Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1786)

Unified Diff: net/base/cert_verify_proc_unittest.cc

Issue 10790129: net: fix a couple of broken certificate tests. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 8 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | net/base/test_certificate_data.h » ('j') | net/data/ssl/certificates/certse.pem » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/base/cert_verify_proc_unittest.cc
diff --git a/net/base/cert_verify_proc_unittest.cc b/net/base/cert_verify_proc_unittest.cc
index 78999045ac9f00a9e5d86aad349a260f5a910ece..a802e2a267583137b727c367bfdff02cd4e68df6 100644
--- a/net/base/cert_verify_proc_unittest.cc
+++ b/net/base/cert_verify_proc_unittest.cc
@@ -409,68 +409,59 @@ TEST_F(CertVerifyProcTest, DigiNotarCerts) {
}
// Bug 111893: This test needs a new certificate.
Ryan Sleevi 2012/07/23 21:45:05 Seems like you should remove this BUG and should u
agl 2012/07/23 22:14:18 Ah, good point. Thanks.
-TEST_F(CertVerifyProcTest, DISABLED_TestKnownRoot) {
+TEST_F(CertVerifyProcTest, TestKnownRoot) {
FilePath certs_dir = GetTestCertsDirectory();
- scoped_refptr<X509Certificate> cert =
- ImportCertFromFile(certs_dir, "nist.der");
- ASSERT_NE(static_cast<X509Certificate*>(NULL), cert);
-
- // This intermediate is only needed for old Linux machines. Modern NSS
- // includes it as a root already.
- scoped_refptr<X509Certificate> intermediate_cert =
- ImportCertFromFile(certs_dir, "nist_intermediate.der");
- ASSERT_NE(static_cast<X509Certificate*>(NULL), intermediate_cert);
+ CertificateList certs = CreateCertificateListFromFile(
+ certs_dir, "certse.pem",
+ X509Certificate::FORMAT_AUTO);
Ryan Sleevi 2012/07/23 21:45:05 nit: move this to the previous line?
agl 2012/07/23 22:14:18 Done.
+ ASSERT_EQ(3U, certs.size());
X509Certificate::OSCertHandles intermediates;
- intermediates.push_back(intermediate_cert->os_cert_handle());
+ intermediates.push_back(certs[1]->os_cert_handle());
+ intermediates.push_back(certs[2]->os_cert_handle());
+
scoped_refptr<X509Certificate> cert_chain =
- X509Certificate::CreateFromHandle(cert->os_cert_handle(),
+ X509Certificate::CreateFromHandle(certs[0]->os_cert_handle(),
intermediates);
int flags = 0;
CertVerifyResult verify_result;
- // This is going to blow up in Feb 2012. Sorry! Disable and file a bug
- // against agl. Also see PublicKeyHashes in this file.
- int error = Verify(cert_chain, "www.nist.gov", flags, NULL, &verify_result);
+ // This will blow up, June 8th, 2014. Sorry! Please disable and file a bug
+ // against agl. See also PublicKeyHashes.
+ int error = Verify(cert_chain, "cert.se", flags, NULL, &verify_result);
EXPECT_EQ(OK, error);
EXPECT_EQ(0U, verify_result.cert_status);
EXPECT_TRUE(verify_result.is_issued_by_known_root);
}
// Bug 111893: This test needs a new certificate.
Ryan Sleevi 2012/07/23 21:45:05 Same here
agl 2012/07/23 22:14:18 Done.
-TEST_F(CertVerifyProcTest, DISABLED_PublicKeyHashes) {
+TEST_F(CertVerifyProcTest, PublicKeyHashes) {
FilePath certs_dir = GetTestCertsDirectory();
- // This is going to blow up in Feb 2012. Sorry! Disable and file a bug
- // against agl. Also see TestKnownRoot in this file.
- scoped_refptr<X509Certificate> cert =
- ImportCertFromFile(certs_dir, "nist.der");
- ASSERT_NE(static_cast<X509Certificate*>(NULL), cert);
-
- // This intermediate is only needed for old Linux machines. Modern NSS
- // includes it as a root already.
- scoped_refptr<X509Certificate> intermediate_cert =
- ImportCertFromFile(certs_dir, "nist_intermediate.der");
- ASSERT_NE(static_cast<X509Certificate*>(NULL), intermediate_cert);
-
- ScopedTestRoot scoped_intermediate(intermediate_cert);
+ CertificateList certs = CreateCertificateListFromFile(
+ certs_dir, "certse.pem",
+ X509Certificate::FORMAT_AUTO);
Ryan Sleevi 2012/07/23 21:45:05 nit: same here
agl 2012/07/23 22:14:18 Done.
+ ASSERT_EQ(3U, certs.size());
X509Certificate::OSCertHandles intermediates;
- intermediates.push_back(intermediate_cert->os_cert_handle());
+ intermediates.push_back(certs[1]->os_cert_handle());
+ intermediates.push_back(certs[2]->os_cert_handle());
+
scoped_refptr<X509Certificate> cert_chain =
- X509Certificate::CreateFromHandle(cert->os_cert_handle(),
+ X509Certificate::CreateFromHandle(certs[0]->os_cert_handle(),
intermediates);
-
int flags = 0;
CertVerifyResult verify_result;
- int error = Verify(cert_chain, "www.nist.gov", flags, NULL, &verify_result);
+ // This will blow up, June 8th, 2014. Sorry! Please disable and file a bug
+ // against agl. See also TestKnownRoot.
+ int error = Verify(cert_chain, "cert.se", flags, NULL, &verify_result);
EXPECT_EQ(OK, error);
EXPECT_EQ(0U, verify_result.cert_status);
- ASSERT_LE(2u, verify_result.public_key_hashes.size());
- EXPECT_EQ(HexEncode(kNistSPKIHash, base::kSHA1Length),
- HexEncode(verify_result.public_key_hashes[0].data, base::kSHA1Length));
- EXPECT_EQ("83244223D6CBF0A26FC7DE27CEBCA4BDA32612AD",
- HexEncode(verify_result.public_key_hashes[1].data, base::kSHA1Length));
+ ASSERT_LE(3u, verify_result.public_key_hashes.size());
+ for (unsigned i = 0; i < 3; i++) {
+ EXPECT_EQ(HexEncode(kCertSESPKIs[i], base::kSHA1Length),
+ HexEncode(verify_result.public_key_hashes[i].data, base::kSHA1Length));
+ }
}
// A regression test for http://crbug.com/70293.
« no previous file with comments | « no previous file | net/base/test_certificate_data.h » ('j') | net/data/ssl/certificates/certse.pem » ('J')

Powered by Google App Engine
This is Rietveld 408576698