Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(337)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: components/cronet/android/cert/cert_verifier_cache_serializer_unittest.cc

Issue 2021433004: Cert - protobufs to serialize and deserialize CertVerifierCache. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@Add_support_for_walking_1999733002
Patch Set: Fix comments Created 4 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « components/cronet/android/cert/cert_verifier_cache_serializer.cc ('k') | components/cronet/android/cert/proto/cert_verification.proto » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright 2016 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "components/cronet/android/cert/cert_verifier_cache_serializer.h"
6
7 #include <memory>
8 #include <string>
9
10 #include "base/android/path_utils.h"
11 #include "base/files/file_path.h"
12 #include "base/memory/ptr_util.h"
13 #include "base/memory/ref_counted.h"
14 #include "components/cronet/android/cert/proto/cert_verification.pb.h"
15 #include "net/base/net_errors.h"
16 #include "net/base/test_completion_callback.h"
17 #include "net/cert/caching_cert_verifier.h"
18 #include "net/cert/cert_verifier.h"
19 #include "net/cert/cert_verify_result.h"
20 #include "net/cert/mock_cert_verifier.h"
21 #include "net/cert/x509_certificate.h"
22 #include "net/log/net_log.h"
23 #include "net/test/cert_test_util.h"
24 #include "net/test/test_data_directory.h"
25 #include "testing/gtest/include/gtest/gtest.h"
26
27 namespace cronet {
28
29 namespace {
30
31 // Helper function that verifies the cerificate with the given |cert_name|
32 // against the given |hostname| using the given |verifier|. Result from the cert
33 // verification is ignored.
34 void VerifyCert(const std::string& cert_name,
35 const std::string& hostname,
36 net::CachingCertVerifier* verifier,
37 net::CertVerifyResult* verify_result) {
38 // Set up server certs.
39 scoped_refptr<net::X509Certificate> cert(
40 net::ImportCertFromFile(net::GetTestCertsDirectory(), cert_name));
41 ASSERT_TRUE(cert);
42
43 net::TestCompletionCallback callback;
44 std::unique_ptr<net::CertVerifier::Request> request;
45
46 ignore_result(callback.GetResult(verifier->Verify(
47 net::CertVerifier::RequestParams(cert.get(), hostname, 0, std::string(),
48 net::CertificateList()),
49 nullptr, verify_result, callback.callback(), &request,
50 net::BoundNetLog())));
51 }
52
53 } // namespace
54
55 TEST(CertVerifierCacheSerializerTest, RestoreEmptyData) {
56 // Restoring empty data should fail.
57 cronet_pb::CertVerificationCache cert_cache;
58 net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>());
59 EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier));
60 }
61
62 TEST(CertVerifierCacheSerializerTest, SerializeCache) {
63 net::CertVerifyResult verify_result;
64 net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>());
65 ASSERT_NO_FATAL_FAILURE(
66 VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result));
67 cronet_pb::CertVerificationCache cert_cache =
68 SerializeCertVerifierCache(verifier);
69 // Verify atleast one certificate is serialized.
70 DCHECK_EQ(1, cert_cache.cert_entry_size());
71 DCHECK_EQ(1, cert_cache.cache_entry_size());
72 }
73
74 // Create a new Verifier and restoring the data into it should succeed.
75 TEST(CertVerifierCacheSerializerTest, RestoreMultipleEntriesIntoNewVerifier) {
76 scoped_refptr<net::X509Certificate> ok_cert(
77 net::ImportCertFromFile(net::GetTestCertsDirectory(), "ok_cert.pem"));
78 ASSERT_TRUE(ok_cert);
79
80 const scoped_refptr<net::X509Certificate> root_cert =
81 net::ImportCertFromFile(net::GetTestCertsDirectory(), "root_ca_cert.pem");
82 ASSERT_TRUE(root_cert);
83
84 net::TestCompletionCallback callback;
85 std::unique_ptr<net::CertVerifier::Request> request;
86
87 // Verify www.example.com host's certificate.
88 std::string example_hostname("www.example.com");
89 net::CertVerifyResult verifier1_result1;
90 net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>());
91 ASSERT_NO_FATAL_FAILURE(VerifyCert("ok_cert.pem", example_hostname, &verifier,
92 &verifier1_result1));
93
94 // Verify www2.example.com host's certificate.
95 std::string example2_hostname("www2.example.com");
96 net::CertVerifyResult verifier1_result2;
97
98 // Create a certificate that contains both a leaf and an intermediate/root and
99 // use that certificate for www2.example.com.
100 net::X509Certificate::OSCertHandles chain;
101 chain.push_back(root_cert->os_cert_handle());
102 const scoped_refptr<net::X509Certificate> combined_cert =
103 net::X509Certificate::CreateFromHandle(ok_cert->os_cert_handle(), chain);
104 ASSERT_TRUE(combined_cert);
105
106 ignore_result(callback.GetResult(verifier.Verify(
107 net::CertVerifier::RequestParams(combined_cert, example2_hostname, 0,
108 std::string(), net::CertificateList()),
109 nullptr, &verifier1_result2, callback.callback(), &request,
110 net::BoundNetLog())));
111
112 cronet_pb::CertVerificationCache cert_cache =
113 SerializeCertVerifierCache(verifier);
114 // Verify two certificates are serialized.
115 DCHECK_EQ(2, cert_cache.cert_entry_size());
116 DCHECK_EQ(2, cert_cache.cache_entry_size());
117
118 net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>());
119
120 // Populate |verifier2|'s cache.
121 EXPECT_TRUE(DeserializeCertVerifierCache(cert_cache, &verifier2));
122
123 // Verify the cert for www.example.com with |verifier2|.
124 net::CertVerifyResult verifier2_result1;
125 ASSERT_NO_FATAL_FAILURE(VerifyCert("ok_cert.pem", example_hostname,
126 &verifier2, &verifier2_result1));
127
128 // CertVerifyResult for www.example.com with |verifier2| should match
129 // what was serialized with |verifier|.
130 EXPECT_EQ(verifier2_result1, verifier1_result1);
131
132 // Verify the cert for www2.example.com with |verifier2|.
133 net::CertVerifyResult verifier2_result2;
134 ignore_result(callback.GetResult(verifier2.Verify(
135 net::CertVerifier::RequestParams(combined_cert, example2_hostname, 0,
136 std::string(), net::CertificateList()),
137 nullptr, &verifier2_result2, callback.callback(), &request,
138 net::BoundNetLog())));
139
140 // CertVerifyResult for www2.example.com with |verifier2| should match
141 // what was serialized with |verifier|.
142 EXPECT_EQ(verifier2_result2, verifier1_result2);
143 }
144
145 // A corrupted cert_entry in the serialized data should fail to be deserialized.
146 // Should not deserialize a corrupted cert_entry.
147 TEST(CertVerifierCacheSerializerTest, DeserializeCorruptedCerts) {
148 net::CertVerifyResult verify_result;
149 net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>());
150 ASSERT_NO_FATAL_FAILURE(
151 VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result));
152 cronet_pb::CertVerificationCache cert_cache =
153 SerializeCertVerifierCache(verifier);
154 DCHECK_EQ(1, cert_cache.cert_entry_size());
155 DCHECK_EQ(1, cert_cache.cache_entry_size());
156
157 cert_cache.clear_cert_entry();
158
159 net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>());
160 EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2));
161 }
162
163 // A corrupted |cache_entry| in the serialized data should fail to be
164 // deserialized. Should not deserialize a corrupted |cert_entry|.
165 TEST(CertVerifierCacheSerializerTest, DeserializeCorruptedCacheEntry) {
166 net::CertVerifyResult verify_result;
167 net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>());
168 ASSERT_NO_FATAL_FAILURE(
169 VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result));
170 cronet_pb::CertVerificationCache cert_cache =
171 SerializeCertVerifierCache(verifier);
172 DCHECK_EQ(1, cert_cache.cert_entry_size());
173 DCHECK_EQ(1, cert_cache.cache_entry_size());
174
175 // Corrupt |cache_entry|.
176 cert_cache.clear_cache_entry();
177
178 net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>());
179 EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2));
180 }
181
182 // A corrupted |request_params| in the serialized data should fail to be
183 // deserialized. Should not deserialize a corrupted |request_params|.
184 TEST(CertVerifierCacheSerializerTest, DeserializeCorruptedRequestParams) {
185 net::CertVerifyResult verify_result;
186 net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>());
187 ASSERT_NO_FATAL_FAILURE(
188 VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result));
189 cronet_pb::CertVerificationCache cert_cache =
190 SerializeCertVerifierCache(verifier);
191 DCHECK_EQ(1, cert_cache.cert_entry_size());
192 DCHECK_EQ(1, cert_cache.cache_entry_size());
193
194 for (int i = 0; i < cert_cache.cache_entry_size(); ++i) {
195 cronet_pb::CertVerificationCacheEntry* cache_entry =
196 cert_cache.mutable_cache_entry(i);
197 // Corrupt |request_params|.
198 cache_entry->clear_request_params();
199 }
200
201 net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>());
202 EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2));
203 }
204
205 // A corrupted |certificate| in |request_params| in the serialized data should
206 // fail to be deserialized. Should not deserialize a corrupted |certificate|.
207 TEST(CertVerifierCacheSerializerTest, DeserializeRequestParamsNoCertificate) {
208 net::CertVerifyResult verify_result;
209 net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>());
210 ASSERT_NO_FATAL_FAILURE(
211 VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result));
212 cronet_pb::CertVerificationCache cert_cache =
213 SerializeCertVerifierCache(verifier);
214 DCHECK_EQ(1, cert_cache.cert_entry_size());
215 DCHECK_EQ(1, cert_cache.cache_entry_size());
216
217 for (int i = 0; i < cert_cache.cache_entry_size(); ++i) {
218 cronet_pb::CertVerificationCacheEntry* cache_entry =
219 cert_cache.mutable_cache_entry(i);
220 cronet_pb::CertVerificationRequestParams* request_params =
221 cache_entry->mutable_request_params();
222 // Corrupt certificate.
223 request_params->clear_certificate();
224 }
225
226 net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>());
227 EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2));
228 }
229
230 // A corrupted |hostname| in |request_params| in the serialized data should
231 // fail to be deserialized. Should not deserialize a corrupted |hostname|.
232 TEST(CertVerifierCacheSerializerTest, DeserializeRequestParamsNoHostname) {
233 net::CertVerifyResult verify_result;
234 net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>());
235 ASSERT_NO_FATAL_FAILURE(
236 VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result));
237 cronet_pb::CertVerificationCache cert_cache =
238 SerializeCertVerifierCache(verifier);
239 DCHECK_EQ(1, cert_cache.cert_entry_size());
240 DCHECK_EQ(1, cert_cache.cache_entry_size());
241
242 for (int i = 0; i < cert_cache.cache_entry_size(); ++i) {
243 cronet_pb::CertVerificationCacheEntry* cache_entry =
244 cert_cache.mutable_cache_entry(i);
245 cronet_pb::CertVerificationRequestParams* request_params =
246 cache_entry->mutable_request_params();
247 // Corrupt hostname.
248 request_params->clear_hostname();
249 }
250
251 net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>());
252 EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2));
253 }
254
255 // An invalid |hostname| in |request_params| in the serialized data should
256 // fail to be deserialized. Should not deserialize an invalid |hostname|.
257 TEST(CertVerifierCacheSerializerTest, DeserializeRequestParamsEmptyHostname) {
258 net::CertVerifyResult verify_result;
259 net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>());
260 ASSERT_NO_FATAL_FAILURE(
261 VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result));
262 cronet_pb::CertVerificationCache cert_cache =
263 SerializeCertVerifierCache(verifier);
264 DCHECK_EQ(1, cert_cache.cert_entry_size());
265 DCHECK_EQ(1, cert_cache.cache_entry_size());
266
267 for (int i = 0; i < cert_cache.cache_entry_size(); ++i) {
268 cronet_pb::CertVerificationCacheEntry* cache_entry =
269 cert_cache.mutable_cache_entry(i);
270 cronet_pb::CertVerificationRequestParams* request_params =
271 cache_entry->mutable_request_params();
272 // Set bogus hostname.
273 request_params->set_hostname("");
274 }
275
276 net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>());
277 EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2));
278 }
279
280 // A corrupted |flags| in |request_params| in the serialized data should
281 // fail to be deserialized. Should not deserialize a corrupted |flags|.
282 TEST(CertVerifierCacheSerializerTest, DeserializeRequestParamsNoFlags) {
283 net::CertVerifyResult verify_result;
284 net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>());
285 ASSERT_NO_FATAL_FAILURE(
286 VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result));
287 cronet_pb::CertVerificationCache cert_cache =
288 SerializeCertVerifierCache(verifier);
289 DCHECK_EQ(1, cert_cache.cert_entry_size());
290 DCHECK_EQ(1, cert_cache.cache_entry_size());
291
292 for (int i = 0; i < cert_cache.cache_entry_size(); ++i) {
293 cronet_pb::CertVerificationCacheEntry* cache_entry =
294 cert_cache.mutable_cache_entry(i);
295 cronet_pb::CertVerificationRequestParams* request_params =
296 cache_entry->mutable_request_params();
297 // Corrupt flags.
298 request_params->clear_flags();
299 }
300
301 net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>());
302 EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2));
303 }
304
305 // A corrupted |ocsp_response| in |request_params| in the serialized data should
306 // fail to be deserialized. Should not deserialize a corrupted |ocsp_response|.
307 TEST(CertVerifierCacheSerializerTest, DeserializeRequestParamsNoOcspResponse) {
308 net::CertVerifyResult verify_result;
309 net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>());
310 ASSERT_NO_FATAL_FAILURE(
311 VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result));
312 cronet_pb::CertVerificationCache cert_cache =
313 SerializeCertVerifierCache(verifier);
314 DCHECK_EQ(1, cert_cache.cert_entry_size());
315 DCHECK_EQ(1, cert_cache.cache_entry_size());
316
317 for (int i = 0; i < cert_cache.cache_entry_size(); ++i) {
318 cronet_pb::CertVerificationCacheEntry* cache_entry =
319 cert_cache.mutable_cache_entry(i);
320 cronet_pb::CertVerificationRequestParams* request_params =
321 cache_entry->mutable_request_params();
322 // Corrupt |ocsp_response|.
323 request_params->clear_ocsp_response();
324 }
325
326 net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>());
327 EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2));
328 }
329
330 // An empty certificate number in |request_params| in the serialized data should
331 // fail to be deserialized. Should not deserialize an empty certificate number.
332 TEST(CertVerifierCacheSerializerTest,
333 DeserializeRequestParamsCertificateNoCertNumbers) {
334 net::CertVerifyResult verify_result;
335 net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>());
336 ASSERT_NO_FATAL_FAILURE(
337 VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result));
338 cronet_pb::CertVerificationCache cert_cache =
339 SerializeCertVerifierCache(verifier);
340 DCHECK_EQ(1, cert_cache.cert_entry_size());
341 DCHECK_EQ(1, cert_cache.cache_entry_size());
342
343 for (int i = 0; i < cert_cache.cache_entry_size(); ++i) {
344 cronet_pb::CertVerificationCacheEntry* cache_entry =
345 cert_cache.mutable_cache_entry(i);
346 cronet_pb::CertVerificationRequestParams* request_params =
347 cache_entry->mutable_request_params();
348 cronet_pb::CertVerificationCertificate* certificate =
349 request_params->mutable_certificate();
350 // Corrupt certificate number.
351 certificate->clear_cert_numbers();
352 }
353
354 net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>());
355 EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2));
356 }
357
358 // An invalid certificate number in |request_params| in the serialized data
359 // should fail to be deserialized. Should not deserialize an invalid certificate
360 // number.
361 TEST(CertVerifierCacheSerializerTest,
362 DeserializeCorruptedRequestParamsCertNumbers) {
363 net::CertVerifyResult verify_result;
364 net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>());
365 ASSERT_NO_FATAL_FAILURE(
366 VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result));
367 cronet_pb::CertVerificationCache cert_cache =
368 SerializeCertVerifierCache(verifier);
369 DCHECK_EQ(1, cert_cache.cert_entry_size());
370 DCHECK_EQ(1, cert_cache.cache_entry_size());
371
372 for (int i = 0; i < cert_cache.cache_entry_size(); ++i) {
373 cronet_pb::CertVerificationCacheEntry* cache_entry =
374 cert_cache.mutable_cache_entry(i);
375 cronet_pb::CertVerificationRequestParams* request_params =
376 cache_entry->mutable_request_params();
377 cronet_pb::CertVerificationCertificate* certificate =
378 request_params->mutable_certificate();
379 // Set bogus certificate number.
380 certificate->set_cert_numbers(0, 100);
381 }
382
383 net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>());
384 EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2));
385 }
386
387 // A corrupted certificate number in |additional_trust_anchors| of
388 // |request_params| in the serialized data should fail to be deserialized.
389 // Should not deserialize a corrupted certificate number.
390 TEST(CertVerifierCacheSerializerTest,
391 DeserializeRequestParamsCertificateNoTrustAnchors) {
392 net::CertificateList ca_cert_list = net::CreateCertificateListFromFile(
393 net::GetTestCertsDirectory(), "root_ca_cert.pem",
394 net::X509Certificate::FORMAT_AUTO);
395 ASSERT_EQ(1U, ca_cert_list.size());
396 scoped_refptr<net::X509Certificate> ca_cert(ca_cert_list[0]);
397
398 net::CertificateList cert_list = net::CreateCertificateListFromFile(
399 net::GetTestCertsDirectory(), "ok_cert.pem",
400 net::X509Certificate::FORMAT_AUTO);
401 ASSERT_EQ(1U, cert_list.size());
402 scoped_refptr<net::X509Certificate> cert(cert_list[0]);
403
404 // Now add the |ca_cert| to the |trust_anchors|, and verification should pass.
405 net::CertificateList trust_anchors;
406 trust_anchors.push_back(ca_cert);
407
408 net::CertVerifyResult verify_result;
409 net::TestCompletionCallback callback;
410 std::unique_ptr<net::CertVerifier::Request> request;
411
412 net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>());
413 // Verify the |cert| with |trust_anchors|.
414 ignore_result(callback.GetResult(verifier.Verify(
415 net::CertVerifier::RequestParams(cert, "www.example.com", 0,
416 std::string(), trust_anchors),
417 nullptr, &verify_result, callback.callback(), &request,
418 net::BoundNetLog())));
419
420 cronet_pb::CertVerificationCache cert_cache =
421 SerializeCertVerifierCache(verifier);
422 DCHECK_EQ(2, cert_cache.cert_entry_size());
423 DCHECK_EQ(1, cert_cache.cache_entry_size());
424
425 for (int i = 0; i < cert_cache.cache_entry_size(); ++i) {
426 cronet_pb::CertVerificationCacheEntry* cache_entry =
427 cert_cache.mutable_cache_entry(i);
428 cronet_pb::CertVerificationRequestParams* request_params =
429 cache_entry->mutable_request_params();
430 for (int j = 0; j < request_params->additional_trust_anchors_size(); ++j) {
431 cronet_pb::CertVerificationCertificate* certificate =
432 request_params->mutable_additional_trust_anchors(j);
433 // Corrupt the certificate number in |additional_trust_anchors|.
434 certificate->clear_cert_numbers();
435 }
436 }
437
438 net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>());
439 EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2));
440 }
441
442 // A corrupted |cached_result| in the serialized data should fail to be
443 // deserialized. Should not deserialize a corrupted |cached_result|.
444 TEST(CertVerifierCacheSerializerTest, DeserializeCorruptedCachedResult) {
445 net::CertVerifyResult verify_result;
446 net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>());
447 ASSERT_NO_FATAL_FAILURE(
448 VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result));
449 cronet_pb::CertVerificationCache cert_cache =
450 SerializeCertVerifierCache(verifier);
451 DCHECK_EQ(1, cert_cache.cert_entry_size());
452 DCHECK_EQ(1, cert_cache.cache_entry_size());
453
454 for (int i = 0; i < cert_cache.cache_entry_size(); ++i) {
455 cronet_pb::CertVerificationCacheEntry* cache_entry =
456 cert_cache.mutable_cache_entry(i);
457 // Corrupt the |cached_result|.
458 cache_entry->clear_cached_result();
459 }
460
461 net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>());
462 EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2));
463 }
464
465 // A corrupted |error| in the serialized data should fail to be deserialized.
466 // Should not deserialize a corrupted |error|.
467 TEST(CertVerifierCacheSerializerTest, DeserializeCachedResultNoError) {
468 net::CertVerifyResult verify_result;
469 net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>());
470 ASSERT_NO_FATAL_FAILURE(
471 VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result));
472 cronet_pb::CertVerificationCache cert_cache =
473 SerializeCertVerifierCache(verifier);
474 DCHECK_EQ(1, cert_cache.cert_entry_size());
475 DCHECK_EQ(1, cert_cache.cache_entry_size());
476
477 for (int i = 0; i < cert_cache.cache_entry_size(); ++i) {
478 cronet_pb::CertVerificationCacheEntry* cache_entry =
479 cert_cache.mutable_cache_entry(i);
480 cronet_pb::CertVerificationCachedResult* cached_result =
481 cache_entry->mutable_cached_result();
482 // Corrupt |error|.
483 cached_result->clear_error();
484 }
485
486 net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>());
487 EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2));
488 }
489
490 // A corrupted |result| in the serialized data should fail to be deserialized.
491 // Should not deserialize a corrupted |result|.
492 TEST(CertVerifierCacheSerializerTest, DeserializeCachedResultNoResult) {
493 net::CertVerifyResult verify_result;
494 net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>());
495 ASSERT_NO_FATAL_FAILURE(
496 VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result));
497 cronet_pb::CertVerificationCache cert_cache =
498 SerializeCertVerifierCache(verifier);
499 DCHECK_EQ(1, cert_cache.cert_entry_size());
500 DCHECK_EQ(1, cert_cache.cache_entry_size());
501
502 for (int i = 0; i < cert_cache.cache_entry_size(); ++i) {
503 cronet_pb::CertVerificationCacheEntry* cache_entry =
504 cert_cache.mutable_cache_entry(i);
505 cronet_pb::CertVerificationCachedResult* cached_result =
506 cache_entry->mutable_cached_result();
507 // Corrupt the |result|.
508 cached_result->clear_result();
509 }
510
511 net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>());
512 EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2));
513 }
514
515 // A corrupted |cert_status| in the serialized data should fail to be
516 // deserialized. Should not deserialize a corrupted |cert_status|.
517 TEST(CertVerifierCacheSerializerTest, DeserializeCachedResultNoCertStatus) {
518 net::CertVerifyResult verify_result;
519 net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>());
520 ASSERT_NO_FATAL_FAILURE(
521 VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result));
522 cronet_pb::CertVerificationCache cert_cache =
523 SerializeCertVerifierCache(verifier);
524 DCHECK_EQ(1, cert_cache.cert_entry_size());
525 DCHECK_EQ(1, cert_cache.cache_entry_size());
526
527 for (int i = 0; i < cert_cache.cache_entry_size(); ++i) {
528 cronet_pb::CertVerificationCacheEntry* cache_entry =
529 cert_cache.mutable_cache_entry(i);
530 cronet_pb::CertVerificationCachedResult* cached_result =
531 cache_entry->mutable_cached_result();
532 cronet_pb::CertVerificationResult* result = cached_result->mutable_result();
533 // Corrupt the |cert_status|.
534 result->clear_cert_status();
535 }
536
537 net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>());
538 EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2));
539 }
540
541 // A corrupted |verification_time| in the serialized data should fail to be
542 // deserialized. Should not deserialize a corrupted |verification_time|.
543 TEST(CertVerifierCacheSerializerTest, DeserializeCachedResultNoVerifiedCert) {
544 net::CertVerifyResult verify_result;
545 net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>());
546 ASSERT_NO_FATAL_FAILURE(
547 VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result));
548 cronet_pb::CertVerificationCache cert_cache =
549 SerializeCertVerifierCache(verifier);
550 DCHECK_EQ(1, cert_cache.cert_entry_size());
551 DCHECK_EQ(1, cert_cache.cache_entry_size());
552
553 for (int i = 0; i < cert_cache.cache_entry_size(); ++i) {
554 cronet_pb::CertVerificationCacheEntry* cache_entry =
555 cert_cache.mutable_cache_entry(i);
556 cronet_pb::CertVerificationCachedResult* cached_result =
557 cache_entry->mutable_cached_result();
558 cronet_pb::CertVerificationResult* result = cached_result->mutable_result();
559 // Corrupt the |verified_cert|.
560 result->clear_verified_cert();
561 }
562
563 net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>());
564 EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2));
565 }
566
567 // A corrupted |verified_cert| in the serialized data should fail to be
568 // deserialized. Should not deserialize a corrupted |verified_cert|.
569 TEST(CertVerifierCacheSerializerTest,
570 DeserializeCachedResultNoVerifiedCertNumber) {
571 net::CertVerifyResult verify_result;
572 net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>());
573 ASSERT_NO_FATAL_FAILURE(
574 VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result));
575 cronet_pb::CertVerificationCache cert_cache =
576 SerializeCertVerifierCache(verifier);
577 DCHECK_EQ(1, cert_cache.cert_entry_size());
578 DCHECK_EQ(1, cert_cache.cache_entry_size());
579
580 for (int i = 0; i < cert_cache.cache_entry_size(); ++i) {
581 cronet_pb::CertVerificationCacheEntry* cache_entry =
582 cert_cache.mutable_cache_entry(i);
583 cronet_pb::CertVerificationCachedResult* cached_result =
584 cache_entry->mutable_cached_result();
585 cronet_pb::CertVerificationResult* result = cached_result->mutable_result();
586 result->clear_verified_cert();
587 // Corrupt the verified cert's certificate number.
588 cronet_pb::CertVerificationCertificate* certificate =
589 result->mutable_verified_cert();
590 certificate->clear_cert_numbers();
591 }
592
593 net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>());
594 EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2));
595 }
596
597 // An invalid certificate number of |verified_cert| in the serialized data
598 // should fail to be deserialized. Should not deserialize an invalid certificate
599 // number.
600 TEST(CertVerifierCacheSerializerTest,
601 DeserializeCorruptedCachedResultVerifiedCertNumber) {
602 net::CertVerifyResult verify_result;
603 net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>());
604 ASSERT_NO_FATAL_FAILURE(
605 VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result));
606 cronet_pb::CertVerificationCache cert_cache =
607 SerializeCertVerifierCache(verifier);
608 DCHECK_EQ(1, cert_cache.cert_entry_size());
609 DCHECK_EQ(1, cert_cache.cache_entry_size());
610
611 for (int i = 0; i < cert_cache.cache_entry_size(); ++i) {
612 cronet_pb::CertVerificationCacheEntry* cache_entry =
613 cert_cache.mutable_cache_entry(i);
614 cronet_pb::CertVerificationCachedResult* cached_result =
615 cache_entry->mutable_cached_result();
616 cronet_pb::CertVerificationResult* result = cached_result->mutable_result();
617 cronet_pb::CertVerificationCertificate* certificate =
618 result->mutable_verified_cert();
619 // Set bogus certificate number for |verified_cert|.
620 certificate->set_cert_numbers(0, 100);
621 }
622
623 net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>());
624 EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2));
625 }
626
627 // A corrupted |public_key_hashes| in the serialized data should fail to be
628 // deserialized. Should not deserialize a corrupted |public_key_hashes|.
629 TEST(CertVerifierCacheSerializerTest,
630 DeserializeCorruptedCachedResultPublicKeyHashes) {
631 net::CertVerifyResult verify_result;
632 net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>());
633 ASSERT_NO_FATAL_FAILURE(
634 VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result));
635 cronet_pb::CertVerificationCache cert_cache =
636 SerializeCertVerifierCache(verifier);
637 DCHECK_EQ(1, cert_cache.cert_entry_size());
638 DCHECK_EQ(1, cert_cache.cache_entry_size());
639
640 for (int i = 0; i < cert_cache.cache_entry_size(); ++i) {
641 cronet_pb::CertVerificationCacheEntry* cache_entry =
642 cert_cache.mutable_cache_entry(i);
643 cronet_pb::CertVerificationCachedResult* cached_result =
644 cache_entry->mutable_cached_result();
645 cronet_pb::CertVerificationResult* result = cached_result->mutable_result();
646 // Set bogus |public_key_hashes|.
647 result->add_public_key_hashes("");
648 }
649
650 net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>());
651 EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2));
652 }
653
654 // A corrupted |verification_time| in the serialized data should fail to be
655 // deserialized. Should not deserialize a corrupted |verification_time|.
656 TEST(CertVerifierCacheSerializerTest, DeserializeCorruptedVerificationTime) {
657 net::CertVerifyResult verify_result;
658 net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>());
659 ASSERT_NO_FATAL_FAILURE(
660 VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result));
661 cronet_pb::CertVerificationCache cert_cache =
662 SerializeCertVerifierCache(verifier);
663 DCHECK_EQ(1, cert_cache.cert_entry_size());
664 DCHECK_EQ(1, cert_cache.cache_entry_size());
665
666 for (int i = 0; i < cert_cache.cache_entry_size(); ++i) {
667 cronet_pb::CertVerificationCacheEntry* cache_entry =
668 cert_cache.mutable_cache_entry(i);
669 // Corrupt |verification_time|.
670 cache_entry->clear_verification_time();
671 }
672
673 net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>());
674 EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2));
675 }
676
677 } // namespace cronet
OLDNEW
« no previous file with comments | « components/cronet/android/cert/cert_verifier_cache_serializer.cc ('k') | components/cronet/android/cert/proto/cert_verification.proto » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698