OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/cert_verify_proc.h" | 5 #include "net/cert/cert_verify_proc.h" |
6 | 6 |
7 #include <vector> | 7 #include <vector> |
8 | 8 |
9 #include "base/callback_helpers.h" | 9 #include "base/callback_helpers.h" |
10 #include "base/file_util.h" | 10 #include "base/file_util.h" |
(...skipping 181 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
192 EXPECT_EQ(OK, error); | 192 EXPECT_EQ(OK, error); |
193 EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_IS_EV); | 193 EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_IS_EV); |
194 } | 194 } |
195 | 195 |
196 TEST_F(CertVerifyProcTest, PaypalNullCertParsing) { | 196 TEST_F(CertVerifyProcTest, PaypalNullCertParsing) { |
197 scoped_refptr<X509Certificate> paypal_null_cert( | 197 scoped_refptr<X509Certificate> paypal_null_cert( |
198 X509Certificate::CreateFromBytes( | 198 X509Certificate::CreateFromBytes( |
199 reinterpret_cast<const char*>(paypal_null_der), | 199 reinterpret_cast<const char*>(paypal_null_der), |
200 sizeof(paypal_null_der))); | 200 sizeof(paypal_null_der))); |
201 | 201 |
202 ASSERT_NE(static_cast<X509Certificate*>(NULL), paypal_null_cert); | 202 ASSERT_NE(static_cast<X509Certificate*>(NULL), paypal_null_cert.get()); |
203 | 203 |
204 const SHA1HashValue& fingerprint = | 204 const SHA1HashValue& fingerprint = |
205 paypal_null_cert->fingerprint(); | 205 paypal_null_cert->fingerprint(); |
206 for (size_t i = 0; i < 20; ++i) | 206 for (size_t i = 0; i < 20; ++i) |
207 EXPECT_EQ(paypal_null_fingerprint[i], fingerprint.data[i]); | 207 EXPECT_EQ(paypal_null_fingerprint[i], fingerprint.data[i]); |
208 | 208 |
209 int flags = 0; | 209 int flags = 0; |
210 CertVerifyResult verify_result; | 210 CertVerifyResult verify_result; |
211 int error = Verify(paypal_null_cert.get(), | 211 int error = Verify(paypal_null_cert.get(), |
212 "www.paypal.com", | 212 "www.paypal.com", |
(...skipping 64 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
277 // certificate revocation checking when running all of the net unit tests. | 277 // certificate revocation checking when running all of the net unit tests. |
278 // This test passes when run individually, but when run with all of the net | 278 // This test passes when run individually, but when run with all of the net |
279 // unit tests, the call to PKIXVerifyCert returns the NSS error -8180, which is | 279 // unit tests, the call to PKIXVerifyCert returns the NSS error -8180, which is |
280 // SEC_ERROR_REVOKED_CERTIFICATE. This indicates a lack of revocation | 280 // SEC_ERROR_REVOKED_CERTIFICATE. This indicates a lack of revocation |
281 // status, i.e. that the revocation check is failing for some reason. | 281 // status, i.e. that the revocation check is failing for some reason. |
282 TEST_F(CertVerifyProcTest, DISABLED_GlobalSignR3EVTest) { | 282 TEST_F(CertVerifyProcTest, DISABLED_GlobalSignR3EVTest) { |
283 base::FilePath certs_dir = GetTestCertsDirectory(); | 283 base::FilePath certs_dir = GetTestCertsDirectory(); |
284 | 284 |
285 scoped_refptr<X509Certificate> server_cert = | 285 scoped_refptr<X509Certificate> server_cert = |
286 ImportCertFromFile(certs_dir, "2029_globalsign_com_cert.pem"); | 286 ImportCertFromFile(certs_dir, "2029_globalsign_com_cert.pem"); |
287 ASSERT_NE(static_cast<X509Certificate*>(NULL), server_cert); | 287 ASSERT_NE(static_cast<X509Certificate*>(NULL), server_cert.get()); |
288 | 288 |
289 scoped_refptr<X509Certificate> intermediate_cert = | 289 scoped_refptr<X509Certificate> intermediate_cert = |
290 ImportCertFromFile(certs_dir, "globalsign_ev_sha256_ca_cert.pem"); | 290 ImportCertFromFile(certs_dir, "globalsign_ev_sha256_ca_cert.pem"); |
291 ASSERT_NE(static_cast<X509Certificate*>(NULL), intermediate_cert); | 291 ASSERT_NE(static_cast<X509Certificate*>(NULL), intermediate_cert.get()); |
292 | 292 |
293 X509Certificate::OSCertHandles intermediates; | 293 X509Certificate::OSCertHandles intermediates; |
294 intermediates.push_back(intermediate_cert->os_cert_handle()); | 294 intermediates.push_back(intermediate_cert->os_cert_handle()); |
295 scoped_refptr<X509Certificate> cert_chain = | 295 scoped_refptr<X509Certificate> cert_chain = |
296 X509Certificate::CreateFromHandle(server_cert->os_cert_handle(), | 296 X509Certificate::CreateFromHandle(server_cert->os_cert_handle(), |
297 intermediates); | 297 intermediates); |
298 | 298 |
299 CertVerifyResult verify_result; | 299 CertVerifyResult verify_result; |
300 int flags = CertVerifier::VERIFY_REV_CHECKING_ENABLED | | 300 int flags = CertVerifier::VERIFY_REV_CHECKING_ENABLED | |
301 CertVerifier::VERIFY_EV_CERT; | 301 CertVerifier::VERIFY_EV_CERT; |
(...skipping 59 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
361 #if defined(OS_WIN) | 361 #if defined(OS_WIN) |
362 use_ecdsa = base::win::GetVersion() > base::win::VERSION_XP; | 362 use_ecdsa = base::win::GetVersion() > base::win::VERSION_XP; |
363 #endif | 363 #endif |
364 | 364 |
365 if (use_ecdsa) | 365 if (use_ecdsa) |
366 key_types.push_back("prime256v1-ecdsa"); | 366 key_types.push_back("prime256v1-ecdsa"); |
367 | 367 |
368 // Add the root that signed the intermediates for this test. | 368 // Add the root that signed the intermediates for this test. |
369 scoped_refptr<X509Certificate> root_cert = | 369 scoped_refptr<X509Certificate> root_cert = |
370 ImportCertFromFile(certs_dir, "2048-rsa-root.pem"); | 370 ImportCertFromFile(certs_dir, "2048-rsa-root.pem"); |
371 ASSERT_NE(static_cast<X509Certificate*>(NULL), root_cert); | 371 ASSERT_NE(static_cast<X509Certificate*>(NULL), root_cert.get()); |
372 ScopedTestRoot scoped_root(root_cert.get()); | 372 ScopedTestRoot scoped_root(root_cert.get()); |
373 | 373 |
374 // Now test each chain. | 374 // Now test each chain. |
375 for (Strings::const_iterator ee_type = key_types.begin(); | 375 for (Strings::const_iterator ee_type = key_types.begin(); |
376 ee_type != key_types.end(); ++ee_type) { | 376 ee_type != key_types.end(); ++ee_type) { |
377 for (Strings::const_iterator signer_type = key_types.begin(); | 377 for (Strings::const_iterator signer_type = key_types.begin(); |
378 signer_type != key_types.end(); ++signer_type) { | 378 signer_type != key_types.end(); ++signer_type) { |
379 std::string basename = *ee_type + "-ee-by-" + *signer_type + | 379 std::string basename = *ee_type + "-ee-by-" + *signer_type + |
380 "-intermediate.pem"; | 380 "-intermediate.pem"; |
381 SCOPED_TRACE(basename); | 381 SCOPED_TRACE(basename); |
382 scoped_refptr<X509Certificate> ee_cert = | 382 scoped_refptr<X509Certificate> ee_cert = |
383 ImportCertFromFile(certs_dir, basename); | 383 ImportCertFromFile(certs_dir, basename); |
384 ASSERT_NE(static_cast<X509Certificate*>(NULL), ee_cert); | 384 ASSERT_NE(static_cast<X509Certificate*>(NULL), ee_cert.get()); |
385 | 385 |
386 basename = *signer_type + "-intermediate.pem"; | 386 basename = *signer_type + "-intermediate.pem"; |
387 scoped_refptr<X509Certificate> intermediate = | 387 scoped_refptr<X509Certificate> intermediate = |
388 ImportCertFromFile(certs_dir, basename); | 388 ImportCertFromFile(certs_dir, basename); |
389 ASSERT_NE(static_cast<X509Certificate*>(NULL), intermediate); | 389 ASSERT_NE(static_cast<X509Certificate*>(NULL), intermediate.get()); |
390 | 390 |
391 X509Certificate::OSCertHandles intermediates; | 391 X509Certificate::OSCertHandles intermediates; |
392 intermediates.push_back(intermediate->os_cert_handle()); | 392 intermediates.push_back(intermediate->os_cert_handle()); |
393 scoped_refptr<X509Certificate> cert_chain = | 393 scoped_refptr<X509Certificate> cert_chain = |
394 X509Certificate::CreateFromHandle(ee_cert->os_cert_handle(), | 394 X509Certificate::CreateFromHandle(ee_cert->os_cert_handle(), |
395 intermediates); | 395 intermediates); |
396 | 396 |
397 CertVerifyResult verify_result; | 397 CertVerifyResult verify_result; |
398 int error = Verify(cert_chain.get(), | 398 int error = Verify(cert_chain.get(), |
399 "127.0.0.1", | 399 "127.0.0.1", |
(...skipping 73 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
473 | 473 |
474 EXPECT_FALSE(verify_result.has_md5); | 474 EXPECT_FALSE(verify_result.has_md5); |
475 } | 475 } |
476 | 476 |
477 // Test for bug 94673. | 477 // Test for bug 94673. |
478 TEST_F(CertVerifyProcTest, GoogleDigiNotarTest) { | 478 TEST_F(CertVerifyProcTest, GoogleDigiNotarTest) { |
479 base::FilePath certs_dir = GetTestCertsDirectory(); | 479 base::FilePath certs_dir = GetTestCertsDirectory(); |
480 | 480 |
481 scoped_refptr<X509Certificate> server_cert = | 481 scoped_refptr<X509Certificate> server_cert = |
482 ImportCertFromFile(certs_dir, "google_diginotar.pem"); | 482 ImportCertFromFile(certs_dir, "google_diginotar.pem"); |
483 ASSERT_NE(static_cast<X509Certificate*>(NULL), server_cert); | 483 ASSERT_NE(static_cast<X509Certificate*>(NULL), server_cert.get()); |
484 | 484 |
485 scoped_refptr<X509Certificate> intermediate_cert = | 485 scoped_refptr<X509Certificate> intermediate_cert = |
486 ImportCertFromFile(certs_dir, "diginotar_public_ca_2025.pem"); | 486 ImportCertFromFile(certs_dir, "diginotar_public_ca_2025.pem"); |
487 ASSERT_NE(static_cast<X509Certificate*>(NULL), intermediate_cert); | 487 ASSERT_NE(static_cast<X509Certificate*>(NULL), intermediate_cert.get()); |
488 | 488 |
489 X509Certificate::OSCertHandles intermediates; | 489 X509Certificate::OSCertHandles intermediates; |
490 intermediates.push_back(intermediate_cert->os_cert_handle()); | 490 intermediates.push_back(intermediate_cert->os_cert_handle()); |
491 scoped_refptr<X509Certificate> cert_chain = | 491 scoped_refptr<X509Certificate> cert_chain = |
492 X509Certificate::CreateFromHandle(server_cert->os_cert_handle(), | 492 X509Certificate::CreateFromHandle(server_cert->os_cert_handle(), |
493 intermediates); | 493 intermediates); |
494 | 494 |
495 CertVerifyResult verify_result; | 495 CertVerifyResult verify_result; |
496 int flags = CertVerifier::VERIFY_REV_CHECKING_ENABLED; | 496 int flags = CertVerifier::VERIFY_REV_CHECKING_ENABLED; |
497 int error = Verify(cert_chain.get(), | 497 int error = Verify(cert_chain.get(), |
(...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
548 "Public key not blocked for " << kDigiNotarFilenames[i]; | 548 "Public key not blocked for " << kDigiNotarFilenames[i]; |
549 } | 549 } |
550 } | 550 } |
551 | 551 |
552 TEST_F(CertVerifyProcTest, NameConstraintsOk) { | 552 TEST_F(CertVerifyProcTest, NameConstraintsOk) { |
553 CertificateList ca_cert_list = | 553 CertificateList ca_cert_list = |
554 CreateCertificateListFromFile(GetTestCertsDirectory(), | 554 CreateCertificateListFromFile(GetTestCertsDirectory(), |
555 "root_ca_cert.pem", | 555 "root_ca_cert.pem", |
556 X509Certificate::FORMAT_AUTO); | 556 X509Certificate::FORMAT_AUTO); |
557 ASSERT_EQ(1U, ca_cert_list.size()); | 557 ASSERT_EQ(1U, ca_cert_list.size()); |
558 ScopedTestRoot test_root(ca_cert_list[0]); | 558 ScopedTestRoot test_root(ca_cert_list[0].get()); |
559 | 559 |
560 CertificateList cert_list = CreateCertificateListFromFile( | 560 CertificateList cert_list = CreateCertificateListFromFile( |
561 GetTestCertsDirectory(), "name_constraint_ok.crt", | 561 GetTestCertsDirectory(), "name_constraint_ok.crt", |
562 X509Certificate::FORMAT_AUTO); | 562 X509Certificate::FORMAT_AUTO); |
563 ASSERT_EQ(1U, cert_list.size()); | 563 ASSERT_EQ(1U, cert_list.size()); |
564 | 564 |
565 X509Certificate::OSCertHandles intermediates; | 565 X509Certificate::OSCertHandles intermediates; |
566 scoped_refptr<X509Certificate> leaf = | 566 scoped_refptr<X509Certificate> leaf = |
567 X509Certificate::CreateFromHandle(cert_list[0]->os_cert_handle(), | 567 X509Certificate::CreateFromHandle(cert_list[0]->os_cert_handle(), |
568 intermediates); | 568 intermediates); |
(...skipping 14 matching lines...) Expand all Loading... |
583 if (!SupportsReturningVerifiedChain()) { | 583 if (!SupportsReturningVerifiedChain()) { |
584 LOG(INFO) << "Skipping this test in this platform."; | 584 LOG(INFO) << "Skipping this test in this platform."; |
585 return; | 585 return; |
586 } | 586 } |
587 | 587 |
588 CertificateList ca_cert_list = | 588 CertificateList ca_cert_list = |
589 CreateCertificateListFromFile(GetTestCertsDirectory(), | 589 CreateCertificateListFromFile(GetTestCertsDirectory(), |
590 "root_ca_cert.pem", | 590 "root_ca_cert.pem", |
591 X509Certificate::FORMAT_AUTO); | 591 X509Certificate::FORMAT_AUTO); |
592 ASSERT_EQ(1U, ca_cert_list.size()); | 592 ASSERT_EQ(1U, ca_cert_list.size()); |
593 ScopedTestRoot test_root(ca_cert_list[0]); | 593 ScopedTestRoot test_root(ca_cert_list[0].get()); |
594 | 594 |
595 CertificateList cert_list = CreateCertificateListFromFile( | 595 CertificateList cert_list = CreateCertificateListFromFile( |
596 GetTestCertsDirectory(), "name_constraint_bad.crt", | 596 GetTestCertsDirectory(), "name_constraint_bad.crt", |
597 X509Certificate::FORMAT_AUTO); | 597 X509Certificate::FORMAT_AUTO); |
598 ASSERT_EQ(1U, cert_list.size()); | 598 ASSERT_EQ(1U, cert_list.size()); |
599 | 599 |
600 X509Certificate::OSCertHandles intermediates; | 600 X509Certificate::OSCertHandles intermediates; |
601 scoped_refptr<X509Certificate> leaf = | 601 scoped_refptr<X509Certificate> leaf = |
602 X509Certificate::CreateFromHandle(cert_list[0]->os_cert_handle(), | 602 X509Certificate::CreateFromHandle(cert_list[0]->os_cert_handle(), |
603 intermediates); | 603 intermediates); |
(...skipping 105 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
709 } | 709 } |
710 | 710 |
711 // A regression test for http://crbug.com/70293. | 711 // A regression test for http://crbug.com/70293. |
712 // The Key Usage extension in this RSA SSL server certificate does not have | 712 // The Key Usage extension in this RSA SSL server certificate does not have |
713 // the keyEncipherment bit. | 713 // the keyEncipherment bit. |
714 TEST_F(CertVerifyProcTest, InvalidKeyUsage) { | 714 TEST_F(CertVerifyProcTest, InvalidKeyUsage) { |
715 base::FilePath certs_dir = GetTestCertsDirectory(); | 715 base::FilePath certs_dir = GetTestCertsDirectory(); |
716 | 716 |
717 scoped_refptr<X509Certificate> server_cert = | 717 scoped_refptr<X509Certificate> server_cert = |
718 ImportCertFromFile(certs_dir, "invalid_key_usage_cert.der"); | 718 ImportCertFromFile(certs_dir, "invalid_key_usage_cert.der"); |
719 ASSERT_NE(static_cast<X509Certificate*>(NULL), server_cert); | 719 ASSERT_NE(static_cast<X509Certificate*>(NULL), server_cert.get()); |
720 | 720 |
721 int flags = 0; | 721 int flags = 0; |
722 CertVerifyResult verify_result; | 722 CertVerifyResult verify_result; |
723 int error = Verify(server_cert.get(), | 723 int error = Verify(server_cert.get(), |
724 "jira.aquameta.com", | 724 "jira.aquameta.com", |
725 flags, | 725 flags, |
726 NULL, | 726 NULL, |
727 empty_cert_list_, | 727 empty_cert_list_, |
728 &verify_result); | 728 &verify_result); |
729 #if defined(USE_OPENSSL_CERTS) && !defined(OS_ANDROID) | 729 #if defined(USE_OPENSSL_CERTS) && !defined(OS_ANDROID) |
(...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
763 | 763 |
764 X509Certificate::OSCertHandles intermediates; | 764 X509Certificate::OSCertHandles intermediates; |
765 intermediates.push_back(certs[1]->os_cert_handle()); | 765 intermediates.push_back(certs[1]->os_cert_handle()); |
766 intermediates.push_back(certs[2]->os_cert_handle()); | 766 intermediates.push_back(certs[2]->os_cert_handle()); |
767 | 767 |
768 ScopedTestRoot scoped_root(certs[2].get()); | 768 ScopedTestRoot scoped_root(certs[2].get()); |
769 | 769 |
770 scoped_refptr<X509Certificate> google_full_chain = | 770 scoped_refptr<X509Certificate> google_full_chain = |
771 X509Certificate::CreateFromHandle(certs[0]->os_cert_handle(), | 771 X509Certificate::CreateFromHandle(certs[0]->os_cert_handle(), |
772 intermediates); | 772 intermediates); |
773 ASSERT_NE(static_cast<X509Certificate*>(NULL), google_full_chain); | 773 ASSERT_NE(static_cast<X509Certificate*>(NULL), google_full_chain.get()); |
774 ASSERT_EQ(2U, google_full_chain->GetIntermediateCertificates().size()); | 774 ASSERT_EQ(2U, google_full_chain->GetIntermediateCertificates().size()); |
775 | 775 |
776 CertVerifyResult verify_result; | 776 CertVerifyResult verify_result; |
777 EXPECT_EQ(static_cast<X509Certificate*>(NULL), verify_result.verified_cert); | 777 EXPECT_EQ(static_cast<X509Certificate*>(NULL), |
| 778 verify_result.verified_cert.get()); |
778 int error = Verify(google_full_chain.get(), | 779 int error = Verify(google_full_chain.get(), |
779 "127.0.0.1", | 780 "127.0.0.1", |
780 0, | 781 0, |
781 NULL, | 782 NULL, |
782 empty_cert_list_, | 783 empty_cert_list_, |
783 &verify_result); | 784 &verify_result); |
784 EXPECT_EQ(OK, error); | 785 EXPECT_EQ(OK, error); |
785 ASSERT_NE(static_cast<X509Certificate*>(NULL), verify_result.verified_cert); | 786 ASSERT_NE(static_cast<X509Certificate*>(NULL), |
| 787 verify_result.verified_cert.get()); |
786 | 788 |
787 EXPECT_NE(google_full_chain, verify_result.verified_cert); | 789 EXPECT_NE(google_full_chain, verify_result.verified_cert); |
788 EXPECT_TRUE(X509Certificate::IsSameOSCert( | 790 EXPECT_TRUE(X509Certificate::IsSameOSCert( |
789 google_full_chain->os_cert_handle(), | 791 google_full_chain->os_cert_handle(), |
790 verify_result.verified_cert->os_cert_handle())); | 792 verify_result.verified_cert->os_cert_handle())); |
791 const X509Certificate::OSCertHandles& return_intermediates = | 793 const X509Certificate::OSCertHandles& return_intermediates = |
792 verify_result.verified_cert->GetIntermediateCertificates(); | 794 verify_result.verified_cert->GetIntermediateCertificates(); |
793 ASSERT_EQ(2U, return_intermediates.size()); | 795 ASSERT_EQ(2U, return_intermediates.size()); |
794 EXPECT_TRUE(X509Certificate::IsSameOSCert(return_intermediates[0], | 796 EXPECT_TRUE(X509Certificate::IsSameOSCert(return_intermediates[0], |
795 certs[1]->os_cert_handle())); | 797 certs[1]->os_cert_handle())); |
(...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
851 // Construct the chain out of order. | 853 // Construct the chain out of order. |
852 X509Certificate::OSCertHandles intermediates; | 854 X509Certificate::OSCertHandles intermediates; |
853 intermediates.push_back(certs[2]->os_cert_handle()); | 855 intermediates.push_back(certs[2]->os_cert_handle()); |
854 intermediates.push_back(certs[1]->os_cert_handle()); | 856 intermediates.push_back(certs[1]->os_cert_handle()); |
855 | 857 |
856 ScopedTestRoot scoped_root(certs[2].get()); | 858 ScopedTestRoot scoped_root(certs[2].get()); |
857 | 859 |
858 scoped_refptr<X509Certificate> google_full_chain = | 860 scoped_refptr<X509Certificate> google_full_chain = |
859 X509Certificate::CreateFromHandle(certs[0]->os_cert_handle(), | 861 X509Certificate::CreateFromHandle(certs[0]->os_cert_handle(), |
860 intermediates); | 862 intermediates); |
861 ASSERT_NE(static_cast<X509Certificate*>(NULL), google_full_chain); | 863 ASSERT_NE(static_cast<X509Certificate*>(NULL), google_full_chain.get()); |
862 ASSERT_EQ(2U, google_full_chain->GetIntermediateCertificates().size()); | 864 ASSERT_EQ(2U, google_full_chain->GetIntermediateCertificates().size()); |
863 | 865 |
864 CertVerifyResult verify_result; | 866 CertVerifyResult verify_result; |
865 EXPECT_EQ(static_cast<X509Certificate*>(NULL), verify_result.verified_cert); | 867 EXPECT_EQ(static_cast<X509Certificate*>(NULL), |
| 868 verify_result.verified_cert.get()); |
866 int error = Verify(google_full_chain.get(), | 869 int error = Verify(google_full_chain.get(), |
867 "127.0.0.1", | 870 "127.0.0.1", |
868 0, | 871 0, |
869 NULL, | 872 NULL, |
870 empty_cert_list_, | 873 empty_cert_list_, |
871 &verify_result); | 874 &verify_result); |
872 EXPECT_EQ(OK, error); | 875 EXPECT_EQ(OK, error); |
873 ASSERT_NE(static_cast<X509Certificate*>(NULL), verify_result.verified_cert); | 876 ASSERT_NE(static_cast<X509Certificate*>(NULL), |
| 877 verify_result.verified_cert.get()); |
874 | 878 |
875 EXPECT_NE(google_full_chain, verify_result.verified_cert); | 879 EXPECT_NE(google_full_chain, verify_result.verified_cert); |
876 EXPECT_TRUE(X509Certificate::IsSameOSCert( | 880 EXPECT_TRUE(X509Certificate::IsSameOSCert( |
877 google_full_chain->os_cert_handle(), | 881 google_full_chain->os_cert_handle(), |
878 verify_result.verified_cert->os_cert_handle())); | 882 verify_result.verified_cert->os_cert_handle())); |
879 const X509Certificate::OSCertHandles& return_intermediates = | 883 const X509Certificate::OSCertHandles& return_intermediates = |
880 verify_result.verified_cert->GetIntermediateCertificates(); | 884 verify_result.verified_cert->GetIntermediateCertificates(); |
881 ASSERT_EQ(2U, return_intermediates.size()); | 885 ASSERT_EQ(2U, return_intermediates.size()); |
882 EXPECT_TRUE(X509Certificate::IsSameOSCert(return_intermediates[0], | 886 EXPECT_TRUE(X509Certificate::IsSameOSCert(return_intermediates[0], |
883 certs[1]->os_cert_handle())); | 887 certs[1]->os_cert_handle())); |
(...skipping 13 matching lines...) Expand all Loading... |
897 CertificateList certs = CreateCertificateListFromFile( | 901 CertificateList certs = CreateCertificateListFromFile( |
898 certs_dir, "x509_verify_results.chain.pem", | 902 certs_dir, "x509_verify_results.chain.pem", |
899 X509Certificate::FORMAT_AUTO); | 903 X509Certificate::FORMAT_AUTO); |
900 ASSERT_EQ(3U, certs.size()); | 904 ASSERT_EQ(3U, certs.size()); |
901 ScopedTestRoot scoped_root(certs[2].get()); | 905 ScopedTestRoot scoped_root(certs[2].get()); |
902 | 906 |
903 scoped_refptr<X509Certificate> unrelated_certificate = | 907 scoped_refptr<X509Certificate> unrelated_certificate = |
904 ImportCertFromFile(certs_dir, "duplicate_cn_1.pem"); | 908 ImportCertFromFile(certs_dir, "duplicate_cn_1.pem"); |
905 scoped_refptr<X509Certificate> unrelated_certificate2 = | 909 scoped_refptr<X509Certificate> unrelated_certificate2 = |
906 ImportCertFromFile(certs_dir, "aia-cert.pem"); | 910 ImportCertFromFile(certs_dir, "aia-cert.pem"); |
907 ASSERT_NE(static_cast<X509Certificate*>(NULL), unrelated_certificate); | 911 ASSERT_NE(static_cast<X509Certificate*>(NULL), unrelated_certificate.get()); |
908 ASSERT_NE(static_cast<X509Certificate*>(NULL), unrelated_certificate2); | 912 ASSERT_NE(static_cast<X509Certificate*>(NULL), unrelated_certificate2.get()); |
909 | 913 |
910 // Interject unrelated certificates into the list of intermediates. | 914 // Interject unrelated certificates into the list of intermediates. |
911 X509Certificate::OSCertHandles intermediates; | 915 X509Certificate::OSCertHandles intermediates; |
912 intermediates.push_back(unrelated_certificate->os_cert_handle()); | 916 intermediates.push_back(unrelated_certificate->os_cert_handle()); |
913 intermediates.push_back(certs[1]->os_cert_handle()); | 917 intermediates.push_back(certs[1]->os_cert_handle()); |
914 intermediates.push_back(unrelated_certificate2->os_cert_handle()); | 918 intermediates.push_back(unrelated_certificate2->os_cert_handle()); |
915 intermediates.push_back(certs[2]->os_cert_handle()); | 919 intermediates.push_back(certs[2]->os_cert_handle()); |
916 | 920 |
917 scoped_refptr<X509Certificate> google_full_chain = | 921 scoped_refptr<X509Certificate> google_full_chain = |
918 X509Certificate::CreateFromHandle(certs[0]->os_cert_handle(), | 922 X509Certificate::CreateFromHandle(certs[0]->os_cert_handle(), |
919 intermediates); | 923 intermediates); |
920 ASSERT_NE(static_cast<X509Certificate*>(NULL), google_full_chain); | 924 ASSERT_NE(static_cast<X509Certificate*>(NULL), google_full_chain.get()); |
921 ASSERT_EQ(4U, google_full_chain->GetIntermediateCertificates().size()); | 925 ASSERT_EQ(4U, google_full_chain->GetIntermediateCertificates().size()); |
922 | 926 |
923 CertVerifyResult verify_result; | 927 CertVerifyResult verify_result; |
924 EXPECT_EQ(static_cast<X509Certificate*>(NULL), verify_result.verified_cert); | 928 EXPECT_EQ(static_cast<X509Certificate*>(NULL), |
| 929 verify_result.verified_cert.get()); |
925 int error = Verify(google_full_chain.get(), | 930 int error = Verify(google_full_chain.get(), |
926 "127.0.0.1", | 931 "127.0.0.1", |
927 0, | 932 0, |
928 NULL, | 933 NULL, |
929 empty_cert_list_, | 934 empty_cert_list_, |
930 &verify_result); | 935 &verify_result); |
931 EXPECT_EQ(OK, error); | 936 EXPECT_EQ(OK, error); |
932 ASSERT_NE(static_cast<X509Certificate*>(NULL), verify_result.verified_cert); | 937 ASSERT_NE(static_cast<X509Certificate*>(NULL), |
| 938 verify_result.verified_cert.get()); |
933 | 939 |
934 EXPECT_NE(google_full_chain, verify_result.verified_cert); | 940 EXPECT_NE(google_full_chain, verify_result.verified_cert); |
935 EXPECT_TRUE(X509Certificate::IsSameOSCert( | 941 EXPECT_TRUE(X509Certificate::IsSameOSCert( |
936 google_full_chain->os_cert_handle(), | 942 google_full_chain->os_cert_handle(), |
937 verify_result.verified_cert->os_cert_handle())); | 943 verify_result.verified_cert->os_cert_handle())); |
938 const X509Certificate::OSCertHandles& return_intermediates = | 944 const X509Certificate::OSCertHandles& return_intermediates = |
939 verify_result.verified_cert->GetIntermediateCertificates(); | 945 verify_result.verified_cert->GetIntermediateCertificates(); |
940 ASSERT_EQ(2U, return_intermediates.size()); | 946 ASSERT_EQ(2U, return_intermediates.size()); |
941 EXPECT_TRUE(X509Certificate::IsSameOSCert(return_intermediates[0], | 947 EXPECT_TRUE(X509Certificate::IsSameOSCert(return_intermediates[0], |
942 certs[1]->os_cert_handle())); | 948 certs[1]->os_cert_handle())); |
(...skipping 249 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1192 }; | 1198 }; |
1193 | 1199 |
1194 // Test that CRLSets are effective in making a certificate appear to be | 1200 // Test that CRLSets are effective in making a certificate appear to be |
1195 // revoked. | 1201 // revoked. |
1196 TEST_F(CertVerifyProcTest, CRLSet) { | 1202 TEST_F(CertVerifyProcTest, CRLSet) { |
1197 CertificateList ca_cert_list = | 1203 CertificateList ca_cert_list = |
1198 CreateCertificateListFromFile(GetTestCertsDirectory(), | 1204 CreateCertificateListFromFile(GetTestCertsDirectory(), |
1199 "root_ca_cert.pem", | 1205 "root_ca_cert.pem", |
1200 X509Certificate::FORMAT_AUTO); | 1206 X509Certificate::FORMAT_AUTO); |
1201 ASSERT_EQ(1U, ca_cert_list.size()); | 1207 ASSERT_EQ(1U, ca_cert_list.size()); |
1202 ScopedTestRoot test_root(ca_cert_list[0]); | 1208 ScopedTestRoot test_root(ca_cert_list[0].get()); |
1203 | 1209 |
1204 CertificateList cert_list = CreateCertificateListFromFile( | 1210 CertificateList cert_list = CreateCertificateListFromFile( |
1205 GetTestCertsDirectory(), "ok_cert.pem", X509Certificate::FORMAT_AUTO); | 1211 GetTestCertsDirectory(), "ok_cert.pem", X509Certificate::FORMAT_AUTO); |
1206 ASSERT_EQ(1U, cert_list.size()); | 1212 ASSERT_EQ(1U, cert_list.size()); |
1207 scoped_refptr<X509Certificate> cert(cert_list[0]); | 1213 scoped_refptr<X509Certificate> cert(cert_list[0]); |
1208 | 1214 |
1209 int flags = 0; | 1215 int flags = 0; |
1210 CertVerifyResult verify_result; | 1216 CertVerifyResult verify_result; |
1211 int error = Verify( | 1217 int error = Verify( |
1212 cert.get(), "127.0.0.1", flags, NULL, empty_cert_list_, &verify_result); | 1218 cert.get(), "127.0.0.1", flags, NULL, empty_cert_list_, &verify_result); |
(...skipping 30 matching lines...) Expand all Loading... |
1243 &verify_result); | 1249 &verify_result); |
1244 EXPECT_EQ(ERR_CERT_REVOKED, error); | 1250 EXPECT_EQ(ERR_CERT_REVOKED, error); |
1245 } | 1251 } |
1246 | 1252 |
1247 TEST_F(CertVerifyProcTest, CRLSetLeafSerial) { | 1253 TEST_F(CertVerifyProcTest, CRLSetLeafSerial) { |
1248 CertificateList ca_cert_list = | 1254 CertificateList ca_cert_list = |
1249 CreateCertificateListFromFile(GetTestCertsDirectory(), | 1255 CreateCertificateListFromFile(GetTestCertsDirectory(), |
1250 "quic_root.crt", | 1256 "quic_root.crt", |
1251 X509Certificate::FORMAT_AUTO); | 1257 X509Certificate::FORMAT_AUTO); |
1252 ASSERT_EQ(1U, ca_cert_list.size()); | 1258 ASSERT_EQ(1U, ca_cert_list.size()); |
1253 ScopedTestRoot test_root(ca_cert_list[0]); | 1259 ScopedTestRoot test_root(ca_cert_list[0].get()); |
1254 | 1260 |
1255 CertificateList intermediate_cert_list = | 1261 CertificateList intermediate_cert_list = |
1256 CreateCertificateListFromFile(GetTestCertsDirectory(), | 1262 CreateCertificateListFromFile(GetTestCertsDirectory(), |
1257 "quic_intermediate.crt", | 1263 "quic_intermediate.crt", |
1258 X509Certificate::FORMAT_AUTO); | 1264 X509Certificate::FORMAT_AUTO); |
1259 ASSERT_EQ(1U, intermediate_cert_list.size()); | 1265 ASSERT_EQ(1U, intermediate_cert_list.size()); |
1260 X509Certificate::OSCertHandles intermediates; | 1266 X509Certificate::OSCertHandles intermediates; |
1261 intermediates.push_back(intermediate_cert_list[0]->os_cert_handle()); | 1267 intermediates.push_back(intermediate_cert_list[0]->os_cert_handle()); |
1262 | 1268 |
1263 CertificateList cert_list = CreateCertificateListFromFile( | 1269 CertificateList cert_list = CreateCertificateListFromFile( |
(...skipping 62 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1326 }; | 1332 }; |
1327 | 1333 |
1328 TEST_P(CertVerifyProcWeakDigestTest, Verify) { | 1334 TEST_P(CertVerifyProcWeakDigestTest, Verify) { |
1329 WeakDigestTestData data = GetParam(); | 1335 WeakDigestTestData data = GetParam(); |
1330 base::FilePath certs_dir = GetTestCertsDirectory(); | 1336 base::FilePath certs_dir = GetTestCertsDirectory(); |
1331 | 1337 |
1332 ScopedTestRoot test_root; | 1338 ScopedTestRoot test_root; |
1333 if (data.root_cert_filename) { | 1339 if (data.root_cert_filename) { |
1334 scoped_refptr<X509Certificate> root_cert = | 1340 scoped_refptr<X509Certificate> root_cert = |
1335 ImportCertFromFile(certs_dir, data.root_cert_filename); | 1341 ImportCertFromFile(certs_dir, data.root_cert_filename); |
1336 ASSERT_NE(static_cast<X509Certificate*>(NULL), root_cert); | 1342 ASSERT_NE(static_cast<X509Certificate*>(NULL), root_cert.get()); |
1337 test_root.Reset(root_cert.get()); | 1343 test_root.Reset(root_cert.get()); |
1338 } | 1344 } |
1339 | 1345 |
1340 scoped_refptr<X509Certificate> intermediate_cert = | 1346 scoped_refptr<X509Certificate> intermediate_cert = |
1341 ImportCertFromFile(certs_dir, data.intermediate_cert_filename); | 1347 ImportCertFromFile(certs_dir, data.intermediate_cert_filename); |
1342 ASSERT_NE(static_cast<X509Certificate*>(NULL), intermediate_cert); | 1348 ASSERT_NE(static_cast<X509Certificate*>(NULL), intermediate_cert.get()); |
1343 scoped_refptr<X509Certificate> ee_cert = | 1349 scoped_refptr<X509Certificate> ee_cert = |
1344 ImportCertFromFile(certs_dir, data.ee_cert_filename); | 1350 ImportCertFromFile(certs_dir, data.ee_cert_filename); |
1345 ASSERT_NE(static_cast<X509Certificate*>(NULL), ee_cert); | 1351 ASSERT_NE(static_cast<X509Certificate*>(NULL), ee_cert.get()); |
1346 | 1352 |
1347 X509Certificate::OSCertHandles intermediates; | 1353 X509Certificate::OSCertHandles intermediates; |
1348 intermediates.push_back(intermediate_cert->os_cert_handle()); | 1354 intermediates.push_back(intermediate_cert->os_cert_handle()); |
1349 | 1355 |
1350 scoped_refptr<X509Certificate> ee_chain = | 1356 scoped_refptr<X509Certificate> ee_chain = |
1351 X509Certificate::CreateFromHandle(ee_cert->os_cert_handle(), | 1357 X509Certificate::CreateFromHandle(ee_cert->os_cert_handle(), |
1352 intermediates); | 1358 intermediates); |
1353 ASSERT_NE(static_cast<X509Certificate*>(NULL), ee_chain); | 1359 ASSERT_NE(static_cast<X509Certificate*>(NULL), ee_chain.get()); |
1354 | 1360 |
1355 int flags = 0; | 1361 int flags = 0; |
1356 CertVerifyResult verify_result; | 1362 CertVerifyResult verify_result; |
1357 int rv = Verify(ee_chain.get(), | 1363 int rv = Verify(ee_chain.get(), |
1358 "127.0.0.1", | 1364 "127.0.0.1", |
1359 flags, | 1365 flags, |
1360 NULL, | 1366 NULL, |
1361 empty_cert_list_, | 1367 empty_cert_list_, |
1362 &verify_result); | 1368 &verify_result); |
1363 EXPECT_EQ(data.expected_has_md5, verify_result.has_md5); | 1369 EXPECT_EQ(data.expected_has_md5, verify_result.has_md5); |
(...skipping 236 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1600 EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_COMMON_NAME_INVALID); | 1606 EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_COMMON_NAME_INVALID); |
1601 } | 1607 } |
1602 } | 1608 } |
1603 | 1609 |
1604 WRAPPED_INSTANTIATE_TEST_CASE_P( | 1610 WRAPPED_INSTANTIATE_TEST_CASE_P( |
1605 VerifyName, | 1611 VerifyName, |
1606 CertVerifyProcNameTest, | 1612 CertVerifyProcNameTest, |
1607 testing::ValuesIn(kVerifyNameData)); | 1613 testing::ValuesIn(kVerifyNameData)); |
1608 | 1614 |
1609 } // namespace net | 1615 } // namespace net |
OLD | NEW |