net/cert/ignore_errors_cert_verifier_unittest.cc - Issue 2753123002: Add --ignore-certificate-errors-spki-list switch and UMA histogram.

Side by Side Diff: net/cert/ignore_errors_cert_verifier_unittest.cc

Issue 2753123002: Add --ignore-certificate-errors-spki-list switch and UMA histogram. (Closed)

Patch Set: Really add IgnoreErrorsCertVerifier. Created 3 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

OLD	NEW
(Empty)
	1 // Copyright (c) 2017 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #include "net/cert/ignore_errors_cert_verifier.h"

	6

	7 #include "base/files/file_path.h"

	8 #include "base/memory/ptr_util.h"

	9 #include "base/memory/ref_counted.h"

	10 #include "net/base/net_errors.h"

	11 #include "net/base/test_completion_callback.h"

	12 #include "net/cert/mock_cert_verifier.h"

	13 #include "net/cert/x509_certificate.h"

	14 #include "net/log/net_log_with_source.h"

	15 #include "net/test/cert_test_util.h"

	16 #include "net/test/gtest_util.h"

	17 #include "net/test/test_data_directory.h"

	18 #include "testing/gmock/include/gmock/gmock.h"

	19 #include "testing/gtest/include/gtest/gtest.h"

	20

	21 namespace net {

	22

	23 using test::IsError;

	24 using test::IsOk;

	25

	26 static IgnoreErrorsCertVerifier::SPKIHashSet MakeWhitelist() {

	27 std::vector<std::string> fingerprints{

	28 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=", "foobar",

	29 // SPKI fingerprint of the intermediate from

	30 // x509_verify_results.chain.pem:

	31 "MtnqgdSwAIgEjse7SpxnmyKoo/RTiL9CDIWwFnz4nas=",

	32 "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB="};

	33 return IgnoreErrorsCertVerifier::MakeWhitelist(fingerprints);

	34 };

	35

	36 class IgnoreErrorsCertVerifierTest : public ::testing::Test {

	37 public:

	38 IgnoreErrorsCertVerifierTest()

	39 : mock_verifier_(new MockCertVerifier()),

	40 verifier_(base::WrapUnique(mock_verifier_), MakeWhitelist()) {}

	41 ~IgnoreErrorsCertVerifierTest() override {}

	42

	43 protected:

	44 // The wrapped CertVerifier. Defaults to returning ERR_CERT_INVALID. Owned by

	45 // verifier_.

	46 MockCertVerifier* mock_verifier_;

	47 IgnoreErrorsCertVerifier verifier_;

	48 };

	49

	50 static scoped_refptr<X509Certificate> GetNonWhitelistedTestCert() {

	51 base::FilePath certs_dir = GetTestCertsDirectory();

	52 scoped_refptr<X509Certificate> test_cert(

	53 ImportCertFromFile(certs_dir, "ok_cert.pem"));

	54 CHECK(test_cert);

	55 return test_cert;

	56 }

	57

	58 static CertVerifier::RequestParams MakeRequestParams(

	59 const scoped_refptr<X509Certificate>& cert) {

	60 return CertVerifier::RequestParams(cert, "example.com", 0, "",

	61 CertificateList());

	62 }

	63

	64 static scoped_refptr<X509Certificate> GetWhitelistedTestCert() {

	65 base::FilePath certs_dir = GetTestCertsDirectory();

	66 CertificateList certs = CreateCertificateListFromFile(

	67 certs_dir, "x509_verify_results.chain.pem", X509Certificate::FORMAT_AUTO);

	68 CHECK_EQ(3U, certs.size());

	69 X509Certificate::OSCertHandles intermediates;

	70 intermediates.push_back(certs[1]->os_cert_handle());

	71 intermediates.push_back(certs[2]->os_cert_handle());

	72 scoped_refptr<X509Certificate> cert_chain = X509Certificate::CreateFromHandle(

	73 certs[0]->os_cert_handle(), intermediates);

	74 CHECK(cert_chain);

	75 CHECK_EQ(2U, cert_chain->GetIntermediateCertificates().size());

	76 return cert_chain;

	77 }

	78

	79 TEST_F(IgnoreErrorsCertVerifierTest, TestNoMatchCertOk) {

	80 mock_verifier_->set_default_result(OK);

	81

	82 auto test_cert = GetNonWhitelistedTestCert();
	Ryan Sleevi 2017/04/07 16:08:05 We try to forbid auto here when it can hide memory We try to forbid auto here when it can hide memory management subtleties (in particular, smart pointers). For example, at this call site, it's unclear the type that test_cert will produce. https://google.github.io/styleguide/cppguide.html#auto describes it as noisy/obvious/unimportant, but these types do aid clarity. The discussion linked in https://chromium-cpp.appspot.com/ is useful (and in particular, https://groups.google.com/a/chromium.org/d/msg/chromium-dev/5-Bt3BJzAo0/EWcU2... ) martinkr 2017/04/07 21:40:57 Yep, agreed. Done. Show quoted text On 2017/04/07 16:08:05, Ryan Sleevi wrote: > We try to forbid auto here when it can hide memory management subtleties (in > particular, smart pointers). For example, at this call site, it's unclear the > type that test_cert will produce. > > https://google.github.io/styleguide/cppguide.html#auto describes it as > noisy/obvious/unimportant, but these types do aid clarity. > > The discussion linked in https://chromium-cpp.appspot.com/ is useful (and in > particular, > https://groups.google.com/a/chromium.org/d/msg/chromium-dev/5-Bt3BJzAo0/EWcU2... > ) Yep, agreed. Done.
	83 CertVerifyResult verify_result;

	84 TestCompletionCallback callback;

	85 std::unique_ptr<CertVerifier::Request> request;

	86

	87 EXPECT_THAT(callback.GetResult(verifier_.Verify(

	88 MakeRequestParams(test_cert), nullptr, &verify_result,

	89 callback.callback(), &request, NetLogWithSource())),

	90 IsOk());

	91 }

	92

	93 TEST_F(IgnoreErrorsCertVerifierTest, TestNoMatchCertError) {

	94 auto test_cert = GetNonWhitelistedTestCert();

	95 CertVerifyResult verify_result;

	96 TestCompletionCallback callback;

	97 std::unique_ptr<CertVerifier::Request> request;

	98

	99 EXPECT_THAT(callback.GetResult(verifier_.Verify(

	100 MakeRequestParams(test_cert), nullptr, &verify_result,

	101 callback.callback(), &request, NetLogWithSource())),

	102 IsError(ERR_CERT_INVALID));

	103 }

	104

	105 TEST_F(IgnoreErrorsCertVerifierTest, TestNoMatchCertErrorCallback) {

	106 mock_verifier_->set_async(true);

	107

	108 auto test_cert = GetNonWhitelistedTestCert();

	109 CertVerifyResult verify_result;

	110 TestCompletionCallback callback;

	111 std::unique_ptr<CertVerifier::Request> request;

	112

	113 EXPECT_THAT(

	114 verifier_.Verify(MakeRequestParams(test_cert), nullptr, &verify_result,

	115 callback.callback(), &request, NetLogWithSource()),

	116 IsError(ERR_IO_PENDING));

	117 EXPECT_THAT(callback.WaitForResult(), IsError(ERR_CERT_INVALID));

	118 }

	119

	120 TEST_F(IgnoreErrorsCertVerifierTest, TestMatch) {

	121 auto test_cert = GetWhitelistedTestCert();

	122 CertVerifyResult verify_result;

	123 TestCompletionCallback callback;

	124 std::unique_ptr<CertVerifier::Request> request;

	125

	126 EXPECT_THAT(callback.GetResult(verifier_.Verify(

	127 MakeRequestParams(test_cert), nullptr, &verify_result,

	128 callback.callback(), &request, NetLogWithSource())),

	129 IsOk());

	130 }

	131

	132 TEST_F(IgnoreErrorsCertVerifierTest, TestMatchCallback) {

	133 mock_verifier_->set_async(true);

	134

	135 auto test_cert = GetWhitelistedTestCert();

	136 CertVerifyResult verify_result;

	137 TestCompletionCallback callback;

	138 std::unique_ptr<CertVerifier::Request> request;

	139

	140 EXPECT_THAT(

	141 verifier_.Verify(MakeRequestParams(test_cert), nullptr, &verify_result,

	142 callback.callback(), &request, NetLogWithSource()),

	143 IsError(ERR_IO_PENDING));

	144 EXPECT_THAT(callback.WaitForResult(), IsOk());

	145 }

	146

	147 } // namespace net

OLD	NEW

« net/cert/ignore_errors_cert_verifier.cc ('K') | « net/cert/ignore_errors_cert_verifier.cc ('k') | net/cert/mock_cert_verifier.h » ('j') | net/cert/mock_cert_verifier.cc » ('J')