| Index: net/cert/x509_certificate_unittest.cc
|
| diff --git a/net/cert/x509_certificate_unittest.cc b/net/cert/x509_certificate_unittest.cc
|
| index 211e0ecd713b506df4898ead2fb6ba83eea8387e..158806ed7da53dba364da4e487b89940bbf1b36d 100644
|
| --- a/net/cert/x509_certificate_unittest.cc
|
| +++ b/net/cert/x509_certificate_unittest.cc
|
| @@ -617,111 +617,6 @@ TEST(X509CertificateTest, Pickle) {
|
| }
|
| }
|
|
|
| -TEST(X509CertificateTest, Policy) {
|
| - scoped_refptr<X509Certificate> google_cert(X509Certificate::CreateFromBytes(
|
| - reinterpret_cast<const char*>(google_der), sizeof(google_der)));
|
| -
|
| - scoped_refptr<X509Certificate> webkit_cert(X509Certificate::CreateFromBytes(
|
| - reinterpret_cast<const char*>(webkit_der), sizeof(webkit_der)));
|
| -
|
| - CertPolicy policy;
|
| -
|
| - // To begin with, everything should be unknown.
|
| - EXPECT_EQ(CertPolicy::UNKNOWN,
|
| - policy.Check(google_cert.get(), CERT_STATUS_DATE_INVALID));
|
| - EXPECT_EQ(CertPolicy::UNKNOWN,
|
| - policy.Check(webkit_cert.get(), CERT_STATUS_COMMON_NAME_INVALID));
|
| - EXPECT_FALSE(policy.HasAllowedCert());
|
| - EXPECT_FALSE(policy.HasDeniedCert());
|
| -
|
| - // Test adding one certificate with one error.
|
| - policy.Allow(google_cert.get(), CERT_STATUS_DATE_INVALID);
|
| - EXPECT_EQ(CertPolicy::ALLOWED,
|
| - policy.Check(google_cert.get(), CERT_STATUS_DATE_INVALID));
|
| - EXPECT_EQ(CertPolicy::UNKNOWN,
|
| - policy.Check(google_cert.get(), CERT_STATUS_COMMON_NAME_INVALID));
|
| - EXPECT_EQ(CertPolicy::UNKNOWN,
|
| - policy.Check(google_cert.get(),
|
| - CERT_STATUS_DATE_INVALID | CERT_STATUS_COMMON_NAME_INVALID));
|
| - EXPECT_EQ(CertPolicy::UNKNOWN,
|
| - policy.Check(webkit_cert.get(), CERT_STATUS_COMMON_NAME_INVALID));
|
| - EXPECT_TRUE(policy.HasAllowedCert());
|
| - EXPECT_FALSE(policy.HasDeniedCert());
|
| -
|
| - // Test saving the same certificate with a new error.
|
| - policy.Allow(google_cert.get(), CERT_STATUS_AUTHORITY_INVALID);
|
| - EXPECT_EQ(CertPolicy::UNKNOWN,
|
| - policy.Check(google_cert.get(), CERT_STATUS_DATE_INVALID));
|
| - EXPECT_EQ(CertPolicy::ALLOWED,
|
| - policy.Check(google_cert.get(), CERT_STATUS_AUTHORITY_INVALID));
|
| - EXPECT_EQ(CertPolicy::UNKNOWN,
|
| - policy.Check(webkit_cert.get(), CERT_STATUS_COMMON_NAME_INVALID));
|
| - EXPECT_TRUE(policy.HasAllowedCert());
|
| - EXPECT_FALSE(policy.HasDeniedCert());
|
| -
|
| - // Test adding one certificate with two errors.
|
| - policy.Allow(google_cert.get(),
|
| - CERT_STATUS_DATE_INVALID | CERT_STATUS_AUTHORITY_INVALID);
|
| - EXPECT_EQ(CertPolicy::ALLOWED,
|
| - policy.Check(google_cert.get(), CERT_STATUS_DATE_INVALID));
|
| - EXPECT_EQ(CertPolicy::ALLOWED,
|
| - policy.Check(google_cert.get(), CERT_STATUS_AUTHORITY_INVALID));
|
| - EXPECT_EQ(CertPolicy::UNKNOWN,
|
| - policy.Check(google_cert.get(), CERT_STATUS_COMMON_NAME_INVALID));
|
| - EXPECT_EQ(CertPolicy::UNKNOWN,
|
| - policy.Check(webkit_cert.get(), CERT_STATUS_COMMON_NAME_INVALID));
|
| - EXPECT_TRUE(policy.HasAllowedCert());
|
| - EXPECT_FALSE(policy.HasDeniedCert());
|
| -
|
| - // Test removing a certificate that was previously allowed.
|
| - policy.Deny(google_cert.get(), CERT_STATUS_DATE_INVALID);
|
| - EXPECT_EQ(CertPolicy::DENIED,
|
| - policy.Check(google_cert.get(), CERT_STATUS_DATE_INVALID));
|
| - EXPECT_EQ(CertPolicy::UNKNOWN,
|
| - policy.Check(webkit_cert.get(), CERT_STATUS_COMMON_NAME_INVALID));
|
| - EXPECT_FALSE(policy.HasAllowedCert());
|
| - EXPECT_TRUE(policy.HasDeniedCert());
|
| -
|
| - // Test removing a certificate that was previously unknown.
|
| - policy.Deny(webkit_cert.get(), CERT_STATUS_COMMON_NAME_INVALID);
|
| - EXPECT_EQ(CertPolicy::DENIED,
|
| - policy.Check(google_cert.get(), CERT_STATUS_DATE_INVALID));
|
| - EXPECT_EQ(CertPolicy::DENIED,
|
| - policy.Check(webkit_cert.get(), CERT_STATUS_COMMON_NAME_INVALID));
|
| - EXPECT_FALSE(policy.HasAllowedCert());
|
| - EXPECT_TRUE(policy.HasDeniedCert());
|
| -
|
| - // Test saving a certificate that was previously denied.
|
| - policy.Allow(webkit_cert.get(), CERT_STATUS_COMMON_NAME_INVALID);
|
| - EXPECT_EQ(CertPolicy::DENIED,
|
| - policy.Check(google_cert.get(), CERT_STATUS_DATE_INVALID));
|
| - EXPECT_EQ(CertPolicy::ALLOWED,
|
| - policy.Check(webkit_cert.get(), CERT_STATUS_COMMON_NAME_INVALID));
|
| - EXPECT_TRUE(policy.HasAllowedCert());
|
| - EXPECT_TRUE(policy.HasDeniedCert());
|
| -
|
| - // Test denying an overlapping certificate.
|
| - policy.Allow(google_cert.get(),
|
| - CERT_STATUS_COMMON_NAME_INVALID | CERT_STATUS_DATE_INVALID);
|
| - policy.Deny(google_cert.get(), CERT_STATUS_DATE_INVALID);
|
| - EXPECT_EQ(CertPolicy::DENIED,
|
| - policy.Check(google_cert.get(), CERT_STATUS_DATE_INVALID));
|
| - EXPECT_EQ(CertPolicy::UNKNOWN,
|
| - policy.Check(google_cert.get(), CERT_STATUS_COMMON_NAME_INVALID));
|
| - EXPECT_EQ(CertPolicy::DENIED,
|
| - policy.Check(google_cert.get(),
|
| - CERT_STATUS_COMMON_NAME_INVALID | CERT_STATUS_DATE_INVALID));
|
| -
|
| - // Test denying an overlapping certificate (other direction).
|
| - policy.Allow(webkit_cert.get(), CERT_STATUS_COMMON_NAME_INVALID);
|
| - policy.Deny(webkit_cert.get(), CERT_STATUS_COMMON_NAME_INVALID);
|
| - policy.Deny(webkit_cert.get(), CERT_STATUS_DATE_INVALID);
|
| - EXPECT_EQ(CertPolicy::DENIED,
|
| - policy.Check(webkit_cert.get(), CERT_STATUS_COMMON_NAME_INVALID));
|
| - EXPECT_EQ(CertPolicy::DENIED,
|
| - policy.Check(webkit_cert.get(), CERT_STATUS_DATE_INVALID));
|
| -}
|
| -
|
| TEST(X509CertificateTest, IntermediateCertificates) {
|
| scoped_refptr<X509Certificate> webkit_cert(
|
| X509Certificate::CreateFromBytes(
|
|
|
Chromium Code Reviews
Issue 465133004:
Remove DenyCertForHost from SSLHostStateDelegate API. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src