Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(333)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/cert_verifier_unittest.cc

Issue 1987113002: Introduce CertVerifier::RequestParams (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Move tests Created 4 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« net/cert/cert_verifier.h ('K') | « net/cert/cert_verifier.cc ('k') | net/cert/multi_threaded_cert_verifier.h » ('j') | net/cert/multi_threaded_cert_verifier.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright 2016 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/cert/cert_verifier.h"
6
7 #include "base/files/file_path.h"
8 #include "base/memory/ref_counted.h"
9 #include "net/base/test_data_directory.h"
10 #include "net/cert/x509_certificate.h"
11 #include "net/test/cert_test_util.h"
12 #include "testing/gtest/include/gtest/gtest.h"
13
14 namespace net {
15
16 TEST(CertVerifierTest, RequestParamsComparators) {
17 const scoped_refptr<X509Certificate> ok_cert =
18 ImportCertFromFile(GetTestCertsDirectory(), "ok_cert.pem");
19 ASSERT_TRUE(ok_cert.get());
20
21 const scoped_refptr<X509Certificate> expired_cert =
22 ImportCertFromFile(GetTestCertsDirectory(), "expired_cert.pem");
23 ASSERT_TRUE(expired_cert.get());
24
25 const scoped_refptr<X509Certificate> root_cert =
26 ImportCertFromFile(GetTestCertsDirectory(), "root_ca_cert.pem");
27 ASSERT_TRUE(root_cert.get());
28
29 // Create a certificate that contains both a leaf and an
30 // intermediate/root.
31 X509Certificate::OSCertHandles chain;
32 chain.push_back(root_cert->os_cert_handle());
33 const scoped_refptr<X509Certificate> combined_cert =
34 X509Certificate::CreateFromHandle(ok_cert->os_cert_handle(), chain);
35 ASSERT_TRUE(combined_cert.get());
36
37 const CertificateList empty_list;
38 CertificateList test_list;
39 test_list.push_back(ok_cert);
40
41 struct {
42 // Keys to test
43 CertVerifier::RequestParams key1;
44 CertVerifier::RequestParams key2;
45
46 // Expectation:
47 // -1 means key1 is less than key2
48 // 0 means key1 equals key2
49 // 1 means key1 is greater than key2
50 int expected_result;
51 } tests[] = {
52 {
53 // Test for basic equivalence.
54 CertVerifier::RequestParams(ok_cert.get(), "www.example.test", 0,
55 std::string(), empty_list),
56 CertVerifier::RequestParams(ok_cert.get(), "www.example.test", 0,
57 std::string(), empty_list),
58 0,
59 },
60 {
61 // Test that different certificates but with the same CA and for
62 // the same host are different validation keys.
63 CertVerifier::RequestParams(ok_cert.get(), "www.example.test", 0,
64 std::string(), empty_list),
65 CertVerifier::RequestParams(expired_cert.get(), "www.example.test", 0,
66 std::string(), empty_list),
67 -1,
68 },
69 {
70 // Test that the same EE certificate for the same host, but with
71 // different chains are different validation keys.
72 CertVerifier::RequestParams(ok_cert.get(), "www.example.test", 0,
73 std::string(), empty_list),
74 CertVerifier::RequestParams(combined_cert.get(), "www.example.test",
75 0, std::string(), empty_list),
76 1,
77 },
78 {
79 // The same certificate, with the same chain, but for different
80 // hosts are different validation keys.
81 CertVerifier::RequestParams(ok_cert.get(), "www1.example.test", 0,
82 std::string(), empty_list),
83 CertVerifier::RequestParams(ok_cert.get(), "www2.example.test", 0,
84 std::string(), empty_list),
85 -1,
86 },
87 {
88 // The same certificate, chain, and host, but with different flags
89 // are different validation keys.
90 CertVerifier::RequestParams(ok_cert.get(), "www.example.test",
91 CertVerifier::VERIFY_EV_CERT,
92 std::string(), empty_list),
93 CertVerifier::RequestParams(ok_cert.get(), "www.example.test", 0,
94 std::string(), empty_list),
95 1,
96 },
97 {
98 // Different additional_trust_anchors.
99 CertVerifier::RequestParams(ok_cert.get(), "www.example.test", 0,
100 std::string(), empty_list),
101 CertVerifier::RequestParams(ok_cert.get(), "www.example.test", 0,
102 std::string(), test_list),
103 -1,
104 },
105 {
106 // Different OCSP responses.
107 CertVerifier::RequestParams(ok_cert.get(), "www.example.test", 0,
108 "ocsp response", empty_list),
109 CertVerifier::RequestParams(ok_cert.get(), "www.example.test", 0,
110 std::string(), empty_list),
111 -1,
112 },
113 };
114 for (size_t i = 0; i < arraysize(tests); ++i) {
115 SCOPED_TRACE(i);
116
117 const CertVerifier::RequestParams& key1 = tests[i].key1;
118 const CertVerifier::RequestParams& key2 = tests[i].key2;
119
120 switch (tests[i].expected_result) {
121 case -1:
122 EXPECT_TRUE(key1 < key2);
123 EXPECT_FALSE(key2 < key1);
124 break;
125 case 0:
126 EXPECT_FALSE(key1 < key2);
127 EXPECT_FALSE(key2 < key1);
128 break;
129 case 1:
130 EXPECT_FALSE(key1 < key2);
131 EXPECT_TRUE(key2 < key1);
132 break;
133 default:
134 FAIL() << "Invalid expectation. Can be only -1, 0, 1";
135 }
136 }
eroman 2016/05/18 01:43:18 May want to also test separately that the same key
Ryan Sleevi 2016/05/18 02:02:02 Did you mean to say "never equal"? Or did you mean
eroman 2016/05/18 02:06:43 See the code snippet, that is what I meant. (A key
Ryan Sleevi 2016/05/18 02:07:40 Right, I understood the snippet, but you said "nev
eroman 2016/05/18 02:29:36 Correct. I should have said "never less than"
137 }
138
139 } // namespace net
OLDNEW
« net/cert/cert_verifier.h ('K') | « net/cert/cert_verifier.cc ('k') | net/cert/multi_threaded_cert_verifier.h » ('j') | net/cert/multi_threaded_cert_verifier.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698