Chromium Code Reviews Chromium Code Reviews
Issue 2556963002:
Enable CertVerifyProcWeakDigestTest tests on android (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/cert_verify_proc.h" | 5 #include "net/cert/cert_verify_proc.h" |
| 6 | 6 |
| 7 #include <vector> | 7 #include <vector> |
| 8 | 8 |
| 9 #include "base/callback_helpers.h" | 9 #include "base/callback_helpers.h" |
| 10 #include "base/files/file_path.h" | 10 #include "base/files/file_path.h" |
| (...skipping 1741 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1752 {"weak_digest_md5_root.pem", "weak_digest_sha1_intermediate.pem", | 1752 {"weak_digest_md5_root.pem", "weak_digest_sha1_intermediate.pem", |
| 1753 "weak_digest_sha1_ee.pem", EXPECT_SHA1 | EXPECT_SHA1_LEAF}, | 1753 "weak_digest_sha1_ee.pem", EXPECT_SHA1 | EXPECT_SHA1_LEAF}, |
| 1754 #if defined(USE_OPENSSL_CERTS) || defined(OS_WIN) | 1754 #if defined(USE_OPENSSL_CERTS) || defined(OS_WIN) |
| 1755 // MD4 is not supported by OS X / NSS | 1755 // MD4 is not supported by OS X / NSS |
| 1756 {"weak_digest_md4_root.pem", "weak_digest_sha1_intermediate.pem", | 1756 {"weak_digest_md4_root.pem", "weak_digest_sha1_intermediate.pem", |
| 1757 "weak_digest_sha1_ee.pem", EXPECT_SHA1 | EXPECT_SHA1_LEAF}, | 1757 "weak_digest_sha1_ee.pem", EXPECT_SHA1 | EXPECT_SHA1_LEAF}, |
| 1758 #endif | 1758 #endif |
| 1759 {"weak_digest_md2_root.pem", "weak_digest_sha1_intermediate.pem", | 1759 {"weak_digest_md2_root.pem", "weak_digest_sha1_intermediate.pem", |
| 1760 "weak_digest_sha1_ee.pem", EXPECT_SHA1 | EXPECT_SHA1_LEAF}, | 1760 "weak_digest_sha1_ee.pem", EXPECT_SHA1 | EXPECT_SHA1_LEAF}, |
| 1761 }; | 1761 }; |
| 1762 #if defined(OS_ANDROID) | 1762 INSTANTIATE_TEST_CASE_P(VerifyRoot, |
| 1763 #define MAYBE_VerifyRoot DISABLED_VerifyRoot | |
| 1764 #else | |
| 1765 #define MAYBE_VerifyRoot VerifyRoot | |
| 1766 #endif | |
| 1767 INSTANTIATE_TEST_CASE_P(MAYBE_VerifyRoot, | |
| 1768 CertVerifyProcWeakDigestTest, | 1763 CertVerifyProcWeakDigestTest, |
| 1769 testing::ValuesIn(kVerifyRootCATestData)); | 1764 testing::ValuesIn(kVerifyRootCATestData)); |
| 1770 | 1765 |
| 1771 // The signature algorithm of intermediates should be properly detected. | 1766 // The signature algorithm of intermediates should be properly detected. |
| 1772 const WeakDigestTestData kVerifyIntermediateCATestData[] = { | 1767 const WeakDigestTestData kVerifyIntermediateCATestData[] = { |
| 1773 {"weak_digest_sha1_root.pem", "weak_digest_md5_intermediate.pem", | 1768 {"weak_digest_sha1_root.pem", "weak_digest_md5_intermediate.pem", |
| 1774 "weak_digest_sha1_ee.pem", EXPECT_MD5 | EXPECT_SHA1 | EXPECT_SHA1_LEAF}, | 1769 "weak_digest_sha1_ee.pem", EXPECT_MD5 | EXPECT_SHA1 | EXPECT_SHA1_LEAF}, |
| 1775 #if defined(USE_OPENSSL_CERTS) || defined(OS_WIN) | 1770 #if defined(USE_OPENSSL_CERTS) || defined(OS_WIN) |
| 1776 // MD4 is not supported by OS X / NSS | 1771 // MD4 is not supported by OS X / NSS |
| 1777 {"weak_digest_sha1_root.pem", "weak_digest_md4_intermediate.pem", | 1772 {"weak_digest_sha1_root.pem", "weak_digest_md4_intermediate.pem", |
| 1778 "weak_digest_sha1_ee.pem", EXPECT_MD4 | EXPECT_SHA1 | EXPECT_SHA1_LEAF}, | 1773 "weak_digest_sha1_ee.pem", EXPECT_MD4 | EXPECT_SHA1 | EXPECT_SHA1_LEAF}, |
| 1779 #endif | 1774 #endif |
| 1780 {"weak_digest_sha1_root.pem", "weak_digest_md2_intermediate.pem", | 1775 {"weak_digest_sha1_root.pem", "weak_digest_md2_intermediate.pem", |
| 1781 "weak_digest_sha1_ee.pem", EXPECT_MD2 | EXPECT_SHA1 | EXPECT_SHA1_LEAF}, | 1776 "weak_digest_sha1_ee.pem", EXPECT_MD2 | EXPECT_SHA1 | EXPECT_SHA1_LEAF}, |
| 1782 }; | 1777 }; |
| 1783 // Disabled on NSS - MD4 is not supported, and MD2 and MD5 are disabled. | 1778 // Disabled on NSS - MD4 is not supported, and MD2 and MD5 are disabled. |
| 1784 #if defined(USE_NSS_CERTS) || defined(OS_IOS) || defined(OS_ANDROID) | 1779 #if defined(USE_NSS_CERTS) || defined(OS_IOS) |
|
davidben
2016/12/07 01:13:58
Probably for separate, but now that iOS doesn't us
mattm
2016/12/07 02:50:50
Thanks, I gave that a shot (https://codereview.chr
| |
| 1785 #define MAYBE_VerifyIntermediate DISABLED_VerifyIntermediate | 1780 #define MAYBE_VerifyIntermediate DISABLED_VerifyIntermediate |
| 1786 #else | 1781 #else |
| 1787 #define MAYBE_VerifyIntermediate VerifyIntermediate | 1782 #define MAYBE_VerifyIntermediate VerifyIntermediate |
| 1788 #endif | 1783 #endif |
| 1789 WRAPPED_INSTANTIATE_TEST_CASE_P( | 1784 WRAPPED_INSTANTIATE_TEST_CASE_P( |
| 1790 MAYBE_VerifyIntermediate, | 1785 MAYBE_VerifyIntermediate, |
| 1791 CertVerifyProcWeakDigestTest, | 1786 CertVerifyProcWeakDigestTest, |
| 1792 testing::ValuesIn(kVerifyIntermediateCATestData)); | 1787 testing::ValuesIn(kVerifyIntermediateCATestData)); |
| 1793 | 1788 |
| 1794 // The signature algorithm of end-entity should be properly detected. | 1789 // The signature algorithm of end-entity should be properly detected. |
| 1795 const WeakDigestTestData kVerifyEndEntityTestData[] = { | 1790 const WeakDigestTestData kVerifyEndEntityTestData[] = { |
| 1796 { "weak_digest_sha1_root.pem", "weak_digest_sha1_intermediate.pem", | 1791 { "weak_digest_sha1_root.pem", "weak_digest_sha1_intermediate.pem", |
| 1797 "weak_digest_md5_ee.pem", EXPECT_MD5 | EXPECT_SHA1 }, | 1792 "weak_digest_md5_ee.pem", EXPECT_MD5 | EXPECT_SHA1 }, |
| 1798 #if defined(USE_OPENSSL_CERTS) || defined(OS_WIN) | 1793 #if defined(USE_OPENSSL_CERTS) || defined(OS_WIN) |
| 1799 // MD4 is not supported by OS X / NSS | 1794 // MD4 is not supported by OS X / NSS |
| 1800 { "weak_digest_sha1_root.pem", "weak_digest_sha1_intermediate.pem", | 1795 { "weak_digest_sha1_root.pem", "weak_digest_sha1_intermediate.pem", |
| 1801 "weak_digest_md4_ee.pem", EXPECT_MD4 | EXPECT_SHA1 }, | 1796 "weak_digest_md4_ee.pem", EXPECT_MD4 | EXPECT_SHA1 }, |
| 1802 #endif | 1797 #endif |
| 1803 { "weak_digest_sha1_root.pem", "weak_digest_sha1_intermediate.pem", | 1798 { "weak_digest_sha1_root.pem", "weak_digest_sha1_intermediate.pem", |
| 1804 "weak_digest_md2_ee.pem", EXPECT_MD2 | EXPECT_SHA1 }, | 1799 "weak_digest_md2_ee.pem", EXPECT_MD2 | EXPECT_SHA1 }, |
| 1805 }; | 1800 }; |
| 1806 // Disabled on NSS - NSS caches chains/signatures in such a way that cannot | 1801 // Disabled on NSS - NSS caches chains/signatures in such a way that cannot |
| 1807 // be cleared until NSS is cleanly shutdown, which is not presently supported | 1802 // be cleared until NSS is cleanly shutdown, which is not presently supported |
| 1808 // in Chromium. | 1803 // in Chromium. |
| 1809 #if defined(USE_NSS_CERTS) || defined(OS_IOS) || defined(OS_ANDROID) | 1804 #if defined(USE_NSS_CERTS) || defined(OS_IOS) |
| 1810 #define MAYBE_VerifyEndEntity DISABLED_VerifyEndEntity | 1805 #define MAYBE_VerifyEndEntity DISABLED_VerifyEndEntity |
| 1811 #else | 1806 #else |
| 1812 #define MAYBE_VerifyEndEntity VerifyEndEntity | 1807 #define MAYBE_VerifyEndEntity VerifyEndEntity |
| 1813 #endif | 1808 #endif |
| 1814 WRAPPED_INSTANTIATE_TEST_CASE_P(MAYBE_VerifyEndEntity, | 1809 WRAPPED_INSTANTIATE_TEST_CASE_P(MAYBE_VerifyEndEntity, |
| 1815 CertVerifyProcWeakDigestTest, | 1810 CertVerifyProcWeakDigestTest, |
| 1816 testing::ValuesIn(kVerifyEndEntityTestData)); | 1811 testing::ValuesIn(kVerifyEndEntityTestData)); |
| 1817 | 1812 |
| 1818 // Incomplete chains should still report the status of the intermediate. | 1813 // Incomplete chains should still report the status of the intermediate. |
| 1819 const WeakDigestTestData kVerifyIncompleteIntermediateTestData[] = { | 1814 const WeakDigestTestData kVerifyIncompleteIntermediateTestData[] = { |
| 1820 {NULL, "weak_digest_md5_intermediate.pem", "weak_digest_sha1_ee.pem", | 1815 {NULL, "weak_digest_md5_intermediate.pem", "weak_digest_sha1_ee.pem", |
| 1821 EXPECT_MD5 | EXPECT_SHA1 | EXPECT_SHA1_LEAF}, | 1816 EXPECT_MD5 | EXPECT_SHA1 | EXPECT_SHA1_LEAF}, |
| 1822 #if defined(USE_OPENSSL_CERTS) || defined(OS_WIN) | 1817 #if defined(USE_OPENSSL_CERTS) || defined(OS_WIN) |
| 1823 // MD4 is not supported by OS X / NSS | 1818 // MD4 is not supported by OS X / NSS |
| 1824 {NULL, "weak_digest_md4_intermediate.pem", "weak_digest_sha1_ee.pem", | 1819 {NULL, "weak_digest_md4_intermediate.pem", "weak_digest_sha1_ee.pem", |
| 1825 EXPECT_MD4 | EXPECT_SHA1 | EXPECT_SHA1_LEAF}, | 1820 EXPECT_MD4 | EXPECT_SHA1 | EXPECT_SHA1_LEAF}, |
| 1826 #endif | 1821 #endif |
| 1827 {NULL, "weak_digest_md2_intermediate.pem", "weak_digest_sha1_ee.pem", | 1822 {NULL, "weak_digest_md2_intermediate.pem", "weak_digest_sha1_ee.pem", |
| 1828 EXPECT_MD2 | EXPECT_SHA1 | EXPECT_SHA1_LEAF}, | 1823 EXPECT_MD2 | EXPECT_SHA1 | EXPECT_SHA1_LEAF}, |
| 1829 }; | 1824 }; |
| 1830 // Disabled on NSS - libpkix does not return constructed chains on error, | 1825 // Disabled on NSS - libpkix does not return constructed chains on error, |
| 1831 // preventing us from detecting/inspecting the verified chain. | 1826 // preventing us from detecting/inspecting the verified chain. |
| 1832 #if defined(USE_NSS_CERTS) || defined(OS_IOS) || defined(OS_ANDROID) | 1827 #if defined(USE_NSS_CERTS) || defined(OS_IOS) |
| 1833 #define MAYBE_VerifyIncompleteIntermediate \ | 1828 #define MAYBE_VerifyIncompleteIntermediate \ |
| 1834 DISABLED_VerifyIncompleteIntermediate | 1829 DISABLED_VerifyIncompleteIntermediate |
| 1835 #else | 1830 #else |
| 1836 #define MAYBE_VerifyIncompleteIntermediate VerifyIncompleteIntermediate | 1831 #define MAYBE_VerifyIncompleteIntermediate VerifyIncompleteIntermediate |
| 1837 #endif | 1832 #endif |
| 1838 WRAPPED_INSTANTIATE_TEST_CASE_P( | 1833 WRAPPED_INSTANTIATE_TEST_CASE_P( |
| 1839 MAYBE_VerifyIncompleteIntermediate, | 1834 MAYBE_VerifyIncompleteIntermediate, |
| 1840 CertVerifyProcWeakDigestTest, | 1835 CertVerifyProcWeakDigestTest, |
| 1841 testing::ValuesIn(kVerifyIncompleteIntermediateTestData)); | 1836 testing::ValuesIn(kVerifyIncompleteIntermediateTestData)); |
| 1842 | 1837 |
| 1843 // Incomplete chains should still report the status of the end-entity. | 1838 // Incomplete chains should still report the status of the end-entity. |
| 1844 const WeakDigestTestData kVerifyIncompleteEETestData[] = { | 1839 const WeakDigestTestData kVerifyIncompleteEETestData[] = { |
| 1845 { NULL, "weak_digest_sha1_intermediate.pem", "weak_digest_md5_ee.pem", | 1840 { NULL, "weak_digest_sha1_intermediate.pem", "weak_digest_md5_ee.pem", |
| 1846 EXPECT_MD5 | EXPECT_SHA1 }, | 1841 EXPECT_MD5 | EXPECT_SHA1 }, |
| 1847 #if defined(USE_OPENSSL_CERTS) || defined(OS_WIN) | 1842 #if defined(USE_OPENSSL_CERTS) || defined(OS_WIN) |
| 1848 // MD4 is not supported by OS X / NSS | 1843 // MD4 is not supported by OS X / NSS |
| 1849 { NULL, "weak_digest_sha1_intermediate.pem", "weak_digest_md4_ee.pem", | 1844 { NULL, "weak_digest_sha1_intermediate.pem", "weak_digest_md4_ee.pem", |
| 1850 EXPECT_MD4 | EXPECT_SHA1 }, | 1845 EXPECT_MD4 | EXPECT_SHA1 }, |
| 1851 #endif | 1846 #endif |
| 1852 { NULL, "weak_digest_sha1_intermediate.pem", "weak_digest_md2_ee.pem", | 1847 { NULL, "weak_digest_sha1_intermediate.pem", "weak_digest_md2_ee.pem", |
| 1853 EXPECT_MD2 | EXPECT_SHA1 }, | 1848 EXPECT_MD2 | EXPECT_SHA1 }, |
| 1854 }; | 1849 }; |
| 1855 // Disabled on NSS - libpkix does not return constructed chains on error, | 1850 // Disabled on NSS - libpkix does not return constructed chains on error, |
| 1856 // preventing us from detecting/inspecting the verified chain. | 1851 // preventing us from detecting/inspecting the verified chain. |
| 1857 #if defined(USE_NSS_CERTS) || defined(OS_IOS) || defined(OS_ANDROID) | 1852 #if defined(USE_NSS_CERTS) || defined(OS_IOS) |
| 1858 #define MAYBE_VerifyIncompleteEndEntity DISABLED_VerifyIncompleteEndEntity | 1853 #define MAYBE_VerifyIncompleteEndEntity DISABLED_VerifyIncompleteEndEntity |
| 1859 #else | 1854 #else |
| 1860 #define MAYBE_VerifyIncompleteEndEntity VerifyIncompleteEndEntity | 1855 #define MAYBE_VerifyIncompleteEndEntity VerifyIncompleteEndEntity |
| 1861 #endif | 1856 #endif |
| 1862 WRAPPED_INSTANTIATE_TEST_CASE_P( | 1857 WRAPPED_INSTANTIATE_TEST_CASE_P( |
| 1863 MAYBE_VerifyIncompleteEndEntity, | 1858 MAYBE_VerifyIncompleteEndEntity, |
| 1864 CertVerifyProcWeakDigestTest, | 1859 CertVerifyProcWeakDigestTest, |
| 1865 testing::ValuesIn(kVerifyIncompleteEETestData)); | 1860 testing::ValuesIn(kVerifyIncompleteEETestData)); |
| 1866 | 1861 |
| 1867 // Differing algorithms between the intermediate and the EE should still be | 1862 // Differing algorithms between the intermediate and the EE should still be |
| 1868 // reported. | 1863 // reported. |
| 1869 const WeakDigestTestData kVerifyMixedTestData[] = { | 1864 const WeakDigestTestData kVerifyMixedTestData[] = { |
| 1870 { "weak_digest_sha1_root.pem", "weak_digest_md5_intermediate.pem", | 1865 { "weak_digest_sha1_root.pem", "weak_digest_md5_intermediate.pem", |
| 1871 "weak_digest_md2_ee.pem", EXPECT_MD2 | EXPECT_MD5 }, | 1866 "weak_digest_md2_ee.pem", EXPECT_MD2 | EXPECT_MD5 }, |
| 1872 { "weak_digest_sha1_root.pem", "weak_digest_md2_intermediate.pem", | 1867 { "weak_digest_sha1_root.pem", "weak_digest_md2_intermediate.pem", |
| 1873 "weak_digest_md5_ee.pem", EXPECT_MD2 | EXPECT_MD5 }, | 1868 "weak_digest_md5_ee.pem", EXPECT_MD2 | EXPECT_MD5 }, |
| 1874 #if defined(USE_OPENSSL_CERTS) || defined(OS_WIN) | 1869 #if defined(USE_OPENSSL_CERTS) || defined(OS_WIN) |
| 1875 // MD4 is not supported by OS X / NSS | 1870 // MD4 is not supported by OS X / NSS |
| 1876 { "weak_digest_sha1_root.pem", "weak_digest_md4_intermediate.pem", | 1871 { "weak_digest_sha1_root.pem", "weak_digest_md4_intermediate.pem", |
| 1877 "weak_digest_md2_ee.pem", EXPECT_MD2 | EXPECT_MD4 }, | 1872 "weak_digest_md2_ee.pem", EXPECT_MD2 | EXPECT_MD4 }, |
| 1878 #endif | 1873 #endif |
| 1879 }; | 1874 }; |
| 1880 // NSS does not support MD4 and does not enable MD2 by default, making all | 1875 // NSS does not support MD4 and does not enable MD2 by default, making all |
| 1881 // permutations invalid. | 1876 // permutations invalid. |
| 1882 #if defined(USE_NSS_CERTS) || defined(OS_IOS) || defined(OS_ANDROID) | 1877 #if defined(USE_NSS_CERTS) || defined(OS_IOS) |
| 1883 #define MAYBE_VerifyMixed DISABLED_VerifyMixed | 1878 #define MAYBE_VerifyMixed DISABLED_VerifyMixed |
| 1884 #else | 1879 #else |
| 1885 #define MAYBE_VerifyMixed VerifyMixed | 1880 #define MAYBE_VerifyMixed VerifyMixed |
| 1886 #endif | 1881 #endif |
| 1887 WRAPPED_INSTANTIATE_TEST_CASE_P( | 1882 WRAPPED_INSTANTIATE_TEST_CASE_P( |
| 1888 MAYBE_VerifyMixed, | 1883 MAYBE_VerifyMixed, |
| 1889 CertVerifyProcWeakDigestTest, | 1884 CertVerifyProcWeakDigestTest, |
| 1890 testing::ValuesIn(kVerifyMixedTestData)); | 1885 testing::ValuesIn(kVerifyMixedTestData)); |
| 1891 | 1886 |
| 1892 // For the list of valid hostnames, see | 1887 // For the list of valid hostnames, see |
| (...skipping 183 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 2076 int flags = 0; | 2071 int flags = 0; |
| 2077 CertVerifyResult verify_result; | 2072 CertVerifyResult verify_result; |
| 2078 int error = Verify(cert.get(), "127.0.0.1", flags, NULL, empty_cert_list_, | 2073 int error = Verify(cert.get(), "127.0.0.1", flags, NULL, empty_cert_list_, |
| 2079 &verify_result); | 2074 &verify_result); |
| 2080 EXPECT_EQ(OK, error); | 2075 EXPECT_EQ(OK, error); |
| 2081 histograms.ExpectTotalCount(kTLSFeatureExtensionHistogram, 0); | 2076 histograms.ExpectTotalCount(kTLSFeatureExtensionHistogram, 0); |
| 2082 histograms.ExpectTotalCount(kTLSFeatureExtensionOCSPHistogram, 0); | 2077 histograms.ExpectTotalCount(kTLSFeatureExtensionOCSPHistogram, 0); |
| 2083 } | 2078 } |
| 2084 | 2079 |
| 2085 } // namespace net | 2080 } // namespace net |
| OLD | NEW |
