| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/multi_threaded_cert_verifier.h" | 5 #include "net/cert/multi_threaded_cert_verifier.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/debug/leak_annotations.h" | 8 #include "base/debug/leak_annotations.h" |
| 9 #include "base/files/file_path.h" | 9 #include "base/files/file_path.h" |
| 10 #include "base/format_macros.h" | 10 #include "base/format_macros.h" |
| (...skipping 23 matching lines...) Expand all Loading... |
| 34 | 34 |
| 35 class MockCertVerifyProc : public CertVerifyProc { | 35 class MockCertVerifyProc : public CertVerifyProc { |
| 36 public: | 36 public: |
| 37 MockCertVerifyProc() {} | 37 MockCertVerifyProc() {} |
| 38 | 38 |
| 39 private: | 39 private: |
| 40 ~MockCertVerifyProc() override {} | 40 ~MockCertVerifyProc() override {} |
| 41 | 41 |
| 42 // CertVerifyProc implementation | 42 // CertVerifyProc implementation |
| 43 bool SupportsAdditionalTrustAnchors() const override { return false; } | 43 bool SupportsAdditionalTrustAnchors() const override { return false; } |
| 44 bool SupportsOCSPStapling() const override { return false; } |
| 44 | 45 |
| 45 int VerifyInternal(X509Certificate* cert, | 46 int VerifyInternal(X509Certificate* cert, |
| 46 const std::string& hostname, | 47 const std::string& hostname, |
| 48 const std::string& ocsp_response, |
| 47 int flags, | 49 int flags, |
| 48 CRLSet* crl_set, | 50 CRLSet* crl_set, |
| 49 const CertificateList& additional_trust_anchors, | 51 const CertificateList& additional_trust_anchors, |
| 50 CertVerifyResult* verify_result) override { | 52 CertVerifyResult* verify_result) override { |
| 51 verify_result->Reset(); | 53 verify_result->Reset(); |
| 52 verify_result->verified_cert = cert; | 54 verify_result->verified_cert = cert; |
| 53 verify_result->cert_status = CERT_STATUS_COMMON_NAME_INVALID; | 55 verify_result->cert_status = CERT_STATUS_COMMON_NAME_INVALID; |
| 54 return ERR_CERT_COMMON_NAME_INVALID; | 56 return ERR_CERT_COMMON_NAME_INVALID; |
| 55 } | 57 } |
| 56 }; | 58 }; |
| (...skipping 21 matching lines...) Expand all Loading... |
| 78 base::FilePath certs_dir = GetTestCertsDirectory(); | 80 base::FilePath certs_dir = GetTestCertsDirectory(); |
| 79 scoped_refptr<X509Certificate> test_cert( | 81 scoped_refptr<X509Certificate> test_cert( |
| 80 ImportCertFromFile(certs_dir, "ok_cert.pem")); | 82 ImportCertFromFile(certs_dir, "ok_cert.pem")); |
| 81 ASSERT_NE(static_cast<X509Certificate*>(NULL), test_cert.get()); | 83 ASSERT_NE(static_cast<X509Certificate*>(NULL), test_cert.get()); |
| 82 | 84 |
| 83 int error; | 85 int error; |
| 84 CertVerifyResult verify_result; | 86 CertVerifyResult verify_result; |
| 85 TestCompletionCallback callback; | 87 TestCompletionCallback callback; |
| 86 CertVerifier::RequestHandle request_handle; | 88 CertVerifier::RequestHandle request_handle; |
| 87 | 89 |
| 88 error = verifier_.Verify(test_cert.get(), | 90 error = verifier_.Verify(test_cert.get(), "www.example.com", std::string(), 0, |
| 89 "www.example.com", | 91 NULL, &verify_result, callback.callback(), |
| 90 0, | 92 &request_handle, BoundNetLog()); |
| 91 NULL, | |
| 92 &verify_result, | |
| 93 callback.callback(), | |
| 94 &request_handle, | |
| 95 BoundNetLog()); | |
| 96 ASSERT_EQ(ERR_IO_PENDING, error); | 93 ASSERT_EQ(ERR_IO_PENDING, error); |
| 97 EXPECT_TRUE(request_handle); | 94 EXPECT_TRUE(request_handle); |
| 98 error = callback.WaitForResult(); | 95 error = callback.WaitForResult(); |
| 99 ASSERT_TRUE(IsCertificateError(error)); | 96 ASSERT_TRUE(IsCertificateError(error)); |
| 100 ASSERT_EQ(1u, verifier_.requests()); | 97 ASSERT_EQ(1u, verifier_.requests()); |
| 101 ASSERT_EQ(0u, verifier_.cache_hits()); | 98 ASSERT_EQ(0u, verifier_.cache_hits()); |
| 102 ASSERT_EQ(0u, verifier_.inflight_joins()); | 99 ASSERT_EQ(0u, verifier_.inflight_joins()); |
| 103 ASSERT_EQ(1u, verifier_.GetCacheSize()); | 100 ASSERT_EQ(1u, verifier_.GetCacheSize()); |
| 104 | 101 |
| 105 error = verifier_.Verify(test_cert.get(), | 102 error = verifier_.Verify(test_cert.get(), "www.example.com", std::string(), 0, |
| 106 "www.example.com", | 103 NULL, &verify_result, callback.callback(), |
| 107 0, | 104 &request_handle, BoundNetLog()); |
| 108 NULL, | |
| 109 &verify_result, | |
| 110 callback.callback(), | |
| 111 &request_handle, | |
| 112 BoundNetLog()); | |
| 113 // Synchronous completion. | 105 // Synchronous completion. |
| 114 ASSERT_NE(ERR_IO_PENDING, error); | 106 ASSERT_NE(ERR_IO_PENDING, error); |
| 115 ASSERT_TRUE(IsCertificateError(error)); | 107 ASSERT_TRUE(IsCertificateError(error)); |
| 116 ASSERT_TRUE(request_handle == NULL); | 108 ASSERT_TRUE(request_handle == NULL); |
| 117 ASSERT_EQ(2u, verifier_.requests()); | 109 ASSERT_EQ(2u, verifier_.requests()); |
| 118 ASSERT_EQ(1u, verifier_.cache_hits()); | 110 ASSERT_EQ(1u, verifier_.cache_hits()); |
| 119 ASSERT_EQ(0u, verifier_.inflight_joins()); | 111 ASSERT_EQ(0u, verifier_.inflight_joins()); |
| 120 ASSERT_EQ(1u, verifier_.GetCacheSize()); | 112 ASSERT_EQ(1u, verifier_.GetCacheSize()); |
| 121 } | 113 } |
| 122 | 114 |
| (...skipping 25 matching lines...) Expand all Loading... |
| 148 intermediates.push_back(intermediate_cert2->os_cert_handle()); | 140 intermediates.push_back(intermediate_cert2->os_cert_handle()); |
| 149 scoped_refptr<X509Certificate> cert_chain2 = | 141 scoped_refptr<X509Certificate> cert_chain2 = |
| 150 X509Certificate::CreateFromHandle(server_cert->os_cert_handle(), | 142 X509Certificate::CreateFromHandle(server_cert->os_cert_handle(), |
| 151 intermediates); | 143 intermediates); |
| 152 | 144 |
| 153 int error; | 145 int error; |
| 154 CertVerifyResult verify_result; | 146 CertVerifyResult verify_result; |
| 155 TestCompletionCallback callback; | 147 TestCompletionCallback callback; |
| 156 CertVerifier::RequestHandle request_handle; | 148 CertVerifier::RequestHandle request_handle; |
| 157 | 149 |
| 158 error = verifier_.Verify(cert_chain1.get(), | 150 error = verifier_.Verify(cert_chain1.get(), "www.example.com", std::string(), |
| 159 "www.example.com", | 151 0, NULL, &verify_result, callback.callback(), |
| 160 0, | 152 &request_handle, BoundNetLog()); |
| 161 NULL, | |
| 162 &verify_result, | |
| 163 callback.callback(), | |
| 164 &request_handle, | |
| 165 BoundNetLog()); | |
| 166 ASSERT_EQ(ERR_IO_PENDING, error); | 153 ASSERT_EQ(ERR_IO_PENDING, error); |
| 167 EXPECT_TRUE(request_handle); | 154 EXPECT_TRUE(request_handle); |
| 168 error = callback.WaitForResult(); | 155 error = callback.WaitForResult(); |
| 169 ASSERT_TRUE(IsCertificateError(error)); | 156 ASSERT_TRUE(IsCertificateError(error)); |
| 170 ASSERT_EQ(1u, verifier_.requests()); | 157 ASSERT_EQ(1u, verifier_.requests()); |
| 171 ASSERT_EQ(0u, verifier_.cache_hits()); | 158 ASSERT_EQ(0u, verifier_.cache_hits()); |
| 172 ASSERT_EQ(0u, verifier_.inflight_joins()); | 159 ASSERT_EQ(0u, verifier_.inflight_joins()); |
| 173 ASSERT_EQ(1u, verifier_.GetCacheSize()); | 160 ASSERT_EQ(1u, verifier_.GetCacheSize()); |
| 174 | 161 |
| 175 error = verifier_.Verify(cert_chain2.get(), | 162 error = verifier_.Verify(cert_chain2.get(), "www.example.com", std::string(), |
| 176 "www.example.com", | 163 0, NULL, &verify_result, callback.callback(), |
| 177 0, | 164 &request_handle, BoundNetLog()); |
| 178 NULL, | |
| 179 &verify_result, | |
| 180 callback.callback(), | |
| 181 &request_handle, | |
| 182 BoundNetLog()); | |
| 183 ASSERT_EQ(ERR_IO_PENDING, error); | 165 ASSERT_EQ(ERR_IO_PENDING, error); |
| 184 EXPECT_TRUE(request_handle); | 166 EXPECT_TRUE(request_handle); |
| 185 error = callback.WaitForResult(); | 167 error = callback.WaitForResult(); |
| 186 ASSERT_TRUE(IsCertificateError(error)); | 168 ASSERT_TRUE(IsCertificateError(error)); |
| 187 ASSERT_EQ(2u, verifier_.requests()); | 169 ASSERT_EQ(2u, verifier_.requests()); |
| 188 ASSERT_EQ(0u, verifier_.cache_hits()); | 170 ASSERT_EQ(0u, verifier_.cache_hits()); |
| 189 ASSERT_EQ(0u, verifier_.inflight_joins()); | 171 ASSERT_EQ(0u, verifier_.inflight_joins()); |
| 190 ASSERT_EQ(2u, verifier_.GetCacheSize()); | 172 ASSERT_EQ(2u, verifier_.GetCacheSize()); |
| 191 } | 173 } |
| 192 | 174 |
| 193 // Tests an inflight join. | 175 // Tests an inflight join. |
| 194 TEST_F(MultiThreadedCertVerifierTest, InflightJoin) { | 176 TEST_F(MultiThreadedCertVerifierTest, InflightJoin) { |
| 195 base::FilePath certs_dir = GetTestCertsDirectory(); | 177 base::FilePath certs_dir = GetTestCertsDirectory(); |
| 196 scoped_refptr<X509Certificate> test_cert( | 178 scoped_refptr<X509Certificate> test_cert( |
| 197 ImportCertFromFile(certs_dir, "ok_cert.pem")); | 179 ImportCertFromFile(certs_dir, "ok_cert.pem")); |
| 198 ASSERT_NE(static_cast<X509Certificate*>(NULL), test_cert.get()); | 180 ASSERT_NE(static_cast<X509Certificate*>(NULL), test_cert.get()); |
| 199 | 181 |
| 200 int error; | 182 int error; |
| 201 CertVerifyResult verify_result; | 183 CertVerifyResult verify_result; |
| 202 TestCompletionCallback callback; | 184 TestCompletionCallback callback; |
| 203 CertVerifier::RequestHandle request_handle; | 185 CertVerifier::RequestHandle request_handle; |
| 204 CertVerifyResult verify_result2; | 186 CertVerifyResult verify_result2; |
| 205 TestCompletionCallback callback2; | 187 TestCompletionCallback callback2; |
| 206 CertVerifier::RequestHandle request_handle2; | 188 CertVerifier::RequestHandle request_handle2; |
| 207 | 189 |
| 208 error = verifier_.Verify(test_cert.get(), | 190 error = verifier_.Verify(test_cert.get(), "www.example.com", std::string(), 0, |
| 209 "www.example.com", | 191 NULL, &verify_result, callback.callback(), |
| 210 0, | 192 &request_handle, BoundNetLog()); |
| 211 NULL, | |
| 212 &verify_result, | |
| 213 callback.callback(), | |
| 214 &request_handle, | |
| 215 BoundNetLog()); | |
| 216 ASSERT_EQ(ERR_IO_PENDING, error); | 193 ASSERT_EQ(ERR_IO_PENDING, error); |
| 217 EXPECT_TRUE(request_handle); | 194 EXPECT_TRUE(request_handle); |
| 218 error = verifier_.Verify(test_cert.get(), | 195 error = verifier_.Verify(test_cert.get(), "www.example.com", std::string(), 0, |
| 219 "www.example.com", | 196 NULL, &verify_result2, callback2.callback(), |
| 220 0, | 197 &request_handle2, BoundNetLog()); |
| 221 NULL, | |
| 222 &verify_result2, | |
| 223 callback2.callback(), | |
| 224 &request_handle2, | |
| 225 BoundNetLog()); | |
| 226 EXPECT_EQ(ERR_IO_PENDING, error); | 198 EXPECT_EQ(ERR_IO_PENDING, error); |
| 227 EXPECT_TRUE(request_handle2 != NULL); | 199 EXPECT_TRUE(request_handle2 != NULL); |
| 228 error = callback.WaitForResult(); | 200 error = callback.WaitForResult(); |
| 229 EXPECT_TRUE(IsCertificateError(error)); | 201 EXPECT_TRUE(IsCertificateError(error)); |
| 230 error = callback2.WaitForResult(); | 202 error = callback2.WaitForResult(); |
| 231 ASSERT_TRUE(IsCertificateError(error)); | 203 ASSERT_TRUE(IsCertificateError(error)); |
| 232 ASSERT_EQ(2u, verifier_.requests()); | 204 ASSERT_EQ(2u, verifier_.requests()); |
| 233 ASSERT_EQ(0u, verifier_.cache_hits()); | 205 ASSERT_EQ(0u, verifier_.cache_hits()); |
| 234 ASSERT_EQ(1u, verifier_.inflight_joins()); | 206 ASSERT_EQ(1u, verifier_.inflight_joins()); |
| 235 } | 207 } |
| 236 | 208 |
| 237 // Tests that the callback of a canceled request is never made. | 209 // Tests that the callback of a canceled request is never made. |
| 238 TEST_F(MultiThreadedCertVerifierTest, CancelRequest) { | 210 TEST_F(MultiThreadedCertVerifierTest, CancelRequest) { |
| 239 base::FilePath certs_dir = GetTestCertsDirectory(); | 211 base::FilePath certs_dir = GetTestCertsDirectory(); |
| 240 scoped_refptr<X509Certificate> test_cert( | 212 scoped_refptr<X509Certificate> test_cert( |
| 241 ImportCertFromFile(certs_dir, "ok_cert.pem")); | 213 ImportCertFromFile(certs_dir, "ok_cert.pem")); |
| 242 ASSERT_NE(static_cast<X509Certificate*>(NULL), test_cert.get()); | 214 ASSERT_NE(static_cast<X509Certificate*>(NULL), test_cert.get()); |
| 243 | 215 |
| 244 int error; | 216 int error; |
| 245 CertVerifyResult verify_result; | 217 CertVerifyResult verify_result; |
| 246 CertVerifier::RequestHandle request_handle; | 218 CertVerifier::RequestHandle request_handle; |
| 247 | 219 |
| 248 error = verifier_.Verify(test_cert.get(), | 220 error = verifier_.Verify(test_cert.get(), "www.example.com", std::string(), 0, |
| 249 "www.example.com", | 221 NULL, &verify_result, base::Bind(&FailTest), |
| 250 0, | 222 &request_handle, BoundNetLog()); |
| 251 NULL, | |
| 252 &verify_result, | |
| 253 base::Bind(&FailTest), | |
| 254 &request_handle, | |
| 255 BoundNetLog()); | |
| 256 ASSERT_EQ(ERR_IO_PENDING, error); | 223 ASSERT_EQ(ERR_IO_PENDING, error); |
| 257 ASSERT_TRUE(request_handle != NULL); | 224 ASSERT_TRUE(request_handle != NULL); |
| 258 verifier_.CancelRequest(request_handle); | 225 verifier_.CancelRequest(request_handle); |
| 259 | 226 |
| 260 // Issue a few more requests to the worker pool and wait for their | 227 // Issue a few more requests to the worker pool and wait for their |
| 261 // completion, so that the task of the canceled request (which runs on a | 228 // completion, so that the task of the canceled request (which runs on a |
| 262 // worker thread) is likely to complete by the end of this test. | 229 // worker thread) is likely to complete by the end of this test. |
| 263 TestCompletionCallback callback; | 230 TestCompletionCallback callback; |
| 264 for (int i = 0; i < 5; ++i) { | 231 for (int i = 0; i < 5; ++i) { |
| 265 error = verifier_.Verify(test_cert.get(), | 232 error = verifier_.Verify(test_cert.get(), "www2.example.com", std::string(), |
| 266 "www2.example.com", | 233 0, NULL, &verify_result, callback.callback(), |
| 267 0, | 234 &request_handle, BoundNetLog()); |
| 268 NULL, | |
| 269 &verify_result, | |
| 270 callback.callback(), | |
| 271 &request_handle, | |
| 272 BoundNetLog()); | |
| 273 ASSERT_EQ(ERR_IO_PENDING, error); | 235 ASSERT_EQ(ERR_IO_PENDING, error); |
| 274 EXPECT_TRUE(request_handle); | 236 EXPECT_TRUE(request_handle); |
| 275 error = callback.WaitForResult(); | 237 error = callback.WaitForResult(); |
| 276 verifier_.ClearCache(); | 238 verifier_.ClearCache(); |
| 277 } | 239 } |
| 278 } | 240 } |
| 279 | 241 |
| 280 // Tests that a canceled request is not leaked. | 242 // Tests that a canceled request is not leaked. |
| 281 TEST_F(MultiThreadedCertVerifierTest, CancelRequestThenQuit) { | 243 TEST_F(MultiThreadedCertVerifierTest, CancelRequestThenQuit) { |
| 282 base::FilePath certs_dir = GetTestCertsDirectory(); | 244 base::FilePath certs_dir = GetTestCertsDirectory(); |
| 283 scoped_refptr<X509Certificate> test_cert( | 245 scoped_refptr<X509Certificate> test_cert( |
| 284 ImportCertFromFile(certs_dir, "ok_cert.pem")); | 246 ImportCertFromFile(certs_dir, "ok_cert.pem")); |
| 285 ASSERT_NE(static_cast<X509Certificate*>(NULL), test_cert.get()); | 247 ASSERT_NE(static_cast<X509Certificate*>(NULL), test_cert.get()); |
| 286 | 248 |
| 287 int error; | 249 int error; |
| 288 CertVerifyResult verify_result; | 250 CertVerifyResult verify_result; |
| 289 TestCompletionCallback callback; | 251 TestCompletionCallback callback; |
| 290 CertVerifier::RequestHandle request_handle; | 252 CertVerifier::RequestHandle request_handle; |
| 291 | 253 |
| 292 { | 254 { |
| 293 // Because shutdown intentionally doesn't join worker threads, a | 255 // Because shutdown intentionally doesn't join worker threads, a |
| 294 // CertVerifyWorker may be leaked if the main thread shuts down before the | 256 // CertVerifyWorker may be leaked if the main thread shuts down before the |
| 295 // worker thread. | 257 // worker thread. |
| 296 ANNOTATE_SCOPED_MEMORY_LEAK; | 258 ANNOTATE_SCOPED_MEMORY_LEAK; |
| 297 error = verifier_.Verify(test_cert.get(), "www.example.com", 0, NULL, | 259 error = verifier_.Verify(test_cert.get(), "www.example.com", std::string(), |
| 298 &verify_result, callback.callback(), | 260 0, NULL, &verify_result, callback.callback(), |
| 299 &request_handle, BoundNetLog()); | 261 &request_handle, BoundNetLog()); |
| 300 } | 262 } |
| 301 ASSERT_EQ(ERR_IO_PENDING, error); | 263 ASSERT_EQ(ERR_IO_PENDING, error); |
| 302 EXPECT_TRUE(request_handle); | 264 EXPECT_TRUE(request_handle); |
| 303 verifier_.CancelRequest(request_handle); | 265 verifier_.CancelRequest(request_handle); |
| 304 // Destroy |verifier| by going out of scope. | 266 // Destroy |verifier| by going out of scope. |
| 305 } | 267 } |
| 306 | 268 |
| 307 TEST_F(MultiThreadedCertVerifierTest, RequestParamsComparators) { | 269 TEST_F(MultiThreadedCertVerifierTest, RequestParamsComparators) { |
| 308 SHA1HashValue a_key; | 270 SHA1HashValue a_key; |
| (...skipping 11 matching lines...) Expand all Loading... |
| 320 // Keys to test | 282 // Keys to test |
| 321 MultiThreadedCertVerifier::RequestParams key1; | 283 MultiThreadedCertVerifier::RequestParams key1; |
| 322 MultiThreadedCertVerifier::RequestParams key2; | 284 MultiThreadedCertVerifier::RequestParams key2; |
| 323 | 285 |
| 324 // Expectation: | 286 // Expectation: |
| 325 // -1 means key1 is less than key2 | 287 // -1 means key1 is less than key2 |
| 326 // 0 means key1 equals key2 | 288 // 0 means key1 equals key2 |
| 327 // 1 means key1 is greater than key2 | 289 // 1 means key1 is greater than key2 |
| 328 int expected_result; | 290 int expected_result; |
| 329 } tests[] = { | 291 } tests[] = { |
| 330 { // Test for basic equivalence. | 292 { |
| 331 MultiThreadedCertVerifier::RequestParams(a_key, a_key, "www.example.test", | 293 // Test for basic equivalence. |
| 332 0, test_list), | 294 MultiThreadedCertVerifier::RequestParams( |
| 333 MultiThreadedCertVerifier::RequestParams(a_key, a_key, "www.example.test", | 295 a_key, a_key, "www.example.test", std::string(), 0, test_list), |
| 334 0, test_list), | 296 MultiThreadedCertVerifier::RequestParams( |
| 335 0, | 297 a_key, a_key, "www.example.test", std::string(), 0, test_list), |
| 336 }, | 298 0, |
| 337 { // Test that different certificates but with the same CA and for | 299 }, |
| 300 { |
| 301 // Test that different certificates but with the same CA and for |
| 338 // the same host are different validation keys. | 302 // the same host are different validation keys. |
| 339 MultiThreadedCertVerifier::RequestParams(a_key, a_key, "www.example.test", | 303 MultiThreadedCertVerifier::RequestParams( |
| 340 0, test_list), | 304 a_key, a_key, "www.example.test", std::string(), 0, test_list), |
| 341 MultiThreadedCertVerifier::RequestParams(z_key, a_key, "www.example.test", | 305 MultiThreadedCertVerifier::RequestParams( |
| 342 0, test_list), | 306 z_key, a_key, "www.example.test", std::string(), 0, test_list), |
| 343 -1, | 307 -1, |
| 344 }, | 308 }, |
| 345 { // Test that the same EE certificate for the same host, but with | 309 { |
| 310 // Test that the same EE certificate for the same host, but with |
| 346 // different chains are different validation keys. | 311 // different chains are different validation keys. |
| 347 MultiThreadedCertVerifier::RequestParams(a_key, z_key, "www.example.test", | 312 MultiThreadedCertVerifier::RequestParams( |
| 348 0, test_list), | 313 a_key, z_key, "www.example.test", std::string(), 0, test_list), |
| 349 MultiThreadedCertVerifier::RequestParams(a_key, a_key, "www.example.test", | 314 MultiThreadedCertVerifier::RequestParams( |
| 350 0, test_list), | 315 a_key, a_key, "www.example.test", std::string(), 0, test_list), |
| 351 1, | 316 1, |
| 352 }, | 317 }, |
| 353 { // The same certificate, with the same chain, but for different | 318 { |
| 319 // The same certificate, with the same chain, but for different |
| 354 // hosts are different validation keys. | 320 // hosts are different validation keys. |
| 355 MultiThreadedCertVerifier::RequestParams(a_key, a_key, | 321 MultiThreadedCertVerifier::RequestParams( |
| 356 "www1.example.test", 0, | 322 a_key, a_key, "www1.example.test", std::string(), 0, test_list), |
| 357 test_list), | 323 MultiThreadedCertVerifier::RequestParams( |
| 358 MultiThreadedCertVerifier::RequestParams(a_key, a_key, | 324 a_key, a_key, "www2.example.test", std::string(), 0, test_list), |
| 359 "www2.example.test", 0, | 325 -1, |
| 360 test_list), | 326 }, |
| 361 -1, | 327 { |
| 362 }, | 328 // The same certificate, chain, and host, but with different flags |
| 363 { // The same certificate, chain, and host, but with different flags | |
| 364 // are different validation keys. | 329 // are different validation keys. |
| 365 MultiThreadedCertVerifier::RequestParams(a_key, a_key, "www.example.test", | 330 MultiThreadedCertVerifier::RequestParams( |
| 366 CertVerifier::VERIFY_EV_CERT, | 331 a_key, a_key, "www.example.test", std::string(), |
| 367 test_list), | 332 CertVerifier::VERIFY_EV_CERT, test_list), |
| 368 MultiThreadedCertVerifier::RequestParams(a_key, a_key, "www.example.test", | 333 MultiThreadedCertVerifier::RequestParams( |
| 369 0, test_list), | 334 a_key, a_key, "www.example.test", std::string(), 0, test_list), |
| 370 1, | 335 1, |
| 371 }, | 336 }, |
| 372 { // Different additional_trust_anchors. | 337 { |
| 373 MultiThreadedCertVerifier::RequestParams(a_key, a_key, "www.example.test", | 338 // Different additional_trust_anchors. |
| 374 0, empty_list), | 339 MultiThreadedCertVerifier::RequestParams( |
| 375 MultiThreadedCertVerifier::RequestParams(a_key, a_key, "www.example.test", | 340 a_key, a_key, "www.example.test", std::string(), 0, empty_list), |
| 376 0, test_list), | 341 MultiThreadedCertVerifier::RequestParams( |
| 377 -1, | 342 a_key, a_key, "www.example.test", std::string(), 0, test_list), |
| 378 }, | 343 -1, |
| 344 }, |
| 345 { |
| 346 // Different OCSP responses. |
| 347 MultiThreadedCertVerifier::RequestParams( |
| 348 a_key, a_key, "www.example.test", "ocsp response", 0, test_list), |
| 349 MultiThreadedCertVerifier::RequestParams( |
| 350 a_key, a_key, "www.example.test", std::string(), 0, test_list), |
| 351 -1, |
| 352 }, |
| 379 }; | 353 }; |
| 380 for (size_t i = 0; i < arraysize(tests); ++i) { | 354 for (size_t i = 0; i < arraysize(tests); ++i) { |
| 381 SCOPED_TRACE(base::StringPrintf("Test[%" PRIuS "]", i)); | 355 SCOPED_TRACE(base::StringPrintf("Test[%" PRIuS "]", i)); |
| 382 | 356 |
| 383 const MultiThreadedCertVerifier::RequestParams& key1 = tests[i].key1; | 357 const MultiThreadedCertVerifier::RequestParams& key1 = tests[i].key1; |
| 384 const MultiThreadedCertVerifier::RequestParams& key2 = tests[i].key2; | 358 const MultiThreadedCertVerifier::RequestParams& key2 = tests[i].key2; |
| 385 | 359 |
| 386 switch (tests[i].expected_result) { | 360 switch (tests[i].expected_result) { |
| 387 case -1: | 361 case -1: |
| 388 EXPECT_TRUE(key1 < key2); | 362 EXPECT_TRUE(key1 < key2); |
| (...skipping 26 matching lines...) Expand all Loading... |
| 415 cert_list.push_back(test_cert); | 389 cert_list.push_back(test_cert); |
| 416 | 390 |
| 417 // Check that Verify() asks the |trust_provider| for the current list of | 391 // Check that Verify() asks the |trust_provider| for the current list of |
| 418 // additional trust anchors. | 392 // additional trust anchors. |
| 419 int error; | 393 int error; |
| 420 CertVerifyResult verify_result; | 394 CertVerifyResult verify_result; |
| 421 TestCompletionCallback callback; | 395 TestCompletionCallback callback; |
| 422 CertVerifier::RequestHandle request_handle; | 396 CertVerifier::RequestHandle request_handle; |
| 423 EXPECT_CALL(trust_provider, GetAdditionalTrustAnchors()) | 397 EXPECT_CALL(trust_provider, GetAdditionalTrustAnchors()) |
| 424 .WillOnce(ReturnRef(empty_cert_list)); | 398 .WillOnce(ReturnRef(empty_cert_list)); |
| 425 error = verifier_.Verify(test_cert.get(), | 399 error = verifier_.Verify(test_cert.get(), "www.example.com", std::string(), 0, |
| 426 "www.example.com", | 400 NULL, &verify_result, callback.callback(), |
| 427 0, | 401 &request_handle, BoundNetLog()); |
| 428 NULL, | |
| 429 &verify_result, | |
| 430 callback.callback(), | |
| 431 &request_handle, | |
| 432 BoundNetLog()); | |
| 433 Mock::VerifyAndClearExpectations(&trust_provider); | 402 Mock::VerifyAndClearExpectations(&trust_provider); |
| 434 ASSERT_EQ(ERR_IO_PENDING, error); | 403 ASSERT_EQ(ERR_IO_PENDING, error); |
| 435 EXPECT_TRUE(request_handle); | 404 EXPECT_TRUE(request_handle); |
| 436 error = callback.WaitForResult(); | 405 error = callback.WaitForResult(); |
| 437 EXPECT_EQ(ERR_CERT_COMMON_NAME_INVALID, error); | 406 EXPECT_EQ(ERR_CERT_COMMON_NAME_INVALID, error); |
| 438 ASSERT_EQ(1u, verifier_.requests()); | 407 ASSERT_EQ(1u, verifier_.requests()); |
| 439 ASSERT_EQ(0u, verifier_.cache_hits()); | 408 ASSERT_EQ(0u, verifier_.cache_hits()); |
| 440 | 409 |
| 441 // The next Verify() uses the cached result. | 410 // The next Verify() uses the cached result. |
| 442 EXPECT_CALL(trust_provider, GetAdditionalTrustAnchors()) | 411 EXPECT_CALL(trust_provider, GetAdditionalTrustAnchors()) |
| 443 .WillOnce(ReturnRef(empty_cert_list)); | 412 .WillOnce(ReturnRef(empty_cert_list)); |
| 444 error = verifier_.Verify(test_cert.get(), | 413 error = verifier_.Verify(test_cert.get(), "www.example.com", std::string(), 0, |
| 445 "www.example.com", | 414 NULL, &verify_result, callback.callback(), |
| 446 0, | 415 &request_handle, BoundNetLog()); |
| 447 NULL, | |
| 448 &verify_result, | |
| 449 callback.callback(), | |
| 450 &request_handle, | |
| 451 BoundNetLog()); | |
| 452 Mock::VerifyAndClearExpectations(&trust_provider); | 416 Mock::VerifyAndClearExpectations(&trust_provider); |
| 453 EXPECT_EQ(ERR_CERT_COMMON_NAME_INVALID, error); | 417 EXPECT_EQ(ERR_CERT_COMMON_NAME_INVALID, error); |
| 454 EXPECT_FALSE(request_handle); | 418 EXPECT_FALSE(request_handle); |
| 455 ASSERT_EQ(2u, verifier_.requests()); | 419 ASSERT_EQ(2u, verifier_.requests()); |
| 456 ASSERT_EQ(1u, verifier_.cache_hits()); | 420 ASSERT_EQ(1u, verifier_.cache_hits()); |
| 457 | 421 |
| 458 // Another Verify() for the same certificate but with a different list of | 422 // Another Verify() for the same certificate but with a different list of |
| 459 // trust anchors will not reuse the cache. | 423 // trust anchors will not reuse the cache. |
| 460 EXPECT_CALL(trust_provider, GetAdditionalTrustAnchors()) | 424 EXPECT_CALL(trust_provider, GetAdditionalTrustAnchors()) |
| 461 .WillOnce(ReturnRef(cert_list)); | 425 .WillOnce(ReturnRef(cert_list)); |
| 462 error = verifier_.Verify(test_cert.get(), | 426 error = verifier_.Verify(test_cert.get(), "www.example.com", std::string(), 0, |
| 463 "www.example.com", | 427 NULL, &verify_result, callback.callback(), |
| 464 0, | 428 &request_handle, BoundNetLog()); |
| 465 NULL, | |
| 466 &verify_result, | |
| 467 callback.callback(), | |
| 468 &request_handle, | |
| 469 BoundNetLog()); | |
| 470 Mock::VerifyAndClearExpectations(&trust_provider); | 429 Mock::VerifyAndClearExpectations(&trust_provider); |
| 471 ASSERT_EQ(ERR_IO_PENDING, error); | 430 ASSERT_EQ(ERR_IO_PENDING, error); |
| 472 EXPECT_TRUE(request_handle); | 431 EXPECT_TRUE(request_handle); |
| 473 error = callback.WaitForResult(); | 432 error = callback.WaitForResult(); |
| 474 EXPECT_EQ(ERR_CERT_COMMON_NAME_INVALID, error); | 433 EXPECT_EQ(ERR_CERT_COMMON_NAME_INVALID, error); |
| 475 ASSERT_EQ(3u, verifier_.requests()); | 434 ASSERT_EQ(3u, verifier_.requests()); |
| 476 ASSERT_EQ(1u, verifier_.cache_hits()); | 435 ASSERT_EQ(1u, verifier_.cache_hits()); |
| 477 } | 436 } |
| 478 | 437 |
| 479 } // namespace net | 438 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1081913003:
Route OCSP stapling through CertVerifier. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@boringnss