Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(187)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/cert_policy_enforcer_unittest.cc

Issue 795013003: Certificate Transparency: Remove SSLWatcher's Alpha log. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 6 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/cert/cert_policy_enforcer.cc ('k') | net/cert/ct_known_logs_static.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/cert_policy_enforcer.h" 5 #include "net/cert/cert_policy_enforcer.h"
6 6
7 #include <string> 7 #include <string>
8 8
9 #include "base/memory/scoped_ptr.h" 9 #include "base/memory/scoped_ptr.h"
10 #include "net/base/test_data_directory.h" 10 #include "net/base/test_data_directory.h"
(...skipping 26 matching lines...) Expand all
37 ~DummyEVCertsWhitelist() override {} 37 ~DummyEVCertsWhitelist() override {}
38 38
39 private: 39 private:
40 bool canned_is_valid_; 40 bool canned_is_valid_;
41 bool canned_contains_response_; 41 bool canned_contains_response_;
42 }; 42 };
43 43
44 class CertPolicyEnforcerTest : public ::testing::Test { 44 class CertPolicyEnforcerTest : public ::testing::Test {
45 public: 45 public:
46 virtual void SetUp() override { 46 virtual void SetUp() override {
47 policy_enforcer_.reset(new CertPolicyEnforcer(5, true)); 47 policy_enforcer_.reset(new CertPolicyEnforcer(true));
48 48
49 std::string der_test_cert(ct::GetDerEncodedX509Cert()); 49 std::string der_test_cert(ct::GetDerEncodedX509Cert());
50 chain_ = X509Certificate::CreateFromBytes(der_test_cert.data(), 50 chain_ = X509Certificate::CreateFromBytes(der_test_cert.data(),
51 der_test_cert.size()); 51 der_test_cert.size());
52 ASSERT_TRUE(chain_.get()); 52 ASSERT_TRUE(chain_.get());
53 } 53 }
54 54
55 void FillResultWithSCTsOfOrigin( 55 void FillResultWithSCTsOfOrigin(
56 ct::SignedCertificateTimestamp::Origin desired_origin, 56 ct::SignedCertificateTimestamp::Origin desired_origin,
57 int num_scts, 57 int num_scts,
(...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after
102 chain_.get(), non_including_whitelist.get(), result)); 102 chain_.get(), non_including_whitelist.get(), result));
103 103
104 // ... but should be OK if whitelisted. 104 // ... but should be OK if whitelisted.
105 scoped_refptr<ct::EVCertsWhitelist> whitelist( 105 scoped_refptr<ct::EVCertsWhitelist> whitelist(
106 new DummyEVCertsWhitelist(true, true)); 106 new DummyEVCertsWhitelist(true, true));
107 EXPECT_TRUE(policy_enforcer_->DoesConformToCTEVPolicy( 107 EXPECT_TRUE(policy_enforcer_->DoesConformToCTEVPolicy(
108 chain_.get(), whitelist.get(), result)); 108 chain_.get(), whitelist.get(), result));
109 } 109 }
110 110
111 TEST_F(CertPolicyEnforcerTest, DoesNotEnforceCTPolicyIfNotRequired) { 111 TEST_F(CertPolicyEnforcerTest, DoesNotEnforceCTPolicyIfNotRequired) {
112 scoped_ptr<CertPolicyEnforcer> enforcer(new CertPolicyEnforcer(3, false)); 112 scoped_ptr<CertPolicyEnforcer> enforcer(new CertPolicyEnforcer(false));
113 113
114 ct::CTVerifyResult result; 114 ct::CTVerifyResult result;
115 FillResultWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED, 1, 115 FillResultWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED, 1,
116 &result); 116 &result);
117 // Expect true despite the chain not having enough SCTs as the policy 117 // Expect true despite the chain not having enough SCTs as the policy
118 // is not enforced. 118 // is not enforced.
119 EXPECT_TRUE(enforcer->DoesConformToCTEVPolicy(chain_.get(), nullptr, result)); 119 EXPECT_TRUE(enforcer->DoesConformToCTEVPolicy(chain_.get(), nullptr, result));
120 } 120 }
121 121
122 TEST_F(CertPolicyEnforcerTest, DoesNotConformToPolicyInvalidDates) { 122 TEST_F(CertPolicyEnforcerTest, DoesNotConformToPolicyInvalidDates) {
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after
157 << " for: " << curr_validity << " and " << curr_required_scts 157 << " for: " << curr_validity << " and " << curr_required_scts
158 << " scts=" << result.verified_scts.size() << " j=" << j; 158 << " scts=" << result.verified_scts.size() << " j=" << j;
159 } 159 }
160 FillResultWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED, 1, 160 FillResultWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED, 1,
161 &result); 161 &result);
162 EXPECT_TRUE( 162 EXPECT_TRUE(
163 policy_enforcer_->DoesConformToCTEVPolicy(cert.get(), nullptr, result)); 163 policy_enforcer_->DoesConformToCTEVPolicy(cert.get(), nullptr, result));
164 } 164 }
165 } 165 }
166 166
167 TEST_F(CertPolicyEnforcerTest,
168 ConformsToPolicyButDoesNotRequireMoreThanNumLogs) {
169 scoped_ptr<CertPolicyEnforcer> enforcer(new CertPolicyEnforcer(2, true));
170
171 ct::CTVerifyResult result;
172 FillResultWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED, 2,
173 &result);
174 // Expect true despite the chain not having enough SCTs according to the
175 // policy
176 // since we only have 2 logs.
177 EXPECT_TRUE(enforcer->DoesConformToCTEVPolicy(chain_.get(), nullptr, result));
178 }
179
180 TEST_F(CertPolicyEnforcerTest, ConformsToPolicyByEVWhitelistPresence) { 167 TEST_F(CertPolicyEnforcerTest, ConformsToPolicyByEVWhitelistPresence) {
181 scoped_refptr<ct::EVCertsWhitelist> whitelist( 168 scoped_refptr<ct::EVCertsWhitelist> whitelist(
182 new DummyEVCertsWhitelist(true, true)); 169 new DummyEVCertsWhitelist(true, true));
183 170
184 ct::CTVerifyResult result; 171 ct::CTVerifyResult result;
185 FillResultWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED, 1, 172 FillResultWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED, 1,
186 &result); 173 &result);
187 EXPECT_TRUE(policy_enforcer_->DoesConformToCTEVPolicy( 174 EXPECT_TRUE(policy_enforcer_->DoesConformToCTEVPolicy(
188 chain_.get(), whitelist.get(), result)); 175 chain_.get(), whitelist.get(), result));
189 } 176 }
(...skipping 13 matching lines...) Expand all
203 ct::CTVerifyResult result; 190 ct::CTVerifyResult result;
204 FillResultWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED, 1, 191 FillResultWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED, 1,
205 &result); 192 &result);
206 EXPECT_FALSE( 193 EXPECT_FALSE(
207 policy_enforcer_->DoesConformToCTEVPolicy(chain_.get(), nullptr, result)); 194 policy_enforcer_->DoesConformToCTEVPolicy(chain_.get(), nullptr, result));
208 } 195 }
209 196
210 } // namespace 197 } // namespace
211 198
212 } // namespace net 199 } // namespace net
OLDNEW
« no previous file with comments | « net/cert/cert_policy_enforcer.cc ('k') | net/cert/ct_known_logs_static.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698