Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(918)

Unified Diff: net/base/x509_certificate_unittest.cc

Issue 9584041: Create stubs for system certificate validation. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Exclude CertVerifyProcNSS for non-NSS-only systems, for now Created 8 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: net/base/x509_certificate_unittest.cc
diff --git a/net/base/x509_certificate_unittest.cc b/net/base/x509_certificate_unittest.cc
index 25ddafaeb4817ab82aa552f071d18508b3fdf320..b3fe267b9f9e8a50698f47bf72bbd05754d252f7 100644
--- a/net/base/x509_certificate_unittest.cc
+++ b/net/base/x509_certificate_unittest.cc
@@ -221,19 +221,25 @@ void CheckGoogleCert(const scoped_refptr<X509Certificate>& google_cert,
google_cert->GetDNSNames(&dns_names);
ASSERT_EQ(1U, dns_names.size());
EXPECT_EQ("www.google.com", dns_names[0]);
-
-#if TEST_EV
- // TODO(avi): turn this on for the Mac once EV checking is implemented.
- CertVerifyResult verify_result;
- int flags = X509Certificate::VERIFY_REV_CHECKING_ENABLED |
- X509Certificate::VERIFY_EV_CERT;
- EXPECT_EQ(OK, google_cert->Verify("www.google.com", flags, NULL,
- &verify_result);
- EXPECT_FALSE(verify_result.cert_status & CERT_STATUS_IS_EV);
-#endif
wtc 2012/03/06 23:10:14 Why did you delete this #if TEST_EV block but keep
Ryan Sleevi 2012/03/10 03:09:12 Missed the other ones, but Adam has already nuked
}
-TEST(X509CertificateTest, GoogleCertParsing) {
+// TODO(rsleevi): Temporary fixture while refactoring http://crbug.com/114343
+class X509CertificateTest : public testing::Test {
+ public:
+ X509CertificateTest() {}
+ virtual ~X509CertificateTest() {}
+
+ protected:
+ int Verify(X509Certificate* cert,
+ const std::string& hostname,
+ int flags,
+ CRLSet* crl_set,
+ CertVerifyResult* verify_result) {
+ return cert->Verify(hostname, flags, crl_set, verify_result);
wtc 2012/03/06 23:10:14 Why is this fixture necessary? Are you going to c
Ryan Sleevi 2012/03/10 03:09:12 To make it easier to friend this in X509Certificat
+ }
+};
+
+TEST_F(X509CertificateTest, GoogleCertParsing) {
scoped_refptr<X509Certificate> google_cert(
X509Certificate::CreateFromBytes(
reinterpret_cast<const char*>(google_der), sizeof(google_der)));
@@ -243,7 +249,7 @@ TEST(X509CertificateTest, GoogleCertParsing) {
1269728407); // Mar 27 22:20:07 2010 GMT
}
-TEST(X509CertificateTest, WebkitCertParsing) {
+TEST_F(X509CertificateTest, WebkitCertParsing) {
scoped_refptr<X509Certificate> webkit_cert(X509Certificate::CreateFromBytes(
reinterpret_cast<const char*>(webkit_der), sizeof(webkit_der)));
@@ -306,7 +312,7 @@ TEST(X509CertificateTest, WebkitCertParsing) {
EXPECT_FALSE(webkit_cert->VerifyNameMatch("www.foo.webkit.com"));
}
-TEST(X509CertificateTest, WithoutRevocationChecking) {
+TEST_F(X509CertificateTest, WithoutRevocationChecking) {
// Check that verification without revocation checking works.
CertificateList certs = CreateCertificateListFromFile(
GetTestCertsDirectory(),
@@ -321,11 +327,11 @@ TEST(X509CertificateTest, WithoutRevocationChecking) {
intermediates);
CertVerifyResult verify_result;
- EXPECT_EQ(OK, google_full_chain->Verify("www.google.com", 0 /* flags */, NULL,
- &verify_result));
+ EXPECT_EQ(OK, Verify(google_full_chain, "www.google.com", 0 /* flags */, NULL,
+ &verify_result));
}
-TEST(X509CertificateTest, ThawteCertParsing) {
+TEST_F(X509CertificateTest, ThawteCertParsing) {
scoped_refptr<X509Certificate> thawte_cert(X509Certificate::CreateFromBytes(
reinterpret_cast<const char*>(thawte_der), sizeof(thawte_der)));
@@ -376,14 +382,14 @@ TEST(X509CertificateTest, ThawteCertParsing) {
X509Certificate::VERIFY_EV_CERT;
CertVerifyResult verify_result;
// EV cert verification requires revocation checking.
- EXPECT_EQ(OK, thawte_cert->Verify("www.thawte.com", flags, NULL,
- &verify_result);
+ EXPECT_EQ(OK, Verify(thawte_cert, "www.thawte.com", flags, NULL,
+ &verify_result);
EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_IS_EV);
// Consequently, if we don't have revocation checking enabled, we can't claim
// any cert is EV.
flags = X509Certificate::VERIFY_EV_CERT;
- EXPECT_EQ(OK, thawte_cert->Verify("www.thawte.com", flags, NULL,
- &verify_result));
+ EXPECT_EQ(OK, Verify(thawte_cert, "www.thawte.com", flags, NULL,
+ &verify_result));
EXPECT_FALSE(verify_result.cert_status & CERT_STATUS_IS_EV);
#endif
}
@@ -392,7 +398,7 @@ TEST(X509CertificateTest, ThawteCertParsing) {
// a single RelativeDistinguishedName is present. "Normally" there is only
// one AVA per RDN, but some CAs place all AVAs within a single RDN.
// This is a regression test for http://crbug.com/101009
-TEST(X509CertificateTest, MultivalueRDN) {
+TEST_F(X509CertificateTest, MultivalueRDN) {
FilePath certs_dir = GetTestCertsDirectory();
scoped_refptr<X509Certificate> multivalue_rdn_cert =
@@ -416,7 +422,7 @@ TEST(X509CertificateTest, MultivalueRDN) {
// Test that characters which would normally be escaped in the string form,
// such as '=' or '"', are not escaped when parsed as individual components.
// This is a regression test for http://crbug.com/102839
-TEST(X509CertificateTest, UnescapedSpecialCharacters) {
+TEST_F(X509CertificateTest, UnescapedSpecialCharacters) {
FilePath certs_dir = GetTestCertsDirectory();
scoped_refptr<X509Certificate> unescaped_cert =
@@ -438,7 +444,7 @@ TEST(X509CertificateTest, UnescapedSpecialCharacters) {
EXPECT_EQ(0U, subject.domain_components.size());
}
-TEST(X509CertificateTest, PaypalNullCertParsing) {
+TEST_F(X509CertificateTest, PaypalNullCertParsing) {
scoped_refptr<X509Certificate> paypal_null_cert(
X509Certificate::CreateFromBytes(
reinterpret_cast<const char*>(paypal_null_der),
@@ -453,8 +459,8 @@ TEST(X509CertificateTest, PaypalNullCertParsing) {
int flags = 0;
CertVerifyResult verify_result;
- int error = paypal_null_cert->Verify("www.paypal.com", flags, NULL,
- &verify_result);
+ int error = Verify(paypal_null_cert, "www.paypal.com", flags, NULL,
+ &verify_result);
#if defined(USE_OPENSSL) || defined(OS_MACOSX) || defined(OS_WIN)
// TOOD(bulach): investigate why macosx and win aren't returning
// ERR_CERT_INVALID or ERR_CERT_COMMON_NAME_INVALID.
@@ -471,7 +477,7 @@ TEST(X509CertificateTest, PaypalNullCertParsing) {
#endif
}
-TEST(X509CertificateTest, SerialNumbers) {
+TEST_F(X509CertificateTest, SerialNumbers) {
scoped_refptr<X509Certificate> google_cert(
X509Certificate::CreateFromBytes(
reinterpret_cast<const char*>(google_der), sizeof(google_der)));
@@ -499,7 +505,7 @@ TEST(X509CertificateTest, SerialNumbers) {
paypal_null_serial, sizeof(paypal_null_serial)) == 0);
}
-TEST(X509CertificateTest, CAFingerprints) {
+TEST_F(X509CertificateTest, CAFingerprints) {
FilePath certs_dir = GetTestCertsDirectory();
scoped_refptr<X509Certificate> server_cert =
@@ -557,7 +563,7 @@ TEST(X509CertificateTest, CAFingerprints) {
// This certificate will expire on 2012-04-08. The test will still
// pass if error == ERR_CERT_DATE_INVALID. TODO(wtc): generate test
// certificates for this unit test. http://crbug.com/111742
-TEST(X509CertificateTest, IntermediateCARequireExplicitPolicy) {
+TEST_F(X509CertificateTest, IntermediateCARequireExplicitPolicy) {
FilePath certs_dir = GetTestCertsDirectory();
scoped_refptr<X509Certificate> server_cert =
@@ -582,8 +588,8 @@ TEST(X509CertificateTest, IntermediateCARequireExplicitPolicy) {
int flags = 0;
CertVerifyResult verify_result;
- int error = cert_chain->Verify("www.us.army.mil", flags, NULL,
- &verify_result);
+ int error = Verify(cert_chain, "www.us.army.mil", flags, NULL,
+ &verify_result);
if (error == OK) {
EXPECT_EQ(0U, verify_result.cert_status);
} else {
@@ -602,7 +608,7 @@ TEST(X509CertificateTest, IntermediateCARequireExplicitPolicy) {
// unit tests, the call to PKIXVerifyCert returns the NSS error -8180, which is
// SEC_ERROR_REVOKED_CERTIFICATE. This indicates a lack of revocation
// status, i.e. that the revocation check is failing for some reason.
-TEST(X509CertificateTest, DISABLED_GlobalSignR3EVTest) {
+TEST_F(X509CertificateTest, DISABLED_GlobalSignR3EVTest) {
FilePath certs_dir = GetTestCertsDirectory();
scoped_refptr<X509Certificate> server_cert =
@@ -622,8 +628,8 @@ TEST(X509CertificateTest, DISABLED_GlobalSignR3EVTest) {
CertVerifyResult verify_result;
int flags = X509Certificate::VERIFY_REV_CHECKING_ENABLED |
X509Certificate::VERIFY_EV_CERT;
- int error = cert_chain->Verify("2029.globalsign.com", flags, NULL,
- &verify_result);
+ int error = Verify(cert_chain, "2029.globalsign.com", flags, NULL,
+ &verify_result);
if (error == OK)
EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_IS_EV);
else
@@ -646,7 +652,7 @@ static bool IsWeakKeyType(const std::string& key_type) {
return false;
}
-TEST(X509CertificateTest, RejectWeakKeys) {
+TEST_F(X509CertificateTest, RejectWeakKeys) {
FilePath certs_dir = GetTestCertsDirectory();
typedef std::vector<std::string> Strings;
Strings key_types;
@@ -699,7 +705,7 @@ TEST(X509CertificateTest, RejectWeakKeys) {
intermediates);
CertVerifyResult verify_result;
- int error = cert_chain->Verify("127.0.0.1", 0, NULL, &verify_result);
+ int error = Verify(cert_chain, "127.0.0.1", 0, NULL, &verify_result);
if (IsWeakKeyType(*ee_type) || IsWeakKeyType(*signer_type)) {
EXPECT_NE(OK, error);
@@ -719,7 +725,7 @@ TEST(X509CertificateTest, RejectWeakKeys) {
// The certificate will expire on 2012-07-20. The test will still
// pass if error == ERR_CERT_DATE_INVALID. TODO(rsleevi): generate test
// certificates for this unit test. http://crbug.com/111730
-TEST(X509CertificateTest, ExtraneousMD5RootCert) {
+TEST_F(X509CertificateTest, ExtraneousMD5RootCert) {
FilePath certs_dir = GetTestCertsDirectory();
scoped_refptr<X509Certificate> server_cert =
@@ -743,8 +749,8 @@ TEST(X509CertificateTest, ExtraneousMD5RootCert) {
CertVerifyResult verify_result;
int flags = 0;
- int error = cert_chain->Verify("images.etrade.wallst.com", flags, NULL,
- &verify_result);
+ int error = Verify(cert_chain, "images.etrade.wallst.com", flags, NULL,
+ &verify_result);
if (error != OK)
EXPECT_EQ(ERR_CERT_DATE_INVALID, error);
@@ -753,7 +759,7 @@ TEST(X509CertificateTest, ExtraneousMD5RootCert) {
}
// Test for bug 94673.
-TEST(X509CertificateTest, GoogleDigiNotarTest) {
+TEST_F(X509CertificateTest, GoogleDigiNotarTest) {
FilePath certs_dir = GetTestCertsDirectory();
scoped_refptr<X509Certificate> server_cert =
@@ -772,18 +778,18 @@ TEST(X509CertificateTest, GoogleDigiNotarTest) {
CertVerifyResult verify_result;
int flags = X509Certificate::VERIFY_REV_CHECKING_ENABLED;
- int error = cert_chain->Verify("mail.google.com", flags, NULL,
- &verify_result);
+ int error = Verify(cert_chain, "mail.google.com", flags, NULL,
+ &verify_result);
EXPECT_NE(OK, error);
// Now turn off revocation checking. Certificate verification should still
// fail.
flags = 0;
- error = cert_chain->Verify("mail.google.com", flags, NULL, &verify_result);
+ error = Verify(cert_chain, "mail.google.com", flags, NULL, &verify_result);
EXPECT_NE(OK, error);
}
-TEST(X509CertificateTest, DigiNotarCerts) {
+TEST_F(X509CertificateTest, DigiNotarCerts) {
static const char* const kDigiNotarFilenames[] = {
"diginotar_root_ca.pem",
"diginotar_cyber_ca.pem",
@@ -819,7 +825,7 @@ TEST(X509CertificateTest, DigiNotarCerts) {
}
// Bug 111893: This test needs a new certificate.
-TEST(X509CertificateTest, DISABLED_TestKnownRoot) {
+TEST_F(X509CertificateTest, DISABLED_TestKnownRoot) {
FilePath certs_dir = GetTestCertsDirectory();
scoped_refptr<X509Certificate> cert =
ImportCertFromFile(certs_dir, "nist.der");
@@ -841,7 +847,7 @@ TEST(X509CertificateTest, DISABLED_TestKnownRoot) {
CertVerifyResult verify_result;
// This is going to blow up in Feb 2012. Sorry! Disable and file a bug
// against agl. Also see PublicKeyHashes in this file.
- int error = cert_chain->Verify("www.nist.gov", flags, NULL, &verify_result);
+ int error = Verify(cert_chain, "www.nist.gov", flags, NULL, &verify_result);
EXPECT_EQ(OK, error);
EXPECT_EQ(0U, verify_result.cert_status);
EXPECT_TRUE(verify_result.is_issued_by_known_root);
@@ -852,7 +858,7 @@ static const char nistSPKIHash[] =
"\x15\x60\xde\x65\x4e\x03\x9f\xd0\x08\x82"
"\xa9\x6a\xc4\x65\x8e\x6f\x92\x06\x84\x35";
-TEST(X509CertificateTest, ExtractSPKIFromDERCert) {
+TEST_F(X509CertificateTest, ExtractSPKIFromDERCert) {
FilePath certs_dir = GetTestCertsDirectory();
scoped_refptr<X509Certificate> cert =
ImportCertFromFile(certs_dir, "nist.der");
@@ -872,7 +878,7 @@ TEST(X509CertificateTest, ExtractSPKIFromDERCert) {
EXPECT_EQ(0, memcmp(hash, nistSPKIHash, sizeof(hash)));
}
-TEST(X509CertificateTest, ExtractCRLURLsFromDERCert) {
+TEST_F(X509CertificateTest, ExtractCRLURLsFromDERCert) {
FilePath certs_dir = GetTestCertsDirectory();
scoped_refptr<X509Certificate> cert =
ImportCertFromFile(certs_dir, "nist.der");
@@ -893,7 +899,7 @@ TEST(X509CertificateTest, ExtractCRLURLsFromDERCert) {
}
// Bug 111893: This test needs a new certificate.
-TEST(X509CertificateTest, DISABLED_PublicKeyHashes) {
+TEST_F(X509CertificateTest, DISABLED_PublicKeyHashes) {
FilePath certs_dir = GetTestCertsDirectory();
// This is going to blow up in Feb 2012. Sorry! Disable and file a bug
// against agl. Also see TestKnownRoot in this file.
@@ -918,7 +924,7 @@ TEST(X509CertificateTest, DISABLED_PublicKeyHashes) {
int flags = 0;
CertVerifyResult verify_result;
- int error = cert_chain->Verify("www.nist.gov", flags, NULL, &verify_result);
+ int error = Verify(cert_chain, "www.nist.gov", flags, NULL, &verify_result);
EXPECT_EQ(OK, error);
EXPECT_EQ(0U, verify_result.cert_status);
ASSERT_LE(2u, verify_result.public_key_hashes.size());
@@ -933,7 +939,7 @@ TEST(X509CertificateTest, DISABLED_PublicKeyHashes) {
// A regression test for http://crbug.com/70293.
// The Key Usage extension in this RSA SSL server certificate does not have
// the keyEncipherment bit.
-TEST(X509CertificateTest, InvalidKeyUsage) {
+TEST_F(X509CertificateTest, InvalidKeyUsage) {
FilePath certs_dir = GetTestCertsDirectory();
scoped_refptr<X509Certificate> server_cert =
@@ -942,8 +948,8 @@ TEST(X509CertificateTest, InvalidKeyUsage) {
int flags = 0;
CertVerifyResult verify_result;
- int error = server_cert->Verify("jira.aquameta.com", flags, NULL,
- &verify_result);
+ int error = Verify(server_cert, "jira.aquameta.com", flags, NULL,
+ &verify_result);
#if defined(USE_OPENSSL)
// This certificate has two errors: "invalid key usage" and "untrusted CA".
// However, OpenSSL returns only one (the latter), and we can't detect
@@ -964,7 +970,7 @@ TEST(X509CertificateTest, InvalidKeyUsage) {
// Tests X509CertificateCache via X509Certificate::CreateFromHandle. We
// call X509Certificate::CreateFromHandle several times and observe whether
// it returns a cached or new OSCertHandle.
-TEST(X509CertificateTest, Cache) {
+TEST_F(X509CertificateTest, Cache) {
X509Certificate::OSCertHandle google_cert_handle;
X509Certificate::OSCertHandle thawte_cert_handle;
@@ -1011,7 +1017,7 @@ TEST(X509CertificateTest, Cache) {
cert3->GetIntermediateCertificates().size());
}
-TEST(X509CertificateTest, Pickle) {
+TEST_F(X509CertificateTest, Pickle) {
X509Certificate::OSCertHandle google_cert_handle =
X509Certificate::CreateOSCertHandleFromBytes(
reinterpret_cast<const char*>(google_der), sizeof(google_der));
@@ -1049,7 +1055,7 @@ TEST(X509CertificateTest, Pickle) {
}
}
-TEST(X509CertificateTest, Policy) {
+TEST_F(X509CertificateTest, Policy) {
scoped_refptr<X509Certificate> google_cert(X509Certificate::CreateFromBytes(
reinterpret_cast<const char*>(google_der), sizeof(google_der)));
@@ -1085,7 +1091,7 @@ TEST(X509CertificateTest, Policy) {
EXPECT_TRUE(policy.HasDeniedCert());
}
-TEST(X509CertificateTest, IntermediateCertificates) {
+TEST_F(X509CertificateTest, IntermediateCertificates) {
scoped_refptr<X509Certificate> webkit_cert(
X509Certificate::CreateFromBytes(
reinterpret_cast<const char*>(webkit_der), sizeof(webkit_der)));
@@ -1129,7 +1135,7 @@ TEST(X509CertificateTest, IntermediateCertificates) {
// of the certificate to be verified. The remaining VerifyReturn* tests are
// used to ensure that the actual, verified chain is being returned by
// Verify().
-TEST(X509CertificateTest, VerifyReturnChainBasic) {
+TEST_F(X509CertificateTest, VerifyReturnChainBasic) {
FilePath certs_dir = GetTestCertsDirectory();
CertificateList certs = CreateCertificateListFromFile(
certs_dir, "x509_verify_results.chain.pem",
@@ -1150,7 +1156,7 @@ TEST(X509CertificateTest, VerifyReturnChainBasic) {
CertVerifyResult verify_result;
EXPECT_EQ(static_cast<X509Certificate*>(NULL), verify_result.verified_cert);
- int error = google_full_chain->Verify("127.0.0.1", 0, NULL, &verify_result);
+ int error = Verify(google_full_chain, "127.0.0.1", 0, NULL, &verify_result);
EXPECT_EQ(OK, error);
ASSERT_NE(static_cast<X509Certificate*>(NULL), verify_result.verified_cert);
@@ -1174,7 +1180,7 @@ TEST(X509CertificateTest, VerifyReturnChainBasic) {
// a protocol violation if sent during a TLS handshake, if multiple sources
// of intermediate certificates are combined, it's possible that order may
// not be maintained.
-TEST(X509CertificateTest, VerifyReturnChainProperlyOrdered) {
+TEST_F(X509CertificateTest, VerifyReturnChainProperlyOrdered) {
FilePath certs_dir = GetTestCertsDirectory();
CertificateList certs = CreateCertificateListFromFile(
certs_dir, "x509_verify_results.chain.pem",
@@ -1196,7 +1202,7 @@ TEST(X509CertificateTest, VerifyReturnChainProperlyOrdered) {
CertVerifyResult verify_result;
EXPECT_EQ(static_cast<X509Certificate*>(NULL), verify_result.verified_cert);
- int error = google_full_chain->Verify("127.0.0.1", 0, NULL, &verify_result);
+ int error = Verify(google_full_chain, "127.0.0.1", 0, NULL, &verify_result);
EXPECT_EQ(OK, error);
ASSERT_NE(static_cast<X509Certificate*>(NULL), verify_result.verified_cert);
@@ -1217,7 +1223,7 @@ TEST(X509CertificateTest, VerifyReturnChainProperlyOrdered) {
// Test that Verify() filters out certificates which are not related to
// or part of the certificate chain being verified.
-TEST(X509CertificateTest, VerifyReturnChainFiltersUnrelatedCerts) {
+TEST_F(X509CertificateTest, VerifyReturnChainFiltersUnrelatedCerts) {
FilePath certs_dir = GetTestCertsDirectory();
CertificateList certs = CreateCertificateListFromFile(
certs_dir, "x509_verify_results.chain.pem",
@@ -1247,7 +1253,7 @@ TEST(X509CertificateTest, VerifyReturnChainFiltersUnrelatedCerts) {
CertVerifyResult verify_result;
EXPECT_EQ(static_cast<X509Certificate*>(NULL), verify_result.verified_cert);
- int error = google_full_chain->Verify("127.0.0.1", 0, NULL, &verify_result);
+ int error = Verify(google_full_chain, "127.0.0.1", 0, NULL, &verify_result);
EXPECT_EQ(OK, error);
ASSERT_NE(static_cast<X509Certificate*>(NULL), verify_result.verified_cert);
@@ -1266,7 +1272,7 @@ TEST(X509CertificateTest, VerifyReturnChainFiltersUnrelatedCerts) {
}
#if defined(OS_MACOSX)
-TEST(X509CertificateTest, IsIssuedBy) {
+TEST_F(X509CertificateTest, IsIssuedBy) {
FilePath certs_dir = GetTestCertsDirectory();
// Test a client certificate from MIT.
@@ -1315,7 +1321,7 @@ TEST(X509CertificateTest, IsIssuedBy) {
#if defined(USE_NSS) || defined(OS_WIN) || defined(OS_MACOSX)
// This test creates a self-signed cert from a private key and then verify the
// content of the certificate.
-TEST(X509CertificateTest, CreateSelfSigned) {
+TEST_F(X509CertificateTest, CreateSelfSigned) {
scoped_ptr<crypto::RSAPrivateKey> private_key(
crypto::RSAPrivateKey::Create(1024));
scoped_refptr<X509Certificate> cert =
@@ -1422,7 +1428,7 @@ TEST(X509CertificateTest, CreateSelfSigned) {
EXPECT_FALSE(cert->HasExpired());
}
-TEST(X509CertificateTest, GetDEREncoded) {
+TEST_F(X509CertificateTest, GetDEREncoded) {
scoped_ptr<crypto::RSAPrivateKey> private_key(
crypto::RSAPrivateKey::Create(1024));
scoped_refptr<X509Certificate> cert =
@@ -1487,7 +1493,7 @@ static const uint8 kCRLSetGoogleSerialBlocked[] = {
// Test that CRLSets are effective in making a certificate appear to be
// revoked.
-TEST(X509CertificateTest, CRLSet) {
+TEST_F(X509CertificateTest, CRLSet) {
CertificateList certs = CreateCertificateListFromFile(
GetTestCertsDirectory(),
"googlenew.chain.pem",
@@ -1501,8 +1507,8 @@ TEST(X509CertificateTest, CRLSet) {
intermediates);
CertVerifyResult verify_result;
- int error = google_full_chain->Verify(
- "www.google.com", 0, NULL, &verify_result);
+ int error = Verify(google_full_chain, "www.google.com", 0, NULL,
+ &verify_result);
EXPECT_EQ(OK, error);
// First test blocking by SPKI.
@@ -1512,8 +1518,8 @@ TEST(X509CertificateTest, CRLSet) {
scoped_refptr<CRLSet> crl_set;
ASSERT_TRUE(CRLSet::Parse(crl_set_bytes, &crl_set));
- error = google_full_chain->Verify(
- "www.google.com", 0, crl_set.get(), &verify_result);
+ error = Verify(google_full_chain, "www.google.com", 0, crl_set.get(),
+ &verify_result);
EXPECT_EQ(ERR_CERT_REVOKED, error);
// Second, test revocation by serial number of a cert directly under the
@@ -1523,8 +1529,8 @@ TEST(X509CertificateTest, CRLSet) {
sizeof(kCRLSetThawteSerialBlocked));
ASSERT_TRUE(CRLSet::Parse(crl_set_bytes, &crl_set));
- error = google_full_chain->Verify(
- "www.google.com", 0, crl_set.get(), &verify_result);
+ error = Verify(google_full_chain, "www.google.com", 0, crl_set.get(),
+ &verify_result);
EXPECT_EQ(ERR_CERT_REVOKED, error);
// Lastly, test revocation by serial number of a certificate not under the
@@ -1534,8 +1540,8 @@ TEST(X509CertificateTest, CRLSet) {
sizeof(kCRLSetGoogleSerialBlocked));
ASSERT_TRUE(CRLSet::Parse(crl_set_bytes, &crl_set));
- error = google_full_chain->Verify(
- "www.google.com", 0, crl_set.get(), &verify_result);
+ error = Verify(google_full_chain, "www.google.com", 0, crl_set.get(),
+ &verify_result);
EXPECT_EQ(ERR_CERT_REVOKED, error);
}
#endif
@@ -1823,7 +1829,8 @@ void PrintTo(const WeakDigestTestData& data, std::ostream* os) {
}
class X509CertificateWeakDigestTest
- : public testing::TestWithParam<WeakDigestTestData> {
+ : public X509CertificateTest,
+ public testing::WithParamInterface<WeakDigestTestData> {
public:
X509CertificateWeakDigestTest() {}
@@ -1860,7 +1867,7 @@ TEST_P(X509CertificateWeakDigestTest, Verify) {
int flags = 0;
CertVerifyResult verify_result;
- int rv = ee_chain->Verify("127.0.0.1", flags, NULL, &verify_result);
+ int rv = Verify(ee_chain, "127.0.0.1", flags, NULL, &verify_result);
EXPECT_EQ(data.expected_has_md5, verify_result.has_md5);
EXPECT_EQ(data.expected_has_md4, verify_result.has_md4);
EXPECT_EQ(data.expected_has_md2, verify_result.has_md2);

Powered by Google App Engine
This is Rietveld 408576698