| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/cert_verify_proc.h" | 5 #include "net/cert/cert_verify_proc.h" |
| 6 | 6 |
| 7 #include <vector> | 7 #include <vector> |
| 8 | 8 |
| 9 #include "base/callback_helpers.h" | 9 #include "base/callback_helpers.h" |
| 10 #include "base/files/file_path.h" | 10 #include "base/files/file_path.h" |
| (...skipping 1758 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1769 "weak_digest_sha1_ee.pem", EXPECT_MD5 | EXPECT_SHA1 | EXPECT_SHA1_LEAF}, | 1769 "weak_digest_sha1_ee.pem", EXPECT_MD5 | EXPECT_SHA1 | EXPECT_SHA1_LEAF}, |
| 1770 #if defined(USE_OPENSSL_CERTS) || defined(OS_WIN) | 1770 #if defined(USE_OPENSSL_CERTS) || defined(OS_WIN) |
| 1771 // MD4 is not supported by OS X / NSS | 1771 // MD4 is not supported by OS X / NSS |
| 1772 {"weak_digest_sha1_root.pem", "weak_digest_md4_intermediate.pem", | 1772 {"weak_digest_sha1_root.pem", "weak_digest_md4_intermediate.pem", |
| 1773 "weak_digest_sha1_ee.pem", EXPECT_MD4 | EXPECT_SHA1 | EXPECT_SHA1_LEAF}, | 1773 "weak_digest_sha1_ee.pem", EXPECT_MD4 | EXPECT_SHA1 | EXPECT_SHA1_LEAF}, |
| 1774 #endif | 1774 #endif |
| 1775 {"weak_digest_sha1_root.pem", "weak_digest_md2_intermediate.pem", | 1775 {"weak_digest_sha1_root.pem", "weak_digest_md2_intermediate.pem", |
| 1776 "weak_digest_sha1_ee.pem", EXPECT_MD2 | EXPECT_SHA1 | EXPECT_SHA1_LEAF}, | 1776 "weak_digest_sha1_ee.pem", EXPECT_MD2 | EXPECT_SHA1 | EXPECT_SHA1_LEAF}, |
| 1777 }; | 1777 }; |
| 1778 // Disabled on NSS - MD4 is not supported, and MD2 and MD5 are disabled. | 1778 // Disabled on NSS - MD4 is not supported, and MD2 and MD5 are disabled. |
| 1779 #if defined(USE_NSS_CERTS) || defined(OS_IOS) | 1779 #if defined(USE_NSS_CERTS) |
| 1780 #define MAYBE_VerifyIntermediate DISABLED_VerifyIntermediate | 1780 #define MAYBE_VerifyIntermediate DISABLED_VerifyIntermediate |
| 1781 #else | 1781 #else |
| 1782 #define MAYBE_VerifyIntermediate VerifyIntermediate | 1782 #define MAYBE_VerifyIntermediate VerifyIntermediate |
| 1783 #endif | 1783 #endif |
| 1784 WRAPPED_INSTANTIATE_TEST_CASE_P( | 1784 WRAPPED_INSTANTIATE_TEST_CASE_P( |
| 1785 MAYBE_VerifyIntermediate, | 1785 MAYBE_VerifyIntermediate, |
| 1786 CertVerifyProcWeakDigestTest, | 1786 CertVerifyProcWeakDigestTest, |
| 1787 testing::ValuesIn(kVerifyIntermediateCATestData)); | 1787 testing::ValuesIn(kVerifyIntermediateCATestData)); |
| 1788 | 1788 |
| 1789 // The signature algorithm of end-entity should be properly detected. | 1789 // The signature algorithm of end-entity should be properly detected. |
| 1790 const WeakDigestTestData kVerifyEndEntityTestData[] = { | 1790 const WeakDigestTestData kVerifyEndEntityTestData[] = { |
| 1791 { "weak_digest_sha1_root.pem", "weak_digest_sha1_intermediate.pem", | 1791 { "weak_digest_sha1_root.pem", "weak_digest_sha1_intermediate.pem", |
| 1792 "weak_digest_md5_ee.pem", EXPECT_MD5 | EXPECT_SHA1 }, | 1792 "weak_digest_md5_ee.pem", EXPECT_MD5 | EXPECT_SHA1 }, |
| 1793 #if defined(USE_OPENSSL_CERTS) || defined(OS_WIN) | 1793 #if defined(USE_OPENSSL_CERTS) || defined(OS_WIN) |
| 1794 // MD4 is not supported by OS X / NSS | 1794 // MD4 is not supported by OS X / NSS |
| 1795 { "weak_digest_sha1_root.pem", "weak_digest_sha1_intermediate.pem", | 1795 { "weak_digest_sha1_root.pem", "weak_digest_sha1_intermediate.pem", |
| 1796 "weak_digest_md4_ee.pem", EXPECT_MD4 | EXPECT_SHA1 }, | 1796 "weak_digest_md4_ee.pem", EXPECT_MD4 | EXPECT_SHA1 }, |
| 1797 #endif | 1797 #endif |
| 1798 { "weak_digest_sha1_root.pem", "weak_digest_sha1_intermediate.pem", | 1798 { "weak_digest_sha1_root.pem", "weak_digest_sha1_intermediate.pem", |
| 1799 "weak_digest_md2_ee.pem", EXPECT_MD2 | EXPECT_SHA1 }, | 1799 "weak_digest_md2_ee.pem", EXPECT_MD2 | EXPECT_SHA1 }, |
| 1800 }; | 1800 }; |
| 1801 // Disabled on NSS - NSS caches chains/signatures in such a way that cannot | 1801 // Disabled on NSS - NSS caches chains/signatures in such a way that cannot |
| 1802 // be cleared until NSS is cleanly shutdown, which is not presently supported | 1802 // be cleared until NSS is cleanly shutdown, which is not presently supported |
| 1803 // in Chromium. | 1803 // in Chromium. |
| 1804 #if defined(USE_NSS_CERTS) || defined(OS_IOS) | 1804 #if defined(USE_NSS_CERTS) |
| 1805 #define MAYBE_VerifyEndEntity DISABLED_VerifyEndEntity | 1805 #define MAYBE_VerifyEndEntity DISABLED_VerifyEndEntity |
| 1806 #else | 1806 #else |
| 1807 #define MAYBE_VerifyEndEntity VerifyEndEntity | 1807 #define MAYBE_VerifyEndEntity VerifyEndEntity |
| 1808 #endif | 1808 #endif |
| 1809 WRAPPED_INSTANTIATE_TEST_CASE_P(MAYBE_VerifyEndEntity, | 1809 WRAPPED_INSTANTIATE_TEST_CASE_P(MAYBE_VerifyEndEntity, |
| 1810 CertVerifyProcWeakDigestTest, | 1810 CertVerifyProcWeakDigestTest, |
| 1811 testing::ValuesIn(kVerifyEndEntityTestData)); | 1811 testing::ValuesIn(kVerifyEndEntityTestData)); |
| 1812 | 1812 |
| 1813 // Incomplete chains should still report the status of the intermediate. | 1813 // Incomplete chains should still report the status of the intermediate. |
| 1814 const WeakDigestTestData kVerifyIncompleteIntermediateTestData[] = { | 1814 const WeakDigestTestData kVerifyIncompleteIntermediateTestData[] = { |
| 1815 {NULL, "weak_digest_md5_intermediate.pem", "weak_digest_sha1_ee.pem", | 1815 {NULL, "weak_digest_md5_intermediate.pem", "weak_digest_sha1_ee.pem", |
| 1816 EXPECT_MD5 | EXPECT_SHA1 | EXPECT_SHA1_LEAF}, | 1816 EXPECT_MD5 | EXPECT_SHA1 | EXPECT_SHA1_LEAF}, |
| 1817 #if defined(USE_OPENSSL_CERTS) || defined(OS_WIN) | 1817 #if defined(USE_OPENSSL_CERTS) || defined(OS_WIN) |
| 1818 // MD4 is not supported by OS X / NSS | 1818 // MD4 is not supported by OS X / NSS |
| 1819 {NULL, "weak_digest_md4_intermediate.pem", "weak_digest_sha1_ee.pem", | 1819 {NULL, "weak_digest_md4_intermediate.pem", "weak_digest_sha1_ee.pem", |
| 1820 EXPECT_MD4 | EXPECT_SHA1 | EXPECT_SHA1_LEAF}, | 1820 EXPECT_MD4 | EXPECT_SHA1 | EXPECT_SHA1_LEAF}, |
| 1821 #endif | 1821 #endif |
| 1822 {NULL, "weak_digest_md2_intermediate.pem", "weak_digest_sha1_ee.pem", | 1822 {NULL, "weak_digest_md2_intermediate.pem", "weak_digest_sha1_ee.pem", |
| 1823 EXPECT_MD2 | EXPECT_SHA1 | EXPECT_SHA1_LEAF}, | 1823 EXPECT_MD2 | EXPECT_SHA1 | EXPECT_SHA1_LEAF}, |
| 1824 }; | 1824 }; |
| 1825 // Disabled on NSS - libpkix does not return constructed chains on error, | 1825 // Disabled on NSS - libpkix does not return constructed chains on error, |
| 1826 // preventing us from detecting/inspecting the verified chain. | 1826 // preventing us from detecting/inspecting the verified chain. |
| 1827 #if defined(USE_NSS_CERTS) || defined(OS_IOS) | 1827 #if defined(USE_NSS_CERTS) |
| 1828 #define MAYBE_VerifyIncompleteIntermediate \ | 1828 #define MAYBE_VerifyIncompleteIntermediate \ |
| 1829 DISABLED_VerifyIncompleteIntermediate | 1829 DISABLED_VerifyIncompleteIntermediate |
| 1830 #else | 1830 #else |
| 1831 #define MAYBE_VerifyIncompleteIntermediate VerifyIncompleteIntermediate | 1831 #define MAYBE_VerifyIncompleteIntermediate VerifyIncompleteIntermediate |
| 1832 #endif | 1832 #endif |
| 1833 WRAPPED_INSTANTIATE_TEST_CASE_P( | 1833 WRAPPED_INSTANTIATE_TEST_CASE_P( |
| 1834 MAYBE_VerifyIncompleteIntermediate, | 1834 MAYBE_VerifyIncompleteIntermediate, |
| 1835 CertVerifyProcWeakDigestTest, | 1835 CertVerifyProcWeakDigestTest, |
| 1836 testing::ValuesIn(kVerifyIncompleteIntermediateTestData)); | 1836 testing::ValuesIn(kVerifyIncompleteIntermediateTestData)); |
| 1837 | 1837 |
| 1838 // Incomplete chains should still report the status of the end-entity. | 1838 // Incomplete chains should still report the status of the end-entity. |
| 1839 const WeakDigestTestData kVerifyIncompleteEETestData[] = { | 1839 const WeakDigestTestData kVerifyIncompleteEETestData[] = { |
| 1840 { NULL, "weak_digest_sha1_intermediate.pem", "weak_digest_md5_ee.pem", | 1840 { NULL, "weak_digest_sha1_intermediate.pem", "weak_digest_md5_ee.pem", |
| 1841 EXPECT_MD5 | EXPECT_SHA1 }, | 1841 EXPECT_MD5 | EXPECT_SHA1 }, |
| 1842 #if defined(USE_OPENSSL_CERTS) || defined(OS_WIN) | 1842 #if defined(USE_OPENSSL_CERTS) || defined(OS_WIN) |
| 1843 // MD4 is not supported by OS X / NSS | 1843 // MD4 is not supported by OS X / NSS |
| 1844 { NULL, "weak_digest_sha1_intermediate.pem", "weak_digest_md4_ee.pem", | 1844 { NULL, "weak_digest_sha1_intermediate.pem", "weak_digest_md4_ee.pem", |
| 1845 EXPECT_MD4 | EXPECT_SHA1 }, | 1845 EXPECT_MD4 | EXPECT_SHA1 }, |
| 1846 #endif | 1846 #endif |
| 1847 { NULL, "weak_digest_sha1_intermediate.pem", "weak_digest_md2_ee.pem", | 1847 { NULL, "weak_digest_sha1_intermediate.pem", "weak_digest_md2_ee.pem", |
| 1848 EXPECT_MD2 | EXPECT_SHA1 }, | 1848 EXPECT_MD2 | EXPECT_SHA1 }, |
| 1849 }; | 1849 }; |
| 1850 // Disabled on NSS - libpkix does not return constructed chains on error, | 1850 // Disabled on NSS - libpkix does not return constructed chains on error, |
| 1851 // preventing us from detecting/inspecting the verified chain. | 1851 // preventing us from detecting/inspecting the verified chain. |
| 1852 #if defined(USE_NSS_CERTS) || defined(OS_IOS) | 1852 #if defined(USE_NSS_CERTS) |
| 1853 #define MAYBE_VerifyIncompleteEndEntity DISABLED_VerifyIncompleteEndEntity | 1853 #define MAYBE_VerifyIncompleteEndEntity DISABLED_VerifyIncompleteEndEntity |
| 1854 #else | 1854 #else |
| 1855 #define MAYBE_VerifyIncompleteEndEntity VerifyIncompleteEndEntity | 1855 #define MAYBE_VerifyIncompleteEndEntity VerifyIncompleteEndEntity |
| 1856 #endif | 1856 #endif |
| 1857 WRAPPED_INSTANTIATE_TEST_CASE_P( | 1857 WRAPPED_INSTANTIATE_TEST_CASE_P( |
| 1858 MAYBE_VerifyIncompleteEndEntity, | 1858 MAYBE_VerifyIncompleteEndEntity, |
| 1859 CertVerifyProcWeakDigestTest, | 1859 CertVerifyProcWeakDigestTest, |
| 1860 testing::ValuesIn(kVerifyIncompleteEETestData)); | 1860 testing::ValuesIn(kVerifyIncompleteEETestData)); |
| 1861 | 1861 |
| 1862 // Differing algorithms between the intermediate and the EE should still be | 1862 // Differing algorithms between the intermediate and the EE should still be |
| 1863 // reported. | 1863 // reported. |
| 1864 const WeakDigestTestData kVerifyMixedTestData[] = { | 1864 const WeakDigestTestData kVerifyMixedTestData[] = { |
| 1865 { "weak_digest_sha1_root.pem", "weak_digest_md5_intermediate.pem", | 1865 { "weak_digest_sha1_root.pem", "weak_digest_md5_intermediate.pem", |
| 1866 "weak_digest_md2_ee.pem", EXPECT_MD2 | EXPECT_MD5 }, | 1866 "weak_digest_md2_ee.pem", EXPECT_MD2 | EXPECT_MD5 }, |
| 1867 { "weak_digest_sha1_root.pem", "weak_digest_md2_intermediate.pem", | 1867 { "weak_digest_sha1_root.pem", "weak_digest_md2_intermediate.pem", |
| 1868 "weak_digest_md5_ee.pem", EXPECT_MD2 | EXPECT_MD5 }, | 1868 "weak_digest_md5_ee.pem", EXPECT_MD2 | EXPECT_MD5 }, |
| 1869 #if defined(USE_OPENSSL_CERTS) || defined(OS_WIN) | 1869 #if defined(USE_OPENSSL_CERTS) || defined(OS_WIN) |
| 1870 // MD4 is not supported by OS X / NSS | 1870 // MD4 is not supported by OS X / NSS |
| 1871 { "weak_digest_sha1_root.pem", "weak_digest_md4_intermediate.pem", | 1871 { "weak_digest_sha1_root.pem", "weak_digest_md4_intermediate.pem", |
| 1872 "weak_digest_md2_ee.pem", EXPECT_MD2 | EXPECT_MD4 }, | 1872 "weak_digest_md2_ee.pem", EXPECT_MD2 | EXPECT_MD4 }, |
| 1873 #endif | 1873 #endif |
| 1874 }; | 1874 }; |
| 1875 // NSS does not support MD4 and does not enable MD2 by default, making all | 1875 // NSS does not support MD4 and does not enable MD2 by default, making all |
| 1876 // permutations invalid. | 1876 // permutations invalid. |
| 1877 #if defined(USE_NSS_CERTS) || defined(OS_IOS) | 1877 #if defined(USE_NSS_CERTS) |
| 1878 #define MAYBE_VerifyMixed DISABLED_VerifyMixed | 1878 #define MAYBE_VerifyMixed DISABLED_VerifyMixed |
| 1879 #else | 1879 #else |
| 1880 #define MAYBE_VerifyMixed VerifyMixed | 1880 #define MAYBE_VerifyMixed VerifyMixed |
| 1881 #endif | 1881 #endif |
| 1882 WRAPPED_INSTANTIATE_TEST_CASE_P( | 1882 WRAPPED_INSTANTIATE_TEST_CASE_P( |
| 1883 MAYBE_VerifyMixed, | 1883 MAYBE_VerifyMixed, |
| 1884 CertVerifyProcWeakDigestTest, | 1884 CertVerifyProcWeakDigestTest, |
| 1885 testing::ValuesIn(kVerifyMixedTestData)); | 1885 testing::ValuesIn(kVerifyMixedTestData)); |
| 1886 | 1886 |
| 1887 // For the list of valid hostnames, see | 1887 // For the list of valid hostnames, see |
| (...skipping 183 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2071 int flags = 0; | 2071 int flags = 0; |
| 2072 CertVerifyResult verify_result; | 2072 CertVerifyResult verify_result; |
| 2073 int error = Verify(cert.get(), "127.0.0.1", flags, NULL, empty_cert_list_, | 2073 int error = Verify(cert.get(), "127.0.0.1", flags, NULL, empty_cert_list_, |
| 2074 &verify_result); | 2074 &verify_result); |
| 2075 EXPECT_EQ(OK, error); | 2075 EXPECT_EQ(OK, error); |
| 2076 histograms.ExpectTotalCount(kTLSFeatureExtensionHistogram, 0); | 2076 histograms.ExpectTotalCount(kTLSFeatureExtensionHistogram, 0); |
| 2077 histograms.ExpectTotalCount(kTLSFeatureExtensionOCSPHistogram, 0); | 2077 histograms.ExpectTotalCount(kTLSFeatureExtensionOCSPHistogram, 0); |
| 2078 } | 2078 } |
| 2079 | 2079 |
| 2080 } // namespace net | 2080 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2560703002:
try enabling CertVerifyProcWeakDigestTest on iOS
