Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(151)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/cert/cert_policy_enforcer_unittest.cc

Issue 1032093002: Certificate Transparency: Correct month calculation. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« net/cert/cert_policy_enforcer.cc ('K') | « net/cert/cert_policy_enforcer.cc ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/cert/cert_policy_enforcer_unittest.cc
diff --git a/net/cert/cert_policy_enforcer_unittest.cc b/net/cert/cert_policy_enforcer_unittest.cc
index f920963f6aa37216be9d12ca9279938dd5ea953e..359e45746b0a06a0bcb517cf0be89baf7c7a6661 100644
--- a/net/cert/cert_policy_enforcer_unittest.cc
+++ b/net/cert/cert_policy_enforcer_unittest.cc
@@ -67,6 +67,29 @@ class CertPolicyEnforcerTest : public ::testing::Test {
}
}
+ void CheckCertificateCompliesWithExactNumberOfEmbeddedSCTs(
+ const base::Time& start,
+ const base::Time& end,
+ size_t required_scts) {
+ scoped_refptr<X509Certificate> cert(
+ new X509Certificate("subject", "issuer", start, end));
+ ct::CTVerifyResult result;
+ for (size_t j = 0; j < required_scts - 1; ++j) {
davidben 2015/03/25 15:00:54 Nit: j -> i
Eran Messeri 2015/03/25 18:27:28 Done.
+ FillResultWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED,
+ 1, &result);
+ EXPECT_FALSE(policy_enforcer_->DoesConformToCTEVPolicy(
+ cert.get(), nullptr, result, BoundNetLog()))
+ << " for: " << (end - start).InDays() << " and " << required_scts
+ << " scts=" << result.verified_scts.size() << " j=" << j;
+ }
+ FillResultWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED, 1,
+ &result);
+ EXPECT_TRUE(policy_enforcer_->DoesConformToCTEVPolicy(
+ cert.get(), nullptr, result, BoundNetLog()))
+ << " for: " << (end - start).InDays() << " and " << required_scts
+ << " scts=" << result.verified_scts.size();
+ }
+
protected:
scoped_ptr<CertPolicyEnforcer> policy_enforcer_;
scoped_refptr<X509Certificate> chain_;
@@ -140,31 +163,27 @@ TEST_F(CertPolicyEnforcerTest, DoesNotConformToPolicyInvalidDates) {
TEST_F(CertPolicyEnforcerTest,
ConformsToPolicyExactNumberOfSCTsForValidityPeriod) {
- // Test multiple validity periods: Over 27 months, Over 15 months (but less
- // than 27 months),
- // Less than 15 months.
- const size_t validity_period[] = {12, 19, 30, 50};
- const size_t needed_scts[] = {2, 3, 4, 5};
-
+ // Test multiple validity periods:
+ // Under 15 months
+ // Over 15 months, less than 27 months
+ // Over 27 months, less than 39 months
+ // Over 39 months
+ const size_t validity_period[] = {417 /* 14 months */,
davidben 2015/03/25 15:00:54 time_t? (Though see comment below.)
Eran Messeri 2015/03/25 18:27:28 Left at size_t but grouped the number of required
+ 458 /* exactly 15 months */,
+ 460 /* over 15 months by a few days */,
+ 823 /* exactly 27 months */,
+ 826 /* over 27 months by a few days */,
+ 1188 /* exactly 39 months */,
+ 1190 /* over 39 months by a few days */};
+ const size_t needed_scts[] = {2, 3, 3, 3, 4, 4, 5};
+
+ // Fixed start time - Wed Mar 25 11:45:03 GMT 2015
+ base::Time fixed_start(base::Time::FromTimeT(1427283904));
davidben 2015/03/25 15:00:54 Since this is all test code, it might be more unde
Ryan Sleevi 2015/03/25 16:54:23 +1 Easier to just make a set of base::Time::FromU
Eran Messeri 2015/03/25 18:27:28 Done as you suggested - since the TestData structu
for (int i = 0; i < 3; ++i) {
davidben 2015/03/25 15:00:54 While you're here, maybe put a SCOPED_TRACE(i) so
davidben 2015/03/25 15:00:54 BUG: 3 -> arraysize(validity_period) (It looks li
Ryan Sleevi 2015/03/25 16:54:23 +1
Ryan Sleevi 2015/03/25 16:54:23 s/int/size_t/
Eran Messeri 2015/03/25 18:27:28 I do - the detail about the number of days is incl
Eran Messeri 2015/03/25 18:27:28 Done.
Eran Messeri 2015/03/25 18:27:28 Done.
size_t curr_validity = validity_period[i];
- scoped_refptr<X509Certificate> cert(new X509Certificate(
- "subject", "issuer", base::Time::Now(),
- base::Time::Now() + base::TimeDelta::FromDays(31 * curr_validity)));
- size_t curr_required_scts = needed_scts[i];
- ct::CTVerifyResult result;
- for (size_t j = 0; j < curr_required_scts - 1; ++j) {
- FillResultWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED,
- 1, &result);
- EXPECT_FALSE(policy_enforcer_->DoesConformToCTEVPolicy(
- cert.get(), nullptr, result, BoundNetLog()))
- << " for: " << curr_validity << " and " << curr_required_scts
- << " scts=" << result.verified_scts.size() << " j=" << j;
- }
- FillResultWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED, 1,
- &result);
- EXPECT_TRUE(policy_enforcer_->DoesConformToCTEVPolicy(
- cert.get(), nullptr, result, BoundNetLog()));
+ CheckCertificateCompliesWithExactNumberOfEmbeddedSCTs(
+ fixed_start, fixed_start + base::TimeDelta::FromDays(curr_validity),
+ needed_scts[i]);
}
}
« net/cert/cert_policy_enforcer.cc ('K') | « net/cert/cert_policy_enforcer.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698