| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/internal/test_helpers.h" | 5 #include "net/cert/internal/test_helpers.h" |
| 6 | 6 |
| 7 #include "base/base64.h" | 7 #include "base/base64.h" |
| 8 #include "base/base_paths.h" | 8 #include "base/base_paths.h" |
| 9 #include "base/files/file_util.h" | 9 #include "base/files/file_util.h" |
| 10 #include "base/path_service.h" | 10 #include "base/path_service.h" |
| (...skipping 118 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 129 pem_headers.push_back(kTrustAnchorConstrained); | 129 pem_headers.push_back(kTrustAnchorConstrained); |
| 130 pem_headers.push_back(kTimeHeader); | 130 pem_headers.push_back(kTimeHeader); |
| 131 pem_headers.push_back(kResultHeader); | 131 pem_headers.push_back(kResultHeader); |
| 132 pem_headers.push_back(kErrorsHeader); | 132 pem_headers.push_back(kErrorsHeader); |
| 133 pem_headers.push_back(kKeyPurpose); | 133 pem_headers.push_back(kKeyPurpose); |
| 134 | 134 |
| 135 bool has_time = false; | 135 bool has_time = false; |
| 136 bool has_result = false; | 136 bool has_result = false; |
| 137 bool has_errors = false; | 137 bool has_errors = false; |
| 138 bool has_key_purpose = false; | 138 bool has_key_purpose = false; |
| 139 bool has_trust_anchor = false; |
| 139 | 140 |
| 140 PEMTokenizer pem_tokenizer(file_data, pem_headers); | 141 PEMTokenizer pem_tokenizer(file_data, pem_headers); |
| 141 while (pem_tokenizer.GetNext()) { | 142 while (pem_tokenizer.GetNext()) { |
| 142 const std::string& block_type = pem_tokenizer.block_type(); | 143 const std::string& block_type = pem_tokenizer.block_type(); |
| 143 const std::string& block_data = pem_tokenizer.data(); | 144 const std::string& block_data = pem_tokenizer.data(); |
| 144 | 145 |
| 145 if (block_type == kCertificateHeader) { | 146 if (block_type == kCertificateHeader) { |
| 147 ASSERT_FALSE(has_trust_anchor) << "Trust anchor must appear last"; |
| 146 CertErrors errors; | 148 CertErrors errors; |
| 147 ASSERT_TRUE(net::ParsedCertificate::CreateAndAddToVector( | 149 ASSERT_TRUE(net::ParsedCertificate::CreateAndAddToVector( |
| 148 bssl::UniquePtr<CRYPTO_BUFFER>(CRYPTO_BUFFER_new( | 150 bssl::UniquePtr<CRYPTO_BUFFER>(CRYPTO_BUFFER_new( |
| 149 reinterpret_cast<const uint8_t*>(block_data.data()), | 151 reinterpret_cast<const uint8_t*>(block_data.data()), |
| 150 block_data.size(), nullptr)), | 152 block_data.size(), nullptr)), |
| 151 {}, &test->chain, &errors)) | 153 {}, &test->chain, &errors)) |
| 152 << errors.ToDebugString(); | 154 << errors.ToDebugString(); |
| 153 } else if (block_type == kTrustAnchorUnconstrained || | 155 } else if (block_type == kTrustAnchorUnconstrained || |
| 154 block_type == kTrustAnchorConstrained) { | 156 block_type == kTrustAnchorConstrained) { |
| 155 ASSERT_FALSE(test->trust_anchor) << "Duplicate trust anchor"; | 157 ASSERT_FALSE(has_trust_anchor) << "Duplicate trust anchor"; |
| 156 CertErrors errors; | 158 CertErrors errors; |
| 157 scoped_refptr<ParsedCertificate> root = net::ParsedCertificate::Create( | 159 scoped_refptr<ParsedCertificate> root = net::ParsedCertificate::Create( |
| 158 bssl::UniquePtr<CRYPTO_BUFFER>(CRYPTO_BUFFER_new( | 160 bssl::UniquePtr<CRYPTO_BUFFER>(CRYPTO_BUFFER_new( |
| 159 reinterpret_cast<const uint8_t*>(block_data.data()), | 161 reinterpret_cast<const uint8_t*>(block_data.data()), |
| 160 block_data.size(), nullptr)), | 162 block_data.size(), nullptr)), |
| 161 {}, &errors); | 163 {}, &errors); |
| 162 ASSERT_TRUE(root) << errors.ToDebugString(); | 164 ASSERT_TRUE(root) << errors.ToDebugString(); |
| 163 test->trust_anchor = | 165 test->chain.push_back(std::move(root)); |
| 164 block_type == kTrustAnchorUnconstrained | 166 test->last_cert_trust = |
| 165 ? TrustAnchor::CreateFromCertificateNoConstraints(std::move(root)) | 167 (block_type == kTrustAnchorUnconstrained) |
| 166 : TrustAnchor::CreateFromCertificateWithConstraints( | 168 ? CertificateTrust::ForTrustAnchor() |
| 167 std::move(root)); | 169 : CertificateTrust::ForTrustAnchorEnforcingConstraints(); |
| 170 has_trust_anchor = true; |
| 168 } else if (block_type == kTimeHeader) { | 171 } else if (block_type == kTimeHeader) { |
| 169 ASSERT_FALSE(has_time) << "Duplicate " << kTimeHeader; | 172 ASSERT_FALSE(has_time) << "Duplicate " << kTimeHeader; |
| 170 has_time = true; | 173 has_time = true; |
| 171 ASSERT_TRUE(der::ParseUTCTime(der::Input(&block_data), &test->time)); | 174 ASSERT_TRUE(der::ParseUTCTime(der::Input(&block_data), &test->time)); |
| 172 } else if (block_type == kKeyPurpose) { | 175 } else if (block_type == kKeyPurpose) { |
| 173 ASSERT_FALSE(has_key_purpose) << "Duplicate " << kKeyPurpose; | 176 ASSERT_FALSE(has_key_purpose) << "Duplicate " << kKeyPurpose; |
| 174 has_key_purpose = true; | 177 has_key_purpose = true; |
| 175 | 178 |
| 176 if (block_data == "anyExtendedKeyUsage") { | 179 if (block_data == "anyExtendedKeyUsage") { |
| 177 test->key_purpose = KeyPurpose::ANY_EKU; | 180 test->key_purpose = KeyPurpose::ANY_EKU; |
| (...skipping 12 matching lines...) Expand all Loading... |
| 190 test->expected_result = block_data == "SUCCESS"; | 193 test->expected_result = block_data == "SUCCESS"; |
| 191 } else if (block_type == kErrorsHeader) { | 194 } else if (block_type == kErrorsHeader) { |
| 192 ASSERT_FALSE(has_errors) << "Duplicate " << kErrorsHeader; | 195 ASSERT_FALSE(has_errors) << "Duplicate " << kErrorsHeader; |
| 193 has_errors = true; | 196 has_errors = true; |
| 194 test->expected_errors = block_data; | 197 test->expected_errors = block_data; |
| 195 } | 198 } |
| 196 } | 199 } |
| 197 | 200 |
| 198 ASSERT_TRUE(has_time); | 201 ASSERT_TRUE(has_time); |
| 199 ASSERT_TRUE(has_result); | 202 ASSERT_TRUE(has_result); |
| 200 ASSERT_TRUE(test->trust_anchor); | 203 ASSERT_TRUE(has_trust_anchor); |
| 201 ASSERT_TRUE(has_key_purpose); | 204 ASSERT_TRUE(has_key_purpose); |
| 202 } | 205 } |
| 203 | 206 |
| 204 std::string ReadTestFileToString(const std::string& file_path_ascii) { | 207 std::string ReadTestFileToString(const std::string& file_path_ascii) { |
| 205 // Compute the full path, relative to the src/ directory. | 208 // Compute the full path, relative to the src/ directory. |
| 206 base::FilePath src_root; | 209 base::FilePath src_root; |
| 207 PathService::Get(base::DIR_SOURCE_ROOT, &src_root); | 210 PathService::Get(base::DIR_SOURCE_ROOT, &src_root); |
| 208 base::FilePath filepath = src_root.AppendASCII(file_path_ascii); | 211 base::FilePath filepath = src_root.AppendASCII(file_path_ascii); |
| 209 | 212 |
| 210 // Read the full contents of the file. | 213 // Read the full contents of the file. |
| 211 std::string file_data; | 214 std::string file_data; |
| 212 if (!base::ReadFileToString(filepath, &file_data)) { | 215 if (!base::ReadFileToString(filepath, &file_data)) { |
| 213 ADD_FAILURE() << "Couldn't read file: " << filepath.value(); | 216 ADD_FAILURE() << "Couldn't read file: " << filepath.value(); |
| 214 return std::string(); | 217 return std::string(); |
| 215 } | 218 } |
| 216 | 219 |
| 217 return file_data; | 220 return file_data; |
| 218 } | 221 } |
| 219 | 222 |
| 220 } // namespace net | 223 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2832703002:
Allow the TrustStore interface to return matching intermediates, and identify distrusted certs. (Closed)
