OLD | NEW |
(Empty) | |
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "components/cronet/android/cert/cert_verifier_cache_serializer.h" |
| 6 |
| 7 #include <memory> |
| 8 #include <string> |
| 9 |
| 10 #include "base/android/path_utils.h" |
| 11 #include "base/files/file_path.h" |
| 12 #include "base/memory/ptr_util.h" |
| 13 #include "base/memory/ref_counted.h" |
| 14 #include "components/cronet/android/cert/proto/cert_verification.pb.h" |
| 15 #include "net/base/net_errors.h" |
| 16 #include "net/base/test_completion_callback.h" |
| 17 #include "net/cert/caching_cert_verifier.h" |
| 18 #include "net/cert/cert_verifier.h" |
| 19 #include "net/cert/cert_verify_result.h" |
| 20 #include "net/cert/mock_cert_verifier.h" |
| 21 #include "net/cert/x509_certificate.h" |
| 22 #include "net/log/net_log.h" |
| 23 #include "net/test/cert_test_util.h" |
| 24 #include "net/test/test_data_directory.h" |
| 25 #include "testing/gtest/include/gtest/gtest.h" |
| 26 |
| 27 namespace cronet { |
| 28 |
| 29 namespace { |
| 30 |
| 31 // Helper function that verifies the cerificate with the given |cert_name| |
| 32 // against the given |hostname| using the given |verifier|. Result from the cert |
| 33 // verification is ignored. |
| 34 void VerifyCert(const std::string& cert_name, |
| 35 const std::string& hostname, |
| 36 net::CachingCertVerifier* verifier, |
| 37 net::CertVerifyResult* verify_result) { |
| 38 // Set up server certs. |
| 39 scoped_refptr<net::X509Certificate> cert( |
| 40 net::ImportCertFromFile(net::GetTestCertsDirectory(), cert_name)); |
| 41 ASSERT_TRUE(cert); |
| 42 |
| 43 net::TestCompletionCallback callback; |
| 44 std::unique_ptr<net::CertVerifier::Request> request; |
| 45 |
| 46 ignore_result(callback.GetResult(verifier->Verify( |
| 47 net::CertVerifier::RequestParams(cert.get(), hostname, 0, std::string(), |
| 48 net::CertificateList()), |
| 49 nullptr, verify_result, callback.callback(), &request, |
| 50 net::BoundNetLog()))); |
| 51 } |
| 52 |
| 53 } // namespace |
| 54 |
| 55 TEST(CertVerifierCacheSerializerTest, RestoreEmptyData) { |
| 56 // Restoring empty data should fail. |
| 57 cronet_pb::CertVerificationCache cert_cache; |
| 58 net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>()); |
| 59 EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier)); |
| 60 } |
| 61 |
| 62 TEST(CertVerifierCacheSerializerTest, SerializeCache) { |
| 63 net::CertVerifyResult verify_result; |
| 64 net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>()); |
| 65 ASSERT_NO_FATAL_FAILURE( |
| 66 VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result)); |
| 67 cronet_pb::CertVerificationCache cert_cache = |
| 68 SerializeCertVerifierCache(verifier); |
| 69 // Verify atleast one certificate is serialized. |
| 70 DCHECK_EQ(1, cert_cache.cert_entry_size()); |
| 71 DCHECK_EQ(1, cert_cache.cache_entry_size()); |
| 72 } |
| 73 |
| 74 // Create a new Verifier and restoring the data into it should succeed. |
| 75 TEST(CertVerifierCacheSerializerTest, RestoreMultipleEntriesIntoNewVerifier) { |
| 76 scoped_refptr<net::X509Certificate> ok_cert( |
| 77 net::ImportCertFromFile(net::GetTestCertsDirectory(), "ok_cert.pem")); |
| 78 ASSERT_TRUE(ok_cert); |
| 79 |
| 80 const scoped_refptr<net::X509Certificate> root_cert = |
| 81 net::ImportCertFromFile(net::GetTestCertsDirectory(), "root_ca_cert.pem"); |
| 82 ASSERT_TRUE(root_cert); |
| 83 |
| 84 net::TestCompletionCallback callback; |
| 85 std::unique_ptr<net::CertVerifier::Request> request; |
| 86 |
| 87 // Verify www.example.com host's certificate. |
| 88 std::string example_hostname("www.example.com"); |
| 89 net::CertVerifyResult verifier1_result1; |
| 90 net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>()); |
| 91 ASSERT_NO_FATAL_FAILURE(VerifyCert("ok_cert.pem", example_hostname, &verifier, |
| 92 &verifier1_result1)); |
| 93 |
| 94 // Verify www2.example.com host's certificate. |
| 95 std::string example2_hostname("www2.example.com"); |
| 96 net::CertVerifyResult verifier1_result2; |
| 97 |
| 98 // Create a certificate that contains both a leaf and an intermediate/root and |
| 99 // use that certificate for www2.example.com. |
| 100 net::X509Certificate::OSCertHandles chain; |
| 101 chain.push_back(root_cert->os_cert_handle()); |
| 102 const scoped_refptr<net::X509Certificate> combined_cert = |
| 103 net::X509Certificate::CreateFromHandle(ok_cert->os_cert_handle(), chain); |
| 104 ASSERT_TRUE(combined_cert); |
| 105 |
| 106 ignore_result(callback.GetResult(verifier.Verify( |
| 107 net::CertVerifier::RequestParams(combined_cert, example2_hostname, 0, |
| 108 std::string(), net::CertificateList()), |
| 109 nullptr, &verifier1_result2, callback.callback(), &request, |
| 110 net::BoundNetLog()))); |
| 111 |
| 112 cronet_pb::CertVerificationCache cert_cache = |
| 113 SerializeCertVerifierCache(verifier); |
| 114 // Verify two certificates are serialized. |
| 115 DCHECK_EQ(2, cert_cache.cert_entry_size()); |
| 116 DCHECK_EQ(2, cert_cache.cache_entry_size()); |
| 117 |
| 118 net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>()); |
| 119 |
| 120 // Populate |verifier2|'s cache. |
| 121 EXPECT_TRUE(DeserializeCertVerifierCache(cert_cache, &verifier2)); |
| 122 |
| 123 // Verify the cert for www.example.com with |verifier2|. |
| 124 net::CertVerifyResult verifier2_result1; |
| 125 ASSERT_NO_FATAL_FAILURE(VerifyCert("ok_cert.pem", example_hostname, |
| 126 &verifier2, &verifier2_result1)); |
| 127 |
| 128 // CertVerifyResult for www.example.com with |verifier2| should match |
| 129 // what was serialized with |verifier|. |
| 130 EXPECT_EQ(verifier2_result1, verifier1_result1); |
| 131 |
| 132 // Verify the cert for www2.example.com with |verifier2|. |
| 133 net::CertVerifyResult verifier2_result2; |
| 134 ignore_result(callback.GetResult(verifier2.Verify( |
| 135 net::CertVerifier::RequestParams(combined_cert, example2_hostname, 0, |
| 136 std::string(), net::CertificateList()), |
| 137 nullptr, &verifier2_result2, callback.callback(), &request, |
| 138 net::BoundNetLog()))); |
| 139 |
| 140 // CertVerifyResult for www2.example.com with |verifier2| should match |
| 141 // what was serialized with |verifier|. |
| 142 EXPECT_EQ(verifier2_result2, verifier1_result2); |
| 143 } |
| 144 |
| 145 // A corrupted cert_entry in the serialized data should fail to be deserialized. |
| 146 // Should not deserialize a corrupted cert_entry. |
| 147 TEST(CertVerifierCacheSerializerTest, DeserializeCorruptedCerts) { |
| 148 net::CertVerifyResult verify_result; |
| 149 net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>()); |
| 150 ASSERT_NO_FATAL_FAILURE( |
| 151 VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result)); |
| 152 cronet_pb::CertVerificationCache cert_cache = |
| 153 SerializeCertVerifierCache(verifier); |
| 154 DCHECK_EQ(1, cert_cache.cert_entry_size()); |
| 155 DCHECK_EQ(1, cert_cache.cache_entry_size()); |
| 156 |
| 157 cert_cache.clear_cert_entry(); |
| 158 |
| 159 net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>()); |
| 160 EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2)); |
| 161 } |
| 162 |
| 163 // A corrupted |cache_entry| in the serialized data should fail to be |
| 164 // deserialized. Should not deserialize a corrupted |cert_entry|. |
| 165 TEST(CertVerifierCacheSerializerTest, DeserializeCorruptedCacheEntry) { |
| 166 net::CertVerifyResult verify_result; |
| 167 net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>()); |
| 168 ASSERT_NO_FATAL_FAILURE( |
| 169 VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result)); |
| 170 cronet_pb::CertVerificationCache cert_cache = |
| 171 SerializeCertVerifierCache(verifier); |
| 172 DCHECK_EQ(1, cert_cache.cert_entry_size()); |
| 173 DCHECK_EQ(1, cert_cache.cache_entry_size()); |
| 174 |
| 175 // Corrupt |cache_entry|. |
| 176 cert_cache.clear_cache_entry(); |
| 177 |
| 178 net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>()); |
| 179 EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2)); |
| 180 } |
| 181 |
| 182 // A corrupted |request_params| in the serialized data should fail to be |
| 183 // deserialized. Should not deserialize a corrupted |request_params|. |
| 184 TEST(CertVerifierCacheSerializerTest, DeserializeCorruptedRequestParams) { |
| 185 net::CertVerifyResult verify_result; |
| 186 net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>()); |
| 187 ASSERT_NO_FATAL_FAILURE( |
| 188 VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result)); |
| 189 cronet_pb::CertVerificationCache cert_cache = |
| 190 SerializeCertVerifierCache(verifier); |
| 191 DCHECK_EQ(1, cert_cache.cert_entry_size()); |
| 192 DCHECK_EQ(1, cert_cache.cache_entry_size()); |
| 193 |
| 194 for (int i = 0; i < cert_cache.cache_entry_size(); ++i) { |
| 195 cronet_pb::CertVerificationCacheEntry* cache_entry = |
| 196 cert_cache.mutable_cache_entry(i); |
| 197 // Corrupt |request_params|. |
| 198 cache_entry->clear_request_params(); |
| 199 } |
| 200 |
| 201 net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>()); |
| 202 EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2)); |
| 203 } |
| 204 |
| 205 // A corrupted |certificate| in |request_params| in the serialized data should |
| 206 // fail to be deserialized. Should not deserialize a corrupted |certificate|. |
| 207 TEST(CertVerifierCacheSerializerTest, DeserializeRequestParamsNoCertificate) { |
| 208 net::CertVerifyResult verify_result; |
| 209 net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>()); |
| 210 ASSERT_NO_FATAL_FAILURE( |
| 211 VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result)); |
| 212 cronet_pb::CertVerificationCache cert_cache = |
| 213 SerializeCertVerifierCache(verifier); |
| 214 DCHECK_EQ(1, cert_cache.cert_entry_size()); |
| 215 DCHECK_EQ(1, cert_cache.cache_entry_size()); |
| 216 |
| 217 for (int i = 0; i < cert_cache.cache_entry_size(); ++i) { |
| 218 cronet_pb::CertVerificationCacheEntry* cache_entry = |
| 219 cert_cache.mutable_cache_entry(i); |
| 220 cronet_pb::CertVerificationRequestParams* request_params = |
| 221 cache_entry->mutable_request_params(); |
| 222 // Corrupt certificate. |
| 223 request_params->clear_certificate(); |
| 224 } |
| 225 |
| 226 net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>()); |
| 227 EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2)); |
| 228 } |
| 229 |
| 230 // A corrupted |hostname| in |request_params| in the serialized data should |
| 231 // fail to be deserialized. Should not deserialize a corrupted |hostname|. |
| 232 TEST(CertVerifierCacheSerializerTest, DeserializeRequestParamsNoHostname) { |
| 233 net::CertVerifyResult verify_result; |
| 234 net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>()); |
| 235 ASSERT_NO_FATAL_FAILURE( |
| 236 VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result)); |
| 237 cronet_pb::CertVerificationCache cert_cache = |
| 238 SerializeCertVerifierCache(verifier); |
| 239 DCHECK_EQ(1, cert_cache.cert_entry_size()); |
| 240 DCHECK_EQ(1, cert_cache.cache_entry_size()); |
| 241 |
| 242 for (int i = 0; i < cert_cache.cache_entry_size(); ++i) { |
| 243 cronet_pb::CertVerificationCacheEntry* cache_entry = |
| 244 cert_cache.mutable_cache_entry(i); |
| 245 cronet_pb::CertVerificationRequestParams* request_params = |
| 246 cache_entry->mutable_request_params(); |
| 247 // Corrupt hostname. |
| 248 request_params->clear_hostname(); |
| 249 } |
| 250 |
| 251 net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>()); |
| 252 EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2)); |
| 253 } |
| 254 |
| 255 // An invalid |hostname| in |request_params| in the serialized data should |
| 256 // fail to be deserialized. Should not deserialize an invalid |hostname|. |
| 257 TEST(CertVerifierCacheSerializerTest, DeserializeRequestParamsEmptyHostname) { |
| 258 net::CertVerifyResult verify_result; |
| 259 net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>()); |
| 260 ASSERT_NO_FATAL_FAILURE( |
| 261 VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result)); |
| 262 cronet_pb::CertVerificationCache cert_cache = |
| 263 SerializeCertVerifierCache(verifier); |
| 264 DCHECK_EQ(1, cert_cache.cert_entry_size()); |
| 265 DCHECK_EQ(1, cert_cache.cache_entry_size()); |
| 266 |
| 267 for (int i = 0; i < cert_cache.cache_entry_size(); ++i) { |
| 268 cronet_pb::CertVerificationCacheEntry* cache_entry = |
| 269 cert_cache.mutable_cache_entry(i); |
| 270 cronet_pb::CertVerificationRequestParams* request_params = |
| 271 cache_entry->mutable_request_params(); |
| 272 // Set bogus hostname. |
| 273 request_params->set_hostname(""); |
| 274 } |
| 275 |
| 276 net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>()); |
| 277 EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2)); |
| 278 } |
| 279 |
| 280 // A corrupted |flags| in |request_params| in the serialized data should |
| 281 // fail to be deserialized. Should not deserialize a corrupted |flags|. |
| 282 TEST(CertVerifierCacheSerializerTest, DeserializeRequestParamsNoFlags) { |
| 283 net::CertVerifyResult verify_result; |
| 284 net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>()); |
| 285 ASSERT_NO_FATAL_FAILURE( |
| 286 VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result)); |
| 287 cronet_pb::CertVerificationCache cert_cache = |
| 288 SerializeCertVerifierCache(verifier); |
| 289 DCHECK_EQ(1, cert_cache.cert_entry_size()); |
| 290 DCHECK_EQ(1, cert_cache.cache_entry_size()); |
| 291 |
| 292 for (int i = 0; i < cert_cache.cache_entry_size(); ++i) { |
| 293 cronet_pb::CertVerificationCacheEntry* cache_entry = |
| 294 cert_cache.mutable_cache_entry(i); |
| 295 cronet_pb::CertVerificationRequestParams* request_params = |
| 296 cache_entry->mutable_request_params(); |
| 297 // Corrupt flags. |
| 298 request_params->clear_flags(); |
| 299 } |
| 300 |
| 301 net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>()); |
| 302 EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2)); |
| 303 } |
| 304 |
| 305 // A corrupted |ocsp_response| in |request_params| in the serialized data should |
| 306 // fail to be deserialized. Should not deserialize a corrupted |ocsp_response|. |
| 307 TEST(CertVerifierCacheSerializerTest, DeserializeRequestParamsNoOcspResponse) { |
| 308 net::CertVerifyResult verify_result; |
| 309 net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>()); |
| 310 ASSERT_NO_FATAL_FAILURE( |
| 311 VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result)); |
| 312 cronet_pb::CertVerificationCache cert_cache = |
| 313 SerializeCertVerifierCache(verifier); |
| 314 DCHECK_EQ(1, cert_cache.cert_entry_size()); |
| 315 DCHECK_EQ(1, cert_cache.cache_entry_size()); |
| 316 |
| 317 for (int i = 0; i < cert_cache.cache_entry_size(); ++i) { |
| 318 cronet_pb::CertVerificationCacheEntry* cache_entry = |
| 319 cert_cache.mutable_cache_entry(i); |
| 320 cronet_pb::CertVerificationRequestParams* request_params = |
| 321 cache_entry->mutable_request_params(); |
| 322 // Corrupt |ocsp_response|. |
| 323 request_params->clear_ocsp_response(); |
| 324 } |
| 325 |
| 326 net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>()); |
| 327 EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2)); |
| 328 } |
| 329 |
| 330 // An empty certificate number in |request_params| in the serialized data should |
| 331 // fail to be deserialized. Should not deserialize an empty certificate number. |
| 332 TEST(CertVerifierCacheSerializerTest, |
| 333 DeserializeRequestParamsCertificateNoCertNumbers) { |
| 334 net::CertVerifyResult verify_result; |
| 335 net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>()); |
| 336 ASSERT_NO_FATAL_FAILURE( |
| 337 VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result)); |
| 338 cronet_pb::CertVerificationCache cert_cache = |
| 339 SerializeCertVerifierCache(verifier); |
| 340 DCHECK_EQ(1, cert_cache.cert_entry_size()); |
| 341 DCHECK_EQ(1, cert_cache.cache_entry_size()); |
| 342 |
| 343 for (int i = 0; i < cert_cache.cache_entry_size(); ++i) { |
| 344 cronet_pb::CertVerificationCacheEntry* cache_entry = |
| 345 cert_cache.mutable_cache_entry(i); |
| 346 cronet_pb::CertVerificationRequestParams* request_params = |
| 347 cache_entry->mutable_request_params(); |
| 348 cronet_pb::CertVerificationCertificate* certificate = |
| 349 request_params->mutable_certificate(); |
| 350 // Corrupt certificate number. |
| 351 certificate->clear_cert_numbers(); |
| 352 } |
| 353 |
| 354 net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>()); |
| 355 EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2)); |
| 356 } |
| 357 |
| 358 // An invalid certificate number in |request_params| in the serialized data |
| 359 // should fail to be deserialized. Should not deserialize an invalid certificate |
| 360 // number. |
| 361 TEST(CertVerifierCacheSerializerTest, |
| 362 DeserializeCorruptedRequestParamsCertNumbers) { |
| 363 net::CertVerifyResult verify_result; |
| 364 net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>()); |
| 365 ASSERT_NO_FATAL_FAILURE( |
| 366 VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result)); |
| 367 cronet_pb::CertVerificationCache cert_cache = |
| 368 SerializeCertVerifierCache(verifier); |
| 369 DCHECK_EQ(1, cert_cache.cert_entry_size()); |
| 370 DCHECK_EQ(1, cert_cache.cache_entry_size()); |
| 371 |
| 372 for (int i = 0; i < cert_cache.cache_entry_size(); ++i) { |
| 373 cronet_pb::CertVerificationCacheEntry* cache_entry = |
| 374 cert_cache.mutable_cache_entry(i); |
| 375 cronet_pb::CertVerificationRequestParams* request_params = |
| 376 cache_entry->mutable_request_params(); |
| 377 cronet_pb::CertVerificationCertificate* certificate = |
| 378 request_params->mutable_certificate(); |
| 379 // Set bogus certificate number. |
| 380 certificate->set_cert_numbers(0, 100); |
| 381 } |
| 382 |
| 383 net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>()); |
| 384 EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2)); |
| 385 } |
| 386 |
| 387 // A corrupted certificate number in |additional_trust_anchors| of |
| 388 // |request_params| in the serialized data should fail to be deserialized. |
| 389 // Should not deserialize a corrupted certificate number. |
| 390 TEST(CertVerifierCacheSerializerTest, |
| 391 DeserializeRequestParamsCertificateNoTrustAnchors) { |
| 392 net::CertificateList ca_cert_list = net::CreateCertificateListFromFile( |
| 393 net::GetTestCertsDirectory(), "root_ca_cert.pem", |
| 394 net::X509Certificate::FORMAT_AUTO); |
| 395 ASSERT_EQ(1U, ca_cert_list.size()); |
| 396 scoped_refptr<net::X509Certificate> ca_cert(ca_cert_list[0]); |
| 397 |
| 398 net::CertificateList cert_list = net::CreateCertificateListFromFile( |
| 399 net::GetTestCertsDirectory(), "ok_cert.pem", |
| 400 net::X509Certificate::FORMAT_AUTO); |
| 401 ASSERT_EQ(1U, cert_list.size()); |
| 402 scoped_refptr<net::X509Certificate> cert(cert_list[0]); |
| 403 |
| 404 // Now add the |ca_cert| to the |trust_anchors|, and verification should pass. |
| 405 net::CertificateList trust_anchors; |
| 406 trust_anchors.push_back(ca_cert); |
| 407 |
| 408 net::CertVerifyResult verify_result; |
| 409 net::TestCompletionCallback callback; |
| 410 std::unique_ptr<net::CertVerifier::Request> request; |
| 411 |
| 412 net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>()); |
| 413 // Verify the |cert| with |trust_anchors|. |
| 414 ignore_result(callback.GetResult(verifier.Verify( |
| 415 net::CertVerifier::RequestParams(cert, "www.example.com", 0, |
| 416 std::string(), trust_anchors), |
| 417 nullptr, &verify_result, callback.callback(), &request, |
| 418 net::BoundNetLog()))); |
| 419 |
| 420 cronet_pb::CertVerificationCache cert_cache = |
| 421 SerializeCertVerifierCache(verifier); |
| 422 DCHECK_EQ(2, cert_cache.cert_entry_size()); |
| 423 DCHECK_EQ(1, cert_cache.cache_entry_size()); |
| 424 |
| 425 for (int i = 0; i < cert_cache.cache_entry_size(); ++i) { |
| 426 cronet_pb::CertVerificationCacheEntry* cache_entry = |
| 427 cert_cache.mutable_cache_entry(i); |
| 428 cronet_pb::CertVerificationRequestParams* request_params = |
| 429 cache_entry->mutable_request_params(); |
| 430 for (int j = 0; j < request_params->additional_trust_anchors_size(); ++j) { |
| 431 cronet_pb::CertVerificationCertificate* certificate = |
| 432 request_params->mutable_additional_trust_anchors(j); |
| 433 // Corrupt the certificate number in |additional_trust_anchors|. |
| 434 certificate->clear_cert_numbers(); |
| 435 } |
| 436 } |
| 437 |
| 438 net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>()); |
| 439 EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2)); |
| 440 } |
| 441 |
| 442 // A corrupted |cached_result| in the serialized data should fail to be |
| 443 // deserialized. Should not deserialize a corrupted |cached_result|. |
| 444 TEST(CertVerifierCacheSerializerTest, DeserializeCorruptedCachedResult) { |
| 445 net::CertVerifyResult verify_result; |
| 446 net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>()); |
| 447 ASSERT_NO_FATAL_FAILURE( |
| 448 VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result)); |
| 449 cronet_pb::CertVerificationCache cert_cache = |
| 450 SerializeCertVerifierCache(verifier); |
| 451 DCHECK_EQ(1, cert_cache.cert_entry_size()); |
| 452 DCHECK_EQ(1, cert_cache.cache_entry_size()); |
| 453 |
| 454 for (int i = 0; i < cert_cache.cache_entry_size(); ++i) { |
| 455 cronet_pb::CertVerificationCacheEntry* cache_entry = |
| 456 cert_cache.mutable_cache_entry(i); |
| 457 // Corrupt the |cached_result|. |
| 458 cache_entry->clear_cached_result(); |
| 459 } |
| 460 |
| 461 net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>()); |
| 462 EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2)); |
| 463 } |
| 464 |
| 465 // A corrupted |error| in the serialized data should fail to be deserialized. |
| 466 // Should not deserialize a corrupted |error|. |
| 467 TEST(CertVerifierCacheSerializerTest, DeserializeCachedResultNoError) { |
| 468 net::CertVerifyResult verify_result; |
| 469 net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>()); |
| 470 ASSERT_NO_FATAL_FAILURE( |
| 471 VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result)); |
| 472 cronet_pb::CertVerificationCache cert_cache = |
| 473 SerializeCertVerifierCache(verifier); |
| 474 DCHECK_EQ(1, cert_cache.cert_entry_size()); |
| 475 DCHECK_EQ(1, cert_cache.cache_entry_size()); |
| 476 |
| 477 for (int i = 0; i < cert_cache.cache_entry_size(); ++i) { |
| 478 cronet_pb::CertVerificationCacheEntry* cache_entry = |
| 479 cert_cache.mutable_cache_entry(i); |
| 480 cronet_pb::CertVerificationCachedResult* cached_result = |
| 481 cache_entry->mutable_cached_result(); |
| 482 // Corrupt |error|. |
| 483 cached_result->clear_error(); |
| 484 } |
| 485 |
| 486 net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>()); |
| 487 EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2)); |
| 488 } |
| 489 |
| 490 // A corrupted |result| in the serialized data should fail to be deserialized. |
| 491 // Should not deserialize a corrupted |result|. |
| 492 TEST(CertVerifierCacheSerializerTest, DeserializeCachedResultNoResult) { |
| 493 net::CertVerifyResult verify_result; |
| 494 net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>()); |
| 495 ASSERT_NO_FATAL_FAILURE( |
| 496 VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result)); |
| 497 cronet_pb::CertVerificationCache cert_cache = |
| 498 SerializeCertVerifierCache(verifier); |
| 499 DCHECK_EQ(1, cert_cache.cert_entry_size()); |
| 500 DCHECK_EQ(1, cert_cache.cache_entry_size()); |
| 501 |
| 502 for (int i = 0; i < cert_cache.cache_entry_size(); ++i) { |
| 503 cronet_pb::CertVerificationCacheEntry* cache_entry = |
| 504 cert_cache.mutable_cache_entry(i); |
| 505 cronet_pb::CertVerificationCachedResult* cached_result = |
| 506 cache_entry->mutable_cached_result(); |
| 507 // Corrupt the |result|. |
| 508 cached_result->clear_result(); |
| 509 } |
| 510 |
| 511 net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>()); |
| 512 EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2)); |
| 513 } |
| 514 |
| 515 // A corrupted |cert_status| in the serialized data should fail to be |
| 516 // deserialized. Should not deserialize a corrupted |cert_status|. |
| 517 TEST(CertVerifierCacheSerializerTest, DeserializeCachedResultNoCertStatus) { |
| 518 net::CertVerifyResult verify_result; |
| 519 net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>()); |
| 520 ASSERT_NO_FATAL_FAILURE( |
| 521 VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result)); |
| 522 cronet_pb::CertVerificationCache cert_cache = |
| 523 SerializeCertVerifierCache(verifier); |
| 524 DCHECK_EQ(1, cert_cache.cert_entry_size()); |
| 525 DCHECK_EQ(1, cert_cache.cache_entry_size()); |
| 526 |
| 527 for (int i = 0; i < cert_cache.cache_entry_size(); ++i) { |
| 528 cronet_pb::CertVerificationCacheEntry* cache_entry = |
| 529 cert_cache.mutable_cache_entry(i); |
| 530 cronet_pb::CertVerificationCachedResult* cached_result = |
| 531 cache_entry->mutable_cached_result(); |
| 532 cronet_pb::CertVerificationResult* result = cached_result->mutable_result(); |
| 533 // Corrupt the |cert_status|. |
| 534 result->clear_cert_status(); |
| 535 } |
| 536 |
| 537 net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>()); |
| 538 EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2)); |
| 539 } |
| 540 |
| 541 // A corrupted |verification_time| in the serialized data should fail to be |
| 542 // deserialized. Should not deserialize a corrupted |verification_time|. |
| 543 TEST(CertVerifierCacheSerializerTest, DeserializeCachedResultNoVerifiedCert) { |
| 544 net::CertVerifyResult verify_result; |
| 545 net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>()); |
| 546 ASSERT_NO_FATAL_FAILURE( |
| 547 VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result)); |
| 548 cronet_pb::CertVerificationCache cert_cache = |
| 549 SerializeCertVerifierCache(verifier); |
| 550 DCHECK_EQ(1, cert_cache.cert_entry_size()); |
| 551 DCHECK_EQ(1, cert_cache.cache_entry_size()); |
| 552 |
| 553 for (int i = 0; i < cert_cache.cache_entry_size(); ++i) { |
| 554 cronet_pb::CertVerificationCacheEntry* cache_entry = |
| 555 cert_cache.mutable_cache_entry(i); |
| 556 cronet_pb::CertVerificationCachedResult* cached_result = |
| 557 cache_entry->mutable_cached_result(); |
| 558 cronet_pb::CertVerificationResult* result = cached_result->mutable_result(); |
| 559 // Corrupt the |verified_cert|. |
| 560 result->clear_verified_cert(); |
| 561 } |
| 562 |
| 563 net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>()); |
| 564 EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2)); |
| 565 } |
| 566 |
| 567 // A corrupted |verified_cert| in the serialized data should fail to be |
| 568 // deserialized. Should not deserialize a corrupted |verified_cert|. |
| 569 TEST(CertVerifierCacheSerializerTest, |
| 570 DeserializeCachedResultNoVerifiedCertNumber) { |
| 571 net::CertVerifyResult verify_result; |
| 572 net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>()); |
| 573 ASSERT_NO_FATAL_FAILURE( |
| 574 VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result)); |
| 575 cronet_pb::CertVerificationCache cert_cache = |
| 576 SerializeCertVerifierCache(verifier); |
| 577 DCHECK_EQ(1, cert_cache.cert_entry_size()); |
| 578 DCHECK_EQ(1, cert_cache.cache_entry_size()); |
| 579 |
| 580 for (int i = 0; i < cert_cache.cache_entry_size(); ++i) { |
| 581 cronet_pb::CertVerificationCacheEntry* cache_entry = |
| 582 cert_cache.mutable_cache_entry(i); |
| 583 cronet_pb::CertVerificationCachedResult* cached_result = |
| 584 cache_entry->mutable_cached_result(); |
| 585 cronet_pb::CertVerificationResult* result = cached_result->mutable_result(); |
| 586 result->clear_verified_cert(); |
| 587 // Corrupt the verified cert's certificate number. |
| 588 cronet_pb::CertVerificationCertificate* certificate = |
| 589 result->mutable_verified_cert(); |
| 590 certificate->clear_cert_numbers(); |
| 591 } |
| 592 |
| 593 net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>()); |
| 594 EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2)); |
| 595 } |
| 596 |
| 597 // An invalid certificate number of |verified_cert| in the serialized data |
| 598 // should fail to be deserialized. Should not deserialize an invalid certificate |
| 599 // number. |
| 600 TEST(CertVerifierCacheSerializerTest, |
| 601 DeserializeCorruptedCachedResultVerifiedCertNumber) { |
| 602 net::CertVerifyResult verify_result; |
| 603 net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>()); |
| 604 ASSERT_NO_FATAL_FAILURE( |
| 605 VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result)); |
| 606 cronet_pb::CertVerificationCache cert_cache = |
| 607 SerializeCertVerifierCache(verifier); |
| 608 DCHECK_EQ(1, cert_cache.cert_entry_size()); |
| 609 DCHECK_EQ(1, cert_cache.cache_entry_size()); |
| 610 |
| 611 for (int i = 0; i < cert_cache.cache_entry_size(); ++i) { |
| 612 cronet_pb::CertVerificationCacheEntry* cache_entry = |
| 613 cert_cache.mutable_cache_entry(i); |
| 614 cronet_pb::CertVerificationCachedResult* cached_result = |
| 615 cache_entry->mutable_cached_result(); |
| 616 cronet_pb::CertVerificationResult* result = cached_result->mutable_result(); |
| 617 cronet_pb::CertVerificationCertificate* certificate = |
| 618 result->mutable_verified_cert(); |
| 619 // Set bogus certificate number for |verified_cert|. |
| 620 certificate->set_cert_numbers(0, 100); |
| 621 } |
| 622 |
| 623 net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>()); |
| 624 EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2)); |
| 625 } |
| 626 |
| 627 // A corrupted |public_key_hashes| in the serialized data should fail to be |
| 628 // deserialized. Should not deserialize a corrupted |public_key_hashes|. |
| 629 TEST(CertVerifierCacheSerializerTest, |
| 630 DeserializeCorruptedCachedResultPublicKeyHashes) { |
| 631 net::CertVerifyResult verify_result; |
| 632 net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>()); |
| 633 ASSERT_NO_FATAL_FAILURE( |
| 634 VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result)); |
| 635 cronet_pb::CertVerificationCache cert_cache = |
| 636 SerializeCertVerifierCache(verifier); |
| 637 DCHECK_EQ(1, cert_cache.cert_entry_size()); |
| 638 DCHECK_EQ(1, cert_cache.cache_entry_size()); |
| 639 |
| 640 for (int i = 0; i < cert_cache.cache_entry_size(); ++i) { |
| 641 cronet_pb::CertVerificationCacheEntry* cache_entry = |
| 642 cert_cache.mutable_cache_entry(i); |
| 643 cronet_pb::CertVerificationCachedResult* cached_result = |
| 644 cache_entry->mutable_cached_result(); |
| 645 cronet_pb::CertVerificationResult* result = cached_result->mutable_result(); |
| 646 // Set bogus |public_key_hashes|. |
| 647 result->add_public_key_hashes(""); |
| 648 } |
| 649 |
| 650 net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>()); |
| 651 EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2)); |
| 652 } |
| 653 |
| 654 // A corrupted |verification_time| in the serialized data should fail to be |
| 655 // deserialized. Should not deserialize a corrupted |verification_time|. |
| 656 TEST(CertVerifierCacheSerializerTest, DeserializeCorruptedVerificationTime) { |
| 657 net::CertVerifyResult verify_result; |
| 658 net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>()); |
| 659 ASSERT_NO_FATAL_FAILURE( |
| 660 VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result)); |
| 661 cronet_pb::CertVerificationCache cert_cache = |
| 662 SerializeCertVerifierCache(verifier); |
| 663 DCHECK_EQ(1, cert_cache.cert_entry_size()); |
| 664 DCHECK_EQ(1, cert_cache.cache_entry_size()); |
| 665 |
| 666 for (int i = 0; i < cert_cache.cache_entry_size(); ++i) { |
| 667 cronet_pb::CertVerificationCacheEntry* cache_entry = |
| 668 cert_cache.mutable_cache_entry(i); |
| 669 // Corrupt |verification_time|. |
| 670 cache_entry->clear_verification_time(); |
| 671 } |
| 672 |
| 673 net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>()); |
| 674 EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2)); |
| 675 } |
| 676 |
| 677 } // namespace cronet |
OLD | NEW |