Index: net/cert/ct_policy_enforcer_unittest.cc |
diff --git a/net/cert/ct_policy_enforcer_unittest.cc b/net/cert/ct_policy_enforcer_unittest.cc |
index 435525293337ea7569e52ccf35e881580b1123b1..3f0eab56e479ce4d6f4bc5fb3a7c8f7349bb9fe6 100644 |
--- a/net/cert/ct_policy_enforcer_unittest.cc |
+++ b/net/cert/ct_policy_enforcer_unittest.cc |
@@ -123,15 +123,14 @@ class CTPolicyEnforcerTest : public ::testing::Test { |
for (size_t i = 0; i < required_scts - 1; ++i) { |
FillResultWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED, |
1, std::vector<std::string>(), false, &result); |
- EXPECT_FALSE(policy_enforcer_->DoesConformToCTEVPolicy( |
- cert.get(), nullptr, result, BoundNetLog())) |
+ EXPECT_FALSE( |
+ policy_enforcer_->DoesConformToCertPolicy(cert.get(), result)) |
<< " for: " << (end - start).InDays() << " and " << required_scts |
<< " scts=" << result.verified_scts.size() << " i=" << i; |
} |
FillResultWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED, 1, |
std::vector<std::string>(), false, &result); |
- EXPECT_TRUE(policy_enforcer_->DoesConformToCTEVPolicy( |
- cert.get(), nullptr, result, BoundNetLog())) |
+ EXPECT_TRUE(policy_enforcer_->DoesConformToCertPolicy(cert.get(), result)) |
<< " for: " << (end - start).InDays() << " and " << required_scts |
<< " scts=" << result.verified_scts.size(); |
} |
@@ -148,8 +147,7 @@ TEST_F(CTPolicyEnforcerTest, |
ct::CTVerifyResult result; |
FillResultWithRepeatedLogID(google_log_id_, 2, true, &result); |
- EXPECT_FALSE(policy_enforcer_->DoesConformToCTEVPolicy( |
- chain_.get(), nullptr, result, BoundNetLog())); |
+ EXPECT_FALSE(policy_enforcer_->DoesConformToCertPolicy(chain_.get(), result)); |
} |
TEST_F(CTPolicyEnforcerTest, |
@@ -157,16 +155,14 @@ TEST_F(CTPolicyEnforcerTest, |
ct::CTVerifyResult result; |
FillResultWithRepeatedLogID(non_google_log_id_, 2, true, &result); |
- EXPECT_FALSE(policy_enforcer_->DoesConformToCTEVPolicy( |
- chain_.get(), nullptr, result, BoundNetLog())); |
+ EXPECT_FALSE(policy_enforcer_->DoesConformToCertPolicy(chain_.get(), result)); |
} |
TEST_F(CTPolicyEnforcerTest, ConformsToCTEVPolicyIfSCTBeforeEnforcementDate) { |
ct::CTVerifyResult result; |
FillResultWithRepeatedLogID(non_google_log_id_, 2, false, &result); |
- EXPECT_TRUE(policy_enforcer_->DoesConformToCTEVPolicy(chain_.get(), nullptr, |
- result, BoundNetLog())); |
+ EXPECT_TRUE(policy_enforcer_->DoesConformToCertPolicy(chain_.get(), result)); |
} |
TEST_F(CTPolicyEnforcerTest, ConformsToCTEVPolicyWithNonEmbeddedSCTs) { |
@@ -174,8 +170,7 @@ TEST_F(CTPolicyEnforcerTest, ConformsToCTEVPolicyWithNonEmbeddedSCTs) { |
FillResultWithSCTsOfOrigin( |
ct::SignedCertificateTimestamp::SCT_FROM_TLS_EXTENSION, 2, &result); |
- EXPECT_TRUE(policy_enforcer_->DoesConformToCTEVPolicy(chain_.get(), nullptr, |
- result, BoundNetLog())); |
+ EXPECT_TRUE(policy_enforcer_->DoesConformToCertPolicy(chain_.get(), result)); |
} |
TEST_F(CTPolicyEnforcerTest, ConformsToCTEVPolicyWithEmbeddedSCTs) { |
@@ -184,8 +179,7 @@ TEST_F(CTPolicyEnforcerTest, ConformsToCTEVPolicyWithEmbeddedSCTs) { |
FillResultWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED, 5, |
&result); |
- EXPECT_TRUE(policy_enforcer_->DoesConformToCTEVPolicy(chain_.get(), nullptr, |
- result, BoundNetLog())); |
+ EXPECT_TRUE(policy_enforcer_->DoesConformToCertPolicy(chain_.get(), result)); |
} |
TEST_F(CTPolicyEnforcerTest, DoesNotConformToCTEVPolicyNotEnoughSCTs) { |
@@ -198,14 +192,17 @@ TEST_F(CTPolicyEnforcerTest, DoesNotConformToCTEVPolicyNotEnoughSCTs) { |
FillResultWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED, 1, |
&result); |
- EXPECT_FALSE(policy_enforcer_->DoesConformToCTEVPolicy( |
- chain_.get(), non_including_whitelist.get(), result, BoundNetLog())); |
+ EXPECT_FALSE(policy_enforcer_->DoesConformToCertPolicy(chain_.get(), result)); |
+ EXPECT_FALSE(policy_enforcer_->DoesConformToEVPolicy( |
+ chain_.get(), CERT_STATUS_CT_COMPLIANCE_FAILED | CERT_STATUS_IS_EV, |
+ non_including_whitelist.get(), BoundNetLog())); |
// ... but should be OK if whitelisted. |
scoped_refptr<ct::EVCertsWhitelist> whitelist( |
new DummyEVCertsWhitelist(true, true)); |
- EXPECT_TRUE(policy_enforcer_->DoesConformToCTEVPolicy( |
- chain_.get(), whitelist.get(), result, BoundNetLog())); |
+ EXPECT_TRUE(policy_enforcer_->DoesConformToEVPolicy( |
+ chain_.get(), CERT_STATUS_CT_COMPLIANCE_FAILED | CERT_STATUS_IS_EV, |
+ whitelist.get(), BoundNetLog())); |
} |
TEST_F(CTPolicyEnforcerTest, DoesNotConformToPolicyInvalidDates) { |
@@ -214,13 +211,14 @@ TEST_F(CTPolicyEnforcerTest, DoesNotConformToPolicyInvalidDates) { |
ct::CTVerifyResult result; |
FillResultWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED, 5, |
&result); |
- EXPECT_FALSE(policy_enforcer_->DoesConformToCTEVPolicy( |
- no_valid_dates_cert.get(), nullptr, result, BoundNetLog())); |
+ EXPECT_FALSE(policy_enforcer_->DoesConformToCertPolicy( |
+ no_valid_dates_cert.get(), result)); |
// ... but should be OK if whitelisted. |
scoped_refptr<ct::EVCertsWhitelist> whitelist( |
new DummyEVCertsWhitelist(true, true)); |
- EXPECT_TRUE(policy_enforcer_->DoesConformToCTEVPolicy( |
- chain_.get(), whitelist.get(), result, BoundNetLog())); |
+ EXPECT_TRUE(policy_enforcer_->DoesConformToEVPolicy( |
+ chain_.get(), CERT_STATUS_CT_COMPLIANCE_FAILED | CERT_STATUS_IS_EV, |
+ whitelist.get(), BoundNetLog())); |
} |
TEST_F(CTPolicyEnforcerTest, |
@@ -230,34 +228,28 @@ TEST_F(CTPolicyEnforcerTest, |
base::Time validity_start; |
base::Time validity_end; |
size_t scts_required; |
- } kTestData[] = {{// Cert valid for 14 months, needs 2 SCTs. |
- base::Time::FromUTCExploded({2015, 3, 0, 25, 11, 25, 0, 0}), |
- base::Time::FromUTCExploded({2016, 6, 0, 6, 11, 25, 0, 0}), |
- 2}, |
- {// Cert valid for exactly 15 months, needs 3 SCTs. |
- base::Time::FromUTCExploded({2015, 3, 0, 25, 11, 25, 0, 0}), |
- base::Time::FromUTCExploded({2016, 6, 0, 25, 11, 25, 0, 0}), |
- 3}, |
- {// Cert valid for over 15 months, needs 3 SCTs. |
- base::Time::FromUTCExploded({2015, 3, 0, 25, 11, 25, 0, 0}), |
- base::Time::FromUTCExploded({2016, 6, 0, 27, 11, 25, 0, 0}), |
- 3}, |
- {// Cert valid for exactly 27 months, needs 3 SCTs. |
- base::Time::FromUTCExploded({2015, 3, 0, 25, 11, 25, 0, 0}), |
- base::Time::FromUTCExploded({2017, 6, 0, 25, 11, 25, 0, 0}), |
- 3}, |
- {// Cert valid for over 27 months, needs 4 SCTs. |
- base::Time::FromUTCExploded({2015, 3, 0, 25, 11, 25, 0, 0}), |
- base::Time::FromUTCExploded({2017, 6, 0, 28, 11, 25, 0, 0}), |
- 4}, |
- {// Cert valid for exactly 39 months, needs 4 SCTs. |
- base::Time::FromUTCExploded({2015, 3, 0, 25, 11, 25, 0, 0}), |
- base::Time::FromUTCExploded({2018, 6, 0, 25, 11, 25, 0, 0}), |
- 4}, |
- {// Cert valid for over 39 months, needs 5 SCTs. |
- base::Time::FromUTCExploded({2015, 3, 0, 25, 11, 25, 0, 0}), |
- base::Time::FromUTCExploded({2018, 6, 0, 27, 11, 25, 0, 0}), |
- 5}}; |
+ } kTestData[] = { |
+ {// Cert valid for 14 months, needs 2 SCTs. |
+ base::Time::FromUTCExploded({2015, 3, 0, 25, 11, 25, 0, 0}), |
+ base::Time::FromUTCExploded({2016, 6, 0, 6, 11, 25, 0, 0}), 2}, |
+ {// Cert valid for exactly 15 months, needs 3 SCTs. |
+ base::Time::FromUTCExploded({2015, 3, 0, 25, 11, 25, 0, 0}), |
+ base::Time::FromUTCExploded({2016, 6, 0, 25, 11, 25, 0, 0}), 3}, |
+ {// Cert valid for over 15 months, needs 3 SCTs. |
+ base::Time::FromUTCExploded({2015, 3, 0, 25, 11, 25, 0, 0}), |
+ base::Time::FromUTCExploded({2016, 6, 0, 27, 11, 25, 0, 0}), 3}, |
+ {// Cert valid for exactly 27 months, needs 3 SCTs. |
+ base::Time::FromUTCExploded({2015, 3, 0, 25, 11, 25, 0, 0}), |
+ base::Time::FromUTCExploded({2017, 6, 0, 25, 11, 25, 0, 0}), 3}, |
+ {// Cert valid for over 27 months, needs 4 SCTs. |
+ base::Time::FromUTCExploded({2015, 3, 0, 25, 11, 25, 0, 0}), |
+ base::Time::FromUTCExploded({2017, 6, 0, 28, 11, 25, 0, 0}), 4}, |
+ {// Cert valid for exactly 39 months, needs 4 SCTs. |
+ base::Time::FromUTCExploded({2015, 3, 0, 25, 11, 25, 0, 0}), |
+ base::Time::FromUTCExploded({2018, 6, 0, 25, 11, 25, 0, 0}), 4}, |
+ {// Cert valid for over 39 months, needs 5 SCTs. |
+ base::Time::FromUTCExploded({2015, 3, 0, 25, 11, 25, 0, 0}), |
+ base::Time::FromUTCExploded({2018, 6, 0, 27, 11, 25, 0, 0}), 5}}; |
for (size_t i = 0; i < arraysize(kTestData); ++i) { |
SCOPED_TRACE(i); |
@@ -274,8 +266,10 @@ TEST_F(CTPolicyEnforcerTest, ConformsToPolicyByEVWhitelistPresence) { |
ct::CTVerifyResult result; |
FillResultWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED, 1, |
&result); |
- EXPECT_TRUE(policy_enforcer_->DoesConformToCTEVPolicy( |
- chain_.get(), whitelist.get(), result, BoundNetLog())); |
+ EXPECT_FALSE(policy_enforcer_->DoesConformToCertPolicy(chain_.get(), result)); |
+ EXPECT_TRUE(policy_enforcer_->DoesConformToEVPolicy( |
+ chain_.get(), CERT_STATUS_CT_COMPLIANCE_FAILED | CERT_STATUS_IS_EV, |
+ whitelist.get(), BoundNetLog())); |
} |
TEST_F(CTPolicyEnforcerTest, IgnoresInvalidEVWhitelist) { |
@@ -285,16 +279,20 @@ TEST_F(CTPolicyEnforcerTest, IgnoresInvalidEVWhitelist) { |
ct::CTVerifyResult result; |
FillResultWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED, 1, |
&result); |
- EXPECT_FALSE(policy_enforcer_->DoesConformToCTEVPolicy( |
- chain_.get(), whitelist.get(), result, BoundNetLog())); |
+ EXPECT_FALSE(policy_enforcer_->DoesConformToCertPolicy(chain_.get(), result)); |
+ EXPECT_FALSE(policy_enforcer_->DoesConformToEVPolicy( |
+ chain_.get(), CERT_STATUS_CT_COMPLIANCE_FAILED | CERT_STATUS_IS_EV, |
+ whitelist.get(), BoundNetLog())); |
} |
TEST_F(CTPolicyEnforcerTest, IgnoresNullEVWhitelist) { |
ct::CTVerifyResult result; |
FillResultWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED, 1, |
&result); |
- EXPECT_FALSE(policy_enforcer_->DoesConformToCTEVPolicy( |
- chain_.get(), nullptr, result, BoundNetLog())); |
+ EXPECT_FALSE(policy_enforcer_->DoesConformToCertPolicy(chain_.get(), result)); |
+ EXPECT_FALSE(policy_enforcer_->DoesConformToEVPolicy( |
+ chain_.get(), CERT_STATUS_CT_COMPLIANCE_FAILED | CERT_STATUS_IS_EV, |
+ nullptr, BoundNetLog())); |
} |
} // namespace |