Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(194)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/quic/crypto/proof_verifier_chromium_test.cc

Issue 2016143002: Expose when PKP is bypassed in SSLInfo. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: optional nits Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« net/http/transport_security_state.cc ('K') | « net/quic/crypto/proof_verifier_chromium.cc ('k') | net/quic/quic_chromium_client_session.cc » ('j') | net/socket/ssl_client_socket_unittest.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 The Chromium Authors. All rights reserved. 1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/quic/crypto/proof_verifier_chromium.h" 5 #include "net/quic/crypto/proof_verifier_chromium.h"
6 6
7 #include "base/memory/ref_counted.h" 7 #include "base/memory/ref_counted.h"
8 #include "net/base/net_errors.h" 8 #include "net/base/net_errors.h"
9 #include "net/base/test_data_directory.h" 9 #include "net/base/test_data_directory.h"
10 #include "net/cert/cert_status_flags.h" 10 #include "net/cert/cert_status_flags.h"
(...skipping 391 matching lines...) Expand 10 before | Expand all | Expand 10 after
402 GetTestSignature(), verify_context_.get(), &error_details_, &details_, 402 GetTestSignature(), verify_context_.get(), &error_details_, &details_,
403 callback.get()); 403 callback.get());
404 ASSERT_EQ(QUIC_SUCCESS, status); 404 ASSERT_EQ(QUIC_SUCCESS, status);
405 405
406 ASSERT_TRUE(details_.get()); 406 ASSERT_TRUE(details_.get());
407 ProofVerifyDetailsChromium* verify_details = 407 ProofVerifyDetailsChromium* verify_details =
408 static_cast<ProofVerifyDetailsChromium*>(details_.get()); 408 static_cast<ProofVerifyDetailsChromium*>(details_.get());
409 EXPECT_EQ(0u, verify_details->cert_verify_result.cert_status); 409 EXPECT_EQ(0u, verify_details->cert_verify_result.cert_status);
410 } 410 }
411 411
412 HashValueVector MakeHashValueVector(uint8_t tag) {
Ryan Sleevi 2016/06/09 19:17:32 NAMING: This is confusing with HashValueTag (which
413 HashValue hash(HASH_VALUE_SHA256);
414 memset(hash.data(), tag, hash.size());
415 HashValueVector hashes;
416 hashes.push_back(hash);
417 return hashes;
418 }
419
420 // Test that PKP is enforced for certificates that chain up to known roots.
421 TEST_F(ProofVerifierChromiumTest, PKPEnforced) {
422 scoped_refptr<X509Certificate> test_cert = GetTestServerCertificate();
423 ASSERT_TRUE(test_cert);
424
425 CertVerifyResult dummy_result;
426 dummy_result.verified_cert = test_cert;
427 dummy_result.is_issued_by_known_root = true;
428 dummy_result.public_key_hashes = MakeHashValueVector(0x01);
429 dummy_result.cert_status = 0;
430
431 MockCertVerifier dummy_verifier;
432 dummy_verifier.AddResultForCert(test_cert.get(), dummy_result, OK);
433
434 HashValueVector pin_hashes = MakeHashValueVector(0x02);
435 TransportSecurityState transport_security_state;
436 transport_security_state.AddHPKP(
437 kTestHostname, base::Time::Now() + base::TimeDelta::FromSeconds(10000),
438 true, pin_hashes, GURL());
439
440 ProofVerifierChromium proof_verifier(&dummy_verifier, nullptr,
441 &transport_security_state, nullptr);
442
443 std::unique_ptr<DummyProofVerifierCallback> callback(
444 new DummyProofVerifierCallback);
445 QuicAsyncStatus status = proof_verifier.VerifyProof(
446 kTestHostname, kTestPort, kTestConfig, QUIC_VERSION_25, "", certs_, "",
447 GetTestSignature(), verify_context_.get(), &error_details_, &details_,
448 callback.get());
449 ASSERT_EQ(QUIC_FAILURE, status);
450
451 ASSERT_TRUE(details_.get());
452 ProofVerifyDetailsChromium* verify_details =
453 static_cast<ProofVerifyDetailsChromium*>(details_.get());
454 EXPECT_EQ(0u, verify_details->cert_verify_result.cert_status);
455 EXPECT_FALSE(verify_details->cert_verify_result.pkp_bypassed);
456 EXPECT_NE("", verify_details->pinning_failure_log);
457 }
458
459 // Test |pkp_bypassed| is set when PKP is bypassed due to a local
460 // trust anchor
461 TEST_F(ProofVerifierChromiumTest, PKPBypassFlagSet) {
462 scoped_refptr<X509Certificate> test_cert = GetTestServerCertificate();
463 ASSERT_TRUE(test_cert);
464
465 CertVerifyResult dummy_result;
466 dummy_result.verified_cert = test_cert;
467 dummy_result.is_issued_by_known_root = false;
468 dummy_result.public_key_hashes = MakeHashValueVector(0x01);
469 dummy_result.cert_status = 0;
470
471 MockCertVerifier dummy_verifier;
472 dummy_verifier.AddResultForCert(test_cert.get(), dummy_result, OK);
473
474 HashValueVector expected_hashes = MakeHashValueVector(0x02);
475 TransportSecurityState transport_security_state_fail;
476 transport_security_state_fail.AddHPKP(
477 kTestHostname, base::Time::Now() + base::TimeDelta::FromSeconds(10000),
478 true, expected_hashes, GURL());
479
480 ProofVerifierChromium proof_verifier(&dummy_verifier, nullptr,
481 &transport_security_state_fail, nullptr);
482
483 std::unique_ptr<DummyProofVerifierCallback> callback(
484 new DummyProofVerifierCallback);
485 QuicAsyncStatus status = proof_verifier.VerifyProof(
486 kTestHostname, kTestPort, kTestConfig, QUIC_VERSION_25, "", certs_, "",
487 GetTestSignature(), verify_context_.get(), &error_details_, &details_,
488 callback.get());
489 ASSERT_EQ(QUIC_SUCCESS, status);
490
491 ASSERT_TRUE(details_.get());
492 ProofVerifyDetailsChromium* verify_details =
493 static_cast<ProofVerifyDetailsChromium*>(details_.get());
494 EXPECT_TRUE(verify_details->cert_verify_result.pkp_bypassed);
495 }
496
412 } // namespace test 497 } // namespace test
413 } // namespace net 498 } // namespace net
OLDNEW
« net/http/transport_security_state.cc ('K') | « net/quic/crypto/proof_verifier_chromium.cc ('k') | net/quic/quic_chromium_client_session.cc » ('j') | net/socket/ssl_client_socket_unittest.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698