| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <memory> | 5 #include <memory> |
| 6 #include <utility> | 6 #include <utility> |
| 7 | 7 |
| 8 #include "base/memory/ptr_util.h" | 8 #include "base/memory/ptr_util.h" |
| 9 #include "base/run_loop.h" | 9 #include "base/run_loop.h" |
| 10 #include "build/build_config.h" | 10 #include "build/build_config.h" |
| (...skipping 9067 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 9078 } | 9078 } |
| 9079 | 9079 |
| 9080 // SystemUsesChromiumEVMetadata returns true iff the current operating system | 9080 // SystemUsesChromiumEVMetadata returns true iff the current operating system |
| 9081 // uses Chromium's EV metadata (i.e. EVRootCAMetadata). If it does not, then | 9081 // uses Chromium's EV metadata (i.e. EVRootCAMetadata). If it does not, then |
| 9082 // several tests are effected because our testing EV certificate won't be | 9082 // several tests are effected because our testing EV certificate won't be |
| 9083 // recognised as EV. | 9083 // recognised as EV. |
| 9084 static bool SystemUsesChromiumEVMetadata() { | 9084 static bool SystemUsesChromiumEVMetadata() { |
| 9085 #if defined(USE_OPENSSL_CERTS) && !defined(OS_ANDROID) | 9085 #if defined(USE_OPENSSL_CERTS) && !defined(OS_ANDROID) |
| 9086 // http://crbug.com/117478 - OpenSSL does not support EV validation. | 9086 // http://crbug.com/117478 - OpenSSL does not support EV validation. |
| 9087 return false; | 9087 return false; |
| 9088 #elif (defined(OS_MACOSX) && !defined(OS_IOS)) || defined(OS_ANDROID) | 9088 #elif defined(OS_ANDROID) |
| 9089 // On OS X and Android, we use the system to tell us whether a certificate is | 9089 // On Android, we use the system to tell us whether a certificate is EV or not |
| 9090 // EV or not and the system won't recognise our testing root. | 9090 // and the system won't recognise our testing root. |
| 9091 return false; | 9091 return false; |
| 9092 #else | 9092 #else |
| 9093 return true; | 9093 return true; |
| 9094 #endif | 9094 #endif |
| 9095 } | 9095 } |
| 9096 | 9096 |
| 9097 // Returns the expected CertStatus for tests that expect an online revocation | 9097 // Returns the expected CertStatus for tests that expect an online revocation |
| 9098 // check failure as a result of checking a test EV cert, which will not | 9098 // check failure as a result of checking a test EV cert, which will not |
| 9099 // actually trigger an online revocation check on some platforms. | 9099 // actually trigger an online revocation check on some platforms. |
| 9100 static CertStatus ExpectedCertStatusForFailedOnlineEVRevocationCheck() { | 9100 static CertStatus ExpectedCertStatusForFailedOnlineEVRevocationCheck() { |
| (...skipping 579 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 9680 } | 9680 } |
| 9681 | 9681 |
| 9682 SpawnedTestServer::SSLOptions ssl_options( | 9682 SpawnedTestServer::SSLOptions ssl_options( |
| 9683 SpawnedTestServer::SSLOptions::CERT_AUTO); | 9683 SpawnedTestServer::SSLOptions::CERT_AUTO); |
| 9684 ssl_options.ocsp_status = SpawnedTestServer::SSLOptions::OCSP_REVOKED; | 9684 ssl_options.ocsp_status = SpawnedTestServer::SSLOptions::OCSP_REVOKED; |
| 9685 SSLConfigService::SetCRLSet(scoped_refptr<CRLSet>()); | 9685 SSLConfigService::SetCRLSet(scoped_refptr<CRLSet>()); |
| 9686 | 9686 |
| 9687 CertStatus cert_status; | 9687 CertStatus cert_status; |
| 9688 DoConnection(ssl_options, &cert_status); | 9688 DoConnection(ssl_options, &cert_status); |
| 9689 | 9689 |
| 9690 // Currently only works for Windows. When using NSS or OS X, it's not | 9690 // Currently only works for Windows and OS X. When using NSS, it's not |
| 9691 // possible to determine whether the check failed because of actual | 9691 // possible to determine whether the check failed because of actual |
| 9692 // revocation or because there was an OCSP failure. | 9692 // revocation or because there was an OCSP failure. |
| 9693 #if defined(OS_WIN) | 9693 #if defined(OS_WIN) || defined(OS_MACOSX) |
| 9694 EXPECT_EQ(CERT_STATUS_REVOKED, cert_status & CERT_STATUS_ALL_ERRORS); | 9694 EXPECT_EQ(CERT_STATUS_REVOKED, cert_status & CERT_STATUS_ALL_ERRORS); |
| 9695 #else | 9695 #else |
| 9696 EXPECT_EQ(0u, cert_status & CERT_STATUS_ALL_ERRORS); | 9696 EXPECT_EQ(0u, cert_status & CERT_STATUS_ALL_ERRORS); |
| 9697 #endif | 9697 #endif |
| 9698 | 9698 |
| 9699 EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV); | 9699 EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV); |
| 9700 EXPECT_EQ(SystemUsesChromiumEVMetadata(), | 9700 EXPECT_EQ(SystemUsesChromiumEVMetadata(), |
| 9701 static_cast<bool>(cert_status & CERT_STATUS_REV_CHECKING_ENABLED)); | 9701 static_cast<bool>(cert_status & CERT_STATUS_REV_CHECKING_ENABLED)); |
| 9702 } | 9702 } |
| 9703 | 9703 |
| (...skipping 546 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 10250 AddTestInterceptor()->set_main_intercept_job(std::move(job)); | 10250 AddTestInterceptor()->set_main_intercept_job(std::move(job)); |
| 10251 | 10251 |
| 10252 req->Start(); | 10252 req->Start(); |
| 10253 req->Cancel(); | 10253 req->Cancel(); |
| 10254 base::RunLoop().RunUntilIdle(); | 10254 base::RunLoop().RunUntilIdle(); |
| 10255 EXPECT_EQ(ERR_ABORTED, d.request_status()); | 10255 EXPECT_EQ(ERR_ABORTED, d.request_status()); |
| 10256 EXPECT_EQ(0, d.received_redirect_count()); | 10256 EXPECT_EQ(0, d.received_redirect_count()); |
| 10257 } | 10257 } |
| 10258 | 10258 |
| 10259 } // namespace net | 10259 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2456523003:
Mac EV verification using Chrome methods rather than OS methods. (Closed)
