Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(185)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/cert/internal/verify_certificate_chain_pkits_unittest.cc

Issue 2907353002: Update PKITs test data to include "user_constrained_policy_set". (Closed)
Patch Set: re-run generator script Created 3 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/cert/internal/path_builder_pkits_unittest.cc ('k') | net/third_party/nist-pkits/generate_tests.py » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/cert/internal/verify_certificate_chain_pkits_unittest.cc
diff --git a/net/cert/internal/verify_certificate_chain_pkits_unittest.cc b/net/cert/internal/verify_certificate_chain_pkits_unittest.cc
index 8c16a3a6edb3d5b06fa6b5c96ba69be43d6af13f..8138dae90b86005a2a533fcaf48e553bfe14fd7e 100644
--- a/net/cert/internal/verify_certificate_chain_pkits_unittest.cc
+++ b/net/cert/internal/verify_certificate_chain_pkits_unittest.cc
@@ -47,13 +47,10 @@ namespace {
class VerifyCertificateChainPkitsTestDelegate {
public:
- static bool Verify(std::vector<std::string> cert_ders,
- std::vector<std::string> crl_ders,
- const PkitsTestSettings& settings) {
- if (cert_ders.empty()) {
- ADD_FAILURE() << "cert_ders is empty";
- return false;
- }
+ static void RunTest(std::vector<std::string> cert_ders,
+ std::vector<std::string> crl_ders,
+ const PkitsTestInfo& info) {
+ ASSERT_FALSE(cert_ders.empty());
// PKITS lists chains from trust anchor to target, whereas
// VerifyCertificateChain takes them starting with the target and ending
@@ -61,29 +58,26 @@ class VerifyCertificateChainPkitsTestDelegate {
std::vector<scoped_refptr<net::ParsedCertificate>> input_chain;
CertErrors parsing_errors;
for (auto i = cert_ders.rbegin(); i != cert_ders.rend(); ++i) {
- if (!net::ParsedCertificate::CreateAndAddToVector(
- bssl::UniquePtr<CRYPTO_BUFFER>(
- CRYPTO_BUFFER_new(reinterpret_cast<const uint8_t*>(i->data()),
- i->size(), nullptr)),
- {}, &input_chain, &parsing_errors)) {
- ADD_FAILURE() << "Cert failed to parse:\n"
- << parsing_errors.ToDebugString();
- return false;
- }
+ ASSERT_TRUE(net::ParsedCertificate::CreateAndAddToVector(
+ bssl::UniquePtr<CRYPTO_BUFFER>(CRYPTO_BUFFER_new(
+ reinterpret_cast<const uint8_t*>(i->data()), i->size(), nullptr)),
+ {}, &input_chain, &parsing_errors))
+ << parsing_errors.ToDebugString();
}
SimpleSignaturePolicy signature_policy(1024);
- // Run all tests at the time the PKITS was published.
- der::GeneralizedTime time = {2011, 4, 15, 0, 0, 0};
-
CertPathErrors path_errors;
VerifyCertificateChain(input_chain, CertificateTrust::ForTrustAnchor(),
- &signature_policy, time, KeyPurpose::ANY_EKU,
+ &signature_policy, info.time, KeyPurpose::ANY_EKU,
&path_errors);
+ bool did_succeed = !path_errors.ContainsHighSeverityErrors();
// TODO(crbug.com/634443): Test errors on failure?
- return !path_errors.ContainsHighSeverityErrors();
+ if (info.should_validate != did_succeed) {
+ ASSERT_EQ(info.should_validate, did_succeed)
+ << path_errors.ToDebugString(input_chain);
+ }
}
};
@@ -99,7 +93,10 @@ TEST_F(PkitsTest01SignatureVerificationCustom,
"ValidDSASignaturesTest4EE"};
const char* const crls[] = {"TrustAnchorRootCRL", "DSACACRL"};
// DSA signatures are intentionally unsupported.
- ASSERT_FALSE(this->Verify(certs, crls, {}));
+ PkitsTestInfo info;
+ info.should_validate = false;
+
+ this->RunTest(certs, crls, info);
}
// Modified version of 4.1.5 Valid DSA Parameter Inheritance Test5
@@ -111,7 +108,10 @@ TEST_F(PkitsTest01SignatureVerificationCustom,
const char* const crls[] = {"TrustAnchorRootCRL", "DSACACRL",
"DSAParametersInheritedCACRL"};
// DSA signatures are intentionally unsupported.
- ASSERT_FALSE(this->Verify(certs, crls, {}));
+ PkitsTestInfo info;
+ info.should_validate = false;
+
+ this->RunTest(certs, crls, info);
}
class PkitsTest13SignatureVerificationCustom
@@ -126,7 +126,10 @@ TEST_F(PkitsTest13SignatureVerificationCustom,
const char* const crls[] = {"TrustAnchorRootCRL",
"nameConstraintsRFC822CA1CRL"};
// Name constraints on rfc822Names are not supported.
- ASSERT_FALSE(this->Verify(certs, crls, {}));
+ PkitsTestInfo info;
+ info.should_validate = false;
+
+ this->RunTest(certs, crls, info);
}
// Modified version of 4.13.23 Valid RFC822 nameConstraints Test23
@@ -138,7 +141,10 @@ TEST_F(PkitsTest13SignatureVerificationCustom,
const char* const crls[] = {"TrustAnchorRootCRL",
"nameConstraintsRFC822CA2CRL"};
// Name constraints on rfc822Names are not supported.
- ASSERT_FALSE(this->Verify(certs, crls, {}));
+ PkitsTestInfo info;
+ info.should_validate = false;
+
+ this->RunTest(certs, crls, info);
}
// Modified version of 4.13.25 Valid RFC822 nameConstraints Test25
@@ -150,7 +156,10 @@ TEST_F(PkitsTest13SignatureVerificationCustom,
const char* const crls[] = {"TrustAnchorRootCRL",
"nameConstraintsRFC822CA3CRL"};
// Name constraints on rfc822Names are not supported.
- ASSERT_FALSE(this->Verify(certs, crls, {}));
+ PkitsTestInfo info;
+ info.should_validate = false;
+
+ this->RunTest(certs, crls, info);
}
// Modified version of 4.13.27 Valid DN and RFC822 nameConstraints Test27
@@ -163,7 +172,10 @@ TEST_F(PkitsTest13SignatureVerificationCustom,
const char* const crls[] = {"TrustAnchorRootCRL", "nameConstraintsDN1CACRL",
"nameConstraintsDN1subCA3CRL"};
// Name constraints on rfc822Names are not supported.
- ASSERT_FALSE(this->Verify(certs, crls, {}));
+ PkitsTestInfo info;
+ info.should_validate = false;
+
+ this->RunTest(certs, crls, info);
}
// Modified version of 4.13.34 Valid URI nameConstraints Test34
@@ -174,7 +186,10 @@ TEST_F(PkitsTest13SignatureVerificationCustom,
"ValidURInameConstraintsTest34EE"};
const char* const crls[] = {"TrustAnchorRootCRL", "nameConstraintsURI1CACRL"};
// Name constraints on uniformResourceIdentifiers are not supported.
- ASSERT_FALSE(this->Verify(certs, crls, {}));
+ PkitsTestInfo info;
+ info.should_validate = false;
+
+ this->RunTest(certs, crls, info);
}
// Modified version of 4.13.36 Valid URI nameConstraints Test36
@@ -185,7 +200,10 @@ TEST_F(PkitsTest13SignatureVerificationCustom,
"ValidURInameConstraintsTest36EE"};
const char* const crls[] = {"TrustAnchorRootCRL", "nameConstraintsURI2CACRL"};
// Name constraints on uniformResourceIdentifiers are not supported.
- ASSERT_FALSE(this->Verify(certs, crls, {}));
+ PkitsTestInfo info;
+ info.should_validate = false;
+
+ this->RunTest(certs, crls, info);
}
INSTANTIATE_TYPED_TEST_CASE_P(VerifyCertificateChain,
« no previous file with comments | « net/cert/internal/path_builder_pkits_unittest.cc ('k') | net/third_party/nist-pkits/generate_tests.py » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698