Provide valid port on HPKP reports for QUIC connections

net/quic/crypto/proof_test.cc

 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "base/files/file_path.h"
 #include "net/base/ip_endpoint.h"
 #include "net/base/net_errors.h"
 #include "net/base/test_completion_callback.h"
 #include "net/base/test_data_directory.h"
 #include "net/cert/cert_status_flags.h"
@@ skipping 38 matching lines @@
  private:
   TestCompletionCallback* const comp_callback_;
   bool* const ok_;
   string* const error_details_;
 };
 
 // RunVerification runs |verifier->VerifyProof| and asserts that the result
 // matches |expected_ok|.
 void RunVerification(ProofVerifier* verifier,
                      const string& hostname,
+                     const uint16_t port,
                      const string& server_config,
                      QuicVersion quic_version,
                      StringPiece chlo_hash,
                      const vector<string>& certs,
                      const string& proof,
                      bool expected_ok) {
   scoped_ptr<ProofVerifyDetails> details;
   TestCompletionCallback comp_callback;
   bool ok;
   string error_details;
   scoped_ptr<ProofVerifyContext> verify_context(
       CryptoTestUtils::ProofVerifyContextForTesting());
   TestProofVerifierCallback* callback =
       new TestProofVerifierCallback(&comp_callback, &ok, &error_details);
 
   QuicAsyncStatus status = verifier->VerifyProof(
-      hostname, server_config, quic_version, chlo_hash, certs, "", proof,
+      hostname, port, server_config, quic_version, chlo_hash, certs, "", proof,
       verify_context.get(), &error_details, &details, callback);
 
   switch (status) {
     case QUIC_FAILURE:
       delete callback;
       ASSERT_FALSE(expected_ok);
       ASSERT_NE("", error_details);
       return;
     case QUIC_SUCCESS:
       delete callback;
@@ skipping 29 matching lines @@
                         ::testing::ValuesIn(QuicSupportedVersions()));
 
 // TODO(rtenneti): Enable testing of ProofVerifier. See http://crbug.com/514468.
 TEST_P(ProofTest, DISABLED_Verify) {
   scoped_ptr<ProofSource> source(CryptoTestUtils::ProofSourceForTesting());
   scoped_ptr<ProofVerifier> verifier(
       CryptoTestUtils::ProofVerifierForTesting());
 
   const string server_config = "server config bytes";
   const string hostname = "test.example.com";
+  const uint16_t port = 8443;
   const string first_chlo_hash = "first chlo hash bytes";
   const string second_chlo_hash = "first chlo hash bytes";
   const QuicVersion quic_version = GetParam();
+
   scoped_refptr<ProofSource::Chain> chain;
   scoped_refptr<ProofSource::Chain> first_chain;
   string error_details, signature, first_signature, first_cert_sct, cert_sct;
   IPAddress server_ip;
 
   ASSERT_TRUE(source->GetProof(
       server_ip, hostname, server_config, quic_version, first_chlo_hash,
       false /* no ECDSA */, &first_chain, &first_signature, &first_cert_sct));
   ASSERT_TRUE(source->GetProof(server_ip, hostname, server_config, quic_version,
                                second_chlo_hash, false /* no ECDSA */, &chain,
                                &signature, &cert_sct));
 
   // Check that the proof source is caching correctly:
   ASSERT_EQ(first_chain->certs, chain->certs);
   if (GetParam() < QUIC_VERSION_31) {
     ASSERT_EQ(signature, first_signature);
   } else {
     // QUIC 31 includes the CHLO hash.
     ASSERT_NE(signature, first_signature);
   }
   ASSERT_EQ(first_cert_sct, cert_sct);
 
-  RunVerification(verifier.get(), hostname, server_config, quic_version,
+  RunVerification(verifier.get(), hostname, port, server_config, quic_version,
                   first_chlo_hash, chain->certs, signature, true);
 
-  RunVerification(verifier.get(), "foo.com", server_config, quic_version,
+  RunVerification(verifier.get(), "foo.com", port, server_config, quic_version,
                   first_chlo_hash, chain->certs, signature, false);
 
-  RunVerification(verifier.get(), server_config.substr(1, string::npos),
+  RunVerification(verifier.get(), server_config.substr(1, string::npos), port,
                   server_config, quic_version, first_chlo_hash, chain->certs,
                   signature, false);
 
   const string corrupt_signature = "1" + signature;
-  RunVerification(verifier.get(), hostname, server_config, quic_version,
+  RunVerification(verifier.get(), hostname, port, server_config, quic_version,
                   first_chlo_hash, chain->certs, corrupt_signature, false);
 
   vector<string> wrong_certs;
   for (size_t i = 1; i < chain->certs.size(); i++) {
     wrong_certs.push_back(chain->certs[i]);
   }
-  RunVerification(verifier.get(), "foo.com", server_config, quic_version,
+
+  RunVerification(verifier.get(), "foo.com", port, server_config, quic_version,
                   first_chlo_hash, wrong_certs, corrupt_signature, false);
 }
 
 TEST_P(ProofTest, UseAfterFree) {
   ProofSource* source = CryptoTestUtils::ProofSourceForTesting();
 
   const string server_config = "server config bytes";
   const string hostname = "test.example.com";
   const string chlo_hash = "proof nonce bytes";
   scoped_refptr<ProofSource::Chain> chain;
@@ skipping 94 matching lines @@
       0xdc, 0xc5, 0x56, 0x84, 0x8a, 0x31, 0x31, 0x23, 0x61, 0x94, 0x7e, 0x01,
       0x22, 0x49, 0xf3, 0xcb, 0x0e, 0x31, 0x03, 0x04, 0x1b, 0x14, 0x43, 0x7c,
       0xad, 0x42, 0xe5, 0x55,
   };
 
   scoped_ptr<ProofVerifier> verifier(
       CryptoTestUtils::RealProofVerifierForTesting());
 
   const string server_config = "server config bytes";
   const string hostname = "test.example.com";
+  const uint16_t port = 8443;
   const string chlo_hash = "proof nonce bytes";
   const QuicVersion quic_version = GetParam();
 
   vector<string> certs(2);
   certs[0] = LoadTestCert("test.example.com.crt");
   certs[1] = LoadTestCert("intermediate.crt");
 
   // Signatures are nondeterministic, so we test multiple signatures on the
   // same server_config.
   vector<string> signatures(3);
   signatures[0].assign(reinterpret_cast<const char*>(signature_data_0),
                        sizeof(signature_data_0));
   signatures[1].assign(reinterpret_cast<const char*>(signature_data_1),
                        sizeof(signature_data_1));
   signatures[2].assign(reinterpret_cast<const char*>(signature_data_2),
                        sizeof(signature_data_2));
 
   for (size_t i = 0; i < signatures.size(); i++) {
     const string& signature = signatures[i];
 
-    RunVerification(verifier.get(), hostname, server_config, quic_version,
+    RunVerification(verifier.get(), hostname, port, server_config, quic_version,
                     chlo_hash, certs, signature, true);
-    RunVerification(verifier.get(), "foo.com", server_config, quic_version,
-                    chlo_hash, certs, signature, false);
-    RunVerification(verifier.get(), hostname,
+    RunVerification(verifier.get(), "foo.com", port, server_config,
+                    quic_version, chlo_hash, certs, signature, false);
+    RunVerification(verifier.get(), hostname, port,
                     server_config.substr(1, string::npos), quic_version,
                     chlo_hash, certs, signature, false);
 
     const string corrupt_signature = "1" + signature;
-    RunVerification(verifier.get(), hostname, server_config, quic_version,
+    RunVerification(verifier.get(), hostname, port, server_config, quic_version,
                     chlo_hash, certs, corrupt_signature, false);
 
     vector<string> wrong_certs;
     for (size_t i = 1; i < certs.size(); i++) {
       wrong_certs.push_back(certs[i]);
     }
-    RunVerification(verifier.get(), hostname, server_config, quic_version,
+    RunVerification(verifier.get(), hostname, port, server_config, quic_version,
                     chlo_hash, wrong_certs, signature, false);
   }
 }
 
 // A known answer test that allows us to test ProofVerifier without a working
 // ProofSource.
 TEST_P(ProofTest, VerifyECDSAKnownAnswerTest) {
   if (GetParam() > QUIC_VERSION_30) {
     return;
   }
@@ skipping 33 matching lines @@
       0x02, 0x21, 0x00, 0xc6, 0x20, 0xd4, 0x28, 0xf9, 0x70, 0xb5, 0xb4, 0xff,
       0x4a, 0x35, 0xba, 0xa0, 0xf2, 0x8e, 0x00, 0xf7, 0xcb, 0x43, 0xaf, 0x2d,
       0x1f, 0xce, 0x92, 0x05, 0xca, 0x29, 0xfe, 0xd2, 0x8f, 0xd9, 0x31,
   };
 
   scoped_ptr<ProofVerifier> verifier(
       CryptoTestUtils::RealProofVerifierForTesting());
 
   const string server_config = "server config bytes";
   const string hostname = "test.example.com";
+  const uint16_t port = 8443;
   const string chlo_hash = "chlo_hash nonce bytes";
   const QuicVersion quic_version = GetParam();
 
   vector<string> certs(2);
   certs[0] = LoadTestCert("test_ecc.example.com.crt");
   certs[1] = LoadTestCert("intermediate.crt");
 
   // Signatures are nondeterministic, so we test multiple signatures on the
   // same server_config.
   vector<string> signatures(3);
   signatures[0].assign(reinterpret_cast<const char*>(signature_data_0),
                        sizeof(signature_data_0));
   signatures[1].assign(reinterpret_cast<const char*>(signature_data_1),
                        sizeof(signature_data_1));
   signatures[2].assign(reinterpret_cast<const char*>(signature_data_2),
                        sizeof(signature_data_2));
 
   for (size_t i = 0; i < signatures.size(); i++) {
     LOG(ERROR) << "====================" << i << "======================";
     const string& signature = signatures[i];
 
     LOG(ERROR) << "=================== expect ok =====================";
-    RunVerification(verifier.get(), hostname, server_config, quic_version,
+    RunVerification(verifier.get(), hostname, port, server_config, quic_version,
                     chlo_hash, certs, signature, true);
     LOG(ERROR) << "=================== hose_name = foo.com =============";
-    RunVerification(verifier.get(), "foo.com", server_config, quic_version,
-                    chlo_hash, certs, signature, false);
+    RunVerification(verifier.get(), "foo.com", port, server_config,
+                    quic_version, chlo_hash, certs, signature, false);
     LOG(ERROR) << "================== server_config ====================";
-    RunVerification(verifier.get(), hostname,
+    RunVerification(verifier.get(), hostname, port,
                     server_config.substr(1, string::npos), quic_version,
                     chlo_hash, certs, signature, false);
 
     // An ECDSA signature is DER-encoded. Corrupt the last byte so that the
     // signature can still be DER-decoded correctly.
     string corrupt_signature = signature;
     corrupt_signature[corrupt_signature.size() - 1] += 1;
     LOG(ERROR) << "================= corrupt signature =======================";
-    RunVerification(verifier.get(), hostname, server_config, quic_version,
+    RunVerification(verifier.get(), hostname, port, server_config, quic_version,
                     chlo_hash, certs, corrupt_signature, false);
 
     // Prepending a "1" makes the DER invalid.
     const string bad_der_signature1 = "1" + signature;
     LOG(ERROR) << "=========================bad der signature ===============";
-    RunVerification(verifier.get(), hostname, server_config, quic_version,
+    RunVerification(verifier.get(), hostname, port, server_config, quic_version,
                     chlo_hash, certs, bad_der_signature1, false);
 
     vector<string> wrong_certs;
     for (size_t i = 1; i < certs.size(); i++) {
       wrong_certs.push_back(certs[i]);
     }
     LOG(ERROR) << "==================== wrong certs =========================";
-    RunVerification(verifier.get(), hostname, server_config, quic_version,
+    RunVerification(verifier.get(), hostname, port, server_config, quic_version,
                     chlo_hash, wrong_certs, signature, false);
   }
 }
 
 }  // namespace test
 }  // namespace net