OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/multi_log_ct_verifier.h" | 5 #include "net/cert/multi_log_ct_verifier.h" |
6 | 6 |
7 #include <memory> | 7 #include <memory> |
8 #include <string> | 8 #include <string> |
9 | 9 |
10 #include "base/files/file_path.h" | 10 #include "base/files/file_path.h" |
(...skipping 94 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
105 std::string verification_status; | 105 std::string verification_status; |
106 if (!the_sct->GetString("verification_status", &verification_status)) | 106 if (!the_sct->GetString("verification_status", &verification_status)) |
107 return false; | 107 return false; |
108 if (verification_status != "Verified") | 108 if (verification_status != "Verified") |
109 return false; | 109 return false; |
110 | 110 |
111 return true; | 111 return true; |
112 } | 112 } |
113 | 113 |
114 bool VerifySinglePrecertificateChain(scoped_refptr<X509Certificate> chain, | 114 bool VerifySinglePrecertificateChain(scoped_refptr<X509Certificate> chain, |
115 const BoundNetLog& bound_net_log, | 115 const NetLogWithSource& net_log, |
116 ct::CTVerifyResult* result) { | 116 ct::CTVerifyResult* result) { |
117 return verifier_->Verify(chain.get(), | 117 return verifier_->Verify(chain.get(), std::string(), std::string(), result, |
118 std::string(), | 118 net_log) == OK; |
119 std::string(), | |
120 result, | |
121 bound_net_log) == OK; | |
122 } | 119 } |
123 | 120 |
124 bool VerifySinglePrecertificateChain(scoped_refptr<X509Certificate> chain) { | 121 bool VerifySinglePrecertificateChain(scoped_refptr<X509Certificate> chain) { |
125 ct::CTVerifyResult result; | 122 ct::CTVerifyResult result; |
126 TestNetLog net_log; | 123 TestNetLog test_net_log; |
127 BoundNetLog bound_net_log = | 124 NetLogWithSource net_log = |
128 BoundNetLog::Make(&net_log, NetLogSourceType::CONNECT_JOB); | 125 NetLogWithSource::Make(&test_net_log, NetLogSourceType::CONNECT_JOB); |
129 | 126 |
130 return verifier_->Verify(chain.get(), | 127 return verifier_->Verify(chain.get(), std::string(), std::string(), &result, |
131 std::string(), | 128 net_log) == OK; |
132 std::string(), | |
133 &result, | |
134 bound_net_log) == OK; | |
135 } | 129 } |
136 | 130 |
137 bool CheckPrecertificateVerification(scoped_refptr<X509Certificate> chain) { | 131 bool CheckPrecertificateVerification(scoped_refptr<X509Certificate> chain) { |
138 ct::CTVerifyResult result; | 132 ct::CTVerifyResult result; |
139 TestNetLog net_log; | 133 TestNetLog test_net_log; |
140 BoundNetLog bound_net_log = | 134 NetLogWithSource net_log = |
141 BoundNetLog::Make(&net_log, NetLogSourceType::CONNECT_JOB); | 135 NetLogWithSource::Make(&test_net_log, NetLogSourceType::CONNECT_JOB); |
142 return (VerifySinglePrecertificateChain(chain, bound_net_log, &result) && | 136 return (VerifySinglePrecertificateChain(chain, net_log, &result) && |
143 ct::CheckForSingleVerifiedSCTInResult(result, kLogDescription) && | 137 ct::CheckForSingleVerifiedSCTInResult(result, kLogDescription) && |
144 ct::CheckForSCTOrigin( | 138 ct::CheckForSCTOrigin( |
145 result, ct::SignedCertificateTimestamp::SCT_EMBEDDED) && | 139 result, ct::SignedCertificateTimestamp::SCT_EMBEDDED) && |
146 CheckForEmbeddedSCTInNetLog(net_log)); | 140 CheckForEmbeddedSCTInNetLog(test_net_log)); |
147 } | 141 } |
148 | 142 |
149 // Histogram-related helper methods | 143 // Histogram-related helper methods |
150 int GetValueFromHistogram(const std::string& histogram_name, | 144 int GetValueFromHistogram(const std::string& histogram_name, |
151 int sample_index) { | 145 int sample_index) { |
152 base::Histogram* histogram = static_cast<base::Histogram*>( | 146 base::Histogram* histogram = static_cast<base::Histogram*>( |
153 base::StatisticsRecorder::FindHistogram(histogram_name)); | 147 base::StatisticsRecorder::FindHistogram(histogram_name)); |
154 | 148 |
155 if (histogram == NULL) | 149 if (histogram == NULL) |
156 return 0; | 150 return 0; |
(...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
210 "ct-test-embedded-with-intermediate-preca-chain.pem", | 204 "ct-test-embedded-with-intermediate-preca-chain.pem", |
211 X509Certificate::FORMAT_AUTO)); | 205 X509Certificate::FORMAT_AUTO)); |
212 ASSERT_TRUE(chain.get()); | 206 ASSERT_TRUE(chain.get()); |
213 ASSERT_TRUE(CheckPrecertificateVerification(chain)); | 207 ASSERT_TRUE(CheckPrecertificateVerification(chain)); |
214 } | 208 } |
215 | 209 |
216 TEST_F(MultiLogCTVerifierTest, VerifiesSCTOverX509Cert) { | 210 TEST_F(MultiLogCTVerifierTest, VerifiesSCTOverX509Cert) { |
217 std::string sct_list = ct::GetSCTListForTesting(); | 211 std::string sct_list = ct::GetSCTListForTesting(); |
218 | 212 |
219 ct::CTVerifyResult result; | 213 ct::CTVerifyResult result; |
220 EXPECT_EQ(OK, | 214 EXPECT_EQ(OK, verifier_->Verify(chain_.get(), std::string(), sct_list, |
221 verifier_->Verify( | 215 &result, NetLogWithSource())); |
222 chain_.get(), std::string(), sct_list, &result, BoundNetLog())); | |
223 ASSERT_TRUE(ct::CheckForSingleVerifiedSCTInResult(result, kLogDescription)); | 216 ASSERT_TRUE(ct::CheckForSingleVerifiedSCTInResult(result, kLogDescription)); |
224 ASSERT_TRUE(ct::CheckForSCTOrigin( | 217 ASSERT_TRUE(ct::CheckForSCTOrigin( |
225 result, ct::SignedCertificateTimestamp::SCT_FROM_TLS_EXTENSION)); | 218 result, ct::SignedCertificateTimestamp::SCT_FROM_TLS_EXTENSION)); |
226 } | 219 } |
227 | 220 |
228 TEST_F(MultiLogCTVerifierTest, IdentifiesSCTFromUnknownLog) { | 221 TEST_F(MultiLogCTVerifierTest, IdentifiesSCTFromUnknownLog) { |
229 std::string sct_list = ct::GetSCTListWithInvalidSCT(); | 222 std::string sct_list = ct::GetSCTListWithInvalidSCT(); |
230 ct::CTVerifyResult result; | 223 ct::CTVerifyResult result; |
231 | 224 |
232 EXPECT_NE(OK, | 225 EXPECT_NE(OK, verifier_->Verify(chain_.get(), std::string(), sct_list, |
233 verifier_->Verify( | 226 &result, NetLogWithSource())); |
234 chain_.get(), std::string(), sct_list, &result, BoundNetLog())); | |
235 EXPECT_EQ(1U, result.scts.size()); | 227 EXPECT_EQ(1U, result.scts.size()); |
236 EXPECT_EQ("", result.scts[0].sct->log_description); | 228 EXPECT_EQ("", result.scts[0].sct->log_description); |
237 EXPECT_EQ(ct::SCT_STATUS_LOG_UNKNOWN, result.scts[0].status); | 229 EXPECT_EQ(ct::SCT_STATUS_LOG_UNKNOWN, result.scts[0].status); |
238 } | 230 } |
239 | 231 |
240 TEST_F(MultiLogCTVerifierTest, CountsValidSCTsInStatusHistogram) { | 232 TEST_F(MultiLogCTVerifierTest, CountsValidSCTsInStatusHistogram) { |
241 int num_valid_scts = NumValidSCTsInStatusHistogram(); | 233 int num_valid_scts = NumValidSCTsInStatusHistogram(); |
242 | 234 |
243 ASSERT_TRUE(VerifySinglePrecertificateChain(embedded_sct_chain_)); | 235 ASSERT_TRUE(VerifySinglePrecertificateChain(embedded_sct_chain_)); |
244 | 236 |
245 EXPECT_EQ(num_valid_scts + 1, NumValidSCTsInStatusHistogram()); | 237 EXPECT_EQ(num_valid_scts + 1, NumValidSCTsInStatusHistogram()); |
246 } | 238 } |
247 | 239 |
248 TEST_F(MultiLogCTVerifierTest, CountsInvalidSCTsInStatusHistogram) { | 240 TEST_F(MultiLogCTVerifierTest, CountsInvalidSCTsInStatusHistogram) { |
249 std::string sct_list = ct::GetSCTListWithInvalidSCT(); | 241 std::string sct_list = ct::GetSCTListWithInvalidSCT(); |
250 ct::CTVerifyResult result; | 242 ct::CTVerifyResult result; |
251 int num_valid_scts = NumValidSCTsInStatusHistogram(); | 243 int num_valid_scts = NumValidSCTsInStatusHistogram(); |
252 int num_invalid_scts = GetValueFromHistogram( | 244 int num_invalid_scts = GetValueFromHistogram( |
253 "Net.CertificateTransparency.SCTStatus", ct::SCT_STATUS_LOG_UNKNOWN); | 245 "Net.CertificateTransparency.SCTStatus", ct::SCT_STATUS_LOG_UNKNOWN); |
254 | 246 |
255 EXPECT_NE(OK, | 247 EXPECT_NE(OK, verifier_->Verify(chain_.get(), std::string(), sct_list, |
256 verifier_->Verify( | 248 &result, NetLogWithSource())); |
257 chain_.get(), std::string(), sct_list, &result, BoundNetLog())); | |
258 | 249 |
259 ASSERT_EQ(num_valid_scts, NumValidSCTsInStatusHistogram()); | 250 ASSERT_EQ(num_valid_scts, NumValidSCTsInStatusHistogram()); |
260 ASSERT_EQ(num_invalid_scts + 1, | 251 ASSERT_EQ(num_invalid_scts + 1, |
261 GetValueFromHistogram("Net.CertificateTransparency.SCTStatus", | 252 GetValueFromHistogram("Net.CertificateTransparency.SCTStatus", |
262 ct::SCT_STATUS_LOG_UNKNOWN)); | 253 ct::SCT_STATUS_LOG_UNKNOWN)); |
263 } | 254 } |
264 | 255 |
265 TEST_F(MultiLogCTVerifierTest, CountsSingleEmbeddedSCTInConnectionsHistogram) { | 256 TEST_F(MultiLogCTVerifierTest, CountsSingleEmbeddedSCTInConnectionsHistogram) { |
266 int old_sct_count = NumConnectionsWithSingleSCT(); | 257 int old_sct_count = NumConnectionsWithSingleSCT(); |
267 ASSERT_TRUE(CheckPrecertificateVerification(embedded_sct_chain_)); | 258 ASSERT_TRUE(CheckPrecertificateVerification(embedded_sct_chain_)); |
(...skipping 30 matching lines...) Expand all Loading... |
298 Mock::VerifyAndClearExpectations(&observer); | 289 Mock::VerifyAndClearExpectations(&observer); |
299 | 290 |
300 EXPECT_CALL(observer, OnSCTVerified(embedded_sct_chain_.get(), _)).Times(0); | 291 EXPECT_CALL(observer, OnSCTVerified(embedded_sct_chain_.get(), _)).Times(0); |
301 verifier_->SetObserver(nullptr); | 292 verifier_->SetObserver(nullptr); |
302 ASSERT_TRUE(VerifySinglePrecertificateChain(embedded_sct_chain_)); | 293 ASSERT_TRUE(VerifySinglePrecertificateChain(embedded_sct_chain_)); |
303 } | 294 } |
304 | 295 |
305 } // namespace | 296 } // namespace |
306 | 297 |
307 } // namespace net | 298 } // namespace net |
OLD | NEW |