| Index: components/cronet/android/cert/cert_verifier_cache_serializer_unittest.cc
|
| diff --git a/components/cronet/android/cert/cert_verifier_cache_serializer_unittest.cc b/components/cronet/android/cert/cert_verifier_cache_serializer_unittest.cc
|
| new file mode 100644
|
| index 0000000000000000000000000000000000000000..f08b92ab98ef962aba1dd54de8c38e641aba0859
|
| --- /dev/null
|
| +++ b/components/cronet/android/cert/cert_verifier_cache_serializer_unittest.cc
|
| @@ -0,0 +1,677 @@
|
| +// Copyright 2016 The Chromium Authors. All rights reserved.
|
| +// Use of this source code is governed by a BSD-style license that can be
|
| +// found in the LICENSE file.
|
| +
|
| +#include "components/cronet/android/cert/cert_verifier_cache_serializer.h"
|
| +
|
| +#include <memory>
|
| +#include <string>
|
| +
|
| +#include "base/android/path_utils.h"
|
| +#include "base/files/file_path.h"
|
| +#include "base/memory/ptr_util.h"
|
| +#include "base/memory/ref_counted.h"
|
| +#include "components/cronet/android/cert/proto/cert_verification.pb.h"
|
| +#include "net/base/net_errors.h"
|
| +#include "net/base/test_completion_callback.h"
|
| +#include "net/cert/caching_cert_verifier.h"
|
| +#include "net/cert/cert_verifier.h"
|
| +#include "net/cert/cert_verify_result.h"
|
| +#include "net/cert/mock_cert_verifier.h"
|
| +#include "net/cert/x509_certificate.h"
|
| +#include "net/log/net_log.h"
|
| +#include "net/test/cert_test_util.h"
|
| +#include "net/test/test_data_directory.h"
|
| +#include "testing/gtest/include/gtest/gtest.h"
|
| +
|
| +namespace cronet {
|
| +
|
| +namespace {
|
| +
|
| +// Helper function that verifies the cerificate with the given |cert_name|
|
| +// against the given |hostname| using the given |verifier|. Result from the cert
|
| +// verification is ignored.
|
| +void VerifyCert(const std::string& cert_name,
|
| + const std::string& hostname,
|
| + net::CachingCertVerifier* verifier,
|
| + net::CertVerifyResult* verify_result) {
|
| + // Set up server certs.
|
| + scoped_refptr<net::X509Certificate> cert(
|
| + net::ImportCertFromFile(net::GetTestCertsDirectory(), cert_name));
|
| + ASSERT_TRUE(cert);
|
| +
|
| + net::TestCompletionCallback callback;
|
| + std::unique_ptr<net::CertVerifier::Request> request;
|
| +
|
| + ignore_result(callback.GetResult(verifier->Verify(
|
| + net::CertVerifier::RequestParams(cert.get(), hostname, 0, std::string(),
|
| + net::CertificateList()),
|
| + nullptr, verify_result, callback.callback(), &request,
|
| + net::BoundNetLog())));
|
| +}
|
| +
|
| +} // namespace
|
| +
|
| +TEST(CertVerifierCacheSerializerTest, RestoreEmptyData) {
|
| + // Restoring empty data should fail.
|
| + cronet_pb::CertVerificationCache cert_cache;
|
| + net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>());
|
| + EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier));
|
| +}
|
| +
|
| +TEST(CertVerifierCacheSerializerTest, SerializeCache) {
|
| + net::CertVerifyResult verify_result;
|
| + net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>());
|
| + ASSERT_NO_FATAL_FAILURE(
|
| + VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result));
|
| + cronet_pb::CertVerificationCache cert_cache =
|
| + SerializeCertVerifierCache(verifier);
|
| + // Verify atleast one certificate is serialized.
|
| + DCHECK_EQ(1, cert_cache.cert_entry_size());
|
| + DCHECK_EQ(1, cert_cache.cache_entry_size());
|
| +}
|
| +
|
| +// Create a new Verifier and restoring the data into it should succeed.
|
| +TEST(CertVerifierCacheSerializerTest, RestoreMultipleEntriesIntoNewVerifier) {
|
| + scoped_refptr<net::X509Certificate> ok_cert(
|
| + net::ImportCertFromFile(net::GetTestCertsDirectory(), "ok_cert.pem"));
|
| + ASSERT_TRUE(ok_cert);
|
| +
|
| + const scoped_refptr<net::X509Certificate> root_cert =
|
| + net::ImportCertFromFile(net::GetTestCertsDirectory(), "root_ca_cert.pem");
|
| + ASSERT_TRUE(root_cert);
|
| +
|
| + net::TestCompletionCallback callback;
|
| + std::unique_ptr<net::CertVerifier::Request> request;
|
| +
|
| + // Verify www.example.com host's certificate.
|
| + std::string example_hostname("www.example.com");
|
| + net::CertVerifyResult verifier1_result1;
|
| + net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>());
|
| + ASSERT_NO_FATAL_FAILURE(VerifyCert("ok_cert.pem", example_hostname, &verifier,
|
| + &verifier1_result1));
|
| +
|
| + // Verify www2.example.com host's certificate.
|
| + std::string example2_hostname("www2.example.com");
|
| + net::CertVerifyResult verifier1_result2;
|
| +
|
| + // Create a certificate that contains both a leaf and an intermediate/root and
|
| + // use that certificate for www2.example.com.
|
| + net::X509Certificate::OSCertHandles chain;
|
| + chain.push_back(root_cert->os_cert_handle());
|
| + const scoped_refptr<net::X509Certificate> combined_cert =
|
| + net::X509Certificate::CreateFromHandle(ok_cert->os_cert_handle(), chain);
|
| + ASSERT_TRUE(combined_cert);
|
| +
|
| + ignore_result(callback.GetResult(verifier.Verify(
|
| + net::CertVerifier::RequestParams(combined_cert, example2_hostname, 0,
|
| + std::string(), net::CertificateList()),
|
| + nullptr, &verifier1_result2, callback.callback(), &request,
|
| + net::BoundNetLog())));
|
| +
|
| + cronet_pb::CertVerificationCache cert_cache =
|
| + SerializeCertVerifierCache(verifier);
|
| + // Verify two certificates are serialized.
|
| + DCHECK_EQ(2, cert_cache.cert_entry_size());
|
| + DCHECK_EQ(2, cert_cache.cache_entry_size());
|
| +
|
| + net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>());
|
| +
|
| + // Populate |verifier2|'s cache.
|
| + EXPECT_TRUE(DeserializeCertVerifierCache(cert_cache, &verifier2));
|
| +
|
| + // Verify the cert for www.example.com with |verifier2|.
|
| + net::CertVerifyResult verifier2_result1;
|
| + ASSERT_NO_FATAL_FAILURE(VerifyCert("ok_cert.pem", example_hostname,
|
| + &verifier2, &verifier2_result1));
|
| +
|
| + // CertVerifyResult for www.example.com with |verifier2| should match
|
| + // what was serialized with |verifier|.
|
| + EXPECT_EQ(verifier2_result1, verifier1_result1);
|
| +
|
| + // Verify the cert for www2.example.com with |verifier2|.
|
| + net::CertVerifyResult verifier2_result2;
|
| + ignore_result(callback.GetResult(verifier2.Verify(
|
| + net::CertVerifier::RequestParams(combined_cert, example2_hostname, 0,
|
| + std::string(), net::CertificateList()),
|
| + nullptr, &verifier2_result2, callback.callback(), &request,
|
| + net::BoundNetLog())));
|
| +
|
| + // CertVerifyResult for www2.example.com with |verifier2| should match
|
| + // what was serialized with |verifier|.
|
| + EXPECT_EQ(verifier2_result2, verifier1_result2);
|
| +}
|
| +
|
| +// A corrupted cert_entry in the serialized data should fail to be deserialized.
|
| +// Should not deserialize a corrupted cert_entry.
|
| +TEST(CertVerifierCacheSerializerTest, DeserializeCorruptedCerts) {
|
| + net::CertVerifyResult verify_result;
|
| + net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>());
|
| + ASSERT_NO_FATAL_FAILURE(
|
| + VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result));
|
| + cronet_pb::CertVerificationCache cert_cache =
|
| + SerializeCertVerifierCache(verifier);
|
| + DCHECK_EQ(1, cert_cache.cert_entry_size());
|
| + DCHECK_EQ(1, cert_cache.cache_entry_size());
|
| +
|
| + cert_cache.clear_cert_entry();
|
| +
|
| + net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>());
|
| + EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2));
|
| +}
|
| +
|
| +// A corrupted |cache_entry| in the serialized data should fail to be
|
| +// deserialized. Should not deserialize a corrupted |cert_entry|.
|
| +TEST(CertVerifierCacheSerializerTest, DeserializeCorruptedCacheEntry) {
|
| + net::CertVerifyResult verify_result;
|
| + net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>());
|
| + ASSERT_NO_FATAL_FAILURE(
|
| + VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result));
|
| + cronet_pb::CertVerificationCache cert_cache =
|
| + SerializeCertVerifierCache(verifier);
|
| + DCHECK_EQ(1, cert_cache.cert_entry_size());
|
| + DCHECK_EQ(1, cert_cache.cache_entry_size());
|
| +
|
| + // Corrupt |cache_entry|.
|
| + cert_cache.clear_cache_entry();
|
| +
|
| + net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>());
|
| + EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2));
|
| +}
|
| +
|
| +// A corrupted |request_params| in the serialized data should fail to be
|
| +// deserialized. Should not deserialize a corrupted |request_params|.
|
| +TEST(CertVerifierCacheSerializerTest, DeserializeCorruptedRequestParams) {
|
| + net::CertVerifyResult verify_result;
|
| + net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>());
|
| + ASSERT_NO_FATAL_FAILURE(
|
| + VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result));
|
| + cronet_pb::CertVerificationCache cert_cache =
|
| + SerializeCertVerifierCache(verifier);
|
| + DCHECK_EQ(1, cert_cache.cert_entry_size());
|
| + DCHECK_EQ(1, cert_cache.cache_entry_size());
|
| +
|
| + for (int i = 0; i < cert_cache.cache_entry_size(); ++i) {
|
| + cronet_pb::CertVerificationCacheEntry* cache_entry =
|
| + cert_cache.mutable_cache_entry(i);
|
| + // Corrupt |request_params|.
|
| + cache_entry->clear_request_params();
|
| + }
|
| +
|
| + net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>());
|
| + EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2));
|
| +}
|
| +
|
| +// A corrupted |certificate| in |request_params| in the serialized data should
|
| +// fail to be deserialized. Should not deserialize a corrupted |certificate|.
|
| +TEST(CertVerifierCacheSerializerTest, DeserializeRequestParamsNoCertificate) {
|
| + net::CertVerifyResult verify_result;
|
| + net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>());
|
| + ASSERT_NO_FATAL_FAILURE(
|
| + VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result));
|
| + cronet_pb::CertVerificationCache cert_cache =
|
| + SerializeCertVerifierCache(verifier);
|
| + DCHECK_EQ(1, cert_cache.cert_entry_size());
|
| + DCHECK_EQ(1, cert_cache.cache_entry_size());
|
| +
|
| + for (int i = 0; i < cert_cache.cache_entry_size(); ++i) {
|
| + cronet_pb::CertVerificationCacheEntry* cache_entry =
|
| + cert_cache.mutable_cache_entry(i);
|
| + cronet_pb::CertVerificationRequestParams* request_params =
|
| + cache_entry->mutable_request_params();
|
| + // Corrupt certificate.
|
| + request_params->clear_certificate();
|
| + }
|
| +
|
| + net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>());
|
| + EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2));
|
| +}
|
| +
|
| +// A corrupted |hostname| in |request_params| in the serialized data should
|
| +// fail to be deserialized. Should not deserialize a corrupted |hostname|.
|
| +TEST(CertVerifierCacheSerializerTest, DeserializeRequestParamsNoHostname) {
|
| + net::CertVerifyResult verify_result;
|
| + net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>());
|
| + ASSERT_NO_FATAL_FAILURE(
|
| + VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result));
|
| + cronet_pb::CertVerificationCache cert_cache =
|
| + SerializeCertVerifierCache(verifier);
|
| + DCHECK_EQ(1, cert_cache.cert_entry_size());
|
| + DCHECK_EQ(1, cert_cache.cache_entry_size());
|
| +
|
| + for (int i = 0; i < cert_cache.cache_entry_size(); ++i) {
|
| + cronet_pb::CertVerificationCacheEntry* cache_entry =
|
| + cert_cache.mutable_cache_entry(i);
|
| + cronet_pb::CertVerificationRequestParams* request_params =
|
| + cache_entry->mutable_request_params();
|
| + // Corrupt hostname.
|
| + request_params->clear_hostname();
|
| + }
|
| +
|
| + net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>());
|
| + EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2));
|
| +}
|
| +
|
| +// An invalid |hostname| in |request_params| in the serialized data should
|
| +// fail to be deserialized. Should not deserialize an invalid |hostname|.
|
| +TEST(CertVerifierCacheSerializerTest, DeserializeRequestParamsEmptyHostname) {
|
| + net::CertVerifyResult verify_result;
|
| + net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>());
|
| + ASSERT_NO_FATAL_FAILURE(
|
| + VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result));
|
| + cronet_pb::CertVerificationCache cert_cache =
|
| + SerializeCertVerifierCache(verifier);
|
| + DCHECK_EQ(1, cert_cache.cert_entry_size());
|
| + DCHECK_EQ(1, cert_cache.cache_entry_size());
|
| +
|
| + for (int i = 0; i < cert_cache.cache_entry_size(); ++i) {
|
| + cronet_pb::CertVerificationCacheEntry* cache_entry =
|
| + cert_cache.mutable_cache_entry(i);
|
| + cronet_pb::CertVerificationRequestParams* request_params =
|
| + cache_entry->mutable_request_params();
|
| + // Set bogus hostname.
|
| + request_params->set_hostname("");
|
| + }
|
| +
|
| + net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>());
|
| + EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2));
|
| +}
|
| +
|
| +// A corrupted |flags| in |request_params| in the serialized data should
|
| +// fail to be deserialized. Should not deserialize a corrupted |flags|.
|
| +TEST(CertVerifierCacheSerializerTest, DeserializeRequestParamsNoFlags) {
|
| + net::CertVerifyResult verify_result;
|
| + net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>());
|
| + ASSERT_NO_FATAL_FAILURE(
|
| + VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result));
|
| + cronet_pb::CertVerificationCache cert_cache =
|
| + SerializeCertVerifierCache(verifier);
|
| + DCHECK_EQ(1, cert_cache.cert_entry_size());
|
| + DCHECK_EQ(1, cert_cache.cache_entry_size());
|
| +
|
| + for (int i = 0; i < cert_cache.cache_entry_size(); ++i) {
|
| + cronet_pb::CertVerificationCacheEntry* cache_entry =
|
| + cert_cache.mutable_cache_entry(i);
|
| + cronet_pb::CertVerificationRequestParams* request_params =
|
| + cache_entry->mutable_request_params();
|
| + // Corrupt flags.
|
| + request_params->clear_flags();
|
| + }
|
| +
|
| + net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>());
|
| + EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2));
|
| +}
|
| +
|
| +// A corrupted |ocsp_response| in |request_params| in the serialized data should
|
| +// fail to be deserialized. Should not deserialize a corrupted |ocsp_response|.
|
| +TEST(CertVerifierCacheSerializerTest, DeserializeRequestParamsNoOcspResponse) {
|
| + net::CertVerifyResult verify_result;
|
| + net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>());
|
| + ASSERT_NO_FATAL_FAILURE(
|
| + VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result));
|
| + cronet_pb::CertVerificationCache cert_cache =
|
| + SerializeCertVerifierCache(verifier);
|
| + DCHECK_EQ(1, cert_cache.cert_entry_size());
|
| + DCHECK_EQ(1, cert_cache.cache_entry_size());
|
| +
|
| + for (int i = 0; i < cert_cache.cache_entry_size(); ++i) {
|
| + cronet_pb::CertVerificationCacheEntry* cache_entry =
|
| + cert_cache.mutable_cache_entry(i);
|
| + cronet_pb::CertVerificationRequestParams* request_params =
|
| + cache_entry->mutable_request_params();
|
| + // Corrupt |ocsp_response|.
|
| + request_params->clear_ocsp_response();
|
| + }
|
| +
|
| + net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>());
|
| + EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2));
|
| +}
|
| +
|
| +// An empty certificate number in |request_params| in the serialized data should
|
| +// fail to be deserialized. Should not deserialize an empty certificate number.
|
| +TEST(CertVerifierCacheSerializerTest,
|
| + DeserializeRequestParamsCertificateNoCertNumbers) {
|
| + net::CertVerifyResult verify_result;
|
| + net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>());
|
| + ASSERT_NO_FATAL_FAILURE(
|
| + VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result));
|
| + cronet_pb::CertVerificationCache cert_cache =
|
| + SerializeCertVerifierCache(verifier);
|
| + DCHECK_EQ(1, cert_cache.cert_entry_size());
|
| + DCHECK_EQ(1, cert_cache.cache_entry_size());
|
| +
|
| + for (int i = 0; i < cert_cache.cache_entry_size(); ++i) {
|
| + cronet_pb::CertVerificationCacheEntry* cache_entry =
|
| + cert_cache.mutable_cache_entry(i);
|
| + cronet_pb::CertVerificationRequestParams* request_params =
|
| + cache_entry->mutable_request_params();
|
| + cronet_pb::CertVerificationCertificate* certificate =
|
| + request_params->mutable_certificate();
|
| + // Corrupt certificate number.
|
| + certificate->clear_cert_numbers();
|
| + }
|
| +
|
| + net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>());
|
| + EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2));
|
| +}
|
| +
|
| +// An invalid certificate number in |request_params| in the serialized data
|
| +// should fail to be deserialized. Should not deserialize an invalid certificate
|
| +// number.
|
| +TEST(CertVerifierCacheSerializerTest,
|
| + DeserializeCorruptedRequestParamsCertNumbers) {
|
| + net::CertVerifyResult verify_result;
|
| + net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>());
|
| + ASSERT_NO_FATAL_FAILURE(
|
| + VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result));
|
| + cronet_pb::CertVerificationCache cert_cache =
|
| + SerializeCertVerifierCache(verifier);
|
| + DCHECK_EQ(1, cert_cache.cert_entry_size());
|
| + DCHECK_EQ(1, cert_cache.cache_entry_size());
|
| +
|
| + for (int i = 0; i < cert_cache.cache_entry_size(); ++i) {
|
| + cronet_pb::CertVerificationCacheEntry* cache_entry =
|
| + cert_cache.mutable_cache_entry(i);
|
| + cronet_pb::CertVerificationRequestParams* request_params =
|
| + cache_entry->mutable_request_params();
|
| + cronet_pb::CertVerificationCertificate* certificate =
|
| + request_params->mutable_certificate();
|
| + // Set bogus certificate number.
|
| + certificate->set_cert_numbers(0, 100);
|
| + }
|
| +
|
| + net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>());
|
| + EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2));
|
| +}
|
| +
|
| +// A corrupted certificate number in |additional_trust_anchors| of
|
| +// |request_params| in the serialized data should fail to be deserialized.
|
| +// Should not deserialize a corrupted certificate number.
|
| +TEST(CertVerifierCacheSerializerTest,
|
| + DeserializeRequestParamsCertificateNoTrustAnchors) {
|
| + net::CertificateList ca_cert_list = net::CreateCertificateListFromFile(
|
| + net::GetTestCertsDirectory(), "root_ca_cert.pem",
|
| + net::X509Certificate::FORMAT_AUTO);
|
| + ASSERT_EQ(1U, ca_cert_list.size());
|
| + scoped_refptr<net::X509Certificate> ca_cert(ca_cert_list[0]);
|
| +
|
| + net::CertificateList cert_list = net::CreateCertificateListFromFile(
|
| + net::GetTestCertsDirectory(), "ok_cert.pem",
|
| + net::X509Certificate::FORMAT_AUTO);
|
| + ASSERT_EQ(1U, cert_list.size());
|
| + scoped_refptr<net::X509Certificate> cert(cert_list[0]);
|
| +
|
| + // Now add the |ca_cert| to the |trust_anchors|, and verification should pass.
|
| + net::CertificateList trust_anchors;
|
| + trust_anchors.push_back(ca_cert);
|
| +
|
| + net::CertVerifyResult verify_result;
|
| + net::TestCompletionCallback callback;
|
| + std::unique_ptr<net::CertVerifier::Request> request;
|
| +
|
| + net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>());
|
| + // Verify the |cert| with |trust_anchors|.
|
| + ignore_result(callback.GetResult(verifier.Verify(
|
| + net::CertVerifier::RequestParams(cert, "www.example.com", 0,
|
| + std::string(), trust_anchors),
|
| + nullptr, &verify_result, callback.callback(), &request,
|
| + net::BoundNetLog())));
|
| +
|
| + cronet_pb::CertVerificationCache cert_cache =
|
| + SerializeCertVerifierCache(verifier);
|
| + DCHECK_EQ(2, cert_cache.cert_entry_size());
|
| + DCHECK_EQ(1, cert_cache.cache_entry_size());
|
| +
|
| + for (int i = 0; i < cert_cache.cache_entry_size(); ++i) {
|
| + cronet_pb::CertVerificationCacheEntry* cache_entry =
|
| + cert_cache.mutable_cache_entry(i);
|
| + cronet_pb::CertVerificationRequestParams* request_params =
|
| + cache_entry->mutable_request_params();
|
| + for (int j = 0; j < request_params->additional_trust_anchors_size(); ++j) {
|
| + cronet_pb::CertVerificationCertificate* certificate =
|
| + request_params->mutable_additional_trust_anchors(j);
|
| + // Corrupt the certificate number in |additional_trust_anchors|.
|
| + certificate->clear_cert_numbers();
|
| + }
|
| + }
|
| +
|
| + net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>());
|
| + EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2));
|
| +}
|
| +
|
| +// A corrupted |cached_result| in the serialized data should fail to be
|
| +// deserialized. Should not deserialize a corrupted |cached_result|.
|
| +TEST(CertVerifierCacheSerializerTest, DeserializeCorruptedCachedResult) {
|
| + net::CertVerifyResult verify_result;
|
| + net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>());
|
| + ASSERT_NO_FATAL_FAILURE(
|
| + VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result));
|
| + cronet_pb::CertVerificationCache cert_cache =
|
| + SerializeCertVerifierCache(verifier);
|
| + DCHECK_EQ(1, cert_cache.cert_entry_size());
|
| + DCHECK_EQ(1, cert_cache.cache_entry_size());
|
| +
|
| + for (int i = 0; i < cert_cache.cache_entry_size(); ++i) {
|
| + cronet_pb::CertVerificationCacheEntry* cache_entry =
|
| + cert_cache.mutable_cache_entry(i);
|
| + // Corrupt the |cached_result|.
|
| + cache_entry->clear_cached_result();
|
| + }
|
| +
|
| + net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>());
|
| + EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2));
|
| +}
|
| +
|
| +// A corrupted |error| in the serialized data should fail to be deserialized.
|
| +// Should not deserialize a corrupted |error|.
|
| +TEST(CertVerifierCacheSerializerTest, DeserializeCachedResultNoError) {
|
| + net::CertVerifyResult verify_result;
|
| + net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>());
|
| + ASSERT_NO_FATAL_FAILURE(
|
| + VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result));
|
| + cronet_pb::CertVerificationCache cert_cache =
|
| + SerializeCertVerifierCache(verifier);
|
| + DCHECK_EQ(1, cert_cache.cert_entry_size());
|
| + DCHECK_EQ(1, cert_cache.cache_entry_size());
|
| +
|
| + for (int i = 0; i < cert_cache.cache_entry_size(); ++i) {
|
| + cronet_pb::CertVerificationCacheEntry* cache_entry =
|
| + cert_cache.mutable_cache_entry(i);
|
| + cronet_pb::CertVerificationCachedResult* cached_result =
|
| + cache_entry->mutable_cached_result();
|
| + // Corrupt |error|.
|
| + cached_result->clear_error();
|
| + }
|
| +
|
| + net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>());
|
| + EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2));
|
| +}
|
| +
|
| +// A corrupted |result| in the serialized data should fail to be deserialized.
|
| +// Should not deserialize a corrupted |result|.
|
| +TEST(CertVerifierCacheSerializerTest, DeserializeCachedResultNoResult) {
|
| + net::CertVerifyResult verify_result;
|
| + net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>());
|
| + ASSERT_NO_FATAL_FAILURE(
|
| + VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result));
|
| + cronet_pb::CertVerificationCache cert_cache =
|
| + SerializeCertVerifierCache(verifier);
|
| + DCHECK_EQ(1, cert_cache.cert_entry_size());
|
| + DCHECK_EQ(1, cert_cache.cache_entry_size());
|
| +
|
| + for (int i = 0; i < cert_cache.cache_entry_size(); ++i) {
|
| + cronet_pb::CertVerificationCacheEntry* cache_entry =
|
| + cert_cache.mutable_cache_entry(i);
|
| + cronet_pb::CertVerificationCachedResult* cached_result =
|
| + cache_entry->mutable_cached_result();
|
| + // Corrupt the |result|.
|
| + cached_result->clear_result();
|
| + }
|
| +
|
| + net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>());
|
| + EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2));
|
| +}
|
| +
|
| +// A corrupted |cert_status| in the serialized data should fail to be
|
| +// deserialized. Should not deserialize a corrupted |cert_status|.
|
| +TEST(CertVerifierCacheSerializerTest, DeserializeCachedResultNoCertStatus) {
|
| + net::CertVerifyResult verify_result;
|
| + net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>());
|
| + ASSERT_NO_FATAL_FAILURE(
|
| + VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result));
|
| + cronet_pb::CertVerificationCache cert_cache =
|
| + SerializeCertVerifierCache(verifier);
|
| + DCHECK_EQ(1, cert_cache.cert_entry_size());
|
| + DCHECK_EQ(1, cert_cache.cache_entry_size());
|
| +
|
| + for (int i = 0; i < cert_cache.cache_entry_size(); ++i) {
|
| + cronet_pb::CertVerificationCacheEntry* cache_entry =
|
| + cert_cache.mutable_cache_entry(i);
|
| + cronet_pb::CertVerificationCachedResult* cached_result =
|
| + cache_entry->mutable_cached_result();
|
| + cronet_pb::CertVerificationResult* result = cached_result->mutable_result();
|
| + // Corrupt the |cert_status|.
|
| + result->clear_cert_status();
|
| + }
|
| +
|
| + net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>());
|
| + EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2));
|
| +}
|
| +
|
| +// A corrupted |verification_time| in the serialized data should fail to be
|
| +// deserialized. Should not deserialize a corrupted |verification_time|.
|
| +TEST(CertVerifierCacheSerializerTest, DeserializeCachedResultNoVerifiedCert) {
|
| + net::CertVerifyResult verify_result;
|
| + net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>());
|
| + ASSERT_NO_FATAL_FAILURE(
|
| + VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result));
|
| + cronet_pb::CertVerificationCache cert_cache =
|
| + SerializeCertVerifierCache(verifier);
|
| + DCHECK_EQ(1, cert_cache.cert_entry_size());
|
| + DCHECK_EQ(1, cert_cache.cache_entry_size());
|
| +
|
| + for (int i = 0; i < cert_cache.cache_entry_size(); ++i) {
|
| + cronet_pb::CertVerificationCacheEntry* cache_entry =
|
| + cert_cache.mutable_cache_entry(i);
|
| + cronet_pb::CertVerificationCachedResult* cached_result =
|
| + cache_entry->mutable_cached_result();
|
| + cronet_pb::CertVerificationResult* result = cached_result->mutable_result();
|
| + // Corrupt the |verified_cert|.
|
| + result->clear_verified_cert();
|
| + }
|
| +
|
| + net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>());
|
| + EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2));
|
| +}
|
| +
|
| +// A corrupted |verified_cert| in the serialized data should fail to be
|
| +// deserialized. Should not deserialize a corrupted |verified_cert|.
|
| +TEST(CertVerifierCacheSerializerTest,
|
| + DeserializeCachedResultNoVerifiedCertNumber) {
|
| + net::CertVerifyResult verify_result;
|
| + net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>());
|
| + ASSERT_NO_FATAL_FAILURE(
|
| + VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result));
|
| + cronet_pb::CertVerificationCache cert_cache =
|
| + SerializeCertVerifierCache(verifier);
|
| + DCHECK_EQ(1, cert_cache.cert_entry_size());
|
| + DCHECK_EQ(1, cert_cache.cache_entry_size());
|
| +
|
| + for (int i = 0; i < cert_cache.cache_entry_size(); ++i) {
|
| + cronet_pb::CertVerificationCacheEntry* cache_entry =
|
| + cert_cache.mutable_cache_entry(i);
|
| + cronet_pb::CertVerificationCachedResult* cached_result =
|
| + cache_entry->mutable_cached_result();
|
| + cronet_pb::CertVerificationResult* result = cached_result->mutable_result();
|
| + result->clear_verified_cert();
|
| + // Corrupt the verified cert's certificate number.
|
| + cronet_pb::CertVerificationCertificate* certificate =
|
| + result->mutable_verified_cert();
|
| + certificate->clear_cert_numbers();
|
| + }
|
| +
|
| + net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>());
|
| + EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2));
|
| +}
|
| +
|
| +// An invalid certificate number of |verified_cert| in the serialized data
|
| +// should fail to be deserialized. Should not deserialize an invalid certificate
|
| +// number.
|
| +TEST(CertVerifierCacheSerializerTest,
|
| + DeserializeCorruptedCachedResultVerifiedCertNumber) {
|
| + net::CertVerifyResult verify_result;
|
| + net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>());
|
| + ASSERT_NO_FATAL_FAILURE(
|
| + VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result));
|
| + cronet_pb::CertVerificationCache cert_cache =
|
| + SerializeCertVerifierCache(verifier);
|
| + DCHECK_EQ(1, cert_cache.cert_entry_size());
|
| + DCHECK_EQ(1, cert_cache.cache_entry_size());
|
| +
|
| + for (int i = 0; i < cert_cache.cache_entry_size(); ++i) {
|
| + cronet_pb::CertVerificationCacheEntry* cache_entry =
|
| + cert_cache.mutable_cache_entry(i);
|
| + cronet_pb::CertVerificationCachedResult* cached_result =
|
| + cache_entry->mutable_cached_result();
|
| + cronet_pb::CertVerificationResult* result = cached_result->mutable_result();
|
| + cronet_pb::CertVerificationCertificate* certificate =
|
| + result->mutable_verified_cert();
|
| + // Set bogus certificate number for |verified_cert|.
|
| + certificate->set_cert_numbers(0, 100);
|
| + }
|
| +
|
| + net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>());
|
| + EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2));
|
| +}
|
| +
|
| +// A corrupted |public_key_hashes| in the serialized data should fail to be
|
| +// deserialized. Should not deserialize a corrupted |public_key_hashes|.
|
| +TEST(CertVerifierCacheSerializerTest,
|
| + DeserializeCorruptedCachedResultPublicKeyHashes) {
|
| + net::CertVerifyResult verify_result;
|
| + net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>());
|
| + ASSERT_NO_FATAL_FAILURE(
|
| + VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result));
|
| + cronet_pb::CertVerificationCache cert_cache =
|
| + SerializeCertVerifierCache(verifier);
|
| + DCHECK_EQ(1, cert_cache.cert_entry_size());
|
| + DCHECK_EQ(1, cert_cache.cache_entry_size());
|
| +
|
| + for (int i = 0; i < cert_cache.cache_entry_size(); ++i) {
|
| + cronet_pb::CertVerificationCacheEntry* cache_entry =
|
| + cert_cache.mutable_cache_entry(i);
|
| + cronet_pb::CertVerificationCachedResult* cached_result =
|
| + cache_entry->mutable_cached_result();
|
| + cronet_pb::CertVerificationResult* result = cached_result->mutable_result();
|
| + // Set bogus |public_key_hashes|.
|
| + result->add_public_key_hashes("");
|
| + }
|
| +
|
| + net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>());
|
| + EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2));
|
| +}
|
| +
|
| +// A corrupted |verification_time| in the serialized data should fail to be
|
| +// deserialized. Should not deserialize a corrupted |verification_time|.
|
| +TEST(CertVerifierCacheSerializerTest, DeserializeCorruptedVerificationTime) {
|
| + net::CertVerifyResult verify_result;
|
| + net::CachingCertVerifier verifier(base::MakeUnique<net::MockCertVerifier>());
|
| + ASSERT_NO_FATAL_FAILURE(
|
| + VerifyCert("ok_cert.pem", "www.example.com", &verifier, &verify_result));
|
| + cronet_pb::CertVerificationCache cert_cache =
|
| + SerializeCertVerifierCache(verifier);
|
| + DCHECK_EQ(1, cert_cache.cert_entry_size());
|
| + DCHECK_EQ(1, cert_cache.cache_entry_size());
|
| +
|
| + for (int i = 0; i < cert_cache.cache_entry_size(); ++i) {
|
| + cronet_pb::CertVerificationCacheEntry* cache_entry =
|
| + cert_cache.mutable_cache_entry(i);
|
| + // Corrupt |verification_time|.
|
| + cache_entry->clear_verification_time();
|
| + }
|
| +
|
| + net::CachingCertVerifier verifier2(base::MakeUnique<net::MockCertVerifier>());
|
| + EXPECT_FALSE(DeserializeCertVerifierCache(cert_cache, &verifier2));
|
| +}
|
| +
|
| +} // namespace cronet
|
|
|
Chromium Code Reviews
Issue 2021433004:
Cert - protobufs to serialize and deserialize CertVerifierCache. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@Add_support_for_walking_1999733002