1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "chrome/browser/safe_browsing/signature_util.h" 6 7 #include <string> 8 #include <vector> 9 10 #include "base/base_paths.h" 11 #include "base/files/file_path.h" 12 #include "base/memory/ref_counted.h" 13 #include "base/path_service.h" 14 #include "chrome/common/safe_browsing/csd.pb.h" 15 #include "net/cert/x509_cert_types.h" 16 #include "net/cert/x509_certificate.h" 17 #include "testing/gtest/include/gtest/gtest.h" 18 19 namespace safe_browsing { 20 21 class SignatureUtilWinTest : public testing::Test { 22 protected: 23 virtual void SetUp() { 24 base::FilePath source_path; 25 ASSERT_TRUE(PathService::Get(base::DIR_SOURCE_ROOT, &source_path)); 26 testdata_path_ = source_path 27 .AppendASCII("chrome") 28 .AppendASCII("test") 29 .AppendASCII("data") 30 .AppendASCII("safe_browsing") 31 .AppendASCII("download_protection"); 32 } 33 34 // Given a certificate chain protobuf, parse it into X509Certificates. 35 void ParseCertificateChain( 36 const ClientDownloadRequest_CertificateChain& chain, 37 std::vector<scoped_refptr<net::X509Certificate> >* certs) { 38 for (int i = 0; i < chain.element_size(); ++i) { 39 certs->push_back( 40 net::X509Certificate::CreateFromBytes( 41 chain.element(i).certificate().data(), 42 chain.element(i).certificate().size())); 43 } 44 } 45 46 base::FilePath testdata_path_; 47 }; 48 49 TEST_F(SignatureUtilWinTest, UntrustedSignedBinary) { 50 // signed.exe is signed by an untrusted root CA. 51 scoped_refptr<SignatureUtil> signature_util(new SignatureUtil()); 52 ClientDownloadRequest_SignatureInfo signature_info; 53 signature_util->CheckSignature(testdata_path_.Append(L"signed.exe"), 54 &signature_info); 55 ASSERT_EQ(1, signature_info.certificate_chain_size()); 56 std::vector<scoped_refptr<net::X509Certificate> > certs; 57 ParseCertificateChain(signature_info.certificate_chain(0), &certs); 58 ASSERT_EQ(2, certs.size()); 59 EXPECT_EQ("Joe's-Software-Emporium", certs[0]->subject().common_name); 60 EXPECT_EQ("Root Agency", certs[1]->subject().common_name); 61 62 EXPECT_TRUE(signature_info.has_trusted()); 63 EXPECT_FALSE(signature_info.trusted()); 64 } 65 66 TEST_F(SignatureUtilWinTest, TrustedBinary) { 67 // wow_helper.exe is signed using Google's signing certifiacte. 68 scoped_refptr<SignatureUtil> signature_util(new SignatureUtil()); 69 ClientDownloadRequest_SignatureInfo signature_info; 70 signature_util->CheckSignature(testdata_path_.Append(L"wow_helper.exe"), 71 &signature_info); 72 ASSERT_EQ(1, signature_info.certificate_chain_size()); 73 std::vector<scoped_refptr<net::X509Certificate> > certs; 74 ParseCertificateChain(signature_info.certificate_chain(0), &certs); 75 ASSERT_EQ(3, certs.size()); 76 77 EXPECT_EQ("Google Inc", certs[0]->subject().common_name); 78 EXPECT_EQ("VeriSign Class 3 Code Signing 2009-2 CA", 79 certs[1]->subject().common_name); 80 EXPECT_EQ("Class 3 Public Primary Certification Authority", 81 certs[2]->subject().organization_unit_names[0]); 82 83 EXPECT_TRUE(signature_info.trusted()); 84 } 85 86 TEST_F(SignatureUtilWinTest, UnsignedBinary) { 87 // unsigned.exe has no signature information. 88 scoped_refptr<SignatureUtil> signature_util(new SignatureUtil()); 89 ClientDownloadRequest_SignatureInfo signature_info; 90 signature_util->CheckSignature(testdata_path_.Append(L"unsigned.exe"), 91 &signature_info); 92 EXPECT_EQ(0, signature_info.certificate_chain_size()); 93 EXPECT_FALSE(signature_info.has_trusted()); 94 } 95 96 TEST_F(SignatureUtilWinTest, NonExistentBinary) { 97 // Test a file that doesn't exist. 98 scoped_refptr<SignatureUtil> signature_util(new SignatureUtil()); 99 ClientDownloadRequest_SignatureInfo signature_info; 100 signature_util->CheckSignature(testdata_path_.Append(L"doesnotexist.exe"), 101 &signature_info); 102 EXPECT_EQ(0, signature_info.certificate_chain_size()); 103 EXPECT_FALSE(signature_info.has_trusted()); 104 } 105 106 } // namespace safe_browsing 107