Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(582)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/internal/verify_certificate_chain_pkits_unittest.cc

Issue 2903283002: Add policies support to VerifyCertificateChain(). (Closed)
Patch Set: improve comments, and null policy tree when anyPolicy is incorrectly mapped Created 3 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/cert/internal/verify_certificate_chain.cc ('k') | net/cert/internal/verify_certificate_chain_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2016 The Chromium Authors. All rights reserved. 1 // Copyright 2016 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/internal/verify_certificate_chain.h" 5 #include "net/cert/internal/verify_certificate_chain.h"
6 6
7 #include "net/cert/internal/parsed_certificate.h" 7 #include "net/cert/internal/parsed_certificate.h"
8 #include "net/cert/internal/signature_policy.h" 8 #include "net/cert/internal/signature_policy.h"
9 #include "net/cert/internal/trust_store.h" 9 #include "net/cert/internal/trust_store.h"
10 #include "net/der/input.h" 10 #include "net/der/input.h"
(...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after
60 for (auto i = cert_ders.rbegin(); i != cert_ders.rend(); ++i) { 60 for (auto i = cert_ders.rbegin(); i != cert_ders.rend(); ++i) {
61 ASSERT_TRUE(net::ParsedCertificate::CreateAndAddToVector( 61 ASSERT_TRUE(net::ParsedCertificate::CreateAndAddToVector(
62 bssl::UniquePtr<CRYPTO_BUFFER>(CRYPTO_BUFFER_new( 62 bssl::UniquePtr<CRYPTO_BUFFER>(CRYPTO_BUFFER_new(
63 reinterpret_cast<const uint8_t*>(i->data()), i->size(), nullptr)), 63 reinterpret_cast<const uint8_t*>(i->data()), i->size(), nullptr)),
64 {}, &input_chain, &parsing_errors)) 64 {}, &input_chain, &parsing_errors))
65 << parsing_errors.ToDebugString(); 65 << parsing_errors.ToDebugString();
66 } 66 }
67 67
68 SimpleSignaturePolicy signature_policy(1024); 68 SimpleSignaturePolicy signature_policy(1024);
69 69
70 std::set<der::Input> user_constrained_policy_set;
71
70 CertPathErrors path_errors; 72 CertPathErrors path_errors;
71 VerifyCertificateChain(input_chain, CertificateTrust::ForTrustAnchor(), 73 VerifyCertificateChain(
72 &signature_policy, info.time, KeyPurpose::ANY_EKU, 74 input_chain, CertificateTrust::ForTrustAnchor(), &signature_policy,
73 &path_errors); 75 info.time, KeyPurpose::ANY_EKU, info.initial_explicit_policy,
76 info.initial_policy_set, info.initial_policy_mapping_inhibit,
77 info.initial_inhibit_any_policy, &user_constrained_policy_set,
78 &path_errors);
74 bool did_succeed = !path_errors.ContainsHighSeverityErrors(); 79 bool did_succeed = !path_errors.ContainsHighSeverityErrors();
75 80
81 EXPECT_EQ(info.user_constrained_policy_set, user_constrained_policy_set);
82
76 // TODO(crbug.com/634443): Test errors on failure? 83 // TODO(crbug.com/634443): Test errors on failure?
77 if (info.should_validate != did_succeed) { 84 if (info.should_validate != did_succeed) {
78 ASSERT_EQ(info.should_validate, did_succeed) 85 ASSERT_EQ(info.should_validate, did_succeed)
79 << path_errors.ToDebugString(input_chain); 86 << path_errors.ToDebugString(input_chain);
80 } 87 }
81 } 88 }
82 }; 89 };
83 90
84 } // namespace 91 } // namespace
85 92
(...skipping 129 matching lines...) Expand 10 before | Expand all | Expand 10 after
215 INSTANTIATE_TYPED_TEST_CASE_P(VerifyCertificateChain, 222 INSTANTIATE_TYPED_TEST_CASE_P(VerifyCertificateChain,
216 PkitsTest03VerifyingNameChaining, 223 PkitsTest03VerifyingNameChaining,
217 VerifyCertificateChainPkitsTestDelegate); 224 VerifyCertificateChainPkitsTestDelegate);
218 INSTANTIATE_TYPED_TEST_CASE_P(VerifyCertificateChain, 225 INSTANTIATE_TYPED_TEST_CASE_P(VerifyCertificateChain,
219 PkitsTest06VerifyingBasicConstraints, 226 PkitsTest06VerifyingBasicConstraints,
220 VerifyCertificateChainPkitsTestDelegate); 227 VerifyCertificateChainPkitsTestDelegate);
221 INSTANTIATE_TYPED_TEST_CASE_P(VerifyCertificateChain, 228 INSTANTIATE_TYPED_TEST_CASE_P(VerifyCertificateChain,
222 PkitsTest07KeyUsage, 229 PkitsTest07KeyUsage,
223 VerifyCertificateChainPkitsTestDelegate); 230 VerifyCertificateChainPkitsTestDelegate);
224 INSTANTIATE_TYPED_TEST_CASE_P(VerifyCertificateChain, 231 INSTANTIATE_TYPED_TEST_CASE_P(VerifyCertificateChain,
232 PkitsTest08CertificatePolicies,
233 VerifyCertificateChainPkitsTestDelegate);
234 INSTANTIATE_TYPED_TEST_CASE_P(VerifyCertificateChain,
235 PkitsTest09RequireExplicitPolicy,
236 VerifyCertificateChainPkitsTestDelegate);
237 INSTANTIATE_TYPED_TEST_CASE_P(VerifyCertificateChain,
238 PkitsTest10PolicyMappings,
239 VerifyCertificateChainPkitsTestDelegate);
240 INSTANTIATE_TYPED_TEST_CASE_P(VerifyCertificateChain,
241 PkitsTest11InhibitPolicyMapping,
242 VerifyCertificateChainPkitsTestDelegate);
243 INSTANTIATE_TYPED_TEST_CASE_P(VerifyCertificateChain,
244 PkitsTest12InhibitAnyPolicy,
245 VerifyCertificateChainPkitsTestDelegate);
246 INSTANTIATE_TYPED_TEST_CASE_P(VerifyCertificateChain,
225 PkitsTest13NameConstraints, 247 PkitsTest13NameConstraints,
226 VerifyCertificateChainPkitsTestDelegate); 248 VerifyCertificateChainPkitsTestDelegate);
227 INSTANTIATE_TYPED_TEST_CASE_P(VerifyCertificateChain, 249 INSTANTIATE_TYPED_TEST_CASE_P(VerifyCertificateChain,
228 PkitsTest16PrivateCertificateExtensions, 250 PkitsTest16PrivateCertificateExtensions,
229 VerifyCertificateChainPkitsTestDelegate); 251 VerifyCertificateChainPkitsTestDelegate);
230 252
231 // TODO(mattm): CRL support: PkitsTest04BasicCertificateRevocationTests, 253 // TODO(mattm): CRL support: PkitsTest04BasicCertificateRevocationTests,
232 // PkitsTest05VerifyingPathswithSelfIssuedCertificates, 254 // PkitsTest05VerifyingPathswithSelfIssuedCertificates,
233 // PkitsTest14DistributionPoints, PkitsTest15DeltaCRLs 255 // PkitsTest14DistributionPoints, PkitsTest15DeltaCRLs
234 256
235 // TODO(mattm): Certificate Policies support: PkitsTest08CertificatePolicies,
236 // PkitsTest09RequireExplicitPolicy PkitsTest10PolicyMappings,
237 // PkitsTest11InhibitPolicyMapping, PkitsTest12InhibitAnyPolicy
238
239 } // namespace net 257 } // namespace net
OLDNEW
« no previous file with comments | « net/cert/internal/verify_certificate_chain.cc ('k') | net/cert/internal/verify_certificate_chain_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698