Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(23)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/cert_verify_proc_unittest.cc

Issue 503163002: Remove implicit conversions from scoped_refptr to T* in net/cert/ (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 6 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | net/cert/crl_set_storage.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/cert_verify_proc.h" 5 #include "net/cert/cert_verify_proc.h"
6 6
7 #include <vector> 7 #include <vector>
8 8
9 #include "base/callback_helpers.h" 9 #include "base/callback_helpers.h"
10 #include "base/file_util.h" 10 #include "base/file_util.h"
(...skipping 181 matching lines...) Expand 10 before | Expand all | Expand 10 after
192 EXPECT_EQ(OK, error); 192 EXPECT_EQ(OK, error);
193 EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_IS_EV); 193 EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_IS_EV);
194 } 194 }
195 195
196 TEST_F(CertVerifyProcTest, PaypalNullCertParsing) { 196 TEST_F(CertVerifyProcTest, PaypalNullCertParsing) {
197 scoped_refptr<X509Certificate> paypal_null_cert( 197 scoped_refptr<X509Certificate> paypal_null_cert(
198 X509Certificate::CreateFromBytes( 198 X509Certificate::CreateFromBytes(
199 reinterpret_cast<const char*>(paypal_null_der), 199 reinterpret_cast<const char*>(paypal_null_der),
200 sizeof(paypal_null_der))); 200 sizeof(paypal_null_der)));
201 201
202 ASSERT_NE(static_cast<X509Certificate*>(NULL), paypal_null_cert); 202 ASSERT_NE(static_cast<X509Certificate*>(NULL), paypal_null_cert.get());
203 203
204 const SHA1HashValue& fingerprint = 204 const SHA1HashValue& fingerprint =
205 paypal_null_cert->fingerprint(); 205 paypal_null_cert->fingerprint();
206 for (size_t i = 0; i < 20; ++i) 206 for (size_t i = 0; i < 20; ++i)
207 EXPECT_EQ(paypal_null_fingerprint[i], fingerprint.data[i]); 207 EXPECT_EQ(paypal_null_fingerprint[i], fingerprint.data[i]);
208 208
209 int flags = 0; 209 int flags = 0;
210 CertVerifyResult verify_result; 210 CertVerifyResult verify_result;
211 int error = Verify(paypal_null_cert.get(), 211 int error = Verify(paypal_null_cert.get(),
212 "www.paypal.com", 212 "www.paypal.com",
(...skipping 64 matching lines...) Expand 10 before | Expand all | Expand 10 after
277 // certificate revocation checking when running all of the net unit tests. 277 // certificate revocation checking when running all of the net unit tests.
278 // This test passes when run individually, but when run with all of the net 278 // This test passes when run individually, but when run with all of the net
279 // unit tests, the call to PKIXVerifyCert returns the NSS error -8180, which is 279 // unit tests, the call to PKIXVerifyCert returns the NSS error -8180, which is
280 // SEC_ERROR_REVOKED_CERTIFICATE. This indicates a lack of revocation 280 // SEC_ERROR_REVOKED_CERTIFICATE. This indicates a lack of revocation
281 // status, i.e. that the revocation check is failing for some reason. 281 // status, i.e. that the revocation check is failing for some reason.
282 TEST_F(CertVerifyProcTest, DISABLED_GlobalSignR3EVTest) { 282 TEST_F(CertVerifyProcTest, DISABLED_GlobalSignR3EVTest) {
283 base::FilePath certs_dir = GetTestCertsDirectory(); 283 base::FilePath certs_dir = GetTestCertsDirectory();
284 284
285 scoped_refptr<X509Certificate> server_cert = 285 scoped_refptr<X509Certificate> server_cert =
286 ImportCertFromFile(certs_dir, "2029_globalsign_com_cert.pem"); 286 ImportCertFromFile(certs_dir, "2029_globalsign_com_cert.pem");
287 ASSERT_NE(static_cast<X509Certificate*>(NULL), server_cert); 287 ASSERT_NE(static_cast<X509Certificate*>(NULL), server_cert.get());
288 288
289 scoped_refptr<X509Certificate> intermediate_cert = 289 scoped_refptr<X509Certificate> intermediate_cert =
290 ImportCertFromFile(certs_dir, "globalsign_ev_sha256_ca_cert.pem"); 290 ImportCertFromFile(certs_dir, "globalsign_ev_sha256_ca_cert.pem");
291 ASSERT_NE(static_cast<X509Certificate*>(NULL), intermediate_cert); 291 ASSERT_NE(static_cast<X509Certificate*>(NULL), intermediate_cert.get());
292 292
293 X509Certificate::OSCertHandles intermediates; 293 X509Certificate::OSCertHandles intermediates;
294 intermediates.push_back(intermediate_cert->os_cert_handle()); 294 intermediates.push_back(intermediate_cert->os_cert_handle());
295 scoped_refptr<X509Certificate> cert_chain = 295 scoped_refptr<X509Certificate> cert_chain =
296 X509Certificate::CreateFromHandle(server_cert->os_cert_handle(), 296 X509Certificate::CreateFromHandle(server_cert->os_cert_handle(),
297 intermediates); 297 intermediates);
298 298
299 CertVerifyResult verify_result; 299 CertVerifyResult verify_result;
300 int flags = CertVerifier::VERIFY_REV_CHECKING_ENABLED | 300 int flags = CertVerifier::VERIFY_REV_CHECKING_ENABLED |
301 CertVerifier::VERIFY_EV_CERT; 301 CertVerifier::VERIFY_EV_CERT;
(...skipping 59 matching lines...) Expand 10 before | Expand all | Expand 10 after
361 #if defined(OS_WIN) 361 #if defined(OS_WIN)
362 use_ecdsa = base::win::GetVersion() > base::win::VERSION_XP; 362 use_ecdsa = base::win::GetVersion() > base::win::VERSION_XP;
363 #endif 363 #endif
364 364
365 if (use_ecdsa) 365 if (use_ecdsa)
366 key_types.push_back("prime256v1-ecdsa"); 366 key_types.push_back("prime256v1-ecdsa");
367 367
368 // Add the root that signed the intermediates for this test. 368 // Add the root that signed the intermediates for this test.
369 scoped_refptr<X509Certificate> root_cert = 369 scoped_refptr<X509Certificate> root_cert =
370 ImportCertFromFile(certs_dir, "2048-rsa-root.pem"); 370 ImportCertFromFile(certs_dir, "2048-rsa-root.pem");
371 ASSERT_NE(static_cast<X509Certificate*>(NULL), root_cert); 371 ASSERT_NE(static_cast<X509Certificate*>(NULL), root_cert.get());
372 ScopedTestRoot scoped_root(root_cert.get()); 372 ScopedTestRoot scoped_root(root_cert.get());
373 373
374 // Now test each chain. 374 // Now test each chain.
375 for (Strings::const_iterator ee_type = key_types.begin(); 375 for (Strings::const_iterator ee_type = key_types.begin();
376 ee_type != key_types.end(); ++ee_type) { 376 ee_type != key_types.end(); ++ee_type) {
377 for (Strings::const_iterator signer_type = key_types.begin(); 377 for (Strings::const_iterator signer_type = key_types.begin();
378 signer_type != key_types.end(); ++signer_type) { 378 signer_type != key_types.end(); ++signer_type) {
379 std::string basename = *ee_type + "-ee-by-" + *signer_type + 379 std::string basename = *ee_type + "-ee-by-" + *signer_type +
380 "-intermediate.pem"; 380 "-intermediate.pem";
381 SCOPED_TRACE(basename); 381 SCOPED_TRACE(basename);
382 scoped_refptr<X509Certificate> ee_cert = 382 scoped_refptr<X509Certificate> ee_cert =
383 ImportCertFromFile(certs_dir, basename); 383 ImportCertFromFile(certs_dir, basename);
384 ASSERT_NE(static_cast<X509Certificate*>(NULL), ee_cert); 384 ASSERT_NE(static_cast<X509Certificate*>(NULL), ee_cert.get());
385 385
386 basename = *signer_type + "-intermediate.pem"; 386 basename = *signer_type + "-intermediate.pem";
387 scoped_refptr<X509Certificate> intermediate = 387 scoped_refptr<X509Certificate> intermediate =
388 ImportCertFromFile(certs_dir, basename); 388 ImportCertFromFile(certs_dir, basename);
389 ASSERT_NE(static_cast<X509Certificate*>(NULL), intermediate); 389 ASSERT_NE(static_cast<X509Certificate*>(NULL), intermediate.get());
390 390
391 X509Certificate::OSCertHandles intermediates; 391 X509Certificate::OSCertHandles intermediates;
392 intermediates.push_back(intermediate->os_cert_handle()); 392 intermediates.push_back(intermediate->os_cert_handle());
393 scoped_refptr<X509Certificate> cert_chain = 393 scoped_refptr<X509Certificate> cert_chain =
394 X509Certificate::CreateFromHandle(ee_cert->os_cert_handle(), 394 X509Certificate::CreateFromHandle(ee_cert->os_cert_handle(),
395 intermediates); 395 intermediates);
396 396
397 CertVerifyResult verify_result; 397 CertVerifyResult verify_result;
398 int error = Verify(cert_chain.get(), 398 int error = Verify(cert_chain.get(),
399 "127.0.0.1", 399 "127.0.0.1",
(...skipping 73 matching lines...) Expand 10 before | Expand all | Expand 10 after
473 473
474 EXPECT_FALSE(verify_result.has_md5); 474 EXPECT_FALSE(verify_result.has_md5);
475 } 475 }
476 476
477 // Test for bug 94673. 477 // Test for bug 94673.
478 TEST_F(CertVerifyProcTest, GoogleDigiNotarTest) { 478 TEST_F(CertVerifyProcTest, GoogleDigiNotarTest) {
479 base::FilePath certs_dir = GetTestCertsDirectory(); 479 base::FilePath certs_dir = GetTestCertsDirectory();
480 480
481 scoped_refptr<X509Certificate> server_cert = 481 scoped_refptr<X509Certificate> server_cert =
482 ImportCertFromFile(certs_dir, "google_diginotar.pem"); 482 ImportCertFromFile(certs_dir, "google_diginotar.pem");
483 ASSERT_NE(static_cast<X509Certificate*>(NULL), server_cert); 483 ASSERT_NE(static_cast<X509Certificate*>(NULL), server_cert.get());
484 484
485 scoped_refptr<X509Certificate> intermediate_cert = 485 scoped_refptr<X509Certificate> intermediate_cert =
486 ImportCertFromFile(certs_dir, "diginotar_public_ca_2025.pem"); 486 ImportCertFromFile(certs_dir, "diginotar_public_ca_2025.pem");
487 ASSERT_NE(static_cast<X509Certificate*>(NULL), intermediate_cert); 487 ASSERT_NE(static_cast<X509Certificate*>(NULL), intermediate_cert.get());
488 488
489 X509Certificate::OSCertHandles intermediates; 489 X509Certificate::OSCertHandles intermediates;
490 intermediates.push_back(intermediate_cert->os_cert_handle()); 490 intermediates.push_back(intermediate_cert->os_cert_handle());
491 scoped_refptr<X509Certificate> cert_chain = 491 scoped_refptr<X509Certificate> cert_chain =
492 X509Certificate::CreateFromHandle(server_cert->os_cert_handle(), 492 X509Certificate::CreateFromHandle(server_cert->os_cert_handle(),
493 intermediates); 493 intermediates);
494 494
495 CertVerifyResult verify_result; 495 CertVerifyResult verify_result;
496 int flags = CertVerifier::VERIFY_REV_CHECKING_ENABLED; 496 int flags = CertVerifier::VERIFY_REV_CHECKING_ENABLED;
497 int error = Verify(cert_chain.get(), 497 int error = Verify(cert_chain.get(),
(...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after
548 "Public key not blocked for " << kDigiNotarFilenames[i]; 548 "Public key not blocked for " << kDigiNotarFilenames[i];
549 } 549 }
550 } 550 }
551 551
552 TEST_F(CertVerifyProcTest, NameConstraintsOk) { 552 TEST_F(CertVerifyProcTest, NameConstraintsOk) {
553 CertificateList ca_cert_list = 553 CertificateList ca_cert_list =
554 CreateCertificateListFromFile(GetTestCertsDirectory(), 554 CreateCertificateListFromFile(GetTestCertsDirectory(),
555 "root_ca_cert.pem", 555 "root_ca_cert.pem",
556 X509Certificate::FORMAT_AUTO); 556 X509Certificate::FORMAT_AUTO);
557 ASSERT_EQ(1U, ca_cert_list.size()); 557 ASSERT_EQ(1U, ca_cert_list.size());
558 ScopedTestRoot test_root(ca_cert_list[0]); 558 ScopedTestRoot test_root(ca_cert_list[0].get());
559 559
560 CertificateList cert_list = CreateCertificateListFromFile( 560 CertificateList cert_list = CreateCertificateListFromFile(
561 GetTestCertsDirectory(), "name_constraint_ok.crt", 561 GetTestCertsDirectory(), "name_constraint_ok.crt",
562 X509Certificate::FORMAT_AUTO); 562 X509Certificate::FORMAT_AUTO);
563 ASSERT_EQ(1U, cert_list.size()); 563 ASSERT_EQ(1U, cert_list.size());
564 564
565 X509Certificate::OSCertHandles intermediates; 565 X509Certificate::OSCertHandles intermediates;
566 scoped_refptr<X509Certificate> leaf = 566 scoped_refptr<X509Certificate> leaf =
567 X509Certificate::CreateFromHandle(cert_list[0]->os_cert_handle(), 567 X509Certificate::CreateFromHandle(cert_list[0]->os_cert_handle(),
568 intermediates); 568 intermediates);
(...skipping 14 matching lines...) Expand all
583 if (!SupportsReturningVerifiedChain()) { 583 if (!SupportsReturningVerifiedChain()) {
584 LOG(INFO) << "Skipping this test in this platform."; 584 LOG(INFO) << "Skipping this test in this platform.";
585 return; 585 return;
586 } 586 }
587 587
588 CertificateList ca_cert_list = 588 CertificateList ca_cert_list =
589 CreateCertificateListFromFile(GetTestCertsDirectory(), 589 CreateCertificateListFromFile(GetTestCertsDirectory(),
590 "root_ca_cert.pem", 590 "root_ca_cert.pem",
591 X509Certificate::FORMAT_AUTO); 591 X509Certificate::FORMAT_AUTO);
592 ASSERT_EQ(1U, ca_cert_list.size()); 592 ASSERT_EQ(1U, ca_cert_list.size());
593 ScopedTestRoot test_root(ca_cert_list[0]); 593 ScopedTestRoot test_root(ca_cert_list[0].get());
594 594
595 CertificateList cert_list = CreateCertificateListFromFile( 595 CertificateList cert_list = CreateCertificateListFromFile(
596 GetTestCertsDirectory(), "name_constraint_bad.crt", 596 GetTestCertsDirectory(), "name_constraint_bad.crt",
597 X509Certificate::FORMAT_AUTO); 597 X509Certificate::FORMAT_AUTO);
598 ASSERT_EQ(1U, cert_list.size()); 598 ASSERT_EQ(1U, cert_list.size());
599 599
600 X509Certificate::OSCertHandles intermediates; 600 X509Certificate::OSCertHandles intermediates;
601 scoped_refptr<X509Certificate> leaf = 601 scoped_refptr<X509Certificate> leaf =
602 X509Certificate::CreateFromHandle(cert_list[0]->os_cert_handle(), 602 X509Certificate::CreateFromHandle(cert_list[0]->os_cert_handle(),
603 intermediates); 603 intermediates);
(...skipping 105 matching lines...) Expand 10 before | Expand all | Expand 10 after
709 } 709 }
710 710
711 // A regression test for http://crbug.com/70293. 711 // A regression test for http://crbug.com/70293.
712 // The Key Usage extension in this RSA SSL server certificate does not have 712 // The Key Usage extension in this RSA SSL server certificate does not have
713 // the keyEncipherment bit. 713 // the keyEncipherment bit.
714 TEST_F(CertVerifyProcTest, InvalidKeyUsage) { 714 TEST_F(CertVerifyProcTest, InvalidKeyUsage) {
715 base::FilePath certs_dir = GetTestCertsDirectory(); 715 base::FilePath certs_dir = GetTestCertsDirectory();
716 716
717 scoped_refptr<X509Certificate> server_cert = 717 scoped_refptr<X509Certificate> server_cert =
718 ImportCertFromFile(certs_dir, "invalid_key_usage_cert.der"); 718 ImportCertFromFile(certs_dir, "invalid_key_usage_cert.der");
719 ASSERT_NE(static_cast<X509Certificate*>(NULL), server_cert); 719 ASSERT_NE(static_cast<X509Certificate*>(NULL), server_cert.get());
720 720
721 int flags = 0; 721 int flags = 0;
722 CertVerifyResult verify_result; 722 CertVerifyResult verify_result;
723 int error = Verify(server_cert.get(), 723 int error = Verify(server_cert.get(),
724 "jira.aquameta.com", 724 "jira.aquameta.com",
725 flags, 725 flags,
726 NULL, 726 NULL,
727 empty_cert_list_, 727 empty_cert_list_,
728 &verify_result); 728 &verify_result);
729 #if defined(USE_OPENSSL_CERTS) && !defined(OS_ANDROID) 729 #if defined(USE_OPENSSL_CERTS) && !defined(OS_ANDROID)
(...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after
763 763
764 X509Certificate::OSCertHandles intermediates; 764 X509Certificate::OSCertHandles intermediates;
765 intermediates.push_back(certs[1]->os_cert_handle()); 765 intermediates.push_back(certs[1]->os_cert_handle());
766 intermediates.push_back(certs[2]->os_cert_handle()); 766 intermediates.push_back(certs[2]->os_cert_handle());
767 767
768 ScopedTestRoot scoped_root(certs[2].get()); 768 ScopedTestRoot scoped_root(certs[2].get());
769 769
770 scoped_refptr<X509Certificate> google_full_chain = 770 scoped_refptr<X509Certificate> google_full_chain =
771 X509Certificate::CreateFromHandle(certs[0]->os_cert_handle(), 771 X509Certificate::CreateFromHandle(certs[0]->os_cert_handle(),
772 intermediates); 772 intermediates);
773 ASSERT_NE(static_cast<X509Certificate*>(NULL), google_full_chain); 773 ASSERT_NE(static_cast<X509Certificate*>(NULL), google_full_chain.get());
774 ASSERT_EQ(2U, google_full_chain->GetIntermediateCertificates().size()); 774 ASSERT_EQ(2U, google_full_chain->GetIntermediateCertificates().size());
775 775
776 CertVerifyResult verify_result; 776 CertVerifyResult verify_result;
777 EXPECT_EQ(static_cast<X509Certificate*>(NULL), verify_result.verified_cert); 777 EXPECT_EQ(static_cast<X509Certificate*>(NULL),
778 verify_result.verified_cert.get());
778 int error = Verify(google_full_chain.get(), 779 int error = Verify(google_full_chain.get(),
779 "127.0.0.1", 780 "127.0.0.1",
780 0, 781 0,
781 NULL, 782 NULL,
782 empty_cert_list_, 783 empty_cert_list_,
783 &verify_result); 784 &verify_result);
784 EXPECT_EQ(OK, error); 785 EXPECT_EQ(OK, error);
785 ASSERT_NE(static_cast<X509Certificate*>(NULL), verify_result.verified_cert); 786 ASSERT_NE(static_cast<X509Certificate*>(NULL),
787 verify_result.verified_cert.get());
786 788
787 EXPECT_NE(google_full_chain, verify_result.verified_cert); 789 EXPECT_NE(google_full_chain, verify_result.verified_cert);
788 EXPECT_TRUE(X509Certificate::IsSameOSCert( 790 EXPECT_TRUE(X509Certificate::IsSameOSCert(
789 google_full_chain->os_cert_handle(), 791 google_full_chain->os_cert_handle(),
790 verify_result.verified_cert->os_cert_handle())); 792 verify_result.verified_cert->os_cert_handle()));
791 const X509Certificate::OSCertHandles& return_intermediates = 793 const X509Certificate::OSCertHandles& return_intermediates =
792 verify_result.verified_cert->GetIntermediateCertificates(); 794 verify_result.verified_cert->GetIntermediateCertificates();
793 ASSERT_EQ(2U, return_intermediates.size()); 795 ASSERT_EQ(2U, return_intermediates.size());
794 EXPECT_TRUE(X509Certificate::IsSameOSCert(return_intermediates[0], 796 EXPECT_TRUE(X509Certificate::IsSameOSCert(return_intermediates[0],
795 certs[1]->os_cert_handle())); 797 certs[1]->os_cert_handle()));
(...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after
851 // Construct the chain out of order. 853 // Construct the chain out of order.
852 X509Certificate::OSCertHandles intermediates; 854 X509Certificate::OSCertHandles intermediates;
853 intermediates.push_back(certs[2]->os_cert_handle()); 855 intermediates.push_back(certs[2]->os_cert_handle());
854 intermediates.push_back(certs[1]->os_cert_handle()); 856 intermediates.push_back(certs[1]->os_cert_handle());
855 857
856 ScopedTestRoot scoped_root(certs[2].get()); 858 ScopedTestRoot scoped_root(certs[2].get());
857 859
858 scoped_refptr<X509Certificate> google_full_chain = 860 scoped_refptr<X509Certificate> google_full_chain =
859 X509Certificate::CreateFromHandle(certs[0]->os_cert_handle(), 861 X509Certificate::CreateFromHandle(certs[0]->os_cert_handle(),
860 intermediates); 862 intermediates);
861 ASSERT_NE(static_cast<X509Certificate*>(NULL), google_full_chain); 863 ASSERT_NE(static_cast<X509Certificate*>(NULL), google_full_chain.get());
862 ASSERT_EQ(2U, google_full_chain->GetIntermediateCertificates().size()); 864 ASSERT_EQ(2U, google_full_chain->GetIntermediateCertificates().size());
863 865
864 CertVerifyResult verify_result; 866 CertVerifyResult verify_result;
865 EXPECT_EQ(static_cast<X509Certificate*>(NULL), verify_result.verified_cert); 867 EXPECT_EQ(static_cast<X509Certificate*>(NULL),
868 verify_result.verified_cert.get());
866 int error = Verify(google_full_chain.get(), 869 int error = Verify(google_full_chain.get(),
867 "127.0.0.1", 870 "127.0.0.1",
868 0, 871 0,
869 NULL, 872 NULL,
870 empty_cert_list_, 873 empty_cert_list_,
871 &verify_result); 874 &verify_result);
872 EXPECT_EQ(OK, error); 875 EXPECT_EQ(OK, error);
873 ASSERT_NE(static_cast<X509Certificate*>(NULL), verify_result.verified_cert); 876 ASSERT_NE(static_cast<X509Certificate*>(NULL),
877 verify_result.verified_cert.get());
874 878
875 EXPECT_NE(google_full_chain, verify_result.verified_cert); 879 EXPECT_NE(google_full_chain, verify_result.verified_cert);
876 EXPECT_TRUE(X509Certificate::IsSameOSCert( 880 EXPECT_TRUE(X509Certificate::IsSameOSCert(
877 google_full_chain->os_cert_handle(), 881 google_full_chain->os_cert_handle(),
878 verify_result.verified_cert->os_cert_handle())); 882 verify_result.verified_cert->os_cert_handle()));
879 const X509Certificate::OSCertHandles& return_intermediates = 883 const X509Certificate::OSCertHandles& return_intermediates =
880 verify_result.verified_cert->GetIntermediateCertificates(); 884 verify_result.verified_cert->GetIntermediateCertificates();
881 ASSERT_EQ(2U, return_intermediates.size()); 885 ASSERT_EQ(2U, return_intermediates.size());
882 EXPECT_TRUE(X509Certificate::IsSameOSCert(return_intermediates[0], 886 EXPECT_TRUE(X509Certificate::IsSameOSCert(return_intermediates[0],
883 certs[1]->os_cert_handle())); 887 certs[1]->os_cert_handle()));
(...skipping 13 matching lines...) Expand all
897 CertificateList certs = CreateCertificateListFromFile( 901 CertificateList certs = CreateCertificateListFromFile(
898 certs_dir, "x509_verify_results.chain.pem", 902 certs_dir, "x509_verify_results.chain.pem",
899 X509Certificate::FORMAT_AUTO); 903 X509Certificate::FORMAT_AUTO);
900 ASSERT_EQ(3U, certs.size()); 904 ASSERT_EQ(3U, certs.size());
901 ScopedTestRoot scoped_root(certs[2].get()); 905 ScopedTestRoot scoped_root(certs[2].get());
902 906
903 scoped_refptr<X509Certificate> unrelated_certificate = 907 scoped_refptr<X509Certificate> unrelated_certificate =
904 ImportCertFromFile(certs_dir, "duplicate_cn_1.pem"); 908 ImportCertFromFile(certs_dir, "duplicate_cn_1.pem");
905 scoped_refptr<X509Certificate> unrelated_certificate2 = 909 scoped_refptr<X509Certificate> unrelated_certificate2 =
906 ImportCertFromFile(certs_dir, "aia-cert.pem"); 910 ImportCertFromFile(certs_dir, "aia-cert.pem");
907 ASSERT_NE(static_cast<X509Certificate*>(NULL), unrelated_certificate); 911 ASSERT_NE(static_cast<X509Certificate*>(NULL), unrelated_certificate.get());
908 ASSERT_NE(static_cast<X509Certificate*>(NULL), unrelated_certificate2); 912 ASSERT_NE(static_cast<X509Certificate*>(NULL), unrelated_certificate2.get());
909 913
910 // Interject unrelated certificates into the list of intermediates. 914 // Interject unrelated certificates into the list of intermediates.
911 X509Certificate::OSCertHandles intermediates; 915 X509Certificate::OSCertHandles intermediates;
912 intermediates.push_back(unrelated_certificate->os_cert_handle()); 916 intermediates.push_back(unrelated_certificate->os_cert_handle());
913 intermediates.push_back(certs[1]->os_cert_handle()); 917 intermediates.push_back(certs[1]->os_cert_handle());
914 intermediates.push_back(unrelated_certificate2->os_cert_handle()); 918 intermediates.push_back(unrelated_certificate2->os_cert_handle());
915 intermediates.push_back(certs[2]->os_cert_handle()); 919 intermediates.push_back(certs[2]->os_cert_handle());
916 920
917 scoped_refptr<X509Certificate> google_full_chain = 921 scoped_refptr<X509Certificate> google_full_chain =
918 X509Certificate::CreateFromHandle(certs[0]->os_cert_handle(), 922 X509Certificate::CreateFromHandle(certs[0]->os_cert_handle(),
919 intermediates); 923 intermediates);
920 ASSERT_NE(static_cast<X509Certificate*>(NULL), google_full_chain); 924 ASSERT_NE(static_cast<X509Certificate*>(NULL), google_full_chain.get());
921 ASSERT_EQ(4U, google_full_chain->GetIntermediateCertificates().size()); 925 ASSERT_EQ(4U, google_full_chain->GetIntermediateCertificates().size());
922 926
923 CertVerifyResult verify_result; 927 CertVerifyResult verify_result;
924 EXPECT_EQ(static_cast<X509Certificate*>(NULL), verify_result.verified_cert); 928 EXPECT_EQ(static_cast<X509Certificate*>(NULL),
929 verify_result.verified_cert.get());
925 int error = Verify(google_full_chain.get(), 930 int error = Verify(google_full_chain.get(),
926 "127.0.0.1", 931 "127.0.0.1",
927 0, 932 0,
928 NULL, 933 NULL,
929 empty_cert_list_, 934 empty_cert_list_,
930 &verify_result); 935 &verify_result);
931 EXPECT_EQ(OK, error); 936 EXPECT_EQ(OK, error);
932 ASSERT_NE(static_cast<X509Certificate*>(NULL), verify_result.verified_cert); 937 ASSERT_NE(static_cast<X509Certificate*>(NULL),
938 verify_result.verified_cert.get());
933 939
934 EXPECT_NE(google_full_chain, verify_result.verified_cert); 940 EXPECT_NE(google_full_chain, verify_result.verified_cert);
935 EXPECT_TRUE(X509Certificate::IsSameOSCert( 941 EXPECT_TRUE(X509Certificate::IsSameOSCert(
936 google_full_chain->os_cert_handle(), 942 google_full_chain->os_cert_handle(),
937 verify_result.verified_cert->os_cert_handle())); 943 verify_result.verified_cert->os_cert_handle()));
938 const X509Certificate::OSCertHandles& return_intermediates = 944 const X509Certificate::OSCertHandles& return_intermediates =
939 verify_result.verified_cert->GetIntermediateCertificates(); 945 verify_result.verified_cert->GetIntermediateCertificates();
940 ASSERT_EQ(2U, return_intermediates.size()); 946 ASSERT_EQ(2U, return_intermediates.size());
941 EXPECT_TRUE(X509Certificate::IsSameOSCert(return_intermediates[0], 947 EXPECT_TRUE(X509Certificate::IsSameOSCert(return_intermediates[0],
942 certs[1]->os_cert_handle())); 948 certs[1]->os_cert_handle()));
(...skipping 249 matching lines...) Expand 10 before | Expand all | Expand 10 after
1192 }; 1198 };
1193 1199
1194 // Test that CRLSets are effective in making a certificate appear to be 1200 // Test that CRLSets are effective in making a certificate appear to be
1195 // revoked. 1201 // revoked.
1196 TEST_F(CertVerifyProcTest, CRLSet) { 1202 TEST_F(CertVerifyProcTest, CRLSet) {
1197 CertificateList ca_cert_list = 1203 CertificateList ca_cert_list =
1198 CreateCertificateListFromFile(GetTestCertsDirectory(), 1204 CreateCertificateListFromFile(GetTestCertsDirectory(),
1199 "root_ca_cert.pem", 1205 "root_ca_cert.pem",
1200 X509Certificate::FORMAT_AUTO); 1206 X509Certificate::FORMAT_AUTO);
1201 ASSERT_EQ(1U, ca_cert_list.size()); 1207 ASSERT_EQ(1U, ca_cert_list.size());
1202 ScopedTestRoot test_root(ca_cert_list[0]); 1208 ScopedTestRoot test_root(ca_cert_list[0].get());
1203 1209
1204 CertificateList cert_list = CreateCertificateListFromFile( 1210 CertificateList cert_list = CreateCertificateListFromFile(
1205 GetTestCertsDirectory(), "ok_cert.pem", X509Certificate::FORMAT_AUTO); 1211 GetTestCertsDirectory(), "ok_cert.pem", X509Certificate::FORMAT_AUTO);
1206 ASSERT_EQ(1U, cert_list.size()); 1212 ASSERT_EQ(1U, cert_list.size());
1207 scoped_refptr<X509Certificate> cert(cert_list[0]); 1213 scoped_refptr<X509Certificate> cert(cert_list[0]);
1208 1214
1209 int flags = 0; 1215 int flags = 0;
1210 CertVerifyResult verify_result; 1216 CertVerifyResult verify_result;
1211 int error = Verify( 1217 int error = Verify(
1212 cert.get(), "127.0.0.1", flags, NULL, empty_cert_list_, &verify_result); 1218 cert.get(), "127.0.0.1", flags, NULL, empty_cert_list_, &verify_result);
(...skipping 30 matching lines...) Expand all
1243 &verify_result); 1249 &verify_result);
1244 EXPECT_EQ(ERR_CERT_REVOKED, error); 1250 EXPECT_EQ(ERR_CERT_REVOKED, error);
1245 } 1251 }
1246 1252
1247 TEST_F(CertVerifyProcTest, CRLSetLeafSerial) { 1253 TEST_F(CertVerifyProcTest, CRLSetLeafSerial) {
1248 CertificateList ca_cert_list = 1254 CertificateList ca_cert_list =
1249 CreateCertificateListFromFile(GetTestCertsDirectory(), 1255 CreateCertificateListFromFile(GetTestCertsDirectory(),
1250 "quic_root.crt", 1256 "quic_root.crt",
1251 X509Certificate::FORMAT_AUTO); 1257 X509Certificate::FORMAT_AUTO);
1252 ASSERT_EQ(1U, ca_cert_list.size()); 1258 ASSERT_EQ(1U, ca_cert_list.size());
1253 ScopedTestRoot test_root(ca_cert_list[0]); 1259 ScopedTestRoot test_root(ca_cert_list[0].get());
1254 1260
1255 CertificateList intermediate_cert_list = 1261 CertificateList intermediate_cert_list =
1256 CreateCertificateListFromFile(GetTestCertsDirectory(), 1262 CreateCertificateListFromFile(GetTestCertsDirectory(),
1257 "quic_intermediate.crt", 1263 "quic_intermediate.crt",
1258 X509Certificate::FORMAT_AUTO); 1264 X509Certificate::FORMAT_AUTO);
1259 ASSERT_EQ(1U, intermediate_cert_list.size()); 1265 ASSERT_EQ(1U, intermediate_cert_list.size());
1260 X509Certificate::OSCertHandles intermediates; 1266 X509Certificate::OSCertHandles intermediates;
1261 intermediates.push_back(intermediate_cert_list[0]->os_cert_handle()); 1267 intermediates.push_back(intermediate_cert_list[0]->os_cert_handle());
1262 1268
1263 CertificateList cert_list = CreateCertificateListFromFile( 1269 CertificateList cert_list = CreateCertificateListFromFile(
(...skipping 62 matching lines...) Expand 10 before | Expand all | Expand 10 after
1326 }; 1332 };
1327 1333
1328 TEST_P(CertVerifyProcWeakDigestTest, Verify) { 1334 TEST_P(CertVerifyProcWeakDigestTest, Verify) {
1329 WeakDigestTestData data = GetParam(); 1335 WeakDigestTestData data = GetParam();
1330 base::FilePath certs_dir = GetTestCertsDirectory(); 1336 base::FilePath certs_dir = GetTestCertsDirectory();
1331 1337
1332 ScopedTestRoot test_root; 1338 ScopedTestRoot test_root;
1333 if (data.root_cert_filename) { 1339 if (data.root_cert_filename) {
1334 scoped_refptr<X509Certificate> root_cert = 1340 scoped_refptr<X509Certificate> root_cert =
1335 ImportCertFromFile(certs_dir, data.root_cert_filename); 1341 ImportCertFromFile(certs_dir, data.root_cert_filename);
1336 ASSERT_NE(static_cast<X509Certificate*>(NULL), root_cert); 1342 ASSERT_NE(static_cast<X509Certificate*>(NULL), root_cert.get());
1337 test_root.Reset(root_cert.get()); 1343 test_root.Reset(root_cert.get());
1338 } 1344 }
1339 1345
1340 scoped_refptr<X509Certificate> intermediate_cert = 1346 scoped_refptr<X509Certificate> intermediate_cert =
1341 ImportCertFromFile(certs_dir, data.intermediate_cert_filename); 1347 ImportCertFromFile(certs_dir, data.intermediate_cert_filename);
1342 ASSERT_NE(static_cast<X509Certificate*>(NULL), intermediate_cert); 1348 ASSERT_NE(static_cast<X509Certificate*>(NULL), intermediate_cert.get());
1343 scoped_refptr<X509Certificate> ee_cert = 1349 scoped_refptr<X509Certificate> ee_cert =
1344 ImportCertFromFile(certs_dir, data.ee_cert_filename); 1350 ImportCertFromFile(certs_dir, data.ee_cert_filename);
1345 ASSERT_NE(static_cast<X509Certificate*>(NULL), ee_cert); 1351 ASSERT_NE(static_cast<X509Certificate*>(NULL), ee_cert.get());
1346 1352
1347 X509Certificate::OSCertHandles intermediates; 1353 X509Certificate::OSCertHandles intermediates;
1348 intermediates.push_back(intermediate_cert->os_cert_handle()); 1354 intermediates.push_back(intermediate_cert->os_cert_handle());
1349 1355
1350 scoped_refptr<X509Certificate> ee_chain = 1356 scoped_refptr<X509Certificate> ee_chain =
1351 X509Certificate::CreateFromHandle(ee_cert->os_cert_handle(), 1357 X509Certificate::CreateFromHandle(ee_cert->os_cert_handle(),
1352 intermediates); 1358 intermediates);
1353 ASSERT_NE(static_cast<X509Certificate*>(NULL), ee_chain); 1359 ASSERT_NE(static_cast<X509Certificate*>(NULL), ee_chain.get());
1354 1360
1355 int flags = 0; 1361 int flags = 0;
1356 CertVerifyResult verify_result; 1362 CertVerifyResult verify_result;
1357 int rv = Verify(ee_chain.get(), 1363 int rv = Verify(ee_chain.get(),
1358 "127.0.0.1", 1364 "127.0.0.1",
1359 flags, 1365 flags,
1360 NULL, 1366 NULL,
1361 empty_cert_list_, 1367 empty_cert_list_,
1362 &verify_result); 1368 &verify_result);
1363 EXPECT_EQ(data.expected_has_md5, verify_result.has_md5); 1369 EXPECT_EQ(data.expected_has_md5, verify_result.has_md5);
(...skipping 236 matching lines...) Expand 10 before | Expand all | Expand 10 after
1600 EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_COMMON_NAME_INVALID); 1606 EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_COMMON_NAME_INVALID);
1601 } 1607 }
1602 } 1608 }
1603 1609
1604 WRAPPED_INSTANTIATE_TEST_CASE_P( 1610 WRAPPED_INSTANTIATE_TEST_CASE_P(
1605 VerifyName, 1611 VerifyName,
1606 CertVerifyProcNameTest, 1612 CertVerifyProcNameTest,
1607 testing::ValuesIn(kVerifyNameData)); 1613 testing::ValuesIn(kVerifyNameData));
1608 1614
1609 } // namespace net 1615 } // namespace net
OLDNEW
« no previous file with comments | « no previous file | net/cert/crl_set_storage.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698