| OLD | NEW |
|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/internal/verify_certificate_chain.h" | 5 #include "net/cert/internal/verify_certificate_chain.h" |
| 6 | 6 |
| 7 #include "net/cert/internal/parsed_certificate.h" | 7 #include "net/cert/internal/parsed_certificate.h" |
| 8 #include "net/cert/internal/signature_policy.h" | 8 #include "net/cert/internal/signature_policy.h" |
| 9 #include "net/cert/internal/trust_store.h" | 9 #include "net/cert/internal/trust_store.h" |
| 10 #include "net/der/input.h" | 10 #include "net/der/input.h" |
| (...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 50 static bool Verify(std::vector<std::string> cert_ders, | 50 static bool Verify(std::vector<std::string> cert_ders, |
| 51 std::vector<std::string> crl_ders) { | 51 std::vector<std::string> crl_ders) { |
| 52 if (cert_ders.empty()) { | 52 if (cert_ders.empty()) { |
| 53 ADD_FAILURE() << "cert_ders is empty"; | 53 ADD_FAILURE() << "cert_ders is empty"; |
| 54 return false; | 54 return false; |
| 55 } | 55 } |
| 56 | 56 |
| 57 // PKITS lists chains from trust anchor to target, VerifyCertificateChain | 57 // PKITS lists chains from trust anchor to target, VerifyCertificateChain |
| 58 // takes them starting with the target and not including the trust anchor. | 58 // takes them starting with the target and not including the trust anchor. |
| 59 std::vector<scoped_refptr<net::ParsedCertificate>> input_chain; | 59 std::vector<scoped_refptr<net::ParsedCertificate>> input_chain; |
| 60 CertErrors errors; | 60 CertErrors parsing_errors; |
| 61 for (auto i = cert_ders.rbegin(); i != cert_ders.rend(); ++i) { | 61 for (auto i = cert_ders.rbegin(); i != cert_ders.rend(); ++i) { |
| 62 if (!net::ParsedCertificate::CreateAndAddToVector( | 62 if (!net::ParsedCertificate::CreateAndAddToVector( |
| 63 bssl::UniquePtr<CRYPTO_BUFFER>( | 63 bssl::UniquePtr<CRYPTO_BUFFER>( |
| 64 CRYPTO_BUFFER_new(reinterpret_cast<const uint8_t*>(i->data()), | 64 CRYPTO_BUFFER_new(reinterpret_cast<const uint8_t*>(i->data()), |
| 65 i->size(), nullptr)), | 65 i->size(), nullptr)), |
| 66 {}, &input_chain, &errors)) { | 66 {}, &input_chain, &parsing_errors)) { |
| 67 ADD_FAILURE() << "Cert failed to parse:\n" << errors.ToDebugString(); | 67 ADD_FAILURE() << "Cert failed to parse:\n" |
| 68 << parsing_errors.ToDebugString(); |
| 68 return false; | 69 return false; |
| 69 } | 70 } |
| 70 } | 71 } |
| 71 | 72 |
| 72 scoped_refptr<TrustAnchor> trust_anchor = | 73 scoped_refptr<TrustAnchor> trust_anchor = |
| 73 TrustAnchor::CreateFromCertificateNoConstraints(input_chain.back()); | 74 TrustAnchor::CreateFromCertificateNoConstraints(input_chain.back()); |
| 74 input_chain.pop_back(); | 75 input_chain.pop_back(); |
| 75 | 76 |
| 76 SimpleSignaturePolicy signature_policy(1024); | 77 SimpleSignaturePolicy signature_policy(1024); |
| 77 | 78 |
| 78 // Run all tests at the time the PKITS was published. | 79 // Run all tests at the time the PKITS was published. |
| 79 der::GeneralizedTime time = {2011, 4, 15, 0, 0, 0}; | 80 der::GeneralizedTime time = {2011, 4, 15, 0, 0, 0}; |
| 80 | 81 |
| 82 CertPathErrors path_errors; |
| 81 bool result = VerifyCertificateChain(input_chain, trust_anchor.get(), | 83 bool result = VerifyCertificateChain(input_chain, trust_anchor.get(), |
| 82 &signature_policy, time, &errors); | 84 &signature_policy, time, &path_errors); |
| 83 | 85 |
| 84 // TODO(crbug.com/634443): Test errors on failure? | 86 // TODO(crbug.com/634443): Test errors on failure? |
| 85 if (!result) | 87 EXPECT_EQ(result, !path_errors.ContainsHighSeverityErrors()); |
| 86 EXPECT_FALSE(errors.empty()); | |
| 87 | |
| 88 return result; | 88 return result; |
| 89 } | 89 } |
| 90 }; | 90 }; |
| 91 | 91 |
| 92 } // namespace | 92 } // namespace |
| 93 | 93 |
| 94 class PkitsTest01SignatureVerificationCustom | 94 class PkitsTest01SignatureVerificationCustom |
| 95 : public PkitsTest<VerifyCertificateChainPkitsTestDelegate> {}; | 95 : public PkitsTest<VerifyCertificateChainPkitsTestDelegate> {}; |
| 96 | 96 |
| 97 // Modified version of 4.1.4 Valid DSA Signatures Test4 | 97 // Modified version of 4.1.4 Valid DSA Signatures Test4 |
| (...skipping 116 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 214 | 214 |
| 215 // TODO(mattm): CRL support: PkitsTest04BasicCertificateRevocationTests, | 215 // TODO(mattm): CRL support: PkitsTest04BasicCertificateRevocationTests, |
| 216 // PkitsTest05VerifyingPathswithSelfIssuedCertificates, | 216 // PkitsTest05VerifyingPathswithSelfIssuedCertificates, |
| 217 // PkitsTest14DistributionPoints, PkitsTest15DeltaCRLs | 217 // PkitsTest14DistributionPoints, PkitsTest15DeltaCRLs |
| 218 | 218 |
| 219 // TODO(mattm): Certificate Policies support: PkitsTest08CertificatePolicies, | 219 // TODO(mattm): Certificate Policies support: PkitsTest08CertificatePolicies, |
| 220 // PkitsTest09RequireExplicitPolicy PkitsTest10PolicyMappings, | 220 // PkitsTest09RequireExplicitPolicy PkitsTest10PolicyMappings, |
| 221 // PkitsTest11InhibitPolicyMapping, PkitsTest12InhibitAnyPolicy | 221 // PkitsTest11InhibitPolicyMapping, PkitsTest12InhibitAnyPolicy |
| 222 | 222 |
| 223 } // namespace net | 223 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2759023002:
Improvements to the net/cert/internal error handling. (Closed)
