Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(121)

Unified Diff: net/cert/internal/path_builder_pkits_unittest.cc

Issue 1923433002: Certificate path builder for new certificate verification library (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: changes for review comment #20 Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/cert/internal/path_builder.cc ('k') | net/cert/internal/path_builder_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/cert/internal/path_builder_pkits_unittest.cc
diff --git a/net/cert/internal/verify_certificate_chain_pkits_unittest.cc b/net/cert/internal/path_builder_pkits_unittest.cc
similarity index 73%
copy from net/cert/internal/verify_certificate_chain_pkits_unittest.cc
copy to net/cert/internal/path_builder_pkits_unittest.cc
index 4c543f46baba31fffd125ddd57299cf5720f75ea..a046d1cfe3029b1ae39374e89d3423c8e96b5e27 100644
--- a/net/cert/internal/verify_certificate_chain_pkits_unittest.cc
+++ b/net/cert/internal/path_builder_pkits_unittest.cc
@@ -2,11 +2,15 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-#include "net/cert/internal/verify_certificate_chain.h"
+#include "net/cert/internal/path_builder.h"
+#include "net/base/net_errors.h"
+#include "net/cert/internal/cert_issuer_source_static.h"
+#include "net/cert/internal/parse_certificate.h"
#include "net/cert/internal/parsed_certificate.h"
#include "net/cert/internal/signature_policy.h"
#include "net/cert/internal/trust_store.h"
+#include "net/cert/internal/verify_certificate_chain.h"
#include "net/der/input.h"
// Disable tests that require DSA signatures (DSA signatures are intentionally
@@ -44,7 +48,7 @@ namespace net {
namespace {
-class VerifyCertificateChainPkitsTestDelegate {
+class PathBuilderPkitsTestDelegate {
public:
static bool Verify(std::vector<std::string> cert_ders,
std::vector<std::string> crl_ders) {
@@ -52,45 +56,50 @@ class VerifyCertificateChainPkitsTestDelegate {
ADD_FAILURE() << "cert_ders is empty";
return false;
}
- // First entry in the PKITS chain is the trust anchor.
- TrustStore trust_store;
- scoped_refptr<ParsedCertificate> anchor(
- ParsedCertificate::CreateFromCertificateCopy(cert_ders[0], {}));
- EXPECT_TRUE(anchor);
- if (anchor)
- trust_store.AddTrustedCertificate(std::move(anchor));
-
- // PKITS lists chains from trust anchor to target, VerifyCertificateChain
- // takes them starting with the target and not including the trust anchor.
- std::vector<scoped_refptr<net::ParsedCertificate>> input_chain;
- for (size_t i = cert_ders.size() - 1; i > 0; --i) {
- if (!net::ParsedCertificate::CreateAndAddToVector(
- reinterpret_cast<const uint8_t*>(cert_ders[i].data()),
- cert_ders[i].size(),
- net::ParsedCertificate::DataSource::EXTERNAL_REFERENCE, {},
- &input_chain)) {
- ADD_FAILURE() << "cert " << i << " failed to parse";
+ ParsedCertificateList certs;
+ for (const std::string& der : cert_ders) {
+ certs.push_back(ParsedCertificate::CreateFromCertificateCopy(der, {}));
+ if (!certs.back()) {
+ ADD_FAILURE() << "ParsedCertificate::CreateFromCertificateCopy failed";
return false;
}
}
+ // First entry in the PKITS chain is the trust anchor.
+ // TODO(mattm): test with all possible trust anchors in the trust store?
+ TrustStore trust_store;
+ trust_store.AddTrustedCertificate(certs[0]);
+
+ // TODO(mattm): test with other irrelevant certs in cert_issuer_sources?
+ CertIssuerSourceStatic cert_issuer_source;
+ for (size_t i = 1; i < cert_ders.size() - 1; ++i)
+ cert_issuer_source.AddCert(certs[i]);
+
+ scoped_refptr<ParsedCertificate> target_cert(certs.back());
SimpleSignaturePolicy signature_policy(1024);
// Run all tests at the time the PKITS was published.
der::GeneralizedTime time = {2011, 4, 15, 0, 0, 0};
- return VerifyCertificateChain(input_chain, trust_store, &signature_policy,
- time, nullptr);
+ CertPathBuilder::Result result;
+ CertPathBuilder path_builder(std::move(target_cert), &trust_store,
+ &signature_policy, time, &result);
+ path_builder.AddCertIssuerSource(&cert_issuer_source);
+
+ CompletionStatus rv = path_builder.Run(base::Closure());
+ EXPECT_EQ(CompletionStatus::SYNC, rv);
+
+ return result.is_success();
}
};
} // namespace
-class PkitsTest01SignatureVerificationCustom
- : public PkitsTest<VerifyCertificateChainPkitsTestDelegate> {};
+class PkitsTest01SignatureVerificationCustomPathBuilderFoo
+ : public PkitsTest<PathBuilderPkitsTestDelegate> {};
// Modified version of 4.1.4 Valid DSA Signatures Test4
-TEST_F(PkitsTest01SignatureVerificationCustom,
+TEST_F(PkitsTest01SignatureVerificationCustomPathBuilderFoo,
Section1ValidDSASignaturesTest4Custom) {
const char* const certs[] = {"TrustAnchorRootCertificate", "DSACACert",
"ValidDSASignaturesTest4EE"};
@@ -100,7 +109,7 @@ TEST_F(PkitsTest01SignatureVerificationCustom,
}
// Modified version of 4.1.5 Valid DSA Parameter Inheritance Test5
-TEST_F(PkitsTest01SignatureVerificationCustom,
+TEST_F(PkitsTest01SignatureVerificationCustomPathBuilderFoo,
Section1ValidDSAParameterInheritanceTest5Custom) {
const char* const certs[] = {"TrustAnchorRootCertificate", "DSACACert",
"DSAParametersInheritedCACert",
@@ -111,11 +120,11 @@ TEST_F(PkitsTest01SignatureVerificationCustom,
ASSERT_FALSE(this->Verify(certs, crls));
}
-class PkitsTest13SignatureVerificationCustom
- : public PkitsTest<VerifyCertificateChainPkitsTestDelegate> {};
+class PkitsTest13SignatureVerificationCustomPathBuilderFoo
+ : public PkitsTest<PathBuilderPkitsTestDelegate> {};
// Modified version of 4.13.21 Valid RFC822 nameConstraints Test21
-TEST_F(PkitsTest13SignatureVerificationCustom,
+TEST_F(PkitsTest13SignatureVerificationCustomPathBuilderFoo,
Section13ValidRFC822nameConstraintsTest21Custom) {
const char* const certs[] = {"TrustAnchorRootCertificate",
"nameConstraintsRFC822CA1Cert",
@@ -127,7 +136,7 @@ TEST_F(PkitsTest13SignatureVerificationCustom,
}
// Modified version of 4.13.23 Valid RFC822 nameConstraints Test23
-TEST_F(PkitsTest13SignatureVerificationCustom,
+TEST_F(PkitsTest13SignatureVerificationCustomPathBuilderFoo,
Section13ValidRFC822nameConstraintsTest23Custom) {
const char* const certs[] = {"TrustAnchorRootCertificate",
"nameConstraintsRFC822CA2Cert",
@@ -139,7 +148,7 @@ TEST_F(PkitsTest13SignatureVerificationCustom,
}
// Modified version of 4.13.25 Valid RFC822 nameConstraints Test25
-TEST_F(PkitsTest13SignatureVerificationCustom,
+TEST_F(PkitsTest13SignatureVerificationCustomPathBuilderFoo,
Section13ValidRFC822nameConstraintsTest25Custom) {
const char* const certs[] = {"TrustAnchorRootCertificate",
"nameConstraintsRFC822CA3Cert",
@@ -151,7 +160,7 @@ TEST_F(PkitsTest13SignatureVerificationCustom,
}
// Modified version of 4.13.27 Valid DN and RFC822 nameConstraints Test27
-TEST_F(PkitsTest13SignatureVerificationCustom,
+TEST_F(PkitsTest13SignatureVerificationCustomPathBuilderFoo,
Section13ValidDNandRFC822nameConstraintsTest27Custom) {
const char* const certs[] = {"TrustAnchorRootCertificate",
"nameConstraintsDN1CACert",
@@ -164,7 +173,7 @@ TEST_F(PkitsTest13SignatureVerificationCustom,
}
// Modified version of 4.13.34 Valid URI nameConstraints Test34
-TEST_F(PkitsTest13SignatureVerificationCustom,
+TEST_F(PkitsTest13SignatureVerificationCustomPathBuilderFoo,
Section13ValidURInameConstraintsTest34Custom) {
const char* const certs[] = {"TrustAnchorRootCertificate",
"nameConstraintsURI1CACert",
@@ -175,7 +184,7 @@ TEST_F(PkitsTest13SignatureVerificationCustom,
}
// Modified version of 4.13.36 Valid URI nameConstraints Test36
-TEST_F(PkitsTest13SignatureVerificationCustom,
+TEST_F(PkitsTest13SignatureVerificationCustomPathBuilderFoo,
Section13ValidURInameConstraintsTest36Custom) {
const char* const certs[] = {"TrustAnchorRootCertificate",
"nameConstraintsURI2CACert",
@@ -185,27 +194,27 @@ TEST_F(PkitsTest13SignatureVerificationCustom,
ASSERT_FALSE(this->Verify(certs, crls));
}
-INSTANTIATE_TYPED_TEST_CASE_P(VerifyCertificateChain,
+INSTANTIATE_TYPED_TEST_CASE_P(PathBuilder,
PkitsTest01SignatureVerification,
- VerifyCertificateChainPkitsTestDelegate);
-INSTANTIATE_TYPED_TEST_CASE_P(VerifyCertificateChain,
+ PathBuilderPkitsTestDelegate);
+INSTANTIATE_TYPED_TEST_CASE_P(PathBuilder,
PkitsTest02ValidityPeriods,
- VerifyCertificateChainPkitsTestDelegate);
-INSTANTIATE_TYPED_TEST_CASE_P(VerifyCertificateChain,
+ PathBuilderPkitsTestDelegate);
+INSTANTIATE_TYPED_TEST_CASE_P(PathBuilder,
PkitsTest03VerifyingNameChaining,
- VerifyCertificateChainPkitsTestDelegate);
-INSTANTIATE_TYPED_TEST_CASE_P(VerifyCertificateChain,
+ PathBuilderPkitsTestDelegate);
+INSTANTIATE_TYPED_TEST_CASE_P(PathBuilder,
PkitsTest06VerifyingBasicConstraints,
- VerifyCertificateChainPkitsTestDelegate);
-INSTANTIATE_TYPED_TEST_CASE_P(VerifyCertificateChain,
+ PathBuilderPkitsTestDelegate);
+INSTANTIATE_TYPED_TEST_CASE_P(PathBuilder,
PkitsTest07KeyUsage,
- VerifyCertificateChainPkitsTestDelegate);
-INSTANTIATE_TYPED_TEST_CASE_P(VerifyCertificateChain,
+ PathBuilderPkitsTestDelegate);
+INSTANTIATE_TYPED_TEST_CASE_P(PathBuilder,
PkitsTest13NameConstraints,
- VerifyCertificateChainPkitsTestDelegate);
-INSTANTIATE_TYPED_TEST_CASE_P(VerifyCertificateChain,
+ PathBuilderPkitsTestDelegate);
+INSTANTIATE_TYPED_TEST_CASE_P(PathBuilder,
PkitsTest16PrivateCertificateExtensions,
- VerifyCertificateChainPkitsTestDelegate);
+ PathBuilderPkitsTestDelegate);
// TODO(mattm): CRL support: PkitsTest04BasicCertificateRevocationTests,
// PkitsTest05VerifyingPathswithSelfIssuedCertificates,
« no previous file with comments | « net/cert/internal/path_builder.cc ('k') | net/cert/internal/path_builder_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698