Chromium Code Reviews Chromium Code Reviews
Issue 421243003:
Fixes to the SHA256 X509 Certificate fingerprint API. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/x509_certificate.h" | 5 #include "net/cert/x509_certificate.h" |
| 6 | 6 |
| 7 #include "base/basictypes.h" | 7 #include "base/basictypes.h" |
| 8 #include "base/files/file_path.h" | 8 #include "base/files/file_path.h" |
| 9 #include "base/memory/scoped_ptr.h" | 9 #include "base/memory/scoped_ptr.h" |
| 10 #include "base/pickle.h" | 10 #include "base/pickle.h" |
| (...skipping 360 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 371 }; | 371 }; |
| 372 EXPECT_TRUE(memcmp(cert_chain1->ca_fingerprint().data, | 372 EXPECT_TRUE(memcmp(cert_chain1->ca_fingerprint().data, |
| 373 cert_chain1_ca_fingerprint, 20) == 0); | 373 cert_chain1_ca_fingerprint, 20) == 0); |
| 374 EXPECT_TRUE(memcmp(cert_chain2->ca_fingerprint().data, | 374 EXPECT_TRUE(memcmp(cert_chain2->ca_fingerprint().data, |
| 375 cert_chain2_ca_fingerprint, 20) == 0); | 375 cert_chain2_ca_fingerprint, 20) == 0); |
| 376 EXPECT_TRUE(memcmp(cert_chain3->ca_fingerprint().data, | 376 EXPECT_TRUE(memcmp(cert_chain3->ca_fingerprint().data, |
| 377 cert_chain3_ca_fingerprint, 20) == 0); | 377 cert_chain3_ca_fingerprint, 20) == 0); |
| 378 | 378 |
| 379 // Test the SHA-256 hash calculation functions explicitly since they are not | 379 // Test the SHA-256 hash calculation functions explicitly since they are not |
| 380 // used by X509Certificate internally. | 380 // used by X509Certificate internally. |
| 381 static const uint8 cert_chain1_ca_fingerprint_256[32] = { | 381 static const uint8 cert_1_ca_fingerprint_256[32] = { |
| 382 0x51, 0x15, 0x30, 0x49, 0x97, 0x54, 0xf8, 0xb4, 0x17, 0x41, | 382 0x51, 0x15, 0x30, 0x49, 0x97, 0x54, 0xf8, 0xb4, 0x17, 0x41, |
| 383 0x6b, 0x58, 0x78, 0xb0, 0x89, 0xd2, 0xc3, 0xae, 0x66, 0xc1, | 383 0x6b, 0x58, 0x78, 0xb0, 0x89, 0xd2, 0xc3, 0xae, 0x66, 0xc1, |
| 384 0x16, 0x80, 0xa0, 0x78, 0xe7, 0x53, 0x45, 0xa2, 0xfb, 0x80, | 384 0x16, 0x80, 0xa0, 0x78, 0xe7, 0x53, 0x45, 0xa2, 0xfb, 0x80, |
| 385 0xe1, 0x07 | 385 0xe1, 0x07 |
| 386 }; | 386 }; |
| 387 static const uint8 cert_chain2_ca_fingerprint_256[32] = { | 387 static const uint8 cert_2_ca_fingerprint_256[32] = { |
| 388 0x00, 0xbd, 0x2b, 0x0e, 0xdd, 0x83, 0x40, 0xb1, 0x74, 0x6c, | 388 0x00, 0xbd, 0x2b, 0x0e, 0xdd, 0x83, 0x40, 0xb1, 0x74, 0x6c, |
| 389 0xc3, 0x95, 0xc0, 0xe3, 0x55, 0xb2, 0x16, 0x58, 0x53, 0xfd, | 389 0xc3, 0x95, 0xc0, 0xe3, 0x55, 0xb2, 0x16, 0x58, 0x53, 0xfd, |
| 390 0xb9, 0x3c, 0x52, 0xda, 0xdd, 0xa8, 0x22, 0x8b, 0x07, 0x00, | 390 0xb9, 0x3c, 0x52, 0xda, 0xdd, 0xa8, 0x22, 0x8b, 0x07, 0x00, |
| 391 0x2d, 0xce | 391 0x2d, 0xce |
| 392 }; | 392 }; |
| 393 // The SHA-256 hash of nothing. | 393 // The SHA-256 hash of nothing. |
| 394 static const uint8 cert_chain3_ca_fingerprint_256[32] = { | 394 static const uint8 cert_3_ca_fingerprint_256[32] = { |
|
wtc
2014/07/28 19:26:27
Don't rename these three variables. They match the
| |
| 395 0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a, 0xfb, | 395 0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a, 0xfb, |
| 396 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24, 0x27, 0xae, 0x41, 0xe4, | 396 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24, 0x27, 0xae, 0x41, 0xe4, |
| 397 0x64, 0x9b, 0x93, 0x4c, 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, | 397 0x64, 0x9b, 0x93, 0x4c, 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, |
| 398 0xb8, 0x55 | 398 0xb8, 0x55 |
| 399 }; | 399 }; |
| 400 SHA256HashValue ca_fingerprint_256_chain_1 = | 400 SHA256HashValue ca_fingerprint_256_1 = |
| 401 X509Certificate::CalculateCAFingerprint256( | 401 X509Certificate::CalculateCAFingerprint256( |
| 402 cert_chain1->GetIntermediateCertificates()); | 402 cert_chain1->GetIntermediateCertificates()); |
| 403 SHA256HashValue ca_fingerprint_256_chain_2 = | 403 SHA256HashValue ca_fingerprint_256_2 = |
| 404 X509Certificate::CalculateCAFingerprint256( | 404 X509Certificate::CalculateCAFingerprint256( |
| 405 cert_chain2->GetIntermediateCertificates()); | 405 cert_chain2->GetIntermediateCertificates()); |
| 406 SHA256HashValue ca_fingerprint_256_chain_3 = | 406 SHA256HashValue ca_fingerprint_256_3 = |
| 407 X509Certificate::CalculateCAFingerprint256( | 407 X509Certificate::CalculateCAFingerprint256( |
| 408 cert_chain3->GetIntermediateCertificates()); | 408 cert_chain3->GetIntermediateCertificates()); |
| 409 EXPECT_TRUE(memcmp(ca_fingerprint_256_chain_1.data, | 409 EXPECT_TRUE(memcmp(ca_fingerprint_256_1.data, |
| 410 cert_chain1_ca_fingerprint_256, 32) == 0); | 410 cert_1_ca_fingerprint_256, 32) == 0); |
| 411 EXPECT_TRUE(memcmp(ca_fingerprint_256_chain_2.data, | 411 EXPECT_TRUE(memcmp(ca_fingerprint_256_2.data, |
| 412 cert_chain2_ca_fingerprint_256, 32) == 0); | 412 cert_2_ca_fingerprint_256, 32) == 0); |
| 413 EXPECT_TRUE(memcmp(ca_fingerprint_256_chain_3.data, | 413 EXPECT_TRUE(memcmp(ca_fingerprint_256_3.data, |
| 414 cert_chain3_ca_fingerprint_256, 32) == 0); | 414 cert_3_ca_fingerprint_256, 32) == 0); |
| 415 | 415 |
| 416 static const uint8 cert_chain1_full_chain_fingerprint_256[32] = { | 416 static const uint8 cert_chain1_chain_fingerprint_256[32] = { |
| 417 0xac, 0xff, 0xcc, 0x63, 0x0d, 0xd0, 0xa7, 0x19, 0x78, 0xb5, | 417 0xac, 0xff, 0xcc, 0x63, 0x0d, 0xd0, 0xa7, 0x19, 0x78, 0xb5, |
| 418 0x8a, 0x47, 0x8b, 0x67, 0x97, 0xcb, 0x8d, 0xe1, 0x6a, 0x8a, | 418 0x8a, 0x47, 0x8b, 0x67, 0x97, 0xcb, 0x8d, 0xe1, 0x6a, 0x8a, |
| 419 0x57, 0x70, 0xda, 0x9a, 0x53, 0x72, 0xe2, 0xa0, 0x08, 0xab, | 419 0x57, 0x70, 0xda, 0x9a, 0x53, 0x72, 0xe2, 0xa0, 0x08, 0xab, |
| 420 0xcc, 0x8f | 420 0xcc, 0x8f |
| 421 }; | 421 }; |
| 422 static const uint8 cert_chain2_full_chain_fingerprint_256[32] = { | 422 static const uint8 cert_chain2_chain_fingerprint_256[32] = { |
| 423 0x67, 0x3a, 0x11, 0x20, 0xd6, 0x94, 0x14, 0xe4, 0x16, 0x9f, | 423 0x67, 0x3a, 0x11, 0x20, 0xd6, 0x94, 0x14, 0xe4, 0x16, 0x9f, |
| 424 0x58, 0xe2, 0x8b, 0xf7, 0x27, 0xed, 0xbb, 0xe8, 0xa7, 0xff, | 424 0x58, 0xe2, 0x8b, 0xf7, 0x27, 0xed, 0xbb, 0xe8, 0xa7, 0xff, |
| 425 0x1c, 0x8c, 0x0f, 0x21, 0x38, 0x16, 0x7c, 0xad, 0x1f, 0x22, | 425 0x1c, 0x8c, 0x0f, 0x21, 0x38, 0x16, 0x7c, 0xad, 0x1f, 0x22, |
| 426 0x6f, 0x9b | 426 0x6f, 0x9b |
| 427 }; | 427 }; |
| 428 static const uint8 cert_chain3_full_chain_fingerprint_256[32] = { | 428 static const uint8 cert_chain3_chain_fingerprint_256[32] = { |
| 429 0x16, 0x7a, 0xbd, 0xb4, 0x57, 0x04, 0x65, 0x3c, 0x3b, 0xef, | 429 0x16, 0x7a, 0xbd, 0xb4, 0x57, 0x04, 0x65, 0x3c, 0x3b, 0xef, |
| 430 0x6e, 0x6a, 0xa6, 0x02, 0x73, 0x30, 0x3e, 0x34, 0x1b, 0x43, | 430 0x6e, 0x6a, 0xa6, 0x02, 0x73, 0x30, 0x3e, 0x34, 0x1b, 0x43, |
| 431 0xc2, 0x7c, 0x98, 0x52, 0x9f, 0x34, 0x7f, 0x55, 0x97, 0xe9, | 431 0xc2, 0x7c, 0x98, 0x52, 0x9f, 0x34, 0x7f, 0x55, 0x97, 0xe9, |
| 432 0x1a, 0x10 | 432 0x1a, 0x10 |
| 433 }; | 433 }; |
| 434 SHA256HashValue ca_fingerprint_256_full_chain_1 = | 434 SHA256HashValue chain_fingerprint_256_1 = |
| 435 X509Certificate::CalculateChainFingerprint256( | 435 X509Certificate::CalculateChainFingerprint256( |
| 436 cert_chain1->os_cert_handle(), | 436 cert_chain1->os_cert_handle(), |
| 437 cert_chain1->GetIntermediateCertificates()); | 437 cert_chain1->GetIntermediateCertificates()); |
| 438 SHA256HashValue ca_fingerprint_256_full_chain_2 = | 438 SHA256HashValue chain_fingerprint_256_2 = |
| 439 X509Certificate::CalculateChainFingerprint256( | 439 X509Certificate::CalculateChainFingerprint256( |
| 440 cert_chain2->os_cert_handle(), | 440 cert_chain2->os_cert_handle(), |
| 441 cert_chain2->GetIntermediateCertificates()); | 441 cert_chain2->GetIntermediateCertificates()); |
| 442 SHA256HashValue ca_fingerprint_256_full_chain_3 = | 442 SHA256HashValue chain_fingerprint_256_3 = |
| 443 X509Certificate::CalculateChainFingerprint256( | 443 X509Certificate::CalculateChainFingerprint256( |
| 444 cert_chain3->os_cert_handle(), | 444 cert_chain3->os_cert_handle(), |
| 445 cert_chain3->GetIntermediateCertificates()); | 445 cert_chain3->GetIntermediateCertificates()); |
| 446 EXPECT_TRUE(memcmp(ca_fingerprint_256_full_chain_1.data, | 446 EXPECT_TRUE(memcmp(chain_fingerprint_256_1.data, |
| 447 cert_chain1_full_chain_fingerprint_256, 32) == 0); | 447 cert_chain1_chain_fingerprint_256, 32) == 0); |
| 448 EXPECT_TRUE(memcmp(ca_fingerprint_256_full_chain_2.data, | 448 EXPECT_TRUE(memcmp(chain_fingerprint_256_2.data, |
| 449 cert_chain2_full_chain_fingerprint_256, 32) == 0); | 449 cert_chain2_chain_fingerprint_256, 32) == 0); |
| 450 EXPECT_TRUE(memcmp(ca_fingerprint_256_full_chain_3.data, | 450 EXPECT_TRUE(memcmp(chain_fingerprint_256_3.data, |
| 451 cert_chain3_full_chain_fingerprint_256, 32) == 0); | 451 cert_chain3_chain_fingerprint_256, 32) == 0); |
| 452 } | 452 } |
| 453 | 453 |
| 454 TEST(X509CertificateTest, ParseSubjectAltNames) { | 454 TEST(X509CertificateTest, ParseSubjectAltNames) { |
| 455 base::FilePath certs_dir = GetTestCertsDirectory(); | 455 base::FilePath certs_dir = GetTestCertsDirectory(); |
| 456 | 456 |
| 457 scoped_refptr<X509Certificate> san_cert = | 457 scoped_refptr<X509Certificate> san_cert = |
| 458 ImportCertFromFile(certs_dir, "subjectAltName_sanity_check.pem"); | 458 ImportCertFromFile(certs_dir, "subjectAltName_sanity_check.pem"); |
| 459 ASSERT_NE(static_cast<X509Certificate*>(NULL), san_cert); | 459 ASSERT_NE(static_cast<X509Certificate*>(NULL), san_cert); |
| 460 | 460 |
| 461 std::vector<std::string> dns_names; | 461 std::vector<std::string> dns_names; |
| (...skipping 805 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1267 &actual_type); | 1267 &actual_type); |
| 1268 | 1268 |
| 1269 EXPECT_EQ(data.expected_bits, actual_bits); | 1269 EXPECT_EQ(data.expected_bits, actual_bits); |
| 1270 EXPECT_EQ(data.expected_type, actual_type); | 1270 EXPECT_EQ(data.expected_type, actual_type); |
| 1271 } | 1271 } |
| 1272 | 1272 |
| 1273 INSTANTIATE_TEST_CASE_P(, X509CertificatePublicKeyInfoTest, | 1273 INSTANTIATE_TEST_CASE_P(, X509CertificatePublicKeyInfoTest, |
| 1274 testing::ValuesIn(kPublicKeyInfoTestData)); | 1274 testing::ValuesIn(kPublicKeyInfoTestData)); |
| 1275 | 1275 |
| 1276 } // namespace net | 1276 } // namespace net |
| OLD | NEW |
