Do not perform online revocation checking when the user has explicitly disabled it, except for when…

net/base/ev_root_ca_metadata_unittest.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/base/ev_root_ca_metadata.h"
 
 #include "net/base/cert_test_util.h"
 #include "net/base/x509_cert_types.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
+#if defined(USE_NSS)
+#include "crypto/scoped_nss_types.h"
+#endif
+
 namespace net {
 
+namespace {
+
 static const char kVerisignPolicy[] = "2.16.840.1.113733.1.7.23.6";
 static const char kThawtePolicy[] = "2.16.840.1.113733.1.7.48.1";
 static const char kFakePolicy[] = "2.16.840.1.42";
 static const SHA1Fingerprint kVerisignFingerprint =
     { { 0x74, 0x2c, 0x31, 0x92, 0xe6, 0x07, 0xe4, 0x24, 0xeb, 0x45,
         0x49, 0x54, 0x2b, 0xe1, 0xbb, 0xc5, 0x3e, 0x61, 0x74, 0xe2 } };
 static const SHA1Fingerprint kFakeFingerprint =
     { { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99,
         0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99 } };
 
+#if defined(USE_NSS) || defined(OS_WIN)
+class EVOidData {
+ public:
+  EVOidData();
+  bool Init();
+
+  EVRootCAMetadata::PolicyOID verisign_policy;
+  EVRootCAMetadata::PolicyOID thawte_policy;
+  EVRootCAMetadata::PolicyOID fake_policy;
+};
+
+#endif  // defined(USE_NSS) || defined(OS_WIN)
+
 #if defined(USE_NSS)
 
-TEST(EVRootCAMetadataTest, Basic) {
-  EVRootCAMetadata* ev_metadata(EVRootCAMetadata::GetInstance());
-  std::vector<EVRootCAMetadata::PolicyOID> oids;
+SECOidTag RegisterOID(PLArenaPool* arena, const char* const oid_string) {

[wtc, 2012/08/16 23:17:39]

If you declare 'oid_string' as
    const char* const oid_string
it seems that you should also declare 'arena' as
    PLArenaPool* const arena

[Ryan Sleevi, 2012/08/16 23:26:31]

The "const char* const" was just to allow the compiler to keep
kVerisignPolicy/kThawtePolicy/kFakePolicy in the .data section.

If it was "const char*", GCC doesn't behave as intelligently.

[wtc, 2012/08/16 23:40:45]

'oid_string' is a function argument.  Why does the type
    const char* oid_string
prevent kVerisignPolicy/kThawtePolicy/kFakePolicy from
being put in the .data section?  When we call
    RegisterOID(pool.get(), kVerisignPolicy)
the value of &kVerisignPolicy[0] is passed as the second
argument.  It should not matter whether kVerisignPolicy is
in the .data section or not.

[Ryan Sleevi, 2012/08/16 23:55:30]

Ah, right, I'm conditioned from thinking of it when declaring variables.
Changed, as either way it doesn't really matter for the unit test.

+  SECOidData oid_data;
+  memset(&oid_data, 0, sizeof(oid_data));
+  oid_data.offset = SEC_OID_UNKNOWN;
+  oid_data.desc = oid_string;
+  oid_data.mechanism = CKM_INVALID_MECHANISM;
+  oid_data.supportedExtension = INVALID_CERT_EXTENSION;
 
-  EXPECT_TRUE(ev_metadata->GetPolicyOIDsForCA(kVerisignFingerprint, &oids));
-  EXPECT_LT(0u, oids.size());
-  oids.clear();
+  SECStatus rv = SEC_StringToOID(arena, &oid_data.oid, oid_string, 0);
+  if (rv != SECSuccess)
+    return SEC_OID_UNKNOWN;
 
-  EXPECT_FALSE(ev_metadata->GetPolicyOIDsForCA(kFakeFingerprint, &oids));
-  EXPECT_EQ(0u, oids.size());
+  return SECOID_AddEntry(&oid_data);
 }
 
-TEST(EVRootCAMetadataTest, AddRemove) {
+EVOidData::EVOidData()
+    : verisign_policy(SEC_OID_UNKNOWN),
+      thawte_policy(SEC_OID_UNKNOWN),
+      fake_policy(SEC_OID_UNKNOWN) {
+}
+
+bool EVOidData::Init() {
+  crypto::ScopedPLArenaPool pool(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
+  if (!pool.get())
+    return false;
+
+  verisign_policy = RegisterOID(pool.get(), kVerisignPolicy);
+  thawte_policy = RegisterOID(pool.get(), kThawtePolicy);
+  fake_policy = RegisterOID(pool.get(), kFakePolicy);
+
+  return verisign_policy != SEC_OID_UNKNOWN &&
+         thawte_policy != SEC_OID_UNKNOWN &&
+         fake_policy != SEC_OID_UNKNOWN;
+}
+
+#elif defined(OS_WIN)
+
+EVOidData::EVOidData()
+    : verisign_policy(kVerisignPolicy),
+      thawte_policy(kThawtePolicy),
+      fake_policy(kFakePolicy) {
+}
+
+bool EVOidData::Init() {
+  return true;
+}
+
+#endif
+
+#if defined(USE_NSS) || defined(OS_WIN)
+
+class EVRootCAMetadataTest : public testing::Test {
+ protected:
+  virtual void SetUp() OVERRIDE {
+    ASSERT_TRUE(ev_oid_data.Init());
+  }
+
+  EVOidData ev_oid_data;
+};
+
+TEST_F(EVRootCAMetadataTest, Basic) {
   EVRootCAMetadata* ev_metadata(EVRootCAMetadata::GetInstance());
-  std::vector<EVRootCAMetadata::PolicyOID> oids;
 
-  EXPECT_FALSE(ev_metadata->GetPolicyOIDsForCA(kFakeFingerprint, &oids));
+  EXPECT_TRUE(ev_metadata->IsEVPolicyOID(ev_oid_data.verisign_policy));
+  EXPECT_FALSE(ev_metadata->IsEVPolicyOID(ev_oid_data.fake_policy));
+  EXPECT_TRUE(ev_metadata->HasEVPolicyOID(kVerisignFingerprint,
+                                          ev_oid_data.verisign_policy));
+  EXPECT_FALSE(ev_metadata->HasEVPolicyOID(kFakeFingerprint,
+                                           ev_oid_data.verisign_policy));
+  EXPECT_FALSE(ev_metadata->HasEVPolicyOID(kVerisignFingerprint,
+                                           ev_oid_data.fake_policy));
+  EXPECT_FALSE(ev_metadata->HasEVPolicyOID(kVerisignFingerprint,
+                                           ev_oid_data.thawte_policy));
+}
+
+TEST_F(EVRootCAMetadataTest, AddRemove) {
+  EVRootCAMetadata* ev_metadata(EVRootCAMetadata::GetInstance());
+
+  EXPECT_FALSE(ev_metadata->IsEVPolicyOID(ev_oid_data.fake_policy));
+  EXPECT_FALSE(ev_metadata->HasEVPolicyOID(kFakeFingerprint,
+                                           ev_oid_data.fake_policy));
 
   {
     ScopedTestEVPolicy test_ev_policy(ev_metadata, kFakeFingerprint,
                                       kFakePolicy);
 
-    EXPECT_TRUE(ev_metadata->GetPolicyOIDsForCA(kFakeFingerprint, &oids));
-    EXPECT_EQ(1u, oids.size());
+    EXPECT_TRUE(ev_metadata->IsEVPolicyOID(ev_oid_data.fake_policy));
+    EXPECT_TRUE(ev_metadata->HasEVPolicyOID(kFakeFingerprint,
+                                            ev_oid_data.fake_policy));
   }
 
-  EXPECT_FALSE(ev_metadata->GetPolicyOIDsForCA(kFakeFingerprint, &oids));
+  EXPECT_FALSE(ev_metadata->IsEVPolicyOID(ev_oid_data.fake_policy));
+  EXPECT_FALSE(ev_metadata->HasEVPolicyOID(kFakeFingerprint,
+                                           ev_oid_data.fake_policy));
 }
 
-#elif defined(OS_WIN)
+#endif  // defined(USE_NSS) || defined(OS_WIN)
 
-TEST(EVRootCAMetadataTest, Basic) {
-  EVRootCAMetadata* ev_metadata(EVRootCAMetadata::GetInstance());
-
-  EXPECT_TRUE(ev_metadata->IsEVPolicyOID(kVerisignPolicy));
-  EXPECT_FALSE(ev_metadata->IsEVPolicyOID(kFakePolicy));
-  EXPECT_TRUE(ev_metadata->HasEVPolicyOID(kVerisignFingerprint,
-                                          kVerisignPolicy));
-  EXPECT_FALSE(ev_metadata->HasEVPolicyOID(kFakeFingerprint,
-                                           kVerisignPolicy));
-  EXPECT_FALSE(ev_metadata->HasEVPolicyOID(kVerisignFingerprint,
-                                           kFakePolicy));
-  EXPECT_FALSE(ev_metadata->HasEVPolicyOID(kVerisignFingerprint,
-                                           kThawtePolicy));
-}
-
-TEST(EVRootCAMetadataTest, AddRemove) {
-  EVRootCAMetadata* ev_metadata(EVRootCAMetadata::GetInstance());
-
-  EXPECT_FALSE(ev_metadata->IsEVPolicyOID(kFakePolicy));
-  EXPECT_FALSE(ev_metadata->HasEVPolicyOID(kFakeFingerprint,
-                                           kFakePolicy));
-
-  {
-    ScopedTestEVPolicy test_ev_policy(ev_metadata, kFakeFingerprint,
-                                      kFakePolicy);
-
-    EXPECT_TRUE(ev_metadata->IsEVPolicyOID(kFakePolicy));
-    EXPECT_TRUE(ev_metadata->HasEVPolicyOID(kFakeFingerprint,
-                                            kFakePolicy));
-  }
-
-  EXPECT_FALSE(ev_metadata->IsEVPolicyOID(kFakePolicy));
-  EXPECT_FALSE(ev_metadata->HasEVPolicyOID(kFakeFingerprint,
-                                           kFakePolicy));
-}
-
-#endif // defined(OS_WIN)
+}  // namespace
 
 }  // namespace net