| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <memory> | 5 #include <memory> |
| 6 #include <utility> | 6 #include <utility> |
| 7 | 7 |
| 8 #include "base/memory/ptr_util.h" | 8 #include "base/memory/ptr_util.h" |
| 9 #include "base/run_loop.h" | 9 #include "base/run_loop.h" |
| 10 #include "build/build_config.h" | 10 #include "build/build_config.h" |
| (...skipping 9035 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 9046 } | 9046 } |
| 9047 | 9047 |
| 9048 // SystemUsesChromiumEVMetadata returns true iff the current operating system | 9048 // SystemUsesChromiumEVMetadata returns true iff the current operating system |
| 9049 // uses Chromium's EV metadata (i.e. EVRootCAMetadata). If it does not, then | 9049 // uses Chromium's EV metadata (i.e. EVRootCAMetadata). If it does not, then |
| 9050 // several tests are effected because our testing EV certificate won't be | 9050 // several tests are effected because our testing EV certificate won't be |
| 9051 // recognised as EV. | 9051 // recognised as EV. |
| 9052 static bool SystemUsesChromiumEVMetadata() { | 9052 static bool SystemUsesChromiumEVMetadata() { |
| 9053 #if defined(USE_OPENSSL_CERTS) && !defined(OS_ANDROID) | 9053 #if defined(USE_OPENSSL_CERTS) && !defined(OS_ANDROID) |
| 9054 // http://crbug.com/117478 - OpenSSL does not support EV validation. | 9054 // http://crbug.com/117478 - OpenSSL does not support EV validation. |
| 9055 return false; | 9055 return false; |
| 9056 #elif (defined(OS_MACOSX) && !defined(OS_IOS)) || defined(OS_ANDROID) | 9056 #elif defined(OS_ANDROID) |
| 9057 // On OS X and Android, we use the system to tell us whether a certificate is | 9057 // On Android, we use the system to tell us whether a certificate is EV or not |
| 9058 // EV or not and the system won't recognise our testing root. | 9058 // and the system won't recognise our testing root. |
| 9059 return false; | 9059 return false; |
| 9060 #else | 9060 #else |
| 9061 return true; | 9061 return true; |
| 9062 #endif | 9062 #endif |
| 9063 } | 9063 } |
| 9064 | 9064 |
| 9065 // Returns the expected CertStatus for tests that expect an online revocation | 9065 // Returns the expected CertStatus for tests that expect an online revocation |
| 9066 // check failure as a result of checking a test EV cert, which will not | 9066 // check failure as a result of checking a test EV cert, which will not |
| 9067 // actually trigger an online revocation check on some platforms. | 9067 // actually trigger an online revocation check on some platforms. |
| 9068 static CertStatus ExpectedCertStatusForFailedOnlineEVRevocationCheck() { | 9068 static CertStatus ExpectedCertStatusForFailedOnlineEVRevocationCheck() { |
| (...skipping 579 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 9648 } | 9648 } |
| 9649 | 9649 |
| 9650 SpawnedTestServer::SSLOptions ssl_options( | 9650 SpawnedTestServer::SSLOptions ssl_options( |
| 9651 SpawnedTestServer::SSLOptions::CERT_AUTO); | 9651 SpawnedTestServer::SSLOptions::CERT_AUTO); |
| 9652 ssl_options.ocsp_status = SpawnedTestServer::SSLOptions::OCSP_REVOKED; | 9652 ssl_options.ocsp_status = SpawnedTestServer::SSLOptions::OCSP_REVOKED; |
| 9653 SSLConfigService::SetCRLSet(scoped_refptr<CRLSet>()); | 9653 SSLConfigService::SetCRLSet(scoped_refptr<CRLSet>()); |
| 9654 | 9654 |
| 9655 CertStatus cert_status; | 9655 CertStatus cert_status; |
| 9656 DoConnection(ssl_options, &cert_status); | 9656 DoConnection(ssl_options, &cert_status); |
| 9657 | 9657 |
| 9658 // Currently only works for Windows. When using NSS or OS X, it's not | 9658 // Currently only works for Windows and OS X. When using NSS, it's not |
| 9659 // possible to determine whether the check failed because of actual | 9659 // possible to determine whether the check failed because of actual |
| 9660 // revocation or because there was an OCSP failure. | 9660 // revocation or because there was an OCSP failure. |
| 9661 #if defined(OS_WIN) | 9661 #if defined(OS_WIN) || defined(OS_MACOSX) |
| 9662 EXPECT_EQ(CERT_STATUS_REVOKED, cert_status & CERT_STATUS_ALL_ERRORS); | 9662 EXPECT_EQ(CERT_STATUS_REVOKED, cert_status & CERT_STATUS_ALL_ERRORS); |
| 9663 #else | 9663 #else |
| 9664 EXPECT_EQ(0u, cert_status & CERT_STATUS_ALL_ERRORS); | 9664 EXPECT_EQ(0u, cert_status & CERT_STATUS_ALL_ERRORS); |
| 9665 #endif | 9665 #endif |
| 9666 | 9666 |
| 9667 EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV); | 9667 EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV); |
| 9668 EXPECT_EQ(SystemUsesChromiumEVMetadata(), | 9668 EXPECT_EQ(SystemUsesChromiumEVMetadata(), |
| 9669 static_cast<bool>(cert_status & CERT_STATUS_REV_CHECKING_ENABLED)); | 9669 static_cast<bool>(cert_status & CERT_STATUS_REV_CHECKING_ENABLED)); |
| 9670 } | 9670 } |
| 9671 | 9671 |
| (...skipping 545 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 10217 AddTestInterceptor()->set_main_intercept_job(std::move(job)); | 10217 AddTestInterceptor()->set_main_intercept_job(std::move(job)); |
| 10218 | 10218 |
| 10219 req->Start(); | 10219 req->Start(); |
| 10220 req->Cancel(); | 10220 req->Cancel(); |
| 10221 base::RunLoop().RunUntilIdle(); | 10221 base::RunLoop().RunUntilIdle(); |
| 10222 EXPECT_EQ(ERR_ABORTED, d.request_status()); | 10222 EXPECT_EQ(ERR_ABORTED, d.request_status()); |
| 10223 EXPECT_EQ(0, d.received_redirect_count()); | 10223 EXPECT_EQ(0, d.received_redirect_count()); |
| 10224 } | 10224 } |
| 10225 | 10225 |
| 10226 } // namespace net | 10226 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2499083003:
Mac EV verification using Chrome methods rather than OS methods. (Closed)
