diff options
| author | palmer@chromium.org <palmer@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-08-06 19:04:21 +0000 |
|---|---|---|
| committer | palmer@chromium.org <palmer@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-08-06 19:04:21 +0000 |
| commit | a7c2609a96d01f2d5f9cecd15ddc55869e8c6a75 (patch) | |
| tree | 6a2b69b0160fd4c77dbf1a91af54c48c023eb2af /net/base/cert_verify_proc_unittest.cc | |
| parent | 9939d35f9827ed0929646607cbdb071af627ac38 (diff) | |
| download | chromium_src-a7c2609a96d01f2d5f9cecd15ddc55869e8c6a75.zip chromium_src-a7c2609a96d01f2d5f9cecd15ddc55869e8c6a75.tar.gz chromium_src-a7c2609a96d01f2d5f9cecd15ddc55869e8c6a75.tar.bz2 | |
Implement SHA-256 fingerprint support.
The HTTP-based Public Key Pinning Internet Draft
(tools.ietf.org/html/draft-ietf-websec-key-pinning) requires this.
Per wtc, give the *Fingeprint* types more meaningful *HashValue* names.
Cleaning up lint along the way.
This CL reverts 149268, which reverted 149261 the previous version of this
CL. It includes a fix to the compile problem that necessitated 149268.
BUG=117914
TEST=net_unittests, unit_tests TransportSecurityPersisterTest
Review URL: https://chromiumcodereview.appspot.com/10836062
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@150124 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/base/cert_verify_proc_unittest.cc')
| -rw-r--r-- | net/base/cert_verify_proc_unittest.cc | 24 |
1 files changed, 15 insertions, 9 deletions
diff --git a/net/base/cert_verify_proc_unittest.cc b/net/base/cert_verify_proc_unittest.cc index 6898a5b..317aacc5 100644 --- a/net/base/cert_verify_proc_unittest.cc +++ b/net/base/cert_verify_proc_unittest.cc @@ -120,7 +120,7 @@ TEST_F(CertVerifyProcTest, PaypalNullCertParsing) { ASSERT_NE(static_cast<X509Certificate*>(NULL), paypal_null_cert); - const SHA1Fingerprint& fingerprint = + const SHA1HashValue& fingerprint = paypal_null_cert->fingerprint(); for (size_t i = 0; i < 20; ++i) EXPECT_EQ(paypal_null_fingerprint[i], fingerprint.data[i]); @@ -397,11 +397,13 @@ TEST_F(CertVerifyProcTest, DigiNotarCerts) { std::string spki_sha1 = base::SHA1HashString(spki.as_string()); - std::vector<SHA1Fingerprint> public_keys; - SHA1Fingerprint fingerprint; - ASSERT_EQ(sizeof(fingerprint.data), spki_sha1.size()); - memcpy(fingerprint.data, spki_sha1.data(), spki_sha1.size()); - public_keys.push_back(fingerprint); + std::vector<HashValueVector> public_keys(HASH_VALUE_TAGS_COUNT); + public_keys[HASH_VALUE_SHA1] = HashValueVector(); + HashValue fingerprint; + fingerprint.tag = HASH_VALUE_SHA1; + ASSERT_EQ(fingerprint.size(), spki_sha1.size()); + memcpy(fingerprint.data(), spki_sha1.data(), spki_sha1.size()); + public_keys[HASH_VALUE_SHA1].push_back(fingerprint); EXPECT_TRUE(CertVerifyProc::IsPublicKeyBlacklisted(public_keys)) << "Public key not blocked for " << kDigiNotarFilenames[i]; @@ -453,10 +455,14 @@ TEST_F(CertVerifyProcTest, PublicKeyHashes) { int error = Verify(cert_chain, "cert.se", flags, NULL, &verify_result); EXPECT_EQ(OK, error); EXPECT_EQ(0U, verify_result.cert_status); - ASSERT_LE(3u, verify_result.public_key_hashes.size()); - for (unsigned i = 0; i < 3; i++) { + ASSERT_LE(static_cast<size_t>(HASH_VALUE_TAGS_COUNT), + verify_result.public_key_hashes.size()); + const HashValueVector& sha1_hashes = + verify_result.public_key_hashes[HASH_VALUE_SHA1]; + ASSERT_LE(3u, sha1_hashes.size()); + for (unsigned i = 0; i < 3; ++i) { EXPECT_EQ(HexEncode(kCertSESPKIs[i], base::kSHA1Length), - HexEncode(verify_result.public_key_hashes[i].data, base::kSHA1Length)); + HexEncode(sha1_hashes[i].data(), base::kSHA1Length)); } } |