| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/socket/ssl_client_socket.h" | 5 #include "net/socket/ssl_client_socket.h" |
| 6 | 6 |
| 7 #include <utility> | 7 #include <utility> |
| 8 | 8 |
| 9 #include "base/callback_helpers.h" | 9 #include "base/callback_helpers.h" |
| 10 #include "base/files/file_util.h" | 10 #include "base/files/file_util.h" |
| (...skipping 681 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 692 const std::string&, | 692 const std::string&, |
| 693 const std::string&, | 693 const std::string&, |
| 694 ct::CTVerifyResult*, | 694 ct::CTVerifyResult*, |
| 695 const BoundNetLog&)); | 695 const BoundNetLog&)); |
| 696 MOCK_METHOD1(SetObserver, void(CTVerifier::Observer*)); | 696 MOCK_METHOD1(SetObserver, void(CTVerifier::Observer*)); |
| 697 }; | 697 }; |
| 698 | 698 |
| 699 // A mock CTPolicyEnforcer that returns a custom verification result. | 699 // A mock CTPolicyEnforcer that returns a custom verification result. |
| 700 class MockCTPolicyEnforcer : public CTPolicyEnforcer { | 700 class MockCTPolicyEnforcer : public CTPolicyEnforcer { |
| 701 public: | 701 public: |
| 702 MOCK_METHOD3(DoesConformToCertPolicy, |
| 703 ct::CertPolicyCompliance(X509Certificate* cert, |
| 704 const ct::SCTList&, |
| 705 const BoundNetLog&)); |
| 702 MOCK_METHOD4(DoesConformToCTEVPolicy, | 706 MOCK_METHOD4(DoesConformToCTEVPolicy, |
| 703 ct::EVPolicyCompliance(X509Certificate* cert, | 707 ct::EVPolicyCompliance(X509Certificate* cert, |
| 704 const ct::EVCertsWhitelist*, | 708 const ct::EVCertsWhitelist*, |
| 705 const ct::SCTList&, | 709 const ct::SCTList&, |
| 706 const BoundNetLog&)); | 710 const BoundNetLog&)); |
| 707 }; | 711 }; |
| 708 | 712 |
| 709 class SSLClientSocketTest : public PlatformTest { | 713 class SSLClientSocketTest : public PlatformTest { |
| 710 public: | 714 public: |
| 711 SSLClientSocketTest() | 715 SSLClientSocketTest() |
| (...skipping 1630 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2342 | 2346 |
| 2343 // To activate the CT/EV policy enforcement non-null CTVerifier and | 2347 // To activate the CT/EV policy enforcement non-null CTVerifier and |
| 2344 // CTPolicyEnforcer are needed. | 2348 // CTPolicyEnforcer are needed. |
| 2345 MockCTVerifier ct_verifier; | 2349 MockCTVerifier ct_verifier; |
| 2346 SetCTVerifier(&ct_verifier); | 2350 SetCTVerifier(&ct_verifier); |
| 2347 EXPECT_CALL(ct_verifier, Verify(_, "", "", _, _)).WillRepeatedly(Return(OK)); | 2351 EXPECT_CALL(ct_verifier, Verify(_, "", "", _, _)).WillRepeatedly(Return(OK)); |
| 2348 | 2352 |
| 2349 // Emulate compliance of the certificate to the policy. | 2353 // Emulate compliance of the certificate to the policy. |
| 2350 MockCTPolicyEnforcer policy_enforcer; | 2354 MockCTPolicyEnforcer policy_enforcer; |
| 2351 SetCTPolicyEnforcer(&policy_enforcer); | 2355 SetCTPolicyEnforcer(&policy_enforcer); |
| 2356 EXPECT_CALL(policy_enforcer, DoesConformToCertPolicy(_, _, _)) |
| 2357 .WillRepeatedly( |
| 2358 Return(ct::CertPolicyCompliance::CERT_POLICY_COMPLIES_VIA_SCTS)); |
| 2352 EXPECT_CALL(policy_enforcer, DoesConformToCTEVPolicy(_, _, _, _)) | 2359 EXPECT_CALL(policy_enforcer, DoesConformToCTEVPolicy(_, _, _, _)) |
| 2353 .WillRepeatedly( | 2360 .WillRepeatedly( |
| 2354 Return(ct::EVPolicyCompliance::EV_POLICY_COMPLIES_VIA_SCTS)); | 2361 Return(ct::EVPolicyCompliance::EV_POLICY_COMPLIES_VIA_SCTS)); |
| 2355 | 2362 |
| 2356 int rv; | 2363 int rv; |
| 2357 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); | 2364 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); |
| 2358 EXPECT_EQ(OK, rv); | 2365 EXPECT_EQ(OK, rv); |
| 2359 | 2366 |
| 2360 SSLInfo result; | 2367 SSLInfo result; |
| 2361 ASSERT_TRUE(sock_->GetSSLInfo(&result)); | 2368 ASSERT_TRUE(sock_->GetSSLInfo(&result)); |
| (...skipping 13 matching lines...) Expand all Loading... |
| 2375 | 2382 |
| 2376 // To activate the CT/EV policy enforcement non-null CTVerifier and | 2383 // To activate the CT/EV policy enforcement non-null CTVerifier and |
| 2377 // CTPolicyEnforcer are needed. | 2384 // CTPolicyEnforcer are needed. |
| 2378 MockCTVerifier ct_verifier; | 2385 MockCTVerifier ct_verifier; |
| 2379 SetCTVerifier(&ct_verifier); | 2386 SetCTVerifier(&ct_verifier); |
| 2380 EXPECT_CALL(ct_verifier, Verify(_, "", "", _, _)).WillRepeatedly(Return(OK)); | 2387 EXPECT_CALL(ct_verifier, Verify(_, "", "", _, _)).WillRepeatedly(Return(OK)); |
| 2381 | 2388 |
| 2382 // Emulate non-compliance of the certificate to the policy. | 2389 // Emulate non-compliance of the certificate to the policy. |
| 2383 MockCTPolicyEnforcer policy_enforcer; | 2390 MockCTPolicyEnforcer policy_enforcer; |
| 2384 SetCTPolicyEnforcer(&policy_enforcer); | 2391 SetCTPolicyEnforcer(&policy_enforcer); |
| 2392 EXPECT_CALL(policy_enforcer, DoesConformToCertPolicy(_, _, _)) |
| 2393 .WillRepeatedly( |
| 2394 Return(ct::CertPolicyCompliance::CERT_POLICY_NOT_ENOUGH_SCTS)); |
| 2385 EXPECT_CALL(policy_enforcer, DoesConformToCTEVPolicy(_, _, _, _)) | 2395 EXPECT_CALL(policy_enforcer, DoesConformToCTEVPolicy(_, _, _, _)) |
| 2386 .WillRepeatedly( | 2396 .WillRepeatedly( |
| 2387 Return(ct::EVPolicyCompliance::EV_POLICY_NOT_ENOUGH_SCTS)); | 2397 Return(ct::EVPolicyCompliance::EV_POLICY_NOT_ENOUGH_SCTS)); |
| 2388 | 2398 |
| 2389 int rv; | 2399 int rv; |
| 2390 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); | 2400 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); |
| 2391 EXPECT_EQ(OK, rv); | 2401 EXPECT_EQ(OK, rv); |
| 2392 | 2402 |
| 2393 SSLInfo result; | 2403 SSLInfo result; |
| 2394 ASSERT_TRUE(sock_->GetSSLInfo(&result)); | 2404 ASSERT_TRUE(sock_->GetSSLInfo(&result)); |
| (...skipping 963 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3358 SSLInfo ssl_info; | 3368 SSLInfo ssl_info; |
| 3359 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info)); | 3369 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info)); |
| 3360 EXPECT_TRUE(ssl_info.client_cert_sent); | 3370 EXPECT_TRUE(ssl_info.client_cert_sent); |
| 3361 | 3371 |
| 3362 sock_->Disconnect(); | 3372 sock_->Disconnect(); |
| 3363 EXPECT_FALSE(sock_->IsConnected()); | 3373 EXPECT_FALSE(sock_->IsConnected()); |
| 3364 } | 3374 } |
| 3365 #endif // defined(USE_OPENSSL) | 3375 #endif // defined(USE_OPENSSL) |
| 3366 | 3376 |
| 3367 } // namespace net | 3377 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1578993003:
Add Expect CT policy that gets checked on all certs (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master