| Index: net/quic/test_tools/crypto_test_utils_chromium.cc
|
| diff --git a/net/quic/test_tools/crypto_test_utils_chromium.cc b/net/quic/test_tools/crypto_test_utils_chromium.cc
|
| index f61714422b3647214daacc57e3f02092c993a01e..2a7ff704cda394be832498ea4c0e14f7de27bfcb 100644
|
| --- a/net/quic/test_tools/crypto_test_utils_chromium.cc
|
| +++ b/net/quic/test_tools/crypto_test_utils_chromium.cc
|
| @@ -16,6 +16,7 @@
|
| #include "net/cert/cert_status_flags.h"
|
| #include "net/cert/cert_verifier.h"
|
| #include "net/cert/cert_verify_result.h"
|
| +#include "net/cert/ct_verifier.h"
|
| #include "net/cert/mock_cert_verifier.h"
|
| #include "net/cert/test_root_certs.h"
|
| #include "net/cert/x509_certificate.h"
|
| @@ -27,6 +28,7 @@
|
| #include "net/quic/crypto/proof_verifier_chromium.h"
|
| #include "net/ssl/ssl_config_service.h"
|
| #include "net/test/cert_test_util.h"
|
| +#include "net/test/ct_test_util.h"
|
|
|
| using base::StringPiece;
|
| using base::StringPrintf;
|
| @@ -44,12 +46,15 @@ class TestProofVerifierChromium : public ProofVerifierChromium {
|
| TestProofVerifierChromium(
|
| scoped_ptr<CertVerifier> cert_verifier,
|
| scoped_ptr<TransportSecurityState> transport_security_state,
|
| + scoped_ptr<CTVerifier> cert_transparency_verifier,
|
| const std::string& cert_file)
|
| : ProofVerifierChromium(cert_verifier.get(),
|
| nullptr,
|
| - transport_security_state.get()),
|
| + transport_security_state.get(),
|
| + cert_transparency_verifier.get()),
|
| cert_verifier_(cert_verifier.Pass()),
|
| - transport_security_state_(transport_security_state.Pass()) {
|
| + transport_security_state_(transport_security_state.Pass()),
|
| + cert_transparency_verifier_(cert_transparency_verifier.Pass()) {
|
| // Load and install the root for the validated chain.
|
| scoped_refptr<X509Certificate> root_cert =
|
| ImportCertFromFile(GetTestCertsDirectory(), cert_file);
|
| @@ -64,10 +69,34 @@ class TestProofVerifierChromium : public ProofVerifierChromium {
|
| ScopedTestRoot scoped_root_;
|
| scoped_ptr<CertVerifier> cert_verifier_;
|
| scoped_ptr<TransportSecurityState> transport_security_state_;
|
| + scoped_ptr<CTVerifier> cert_transparency_verifier_;
|
| +};
|
| +
|
| +class FakeCTVerifier : public CTVerifier {
|
| + public:
|
| + FakeCTVerifier() {}
|
| + ~FakeCTVerifier() override {}
|
| +
|
| + // CTVerifier implementation:
|
| + int Verify(X509Certificate* cert,
|
| + const std::string& stapled_ocsp_response,
|
| + const std::string& sct_list_from_tls_extension,
|
| + ct::CTVerifyResult* result,
|
| + const BoundNetLog& net_log) override {
|
| + if (sct_list_from_tls_extension ==
|
| + ct::GetTestSignedCertificateTimestamp()) {
|
| + return OK;
|
| + }
|
| + return ERR_FAILED;
|
| + }
|
| +
|
| + void SetObserver(Observer* observer) override {}
|
| +
|
| + private:
|
| + DISALLOW_COPY_AND_ASSIGN(FakeCTVerifier);
|
| };
|
|
|
| const char kSignature[] = "signature";
|
| -const char kSCT[] = "CryptoServerTests";
|
|
|
| class FakeProofSource : public ProofSource {
|
| public:
|
| @@ -113,7 +142,7 @@ class FakeProofSource : public ProofSource {
|
| std::string* out_leaf_cert_sct) override {
|
| out_signature->assign(kSignature);
|
| *out_certs = &certificates_;
|
| - *out_leaf_cert_sct = kSCT;
|
| + *out_leaf_cert_sct = ct::GetTestSignedCertificateTimestamp();
|
| return true;
|
| }
|
|
|
| @@ -127,9 +156,11 @@ class FakeProofVerifier : public TestProofVerifierChromium {
|
| public:
|
| FakeProofVerifier(scoped_ptr<CertVerifier> cert_verifier,
|
| scoped_ptr<TransportSecurityState> transport_security_state,
|
| + scoped_ptr<CTVerifier> cert_transparency_verifier,
|
| const std::string& cert_file)
|
| : TestProofVerifierChromium(cert_verifier.Pass(),
|
| transport_security_state.Pass(),
|
| + cert_transparency_verifier.Pass(),
|
| cert_file) {}
|
| ~FakeProofVerifier() override {}
|
|
|
| @@ -230,16 +261,16 @@ ProofVerifier* ProofVerifierForTestingInternal(bool use_real_proof_verifier) {
|
| if (use_real_proof_verifier) {
|
| return new TestProofVerifierChromium(
|
| cert_verifier.Pass(), make_scoped_ptr(new TransportSecurityState),
|
| - "quic_root.crt");
|
| + make_scoped_ptr(new FakeCTVerifier), "quic_root.crt");
|
| }
|
| #if defined(USE_OPENSSL)
|
| return new TestProofVerifierChromium(
|
| cert_verifier.Pass(), make_scoped_ptr(new TransportSecurityState),
|
| - "quic_root.crt");
|
| + make_scoped_ptr(new FakeCTVerifier), "quic_root.crt");
|
| #else
|
| - return new FakeProofVerifier(cert_verifier.Pass(),
|
| - make_scoped_ptr(new TransportSecurityState),
|
| - "quic_root.crt");
|
| + return new FakeProofVerifier(
|
| + cert_verifier.Pass(), make_scoped_ptr(new TransportSecurityState),
|
| + make_scoped_ptr(new FakeCTVerifier), "quic_root.crt");
|
| #endif
|
| }
|
|
|
| @@ -258,6 +289,11 @@ ProofVerifyContext* CryptoTestUtils::ProofVerifyContextForTesting() {
|
| return new ProofVerifyContextChromium(/*cert_verify_flags=*/0, BoundNetLog());
|
| }
|
|
|
| +// static
|
| +CTVerifier* CryptoTestUtils::CTVerifierTesting() {
|
| + return new FakeCTVerifier();
|
| +}
|
| +
|
| } // namespace test
|
|
|
| } // namespace net
|
|
|
Chromium Code Reviews
Issue 1454993002:
QUIC - Code to verify SCT tag with certificate transparency verifier (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master