| OLD | NEW |
|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "base/files/file_path.h" | 5 #include "base/files/file_path.h" |
| 6 #include "net/base/net_errors.h" | 6 #include "net/base/net_errors.h" |
| 7 #include "net/base/test_completion_callback.h" | 7 #include "net/base/test_completion_callback.h" |
| 8 #include "net/base/test_data_directory.h" | 8 #include "net/base/test_data_directory.h" |
| 9 #include "net/cert/cert_status_flags.h" | 9 #include "net/cert/cert_status_flags.h" |
| 10 #include "net/cert/cert_verify_result.h" | 10 #include "net/cert/cert_verify_result.h" |
| (...skipping 70 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 81 } | 81 } |
| 82 rv = verifier->VerifyProof("foo.com", server_config, wrong_certs, signature, | 82 rv = verifier->VerifyProof("foo.com", server_config, wrong_certs, signature, |
| 83 &error_details, &cert_verify_result, | 83 &error_details, &cert_verify_result, |
| 84 callback.callback()); | 84 callback.callback()); |
| 85 rv = callback.GetResult(rv); | 85 rv = callback.GetResult(rv); |
| 86 ASSERT_EQ(ERR_FAILED, rv); | 86 ASSERT_EQ(ERR_FAILED, rv); |
| 87 ASSERT_NE("", error_details); | 87 ASSERT_NE("", error_details); |
| 88 #endif // 0 | 88 #endif // 0 |
| 89 } | 89 } |
| 90 | 90 |
| 91 // TestProofVerifierCallback is a simple callback for a ProofVerifier that |
| 92 // signals a TestCompletionCallback when called and stores the results from the |
| 93 // ProofVerifier in pointers passed to the constructor. |
| 94 class TestProofVerifierCallback : public ProofVerifierCallback { |
| 95 public: |
| 96 TestProofVerifierCallback(TestCompletionCallback* comp_callback, |
| 97 bool* ok, |
| 98 std::string* error_details) |
| 99 : comp_callback_(comp_callback), |
| 100 ok_(ok), |
| 101 error_details_(error_details) {} |
| 102 |
| 103 void Run(bool ok, std::string* error_details, ProofVerifyDetails* details) { |
| 104 *ok_ = ok; |
| 105 *error_details_ = *error_details; |
| 106 delete details; |
| 107 |
| 108 comp_callback_->callback().Run(0); |
| 109 } |
| 110 |
| 111 private: |
| 112 TestCompletionCallback* const comp_callback_; |
| 113 bool* const ok_; |
| 114 std::string* const error_details_; |
| 115 }; |
| 116 |
| 117 // RunVerification runs |verifier->VerifyProof| and asserts that the result |
| 118 // matches |expected_ok|. |
| 119 static void RunVerification(ProofVerifier* verifier, |
| 120 const std::string& hostname, |
| 121 const std::string& server_config, |
| 122 const vector<std::string>& certs, |
| 123 const std::string& proof, |
| 124 bool expected_ok) { |
| 125 scoped_ptr<ProofVerifyDetails> details; |
| 126 TestCompletionCallback comp_callback; |
| 127 bool ok; |
| 128 std::string error_details; |
| 129 TestProofVerifierCallback* callback = |
| 130 new TestProofVerifierCallback(&comp_callback, &ok, &error_details); |
| 131 |
| 132 ProofVerifier::Status status = verifier->VerifyProof( |
| 133 hostname, server_config, certs, proof, &error_details, &details, |
| 134 callback); |
| 135 |
| 136 switch (status) { |
| 137 case ProofVerifier::ERROR: |
| 138 ASSERT_FALSE(expected_ok); |
| 139 ASSERT_NE("", error_details); |
| 140 return; |
| 141 case ProofVerifier::OK: |
| 142 ASSERT_TRUE(expected_ok); |
| 143 ASSERT_EQ("", error_details); |
| 144 return; |
| 145 case ProofVerifier::PENDING: |
| 146 comp_callback.WaitForResult(); |
| 147 ASSERT_EQ(expected_ok, ok); |
| 148 break; |
| 149 } |
| 150 } |
| 151 |
| 91 static string PEMCertFileToDER(const string& file_name) { | 152 static string PEMCertFileToDER(const string& file_name) { |
| 92 base::FilePath certs_dir = GetTestCertsDirectory(); | 153 base::FilePath certs_dir = GetTestCertsDirectory(); |
| 93 scoped_refptr<X509Certificate> cert = | 154 scoped_refptr<X509Certificate> cert = |
| 94 ImportCertFromFile(certs_dir, file_name); | 155 ImportCertFromFile(certs_dir, file_name); |
| 95 CHECK_NE(static_cast<X509Certificate*>(NULL), cert); | 156 CHECK_NE(static_cast<X509Certificate*>(NULL), cert); |
| 96 | 157 |
| 97 string der_bytes; | 158 string der_bytes; |
| 98 CHECK(X509Certificate::GetDEREncoded(cert->os_cert_handle(), &der_bytes)); | 159 CHECK(X509Certificate::GetDEREncoded(cert->os_cert_handle(), &der_bytes)); |
| 99 return der_bytes; | 160 return der_bytes; |
| 100 } | 161 } |
| (...skipping 118 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 219 vector<string> signatures(3); | 280 vector<string> signatures(3); |
| 220 signatures[0].assign(reinterpret_cast<const char*>(signature_data_0), | 281 signatures[0].assign(reinterpret_cast<const char*>(signature_data_0), |
| 221 sizeof(signature_data_0)); | 282 sizeof(signature_data_0)); |
| 222 signatures[1].assign(reinterpret_cast<const char*>(signature_data_1), | 283 signatures[1].assign(reinterpret_cast<const char*>(signature_data_1), |
| 223 sizeof(signature_data_1)); | 284 sizeof(signature_data_1)); |
| 224 signatures[2].assign(reinterpret_cast<const char*>(signature_data_2), | 285 signatures[2].assign(reinterpret_cast<const char*>(signature_data_2), |
| 225 sizeof(signature_data_2)); | 286 sizeof(signature_data_2)); |
| 226 | 287 |
| 227 for (size_t i = 0; i < signatures.size(); i++) { | 288 for (size_t i = 0; i < signatures.size(); i++) { |
| 228 const string& signature = signatures[i]; | 289 const string& signature = signatures[i]; |
| 229 int rv; | |
| 230 TestCompletionCallback callback; | |
| 231 rv = verifier->VerifyProof(hostname, server_config, certs, signature, | |
| 232 &error_details, &cert_verify_result, | |
| 233 callback.callback()); | |
| 234 rv = callback.GetResult(rv); | |
| 235 ASSERT_EQ(OK, rv); | |
| 236 ASSERT_EQ("", error_details); | |
| 237 ASSERT_FALSE(IsCertStatusError(cert_verify_result.cert_status)); | |
| 238 | 290 |
| 239 rv = verifier->VerifyProof("foo.com", server_config, certs, signature, | 291 RunVerification( |
| 240 &error_details, &cert_verify_result, | 292 verifier.get(), hostname, server_config, certs, signature, true); |
| 241 callback.callback()); | 293 RunVerification( |
| 242 rv = callback.GetResult(rv); | 294 verifier.get(), "foo.com", server_config, certs, signature, false); |
| 243 ASSERT_EQ(ERR_FAILED, rv); | 295 RunVerification( |
| 244 ASSERT_NE("", error_details); | 296 verifier.get(), hostname, server_config.substr(1, string::npos), |
| 245 | 297 certs, signature, false); |
| 246 rv = verifier->VerifyProof(hostname, server_config.substr(1, string::npos), | |
| 247 certs, signature, &error_details, | |
| 248 &cert_verify_result, callback.callback()); | |
| 249 rv = callback.GetResult(rv); | |
| 250 ASSERT_EQ(ERR_FAILED, rv); | |
| 251 ASSERT_NE("", error_details); | |
| 252 | 298 |
| 253 const string corrupt_signature = "1" + signature; | 299 const string corrupt_signature = "1" + signature; |
| 254 rv = verifier->VerifyProof(hostname, server_config, certs, | 300 RunVerification( |
| 255 corrupt_signature, &error_details, | 301 verifier.get(), hostname, server_config, certs, corrupt_signature, |
| 256 &cert_verify_result, callback.callback()); | 302 false); |
| 257 rv = callback.GetResult(rv); | |
| 258 ASSERT_EQ(ERR_FAILED, rv); | |
| 259 ASSERT_NE("", error_details); | |
| 260 | 303 |
| 261 vector<string> wrong_certs; | 304 vector<string> wrong_certs; |
| 262 for (size_t i = 1; i < certs.size(); i++) { | 305 for (size_t i = 1; i < certs.size(); i++) { |
| 263 wrong_certs.push_back(certs[i]); | 306 wrong_certs.push_back(certs[i]); |
| 264 } | 307 } |
| 265 rv = verifier->VerifyProof("foo.com", server_config, wrong_certs, signature, | 308 RunVerification(verifier.get(), hostname, server_config, wrong_certs, |
| 266 &error_details, &cert_verify_result, | 309 signature, false); |
| 267 callback.callback()); | |
| 268 rv = callback.GetResult(rv); | |
| 269 ASSERT_EQ(ERR_FAILED, rv); | |
| 270 ASSERT_NE("", error_details); | |
| 271 } | 310 } |
| 272 } | 311 } |
| 273 | 312 |
| 274 // A known answer test that allows us to test ProofVerifier without a working | 313 // A known answer test that allows us to test ProofVerifier without a working |
| 275 // ProofSource. | 314 // ProofSource. |
| 276 // TODO(rtenneti): Enable VerifyECDSAKnownAnswerTest on Windows. Disabled this | 315 // TODO(rtenneti): Enable VerifyECDSAKnownAnswerTest on Windows. Disabled this |
| 277 // test because X509Certificate::GetPublicKeyInfo is not returning the correct | 316 // test because X509Certificate::GetPublicKeyInfo is not returning the correct |
| 278 // type for ECDSA certificates. | 317 // type for ECDSA certificates. |
| 279 #if defined(OS_WIN) | 318 #if defined(OS_WIN) |
| 280 #define MAYBE_VerifyECDSAKnownAnswerTest DISABLED_VerifyECDSAKnownAnswerTest | 319 #define MAYBE_VerifyECDSAKnownAnswerTest DISABLED_VerifyECDSAKnownAnswerTest |
| (...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 332 vector<string> signatures(3); | 371 vector<string> signatures(3); |
| 333 signatures[0].assign(reinterpret_cast<const char*>(signature_data_0), | 372 signatures[0].assign(reinterpret_cast<const char*>(signature_data_0), |
| 334 sizeof(signature_data_0)); | 373 sizeof(signature_data_0)); |
| 335 signatures[1].assign(reinterpret_cast<const char*>(signature_data_1), | 374 signatures[1].assign(reinterpret_cast<const char*>(signature_data_1), |
| 336 sizeof(signature_data_1)); | 375 sizeof(signature_data_1)); |
| 337 signatures[2].assign(reinterpret_cast<const char*>(signature_data_2), | 376 signatures[2].assign(reinterpret_cast<const char*>(signature_data_2), |
| 338 sizeof(signature_data_2)); | 377 sizeof(signature_data_2)); |
| 339 | 378 |
| 340 for (size_t i = 0; i < signatures.size(); i++) { | 379 for (size_t i = 0; i < signatures.size(); i++) { |
| 341 const string& signature = signatures[i]; | 380 const string& signature = signatures[i]; |
| 342 int rv; | |
| 343 TestCompletionCallback callback; | |
| 344 rv = verifier->VerifyProof(hostname, server_config, certs, signature, | |
| 345 &error_details, &cert_verify_result, | |
| 346 callback.callback()); | |
| 347 rv = callback.GetResult(rv); | |
| 348 ASSERT_EQ(OK, rv); | |
| 349 ASSERT_EQ("", error_details); | |
| 350 ASSERT_FALSE(IsCertStatusError(cert_verify_result.cert_status)); | |
| 351 | 381 |
| 352 rv = verifier->VerifyProof("foo.com", server_config, certs, signature, | 382 RunVerification( |
| 353 &error_details, &cert_verify_result, | 383 verifier.get(), hostname, server_config, certs, signature, true); |
| 354 callback.callback()); | 384 RunVerification( |
| 355 rv = callback.GetResult(rv); | 385 verifier.get(), "foo.com", server_config, certs, signature, false); |
| 356 ASSERT_EQ(ERR_FAILED, rv); | 386 RunVerification( |
| 357 ASSERT_NE("", error_details); | 387 verifier.get(), hostname, server_config.substr(1, string::npos), |
| 358 | 388 certs, signature, false); |
| 359 rv = verifier->VerifyProof(hostname, server_config.substr(1, string::npos), | |
| 360 certs, signature, &error_details, | |
| 361 &cert_verify_result, callback.callback()); | |
| 362 rv = callback.GetResult(rv); | |
| 363 ASSERT_EQ(ERR_FAILED, rv); | |
| 364 ASSERT_NE("", error_details); | |
| 365 | 389 |
| 366 // An ECDSA signature is DER-encoded. Corrupt the last byte so that the | 390 // An ECDSA signature is DER-encoded. Corrupt the last byte so that the |
| 367 // signature can still be DER-decoded correctly. | 391 // signature can still be DER-decoded correctly. |
| 368 string corrupt_signature = signature; | 392 string corrupt_signature = signature; |
| 369 corrupt_signature[corrupt_signature.size() - 1] += 1; | 393 corrupt_signature[corrupt_signature.size() - 1] += 1; |
| 370 rv = verifier->VerifyProof(hostname, server_config, certs, | 394 RunVerification( |
| 371 corrupt_signature, &error_details, | 395 verifier.get(), hostname, server_config, certs, corrupt_signature, |
| 372 &cert_verify_result, callback.callback()); | 396 false); |
| 373 rv = callback.GetResult(rv); | |
| 374 ASSERT_EQ(ERR_FAILED, rv); | |
| 375 ASSERT_NE("", error_details); | |
| 376 | 397 |
| 377 // Prepending a "1" makes the DER invalid. | 398 // Prepending a "1" makes the DER invalid. |
| 378 const string bad_der_signature1 = "1" + signature; | 399 const string bad_der_signature1 = "1" + signature; |
| 379 rv = verifier->VerifyProof(hostname, server_config, certs, | 400 RunVerification( |
| 380 bad_der_signature1, &error_details, | 401 verifier.get(), hostname, server_config, certs, bad_der_signature1, |
| 381 &cert_verify_result, callback.callback()); | 402 false); |
| 382 rv = callback.GetResult(rv); | |
| 383 ASSERT_EQ(ERR_FAILED, rv); | |
| 384 ASSERT_NE("", error_details); | |
| 385 | 403 |
| 386 vector<string> wrong_certs; | 404 vector<string> wrong_certs; |
| 387 for (size_t i = 1; i < certs.size(); i++) { | 405 for (size_t i = 1; i < certs.size(); i++) { |
| 388 wrong_certs.push_back(certs[i]); | 406 wrong_certs.push_back(certs[i]); |
| 389 } | 407 } |
| 390 rv = verifier->VerifyProof("foo.com", server_config, wrong_certs, signature, | 408 RunVerification( |
| 391 &error_details, &cert_verify_result, | 409 verifier.get(), hostname, server_config, wrong_certs, signature, false); |
| 392 callback.callback()); | |
| 393 rv = callback.GetResult(rv); | |
| 394 ASSERT_EQ(ERR_FAILED, rv); | |
| 395 ASSERT_NE("", error_details); | |
| 396 } | 410 } |
| 397 } | 411 } |
| 398 | 412 |
| 399 } // namespace test | 413 } // namespace test |
| 400 } // namespace net | 414 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 20047002:
net: make QUIC ProofVerifier more generic. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src