OLD | NEW |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/quic/crypto/proof_verifier_chromium.h" | 5 #include "net/quic/crypto/proof_verifier_chromium.h" |
6 | 6 |
7 #include "base/memory/ref_counted.h" | 7 #include "base/memory/ref_counted.h" |
8 #include "base/memory/scoped_ptr.h" | 8 #include "base/memory/scoped_ptr.h" |
9 #include "net/base/net_errors.h" | 9 #include "net/base/net_errors.h" |
10 #include "net/base/test_data_directory.h" | 10 #include "net/base/test_data_directory.h" |
(...skipping 204 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
215 // Tests that the ProofVerifier fails verification if certificate | 215 // Tests that the ProofVerifier fails verification if certificate |
216 // verification fails. | 216 // verification fails. |
217 TEST_F(ProofVerifierChromiumTest, FailsIfCertFails) { | 217 TEST_F(ProofVerifierChromiumTest, FailsIfCertFails) { |
218 MockCertVerifier dummy_verifier; | 218 MockCertVerifier dummy_verifier; |
219 ProofVerifierChromium proof_verifier(&dummy_verifier, nullptr, nullptr, | 219 ProofVerifierChromium proof_verifier(&dummy_verifier, nullptr, nullptr, |
220 ct_verifier_.get()); | 220 ct_verifier_.get()); |
221 | 221 |
222 scoped_ptr<DummyProofVerifierCallback> callback( | 222 scoped_ptr<DummyProofVerifierCallback> callback( |
223 new DummyProofVerifierCallback); | 223 new DummyProofVerifierCallback); |
224 QuicAsyncStatus status = proof_verifier.VerifyProof( | 224 QuicAsyncStatus status = proof_verifier.VerifyProof( |
225 kTestHostname, kTestConfig, certs_, "", GetTestSignature(), | 225 kTestHostname, kTestConfig, QUIC_VERSION_25, "", certs_, "", |
226 verify_context_.get(), &error_details_, &details_, callback.get()); | 226 GetTestSignature(), verify_context_.get(), &error_details_, &details_, |
| 227 callback.get()); |
227 ASSERT_EQ(QUIC_FAILURE, status); | 228 ASSERT_EQ(QUIC_FAILURE, status); |
228 } | 229 } |
229 | 230 |
230 // Valid SCT, but invalid signature. | 231 // Valid SCT, but invalid signature. |
231 TEST_F(ProofVerifierChromiumTest, ValidSCTList) { | 232 TEST_F(ProofVerifierChromiumTest, ValidSCTList) { |
232 // Use different certificates for SCT tests. | 233 // Use different certificates for SCT tests. |
233 ASSERT_NO_FATAL_FAILURE(GetSCTTestCertificates(&certs_)); | 234 ASSERT_NO_FATAL_FAILURE(GetSCTTestCertificates(&certs_)); |
234 | 235 |
235 MockCertVerifier cert_verifier; | 236 MockCertVerifier cert_verifier; |
236 ProofVerifierChromium proof_verifier(&cert_verifier, nullptr, nullptr, | 237 ProofVerifierChromium proof_verifier(&cert_verifier, nullptr, nullptr, |
237 ct_verifier_.get()); | 238 ct_verifier_.get()); |
238 | 239 |
239 scoped_ptr<DummyProofVerifierCallback> callback( | 240 scoped_ptr<DummyProofVerifierCallback> callback( |
240 new DummyProofVerifierCallback); | 241 new DummyProofVerifierCallback); |
241 QuicAsyncStatus status = proof_verifier.VerifyProof( | 242 QuicAsyncStatus status = proof_verifier.VerifyProof( |
242 kTestHostname, kTestConfig, certs_, ct::GetSCTListForTesting(), "", | 243 kTestHostname, kTestConfig, QUIC_VERSION_25, "", certs_, |
243 verify_context_.get(), &error_details_, &details_, callback.get()); | 244 ct::GetSCTListForTesting(), "", verify_context_.get(), &error_details_, |
| 245 &details_, callback.get()); |
244 ASSERT_EQ(QUIC_FAILURE, status); | 246 ASSERT_EQ(QUIC_FAILURE, status); |
245 CheckSCT(/*sct_expected_ok=*/true); | 247 CheckSCT(/*sct_expected_ok=*/true); |
246 } | 248 } |
247 | 249 |
248 // Invalid SCT and signature. | 250 // Invalid SCT and signature. |
249 TEST_F(ProofVerifierChromiumTest, InvalidSCTList) { | 251 TEST_F(ProofVerifierChromiumTest, InvalidSCTList) { |
250 // Use different certificates for SCT tests. | 252 // Use different certificates for SCT tests. |
251 ASSERT_NO_FATAL_FAILURE(GetSCTTestCertificates(&certs_)); | 253 ASSERT_NO_FATAL_FAILURE(GetSCTTestCertificates(&certs_)); |
252 | 254 |
253 MockCertVerifier cert_verifier; | 255 MockCertVerifier cert_verifier; |
254 ProofVerifierChromium proof_verifier(&cert_verifier, nullptr, nullptr, | 256 ProofVerifierChromium proof_verifier(&cert_verifier, nullptr, nullptr, |
255 ct_verifier_.get()); | 257 ct_verifier_.get()); |
256 | 258 |
257 scoped_ptr<DummyProofVerifierCallback> callback( | 259 scoped_ptr<DummyProofVerifierCallback> callback( |
258 new DummyProofVerifierCallback); | 260 new DummyProofVerifierCallback); |
259 QuicAsyncStatus status = proof_verifier.VerifyProof( | 261 QuicAsyncStatus status = proof_verifier.VerifyProof( |
260 kTestHostname, kTestConfig, certs_, ct::GetSCTListWithInvalidSCT(), "", | 262 kTestHostname, kTestConfig, QUIC_VERSION_25, "", certs_, |
261 verify_context_.get(), &error_details_, &details_, callback.get()); | 263 ct::GetSCTListWithInvalidSCT(), "", verify_context_.get(), |
| 264 &error_details_, &details_, callback.get()); |
262 ASSERT_EQ(QUIC_FAILURE, status); | 265 ASSERT_EQ(QUIC_FAILURE, status); |
263 CheckSCT(/*sct_expected_ok=*/false); | 266 CheckSCT(/*sct_expected_ok=*/false); |
264 } | 267 } |
265 | 268 |
266 // Tests that the ProofVerifier doesn't verify certificates if the config | 269 // Tests that the ProofVerifier doesn't verify certificates if the config |
267 // signature fails. | 270 // signature fails. |
268 TEST_F(ProofVerifierChromiumTest, FailsIfSignatureFails) { | 271 TEST_F(ProofVerifierChromiumTest, FailsIfSignatureFails) { |
269 FailsTestCertVerifier cert_verifier; | 272 FailsTestCertVerifier cert_verifier; |
270 ProofVerifierChromium proof_verifier(&cert_verifier, nullptr, nullptr, | 273 ProofVerifierChromium proof_verifier(&cert_verifier, nullptr, nullptr, |
271 ct_verifier_.get()); | 274 ct_verifier_.get()); |
272 | 275 |
273 scoped_ptr<DummyProofVerifierCallback> callback( | 276 scoped_ptr<DummyProofVerifierCallback> callback( |
274 new DummyProofVerifierCallback); | 277 new DummyProofVerifierCallback); |
275 QuicAsyncStatus status = proof_verifier.VerifyProof( | 278 QuicAsyncStatus status = proof_verifier.VerifyProof( |
276 kTestHostname, kTestConfig, certs_, "", kTestConfig, | 279 kTestHostname, kTestConfig, QUIC_VERSION_25, "", certs_, "", kTestConfig, |
277 verify_context_.get(), &error_details_, &details_, callback.get()); | 280 verify_context_.get(), &error_details_, &details_, callback.get()); |
278 ASSERT_EQ(QUIC_FAILURE, status); | 281 ASSERT_EQ(QUIC_FAILURE, status); |
279 } | 282 } |
280 | 283 |
281 // Tests that EV certificates are left as EV if there is no certificate | 284 // Tests that EV certificates are left as EV if there is no certificate |
282 // policy enforcement. | 285 // policy enforcement. |
283 TEST_F(ProofVerifierChromiumTest, PreservesEVIfNoPolicy) { | 286 TEST_F(ProofVerifierChromiumTest, PreservesEVIfNoPolicy) { |
284 scoped_refptr<X509Certificate> test_cert = GetTestServerCertificate(); | 287 scoped_refptr<X509Certificate> test_cert = GetTestServerCertificate(); |
285 ASSERT_TRUE(test_cert); | 288 ASSERT_TRUE(test_cert); |
286 | 289 |
287 CertVerifyResult dummy_result; | 290 CertVerifyResult dummy_result; |
288 dummy_result.verified_cert = test_cert; | 291 dummy_result.verified_cert = test_cert; |
289 dummy_result.cert_status = CERT_STATUS_IS_EV; | 292 dummy_result.cert_status = CERT_STATUS_IS_EV; |
290 | 293 |
291 MockCertVerifier dummy_verifier; | 294 MockCertVerifier dummy_verifier; |
292 dummy_verifier.AddResultForCert(test_cert.get(), dummy_result, OK); | 295 dummy_verifier.AddResultForCert(test_cert.get(), dummy_result, OK); |
293 | 296 |
294 ProofVerifierChromium proof_verifier(&dummy_verifier, nullptr, nullptr, | 297 ProofVerifierChromium proof_verifier(&dummy_verifier, nullptr, nullptr, |
295 ct_verifier_.get()); | 298 ct_verifier_.get()); |
296 | 299 |
297 scoped_ptr<DummyProofVerifierCallback> callback( | 300 scoped_ptr<DummyProofVerifierCallback> callback( |
298 new DummyProofVerifierCallback); | 301 new DummyProofVerifierCallback); |
299 QuicAsyncStatus status = proof_verifier.VerifyProof( | 302 QuicAsyncStatus status = proof_verifier.VerifyProof( |
300 kTestHostname, kTestConfig, certs_, "", GetTestSignature(), | 303 kTestHostname, kTestConfig, QUIC_VERSION_25, "", certs_, "", |
301 verify_context_.get(), &error_details_, &details_, callback.get()); | 304 GetTestSignature(), verify_context_.get(), &error_details_, &details_, |
| 305 callback.get()); |
302 ASSERT_EQ(QUIC_SUCCESS, status); | 306 ASSERT_EQ(QUIC_SUCCESS, status); |
303 | 307 |
304 ASSERT_TRUE(details_.get()); | 308 ASSERT_TRUE(details_.get()); |
305 ProofVerifyDetailsChromium* verify_details = | 309 ProofVerifyDetailsChromium* verify_details = |
306 static_cast<ProofVerifyDetailsChromium*>(details_.get()); | 310 static_cast<ProofVerifyDetailsChromium*>(details_.get()); |
307 EXPECT_EQ(dummy_result.cert_status, | 311 EXPECT_EQ(dummy_result.cert_status, |
308 verify_details->cert_verify_result.cert_status); | 312 verify_details->cert_verify_result.cert_status); |
309 } | 313 } |
310 | 314 |
311 // Tests that the certificate policy enforcer is consulted for EV | 315 // Tests that the certificate policy enforcer is consulted for EV |
(...skipping 10 matching lines...) Expand all Loading... |
322 dummy_verifier.AddResultForCert(test_cert.get(), dummy_result, OK); | 326 dummy_verifier.AddResultForCert(test_cert.get(), dummy_result, OK); |
323 | 327 |
324 MockCTPolicyEnforcer policy_enforcer(true /*is_ev*/); | 328 MockCTPolicyEnforcer policy_enforcer(true /*is_ev*/); |
325 | 329 |
326 ProofVerifierChromium proof_verifier(&dummy_verifier, &policy_enforcer, | 330 ProofVerifierChromium proof_verifier(&dummy_verifier, &policy_enforcer, |
327 nullptr, ct_verifier_.get()); | 331 nullptr, ct_verifier_.get()); |
328 | 332 |
329 scoped_ptr<DummyProofVerifierCallback> callback( | 333 scoped_ptr<DummyProofVerifierCallback> callback( |
330 new DummyProofVerifierCallback); | 334 new DummyProofVerifierCallback); |
331 QuicAsyncStatus status = proof_verifier.VerifyProof( | 335 QuicAsyncStatus status = proof_verifier.VerifyProof( |
332 kTestHostname, kTestConfig, certs_, "", GetTestSignature(), | 336 kTestHostname, kTestConfig, QUIC_VERSION_25, "", certs_, "", |
333 verify_context_.get(), &error_details_, &details_, callback.get()); | 337 GetTestSignature(), verify_context_.get(), &error_details_, &details_, |
| 338 callback.get()); |
334 ASSERT_EQ(QUIC_SUCCESS, status); | 339 ASSERT_EQ(QUIC_SUCCESS, status); |
335 | 340 |
336 ASSERT_TRUE(details_.get()); | 341 ASSERT_TRUE(details_.get()); |
337 ProofVerifyDetailsChromium* verify_details = | 342 ProofVerifyDetailsChromium* verify_details = |
338 static_cast<ProofVerifyDetailsChromium*>(details_.get()); | 343 static_cast<ProofVerifyDetailsChromium*>(details_.get()); |
339 EXPECT_EQ(dummy_result.cert_status, | 344 EXPECT_EQ(dummy_result.cert_status, |
340 verify_details->cert_verify_result.cert_status); | 345 verify_details->cert_verify_result.cert_status); |
341 } | 346 } |
342 | 347 |
343 // Tests that the certificate policy enforcer is consulted for EV | 348 // Tests that the certificate policy enforcer is consulted for EV |
(...skipping 10 matching lines...) Expand all Loading... |
354 dummy_verifier.AddResultForCert(test_cert.get(), dummy_result, OK); | 359 dummy_verifier.AddResultForCert(test_cert.get(), dummy_result, OK); |
355 | 360 |
356 MockCTPolicyEnforcer policy_enforcer(false /*is_ev*/); | 361 MockCTPolicyEnforcer policy_enforcer(false /*is_ev*/); |
357 | 362 |
358 ProofVerifierChromium proof_verifier(&dummy_verifier, &policy_enforcer, | 363 ProofVerifierChromium proof_verifier(&dummy_verifier, &policy_enforcer, |
359 nullptr, ct_verifier_.get()); | 364 nullptr, ct_verifier_.get()); |
360 | 365 |
361 scoped_ptr<DummyProofVerifierCallback> callback( | 366 scoped_ptr<DummyProofVerifierCallback> callback( |
362 new DummyProofVerifierCallback); | 367 new DummyProofVerifierCallback); |
363 QuicAsyncStatus status = proof_verifier.VerifyProof( | 368 QuicAsyncStatus status = proof_verifier.VerifyProof( |
364 kTestHostname, kTestConfig, certs_, "", GetTestSignature(), | 369 kTestHostname, kTestConfig, QUIC_VERSION_25, "", certs_, "", |
365 verify_context_.get(), &error_details_, &details_, callback.get()); | 370 GetTestSignature(), verify_context_.get(), &error_details_, &details_, |
| 371 callback.get()); |
366 ASSERT_EQ(QUIC_SUCCESS, status); | 372 ASSERT_EQ(QUIC_SUCCESS, status); |
367 | 373 |
368 ASSERT_TRUE(details_.get()); | 374 ASSERT_TRUE(details_.get()); |
369 ProofVerifyDetailsChromium* verify_details = | 375 ProofVerifyDetailsChromium* verify_details = |
370 static_cast<ProofVerifyDetailsChromium*>(details_.get()); | 376 static_cast<ProofVerifyDetailsChromium*>(details_.get()); |
371 EXPECT_EQ(CERT_STATUS_CT_COMPLIANCE_FAILED, | 377 EXPECT_EQ(CERT_STATUS_CT_COMPLIANCE_FAILED, |
372 verify_details->cert_verify_result.cert_status & | 378 verify_details->cert_verify_result.cert_status & |
373 (CERT_STATUS_CT_COMPLIANCE_FAILED | CERT_STATUS_IS_EV)); | 379 (CERT_STATUS_CT_COMPLIANCE_FAILED | CERT_STATUS_IS_EV)); |
374 } | 380 } |
375 | 381 |
(...skipping 11 matching lines...) Expand all Loading... |
387 dummy_verifier.AddResultForCert(test_cert.get(), dummy_result, OK); | 393 dummy_verifier.AddResultForCert(test_cert.get(), dummy_result, OK); |
388 | 394 |
389 FailsTestCTPolicyEnforcer policy_enforcer; | 395 FailsTestCTPolicyEnforcer policy_enforcer; |
390 | 396 |
391 ProofVerifierChromium proof_verifier(&dummy_verifier, &policy_enforcer, | 397 ProofVerifierChromium proof_verifier(&dummy_verifier, &policy_enforcer, |
392 nullptr, ct_verifier_.get()); | 398 nullptr, ct_verifier_.get()); |
393 | 399 |
394 scoped_ptr<DummyProofVerifierCallback> callback( | 400 scoped_ptr<DummyProofVerifierCallback> callback( |
395 new DummyProofVerifierCallback); | 401 new DummyProofVerifierCallback); |
396 QuicAsyncStatus status = proof_verifier.VerifyProof( | 402 QuicAsyncStatus status = proof_verifier.VerifyProof( |
397 kTestHostname, kTestConfig, certs_, "", GetTestSignature(), | 403 kTestHostname, kTestConfig, QUIC_VERSION_25, "", certs_, "", |
398 verify_context_.get(), &error_details_, &details_, callback.get()); | 404 GetTestSignature(), verify_context_.get(), &error_details_, &details_, |
| 405 callback.get()); |
399 ASSERT_EQ(QUIC_SUCCESS, status); | 406 ASSERT_EQ(QUIC_SUCCESS, status); |
400 | 407 |
401 ASSERT_TRUE(details_.get()); | 408 ASSERT_TRUE(details_.get()); |
402 ProofVerifyDetailsChromium* verify_details = | 409 ProofVerifyDetailsChromium* verify_details = |
403 static_cast<ProofVerifyDetailsChromium*>(details_.get()); | 410 static_cast<ProofVerifyDetailsChromium*>(details_.get()); |
404 EXPECT_EQ(0u, verify_details->cert_verify_result.cert_status); | 411 EXPECT_EQ(0u, verify_details->cert_verify_result.cert_status); |
405 } | 412 } |
406 | 413 |
407 } // namespace test | 414 } // namespace test |
408 } // namespace net | 415 } // namespace net |
OLD | NEW |