Index: net/quic/crypto/proof_verifier_chromium_test.cc |
diff --git a/net/quic/crypto/proof_verifier_chromium_test.cc b/net/quic/crypto/proof_verifier_chromium_test.cc |
index 96c40138080f66c95c3677a9df93f5185997b84d..736a345c0681bd463bb937e3ef5697bba3b4540a 100644 |
--- a/net/quic/crypto/proof_verifier_chromium_test.cc |
+++ b/net/quic/crypto/proof_verifier_chromium_test.cc |
@@ -50,22 +50,6 @@ class FailsTestCertVerifier : public CertVerifier { |
} |
}; |
-// CTPolicyEnforcer that will fail the test if it is ever called. |
-class FailsTestCTPolicyEnforcer : public CTPolicyEnforcer { |
- public: |
- FailsTestCTPolicyEnforcer() {} |
- ~FailsTestCTPolicyEnforcer() override {} |
- |
- bool DoesConformToCTEVPolicy(X509Certificate* cert, |
- const ct::EVCertsWhitelist* ev_whitelist, |
- const ct::CTVerifyResult& ct_result, |
- const BoundNetLog& net_log) override { |
- ADD_FAILURE() << "CTPolicyEnforcer::DoesConformToCTEVPolicy() should " |
- << "not be called"; |
- return false; |
- } |
-}; |
- |
// CTPolicyEnforcer that can simulate whether or not a given certificate |
// conforms to the CT/EV policy. |
class MockCTPolicyEnforcer : public CTPolicyEnforcer { |
@@ -73,10 +57,15 @@ class MockCTPolicyEnforcer : public CTPolicyEnforcer { |
MockCTPolicyEnforcer(bool is_ev) : is_ev_(is_ev) {} |
~MockCTPolicyEnforcer() override {} |
- bool DoesConformToCTEVPolicy(X509Certificate* cert, |
- const ct::EVCertsWhitelist* ev_whitelist, |
- const ct::CTVerifyResult& ct_result, |
- const BoundNetLog& net_log) override { |
+ bool DoesConformToCertPolicy(X509Certificate* cert, |
+ const ct::CTVerifyResult& ct_result) override { |
+ return is_ev_; |
+ } |
+ |
+ bool DoesConformToEVPolicy(X509Certificate* cert, |
+ CertStatus cert_status, |
+ const ct::EVCertsWhitelist* ev_whitelist, |
+ const BoundNetLog& net_log) override { |
return is_ev_; |
} |
@@ -395,9 +384,9 @@ TEST_F(ProofVerifierChromiumTest, StripsEVIfNotAllowed) { |
(CERT_STATUS_CT_COMPLIANCE_FAILED | CERT_STATUS_IS_EV)); |
} |
-// Tests that the certificate policy enforcer is not consulted if |
+// Tests that the certificate policy enforcer is consulted even if |
// the certificate is not EV. |
-TEST_F(ProofVerifierChromiumTest, IgnoresPolicyEnforcerIfNotEV) { |
+TEST_F(ProofVerifierChromiumTest, PolicyEnforcerConsultedIfNotEV) { |
scoped_refptr<X509Certificate> test_cert = GetTestServerCertificate(); |
ASSERT_TRUE(test_cert); |
@@ -408,7 +397,7 @@ TEST_F(ProofVerifierChromiumTest, IgnoresPolicyEnforcerIfNotEV) { |
MockCertVerifier dummy_verifier; |
dummy_verifier.AddResultForCert(test_cert.get(), dummy_result, OK); |
- FailsTestCTPolicyEnforcer policy_enforcer; |
+ MockCTPolicyEnforcer policy_enforcer(false /*is_ev*/); |
ProofVerifierChromium proof_verifier(&dummy_verifier, &policy_enforcer, |
nullptr, ct_verifier_.get()); |
@@ -423,7 +412,8 @@ TEST_F(ProofVerifierChromiumTest, IgnoresPolicyEnforcerIfNotEV) { |
ASSERT_TRUE(details_.get()); |
ProofVerifyDetailsChromium* verify_details = |
static_cast<ProofVerifyDetailsChromium*>(details_.get()); |
- EXPECT_EQ(0u, verify_details->cert_verify_result.cert_status); |
+ EXPECT_EQ(CERT_STATUS_CT_COMPLIANCE_FAILED, |
+ verify_details->cert_verify_result.cert_status); |
} |
} // namespace test |