Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(48)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/internal/verify_certificate_chain_pkits_unittest.cc

Issue 1890193003: Make Cast certificate verification enforce constraints specified in the trusted root certificate. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: fix Created 4 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« net/cert/internal/verify_certificate_chain.cc ('K') | « net/cert/internal/verify_certificate_chain.cc ('k') | net/cert/internal/verify_certificate_chain_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2016 The Chromium Authors. All rights reserved. 1 // Copyright 2016 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // TODO(eroman): Because VerifySignedData() is only implemented for BoringSSL 5 // TODO(eroman): Because VerifySignedData() is only implemented for BoringSSL
6 // these tests also depend on BoringSSL. 6 // these tests also depend on BoringSSL.
7 #if defined(USE_OPENSSL) 7 #if defined(USE_OPENSSL)
8 8
9 #include "net/cert/internal/verify_certificate_chain.h" 9 #include "net/cert/internal/verify_certificate_chain.h"
10 10
(...skipping 29 matching lines...) Expand all
40 DISABLED_Section7InvalidkeyUsageCriticalcRLSignFalseTest4 40 DISABLED_Section7InvalidkeyUsageCriticalcRLSignFalseTest4
41 #define Section7InvalidkeyUsageNotCriticalcRLSignFalseTest5 \ 41 #define Section7InvalidkeyUsageNotCriticalcRLSignFalseTest5 \
42 DISABLED_Section7InvalidkeyUsageNotCriticalcRLSignFalseTest5 42 DISABLED_Section7InvalidkeyUsageNotCriticalcRLSignFalseTest5
43 43
44 #include "net/cert/internal/nist_pkits_unittest.h" 44 #include "net/cert/internal/nist_pkits_unittest.h"
45 45
46 namespace net { 46 namespace net {
47 47
48 namespace { 48 namespace {
49 49
50 // Adds the certificate |cert_der| as a trust anchor to |trust_store|.
51 void AddCertificateToTrustStore(const std::string& cert_der,
52 TrustStore* trust_store) {
53 ParsedCertificate cert;
54 ASSERT_TRUE(ParseCertificate(der::Input(&cert_der), &cert));
55
56 ParsedTbsCertificate tbs;
57 ASSERT_TRUE(ParseTbsCertificate(cert.tbs_certificate_tlv, &tbs));
58 TrustAnchor anchor = {tbs.spki_tlv.AsString(), tbs.subject_tlv.AsString()};
59 trust_store->anchors.push_back(anchor);
60 }
61
62 class VerifyCertificateChainPkitsTestDelegate { 50 class VerifyCertificateChainPkitsTestDelegate {
63 public: 51 public:
64 static bool Verify(std::vector<std::string> cert_ders, 52 static bool Verify(std::vector<std::string> cert_ders,
65 std::vector<std::string> crl_ders) { 53 std::vector<std::string> crl_ders) {
66 if (cert_ders.empty()) { 54 if (cert_ders.empty()) {
67 ADD_FAILURE() << "cert_ders is empty"; 55 ADD_FAILURE() << "cert_ders is empty";
68 return false; 56 return false;
69 } 57 }
70 // First entry in the PKITS chain is the trust anchor. 58 // First entry in the PKITS chain is the trust anchor.
71 TrustStore trust_store; 59 TrustStore trust_store;
72 AddCertificateToTrustStore(cert_ders[0], &trust_store); 60 EXPECT_TRUE(trust_store.AddTrustedCertificate(cert_ders[0]));
73 61
74 // PKITS lists chains from trust anchor to target, VerifyCertificateChain 62 // PKITS lists chains from trust anchor to target, VerifyCertificateChain
75 // takes them starting with the target and not including the trust anchor. 63 // takes them starting with the target and not including the trust anchor.
76 std::vector<der::Input> input_chain; 64 std::vector<der::Input> input_chain;
77 for (size_t i = cert_ders.size() - 1; i > 0; --i) 65 for (size_t i = cert_ders.size() - 1; i > 0; --i)
78 input_chain.push_back(der::Input(&cert_ders[i])); 66 input_chain.push_back(der::Input(&cert_ders[i]));
79 67
80 SimpleSignaturePolicy signature_policy(1024); 68 SimpleSignaturePolicy signature_policy(1024);
81 69
82 // Run all tests at the time the PKITS was published. 70 // Run all tests at the time the PKITS was published.
(...skipping 131 matching lines...) Expand 10 before | Expand all | Expand 10 after
214 // PkitsTest05VerifyingPathswithSelfIssuedCertificates, 202 // PkitsTest05VerifyingPathswithSelfIssuedCertificates,
215 // PkitsTest14DistributionPoints, PkitsTest15DeltaCRLs 203 // PkitsTest14DistributionPoints, PkitsTest15DeltaCRLs
216 204
217 // TODO(mattm): Certificate Policies support: PkitsTest08CertificatePolicies, 205 // TODO(mattm): Certificate Policies support: PkitsTest08CertificatePolicies,
218 // PkitsTest09RequireExplicitPolicy PkitsTest10PolicyMappings, 206 // PkitsTest09RequireExplicitPolicy PkitsTest10PolicyMappings,
219 // PkitsTest11InhibitPolicyMapping, PkitsTest12InhibitAnyPolicy 207 // PkitsTest11InhibitPolicyMapping, PkitsTest12InhibitAnyPolicy
220 208
221 } // namespace net 209 } // namespace net
222 210
223 #endif // USE_OPENSSL 211 #endif // USE_OPENSSL
OLDNEW
« net/cert/internal/verify_certificate_chain.cc ('K') | « net/cert/internal/verify_certificate_chain.cc ('k') | net/cert/internal/verify_certificate_chain_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698