net/cert/cert_verify_proc_unittest.cc - Issue 20628006: Reject certificates that are valid for too long.

Side by Side Diff: net/cert/cert_verify_proc_unittest.cc

Issue 20628006: Reject certificates that are valid for too long. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Rebase?! In our moment of triumph?! Created 6 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/cert/cert_verify_proc.h"	5 #include "net/cert/cert_verify_proc.h"

6	6

7 #include <vector>	7 #include <vector>

8	8

9 #include "base/callback_helpers.h"	9 #include "base/callback_helpers.h"

10 #include "base/files/file_path.h"	10 #include "base/files/file_path.h"

(...skipping 595 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
606 "test.example.com",	606 "test.example.com",

607 flags,	607 flags,

608 NULL,	608 NULL,

609 empty_cert_list_,	609 empty_cert_list_,

610 &verify_result);	610 &verify_result);

611 EXPECT_EQ(ERR_CERT_NAME_CONSTRAINT_VIOLATION, error);	611 EXPECT_EQ(ERR_CERT_NAME_CONSTRAINT_VIOLATION, error);

612 EXPECT_EQ(CERT_STATUS_NAME_CONSTRAINT_VIOLATION,	612 EXPECT_EQ(CERT_STATUS_NAME_CONSTRAINT_VIOLATION,

613 verify_result.cert_status & CERT_STATUS_NAME_CONSTRAINT_VIOLATION);	613 verify_result.cert_status & CERT_STATUS_NAME_CONSTRAINT_VIOLATION);

614 }	614 }

615	615

	616 TEST_F(CertVerifyProcTest, TestHasTooLongValidity) {

	617 base::FilePath certs_dir = GetTestCertsDirectory();

	618 scoped_refptr<X509Certificate> ok_cert =

	619 ImportCertFromFile(certs_dir, "ok_cert.pem");

	620 EXPECT_TRUE(CertVerifyProc::HasTooLongValidity(*ok_cert));

	621

	622 scoped_refptr<X509Certificate> compliant_cert =

	623 ImportCertFromFile(certs_dir, "br-compliant-validity.pem");

	624 EXPECT_FALSE(CertVerifyProc::HasTooLongValidity(*compliant_cert));

	625 }

	626

	627 // The certse.pem certificate has been revoked. crbug.com/259723.

616 TEST_F(CertVerifyProcTest, TestKnownRoot) {	628 TEST_F(CertVerifyProcTest, TestKnownRoot) {

617 if (!SupportsDetectingKnownRoots()) {	629 if (!SupportsDetectingKnownRoots()) {

618 LOG(INFO) << "Skipping this test in this platform.";	630 LOG(INFO) << "Skipping this test in this platform.";

619 return;	631 return;

620 }	632 }

621	633

622 base::FilePath certs_dir = GetTestCertsDirectory();	634 base::FilePath certs_dir = GetTestCertsDirectory();

623 CertificateList certs = CreateCertificateListFromFile(	635 CertificateList certs = CreateCertificateListFromFile(

624 certs_dir, "satveda.pem", X509Certificate::FORMAT_AUTO);	636 certs_dir, "satveda.pem", X509Certificate::FORMAT_AUTO);

625 ASSERT_EQ(2U, certs.size());	637 ASSERT_EQ(2U, certs.size());

(...skipping 967 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1593 EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_COMMON_NAME_INVALID);	1605 EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_COMMON_NAME_INVALID);

1594 }	1606 }

1595 }	1607 }

1596	1608

1597 WRAPPED_INSTANTIATE_TEST_CASE_P(	1609 WRAPPED_INSTANTIATE_TEST_CASE_P(

1598 VerifyName,	1610 VerifyName,

1599 CertVerifyProcNameTest,	1611 CertVerifyProcNameTest,

1600 testing::ValuesIn(kVerifyNameData));	1612 testing::ValuesIn(kVerifyNameData));

1601	1613

1602 } // namespace net	1614 } // namespace net

OLD	NEW

« net/cert/cert_verify_proc.cc ('K') | « net/cert/cert_verify_proc.cc ('k') | net/data/ssl/certificates/README » ('j') | no next file with comments »