| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/policy/policy_cert_verifier.h" | 5 #include "chrome/browser/chromeos/policy/policy_cert_verifier.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/bind_helpers.h" | 8 #include "base/bind_helpers.h" |
| 9 #include "base/callback.h" | 9 #include "base/callback.h" |
| 10 #include "base/memory/ref_counted.h" | 10 #include "base/memory/ref_counted.h" |
| (...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 59 test_ca_cert_list_.push_back(test_ca_cert_); | 59 test_ca_cert_list_.push_back(test_ca_cert_); |
| 60 } | 60 } |
| 61 | 61 |
| 62 void TearDown() override { | 62 void TearDown() override { |
| 63 // Destroy |cert_verifier_| before destroying the ThreadBundle, otherwise | 63 // Destroy |cert_verifier_| before destroying the ThreadBundle, otherwise |
| 64 // BrowserThread::CurrentlyOn checks fail. | 64 // BrowserThread::CurrentlyOn checks fail. |
| 65 cert_verifier_.reset(); | 65 cert_verifier_.reset(); |
| 66 } | 66 } |
| 67 | 67 |
| 68 protected: | 68 protected: |
| 69 int VerifyTestServerCert( | 69 int VerifyTestServerCert(const net::TestCompletionCallback& test_callback, |
| 70 const net::TestCompletionCallback& test_callback, | 70 net::CertVerifyResult* verify_result, |
| 71 net::CertVerifyResult* verify_result, | 71 scoped_ptr<net::CertVerifier::Request>* request) { |
| 72 scoped_ptr<net::CertVerifier::Request>* request_handle) { | 72 return cert_verifier_->Verify( |
| 73 return cert_verifier_->Verify(test_server_cert_.get(), "127.0.0.1", | 73 test_server_cert_.get(), "127.0.0.1", std::string(), 0, NULL, |
| 74 std::string(), 0, NULL, verify_result, | 74 verify_result, test_callback.callback(), request, net::BoundNetLog()); |
| 75 test_callback.callback(), request_handle, | |
| 76 net::BoundNetLog()); | |
| 77 } | 75 } |
| 78 | 76 |
| 79 bool SupportsAdditionalTrustAnchors() { | 77 bool SupportsAdditionalTrustAnchors() { |
| 80 scoped_refptr<net::CertVerifyProc> proc = | 78 scoped_refptr<net::CertVerifyProc> proc = |
| 81 net::CertVerifyProc::CreateDefault(); | 79 net::CertVerifyProc::CreateDefault(); |
| 82 return proc->SupportsAdditionalTrustAnchors(); | 80 return proc->SupportsAdditionalTrustAnchors(); |
| 83 } | 81 } |
| 84 | 82 |
| 85 // Returns whether |cert_verifier| signalled usage of one of the additional | 83 // Returns whether |cert_verifier| signalled usage of one of the additional |
| 86 // trust anchors (i.e. of |test_ca_cert_|) for the first time or since the | 84 // trust anchors (i.e. of |test_ca_cert_|) for the first time or since the |
| (...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 120 bool trust_anchor_used_; | 118 bool trust_anchor_used_; |
| 121 crypto::ScopedTestNSSChromeOSUser test_nss_user_; | 119 crypto::ScopedTestNSSChromeOSUser test_nss_user_; |
| 122 content::TestBrowserThreadBundle thread_bundle_; | 120 content::TestBrowserThreadBundle thread_bundle_; |
| 123 }; | 121 }; |
| 124 | 122 |
| 125 TEST_F(PolicyCertVerifierTest, VerifyUntrustedCert) { | 123 TEST_F(PolicyCertVerifierTest, VerifyUntrustedCert) { |
| 126 // |test_server_cert_| is untrusted, so Verify() fails. | 124 // |test_server_cert_| is untrusted, so Verify() fails. |
| 127 { | 125 { |
| 128 net::CertVerifyResult verify_result; | 126 net::CertVerifyResult verify_result; |
| 129 net::TestCompletionCallback callback; | 127 net::TestCompletionCallback callback; |
| 130 scoped_ptr<net::CertVerifier::Request> request_handle; | 128 scoped_ptr<net::CertVerifier::Request> request; |
| 131 int error = VerifyTestServerCert(callback, &verify_result, &request_handle); | 129 int error = VerifyTestServerCert(callback, &verify_result, &request); |
| 132 ASSERT_EQ(net::ERR_IO_PENDING, error); | 130 ASSERT_EQ(net::ERR_IO_PENDING, error); |
| 133 EXPECT_TRUE(request_handle); | 131 EXPECT_TRUE(request); |
| 134 error = callback.WaitForResult(); | 132 error = callback.WaitForResult(); |
| 135 EXPECT_EQ(net::ERR_CERT_AUTHORITY_INVALID, error); | 133 EXPECT_EQ(net::ERR_CERT_AUTHORITY_INVALID, error); |
| 136 } | 134 } |
| 137 | 135 |
| 138 // Issuing the same request again hits the cache. This tests the synchronous | 136 // Issuing the same request again hits the cache. This tests the synchronous |
| 139 // path. | 137 // path. |
| 140 { | 138 { |
| 141 net::CertVerifyResult verify_result; | 139 net::CertVerifyResult verify_result; |
| 142 net::TestCompletionCallback callback; | 140 net::TestCompletionCallback callback; |
| 143 scoped_ptr<net::CertVerifier::Request> request_handle; | 141 scoped_ptr<net::CertVerifier::Request> request; |
| 144 int error = VerifyTestServerCert(callback, &verify_result, &request_handle); | 142 int error = VerifyTestServerCert(callback, &verify_result, &request); |
| 145 EXPECT_EQ(net::ERR_CERT_AUTHORITY_INVALID, error); | 143 EXPECT_EQ(net::ERR_CERT_AUTHORITY_INVALID, error); |
| 146 } | 144 } |
| 147 | 145 |
| 148 EXPECT_FALSE(WasTrustAnchorUsedAndReset()); | 146 EXPECT_FALSE(WasTrustAnchorUsedAndReset()); |
| 149 } | 147 } |
| 150 | 148 |
| 151 TEST_F(PolicyCertVerifierTest, VerifyTrustedCert) { | 149 TEST_F(PolicyCertVerifierTest, VerifyTrustedCert) { |
| 152 // Make the database trust |test_ca_cert_|. | 150 // Make the database trust |test_ca_cert_|. |
| 153 net::NSSCertDatabase::ImportCertFailureList failure_list; | 151 net::NSSCertDatabase::ImportCertFailureList failure_list; |
| 154 ASSERT_TRUE(test_cert_db_->ImportCACerts( | 152 ASSERT_TRUE(test_cert_db_->ImportCACerts( |
| 155 test_ca_cert_list_, net::NSSCertDatabase::TRUSTED_SSL, &failure_list)); | 153 test_ca_cert_list_, net::NSSCertDatabase::TRUSTED_SSL, &failure_list)); |
| 156 ASSERT_TRUE(failure_list.empty()); | 154 ASSERT_TRUE(failure_list.empty()); |
| 157 | 155 |
| 158 // Verify that it is now trusted. | 156 // Verify that it is now trusted. |
| 159 net::NSSCertDatabase::TrustBits trust = | 157 net::NSSCertDatabase::TrustBits trust = |
| 160 test_cert_db_->GetCertTrust(test_ca_cert_.get(), net::CA_CERT); | 158 test_cert_db_->GetCertTrust(test_ca_cert_.get(), net::CA_CERT); |
| 161 EXPECT_EQ(net::NSSCertDatabase::TRUSTED_SSL, trust); | 159 EXPECT_EQ(net::NSSCertDatabase::TRUSTED_SSL, trust); |
| 162 | 160 |
| 163 // Verify() successfully verifies |test_server_cert_| after it was imported. | 161 // Verify() successfully verifies |test_server_cert_| after it was imported. |
| 164 net::CertVerifyResult verify_result; | 162 net::CertVerifyResult verify_result; |
| 165 net::TestCompletionCallback callback; | 163 net::TestCompletionCallback callback; |
| 166 scoped_ptr<net::CertVerifier::Request> request_handle; | 164 scoped_ptr<net::CertVerifier::Request> request; |
| 167 int error = VerifyTestServerCert(callback, &verify_result, &request_handle); | 165 int error = VerifyTestServerCert(callback, &verify_result, &request); |
| 168 ASSERT_EQ(net::ERR_IO_PENDING, error); | 166 ASSERT_EQ(net::ERR_IO_PENDING, error); |
| 169 EXPECT_TRUE(request_handle); | 167 EXPECT_TRUE(request); |
| 170 error = callback.WaitForResult(); | 168 error = callback.WaitForResult(); |
| 171 EXPECT_EQ(net::OK, error); | 169 EXPECT_EQ(net::OK, error); |
| 172 | 170 |
| 173 // The additional trust anchors were not used, since the certificate is | 171 // The additional trust anchors were not used, since the certificate is |
| 174 // trusted from the database. | 172 // trusted from the database. |
| 175 EXPECT_FALSE(WasTrustAnchorUsedAndReset()); | 173 EXPECT_FALSE(WasTrustAnchorUsedAndReset()); |
| 176 } | 174 } |
| 177 | 175 |
| 178 TEST_F(PolicyCertVerifierTest, VerifyUsingAdditionalTrustAnchor) { | 176 TEST_F(PolicyCertVerifierTest, VerifyUsingAdditionalTrustAnchor) { |
| 179 ASSERT_TRUE(SupportsAdditionalTrustAnchors()); | 177 ASSERT_TRUE(SupportsAdditionalTrustAnchors()); |
| 180 | 178 |
| 181 // |test_server_cert_| is untrusted, so Verify() fails. | 179 // |test_server_cert_| is untrusted, so Verify() fails. |
| 182 { | 180 { |
| 183 net::CertVerifyResult verify_result; | 181 net::CertVerifyResult verify_result; |
| 184 net::TestCompletionCallback callback; | 182 net::TestCompletionCallback callback; |
| 185 scoped_ptr<net::CertVerifier::Request> request_handle; | 183 scoped_ptr<net::CertVerifier::Request> request; |
| 186 int error = VerifyTestServerCert(callback, &verify_result, &request_handle); | 184 int error = VerifyTestServerCert(callback, &verify_result, &request); |
| 187 ASSERT_EQ(net::ERR_IO_PENDING, error); | 185 ASSERT_EQ(net::ERR_IO_PENDING, error); |
| 188 EXPECT_TRUE(request_handle); | 186 EXPECT_TRUE(request); |
| 189 error = callback.WaitForResult(); | 187 error = callback.WaitForResult(); |
| 190 EXPECT_EQ(net::ERR_CERT_AUTHORITY_INVALID, error); | 188 EXPECT_EQ(net::ERR_CERT_AUTHORITY_INVALID, error); |
| 191 } | 189 } |
| 192 EXPECT_FALSE(WasTrustAnchorUsedAndReset()); | 190 EXPECT_FALSE(WasTrustAnchorUsedAndReset()); |
| 193 | 191 |
| 194 // Verify() again with the additional trust anchors. | 192 // Verify() again with the additional trust anchors. |
| 195 cert_verifier_->SetTrustAnchors(test_ca_cert_list_); | 193 cert_verifier_->SetTrustAnchors(test_ca_cert_list_); |
| 196 { | 194 { |
| 197 net::CertVerifyResult verify_result; | 195 net::CertVerifyResult verify_result; |
| 198 net::TestCompletionCallback callback; | 196 net::TestCompletionCallback callback; |
| 199 scoped_ptr<net::CertVerifier::Request> request_handle; | 197 scoped_ptr<net::CertVerifier::Request> request; |
| 200 int error = VerifyTestServerCert(callback, &verify_result, &request_handle); | 198 int error = VerifyTestServerCert(callback, &verify_result, &request); |
| 201 ASSERT_EQ(net::ERR_IO_PENDING, error); | 199 ASSERT_EQ(net::ERR_IO_PENDING, error); |
| 202 EXPECT_TRUE(request_handle); | 200 EXPECT_TRUE(request); |
| 203 error = callback.WaitForResult(); | 201 error = callback.WaitForResult(); |
| 204 EXPECT_EQ(net::OK, error); | 202 EXPECT_EQ(net::OK, error); |
| 205 } | 203 } |
| 206 EXPECT_TRUE(WasTrustAnchorUsedAndReset()); | 204 EXPECT_TRUE(WasTrustAnchorUsedAndReset()); |
| 207 | 205 |
| 208 // Verify() again with the additional trust anchors will hit the cache. | 206 // Verify() again with the additional trust anchors will hit the cache. |
| 209 cert_verifier_->SetTrustAnchors(test_ca_cert_list_); | 207 cert_verifier_->SetTrustAnchors(test_ca_cert_list_); |
| 210 { | 208 { |
| 211 net::CertVerifyResult verify_result; | 209 net::CertVerifyResult verify_result; |
| 212 net::TestCompletionCallback callback; | 210 net::TestCompletionCallback callback; |
| 213 scoped_ptr<net::CertVerifier::Request> request_handle; | 211 scoped_ptr<net::CertVerifier::Request> request; |
| 214 int error = VerifyTestServerCert(callback, &verify_result, &request_handle); | 212 int error = VerifyTestServerCert(callback, &verify_result, &request); |
| 215 EXPECT_EQ(net::OK, error); | 213 EXPECT_EQ(net::OK, error); |
| 216 } | 214 } |
| 217 EXPECT_TRUE(WasTrustAnchorUsedAndReset()); | 215 EXPECT_TRUE(WasTrustAnchorUsedAndReset()); |
| 218 | 216 |
| 219 // Verifying after removing the trust anchors should now fail. | 217 // Verifying after removing the trust anchors should now fail. |
| 220 cert_verifier_->SetTrustAnchors(net::CertificateList()); | 218 cert_verifier_->SetTrustAnchors(net::CertificateList()); |
| 221 { | 219 { |
| 222 net::CertVerifyResult verify_result; | 220 net::CertVerifyResult verify_result; |
| 223 net::TestCompletionCallback callback; | 221 net::TestCompletionCallback callback; |
| 224 scoped_ptr<net::CertVerifier::Request> request_handle; | 222 scoped_ptr<net::CertVerifier::Request> request; |
| 225 int error = VerifyTestServerCert(callback, &verify_result, &request_handle); | 223 int error = VerifyTestServerCert(callback, &verify_result, &request); |
| 226 // Note: this hits the cached result from the first Verify() in this test. | 224 // Note: this hits the cached result from the first Verify() in this test. |
| 227 EXPECT_EQ(net::ERR_CERT_AUTHORITY_INVALID, error); | 225 EXPECT_EQ(net::ERR_CERT_AUTHORITY_INVALID, error); |
| 228 } | 226 } |
| 229 // The additional trust anchors were reset, thus |cert_verifier_| should not | 227 // The additional trust anchors were reset, thus |cert_verifier_| should not |
| 230 // signal it's usage anymore. | 228 // signal it's usage anymore. |
| 231 EXPECT_FALSE(WasTrustAnchorUsedAndReset()); | 229 EXPECT_FALSE(WasTrustAnchorUsedAndReset()); |
| 232 } | 230 } |
| 233 | 231 |
| 234 } // namespace policy | 232 } // namespace policy |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1132103004:
Rename variables "request_handle" to "request" in CertVerifier tests. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@cert_refactor