| Index: net/cert/internal/verify_certificate_chain_typed_unittest.h
|
| diff --git a/net/cert/internal/verify_certificate_chain_typed_unittest.h b/net/cert/internal/verify_certificate_chain_typed_unittest.h
|
| index c0ce73e6ba2848a1d78a8f7422b697a73c835df0..1e9686a3f7dfb1ba06cea6d0ee24f1dfb0d09f6a 100644
|
| --- a/net/cert/internal/verify_certificate_chain_typed_unittest.h
|
| +++ b/net/cert/internal/verify_certificate_chain_typed_unittest.h
|
| @@ -117,8 +117,12 @@ TYPED_TEST_P(VerifyCertificateChainSingleRootTest, ExpiredTargetNotBefore) {
|
| this->RunTest("expired-target-notBefore.pem");
|
| }
|
|
|
| -TYPED_TEST_P(VerifyCertificateChainSingleRootTest, ExpiredRoot) {
|
| - this->RunTest("expired-root.pem");
|
| +TYPED_TEST_P(VerifyCertificateChainSingleRootTest, ExpiredUnconstrainedRoot) {
|
| + this->RunTest("expired-unconstrained-root.pem");
|
| +}
|
| +
|
| +TYPED_TEST_P(VerifyCertificateChainSingleRootTest, ExpiredConstrainedRoot) {
|
| + this->RunTest("expired-constrained-root.pem");
|
| }
|
|
|
| TYPED_TEST_P(VerifyCertificateChainSingleRootTest, TargetNotEndEntity) {
|
| @@ -149,8 +153,14 @@ TYPED_TEST_P(VerifyCertificateChainSingleRootTest,
|
| this->RunTest("issuer-and-subject-not-byte-for-byte-equal-anchor.pem");
|
| }
|
|
|
| -TYPED_TEST_P(VerifyCertificateChainSingleRootTest, ViolatesPathlen1Root) {
|
| - this->RunTest("violates-pathlen-1-root.pem");
|
| +TYPED_TEST_P(VerifyCertificateChainSingleRootTest,
|
| + ViolatesPathlen1UnconstrainedRoot) {
|
| + this->RunTest("violates-pathlen-1-unconstrained-root.pem");
|
| +}
|
| +
|
| +TYPED_TEST_P(VerifyCertificateChainSingleRootTest,
|
| + ViolatesPathlen1ConstrainedRoot) {
|
| + this->RunTest("violates-pathlen-1-constrained-root.pem");
|
| }
|
|
|
| TYPED_TEST_P(VerifyCertificateChainSingleRootTest, NonSelfSignedRoot) {
|
| @@ -178,6 +188,36 @@ TYPED_TEST_P(VerifyCertificateChainSingleRootTest, UnknownRoot) {
|
| this->RunTest("unknown-root.pem");
|
| }
|
|
|
| +TYPED_TEST_P(VerifyCertificateChainSingleRootTest,
|
| + UnconstrainedRootLacksBasicConstraints) {
|
| + this->RunTest("unconstrained-root-lacks-basic-constraints.pem");
|
| +}
|
| +
|
| +TYPED_TEST_P(VerifyCertificateChainSingleRootTest,
|
| + ConstrainedRootLacksBasicConstraints) {
|
| + this->RunTest("constrained-root-lacks-basic-constraints.pem");
|
| +}
|
| +
|
| +TYPED_TEST_P(VerifyCertificateChainSingleRootTest,
|
| + UnconstrainedRootBasicConstraintsCaFalse) {
|
| + this->RunTest("unconstrained-root-basic-constraints-ca-false.pem");
|
| +}
|
| +
|
| +TYPED_TEST_P(VerifyCertificateChainSingleRootTest,
|
| + ConstrainedRootBasicConstraintsCaFalse) {
|
| + this->RunTest("constrained-root-basic-constraints-ca-false.pem");
|
| +}
|
| +
|
| +TYPED_TEST_P(VerifyCertificateChainSingleRootTest,
|
| + UnconstrainedNonSelfSignedRoot) {
|
| + this->RunTest("unconstrained-non-self-signed-root.pem");
|
| +}
|
| +
|
| +TYPED_TEST_P(VerifyCertificateChainSingleRootTest,
|
| + ConstrainedNonSelfSignedRoot) {
|
| + this->RunTest("constrained-non-self-signed-root.pem");
|
| +}
|
| +
|
| // TODO(eroman): Add test that invalid validity dates where the day or month
|
| // ordinal not in range, like "March 39, 2016" are rejected.
|
|
|
| @@ -199,20 +239,28 @@ REGISTER_TYPED_TEST_CASE_P(VerifyCertificateChainSingleRootTest,
|
| ExpiredIntermediate,
|
| ExpiredTarget,
|
| ExpiredTargetNotBefore,
|
| - ExpiredRoot,
|
| + ExpiredUnconstrainedRoot,
|
| + ExpiredConstrainedRoot,
|
| TargetNotEndEntity,
|
| TargetHasKeyCertSignButNotCa,
|
| TargetHasPathlenButNotCa,
|
| TargetUnknownCriticalExtension,
|
| IssuerAndSubjectNotByteForByteEqual,
|
| IssuerAndSubjectNotByteForByteEqualAnchor,
|
| - ViolatesPathlen1Root,
|
| + ViolatesPathlen1UnconstrainedRoot,
|
| + ViolatesPathlen1ConstrainedRoot,
|
| NonSelfSignedRoot,
|
| KeyRolloverOldChain,
|
| KeyRolloverRolloverChain,
|
| KeyRolloverLongRolloverChain,
|
| KeyRolloverNewChain,
|
| - UnknownRoot);
|
| + UnknownRoot,
|
| + UnconstrainedRootLacksBasicConstraints,
|
| + ConstrainedRootLacksBasicConstraints,
|
| + UnconstrainedRootBasicConstraintsCaFalse,
|
| + ConstrainedRootBasicConstraintsCaFalse,
|
| + UnconstrainedNonSelfSignedRoot,
|
| + ConstrainedNonSelfSignedRoot);
|
|
|
| } // namespace net
|
|
|
|
|
Chromium Code Reviews
Issue 2245643004:
Support trust anchor constraints, by specifying them as a certificate. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master