OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/multi_log_ct_verifier.h" | 5 #include "net/cert/multi_log_ct_verifier.h" |
6 | 6 |
7 #include <string> | 7 #include <string> |
8 | 8 |
9 #include "base/file_util.h" | 9 #include "base/file_util.h" |
10 #include "base/files/file_path.h" | 10 #include "base/files/file_path.h" |
(...skipping 65 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
76 //a string, add more checks here. | 76 //a string, add more checks here. |
77 | 77 |
78 return true; | 78 return true; |
79 } | 79 } |
80 | 80 |
81 bool CheckPrecertificateVerification(scoped_refptr<X509Certificate> chain) { | 81 bool CheckPrecertificateVerification(scoped_refptr<X509Certificate> chain) { |
82 ct::CTVerifyResult result; | 82 ct::CTVerifyResult result; |
83 CapturingNetLog net_log; | 83 CapturingNetLog net_log; |
84 BoundNetLog bound_net_log = | 84 BoundNetLog bound_net_log = |
85 BoundNetLog::Make(&net_log, NetLog::SOURCE_CONNECT_JOB); | 85 BoundNetLog::Make(&net_log, NetLog::SOURCE_CONNECT_JOB); |
86 return (verifier_->Verify(chain, std::string(), std::string(), &result, | 86 return (verifier_->Verify(chain, "", "", &result, bound_net_log) == OK) && |
87 bound_net_log) == OK) && | |
88 CheckForSingleVerifiedSCTInResult(result) && | 87 CheckForSingleVerifiedSCTInResult(result) && |
89 CheckForSCTOrigin( | 88 CheckForSCTOrigin( |
90 result, ct::SignedCertificateTimestamp::SCT_EMBEDDED) && | 89 result, ct::SignedCertificateTimestamp::SCT_EMBEDDED) && |
91 CheckForEmbeddedSCTInNetLog(net_log); | 90 CheckForEmbeddedSCTInNetLog(net_log); |
92 } | 91 } |
93 | 92 |
94 protected: | 93 protected: |
95 scoped_ptr<MultiLogCTVerifier> verifier_; | 94 scoped_ptr<MultiLogCTVerifier> verifier_; |
96 scoped_refptr<X509Certificate> chain_; | 95 scoped_refptr<X509Certificate> chain_; |
97 }; | 96 }; |
(...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
135 | 134 |
136 TEST_F(MultiLogCTVerifierTest, | 135 TEST_F(MultiLogCTVerifierTest, |
137 VerifiesSCTOverX509Cert) { | 136 VerifiesSCTOverX509Cert) { |
138 std::string sct(ct::GetTestSignedCertificateTimestamp()); | 137 std::string sct(ct::GetTestSignedCertificateTimestamp()); |
139 | 138 |
140 std::string sct_list; | 139 std::string sct_list; |
141 ASSERT_TRUE(ct::EncodeSCTListForTesting(sct, &sct_list)); | 140 ASSERT_TRUE(ct::EncodeSCTListForTesting(sct, &sct_list)); |
142 | 141 |
143 ct::CTVerifyResult result; | 142 ct::CTVerifyResult result; |
144 EXPECT_EQ(OK, | 143 EXPECT_EQ(OK, |
145 verifier_->Verify(chain_, std::string(), sct_list, &result, | 144 verifier_->Verify(chain_, "", sct_list, &result, BoundNetLog())); |
146 BoundNetLog())); | |
147 ASSERT_TRUE(CheckForSingleVerifiedSCTInResult(result)); | 145 ASSERT_TRUE(CheckForSingleVerifiedSCTInResult(result)); |
148 ASSERT_TRUE(CheckForSCTOrigin( | 146 ASSERT_TRUE(CheckForSCTOrigin( |
149 result, ct::SignedCertificateTimestamp::SCT_FROM_TLS_EXTENSION)); | 147 result, ct::SignedCertificateTimestamp::SCT_FROM_TLS_EXTENSION)); |
150 } | 148 } |
151 | 149 |
152 TEST_F(MultiLogCTVerifierTest, | 150 TEST_F(MultiLogCTVerifierTest, |
153 IdentifiesSCTFromUnknownLog) { | 151 IdentifiesSCTFromUnknownLog) { |
154 std::string sct(ct::GetTestSignedCertificateTimestamp()); | 152 std::string sct(ct::GetTestSignedCertificateTimestamp()); |
155 | 153 |
156 // Change a byte inside the Log ID part of the SCT so it does | 154 // Change a byte inside the Log ID part of the SCT so it does |
157 // not match the log used in the tests | 155 // not match the log used in the tests |
158 sct[15] = 't'; | 156 sct[15] = 't'; |
159 | 157 |
160 std::string sct_list; | 158 std::string sct_list; |
161 ASSERT_TRUE(ct::EncodeSCTListForTesting(sct, &sct_list)); | 159 ASSERT_TRUE(ct::EncodeSCTListForTesting(sct, &sct_list)); |
162 | 160 |
163 ct::CTVerifyResult result; | 161 ct::CTVerifyResult result; |
164 EXPECT_NE(OK, | 162 EXPECT_NE(OK, |
165 verifier_->Verify(chain_, std::string(), sct_list, &result, | 163 verifier_->Verify(chain_, sct_list, "", &result, BoundNetLog())); |
166 BoundNetLog())); | |
167 EXPECT_EQ(1U, result.unknown_logs_scts.size()); | 164 EXPECT_EQ(1U, result.unknown_logs_scts.size()); |
168 EXPECT_EQ("", result.unknown_logs_scts[0]->log_description); | 165 EXPECT_EQ("", result.unknown_logs_scts[0]->log_description); |
169 } | 166 } |
170 | 167 |
171 } // namespace | 168 } // namespace |
172 | 169 |
173 } // namespace net | 170 } // namespace net |
OLD | NEW |