Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(858)

Side by Side Diff: net/socket/ssl_client_socket_unittest.cc

Issue 108113006: Revert of Extract Certificate Transparency SCTs from stapled OCSP responses (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@extract_scts
Patch Set: Created 7 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/socket/ssl_client_socket_nss.cc ('k') | net/test/ct_test_util.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/socket/ssl_client_socket.h" 5 #include "net/socket/ssl_client_socket.h"
6 6
7 #include "base/callback_helpers.h" 7 #include "base/callback_helpers.h"
8 #include "base/memory/ref_counted.h" 8 #include "base/memory/ref_counted.h"
9 #include "net/base/address_list.h" 9 #include "net/base/address_list.h"
10 #include "net/base/io_buffer.h" 10 #include "net/base/io_buffer.h"
(...skipping 1775 matching lines...) Expand 10 before | Expand all | Expand 10 after
1786 scoped_refptr<SSLCertRequestInfo> request_info = GetCertRequest(ssl_options); 1786 scoped_refptr<SSLCertRequestInfo> request_info = GetCertRequest(ssl_options);
1787 ASSERT_TRUE(request_info.get()); 1787 ASSERT_TRUE(request_info.get());
1788 ASSERT_EQ(2u, request_info->cert_authorities.size()); 1788 ASSERT_EQ(2u, request_info->cert_authorities.size());
1789 EXPECT_EQ(std::string(reinterpret_cast<const char*>(kThawteDN), kThawteLen), 1789 EXPECT_EQ(std::string(reinterpret_cast<const char*>(kThawteDN), kThawteLen),
1790 request_info->cert_authorities[0]); 1790 request_info->cert_authorities[0]);
1791 EXPECT_EQ( 1791 EXPECT_EQ(
1792 std::string(reinterpret_cast<const char*>(kDiginotarDN), kDiginotarLen), 1792 std::string(reinterpret_cast<const char*>(kDiginotarDN), kDiginotarLen),
1793 request_info->cert_authorities[1]); 1793 request_info->cert_authorities[1]);
1794 } 1794 }
1795 1795
1796 } // namespace 1796 TEST_F(SSLClientSocketTest, ConnectSignedCertTimestampsEnabled) {
1797
1798 TEST_F(SSLClientSocketTest, ConnectSignedCertTimestampsEnabledTLSExtension) {
1799 SpawnedTestServer::SSLOptions ssl_options; 1797 SpawnedTestServer::SSLOptions ssl_options;
1800 ssl_options.signed_cert_timestamps_tls_ext = "test"; 1798 ssl_options.signed_cert_timestamps = "test";
1801 1799
1802 SpawnedTestServer test_server(SpawnedTestServer::TYPE_HTTPS, 1800 SpawnedTestServer test_server(SpawnedTestServer::TYPE_HTTPS,
1803 ssl_options, 1801 ssl_options,
1804 base::FilePath()); 1802 base::FilePath());
1805 ASSERT_TRUE(test_server.Start()); 1803 ASSERT_TRUE(test_server.Start());
1806 1804
1807 AddressList addr; 1805 AddressList addr;
1808 ASSERT_TRUE(test_server.GetAddressList(&addr)); 1806 ASSERT_TRUE(test_server.GetAddressList(&addr));
1809 1807
1810 TestCompletionCallback callback; 1808 TestCompletionCallback callback;
(...skipping 19 matching lines...) Expand all
1830 log.GetEntries(&entries); 1828 log.GetEntries(&entries);
1831 EXPECT_TRUE(LogContainsBeginEvent(entries, 5, NetLog::TYPE_SSL_CONNECT)); 1829 EXPECT_TRUE(LogContainsBeginEvent(entries, 5, NetLog::TYPE_SSL_CONNECT));
1832 if (rv == ERR_IO_PENDING) 1830 if (rv == ERR_IO_PENDING)
1833 rv = callback.WaitForResult(); 1831 rv = callback.WaitForResult();
1834 EXPECT_EQ(OK, rv); 1832 EXPECT_EQ(OK, rv);
1835 EXPECT_TRUE(sock->IsConnected()); 1833 EXPECT_TRUE(sock->IsConnected());
1836 log.GetEntries(&entries); 1834 log.GetEntries(&entries);
1837 EXPECT_TRUE(LogContainsSSLConnectEndEvent(entries, -1)); 1835 EXPECT_TRUE(LogContainsSSLConnectEndEvent(entries, -1));
1838 1836
1839 #if !defined(USE_OPENSSL) 1837 #if !defined(USE_OPENSSL)
1840 EXPECT_TRUE(sock->signed_cert_timestamps_received_); 1838 EXPECT_TRUE(sock->WereSignedCertTimestampsReceived());
1841 #else 1839 #else
1842 // Enabling CT for OpenSSL is currently a noop. 1840 // Enabling CT for OpenSSL is currently a noop.
1843 EXPECT_FALSE(sock->signed_cert_timestamps_received_); 1841 EXPECT_FALSE(sock->WereSignedCertTimestampsReceived());
1844 #endif 1842 #endif
1845 1843
1846 sock->Disconnect(); 1844 sock->Disconnect();
1847 EXPECT_FALSE(sock->IsConnected()); 1845 EXPECT_FALSE(sock->IsConnected());
1848 } 1846 }
1849 1847
1850 // Test that enabling Signed Certificate Timestamps enables OCSP stapling. 1848 TEST_F(SSLClientSocketTest, ConnectSignedCertTimestampsDisabled) {
1851 TEST_F(SSLClientSocketTest, ConnectSignedCertTimestampsEnabledOCSP) {
1852 SpawnedTestServer::SSLOptions ssl_options; 1849 SpawnedTestServer::SSLOptions ssl_options;
1853 ssl_options.staple_ocsp_response = true; 1850 ssl_options.signed_cert_timestamps = "test";
1854 // The test server currently only knows how to generate OCSP responses
1855 // for a freshly minted certificate.
1856 ssl_options.server_certificate = SpawnedTestServer::SSLOptions::CERT_AUTO;
1857 1851
1858 SpawnedTestServer test_server(SpawnedTestServer::TYPE_HTTPS, 1852 SpawnedTestServer test_server(SpawnedTestServer::TYPE_HTTPS,
1859 ssl_options, 1853 ssl_options,
1860 base::FilePath()); 1854 base::FilePath());
1861 ASSERT_TRUE(test_server.Start()); 1855 ASSERT_TRUE(test_server.Start());
1862 1856
1863 AddressList addr; 1857 AddressList addr;
1864 ASSERT_TRUE(test_server.GetAddressList(&addr)); 1858 ASSERT_TRUE(test_server.GetAddressList(&addr));
1865 1859
1866 TestCompletionCallback callback; 1860 TestCompletionCallback callback;
1867 CapturingNetLog log; 1861 CapturingNetLog log;
1868 scoped_ptr<StreamSocket> transport( 1862 scoped_ptr<StreamSocket> transport(
1869 new TCPClientSocket(addr, &log, NetLog::Source())); 1863 new TCPClientSocket(addr, &log, NetLog::Source()));
1870 int rv = transport->Connect(callback.callback()); 1864 int rv = transport->Connect(callback.callback());
1871 if (rv == ERR_IO_PENDING) 1865 if (rv == ERR_IO_PENDING)
1872 rv = callback.WaitForResult(); 1866 rv = callback.WaitForResult();
1873 EXPECT_EQ(OK, rv); 1867 EXPECT_EQ(OK, rv);
1874 1868
1875 SSLConfig ssl_config; 1869 SSLConfig ssl_config;
1876 // Enabling Signed Cert Timestamps ensures we request OCSP stapling for 1870 ssl_config.signed_cert_timestamps_enabled = false;
1877 // Certificate Transparency verification regardless of whether the platform
1878 // is able to process the OCSP status itself.
1879 ssl_config.signed_cert_timestamps_enabled = true;
1880 1871
1881 scoped_ptr<SSLClientSocket> sock(CreateSSLClientSocket( 1872 scoped_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
1882 transport.Pass(), test_server.host_port_pair(), ssl_config)); 1873 transport.Pass(), test_server.host_port_pair(), ssl_config));
1883 1874
1884 EXPECT_FALSE(sock->IsConnected()); 1875 EXPECT_FALSE(sock->IsConnected());
1885 1876
1886 rv = sock->Connect(callback.callback()); 1877 rv = sock->Connect(callback.callback());
1887 1878
1888 CapturingNetLog::CapturedEntryList entries; 1879 CapturingNetLog::CapturedEntryList entries;
1889 log.GetEntries(&entries); 1880 log.GetEntries(&entries);
1890 EXPECT_TRUE(LogContainsBeginEvent(entries, 5, NetLog::TYPE_SSL_CONNECT)); 1881 EXPECT_TRUE(LogContainsBeginEvent(entries, 5, NetLog::TYPE_SSL_CONNECT));
1891 if (rv == ERR_IO_PENDING) 1882 if (rv == ERR_IO_PENDING)
1892 rv = callback.WaitForResult(); 1883 rv = callback.WaitForResult();
1893 EXPECT_EQ(OK, rv); 1884 EXPECT_EQ(OK, rv);
1894 EXPECT_TRUE(sock->IsConnected()); 1885 EXPECT_TRUE(sock->IsConnected());
1895 log.GetEntries(&entries); 1886 log.GetEntries(&entries);
1896 EXPECT_TRUE(LogContainsSSLConnectEndEvent(entries, -1)); 1887 EXPECT_TRUE(LogContainsSSLConnectEndEvent(entries, -1));
1897 1888
1898 #if !defined(USE_OPENSSL) 1889 EXPECT_FALSE(sock->WereSignedCertTimestampsReceived());
1899 EXPECT_TRUE(sock->stapled_ocsp_response_received_);
1900 #else
1901 // OCSP stapling isn't currently supported in the OpenSSL socket.
1902 EXPECT_FALSE(sock->stapled_ocsp_response_received_);
1903 #endif
1904 1890
1905 sock->Disconnect(); 1891 sock->Disconnect();
1906 EXPECT_FALSE(sock->IsConnected()); 1892 EXPECT_FALSE(sock->IsConnected());
1907 } 1893 }
1908 1894
1909 TEST_F(SSLClientSocketTest, ConnectSignedCertTimestampsDisabled) { 1895 } // namespace
1910 SpawnedTestServer::SSLOptions ssl_options;
1911 ssl_options.signed_cert_timestamps_tls_ext = "test";
1912
1913 SpawnedTestServer test_server(SpawnedTestServer::TYPE_HTTPS,
1914 ssl_options,
1915 base::FilePath());
1916 ASSERT_TRUE(test_server.Start());
1917
1918 AddressList addr;
1919 ASSERT_TRUE(test_server.GetAddressList(&addr));
1920
1921 TestCompletionCallback callback;
1922 CapturingNetLog log;
1923 scoped_ptr<StreamSocket> transport(
1924 new TCPClientSocket(addr, &log, NetLog::Source()));
1925 int rv = transport->Connect(callback.callback());
1926 if (rv == ERR_IO_PENDING)
1927 rv = callback.WaitForResult();
1928 EXPECT_EQ(OK, rv);
1929
1930 SSLConfig ssl_config;
1931 ssl_config.signed_cert_timestamps_enabled = false;
1932
1933 scoped_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
1934 transport.Pass(), test_server.host_port_pair(), ssl_config));
1935
1936 EXPECT_FALSE(sock->IsConnected());
1937
1938 rv = sock->Connect(callback.callback());
1939
1940 CapturingNetLog::CapturedEntryList entries;
1941 log.GetEntries(&entries);
1942 EXPECT_TRUE(LogContainsBeginEvent(entries, 5, NetLog::TYPE_SSL_CONNECT));
1943 if (rv == ERR_IO_PENDING)
1944 rv = callback.WaitForResult();
1945 EXPECT_EQ(OK, rv);
1946 EXPECT_TRUE(sock->IsConnected());
1947 log.GetEntries(&entries);
1948 EXPECT_TRUE(LogContainsSSLConnectEndEvent(entries, -1));
1949
1950 EXPECT_FALSE(sock->signed_cert_timestamps_received_);
1951
1952 sock->Disconnect();
1953 EXPECT_FALSE(sock->IsConnected());
1954 }
1955 1896
1956 } // namespace net 1897 } // namespace net
OLDNEW
« no previous file with comments | « net/socket/ssl_client_socket_nss.cc ('k') | net/test/ct_test_util.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698