Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(244)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/internal/verify_certificate_chain_pkits_unittest.cc

Issue 1890193003: Make Cast certificate verification enforce constraints specified in the trusted root certificate. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: list datafiles for ios (needed following the rebase) Created 4 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/cert/internal/verify_certificate_chain.cc ('k') | net/cert/internal/verify_certificate_chain_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2016 The Chromium Authors. All rights reserved. 1 // Copyright 2016 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/internal/verify_certificate_chain.h" 5 #include "net/cert/internal/verify_certificate_chain.h"
6 6
7 #include "net/cert/internal/parse_certificate.h" 7 #include "net/cert/internal/parse_certificate.h"
8 #include "net/cert/internal/signature_policy.h" 8 #include "net/cert/internal/signature_policy.h"
9 #include "net/der/input.h" 9 #include "net/der/input.h"
10 10
(...skipping 25 matching lines...) Expand all
36 DISABLED_Section7InvalidkeyUsageCriticalcRLSignFalseTest4 36 DISABLED_Section7InvalidkeyUsageCriticalcRLSignFalseTest4
37 #define Section7InvalidkeyUsageNotCriticalcRLSignFalseTest5 \ 37 #define Section7InvalidkeyUsageNotCriticalcRLSignFalseTest5 \
38 DISABLED_Section7InvalidkeyUsageNotCriticalcRLSignFalseTest5 38 DISABLED_Section7InvalidkeyUsageNotCriticalcRLSignFalseTest5
39 39
40 #include "net/cert/internal/nist_pkits_unittest.h" 40 #include "net/cert/internal/nist_pkits_unittest.h"
41 41
42 namespace net { 42 namespace net {
43 43
44 namespace { 44 namespace {
45 45
46 // Adds the certificate |cert_der| as a trust anchor to |trust_store|.
47 void AddCertificateToTrustStore(const std::string& cert_der,
48 TrustStore* trust_store) {
49 ParsedCertificate cert;
50 ASSERT_TRUE(ParseCertificate(der::Input(&cert_der), &cert));
51
52 ParsedTbsCertificate tbs;
53 ASSERT_TRUE(ParseTbsCertificate(cert.tbs_certificate_tlv, &tbs));
54 TrustAnchor anchor = {tbs.spki_tlv.AsString(), tbs.subject_tlv.AsString()};
55 trust_store->anchors.push_back(anchor);
56 }
57
58 class VerifyCertificateChainPkitsTestDelegate { 46 class VerifyCertificateChainPkitsTestDelegate {
59 public: 47 public:
60 static bool Verify(std::vector<std::string> cert_ders, 48 static bool Verify(std::vector<std::string> cert_ders,
61 std::vector<std::string> crl_ders) { 49 std::vector<std::string> crl_ders) {
62 if (cert_ders.empty()) { 50 if (cert_ders.empty()) {
63 ADD_FAILURE() << "cert_ders is empty"; 51 ADD_FAILURE() << "cert_ders is empty";
64 return false; 52 return false;
65 } 53 }
66 // First entry in the PKITS chain is the trust anchor. 54 // First entry in the PKITS chain is the trust anchor.
67 TrustStore trust_store; 55 TrustStore trust_store;
68 AddCertificateToTrustStore(cert_ders[0], &trust_store); 56 EXPECT_TRUE(trust_store.AddTrustedCertificate(cert_ders[0]));
69 57
70 // PKITS lists chains from trust anchor to target, VerifyCertificateChain 58 // PKITS lists chains from trust anchor to target, VerifyCertificateChain
71 // takes them starting with the target and not including the trust anchor. 59 // takes them starting with the target and not including the trust anchor.
72 std::vector<der::Input> input_chain; 60 std::vector<der::Input> input_chain;
73 for (size_t i = cert_ders.size() - 1; i > 0; --i) 61 for (size_t i = cert_ders.size() - 1; i > 0; --i)
74 input_chain.push_back(der::Input(&cert_ders[i])); 62 input_chain.push_back(der::Input(&cert_ders[i]));
75 63
76 SimpleSignaturePolicy signature_policy(1024); 64 SimpleSignaturePolicy signature_policy(1024);
77 65
78 // Run all tests at the time the PKITS was published. 66 // Run all tests at the time the PKITS was published.
(...skipping 129 matching lines...) Expand 10 before | Expand all | Expand 10 after
208 196
209 // TODO(mattm): CRL support: PkitsTest04BasicCertificateRevocationTests, 197 // TODO(mattm): CRL support: PkitsTest04BasicCertificateRevocationTests,
210 // PkitsTest05VerifyingPathswithSelfIssuedCertificates, 198 // PkitsTest05VerifyingPathswithSelfIssuedCertificates,
211 // PkitsTest14DistributionPoints, PkitsTest15DeltaCRLs 199 // PkitsTest14DistributionPoints, PkitsTest15DeltaCRLs
212 200
213 // TODO(mattm): Certificate Policies support: PkitsTest08CertificatePolicies, 201 // TODO(mattm): Certificate Policies support: PkitsTest08CertificatePolicies,
214 // PkitsTest09RequireExplicitPolicy PkitsTest10PolicyMappings, 202 // PkitsTest09RequireExplicitPolicy PkitsTest10PolicyMappings,
215 // PkitsTest11InhibitPolicyMapping, PkitsTest12InhibitAnyPolicy 203 // PkitsTest11InhibitPolicyMapping, PkitsTest12InhibitAnyPolicy
216 204
217 } // namespace net 205 } // namespace net
OLDNEW
« no previous file with comments | « net/cert/internal/verify_certificate_chain.cc ('k') | net/cert/internal/verify_certificate_chain_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698