Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(669)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/cert/internal/verify_certificate_chain_pkits_unittest.cc

Issue 2903283002: Add policies support to VerifyCertificateChain(). (Closed)
Patch Set: improve comments, and null policy tree when anyPolicy is incorrectly mapped Created 3 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/cert/internal/verify_certificate_chain.cc ('k') | net/cert/internal/verify_certificate_chain_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/cert/internal/verify_certificate_chain_pkits_unittest.cc
diff --git a/net/cert/internal/verify_certificate_chain_pkits_unittest.cc b/net/cert/internal/verify_certificate_chain_pkits_unittest.cc
index 8138dae90b86005a2a533fcaf48e553bfe14fd7e..f86e1e9ec40aba0ab2032f7237d4872564c386c6 100644
--- a/net/cert/internal/verify_certificate_chain_pkits_unittest.cc
+++ b/net/cert/internal/verify_certificate_chain_pkits_unittest.cc
@@ -67,12 +67,19 @@ class VerifyCertificateChainPkitsTestDelegate {
SimpleSignaturePolicy signature_policy(1024);
+ std::set<der::Input> user_constrained_policy_set;
+
CertPathErrors path_errors;
- VerifyCertificateChain(input_chain, CertificateTrust::ForTrustAnchor(),
- &signature_policy, info.time, KeyPurpose::ANY_EKU,
- &path_errors);
+ VerifyCertificateChain(
+ input_chain, CertificateTrust::ForTrustAnchor(), &signature_policy,
+ info.time, KeyPurpose::ANY_EKU, info.initial_explicit_policy,
+ info.initial_policy_set, info.initial_policy_mapping_inhibit,
+ info.initial_inhibit_any_policy, &user_constrained_policy_set,
+ &path_errors);
bool did_succeed = !path_errors.ContainsHighSeverityErrors();
+ EXPECT_EQ(info.user_constrained_policy_set, user_constrained_policy_set);
+
// TODO(crbug.com/634443): Test errors on failure?
if (info.should_validate != did_succeed) {
ASSERT_EQ(info.should_validate, did_succeed)
@@ -222,6 +229,21 @@ INSTANTIATE_TYPED_TEST_CASE_P(VerifyCertificateChain,
PkitsTest07KeyUsage,
VerifyCertificateChainPkitsTestDelegate);
INSTANTIATE_TYPED_TEST_CASE_P(VerifyCertificateChain,
+ PkitsTest08CertificatePolicies,
+ VerifyCertificateChainPkitsTestDelegate);
+INSTANTIATE_TYPED_TEST_CASE_P(VerifyCertificateChain,
+ PkitsTest09RequireExplicitPolicy,
+ VerifyCertificateChainPkitsTestDelegate);
+INSTANTIATE_TYPED_TEST_CASE_P(VerifyCertificateChain,
+ PkitsTest10PolicyMappings,
+ VerifyCertificateChainPkitsTestDelegate);
+INSTANTIATE_TYPED_TEST_CASE_P(VerifyCertificateChain,
+ PkitsTest11InhibitPolicyMapping,
+ VerifyCertificateChainPkitsTestDelegate);
+INSTANTIATE_TYPED_TEST_CASE_P(VerifyCertificateChain,
+ PkitsTest12InhibitAnyPolicy,
+ VerifyCertificateChainPkitsTestDelegate);
+INSTANTIATE_TYPED_TEST_CASE_P(VerifyCertificateChain,
PkitsTest13NameConstraints,
VerifyCertificateChainPkitsTestDelegate);
INSTANTIATE_TYPED_TEST_CASE_P(VerifyCertificateChain,
@@ -232,8 +254,4 @@ INSTANTIATE_TYPED_TEST_CASE_P(VerifyCertificateChain,
// PkitsTest05VerifyingPathswithSelfIssuedCertificates,
// PkitsTest14DistributionPoints, PkitsTest15DeltaCRLs
-// TODO(mattm): Certificate Policies support: PkitsTest08CertificatePolicies,
-// PkitsTest09RequireExplicitPolicy PkitsTest10PolicyMappings,
-// PkitsTest11InhibitPolicyMapping, PkitsTest12InhibitAnyPolicy
-
} // namespace net
« no previous file with comments | « net/cert/internal/verify_certificate_chain.cc ('k') | net/cert/internal/verify_certificate_chain_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698