// Copyright 2016 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "net/cert/internal/cert_issuer_source_aia.h" #include <memory> #include "base/files/file_util.h" #include "net/cert/internal/test_helpers.h" #include "net/cert/mock_cert_net_fetcher.h" #include "net/cert/x509_certificate.h" #include "net/cert/x509_util.h" #include "net/test/test_data_directory.h" #include "testing/gmock/include/gmock/gmock.h" #include "testing/gtest/include/gtest/gtest.h" #include "third_party/boringssl/src/pki/cert_errors.h" #include "third_party/boringssl/src/pki/parsed_certificate.h" #include "url/gurl.h" namespace net { namespace { ByMove; Mock; Return; StrictMock; _; ::testing::AssertionResult ReadTestPem(const std::string& file_name, const std::string& block_name, std::string* result) { … } ::testing::AssertionResult ReadTestCert( const std::string& file_name, std::shared_ptr<const bssl::ParsedCertificate>* result) { … } // CertIssuerSourceAia does not return results for SyncGetIssuersOf. TEST(CertIssuerSourceAiaTest, NoSyncResults) { … } // If the AuthorityInfoAccess extension is not present, AsyncGetIssuersOf should // synchronously indicate no results. TEST(CertIssuerSourceAiaTest, NoAia) { … } // If the AuthorityInfoAccess extension only contains non-HTTP URIs, // AsyncGetIssuersOf should create a Request object. The URL scheme check is // part of the specific CertNetFetcher implementation, this tests that we handle // ERR_DISALLOWED_URL_SCHEME properly. If FetchCaIssuers is modified to fail // synchronously in that case, this test will be more interesting. TEST(CertIssuerSourceAiaTest, FileAia) { … } // If the AuthorityInfoAccess extension contains an invalid URL, // AsyncGetIssuersOf should synchronously indicate no results. TEST(CertIssuerSourceAiaTest, OneInvalidURL) { … } // AuthorityInfoAccess with a single HTTP url pointing to a single DER cert. TEST(CertIssuerSourceAiaTest, OneAia) { … } // AuthorityInfoAccess with two URIs, one a FILE, the other a HTTP. // Simulate a ERR_DISALLOWED_URL_SCHEME for the file URL. If FetchCaIssuers is // modified to synchronously reject disallowed schemes, this test will be more // interesting. TEST(CertIssuerSourceAiaTest, OneFileOneHttpAia) { … } // AuthorityInfoAccess with two URIs, one is invalid, the other HTTP. TEST(CertIssuerSourceAiaTest, OneInvalidOneHttpAia) { … } // AuthorityInfoAccess with two HTTP urls, each pointing to a single DER cert. // One request completes, results are retrieved, then the next request completes // and the results are retrieved. TEST(CertIssuerSourceAiaTest, TwoAiaCompletedInSeries) { … } // AuthorityInfoAccess with a single HTTP url pointing to a single DER cert, // CertNetFetcher request fails. TEST(CertIssuerSourceAiaTest, OneAiaHttpError) { … } // AuthorityInfoAccess with a single HTTP url pointing to a single DER cert, // CertNetFetcher request completes, but the DER cert fails to parse. TEST(CertIssuerSourceAiaTest, OneAiaParseError) { … } // AuthorityInfoAccess with two HTTP urls, each pointing to a single DER cert. // One request fails. TEST(CertIssuerSourceAiaTest, TwoAiaCompletedInSeriesFirstFails) { … } // AuthorityInfoAccess with two HTTP urls, each pointing to a single DER cert. // First request completes, result is retrieved, then the second request fails. TEST(CertIssuerSourceAiaTest, TwoAiaCompletedInSeriesSecondFails) { … } // AuthorityInfoAccess with six HTTP URLs. kMaxFetchesPerCert is 5, so the // sixth URL should be ignored. TEST(CertIssuerSourceAiaTest, MaxFetchesPerCert) { … } // AuthorityInfoAccess that returns a certs-only CMS message containing two // certificates. TEST(CertIssuerSourceAiaTest, CertsOnlyCmsMessage) { … } } // namespace } // namespace net
Codebase Browser
chromium