Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(322)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/internal/verify_certificate_chain_pkits_unittest.cc

Issue 2832703002: Allow the TrustStore interface to return matching intermediates, and identify distrusted certs. (Closed)
Patch Set: address comments Created 3 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« components/cast_certificate/cast_cert_validator_test_helpers.cc ('K') | « net/cert/internal/verify_certificate_chain.cc ('k') | net/cert/internal/verify_certificate_chain_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2016 The Chromium Authors. All rights reserved. 1 // Copyright 2016 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/internal/verify_certificate_chain.h" 5 #include "net/cert/internal/verify_certificate_chain.h"
6 6
7 #include "net/cert/internal/parsed_certificate.h" 7 #include "net/cert/internal/parsed_certificate.h"
8 #include "net/cert/internal/signature_policy.h" 8 #include "net/cert/internal/signature_policy.h"
9 #include "net/cert/internal/trust_store.h" 9 #include "net/cert/internal/trust_store.h"
10 #include "net/der/input.h" 10 #include "net/der/input.h"
(...skipping 52 matching lines...) Expand 10 before | Expand all | Expand 10 after
63 bssl::UniquePtr<CRYPTO_BUFFER>( 63 bssl::UniquePtr<CRYPTO_BUFFER>(
64 CRYPTO_BUFFER_new(reinterpret_cast<const uint8_t*>(i->data()), 64 CRYPTO_BUFFER_new(reinterpret_cast<const uint8_t*>(i->data()),
65 i->size(), nullptr)), 65 i->size(), nullptr)),
66 {}, &input_chain, &parsing_errors)) { 66 {}, &input_chain, &parsing_errors)) {
67 ADD_FAILURE() << "Cert failed to parse:\n" 67 ADD_FAILURE() << "Cert failed to parse:\n"
68 << parsing_errors.ToDebugString(); 68 << parsing_errors.ToDebugString();
69 return false; 69 return false;
70 } 70 }
71 } 71 }
72 72
73 scoped_refptr<TrustAnchor> trust_anchor =
74 TrustAnchor::CreateFromCertificateNoConstraints(input_chain.back());
75 input_chain.pop_back();
76
77 SimpleSignaturePolicy signature_policy(1024); 73 SimpleSignaturePolicy signature_policy(1024);
78 74
79 // Run all tests at the time the PKITS was published. 75 // Run all tests at the time the PKITS was published.
80 der::GeneralizedTime time = {2011, 4, 15, 0, 0, 0}; 76 der::GeneralizedTime time = {2011, 4, 15, 0, 0, 0};
81 77
82 CertPathErrors path_errors; 78 CertPathErrors path_errors;
83 bool result = VerifyCertificateChain(input_chain, trust_anchor.get(), 79 VerifyCertificateChain(input_chain, CertificateTrust::ForTrustAnchor(),
84 &signature_policy, time, 80 &signature_policy, time, KeyPurpose::ANY_EKU,
85 KeyPurpose::ANY_EKU, &path_errors); 81 &path_errors);
86 82
87 // TODO(crbug.com/634443): Test errors on failure? 83 // TODO(crbug.com/634443): Test errors on failure?
88 EXPECT_EQ(result, !path_errors.ContainsHighSeverityErrors()); 84 return !path_errors.ContainsHighSeverityErrors();
89 return result;
90 } 85 }
91 }; 86 };
92 87
93 } // namespace 88 } // namespace
94 89
95 class PkitsTest01SignatureVerificationCustom 90 class PkitsTest01SignatureVerificationCustom
96 : public PkitsTest<VerifyCertificateChainPkitsTestDelegate> {}; 91 : public PkitsTest<VerifyCertificateChainPkitsTestDelegate> {};
97 92
98 // Modified version of 4.1.4 Valid DSA Signatures Test4 93 // Modified version of 4.1.4 Valid DSA Signatures Test4
99 TEST_F(PkitsTest01SignatureVerificationCustom, 94 TEST_F(PkitsTest01SignatureVerificationCustom,
(...skipping 115 matching lines...) Expand 10 before | Expand all | Expand 10 after
215 210
216 // TODO(mattm): CRL support: PkitsTest04BasicCertificateRevocationTests, 211 // TODO(mattm): CRL support: PkitsTest04BasicCertificateRevocationTests,
217 // PkitsTest05VerifyingPathswithSelfIssuedCertificates, 212 // PkitsTest05VerifyingPathswithSelfIssuedCertificates,
218 // PkitsTest14DistributionPoints, PkitsTest15DeltaCRLs 213 // PkitsTest14DistributionPoints, PkitsTest15DeltaCRLs
219 214
220 // TODO(mattm): Certificate Policies support: PkitsTest08CertificatePolicies, 215 // TODO(mattm): Certificate Policies support: PkitsTest08CertificatePolicies,
221 // PkitsTest09RequireExplicitPolicy PkitsTest10PolicyMappings, 216 // PkitsTest09RequireExplicitPolicy PkitsTest10PolicyMappings,
222 // PkitsTest11InhibitPolicyMapping, PkitsTest12InhibitAnyPolicy 217 // PkitsTest11InhibitPolicyMapping, PkitsTest12InhibitAnyPolicy
223 218
224 } // namespace net 219 } // namespace net
OLDNEW
« components/cast_certificate/cast_cert_validator_test_helpers.cc ('K') | « net/cert/internal/verify_certificate_chain.cc ('k') | net/cert/internal/verify_certificate_chain_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698