WIP: NSS trust store integration for path builder.

net/cert/internal/path_builder_pkits_unittest.cc

 // Copyright 2016 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/cert/internal/path_builder.h"
 
 #include "net/base/net_errors.h"
 #include "net/cert/internal/cert_issuer_source_static.h"
 #include "net/cert/internal/parse_certificate.h"
 #include "net/cert/internal/parsed_certificate.h"
 #include "net/cert/internal/signature_policy.h"
-#include "net/cert/internal/trust_store.h"
+#include "net/cert/internal/trust_store_static.h"
 #include "net/cert/internal/verify_certificate_chain.h"
 #include "net/der/input.h"
 
 // Disable tests that require DSA signatures (DSA signatures are intentionally
 // unsupported). Custom versions of the DSA tests are defined below which expect
 // verification to fail.
 #define Section1ValidDSASignaturesTest4 DISABLED_Section1ValidDSASignaturesTest4
 #define Section1ValidDSAParameterInheritanceTest5 \
   DISABLED_Section1ValidDSAParameterInheritanceTest5
 
@@ skipping 36 matching lines @@
     ParsedCertificateList certs;
     for (const std::string& der : cert_ders) {
       certs.push_back(ParsedCertificate::CreateFromCertificateCopy(der, {}));
       if (!certs.back()) {
         ADD_FAILURE() << "ParsedCertificate::CreateFromCertificateCopy failed";
         return false;
       }
     }
     // First entry in the PKITS chain is the trust anchor.
     // TODO(mattm): test with all possible trust anchors in the trust store?
-    TrustStore trust_store;
+    TrustStoreStatic trust_store;
     trust_store.AddTrustedCertificate(certs[0]);
 
     // TODO(mattm): test with other irrelevant certs in cert_issuer_sources?
     CertIssuerSourceStatic cert_issuer_source;
-    for (size_t i = 1; i < cert_ders.size() - 1; ++i)
-      cert_issuer_source.AddCert(certs[i]);
+    for (const auto& cert : certs)
+      cert_issuer_source.AddCert(cert);
 
     scoped_refptr<ParsedCertificate> target_cert(certs.back());
 
     SimpleSignaturePolicy signature_policy(1024);
 
     // Run all tests at the time the PKITS was published.
     der::GeneralizedTime time = {2011, 4, 15, 0, 0, 0};
 
     CertPathBuilder::Result result;
-    CertPathBuilder path_builder(std::move(target_cert), &trust_store,
-                                 &signature_policy, time, &result);
+    CertPathBuilder path_builder(std::move(target_cert), &signature_policy,
+                                 time, &result);
+    path_builder.AddTrustStore(&trust_store);
     path_builder.AddCertIssuerSource(&cert_issuer_source);
 
     CompletionStatus rv = path_builder.Run(base::Closure());
     EXPECT_EQ(CompletionStatus::SYNC, rv);
 
     return result.is_success();
   }
 };
 
 }  // namespace
@@ skipping 121 matching lines @@
 
 // TODO(mattm): CRL support: PkitsTest04BasicCertificateRevocationTests,
 // PkitsTest05VerifyingPathswithSelfIssuedCertificates,
 // PkitsTest14DistributionPoints, PkitsTest15DeltaCRLs
 
 // TODO(mattm): Certificate Policies support: PkitsTest08CertificatePolicies,
 // PkitsTest09RequireExplicitPolicy PkitsTest10PolicyMappings,
 // PkitsTest11InhibitPolicyMapping, PkitsTest12InhibitAnyPolicy
 
 }  // namespace net