| OLD | NEW |
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <memory> | 5 #include <memory> |
| 6 | 6 |
| 7 #include "base/files/file_path.h" | 7 #include "base/files/file_path.h" |
| 8 #include "net/base/ip_endpoint.h" | 8 #include "net/base/ip_endpoint.h" |
| 9 #include "net/base/net_errors.h" | 9 #include "net/base/net_errors.h" |
| 10 #include "net/base/test_completion_callback.h" | 10 #include "net/base/test_completion_callback.h" |
| (...skipping 77 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 88 ASSERT_EQ(expected_ok, ok); | 88 ASSERT_EQ(expected_ok, ok); |
| 89 break; | 89 break; |
| 90 } | 90 } |
| 91 } | 91 } |
| 92 | 92 |
| 93 class TestCallback : public ProofSource::Callback { | 93 class TestCallback : public ProofSource::Callback { |
| 94 public: | 94 public: |
| 95 explicit TestCallback(bool* called, | 95 explicit TestCallback(bool* called, |
| 96 bool* ok, | 96 bool* ok, |
| 97 scoped_refptr<ProofSource::Chain>* chain, | 97 scoped_refptr<ProofSource::Chain>* chain, |
| 98 string* signature, | 98 QuicCryptoProof* proof) |
| 99 string* leaf_cert_sct) | 99 : called_(called), ok_(ok), chain_(chain), proof_(proof) {} |
| 100 : called_(called), | |
| 101 ok_(ok), | |
| 102 chain_(chain), | |
| 103 signature_(signature), | |
| 104 leaf_cert_sct_(leaf_cert_sct) {} | |
| 105 | 100 |
| 106 void Run(bool ok, | 101 void Run(bool ok, |
| 107 const scoped_refptr<ProofSource::Chain>& chain, | 102 const scoped_refptr<ProofSource::Chain>& chain, |
| 108 const string& signature, | 103 const QuicCryptoProof& proof, |
| 109 const string& leaf_cert_sct, | |
| 110 std::unique_ptr<ProofSource::Details> /* details */) override { | 104 std::unique_ptr<ProofSource::Details> /* details */) override { |
| 111 *ok_ = ok; | 105 *ok_ = ok; |
| 112 *chain_ = chain; | 106 *chain_ = chain; |
| 113 *signature_ = signature; | 107 *proof_ = proof; |
| 114 *leaf_cert_sct_ = leaf_cert_sct; | |
| 115 *called_ = true; | 108 *called_ = true; |
| 116 } | 109 } |
| 117 | 110 |
| 118 private: | 111 private: |
| 119 bool* called_; | 112 bool* called_; |
| 120 bool* ok_; | 113 bool* ok_; |
| 121 scoped_refptr<ProofSource::Chain>* chain_; | 114 scoped_refptr<ProofSource::Chain>* chain_; |
| 122 string* signature_; | 115 QuicCryptoProof* proof_; |
| 123 string* leaf_cert_sct_; | |
| 124 }; | 116 }; |
| 125 | 117 |
| 126 class ProofTest : public ::testing::TestWithParam<QuicVersion> {}; | 118 class ProofTest : public ::testing::TestWithParam<QuicVersion> {}; |
| 127 | 119 |
| 128 } // namespace | 120 } // namespace |
| 129 | 121 |
| 130 INSTANTIATE_TEST_CASE_P(QuicVersion, | 122 INSTANTIATE_TEST_CASE_P(QuicVersion, |
| 131 ProofTest, | 123 ProofTest, |
| 132 ::testing::ValuesIn(AllSupportedVersions())); | 124 ::testing::ValuesIn(AllSupportedVersions())); |
| 133 | 125 |
| 134 // TODO(rtenneti): Enable testing of ProofVerifier. See http://crbug.com/514468. | 126 // TODO(rtenneti): Enable testing of ProofVerifier. See http://crbug.com/514468. |
| 135 TEST_P(ProofTest, DISABLED_Verify) { | 127 TEST_P(ProofTest, DISABLED_Verify) { |
| 136 std::unique_ptr<ProofSource> source(CryptoTestUtils::ProofSourceForTesting()); | 128 std::unique_ptr<ProofSource> source(CryptoTestUtils::ProofSourceForTesting()); |
| 137 std::unique_ptr<ProofVerifier> verifier( | 129 std::unique_ptr<ProofVerifier> verifier( |
| 138 CryptoTestUtils::ProofVerifierForTesting()); | 130 CryptoTestUtils::ProofVerifierForTesting()); |
| 139 | 131 |
| 140 const string server_config = "server config bytes"; | 132 const string server_config = "server config bytes"; |
| 141 const string hostname = "test.example.com"; | 133 const string hostname = "test.example.com"; |
| 142 const uint16_t port = 8443; | 134 const uint16_t port = 8443; |
| 143 const string first_chlo_hash = "first chlo hash bytes"; | 135 const string first_chlo_hash = "first chlo hash bytes"; |
| 144 const string second_chlo_hash = "first chlo hash bytes"; | 136 const string second_chlo_hash = "first chlo hash bytes"; |
| 145 const QuicVersion quic_version = GetParam(); | 137 const QuicVersion quic_version = GetParam(); |
| 146 | 138 |
| 147 scoped_refptr<ProofSource::Chain> chain; | 139 scoped_refptr<ProofSource::Chain> chain; |
| 148 scoped_refptr<ProofSource::Chain> first_chain; | 140 scoped_refptr<ProofSource::Chain> first_chain; |
| 149 string error_details, signature, first_signature, first_cert_sct, cert_sct; | 141 string error_details; |
| 142 QuicCryptoProof proof, first_proof; |
| 150 IPAddress server_ip; | 143 IPAddress server_ip; |
| 151 | 144 |
| 152 ASSERT_TRUE(source->GetProof(server_ip, hostname, server_config, quic_version, | 145 ASSERT_TRUE(source->GetProof(server_ip, hostname, server_config, quic_version, |
| 153 first_chlo_hash, QuicTagVector(), &first_chain, | 146 first_chlo_hash, QuicTagVector(), &first_chain, |
| 154 &first_signature, &first_cert_sct)); | 147 &first_proof)); |
| 155 ASSERT_TRUE(source->GetProof(server_ip, hostname, server_config, quic_version, | 148 ASSERT_TRUE(source->GetProof(server_ip, hostname, server_config, quic_version, |
| 156 second_chlo_hash, QuicTagVector(), &chain, | 149 second_chlo_hash, QuicTagVector(), &chain, |
| 157 &signature, &cert_sct)); | 150 &proof)); |
| 158 | 151 |
| 159 // Check that the proof source is caching correctly: | 152 // Check that the proof source is caching correctly: |
| 160 ASSERT_EQ(first_chain->certs, chain->certs); | 153 ASSERT_EQ(first_chain->certs, chain->certs); |
| 161 ASSERT_NE(signature, first_signature); | 154 ASSERT_NE(proof.signature, first_proof.signature); |
| 162 ASSERT_EQ(first_cert_sct, cert_sct); | 155 ASSERT_EQ(first_proof.leaf_cert_scts, proof.leaf_cert_scts); |
| 163 | 156 |
| 164 RunVerification(verifier.get(), hostname, port, server_config, quic_version, | 157 RunVerification(verifier.get(), hostname, port, server_config, quic_version, |
| 165 first_chlo_hash, chain->certs, signature, true); | 158 first_chlo_hash, chain->certs, proof.signature, true); |
| 166 | 159 |
| 167 RunVerification(verifier.get(), "foo.com", port, server_config, quic_version, | 160 RunVerification(verifier.get(), "foo.com", port, server_config, quic_version, |
| 168 first_chlo_hash, chain->certs, signature, false); | 161 first_chlo_hash, chain->certs, proof.signature, false); |
| 169 | 162 |
| 170 RunVerification(verifier.get(), server_config.substr(1, string::npos), port, | 163 RunVerification(verifier.get(), server_config.substr(1, string::npos), port, |
| 171 server_config, quic_version, first_chlo_hash, chain->certs, | 164 server_config, quic_version, first_chlo_hash, chain->certs, |
| 172 signature, false); | 165 proof.signature, false); |
| 173 | 166 |
| 174 const string corrupt_signature = "1" + signature; | 167 const string corrupt_signature = "1" + proof.signature; |
| 175 RunVerification(verifier.get(), hostname, port, server_config, quic_version, | 168 RunVerification(verifier.get(), hostname, port, server_config, quic_version, |
| 176 first_chlo_hash, chain->certs, corrupt_signature, false); | 169 first_chlo_hash, chain->certs, corrupt_signature, false); |
| 177 | 170 |
| 178 vector<string> wrong_certs; | 171 vector<string> wrong_certs; |
| 179 for (size_t i = 1; i < chain->certs.size(); i++) { | 172 for (size_t i = 1; i < chain->certs.size(); i++) { |
| 180 wrong_certs.push_back(chain->certs[i]); | 173 wrong_certs.push_back(chain->certs[i]); |
| 181 } | 174 } |
| 182 | 175 |
| 183 RunVerification(verifier.get(), "foo.com", port, server_config, quic_version, | 176 RunVerification(verifier.get(), "foo.com", port, server_config, quic_version, |
| 184 first_chlo_hash, wrong_certs, corrupt_signature, false); | 177 first_chlo_hash, wrong_certs, corrupt_signature, false); |
| 185 } | 178 } |
| 186 | 179 |
| 187 TEST_P(ProofTest, VerifySourceAsync) { | 180 TEST_P(ProofTest, VerifySourceAsync) { |
| 188 std::unique_ptr<ProofSource> source(CryptoTestUtils::ProofSourceForTesting()); | 181 std::unique_ptr<ProofSource> source(CryptoTestUtils::ProofSourceForTesting()); |
| 189 | 182 |
| 190 const string server_config = "server config bytes"; | 183 const string server_config = "server config bytes"; |
| 191 const string hostname = "test.example.com"; | 184 const string hostname = "test.example.com"; |
| 192 const string first_chlo_hash = "first chlo hash bytes"; | 185 const string first_chlo_hash = "first chlo hash bytes"; |
| 193 const string second_chlo_hash = "first chlo hash bytes"; | 186 const string second_chlo_hash = "first chlo hash bytes"; |
| 194 const QuicVersion quic_version = GetParam(); | 187 const QuicVersion quic_version = GetParam(); |
| 195 IPAddress server_ip; | 188 IPAddress server_ip; |
| 196 | 189 |
| 197 // Call synchronous version | 190 // Call synchronous version |
| 198 scoped_refptr<ProofSource::Chain> expected_chain; | 191 scoped_refptr<ProofSource::Chain> expected_chain; |
| 199 string expected_signature; | 192 QuicCryptoProof expected_proof; |
| 200 string expected_leaf_cert_sct; | |
| 201 ASSERT_TRUE(source->GetProof(server_ip, hostname, server_config, quic_version, | 193 ASSERT_TRUE(source->GetProof(server_ip, hostname, server_config, quic_version, |
| 202 first_chlo_hash, QuicTagVector(), | 194 first_chlo_hash, QuicTagVector(), |
| 203 &expected_chain, &expected_signature, | 195 &expected_chain, &expected_proof)); |
| 204 &expected_leaf_cert_sct)); | |
| 205 | 196 |
| 206 // Call asynchronous version and compare results | 197 // Call asynchronous version and compare results |
| 207 bool called = false; | 198 bool called = false; |
| 208 bool ok; | 199 bool ok; |
| 209 scoped_refptr<ProofSource::Chain> chain; | 200 scoped_refptr<ProofSource::Chain> chain; |
| 210 string signature; | 201 QuicCryptoProof proof; |
| 211 string leaf_cert_sct; | |
| 212 std::unique_ptr<ProofSource::Callback> cb( | 202 std::unique_ptr<ProofSource::Callback> cb( |
| 213 new TestCallback(&called, &ok, &chain, &signature, &leaf_cert_sct)); | 203 new TestCallback(&called, &ok, &chain, &proof)); |
| 214 source->GetProof(server_ip, hostname, server_config, quic_version, | 204 source->GetProof(server_ip, hostname, server_config, quic_version, |
| 215 first_chlo_hash, QuicTagVector(), std::move(cb)); | 205 first_chlo_hash, QuicTagVector(), std::move(cb)); |
| 216 // TODO(gredner): whan GetProof really invokes the callback asynchronously, | 206 // TODO(gredner): whan GetProof really invokes the callback asynchronously, |
| 217 // figure out what to do here. | 207 // figure out what to do here. |
| 218 ASSERT_TRUE(called); | 208 ASSERT_TRUE(called); |
| 219 ASSERT_TRUE(ok); | 209 ASSERT_TRUE(ok); |
| 220 EXPECT_THAT(chain->certs, ::testing::ContainerEq(expected_chain->certs)); | 210 EXPECT_THAT(chain->certs, ::testing::ContainerEq(expected_chain->certs)); |
| 221 EXPECT_EQ(leaf_cert_sct, expected_leaf_cert_sct); | 211 EXPECT_EQ(proof.leaf_cert_scts, expected_proof.leaf_cert_scts); |
| 222 } | 212 } |
| 223 | 213 |
| 224 TEST_P(ProofTest, UseAfterFree) { | 214 TEST_P(ProofTest, UseAfterFree) { |
| 225 std::unique_ptr<ProofSource> source(CryptoTestUtils::ProofSourceForTesting()); | 215 std::unique_ptr<ProofSource> source(CryptoTestUtils::ProofSourceForTesting()); |
| 226 | 216 |
| 227 const string server_config = "server config bytes"; | 217 const string server_config = "server config bytes"; |
| 228 const string hostname = "test.example.com"; | 218 const string hostname = "test.example.com"; |
| 229 const string chlo_hash = "proof nonce bytes"; | 219 const string chlo_hash = "proof nonce bytes"; |
| 230 scoped_refptr<ProofSource::Chain> chain; | 220 scoped_refptr<ProofSource::Chain> chain; |
| 231 string error_details, signature, cert_sct; | 221 string error_details; |
| 222 QuicCryptoProof proof; |
| 232 IPAddress server_ip; | 223 IPAddress server_ip; |
| 233 | 224 |
| 234 ASSERT_TRUE(source->GetProof(server_ip, hostname, server_config, GetParam(), | 225 ASSERT_TRUE(source->GetProof(server_ip, hostname, server_config, GetParam(), |
| 235 chlo_hash, QuicTagVector(), &chain, &signature, | 226 chlo_hash, QuicTagVector(), &chain, &proof)); |
| 236 &cert_sct)); | |
| 237 | 227 |
| 238 // Make sure we can safely access results after deleting where they came from. | 228 // Make sure we can safely access results after deleting where they came from. |
| 239 EXPECT_FALSE(chain->HasOneRef()); | 229 EXPECT_FALSE(chain->HasOneRef()); |
| 240 source = nullptr; | 230 source = nullptr; |
| 241 EXPECT_TRUE(chain->HasOneRef()); | 231 EXPECT_TRUE(chain->HasOneRef()); |
| 242 | 232 |
| 243 EXPECT_FALSE(chain->certs.empty()); | 233 EXPECT_FALSE(chain->certs.empty()); |
| 244 for (const string& cert : chain->certs) { | 234 for (const string& cert : chain->certs) { |
| 245 EXPECT_FALSE(cert.empty()); | 235 EXPECT_FALSE(cert.empty()); |
| 246 } | 236 } |
| 247 } | 237 } |
| 248 | 238 |
| 249 } // namespace test | 239 } // namespace test |
| 250 } // namespace net | 240 } // namespace net |
| OLD | NEW |