OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/base/cert_verifier.h" | 5 #include "net/base/multi_threaded_cert_verifier.h" |
6 | 6 |
7 #include "base/bind.h" | 7 #include "base/bind.h" |
8 #include "base/file_path.h" | 8 #include "base/file_path.h" |
9 #include "base/format_macros.h" | 9 #include "base/format_macros.h" |
10 #include "base/stringprintf.h" | 10 #include "base/stringprintf.h" |
11 #include "net/base/cert_test_util.h" | 11 #include "net/base/cert_test_util.h" |
12 #include "net/base/net_errors.h" | 12 #include "net/base/net_errors.h" |
13 #include "net/base/net_log.h" | 13 #include "net/base/net_log.h" |
14 #include "net/base/test_completion_callback.h" | 14 #include "net/base/test_completion_callback.h" |
15 #include "net/base/x509_certificate.h" | 15 #include "net/base/x509_certificate.h" |
16 #include "testing/gtest/include/gtest/gtest.h" | 16 #include "testing/gtest/include/gtest/gtest.h" |
17 | 17 |
18 namespace net { | 18 namespace net { |
19 | 19 |
20 namespace { | 20 namespace { |
21 | 21 |
22 void FailTest(int /* result */) { | 22 void FailTest(int /* result */) { |
23 FAIL(); | 23 FAIL(); |
24 } | 24 } |
25 | 25 |
26 } // namespace; | 26 } // namespace; |
27 | 27 |
28 // Tests a cache hit, which should result in synchronous completion. | 28 // Tests a cache hit, which should result in synchronous completion. |
29 #if defined(OS_MACOSX) | 29 #if defined(OS_MACOSX) |
30 // http://crbug.com/117372 | 30 // http://crbug.com/117372 |
31 #define MAYBE_CacheHit FAILS_CacheHit | 31 #define MAYBE_CacheHit FAILS_CacheHit |
32 #else | 32 #else |
33 #define MAYBE_CacheHit CacheHit | 33 #define MAYBE_CacheHit CacheHit |
34 #endif // defined(OS_MACOSX) | 34 #endif // defined(OS_MACOSX) |
35 TEST(CertVerifierTest, MAYBE_CacheHit) { | 35 TEST(MultiThreadedCertVerifierTest, MAYBE_CacheHit) { |
36 CertVerifier verifier; | 36 MultiThreadedCertVerifier verifier; |
37 | 37 |
38 FilePath certs_dir = GetTestCertsDirectory(); | 38 FilePath certs_dir = GetTestCertsDirectory(); |
39 scoped_refptr<X509Certificate> test_cert( | 39 scoped_refptr<X509Certificate> test_cert( |
40 ImportCertFromFile(certs_dir, "ok_cert.pem")); | 40 ImportCertFromFile(certs_dir, "ok_cert.pem")); |
41 ASSERT_NE(static_cast<X509Certificate*>(NULL), test_cert); | 41 ASSERT_NE(static_cast<X509Certificate*>(NULL), test_cert); |
42 | 42 |
43 int error; | 43 int error; |
44 CertVerifyResult verify_result; | 44 CertVerifyResult verify_result; |
45 TestCompletionCallback callback; | 45 TestCompletionCallback callback; |
46 CertVerifier::RequestHandle request_handle; | 46 CertVerifier::RequestHandle request_handle; |
(...skipping 17 matching lines...) Expand all Loading... |
64 ASSERT_TRUE(request_handle == NULL); | 64 ASSERT_TRUE(request_handle == NULL); |
65 ASSERT_EQ(2u, verifier.requests()); | 65 ASSERT_EQ(2u, verifier.requests()); |
66 ASSERT_EQ(1u, verifier.cache_hits()); | 66 ASSERT_EQ(1u, verifier.cache_hits()); |
67 ASSERT_EQ(0u, verifier.inflight_joins()); | 67 ASSERT_EQ(0u, verifier.inflight_joins()); |
68 ASSERT_EQ(1u, verifier.GetCacheSize()); | 68 ASSERT_EQ(1u, verifier.GetCacheSize()); |
69 } | 69 } |
70 | 70 |
71 // Tests the same server certificate with different intermediate CA | 71 // Tests the same server certificate with different intermediate CA |
72 // certificates. These should be treated as different certificate chains even | 72 // certificates. These should be treated as different certificate chains even |
73 // though the two X509Certificate objects contain the same server certificate. | 73 // though the two X509Certificate objects contain the same server certificate. |
74 TEST(CertVerifierTest, DifferentCACerts) { | 74 TEST(MultiThreadedCertVerifierTest, DifferentCACerts) { |
75 CertVerifier verifier; | 75 MultiThreadedCertVerifier verifier; |
76 | 76 |
77 FilePath certs_dir = GetTestCertsDirectory(); | 77 FilePath certs_dir = GetTestCertsDirectory(); |
78 | 78 |
79 scoped_refptr<X509Certificate> server_cert = | 79 scoped_refptr<X509Certificate> server_cert = |
80 ImportCertFromFile(certs_dir, "salesforce_com_test.pem"); | 80 ImportCertFromFile(certs_dir, "salesforce_com_test.pem"); |
81 ASSERT_NE(static_cast<X509Certificate*>(NULL), server_cert); | 81 ASSERT_NE(static_cast<X509Certificate*>(NULL), server_cert); |
82 | 82 |
83 scoped_refptr<X509Certificate> intermediate_cert1 = | 83 scoped_refptr<X509Certificate> intermediate_cert1 = |
84 ImportCertFromFile(certs_dir, "verisign_intermediate_ca_2011.pem"); | 84 ImportCertFromFile(certs_dir, "verisign_intermediate_ca_2011.pem"); |
85 ASSERT_NE(static_cast<X509Certificate*>(NULL), intermediate_cert1); | 85 ASSERT_NE(static_cast<X509Certificate*>(NULL), intermediate_cert1); |
(...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
124 ASSERT_TRUE(request_handle != NULL); | 124 ASSERT_TRUE(request_handle != NULL); |
125 error = callback.WaitForResult(); | 125 error = callback.WaitForResult(); |
126 ASSERT_TRUE(IsCertificateError(error)); | 126 ASSERT_TRUE(IsCertificateError(error)); |
127 ASSERT_EQ(2u, verifier.requests()); | 127 ASSERT_EQ(2u, verifier.requests()); |
128 ASSERT_EQ(0u, verifier.cache_hits()); | 128 ASSERT_EQ(0u, verifier.cache_hits()); |
129 ASSERT_EQ(0u, verifier.inflight_joins()); | 129 ASSERT_EQ(0u, verifier.inflight_joins()); |
130 ASSERT_EQ(2u, verifier.GetCacheSize()); | 130 ASSERT_EQ(2u, verifier.GetCacheSize()); |
131 } | 131 } |
132 | 132 |
133 // Tests an inflight join. | 133 // Tests an inflight join. |
134 TEST(CertVerifierTest, InflightJoin) { | 134 TEST(MultiThreadedCertVerifierTest, InflightJoin) { |
135 CertVerifier verifier; | 135 MultiThreadedCertVerifier verifier; |
136 | 136 |
137 FilePath certs_dir = GetTestCertsDirectory(); | 137 FilePath certs_dir = GetTestCertsDirectory(); |
138 scoped_refptr<X509Certificate> test_cert( | 138 scoped_refptr<X509Certificate> test_cert( |
139 ImportCertFromFile(certs_dir, "ok_cert.pem")); | 139 ImportCertFromFile(certs_dir, "ok_cert.pem")); |
140 ASSERT_NE(static_cast<X509Certificate*>(NULL), test_cert); | 140 ASSERT_NE(static_cast<X509Certificate*>(NULL), test_cert); |
141 | 141 |
142 int error; | 142 int error; |
143 CertVerifyResult verify_result; | 143 CertVerifyResult verify_result; |
144 TestCompletionCallback callback; | 144 TestCompletionCallback callback; |
145 CertVerifier::RequestHandle request_handle; | 145 CertVerifier::RequestHandle request_handle; |
(...skipping 13 matching lines...) Expand all Loading... |
159 error = callback.WaitForResult(); | 159 error = callback.WaitForResult(); |
160 ASSERT_TRUE(IsCertificateError(error)); | 160 ASSERT_TRUE(IsCertificateError(error)); |
161 error = callback2.WaitForResult(); | 161 error = callback2.WaitForResult(); |
162 ASSERT_TRUE(IsCertificateError(error)); | 162 ASSERT_TRUE(IsCertificateError(error)); |
163 ASSERT_EQ(2u, verifier.requests()); | 163 ASSERT_EQ(2u, verifier.requests()); |
164 ASSERT_EQ(0u, verifier.cache_hits()); | 164 ASSERT_EQ(0u, verifier.cache_hits()); |
165 ASSERT_EQ(1u, verifier.inflight_joins()); | 165 ASSERT_EQ(1u, verifier.inflight_joins()); |
166 } | 166 } |
167 | 167 |
168 // Tests that the callback of a canceled request is never made. | 168 // Tests that the callback of a canceled request is never made. |
169 TEST(CertVerifierTest, CancelRequest) { | 169 TEST(MultiThreadedCertVerifierTest, CancelRequest) { |
170 CertVerifier verifier; | 170 MultiThreadedCertVerifier verifier; |
171 | 171 |
172 FilePath certs_dir = GetTestCertsDirectory(); | 172 FilePath certs_dir = GetTestCertsDirectory(); |
173 scoped_refptr<X509Certificate> test_cert( | 173 scoped_refptr<X509Certificate> test_cert( |
174 ImportCertFromFile(certs_dir, "ok_cert.pem")); | 174 ImportCertFromFile(certs_dir, "ok_cert.pem")); |
175 ASSERT_NE(static_cast<X509Certificate*>(NULL), test_cert); | 175 ASSERT_NE(static_cast<X509Certificate*>(NULL), test_cert); |
176 | 176 |
177 int error; | 177 int error; |
178 CertVerifyResult verify_result; | 178 CertVerifyResult verify_result; |
179 CertVerifier::RequestHandle request_handle; | 179 CertVerifier::RequestHandle request_handle; |
180 | 180 |
(...skipping 13 matching lines...) Expand all Loading... |
194 test_cert, "www2.example.com", 0, NULL, &verify_result, | 194 test_cert, "www2.example.com", 0, NULL, &verify_result, |
195 callback.callback(), &request_handle, BoundNetLog()); | 195 callback.callback(), &request_handle, BoundNetLog()); |
196 ASSERT_EQ(ERR_IO_PENDING, error); | 196 ASSERT_EQ(ERR_IO_PENDING, error); |
197 ASSERT_TRUE(request_handle != NULL); | 197 ASSERT_TRUE(request_handle != NULL); |
198 error = callback.WaitForResult(); | 198 error = callback.WaitForResult(); |
199 verifier.ClearCache(); | 199 verifier.ClearCache(); |
200 } | 200 } |
201 } | 201 } |
202 | 202 |
203 // Tests that a canceled request is not leaked. | 203 // Tests that a canceled request is not leaked. |
204 TEST(CertVerifierTest, CancelRequestThenQuit) { | 204 TEST(MultiThreadedCertVerifierTest, CancelRequestThenQuit) { |
205 CertVerifier verifier; | 205 MultiThreadedCertVerifier verifier; |
206 | 206 |
207 FilePath certs_dir = GetTestCertsDirectory(); | 207 FilePath certs_dir = GetTestCertsDirectory(); |
208 scoped_refptr<X509Certificate> test_cert( | 208 scoped_refptr<X509Certificate> test_cert( |
209 ImportCertFromFile(certs_dir, "ok_cert.pem")); | 209 ImportCertFromFile(certs_dir, "ok_cert.pem")); |
210 ASSERT_NE(static_cast<X509Certificate*>(NULL), test_cert); | 210 ASSERT_NE(static_cast<X509Certificate*>(NULL), test_cert); |
211 | 211 |
212 int error; | 212 int error; |
213 CertVerifyResult verify_result; | 213 CertVerifyResult verify_result; |
214 TestCompletionCallback callback; | 214 TestCompletionCallback callback; |
215 CertVerifier::RequestHandle request_handle; | 215 CertVerifier::RequestHandle request_handle; |
216 | 216 |
217 error = verifier.Verify(test_cert, "www.example.com", 0, NULL, &verify_result, | 217 error = verifier.Verify(test_cert, "www.example.com", 0, NULL, &verify_result, |
218 callback.callback(), &request_handle, BoundNetLog()); | 218 callback.callback(), &request_handle, BoundNetLog()); |
219 ASSERT_EQ(ERR_IO_PENDING, error); | 219 ASSERT_EQ(ERR_IO_PENDING, error); |
220 ASSERT_TRUE(request_handle != NULL); | 220 ASSERT_TRUE(request_handle != NULL); |
221 verifier.CancelRequest(request_handle); | 221 verifier.CancelRequest(request_handle); |
222 // Destroy |verifier| by going out of scope. | 222 // Destroy |verifier| by going out of scope. |
223 } | 223 } |
224 | 224 |
225 TEST(CertVerifierTest, RequestParamsComparators) { | 225 TEST(MultiThreadedCertVerifierTest, RequestParamsComparators) { |
226 SHA1Fingerprint a_key; | 226 SHA1Fingerprint a_key; |
227 memset(a_key.data, 'a', sizeof(a_key.data)); | 227 memset(a_key.data, 'a', sizeof(a_key.data)); |
228 | 228 |
229 SHA1Fingerprint z_key; | 229 SHA1Fingerprint z_key; |
230 memset(z_key.data, 'z', sizeof(z_key.data)); | 230 memset(z_key.data, 'z', sizeof(z_key.data)); |
231 | 231 |
232 struct { | 232 struct { |
233 // Keys to test | 233 // Keys to test |
234 CertVerifier::RequestParams key1; | 234 MultiThreadedCertVerifier::RequestParams key1; |
235 CertVerifier::RequestParams key2; | 235 MultiThreadedCertVerifier::RequestParams key2; |
236 | 236 |
237 // Expectation: | 237 // Expectation: |
238 // -1 means key1 is less than key2 | 238 // -1 means key1 is less than key2 |
239 // 0 means key1 equals key2 | 239 // 0 means key1 equals key2 |
240 // 1 means key1 is greater than key2 | 240 // 1 means key1 is greater than key2 |
241 int expected_result; | 241 int expected_result; |
242 } tests[] = { | 242 } tests[] = { |
243 { // Test for basic equivalence. | 243 { // Test for basic equivalence. |
244 CertVerifier::RequestParams(a_key, a_key, "www.example.test", 0), | 244 MultiThreadedCertVerifier::RequestParams(a_key, a_key, "www.example.test", |
245 CertVerifier::RequestParams(a_key, a_key, "www.example.test", 0), | 245 0), |
| 246 MultiThreadedCertVerifier::RequestParams(a_key, a_key, "www.example.test", |
| 247 0), |
246 0, | 248 0, |
247 }, | 249 }, |
248 { // Test that different certificates but with the same CA and for | 250 { // Test that different certificates but with the same CA and for |
249 // the same host are different validation keys. | 251 // the same host are different validation keys. |
250 CertVerifier::RequestParams(a_key, a_key, "www.example.test", 0), | 252 MultiThreadedCertVerifier::RequestParams(a_key, a_key, "www.example.test", |
251 CertVerifier::RequestParams(z_key, a_key, "www.example.test", 0), | 253 0), |
| 254 MultiThreadedCertVerifier::RequestParams(z_key, a_key, "www.example.test", |
| 255 0), |
252 -1, | 256 -1, |
253 }, | 257 }, |
254 { // Test that the same EE certificate for the same host, but with | 258 { // Test that the same EE certificate for the same host, but with |
255 // different chains are different validation keys. | 259 // different chains are different validation keys. |
256 CertVerifier::RequestParams(a_key, z_key, "www.example.test", 0), | 260 MultiThreadedCertVerifier::RequestParams(a_key, z_key, "www.example.test", |
257 CertVerifier::RequestParams(a_key, a_key, "www.example.test", 0), | 261 0), |
| 262 MultiThreadedCertVerifier::RequestParams(a_key, a_key, "www.example.test", |
| 263 0), |
258 1, | 264 1, |
259 }, | 265 }, |
260 { // The same certificate, with the same chain, but for different | 266 { // The same certificate, with the same chain, but for different |
261 // hosts are different validation keys. | 267 // hosts are different validation keys. |
262 CertVerifier::RequestParams(a_key, a_key, "www1.example.test", 0), | 268 MultiThreadedCertVerifier::RequestParams(a_key, a_key, |
263 CertVerifier::RequestParams(a_key, a_key, "www2.example.test", 0), | 269 "www1.example.test", 0), |
| 270 MultiThreadedCertVerifier::RequestParams(a_key, a_key, |
| 271 "www2.example.test", 0), |
264 -1, | 272 -1, |
265 }, | 273 }, |
266 { // The same certificate, chain, and host, but with different flags | 274 { // The same certificate, chain, and host, but with different flags |
267 // are different validation keys. | 275 // are different validation keys. |
268 CertVerifier::RequestParams(a_key, a_key, "www.example.test", | 276 MultiThreadedCertVerifier::RequestParams(a_key, a_key, "www.example.test", |
269 X509Certificate::VERIFY_EV_CERT), | 277 X509Certificate::VERIFY_EV_CERT), |
270 CertVerifier::RequestParams(a_key, a_key, "www.example.test", 0), | 278 MultiThreadedCertVerifier::RequestParams(a_key, a_key, "www.example.test", |
| 279 0), |
271 1, | 280 1, |
272 } | 281 } |
273 }; | 282 }; |
274 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(tests); ++i) { | 283 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(tests); ++i) { |
275 SCOPED_TRACE(base::StringPrintf("Test[%" PRIuS "]", i)); | 284 SCOPED_TRACE(base::StringPrintf("Test[%" PRIuS "]", i)); |
276 | 285 |
277 const CertVerifier::RequestParams& key1 = tests[i].key1; | 286 const MultiThreadedCertVerifier::RequestParams& key1 = tests[i].key1; |
278 const CertVerifier::RequestParams& key2 = tests[i].key2; | 287 const MultiThreadedCertVerifier::RequestParams& key2 = tests[i].key2; |
279 | 288 |
280 switch (tests[i].expected_result) { | 289 switch (tests[i].expected_result) { |
281 case -1: | 290 case -1: |
282 EXPECT_TRUE(key1 < key2); | 291 EXPECT_TRUE(key1 < key2); |
283 EXPECT_FALSE(key2 < key1); | 292 EXPECT_FALSE(key2 < key1); |
284 break; | 293 break; |
285 case 0: | 294 case 0: |
286 EXPECT_FALSE(key1 < key2); | 295 EXPECT_FALSE(key1 < key2); |
287 EXPECT_FALSE(key2 < key1); | 296 EXPECT_FALSE(key2 < key1); |
288 break; | 297 break; |
289 case 1: | 298 case 1: |
290 EXPECT_FALSE(key1 < key2); | 299 EXPECT_FALSE(key1 < key2); |
291 EXPECT_TRUE(key2 < key1); | 300 EXPECT_TRUE(key2 < key1); |
292 break; | 301 break; |
293 default: | 302 default: |
294 FAIL() << "Invalid expectation. Can be only -1, 0, 1"; | 303 FAIL() << "Invalid expectation. Can be only -1, 0, 1"; |
295 } | 304 } |
296 } | 305 } |
297 } | 306 } |
298 | 307 |
299 } // namespace net | 308 } // namespace net |
OLD | NEW |