| Index: net/quic/crypto/proof_verifier_chromium_test.cc
|
| diff --git a/net/quic/crypto/proof_verifier_chromium_test.cc b/net/quic/crypto/proof_verifier_chromium_test.cc
|
| index 96c40138080f66c95c3677a9df93f5185997b84d..736a345c0681bd463bb937e3ef5697bba3b4540a 100644
|
| --- a/net/quic/crypto/proof_verifier_chromium_test.cc
|
| +++ b/net/quic/crypto/proof_verifier_chromium_test.cc
|
| @@ -50,22 +50,6 @@ class FailsTestCertVerifier : public CertVerifier {
|
| }
|
| };
|
|
|
| -// CTPolicyEnforcer that will fail the test if it is ever called.
|
| -class FailsTestCTPolicyEnforcer : public CTPolicyEnforcer {
|
| - public:
|
| - FailsTestCTPolicyEnforcer() {}
|
| - ~FailsTestCTPolicyEnforcer() override {}
|
| -
|
| - bool DoesConformToCTEVPolicy(X509Certificate* cert,
|
| - const ct::EVCertsWhitelist* ev_whitelist,
|
| - const ct::CTVerifyResult& ct_result,
|
| - const BoundNetLog& net_log) override {
|
| - ADD_FAILURE() << "CTPolicyEnforcer::DoesConformToCTEVPolicy() should "
|
| - << "not be called";
|
| - return false;
|
| - }
|
| -};
|
| -
|
| // CTPolicyEnforcer that can simulate whether or not a given certificate
|
| // conforms to the CT/EV policy.
|
| class MockCTPolicyEnforcer : public CTPolicyEnforcer {
|
| @@ -73,10 +57,15 @@ class MockCTPolicyEnforcer : public CTPolicyEnforcer {
|
| MockCTPolicyEnforcer(bool is_ev) : is_ev_(is_ev) {}
|
| ~MockCTPolicyEnforcer() override {}
|
|
|
| - bool DoesConformToCTEVPolicy(X509Certificate* cert,
|
| - const ct::EVCertsWhitelist* ev_whitelist,
|
| - const ct::CTVerifyResult& ct_result,
|
| - const BoundNetLog& net_log) override {
|
| + bool DoesConformToCertPolicy(X509Certificate* cert,
|
| + const ct::CTVerifyResult& ct_result) override {
|
| + return is_ev_;
|
| + }
|
| +
|
| + bool DoesConformToEVPolicy(X509Certificate* cert,
|
| + CertStatus cert_status,
|
| + const ct::EVCertsWhitelist* ev_whitelist,
|
| + const BoundNetLog& net_log) override {
|
| return is_ev_;
|
| }
|
|
|
| @@ -395,9 +384,9 @@ TEST_F(ProofVerifierChromiumTest, StripsEVIfNotAllowed) {
|
| (CERT_STATUS_CT_COMPLIANCE_FAILED | CERT_STATUS_IS_EV));
|
| }
|
|
|
| -// Tests that the certificate policy enforcer is not consulted if
|
| +// Tests that the certificate policy enforcer is consulted even if
|
| // the certificate is not EV.
|
| -TEST_F(ProofVerifierChromiumTest, IgnoresPolicyEnforcerIfNotEV) {
|
| +TEST_F(ProofVerifierChromiumTest, PolicyEnforcerConsultedIfNotEV) {
|
| scoped_refptr<X509Certificate> test_cert = GetTestServerCertificate();
|
| ASSERT_TRUE(test_cert);
|
|
|
| @@ -408,7 +397,7 @@ TEST_F(ProofVerifierChromiumTest, IgnoresPolicyEnforcerIfNotEV) {
|
| MockCertVerifier dummy_verifier;
|
| dummy_verifier.AddResultForCert(test_cert.get(), dummy_result, OK);
|
|
|
| - FailsTestCTPolicyEnforcer policy_enforcer;
|
| + MockCTPolicyEnforcer policy_enforcer(false /*is_ev*/);
|
|
|
| ProofVerifierChromium proof_verifier(&dummy_verifier, &policy_enforcer,
|
| nullptr, ct_verifier_.get());
|
| @@ -423,7 +412,8 @@ TEST_F(ProofVerifierChromiumTest, IgnoresPolicyEnforcerIfNotEV) {
|
| ASSERT_TRUE(details_.get());
|
| ProofVerifyDetailsChromium* verify_details =
|
| static_cast<ProofVerifyDetailsChromium*>(details_.get());
|
| - EXPECT_EQ(0u, verify_details->cert_verify_result.cert_status);
|
| + EXPECT_EQ(CERT_STATUS_CT_COMPLIANCE_FAILED,
|
| + verify_details->cert_verify_result.cert_status);
|
| }
|
|
|
| } // namespace test
|
|
|
Chromium Code Reviews
Issue 1578993003:
Add Expect CT policy that gets checked on all certs (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master