Chromium Code Reviews Chromium Code Reviews
Issue 2898303005:
Wire up certificate policies support in PathBuilder. (Closed)
| Index: net/cert/internal/path_builder_unittest.cc |
| diff --git a/net/cert/internal/path_builder_unittest.cc b/net/cert/internal/path_builder_unittest.cc |
| index a69c629bb39904f011c4a68c7c21d85130496348..bc20255e7d80b7962639eb853ec486c947f5466e 100644 |
| --- a/net/cert/internal/path_builder_unittest.cc |
| +++ b/net/cert/internal/path_builder_unittest.cc |
| @@ -135,6 +135,14 @@ class PathBuilderMultiRootTest : public ::testing::Test { |
| SimpleSignaturePolicy signature_policy_; |
| der::GeneralizedTime time_ = {2017, 3, 1, 0, 0, 0}; |
| + |
| + const InitialExplicitPolicy initial_explicit_policy_ = |
| + InitialExplicitPolicy::kFalse; |
| + const std::set<der::Input> user_initial_policy_set_ = {AnyPolicy()}; |
| + const InitialPolicyMappingInhibit initial_policy_mapping_inhibit_ = |
| + InitialPolicyMappingInhibit::kFalse; |
| + const InitialAnyPolicyInhibit initial_any_policy_inhibit_ = |
| + InitialAnyPolicyInhibit::kFalse; |
| }; |
| // Tests when the target cert has the same name and key as a trust anchor, |
| @@ -150,8 +158,10 @@ TEST_F(PathBuilderMultiRootTest, TargetHasNameAndSpkiOfTrustAnchor) { |
| trust_store.AddTrustAnchor(b_by_f_); |
| CertPathBuilder::Result result; |
| - CertPathBuilder path_builder(a_by_b_, &trust_store, &signature_policy_, time_, |
| - KeyPurpose::ANY_EKU, &result); |
| + CertPathBuilder path_builder( |
| + a_by_b_, &trust_store, &signature_policy_, time_, KeyPurpose::ANY_EKU, |
| + initial_explicit_policy_, user_initial_policy_set_, |
| + initial_policy_mapping_inhibit_, initial_any_policy_inhibit_, &result); |
| path_builder.Run(); |
| @@ -175,8 +185,10 @@ TEST_F(PathBuilderMultiRootTest, TargetWithSameNameAsTrustAnchorFails) { |
| trust_store.AddTrustAnchor(a_by_b_); |
| CertPathBuilder::Result result; |
| - CertPathBuilder path_builder(a_by_b_, &trust_store, &signature_policy_, time_, |
| - KeyPurpose::ANY_EKU, &result); |
| + CertPathBuilder path_builder( |
| + a_by_b_, &trust_store, &signature_policy_, time_, KeyPurpose::ANY_EKU, |
| + initial_explicit_policy_, user_initial_policy_set_, |
| + initial_policy_mapping_inhibit_, initial_any_policy_inhibit_, &result); |
| path_builder.Run(); |
| @@ -204,8 +216,10 @@ TEST_F(PathBuilderMultiRootTest, SelfSignedTrustAnchorSupplementalCert) { |
| der::GeneralizedTime expired_time = {2016, 1, 1, 0, 0, 0}; |
| CertPathBuilder::Result result; |
| - CertPathBuilder path_builder(b_by_c_, &trust_store, &signature_policy_, |
| - expired_time, KeyPurpose::ANY_EKU, &result); |
| + CertPathBuilder path_builder( |
| + b_by_c_, &trust_store, &signature_policy_, expired_time, |
| + KeyPurpose::ANY_EKU, initial_explicit_policy_, user_initial_policy_set_, |
| + initial_policy_mapping_inhibit_, initial_any_policy_inhibit_, &result); |
| path_builder.AddCertIssuerSource(&sync_certs); |
| path_builder.Run(); |
| @@ -229,8 +243,10 @@ TEST_F(PathBuilderMultiRootTest, TargetIsSelfSignedTrustAnchor) { |
| trust_store.AddTrustAnchor(f_by_e_); |
| CertPathBuilder::Result result; |
| - CertPathBuilder path_builder(e_by_e_, &trust_store, &signature_policy_, time_, |
| - KeyPurpose::ANY_EKU, &result); |
| + CertPathBuilder path_builder( |
| + e_by_e_, &trust_store, &signature_policy_, time_, KeyPurpose::ANY_EKU, |
| + initial_explicit_policy_, user_initial_policy_set_, |
| + initial_policy_mapping_inhibit_, initial_any_policy_inhibit_, &result); |
| path_builder.Run(); |
| @@ -253,8 +269,10 @@ TEST_F(PathBuilderMultiRootTest, TargetDirectlySignedByTrustAnchor) { |
| trust_store.AddTrustAnchor(b_by_f_); |
| CertPathBuilder::Result result; |
| - CertPathBuilder path_builder(a_by_b_, &trust_store, &signature_policy_, time_, |
| - KeyPurpose::ANY_EKU, &result); |
| + CertPathBuilder path_builder( |
| + a_by_b_, &trust_store, &signature_policy_, time_, KeyPurpose::ANY_EKU, |
| + initial_explicit_policy_, user_initial_policy_set_, |
| + initial_policy_mapping_inhibit_, initial_any_policy_inhibit_, &result); |
| path_builder.Run(); |
| @@ -280,8 +298,10 @@ TEST_F(PathBuilderMultiRootTest, TriesSyncFirst) { |
| async_certs.AddCert(c_by_e_); |
| CertPathBuilder::Result result; |
| - CertPathBuilder path_builder(a_by_b_, &trust_store, &signature_policy_, time_, |
| - KeyPurpose::ANY_EKU, &result); |
| + CertPathBuilder path_builder( |
| + a_by_b_, &trust_store, &signature_policy_, time_, KeyPurpose::ANY_EKU, |
| + initial_explicit_policy_, user_initial_policy_set_, |
| + initial_policy_mapping_inhibit_, initial_any_policy_inhibit_, &result); |
| path_builder.AddCertIssuerSource(&async_certs); |
| path_builder.AddCertIssuerSource(&sync_certs); |
| @@ -308,8 +328,10 @@ TEST_F(PathBuilderMultiRootTest, TestAsyncSimultaneous) { |
| async_certs2.AddCert(f_by_e_); |
| CertPathBuilder::Result result; |
| - CertPathBuilder path_builder(a_by_b_, &trust_store, &signature_policy_, time_, |
| - KeyPurpose::ANY_EKU, &result); |
| + CertPathBuilder path_builder( |
| + a_by_b_, &trust_store, &signature_policy_, time_, KeyPurpose::ANY_EKU, |
| + initial_explicit_policy_, user_initial_policy_set_, |
| + initial_policy_mapping_inhibit_, initial_any_policy_inhibit_, &result); |
| path_builder.AddCertIssuerSource(&async_certs1); |
| path_builder.AddCertIssuerSource(&async_certs2); |
| path_builder.AddCertIssuerSource(&sync_certs); |
| @@ -335,8 +357,10 @@ TEST_F(PathBuilderMultiRootTest, TestLongChain) { |
| sync_certs.AddCert(c_by_d_); |
| CertPathBuilder::Result result; |
| - CertPathBuilder path_builder(a_by_b_, &trust_store, &signature_policy_, time_, |
| - KeyPurpose::ANY_EKU, &result); |
| + CertPathBuilder path_builder( |
| + a_by_b_, &trust_store, &signature_policy_, time_, KeyPurpose::ANY_EKU, |
| + initial_explicit_policy_, user_initial_policy_set_, |
| + initial_policy_mapping_inhibit_, initial_any_policy_inhibit_, &result); |
| path_builder.AddCertIssuerSource(&sync_certs); |
| path_builder.Run(); |
| @@ -368,8 +392,10 @@ TEST_F(PathBuilderMultiRootTest, TestBacktracking) { |
| async_certs.AddCert(c_by_d_); |
| CertPathBuilder::Result result; |
| - CertPathBuilder path_builder(a_by_b_, &trust_store, &signature_policy_, time_, |
| - KeyPurpose::ANY_EKU, &result); |
| + CertPathBuilder path_builder( |
| + a_by_b_, &trust_store, &signature_policy_, time_, KeyPurpose::ANY_EKU, |
| + initial_explicit_policy_, user_initial_policy_set_, |
| + initial_policy_mapping_inhibit_, initial_any_policy_inhibit_, &result); |
| path_builder.AddCertIssuerSource(&sync_certs); |
| path_builder.AddCertIssuerSource(&async_certs); |
| @@ -407,8 +433,10 @@ TEST_F(PathBuilderMultiRootTest, TestCertIssuerOrdering) { |
| } |
| CertPathBuilder::Result result; |
| - CertPathBuilder path_builder(a_by_b_, &trust_store, &signature_policy_, |
| - time_, KeyPurpose::ANY_EKU, &result); |
| + CertPathBuilder path_builder( |
| + a_by_b_, &trust_store, &signature_policy_, time_, KeyPurpose::ANY_EKU, |
| + initial_explicit_policy_, user_initial_policy_set_, |
| + initial_policy_mapping_inhibit_, initial_any_policy_inhibit_, &result); |
| path_builder.AddCertIssuerSource(&sync_certs); |
| path_builder.Run(); |
| @@ -480,6 +508,14 @@ class PathBuilderKeyRolloverTest : public ::testing::Test { |
| SimpleSignaturePolicy signature_policy_; |
| der::GeneralizedTime time_; |
| + |
| + const InitialExplicitPolicy initial_explicit_policy_ = |
| + InitialExplicitPolicy::kFalse; |
| + const std::set<der::Input> user_initial_policy_set_ = {AnyPolicy()}; |
| + const InitialPolicyMappingInhibit initial_policy_mapping_inhibit_ = |
| + InitialPolicyMappingInhibit::kFalse; |
| + const InitialAnyPolicyInhibit initial_any_policy_inhibit_ = |
| + InitialAnyPolicyInhibit::kFalse; |
| }; |
| // Tests that if only the old root cert is trusted, the path builder can build a |
| @@ -496,8 +532,10 @@ TEST_F(PathBuilderKeyRolloverTest, TestRolloverOnlyOldRootTrusted) { |
| sync_certs.AddCert(newrootrollover_); |
| CertPathBuilder::Result result; |
| - CertPathBuilder path_builder(target_, &trust_store, &signature_policy_, time_, |
| - KeyPurpose::ANY_EKU, &result); |
| + CertPathBuilder path_builder( |
| + target_, &trust_store, &signature_policy_, time_, KeyPurpose::ANY_EKU, |
| + initial_explicit_policy_, user_initial_policy_set_, |
| + initial_policy_mapping_inhibit_, initial_any_policy_inhibit_, &result); |
| path_builder.AddCertIssuerSource(&sync_certs); |
| path_builder.Run(); |
| @@ -544,8 +582,10 @@ TEST_F(PathBuilderKeyRolloverTest, TestRolloverBothRootsTrusted) { |
| sync_certs.AddCert(newrootrollover_); |
| CertPathBuilder::Result result; |
| - CertPathBuilder path_builder(target_, &trust_store, &signature_policy_, time_, |
| - KeyPurpose::ANY_EKU, &result); |
| + CertPathBuilder path_builder( |
| + target_, &trust_store, &signature_policy_, time_, KeyPurpose::ANY_EKU, |
| + initial_explicit_policy_, user_initial_policy_set_, |
| + initial_policy_mapping_inhibit_, initial_any_policy_inhibit_, &result); |
| path_builder.AddCertIssuerSource(&sync_certs); |
| path_builder.Run(); |
| @@ -579,8 +619,10 @@ TEST_F(PathBuilderKeyRolloverTest, TestAnchorsNoMatchAndNoIssuerSources) { |
| trust_store.AddTrustAnchor(newroot_); |
| CertPathBuilder::Result result; |
| - CertPathBuilder path_builder(target_, &trust_store, &signature_policy_, time_, |
| - KeyPurpose::ANY_EKU, &result); |
| + CertPathBuilder path_builder( |
| + target_, &trust_store, &signature_policy_, time_, KeyPurpose::ANY_EKU, |
| + initial_explicit_policy_, user_initial_policy_set_, |
| + initial_policy_mapping_inhibit_, initial_any_policy_inhibit_, &result); |
| path_builder.Run(); |
| @@ -610,9 +652,12 @@ TEST_F(PathBuilderKeyRolloverTest, TestMultipleRootMatchesOnlyOneWorks) { |
| sync_certs.AddCert(oldintermediate_); |
| CertPathBuilder::Result result; |
| - CertPathBuilder path_builder(target_, &trust_store_collection, |
| - &signature_policy_, time_, KeyPurpose::ANY_EKU, |
| - &result); |
| + CertPathBuilder path_builder( |
| + target_, &trust_store_collection, &signature_policy_, time_, |
| + KeyPurpose::ANY_EKU, initial_explicit_policy_, user_initial_policy_set_, |
| + initial_policy_mapping_inhibit_, initial_any_policy_inhibit_, |
| + |
|
mattm
2017/06/02 02:54:49
extra line
eroman
2017/06/02 17:58:59
Done.
|
| + &result); |
| path_builder.AddCertIssuerSource(&sync_certs); |
| path_builder.Run(); |
| @@ -661,8 +706,10 @@ TEST_F(PathBuilderKeyRolloverTest, TestRolloverLongChain) { |
| async_certs.AddCert(newrootrollover_); |
| CertPathBuilder::Result result; |
| - CertPathBuilder path_builder(target_, &trust_store, &signature_policy_, time_, |
| - KeyPurpose::ANY_EKU, &result); |
| + CertPathBuilder path_builder( |
| + target_, &trust_store, &signature_policy_, time_, KeyPurpose::ANY_EKU, |
| + initial_explicit_policy_, user_initial_policy_set_, |
| + initial_policy_mapping_inhibit_, initial_any_policy_inhibit_, &result); |
| path_builder.AddCertIssuerSource(&sync_certs); |
| path_builder.AddCertIssuerSource(&async_certs); |
| @@ -718,9 +765,10 @@ TEST_F(PathBuilderKeyRolloverTest, TestEndEntityIsTrustRoot) { |
| CertPathBuilder::Result result; |
| // Newintermediate is also the target cert. |
| - CertPathBuilder path_builder(newintermediate_, &trust_store, |
| - &signature_policy_, time_, KeyPurpose::ANY_EKU, |
| - &result); |
| + CertPathBuilder path_builder( |
| + newintermediate_, &trust_store, &signature_policy_, time_, |
| + KeyPurpose::ANY_EKU, initial_explicit_policy_, user_initial_policy_set_, |
| + initial_policy_mapping_inhibit_, initial_any_policy_inhibit_, &result); |
| path_builder.Run(); |
| @@ -743,8 +791,10 @@ TEST_F(PathBuilderKeyRolloverTest, |
| CertPathBuilder::Result result; |
| // Newroot is the target cert. |
| - CertPathBuilder path_builder(newroot_, &trust_store, &signature_policy_, |
| - time_, KeyPurpose::ANY_EKU, &result); |
| + CertPathBuilder path_builder( |
| + newroot_, &trust_store, &signature_policy_, time_, KeyPurpose::ANY_EKU, |
| + initial_explicit_policy_, user_initial_policy_set_, |
| + initial_policy_mapping_inhibit_, initial_any_policy_inhibit_, &result); |
| path_builder.AddCertIssuerSource(&sync_certs); |
| path_builder.Run(); |
| @@ -764,8 +814,10 @@ TEST_F(PathBuilderKeyRolloverTest, |
| CertPathBuilder::Result result; |
| // Newroot is the target cert. |
| - CertPathBuilder path_builder(newroot_, &trust_store, &signature_policy_, |
| - time_, KeyPurpose::ANY_EKU, &result); |
| + CertPathBuilder path_builder( |
| + newroot_, &trust_store, &signature_policy_, time_, KeyPurpose::ANY_EKU, |
| + initial_explicit_policy_, user_initial_policy_set_, |
| + initial_policy_mapping_inhibit_, initial_any_policy_inhibit_, &result); |
| path_builder.Run(); |
| @@ -812,8 +864,10 @@ TEST_F(PathBuilderKeyRolloverTest, TestDuplicateIntermediates) { |
| async_certs.AddCert(newintermediate_); |
| CertPathBuilder::Result result; |
| - CertPathBuilder path_builder(target_, &trust_store, &signature_policy_, time_, |
| - KeyPurpose::ANY_EKU, &result); |
| + CertPathBuilder path_builder( |
| + target_, &trust_store, &signature_policy_, time_, KeyPurpose::ANY_EKU, |
| + initial_explicit_policy_, user_initial_policy_set_, |
| + initial_policy_mapping_inhibit_, initial_any_policy_inhibit_, &result); |
| path_builder.AddCertIssuerSource(&sync_certs1); |
| path_builder.AddCertIssuerSource(&sync_certs2); |
| path_builder.AddCertIssuerSource(&async_certs); |
| @@ -866,8 +920,10 @@ TEST_F(PathBuilderKeyRolloverTest, TestDuplicateIntermediateAndRoot) { |
| sync_certs.AddCert(newroot_dupe); |
| CertPathBuilder::Result result; |
| - CertPathBuilder path_builder(target_, &trust_store, &signature_policy_, time_, |
| - KeyPurpose::ANY_EKU, &result); |
| + CertPathBuilder path_builder( |
| + target_, &trust_store, &signature_policy_, time_, KeyPurpose::ANY_EKU, |
| + initial_explicit_policy_, user_initial_policy_set_, |
| + initial_policy_mapping_inhibit_, initial_any_policy_inhibit_, &result); |
| path_builder.AddCertIssuerSource(&sync_certs); |
| path_builder.Run(); |
| @@ -940,8 +996,10 @@ TEST_F(PathBuilderKeyRolloverTest, TestMultipleAsyncIssuersFromSingleSource) { |
| trust_store.AddTrustAnchor(newroot_); |
| CertPathBuilder::Result result; |
| - CertPathBuilder path_builder(target_, &trust_store, &signature_policy_, time_, |
| - KeyPurpose::ANY_EKU, &result); |
| + CertPathBuilder path_builder( |
| + target_, &trust_store, &signature_policy_, time_, KeyPurpose::ANY_EKU, |
| + initial_explicit_policy_, user_initial_policy_set_, |
| + initial_policy_mapping_inhibit_, initial_any_policy_inhibit_, &result); |
| path_builder.AddCertIssuerSource(&cert_issuer_source); |
| // Create the mock CertIssuerSource::Request... |
| @@ -1019,8 +1077,10 @@ TEST_F(PathBuilderKeyRolloverTest, TestDuplicateAsyncIntermediates) { |
| trust_store.AddTrustAnchor(newroot_); |
| CertPathBuilder::Result result; |
| - CertPathBuilder path_builder(target_, &trust_store, &signature_policy_, time_, |
| - KeyPurpose::ANY_EKU, &result); |
| + CertPathBuilder path_builder( |
| + target_, &trust_store, &signature_policy_, time_, KeyPurpose::ANY_EKU, |
| + initial_explicit_policy_, user_initial_policy_set_, |
| + initial_policy_mapping_inhibit_, initial_any_policy_inhibit_, &result); |
| path_builder.AddCertIssuerSource(&cert_issuer_source); |
| // Create the mock CertIssuerSource::Request... |
| @@ -1134,9 +1194,18 @@ class PathBuilderDistrustTest : public ::testing::Test { |
| SimpleSignaturePolicy signature_policy(1024); |
| - CertPathBuilder path_builder(test_.chain.front(), &trust_store, |
| - &signature_policy, test_.time, |
| - KeyPurpose::ANY_EKU, result); |
| + const InitialExplicitPolicy initial_explicit_policy = |
| + InitialExplicitPolicy::kFalse; |
| + const std::set<der::Input> user_initial_policy_set = {AnyPolicy()}; |
| + const InitialPolicyMappingInhibit initial_policy_mapping_inhibit = |
| + InitialPolicyMappingInhibit::kFalse; |
| + const InitialAnyPolicyInhibit initial_any_policy_inhibit = |
| + InitialAnyPolicyInhibit::kFalse; |
| + |
| + CertPathBuilder path_builder( |
| + test_.chain.front(), &trust_store, &signature_policy, test_.time, |
| + KeyPurpose::ANY_EKU, initial_explicit_policy, user_initial_policy_set, |
| + initial_policy_mapping_inhibit, initial_any_policy_inhibit, result); |
| path_builder.AddCertIssuerSource(&intermediates); |
| path_builder.Run(); |
| } |
