Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(102)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/x509_certificate_unittest.cc

Issue 465133004: Remove DenyCertForHost from SSLHostStateDelegate API. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Removed UNKNOWN and CertPolicy Created 6 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« content/browser/ssl/ssl_policy.cc ('K') | « net/cert/x509_cert_types.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/x509_certificate.h" 5 #include "net/cert/x509_certificate.h"
6 6
7 #include "base/basictypes.h" 7 #include "base/basictypes.h"
8 #include "base/files/file_path.h" 8 #include "base/files/file_path.h"
9 #include "base/memory/scoped_ptr.h" 9 #include "base/memory/scoped_ptr.h"
10 #include "base/pickle.h" 10 #include "base/pickle.h"
(...skipping 599 matching lines...) Expand 10 before | Expand all | Expand 10 after
610 cert->GetIntermediateCertificates(); 610 cert->GetIntermediateCertificates();
611 const X509Certificate::OSCertHandles& pickle_intermediates = 611 const X509Certificate::OSCertHandles& pickle_intermediates =
612 cert_from_pickle->GetIntermediateCertificates(); 612 cert_from_pickle->GetIntermediateCertificates();
613 ASSERT_EQ(cert_intermediates.size(), pickle_intermediates.size()); 613 ASSERT_EQ(cert_intermediates.size(), pickle_intermediates.size());
614 for (size_t i = 0; i < cert_intermediates.size(); ++i) { 614 for (size_t i = 0; i < cert_intermediates.size(); ++i) {
615 EXPECT_TRUE(X509Certificate::IsSameOSCert(cert_intermediates[i], 615 EXPECT_TRUE(X509Certificate::IsSameOSCert(cert_intermediates[i],
616 pickle_intermediates[i])); 616 pickle_intermediates[i]));
617 } 617 }
618 } 618 }
619 619
620 TEST(X509CertificateTest, Policy) {
621 scoped_refptr<X509Certificate> google_cert(X509Certificate::CreateFromBytes(
622 reinterpret_cast<const char*>(google_der), sizeof(google_der)));
623
624 scoped_refptr<X509Certificate> webkit_cert(X509Certificate::CreateFromBytes(
625 reinterpret_cast<const char*>(webkit_der), sizeof(webkit_der)));
626
627 CertPolicy policy;
628
629 // To begin with, everything should be unknown.
630 EXPECT_EQ(CertPolicy::UNKNOWN,
631 policy.Check(google_cert.get(), CERT_STATUS_DATE_INVALID));
632 EXPECT_EQ(CertPolicy::UNKNOWN,
633 policy.Check(webkit_cert.get(), CERT_STATUS_COMMON_NAME_INVALID));
634 EXPECT_FALSE(policy.HasAllowedCert());
635 EXPECT_FALSE(policy.HasDeniedCert());
636
637 // Test adding one certificate with one error.
638 policy.Allow(google_cert.get(), CERT_STATUS_DATE_INVALID);
639 EXPECT_EQ(CertPolicy::ALLOWED,
640 policy.Check(google_cert.get(), CERT_STATUS_DATE_INVALID));
641 EXPECT_EQ(CertPolicy::UNKNOWN,
642 policy.Check(google_cert.get(), CERT_STATUS_COMMON_NAME_INVALID));
643 EXPECT_EQ(CertPolicy::UNKNOWN,
644 policy.Check(google_cert.get(),
645 CERT_STATUS_DATE_INVALID | CERT_STATUS_COMMON_NAME_INVALID));
646 EXPECT_EQ(CertPolicy::UNKNOWN,
647 policy.Check(webkit_cert.get(), CERT_STATUS_COMMON_NAME_INVALID));
648 EXPECT_TRUE(policy.HasAllowedCert());
649 EXPECT_FALSE(policy.HasDeniedCert());
650
651 // Test saving the same certificate with a new error.
652 policy.Allow(google_cert.get(), CERT_STATUS_AUTHORITY_INVALID);
653 EXPECT_EQ(CertPolicy::UNKNOWN,
654 policy.Check(google_cert.get(), CERT_STATUS_DATE_INVALID));
655 EXPECT_EQ(CertPolicy::ALLOWED,
656 policy.Check(google_cert.get(), CERT_STATUS_AUTHORITY_INVALID));
657 EXPECT_EQ(CertPolicy::UNKNOWN,
658 policy.Check(webkit_cert.get(), CERT_STATUS_COMMON_NAME_INVALID));
659 EXPECT_TRUE(policy.HasAllowedCert());
660 EXPECT_FALSE(policy.HasDeniedCert());
661
662 // Test adding one certificate with two errors.
663 policy.Allow(google_cert.get(),
664 CERT_STATUS_DATE_INVALID | CERT_STATUS_AUTHORITY_INVALID);
665 EXPECT_EQ(CertPolicy::ALLOWED,
666 policy.Check(google_cert.get(), CERT_STATUS_DATE_INVALID));
667 EXPECT_EQ(CertPolicy::ALLOWED,
668 policy.Check(google_cert.get(), CERT_STATUS_AUTHORITY_INVALID));
669 EXPECT_EQ(CertPolicy::UNKNOWN,
670 policy.Check(google_cert.get(), CERT_STATUS_COMMON_NAME_INVALID));
671 EXPECT_EQ(CertPolicy::UNKNOWN,
672 policy.Check(webkit_cert.get(), CERT_STATUS_COMMON_NAME_INVALID));
673 EXPECT_TRUE(policy.HasAllowedCert());
674 EXPECT_FALSE(policy.HasDeniedCert());
675
676 // Test removing a certificate that was previously allowed.
677 policy.Deny(google_cert.get(), CERT_STATUS_DATE_INVALID);
678 EXPECT_EQ(CertPolicy::DENIED,
679 policy.Check(google_cert.get(), CERT_STATUS_DATE_INVALID));
680 EXPECT_EQ(CertPolicy::UNKNOWN,
681 policy.Check(webkit_cert.get(), CERT_STATUS_COMMON_NAME_INVALID));
682 EXPECT_FALSE(policy.HasAllowedCert());
683 EXPECT_TRUE(policy.HasDeniedCert());
684
685 // Test removing a certificate that was previously unknown.
686 policy.Deny(webkit_cert.get(), CERT_STATUS_COMMON_NAME_INVALID);
687 EXPECT_EQ(CertPolicy::DENIED,
688 policy.Check(google_cert.get(), CERT_STATUS_DATE_INVALID));
689 EXPECT_EQ(CertPolicy::DENIED,
690 policy.Check(webkit_cert.get(), CERT_STATUS_COMMON_NAME_INVALID));
691 EXPECT_FALSE(policy.HasAllowedCert());
692 EXPECT_TRUE(policy.HasDeniedCert());
693
694 // Test saving a certificate that was previously denied.
695 policy.Allow(webkit_cert.get(), CERT_STATUS_COMMON_NAME_INVALID);
696 EXPECT_EQ(CertPolicy::DENIED,
697 policy.Check(google_cert.get(), CERT_STATUS_DATE_INVALID));
698 EXPECT_EQ(CertPolicy::ALLOWED,
699 policy.Check(webkit_cert.get(), CERT_STATUS_COMMON_NAME_INVALID));
700 EXPECT_TRUE(policy.HasAllowedCert());
701 EXPECT_TRUE(policy.HasDeniedCert());
702
703 // Test denying an overlapping certificate.
704 policy.Allow(google_cert.get(),
705 CERT_STATUS_COMMON_NAME_INVALID | CERT_STATUS_DATE_INVALID);
706 policy.Deny(google_cert.get(), CERT_STATUS_DATE_INVALID);
707 EXPECT_EQ(CertPolicy::DENIED,
708 policy.Check(google_cert.get(), CERT_STATUS_DATE_INVALID));
709 EXPECT_EQ(CertPolicy::UNKNOWN,
710 policy.Check(google_cert.get(), CERT_STATUS_COMMON_NAME_INVALID));
711 EXPECT_EQ(CertPolicy::DENIED,
712 policy.Check(google_cert.get(),
713 CERT_STATUS_COMMON_NAME_INVALID | CERT_STATUS_DATE_INVALID));
714
715 // Test denying an overlapping certificate (other direction).
716 policy.Allow(webkit_cert.get(), CERT_STATUS_COMMON_NAME_INVALID);
717 policy.Deny(webkit_cert.get(), CERT_STATUS_COMMON_NAME_INVALID);
718 policy.Deny(webkit_cert.get(), CERT_STATUS_DATE_INVALID);
719 EXPECT_EQ(CertPolicy::DENIED,
720 policy.Check(webkit_cert.get(), CERT_STATUS_COMMON_NAME_INVALID));
721 EXPECT_EQ(CertPolicy::DENIED,
722 policy.Check(webkit_cert.get(), CERT_STATUS_DATE_INVALID));
723 }
724
725 TEST(X509CertificateTest, IntermediateCertificates) { 620 TEST(X509CertificateTest, IntermediateCertificates) {
726 scoped_refptr<X509Certificate> webkit_cert( 621 scoped_refptr<X509Certificate> webkit_cert(
727 X509Certificate::CreateFromBytes( 622 X509Certificate::CreateFromBytes(
728 reinterpret_cast<const char*>(webkit_der), sizeof(webkit_der))); 623 reinterpret_cast<const char*>(webkit_der), sizeof(webkit_der)));
729 624
730 scoped_refptr<X509Certificate> thawte_cert( 625 scoped_refptr<X509Certificate> thawte_cert(
731 X509Certificate::CreateFromBytes( 626 X509Certificate::CreateFromBytes(
732 reinterpret_cast<const char*>(thawte_der), sizeof(thawte_der))); 627 reinterpret_cast<const char*>(thawte_der), sizeof(thawte_der)));
733 628
734 X509Certificate::OSCertHandle google_handle; 629 X509Certificate::OSCertHandle google_handle;
(...skipping 532 matching lines...) Expand 10 before | Expand all | Expand 10 after
1267 &actual_type); 1162 &actual_type);
1268 1163
1269 EXPECT_EQ(data.expected_bits, actual_bits); 1164 EXPECT_EQ(data.expected_bits, actual_bits);
1270 EXPECT_EQ(data.expected_type, actual_type); 1165 EXPECT_EQ(data.expected_type, actual_type);
1271 } 1166 }
1272 1167
1273 INSTANTIATE_TEST_CASE_P(, X509CertificatePublicKeyInfoTest, 1168 INSTANTIATE_TEST_CASE_P(, X509CertificatePublicKeyInfoTest,
1274 testing::ValuesIn(kPublicKeyInfoTestData)); 1169 testing::ValuesIn(kPublicKeyInfoTestData));
1275 1170
1276 } // namespace net 1171 } // namespace net
OLDNEW
« content/browser/ssl/ssl_policy.cc ('K') | « net/cert/x509_cert_types.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698