OLD | NEW |
1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/internal/verify_certificate_chain.h" | 5 #include "net/cert/internal/verify_certificate_chain.h" |
6 | 6 |
7 #include "net/cert/internal/parsed_certificate.h" | 7 #include "net/cert/internal/parsed_certificate.h" |
8 #include "net/cert/internal/signature_policy.h" | 8 #include "net/cert/internal/signature_policy.h" |
9 #include "net/cert/internal/trust_store.h" | 9 #include "net/cert/internal/trust_store.h" |
10 #include "net/der/input.h" | 10 #include "net/der/input.h" |
(...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
60 for (auto i = cert_ders.rbegin(); i != cert_ders.rend(); ++i) { | 60 for (auto i = cert_ders.rbegin(); i != cert_ders.rend(); ++i) { |
61 ASSERT_TRUE(net::ParsedCertificate::CreateAndAddToVector( | 61 ASSERT_TRUE(net::ParsedCertificate::CreateAndAddToVector( |
62 bssl::UniquePtr<CRYPTO_BUFFER>(CRYPTO_BUFFER_new( | 62 bssl::UniquePtr<CRYPTO_BUFFER>(CRYPTO_BUFFER_new( |
63 reinterpret_cast<const uint8_t*>(i->data()), i->size(), nullptr)), | 63 reinterpret_cast<const uint8_t*>(i->data()), i->size(), nullptr)), |
64 {}, &input_chain, &parsing_errors)) | 64 {}, &input_chain, &parsing_errors)) |
65 << parsing_errors.ToDebugString(); | 65 << parsing_errors.ToDebugString(); |
66 } | 66 } |
67 | 67 |
68 SimpleSignaturePolicy signature_policy(1024); | 68 SimpleSignaturePolicy signature_policy(1024); |
69 | 69 |
| 70 std::set<der::Input> user_constrained_policy_set; |
| 71 |
70 CertPathErrors path_errors; | 72 CertPathErrors path_errors; |
71 VerifyCertificateChain(input_chain, CertificateTrust::ForTrustAnchor(), | 73 VerifyCertificateChain( |
72 &signature_policy, info.time, KeyPurpose::ANY_EKU, | 74 input_chain, CertificateTrust::ForTrustAnchor(), &signature_policy, |
73 &path_errors); | 75 info.time, KeyPurpose::ANY_EKU, info.initial_explicit_policy, |
| 76 info.initial_policy_set, info.initial_policy_mapping_inhibit, |
| 77 info.initial_inhibit_any_policy, &user_constrained_policy_set, |
| 78 &path_errors); |
74 bool did_succeed = !path_errors.ContainsHighSeverityErrors(); | 79 bool did_succeed = !path_errors.ContainsHighSeverityErrors(); |
75 | 80 |
| 81 EXPECT_EQ(info.user_constrained_policy_set, user_constrained_policy_set); |
| 82 |
76 // TODO(crbug.com/634443): Test errors on failure? | 83 // TODO(crbug.com/634443): Test errors on failure? |
77 if (info.should_validate != did_succeed) { | 84 if (info.should_validate != did_succeed) { |
78 ASSERT_EQ(info.should_validate, did_succeed) | 85 ASSERT_EQ(info.should_validate, did_succeed) |
79 << path_errors.ToDebugString(input_chain); | 86 << path_errors.ToDebugString(input_chain); |
80 } | 87 } |
81 } | 88 } |
82 }; | 89 }; |
83 | 90 |
84 } // namespace | 91 } // namespace |
85 | 92 |
(...skipping 129 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
215 INSTANTIATE_TYPED_TEST_CASE_P(VerifyCertificateChain, | 222 INSTANTIATE_TYPED_TEST_CASE_P(VerifyCertificateChain, |
216 PkitsTest03VerifyingNameChaining, | 223 PkitsTest03VerifyingNameChaining, |
217 VerifyCertificateChainPkitsTestDelegate); | 224 VerifyCertificateChainPkitsTestDelegate); |
218 INSTANTIATE_TYPED_TEST_CASE_P(VerifyCertificateChain, | 225 INSTANTIATE_TYPED_TEST_CASE_P(VerifyCertificateChain, |
219 PkitsTest06VerifyingBasicConstraints, | 226 PkitsTest06VerifyingBasicConstraints, |
220 VerifyCertificateChainPkitsTestDelegate); | 227 VerifyCertificateChainPkitsTestDelegate); |
221 INSTANTIATE_TYPED_TEST_CASE_P(VerifyCertificateChain, | 228 INSTANTIATE_TYPED_TEST_CASE_P(VerifyCertificateChain, |
222 PkitsTest07KeyUsage, | 229 PkitsTest07KeyUsage, |
223 VerifyCertificateChainPkitsTestDelegate); | 230 VerifyCertificateChainPkitsTestDelegate); |
224 INSTANTIATE_TYPED_TEST_CASE_P(VerifyCertificateChain, | 231 INSTANTIATE_TYPED_TEST_CASE_P(VerifyCertificateChain, |
| 232 PkitsTest08CertificatePolicies, |
| 233 VerifyCertificateChainPkitsTestDelegate); |
| 234 INSTANTIATE_TYPED_TEST_CASE_P(VerifyCertificateChain, |
| 235 PkitsTest09RequireExplicitPolicy, |
| 236 VerifyCertificateChainPkitsTestDelegate); |
| 237 INSTANTIATE_TYPED_TEST_CASE_P(VerifyCertificateChain, |
| 238 PkitsTest10PolicyMappings, |
| 239 VerifyCertificateChainPkitsTestDelegate); |
| 240 INSTANTIATE_TYPED_TEST_CASE_P(VerifyCertificateChain, |
| 241 PkitsTest11InhibitPolicyMapping, |
| 242 VerifyCertificateChainPkitsTestDelegate); |
| 243 INSTANTIATE_TYPED_TEST_CASE_P(VerifyCertificateChain, |
| 244 PkitsTest12InhibitAnyPolicy, |
| 245 VerifyCertificateChainPkitsTestDelegate); |
| 246 INSTANTIATE_TYPED_TEST_CASE_P(VerifyCertificateChain, |
225 PkitsTest13NameConstraints, | 247 PkitsTest13NameConstraints, |
226 VerifyCertificateChainPkitsTestDelegate); | 248 VerifyCertificateChainPkitsTestDelegate); |
227 INSTANTIATE_TYPED_TEST_CASE_P(VerifyCertificateChain, | 249 INSTANTIATE_TYPED_TEST_CASE_P(VerifyCertificateChain, |
228 PkitsTest16PrivateCertificateExtensions, | 250 PkitsTest16PrivateCertificateExtensions, |
229 VerifyCertificateChainPkitsTestDelegate); | 251 VerifyCertificateChainPkitsTestDelegate); |
230 | 252 |
231 // TODO(mattm): CRL support: PkitsTest04BasicCertificateRevocationTests, | 253 // TODO(mattm): CRL support: PkitsTest04BasicCertificateRevocationTests, |
232 // PkitsTest05VerifyingPathswithSelfIssuedCertificates, | 254 // PkitsTest05VerifyingPathswithSelfIssuedCertificates, |
233 // PkitsTest14DistributionPoints, PkitsTest15DeltaCRLs | 255 // PkitsTest14DistributionPoints, PkitsTest15DeltaCRLs |
234 | 256 |
235 // TODO(mattm): Certificate Policies support: PkitsTest08CertificatePolicies, | |
236 // PkitsTest09RequireExplicitPolicy PkitsTest10PolicyMappings, | |
237 // PkitsTest11InhibitPolicyMapping, PkitsTest12InhibitAnyPolicy | |
238 | |
239 } // namespace net | 257 } // namespace net |
OLD | NEW |