net/cert/cert_verify_proc_unittest.cc - Issue 2813043002: Add tests for keyUsage to the built-in cert verifier.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/cert/cert_verify_proc_unittest.cc

Issue 2813043002: Add tests for keyUsage to the built-in cert verifier. (Closed)

Patch Set: rebase and add test files for ios Created 3 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/cert/cert_verify_proc_unittest.cc

diff --git a/net/cert/cert_verify_proc_unittest.cc b/net/cert/cert_verify_proc_unittest.cc

index fdb254d1bc5fc94e8f1c4166efb732dc5340a8e0..a1bde4fc870ae20e28a13321c562aac8e47c9496 100644

--- a/net/cert/cert_verify_proc_unittest.cc

+++ b/net/cert/cert_verify_proc_unittest.cc

@@ -1199,14 +1199,9 @@ TEST_P(CertVerifyProcInternalTest, PublicKeyHashes) {

}

// A regression test for http://crbug.com/70293.

-// The Key Usage extension in this RSA SSL server certificate does not have

-// the keyEncipherment bit.

-TEST_P(CertVerifyProcInternalTest, InvalidKeyUsage) {

- if (verify_proc_type() == CERT_VERIFY_PROC_BUILTIN) {

- LOG(INFO) << "TODO(crbug.com/649017): Skipping test as not yet implemented "

- "in builting verifier";

- return;

- }

+// The certificate in question has a key purpose of clientAuth, and also lacks

+// the required key usage for serverAuth.

+TEST_P(CertVerifyProcInternalTest, WrongKeyPurpose) {

base::FilePath certs_dir = GetTestCertsDirectory();

scoped_refptr<X509Certificate> server_cert =

@@ -1218,25 +1213,27 @@ TEST_P(CertVerifyProcInternalTest, InvalidKeyUsage) {

int error = Verify(server_cert.get(), "jira.aquameta.com", flags, NULL,

CertificateList(), &verify_result);

- // TODO(eroman): Change the test data so results are consistent across

- // verifiers.

- if (verify_proc_type() == CERT_VERIFY_PROC_OPENSSL) {

- // This certificate has two errors: "invalid key usage" and "untrusted CA".

- // However, OpenSSL returns only one (the latter), and we can't detect

- // the other errors.

- EXPECT_THAT(error, IsError(ERR_CERT_AUTHORITY_INVALID));

- } else {

- EXPECT_THAT(error, IsError(ERR_CERT_INVALID));

+ EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_COMMON_NAME_INVALID);

+ // TODO(crbug.com/649017): Don't special-case builtin verifier.

+ if (verify_proc_type() != CERT_VERIFY_PROC_BUILTIN)

EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_INVALID);

- }

// TODO(wtc): fix http://crbug.com/75520 to get all the certificate errors

// from NSS.

if (verify_proc_type() != CERT_VERIFY_PROC_NSS &&

- verify_proc_type() != CERT_VERIFY_PROC_IOS &&

verify_proc_type() != CERT_VERIFY_PROC_ANDROID) {

// The certificate is issued by an unknown CA.

EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_AUTHORITY_INVALID);

}

+ // TODO(crbug.com/649017): Don't special-case builtin verifier.

+ if (verify_proc_type() == CERT_VERIFY_PROC_OPENSSL ||

+ verify_proc_type() == CERT_VERIFY_PROC_BUILTIN) {

+ EXPECT_THAT(error, IsError(ERR_CERT_AUTHORITY_INVALID));

+ } else {

+ EXPECT_THAT(error, IsError(ERR_CERT_INVALID));

+ }

}

// Basic test for returning the chain in CertVerifyResult. Note that the

« no previous file with comments | « net/BUILD.gn ('k') | net/cert/internal/verify_certificate_chain.h » ('j') | no next file with comments »