Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(160)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/cert/ct_policy_enforcer_unittest.cc

Issue 2084153003: Remove the test-only X509Certificate constructor (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Fixup .isolate for GYP build Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« chrome/browser/prerender/prerender_browsertest.cc ('K') | « ios/web/net/request_tracker_impl_unittest.mm ('k') | net/cert/x509_certificate.h » ('j') | net/ssl/ssl_client_auth_cache_unittest.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/cert/ct_policy_enforcer_unittest.cc
diff --git a/net/cert/ct_policy_enforcer_unittest.cc b/net/cert/ct_policy_enforcer_unittest.cc
index 105b4fd76bbba5a28a4dca997ff73538b83c7dbc..c699f27bf5d036836898717445064c0ea45ccc9e 100644
--- a/net/cert/ct_policy_enforcer_unittest.cc
+++ b/net/cert/ct_policy_enforcer_unittest.cc
@@ -9,12 +9,14 @@
#include "base/time/time.h"
#include "base/version.h"
+#include "crypto/rsa_private_key.h"
#include "crypto/sha2.h"
#include "net/base/test_data_directory.h"
#include "net/cert/ct_ev_whitelist.h"
#include "net/cert/ct_policy_status.h"
#include "net/cert/ct_verify_result.h"
#include "net/cert/x509_certificate.h"
+#include "net/cert/x509_util.h"
#include "net/test/cert_test_util.h"
#include "net/test/ct_test_util.h"
#include "testing/gmock/include/gmock/gmock.h"
@@ -127,43 +129,6 @@ class CTPolicyEnforcerTest : public ::testing::Test {
verified_scts);
}
- void CheckCertificateCompliesWithExactNumberOfEmbeddedSCTs(
- const base::Time& start,
- const base::Time& end,
- size_t required_scts) {
- scoped_refptr<X509Certificate> cert(
- new X509Certificate("subject", "issuer", start, end));
- for (size_t i = 0; i < required_scts - 1; ++i) {
- ct::SCTList scts;
- FillListWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED, i,
- std::vector<std::string>(), false, &scts);
- EXPECT_EQ(ct::CertPolicyCompliance::CERT_POLICY_NOT_ENOUGH_SCTS,
- policy_enforcer_->DoesConformToCertPolicy(cert.get(), scts,
- BoundNetLog()))
- << " for: " << (end - start).InDays() << " and " << required_scts
- << " scts=" << scts.size() << " i=" << i;
- EXPECT_EQ(ct::EVPolicyCompliance::EV_POLICY_NOT_ENOUGH_SCTS,
- policy_enforcer_->DoesConformToCTEVPolicy(cert.get(), nullptr,
- scts, BoundNetLog()))
- << " for: " << (end - start).InDays() << " and " << required_scts
- << " scts=" << scts.size() << " i=" << i;
- }
- ct::SCTList scts;
- FillListWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED,
- required_scts, std::vector<std::string>(), false,
- &scts);
- EXPECT_EQ(ct::CertPolicyCompliance::CERT_POLICY_COMPLIES_VIA_SCTS,
- policy_enforcer_->DoesConformToCertPolicy(cert.get(), scts,
- BoundNetLog()))
- << " for: " << (end - start).InDays() << " and " << required_scts
- << " scts=" << scts.size();
- EXPECT_EQ(ct::EVPolicyCompliance::EV_POLICY_COMPLIES_VIA_SCTS,
- policy_enforcer_->DoesConformToCTEVPolicy(cert.get(), nullptr,
- scts, BoundNetLog()))
- << " for: " << (end - start).InDays() << " and " << required_scts
- << " scts=" << scts.size();
- }
-
protected:
std::unique_ptr<CTPolicyEnforcer> policy_enforcer_;
scoped_refptr<X509Certificate> chain_;
@@ -470,33 +435,12 @@ TEST_F(CTPolicyEnforcerTest,
scts, BoundNetLog()));
}
-// TODO(estark): fix this test so that it can check if
-// |no_valid_dates_cert| is on the whitelist without
-// crashing. https://crbug.com/582740
-TEST_F(CTPolicyEnforcerTest, DISABLED_DoesNotConformToPolicyInvalidDates) {
- scoped_refptr<X509Certificate> no_valid_dates_cert(new X509Certificate(
- "subject", "issuer", base::Time(), base::Time::Now()));
- ct::SCTList scts;
- FillListWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED, 5,
- &scts);
- ASSERT_TRUE(no_valid_dates_cert);
- EXPECT_EQ(ct::CertPolicyCompliance::CERT_POLICY_NOT_ENOUGH_SCTS,
- policy_enforcer_->DoesConformToCertPolicy(no_valid_dates_cert.get(),
- scts, BoundNetLog()));
- EXPECT_EQ(ct::EVPolicyCompliance::EV_POLICY_NOT_ENOUGH_SCTS,
- policy_enforcer_->DoesConformToCTEVPolicy(
- no_valid_dates_cert.get(), nullptr, scts, BoundNetLog()));
- // ... but should be OK if whitelisted.
- scoped_refptr<ct::EVCertsWhitelist> whitelist(
- new DummyEVCertsWhitelist(true, true));
- EXPECT_EQ(
- ct::EVPolicyCompliance::EV_POLICY_COMPLIES_VIA_WHITELIST,
- policy_enforcer_->DoesConformToCTEVPolicy(
- no_valid_dates_cert.get(), whitelist.get(), scts, BoundNetLog()));
-}
-
TEST_F(CTPolicyEnforcerTest,
ConformsToPolicyExactNumberOfSCTsForValidityPeriod) {
+ std::unique_ptr<crypto::RSAPrivateKey> private_key(
+ crypto::RSAPrivateKey::Create(1024));
+ ASSERT_TRUE(private_key);
+
// Test multiple validity periods
const struct TestData {
base::Time validity_start;
@@ -533,9 +477,48 @@ TEST_F(CTPolicyEnforcerTest,
for (size_t i = 0; i < arraysize(kTestData); ++i) {
SCOPED_TRACE(i);
- CheckCertificateCompliesWithExactNumberOfEmbeddedSCTs(
- kTestData[i].validity_start, kTestData[i].validity_end,
- kTestData[i].scts_required);
+ const base::Time& start = kTestData[i].validity_start;
eroman 2016/06/22 16:51:08 optional: could instead alias kTestData[i]
+ const base::Time& end = kTestData[i].validity_end;
+ size_t required_scts = kTestData[i].scts_required;
+
+ // Create a self-signed certificate with exactly the validity period.
+ std::string cert_data;
+ ASSERT_TRUE(x509_util::CreateSelfSignedCert(
+ private_key.get(), x509_util::DIGEST_SHA256, "CN=test",
+ i * 10 + required_scts, start, end, &cert_data));
+ scoped_refptr<X509Certificate> cert(
+ X509Certificate::CreateFromBytes(cert_data.data(), cert_data.size()));
+ ASSERT_TRUE(cert);
+
+ for (size_t i = 0; i < required_scts - 1; ++i) {
+ ct::SCTList scts;
+ FillListWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED, i,
+ std::vector<std::string>(), false, &scts);
+ EXPECT_EQ(ct::CertPolicyCompliance::CERT_POLICY_NOT_ENOUGH_SCTS,
+ policy_enforcer_->DoesConformToCertPolicy(cert.get(), scts,
+ BoundNetLog()))
+ << " for: " << (end - start).InDays() << " and " << required_scts
+ << " scts=" << scts.size() << " i=" << i;
+ EXPECT_EQ(ct::EVPolicyCompliance::EV_POLICY_NOT_ENOUGH_SCTS,
+ policy_enforcer_->DoesConformToCTEVPolicy(cert.get(), nullptr,
+ scts, BoundNetLog()))
+ << " for: " << (end - start).InDays() << " and " << required_scts
+ << " scts=" << scts.size() << " i=" << i;
+ }
+ ct::SCTList scts;
+ FillListWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED,
+ required_scts, std::vector<std::string>(), false,
+ &scts);
+ EXPECT_EQ(ct::CertPolicyCompliance::CERT_POLICY_COMPLIES_VIA_SCTS,
+ policy_enforcer_->DoesConformToCertPolicy(cert.get(), scts,
+ BoundNetLog()))
+ << " for: " << (end - start).InDays() << " and " << required_scts
+ << " scts=" << scts.size();
+ EXPECT_EQ(ct::EVPolicyCompliance::EV_POLICY_COMPLIES_VIA_SCTS,
+ policy_enforcer_->DoesConformToCTEVPolicy(cert.get(), nullptr,
+ scts, BoundNetLog()))
+ << " for: " << (end - start).InDays() << " and " << required_scts
+ << " scts=" << scts.size();
}
}
« chrome/browser/prerender/prerender_browsertest.cc ('K') | « ios/web/net/request_tracker_impl_unittest.mm ('k') | net/cert/x509_certificate.h » ('j') | net/ssl/ssl_client_auth_cache_unittest.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698