diff options
author | Iain Merrick <husky@google.com> | 2010-10-19 14:37:37 +0100 |
---|---|---|
committer | Iain Merrick <husky@google.com> | 2010-10-19 14:37:37 +0100 |
commit | 3345a6884c488ff3a535c2c9acdd33d74b37e311 (patch) | |
tree | 7784b988ef1698cb6967ea1bdf07616237716c6c /net/base/x509_certificate_unittest.cc | |
parent | efc8475837ec58186051f23bb03542620424f6ce (diff) | |
download | external_chromium-3345a6884c488ff3a535c2c9acdd33d74b37e311.zip external_chromium-3345a6884c488ff3a535c2c9acdd33d74b37e311.tar.gz external_chromium-3345a6884c488ff3a535c2c9acdd33d74b37e311.tar.bz2 |
Merge Chromium at 7.0.540.0 : Initial merge by git
Not including third_party/icu as it contains huge data files that break Gerrit, and aren't actually used.
Change-Id: I428a386e70f3b58cacd28677b8cfda282e891e15
Diffstat (limited to 'net/base/x509_certificate_unittest.cc')
-rw-r--r-- | net/base/x509_certificate_unittest.cc | 244 |
1 files changed, 222 insertions, 22 deletions
diff --git a/net/base/x509_certificate_unittest.cc b/net/base/x509_certificate_unittest.cc index 63eec15..e1319d7 100644 --- a/net/base/x509_certificate_unittest.cc +++ b/net/base/x509_certificate_unittest.cc @@ -29,8 +29,6 @@ using base::Time; namespace net { -namespace { - // Certificates for test data. They're obtained with: // // $ openssl s_client -connect [host]:443 -showcerts > /tmp/host.pem < /dev/null @@ -76,6 +74,93 @@ unsigned char unosoft_hu_fingerprint[] = { 0x25, 0x66, 0xf2, 0xec, 0x8b, 0x0f, 0xbf, 0xd8 }; +// The fingerprint of the Google certificate used in the parsing tests, +// which is newer than the one included in the x509_certificate_data.h +unsigned char google_parse_fingerprint[] = { + 0x40, 0x50, 0x62, 0xe5, 0xbe, 0xfd, 0xe4, 0xaf, 0x97, 0xe9, 0x38, 0x2a, + 0xf1, 0x6c, 0xc8, 0x7c, 0x8f, 0xb7, 0xc4, 0xe2 +}; + +// The fingerprint for the Thawte SGC certificate +unsigned char thawte_parse_fingerprint[] = { + 0xec, 0x07, 0x10, 0x03, 0xd8, 0xf5, 0xa3, 0x7f, 0x42, 0xc4, 0x55, 0x7f, + 0x65, 0x6a, 0xae, 0x86, 0x65, 0xfa, 0x4b, 0x02 +}; + +// Dec 18 00:00:00 2009 GMT +const double kGoogleParseValidFrom = 1261094400; +// Dec 18 23:59:59 2011 GMT +const double kGoogleParseValidTo = 1324252799; + +struct CertificateFormatTestData { + const char* file_name; + X509Certificate::Format format; + unsigned char* chain_fingerprints[3]; +}; + +const CertificateFormatTestData FormatTestData[] = { + // DER Parsing - single certificate, DER encoded + { "google.single.der", X509Certificate::FORMAT_SINGLE_CERTIFICATE, + { google_parse_fingerprint, + NULL, } }, + // DER parsing - single certificate, PEM encoded + { "google.single.pem", X509Certificate::FORMAT_SINGLE_CERTIFICATE, + { google_parse_fingerprint, + NULL, } }, + // PEM parsing - single certificate, PEM encoded with a PEB of + // "CERTIFICATE" + { "google.single.pem", X509Certificate::FORMAT_PEM_CERT_SEQUENCE, + { google_parse_fingerprint, + NULL, } }, + // PEM parsing - sequence of certificates, PEM encoded with a PEB of + // "CERTIFICATE" + { "google.chain.pem", X509Certificate::FORMAT_PEM_CERT_SEQUENCE, + { google_parse_fingerprint, + thawte_parse_fingerprint, + NULL, } }, + // PKCS#7 parsing - "degenerate" SignedData collection of certificates, DER + // encoding + { "google.binary.p7b", X509Certificate::FORMAT_PKCS7, + { google_parse_fingerprint, + thawte_parse_fingerprint, + NULL, } }, + // PKCS#7 parsing - "degenerate" SignedData collection of certificates, PEM + // encoded with a PEM PEB of "CERTIFICATE" + { "google.pem_cert.p7b", X509Certificate::FORMAT_PKCS7, + { google_parse_fingerprint, + thawte_parse_fingerprint, + NULL, } }, + // PKCS#7 parsing - "degenerate" SignedData collection of certificates, PEM + // encoded with a PEM PEB of "PKCS7" + { "google.pem_pkcs7.p7b", X509Certificate::FORMAT_PKCS7, + { google_parse_fingerprint, + thawte_parse_fingerprint, + NULL, } }, + // All of the above, this time using auto-detection + { "google.single.der", X509Certificate::FORMAT_AUTO, + { google_parse_fingerprint, + NULL, } }, + { "google.single.pem", X509Certificate::FORMAT_AUTO, + { google_parse_fingerprint, + NULL, } }, + { "google.chain.pem", X509Certificate::FORMAT_AUTO, + { google_parse_fingerprint, + thawte_parse_fingerprint, + NULL, } }, + { "google.binary.p7b", X509Certificate::FORMAT_AUTO, + { google_parse_fingerprint, + thawte_parse_fingerprint, + NULL, } }, + { "google.pem_cert.p7b", X509Certificate::FORMAT_AUTO, + { google_parse_fingerprint, + thawte_parse_fingerprint, + NULL, } }, + { "google.pem_pkcs7.p7b", X509Certificate::FORMAT_AUTO, + { google_parse_fingerprint, + thawte_parse_fingerprint, + NULL, } }, +}; + // Returns a FilePath object representing the src/net/data/ssl/certificates // directory in the source tree. FilePath GetTestCertsDirectory() { @@ -100,12 +185,22 @@ X509Certificate* ImportCertFromFile(const FilePath& certs_dir, return X509Certificate::CreateFromBytes(cert_data.data(), cert_data.size()); } -} // namespace - -TEST(X509CertificateTest, GoogleCertParsing) { - scoped_refptr<X509Certificate> google_cert = X509Certificate::CreateFromBytes( - reinterpret_cast<const char*>(google_der), sizeof(google_der)); +CertificateList CreateCertificateListFromFile( + const FilePath& certs_dir, + const std::string& cert_file, + int format) { + FilePath cert_path = certs_dir.AppendASCII(cert_file); + std::string cert_data; + if (!file_util::ReadFileToString(cert_path, &cert_data)) + return CertificateList(); + return X509Certificate::CreateCertificateListFromBytes(cert_data.data(), + cert_data.size(), + format); +} +void CheckGoogleCert(const scoped_refptr<X509Certificate>& google_cert, + unsigned char* expected_fingerprint, + double valid_from, double valid_to) { ASSERT_NE(static_cast<X509Certificate*>(NULL), google_cert); const CertPrincipal& subject = google_cert->subject(); @@ -114,7 +209,7 @@ TEST(X509CertificateTest, GoogleCertParsing) { EXPECT_EQ("California", subject.state_or_province_name); EXPECT_EQ("US", subject.country_name); EXPECT_EQ(0U, subject.street_addresses.size()); - EXPECT_EQ(1U, subject.organization_names.size()); + ASSERT_EQ(1U, subject.organization_names.size()); EXPECT_EQ("Google Inc", subject.organization_names[0]); EXPECT_EQ(0U, subject.organization_unit_names.size()); EXPECT_EQ(0U, subject.domain_components.size()); @@ -125,25 +220,25 @@ TEST(X509CertificateTest, GoogleCertParsing) { EXPECT_EQ("", issuer.state_or_province_name); EXPECT_EQ("ZA", issuer.country_name); EXPECT_EQ(0U, issuer.street_addresses.size()); - EXPECT_EQ(1U, issuer.organization_names.size()); + ASSERT_EQ(1U, issuer.organization_names.size()); EXPECT_EQ("Thawte Consulting (Pty) Ltd.", issuer.organization_names[0]); EXPECT_EQ(0U, issuer.organization_unit_names.size()); EXPECT_EQ(0U, issuer.domain_components.size()); // Use DoubleT because its epoch is the same on all platforms const Time& valid_start = google_cert->valid_start(); - EXPECT_EQ(1238192407, valid_start.ToDoubleT()); // Mar 27 22:20:07 2009 GMT + EXPECT_EQ(valid_from, valid_start.ToDoubleT()); const Time& valid_expiry = google_cert->valid_expiry(); - EXPECT_EQ(1269728407, valid_expiry.ToDoubleT()); // Mar 27 22:20:07 2010 GMT + EXPECT_EQ(valid_to, valid_expiry.ToDoubleT()); const SHA1Fingerprint& fingerprint = google_cert->fingerprint(); for (size_t i = 0; i < 20; ++i) - EXPECT_EQ(google_fingerprint[i], fingerprint.data[i]); + EXPECT_EQ(expected_fingerprint[i], fingerprint.data[i]); std::vector<std::string> dns_names; google_cert->GetDNSNames(&dns_names); - EXPECT_EQ(1U, dns_names.size()); + ASSERT_EQ(1U, dns_names.size()); EXPECT_EQ("www.google.com", dns_names[0]); #if TEST_EV @@ -156,6 +251,16 @@ TEST(X509CertificateTest, GoogleCertParsing) { #endif } +TEST(X509CertificateTest, GoogleCertParsing) { + scoped_refptr<X509Certificate> google_cert = + X509Certificate::CreateFromBytes( + reinterpret_cast<const char*>(google_der), sizeof(google_der)); + + CheckGoogleCert(google_cert, google_fingerprint, + 1238192407, // Mar 27 22:20:07 2009 GMT + 1269728407); // Mar 27 22:20:07 2010 GMT +} + TEST(X509CertificateTest, WebkitCertParsing) { scoped_refptr<X509Certificate> webkit_cert = X509Certificate::CreateFromBytes( reinterpret_cast<const char*>(webkit_der), sizeof(webkit_der)); @@ -167,9 +272,9 @@ TEST(X509CertificateTest, WebkitCertParsing) { EXPECT_EQ("California", subject.state_or_province_name); EXPECT_EQ("US", subject.country_name); EXPECT_EQ(0U, subject.street_addresses.size()); - EXPECT_EQ(1U, subject.organization_names.size()); + ASSERT_EQ(1U, subject.organization_names.size()); EXPECT_EQ("Apple Inc.", subject.organization_names[0]); - EXPECT_EQ(1U, subject.organization_unit_names.size()); + ASSERT_EQ(1U, subject.organization_unit_names.size()); EXPECT_EQ("Mac OS Forge", subject.organization_unit_names[0]); EXPECT_EQ(0U, subject.domain_components.size()); @@ -179,9 +284,9 @@ TEST(X509CertificateTest, WebkitCertParsing) { EXPECT_EQ("Arizona", issuer.state_or_province_name); EXPECT_EQ("US", issuer.country_name); EXPECT_EQ(0U, issuer.street_addresses.size()); - EXPECT_EQ(1U, issuer.organization_names.size()); + ASSERT_EQ(1U, issuer.organization_names.size()); EXPECT_EQ("GoDaddy.com, Inc.", issuer.organization_names[0]); - EXPECT_EQ(1U, issuer.organization_unit_names.size()); + ASSERT_EQ(1U, issuer.organization_unit_names.size()); EXPECT_EQ("http://certificates.godaddy.com/repository", issuer.organization_unit_names[0]); EXPECT_EQ(0U, issuer.domain_components.size()); @@ -199,7 +304,7 @@ TEST(X509CertificateTest, WebkitCertParsing) { std::vector<std::string> dns_names; webkit_cert->GetDNSNames(&dns_names); - EXPECT_EQ(2U, dns_names.size()); + ASSERT_EQ(2U, dns_names.size()); EXPECT_EQ("*.webkit.org", dns_names[0]); EXPECT_EQ("webkit.org", dns_names[1]); @@ -224,7 +329,7 @@ TEST(X509CertificateTest, ThawteCertParsing) { EXPECT_EQ("California", subject.state_or_province_name); EXPECT_EQ("US", subject.country_name); EXPECT_EQ(0U, subject.street_addresses.size()); - EXPECT_EQ(1U, subject.organization_names.size()); + ASSERT_EQ(1U, subject.organization_names.size()); EXPECT_EQ("Thawte Inc", subject.organization_names[0]); EXPECT_EQ(0U, subject.organization_unit_names.size()); EXPECT_EQ(0U, subject.domain_components.size()); @@ -235,9 +340,9 @@ TEST(X509CertificateTest, ThawteCertParsing) { EXPECT_EQ("", issuer.state_or_province_name); EXPECT_EQ("US", issuer.country_name); EXPECT_EQ(0U, issuer.street_addresses.size()); - EXPECT_EQ(1U, issuer.organization_names.size()); + ASSERT_EQ(1U, issuer.organization_names.size()); EXPECT_EQ("thawte, Inc.", issuer.organization_names[0]); - EXPECT_EQ(1U, issuer.organization_unit_names.size()); + ASSERT_EQ(1U, issuer.organization_unit_names.size()); EXPECT_EQ("Terms of use at https://www.thawte.com/cps (c)06", issuer.organization_unit_names[0]); EXPECT_EQ(0U, issuer.domain_components.size()); @@ -255,7 +360,7 @@ TEST(X509CertificateTest, ThawteCertParsing) { std::vector<std::string> dns_names; thawte_cert->GetDNSNames(&dns_names); - EXPECT_EQ(1U, dns_names.size()); + ASSERT_EQ(1U, dns_names.size()); EXPECT_EQ("www.thawte.com", dns_names[0]); #if TEST_EV @@ -528,4 +633,99 @@ TEST(X509CertificateTest, IntermediateCertificates) { } #endif +#if defined(OS_MACOSX) +TEST(X509CertificateTest, IsIssuedBy) { + FilePath certs_dir = GetTestCertsDirectory(); + + // Test a client certificate from MIT. + scoped_refptr<X509Certificate> mit_davidben_cert = + ImportCertFromFile(certs_dir, "mit.davidben.der"); + ASSERT_NE(static_cast<X509Certificate*>(NULL), mit_davidben_cert); + + CertPrincipal mit_issuer; + mit_issuer.country_name = "US"; + mit_issuer.state_or_province_name = "Massachusetts"; + mit_issuer.organization_names.push_back( + "Massachusetts Institute of Technology"); + mit_issuer.organization_unit_names.push_back("Client CA v1"); + + // IsIssuedBy should return true even if it cannot build a chain + // with that principal. + std::vector<CertPrincipal> mit_issuers(1, mit_issuer); + EXPECT_TRUE(mit_davidben_cert->IsIssuedBy(mit_issuers)); + + // Test a client certificate from FOAF.ME. + scoped_refptr<X509Certificate> foaf_me_chromium_test_cert = + ImportCertFromFile(certs_dir, "foaf.me.chromium-test-cert.der"); + ASSERT_NE(static_cast<X509Certificate*>(NULL), foaf_me_chromium_test_cert); + + CertPrincipal foaf_issuer; + foaf_issuer.common_name = "FOAF.ME"; + foaf_issuer.locality_name = "Wimbledon"; + foaf_issuer.state_or_province_name = "LONDON"; + foaf_issuer.country_name = "GB"; + foaf_issuer.organization_names.push_back("FOAF.ME"); + + std::vector<CertPrincipal> foaf_issuers(1, foaf_issuer); + EXPECT_TRUE(foaf_me_chromium_test_cert->IsIssuedBy(foaf_issuers)); + + // And test some combinations and mismatches. + std::vector<CertPrincipal> both_issuers; + both_issuers.push_back(mit_issuer); + both_issuers.push_back(foaf_issuer); + EXPECT_TRUE(foaf_me_chromium_test_cert->IsIssuedBy(both_issuers)); + EXPECT_TRUE(mit_davidben_cert->IsIssuedBy(both_issuers)); + EXPECT_FALSE(foaf_me_chromium_test_cert->IsIssuedBy(mit_issuers)); + EXPECT_FALSE(mit_davidben_cert->IsIssuedBy(foaf_issuers)); +} +#endif // defined(OS_MACOSX) + +class X509CertificateParseTest + : public testing::TestWithParam<CertificateFormatTestData> { + public: + virtual ~X509CertificateParseTest() {} + virtual void SetUp() { + test_data_ = GetParam(); + } + virtual void TearDown() {} + + protected: + CertificateFormatTestData test_data_; +}; + +TEST_P(X509CertificateParseTest, CanParseFormat) { + FilePath certs_dir = GetTestCertsDirectory(); + CertificateList certs = CreateCertificateListFromFile( + certs_dir, test_data_.file_name, test_data_.format); + ASSERT_FALSE(certs.empty()); + ASSERT_LE(certs.size(), arraysize(test_data_.chain_fingerprints)); + CheckGoogleCert(certs.front(), google_parse_fingerprint, + kGoogleParseValidFrom, kGoogleParseValidTo); + + size_t i; + for (i = 0; i < arraysize(test_data_.chain_fingerprints); ++i) { + if (test_data_.chain_fingerprints[i] == NULL) { + // No more test certificates expected - make sure no more were + // returned before marking this test a success. + EXPECT_EQ(i, certs.size()); + break; + } + + // A cert is expected - make sure that one was parsed. + ASSERT_LT(i, certs.size()); + + // Compare the parsed certificate with the expected certificate, by + // comparing fingerprints. + const X509Certificate* cert = certs[i]; + const SHA1Fingerprint& actual_fingerprint = cert->fingerprint(); + unsigned char* expected_fingerprint = test_data_.chain_fingerprints[i]; + + for (size_t j = 0; j < 20; ++j) + EXPECT_EQ(expected_fingerprint[j], actual_fingerprint.data[j]); + } +} + +INSTANTIATE_TEST_CASE_P(, X509CertificateParseTest, + testing::ValuesIn(FormatTestData)); + } // namespace net |