net/test: Add CertBuilder::GetX509CertificateChain helper.

Provides a more concise method for creating an X509Certificate with the necessary intermediate(s). Change-Id: I20d1cedbc7ee177b27871e460b1db56aec8f4e34 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1815994 Commit-Queue: Matt Mueller <mattm@chromium.org> Reviewed-by: Eric Roman <eroman@chromium.org> Cr-Commit-Position: refs/heads/master@{#699051}

net/test: Add CertBuilder::GetX509CertificateChain helper.
Provides a more concise method for creating an X509Certificate with the necessary intermediate(s). Change-Id: I20d1cedbc7ee177b27871e460b1db56aec8f4e34 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1815994 Commit-Queue: Matt Mueller <mattm@chromium.org> Reviewed-by: Eric Roman <eroman@chromium.org> Cr-Commit-Position: refs/heads/master@{#699051}
88cf36fd · Matt Mueller · Commit Bot · 195e49a6 · 88cf36fd · 88cf36fd
Commit 88cf36fd authored Sep 23, 2019 by Matt Mueller Committed by Commit Bot Sep 23, 2019
Showing with 34 additions and 48 deletions

net/cert/cert_verify_proc_unittest.cc net/cert/cert_verify_proc_unittest.cc +19 -48

net/test/cert_builder.cc net/test/cert_builder.cc +11 -0

net/test/cert_builder.h net/test/cert_builder.h +4 -0

No files found.
--- a/net/cert/cert_verify_proc_unittest.cc
+++ b/net/cert/cert_verify_proc_unittest.cc
@@ -270,16 +270,6 @@ bool AreSHA1IntermediatesAllowed() {
 #endif
 }
-// Helper to make creating an X509Certificate chain less verbose.
-scoped_refptr<X509Certificate> CreateX509CertificateWithIntermediate(
-    bssl::UniquePtr<CRYPTO_BUFFER> cert_buffer,
-    bssl::UniquePtr<CRYPTO_BUFFER> intermediate_buffer) {
-  std::vector<bssl::UniquePtr<CRYPTO_BUFFER>> intermediates;
-  intermediates.push_back(std::move(intermediate_buffer));
-  return X509Certificate::CreateFromBuffer(std::move(cert_buffer),
-                                           std::move(intermediates));
-}
 std::string MakeRandomHexString(size_t num_bytes) {
  std::vector<char> rand_bytes;
  rand_bytes.resize(num_bytes);
@@ -686,8 +676,7 @@ TEST_P(CertVerifyProcInternalTest, CertWithNullInCommonNameAndNoSAN) {
  // Trust the root and build a chain to verify that includes the intermediate.
  ScopedTestRoot scoped_root(root->GetX509Certificate().get());
-  scoped_refptr<X509Certificate> chain = CreateX509CertificateWithIntermediate(
+  scoped_refptr<X509Certificate> chain = leaf->GetX509CertificateChain();
-      leaf->DupCertBuffer(), intermediate->DupCertBuffer());
  ASSERT_TRUE(chain.get());
  int flags = 0;
@@ -716,8 +705,7 @@ TEST_P(CertVerifyProcInternalTest, CertWithNullInCommonNameAndValidSAN) {
  // Trust the root and build a chain to verify that includes the intermediate.
  ScopedTestRoot scoped_root(root->GetX509Certificate().get());
-  scoped_refptr<X509Certificate> chain = CreateX509CertificateWithIntermediate(
+  scoped_refptr<X509Certificate> chain = leaf->GetX509CertificateChain();
-      leaf->DupCertBuffer(), intermediate->DupCertBuffer());
  ASSERT_TRUE(chain.get());
  int flags = 0;
@@ -743,8 +731,7 @@ TEST_P(CertVerifyProcInternalTest, CertWithNullInSAN) {
  // Trust the root and build a chain to verify that includes the intermediate.
  ScopedTestRoot scoped_root(root->GetX509Certificate().get());
-  scoped_refptr<X509Certificate> chain = CreateX509CertificateWithIntermediate(
+  scoped_refptr<X509Certificate> chain = leaf->GetX509CertificateChain();
-      leaf->DupCertBuffer(), intermediate->DupCertBuffer());
  ASSERT_TRUE(chain.get());
  int flags = 0;
@@ -3062,8 +3049,7 @@ TEST_P(CertVerifyProcInternalWithNetFetchingTest, RevocationHardFailNoCrls) {
  // Trust the root and build a chain to verify that includes the intermediate.
  ScopedTestRoot scoped_root(root->GetX509Certificate().get());
-  scoped_refptr<X509Certificate> chain = CreateX509CertificateWithIntermediate(
+  scoped_refptr<X509Certificate> chain = leaf->GetX509CertificateChain();
-      leaf->DupCertBuffer(), intermediate->DupCertBuffer());
  ASSERT_TRUE(chain.get());
  // Verify with hard-fail revocation checking for local anchors.
@@ -3107,8 +3093,7 @@ TEST_P(CertVerifyProcInternalWithNetFetchingTest,
  // Trust the root and build a chain to verify that includes the intermediate.
  ScopedTestRoot scoped_root(root->GetX509Certificate().get());
-  scoped_refptr<X509Certificate> chain = CreateX509CertificateWithIntermediate(
+  scoped_refptr<X509Certificate> chain = leaf->GetX509CertificateChain();
-      leaf->DupCertBuffer(), intermediate->DupCertBuffer());
  ASSERT_TRUE(chain.get());
  // Verify with hard-fail revocation checking for local anchors.
@@ -3151,8 +3136,7 @@ TEST_P(CertVerifyProcInternalWithNetFetchingTest,
  // Trust the root and build a chain to verify that includes the intermediate.
  ScopedTestRoot scoped_root(root->GetX509Certificate().get());
-  scoped_refptr<X509Certificate> chain = CreateX509CertificateWithIntermediate(
+  scoped_refptr<X509Certificate> chain = leaf->GetX509CertificateChain();
-      leaf->DupCertBuffer(), intermediate->DupCertBuffer());
  ASSERT_TRUE(chain.get());
  // Verify with hard-fail revocation checking for local anchors.
@@ -3190,8 +3174,7 @@ TEST_P(CertVerifyProcInternalWithNetFetchingTest,
  // Trust the root and build a chain to verify that includes the intermediate.
  ScopedTestRoot scoped_root(root->GetX509Certificate().get());
-  scoped_refptr<X509Certificate> chain = CreateX509CertificateWithIntermediate(
+  scoped_refptr<X509Certificate> chain = leaf->GetX509CertificateChain();
-      leaf->DupCertBuffer(), intermediate->DupCertBuffer());
  ASSERT_TRUE(chain.get());
  // Verify with hard-fail revocation checking for local anchors.
@@ -3228,8 +3211,7 @@ TEST_P(CertVerifyProcInternalWithNetFetchingTest,
  // Trust the root and build a chain to verify that includes the intermediate.
  ScopedTestRoot scoped_root(root->GetX509Certificate().get());
-  scoped_refptr<X509Certificate> chain = CreateX509CertificateWithIntermediate(
+  scoped_refptr<X509Certificate> chain = leaf->GetX509CertificateChain();
-      leaf->DupCertBuffer(), intermediate->DupCertBuffer());
  ASSERT_TRUE(chain.get());
  // Verify with hard-fail revocation checking for local anchors.
@@ -3269,8 +3251,7 @@ TEST_P(CertVerifyProcInternalWithNetFetchingTest,
  // Trust the root and build a chain to verify that includes the intermediate.
  ScopedTestRoot scoped_root(root->GetX509Certificate().get());
-  scoped_refptr<X509Certificate> chain = CreateX509CertificateWithIntermediate(
+  scoped_refptr<X509Certificate> chain = leaf->GetX509CertificateChain();
-      leaf->DupCertBuffer(), intermediate->DupCertBuffer());
  ASSERT_TRUE(chain.get());
  // Verify with hard-fail revocation checking for local anchors.
@@ -3315,8 +3296,7 @@ TEST_P(CertVerifyProcInternalWithNetFetchingTest,
  // Trust the root and build a chain to verify that includes the intermediate.
  ScopedTestRoot scoped_root(root->GetX509Certificate().get());
-  scoped_refptr<X509Certificate> chain = CreateX509CertificateWithIntermediate(
+  scoped_refptr<X509Certificate> chain = leaf->GetX509CertificateChain();
-      leaf->DupCertBuffer(), intermediate->DupCertBuffer());
  ASSERT_TRUE(chain.get());
  // Verify with hard-fail revocation checking for local anchors.
@@ -3352,8 +3332,7 @@ TEST_P(CertVerifyProcInternalWithNetFetchingTest, RevocationSoftFailNoCrls) {
  // Trust the root and build a chain to verify that includes the intermediate.
  ScopedTestRoot scoped_root(root->GetX509Certificate().get());
-  scoped_refptr<X509Certificate> chain = CreateX509CertificateWithIntermediate(
+  scoped_refptr<X509Certificate> chain = leaf->GetX509CertificateChain();
-      leaf->DupCertBuffer(), intermediate->DupCertBuffer());
  ASSERT_TRUE(chain.get());
  // Verify with soft-fail revocation checking.
@@ -3394,8 +3373,7 @@ TEST_P(CertVerifyProcInternalWithNetFetchingTest,
  // Trust the root and build a chain to verify that includes the intermediate.
  ScopedTestRoot scoped_root(root->GetX509Certificate().get());
-  scoped_refptr<X509Certificate> chain = CreateX509CertificateWithIntermediate(
+  scoped_refptr<X509Certificate> chain = leaf->GetX509CertificateChain();
-      leaf->DupCertBuffer(), intermediate->DupCertBuffer());
  ASSERT_TRUE(chain.get());
  // Verify with soft-fail revocation checking.
@@ -3436,8 +3414,7 @@ TEST_P(CertVerifyProcInternalWithNetFetchingTest,
  // Trust the root and build a chain to verify that includes the intermediate.
  ScopedTestRoot scoped_root(root->GetX509Certificate().get());
-  scoped_refptr<X509Certificate> chain = CreateX509CertificateWithIntermediate(
+  scoped_refptr<X509Certificate> chain = leaf->GetX509CertificateChain();
-      leaf->DupCertBuffer(), intermediate->DupCertBuffer());
  ASSERT_TRUE(chain.get());
  // Verify with soft-fail revocation checking.
@@ -3473,8 +3450,7 @@ TEST_P(CertVerifyProcInternalWithNetFetchingTest,
  // Trust the root and build a chain to verify that includes the intermediate.
  ScopedTestRoot scoped_root(root->GetX509Certificate().get());
-  scoped_refptr<X509Certificate> chain = CreateX509CertificateWithIntermediate(
+  scoped_refptr<X509Certificate> chain = leaf->GetX509CertificateChain();
-      leaf->DupCertBuffer(), intermediate->DupCertBuffer());
  ASSERT_TRUE(chain.get());
  // Verify with soft-fail revocation checking.
@@ -3517,8 +3493,7 @@ TEST_P(CertVerifyProcInternalWithNetFetchingTest,
  // Trust the root and build a chain to verify that includes the intermediate.
  ScopedTestRoot scoped_root(root->GetX509Certificate().get());
-  scoped_refptr<X509Certificate> chain = CreateX509CertificateWithIntermediate(
+  scoped_refptr<X509Certificate> chain = leaf->GetX509CertificateChain();
-      leaf->DupCertBuffer(), intermediate->DupCertBuffer());
  ASSERT_TRUE(chain.get());
  // Verify with soft-fail revocation checking.
@@ -3562,8 +3537,7 @@ TEST_P(CertVerifyProcInternalWithNetFetchingTest,
  // Trust the root and build a chain to verify that includes the intermediate.
  ScopedTestRoot scoped_root(root->GetX509Certificate().get());
-  scoped_refptr<X509Certificate> chain = CreateX509CertificateWithIntermediate(
+  scoped_refptr<X509Certificate> chain = leaf->GetX509CertificateChain();
-      leaf->DupCertBuffer(), intermediate->DupCertBuffer());
  ASSERT_TRUE(chain.get());
  // Verify with soft-fail revocation checking.
@@ -3607,8 +3581,7 @@ TEST_P(CertVerifyProcInternalWithNetFetchingTest,
  // Trust the root and build a chain to verify that includes the intermediate.
  ScopedTestRoot scoped_root(root->GetX509Certificate().get());
-  scoped_refptr<X509Certificate> chain = CreateX509CertificateWithIntermediate(
+  scoped_refptr<X509Certificate> chain = leaf->GetX509CertificateChain();
-      leaf->DupCertBuffer(), intermediate->DupCertBuffer());
  ASSERT_TRUE(chain.get());
  // Verify with soft-fail revocation checking.
@@ -3656,8 +3629,7 @@ TEST_P(CertVerifyProcInternalWithNetFetchingTest,
  // Trust the root and build a chain to verify that includes the intermediate.
  ScopedTestRoot scoped_root(root->GetX509Certificate().get());
-  scoped_refptr<X509Certificate> chain = CreateX509CertificateWithIntermediate(
+  scoped_refptr<X509Certificate> chain = leaf->GetX509CertificateChain();
-      leaf->DupCertBuffer(), intermediate->DupCertBuffer());
  ASSERT_TRUE(chain.get());
  // Verify with soft-fail revocation checking.
@@ -3697,8 +3669,7 @@ TEST_P(CertVerifyProcInternalWithNetFetchingTest,
  // Trust the root and build a chain to verify that includes the intermediate.
  ScopedTestRoot scoped_root(root->GetX509Certificate().get());
-  scoped_refptr<X509Certificate> chain = CreateX509CertificateWithIntermediate(
+  scoped_refptr<X509Certificate> chain = leaf->GetX509CertificateChain();
-      leaf->DupCertBuffer(), intermediate->DupCertBuffer());
  ASSERT_TRUE(chain.get());
  // Verify with soft-fail revocation checking.

--- a/net/test/cert_builder.cc
+++ b/net/test/cert_builder.cc
@@ -327,6 +327,17 @@ scoped_refptr<X509Certificate> CertBuilder::GetX509Certificate() {
  return X509Certificate::CreateFromBuffer(DupCertBuffer(), {});
 }
+scoped_refptr<X509Certificate> CertBuilder::GetX509CertificateChain() {
+  std::vector<bssl::UniquePtr<CRYPTO_BUFFER>> intermediates;
+  // Add intermediates, not including the self-signed root.
+  for (CertBuilder* cert = issuer_; cert && cert != cert->issuer_;
+       cert = cert->issuer_) {
+    intermediates.push_back(cert->DupCertBuffer());
+  }
+  return X509Certificate::CreateFromBuffer(DupCertBuffer(),
+                                           std::move(intermediates));
+}
 std::string CertBuilder::GetDER() {
  return x509_util::CryptoBufferAsStringPiece(GetCertBuffer()).as_string();
 }

--- a/net/test/cert_builder.h
+++ b/net/test/cert_builder.h
@@ -87,6 +87,10 @@ class CertBuilder {
  // Returns an X509Certificate for the generated certificate.
  scoped_refptr<X509Certificate> GetX509Certificate();
+  // Returns an X509Certificate for the generated certificate, including
+  // intermediate certificates.
+  scoped_refptr<X509Certificate> GetX509CertificateChain();
  // Returns a copy of the certificate's DER.
  std::string GetDER();