| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/multi_log_ct_verifier.h" | 5 #include "net/cert/multi_log_ct_verifier.h" |
| 6 | 6 |
| 7 #include <memory> | 7 #include <memory> |
| 8 #include <string> | 8 #include <string> |
| 9 | 9 |
| 10 #include "base/files/file_path.h" | 10 #include "base/files/file_path.h" |
| (...skipping 94 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 105 std::string verification_status; | 105 std::string verification_status; |
| 106 if (!the_sct->GetString("verification_status", &verification_status)) | 106 if (!the_sct->GetString("verification_status", &verification_status)) |
| 107 return false; | 107 return false; |
| 108 if (verification_status != "Verified") | 108 if (verification_status != "Verified") |
| 109 return false; | 109 return false; |
| 110 | 110 |
| 111 return true; | 111 return true; |
| 112 } | 112 } |
| 113 | 113 |
| 114 bool VerifySinglePrecertificateChain(scoped_refptr<X509Certificate> chain, | 114 bool VerifySinglePrecertificateChain(scoped_refptr<X509Certificate> chain, |
| 115 const BoundNetLog& bound_net_log, | 115 const NetLogWithSource& net_log, |
| 116 ct::CTVerifyResult* result) { | 116 ct::CTVerifyResult* result) { |
| 117 return verifier_->Verify(chain.get(), | 117 return verifier_->Verify(chain.get(), std::string(), std::string(), result, |
| 118 std::string(), | 118 net_log) == OK; |
| 119 std::string(), | |
| 120 result, | |
| 121 bound_net_log) == OK; | |
| 122 } | 119 } |
| 123 | 120 |
| 124 bool VerifySinglePrecertificateChain(scoped_refptr<X509Certificate> chain) { | 121 bool VerifySinglePrecertificateChain(scoped_refptr<X509Certificate> chain) { |
| 125 ct::CTVerifyResult result; | 122 ct::CTVerifyResult result; |
| 126 TestNetLog net_log; | 123 TestNetLog test_net_log; |
| 127 BoundNetLog bound_net_log = | 124 NetLogWithSource net_log = |
| 128 BoundNetLog::Make(&net_log, NetLogSourceType::CONNECT_JOB); | 125 NetLogWithSource::Make(&test_net_log, NetLogSourceType::CONNECT_JOB); |
| 129 | 126 |
| 130 return verifier_->Verify(chain.get(), | 127 return verifier_->Verify(chain.get(), std::string(), std::string(), &result, |
| 131 std::string(), | 128 net_log) == OK; |
| 132 std::string(), | |
| 133 &result, | |
| 134 bound_net_log) == OK; | |
| 135 } | 129 } |
| 136 | 130 |
| 137 bool CheckPrecertificateVerification(scoped_refptr<X509Certificate> chain) { | 131 bool CheckPrecertificateVerification(scoped_refptr<X509Certificate> chain) { |
| 138 ct::CTVerifyResult result; | 132 ct::CTVerifyResult result; |
| 139 TestNetLog net_log; | 133 TestNetLog test_net_log; |
| 140 BoundNetLog bound_net_log = | 134 NetLogWithSource net_log = |
| 141 BoundNetLog::Make(&net_log, NetLogSourceType::CONNECT_JOB); | 135 NetLogWithSource::Make(&test_net_log, NetLogSourceType::CONNECT_JOB); |
| 142 return (VerifySinglePrecertificateChain(chain, bound_net_log, &result) && | 136 return (VerifySinglePrecertificateChain(chain, net_log, &result) && |
| 143 ct::CheckForSingleVerifiedSCTInResult(result, kLogDescription) && | 137 ct::CheckForSingleVerifiedSCTInResult(result, kLogDescription) && |
| 144 ct::CheckForSCTOrigin( | 138 ct::CheckForSCTOrigin( |
| 145 result, ct::SignedCertificateTimestamp::SCT_EMBEDDED) && | 139 result, ct::SignedCertificateTimestamp::SCT_EMBEDDED) && |
| 146 CheckForEmbeddedSCTInNetLog(net_log)); | 140 CheckForEmbeddedSCTInNetLog(test_net_log)); |
| 147 } | 141 } |
| 148 | 142 |
| 149 // Histogram-related helper methods | 143 // Histogram-related helper methods |
| 150 int GetValueFromHistogram(const std::string& histogram_name, | 144 int GetValueFromHistogram(const std::string& histogram_name, |
| 151 int sample_index) { | 145 int sample_index) { |
| 152 base::Histogram* histogram = static_cast<base::Histogram*>( | 146 base::Histogram* histogram = static_cast<base::Histogram*>( |
| 153 base::StatisticsRecorder::FindHistogram(histogram_name)); | 147 base::StatisticsRecorder::FindHistogram(histogram_name)); |
| 154 | 148 |
| 155 if (histogram == NULL) | 149 if (histogram == NULL) |
| 156 return 0; | 150 return 0; |
| (...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 210 "ct-test-embedded-with-intermediate-preca-chain.pem", | 204 "ct-test-embedded-with-intermediate-preca-chain.pem", |
| 211 X509Certificate::FORMAT_AUTO)); | 205 X509Certificate::FORMAT_AUTO)); |
| 212 ASSERT_TRUE(chain.get()); | 206 ASSERT_TRUE(chain.get()); |
| 213 ASSERT_TRUE(CheckPrecertificateVerification(chain)); | 207 ASSERT_TRUE(CheckPrecertificateVerification(chain)); |
| 214 } | 208 } |
| 215 | 209 |
| 216 TEST_F(MultiLogCTVerifierTest, VerifiesSCTOverX509Cert) { | 210 TEST_F(MultiLogCTVerifierTest, VerifiesSCTOverX509Cert) { |
| 217 std::string sct_list = ct::GetSCTListForTesting(); | 211 std::string sct_list = ct::GetSCTListForTesting(); |
| 218 | 212 |
| 219 ct::CTVerifyResult result; | 213 ct::CTVerifyResult result; |
| 220 EXPECT_EQ(OK, | 214 EXPECT_EQ(OK, verifier_->Verify(chain_.get(), std::string(), sct_list, |
| 221 verifier_->Verify( | 215 &result, NetLogWithSource())); |
| 222 chain_.get(), std::string(), sct_list, &result, BoundNetLog())); | |
| 223 ASSERT_TRUE(ct::CheckForSingleVerifiedSCTInResult(result, kLogDescription)); | 216 ASSERT_TRUE(ct::CheckForSingleVerifiedSCTInResult(result, kLogDescription)); |
| 224 ASSERT_TRUE(ct::CheckForSCTOrigin( | 217 ASSERT_TRUE(ct::CheckForSCTOrigin( |
| 225 result, ct::SignedCertificateTimestamp::SCT_FROM_TLS_EXTENSION)); | 218 result, ct::SignedCertificateTimestamp::SCT_FROM_TLS_EXTENSION)); |
| 226 } | 219 } |
| 227 | 220 |
| 228 TEST_F(MultiLogCTVerifierTest, IdentifiesSCTFromUnknownLog) { | 221 TEST_F(MultiLogCTVerifierTest, IdentifiesSCTFromUnknownLog) { |
| 229 std::string sct_list = ct::GetSCTListWithInvalidSCT(); | 222 std::string sct_list = ct::GetSCTListWithInvalidSCT(); |
| 230 ct::CTVerifyResult result; | 223 ct::CTVerifyResult result; |
| 231 | 224 |
| 232 EXPECT_NE(OK, | 225 EXPECT_NE(OK, verifier_->Verify(chain_.get(), std::string(), sct_list, |
| 233 verifier_->Verify( | 226 &result, NetLogWithSource())); |
| 234 chain_.get(), std::string(), sct_list, &result, BoundNetLog())); | |
| 235 EXPECT_EQ(1U, result.scts.size()); | 227 EXPECT_EQ(1U, result.scts.size()); |
| 236 EXPECT_EQ("", result.scts[0].sct->log_description); | 228 EXPECT_EQ("", result.scts[0].sct->log_description); |
| 237 EXPECT_EQ(ct::SCT_STATUS_LOG_UNKNOWN, result.scts[0].status); | 229 EXPECT_EQ(ct::SCT_STATUS_LOG_UNKNOWN, result.scts[0].status); |
| 238 } | 230 } |
| 239 | 231 |
| 240 TEST_F(MultiLogCTVerifierTest, CountsValidSCTsInStatusHistogram) { | 232 TEST_F(MultiLogCTVerifierTest, CountsValidSCTsInStatusHistogram) { |
| 241 int num_valid_scts = NumValidSCTsInStatusHistogram(); | 233 int num_valid_scts = NumValidSCTsInStatusHistogram(); |
| 242 | 234 |
| 243 ASSERT_TRUE(VerifySinglePrecertificateChain(embedded_sct_chain_)); | 235 ASSERT_TRUE(VerifySinglePrecertificateChain(embedded_sct_chain_)); |
| 244 | 236 |
| 245 EXPECT_EQ(num_valid_scts + 1, NumValidSCTsInStatusHistogram()); | 237 EXPECT_EQ(num_valid_scts + 1, NumValidSCTsInStatusHistogram()); |
| 246 } | 238 } |
| 247 | 239 |
| 248 TEST_F(MultiLogCTVerifierTest, CountsInvalidSCTsInStatusHistogram) { | 240 TEST_F(MultiLogCTVerifierTest, CountsInvalidSCTsInStatusHistogram) { |
| 249 std::string sct_list = ct::GetSCTListWithInvalidSCT(); | 241 std::string sct_list = ct::GetSCTListWithInvalidSCT(); |
| 250 ct::CTVerifyResult result; | 242 ct::CTVerifyResult result; |
| 251 int num_valid_scts = NumValidSCTsInStatusHistogram(); | 243 int num_valid_scts = NumValidSCTsInStatusHistogram(); |
| 252 int num_invalid_scts = GetValueFromHistogram( | 244 int num_invalid_scts = GetValueFromHistogram( |
| 253 "Net.CertificateTransparency.SCTStatus", ct::SCT_STATUS_LOG_UNKNOWN); | 245 "Net.CertificateTransparency.SCTStatus", ct::SCT_STATUS_LOG_UNKNOWN); |
| 254 | 246 |
| 255 EXPECT_NE(OK, | 247 EXPECT_NE(OK, verifier_->Verify(chain_.get(), std::string(), sct_list, |
| 256 verifier_->Verify( | 248 &result, NetLogWithSource())); |
| 257 chain_.get(), std::string(), sct_list, &result, BoundNetLog())); | |
| 258 | 249 |
| 259 ASSERT_EQ(num_valid_scts, NumValidSCTsInStatusHistogram()); | 250 ASSERT_EQ(num_valid_scts, NumValidSCTsInStatusHistogram()); |
| 260 ASSERT_EQ(num_invalid_scts + 1, | 251 ASSERT_EQ(num_invalid_scts + 1, |
| 261 GetValueFromHistogram("Net.CertificateTransparency.SCTStatus", | 252 GetValueFromHistogram("Net.CertificateTransparency.SCTStatus", |
| 262 ct::SCT_STATUS_LOG_UNKNOWN)); | 253 ct::SCT_STATUS_LOG_UNKNOWN)); |
| 263 } | 254 } |
| 264 | 255 |
| 265 TEST_F(MultiLogCTVerifierTest, CountsSingleEmbeddedSCTInConnectionsHistogram) { | 256 TEST_F(MultiLogCTVerifierTest, CountsSingleEmbeddedSCTInConnectionsHistogram) { |
| 266 int old_sct_count = NumConnectionsWithSingleSCT(); | 257 int old_sct_count = NumConnectionsWithSingleSCT(); |
| 267 ASSERT_TRUE(CheckPrecertificateVerification(embedded_sct_chain_)); | 258 ASSERT_TRUE(CheckPrecertificateVerification(embedded_sct_chain_)); |
| (...skipping 30 matching lines...) Expand all Loading... |
| 298 Mock::VerifyAndClearExpectations(&observer); | 289 Mock::VerifyAndClearExpectations(&observer); |
| 299 | 290 |
| 300 EXPECT_CALL(observer, OnSCTVerified(embedded_sct_chain_.get(), _)).Times(0); | 291 EXPECT_CALL(observer, OnSCTVerified(embedded_sct_chain_.get(), _)).Times(0); |
| 301 verifier_->SetObserver(nullptr); | 292 verifier_->SetObserver(nullptr); |
| 302 ASSERT_TRUE(VerifySinglePrecertificateChain(embedded_sct_chain_)); | 293 ASSERT_TRUE(VerifySinglePrecertificateChain(embedded_sct_chain_)); |
| 303 } | 294 } |
| 304 | 295 |
| 305 } // namespace | 296 } // namespace |
| 306 | 297 |
| 307 } // namespace net | 298 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2351513002:
net: rename BoundNetLog to NetLogWithSource (Closed)
