net/cert/internal/verify_certificate_chain_unittest.cc - Issue 2078653002: Add an out parameter to VerifyCertificateChain for retrieving the trusted chain.

Side by Side Diff: net/cert/internal/verify_certificate_chain_unittest.cc

Issue 2078653002: Add an out parameter to VerifyCertificateChain for retrieving the trusted chain. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 4 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« net/cert/internal/verify_certificate_chain.cc ('K') | « net/cert/internal/verify_certificate_chain_pkits_unittest.cc ('k') | no next file » | no next file with comments »

OLD	NEW
1 // Copyright 2015 The Chromium Authors. All rights reserved.	1 // Copyright 2015 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/cert/internal/verify_certificate_chain.h"	5 #include "net/cert/internal/verify_certificate_chain.h"

6	6

7 #include "base/base_paths.h"	7 #include "base/base_paths.h"

8 #include "base/files/file_util.h"	8 #include "base/files/file_util.h"

9 #include "base/path_service.h"	9 #include "base/path_service.h"

10 #include "base/strings/string_split.h"	10 #include "base/strings/string_split.h"

(...skipping 96 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
107	107

108 std::vector<scoped_refptr<net::ParsedCertificate>> input_chain;	108 std::vector<scoped_refptr<net::ParsedCertificate>> input_chain;

109 for (const auto& cert_der : chain) {	109 for (const auto& cert_der : chain) {

110 ASSERT_TRUE(net::ParsedCertificate::CreateAndAddToVector(	110 ASSERT_TRUE(net::ParsedCertificate::CreateAndAddToVector(

111 reinterpret_cast<const uint8_t*>(cert_der.data()), cert_der.size(),	111 reinterpret_cast<const uint8_t*>(cert_der.data()), cert_der.size(),

112 net::ParsedCertificate::DataSource::EXTERNAL_REFERENCE, &input_chain));	112 net::ParsedCertificate::DataSource::EXTERNAL_REFERENCE, &input_chain));

113 }	113 }

114	114

115 SimpleSignaturePolicy signature_policy(1024);	115 SimpleSignaturePolicy signature_policy(1024);

116	116

117 bool result =	117 bool result = VerifyCertificateChain(input_chain, trust_store,
	eroman 2016/06/16 22:11:36 Please add some form of verification of the out pa Please add some form of verification of the out parameter. Basically it should be one longer than \|input_chain\|, match on all those elements, and then the last element should be the trusted certificate in trust_store. Can check the last one by using TrustStore::IsTrustedCertificate(built_chain.back()) or something like that. ryanchung 2016/06/16 22:47:08 Done. Show quoted text On 2016/06/16 22:11:36, eroman wrote: > Please add some form of verification of the out parameter. > > Basically it should be one longer than \|input_chain\|, match on all those > elements, and then the last element should be the trusted certificate in > trust_store. > > Can check the last one by using > TrustStore::IsTrustedCertificate(built_chain.back()) or something like that. Done.
118 VerifyCertificateChain(input_chain, trust_store, &signature_policy, time);	118 &signature_policy, time, nullptr);

119	119

120 ASSERT_EQ(expected_result, result);	120 ASSERT_EQ(expected_result, result);

121 }	121 }

122	122

123 TEST(VerifyCertificateChainTest, TargetAndIntermediary) {	123 TEST(VerifyCertificateChainTest, TargetAndIntermediary) {

124 RunTest("target-and-intermediary.pem");	124 RunTest("target-and-intermediary.pem");

125 }	125 }

126	126

127 TEST(VerifyCertificateChainTest, UnknownRoot) {	127 TEST(VerifyCertificateChainTest, UnknownRoot) {

128 RunTest("unknown-root.pem");	128 RunTest("unknown-root.pem");

(...skipping 99 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
228 RunTest("non-self-signed-root.pem");	228 RunTest("non-self-signed-root.pem");

229 }	229 }

230	230

231 // Tests that verifying a chain with no certificates fails.	231 // Tests that verifying a chain with no certificates fails.

232 TEST(VerifyCertificateChainTest, EmptyChainIsInvalid) {	232 TEST(VerifyCertificateChainTest, EmptyChainIsInvalid) {

233 TrustStore trust_store;	233 TrustStore trust_store;

234 der::GeneralizedTime time;	234 der::GeneralizedTime time;

235 std::vector<scoped_refptr<ParsedCertificate>> chain;	235 std::vector<scoped_refptr<ParsedCertificate>> chain;

236 SimpleSignaturePolicy signature_policy(2048);	236 SimpleSignaturePolicy signature_policy(2048);

237	237

238 ASSERT_FALSE(	238 ASSERT_FALSE(VerifyCertificateChain(chain, trust_store, &signature_policy,

239 VerifyCertificateChain(chain, trust_store, &signature_policy, time));	239 time, nullptr));

240 }	240 }

241	241

242 // TODO(eroman): Add test that invalidate validity dates where the day or month	242 // TODO(eroman): Add test that invalidate validity dates where the day or month

243 // ordinal not in range, like "March 39, 2016" are rejected.	243 // ordinal not in range, like "March 39, 2016" are rejected.

244	244

245 } // namespace	245 } // namespace

246	246

247 } // namespace net	247 } // namespace net

OLD	NEW