| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/ev_root_ca_metadata.h" | 5 #include "net/cert/ev_root_ca_metadata.h" |
| 6 | 6 |
| 7 #include "net/cert/x509_cert_types.h" | 7 #include "net/cert/x509_cert_types.h" |
| 8 #include "net/der/input.h" |
| 8 #include "net/test/cert_test_util.h" | 9 #include "net/test/cert_test_util.h" |
| 9 #include "testing/gtest/include/gtest/gtest.h" | 10 #include "testing/gtest/include/gtest/gtest.h" |
| 10 | 11 |
| 11 #if defined(USE_NSS_CERTS) | 12 #if defined(USE_NSS_CERTS) |
| 12 #include "crypto/nss_util.h" | 13 #include "crypto/nss_util.h" |
| 13 #include "crypto/scoped_nss_types.h" | 14 #include "crypto/scoped_nss_types.h" |
| 14 #endif | 15 #endif |
| 15 | 16 |
| 16 namespace net { | 17 namespace net { |
| 17 | 18 |
| 18 namespace { | 19 namespace { |
| 19 | 20 |
| 20 #if defined(USE_NSS_CERTS) || defined(OS_WIN) | 21 #if defined(USE_NSS_CERTS) || defined(OS_WIN) |
| 21 const char kVerisignPolicy[] = "2.16.840.1.113733.1.7.23.6"; | 22 const char kVerisignPolicy[] = "2.16.840.1.113733.1.7.23.6"; |
| 22 const char kThawtePolicy[] = "2.16.840.1.113733.1.7.48.1"; | 23 const char kThawtePolicy[] = "2.16.840.1.113733.1.7.48.1"; |
| 23 const char kFakePolicy[] = "2.16.840.1.42"; | 24 const char kFakePolicy[] = "2.16.840.1.42"; |
| 25 #elif defined(OS_MACOSX) |
| 26 // DER OID values (no tag or length). |
| 27 const uint8_t kVerisignPolicy[] = {0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, |
| 28 0x45, 0x01, 0x07, 0x17, 0x06}; |
| 29 const uint8_t kThawtePolicy[] = {0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, |
| 30 0x45, 0x01, 0x07, 0x30, 0x01}; |
| 31 const uint8_t kFakePolicy[] = {0x60, 0x86, 0x48, 0x01, 0x2a}; |
| 32 #endif |
| 33 |
| 34 #if defined(USE_NSS_CERTS) || defined(OS_WIN) || defined(OS_MACOSX) |
| 35 const char kFakePolicyStr[] = "2.16.840.1.42"; |
| 24 const SHA1HashValue kVerisignFingerprint = | 36 const SHA1HashValue kVerisignFingerprint = |
| 25 { { 0x74, 0x2c, 0x31, 0x92, 0xe6, 0x07, 0xe4, 0x24, 0xeb, 0x45, | 37 { { 0x74, 0x2c, 0x31, 0x92, 0xe6, 0x07, 0xe4, 0x24, 0xeb, 0x45, |
| 26 0x49, 0x54, 0x2b, 0xe1, 0xbb, 0xc5, 0x3e, 0x61, 0x74, 0xe2 } }; | 38 0x49, 0x54, 0x2b, 0xe1, 0xbb, 0xc5, 0x3e, 0x61, 0x74, 0xe2 } }; |
| 27 const SHA1HashValue kFakeFingerprint = | 39 const SHA1HashValue kFakeFingerprint = |
| 28 { { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, | 40 { { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, |
| 29 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99 } }; | 41 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99 } }; |
| 30 | 42 |
| 31 class EVOidData { | 43 class EVOidData { |
| 32 public: | 44 public: |
| 33 EVOidData(); | 45 EVOidData(); |
| 34 bool Init(); | 46 bool Init(); |
| 35 | 47 |
| 36 EVRootCAMetadata::PolicyOID verisign_policy; | 48 EVRootCAMetadata::PolicyOID verisign_policy; |
| 37 EVRootCAMetadata::PolicyOID thawte_policy; | 49 EVRootCAMetadata::PolicyOID thawte_policy; |
| 38 EVRootCAMetadata::PolicyOID fake_policy; | 50 EVRootCAMetadata::PolicyOID fake_policy; |
| 39 }; | 51 }; |
| 40 | 52 |
| 41 #endif // defined(USE_NSS_CERTS) || defined(OS_WIN) | 53 #endif // defined(USE_NSS_CERTS) || defined(OS_WIN) || defined(OS_MACOSX) |
| 42 | 54 |
| 43 #if defined(USE_NSS_CERTS) | 55 #if defined(USE_NSS_CERTS) |
| 44 | 56 |
| 45 SECOidTag RegisterOID(PLArenaPool* arena, const char* oid_string) { | 57 SECOidTag RegisterOID(PLArenaPool* arena, const char* oid_string) { |
| 46 SECOidData oid_data; | 58 SECOidData oid_data; |
| 47 memset(&oid_data, 0, sizeof(oid_data)); | 59 memset(&oid_data, 0, sizeof(oid_data)); |
| 48 oid_data.offset = SEC_OID_UNKNOWN; | 60 oid_data.offset = SEC_OID_UNKNOWN; |
| 49 oid_data.desc = oid_string; | 61 oid_data.desc = oid_string; |
| 50 oid_data.mechanism = CKM_INVALID_MECHANISM; | 62 oid_data.mechanism = CKM_INVALID_MECHANISM; |
| 51 oid_data.supportedExtension = INVALID_CERT_EXTENSION; | 63 oid_data.supportedExtension = INVALID_CERT_EXTENSION; |
| (...skipping 19 matching lines...) Expand all Loading... |
| 71 | 83 |
| 72 verisign_policy = RegisterOID(pool.get(), kVerisignPolicy); | 84 verisign_policy = RegisterOID(pool.get(), kVerisignPolicy); |
| 73 thawte_policy = RegisterOID(pool.get(), kThawtePolicy); | 85 thawte_policy = RegisterOID(pool.get(), kThawtePolicy); |
| 74 fake_policy = RegisterOID(pool.get(), kFakePolicy); | 86 fake_policy = RegisterOID(pool.get(), kFakePolicy); |
| 75 | 87 |
| 76 return verisign_policy != SEC_OID_UNKNOWN && | 88 return verisign_policy != SEC_OID_UNKNOWN && |
| 77 thawte_policy != SEC_OID_UNKNOWN && | 89 thawte_policy != SEC_OID_UNKNOWN && |
| 78 fake_policy != SEC_OID_UNKNOWN; | 90 fake_policy != SEC_OID_UNKNOWN; |
| 79 } | 91 } |
| 80 | 92 |
| 81 #elif defined(OS_WIN) | 93 #elif defined(OS_WIN) || defined(OS_MACOSX) |
| 82 | 94 |
| 83 EVOidData::EVOidData() | 95 EVOidData::EVOidData() |
| 84 : verisign_policy(kVerisignPolicy), | 96 : verisign_policy(kVerisignPolicy), |
| 85 thawte_policy(kThawtePolicy), | 97 thawte_policy(kThawtePolicy), |
| 86 fake_policy(kFakePolicy) { | 98 fake_policy(kFakePolicy) {} |
| 87 } | |
| 88 | 99 |
| 89 bool EVOidData::Init() { | 100 bool EVOidData::Init() { |
| 90 return true; | 101 return true; |
| 91 } | 102 } |
| 92 | 103 |
| 93 #endif | 104 #endif |
| 94 | 105 |
| 95 #if defined(USE_NSS_CERTS) || defined(OS_WIN) | 106 #if defined(USE_NSS_CERTS) || defined(OS_WIN) || defined(OS_MACOSX) |
| 96 | 107 |
| 97 class EVRootCAMetadataTest : public testing::Test { | 108 class EVRootCAMetadataTest : public testing::Test { |
| 98 protected: | 109 protected: |
| 99 void SetUp() override { ASSERT_TRUE(ev_oid_data.Init()); } | 110 void SetUp() override { ASSERT_TRUE(ev_oid_data.Init()); } |
| 100 | 111 |
| 101 EVOidData ev_oid_data; | 112 EVOidData ev_oid_data; |
| 102 }; | 113 }; |
| 103 | 114 |
| 104 TEST_F(EVRootCAMetadataTest, Basic) { | 115 TEST_F(EVRootCAMetadataTest, Basic) { |
| 105 EVRootCAMetadata* ev_metadata(EVRootCAMetadata::GetInstance()); | 116 EVRootCAMetadata* ev_metadata(EVRootCAMetadata::GetInstance()); |
| (...skipping 12 matching lines...) Expand all Loading... |
| 118 | 129 |
| 119 TEST_F(EVRootCAMetadataTest, AddRemove) { | 130 TEST_F(EVRootCAMetadataTest, AddRemove) { |
| 120 EVRootCAMetadata* ev_metadata(EVRootCAMetadata::GetInstance()); | 131 EVRootCAMetadata* ev_metadata(EVRootCAMetadata::GetInstance()); |
| 121 | 132 |
| 122 EXPECT_FALSE(ev_metadata->IsEVPolicyOID(ev_oid_data.fake_policy)); | 133 EXPECT_FALSE(ev_metadata->IsEVPolicyOID(ev_oid_data.fake_policy)); |
| 123 EXPECT_FALSE(ev_metadata->HasEVPolicyOID(kFakeFingerprint, | 134 EXPECT_FALSE(ev_metadata->HasEVPolicyOID(kFakeFingerprint, |
| 124 ev_oid_data.fake_policy)); | 135 ev_oid_data.fake_policy)); |
| 125 | 136 |
| 126 { | 137 { |
| 127 ScopedTestEVPolicy test_ev_policy(ev_metadata, kFakeFingerprint, | 138 ScopedTestEVPolicy test_ev_policy(ev_metadata, kFakeFingerprint, |
| 128 kFakePolicy); | 139 kFakePolicyStr); |
| 129 | 140 |
| 130 EXPECT_TRUE(ev_metadata->IsEVPolicyOID(ev_oid_data.fake_policy)); | 141 EXPECT_TRUE(ev_metadata->IsEVPolicyOID(ev_oid_data.fake_policy)); |
| 131 EXPECT_TRUE(ev_metadata->HasEVPolicyOID(kFakeFingerprint, | 142 EXPECT_TRUE(ev_metadata->HasEVPolicyOID(kFakeFingerprint, |
| 132 ev_oid_data.fake_policy)); | 143 ev_oid_data.fake_policy)); |
| 133 } | 144 } |
| 134 | 145 |
| 135 EXPECT_FALSE(ev_metadata->IsEVPolicyOID(ev_oid_data.fake_policy)); | 146 EXPECT_FALSE(ev_metadata->IsEVPolicyOID(ev_oid_data.fake_policy)); |
| 136 EXPECT_FALSE(ev_metadata->HasEVPolicyOID(kFakeFingerprint, | 147 EXPECT_FALSE(ev_metadata->HasEVPolicyOID(kFakeFingerprint, |
| 137 ev_oid_data.fake_policy)); | 148 ev_oid_data.fake_policy)); |
| 138 } | 149 } |
| 139 | 150 |
| 140 #endif // defined(USE_NSS_CERTS) || defined(OS_WIN) | 151 #endif // defined(USE_NSS_CERTS) || defined(OS_WIN) || defined(OS_MACOSX) |
| 141 | 152 |
| 142 } // namespace | 153 } // namespace |
| 143 | 154 |
| 144 } // namespace net | 155 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2499083003:
Mac EV verification using Chrome methods rather than OS methods. (Closed)
