Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(219)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/ct_policy_enforcer_unittest.cc

Issue 1957393003: Address some clean-up remarks in CT code (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Proper tracking branch Created 4 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/ct_policy_enforcer.h" 5 #include "net/cert/ct_policy_enforcer.h"
6 6
7 #include <memory> 7 #include <memory>
8 #include <string> 8 #include <string>
9 9
10 #include "base/time/time.h" 10 #include "base/time/time.h"
(...skipping 189 matching lines...) Expand 10 before | Expand all | Expand 10 after
200 EXPECT_EQ(ct::CertPolicyCompliance::CERT_POLICY_NOT_DIVERSE_SCTS, 200 EXPECT_EQ(ct::CertPolicyCompliance::CERT_POLICY_NOT_DIVERSE_SCTS,
201 policy_enforcer_->DoesConformToCertPolicy(chain_.get(), scts, 201 policy_enforcer_->DoesConformToCertPolicy(chain_.get(), scts,
202 BoundNetLog())); 202 BoundNetLog()));
203 EXPECT_EQ(ct::EVPolicyCompliance::EV_POLICY_NOT_DIVERSE_SCTS, 203 EXPECT_EQ(ct::EVPolicyCompliance::EV_POLICY_NOT_DIVERSE_SCTS,
204 policy_enforcer_->DoesConformToCTEVPolicy(chain_.get(), nullptr, 204 policy_enforcer_->DoesConformToCTEVPolicy(chain_.get(), nullptr,
205 scts, BoundNetLog())); 205 scts, BoundNetLog()));
206 } 206 }
207 207
208 TEST_F(CTPolicyEnforcerTest, ConformsToCTEVPolicyIfSCTBeforeEnforcementDate) { 208 TEST_F(CTPolicyEnforcerTest, ConformsToCTEVPolicyIfSCTBeforeEnforcementDate) {
209 ct::SCTList scts; 209 ct::SCTList scts;
210 // This chain_ is valid for 10 years - over 121 months - so requires 5 SCTs. 210 // |chain_| is valid for 10 years - over 121 months - so requires 5 SCTs.
211 // All 5 SCTs will be from non-Google logs. 211 // All 5 SCTs will be from non-Google logs.
212 FillListWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED, 5, 212 FillListWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED, 5,
213 std::vector<std::string>(), false, &scts); 213 std::vector<std::string>(), false, &scts);
214 214
215 EXPECT_EQ(ct::CertPolicyCompliance::CERT_POLICY_COMPLIES_VIA_SCTS, 215 EXPECT_EQ(ct::CertPolicyCompliance::CERT_POLICY_COMPLIES_VIA_SCTS,
216 policy_enforcer_->DoesConformToCertPolicy(chain_.get(), scts, 216 policy_enforcer_->DoesConformToCertPolicy(chain_.get(), scts,
217 BoundNetLog())); 217 BoundNetLog()));
218 EXPECT_EQ(ct::EVPolicyCompliance::EV_POLICY_COMPLIES_VIA_SCTS, 218 EXPECT_EQ(ct::EVPolicyCompliance::EV_POLICY_COMPLIES_VIA_SCTS,
219 policy_enforcer_->DoesConformToCTEVPolicy(chain_.get(), nullptr, 219 policy_enforcer_->DoesConformToCTEVPolicy(chain_.get(), nullptr,
220 scts, BoundNetLog())); 220 scts, BoundNetLog()));
221 } 221 }
222 222
223 TEST_F(CTPolicyEnforcerTest, ConformsToCTEVPolicyWithNonEmbeddedSCTs) { 223 TEST_F(CTPolicyEnforcerTest, ConformsToCTEVPolicyWithNonEmbeddedSCTs) {
224 ct::SCTList scts; 224 ct::SCTList scts;
225 FillListWithSCTsOfOrigin( 225 FillListWithSCTsOfOrigin(
226 ct::SignedCertificateTimestamp::SCT_FROM_TLS_EXTENSION, 2, &scts); 226 ct::SignedCertificateTimestamp::SCT_FROM_TLS_EXTENSION, 2, &scts);
227 227
228 EXPECT_EQ(ct::CertPolicyCompliance::CERT_POLICY_COMPLIES_VIA_SCTS, 228 EXPECT_EQ(ct::CertPolicyCompliance::CERT_POLICY_COMPLIES_VIA_SCTS,
229 policy_enforcer_->DoesConformToCertPolicy(chain_.get(), scts, 229 policy_enforcer_->DoesConformToCertPolicy(chain_.get(), scts,
230 BoundNetLog())); 230 BoundNetLog()));
231 EXPECT_EQ(ct::EVPolicyCompliance::EV_POLICY_COMPLIES_VIA_SCTS, 231 EXPECT_EQ(ct::EVPolicyCompliance::EV_POLICY_COMPLIES_VIA_SCTS,
232 policy_enforcer_->DoesConformToCTEVPolicy(chain_.get(), nullptr, 232 policy_enforcer_->DoesConformToCTEVPolicy(chain_.get(), nullptr,
233 scts, BoundNetLog())); 233 scts, BoundNetLog()));
234 } 234 }
235 235
236 TEST_F(CTPolicyEnforcerTest, ConformsToCTEVPolicyWithEmbeddedSCTs) { 236 TEST_F(CTPolicyEnforcerTest, ConformsToCTEVPolicyWithEmbeddedSCTs) {
237 // This chain_ is valid for 10 years - over 121 months - so requires 5 SCTs. 237 // |chain_| is valid for 10 years - over 121 months - so requires 5 SCTs.
238 ct::SCTList scts; 238 ct::SCTList scts;
239 FillListWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED, 5, 239 FillListWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED, 5,
240 &scts); 240 &scts);
241 241
242 EXPECT_EQ(ct::CertPolicyCompliance::CERT_POLICY_COMPLIES_VIA_SCTS, 242 EXPECT_EQ(ct::CertPolicyCompliance::CERT_POLICY_COMPLIES_VIA_SCTS,
243 policy_enforcer_->DoesConformToCertPolicy(chain_.get(), scts, 243 policy_enforcer_->DoesConformToCertPolicy(chain_.get(), scts,
244 BoundNetLog())); 244 BoundNetLog()));
245 EXPECT_EQ(ct::EVPolicyCompliance::EV_POLICY_COMPLIES_VIA_SCTS, 245 EXPECT_EQ(ct::EVPolicyCompliance::EV_POLICY_COMPLIES_VIA_SCTS,
246 policy_enforcer_->DoesConformToCTEVPolicy(chain_.get(), nullptr, 246 policy_enforcer_->DoesConformToCTEVPolicy(chain_.get(), nullptr,
247 scts, BoundNetLog())); 247 scts, BoundNetLog()));
(...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after
294 policy_enforcer_->DoesConformToCertPolicy(chain_.get(), scts, 294 policy_enforcer_->DoesConformToCertPolicy(chain_.get(), scts,
295 BoundNetLog())); 295 BoundNetLog()));
296 EXPECT_EQ(ct::EVPolicyCompliance::EV_POLICY_COMPLIES_VIA_SCTS, 296 EXPECT_EQ(ct::EVPolicyCompliance::EV_POLICY_COMPLIES_VIA_SCTS,
297 policy_enforcer_->DoesConformToCTEVPolicy(chain_.get(), nullptr, 297 policy_enforcer_->DoesConformToCTEVPolicy(chain_.get(), nullptr,
298 scts, BoundNetLog())); 298 scts, BoundNetLog()));
299 } 299 }
300 300
301 TEST_F(CTPolicyEnforcerTest, DoesNotConformToCTEVPolicyNotEnoughSCTs) { 301 TEST_F(CTPolicyEnforcerTest, DoesNotConformToCTEVPolicyNotEnoughSCTs) {
302 scoped_refptr<ct::EVCertsWhitelist> non_including_whitelist( 302 scoped_refptr<ct::EVCertsWhitelist> non_including_whitelist(
303 new DummyEVCertsWhitelist(true, false)); 303 new DummyEVCertsWhitelist(true, false));
304 // This chain_ is valid for 10 years - over 121 months - so requires 5 SCTs. 304 // |chain_| is valid for 10 years - over 121 months - so requires 5 SCTs.
305 ct::SCTList scts; 305 ct::SCTList scts;
306 FillListWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED, 2, 306 FillListWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED, 2,
307 &scts); 307 &scts);
308 308
309 EXPECT_EQ(ct::CertPolicyCompliance::CERT_POLICY_NOT_ENOUGH_SCTS, 309 EXPECT_EQ(ct::CertPolicyCompliance::CERT_POLICY_NOT_ENOUGH_SCTS,
310 policy_enforcer_->DoesConformToCertPolicy(chain_.get(), scts, 310 policy_enforcer_->DoesConformToCertPolicy(chain_.get(), scts,
311 BoundNetLog())); 311 BoundNetLog()));
312 EXPECT_EQ( 312 EXPECT_EQ(
313 ct::EVPolicyCompliance::EV_POLICY_NOT_ENOUGH_SCTS, 313 ct::EVPolicyCompliance::EV_POLICY_NOT_ENOUGH_SCTS,
314 policy_enforcer_->DoesConformToCTEVPolicy( 314 policy_enforcer_->DoesConformToCTEVPolicy(
(...skipping 67 matching lines...) Expand 10 before | Expand all | Expand 10 after
382 } 382 }
383 383
384 TEST_F(CTPolicyEnforcerTest, 384 TEST_F(CTPolicyEnforcerTest,
385 ConformsWithDisqualifiedLogBeforeDisqualificationDate) { 385 ConformsWithDisqualifiedLogBeforeDisqualificationDate) {
386 ct::SCTList scts; 386 ct::SCTList scts;
387 FillListWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED, 4, 387 FillListWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED, 4,
388 &scts); 388 &scts);
389 AddDisqualifiedLogSCT(ct::SignedCertificateTimestamp::SCT_EMBEDDED, false, 389 AddDisqualifiedLogSCT(ct::SignedCertificateTimestamp::SCT_EMBEDDED, false,
390 &scts); 390 &scts);
391 391
392 // This chain_ is valid for 10 years - over 121 months - so requires 5 SCTs. 392 // |chain_| is valid for 10 years - over 121 months - so requires 5 SCTs.
393 EXPECT_EQ(ct::CertPolicyCompliance::CERT_POLICY_COMPLIES_VIA_SCTS, 393 EXPECT_EQ(ct::CertPolicyCompliance::CERT_POLICY_COMPLIES_VIA_SCTS,
394 policy_enforcer_->DoesConformToCertPolicy(chain_.get(), scts, 394 policy_enforcer_->DoesConformToCertPolicy(chain_.get(), scts,
395 BoundNetLog())); 395 BoundNetLog()));
396 EXPECT_EQ(ct::EVPolicyCompliance::EV_POLICY_COMPLIES_VIA_SCTS, 396 EXPECT_EQ(ct::EVPolicyCompliance::EV_POLICY_COMPLIES_VIA_SCTS,
397 policy_enforcer_->DoesConformToCTEVPolicy(chain_.get(), nullptr, 397 policy_enforcer_->DoesConformToCTEVPolicy(chain_.get(), nullptr,
398 scts, BoundNetLog())); 398 scts, BoundNetLog()));
399 } 399 }
400 400
401 TEST_F(CTPolicyEnforcerTest, 401 TEST_F(CTPolicyEnforcerTest,
402 DoesNotConformWithDisqualifiedLogAfterDisqualificationDate) { 402 DoesNotConformWithDisqualifiedLogAfterDisqualificationDate) {
403 ct::SCTList scts; 403 ct::SCTList scts;
404 FillListWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED, 4, 404 FillListWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED, 4,
405 &scts); 405 &scts);
406 AddDisqualifiedLogSCT(ct::SignedCertificateTimestamp::SCT_EMBEDDED, true, 406 AddDisqualifiedLogSCT(ct::SignedCertificateTimestamp::SCT_EMBEDDED, true,
407 &scts); 407 &scts);
408 408
409 // This chain_ is valid for 10 years - over 121 months - so requires 5 SCTs. 409 // |chain_| is valid for 10 years - over 121 months - so requires 5 SCTs.
410 EXPECT_EQ(ct::CertPolicyCompliance::CERT_POLICY_NOT_ENOUGH_SCTS, 410 EXPECT_EQ(ct::CertPolicyCompliance::CERT_POLICY_NOT_ENOUGH_SCTS,
411 policy_enforcer_->DoesConformToCertPolicy(chain_.get(), scts, 411 policy_enforcer_->DoesConformToCertPolicy(chain_.get(), scts,
412 BoundNetLog())); 412 BoundNetLog()));
413 EXPECT_EQ(ct::EVPolicyCompliance::EV_POLICY_NOT_ENOUGH_SCTS, 413 EXPECT_EQ(ct::EVPolicyCompliance::EV_POLICY_NOT_ENOUGH_SCTS,
414 policy_enforcer_->DoesConformToCTEVPolicy(chain_.get(), nullptr, 414 policy_enforcer_->DoesConformToCTEVPolicy(chain_.get(), nullptr,
415 scts, BoundNetLog())); 415 scts, BoundNetLog()));
416 } 416 }
417 417
418 TEST_F(CTPolicyEnforcerTest, 418 TEST_F(CTPolicyEnforcerTest,
419 DoesNotConformWithIssuanceDateAfterDisqualificationDate) { 419 DoesNotConformWithIssuanceDateAfterDisqualificationDate) {
420 ct::SCTList scts; 420 ct::SCTList scts;
421 AddDisqualifiedLogSCT(ct::SignedCertificateTimestamp::SCT_EMBEDDED, true, 421 AddDisqualifiedLogSCT(ct::SignedCertificateTimestamp::SCT_EMBEDDED, true,
422 &scts); 422 &scts);
423 FillListWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED, 4, 423 FillListWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED, 4,
424 &scts); 424 &scts);
425 // Make sure all SCTs are after the disqualification date. 425 // Make sure all SCTs are after the disqualification date.
426 for (size_t i = 1; i < scts.size(); ++i) 426 for (size_t i = 1; i < scts.size(); ++i)
427 scts[i]->timestamp = scts[0]->timestamp; 427 scts[i]->timestamp = scts[0]->timestamp;
428 428
429 // This chain_ is valid for 10 years - over 121 months - so requires 5 SCTs. 429 // |chain_| is valid for 10 years - over 121 months - so requires 5 SCTs.
430 EXPECT_EQ(ct::CertPolicyCompliance::CERT_POLICY_NOT_ENOUGH_SCTS, 430 EXPECT_EQ(ct::CertPolicyCompliance::CERT_POLICY_NOT_ENOUGH_SCTS,
431 policy_enforcer_->DoesConformToCertPolicy(chain_.get(), scts, 431 policy_enforcer_->DoesConformToCertPolicy(chain_.get(), scts,
432 BoundNetLog())); 432 BoundNetLog()));
433 EXPECT_EQ(ct::EVPolicyCompliance::EV_POLICY_NOT_ENOUGH_SCTS, 433 EXPECT_EQ(ct::EVPolicyCompliance::EV_POLICY_NOT_ENOUGH_SCTS,
434 policy_enforcer_->DoesConformToCTEVPolicy(chain_.get(), nullptr, 434 policy_enforcer_->DoesConformToCTEVPolicy(chain_.get(), nullptr,
435 scts, BoundNetLog())); 435 scts, BoundNetLog()));
436 } 436 }
437 437
438 TEST_F(CTPolicyEnforcerTest, 438 TEST_F(CTPolicyEnforcerTest,
439 DoesNotConformToCTEVPolicyNotEnoughUniqueEmbeddedLogs) { 439 DoesNotConformToCTEVPolicyNotEnoughUniqueEmbeddedLogs) {
(...skipping 13 matching lines...) Expand all
453 FillListWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED, 453 FillListWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED,
454 desired_logs.size(), desired_logs, true, &scts); 454 desired_logs.size(), desired_logs, true, &scts);
455 455
456 // Two unique SCTs from the same non-Google log. 456 // Two unique SCTs from the same non-Google log.
457 desired_logs.clear(); 457 desired_logs.clear();
458 desired_logs.push_back(std::string(crypto::kSHA256Length, 'C')); 458 desired_logs.push_back(std::string(crypto::kSHA256Length, 'C'));
459 desired_logs.push_back(std::string(crypto::kSHA256Length, 'C')); 459 desired_logs.push_back(std::string(crypto::kSHA256Length, 'C'));
460 FillListWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED, 460 FillListWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED,
461 desired_logs.size(), desired_logs, true, &scts); 461 desired_logs.size(), desired_logs, true, &scts);
462 462
463 // This chain_ is valid for 10 years - over 121 months - so requires 5 SCTs. 463 // |chain_| is valid for 10 years - over 121 months - so requires 5 SCTs.
464 // However, there are only 4 SCTs are from distinct logs. 464 // However, there are only 4 SCTs are from distinct logs.
465 EXPECT_EQ(ct::CertPolicyCompliance::CERT_POLICY_NOT_ENOUGH_SCTS, 465 EXPECT_EQ(ct::CertPolicyCompliance::CERT_POLICY_NOT_ENOUGH_SCTS,
466 policy_enforcer_->DoesConformToCertPolicy(chain_.get(), scts, 466 policy_enforcer_->DoesConformToCertPolicy(chain_.get(), scts,
467 BoundNetLog())); 467 BoundNetLog()));
468 EXPECT_EQ(ct::EVPolicyCompliance::EV_POLICY_NOT_ENOUGH_SCTS, 468 EXPECT_EQ(ct::EVPolicyCompliance::EV_POLICY_NOT_ENOUGH_SCTS,
469 policy_enforcer_->DoesConformToCTEVPolicy(chain_.get(), nullptr, 469 policy_enforcer_->DoesConformToCTEVPolicy(chain_.get(), nullptr,
470 scts, BoundNetLog())); 470 scts, BoundNetLog()));
471 } 471 }
472 472
473 // TODO(estark): fix this test so that it can check if 473 // TODO(estark): fix this test so that it can check if
(...skipping 97 matching lines...) Expand 10 before | Expand all | Expand 10 after
571 FillListWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED, 2, 571 FillListWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED, 2,
572 &scts); 572 &scts);
573 EXPECT_EQ(ct::EVPolicyCompliance::EV_POLICY_NOT_ENOUGH_SCTS, 573 EXPECT_EQ(ct::EVPolicyCompliance::EV_POLICY_NOT_ENOUGH_SCTS,
574 policy_enforcer_->DoesConformToCTEVPolicy(chain_.get(), nullptr, 574 policy_enforcer_->DoesConformToCTEVPolicy(chain_.get(), nullptr,
575 scts, BoundNetLog())); 575 scts, BoundNetLog()));
576 } 576 }
577 577
578 } // namespace 578 } // namespace
579 579
580 } // namespace net 580 } // namespace net
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698