Chromium Code Reviews Chromium Code Reviews
Issue 11739004:
Add server certificate request parameters to be stored in SSLCertRequestInfo. (Closed)
Base URL: http://git.chromium.org/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/socket/ssl_client_socket.h" | 5 #include "net/socket/ssl_client_socket.h" |
| 6 | 6 |
| 7 #include "base/memory/ref_counted.h" | |
| 7 #include "net/base/address_list.h" | 8 #include "net/base/address_list.h" |
| 8 #include "net/base/cert_test_util.h" | 9 #include "net/base/cert_test_util.h" |
| 9 #include "net/base/host_resolver.h" | 10 #include "net/base/host_resolver.h" |
| 10 #include "net/base/io_buffer.h" | 11 #include "net/base/io_buffer.h" |
| 11 #include "net/base/mock_cert_verifier.h" | 12 #include "net/base/mock_cert_verifier.h" |
| 12 #include "net/base/net_errors.h" | 13 #include "net/base/net_errors.h" |
| 13 #include "net/base/net_log.h" | 14 #include "net/base/net_log.h" |
| 14 #include "net/base/net_log_unittest.h" | 15 #include "net/base/net_log_unittest.h" |
| 16 #include "net/base/ssl_cert_request_info.h" | |
| 15 #include "net/base/ssl_config_service.h" | 17 #include "net/base/ssl_config_service.h" |
| 16 #include "net/base/test_completion_callback.h" | 18 #include "net/base/test_completion_callback.h" |
| 17 #include "net/base/test_data_directory.h" | 19 #include "net/base/test_data_directory.h" |
| 18 #include "net/base/test_root_certs.h" | 20 #include "net/base/test_root_certs.h" |
| 19 #include "net/socket/client_socket_factory.h" | 21 #include "net/socket/client_socket_factory.h" |
| 20 #include "net/socket/client_socket_handle.h" | 22 #include "net/socket/client_socket_handle.h" |
| 21 #include "net/socket/socket_test_util.h" | 23 #include "net/socket/socket_test_util.h" |
| 22 #include "net/socket/tcp_client_socket.h" | 24 #include "net/socket/tcp_client_socket.h" |
| 23 #include "net/test/test_server.h" | 25 #include "net/test/test_server.h" |
| 24 #include "testing/gtest/include/gtest/gtest.h" | 26 #include "testing/gtest/include/gtest/gtest.h" |
| (...skipping 904 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 929 ssl_info.cert->os_cert_handle(), certs[0]->os_cert_handle())); | 931 ssl_info.cert->os_cert_handle(), certs[0]->os_cert_handle())); |
| 930 EXPECT_TRUE(net::X509Certificate::IsSameOSCert( | 932 EXPECT_TRUE(net::X509Certificate::IsSameOSCert( |
| 931 intermediates[0], certs[1]->os_cert_handle())); | 933 intermediates[0], certs[1]->os_cert_handle())); |
| 932 EXPECT_TRUE(net::X509Certificate::IsSameOSCert( | 934 EXPECT_TRUE(net::X509Certificate::IsSameOSCert( |
| 933 intermediates[1], certs[2]->os_cert_handle())); | 935 intermediates[1], certs[2]->os_cert_handle())); |
| 934 | 936 |
| 935 sock->Disconnect(); | 937 sock->Disconnect(); |
| 936 EXPECT_FALSE(sock->IsConnected()); | 938 EXPECT_FALSE(sock->IsConnected()); |
| 937 } | 939 } |
| 938 | 940 |
| 941 // Verifies the correctness of GetSSLCertRequestInfo. | |
| 942 class SSLClientSocketCertRequestInfoTest : public SSLClientSocketTest { | |
| 943 protected: | |
| 944 // Creates a test server with the given SSLOptions, connects to it and returns | |
| 945 // the SSLCertRequestInfo reported by the socket. | |
| 946 scoped_refptr<net::SSLCertRequestInfo> GetCertRequest( | |
| 947 net::TestServer::SSLOptions ssl_options) { | |
| 948 net::TestServer test_server(net::TestServer::TYPE_HTTPS, | |
| 949 ssl_options, | |
| 950 FilePath()); | |
| 951 if (!test_server.Start()) | |
| 952 return NULL; | |
| 953 | |
| 954 net::AddressList addr; | |
| 955 if (!test_server.GetAddressList(&addr)) | |
| 956 return NULL; | |
| 957 | |
| 958 net::TestCompletionCallback callback; | |
| 959 net::CapturingNetLog log; | |
| 960 net::StreamSocket* transport = new net::TCPClientSocket( | |
| 961 addr, &log, net::NetLog::Source()); | |
| 962 int rv = transport->Connect(callback.callback()); | |
| 963 if (rv == net::ERR_IO_PENDING) | |
| 964 rv = callback.WaitForResult(); | |
| 965 EXPECT_EQ(net::OK, rv); | |
| 966 | |
| 967 scoped_ptr<net::SSLClientSocket> sock( | |
| 968 CreateSSLClientSocket(transport, test_server.host_port_pair(), | |
| 969 kDefaultSSLConfig)); | |
| 970 EXPECT_FALSE(sock->IsConnected()); | |
| 971 | |
| 972 rv = sock->Connect(callback.callback()); | |
| 973 if (rv == net::ERR_IO_PENDING) | |
| 974 rv = callback.WaitForResult(); | |
| 975 scoped_refptr<net::SSLCertRequestInfo> request_info = | |
| 976 new net::SSLCertRequestInfo(); | |
| 977 sock->GetSSLCertRequestInfo(request_info.get()); | |
| 978 sock->Disconnect(); | |
| 979 EXPECT_FALSE(sock->IsConnected()); | |
| 980 | |
| 981 return request_info; | |
| 982 } | |
| 983 | |
| 984 // The following is needed to construct paths to certificates passed as | |
| 985 // |client_authorities| in server SSLOptions. Current implementation of | |
| 986 // RemoteTestServer (used on Android) expects relative paths, as opposed to | |
| 987 // LocalTestServer, which expects absolute paths (what to fix?). | |
| 988 FilePath CertDirectory() { | |
| 989 #ifdef OS_ANDROID | |
| 990 return net::GetTestCertsDirectoryRelative(); | |
| 991 #else | |
| 992 return net::GetTestCertsDirectory(); | |
| 993 #endif | |
| 994 } | |
| 995 }; | |
| 996 | |
| 997 TEST_F(SSLClientSocketCertRequestInfoTest, NoAuthorities) { | |
| 998 net::TestServer::SSLOptions ssl_options; | |
| 999 ssl_options.request_client_certificate = true; | |
| 1000 scoped_refptr<net::SSLCertRequestInfo> request_info = | |
| 1001 GetCertRequest(ssl_options); | |
| 1002 ASSERT_TRUE(request_info != NULL); | |
|
Ryan Sleevi
2013/01/09 00:33:39
ASSERT_TRUE(request_info) should suffice
ppi
2013/01/09 10:08:14
Thanks, done in patch set 5.
| |
| 1003 EXPECT_EQ(0u, request_info->cert_authorities.size()); | |
| 1004 } | |
| 1005 | |
| 1006 TEST_F(SSLClientSocketCertRequestInfoTest, TwoAuthorities) { | |
| 1007 const FilePath::CharType kThawteFile[] = | |
| 1008 FILE_PATH_LITERAL("thawte.single.pem"); | |
| 1009 const unsigned char kThawteDN[] = { | |
| 1010 0x30, 0x4c, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, | |
| 1011 0x02, 0x5a, 0x41, 0x31, 0x25, 0x30, 0x23, 0x06, 0x03, 0x55, 0x04, 0x0a, | |
| 1012 0x13, 0x1c, 0x54, 0x68, 0x61, 0x77, 0x74, 0x65, 0x20, 0x43, 0x6f, 0x6e, | |
| 1013 0x73, 0x75, 0x6c, 0x74, 0x69, 0x6e, 0x67, 0x20, 0x28, 0x50, 0x74, 0x79, | |
| 1014 0x29, 0x20, 0x4c, 0x74, 0x64, 0x2e, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, | |
| 1015 0x55, 0x04, 0x03, 0x13, 0x0d, 0x54, 0x68, 0x61, 0x77, 0x74, 0x65, 0x20, | |
| 1016 0x53, 0x47, 0x43, 0x20, 0x43, 0x41 | |
| 1017 }; | |
| 1018 const size_t kThawteLen = sizeof(kThawteDN); | |
| 1019 | |
| 1020 const FilePath::CharType kDiginotarFile[] = | |
| 1021 FILE_PATH_LITERAL("diginotar_root_ca.pem"); | |
| 1022 const unsigned char kDiginotarDN[] = { | |
| 1023 0x30, 0x5f, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, | |
| 1024 0x02, 0x4e, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x0a, | |
| 1025 0x13, 0x09, 0x44, 0x69, 0x67, 0x69, 0x4e, 0x6f, 0x74, 0x61, 0x72, 0x31, | |
| 1026 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x11, 0x44, 0x69, | |
| 1027 0x67, 0x69, 0x4e, 0x6f, 0x74, 0x61, 0x72, 0x20, 0x52, 0x6f, 0x6f, 0x74, | |
| 1028 0x20, 0x43, 0x41, 0x31, 0x20, 0x30, 0x1e, 0x06, 0x09, 0x2a, 0x86, 0x48, | |
| 1029 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x11, 0x69, 0x6e, 0x66, 0x6f, | |
| 1030 0x40, 0x64, 0x69, 0x67, 0x69, 0x6e, 0x6f, 0x74, 0x61, 0x72, 0x2e, 0x6e, | |
| 1031 0x6c | |
| 1032 }; | |
| 1033 const size_t kDiginotarLen = sizeof(kDiginotarDN); | |
| 1034 | |
| 1035 net::TestServer::SSLOptions ssl_options; | |
| 1036 ssl_options.request_client_certificate = true; | |
| 1037 ssl_options.client_authorities.push_back(CertDirectory().Append(kThawteFile)); | |
| 1038 ssl_options.client_authorities.push_back( | |
| 1039 CertDirectory().Append(kDiginotarFile)); | |
| 1040 scoped_refptr<net::SSLCertRequestInfo> request_info = | |
| 1041 GetCertRequest(ssl_options); | |
| 1042 ASSERT_TRUE(request_info != NULL); | |
| 1043 ASSERT_EQ(2u, request_info->cert_authorities.size()); | |
| 1044 EXPECT_EQ(std::string(reinterpret_cast<const char*>(kThawteDN), kThawteLen), | |
| 1045 request_info->cert_authorities[0]); | |
| 1046 EXPECT_EQ( | |
| 1047 std::string(reinterpret_cast<const char*>(kDiginotarDN), kDiginotarLen), | |
| 1048 request_info->cert_authorities[1]); | |
| 1049 } | |
| OLD | NEW |
