Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1001)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/cert_verify_proc_unittest.cc

Issue 2951343002: Remove residual support for SHA-1 public key pins. (Closed)
Patch Set: Remove the rest of HASH_VALUE_SHA1; respond to comments. Created 3 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/cert/cert_verify_proc_nss.cc ('k') | net/cert/cert_verify_proc_win.cc » ('j') | net/data/ssl/name_constrained/README.md » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/cert_verify_proc.h" 5 #include "net/cert/cert_verify_proc.h"
6 6
7 #include <vector> 7 #include <vector>
8 8
9 #include "base/callback_helpers.h" 9 #include "base/callback_helpers.h"
10 #include "base/files/file_path.h" 10 #include "base/files/file_path.h"
(...skipping 1292 matching lines...) Expand 10 before | Expand all | Expand 10 after
1303 certs[0]->os_cert_handle(), intermediates); 1303 certs[0]->os_cert_handle(), intermediates);
1304 ASSERT_TRUE(cert_chain); 1304 ASSERT_TRUE(cert_chain);
1305 ASSERT_EQ(2U, cert_chain->GetIntermediateCertificates().size()); 1305 ASSERT_EQ(2U, cert_chain->GetIntermediateCertificates().size());
1306 1306
1307 int flags = 0; 1307 int flags = 0;
1308 CertVerifyResult verify_result; 1308 CertVerifyResult verify_result;
1309 int error = Verify(cert_chain.get(), "127.0.0.1", flags, NULL, 1309 int error = Verify(cert_chain.get(), "127.0.0.1", flags, NULL,
1310 CertificateList(), &verify_result); 1310 CertificateList(), &verify_result);
1311 EXPECT_THAT(error, IsOk()); 1311 EXPECT_THAT(error, IsOk());
1312 1312
1313 // There are 2 hashes each of the 3 certificates in the verified chain. 1313 EXPECT_EQ(3u, verify_result.public_key_hashes.size());
1314 EXPECT_EQ(6u, verify_result.public_key_hashes.size());
1315 1314
1316 // Convert |public_key_hashes| to strings for ease of comparison. 1315 // Convert |public_key_hashes| to strings for ease of comparison.
1317 std::vector<std::string> public_key_hash_strings; 1316 std::vector<std::string> public_key_hash_strings;
1318 for (const auto& public_key_hash : verify_result.public_key_hashes) 1317 for (const auto& public_key_hash : verify_result.public_key_hashes)
1319 public_key_hash_strings.push_back(public_key_hash.ToString()); 1318 public_key_hash_strings.push_back(public_key_hash.ToString());
1320 1319
1321 std::vector<std::string> expected_public_key_hashes = { 1320 std::vector<std::string> expected_public_key_hashes = {
1322 // Target 1321 // Target
1323 "sha1/eykCtxdjf+9TcP+dle4RZOcuWfI=",
1324 "sha256/jpsUnwFFTO7e+l5zQDYhutkf7uA+dCVsWfRvv0UDX40=", 1322 "sha256/jpsUnwFFTO7e+l5zQDYhutkf7uA+dCVsWfRvv0UDX40=",
1325 1323
1326 // Intermediate 1324 // Intermediate
1327 "sha1/UCuWOTyNcmLrd/Ie2jTjCHyGV7M=",
1328 "sha256/D9u0epgvPYlG9YiVp7V+IMT+xhUpB5BhsS/INjDXc4Y=", 1325 "sha256/D9u0epgvPYlG9YiVp7V+IMT+xhUpB5BhsS/INjDXc4Y=",
1329 1326
1330 // Trust anchor 1327 // Trust anchor
1331 "sha1/7lRAdhiny84OU7rosLno5A+v0ls=",
1332 "sha256/VypP3VWL7OaqTJ7mIBehWYlv8khPuFHpWiearZI2YjI="}; 1328 "sha256/VypP3VWL7OaqTJ7mIBehWYlv8khPuFHpWiearZI2YjI="};
1333 1329
1334 // |public_key_hashes| does not have an ordering guarantee. 1330 // |public_key_hashes| does not have an ordering guarantee.
1335 EXPECT_THAT(expected_public_key_hashes, 1331 EXPECT_THAT(expected_public_key_hashes,
1336 testing::UnorderedElementsAreArray(public_key_hash_strings)); 1332 testing::UnorderedElementsAreArray(public_key_hash_strings));
1337 } 1333 }
1338 1334
1339 // A regression test for http://crbug.com/70293. 1335 // A regression test for http://crbug.com/70293.
1340 // The certificate in question has a key purpose of clientAuth, and also lacks 1336 // The certificate in question has a key purpose of clientAuth, and also lacks
1341 // the required key usage for serverAuth. 1337 // the required key usage for serverAuth.
(...skipping 1180 matching lines...) Expand 10 before | Expand all | Expand 10 after
2522 int flags = 0; 2518 int flags = 0;
2523 CertVerifyResult verify_result; 2519 CertVerifyResult verify_result;
2524 int error = verify_proc->Verify(cert.get(), "127.0.0.1", std::string(), flags, 2520 int error = verify_proc->Verify(cert.get(), "127.0.0.1", std::string(), flags,
2525 NULL, CertificateList(), &verify_result); 2521 NULL, CertificateList(), &verify_result);
2526 EXPECT_EQ(OK, error); 2522 EXPECT_EQ(OK, error);
2527 histograms.ExpectTotalCount(kTLSFeatureExtensionHistogram, 0); 2523 histograms.ExpectTotalCount(kTLSFeatureExtensionHistogram, 0);
2528 histograms.ExpectTotalCount(kTLSFeatureExtensionOCSPHistogram, 0); 2524 histograms.ExpectTotalCount(kTLSFeatureExtensionOCSPHistogram, 0);
2529 } 2525 }
2530 2526
2531 } // namespace net 2527 } // namespace net
OLDNEW
« no previous file with comments | « net/cert/cert_verify_proc_nss.cc ('k') | net/cert/cert_verify_proc_win.cc » ('j') | net/data/ssl/name_constrained/README.md » ('J')

Powered by Google App Engine
This is Rietveld 408576698