| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/socket/ssl_client_socket.h" | 5 #include "net/socket/ssl_client_socket.h" |
| 6 | 6 |
| 7 #include <utility> | 7 #include <utility> |
| 8 | 8 |
| 9 #include "base/callback_helpers.h" | 9 #include "base/callback_helpers.h" |
| 10 #include "base/location.h" | 10 #include "base/location.h" |
| 11 #include "base/macros.h" | 11 #include "base/macros.h" |
| 12 #include "base/memory/ref_counted.h" | 12 #include "base/memory/ref_counted.h" |
| 13 #include "base/run_loop.h" | 13 #include "base/run_loop.h" |
| 14 #include "base/single_thread_task_runner.h" | 14 #include "base/single_thread_task_runner.h" |
| 15 #include "base/thread_task_runner_handle.h" | 15 #include "base/thread_task_runner_handle.h" |
| 16 #include "base/time/time.h" | 16 #include "base/time/time.h" |
| 17 #include "net/base/address_list.h" | 17 #include "net/base/address_list.h" |
| 18 #include "net/base/io_buffer.h" | 18 #include "net/base/io_buffer.h" |
| 19 #include "net/base/net_errors.h" | 19 #include "net/base/net_errors.h" |
| 20 #include "net/base/test_completion_callback.h" | 20 #include "net/base/test_completion_callback.h" |
| 21 #include "net/base/test_data_directory.h" | 21 #include "net/base/test_data_directory.h" |
| 22 #include "net/cert/asn1_util.h" | 22 #include "net/cert/asn1_util.h" |
| 23 #include "net/cert/ct_policy_enforcer.h" | 23 #include "net/cert/ct_policy_enforcer.h" |
| 24 #include "net/cert/ct_policy_status.h" |
| 24 #include "net/cert/ct_verifier.h" | 25 #include "net/cert/ct_verifier.h" |
| 25 #include "net/cert/mock_cert_verifier.h" | 26 #include "net/cert/mock_cert_verifier.h" |
| 26 #include "net/cert/test_root_certs.h" | 27 #include "net/cert/test_root_certs.h" |
| 27 #include "net/der/input.h" | 28 #include "net/der/input.h" |
| 28 #include "net/der/parser.h" | 29 #include "net/der/parser.h" |
| 29 #include "net/der/tag.h" | 30 #include "net/der/tag.h" |
| 30 #include "net/dns/host_resolver.h" | 31 #include "net/dns/host_resolver.h" |
| 31 #include "net/http/transport_security_state.h" | 32 #include "net/http/transport_security_state.h" |
| 32 #include "net/log/net_log.h" | 33 #include "net/log/net_log.h" |
| 33 #include "net/log/test_net_log.h" | 34 #include "net/log/test_net_log.h" |
| (...skipping 644 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 678 const std::string&, | 679 const std::string&, |
| 679 ct::CTVerifyResult*, | 680 ct::CTVerifyResult*, |
| 680 const BoundNetLog&)); | 681 const BoundNetLog&)); |
| 681 MOCK_METHOD1(SetObserver, void(CTVerifier::Observer*)); | 682 MOCK_METHOD1(SetObserver, void(CTVerifier::Observer*)); |
| 682 }; | 683 }; |
| 683 | 684 |
| 684 // A mock CTPolicyEnforcer that returns a custom verification result. | 685 // A mock CTPolicyEnforcer that returns a custom verification result. |
| 685 class MockCTPolicyEnforcer : public CTPolicyEnforcer { | 686 class MockCTPolicyEnforcer : public CTPolicyEnforcer { |
| 686 public: | 687 public: |
| 687 MOCK_METHOD4(DoesConformToCTEVPolicy, | 688 MOCK_METHOD4(DoesConformToCTEVPolicy, |
| 688 bool(X509Certificate* cert, | 689 ct::EVPolicyCompliance(X509Certificate* cert, |
| 689 const ct::EVCertsWhitelist*, | 690 const ct::EVCertsWhitelist*, |
| 690 const ct::CTVerifyResult&, | 691 const ct::SCTList&, |
| 691 const BoundNetLog&)); | 692 const BoundNetLog&)); |
| 692 }; | 693 }; |
| 693 | 694 |
| 694 class SSLClientSocketTest : public PlatformTest { | 695 class SSLClientSocketTest : public PlatformTest { |
| 695 public: | 696 public: |
| 696 SSLClientSocketTest() | 697 SSLClientSocketTest() |
| 697 : socket_factory_(ClientSocketFactory::GetDefaultFactory()), | 698 : socket_factory_(ClientSocketFactory::GetDefaultFactory()), |
| 698 cert_verifier_(new MockCertVerifier), | 699 cert_verifier_(new MockCertVerifier), |
| 699 transport_security_state_(new TransportSecurityState) { | 700 transport_security_state_(new TransportSecurityState) { |
| 700 cert_verifier_->set_default_result(OK); | 701 cert_verifier_->set_default_result(OK); |
| 701 context_.cert_verifier = cert_verifier_.get(); | 702 context_.cert_verifier = cert_verifier_.get(); |
| (...skipping 1626 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2328 // To activate the CT/EV policy enforcement non-null CTVerifier and | 2329 // To activate the CT/EV policy enforcement non-null CTVerifier and |
| 2329 // CTPolicyEnforcer are needed. | 2330 // CTPolicyEnforcer are needed. |
| 2330 MockCTVerifier ct_verifier; | 2331 MockCTVerifier ct_verifier; |
| 2331 SetCTVerifier(&ct_verifier); | 2332 SetCTVerifier(&ct_verifier); |
| 2332 EXPECT_CALL(ct_verifier, Verify(_, "", "", _, _)).WillRepeatedly(Return(OK)); | 2333 EXPECT_CALL(ct_verifier, Verify(_, "", "", _, _)).WillRepeatedly(Return(OK)); |
| 2333 | 2334 |
| 2334 // Emulate compliance of the certificate to the policy. | 2335 // Emulate compliance of the certificate to the policy. |
| 2335 MockCTPolicyEnforcer policy_enforcer; | 2336 MockCTPolicyEnforcer policy_enforcer; |
| 2336 SetCTPolicyEnforcer(&policy_enforcer); | 2337 SetCTPolicyEnforcer(&policy_enforcer); |
| 2337 EXPECT_CALL(policy_enforcer, DoesConformToCTEVPolicy(_, _, _, _)) | 2338 EXPECT_CALL(policy_enforcer, DoesConformToCTEVPolicy(_, _, _, _)) |
| 2338 .WillRepeatedly(Return(true)); | 2339 .WillRepeatedly( |
| 2340 Return(ct::EVPolicyCompliance::EV_POLICY_COMPLIES_VIA_SCTS)); |
| 2339 | 2341 |
| 2340 int rv; | 2342 int rv; |
| 2341 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); | 2343 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); |
| 2342 EXPECT_EQ(OK, rv); | 2344 EXPECT_EQ(OK, rv); |
| 2343 | 2345 |
| 2344 SSLInfo result; | 2346 SSLInfo result; |
| 2345 ASSERT_TRUE(sock_->GetSSLInfo(&result)); | 2347 ASSERT_TRUE(sock_->GetSSLInfo(&result)); |
| 2346 | 2348 |
| 2347 EXPECT_TRUE(result.cert_status & CERT_STATUS_IS_EV); | 2349 EXPECT_TRUE(result.cert_status & CERT_STATUS_IS_EV); |
| 2348 } | 2350 } |
| (...skipping 11 matching lines...) Expand all Loading... |
| 2360 // To activate the CT/EV policy enforcement non-null CTVerifier and | 2362 // To activate the CT/EV policy enforcement non-null CTVerifier and |
| 2361 // CTPolicyEnforcer are needed. | 2363 // CTPolicyEnforcer are needed. |
| 2362 MockCTVerifier ct_verifier; | 2364 MockCTVerifier ct_verifier; |
| 2363 SetCTVerifier(&ct_verifier); | 2365 SetCTVerifier(&ct_verifier); |
| 2364 EXPECT_CALL(ct_verifier, Verify(_, "", "", _, _)).WillRepeatedly(Return(OK)); | 2366 EXPECT_CALL(ct_verifier, Verify(_, "", "", _, _)).WillRepeatedly(Return(OK)); |
| 2365 | 2367 |
| 2366 // Emulate non-compliance of the certificate to the policy. | 2368 // Emulate non-compliance of the certificate to the policy. |
| 2367 MockCTPolicyEnforcer policy_enforcer; | 2369 MockCTPolicyEnforcer policy_enforcer; |
| 2368 SetCTPolicyEnforcer(&policy_enforcer); | 2370 SetCTPolicyEnforcer(&policy_enforcer); |
| 2369 EXPECT_CALL(policy_enforcer, DoesConformToCTEVPolicy(_, _, _, _)) | 2371 EXPECT_CALL(policy_enforcer, DoesConformToCTEVPolicy(_, _, _, _)) |
| 2370 .WillRepeatedly(Return(false)); | 2372 .WillRepeatedly( |
| 2373 Return(ct::EVPolicyCompliance::EV_POLICY_NOT_ENOUGH_SCTS)); |
| 2371 | 2374 |
| 2372 int rv; | 2375 int rv; |
| 2373 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); | 2376 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); |
| 2374 EXPECT_EQ(OK, rv); | 2377 EXPECT_EQ(OK, rv); |
| 2375 | 2378 |
| 2376 SSLInfo result; | 2379 SSLInfo result; |
| 2377 ASSERT_TRUE(sock_->GetSSLInfo(&result)); | 2380 ASSERT_TRUE(sock_->GetSSLInfo(&result)); |
| 2378 | 2381 |
| 2379 EXPECT_FALSE(result.cert_status & CERT_STATUS_IS_EV); | 2382 EXPECT_FALSE(result.cert_status & CERT_STATUS_IS_EV); |
| 2380 EXPECT_TRUE(result.cert_status & CERT_STATUS_CT_COMPLIANCE_FAILED); | 2383 EXPECT_TRUE(result.cert_status & CERT_STATUS_CT_COMPLIANCE_FAILED); |
| (...skipping 853 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3234 int rv; | 3237 int rv; |
| 3235 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv)); | 3238 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv)); |
| 3236 EXPECT_EQ(OK, rv); | 3239 EXPECT_EQ(OK, rv); |
| 3237 | 3240 |
| 3238 std::string proto; | 3241 std::string proto; |
| 3239 EXPECT_EQ(SSLClientSocket::kNextProtoUnsupported, | 3242 EXPECT_EQ(SSLClientSocket::kNextProtoUnsupported, |
| 3240 sock_->GetNextProto(&proto)); | 3243 sock_->GetNextProto(&proto)); |
| 3241 } | 3244 } |
| 3242 | 3245 |
| 3243 } // namespace net | 3246 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1652603002:
Add information to SSLInfo about CT EV policy compliance (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master