OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/socket/ssl_client_socket.h" | 5 #include "net/socket/ssl_client_socket.h" |
6 | 6 |
7 #include "base/callback_helpers.h" | 7 #include "base/callback_helpers.h" |
8 #include "base/memory/ref_counted.h" | 8 #include "base/memory/ref_counted.h" |
9 #include "net/base/address_list.h" | 9 #include "net/base/address_list.h" |
10 #include "net/base/io_buffer.h" | 10 #include "net/base/io_buffer.h" |
(...skipping 1775 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1786 scoped_refptr<SSLCertRequestInfo> request_info = GetCertRequest(ssl_options); | 1786 scoped_refptr<SSLCertRequestInfo> request_info = GetCertRequest(ssl_options); |
1787 ASSERT_TRUE(request_info.get()); | 1787 ASSERT_TRUE(request_info.get()); |
1788 ASSERT_EQ(2u, request_info->cert_authorities.size()); | 1788 ASSERT_EQ(2u, request_info->cert_authorities.size()); |
1789 EXPECT_EQ(std::string(reinterpret_cast<const char*>(kThawteDN), kThawteLen), | 1789 EXPECT_EQ(std::string(reinterpret_cast<const char*>(kThawteDN), kThawteLen), |
1790 request_info->cert_authorities[0]); | 1790 request_info->cert_authorities[0]); |
1791 EXPECT_EQ( | 1791 EXPECT_EQ( |
1792 std::string(reinterpret_cast<const char*>(kDiginotarDN), kDiginotarLen), | 1792 std::string(reinterpret_cast<const char*>(kDiginotarDN), kDiginotarLen), |
1793 request_info->cert_authorities[1]); | 1793 request_info->cert_authorities[1]); |
1794 } | 1794 } |
1795 | 1795 |
1796 } // namespace | 1796 TEST_F(SSLClientSocketTest, ConnectSignedCertTimestampsEnabled) { |
1797 | |
1798 TEST_F(SSLClientSocketTest, ConnectSignedCertTimestampsEnabledTLSExtension) { | |
1799 SpawnedTestServer::SSLOptions ssl_options; | 1797 SpawnedTestServer::SSLOptions ssl_options; |
1800 ssl_options.signed_cert_timestamps_tls_ext = "test"; | 1798 ssl_options.signed_cert_timestamps = "test"; |
1801 | 1799 |
1802 SpawnedTestServer test_server(SpawnedTestServer::TYPE_HTTPS, | 1800 SpawnedTestServer test_server(SpawnedTestServer::TYPE_HTTPS, |
1803 ssl_options, | 1801 ssl_options, |
1804 base::FilePath()); | 1802 base::FilePath()); |
1805 ASSERT_TRUE(test_server.Start()); | 1803 ASSERT_TRUE(test_server.Start()); |
1806 | 1804 |
1807 AddressList addr; | 1805 AddressList addr; |
1808 ASSERT_TRUE(test_server.GetAddressList(&addr)); | 1806 ASSERT_TRUE(test_server.GetAddressList(&addr)); |
1809 | 1807 |
1810 TestCompletionCallback callback; | 1808 TestCompletionCallback callback; |
(...skipping 19 matching lines...) Expand all Loading... |
1830 log.GetEntries(&entries); | 1828 log.GetEntries(&entries); |
1831 EXPECT_TRUE(LogContainsBeginEvent(entries, 5, NetLog::TYPE_SSL_CONNECT)); | 1829 EXPECT_TRUE(LogContainsBeginEvent(entries, 5, NetLog::TYPE_SSL_CONNECT)); |
1832 if (rv == ERR_IO_PENDING) | 1830 if (rv == ERR_IO_PENDING) |
1833 rv = callback.WaitForResult(); | 1831 rv = callback.WaitForResult(); |
1834 EXPECT_EQ(OK, rv); | 1832 EXPECT_EQ(OK, rv); |
1835 EXPECT_TRUE(sock->IsConnected()); | 1833 EXPECT_TRUE(sock->IsConnected()); |
1836 log.GetEntries(&entries); | 1834 log.GetEntries(&entries); |
1837 EXPECT_TRUE(LogContainsSSLConnectEndEvent(entries, -1)); | 1835 EXPECT_TRUE(LogContainsSSLConnectEndEvent(entries, -1)); |
1838 | 1836 |
1839 #if !defined(USE_OPENSSL) | 1837 #if !defined(USE_OPENSSL) |
1840 EXPECT_TRUE(sock->signed_cert_timestamps_received_); | 1838 EXPECT_TRUE(sock->WereSignedCertTimestampsReceived()); |
1841 #else | 1839 #else |
1842 // Enabling CT for OpenSSL is currently a noop. | 1840 // Enabling CT for OpenSSL is currently a noop. |
1843 EXPECT_FALSE(sock->signed_cert_timestamps_received_); | 1841 EXPECT_FALSE(sock->WereSignedCertTimestampsReceived()); |
1844 #endif | 1842 #endif |
1845 | 1843 |
1846 sock->Disconnect(); | 1844 sock->Disconnect(); |
1847 EXPECT_FALSE(sock->IsConnected()); | 1845 EXPECT_FALSE(sock->IsConnected()); |
1848 } | 1846 } |
1849 | 1847 |
1850 // Test that enabling Signed Certificate Timestamps enables OCSP stapling. | 1848 TEST_F(SSLClientSocketTest, ConnectSignedCertTimestampsDisabled) { |
1851 TEST_F(SSLClientSocketTest, ConnectSignedCertTimestampsEnabledOCSP) { | |
1852 SpawnedTestServer::SSLOptions ssl_options; | 1849 SpawnedTestServer::SSLOptions ssl_options; |
1853 ssl_options.staple_ocsp_response = true; | 1850 ssl_options.signed_cert_timestamps = "test"; |
1854 // The test server currently only knows how to generate OCSP responses | |
1855 // for a freshly minted certificate. | |
1856 ssl_options.server_certificate = SpawnedTestServer::SSLOptions::CERT_AUTO; | |
1857 | 1851 |
1858 SpawnedTestServer test_server(SpawnedTestServer::TYPE_HTTPS, | 1852 SpawnedTestServer test_server(SpawnedTestServer::TYPE_HTTPS, |
1859 ssl_options, | 1853 ssl_options, |
1860 base::FilePath()); | 1854 base::FilePath()); |
1861 ASSERT_TRUE(test_server.Start()); | 1855 ASSERT_TRUE(test_server.Start()); |
1862 | 1856 |
1863 AddressList addr; | 1857 AddressList addr; |
1864 ASSERT_TRUE(test_server.GetAddressList(&addr)); | 1858 ASSERT_TRUE(test_server.GetAddressList(&addr)); |
1865 | 1859 |
1866 TestCompletionCallback callback; | 1860 TestCompletionCallback callback; |
1867 CapturingNetLog log; | 1861 CapturingNetLog log; |
1868 scoped_ptr<StreamSocket> transport( | 1862 scoped_ptr<StreamSocket> transport( |
1869 new TCPClientSocket(addr, &log, NetLog::Source())); | 1863 new TCPClientSocket(addr, &log, NetLog::Source())); |
1870 int rv = transport->Connect(callback.callback()); | 1864 int rv = transport->Connect(callback.callback()); |
1871 if (rv == ERR_IO_PENDING) | 1865 if (rv == ERR_IO_PENDING) |
1872 rv = callback.WaitForResult(); | 1866 rv = callback.WaitForResult(); |
1873 EXPECT_EQ(OK, rv); | 1867 EXPECT_EQ(OK, rv); |
1874 | 1868 |
1875 SSLConfig ssl_config; | 1869 SSLConfig ssl_config; |
1876 // Enabling Signed Cert Timestamps ensures we request OCSP stapling for | 1870 ssl_config.signed_cert_timestamps_enabled = false; |
1877 // Certificate Transparency verification regardless of whether the platform | |
1878 // is able to process the OCSP status itself. | |
1879 ssl_config.signed_cert_timestamps_enabled = true; | |
1880 | 1871 |
1881 scoped_ptr<SSLClientSocket> sock(CreateSSLClientSocket( | 1872 scoped_ptr<SSLClientSocket> sock(CreateSSLClientSocket( |
1882 transport.Pass(), test_server.host_port_pair(), ssl_config)); | 1873 transport.Pass(), test_server.host_port_pair(), ssl_config)); |
1883 | 1874 |
1884 EXPECT_FALSE(sock->IsConnected()); | 1875 EXPECT_FALSE(sock->IsConnected()); |
1885 | 1876 |
1886 rv = sock->Connect(callback.callback()); | 1877 rv = sock->Connect(callback.callback()); |
1887 | 1878 |
1888 CapturingNetLog::CapturedEntryList entries; | 1879 CapturingNetLog::CapturedEntryList entries; |
1889 log.GetEntries(&entries); | 1880 log.GetEntries(&entries); |
1890 EXPECT_TRUE(LogContainsBeginEvent(entries, 5, NetLog::TYPE_SSL_CONNECT)); | 1881 EXPECT_TRUE(LogContainsBeginEvent(entries, 5, NetLog::TYPE_SSL_CONNECT)); |
1891 if (rv == ERR_IO_PENDING) | 1882 if (rv == ERR_IO_PENDING) |
1892 rv = callback.WaitForResult(); | 1883 rv = callback.WaitForResult(); |
1893 EXPECT_EQ(OK, rv); | 1884 EXPECT_EQ(OK, rv); |
1894 EXPECT_TRUE(sock->IsConnected()); | 1885 EXPECT_TRUE(sock->IsConnected()); |
1895 log.GetEntries(&entries); | 1886 log.GetEntries(&entries); |
1896 EXPECT_TRUE(LogContainsSSLConnectEndEvent(entries, -1)); | 1887 EXPECT_TRUE(LogContainsSSLConnectEndEvent(entries, -1)); |
1897 | 1888 |
1898 #if !defined(USE_OPENSSL) | 1889 EXPECT_FALSE(sock->WereSignedCertTimestampsReceived()); |
1899 EXPECT_TRUE(sock->stapled_ocsp_response_received_); | |
1900 #else | |
1901 // OCSP stapling isn't currently supported in the OpenSSL socket. | |
1902 EXPECT_FALSE(sock->stapled_ocsp_response_received_); | |
1903 #endif | |
1904 | 1890 |
1905 sock->Disconnect(); | 1891 sock->Disconnect(); |
1906 EXPECT_FALSE(sock->IsConnected()); | 1892 EXPECT_FALSE(sock->IsConnected()); |
1907 } | 1893 } |
1908 | 1894 |
1909 TEST_F(SSLClientSocketTest, ConnectSignedCertTimestampsDisabled) { | 1895 } // namespace |
1910 SpawnedTestServer::SSLOptions ssl_options; | |
1911 ssl_options.signed_cert_timestamps_tls_ext = "test"; | |
1912 | |
1913 SpawnedTestServer test_server(SpawnedTestServer::TYPE_HTTPS, | |
1914 ssl_options, | |
1915 base::FilePath()); | |
1916 ASSERT_TRUE(test_server.Start()); | |
1917 | |
1918 AddressList addr; | |
1919 ASSERT_TRUE(test_server.GetAddressList(&addr)); | |
1920 | |
1921 TestCompletionCallback callback; | |
1922 CapturingNetLog log; | |
1923 scoped_ptr<StreamSocket> transport( | |
1924 new TCPClientSocket(addr, &log, NetLog::Source())); | |
1925 int rv = transport->Connect(callback.callback()); | |
1926 if (rv == ERR_IO_PENDING) | |
1927 rv = callback.WaitForResult(); | |
1928 EXPECT_EQ(OK, rv); | |
1929 | |
1930 SSLConfig ssl_config; | |
1931 ssl_config.signed_cert_timestamps_enabled = false; | |
1932 | |
1933 scoped_ptr<SSLClientSocket> sock(CreateSSLClientSocket( | |
1934 transport.Pass(), test_server.host_port_pair(), ssl_config)); | |
1935 | |
1936 EXPECT_FALSE(sock->IsConnected()); | |
1937 | |
1938 rv = sock->Connect(callback.callback()); | |
1939 | |
1940 CapturingNetLog::CapturedEntryList entries; | |
1941 log.GetEntries(&entries); | |
1942 EXPECT_TRUE(LogContainsBeginEvent(entries, 5, NetLog::TYPE_SSL_CONNECT)); | |
1943 if (rv == ERR_IO_PENDING) | |
1944 rv = callback.WaitForResult(); | |
1945 EXPECT_EQ(OK, rv); | |
1946 EXPECT_TRUE(sock->IsConnected()); | |
1947 log.GetEntries(&entries); | |
1948 EXPECT_TRUE(LogContainsSSLConnectEndEvent(entries, -1)); | |
1949 | |
1950 EXPECT_FALSE(sock->signed_cert_timestamps_received_); | |
1951 | |
1952 sock->Disconnect(); | |
1953 EXPECT_FALSE(sock->IsConnected()); | |
1954 } | |
1955 | 1896 |
1956 } // namespace net | 1897 } // namespace net |
OLD | NEW |