net/base/x509_certificate_unittest.cc - Issue 6793041: net: add ability to distinguish user-added root CAs.

Side by Side Diff: net/base/x509_certificate_unittest.cc

Issue 6793041: net: add ability to distinguish user-added root CAs. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: ... Created 9 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "base/crypto/rsa_private_key.h"	5 #include "base/crypto/rsa_private_key.h"

6 #include "base/file_path.h"	6 #include "base/file_path.h"

7 #include "base/file_util.h"	7 #include "base/file_util.h"

8 #include "base/path_service.h"	8 #include "base/path_service.h"

9 #include "base/pickle.h"	9 #include "base/pickle.h"

10 #include "base/string_split.h"	10 #include "base/string_split.h"

(...skipping 463 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
474 intermediates);	474 intermediates);

475	475

476 int flags = 0;	476 int flags = 0;

477 CertVerifyResult verify_result;	477 CertVerifyResult verify_result;

478 int error = cert_chain->Verify("www.us.army.mil", flags, &verify_result);	478 int error = cert_chain->Verify("www.us.army.mil", flags, &verify_result);

479 EXPECT_EQ(OK, error);	479 EXPECT_EQ(OK, error);

480 EXPECT_EQ(0, verify_result.cert_status);	480 EXPECT_EQ(0, verify_result.cert_status);

481 root_certs->Clear();	481 root_certs->Clear();

482 }	482 }

483	483

	484 TEST(X509CertificateTest, TestProbablyMITMCert) {
	wtc 2011/04/06 04:28:38 Please document when this certificate will expire. Please document when this certificate will expire. (See examples on lines 401 and 451.) This lets people know it's fine to disable this test when it starts to fail. Alternatively, allow the cert->Verify() call to fail with the ERR_CERT_DATE_VALID error (CERT_STATUS_DATE_VALID). You are only interested in the value of verify_result.is_probably_mitm_cert anyway. agl 2011/04/06 19:02:02 Done. Show quoted text On 2011/04/06 04:28:38, wtc wrote: > Please document when this certificate will expire. (See > examples on lines 401 and 451.) This lets people know it's > fine to disable this test when it starts to fail. > > Alternatively, allow the cert->Verify() call to fail with the > ERR_CERT_DATE_VALID error (CERT_STATUS_DATE_VALID). You > are only interested in the value of verify_result.is_probably_mitm_cert > anyway. Done.
	485 FilePath certs_dir = GetTestCertsDirectory();

	486 scoped_refptr<X509Certificate> cert =

	487 ImportCertFromFile(certs_dir, "nist.der");

	488 ASSERT_NE(static_cast<X509Certificate*>(NULL), cert);

	489

	490 int flags = 0;

	491 CertVerifyResult verify_result;

	492 int error = cert->Verify("www.nist.gov", flags, &verify_result);

	493 EXPECT_EQ(OK, error);

	494 EXPECT_EQ(0, verify_result.cert_status);

	495 EXPECT_FALSE(verify_result.is_probably_mitm_cert);

	496 }

	497

484 // A regression test for http://crbug.com/70293.	498 // A regression test for http://crbug.com/70293.

485 // The Key Usage extension in this RSA SSL server certificate does not have	499 // The Key Usage extension in this RSA SSL server certificate does not have

486 // the keyEncipherment bit.	500 // the keyEncipherment bit.

487 TEST(X509CertificateTest, InvalidKeyUsage) {	501 TEST(X509CertificateTest, InvalidKeyUsage) {

488 FilePath certs_dir = GetTestCertsDirectory();	502 FilePath certs_dir = GetTestCertsDirectory();

489	503

490 scoped_refptr<X509Certificate> server_cert =	504 scoped_refptr<X509Certificate> server_cert =

491 ImportCertFromFile(certs_dir, "invalid_key_usage_cert.der");	505 ImportCertFromFile(certs_dir, "invalid_key_usage_cert.der");

492 ASSERT_NE(static_cast<X509Certificate*>(NULL), server_cert);	506 ASSERT_NE(static_cast<X509Certificate*>(NULL), server_cert);

493	507

(...skipping 499 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
993 EXPECT_EQ(test_data.expected,	1007 EXPECT_EQ(test_data.expected,

994 X509Certificate::VerifyHostname(test_data.hostname, cert_names))	1008 X509Certificate::VerifyHostname(test_data.hostname, cert_names))

995 << "Host [" << test_data.hostname	1009 << "Host [" << test_data.hostname

996 << "], cert name [" << test_data.cert_names << "]";	1010 << "], cert name [" << test_data.cert_names << "]";

997 }	1011 }

998	1012

999 INSTANTIATE_TEST_CASE_P(, X509CertificateNameVerifyTest,	1013 INSTANTIATE_TEST_CASE_P(, X509CertificateNameVerifyTest,

1000 testing::ValuesIn(kNameVerifyTestData));	1014 testing::ValuesIn(kNameVerifyTestData));

1001	1015

1002 } // namespace net	1016 } // namespace net

OLD	NEW

« net/base/x509_certificate_nss.cc ('K') | « net/base/x509_certificate_nss.cc ('k') | net/base/x509_certificate_win.cc » ('j') | net/base/x509_certificate_win.cc » ('J')