Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(13)

Side by Side Diff: net/socket/ssl_client_socket_unittest.cc

Issue 2300533002: Stop caching DER-encoded certificates unnecessarily (Closed)
Patch Set: Remove debug Created 4 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/socket/ssl_client_socket_impl.cc ('k') | net/socket/ssl_server_socket_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/socket/ssl_client_socket.h" 5 #include "net/socket/ssl_client_socket.h"
6 6
7 #include <errno.h> 7 #include <errno.h>
8 #include <string.h> 8 #include <string.h>
9 9
10 #include <utility> 10 #include <utility>
(...skipping 2122 matching lines...) Expand 10 before | Expand all | Expand 10 after
2133 X509Certificate::FORMAT_AUTO); 2133 X509Certificate::FORMAT_AUTO);
2134 ASSERT_EQ(4u, unverified_certs.size()); 2134 ASSERT_EQ(4u, unverified_certs.size());
2135 2135
2136 // We will expect SSLInfo to ultimately contain this chain. 2136 // We will expect SSLInfo to ultimately contain this chain.
2137 CertificateList certs = 2137 CertificateList certs =
2138 CreateCertificateListFromFile(GetTestCertsDirectory(), 2138 CreateCertificateListFromFile(GetTestCertsDirectory(),
2139 "redundant-validated-chain.pem", 2139 "redundant-validated-chain.pem",
2140 X509Certificate::FORMAT_AUTO); 2140 X509Certificate::FORMAT_AUTO);
2141 ASSERT_EQ(3U, certs.size()); 2141 ASSERT_EQ(3U, certs.size());
2142 2142
2143 ASSERT_TRUE(certs[0]->Equals(unverified_certs[0].get()));
2144
2143 X509Certificate::OSCertHandles temp_intermediates; 2145 X509Certificate::OSCertHandles temp_intermediates;
2144 temp_intermediates.push_back(certs[1]->os_cert_handle()); 2146 temp_intermediates.push_back(certs[1]->os_cert_handle());
2145 temp_intermediates.push_back(certs[2]->os_cert_handle()); 2147 temp_intermediates.push_back(certs[2]->os_cert_handle());
2146 2148
2147 CertVerifyResult verify_result; 2149 CertVerifyResult verify_result;
2148 verify_result.verified_cert = X509Certificate::CreateFromHandle( 2150 verify_result.verified_cert = X509Certificate::CreateFromHandle(
2149 certs[0]->os_cert_handle(), temp_intermediates); 2151 certs[0]->os_cert_handle(), temp_intermediates);
2150 2152
2151 // Add a rule that maps the server cert (A) to the chain of A->B->C2 2153 // Add a rule that maps the server cert (A) to the chain of A->B->C2
2152 // rather than A->B->C. 2154 // rather than A->B->C.
(...skipping 13 matching lines...) Expand all
2166 int rv; 2168 int rv;
2167 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv)); 2169 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
2168 EXPECT_THAT(rv, IsOk()); 2170 EXPECT_THAT(rv, IsOk());
2169 EXPECT_TRUE(sock_->IsConnected()); 2171 EXPECT_TRUE(sock_->IsConnected());
2170 2172
2171 TestNetLogEntry::List entries; 2173 TestNetLogEntry::List entries;
2172 log_.GetEntries(&entries); 2174 log_.GetEntries(&entries);
2173 EXPECT_TRUE(LogContainsEndEvent(entries, -1, NetLog::TYPE_SSL_CONNECT)); 2175 EXPECT_TRUE(LogContainsEndEvent(entries, -1, NetLog::TYPE_SSL_CONNECT));
2174 2176
2175 SSLInfo ssl_info; 2177 SSLInfo ssl_info;
2176 sock_->GetSSLInfo(&ssl_info); 2178 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
2177 2179
2178 // Verify that SSLInfo contains the corrected re-constructed chain A -> B 2180 // Verify that SSLInfo contains the corrected re-constructed chain A -> B
2179 // -> C2. 2181 // -> C2.
2182 ASSERT_TRUE(ssl_info.cert);
2180 const X509Certificate::OSCertHandles& intermediates = 2183 const X509Certificate::OSCertHandles& intermediates =
2181 ssl_info.cert->GetIntermediateCertificates(); 2184 ssl_info.cert->GetIntermediateCertificates();
2182 ASSERT_EQ(2U, intermediates.size()); 2185 ASSERT_EQ(2U, intermediates.size());
2183 EXPECT_TRUE(X509Certificate::IsSameOSCert(ssl_info.cert->os_cert_handle(), 2186 EXPECT_TRUE(X509Certificate::IsSameOSCert(ssl_info.cert->os_cert_handle(),
2184 certs[0]->os_cert_handle())); 2187 certs[0]->os_cert_handle()));
2185 EXPECT_TRUE(X509Certificate::IsSameOSCert(intermediates[0], 2188 EXPECT_TRUE(X509Certificate::IsSameOSCert(intermediates[0],
2186 certs[1]->os_cert_handle())); 2189 certs[1]->os_cert_handle()));
2187 EXPECT_TRUE(X509Certificate::IsSameOSCert(intermediates[1], 2190 EXPECT_TRUE(X509Certificate::IsSameOSCert(intermediates[1],
2188 certs[2]->os_cert_handle())); 2191 certs[2]->os_cert_handle()));
2189 2192
2190 // Verify that SSLInfo also contains the chain as received from the server. 2193 // Verify that SSLInfo also contains the chain as received from the server.
2194 ASSERT_TRUE(ssl_info.unverified_cert);
2191 const X509Certificate::OSCertHandles& served_intermediates = 2195 const X509Certificate::OSCertHandles& served_intermediates =
2192 ssl_info.unverified_cert->GetIntermediateCertificates(); 2196 ssl_info.unverified_cert->GetIntermediateCertificates();
2193 ASSERT_EQ(3U, served_intermediates.size()); 2197 ASSERT_EQ(3U, served_intermediates.size());
2194 EXPECT_TRUE(X509Certificate::IsSameOSCert( 2198 EXPECT_TRUE(X509Certificate::IsSameOSCert(
2195 ssl_info.cert->os_cert_handle(), unverified_certs[0]->os_cert_handle())); 2199 ssl_info.cert->os_cert_handle(), unverified_certs[0]->os_cert_handle()));
2196 EXPECT_TRUE(X509Certificate::IsSameOSCert( 2200 EXPECT_TRUE(X509Certificate::IsSameOSCert(
2197 served_intermediates[0], unverified_certs[1]->os_cert_handle())); 2201 served_intermediates[0], unverified_certs[1]->os_cert_handle()));
2198 EXPECT_TRUE(X509Certificate::IsSameOSCert( 2202 EXPECT_TRUE(X509Certificate::IsSameOSCert(
2199 served_intermediates[1], unverified_certs[2]->os_cert_handle())); 2203 served_intermediates[1], unverified_certs[2]->os_cert_handle()));
2200 EXPECT_TRUE(X509Certificate::IsSameOSCert( 2204 EXPECT_TRUE(X509Certificate::IsSameOSCert(
(...skipping 1265 matching lines...) Expand 10 before | Expand all | Expand 10 after
3466 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info)); 3470 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3467 3471
3468 EXPECT_THAT(rv, IsError(ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN)); 3472 EXPECT_THAT(rv, IsError(ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN));
3469 EXPECT_TRUE(ssl_info.cert_status & CERT_STATUS_PINNED_KEY_MISSING); 3473 EXPECT_TRUE(ssl_info.cert_status & CERT_STATUS_PINNED_KEY_MISSING);
3470 EXPECT_TRUE(ssl_info.cert_status & 3474 EXPECT_TRUE(ssl_info.cert_status &
3471 CERT_STATUS_CERTIFICATE_TRANSPARENCY_REQUIRED); 3475 CERT_STATUS_CERTIFICATE_TRANSPARENCY_REQUIRED);
3472 EXPECT_TRUE(sock_->IsConnected()); 3476 EXPECT_TRUE(sock_->IsConnected());
3473 } 3477 }
3474 3478
3475 } // namespace net 3479 } // namespace net
OLDNEW
« no previous file with comments | « net/socket/ssl_client_socket_impl.cc ('k') | net/socket/ssl_server_socket_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698