| Index: net/quic/test_tools/crypto_test_utils_chromium.cc
|
| diff --git a/net/quic/test_tools/crypto_test_utils_chromium.cc b/net/quic/test_tools/crypto_test_utils_chromium.cc
|
| index d78df969b69c0555e21664eb1e4f9d5a6f9dd5c4..121db431beeed29a26ad3d0ce23dd8d011feaf14 100644
|
| --- a/net/quic/test_tools/crypto_test_utils_chromium.cc
|
| +++ b/net/quic/test_tools/crypto_test_utils_chromium.cc
|
| @@ -75,157 +75,11 @@ class TestProofVerifierChromium : public ProofVerifierChromium {
|
| std::unique_ptr<CTVerifier> cert_transparency_verifier_;
|
| };
|
|
|
| -const char kSignature[] = "signature";
|
| -const char kSCT[] = "CryptoServerTests";
|
| -
|
| -class FakeProofSource : public ProofSource {
|
| - public:
|
| - FakeProofSource() {}
|
| - ~FakeProofSource() override {}
|
| -
|
| - // ProofSource interface
|
| - bool Initialize(const base::FilePath& cert_path,
|
| - const base::FilePath& key_path,
|
| - const base::FilePath& sct_path) {
|
| - std::string cert_data;
|
| - if (!base::ReadFileToString(cert_path, &cert_data)) {
|
| - DLOG(FATAL) << "Unable to read certificates.";
|
| - return false;
|
| - }
|
| -
|
| - CertificateList certs_in_file =
|
| - X509Certificate::CreateCertificateListFromBytes(
|
| - cert_data.data(), cert_data.size(), X509Certificate::FORMAT_AUTO);
|
| -
|
| - if (certs_in_file.empty()) {
|
| - DLOG(FATAL) << "No certificates.";
|
| - return false;
|
| - }
|
| -
|
| - vector<string> certs;
|
| - for (const scoped_refptr<X509Certificate>& cert : certs_in_file) {
|
| - std::string der_encoded_cert;
|
| - if (!X509Certificate::GetDEREncoded(cert->os_cert_handle(),
|
| - &der_encoded_cert)) {
|
| - return false;
|
| - }
|
| - certs.push_back(der_encoded_cert);
|
| - }
|
| - chain_ = new ProofSource::Chain(certs);
|
| - return true;
|
| - }
|
| -
|
| - bool GetProof(const IPAddress& server_ip,
|
| - const std::string& hostname,
|
| - const std::string& server_config,
|
| - QuicVersion quic_version,
|
| - StringPiece chlo_hash,
|
| - bool ecdsa_ok,
|
| - scoped_refptr<ProofSource::Chain>* out_chain,
|
| - std::string* out_signature,
|
| - std::string* out_leaf_cert_sct) override {
|
| - out_signature->assign(kSignature);
|
| - *out_chain = chain_;
|
| - *out_leaf_cert_sct = kSCT;
|
| - return true;
|
| - }
|
| -
|
| - private:
|
| - scoped_refptr<ProofSource::Chain> chain_;
|
| -
|
| - DISALLOW_COPY_AND_ASSIGN(FakeProofSource);
|
| -};
|
| -
|
| -class FakeProofVerifier : public TestProofVerifierChromium {
|
| - public:
|
| - FakeProofVerifier(
|
| - std::unique_ptr<CertVerifier> cert_verifier,
|
| - std::unique_ptr<TransportSecurityState> transport_security_state,
|
| - std::unique_ptr<CTVerifier> cert_transparency_verifier,
|
| - const std::string& cert_file)
|
| - : TestProofVerifierChromium(std::move(cert_verifier),
|
| - std::move(transport_security_state),
|
| - std::move(cert_transparency_verifier),
|
| - cert_file) {}
|
| - ~FakeProofVerifier() override {}
|
| -
|
| - // ProofVerifier interface
|
| - QuicAsyncStatus VerifyProof(
|
| - const std::string& hostname,
|
| - const uint16_t port,
|
| - const std::string& server_config,
|
| - QuicVersion quic_version,
|
| - StringPiece chlo_hash,
|
| - const std::vector<std::string>& certs,
|
| - const std::string& cert_sct,
|
| - const std::string& signature,
|
| - const ProofVerifyContext* verify_context,
|
| - std::string* error_details,
|
| - std::unique_ptr<ProofVerifyDetails>* verify_details,
|
| - ProofVerifierCallback* callback) override {
|
| - error_details->clear();
|
| - std::unique_ptr<ProofVerifyDetailsChromium> verify_details_chromium(
|
| - new ProofVerifyDetailsChromium);
|
| - DCHECK(!certs.empty());
|
| - // Convert certs to X509Certificate.
|
| - vector<StringPiece> cert_pieces(certs.size());
|
| - for (unsigned i = 0; i < certs.size(); i++) {
|
| - cert_pieces[i] = base::StringPiece(certs[i]);
|
| - }
|
| - scoped_refptr<X509Certificate> x509_cert =
|
| - X509Certificate::CreateFromDERCertChain(cert_pieces);
|
| -
|
| - if (!x509_cert.get()) {
|
| - *error_details = "Failed to create certificate chain";
|
| - verify_details_chromium->cert_verify_result.cert_status =
|
| - CERT_STATUS_INVALID;
|
| - *verify_details = std::move(verify_details_chromium);
|
| - return QUIC_FAILURE;
|
| - }
|
| -
|
| - const ProofVerifyContextChromium* chromium_context =
|
| - reinterpret_cast<const ProofVerifyContextChromium*>(verify_context);
|
| - std::unique_ptr<CertVerifier::Request> cert_verifier_request_;
|
| - TestCompletionCallback test_callback;
|
| - int result = cert_verifier()->Verify(
|
| - x509_cert.get(), hostname, std::string(),
|
| - chromium_context->cert_verify_flags,
|
| - SSLConfigService::GetCRLSet().get(),
|
| - &verify_details_chromium->cert_verify_result, test_callback.callback(),
|
| - &cert_verifier_request_, chromium_context->net_log);
|
| - if (result != OK) {
|
| - std::string error_string = ErrorToString(result);
|
| - *error_details = StringPrintf("Failed to verify certificate chain: %s",
|
| - error_string.c_str());
|
| - verify_details_chromium->cert_verify_result.cert_status =
|
| - CERT_STATUS_INVALID;
|
| - *verify_details = std::move(verify_details_chromium);
|
| - return QUIC_FAILURE;
|
| - }
|
| - if (signature != kSignature) {
|
| - *error_details = "Invalid proof";
|
| - verify_details_chromium->cert_verify_result.cert_status =
|
| - CERT_STATUS_INVALID;
|
| - *verify_details = std::move(verify_details_chromium);
|
| - return QUIC_FAILURE;
|
| - }
|
| - *verify_details = std::move(verify_details_chromium);
|
| - return QUIC_SUCCESS;
|
| - }
|
| -
|
| - private:
|
| - DISALLOW_COPY_AND_ASSIGN(FakeProofVerifier);
|
| -};
|
| -
|
| } // namespace
|
|
|
| // static
|
| ProofSource* CryptoTestUtils::ProofSourceForTesting() {
|
| -#if defined(USE_OPENSSL)
|
| ProofSourceChromium* source = new ProofSourceChromium();
|
| -#else
|
| - FakeProofSource* source = new FakeProofSource();
|
| -#endif
|
| base::FilePath certs_dir = GetTestCertsDirectory();
|
| CHECK(source->Initialize(
|
| certs_dir.AppendASCII("quic_chain.crt"),
|
| @@ -252,15 +106,9 @@ ProofVerifier* ProofVerifierForTestingInternal(bool use_real_proof_verifier) {
|
| std::move(cert_verifier), base::WrapUnique(new TransportSecurityState),
|
| base::WrapUnique(new MultiLogCTVerifier), "quic_root.crt");
|
| }
|
| -#if defined(USE_OPENSSL)
|
| return new TestProofVerifierChromium(
|
| std::move(cert_verifier), base::WrapUnique(new TransportSecurityState),
|
| base::WrapUnique(new MultiLogCTVerifier), "quic_root.crt");
|
| -#else
|
| - return new FakeProofVerifier(
|
| - std::move(cert_verifier), base::WrapUnique(new TransportSecurityState),
|
| - base::WrapUnique(new MultiLogCTVerifier), "quic_root.crt");
|
| -#endif
|
| }
|
|
|
| // static
|
|
|
Chromium Code Reviews
Issue 1882433002:
Removing NSS files and USE_OPENSSL flag (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master