diff options
author | Dana Keeler <dkeeler@mozilla.com> | 2020-09-18 19:54:21 +0000 |
---|---|---|
committer | Dana Keeler <dkeeler@mozilla.com> | 2020-09-18 19:54:21 +0000 |
commit | d1158595ce099e746ab0b933dd406d2c09d4836b (patch) | |
tree | 35ecc7a6bee293b9cd3a428bb1f2193992daba84 /gtests/mozpkix_gtest | |
parent | 87afd038bdcd21c35281f0851c3fb4bbcac797d6 (diff) | |
download | nss-hg-d1158595ce099e746ab0b933dd406d2c09d4836b.tar.gz |
Bug 1665715 - (1/2) revert e8f2720c8254 (bug 1593141) because it's no longer necessary r=jcj
Bug 1593141 added the certificate's notBefore field as an argument to
TrustDomain::CheckRevocation so that Firefox could use it with CRLite.
However, since CAs can backdate that field, we need to use the earliest
embedded SCT timestamp instead.
Differential Revision: https://phabricator.services.mozilla.com/D90595
Diffstat (limited to 'gtests/mozpkix_gtest')
6 files changed, 12 insertions, 32 deletions
diff --git a/gtests/mozpkix_gtest/pkixbuild_tests.cpp b/gtests/mozpkix_gtest/pkixbuild_tests.cpp index c1c81b3a7..e17321075 100644 --- a/gtests/mozpkix_gtest/pkixbuild_tests.cpp +++ b/gtests/mozpkix_gtest/pkixbuild_tests.cpp @@ -152,14 +152,10 @@ private: return Success; } - Result CheckRevocation(EndEntityOrCA, const CertID&, Time, - Time validityBeginning, Duration, + Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration, /*optional*/ const Input*, /*optional*/ const Input*) override { - // All of the certificates in this test for which this is called have a - // validity period that begins "one day before now". - EXPECT_EQ(TimeFromEpochInSeconds(oneDayBeforeNow), validityBeginning); return Success; } @@ -305,14 +301,10 @@ public: return Success; } - Result CheckRevocation(EndEntityOrCA, const CertID&, Time, - Time validityBeginning, Duration, + Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration, /*optional*/ const Input*, /*optional*/ const Input*) override { - // All of the certificates in this test for which this is called have a - // validity period that begins "one day before now". - EXPECT_EQ(TimeFromEpochInSeconds(oneDayBeforeNow), validityBeginning); return Success; } @@ -329,7 +321,7 @@ public: { } - Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Time, Duration, + Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration, /*optional*/ const Input*, /*optional*/ const Input*) override { @@ -450,14 +442,10 @@ public: return Success; } - Result CheckRevocation(EndEntityOrCA, const CertID&, Time, - Time validityBeginning, Duration, + Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration, /*optional*/ const Input*, /*optional*/ const Input*) override { - // All of the certificates in this test for which this is called have a - // validity period that begins "one day before now". - EXPECT_EQ(TimeFromEpochInSeconds(oneDayBeforeNow), validityBeginning); return Success; } @@ -677,14 +665,10 @@ private: return Success; } - Result CheckRevocation(EndEntityOrCA, const CertID&, Time, - Time validityBeginning, Duration, + Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration, /*optional*/ const Input*, /*optional*/ const Input*) override { - // All of the certificates in this test for which this is called have a - // validity period that begins "one day before now". - EXPECT_EQ(TimeFromEpochInSeconds(oneDayBeforeNow), validityBeginning); return Success; } @@ -739,7 +723,7 @@ class RevokedEndEntityTrustDomain final : public MultiplePathTrustDomain { public: Result CheckRevocation(EndEntityOrCA endEntityOrCA, const CertID&, Time, - Time, Duration, /*optional*/ const Input*, + Duration, /*optional*/ const Input*, /*optional*/ const Input*) override { if (endEntityOrCA == EndEntityOrCA::MustBeEndEntity) { @@ -844,14 +828,10 @@ private: return Success; } - Result CheckRevocation(EndEntityOrCA, const CertID&, Time, - Time validityBeginning, Duration, + Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration, /*optional*/ const Input*, /*optional*/ const Input*) override { - // All of the certificates in this test for which this is called have a - // validity period that begins "one day before now". - EXPECT_EQ(TimeFromEpochInSeconds(oneDayBeforeNow), validityBeginning); return Success; } diff --git a/gtests/mozpkix_gtest/pkixcert_extension_tests.cpp b/gtests/mozpkix_gtest/pkixcert_extension_tests.cpp index 71399a26b..762fac146 100644 --- a/gtests/mozpkix_gtest/pkixcert_extension_tests.cpp +++ b/gtests/mozpkix_gtest/pkixcert_extension_tests.cpp @@ -70,7 +70,7 @@ private: return Success; } - Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Time, Duration, + Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration, /*optional*/ const Input*, /*optional*/ const Input*) override { diff --git a/gtests/mozpkix_gtest/pkixcert_signature_algorithm_tests.cpp b/gtests/mozpkix_gtest/pkixcert_signature_algorithm_tests.cpp index 54e19fc3d..00ccffb04 100644 --- a/gtests/mozpkix_gtest/pkixcert_signature_algorithm_tests.cpp +++ b/gtests/mozpkix_gtest/pkixcert_signature_algorithm_tests.cpp @@ -92,7 +92,7 @@ private: return checker.Check(issuerCert, nullptr, keepGoing); } - Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Time, Duration, + Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration, const Input*, const Input*) override { return Success; diff --git a/gtests/mozpkix_gtest/pkixcheck_CheckExtendedKeyUsage_tests.cpp b/gtests/mozpkix_gtest/pkixcheck_CheckExtendedKeyUsage_tests.cpp index 9fd1e52f1..0aef3d5c1 100644 --- a/gtests/mozpkix_gtest/pkixcheck_CheckExtendedKeyUsage_tests.cpp +++ b/gtests/mozpkix_gtest/pkixcheck_CheckExtendedKeyUsage_tests.cpp @@ -558,7 +558,7 @@ private: return checker.Check(derCert, nullptr, keepGoing); } - Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Time, Duration, + Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration, const Input*, const Input*) override { return Success; diff --git a/gtests/mozpkix_gtest/pkixcheck_CheckSignatureAlgorithm_tests.cpp b/gtests/mozpkix_gtest/pkixcheck_CheckSignatureAlgorithm_tests.cpp index e1f35e5b4..70e6fd410 100644 --- a/gtests/mozpkix_gtest/pkixcheck_CheckSignatureAlgorithm_tests.cpp +++ b/gtests/mozpkix_gtest/pkixcheck_CheckSignatureAlgorithm_tests.cpp @@ -302,7 +302,7 @@ public: return Success; } - Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Time, Duration, + Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration, /*optional*/ const Input*, /*optional*/ const Input*) override { diff --git a/gtests/mozpkix_gtest/pkixgtest.h b/gtests/mozpkix_gtest/pkixgtest.h index 0a203c5e1..bb3491d44 100644 --- a/gtests/mozpkix_gtest/pkixgtest.h +++ b/gtests/mozpkix_gtest/pkixgtest.h @@ -100,7 +100,7 @@ class EverythingFailsByDefaultTrustDomain : public TrustDomain { Result::FATAL_ERROR_LIBRARY_FAILURE); } - Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Time, Duration, + Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration, /*optional*/ const Input*, /*optional*/ const Input*) override { ADD_FAILURE(); |