| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/internal/verify_certificate_chain.h" | 5 #include "net/cert/internal/verify_certificate_chain.h" |
| 6 | 6 |
| 7 #include "base/base_paths.h" | 7 #include "base/base_paths.h" |
| 8 #include "base/files/file_util.h" | 8 #include "base/files/file_util.h" |
| 9 #include "base/path_service.h" | 9 #include "base/path_service.h" |
| 10 #include "base/strings/string_split.h" | 10 #include "base/strings/string_split.h" |
| (...skipping 59 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 70 | 70 |
| 71 PEMTokenizer pem_tokenizer(file_data, pem_headers); | 71 PEMTokenizer pem_tokenizer(file_data, pem_headers); |
| 72 while (pem_tokenizer.GetNext()) { | 72 while (pem_tokenizer.GetNext()) { |
| 73 const std::string& block_type = pem_tokenizer.block_type(); | 73 const std::string& block_type = pem_tokenizer.block_type(); |
| 74 const std::string& block_data = pem_tokenizer.data(); | 74 const std::string& block_data = pem_tokenizer.data(); |
| 75 | 75 |
| 76 if (block_type == kCertificateHeader) { | 76 if (block_type == kCertificateHeader) { |
| 77 chain->push_back(block_data); | 77 chain->push_back(block_data); |
| 78 } else if (block_type == kTrustedCertificateHeader) { | 78 } else if (block_type == kTrustedCertificateHeader) { |
| 79 scoped_refptr<ParsedCertificate> cert( | 79 scoped_refptr<ParsedCertificate> cert( |
| 80 ParsedCertificate::CreateFromCertificateCopy(block_data)); | 80 ParsedCertificate::CreateFromCertificateCopy(block_data, {})); |
| 81 ASSERT_TRUE(cert); | 81 ASSERT_TRUE(cert); |
| 82 trust_store->AddTrustedCertificate(std::move(cert)); | 82 trust_store->AddTrustedCertificate(std::move(cert)); |
| 83 } else if (block_type == kTimeHeader) { | 83 } else if (block_type == kTimeHeader) { |
| 84 ASSERT_FALSE(has_time) << "Duplicate " << kTimeHeader; | 84 ASSERT_FALSE(has_time) << "Duplicate " << kTimeHeader; |
| 85 has_time = true; | 85 has_time = true; |
| 86 ASSERT_TRUE(der::ParseUTCTime(der::Input(&block_data), time)); | 86 ASSERT_TRUE(der::ParseUTCTime(der::Input(&block_data), time)); |
| 87 } else if (block_type == kResultHeader) { | 87 } else if (block_type == kResultHeader) { |
| 88 ASSERT_FALSE(has_result) << "Duplicate " << kResultHeader; | 88 ASSERT_FALSE(has_result) << "Duplicate " << kResultHeader; |
| 89 ASSERT_TRUE(block_data == "SUCCESS" || block_data == "FAIL") | 89 ASSERT_TRUE(block_data == "SUCCESS" || block_data == "FAIL") |
| 90 << "Unrecognized result: " << block_data; | 90 << "Unrecognized result: " << block_data; |
| (...skipping 11 matching lines...) Expand all Loading... |
| 102 TrustStore trust_store; | 102 TrustStore trust_store; |
| 103 der::GeneralizedTime time; | 103 der::GeneralizedTime time; |
| 104 bool expected_result; | 104 bool expected_result; |
| 105 | 105 |
| 106 ReadTestFromFile(file_name, &chain, &trust_store, &time, &expected_result); | 106 ReadTestFromFile(file_name, &chain, &trust_store, &time, &expected_result); |
| 107 | 107 |
| 108 std::vector<scoped_refptr<net::ParsedCertificate>> input_chain; | 108 std::vector<scoped_refptr<net::ParsedCertificate>> input_chain; |
| 109 for (const auto& cert_der : chain) { | 109 for (const auto& cert_der : chain) { |
| 110 ASSERT_TRUE(net::ParsedCertificate::CreateAndAddToVector( | 110 ASSERT_TRUE(net::ParsedCertificate::CreateAndAddToVector( |
| 111 reinterpret_cast<const uint8_t*>(cert_der.data()), cert_der.size(), | 111 reinterpret_cast<const uint8_t*>(cert_der.data()), cert_der.size(), |
| 112 net::ParsedCertificate::DataSource::EXTERNAL_REFERENCE, &input_chain)); | 112 net::ParsedCertificate::DataSource::EXTERNAL_REFERENCE, {}, |
| 113 &input_chain)); |
| 113 } | 114 } |
| 114 | 115 |
| 115 SimpleSignaturePolicy signature_policy(1024); | 116 SimpleSignaturePolicy signature_policy(1024); |
| 116 | 117 |
| 117 std::vector<scoped_refptr<ParsedCertificate>> trusted_chain; | 118 std::vector<scoped_refptr<ParsedCertificate>> trusted_chain; |
| 118 bool result = VerifyCertificateChain(input_chain, trust_store, | 119 bool result = VerifyCertificateChain(input_chain, trust_store, |
| 119 &signature_policy, time, &trusted_chain); | 120 &signature_policy, time, &trusted_chain); |
| 120 if (result) { | 121 if (result) { |
| 121 ASSERT_EQ(trusted_chain.size(), input_chain.size() + 1); | 122 ASSERT_EQ(trusted_chain.size(), input_chain.size() + 1); |
| 122 ASSERT_TRUE(std::equal(input_chain.begin(), input_chain.end(), | 123 ASSERT_TRUE(std::equal(input_chain.begin(), input_chain.end(), |
| (...skipping 124 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 247 ASSERT_FALSE(VerifyCertificateChain(chain, trust_store, &signature_policy, | 248 ASSERT_FALSE(VerifyCertificateChain(chain, trust_store, &signature_policy, |
| 248 time, nullptr)); | 249 time, nullptr)); |
| 249 } | 250 } |
| 250 | 251 |
| 251 // TODO(eroman): Add test that invalidate validity dates where the day or month | 252 // TODO(eroman): Add test that invalidate validity dates where the day or month |
| 252 // ordinal not in range, like "March 39, 2016" are rejected. | 253 // ordinal not in range, like "March 39, 2016" are rejected. |
| 253 | 254 |
| 254 } // namespace | 255 } // namespace |
| 255 | 256 |
| 256 } // namespace net | 257 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2079273004:
Allow Cast certificates to have serial numbers greater than 20 bytes. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master