net/cert/cert_verifier_unittest.cc - Issue 1987113002: Introduce CertVerifier::RequestParams

Unified Diff: net/cert/cert_verifier_unittest.cc

Issue 1987113002: Introduce CertVerifier::RequestParams (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Move tests Created 4 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/cert/cert_verifier_unittest.cc

diff --git a/net/cert/cert_verifier_unittest.cc b/net/cert/cert_verifier_unittest.cc

new file mode 100644

index 0000000000000000000000000000000000000000..327b6c93b67634c213e30328e2441486c5187490

--- /dev/null

+++ b/net/cert/cert_verifier_unittest.cc

@@ -0,0 +1,139 @@

+// Use of this source code is governed by a BSD-style license that can be

+// found in the LICENSE file.

+#include "net/cert/cert_verifier.h"

+#include "base/files/file_path.h"

+#include "base/memory/ref_counted.h"

+#include "net/base/test_data_directory.h"

+#include "net/cert/x509_certificate.h"

+#include "net/test/cert_test_util.h"

+#include "testing/gtest/include/gtest/gtest.h"

+namespace net {

+TEST(CertVerifierTest, RequestParamsComparators) {

+ const scoped_refptr<X509Certificate> ok_cert =

+ ImportCertFromFile(GetTestCertsDirectory(), "ok_cert.pem");

+ ASSERT_TRUE(ok_cert.get());

+ const scoped_refptr<X509Certificate> expired_cert =

+ ImportCertFromFile(GetTestCertsDirectory(), "expired_cert.pem");

+ ASSERT_TRUE(expired_cert.get());

+ const scoped_refptr<X509Certificate> root_cert =

+ ImportCertFromFile(GetTestCertsDirectory(), "root_ca_cert.pem");

+ ASSERT_TRUE(root_cert.get());

+ // Create a certificate that contains both a leaf and an

+ // intermediate/root.

+ X509Certificate::OSCertHandles chain;

+ chain.push_back(root_cert->os_cert_handle());

+ const scoped_refptr<X509Certificate> combined_cert =

+ X509Certificate::CreateFromHandle(ok_cert->os_cert_handle(), chain);

+ ASSERT_TRUE(combined_cert.get());

+ const CertificateList empty_list;

+ CertificateList test_list;

+ test_list.push_back(ok_cert);

+ struct {

+ // Keys to test

+ CertVerifier::RequestParams key1;

+ CertVerifier::RequestParams key2;

+ // Expectation:

+ // -1 means key1 is less than key2

+ // 0 means key1 equals key2

+ // 1 means key1 is greater than key2

+ int expected_result;

+ } tests[] = {

+ {

+ // Test for basic equivalence.

+ CertVerifier::RequestParams(ok_cert.get(), "www.example.test", 0,

+ std::string(), empty_list),

+ CertVerifier::RequestParams(ok_cert.get(), "www.example.test", 0,

+ std::string(), empty_list),

+ 0,

+ },

+ {

+ // Test that different certificates but with the same CA and for

+ // the same host are different validation keys.

+ CertVerifier::RequestParams(ok_cert.get(), "www.example.test", 0,

+ std::string(), empty_list),

+ CertVerifier::RequestParams(expired_cert.get(), "www.example.test", 0,

+ std::string(), empty_list),

+ -1,

+ },

+ {

+ // Test that the same EE certificate for the same host, but with

+ // different chains are different validation keys.

+ CertVerifier::RequestParams(ok_cert.get(), "www.example.test", 0,

+ std::string(), empty_list),

+ CertVerifier::RequestParams(combined_cert.get(), "www.example.test",

+ 0, std::string(), empty_list),

+ 1,

+ },

+ {

+ // The same certificate, with the same chain, but for different

+ // hosts are different validation keys.

+ CertVerifier::RequestParams(ok_cert.get(), "www1.example.test", 0,

+ std::string(), empty_list),

+ CertVerifier::RequestParams(ok_cert.get(), "www2.example.test", 0,

+ std::string(), empty_list),

+ -1,

+ },

+ {

+ // The same certificate, chain, and host, but with different flags

+ // are different validation keys.

+ CertVerifier::RequestParams(ok_cert.get(), "www.example.test",

+ CertVerifier::VERIFY_EV_CERT,

+ std::string(), empty_list),

+ CertVerifier::RequestParams(ok_cert.get(), "www.example.test", 0,

+ std::string(), empty_list),

+ 1,

+ },

+ {

+ // Different additional_trust_anchors.

+ CertVerifier::RequestParams(ok_cert.get(), "www.example.test", 0,

+ std::string(), empty_list),

+ CertVerifier::RequestParams(ok_cert.get(), "www.example.test", 0,

+ std::string(), test_list),

+ -1,

+ },

+ {

+ // Different OCSP responses.

+ CertVerifier::RequestParams(ok_cert.get(), "www.example.test", 0,

+ "ocsp response", empty_list),

+ CertVerifier::RequestParams(ok_cert.get(), "www.example.test", 0,

+ std::string(), empty_list),

+ -1,

+ },

+ };

+ for (size_t i = 0; i < arraysize(tests); ++i) {

+ SCOPED_TRACE(i);

+ const CertVerifier::RequestParams& key1 = tests[i].key1;

+ const CertVerifier::RequestParams& key2 = tests[i].key2;

+ switch (tests[i].expected_result) {

+ case -1:

+ EXPECT_TRUE(key1 < key2);

+ EXPECT_FALSE(key2 < key1);

+ break;

+ case 0:

+ EXPECT_FALSE(key1 < key2);

+ EXPECT_FALSE(key2 < key1);

+ break;

+ case 1:

+ EXPECT_FALSE(key1 < key2);

+ EXPECT_TRUE(key2 < key1);

+ break;

+ default:

+ FAIL() << "Invalid expectation. Can be only -1, 0, 1";

+ }

eroman 2016/05/18 01:43:18 May want to also test separately that the same key

Ryan Sleevi 2016/05/18 02:02:02 Did you mean to say "never equal"? Or did you mean

eroman 2016/05/18 02:06:43 See the code snippet, that is what I meant. (A key

Ryan Sleevi 2016/05/18 02:07:40 Right, I understood the snippet, but you said "nev

eroman 2016/05/18 02:29:36 Correct. I should have said "never less than"

+} // namespace net

« net/cert/cert_verifier.h ('K') | « net/cert/cert_verifier.cc ('k') | net/cert/multi_threaded_cert_verifier.h » ('j') | net/cert/multi_threaded_cert_verifier.h » ('J')