| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/multi_log_ct_verifier.h" | 5 #include "net/cert/multi_log_ct_verifier.h" |
| 6 | 6 |
| 7 #include <memory> | 7 #include <memory> |
| 8 #include <string> | 8 #include <string> |
| 9 | 9 |
| 10 #include "base/files/file_path.h" | 10 #include "base/files/file_path.h" |
| (...skipping 94 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 105 std::string verification_status; | 105 std::string verification_status; |
| 106 if (!the_sct->GetString("verification_status", &verification_status)) | 106 if (!the_sct->GetString("verification_status", &verification_status)) |
| 107 return false; | 107 return false; |
| 108 if (verification_status != "Verified") | 108 if (verification_status != "Verified") |
| 109 return false; | 109 return false; |
| 110 | 110 |
| 111 return true; | 111 return true; |
| 112 } | 112 } |
| 113 | 113 |
| 114 bool VerifySinglePrecertificateChain(scoped_refptr<X509Certificate> chain, | 114 bool VerifySinglePrecertificateChain(scoped_refptr<X509Certificate> chain, |
| 115 const BoundNetLog& bound_net_log, | 115 const NetLogWithSource& bound_net_log, |
| 116 ct::CTVerifyResult* result) { | 116 ct::CTVerifyResult* result) { |
| 117 return verifier_->Verify(chain.get(), | 117 return verifier_->Verify(chain.get(), |
| 118 std::string(), | 118 std::string(), |
| 119 std::string(), | 119 std::string(), |
| 120 result, | 120 result, |
| 121 bound_net_log) == OK; | 121 bound_net_log) == OK; |
| 122 } | 122 } |
| 123 | 123 |
| 124 bool VerifySinglePrecertificateChain(scoped_refptr<X509Certificate> chain) { | 124 bool VerifySinglePrecertificateChain(scoped_refptr<X509Certificate> chain) { |
| 125 ct::CTVerifyResult result; | 125 ct::CTVerifyResult result; |
| 126 TestNetLog net_log; | 126 TestNetLog net_log; |
| 127 BoundNetLog bound_net_log = | 127 NetLogWithSource bound_net_log = |
| 128 BoundNetLog::Make(&net_log, NetLogSourceType::CONNECT_JOB); | 128 NetLogWithSource::Make(&net_log, NetLogSourceType::CONNECT_JOB); |
| 129 | 129 |
| 130 return verifier_->Verify(chain.get(), | 130 return verifier_->Verify(chain.get(), |
| 131 std::string(), | 131 std::string(), |
| 132 std::string(), | 132 std::string(), |
| 133 &result, | 133 &result, |
| 134 bound_net_log) == OK; | 134 bound_net_log) == OK; |
| 135 } | 135 } |
| 136 | 136 |
| 137 bool CheckPrecertificateVerification(scoped_refptr<X509Certificate> chain) { | 137 bool CheckPrecertificateVerification(scoped_refptr<X509Certificate> chain) { |
| 138 ct::CTVerifyResult result; | 138 ct::CTVerifyResult result; |
| 139 TestNetLog net_log; | 139 TestNetLog net_log; |
| 140 BoundNetLog bound_net_log = | 140 NetLogWithSource bound_net_log = |
| 141 BoundNetLog::Make(&net_log, NetLogSourceType::CONNECT_JOB); | 141 NetLogWithSource::Make(&net_log, NetLogSourceType::CONNECT_JOB); |
| 142 return (VerifySinglePrecertificateChain(chain, bound_net_log, &result) && | 142 return (VerifySinglePrecertificateChain(chain, bound_net_log, &result) && |
| 143 ct::CheckForSingleVerifiedSCTInResult(result, kLogDescription) && | 143 ct::CheckForSingleVerifiedSCTInResult(result, kLogDescription) && |
| 144 ct::CheckForSCTOrigin( | 144 ct::CheckForSCTOrigin( |
| 145 result, ct::SignedCertificateTimestamp::SCT_EMBEDDED) && | 145 result, ct::SignedCertificateTimestamp::SCT_EMBEDDED) && |
| 146 CheckForEmbeddedSCTInNetLog(net_log)); | 146 CheckForEmbeddedSCTInNetLog(net_log)); |
| 147 } | 147 } |
| 148 | 148 |
| 149 // Histogram-related helper methods | 149 // Histogram-related helper methods |
| 150 int GetValueFromHistogram(const std::string& histogram_name, | 150 int GetValueFromHistogram(const std::string& histogram_name, |
| 151 int sample_index) { | 151 int sample_index) { |
| (...skipping 58 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 210 "ct-test-embedded-with-intermediate-preca-chain.pem", | 210 "ct-test-embedded-with-intermediate-preca-chain.pem", |
| 211 X509Certificate::FORMAT_AUTO)); | 211 X509Certificate::FORMAT_AUTO)); |
| 212 ASSERT_TRUE(chain.get()); | 212 ASSERT_TRUE(chain.get()); |
| 213 ASSERT_TRUE(CheckPrecertificateVerification(chain)); | 213 ASSERT_TRUE(CheckPrecertificateVerification(chain)); |
| 214 } | 214 } |
| 215 | 215 |
| 216 TEST_F(MultiLogCTVerifierTest, VerifiesSCTOverX509Cert) { | 216 TEST_F(MultiLogCTVerifierTest, VerifiesSCTOverX509Cert) { |
| 217 std::string sct_list = ct::GetSCTListForTesting(); | 217 std::string sct_list = ct::GetSCTListForTesting(); |
| 218 | 218 |
| 219 ct::CTVerifyResult result; | 219 ct::CTVerifyResult result; |
| 220 EXPECT_EQ(OK, | 220 EXPECT_EQ(OK, verifier_->Verify(chain_.get(), std::string(), sct_list, |
| 221 verifier_->Verify( | 221 &result, NetLogWithSource())); |
| 222 chain_.get(), std::string(), sct_list, &result, BoundNetLog())); | |
| 223 ASSERT_TRUE(ct::CheckForSingleVerifiedSCTInResult(result, kLogDescription)); | 222 ASSERT_TRUE(ct::CheckForSingleVerifiedSCTInResult(result, kLogDescription)); |
| 224 ASSERT_TRUE(ct::CheckForSCTOrigin( | 223 ASSERT_TRUE(ct::CheckForSCTOrigin( |
| 225 result, ct::SignedCertificateTimestamp::SCT_FROM_TLS_EXTENSION)); | 224 result, ct::SignedCertificateTimestamp::SCT_FROM_TLS_EXTENSION)); |
| 226 } | 225 } |
| 227 | 226 |
| 228 TEST_F(MultiLogCTVerifierTest, IdentifiesSCTFromUnknownLog) { | 227 TEST_F(MultiLogCTVerifierTest, IdentifiesSCTFromUnknownLog) { |
| 229 std::string sct_list = ct::GetSCTListWithInvalidSCT(); | 228 std::string sct_list = ct::GetSCTListWithInvalidSCT(); |
| 230 ct::CTVerifyResult result; | 229 ct::CTVerifyResult result; |
| 231 | 230 |
| 232 EXPECT_NE(OK, | 231 EXPECT_NE(OK, verifier_->Verify(chain_.get(), std::string(), sct_list, |
| 233 verifier_->Verify( | 232 &result, NetLogWithSource())); |
| 234 chain_.get(), std::string(), sct_list, &result, BoundNetLog())); | |
| 235 EXPECT_EQ(1U, result.scts.size()); | 233 EXPECT_EQ(1U, result.scts.size()); |
| 236 EXPECT_EQ("", result.scts[0].sct->log_description); | 234 EXPECT_EQ("", result.scts[0].sct->log_description); |
| 237 EXPECT_EQ(ct::SCT_STATUS_LOG_UNKNOWN, result.scts[0].status); | 235 EXPECT_EQ(ct::SCT_STATUS_LOG_UNKNOWN, result.scts[0].status); |
| 238 } | 236 } |
| 239 | 237 |
| 240 TEST_F(MultiLogCTVerifierTest, CountsValidSCTsInStatusHistogram) { | 238 TEST_F(MultiLogCTVerifierTest, CountsValidSCTsInStatusHistogram) { |
| 241 int num_valid_scts = NumValidSCTsInStatusHistogram(); | 239 int num_valid_scts = NumValidSCTsInStatusHistogram(); |
| 242 | 240 |
| 243 ASSERT_TRUE(VerifySinglePrecertificateChain(embedded_sct_chain_)); | 241 ASSERT_TRUE(VerifySinglePrecertificateChain(embedded_sct_chain_)); |
| 244 | 242 |
| 245 EXPECT_EQ(num_valid_scts + 1, NumValidSCTsInStatusHistogram()); | 243 EXPECT_EQ(num_valid_scts + 1, NumValidSCTsInStatusHistogram()); |
| 246 } | 244 } |
| 247 | 245 |
| 248 TEST_F(MultiLogCTVerifierTest, CountsInvalidSCTsInStatusHistogram) { | 246 TEST_F(MultiLogCTVerifierTest, CountsInvalidSCTsInStatusHistogram) { |
| 249 std::string sct_list = ct::GetSCTListWithInvalidSCT(); | 247 std::string sct_list = ct::GetSCTListWithInvalidSCT(); |
| 250 ct::CTVerifyResult result; | 248 ct::CTVerifyResult result; |
| 251 int num_valid_scts = NumValidSCTsInStatusHistogram(); | 249 int num_valid_scts = NumValidSCTsInStatusHistogram(); |
| 252 int num_invalid_scts = GetValueFromHistogram( | 250 int num_invalid_scts = GetValueFromHistogram( |
| 253 "Net.CertificateTransparency.SCTStatus", ct::SCT_STATUS_LOG_UNKNOWN); | 251 "Net.CertificateTransparency.SCTStatus", ct::SCT_STATUS_LOG_UNKNOWN); |
| 254 | 252 |
| 255 EXPECT_NE(OK, | 253 EXPECT_NE(OK, verifier_->Verify(chain_.get(), std::string(), sct_list, |
| 256 verifier_->Verify( | 254 &result, NetLogWithSource())); |
| 257 chain_.get(), std::string(), sct_list, &result, BoundNetLog())); | |
| 258 | 255 |
| 259 ASSERT_EQ(num_valid_scts, NumValidSCTsInStatusHistogram()); | 256 ASSERT_EQ(num_valid_scts, NumValidSCTsInStatusHistogram()); |
| 260 ASSERT_EQ(num_invalid_scts + 1, | 257 ASSERT_EQ(num_invalid_scts + 1, |
| 261 GetValueFromHistogram("Net.CertificateTransparency.SCTStatus", | 258 GetValueFromHistogram("Net.CertificateTransparency.SCTStatus", |
| 262 ct::SCT_STATUS_LOG_UNKNOWN)); | 259 ct::SCT_STATUS_LOG_UNKNOWN)); |
| 263 } | 260 } |
| 264 | 261 |
| 265 TEST_F(MultiLogCTVerifierTest, CountsSingleEmbeddedSCTInConnectionsHistogram) { | 262 TEST_F(MultiLogCTVerifierTest, CountsSingleEmbeddedSCTInConnectionsHistogram) { |
| 266 int old_sct_count = NumConnectionsWithSingleSCT(); | 263 int old_sct_count = NumConnectionsWithSingleSCT(); |
| 267 ASSERT_TRUE(CheckPrecertificateVerification(embedded_sct_chain_)); | 264 ASSERT_TRUE(CheckPrecertificateVerification(embedded_sct_chain_)); |
| (...skipping 30 matching lines...) Expand all Loading... |
| 298 Mock::VerifyAndClearExpectations(&observer); | 295 Mock::VerifyAndClearExpectations(&observer); |
| 299 | 296 |
| 300 EXPECT_CALL(observer, OnSCTVerified(embedded_sct_chain_.get(), _)).Times(0); | 297 EXPECT_CALL(observer, OnSCTVerified(embedded_sct_chain_.get(), _)).Times(0); |
| 301 verifier_->SetObserver(nullptr); | 298 verifier_->SetObserver(nullptr); |
| 302 ASSERT_TRUE(VerifySinglePrecertificateChain(embedded_sct_chain_)); | 299 ASSERT_TRUE(VerifySinglePrecertificateChain(embedded_sct_chain_)); |
| 303 } | 300 } |
| 304 | 301 |
| 305 } // namespace | 302 } // namespace |
| 306 | 303 |
| 307 } // namespace net | 304 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2351513002:
net: rename BoundNetLog to NetLogWithSource (Closed)
