| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <memory> | 5 #include <memory> |
| 6 #include <ostream> | 6 #include <ostream> |
| 7 #include <string> | 7 #include <string> |
| 8 #include <utility> | 8 #include <utility> |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| (...skipping 973 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 984 false, true, 0, "hello!")); | 984 false, true, 0, "hello!")); |
| 985 mock_quic_data.AddWrite(ConstructClientAckPacket(3, 2, 1)); | 985 mock_quic_data.AddWrite(ConstructClientAckPacket(3, 2, 1)); |
| 986 mock_quic_data.AddRead(ASYNC, ERR_IO_PENDING); // No more data to read | 986 mock_quic_data.AddRead(ASYNC, ERR_IO_PENDING); // No more data to read |
| 987 mock_quic_data.AddRead(ASYNC, 0); | 987 mock_quic_data.AddRead(ASYNC, 0); |
| 988 mock_quic_data.AddSocketDataToFactory(&socket_factory_); | 988 mock_quic_data.AddSocketDataToFactory(&socket_factory_); |
| 989 | 989 |
| 990 scoped_refptr<X509Certificate> cert( | 990 scoped_refptr<X509Certificate> cert( |
| 991 ImportCertFromFile(GetTestCertsDirectory(), "wildcard.pem")); | 991 ImportCertFromFile(GetTestCertsDirectory(), "wildcard.pem")); |
| 992 ASSERT_TRUE(cert.get()); | 992 ASSERT_TRUE(cert.get()); |
| 993 // This certificate is valid for the proxy, but not for the origin. | 993 // This certificate is valid for the proxy, but not for the origin. |
| 994 bool common_name_fallback_used; | 994 EXPECT_TRUE(cert->VerifyNameMatch(proxy_host, false)); |
| 995 EXPECT_TRUE(cert->VerifyNameMatch(proxy_host, &common_name_fallback_used)); | 995 EXPECT_FALSE(cert->VerifyNameMatch(origin_host, false)); |
| 996 EXPECT_FALSE(cert->VerifyNameMatch(origin_host, &common_name_fallback_used)); | |
| 997 ProofVerifyDetailsChromium verify_details; | 996 ProofVerifyDetailsChromium verify_details; |
| 998 verify_details.cert_verify_result.verified_cert = cert; | 997 verify_details.cert_verify_result.verified_cert = cert; |
| 999 crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); | 998 crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); |
| 1000 ProofVerifyDetailsChromium verify_details2; | 999 ProofVerifyDetailsChromium verify_details2; |
| 1001 verify_details2.cert_verify_result.verified_cert = cert; | 1000 verify_details2.cert_verify_result.verified_cert = cert; |
| 1002 crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details2); | 1001 crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details2); |
| 1003 | 1002 |
| 1004 request_.url = GURL("http://" + origin_host); | 1003 request_.url = GURL("http://" + origin_host); |
| 1005 AddHangingNonAlternateProtocolSocketData(); | 1004 AddHangingNonAlternateProtocolSocketData(); |
| 1006 CreateSession(); | 1005 CreateSession(); |
| 1007 AddQuicAlternateProtocolMapping(MockCryptoClientStream::CONFIRM_HANDSHAKE); | 1006 AddQuicAlternateProtocolMapping(MockCryptoClientStream::CONFIRM_HANDSHAKE); |
| 1008 SendRequestAndExpectQuicResponseFromProxyOnPort("hello!", 70); | 1007 SendRequestAndExpectQuicResponseFromProxyOnPort("hello!", 70); |
| 1009 } | 1008 } |
| 1010 | 1009 |
| 1011 TEST_P(QuicNetworkTransactionTest, AlternativeServicesDifferentHost) { | 1010 TEST_P(QuicNetworkTransactionTest, AlternativeServicesDifferentHost) { |
| 1012 HostPortPair origin("www.example.org", 443); | 1011 HostPortPair origin("www.example.org", 443); |
| 1013 HostPortPair alternative("mail.example.org", 443); | 1012 HostPortPair alternative("mail.example.org", 443); |
| 1014 | 1013 |
| 1015 base::FilePath certs_dir = GetTestCertsDirectory(); | 1014 base::FilePath certs_dir = GetTestCertsDirectory(); |
| 1016 scoped_refptr<X509Certificate> cert( | 1015 scoped_refptr<X509Certificate> cert( |
| 1017 ImportCertFromFile(GetTestCertsDirectory(), "wildcard.pem")); | 1016 ImportCertFromFile(GetTestCertsDirectory(), "wildcard.pem")); |
| 1018 ASSERT_TRUE(cert.get()); | 1017 ASSERT_TRUE(cert.get()); |
| 1019 // TODO(rch): the connection should be "to" the origin, so if the cert is | 1018 // TODO(rch): the connection should be "to" the origin, so if the cert is |
| 1020 // valid for the origin but not the alternative, that should work too. | 1019 // valid for the origin but not the alternative, that should work too. |
| 1021 bool common_name_fallback_used; | 1020 EXPECT_TRUE(cert->VerifyNameMatch(origin.host(), false)); |
| 1022 EXPECT_TRUE(cert->VerifyNameMatch(origin.host(), &common_name_fallback_used)); | |
| 1023 EXPECT_TRUE( | 1021 EXPECT_TRUE( |
| 1024 cert->VerifyNameMatch(alternative.host(), &common_name_fallback_used)); | 1022 cert->VerifyNameMatch(alternative.host(), false)); |
| 1025 ProofVerifyDetailsChromium verify_details; | 1023 ProofVerifyDetailsChromium verify_details; |
| 1026 verify_details.cert_verify_result.verified_cert = cert; | 1024 verify_details.cert_verify_result.verified_cert = cert; |
| 1027 crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); | 1025 crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); |
| 1028 | 1026 |
| 1029 client_maker_.set_hostname(origin.host()); | 1027 client_maker_.set_hostname(origin.host()); |
| 1030 MockQuicData mock_quic_data; | 1028 MockQuicData mock_quic_data; |
| 1031 QuicStreamOffset header_stream_offset = 0; | 1029 QuicStreamOffset header_stream_offset = 0; |
| 1032 mock_quic_data.AddWrite(ConstructSettingsPacket( | 1030 mock_quic_data.AddWrite(ConstructSettingsPacket( |
| 1033 1, SETTINGS_MAX_HEADER_LIST_SIZE, kDefaultMaxUncompressedHeaderSize, | 1031 1, SETTINGS_MAX_HEADER_LIST_SIZE, kDefaultMaxUncompressedHeaderSize, |
| 1034 &header_stream_offset)); | 1032 &header_stream_offset)); |
| (...skipping 2284 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3319 origin1_ = url.host(); | 3317 origin1_ = url.host(); |
| 3320 | 3318 |
| 3321 // Not used for requests, but this provides a test case where the certificate | 3319 // Not used for requests, but this provides a test case where the certificate |
| 3322 // is valid for the hostname of the alternative service. | 3320 // is valid for the hostname of the alternative service. |
| 3323 origin2_ = "mail.example.org"; | 3321 origin2_ = "mail.example.org"; |
| 3324 | 3322 |
| 3325 SetAlternativeService(origin1_); | 3323 SetAlternativeService(origin1_); |
| 3326 | 3324 |
| 3327 scoped_refptr<X509Certificate> cert( | 3325 scoped_refptr<X509Certificate> cert( |
| 3328 ImportCertFromFile(GetTestCertsDirectory(), "wildcard.pem")); | 3326 ImportCertFromFile(GetTestCertsDirectory(), "wildcard.pem")); |
| 3329 bool unused; | 3327 ASSERT_FALSE(cert->VerifyNameMatch(origin1_, false)); |
| 3330 ASSERT_FALSE(cert->VerifyNameMatch(origin1_, &unused)); | 3328 ASSERT_TRUE(cert->VerifyNameMatch(origin2_, false)); |
| 3331 ASSERT_TRUE(cert->VerifyNameMatch(origin2_, &unused)); | |
| 3332 | 3329 |
| 3333 ProofVerifyDetailsChromium verify_details; | 3330 ProofVerifyDetailsChromium verify_details; |
| 3334 verify_details.cert_verify_result.verified_cert = cert; | 3331 verify_details.cert_verify_result.verified_cert = cert; |
| 3335 verify_details.cert_verify_result.is_issued_by_known_root = true; | 3332 verify_details.cert_verify_result.is_issued_by_known_root = true; |
| 3336 crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); | 3333 crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); |
| 3337 | 3334 |
| 3338 MockQuicData mock_quic_data; | 3335 MockQuicData mock_quic_data; |
| 3339 mock_quic_data.AddRead(ASYNC, ERR_IO_PENDING); | 3336 mock_quic_data.AddRead(ASYNC, ERR_IO_PENDING); |
| 3340 mock_quic_data.AddRead(ASYNC, 0); | 3337 mock_quic_data.AddRead(ASYNC, 0); |
| 3341 | 3338 |
| (...skipping 17 matching lines...) Expand all Loading... |
| 3359 // though QuicServerId is different. | 3356 // though QuicServerId is different. |
| 3360 TEST_P(QuicNetworkTransactionWithDestinationTest, PoolIfCertificateValid) { | 3357 TEST_P(QuicNetworkTransactionWithDestinationTest, PoolIfCertificateValid) { |
| 3361 origin1_ = "mail.example.org"; | 3358 origin1_ = "mail.example.org"; |
| 3362 origin2_ = "news.example.org"; | 3359 origin2_ = "news.example.org"; |
| 3363 | 3360 |
| 3364 SetAlternativeService(origin1_); | 3361 SetAlternativeService(origin1_); |
| 3365 SetAlternativeService(origin2_); | 3362 SetAlternativeService(origin2_); |
| 3366 | 3363 |
| 3367 scoped_refptr<X509Certificate> cert( | 3364 scoped_refptr<X509Certificate> cert( |
| 3368 ImportCertFromFile(GetTestCertsDirectory(), "wildcard.pem")); | 3365 ImportCertFromFile(GetTestCertsDirectory(), "wildcard.pem")); |
| 3369 bool unused; | 3366 ASSERT_TRUE(cert->VerifyNameMatch(origin1_, false)); |
| 3370 ASSERT_TRUE(cert->VerifyNameMatch(origin1_, &unused)); | 3367 ASSERT_TRUE(cert->VerifyNameMatch(origin2_, false)); |
| 3371 ASSERT_TRUE(cert->VerifyNameMatch(origin2_, &unused)); | 3368 ASSERT_FALSE(cert->VerifyNameMatch(kDifferentHostname, false)); |
| 3372 ASSERT_FALSE(cert->VerifyNameMatch(kDifferentHostname, &unused)); | |
| 3373 | 3369 |
| 3374 ProofVerifyDetailsChromium verify_details; | 3370 ProofVerifyDetailsChromium verify_details; |
| 3375 verify_details.cert_verify_result.verified_cert = cert; | 3371 verify_details.cert_verify_result.verified_cert = cert; |
| 3376 verify_details.cert_verify_result.is_issued_by_known_root = true; | 3372 verify_details.cert_verify_result.is_issued_by_known_root = true; |
| 3377 crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); | 3373 crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); |
| 3378 | 3374 |
| 3379 QuicTestPacketMaker client_maker1(version_, 0, clock_, origin1_, | 3375 QuicTestPacketMaker client_maker1(version_, 0, clock_, origin1_, |
| 3380 Perspective::IS_CLIENT); | 3376 Perspective::IS_CLIENT); |
| 3381 QuicTestPacketMaker server_maker1(version_, 0, clock_, origin1_, | 3377 QuicTestPacketMaker server_maker1(version_, 0, clock_, origin1_, |
| 3382 Perspective::IS_SERVER); | 3378 Perspective::IS_SERVER); |
| (...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3429 TEST_P(QuicNetworkTransactionWithDestinationTest, | 3425 TEST_P(QuicNetworkTransactionWithDestinationTest, |
| 3430 DoNotPoolIfCertificateInvalid) { | 3426 DoNotPoolIfCertificateInvalid) { |
| 3431 origin1_ = "news.example.org"; | 3427 origin1_ = "news.example.org"; |
| 3432 origin2_ = "mail.example.com"; | 3428 origin2_ = "mail.example.com"; |
| 3433 | 3429 |
| 3434 SetAlternativeService(origin1_); | 3430 SetAlternativeService(origin1_); |
| 3435 SetAlternativeService(origin2_); | 3431 SetAlternativeService(origin2_); |
| 3436 | 3432 |
| 3437 scoped_refptr<X509Certificate> cert1( | 3433 scoped_refptr<X509Certificate> cert1( |
| 3438 ImportCertFromFile(GetTestCertsDirectory(), "wildcard.pem")); | 3434 ImportCertFromFile(GetTestCertsDirectory(), "wildcard.pem")); |
| 3439 bool unused; | 3435 ASSERT_TRUE(cert1->VerifyNameMatch(origin1_, false)); |
| 3440 ASSERT_TRUE(cert1->VerifyNameMatch(origin1_, &unused)); | 3436 ASSERT_FALSE(cert1->VerifyNameMatch(origin2_, false)); |
| 3441 ASSERT_FALSE(cert1->VerifyNameMatch(origin2_, &unused)); | 3437 ASSERT_FALSE(cert1->VerifyNameMatch(kDifferentHostname, false)); |
| 3442 ASSERT_FALSE(cert1->VerifyNameMatch(kDifferentHostname, &unused)); | |
| 3443 | 3438 |
| 3444 scoped_refptr<X509Certificate> cert2( | 3439 scoped_refptr<X509Certificate> cert2( |
| 3445 ImportCertFromFile(GetTestCertsDirectory(), "spdy_pooling.pem")); | 3440 ImportCertFromFile(GetTestCertsDirectory(), "spdy_pooling.pem")); |
| 3446 ASSERT_TRUE(cert2->VerifyNameMatch(origin2_, &unused)); | 3441 ASSERT_TRUE(cert2->VerifyNameMatch(origin2_, false)); |
| 3447 ASSERT_FALSE(cert2->VerifyNameMatch(kDifferentHostname, &unused)); | 3442 ASSERT_FALSE(cert2->VerifyNameMatch(kDifferentHostname, false)); |
| 3448 | 3443 |
| 3449 ProofVerifyDetailsChromium verify_details1; | 3444 ProofVerifyDetailsChromium verify_details1; |
| 3450 verify_details1.cert_verify_result.verified_cert = cert1; | 3445 verify_details1.cert_verify_result.verified_cert = cert1; |
| 3451 verify_details1.cert_verify_result.is_issued_by_known_root = true; | 3446 verify_details1.cert_verify_result.is_issued_by_known_root = true; |
| 3452 crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details1); | 3447 crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details1); |
| 3453 | 3448 |
| 3454 ProofVerifyDetailsChromium verify_details2; | 3449 ProofVerifyDetailsChromium verify_details2; |
| 3455 verify_details2.cert_verify_result.verified_cert = cert2; | 3450 verify_details2.cert_verify_result.verified_cert = cert2; |
| 3456 verify_details2.cert_verify_result.is_issued_by_known_root = true; | 3451 verify_details2.cert_verify_result.is_issued_by_known_root = true; |
| 3457 crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details2); | 3452 crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details2); |
| (...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3507 AddHangingSocketData(); | 3502 AddHangingSocketData(); |
| 3508 | 3503 |
| 3509 SendRequestAndExpectQuicResponse(origin1_); | 3504 SendRequestAndExpectQuicResponse(origin1_); |
| 3510 SendRequestAndExpectQuicResponse(origin2_); | 3505 SendRequestAndExpectQuicResponse(origin2_); |
| 3511 | 3506 |
| 3512 EXPECT_TRUE(AllDataConsumed()); | 3507 EXPECT_TRUE(AllDataConsumed()); |
| 3513 } | 3508 } |
| 3514 | 3509 |
| 3515 } // namespace test | 3510 } // namespace test |
| 3516 } // namespace net | 3511 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2719273002:
Disable commonName matching for certificates (Closed)
