| Index: net/cert/cert_policy_enforcer_unittest.cc
|
| diff --git a/net/cert/cert_policy_enforcer_unittest.cc b/net/cert/cert_policy_enforcer_unittest.cc
|
| index 45a2e6af87cc1999ceaa439c368f3650d0dbd3f7..f92bb73cd972e50738d16ec2ed935ccdb1a3ebb2 100644
|
| --- a/net/cert/cert_policy_enforcer_unittest.cc
|
| +++ b/net/cert/cert_policy_enforcer_unittest.cc
|
| @@ -74,8 +74,8 @@ TEST_F(CertPolicyEnforcerTest, ConformsToCTEVPolicyWithNonEmbeddedSCTs) {
|
| FillResultWithSCTsOfOrigin(
|
| ct::SignedCertificateTimestamp::SCT_FROM_TLS_EXTENSION, 2, &result);
|
|
|
| - EXPECT_TRUE(
|
| - policy_enforcer_->DoesConformToCTEVPolicy(chain_.get(), nullptr, result));
|
| + EXPECT_TRUE(policy_enforcer_->DoesConformToCTEVPolicy(chain_.get(), nullptr,
|
| + result, BoundNetLog()));
|
| }
|
|
|
| TEST_F(CertPolicyEnforcerTest, ConformsToCTEVPolicyWithEmbeddedSCTs) {
|
| @@ -84,8 +84,8 @@ TEST_F(CertPolicyEnforcerTest, ConformsToCTEVPolicyWithEmbeddedSCTs) {
|
| FillResultWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED, 5,
|
| &result);
|
|
|
| - EXPECT_TRUE(
|
| - policy_enforcer_->DoesConformToCTEVPolicy(chain_.get(), nullptr, result));
|
| + EXPECT_TRUE(policy_enforcer_->DoesConformToCTEVPolicy(chain_.get(), nullptr,
|
| + result, BoundNetLog()));
|
| }
|
|
|
| TEST_F(CertPolicyEnforcerTest, DoesNotConformToCTEVPolicyNotEnoughSCTs) {
|
| @@ -99,13 +99,13 @@ TEST_F(CertPolicyEnforcerTest, DoesNotConformToCTEVPolicyNotEnoughSCTs) {
|
| &result);
|
|
|
| EXPECT_FALSE(policy_enforcer_->DoesConformToCTEVPolicy(
|
| - chain_.get(), non_including_whitelist.get(), result));
|
| + chain_.get(), non_including_whitelist.get(), result, BoundNetLog()));
|
|
|
| // ... but should be OK if whitelisted.
|
| scoped_refptr<ct::EVCertsWhitelist> whitelist(
|
| new DummyEVCertsWhitelist(true, true));
|
| EXPECT_TRUE(policy_enforcer_->DoesConformToCTEVPolicy(
|
| - chain_.get(), whitelist.get(), result));
|
| + chain_.get(), whitelist.get(), result, BoundNetLog()));
|
| }
|
|
|
| TEST_F(CertPolicyEnforcerTest, DoesNotEnforceCTPolicyIfNotRequired) {
|
| @@ -116,7 +116,8 @@ TEST_F(CertPolicyEnforcerTest, DoesNotEnforceCTPolicyIfNotRequired) {
|
| &result);
|
| // Expect true despite the chain not having enough SCTs as the policy
|
| // is not enforced.
|
| - EXPECT_TRUE(enforcer->DoesConformToCTEVPolicy(chain_.get(), nullptr, result));
|
| + EXPECT_TRUE(enforcer->DoesConformToCTEVPolicy(chain_.get(), nullptr, result,
|
| + BoundNetLog()));
|
| }
|
|
|
| TEST_F(CertPolicyEnforcerTest, DoesNotConformToPolicyInvalidDates) {
|
| @@ -126,12 +127,12 @@ TEST_F(CertPolicyEnforcerTest, DoesNotConformToPolicyInvalidDates) {
|
| FillResultWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED, 5,
|
| &result);
|
| EXPECT_FALSE(policy_enforcer_->DoesConformToCTEVPolicy(
|
| - no_valid_dates_cert.get(), nullptr, result));
|
| + no_valid_dates_cert.get(), nullptr, result, BoundNetLog()));
|
| // ... but should be OK if whitelisted.
|
| scoped_refptr<ct::EVCertsWhitelist> whitelist(
|
| new DummyEVCertsWhitelist(true, true));
|
| EXPECT_TRUE(policy_enforcer_->DoesConformToCTEVPolicy(
|
| - chain_.get(), whitelist.get(), result));
|
| + chain_.get(), whitelist.get(), result, BoundNetLog()));
|
| }
|
|
|
| TEST_F(CertPolicyEnforcerTest,
|
| @@ -152,15 +153,15 @@ TEST_F(CertPolicyEnforcerTest,
|
| for (size_t j = 0; j < curr_required_scts - 1; ++j) {
|
| FillResultWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED,
|
| 1, &result);
|
| - EXPECT_FALSE(policy_enforcer_->DoesConformToCTEVPolicy(cert.get(),
|
| - nullptr, result))
|
| + EXPECT_FALSE(policy_enforcer_->DoesConformToCTEVPolicy(
|
| + cert.get(), nullptr, result, BoundNetLog()))
|
| << " for: " << curr_validity << " and " << curr_required_scts
|
| << " scts=" << result.verified_scts.size() << " j=" << j;
|
| }
|
| FillResultWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED, 1,
|
| &result);
|
| - EXPECT_TRUE(
|
| - policy_enforcer_->DoesConformToCTEVPolicy(cert.get(), nullptr, result));
|
| + EXPECT_TRUE(policy_enforcer_->DoesConformToCTEVPolicy(
|
| + cert.get(), nullptr, result, BoundNetLog()));
|
| }
|
| }
|
|
|
| @@ -174,7 +175,8 @@ TEST_F(CertPolicyEnforcerTest,
|
| // Expect true despite the chain not having enough SCTs according to the
|
| // policy
|
| // since we only have 2 logs.
|
| - EXPECT_TRUE(enforcer->DoesConformToCTEVPolicy(chain_.get(), nullptr, result));
|
| + EXPECT_TRUE(enforcer->DoesConformToCTEVPolicy(chain_.get(), nullptr, result,
|
| + BoundNetLog()));
|
| }
|
|
|
| TEST_F(CertPolicyEnforcerTest, ConformsToPolicyByEVWhitelistPresence) {
|
| @@ -185,7 +187,7 @@ TEST_F(CertPolicyEnforcerTest, ConformsToPolicyByEVWhitelistPresence) {
|
| FillResultWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED, 1,
|
| &result);
|
| EXPECT_TRUE(policy_enforcer_->DoesConformToCTEVPolicy(
|
| - chain_.get(), whitelist.get(), result));
|
| + chain_.get(), whitelist.get(), result, BoundNetLog()));
|
| }
|
|
|
| TEST_F(CertPolicyEnforcerTest, IgnoresInvalidEVWhitelist) {
|
| @@ -196,15 +198,15 @@ TEST_F(CertPolicyEnforcerTest, IgnoresInvalidEVWhitelist) {
|
| FillResultWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED, 1,
|
| &result);
|
| EXPECT_FALSE(policy_enforcer_->DoesConformToCTEVPolicy(
|
| - chain_.get(), whitelist.get(), result));
|
| + chain_.get(), whitelist.get(), result, BoundNetLog()));
|
| }
|
|
|
| TEST_F(CertPolicyEnforcerTest, IgnoresNullEVWhitelist) {
|
| ct::CTVerifyResult result;
|
| FillResultWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED, 1,
|
| &result);
|
| - EXPECT_FALSE(
|
| - policy_enforcer_->DoesConformToCTEVPolicy(chain_.get(), nullptr, result));
|
| + EXPECT_FALSE(policy_enforcer_->DoesConformToCTEVPolicy(
|
| + chain_.get(), nullptr, result, BoundNetLog()));
|
| }
|
|
|
| } // namespace
|
|
|
Chromium Code Reviews
Issue 782333002:
Certificate Transparency: Adding finch and NetLog logging for EV certs (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master