Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(623)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/cert_verify_proc_whitelist_unittest.cc

Issue 2613833002: Restrict the set of WoSign/StartCom certs to the Alexa Top 1M (Closed)
Patch Set: Restrict the set of WoSign/StartCom certs to the Alexa Top 1M Created 3 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« net/cert/cert_verify_proc_whitelist.cc ('K') | « net/cert/cert_verify_proc_whitelist.cc ('k') | net/cert/cert_verify_proc_whitelist_unittest1.gperf » ('j') | net/data/ssl/wosign/BUILD.gn » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2015 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/cert_verify_proc_whitelist.h" 5 #include "net/cert/cert_verify_proc_whitelist.h"
6 6
7 #include "base/memory/ref_counted.h" 7 #include "base/memory/ref_counted.h"
8 #include "net/cert/x509_certificate.h" 8 #include "net/cert/x509_certificate.h"
9 #include "net/test/cert_test_util.h" 9 #include "net/test/cert_test_util.h"
10 #include "net/test/test_data_directory.h" 10 #include "net/test/test_data_directory.h"
11 #include "testing/gtest/include/gtest/gtest.h" 11 #include "testing/gtest/include/gtest/gtest.h"
12 12
13 namespace net { 13 namespace net {
14 14
15 namespace { 15 namespace {
16 16
17 namespace test1 {
svaldez 2017/01/26 20:54:48 Slightly ugly of a namespace for test data, though
18 #include "net/cert/cert_verify_proc_whitelist_unittest1-inc.cc"
19 } // namespace test
20
17 TEST(CertVerifyProcWhitelistTest, HandlesWosignCerts) { 21 TEST(CertVerifyProcWhitelistTest, HandlesWosignCerts) {
22 // The domain must be in the whitelist from
23 // //net/data/ssl/wosign/wosign_domains.gperf
24 const char kWhitelistedDomain[] = "005.tv";
svaldez 2017/01/26 20:54:48 Add a sanity check for a nonwhitelisted domain fro
25
18 scoped_refptr<X509Certificate> cert = 26 scoped_refptr<X509Certificate> cert =
19 ImportCertFromFile(GetTestCertsDirectory(), "wosign_before_oct_21.pem"); 27 ImportCertFromFile(GetTestCertsDirectory(), "wosign_before_oct_21.pem");
20 ASSERT_TRUE(cert); 28 ASSERT_TRUE(cert);
21 29
22 HashValueVector public_key_hashes; 30 HashValueVector public_key_hashes;
23 public_key_hashes.emplace_back(SHA256HashValue{ 31 public_key_hashes.emplace_back(SHA256HashValue{
24 {0x15, 0x28, 0x39, 0x7d, 0xa2, 0x12, 0x89, 0x0a, 0x83, 0x0b, 0x0b, 32 {0x15, 0x28, 0x39, 0x7d, 0xa2, 0x12, 0x89, 0x0a, 0x83, 0x0b, 0x0b,
25 0x95, 0xa5, 0x99, 0x68, 0xce, 0xf2, 0x34, 0x77, 0x37, 0x79, 0xdf, 33 0x95, 0xa5, 0x99, 0x68, 0xce, 0xf2, 0x34, 0x77, 0x37, 0x79, 0xdf,
26 0x51, 0x81, 0xcf, 0x10, 0xfa, 0x64, 0x75, 0x34, 0xbb, 0x65}}); 34 0x51, 0x81, 0xcf, 0x10, 0xfa, 0x64, 0x75, 0x34, 0xbb, 0x65}});
27 35
28 EXPECT_FALSE(IsNonWhitelistedCertificate(*cert, public_key_hashes)); 36 EXPECT_FALSE(IsNonWhitelistedCertificate(*cert, public_key_hashes,
37 kWhitelistedDomain));
29 38
30 cert = ImportCertFromFile(GetTestCertsDirectory(), "wosign_after_oct_21.pem"); 39 cert = ImportCertFromFile(GetTestCertsDirectory(), "wosign_after_oct_21.pem");
31 ASSERT_TRUE(cert); 40 ASSERT_TRUE(cert);
32 41
33 EXPECT_TRUE(IsNonWhitelistedCertificate(*cert, public_key_hashes)); 42 EXPECT_TRUE(IsNonWhitelistedCertificate(*cert, public_key_hashes,
43 kWhitelistedDomain));
44 }
45
46 TEST(CertVerifyProcWhitelistTest, IsWhitelistedHost) {
47 const unsigned char* graph = test1::kDafsa;
48 size_t graph_size = arraysize(test1::kDafsa);
49
50 // Test malformed inputs.
51 EXPECT_FALSE(IsWhitelistedHost(graph, graph_size, ""));
52 EXPECT_FALSE(IsWhitelistedHost(graph, graph_size, "."));
53 EXPECT_FALSE(IsWhitelistedHost(graph, graph_size, ".."));
54
55 // Make sure that TLDs aren't accepted just because a subdomain is.
56 EXPECT_FALSE(IsWhitelistedHost(graph, graph_size, "com"));
57
58 // Test various forms of domain names that GURL will accept for entries in
59 // the graph.
60 EXPECT_TRUE(IsWhitelistedHost(graph, graph_size, "example.com"));
61 EXPECT_TRUE(IsWhitelistedHost(graph, graph_size, "subdomain.example.com"));
62 EXPECT_TRUE(IsWhitelistedHost(graph, graph_size, ".subdomain.example.com"));
63 EXPECT_TRUE(IsWhitelistedHost(graph, graph_size, "example.com."));
64 EXPECT_TRUE(IsWhitelistedHost(graph, graph_size, ".example.com."));
65 EXPECT_TRUE(IsWhitelistedHost(graph, graph_size, "www.example.bar.jp"));
66
svaldez 2017/01/26 20:54:48 Add tests for pre/postfix of whitelisted domains.
67 // Test various forms of domain names that GURL will accept for entries not
68 // in the graph.
69 EXPECT_FALSE(IsWhitelistedHost(graph, graph_size, "anotherexample.com"));
70 EXPECT_FALSE(IsWhitelistedHost(graph, graph_size, "domain.com"));
71 EXPECT_FALSE(IsWhitelistedHost(graph, graph_size, "example..com"));
72 EXPECT_FALSE(IsWhitelistedHost(graph, graph_size, "www.co.uk"));
73 EXPECT_FALSE(IsWhitelistedHost(graph, graph_size, "www..co.uk"));
34 } 74 }
35 75
36 } // namespace 76 } // namespace
37 77
38 } // namespace net 78 } // namespace net
OLDNEW
« net/cert/cert_verify_proc_whitelist.cc ('K') | « net/cert/cert_verify_proc_whitelist.cc ('k') | net/cert/cert_verify_proc_whitelist_unittest1.gperf » ('j') | net/data/ssl/wosign/BUILD.gn » ('J')

Powered by Google App Engine
This is Rietveld 408576698