OLD | NEW |
1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/internal/path_builder.h" | 5 #include "net/cert/internal/path_builder.h" |
6 | 6 |
7 #include "base/base_paths.h" | 7 #include "base/base_paths.h" |
8 #include "base/files/file_util.h" | 8 #include "base/files/file_util.h" |
9 #include "base/path_service.h" | 9 #include "base/path_service.h" |
10 #include "net/cert/internal/cert_issuer_source_static.h" | 10 #include "net/cert/internal/cert_issuer_source_static.h" |
(...skipping 200 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
211 CertPathBuilder::Result result; | 211 CertPathBuilder::Result result; |
212 CertPathBuilder path_builder(b_by_c_, &trust_store, &signature_policy_, | 212 CertPathBuilder path_builder(b_by_c_, &trust_store, &signature_policy_, |
213 expired_time, &result); | 213 expired_time, &result); |
214 path_builder.AddCertIssuerSource(&sync_certs); | 214 path_builder.AddCertIssuerSource(&sync_certs); |
215 | 215 |
216 path_builder.Run(); | 216 path_builder.Run(); |
217 | 217 |
218 EXPECT_FALSE(result.HasValidPath()); | 218 EXPECT_FALSE(result.HasValidPath()); |
219 ASSERT_EQ(2U, result.paths.size()); | 219 ASSERT_EQ(2U, result.paths.size()); |
220 | 220 |
221 EXPECT_FALSE(result.paths[0]->valid); | 221 EXPECT_FALSE(result.paths[0]->IsValid()); |
222 const auto& path0 = result.paths[0]->path; | 222 const auto& path0 = result.paths[0]->path; |
223 ASSERT_EQ(2U, path0.certs.size()); | 223 ASSERT_EQ(2U, path0.certs.size()); |
224 EXPECT_EQ(b_by_c_, path0.certs[0]); | 224 EXPECT_EQ(b_by_c_, path0.certs[0]); |
225 EXPECT_EQ(c_by_d_, path0.certs[1]); | 225 EXPECT_EQ(c_by_d_, path0.certs[1]); |
226 EXPECT_EQ(d_by_d_, path0.trust_anchor->cert()); | 226 EXPECT_EQ(d_by_d_, path0.trust_anchor->cert()); |
227 | 227 |
228 const auto& path1 = result.paths[1]->path; | 228 const auto& path1 = result.paths[1]->path; |
229 ASSERT_EQ(3U, path1.certs.size()); | 229 ASSERT_EQ(3U, path1.certs.size()); |
230 EXPECT_EQ(b_by_c_, path1.certs[0]); | 230 EXPECT_EQ(b_by_c_, path1.certs[0]); |
231 EXPECT_EQ(c_by_d_, path1.certs[1]); | 231 EXPECT_EQ(c_by_d_, path1.certs[1]); |
(...skipping 272 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
504 path_builder.AddCertIssuerSource(&sync_certs); | 504 path_builder.AddCertIssuerSource(&sync_certs); |
505 | 505 |
506 path_builder.Run(); | 506 path_builder.Run(); |
507 | 507 |
508 EXPECT_TRUE(result.HasValidPath()); | 508 EXPECT_TRUE(result.HasValidPath()); |
509 | 509 |
510 // Path builder will first attempt: target <- newintermediate <- oldroot | 510 // Path builder will first attempt: target <- newintermediate <- oldroot |
511 // but it will fail since newintermediate is signed by newroot. | 511 // but it will fail since newintermediate is signed by newroot. |
512 ASSERT_EQ(2U, result.paths.size()); | 512 ASSERT_EQ(2U, result.paths.size()); |
513 const auto& path0 = result.paths[0]->path; | 513 const auto& path0 = result.paths[0]->path; |
514 EXPECT_FALSE(result.paths[0]->valid); | 514 EXPECT_FALSE(result.paths[0]->IsValid()); |
515 ASSERT_EQ(2U, path0.certs.size()); | 515 ASSERT_EQ(2U, path0.certs.size()); |
516 EXPECT_EQ(target_, path0.certs[0]); | 516 EXPECT_EQ(target_, path0.certs[0]); |
517 EXPECT_EQ(newintermediate_, path0.certs[1]); | 517 EXPECT_EQ(newintermediate_, path0.certs[1]); |
518 EXPECT_EQ(oldroot_, path0.trust_anchor); | 518 EXPECT_EQ(oldroot_, path0.trust_anchor); |
519 | 519 |
520 // Path builder will next attempt: | 520 // Path builder will next attempt: |
521 // target <- newintermediate <- newrootrollover <- oldroot | 521 // target <- newintermediate <- newrootrollover <- oldroot |
522 // which will succeed. | 522 // which will succeed. |
523 const auto& path1 = result.paths[1]->path; | 523 const auto& path1 = result.paths[1]->path; |
524 EXPECT_EQ(1U, result.best_result_index); | 524 EXPECT_EQ(1U, result.best_result_index); |
525 EXPECT_TRUE(result.paths[1]->valid); | 525 EXPECT_TRUE(result.paths[1]->IsValid()); |
526 ASSERT_EQ(3U, path1.certs.size()); | 526 ASSERT_EQ(3U, path1.certs.size()); |
527 EXPECT_EQ(target_, path1.certs[0]); | 527 EXPECT_EQ(target_, path1.certs[0]); |
528 EXPECT_EQ(newintermediate_, path1.certs[1]); | 528 EXPECT_EQ(newintermediate_, path1.certs[1]); |
529 EXPECT_EQ(newrootrollover_, path1.certs[2]); | 529 EXPECT_EQ(newrootrollover_, path1.certs[2]); |
530 EXPECT_EQ(oldroot_, path1.trust_anchor); | 530 EXPECT_EQ(oldroot_, path1.trust_anchor); |
531 } | 531 } |
532 | 532 |
533 // Tests that if both old and new roots are trusted it can build a path through | 533 // Tests that if both old and new roots are trusted it can build a path through |
534 // either. | 534 // either. |
535 // TODO(mattm): Once prioritization is implemented, it should test that it | 535 // TODO(mattm): Once prioritization is implemented, it should test that it |
(...skipping 18 matching lines...) Expand all Loading... |
554 path_builder.Run(); | 554 path_builder.Run(); |
555 | 555 |
556 EXPECT_TRUE(result.HasValidPath()); | 556 EXPECT_TRUE(result.HasValidPath()); |
557 | 557 |
558 // Path builder willattempt one of: | 558 // Path builder willattempt one of: |
559 // target <- oldintermediate <- oldroot | 559 // target <- oldintermediate <- oldroot |
560 // target <- newintermediate <- newroot | 560 // target <- newintermediate <- newroot |
561 // either will succeed. | 561 // either will succeed. |
562 ASSERT_EQ(1U, result.paths.size()); | 562 ASSERT_EQ(1U, result.paths.size()); |
563 const auto& path = result.paths[0]->path; | 563 const auto& path = result.paths[0]->path; |
564 EXPECT_TRUE(result.paths[0]->valid); | 564 EXPECT_TRUE(result.paths[0]->IsValid()); |
565 ASSERT_EQ(2U, path.certs.size()); | 565 ASSERT_EQ(2U, path.certs.size()); |
566 EXPECT_EQ(target_, path.certs[0]); | 566 EXPECT_EQ(target_, path.certs[0]); |
567 if (path.certs[1] != newintermediate_) { | 567 if (path.certs[1] != newintermediate_) { |
568 DVLOG(1) << "USED OLD"; | 568 DVLOG(1) << "USED OLD"; |
569 EXPECT_EQ(oldintermediate_, path.certs[1]); | 569 EXPECT_EQ(oldintermediate_, path.certs[1]); |
570 EXPECT_EQ(oldroot_, path.trust_anchor); | 570 EXPECT_EQ(oldroot_, path.trust_anchor); |
571 } else { | 571 } else { |
572 DVLOG(1) << "USED NEW"; | 572 DVLOG(1) << "USED NEW"; |
573 EXPECT_EQ(newintermediate_, path.certs[1]); | 573 EXPECT_EQ(newintermediate_, path.certs[1]); |
574 EXPECT_EQ(newroot_, path.trust_anchor->cert()); | 574 EXPECT_EQ(newroot_, path.trust_anchor->cert()); |
(...skipping 45 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
620 path_builder.AddCertIssuerSource(&sync_certs); | 620 path_builder.AddCertIssuerSource(&sync_certs); |
621 | 621 |
622 path_builder.Run(); | 622 path_builder.Run(); |
623 | 623 |
624 EXPECT_TRUE(result.HasValidPath()); | 624 EXPECT_TRUE(result.HasValidPath()); |
625 ASSERT_EQ(2U, result.paths.size()); | 625 ASSERT_EQ(2U, result.paths.size()); |
626 | 626 |
627 { | 627 { |
628 // Path builder may first attempt: target <- oldintermediate <- newroot | 628 // Path builder may first attempt: target <- oldintermediate <- newroot |
629 // but it will fail since oldintermediate is signed by oldroot. | 629 // but it will fail since oldintermediate is signed by oldroot. |
630 EXPECT_FALSE(result.paths[0]->valid); | 630 EXPECT_FALSE(result.paths[0]->IsValid()); |
631 const auto& path = result.paths[0]->path; | 631 const auto& path = result.paths[0]->path; |
632 ASSERT_EQ(2U, path.certs.size()); | 632 ASSERT_EQ(2U, path.certs.size()); |
633 EXPECT_EQ(target_, path.certs[0]); | 633 EXPECT_EQ(target_, path.certs[0]); |
634 EXPECT_EQ(oldintermediate_, path.certs[1]); | 634 EXPECT_EQ(oldintermediate_, path.certs[1]); |
635 EXPECT_EQ(newroot_, path.trust_anchor->cert()); | 635 EXPECT_EQ(newroot_, path.trust_anchor->cert()); |
636 } | 636 } |
637 | 637 |
638 { | 638 { |
639 // Path builder will next attempt: | 639 // Path builder will next attempt: |
640 // target <- old intermediate <- oldroot | 640 // target <- old intermediate <- oldroot |
641 // which should succeed. | 641 // which should succeed. |
642 EXPECT_TRUE(result.paths[result.best_result_index]->valid); | 642 EXPECT_TRUE(result.paths[result.best_result_index]->IsValid()); |
643 const auto& path = result.paths[result.best_result_index]->path; | 643 const auto& path = result.paths[result.best_result_index]->path; |
644 ASSERT_EQ(2U, path.certs.size()); | 644 ASSERT_EQ(2U, path.certs.size()); |
645 EXPECT_EQ(target_, path.certs[0]); | 645 EXPECT_EQ(target_, path.certs[0]); |
646 EXPECT_EQ(oldintermediate_, path.certs[1]); | 646 EXPECT_EQ(oldintermediate_, path.certs[1]); |
647 EXPECT_EQ(oldroot_, path.trust_anchor); | 647 EXPECT_EQ(oldroot_, path.trust_anchor); |
648 } | 648 } |
649 } | 649 } |
650 | 650 |
651 // Tests that the path builder doesn't build longer than necessary paths. | 651 // Tests that the path builder doesn't build longer than necessary paths. |
652 TEST_F(PathBuilderKeyRolloverTest, TestRolloverLongChain) { | 652 TEST_F(PathBuilderKeyRolloverTest, TestRolloverLongChain) { |
(...skipping 17 matching lines...) Expand all Loading... |
670 path_builder.AddCertIssuerSource(&sync_certs); | 670 path_builder.AddCertIssuerSource(&sync_certs); |
671 path_builder.AddCertIssuerSource(&async_certs); | 671 path_builder.AddCertIssuerSource(&async_certs); |
672 | 672 |
673 path_builder.Run(); | 673 path_builder.Run(); |
674 | 674 |
675 EXPECT_TRUE(result.HasValidPath()); | 675 EXPECT_TRUE(result.HasValidPath()); |
676 ASSERT_EQ(3U, result.paths.size()); | 676 ASSERT_EQ(3U, result.paths.size()); |
677 | 677 |
678 // Path builder will first attempt: target <- newintermediate <- oldroot | 678 // Path builder will first attempt: target <- newintermediate <- oldroot |
679 // but it will fail since newintermediate is signed by newroot. | 679 // but it will fail since newintermediate is signed by newroot. |
680 EXPECT_FALSE(result.paths[0]->valid); | 680 EXPECT_FALSE(result.paths[0]->IsValid()); |
681 const auto& path0 = result.paths[0]->path; | 681 const auto& path0 = result.paths[0]->path; |
682 ASSERT_EQ(2U, path0.certs.size()); | 682 ASSERT_EQ(2U, path0.certs.size()); |
683 EXPECT_EQ(target_, path0.certs[0]); | 683 EXPECT_EQ(target_, path0.certs[0]); |
684 EXPECT_EQ(newintermediate_, path0.certs[1]); | 684 EXPECT_EQ(newintermediate_, path0.certs[1]); |
685 EXPECT_EQ(oldroot_, path0.trust_anchor); | 685 EXPECT_EQ(oldroot_, path0.trust_anchor); |
686 | 686 |
687 // Path builder will next attempt: | 687 // Path builder will next attempt: |
688 // target <- newintermediate <- newroot <- oldroot | 688 // target <- newintermediate <- newroot <- oldroot |
689 // but it will fail since newroot is self-signed. | 689 // but it will fail since newroot is self-signed. |
690 EXPECT_FALSE(result.paths[1]->valid); | 690 EXPECT_FALSE(result.paths[1]->IsValid()); |
691 const auto& path1 = result.paths[1]->path; | 691 const auto& path1 = result.paths[1]->path; |
692 ASSERT_EQ(3U, path1.certs.size()); | 692 ASSERT_EQ(3U, path1.certs.size()); |
693 EXPECT_EQ(target_, path1.certs[0]); | 693 EXPECT_EQ(target_, path1.certs[0]); |
694 EXPECT_EQ(newintermediate_, path1.certs[1]); | 694 EXPECT_EQ(newintermediate_, path1.certs[1]); |
695 EXPECT_EQ(newroot_, path1.certs[2]); | 695 EXPECT_EQ(newroot_, path1.certs[2]); |
696 EXPECT_EQ(oldroot_, path1.trust_anchor); | 696 EXPECT_EQ(oldroot_, path1.trust_anchor); |
697 | 697 |
698 // Path builder will skip: | 698 // Path builder will skip: |
699 // target <- newintermediate <- newroot <- newrootrollover <- ... | 699 // target <- newintermediate <- newroot <- newrootrollover <- ... |
700 // Since newroot and newrootrollover have the same Name+SAN+SPKI. | 700 // Since newroot and newrootrollover have the same Name+SAN+SPKI. |
701 | 701 |
702 // Finally path builder will use: | 702 // Finally path builder will use: |
703 // target <- newintermediate <- newrootrollover <- oldroot | 703 // target <- newintermediate <- newrootrollover <- oldroot |
704 EXPECT_EQ(2U, result.best_result_index); | 704 EXPECT_EQ(2U, result.best_result_index); |
705 EXPECT_TRUE(result.paths[2]->valid); | 705 EXPECT_TRUE(result.paths[2]->IsValid()); |
706 const auto& path2 = result.paths[2]->path; | 706 const auto& path2 = result.paths[2]->path; |
707 ASSERT_EQ(3U, path2.certs.size()); | 707 ASSERT_EQ(3U, path2.certs.size()); |
708 EXPECT_EQ(target_, path2.certs[0]); | 708 EXPECT_EQ(target_, path2.certs[0]); |
709 EXPECT_EQ(newintermediate_, path2.certs[1]); | 709 EXPECT_EQ(newintermediate_, path2.certs[1]); |
710 EXPECT_EQ(newrootrollover_, path2.certs[2]); | 710 EXPECT_EQ(newrootrollover_, path2.certs[2]); |
711 EXPECT_EQ(oldroot_, path2.trust_anchor); | 711 EXPECT_EQ(oldroot_, path2.trust_anchor); |
712 } | 712 } |
713 | 713 |
714 // If the target cert is a trust anchor, however is not itself *signed* by a | 714 // If the target cert is a trust anchor, however is not itself *signed* by a |
715 // trust anchor, then it is not considered valid (the SPKI and name of the | 715 // trust anchor, then it is not considered valid (the SPKI and name of the |
(...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
771 time_, &result); | 771 time_, &result); |
772 | 772 |
773 path_builder.Run(); | 773 path_builder.Run(); |
774 | 774 |
775 ASSERT_TRUE(result.HasValidPath()); | 775 ASSERT_TRUE(result.HasValidPath()); |
776 | 776 |
777 const CertPathBuilder::ResultPath* best_result = result.GetBestValidPath(); | 777 const CertPathBuilder::ResultPath* best_result = result.GetBestValidPath(); |
778 | 778 |
779 // Newroot has same name+SPKI as newrootrollover, thus the path is valid and | 779 // Newroot has same name+SPKI as newrootrollover, thus the path is valid and |
780 // only contains newroot. | 780 // only contains newroot. |
781 EXPECT_TRUE(best_result->valid); | 781 EXPECT_TRUE(best_result->IsValid()); |
782 ASSERT_EQ(1U, best_result->path.certs.size()); | 782 ASSERT_EQ(1U, best_result->path.certs.size()); |
783 EXPECT_EQ(newroot_, best_result->path.certs[0]); | 783 EXPECT_EQ(newroot_, best_result->path.certs[0]); |
784 EXPECT_EQ(newrootrollover_, best_result->path.trust_anchor->cert()); | 784 EXPECT_EQ(newrootrollover_, best_result->path.trust_anchor->cert()); |
785 } | 785 } |
786 | 786 |
787 // Test that PathBuilder will not try the same path twice if multiple | 787 // Test that PathBuilder will not try the same path twice if multiple |
788 // CertIssuerSources provide the same certificate. | 788 // CertIssuerSources provide the same certificate. |
789 TEST_F(PathBuilderKeyRolloverTest, TestDuplicateIntermediates) { | 789 TEST_F(PathBuilderKeyRolloverTest, TestDuplicateIntermediates) { |
790 // Create a separate copy of oldintermediate. | 790 // Create a separate copy of oldintermediate. |
791 scoped_refptr<ParsedCertificate> oldintermediate_dupe( | 791 scoped_refptr<ParsedCertificate> oldintermediate_dupe( |
(...skipping 29 matching lines...) Expand all Loading... |
821 path_builder.AddCertIssuerSource(&sync_certs2); | 821 path_builder.AddCertIssuerSource(&sync_certs2); |
822 path_builder.AddCertIssuerSource(&async_certs); | 822 path_builder.AddCertIssuerSource(&async_certs); |
823 | 823 |
824 path_builder.Run(); | 824 path_builder.Run(); |
825 | 825 |
826 EXPECT_TRUE(result.HasValidPath()); | 826 EXPECT_TRUE(result.HasValidPath()); |
827 ASSERT_EQ(2U, result.paths.size()); | 827 ASSERT_EQ(2U, result.paths.size()); |
828 | 828 |
829 // Path builder will first attempt: target <- oldintermediate <- newroot | 829 // Path builder will first attempt: target <- oldintermediate <- newroot |
830 // but it will fail since oldintermediate is signed by oldroot. | 830 // but it will fail since oldintermediate is signed by oldroot. |
831 EXPECT_FALSE(result.paths[0]->valid); | 831 EXPECT_FALSE(result.paths[0]->IsValid()); |
832 const auto& path0 = result.paths[0]->path; | 832 const auto& path0 = result.paths[0]->path; |
833 | 833 |
834 ASSERT_EQ(2U, path0.certs.size()); | 834 ASSERT_EQ(2U, path0.certs.size()); |
835 EXPECT_EQ(target_, path0.certs[0]); | 835 EXPECT_EQ(target_, path0.certs[0]); |
836 // Compare the DER instead of ParsedCertificate pointer, don't care which copy | 836 // Compare the DER instead of ParsedCertificate pointer, don't care which copy |
837 // of oldintermediate was used in the path. | 837 // of oldintermediate was used in the path. |
838 EXPECT_EQ(oldintermediate_->der_cert(), path0.certs[1]->der_cert()); | 838 EXPECT_EQ(oldintermediate_->der_cert(), path0.certs[1]->der_cert()); |
839 EXPECT_EQ(newroot_, path0.trust_anchor->cert()); | 839 EXPECT_EQ(newroot_, path0.trust_anchor->cert()); |
840 | 840 |
841 // Path builder will next attempt: target <- newintermediate <- newroot | 841 // Path builder will next attempt: target <- newintermediate <- newroot |
842 // which will succeed. | 842 // which will succeed. |
843 EXPECT_EQ(1U, result.best_result_index); | 843 EXPECT_EQ(1U, result.best_result_index); |
844 EXPECT_TRUE(result.paths[1]->valid); | 844 EXPECT_TRUE(result.paths[1]->IsValid()); |
845 const auto& path1 = result.paths[1]->path; | 845 const auto& path1 = result.paths[1]->path; |
846 ASSERT_EQ(2U, path1.certs.size()); | 846 ASSERT_EQ(2U, path1.certs.size()); |
847 EXPECT_EQ(target_, path1.certs[0]); | 847 EXPECT_EQ(target_, path1.certs[0]); |
848 EXPECT_EQ(newintermediate_, path1.certs[1]); | 848 EXPECT_EQ(newintermediate_, path1.certs[1]); |
849 EXPECT_EQ(newroot_, path1.trust_anchor->cert()); | 849 EXPECT_EQ(newroot_, path1.trust_anchor->cert()); |
850 } | 850 } |
851 | 851 |
852 // Test when PathBuilder is given a cert CertIssuerSources that has the same | 852 // Test when PathBuilder is given a cert CertIssuerSources that has the same |
853 // SPKI as a TrustAnchor. | 853 // SPKI as a TrustAnchor. |
854 TEST_F(PathBuilderKeyRolloverTest, TestDuplicateIntermediateAndRoot) { | 854 TEST_F(PathBuilderKeyRolloverTest, TestDuplicateIntermediateAndRoot) { |
(...skipping 19 matching lines...) Expand all Loading... |
874 path_builder.AddCertIssuerSource(&sync_certs); | 874 path_builder.AddCertIssuerSource(&sync_certs); |
875 | 875 |
876 path_builder.Run(); | 876 path_builder.Run(); |
877 | 877 |
878 EXPECT_FALSE(result.HasValidPath()); | 878 EXPECT_FALSE(result.HasValidPath()); |
879 ASSERT_EQ(2U, result.paths.size()); | 879 ASSERT_EQ(2U, result.paths.size()); |
880 // TODO(eroman): Is this right? | 880 // TODO(eroman): Is this right? |
881 | 881 |
882 // Path builder attempt: target <- oldintermediate <- newroot | 882 // Path builder attempt: target <- oldintermediate <- newroot |
883 // but it will fail since oldintermediate is signed by oldroot. | 883 // but it will fail since oldintermediate is signed by oldroot. |
884 EXPECT_FALSE(result.paths[0]->valid); | 884 EXPECT_FALSE(result.paths[0]->IsValid()); |
885 const auto& path = result.paths[0]->path; | 885 const auto& path = result.paths[0]->path; |
886 ASSERT_EQ(2U, path.certs.size()); | 886 ASSERT_EQ(2U, path.certs.size()); |
887 EXPECT_EQ(target_, path.certs[0]); | 887 EXPECT_EQ(target_, path.certs[0]); |
888 EXPECT_EQ(oldintermediate_, path.certs[1]); | 888 EXPECT_EQ(oldintermediate_, path.certs[1]); |
889 // Compare the DER instead of ParsedCertificate pointer, don't care which copy | 889 // Compare the DER instead of ParsedCertificate pointer, don't care which copy |
890 // of newroot was used in the path. | 890 // of newroot was used in the path. |
891 EXPECT_EQ(newroot_->der_cert(), path.trust_anchor->cert()->der_cert()); | 891 EXPECT_EQ(newroot_->der_cert(), path.trust_anchor->cert()->der_cert()); |
892 } | 892 } |
893 | 893 |
894 class MockCertIssuerSourceRequest : public CertIssuerSource::Request { | 894 class MockCertIssuerSourceRequest : public CertIssuerSource::Request { |
(...skipping 94 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
989 // Note that VerifyAndClearExpectations(target_issuers_req) is not called | 989 // Note that VerifyAndClearExpectations(target_issuers_req) is not called |
990 // here. PathBuilder could have destroyed it already, so just let the | 990 // here. PathBuilder could have destroyed it already, so just let the |
991 // expectations get checked by the destructor. | 991 // expectations get checked by the destructor. |
992 ::testing::Mock::VerifyAndClearExpectations(&cert_issuer_source); | 992 ::testing::Mock::VerifyAndClearExpectations(&cert_issuer_source); |
993 | 993 |
994 EXPECT_TRUE(result.HasValidPath()); | 994 EXPECT_TRUE(result.HasValidPath()); |
995 ASSERT_EQ(2U, result.paths.size()); | 995 ASSERT_EQ(2U, result.paths.size()); |
996 | 996 |
997 // Path builder first attempts: target <- oldintermediate <- newroot | 997 // Path builder first attempts: target <- oldintermediate <- newroot |
998 // but it will fail since oldintermediate is signed by oldroot. | 998 // but it will fail since oldintermediate is signed by oldroot. |
999 EXPECT_FALSE(result.paths[0]->valid); | 999 EXPECT_FALSE(result.paths[0]->IsValid()); |
1000 const auto& path0 = result.paths[0]->path; | 1000 const auto& path0 = result.paths[0]->path; |
1001 ASSERT_EQ(2U, path0.certs.size()); | 1001 ASSERT_EQ(2U, path0.certs.size()); |
1002 EXPECT_EQ(target_, path0.certs[0]); | 1002 EXPECT_EQ(target_, path0.certs[0]); |
1003 EXPECT_EQ(oldintermediate_, path0.certs[1]); | 1003 EXPECT_EQ(oldintermediate_, path0.certs[1]); |
1004 EXPECT_EQ(newroot_, path0.trust_anchor->cert()); | 1004 EXPECT_EQ(newroot_, path0.trust_anchor->cert()); |
1005 | 1005 |
1006 // After the second batch of async results, path builder will attempt: | 1006 // After the second batch of async results, path builder will attempt: |
1007 // target <- newintermediate <- newroot which will succeed. | 1007 // target <- newintermediate <- newroot which will succeed. |
1008 EXPECT_TRUE(result.paths[1]->valid); | 1008 EXPECT_TRUE(result.paths[1]->IsValid()); |
1009 const auto& path1 = result.paths[1]->path; | 1009 const auto& path1 = result.paths[1]->path; |
1010 ASSERT_EQ(2U, path1.certs.size()); | 1010 ASSERT_EQ(2U, path1.certs.size()); |
1011 EXPECT_EQ(target_, path1.certs[0]); | 1011 EXPECT_EQ(target_, path1.certs[0]); |
1012 EXPECT_EQ(newintermediate_, path1.certs[1]); | 1012 EXPECT_EQ(newintermediate_, path1.certs[1]); |
1013 EXPECT_EQ(newroot_, path1.trust_anchor->cert()); | 1013 EXPECT_EQ(newroot_, path1.trust_anchor->cert()); |
1014 } | 1014 } |
1015 | 1015 |
1016 // Test that PathBuilder will not try the same path twice if CertIssuerSources | 1016 // Test that PathBuilder will not try the same path twice if CertIssuerSources |
1017 // asynchronously provide the same certificate multiple times. | 1017 // asynchronously provide the same certificate multiple times. |
1018 TEST_F(PathBuilderKeyRolloverTest, TestDuplicateAsyncIntermediates) { | 1018 TEST_F(PathBuilderKeyRolloverTest, TestDuplicateAsyncIntermediates) { |
(...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1075 // Ensure pathbuilder finished and filled result. | 1075 // Ensure pathbuilder finished and filled result. |
1076 path_builder.Run(); | 1076 path_builder.Run(); |
1077 | 1077 |
1078 ::testing::Mock::VerifyAndClearExpectations(&cert_issuer_source); | 1078 ::testing::Mock::VerifyAndClearExpectations(&cert_issuer_source); |
1079 | 1079 |
1080 EXPECT_TRUE(result.HasValidPath()); | 1080 EXPECT_TRUE(result.HasValidPath()); |
1081 ASSERT_EQ(2U, result.paths.size()); | 1081 ASSERT_EQ(2U, result.paths.size()); |
1082 | 1082 |
1083 // Path builder first attempts: target <- oldintermediate <- newroot | 1083 // Path builder first attempts: target <- oldintermediate <- newroot |
1084 // but it will fail since oldintermediate is signed by oldroot. | 1084 // but it will fail since oldintermediate is signed by oldroot. |
1085 EXPECT_FALSE(result.paths[0]->valid); | 1085 EXPECT_FALSE(result.paths[0]->IsValid()); |
1086 const auto& path0 = result.paths[0]->path; | 1086 const auto& path0 = result.paths[0]->path; |
1087 ASSERT_EQ(2U, path0.certs.size()); | 1087 ASSERT_EQ(2U, path0.certs.size()); |
1088 EXPECT_EQ(target_, path0.certs[0]); | 1088 EXPECT_EQ(target_, path0.certs[0]); |
1089 EXPECT_EQ(oldintermediate_, path0.certs[1]); | 1089 EXPECT_EQ(oldintermediate_, path0.certs[1]); |
1090 EXPECT_EQ(newroot_, path0.trust_anchor->cert()); | 1090 EXPECT_EQ(newroot_, path0.trust_anchor->cert()); |
1091 | 1091 |
1092 // The second async result does not generate any path. | 1092 // The second async result does not generate any path. |
1093 | 1093 |
1094 // After the third batch of async results, path builder will attempt: | 1094 // After the third batch of async results, path builder will attempt: |
1095 // target <- newintermediate <- newroot which will succeed. | 1095 // target <- newintermediate <- newroot which will succeed. |
1096 EXPECT_TRUE(result.paths[1]->valid); | 1096 EXPECT_TRUE(result.paths[1]->IsValid()); |
1097 const auto& path1 = result.paths[1]->path; | 1097 const auto& path1 = result.paths[1]->path; |
1098 ASSERT_EQ(2U, path1.certs.size()); | 1098 ASSERT_EQ(2U, path1.certs.size()); |
1099 EXPECT_EQ(target_, path1.certs[0]); | 1099 EXPECT_EQ(target_, path1.certs[0]); |
1100 EXPECT_EQ(newintermediate_, path1.certs[1]); | 1100 EXPECT_EQ(newintermediate_, path1.certs[1]); |
1101 EXPECT_EQ(newroot_, path1.trust_anchor->cert()); | 1101 EXPECT_EQ(newroot_, path1.trust_anchor->cert()); |
1102 } | 1102 } |
1103 | 1103 |
1104 } // namespace | 1104 } // namespace |
1105 | 1105 |
1106 } // namespace net | 1106 } // namespace net |
OLD | NEW |