| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/quic/crypto/proof_verifier_chromium.h" | 5 #include "net/quic/crypto/proof_verifier_chromium.h" |
| 6 | 6 |
| 7 #include "base/memory/ref_counted.h" | 7 #include "base/memory/ref_counted.h" |
| 8 #include "base/memory/scoped_ptr.h" | 8 #include "base/memory/scoped_ptr.h" |
| 9 #include "net/base/net_errors.h" | 9 #include "net/base/net_errors.h" |
| 10 #include "net/base/test_data_directory.h" | 10 #include "net/base/test_data_directory.h" |
| (...skipping 83 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 94 ~DummyProofVerifierCallback() override {} | 94 ~DummyProofVerifierCallback() override {} |
| 95 | 95 |
| 96 void Run(bool ok, | 96 void Run(bool ok, |
| 97 const std::string& error_details, | 97 const std::string& error_details, |
| 98 scoped_ptr<ProofVerifyDetails>* details) override { | 98 scoped_ptr<ProofVerifyDetails>* details) override { |
| 99 // Do nothing | 99 // Do nothing |
| 100 } | 100 } |
| 101 }; | 101 }; |
| 102 | 102 |
| 103 const char kTestHostname[] = "test.example.com"; | 103 const char kTestHostname[] = "test.example.com"; |
| 104 const uint16_t kTestPort = 8443; |
| 104 const char kTestConfig[] = "server config bytes"; | 105 const char kTestConfig[] = "server config bytes"; |
| 105 const char kLogDescription[] = "somelog"; | 106 const char kLogDescription[] = "somelog"; |
| 106 | 107 |
| 107 } // namespace | 108 } // namespace |
| 108 | 109 |
| 109 class ProofVerifierChromiumTest : public ::testing::Test { | 110 class ProofVerifierChromiumTest : public ::testing::Test { |
| 110 public: | 111 public: |
| 111 ProofVerifierChromiumTest() | 112 ProofVerifierChromiumTest() |
| 112 : verify_context_(new ProofVerifyContextChromium(0 /*cert_verify_flags*/, | 113 : verify_context_(new ProofVerifyContextChromium(0 /*cert_verify_flags*/, |
| 113 BoundNetLog())) {} | 114 BoundNetLog())) {} |
| (...skipping 101 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 215 // Tests that the ProofVerifier fails verification if certificate | 216 // Tests that the ProofVerifier fails verification if certificate |
| 216 // verification fails. | 217 // verification fails. |
| 217 TEST_F(ProofVerifierChromiumTest, FailsIfCertFails) { | 218 TEST_F(ProofVerifierChromiumTest, FailsIfCertFails) { |
| 218 MockCertVerifier dummy_verifier; | 219 MockCertVerifier dummy_verifier; |
| 219 ProofVerifierChromium proof_verifier(&dummy_verifier, nullptr, nullptr, | 220 ProofVerifierChromium proof_verifier(&dummy_verifier, nullptr, nullptr, |
| 220 ct_verifier_.get()); | 221 ct_verifier_.get()); |
| 221 | 222 |
| 222 scoped_ptr<DummyProofVerifierCallback> callback( | 223 scoped_ptr<DummyProofVerifierCallback> callback( |
| 223 new DummyProofVerifierCallback); | 224 new DummyProofVerifierCallback); |
| 224 QuicAsyncStatus status = proof_verifier.VerifyProof( | 225 QuicAsyncStatus status = proof_verifier.VerifyProof( |
| 225 kTestHostname, kTestConfig, QUIC_VERSION_25, "", certs_, "", | 226 kTestHostname, kTestPort, kTestConfig, QUIC_VERSION_25, "", certs_, "", |
| 226 GetTestSignature(), verify_context_.get(), &error_details_, &details_, | 227 GetTestSignature(), verify_context_.get(), &error_details_, &details_, |
| 227 callback.get()); | 228 callback.get()); |
| 228 ASSERT_EQ(QUIC_FAILURE, status); | 229 ASSERT_EQ(QUIC_FAILURE, status); |
| 229 } | 230 } |
| 230 | 231 |
| 231 // Valid SCT, but invalid signature. | 232 // Valid SCT, but invalid signature. |
| 232 TEST_F(ProofVerifierChromiumTest, ValidSCTList) { | 233 TEST_F(ProofVerifierChromiumTest, ValidSCTList) { |
| 233 // Use different certificates for SCT tests. | 234 // Use different certificates for SCT tests. |
| 234 ASSERT_NO_FATAL_FAILURE(GetSCTTestCertificates(&certs_)); | 235 ASSERT_NO_FATAL_FAILURE(GetSCTTestCertificates(&certs_)); |
| 235 | 236 |
| 236 MockCertVerifier cert_verifier; | 237 MockCertVerifier cert_verifier; |
| 237 ProofVerifierChromium proof_verifier(&cert_verifier, nullptr, nullptr, | 238 ProofVerifierChromium proof_verifier(&cert_verifier, nullptr, nullptr, |
| 238 ct_verifier_.get()); | 239 ct_verifier_.get()); |
| 239 | 240 |
| 240 scoped_ptr<DummyProofVerifierCallback> callback( | 241 scoped_ptr<DummyProofVerifierCallback> callback( |
| 241 new DummyProofVerifierCallback); | 242 new DummyProofVerifierCallback); |
| 242 QuicAsyncStatus status = proof_verifier.VerifyProof( | 243 QuicAsyncStatus status = proof_verifier.VerifyProof( |
| 243 kTestHostname, kTestConfig, QUIC_VERSION_25, "", certs_, | 244 kTestHostname, kTestPort, kTestConfig, QUIC_VERSION_25, "", certs_, |
| 244 ct::GetSCTListForTesting(), "", verify_context_.get(), &error_details_, | 245 ct::GetSCTListForTesting(), "", verify_context_.get(), &error_details_, |
| 245 &details_, callback.get()); | 246 &details_, callback.get()); |
| 246 ASSERT_EQ(QUIC_FAILURE, status); | 247 ASSERT_EQ(QUIC_FAILURE, status); |
| 247 CheckSCT(/*sct_expected_ok=*/true); | 248 CheckSCT(/*sct_expected_ok=*/true); |
| 248 } | 249 } |
| 249 | 250 |
| 250 // Invalid SCT and signature. | 251 // Invalid SCT and signature. |
| 251 TEST_F(ProofVerifierChromiumTest, InvalidSCTList) { | 252 TEST_F(ProofVerifierChromiumTest, InvalidSCTList) { |
| 252 // Use different certificates for SCT tests. | 253 // Use different certificates for SCT tests. |
| 253 ASSERT_NO_FATAL_FAILURE(GetSCTTestCertificates(&certs_)); | 254 ASSERT_NO_FATAL_FAILURE(GetSCTTestCertificates(&certs_)); |
| 254 | 255 |
| 255 MockCertVerifier cert_verifier; | 256 MockCertVerifier cert_verifier; |
| 256 ProofVerifierChromium proof_verifier(&cert_verifier, nullptr, nullptr, | 257 ProofVerifierChromium proof_verifier(&cert_verifier, nullptr, nullptr, |
| 257 ct_verifier_.get()); | 258 ct_verifier_.get()); |
| 258 | 259 |
| 259 scoped_ptr<DummyProofVerifierCallback> callback( | 260 scoped_ptr<DummyProofVerifierCallback> callback( |
| 260 new DummyProofVerifierCallback); | 261 new DummyProofVerifierCallback); |
| 261 QuicAsyncStatus status = proof_verifier.VerifyProof( | 262 QuicAsyncStatus status = proof_verifier.VerifyProof( |
| 262 kTestHostname, kTestConfig, QUIC_VERSION_25, "", certs_, | 263 kTestHostname, kTestPort, kTestConfig, QUIC_VERSION_25, "", certs_, |
| 263 ct::GetSCTListWithInvalidSCT(), "", verify_context_.get(), | 264 ct::GetSCTListWithInvalidSCT(), "", verify_context_.get(), |
| 264 &error_details_, &details_, callback.get()); | 265 &error_details_, &details_, callback.get()); |
| 265 ASSERT_EQ(QUIC_FAILURE, status); | 266 ASSERT_EQ(QUIC_FAILURE, status); |
| 266 CheckSCT(/*sct_expected_ok=*/false); | 267 CheckSCT(/*sct_expected_ok=*/false); |
| 267 } | 268 } |
| 268 | 269 |
| 269 // Tests that the ProofVerifier doesn't verify certificates if the config | 270 // Tests that the ProofVerifier doesn't verify certificates if the config |
| 270 // signature fails. | 271 // signature fails. |
| 271 TEST_F(ProofVerifierChromiumTest, FailsIfSignatureFails) { | 272 TEST_F(ProofVerifierChromiumTest, FailsIfSignatureFails) { |
| 272 FailsTestCertVerifier cert_verifier; | 273 FailsTestCertVerifier cert_verifier; |
| 273 ProofVerifierChromium proof_verifier(&cert_verifier, nullptr, nullptr, | 274 ProofVerifierChromium proof_verifier(&cert_verifier, nullptr, nullptr, |
| 274 ct_verifier_.get()); | 275 ct_verifier_.get()); |
| 275 | 276 |
| 276 scoped_ptr<DummyProofVerifierCallback> callback( | 277 scoped_ptr<DummyProofVerifierCallback> callback( |
| 277 new DummyProofVerifierCallback); | 278 new DummyProofVerifierCallback); |
| 278 QuicAsyncStatus status = proof_verifier.VerifyProof( | 279 QuicAsyncStatus status = proof_verifier.VerifyProof( |
| 279 kTestHostname, kTestConfig, QUIC_VERSION_25, "", certs_, "", kTestConfig, | 280 kTestHostname, kTestPort, kTestConfig, QUIC_VERSION_25, "", certs_, "", |
| 280 verify_context_.get(), &error_details_, &details_, callback.get()); | 281 kTestConfig, verify_context_.get(), &error_details_, &details_, |
| 282 callback.get()); |
| 281 ASSERT_EQ(QUIC_FAILURE, status); | 283 ASSERT_EQ(QUIC_FAILURE, status); |
| 282 } | 284 } |
| 283 | 285 |
| 284 // Tests that EV certificates are left as EV if there is no certificate | 286 // Tests that EV certificates are left as EV if there is no certificate |
| 285 // policy enforcement. | 287 // policy enforcement. |
| 286 TEST_F(ProofVerifierChromiumTest, PreservesEVIfNoPolicy) { | 288 TEST_F(ProofVerifierChromiumTest, PreservesEVIfNoPolicy) { |
| 287 scoped_refptr<X509Certificate> test_cert = GetTestServerCertificate(); | 289 scoped_refptr<X509Certificate> test_cert = GetTestServerCertificate(); |
| 288 ASSERT_TRUE(test_cert); | 290 ASSERT_TRUE(test_cert); |
| 289 | 291 |
| 290 CertVerifyResult dummy_result; | 292 CertVerifyResult dummy_result; |
| 291 dummy_result.verified_cert = test_cert; | 293 dummy_result.verified_cert = test_cert; |
| 292 dummy_result.cert_status = CERT_STATUS_IS_EV; | 294 dummy_result.cert_status = CERT_STATUS_IS_EV; |
| 293 | 295 |
| 294 MockCertVerifier dummy_verifier; | 296 MockCertVerifier dummy_verifier; |
| 295 dummy_verifier.AddResultForCert(test_cert.get(), dummy_result, OK); | 297 dummy_verifier.AddResultForCert(test_cert.get(), dummy_result, OK); |
| 296 | 298 |
| 297 ProofVerifierChromium proof_verifier(&dummy_verifier, nullptr, nullptr, | 299 ProofVerifierChromium proof_verifier(&dummy_verifier, nullptr, nullptr, |
| 298 ct_verifier_.get()); | 300 ct_verifier_.get()); |
| 299 | 301 |
| 300 scoped_ptr<DummyProofVerifierCallback> callback( | 302 scoped_ptr<DummyProofVerifierCallback> callback( |
| 301 new DummyProofVerifierCallback); | 303 new DummyProofVerifierCallback); |
| 302 QuicAsyncStatus status = proof_verifier.VerifyProof( | 304 QuicAsyncStatus status = proof_verifier.VerifyProof( |
| 303 kTestHostname, kTestConfig, QUIC_VERSION_25, "", certs_, "", | 305 kTestHostname, kTestPort, kTestConfig, QUIC_VERSION_25, "", certs_, "", |
| 304 GetTestSignature(), verify_context_.get(), &error_details_, &details_, | 306 GetTestSignature(), verify_context_.get(), &error_details_, &details_, |
| 305 callback.get()); | 307 callback.get()); |
| 306 ASSERT_EQ(QUIC_SUCCESS, status); | 308 ASSERT_EQ(QUIC_SUCCESS, status); |
| 307 | 309 |
| 308 ASSERT_TRUE(details_.get()); | 310 ASSERT_TRUE(details_.get()); |
| 309 ProofVerifyDetailsChromium* verify_details = | 311 ProofVerifyDetailsChromium* verify_details = |
| 310 static_cast<ProofVerifyDetailsChromium*>(details_.get()); | 312 static_cast<ProofVerifyDetailsChromium*>(details_.get()); |
| 311 EXPECT_EQ(dummy_result.cert_status, | 313 EXPECT_EQ(dummy_result.cert_status, |
| 312 verify_details->cert_verify_result.cert_status); | 314 verify_details->cert_verify_result.cert_status); |
| 313 } | 315 } |
| (...skipping 12 matching lines...) Expand all Loading... |
| 326 dummy_verifier.AddResultForCert(test_cert.get(), dummy_result, OK); | 328 dummy_verifier.AddResultForCert(test_cert.get(), dummy_result, OK); |
| 327 | 329 |
| 328 MockCTPolicyEnforcer policy_enforcer(true /*is_ev*/); | 330 MockCTPolicyEnforcer policy_enforcer(true /*is_ev*/); |
| 329 | 331 |
| 330 ProofVerifierChromium proof_verifier(&dummy_verifier, &policy_enforcer, | 332 ProofVerifierChromium proof_verifier(&dummy_verifier, &policy_enforcer, |
| 331 nullptr, ct_verifier_.get()); | 333 nullptr, ct_verifier_.get()); |
| 332 | 334 |
| 333 scoped_ptr<DummyProofVerifierCallback> callback( | 335 scoped_ptr<DummyProofVerifierCallback> callback( |
| 334 new DummyProofVerifierCallback); | 336 new DummyProofVerifierCallback); |
| 335 QuicAsyncStatus status = proof_verifier.VerifyProof( | 337 QuicAsyncStatus status = proof_verifier.VerifyProof( |
| 336 kTestHostname, kTestConfig, QUIC_VERSION_25, "", certs_, "", | 338 kTestHostname, kTestPort, kTestConfig, QUIC_VERSION_25, "", certs_, "", |
| 337 GetTestSignature(), verify_context_.get(), &error_details_, &details_, | 339 GetTestSignature(), verify_context_.get(), &error_details_, &details_, |
| 338 callback.get()); | 340 callback.get()); |
| 339 ASSERT_EQ(QUIC_SUCCESS, status); | 341 ASSERT_EQ(QUIC_SUCCESS, status); |
| 340 | 342 |
| 341 ASSERT_TRUE(details_.get()); | 343 ASSERT_TRUE(details_.get()); |
| 342 ProofVerifyDetailsChromium* verify_details = | 344 ProofVerifyDetailsChromium* verify_details = |
| 343 static_cast<ProofVerifyDetailsChromium*>(details_.get()); | 345 static_cast<ProofVerifyDetailsChromium*>(details_.get()); |
| 344 EXPECT_EQ(dummy_result.cert_status, | 346 EXPECT_EQ(dummy_result.cert_status, |
| 345 verify_details->cert_verify_result.cert_status); | 347 verify_details->cert_verify_result.cert_status); |
| 346 } | 348 } |
| (...skipping 12 matching lines...) Expand all Loading... |
| 359 dummy_verifier.AddResultForCert(test_cert.get(), dummy_result, OK); | 361 dummy_verifier.AddResultForCert(test_cert.get(), dummy_result, OK); |
| 360 | 362 |
| 361 MockCTPolicyEnforcer policy_enforcer(false /*is_ev*/); | 363 MockCTPolicyEnforcer policy_enforcer(false /*is_ev*/); |
| 362 | 364 |
| 363 ProofVerifierChromium proof_verifier(&dummy_verifier, &policy_enforcer, | 365 ProofVerifierChromium proof_verifier(&dummy_verifier, &policy_enforcer, |
| 364 nullptr, ct_verifier_.get()); | 366 nullptr, ct_verifier_.get()); |
| 365 | 367 |
| 366 scoped_ptr<DummyProofVerifierCallback> callback( | 368 scoped_ptr<DummyProofVerifierCallback> callback( |
| 367 new DummyProofVerifierCallback); | 369 new DummyProofVerifierCallback); |
| 368 QuicAsyncStatus status = proof_verifier.VerifyProof( | 370 QuicAsyncStatus status = proof_verifier.VerifyProof( |
| 369 kTestHostname, kTestConfig, QUIC_VERSION_25, "", certs_, "", | 371 kTestHostname, kTestPort, kTestConfig, QUIC_VERSION_25, "", certs_, "", |
| 370 GetTestSignature(), verify_context_.get(), &error_details_, &details_, | 372 GetTestSignature(), verify_context_.get(), &error_details_, &details_, |
| 371 callback.get()); | 373 callback.get()); |
| 372 ASSERT_EQ(QUIC_SUCCESS, status); | 374 ASSERT_EQ(QUIC_SUCCESS, status); |
| 373 | 375 |
| 374 ASSERT_TRUE(details_.get()); | 376 ASSERT_TRUE(details_.get()); |
| 375 ProofVerifyDetailsChromium* verify_details = | 377 ProofVerifyDetailsChromium* verify_details = |
| 376 static_cast<ProofVerifyDetailsChromium*>(details_.get()); | 378 static_cast<ProofVerifyDetailsChromium*>(details_.get()); |
| 377 EXPECT_EQ(CERT_STATUS_CT_COMPLIANCE_FAILED, | 379 EXPECT_EQ(CERT_STATUS_CT_COMPLIANCE_FAILED, |
| 378 verify_details->cert_verify_result.cert_status & | 380 verify_details->cert_verify_result.cert_status & |
| 379 (CERT_STATUS_CT_COMPLIANCE_FAILED | CERT_STATUS_IS_EV)); | 381 (CERT_STATUS_CT_COMPLIANCE_FAILED | CERT_STATUS_IS_EV)); |
| (...skipping 13 matching lines...) Expand all Loading... |
| 393 dummy_verifier.AddResultForCert(test_cert.get(), dummy_result, OK); | 395 dummy_verifier.AddResultForCert(test_cert.get(), dummy_result, OK); |
| 394 | 396 |
| 395 FailsTestCTPolicyEnforcer policy_enforcer; | 397 FailsTestCTPolicyEnforcer policy_enforcer; |
| 396 | 398 |
| 397 ProofVerifierChromium proof_verifier(&dummy_verifier, &policy_enforcer, | 399 ProofVerifierChromium proof_verifier(&dummy_verifier, &policy_enforcer, |
| 398 nullptr, ct_verifier_.get()); | 400 nullptr, ct_verifier_.get()); |
| 399 | 401 |
| 400 scoped_ptr<DummyProofVerifierCallback> callback( | 402 scoped_ptr<DummyProofVerifierCallback> callback( |
| 401 new DummyProofVerifierCallback); | 403 new DummyProofVerifierCallback); |
| 402 QuicAsyncStatus status = proof_verifier.VerifyProof( | 404 QuicAsyncStatus status = proof_verifier.VerifyProof( |
| 403 kTestHostname, kTestConfig, QUIC_VERSION_25, "", certs_, "", | 405 kTestHostname, kTestPort, kTestConfig, QUIC_VERSION_25, "", certs_, "", |
| 404 GetTestSignature(), verify_context_.get(), &error_details_, &details_, | 406 GetTestSignature(), verify_context_.get(), &error_details_, &details_, |
| 405 callback.get()); | 407 callback.get()); |
| 406 ASSERT_EQ(QUIC_SUCCESS, status); | 408 ASSERT_EQ(QUIC_SUCCESS, status); |
| 407 | 409 |
| 408 ASSERT_TRUE(details_.get()); | 410 ASSERT_TRUE(details_.get()); |
| 409 ProofVerifyDetailsChromium* verify_details = | 411 ProofVerifyDetailsChromium* verify_details = |
| 410 static_cast<ProofVerifyDetailsChromium*>(details_.get()); | 412 static_cast<ProofVerifyDetailsChromium*>(details_.get()); |
| 411 EXPECT_EQ(0u, verify_details->cert_verify_result.cert_status); | 413 EXPECT_EQ(0u, verify_details->cert_verify_result.cert_status); |
| 412 } | 414 } |
| 413 | 415 |
| 414 } // namespace test | 416 } // namespace test |
| 415 } // namespace net | 417 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1780983002:
Provide valid port on HPKP reports for QUIC connections (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master