| OLD | NEW |
|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/cert_verifier.h" | 5 #include "net/cert/cert_verifier.h" |
| 6 | 6 |
| 7 #include "base/files/file_path.h" | 7 #include "base/files/file_path.h" |
| 8 #include "base/memory/ref_counted.h" | 8 #include "base/memory/ref_counted.h" |
| 9 #include "net/base/test_data_directory.h" | 9 #include "net/base/test_data_directory.h" |
| 10 #include "net/cert/x509_certificate.h" | 10 #include "net/cert/x509_certificate.h" |
| (...skipping 25 matching lines...) Expand all Loading... |
| 36 | 36 |
| 37 const CertificateList empty_list; | 37 const CertificateList empty_list; |
| 38 CertificateList test_list; | 38 CertificateList test_list; |
| 39 test_list.push_back(ok_cert); | 39 test_list.push_back(ok_cert); |
| 40 | 40 |
| 41 struct { | 41 struct { |
| 42 // Keys to test | 42 // Keys to test |
| 43 CertVerifier::RequestParams key1; | 43 CertVerifier::RequestParams key1; |
| 44 CertVerifier::RequestParams key2; | 44 CertVerifier::RequestParams key2; |
| 45 | 45 |
| 46 // Expectation: | 46 // Whether or not |key1| and |key2| are expected to be equal. |
| 47 // -1 means key1 is less than key2 | 47 bool equal; |
| 48 // 0 means key1 equals key2 | |
| 49 // 1 means key1 is greater than key2 | |
| 50 int expected_result; | |
| 51 } tests[] = { | 48 } tests[] = { |
| 52 { | 49 { |
| 53 // Test for basic equivalence. | 50 // Test for basic equivalence. |
| 54 CertVerifier::RequestParams(ok_cert.get(), "www.example.test", 0, | 51 CertVerifier::RequestParams(ok_cert, "www.example.test", 0, |
| 55 std::string(), empty_list), | 52 std::string(), empty_list), |
| 56 CertVerifier::RequestParams(ok_cert.get(), "www.example.test", 0, | 53 CertVerifier::RequestParams(ok_cert, "www.example.test", 0, |
| 57 std::string(), empty_list), | 54 std::string(), empty_list), |
| 58 0, | 55 true, |
| 59 }, | 56 }, |
| 60 { | 57 { |
| 61 // Test that different certificates but with the same CA and for | 58 // Test that different certificates but with the same CA and for |
| 62 // the same host are different validation keys. | 59 // the same host are different validation keys. |
| 63 CertVerifier::RequestParams(ok_cert.get(), "www.example.test", 0, | 60 CertVerifier::RequestParams(ok_cert, "www.example.test", 0, |
| 64 std::string(), empty_list), | 61 std::string(), empty_list), |
| 65 CertVerifier::RequestParams(expired_cert.get(), "www.example.test", 0, | 62 CertVerifier::RequestParams(expired_cert, "www.example.test", 0, |
| 66 std::string(), empty_list), | 63 std::string(), empty_list), |
| 67 -1, | 64 false, |
| 68 }, | 65 }, |
| 69 { | 66 { |
| 70 // Test that the same EE certificate for the same host, but with | 67 // Test that the same EE certificate for the same host, but with |
| 71 // different chains are different validation keys. | 68 // different chains are different validation keys. |
| 72 CertVerifier::RequestParams(ok_cert.get(), "www.example.test", 0, | 69 CertVerifier::RequestParams(ok_cert, "www.example.test", 0, |
| 73 std::string(), empty_list), | 70 std::string(), empty_list), |
| 74 CertVerifier::RequestParams(combined_cert.get(), "www.example.test", | 71 CertVerifier::RequestParams(combined_cert, "www.example.test", 0, |
| 75 0, std::string(), empty_list), | 72 std::string(), empty_list), |
| 76 1, | 73 false, |
| 77 }, | 74 }, |
| 78 { | 75 { |
| 79 // The same certificate, with the same chain, but for different | 76 // The same certificate, with the same chain, but for different |
| 80 // hosts are different validation keys. | 77 // hosts are different validation keys. |
| 81 CertVerifier::RequestParams(ok_cert.get(), "www1.example.test", 0, | 78 CertVerifier::RequestParams(ok_cert, "www1.example.test", 0, |
| 82 std::string(), empty_list), | 79 std::string(), empty_list), |
| 83 CertVerifier::RequestParams(ok_cert.get(), "www2.example.test", 0, | 80 CertVerifier::RequestParams(ok_cert, "www2.example.test", 0, |
| 84 std::string(), empty_list), | 81 std::string(), empty_list), |
| 85 -1, | 82 false, |
| 86 }, | 83 }, |
| 87 { | 84 { |
| 88 // The same certificate, chain, and host, but with different flags | 85 // The same certificate, chain, and host, but with different flags |
| 89 // are different validation keys. | 86 // are different validation keys. |
| 90 CertVerifier::RequestParams(ok_cert.get(), "www.example.test", | 87 CertVerifier::RequestParams(ok_cert, "www.example.test", |
| 91 CertVerifier::VERIFY_EV_CERT, | 88 CertVerifier::VERIFY_EV_CERT, |
| 92 std::string(), empty_list), | 89 std::string(), empty_list), |
| 93 CertVerifier::RequestParams(ok_cert.get(), "www.example.test", 0, | 90 CertVerifier::RequestParams(ok_cert, "www.example.test", 0, |
| 94 std::string(), empty_list), | 91 std::string(), empty_list), |
| 95 1, | 92 false, |
| 96 }, | 93 }, |
| 97 { | 94 { |
| 98 // Different additional_trust_anchors. | 95 // Different additional_trust_anchors. |
| 99 CertVerifier::RequestParams(ok_cert.get(), "www.example.test", 0, | 96 CertVerifier::RequestParams(ok_cert, "www.example.test", 0, |
| 100 std::string(), empty_list), | 97 std::string(), empty_list), |
| 101 CertVerifier::RequestParams(ok_cert.get(), "www.example.test", 0, | 98 CertVerifier::RequestParams(ok_cert, "www.example.test", 0, |
| 102 std::string(), test_list), | 99 std::string(), test_list), |
| 103 -1, | 100 false, |
| 104 }, | 101 }, |
| 105 { | 102 { |
| 106 // Different OCSP responses. | 103 // Different OCSP responses. |
| 107 CertVerifier::RequestParams(ok_cert.get(), "www.example.test", 0, | 104 CertVerifier::RequestParams(ok_cert, "www.example.test", 0, |
| 108 "ocsp response", empty_list), | 105 "ocsp response", empty_list), |
| 109 CertVerifier::RequestParams(ok_cert.get(), "www.example.test", 0, | 106 CertVerifier::RequestParams(ok_cert, "www.example.test", 0, |
| 110 std::string(), empty_list), | 107 std::string(), empty_list), |
| 111 -1, | 108 false, |
| 112 }, | 109 }, |
| 113 }; | 110 }; |
| 114 for (size_t i = 0; i < arraysize(tests); ++i) { | 111 for (size_t i = 0; i < arraysize(tests); ++i) { |
| 115 SCOPED_TRACE(i); | 112 SCOPED_TRACE(i); |
| 116 | 113 |
| 117 const CertVerifier::RequestParams& key1 = tests[i].key1; | 114 const CertVerifier::RequestParams& key1 = tests[i].key1; |
| 118 const CertVerifier::RequestParams& key2 = tests[i].key2; | 115 const CertVerifier::RequestParams& key2 = tests[i].key2; |
| 119 | 116 |
| 117 // Ensure that the keys are equivalent to themselves. |
| 120 EXPECT_FALSE(key1 < key1); | 118 EXPECT_FALSE(key1 < key1); |
| 121 EXPECT_FALSE(key2 < key2); | 119 EXPECT_FALSE(key2 < key2); |
| 122 | 120 |
| 123 switch (tests[i].expected_result) { | 121 if (tests[i].equal) { |
| 124 case -1: | 122 EXPECT_TRUE(!(key1 < key2) && !(key2 < key1)); |
| 125 EXPECT_TRUE(key1 < key2); | 123 } else { |
| 126 EXPECT_FALSE(key2 < key1); | 124 EXPECT_TRUE((key1 < key2) || (key2 < key1)); |
| 127 break; | |
| 128 case 0: | |
| 129 EXPECT_FALSE(key1 < key2); | |
| 130 EXPECT_FALSE(key2 < key1); | |
| 131 break; | |
| 132 case 1: | |
| 133 EXPECT_FALSE(key1 < key2); | |
| 134 EXPECT_TRUE(key2 < key1); | |
| 135 break; | |
| 136 default: | |
| 137 FAIL() << "Invalid expectation. Can be only -1, 0, 1"; | |
| 138 } | 125 } |
| 139 } | 126 } |
| 140 } | 127 } |
| 141 | 128 |
| 142 } // namespace net | 129 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1994353002:
Update CertVerifier::Verify to use RequestParams instead (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@request_params