Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(161)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/cert/cert_policy_enforcer_unittest.cc

Issue 1032093002: Certificate Transparency: Correct month calculation. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Addressing review comments Created 5 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« net/cert/cert_policy_enforcer.cc ('K') | « net/cert/cert_policy_enforcer.cc ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/cert/cert_policy_enforcer_unittest.cc
diff --git a/net/cert/cert_policy_enforcer_unittest.cc b/net/cert/cert_policy_enforcer_unittest.cc
index f920963f6aa37216be9d12ca9279938dd5ea953e..bda27c2fa458bc3658606367414cc8a6c92ffaa1 100644
--- a/net/cert/cert_policy_enforcer_unittest.cc
+++ b/net/cert/cert_policy_enforcer_unittest.cc
@@ -67,6 +67,29 @@ class CertPolicyEnforcerTest : public ::testing::Test {
}
}
+ void CheckCertificateCompliesWithExactNumberOfEmbeddedSCTs(
+ const base::Time& start,
+ const base::Time& end,
+ size_t required_scts) {
+ scoped_refptr<X509Certificate> cert(
+ new X509Certificate("subject", "issuer", start, end));
+ ct::CTVerifyResult result;
+ for (size_t i = 0; i < required_scts - 1; ++i) {
+ FillResultWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED,
+ 1, &result);
+ EXPECT_FALSE(policy_enforcer_->DoesConformToCTEVPolicy(
+ cert.get(), nullptr, result, BoundNetLog()))
+ << " for: " << (end - start).InDays() << " and " << required_scts
+ << " scts=" << result.verified_scts.size() << " i=" << i;
+ }
+ FillResultWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED, 1,
+ &result);
+ EXPECT_TRUE(policy_enforcer_->DoesConformToCTEVPolicy(
+ cert.get(), nullptr, result, BoundNetLog()))
+ << " for: " << (end - start).InDays() << " and " << required_scts
+ << " scts=" << result.verified_scts.size();
+ }
+
protected:
scoped_ptr<CertPolicyEnforcer> policy_enforcer_;
scoped_refptr<X509Certificate> chain_;
@@ -140,31 +163,48 @@ TEST_F(CertPolicyEnforcerTest, DoesNotConformToPolicyInvalidDates) {
TEST_F(CertPolicyEnforcerTest,
ConformsToPolicyExactNumberOfSCTsForValidityPeriod) {
- // Test multiple validity periods: Over 27 months, Over 15 months (but less
- // than 27 months),
- // Less than 15 months.
- const size_t validity_period[] = {12, 19, 30, 50};
- const size_t needed_scts[] = {2, 3, 4, 5};
-
- for (int i = 0; i < 3; ++i) {
- size_t curr_validity = validity_period[i];
- scoped_refptr<X509Certificate> cert(new X509Certificate(
- "subject", "issuer", base::Time::Now(),
- base::Time::Now() + base::TimeDelta::FromDays(31 * curr_validity)));
- size_t curr_required_scts = needed_scts[i];
- ct::CTVerifyResult result;
- for (size_t j = 0; j < curr_required_scts - 1; ++j) {
- FillResultWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED,
- 1, &result);
- EXPECT_FALSE(policy_enforcer_->DoesConformToCTEVPolicy(
- cert.get(), nullptr, result, BoundNetLog()))
- << " for: " << curr_validity << " and " << curr_required_scts
- << " scts=" << result.verified_scts.size() << " j=" << j;
- }
- FillResultWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED, 1,
- &result);
- EXPECT_TRUE(policy_enforcer_->DoesConformToCTEVPolicy(
- cert.get(), nullptr, result, BoundNetLog()));
+ // Test multiple validity periods:
+ // Under 15 months
+ // Over 15 months, less than 27 months
+ // Over 27 months, less than 39 months
+ // Over 39 months
davidben 2015/03/25 19:10:11 This list in the comment seems to be slightly out
Eran Messeri 2015/03/26 10:47:17 Done.
+ const struct TestData {
+ base::Time validity_start;
+ base::Time validity_end;
+ size_t scts_required;
+ } kTestData[] = {{// 14 months, need 2
davidben 2015/03/25 19:10:11 Oh clang-format. :-/ I don't know how to convince
Eran Messeri 2015/03/26 10:47:17 Yes, clang-format. While I don't like it either my
+ base::Time::FromUTCExploded({2015, 3, 0, 25, 11, 25, 0, 0}),
+ base::Time::FromUTCExploded({2016, 6, 0, 6, 11, 25, 0, 0}),
+ 2},
+ {// exactly 15 months, need 3
davidben 2015/03/25 19:10:11 Nit: They're not really complete sentences, but be
Eran Messeri 2015/03/26 10:47:18 Done.
+ base::Time::FromUTCExploded({2015, 3, 0, 25, 11, 25, 0, 0}),
+ base::Time::FromUTCExploded({2016, 6, 0, 25, 11, 25, 0, 0}),
+ 3},
+ {// over 15 months by a few days, need 3
+ base::Time::FromUTCExploded({2015, 3, 0, 25, 11, 25, 0, 0}),
+ base::Time::FromUTCExploded({2016, 6, 0, 27, 11, 25, 0, 0}),
+ 3},
+ {// exactly 27 months, need 3
+ base::Time::FromUTCExploded({2015, 3, 0, 25, 11, 25, 0, 0}),
+ base::Time::FromUTCExploded({2017, 6, 0, 25, 11, 25, 0, 0}),
+ 3},
+ {// over 27 months by a few days, need 4
+ base::Time::FromUTCExploded({2015, 3, 0, 25, 11, 25, 0, 0}),
+ base::Time::FromUTCExploded({2017, 6, 0, 28, 11, 25, 0, 0}),
+ 4},
+ {// exactly 39 months, need 4
+ base::Time::FromUTCExploded({2015, 3, 0, 25, 11, 25, 0, 0}),
+ base::Time::FromUTCExploded({2018, 6, 0, 25, 11, 25, 0, 0}),
+ 4},
+ {// over 39 months by a few days, need 5
+ base::Time::FromUTCExploded({2015, 3, 0, 25, 11, 25, 0, 0}),
+ base::Time::FromUTCExploded({2018, 6, 0, 27, 11, 25, 0, 0}),
+ 5}};
+
+ for (size_t i = 0; i < arraysize(kTestData); ++i) {
davidben 2015/03/25 19:10:11 Still would prefer adding the SCOPED_TRACE. It's i
Eran Messeri 2015/03/26 10:47:17 Done.
+ CheckCertificateCompliesWithExactNumberOfEmbeddedSCTs(
+ kTestData[i].validity_start, kTestData[i].validity_end,
+ kTestData[i].scts_required);
}
}
« net/cert/cert_policy_enforcer.cc ('K') | « net/cert/cert_policy_enforcer.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698