| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <memory> | 5 #include <memory> |
| 6 #include <utility> | 6 #include <utility> |
| 7 | 7 |
| 8 #include "base/callback_helpers.h" | 8 #include "base/callback_helpers.h" |
| 9 #include "base/logging.h" | 9 #include "base/logging.h" |
| 10 #include "base/macros.h" | 10 #include "base/macros.h" |
| 11 #include "base/memory/ptr_util.h" | 11 #include "base/memory/ptr_util.h" |
| 12 #include "base/memory/ref_counted.h" | 12 #include "base/memory/ref_counted.h" |
| 13 #include "base/stl_util.h" | 13 #include "base/stl_util.h" |
| 14 #include "base/strings/stringprintf.h" | 14 #include "base/strings/stringprintf.h" |
| 15 #include "net/base/net_errors.h" | 15 #include "net/base/net_errors.h" |
| 16 #include "net/base/test_completion_callback.h" | 16 #include "net/base/test_completion_callback.h" |
| 17 #include "net/base/test_data_directory.h" | 17 #include "net/base/test_data_directory.h" |
| 18 #include "net/cert/cert_status_flags.h" | 18 #include "net/cert/cert_status_flags.h" |
| 19 #include "net/cert/cert_verifier.h" | 19 #include "net/cert/cert_verifier.h" |
| 20 #include "net/cert/cert_verify_result.h" | 20 #include "net/cert/cert_verify_result.h" |
| 21 #include "net/cert/ct_policy_enforcer.h" |
| 21 #include "net/cert/ct_verifier.h" | 22 #include "net/cert/ct_verifier.h" |
| 22 #include "net/cert/mock_cert_verifier.h" | 23 #include "net/cert/mock_cert_verifier.h" |
| 23 #include "net/cert/multi_log_ct_verifier.h" | 24 #include "net/cert/multi_log_ct_verifier.h" |
| 24 #include "net/cert/test_root_certs.h" | 25 #include "net/cert/test_root_certs.h" |
| 25 #include "net/cert/x509_certificate.h" | 26 #include "net/cert/x509_certificate.h" |
| 26 #include "net/cert/x509_util.h" | 27 #include "net/cert/x509_util.h" |
| 27 #include "net/http/transport_security_state.h" | 28 #include "net/http/transport_security_state.h" |
| 28 #include "net/log/net_log.h" | 29 #include "net/log/net_log.h" |
| 29 #include "net/quic/crypto/crypto_utils.h" | 30 #include "net/quic/crypto/crypto_utils.h" |
| 30 #include "net/quic/crypto/proof_source_chromium.h" | 31 #include "net/quic/crypto/proof_source_chromium.h" |
| (...skipping 12 matching lines...) Expand all Loading... |
| 43 namespace test { | 44 namespace test { |
| 44 | 45 |
| 45 namespace { | 46 namespace { |
| 46 | 47 |
| 47 class TestProofVerifierChromium : public ProofVerifierChromium { | 48 class TestProofVerifierChromium : public ProofVerifierChromium { |
| 48 public: | 49 public: |
| 49 TestProofVerifierChromium( | 50 TestProofVerifierChromium( |
| 50 std::unique_ptr<CertVerifier> cert_verifier, | 51 std::unique_ptr<CertVerifier> cert_verifier, |
| 51 std::unique_ptr<TransportSecurityState> transport_security_state, | 52 std::unique_ptr<TransportSecurityState> transport_security_state, |
| 52 std::unique_ptr<CTVerifier> cert_transparency_verifier, | 53 std::unique_ptr<CTVerifier> cert_transparency_verifier, |
| 54 std::unique_ptr<CTPolicyEnforcer> ct_policy_enforcer, |
| 53 const std::string& cert_file) | 55 const std::string& cert_file) |
| 54 : ProofVerifierChromium(cert_verifier.get(), | 56 : ProofVerifierChromium(cert_verifier.get(), |
| 55 nullptr, | 57 ct_policy_enforcer.get(), |
| 56 transport_security_state.get(), | 58 transport_security_state.get(), |
| 57 cert_transparency_verifier.get()), | 59 cert_transparency_verifier.get()), |
| 58 cert_verifier_(std::move(cert_verifier)), | 60 cert_verifier_(std::move(cert_verifier)), |
| 59 transport_security_state_(std::move(transport_security_state)), | 61 transport_security_state_(std::move(transport_security_state)), |
| 60 cert_transparency_verifier_(std::move(cert_transparency_verifier)) { | 62 cert_transparency_verifier_(std::move(cert_transparency_verifier)), |
| 63 ct_policy_enforcer_(std::move(ct_policy_enforcer)) { |
| 61 // Load and install the root for the validated chain. | 64 // Load and install the root for the validated chain. |
| 62 scoped_refptr<X509Certificate> root_cert = | 65 scoped_refptr<X509Certificate> root_cert = |
| 63 ImportCertFromFile(GetTestCertsDirectory(), cert_file); | 66 ImportCertFromFile(GetTestCertsDirectory(), cert_file); |
| 64 scoped_root_.Reset(root_cert.get()); | 67 scoped_root_.Reset(root_cert.get()); |
| 65 } | 68 } |
| 66 | 69 |
| 67 ~TestProofVerifierChromium() override {} | 70 ~TestProofVerifierChromium() override {} |
| 68 | 71 |
| 69 CertVerifier* cert_verifier() { return cert_verifier_.get(); } | 72 CertVerifier* cert_verifier() { return cert_verifier_.get(); } |
| 70 | 73 |
| 71 private: | 74 private: |
| 72 ScopedTestRoot scoped_root_; | 75 ScopedTestRoot scoped_root_; |
| 73 std::unique_ptr<CertVerifier> cert_verifier_; | 76 std::unique_ptr<CertVerifier> cert_verifier_; |
| 74 std::unique_ptr<TransportSecurityState> transport_security_state_; | 77 std::unique_ptr<TransportSecurityState> transport_security_state_; |
| 75 std::unique_ptr<CTVerifier> cert_transparency_verifier_; | 78 std::unique_ptr<CTVerifier> cert_transparency_verifier_; |
| 79 std::unique_ptr<CTPolicyEnforcer> ct_policy_enforcer_; |
| 76 }; | 80 }; |
| 77 | 81 |
| 78 } // namespace | 82 } // namespace |
| 79 | 83 |
| 80 // static | 84 // static |
| 81 ProofSource* CryptoTestUtils::ProofSourceForTesting() { | 85 ProofSource* CryptoTestUtils::ProofSourceForTesting() { |
| 82 ProofSourceChromium* source = new ProofSourceChromium(); | 86 ProofSourceChromium* source = new ProofSourceChromium(); |
| 83 base::FilePath certs_dir = GetTestCertsDirectory(); | 87 base::FilePath certs_dir = GetTestCertsDirectory(); |
| 84 CHECK(source->Initialize( | 88 CHECK(source->Initialize( |
| 85 certs_dir.AppendASCII("quic_chain.crt"), | 89 certs_dir.AppendASCII("quic_chain.crt"), |
| (...skipping 11 matching lines...) Expand all Loading... |
| 97 ImportCertFromFile(GetTestCertsDirectory(), "quic_test.example.com.crt"); | 101 ImportCertFromFile(GetTestCertsDirectory(), "quic_test.example.com.crt"); |
| 98 cert_verifier->AddResultForCertAndHost(verify_result.verified_cert.get(), | 102 cert_verifier->AddResultForCertAndHost(verify_result.verified_cert.get(), |
| 99 "test.example.com", verify_result, OK); | 103 "test.example.com", verify_result, OK); |
| 100 verify_result.verified_cert = ImportCertFromFile( | 104 verify_result.verified_cert = ImportCertFromFile( |
| 101 GetTestCertsDirectory(), "quic_test_ecc.example.com.crt"); | 105 GetTestCertsDirectory(), "quic_test_ecc.example.com.crt"); |
| 102 cert_verifier->AddResultForCertAndHost(verify_result.verified_cert.get(), | 106 cert_verifier->AddResultForCertAndHost(verify_result.verified_cert.get(), |
| 103 "test.example.com", verify_result, OK); | 107 "test.example.com", verify_result, OK); |
| 104 if (use_real_proof_verifier) { | 108 if (use_real_proof_verifier) { |
| 105 return new TestProofVerifierChromium( | 109 return new TestProofVerifierChromium( |
| 106 std::move(cert_verifier), base::WrapUnique(new TransportSecurityState), | 110 std::move(cert_verifier), base::WrapUnique(new TransportSecurityState), |
| 107 base::WrapUnique(new MultiLogCTVerifier), "quic_root.crt"); | 111 base::WrapUnique(new MultiLogCTVerifier), |
| 112 base::WrapUnique(new CTPolicyEnforcer), "quic_root.crt"); |
| 108 } | 113 } |
| 109 return new TestProofVerifierChromium( | 114 return new TestProofVerifierChromium( |
| 110 std::move(cert_verifier), base::WrapUnique(new TransportSecurityState), | 115 std::move(cert_verifier), base::WrapUnique(new TransportSecurityState), |
| 111 base::WrapUnique(new MultiLogCTVerifier), "quic_root.crt"); | 116 base::WrapUnique(new MultiLogCTVerifier), |
| 117 base::WrapUnique(new CTPolicyEnforcer), "quic_root.crt"); |
| 112 } | 118 } |
| 113 | 119 |
| 114 // static | 120 // static |
| 115 ProofVerifier* CryptoTestUtils::ProofVerifierForTesting() { | 121 ProofVerifier* CryptoTestUtils::ProofVerifierForTesting() { |
| 116 return ProofVerifierForTestingInternal(/*use_real_proof_verifier=*/false); | 122 return ProofVerifierForTestingInternal(/*use_real_proof_verifier=*/false); |
| 117 } | 123 } |
| 118 | 124 |
| 119 // static | 125 // static |
| 120 ProofVerifier* CryptoTestUtils::RealProofVerifierForTesting() { | 126 ProofVerifier* CryptoTestUtils::RealProofVerifierForTesting() { |
| 121 return ProofVerifierForTestingInternal(/*use_real_proof_verifier=*/true); | 127 return ProofVerifierForTestingInternal(/*use_real_proof_verifier=*/true); |
| 122 } | 128 } |
| 123 | 129 |
| 124 // static | 130 // static |
| 125 ProofVerifyContext* CryptoTestUtils::ProofVerifyContextForTesting() { | 131 ProofVerifyContext* CryptoTestUtils::ProofVerifyContextForTesting() { |
| 126 return new ProofVerifyContextChromium(/*cert_verify_flags=*/0, BoundNetLog()); | 132 return new ProofVerifyContextChromium(/*cert_verify_flags=*/0, BoundNetLog()); |
| 127 } | 133 } |
| 128 | 134 |
| 129 } // namespace test | 135 } // namespace test |
| 130 | 136 |
| 131 } // namespace net | 137 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2067843003:
Require a CTVerifier and CTPolicyEnforcer for TLS/QUIC sockets (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master