Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(94)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_client_socket_unittest.cc

Issue 1174073003: Add served cert chain to SSLInfo (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: rsleevi nits Created 5 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/socket/ssl_client_socket_openssl.cc ('k') | net/ssl/ssl_info.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/socket/ssl_client_socket.h" 5 #include "net/socket/ssl_client_socket.h"
6 6
7 #include "base/callback_helpers.h" 7 #include "base/callback_helpers.h"
8 #include "base/memory/ref_counted.h" 8 #include "base/memory/ref_counted.h"
9 #include "base/run_loop.h" 9 #include "base/run_loop.h"
10 #include "base/thread_task_runner_handle.h" 10 #include "base/thread_task_runner_handle.h"
(...skipping 2404 matching lines...) Expand 10 before | Expand all | Expand 10 after
2415 EXPECT_TRUE(sock->IsConnected()); 2415 EXPECT_TRUE(sock->IsConnected());
2416 2416
2417 // When given option CERT_CHAIN_WRONG_ROOT, SpawnedTestServer will present 2417 // When given option CERT_CHAIN_WRONG_ROOT, SpawnedTestServer will present
2418 // certs from redundant-server-chain.pem. 2418 // certs from redundant-server-chain.pem.
2419 CertificateList server_certs = 2419 CertificateList server_certs =
2420 CreateCertificateListFromFile(GetTestCertsDirectory(), 2420 CreateCertificateListFromFile(GetTestCertsDirectory(),
2421 "redundant-server-chain.pem", 2421 "redundant-server-chain.pem",
2422 X509Certificate::FORMAT_AUTO); 2422 X509Certificate::FORMAT_AUTO);
2423 2423
2424 // Get the server certificate as received client side. 2424 // Get the server certificate as received client side.
2425 scoped_refptr<X509Certificate> server_certificate = 2425 SSLInfo ssl_info;
2426 sock->GetUnverifiedServerCertificateChain(); 2426 ASSERT_TRUE(sock->GetSSLInfo(&ssl_info));
2427 scoped_refptr<X509Certificate> server_certificate = ssl_info.unverified_cert;
2427 2428
2428 // Get the intermediates as received client side. 2429 // Get the intermediates as received client side.
2429 const X509Certificate::OSCertHandles& server_intermediates = 2430 const X509Certificate::OSCertHandles& server_intermediates =
2430 server_certificate->GetIntermediateCertificates(); 2431 server_certificate->GetIntermediateCertificates();
2431 2432
2432 // Check that the unverified server certificate chain is properly retrieved 2433 // Check that the unverified server certificate chain is properly retrieved
2433 // from the underlying ssl stack. 2434 // from the underlying ssl stack.
2434 ASSERT_EQ(4U, server_certs.size()); 2435 ASSERT_EQ(4U, server_certs.size());
2435 2436
2436 EXPECT_TRUE(X509Certificate::IsSameOSCert( 2437 EXPECT_TRUE(X509Certificate::IsSameOSCert(
(...skipping 22 matching lines...) Expand all
2459 // a self-signed root. Such a situation can occur when a new root (C2) is 2460 // a self-signed root. Such a situation can occur when a new root (C2) is
2460 // cross-certified by an old root (D) and has two different versions of its 2461 // cross-certified by an old root (D) and has two different versions of its
2461 // floating around. Servers may supply C2 as an intermediate, but the 2462 // floating around. Servers may supply C2 as an intermediate, but the
2462 // SSLClientSocket should return the chain that was verified, from 2463 // SSLClientSocket should return the chain that was verified, from
2463 // verify_result, instead. 2464 // verify_result, instead.
2464 TEST_F(SSLClientSocketTest, VerifyReturnChainProperlyOrdered) { 2465 TEST_F(SSLClientSocketTest, VerifyReturnChainProperlyOrdered) {
2465 // By default, cause the CertVerifier to treat all certificates as 2466 // By default, cause the CertVerifier to treat all certificates as
2466 // expired. 2467 // expired.
2467 cert_verifier_->set_default_result(ERR_CERT_DATE_INVALID); 2468 cert_verifier_->set_default_result(ERR_CERT_DATE_INVALID);
2468 2469
2470 CertificateList unverified_certs = CreateCertificateListFromFile(
2471 GetTestCertsDirectory(), "redundant-server-chain.pem",
2472 X509Certificate::FORMAT_AUTO);
2473 ASSERT_EQ(4u, unverified_certs.size());
2474
2469 // We will expect SSLInfo to ultimately contain this chain. 2475 // We will expect SSLInfo to ultimately contain this chain.
2470 CertificateList certs = 2476 CertificateList certs =
2471 CreateCertificateListFromFile(GetTestCertsDirectory(), 2477 CreateCertificateListFromFile(GetTestCertsDirectory(),
2472 "redundant-validated-chain.pem", 2478 "redundant-validated-chain.pem",
2473 X509Certificate::FORMAT_AUTO); 2479 X509Certificate::FORMAT_AUTO);
2474 ASSERT_EQ(3U, certs.size()); 2480 ASSERT_EQ(3U, certs.size());
2475 2481
2476 X509Certificate::OSCertHandles temp_intermediates; 2482 X509Certificate::OSCertHandles temp_intermediates;
2477 temp_intermediates.push_back(certs[1]->os_cert_handle()); 2483 temp_intermediates.push_back(certs[1]->os_cert_handle());
2478 temp_intermediates.push_back(certs[2]->os_cert_handle()); 2484 temp_intermediates.push_back(certs[2]->os_cert_handle());
(...skipping 57 matching lines...) Expand 10 before | Expand all | Expand 10 after
2536 const X509Certificate::OSCertHandles& intermediates = 2542 const X509Certificate::OSCertHandles& intermediates =
2537 ssl_info.cert->GetIntermediateCertificates(); 2543 ssl_info.cert->GetIntermediateCertificates();
2538 ASSERT_EQ(2U, intermediates.size()); 2544 ASSERT_EQ(2U, intermediates.size());
2539 EXPECT_TRUE(X509Certificate::IsSameOSCert(ssl_info.cert->os_cert_handle(), 2545 EXPECT_TRUE(X509Certificate::IsSameOSCert(ssl_info.cert->os_cert_handle(),
2540 certs[0]->os_cert_handle())); 2546 certs[0]->os_cert_handle()));
2541 EXPECT_TRUE(X509Certificate::IsSameOSCert(intermediates[0], 2547 EXPECT_TRUE(X509Certificate::IsSameOSCert(intermediates[0],
2542 certs[1]->os_cert_handle())); 2548 certs[1]->os_cert_handle()));
2543 EXPECT_TRUE(X509Certificate::IsSameOSCert(intermediates[1], 2549 EXPECT_TRUE(X509Certificate::IsSameOSCert(intermediates[1],
2544 certs[2]->os_cert_handle())); 2550 certs[2]->os_cert_handle()));
2545 2551
2552 // Verify that SSLInfo also contains the chain as received from the server.
2553 const X509Certificate::OSCertHandles& served_intermediates =
2554 ssl_info.unverified_cert->GetIntermediateCertificates();
2555 ASSERT_EQ(3U, served_intermediates.size());
2556 EXPECT_TRUE(X509Certificate::IsSameOSCert(
2557 ssl_info.cert->os_cert_handle(), unverified_certs[0]->os_cert_handle()));
2558 EXPECT_TRUE(X509Certificate::IsSameOSCert(
2559 served_intermediates[0], unverified_certs[1]->os_cert_handle()));
2560 EXPECT_TRUE(X509Certificate::IsSameOSCert(
2561 served_intermediates[1], unverified_certs[2]->os_cert_handle()));
2562 EXPECT_TRUE(X509Certificate::IsSameOSCert(
2563 served_intermediates[2], unverified_certs[3]->os_cert_handle()));
2564
2546 sock->Disconnect(); 2565 sock->Disconnect();
2547 EXPECT_FALSE(sock->IsConnected()); 2566 EXPECT_FALSE(sock->IsConnected());
2548 } 2567 }
2549 2568
2550 TEST_F(SSLClientSocketCertRequestInfoTest, NoAuthorities) { 2569 TEST_F(SSLClientSocketCertRequestInfoTest, NoAuthorities) {
2551 SpawnedTestServer::SSLOptions ssl_options; 2570 SpawnedTestServer::SSLOptions ssl_options;
2552 ssl_options.request_client_certificate = true; 2571 ssl_options.request_client_certificate = true;
2553 scoped_refptr<SSLCertRequestInfo> request_info = GetCertRequest(ssl_options); 2572 scoped_refptr<SSLCertRequestInfo> request_info = GetCertRequest(ssl_options);
2554 ASSERT_TRUE(request_info.get()); 2573 ASSERT_TRUE(request_info.get());
2555 EXPECT_EQ(0u, request_info->cert_authorities.size()); 2574 EXPECT_EQ(0u, request_info->cert_authorities.size());
(...skipping 852 matching lines...) Expand 10 before | Expand all | Expand 10 after
3408 ssl_config.channel_id_enabled = true; 3427 ssl_config.channel_id_enabled = true;
3409 3428
3410 int rv; 3429 int rv;
3411 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); 3430 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
3412 3431
3413 EXPECT_EQ(ERR_UNEXPECTED, rv); 3432 EXPECT_EQ(ERR_UNEXPECTED, rv);
3414 EXPECT_FALSE(sock_->IsConnected()); 3433 EXPECT_FALSE(sock_->IsConnected());
3415 } 3434 }
3416 3435
3417 } // namespace net 3436 } // namespace net
OLDNEW
« no previous file with comments | « net/socket/ssl_client_socket_openssl.cc ('k') | net/ssl/ssl_info.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698