Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(217)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/data/verify_certificate_chain_unittest/README

Issue 2233233002: Refactor some certificate verification tests in preparation to adding (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@trust_anchor
Patch Set: fix Created 4 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/cert/internal/verify_certificate_chain_unittest.cc ('k') | net/data/verify_certificate_chain_unittest/basic-constraints-pathlen-0-self-issued.pem » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/data/verify_certificate_chain_unittest/README
diff --git a/net/data/verify_certificate_chain_unittest/README b/net/data/verify_certificate_chain_unittest/README
index 5c7019d07abfa027fd8a6ba2c34c9fa42e2b5b1d..e425e38eb7cfd192540a40b8a20152026675434f 100644
--- a/net/data/verify_certificate_chain_unittest/README
+++ b/net/data/verify_certificate_chain_unittest/README
@@ -20,10 +20,46 @@ Runs all of the generate-*.py scripts and does some cleanup.
*.pem
===============================
-These files descibe a test case for certificate chain verification.
+Each .pem file describes the inputs for certificate chain verification, and the
+expected result. These are the PEM blocks that each file contains and their
+interpretation:
-The input file is a PEM file with blocks for:
- * The trust store
- * The certificate chain (target certificate and all intermediates)
- * The timestamp to use when verifying
- * The expected result of verification (success or fail)
+CERTIFICATE:
+
+These PEM blocks describe the ordered chain of certificates starting from the
+target certificate and progressing towards the trust anchor (but not including
+the trust anchor).
+
+ - There must be one or more such PEM blocks
+ - Its contents are a DER-encoded X.509 certificate
+ - The first block is the target certificate
+ - The (i+1)th CERTIFICATE is (allegedly) the one which issued the ith
+ CERTIFICATE.
+
+TRUST_ANCHOR_{XXX}:
+
+This PEM block describes the trust anchor to use when verifying the chain.
+There are two possible names for this PEM block, which affect how it is
+interpreted: TRUST_ANCHOR_CONSTRAINED or TRUST_ANCHOR_UNCONSTRAINED.
+
+ - There must be exactly one TRUST_ANCHOR_{XXX} block.
+ - Its contents are a DER-encoded X.509 certificate
+ - The subject and SPKI from the certificate define the trust anchor
+ - If the block was named TRUST_ANCHOR_CONSTRAINED, then any constraints on the
+ certificate are also considered normative when verifying paths. Otherwise
+ any standard extensions provided by the root certificate are not used during
+ path validation.
+
+TIMESTAMP:
+
+This PEM block describes the time to use when verifying the chain.
+
+ - There must be exactly one such PEM block
+ - Its contents are a DER-encoded UTCTime.
+
+VERIFY_RESULT:
+
+This PEM block describes the expected result from verifying the path.
+
+ - There must be exactly one such PEM block
+ - Its contents are a string with value of either "SUCCESS" or "FAIL"
« no previous file with comments | « net/cert/internal/verify_certificate_chain_unittest.cc ('k') | net/data/verify_certificate_chain_unittest/basic-constraints-pathlen-0-self-issued.pem » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698