Add tests for IsCertificateError() and IsClientCertificateError().

Change-Id: Iaf2e31c32df0f73a3cc55c42afef3408387804fb Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1848417 Commit-Queue: Eric Roman <eroman@chromium.org> Reviewed-by: Ryan Sleevi <rsleevi@chromium.org> Cr-Commit-Position: refs/heads/master@{#704285}

Add tests for IsCertificateError() and IsClientCertificateError().
Change-Id: Iaf2e31c32df0f73a3cc55c42afef3408387804fb Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1848417 Commit-Queue: Eric Roman <eroman@chromium.org> Reviewed-by: Ryan Sleevi <rsleevi@chromium.org> Cr-Commit-Position: refs/heads/master@{#704285}
e28b6027 · Eric Roman · Commit Bot · 56dda171 · e28b6027 · e28b6027
Commit e28b6027 authored Oct 09, 2019 by Eric Roman Committed by Commit Bot Oct 09, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 82 additions and 1 deletion

net/BUILD.gn net/BUILD.gn +1 -0

net/base/net_errors.h net/base/net_errors.h +2 -1

net/base/net_errors_unittest.cc net/base/net_errors_unittest.cc +79 -0

No files found.
--- a/net/BUILD.gn
+++ b/net/BUILD.gn
@@ -5087,6 +5087,7 @@ test("net_unittests") {
    "base/lookup_string_in_fixed_set_unittest.cc",
    "base/mime_sniffer_unittest.cc",
    "base/mime_util_unittest.cc",
+    "base/net_errors_unittest.cc",
    "base/net_string_util_unittest.cc",
    "base/network_activity_monitor_unittest.cc",
    "base/network_change_notifier_unittest.cc",

--- a/net/base/net_errors.h
+++ b/net/base/net_errors.h
@@ -38,7 +38,8 @@ NET_EXPORT std::string ErrorToShortString(int error);
 NET_EXPORT std::string ExtendedErrorToString(int error,
                                             int extended_error_code);
-// Returns true if |error| is a certificate error code.
+// Returns true if |error| is a certificate error code. Note this does not
+// include errors for client certificates.
 NET_EXPORT bool IsCertificateError(int error);
 // Returns true if |error| is a client certificate authentication error. This

--- a/net/base/net_errors_unittest.cc
+++ b/net/base/net_errors_unittest.cc
+// Copyright 2019 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+#include "net/base/net_errors.h"
+#include "testing/gtest/include/gtest/gtest.h"
+namespace net {
+namespace {
+TEST(NetErrorsTest, IsCertificateError) {
+  // Positive tests.
+  EXPECT_TRUE(IsCertificateError(ERR_CERT_AUTHORITY_INVALID));
+  EXPECT_TRUE(IsCertificateError(ERR_CERT_COMMON_NAME_INVALID));
+  EXPECT_TRUE(IsCertificateError(ERR_CERT_CONTAINS_ERRORS));
+  EXPECT_TRUE(IsCertificateError(ERR_CERT_DATE_INVALID));
+  EXPECT_TRUE(IsCertificateError(ERR_CERTIFICATE_TRANSPARENCY_REQUIRED));
+  EXPECT_TRUE(IsCertificateError(ERR_CERT_INVALID));
+  EXPECT_TRUE(IsCertificateError(ERR_CERT_NAME_CONSTRAINT_VIOLATION));
+  EXPECT_TRUE(IsCertificateError(ERR_CERT_NON_UNIQUE_NAME));
+  EXPECT_TRUE(IsCertificateError(ERR_CERT_NO_REVOCATION_MECHANISM));
+  EXPECT_TRUE(IsCertificateError(ERR_CERT_REVOKED));
+  EXPECT_TRUE(IsCertificateError(ERR_CERT_SYMANTEC_LEGACY));
+  EXPECT_TRUE(IsCertificateError(ERR_CERT_UNABLE_TO_CHECK_REVOCATION));
+  EXPECT_TRUE(IsCertificateError(ERR_CERT_VALIDITY_TOO_LONG));
+  EXPECT_TRUE(IsCertificateError(ERR_CERT_WEAK_KEY));
+  EXPECT_TRUE(IsCertificateError(ERR_CERT_WEAK_SIGNATURE_ALGORITHM));
+  EXPECT_TRUE(IsCertificateError(ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN));
+  // Negative tests.
+  EXPECT_FALSE(IsCertificateError(ERR_SSL_PROTOCOL_ERROR));
+  EXPECT_FALSE(IsCertificateError(ERR_SSL_KEY_USAGE_INCOMPATIBLE));
+  EXPECT_FALSE(
+      IsCertificateError(ERR_SSL_CLIENT_AUTH_PRIVATE_KEY_ACCESS_DENIED));
+  EXPECT_FALSE(IsCertificateError(ERR_QUIC_CERT_ROOT_NOT_KNOWN));
+  EXPECT_FALSE(IsCertificateError(ERR_SSL_CLIENT_AUTH_CERT_NO_PRIVATE_KEY));
+  EXPECT_FALSE(IsCertificateError(ERR_FAILED));
+  EXPECT_FALSE(IsCertificateError(OK));
+  // Trigger a failure whenever ERR_CERT_END is changed, forcing developers to
+  // update this test.
+  EXPECT_EQ(ERR_CERT_END, -217)
+      << "It looks like you added a new certificate error code ("
+      << ErrorToString(ERR_CERT_END + 1)
+      << ").\n"
+         "\n"
+         "Because this code is between ERR_CERT_BEGIN and ERR_CERT_END, it "
+         "will be matched by net::IsCertificateError().\n"
+         "\n"
+         " (1) Please add a new test case to "
+         "NetErrorsTest.IsCertificateError()."
+         "\n"
+         " (2) Review the existing consumers of IsCertificateError(). "
+         "//content for instance has specialized handling of "
+         "IsCertificateError() that may need to be updated.";
+}
+TEST(NetErrorsTest, IsClientCertificateError) {
+  // Positive tests.
+  EXPECT_TRUE(IsClientCertificateError(ERR_BAD_SSL_CLIENT_AUTH_CERT));
+  EXPECT_TRUE(
+      IsClientCertificateError(ERR_SSL_CLIENT_AUTH_PRIVATE_KEY_ACCESS_DENIED));
+  EXPECT_TRUE(
+      IsClientCertificateError(ERR_SSL_CLIENT_AUTH_CERT_NO_PRIVATE_KEY));
+  EXPECT_TRUE(IsClientCertificateError(ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED));
+  EXPECT_TRUE(
+      IsClientCertificateError(ERR_SSL_CLIENT_AUTH_NO_COMMON_ALGORITHMS));
+  // Negative tests.
+  EXPECT_FALSE(IsClientCertificateError(ERR_CERT_REVOKED));
+  EXPECT_FALSE(IsClientCertificateError(ERR_SSL_PROTOCOL_ERROR));
+  EXPECT_FALSE(IsClientCertificateError(ERR_CERT_WEAK_KEY));
+}
+}  // namespace
+}  // namespace net