1 // Copyright 2014 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "net/cert/sha256_legacy_support_win.h" 6 7 #include "base/memory/ref_counted.h" 8 #include "net/base/test_data_directory.h" 9 #include "net/cert/x509_certificate.h" 10 #include "net/test/cert_test_util.h" 11 #include "testing/gtest/include/gtest/gtest.h" 12 13 namespace net { 14 15 namespace sha256_interception { 16 17 namespace { 18 19 // Verifies that SHA-256 signatures can be validated through the interception. 20 // Although this is only needed on legacy platforms, the test is run on all 21 // Windows platforms to make sure that the CryptoAPI<->NSS integration does not 22 // regress. 23 TEST(Sha256Interception, HandlesSHA2) { 24 base::FilePath certs_dir = GetTestCertsDirectory(); 25 26 scoped_refptr<X509Certificate> server_cert = 27 ImportCertFromFile(certs_dir, "sha256.pem"); 28 ASSERT_NE(static_cast<X509Certificate*>(NULL), server_cert.get()); 29 30 CryptVerifyCertificateSignatureExFunc cert_verify_signature_ptr = 31 reinterpret_cast<CryptVerifyCertificateSignatureExFunc>( 32 ::GetProcAddress(::GetModuleHandle(L"crypt32.dll"), 33 "CryptVerifyCertificateSignatureEx")); 34 ASSERT_TRUE(cert_verify_signature_ptr); 35 36 BOOL rv = CryptVerifyCertificateSignatureExHook( 37 cert_verify_signature_ptr, NULL, X509_ASN_ENCODING, 38 CRYPT_VERIFY_CERT_SIGN_SUBJECT_CERT, 39 const_cast<void*>(reinterpret_cast<const void*>( 40 server_cert->os_cert_handle())), 41 CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT, 42 const_cast<void*>(reinterpret_cast<const void*>( 43 server_cert->os_cert_handle())), 44 0, NULL); 45 EXPECT_EQ(TRUE, rv); 46 } 47 48 } // namespace 49 50 } // namespace sha256_interception 51 52 } // namespace net