| OLD | NEW |
|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/internal/path_builder.h" | 5 #include "net/cert/internal/path_builder.h" |
| 6 | 6 |
| 7 #include "base/base_paths.h" | 7 #include "base/base_paths.h" |
| 8 #include "base/files/file_util.h" | 8 #include "base/files/file_util.h" |
| 9 #include "base/path_service.h" | 9 #include "base/path_service.h" |
| 10 #include "net/cert/internal/cert_issuer_source_static.h" | 10 #include "net/cert/internal/cert_issuer_source_static.h" |
| 11 #include "net/cert/internal/parsed_certificate.h" | 11 #include "net/cert/internal/parsed_certificate.h" |
| 12 #include "net/cert/internal/signature_policy.h" | 12 #include "net/cert/internal/signature_policy.h" |
| 13 #include "net/cert/internal/test_helpers.h" | 13 #include "net/cert/internal/test_helpers.h" |
| 14 #include "net/cert/internal/trust_store_collection.h" |
| 14 #include "net/cert/internal/trust_store_in_memory.h" | 15 #include "net/cert/internal/trust_store_in_memory.h" |
| 15 #include "net/cert/internal/verify_certificate_chain.h" | 16 #include "net/cert/internal/verify_certificate_chain.h" |
| 16 #include "net/cert/pem_tokenizer.h" | 17 #include "net/cert/pem_tokenizer.h" |
| 17 #include "net/der/input.h" | 18 #include "net/der/input.h" |
| 18 #include "net/test/cert_test_util.h" | 19 #include "net/test/cert_test_util.h" |
| 19 #include "net/test/test_certificate_data.h" | 20 #include "net/test/test_certificate_data.h" |
| 20 #include "testing/gmock/include/gmock/gmock.h" | 21 #include "testing/gmock/include/gmock/gmock.h" |
| 21 #include "testing/gtest/include/gtest/gtest.h" | 22 #include "testing/gtest/include/gtest/gtest.h" |
| 22 | 23 |
| 23 namespace net { | 24 namespace net { |
| (...skipping 561 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 585 | 586 |
| 586 EXPECT_FALSE(result.HasValidPath()); | 587 EXPECT_FALSE(result.HasValidPath()); |
| 587 | 588 |
| 588 ASSERT_EQ(0U, result.paths.size()); | 589 ASSERT_EQ(0U, result.paths.size()); |
| 589 } | 590 } |
| 590 | 591 |
| 591 // Tests that multiple trust root matches on a single path will be considered. | 592 // Tests that multiple trust root matches on a single path will be considered. |
| 592 // Both roots have the same subject but different keys. Only one of them will | 593 // Both roots have the same subject but different keys. Only one of them will |
| 593 // verify. | 594 // verify. |
| 594 TEST_F(PathBuilderKeyRolloverTest, TestMultipleRootMatchesOnlyOneWorks) { | 595 TEST_F(PathBuilderKeyRolloverTest, TestMultipleRootMatchesOnlyOneWorks) { |
| 595 TrustStoreInMemory trust_store; | 596 TrustStoreCollection trust_store_collection; |
| 597 TrustStoreInMemory trust_store1; |
| 598 TrustStoreInMemory trust_store2; |
| 599 trust_store_collection.AddTrustStore(&trust_store1); |
| 600 trust_store_collection.AddTrustStore(&trust_store2); |
| 596 // Add two trust anchors (newroot_ and oldroot_). Path building will attempt | 601 // Add two trust anchors (newroot_ and oldroot_). Path building will attempt |
| 597 // them in this same order. | 602 // them in this same order, as trust_store1 was added to |
| 598 trust_store.AddTrustAnchor( | 603 // trust_store_collection first. |
| 604 trust_store1.AddTrustAnchor( |
| 599 TrustAnchor::CreateFromCertificateNoConstraints(newroot_)); | 605 TrustAnchor::CreateFromCertificateNoConstraints(newroot_)); |
| 600 trust_store.AddTrustAnchor(oldroot_); | 606 trust_store2.AddTrustAnchor(oldroot_); |
| 601 | 607 |
| 602 // Only oldintermediate is supplied, so the path with newroot should fail, | 608 // Only oldintermediate is supplied, so the path with newroot should fail, |
| 603 // oldroot should succeed. | 609 // oldroot should succeed. |
| 604 CertIssuerSourceStatic sync_certs; | 610 CertIssuerSourceStatic sync_certs; |
| 605 sync_certs.AddCert(oldintermediate_); | 611 sync_certs.AddCert(oldintermediate_); |
| 606 | 612 |
| 607 CertPathBuilder::Result result; | 613 CertPathBuilder::Result result; |
| 608 CertPathBuilder path_builder(target_, &trust_store, &signature_policy_, time_, | 614 CertPathBuilder path_builder(target_, &trust_store_collection, |
| 609 &result); | 615 &signature_policy_, time_, &result); |
| 610 path_builder.AddCertIssuerSource(&sync_certs); | 616 path_builder.AddCertIssuerSource(&sync_certs); |
| 611 | 617 |
| 612 path_builder.Run(); | 618 path_builder.Run(); |
| 613 | 619 |
| 614 EXPECT_TRUE(result.HasValidPath()); | 620 EXPECT_TRUE(result.HasValidPath()); |
| 615 ASSERT_EQ(2U, result.paths.size()); | 621 ASSERT_EQ(2U, result.paths.size()); |
| 616 | 622 |
| 617 { | 623 { |
| 618 // Path builder may first attempt: target <- oldintermediate <- newroot | 624 // Path builder may first attempt: target <- oldintermediate <- newroot |
| 619 // but it will fail since oldintermediate is signed by oldroot. | 625 // but it will fail since oldintermediate is signed by oldroot. |
| (...skipping 504 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1124 EXPECT_EQ(target_, path1.certs[0]); | 1130 EXPECT_EQ(target_, path1.certs[0]); |
| 1125 EXPECT_EQ(newintermediate_, path1.certs[1]); | 1131 EXPECT_EQ(newintermediate_, path1.certs[1]); |
| 1126 EXPECT_EQ(newroot_, path1.trust_anchor->cert()); | 1132 EXPECT_EQ(newroot_, path1.trust_anchor->cert()); |
| 1127 } | 1133 } |
| 1128 | 1134 |
| 1129 #endif | 1135 #endif |
| 1130 | 1136 |
| 1131 } // namespace | 1137 } // namespace |
| 1132 | 1138 |
| 1133 } // namespace net | 1139 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2550893002:
Fix PathBuilderKeyRolloverTest.TestMultipleRootMatchesOnlyOneWorks unordered_multimap ordering depe… (Closed)
