Remove dependence on a message loop for net::PathBuilder.

net/cert/internal/path_builder_unittest.cc

 // Copyright 2016 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/cert/internal/path_builder.h"
 
 #include "base/base_paths.h"
-#include "base/cancelable_callback.h"
 #include "base/files/file_util.h"
-#include "base/location.h"
 #include "base/path_service.h"
-#include "base/threading/thread_task_runner_handle.h"
-#include "net/base/test_completion_callback.h"
 #include "net/cert/internal/cert_issuer_source_static.h"
 #include "net/cert/internal/parsed_certificate.h"
 #include "net/cert/internal/signature_policy.h"
 #include "net/cert/internal/test_helpers.h"
 #include "net/cert/internal/trust_store_in_memory.h"
-#include "net/cert/internal/trust_store_test_helpers.h"
 #include "net/cert/internal/verify_certificate_chain.h"
 #include "net/cert/pem_tokenizer.h"
 #include "net/der/input.h"
 #include "net/test/cert_test_util.h"
 #include "net/test/test_certificate_data.h"
 #include "testing/gmock/include/gmock/gmock.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
 namespace net {
 
 // TODO(crbug.com/634443): Assert the errors for each ResultPath.
 
 namespace {
 
 using ::testing::_;
 using ::testing::Invoke;
 using ::testing::NiceMock;
 using ::testing::Return;
 using ::testing::SaveArg;
 using ::testing::SetArgPointee;
 using ::testing::StrictMock;
 
 // AsyncCertIssuerSourceStatic always returns its certs asynchronously.
 class AsyncCertIssuerSourceStatic : public CertIssuerSource {
  public:
   class StaticAsyncRequest : public Request {
    public:
-    StaticAsyncRequest(const IssuerCallback& issuers_callback,
-                       ParsedCertificateList&& issuers)
-        : cancelable_closure_(base::Bind(&StaticAsyncRequest::RunCallback,
-                                         base::Unretained(this))),
-          issuers_callback_(issuers_callback) {
+    StaticAsyncRequest(ParsedCertificateList&& issuers) {
       issuers_.swap(issuers);
       issuers_iter_ = issuers_.begin();
     }
     ~StaticAsyncRequest() override {}
 
-    CompletionStatus GetNext(
-        scoped_refptr<ParsedCertificate>* out_cert) override {
-      if (issuers_iter_ == issuers_.end())
-        *out_cert = nullptr;
-      else
-        *out_cert = std::move(*issuers_iter_++);
-      return CompletionStatus::SYNC;
+    void GetNext(ParsedCertificateList* out_certs) override {
+      if (issuers_iter_ != issuers_.end())
+        out_certs->push_back(std::move(*issuers_iter_++));
     }
 
-    base::Closure callback() { return cancelable_closure_.callback(); }
-
-   private:
-    void RunCallback() { issuers_callback_.Run(this); }
-
-    base::CancelableClosure cancelable_closure_;
-    IssuerCallback issuers_callback_;
     ParsedCertificateList issuers_;
     ParsedCertificateList::iterator issuers_iter_;
 
     DISALLOW_COPY_AND_ASSIGN(StaticAsyncRequest);
   };
 
   ~AsyncCertIssuerSourceStatic() override {}
 
   void AddCert(scoped_refptr<ParsedCertificate> cert) {
     static_cert_issuer_source_.AddCert(std::move(cert));
   }
 
   void SyncGetIssuersOf(const ParsedCertificate* cert,
                         ParsedCertificateList* issuers) override {}
   void AsyncGetIssuersOf(const ParsedCertificate* cert,
-                         const IssuerCallback& issuers_callback,
                          std::unique_ptr<Request>* out_req) override {
     num_async_gets_++;
     ParsedCertificateList issuers;
     static_cert_issuer_source_.SyncGetIssuersOf(cert, &issuers);
     std::unique_ptr<StaticAsyncRequest> req(
-        new StaticAsyncRequest(issuers_callback, std::move(issuers)));
-    base::ThreadTaskRunnerHandle::Get()->PostTask(FROM_HERE, req->callback());
+        new StaticAsyncRequest(std::move(issuers)));
     *out_req = std::move(req);
   }
   int num_async_gets() const { return num_async_gets_; }
 
  private:
   CertIssuerSourceStatic static_cert_issuer_source_;
 
   int num_async_gets_ = 0;
 };
 
@@ skipping 18 matching lines @@
   CertErrors errors;
   *result = ParsedCertificate::Create(der, {}, &errors);
   if (!*result) {
     return ::testing::AssertionFailure()
            << "ParseCertificate::Create() failed:\n"
            << errors.ToDebugString();
   }
   return ::testing::AssertionSuccess();
 }
 
-// Run the path builder, and wait for async completion if necessary. The return
-// value signifies whether the path builder completed synchronously or
-// asynchronously, not that RunPathBuilder itself is asynchronous.
-CompletionStatus RunPathBuilder(CertPathBuilder* path_builder) {
-  TestClosure callback;
-  CompletionStatus rv = path_builder->Run(callback.closure());
-
-  if (rv == CompletionStatus::ASYNC) {
-    DVLOG(1) << "waiting for async completion...";
-    callback.WaitForResult();
-    DVLOG(1) << "async completed.";
-  }
-  return rv;
-}
-
 class PathBuilderMultiRootTest : public ::testing::Test {
  public:
   PathBuilderMultiRootTest() : signature_policy_(1024) {}
 
   void SetUp() override {
     ASSERT_TRUE(ReadTestCert("multi-root-A-by-B.pem", &a_by_b_));
     ASSERT_TRUE(ReadTestCert("multi-root-B-by-C.pem", &b_by_c_));
     ASSERT_TRUE(ReadTestCert("multi-root-B-by-F.pem", &b_by_f_));
     ASSERT_TRUE(ReadTestCert("multi-root-C-by-D.pem", &c_by_d_));
     ASSERT_TRUE(ReadTestCert("multi-root-C-by-E.pem", &c_by_e_));
@@ skipping 28 matching lines @@
 // trust store).
 TEST_F(PathBuilderMultiRootTest, TargetHasNameAndSpkiOfTrustAnchor) {
   TrustStoreInMemory trust_store;
   AddTrustedCertificate(a_by_b_, &trust_store);
   AddTrustedCertificate(b_by_f_, &trust_store);
 
   CertPathBuilder::Result result;
   CertPathBuilder path_builder(a_by_b_, &trust_store, &signature_policy_, time_,
                                &result);
 
-  EXPECT_EQ(CompletionStatus::SYNC, RunPathBuilder(&path_builder));
+  path_builder.Run();
 
   ASSERT_TRUE(result.HasValidPath());
   const auto& path = result.GetBestValidPath()->path;
   ASSERT_EQ(1U, path.certs.size());
   EXPECT_EQ(a_by_b_, path.certs[0]);
   EXPECT_EQ(b_by_f_, path.trust_anchor->cert());
 }
 
 // If the target cert is has the same name and key as a trust anchor, however
 // is NOT itself signed by a trust anchor, it fails. Although the provided SPKI
 // is trusted, the certificate contents cannot be verified.
 TEST_F(PathBuilderMultiRootTest, TargetWithSameNameAsTrustAnchorFails) {
   TrustStoreInMemory trust_store;
   AddTrustedCertificate(a_by_b_, &trust_store);
 
   CertPathBuilder::Result result;
   CertPathBuilder path_builder(a_by_b_, &trust_store, &signature_policy_, time_,
                                &result);
 
-  EXPECT_EQ(CompletionStatus::SYNC, RunPathBuilder(&path_builder));
+  path_builder.Run();
 
   EXPECT_FALSE(result.HasValidPath());
 }
 
 // Test a failed path building when the trust anchor is provided as a
 // supplemental certificate. Conceptually the following paths can be built:
 //
 //   B(C) <- C(D) <- [Trust anchor D]
 //   B(C) <- C(D) <- D(D) <- [Trust anchor D]
 //
@@ skipping 10 matching lines @@
   sync_certs.AddCert(c_by_d_);
 
   // C(D) is not valid at this time, so path building will fail.
   der::GeneralizedTime expired_time = {2016, 1, 1, 0, 0, 0};
 
   CertPathBuilder::Result result;
   CertPathBuilder path_builder(b_by_c_, &trust_store, &signature_policy_,
                                expired_time, &result);
   path_builder.AddCertIssuerSource(&sync_certs);
 
-  EXPECT_EQ(CompletionStatus::SYNC, RunPathBuilder(&path_builder));
+  path_builder.Run();
 
   EXPECT_FALSE(result.HasValidPath());
   ASSERT_EQ(2U, result.paths.size());
 
   EXPECT_FALSE(result.paths[0]->valid);
   const auto& path0 = result.paths[0]->path;
   ASSERT_EQ(2U, path0.certs.size());
   EXPECT_EQ(b_by_c_, path0.certs[0]);
   EXPECT_EQ(c_by_d_, path0.certs[1]);
   EXPECT_EQ(d_by_d_, path0.trust_anchor->cert());
@@ skipping 11 matching lines @@
 TEST_F(PathBuilderMultiRootTest, TargetIsSelfSignedTrustAnchor) {
   TrustStoreInMemory trust_store;
   AddTrustedCertificate(e_by_e_, &trust_store);
   // This is not necessary for the test, just an extra...
   AddTrustedCertificate(f_by_e_, &trust_store);
 
   CertPathBuilder::Result result;
   CertPathBuilder path_builder(e_by_e_, &trust_store, &signature_policy_, time_,
                                &result);
 
-  EXPECT_EQ(CompletionStatus::SYNC, RunPathBuilder(&path_builder));
+  path_builder.Run();
 
   ASSERT_TRUE(result.HasValidPath());
   const auto& path = result.GetBestValidPath()->path;
   ASSERT_EQ(1U, path.certs.size());
   EXPECT_EQ(e_by_e_, path.certs[0]);
   EXPECT_EQ(e_by_e_, path.trust_anchor->cert());
 }
 
 // If the target cert is directly issued by a trust anchor, it should verify
 // without any intermediate certs being provided.
 TEST_F(PathBuilderMultiRootTest, TargetDirectlySignedByTrustAnchor) {
   TrustStoreInMemory trust_store;
   AddTrustedCertificate(b_by_f_, &trust_store);
 
   CertPathBuilder::Result result;
   CertPathBuilder path_builder(a_by_b_, &trust_store, &signature_policy_, time_,
                                &result);
 
-  EXPECT_EQ(CompletionStatus::SYNC, RunPathBuilder(&path_builder));
+  path_builder.Run();
 
   ASSERT_TRUE(result.HasValidPath());
   const auto& path = result.GetBestValidPath()->path;
   ASSERT_EQ(1U, path.certs.size());
   EXPECT_EQ(a_by_b_, path.certs[0]);
   EXPECT_EQ(b_by_f_, path.trust_anchor->cert());
 }
 
 // Test that async cert queries are not made if the path can be successfully
 // built with synchronously available certs.
 TEST_F(PathBuilderMultiRootTest, TriesSyncFirst) {
   TrustStoreInMemory trust_store;
   AddTrustedCertificate(e_by_e_, &trust_store);
 
   CertIssuerSourceStatic sync_certs;
   sync_certs.AddCert(b_by_f_);
   sync_certs.AddCert(f_by_e_);
 
   AsyncCertIssuerSourceStatic async_certs;
   async_certs.AddCert(b_by_c_);
   async_certs.AddCert(c_by_e_);
 
   CertPathBuilder::Result result;
   CertPathBuilder path_builder(a_by_b_, &trust_store, &signature_policy_, time_,
                                &result);
   path_builder.AddCertIssuerSource(&async_certs);
   path_builder.AddCertIssuerSource(&sync_certs);
 
-  EXPECT_EQ(CompletionStatus::SYNC, RunPathBuilder(&path_builder));
+  path_builder.Run();
 
   EXPECT_TRUE(result.HasValidPath());
   EXPECT_EQ(0, async_certs.num_async_gets());
 }
 
-// Test that async cert queries are not made if no callback is provided.
-TEST_F(PathBuilderMultiRootTest, SychronousOnlyMode) {
-  TrustStoreInMemory trust_store;
-  AddTrustedCertificate(e_by_e_, &trust_store);
-
-  CertIssuerSourceStatic sync_certs;
-  sync_certs.AddCert(f_by_e_);
-
-  AsyncCertIssuerSourceStatic async_certs;
-  async_certs.AddCert(b_by_f_);
-
-  CertPathBuilder::Result result;
-  CertPathBuilder path_builder(a_by_b_, &trust_store, &signature_policy_, time_,
-                               &result);
-  path_builder.AddCertIssuerSource(&async_certs);
-  path_builder.AddCertIssuerSource(&sync_certs);
-
-  EXPECT_EQ(CompletionStatus::SYNC, path_builder.Run(base::Closure()));
-
-  EXPECT_FALSE(result.HasValidPath());
-  EXPECT_EQ(0, async_certs.num_async_gets());
-}
-
 // If async queries are needed, all async sources will be queried
 // simultaneously.
 TEST_F(PathBuilderMultiRootTest, TestAsyncSimultaneous) {
   TrustStoreInMemory trust_store;
   AddTrustedCertificate(e_by_e_, &trust_store);
 
   CertIssuerSourceStatic sync_certs;
   sync_certs.AddCert(b_by_c_);
   sync_certs.AddCert(b_by_f_);
 
   AsyncCertIssuerSourceStatic async_certs1;
   async_certs1.AddCert(c_by_e_);
 
   AsyncCertIssuerSourceStatic async_certs2;
   async_certs2.AddCert(f_by_e_);
 
   CertPathBuilder::Result result;
   CertPathBuilder path_builder(a_by_b_, &trust_store, &signature_policy_, time_,
                                &result);
   path_builder.AddCertIssuerSource(&async_certs1);
   path_builder.AddCertIssuerSource(&async_certs2);
   path_builder.AddCertIssuerSource(&sync_certs);
 
-  EXPECT_EQ(CompletionStatus::ASYNC, RunPathBuilder(&path_builder));
+  path_builder.Run();
 
   EXPECT_TRUE(result.HasValidPath());
   EXPECT_EQ(1, async_certs1.num_async_gets());
   EXPECT_EQ(1, async_certs2.num_async_gets());
 }
 
 // Test that PathBuilder does not generate longer paths than necessary if one of
 // the supplied certs is itself a trust anchor.
 TEST_F(PathBuilderMultiRootTest, TestLongChain) {
   // Both D(D) and C(D) are trusted roots.
   TrustStoreInMemory trust_store;
   AddTrustedCertificate(d_by_d_, &trust_store);
   AddTrustedCertificate(c_by_d_, &trust_store);
 
   // Certs B(C), and C(D) are all supplied.
   CertIssuerSourceStatic sync_certs;
   sync_certs.AddCert(b_by_c_);
   sync_certs.AddCert(c_by_d_);
 
   CertPathBuilder::Result result;
   CertPathBuilder path_builder(a_by_b_, &trust_store, &signature_policy_, time_,
                                &result);
   path_builder.AddCertIssuerSource(&sync_certs);
 
-  EXPECT_EQ(CompletionStatus::SYNC, RunPathBuilder(&path_builder));
+  path_builder.Run();
 
   ASSERT_TRUE(result.HasValidPath());
 
   // The result path should be A(B) <- B(C) <- C(D)
   // not the longer but also valid A(B) <- B(C) <- C(D) <- D(D)
   EXPECT_EQ(2U, result.GetBestValidPath()->path.certs.size());
 }
 
 // Test that PathBuilder will backtrack and try a different path if the first
 // one doesn't work out.
@@ skipping 13 matching lines @@
   AsyncCertIssuerSourceStatic async_certs;
   async_certs.AddCert(b_by_c_);
   async_certs.AddCert(c_by_d_);
 
   CertPathBuilder::Result result;
   CertPathBuilder path_builder(a_by_b_, &trust_store, &signature_policy_, time_,
                                &result);
   path_builder.AddCertIssuerSource(&sync_certs);
   path_builder.AddCertIssuerSource(&async_certs);
 
-  EXPECT_EQ(CompletionStatus::ASYNC, RunPathBuilder(&path_builder));
+  path_builder.Run();
 
   ASSERT_TRUE(result.HasValidPath());
 
   // The result path should be A(B) <- B(C) <- C(D) <- D(D)
   const auto& path = result.GetBestValidPath()->path;
   ASSERT_EQ(3U, path.certs.size());
   EXPECT_EQ(a_by_b_, path.certs[0]);
   EXPECT_EQ(b_by_c_, path.certs[1]);
   EXPECT_EQ(c_by_d_, path.certs[2]);
   EXPECT_EQ(d_by_d_, path.trust_anchor->cert());
@@ skipping 17 matching lines @@
     } else {
       for (const auto& cert : certs)
         sync_certs.AddCert(cert);
     }
 
     CertPathBuilder::Result result;
     CertPathBuilder path_builder(a_by_b_, &trust_store, &signature_policy_,
                                  time_, &result);
     path_builder.AddCertIssuerSource(&sync_certs);
 
-    EXPECT_EQ(CompletionStatus::SYNC, RunPathBuilder(&path_builder));
+    path_builder.Run();
 
     ASSERT_TRUE(result.HasValidPath());
 
     // The result path should be A(B) <- B(C) <- C(D) <- D(D)
     const auto& path = result.GetBestValidPath()->path;
     ASSERT_EQ(3U, path.certs.size());
     EXPECT_EQ(a_by_b_, path.certs[0]);
     EXPECT_EQ(b_by_c_, path.certs[1]);
     EXPECT_EQ(c_by_d_, path.certs[2]);
     EXPECT_EQ(d_by_d_, path.trust_anchor->cert());
@@ skipping 63 matching lines @@
   // through the rollover cert.
   CertIssuerSourceStatic sync_certs;
   sync_certs.AddCert(newintermediate_);
   sync_certs.AddCert(newrootrollover_);
 
   CertPathBuilder::Result result;
   CertPathBuilder path_builder(target_, &trust_store, &signature_policy_, time_,
                                &result);
   path_builder.AddCertIssuerSource(&sync_certs);
 
-  EXPECT_EQ(CompletionStatus::SYNC, RunPathBuilder(&path_builder));
+  path_builder.Run();
 
   EXPECT_TRUE(result.HasValidPath());
 
   // Path builder will first attempt: target <- newintermediate <- oldroot
   // but it will fail since newintermediate is signed by newroot.
   ASSERT_EQ(2U, result.paths.size());
   const auto& path0 = result.paths[0]->path;
   EXPECT_FALSE(result.paths[0]->valid);
   ASSERT_EQ(2U, path0.certs.size());
   EXPECT_EQ(target_, path0.certs[0]);
@@ skipping 27 matching lines @@
   CertIssuerSourceStatic sync_certs;
   sync_certs.AddCert(oldintermediate_);
   sync_certs.AddCert(newintermediate_);
   sync_certs.AddCert(newrootrollover_);
 
   CertPathBuilder::Result result;
   CertPathBuilder path_builder(target_, &trust_store, &signature_policy_, time_,
                                &result);
   path_builder.AddCertIssuerSource(&sync_certs);
 
-  EXPECT_EQ(CompletionStatus::SYNC, RunPathBuilder(&path_builder));
+  path_builder.Run();
 
   EXPECT_TRUE(result.HasValidPath());
 
   // Path builder willattempt one of:
   // target <- oldintermediate <- oldroot
   // target <- newintermediate <- newroot
   // either will succeed.
   ASSERT_EQ(1U, result.paths.size());
   const auto& path = result.paths[0]->path;
   EXPECT_TRUE(result.paths[0]->valid);
   ASSERT_EQ(2U, path.certs.size());
   EXPECT_EQ(target_, path.certs[0]);
   if (path.certs[1] != newintermediate_) {
     DVLOG(1) << "USED OLD";
     EXPECT_EQ(oldintermediate_, path.certs[1]);
     EXPECT_EQ(oldroot_, path.trust_anchor);
   } else {
     DVLOG(1) << "USED NEW";
     EXPECT_EQ(newintermediate_, path.certs[1]);
     EXPECT_EQ(newroot_, path.trust_anchor->cert());
   }
 }
 
-// If trust anchors are provided both synchronously and asynchronously for the
-// same cert, the synchronously provided ones should be tried first, and
-// pathbuilder should finish synchronously.
-TEST_F(PathBuilderKeyRolloverTest, TestSyncAnchorsPreferred) {
-  TrustStoreInMemoryAsync trust_store;
-  // Both oldintermediate and newintermediate are trusted, but oldintermediate
-  // is returned synchronously and newintermediate asynchronously.
-  trust_store.AddSyncTrustAnchor(
-      TrustAnchor::CreateFromCertificateNoConstraints(oldintermediate_));
-  trust_store.AddAsyncTrustAnchor(
-      TrustAnchor::CreateFromCertificateNoConstraints(newintermediate_));
-
-  CertPathBuilder::Result result;
-  CertPathBuilder path_builder(target_, &trust_store, &signature_policy_, time_,
-                               &result);
-
-  EXPECT_EQ(CompletionStatus::SYNC, RunPathBuilder(&path_builder));
-
-  EXPECT_TRUE(result.HasValidPath());
-
-  ASSERT_EQ(1U, result.paths.size());
-  const auto& path = result.paths[0]->path;
-  EXPECT_TRUE(result.paths[0]->valid);
-  ASSERT_EQ(1U, path.certs.size());
-  EXPECT_EQ(target_, path.certs[0]);
-  EXPECT_EQ(oldintermediate_, path.trust_anchor->cert());
-}
-
-// Async trust anchor checks should be done before synchronous issuer checks are
-// considered. (Avoiding creating unnecessarily long paths.)
-//
-// Two valid paths could be built:
-// newintermediate <- newrootrollover <- oldroot
-// newintermediate <- newroot
-// One invalid path could be built:
-// newintermediate <- oldroot
-//
-// First: newintermediate <- oldroot will be tried, since oldroot is
-// available synchronously, but this path will not verify.
-// Second: newintermediate <- newroot should be built, even though
-// newrootrollover issuer is available synchronously and newroot is async. This
-// path should verify and pathbuilder will stop.
-TEST_F(PathBuilderKeyRolloverTest, TestAsyncAnchorsBeforeSyncIssuers) {
-  TrustStoreInMemoryAsync trust_store;
-  trust_store.AddSyncTrustAnchor(oldroot_);
-  trust_store.AddAsyncTrustAnchor(
-      TrustAnchor::CreateFromCertificateNoConstraints(newroot_));
-
-  CertIssuerSourceStatic sync_certs;
-  sync_certs.AddCert(newrootrollover_);
-
-  CertPathBuilder::Result result;
-  CertPathBuilder path_builder(newintermediate_, &trust_store,
-                               &signature_policy_, time_, &result);
-  path_builder.AddCertIssuerSource(&sync_certs);
-
-  EXPECT_EQ(CompletionStatus::ASYNC, RunPathBuilder(&path_builder));
-
-  EXPECT_TRUE(result.HasValidPath());
-
-  ASSERT_EQ(2U, result.paths.size());
-  {
-    const auto& path = result.paths[0]->path;
-    EXPECT_FALSE(result.paths[0]->valid);
-    ASSERT_EQ(1U, path.certs.size());
-    EXPECT_EQ(newintermediate_, path.certs[0]);
-    EXPECT_EQ(oldroot_, path.trust_anchor);
-  }
-  {
-    const auto& path = result.paths[1]->path;
-    EXPECT_TRUE(result.paths[1]->valid);
-    ASSERT_EQ(1U, path.certs.size());
-    EXPECT_EQ(newintermediate_, path.certs[0]);
-    EXPECT_EQ(newroot_, path.trust_anchor->cert());
-  }
-}
-
-// If async trust anchor query returned no results, and there are no issuer
+// If trust anchor query returned no results, and there are no issuer
 // sources, path building should fail at that point.
-TEST_F(PathBuilderKeyRolloverTest, TestAsyncAnchorsNoMatchAndNoIssuerSources) {
-  TrustStoreInMemoryAsync trust_store;
-  trust_store.AddAsyncTrustAnchor(
+TEST_F(PathBuilderKeyRolloverTest, TestAnchorsNoMatchAndNoIssuerSources) {
+  TrustStoreInMemory trust_store;
+  trust_store.AddTrustAnchor(
       TrustAnchor::CreateFromCertificateNoConstraints(newroot_));
 
   CertPathBuilder::Result result;
   CertPathBuilder path_builder(target_, &trust_store, &signature_policy_, time_,
                                &result);
 
-  EXPECT_EQ(CompletionStatus::ASYNC, RunPathBuilder(&path_builder));
+  path_builder.Run();
 
   EXPECT_FALSE(result.HasValidPath());
 
   ASSERT_EQ(0U, result.paths.size());
 }
 
-// Both trust store and issuer source are async. Should successfully build a
-// path.
-TEST_F(PathBuilderKeyRolloverTest, TestAsyncAnchorsAndAsyncIssuers) {
-  TrustStoreInMemoryAsync trust_store;
-  trust_store.AddAsyncTrustAnchor(
-      TrustAnchor::CreateFromCertificateNoConstraints(newroot_));
-
-  AsyncCertIssuerSourceStatic async_certs;
-  async_certs.AddCert(newintermediate_);
-
-  CertPathBuilder::Result result;
-  CertPathBuilder path_builder(target_, &trust_store, &signature_policy_, time_,
-                               &result);
-  path_builder.AddCertIssuerSource(&async_certs);
-
-  EXPECT_EQ(CompletionStatus::ASYNC, RunPathBuilder(&path_builder));
-
-  EXPECT_TRUE(result.HasValidPath());
-
-  ASSERT_EQ(1U, result.paths.size());
-  const auto& path = result.paths[0]->path;
-  EXPECT_TRUE(result.paths[0]->valid);
-  ASSERT_EQ(2U, path.certs.size());
-  EXPECT_EQ(target_, path.certs[0]);
-  EXPECT_EQ(newintermediate_, path.certs[1]);
-  EXPECT_EQ(newroot_, path.trust_anchor->cert());
-}
-
 // Tests that multiple trust root matches on a single path will be considered.
 // Both roots have the same subject but different keys. Only one of them will
 // verify.
 TEST_F(PathBuilderKeyRolloverTest, TestMultipleRootMatchesOnlyOneWorks) {
-  TrustStoreInMemoryAsync trust_store;
+  TrustStoreInMemory trust_store;
   // Since FindTrustAnchorsByNormalizedName returns newroot synchronously, it
   // should be tried first.
-  trust_store.AddSyncTrustAnchor(
+  trust_store.AddTrustAnchor(
       TrustAnchor::CreateFromCertificateNoConstraints(newroot_));
   // oldroot is returned asynchronously, so it should only be tried after the
   // path built with newroot fails.

[mattm, 2016/10/28 02:11:55]

comment needs updating

[eroman, 2016/11/23 22:10:21]

Done.

-  trust_store.AddAsyncTrustAnchor(oldroot_);
+  trust_store.AddTrustAnchor(oldroot_);
 
   // Only oldintermediate is supplied, so the path with newroot should fail,
   // oldroot should succeed.
   CertIssuerSourceStatic sync_certs;
   sync_certs.AddCert(oldintermediate_);
 
   CertPathBuilder::Result result;
   CertPathBuilder path_builder(target_, &trust_store, &signature_policy_, time_,
                                &result);
   path_builder.AddCertIssuerSource(&sync_certs);
 
-  EXPECT_EQ(CompletionStatus::ASYNC, RunPathBuilder(&path_builder));
+  path_builder.Run();
 
   EXPECT_TRUE(result.HasValidPath());
   ASSERT_EQ(2U, result.paths.size());
 
   {
     // Path builder may first attempt: target <- oldintermediate <- newroot
     // but it will fail since oldintermediate is signed by oldroot.
     EXPECT_FALSE(result.paths[0]->valid);
     const auto& path = result.paths[0]->path;
     ASSERT_EQ(2U, path.certs.size());
@@ skipping 30 matching lines @@
   // pathbuilder to first try building a longer than necessary path.
   AsyncCertIssuerSourceStatic async_certs;
   async_certs.AddCert(newrootrollover_);
 
   CertPathBuilder::Result result;
   CertPathBuilder path_builder(target_, &trust_store, &signature_policy_, time_,
                                &result);
   path_builder.AddCertIssuerSource(&sync_certs);
   path_builder.AddCertIssuerSource(&async_certs);
 
-  EXPECT_EQ(CompletionStatus::ASYNC, RunPathBuilder(&path_builder));
+  path_builder.Run();
 
   EXPECT_TRUE(result.HasValidPath());
   ASSERT_EQ(3U, result.paths.size());
 
   // Path builder will first attempt: target <- newintermediate <- oldroot
   // but it will fail since newintermediate is signed by newroot.
   EXPECT_FALSE(result.paths[0]->valid);
   const auto& path0 = result.paths[0]->path;
   ASSERT_EQ(2U, path0.certs.size());
   EXPECT_EQ(target_, path0.certs[0]);
@@ skipping 34 matching lines @@
 TEST_F(PathBuilderKeyRolloverTest, TestEndEntityIsTrustRoot) {
   // Trust newintermediate.
   TrustStoreInMemory trust_store;
   AddTrustedCertificate(newintermediate_, &trust_store);
 
   CertPathBuilder::Result result;
   // Newintermediate is also the target cert.
   CertPathBuilder path_builder(newintermediate_, &trust_store,
                                &signature_policy_, time_, &result);
 
-  EXPECT_EQ(CompletionStatus::SYNC, RunPathBuilder(&path_builder));
+  path_builder.Run();
 
   EXPECT_FALSE(result.HasValidPath());
 }
 
 // If target has same Name+SAN+SPKI as a necessary intermediate, test if a path
 // can still be built.
 // Since LoopChecker will prevent the intermediate from being included, this
 // currently does NOT verify. This case shouldn't occur in the web PKI.
 TEST_F(PathBuilderKeyRolloverTest,
        TestEndEntityHasSameNameAndSpkiAsIntermediate) {
   // Trust oldroot.
   TrustStoreInMemory trust_store;
   trust_store.AddTrustAnchor(oldroot_);
 
   // New root rollover is provided synchronously.
   CertIssuerSourceStatic sync_certs;
   sync_certs.AddCert(newrootrollover_);
 
   CertPathBuilder::Result result;
   // Newroot is the target cert.
   CertPathBuilder path_builder(newroot_, &trust_store, &signature_policy_,
                                time_, &result);
   path_builder.AddCertIssuerSource(&sync_certs);
 
-  EXPECT_EQ(CompletionStatus::SYNC, RunPathBuilder(&path_builder));
+  path_builder.Run();
 
   // This could actually be OK, but CertPathBuilder does not build the
   // newroot <- newrootrollover <- oldroot path.
   EXPECT_FALSE(result.HasValidPath());
 }
 
 // If target has same Name+SAN+SPKI as the trust root, test that a (trivial)
 // path can still be built.
 TEST_F(PathBuilderKeyRolloverTest,
        TestEndEntityHasSameNameAndSpkiAsTrustAnchor) {
   // Trust newrootrollover.
   TrustStoreInMemory trust_store;
   AddTrustedCertificate(newrootrollover_, &trust_store);
 
   CertPathBuilder::Result result;
   // Newroot is the target cert.
   CertPathBuilder path_builder(newroot_, &trust_store, &signature_policy_,
                                time_, &result);
 
-  EXPECT_EQ(CompletionStatus::SYNC, RunPathBuilder(&path_builder));
+  path_builder.Run();
 
   ASSERT_TRUE(result.HasValidPath());
 
   const CertPathBuilder::ResultPath* best_result = result.GetBestValidPath();
 
   // Newroot has same name+SPKI as newrootrollover, thus the path is valid and
   // only contains newroot.
   EXPECT_TRUE(best_result->valid);
   ASSERT_EQ(1U, best_result->path.certs.size());
   EXPECT_EQ(newroot_, best_result->path.certs[0]);
@@ skipping 27 matching lines @@
   AsyncCertIssuerSourceStatic async_certs;
   async_certs.AddCert(newintermediate_);
 
   CertPathBuilder::Result result;
   CertPathBuilder path_builder(target_, &trust_store, &signature_policy_, time_,
                                &result);
   path_builder.AddCertIssuerSource(&sync_certs1);
   path_builder.AddCertIssuerSource(&sync_certs2);
   path_builder.AddCertIssuerSource(&async_certs);
 
-  EXPECT_EQ(CompletionStatus::ASYNC, RunPathBuilder(&path_builder));
+  path_builder.Run();
 
   EXPECT_TRUE(result.HasValidPath());
   ASSERT_EQ(2U, result.paths.size());
 
   // Path builder will first attempt: target <- oldintermediate <- newroot
   // but it will fail since oldintermediate is signed by oldroot.
   EXPECT_FALSE(result.paths[0]->valid);
   const auto& path0 = result.paths[0]->path;
 
   ASSERT_EQ(2U, path0.certs.size());
@@ skipping 28 matching lines @@
   // The oldintermediate and newroot are supplied synchronously by |sync_certs|.
   CertIssuerSourceStatic sync_certs;
   sync_certs.AddCert(oldintermediate_);
   sync_certs.AddCert(newroot_dupe);
 
   CertPathBuilder::Result result;
   CertPathBuilder path_builder(target_, &trust_store, &signature_policy_, time_,
                                &result);
   path_builder.AddCertIssuerSource(&sync_certs);
 
-  EXPECT_EQ(CompletionStatus::SYNC, RunPathBuilder(&path_builder));
+  path_builder.Run();
 
   EXPECT_FALSE(result.HasValidPath());
   ASSERT_EQ(2U, result.paths.size());
   // TODO(eroman): Is this right?
 
   // Path builder attempt: target <- oldintermediate <- newroot
   // but it will fail since oldintermediate is signed by oldroot.
   EXPECT_FALSE(result.paths[0]->valid);
   const auto& path = result.paths[0]->path;
   ASSERT_EQ(2U, path.certs.size());
   EXPECT_EQ(target_, path.certs[0]);
   EXPECT_EQ(oldintermediate_, path.certs[1]);
   // Compare the DER instead of ParsedCertificate pointer, don't care which copy
   // of newroot was used in the path.
   EXPECT_EQ(newroot_->der_cert(), path.trust_anchor->cert()->der_cert());
 }
 
+// TODO(eroman): Re-enable these tests
+#if 0
 class MockCertIssuerSourceRequest : public CertIssuerSource::Request {
  public:
-  MOCK_METHOD1(GetNext, CompletionStatus(scoped_refptr<ParsedCertificate>*));
+  MOCK_METHOD1(GetNext, void(ParsedCertificateList*));
 };
 
 class MockCertIssuerSource : public CertIssuerSource {
  public:
   MOCK_METHOD2(SyncGetIssuersOf,
                void(const ParsedCertificate*, ParsedCertificateList*));
   MOCK_METHOD3(AsyncGetIssuersOf,
                void(const ParsedCertificate*,
-                    const IssuerCallback&,
                     std::unique_ptr<Request>*));
 };
 
 // Helper class to pass the Request to the PathBuilder when it calls
 // AsyncGetIssuersOf. (GoogleMock has a ByMove helper, but it apparently can
 // only be used with Return, not SetArgPointee.)
 class CertIssuerSourceRequestMover {
  public:
   CertIssuerSourceRequestMover(std::unique_ptr<CertIssuerSource::Request> req)
       : request_(std::move(req)) {}
@@ skipping 218 matching lines @@
   // After the third batch of async results, path builder will attempt:
   // target <- newintermediate <- newroot which will succeed.
   EXPECT_TRUE(result.paths[1]->valid);
   const auto& path1 = result.paths[1]->path;
   ASSERT_EQ(2U, path1.certs.size());
   EXPECT_EQ(target_, path1.certs[0]);
   EXPECT_EQ(newintermediate_, path1.certs[1]);
   EXPECT_EQ(newroot_, path1.trust_anchor->cert());
 }
 
+#endif
+
 }  // namespace
 
 }  // namespace net