BASELINE: Update Chromium to 87.0.4280.67

Change-Id: Ib157360be8c2ffb2c73125751a89f60e049c1d54 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
author: Allan Sandfeld Jensen <allan.jensen@qt.io> 2020-11-18 16:35:47 +0100
committer: Allan Sandfeld Jensen <allan.jensen@qt.io> 2020-11-18 15:45:54 +0000
commit: 32f5a1c56531e4210bc4cf8d8c7825d66e081888 (patch)
tree: eeeec6822f4d738d8454525233fd0e2e3a659e6d /chromium/net/cert
parent: 99677208ff3b216fdfec551fbe548da5520cd6fb (diff)
download: qtwebengine-chromium-32f5a1c56531e4210bc4cf8d8c7825d66e081888.tar.gz
3 files changed, 34 insertions, 34 deletions
diff --git a/chromium/net/cert/cert_verify_proc_unittest.cc b/chromium/net/cert/cert_verify_proc_unittest.cc
index d1967a765c5..82182acc616 100644
--- a/chromium/net/cert/cert_verify_proc_unittest.cc
+++ b/chromium/net/cert/cert_verify_proc_unittest.cc
@@ -461,46 +461,46 @@ INSTANTIATE_TEST_SUITE_P(All,
 // Tests that a certificate is recognized as EV, when the valid EV policy OID
 // for the trust anchor is the second candidate EV oid in the target
 // certificate. This is a regression test for crbug.com/705285.
-// Started failing: https://crbug.com/1094358
-TEST_P(CertVerifyProcInternalTest, DISABLED_EVVerificationMultipleOID) {
+TEST_P(CertVerifyProcInternalTest, EVVerificationMultipleOID) {
   if (!SupportsEV()) {
     LOG(INFO) << "Skipping test as EV verification is not yet supported";
     return;
   }
 
-  // TODO(eroman): Update this test to use a synthetic certificate, so the test
-  // does not break in the future. The certificate chain in question expires on
-  // Jun 12 14:33:43 2020 GMT, at which point this test will start failing.
-  if (base::Time::Now() >
-      base::Time::UnixEpoch() + base::TimeDelta::FromSeconds(1591972423)) {
-    FAIL() << "This test uses a certificate chain which is now expired. Please "
-              "disable and file a bug.";
-    return;
-  }
-
-  scoped_refptr<X509Certificate> chain = CreateCertificateChainFromFile(
-      GetTestCertsDirectory(), "login.trustwave.com.pem",
-      X509Certificate::FORMAT_PEM_CERT_SEQUENCE);
-  ASSERT_TRUE(chain);
+  scoped_refptr<X509Certificate> cert =
+      ImportCertFromFile(GetTestCertsDirectory(), "ev-multi-oid.pem");
+  scoped_refptr<X509Certificate> root =
+      ImportCertFromFile(GetTestCertsDirectory(), "root_ca_cert.pem");
+  ASSERT_TRUE(cert);
+  ASSERT_TRUE(root);
+  ScopedTestRoot test_root(root.get());
 
   // Build a CRLSet that covers the target certificate.
   //
   // This way CRLSet coverage will be sufficient for EV revocation checking,
   // so this test does not depend on online revocation checking.
-  ASSERT_GE(chain->intermediate_buffers().size(), 1u);
   base::StringPiece spki;
-  ASSERT_TRUE(
-      asn1::ExtractSPKIFromDERCert(x509_util::CryptoBufferAsStringPiece(
-                                       chain->intermediate_buffers()[0].get()),
-                                   &spki));
+  ASSERT_TRUE(asn1::ExtractSPKIFromDERCert(
+      x509_util::CryptoBufferAsStringPiece(root->cert_buffer()), &spki));
   SHA256HashValue spki_sha256;
   crypto::SHA256HashString(spki, spki_sha256.data, sizeof(spki_sha256.data));
   scoped_refptr<CRLSet> crl_set(
       CRLSet::ForTesting(false, &spki_sha256, "", "", {}));
 
+  // The policies that "ev-multi-oid.pem" target certificate asserts.
+  static const char kOtherTestCertPolicy[] = "2.23.140.1.1";
+  static const char kEVTestCertPolicy[] = "1.2.3.4";
+  // Consider the root of the test chain a valid EV root for the test policy.
+  ScopedTestEVPolicy scoped_test_ev_policy(
+      EVRootCAMetadata::GetInstance(),
+      X509Certificate::CalculateFingerprint256(root->cert_buffer()),
+      kEVTestCertPolicy);
+  ScopedTestEVPolicy scoped_test_other_policy(
+      EVRootCAMetadata::GetInstance(), SHA256HashValue(), kOtherTestCertPolicy);
+
   CertVerifyResult verify_result;
   int flags = 0;
-  int error = Verify(chain.get(), "login.trustwave.com", flags, crl_set.get(),
+  int error = Verify(cert.get(), "127.0.0.1", flags, crl_set.get(),
                      CertificateList(), &verify_result);
   EXPECT_THAT(error, IsOk());
   EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_IS_EV);
diff --git a/chromium/net/cert/internal/revocation_util_unittest.cc b/chromium/net/cert/internal/revocation_util_unittest.cc
index 9b8fcbb484c..40a1f028307 100644
--- a/chromium/net/cert/internal/revocation_util_unittest.cc
+++ b/chromium/net/cert/internal/revocation_util_unittest.cc
@@ -5,7 +5,6 @@
 #include "net/cert/internal/revocation_util.h"
 
 #include "base/time/time.h"
-#include "build/build_config.h"
 #include "net/der/encode_values.h"
 #include "net/der/parse_values.h"
 #include "testing/gtest/include/gtest/gtest.h"
@@ -138,13 +137,15 @@ TEST(CheckRevocationDateTest, VerifyTimeMinusAgeFromBeforeWindowsEpoch) {
   der::GeneralizedTime encoded_this_update;
   ASSERT_TRUE(
       der::EncodeTimeAsGeneralizedTime(this_update, &encoded_this_update));
-#if defined(OS_WIN)
-  EXPECT_FALSE(CheckRevocationDateValid(encoded_this_update, nullptr,
-                                        verify_time, kOneWeek));
-#else
-  EXPECT_TRUE(CheckRevocationDateValid(encoded_this_update, nullptr,
-                                       verify_time, kOneWeek));
-#endif
+  // Note: Not all platforms can explode Time before the Windows Epoch. So,
+  // CheckRevocationDateValid() should succeed iff UTCExplode() will also
+  // succeed for a Time 6 days before the Windows Epoch.
+  base::Time::Exploded exploded;
+  (verify_time - kOneWeek).UTCExplode(&exploded);
+  const bool can_encode_before_windows_epoch = exploded.HasValidValues();
+  EXPECT_EQ(can_encode_before_windows_epoch,
+            CheckRevocationDateValid(encoded_this_update, nullptr, verify_time,
+                                     kOneWeek));
 }
 
 }  // namespace net
diff --git a/chromium/net/cert/x509_certificate_unittest.cc b/chromium/net/cert/x509_certificate_unittest.cc
index 44e00992d86..b6434dbe3a1 100644
--- a/chromium/net/cert/x509_certificate_unittest.cc
+++ b/chromium/net/cert/x509_certificate_unittest.cc
@@ -815,7 +815,7 @@ TEST(X509CertificateTest, Equals) {
   intermediates2.push_back(bssl::UpRef(certs[2]->cert_buffer()));
   scoped_refptr<X509Certificate> cert0_with_intermediate2 =
       X509Certificate::CreateFromBuffer(bssl::UpRef(certs[0]->cert_buffer()),
-                                        std::move(intermediates1));
+                                        std::move(intermediates2));
   ASSERT_TRUE(cert0_with_intermediate2);
 
   // Comparing X509Certificate with one intermediate to X509Certificate with
@@ -1175,10 +1175,9 @@ struct CertificateNameVerifyTestData {
 void PrintTo(const CertificateNameVerifyTestData& data, std::ostream* os) {
   ASSERT_TRUE(data.hostname);
   ASSERT_TRUE(data.dns_names || data.ip_addrs);
-  // Using StringPiece to allow for optional fields being NULL.
   *os << " expected: " << data.expected << "; hostname: " << data.hostname
-      << "; dns_names: " << base::StringPiece(data.dns_names)
-      << "; ip_addrs: " << base::StringPiece(data.ip_addrs);
+      << "; dns_names: " << (data.dns_names ? data.dns_names : "")
+      << "; ip_addrs: " << (data.ip_addrs ? data.ip_addrs : "");
 }
 
 const CertificateNameVerifyTestData kNameVerifyTestData[] = {
author	Allan Sandfeld Jensen <allan.jensen@qt.io>	2020-11-18 16:35:47 +0100
committer	Allan Sandfeld Jensen <allan.jensen@qt.io>	2020-11-18 15:45:54 +0000
commit	32f5a1c56531e4210bc4cf8d8c7825d66e081888 (patch)
tree	eeeec6822f4d738d8454525233fd0e2e3a659e6d /chromium/net/cert
parent	99677208ff3b216fdfec551fbe548da5520cd6fb (diff)
download	qtwebengine-chromium-32f5a1c56531e4210bc4cf8d8c7825d66e081888.tar.gz