net/quic/crypto/proof_verifier_chromium_test.cc - Issue 1454993002: QUIC - Code to verify SCT tag with certificate transparency verifier

Side by Side Diff: net/quic/crypto/proof_verifier_chromium_test.cc

Issue 1454993002: QUIC - Code to verify SCT tag with certificate transparency verifier (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 5 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« net/quic/crypto/proof_test.cc ('K') | « net/quic/crypto/proof_verifier_chromium.cc ('k') | net/quic/quic_chromium_client_session.h » ('j') | net/quic/quic_chromium_client_session.cc » ('J')

OLD	NEW
1 // Copyright 2015 The Chromium Authors. All rights reserved.	1 // Copyright 2015 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/quic/crypto/proof_verifier_chromium.h"	5 #include "net/quic/crypto/proof_verifier_chromium.h"

6	6

7 #include "base/memory/ref_counted.h"	7 #include "base/memory/ref_counted.h"

8 #include "base/memory/scoped_ptr.h"	8 #include "base/memory/scoped_ptr.h"

9 #include "net/base/net_errors.h"	9 #include "net/base/net_errors.h"

10 #include "net/base/test_data_directory.h"	10 #include "net/base/test_data_directory.h"

(...skipping 129 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
140 sizeof(kTestSignature));	140 sizeof(kTestSignature));

141 }	141 }

142	142

143 const char kTestHostname[] = "test.example.com";	143 const char kTestHostname[] = "test.example.com";

144 const char kTestConfig[] = "server config bytes";	144 const char kTestConfig[] = "server config bytes";

145	145

146 } // namespace	146 } // namespace

147	147

148 // Tests that the ProofVerifier fails verification if certificate	148 // Tests that the ProofVerifier fails verification if certificate

149 // verification fails.	149 // verification fails.

150 TEST(ProofVerifierChromiumTest, FailsIfCertFails) {	150 TEST(ProofVerifierChromiumTest, FailsIfCertFails) {
	Eran Messeri 2015/11/18 11:14:00 Should there be another test case with non-null CT Should there be another test case with non-null CTVerifier to make sure what it returns get stored in the ProofVerifyDetails? Ryan Hamilton 2015/11/18 20:57:26 Agreed. Show quoted text On 2015/11/18 11:14:00, Eran Messeri wrote: > Should there be another test case with non-null CTVerifier to make sure what it > returns get stored in the ProofVerifyDetails? Agreed. ramant (doing other things) 2015/11/21 00:27:03 Good point. Added tests. Done. Show quoted text On 2015/11/18 20:57:26, Ryan Hamilton wrote: > On 2015/11/18 11:14:00, Eran Messeri wrote: > > Should there be another test case with non-null CTVerifier to make sure what > it > > returns get stored in the ProofVerifyDetails? > > Agreed. Good point. Added tests. Done.
151 MockCertVerifier dummy_verifier;	151 MockCertVerifier dummy_verifier;

152 ProofVerifierChromium proof_verifier(&dummy_verifier, nullptr, nullptr);	152 ProofVerifierChromium proof_verifier(&dummy_verifier, nullptr, nullptr,

	153 nullptr);

153	154

154 scoped_ptr<ProofVerifyContext> verify_context(	155 scoped_ptr<ProofVerifyContext> verify_context(

155 new ProofVerifyContextChromium(0 /cert_verify_flags/, BoundNetLog()));	156 new ProofVerifyContextChromium(0 /cert_verify_flags/, BoundNetLog()));

156 scoped_ptr<ProofVerifyDetails> details;	157 scoped_ptr<ProofVerifyDetails> details;

157 std::string error_details;	158 std::string error_details;

158	159

159 std::vector<std::string> certs;	160 std::vector<std::string> certs;

160 ASSERT_NO_FATAL_FAILURE(GetTestCertificates(&certs));	161 ASSERT_NO_FATAL_FAILURE(GetTestCertificates(&certs));

161	162

162 DummyProofVerifierCallback* callback = new DummyProofVerifierCallback;	163 DummyProofVerifierCallback* callback = new DummyProofVerifierCallback;

163 QuicAsyncStatus status = proof_verifier.VerifyProof(	164 QuicAsyncStatus status = proof_verifier.VerifyProof(

164 kTestHostname, kTestConfig, certs, "", GetTestSignature(),	165 kTestHostname, kTestConfig, certs, "", GetTestSignature(),

165 verify_context.get(), &error_details, &details, callback);	166 verify_context.get(), &error_details, &details, callback);

166 ASSERT_EQ(QUIC_FAILURE, status);	167 ASSERT_EQ(QUIC_FAILURE, status);

167 delete callback;	168 delete callback;

168 }	169 }

169	170

170 // Tests that the ProofVerifier doesn't verify certificates if the config	171 // Tests that the ProofVerifier doesn't verify certificates if the config

171 // signature fails.	172 // signature fails.

172 TEST(ProofVerifierChromiumTest, FailsIfSignatureFails) {	173 TEST(ProofVerifierChromiumTest, FailsIfSignatureFails) {

173 FailsTestCertVerifier cert_verifier;	174 FailsTestCertVerifier cert_verifier;

174 ProofVerifierChromium proof_verifier(&cert_verifier, nullptr, nullptr);	175 ProofVerifierChromium proof_verifier(&cert_verifier, nullptr, nullptr,

	176 nullptr);

175	177

176 scoped_ptr<ProofVerifyContext> verify_context(	178 scoped_ptr<ProofVerifyContext> verify_context(

177 new ProofVerifyContextChromium(0 /cert_verify_flags/, BoundNetLog()));	179 new ProofVerifyContextChromium(0 /cert_verify_flags/, BoundNetLog()));

178 scoped_ptr<ProofVerifyDetails> details;	180 scoped_ptr<ProofVerifyDetails> details;

179 std::string error_details;	181 std::string error_details;

180	182

181 std::vector<std::string> certs;	183 std::vector<std::string> certs;

182 ASSERT_NO_FATAL_FAILURE(GetTestCertificates(&certs));	184 ASSERT_NO_FATAL_FAILURE(GetTestCertificates(&certs));

183	185

184 DummyProofVerifierCallback* callback = new DummyProofVerifierCallback;	186 DummyProofVerifierCallback* callback = new DummyProofVerifierCallback;

(...skipping 10 matching lines...) Expand all Loading...
195 scoped_refptr<X509Certificate> test_cert = GetTestServerCertificate();	197 scoped_refptr<X509Certificate> test_cert = GetTestServerCertificate();

196 ASSERT_TRUE(test_cert);	198 ASSERT_TRUE(test_cert);

197	199

198 CertVerifyResult dummy_result;	200 CertVerifyResult dummy_result;

199 dummy_result.verified_cert = test_cert;	201 dummy_result.verified_cert = test_cert;

200 dummy_result.cert_status = CERT_STATUS_IS_EV;	202 dummy_result.cert_status = CERT_STATUS_IS_EV;

201	203

202 MockCertVerifier dummy_verifier;	204 MockCertVerifier dummy_verifier;

203 dummy_verifier.AddResultForCert(test_cert.get(), dummy_result, OK);	205 dummy_verifier.AddResultForCert(test_cert.get(), dummy_result, OK);

204	206

205 ProofVerifierChromium proof_verifier(&dummy_verifier, nullptr, nullptr);	207 ProofVerifierChromium proof_verifier(&dummy_verifier, nullptr, nullptr,

	208 nullptr);

206	209

207 scoped_ptr<ProofVerifyContext> verify_context(	210 scoped_ptr<ProofVerifyContext> verify_context(

208 new ProofVerifyContextChromium(0 /cert_verify_flags/, BoundNetLog()));	211 new ProofVerifyContextChromium(0 /cert_verify_flags/, BoundNetLog()));

209 scoped_ptr<ProofVerifyDetails> details;	212 scoped_ptr<ProofVerifyDetails> details;

210 std::string error_details;	213 std::string error_details;

211	214

212 std::vector<std::string> certs;	215 std::vector<std::string> certs;

213 ASSERT_NO_FATAL_FAILURE(GetTestCertificates(&certs));	216 ASSERT_NO_FATAL_FAILURE(GetTestCertificates(&certs));

214	217

215 DummyProofVerifierCallback* callback = new DummyProofVerifierCallback;	218 DummyProofVerifierCallback* callback = new DummyProofVerifierCallback;

(...skipping 19 matching lines...) Expand all Loading...
235 CertVerifyResult dummy_result;	238 CertVerifyResult dummy_result;

236 dummy_result.verified_cert = test_cert;	239 dummy_result.verified_cert = test_cert;

237 dummy_result.cert_status = CERT_STATUS_IS_EV;	240 dummy_result.cert_status = CERT_STATUS_IS_EV;

238	241

239 MockCertVerifier dummy_verifier;	242 MockCertVerifier dummy_verifier;

240 dummy_verifier.AddResultForCert(test_cert.get(), dummy_result, OK);	243 dummy_verifier.AddResultForCert(test_cert.get(), dummy_result, OK);

241	244

242 MockCertPolicyEnforcer policy_enforcer(true /is_ev/);	245 MockCertPolicyEnforcer policy_enforcer(true /is_ev/);

243	246

244 ProofVerifierChromium proof_verifier(&dummy_verifier, &policy_enforcer,	247 ProofVerifierChromium proof_verifier(&dummy_verifier, &policy_enforcer,

245 nullptr);	248 nullptr, nullptr);

246	249

247 scoped_ptr<ProofVerifyContext> verify_context(	250 scoped_ptr<ProofVerifyContext> verify_context(

248 new ProofVerifyContextChromium(0 /cert_verify_flags/, BoundNetLog()));	251 new ProofVerifyContextChromium(0 /cert_verify_flags/, BoundNetLog()));

249 scoped_ptr<ProofVerifyDetails> details;	252 scoped_ptr<ProofVerifyDetails> details;

250 std::string error_details;	253 std::string error_details;

251	254

252 std::vector<std::string> certs;	255 std::vector<std::string> certs;

253 ASSERT_NO_FATAL_FAILURE(GetTestCertificates(&certs));	256 ASSERT_NO_FATAL_FAILURE(GetTestCertificates(&certs));

254	257

255 DummyProofVerifierCallback* callback = new DummyProofVerifierCallback;	258 DummyProofVerifierCallback* callback = new DummyProofVerifierCallback;

(...skipping 19 matching lines...) Expand all Loading...
275 CertVerifyResult dummy_result;	278 CertVerifyResult dummy_result;

276 dummy_result.verified_cert = test_cert;	279 dummy_result.verified_cert = test_cert;

277 dummy_result.cert_status = CERT_STATUS_IS_EV;	280 dummy_result.cert_status = CERT_STATUS_IS_EV;

278	281

279 MockCertVerifier dummy_verifier;	282 MockCertVerifier dummy_verifier;

280 dummy_verifier.AddResultForCert(test_cert.get(), dummy_result, OK);	283 dummy_verifier.AddResultForCert(test_cert.get(), dummy_result, OK);

281	284

282 MockCertPolicyEnforcer policy_enforcer(false /is_ev/);	285 MockCertPolicyEnforcer policy_enforcer(false /is_ev/);

283	286

284 ProofVerifierChromium proof_verifier(&dummy_verifier, &policy_enforcer,	287 ProofVerifierChromium proof_verifier(&dummy_verifier, &policy_enforcer,

285 nullptr);	288 nullptr, nullptr);

286	289

287 scoped_ptr<ProofVerifyContext> verify_context(	290 scoped_ptr<ProofVerifyContext> verify_context(

288 new ProofVerifyContextChromium(0 /cert_verify_flags/, BoundNetLog()));	291 new ProofVerifyContextChromium(0 /cert_verify_flags/, BoundNetLog()));

289 scoped_ptr<ProofVerifyDetails> details;	292 scoped_ptr<ProofVerifyDetails> details;

290 std::string error_details;	293 std::string error_details;

291	294

292 std::vector<std::string> certs;	295 std::vector<std::string> certs;

293 ASSERT_NO_FATAL_FAILURE(GetTestCertificates(&certs));	296 ASSERT_NO_FATAL_FAILURE(GetTestCertificates(&certs));

294	297

295 DummyProofVerifierCallback* callback = new DummyProofVerifierCallback;	298 DummyProofVerifierCallback* callback = new DummyProofVerifierCallback;

(...skipping 20 matching lines...) Expand all Loading...
316 CertVerifyResult dummy_result;	319 CertVerifyResult dummy_result;

317 dummy_result.verified_cert = test_cert;	320 dummy_result.verified_cert = test_cert;

318 dummy_result.cert_status = 0;	321 dummy_result.cert_status = 0;

319	322

320 MockCertVerifier dummy_verifier;	323 MockCertVerifier dummy_verifier;

321 dummy_verifier.AddResultForCert(test_cert.get(), dummy_result, OK);	324 dummy_verifier.AddResultForCert(test_cert.get(), dummy_result, OK);

322	325

323 FailsTestCertPolicyEnforcer policy_enforcer;	326 FailsTestCertPolicyEnforcer policy_enforcer;

324	327

325 ProofVerifierChromium proof_verifier(&dummy_verifier, &policy_enforcer,	328 ProofVerifierChromium proof_verifier(&dummy_verifier, &policy_enforcer,

326 nullptr);	329 nullptr, nullptr);

327	330

328 scoped_ptr<ProofVerifyContext> verify_context(	331 scoped_ptr<ProofVerifyContext> verify_context(

329 new ProofVerifyContextChromium(0 /cert_verify_flags/, BoundNetLog()));	332 new ProofVerifyContextChromium(0 /cert_verify_flags/, BoundNetLog()));

330 scoped_ptr<ProofVerifyDetails> details;	333 scoped_ptr<ProofVerifyDetails> details;

331 std::string error_details;	334 std::string error_details;

332	335

333 std::vector<std::string> certs;	336 std::vector<std::string> certs;

334 ASSERT_NO_FATAL_FAILURE(GetTestCertificates(&certs));	337 ASSERT_NO_FATAL_FAILURE(GetTestCertificates(&certs));

335	338

336 DummyProofVerifierCallback* callback = new DummyProofVerifierCallback;	339 DummyProofVerifierCallback* callback = new DummyProofVerifierCallback;

337 QuicAsyncStatus status = proof_verifier.VerifyProof(	340 QuicAsyncStatus status = proof_verifier.VerifyProof(

338 kTestHostname, kTestConfig, certs, "", GetTestSignature(),	341 kTestHostname, kTestConfig, certs, "", GetTestSignature(),

339 verify_context.get(), &error_details, &details, callback);	342 verify_context.get(), &error_details, &details, callback);

340 ASSERT_EQ(QUIC_SUCCESS, status);	343 ASSERT_EQ(QUIC_SUCCESS, status);

341 delete callback;	344 delete callback;

342	345

343 ASSERT_TRUE(details.get());	346 ASSERT_TRUE(details.get());

344 ProofVerifyDetailsChromium* verify_details =	347 ProofVerifyDetailsChromium* verify_details =

345 static_cast<ProofVerifyDetailsChromium*>(details.get());	348 static_cast<ProofVerifyDetailsChromium*>(details.get());

346 EXPECT_EQ(0u, verify_details->cert_verify_result.cert_status);	349 EXPECT_EQ(0u, verify_details->cert_verify_result.cert_status);

347 }	350 }

348	351

349 } // namespace test	352 } // namespace test

350 } // namespace net	353 } // namespace net

OLD	NEW