net/cert/x509_certificate_unittest.cc - Issue 465133004: Remove DenyCertForHost from SSLHostStateDelegate API.

Side by Side Diff: net/cert/x509_certificate_unittest.cc

Issue 465133004: Remove DenyCertForHost from SSLHostStateDelegate API. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Rebase on ToT Created 6 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/cert/x509_certificate.h"	5 #include "net/cert/x509_certificate.h"

6	6

7 #include "base/basictypes.h"	7 #include "base/basictypes.h"

8 #include "base/files/file_path.h"	8 #include "base/files/file_path.h"

9 #include "base/memory/scoped_ptr.h"	9 #include "base/memory/scoped_ptr.h"

10 #include "base/pickle.h"	10 #include "base/pickle.h"

(...skipping 599 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
610 cert->GetIntermediateCertificates();	610 cert->GetIntermediateCertificates();

611 const X509Certificate::OSCertHandles& pickle_intermediates =	611 const X509Certificate::OSCertHandles& pickle_intermediates =

612 cert_from_pickle->GetIntermediateCertificates();	612 cert_from_pickle->GetIntermediateCertificates();

613 ASSERT_EQ(cert_intermediates.size(), pickle_intermediates.size());	613 ASSERT_EQ(cert_intermediates.size(), pickle_intermediates.size());

614 for (size_t i = 0; i < cert_intermediates.size(); ++i) {	614 for (size_t i = 0; i < cert_intermediates.size(); ++i) {

615 EXPECT_TRUE(X509Certificate::IsSameOSCert(cert_intermediates[i],	615 EXPECT_TRUE(X509Certificate::IsSameOSCert(cert_intermediates[i],

616 pickle_intermediates[i]));	616 pickle_intermediates[i]));

617 }	617 }

618 }	618 }

619	619

620 TEST(X509CertificateTest, Policy) {

621 scoped_refptr<X509Certificate> google_cert(X509Certificate::CreateFromBytes(

622 reinterpret_cast<const char*>(google_der), sizeof(google_der)));

623

624 scoped_refptr<X509Certificate> webkit_cert(X509Certificate::CreateFromBytes(

625 reinterpret_cast<const char*>(webkit_der), sizeof(webkit_der)));

626

627 CertPolicy policy;

628

629 // To begin with, everything should be unknown.

630 EXPECT_EQ(CertPolicy::UNKNOWN,

631 policy.Check(google_cert.get(), CERT_STATUS_DATE_INVALID));

632 EXPECT_EQ(CertPolicy::UNKNOWN,

633 policy.Check(webkit_cert.get(), CERT_STATUS_COMMON_NAME_INVALID));

634 EXPECT_FALSE(policy.HasAllowedCert());

635 EXPECT_FALSE(policy.HasDeniedCert());

636

637 // Test adding one certificate with one error.

638 policy.Allow(google_cert.get(), CERT_STATUS_DATE_INVALID);

639 EXPECT_EQ(CertPolicy::ALLOWED,

640 policy.Check(google_cert.get(), CERT_STATUS_DATE_INVALID));

641 EXPECT_EQ(CertPolicy::UNKNOWN,

642 policy.Check(google_cert.get(), CERT_STATUS_COMMON_NAME_INVALID));

643 EXPECT_EQ(CertPolicy::UNKNOWN,

644 policy.Check(google_cert.get(),

645 CERT_STATUS_DATE_INVALID \| CERT_STATUS_COMMON_NAME_INVALID));

646 EXPECT_EQ(CertPolicy::UNKNOWN,

647 policy.Check(webkit_cert.get(), CERT_STATUS_COMMON_NAME_INVALID));

648 EXPECT_TRUE(policy.HasAllowedCert());

649 EXPECT_FALSE(policy.HasDeniedCert());

650

651 // Test saving the same certificate with a new error.

652 policy.Allow(google_cert.get(), CERT_STATUS_AUTHORITY_INVALID);

653 EXPECT_EQ(CertPolicy::UNKNOWN,

654 policy.Check(google_cert.get(), CERT_STATUS_DATE_INVALID));

655 EXPECT_EQ(CertPolicy::ALLOWED,

656 policy.Check(google_cert.get(), CERT_STATUS_AUTHORITY_INVALID));

657 EXPECT_EQ(CertPolicy::UNKNOWN,

658 policy.Check(webkit_cert.get(), CERT_STATUS_COMMON_NAME_INVALID));

659 EXPECT_TRUE(policy.HasAllowedCert());

660 EXPECT_FALSE(policy.HasDeniedCert());

661

662 // Test adding one certificate with two errors.

663 policy.Allow(google_cert.get(),

664 CERT_STATUS_DATE_INVALID \| CERT_STATUS_AUTHORITY_INVALID);

665 EXPECT_EQ(CertPolicy::ALLOWED,

666 policy.Check(google_cert.get(), CERT_STATUS_DATE_INVALID));

667 EXPECT_EQ(CertPolicy::ALLOWED,

668 policy.Check(google_cert.get(), CERT_STATUS_AUTHORITY_INVALID));

669 EXPECT_EQ(CertPolicy::UNKNOWN,

670 policy.Check(google_cert.get(), CERT_STATUS_COMMON_NAME_INVALID));

671 EXPECT_EQ(CertPolicy::UNKNOWN,

672 policy.Check(webkit_cert.get(), CERT_STATUS_COMMON_NAME_INVALID));

673 EXPECT_TRUE(policy.HasAllowedCert());

674 EXPECT_FALSE(policy.HasDeniedCert());

675

676 // Test removing a certificate that was previously allowed.

677 policy.Deny(google_cert.get(), CERT_STATUS_DATE_INVALID);

678 EXPECT_EQ(CertPolicy::DENIED,

679 policy.Check(google_cert.get(), CERT_STATUS_DATE_INVALID));

680 EXPECT_EQ(CertPolicy::UNKNOWN,

681 policy.Check(webkit_cert.get(), CERT_STATUS_COMMON_NAME_INVALID));

682 EXPECT_FALSE(policy.HasAllowedCert());

683 EXPECT_TRUE(policy.HasDeniedCert());

684

685 // Test removing a certificate that was previously unknown.

686 policy.Deny(webkit_cert.get(), CERT_STATUS_COMMON_NAME_INVALID);

687 EXPECT_EQ(CertPolicy::DENIED,

688 policy.Check(google_cert.get(), CERT_STATUS_DATE_INVALID));

689 EXPECT_EQ(CertPolicy::DENIED,

690 policy.Check(webkit_cert.get(), CERT_STATUS_COMMON_NAME_INVALID));

691 EXPECT_FALSE(policy.HasAllowedCert());

692 EXPECT_TRUE(policy.HasDeniedCert());

693

694 // Test saving a certificate that was previously denied.

695 policy.Allow(webkit_cert.get(), CERT_STATUS_COMMON_NAME_INVALID);

696 EXPECT_EQ(CertPolicy::DENIED,

697 policy.Check(google_cert.get(), CERT_STATUS_DATE_INVALID));

698 EXPECT_EQ(CertPolicy::ALLOWED,

699 policy.Check(webkit_cert.get(), CERT_STATUS_COMMON_NAME_INVALID));

700 EXPECT_TRUE(policy.HasAllowedCert());

701 EXPECT_TRUE(policy.HasDeniedCert());

702

703 // Test denying an overlapping certificate.

704 policy.Allow(google_cert.get(),

705 CERT_STATUS_COMMON_NAME_INVALID \| CERT_STATUS_DATE_INVALID);

706 policy.Deny(google_cert.get(), CERT_STATUS_DATE_INVALID);

707 EXPECT_EQ(CertPolicy::DENIED,

708 policy.Check(google_cert.get(), CERT_STATUS_DATE_INVALID));

709 EXPECT_EQ(CertPolicy::UNKNOWN,

710 policy.Check(google_cert.get(), CERT_STATUS_COMMON_NAME_INVALID));

711 EXPECT_EQ(CertPolicy::DENIED,

712 policy.Check(google_cert.get(),

713 CERT_STATUS_COMMON_NAME_INVALID \| CERT_STATUS_DATE_INVALID));

714

715 // Test denying an overlapping certificate (other direction).

716 policy.Allow(webkit_cert.get(), CERT_STATUS_COMMON_NAME_INVALID);

717 policy.Deny(webkit_cert.get(), CERT_STATUS_COMMON_NAME_INVALID);

718 policy.Deny(webkit_cert.get(), CERT_STATUS_DATE_INVALID);

719 EXPECT_EQ(CertPolicy::DENIED,

720 policy.Check(webkit_cert.get(), CERT_STATUS_COMMON_NAME_INVALID));

721 EXPECT_EQ(CertPolicy::DENIED,

722 policy.Check(webkit_cert.get(), CERT_STATUS_DATE_INVALID));

723 }

724

725 TEST(X509CertificateTest, IntermediateCertificates) {	620 TEST(X509CertificateTest, IntermediateCertificates) {

726 scoped_refptr<X509Certificate> webkit_cert(	621 scoped_refptr<X509Certificate> webkit_cert(

727 X509Certificate::CreateFromBytes(	622 X509Certificate::CreateFromBytes(

728 reinterpret_cast<const char*>(webkit_der), sizeof(webkit_der)));	623 reinterpret_cast<const char*>(webkit_der), sizeof(webkit_der)));

729	624

730 scoped_refptr<X509Certificate> thawte_cert(	625 scoped_refptr<X509Certificate> thawte_cert(

731 X509Certificate::CreateFromBytes(	626 X509Certificate::CreateFromBytes(

732 reinterpret_cast<const char*>(thawte_der), sizeof(thawte_der)));	627 reinterpret_cast<const char*>(thawte_der), sizeof(thawte_der)));

733	628

734 X509Certificate::OSCertHandle google_handle;	629 X509Certificate::OSCertHandle google_handle;

(...skipping 532 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1267 &actual_type);	1162 &actual_type);

1268	1163

1269 EXPECT_EQ(data.expected_bits, actual_bits);	1164 EXPECT_EQ(data.expected_bits, actual_bits);

1270 EXPECT_EQ(data.expected_type, actual_type);	1165 EXPECT_EQ(data.expected_type, actual_type);

1271 }	1166 }

1272	1167

1273 INSTANTIATE_TEST_CASE_P(, X509CertificatePublicKeyInfoTest,	1168 INSTANTIATE_TEST_CASE_P(, X509CertificatePublicKeyInfoTest,

1274 testing::ValuesIn(kPublicKeyInfoTestData));	1169 testing::ValuesIn(kPublicKeyInfoTestData));

1275	1170

1276 } // namespace net	1171 } // namespace net

OLD	NEW

« content/browser/ssl/ssl_policy.cc ('K') | « net/cert/x509_cert_types.cc ('k') | no next file » | no next file with comments »