1// Copyright 2014 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "net/cert/sha256_legacy_support_win.h" 6 7#include "base/memory/ref_counted.h" 8#include "net/base/test_data_directory.h" 9#include "net/cert/x509_certificate.h" 10#include "net/test/cert_test_util.h" 11#include "testing/gtest/include/gtest/gtest.h" 12 13namespace net { 14 15namespace sha256_interception { 16 17namespace { 18 19// Verifies that SHA-256 signatures can be validated through the interception. 20// Although this is only needed on legacy platforms, the test is run on all 21// Windows platforms to make sure that the CryptoAPI<->NSS integration does not 22// regress. 23TEST(Sha256Interception, HandlesSHA2) { 24 base::FilePath certs_dir = GetTestCertsDirectory(); 25 26 scoped_refptr<X509Certificate> server_cert = 27 ImportCertFromFile(certs_dir, "sha256.pem"); 28 ASSERT_NE(static_cast<X509Certificate*>(NULL), server_cert.get()); 29 30 CryptVerifyCertificateSignatureExFunc cert_verify_signature_ptr = 31 reinterpret_cast<CryptVerifyCertificateSignatureExFunc>( 32 ::GetProcAddress(::GetModuleHandle(L"crypt32.dll"), 33 "CryptVerifyCertificateSignatureEx")); 34 ASSERT_TRUE(cert_verify_signature_ptr); 35 36 BOOL rv = CryptVerifyCertificateSignatureExHook( 37 cert_verify_signature_ptr, NULL, X509_ASN_ENCODING, 38 CRYPT_VERIFY_CERT_SIGN_SUBJECT_CERT, 39 const_cast<void*>(reinterpret_cast<const void*>( 40 server_cert->os_cert_handle())), 41 CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT, 42 const_cast<void*>(reinterpret_cast<const void*>( 43 server_cert->os_cert_handle())), 44 0, NULL); 45 EXPECT_EQ(TRUE, rv); 46} 47 48} // namespace 49 50} // namespace sha256_interception 51 52} // namespace net