| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/quic/crypto/proof_verifier_chromium.h" | 5 #include "net/quic/crypto/proof_verifier_chromium.h" |
| 6 | 6 |
| 7 #include "base/memory/ref_counted.h" | 7 #include "base/memory/ref_counted.h" |
| 8 #include "base/memory/scoped_ptr.h" | 8 #include "base/memory/scoped_ptr.h" |
| 9 #include "net/base/net_errors.h" | 9 #include "net/base/net_errors.h" |
| 10 #include "net/base/test_data_directory.h" | 10 #include "net/base/test_data_directory.h" |
| (...skipping 165 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 176 ASSERT_TRUE(test_cert.get()); | 176 ASSERT_TRUE(test_cert.get()); |
| 177 | 177 |
| 178 std::string der_bytes; | 178 std::string der_bytes; |
| 179 ASSERT_TRUE(X509Certificate::GetDEREncoded(test_cert->os_cert_handle(), | 179 ASSERT_TRUE(X509Certificate::GetDEREncoded(test_cert->os_cert_handle(), |
| 180 &der_bytes)); | 180 &der_bytes)); |
| 181 | 181 |
| 182 certs->clear(); | 182 certs->clear(); |
| 183 certs->push_back(der_bytes); | 183 certs->push_back(der_bytes); |
| 184 } | 184 } |
| 185 | 185 |
| 186 std::string GetSCTListForTesting() { | |
| 187 const std::string sct = ct::GetTestSignedCertificateTimestamp(); | |
| 188 std::string sct_list; | |
| 189 ct::EncodeSCTListForTesting(sct, &sct_list); | |
| 190 return sct_list; | |
| 191 } | |
| 192 | |
| 193 std::string GetCorruptSCTListForTesting() { | |
| 194 std::string sct = ct::GetTestSignedCertificateTimestamp(); | |
| 195 sct[15] = 't'; // Corrupt a byte inside SCT. | |
| 196 std::string sct_list; | |
| 197 ct::EncodeSCTListForTesting(sct, &sct_list); | |
| 198 return sct_list; | |
| 199 } | |
| 200 | |
| 201 bool CheckForSingleVerifiedSCTInResult(const ct::CTVerifyResult& result) { | |
| 202 return (result.verified_scts.size() == 1U) && result.invalid_scts.empty() && | |
| 203 result.unknown_logs_scts.empty() && | |
| 204 result.verified_scts[0]->log_description == kLogDescription; | |
| 205 } | |
| 206 | |
| 207 bool CheckForSCTOrigin(const ct::CTVerifyResult& result, | |
| 208 ct::SignedCertificateTimestamp::Origin origin) { | |
| 209 return (result.verified_scts.size() > 0) && | |
| 210 (result.verified_scts[0]->origin == origin); | |
| 211 } | |
| 212 | |
| 213 void CheckSCT(bool sct_expected_ok) { | 186 void CheckSCT(bool sct_expected_ok) { |
| 214 ProofVerifyDetailsChromium* proof_details = | 187 ProofVerifyDetailsChromium* proof_details = |
| 215 reinterpret_cast<ProofVerifyDetailsChromium*>(details_.get()); | 188 reinterpret_cast<ProofVerifyDetailsChromium*>(details_.get()); |
| 216 const ct::CTVerifyResult& ct_verify_result = | 189 const ct::CTVerifyResult& ct_verify_result = |
| 217 proof_details->ct_verify_result; | 190 proof_details->ct_verify_result; |
| 218 if (sct_expected_ok) { | 191 if (sct_expected_ok) { |
| 219 ASSERT_TRUE(CheckForSingleVerifiedSCTInResult(ct_verify_result)); | 192 ASSERT_TRUE(ct::CheckForSingleVerifiedSCTInResult(ct_verify_result, |
| 220 ASSERT_TRUE(CheckForSCTOrigin( | 193 kLogDescription)); |
| 194 ASSERT_TRUE(ct::CheckForSCTOrigin( |
| 221 ct_verify_result, | 195 ct_verify_result, |
| 222 ct::SignedCertificateTimestamp::SCT_FROM_TLS_EXTENSION)); | 196 ct::SignedCertificateTimestamp::SCT_FROM_TLS_EXTENSION)); |
| 223 } else { | 197 } else { |
| 224 EXPECT_EQ(1U, ct_verify_result.unknown_logs_scts.size()); | 198 EXPECT_EQ(1U, ct_verify_result.unknown_logs_scts.size()); |
| 225 } | 199 } |
| 226 } | 200 } |
| 227 | 201 |
| 228 protected: | 202 protected: |
| 229 scoped_ptr<MultiLogCTVerifier> ct_verifier_; | 203 scoped_ptr<MultiLogCTVerifier> ct_verifier_; |
| 230 std::vector<scoped_refptr<const CTLogVerifier>> log_verifiers_; | 204 std::vector<scoped_refptr<const CTLogVerifier>> log_verifiers_; |
| (...skipping 23 matching lines...) Expand all Loading... |
| 254 // Use different certificates for SCT tests. | 228 // Use different certificates for SCT tests. |
| 255 ASSERT_NO_FATAL_FAILURE(GetSCTTestCertificates(&certs_)); | 229 ASSERT_NO_FATAL_FAILURE(GetSCTTestCertificates(&certs_)); |
| 256 | 230 |
| 257 MockCertVerifier cert_verifier; | 231 MockCertVerifier cert_verifier; |
| 258 ProofVerifierChromium proof_verifier(&cert_verifier, nullptr, nullptr, | 232 ProofVerifierChromium proof_verifier(&cert_verifier, nullptr, nullptr, |
| 259 ct_verifier_.get()); | 233 ct_verifier_.get()); |
| 260 | 234 |
| 261 scoped_ptr<DummyProofVerifierCallback> callback( | 235 scoped_ptr<DummyProofVerifierCallback> callback( |
| 262 new DummyProofVerifierCallback); | 236 new DummyProofVerifierCallback); |
| 263 QuicAsyncStatus status = proof_verifier.VerifyProof( | 237 QuicAsyncStatus status = proof_verifier.VerifyProof( |
| 264 kTestHostname, kTestConfig, certs_, GetSCTListForTesting(), "", | 238 kTestHostname, kTestConfig, certs_, ct::GetSCTListForTesting(), "", |
| 265 verify_context_.get(), &error_details_, &details_, callback.get()); | 239 verify_context_.get(), &error_details_, &details_, callback.get()); |
| 266 ASSERT_EQ(QUIC_FAILURE, status); | 240 ASSERT_EQ(QUIC_FAILURE, status); |
| 267 CheckSCT(/*sct_expected_ok=*/true); | 241 CheckSCT(/*sct_expected_ok=*/true); |
| 268 } | 242 } |
| 269 | 243 |
| 270 // Invalid SCT and signature. | 244 // Invalid SCT and signature. |
| 271 TEST_F(ProofVerifierChromiumTest, InvalidSCTList) { | 245 TEST_F(ProofVerifierChromiumTest, InvalidSCTList) { |
| 272 // Use different certificates for SCT tests. | 246 // Use different certificates for SCT tests. |
| 273 ASSERT_NO_FATAL_FAILURE(GetSCTTestCertificates(&certs_)); | 247 ASSERT_NO_FATAL_FAILURE(GetSCTTestCertificates(&certs_)); |
| 274 | 248 |
| 275 MockCertVerifier cert_verifier; | 249 MockCertVerifier cert_verifier; |
| 276 ProofVerifierChromium proof_verifier(&cert_verifier, nullptr, nullptr, | 250 ProofVerifierChromium proof_verifier(&cert_verifier, nullptr, nullptr, |
| 277 ct_verifier_.get()); | 251 ct_verifier_.get()); |
| 278 | 252 |
| 279 scoped_ptr<DummyProofVerifierCallback> callback( | 253 scoped_ptr<DummyProofVerifierCallback> callback( |
| 280 new DummyProofVerifierCallback); | 254 new DummyProofVerifierCallback); |
| 281 QuicAsyncStatus status = proof_verifier.VerifyProof( | 255 QuicAsyncStatus status = proof_verifier.VerifyProof( |
| 282 kTestHostname, kTestConfig, certs_, GetCorruptSCTListForTesting(), "", | 256 kTestHostname, kTestConfig, certs_, ct::GetSCTListWithInvalidSCT(), "", |
| 283 verify_context_.get(), &error_details_, &details_, callback.get()); | 257 verify_context_.get(), &error_details_, &details_, callback.get()); |
| 284 ASSERT_EQ(QUIC_FAILURE, status); | 258 ASSERT_EQ(QUIC_FAILURE, status); |
| 285 CheckSCT(/*sct_expected_ok=*/false); | 259 CheckSCT(/*sct_expected_ok=*/false); |
| 286 } | 260 } |
| 287 | 261 |
| 288 // Tests that the ProofVerifier doesn't verify certificates if the config | 262 // Tests that the ProofVerifier doesn't verify certificates if the config |
| 289 // signature fails. | 263 // signature fails. |
| 290 TEST_F(ProofVerifierChromiumTest, FailsIfSignatureFails) { | 264 TEST_F(ProofVerifierChromiumTest, FailsIfSignatureFails) { |
| 291 FailsTestCertVerifier cert_verifier; | 265 FailsTestCertVerifier cert_verifier; |
| 292 ProofVerifierChromium proof_verifier(&cert_verifier, nullptr, nullptr, | 266 ProofVerifierChromium proof_verifier(&cert_verifier, nullptr, nullptr, |
| (...skipping 128 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 421 ASSERT_EQ(QUIC_SUCCESS, status); | 395 ASSERT_EQ(QUIC_SUCCESS, status); |
| 422 | 396 |
| 423 ASSERT_TRUE(details_.get()); | 397 ASSERT_TRUE(details_.get()); |
| 424 ProofVerifyDetailsChromium* verify_details = | 398 ProofVerifyDetailsChromium* verify_details = |
| 425 static_cast<ProofVerifyDetailsChromium*>(details_.get()); | 399 static_cast<ProofVerifyDetailsChromium*>(details_.get()); |
| 426 EXPECT_EQ(0u, verify_details->cert_verify_result.cert_status); | 400 EXPECT_EQ(0u, verify_details->cert_verify_result.cert_status); |
| 427 } | 401 } |
| 428 | 402 |
| 429 } // namespace test | 403 } // namespace test |
| 430 } // namespace net | 404 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1498983004:
CT Verify test utilities change - Moved the following common functions (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master