net/cert/internal/verify_certificate_chain_unittest.cc - Issue 1923433002: Certificate path builder for new certificate verification library

Side by Side Diff: net/cert/internal/verify_certificate_chain_unittest.cc

Issue 1923433002: Certificate path builder for new certificate verification library (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: wip: Make CertPathIter build the full path including the trust anchor Created 4 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« net/cert/internal/path_builder.h ('K') | « net/cert/internal/verify_certificate_chain_pkits_unittest.cc ('k') | net/data/verify_certificate_chain_unittest/common.py » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright 2015 The Chromium Authors. All rights reserved.	1 // Copyright 2015 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/cert/internal/verify_certificate_chain.h"	5 #include "net/cert/internal/verify_certificate_chain.h"

6	6

7 #include "base/base_paths.h"	7 #include "base/base_paths.h"

8 #include "base/files/file_util.h"	8 #include "base/files/file_util.h"

9 #include "base/path_service.h"	9 #include "base/path_service.h"

10 #include "base/strings/string_split.h"	10 #include "base/strings/string_split.h"

(...skipping 57 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
68 bool has_result = false;	68 bool has_result = false;

69	69

70 PEMTokenizer pem_tokenizer(file_data, pem_headers);	70 PEMTokenizer pem_tokenizer(file_data, pem_headers);

71 while (pem_tokenizer.GetNext()) {	71 while (pem_tokenizer.GetNext()) {

72 const std::string& block_type = pem_tokenizer.block_type();	72 const std::string& block_type = pem_tokenizer.block_type();

73 const std::string& block_data = pem_tokenizer.data();	73 const std::string& block_data = pem_tokenizer.data();

74	74

75 if (block_type == kCertificateHeader) {	75 if (block_type == kCertificateHeader) {

76 chain->push_back(block_data);	76 chain->push_back(block_data);

77 } else if (block_type == kTrustedCertificateHeader) {	77 } else if (block_type == kTrustedCertificateHeader) {

78 ASSERT_TRUE(trust_store->AddTrustedCertificate(block_data));	78 scoped_refptr<CertThing> cert(

	79 CertThing::CreateFromCertificateCopy(block_data));

	80 ASSERT_TRUE(cert);

	81 trust_store->AddTrustedCertificate(std::move(cert));

79 } else if (block_type == kTimeHeader) {	82 } else if (block_type == kTimeHeader) {

80 ASSERT_FALSE(has_time) << "Duplicate " << kTimeHeader;	83 ASSERT_FALSE(has_time) << "Duplicate " << kTimeHeader;

81 has_time = true;	84 has_time = true;

82 ASSERT_TRUE(der::ParseUTCTime(der::Input(&block_data), time));	85 ASSERT_TRUE(der::ParseUTCTime(der::Input(&block_data), time));

83 } else if (block_type == kResultHeader) {	86 } else if (block_type == kResultHeader) {

84 ASSERT_FALSE(has_result) << "Duplicate " << kResultHeader;	87 ASSERT_FALSE(has_result) << "Duplicate " << kResultHeader;

85 ASSERT_TRUE(block_data == "SUCCESS" \|\| block_data == "FAIL")	88 ASSERT_TRUE(block_data == "SUCCESS" \|\| block_data == "FAIL")

86 << "Unrecognized result: " << block_data;	89 << "Unrecognized result: " << block_data;

87 has_result = true;	90 has_result = true;

88 *verify_result = block_data == "SUCCESS";	91 *verify_result = block_data == "SUCCESS";

(...skipping 125 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
214 }	217 }

215	218

216 TEST(VerifyCertificateChainTest, ViolatesPathlen1Root) {	219 TEST(VerifyCertificateChainTest, ViolatesPathlen1Root) {

217 RunTest("violates-pathlen-1-root.pem");	220 RunTest("violates-pathlen-1-root.pem");

218 }	221 }

219	222

220 TEST(VerifyCertificateChainTest, NonSelfSignedRoot) {	223 TEST(VerifyCertificateChainTest, NonSelfSignedRoot) {

221 RunTest("non-self-signed-root.pem");	224 RunTest("non-self-signed-root.pem");

222 }	225 }

223	226

	227 TEST(VerifyCertificateChainTest, KeyRolloverOldChain) {

	228 RunTest("key-rollover-oldchain.pem");

	229 }

	230

	231 TEST(VerifyCertificateChainTest, KeyRolloverRolloverChain) {

	232 RunTest("key-rollover-rolloverchain.pem");

	233 }

	234

	235 TEST(VerifyCertificateChainTest, KeyRolloverLongRolloverChain) {

	236 RunTest("key-rollover-longrolloverchain.pem");

	237 }

	238

	239 TEST(VerifyCertificateChainTest, KeyRolloverNewChain) {

	240 RunTest("key-rollover-newchain.pem");

	241 }

	242

224 // Tests that verifying a chain with no certificates fails.	243 // Tests that verifying a chain with no certificates fails.

225 TEST(VerifyCertificateChainTest, EmptyChainIsInvalid) {	244 TEST(VerifyCertificateChainTest, EmptyChainIsInvalid) {

226 TrustStore trust_store;	245 TrustStore trust_store;

227 der::GeneralizedTime time;	246 der::GeneralizedTime time;

228 std::vector<der::Input> chain;	247 std::vector<der::Input> chain;

229 SimpleSignaturePolicy signature_policy(2048);	248 SimpleSignaturePolicy signature_policy(2048);

230	249

231 ASSERT_FALSE(	250 ASSERT_FALSE(

232 VerifyCertificateChain(chain, trust_store, &signature_policy, time));	251 VerifyCertificateChain(chain, trust_store, &signature_policy, time));

233 }	252 }

234	253

235 // TODO(eroman): Add test that invalidate validity dates where the day or month	254 // TODO(eroman): Add test that invalidate validity dates where the day or month

236 // ordinal not in range, like "March 39, 2016" are rejected.	255 // ordinal not in range, like "March 39, 2016" are rejected.

237	256

238 } // namespace	257 } // namespace

239	258

240 } // namespace net	259 } // namespace net

OLD	NEW