Certificate path builder for new certificate verification library

net/cert/internal/verify_certificate_chain_pkits_unittest.cc

 // Copyright 2016 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/cert/internal/verify_certificate_chain.h"
 
 #include "net/cert/internal/parsed_certificate.h"
 #include "net/cert/internal/signature_policy.h"
 #include "net/cert/internal/trust_store.h"
 #include "net/der/input.h"
@@ skipping 34 matching lines @@
 namespace {
 
 class VerifyCertificateChainPkitsTestDelegate {
  public:
   static bool Verify(std::vector<std::string> cert_ders,
                      std::vector<std::string> crl_ders) {
     if (cert_ders.empty()) {
       ADD_FAILURE() << "cert_ders is empty";
       return false;
     }
-    // First entry in the PKITS chain is the trust anchor.
-    TrustStore trust_store;
-    scoped_refptr<ParsedCertificate> anchor(
-        ParsedCertificate::CreateFromCertificateCopy(cert_ders[0], {}));
-    EXPECT_TRUE(anchor);
-    if (anchor)
-      trust_store.AddTrustedCertificate(std::move(anchor));
 
     // PKITS lists chains from trust anchor to target, VerifyCertificateChain
     // takes them starting with the target and not including the trust anchor.
     std::vector<scoped_refptr<net::ParsedCertificate>> input_chain;
-    for (size_t i = cert_ders.size() - 1; i > 0; --i) {
+    for (auto i = cert_ders.rbegin(); i != cert_ders.rend(); ++i) {
       if (!net::ParsedCertificate::CreateAndAddToVector(
-              reinterpret_cast<const uint8_t*>(cert_ders[i].data()),
-              cert_ders[i].size(),
+              reinterpret_cast<const uint8_t*>(i->data()), i->size(),
               net::ParsedCertificate::DataSource::EXTERNAL_REFERENCE, {},
               &input_chain)) {
-        ADD_FAILURE() << "cert " << i << " failed to parse";
+        ADD_FAILURE() << "cert failed to parse";
         return false;
       }
     }
 
+    TrustStore trust_store;
+    trust_store.AddTrustedCertificate(input_chain.back());
+
     SimpleSignaturePolicy signature_policy(1024);
 
     // Run all tests at the time the PKITS was published.
     der::GeneralizedTime time = {2011, 4, 15, 0, 0, 0};
 
-    return VerifyCertificateChain(input_chain, trust_store, &signature_policy,
-                                  time, nullptr);
+    return VerifyCertificateChainAssumingTrustedRoot(input_chain, trust_store,
+                                                     &signature_policy, time);
   }
 };
 
 }  // namespace
 
 class PkitsTest01SignatureVerificationCustom
     : public PkitsTest<VerifyCertificateChainPkitsTestDelegate> {};
 
 // Modified version of 4.1.4 Valid DSA Signatures Test4
 TEST_F(PkitsTest01SignatureVerificationCustom,
@@ skipping 115 matching lines @@
 
 // TODO(mattm): CRL support: PkitsTest04BasicCertificateRevocationTests,
 // PkitsTest05VerifyingPathswithSelfIssuedCertificates,
 // PkitsTest14DistributionPoints, PkitsTest15DeltaCRLs
 
 // TODO(mattm): Certificate Policies support: PkitsTest08CertificatePolicies,
 // PkitsTest09RequireExplicitPolicy PkitsTest10PolicyMappings,
 // PkitsTest11InhibitPolicyMapping, PkitsTest12InhibitAnyPolicy
 
 }  // namespace net