Chromium Code Reviews Chromium Code Reviews
Issue 2021433004:
Cert - protobufs to serialize and deserialize CertVerifierCache. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@Add_support_for_walking_1999733002| Index: components/cronet/cert/cert_verifier_cache_persister_unittest.cc |
| diff --git a/components/cronet/cert/cert_verifier_cache_persister_unittest.cc b/components/cronet/cert/cert_verifier_cache_persister_unittest.cc |
| new file mode 100644 |
| index 0000000000000000000000000000000000000000..d00b88f978be4879fe918983bbbf963d578b10ec |
| --- /dev/null |
| +++ b/components/cronet/cert/cert_verifier_cache_persister_unittest.cc |
| @@ -0,0 +1,679 @@ |
| +// Copyright 2016 The Chromium Authors. All rights reserved. |
| +// Use of this source code is governed by a BSD-style license that can be |
| +// found in the LICENSE file. |
| + |
| +#include "components/cronet/cert/cert_verifier_cache_persister.h" |
| + |
| +#include <memory> |
| +#include <string> |
| + |
| +#include "base/android/path_utils.h" |
| +#include "base/files/file_path.h" |
| +#include "base/memory/ptr_util.h" |
| +#include "base/memory/ref_counted.h" |
| +#include "net/base/net_errors.h" |
| +#include "net/base/test_completion_callback.h" |
| +#include "net/base/test_data_directory.h" |
| +#include "net/cert/caching_cert_verifier.h" |
| +#include "net/cert/cert_verifier.h" |
| +#include "net/cert/cert_verify_result.h" |
| +#include "net/cert/mock_cert_verifier.h" |
| +#include "net/cert/x509_certificate.h" |
| +#include "net/log/net_log.h" |
| +#include "net/test/cert_test_util.h" |
| +#include "testing/gtest/include/gtest/gtest.h" |
| + |
| +namespace cronet { |
| + |
| +namespace { |
| + |
| +void VerifyCert(const std::string& cert_name, |
| + const std::string& hostname, |
| + net::CachingCertVerifier* verifier, |
| + net::CertVerifyResult* verify_result) { |
| + // Set up server certs. |
| + scoped_refptr<net::X509Certificate> cert( |
| + net::ImportCertFromFile(net::GetTestCertsDirectory(), cert_name)); |
| + ASSERT_TRUE(cert); |
| + |
| + net::TestCompletionCallback callback; |
| + std::unique_ptr<net::CertVerifier::Request> request; |
| + |
| + int error = callback.GetResult(verifier->Verify( |
| + net::CertVerifier::RequestParams(cert.get(), hostname, 0, std::string(), |
| + net::CertificateList()), |
| + nullptr, verify_result, callback.callback(), &request, |
| + net::BoundNetLog())); |
| + |
| + ASSERT_TRUE(net::IsCertificateError(error)); |
|
Ryan Sleevi
2016/06/21 20:31:03
BUG/SURPRISE: What part of the contract of VerifyC
ramant (doing other things)
2016/06/22 03:51:36
I am not an expert in this area. Was copying other
|
| +} |
| + |
| +} // namespace |
| + |
| +TEST(CertVerifierCachePersisterTest, RestoreEmptyData) { |
| + // Restoring empty data should fail. |
| + cronet_pb::CertVerificationCache cert_cache; |
| + net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>()); |
| + EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier)); |
| +} |
| + |
| +TEST(CertVerifierCachePersisterTest, SerializeCache) { |
| + net::CertVerifyResult verify_result; |
| + net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>()); |
| + ASSERT_NO_FATAL_FAILURE( |
| + VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result)); |
| + cronet_pb::CertVerificationCache cert_cache = |
| + SerializeCertVerifierCache(verifier); |
| + DCHECK_EQ(1, cert_cache.cert_entry_size()); |
| + DCHECK_EQ(1, cert_cache.cache_entry_size()); |
| +} |
| + |
| +// Create a new Verifier and restoring the data into it should succeed. |
| +TEST(CertVerifierCachePersisterTest, RestoreMultipleEntriesIntoNewVerifier) { |
| + scoped_refptr<net::X509Certificate> ok_cert( |
| + net::ImportCertFromFile(net::GetTestCertsDirectory(), "ok_cert.pem")); |
| + ASSERT_TRUE(ok_cert); |
| + |
| + const scoped_refptr<net::X509Certificate> root_cert = |
| + net::ImportCertFromFile(net::GetTestCertsDirectory(), "root_ca_cert.pem"); |
| + ASSERT_TRUE(root_cert); |
| + |
| + // Create a certificate that contains both a leaf and an intermediate/root. |
| + net::X509Certificate::OSCertHandles chain; |
| + chain.push_back(root_cert->os_cert_handle()); |
| + const scoped_refptr<net::X509Certificate> combined_cert = |
| + net::X509Certificate::CreateFromHandle(ok_cert->os_cert_handle(), chain); |
| + ASSERT_TRUE(combined_cert); |
| + |
| + int error; |
| + net::TestCompletionCallback callback; |
| + std::unique_ptr<net::CertVerifier::Request> request; |
| + |
| + // Verify www.example.com host's certificate. |
| + std::string example_hostname("www.example.com"); |
| + net::CertVerifyResult verifier1_result1; |
| + net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>()); |
| + error = callback.GetResult(verifier.Verify( |
| + net::CertVerifier::RequestParams(ok_cert, example_hostname, 0, |
| + std::string(), net::CertificateList()), |
| + nullptr, &verifier1_result1, callback.callback(), &request, |
| + net::BoundNetLog())); |
| + ASSERT_TRUE(net::IsCertificateError(error)); |
|
Ryan Sleevi
2016/06/21 20:31:02
Same comments apply throughout for the checks here
ramant (doing other things)
2016/06/22 03:51:37
Done.
|
| + |
| + // Verify www2.example.com host's certificate. |
| + std::string example2_hostname("www2.example.com"); |
| + net::CertVerifyResult verifier1_result2; |
| + error = callback.GetResult(verifier.Verify( |
| + net::CertVerifier::RequestParams(combined_cert, example2_hostname, 0, |
| + std::string(), net::CertificateList()), |
| + nullptr, &verifier1_result2, callback.callback(), &request, |
| + net::BoundNetLog())); |
| + ASSERT_TRUE(net::IsCertificateError(error)); |
| + |
| + cronet_pb::CertVerificationCache cert_cache = |
| + SerializeCertVerifierCache(verifier); |
| + DCHECK_EQ(2, cert_cache.cert_entry_size()); |
| + DCHECK_EQ(2, cert_cache.cache_entry_size()); |
| + |
| + net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>()); |
| + |
| + // Populate |verifier2|'s cache. |
| + EXPECT_TRUE(DeserializeCertVerifierCache(cert_cache, &verifier2)); |
| + |
| + // Verify the cert for www.example.com with |verifier2|. |
| + net::CertVerifyResult verifier2_result1; |
| + error = callback.GetResult(verifier2.Verify( |
| + net::CertVerifier::RequestParams(ok_cert, example_hostname, 0, |
| + std::string(), net::CertificateList()), |
| + nullptr, &verifier2_result1, callback.callback(), &request, |
| + net::BoundNetLog())); |
| + // Synchronous completion and verify it is same as serialized data for |
| + // www.example.com. |
|
Ryan Sleevi
2016/06/21 20:31:03
I highlighted before, but these comments (130-131)
ramant (doing other things)
2016/06/22 03:51:36
Done.
|
| + ASSERT_TRUE(net::IsCertificateError(error)); |
| + ASSERT_FALSE(request); |
| + EXPECT_EQ(verifier2_result1.cert_status, verifier1_result1.cert_status); |
|
Ryan Sleevi
2016/06/21 20:31:03
Document why you're checking here.
For example, w
ramant (doing other things)
2016/06/22 03:51:37
Added operator== to CertVerifyResult and used it h
|
| + |
| + // Verify the cert for www2.example.com with |verifier2|. |
| + net::CertVerifyResult verifier2_result2; |
| + error = callback.GetResult(verifier2.Verify( |
| + net::CertVerifier::RequestParams(combined_cert, example2_hostname, 0, |
| + std::string(), net::CertificateList()), |
| + nullptr, &verifier2_result2, callback.callback(), &request, |
|
Ryan Sleevi
2016/06/21 20:31:03
Why don't you use the VerifyCert helper here? What
ramant (doing other things)
2016/06/22 03:51:37
www2.example.com has certificate chain. VerifyCert
|
| + net::BoundNetLog())); |
| + // Synchronous completion and verify it is same as serialized data for |
| + // www2.example.com. |
| + ASSERT_TRUE(net::IsCertificateError(error)); |
| + ASSERT_FALSE(request); |
| + EXPECT_EQ(verifier2_result2.cert_status, verifier1_result2.cert_status); |
| +} |
| + |
| +// A corrupted cert_entry in the serialized data should fail to be deserialized. |
| +// Should not deserialize a corrupted cert_entry. |
|
Ryan Sleevi
2016/06/21 20:31:04
You updated this description, but failed to update
ramant (doing other things)
2016/06/22 03:51:36
Done.
|
| +TEST(CertVerifierCachePersisterTest, DeserializeCorruptedCerts) { |
| + net::CertVerifyResult verify_result; |
| + net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>()); |
| + ASSERT_NO_FATAL_FAILURE( |
| + VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result)); |
| + cronet_pb::CertVerificationCache cert_cache = |
| + SerializeCertVerifierCache(verifier); |
| + DCHECK_EQ(1, cert_cache.cert_entry_size()); |
| + DCHECK_EQ(1, cert_cache.cache_entry_size()); |
| + |
| + cert_cache.clear_cert_entry(); |
| + |
| + net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>()); |
| + EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2)); |
| +} |
| + |
| +// Corrupted |cache_entry| in the serialized data, should fail when |
| +// deserialized. |
|
Ryan Sleevi
2016/06/21 20:31:03
HERE1
ramant (doing other things)
2016/06/22 03:51:36
Done.
|
| +TEST(CertVerifierCachePersisterTest, DeserializeCorruptedCacheEntry) { |
| + net::CertVerifyResult verify_result; |
| + net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>()); |
| + ASSERT_NO_FATAL_FAILURE( |
| + VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result)); |
| + cronet_pb::CertVerificationCache cert_cache = |
| + SerializeCertVerifierCache(verifier); |
| + DCHECK_EQ(1, cert_cache.cert_entry_size()); |
| + DCHECK_EQ(1, cert_cache.cache_entry_size()); |
| + |
| + // Corrupt |cache_entry|. |
| + cert_cache.clear_cache_entry(); |
| + |
| + net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>()); |
| + EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2)); |
| +} |
| + |
| +// Corrupted |request_params| in the serialized data, should fail when |
| +// deserialized. |
|
Ryan Sleevi
2016/06/21 20:31:02
HERE1
ramant (doing other things)
2016/06/22 03:51:37
Done.
|
| +TEST(CertVerifierCachePersisterTest, DeserializeCorruptedRequestParams) { |
| + net::CertVerifyResult verify_result; |
| + net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>()); |
| + ASSERT_NO_FATAL_FAILURE( |
| + VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result)); |
| + cronet_pb::CertVerificationCache cert_cache = |
| + SerializeCertVerifierCache(verifier); |
| + DCHECK_EQ(1, cert_cache.cert_entry_size()); |
| + DCHECK_EQ(1, cert_cache.cache_entry_size()); |
| + |
| + for (int i = 0; i < cert_cache.cache_entry_size(); ++i) { |
| + cronet_pb::CertVerificationCacheEntry* cache_entry = |
| + cert_cache.mutable_cache_entry(i); |
| + // Corrupt |request_params|. |
| + cache_entry->clear_request_params(); |
| + } |
| + |
| + net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>()); |
| + EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2)); |
| +} |
| + |
| +// Corrupted |certificate| in |request_params| in the serialized data, should |
| +// fail when deserialized. |
|
Ryan Sleevi
2016/06/21 20:31:03
HERE1
ramant (doing other things)
2016/06/22 03:51:36
Done.
|
| +TEST(CertVerifierCachePersisterTest, DeserializeRequestParamsNoCertificate) { |
| + net::CertVerifyResult verify_result; |
| + net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>()); |
| + ASSERT_NO_FATAL_FAILURE( |
| + VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result)); |
| + cronet_pb::CertVerificationCache cert_cache = |
| + SerializeCertVerifierCache(verifier); |
| + DCHECK_EQ(1, cert_cache.cert_entry_size()); |
| + DCHECK_EQ(1, cert_cache.cache_entry_size()); |
| + |
| + for (int i = 0; i < cert_cache.cache_entry_size(); ++i) { |
| + cronet_pb::CertVerificationCacheEntry* cache_entry = |
| + cert_cache.mutable_cache_entry(i); |
| + cronet_pb::CertVerificationRequestParams* request_params = |
| + cache_entry->mutable_request_params(); |
| + // Corrupt certificate. |
| + request_params->clear_certificate(); |
| + } |
| + |
| + net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>()); |
| + EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2)); |
| +} |
| + |
| +// Corrupted |hostname| in |request_params| in the serialized data, should fail |
| +// when deserialized. |
|
Ryan Sleevi
2016/06/21 20:31:03
HERE1
ramant (doing other things)
2016/06/22 03:51:37
Done.
|
| +TEST(CertVerifierCachePersisterTest, DeserializeRequestParamsNoHostname) { |
| + net::CertVerifyResult verify_result; |
| + net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>()); |
| + ASSERT_NO_FATAL_FAILURE( |
| + VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result)); |
| + cronet_pb::CertVerificationCache cert_cache = |
| + SerializeCertVerifierCache(verifier); |
| + DCHECK_EQ(1, cert_cache.cert_entry_size()); |
| + DCHECK_EQ(1, cert_cache.cache_entry_size()); |
| + |
| + for (int i = 0; i < cert_cache.cache_entry_size(); ++i) { |
| + cronet_pb::CertVerificationCacheEntry* cache_entry = |
| + cert_cache.mutable_cache_entry(i); |
| + cronet_pb::CertVerificationRequestParams* request_params = |
| + cache_entry->mutable_request_params(); |
| + // Corrupt hostname. |
| + request_params->clear_hostname(); |
| + } |
| + |
| + net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>()); |
| + EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2)); |
| +} |
| + |
| +// Invalid |hostname| in |request_params| in the serialized data, should fail |
| +// when deserialized. |
|
Ryan Sleevi
2016/06/21 20:31:03
HERE1
ramant (doing other things)
2016/06/22 03:51:37
Done.
|
| +TEST(CertVerifierCachePersisterTest, DeserializeRequestParamsEmptyHostname) { |
| + net::CertVerifyResult verify_result; |
| + net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>()); |
| + ASSERT_NO_FATAL_FAILURE( |
| + VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result)); |
| + cronet_pb::CertVerificationCache cert_cache = |
| + SerializeCertVerifierCache(verifier); |
| + DCHECK_EQ(1, cert_cache.cert_entry_size()); |
| + DCHECK_EQ(1, cert_cache.cache_entry_size()); |
| + |
| + for (int i = 0; i < cert_cache.cache_entry_size(); ++i) { |
| + cronet_pb::CertVerificationCacheEntry* cache_entry = |
| + cert_cache.mutable_cache_entry(i); |
| + cronet_pb::CertVerificationRequestParams* request_params = |
| + cache_entry->mutable_request_params(); |
| + // Set bogus hostname. |
| + request_params->set_hostname(""); |
| + } |
| + |
| + net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>()); |
| + EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2)); |
| +} |
| + |
| +// Corrupted |flags| in |request_params| in the serialized data, should fail |
| +// when deserialized. |
|
Ryan Sleevi
2016/06/21 20:31:03
HERE1
ramant (doing other things)
2016/06/22 03:51:37
Done.
|
| +TEST(CertVerifierCachePersisterTest, DeserializeRequestParamsNoFlags) { |
| + net::CertVerifyResult verify_result; |
| + net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>()); |
| + ASSERT_NO_FATAL_FAILURE( |
| + VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result)); |
| + cronet_pb::CertVerificationCache cert_cache = |
| + SerializeCertVerifierCache(verifier); |
| + DCHECK_EQ(1, cert_cache.cert_entry_size()); |
| + DCHECK_EQ(1, cert_cache.cache_entry_size()); |
| + |
| + for (int i = 0; i < cert_cache.cache_entry_size(); ++i) { |
| + cronet_pb::CertVerificationCacheEntry* cache_entry = |
| + cert_cache.mutable_cache_entry(i); |
| + cronet_pb::CertVerificationRequestParams* request_params = |
| + cache_entry->mutable_request_params(); |
| + // Corrupt flags. |
| + request_params->clear_flags(); |
| + } |
| + |
| + net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>()); |
| + EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2)); |
| +} |
| + |
| +// Corrupted |ocsp_response| in |request_params| in the serialized data, should |
| +// fail when deserialized. |
|
Ryan Sleevi
2016/06/21 20:31:03
HERE1
ramant (doing other things)
2016/06/22 03:51:36
Done.
|
| +TEST(CertVerifierCachePersisterTest, DeserializeRequestParamsNoOcspResponse) { |
| + net::CertVerifyResult verify_result; |
| + net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>()); |
| + ASSERT_NO_FATAL_FAILURE( |
| + VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result)); |
| + cronet_pb::CertVerificationCache cert_cache = |
| + SerializeCertVerifierCache(verifier); |
| + DCHECK_EQ(1, cert_cache.cert_entry_size()); |
| + DCHECK_EQ(1, cert_cache.cache_entry_size()); |
| + |
| + for (int i = 0; i < cert_cache.cache_entry_size(); ++i) { |
| + cronet_pb::CertVerificationCacheEntry* cache_entry = |
| + cert_cache.mutable_cache_entry(i); |
| + cronet_pb::CertVerificationRequestParams* request_params = |
| + cache_entry->mutable_request_params(); |
| + // Corrupt |ocsp_response|. |
| + request_params->clear_ocsp_response(); |
| + } |
| + |
| + net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>()); |
| + EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2)); |
| +} |
| + |
| +// Empty certificate number in |request_params| in the serialized data, should |
| +// fail when deserialized. |
|
Ryan Sleevi
2016/06/21 20:31:03
HERE1
ramant (doing other things)
2016/06/22 03:51:36
Done.
|
| +TEST(CertVerifierCachePersisterTest, |
| + DeserializeRequestParamsCertificateNoCertNumbers) { |
| + net::CertVerifyResult verify_result; |
| + net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>()); |
| + ASSERT_NO_FATAL_FAILURE( |
| + VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result)); |
| + cronet_pb::CertVerificationCache cert_cache = |
| + SerializeCertVerifierCache(verifier); |
| + DCHECK_EQ(1, cert_cache.cert_entry_size()); |
| + DCHECK_EQ(1, cert_cache.cache_entry_size()); |
| + |
| + for (int i = 0; i < cert_cache.cache_entry_size(); ++i) { |
| + cronet_pb::CertVerificationCacheEntry* cache_entry = |
| + cert_cache.mutable_cache_entry(i); |
| + cronet_pb::CertVerificationRequestParams* request_params = |
| + cache_entry->mutable_request_params(); |
| + cronet_pb::CertVerificationCertificate* certificate = |
| + request_params->mutable_certificate(); |
| + // Corrupt certificate number. |
| + certificate->clear_cert_numbers(); |
| + } |
| + |
| + net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>()); |
| + EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2)); |
| +} |
| + |
| +// Invalid certificate number in |request_params| in the serialized data, should |
| +// fail when deserialized. |
|
Ryan Sleevi
2016/06/21 20:31:03
HERE1
ramant (doing other things)
2016/06/22 03:51:37
Done.
|
| +TEST(CertVerifierCachePersisterTest, |
| + DeserializeCorruptedRequestParamsCertNumbers) { |
| + net::CertVerifyResult verify_result; |
| + net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>()); |
| + ASSERT_NO_FATAL_FAILURE( |
| + VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result)); |
| + cronet_pb::CertVerificationCache cert_cache = |
| + SerializeCertVerifierCache(verifier); |
| + DCHECK_EQ(1, cert_cache.cert_entry_size()); |
| + DCHECK_EQ(1, cert_cache.cache_entry_size()); |
| + |
| + for (int i = 0; i < cert_cache.cache_entry_size(); ++i) { |
| + cronet_pb::CertVerificationCacheEntry* cache_entry = |
| + cert_cache.mutable_cache_entry(i); |
| + cronet_pb::CertVerificationRequestParams* request_params = |
| + cache_entry->mutable_request_params(); |
| + cronet_pb::CertVerificationCertificate* certificate = |
| + request_params->mutable_certificate(); |
| + // Set bogus certificate number. |
| + certificate->set_cert_numbers(0, 100); |
| + } |
| + |
| + net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>()); |
| + EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2)); |
| +} |
| + |
| +// Corrupted certificate number in |additional_trust_anchors| of |
| +// |request_params| in the serialized data, should fail when deserialized. |
|
Ryan Sleevi
2016/06/21 20:31:03
HERE1
ramant (doing other things)
2016/06/22 03:51:37
Done.
|
| +TEST(CertVerifierCachePersisterTest, |
| + DeserializeRequestParamsCertificateNoTrustAnchors) { |
| + net::CertificateList ca_cert_list = net::CreateCertificateListFromFile( |
| + net::GetTestCertsDirectory(), "root_ca_cert.pem", |
| + net::X509Certificate::FORMAT_AUTO); |
| + ASSERT_EQ(1U, ca_cert_list.size()); |
| + scoped_refptr<net::X509Certificate> ca_cert(ca_cert_list[0]); |
| + |
| + net::CertificateList cert_list = net::CreateCertificateListFromFile( |
| + net::GetTestCertsDirectory(), "ok_cert.pem", |
| + net::X509Certificate::FORMAT_AUTO); |
| + ASSERT_EQ(1U, cert_list.size()); |
| + scoped_refptr<net::X509Certificate> cert(cert_list[0]); |
| + |
| + // Now add the |ca_cert| to the |trust_anchors|, and verification should pass. |
| + net::CertificateList trust_anchors; |
| + trust_anchors.push_back(ca_cert); |
| + |
| + int error; |
| + net::CertVerifyResult verify_result; |
| + net::TestCompletionCallback callback; |
| + std::unique_ptr<net::CertVerifier::Request> request; |
| + |
| + net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>()); |
| + error = callback.GetResult(verifier.Verify( |
| + net::CertVerifier::RequestParams(cert, "www.example.com", 0, |
| + std::string(), trust_anchors), |
| + nullptr, &verify_result, callback.callback(), &request, |
| + net::BoundNetLog())); |
| + EXPECT_TRUE(net::IsCertificateError(error)); |
|
Ryan Sleevi
2016/06/21 20:31:03
Why don't you use the VerifyCert() helper like you
ramant (doing other things)
2016/06/22 03:51:37
In this test, we are verifying with trust_anchors.
|
| + |
| + cronet_pb::CertVerificationCache cert_cache = |
| + SerializeCertVerifierCache(verifier); |
| + DCHECK_EQ(2, cert_cache.cert_entry_size()); |
| + DCHECK_EQ(1, cert_cache.cache_entry_size()); |
| + |
| + for (int i = 0; i < cert_cache.cache_entry_size(); ++i) { |
| + cronet_pb::CertVerificationCacheEntry* cache_entry = |
| + cert_cache.mutable_cache_entry(i); |
| + cronet_pb::CertVerificationRequestParams* request_params = |
| + cache_entry->mutable_request_params(); |
| + for (int j = 0; j < request_params->additional_trust_anchors_size(); ++j) { |
| + cronet_pb::CertVerificationCertificate* certificate = |
| + request_params->mutable_additional_trust_anchors(j); |
| + // Corrupt the certificate number in |additional_trust_anchors|. |
| + certificate->clear_cert_numbers(); |
| + } |
| + } |
| + |
| + net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>()); |
| + EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2)); |
| +} |
| + |
| +// Corrupted |cached_result| in the serialized data, should fail when |
| +// deserialized. |
|
Ryan Sleevi
2016/06/21 20:31:03
HERE1
ramant (doing other things)
2016/06/22 03:51:36
Done.
|
| +TEST(CertVerifierCachePersisterTest, DeserializeCorruptedCachedResult) { |
| + net::CertVerifyResult verify_result; |
| + net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>()); |
| + ASSERT_NO_FATAL_FAILURE( |
| + VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result)); |
| + cronet_pb::CertVerificationCache cert_cache = |
| + SerializeCertVerifierCache(verifier); |
| + DCHECK_EQ(1, cert_cache.cert_entry_size()); |
| + DCHECK_EQ(1, cert_cache.cache_entry_size()); |
| + |
| + for (int i = 0; i < cert_cache.cache_entry_size(); ++i) { |
| + cronet_pb::CertVerificationCacheEntry* cache_entry = |
| + cert_cache.mutable_cache_entry(i); |
| + // Corrupt the |cached_result|. |
| + cache_entry->clear_cached_result(); |
| + } |
| + |
| + net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>()); |
| + EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2)); |
| +} |
| + |
| +// Corrupted |error| in the serialized data, should fail when deserialized. |
| +TEST(CertVerifierCachePersisterTest, DeserializeCachedResultNoError) { |
| + net::CertVerifyResult verify_result; |
| + net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>()); |
| + ASSERT_NO_FATAL_FAILURE( |
| + VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result)); |
| + cronet_pb::CertVerificationCache cert_cache = |
| + SerializeCertVerifierCache(verifier); |
| + DCHECK_EQ(1, cert_cache.cert_entry_size()); |
| + DCHECK_EQ(1, cert_cache.cache_entry_size()); |
| + |
| + for (int i = 0; i < cert_cache.cache_entry_size(); ++i) { |
| + cronet_pb::CertVerificationCacheEntry* cache_entry = |
| + cert_cache.mutable_cache_entry(i); |
| + cronet_pb::CertVerificationCachedResult* cached_result = |
| + cache_entry->mutable_cached_result(); |
| + // Corrupt |error|. |
| + cached_result->clear_error(); |
| + } |
| + |
| + net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>()); |
| + EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2)); |
| +} |
| + |
| +// Corrupted |result| (CertVerifyResult) in the serialized data, should fail |
| +// when deserialized. |
|
Ryan Sleevi
2016/06/21 20:31:03
HERE1
ramant (doing other things)
2016/06/22 03:51:37
Done.
|
| +TEST(CertVerifierCachePersisterTest, DeserializeCachedResultNoResult) { |
| + net::CertVerifyResult verify_result; |
| + net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>()); |
| + ASSERT_NO_FATAL_FAILURE( |
| + VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result)); |
| + cronet_pb::CertVerificationCache cert_cache = |
| + SerializeCertVerifierCache(verifier); |
| + DCHECK_EQ(1, cert_cache.cert_entry_size()); |
| + DCHECK_EQ(1, cert_cache.cache_entry_size()); |
| + |
| + for (int i = 0; i < cert_cache.cache_entry_size(); ++i) { |
| + cronet_pb::CertVerificationCacheEntry* cache_entry = |
| + cert_cache.mutable_cache_entry(i); |
| + cronet_pb::CertVerificationCachedResult* cached_result = |
| + cache_entry->mutable_cached_result(); |
| + // Corrupt the |result|. |
| + cached_result->clear_result(); |
| + } |
| + |
| + net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>()); |
| + EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2)); |
| +} |
| + |
| +// Corrupted |cert_status| in the serialized data, should fail when |
| +// deserialized. |
|
Ryan Sleevi
2016/06/21 20:31:03
HERE1
ramant (doing other things)
2016/06/22 03:51:37
Done.
|
| +TEST(CertVerifierCachePersisterTest, DeserializeCachedResultNoCertStatus) { |
| + net::CertVerifyResult verify_result; |
| + net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>()); |
| + ASSERT_NO_FATAL_FAILURE( |
| + VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result)); |
| + cronet_pb::CertVerificationCache cert_cache = |
| + SerializeCertVerifierCache(verifier); |
| + DCHECK_EQ(1, cert_cache.cert_entry_size()); |
| + DCHECK_EQ(1, cert_cache.cache_entry_size()); |
| + |
| + for (int i = 0; i < cert_cache.cache_entry_size(); ++i) { |
| + cronet_pb::CertVerificationCacheEntry* cache_entry = |
| + cert_cache.mutable_cache_entry(i); |
| + cronet_pb::CertVerificationCachedResult* cached_result = |
| + cache_entry->mutable_cached_result(); |
| + cronet_pb::CertVerificationResult* result = cached_result->mutable_result(); |
| + // Corrupt the |cert_status|. |
| + result->clear_cert_status(); |
| + } |
| + |
| + net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>()); |
| + EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2)); |
| +} |
| + |
| +// Corrupted |verification_time| in the serialized data, should fail when |
| +// deserialized. |
|
Ryan Sleevi
2016/06/21 20:31:02
HERE1
ramant (doing other things)
2016/06/22 03:51:37
Done.
|
| +TEST(CertVerifierCachePersisterTest, DeserializeCachedResultNoVerifiedCert) { |
| + net::CertVerifyResult verify_result; |
| + net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>()); |
| + ASSERT_NO_FATAL_FAILURE( |
| + VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result)); |
| + cronet_pb::CertVerificationCache cert_cache = |
| + SerializeCertVerifierCache(verifier); |
| + DCHECK_EQ(1, cert_cache.cert_entry_size()); |
| + DCHECK_EQ(1, cert_cache.cache_entry_size()); |
| + |
| + for (int i = 0; i < cert_cache.cache_entry_size(); ++i) { |
| + cronet_pb::CertVerificationCacheEntry* cache_entry = |
| + cert_cache.mutable_cache_entry(i); |
| + cronet_pb::CertVerificationCachedResult* cached_result = |
| + cache_entry->mutable_cached_result(); |
| + cronet_pb::CertVerificationResult* result = cached_result->mutable_result(); |
| + // Corrupt the |verified_cert|. |
| + result->clear_verified_cert(); |
| + } |
| + |
| + net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>()); |
| + EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2)); |
| +} |
| + |
| +// Corrupted |verified_cert| in the serialized data, should fail when |
| +// deserialized. |
|
Ryan Sleevi
2016/06/21 20:31:03
HERE1
ramant (doing other things)
2016/06/22 03:51:37
Done.
|
| +TEST(CertVerifierCachePersisterTest, |
| + DeserializeCachedResultNoVerifiedCertNumber) { |
| + net::CertVerifyResult verify_result; |
| + net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>()); |
| + ASSERT_NO_FATAL_FAILURE( |
| + VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result)); |
| + cronet_pb::CertVerificationCache cert_cache = |
| + SerializeCertVerifierCache(verifier); |
| + DCHECK_EQ(1, cert_cache.cert_entry_size()); |
| + DCHECK_EQ(1, cert_cache.cache_entry_size()); |
| + |
| + for (int i = 0; i < cert_cache.cache_entry_size(); ++i) { |
| + cronet_pb::CertVerificationCacheEntry* cache_entry = |
| + cert_cache.mutable_cache_entry(i); |
| + cronet_pb::CertVerificationCachedResult* cached_result = |
| + cache_entry->mutable_cached_result(); |
| + cronet_pb::CertVerificationResult* result = cached_result->mutable_result(); |
| + result->clear_verified_cert(); |
| + // Corrupt the verified cert's certificate number. |
| + cronet_pb::CertVerificationCertificate* certificate = |
| + result->mutable_verified_cert(); |
| + certificate->clear_cert_numbers(); |
| + } |
| + |
| + net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>()); |
| + EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2)); |
| +} |
| + |
| +// Invalid certificate number of |verified_cert| in the serialized data, |
| +// should fail when deserialized. |
|
Ryan Sleevi
2016/06/21 20:31:04
HERE1
ramant (doing other things)
2016/06/22 03:51:36
Done.
|
| +TEST(CertVerifierCachePersisterTest, |
| + DeserializeCorruptedCachedResultVerifiedCertNumber) { |
| + net::CertVerifyResult verify_result; |
| + net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>()); |
| + ASSERT_NO_FATAL_FAILURE( |
| + VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result)); |
| + cronet_pb::CertVerificationCache cert_cache = |
| + SerializeCertVerifierCache(verifier); |
| + DCHECK_EQ(1, cert_cache.cert_entry_size()); |
| + DCHECK_EQ(1, cert_cache.cache_entry_size()); |
| + |
| + for (int i = 0; i < cert_cache.cache_entry_size(); ++i) { |
| + cronet_pb::CertVerificationCacheEntry* cache_entry = |
| + cert_cache.mutable_cache_entry(i); |
| + cronet_pb::CertVerificationCachedResult* cached_result = |
| + cache_entry->mutable_cached_result(); |
| + cronet_pb::CertVerificationResult* result = cached_result->mutable_result(); |
| + cronet_pb::CertVerificationCertificate* certificate = |
| + result->mutable_verified_cert(); |
| + // Set bogus certificate number for |verified_cert|. |
| + certificate->set_cert_numbers(0, 100); |
| + } |
| + |
| + net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>()); |
| + EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2)); |
| +} |
| + |
| +// Corrupted |public_key_hashes| in the serialized data, should fail when |
| +// deserialized. |
|
Ryan Sleevi
2016/06/21 20:31:03
HERE1
ramant (doing other things)
2016/06/22 03:51:37
Done.
|
| +TEST(CertVerifierCachePersisterTest, |
| + DeserializeCorruptedCachedResultPublicKeyHashes) { |
| + net::CertVerifyResult verify_result; |
| + net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>()); |
| + ASSERT_NO_FATAL_FAILURE( |
| + VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result)); |
| + cronet_pb::CertVerificationCache cert_cache = |
| + SerializeCertVerifierCache(verifier); |
| + DCHECK_EQ(1, cert_cache.cert_entry_size()); |
| + DCHECK_EQ(1, cert_cache.cache_entry_size()); |
| + |
| + for (int i = 0; i < cert_cache.cache_entry_size(); ++i) { |
| + cronet_pb::CertVerificationCacheEntry* cache_entry = |
| + cert_cache.mutable_cache_entry(i); |
| + cronet_pb::CertVerificationCachedResult* cached_result = |
| + cache_entry->mutable_cached_result(); |
| + cronet_pb::CertVerificationResult* result = cached_result->mutable_result(); |
| + // Set bogus |public_key_hashes|. |
| + result->add_public_key_hashes(""); |
| + } |
| + |
| + net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>()); |
| + EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2)); |
| +} |
| + |
| +// Corrupted |verification_time| in the serialized data, should fail when |
| +// deserialized. |
|
Ryan Sleevi
2016/06/21 20:31:02
HERE1
ramant (doing other things)
2016/06/22 03:51:36
Done.
|
| +TEST(CertVerifierCachePersisterTest, DeserializeCorruptedVerificationTime) { |
| + net::CertVerifyResult verify_result; |
| + net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>()); |
| + ASSERT_NO_FATAL_FAILURE( |
| + VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result)); |
| + cronet_pb::CertVerificationCache cert_cache = |
| + SerializeCertVerifierCache(verifier); |
| + DCHECK_EQ(1, cert_cache.cert_entry_size()); |
| + DCHECK_EQ(1, cert_cache.cache_entry_size()); |
| + |
| + for (int i = 0; i < cert_cache.cache_entry_size(); ++i) { |
| + cronet_pb::CertVerificationCacheEntry* cache_entry = |
| + cert_cache.mutable_cache_entry(i); |
| + // Corrupt |verification_time|. |
| + cache_entry->clear_verification_time(); |
| + } |
| + |
| + net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>()); |
| + EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2)); |
| +} |
| + |
| +} // namespace cronet |
