| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/quic/crypto/proof_verifier_chromium.h" | 5 #include "net/quic/crypto/proof_verifier_chromium.h" |
| 6 | 6 |
| 7 #include "base/memory/ref_counted.h" | 7 #include "base/memory/ref_counted.h" |
| 8 #include "base/memory/scoped_ptr.h" | 8 #include "base/memory/scoped_ptr.h" |
| 9 #include "net/base/net_errors.h" | 9 #include "net/base/net_errors.h" |
| 10 #include "net/base/test_data_directory.h" | 10 #include "net/base/test_data_directory.h" |
| (...skipping 83 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 94 ~DummyProofVerifierCallback() override {} | 94 ~DummyProofVerifierCallback() override {} |
| 95 | 95 |
| 96 void Run(bool ok, | 96 void Run(bool ok, |
| 97 const std::string& error_details, | 97 const std::string& error_details, |
| 98 scoped_ptr<ProofVerifyDetails>* details) override { | 98 scoped_ptr<ProofVerifyDetails>* details) override { |
| 99 // Do nothing | 99 // Do nothing |
| 100 } | 100 } |
| 101 }; | 101 }; |
| 102 | 102 |
| 103 const char kTestHostname[] = "test.example.com"; | 103 const char kTestHostname[] = "test.example.com"; |
| 104 const uint16_t kTestPort = 8443; |
| 104 const char kTestConfig[] = "server config bytes"; | 105 const char kTestConfig[] = "server config bytes"; |
| 105 const char kLogDescription[] = "somelog"; | 106 const char kLogDescription[] = "somelog"; |
| 106 | 107 |
| 107 } // namespace | 108 } // namespace |
| 108 | 109 |
| 109 class ProofVerifierChromiumTest : public ::testing::Test { | 110 class ProofVerifierChromiumTest : public ::testing::Test { |
| 110 public: | 111 public: |
| 111 ProofVerifierChromiumTest() | 112 ProofVerifierChromiumTest() |
| 112 : verify_context_(new ProofVerifyContextChromium(0 /*cert_verify_flags*/, | 113 : verify_context_(new ProofVerifyContextChromium(0 /*cert_verify_flags*/, |
| 113 BoundNetLog())) {} | 114 BoundNetLog())) {} |
| (...skipping 101 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 215 // Tests that the ProofVerifier fails verification if certificate | 216 // Tests that the ProofVerifier fails verification if certificate |
| 216 // verification fails. | 217 // verification fails. |
| 217 TEST_F(ProofVerifierChromiumTest, FailsIfCertFails) { | 218 TEST_F(ProofVerifierChromiumTest, FailsIfCertFails) { |
| 218 MockCertVerifier dummy_verifier; | 219 MockCertVerifier dummy_verifier; |
| 219 ProofVerifierChromium proof_verifier(&dummy_verifier, nullptr, nullptr, | 220 ProofVerifierChromium proof_verifier(&dummy_verifier, nullptr, nullptr, |
| 220 ct_verifier_.get()); | 221 ct_verifier_.get()); |
| 221 | 222 |
| 222 scoped_ptr<DummyProofVerifierCallback> callback( | 223 scoped_ptr<DummyProofVerifierCallback> callback( |
| 223 new DummyProofVerifierCallback); | 224 new DummyProofVerifierCallback); |
| 224 QuicAsyncStatus status = proof_verifier.VerifyProof( | 225 QuicAsyncStatus status = proof_verifier.VerifyProof( |
| 225 kTestHostname, kTestConfig, certs_, "", GetTestSignature(), | 226 kTestHostname, kTestPort, kTestConfig, certs_, "", GetTestSignature(), |
| 226 verify_context_.get(), &error_details_, &details_, callback.get()); | 227 verify_context_.get(), &error_details_, &details_, callback.get()); |
| 227 ASSERT_EQ(QUIC_FAILURE, status); | 228 ASSERT_EQ(QUIC_FAILURE, status); |
| 228 } | 229 } |
| 229 | 230 |
| 230 // Valid SCT, but invalid signature. | 231 // Valid SCT, but invalid signature. |
| 231 TEST_F(ProofVerifierChromiumTest, ValidSCTList) { | 232 TEST_F(ProofVerifierChromiumTest, ValidSCTList) { |
| 232 // Use different certificates for SCT tests. | 233 // Use different certificates for SCT tests. |
| 233 ASSERT_NO_FATAL_FAILURE(GetSCTTestCertificates(&certs_)); | 234 ASSERT_NO_FATAL_FAILURE(GetSCTTestCertificates(&certs_)); |
| 234 | 235 |
| 235 MockCertVerifier cert_verifier; | 236 MockCertVerifier cert_verifier; |
| 236 ProofVerifierChromium proof_verifier(&cert_verifier, nullptr, nullptr, | 237 ProofVerifierChromium proof_verifier(&cert_verifier, nullptr, nullptr, |
| 237 ct_verifier_.get()); | 238 ct_verifier_.get()); |
| 238 | 239 |
| 239 scoped_ptr<DummyProofVerifierCallback> callback( | 240 scoped_ptr<DummyProofVerifierCallback> callback( |
| 240 new DummyProofVerifierCallback); | 241 new DummyProofVerifierCallback); |
| 241 QuicAsyncStatus status = proof_verifier.VerifyProof( | 242 QuicAsyncStatus status = proof_verifier.VerifyProof( |
| 242 kTestHostname, kTestConfig, certs_, ct::GetSCTListForTesting(), "", | 243 kTestHostname, kTestPort, kTestConfig, certs_, ct::GetSCTListForTesting(), |
| 243 verify_context_.get(), &error_details_, &details_, callback.get()); | 244 "", verify_context_.get(), &error_details_, &details_, callback.get()); |
| 244 ASSERT_EQ(QUIC_FAILURE, status); | 245 ASSERT_EQ(QUIC_FAILURE, status); |
| 245 CheckSCT(/*sct_expected_ok=*/true); | 246 CheckSCT(/*sct_expected_ok=*/true); |
| 246 } | 247 } |
| 247 | 248 |
| 248 // Invalid SCT and signature. | 249 // Invalid SCT and signature. |
| 249 TEST_F(ProofVerifierChromiumTest, InvalidSCTList) { | 250 TEST_F(ProofVerifierChromiumTest, InvalidSCTList) { |
| 250 // Use different certificates for SCT tests. | 251 // Use different certificates for SCT tests. |
| 251 ASSERT_NO_FATAL_FAILURE(GetSCTTestCertificates(&certs_)); | 252 ASSERT_NO_FATAL_FAILURE(GetSCTTestCertificates(&certs_)); |
| 252 | 253 |
| 253 MockCertVerifier cert_verifier; | 254 MockCertVerifier cert_verifier; |
| 254 ProofVerifierChromium proof_verifier(&cert_verifier, nullptr, nullptr, | 255 ProofVerifierChromium proof_verifier(&cert_verifier, nullptr, nullptr, |
| 255 ct_verifier_.get()); | 256 ct_verifier_.get()); |
| 256 | 257 |
| 257 scoped_ptr<DummyProofVerifierCallback> callback( | 258 scoped_ptr<DummyProofVerifierCallback> callback( |
| 258 new DummyProofVerifierCallback); | 259 new DummyProofVerifierCallback); |
| 259 QuicAsyncStatus status = proof_verifier.VerifyProof( | 260 QuicAsyncStatus status = proof_verifier.VerifyProof( |
| 260 kTestHostname, kTestConfig, certs_, ct::GetSCTListWithInvalidSCT(), "", | 261 kTestHostname, kTestPort, kTestConfig, certs_, |
| 261 verify_context_.get(), &error_details_, &details_, callback.get()); | 262 ct::GetSCTListWithInvalidSCT(), "", verify_context_.get(), |
| 263 &error_details_, &details_, callback.get()); |
| 262 ASSERT_EQ(QUIC_FAILURE, status); | 264 ASSERT_EQ(QUIC_FAILURE, status); |
| 263 CheckSCT(/*sct_expected_ok=*/false); | 265 CheckSCT(/*sct_expected_ok=*/false); |
| 264 } | 266 } |
| 265 | 267 |
| 266 // Tests that the ProofVerifier doesn't verify certificates if the config | 268 // Tests that the ProofVerifier doesn't verify certificates if the config |
| 267 // signature fails. | 269 // signature fails. |
| 268 TEST_F(ProofVerifierChromiumTest, FailsIfSignatureFails) { | 270 TEST_F(ProofVerifierChromiumTest, FailsIfSignatureFails) { |
| 269 FailsTestCertVerifier cert_verifier; | 271 FailsTestCertVerifier cert_verifier; |
| 270 ProofVerifierChromium proof_verifier(&cert_verifier, nullptr, nullptr, | 272 ProofVerifierChromium proof_verifier(&cert_verifier, nullptr, nullptr, |
| 271 ct_verifier_.get()); | 273 ct_verifier_.get()); |
| 272 | 274 |
| 273 scoped_ptr<DummyProofVerifierCallback> callback( | 275 scoped_ptr<DummyProofVerifierCallback> callback( |
| 274 new DummyProofVerifierCallback); | 276 new DummyProofVerifierCallback); |
| 275 QuicAsyncStatus status = proof_verifier.VerifyProof( | 277 QuicAsyncStatus status = proof_verifier.VerifyProof( |
| 276 kTestHostname, kTestConfig, certs_, "", kTestConfig, | 278 kTestHostname, kTestPort, kTestConfig, certs_, "", kTestConfig, |
| 277 verify_context_.get(), &error_details_, &details_, callback.get()); | 279 verify_context_.get(), &error_details_, &details_, callback.get()); |
| 278 ASSERT_EQ(QUIC_FAILURE, status); | 280 ASSERT_EQ(QUIC_FAILURE, status); |
| 279 } | 281 } |
| 280 | 282 |
| 281 // Tests that EV certificates are left as EV if there is no certificate | 283 // Tests that EV certificates are left as EV if there is no certificate |
| 282 // policy enforcement. | 284 // policy enforcement. |
| 283 TEST_F(ProofVerifierChromiumTest, PreservesEVIfNoPolicy) { | 285 TEST_F(ProofVerifierChromiumTest, PreservesEVIfNoPolicy) { |
| 284 scoped_refptr<X509Certificate> test_cert = GetTestServerCertificate(); | 286 scoped_refptr<X509Certificate> test_cert = GetTestServerCertificate(); |
| 285 ASSERT_TRUE(test_cert); | 287 ASSERT_TRUE(test_cert); |
| 286 | 288 |
| 287 CertVerifyResult dummy_result; | 289 CertVerifyResult dummy_result; |
| 288 dummy_result.verified_cert = test_cert; | 290 dummy_result.verified_cert = test_cert; |
| 289 dummy_result.cert_status = CERT_STATUS_IS_EV; | 291 dummy_result.cert_status = CERT_STATUS_IS_EV; |
| 290 | 292 |
| 291 MockCertVerifier dummy_verifier; | 293 MockCertVerifier dummy_verifier; |
| 292 dummy_verifier.AddResultForCert(test_cert.get(), dummy_result, OK); | 294 dummy_verifier.AddResultForCert(test_cert.get(), dummy_result, OK); |
| 293 | 295 |
| 294 ProofVerifierChromium proof_verifier(&dummy_verifier, nullptr, nullptr, | 296 ProofVerifierChromium proof_verifier(&dummy_verifier, nullptr, nullptr, |
| 295 ct_verifier_.get()); | 297 ct_verifier_.get()); |
| 296 | 298 |
| 297 scoped_ptr<DummyProofVerifierCallback> callback( | 299 scoped_ptr<DummyProofVerifierCallback> callback( |
| 298 new DummyProofVerifierCallback); | 300 new DummyProofVerifierCallback); |
| 299 QuicAsyncStatus status = proof_verifier.VerifyProof( | 301 QuicAsyncStatus status = proof_verifier.VerifyProof( |
| 300 kTestHostname, kTestConfig, certs_, "", GetTestSignature(), | 302 kTestHostname, kTestPort, kTestConfig, certs_, "", GetTestSignature(), |
| 301 verify_context_.get(), &error_details_, &details_, callback.get()); | 303 verify_context_.get(), &error_details_, &details_, callback.get()); |
| 302 ASSERT_EQ(QUIC_SUCCESS, status); | 304 ASSERT_EQ(QUIC_SUCCESS, status); |
| 303 | 305 |
| 304 ASSERT_TRUE(details_.get()); | 306 ASSERT_TRUE(details_.get()); |
| 305 ProofVerifyDetailsChromium* verify_details = | 307 ProofVerifyDetailsChromium* verify_details = |
| 306 static_cast<ProofVerifyDetailsChromium*>(details_.get()); | 308 static_cast<ProofVerifyDetailsChromium*>(details_.get()); |
| 307 EXPECT_EQ(dummy_result.cert_status, | 309 EXPECT_EQ(dummy_result.cert_status, |
| 308 verify_details->cert_verify_result.cert_status); | 310 verify_details->cert_verify_result.cert_status); |
| 309 } | 311 } |
| 310 | 312 |
| (...skipping 11 matching lines...) Expand all Loading... |
| 322 dummy_verifier.AddResultForCert(test_cert.get(), dummy_result, OK); | 324 dummy_verifier.AddResultForCert(test_cert.get(), dummy_result, OK); |
| 323 | 325 |
| 324 MockCTPolicyEnforcer policy_enforcer(true /*is_ev*/); | 326 MockCTPolicyEnforcer policy_enforcer(true /*is_ev*/); |
| 325 | 327 |
| 326 ProofVerifierChromium proof_verifier(&dummy_verifier, &policy_enforcer, | 328 ProofVerifierChromium proof_verifier(&dummy_verifier, &policy_enforcer, |
| 327 nullptr, ct_verifier_.get()); | 329 nullptr, ct_verifier_.get()); |
| 328 | 330 |
| 329 scoped_ptr<DummyProofVerifierCallback> callback( | 331 scoped_ptr<DummyProofVerifierCallback> callback( |
| 330 new DummyProofVerifierCallback); | 332 new DummyProofVerifierCallback); |
| 331 QuicAsyncStatus status = proof_verifier.VerifyProof( | 333 QuicAsyncStatus status = proof_verifier.VerifyProof( |
| 332 kTestHostname, kTestConfig, certs_, "", GetTestSignature(), | 334 kTestHostname, kTestPort, kTestConfig, certs_, "", GetTestSignature(), |
| 333 verify_context_.get(), &error_details_, &details_, callback.get()); | 335 verify_context_.get(), &error_details_, &details_, callback.get()); |
| 334 ASSERT_EQ(QUIC_SUCCESS, status); | 336 ASSERT_EQ(QUIC_SUCCESS, status); |
| 335 | 337 |
| 336 ASSERT_TRUE(details_.get()); | 338 ASSERT_TRUE(details_.get()); |
| 337 ProofVerifyDetailsChromium* verify_details = | 339 ProofVerifyDetailsChromium* verify_details = |
| 338 static_cast<ProofVerifyDetailsChromium*>(details_.get()); | 340 static_cast<ProofVerifyDetailsChromium*>(details_.get()); |
| 339 EXPECT_EQ(dummy_result.cert_status, | 341 EXPECT_EQ(dummy_result.cert_status, |
| 340 verify_details->cert_verify_result.cert_status); | 342 verify_details->cert_verify_result.cert_status); |
| 341 } | 343 } |
| 342 | 344 |
| (...skipping 11 matching lines...) Expand all Loading... |
| 354 dummy_verifier.AddResultForCert(test_cert.get(), dummy_result, OK); | 356 dummy_verifier.AddResultForCert(test_cert.get(), dummy_result, OK); |
| 355 | 357 |
| 356 MockCTPolicyEnforcer policy_enforcer(false /*is_ev*/); | 358 MockCTPolicyEnforcer policy_enforcer(false /*is_ev*/); |
| 357 | 359 |
| 358 ProofVerifierChromium proof_verifier(&dummy_verifier, &policy_enforcer, | 360 ProofVerifierChromium proof_verifier(&dummy_verifier, &policy_enforcer, |
| 359 nullptr, ct_verifier_.get()); | 361 nullptr, ct_verifier_.get()); |
| 360 | 362 |
| 361 scoped_ptr<DummyProofVerifierCallback> callback( | 363 scoped_ptr<DummyProofVerifierCallback> callback( |
| 362 new DummyProofVerifierCallback); | 364 new DummyProofVerifierCallback); |
| 363 QuicAsyncStatus status = proof_verifier.VerifyProof( | 365 QuicAsyncStatus status = proof_verifier.VerifyProof( |
| 364 kTestHostname, kTestConfig, certs_, "", GetTestSignature(), | 366 kTestHostname, kTestPort, kTestConfig, certs_, "", GetTestSignature(), |
| 365 verify_context_.get(), &error_details_, &details_, callback.get()); | 367 verify_context_.get(), &error_details_, &details_, callback.get()); |
| 366 ASSERT_EQ(QUIC_SUCCESS, status); | 368 ASSERT_EQ(QUIC_SUCCESS, status); |
| 367 | 369 |
| 368 ASSERT_TRUE(details_.get()); | 370 ASSERT_TRUE(details_.get()); |
| 369 ProofVerifyDetailsChromium* verify_details = | 371 ProofVerifyDetailsChromium* verify_details = |
| 370 static_cast<ProofVerifyDetailsChromium*>(details_.get()); | 372 static_cast<ProofVerifyDetailsChromium*>(details_.get()); |
| 371 EXPECT_EQ(CERT_STATUS_CT_COMPLIANCE_FAILED, | 373 EXPECT_EQ(CERT_STATUS_CT_COMPLIANCE_FAILED, |
| 372 verify_details->cert_verify_result.cert_status & | 374 verify_details->cert_verify_result.cert_status & |
| 373 (CERT_STATUS_CT_COMPLIANCE_FAILED | CERT_STATUS_IS_EV)); | 375 (CERT_STATUS_CT_COMPLIANCE_FAILED | CERT_STATUS_IS_EV)); |
| 374 } | 376 } |
| (...skipping 12 matching lines...) Expand all Loading... |
| 387 dummy_verifier.AddResultForCert(test_cert.get(), dummy_result, OK); | 389 dummy_verifier.AddResultForCert(test_cert.get(), dummy_result, OK); |
| 388 | 390 |
| 389 FailsTestCTPolicyEnforcer policy_enforcer; | 391 FailsTestCTPolicyEnforcer policy_enforcer; |
| 390 | 392 |
| 391 ProofVerifierChromium proof_verifier(&dummy_verifier, &policy_enforcer, | 393 ProofVerifierChromium proof_verifier(&dummy_verifier, &policy_enforcer, |
| 392 nullptr, ct_verifier_.get()); | 394 nullptr, ct_verifier_.get()); |
| 393 | 395 |
| 394 scoped_ptr<DummyProofVerifierCallback> callback( | 396 scoped_ptr<DummyProofVerifierCallback> callback( |
| 395 new DummyProofVerifierCallback); | 397 new DummyProofVerifierCallback); |
| 396 QuicAsyncStatus status = proof_verifier.VerifyProof( | 398 QuicAsyncStatus status = proof_verifier.VerifyProof( |
| 397 kTestHostname, kTestConfig, certs_, "", GetTestSignature(), | 399 kTestHostname, kTestPort, kTestConfig, certs_, "", GetTestSignature(), |
| 398 verify_context_.get(), &error_details_, &details_, callback.get()); | 400 verify_context_.get(), &error_details_, &details_, callback.get()); |
| 399 ASSERT_EQ(QUIC_SUCCESS, status); | 401 ASSERT_EQ(QUIC_SUCCESS, status); |
| 400 | 402 |
| 401 ASSERT_TRUE(details_.get()); | 403 ASSERT_TRUE(details_.get()); |
| 402 ProofVerifyDetailsChromium* verify_details = | 404 ProofVerifyDetailsChromium* verify_details = |
| 403 static_cast<ProofVerifyDetailsChromium*>(details_.get()); | 405 static_cast<ProofVerifyDetailsChromium*>(details_.get()); |
| 404 EXPECT_EQ(0u, verify_details->cert_verify_result.cert_status); | 406 EXPECT_EQ(0u, verify_details->cert_verify_result.cert_status); |
| 405 } | 407 } |
| 406 | 408 |
| 407 } // namespace test | 409 } // namespace test |
| 408 } // namespace net | 410 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1780983002:
Provide valid port on HPKP reports for QUIC connections (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master