net/cert/internal/verify_certificate_chain_pkits_unittest.cc - Issue 2903283002: Add policies support to VerifyCertificateChain().

Side by Side Diff: net/cert/internal/verify_certificate_chain_pkits_unittest.cc

Issue 2903283002: Add policies support to VerifyCertificateChain(). (Closed)

Patch Set: Created 3 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

« net/cert/internal/verify_certificate_chain.cc ('K') | « net/cert/internal/verify_certificate_chain.cc ('k') | net/cert/internal/verify_certificate_chain_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright 2016 The Chromium Authors. All rights reserved.	1 // Copyright 2016 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/cert/internal/verify_certificate_chain.h"	5 #include "net/cert/internal/verify_certificate_chain.h"

6	6

7 #include "net/cert/internal/parsed_certificate.h"	7 #include "net/cert/internal/parsed_certificate.h"

8 #include "net/cert/internal/signature_policy.h"	8 #include "net/cert/internal/signature_policy.h"

9 #include "net/cert/internal/trust_store.h"	9 #include "net/cert/internal/trust_store.h"

10 #include "net/der/input.h"	10 #include "net/der/input.h"

(...skipping 60 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
71 return false;	71 return false;

72 }	72 }

73 }	73 }

74	74

75 SimpleSignaturePolicy signature_policy(1024);	75 SimpleSignaturePolicy signature_policy(1024);

76	76

77 // Run all tests at the time the PKITS was published.	77 // Run all tests at the time the PKITS was published.

78 der::GeneralizedTime time = {2011, 4, 15, 0, 0, 0};	78 der::GeneralizedTime time = {2011, 4, 15, 0, 0, 0};

79	79

80 CertPathErrors path_errors;	80 CertPathErrors path_errors;

81 VerifyCertificateChain(input_chain, CertificateTrust::ForTrustAnchor(),	81 VerifyCertificateChain(

82 &signature_policy, time, KeyPurpose::ANY_EKU,	82 input_chain, CertificateTrust::ForTrustAnchor(), &signature_policy,

83 &path_errors);	83 time, KeyPurpose::ANY_EKU, settings.initial_explicit_policy,

	84 settings.initial_policy_set, settings.initial_policy_mapping_inhibit,

	85 settings.initial_inhibit_any_policy, &path_errors);

84	86

85 // TODO(crbug.com/634443): Test errors on failure?	87 // TODO(crbug.com/634443): Test errors on failure?

86 return !path_errors.ContainsHighSeverityErrors();	88 return !path_errors.ContainsHighSeverityErrors();

87 }	89 }

88 };	90 };

89	91

90 } // namespace	92 } // namespace

91	93

92 class PkitsTest01SignatureVerificationCustom	94 class PkitsTest01SignatureVerificationCustom

93 : public PkitsTest<VerifyCertificateChainPkitsTestDelegate> {};	95 : public PkitsTest<VerifyCertificateChainPkitsTestDelegate> {};

(...skipping 103 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
197 INSTANTIATE_TYPED_TEST_CASE_P(VerifyCertificateChain,	199 INSTANTIATE_TYPED_TEST_CASE_P(VerifyCertificateChain,

198 PkitsTest03VerifyingNameChaining,	200 PkitsTest03VerifyingNameChaining,

199 VerifyCertificateChainPkitsTestDelegate);	201 VerifyCertificateChainPkitsTestDelegate);

200 INSTANTIATE_TYPED_TEST_CASE_P(VerifyCertificateChain,	202 INSTANTIATE_TYPED_TEST_CASE_P(VerifyCertificateChain,

201 PkitsTest06VerifyingBasicConstraints,	203 PkitsTest06VerifyingBasicConstraints,

202 VerifyCertificateChainPkitsTestDelegate);	204 VerifyCertificateChainPkitsTestDelegate);

203 INSTANTIATE_TYPED_TEST_CASE_P(VerifyCertificateChain,	205 INSTANTIATE_TYPED_TEST_CASE_P(VerifyCertificateChain,

204 PkitsTest07KeyUsage,	206 PkitsTest07KeyUsage,

205 VerifyCertificateChainPkitsTestDelegate);	207 VerifyCertificateChainPkitsTestDelegate);

206 INSTANTIATE_TYPED_TEST_CASE_P(VerifyCertificateChain,	208 INSTANTIATE_TYPED_TEST_CASE_P(VerifyCertificateChain,

	209 PkitsTest08CertificatePolicies,

	210 VerifyCertificateChainPkitsTestDelegate);

	211 INSTANTIATE_TYPED_TEST_CASE_P(VerifyCertificateChain,

	212 PkitsTest09RequireExplicitPolicy,

	213 VerifyCertificateChainPkitsTestDelegate);

	214 INSTANTIATE_TYPED_TEST_CASE_P(VerifyCertificateChain,

	215 PkitsTest10PolicyMappings,

	216 VerifyCertificateChainPkitsTestDelegate);

	217 INSTANTIATE_TYPED_TEST_CASE_P(VerifyCertificateChain,

	218 PkitsTest11InhibitPolicyMapping,

	219 VerifyCertificateChainPkitsTestDelegate);

	220 INSTANTIATE_TYPED_TEST_CASE_P(VerifyCertificateChain,

	221 PkitsTest12InhibitAnyPolicy,

	222 VerifyCertificateChainPkitsTestDelegate);

	223 INSTANTIATE_TYPED_TEST_CASE_P(VerifyCertificateChain,

207 PkitsTest13NameConstraints,	224 PkitsTest13NameConstraints,

208 VerifyCertificateChainPkitsTestDelegate);	225 VerifyCertificateChainPkitsTestDelegate);

209 INSTANTIATE_TYPED_TEST_CASE_P(VerifyCertificateChain,	226 INSTANTIATE_TYPED_TEST_CASE_P(VerifyCertificateChain,

210 PkitsTest16PrivateCertificateExtensions,	227 PkitsTest16PrivateCertificateExtensions,

211 VerifyCertificateChainPkitsTestDelegate);	228 VerifyCertificateChainPkitsTestDelegate);

212	229

213 // TODO(mattm): CRL support: PkitsTest04BasicCertificateRevocationTests,	230 // TODO(mattm): CRL support: PkitsTest04BasicCertificateRevocationTests,

214 // PkitsTest05VerifyingPathswithSelfIssuedCertificates,	231 // PkitsTest05VerifyingPathswithSelfIssuedCertificates,

215 // PkitsTest14DistributionPoints, PkitsTest15DeltaCRLs	232 // PkitsTest14DistributionPoints, PkitsTest15DeltaCRLs

216	233

217 // TODO(mattm): Certificate Policies support: PkitsTest08CertificatePolicies,

218 // PkitsTest09RequireExplicitPolicy PkitsTest10PolicyMappings,

219 // PkitsTest11InhibitPolicyMapping, PkitsTest12InhibitAnyPolicy

220

221 } // namespace net	234 } // namespace net

OLD	NEW