net/cert/internal/verify_certificate_chain_unittest.cc - Issue 1890193003: Make Cast certificate verification enforce constraints specified in the trusted root certificate.

Unified Diff: net/cert/internal/verify_certificate_chain_unittest.cc

Issue 1890193003: Make Cast certificate verification enforce constraints specified in the trusted root certificate. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: list datafiles for ios (needed following the rebase) Created 4 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« no previous file with comments | « net/cert/internal/verify_certificate_chain_pkits_unittest.cc ('k') | net/data/verify_certificate_chain_unittest/expired-root.pem » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: net/cert/internal/verify_certificate_chain_unittest.cc

diff --git a/net/cert/internal/verify_certificate_chain_unittest.cc b/net/cert/internal/verify_certificate_chain_unittest.cc

index b172a3380eb175fcf88d7c54d6b4880929698ac2..a4443ca2d1c61d60b6c5d43b0d8a67d8aff5ff6d 100644

--- a/net/cert/internal/verify_certificate_chain_unittest.cc

+++ b/net/cert/internal/verify_certificate_chain_unittest.cc

@@ -39,18 +39,6 @@ std::string ReadTestFileToString(const std::string& file_name) {

return file_data;

}

-// Adds the certificate |cert_der| as a trust anchor to |trust_store|.

-void AddCertificateToTrustStore(const std::string& cert_der,

- TrustStore* trust_store) {

- ParsedCertificate cert;

- ASSERT_TRUE(ParseCertificate(der::Input(&cert_der), &cert));

- ParsedTbsCertificate tbs;

- ASSERT_TRUE(ParseTbsCertificate(cert.tbs_certificate_tlv, &tbs));

- TrustAnchor anchor = {tbs.spki_tlv.AsString(), tbs.subject_tlv.AsString()};

- trust_store->anchors.push_back(anchor);

// Reads a test case from |file_name|. Test cases are comprised of a

// certificate chain, trust store, a timestamp to validate at, and the

// expected result of verification.

@@ -60,7 +48,7 @@ void ReadTestFromFile(const std::string& file_name,

der::GeneralizedTime* time,

bool* verify_result) {

chain->clear();

- *trust_store = TrustStore();

+ trust_store->Clear();

std::string file_data = ReadTestFileToString(file_name);

@@ -87,7 +75,7 @@ void ReadTestFromFile(const std::string& file_name,

if (block_type == kCertificateHeader) {

chain->push_back(block_data);

} else if (block_type == kTrustedCertificateHeader) {

- AddCertificateToTrustStore(block_data, trust_store);

+ ASSERT_TRUE(trust_store->AddTrustedCertificate(block_data));

} else if (block_type == kTimeHeader) {

ASSERT_FALSE(has_time) << "Duplicate " << kTimeHeader;

has_time = true;

@@ -197,6 +185,10 @@ TEST(VerifyCertificateChainTest, ExpiredTargetNotBefore) {

RunTest("expired-target-notBefore.pem");

}

+TEST(VerifyCertificateChainTest, ExpiredRoot) {

+ RunTest("expired-root.pem");

TEST(VerifyCertificateChainTest, TargetNotEndEntity) {

RunTest("target-not-end-entity.pem");

}

@@ -221,6 +213,14 @@ TEST(VerifyCertificateChainTest, IssuerAndSubjectNotByteForByteEqualAnchor) {

RunTest("issuer-and-subject-not-byte-for-byte-equal-anchor.pem");

}

+TEST(VerifyCertificateChainTest, ViolatesPathlen1Root) {

+ RunTest("violates-pathlen-1-root.pem");

+TEST(VerifyCertificateChainTest, NonSelfSignedRoot) {

+ RunTest("non-self-signed-root.pem");

// Tests that verifying a chain with no certificates fails.

TEST(VerifyCertificateChainTest, EmptyChainIsInvalid) {

TrustStore trust_store;