OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <memory> | 5 #include <memory> |
6 #include <ostream> | 6 #include <ostream> |
7 #include <string> | 7 #include <string> |
8 #include <utility> | 8 #include <utility> |
9 #include <vector> | 9 #include <vector> |
10 | 10 |
(...skipping 973 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
984 false, true, 0, "hello!")); | 984 false, true, 0, "hello!")); |
985 mock_quic_data.AddWrite(ConstructClientAckPacket(3, 2, 1)); | 985 mock_quic_data.AddWrite(ConstructClientAckPacket(3, 2, 1)); |
986 mock_quic_data.AddRead(ASYNC, ERR_IO_PENDING); // No more data to read | 986 mock_quic_data.AddRead(ASYNC, ERR_IO_PENDING); // No more data to read |
987 mock_quic_data.AddRead(ASYNC, 0); | 987 mock_quic_data.AddRead(ASYNC, 0); |
988 mock_quic_data.AddSocketDataToFactory(&socket_factory_); | 988 mock_quic_data.AddSocketDataToFactory(&socket_factory_); |
989 | 989 |
990 scoped_refptr<X509Certificate> cert( | 990 scoped_refptr<X509Certificate> cert( |
991 ImportCertFromFile(GetTestCertsDirectory(), "wildcard.pem")); | 991 ImportCertFromFile(GetTestCertsDirectory(), "wildcard.pem")); |
992 ASSERT_TRUE(cert.get()); | 992 ASSERT_TRUE(cert.get()); |
993 // This certificate is valid for the proxy, but not for the origin. | 993 // This certificate is valid for the proxy, but not for the origin. |
994 bool common_name_fallback_used; | 994 EXPECT_TRUE(cert->VerifyNameMatch(proxy_host, false)); |
995 EXPECT_TRUE(cert->VerifyNameMatch(proxy_host, &common_name_fallback_used)); | 995 EXPECT_FALSE(cert->VerifyNameMatch(origin_host, false)); |
996 EXPECT_FALSE(cert->VerifyNameMatch(origin_host, &common_name_fallback_used)); | |
997 ProofVerifyDetailsChromium verify_details; | 996 ProofVerifyDetailsChromium verify_details; |
998 verify_details.cert_verify_result.verified_cert = cert; | 997 verify_details.cert_verify_result.verified_cert = cert; |
999 crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); | 998 crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); |
1000 ProofVerifyDetailsChromium verify_details2; | 999 ProofVerifyDetailsChromium verify_details2; |
1001 verify_details2.cert_verify_result.verified_cert = cert; | 1000 verify_details2.cert_verify_result.verified_cert = cert; |
1002 crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details2); | 1001 crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details2); |
1003 | 1002 |
1004 request_.url = GURL("http://" + origin_host); | 1003 request_.url = GURL("http://" + origin_host); |
1005 AddHangingNonAlternateProtocolSocketData(); | 1004 AddHangingNonAlternateProtocolSocketData(); |
1006 CreateSession(); | 1005 CreateSession(); |
1007 AddQuicAlternateProtocolMapping(MockCryptoClientStream::CONFIRM_HANDSHAKE); | 1006 AddQuicAlternateProtocolMapping(MockCryptoClientStream::CONFIRM_HANDSHAKE); |
1008 SendRequestAndExpectQuicResponseFromProxyOnPort("hello!", 70); | 1007 SendRequestAndExpectQuicResponseFromProxyOnPort("hello!", 70); |
1009 } | 1008 } |
1010 | 1009 |
1011 TEST_P(QuicNetworkTransactionTest, AlternativeServicesDifferentHost) { | 1010 TEST_P(QuicNetworkTransactionTest, AlternativeServicesDifferentHost) { |
1012 HostPortPair origin("www.example.org", 443); | 1011 HostPortPair origin("www.example.org", 443); |
1013 HostPortPair alternative("mail.example.org", 443); | 1012 HostPortPair alternative("mail.example.org", 443); |
1014 | 1013 |
1015 base::FilePath certs_dir = GetTestCertsDirectory(); | 1014 base::FilePath certs_dir = GetTestCertsDirectory(); |
1016 scoped_refptr<X509Certificate> cert( | 1015 scoped_refptr<X509Certificate> cert( |
1017 ImportCertFromFile(GetTestCertsDirectory(), "wildcard.pem")); | 1016 ImportCertFromFile(GetTestCertsDirectory(), "wildcard.pem")); |
1018 ASSERT_TRUE(cert.get()); | 1017 ASSERT_TRUE(cert.get()); |
1019 // TODO(rch): the connection should be "to" the origin, so if the cert is | 1018 // TODO(rch): the connection should be "to" the origin, so if the cert is |
1020 // valid for the origin but not the alternative, that should work too. | 1019 // valid for the origin but not the alternative, that should work too. |
1021 bool common_name_fallback_used; | 1020 EXPECT_TRUE(cert->VerifyNameMatch(origin.host(), false)); |
1022 EXPECT_TRUE(cert->VerifyNameMatch(origin.host(), &common_name_fallback_used)); | |
1023 EXPECT_TRUE( | 1021 EXPECT_TRUE( |
1024 cert->VerifyNameMatch(alternative.host(), &common_name_fallback_used)); | 1022 cert->VerifyNameMatch(alternative.host(), false)); |
1025 ProofVerifyDetailsChromium verify_details; | 1023 ProofVerifyDetailsChromium verify_details; |
1026 verify_details.cert_verify_result.verified_cert = cert; | 1024 verify_details.cert_verify_result.verified_cert = cert; |
1027 crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); | 1025 crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); |
1028 | 1026 |
1029 client_maker_.set_hostname(origin.host()); | 1027 client_maker_.set_hostname(origin.host()); |
1030 MockQuicData mock_quic_data; | 1028 MockQuicData mock_quic_data; |
1031 QuicStreamOffset header_stream_offset = 0; | 1029 QuicStreamOffset header_stream_offset = 0; |
1032 mock_quic_data.AddWrite(ConstructSettingsPacket( | 1030 mock_quic_data.AddWrite(ConstructSettingsPacket( |
1033 1, SETTINGS_MAX_HEADER_LIST_SIZE, kDefaultMaxUncompressedHeaderSize, | 1031 1, SETTINGS_MAX_HEADER_LIST_SIZE, kDefaultMaxUncompressedHeaderSize, |
1034 &header_stream_offset)); | 1032 &header_stream_offset)); |
(...skipping 2284 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
3319 origin1_ = url.host(); | 3317 origin1_ = url.host(); |
3320 | 3318 |
3321 // Not used for requests, but this provides a test case where the certificate | 3319 // Not used for requests, but this provides a test case where the certificate |
3322 // is valid for the hostname of the alternative service. | 3320 // is valid for the hostname of the alternative service. |
3323 origin2_ = "mail.example.org"; | 3321 origin2_ = "mail.example.org"; |
3324 | 3322 |
3325 SetAlternativeService(origin1_); | 3323 SetAlternativeService(origin1_); |
3326 | 3324 |
3327 scoped_refptr<X509Certificate> cert( | 3325 scoped_refptr<X509Certificate> cert( |
3328 ImportCertFromFile(GetTestCertsDirectory(), "wildcard.pem")); | 3326 ImportCertFromFile(GetTestCertsDirectory(), "wildcard.pem")); |
3329 bool unused; | 3327 ASSERT_FALSE(cert->VerifyNameMatch(origin1_, false)); |
3330 ASSERT_FALSE(cert->VerifyNameMatch(origin1_, &unused)); | 3328 ASSERT_TRUE(cert->VerifyNameMatch(origin2_, false)); |
3331 ASSERT_TRUE(cert->VerifyNameMatch(origin2_, &unused)); | |
3332 | 3329 |
3333 ProofVerifyDetailsChromium verify_details; | 3330 ProofVerifyDetailsChromium verify_details; |
3334 verify_details.cert_verify_result.verified_cert = cert; | 3331 verify_details.cert_verify_result.verified_cert = cert; |
3335 verify_details.cert_verify_result.is_issued_by_known_root = true; | 3332 verify_details.cert_verify_result.is_issued_by_known_root = true; |
3336 crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); | 3333 crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); |
3337 | 3334 |
3338 MockQuicData mock_quic_data; | 3335 MockQuicData mock_quic_data; |
3339 mock_quic_data.AddRead(ASYNC, ERR_IO_PENDING); | 3336 mock_quic_data.AddRead(ASYNC, ERR_IO_PENDING); |
3340 mock_quic_data.AddRead(ASYNC, 0); | 3337 mock_quic_data.AddRead(ASYNC, 0); |
3341 | 3338 |
(...skipping 17 matching lines...) Expand all Loading... |
3359 // though QuicServerId is different. | 3356 // though QuicServerId is different. |
3360 TEST_P(QuicNetworkTransactionWithDestinationTest, PoolIfCertificateValid) { | 3357 TEST_P(QuicNetworkTransactionWithDestinationTest, PoolIfCertificateValid) { |
3361 origin1_ = "mail.example.org"; | 3358 origin1_ = "mail.example.org"; |
3362 origin2_ = "news.example.org"; | 3359 origin2_ = "news.example.org"; |
3363 | 3360 |
3364 SetAlternativeService(origin1_); | 3361 SetAlternativeService(origin1_); |
3365 SetAlternativeService(origin2_); | 3362 SetAlternativeService(origin2_); |
3366 | 3363 |
3367 scoped_refptr<X509Certificate> cert( | 3364 scoped_refptr<X509Certificate> cert( |
3368 ImportCertFromFile(GetTestCertsDirectory(), "wildcard.pem")); | 3365 ImportCertFromFile(GetTestCertsDirectory(), "wildcard.pem")); |
3369 bool unused; | 3366 ASSERT_TRUE(cert->VerifyNameMatch(origin1_, false)); |
3370 ASSERT_TRUE(cert->VerifyNameMatch(origin1_, &unused)); | 3367 ASSERT_TRUE(cert->VerifyNameMatch(origin2_, false)); |
3371 ASSERT_TRUE(cert->VerifyNameMatch(origin2_, &unused)); | 3368 ASSERT_FALSE(cert->VerifyNameMatch(kDifferentHostname, false)); |
3372 ASSERT_FALSE(cert->VerifyNameMatch(kDifferentHostname, &unused)); | |
3373 | 3369 |
3374 ProofVerifyDetailsChromium verify_details; | 3370 ProofVerifyDetailsChromium verify_details; |
3375 verify_details.cert_verify_result.verified_cert = cert; | 3371 verify_details.cert_verify_result.verified_cert = cert; |
3376 verify_details.cert_verify_result.is_issued_by_known_root = true; | 3372 verify_details.cert_verify_result.is_issued_by_known_root = true; |
3377 crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); | 3373 crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); |
3378 | 3374 |
3379 QuicTestPacketMaker client_maker1(version_, 0, clock_, origin1_, | 3375 QuicTestPacketMaker client_maker1(version_, 0, clock_, origin1_, |
3380 Perspective::IS_CLIENT); | 3376 Perspective::IS_CLIENT); |
3381 QuicTestPacketMaker server_maker1(version_, 0, clock_, origin1_, | 3377 QuicTestPacketMaker server_maker1(version_, 0, clock_, origin1_, |
3382 Perspective::IS_SERVER); | 3378 Perspective::IS_SERVER); |
(...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
3429 TEST_P(QuicNetworkTransactionWithDestinationTest, | 3425 TEST_P(QuicNetworkTransactionWithDestinationTest, |
3430 DoNotPoolIfCertificateInvalid) { | 3426 DoNotPoolIfCertificateInvalid) { |
3431 origin1_ = "news.example.org"; | 3427 origin1_ = "news.example.org"; |
3432 origin2_ = "mail.example.com"; | 3428 origin2_ = "mail.example.com"; |
3433 | 3429 |
3434 SetAlternativeService(origin1_); | 3430 SetAlternativeService(origin1_); |
3435 SetAlternativeService(origin2_); | 3431 SetAlternativeService(origin2_); |
3436 | 3432 |
3437 scoped_refptr<X509Certificate> cert1( | 3433 scoped_refptr<X509Certificate> cert1( |
3438 ImportCertFromFile(GetTestCertsDirectory(), "wildcard.pem")); | 3434 ImportCertFromFile(GetTestCertsDirectory(), "wildcard.pem")); |
3439 bool unused; | 3435 ASSERT_TRUE(cert1->VerifyNameMatch(origin1_, false)); |
3440 ASSERT_TRUE(cert1->VerifyNameMatch(origin1_, &unused)); | 3436 ASSERT_FALSE(cert1->VerifyNameMatch(origin2_, false)); |
3441 ASSERT_FALSE(cert1->VerifyNameMatch(origin2_, &unused)); | 3437 ASSERT_FALSE(cert1->VerifyNameMatch(kDifferentHostname, false)); |
3442 ASSERT_FALSE(cert1->VerifyNameMatch(kDifferentHostname, &unused)); | |
3443 | 3438 |
3444 scoped_refptr<X509Certificate> cert2( | 3439 scoped_refptr<X509Certificate> cert2( |
3445 ImportCertFromFile(GetTestCertsDirectory(), "spdy_pooling.pem")); | 3440 ImportCertFromFile(GetTestCertsDirectory(), "spdy_pooling.pem")); |
3446 ASSERT_TRUE(cert2->VerifyNameMatch(origin2_, &unused)); | 3441 ASSERT_TRUE(cert2->VerifyNameMatch(origin2_, false)); |
3447 ASSERT_FALSE(cert2->VerifyNameMatch(kDifferentHostname, &unused)); | 3442 ASSERT_FALSE(cert2->VerifyNameMatch(kDifferentHostname, false)); |
3448 | 3443 |
3449 ProofVerifyDetailsChromium verify_details1; | 3444 ProofVerifyDetailsChromium verify_details1; |
3450 verify_details1.cert_verify_result.verified_cert = cert1; | 3445 verify_details1.cert_verify_result.verified_cert = cert1; |
3451 verify_details1.cert_verify_result.is_issued_by_known_root = true; | 3446 verify_details1.cert_verify_result.is_issued_by_known_root = true; |
3452 crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details1); | 3447 crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details1); |
3453 | 3448 |
3454 ProofVerifyDetailsChromium verify_details2; | 3449 ProofVerifyDetailsChromium verify_details2; |
3455 verify_details2.cert_verify_result.verified_cert = cert2; | 3450 verify_details2.cert_verify_result.verified_cert = cert2; |
3456 verify_details2.cert_verify_result.is_issued_by_known_root = true; | 3451 verify_details2.cert_verify_result.is_issued_by_known_root = true; |
3457 crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details2); | 3452 crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details2); |
(...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
3507 AddHangingSocketData(); | 3502 AddHangingSocketData(); |
3508 | 3503 |
3509 SendRequestAndExpectQuicResponse(origin1_); | 3504 SendRequestAndExpectQuicResponse(origin1_); |
3510 SendRequestAndExpectQuicResponse(origin2_); | 3505 SendRequestAndExpectQuicResponse(origin2_); |
3511 | 3506 |
3512 EXPECT_TRUE(AllDataConsumed()); | 3507 EXPECT_TRUE(AllDataConsumed()); |
3513 } | 3508 } |
3514 | 3509 |
3515 } // namespace test | 3510 } // namespace test |
3516 } // namespace net | 3511 } // namespace net |
OLD | NEW |