Chromium Code Reviews| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/cert_verify_proc.h" | 5 #include "net/cert/cert_verify_proc.h" |
| 6 | 6 |
| 7 #include <vector> | 7 #include <vector> |
| 8 | 8 |
| 9 #include "base/callback_helpers.h" | 9 #include "base/callback_helpers.h" |
| 10 #include "base/files/file_path.h" | 10 #include "base/files/file_path.h" |
| (...skipping 1184 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1195 | 1195 |
| 1196 // |public_key_hashes| does not have an ordering guarantee. | 1196 // |public_key_hashes| does not have an ordering guarantee. |
| 1197 EXPECT_THAT(expected_public_key_hashes, | 1197 EXPECT_THAT(expected_public_key_hashes, |
| 1198 testing::UnorderedElementsAreArray(public_key_hash_strings)); | 1198 testing::UnorderedElementsAreArray(public_key_hash_strings)); |
| 1199 } | 1199 } |
| 1200 | 1200 |
| 1201 // A regression test for http://crbug.com/70293. | 1201 // A regression test for http://crbug.com/70293. |
| 1202 // The Key Usage extension in this RSA SSL server certificate does not have | 1202 // The Key Usage extension in this RSA SSL server certificate does not have |
| 1203 // the keyEncipherment bit. | 1203 // the keyEncipherment bit. |
| 1204 TEST_P(CertVerifyProcInternalTest, InvalidKeyUsage) { | 1204 TEST_P(CertVerifyProcInternalTest, InvalidKeyUsage) { |
| 1205 if (verify_proc_type() == CERT_VERIFY_PROC_BUILTIN) { | |
| 1206 LOG(INFO) << "TODO(crbug.com/649017): Skipping test as not yet implemented " | |
| 1207 "in builting verifier"; | |
| 1208 return; | |
| 1209 } | |
| 1210 base::FilePath certs_dir = GetTestCertsDirectory(); | 1205 base::FilePath certs_dir = GetTestCertsDirectory(); |
| 1211 | 1206 |
| 1212 scoped_refptr<X509Certificate> server_cert = | 1207 scoped_refptr<X509Certificate> server_cert = |
| 1213 ImportCertFromFile(certs_dir, "invalid_key_usage_cert.der"); | 1208 ImportCertFromFile(certs_dir, "invalid_key_usage_cert.der"); |
| 1214 ASSERT_NE(static_cast<X509Certificate*>(NULL), server_cert.get()); | 1209 ASSERT_NE(static_cast<X509Certificate*>(NULL), server_cert.get()); |
| 1215 | 1210 |
| 1216 int flags = 0; | 1211 int flags = 0; |
| 1217 CertVerifyResult verify_result; | 1212 CertVerifyResult verify_result; |
| 1218 int error = Verify(server_cert.get(), "jira.aquameta.com", flags, NULL, | 1213 int error = Verify(server_cert.get(), "jira.aquameta.com", flags, NULL, |
| 1219 CertificateList(), &verify_result); | 1214 CertificateList(), &verify_result); |
| 1220 | 1215 |
| 1221 // TODO(eroman): Change the test data so results are consistent across | 1216 // TODO(eroman): Change the test data so results are consistent across |
| 1222 // verifiers. | 1217 // verifiers. |
| 1223 if (verify_proc_type() == CERT_VERIFY_PROC_OPENSSL) { | 1218 if (verify_proc_type() == CERT_VERIFY_PROC_OPENSSL || |
| 1219 verify_proc_type() == CERT_VERIFY_PROC_BUILTIN) { | |
|
mattm
2017/04/12 01:58:05
From your other email, NSS was the only one that c
eroman
2017/04/14 21:07:47
This test is not well described. There are two cor
eroman
2017/04/14 21:42:48
Done.
| |
| 1224 // This certificate has two errors: "invalid key usage" and "untrusted CA". | 1220 // This certificate has two errors: "invalid key usage" and "untrusted CA". |
| 1225 // However, OpenSSL returns only one (the latter), and we can't detect | 1221 // However, the wrong key usage is not checked. |
| 1226 // the other errors. | |
| 1227 EXPECT_THAT(error, IsError(ERR_CERT_AUTHORITY_INVALID)); | 1222 EXPECT_THAT(error, IsError(ERR_CERT_AUTHORITY_INVALID)); |
| 1228 } else { | 1223 } else { |
| 1229 EXPECT_THAT(error, IsError(ERR_CERT_INVALID)); | 1224 EXPECT_THAT(error, IsError(ERR_CERT_INVALID)); |
| 1230 EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_INVALID); | 1225 EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_INVALID); |
| 1231 } | 1226 } |
| 1232 // TODO(wtc): fix http://crbug.com/75520 to get all the certificate errors | 1227 // TODO(wtc): fix http://crbug.com/75520 to get all the certificate errors |
| 1233 // from NSS. | 1228 // from NSS. |
| 1234 if (verify_proc_type() != CERT_VERIFY_PROC_NSS && | 1229 if (verify_proc_type() != CERT_VERIFY_PROC_NSS && |
| 1235 verify_proc_type() != CERT_VERIFY_PROC_IOS && | 1230 verify_proc_type() != CERT_VERIFY_PROC_IOS && |
| 1236 verify_proc_type() != CERT_VERIFY_PROC_ANDROID) { | 1231 verify_proc_type() != CERT_VERIFY_PROC_ANDROID) { |
| (...skipping 1151 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 2388 int flags = 0; | 2383 int flags = 0; |
| 2389 CertVerifyResult verify_result; | 2384 CertVerifyResult verify_result; |
| 2390 int error = verify_proc->Verify(cert.get(), "127.0.0.1", std::string(), flags, | 2385 int error = verify_proc->Verify(cert.get(), "127.0.0.1", std::string(), flags, |
| 2391 NULL, CertificateList(), &verify_result); | 2386 NULL, CertificateList(), &verify_result); |
| 2392 EXPECT_EQ(OK, error); | 2387 EXPECT_EQ(OK, error); |
| 2393 histograms.ExpectTotalCount(kTLSFeatureExtensionHistogram, 0); | 2388 histograms.ExpectTotalCount(kTLSFeatureExtensionHistogram, 0); |
| 2394 histograms.ExpectTotalCount(kTLSFeatureExtensionOCSPHistogram, 0); | 2389 histograms.ExpectTotalCount(kTLSFeatureExtensionOCSPHistogram, 0); |
| 2395 } | 2390 } |
| 2396 | 2391 |
| 2397 } // namespace net | 2392 } // namespace net |
| OLD | NEW |