OLD | NEW |
---|---|
1 // Copyright (c) 2015 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/cert_verify_proc_whitelist.h" | 5 #include "net/cert/cert_verify_proc_whitelist.h" |
6 | 6 |
7 #include "base/memory/ref_counted.h" | 7 #include "base/memory/ref_counted.h" |
8 #include "net/cert/x509_certificate.h" | 8 #include "net/cert/x509_certificate.h" |
9 #include "net/test/cert_test_util.h" | 9 #include "net/test/cert_test_util.h" |
10 #include "net/test/test_data_directory.h" | 10 #include "net/test/test_data_directory.h" |
11 #include "testing/gtest/include/gtest/gtest.h" | 11 #include "testing/gtest/include/gtest/gtest.h" |
12 | 12 |
13 namespace net { | 13 namespace net { |
14 | 14 |
15 namespace { | 15 namespace { |
16 | 16 |
17 namespace test1 { | |
svaldez
2017/01/26 20:54:48
Slightly ugly of a namespace for test data, though
| |
18 #include "net/cert/cert_verify_proc_whitelist_unittest1-inc.cc" | |
19 } // namespace test | |
20 | |
17 TEST(CertVerifyProcWhitelistTest, HandlesWosignCerts) { | 21 TEST(CertVerifyProcWhitelistTest, HandlesWosignCerts) { |
22 // The domain must be in the whitelist from | |
23 // //net/data/ssl/wosign/wosign_domains.gperf | |
24 const char kWhitelistedDomain[] = "005.tv"; | |
svaldez
2017/01/26 20:54:48
Add a sanity check for a nonwhitelisted domain fro
| |
25 | |
18 scoped_refptr<X509Certificate> cert = | 26 scoped_refptr<X509Certificate> cert = |
19 ImportCertFromFile(GetTestCertsDirectory(), "wosign_before_oct_21.pem"); | 27 ImportCertFromFile(GetTestCertsDirectory(), "wosign_before_oct_21.pem"); |
20 ASSERT_TRUE(cert); | 28 ASSERT_TRUE(cert); |
21 | 29 |
22 HashValueVector public_key_hashes; | 30 HashValueVector public_key_hashes; |
23 public_key_hashes.emplace_back(SHA256HashValue{ | 31 public_key_hashes.emplace_back(SHA256HashValue{ |
24 {0x15, 0x28, 0x39, 0x7d, 0xa2, 0x12, 0x89, 0x0a, 0x83, 0x0b, 0x0b, | 32 {0x15, 0x28, 0x39, 0x7d, 0xa2, 0x12, 0x89, 0x0a, 0x83, 0x0b, 0x0b, |
25 0x95, 0xa5, 0x99, 0x68, 0xce, 0xf2, 0x34, 0x77, 0x37, 0x79, 0xdf, | 33 0x95, 0xa5, 0x99, 0x68, 0xce, 0xf2, 0x34, 0x77, 0x37, 0x79, 0xdf, |
26 0x51, 0x81, 0xcf, 0x10, 0xfa, 0x64, 0x75, 0x34, 0xbb, 0x65}}); | 34 0x51, 0x81, 0xcf, 0x10, 0xfa, 0x64, 0x75, 0x34, 0xbb, 0x65}}); |
27 | 35 |
28 EXPECT_FALSE(IsNonWhitelistedCertificate(*cert, public_key_hashes)); | 36 EXPECT_FALSE(IsNonWhitelistedCertificate(*cert, public_key_hashes, |
37 kWhitelistedDomain)); | |
29 | 38 |
30 cert = ImportCertFromFile(GetTestCertsDirectory(), "wosign_after_oct_21.pem"); | 39 cert = ImportCertFromFile(GetTestCertsDirectory(), "wosign_after_oct_21.pem"); |
31 ASSERT_TRUE(cert); | 40 ASSERT_TRUE(cert); |
32 | 41 |
33 EXPECT_TRUE(IsNonWhitelistedCertificate(*cert, public_key_hashes)); | 42 EXPECT_TRUE(IsNonWhitelistedCertificate(*cert, public_key_hashes, |
43 kWhitelistedDomain)); | |
44 } | |
45 | |
46 TEST(CertVerifyProcWhitelistTest, IsWhitelistedHost) { | |
47 const unsigned char* graph = test1::kDafsa; | |
48 size_t graph_size = arraysize(test1::kDafsa); | |
49 | |
50 // Test malformed inputs. | |
51 EXPECT_FALSE(IsWhitelistedHost(graph, graph_size, "")); | |
52 EXPECT_FALSE(IsWhitelistedHost(graph, graph_size, ".")); | |
53 EXPECT_FALSE(IsWhitelistedHost(graph, graph_size, "..")); | |
54 | |
55 // Make sure that TLDs aren't accepted just because a subdomain is. | |
56 EXPECT_FALSE(IsWhitelistedHost(graph, graph_size, "com")); | |
57 | |
58 // Test various forms of domain names that GURL will accept for entries in | |
59 // the graph. | |
60 EXPECT_TRUE(IsWhitelistedHost(graph, graph_size, "example.com")); | |
61 EXPECT_TRUE(IsWhitelistedHost(graph, graph_size, "subdomain.example.com")); | |
62 EXPECT_TRUE(IsWhitelistedHost(graph, graph_size, ".subdomain.example.com")); | |
63 EXPECT_TRUE(IsWhitelistedHost(graph, graph_size, "example.com.")); | |
64 EXPECT_TRUE(IsWhitelistedHost(graph, graph_size, ".example.com.")); | |
65 EXPECT_TRUE(IsWhitelistedHost(graph, graph_size, "www.example.bar.jp")); | |
66 | |
svaldez
2017/01/26 20:54:48
Add tests for pre/postfix of whitelisted domains.
| |
67 // Test various forms of domain names that GURL will accept for entries not | |
68 // in the graph. | |
69 EXPECT_FALSE(IsWhitelistedHost(graph, graph_size, "anotherexample.com")); | |
70 EXPECT_FALSE(IsWhitelistedHost(graph, graph_size, "domain.com")); | |
71 EXPECT_FALSE(IsWhitelistedHost(graph, graph_size, "example..com")); | |
72 EXPECT_FALSE(IsWhitelistedHost(graph, graph_size, "www.co.uk")); | |
73 EXPECT_FALSE(IsWhitelistedHost(graph, graph_size, "www..co.uk")); | |
34 } | 74 } |
35 | 75 |
36 } // namespace | 76 } // namespace |
37 | 77 |
38 } // namespace net | 78 } // namespace net |
OLD | NEW |