| Index: net/base/x509_certificate_unittest.cc
|
| diff --git a/net/base/x509_certificate_unittest.cc b/net/base/x509_certificate_unittest.cc
|
| index e54e04341623d15af79c394374c556e897e4098a..f952bab99bd57aeef52805d1809da288aad1fa19 100644
|
| --- a/net/base/x509_certificate_unittest.cc
|
| +++ b/net/base/x509_certificate_unittest.cc
|
| @@ -212,7 +212,23 @@ void CheckGoogleCert(const scoped_refptr<X509Certificate>& google_cert,
|
| EXPECT_EQ("www.google.com", dns_names[0]);
|
| }
|
|
|
| -TEST(X509CertificateTest, GoogleCertParsing) {
|
| +// TODO(rsleevi): Temporary fixture while refactoring http://crbug.com/114343
|
| +class X509CertificateTest : public testing::Test {
|
| + public:
|
| + X509CertificateTest() {}
|
| + virtual ~X509CertificateTest() {}
|
| +
|
| + protected:
|
| + int Verify(X509Certificate* cert,
|
| + const std::string& hostname,
|
| + int flags,
|
| + CRLSet* crl_set,
|
| + CertVerifyResult* verify_result) {
|
| + return cert->Verify(hostname, flags, crl_set, verify_result);
|
| + }
|
| +};
|
| +
|
| +TEST_F(X509CertificateTest, GoogleCertParsing) {
|
| scoped_refptr<X509Certificate> google_cert(
|
| X509Certificate::CreateFromBytes(
|
| reinterpret_cast<const char*>(google_der), sizeof(google_der)));
|
| @@ -222,7 +238,7 @@ TEST(X509CertificateTest, GoogleCertParsing) {
|
| 1269728407); // Mar 27 22:20:07 2010 GMT
|
| }
|
|
|
| -TEST(X509CertificateTest, WebkitCertParsing) {
|
| +TEST_F(X509CertificateTest, WebkitCertParsing) {
|
| scoped_refptr<X509Certificate> webkit_cert(X509Certificate::CreateFromBytes(
|
| reinterpret_cast<const char*>(webkit_der), sizeof(webkit_der)));
|
|
|
| @@ -277,7 +293,7 @@ TEST(X509CertificateTest, WebkitCertParsing) {
|
| EXPECT_FALSE(webkit_cert->VerifyNameMatch("www.foo.webkit.com"));
|
| }
|
|
|
| -TEST(X509CertificateTest, WithoutRevocationChecking) {
|
| +TEST_F(X509CertificateTest, WithoutRevocationChecking) {
|
| // Check that verification without revocation checking works.
|
| CertificateList certs = CreateCertificateListFromFile(
|
| GetTestCertsDirectory(),
|
| @@ -292,11 +308,11 @@ TEST(X509CertificateTest, WithoutRevocationChecking) {
|
| intermediates);
|
|
|
| CertVerifyResult verify_result;
|
| - EXPECT_EQ(OK, google_full_chain->Verify("www.google.com", 0 /* flags */, NULL,
|
| - &verify_result));
|
| + EXPECT_EQ(OK, Verify(google_full_chain, "www.google.com", 0 /* flags */, NULL,
|
| + &verify_result));
|
| }
|
|
|
| -TEST(X509CertificateTest, ThawteCertParsing) {
|
| +TEST_F(X509CertificateTest, ThawteCertParsing) {
|
| scoped_refptr<X509Certificate> thawte_cert(X509Certificate::CreateFromBytes(
|
| reinterpret_cast<const char*>(thawte_der), sizeof(thawte_der)));
|
|
|
| @@ -349,7 +365,7 @@ TEST(X509CertificateTest, ThawteCertParsing) {
|
| #else
|
| #define MAYBE_EVVerification EVVerification
|
| #endif
|
| -TEST(X509CertificateTest, MAYBE_EVVerification) {
|
| +TEST_F(X509CertificateTest, MAYBE_EVVerification) {
|
| // This certificate will expire Jun 21, 2013.
|
| CertificateList certs = CreateCertificateListFromFile(
|
| GetTestCertsDirectory(),
|
| @@ -367,8 +383,7 @@ TEST(X509CertificateTest, MAYBE_EVVerification) {
|
|
|
| CertVerifyResult verify_result;
|
| int flags = X509Certificate::VERIFY_EV_CERT;
|
| - int error = comodo_chain->Verify(
|
| - "comodo.com", flags, NULL, &verify_result);
|
| + int error = Verify(comodo_chain, "comodo.com", flags, NULL, &verify_result);
|
| EXPECT_EQ(OK, error);
|
| EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_IS_EV);
|
| }
|
| @@ -377,7 +392,7 @@ TEST(X509CertificateTest, MAYBE_EVVerification) {
|
| // a single RelativeDistinguishedName is present. "Normally" there is only
|
| // one AVA per RDN, but some CAs place all AVAs within a single RDN.
|
| // This is a regression test for http://crbug.com/101009
|
| -TEST(X509CertificateTest, MultivalueRDN) {
|
| +TEST_F(X509CertificateTest, MultivalueRDN) {
|
| FilePath certs_dir = GetTestCertsDirectory();
|
|
|
| scoped_refptr<X509Certificate> multivalue_rdn_cert =
|
| @@ -401,7 +416,7 @@ TEST(X509CertificateTest, MultivalueRDN) {
|
| // Test that characters which would normally be escaped in the string form,
|
| // such as '=' or '"', are not escaped when parsed as individual components.
|
| // This is a regression test for http://crbug.com/102839
|
| -TEST(X509CertificateTest, UnescapedSpecialCharacters) {
|
| +TEST_F(X509CertificateTest, UnescapedSpecialCharacters) {
|
| FilePath certs_dir = GetTestCertsDirectory();
|
|
|
| scoped_refptr<X509Certificate> unescaped_cert =
|
| @@ -423,7 +438,7 @@ TEST(X509CertificateTest, UnescapedSpecialCharacters) {
|
| EXPECT_EQ(0U, subject.domain_components.size());
|
| }
|
|
|
| -TEST(X509CertificateTest, PaypalNullCertParsing) {
|
| +TEST_F(X509CertificateTest, PaypalNullCertParsing) {
|
| scoped_refptr<X509Certificate> paypal_null_cert(
|
| X509Certificate::CreateFromBytes(
|
| reinterpret_cast<const char*>(paypal_null_der),
|
| @@ -438,8 +453,8 @@ TEST(X509CertificateTest, PaypalNullCertParsing) {
|
|
|
| int flags = 0;
|
| CertVerifyResult verify_result;
|
| - int error = paypal_null_cert->Verify("www.paypal.com", flags, NULL,
|
| - &verify_result);
|
| + int error = Verify(paypal_null_cert, "www.paypal.com", flags, NULL,
|
| + &verify_result);
|
| #if defined(USE_OPENSSL) || defined(OS_MACOSX) || defined(OS_WIN)
|
| // TOOD(bulach): investigate why macosx and win aren't returning
|
| // ERR_CERT_INVALID or ERR_CERT_COMMON_NAME_INVALID.
|
| @@ -456,7 +471,7 @@ TEST(X509CertificateTest, PaypalNullCertParsing) {
|
| #endif
|
| }
|
|
|
| -TEST(X509CertificateTest, SerialNumbers) {
|
| +TEST_F(X509CertificateTest, SerialNumbers) {
|
| scoped_refptr<X509Certificate> google_cert(
|
| X509Certificate::CreateFromBytes(
|
| reinterpret_cast<const char*>(google_der), sizeof(google_der)));
|
| @@ -484,7 +499,7 @@ TEST(X509CertificateTest, SerialNumbers) {
|
| paypal_null_serial, sizeof(paypal_null_serial)) == 0);
|
| }
|
|
|
| -TEST(X509CertificateTest, CAFingerprints) {
|
| +TEST_F(X509CertificateTest, CAFingerprints) {
|
| FilePath certs_dir = GetTestCertsDirectory();
|
|
|
| scoped_refptr<X509Certificate> server_cert =
|
| @@ -542,7 +557,7 @@ TEST(X509CertificateTest, CAFingerprints) {
|
| // This certificate will expire on 2012-04-08. The test will still
|
| // pass if error == ERR_CERT_DATE_INVALID. TODO(wtc): generate test
|
| // certificates for this unit test. http://crbug.com/111742
|
| -TEST(X509CertificateTest, IntermediateCARequireExplicitPolicy) {
|
| +TEST_F(X509CertificateTest, IntermediateCARequireExplicitPolicy) {
|
| FilePath certs_dir = GetTestCertsDirectory();
|
|
|
| scoped_refptr<X509Certificate> server_cert =
|
| @@ -567,8 +582,8 @@ TEST(X509CertificateTest, IntermediateCARequireExplicitPolicy) {
|
|
|
| int flags = 0;
|
| CertVerifyResult verify_result;
|
| - int error = cert_chain->Verify("www.us.army.mil", flags, NULL,
|
| - &verify_result);
|
| + int error = Verify(cert_chain, "www.us.army.mil", flags, NULL,
|
| + &verify_result);
|
| if (error == OK) {
|
| EXPECT_EQ(0U, verify_result.cert_status);
|
| } else {
|
| @@ -586,7 +601,7 @@ TEST(X509CertificateTest, IntermediateCARequireExplicitPolicy) {
|
| // unit tests, the call to PKIXVerifyCert returns the NSS error -8180, which is
|
| // SEC_ERROR_REVOKED_CERTIFICATE. This indicates a lack of revocation
|
| // status, i.e. that the revocation check is failing for some reason.
|
| -TEST(X509CertificateTest, DISABLED_GlobalSignR3EVTest) {
|
| +TEST_F(X509CertificateTest, DISABLED_GlobalSignR3EVTest) {
|
| FilePath certs_dir = GetTestCertsDirectory();
|
|
|
| scoped_refptr<X509Certificate> server_cert =
|
| @@ -606,8 +621,8 @@ TEST(X509CertificateTest, DISABLED_GlobalSignR3EVTest) {
|
| CertVerifyResult verify_result;
|
| int flags = X509Certificate::VERIFY_REV_CHECKING_ENABLED |
|
| X509Certificate::VERIFY_EV_CERT;
|
| - int error = cert_chain->Verify("2029.globalsign.com", flags, NULL,
|
| - &verify_result);
|
| + int error = Verify(cert_chain, "2029.globalsign.com", flags, NULL,
|
| + &verify_result);
|
| if (error == OK)
|
| EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_IS_EV);
|
| else
|
| @@ -630,7 +645,7 @@ static bool IsWeakKeyType(const std::string& key_type) {
|
| return false;
|
| }
|
|
|
| -TEST(X509CertificateTest, RejectWeakKeys) {
|
| +TEST_F(X509CertificateTest, RejectWeakKeys) {
|
| FilePath certs_dir = GetTestCertsDirectory();
|
| typedef std::vector<std::string> Strings;
|
| Strings key_types;
|
| @@ -683,7 +698,7 @@ TEST(X509CertificateTest, RejectWeakKeys) {
|
| intermediates);
|
|
|
| CertVerifyResult verify_result;
|
| - int error = cert_chain->Verify("127.0.0.1", 0, NULL, &verify_result);
|
| + int error = Verify(cert_chain, "127.0.0.1", 0, NULL, &verify_result);
|
|
|
| if (IsWeakKeyType(*ee_type) || IsWeakKeyType(*signer_type)) {
|
| EXPECT_NE(OK, error);
|
| @@ -701,7 +716,7 @@ TEST(X509CertificateTest, RejectWeakKeys) {
|
| // The certificate will expire on 2012-07-20. The test will still
|
| // pass if error == ERR_CERT_DATE_INVALID. TODO(rsleevi): generate test
|
| // certificates for this unit test. http://crbug.com/111730
|
| -TEST(X509CertificateTest, ExtraneousMD5RootCert) {
|
| +TEST_F(X509CertificateTest, ExtraneousMD5RootCert) {
|
| FilePath certs_dir = GetTestCertsDirectory();
|
|
|
| scoped_refptr<X509Certificate> server_cert =
|
| @@ -725,8 +740,8 @@ TEST(X509CertificateTest, ExtraneousMD5RootCert) {
|
|
|
| CertVerifyResult verify_result;
|
| int flags = 0;
|
| - int error = cert_chain->Verify("images.etrade.wallst.com", flags, NULL,
|
| - &verify_result);
|
| + int error = Verify(cert_chain, "images.etrade.wallst.com", flags, NULL,
|
| + &verify_result);
|
| if (error != OK)
|
| EXPECT_EQ(ERR_CERT_DATE_INVALID, error);
|
|
|
| @@ -735,7 +750,7 @@ TEST(X509CertificateTest, ExtraneousMD5RootCert) {
|
| }
|
|
|
| // Test for bug 94673.
|
| -TEST(X509CertificateTest, GoogleDigiNotarTest) {
|
| +TEST_F(X509CertificateTest, GoogleDigiNotarTest) {
|
| FilePath certs_dir = GetTestCertsDirectory();
|
|
|
| scoped_refptr<X509Certificate> server_cert =
|
| @@ -754,18 +769,18 @@ TEST(X509CertificateTest, GoogleDigiNotarTest) {
|
|
|
| CertVerifyResult verify_result;
|
| int flags = X509Certificate::VERIFY_REV_CHECKING_ENABLED;
|
| - int error = cert_chain->Verify("mail.google.com", flags, NULL,
|
| - &verify_result);
|
| + int error = Verify(cert_chain, "mail.google.com", flags, NULL,
|
| + &verify_result);
|
| EXPECT_NE(OK, error);
|
|
|
| // Now turn off revocation checking. Certificate verification should still
|
| // fail.
|
| flags = 0;
|
| - error = cert_chain->Verify("mail.google.com", flags, NULL, &verify_result);
|
| + error = Verify(cert_chain, "mail.google.com", flags, NULL, &verify_result);
|
| EXPECT_NE(OK, error);
|
| }
|
|
|
| -TEST(X509CertificateTest, DigiNotarCerts) {
|
| +TEST_F(X509CertificateTest, DigiNotarCerts) {
|
| static const char* const kDigiNotarFilenames[] = {
|
| "diginotar_root_ca.pem",
|
| "diginotar_cyber_ca.pem",
|
| @@ -801,7 +816,7 @@ TEST(X509CertificateTest, DigiNotarCerts) {
|
| }
|
|
|
| // Bug 111893: This test needs a new certificate.
|
| -TEST(X509CertificateTest, DISABLED_TestKnownRoot) {
|
| +TEST_F(X509CertificateTest, DISABLED_TestKnownRoot) {
|
| FilePath certs_dir = GetTestCertsDirectory();
|
| scoped_refptr<X509Certificate> cert =
|
| ImportCertFromFile(certs_dir, "nist.der");
|
| @@ -823,7 +838,7 @@ TEST(X509CertificateTest, DISABLED_TestKnownRoot) {
|
| CertVerifyResult verify_result;
|
| // This is going to blow up in Feb 2012. Sorry! Disable and file a bug
|
| // against agl. Also see PublicKeyHashes in this file.
|
| - int error = cert_chain->Verify("www.nist.gov", flags, NULL, &verify_result);
|
| + int error = Verify(cert_chain, "www.nist.gov", flags, NULL, &verify_result);
|
| EXPECT_EQ(OK, error);
|
| EXPECT_EQ(0U, verify_result.cert_status);
|
| EXPECT_TRUE(verify_result.is_issued_by_known_root);
|
| @@ -834,7 +849,7 @@ static const char nistSPKIHash[] =
|
| "\x15\x60\xde\x65\x4e\x03\x9f\xd0\x08\x82"
|
| "\xa9\x6a\xc4\x65\x8e\x6f\x92\x06\x84\x35";
|
|
|
| -TEST(X509CertificateTest, ExtractSPKIFromDERCert) {
|
| +TEST_F(X509CertificateTest, ExtractSPKIFromDERCert) {
|
| FilePath certs_dir = GetTestCertsDirectory();
|
| scoped_refptr<X509Certificate> cert =
|
| ImportCertFromFile(certs_dir, "nist.der");
|
| @@ -854,7 +869,7 @@ TEST(X509CertificateTest, ExtractSPKIFromDERCert) {
|
| EXPECT_EQ(0, memcmp(hash, nistSPKIHash, sizeof(hash)));
|
| }
|
|
|
| -TEST(X509CertificateTest, ExtractCRLURLsFromDERCert) {
|
| +TEST_F(X509CertificateTest, ExtractCRLURLsFromDERCert) {
|
| FilePath certs_dir = GetTestCertsDirectory();
|
| scoped_refptr<X509Certificate> cert =
|
| ImportCertFromFile(certs_dir, "nist.der");
|
| @@ -875,7 +890,7 @@ TEST(X509CertificateTest, ExtractCRLURLsFromDERCert) {
|
| }
|
|
|
| // Bug 111893: This test needs a new certificate.
|
| -TEST(X509CertificateTest, DISABLED_PublicKeyHashes) {
|
| +TEST_F(X509CertificateTest, DISABLED_PublicKeyHashes) {
|
| FilePath certs_dir = GetTestCertsDirectory();
|
| // This is going to blow up in Feb 2012. Sorry! Disable and file a bug
|
| // against agl. Also see TestKnownRoot in this file.
|
| @@ -900,7 +915,7 @@ TEST(X509CertificateTest, DISABLED_PublicKeyHashes) {
|
| int flags = 0;
|
| CertVerifyResult verify_result;
|
|
|
| - int error = cert_chain->Verify("www.nist.gov", flags, NULL, &verify_result);
|
| + int error = Verify(cert_chain, "www.nist.gov", flags, NULL, &verify_result);
|
| EXPECT_EQ(OK, error);
|
| EXPECT_EQ(0U, verify_result.cert_status);
|
| ASSERT_LE(2u, verify_result.public_key_hashes.size());
|
| @@ -913,7 +928,7 @@ TEST(X509CertificateTest, DISABLED_PublicKeyHashes) {
|
| // A regression test for http://crbug.com/70293.
|
| // The Key Usage extension in this RSA SSL server certificate does not have
|
| // the keyEncipherment bit.
|
| -TEST(X509CertificateTest, InvalidKeyUsage) {
|
| +TEST_F(X509CertificateTest, InvalidKeyUsage) {
|
| FilePath certs_dir = GetTestCertsDirectory();
|
|
|
| scoped_refptr<X509Certificate> server_cert =
|
| @@ -922,8 +937,8 @@ TEST(X509CertificateTest, InvalidKeyUsage) {
|
|
|
| int flags = 0;
|
| CertVerifyResult verify_result;
|
| - int error = server_cert->Verify("jira.aquameta.com", flags, NULL,
|
| - &verify_result);
|
| + int error = Verify(server_cert, "jira.aquameta.com", flags, NULL,
|
| + &verify_result);
|
| #if defined(USE_OPENSSL)
|
| // This certificate has two errors: "invalid key usage" and "untrusted CA".
|
| // However, OpenSSL returns only one (the latter), and we can't detect
|
| @@ -944,7 +959,7 @@ TEST(X509CertificateTest, InvalidKeyUsage) {
|
| // Tests X509CertificateCache via X509Certificate::CreateFromHandle. We
|
| // call X509Certificate::CreateFromHandle several times and observe whether
|
| // it returns a cached or new OSCertHandle.
|
| -TEST(X509CertificateTest, Cache) {
|
| +TEST_F(X509CertificateTest, Cache) {
|
| X509Certificate::OSCertHandle google_cert_handle;
|
| X509Certificate::OSCertHandle thawte_cert_handle;
|
|
|
| @@ -991,7 +1006,7 @@ TEST(X509CertificateTest, Cache) {
|
| cert3->GetIntermediateCertificates().size());
|
| }
|
|
|
| -TEST(X509CertificateTest, Pickle) {
|
| +TEST_F(X509CertificateTest, Pickle) {
|
| X509Certificate::OSCertHandle google_cert_handle =
|
| X509Certificate::CreateOSCertHandleFromBytes(
|
| reinterpret_cast<const char*>(google_der), sizeof(google_der));
|
| @@ -1029,7 +1044,7 @@ TEST(X509CertificateTest, Pickle) {
|
| }
|
| }
|
|
|
| -TEST(X509CertificateTest, Policy) {
|
| +TEST_F(X509CertificateTest, Policy) {
|
| scoped_refptr<X509Certificate> google_cert(X509Certificate::CreateFromBytes(
|
| reinterpret_cast<const char*>(google_der), sizeof(google_der)));
|
|
|
| @@ -1065,7 +1080,7 @@ TEST(X509CertificateTest, Policy) {
|
| EXPECT_TRUE(policy.HasDeniedCert());
|
| }
|
|
|
| -TEST(X509CertificateTest, IntermediateCertificates) {
|
| +TEST_F(X509CertificateTest, IntermediateCertificates) {
|
| scoped_refptr<X509Certificate> webkit_cert(
|
| X509Certificate::CreateFromBytes(
|
| reinterpret_cast<const char*>(webkit_der), sizeof(webkit_der)));
|
| @@ -1109,7 +1124,7 @@ TEST(X509CertificateTest, IntermediateCertificates) {
|
| // of the certificate to be verified. The remaining VerifyReturn* tests are
|
| // used to ensure that the actual, verified chain is being returned by
|
| // Verify().
|
| -TEST(X509CertificateTest, VerifyReturnChainBasic) {
|
| +TEST_F(X509CertificateTest, VerifyReturnChainBasic) {
|
| FilePath certs_dir = GetTestCertsDirectory();
|
| CertificateList certs = CreateCertificateListFromFile(
|
| certs_dir, "x509_verify_results.chain.pem",
|
| @@ -1130,7 +1145,7 @@ TEST(X509CertificateTest, VerifyReturnChainBasic) {
|
|
|
| CertVerifyResult verify_result;
|
| EXPECT_EQ(static_cast<X509Certificate*>(NULL), verify_result.verified_cert);
|
| - int error = google_full_chain->Verify("127.0.0.1", 0, NULL, &verify_result);
|
| + int error = Verify(google_full_chain, "127.0.0.1", 0, NULL, &verify_result);
|
| EXPECT_EQ(OK, error);
|
| ASSERT_NE(static_cast<X509Certificate*>(NULL), verify_result.verified_cert);
|
|
|
| @@ -1152,7 +1167,7 @@ TEST(X509CertificateTest, VerifyReturnChainBasic) {
|
| // a protocol violation if sent during a TLS handshake, if multiple sources
|
| // of intermediate certificates are combined, it's possible that order may
|
| // not be maintained.
|
| -TEST(X509CertificateTest, VerifyReturnChainProperlyOrdered) {
|
| +TEST_F(X509CertificateTest, VerifyReturnChainProperlyOrdered) {
|
| FilePath certs_dir = GetTestCertsDirectory();
|
| CertificateList certs = CreateCertificateListFromFile(
|
| certs_dir, "x509_verify_results.chain.pem",
|
| @@ -1174,7 +1189,7 @@ TEST(X509CertificateTest, VerifyReturnChainProperlyOrdered) {
|
|
|
| CertVerifyResult verify_result;
|
| EXPECT_EQ(static_cast<X509Certificate*>(NULL), verify_result.verified_cert);
|
| - int error = google_full_chain->Verify("127.0.0.1", 0, NULL, &verify_result);
|
| + int error = Verify(google_full_chain, "127.0.0.1", 0, NULL, &verify_result);
|
| EXPECT_EQ(OK, error);
|
| ASSERT_NE(static_cast<X509Certificate*>(NULL), verify_result.verified_cert);
|
|
|
| @@ -1193,7 +1208,7 @@ TEST(X509CertificateTest, VerifyReturnChainProperlyOrdered) {
|
|
|
| // Test that Verify() filters out certificates which are not related to
|
| // or part of the certificate chain being verified.
|
| -TEST(X509CertificateTest, VerifyReturnChainFiltersUnrelatedCerts) {
|
| +TEST_F(X509CertificateTest, VerifyReturnChainFiltersUnrelatedCerts) {
|
| FilePath certs_dir = GetTestCertsDirectory();
|
| CertificateList certs = CreateCertificateListFromFile(
|
| certs_dir, "x509_verify_results.chain.pem",
|
| @@ -1223,7 +1238,7 @@ TEST(X509CertificateTest, VerifyReturnChainFiltersUnrelatedCerts) {
|
|
|
| CertVerifyResult verify_result;
|
| EXPECT_EQ(static_cast<X509Certificate*>(NULL), verify_result.verified_cert);
|
| - int error = google_full_chain->Verify("127.0.0.1", 0, NULL, &verify_result);
|
| + int error = Verify(google_full_chain, "127.0.0.1", 0, NULL, &verify_result);
|
| EXPECT_EQ(OK, error);
|
| ASSERT_NE(static_cast<X509Certificate*>(NULL), verify_result.verified_cert);
|
|
|
| @@ -1241,7 +1256,7 @@ TEST(X509CertificateTest, VerifyReturnChainFiltersUnrelatedCerts) {
|
| }
|
|
|
| #if defined(OS_MACOSX)
|
| -TEST(X509CertificateTest, IsIssuedBy) {
|
| +TEST_F(X509CertificateTest, IsIssuedBy) {
|
| FilePath certs_dir = GetTestCertsDirectory();
|
|
|
| // Test a client certificate from MIT.
|
| @@ -1290,7 +1305,7 @@ TEST(X509CertificateTest, IsIssuedBy) {
|
| #if defined(USE_NSS) || defined(OS_WIN) || defined(OS_MACOSX)
|
| // This test creates a self-signed cert from a private key and then verify the
|
| // content of the certificate.
|
| -TEST(X509CertificateTest, CreateSelfSigned) {
|
| +TEST_F(X509CertificateTest, CreateSelfSigned) {
|
| scoped_ptr<crypto::RSAPrivateKey> private_key(
|
| crypto::RSAPrivateKey::Create(1024));
|
| scoped_refptr<X509Certificate> cert =
|
| @@ -1397,7 +1412,7 @@ TEST(X509CertificateTest, CreateSelfSigned) {
|
| EXPECT_FALSE(cert->HasExpired());
|
| }
|
|
|
| -TEST(X509CertificateTest, GetDEREncoded) {
|
| +TEST_F(X509CertificateTest, GetDEREncoded) {
|
| scoped_ptr<crypto::RSAPrivateKey> private_key(
|
| crypto::RSAPrivateKey::Create(1024));
|
| scoped_refptr<X509Certificate> cert =
|
| @@ -1462,7 +1477,7 @@ static const uint8 kCRLSetGoogleSerialBlocked[] = {
|
|
|
| // Test that CRLSets are effective in making a certificate appear to be
|
| // revoked.
|
| -TEST(X509CertificateTest, CRLSet) {
|
| +TEST_F(X509CertificateTest, CRLSet) {
|
| CertificateList certs = CreateCertificateListFromFile(
|
| GetTestCertsDirectory(),
|
| "googlenew.chain.pem",
|
| @@ -1476,8 +1491,8 @@ TEST(X509CertificateTest, CRLSet) {
|
| intermediates);
|
|
|
| CertVerifyResult verify_result;
|
| - int error = google_full_chain->Verify(
|
| - "www.google.com", 0, NULL, &verify_result);
|
| + int error = Verify(google_full_chain, "www.google.com", 0, NULL,
|
| + &verify_result);
|
| EXPECT_EQ(OK, error);
|
|
|
| // First test blocking by SPKI.
|
| @@ -1487,8 +1502,8 @@ TEST(X509CertificateTest, CRLSet) {
|
| scoped_refptr<CRLSet> crl_set;
|
| ASSERT_TRUE(CRLSet::Parse(crl_set_bytes, &crl_set));
|
|
|
| - error = google_full_chain->Verify(
|
| - "www.google.com", 0, crl_set.get(), &verify_result);
|
| + error = Verify(google_full_chain, "www.google.com", 0, crl_set.get(),
|
| + &verify_result);
|
| EXPECT_EQ(ERR_CERT_REVOKED, error);
|
|
|
| // Second, test revocation by serial number of a cert directly under the
|
| @@ -1498,8 +1513,8 @@ TEST(X509CertificateTest, CRLSet) {
|
| sizeof(kCRLSetThawteSerialBlocked));
|
| ASSERT_TRUE(CRLSet::Parse(crl_set_bytes, &crl_set));
|
|
|
| - error = google_full_chain->Verify(
|
| - "www.google.com", 0, crl_set.get(), &verify_result);
|
| + error = Verify(google_full_chain, "www.google.com", 0, crl_set.get(),
|
| + &verify_result);
|
| EXPECT_EQ(ERR_CERT_REVOKED, error);
|
|
|
| // Lastly, test revocation by serial number of a certificate not under the
|
| @@ -1509,8 +1524,8 @@ TEST(X509CertificateTest, CRLSet) {
|
| sizeof(kCRLSetGoogleSerialBlocked));
|
| ASSERT_TRUE(CRLSet::Parse(crl_set_bytes, &crl_set));
|
|
|
| - error = google_full_chain->Verify(
|
| - "www.google.com", 0, crl_set.get(), &verify_result);
|
| + error = Verify(google_full_chain, "www.google.com", 0, crl_set.get(),
|
| + &verify_result);
|
| EXPECT_EQ(ERR_CERT_REVOKED, error);
|
| }
|
| #endif
|
| @@ -1798,7 +1813,8 @@ void PrintTo(const WeakDigestTestData& data, std::ostream* os) {
|
| }
|
|
|
| class X509CertificateWeakDigestTest
|
| - : public testing::TestWithParam<WeakDigestTestData> {
|
| + : public X509CertificateTest,
|
| + public testing::WithParamInterface<WeakDigestTestData> {
|
| public:
|
| X509CertificateWeakDigestTest() {}
|
| virtual ~X509CertificateWeakDigestTest() {}
|
| @@ -1833,7 +1849,7 @@ TEST_P(X509CertificateWeakDigestTest, Verify) {
|
|
|
| int flags = 0;
|
| CertVerifyResult verify_result;
|
| - int rv = ee_chain->Verify("127.0.0.1", flags, NULL, &verify_result);
|
| + int rv = Verify(ee_chain, "127.0.0.1", flags, NULL, &verify_result);
|
| EXPECT_EQ(data.expected_has_md5, verify_result.has_md5);
|
| EXPECT_EQ(data.expected_has_md4, verify_result.has_md4);
|
| EXPECT_EQ(data.expected_has_md2, verify_result.has_md2);
|
|
|
Chromium Code Reviews
Issue 9584041:
Create stubs for system certificate validation. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src