OLD | NEW |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/quic/crypto/proof_verifier_chromium.h" | 5 #include "net/quic/crypto/proof_verifier_chromium.h" |
6 | 6 |
7 #include "base/memory/ref_counted.h" | 7 #include "base/memory/ref_counted.h" |
8 #include "net/base/net_errors.h" | 8 #include "net/base/net_errors.h" |
9 #include "net/cert/cert_status_flags.h" | 9 #include "net/cert/cert_status_flags.h" |
10 #include "net/cert/cert_verifier.h" | 10 #include "net/cert/cert_verifier.h" |
(...skipping 213 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
224 // verification fails. | 224 // verification fails. |
225 TEST_F(ProofVerifierChromiumTest, FailsIfCertFails) { | 225 TEST_F(ProofVerifierChromiumTest, FailsIfCertFails) { |
226 MockCertVerifier dummy_verifier; | 226 MockCertVerifier dummy_verifier; |
227 ProofVerifierChromium proof_verifier(&dummy_verifier, &ct_policy_enforcer_, | 227 ProofVerifierChromium proof_verifier(&dummy_verifier, &ct_policy_enforcer_, |
228 &transport_security_state_, | 228 &transport_security_state_, |
229 ct_verifier_.get()); | 229 ct_verifier_.get()); |
230 | 230 |
231 std::unique_ptr<DummyProofVerifierCallback> callback( | 231 std::unique_ptr<DummyProofVerifierCallback> callback( |
232 new DummyProofVerifierCallback); | 232 new DummyProofVerifierCallback); |
233 QuicAsyncStatus status = proof_verifier.VerifyProof( | 233 QuicAsyncStatus status = proof_verifier.VerifyProof( |
234 kTestHostname, kTestPort, kTestConfig, QUIC_VERSION_25, "", certs_, "", | 234 kTestHostname, kTestPort, kTestConfig, QUIC_VERSION_35, "", certs_, "", |
235 GetTestSignature(), verify_context_.get(), &error_details_, &details_, | 235 GetTestSignature(), verify_context_.get(), &error_details_, &details_, |
236 std::move(callback)); | 236 std::move(callback)); |
237 ASSERT_EQ(QUIC_FAILURE, status); | 237 ASSERT_EQ(QUIC_FAILURE, status); |
238 } | 238 } |
239 | 239 |
240 // Valid SCT, but invalid signature. | 240 // Valid SCT, but invalid signature. |
241 TEST_F(ProofVerifierChromiumTest, ValidSCTList) { | 241 TEST_F(ProofVerifierChromiumTest, ValidSCTList) { |
242 // Use different certificates for SCT tests. | 242 // Use different certificates for SCT tests. |
243 ASSERT_NO_FATAL_FAILURE(GetSCTTestCertificates(&certs_)); | 243 ASSERT_NO_FATAL_FAILURE(GetSCTTestCertificates(&certs_)); |
244 | 244 |
245 MockCertVerifier cert_verifier; | 245 MockCertVerifier cert_verifier; |
246 ProofVerifierChromium proof_verifier(&cert_verifier, &ct_policy_enforcer_, | 246 ProofVerifierChromium proof_verifier(&cert_verifier, &ct_policy_enforcer_, |
247 &transport_security_state_, | 247 &transport_security_state_, |
248 ct_verifier_.get()); | 248 ct_verifier_.get()); |
249 | 249 |
250 std::unique_ptr<DummyProofVerifierCallback> callback( | 250 std::unique_ptr<DummyProofVerifierCallback> callback( |
251 new DummyProofVerifierCallback); | 251 new DummyProofVerifierCallback); |
252 QuicAsyncStatus status = proof_verifier.VerifyProof( | 252 QuicAsyncStatus status = proof_verifier.VerifyProof( |
253 kTestHostname, kTestPort, kTestConfig, QUIC_VERSION_25, "", certs_, | 253 kTestHostname, kTestPort, kTestConfig, QUIC_VERSION_35, "", certs_, |
254 ct::GetSCTListForTesting(), "", verify_context_.get(), &error_details_, | 254 ct::GetSCTListForTesting(), "", verify_context_.get(), &error_details_, |
255 &details_, std::move(callback)); | 255 &details_, std::move(callback)); |
256 ASSERT_EQ(QUIC_FAILURE, status); | 256 ASSERT_EQ(QUIC_FAILURE, status); |
257 CheckSCT(/*sct_expected_ok=*/true); | 257 CheckSCT(/*sct_expected_ok=*/true); |
258 } | 258 } |
259 | 259 |
260 // Invalid SCT and signature. | 260 // Invalid SCT and signature. |
261 TEST_F(ProofVerifierChromiumTest, InvalidSCTList) { | 261 TEST_F(ProofVerifierChromiumTest, InvalidSCTList) { |
262 // Use different certificates for SCT tests. | 262 // Use different certificates for SCT tests. |
263 ASSERT_NO_FATAL_FAILURE(GetSCTTestCertificates(&certs_)); | 263 ASSERT_NO_FATAL_FAILURE(GetSCTTestCertificates(&certs_)); |
264 | 264 |
265 MockCertVerifier cert_verifier; | 265 MockCertVerifier cert_verifier; |
266 ProofVerifierChromium proof_verifier(&cert_verifier, &ct_policy_enforcer_, | 266 ProofVerifierChromium proof_verifier(&cert_verifier, &ct_policy_enforcer_, |
267 &transport_security_state_, | 267 &transport_security_state_, |
268 ct_verifier_.get()); | 268 ct_verifier_.get()); |
269 | 269 |
270 std::unique_ptr<DummyProofVerifierCallback> callback( | 270 std::unique_ptr<DummyProofVerifierCallback> callback( |
271 new DummyProofVerifierCallback); | 271 new DummyProofVerifierCallback); |
272 QuicAsyncStatus status = proof_verifier.VerifyProof( | 272 QuicAsyncStatus status = proof_verifier.VerifyProof( |
273 kTestHostname, kTestPort, kTestConfig, QUIC_VERSION_25, "", certs_, | 273 kTestHostname, kTestPort, kTestConfig, QUIC_VERSION_35, "", certs_, |
274 ct::GetSCTListWithInvalidSCT(), "", verify_context_.get(), | 274 ct::GetSCTListWithInvalidSCT(), "", verify_context_.get(), |
275 &error_details_, &details_, std::move(callback)); | 275 &error_details_, &details_, std::move(callback)); |
276 ASSERT_EQ(QUIC_FAILURE, status); | 276 ASSERT_EQ(QUIC_FAILURE, status); |
277 CheckSCT(/*sct_expected_ok=*/false); | 277 CheckSCT(/*sct_expected_ok=*/false); |
278 } | 278 } |
279 | 279 |
280 // Tests that the ProofVerifier doesn't verify certificates if the config | 280 // Tests that the ProofVerifier doesn't verify certificates if the config |
281 // signature fails. | 281 // signature fails. |
282 TEST_F(ProofVerifierChromiumTest, FailsIfSignatureFails) { | 282 TEST_F(ProofVerifierChromiumTest, FailsIfSignatureFails) { |
283 FailsTestCertVerifier cert_verifier; | 283 FailsTestCertVerifier cert_verifier; |
284 ProofVerifierChromium proof_verifier(&cert_verifier, &ct_policy_enforcer_, | 284 ProofVerifierChromium proof_verifier(&cert_verifier, &ct_policy_enforcer_, |
285 &transport_security_state_, | 285 &transport_security_state_, |
286 ct_verifier_.get()); | 286 ct_verifier_.get()); |
287 | 287 |
288 std::unique_ptr<DummyProofVerifierCallback> callback( | 288 std::unique_ptr<DummyProofVerifierCallback> callback( |
289 new DummyProofVerifierCallback); | 289 new DummyProofVerifierCallback); |
290 QuicAsyncStatus status = proof_verifier.VerifyProof( | 290 QuicAsyncStatus status = proof_verifier.VerifyProof( |
291 kTestHostname, kTestPort, kTestConfig, QUIC_VERSION_25, "", certs_, "", | 291 kTestHostname, kTestPort, kTestConfig, QUIC_VERSION_35, "", certs_, "", |
292 kTestConfig, verify_context_.get(), &error_details_, &details_, | 292 kTestConfig, verify_context_.get(), &error_details_, &details_, |
293 std::move(callback)); | 293 std::move(callback)); |
294 ASSERT_EQ(QUIC_FAILURE, status); | 294 ASSERT_EQ(QUIC_FAILURE, status); |
295 } | 295 } |
296 | 296 |
297 // Tests that the certificate policy enforcer is consulted for EV | 297 // Tests that the certificate policy enforcer is consulted for EV |
298 // and the certificate is allowed to be EV. | 298 // and the certificate is allowed to be EV. |
299 TEST_F(ProofVerifierChromiumTest, PreservesEVIfAllowed) { | 299 TEST_F(ProofVerifierChromiumTest, PreservesEVIfAllowed) { |
300 scoped_refptr<X509Certificate> test_cert = GetTestServerCertificate(); | 300 scoped_refptr<X509Certificate> test_cert = GetTestServerCertificate(); |
301 ASSERT_TRUE(test_cert); | 301 ASSERT_TRUE(test_cert); |
302 | 302 |
303 CertVerifyResult dummy_result; | 303 CertVerifyResult dummy_result; |
304 dummy_result.verified_cert = test_cert; | 304 dummy_result.verified_cert = test_cert; |
305 dummy_result.cert_status = CERT_STATUS_IS_EV; | 305 dummy_result.cert_status = CERT_STATUS_IS_EV; |
306 | 306 |
307 MockCertVerifier dummy_verifier; | 307 MockCertVerifier dummy_verifier; |
308 dummy_verifier.AddResultForCert(test_cert.get(), dummy_result, OK); | 308 dummy_verifier.AddResultForCert(test_cert.get(), dummy_result, OK); |
309 | 309 |
310 EXPECT_CALL(ct_policy_enforcer_, DoesConformToCTEVPolicy(_, _, _, _)) | 310 EXPECT_CALL(ct_policy_enforcer_, DoesConformToCTEVPolicy(_, _, _, _)) |
311 .WillRepeatedly( | 311 .WillRepeatedly( |
312 Return(ct::EVPolicyCompliance::EV_POLICY_COMPLIES_VIA_SCTS)); | 312 Return(ct::EVPolicyCompliance::EV_POLICY_COMPLIES_VIA_SCTS)); |
313 | 313 |
314 ProofVerifierChromium proof_verifier(&dummy_verifier, &ct_policy_enforcer_, | 314 ProofVerifierChromium proof_verifier(&dummy_verifier, &ct_policy_enforcer_, |
315 &transport_security_state_, | 315 &transport_security_state_, |
316 ct_verifier_.get()); | 316 ct_verifier_.get()); |
317 | 317 |
318 std::unique_ptr<DummyProofVerifierCallback> callback( | 318 std::unique_ptr<DummyProofVerifierCallback> callback( |
319 new DummyProofVerifierCallback); | 319 new DummyProofVerifierCallback); |
320 QuicAsyncStatus status = proof_verifier.VerifyProof( | 320 QuicAsyncStatus status = proof_verifier.VerifyProof( |
321 kTestHostname, kTestPort, kTestConfig, QUIC_VERSION_25, "", certs_, "", | 321 kTestHostname, kTestPort, kTestConfig, QUIC_VERSION_35, "", certs_, "", |
322 GetTestSignature(), verify_context_.get(), &error_details_, &details_, | 322 GetTestSignature(), verify_context_.get(), &error_details_, &details_, |
323 std::move(callback)); | 323 std::move(callback)); |
324 ASSERT_EQ(QUIC_SUCCESS, status); | 324 ASSERT_EQ(QUIC_SUCCESS, status); |
325 | 325 |
326 ASSERT_TRUE(details_.get()); | 326 ASSERT_TRUE(details_.get()); |
327 ProofVerifyDetailsChromium* verify_details = | 327 ProofVerifyDetailsChromium* verify_details = |
328 static_cast<ProofVerifyDetailsChromium*>(details_.get()); | 328 static_cast<ProofVerifyDetailsChromium*>(details_.get()); |
329 EXPECT_EQ(dummy_result.cert_status, | 329 EXPECT_EQ(dummy_result.cert_status, |
330 verify_details->cert_verify_result.cert_status); | 330 verify_details->cert_verify_result.cert_status); |
331 } | 331 } |
(...skipping 15 matching lines...) Expand all Loading... |
347 .WillRepeatedly( | 347 .WillRepeatedly( |
348 Return(ct::EVPolicyCompliance::EV_POLICY_NOT_ENOUGH_SCTS)); | 348 Return(ct::EVPolicyCompliance::EV_POLICY_NOT_ENOUGH_SCTS)); |
349 | 349 |
350 ProofVerifierChromium proof_verifier(&dummy_verifier, &ct_policy_enforcer_, | 350 ProofVerifierChromium proof_verifier(&dummy_verifier, &ct_policy_enforcer_, |
351 &transport_security_state_, | 351 &transport_security_state_, |
352 ct_verifier_.get()); | 352 ct_verifier_.get()); |
353 | 353 |
354 std::unique_ptr<DummyProofVerifierCallback> callback( | 354 std::unique_ptr<DummyProofVerifierCallback> callback( |
355 new DummyProofVerifierCallback); | 355 new DummyProofVerifierCallback); |
356 QuicAsyncStatus status = proof_verifier.VerifyProof( | 356 QuicAsyncStatus status = proof_verifier.VerifyProof( |
357 kTestHostname, kTestPort, kTestConfig, QUIC_VERSION_25, "", certs_, "", | 357 kTestHostname, kTestPort, kTestConfig, QUIC_VERSION_35, "", certs_, "", |
358 GetTestSignature(), verify_context_.get(), &error_details_, &details_, | 358 GetTestSignature(), verify_context_.get(), &error_details_, &details_, |
359 std::move(callback)); | 359 std::move(callback)); |
360 ASSERT_EQ(QUIC_SUCCESS, status); | 360 ASSERT_EQ(QUIC_SUCCESS, status); |
361 | 361 |
362 ASSERT_TRUE(details_.get()); | 362 ASSERT_TRUE(details_.get()); |
363 ProofVerifyDetailsChromium* verify_details = | 363 ProofVerifyDetailsChromium* verify_details = |
364 static_cast<ProofVerifyDetailsChromium*>(details_.get()); | 364 static_cast<ProofVerifyDetailsChromium*>(details_.get()); |
365 EXPECT_EQ(CERT_STATUS_CT_COMPLIANCE_FAILED, | 365 EXPECT_EQ(CERT_STATUS_CT_COMPLIANCE_FAILED, |
366 verify_details->cert_verify_result.cert_status & | 366 verify_details->cert_verify_result.cert_status & |
367 (CERT_STATUS_CT_COMPLIANCE_FAILED | CERT_STATUS_IS_EV)); | 367 (CERT_STATUS_CT_COMPLIANCE_FAILED | CERT_STATUS_IS_EV)); |
(...skipping 14 matching lines...) Expand all Loading... |
382 | 382 |
383 FailsTestCTPolicyEnforcer policy_enforcer; | 383 FailsTestCTPolicyEnforcer policy_enforcer; |
384 | 384 |
385 ProofVerifierChromium proof_verifier(&dummy_verifier, &policy_enforcer, | 385 ProofVerifierChromium proof_verifier(&dummy_verifier, &policy_enforcer, |
386 &transport_security_state_, | 386 &transport_security_state_, |
387 ct_verifier_.get()); | 387 ct_verifier_.get()); |
388 | 388 |
389 std::unique_ptr<DummyProofVerifierCallback> callback( | 389 std::unique_ptr<DummyProofVerifierCallback> callback( |
390 new DummyProofVerifierCallback); | 390 new DummyProofVerifierCallback); |
391 QuicAsyncStatus status = proof_verifier.VerifyProof( | 391 QuicAsyncStatus status = proof_verifier.VerifyProof( |
392 kTestHostname, kTestPort, kTestConfig, QUIC_VERSION_25, "", certs_, "", | 392 kTestHostname, kTestPort, kTestConfig, QUIC_VERSION_35, "", certs_, "", |
393 GetTestSignature(), verify_context_.get(), &error_details_, &details_, | 393 GetTestSignature(), verify_context_.get(), &error_details_, &details_, |
394 std::move(callback)); | 394 std::move(callback)); |
395 ASSERT_EQ(QUIC_SUCCESS, status); | 395 ASSERT_EQ(QUIC_SUCCESS, status); |
396 | 396 |
397 ASSERT_TRUE(details_.get()); | 397 ASSERT_TRUE(details_.get()); |
398 ProofVerifyDetailsChromium* verify_details = | 398 ProofVerifyDetailsChromium* verify_details = |
399 static_cast<ProofVerifyDetailsChromium*>(details_.get()); | 399 static_cast<ProofVerifyDetailsChromium*>(details_.get()); |
400 EXPECT_EQ(0u, verify_details->cert_verify_result.cert_status); | 400 EXPECT_EQ(0u, verify_details->cert_verify_result.cert_status); |
401 } | 401 } |
402 | 402 |
(...skipping 24 matching lines...) Expand all Loading... |
427 kTestHostname, base::Time::Now() + base::TimeDelta::FromSeconds(10000), | 427 kTestHostname, base::Time::Now() + base::TimeDelta::FromSeconds(10000), |
428 true, pin_hashes, GURL()); | 428 true, pin_hashes, GURL()); |
429 | 429 |
430 ProofVerifierChromium proof_verifier(&dummy_verifier, &ct_policy_enforcer_, | 430 ProofVerifierChromium proof_verifier(&dummy_verifier, &ct_policy_enforcer_, |
431 &transport_security_state_, | 431 &transport_security_state_, |
432 ct_verifier_.get()); | 432 ct_verifier_.get()); |
433 | 433 |
434 std::unique_ptr<DummyProofVerifierCallback> callback( | 434 std::unique_ptr<DummyProofVerifierCallback> callback( |
435 new DummyProofVerifierCallback); | 435 new DummyProofVerifierCallback); |
436 QuicAsyncStatus status = proof_verifier.VerifyProof( | 436 QuicAsyncStatus status = proof_verifier.VerifyProof( |
437 kTestHostname, kTestPort, kTestConfig, QUIC_VERSION_25, "", certs_, "", | 437 kTestHostname, kTestPort, kTestConfig, QUIC_VERSION_35, "", certs_, "", |
438 GetTestSignature(), verify_context_.get(), &error_details_, &details_, | 438 GetTestSignature(), verify_context_.get(), &error_details_, &details_, |
439 std::move(callback)); | 439 std::move(callback)); |
440 ASSERT_EQ(QUIC_FAILURE, status); | 440 ASSERT_EQ(QUIC_FAILURE, status); |
441 | 441 |
442 ASSERT_TRUE(details_.get()); | 442 ASSERT_TRUE(details_.get()); |
443 ProofVerifyDetailsChromium* verify_details = | 443 ProofVerifyDetailsChromium* verify_details = |
444 static_cast<ProofVerifyDetailsChromium*>(details_.get()); | 444 static_cast<ProofVerifyDetailsChromium*>(details_.get()); |
445 EXPECT_TRUE(verify_details->cert_verify_result.cert_status & | 445 EXPECT_TRUE(verify_details->cert_verify_result.cert_status & |
446 CERT_STATUS_PINNED_KEY_MISSING); | 446 CERT_STATUS_PINNED_KEY_MISSING); |
447 EXPECT_FALSE(verify_details->pkp_bypassed); | 447 EXPECT_FALSE(verify_details->pkp_bypassed); |
(...skipping 20 matching lines...) Expand all Loading... |
468 kTestHostname, base::Time::Now() + base::TimeDelta::FromSeconds(10000), | 468 kTestHostname, base::Time::Now() + base::TimeDelta::FromSeconds(10000), |
469 true, expected_hashes, GURL()); | 469 true, expected_hashes, GURL()); |
470 | 470 |
471 ProofVerifierChromium proof_verifier(&dummy_verifier, &ct_policy_enforcer_, | 471 ProofVerifierChromium proof_verifier(&dummy_verifier, &ct_policy_enforcer_, |
472 &transport_security_state_, | 472 &transport_security_state_, |
473 ct_verifier_.get()); | 473 ct_verifier_.get()); |
474 | 474 |
475 std::unique_ptr<DummyProofVerifierCallback> callback( | 475 std::unique_ptr<DummyProofVerifierCallback> callback( |
476 new DummyProofVerifierCallback); | 476 new DummyProofVerifierCallback); |
477 QuicAsyncStatus status = proof_verifier.VerifyProof( | 477 QuicAsyncStatus status = proof_verifier.VerifyProof( |
478 kTestHostname, kTestPort, kTestConfig, QUIC_VERSION_25, "", certs_, "", | 478 kTestHostname, kTestPort, kTestConfig, QUIC_VERSION_35, "", certs_, "", |
479 GetTestSignature(), verify_context_.get(), &error_details_, &details_, | 479 GetTestSignature(), verify_context_.get(), &error_details_, &details_, |
480 std::move(callback)); | 480 std::move(callback)); |
481 ASSERT_EQ(QUIC_SUCCESS, status); | 481 ASSERT_EQ(QUIC_SUCCESS, status); |
482 | 482 |
483 ASSERT_TRUE(details_.get()); | 483 ASSERT_TRUE(details_.get()); |
484 ProofVerifyDetailsChromium* verify_details = | 484 ProofVerifyDetailsChromium* verify_details = |
485 static_cast<ProofVerifyDetailsChromium*>(details_.get()); | 485 static_cast<ProofVerifyDetailsChromium*>(details_.get()); |
486 EXPECT_TRUE(verify_details->pkp_bypassed); | 486 EXPECT_TRUE(verify_details->pkp_bypassed); |
487 } | 487 } |
488 | 488 |
(...skipping 25 matching lines...) Expand all Loading... |
514 .WillRepeatedly( | 514 .WillRepeatedly( |
515 Return(ct::CertPolicyCompliance::CERT_POLICY_NOT_ENOUGH_SCTS)); | 515 Return(ct::CertPolicyCompliance::CERT_POLICY_NOT_ENOUGH_SCTS)); |
516 | 516 |
517 ProofVerifierChromium proof_verifier(&dummy_verifier, &ct_policy_enforcer_, | 517 ProofVerifierChromium proof_verifier(&dummy_verifier, &ct_policy_enforcer_, |
518 &transport_security_state_, | 518 &transport_security_state_, |
519 ct_verifier_.get()); | 519 ct_verifier_.get()); |
520 | 520 |
521 std::unique_ptr<DummyProofVerifierCallback> callback( | 521 std::unique_ptr<DummyProofVerifierCallback> callback( |
522 new DummyProofVerifierCallback); | 522 new DummyProofVerifierCallback); |
523 QuicAsyncStatus status = proof_verifier.VerifyProof( | 523 QuicAsyncStatus status = proof_verifier.VerifyProof( |
524 kTestHostname, kTestPort, kTestConfig, QUIC_VERSION_25, "", certs_, "", | 524 kTestHostname, kTestPort, kTestConfig, QUIC_VERSION_35, "", certs_, "", |
525 GetTestSignature(), verify_context_.get(), &error_details_, &details_, | 525 GetTestSignature(), verify_context_.get(), &error_details_, &details_, |
526 std::move(callback)); | 526 std::move(callback)); |
527 ASSERT_EQ(QUIC_FAILURE, status); | 527 ASSERT_EQ(QUIC_FAILURE, status); |
528 | 528 |
529 ASSERT_TRUE(details_.get()); | 529 ASSERT_TRUE(details_.get()); |
530 ProofVerifyDetailsChromium* verify_details = | 530 ProofVerifyDetailsChromium* verify_details = |
531 static_cast<ProofVerifyDetailsChromium*>(details_.get()); | 531 static_cast<ProofVerifyDetailsChromium*>(details_.get()); |
532 EXPECT_TRUE(verify_details->cert_verify_result.cert_status & | 532 EXPECT_TRUE(verify_details->cert_verify_result.cert_status & |
533 CERT_STATUS_CERTIFICATE_TRANSPARENCY_REQUIRED); | 533 CERT_STATUS_CERTIFICATE_TRANSPARENCY_REQUIRED); |
534 } | 534 } |
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
566 .WillRepeatedly( | 566 .WillRepeatedly( |
567 Return(ct::CertPolicyCompliance::CERT_POLICY_NOT_ENOUGH_SCTS)); | 567 Return(ct::CertPolicyCompliance::CERT_POLICY_NOT_ENOUGH_SCTS)); |
568 | 568 |
569 ProofVerifierChromium proof_verifier(&dummy_verifier, &ct_policy_enforcer_, | 569 ProofVerifierChromium proof_verifier(&dummy_verifier, &ct_policy_enforcer_, |
570 &transport_security_state_, | 570 &transport_security_state_, |
571 ct_verifier_.get()); | 571 ct_verifier_.get()); |
572 | 572 |
573 std::unique_ptr<DummyProofVerifierCallback> callback( | 573 std::unique_ptr<DummyProofVerifierCallback> callback( |
574 new DummyProofVerifierCallback); | 574 new DummyProofVerifierCallback); |
575 QuicAsyncStatus status = proof_verifier.VerifyProof( | 575 QuicAsyncStatus status = proof_verifier.VerifyProof( |
576 kTestHostname, kTestPort, kTestConfig, QUIC_VERSION_25, "", certs_, "", | 576 kTestHostname, kTestPort, kTestConfig, QUIC_VERSION_35, "", certs_, "", |
577 GetTestSignature(), verify_context_.get(), &error_details_, &details_, | 577 GetTestSignature(), verify_context_.get(), &error_details_, &details_, |
578 std::move(callback)); | 578 std::move(callback)); |
579 ASSERT_EQ(QUIC_FAILURE, status); | 579 ASSERT_EQ(QUIC_FAILURE, status); |
580 | 580 |
581 ASSERT_TRUE(details_.get()); | 581 ASSERT_TRUE(details_.get()); |
582 ProofVerifyDetailsChromium* verify_details = | 582 ProofVerifyDetailsChromium* verify_details = |
583 static_cast<ProofVerifyDetailsChromium*>(details_.get()); | 583 static_cast<ProofVerifyDetailsChromium*>(details_.get()); |
584 EXPECT_TRUE(verify_details->cert_verify_result.cert_status & | 584 EXPECT_TRUE(verify_details->cert_verify_result.cert_status & |
585 CERT_STATUS_PINNED_KEY_MISSING); | 585 CERT_STATUS_PINNED_KEY_MISSING); |
586 EXPECT_TRUE(verify_details->cert_verify_result.cert_status & | 586 EXPECT_TRUE(verify_details->cert_verify_result.cert_status & |
587 CERT_STATUS_CERTIFICATE_TRANSPARENCY_REQUIRED); | 587 CERT_STATUS_CERTIFICATE_TRANSPARENCY_REQUIRED); |
588 } | 588 } |
589 | 589 |
590 } // namespace test | 590 } // namespace test |
591 } // namespace net | 591 } // namespace net |
OLD | NEW |