Chromium Code Reviews Chromium Code Reviews
Issue 2832703002:
Allow the TrustStore interface to return matching intermediates, and identify distrusted certs. (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/internal/trust_store_collection.h" | 5 #include "net/cert/internal/trust_store_collection.h" |
| 6 | 6 |
| 7 #include "net/cert/internal/test_helpers.h" | 7 #include "net/cert/internal/test_helpers.h" |
| 8 #include "net/cert/internal/trust_store_in_memory.h" | 8 #include "net/cert/internal/trust_store_in_memory.h" |
| 9 #include "testing/gtest/include/gtest/gtest.h" | 9 #include "testing/gtest/include/gtest/gtest.h" |
| 10 | 10 |
| 11 namespace net { | 11 namespace net { |
| 12 | 12 |
| 13 namespace { | 13 namespace { |
| 14 | 14 |
| 15 class TrustStoreCollectionTest : public testing::Test { | 15 class TrustStoreCollectionTest : public testing::Test { |
|
mattm
2017/04/28 20:26:47
test GetTrust() too
eroman
2017/04/28 21:48:04
Done.
| |
| 16 public: | 16 public: |
| 17 void SetUp() override { | 17 void SetUp() override { |
| 18 ParsedCertificateList chain; | 18 ParsedCertificateList chain; |
| 19 | 19 |
| 20 VerifyCertChainTest test; | 20 VerifyCertChainTest test; |
| 21 ReadVerifyCertChainTestFromFile( | 21 ReadVerifyCertChainTestFromFile( |
| 22 "net/data/verify_certificate_chain_unittest/key-rollover-oldchain.pem", | 22 "net/data/verify_certificate_chain_unittest/key-rollover-oldchain.pem", |
| 23 &test); | 23 &test); |
| 24 chain = test.chain; | 24 chain = test.chain; |
| 25 oldroot_ = test.trust_anchor; | |
| 26 | 25 |
| 27 ASSERT_EQ(2U, chain.size()); | 26 ASSERT_EQ(3U, chain.size()); |
| 28 target_ = chain[0]; | 27 target_ = chain[0]; |
| 29 oldintermediate_ = chain[1]; | 28 oldintermediate_ = chain[1]; |
| 29 oldroot_ = chain[2]; | |
| 30 ASSERT_TRUE(target_); | 30 ASSERT_TRUE(target_); |
| 31 ASSERT_TRUE(oldintermediate_); | 31 ASSERT_TRUE(oldintermediate_); |
| 32 ASSERT_TRUE(oldroot_); | 32 ASSERT_TRUE(oldroot_); |
| 33 | 33 |
| 34 ReadVerifyCertChainTestFromFile( | 34 ReadVerifyCertChainTestFromFile( |
| 35 "net/data/verify_certificate_chain_unittest/" | 35 "net/data/verify_certificate_chain_unittest/" |
| 36 "key-rollover-longrolloverchain.pem", | 36 "key-rollover-longrolloverchain.pem", |
| 37 &test); | 37 &test); |
| 38 chain = test.chain; | 38 chain = test.chain; |
| 39 | 39 |
| 40 ASSERT_EQ(4U, chain.size()); | 40 ASSERT_EQ(5U, chain.size()); |
| 41 newintermediate_ = chain[1]; | 41 newintermediate_ = chain[1]; |
| 42 newroot_ = TrustAnchor::CreateFromCertificateNoConstraints(chain[2]); | 42 newroot_ = chain[2]; |
| 43 newrootrollover_ = | 43 newrootrollover_ = chain[3]; |
| 44 TrustAnchor::CreateFromCertificateNoConstraints(chain[3]); | |
| 45 ASSERT_TRUE(newintermediate_); | 44 ASSERT_TRUE(newintermediate_); |
| 46 ASSERT_TRUE(newroot_); | 45 ASSERT_TRUE(newroot_); |
| 47 ASSERT_TRUE(newrootrollover_); | 46 ASSERT_TRUE(newrootrollover_); |
| 48 } | 47 } |
| 49 | 48 |
| 50 protected: | 49 protected: |
| 51 scoped_refptr<TrustAnchor> oldroot_; | 50 scoped_refptr<ParsedCertificate> oldroot_; |
| 52 scoped_refptr<TrustAnchor> newroot_; | 51 scoped_refptr<ParsedCertificate> newroot_; |
| 53 scoped_refptr<TrustAnchor> newrootrollover_; | 52 scoped_refptr<ParsedCertificate> newrootrollover_; |
| 54 | 53 |
| 55 scoped_refptr<ParsedCertificate> target_; | 54 scoped_refptr<ParsedCertificate> target_; |
| 56 scoped_refptr<ParsedCertificate> oldintermediate_; | 55 scoped_refptr<ParsedCertificate> oldintermediate_; |
| 57 scoped_refptr<ParsedCertificate> newintermediate_; | 56 scoped_refptr<ParsedCertificate> newintermediate_; |
| 58 }; | 57 }; |
| 59 | 58 |
| 60 // Collection contains no stores, should return no results. | 59 // Collection contains no stores, should return no results. |
| 61 TEST_F(TrustStoreCollectionTest, NoStores) { | 60 TEST_F(TrustStoreCollectionTest, NoStores) { |
| 62 TrustAnchors matches; | 61 ParsedCertificateList issuers; |
| 63 | 62 |
| 64 TrustStoreCollection collection; | 63 TrustStoreCollection collection; |
| 65 collection.FindTrustAnchorsForCert(target_, &matches); | 64 collection.SyncGetIssuersOf(target_.get(), &issuers); |
| 66 | 65 |
| 67 EXPECT_TRUE(matches.empty()); | 66 EXPECT_TRUE(issuers.empty()); |
| 68 } | 67 } |
| 69 | 68 |
| 70 // Collection contains only one store. | 69 // Collection contains only one store. |
| 71 TEST_F(TrustStoreCollectionTest, OneStore) { | 70 TEST_F(TrustStoreCollectionTest, OneStore) { |
| 72 TrustAnchors matches; | 71 ParsedCertificateList issuers; |
| 73 | 72 |
| 74 TrustStoreCollection collection; | 73 TrustStoreCollection collection; |
| 75 TrustStoreInMemory in_memory; | 74 TrustStoreInMemory in_memory; |
| 76 in_memory.AddTrustAnchor(newroot_); | 75 in_memory.AddTrustAnchor(newroot_); |
| 77 collection.AddTrustStore(&in_memory); | 76 collection.AddTrustStore(&in_memory); |
| 78 collection.FindTrustAnchorsForCert(newintermediate_, &matches); | 77 collection.SyncGetIssuersOf(newintermediate_.get(), &issuers); |
| 79 | 78 |
| 80 ASSERT_EQ(1U, matches.size()); | 79 ASSERT_EQ(1U, issuers.size()); |
| 81 EXPECT_EQ(newroot_, matches[0]); | 80 EXPECT_EQ(newroot_.get(), issuers[0].get()); |
| 81 } | |
| 82 | |
| 83 // SyncGetIssuersOf() should append to its output parameters rather than assign | |
| 84 // them. | |
| 85 TEST_F(TrustStoreCollectionTest, OutputVectorsAppendedTo) { | |
| 86 ParsedCertificateList issuers; | |
| 87 | |
| 88 // Populate the out-parameter with some values. | |
| 89 issuers.resize(3); | |
| 90 | |
| 91 TrustStoreCollection collection; | |
| 92 TrustStoreInMemory in_memory; | |
| 93 in_memory.AddTrustAnchor(newroot_); | |
| 94 collection.AddTrustStore(&in_memory); | |
| 95 collection.SyncGetIssuersOf(newintermediate_.get(), &issuers); | |
| 96 | |
| 97 ASSERT_EQ(4U, issuers.size()); | |
| 98 EXPECT_EQ(newroot_.get(), issuers[3].get()); | |
| 82 } | 99 } |
| 83 | 100 |
| 84 // Collection contains two stores. | 101 // Collection contains two stores. |
| 85 TEST_F(TrustStoreCollectionTest, TwoStores) { | 102 TEST_F(TrustStoreCollectionTest, TwoStores) { |
| 86 TrustAnchors matches; | 103 ParsedCertificateList issuers; |
| 87 | 104 |
| 88 TrustStoreCollection collection; | 105 TrustStoreCollection collection; |
| 89 TrustStoreInMemory in_memory1; | 106 TrustStoreInMemory in_memory1; |
| 90 TrustStoreInMemory in_memory2; | 107 TrustStoreInMemory in_memory2; |
| 91 in_memory1.AddTrustAnchor(newroot_); | 108 in_memory1.AddTrustAnchor(newroot_); |
| 92 in_memory2.AddTrustAnchor(oldroot_); | 109 in_memory2.AddTrustAnchor(oldroot_); |
| 93 collection.AddTrustStore(&in_memory1); | 110 collection.AddTrustStore(&in_memory1); |
| 94 collection.AddTrustStore(&in_memory2); | 111 collection.AddTrustStore(&in_memory2); |
| 95 collection.FindTrustAnchorsForCert(newintermediate_, &matches); | 112 collection.SyncGetIssuersOf(newintermediate_.get(), &issuers); |
| 96 | 113 |
| 97 ASSERT_EQ(2U, matches.size()); | 114 ASSERT_EQ(2U, issuers.size()); |
| 98 EXPECT_EQ(newroot_, matches[0]); | 115 EXPECT_EQ(newroot_.get(), issuers[0].get()); |
| 99 EXPECT_EQ(oldroot_, matches[1]); | 116 EXPECT_EQ(oldroot_.get(), issuers[1].get()); |
| 100 } | 117 } |
| 101 | 118 |
| 102 } // namespace | 119 } // namespace |
| 103 | 120 |
| 104 } // namespace net | 121 } // namespace net |
| OLD | NEW |
