" |
34 #endif | 34 #endif |
35 | 35 |
36 using base::HexEncode; | 36 using base::HexEncode; |
37 | 37 |
38 namespace net { | 38 namespace net { |
39 | 39 |
40 namespace { | 40 namespace { |
41 | 41 |
42 // A certificate for www.paypal.com with a NULL byte in the common name. | |
43 // From http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70363 | |
44 unsigned char paypal_null_fingerprint[] = { | |
45 0x4c, 0x88, 0x9e, 0x28, 0xd7, 0x7a, 0x44, 0x1e, 0x13, 0xf2, 0x6a, 0xba, | |
46 0x1f, 0xe8, 0x1b, 0xd6, 0xab, 0x7b, 0xe8, 0xd7 | |
47 }; | |
48 | |
49 // Mock CertVerifyProc that sets the CertVerifyResult to a given value for | 42 // Mock CertVerifyProc that sets the CertVerifyResult to a given value for |
50 // all certificates that are Verify()'d | 43 // all certificates that are Verify()'d |
51 class MockCertVerifyProc : public CertVerifyProc { | 44 class MockCertVerifyProc : public CertVerifyProc { |
52 public: | 45 public: |
53 explicit MockCertVerifyProc(const CertVerifyResult& result) | 46 explicit MockCertVerifyProc(const CertVerifyResult& result) |
54 : result_(result) {} | 47 : result_(result) {} |
55 // CertVerifyProc implementation: | 48 // CertVerifyProc implementation: |
56 bool SupportsAdditionalTrustAnchors() const override { return false; } | 49 bool SupportsAdditionalTrustAnchors() const override { return false; } |
57 bool SupportsOCSPStapling() const override { return false; } | 50 bool SupportsOCSPStapling() const override { return false; } |
58 | 51 |
(...skipping 141 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
200 &verify_result); | 193 &verify_result); |
201 EXPECT_EQ(OK, error); | 194 EXPECT_EQ(OK, error); |
202 EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_IS_EV); | 195 EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_IS_EV); |
203 } | 196 } |
204 | 197 |
205 // TODO(crbug.com/605457): the test expectation was incorrect on some | 198 // TODO(crbug.com/605457): the test expectation was incorrect on some |
206 // configurations, so disable the test until it is fixed (better to have | 199 // configurations, so disable the test until it is fixed (better to have |
207 // a bug to track a failing test than a false sense of security due to | 200 // a bug to track a failing test than a false sense of security due to |
208 // false positive). | 201 // false positive). |
209 TEST_F(CertVerifyProcTest, DISABLED_PaypalNullCertParsing) { | 202 TEST_F(CertVerifyProcTest, DISABLED_PaypalNullCertParsing) { |
| 203 // A certificate for www.paypal.com with a NULL byte in the common name. |
| 204 // From http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70363 |
| 205 SHA256HashValue paypal_null_fingerprint = {{0x00}}; |
| 206 |
210 scoped_refptr<X509Certificate> paypal_null_cert( | 207 scoped_refptr<X509Certificate> paypal_null_cert( |
211 X509Certificate::CreateFromBytes( | 208 X509Certificate::CreateFromBytes( |
212 reinterpret_cast<const char*>(paypal_null_der), | 209 reinterpret_cast<const char*>(paypal_null_der), |
213 sizeof(paypal_null_der))); | 210 sizeof(paypal_null_der))); |
214 | 211 |
215 ASSERT_NE(static_cast<X509Certificate*>(NULL), paypal_null_cert.get()); | 212 ASSERT_NE(static_cast<X509Certificate*>(NULL), paypal_null_cert.get()); |
216 | 213 |
217 const SHA1HashValue& fingerprint = | 214 EXPECT_EQ(paypal_null_fingerprint, X509Certificate::CalculateFingerprint256( |
218 paypal_null_cert->fingerprint(); | 215 paypal_null_cert->os_cert_handle())); |
219 for (size_t i = 0; i < 20; ++i) | |
220 EXPECT_EQ(paypal_null_fingerprint[i], fingerprint.data[i]); | |
221 | 216 |
222 int flags = 0; | 217 int flags = 0; |
223 CertVerifyResult verify_result; | 218 CertVerifyResult verify_result; |
224 int error = Verify(paypal_null_cert.get(), | 219 int error = Verify(paypal_null_cert.get(), |
225 "www.paypal.com", | 220 "www.paypal.com", |
226 flags, | 221 flags, |
227 NULL, | 222 NULL, |
228 empty_cert_list_, | 223 empty_cert_list_, |
229 &verify_result); | 224 &verify_result); |
230 #if defined(USE_NSS_CERTS) || defined(OS_ANDROID) | 225 #if defined(USE_NSS_CERTS) || defined(OS_ANDROID) |
(...skipping 1452 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1683 int flags = 0; | 1678 int flags = 0; |
1684 CertVerifyResult verify_result; | 1679 CertVerifyResult verify_result; |
1685 int error = Verify(cert.get(), "127.0.0.1", flags, NULL, empty_cert_list_, | 1680 int error = Verify(cert.get(), "127.0.0.1", flags, NULL, empty_cert_list_, |
1686 &verify_result); | 1681 &verify_result); |
1687 EXPECT_EQ(ERR_CERT_INVALID, error); | 1682 EXPECT_EQ(ERR_CERT_INVALID, error); |
1688 EXPECT_EQ(CERT_STATUS_INVALID, verify_result.cert_status); | 1683 EXPECT_EQ(CERT_STATUS_INVALID, verify_result.cert_status); |
1689 } | 1684 } |
1690 #endif // defined(OS_MACOSX) && !defined(OS_IOS) | 1685 #endif // defined(OS_MACOSX) && !defined(OS_IOS) |
1691 | 1686 |
1692 } // namespace net | 1687 } // namespace net |
OLD | NEW |