| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/multi_threaded_cert_verifier.h" | 5 #include "net/cert/multi_threaded_cert_verifier.h" |
| 6 | 6 |
| 7 #include <memory> | 7 #include <memory> |
| 8 | 8 |
| 9 #include "base/bind.h" | 9 #include "base/bind.h" |
| 10 #include "base/debug/leak_annotations.h" | 10 #include "base/debug/leak_annotations.h" |
| 11 #include "base/files/file_path.h" | 11 #include "base/files/file_path.h" |
| 12 #include "base/format_macros.h" | 12 #include "base/format_macros.h" |
| 13 #include "base/strings/stringprintf.h" | 13 #include "base/strings/stringprintf.h" |
| 14 #include "net/base/net_errors.h" | 14 #include "net/base/net_errors.h" |
| 15 #include "net/base/test_completion_callback.h" | 15 #include "net/base/test_completion_callback.h" |
| 16 #include "net/base/test_data_directory.h" | 16 #include "net/base/test_data_directory.h" |
| 17 #include "net/cert/cert_trust_anchor_provider.h" | 17 #include "net/cert/cert_trust_anchor_provider.h" |
| 18 #include "net/cert/cert_verifier.h" |
| 18 #include "net/cert/cert_verify_proc.h" | 19 #include "net/cert/cert_verify_proc.h" |
| 19 #include "net/cert/cert_verify_result.h" | 20 #include "net/cert/cert_verify_result.h" |
| 20 #include "net/cert/x509_certificate.h" | 21 #include "net/cert/x509_certificate.h" |
| 21 #include "net/log/net_log.h" | 22 #include "net/log/net_log.h" |
| 22 #include "net/test/cert_test_util.h" | 23 #include "net/test/cert_test_util.h" |
| 23 #include "testing/gmock/include/gmock/gmock.h" | 24 #include "testing/gmock/include/gmock/gmock.h" |
| 24 #include "testing/gtest/include/gtest/gtest.h" | 25 #include "testing/gtest/include/gtest/gtest.h" |
| 25 | 26 |
| 26 using testing::Mock; | 27 using testing::Mock; |
| 27 using testing::ReturnRef; | 28 using testing::ReturnRef; |
| (...skipping 236 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 264 error = verifier_.Verify(test_cert.get(), "www.example.com", std::string(), | 265 error = verifier_.Verify(test_cert.get(), "www.example.com", std::string(), |
| 265 0, NULL, &verify_result, callback.callback(), | 266 0, NULL, &verify_result, callback.callback(), |
| 266 &request, BoundNetLog()); | 267 &request, BoundNetLog()); |
| 267 } | 268 } |
| 268 ASSERT_EQ(ERR_IO_PENDING, error); | 269 ASSERT_EQ(ERR_IO_PENDING, error); |
| 269 EXPECT_TRUE(request); | 270 EXPECT_TRUE(request); |
| 270 request.reset(); | 271 request.reset(); |
| 271 // Destroy |verifier| by going out of scope. | 272 // Destroy |verifier| by going out of scope. |
| 272 } | 273 } |
| 273 | 274 |
| 274 TEST_F(MultiThreadedCertVerifierTest, RequestParamsComparators) { | |
| 275 SHA1HashValue a_key; | |
| 276 memset(a_key.data, 'a', sizeof(a_key.data)); | |
| 277 | |
| 278 SHA1HashValue z_key; | |
| 279 memset(z_key.data, 'z', sizeof(z_key.data)); | |
| 280 | |
| 281 const CertificateList empty_list; | |
| 282 CertificateList test_list; | |
| 283 test_list.push_back( | |
| 284 ImportCertFromFile(GetTestCertsDirectory(), "ok_cert.pem")); | |
| 285 | |
| 286 struct { | |
| 287 // Keys to test | |
| 288 MultiThreadedCertVerifier::RequestParams key1; | |
| 289 MultiThreadedCertVerifier::RequestParams key2; | |
| 290 | |
| 291 // Expectation: | |
| 292 // -1 means key1 is less than key2 | |
| 293 // 0 means key1 equals key2 | |
| 294 // 1 means key1 is greater than key2 | |
| 295 int expected_result; | |
| 296 } tests[] = { | |
| 297 { | |
| 298 // Test for basic equivalence. | |
| 299 MultiThreadedCertVerifier::RequestParams( | |
| 300 a_key, a_key, "www.example.test", std::string(), 0, test_list), | |
| 301 MultiThreadedCertVerifier::RequestParams( | |
| 302 a_key, a_key, "www.example.test", std::string(), 0, test_list), | |
| 303 0, | |
| 304 }, | |
| 305 { | |
| 306 // Test that different certificates but with the same CA and for | |
| 307 // the same host are different validation keys. | |
| 308 MultiThreadedCertVerifier::RequestParams( | |
| 309 a_key, a_key, "www.example.test", std::string(), 0, test_list), | |
| 310 MultiThreadedCertVerifier::RequestParams( | |
| 311 z_key, a_key, "www.example.test", std::string(), 0, test_list), | |
| 312 -1, | |
| 313 }, | |
| 314 { | |
| 315 // Test that the same EE certificate for the same host, but with | |
| 316 // different chains are different validation keys. | |
| 317 MultiThreadedCertVerifier::RequestParams( | |
| 318 a_key, z_key, "www.example.test", std::string(), 0, test_list), | |
| 319 MultiThreadedCertVerifier::RequestParams( | |
| 320 a_key, a_key, "www.example.test", std::string(), 0, test_list), | |
| 321 1, | |
| 322 }, | |
| 323 { | |
| 324 // The same certificate, with the same chain, but for different | |
| 325 // hosts are different validation keys. | |
| 326 MultiThreadedCertVerifier::RequestParams( | |
| 327 a_key, a_key, "www1.example.test", std::string(), 0, test_list), | |
| 328 MultiThreadedCertVerifier::RequestParams( | |
| 329 a_key, a_key, "www2.example.test", std::string(), 0, test_list), | |
| 330 -1, | |
| 331 }, | |
| 332 { | |
| 333 // The same certificate, chain, and host, but with different flags | |
| 334 // are different validation keys. | |
| 335 MultiThreadedCertVerifier::RequestParams( | |
| 336 a_key, a_key, "www.example.test", std::string(), | |
| 337 CertVerifier::VERIFY_EV_CERT, test_list), | |
| 338 MultiThreadedCertVerifier::RequestParams( | |
| 339 a_key, a_key, "www.example.test", std::string(), 0, test_list), | |
| 340 1, | |
| 341 }, | |
| 342 { | |
| 343 // Different additional_trust_anchors. | |
| 344 MultiThreadedCertVerifier::RequestParams( | |
| 345 a_key, a_key, "www.example.test", std::string(), 0, empty_list), | |
| 346 MultiThreadedCertVerifier::RequestParams( | |
| 347 a_key, a_key, "www.example.test", std::string(), 0, test_list), | |
| 348 -1, | |
| 349 }, | |
| 350 { | |
| 351 // Different OCSP responses. | |
| 352 MultiThreadedCertVerifier::RequestParams( | |
| 353 a_key, a_key, "www.example.test", "ocsp response", 0, test_list), | |
| 354 MultiThreadedCertVerifier::RequestParams( | |
| 355 a_key, a_key, "www.example.test", std::string(), 0, test_list), | |
| 356 -1, | |
| 357 }, | |
| 358 }; | |
| 359 for (size_t i = 0; i < arraysize(tests); ++i) { | |
| 360 SCOPED_TRACE(base::StringPrintf("Test[%" PRIuS "]", i)); | |
| 361 | |
| 362 const MultiThreadedCertVerifier::RequestParams& key1 = tests[i].key1; | |
| 363 const MultiThreadedCertVerifier::RequestParams& key2 = tests[i].key2; | |
| 364 | |
| 365 switch (tests[i].expected_result) { | |
| 366 case -1: | |
| 367 EXPECT_TRUE(key1 < key2); | |
| 368 EXPECT_FALSE(key2 < key1); | |
| 369 break; | |
| 370 case 0: | |
| 371 EXPECT_FALSE(key1 < key2); | |
| 372 EXPECT_FALSE(key2 < key1); | |
| 373 break; | |
| 374 case 1: | |
| 375 EXPECT_FALSE(key1 < key2); | |
| 376 EXPECT_TRUE(key2 < key1); | |
| 377 break; | |
| 378 default: | |
| 379 FAIL() << "Invalid expectation. Can be only -1, 0, 1"; | |
| 380 } | |
| 381 } | |
| 382 } | |
| 383 | |
| 384 TEST_F(MultiThreadedCertVerifierTest, CertTrustAnchorProvider) { | 275 TEST_F(MultiThreadedCertVerifierTest, CertTrustAnchorProvider) { |
| 385 MockCertTrustAnchorProvider trust_provider; | 276 MockCertTrustAnchorProvider trust_provider; |
| 386 verifier_.SetCertTrustAnchorProvider(&trust_provider); | 277 verifier_.SetCertTrustAnchorProvider(&trust_provider); |
| 387 | 278 |
| 388 scoped_refptr<X509Certificate> test_cert( | 279 scoped_refptr<X509Certificate> test_cert( |
| 389 ImportCertFromFile(GetTestCertsDirectory(), "ok_cert.pem")); | 280 ImportCertFromFile(GetTestCertsDirectory(), "ok_cert.pem")); |
| 390 ASSERT_TRUE(test_cert.get()); | 281 ASSERT_TRUE(test_cert.get()); |
| 391 | 282 |
| 392 const CertificateList empty_cert_list; | 283 const CertificateList empty_cert_list; |
| 393 CertificateList cert_list; | 284 CertificateList cert_list; |
| (...skipping 114 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 508 error = callback4.WaitForResult(); | 399 error = callback4.WaitForResult(); |
| 509 ASSERT_TRUE(IsCertificateError(error)); | 400 ASSERT_TRUE(IsCertificateError(error)); |
| 510 | 401 |
| 511 // Let the other requests automatically cancel. | 402 // Let the other requests automatically cancel. |
| 512 ASSERT_EQ(5u, verifier_.requests()); | 403 ASSERT_EQ(5u, verifier_.requests()); |
| 513 ASSERT_EQ(0u, verifier_.cache_hits()); | 404 ASSERT_EQ(0u, verifier_.cache_hits()); |
| 514 ASSERT_EQ(2u, verifier_.inflight_joins()); | 405 ASSERT_EQ(2u, verifier_.inflight_joins()); |
| 515 } | 406 } |
| 516 | 407 |
| 517 } // namespace net | 408 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1987113002:
Introduce CertVerifier::RequestParams (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master