| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <memory> | 5 #include <memory> |
| 6 #include <utility> | 6 #include <utility> |
| 7 | 7 |
| 8 #include "base/callback_helpers.h" | 8 #include "base/callback_helpers.h" |
| 9 #include "base/logging.h" | 9 #include "base/logging.h" |
| 10 #include "base/macros.h" | 10 #include "base/macros.h" |
| (...skipping 57 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 68 | 68 |
| 69 CertVerifier* cert_verifier() { return cert_verifier_.get(); } | 69 CertVerifier* cert_verifier() { return cert_verifier_.get(); } |
| 70 | 70 |
| 71 private: | 71 private: |
| 72 ScopedTestRoot scoped_root_; | 72 ScopedTestRoot scoped_root_; |
| 73 std::unique_ptr<CertVerifier> cert_verifier_; | 73 std::unique_ptr<CertVerifier> cert_verifier_; |
| 74 std::unique_ptr<TransportSecurityState> transport_security_state_; | 74 std::unique_ptr<TransportSecurityState> transport_security_state_; |
| 75 std::unique_ptr<CTVerifier> cert_transparency_verifier_; | 75 std::unique_ptr<CTVerifier> cert_transparency_verifier_; |
| 76 }; | 76 }; |
| 77 | 77 |
| 78 const char kSignature[] = "signature"; | |
| 79 const char kSCT[] = "CryptoServerTests"; | |
| 80 | |
| 81 class FakeProofSource : public ProofSource { | |
| 82 public: | |
| 83 FakeProofSource() {} | |
| 84 ~FakeProofSource() override {} | |
| 85 | |
| 86 // ProofSource interface | |
| 87 bool Initialize(const base::FilePath& cert_path, | |
| 88 const base::FilePath& key_path, | |
| 89 const base::FilePath& sct_path) { | |
| 90 std::string cert_data; | |
| 91 if (!base::ReadFileToString(cert_path, &cert_data)) { | |
| 92 DLOG(FATAL) << "Unable to read certificates."; | |
| 93 return false; | |
| 94 } | |
| 95 | |
| 96 CertificateList certs_in_file = | |
| 97 X509Certificate::CreateCertificateListFromBytes( | |
| 98 cert_data.data(), cert_data.size(), X509Certificate::FORMAT_AUTO); | |
| 99 | |
| 100 if (certs_in_file.empty()) { | |
| 101 DLOG(FATAL) << "No certificates."; | |
| 102 return false; | |
| 103 } | |
| 104 | |
| 105 vector<string> certs; | |
| 106 for (const scoped_refptr<X509Certificate>& cert : certs_in_file) { | |
| 107 std::string der_encoded_cert; | |
| 108 if (!X509Certificate::GetDEREncoded(cert->os_cert_handle(), | |
| 109 &der_encoded_cert)) { | |
| 110 return false; | |
| 111 } | |
| 112 certs.push_back(der_encoded_cert); | |
| 113 } | |
| 114 chain_ = new ProofSource::Chain(certs); | |
| 115 return true; | |
| 116 } | |
| 117 | |
| 118 bool GetProof(const IPAddress& server_ip, | |
| 119 const std::string& hostname, | |
| 120 const std::string& server_config, | |
| 121 QuicVersion quic_version, | |
| 122 StringPiece chlo_hash, | |
| 123 bool ecdsa_ok, | |
| 124 scoped_refptr<ProofSource::Chain>* out_chain, | |
| 125 std::string* out_signature, | |
| 126 std::string* out_leaf_cert_sct) override { | |
| 127 out_signature->assign(kSignature); | |
| 128 *out_chain = chain_; | |
| 129 *out_leaf_cert_sct = kSCT; | |
| 130 return true; | |
| 131 } | |
| 132 | |
| 133 private: | |
| 134 scoped_refptr<ProofSource::Chain> chain_; | |
| 135 | |
| 136 DISALLOW_COPY_AND_ASSIGN(FakeProofSource); | |
| 137 }; | |
| 138 | |
| 139 class FakeProofVerifier : public TestProofVerifierChromium { | |
| 140 public: | |
| 141 FakeProofVerifier( | |
| 142 std::unique_ptr<CertVerifier> cert_verifier, | |
| 143 std::unique_ptr<TransportSecurityState> transport_security_state, | |
| 144 std::unique_ptr<CTVerifier> cert_transparency_verifier, | |
| 145 const std::string& cert_file) | |
| 146 : TestProofVerifierChromium(std::move(cert_verifier), | |
| 147 std::move(transport_security_state), | |
| 148 std::move(cert_transparency_verifier), | |
| 149 cert_file) {} | |
| 150 ~FakeProofVerifier() override {} | |
| 151 | |
| 152 // ProofVerifier interface | |
| 153 QuicAsyncStatus VerifyProof( | |
| 154 const std::string& hostname, | |
| 155 const uint16_t port, | |
| 156 const std::string& server_config, | |
| 157 QuicVersion quic_version, | |
| 158 StringPiece chlo_hash, | |
| 159 const std::vector<std::string>& certs, | |
| 160 const std::string& cert_sct, | |
| 161 const std::string& signature, | |
| 162 const ProofVerifyContext* verify_context, | |
| 163 std::string* error_details, | |
| 164 std::unique_ptr<ProofVerifyDetails>* verify_details, | |
| 165 ProofVerifierCallback* callback) override { | |
| 166 error_details->clear(); | |
| 167 std::unique_ptr<ProofVerifyDetailsChromium> verify_details_chromium( | |
| 168 new ProofVerifyDetailsChromium); | |
| 169 DCHECK(!certs.empty()); | |
| 170 // Convert certs to X509Certificate. | |
| 171 vector<StringPiece> cert_pieces(certs.size()); | |
| 172 for (unsigned i = 0; i < certs.size(); i++) { | |
| 173 cert_pieces[i] = base::StringPiece(certs[i]); | |
| 174 } | |
| 175 scoped_refptr<X509Certificate> x509_cert = | |
| 176 X509Certificate::CreateFromDERCertChain(cert_pieces); | |
| 177 | |
| 178 if (!x509_cert.get()) { | |
| 179 *error_details = "Failed to create certificate chain"; | |
| 180 verify_details_chromium->cert_verify_result.cert_status = | |
| 181 CERT_STATUS_INVALID; | |
| 182 *verify_details = std::move(verify_details_chromium); | |
| 183 return QUIC_FAILURE; | |
| 184 } | |
| 185 | |
| 186 const ProofVerifyContextChromium* chromium_context = | |
| 187 reinterpret_cast<const ProofVerifyContextChromium*>(verify_context); | |
| 188 std::unique_ptr<CertVerifier::Request> cert_verifier_request_; | |
| 189 TestCompletionCallback test_callback; | |
| 190 int result = cert_verifier()->Verify( | |
| 191 x509_cert.get(), hostname, std::string(), | |
| 192 chromium_context->cert_verify_flags, | |
| 193 SSLConfigService::GetCRLSet().get(), | |
| 194 &verify_details_chromium->cert_verify_result, test_callback.callback(), | |
| 195 &cert_verifier_request_, chromium_context->net_log); | |
| 196 if (result != OK) { | |
| 197 std::string error_string = ErrorToString(result); | |
| 198 *error_details = StringPrintf("Failed to verify certificate chain: %s", | |
| 199 error_string.c_str()); | |
| 200 verify_details_chromium->cert_verify_result.cert_status = | |
| 201 CERT_STATUS_INVALID; | |
| 202 *verify_details = std::move(verify_details_chromium); | |
| 203 return QUIC_FAILURE; | |
| 204 } | |
| 205 if (signature != kSignature) { | |
| 206 *error_details = "Invalid proof"; | |
| 207 verify_details_chromium->cert_verify_result.cert_status = | |
| 208 CERT_STATUS_INVALID; | |
| 209 *verify_details = std::move(verify_details_chromium); | |
| 210 return QUIC_FAILURE; | |
| 211 } | |
| 212 *verify_details = std::move(verify_details_chromium); | |
| 213 return QUIC_SUCCESS; | |
| 214 } | |
| 215 | |
| 216 private: | |
| 217 DISALLOW_COPY_AND_ASSIGN(FakeProofVerifier); | |
| 218 }; | |
| 219 | |
| 220 } // namespace | 78 } // namespace |
| 221 | 79 |
| 222 // static | 80 // static |
| 223 ProofSource* CryptoTestUtils::ProofSourceForTesting() { | 81 ProofSource* CryptoTestUtils::ProofSourceForTesting() { |
| 224 #if defined(USE_OPENSSL) | |
| 225 ProofSourceChromium* source = new ProofSourceChromium(); | 82 ProofSourceChromium* source = new ProofSourceChromium(); |
| 226 #else | |
| 227 FakeProofSource* source = new FakeProofSource(); | |
| 228 #endif | |
| 229 base::FilePath certs_dir = GetTestCertsDirectory(); | 83 base::FilePath certs_dir = GetTestCertsDirectory(); |
| 230 CHECK(source->Initialize( | 84 CHECK(source->Initialize( |
| 231 certs_dir.AppendASCII("quic_chain.crt"), | 85 certs_dir.AppendASCII("quic_chain.crt"), |
| 232 certs_dir.AppendASCII("quic_test.example.com.key.pkcs8"), | 86 certs_dir.AppendASCII("quic_test.example.com.key.pkcs8"), |
| 233 certs_dir.AppendASCII("quic_test.example.com.key.sct"))); | 87 certs_dir.AppendASCII("quic_test.example.com.key.sct"))); |
| 234 return source; | 88 return source; |
| 235 } | 89 } |
| 236 | 90 |
| 237 // static | 91 // static |
| 238 ProofVerifier* ProofVerifierForTestingInternal(bool use_real_proof_verifier) { | 92 ProofVerifier* ProofVerifierForTestingInternal(bool use_real_proof_verifier) { |
| 239 // TODO(rch): use a real cert verifier? | 93 // TODO(rch): use a real cert verifier? |
| 240 std::unique_ptr<MockCertVerifier> cert_verifier(new MockCertVerifier()); | 94 std::unique_ptr<MockCertVerifier> cert_verifier(new MockCertVerifier()); |
| 241 net::CertVerifyResult verify_result; | 95 net::CertVerifyResult verify_result; |
| 242 verify_result.verified_cert = | 96 verify_result.verified_cert = |
| 243 ImportCertFromFile(GetTestCertsDirectory(), "quic_test.example.com.crt"); | 97 ImportCertFromFile(GetTestCertsDirectory(), "quic_test.example.com.crt"); |
| 244 cert_verifier->AddResultForCertAndHost(verify_result.verified_cert.get(), | 98 cert_verifier->AddResultForCertAndHost(verify_result.verified_cert.get(), |
| 245 "test.example.com", verify_result, OK); | 99 "test.example.com", verify_result, OK); |
| 246 verify_result.verified_cert = ImportCertFromFile( | 100 verify_result.verified_cert = ImportCertFromFile( |
| 247 GetTestCertsDirectory(), "quic_test_ecc.example.com.crt"); | 101 GetTestCertsDirectory(), "quic_test_ecc.example.com.crt"); |
| 248 cert_verifier->AddResultForCertAndHost(verify_result.verified_cert.get(), | 102 cert_verifier->AddResultForCertAndHost(verify_result.verified_cert.get(), |
| 249 "test.example.com", verify_result, OK); | 103 "test.example.com", verify_result, OK); |
| 250 if (use_real_proof_verifier) { | 104 if (use_real_proof_verifier) { |
| 251 return new TestProofVerifierChromium( | 105 return new TestProofVerifierChromium( |
| 252 std::move(cert_verifier), base::WrapUnique(new TransportSecurityState), | 106 std::move(cert_verifier), base::WrapUnique(new TransportSecurityState), |
| 253 base::WrapUnique(new MultiLogCTVerifier), "quic_root.crt"); | 107 base::WrapUnique(new MultiLogCTVerifier), "quic_root.crt"); |
| 254 } | 108 } |
| 255 #if defined(USE_OPENSSL) | |
| 256 return new TestProofVerifierChromium( | 109 return new TestProofVerifierChromium( |
| 257 std::move(cert_verifier), base::WrapUnique(new TransportSecurityState), | 110 std::move(cert_verifier), base::WrapUnique(new TransportSecurityState), |
| 258 base::WrapUnique(new MultiLogCTVerifier), "quic_root.crt"); | 111 base::WrapUnique(new MultiLogCTVerifier), "quic_root.crt"); |
| 259 #else | |
| 260 return new FakeProofVerifier( | |
| 261 std::move(cert_verifier), base::WrapUnique(new TransportSecurityState), | |
| 262 base::WrapUnique(new MultiLogCTVerifier), "quic_root.crt"); | |
| 263 #endif | |
| 264 } | 112 } |
| 265 | 113 |
| 266 // static | 114 // static |
| 267 ProofVerifier* CryptoTestUtils::ProofVerifierForTesting() { | 115 ProofVerifier* CryptoTestUtils::ProofVerifierForTesting() { |
| 268 return ProofVerifierForTestingInternal(/*use_real_proof_verifier=*/false); | 116 return ProofVerifierForTestingInternal(/*use_real_proof_verifier=*/false); |
| 269 } | 117 } |
| 270 | 118 |
| 271 // static | 119 // static |
| 272 ProofVerifier* CryptoTestUtils::RealProofVerifierForTesting() { | 120 ProofVerifier* CryptoTestUtils::RealProofVerifierForTesting() { |
| 273 return ProofVerifierForTestingInternal(/*use_real_proof_verifier=*/true); | 121 return ProofVerifierForTestingInternal(/*use_real_proof_verifier=*/true); |
| 274 } | 122 } |
| 275 | 123 |
| 276 // static | 124 // static |
| 277 ProofVerifyContext* CryptoTestUtils::ProofVerifyContextForTesting() { | 125 ProofVerifyContext* CryptoTestUtils::ProofVerifyContextForTesting() { |
| 278 return new ProofVerifyContextChromium(/*cert_verify_flags=*/0, BoundNetLog()); | 126 return new ProofVerifyContextChromium(/*cert_verify_flags=*/0, BoundNetLog()); |
| 279 } | 127 } |
| 280 | 128 |
| 281 } // namespace test | 129 } // namespace test |
| 282 | 130 |
| 283 } // namespace net | 131 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1882433002:
Removing NSS files and USE_OPENSSL flag (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master