| Index: net/url_request/url_request_unittest.cc
|
| diff --git a/net/url_request/url_request_unittest.cc b/net/url_request/url_request_unittest.cc
|
| index 925a4d02407d16626c0753279c34db8658d13496..ace4dfc760d466c66835a1a2b7a3bde7a659119e 100644
|
| --- a/net/url_request/url_request_unittest.cc
|
| +++ b/net/url_request/url_request_unittest.cc
|
| @@ -13,6 +13,7 @@
|
|
|
| #include <algorithm>
|
|
|
| +#include "base/base64.h"
|
| #include "base/basictypes.h"
|
| #include "base/bind.h"
|
| #include "base/compiler_specific.h"
|
| @@ -75,8 +76,11 @@
|
| #include "net/log/test_net_log_util.h"
|
| #include "net/proxy/proxy_service.h"
|
| #include "net/socket/ssl_client_socket.h"
|
| +#include "net/ssl/channel_id_service.h"
|
| +#include "net/ssl/default_channel_id_store.h"
|
| #include "net/ssl/ssl_cipher_suite_names.h"
|
| #include "net/ssl/ssl_connection_status_flags.h"
|
| +#include "net/ssl/token_binding.h"
|
| #include "net/test/cert_test_util.h"
|
| #include "net/test/embedded_test_server/embedded_test_server.h"
|
| #include "net/test/embedded_test_server/http_request.h"
|
| @@ -3285,6 +3289,110 @@ class URLRequestTestHTTP : public URLRequestTest {
|
| LocalHttpTestServer test_server_;
|
| };
|
|
|
| +class TestSSLConfigService : public SSLConfigService {
|
| + public:
|
| + TestSSLConfigService(bool ev_enabled,
|
| + bool online_rev_checking,
|
| + bool rev_checking_required_local_anchors,
|
| + bool token_binding_enabled)
|
| + : ev_enabled_(ev_enabled),
|
| + online_rev_checking_(online_rev_checking),
|
| + rev_checking_required_local_anchors_(
|
| + rev_checking_required_local_anchors),
|
| + min_version_(kDefaultSSLVersionMin),
|
| + fallback_min_version_(kDefaultSSLVersionFallbackMin),
|
| + token_binding_enabled_(token_binding_enabled) {}
|
| +
|
| + void set_min_version(uint16 version) { min_version_ = version; }
|
| +
|
| + void set_fallback_min_version(uint16 version) {
|
| + fallback_min_version_ = version;
|
| + }
|
| +
|
| + // SSLConfigService:
|
| + void GetSSLConfig(SSLConfig* config) override {
|
| + *config = SSLConfig();
|
| + config->rev_checking_enabled = online_rev_checking_;
|
| + config->verify_ev_cert = ev_enabled_;
|
| + config->rev_checking_required_local_anchors =
|
| + rev_checking_required_local_anchors_;
|
| + if (fallback_min_version_) {
|
| + config->version_fallback_min = fallback_min_version_;
|
| + }
|
| + if (min_version_) {
|
| + config->version_min = min_version_;
|
| + }
|
| + if (token_binding_enabled_) {
|
| + config->token_binding_params.push_back(TB_PARAM_ECDSAP256);
|
| + }
|
| + }
|
| +
|
| + protected:
|
| + ~TestSSLConfigService() override {}
|
| +
|
| + private:
|
| + const bool ev_enabled_;
|
| + const bool online_rev_checking_;
|
| + const bool rev_checking_required_local_anchors_;
|
| + uint16 min_version_;
|
| + uint16 fallback_min_version_;
|
| + const bool token_binding_enabled_;
|
| +};
|
| +
|
| +class TokenBindingURLRequestTest : public URLRequestTestHTTP {
|
| + public:
|
| + void SetUp() override {
|
| + default_context_.set_ssl_config_service(
|
| + new TestSSLConfigService(false, false, false, true));
|
| + channel_id_service_.reset(new ChannelIDService(
|
| + new DefaultChannelIDStore(NULL), base::ThreadTaskRunnerHandle::Get()));
|
| + default_context_.set_channel_id_service(channel_id_service_.get());
|
| + URLRequestTestHTTP::SetUp();
|
| + }
|
| +
|
| + protected:
|
| + scoped_ptr<ChannelIDService> channel_id_service_;
|
| +};
|
| +
|
| +TEST_F(TokenBindingURLRequestTest, TokenBindingTest) {
|
| + SpawnedTestServer::SSLOptions ssl_options;
|
| + ssl_options.supported_token_binding_params.push_back(TB_PARAM_ECDSAP256);
|
| + SpawnedTestServer https_test_server(SpawnedTestServer::TYPE_HTTPS,
|
| + ssl_options,
|
| + base::FilePath(kTestFilePath));
|
| + ASSERT_TRUE(https_test_server.Start());
|
| +
|
| + TestDelegate d;
|
| + {
|
| + scoped_ptr<URLRequest> r(default_context_.CreateRequest(
|
| + https_test_server.GetURL("tokbind-ekm"), DEFAULT_PRIORITY, &d));
|
| + r->Start();
|
| + EXPECT_TRUE(r->is_pending());
|
| +
|
| + base::RunLoop().Run();
|
| +
|
| + EXPECT_EQ(URLRequestStatus::SUCCESS, r->status().status());
|
| +
|
| + HttpRequestHeaders headers;
|
| + std::string token_binding_header, token_binding_message;
|
| + EXPECT_TRUE(r->GetFullRequestHeaders(&headers));
|
| + EXPECT_TRUE(headers.GetHeader(HttpRequestHeaders::kTokenBinding,
|
| + &token_binding_header));
|
| + base::ReplaceChars(token_binding_header, "_", "/", &token_binding_header);
|
| + base::ReplaceChars(token_binding_header, "-", "+", &token_binding_header);
|
| + EXPECT_TRUE(
|
| + base::Base64Decode(token_binding_header, &token_binding_message));
|
| + std::string ec_point, signature;
|
| + EXPECT_TRUE(
|
| + ParseTokenBindingMessage(token_binding_message, &ec_point, &signature));
|
| +
|
| + EXPECT_GT(d.bytes_received(), 0);
|
| + std::string ekm = d.data_received();
|
| +
|
| + EXPECT_TRUE(VerifyEKMSignature(ec_point, signature, ekm));
|
| + }
|
| +}
|
| +
|
| // In this unit test, we're using the HTTPTestServer as a proxy server and
|
| // issuing a CONNECT request with the magic host name "www.redirect.com".
|
| // The HTTPTestServer will return a 302 response, which we should not
|
| @@ -8421,63 +8529,17 @@ TEST_F(HTTPSRequestTest, DisableECDSAOnXP) {
|
|
|
| #endif // OS_WIN
|
|
|
| -class TestSSLConfigService : public SSLConfigService {
|
| - public:
|
| - TestSSLConfigService(bool ev_enabled,
|
| - bool online_rev_checking,
|
| - bool rev_checking_required_local_anchors)
|
| - : ev_enabled_(ev_enabled),
|
| - online_rev_checking_(online_rev_checking),
|
| - rev_checking_required_local_anchors_(
|
| - rev_checking_required_local_anchors),
|
| - min_version_(kDefaultSSLVersionMin),
|
| - fallback_min_version_(kDefaultSSLVersionFallbackMin) {}
|
| -
|
| - void set_min_version(uint16 version) {
|
| - min_version_ = version;
|
| - }
|
| -
|
| - void set_fallback_min_version(uint16 version) {
|
| - fallback_min_version_ = version;
|
| - }
|
| -
|
| - // SSLConfigService:
|
| - void GetSSLConfig(SSLConfig* config) override {
|
| - *config = SSLConfig();
|
| - config->rev_checking_enabled = online_rev_checking_;
|
| - config->verify_ev_cert = ev_enabled_;
|
| - config->rev_checking_required_local_anchors =
|
| - rev_checking_required_local_anchors_;
|
| - if (fallback_min_version_) {
|
| - config->version_fallback_min = fallback_min_version_;
|
| - }
|
| - if (min_version_) {
|
| - config->version_min = min_version_;
|
| - }
|
| - }
|
| -
|
| - protected:
|
| - ~TestSSLConfigService() override {}
|
| -
|
| - private:
|
| - const bool ev_enabled_;
|
| - const bool online_rev_checking_;
|
| - const bool rev_checking_required_local_anchors_;
|
| - uint16 min_version_;
|
| - uint16 fallback_min_version_;
|
| -};
|
| -
|
| class FallbackTestURLRequestContext : public TestURLRequestContext {
|
| public:
|
| explicit FallbackTestURLRequestContext(bool delay_initialization)
|
| : TestURLRequestContext(delay_initialization) {}
|
|
|
| void set_fallback_min_version(uint16 version) {
|
| - TestSSLConfigService *ssl_config_service =
|
| - new TestSSLConfigService(true /* check for EV */,
|
| - false /* online revocation checking */,
|
| - false /* require rev. checking for local
|
| - anchors */);
|
| + TestSSLConfigService* ssl_config_service = new TestSSLConfigService(
|
| + true /* check for EV */, false /* online revocation checking */,
|
| + false /* require rev. checking for local
|
| + anchors */,
|
| + false /* token binding enabled */);
|
| ssl_config_service->set_fallback_min_version(version);
|
| set_ssl_config_service(ssl_config_service);
|
| }
|
| @@ -8852,11 +8914,11 @@ class HTTPSOCSPTest : public HTTPSRequestTest {
|
| // connetions to testserver. This can be overridden in test subclasses for
|
| // different behaviour.
|
| virtual void SetupContext(URLRequestContext* context) {
|
| - context->set_ssl_config_service(
|
| - new TestSSLConfigService(true /* check for EV */,
|
| - true /* online revocation checking */,
|
| - false /* require rev. checking for local
|
| - anchors */));
|
| + context->set_ssl_config_service(new TestSSLConfigService(
|
| + true /* check for EV */, true /* online revocation checking */,
|
| + false /* require rev. checking for local
|
| + anchors */,
|
| + false /* token binding enabled */));
|
| }
|
|
|
| scoped_ptr<ScopedTestRoot> test_root_;
|
| @@ -9047,11 +9109,11 @@ TEST_F(HTTPSOCSPTest, MAYBE_RevokedStapled) {
|
| class HTTPSHardFailTest : public HTTPSOCSPTest {
|
| protected:
|
| void SetupContext(URLRequestContext* context) override {
|
| - context->set_ssl_config_service(
|
| - new TestSSLConfigService(false /* check for EV */,
|
| - false /* online revocation checking */,
|
| - true /* require rev. checking for local
|
| - anchors */));
|
| + context->set_ssl_config_service(new TestSSLConfigService(
|
| + false /* check for EV */, false /* online revocation checking */,
|
| + true /* require rev. checking for local
|
| + anchors */,
|
| + false /* token binding enabled */));
|
| }
|
| };
|
|
|
| @@ -9084,11 +9146,11 @@ TEST_F(HTTPSHardFailTest, FailsOnOCSPInvalid) {
|
| class HTTPSEVCRLSetTest : public HTTPSOCSPTest {
|
| protected:
|
| void SetupContext(URLRequestContext* context) override {
|
| - context->set_ssl_config_service(
|
| - new TestSSLConfigService(true /* check for EV */,
|
| - false /* online revocation checking */,
|
| - false /* require rev. checking for local
|
| - anchors */));
|
| + context->set_ssl_config_service(new TestSSLConfigService(
|
| + true /* check for EV */, false /* online revocation checking */,
|
| + false /* require rev. checking for local
|
| + anchors */,
|
| + false /* token binding enabled */));
|
| }
|
| };
|
|
|
| @@ -9269,11 +9331,11 @@ TEST_F(HTTPSEVCRLSetTest, ExpiredCRLSetAndRevokedNonEVCert) {
|
| class HTTPSCRLSetTest : public HTTPSOCSPTest {
|
| protected:
|
| void SetupContext(URLRequestContext* context) override {
|
| - context->set_ssl_config_service(
|
| - new TestSSLConfigService(false /* check for EV */,
|
| - false /* online revocation checking */,
|
| - false /* require rev. checking for local
|
| - anchors */));
|
| + context->set_ssl_config_service(new TestSSLConfigService(
|
| + false /* check for EV */, false /* online revocation checking */,
|
| + false /* require rev. checking for local
|
| + anchors */,
|
| + false /* token binding enabled */));
|
| }
|
| };
|
|
|
|
|
Chromium Code Reviews
Issue 1378613004:
Set Token-Binding HTTP header (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@tb-tls-ext-new