Chromium Code Reviews Chromium Code Reviews
Issue 9584041:
Create stubs for system certificate validation. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/base/multi_threaded_cert_verifier.h" | 5 #include "net/base/multi_threaded_cert_verifier.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/file_path.h" | 8 #include "base/file_path.h" |
| 9 #include "base/format_macros.h" | 9 #include "base/format_macros.h" |
| 10 #include "base/stringprintf.h" | 10 #include "base/stringprintf.h" |
| 11 #include "net/base/cert_test_util.h" | 11 #include "net/base/cert_test_util.h" |
| 12 #include "net/base/cert_verify_result.h" | |
| 12 #include "net/base/net_errors.h" | 13 #include "net/base/net_errors.h" |
| 13 #include "net/base/net_log.h" | 14 #include "net/base/net_log.h" |
| 14 #include "net/base/test_completion_callback.h" | 15 #include "net/base/test_completion_callback.h" |
| 15 #include "net/base/x509_certificate.h" | 16 #include "net/base/x509_certificate.h" |
| 16 #include "testing/gtest/include/gtest/gtest.h" | 17 #include "testing/gtest/include/gtest/gtest.h" |
| 17 | 18 |
| 18 namespace net { | 19 namespace net { |
| 19 | 20 |
| 20 namespace { | 21 namespace { |
| 21 | 22 |
| 22 void FailTest(int /* result */) { | 23 void FailTest(int /* result */) { |
| 23 FAIL(); | 24 FAIL(); |
| 24 } | 25 } |
| 25 | 26 |
| 27 class MockCertVerifyProc : public MultiThreadedCertVerifier::VerifyProc { | |
| 28 public: | |
| 29 MockCertVerifyProc() {} | |
| 30 | |
| 31 virtual int Verify(X509Certificate* certificate, | |
|
wtc
2012/03/06 23:10:14
Nit: shorten 'certificate' to 'cert'?
| |
| 32 const std::string& hostname, | |
| 33 int flags, | |
| 34 CRLSet* crl_set, | |
| 35 CertVerifyResult* verify_result) OVERRIDE { | |
| 36 verify_result->Reset(); | |
| 37 verify_result->verified_cert = certificate; | |
| 38 verify_result->cert_status = CERT_STATUS_COMMON_NAME_INVALID; | |
| 39 return ERR_CERT_COMMON_NAME_INVALID; | |
| 40 } | |
| 41 | |
| 42 protected: | |
| 43 virtual ~MockCertVerifyProc() {} | |
| 44 }; | |
| 45 | |
| 26 } // namespace; | 46 } // namespace; |
| 27 | 47 |
| 28 // Tests a cache hit, which should result in synchronous completion. | 48 // Tests a cache hit, which should result in synchronous completion. |
| 29 TEST(MultiThreadedCertVerifierTest, CacheHit) { | 49 TEST(MultiThreadedCertVerifierTest, CacheHit) { |
| 30 MultiThreadedCertVerifier verifier; | 50 MultiThreadedCertVerifier verifier(new MockCertVerifyProc); |
| 31 | 51 |
| 32 FilePath certs_dir = GetTestCertsDirectory(); | 52 FilePath certs_dir = GetTestCertsDirectory(); |
| 33 scoped_refptr<X509Certificate> test_cert( | 53 scoped_refptr<X509Certificate> test_cert( |
| 34 ImportCertFromFile(certs_dir, "ok_cert.pem")); | 54 ImportCertFromFile(certs_dir, "ok_cert.pem")); |
| 35 ASSERT_NE(static_cast<X509Certificate*>(NULL), test_cert); | 55 ASSERT_NE(static_cast<X509Certificate*>(NULL), test_cert); |
| 36 | 56 |
| 37 int error; | 57 int error; |
| 38 CertVerifyResult verify_result; | 58 CertVerifyResult verify_result; |
| 39 TestCompletionCallback callback; | 59 TestCompletionCallback callback; |
| 40 CertVerifier::RequestHandle request_handle; | 60 CertVerifier::RequestHandle request_handle; |
| (...skipping 18 matching lines...) Expand all Loading... | |
| 59 ASSERT_EQ(2u, verifier.requests()); | 79 ASSERT_EQ(2u, verifier.requests()); |
| 60 ASSERT_EQ(1u, verifier.cache_hits()); | 80 ASSERT_EQ(1u, verifier.cache_hits()); |
| 61 ASSERT_EQ(0u, verifier.inflight_joins()); | 81 ASSERT_EQ(0u, verifier.inflight_joins()); |
| 62 ASSERT_EQ(1u, verifier.GetCacheSize()); | 82 ASSERT_EQ(1u, verifier.GetCacheSize()); |
| 63 } | 83 } |
| 64 | 84 |
| 65 // Tests the same server certificate with different intermediate CA | 85 // Tests the same server certificate with different intermediate CA |
| 66 // certificates. These should be treated as different certificate chains even | 86 // certificates. These should be treated as different certificate chains even |
| 67 // though the two X509Certificate objects contain the same server certificate. | 87 // though the two X509Certificate objects contain the same server certificate. |
| 68 TEST(MultiThreadedCertVerifierTest, DifferentCACerts) { | 88 TEST(MultiThreadedCertVerifierTest, DifferentCACerts) { |
| 69 MultiThreadedCertVerifier verifier; | 89 MultiThreadedCertVerifier verifier(new MockCertVerifyProc); |
| 70 | 90 |
| 71 FilePath certs_dir = GetTestCertsDirectory(); | 91 FilePath certs_dir = GetTestCertsDirectory(); |
| 72 | 92 |
| 73 scoped_refptr<X509Certificate> server_cert = | 93 scoped_refptr<X509Certificate> server_cert = |
| 74 ImportCertFromFile(certs_dir, "salesforce_com_test.pem"); | 94 ImportCertFromFile(certs_dir, "salesforce_com_test.pem"); |
| 75 ASSERT_NE(static_cast<X509Certificate*>(NULL), server_cert); | 95 ASSERT_NE(static_cast<X509Certificate*>(NULL), server_cert); |
| 76 | 96 |
| 77 scoped_refptr<X509Certificate> intermediate_cert1 = | 97 scoped_refptr<X509Certificate> intermediate_cert1 = |
| 78 ImportCertFromFile(certs_dir, "verisign_intermediate_ca_2011.pem"); | 98 ImportCertFromFile(certs_dir, "verisign_intermediate_ca_2011.pem"); |
| 79 ASSERT_NE(static_cast<X509Certificate*>(NULL), intermediate_cert1); | 99 ASSERT_NE(static_cast<X509Certificate*>(NULL), intermediate_cert1); |
| (...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 119 error = callback.WaitForResult(); | 139 error = callback.WaitForResult(); |
| 120 ASSERT_TRUE(IsCertificateError(error)); | 140 ASSERT_TRUE(IsCertificateError(error)); |
| 121 ASSERT_EQ(2u, verifier.requests()); | 141 ASSERT_EQ(2u, verifier.requests()); |
| 122 ASSERT_EQ(0u, verifier.cache_hits()); | 142 ASSERT_EQ(0u, verifier.cache_hits()); |
| 123 ASSERT_EQ(0u, verifier.inflight_joins()); | 143 ASSERT_EQ(0u, verifier.inflight_joins()); |
| 124 ASSERT_EQ(2u, verifier.GetCacheSize()); | 144 ASSERT_EQ(2u, verifier.GetCacheSize()); |
| 125 } | 145 } |
| 126 | 146 |
| 127 // Tests an inflight join. | 147 // Tests an inflight join. |
| 128 TEST(MultiThreadedCertVerifierTest, InflightJoin) { | 148 TEST(MultiThreadedCertVerifierTest, InflightJoin) { |
| 129 MultiThreadedCertVerifier verifier; | 149 MultiThreadedCertVerifier verifier(new MockCertVerifyProc); |
| 130 | 150 |
| 131 FilePath certs_dir = GetTestCertsDirectory(); | 151 FilePath certs_dir = GetTestCertsDirectory(); |
| 132 scoped_refptr<X509Certificate> test_cert( | 152 scoped_refptr<X509Certificate> test_cert( |
| 133 ImportCertFromFile(certs_dir, "ok_cert.pem")); | 153 ImportCertFromFile(certs_dir, "ok_cert.pem")); |
| 134 ASSERT_NE(static_cast<X509Certificate*>(NULL), test_cert); | 154 ASSERT_NE(static_cast<X509Certificate*>(NULL), test_cert); |
| 135 | 155 |
| 136 int error; | 156 int error; |
| 137 CertVerifyResult verify_result; | 157 CertVerifyResult verify_result; |
| 138 TestCompletionCallback callback; | 158 TestCompletionCallback callback; |
| 139 CertVerifier::RequestHandle request_handle; | 159 CertVerifier::RequestHandle request_handle; |
| (...skipping 14 matching lines...) Expand all Loading... | |
| 154 ASSERT_TRUE(IsCertificateError(error)); | 174 ASSERT_TRUE(IsCertificateError(error)); |
| 155 error = callback2.WaitForResult(); | 175 error = callback2.WaitForResult(); |
| 156 ASSERT_TRUE(IsCertificateError(error)); | 176 ASSERT_TRUE(IsCertificateError(error)); |
| 157 ASSERT_EQ(2u, verifier.requests()); | 177 ASSERT_EQ(2u, verifier.requests()); |
| 158 ASSERT_EQ(0u, verifier.cache_hits()); | 178 ASSERT_EQ(0u, verifier.cache_hits()); |
| 159 ASSERT_EQ(1u, verifier.inflight_joins()); | 179 ASSERT_EQ(1u, verifier.inflight_joins()); |
| 160 } | 180 } |
| 161 | 181 |
| 162 // Tests that the callback of a canceled request is never made. | 182 // Tests that the callback of a canceled request is never made. |
| 163 TEST(MultiThreadedCertVerifierTest, CancelRequest) { | 183 TEST(MultiThreadedCertVerifierTest, CancelRequest) { |
| 164 MultiThreadedCertVerifier verifier; | 184 MultiThreadedCertVerifier verifier(new MockCertVerifyProc); |
| 165 | 185 |
| 166 FilePath certs_dir = GetTestCertsDirectory(); | 186 FilePath certs_dir = GetTestCertsDirectory(); |
| 167 scoped_refptr<X509Certificate> test_cert( | 187 scoped_refptr<X509Certificate> test_cert( |
| 168 ImportCertFromFile(certs_dir, "ok_cert.pem")); | 188 ImportCertFromFile(certs_dir, "ok_cert.pem")); |
| 169 ASSERT_NE(static_cast<X509Certificate*>(NULL), test_cert); | 189 ASSERT_NE(static_cast<X509Certificate*>(NULL), test_cert); |
| 170 | 190 |
| 171 int error; | 191 int error; |
| 172 CertVerifyResult verify_result; | 192 CertVerifyResult verify_result; |
| 173 CertVerifier::RequestHandle request_handle; | 193 CertVerifier::RequestHandle request_handle; |
| 174 | 194 |
| (...skipping 14 matching lines...) Expand all Loading... | |
| 189 callback.callback(), &request_handle, BoundNetLog()); | 209 callback.callback(), &request_handle, BoundNetLog()); |
| 190 ASSERT_EQ(ERR_IO_PENDING, error); | 210 ASSERT_EQ(ERR_IO_PENDING, error); |
| 191 ASSERT_TRUE(request_handle != NULL); | 211 ASSERT_TRUE(request_handle != NULL); |
| 192 error = callback.WaitForResult(); | 212 error = callback.WaitForResult(); |
| 193 verifier.ClearCache(); | 213 verifier.ClearCache(); |
| 194 } | 214 } |
| 195 } | 215 } |
| 196 | 216 |
| 197 // Tests that a canceled request is not leaked. | 217 // Tests that a canceled request is not leaked. |
| 198 TEST(MultiThreadedCertVerifierTest, CancelRequestThenQuit) { | 218 TEST(MultiThreadedCertVerifierTest, CancelRequestThenQuit) { |
| 199 MultiThreadedCertVerifier verifier; | 219 MultiThreadedCertVerifier verifier(new MockCertVerifyProc); |
| 200 | 220 |
| 201 FilePath certs_dir = GetTestCertsDirectory(); | 221 FilePath certs_dir = GetTestCertsDirectory(); |
| 202 scoped_refptr<X509Certificate> test_cert( | 222 scoped_refptr<X509Certificate> test_cert( |
| 203 ImportCertFromFile(certs_dir, "ok_cert.pem")); | 223 ImportCertFromFile(certs_dir, "ok_cert.pem")); |
| 204 ASSERT_NE(static_cast<X509Certificate*>(NULL), test_cert); | 224 ASSERT_NE(static_cast<X509Certificate*>(NULL), test_cert); |
| 205 | 225 |
| 206 int error; | 226 int error; |
| 207 CertVerifyResult verify_result; | 227 CertVerifyResult verify_result; |
| 208 TestCompletionCallback callback; | 228 TestCompletionCallback callback; |
| 209 CertVerifier::RequestHandle request_handle; | 229 CertVerifier::RequestHandle request_handle; |
| (...skipping 83 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 293 EXPECT_FALSE(key1 < key2); | 313 EXPECT_FALSE(key1 < key2); |
| 294 EXPECT_TRUE(key2 < key1); | 314 EXPECT_TRUE(key2 < key1); |
| 295 break; | 315 break; |
| 296 default: | 316 default: |
| 297 FAIL() << "Invalid expectation. Can be only -1, 0, 1"; | 317 FAIL() << "Invalid expectation. Can be only -1, 0, 1"; |
| 298 } | 318 } |
| 299 } | 319 } |
| 300 } | 320 } |
| 301 | 321 |
| 302 } // namespace net | 322 } // namespace net |
| OLD | NEW |
