Require a CTVerifier and CTPolicyEnforcer for TLS/QUIC sockets

net/socket/ssl_client_socket_pool_unittest.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/http/http_proxy_client_socket_pool.h"
 
 #include "base/callback.h"
 #include "base/compiler_specific.h"
 #include "base/strings/string_util.h"
 #include "base/strings/utf_string_conversions.h"
 #include "base/time/time.h"
 #include "net/base/auth.h"
 #include "net/base/load_timing_info.h"
 #include "net/base/load_timing_info_test_util.h"
 #include "net/base/net_errors.h"
 #include "net/base/test_completion_callback.h"
-#include "net/cert/cert_verifier.h"
+#include "net/cert/ct_policy_enforcer.h"
+#include "net/cert/mock_cert_verifier.h"
+#include "net/cert/multi_log_ct_verifier.h"
 #include "net/dns/mock_host_resolver.h"
 #include "net/http/http_auth_handler_factory.h"
 #include "net/http/http_network_session.h"
 #include "net/http/http_request_headers.h"
 #include "net/http/http_response_headers.h"
 #include "net/http/http_server_properties_impl.h"
 #include "net/http/transport_security_state.h"
 #include "net/proxy/proxy_service.h"
 #include "net/socket/client_socket_handle.h"
 #include "net/socket/next_proto.h"
@@ skipping 43 matching lines @@
   ExpectConnectTimingHasTimes(load_timing_info.connect_timing,
                               CONNECT_TIMING_HAS_SSL_TIMES);
   ExpectLoadTimingHasOnlyConnectionTimes(load_timing_info);
 }
 
 class SSLClientSocketPoolTest
     : public testing::Test,
       public ::testing::WithParamInterface<NextProto> {
  protected:
   SSLClientSocketPoolTest()
-      : transport_security_state_(new TransportSecurityState),
+      : cert_verifier_(new MockCertVerifier),
+        transport_security_state_(new TransportSecurityState),
         proxy_service_(ProxyService::CreateDirect()),
         ssl_config_service_(new SSLConfigServiceDefaults),
         http_auth_handler_factory_(
             HttpAuthHandlerFactory::CreateDefault(&host_resolver_)),
         http_server_properties_(new HttpServerPropertiesImpl),
         session_(CreateNetworkSession()),
         direct_transport_socket_params_(new TransportSocketParams(
             HostPortPair("host", 443),
             false,
             OnHostResolutionCallback(),
@@ skipping 28 matching lines @@
                                 &transport_socket_pool_,
                                 NULL,
                                 NULL) {
     scoped_refptr<SSLConfigService> ssl_config_service(
         new SSLConfigServiceDefaults);
     ssl_config_service->GetSSLConfig(&ssl_config_);
   }
 
   void CreatePool(bool transport_pool, bool http_proxy_pool, bool socks_pool) {
     pool_.reset(new SSLClientSocketPool(
-        kMaxSockets, kMaxSocketsPerGroup, NULL /* cert_verifier */,
-        NULL /* channel_id_service */, NULL /* transport_security_state */,
-        NULL /* cert_transparency_verifier */, NULL /* ct_policy_enforcer */,
+        kMaxSockets, kMaxSocketsPerGroup, cert_verifier_.get(),
+        NULL /* channel_id_service */, transport_security_state_.get(),
+        &ct_verifier_, &ct_policy_enforcer_,
         std::string() /* ssl_session_cache_shard */, &socket_factory_,
         transport_pool ? &transport_socket_pool_ : NULL,
         socks_pool ? &socks_socket_pool_ : NULL,
         http_proxy_pool ? &http_proxy_socket_pool_ : NULL, NULL, NULL));
   }
 
   scoped_refptr<SSLSocketParams> SSLParams(ProxyServer::Scheme proxy,
                                            bool expect_spdy) {
     return make_scoped_refptr(new SSLSocketParams(
         proxy == ProxyServer::SCHEME_DIRECT ? direct_transport_socket_params_
@@ skipping 13 matching lines @@
                                      "Basic realm=MyRealm1",
                                      AuthCredentials(kFoo, kBar),
                                      "/");
   }
 
   HttpNetworkSession* CreateNetworkSession() {
     HttpNetworkSession::Params params;
     params.host_resolver = &host_resolver_;
     params.cert_verifier = cert_verifier_.get();
     params.transport_security_state = transport_security_state_.get();
+    params.cert_transparency_verifier = &ct_verifier_;
+    params.ct_policy_enforcer = &ct_policy_enforcer_;
     params.proxy_service = proxy_service_.get();
     params.client_socket_factory = &socket_factory_;
     params.ssl_config_service = ssl_config_service_.get();
     params.http_auth_handler_factory = http_auth_handler_factory_.get();
     params.http_server_properties = http_server_properties_.get();
     params.spdy_default_protocol = GetParam();
     return new HttpNetworkSession(params);
   }
 
   void TestIPPoolingDisabled(SSLSocketDataProvider* ssl);
 
   MockClientSocketFactory socket_factory_;
   MockCachingHostResolver host_resolver_;
   std::unique_ptr<CertVerifier> cert_verifier_;
   std::unique_ptr<TransportSecurityState> transport_security_state_;
+  MultiLogCTVerifier ct_verifier_;
+  CTPolicyEnforcer ct_policy_enforcer_;
   const std::unique_ptr<ProxyService> proxy_service_;
   const scoped_refptr<SSLConfigService> ssl_config_service_;
   const std::unique_ptr<HttpAuthHandlerFactory> http_auth_handler_factory_;
   const std::unique_ptr<HttpServerPropertiesImpl> http_server_properties_;
   const std::unique_ptr<HttpNetworkSession> session_;
 
   scoped_refptr<TransportSocketParams> direct_transport_socket_params_;
   MockTransportClientSocketPool transport_socket_pool_;
 
   scoped_refptr<TransportSocketParams> proxy_transport_socket_params_;
@@ skipping 740 matching lines @@
   ssl.channel_id_sent = true;
   ssl.SetNextProto(GetParam());
   TestIPPoolingDisabled(&ssl);
 }
 
 // It would be nice to also test the timeouts in SSLClientSocketPool.
 
 }  // namespace
 
 }  // namespace net