| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/quic/test_tools/crypto_test_utils.h" | 5 #include "net/quic/test_tools/crypto_test_utils.h" |
| 6 | 6 |
| 7 #include "base/callback_helpers.h" | 7 #include "base/callback_helpers.h" |
| 8 #include "base/logging.h" | 8 #include "base/logging.h" |
| 9 #include "base/memory/ref_counted.h" | 9 #include "base/memory/ref_counted.h" |
| 10 #include "base/memory/scoped_ptr.h" | 10 #include "base/memory/scoped_ptr.h" |
| 11 #include "base/stl_util.h" | 11 #include "base/stl_util.h" |
| 12 #include "base/strings/stringprintf.h" | 12 #include "base/strings/stringprintf.h" |
| 13 #include "net/base/net_errors.h" | 13 #include "net/base/net_errors.h" |
| 14 #include "net/base/test_completion_callback.h" | 14 #include "net/base/test_completion_callback.h" |
| 15 #include "net/base/test_data_directory.h" | 15 #include "net/base/test_data_directory.h" |
| 16 #include "net/cert/cert_status_flags.h" | 16 #include "net/cert/cert_status_flags.h" |
| 17 #include "net/cert/cert_verifier.h" | 17 #include "net/cert/cert_verifier.h" |
| 18 #include "net/cert/cert_verify_result.h" | 18 #include "net/cert/cert_verify_result.h" |
| 19 #include "net/cert/ct_verifier.h" |
| 19 #include "net/cert/mock_cert_verifier.h" | 20 #include "net/cert/mock_cert_verifier.h" |
| 20 #include "net/cert/test_root_certs.h" | 21 #include "net/cert/test_root_certs.h" |
| 21 #include "net/cert/x509_certificate.h" | 22 #include "net/cert/x509_certificate.h" |
| 22 #include "net/cert/x509_util.h" | 23 #include "net/cert/x509_util.h" |
| 23 #include "net/http/transport_security_state.h" | 24 #include "net/http/transport_security_state.h" |
| 24 #include "net/log/net_log.h" | 25 #include "net/log/net_log.h" |
| 25 #include "net/quic/crypto/crypto_utils.h" | 26 #include "net/quic/crypto/crypto_utils.h" |
| 26 #include "net/quic/crypto/proof_source_chromium.h" | 27 #include "net/quic/crypto/proof_source_chromium.h" |
| 27 #include "net/quic/crypto/proof_verifier_chromium.h" | 28 #include "net/quic/crypto/proof_verifier_chromium.h" |
| 28 #include "net/ssl/ssl_config_service.h" | 29 #include "net/ssl/ssl_config_service.h" |
| 29 #include "net/test/cert_test_util.h" | 30 #include "net/test/cert_test_util.h" |
| 31 #include "net/test/ct_test_util.h" |
| 30 | 32 |
| 31 using base::StringPiece; | 33 using base::StringPiece; |
| 32 using base::StringPrintf; | 34 using base::StringPrintf; |
| 33 using std::string; | 35 using std::string; |
| 34 using std::vector; | 36 using std::vector; |
| 35 | 37 |
| 36 namespace net { | 38 namespace net { |
| 37 | 39 |
| 38 namespace test { | 40 namespace test { |
| 39 | 41 |
| 40 namespace { | 42 namespace { |
| 41 | 43 |
| 42 class TestProofVerifierChromium : public ProofVerifierChromium { | 44 class TestProofVerifierChromium : public ProofVerifierChromium { |
| 43 public: | 45 public: |
| 44 TestProofVerifierChromium( | 46 TestProofVerifierChromium( |
| 45 scoped_ptr<CertVerifier> cert_verifier, | 47 scoped_ptr<CertVerifier> cert_verifier, |
| 46 scoped_ptr<TransportSecurityState> transport_security_state, | 48 scoped_ptr<TransportSecurityState> transport_security_state, |
| 49 scoped_ptr<CTVerifier> cert_transparency_verifier, |
| 47 const std::string& cert_file) | 50 const std::string& cert_file) |
| 48 : ProofVerifierChromium(cert_verifier.get(), | 51 : ProofVerifierChromium(cert_verifier.get(), |
| 49 nullptr, | 52 nullptr, |
| 50 transport_security_state.get()), | 53 transport_security_state.get(), |
| 54 cert_transparency_verifier.get()), |
| 51 cert_verifier_(cert_verifier.Pass()), | 55 cert_verifier_(cert_verifier.Pass()), |
| 52 transport_security_state_(transport_security_state.Pass()) { | 56 transport_security_state_(transport_security_state.Pass()), |
| 57 cert_transparency_verifier_(cert_transparency_verifier.Pass()) { |
| 53 // Load and install the root for the validated chain. | 58 // Load and install the root for the validated chain. |
| 54 scoped_refptr<X509Certificate> root_cert = | 59 scoped_refptr<X509Certificate> root_cert = |
| 55 ImportCertFromFile(GetTestCertsDirectory(), cert_file); | 60 ImportCertFromFile(GetTestCertsDirectory(), cert_file); |
| 56 scoped_root_.Reset(root_cert.get()); | 61 scoped_root_.Reset(root_cert.get()); |
| 57 } | 62 } |
| 58 | 63 |
| 59 ~TestProofVerifierChromium() override {} | 64 ~TestProofVerifierChromium() override {} |
| 60 | 65 |
| 61 CertVerifier* cert_verifier() { return cert_verifier_.get(); } | 66 CertVerifier* cert_verifier() { return cert_verifier_.get(); } |
| 62 | 67 |
| 63 private: | 68 private: |
| 64 ScopedTestRoot scoped_root_; | 69 ScopedTestRoot scoped_root_; |
| 65 scoped_ptr<CertVerifier> cert_verifier_; | 70 scoped_ptr<CertVerifier> cert_verifier_; |
| 66 scoped_ptr<TransportSecurityState> transport_security_state_; | 71 scoped_ptr<TransportSecurityState> transport_security_state_; |
| 72 scoped_ptr<CTVerifier> cert_transparency_verifier_; |
| 73 }; |
| 74 |
| 75 class FakeCTVerifier : public CTVerifier { |
| 76 public: |
| 77 FakeCTVerifier() {} |
| 78 ~FakeCTVerifier() override {} |
| 79 |
| 80 // CTVerifier implementation: |
| 81 int Verify(X509Certificate* cert, |
| 82 const std::string& stapled_ocsp_response, |
| 83 const std::string& sct_list_from_tls_extension, |
| 84 ct::CTVerifyResult* result, |
| 85 const BoundNetLog& net_log) override { |
| 86 if (sct_list_from_tls_extension == |
| 87 ct::GetTestSignedCertificateTimestamp()) { |
| 88 return OK; |
| 89 } |
| 90 return ERR_FAILED; |
| 91 } |
| 92 |
| 93 void SetObserver(Observer* observer) override {} |
| 94 |
| 95 private: |
| 96 DISALLOW_COPY_AND_ASSIGN(FakeCTVerifier); |
| 67 }; | 97 }; |
| 68 | 98 |
| 69 const char kSignature[] = "signature"; | 99 const char kSignature[] = "signature"; |
| 70 const char kSCT[] = "CryptoServerTests"; | |
| 71 | 100 |
| 72 class FakeProofSource : public ProofSource { | 101 class FakeProofSource : public ProofSource { |
| 73 public: | 102 public: |
| 74 FakeProofSource() {} | 103 FakeProofSource() {} |
| 75 ~FakeProofSource() override {} | 104 ~FakeProofSource() override {} |
| 76 | 105 |
| 77 // ProofSource interface | 106 // ProofSource interface |
| 78 bool Initialize(const base::FilePath& cert_path, | 107 bool Initialize(const base::FilePath& cert_path, |
| 79 const base::FilePath& key_path, | 108 const base::FilePath& key_path, |
| 80 const base::FilePath& sct_path) { | 109 const base::FilePath& sct_path) { |
| (...skipping 25 matching lines...) Expand all Loading... |
| 106 | 135 |
| 107 bool GetProof(const IPAddressNumber& server_ip, | 136 bool GetProof(const IPAddressNumber& server_ip, |
| 108 const std::string& hostname, | 137 const std::string& hostname, |
| 109 const std::string& server_config, | 138 const std::string& server_config, |
| 110 bool ecdsa_ok, | 139 bool ecdsa_ok, |
| 111 const std::vector<std::string>** out_certs, | 140 const std::vector<std::string>** out_certs, |
| 112 std::string* out_signature, | 141 std::string* out_signature, |
| 113 std::string* out_leaf_cert_sct) override { | 142 std::string* out_leaf_cert_sct) override { |
| 114 out_signature->assign(kSignature); | 143 out_signature->assign(kSignature); |
| 115 *out_certs = &certificates_; | 144 *out_certs = &certificates_; |
| 116 *out_leaf_cert_sct = kSCT; | 145 *out_leaf_cert_sct = ct::GetTestSignedCertificateTimestamp(); |
| 117 return true; | 146 return true; |
| 118 } | 147 } |
| 119 | 148 |
| 120 private: | 149 private: |
| 121 std::vector<std::string> certificates_; | 150 std::vector<std::string> certificates_; |
| 122 | 151 |
| 123 DISALLOW_COPY_AND_ASSIGN(FakeProofSource); | 152 DISALLOW_COPY_AND_ASSIGN(FakeProofSource); |
| 124 }; | 153 }; |
| 125 | 154 |
| 126 class FakeProofVerifier : public TestProofVerifierChromium { | 155 class FakeProofVerifier : public TestProofVerifierChromium { |
| 127 public: | 156 public: |
| 128 FakeProofVerifier(scoped_ptr<CertVerifier> cert_verifier, | 157 FakeProofVerifier(scoped_ptr<CertVerifier> cert_verifier, |
| 129 scoped_ptr<TransportSecurityState> transport_security_state, | 158 scoped_ptr<TransportSecurityState> transport_security_state, |
| 159 scoped_ptr<CTVerifier> cert_transparency_verifier, |
| 130 const std::string& cert_file) | 160 const std::string& cert_file) |
| 131 : TestProofVerifierChromium(cert_verifier.Pass(), | 161 : TestProofVerifierChromium(cert_verifier.Pass(), |
| 132 transport_security_state.Pass(), | 162 transport_security_state.Pass(), |
| 163 cert_transparency_verifier.Pass(), |
| 133 cert_file) {} | 164 cert_file) {} |
| 134 ~FakeProofVerifier() override {} | 165 ~FakeProofVerifier() override {} |
| 135 | 166 |
| 136 // ProofVerifier interface | 167 // ProofVerifier interface |
| 137 QuicAsyncStatus VerifyProof(const std::string& hostname, | 168 QuicAsyncStatus VerifyProof(const std::string& hostname, |
| 138 const std::string& server_config, | 169 const std::string& server_config, |
| 139 const std::vector<std::string>& certs, | 170 const std::vector<std::string>& certs, |
| 140 const std::string& cert_sct, | 171 const std::string& cert_sct, |
| 141 const std::string& signature, | 172 const std::string& signature, |
| 142 const ProofVerifyContext* verify_context, | 173 const ProofVerifyContext* verify_context, |
| (...skipping 80 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 223 ImportCertFromFile(GetTestCertsDirectory(), "quic_test.example.com.crt"); | 254 ImportCertFromFile(GetTestCertsDirectory(), "quic_test.example.com.crt"); |
| 224 cert_verifier->AddResultForCertAndHost(verify_result.verified_cert.get(), | 255 cert_verifier->AddResultForCertAndHost(verify_result.verified_cert.get(), |
| 225 "test.example.com", verify_result, OK); | 256 "test.example.com", verify_result, OK); |
| 226 verify_result.verified_cert = ImportCertFromFile( | 257 verify_result.verified_cert = ImportCertFromFile( |
| 227 GetTestCertsDirectory(), "quic_test_ecc.example.com.crt"); | 258 GetTestCertsDirectory(), "quic_test_ecc.example.com.crt"); |
| 228 cert_verifier->AddResultForCertAndHost(verify_result.verified_cert.get(), | 259 cert_verifier->AddResultForCertAndHost(verify_result.verified_cert.get(), |
| 229 "test.example.com", verify_result, OK); | 260 "test.example.com", verify_result, OK); |
| 230 if (use_real_proof_verifier) { | 261 if (use_real_proof_verifier) { |
| 231 return new TestProofVerifierChromium( | 262 return new TestProofVerifierChromium( |
| 232 cert_verifier.Pass(), make_scoped_ptr(new TransportSecurityState), | 263 cert_verifier.Pass(), make_scoped_ptr(new TransportSecurityState), |
| 233 "quic_root.crt"); | 264 make_scoped_ptr(new FakeCTVerifier), "quic_root.crt"); |
| 234 } | 265 } |
| 235 #if defined(USE_OPENSSL) | 266 #if defined(USE_OPENSSL) |
| 236 return new TestProofVerifierChromium( | 267 return new TestProofVerifierChromium( |
| 237 cert_verifier.Pass(), make_scoped_ptr(new TransportSecurityState), | 268 cert_verifier.Pass(), make_scoped_ptr(new TransportSecurityState), |
| 238 "quic_root.crt"); | 269 make_scoped_ptr(new FakeCTVerifier), "quic_root.crt"); |
| 239 #else | 270 #else |
| 240 return new FakeProofVerifier(cert_verifier.Pass(), | 271 return new FakeProofVerifier( |
| 241 make_scoped_ptr(new TransportSecurityState), | 272 cert_verifier.Pass(), make_scoped_ptr(new TransportSecurityState), |
| 242 "quic_root.crt"); | 273 make_scoped_ptr(new FakeCTVerifier), "quic_root.crt"); |
| 243 #endif | 274 #endif |
| 244 } | 275 } |
| 245 | 276 |
| 246 // static | 277 // static |
| 247 ProofVerifier* CryptoTestUtils::ProofVerifierForTesting() { | 278 ProofVerifier* CryptoTestUtils::ProofVerifierForTesting() { |
| 248 return ProofVerifierForTestingInternal(/*use_real_proof_verifier=*/false); | 279 return ProofVerifierForTestingInternal(/*use_real_proof_verifier=*/false); |
| 249 } | 280 } |
| 250 | 281 |
| 251 // static | 282 // static |
| 252 ProofVerifier* CryptoTestUtils::RealProofVerifierForTesting() { | 283 ProofVerifier* CryptoTestUtils::RealProofVerifierForTesting() { |
| 253 return ProofVerifierForTestingInternal(/*use_real_proof_verifier=*/true); | 284 return ProofVerifierForTestingInternal(/*use_real_proof_verifier=*/true); |
| 254 } | 285 } |
| 255 | 286 |
| 256 // static | 287 // static |
| 257 ProofVerifyContext* CryptoTestUtils::ProofVerifyContextForTesting() { | 288 ProofVerifyContext* CryptoTestUtils::ProofVerifyContextForTesting() { |
| 258 return new ProofVerifyContextChromium(/*cert_verify_flags=*/0, BoundNetLog()); | 289 return new ProofVerifyContextChromium(/*cert_verify_flags=*/0, BoundNetLog()); |
| 259 } | 290 } |
| 260 | 291 |
| 292 // static |
| 293 CTVerifier* CryptoTestUtils::CTVerifierTesting() { |
| 294 return new FakeCTVerifier(); |
| 295 } |
| 296 |
| 261 } // namespace test | 297 } // namespace test |
| 262 | 298 |
| 263 } // namespace net | 299 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1454993002:
QUIC - Code to verify SCT tag with certificate transparency verifier (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master