Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(52)

Side by Side Diff: net/cert/cert_verify_proc_unittest.cc

Issue 206453002: Introduce USE_OPENSSL_CERTS for certificate handling. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Changed meaning of USE_OPENSSL_CERTS Created 6 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/cert_verify_proc.h" 5 #include "net/cert/cert_verify_proc.h"
6 6
7 #include <vector> 7 #include <vector>
8 8
9 #include "base/callback_helpers.h" 9 #include "base/callback_helpers.h"
10 #include "base/files/file_path.h" 10 #include "base/files/file_path.h"
(...skipping 139 matching lines...) Expand 10 before | Expand all | Expand 10 after
150 CertVerifyResult verify_result; 150 CertVerifyResult verify_result;
151 EXPECT_EQ(OK, 151 EXPECT_EQ(OK,
152 Verify(google_full_chain.get(), 152 Verify(google_full_chain.get(),
153 "www.google.com", 153 "www.google.com",
154 0 /* flags */, 154 0 /* flags */,
155 NULL, 155 NULL,
156 empty_cert_list_, 156 empty_cert_list_,
157 &verify_result)); 157 &verify_result));
158 } 158 }
159 159
160 #if defined(OS_ANDROID) || defined(USE_OPENSSL) 160 #if defined(OS_ANDROID) || defined(USE_OPENSSL_CERTS)
161 // TODO(jnd): http://crbug.com/117478 - EV verification is not yet supported. 161 // TODO(jnd): http://crbug.com/117478 - EV verification is not yet supported.
162 #define MAYBE_EVVerification DISABLED_EVVerification 162 #define MAYBE_EVVerification DISABLED_EVVerification
163 #else 163 #else
164 #define MAYBE_EVVerification EVVerification 164 #define MAYBE_EVVerification EVVerification
165 #endif 165 #endif
166 TEST_F(CertVerifyProcTest, MAYBE_EVVerification) { 166 TEST_F(CertVerifyProcTest, MAYBE_EVVerification) {
167 CertificateList certs = CreateCertificateListFromFile( 167 CertificateList certs = CreateCertificateListFromFile(
168 GetTestCertsDirectory(), 168 GetTestCertsDirectory(),
169 "comodo.chain.pem", 169 "comodo.chain.pem",
170 X509Certificate::FORMAT_PEM_CERT_SEQUENCE); 170 X509Certificate::FORMAT_PEM_CERT_SEQUENCE);
(...skipping 546 matching lines...) Expand 10 before | Expand all | Expand 10 after
717 ASSERT_NE(static_cast<X509Certificate*>(NULL), server_cert); 717 ASSERT_NE(static_cast<X509Certificate*>(NULL), server_cert);
718 718
719 int flags = 0; 719 int flags = 0;
720 CertVerifyResult verify_result; 720 CertVerifyResult verify_result;
721 int error = Verify(server_cert.get(), 721 int error = Verify(server_cert.get(),
722 "jira.aquameta.com", 722 "jira.aquameta.com",
723 flags, 723 flags,
724 NULL, 724 NULL,
725 empty_cert_list_, 725 empty_cert_list_,
726 &verify_result); 726 &verify_result);
727 #if defined(USE_OPENSSL) && !defined(OS_ANDROID) 727 #if defined(USE_OPENSSL_CERTS) && !defined(OS_ANDROID)
728 // This certificate has two errors: "invalid key usage" and "untrusted CA". 728 // This certificate has two errors: "invalid key usage" and "untrusted CA".
729 // However, OpenSSL returns only one (the latter), and we can't detect 729 // However, OpenSSL returns only one (the latter), and we can't detect
730 // the other errors. 730 // the other errors.
731 EXPECT_EQ(ERR_CERT_AUTHORITY_INVALID, error); 731 EXPECT_EQ(ERR_CERT_AUTHORITY_INVALID, error);
732 #else 732 #else
733 EXPECT_EQ(ERR_CERT_INVALID, error); 733 EXPECT_EQ(ERR_CERT_INVALID, error);
734 EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_INVALID); 734 EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_INVALID);
735 #endif 735 #endif
736 // TODO(wtc): fix http://crbug.com/75520 to get all the certificate errors 736 // TODO(wtc): fix http://crbug.com/75520 to get all the certificate errors
737 // from NSS. 737 // from NSS.
(...skipping 657 matching lines...) Expand 10 before | Expand all | Expand 10 after
1395 // around this, indirect the macro for INSTANTIATE_TEST_CASE_P, so that the 1395 // around this, indirect the macro for INSTANTIATE_TEST_CASE_P, so that the
1396 // pre-processor will expand macros such as MAYBE_test_name before 1396 // pre-processor will expand macros such as MAYBE_test_name before
1397 // instantiating the test. 1397 // instantiating the test.
1398 #define WRAPPED_INSTANTIATE_TEST_CASE_P(prefix, test_case_name, generator) \ 1398 #define WRAPPED_INSTANTIATE_TEST_CASE_P(prefix, test_case_name, generator) \
1399 INSTANTIATE_TEST_CASE_P(prefix, test_case_name, generator) 1399 INSTANTIATE_TEST_CASE_P(prefix, test_case_name, generator)
1400 1400
1401 // The signature algorithm of the root CA should not matter. 1401 // The signature algorithm of the root CA should not matter.
1402 const WeakDigestTestData kVerifyRootCATestData[] = { 1402 const WeakDigestTestData kVerifyRootCATestData[] = {
1403 { "weak_digest_md5_root.pem", "weak_digest_sha1_intermediate.pem", 1403 { "weak_digest_md5_root.pem", "weak_digest_sha1_intermediate.pem",
1404 "weak_digest_sha1_ee.pem", false, false, false }, 1404 "weak_digest_sha1_ee.pem", false, false, false },
1405 #if defined(USE_OPENSSL) || defined(OS_WIN) 1405 #if defined(USE_OPENSSL_CERTS) || defined(OS_WIN)
1406 // MD4 is not supported by OS X / NSS 1406 // MD4 is not supported by OS X / NSS
1407 { "weak_digest_md4_root.pem", "weak_digest_sha1_intermediate.pem", 1407 { "weak_digest_md4_root.pem", "weak_digest_sha1_intermediate.pem",
1408 "weak_digest_sha1_ee.pem", false, false, false }, 1408 "weak_digest_sha1_ee.pem", false, false, false },
1409 #endif 1409 #endif
1410 { "weak_digest_md2_root.pem", "weak_digest_sha1_intermediate.pem", 1410 { "weak_digest_md2_root.pem", "weak_digest_sha1_intermediate.pem",
1411 "weak_digest_sha1_ee.pem", false, false, false }, 1411 "weak_digest_sha1_ee.pem", false, false, false },
1412 }; 1412 };
1413 INSTANTIATE_TEST_CASE_P(VerifyRoot, CertVerifyProcWeakDigestTest, 1413 INSTANTIATE_TEST_CASE_P(VerifyRoot, CertVerifyProcWeakDigestTest,
1414 testing::ValuesIn(kVerifyRootCATestData)); 1414 testing::ValuesIn(kVerifyRootCATestData));
1415 1415
1416 // The signature algorithm of intermediates should be properly detected. 1416 // The signature algorithm of intermediates should be properly detected.
1417 const WeakDigestTestData kVerifyIntermediateCATestData[] = { 1417 const WeakDigestTestData kVerifyIntermediateCATestData[] = {
1418 { "weak_digest_sha1_root.pem", "weak_digest_md5_intermediate.pem", 1418 { "weak_digest_sha1_root.pem", "weak_digest_md5_intermediate.pem",
1419 "weak_digest_sha1_ee.pem", true, false, false }, 1419 "weak_digest_sha1_ee.pem", true, false, false },
1420 #if defined(USE_OPENSSL) || defined(OS_WIN) 1420 #if defined(USE_OPENSSL_CERTS) || defined(OS_WIN)
1421 // MD4 is not supported by OS X / NSS 1421 // MD4 is not supported by OS X / NSS
1422 { "weak_digest_sha1_root.pem", "weak_digest_md4_intermediate.pem", 1422 { "weak_digest_sha1_root.pem", "weak_digest_md4_intermediate.pem",
1423 "weak_digest_sha1_ee.pem", false, true, false }, 1423 "weak_digest_sha1_ee.pem", false, true, false },
1424 #endif 1424 #endif
1425 { "weak_digest_sha1_root.pem", "weak_digest_md2_intermediate.pem", 1425 { "weak_digest_sha1_root.pem", "weak_digest_md2_intermediate.pem",
1426 "weak_digest_sha1_ee.pem", false, false, true }, 1426 "weak_digest_sha1_ee.pem", false, false, true },
1427 }; 1427 };
1428 // Disabled on NSS - MD4 is not supported, and MD2 and MD5 are disabled. 1428 // Disabled on NSS - MD4 is not supported, and MD2 and MD5 are disabled.
1429 #if defined(USE_NSS) || defined(OS_IOS) 1429 #if defined(USE_NSS) || defined(OS_IOS)
1430 #define MAYBE_VerifyIntermediate DISABLED_VerifyIntermediate 1430 #define MAYBE_VerifyIntermediate DISABLED_VerifyIntermediate
1431 #else 1431 #else
1432 #define MAYBE_VerifyIntermediate VerifyIntermediate 1432 #define MAYBE_VerifyIntermediate VerifyIntermediate
1433 #endif 1433 #endif
1434 WRAPPED_INSTANTIATE_TEST_CASE_P( 1434 WRAPPED_INSTANTIATE_TEST_CASE_P(
1435 MAYBE_VerifyIntermediate, 1435 MAYBE_VerifyIntermediate,
1436 CertVerifyProcWeakDigestTest, 1436 CertVerifyProcWeakDigestTest,
1437 testing::ValuesIn(kVerifyIntermediateCATestData)); 1437 testing::ValuesIn(kVerifyIntermediateCATestData));
1438 1438
1439 // The signature algorithm of end-entity should be properly detected. 1439 // The signature algorithm of end-entity should be properly detected.
1440 const WeakDigestTestData kVerifyEndEntityTestData[] = { 1440 const WeakDigestTestData kVerifyEndEntityTestData[] = {
1441 { "weak_digest_sha1_root.pem", "weak_digest_sha1_intermediate.pem", 1441 { "weak_digest_sha1_root.pem", "weak_digest_sha1_intermediate.pem",
1442 "weak_digest_md5_ee.pem", true, false, false }, 1442 "weak_digest_md5_ee.pem", true, false, false },
1443 #if defined(USE_OPENSSL) || defined(OS_WIN) 1443 #if defined(USE_OPENSSL_CERTS) || defined(OS_WIN)
1444 // MD4 is not supported by OS X / NSS 1444 // MD4 is not supported by OS X / NSS
1445 { "weak_digest_sha1_root.pem", "weak_digest_sha1_intermediate.pem", 1445 { "weak_digest_sha1_root.pem", "weak_digest_sha1_intermediate.pem",
1446 "weak_digest_md4_ee.pem", false, true, false }, 1446 "weak_digest_md4_ee.pem", false, true, false },
1447 #endif 1447 #endif
1448 { "weak_digest_sha1_root.pem", "weak_digest_sha1_intermediate.pem", 1448 { "weak_digest_sha1_root.pem", "weak_digest_sha1_intermediate.pem",
1449 "weak_digest_md2_ee.pem", false, false, true }, 1449 "weak_digest_md2_ee.pem", false, false, true },
1450 }; 1450 };
1451 // Disabled on NSS - NSS caches chains/signatures in such a way that cannot 1451 // Disabled on NSS - NSS caches chains/signatures in such a way that cannot
1452 // be cleared until NSS is cleanly shutdown, which is not presently supported 1452 // be cleared until NSS is cleanly shutdown, which is not presently supported
1453 // in Chromium. 1453 // in Chromium.
1454 #if defined(USE_NSS) || defined(OS_IOS) 1454 #if defined(USE_NSS) || defined(OS_IOS)
1455 #define MAYBE_VerifyEndEntity DISABLED_VerifyEndEntity 1455 #define MAYBE_VerifyEndEntity DISABLED_VerifyEndEntity
1456 #else 1456 #else
1457 #define MAYBE_VerifyEndEntity VerifyEndEntity 1457 #define MAYBE_VerifyEndEntity VerifyEndEntity
1458 #endif 1458 #endif
1459 WRAPPED_INSTANTIATE_TEST_CASE_P(MAYBE_VerifyEndEntity, 1459 WRAPPED_INSTANTIATE_TEST_CASE_P(MAYBE_VerifyEndEntity,
1460 CertVerifyProcWeakDigestTest, 1460 CertVerifyProcWeakDigestTest,
1461 testing::ValuesIn(kVerifyEndEntityTestData)); 1461 testing::ValuesIn(kVerifyEndEntityTestData));
1462 1462
1463 // Incomplete chains should still report the status of the intermediate. 1463 // Incomplete chains should still report the status of the intermediate.
1464 const WeakDigestTestData kVerifyIncompleteIntermediateTestData[] = { 1464 const WeakDigestTestData kVerifyIncompleteIntermediateTestData[] = {
1465 { NULL, "weak_digest_md5_intermediate.pem", "weak_digest_sha1_ee.pem", 1465 { NULL, "weak_digest_md5_intermediate.pem", "weak_digest_sha1_ee.pem",
1466 true, false, false }, 1466 true, false, false },
1467 #if defined(USE_OPENSSL) || defined(OS_WIN) 1467 #if defined(USE_OPENSSL_CERTS) || defined(OS_WIN)
1468 // MD4 is not supported by OS X / NSS 1468 // MD4 is not supported by OS X / NSS
1469 { NULL, "weak_digest_md4_intermediate.pem", "weak_digest_sha1_ee.pem", 1469 { NULL, "weak_digest_md4_intermediate.pem", "weak_digest_sha1_ee.pem",
1470 false, true, false }, 1470 false, true, false },
1471 #endif 1471 #endif
1472 { NULL, "weak_digest_md2_intermediate.pem", "weak_digest_sha1_ee.pem", 1472 { NULL, "weak_digest_md2_intermediate.pem", "weak_digest_sha1_ee.pem",
1473 false, false, true }, 1473 false, false, true },
1474 }; 1474 };
1475 // Disabled on NSS - libpkix does not return constructed chains on error, 1475 // Disabled on NSS - libpkix does not return constructed chains on error,
1476 // preventing us from detecting/inspecting the verified chain. 1476 // preventing us from detecting/inspecting the verified chain.
1477 #if defined(USE_NSS) || defined(OS_IOS) 1477 #if defined(USE_NSS) || defined(OS_IOS)
1478 #define MAYBE_VerifyIncompleteIntermediate \ 1478 #define MAYBE_VerifyIncompleteIntermediate \
1479 DISABLED_VerifyIncompleteIntermediate 1479 DISABLED_VerifyIncompleteIntermediate
1480 #else 1480 #else
1481 #define MAYBE_VerifyIncompleteIntermediate VerifyIncompleteIntermediate 1481 #define MAYBE_VerifyIncompleteIntermediate VerifyIncompleteIntermediate
1482 #endif 1482 #endif
1483 WRAPPED_INSTANTIATE_TEST_CASE_P( 1483 WRAPPED_INSTANTIATE_TEST_CASE_P(
1484 MAYBE_VerifyIncompleteIntermediate, 1484 MAYBE_VerifyIncompleteIntermediate,
1485 CertVerifyProcWeakDigestTest, 1485 CertVerifyProcWeakDigestTest,
1486 testing::ValuesIn(kVerifyIncompleteIntermediateTestData)); 1486 testing::ValuesIn(kVerifyIncompleteIntermediateTestData));
1487 1487
1488 // Incomplete chains should still report the status of the end-entity. 1488 // Incomplete chains should still report the status of the end-entity.
1489 const WeakDigestTestData kVerifyIncompleteEETestData[] = { 1489 const WeakDigestTestData kVerifyIncompleteEETestData[] = {
1490 { NULL, "weak_digest_sha1_intermediate.pem", "weak_digest_md5_ee.pem", 1490 { NULL, "weak_digest_sha1_intermediate.pem", "weak_digest_md5_ee.pem",
1491 true, false, false }, 1491 true, false, false },
1492 #if defined(USE_OPENSSL) || defined(OS_WIN) 1492 #if defined(USE_OPENSSL_CERTS) || defined(OS_WIN)
1493 // MD4 is not supported by OS X / NSS 1493 // MD4 is not supported by OS X / NSS
1494 { NULL, "weak_digest_sha1_intermediate.pem", "weak_digest_md4_ee.pem", 1494 { NULL, "weak_digest_sha1_intermediate.pem", "weak_digest_md4_ee.pem",
1495 false, true, false }, 1495 false, true, false },
1496 #endif 1496 #endif
1497 { NULL, "weak_digest_sha1_intermediate.pem", "weak_digest_md2_ee.pem", 1497 { NULL, "weak_digest_sha1_intermediate.pem", "weak_digest_md2_ee.pem",
1498 false, false, true }, 1498 false, false, true },
1499 }; 1499 };
1500 // Disabled on NSS - libpkix does not return constructed chains on error, 1500 // Disabled on NSS - libpkix does not return constructed chains on error,
1501 // preventing us from detecting/inspecting the verified chain. 1501 // preventing us from detecting/inspecting the verified chain.
1502 #if defined(USE_NSS) || defined(OS_IOS) 1502 #if defined(USE_NSS) || defined(OS_IOS)
1503 #define MAYBE_VerifyIncompleteEndEntity DISABLED_VerifyIncompleteEndEntity 1503 #define MAYBE_VerifyIncompleteEndEntity DISABLED_VerifyIncompleteEndEntity
1504 #else 1504 #else
1505 #define MAYBE_VerifyIncompleteEndEntity VerifyIncompleteEndEntity 1505 #define MAYBE_VerifyIncompleteEndEntity VerifyIncompleteEndEntity
1506 #endif 1506 #endif
1507 WRAPPED_INSTANTIATE_TEST_CASE_P( 1507 WRAPPED_INSTANTIATE_TEST_CASE_P(
1508 MAYBE_VerifyIncompleteEndEntity, 1508 MAYBE_VerifyIncompleteEndEntity,
1509 CertVerifyProcWeakDigestTest, 1509 CertVerifyProcWeakDigestTest,
1510 testing::ValuesIn(kVerifyIncompleteEETestData)); 1510 testing::ValuesIn(kVerifyIncompleteEETestData));
1511 1511
1512 // Differing algorithms between the intermediate and the EE should still be 1512 // Differing algorithms between the intermediate and the EE should still be
1513 // reported. 1513 // reported.
1514 const WeakDigestTestData kVerifyMixedTestData[] = { 1514 const WeakDigestTestData kVerifyMixedTestData[] = {
1515 { "weak_digest_sha1_root.pem", "weak_digest_md5_intermediate.pem", 1515 { "weak_digest_sha1_root.pem", "weak_digest_md5_intermediate.pem",
1516 "weak_digest_md2_ee.pem", true, false, true }, 1516 "weak_digest_md2_ee.pem", true, false, true },
1517 { "weak_digest_sha1_root.pem", "weak_digest_md2_intermediate.pem", 1517 { "weak_digest_sha1_root.pem", "weak_digest_md2_intermediate.pem",
1518 "weak_digest_md5_ee.pem", true, false, true }, 1518 "weak_digest_md5_ee.pem", true, false, true },
1519 #if defined(USE_OPENSSL) || defined(OS_WIN) 1519 #if defined(USE_OPENSSL_CERTS) || defined(OS_WIN)
1520 // MD4 is not supported by OS X / NSS 1520 // MD4 is not supported by OS X / NSS
1521 { "weak_digest_sha1_root.pem", "weak_digest_md4_intermediate.pem", 1521 { "weak_digest_sha1_root.pem", "weak_digest_md4_intermediate.pem",
1522 "weak_digest_md2_ee.pem", false, true, true }, 1522 "weak_digest_md2_ee.pem", false, true, true },
1523 #endif 1523 #endif
1524 }; 1524 };
1525 // NSS does not support MD4 and does not enable MD2 by default, making all 1525 // NSS does not support MD4 and does not enable MD2 by default, making all
1526 // permutations invalid. 1526 // permutations invalid.
1527 #if defined(USE_NSS) || defined(OS_IOS) 1527 #if defined(USE_NSS) || defined(OS_IOS)
1528 #define MAYBE_VerifyMixed DISABLED_VerifyMixed 1528 #define MAYBE_VerifyMixed DISABLED_VerifyMixed
1529 #else 1529 #else
(...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after
1593 EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_COMMON_NAME_INVALID); 1593 EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_COMMON_NAME_INVALID);
1594 } 1594 }
1595 } 1595 }
1596 1596
1597 WRAPPED_INSTANTIATE_TEST_CASE_P( 1597 WRAPPED_INSTANTIATE_TEST_CASE_P(
1598 VerifyName, 1598 VerifyName,
1599 CertVerifyProcNameTest, 1599 CertVerifyProcNameTest,
1600 testing::ValuesIn(kVerifyNameData)); 1600 testing::ValuesIn(kVerifyNameData));
1601 1601
1602 } // namespace net 1602 } // namespace net
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698