Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(160)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_client_socket_unittest.cc

Issue 1578993003: Add Expect CT policy that gets checked on all certs (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: rebase Created 4 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/socket/ssl_client_socket_openssl.cc ('k') | net/ssl/ssl_info.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/socket/ssl_client_socket.h" 5 #include "net/socket/ssl_client_socket.h"
6 6
7 #include <utility> 7 #include <utility>
8 8
9 #include "base/callback_helpers.h" 9 #include "base/callback_helpers.h"
10 #include "base/files/file_util.h" 10 #include "base/files/file_util.h"
(...skipping 681 matching lines...) Expand 10 before | Expand all | Expand 10 after
692 const std::string&, 692 const std::string&,
693 const std::string&, 693 const std::string&,
694 ct::CTVerifyResult*, 694 ct::CTVerifyResult*,
695 const BoundNetLog&)); 695 const BoundNetLog&));
696 MOCK_METHOD1(SetObserver, void(CTVerifier::Observer*)); 696 MOCK_METHOD1(SetObserver, void(CTVerifier::Observer*));
697 }; 697 };
698 698
699 // A mock CTPolicyEnforcer that returns a custom verification result. 699 // A mock CTPolicyEnforcer that returns a custom verification result.
700 class MockCTPolicyEnforcer : public CTPolicyEnforcer { 700 class MockCTPolicyEnforcer : public CTPolicyEnforcer {
701 public: 701 public:
702 MOCK_METHOD3(DoesConformToCertPolicy,
703 ct::CertPolicyCompliance(X509Certificate* cert,
704 const ct::SCTList&,
705 const BoundNetLog&));
702 MOCK_METHOD4(DoesConformToCTEVPolicy, 706 MOCK_METHOD4(DoesConformToCTEVPolicy,
703 ct::EVPolicyCompliance(X509Certificate* cert, 707 ct::EVPolicyCompliance(X509Certificate* cert,
704 const ct::EVCertsWhitelist*, 708 const ct::EVCertsWhitelist*,
705 const ct::SCTList&, 709 const ct::SCTList&,
706 const BoundNetLog&)); 710 const BoundNetLog&));
707 }; 711 };
708 712
709 class SSLClientSocketTest : public PlatformTest { 713 class SSLClientSocketTest : public PlatformTest {
710 public: 714 public:
711 SSLClientSocketTest() 715 SSLClientSocketTest()
(...skipping 1630 matching lines...) Expand 10 before | Expand all | Expand 10 after
2342 2346
2343 // To activate the CT/EV policy enforcement non-null CTVerifier and 2347 // To activate the CT/EV policy enforcement non-null CTVerifier and
2344 // CTPolicyEnforcer are needed. 2348 // CTPolicyEnforcer are needed.
2345 MockCTVerifier ct_verifier; 2349 MockCTVerifier ct_verifier;
2346 SetCTVerifier(&ct_verifier); 2350 SetCTVerifier(&ct_verifier);
2347 EXPECT_CALL(ct_verifier, Verify(_, "", "", _, _)).WillRepeatedly(Return(OK)); 2351 EXPECT_CALL(ct_verifier, Verify(_, "", "", _, _)).WillRepeatedly(Return(OK));
2348 2352
2349 // Emulate compliance of the certificate to the policy. 2353 // Emulate compliance of the certificate to the policy.
2350 MockCTPolicyEnforcer policy_enforcer; 2354 MockCTPolicyEnforcer policy_enforcer;
2351 SetCTPolicyEnforcer(&policy_enforcer); 2355 SetCTPolicyEnforcer(&policy_enforcer);
2356 EXPECT_CALL(policy_enforcer, DoesConformToCertPolicy(_, _, _))
2357 .WillRepeatedly(
2358 Return(ct::CertPolicyCompliance::CERT_POLICY_COMPLIES_VIA_SCTS));
2352 EXPECT_CALL(policy_enforcer, DoesConformToCTEVPolicy(_, _, _, _)) 2359 EXPECT_CALL(policy_enforcer, DoesConformToCTEVPolicy(_, _, _, _))
2353 .WillRepeatedly( 2360 .WillRepeatedly(
2354 Return(ct::EVPolicyCompliance::EV_POLICY_COMPLIES_VIA_SCTS)); 2361 Return(ct::EVPolicyCompliance::EV_POLICY_COMPLIES_VIA_SCTS));
2355 2362
2356 int rv; 2363 int rv;
2357 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); 2364 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
2358 EXPECT_EQ(OK, rv); 2365 EXPECT_EQ(OK, rv);
2359 2366
2360 SSLInfo result; 2367 SSLInfo result;
2361 ASSERT_TRUE(sock_->GetSSLInfo(&result)); 2368 ASSERT_TRUE(sock_->GetSSLInfo(&result));
(...skipping 13 matching lines...) Expand all
2375 2382
2376 // To activate the CT/EV policy enforcement non-null CTVerifier and 2383 // To activate the CT/EV policy enforcement non-null CTVerifier and
2377 // CTPolicyEnforcer are needed. 2384 // CTPolicyEnforcer are needed.
2378 MockCTVerifier ct_verifier; 2385 MockCTVerifier ct_verifier;
2379 SetCTVerifier(&ct_verifier); 2386 SetCTVerifier(&ct_verifier);
2380 EXPECT_CALL(ct_verifier, Verify(_, "", "", _, _)).WillRepeatedly(Return(OK)); 2387 EXPECT_CALL(ct_verifier, Verify(_, "", "", _, _)).WillRepeatedly(Return(OK));
2381 2388
2382 // Emulate non-compliance of the certificate to the policy. 2389 // Emulate non-compliance of the certificate to the policy.
2383 MockCTPolicyEnforcer policy_enforcer; 2390 MockCTPolicyEnforcer policy_enforcer;
2384 SetCTPolicyEnforcer(&policy_enforcer); 2391 SetCTPolicyEnforcer(&policy_enforcer);
2392 EXPECT_CALL(policy_enforcer, DoesConformToCertPolicy(_, _, _))
2393 .WillRepeatedly(
2394 Return(ct::CertPolicyCompliance::CERT_POLICY_NOT_ENOUGH_SCTS));
2385 EXPECT_CALL(policy_enforcer, DoesConformToCTEVPolicy(_, _, _, _)) 2395 EXPECT_CALL(policy_enforcer, DoesConformToCTEVPolicy(_, _, _, _))
2386 .WillRepeatedly( 2396 .WillRepeatedly(
2387 Return(ct::EVPolicyCompliance::EV_POLICY_NOT_ENOUGH_SCTS)); 2397 Return(ct::EVPolicyCompliance::EV_POLICY_NOT_ENOUGH_SCTS));
2388 2398
2389 int rv; 2399 int rv;
2390 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); 2400 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
2391 EXPECT_EQ(OK, rv); 2401 EXPECT_EQ(OK, rv);
2392 2402
2393 SSLInfo result; 2403 SSLInfo result;
2394 ASSERT_TRUE(sock_->GetSSLInfo(&result)); 2404 ASSERT_TRUE(sock_->GetSSLInfo(&result));
(...skipping 963 matching lines...) Expand 10 before | Expand all | Expand 10 after
3358 SSLInfo ssl_info; 3368 SSLInfo ssl_info;
3359 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info)); 3369 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3360 EXPECT_TRUE(ssl_info.client_cert_sent); 3370 EXPECT_TRUE(ssl_info.client_cert_sent);
3361 3371
3362 sock_->Disconnect(); 3372 sock_->Disconnect();
3363 EXPECT_FALSE(sock_->IsConnected()); 3373 EXPECT_FALSE(sock_->IsConnected());
3364 } 3374 }
3365 #endif // defined(USE_OPENSSL) 3375 #endif // defined(USE_OPENSSL)
3366 3376
3367 } // namespace net 3377 } // namespace net
OLDNEW
« no previous file with comments | « net/socket/ssl_client_socket_openssl.cc ('k') | net/ssl/ssl_info.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698