| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/quic/quic_stream_factory.h" | 5 #include "net/quic/quic_stream_factory.h" |
| 6 | 6 |
| 7 #include "base/run_loop.h" | 7 #include "base/run_loop.h" |
| 8 #include "base/strings/string_util.h" | 8 #include "base/strings/string_util.h" |
| 9 #include "net/base/test_data_directory.h" | 9 #include "net/base/test_data_directory.h" |
| 10 #include "net/cert/cert_verifier.h" | 10 #include "net/cert/cert_verifier.h" |
| (...skipping 664 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 675 // www.example.org (server1) | 675 // www.example.org (server1) |
| 676 // mail.example.org (server2) | 676 // mail.example.org (server2) |
| 677 // www.example.com | 677 // www.example.com |
| 678 base::FilePath certs_dir = GetTestCertsDirectory(); | 678 base::FilePath certs_dir = GetTestCertsDirectory(); |
| 679 scoped_refptr<X509Certificate> test_cert( | 679 scoped_refptr<X509Certificate> test_cert( |
| 680 ImportCertFromFile(certs_dir, "spdy_pooling.pem")); | 680 ImportCertFromFile(certs_dir, "spdy_pooling.pem")); |
| 681 ASSERT_NE(static_cast<X509Certificate*>(nullptr), test_cert.get()); | 681 ASSERT_NE(static_cast<X509Certificate*>(nullptr), test_cert.get()); |
| 682 ProofVerifyDetailsChromium verify_details; | 682 ProofVerifyDetailsChromium verify_details; |
| 683 verify_details.cert_verify_result.verified_cert = test_cert; | 683 verify_details.cert_verify_result.verified_cert = test_cert; |
| 684 verify_details.cert_verify_result.is_issued_by_known_root = true; | 684 verify_details.cert_verify_result.is_issued_by_known_root = true; |
| 685 crypto_client_stream_factory_.set_proof_verify_details(&verify_details); | 685 crypto_client_stream_factory_.set_default_proof_verify_details( |
| 686 &verify_details); |
| 686 | 687 |
| 687 host_resolver_.set_synchronous_mode(true); | 688 host_resolver_.set_synchronous_mode(true); |
| 688 host_resolver_.rules()->AddIPLiteralRule(server1.host(), "192.168.0.1", ""); | 689 host_resolver_.rules()->AddIPLiteralRule(server1.host(), "192.168.0.1", ""); |
| 689 host_resolver_.rules()->AddIPLiteralRule(server2.host(), "192.168.0.1", ""); | 690 host_resolver_.rules()->AddIPLiteralRule(server2.host(), "192.168.0.1", ""); |
| 690 | 691 |
| 691 QuicStreamRequest request(&factory_); | 692 QuicStreamRequest request(&factory_); |
| 692 is_https_ = true; | 693 is_https_ = true; |
| 693 EXPECT_EQ(OK, | 694 EXPECT_EQ(OK, |
| 694 request.Request(server1, | 695 request.Request(server1, |
| 695 is_https_, | 696 is_https_, |
| (...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 739 // www.example.org (server1) | 740 // www.example.org (server1) |
| 740 // mail.example.org (server2) | 741 // mail.example.org (server2) |
| 741 // www.example.com | 742 // www.example.com |
| 742 base::FilePath certs_dir = GetTestCertsDirectory(); | 743 base::FilePath certs_dir = GetTestCertsDirectory(); |
| 743 scoped_refptr<X509Certificate> test_cert( | 744 scoped_refptr<X509Certificate> test_cert( |
| 744 ImportCertFromFile(certs_dir, "spdy_pooling.pem")); | 745 ImportCertFromFile(certs_dir, "spdy_pooling.pem")); |
| 745 ASSERT_NE(static_cast<X509Certificate*>(nullptr), test_cert.get()); | 746 ASSERT_NE(static_cast<X509Certificate*>(nullptr), test_cert.get()); |
| 746 ProofVerifyDetailsChromium verify_details; | 747 ProofVerifyDetailsChromium verify_details; |
| 747 verify_details.cert_verify_result.verified_cert = test_cert; | 748 verify_details.cert_verify_result.verified_cert = test_cert; |
| 748 verify_details.cert_verify_result.is_issued_by_known_root = true; | 749 verify_details.cert_verify_result.is_issued_by_known_root = true; |
| 749 crypto_client_stream_factory_.set_proof_verify_details(&verify_details); | 750 crypto_client_stream_factory_.set_default_proof_verify_details( |
| 751 &verify_details); |
| 750 | 752 |
| 751 host_resolver_.set_synchronous_mode(true); | 753 host_resolver_.set_synchronous_mode(true); |
| 752 host_resolver_.rules()->AddIPLiteralRule(server1.host(), "192.168.0.1", ""); | 754 host_resolver_.rules()->AddIPLiteralRule(server1.host(), "192.168.0.1", ""); |
| 753 host_resolver_.rules()->AddIPLiteralRule(server2.host(), "192.168.0.1", ""); | 755 host_resolver_.rules()->AddIPLiteralRule(server2.host(), "192.168.0.1", ""); |
| 754 | 756 |
| 755 // Disable connection pooling. | 757 // Disable connection pooling. |
| 756 QuicStreamFactoryPeer::DisableConnectionPooling(&factory_); | 758 QuicStreamFactoryPeer::DisableConnectionPooling(&factory_); |
| 757 | 759 |
| 758 QuicStreamRequest request(&factory_); | 760 QuicStreamRequest request(&factory_); |
| 759 is_https_ = true; | 761 is_https_ = true; |
| (...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 808 // www.example.org (server1) | 810 // www.example.org (server1) |
| 809 // mail.example.org | 811 // mail.example.org |
| 810 // www.example.com | 812 // www.example.com |
| 811 // But is not valid for mail.google.com (server2). | 813 // But is not valid for mail.google.com (server2). |
| 812 base::FilePath certs_dir = GetTestCertsDirectory(); | 814 base::FilePath certs_dir = GetTestCertsDirectory(); |
| 813 scoped_refptr<X509Certificate> test_cert( | 815 scoped_refptr<X509Certificate> test_cert( |
| 814 ImportCertFromFile(certs_dir, "spdy_pooling.pem")); | 816 ImportCertFromFile(certs_dir, "spdy_pooling.pem")); |
| 815 ASSERT_NE(static_cast<X509Certificate*>(nullptr), test_cert.get()); | 817 ASSERT_NE(static_cast<X509Certificate*>(nullptr), test_cert.get()); |
| 816 ProofVerifyDetailsChromium verify_details; | 818 ProofVerifyDetailsChromium verify_details; |
| 817 verify_details.cert_verify_result.verified_cert = test_cert; | 819 verify_details.cert_verify_result.verified_cert = test_cert; |
| 818 crypto_client_stream_factory_.set_proof_verify_details(&verify_details); | 820 crypto_client_stream_factory_.set_default_proof_verify_details( |
| 819 | 821 &verify_details); |
| 820 | 822 |
| 821 host_resolver_.set_synchronous_mode(true); | 823 host_resolver_.set_synchronous_mode(true); |
| 822 host_resolver_.rules()->AddIPLiteralRule(server1.host(), "192.168.0.1", ""); | 824 host_resolver_.rules()->AddIPLiteralRule(server1.host(), "192.168.0.1", ""); |
| 823 host_resolver_.rules()->AddIPLiteralRule(server2.host(), "192.168.0.1", ""); | 825 host_resolver_.rules()->AddIPLiteralRule(server2.host(), "192.168.0.1", ""); |
| 824 | 826 |
| 825 QuicStreamRequest request(&factory_); | 827 QuicStreamRequest request(&factory_); |
| 826 is_https_ = true; | 828 is_https_ = true; |
| 827 EXPECT_EQ(OK, | 829 EXPECT_EQ(OK, |
| 828 request.Request(server1, | 830 request.Request(server1, |
| 829 is_https_, | 831 is_https_, |
| (...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 877 // mail.example.org (server2) | 879 // mail.example.org (server2) |
| 878 base::FilePath certs_dir = GetTestCertsDirectory(); | 880 base::FilePath certs_dir = GetTestCertsDirectory(); |
| 879 scoped_refptr<X509Certificate> test_cert( | 881 scoped_refptr<X509Certificate> test_cert( |
| 880 ImportCertFromFile(certs_dir, "spdy_pooling.pem")); | 882 ImportCertFromFile(certs_dir, "spdy_pooling.pem")); |
| 881 ASSERT_NE(static_cast<X509Certificate*>(nullptr), test_cert.get()); | 883 ASSERT_NE(static_cast<X509Certificate*>(nullptr), test_cert.get()); |
| 882 ProofVerifyDetailsChromium verify_details; | 884 ProofVerifyDetailsChromium verify_details; |
| 883 verify_details.cert_verify_result.verified_cert = test_cert; | 885 verify_details.cert_verify_result.verified_cert = test_cert; |
| 884 verify_details.cert_verify_result.is_issued_by_known_root = true; | 886 verify_details.cert_verify_result.is_issued_by_known_root = true; |
| 885 verify_details.cert_verify_result.public_key_hashes.push_back( | 887 verify_details.cert_verify_result.public_key_hashes.push_back( |
| 886 test::GetTestHashValue(primary_pin)); | 888 test::GetTestHashValue(primary_pin)); |
| 887 crypto_client_stream_factory_.set_proof_verify_details(&verify_details); | 889 crypto_client_stream_factory_.set_default_proof_verify_details( |
| 888 | 890 &verify_details); |
| 889 | 891 |
| 890 host_resolver_.set_synchronous_mode(true); | 892 host_resolver_.set_synchronous_mode(true); |
| 891 host_resolver_.rules()->AddIPLiteralRule(server1.host(), "192.168.0.1", ""); | 893 host_resolver_.rules()->AddIPLiteralRule(server1.host(), "192.168.0.1", ""); |
| 892 host_resolver_.rules()->AddIPLiteralRule(server2.host(), "192.168.0.1", ""); | 894 host_resolver_.rules()->AddIPLiteralRule(server2.host(), "192.168.0.1", ""); |
| 893 | 895 |
| 894 QuicStreamRequest request(&factory_); | 896 QuicStreamRequest request(&factory_); |
| 895 is_https_ = true; | 897 is_https_ = true; |
| 896 EXPECT_EQ(OK, | 898 EXPECT_EQ(OK, |
| 897 request.Request(server1, | 899 request.Request(server1, |
| 898 is_https_, | 900 is_https_, |
| (...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 947 // mail.example.org (server2) | 949 // mail.example.org (server2) |
| 948 base::FilePath certs_dir = GetTestCertsDirectory(); | 950 base::FilePath certs_dir = GetTestCertsDirectory(); |
| 949 scoped_refptr<X509Certificate> test_cert( | 951 scoped_refptr<X509Certificate> test_cert( |
| 950 ImportCertFromFile(certs_dir, "spdy_pooling.pem")); | 952 ImportCertFromFile(certs_dir, "spdy_pooling.pem")); |
| 951 ASSERT_NE(static_cast<X509Certificate*>(nullptr), test_cert.get()); | 953 ASSERT_NE(static_cast<X509Certificate*>(nullptr), test_cert.get()); |
| 952 ProofVerifyDetailsChromium verify_details; | 954 ProofVerifyDetailsChromium verify_details; |
| 953 verify_details.cert_verify_result.verified_cert = test_cert; | 955 verify_details.cert_verify_result.verified_cert = test_cert; |
| 954 verify_details.cert_verify_result.is_issued_by_known_root = true; | 956 verify_details.cert_verify_result.is_issued_by_known_root = true; |
| 955 verify_details.cert_verify_result.public_key_hashes.push_back( | 957 verify_details.cert_verify_result.public_key_hashes.push_back( |
| 956 test::GetTestHashValue(primary_pin)); | 958 test::GetTestHashValue(primary_pin)); |
| 957 crypto_client_stream_factory_.set_proof_verify_details(&verify_details); | 959 crypto_client_stream_factory_.set_default_proof_verify_details( |
| 958 | 960 &verify_details); |
| 959 | 961 |
| 960 host_resolver_.set_synchronous_mode(true); | 962 host_resolver_.set_synchronous_mode(true); |
| 961 host_resolver_.rules()->AddIPLiteralRule(server1.host(), "192.168.0.1", ""); | 963 host_resolver_.rules()->AddIPLiteralRule(server1.host(), "192.168.0.1", ""); |
| 962 host_resolver_.rules()->AddIPLiteralRule(server2.host(), "192.168.0.1", ""); | 964 host_resolver_.rules()->AddIPLiteralRule(server2.host(), "192.168.0.1", ""); |
| 963 | 965 |
| 964 // Disable connection pooling. | 966 // Disable connection pooling. |
| 965 QuicStreamFactoryPeer::DisableConnectionPooling(&factory_); | 967 QuicStreamFactoryPeer::DisableConnectionPooling(&factory_); |
| 966 | 968 |
| 967 QuicStreamRequest request(&factory_); | 969 QuicStreamRequest request(&factory_); |
| 968 is_https_ = true; | 970 is_https_ = true; |
| (...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1018 test::AddPin(&transport_security_state_, "mail.example.org", primary_pin, | 1020 test::AddPin(&transport_security_state_, "mail.example.org", primary_pin, |
| 1019 backup_pin); | 1021 backup_pin); |
| 1020 | 1022 |
| 1021 // Load a cert that is valid for: | 1023 // Load a cert that is valid for: |
| 1022 // www.example.org (server1) | 1024 // www.example.org (server1) |
| 1023 // mail.example.org (server2) | 1025 // mail.example.org (server2) |
| 1024 base::FilePath certs_dir = GetTestCertsDirectory(); | 1026 base::FilePath certs_dir = GetTestCertsDirectory(); |
| 1025 scoped_refptr<X509Certificate> test_cert( | 1027 scoped_refptr<X509Certificate> test_cert( |
| 1026 ImportCertFromFile(certs_dir, "spdy_pooling.pem")); | 1028 ImportCertFromFile(certs_dir, "spdy_pooling.pem")); |
| 1027 ASSERT_NE(static_cast<X509Certificate*>(nullptr), test_cert.get()); | 1029 ASSERT_NE(static_cast<X509Certificate*>(nullptr), test_cert.get()); |
| 1028 ProofVerifyDetailsChromium verify_details; | 1030 |
| 1029 verify_details.cert_verify_result.verified_cert = test_cert; | 1031 ProofVerifyDetailsChromium verify_details1; |
| 1030 verify_details.cert_verify_result.is_issued_by_known_root = true; | 1032 verify_details1.cert_verify_result.verified_cert = test_cert; |
| 1031 verify_details.cert_verify_result.public_key_hashes.push_back( | 1033 verify_details1.cert_verify_result.is_issued_by_known_root = true; |
| 1034 verify_details1.cert_verify_result.public_key_hashes.push_back( |
| 1032 test::GetTestHashValue(bad_pin)); | 1035 test::GetTestHashValue(bad_pin)); |
| 1033 crypto_client_stream_factory_.set_proof_verify_details(&verify_details); | 1036 crypto_client_stream_factory_.set_proof_verify_details_for_server( |
| 1037 &verify_details1, |
| 1038 QuicServerId(server1, /*is_https=*/true, privacy_mode_)); |
| 1034 | 1039 |
| 1040 ProofVerifyDetailsChromium verify_details2; |
| 1041 verify_details2.cert_verify_result.verified_cert = test_cert; |
| 1042 verify_details2.cert_verify_result.is_issued_by_known_root = true; |
| 1043 verify_details2.cert_verify_result.public_key_hashes.push_back( |
| 1044 test::GetTestHashValue(primary_pin)); |
| 1045 crypto_client_stream_factory_.set_proof_verify_details_for_server( |
| 1046 &verify_details2, |
| 1047 QuicServerId(server2, /*is_https=*/true, privacy_mode_)); |
| 1035 | 1048 |
| 1036 host_resolver_.set_synchronous_mode(true); | 1049 host_resolver_.set_synchronous_mode(true); |
| 1037 host_resolver_.rules()->AddIPLiteralRule(server1.host(), "192.168.0.1", ""); | 1050 host_resolver_.rules()->AddIPLiteralRule(server1.host(), "192.168.0.1", ""); |
| 1038 host_resolver_.rules()->AddIPLiteralRule(server2.host(), "192.168.0.1", ""); | 1051 host_resolver_.rules()->AddIPLiteralRule(server2.host(), "192.168.0.1", ""); |
| 1039 | 1052 |
| 1040 QuicStreamRequest request(&factory_); | 1053 QuicStreamRequest request(&factory_); |
| 1041 is_https_ = true; | 1054 is_https_ = true; |
| 1042 EXPECT_EQ(OK, | 1055 EXPECT_EQ(OK, |
| 1043 request.Request(server1, | 1056 request.Request(server1, |
| 1044 is_https_, | 1057 is_https_, |
| (...skipping 786 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1831 EXPECT_TRUE(socket_data.at_read_eof()); | 1844 EXPECT_TRUE(socket_data.at_read_eof()); |
| 1832 EXPECT_TRUE(socket_data.at_write_eof()); | 1845 EXPECT_TRUE(socket_data.at_write_eof()); |
| 1833 EXPECT_TRUE(socket_data2.at_read_eof()); | 1846 EXPECT_TRUE(socket_data2.at_read_eof()); |
| 1834 EXPECT_TRUE(socket_data2.at_write_eof()); | 1847 EXPECT_TRUE(socket_data2.at_write_eof()); |
| 1835 EXPECT_TRUE(socket_data3.at_read_eof()); | 1848 EXPECT_TRUE(socket_data3.at_read_eof()); |
| 1836 EXPECT_TRUE(socket_data3.at_write_eof()); | 1849 EXPECT_TRUE(socket_data3.at_write_eof()); |
| 1837 } | 1850 } |
| 1838 | 1851 |
| 1839 } // namespace test | 1852 } // namespace test |
| 1840 } // namespace net | 1853 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1140173002:
Implement per-server ProofVerifyDetails in MockCryptoClientStreamFactory. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master