Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(524)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/cert_verify_proc_unittest.cc

Issue 22893021: Normalize certificate name verification across all platforms (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Review feedback Created 7 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/cert/cert_verify_proc_nss.cc ('k') | net/cert/cert_verify_proc_win.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/cert_verify_proc.h" 5 #include "net/cert/cert_verify_proc.h"
6 6
7 #include <vector> 7 #include <vector>
8 8
9 #include "base/files/file_path.h" 9 #include "base/files/file_path.h"
10 #include "base/logging.h" 10 #include "base/logging.h"
(...skipping 227 matching lines...) Expand 10 before | Expand all | Expand 10 after
238 int error = Verify(cert.get(), 238 int error = Verify(cert.get(),
239 "policy_test.example", 239 "policy_test.example",
240 flags, 240 flags,
241 NULL, 241 NULL,
242 empty_cert_list_, 242 empty_cert_list_,
243 &verify_result); 243 &verify_result);
244 EXPECT_EQ(OK, error); 244 EXPECT_EQ(OK, error);
245 EXPECT_EQ(0u, verify_result.cert_status); 245 EXPECT_EQ(0u, verify_result.cert_status);
246 } 246 }
247 247
248
249 // Test for bug 58437. 248 // Test for bug 58437.
250 // This certificate will expire on 2011-12-21. The test will still 249 // This certificate will expire on 2011-12-21. The test will still
251 // pass if error == ERR_CERT_DATE_INVALID. 250 // pass if error == ERR_CERT_DATE_INVALID.
252 // This test is DISABLED because it appears that we cannot do 251 // This test is DISABLED because it appears that we cannot do
253 // certificate revocation checking when running all of the net unit tests. 252 // certificate revocation checking when running all of the net unit tests.
254 // This test passes when run individually, but when run with all of the net 253 // This test passes when run individually, but when run with all of the net
255 // unit tests, the call to PKIXVerifyCert returns the NSS error -8180, which is 254 // unit tests, the call to PKIXVerifyCert returns the NSS error -8180, which is
256 // SEC_ERROR_REVOKED_CERTIFICATE. This indicates a lack of revocation 255 // SEC_ERROR_REVOKED_CERTIFICATE. This indicates a lack of revocation
257 // status, i.e. that the revocation check is failing for some reason. 256 // status, i.e. that the revocation check is failing for some reason.
258 TEST_F(CertVerifyProcTest, DISABLED_GlobalSignR3EVTest) { 257 TEST_F(CertVerifyProcTest, DISABLED_GlobalSignR3EVTest) {
(...skipping 1090 matching lines...) Expand 10 before | Expand all | Expand 10 after
1349 #if defined(USE_NSS) || defined(OS_IOS) 1348 #if defined(USE_NSS) || defined(OS_IOS)
1350 #define MAYBE_VerifyMixed DISABLED_VerifyMixed 1349 #define MAYBE_VerifyMixed DISABLED_VerifyMixed
1351 #else 1350 #else
1352 #define MAYBE_VerifyMixed VerifyMixed 1351 #define MAYBE_VerifyMixed VerifyMixed
1353 #endif 1352 #endif
1354 WRAPPED_INSTANTIATE_TEST_CASE_P( 1353 WRAPPED_INSTANTIATE_TEST_CASE_P(
1355 MAYBE_VerifyMixed, 1354 MAYBE_VerifyMixed,
1356 CertVerifyProcWeakDigestTest, 1355 CertVerifyProcWeakDigestTest,
1357 testing::ValuesIn(kVerifyMixedTestData)); 1356 testing::ValuesIn(kVerifyMixedTestData));
1358 1357
1358 // For the list of valid hostnames, see
1359 // net/cert/data/ssl/certificates/subjectAltName_sanity_check.pem
1360 static const struct CertVerifyProcNameData {
1361 const char* hostname;
1362 bool valid; // Whether or not |hostname| matches a subjectAltName.
1363 } kVerifyNameData[] = {
1364 { "127.0.0.1", false }, // Don't match the common name
1365 { "127.0.0.2", true }, // Matches the iPAddress SAN (IPv4)
1366 { "FE80:0:0:0:0:0:0:1", true }, // Matches the iPAddress SAN (IPv6)
1367 { "[FE80:0:0:0:0:0:0:1]", false }, // Should not match the iPAddress SAN
1368 { "FE80::1", true }, // Compressed form matches the iPAddress SAN (IPv6)
1369 { "::127.0.0.2", false }, // IPv6 mapped form should NOT match iPAddress SAN
1370 { "test.example", true }, // Matches the dNSName SAN
1371 { "test.example.", true }, // Matches the dNSName SAN (trailing . ignored)
1372 { "www.test.example", false }, // Should not match the dNSName SAN
1373 { "test..example", false }, // Should not match the dNSName SAN
1374 { "test.example..", false }, // Should not match the dNSName SAN
1375 { ".test.example.", false }, // Should not match the dNSName SAN
1376 { ".test.example", false }, // Should not match the dNSName SAN
1377 };
1378
1379 // GTest 'magic' pretty-printer, so that if/when a test fails, it knows how
1380 // to output the parameter that was passed. Without this, it will simply
1381 // attempt to print out the first twenty bytes of the object, which depending
1382 // on platform and alignment, may result in an invalid read.
1383 void PrintTo(const CertVerifyProcNameData& data, std::ostream* os) {
1384 *os << "Hostname: " << data.hostname << "; valid=" << data.valid;
1385 }
1386
1387 class CertVerifyProcNameTest
1388 : public CertVerifyProcTest,
1389 public testing::WithParamInterface<CertVerifyProcNameData> {
1390 public:
1391 CertVerifyProcNameTest() {}
1392 virtual ~CertVerifyProcNameTest() {}
1393 };
1394
1395 TEST_P(CertVerifyProcNameTest, VerifyCertName) {
1396 CertVerifyProcNameData data = GetParam();
1397
1398 CertificateList cert_list = CreateCertificateListFromFile(
1399 GetTestCertsDirectory(), "subjectAltName_sanity_check.pem",
1400 X509Certificate::FORMAT_AUTO);
1401 ASSERT_EQ(1U, cert_list.size());
1402 scoped_refptr<X509Certificate> cert(cert_list[0]);
1403
1404 ScopedTestRoot scoped_root(cert.get());
1405
1406 CertVerifyResult verify_result;
1407 int error = Verify(cert.get(), data.hostname, 0, NULL, empty_cert_list_,
1408 &verify_result);
1409 if (data.valid) {
1410 EXPECT_EQ(OK, error);
1411 EXPECT_FALSE(verify_result.cert_status & CERT_STATUS_COMMON_NAME_INVALID);
1412 } else {
1413 EXPECT_EQ(ERR_CERT_COMMON_NAME_INVALID, error);
1414 EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_COMMON_NAME_INVALID);
1415 }
1416 }
1417
1418 WRAPPED_INSTANTIATE_TEST_CASE_P(
1419 VerifyName,
1420 CertVerifyProcNameTest,
1421 testing::ValuesIn(kVerifyNameData));
1422
1359 } // namespace net 1423 } // namespace net
OLDNEW
« no previous file with comments | « net/cert/cert_verify_proc_nss.cc ('k') | net/cert/cert_verify_proc_win.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698