| OLD | NEW |
|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/internal/trust_store_collection.h" | 5 #include "net/cert/internal/trust_store_collection.h" |
| 6 | 6 |
| 7 #include "net/cert/internal/test_helpers.h" | 7 #include "net/cert/internal/test_helpers.h" |
| 8 #include "net/cert/internal/trust_store_in_memory.h" | 8 #include "net/cert/internal/trust_store_in_memory.h" |
| 9 #include "testing/gtest/include/gtest/gtest.h" | 9 #include "testing/gtest/include/gtest/gtest.h" |
| 10 | 10 |
| 11 namespace net { | 11 namespace net { |
| 12 | 12 |
| 13 namespace { | 13 namespace { |
| 14 | 14 |
| 15 class TrustStoreCollectionTest : public testing::Test { | 15 class TrustStoreCollectionTest : public testing::Test { |
| 16 public: | 16 public: |
| 17 void SetUp() override { | 17 void SetUp() override { |
| 18 ParsedCertificateList chain; | 18 ParsedCertificateList chain; |
| 19 | 19 |
| 20 VerifyCertChainTest test; | 20 VerifyCertChainTest test; |
| 21 ReadVerifyCertChainTestFromFile( | 21 ReadVerifyCertChainTestFromFile( |
| 22 "net/data/verify_certificate_chain_unittest/key-rollover-oldchain.pem", | 22 "net/data/verify_certificate_chain_unittest/key-rollover-oldchain.pem", |
| 23 &test); | 23 &test); |
| 24 chain = test.chain; | 24 chain = test.chain; |
| 25 oldroot_ = test.trust_anchor; | |
| 26 | 25 |
| 27 ASSERT_EQ(2U, chain.size()); | 26 ASSERT_EQ(3U, chain.size()); |
| 28 target_ = chain[0]; | 27 target_ = chain[0]; |
| 29 oldintermediate_ = chain[1]; | 28 oldintermediate_ = chain[1]; |
| 29 oldroot_ = chain[2]; |
| 30 ASSERT_TRUE(target_); | 30 ASSERT_TRUE(target_); |
| 31 ASSERT_TRUE(oldintermediate_); | 31 ASSERT_TRUE(oldintermediate_); |
| 32 ASSERT_TRUE(oldroot_); | 32 ASSERT_TRUE(oldroot_); |
| 33 | 33 |
| 34 ReadVerifyCertChainTestFromFile( | 34 ReadVerifyCertChainTestFromFile( |
| 35 "net/data/verify_certificate_chain_unittest/" | 35 "net/data/verify_certificate_chain_unittest/" |
| 36 "key-rollover-longrolloverchain.pem", | 36 "key-rollover-longrolloverchain.pem", |
| 37 &test); | 37 &test); |
| 38 chain = test.chain; | 38 chain = test.chain; |
| 39 | 39 |
| 40 ASSERT_EQ(4U, chain.size()); | 40 ASSERT_EQ(5U, chain.size()); |
| 41 newintermediate_ = chain[1]; | 41 newintermediate_ = chain[1]; |
| 42 newroot_ = TrustAnchor::CreateFromCertificateNoConstraints(chain[2]); | 42 newroot_ = chain[2]; |
| 43 newrootrollover_ = | 43 newrootrollover_ = chain[3]; |
| 44 TrustAnchor::CreateFromCertificateNoConstraints(chain[3]); | |
| 45 ASSERT_TRUE(newintermediate_); | 44 ASSERT_TRUE(newintermediate_); |
| 46 ASSERT_TRUE(newroot_); | 45 ASSERT_TRUE(newroot_); |
| 47 ASSERT_TRUE(newrootrollover_); | 46 ASSERT_TRUE(newrootrollover_); |
| 48 } | 47 } |
| 49 | 48 |
| 50 protected: | 49 protected: |
| 51 scoped_refptr<TrustAnchor> oldroot_; | 50 scoped_refptr<ParsedCertificate> oldroot_; |
| 52 scoped_refptr<TrustAnchor> newroot_; | 51 scoped_refptr<ParsedCertificate> newroot_; |
| 53 scoped_refptr<TrustAnchor> newrootrollover_; | 52 scoped_refptr<ParsedCertificate> newrootrollover_; |
| 54 | 53 |
| 55 scoped_refptr<ParsedCertificate> target_; | 54 scoped_refptr<ParsedCertificate> target_; |
| 56 scoped_refptr<ParsedCertificate> oldintermediate_; | 55 scoped_refptr<ParsedCertificate> oldintermediate_; |
| 57 scoped_refptr<ParsedCertificate> newintermediate_; | 56 scoped_refptr<ParsedCertificate> newintermediate_; |
| 58 }; | 57 }; |
| 59 | 58 |
| 60 // Collection contains no stores, should return no results. | 59 // Collection contains no stores, should return no results. |
| 61 TEST_F(TrustStoreCollectionTest, NoStores) { | 60 TEST_F(TrustStoreCollectionTest, NoStores) { |
| 62 TrustAnchors matches; | 61 ParsedCertificateList issuers; |
| 63 | 62 |
| 64 TrustStoreCollection collection; | 63 TrustStoreCollection collection; |
| 65 collection.FindTrustAnchorsForCert(target_, &matches); | 64 collection.SyncGetIssuersOf(target_.get(), &issuers); |
| 66 | 65 |
| 67 EXPECT_TRUE(matches.empty()); | 66 EXPECT_TRUE(issuers.empty()); |
| 68 } | 67 } |
| 69 | 68 |
| 70 // Collection contains only one store. | 69 // Collection contains only one store. |
| 71 TEST_F(TrustStoreCollectionTest, OneStore) { | 70 TEST_F(TrustStoreCollectionTest, OneStore) { |
| 72 TrustAnchors matches; | 71 ParsedCertificateList issuers; |
| 73 | 72 |
| 74 TrustStoreCollection collection; | 73 TrustStoreCollection collection; |
| 75 TrustStoreInMemory in_memory; | 74 TrustStoreInMemory in_memory; |
| 76 in_memory.AddTrustAnchor(newroot_); | 75 in_memory.AddTrustAnchor(newroot_); |
| 77 collection.AddTrustStore(&in_memory); | 76 collection.AddTrustStore(&in_memory); |
| 78 collection.FindTrustAnchorsForCert(newintermediate_, &matches); | 77 collection.SyncGetIssuersOf(newintermediate_.get(), &issuers); |
| 79 | 78 |
| 80 ASSERT_EQ(1U, matches.size()); | 79 ASSERT_EQ(1U, issuers.size()); |
| 81 EXPECT_EQ(newroot_, matches[0]); | 80 EXPECT_EQ(newroot_.get(), issuers[0].get()); |
| 81 |
| 82 // newroot_ is trusted. |
| 83 CertificateTrust trust; |
| 84 collection.GetTrust(newroot_, &trust); |
| 85 EXPECT_EQ(CertificateTrustType::TRUSTED_ANCHOR, trust.type); |
| 86 |
| 87 // oldroot_ is not. |
| 88 collection.GetTrust(oldroot_, &trust); |
| 89 EXPECT_EQ(CertificateTrustType::UNSPECIFIED, trust.type); |
| 90 } |
| 91 |
| 92 // SyncGetIssuersOf() should append to its output parameters rather than assign |
| 93 // them. |
| 94 TEST_F(TrustStoreCollectionTest, OutputVectorsAppendedTo) { |
| 95 ParsedCertificateList issuers; |
| 96 |
| 97 // Populate the out-parameter with some values. |
| 98 issuers.resize(3); |
| 99 |
| 100 TrustStoreCollection collection; |
| 101 TrustStoreInMemory in_memory; |
| 102 in_memory.AddTrustAnchor(newroot_); |
| 103 collection.AddTrustStore(&in_memory); |
| 104 collection.SyncGetIssuersOf(newintermediate_.get(), &issuers); |
| 105 |
| 106 ASSERT_EQ(4U, issuers.size()); |
| 107 EXPECT_EQ(newroot_.get(), issuers[3].get()); |
| 108 |
| 109 // newroot_ is trusted. |
| 110 CertificateTrust trust; |
| 111 collection.GetTrust(newroot_, &trust); |
| 112 EXPECT_EQ(CertificateTrustType::TRUSTED_ANCHOR, trust.type); |
| 113 |
| 114 // newrootrollover_ is not. |
| 115 collection.GetTrust(newrootrollover_, &trust); |
| 116 EXPECT_EQ(CertificateTrustType::UNSPECIFIED, trust.type); |
| 82 } | 117 } |
| 83 | 118 |
| 84 // Collection contains two stores. | 119 // Collection contains two stores. |
| 85 TEST_F(TrustStoreCollectionTest, TwoStores) { | 120 TEST_F(TrustStoreCollectionTest, TwoStores) { |
| 86 TrustAnchors matches; | 121 ParsedCertificateList issuers; |
| 87 | 122 |
| 88 TrustStoreCollection collection; | 123 TrustStoreCollection collection; |
| 89 TrustStoreInMemory in_memory1; | 124 TrustStoreInMemory in_memory1; |
| 90 TrustStoreInMemory in_memory2; | 125 TrustStoreInMemory in_memory2; |
| 91 in_memory1.AddTrustAnchor(newroot_); | 126 in_memory1.AddTrustAnchor(newroot_); |
| 92 in_memory2.AddTrustAnchor(oldroot_); | 127 in_memory2.AddTrustAnchor(oldroot_); |
| 93 collection.AddTrustStore(&in_memory1); | 128 collection.AddTrustStore(&in_memory1); |
| 94 collection.AddTrustStore(&in_memory2); | 129 collection.AddTrustStore(&in_memory2); |
| 95 collection.FindTrustAnchorsForCert(newintermediate_, &matches); | 130 collection.SyncGetIssuersOf(newintermediate_.get(), &issuers); |
| 96 | 131 |
| 97 ASSERT_EQ(2U, matches.size()); | 132 ASSERT_EQ(2U, issuers.size()); |
| 98 EXPECT_EQ(newroot_, matches[0]); | 133 EXPECT_EQ(newroot_.get(), issuers[0].get()); |
| 99 EXPECT_EQ(oldroot_, matches[1]); | 134 EXPECT_EQ(oldroot_.get(), issuers[1].get()); |
| 135 |
| 136 // newroot_ is trusted. |
| 137 CertificateTrust trust; |
| 138 collection.GetTrust(newroot_, &trust); |
| 139 EXPECT_EQ(CertificateTrustType::TRUSTED_ANCHOR, trust.type); |
| 140 |
| 141 // oldroot_ is trusted. |
| 142 collection.GetTrust(oldroot_, &trust); |
| 143 EXPECT_EQ(CertificateTrustType::TRUSTED_ANCHOR, trust.type); |
| 144 |
| 145 // newrootrollover_ is not. |
| 146 collection.GetTrust(newrootrollover_, &trust); |
| 147 EXPECT_EQ(CertificateTrustType::UNSPECIFIED, trust.type); |
| 148 } |
| 149 |
| 150 // Collection contains two stores. The certificate is marked as trusted in one, |
| 151 // but distrusted in the other. |
| 152 TEST_F(TrustStoreCollectionTest, DistrustTakesPriority) { |
| 153 ParsedCertificateList issuers; |
| 154 |
| 155 TrustStoreCollection collection; |
| 156 TrustStoreInMemory in_memory1; |
| 157 TrustStoreInMemory in_memory2; |
| 158 |
| 159 // newroot_ is trusted in store1, distrusted in store2. |
| 160 in_memory1.AddTrustAnchor(newroot_); |
| 161 in_memory2.AddDistrustedCertificateForTest(newroot_); |
| 162 |
| 163 // oldintermediate is distrusted in store1, trusted in store2. |
| 164 in_memory1.AddDistrustedCertificateForTest(oldintermediate_); |
| 165 in_memory2.AddTrustAnchor(oldintermediate_); |
| 166 |
| 167 collection.AddTrustStore(&in_memory1); |
| 168 collection.AddTrustStore(&in_memory2); |
| 169 |
| 170 // newroot_ is distrusted.. |
| 171 CertificateTrust trust; |
| 172 collection.GetTrust(newroot_, &trust); |
| 173 EXPECT_EQ(CertificateTrustType::DISTRUSTED, trust.type); |
| 174 |
| 175 // oldintermediate_ is distrusted. |
| 176 collection.GetTrust(oldintermediate_, &trust); |
| 177 EXPECT_EQ(CertificateTrustType::DISTRUSTED, trust.type); |
| 178 |
| 179 // newrootrollover_ is unspecified. |
| 180 collection.GetTrust(newrootrollover_, &trust); |
| 181 EXPECT_EQ(CertificateTrustType::UNSPECIFIED, trust.type); |
| 100 } | 182 } |
| 101 | 183 |
| 102 } // namespace | 184 } // namespace |
| 103 | 185 |
| 104 } // namespace net | 186 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2832703002:
Allow the TrustStore interface to return matching intermediates, and identify distrusted certs. (Closed)
