| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/cert_verify_proc.h" | 5 #include "net/cert/cert_verify_proc.h" |
| 6 | 6 |
| 7 #include <vector> | 7 #include <vector> |
| 8 | 8 |
| 9 #include "base/callback_helpers.h" | 9 #include "base/callback_helpers.h" |
| 10 #include "base/files/file_path.h" | 10 #include "base/files/file_path.h" |
| (...skipping 378 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 389 // invalid certificate. | 389 // invalid certificate. |
| 390 if (verify_proc_type() == CERT_VERIFY_PROC_NSS || | 390 if (verify_proc_type() == CERT_VERIFY_PROC_NSS || |
| 391 verify_proc_type() == CERT_VERIFY_PROC_WIN) { | 391 verify_proc_type() == CERT_VERIFY_PROC_WIN) { |
| 392 EXPECT_TRUE(verify_result.cert_status & | 392 EXPECT_TRUE(verify_result.cert_status & |
| 393 (CERT_STATUS_COMMON_NAME_INVALID | CERT_STATUS_INVALID)); | 393 (CERT_STATUS_COMMON_NAME_INVALID | CERT_STATUS_INVALID)); |
| 394 } | 394 } |
| 395 | 395 |
| 396 // TODO(crbug.com/649017): What expectations to use for the other verifiers? | 396 // TODO(crbug.com/649017): What expectations to use for the other verifiers? |
| 397 } | 397 } |
| 398 | 398 |
| 399 #if BUILDFLAG(USE_BYTE_CERTS) |
| 400 // Tests the case where the target certificate is accepted by |
| 401 // X509CertificateBytes, but has errors that should cause verification to fail. |
| 402 TEST_P(CertVerifyProcInternalTest, InvalidTarget) { |
| 403 base::FilePath certs_dir = |
| 404 GetTestNetDataDirectory().AppendASCII("parse_certificate_unittest"); |
| 405 scoped_refptr<X509Certificate> bad_cert = |
| 406 ImportCertFromFile(certs_dir, "extensions_data_after_sequence.pem"); |
| 407 ASSERT_TRUE(bad_cert); |
| 408 |
| 409 scoped_refptr<X509Certificate> ok_cert( |
| 410 ImportCertFromFile(GetTestCertsDirectory(), "ok_cert.pem")); |
| 411 ASSERT_TRUE(ok_cert); |
| 412 |
| 413 scoped_refptr<X509Certificate> cert_with_bad_target( |
| 414 X509Certificate::CreateFromHandle(bad_cert->os_cert_handle(), |
| 415 {ok_cert->os_cert_handle()})); |
| 416 ASSERT_TRUE(cert_with_bad_target); |
| 417 EXPECT_EQ(1U, cert_with_bad_target->GetIntermediateCertificates().size()); |
| 418 |
| 419 int flags = 0; |
| 420 CertVerifyResult verify_result; |
| 421 int error = Verify(cert_with_bad_target.get(), "127.0.0.1", flags, NULL, |
| 422 CertificateList(), &verify_result); |
| 423 |
| 424 EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_INVALID); |
| 425 EXPECT_THAT(error, IsError(ERR_CERT_INVALID)); |
| 426 } |
| 427 |
| 428 // Tests the case where an intermediate certificate is accepted by |
| 429 // X509CertificateBytes, but has errors that should cause verification to fail. |
| 430 TEST_P(CertVerifyProcInternalTest, InvalidIntermediate) { |
| 431 base::FilePath certs_dir = |
| 432 GetTestNetDataDirectory().AppendASCII("parse_certificate_unittest"); |
| 433 scoped_refptr<X509Certificate> bad_cert = |
| 434 ImportCertFromFile(certs_dir, "extensions_data_after_sequence.pem"); |
| 435 ASSERT_TRUE(bad_cert); |
| 436 |
| 437 scoped_refptr<X509Certificate> ok_cert( |
| 438 ImportCertFromFile(GetTestCertsDirectory(), "ok_cert.pem")); |
| 439 ASSERT_TRUE(ok_cert); |
| 440 |
| 441 scoped_refptr<X509Certificate> cert_with_bad_intermediate( |
| 442 X509Certificate::CreateFromHandle(ok_cert->os_cert_handle(), |
| 443 {bad_cert->os_cert_handle()})); |
| 444 ASSERT_TRUE(cert_with_bad_intermediate); |
| 445 EXPECT_EQ(1U, |
| 446 cert_with_bad_intermediate->GetIntermediateCertificates().size()); |
| 447 |
| 448 int flags = 0; |
| 449 CertVerifyResult verify_result; |
| 450 int error = Verify(cert_with_bad_intermediate.get(), "127.0.0.1", flags, NULL, |
| 451 CertificateList(), &verify_result); |
| 452 |
| 453 EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_INVALID); |
| 454 EXPECT_THAT(error, IsError(ERR_CERT_INVALID)); |
| 455 } |
| 456 #endif // BUILDFLAG(USE_BYTE_CERTS) |
| 457 |
| 399 // A regression test for http://crbug.com/31497. | 458 // A regression test for http://crbug.com/31497. |
| 400 TEST_P(CertVerifyProcInternalTest, IntermediateCARequireExplicitPolicy) { | 459 TEST_P(CertVerifyProcInternalTest, IntermediateCARequireExplicitPolicy) { |
| 401 if (verify_proc_type() == CERT_VERIFY_PROC_ANDROID) { | 460 if (verify_proc_type() == CERT_VERIFY_PROC_ANDROID) { |
| 402 // Disabled on Android, as the Android verification libraries require an | 461 // Disabled on Android, as the Android verification libraries require an |
| 403 // explicit policy to be specified, even when anyPolicy is permitted. | 462 // explicit policy to be specified, even when anyPolicy is permitted. |
| 404 LOG(INFO) << "Skipping test on Android"; | 463 LOG(INFO) << "Skipping test on Android"; |
| 405 return; | 464 return; |
| 406 } | 465 } |
| 407 | 466 |
| 408 base::FilePath certs_dir = GetTestCertsDirectory(); | 467 base::FilePath certs_dir = GetTestCertsDirectory(); |
| (...skipping 1970 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2379 int flags = 0; | 2438 int flags = 0; |
| 2380 CertVerifyResult verify_result; | 2439 CertVerifyResult verify_result; |
| 2381 int error = verify_proc->Verify(cert.get(), "127.0.0.1", std::string(), flags, | 2440 int error = verify_proc->Verify(cert.get(), "127.0.0.1", std::string(), flags, |
| 2382 NULL, CertificateList(), &verify_result); | 2441 NULL, CertificateList(), &verify_result); |
| 2383 EXPECT_EQ(OK, error); | 2442 EXPECT_EQ(OK, error); |
| 2384 histograms.ExpectTotalCount(kTLSFeatureExtensionHistogram, 0); | 2443 histograms.ExpectTotalCount(kTLSFeatureExtensionHistogram, 0); |
| 2385 histograms.ExpectTotalCount(kTLSFeatureExtensionOCSPHistogram, 0); | 2444 histograms.ExpectTotalCount(kTLSFeatureExtensionOCSPHistogram, 0); |
| 2386 } | 2445 } |
| 2387 | 2446 |
| 2388 } // namespace net | 2447 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2889813002:
Add tests for certificates that pass X509CertificateBytes parsing, but fail in CertVerifyProc. Fix … (Closed)
