Chromium Code Reviews Chromium Code Reviews
Issue 9584041:
Create stubs for system certificate validation. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| Index: net/base/x509_certificate_unittest.cc |
| diff --git a/net/base/x509_certificate_unittest.cc b/net/base/x509_certificate_unittest.cc |
| index 25ddafaeb4817ab82aa552f071d18508b3fdf320..b3fe267b9f9e8a50698f47bf72bbd05754d252f7 100644 |
| --- a/net/base/x509_certificate_unittest.cc |
| +++ b/net/base/x509_certificate_unittest.cc |
| @@ -221,19 +221,25 @@ void CheckGoogleCert(const scoped_refptr<X509Certificate>& google_cert, |
| google_cert->GetDNSNames(&dns_names); |
| ASSERT_EQ(1U, dns_names.size()); |
| EXPECT_EQ("www.google.com", dns_names[0]); |
| - |
| -#if TEST_EV |
| - // TODO(avi): turn this on for the Mac once EV checking is implemented. |
| - CertVerifyResult verify_result; |
| - int flags = X509Certificate::VERIFY_REV_CHECKING_ENABLED | |
| - X509Certificate::VERIFY_EV_CERT; |
| - EXPECT_EQ(OK, google_cert->Verify("www.google.com", flags, NULL, |
| - &verify_result); |
| - EXPECT_FALSE(verify_result.cert_status & CERT_STATUS_IS_EV); |
| -#endif |
|
wtc
2012/03/06 23:10:14
Why did you delete this #if TEST_EV block but keep
Ryan Sleevi
2012/03/10 03:09:12
Missed the other ones, but Adam has already nuked
|
| } |
| -TEST(X509CertificateTest, GoogleCertParsing) { |
| +// TODO(rsleevi): Temporary fixture while refactoring http://crbug.com/114343 |
| +class X509CertificateTest : public testing::Test { |
| + public: |
| + X509CertificateTest() {} |
| + virtual ~X509CertificateTest() {} |
| + |
| + protected: |
| + int Verify(X509Certificate* cert, |
| + const std::string& hostname, |
| + int flags, |
| + CRLSet* crl_set, |
| + CertVerifyResult* verify_result) { |
| + return cert->Verify(hostname, flags, crl_set, verify_result); |
|
wtc
2012/03/06 23:10:14
Why is this fixture necessary? Are you going to c
Ryan Sleevi
2012/03/10 03:09:12
To make it easier to friend this in X509Certificat
|
| + } |
| +}; |
| + |
| +TEST_F(X509CertificateTest, GoogleCertParsing) { |
| scoped_refptr<X509Certificate> google_cert( |
| X509Certificate::CreateFromBytes( |
| reinterpret_cast<const char*>(google_der), sizeof(google_der))); |
| @@ -243,7 +249,7 @@ TEST(X509CertificateTest, GoogleCertParsing) { |
| 1269728407); // Mar 27 22:20:07 2010 GMT |
| } |
| -TEST(X509CertificateTest, WebkitCertParsing) { |
| +TEST_F(X509CertificateTest, WebkitCertParsing) { |
| scoped_refptr<X509Certificate> webkit_cert(X509Certificate::CreateFromBytes( |
| reinterpret_cast<const char*>(webkit_der), sizeof(webkit_der))); |
| @@ -306,7 +312,7 @@ TEST(X509CertificateTest, WebkitCertParsing) { |
| EXPECT_FALSE(webkit_cert->VerifyNameMatch("www.foo.webkit.com")); |
| } |
| -TEST(X509CertificateTest, WithoutRevocationChecking) { |
| +TEST_F(X509CertificateTest, WithoutRevocationChecking) { |
| // Check that verification without revocation checking works. |
| CertificateList certs = CreateCertificateListFromFile( |
| GetTestCertsDirectory(), |
| @@ -321,11 +327,11 @@ TEST(X509CertificateTest, WithoutRevocationChecking) { |
| intermediates); |
| CertVerifyResult verify_result; |
| - EXPECT_EQ(OK, google_full_chain->Verify("www.google.com", 0 /* flags */, NULL, |
| - &verify_result)); |
| + EXPECT_EQ(OK, Verify(google_full_chain, "www.google.com", 0 /* flags */, NULL, |
| + &verify_result)); |
| } |
| -TEST(X509CertificateTest, ThawteCertParsing) { |
| +TEST_F(X509CertificateTest, ThawteCertParsing) { |
| scoped_refptr<X509Certificate> thawte_cert(X509Certificate::CreateFromBytes( |
| reinterpret_cast<const char*>(thawte_der), sizeof(thawte_der))); |
| @@ -376,14 +382,14 @@ TEST(X509CertificateTest, ThawteCertParsing) { |
| X509Certificate::VERIFY_EV_CERT; |
| CertVerifyResult verify_result; |
| // EV cert verification requires revocation checking. |
| - EXPECT_EQ(OK, thawte_cert->Verify("www.thawte.com", flags, NULL, |
| - &verify_result); |
| + EXPECT_EQ(OK, Verify(thawte_cert, "www.thawte.com", flags, NULL, |
| + &verify_result); |
| EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_IS_EV); |
| // Consequently, if we don't have revocation checking enabled, we can't claim |
| // any cert is EV. |
| flags = X509Certificate::VERIFY_EV_CERT; |
| - EXPECT_EQ(OK, thawte_cert->Verify("www.thawte.com", flags, NULL, |
| - &verify_result)); |
| + EXPECT_EQ(OK, Verify(thawte_cert, "www.thawte.com", flags, NULL, |
| + &verify_result)); |
| EXPECT_FALSE(verify_result.cert_status & CERT_STATUS_IS_EV); |
| #endif |
| } |
| @@ -392,7 +398,7 @@ TEST(X509CertificateTest, ThawteCertParsing) { |
| // a single RelativeDistinguishedName is present. "Normally" there is only |
| // one AVA per RDN, but some CAs place all AVAs within a single RDN. |
| // This is a regression test for http://crbug.com/101009 |
| -TEST(X509CertificateTest, MultivalueRDN) { |
| +TEST_F(X509CertificateTest, MultivalueRDN) { |
| FilePath certs_dir = GetTestCertsDirectory(); |
| scoped_refptr<X509Certificate> multivalue_rdn_cert = |
| @@ -416,7 +422,7 @@ TEST(X509CertificateTest, MultivalueRDN) { |
| // Test that characters which would normally be escaped in the string form, |
| // such as '=' or '"', are not escaped when parsed as individual components. |
| // This is a regression test for http://crbug.com/102839 |
| -TEST(X509CertificateTest, UnescapedSpecialCharacters) { |
| +TEST_F(X509CertificateTest, UnescapedSpecialCharacters) { |
| FilePath certs_dir = GetTestCertsDirectory(); |
| scoped_refptr<X509Certificate> unescaped_cert = |
| @@ -438,7 +444,7 @@ TEST(X509CertificateTest, UnescapedSpecialCharacters) { |
| EXPECT_EQ(0U, subject.domain_components.size()); |
| } |
| -TEST(X509CertificateTest, PaypalNullCertParsing) { |
| +TEST_F(X509CertificateTest, PaypalNullCertParsing) { |
| scoped_refptr<X509Certificate> paypal_null_cert( |
| X509Certificate::CreateFromBytes( |
| reinterpret_cast<const char*>(paypal_null_der), |
| @@ -453,8 +459,8 @@ TEST(X509CertificateTest, PaypalNullCertParsing) { |
| int flags = 0; |
| CertVerifyResult verify_result; |
| - int error = paypal_null_cert->Verify("www.paypal.com", flags, NULL, |
| - &verify_result); |
| + int error = Verify(paypal_null_cert, "www.paypal.com", flags, NULL, |
| + &verify_result); |
| #if defined(USE_OPENSSL) || defined(OS_MACOSX) || defined(OS_WIN) |
| // TOOD(bulach): investigate why macosx and win aren't returning |
| // ERR_CERT_INVALID or ERR_CERT_COMMON_NAME_INVALID. |
| @@ -471,7 +477,7 @@ TEST(X509CertificateTest, PaypalNullCertParsing) { |
| #endif |
| } |
| -TEST(X509CertificateTest, SerialNumbers) { |
| +TEST_F(X509CertificateTest, SerialNumbers) { |
| scoped_refptr<X509Certificate> google_cert( |
| X509Certificate::CreateFromBytes( |
| reinterpret_cast<const char*>(google_der), sizeof(google_der))); |
| @@ -499,7 +505,7 @@ TEST(X509CertificateTest, SerialNumbers) { |
| paypal_null_serial, sizeof(paypal_null_serial)) == 0); |
| } |
| -TEST(X509CertificateTest, CAFingerprints) { |
| +TEST_F(X509CertificateTest, CAFingerprints) { |
| FilePath certs_dir = GetTestCertsDirectory(); |
| scoped_refptr<X509Certificate> server_cert = |
| @@ -557,7 +563,7 @@ TEST(X509CertificateTest, CAFingerprints) { |
| // This certificate will expire on 2012-04-08. The test will still |
| // pass if error == ERR_CERT_DATE_INVALID. TODO(wtc): generate test |
| // certificates for this unit test. http://crbug.com/111742 |
| -TEST(X509CertificateTest, IntermediateCARequireExplicitPolicy) { |
| +TEST_F(X509CertificateTest, IntermediateCARequireExplicitPolicy) { |
| FilePath certs_dir = GetTestCertsDirectory(); |
| scoped_refptr<X509Certificate> server_cert = |
| @@ -582,8 +588,8 @@ TEST(X509CertificateTest, IntermediateCARequireExplicitPolicy) { |
| int flags = 0; |
| CertVerifyResult verify_result; |
| - int error = cert_chain->Verify("www.us.army.mil", flags, NULL, |
| - &verify_result); |
| + int error = Verify(cert_chain, "www.us.army.mil", flags, NULL, |
| + &verify_result); |
| if (error == OK) { |
| EXPECT_EQ(0U, verify_result.cert_status); |
| } else { |
| @@ -602,7 +608,7 @@ TEST(X509CertificateTest, IntermediateCARequireExplicitPolicy) { |
| // unit tests, the call to PKIXVerifyCert returns the NSS error -8180, which is |
| // SEC_ERROR_REVOKED_CERTIFICATE. This indicates a lack of revocation |
| // status, i.e. that the revocation check is failing for some reason. |
| -TEST(X509CertificateTest, DISABLED_GlobalSignR3EVTest) { |
| +TEST_F(X509CertificateTest, DISABLED_GlobalSignR3EVTest) { |
| FilePath certs_dir = GetTestCertsDirectory(); |
| scoped_refptr<X509Certificate> server_cert = |
| @@ -622,8 +628,8 @@ TEST(X509CertificateTest, DISABLED_GlobalSignR3EVTest) { |
| CertVerifyResult verify_result; |
| int flags = X509Certificate::VERIFY_REV_CHECKING_ENABLED | |
| X509Certificate::VERIFY_EV_CERT; |
| - int error = cert_chain->Verify("2029.globalsign.com", flags, NULL, |
| - &verify_result); |
| + int error = Verify(cert_chain, "2029.globalsign.com", flags, NULL, |
| + &verify_result); |
| if (error == OK) |
| EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_IS_EV); |
| else |
| @@ -646,7 +652,7 @@ static bool IsWeakKeyType(const std::string& key_type) { |
| return false; |
| } |
| -TEST(X509CertificateTest, RejectWeakKeys) { |
| +TEST_F(X509CertificateTest, RejectWeakKeys) { |
| FilePath certs_dir = GetTestCertsDirectory(); |
| typedef std::vector<std::string> Strings; |
| Strings key_types; |
| @@ -699,7 +705,7 @@ TEST(X509CertificateTest, RejectWeakKeys) { |
| intermediates); |
| CertVerifyResult verify_result; |
| - int error = cert_chain->Verify("127.0.0.1", 0, NULL, &verify_result); |
| + int error = Verify(cert_chain, "127.0.0.1", 0, NULL, &verify_result); |
| if (IsWeakKeyType(*ee_type) || IsWeakKeyType(*signer_type)) { |
| EXPECT_NE(OK, error); |
| @@ -719,7 +725,7 @@ TEST(X509CertificateTest, RejectWeakKeys) { |
| // The certificate will expire on 2012-07-20. The test will still |
| // pass if error == ERR_CERT_DATE_INVALID. TODO(rsleevi): generate test |
| // certificates for this unit test. http://crbug.com/111730 |
| -TEST(X509CertificateTest, ExtraneousMD5RootCert) { |
| +TEST_F(X509CertificateTest, ExtraneousMD5RootCert) { |
| FilePath certs_dir = GetTestCertsDirectory(); |
| scoped_refptr<X509Certificate> server_cert = |
| @@ -743,8 +749,8 @@ TEST(X509CertificateTest, ExtraneousMD5RootCert) { |
| CertVerifyResult verify_result; |
| int flags = 0; |
| - int error = cert_chain->Verify("images.etrade.wallst.com", flags, NULL, |
| - &verify_result); |
| + int error = Verify(cert_chain, "images.etrade.wallst.com", flags, NULL, |
| + &verify_result); |
| if (error != OK) |
| EXPECT_EQ(ERR_CERT_DATE_INVALID, error); |
| @@ -753,7 +759,7 @@ TEST(X509CertificateTest, ExtraneousMD5RootCert) { |
| } |
| // Test for bug 94673. |
| -TEST(X509CertificateTest, GoogleDigiNotarTest) { |
| +TEST_F(X509CertificateTest, GoogleDigiNotarTest) { |
| FilePath certs_dir = GetTestCertsDirectory(); |
| scoped_refptr<X509Certificate> server_cert = |
| @@ -772,18 +778,18 @@ TEST(X509CertificateTest, GoogleDigiNotarTest) { |
| CertVerifyResult verify_result; |
| int flags = X509Certificate::VERIFY_REV_CHECKING_ENABLED; |
| - int error = cert_chain->Verify("mail.google.com", flags, NULL, |
| - &verify_result); |
| + int error = Verify(cert_chain, "mail.google.com", flags, NULL, |
| + &verify_result); |
| EXPECT_NE(OK, error); |
| // Now turn off revocation checking. Certificate verification should still |
| // fail. |
| flags = 0; |
| - error = cert_chain->Verify("mail.google.com", flags, NULL, &verify_result); |
| + error = Verify(cert_chain, "mail.google.com", flags, NULL, &verify_result); |
| EXPECT_NE(OK, error); |
| } |
| -TEST(X509CertificateTest, DigiNotarCerts) { |
| +TEST_F(X509CertificateTest, DigiNotarCerts) { |
| static const char* const kDigiNotarFilenames[] = { |
| "diginotar_root_ca.pem", |
| "diginotar_cyber_ca.pem", |
| @@ -819,7 +825,7 @@ TEST(X509CertificateTest, DigiNotarCerts) { |
| } |
| // Bug 111893: This test needs a new certificate. |
| -TEST(X509CertificateTest, DISABLED_TestKnownRoot) { |
| +TEST_F(X509CertificateTest, DISABLED_TestKnownRoot) { |
| FilePath certs_dir = GetTestCertsDirectory(); |
| scoped_refptr<X509Certificate> cert = |
| ImportCertFromFile(certs_dir, "nist.der"); |
| @@ -841,7 +847,7 @@ TEST(X509CertificateTest, DISABLED_TestKnownRoot) { |
| CertVerifyResult verify_result; |
| // This is going to blow up in Feb 2012. Sorry! Disable and file a bug |
| // against agl. Also see PublicKeyHashes in this file. |
| - int error = cert_chain->Verify("www.nist.gov", flags, NULL, &verify_result); |
| + int error = Verify(cert_chain, "www.nist.gov", flags, NULL, &verify_result); |
| EXPECT_EQ(OK, error); |
| EXPECT_EQ(0U, verify_result.cert_status); |
| EXPECT_TRUE(verify_result.is_issued_by_known_root); |
| @@ -852,7 +858,7 @@ static const char nistSPKIHash[] = |
| "\x15\x60\xde\x65\x4e\x03\x9f\xd0\x08\x82" |
| "\xa9\x6a\xc4\x65\x8e\x6f\x92\x06\x84\x35"; |
| -TEST(X509CertificateTest, ExtractSPKIFromDERCert) { |
| +TEST_F(X509CertificateTest, ExtractSPKIFromDERCert) { |
| FilePath certs_dir = GetTestCertsDirectory(); |
| scoped_refptr<X509Certificate> cert = |
| ImportCertFromFile(certs_dir, "nist.der"); |
| @@ -872,7 +878,7 @@ TEST(X509CertificateTest, ExtractSPKIFromDERCert) { |
| EXPECT_EQ(0, memcmp(hash, nistSPKIHash, sizeof(hash))); |
| } |
| -TEST(X509CertificateTest, ExtractCRLURLsFromDERCert) { |
| +TEST_F(X509CertificateTest, ExtractCRLURLsFromDERCert) { |
| FilePath certs_dir = GetTestCertsDirectory(); |
| scoped_refptr<X509Certificate> cert = |
| ImportCertFromFile(certs_dir, "nist.der"); |
| @@ -893,7 +899,7 @@ TEST(X509CertificateTest, ExtractCRLURLsFromDERCert) { |
| } |
| // Bug 111893: This test needs a new certificate. |
| -TEST(X509CertificateTest, DISABLED_PublicKeyHashes) { |
| +TEST_F(X509CertificateTest, DISABLED_PublicKeyHashes) { |
| FilePath certs_dir = GetTestCertsDirectory(); |
| // This is going to blow up in Feb 2012. Sorry! Disable and file a bug |
| // against agl. Also see TestKnownRoot in this file. |
| @@ -918,7 +924,7 @@ TEST(X509CertificateTest, DISABLED_PublicKeyHashes) { |
| int flags = 0; |
| CertVerifyResult verify_result; |
| - int error = cert_chain->Verify("www.nist.gov", flags, NULL, &verify_result); |
| + int error = Verify(cert_chain, "www.nist.gov", flags, NULL, &verify_result); |
| EXPECT_EQ(OK, error); |
| EXPECT_EQ(0U, verify_result.cert_status); |
| ASSERT_LE(2u, verify_result.public_key_hashes.size()); |
| @@ -933,7 +939,7 @@ TEST(X509CertificateTest, DISABLED_PublicKeyHashes) { |
| // A regression test for http://crbug.com/70293. |
| // The Key Usage extension in this RSA SSL server certificate does not have |
| // the keyEncipherment bit. |
| -TEST(X509CertificateTest, InvalidKeyUsage) { |
| +TEST_F(X509CertificateTest, InvalidKeyUsage) { |
| FilePath certs_dir = GetTestCertsDirectory(); |
| scoped_refptr<X509Certificate> server_cert = |
| @@ -942,8 +948,8 @@ TEST(X509CertificateTest, InvalidKeyUsage) { |
| int flags = 0; |
| CertVerifyResult verify_result; |
| - int error = server_cert->Verify("jira.aquameta.com", flags, NULL, |
| - &verify_result); |
| + int error = Verify(server_cert, "jira.aquameta.com", flags, NULL, |
| + &verify_result); |
| #if defined(USE_OPENSSL) |
| // This certificate has two errors: "invalid key usage" and "untrusted CA". |
| // However, OpenSSL returns only one (the latter), and we can't detect |
| @@ -964,7 +970,7 @@ TEST(X509CertificateTest, InvalidKeyUsage) { |
| // Tests X509CertificateCache via X509Certificate::CreateFromHandle. We |
| // call X509Certificate::CreateFromHandle several times and observe whether |
| // it returns a cached or new OSCertHandle. |
| -TEST(X509CertificateTest, Cache) { |
| +TEST_F(X509CertificateTest, Cache) { |
| X509Certificate::OSCertHandle google_cert_handle; |
| X509Certificate::OSCertHandle thawte_cert_handle; |
| @@ -1011,7 +1017,7 @@ TEST(X509CertificateTest, Cache) { |
| cert3->GetIntermediateCertificates().size()); |
| } |
| -TEST(X509CertificateTest, Pickle) { |
| +TEST_F(X509CertificateTest, Pickle) { |
| X509Certificate::OSCertHandle google_cert_handle = |
| X509Certificate::CreateOSCertHandleFromBytes( |
| reinterpret_cast<const char*>(google_der), sizeof(google_der)); |
| @@ -1049,7 +1055,7 @@ TEST(X509CertificateTest, Pickle) { |
| } |
| } |
| -TEST(X509CertificateTest, Policy) { |
| +TEST_F(X509CertificateTest, Policy) { |
| scoped_refptr<X509Certificate> google_cert(X509Certificate::CreateFromBytes( |
| reinterpret_cast<const char*>(google_der), sizeof(google_der))); |
| @@ -1085,7 +1091,7 @@ TEST(X509CertificateTest, Policy) { |
| EXPECT_TRUE(policy.HasDeniedCert()); |
| } |
| -TEST(X509CertificateTest, IntermediateCertificates) { |
| +TEST_F(X509CertificateTest, IntermediateCertificates) { |
| scoped_refptr<X509Certificate> webkit_cert( |
| X509Certificate::CreateFromBytes( |
| reinterpret_cast<const char*>(webkit_der), sizeof(webkit_der))); |
| @@ -1129,7 +1135,7 @@ TEST(X509CertificateTest, IntermediateCertificates) { |
| // of the certificate to be verified. The remaining VerifyReturn* tests are |
| // used to ensure that the actual, verified chain is being returned by |
| // Verify(). |
| -TEST(X509CertificateTest, VerifyReturnChainBasic) { |
| +TEST_F(X509CertificateTest, VerifyReturnChainBasic) { |
| FilePath certs_dir = GetTestCertsDirectory(); |
| CertificateList certs = CreateCertificateListFromFile( |
| certs_dir, "x509_verify_results.chain.pem", |
| @@ -1150,7 +1156,7 @@ TEST(X509CertificateTest, VerifyReturnChainBasic) { |
| CertVerifyResult verify_result; |
| EXPECT_EQ(static_cast<X509Certificate*>(NULL), verify_result.verified_cert); |
| - int error = google_full_chain->Verify("127.0.0.1", 0, NULL, &verify_result); |
| + int error = Verify(google_full_chain, "127.0.0.1", 0, NULL, &verify_result); |
| EXPECT_EQ(OK, error); |
| ASSERT_NE(static_cast<X509Certificate*>(NULL), verify_result.verified_cert); |
| @@ -1174,7 +1180,7 @@ TEST(X509CertificateTest, VerifyReturnChainBasic) { |
| // a protocol violation if sent during a TLS handshake, if multiple sources |
| // of intermediate certificates are combined, it's possible that order may |
| // not be maintained. |
| -TEST(X509CertificateTest, VerifyReturnChainProperlyOrdered) { |
| +TEST_F(X509CertificateTest, VerifyReturnChainProperlyOrdered) { |
| FilePath certs_dir = GetTestCertsDirectory(); |
| CertificateList certs = CreateCertificateListFromFile( |
| certs_dir, "x509_verify_results.chain.pem", |
| @@ -1196,7 +1202,7 @@ TEST(X509CertificateTest, VerifyReturnChainProperlyOrdered) { |
| CertVerifyResult verify_result; |
| EXPECT_EQ(static_cast<X509Certificate*>(NULL), verify_result.verified_cert); |
| - int error = google_full_chain->Verify("127.0.0.1", 0, NULL, &verify_result); |
| + int error = Verify(google_full_chain, "127.0.0.1", 0, NULL, &verify_result); |
| EXPECT_EQ(OK, error); |
| ASSERT_NE(static_cast<X509Certificate*>(NULL), verify_result.verified_cert); |
| @@ -1217,7 +1223,7 @@ TEST(X509CertificateTest, VerifyReturnChainProperlyOrdered) { |
| // Test that Verify() filters out certificates which are not related to |
| // or part of the certificate chain being verified. |
| -TEST(X509CertificateTest, VerifyReturnChainFiltersUnrelatedCerts) { |
| +TEST_F(X509CertificateTest, VerifyReturnChainFiltersUnrelatedCerts) { |
| FilePath certs_dir = GetTestCertsDirectory(); |
| CertificateList certs = CreateCertificateListFromFile( |
| certs_dir, "x509_verify_results.chain.pem", |
| @@ -1247,7 +1253,7 @@ TEST(X509CertificateTest, VerifyReturnChainFiltersUnrelatedCerts) { |
| CertVerifyResult verify_result; |
| EXPECT_EQ(static_cast<X509Certificate*>(NULL), verify_result.verified_cert); |
| - int error = google_full_chain->Verify("127.0.0.1", 0, NULL, &verify_result); |
| + int error = Verify(google_full_chain, "127.0.0.1", 0, NULL, &verify_result); |
| EXPECT_EQ(OK, error); |
| ASSERT_NE(static_cast<X509Certificate*>(NULL), verify_result.verified_cert); |
| @@ -1266,7 +1272,7 @@ TEST(X509CertificateTest, VerifyReturnChainFiltersUnrelatedCerts) { |
| } |
| #if defined(OS_MACOSX) |
| -TEST(X509CertificateTest, IsIssuedBy) { |
| +TEST_F(X509CertificateTest, IsIssuedBy) { |
| FilePath certs_dir = GetTestCertsDirectory(); |
| // Test a client certificate from MIT. |
| @@ -1315,7 +1321,7 @@ TEST(X509CertificateTest, IsIssuedBy) { |
| #if defined(USE_NSS) || defined(OS_WIN) || defined(OS_MACOSX) |
| // This test creates a self-signed cert from a private key and then verify the |
| // content of the certificate. |
| -TEST(X509CertificateTest, CreateSelfSigned) { |
| +TEST_F(X509CertificateTest, CreateSelfSigned) { |
| scoped_ptr<crypto::RSAPrivateKey> private_key( |
| crypto::RSAPrivateKey::Create(1024)); |
| scoped_refptr<X509Certificate> cert = |
| @@ -1422,7 +1428,7 @@ TEST(X509CertificateTest, CreateSelfSigned) { |
| EXPECT_FALSE(cert->HasExpired()); |
| } |
| -TEST(X509CertificateTest, GetDEREncoded) { |
| +TEST_F(X509CertificateTest, GetDEREncoded) { |
| scoped_ptr<crypto::RSAPrivateKey> private_key( |
| crypto::RSAPrivateKey::Create(1024)); |
| scoped_refptr<X509Certificate> cert = |
| @@ -1487,7 +1493,7 @@ static const uint8 kCRLSetGoogleSerialBlocked[] = { |
| // Test that CRLSets are effective in making a certificate appear to be |
| // revoked. |
| -TEST(X509CertificateTest, CRLSet) { |
| +TEST_F(X509CertificateTest, CRLSet) { |
| CertificateList certs = CreateCertificateListFromFile( |
| GetTestCertsDirectory(), |
| "googlenew.chain.pem", |
| @@ -1501,8 +1507,8 @@ TEST(X509CertificateTest, CRLSet) { |
| intermediates); |
| CertVerifyResult verify_result; |
| - int error = google_full_chain->Verify( |
| - "www.google.com", 0, NULL, &verify_result); |
| + int error = Verify(google_full_chain, "www.google.com", 0, NULL, |
| + &verify_result); |
| EXPECT_EQ(OK, error); |
| // First test blocking by SPKI. |
| @@ -1512,8 +1518,8 @@ TEST(X509CertificateTest, CRLSet) { |
| scoped_refptr<CRLSet> crl_set; |
| ASSERT_TRUE(CRLSet::Parse(crl_set_bytes, &crl_set)); |
| - error = google_full_chain->Verify( |
| - "www.google.com", 0, crl_set.get(), &verify_result); |
| + error = Verify(google_full_chain, "www.google.com", 0, crl_set.get(), |
| + &verify_result); |
| EXPECT_EQ(ERR_CERT_REVOKED, error); |
| // Second, test revocation by serial number of a cert directly under the |
| @@ -1523,8 +1529,8 @@ TEST(X509CertificateTest, CRLSet) { |
| sizeof(kCRLSetThawteSerialBlocked)); |
| ASSERT_TRUE(CRLSet::Parse(crl_set_bytes, &crl_set)); |
| - error = google_full_chain->Verify( |
| - "www.google.com", 0, crl_set.get(), &verify_result); |
| + error = Verify(google_full_chain, "www.google.com", 0, crl_set.get(), |
| + &verify_result); |
| EXPECT_EQ(ERR_CERT_REVOKED, error); |
| // Lastly, test revocation by serial number of a certificate not under the |
| @@ -1534,8 +1540,8 @@ TEST(X509CertificateTest, CRLSet) { |
| sizeof(kCRLSetGoogleSerialBlocked)); |
| ASSERT_TRUE(CRLSet::Parse(crl_set_bytes, &crl_set)); |
| - error = google_full_chain->Verify( |
| - "www.google.com", 0, crl_set.get(), &verify_result); |
| + error = Verify(google_full_chain, "www.google.com", 0, crl_set.get(), |
| + &verify_result); |
| EXPECT_EQ(ERR_CERT_REVOKED, error); |
| } |
| #endif |
| @@ -1823,7 +1829,8 @@ void PrintTo(const WeakDigestTestData& data, std::ostream* os) { |
| } |
| class X509CertificateWeakDigestTest |
| - : public testing::TestWithParam<WeakDigestTestData> { |
| + : public X509CertificateTest, |
| + public testing::WithParamInterface<WeakDigestTestData> { |
| public: |
| X509CertificateWeakDigestTest() {} |
| @@ -1860,7 +1867,7 @@ TEST_P(X509CertificateWeakDigestTest, Verify) { |
| int flags = 0; |
| CertVerifyResult verify_result; |
| - int rv = ee_chain->Verify("127.0.0.1", flags, NULL, &verify_result); |
| + int rv = Verify(ee_chain, "127.0.0.1", flags, NULL, &verify_result); |
| EXPECT_EQ(data.expected_has_md5, verify_result.has_md5); |
| EXPECT_EQ(data.expected_has_md4, verify_result.has_md4); |
| EXPECT_EQ(data.expected_has_md2, verify_result.has_md2); |
