OLD | NEW |
1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "base/pickle.h" | |
6 #include "net/base/cert_status_flags.h" | |
7 #include "net/base/cert_verify_result.h" | |
8 #include "net/base/net_errors.h" | |
9 #include "net/base/x509_certificate.h" | |
10 #include "testing/gtest/include/gtest/gtest.h" | |
11 | |
12 // Unit tests aren't allowed to access external resources. Unfortunately, to | |
13 // properly verify the EV-ness of a cert, we need to check for its revocation | |
14 // through online servers. If you're manually running unit tests, feel free to | |
15 // turn this on to test EV certs. But leave it turned off for the automated | |
16 // testing. | |
17 #define ALLOW_EXTERNAL_ACCESS 0 | |
18 | |
19 #if ALLOW_EXTERNAL_ACCESS && defined(OS_WIN) | |
20 #define TEST_EV 1 // Test CERT_STATUS_IS_EV | |
21 #endif | |
22 | |
23 using base::Time; | |
24 | |
25 namespace { | 5 namespace { |
26 | 6 |
27 // Certificates for test data. They're obtained with: | 7 // Certificates for test data. They're obtained with: |
28 // | 8 // |
29 // $ openssl s_client -connect [host]:443 -showcerts > /tmp/host.pem < /dev/null | 9 // $ openssl s_client -connect [host]:443 -showcerts > /tmp/host.pem < /dev/null |
30 // $ openssl x509 -inform PEM -outform DER < /tmp/host.pem > /tmp/host.der | 10 // $ openssl x509 -inform PEM -outform DER < /tmp/host.pem > /tmp/host.der |
31 // $ xxd -i /tmp/host.der | 11 // $ xxd -i /tmp/host.der |
32 // | 12 // |
33 // For fingerprint | 13 // TODO(wtc): move these certificates to data files in the |
34 // $ openssl x509 -inform DER -fingerprint -noout < /tmp/host.der | 14 // src/net/data/ssl/certificates directory. |
35 | |
36 // For valid_start, valid_expiry | |
37 // $ openssl x509 -inform DER -text -noout < /tmp/host.der | | |
38 // grep -A 2 Validity | |
39 // $ date +%s -d '<date str>' | |
40 | 15 |
41 // Google's cert. | 16 // Google's cert. |
42 | 17 |
43 unsigned char google_der[] = { | 18 unsigned char google_der[] = { |
44 0x30, 0x82, 0x03, 0x21, 0x30, 0x82, 0x02, 0x8a, 0xa0, 0x03, 0x02, 0x01, | 19 0x30, 0x82, 0x03, 0x21, 0x30, 0x82, 0x02, 0x8a, 0xa0, 0x03, 0x02, 0x01, |
45 0x02, 0x02, 0x10, 0x01, 0x2a, 0x39, 0x76, 0x0d, 0x3f, 0x4f, 0xc9, 0x0b, | 20 0x02, 0x02, 0x10, 0x01, 0x2a, 0x39, 0x76, 0x0d, 0x3f, 0x4f, 0xc9, 0x0b, |
46 0xe7, 0xbd, 0x2b, 0xcf, 0x95, 0x2e, 0x7a, 0x30, 0x0d, 0x06, 0x09, 0x2a, | 21 0xe7, 0xbd, 0x2b, 0xcf, 0x95, 0x2e, 0x7a, 0x30, 0x0d, 0x06, 0x09, 0x2a, |
47 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x4c, | 22 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x4c, |
48 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x5a, | 23 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x5a, |
49 0x41, 0x31, 0x25, 0x30, 0x23, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x1c, | 24 0x41, 0x31, 0x25, 0x30, 0x23, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x1c, |
(...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
104 0x98, 0x72, 0x07, 0x80, 0xc3, 0x59, 0x48, 0x14, 0xe2, 0xd6, 0xef, 0xd0, | 79 0x98, 0x72, 0x07, 0x80, 0xc3, 0x59, 0x48, 0x14, 0xe2, 0xd6, 0xef, 0xd0, |
105 0x8f, 0x33, 0x6a, 0x68, 0x31, 0xfa, 0xb7, 0xbb, 0x85, 0xcc, 0xf7, 0xc7, | 80 0x8f, 0x33, 0x6a, 0x68, 0x31, 0xfa, 0xb7, 0xbb, 0x85, 0xcc, 0xf7, 0xc7, |
106 0x47, 0x7b, 0x67, 0x93, 0x3c, 0xc3, 0x16, 0x51, 0x9b, 0x6f, 0x87, 0x20, | 81 0x47, 0x7b, 0x67, 0x93, 0x3c, 0xc3, 0x16, 0x51, 0x9b, 0x6f, 0x87, 0x20, |
107 0xfd, 0x67, 0x4c, 0x2b, 0xea, 0x6a, 0x49, 0xdb, 0x11, 0xd1, 0xbd, 0xd7, | 82 0xfd, 0x67, 0x4c, 0x2b, 0xea, 0x6a, 0x49, 0xdb, 0x11, 0xd1, 0xbd, 0xd7, |
108 0x95, 0x22, 0x43, 0x7a, 0x06, 0x7b, 0x4e, 0xf6, 0x37, 0x8e, 0xa2, 0xb9, | 83 0x95, 0x22, 0x43, 0x7a, 0x06, 0x7b, 0x4e, 0xf6, 0x37, 0x8e, 0xa2, 0xb9, |
109 0xcf, 0x1f, 0xa5, 0xd2, 0xbd, 0x3b, 0x04, 0x97, 0x39, 0xb3, 0x0f, 0xfa, | 84 0xcf, 0x1f, 0xa5, 0xd2, 0xbd, 0x3b, 0x04, 0x97, 0x39, 0xb3, 0x0f, 0xfa, |
110 0x38, 0xb5, 0xaf, 0x55, 0x20, 0x88, 0x60, 0x93, 0xf2, 0xde, 0xdb, 0xff, | 85 0x38, 0xb5, 0xaf, 0x55, 0x20, 0x88, 0x60, 0x93, 0xf2, 0xde, 0xdb, 0xff, |
111 0xdf | 86 0xdf |
112 }; | 87 }; |
113 | 88 |
114 unsigned char google_fingerprint[] = { | |
115 0xab, 0xbe, 0x5e, 0xb4, 0x93, 0x88, 0x4e, 0xe4, 0x60, 0xc6, 0xef, 0xf8, | |
116 0xea, 0xd4, 0xb1, 0x55, 0x4b, 0xc9, 0x59, 0x3c | |
117 }; | |
118 | |
119 // webkit.org's cert. | 89 // webkit.org's cert. |
120 | 90 |
121 unsigned char webkit_der[] = { | 91 unsigned char webkit_der[] = { |
122 0x30, 0x82, 0x05, 0x0d, 0x30, 0x82, 0x03, 0xf5, 0xa0, 0x03, 0x02, 0x01, | 92 0x30, 0x82, 0x05, 0x0d, 0x30, 0x82, 0x03, 0xf5, 0xa0, 0x03, 0x02, 0x01, |
123 0x02, 0x02, 0x03, 0x43, 0xdd, 0x63, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, | 93 0x02, 0x02, 0x03, 0x43, 0xdd, 0x63, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, |
124 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x81, 0xca, | 94 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x81, 0xca, |
125 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, | 95 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, |
126 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x07, | 96 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x07, |
127 0x41, 0x72, 0x69, 0x7a, 0x6f, 0x6e, 0x61, 0x31, 0x13, 0x30, 0x11, 0x06, | 97 0x41, 0x72, 0x69, 0x7a, 0x6f, 0x6e, 0x61, 0x31, 0x13, 0x30, 0x11, 0x06, |
128 0x03, 0x55, 0x04, 0x07, 0x13, 0x0a, 0x53, 0x63, 0x6f, 0x74, 0x74, 0x73, | 98 0x03, 0x55, 0x04, 0x07, 0x13, 0x0a, 0x53, 0x63, 0x6f, 0x74, 0x74, 0x73, |
(...skipping 94 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
223 0x0c, 0xa4, 0xff, 0x93, 0x13, 0x1f, 0xfc, 0xba, 0x94, 0x93, 0x8c, 0x64, | 193 0x0c, 0xa4, 0xff, 0x93, 0x13, 0x1f, 0xfc, 0xba, 0x94, 0x93, 0x8c, 0x64, |
224 0x15, 0x2e, 0x28, 0xa9, 0x55, 0x8c, 0x2c, 0x48, 0xd3, 0xd3, 0xc1, 0x50, | 194 0x15, 0x2e, 0x28, 0xa9, 0x55, 0x8c, 0x2c, 0x48, 0xd3, 0xd3, 0xc1, 0x50, |
225 0x69, 0x19, 0xe8, 0x34, 0xd3, 0xf1, 0x04, 0x9f, 0x0a, 0x7a, 0x21, 0x87, | 195 0x69, 0x19, 0xe8, 0x34, 0xd3, 0xf1, 0x04, 0x9f, 0x0a, 0x7a, 0x21, 0x87, |
226 0xbf, 0xb9, 0x59, 0x37, 0x2e, 0xf4, 0x71, 0xa5, 0x3e, 0xbe, 0xcd, 0x70, | 196 0xbf, 0xb9, 0x59, 0x37, 0x2e, 0xf4, 0x71, 0xa5, 0x3e, 0xbe, 0xcd, 0x70, |
227 0x83, 0x18, 0xf8, 0x8a, 0x72, 0x85, 0x45, 0x1f, 0x08, 0x01, 0x6f, 0x37, | 197 0x83, 0x18, 0xf8, 0x8a, 0x72, 0x85, 0x45, 0x1f, 0x08, 0x01, 0x6f, 0x37, |
228 0xf5, 0x2b, 0x7b, 0xea, 0xb9, 0x8b, 0xa3, 0xcc, 0xfd, 0x35, 0x52, 0xdd, | 198 0xf5, 0x2b, 0x7b, 0xea, 0xb9, 0x8b, 0xa3, 0xcc, 0xfd, 0x35, 0x52, 0xdd, |
229 0x66, 0xde, 0x4f, 0x30, 0xc5, 0x73, 0x81, 0xb6, 0xe8, 0x3c, 0xd8, 0x48, | 199 0x66, 0xde, 0x4f, 0x30, 0xc5, 0x73, 0x81, 0xb6, 0xe8, 0x3c, 0xd8, 0x48, |
230 0x8a | 200 0x8a |
231 }; | 201 }; |
232 | 202 |
233 unsigned char webkit_fingerprint[] = { | |
234 0xa1, 0x4a, 0x94, 0x46, 0x22, 0x8e, 0x70, 0x66, 0x2b, 0x94, 0xf9, 0xf8, | |
235 0x57, 0x83, 0x2d, 0xa2, 0xff, 0xbc, 0x84, 0xc2 | |
236 }; | |
237 | |
238 // thawte.com's cert (it's EV-licious!). | 203 // thawte.com's cert (it's EV-licious!). |
239 unsigned char thawte_der[] = { | 204 unsigned char thawte_der[] = { |
240 0x30, 0x82, 0x04, 0xa5, 0x30, 0x82, 0x03, 0x8d, 0xa0, 0x03, 0x02, 0x01, | 205 0x30, 0x82, 0x04, 0xa5, 0x30, 0x82, 0x03, 0x8d, 0xa0, 0x03, 0x02, 0x01, |
241 0x02, 0x02, 0x10, 0x17, 0x76, 0x05, 0x88, 0x95, 0x58, 0xee, 0xbb, 0x00, | 206 0x02, 0x02, 0x10, 0x17, 0x76, 0x05, 0x88, 0x95, 0x58, 0xee, 0xbb, 0x00, |
242 0xda, 0x10, 0xe5, 0xf0, 0xf3, 0x9c, 0xf0, 0x30, 0x0d, 0x06, 0x09, 0x2a, | 207 0xda, 0x10, 0xe5, 0xf0, 0xf3, 0x9c, 0xf0, 0x30, 0x0d, 0x06, 0x09, 0x2a, |
243 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x81, | 208 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x81, |
244 0x8b, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, | 209 0x8b, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, |
245 0x55, 0x53, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, | 210 0x55, 0x53, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, |
246 0x0c, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2c, 0x20, 0x49, 0x6e, 0x63, | 211 0x0c, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2c, 0x20, 0x49, 0x6e, 0x63, |
247 0x2e, 0x31, 0x39, 0x30, 0x37, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x30, | 212 0x2e, 0x31, 0x39, 0x30, 0x37, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x30, |
(...skipping 84 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
332 0x05, 0x4b, 0xf7, 0x2d, 0x02, 0xee, 0x50, 0x26, 0xd1, 0x48, 0x01, 0x60, | 297 0x05, 0x4b, 0xf7, 0x2d, 0x02, 0xee, 0x50, 0x26, 0xd1, 0x48, 0x01, 0x60, |
333 0xdc, 0x3c, 0xa7, 0xdb, 0xeb, 0xca, 0x8b, 0xa6, 0xff, 0x9e, 0x47, 0x5d, | 298 0xdc, 0x3c, 0xa7, 0xdb, 0xeb, 0xca, 0x8b, 0xa6, 0xff, 0x9e, 0x47, 0x5d, |
334 0x87, 0x40, 0xf8, 0xd2, 0x82, 0xd7, 0x13, 0x64, 0x0e, 0xd4, 0xb3, 0x29, | 299 0x87, 0x40, 0xf8, 0xd2, 0x82, 0xd7, 0x13, 0x64, 0x0e, 0xd4, 0xb3, 0x29, |
335 0x22, 0xa7, 0xe0, 0xc8, 0xcd, 0x8c, 0x4d, 0xf5, 0x11, 0x21, 0x26, 0x02, | 300 0x22, 0xa7, 0xe0, 0xc8, 0xcd, 0x8c, 0x4d, 0xf5, 0x11, 0x21, 0x26, 0x02, |
336 0x43, 0x33, 0x8e, 0xa9, 0x3f, 0x91, 0xd4, 0x05, 0x97, 0xc9, 0xd3, 0x42, | 301 0x43, 0x33, 0x8e, 0xa9, 0x3f, 0x91, 0xd4, 0x05, 0x97, 0xc9, 0xd3, 0x42, |
337 0x6b, 0x05, 0x99, 0xf6, 0x16, 0x71, 0x67, 0x65, 0xc7, 0x96, 0xdf, 0x2a, | 302 0x6b, 0x05, 0x99, 0xf6, 0x16, 0x71, 0x67, 0x65, 0xc7, 0x96, 0xdf, 0x2a, |
338 0xd7, 0x54, 0x63, 0x25, 0xc0, 0x28, 0xf7, 0x1c, 0xee, 0xcd, 0x8b, 0xe4, | 303 0xd7, 0x54, 0x63, 0x25, 0xc0, 0x28, 0xf7, 0x1c, 0xee, 0xcd, 0x8b, 0xe4, |
339 0x9d, 0x32, 0xa3, 0x81, 0x55 | 304 0x9d, 0x32, 0xa3, 0x81, 0x55 |
340 }; | 305 }; |
341 | 306 |
342 unsigned char thawte_fingerprint[] = { | |
343 0x85, 0x04, 0x2d, 0xfd, 0x2b, 0x0e, 0xc6, 0xc8, 0xaf, 0x2d, 0x77, 0xd6, | |
344 0xa1, 0x3a, 0x64, 0x04, 0x27, 0x90, 0x97, 0x37 | |
345 }; | |
346 | |
347 // A certificate for www.paypal.com with a NULL byte in the common name. | 307 // A certificate for www.paypal.com with a NULL byte in the common name. |
348 // From http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70363 | 308 // From http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/70363 |
349 unsigned char paypal_null_der[] = { | 309 unsigned char paypal_null_der[] = { |
350 0x30, 0x82, 0x06, 0x44, 0x30, 0x82, 0x05, 0xad, 0xa0, 0x03, 0x02, 0x01, | 310 0x30, 0x82, 0x06, 0x44, 0x30, 0x82, 0x05, 0xad, 0xa0, 0x03, 0x02, 0x01, |
351 0x02, 0x02, 0x03, 0x00, 0xf0, 0x9b, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, | 311 0x02, 0x02, 0x03, 0x00, 0xf0, 0x9b, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, |
352 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x82, 0x01, | 312 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x82, 0x01, |
353 0x12, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, | 313 0x12, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, |
354 0x45, 0x53, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, | 314 0x45, 0x53, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, |
355 0x09, 0x42, 0x61, 0x72, 0x63, 0x65, 0x6c, 0x6f, 0x6e, 0x61, 0x31, 0x12, | 315 0x09, 0x42, 0x61, 0x72, 0x63, 0x65, 0x6c, 0x6f, 0x6e, 0x61, 0x31, 0x12, |
356 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x09, 0x42, 0x61, 0x72, | 316 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x09, 0x42, 0x61, 0x72, |
(...skipping 119 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
476 0x9e, 0x38, 0x05, 0x9d, 0x52, 0x60, 0xa9, 0x99, 0x0a, 0x81, 0xb4, 0x98, | 436 0x9e, 0x38, 0x05, 0x9d, 0x52, 0x60, 0xa9, 0x99, 0x0a, 0x81, 0xb4, 0x98, |
477 0x90, 0x1d, 0xae, 0xbb, 0x4a, 0xd7, 0xb9, 0xdc, 0x88, 0x9e, 0x37, 0x78, | 437 0x90, 0x1d, 0xae, 0xbb, 0x4a, 0xd7, 0xb9, 0xdc, 0x88, 0x9e, 0x37, 0x78, |
478 0x41, 0x5b, 0xf7, 0x82, 0xa5, 0xf2, 0xba, 0x41, 0x25, 0x5a, 0x90, 0x1a, | 438 0x41, 0x5b, 0xf7, 0x82, 0xa5, 0xf2, 0xba, 0x41, 0x25, 0x5a, 0x90, 0x1a, |
479 0x1e, 0x45, 0x38, 0xa1, 0x52, 0x58, 0x75, 0x94, 0x26, 0x44, 0xfb, 0x20, | 439 0x1e, 0x45, 0x38, 0xa1, 0x52, 0x58, 0x75, 0x94, 0x26, 0x44, 0xfb, 0x20, |
480 0x07, 0xba, 0x44, 0xcc, 0xe5, 0x4a, 0x2d, 0x72, 0x3f, 0x98, 0x47, 0xf6, | 440 0x07, 0xba, 0x44, 0xcc, 0xe5, 0x4a, 0x2d, 0x72, 0x3f, 0x98, 0x47, 0xf6, |
481 0x26, 0xdc, 0x05, 0x46, 0x05, 0x07, 0x63, 0x21, 0xab, 0x46, 0x9b, 0x9c, | 441 0x26, 0xdc, 0x05, 0x46, 0x05, 0x07, 0x63, 0x21, 0xab, 0x46, 0x9b, 0x9c, |
482 0x78, 0xd5, 0x54, 0x5b, 0x3d, 0x0c, 0x1e, 0xc8, 0x64, 0x8c, 0xb5, 0x50, | 442 0x78, 0xd5, 0x54, 0x5b, 0x3d, 0x0c, 0x1e, 0xc8, 0x64, 0x8c, 0xb5, 0x50, |
483 0x23, 0x82, 0x6f, 0xdb, 0xb8, 0x22, 0x1c, 0x43, 0x96, 0x07, 0xa8, 0xbb | 443 0x23, 0x82, 0x6f, 0xdb, 0xb8, 0x22, 0x1c, 0x43, 0x96, 0x07, 0xa8, 0xbb |
484 }; | 444 }; |
485 | 445 |
486 unsigned char paypal_null_fingerprint[] = { | 446 // A certificate for https://www.unosoft.hu/, whose AIA extension contains |
487 0x4c, 0x88, 0x9e, 0x28, 0xd7, 0x7a, 0x44, 0x1e, 0x13, 0xf2, 0x6a, 0xba, | 447 // an LDAP URL without a host name. |
488 0x1f, 0xe8, 0x1b, 0xd6, 0xab, 0x7b, 0xe8, 0xd7 | 448 unsigned char unosoft_hu_der[] = { |
| 449 0x30, 0x82, 0x05, 0x5c, 0x30, 0x82, 0x04, 0x44, 0xa0, 0x03, 0x02, 0x01, |
| 450 0x02, 0x02, 0x0a, 0x75, 0x02, 0x28, 0x86, 0x00, 0x00, 0x00, 0x00, 0x00, |
| 451 0x20, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, |
| 452 0x01, 0x05, 0x05, 0x00, 0x30, 0x4a, 0x31, 0x15, 0x30, 0x13, 0x06, 0x0a, |
| 453 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x19, 0x16, 0x05, |
| 454 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x31, 0x17, 0x30, 0x15, 0x06, 0x0a, 0x09, |
| 455 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x19, 0x16, 0x07, 0x75, |
| 456 0x6e, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, |
| 457 0x55, 0x04, 0x03, 0x13, 0x0f, 0x55, 0x4e, 0x4f, 0x2d, 0x53, 0x4f, 0x46, |
| 458 0x54, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, |
| 459 0x30, 0x38, 0x31, 0x32, 0x30, 0x34, 0x31, 0x34, 0x30, 0x37, 0x35, 0x35, |
| 460 0x5a, 0x17, 0x0d, 0x30, 0x39, 0x31, 0x32, 0x30, 0x34, 0x31, 0x34, 0x31, |
| 461 0x37, 0x35, 0x35, 0x5a, 0x30, 0x81, 0x91, 0x31, 0x0b, 0x30, 0x09, 0x06, |
| 462 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x48, 0x55, 0x31, 0x0d, 0x30, 0x0b, |
| 463 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x04, 0x50, 0x45, 0x53, 0x54, 0x31, |
| 464 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x08, 0x42, 0x75, |
| 465 0x64, 0x61, 0x70, 0x65, 0x73, 0x74, 0x31, 0x27, 0x30, 0x25, 0x06, 0x03, |
| 466 0x55, 0x04, 0x0a, 0x13, 0x1e, 0x55, 0x4e, 0x4f, 0x2d, 0x53, 0x4f, 0x46, |
| 467 0x54, 0x20, 0x53, 0x7a, 0x61, 0x6d, 0x69, 0x74, 0x61, 0x73, 0x74, 0x65, |
| 468 0x63, 0x68, 0x6e, 0x69, 0x6b, 0x61, 0x69, 0x20, 0x4b, 0x46, 0x54, 0x31, |
| 469 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0e, 0x77, 0x77, |
| 470 0x77, 0x2e, 0x75, 0x6e, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x2e, 0x68, 0x75, |
| 471 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, |
| 472 0x01, 0x09, 0x01, 0x16, 0x0f, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x75, 0x6e, |
| 473 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x2e, 0x68, 0x75, 0x30, 0x81, 0x9f, 0x30, |
| 474 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, |
| 475 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, |
| 476 0x00, 0xb2, 0x5a, 0xb4, 0xb8, 0x5d, 0x5a, 0xc0, 0x1c, 0x66, 0x80, 0xc2, |
| 477 0x8c, 0x8d, 0xf6, 0xbd, 0x2b, 0x69, 0x34, 0xf3, 0xe8, 0x34, 0x44, 0xe2, |
| 478 0x95, 0x0e, 0xad, 0xbb, 0xa4, 0x6a, 0xcd, 0xdc, 0x61, 0xad, 0x7f, 0x7d, |
| 479 0x07, 0x7b, 0x21, 0x86, 0xaf, 0x8c, 0x6c, 0x04, 0x6b, 0xaf, 0x99, 0x84, |
| 480 0xfd, 0x0d, 0xf5, 0xe4, 0x5c, 0xe5, 0x16, 0x22, 0x06, 0xd1, 0xd9, 0x4c, |
| 481 0xbe, 0x53, 0xaa, 0x76, 0x7f, 0x7b, 0x34, 0xaf, 0x5a, 0x92, 0xbb, 0xf1, |
| 482 0x43, 0xc0, 0xf3, 0x55, 0x83, 0xb2, 0x1a, 0xea, 0x1d, 0x78, 0xc3, 0xf4, |
| 483 0x80, 0xbe, 0xb0, 0xbb, 0x9a, 0xf2, 0x01, 0x9e, 0xcf, 0xec, 0x88, 0xd3, |
| 484 0xa6, 0x49, 0x1f, 0xc4, 0xbb, 0x63, 0x38, 0xb8, 0x90, 0xa8, 0xce, 0xbc, |
| 485 0x31, 0x9d, 0x01, 0xdb, 0x4c, 0x9f, 0x37, 0x16, 0xdf, 0xd5, 0x3b, 0x81, |
| 486 0xf9, 0x9c, 0x74, 0xe6, 0xe2, 0x74, 0xa7, 0xc5, 0x11, 0x02, 0x03, 0x01, |
| 487 0x00, 0x01, 0xa3, 0x82, 0x02, 0x7e, 0x30, 0x82, 0x02, 0x7a, 0x30, 0x1d, |
| 488 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xab, 0x19, 0xb6, |
| 489 0x23, 0xbf, 0xff, 0x13, 0x66, 0x09, 0xd4, 0x3f, 0x46, 0x6f, 0x6d, 0x6c, |
| 490 0xc9, 0x60, 0x2b, 0xb2, 0x0f, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, |
| 491 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x29, 0x53, 0x4a, 0x9d, 0x9c, 0xd9, |
| 492 0xf9, 0xda, 0x04, 0xfe, 0x46, 0x3a, 0x76, 0x49, 0x5c, 0xdd, 0x3b, 0x0e, |
| 493 0x98, 0x76, 0x30, 0x82, 0x01, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, |
| 494 0x82, 0x01, 0x05, 0x30, 0x82, 0x01, 0x01, 0x30, 0x81, 0xfe, 0xa0, 0x81, |
| 495 0xfb, 0xa0, 0x81, 0xf8, 0x86, 0x81, 0xb8, 0x6c, 0x64, 0x61, 0x70, 0x3a, |
| 496 0x2f, 0x2f, 0x2f, 0x43, 0x4e, 0x3d, 0x55, 0x4e, 0x4f, 0x2d, 0x53, 0x4f, |
| 497 0x46, 0x54, 0x25, 0x32, 0x30, 0x52, 0x6f, 0x6f, 0x74, 0x43, 0x41, 0x2c, |
| 498 0x43, 0x4e, 0x3d, 0x55, 0x4e, 0x4f, 0x44, 0x43, 0x2c, 0x43, 0x4e, 0x3d, |
| 499 0x43, 0x44, 0x50, 0x2c, 0x43, 0x4e, 0x3d, 0x50, 0x75, 0x62, 0x6c, 0x69, |
| 500 0x63, 0x25, 0x32, 0x30, 0x4b, 0x65, 0x79, 0x25, 0x32, 0x30, 0x53, 0x65, |
| 501 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x2c, 0x43, 0x4e, 0x3d, 0x53, 0x65, |
| 502 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x2c, 0x43, 0x4e, 0x3d, 0x43, 0x6f, |
| 503 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2c, |
| 504 0x44, 0x43, 0x3d, 0x75, 0x6e, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x2c, 0x44, |
| 505 0x43, 0x3d, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x3f, 0x63, 0x65, 0x72, 0x74, |
| 506 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x76, 0x6f, 0x63, |
| 507 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4c, 0x69, 0x73, 0x74, 0x3f, 0x62, 0x61, |
| 508 0x73, 0x65, 0x3f, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x43, 0x6c, 0x61, |
| 509 0x73, 0x73, 0x3d, 0x63, 0x52, 0x4c, 0x44, 0x69, 0x73, 0x74, 0x72, 0x69, |
| 510 0x62, 0x75, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x69, 0x6e, 0x74, 0x86, |
| 511 0x3b, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x75, 0x6e, 0x6f, 0x64, |
| 512 0x63, 0x2e, 0x75, 0x6e, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x2e, 0x6c, 0x6f, |
| 513 0x63, 0x61, 0x6c, 0x2f, 0x43, 0x65, 0x72, 0x74, 0x45, 0x6e, 0x72, 0x6f, |
| 514 0x6c, 0x6c, 0x2f, 0x55, 0x4e, 0x4f, 0x2d, 0x53, 0x4f, 0x46, 0x54, 0x25, |
| 515 0x32, 0x30, 0x52, 0x6f, 0x6f, 0x74, 0x43, 0x41, 0x2e, 0x63, 0x72, 0x6c, |
| 516 0x30, 0x82, 0x01, 0x24, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, |
| 517 0x01, 0x01, 0x04, 0x82, 0x01, 0x16, 0x30, 0x82, 0x01, 0x12, 0x30, 0x81, |
| 518 0xb2, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, |
| 519 0x81, 0xa5, 0x6c, 0x64, 0x61, 0x70, 0x3a, 0x2f, 0x2f, 0x2f, 0x43, 0x4e, |
| 520 0x3d, 0x55, 0x4e, 0x4f, 0x2d, 0x53, 0x4f, 0x46, 0x54, 0x25, 0x32, 0x30, |
| 521 0x52, 0x6f, 0x6f, 0x74, 0x43, 0x41, 0x2c, 0x43, 0x4e, 0x3d, 0x41, 0x49, |
| 522 0x41, 0x2c, 0x43, 0x4e, 0x3d, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x25, |
| 523 0x32, 0x30, 0x4b, 0x65, 0x79, 0x25, 0x32, 0x30, 0x53, 0x65, 0x72, 0x76, |
| 524 0x69, 0x63, 0x65, 0x73, 0x2c, 0x43, 0x4e, 0x3d, 0x53, 0x65, 0x72, 0x76, |
| 525 0x69, 0x63, 0x65, 0x73, 0x2c, 0x43, 0x4e, 0x3d, 0x43, 0x6f, 0x6e, 0x66, |
| 526 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2c, 0x44, 0x43, |
| 527 0x3d, 0x75, 0x6e, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x2c, 0x44, 0x43, 0x3d, |
| 528 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x3f, 0x63, 0x41, 0x43, 0x65, 0x72, 0x74, |
| 529 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x3f, 0x62, 0x61, 0x73, 0x65, |
| 530 0x3f, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x43, 0x6c, 0x61, 0x73, 0x73, |
| 531 0x3d, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, |
| 532 0x6f, 0x6e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x30, |
| 533 0x5b, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, |
| 534 0x4f, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x75, 0x6e, 0x6f, 0x64, |
| 535 0x63, 0x2e, 0x75, 0x6e, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x2e, 0x6c, 0x6f, |
| 536 0x63, 0x61, 0x6c, 0x2f, 0x43, 0x65, 0x72, 0x74, 0x45, 0x6e, 0x72, 0x6f, |
| 537 0x6c, 0x6c, 0x2f, 0x55, 0x4e, 0x4f, 0x44, 0x43, 0x2e, 0x75, 0x6e, 0x6f, |
| 538 0x73, 0x6f, 0x66, 0x74, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x5f, 0x55, |
| 539 0x4e, 0x4f, 0x2d, 0x53, 0x4f, 0x46, 0x54, 0x25, 0x32, 0x30, 0x52, 0x6f, |
| 540 0x6f, 0x74, 0x43, 0x41, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x0d, 0x06, 0x09, |
| 541 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, |
| 542 0x82, 0x01, 0x01, 0x00, 0x12, 0x4c, 0xed, 0xb1, 0x85, 0xb3, 0x95, 0x66, |
| 543 0xe6, 0xd0, 0xa6, 0x4c, 0x5c, 0x5b, 0x7f, 0x64, 0xa0, 0xdc, 0x42, 0x56, |
| 544 0x31, 0xb7, 0xa7, 0x4c, 0xd2, 0x34, 0x08, 0x28, 0xbb, 0xbf, 0xad, 0xee, |
| 545 0xcf, 0xdd, 0xcc, 0xb0, 0x89, 0xea, 0x56, 0x9d, 0xcc, 0xc2, 0xfd, 0x64, |
| 546 0x7f, 0x4d, 0x2a, 0xa3, 0x32, 0xa1, 0x4f, 0xb0, 0x8c, 0xd7, 0xa9, 0xb2, |
| 547 0xd0, 0xcc, 0x89, 0x10, 0x59, 0x0d, 0x6b, 0x41, 0x5a, 0x63, 0x3e, 0x08, |
| 548 0x54, 0x87, 0x81, 0x74, 0x6d, 0x0e, 0x2f, 0xce, 0x56, 0xf1, 0xde, 0xf2, |
| 549 0x32, 0x63, 0xd5, 0xbc, 0xbe, 0x0b, 0x79, 0x67, 0x87, 0x19, 0xde, 0x12, |
| 550 0xc5, 0xe1, 0xba, 0xc3, 0xae, 0x21, 0xf5, 0x39, 0x17, 0x1f, 0xbd, 0x53, |
| 551 0xd2, 0x1d, 0x90, 0x48, 0x3b, 0x65, 0x5d, 0xc7, 0x2f, 0x8a, 0xb2, 0x92, |
| 552 0xba, 0xd5, 0xd6, 0x5e, 0x6b, 0x07, 0x1d, 0xb7, 0x35, 0x93, 0x02, 0x6f, |
| 553 0xe3, 0x9e, 0xc5, 0x3a, 0xf9, 0xed, 0xf4, 0x11, 0x78, 0xf4, 0x65, 0xe9, |
| 554 0xe1, 0x3e, 0xee, 0xca, 0xfa, 0x76, 0xe5, 0x50, 0x4f, 0x78, 0xe7, 0xc0, |
| 555 0x8a, 0x17, 0xfe, 0xbf, 0x3c, 0x6d, 0x03, 0xf2, 0xbe, 0x9f, 0xa8, 0x84, |
| 556 0xe8, 0x24, 0xb4, 0xd4, 0x45, 0x95, 0x0b, 0x7d, 0x47, 0xfd, 0xe0, 0x96, |
| 557 0x13, 0x53, 0x3f, 0x1a, 0x75, 0xd7, 0x10, 0x57, 0xbf, 0xf6, 0xf9, 0x0e, |
| 558 0xf1, 0x84, 0x09, 0x77, 0x99, 0x2b, 0xae, 0x2e, 0x71, 0x19, 0x2f, 0x92, |
| 559 0x22, 0x00, 0x70, 0xb1, 0x3e, 0xcc, 0x41, 0x37, 0x9f, 0x4c, 0xd8, 0x84, |
| 560 0x02, 0x97, 0x74, 0x1b, 0xc6, 0x43, 0x54, 0x26, 0xed, 0x8e, 0x92, 0xe5, |
| 561 0x33, 0x27, 0x64, 0x21, 0xc9, 0x52, 0xde, 0xfe, 0x49, 0x29, 0xb8, 0x65, |
| 562 0x6e, 0x32, 0xa0, 0x65, 0x86, 0xe3, 0x52, 0x90, 0x44, 0x2c, 0x30, 0x86, |
| 563 0x63, 0x50, 0x96, 0x9a, 0x0b, 0x23, 0x0f, 0x40 |
489 }; | 564 }; |
490 | 565 |
491 } // namespace | 566 } // namespace |
492 | |
493 namespace net { | |
494 | |
495 TEST(X509CertificateTest, GoogleCertParsing) { | |
496 scoped_refptr<X509Certificate> google_cert = X509Certificate::CreateFromBytes( | |
497 reinterpret_cast<const char*>(google_der), sizeof(google_der)); | |
498 | |
499 ASSERT_NE(static_cast<X509Certificate*>(NULL), google_cert); | |
500 | |
501 const X509Certificate::Principal& subject = google_cert->subject(); | |
502 EXPECT_EQ("www.google.com", subject.common_name); | |
503 EXPECT_EQ("Mountain View", subject.locality_name); | |
504 EXPECT_EQ("California", subject.state_or_province_name); | |
505 EXPECT_EQ("US", subject.country_name); | |
506 EXPECT_EQ(0U, subject.street_addresses.size()); | |
507 EXPECT_EQ(1U, subject.organization_names.size()); | |
508 EXPECT_EQ("Google Inc", subject.organization_names[0]); | |
509 EXPECT_EQ(0U, subject.organization_unit_names.size()); | |
510 EXPECT_EQ(0U, subject.domain_components.size()); | |
511 | |
512 const X509Certificate::Principal& issuer = google_cert->issuer(); | |
513 EXPECT_EQ("Thawte SGC CA", issuer.common_name); | |
514 EXPECT_EQ("", issuer.locality_name); | |
515 EXPECT_EQ("", issuer.state_or_province_name); | |
516 EXPECT_EQ("ZA", issuer.country_name); | |
517 EXPECT_EQ(0U, issuer.street_addresses.size()); | |
518 EXPECT_EQ(1U, issuer.organization_names.size()); | |
519 EXPECT_EQ("Thawte Consulting (Pty) Ltd.", issuer.organization_names[0]); | |
520 EXPECT_EQ(0U, issuer.organization_unit_names.size()); | |
521 EXPECT_EQ(0U, issuer.domain_components.size()); | |
522 | |
523 // Use DoubleT because its epoch is the same on all platforms | |
524 const Time& valid_start = google_cert->valid_start(); | |
525 EXPECT_EQ(1238192407, valid_start.ToDoubleT()); // Mar 27 22:20:07 2009 GMT | |
526 | |
527 const Time& valid_expiry = google_cert->valid_expiry(); | |
528 EXPECT_EQ(1269728407, valid_expiry.ToDoubleT()); // Mar 27 22:20:07 2010 GMT | |
529 | |
530 const X509Certificate::Fingerprint& fingerprint = google_cert->fingerprint(); | |
531 for (size_t i = 0; i < 20; ++i) | |
532 EXPECT_EQ(google_fingerprint[i], fingerprint.data[i]); | |
533 | |
534 std::vector<std::string> dns_names; | |
535 google_cert->GetDNSNames(&dns_names); | |
536 EXPECT_EQ(1U, dns_names.size()); | |
537 EXPECT_EQ("www.google.com", dns_names[0]); | |
538 | |
539 #if TEST_EV | |
540 // TODO(avi): turn this on for the Mac once EV checking is implemented. | |
541 CertVerifyResult verify_result; | |
542 int flags = X509Certificate::VERIFY_REV_CHECKING_ENABLED | | |
543 X509Certificate::VERIFY_EV_CERT; | |
544 EXPECT_EQ(OK, google_cert->Verify("www.google.com", flags, &verify_result)); | |
545 EXPECT_EQ(0, verify_result.cert_status & CERT_STATUS_IS_EV); | |
546 #endif | |
547 } | |
548 | |
549 TEST(X509CertificateTest, WebkitCertParsing) { | |
550 scoped_refptr<X509Certificate> webkit_cert = X509Certificate::CreateFromBytes( | |
551 reinterpret_cast<const char*>(webkit_der), sizeof(webkit_der)); | |
552 | |
553 ASSERT_NE(static_cast<X509Certificate*>(NULL), webkit_cert); | |
554 | |
555 const X509Certificate::Principal& subject = webkit_cert->subject(); | |
556 EXPECT_EQ("Cupertino", subject.locality_name); | |
557 EXPECT_EQ("California", subject.state_or_province_name); | |
558 EXPECT_EQ("US", subject.country_name); | |
559 EXPECT_EQ(0U, subject.street_addresses.size()); | |
560 EXPECT_EQ(1U, subject.organization_names.size()); | |
561 EXPECT_EQ("Apple Inc.", subject.organization_names[0]); | |
562 EXPECT_EQ(1U, subject.organization_unit_names.size()); | |
563 EXPECT_EQ("Mac OS Forge", subject.organization_unit_names[0]); | |
564 EXPECT_EQ(0U, subject.domain_components.size()); | |
565 | |
566 const X509Certificate::Principal& issuer = webkit_cert->issuer(); | |
567 EXPECT_EQ("Go Daddy Secure Certification Authority", issuer.common_name); | |
568 EXPECT_EQ("Scottsdale", issuer.locality_name); | |
569 EXPECT_EQ("Arizona", issuer.state_or_province_name); | |
570 EXPECT_EQ("US", issuer.country_name); | |
571 EXPECT_EQ(0U, issuer.street_addresses.size()); | |
572 EXPECT_EQ(1U, issuer.organization_names.size()); | |
573 EXPECT_EQ("GoDaddy.com, Inc.", issuer.organization_names[0]); | |
574 EXPECT_EQ(1U, issuer.organization_unit_names.size()); | |
575 EXPECT_EQ("http://certificates.godaddy.com/repository", | |
576 issuer.organization_unit_names[0]); | |
577 EXPECT_EQ(0U, issuer.domain_components.size()); | |
578 | |
579 // Use DoubleT because its epoch is the same on all platforms | |
580 const Time& valid_start = webkit_cert->valid_start(); | |
581 EXPECT_EQ(1205883319, valid_start.ToDoubleT()); // Mar 18 23:35:19 2008 GMT | |
582 | |
583 const Time& valid_expiry = webkit_cert->valid_expiry(); | |
584 EXPECT_EQ(1300491319, valid_expiry.ToDoubleT()); // Mar 18 23:35:19 2011 GMT | |
585 | |
586 const X509Certificate::Fingerprint& fingerprint = webkit_cert->fingerprint(); | |
587 for (size_t i = 0; i < 20; ++i) | |
588 EXPECT_EQ(webkit_fingerprint[i], fingerprint.data[i]); | |
589 | |
590 std::vector<std::string> dns_names; | |
591 webkit_cert->GetDNSNames(&dns_names); | |
592 EXPECT_EQ(2U, dns_names.size()); | |
593 EXPECT_EQ("*.webkit.org", dns_names[0]); | |
594 EXPECT_EQ("webkit.org", dns_names[1]); | |
595 | |
596 #if TEST_EV | |
597 int flags = X509Certificate::VERIFY_REV_CHECKING_ENABLED | | |
598 X509Certificate::VERIFY_EV_CERT; | |
599 CertVerifyResult verify_result; | |
600 EXPECT_EQ(OK, webkit_cert->Verify("webkit.org", flags, &verify_result)); | |
601 EXPECT_EQ(0, verify_result.cert_status & CERT_STATUS_IS_EV); | |
602 #endif | |
603 } | |
604 | |
605 TEST(X509CertificateTest, ThawteCertParsing) { | |
606 scoped_refptr<X509Certificate> thawte_cert = X509Certificate::CreateFromBytes( | |
607 reinterpret_cast<const char*>(thawte_der), sizeof(thawte_der)); | |
608 | |
609 ASSERT_NE(static_cast<X509Certificate*>(NULL), thawte_cert); | |
610 | |
611 const X509Certificate::Principal& subject = thawte_cert->subject(); | |
612 EXPECT_EQ("www.thawte.com", subject.common_name); | |
613 EXPECT_EQ("Mountain View", subject.locality_name); | |
614 EXPECT_EQ("California", subject.state_or_province_name); | |
615 EXPECT_EQ("US", subject.country_name); | |
616 EXPECT_EQ(0U, subject.street_addresses.size()); | |
617 EXPECT_EQ(1U, subject.organization_names.size()); | |
618 EXPECT_EQ("Thawte Inc", subject.organization_names[0]); | |
619 EXPECT_EQ(0U, subject.organization_unit_names.size()); | |
620 EXPECT_EQ(0U, subject.domain_components.size()); | |
621 | |
622 const X509Certificate::Principal& issuer = thawte_cert->issuer(); | |
623 EXPECT_EQ("thawte Extended Validation SSL CA", issuer.common_name); | |
624 EXPECT_EQ("", issuer.locality_name); | |
625 EXPECT_EQ("", issuer.state_or_province_name); | |
626 EXPECT_EQ("US", issuer.country_name); | |
627 EXPECT_EQ(0U, issuer.street_addresses.size()); | |
628 EXPECT_EQ(1U, issuer.organization_names.size()); | |
629 EXPECT_EQ("thawte, Inc.", issuer.organization_names[0]); | |
630 EXPECT_EQ(1U, issuer.organization_unit_names.size()); | |
631 EXPECT_EQ("Terms of use at https://www.thawte.com/cps (c)06", | |
632 issuer.organization_unit_names[0]); | |
633 EXPECT_EQ(0U, issuer.domain_components.size()); | |
634 | |
635 // Use DoubleT because its epoch is the same on all platforms | |
636 const Time& valid_start = thawte_cert->valid_start(); | |
637 EXPECT_EQ(1227052800, valid_start.ToDoubleT()); // Nov 19 00:00:00 2008 GMT | |
638 | |
639 const Time& valid_expiry = thawte_cert->valid_expiry(); | |
640 EXPECT_EQ(1263772799, valid_expiry.ToDoubleT()); // Jan 17 23:59:59 2010 GMT | |
641 | |
642 const X509Certificate::Fingerprint& fingerprint = thawte_cert->fingerprint(); | |
643 for (size_t i = 0; i < 20; ++i) | |
644 EXPECT_EQ(thawte_fingerprint[i], fingerprint.data[i]); | |
645 | |
646 std::vector<std::string> dns_names; | |
647 thawte_cert->GetDNSNames(&dns_names); | |
648 EXPECT_EQ(1U, dns_names.size()); | |
649 EXPECT_EQ("www.thawte.com", dns_names[0]); | |
650 | |
651 #if TEST_EV | |
652 int flags = X509Certificate::VERIFY_REV_CHECKING_ENABLED | | |
653 X509Certificate::VERIFY_EV_CERT; | |
654 CertVerifyResult verify_result; | |
655 // EV cert verification requires revocation checking. | |
656 EXPECT_EQ(OK, thawte_cert->Verify("www.thawte.com", flags, &verify_result)); | |
657 EXPECT_NE(0, verify_result.cert_status & CERT_STATUS_IS_EV); | |
658 // Consequently, if we don't have revocation checking enabled, we can't claim | |
659 // any cert is EV. | |
660 flags = X509Certificate::VERIFY_EV_CERT; | |
661 EXPECT_EQ(OK, thawte_cert->Verify("www.thawte.com", flags, &verify_result)); | |
662 EXPECT_EQ(0, verify_result.cert_status & CERT_STATUS_IS_EV); | |
663 #endif | |
664 } | |
665 | |
666 TEST(X509CertificateTest, PaypalNullCertParsing) { | |
667 scoped_refptr<X509Certificate> paypal_null_cert = | |
668 X509Certificate::CreateFromBytes( | |
669 reinterpret_cast<const char*>(paypal_null_der), | |
670 sizeof(paypal_null_der)); | |
671 | |
672 ASSERT_NE(static_cast<X509Certificate*>(NULL), paypal_null_cert); | |
673 | |
674 const X509Certificate::Fingerprint& fingerprint = | |
675 paypal_null_cert->fingerprint(); | |
676 for (size_t i = 0; i < 20; ++i) | |
677 EXPECT_EQ(paypal_null_fingerprint[i], fingerprint.data[i]); | |
678 | |
679 int flags = 0; | |
680 CertVerifyResult verify_result; | |
681 int error = paypal_null_cert->Verify("www.paypal.com", flags, | |
682 &verify_result); | |
683 EXPECT_NE(OK, error); | |
684 // Either the system crypto library should correctly report a certificate | |
685 // name mismatch, or our certificate blacklist should cause us to report an | |
686 // invalid certificate. | |
687 #if defined(OS_WIN) | |
688 // TODO(wtc): The Linux try bots still have NSS 3.12.0. They need to be | |
689 // updated to NSS 3.12.3.1 or later. | |
690 EXPECT_NE(0, verify_result.cert_status & | |
691 (CERT_STATUS_COMMON_NAME_INVALID | CERT_STATUS_INVALID)); | |
692 #endif | |
693 } | |
694 | |
695 // Tests X509Certificate::Cache via X509Certificate::CreateFromHandle. We | |
696 // call X509Certificate::CreateFromHandle several times and observe whether | |
697 // it returns a cached or new X509Certificate object. | |
698 // | |
699 // All the OS certificate handles in this test are actually from the same | |
700 // source (the bytes of a lone certificate), but we pretend that some of them | |
701 // come from the network. | |
702 TEST(X509CertificateTest, Cache) { | |
703 X509Certificate::OSCertHandle google_cert_handle; | |
704 | |
705 // Add a certificate from the source SOURCE_LONE_CERT_IMPORT to our | |
706 // certificate cache. | |
707 google_cert_handle = X509Certificate::CreateOSCertHandleFromBytes( | |
708 reinterpret_cast<const char*>(google_der), sizeof(google_der)); | |
709 scoped_refptr<X509Certificate> cert1 = X509Certificate::CreateFromHandle( | |
710 google_cert_handle, X509Certificate::SOURCE_LONE_CERT_IMPORT); | |
711 | |
712 // Add a certificate from the same source (SOURCE_LONE_CERT_IMPORT). This | |
713 // should return the cached certificate (cert1). | |
714 google_cert_handle = X509Certificate::CreateOSCertHandleFromBytes( | |
715 reinterpret_cast<const char*>(google_der), sizeof(google_der)); | |
716 scoped_refptr<X509Certificate> cert2 = X509Certificate::CreateFromHandle( | |
717 google_cert_handle, X509Certificate::SOURCE_LONE_CERT_IMPORT); | |
718 | |
719 EXPECT_EQ(cert1, cert2); | |
720 | |
721 // Add a certificate from the network. This should kick out the original | |
722 // cached certificate (cert1) and return a new certificate. | |
723 google_cert_handle = X509Certificate::CreateOSCertHandleFromBytes( | |
724 reinterpret_cast<const char*>(google_der), sizeof(google_der)); | |
725 scoped_refptr<X509Certificate> cert3 = X509Certificate::CreateFromHandle( | |
726 google_cert_handle, X509Certificate::SOURCE_FROM_NETWORK); | |
727 | |
728 EXPECT_NE(cert1, cert3); | |
729 | |
730 // Add one certificate from each source. Both should return the new cached | |
731 // certificate (cert3). | |
732 google_cert_handle = X509Certificate::CreateOSCertHandleFromBytes( | |
733 reinterpret_cast<const char*>(google_der), sizeof(google_der)); | |
734 scoped_refptr<X509Certificate> cert4 = X509Certificate::CreateFromHandle( | |
735 google_cert_handle, X509Certificate::SOURCE_FROM_NETWORK); | |
736 | |
737 EXPECT_EQ(cert3, cert4); | |
738 | |
739 google_cert_handle = X509Certificate::CreateOSCertHandleFromBytes( | |
740 reinterpret_cast<const char*>(google_der), sizeof(google_der)); | |
741 scoped_refptr<X509Certificate> cert5 = X509Certificate::CreateFromHandle( | |
742 google_cert_handle, X509Certificate::SOURCE_FROM_NETWORK); | |
743 | |
744 EXPECT_EQ(cert3, cert5); | |
745 } | |
746 | |
747 TEST(X509CertificateTest, Pickle) { | |
748 scoped_refptr<X509Certificate> cert1 = X509Certificate::CreateFromBytes( | |
749 reinterpret_cast<const char*>(google_der), sizeof(google_der)); | |
750 | |
751 Pickle pickle; | |
752 cert1->Persist(&pickle); | |
753 | |
754 void* iter = NULL; | |
755 scoped_refptr<X509Certificate> cert2 = | |
756 X509Certificate::CreateFromPickle(pickle, &iter); | |
757 | |
758 EXPECT_EQ(cert1, cert2); | |
759 } | |
760 | |
761 TEST(X509CertificateTest, Policy) { | |
762 scoped_refptr<X509Certificate> google_cert = X509Certificate::CreateFromBytes( | |
763 reinterpret_cast<const char*>(google_der), sizeof(google_der)); | |
764 | |
765 scoped_refptr<X509Certificate> webkit_cert = X509Certificate::CreateFromBytes( | |
766 reinterpret_cast<const char*>(webkit_der), sizeof(webkit_der)); | |
767 | |
768 X509Certificate::Policy policy; | |
769 | |
770 EXPECT_EQ(policy.Check(google_cert.get()), X509Certificate::Policy::UNKNOWN); | |
771 EXPECT_EQ(policy.Check(webkit_cert.get()), X509Certificate::Policy::UNKNOWN); | |
772 EXPECT_FALSE(policy.HasAllowedCert()); | |
773 EXPECT_FALSE(policy.HasDeniedCert()); | |
774 | |
775 policy.Allow(google_cert.get()); | |
776 | |
777 EXPECT_EQ(policy.Check(google_cert.get()), X509Certificate::Policy::ALLOWED); | |
778 EXPECT_EQ(policy.Check(webkit_cert.get()), X509Certificate::Policy::UNKNOWN); | |
779 EXPECT_TRUE(policy.HasAllowedCert()); | |
780 EXPECT_FALSE(policy.HasDeniedCert()); | |
781 | |
782 policy.Deny(google_cert.get()); | |
783 | |
784 EXPECT_EQ(policy.Check(google_cert.get()), X509Certificate::Policy::DENIED); | |
785 EXPECT_EQ(policy.Check(webkit_cert.get()), X509Certificate::Policy::UNKNOWN); | |
786 EXPECT_FALSE(policy.HasAllowedCert()); | |
787 EXPECT_TRUE(policy.HasDeniedCert()); | |
788 | |
789 policy.Allow(webkit_cert.get()); | |
790 | |
791 EXPECT_EQ(policy.Check(google_cert.get()), X509Certificate::Policy::DENIED); | |
792 EXPECT_EQ(policy.Check(webkit_cert.get()), X509Certificate::Policy::ALLOWED); | |
793 EXPECT_TRUE(policy.HasAllowedCert()); | |
794 EXPECT_TRUE(policy.HasDeniedCert()); | |
795 } | |
796 | |
797 } // namespace net | |
OLD | NEW |