| Index: chrome/browser/ssl/certificate_error_report_unittest.cc
|
| diff --git a/chrome/browser/ssl/certificate_error_report_unittest.cc b/chrome/browser/ssl/certificate_error_report_unittest.cc
|
| index e5110c1e4b31ca22f40384e0065cc79608364b3f..72d379c0d75226324468546810438b3cac8c0331 100644
|
| --- a/chrome/browser/ssl/certificate_error_report_unittest.cc
|
| +++ b/chrome/browser/ssl/certificate_error_report_unittest.cc
|
| @@ -35,10 +35,22 @@ const CertLoggerRequest::CertError kFirstReportedCertError =
|
| const CertLoggerRequest::CertError kSecondReportedCertError =
|
| CertLoggerRequest::ERR_CERT_REVOKED;
|
|
|
| -SSLInfo GetTestSSLInfo() {
|
| +// Whether to include an unverified certificate chain in the test
|
| +// SSLInfo. In production code, an unverified cert chain will not be
|
| +// present if the resource was loaded from cache.
|
| +enum UnverifiedCertChainStatus {
|
| + INCLUDE_UNVERIFIED_CERT_CHAIN,
|
| + EXCLUDE_UNVERIFIED_CERT_CHAIN
|
| +};
|
| +
|
| +SSLInfo GetTestSSLInfo(UnverifiedCertChainStatus unverified_cert_chain_status) {
|
| SSLInfo info;
|
| info.cert =
|
| net::ImportCertFromFile(net::GetTestCertsDirectory(), kTestCertFilename);
|
| + if (unverified_cert_chain_status == INCLUDE_UNVERIFIED_CERT_CHAIN) {
|
| + info.unverified_cert = net::ImportCertFromFile(net::GetTestCertsDirectory(),
|
| + kTestCertFilename);
|
| + }
|
| info.is_issued_by_known_root = true;
|
| info.cert_status = kCertStatus;
|
| info.pinning_failure_log = kDummyFailureLog;
|
| @@ -57,7 +69,7 @@ std::string GetPEMEncodedChain() {
|
| // a CertLoggerRequest protobuf (which is the format that the receiving
|
| // server expects it in) with the right data in it.
|
| TEST(CertificateErrorReportTest, SerializedReportAsProtobuf) {
|
| - SSLInfo ssl_info = GetTestSSLInfo();
|
| + SSLInfo ssl_info = GetTestSSLInfo(INCLUDE_UNVERIFIED_CERT_CHAIN);
|
|
|
| std::string serialized_report;
|
| CertificateErrorReport report(kDummyHostname, ssl_info);
|
| @@ -67,6 +79,7 @@ TEST(CertificateErrorReportTest, SerializedReportAsProtobuf) {
|
| ASSERT_TRUE(deserialized_report.ParseFromString(serialized_report));
|
| EXPECT_EQ(kDummyHostname, deserialized_report.hostname());
|
| EXPECT_EQ(GetPEMEncodedChain(), deserialized_report.cert_chain());
|
| + EXPECT_EQ(GetPEMEncodedChain(), deserialized_report.unverified_cert_chain());
|
| EXPECT_EQ(1, deserialized_report.pin().size());
|
| EXPECT_EQ(kDummyFailureLog, deserialized_report.pin().Get(0));
|
|
|
| @@ -82,7 +95,10 @@ TEST(CertificateErrorReportTest, SerializedReportAsProtobuf) {
|
|
|
| TEST(CertificateErrorReportTest,
|
| SerializedReportAsProtobufWithInterstitialInfo) {
|
| - SSLInfo ssl_info = GetTestSSLInfo();
|
| + // Use EXCLUDE_UNVERIFIED_CERT_CHAIN here to exercise the code path
|
| + // where SSLInfo does not contain the unverified cert chain. (The test
|
| + // above exercises the path where it does.)
|
| + SSLInfo ssl_info = GetTestSSLInfo(EXCLUDE_UNVERIFIED_CERT_CHAIN);
|
|
|
| std::string serialized_report;
|
| CertificateErrorReport report(kDummyHostname, ssl_info);
|
| @@ -102,6 +118,7 @@ TEST(CertificateErrorReportTest,
|
| ASSERT_TRUE(deserialized_report.ParseFromString(serialized_report));
|
| EXPECT_EQ(kDummyHostname, deserialized_report.hostname());
|
| EXPECT_EQ(GetPEMEncodedChain(), deserialized_report.cert_chain());
|
| + EXPECT_EQ(std::string(), deserialized_report.unverified_cert_chain());
|
| EXPECT_EQ(1, deserialized_report.pin().size());
|
| EXPECT_EQ(kDummyFailureLog, deserialized_report.pin().Get(0));
|
|
|
| @@ -122,7 +139,7 @@ TEST(CertificateErrorReportTest,
|
|
|
| // Test that a serialized report can be parsed.
|
| TEST(CertificateErrorReportTest, ParseSerializedReport) {
|
| - SSLInfo ssl_info = GetTestSSLInfo();
|
| + SSLInfo ssl_info = GetTestSSLInfo(EXCLUDE_UNVERIFIED_CERT_CHAIN);
|
|
|
| std::string serialized_report;
|
| CertificateErrorReport report(kDummyHostname, ssl_info);
|
|
|
Chromium Code Reviews
Issue 1180313006:
Include unverified server-sent cert chain in reports (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master