| Index: net/cert/cert_verify_proc_unittest.cc
|
| diff --git a/net/cert/cert_verify_proc_unittest.cc b/net/cert/cert_verify_proc_unittest.cc
|
| index 8f5156bc8631eafacd1f33ef9c2a1138ec672e44..02a00d1e22f320d59cb28291a63025758ac46803 100644
|
| --- a/net/cert/cert_verify_proc_unittest.cc
|
| +++ b/net/cert/cert_verify_proc_unittest.cc
|
| @@ -42,9 +42,8 @@ namespace {
|
| // A certificate for www.paypal.com with a NULL byte in the common name.
|
| // From http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70363
|
| unsigned char paypal_null_fingerprint[] = {
|
| - 0x4c, 0x88, 0x9e, 0x28, 0xd7, 0x7a, 0x44, 0x1e, 0x13, 0xf2, 0x6a, 0xba,
|
| - 0x1f, 0xe8, 0x1b, 0xd6, 0xab, 0x7b, 0xe8, 0xd7
|
| -};
|
| + 0x4c, 0x88, 0x9e, 0x28, 0xd7, 0x7a, 0x44, 0x1e, 0x13, 0xf2,
|
| + 0x6a, 0xba, 0x1f, 0xe8, 0x1b, 0xd6, 0xab, 0x7b, 0xe8, 0xd7};
|
|
|
| // Mock CertVerifyProc that will set |verify_result->is_issued_by_known_root|
|
| // for all certificates that are Verified.
|
| @@ -107,9 +106,7 @@ bool SupportsDetectingKnownRoots() {
|
|
|
| class CertVerifyProcTest : public testing::Test {
|
| public:
|
| - CertVerifyProcTest()
|
| - : verify_proc_(CertVerifyProc::CreateDefault()) {
|
| - }
|
| + CertVerifyProcTest() : verify_proc_(CertVerifyProc::CreateDefault()) {}
|
| virtual ~CertVerifyProcTest() {}
|
|
|
| protected:
|
| @@ -123,8 +120,12 @@ class CertVerifyProcTest : public testing::Test {
|
| CRLSet* crl_set,
|
| const CertificateList& additional_trust_anchors,
|
| CertVerifyResult* verify_result) {
|
| - return verify_proc_->Verify(cert, hostname, flags, crl_set,
|
| - additional_trust_anchors, verify_result);
|
| + return verify_proc_->Verify(cert,
|
| + hostname,
|
| + flags,
|
| + crl_set,
|
| + additional_trust_anchors,
|
| + verify_result);
|
| }
|
|
|
| const CertificateList empty_cert_list_;
|
| @@ -133,10 +134,10 @@ class CertVerifyProcTest : public testing::Test {
|
|
|
| TEST_F(CertVerifyProcTest, DISABLED_WithoutRevocationChecking) {
|
| // Check that verification without revocation checking works.
|
| - CertificateList certs = CreateCertificateListFromFile(
|
| - GetTestCertsDirectory(),
|
| - "googlenew.chain.pem",
|
| - X509Certificate::FORMAT_PEM_CERT_SEQUENCE);
|
| + CertificateList certs =
|
| + CreateCertificateListFromFile(GetTestCertsDirectory(),
|
| + "googlenew.chain.pem",
|
| + X509Certificate::FORMAT_PEM_CERT_SEQUENCE);
|
|
|
| X509Certificate::OSCertHandles intermediates;
|
| intermediates.push_back(certs[1]->os_cert_handle());
|
| @@ -162,10 +163,10 @@ TEST_F(CertVerifyProcTest, DISABLED_WithoutRevocationChecking) {
|
| #define MAYBE_EVVerification EVVerification
|
| #endif
|
| TEST_F(CertVerifyProcTest, MAYBE_EVVerification) {
|
| - CertificateList certs = CreateCertificateListFromFile(
|
| - GetTestCertsDirectory(),
|
| - "comodo.chain.pem",
|
| - X509Certificate::FORMAT_PEM_CERT_SEQUENCE);
|
| + CertificateList certs =
|
| + CreateCertificateListFromFile(GetTestCertsDirectory(),
|
| + "comodo.chain.pem",
|
| + X509Certificate::FORMAT_PEM_CERT_SEQUENCE);
|
| ASSERT_EQ(3U, certs.size());
|
|
|
| X509Certificate::OSCertHandles intermediates;
|
| @@ -197,8 +198,7 @@ TEST_F(CertVerifyProcTest, PaypalNullCertParsing) {
|
|
|
| ASSERT_NE(static_cast<X509Certificate*>(NULL), paypal_null_cert);
|
|
|
| - const SHA1HashValue& fingerprint =
|
| - paypal_null_cert->fingerprint();
|
| + const SHA1HashValue& fingerprint = paypal_null_cert->fingerprint();
|
| for (size_t i = 0; i < 20; ++i)
|
| EXPECT_EQ(paypal_null_fingerprint[i], fingerprint.data[i]);
|
|
|
| @@ -217,9 +217,9 @@ TEST_F(CertVerifyProcTest, PaypalNullCertParsing) {
|
| // ERR_CERT_INVALID or ERR_CERT_COMMON_NAME_INVALID.
|
| EXPECT_EQ(ERR_CERT_AUTHORITY_INVALID, error);
|
| #endif
|
| - // Either the system crypto library should correctly report a certificate
|
| - // name mismatch, or our certificate blacklist should cause us to report an
|
| - // invalid certificate.
|
| +// Either the system crypto library should correctly report a certificate
|
| +// name mismatch, or our certificate blacklist should cause us to report an
|
| +// invalid certificate.
|
| #if defined(USE_NSS) || defined(OS_WIN) || defined(OS_IOS)
|
| EXPECT_TRUE(verify_result.cert_status &
|
| (CERT_STATUS_COMMON_NAME_INVALID | CERT_STATUS_INVALID));
|
| @@ -231,25 +231,23 @@ TEST_F(CertVerifyProcTest, PaypalNullCertParsing) {
|
| // Disabled on Android, as the Android verification libraries require an
|
| // explicit policy to be specified, even when anyPolicy is permitted.
|
| #define MAYBE_IntermediateCARequireExplicitPolicy \
|
| - DISABLED_IntermediateCARequireExplicitPolicy
|
| + DISABLED_IntermediateCARequireExplicitPolicy
|
| #else
|
| #define MAYBE_IntermediateCARequireExplicitPolicy \
|
| - IntermediateCARequireExplicitPolicy
|
| + IntermediateCARequireExplicitPolicy
|
| #endif
|
| TEST_F(CertVerifyProcTest, MAYBE_IntermediateCARequireExplicitPolicy) {
|
| base::FilePath certs_dir = GetTestCertsDirectory();
|
|
|
| CertificateList certs = CreateCertificateListFromFile(
|
| - certs_dir, "explicit-policy-chain.pem",
|
| - X509Certificate::FORMAT_AUTO);
|
| + certs_dir, "explicit-policy-chain.pem", X509Certificate::FORMAT_AUTO);
|
| ASSERT_EQ(3U, certs.size());
|
|
|
| X509Certificate::OSCertHandles intermediates;
|
| intermediates.push_back(certs[1]->os_cert_handle());
|
|
|
| - scoped_refptr<X509Certificate> cert =
|
| - X509Certificate::CreateFromHandle(certs[0]->os_cert_handle(),
|
| - intermediates);
|
| + scoped_refptr<X509Certificate> cert = X509Certificate::CreateFromHandle(
|
| + certs[0]->os_cert_handle(), intermediates);
|
| ASSERT_TRUE(cert.get());
|
|
|
| ScopedTestRoot scoped_root(certs[2].get());
|
| @@ -288,13 +286,12 @@ TEST_F(CertVerifyProcTest, DISABLED_GlobalSignR3EVTest) {
|
|
|
| X509Certificate::OSCertHandles intermediates;
|
| intermediates.push_back(intermediate_cert->os_cert_handle());
|
| - scoped_refptr<X509Certificate> cert_chain =
|
| - X509Certificate::CreateFromHandle(server_cert->os_cert_handle(),
|
| - intermediates);
|
| + scoped_refptr<X509Certificate> cert_chain = X509Certificate::CreateFromHandle(
|
| + server_cert->os_cert_handle(), intermediates);
|
|
|
| CertVerifyResult verify_result;
|
| - int flags = CertVerifier::VERIFY_REV_CHECKING_ENABLED |
|
| - CertVerifier::VERIFY_EV_CERT;
|
| + int flags =
|
| + CertVerifier::VERIFY_REV_CHECKING_ENABLED | CertVerifier::VERIFY_EV_CERT;
|
| int error = Verify(cert_chain.get(),
|
| "2029.globalsign.com",
|
| flags,
|
| @@ -312,9 +309,8 @@ TEST_F(CertVerifyProcTest, DISABLED_GlobalSignR3EVTest) {
|
| TEST_F(CertVerifyProcTest, ECDSA_RSA) {
|
| base::FilePath certs_dir = GetTestCertsDirectory();
|
|
|
| - scoped_refptr<X509Certificate> cert =
|
| - ImportCertFromFile(certs_dir,
|
| - "prime256v1-ecdsa-ee-by-1024-rsa-intermediate.pem");
|
| + scoped_refptr<X509Certificate> cert = ImportCertFromFile(
|
| + certs_dir, "prime256v1-ecdsa-ee-by-1024-rsa-intermediate.pem");
|
|
|
| CertVerifyResult verify_result;
|
| Verify(cert.get(), "127.0.0.1", 0, NULL, empty_cert_list_, &verify_result);
|
| @@ -369,11 +365,13 @@ TEST_F(CertVerifyProcTest, RejectWeakKeys) {
|
|
|
| // Now test each chain.
|
| for (Strings::const_iterator ee_type = key_types.begin();
|
| - ee_type != key_types.end(); ++ee_type) {
|
| + ee_type != key_types.end();
|
| + ++ee_type) {
|
| for (Strings::const_iterator signer_type = key_types.begin();
|
| - signer_type != key_types.end(); ++signer_type) {
|
| - std::string basename = *ee_type + "-ee-by-" + *signer_type +
|
| - "-intermediate.pem";
|
| + signer_type != key_types.end();
|
| + ++signer_type) {
|
| + std::string basename =
|
| + *ee_type + "-ee-by-" + *signer_type + "-intermediate.pem";
|
| SCOPED_TRACE(basename);
|
| scoped_refptr<X509Certificate> ee_cert =
|
| ImportCertFromFile(certs_dir, basename);
|
| @@ -445,9 +443,8 @@ TEST_F(CertVerifyProcTest, MAYBE_ExtraneousMD5RootCert) {
|
|
|
| X509Certificate::OSCertHandles intermediates;
|
| intermediates.push_back(extra_cert->os_cert_handle());
|
| - scoped_refptr<X509Certificate> cert_chain =
|
| - X509Certificate::CreateFromHandle(server_cert->os_cert_handle(),
|
| - intermediates);
|
| + scoped_refptr<X509Certificate> cert_chain = X509Certificate::CreateFromHandle(
|
| + server_cert->os_cert_handle(), intermediates);
|
|
|
| CertVerifyResult verify_result;
|
| int flags = 0;
|
| @@ -464,8 +461,8 @@ TEST_F(CertVerifyProcTest, MAYBE_ExtraneousMD5RootCert) {
|
| ASSERT_EQ(1u,
|
| verify_result.verified_cert->GetIntermediateCertificates().size());
|
| EXPECT_TRUE(X509Certificate::IsSameOSCert(
|
| - verify_result.verified_cert->GetIntermediateCertificates().front(),
|
| - root_cert->os_cert_handle()));
|
| + verify_result.verified_cert->GetIntermediateCertificates().front(),
|
| + root_cert->os_cert_handle()));
|
|
|
| EXPECT_FALSE(verify_result.has_md5);
|
| }
|
| @@ -484,9 +481,8 @@ TEST_F(CertVerifyProcTest, GoogleDigiNotarTest) {
|
|
|
| X509Certificate::OSCertHandles intermediates;
|
| intermediates.push_back(intermediate_cert->os_cert_handle());
|
| - scoped_refptr<X509Certificate> cert_chain =
|
| - X509Certificate::CreateFromHandle(server_cert->os_cert_handle(),
|
| - intermediates);
|
| + scoped_refptr<X509Certificate> cert_chain = X509Certificate::CreateFromHandle(
|
| + server_cert->os_cert_handle(), intermediates);
|
|
|
| CertVerifyResult verify_result;
|
| int flags = CertVerifier::VERIFY_REV_CHECKING_ENABLED;
|
| @@ -512,12 +508,9 @@ TEST_F(CertVerifyProcTest, GoogleDigiNotarTest) {
|
|
|
| TEST_F(CertVerifyProcTest, DigiNotarCerts) {
|
| static const char* const kDigiNotarFilenames[] = {
|
| - "diginotar_root_ca.pem",
|
| - "diginotar_cyber_ca.pem",
|
| - "diginotar_services_1024_ca.pem",
|
| - "diginotar_pkioverheid.pem",
|
| - "diginotar_pkioverheid_g2.pem",
|
| - NULL,
|
| + "diginotar_root_ca.pem", "diginotar_cyber_ca.pem",
|
| + "diginotar_services_1024_ca.pem", "diginotar_pkioverheid.pem",
|
| + "diginotar_pkioverheid_g2.pem", NULL,
|
| };
|
|
|
| base::FilePath certs_dir = GetTestCertsDirectory();
|
| @@ -526,8 +519,8 @@ TEST_F(CertVerifyProcTest, DigiNotarCerts) {
|
| scoped_refptr<X509Certificate> diginotar_cert =
|
| ImportCertFromFile(certs_dir, kDigiNotarFilenames[i]);
|
| std::string der_bytes;
|
| - ASSERT_TRUE(X509Certificate::GetDEREncoded(
|
| - diginotar_cert->os_cert_handle(), &der_bytes));
|
| + ASSERT_TRUE(X509Certificate::GetDEREncoded(diginotar_cert->os_cert_handle(),
|
| + &der_bytes));
|
|
|
| base::StringPiece spki;
|
| ASSERT_TRUE(asn1::ExtractSPKIFromDERCert(der_bytes, &spki));
|
| @@ -540,8 +533,8 @@ TEST_F(CertVerifyProcTest, DigiNotarCerts) {
|
| memcpy(hash.data(), spki_sha1.data(), spki_sha1.size());
|
| public_keys.push_back(hash);
|
|
|
| - EXPECT_TRUE(CertVerifyProc::IsPublicKeyBlacklisted(public_keys)) <<
|
| - "Public key not blocked for " << kDigiNotarFilenames[i];
|
| + EXPECT_TRUE(CertVerifyProc::IsPublicKeyBlacklisted(public_keys))
|
| + << "Public key not blocked for " << kDigiNotarFilenames[i];
|
| }
|
| }
|
|
|
| @@ -553,15 +546,15 @@ TEST_F(CertVerifyProcTest, NameConstraintsOk) {
|
| ASSERT_EQ(1U, ca_cert_list.size());
|
| ScopedTestRoot test_root(ca_cert_list[0]);
|
|
|
| - CertificateList cert_list = CreateCertificateListFromFile(
|
| - GetTestCertsDirectory(), "name_constraint_ok.crt",
|
| - X509Certificate::FORMAT_AUTO);
|
| + CertificateList cert_list =
|
| + CreateCertificateListFromFile(GetTestCertsDirectory(),
|
| + "name_constraint_ok.crt",
|
| + X509Certificate::FORMAT_AUTO);
|
| ASSERT_EQ(1U, cert_list.size());
|
|
|
| X509Certificate::OSCertHandles intermediates;
|
| - scoped_refptr<X509Certificate> leaf =
|
| - X509Certificate::CreateFromHandle(cert_list[0]->os_cert_handle(),
|
| - intermediates);
|
| + scoped_refptr<X509Certificate> leaf = X509Certificate::CreateFromHandle(
|
| + cert_list[0]->os_cert_handle(), intermediates);
|
|
|
| int flags = 0;
|
| CertVerifyResult verify_result;
|
| @@ -588,15 +581,15 @@ TEST_F(CertVerifyProcTest, NameConstraintsFailure) {
|
| ASSERT_EQ(1U, ca_cert_list.size());
|
| ScopedTestRoot test_root(ca_cert_list[0]);
|
|
|
| - CertificateList cert_list = CreateCertificateListFromFile(
|
| - GetTestCertsDirectory(), "name_constraint_bad.crt",
|
| - X509Certificate::FORMAT_AUTO);
|
| + CertificateList cert_list =
|
| + CreateCertificateListFromFile(GetTestCertsDirectory(),
|
| + "name_constraint_bad.crt",
|
| + X509Certificate::FORMAT_AUTO);
|
| ASSERT_EQ(1U, cert_list.size());
|
|
|
| X509Certificate::OSCertHandles intermediates;
|
| - scoped_refptr<X509Certificate> leaf =
|
| - X509Certificate::CreateFromHandle(cert_list[0]->os_cert_handle(),
|
| - intermediates);
|
| + scoped_refptr<X509Certificate> leaf = X509Certificate::CreateFromHandle(
|
| + cert_list[0]->os_cert_handle(), intermediates);
|
|
|
| int flags = 0;
|
| CertVerifyResult verify_result;
|
| @@ -625,9 +618,8 @@ TEST_F(CertVerifyProcTest, TestKnownRoot) {
|
| X509Certificate::OSCertHandles intermediates;
|
| intermediates.push_back(certs[1]->os_cert_handle());
|
|
|
| - scoped_refptr<X509Certificate> cert_chain =
|
| - X509Certificate::CreateFromHandle(certs[0]->os_cert_handle(),
|
| - intermediates);
|
| + scoped_refptr<X509Certificate> cert_chain = X509Certificate::CreateFromHandle(
|
| + certs[0]->os_cert_handle(), intermediates);
|
|
|
| int flags = 0;
|
| CertVerifyResult verify_result;
|
| @@ -659,9 +651,8 @@ TEST_F(CertVerifyProcTest, PublicKeyHashes) {
|
| X509Certificate::OSCertHandles intermediates;
|
| intermediates.push_back(certs[1]->os_cert_handle());
|
|
|
| - scoped_refptr<X509Certificate> cert_chain =
|
| - X509Certificate::CreateFromHandle(certs[0]->os_cert_handle(),
|
| - intermediates);
|
| + scoped_refptr<X509Certificate> cert_chain = X509Certificate::CreateFromHandle(
|
| + certs[0]->os_cert_handle(), intermediates);
|
| int flags = 0;
|
| CertVerifyResult verify_result;
|
|
|
| @@ -731,8 +722,8 @@ TEST_F(CertVerifyProcTest, InvalidKeyUsage) {
|
| EXPECT_EQ(ERR_CERT_INVALID, error);
|
| EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_INVALID);
|
| #endif
|
| - // TODO(wtc): fix http://crbug.com/75520 to get all the certificate errors
|
| - // from NSS.
|
| +// TODO(wtc): fix http://crbug.com/75520 to get all the certificate errors
|
| +// from NSS.
|
| #if !defined(USE_NSS) && !defined(OS_IOS) && !defined(OS_ANDROID)
|
| // The certificate is issued by an unknown CA.
|
| EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_AUTHORITY_INVALID);
|
| @@ -753,8 +744,7 @@ TEST_F(CertVerifyProcTest, VerifyReturnChainBasic) {
|
|
|
| base::FilePath certs_dir = GetTestCertsDirectory();
|
| CertificateList certs = CreateCertificateListFromFile(
|
| - certs_dir, "x509_verify_results.chain.pem",
|
| - X509Certificate::FORMAT_AUTO);
|
| + certs_dir, "x509_verify_results.chain.pem", X509Certificate::FORMAT_AUTO);
|
| ASSERT_EQ(3U, certs.size());
|
|
|
| X509Certificate::OSCertHandles intermediates;
|
| @@ -804,8 +794,7 @@ TEST_F(CertVerifyProcTest, IntranetHostsRejected) {
|
| }
|
|
|
| CertificateList cert_list = CreateCertificateListFromFile(
|
| - GetTestCertsDirectory(), "ok_cert.pem",
|
| - X509Certificate::FORMAT_AUTO);
|
| + GetTestCertsDirectory(), "ok_cert.pem", X509Certificate::FORMAT_AUTO);
|
| ASSERT_EQ(1U, cert_list.size());
|
| scoped_refptr<X509Certificate> cert(cert_list[0]);
|
|
|
| @@ -840,8 +829,7 @@ TEST_F(CertVerifyProcTest, VerifyReturnChainProperlyOrdered) {
|
|
|
| base::FilePath certs_dir = GetTestCertsDirectory();
|
| CertificateList certs = CreateCertificateListFromFile(
|
| - certs_dir, "x509_verify_results.chain.pem",
|
| - X509Certificate::FORMAT_AUTO);
|
| + certs_dir, "x509_verify_results.chain.pem", X509Certificate::FORMAT_AUTO);
|
| ASSERT_EQ(3U, certs.size());
|
|
|
| // Construct the chain out of order.
|
| @@ -891,8 +879,7 @@ TEST_F(CertVerifyProcTest, VerifyReturnChainFiltersUnrelatedCerts) {
|
|
|
| base::FilePath certs_dir = GetTestCertsDirectory();
|
| CertificateList certs = CreateCertificateListFromFile(
|
| - certs_dir, "x509_verify_results.chain.pem",
|
| - X509Certificate::FORMAT_AUTO);
|
| + certs_dir, "x509_verify_results.chain.pem", X509Certificate::FORMAT_AUTO);
|
| ASSERT_EQ(3U, certs.size());
|
| ScopedTestRoot scoped_root(certs[2].get());
|
|
|
| @@ -947,15 +934,15 @@ TEST_F(CertVerifyProcTest, AdditionalTrustAnchors) {
|
| }
|
|
|
| // |ca_cert| is the issuer of |cert|.
|
| - CertificateList ca_cert_list = CreateCertificateListFromFile(
|
| - GetTestCertsDirectory(), "root_ca_cert.pem",
|
| - X509Certificate::FORMAT_AUTO);
|
| + CertificateList ca_cert_list =
|
| + CreateCertificateListFromFile(GetTestCertsDirectory(),
|
| + "root_ca_cert.pem",
|
| + X509Certificate::FORMAT_AUTO);
|
| ASSERT_EQ(1U, ca_cert_list.size());
|
| scoped_refptr<X509Certificate> ca_cert(ca_cert_list[0]);
|
|
|
| CertificateList cert_list = CreateCertificateListFromFile(
|
| - GetTestCertsDirectory(), "ok_cert.pem",
|
| - X509Certificate::FORMAT_AUTO);
|
| + GetTestCertsDirectory(), "ok_cert.pem", X509Certificate::FORMAT_AUTO);
|
| ASSERT_EQ(1U, cert_list.size());
|
| scoped_refptr<X509Certificate> cert(cert_list[0]);
|
|
|
| @@ -997,8 +984,7 @@ TEST_F(CertVerifyProcTest, IsIssuedByKnownRootIgnoresTestRoots) {
|
| GetTestCertsDirectory().AppendASCII("root_ca_cert.pem"));
|
|
|
| CertificateList cert_list = CreateCertificateListFromFile(
|
| - GetTestCertsDirectory(), "ok_cert.pem",
|
| - X509Certificate::FORMAT_AUTO);
|
| + GetTestCertsDirectory(), "ok_cert.pem", X509Certificate::FORMAT_AUTO);
|
| ASSERT_EQ(1U, cert_list.size());
|
| scoped_refptr<X509Certificate> cert(cert_list[0]);
|
|
|
| @@ -1025,10 +1011,10 @@ TEST_F(CertVerifyProcTest, IsIssuedByKnownRootIgnoresTestRoots) {
|
| // (necessary for certain mobile platforms), which OS X does not recognize
|
| // as already existing within its trust store.
|
| TEST_F(CertVerifyProcTest, CybertrustGTERoot) {
|
| - CertificateList certs = CreateCertificateListFromFile(
|
| - GetTestCertsDirectory(),
|
| - "cybertrust_omniroot_chain.pem",
|
| - X509Certificate::FORMAT_PEM_CERT_SEQUENCE);
|
| + CertificateList certs =
|
| + CreateCertificateListFromFile(GetTestCertsDirectory(),
|
| + "cybertrust_omniroot_chain.pem",
|
| + X509Certificate::FORMAT_PEM_CERT_SEQUENCE);
|
| ASSERT_EQ(2U, certs.size());
|
|
|
| X509Certificate::OSCertHandles intermediates;
|
| @@ -1039,9 +1025,8 @@ TEST_F(CertVerifyProcTest, CybertrustGTERoot) {
|
| intermediates);
|
| ASSERT_TRUE(cybertrust_basic.get());
|
|
|
| - scoped_refptr<X509Certificate> baltimore_root =
|
| - ImportCertFromFile(GetTestCertsDirectory(),
|
| - "cybertrust_baltimore_root.pem");
|
| + scoped_refptr<X509Certificate> baltimore_root = ImportCertFromFile(
|
| + GetTestCertsDirectory(), "cybertrust_baltimore_root.pem");
|
| ASSERT_TRUE(baltimore_root.get());
|
|
|
| ScopedTestRoot scoped_root(baltimore_root.get());
|
| @@ -1070,9 +1055,8 @@ TEST_F(CertVerifyProcTest, CybertrustGTERoot) {
|
|
|
| // Attempt to verify with the first known cross-certified intermediate
|
| // provided.
|
| - scoped_refptr<X509Certificate> baltimore_intermediate_1 =
|
| - ImportCertFromFile(GetTestCertsDirectory(),
|
| - "cybertrust_baltimore_cross_certified_1.pem");
|
| + scoped_refptr<X509Certificate> baltimore_intermediate_1 = ImportCertFromFile(
|
| + GetTestCertsDirectory(), "cybertrust_baltimore_cross_certified_1.pem");
|
| ASSERT_TRUE(baltimore_intermediate_1.get());
|
|
|
| X509Certificate::OSCertHandles intermediate_chain_1 =
|
| @@ -1093,9 +1077,8 @@ TEST_F(CertVerifyProcTest, CybertrustGTERoot) {
|
|
|
| // Attempt to verify with the second known cross-certified intermediate
|
| // provided.
|
| - scoped_refptr<X509Certificate> baltimore_intermediate_2 =
|
| - ImportCertFromFile(GetTestCertsDirectory(),
|
| - "cybertrust_baltimore_cross_certified_2.pem");
|
| + scoped_refptr<X509Certificate> baltimore_intermediate_2 = ImportCertFromFile(
|
| + GetTestCertsDirectory(), "cybertrust_baltimore_cross_certified_2.pem");
|
| ASSERT_TRUE(baltimore_intermediate_2.get());
|
|
|
| X509Certificate::OSCertHandles intermediate_chain_2 =
|
| @@ -1117,8 +1100,7 @@ TEST_F(CertVerifyProcTest, CybertrustGTERoot) {
|
| // Attempt to verify when both a cross-certified intermediate AND
|
| // the legacy GTE root are provided.
|
| scoped_refptr<X509Certificate> cybertrust_root =
|
| - ImportCertFromFile(GetTestCertsDirectory(),
|
| - "cybertrust_gte_root.pem");
|
| + ImportCertFromFile(GetTestCertsDirectory(), "cybertrust_gte_root.pem");
|
| ASSERT_TRUE(cybertrust_root.get());
|
|
|
| intermediate_chain_2.push_back(cybertrust_root->os_cert_handle());
|
| @@ -1141,50 +1123,52 @@ TEST_F(CertVerifyProcTest, CybertrustGTERoot) {
|
|
|
| #if defined(USE_NSS) || defined(OS_IOS) || defined(OS_WIN) || defined(OS_MACOSX)
|
| static const uint8 kCRLSetLeafSPKIBlocked[] = {
|
| - 0x8e, 0x00, 0x7b, 0x22, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0x3a,
|
| - 0x30, 0x2c, 0x22, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x54, 0x79, 0x70,
|
| - 0x65, 0x22, 0x3a, 0x22, 0x43, 0x52, 0x4c, 0x53, 0x65, 0x74, 0x22, 0x2c, 0x22,
|
| - 0x53, 0x65, 0x71, 0x75, 0x65, 0x6e, 0x63, 0x65, 0x22, 0x3a, 0x30, 0x2c, 0x22,
|
| - 0x44, 0x65, 0x6c, 0x74, 0x61, 0x46, 0x72, 0x6f, 0x6d, 0x22, 0x3a, 0x30, 0x2c,
|
| - 0x22, 0x4e, 0x75, 0x6d, 0x50, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x73, 0x22, 0x3a,
|
| - 0x30, 0x2c, 0x22, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x65, 0x64, 0x53, 0x50, 0x4b,
|
| - 0x49, 0x73, 0x22, 0x3a, 0x5b, 0x22, 0x43, 0x38, 0x4d, 0x4a, 0x46, 0x55, 0x55,
|
| - 0x5a, 0x38, 0x43, 0x79, 0x54, 0x2b, 0x4e, 0x57, 0x64, 0x68, 0x69, 0x7a, 0x51,
|
| - 0x68, 0x54, 0x49, 0x65, 0x46, 0x49, 0x37, 0x76, 0x41, 0x77, 0x7a, 0x64, 0x54,
|
| - 0x79, 0x52, 0x59, 0x45, 0x6e, 0x78, 0x6c, 0x33, 0x62, 0x67, 0x3d, 0x22, 0x5d,
|
| - 0x7d,
|
| + 0x8e, 0x00, 0x7b, 0x22, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x22,
|
| + 0x3a, 0x30, 0x2c, 0x22, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x54,
|
| + 0x79, 0x70, 0x65, 0x22, 0x3a, 0x22, 0x43, 0x52, 0x4c, 0x53, 0x65, 0x74,
|
| + 0x22, 0x2c, 0x22, 0x53, 0x65, 0x71, 0x75, 0x65, 0x6e, 0x63, 0x65, 0x22,
|
| + 0x3a, 0x30, 0x2c, 0x22, 0x44, 0x65, 0x6c, 0x74, 0x61, 0x46, 0x72, 0x6f,
|
| + 0x6d, 0x22, 0x3a, 0x30, 0x2c, 0x22, 0x4e, 0x75, 0x6d, 0x50, 0x61, 0x72,
|
| + 0x65, 0x6e, 0x74, 0x73, 0x22, 0x3a, 0x30, 0x2c, 0x22, 0x42, 0x6c, 0x6f,
|
| + 0x63, 0x6b, 0x65, 0x64, 0x53, 0x50, 0x4b, 0x49, 0x73, 0x22, 0x3a, 0x5b,
|
| + 0x22, 0x43, 0x38, 0x4d, 0x4a, 0x46, 0x55, 0x55, 0x5a, 0x38, 0x43, 0x79,
|
| + 0x54, 0x2b, 0x4e, 0x57, 0x64, 0x68, 0x69, 0x7a, 0x51, 0x68, 0x54, 0x49,
|
| + 0x65, 0x46, 0x49, 0x37, 0x76, 0x41, 0x77, 0x7a, 0x64, 0x54, 0x79, 0x52,
|
| + 0x59, 0x45, 0x6e, 0x78, 0x6c, 0x33, 0x62, 0x67, 0x3d, 0x22, 0x5d, 0x7d,
|
| };
|
|
|
| static const uint8 kCRLSetLeafSerialBlocked[] = {
|
| - 0x60, 0x00, 0x7b, 0x22, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0x3a,
|
| - 0x30, 0x2c, 0x22, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x54, 0x79, 0x70,
|
| - 0x65, 0x22, 0x3a, 0x22, 0x43, 0x52, 0x4c, 0x53, 0x65, 0x74, 0x22, 0x2c, 0x22,
|
| - 0x53, 0x65, 0x71, 0x75, 0x65, 0x6e, 0x63, 0x65, 0x22, 0x3a, 0x30, 0x2c, 0x22,
|
| - 0x44, 0x65, 0x6c, 0x74, 0x61, 0x46, 0x72, 0x6f, 0x6d, 0x22, 0x3a, 0x30, 0x2c,
|
| - 0x22, 0x4e, 0x75, 0x6d, 0x50, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x73, 0x22, 0x3a,
|
| - 0x31, 0x2c, 0x22, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x65, 0x64, 0x53, 0x50, 0x4b,
|
| - 0x49, 0x73, 0x22, 0x3a, 0x5b, 0x5d, 0x7d, 0x0f, 0x87, 0xe4, 0xc7, 0x75, 0xea,
|
| - 0x46, 0x7e, 0xf3, 0xfd, 0x82, 0xb7, 0x46, 0x7b, 0x10, 0xda, 0xc5, 0xbf, 0xd8,
|
| - 0xd1, 0x29, 0xb2, 0xc6, 0xac, 0x7f, 0x51, 0x42, 0x15, 0x28, 0x51, 0x06, 0x7f,
|
| - 0x01, 0x00, 0x00, 0x00, // number of serials
|
| - 0x01, 0xed, // serial 0xed
|
| + 0x60, 0x00, 0x7b, 0x22, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x22,
|
| + 0x3a, 0x30, 0x2c, 0x22, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x54,
|
| + 0x79, 0x70, 0x65, 0x22, 0x3a, 0x22, 0x43, 0x52, 0x4c, 0x53, 0x65, 0x74,
|
| + 0x22, 0x2c, 0x22, 0x53, 0x65, 0x71, 0x75, 0x65, 0x6e, 0x63, 0x65, 0x22,
|
| + 0x3a, 0x30, 0x2c, 0x22, 0x44, 0x65, 0x6c, 0x74, 0x61, 0x46, 0x72, 0x6f,
|
| + 0x6d, 0x22, 0x3a, 0x30, 0x2c, 0x22, 0x4e, 0x75, 0x6d, 0x50, 0x61, 0x72,
|
| + 0x65, 0x6e, 0x74, 0x73, 0x22, 0x3a, 0x31, 0x2c, 0x22, 0x42, 0x6c, 0x6f,
|
| + 0x63, 0x6b, 0x65, 0x64, 0x53, 0x50, 0x4b, 0x49, 0x73, 0x22, 0x3a, 0x5b,
|
| + 0x5d, 0x7d, 0x0f, 0x87, 0xe4, 0xc7, 0x75, 0xea, 0x46, 0x7e, 0xf3, 0xfd,
|
| + 0x82, 0xb7, 0x46, 0x7b, 0x10, 0xda, 0xc5, 0xbf, 0xd8, 0xd1, 0x29, 0xb2,
|
| + 0xc6, 0xac, 0x7f, 0x51, 0x42, 0x15, 0x28, 0x51, 0x06, 0x7f, 0x01, 0x00,
|
| + 0x00, 0x00, // number of serials
|
| + 0x01, 0xed, // serial 0xed
|
| };
|
|
|
| static const uint8 kCRLSetQUICSerialBlocked[] = {
|
| - 0x60, 0x00, 0x7b, 0x22, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0x3a,
|
| - 0x30, 0x2c, 0x22, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x54, 0x79, 0x70,
|
| - 0x65, 0x22, 0x3a, 0x22, 0x43, 0x52, 0x4c, 0x53, 0x65, 0x74, 0x22, 0x2c, 0x22,
|
| - 0x53, 0x65, 0x71, 0x75, 0x65, 0x6e, 0x63, 0x65, 0x22, 0x3a, 0x30, 0x2c, 0x22,
|
| - 0x44, 0x65, 0x6c, 0x74, 0x61, 0x46, 0x72, 0x6f, 0x6d, 0x22, 0x3a, 0x30, 0x2c,
|
| - 0x22, 0x4e, 0x75, 0x6d, 0x50, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x73, 0x22, 0x3a,
|
| - 0x31, 0x2c, 0x22, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x65, 0x64, 0x53, 0x50, 0x4b,
|
| - 0x49, 0x73, 0x22, 0x3a, 0x5b, 0x5d, 0x7d,
|
| - // Issuer SPKI SHA-256 hash:
|
| - 0xe4, 0x3a, 0xa3, 0xdb, 0x98, 0x31, 0x61, 0x05, 0xdd, 0x57, 0x6d, 0xc6, 0x2f,
|
| - 0x71, 0x26, 0xba, 0xdd, 0xf4, 0x98, 0x3e, 0x62, 0x22, 0xf8, 0xf9, 0xe4, 0x18,
|
| - 0x62, 0x77, 0x79, 0xdb, 0x9b, 0x31,
|
| - 0x01, 0x00, 0x00, 0x00, // number of serials
|
| - 0x01, 0x03, // serial 3
|
| + 0x60, 0x00, 0x7b, 0x22, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e,
|
| + 0x22, 0x3a, 0x30, 0x2c, 0x22, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e,
|
| + 0x74, 0x54, 0x79, 0x70, 0x65, 0x22, 0x3a, 0x22, 0x43, 0x52, 0x4c,
|
| + 0x53, 0x65, 0x74, 0x22, 0x2c, 0x22, 0x53, 0x65, 0x71, 0x75, 0x65,
|
| + 0x6e, 0x63, 0x65, 0x22, 0x3a, 0x30, 0x2c, 0x22, 0x44, 0x65, 0x6c,
|
| + 0x74, 0x61, 0x46, 0x72, 0x6f, 0x6d, 0x22, 0x3a, 0x30, 0x2c, 0x22,
|
| + 0x4e, 0x75, 0x6d, 0x50, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x73, 0x22,
|
| + 0x3a, 0x31, 0x2c, 0x22, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x65, 0x64,
|
| + 0x53, 0x50, 0x4b, 0x49, 0x73, 0x22, 0x3a, 0x5b, 0x5d, 0x7d,
|
| + // Issuer SPKI SHA-256 hash:
|
| + 0xe4, 0x3a, 0xa3, 0xdb, 0x98, 0x31, 0x61, 0x05, 0xdd, 0x57, 0x6d,
|
| + 0xc6, 0x2f, 0x71, 0x26, 0xba, 0xdd, 0xf4, 0x98, 0x3e, 0x62, 0x22,
|
| + 0xf8, 0xf9, 0xe4, 0x18, 0x62, 0x77, 0x79, 0xdb, 0x9b, 0x31, 0x01,
|
| + 0x00, 0x00, 0x00, // number of serials
|
| + 0x01, 0x03, // serial 3
|
| };
|
|
|
| // Test that CRLSets are effective in making a certificate appear to be
|
| @@ -1241,10 +1225,8 @@ TEST_F(CertVerifyProcTest, CRLSet) {
|
| }
|
|
|
| TEST_F(CertVerifyProcTest, CRLSetLeafSerial) {
|
| - CertificateList ca_cert_list =
|
| - CreateCertificateListFromFile(GetTestCertsDirectory(),
|
| - "quic_root.crt",
|
| - X509Certificate::FORMAT_AUTO);
|
| + CertificateList ca_cert_list = CreateCertificateListFromFile(
|
| + GetTestCertsDirectory(), "quic_root.crt", X509Certificate::FORMAT_AUTO);
|
| ASSERT_EQ(1U, ca_cert_list.size());
|
| ScopedTestRoot test_root(ca_cert_list[0]);
|
|
|
| @@ -1256,14 +1238,14 @@ TEST_F(CertVerifyProcTest, CRLSetLeafSerial) {
|
| X509Certificate::OSCertHandles intermediates;
|
| intermediates.push_back(intermediate_cert_list[0]->os_cert_handle());
|
|
|
| - CertificateList cert_list = CreateCertificateListFromFile(
|
| - GetTestCertsDirectory(), "quic_test.example.com.crt",
|
| - X509Certificate::FORMAT_AUTO);
|
| + CertificateList cert_list =
|
| + CreateCertificateListFromFile(GetTestCertsDirectory(),
|
| + "quic_test.example.com.crt",
|
| + X509Certificate::FORMAT_AUTO);
|
| ASSERT_EQ(1U, cert_list.size());
|
|
|
| - scoped_refptr<X509Certificate> leaf =
|
| - X509Certificate::CreateFromHandle(cert_list[0]->os_cert_handle(),
|
| - intermediates);
|
| + scoped_refptr<X509Certificate> leaf = X509Certificate::CreateFromHandle(
|
| + cert_list[0]->os_cert_handle(), intermediates);
|
|
|
| int flags = 0;
|
| CertVerifyResult verify_result;
|
| @@ -1327,10 +1309,10 @@ TEST_P(CertVerifyProcWeakDigestTest, Verify) {
|
|
|
| ScopedTestRoot test_root;
|
| if (data.root_cert_filename) {
|
| - scoped_refptr<X509Certificate> root_cert =
|
| - ImportCertFromFile(certs_dir, data.root_cert_filename);
|
| - ASSERT_NE(static_cast<X509Certificate*>(NULL), root_cert);
|
| - test_root.Reset(root_cert.get());
|
| + scoped_refptr<X509Certificate> root_cert =
|
| + ImportCertFromFile(certs_dir, data.root_cert_filename);
|
| + ASSERT_NE(static_cast<X509Certificate*>(NULL), root_cert);
|
| + test_root.Reset(root_cert.get());
|
| }
|
|
|
| scoped_refptr<X509Certificate> intermediate_cert =
|
| @@ -1343,9 +1325,8 @@ TEST_P(CertVerifyProcWeakDigestTest, Verify) {
|
| X509Certificate::OSCertHandles intermediates;
|
| intermediates.push_back(intermediate_cert->os_cert_handle());
|
|
|
| - scoped_refptr<X509Certificate> ee_chain =
|
| - X509Certificate::CreateFromHandle(ee_cert->os_cert_handle(),
|
| - intermediates);
|
| + scoped_refptr<X509Certificate> ee_chain = X509Certificate::CreateFromHandle(
|
| + ee_cert->os_cert_handle(), intermediates);
|
| ASSERT_NE(static_cast<X509Certificate*>(NULL), ee_chain);
|
|
|
| int flags = 0;
|
| @@ -1369,9 +1350,8 @@ TEST_P(CertVerifyProcWeakDigestTest, Verify) {
|
|
|
| // Ensure that MD5 is flagged as weak.
|
| if (data.expected_has_md5) {
|
| - EXPECT_EQ(
|
| - CERT_STATUS_WEAK_SIGNATURE_ALGORITHM,
|
| - verify_result.cert_status & CERT_STATUS_WEAK_SIGNATURE_ALGORITHM);
|
| + EXPECT_EQ(CERT_STATUS_WEAK_SIGNATURE_ALGORITHM,
|
| + verify_result.cert_status & CERT_STATUS_WEAK_SIGNATURE_ALGORITHM);
|
| }
|
|
|
| // If a root cert is present, then check that the chain was rejected if any
|
| @@ -1399,34 +1379,35 @@ TEST_P(CertVerifyProcWeakDigestTest, Verify) {
|
| // pre-processor will expand macros such as MAYBE_test_name before
|
| // instantiating the test.
|
| #define WRAPPED_INSTANTIATE_TEST_CASE_P(prefix, test_case_name, generator) \
|
| - INSTANTIATE_TEST_CASE_P(prefix, test_case_name, generator)
|
| + INSTANTIATE_TEST_CASE_P(prefix, test_case_name, generator)
|
|
|
| // The signature algorithm of the root CA should not matter.
|
| const WeakDigestTestData kVerifyRootCATestData[] = {
|
| - { "weak_digest_md5_root.pem", "weak_digest_sha1_intermediate.pem",
|
| - "weak_digest_sha1_ee.pem", false, false, false },
|
| + {"weak_digest_md5_root.pem", "weak_digest_sha1_intermediate.pem",
|
| + "weak_digest_sha1_ee.pem", false, false, false},
|
| #if defined(USE_OPENSSL_CERTS) || defined(OS_WIN)
|
| - // MD4 is not supported by OS X / NSS
|
| - { "weak_digest_md4_root.pem", "weak_digest_sha1_intermediate.pem",
|
| - "weak_digest_sha1_ee.pem", false, false, false },
|
| + // MD4 is not supported by OS X / NSS
|
| + {"weak_digest_md4_root.pem", "weak_digest_sha1_intermediate.pem",
|
| + "weak_digest_sha1_ee.pem", false, false, false},
|
| #endif
|
| - { "weak_digest_md2_root.pem", "weak_digest_sha1_intermediate.pem",
|
| - "weak_digest_sha1_ee.pem", false, false, false },
|
| + {"weak_digest_md2_root.pem", "weak_digest_sha1_intermediate.pem",
|
| + "weak_digest_sha1_ee.pem", false, false, false},
|
| };
|
| -INSTANTIATE_TEST_CASE_P(VerifyRoot, CertVerifyProcWeakDigestTest,
|
| +INSTANTIATE_TEST_CASE_P(VerifyRoot,
|
| + CertVerifyProcWeakDigestTest,
|
| testing::ValuesIn(kVerifyRootCATestData));
|
|
|
| // The signature algorithm of intermediates should be properly detected.
|
| const WeakDigestTestData kVerifyIntermediateCATestData[] = {
|
| - { "weak_digest_sha1_root.pem", "weak_digest_md5_intermediate.pem",
|
| - "weak_digest_sha1_ee.pem", true, false, false },
|
| + {"weak_digest_sha1_root.pem", "weak_digest_md5_intermediate.pem",
|
| + "weak_digest_sha1_ee.pem", true, false, false},
|
| #if defined(USE_OPENSSL_CERTS) || defined(OS_WIN)
|
| - // MD4 is not supported by OS X / NSS
|
| - { "weak_digest_sha1_root.pem", "weak_digest_md4_intermediate.pem",
|
| - "weak_digest_sha1_ee.pem", false, true, false },
|
| + // MD4 is not supported by OS X / NSS
|
| + {"weak_digest_sha1_root.pem", "weak_digest_md4_intermediate.pem",
|
| + "weak_digest_sha1_ee.pem", false, true, false},
|
| #endif
|
| - { "weak_digest_sha1_root.pem", "weak_digest_md2_intermediate.pem",
|
| - "weak_digest_sha1_ee.pem", false, false, true },
|
| + {"weak_digest_sha1_root.pem", "weak_digest_md2_intermediate.pem",
|
| + "weak_digest_sha1_ee.pem", false, false, true},
|
| };
|
| // Disabled on NSS - MD4 is not supported, and MD2 and MD5 are disabled.
|
| #if defined(USE_NSS) || defined(OS_IOS)
|
| @@ -1441,15 +1422,15 @@ WRAPPED_INSTANTIATE_TEST_CASE_P(
|
|
|
| // The signature algorithm of end-entity should be properly detected.
|
| const WeakDigestTestData kVerifyEndEntityTestData[] = {
|
| - { "weak_digest_sha1_root.pem", "weak_digest_sha1_intermediate.pem",
|
| - "weak_digest_md5_ee.pem", true, false, false },
|
| + {"weak_digest_sha1_root.pem", "weak_digest_sha1_intermediate.pem",
|
| + "weak_digest_md5_ee.pem", true, false, false},
|
| #if defined(USE_OPENSSL_CERTS) || defined(OS_WIN)
|
| - // MD4 is not supported by OS X / NSS
|
| - { "weak_digest_sha1_root.pem", "weak_digest_sha1_intermediate.pem",
|
| - "weak_digest_md4_ee.pem", false, true, false },
|
| + // MD4 is not supported by OS X / NSS
|
| + {"weak_digest_sha1_root.pem", "weak_digest_sha1_intermediate.pem",
|
| + "weak_digest_md4_ee.pem", false, true, false},
|
| #endif
|
| - { "weak_digest_sha1_root.pem", "weak_digest_sha1_intermediate.pem",
|
| - "weak_digest_md2_ee.pem", false, false, true },
|
| + {"weak_digest_sha1_root.pem", "weak_digest_sha1_intermediate.pem",
|
| + "weak_digest_md2_ee.pem", false, false, true},
|
| };
|
| // Disabled on NSS - NSS caches chains/signatures in such a way that cannot
|
| // be cleared until NSS is cleanly shutdown, which is not presently supported
|
| @@ -1465,21 +1446,20 @@ WRAPPED_INSTANTIATE_TEST_CASE_P(MAYBE_VerifyEndEntity,
|
|
|
| // Incomplete chains should still report the status of the intermediate.
|
| const WeakDigestTestData kVerifyIncompleteIntermediateTestData[] = {
|
| - { NULL, "weak_digest_md5_intermediate.pem", "weak_digest_sha1_ee.pem",
|
| - true, false, false },
|
| + {NULL, "weak_digest_md5_intermediate.pem", "weak_digest_sha1_ee.pem", true,
|
| + false, false},
|
| #if defined(USE_OPENSSL_CERTS) || defined(OS_WIN)
|
| - // MD4 is not supported by OS X / NSS
|
| - { NULL, "weak_digest_md4_intermediate.pem", "weak_digest_sha1_ee.pem",
|
| - false, true, false },
|
| + // MD4 is not supported by OS X / NSS
|
| + {NULL, "weak_digest_md4_intermediate.pem", "weak_digest_sha1_ee.pem", false,
|
| + true, false},
|
| #endif
|
| - { NULL, "weak_digest_md2_intermediate.pem", "weak_digest_sha1_ee.pem",
|
| - false, false, true },
|
| + {NULL, "weak_digest_md2_intermediate.pem", "weak_digest_sha1_ee.pem", false,
|
| + false, true},
|
| };
|
| // Disabled on NSS - libpkix does not return constructed chains on error,
|
| // preventing us from detecting/inspecting the verified chain.
|
| #if defined(USE_NSS) || defined(OS_IOS)
|
| -#define MAYBE_VerifyIncompleteIntermediate \
|
| - DISABLED_VerifyIncompleteIntermediate
|
| +#define MAYBE_VerifyIncompleteIntermediate DISABLED_VerifyIncompleteIntermediate
|
| #else
|
| #define MAYBE_VerifyIncompleteIntermediate VerifyIncompleteIntermediate
|
| #endif
|
| @@ -1490,15 +1470,15 @@ WRAPPED_INSTANTIATE_TEST_CASE_P(
|
|
|
| // Incomplete chains should still report the status of the end-entity.
|
| const WeakDigestTestData kVerifyIncompleteEETestData[] = {
|
| - { NULL, "weak_digest_sha1_intermediate.pem", "weak_digest_md5_ee.pem",
|
| - true, false, false },
|
| + {NULL, "weak_digest_sha1_intermediate.pem", "weak_digest_md5_ee.pem", true,
|
| + false, false},
|
| #if defined(USE_OPENSSL_CERTS) || defined(OS_WIN)
|
| - // MD4 is not supported by OS X / NSS
|
| - { NULL, "weak_digest_sha1_intermediate.pem", "weak_digest_md4_ee.pem",
|
| - false, true, false },
|
| + // MD4 is not supported by OS X / NSS
|
| + {NULL, "weak_digest_sha1_intermediate.pem", "weak_digest_md4_ee.pem", false,
|
| + true, false},
|
| #endif
|
| - { NULL, "weak_digest_sha1_intermediate.pem", "weak_digest_md2_ee.pem",
|
| - false, false, true },
|
| + {NULL, "weak_digest_sha1_intermediate.pem", "weak_digest_md2_ee.pem", false,
|
| + false, true},
|
| };
|
| // Disabled on NSS - libpkix does not return constructed chains on error,
|
| // preventing us from detecting/inspecting the verified chain.
|
| @@ -1507,22 +1487,21 @@ const WeakDigestTestData kVerifyIncompleteEETestData[] = {
|
| #else
|
| #define MAYBE_VerifyIncompleteEndEntity VerifyIncompleteEndEntity
|
| #endif
|
| -WRAPPED_INSTANTIATE_TEST_CASE_P(
|
| - MAYBE_VerifyIncompleteEndEntity,
|
| - CertVerifyProcWeakDigestTest,
|
| - testing::ValuesIn(kVerifyIncompleteEETestData));
|
| +WRAPPED_INSTANTIATE_TEST_CASE_P(MAYBE_VerifyIncompleteEndEntity,
|
| + CertVerifyProcWeakDigestTest,
|
| + testing::ValuesIn(kVerifyIncompleteEETestData));
|
|
|
| // Differing algorithms between the intermediate and the EE should still be
|
| // reported.
|
| const WeakDigestTestData kVerifyMixedTestData[] = {
|
| - { "weak_digest_sha1_root.pem", "weak_digest_md5_intermediate.pem",
|
| - "weak_digest_md2_ee.pem", true, false, true },
|
| - { "weak_digest_sha1_root.pem", "weak_digest_md2_intermediate.pem",
|
| - "weak_digest_md5_ee.pem", true, false, true },
|
| + {"weak_digest_sha1_root.pem", "weak_digest_md5_intermediate.pem",
|
| + "weak_digest_md2_ee.pem", true, false, true},
|
| + {"weak_digest_sha1_root.pem", "weak_digest_md2_intermediate.pem",
|
| + "weak_digest_md5_ee.pem", true, false, true},
|
| #if defined(USE_OPENSSL_CERTS) || defined(OS_WIN)
|
| - // MD4 is not supported by OS X / NSS
|
| - { "weak_digest_sha1_root.pem", "weak_digest_md4_intermediate.pem",
|
| - "weak_digest_md2_ee.pem", false, true, true },
|
| + // MD4 is not supported by OS X / NSS
|
| + {"weak_digest_sha1_root.pem", "weak_digest_md4_intermediate.pem",
|
| + "weak_digest_md2_ee.pem", false, true, true},
|
| #endif
|
| };
|
| // NSS does not support MD4 and does not enable MD2 by default, making all
|
| @@ -1532,10 +1511,9 @@ const WeakDigestTestData kVerifyMixedTestData[] = {
|
| #else
|
| #define MAYBE_VerifyMixed VerifyMixed
|
| #endif
|
| -WRAPPED_INSTANTIATE_TEST_CASE_P(
|
| - MAYBE_VerifyMixed,
|
| - CertVerifyProcWeakDigestTest,
|
| - testing::ValuesIn(kVerifyMixedTestData));
|
| +WRAPPED_INSTANTIATE_TEST_CASE_P(MAYBE_VerifyMixed,
|
| + CertVerifyProcWeakDigestTest,
|
| + testing::ValuesIn(kVerifyMixedTestData));
|
|
|
| // For the list of valid hostnames, see
|
| // net/cert/data/ssl/certificates/subjectAltName_sanity_check.pem
|
| @@ -1543,19 +1521,20 @@ static const struct CertVerifyProcNameData {
|
| const char* hostname;
|
| bool valid; // Whether or not |hostname| matches a subjectAltName.
|
| } kVerifyNameData[] = {
|
| - { "127.0.0.1", false }, // Don't match the common name
|
| - { "127.0.0.2", true }, // Matches the iPAddress SAN (IPv4)
|
| - { "FE80:0:0:0:0:0:0:1", true }, // Matches the iPAddress SAN (IPv6)
|
| - { "[FE80:0:0:0:0:0:0:1]", false }, // Should not match the iPAddress SAN
|
| - { "FE80::1", true }, // Compressed form matches the iPAddress SAN (IPv6)
|
| - { "::127.0.0.2", false }, // IPv6 mapped form should NOT match iPAddress SAN
|
| - { "test.example", true }, // Matches the dNSName SAN
|
| - { "test.example.", true }, // Matches the dNSName SAN (trailing . ignored)
|
| - { "www.test.example", false }, // Should not match the dNSName SAN
|
| - { "test..example", false }, // Should not match the dNSName SAN
|
| - { "test.example..", false }, // Should not match the dNSName SAN
|
| - { ".test.example.", false }, // Should not match the dNSName SAN
|
| - { ".test.example", false }, // Should not match the dNSName SAN
|
| + {"127.0.0.1", false}, // Don't match the common name
|
| + {"127.0.0.2", true}, // Matches the iPAddress SAN (IPv4)
|
| + {"FE80:0:0:0:0:0:0:1", true}, // Matches the iPAddress SAN (IPv6)
|
| + {"[FE80:0:0:0:0:0:0:1]", false}, // Should not match the iPAddress SAN
|
| + {"FE80::1", true}, // Compressed form matches the iPAddress SAN (IPv6)
|
| + {"::127.0.0.2",
|
| + false}, // IPv6 mapped form should NOT match iPAddress SAN
|
| + {"test.example", true}, // Matches the dNSName SAN
|
| + {"test.example.", true}, // Matches the dNSName SAN (trailing . ignored)
|
| + {"www.test.example", false}, // Should not match the dNSName SAN
|
| + {"test..example", false}, // Should not match the dNSName SAN
|
| + {"test.example..", false}, // Should not match the dNSName SAN
|
| + {".test.example.", false}, // Should not match the dNSName SAN
|
| + {".test.example", false}, // Should not match the dNSName SAN
|
| };
|
|
|
| // GTest 'magic' pretty-printer, so that if/when a test fails, it knows how
|
| @@ -1577,17 +1556,18 @@ class CertVerifyProcNameTest
|
| TEST_P(CertVerifyProcNameTest, VerifyCertName) {
|
| CertVerifyProcNameData data = GetParam();
|
|
|
| - CertificateList cert_list = CreateCertificateListFromFile(
|
| - GetTestCertsDirectory(), "subjectAltName_sanity_check.pem",
|
| - X509Certificate::FORMAT_AUTO);
|
| + CertificateList cert_list =
|
| + CreateCertificateListFromFile(GetTestCertsDirectory(),
|
| + "subjectAltName_sanity_check.pem",
|
| + X509Certificate::FORMAT_AUTO);
|
| ASSERT_EQ(1U, cert_list.size());
|
| scoped_refptr<X509Certificate> cert(cert_list[0]);
|
|
|
| ScopedTestRoot scoped_root(cert.get());
|
|
|
| CertVerifyResult verify_result;
|
| - int error = Verify(cert.get(), data.hostname, 0, NULL, empty_cert_list_,
|
| - &verify_result);
|
| + int error = Verify(
|
| + cert.get(), data.hostname, 0, NULL, empty_cert_list_, &verify_result);
|
| if (data.valid) {
|
| EXPECT_EQ(OK, error);
|
| EXPECT_FALSE(verify_result.cert_status & CERT_STATUS_COMMON_NAME_INVALID);
|
| @@ -1597,9 +1577,8 @@ TEST_P(CertVerifyProcNameTest, VerifyCertName) {
|
| }
|
| }
|
|
|
| -WRAPPED_INSTANTIATE_TEST_CASE_P(
|
| - VerifyName,
|
| - CertVerifyProcNameTest,
|
| - testing::ValuesIn(kVerifyNameData));
|
| +WRAPPED_INSTANTIATE_TEST_CASE_P(VerifyName,
|
| + CertVerifyProcNameTest,
|
| + testing::ValuesIn(kVerifyNameData));
|
|
|
| } // namespace net
|
|
|
Chromium Code Reviews
