Rename net::X509Certificate::Equals to EqualsExcludingChain.
The old name did not make it obvious that the intermediates are not compared.
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_mojo
Change-Id: I0b2a3f4e9e2baf5d72fe5ec62e4f7ac91684dbd6
Reviewed-on: https://chromium-review.googlesource.com/1009106
Reviewed-by: Eric Roman <[email protected]>
Reviewed-by: Matt Menke <[email protected]>
Reviewed-by: Steven Bennetts <[email protected]>
Reviewed-by: Mustafa Emre Acer <[email protected]>
Reviewed-by: Hiroki Nakagawa <[email protected]>
Reviewed-by: Maksim Ivanov <[email protected]>
Commit-Queue: Matt Mueller <[email protected]>
Cr-Commit-Position: refs/heads/master@{#551219}diff --git a/net/cert/cert_verify_proc_mac_unittest.cc b/net/cert/cert_verify_proc_mac_unittest.cc
index d813438..fcf7209 100644
--- a/net/cert/cert_verify_proc_mac_unittest.cc
+++ b/net/cert/cert_verify_proc_mac_unittest.cc
@@ -126,7 +126,7 @@
ASSERT_TRUE(intermediate);
scoped_refptr<X509Certificate> expected_intermediate = path_3_certs[2];
- EXPECT_TRUE(expected_intermediate->Equals(intermediate.get()))
+ EXPECT_TRUE(expected_intermediate->EqualsExcludingChain(intermediate.get()))
<< "Expected: " << expected_intermediate->subject().common_name
<< " issued by " << expected_intermediate->issuer().common_name
<< "; Got: " << intermediate->subject().common_name << " issued by "
diff --git a/net/cert/cert_verify_proc_unittest.cc b/net/cert/cert_verify_proc_unittest.cc
index 688f134..beda2cb8 100644
--- a/net/cert/cert_verify_proc_unittest.cc
+++ b/net/cert/cert_verify_proc_unittest.cc
@@ -2059,7 +2059,8 @@
x509_util::DupCryptoBuffer(verified_intermediates[1].get()), {});
ASSERT_TRUE(intermediate);
- EXPECT_TRUE(testcase.expected_intermediate->Equals(intermediate.get()))
+ EXPECT_TRUE(testcase.expected_intermediate->EqualsExcludingChain(
+ intermediate.get()))
<< "Expected: " << testcase.expected_intermediate->subject().common_name
<< " issued by " << testcase.expected_intermediate->issuer().common_name
<< "; Got: " << intermediate->subject().common_name << " issued by "
diff --git a/net/cert/mock_cert_verifier.cc b/net/cert/mock_cert_verifier.cc
index e7f9862..d0d4ed4 100644
--- a/net/cert/mock_cert_verifier.cc
+++ b/net/cert/mock_cert_verifier.cc
@@ -49,7 +49,7 @@
RuleList::const_iterator it;
for (it = rules_.begin(); it != rules_.end(); ++it) {
// Check just the server cert. Intermediates will be ignored.
- if (!it->cert->Equals(params.certificate().get()))
+ if (!it->cert->EqualsExcludingChain(params.certificate().get()))
continue;
if (!base::MatchPattern(params.hostname(), it->hostname))
continue;
diff --git a/net/cert/mock_client_cert_verifier.cc b/net/cert/mock_client_cert_verifier.cc
index 21c9a5da..5b7aaec 100644
--- a/net/cert/mock_client_cert_verifier.cc
+++ b/net/cert/mock_client_cert_verifier.cc
@@ -27,8 +27,8 @@
const CompletionCallback& callback,
std::unique_ptr<Request>* out_req) {
for (const Rule& rule : rules_) {
- // Check just the server cert. Intermediates will be ignored.
- if (rule.cert->Equals(cert))
+ // Check just the client cert. Intermediates will be ignored.
+ if (rule.cert->EqualsExcludingChain(cert))
return rule.rv;
}
return default_result_;
diff --git a/net/cert/x509_certificate.cc b/net/cert/x509_certificate.cc
index cfef4bb..f1d97d2 100644
--- a/net/cert/x509_certificate.cc
+++ b/net/cert/x509_certificate.cc
@@ -435,14 +435,14 @@
return base::Time::Now() > valid_expiry();
}
-bool X509Certificate::Equals(const X509Certificate* other) const {
+bool X509Certificate::EqualsExcludingChain(const X509Certificate* other) const {
return x509_util::CryptoBufferEqual(cert_buffer_.get(),
other->cert_buffer_.get());
}
bool X509Certificate::EqualsIncludingChain(const X509Certificate* other) const {
if (intermediate_ca_certs_.size() != other->intermediate_ca_certs_.size() ||
- !Equals(other)) {
+ !EqualsExcludingChain(other)) {
return false;
}
for (size_t i = 0; i < intermediate_ca_certs_.size(); ++i) {
diff --git a/net/cert/x509_certificate.h b/net/cert/x509_certificate.h
index 156ad0bd..5151baf9 100644
--- a/net/cert/x509_certificate.h
+++ b/net/cert/x509_certificate.h
@@ -181,7 +181,7 @@
// Returns true if this object and |other| represent the same certificate.
// Does not consider any associated intermediates.
- bool Equals(const X509Certificate* other) const;
+ bool EqualsExcludingChain(const X509Certificate* other) const;
// Returns true if this object and |other| represent the same certificate
// and intermediates.
diff --git a/net/cert/x509_certificate_unittest.cc b/net/cert/x509_certificate_unittest.cc
index 5f617bf..64ed230 100644
--- a/net/cert/x509_certificate_unittest.cc
+++ b/net/cert/x509_certificate_unittest.cc
@@ -739,9 +739,9 @@
ASSERT_EQ(4u, certs.size());
// Comparing X509Certificates with no intermediates.
- EXPECT_TRUE(certs[0]->Equals(certs[0].get()));
- EXPECT_FALSE(certs[1]->Equals(certs[0].get()));
- EXPECT_FALSE(certs[0]->Equals(certs[1].get()));
+ EXPECT_TRUE(certs[0]->EqualsExcludingChain(certs[0].get()));
+ EXPECT_FALSE(certs[1]->EqualsExcludingChain(certs[0].get()));
+ EXPECT_FALSE(certs[0]->EqualsExcludingChain(certs[1].get()));
EXPECT_TRUE(certs[0]->EqualsIncludingChain(certs[0].get()));
EXPECT_FALSE(certs[1]->EqualsIncludingChain(certs[0].get()));
EXPECT_FALSE(certs[0]->EqualsIncludingChain(certs[1].get()));
@@ -756,8 +756,8 @@
// Comparing X509Certificate with one intermediate to X509Certificate with no
// intermediates.
- EXPECT_TRUE(certs[0]->Equals(cert0_with_intermediate.get()));
- EXPECT_TRUE(cert0_with_intermediate->Equals(certs[0].get()));
+ EXPECT_TRUE(certs[0]->EqualsExcludingChain(cert0_with_intermediate.get()));
+ EXPECT_TRUE(cert0_with_intermediate->EqualsExcludingChain(certs[0].get()));
EXPECT_FALSE(certs[0]->EqualsIncludingChain(cert0_with_intermediate.get()));
EXPECT_FALSE(cert0_with_intermediate->EqualsIncludingChain(certs[0].get()));
@@ -771,8 +771,10 @@
// Comparing X509Certificate with one intermediate to X509Certificate with
// one different intermediate.
- EXPECT_TRUE(cert0_with_intermediate2->Equals(cert0_with_intermediate.get()));
- EXPECT_TRUE(cert0_with_intermediate->Equals(cert0_with_intermediate2.get()));
+ EXPECT_TRUE(cert0_with_intermediate2->EqualsExcludingChain(
+ cert0_with_intermediate.get()));
+ EXPECT_TRUE(cert0_with_intermediate->EqualsExcludingChain(
+ cert0_with_intermediate2.get()));
EXPECT_FALSE(cert0_with_intermediate2->EqualsIncludingChain(
cert0_with_intermediate.get()));
EXPECT_FALSE(cert0_with_intermediate->EqualsIncludingChain(
@@ -802,10 +804,10 @@
// Comparing X509Certificate with two intermediates to X509Certificate with
// same two intermediates but in reverse order
- EXPECT_TRUE(
- cert0_with_intermediates21->Equals(cert0_with_intermediates12.get()));
- EXPECT_TRUE(
- cert0_with_intermediates12->Equals(cert0_with_intermediates21.get()));
+ EXPECT_TRUE(cert0_with_intermediates21->EqualsExcludingChain(
+ cert0_with_intermediates12.get()));
+ EXPECT_TRUE(cert0_with_intermediates12->EqualsExcludingChain(
+ cert0_with_intermediates21.get()));
EXPECT_FALSE(cert0_with_intermediates21->EqualsIncludingChain(
cert0_with_intermediates12.get()));
EXPECT_FALSE(cert0_with_intermediates12->EqualsIncludingChain(
@@ -824,10 +826,10 @@
// Comparing X509Certificate with two intermediates to X509Certificate with
// same two intermediates in same order.
- EXPECT_TRUE(
- cert0_with_intermediates12->Equals(cert0_with_intermediates12b.get()));
- EXPECT_TRUE(
- cert0_with_intermediates12b->Equals(cert0_with_intermediates12.get()));
+ EXPECT_TRUE(cert0_with_intermediates12->EqualsExcludingChain(
+ cert0_with_intermediates12b.get()));
+ EXPECT_TRUE(cert0_with_intermediates12b->EqualsExcludingChain(
+ cert0_with_intermediates12.get()));
EXPECT_TRUE(cert0_with_intermediates12->EqualsIncludingChain(
cert0_with_intermediates12b.get()));
EXPECT_TRUE(cert0_with_intermediates12b->EqualsIncludingChain(
diff --git a/net/socket/ssl_client_socket_unittest.cc b/net/socket/ssl_client_socket_unittest.cc
index d423a295..a6f4b27 100644
--- a/net/socket/ssl_client_socket_unittest.cc
+++ b/net/socket/ssl_client_socket_unittest.cc
@@ -2316,7 +2316,7 @@
X509Certificate::FORMAT_AUTO);
ASSERT_EQ(3U, certs.size());
- ASSERT_TRUE(certs[0]->Equals(unverified_certs[0].get()));
+ ASSERT_TRUE(certs[0]->EqualsExcludingChain(unverified_certs[0].get()));
std::vector<bssl::UniquePtr<CRYPTO_BUFFER>> temp_intermediates;
temp_intermediates.push_back(
diff --git a/net/socket/ssl_server_socket_unittest.cc b/net/socket/ssl_server_socket_unittest.cc
index 190815f..c06557ef 100644
--- a/net/socket/ssl_server_socket_unittest.cc
+++ b/net/socket/ssl_server_socket_unittest.cc
@@ -681,7 +681,7 @@
EXPECT_EQ(CERT_STATUS_AUTHORITY_INVALID, ssl_info.cert_status);
server_socket_->GetSSLInfo(&ssl_info);
ASSERT_TRUE(ssl_info.cert.get());
- EXPECT_TRUE(client_cert->Equals(ssl_info.cert.get()));
+ EXPECT_TRUE(client_cert->EqualsExcludingChain(ssl_info.cert.get()));
}
// This test executes Connect() on SSLClientSocket and Handshake() twice on
@@ -716,7 +716,7 @@
SSLInfo ssl_server_info;
ASSERT_TRUE(server_socket_->GetSSLInfo(&ssl_server_info));
ASSERT_TRUE(ssl_server_info.cert.get());
- EXPECT_TRUE(client_cert->Equals(ssl_server_info.cert.get()));
+ EXPECT_TRUE(client_cert->EqualsExcludingChain(ssl_server_info.cert.get()));
EXPECT_EQ(ssl_server_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
server_socket_->Disconnect();
client_socket_->Disconnect();
@@ -742,7 +742,7 @@
SSLInfo ssl_server_info2;
ASSERT_TRUE(server_socket_->GetSSLInfo(&ssl_server_info2));
ASSERT_TRUE(ssl_server_info2.cert.get());
- EXPECT_TRUE(client_cert->Equals(ssl_server_info2.cert.get()));
+ EXPECT_TRUE(client_cert->EqualsExcludingChain(ssl_server_info2.cert.get()));
EXPECT_EQ(ssl_server_info2.handshake_type, SSLInfo::HANDSHAKE_RESUME);
}
diff --git a/net/ssl/client_cert_store_mac_unittest.cc b/net/ssl/client_cert_store_mac_unittest.cc
index d9db8199..4cef1b5 100644
--- a/net/ssl/client_cert_store_mac_unittest.cc
+++ b/net/ssl/client_cert_store_mac_unittest.cc
@@ -92,8 +92,10 @@
cert_1, certs, *request.get(), &selected_certs);
EXPECT_TRUE(rv);
ASSERT_EQ(2u, selected_certs.size());
- EXPECT_TRUE(selected_certs[0]->certificate()->Equals(cert_1.get()));
- EXPECT_TRUE(selected_certs[1]->certificate()->Equals(cert_2.get()));
+ EXPECT_TRUE(
+ selected_certs[0]->certificate()->EqualsExcludingChain(cert_1.get()));
+ EXPECT_TRUE(
+ selected_certs[1]->certificate()->EqualsExcludingChain(cert_2.get()));
}
} // namespace net
diff --git a/net/ssl/client_cert_store_unittest-inl.h b/net/ssl/client_cert_store_unittest-inl.h
index 7cc02d3..b054996 100644
--- a/net/ssl/client_cert_store_unittest-inl.h
+++ b/net/ssl/client_cert_store_unittest-inl.h
@@ -91,7 +91,8 @@
&selected_identities);
EXPECT_TRUE(rv);
ASSERT_EQ(1u, selected_identities.size());
- EXPECT_TRUE(selected_identities[0]->certificate()->Equals(cert.get()));
+ EXPECT_TRUE(
+ selected_identities[0]->certificate()->EqualsExcludingChain(cert.get()));
}
// Verify that certificates are correctly filtered against CertRequestInfo with
@@ -127,7 +128,8 @@
&selected_identities);
EXPECT_TRUE(rv);
ASSERT_EQ(1u, selected_identities.size());
- EXPECT_TRUE(selected_identities[0]->certificate()->Equals(cert_1.get()));
+ EXPECT_TRUE(selected_identities[0]->certificate()->EqualsExcludingChain(
+ cert_1.get()));
}
TYPED_TEST_P(ClientCertStoreTest, PrintableStringContainingUTF8) {
@@ -163,7 +165,8 @@
&selected_identities);
EXPECT_TRUE(rv);
ASSERT_EQ(1u, selected_identities.size());
- EXPECT_TRUE(selected_identities[0]->certificate()->Equals(cert.get()));
+ EXPECT_TRUE(
+ selected_identities[0]->certificate()->EqualsExcludingChain(cert.get()));
}
REGISTER_TYPED_TEST_CASE_P(ClientCertStoreTest,
diff --git a/net/ssl/ssl_config.cc b/net/ssl/ssl_config.cc
index d748805..94cb96bd 100644
--- a/net/ssl/ssl_config.cc
+++ b/net/ssl/ssl_config.cc
@@ -43,7 +43,7 @@
bool SSLConfig::IsAllowedBadCert(X509Certificate* cert,
CertStatus* cert_status) const {
for (const auto& allowed_bad_cert : allowed_bad_certs) {
- if (cert->Equals(allowed_bad_cert.cert.get())) {
+ if (cert->EqualsExcludingChain(allowed_bad_cert.cert.get())) {
if (cert_status)
*cert_status = allowed_bad_cert.cert_status;
return true;
