| Index: net/base/x509_certificate_unittest.cc
|
| diff --git a/net/base/x509_certificate_unittest.cc b/net/base/x509_certificate_unittest.cc
|
| index 2968c0ad8d617777cc78a963d61e1ef44338fb0a..6a4c5b6dc583dc42e2c55d161586d1a6bbd75f3f 100644
|
| --- a/net/base/x509_certificate_unittest.cc
|
| +++ b/net/base/x509_certificate_unittest.cc
|
| @@ -234,19 +234,25 @@ void CheckGoogleCert(const scoped_refptr<X509Certificate>& google_cert,
|
| google_cert->GetDNSNames(&dns_names);
|
| ASSERT_EQ(1U, dns_names.size());
|
| EXPECT_EQ("www.google.com", dns_names[0]);
|
| -
|
| -#if TEST_EV
|
| - // TODO(avi): turn this on for the Mac once EV checking is implemented.
|
| - CertVerifyResult verify_result;
|
| - int flags = X509Certificate::VERIFY_REV_CHECKING_ENABLED |
|
| - X509Certificate::VERIFY_EV_CERT;
|
| - EXPECT_EQ(OK, google_cert->Verify("www.google.com", flags, NULL,
|
| - &verify_result);
|
| - EXPECT_FALSE(verify_result.cert_status & CERT_STATUS_IS_EV);
|
| -#endif
|
| }
|
|
|
| -TEST(X509CertificateTest, GoogleCertParsing) {
|
| +// TODO(rsleevi): Temporary fixture while refactoring http://crbug.com/114343
|
| +class X509CertificateTest : public testing::Test {
|
| + public:
|
| + X509CertificateTest() {}
|
| + virtual ~X509CertificateTest() {}
|
| +
|
| + protected:
|
| + int Verify(X509Certificate* cert,
|
| + const std::string& hostname,
|
| + int flags,
|
| + CRLSet* crl_set,
|
| + CertVerifyResult* verify_result) {
|
| + return cert->Verify(hostname, flags, crl_set, verify_result);
|
| + }
|
| +};
|
| +
|
| +TEST_F(X509CertificateTest, GoogleCertParsing) {
|
| scoped_refptr<X509Certificate> google_cert(
|
| X509Certificate::CreateFromBytes(
|
| reinterpret_cast<const char*>(google_der), sizeof(google_der)));
|
| @@ -256,7 +262,7 @@ TEST(X509CertificateTest, GoogleCertParsing) {
|
| 1269728407); // Mar 27 22:20:07 2010 GMT
|
| }
|
|
|
| -TEST(X509CertificateTest, WebkitCertParsing) {
|
| +TEST_F(X509CertificateTest, WebkitCertParsing) {
|
| scoped_refptr<X509Certificate> webkit_cert(X509Certificate::CreateFromBytes(
|
| reinterpret_cast<const char*>(webkit_der), sizeof(webkit_der)));
|
|
|
| @@ -319,7 +325,7 @@ TEST(X509CertificateTest, WebkitCertParsing) {
|
| EXPECT_FALSE(webkit_cert->VerifyNameMatch("www.foo.webkit.com"));
|
| }
|
|
|
| -TEST(X509CertificateTest, WithoutRevocationChecking) {
|
| +TEST_F(X509CertificateTest, WithoutRevocationChecking) {
|
| // Check that verification without revocation checking works.
|
| CertificateList certs = CreateCertificateListFromFile(
|
| GetTestCertsDirectory(),
|
| @@ -334,11 +340,11 @@ TEST(X509CertificateTest, WithoutRevocationChecking) {
|
| intermediates);
|
|
|
| CertVerifyResult verify_result;
|
| - EXPECT_EQ(OK, google_full_chain->Verify("www.google.com", 0 /* flags */, NULL,
|
| - &verify_result));
|
| + EXPECT_EQ(OK, Verify(google_full_chain, "www.google.com", 0 /* flags */, NULL,
|
| + &verify_result));
|
| }
|
|
|
| -TEST(X509CertificateTest, ThawteCertParsing) {
|
| +TEST_F(X509CertificateTest, ThawteCertParsing) {
|
| scoped_refptr<X509Certificate> thawte_cert(X509Certificate::CreateFromBytes(
|
| reinterpret_cast<const char*>(thawte_der), sizeof(thawte_der)));
|
|
|
| @@ -389,14 +395,14 @@ TEST(X509CertificateTest, ThawteCertParsing) {
|
| X509Certificate::VERIFY_EV_CERT;
|
| CertVerifyResult verify_result;
|
| // EV cert verification requires revocation checking.
|
| - EXPECT_EQ(OK, thawte_cert->Verify("www.thawte.com", flags, NULL,
|
| - &verify_result);
|
| + EXPECT_EQ(OK, Verify(thawte_cert, "www.thawte.com", flags, NULL,
|
| + &verify_result);
|
| EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_IS_EV);
|
| // Consequently, if we don't have revocation checking enabled, we can't claim
|
| // any cert is EV.
|
| flags = X509Certificate::VERIFY_EV_CERT;
|
| - EXPECT_EQ(OK, thawte_cert->Verify("www.thawte.com", flags, NULL,
|
| - &verify_result));
|
| + EXPECT_EQ(OK, Verify(thawte_cert, "www.thawte.com", flags, NULL,
|
| + &verify_result));
|
| EXPECT_FALSE(verify_result.cert_status & CERT_STATUS_IS_EV);
|
| #endif
|
| }
|
| @@ -405,7 +411,7 @@ TEST(X509CertificateTest, ThawteCertParsing) {
|
| // a single RelativeDistinguishedName is present. "Normally" there is only
|
| // one AVA per RDN, but some CAs place all AVAs within a single RDN.
|
| // This is a regression test for http://crbug.com/101009
|
| -TEST(X509CertificateTest, MultivalueRDN) {
|
| +TEST_F(X509CertificateTest, MultivalueRDN) {
|
| FilePath certs_dir = GetTestCertsDirectory();
|
|
|
| scoped_refptr<X509Certificate> multivalue_rdn_cert =
|
| @@ -429,7 +435,7 @@ TEST(X509CertificateTest, MultivalueRDN) {
|
| // Test that characters which would normally be escaped in the string form,
|
| // such as '=' or '"', are not escaped when parsed as individual components.
|
| // This is a regression test for http://crbug.com/102839
|
| -TEST(X509CertificateTest, UnescapedSpecialCharacters) {
|
| +TEST_F(X509CertificateTest, UnescapedSpecialCharacters) {
|
| FilePath certs_dir = GetTestCertsDirectory();
|
|
|
| scoped_refptr<X509Certificate> unescaped_cert =
|
| @@ -451,7 +457,7 @@ TEST(X509CertificateTest, UnescapedSpecialCharacters) {
|
| EXPECT_EQ(0U, subject.domain_components.size());
|
| }
|
|
|
| -TEST(X509CertificateTest, PaypalNullCertParsing) {
|
| +TEST_F(X509CertificateTest, PaypalNullCertParsing) {
|
| scoped_refptr<X509Certificate> paypal_null_cert(
|
| X509Certificate::CreateFromBytes(
|
| reinterpret_cast<const char*>(paypal_null_der),
|
| @@ -466,8 +472,8 @@ TEST(X509CertificateTest, PaypalNullCertParsing) {
|
|
|
| int flags = 0;
|
| CertVerifyResult verify_result;
|
| - int error = paypal_null_cert->Verify("www.paypal.com", flags, NULL,
|
| - &verify_result);
|
| + int error = Verify(paypal_null_cert, "www.paypal.com", flags, NULL,
|
| + &verify_result);
|
| #if defined(USE_OPENSSL) || defined(OS_MACOSX) || defined(OS_WIN)
|
| // TOOD(bulach): investigate why macosx and win aren't returning
|
| // ERR_CERT_INVALID or ERR_CERT_COMMON_NAME_INVALID.
|
| @@ -484,7 +490,7 @@ TEST(X509CertificateTest, PaypalNullCertParsing) {
|
| #endif
|
| }
|
|
|
| -TEST(X509CertificateTest, SerialNumbers) {
|
| +TEST_F(X509CertificateTest, SerialNumbers) {
|
| scoped_refptr<X509Certificate> google_cert(
|
| X509Certificate::CreateFromBytes(
|
| reinterpret_cast<const char*>(google_der), sizeof(google_der)));
|
| @@ -512,7 +518,7 @@ TEST(X509CertificateTest, SerialNumbers) {
|
| paypal_null_serial, sizeof(paypal_null_serial)) == 0);
|
| }
|
|
|
| -TEST(X509CertificateTest, CAFingerprints) {
|
| +TEST_F(X509CertificateTest, CAFingerprints) {
|
| FilePath certs_dir = GetTestCertsDirectory();
|
|
|
| scoped_refptr<X509Certificate> server_cert =
|
| @@ -570,7 +576,7 @@ TEST(X509CertificateTest, CAFingerprints) {
|
| // This certificate will expire on 2012-04-08. The test will still
|
| // pass if error == ERR_CERT_DATE_INVALID. TODO(wtc): generate test
|
| // certificates for this unit test. http://crbug.com/111742
|
| -TEST(X509CertificateTest, IntermediateCARequireExplicitPolicy) {
|
| +TEST_F(X509CertificateTest, IntermediateCARequireExplicitPolicy) {
|
| FilePath certs_dir = GetTestCertsDirectory();
|
|
|
| scoped_refptr<X509Certificate> server_cert =
|
| @@ -595,8 +601,8 @@ TEST(X509CertificateTest, IntermediateCARequireExplicitPolicy) {
|
|
|
| int flags = 0;
|
| CertVerifyResult verify_result;
|
| - int error = cert_chain->Verify("www.us.army.mil", flags, NULL,
|
| - &verify_result);
|
| + int error = Verify(cert_chain, "www.us.army.mil", flags, NULL,
|
| + &verify_result);
|
| if (error == OK) {
|
| EXPECT_EQ(0U, verify_result.cert_status);
|
| } else {
|
| @@ -615,7 +621,7 @@ TEST(X509CertificateTest, IntermediateCARequireExplicitPolicy) {
|
| // unit tests, the call to PKIXVerifyCert returns the NSS error -8180, which is
|
| // SEC_ERROR_REVOKED_CERTIFICATE. This indicates a lack of revocation
|
| // status, i.e. that the revocation check is failing for some reason.
|
| -TEST(X509CertificateTest, DISABLED_GlobalSignR3EVTest) {
|
| +TEST_F(X509CertificateTest, DISABLED_GlobalSignR3EVTest) {
|
| FilePath certs_dir = GetTestCertsDirectory();
|
|
|
| scoped_refptr<X509Certificate> server_cert =
|
| @@ -635,8 +641,8 @@ TEST(X509CertificateTest, DISABLED_GlobalSignR3EVTest) {
|
| CertVerifyResult verify_result;
|
| int flags = X509Certificate::VERIFY_REV_CHECKING_ENABLED |
|
| X509Certificate::VERIFY_EV_CERT;
|
| - int error = cert_chain->Verify("2029.globalsign.com", flags, NULL,
|
| - &verify_result);
|
| + int error = Verify(cert_chain, "2029.globalsign.com", flags, NULL,
|
| + &verify_result);
|
| if (error == OK)
|
| EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_IS_EV);
|
| else
|
| @@ -659,7 +665,7 @@ static bool IsWeakKeyType(const std::string& key_type) {
|
| return false;
|
| }
|
|
|
| -TEST(X509CertificateTest, RejectWeakKeys) {
|
| +TEST_F(X509CertificateTest, RejectWeakKeys) {
|
| FilePath certs_dir = GetTestCertsDirectory();
|
| typedef std::vector<std::string> Strings;
|
| Strings key_types;
|
| @@ -711,7 +717,7 @@ TEST(X509CertificateTest, RejectWeakKeys) {
|
| intermediates);
|
|
|
| CertVerifyResult verify_result;
|
| - int error = cert_chain->Verify("127.0.0.1", 0, NULL, &verify_result);
|
| + int error = Verify(cert_chain, "127.0.0.1", 0, NULL, &verify_result);
|
|
|
| if (IsWeakKeyType(*ee_type) || IsWeakKeyType(*signer_type)) {
|
| EXPECT_NE(OK, error);
|
| @@ -731,7 +737,7 @@ TEST(X509CertificateTest, RejectWeakKeys) {
|
| // The certificate will expire on 2012-07-20. The test will still
|
| // pass if error == ERR_CERT_DATE_INVALID. TODO(rsleevi): generate test
|
| // certificates for this unit test. http://crbug.com/111730
|
| -TEST(X509CertificateTest, ExtraneousMD5RootCert) {
|
| +TEST_F(X509CertificateTest, ExtraneousMD5RootCert) {
|
| FilePath certs_dir = GetTestCertsDirectory();
|
|
|
| scoped_refptr<X509Certificate> server_cert =
|
| @@ -755,8 +761,8 @@ TEST(X509CertificateTest, ExtraneousMD5RootCert) {
|
|
|
| CertVerifyResult verify_result;
|
| int flags = 0;
|
| - int error = cert_chain->Verify("images.etrade.wallst.com", flags, NULL,
|
| - &verify_result);
|
| + int error = Verify(cert_chain, "images.etrade.wallst.com", flags, NULL,
|
| + &verify_result);
|
| if (error != OK)
|
| EXPECT_EQ(ERR_CERT_DATE_INVALID, error);
|
|
|
| @@ -765,7 +771,7 @@ TEST(X509CertificateTest, ExtraneousMD5RootCert) {
|
| }
|
|
|
| // Test for bug 94673.
|
| -TEST(X509CertificateTest, GoogleDigiNotarTest) {
|
| +TEST_F(X509CertificateTest, GoogleDigiNotarTest) {
|
| FilePath certs_dir = GetTestCertsDirectory();
|
|
|
| scoped_refptr<X509Certificate> server_cert =
|
| @@ -784,18 +790,18 @@ TEST(X509CertificateTest, GoogleDigiNotarTest) {
|
|
|
| CertVerifyResult verify_result;
|
| int flags = X509Certificate::VERIFY_REV_CHECKING_ENABLED;
|
| - int error = cert_chain->Verify("mail.google.com", flags, NULL,
|
| - &verify_result);
|
| + int error = Verify(cert_chain, "mail.google.com", flags, NULL,
|
| + &verify_result);
|
| EXPECT_NE(OK, error);
|
|
|
| // Now turn off revocation checking. Certificate verification should still
|
| // fail.
|
| flags = 0;
|
| - error = cert_chain->Verify("mail.google.com", flags, NULL, &verify_result);
|
| + error = Verify(cert_chain, "mail.google.com", flags, NULL, &verify_result);
|
| EXPECT_NE(OK, error);
|
| }
|
|
|
| -TEST(X509CertificateTest, DigiNotarCerts) {
|
| +TEST_F(X509CertificateTest, DigiNotarCerts) {
|
| static const char* const kDigiNotarFilenames[] = {
|
| "diginotar_root_ca.pem",
|
| "diginotar_cyber_ca.pem",
|
| @@ -831,7 +837,7 @@ TEST(X509CertificateTest, DigiNotarCerts) {
|
| }
|
|
|
| // Bug 111893: This test needs a new certificate.
|
| -TEST(X509CertificateTest, DISABLED_TestKnownRoot) {
|
| +TEST_F(X509CertificateTest, DISABLED_TestKnownRoot) {
|
| FilePath certs_dir = GetTestCertsDirectory();
|
| scoped_refptr<X509Certificate> cert =
|
| ImportCertFromFile(certs_dir, "nist.der");
|
| @@ -853,7 +859,7 @@ TEST(X509CertificateTest, DISABLED_TestKnownRoot) {
|
| CertVerifyResult verify_result;
|
| // This is going to blow up in Feb 2012. Sorry! Disable and file a bug
|
| // against agl. Also see PublicKeyHashes in this file.
|
| - int error = cert_chain->Verify("www.nist.gov", flags, NULL, &verify_result);
|
| + int error = Verify(cert_chain, "www.nist.gov", flags, NULL, &verify_result);
|
| EXPECT_EQ(OK, error);
|
| EXPECT_EQ(0U, verify_result.cert_status);
|
| EXPECT_TRUE(verify_result.is_issued_by_known_root);
|
| @@ -864,7 +870,7 @@ static const char nistSPKIHash[] =
|
| "\x15\x60\xde\x65\x4e\x03\x9f\xd0\x08\x82"
|
| "\xa9\x6a\xc4\x65\x8e\x6f\x92\x06\x84\x35";
|
|
|
| -TEST(X509CertificateTest, ExtractSPKIFromDERCert) {
|
| +TEST_F(X509CertificateTest, ExtractSPKIFromDERCert) {
|
| FilePath certs_dir = GetTestCertsDirectory();
|
| scoped_refptr<X509Certificate> cert =
|
| ImportCertFromFile(certs_dir, "nist.der");
|
| @@ -884,7 +890,7 @@ TEST(X509CertificateTest, ExtractSPKIFromDERCert) {
|
| EXPECT_EQ(0, memcmp(hash, nistSPKIHash, sizeof(hash)));
|
| }
|
|
|
| -TEST(X509CertificateTest, ExtractCRLURLsFromDERCert) {
|
| +TEST_F(X509CertificateTest, ExtractCRLURLsFromDERCert) {
|
| FilePath certs_dir = GetTestCertsDirectory();
|
| scoped_refptr<X509Certificate> cert =
|
| ImportCertFromFile(certs_dir, "nist.der");
|
| @@ -905,7 +911,7 @@ TEST(X509CertificateTest, ExtractCRLURLsFromDERCert) {
|
| }
|
|
|
| // Bug 111893: This test needs a new certificate.
|
| -TEST(X509CertificateTest, DISABLED_PublicKeyHashes) {
|
| +TEST_F(X509CertificateTest, DISABLED_PublicKeyHashes) {
|
| FilePath certs_dir = GetTestCertsDirectory();
|
| // This is going to blow up in Feb 2012. Sorry! Disable and file a bug
|
| // against agl. Also see TestKnownRoot in this file.
|
| @@ -930,7 +936,7 @@ TEST(X509CertificateTest, DISABLED_PublicKeyHashes) {
|
| int flags = 0;
|
| CertVerifyResult verify_result;
|
|
|
| - int error = cert_chain->Verify("www.nist.gov", flags, NULL, &verify_result);
|
| + int error = Verify(cert_chain, "www.nist.gov", flags, NULL, &verify_result);
|
| EXPECT_EQ(OK, error);
|
| EXPECT_EQ(0U, verify_result.cert_status);
|
| ASSERT_LE(2u, verify_result.public_key_hashes.size());
|
| @@ -945,7 +951,7 @@ TEST(X509CertificateTest, DISABLED_PublicKeyHashes) {
|
| // A regression test for http://crbug.com/70293.
|
| // The Key Usage extension in this RSA SSL server certificate does not have
|
| // the keyEncipherment bit.
|
| -TEST(X509CertificateTest, InvalidKeyUsage) {
|
| +TEST_F(X509CertificateTest, InvalidKeyUsage) {
|
| FilePath certs_dir = GetTestCertsDirectory();
|
|
|
| scoped_refptr<X509Certificate> server_cert =
|
| @@ -954,8 +960,8 @@ TEST(X509CertificateTest, InvalidKeyUsage) {
|
|
|
| int flags = 0;
|
| CertVerifyResult verify_result;
|
| - int error = server_cert->Verify("jira.aquameta.com", flags, NULL,
|
| - &verify_result);
|
| + int error = Verify(server_cert, "jira.aquameta.com", flags, NULL,
|
| + &verify_result);
|
| #if defined(USE_OPENSSL)
|
| // This certificate has two errors: "invalid key usage" and "untrusted CA".
|
| // However, OpenSSL returns only one (the latter), and we can't detect
|
| @@ -976,7 +982,7 @@ TEST(X509CertificateTest, InvalidKeyUsage) {
|
| // Tests X509CertificateCache via X509Certificate::CreateFromHandle. We
|
| // call X509Certificate::CreateFromHandle several times and observe whether
|
| // it returns a cached or new OSCertHandle.
|
| -TEST(X509CertificateTest, Cache) {
|
| +TEST_F(X509CertificateTest, Cache) {
|
| X509Certificate::OSCertHandle google_cert_handle;
|
| X509Certificate::OSCertHandle thawte_cert_handle;
|
|
|
| @@ -1023,7 +1029,7 @@ TEST(X509CertificateTest, Cache) {
|
| cert3->GetIntermediateCertificates().size());
|
| }
|
|
|
| -TEST(X509CertificateTest, Pickle) {
|
| +TEST_F(X509CertificateTest, Pickle) {
|
| X509Certificate::OSCertHandle google_cert_handle =
|
| X509Certificate::CreateOSCertHandleFromBytes(
|
| reinterpret_cast<const char*>(google_der), sizeof(google_der));
|
| @@ -1061,7 +1067,7 @@ TEST(X509CertificateTest, Pickle) {
|
| }
|
| }
|
|
|
| -TEST(X509CertificateTest, Policy) {
|
| +TEST_F(X509CertificateTest, Policy) {
|
| scoped_refptr<X509Certificate> google_cert(X509Certificate::CreateFromBytes(
|
| reinterpret_cast<const char*>(google_der), sizeof(google_der)));
|
|
|
| @@ -1097,7 +1103,7 @@ TEST(X509CertificateTest, Policy) {
|
| EXPECT_TRUE(policy.HasDeniedCert());
|
| }
|
|
|
| -TEST(X509CertificateTest, IntermediateCertificates) {
|
| +TEST_F(X509CertificateTest, IntermediateCertificates) {
|
| scoped_refptr<X509Certificate> webkit_cert(
|
| X509Certificate::CreateFromBytes(
|
| reinterpret_cast<const char*>(webkit_der), sizeof(webkit_der)));
|
| @@ -1141,7 +1147,7 @@ TEST(X509CertificateTest, IntermediateCertificates) {
|
| // of the certificate to be verified. The remaining VerifyReturn* tests are
|
| // used to ensure that the actual, verified chain is being returned by
|
| // Verify().
|
| -TEST(X509CertificateTest, VerifyReturnChainBasic) {
|
| +TEST_F(X509CertificateTest, VerifyReturnChainBasic) {
|
| FilePath certs_dir = GetTestCertsDirectory();
|
| CertificateList certs = CreateCertificateListFromFile(
|
| certs_dir, "x509_verify_results.chain.pem",
|
| @@ -1162,7 +1168,7 @@ TEST(X509CertificateTest, VerifyReturnChainBasic) {
|
|
|
| CertVerifyResult verify_result;
|
| EXPECT_EQ(static_cast<X509Certificate*>(NULL), verify_result.verified_cert);
|
| - int error = google_full_chain->Verify("127.0.0.1", 0, NULL, &verify_result);
|
| + int error = Verify(google_full_chain, "127.0.0.1", 0, NULL, &verify_result);
|
| EXPECT_EQ(OK, error);
|
| ASSERT_NE(static_cast<X509Certificate*>(NULL), verify_result.verified_cert);
|
|
|
| @@ -1186,7 +1192,7 @@ TEST(X509CertificateTest, VerifyReturnChainBasic) {
|
| // a protocol violation if sent during a TLS handshake, if multiple sources
|
| // of intermediate certificates are combined, it's possible that order may
|
| // not be maintained.
|
| -TEST(X509CertificateTest, VerifyReturnChainProperlyOrdered) {
|
| +TEST_F(X509CertificateTest, VerifyReturnChainProperlyOrdered) {
|
| FilePath certs_dir = GetTestCertsDirectory();
|
| CertificateList certs = CreateCertificateListFromFile(
|
| certs_dir, "x509_verify_results.chain.pem",
|
| @@ -1208,7 +1214,7 @@ TEST(X509CertificateTest, VerifyReturnChainProperlyOrdered) {
|
|
|
| CertVerifyResult verify_result;
|
| EXPECT_EQ(static_cast<X509Certificate*>(NULL), verify_result.verified_cert);
|
| - int error = google_full_chain->Verify("127.0.0.1", 0, NULL, &verify_result);
|
| + int error = Verify(google_full_chain, "127.0.0.1", 0, NULL, &verify_result);
|
| EXPECT_EQ(OK, error);
|
| ASSERT_NE(static_cast<X509Certificate*>(NULL), verify_result.verified_cert);
|
|
|
| @@ -1229,7 +1235,7 @@ TEST(X509CertificateTest, VerifyReturnChainProperlyOrdered) {
|
|
|
| // Test that Verify() filters out certificates which are not related to
|
| // or part of the certificate chain being verified.
|
| -TEST(X509CertificateTest, VerifyReturnChainFiltersUnrelatedCerts) {
|
| +TEST_F(X509CertificateTest, VerifyReturnChainFiltersUnrelatedCerts) {
|
| FilePath certs_dir = GetTestCertsDirectory();
|
| CertificateList certs = CreateCertificateListFromFile(
|
| certs_dir, "x509_verify_results.chain.pem",
|
| @@ -1259,7 +1265,7 @@ TEST(X509CertificateTest, VerifyReturnChainFiltersUnrelatedCerts) {
|
|
|
| CertVerifyResult verify_result;
|
| EXPECT_EQ(static_cast<X509Certificate*>(NULL), verify_result.verified_cert);
|
| - int error = google_full_chain->Verify("127.0.0.1", 0, NULL, &verify_result);
|
| + int error = Verify(google_full_chain, "127.0.0.1", 0, NULL, &verify_result);
|
| EXPECT_EQ(OK, error);
|
| ASSERT_NE(static_cast<X509Certificate*>(NULL), verify_result.verified_cert);
|
|
|
| @@ -1278,7 +1284,7 @@ TEST(X509CertificateTest, VerifyReturnChainFiltersUnrelatedCerts) {
|
| }
|
|
|
| #if defined(OS_MACOSX)
|
| -TEST(X509CertificateTest, IsIssuedBy) {
|
| +TEST_F(X509CertificateTest, IsIssuedBy) {
|
| FilePath certs_dir = GetTestCertsDirectory();
|
|
|
| // Test a client certificate from MIT.
|
| @@ -1327,7 +1333,7 @@ TEST(X509CertificateTest, IsIssuedBy) {
|
| #if defined(USE_NSS) || defined(OS_WIN) || defined(OS_MACOSX)
|
| // This test creates a self-signed cert from a private key and then verify the
|
| // content of the certificate.
|
| -TEST(X509CertificateTest, CreateSelfSigned) {
|
| +TEST_F(X509CertificateTest, CreateSelfSigned) {
|
| scoped_ptr<crypto::RSAPrivateKey> private_key(
|
| crypto::RSAPrivateKey::Create(1024));
|
| scoped_refptr<X509Certificate> cert =
|
| @@ -1434,7 +1440,7 @@ TEST(X509CertificateTest, CreateSelfSigned) {
|
| EXPECT_FALSE(cert->HasExpired());
|
| }
|
|
|
| -TEST(X509CertificateTest, GetDEREncoded) {
|
| +TEST_F(X509CertificateTest, GetDEREncoded) {
|
| scoped_ptr<crypto::RSAPrivateKey> private_key(
|
| crypto::RSAPrivateKey::Create(1024));
|
| scoped_refptr<X509Certificate> cert =
|
| @@ -1499,7 +1505,7 @@ static const uint8 kCRLSetGoogleSerialBlocked[] = {
|
|
|
| // Test that CRLSets are effective in making a certificate appear to be
|
| // revoked.
|
| -TEST(X509CertificateTest, CRLSet) {
|
| +TEST_F(X509CertificateTest, CRLSet) {
|
| CertificateList certs = CreateCertificateListFromFile(
|
| GetTestCertsDirectory(),
|
| "googlenew.chain.pem",
|
| @@ -1513,8 +1519,8 @@ TEST(X509CertificateTest, CRLSet) {
|
| intermediates);
|
|
|
| CertVerifyResult verify_result;
|
| - int error = google_full_chain->Verify(
|
| - "www.google.com", 0, NULL, &verify_result);
|
| + int error = Verify(google_full_chain, "www.google.com", 0, NULL,
|
| + &verify_result);
|
| EXPECT_EQ(OK, error);
|
|
|
| // First test blocking by SPKI.
|
| @@ -1524,8 +1530,8 @@ TEST(X509CertificateTest, CRLSet) {
|
| scoped_refptr<CRLSet> crl_set;
|
| ASSERT_TRUE(CRLSet::Parse(crl_set_bytes, &crl_set));
|
|
|
| - error = google_full_chain->Verify(
|
| - "www.google.com", 0, crl_set.get(), &verify_result);
|
| + error = Verify(google_full_chain, "www.google.com", 0, crl_set.get(),
|
| + &verify_result);
|
| EXPECT_EQ(ERR_CERT_REVOKED, error);
|
|
|
| // Second, test revocation by serial number of a cert directly under the
|
| @@ -1535,8 +1541,8 @@ TEST(X509CertificateTest, CRLSet) {
|
| sizeof(kCRLSetThawteSerialBlocked));
|
| ASSERT_TRUE(CRLSet::Parse(crl_set_bytes, &crl_set));
|
|
|
| - error = google_full_chain->Verify(
|
| - "www.google.com", 0, crl_set.get(), &verify_result);
|
| + error = Verify(google_full_chain, "www.google.com", 0, crl_set.get(),
|
| + &verify_result);
|
| EXPECT_EQ(ERR_CERT_REVOKED, error);
|
|
|
| // Lastly, test revocation by serial number of a certificate not under the
|
| @@ -1546,8 +1552,8 @@ TEST(X509CertificateTest, CRLSet) {
|
| sizeof(kCRLSetGoogleSerialBlocked));
|
| ASSERT_TRUE(CRLSet::Parse(crl_set_bytes, &crl_set));
|
|
|
| - error = google_full_chain->Verify(
|
| - "www.google.com", 0, crl_set.get(), &verify_result);
|
| + error = Verify(google_full_chain, "www.google.com", 0, crl_set.get(),
|
| + &verify_result);
|
| EXPECT_EQ(ERR_CERT_REVOKED, error);
|
| }
|
| #endif
|
| @@ -1835,7 +1841,8 @@ void PrintTo(const WeakDigestTestData& data, std::ostream* os) {
|
| }
|
|
|
| class X509CertificateWeakDigestTest
|
| - : public testing::TestWithParam<WeakDigestTestData> {
|
| + : public X509CertificateTest,
|
| + public testing::WithParamInterface<WeakDigestTestData> {
|
| public:
|
| X509CertificateWeakDigestTest() {}
|
|
|
| @@ -1872,7 +1879,7 @@ TEST_P(X509CertificateWeakDigestTest, Verify) {
|
|
|
| int flags = 0;
|
| CertVerifyResult verify_result;
|
| - int rv = ee_chain->Verify("127.0.0.1", flags, NULL, &verify_result);
|
| + int rv = Verify(ee_chain, "127.0.0.1", flags, NULL, &verify_result);
|
| EXPECT_EQ(data.expected_has_md5, verify_result.has_md5);
|
| EXPECT_EQ(data.expected_has_md4, verify_result.has_md4);
|
| EXPECT_EQ(data.expected_has_md2, verify_result.has_md2);
|
|
|
Chromium Code Reviews
Issue 9584041:
Create stubs for system certificate validation. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src