Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1748)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/cert/cert_verify_proc_unittest.cc

Issue 621833005: Regenerate the long-lived test certificates to use SHA-256 (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@2171
Patch Set: Created 6 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/cert/cert_verify_proc.cc ('k') | net/cert/nss_cert_database_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/cert/cert_verify_proc_unittest.cc
diff --git a/net/cert/cert_verify_proc_unittest.cc b/net/cert/cert_verify_proc_unittest.cc
index 533d6d844109505b9ec361dafa05bb6d83500779..5e139771c66792b34ff7f1861ed653df1a0f430e 100644
--- a/net/cert/cert_verify_proc_unittest.cc
+++ b/net/cert/cert_verify_proc_unittest.cc
@@ -558,7 +558,7 @@ TEST_F(CertVerifyProcTest, NameConstraintsOk) {
ScopedTestRoot test_root(ca_cert_list[0].get());
CertificateList cert_list = CreateCertificateListFromFile(
- GetTestCertsDirectory(), "name_constraint_ok.crt",
+ GetTestCertsDirectory(), "name_constraint_good.pem",
X509Certificate::FORMAT_AUTO);
ASSERT_EQ(1U, cert_list.size());
@@ -593,7 +593,7 @@ TEST_F(CertVerifyProcTest, NameConstraintsFailure) {
ScopedTestRoot test_root(ca_cert_list[0].get());
CertificateList cert_list = CreateCertificateListFromFile(
- GetTestCertsDirectory(), "name_constraint_bad.crt",
+ GetTestCertsDirectory(), "name_constraint_bad.pem",
X509Certificate::FORMAT_AUTO);
ASSERT_EQ(1U, cert_list.size());
@@ -1150,53 +1150,6 @@ TEST_F(CertVerifyProcTest, CybertrustGTERoot) {
#endif
#if defined(USE_NSS) || defined(OS_IOS) || defined(OS_WIN) || defined(OS_MACOSX)
-static const uint8 kCRLSetLeafSPKIBlocked[] = {
- 0x8e, 0x00, 0x7b, 0x22, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0x3a,
- 0x30, 0x2c, 0x22, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x54, 0x79, 0x70,
- 0x65, 0x22, 0x3a, 0x22, 0x43, 0x52, 0x4c, 0x53, 0x65, 0x74, 0x22, 0x2c, 0x22,
- 0x53, 0x65, 0x71, 0x75, 0x65, 0x6e, 0x63, 0x65, 0x22, 0x3a, 0x30, 0x2c, 0x22,
- 0x44, 0x65, 0x6c, 0x74, 0x61, 0x46, 0x72, 0x6f, 0x6d, 0x22, 0x3a, 0x30, 0x2c,
- 0x22, 0x4e, 0x75, 0x6d, 0x50, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x73, 0x22, 0x3a,
- 0x30, 0x2c, 0x22, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x65, 0x64, 0x53, 0x50, 0x4b,
- 0x49, 0x73, 0x22, 0x3a, 0x5b, 0x22, 0x43, 0x38, 0x4d, 0x4a, 0x46, 0x55, 0x55,
- 0x5a, 0x38, 0x43, 0x79, 0x54, 0x2b, 0x4e, 0x57, 0x64, 0x68, 0x69, 0x7a, 0x51,
- 0x68, 0x54, 0x49, 0x65, 0x46, 0x49, 0x37, 0x76, 0x41, 0x77, 0x7a, 0x64, 0x54,
- 0x79, 0x52, 0x59, 0x45, 0x6e, 0x78, 0x6c, 0x33, 0x62, 0x67, 0x3d, 0x22, 0x5d,
- 0x7d,
-};
-
-static const uint8 kCRLSetLeafSerialBlocked[] = {
- 0x60, 0x00, 0x7b, 0x22, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0x3a,
- 0x30, 0x2c, 0x22, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x54, 0x79, 0x70,
- 0x65, 0x22, 0x3a, 0x22, 0x43, 0x52, 0x4c, 0x53, 0x65, 0x74, 0x22, 0x2c, 0x22,
- 0x53, 0x65, 0x71, 0x75, 0x65, 0x6e, 0x63, 0x65, 0x22, 0x3a, 0x30, 0x2c, 0x22,
- 0x44, 0x65, 0x6c, 0x74, 0x61, 0x46, 0x72, 0x6f, 0x6d, 0x22, 0x3a, 0x30, 0x2c,
- 0x22, 0x4e, 0x75, 0x6d, 0x50, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x73, 0x22, 0x3a,
- 0x31, 0x2c, 0x22, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x65, 0x64, 0x53, 0x50, 0x4b,
- 0x49, 0x73, 0x22, 0x3a, 0x5b, 0x5d, 0x7d, 0x0f, 0x87, 0xe4, 0xc7, 0x75, 0xea,
- 0x46, 0x7e, 0xf3, 0xfd, 0x82, 0xb7, 0x46, 0x7b, 0x10, 0xda, 0xc5, 0xbf, 0xd8,
- 0xd1, 0x29, 0xb2, 0xc6, 0xac, 0x7f, 0x51, 0x42, 0x15, 0x28, 0x51, 0x06, 0x7f,
- 0x01, 0x00, 0x00, 0x00, // number of serials
- 0x01, 0xed, // serial 0xed
-};
-
-static const uint8 kCRLSetQUICSerialBlocked[] = {
- 0x60, 0x00, 0x7b, 0x22, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0x3a,
- 0x30, 0x2c, 0x22, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x54, 0x79, 0x70,
- 0x65, 0x22, 0x3a, 0x22, 0x43, 0x52, 0x4c, 0x53, 0x65, 0x74, 0x22, 0x2c, 0x22,
- 0x53, 0x65, 0x71, 0x75, 0x65, 0x6e, 0x63, 0x65, 0x22, 0x3a, 0x30, 0x2c, 0x22,
- 0x44, 0x65, 0x6c, 0x74, 0x61, 0x46, 0x72, 0x6f, 0x6d, 0x22, 0x3a, 0x30, 0x2c,
- 0x22, 0x4e, 0x75, 0x6d, 0x50, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x73, 0x22, 0x3a,
- 0x31, 0x2c, 0x22, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x65, 0x64, 0x53, 0x50, 0x4b,
- 0x49, 0x73, 0x22, 0x3a, 0x5b, 0x5d, 0x7d,
- // Issuer SPKI SHA-256 hash:
- 0xe4, 0x3a, 0xa3, 0xdb, 0x98, 0x31, 0x61, 0x05, 0xdd, 0x57, 0x6d, 0xc6, 0x2f,
- 0x71, 0x26, 0xba, 0xdd, 0xf4, 0x98, 0x3e, 0x62, 0x22, 0xf8, 0xf9, 0xe4, 0x18,
- 0x62, 0x77, 0x79, 0xdb, 0x9b, 0x31,
- 0x01, 0x00, 0x00, 0x00, // number of serials
- 0x01, 0x03, // serial 3
-};
-
// Test that CRLSets are effective in making a certificate appear to be
// revoked.
TEST_F(CertVerifyProcTest, CRLSet) {
@@ -1219,11 +1172,13 @@ TEST_F(CertVerifyProcTest, CRLSet) {
EXPECT_EQ(OK, error);
EXPECT_EQ(0U, verify_result.cert_status);
- // First test blocking by SPKI.
- base::StringPiece crl_set_bytes(
- reinterpret_cast<const char*>(kCRLSetLeafSPKIBlocked),
- sizeof(kCRLSetLeafSPKIBlocked));
scoped_refptr<CRLSet> crl_set;
+ std::string crl_set_bytes;
+
+ // First test blocking by SPKI.
+ EXPECT_TRUE(base::ReadFileToString(
+ GetTestCertsDirectory().AppendASCII("crlset_by_leaf_spki.raw"),
+ &crl_set_bytes));
ASSERT_TRUE(CRLSetStorage::Parse(crl_set_bytes, &crl_set));
error = Verify(cert.get(),
@@ -1236,9 +1191,10 @@ TEST_F(CertVerifyProcTest, CRLSet) {
// Second, test revocation by serial number of a cert directly under the
// root.
- crl_set_bytes =
- base::StringPiece(reinterpret_cast<const char*>(kCRLSetLeafSerialBlocked),
- sizeof(kCRLSetLeafSerialBlocked));
+ crl_set_bytes.clear();
+ EXPECT_TRUE(base::ReadFileToString(
+ GetTestCertsDirectory().AppendASCII("crlset_by_root_serial.raw"),
+ &crl_set_bytes));
ASSERT_TRUE(CRLSetStorage::Parse(crl_set_bytes, &crl_set));
error = Verify(cert.get(),
@@ -1288,9 +1244,10 @@ TEST_F(CertVerifyProcTest, CRLSetLeafSerial) {
// Test revocation by serial number of a certificate not under the root.
scoped_refptr<CRLSet> crl_set;
- base::StringPiece crl_set_bytes =
- base::StringPiece(reinterpret_cast<const char*>(kCRLSetQUICSerialBlocked),
- sizeof(kCRLSetQUICSerialBlocked));
+ std::string crl_set_bytes;
+ ASSERT_TRUE(base::ReadFileToString(
+ GetTestCertsDirectory().AppendASCII("crlset_by_intermediate_serial.raw"),
+ &crl_set_bytes));
ASSERT_TRUE(CRLSetStorage::Parse(crl_set_bytes, &crl_set));
error = Verify(leaf.get(),
« no previous file with comments | « net/cert/cert_verify_proc.cc ('k') | net/cert/nss_cert_database_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698