| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/base/cert_verifier.h" | 5 #include "net/base/cert_verifier.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/file_path.h" | 8 #include "base/file_path.h" |
| 9 #include "base/stringprintf.h" | 9 #include "base/stringprintf.h" |
| 10 #include "net/base/cert_test_util.h" | 10 #include "net/base/cert_test_util.h" |
| (...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 43 FilePath certs_dir = GetTestCertsDirectory(); | 43 FilePath certs_dir = GetTestCertsDirectory(); |
| 44 scoped_refptr<X509Certificate> test_cert( | 44 scoped_refptr<X509Certificate> test_cert( |
| 45 ImportCertFromFile(certs_dir, "ok_cert.pem")); | 45 ImportCertFromFile(certs_dir, "ok_cert.pem")); |
| 46 ASSERT_NE(static_cast<X509Certificate*>(NULL), test_cert); | 46 ASSERT_NE(static_cast<X509Certificate*>(NULL), test_cert); |
| 47 | 47 |
| 48 int error; | 48 int error; |
| 49 CertVerifyResult verify_result; | 49 CertVerifyResult verify_result; |
| 50 TestCompletionCallback callback; | 50 TestCompletionCallback callback; |
| 51 CertVerifier::RequestHandle request_handle; | 51 CertVerifier::RequestHandle request_handle; |
| 52 | 52 |
| 53 error = verifier.Verify(test_cert, "www.example.com", 0, &verify_result, | 53 error = verifier.Verify(test_cert, "www.example.com", 0, NULL, &verify_result, |
| 54 callback.callback(), &request_handle, BoundNetLog()); | 54 callback.callback(), &request_handle, BoundNetLog()); |
| 55 ASSERT_EQ(ERR_IO_PENDING, error); | 55 ASSERT_EQ(ERR_IO_PENDING, error); |
| 56 ASSERT_TRUE(request_handle != NULL); | 56 ASSERT_TRUE(request_handle != NULL); |
| 57 error = callback.WaitForResult(); | 57 error = callback.WaitForResult(); |
| 58 ASSERT_TRUE(IsCertificateError(error)); | 58 ASSERT_TRUE(IsCertificateError(error)); |
| 59 ASSERT_EQ(1u, verifier.requests()); | 59 ASSERT_EQ(1u, verifier.requests()); |
| 60 ASSERT_EQ(0u, verifier.cache_hits()); | 60 ASSERT_EQ(0u, verifier.cache_hits()); |
| 61 ASSERT_EQ(0u, verifier.inflight_joins()); | 61 ASSERT_EQ(0u, verifier.inflight_joins()); |
| 62 | 62 |
| 63 error = verifier.Verify(test_cert, "www.example.com", 0, &verify_result, | 63 error = verifier.Verify(test_cert, "www.example.com", 0, NULL, &verify_result, |
| 64 callback.callback(), &request_handle, BoundNetLog()); | 64 callback.callback(), &request_handle, BoundNetLog()); |
| 65 // Synchronous completion. | 65 // Synchronous completion. |
| 66 ASSERT_NE(ERR_IO_PENDING, error); | 66 ASSERT_NE(ERR_IO_PENDING, error); |
| 67 ASSERT_TRUE(IsCertificateError(error)); | 67 ASSERT_TRUE(IsCertificateError(error)); |
| 68 ASSERT_TRUE(request_handle == NULL); | 68 ASSERT_TRUE(request_handle == NULL); |
| 69 ASSERT_EQ(2u, verifier.requests()); | 69 ASSERT_EQ(2u, verifier.requests()); |
| 70 ASSERT_EQ(1u, verifier.cache_hits()); | 70 ASSERT_EQ(1u, verifier.cache_hits()); |
| 71 ASSERT_EQ(0u, verifier.inflight_joins()); | 71 ASSERT_EQ(0u, verifier.inflight_joins()); |
| 72 } | 72 } |
| 73 | 73 |
| (...skipping 10 matching lines...) Expand all Loading... |
| 84 ASSERT_NE(static_cast<X509Certificate*>(NULL), test_cert); | 84 ASSERT_NE(static_cast<X509Certificate*>(NULL), test_cert); |
| 85 | 85 |
| 86 int error; | 86 int error; |
| 87 CertVerifyResult verify_result; | 87 CertVerifyResult verify_result; |
| 88 TestCompletionCallback callback; | 88 TestCompletionCallback callback; |
| 89 CertVerifier::RequestHandle request_handle; | 89 CertVerifier::RequestHandle request_handle; |
| 90 CertVerifyResult verify_result2; | 90 CertVerifyResult verify_result2; |
| 91 TestCompletionCallback callback2; | 91 TestCompletionCallback callback2; |
| 92 CertVerifier::RequestHandle request_handle2; | 92 CertVerifier::RequestHandle request_handle2; |
| 93 | 93 |
| 94 error = verifier.Verify(test_cert, "www.example.com", 0, &verify_result, | 94 error = verifier.Verify(test_cert, "www.example.com", 0, NULL, &verify_result, |
| 95 callback.callback(), &request_handle, BoundNetLog()); | 95 callback.callback(), &request_handle, BoundNetLog()); |
| 96 ASSERT_EQ(ERR_IO_PENDING, error); | 96 ASSERT_EQ(ERR_IO_PENDING, error); |
| 97 ASSERT_TRUE(request_handle != NULL); | 97 ASSERT_TRUE(request_handle != NULL); |
| 98 error = verifier.Verify( | 98 error = verifier.Verify( |
| 99 test_cert, "www.example.com", 0, &verify_result2, | 99 test_cert, "www.example.com", 0, NULL, &verify_result2, |
| 100 callback2.callback(), &request_handle2, BoundNetLog()); | 100 callback2.callback(), &request_handle2, BoundNetLog()); |
| 101 ASSERT_EQ(ERR_IO_PENDING, error); | 101 ASSERT_EQ(ERR_IO_PENDING, error); |
| 102 ASSERT_TRUE(request_handle2 != NULL); | 102 ASSERT_TRUE(request_handle2 != NULL); |
| 103 error = callback.WaitForResult(); | 103 error = callback.WaitForResult(); |
| 104 ASSERT_TRUE(IsCertificateError(error)); | 104 ASSERT_TRUE(IsCertificateError(error)); |
| 105 error = callback2.WaitForResult(); | 105 error = callback2.WaitForResult(); |
| 106 ASSERT_TRUE(IsCertificateError(error)); | 106 ASSERT_TRUE(IsCertificateError(error)); |
| 107 ASSERT_EQ(2u, verifier.requests()); | 107 ASSERT_EQ(2u, verifier.requests()); |
| 108 ASSERT_EQ(0u, verifier.cache_hits()); | 108 ASSERT_EQ(0u, verifier.cache_hits()); |
| 109 ASSERT_EQ(1u, verifier.inflight_joins()); | 109 ASSERT_EQ(1u, verifier.inflight_joins()); |
| (...skipping 10 matching lines...) Expand all Loading... |
| 120 scoped_refptr<X509Certificate> test_cert( | 120 scoped_refptr<X509Certificate> test_cert( |
| 121 ImportCertFromFile(certs_dir, "ok_cert.pem")); | 121 ImportCertFromFile(certs_dir, "ok_cert.pem")); |
| 122 ASSERT_NE(static_cast<X509Certificate*>(NULL), test_cert); | 122 ASSERT_NE(static_cast<X509Certificate*>(NULL), test_cert); |
| 123 | 123 |
| 124 int error; | 124 int error; |
| 125 CertVerifyResult verify_result; | 125 CertVerifyResult verify_result; |
| 126 TestCompletionCallback callback; | 126 TestCompletionCallback callback; |
| 127 CertVerifier::RequestHandle request_handle; | 127 CertVerifier::RequestHandle request_handle; |
| 128 | 128 |
| 129 error = verifier.Verify( | 129 error = verifier.Verify( |
| 130 test_cert, "www.example.com", 0, &verify_result, | 130 test_cert, "www.example.com", 0, NULL, &verify_result, |
| 131 callback.callback(), &request_handle, BoundNetLog()); | 131 callback.callback(), &request_handle, BoundNetLog()); |
| 132 ASSERT_EQ(ERR_IO_PENDING, error); | 132 ASSERT_EQ(ERR_IO_PENDING, error); |
| 133 ASSERT_TRUE(request_handle != NULL); | 133 ASSERT_TRUE(request_handle != NULL); |
| 134 error = callback.WaitForResult(); | 134 error = callback.WaitForResult(); |
| 135 ASSERT_TRUE(IsCertificateError(error)); | 135 ASSERT_TRUE(IsCertificateError(error)); |
| 136 ASSERT_EQ(1u, verifier.requests()); | 136 ASSERT_EQ(1u, verifier.requests()); |
| 137 ASSERT_EQ(0u, verifier.cache_hits()); | 137 ASSERT_EQ(0u, verifier.cache_hits()); |
| 138 ASSERT_EQ(0u, verifier.inflight_joins()); | 138 ASSERT_EQ(0u, verifier.inflight_joins()); |
| 139 | 139 |
| 140 // Before expiration, should have a cache hit. | 140 // Before expiration, should have a cache hit. |
| 141 error = verifier.Verify( | 141 error = verifier.Verify( |
| 142 test_cert, "www.example.com", 0, &verify_result, | 142 test_cert, "www.example.com", 0, NULL, &verify_result, |
| 143 callback.callback(), &request_handle, BoundNetLog()); | 143 callback.callback(), &request_handle, BoundNetLog()); |
| 144 // Synchronous completion. | 144 // Synchronous completion. |
| 145 ASSERT_NE(ERR_IO_PENDING, error); | 145 ASSERT_NE(ERR_IO_PENDING, error); |
| 146 ASSERT_TRUE(IsCertificateError(error)); | 146 ASSERT_TRUE(IsCertificateError(error)); |
| 147 ASSERT_TRUE(request_handle == NULL); | 147 ASSERT_TRUE(request_handle == NULL); |
| 148 ASSERT_EQ(2u, verifier.requests()); | 148 ASSERT_EQ(2u, verifier.requests()); |
| 149 ASSERT_EQ(1u, verifier.cache_hits()); | 149 ASSERT_EQ(1u, verifier.cache_hits()); |
| 150 ASSERT_EQ(0u, verifier.inflight_joins()); | 150 ASSERT_EQ(0u, verifier.inflight_joins()); |
| 151 | 151 |
| 152 // After expiration, should not have a cache hit. | 152 // After expiration, should not have a cache hit. |
| 153 ASSERT_EQ(1u, verifier.GetCacheSize()); | 153 ASSERT_EQ(1u, verifier.GetCacheSize()); |
| 154 current_time += base::TimeDelta::FromMinutes(60); | 154 current_time += base::TimeDelta::FromMinutes(60); |
| 155 time_service->set_current_time(current_time); | 155 time_service->set_current_time(current_time); |
| 156 error = verifier.Verify( | 156 error = verifier.Verify( |
| 157 test_cert, "www.example.com", 0, &verify_result, | 157 test_cert, "www.example.com", 0, NULL, &verify_result, |
| 158 callback.callback(), &request_handle, BoundNetLog()); | 158 callback.callback(), &request_handle, BoundNetLog()); |
| 159 ASSERT_EQ(ERR_IO_PENDING, error); | 159 ASSERT_EQ(ERR_IO_PENDING, error); |
| 160 ASSERT_TRUE(request_handle != NULL); | 160 ASSERT_TRUE(request_handle != NULL); |
| 161 ASSERT_EQ(0u, verifier.GetCacheSize()); | 161 ASSERT_EQ(0u, verifier.GetCacheSize()); |
| 162 error = callback.WaitForResult(); | 162 error = callback.WaitForResult(); |
| 163 ASSERT_TRUE(IsCertificateError(error)); | 163 ASSERT_TRUE(IsCertificateError(error)); |
| 164 ASSERT_EQ(3u, verifier.requests()); | 164 ASSERT_EQ(3u, verifier.requests()); |
| 165 ASSERT_EQ(1u, verifier.cache_hits()); | 165 ASSERT_EQ(1u, verifier.cache_hits()); |
| 166 ASSERT_EQ(0u, verifier.inflight_joins()); | 166 ASSERT_EQ(0u, verifier.inflight_joins()); |
| 167 } | 167 } |
| (...skipping 14 matching lines...) Expand all Loading... |
| 182 scoped_refptr<X509Certificate> test_cert( | 182 scoped_refptr<X509Certificate> test_cert( |
| 183 ImportCertFromFile(certs_dir, "ok_cert.pem")); | 183 ImportCertFromFile(certs_dir, "ok_cert.pem")); |
| 184 ASSERT_NE(static_cast<X509Certificate*>(NULL), test_cert); | 184 ASSERT_NE(static_cast<X509Certificate*>(NULL), test_cert); |
| 185 | 185 |
| 186 int error; | 186 int error; |
| 187 CertVerifyResult verify_result; | 187 CertVerifyResult verify_result; |
| 188 TestCompletionCallback callback; | 188 TestCompletionCallback callback; |
| 189 CertVerifier::RequestHandle request_handle; | 189 CertVerifier::RequestHandle request_handle; |
| 190 | 190 |
| 191 error = verifier.Verify( | 191 error = verifier.Verify( |
| 192 test_cert, "www.example.com", 0, &verify_result, | 192 test_cert, "www.example.com", 0, NULL, &verify_result, |
| 193 callback.callback(), &request_handle, BoundNetLog()); | 193 callback.callback(), &request_handle, BoundNetLog()); |
| 194 ASSERT_EQ(ERR_IO_PENDING, error); | 194 ASSERT_EQ(ERR_IO_PENDING, error); |
| 195 ASSERT_TRUE(request_handle != NULL); | 195 ASSERT_TRUE(request_handle != NULL); |
| 196 error = callback.WaitForResult(); | 196 error = callback.WaitForResult(); |
| 197 ASSERT_TRUE(IsCertificateError(error)); | 197 ASSERT_TRUE(IsCertificateError(error)); |
| 198 ASSERT_EQ(1u, verifier.requests()); | 198 ASSERT_EQ(1u, verifier.requests()); |
| 199 ASSERT_EQ(0u, verifier.cache_hits()); | 199 ASSERT_EQ(0u, verifier.cache_hits()); |
| 200 ASSERT_EQ(0u, verifier.inflight_joins()); | 200 ASSERT_EQ(0u, verifier.inflight_joins()); |
| 201 | 201 |
| 202 for (unsigned i = 0; i < kCacheSize; i++) { | 202 for (unsigned i = 0; i < kCacheSize; i++) { |
| 203 std::string hostname = base::StringPrintf("www%d.example.com", i + 1); | 203 std::string hostname = base::StringPrintf("www%d.example.com", i + 1); |
| 204 error = verifier.Verify( | 204 error = verifier.Verify( |
| 205 test_cert, hostname, 0, &verify_result, | 205 test_cert, hostname, 0, NULL, &verify_result, |
| 206 callback.callback(), &request_handle, BoundNetLog()); | 206 callback.callback(), &request_handle, BoundNetLog()); |
| 207 ASSERT_EQ(ERR_IO_PENDING, error); | 207 ASSERT_EQ(ERR_IO_PENDING, error); |
| 208 ASSERT_TRUE(request_handle != NULL); | 208 ASSERT_TRUE(request_handle != NULL); |
| 209 error = callback.WaitForResult(); | 209 error = callback.WaitForResult(); |
| 210 ASSERT_TRUE(IsCertificateError(error)); | 210 ASSERT_TRUE(IsCertificateError(error)); |
| 211 } | 211 } |
| 212 ASSERT_EQ(kCacheSize + 1, verifier.requests()); | 212 ASSERT_EQ(kCacheSize + 1, verifier.requests()); |
| 213 ASSERT_EQ(0u, verifier.cache_hits()); | 213 ASSERT_EQ(0u, verifier.cache_hits()); |
| 214 ASSERT_EQ(0u, verifier.inflight_joins()); | 214 ASSERT_EQ(0u, verifier.inflight_joins()); |
| 215 | 215 |
| 216 ASSERT_EQ(kCacheSize, verifier.GetCacheSize()); | 216 ASSERT_EQ(kCacheSize, verifier.GetCacheSize()); |
| 217 current_time += base::TimeDelta::FromMinutes(60); | 217 current_time += base::TimeDelta::FromMinutes(60); |
| 218 time_service->set_current_time(current_time); | 218 time_service->set_current_time(current_time); |
| 219 error = verifier.Verify( | 219 error = verifier.Verify( |
| 220 test_cert, "www999.example.com", 0, &verify_result, | 220 test_cert, "www999.example.com", 0, NULL, &verify_result, |
| 221 callback.callback(), &request_handle, BoundNetLog()); | 221 callback.callback(), &request_handle, BoundNetLog()); |
| 222 ASSERT_EQ(ERR_IO_PENDING, error); | 222 ASSERT_EQ(ERR_IO_PENDING, error); |
| 223 ASSERT_TRUE(request_handle != NULL); | 223 ASSERT_TRUE(request_handle != NULL); |
| 224 ASSERT_EQ(kCacheSize, verifier.GetCacheSize()); | 224 ASSERT_EQ(kCacheSize, verifier.GetCacheSize()); |
| 225 error = callback.WaitForResult(); | 225 error = callback.WaitForResult(); |
| 226 ASSERT_EQ(1u, verifier.GetCacheSize()); | 226 ASSERT_EQ(1u, verifier.GetCacheSize()); |
| 227 ASSERT_TRUE(IsCertificateError(error)); | 227 ASSERT_TRUE(IsCertificateError(error)); |
| 228 ASSERT_EQ(kCacheSize + 2, verifier.requests()); | 228 ASSERT_EQ(kCacheSize + 2, verifier.requests()); |
| 229 ASSERT_EQ(0u, verifier.cache_hits()); | 229 ASSERT_EQ(0u, verifier.cache_hits()); |
| 230 ASSERT_EQ(0u, verifier.inflight_joins()); | 230 ASSERT_EQ(0u, verifier.inflight_joins()); |
| 231 } | 231 } |
| 232 | 232 |
| 233 // Tests that the callback of a canceled request is never made. | 233 // Tests that the callback of a canceled request is never made. |
| 234 TEST(CertVerifierTest, CancelRequest) { | 234 TEST(CertVerifierTest, CancelRequest) { |
| 235 CertVerifier verifier; | 235 CertVerifier verifier; |
| 236 | 236 |
| 237 FilePath certs_dir = GetTestCertsDirectory(); | 237 FilePath certs_dir = GetTestCertsDirectory(); |
| 238 scoped_refptr<X509Certificate> test_cert( | 238 scoped_refptr<X509Certificate> test_cert( |
| 239 ImportCertFromFile(certs_dir, "ok_cert.pem")); | 239 ImportCertFromFile(certs_dir, "ok_cert.pem")); |
| 240 ASSERT_NE(static_cast<X509Certificate*>(NULL), test_cert); | 240 ASSERT_NE(static_cast<X509Certificate*>(NULL), test_cert); |
| 241 | 241 |
| 242 int error; | 242 int error; |
| 243 CertVerifyResult verify_result; | 243 CertVerifyResult verify_result; |
| 244 CertVerifier::RequestHandle request_handle; | 244 CertVerifier::RequestHandle request_handle; |
| 245 | 245 |
| 246 error = verifier.Verify( | 246 error = verifier.Verify( |
| 247 test_cert, "www.example.com", 0, &verify_result, | 247 test_cert, "www.example.com", 0, NULL, &verify_result, |
| 248 base::Bind(&FailTest), &request_handle, BoundNetLog()); | 248 base::Bind(&FailTest), &request_handle, BoundNetLog()); |
| 249 ASSERT_EQ(ERR_IO_PENDING, error); | 249 ASSERT_EQ(ERR_IO_PENDING, error); |
| 250 ASSERT_TRUE(request_handle != NULL); | 250 ASSERT_TRUE(request_handle != NULL); |
| 251 verifier.CancelRequest(request_handle); | 251 verifier.CancelRequest(request_handle); |
| 252 | 252 |
| 253 // Issue a few more requests to the worker pool and wait for their | 253 // Issue a few more requests to the worker pool and wait for their |
| 254 // completion, so that the task of the canceled request (which runs on a | 254 // completion, so that the task of the canceled request (which runs on a |
| 255 // worker thread) is likely to complete by the end of this test. | 255 // worker thread) is likely to complete by the end of this test. |
| 256 TestCompletionCallback callback; | 256 TestCompletionCallback callback; |
| 257 for (int i = 0; i < 5; ++i) { | 257 for (int i = 0; i < 5; ++i) { |
| 258 error = verifier.Verify( | 258 error = verifier.Verify( |
| 259 test_cert, "www2.example.com", 0, &verify_result, | 259 test_cert, "www2.example.com", 0, NULL, &verify_result, |
| 260 callback.callback(), &request_handle, BoundNetLog()); | 260 callback.callback(), &request_handle, BoundNetLog()); |
| 261 ASSERT_EQ(ERR_IO_PENDING, error); | 261 ASSERT_EQ(ERR_IO_PENDING, error); |
| 262 ASSERT_TRUE(request_handle != NULL); | 262 ASSERT_TRUE(request_handle != NULL); |
| 263 error = callback.WaitForResult(); | 263 error = callback.WaitForResult(); |
| 264 verifier.ClearCache(); | 264 verifier.ClearCache(); |
| 265 } | 265 } |
| 266 } | 266 } |
| 267 | 267 |
| 268 // Tests that a canceled request is not leaked. | 268 // Tests that a canceled request is not leaked. |
| 269 TEST(CertVerifierTest, CancelRequestThenQuit) { | 269 TEST(CertVerifierTest, CancelRequestThenQuit) { |
| 270 CertVerifier verifier; | 270 CertVerifier verifier; |
| 271 | 271 |
| 272 FilePath certs_dir = GetTestCertsDirectory(); | 272 FilePath certs_dir = GetTestCertsDirectory(); |
| 273 scoped_refptr<X509Certificate> test_cert( | 273 scoped_refptr<X509Certificate> test_cert( |
| 274 ImportCertFromFile(certs_dir, "ok_cert.pem")); | 274 ImportCertFromFile(certs_dir, "ok_cert.pem")); |
| 275 ASSERT_NE(static_cast<X509Certificate*>(NULL), test_cert); | 275 ASSERT_NE(static_cast<X509Certificate*>(NULL), test_cert); |
| 276 | 276 |
| 277 int error; | 277 int error; |
| 278 CertVerifyResult verify_result; | 278 CertVerifyResult verify_result; |
| 279 TestCompletionCallback callback; | 279 TestCompletionCallback callback; |
| 280 CertVerifier::RequestHandle request_handle; | 280 CertVerifier::RequestHandle request_handle; |
| 281 | 281 |
| 282 error = verifier.Verify(test_cert, "www.example.com", 0, &verify_result, | 282 error = verifier.Verify(test_cert, "www.example.com", 0, NULL, &verify_result, |
| 283 callback.callback(), &request_handle, BoundNetLog()); | 283 callback.callback(), &request_handle, BoundNetLog()); |
| 284 ASSERT_EQ(ERR_IO_PENDING, error); | 284 ASSERT_EQ(ERR_IO_PENDING, error); |
| 285 ASSERT_TRUE(request_handle != NULL); | 285 ASSERT_TRUE(request_handle != NULL); |
| 286 verifier.CancelRequest(request_handle); | 286 verifier.CancelRequest(request_handle); |
| 287 // Destroy |verifier| by going out of scope. | 287 // Destroy |verifier| by going out of scope. |
| 288 } | 288 } |
| 289 | 289 |
| 290 } // namespace | 290 } // namespace |
| 291 | 291 |
| 292 } // namespace net | 292 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 8342054:
net: enable CRL sets behind a command line flag. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src