OLD | NEW |
---|---|
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "base/files/file_path.h" | 5 #include "base/files/file_path.h" |
6 #include "net/base/net_errors.h" | 6 #include "net/base/net_errors.h" |
7 #include "net/base/test_completion_callback.h" | 7 #include "net/base/test_completion_callback.h" |
8 #include "net/base/test_data_directory.h" | 8 #include "net/base/test_data_directory.h" |
9 #include "net/cert/cert_status_flags.h" | 9 #include "net/cert/cert_status_flags.h" |
10 #include "net/cert/cert_verify_result.h" | 10 #include "net/cert/cert_verify_result.h" |
(...skipping 70 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
81 } | 81 } |
82 rv = verifier->VerifyProof("foo.com", server_config, wrong_certs, signature, | 82 rv = verifier->VerifyProof("foo.com", server_config, wrong_certs, signature, |
83 &error_details, &cert_verify_result, | 83 &error_details, &cert_verify_result, |
84 callback.callback()); | 84 callback.callback()); |
85 rv = callback.GetResult(rv); | 85 rv = callback.GetResult(rv); |
86 ASSERT_EQ(ERR_FAILED, rv); | 86 ASSERT_EQ(ERR_FAILED, rv); |
87 ASSERT_NE("", error_details); | 87 ASSERT_NE("", error_details); |
88 #endif // 0 | 88 #endif // 0 |
89 } | 89 } |
90 | 90 |
91 // TestProofVerifierCallback is a simple callback for a ProofVerifier that | |
92 // signals a TestCompletionCallback when called and stores the results from the | |
93 // ProofVerifier in pointers passed to the constructor. | |
94 class TestProofVerifierCallback : public ProofVerifierCallback { | |
95 public: | |
96 TestProofVerifierCallback(TestCompletionCallback* comp_callback, | |
97 bool* ok, | |
98 std::string* error_details) | |
99 : comp_callback_(comp_callback), | |
100 ok_(ok), | |
101 error_details_(error_details) {} | |
102 | |
103 virtual void Run(bool ok, | |
104 const std::string& error_details, | |
105 scoped_ptr<ProofVerifyDetails>* details) OVERRIDE { | |
106 *ok_ = ok; | |
107 *error_details_ = error_details; | |
108 | |
109 comp_callback_->callback().Run(0); | |
110 } | |
111 | |
112 private: | |
113 TestCompletionCallback* const comp_callback_; | |
114 bool* const ok_; | |
115 std::string* const error_details_; | |
116 }; | |
117 | |
118 // RunVerification runs |verifier->VerifyProof| and asserts that the result | |
119 // matches |expected_ok|. | |
120 static void RunVerification(ProofVerifier* verifier, | |
121 const std::string& hostname, | |
122 const std::string& server_config, | |
123 const vector<std::string>& certs, | |
124 const std::string& proof, | |
125 bool expected_ok) { | |
126 scoped_ptr<ProofVerifyDetails> details; | |
127 TestCompletionCallback comp_callback; | |
128 bool ok; | |
129 std::string error_details; | |
130 TestProofVerifierCallback* callback = | |
131 new TestProofVerifierCallback(&comp_callback, &ok, &error_details); | |
132 | |
133 ProofVerifier::Status status = verifier->VerifyProof( | |
134 hostname, server_config, certs, proof, &error_details, &details, | |
135 callback); | |
136 | |
137 switch (status) { | |
138 case ProofVerifier::FAILURE: | |
139 ASSERT_FALSE(expected_ok); | |
140 ASSERT_NE("", error_details); | |
141 return; | |
142 case ProofVerifier::SUCCESS: | |
143 ASSERT_TRUE(expected_ok); | |
144 ASSERT_EQ("", error_details); | |
145 return; | |
146 case ProofVerifier::PENDING: | |
147 comp_callback.WaitForResult(); | |
148 ASSERT_EQ(expected_ok, ok); | |
149 break; | |
150 } | |
151 } | |
152 | |
91 static string PEMCertFileToDER(const string& file_name) { | 153 static string PEMCertFileToDER(const string& file_name) { |
92 base::FilePath certs_dir = GetTestCertsDirectory(); | 154 base::FilePath certs_dir = GetTestCertsDirectory(); |
93 scoped_refptr<X509Certificate> cert = | 155 scoped_refptr<X509Certificate> cert = |
94 ImportCertFromFile(certs_dir, file_name); | 156 ImportCertFromFile(certs_dir, file_name); |
95 CHECK_NE(static_cast<X509Certificate*>(NULL), cert); | 157 CHECK_NE(static_cast<X509Certificate*>(NULL), cert); |
96 | 158 |
97 string der_bytes; | 159 string der_bytes; |
98 CHECK(X509Certificate::GetDEREncoded(cert->os_cert_handle(), &der_bytes)); | 160 CHECK(X509Certificate::GetDEREncoded(cert->os_cert_handle(), &der_bytes)); |
99 return der_bytes; | 161 return der_bytes; |
100 } | 162 } |
(...skipping 118 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
219 vector<string> signatures(3); | 281 vector<string> signatures(3); |
220 signatures[0].assign(reinterpret_cast<const char*>(signature_data_0), | 282 signatures[0].assign(reinterpret_cast<const char*>(signature_data_0), |
221 sizeof(signature_data_0)); | 283 sizeof(signature_data_0)); |
222 signatures[1].assign(reinterpret_cast<const char*>(signature_data_1), | 284 signatures[1].assign(reinterpret_cast<const char*>(signature_data_1), |
223 sizeof(signature_data_1)); | 285 sizeof(signature_data_1)); |
224 signatures[2].assign(reinterpret_cast<const char*>(signature_data_2), | 286 signatures[2].assign(reinterpret_cast<const char*>(signature_data_2), |
225 sizeof(signature_data_2)); | 287 sizeof(signature_data_2)); |
226 | 288 |
227 for (size_t i = 0; i < signatures.size(); i++) { | 289 for (size_t i = 0; i < signatures.size(); i++) { |
228 const string& signature = signatures[i]; | 290 const string& signature = signatures[i]; |
229 int rv; | |
230 TestCompletionCallback callback; | |
231 rv = verifier->VerifyProof(hostname, server_config, certs, signature, | |
232 &error_details, &cert_verify_result, | |
233 callback.callback()); | |
234 rv = callback.GetResult(rv); | |
235 ASSERT_EQ(OK, rv); | |
236 ASSERT_EQ("", error_details); | |
237 ASSERT_FALSE(IsCertStatusError(cert_verify_result.cert_status)); | |
238 | 291 |
239 rv = verifier->VerifyProof("foo.com", server_config, certs, signature, | 292 RunVerification( |
240 &error_details, &cert_verify_result, | 293 verifier.get(), hostname, server_config, certs, signature, true); |
ramant (doing other things)
2013/07/29 17:04:24
nit: I was shy to ask this before. Is it good to t
| |
241 callback.callback()); | 294 RunVerification( |
242 rv = callback.GetResult(rv); | 295 verifier.get(), "foo.com", server_config, certs, signature, false); |
243 ASSERT_EQ(ERR_FAILED, rv); | 296 RunVerification( |
244 ASSERT_NE("", error_details); | 297 verifier.get(), hostname, server_config.substr(1, string::npos), |
245 | 298 certs, signature, false); |
246 rv = verifier->VerifyProof(hostname, server_config.substr(1, string::npos), | |
247 certs, signature, &error_details, | |
248 &cert_verify_result, callback.callback()); | |
249 rv = callback.GetResult(rv); | |
250 ASSERT_EQ(ERR_FAILED, rv); | |
251 ASSERT_NE("", error_details); | |
252 | 299 |
253 const string corrupt_signature = "1" + signature; | 300 const string corrupt_signature = "1" + signature; |
254 rv = verifier->VerifyProof(hostname, server_config, certs, | 301 RunVerification( |
255 corrupt_signature, &error_details, | 302 verifier.get(), hostname, server_config, certs, corrupt_signature, |
256 &cert_verify_result, callback.callback()); | 303 false); |
257 rv = callback.GetResult(rv); | |
258 ASSERT_EQ(ERR_FAILED, rv); | |
259 ASSERT_NE("", error_details); | |
260 | 304 |
261 vector<string> wrong_certs; | 305 vector<string> wrong_certs; |
262 for (size_t i = 1; i < certs.size(); i++) { | 306 for (size_t i = 1; i < certs.size(); i++) { |
263 wrong_certs.push_back(certs[i]); | 307 wrong_certs.push_back(certs[i]); |
264 } | 308 } |
265 rv = verifier->VerifyProof("foo.com", server_config, wrong_certs, signature, | 309 RunVerification(verifier.get(), hostname, server_config, wrong_certs, |
266 &error_details, &cert_verify_result, | 310 signature, false); |
267 callback.callback()); | |
268 rv = callback.GetResult(rv); | |
269 ASSERT_EQ(ERR_FAILED, rv); | |
270 ASSERT_NE("", error_details); | |
271 } | 311 } |
272 } | 312 } |
273 | 313 |
274 // A known answer test that allows us to test ProofVerifier without a working | 314 // A known answer test that allows us to test ProofVerifier without a working |
275 // ProofSource. | 315 // ProofSource. |
276 // TODO(rtenneti): Enable VerifyECDSAKnownAnswerTest on Windows. Disabled this | 316 // TODO(rtenneti): Enable VerifyECDSAKnownAnswerTest on Windows. Disabled this |
277 // test because X509Certificate::GetPublicKeyInfo is not returning the correct | 317 // test because X509Certificate::GetPublicKeyInfo is not returning the correct |
278 // type for ECDSA certificates. | 318 // type for ECDSA certificates. |
279 #if defined(OS_WIN) | 319 #if defined(OS_WIN) |
280 #define MAYBE_VerifyECDSAKnownAnswerTest DISABLED_VerifyECDSAKnownAnswerTest | 320 #define MAYBE_VerifyECDSAKnownAnswerTest DISABLED_VerifyECDSAKnownAnswerTest |
(...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
332 vector<string> signatures(3); | 372 vector<string> signatures(3); |
333 signatures[0].assign(reinterpret_cast<const char*>(signature_data_0), | 373 signatures[0].assign(reinterpret_cast<const char*>(signature_data_0), |
334 sizeof(signature_data_0)); | 374 sizeof(signature_data_0)); |
335 signatures[1].assign(reinterpret_cast<const char*>(signature_data_1), | 375 signatures[1].assign(reinterpret_cast<const char*>(signature_data_1), |
336 sizeof(signature_data_1)); | 376 sizeof(signature_data_1)); |
337 signatures[2].assign(reinterpret_cast<const char*>(signature_data_2), | 377 signatures[2].assign(reinterpret_cast<const char*>(signature_data_2), |
338 sizeof(signature_data_2)); | 378 sizeof(signature_data_2)); |
339 | 379 |
340 for (size_t i = 0; i < signatures.size(); i++) { | 380 for (size_t i = 0; i < signatures.size(); i++) { |
341 const string& signature = signatures[i]; | 381 const string& signature = signatures[i]; |
342 int rv; | |
343 TestCompletionCallback callback; | |
344 rv = verifier->VerifyProof(hostname, server_config, certs, signature, | |
345 &error_details, &cert_verify_result, | |
346 callback.callback()); | |
347 rv = callback.GetResult(rv); | |
348 ASSERT_EQ(OK, rv); | |
349 ASSERT_EQ("", error_details); | |
350 ASSERT_FALSE(IsCertStatusError(cert_verify_result.cert_status)); | |
351 | 382 |
352 rv = verifier->VerifyProof("foo.com", server_config, certs, signature, | 383 RunVerification( |
353 &error_details, &cert_verify_result, | 384 verifier.get(), hostname, server_config, certs, signature, true); |
354 callback.callback()); | 385 RunVerification( |
355 rv = callback.GetResult(rv); | 386 verifier.get(), "foo.com", server_config, certs, signature, false); |
356 ASSERT_EQ(ERR_FAILED, rv); | 387 RunVerification( |
357 ASSERT_NE("", error_details); | 388 verifier.get(), hostname, server_config.substr(1, string::npos), |
358 | 389 certs, signature, false); |
359 rv = verifier->VerifyProof(hostname, server_config.substr(1, string::npos), | |
360 certs, signature, &error_details, | |
361 &cert_verify_result, callback.callback()); | |
362 rv = callback.GetResult(rv); | |
363 ASSERT_EQ(ERR_FAILED, rv); | |
364 ASSERT_NE("", error_details); | |
365 | 390 |
366 // An ECDSA signature is DER-encoded. Corrupt the last byte so that the | 391 // An ECDSA signature is DER-encoded. Corrupt the last byte so that the |
367 // signature can still be DER-decoded correctly. | 392 // signature can still be DER-decoded correctly. |
368 string corrupt_signature = signature; | 393 string corrupt_signature = signature; |
369 corrupt_signature[corrupt_signature.size() - 1] += 1; | 394 corrupt_signature[corrupt_signature.size() - 1] += 1; |
370 rv = verifier->VerifyProof(hostname, server_config, certs, | 395 RunVerification( |
371 corrupt_signature, &error_details, | 396 verifier.get(), hostname, server_config, certs, corrupt_signature, |
372 &cert_verify_result, callback.callback()); | 397 false); |
373 rv = callback.GetResult(rv); | |
374 ASSERT_EQ(ERR_FAILED, rv); | |
375 ASSERT_NE("", error_details); | |
376 | 398 |
377 // Prepending a "1" makes the DER invalid. | 399 // Prepending a "1" makes the DER invalid. |
378 const string bad_der_signature1 = "1" + signature; | 400 const string bad_der_signature1 = "1" + signature; |
379 rv = verifier->VerifyProof(hostname, server_config, certs, | 401 RunVerification( |
380 bad_der_signature1, &error_details, | 402 verifier.get(), hostname, server_config, certs, bad_der_signature1, |
381 &cert_verify_result, callback.callback()); | 403 false); |
382 rv = callback.GetResult(rv); | |
383 ASSERT_EQ(ERR_FAILED, rv); | |
384 ASSERT_NE("", error_details); | |
385 | 404 |
386 vector<string> wrong_certs; | 405 vector<string> wrong_certs; |
387 for (size_t i = 1; i < certs.size(); i++) { | 406 for (size_t i = 1; i < certs.size(); i++) { |
388 wrong_certs.push_back(certs[i]); | 407 wrong_certs.push_back(certs[i]); |
389 } | 408 } |
390 rv = verifier->VerifyProof("foo.com", server_config, wrong_certs, signature, | 409 RunVerification( |
391 &error_details, &cert_verify_result, | 410 verifier.get(), hostname, server_config, wrong_certs, signature, false); |
392 callback.callback()); | |
393 rv = callback.GetResult(rv); | |
394 ASSERT_EQ(ERR_FAILED, rv); | |
395 ASSERT_NE("", error_details); | |
396 } | 411 } |
397 } | 412 } |
398 | 413 |
399 } // namespace test | 414 } // namespace test |
400 } // namespace net | 415 } // namespace net |
OLD | NEW |