OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/cert_verify_proc.h" | 5 #include "net/cert/cert_verify_proc.h" |
6 | 6 |
7 #include <vector> | 7 #include <vector> |
8 | 8 |
9 #include "base/callback_helpers.h" | 9 #include "base/callback_helpers.h" |
10 #include "base/files/file_path.h" | 10 #include "base/files/file_path.h" |
(...skipping 94 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
105 verify_result->verified_cert = cert; | 105 verify_result->verified_cert = cert; |
106 return OK; | 106 return OK; |
107 } | 107 } |
108 | 108 |
109 // This enum identifies a concrete implemenation of CertVerifyProc. | 109 // This enum identifies a concrete implemenation of CertVerifyProc. |
110 // | 110 // |
111 // The type is erased by CertVerifyProc::CreateDefault(), however | 111 // The type is erased by CertVerifyProc::CreateDefault(), however |
112 // needs to be known for some of the test expectations. | 112 // needs to be known for some of the test expectations. |
113 enum CertVerifyProcType { | 113 enum CertVerifyProcType { |
114 CERT_VERIFY_PROC_NSS, | 114 CERT_VERIFY_PROC_NSS, |
115 CERT_VERIFY_PROC_OPENSSL, | |
116 CERT_VERIFY_PROC_ANDROID, | 115 CERT_VERIFY_PROC_ANDROID, |
117 CERT_VERIFY_PROC_IOS, | 116 CERT_VERIFY_PROC_IOS, |
118 CERT_VERIFY_PROC_MAC, | 117 CERT_VERIFY_PROC_MAC, |
119 CERT_VERIFY_PROC_WIN, | 118 CERT_VERIFY_PROC_WIN, |
120 CERT_VERIFY_PROC_BUILTIN, | 119 CERT_VERIFY_PROC_BUILTIN, |
121 }; | 120 }; |
122 | 121 |
123 // Returns the CertVerifyProcType corresponding to what | 122 // Returns the CertVerifyProcType corresponding to what |
124 // CertVerifyProc::CreateDefault() returns. This needs to be kept in sync with | 123 // CertVerifyProc::CreateDefault() returns. This needs to be kept in sync with |
125 // CreateDefault(). | 124 // CreateDefault(). |
126 CertVerifyProcType GetDefaultCertVerifyProcType() { | 125 CertVerifyProcType GetDefaultCertVerifyProcType() { |
127 #if defined(USE_NSS_CERTS) | 126 #if defined(USE_NSS_CERTS) |
128 return CERT_VERIFY_PROC_NSS; | 127 return CERT_VERIFY_PROC_NSS; |
129 #elif defined(USE_OPENSSL_CERTS) && !defined(OS_ANDROID) | |
130 return CERT_VERIFY_PROC_OPENSSL; | |
131 #elif defined(OS_ANDROID) | 128 #elif defined(OS_ANDROID) |
132 return CERT_VERIFY_PROC_ANDROID; | 129 return CERT_VERIFY_PROC_ANDROID; |
133 #elif defined(OS_IOS) | 130 #elif defined(OS_IOS) |
134 return CERT_VERIFY_PROC_IOS; | 131 return CERT_VERIFY_PROC_IOS; |
135 #elif defined(OS_MACOSX) | 132 #elif defined(OS_MACOSX) |
136 return CERT_VERIFY_PROC_MAC; | 133 return CERT_VERIFY_PROC_MAC; |
137 #elif defined(OS_WIN) | 134 #elif defined(OS_WIN) |
138 return CERT_VERIFY_PROC_WIN; | 135 return CERT_VERIFY_PROC_WIN; |
139 #else | 136 #else |
140 // Will fail to compile. | 137 // Will fail to compile. |
141 #endif | 138 #endif |
142 } | 139 } |
143 | 140 |
144 // Whether the test is running within the iphone simulator. | 141 // Whether the test is running within the iphone simulator. |
145 const bool kTargetIsIphoneSimulator = | 142 const bool kTargetIsIphoneSimulator = |
146 #if TARGET_IPHONE_SIMULATOR | 143 #if TARGET_IPHONE_SIMULATOR |
147 true; | 144 true; |
148 #else | 145 #else |
149 false; | 146 false; |
150 #endif | 147 #endif |
151 | 148 |
152 // Returns a textual description of the CertVerifyProc implementation | 149 // Returns a textual description of the CertVerifyProc implementation |
153 // that is being tested, used to give better names to parameterized | 150 // that is being tested, used to give better names to parameterized |
154 // tests. | 151 // tests. |
155 std::string VerifyProcTypeToName( | 152 std::string VerifyProcTypeToName( |
156 const testing::TestParamInfo<CertVerifyProcType>& params) { | 153 const testing::TestParamInfo<CertVerifyProcType>& params) { |
157 switch (params.param) { | 154 switch (params.param) { |
158 case CERT_VERIFY_PROC_NSS: | 155 case CERT_VERIFY_PROC_NSS: |
159 return "CertVerifyProcNSS"; | 156 return "CertVerifyProcNSS"; |
160 case CERT_VERIFY_PROC_OPENSSL: | |
161 return "CertVerifyProcOpenSSL"; | |
162 case CERT_VERIFY_PROC_ANDROID: | 157 case CERT_VERIFY_PROC_ANDROID: |
163 return "CertVerifyProcAndroid"; | 158 return "CertVerifyProcAndroid"; |
164 case CERT_VERIFY_PROC_IOS: | 159 case CERT_VERIFY_PROC_IOS: |
165 return "CertVerifyProcIOS"; | 160 return "CertVerifyProcIOS"; |
166 case CERT_VERIFY_PROC_MAC: | 161 case CERT_VERIFY_PROC_MAC: |
167 return "CertVerifyProcMac"; | 162 return "CertVerifyProcMac"; |
168 case CERT_VERIFY_PROC_WIN: | 163 case CERT_VERIFY_PROC_WIN: |
169 return "CertVerifyProcWin"; | 164 return "CertVerifyProcWin"; |
170 case CERT_VERIFY_PROC_BUILTIN: | 165 case CERT_VERIFY_PROC_BUILTIN: |
171 return "CertVerifyProcBuiltin"; | 166 return "CertVerifyProcBuiltin"; |
(...skipping 1049 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1221 | 1216 |
1222 // TODO(wtc): fix http://crbug.com/75520 to get all the certificate errors | 1217 // TODO(wtc): fix http://crbug.com/75520 to get all the certificate errors |
1223 // from NSS. | 1218 // from NSS. |
1224 if (verify_proc_type() != CERT_VERIFY_PROC_NSS && | 1219 if (verify_proc_type() != CERT_VERIFY_PROC_NSS && |
1225 verify_proc_type() != CERT_VERIFY_PROC_ANDROID) { | 1220 verify_proc_type() != CERT_VERIFY_PROC_ANDROID) { |
1226 // The certificate is issued by an unknown CA. | 1221 // The certificate is issued by an unknown CA. |
1227 EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_AUTHORITY_INVALID); | 1222 EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_AUTHORITY_INVALID); |
1228 } | 1223 } |
1229 | 1224 |
1230 // TODO(crbug.com/649017): Don't special-case builtin verifier. | 1225 // TODO(crbug.com/649017): Don't special-case builtin verifier. |
1231 if (verify_proc_type() == CERT_VERIFY_PROC_OPENSSL || | 1226 if (verify_proc_type() == CERT_VERIFY_PROC_BUILTIN) { |
1232 verify_proc_type() == CERT_VERIFY_PROC_BUILTIN) { | |
1233 EXPECT_THAT(error, IsError(ERR_CERT_AUTHORITY_INVALID)); | 1227 EXPECT_THAT(error, IsError(ERR_CERT_AUTHORITY_INVALID)); |
1234 } else { | 1228 } else { |
1235 EXPECT_THAT(error, IsError(ERR_CERT_INVALID)); | 1229 EXPECT_THAT(error, IsError(ERR_CERT_INVALID)); |
1236 } | 1230 } |
1237 } | 1231 } |
1238 | 1232 |
1239 // Basic test for returning the chain in CertVerifyResult. Note that the | 1233 // Basic test for returning the chain in CertVerifyResult. Note that the |
1240 // returned chain may just be a reflection of the originally supplied chain; | 1234 // returned chain may just be a reflection of the originally supplied chain; |
1241 // that is, if any errors occur, the default chain returned is an exact copy | 1235 // that is, if any errors occur, the default chain returned is an exact copy |
1242 // of the certificate to be verified. The remaining VerifyReturn* tests are | 1236 // of the certificate to be verified. The remaining VerifyReturn* tests are |
(...skipping 1142 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2385 int flags = 0; | 2379 int flags = 0; |
2386 CertVerifyResult verify_result; | 2380 CertVerifyResult verify_result; |
2387 int error = verify_proc->Verify(cert.get(), "127.0.0.1", std::string(), flags, | 2381 int error = verify_proc->Verify(cert.get(), "127.0.0.1", std::string(), flags, |
2388 NULL, CertificateList(), &verify_result); | 2382 NULL, CertificateList(), &verify_result); |
2389 EXPECT_EQ(OK, error); | 2383 EXPECT_EQ(OK, error); |
2390 histograms.ExpectTotalCount(kTLSFeatureExtensionHistogram, 0); | 2384 histograms.ExpectTotalCount(kTLSFeatureExtensionHistogram, 0); |
2391 histograms.ExpectTotalCount(kTLSFeatureExtensionOCSPHistogram, 0); | 2385 histograms.ExpectTotalCount(kTLSFeatureExtensionOCSPHistogram, 0); |
2392 } | 2386 } |
2393 | 2387 |
2394 } // namespace net | 2388 } // namespace net |
OLD | NEW |