OLD | NEW |
1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/caching_cert_verifier.h" | 5 #include "net/cert/caching_cert_verifier.h" |
6 | 6 |
7 #include <memory> | 7 #include <memory> |
8 | 8 |
9 #include "base/files/file_path.h" | 9 #include "base/files/file_path.h" |
10 #include "base/memory/ptr_util.h" | 10 #include "base/memory/ptr_util.h" |
(...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
65 ASSERT_TRUE(test_cert.get()); | 65 ASSERT_TRUE(test_cert.get()); |
66 | 66 |
67 int error; | 67 int error; |
68 CertVerifyResult verify_result; | 68 CertVerifyResult verify_result; |
69 TestCompletionCallback callback; | 69 TestCompletionCallback callback; |
70 std::unique_ptr<CertVerifier::Request> request; | 70 std::unique_ptr<CertVerifier::Request> request; |
71 | 71 |
72 error = callback.GetResult(verifier_.Verify( | 72 error = callback.GetResult(verifier_.Verify( |
73 CertVerifier::RequestParams(test_cert, "www.example.com", 0, | 73 CertVerifier::RequestParams(test_cert, "www.example.com", 0, |
74 std::string(), CertificateList()), | 74 std::string(), CertificateList()), |
75 nullptr, &verify_result, callback.callback(), &request, BoundNetLog())); | 75 nullptr, &verify_result, callback.callback(), &request, |
| 76 NetLogWithSource())); |
76 ASSERT_TRUE(IsCertificateError(error)); | 77 ASSERT_TRUE(IsCertificateError(error)); |
77 ASSERT_EQ(1u, verifier_.requests()); | 78 ASSERT_EQ(1u, verifier_.requests()); |
78 ASSERT_EQ(0u, verifier_.cache_hits()); | 79 ASSERT_EQ(0u, verifier_.cache_hits()); |
79 ASSERT_EQ(1u, verifier_.GetCacheSize()); | 80 ASSERT_EQ(1u, verifier_.GetCacheSize()); |
80 | 81 |
81 error = verifier_.Verify( | 82 error = verifier_.Verify( |
82 CertVerifier::RequestParams(test_cert, "www.example.com", 0, | 83 CertVerifier::RequestParams(test_cert, "www.example.com", 0, |
83 std::string(), CertificateList()), | 84 std::string(), CertificateList()), |
84 nullptr, &verify_result, callback.callback(), &request, BoundNetLog()); | 85 nullptr, &verify_result, callback.callback(), &request, |
| 86 NetLogWithSource()); |
85 // Synchronous completion. | 87 // Synchronous completion. |
86 ASSERT_NE(ERR_IO_PENDING, error); | 88 ASSERT_NE(ERR_IO_PENDING, error); |
87 ASSERT_TRUE(IsCertificateError(error)); | 89 ASSERT_TRUE(IsCertificateError(error)); |
88 ASSERT_FALSE(request); | 90 ASSERT_FALSE(request); |
89 ASSERT_EQ(2u, verifier_.requests()); | 91 ASSERT_EQ(2u, verifier_.requests()); |
90 ASSERT_EQ(1u, verifier_.cache_hits()); | 92 ASSERT_EQ(1u, verifier_.cache_hits()); |
91 ASSERT_EQ(1u, verifier_.GetCacheSize()); | 93 ASSERT_EQ(1u, verifier_.GetCacheSize()); |
92 } | 94 } |
93 | 95 |
94 TEST_F(CachingCertVerifierTest, Visitor) { | 96 TEST_F(CachingCertVerifierTest, Visitor) { |
95 base::FilePath certs_dir = GetTestCertsDirectory(); | 97 base::FilePath certs_dir = GetTestCertsDirectory(); |
96 scoped_refptr<X509Certificate> test_cert( | 98 scoped_refptr<X509Certificate> test_cert( |
97 ImportCertFromFile(certs_dir, "ok_cert.pem")); | 99 ImportCertFromFile(certs_dir, "ok_cert.pem")); |
98 ASSERT_TRUE(test_cert.get()); | 100 ASSERT_TRUE(test_cert.get()); |
99 | 101 |
100 TestCompletionCallback callback; | 102 TestCompletionCallback callback; |
101 std::unique_ptr<CertVerifier::Request> request; | 103 std::unique_ptr<CertVerifier::Request> request; |
102 | 104 |
103 // Add some entries to the cache | 105 // Add some entries to the cache |
104 CertVerifier::RequestParams params1(test_cert, "www.example.com", 0, | 106 CertVerifier::RequestParams params1(test_cert, "www.example.com", 0, |
105 std::string(), CertificateList()); | 107 std::string(), CertificateList()); |
106 CertVerifyResult result1; | 108 CertVerifyResult result1; |
107 int error1 = callback.GetResult(verifier_.Verify(params1, nullptr, &result1, | 109 int error1 = callback.GetResult( |
108 callback.callback(), | 110 verifier_.Verify(params1, nullptr, &result1, callback.callback(), |
109 &request, BoundNetLog())); | 111 &request, NetLogWithSource())); |
110 ASSERT_TRUE(IsCertificateError(error1)); | 112 ASSERT_TRUE(IsCertificateError(error1)); |
111 ASSERT_EQ(1u, verifier_.requests()); | 113 ASSERT_EQ(1u, verifier_.requests()); |
112 ASSERT_EQ(0u, verifier_.cache_hits()); | 114 ASSERT_EQ(0u, verifier_.cache_hits()); |
113 ASSERT_EQ(1u, verifier_.GetCacheSize()); | 115 ASSERT_EQ(1u, verifier_.GetCacheSize()); |
114 | 116 |
115 CertVerifier::RequestParams params2(test_cert, "www.example.net", 0, | 117 CertVerifier::RequestParams params2(test_cert, "www.example.net", 0, |
116 std::string(), CertificateList()); | 118 std::string(), CertificateList()); |
117 CertVerifyResult result2; | 119 CertVerifyResult result2; |
118 int error2 = callback.GetResult(verifier_.Verify(params2, nullptr, &result2, | 120 int error2 = callback.GetResult( |
119 callback.callback(), | 121 verifier_.Verify(params2, nullptr, &result2, callback.callback(), |
120 &request, BoundNetLog())); | 122 &request, NetLogWithSource())); |
121 ASSERT_TRUE(IsCertificateError(error2)); | 123 ASSERT_TRUE(IsCertificateError(error2)); |
122 ASSERT_EQ(2u, verifier_.requests()); | 124 ASSERT_EQ(2u, verifier_.requests()); |
123 ASSERT_EQ(0u, verifier_.cache_hits()); | 125 ASSERT_EQ(0u, verifier_.cache_hits()); |
124 ASSERT_EQ(2u, verifier_.GetCacheSize()); | 126 ASSERT_EQ(2u, verifier_.GetCacheSize()); |
125 | 127 |
126 CertVerifier::RequestParams params3(test_cert, "www.example.org", 0, | 128 CertVerifier::RequestParams params3(test_cert, "www.example.org", 0, |
127 std::string(), CertificateList()); | 129 std::string(), CertificateList()); |
128 CertVerifyResult result3; | 130 CertVerifyResult result3; |
129 int error3 = callback.GetResult(verifier_.Verify(params3, nullptr, &result3, | 131 int error3 = callback.GetResult( |
130 callback.callback(), | 132 verifier_.Verify(params3, nullptr, &result3, callback.callback(), |
131 &request, BoundNetLog())); | 133 &request, NetLogWithSource())); |
132 ASSERT_TRUE(IsCertificateError(error3)); | 134 ASSERT_TRUE(IsCertificateError(error3)); |
133 ASSERT_EQ(3u, verifier_.requests()); | 135 ASSERT_EQ(3u, verifier_.requests()); |
134 ASSERT_EQ(0u, verifier_.cache_hits()); | 136 ASSERT_EQ(0u, verifier_.cache_hits()); |
135 ASSERT_EQ(3u, verifier_.GetCacheSize()); | 137 ASSERT_EQ(3u, verifier_.GetCacheSize()); |
136 | 138 |
137 // Iterate through all entries. | 139 // Iterate through all entries. |
138 { | 140 { |
139 MockCacheVisitor mock_visitor; | 141 MockCacheVisitor mock_visitor; |
140 EXPECT_CALL(mock_visitor, VisitEntry(params1, error1, _, _, _)) | 142 EXPECT_CALL(mock_visitor, VisitEntry(params1, error1, _, _, _)) |
141 .WillOnce(Return(true)); | 143 .WillOnce(Return(true)); |
(...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
184 ASSERT_EQ(0u, verifier_.requests()); | 186 ASSERT_EQ(0u, verifier_.requests()); |
185 ASSERT_EQ(0u, verifier_.cache_hits()); | 187 ASSERT_EQ(0u, verifier_.cache_hits()); |
186 ASSERT_EQ(1u, verifier_.GetCacheSize()); | 188 ASSERT_EQ(1u, verifier_.GetCacheSize()); |
187 | 189 |
188 TestCompletionCallback callback; | 190 TestCompletionCallback callback; |
189 std::unique_ptr<CertVerifier::Request> request; | 191 std::unique_ptr<CertVerifier::Request> request; |
190 | 192 |
191 CertVerifyResult cached_result; | 193 CertVerifyResult cached_result; |
192 int error = callback.GetResult( | 194 int error = callback.GetResult( |
193 verifier_.Verify(params, nullptr, &cached_result, callback.callback(), | 195 verifier_.Verify(params, nullptr, &cached_result, callback.callback(), |
194 &request, BoundNetLog())); | 196 &request, NetLogWithSource())); |
195 ASSERT_THAT(error, IsError(ERR_CERT_WEAK_KEY)); | 197 ASSERT_THAT(error, IsError(ERR_CERT_WEAK_KEY)); |
196 EXPECT_TRUE(cached_result.has_md2); | 198 EXPECT_TRUE(cached_result.has_md2); |
197 EXPECT_FALSE(cached_result.is_issued_by_known_root); | 199 EXPECT_FALSE(cached_result.is_issued_by_known_root); |
198 | 200 |
199 ASSERT_EQ(1u, verifier_.requests()); | 201 ASSERT_EQ(1u, verifier_.requests()); |
200 ASSERT_EQ(1u, verifier_.cache_hits()); | 202 ASSERT_EQ(1u, verifier_.cache_hits()); |
201 ASSERT_EQ(1u, verifier_.GetCacheSize()); | 203 ASSERT_EQ(1u, verifier_.GetCacheSize()); |
202 | 204 |
203 // But it should not be fine to replace it with an existing entry, even | 205 // But it should not be fine to replace it with an existing entry, even |
204 // if that entry is 'newer'. | 206 // if that entry is 'newer'. |
205 EXPECT_FALSE(verifier_.AddEntry(params, OK, result_2, | 207 EXPECT_FALSE(verifier_.AddEntry(params, OK, result_2, |
206 now + base::TimeDelta::FromMinutes(1))); | 208 now + base::TimeDelta::FromMinutes(1))); |
207 | 209 |
208 error = callback.GetResult(verifier_.Verify(params, nullptr, &cached_result, | 210 error = callback.GetResult(verifier_.Verify(params, nullptr, &cached_result, |
209 callback.callback(), &request, | 211 callback.callback(), &request, |
210 BoundNetLog())); | 212 NetLogWithSource())); |
211 ASSERT_THAT(error, IsError(ERR_CERT_WEAK_KEY)); | 213 ASSERT_THAT(error, IsError(ERR_CERT_WEAK_KEY)); |
212 EXPECT_TRUE(cached_result.has_md2); | 214 EXPECT_TRUE(cached_result.has_md2); |
213 EXPECT_FALSE(cached_result.is_issued_by_known_root); | 215 EXPECT_FALSE(cached_result.is_issued_by_known_root); |
214 | 216 |
215 ASSERT_EQ(2u, verifier_.requests()); | 217 ASSERT_EQ(2u, verifier_.requests()); |
216 ASSERT_EQ(2u, verifier_.cache_hits()); | 218 ASSERT_EQ(2u, verifier_.cache_hits()); |
217 ASSERT_EQ(1u, verifier_.GetCacheSize()); | 219 ASSERT_EQ(1u, verifier_.GetCacheSize()); |
218 } | 220 } |
219 | 221 |
220 // Tests the same server certificate with different intermediate CA | 222 // Tests the same server certificate with different intermediate CA |
(...skipping 29 matching lines...) Expand all Loading... |
250 ASSERT_TRUE(cert_chain2); | 252 ASSERT_TRUE(cert_chain2); |
251 | 253 |
252 int error; | 254 int error; |
253 CertVerifyResult verify_result; | 255 CertVerifyResult verify_result; |
254 TestCompletionCallback callback; | 256 TestCompletionCallback callback; |
255 std::unique_ptr<CertVerifier::Request> request; | 257 std::unique_ptr<CertVerifier::Request> request; |
256 | 258 |
257 error = callback.GetResult(verifier_.Verify( | 259 error = callback.GetResult(verifier_.Verify( |
258 CertVerifier::RequestParams(cert_chain1, "www.example.com", 0, | 260 CertVerifier::RequestParams(cert_chain1, "www.example.com", 0, |
259 std::string(), CertificateList()), | 261 std::string(), CertificateList()), |
260 nullptr, &verify_result, callback.callback(), &request, BoundNetLog())); | 262 nullptr, &verify_result, callback.callback(), &request, |
| 263 NetLogWithSource())); |
261 ASSERT_TRUE(IsCertificateError(error)); | 264 ASSERT_TRUE(IsCertificateError(error)); |
262 ASSERT_EQ(1u, verifier_.requests()); | 265 ASSERT_EQ(1u, verifier_.requests()); |
263 ASSERT_EQ(0u, verifier_.cache_hits()); | 266 ASSERT_EQ(0u, verifier_.cache_hits()); |
264 ASSERT_EQ(1u, verifier_.GetCacheSize()); | 267 ASSERT_EQ(1u, verifier_.GetCacheSize()); |
265 | 268 |
266 error = callback.GetResult(verifier_.Verify( | 269 error = callback.GetResult(verifier_.Verify( |
267 CertVerifier::RequestParams(cert_chain2, "www.example.com", 0, | 270 CertVerifier::RequestParams(cert_chain2, "www.example.com", 0, |
268 std::string(), CertificateList()), | 271 std::string(), CertificateList()), |
269 nullptr, &verify_result, callback.callback(), &request, BoundNetLog())); | 272 nullptr, &verify_result, callback.callback(), &request, |
| 273 NetLogWithSource())); |
270 ASSERT_TRUE(IsCertificateError(error)); | 274 ASSERT_TRUE(IsCertificateError(error)); |
271 ASSERT_EQ(2u, verifier_.requests()); | 275 ASSERT_EQ(2u, verifier_.requests()); |
272 ASSERT_EQ(0u, verifier_.cache_hits()); | 276 ASSERT_EQ(0u, verifier_.cache_hits()); |
273 ASSERT_EQ(2u, verifier_.GetCacheSize()); | 277 ASSERT_EQ(2u, verifier_.GetCacheSize()); |
274 } | 278 } |
275 | 279 |
276 } // namespace net | 280 } // namespace net |
OLD | NEW |