Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(975)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/cert/cert_verify_proc_unittest.cc

Issue 18223006: Add script for generating certificates that require an explicit policy (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 7 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | net/cert/x509_certificate_unittest.cc » ('j') | net/cert/x509_certificate_unittest.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/cert/cert_verify_proc_unittest.cc
diff --git a/net/cert/cert_verify_proc_unittest.cc b/net/cert/cert_verify_proc_unittest.cc
index 3c6024420738c959f9c5b23c67901f0cd8f1cac7..84af787a23c15becfadd4377ff3ab178e29e0ae5 100644
--- a/net/cert/cert_verify_proc_unittest.cc
+++ b/net/cert/cert_verify_proc_unittest.cc
@@ -207,46 +207,34 @@ TEST_F(CertVerifyProcTest, PaypalNullCertParsing) {
}
// A regression test for http://crbug.com/31497.
-// This certificate will expire on 2012-04-08. The test will still
-// pass if error == ERR_CERT_DATE_INVALID. TODO(wtc): generate test
-// certificates for this unit test. http://crbug.com/111742
TEST_F(CertVerifyProcTest, IntermediateCARequireExplicitPolicy) {
base::FilePath certs_dir = GetTestCertsDirectory();
- scoped_refptr<X509Certificate> server_cert =
- ImportCertFromFile(certs_dir, "www_us_army_mil_cert.der");
- ASSERT_NE(static_cast<X509Certificate*>(NULL), server_cert);
-
- // The intermediate CA certificate's policyConstraints extension has a
- // requireExplicitPolicy field with SkipCerts=0.
- scoped_refptr<X509Certificate> intermediate_cert =
- ImportCertFromFile(certs_dir, "dod_ca_17_cert.der");
- ASSERT_NE(static_cast<X509Certificate*>(NULL), intermediate_cert);
-
- scoped_refptr<X509Certificate> root_cert =
- ImportCertFromFile(certs_dir, "dod_root_ca_2_cert.der");
- ScopedTestRoot scoped_root(root_cert.get());
+ CertificateList certs = CreateCertificateListFromFile(
+ certs_dir, "explicit-policy-chain.pem",
+ X509Certificate::FORMAT_AUTO);
+ ASSERT_EQ(3U, certs.size());
X509Certificate::OSCertHandles intermediates;
- intermediates.push_back(intermediate_cert->os_cert_handle());
- scoped_refptr<X509Certificate> cert_chain =
- X509Certificate::CreateFromHandle(server_cert->os_cert_handle(),
+ intermediates.push_back(certs[1]->os_cert_handle());
+
+ scoped_refptr<X509Certificate> cert =
+ X509Certificate::CreateFromHandle(certs[0]->os_cert_handle(),
intermediates);
+ ASSERT_TRUE(cert.get());
+
+ ScopedTestRoot scoped_root(certs[2].get());
int flags = 0;
CertVerifyResult verify_result;
- int error = Verify(cert_chain.get(),
- "www.us.army.mil",
+ int error = Verify(cert.get(),
+ "policy_test.example",
flags,
NULL,
empty_cert_list_,
&verify_result);
- if (error == OK) {
- EXPECT_EQ(0U, verify_result.cert_status);
- } else {
- EXPECT_EQ(ERR_CERT_DATE_INVALID, error);
- EXPECT_EQ(CERT_STATUS_DATE_INVALID, verify_result.cert_status);
- }
+ EXPECT_EQ(OK, error);
+ EXPECT_EQ(0u, verify_result.cert_status);
}
@@ -767,18 +755,18 @@ TEST_F(CertVerifyProcTest, VerifyReturnChainFiltersUnrelatedCerts) {
ASSERT_EQ(3U, certs.size());
ScopedTestRoot scoped_root(certs[2].get());
- scoped_refptr<X509Certificate> unrelated_dod_certificate =
- ImportCertFromFile(certs_dir, "dod_ca_17_cert.der");
- scoped_refptr<X509Certificate> unrelated_dod_certificate2 =
- ImportCertFromFile(certs_dir, "dod_root_ca_2_cert.der");
- ASSERT_NE(static_cast<X509Certificate*>(NULL), unrelated_dod_certificate);
- ASSERT_NE(static_cast<X509Certificate*>(NULL), unrelated_dod_certificate2);
+ scoped_refptr<X509Certificate> unrelated_certificate =
+ ImportCertFromFile(certs_dir, "duplicate_cn_1.pem");
+ scoped_refptr<X509Certificate> unrelated_certificate2 =
+ ImportCertFromFile(certs_dir, "aia-cert.pem");
wtc 2013/07/01 19:46:53 Nit: the change to this unit test is not reflected
+ ASSERT_NE(static_cast<X509Certificate*>(NULL), unrelated_certificate);
+ ASSERT_NE(static_cast<X509Certificate*>(NULL), unrelated_certificate2);
// Interject unrelated certificates into the list of intermediates.
X509Certificate::OSCertHandles intermediates;
- intermediates.push_back(unrelated_dod_certificate->os_cert_handle());
+ intermediates.push_back(unrelated_certificate->os_cert_handle());
intermediates.push_back(certs[1]->os_cert_handle());
- intermediates.push_back(unrelated_dod_certificate2->os_cert_handle());
+ intermediates.push_back(unrelated_certificate2->os_cert_handle());
intermediates.push_back(certs[2]->os_cert_handle());
scoped_refptr<X509Certificate> google_full_chain =
« no previous file with comments | « no previous file | net/cert/x509_certificate_unittest.cc » ('j') | net/cert/x509_certificate_unittest.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698