OLD | NEW |
---|---|
(Empty) | |
1 // Copyright (c) 2017 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "chrome/browser/ssl/ignore_errors_cert_verifier.h" | |
6 | |
7 #include "base/files/file_path.h" | |
8 #include "base/memory/ptr_util.h" | |
9 #include "base/memory/ref_counted.h" | |
10 #include "net/base/net_errors.h" | |
11 #include "net/base/test_completion_callback.h" | |
12 #include "net/cert/mock_cert_verifier.h" | |
13 #include "net/cert/x509_certificate.h" | |
14 #include "net/log/net_log_with_source.h" | |
15 #include "net/test/cert_test_util.h" | |
16 #include "net/test/gtest_util.h" | |
17 #include "net/test/test_data_directory.h" | |
18 #include "testing/gmock/include/gmock/gmock.h" | |
19 #include "testing/gtest/include/gtest/gtest.h" | |
20 | |
21 using net::CertVerifier; | |
22 using net::MockCertVerifier; | |
23 using net::CompletionCallback; | |
24 using net::HashValue; | |
25 using net::SHA256HashValue; | |
26 using net::SHA256HashValueLessThan; | |
27 using net::X509Certificate; | |
28 using net::TestCompletionCallback; | |
29 using net::CertVerifyResult; | |
30 using net::NetLogWithSource; | |
31 | |
32 using net::ERR_CERT_INVALID; | |
33 using net::ERR_IO_PENDING; | |
34 using net::OK; | |
35 | |
36 using net::test::IsError; | |
37 using net::test::IsOk; | |
38 | |
39 static IgnoreErrorsCertVerifier::SPKIHashSet MakeWhitelist() { | |
40 std::vector<std::string> fingerprints{ | |
41 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=", "foobar", | |
42 // SPKI fingerprint of the intermediate from | |
43 // x509_verify_results.chain.pem: | |
44 "MtnqgdSwAIgEjse7SpxnmyKoo/RTiL9CDIWwFnz4nas=", | |
Ryan Sleevi
2017/04/12 21:53:17
It'd be better if this was dynamically computed. x
martinkr
2017/04/24 23:54:25
IMHO it seems a little silly, since I essentially
| |
45 "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB="}; | |
46 return IgnoreErrorsCertVerifier::MakeWhitelist(fingerprints); | |
47 } | |
48 | |
49 class IgnoreErrorsCertVerifierTest : public ::testing::Test { | |
50 public: | |
51 IgnoreErrorsCertVerifierTest() | |
52 : mock_verifier_(new MockCertVerifier()), | |
53 verifier_(base::WrapUnique(mock_verifier_), MakeWhitelist()) {} | |
54 ~IgnoreErrorsCertVerifierTest() override {} | |
55 | |
56 protected: | |
57 // The wrapped CertVerifier. Defaults to returning ERR_CERT_INVALID. Owned by | |
58 // verifier_. | |
59 MockCertVerifier* mock_verifier_; | |
60 IgnoreErrorsCertVerifier verifier_; | |
61 }; | |
62 | |
63 static scoped_refptr<X509Certificate> GetNonWhitelistedTestCert() { | |
64 base::FilePath certs_dir = net::GetTestCertsDirectory(); | |
65 scoped_refptr<X509Certificate> test_cert( | |
66 net::ImportCertFromFile(certs_dir, "ok_cert.pem")); | |
67 CHECK(test_cert); | |
Ryan Sleevi
2017/04/12 21:53:17
This is a unit test, so we shouldn't CHECK() for a
martinkr
2017/04/24 23:54:26
Done.
| |
68 return test_cert; | |
69 } | |
70 | |
71 static CertVerifier::RequestParams MakeRequestParams( | |
72 const scoped_refptr<X509Certificate>& cert) { | |
73 return CertVerifier::RequestParams(cert, "example.com", 0, "", | |
74 net::CertificateList()); | |
75 } | |
76 | |
77 static scoped_refptr<X509Certificate> GetWhitelistedTestCert() { | |
78 base::FilePath certs_dir = net::GetTestCertsDirectory(); | |
79 net::CertificateList certs = net::CreateCertificateListFromFile( | |
80 certs_dir, "x509_verify_results.chain.pem", X509Certificate::FORMAT_AUTO); | |
81 CHECK_EQ(3U, certs.size()); | |
Ryan Sleevi
2017/04/12 21:53:17
ditto re: CHECK
martinkr
2017/04/24 23:54:26
Done.
| |
82 X509Certificate::OSCertHandles intermediates; | |
83 intermediates.push_back(certs[1]->os_cert_handle()); | |
84 intermediates.push_back(certs[2]->os_cert_handle()); | |
85 scoped_refptr<X509Certificate> cert_chain = X509Certificate::CreateFromHandle( | |
86 certs[0]->os_cert_handle(), intermediates); | |
87 CHECK(cert_chain); | |
88 CHECK_EQ(2U, cert_chain->GetIntermediateCertificates().size()); | |
Ryan Sleevi
2017/04/12 21:53:17
ditto re: CHECK
martinkr
2017/04/24 23:54:26
Done.
| |
89 return cert_chain; | |
90 } | |
91 | |
92 TEST_F(IgnoreErrorsCertVerifierTest, TestNoMatchCertOk) { | |
93 mock_verifier_->set_default_result(OK); | |
94 | |
95 scoped_refptr<X509Certificate> test_cert = GetNonWhitelistedTestCert(); | |
96 CertVerifyResult verify_result; | |
97 TestCompletionCallback callback; | |
98 std::unique_ptr<CertVerifier::Request> request; | |
99 | |
100 EXPECT_THAT(callback.GetResult(verifier_.Verify( | |
101 MakeRequestParams(test_cert), nullptr, &verify_result, | |
102 callback.callback(), &request, NetLogWithSource())), | |
103 IsOk()); | |
104 } | |
105 | |
106 TEST_F(IgnoreErrorsCertVerifierTest, TestNoMatchCertError) { | |
107 scoped_refptr<X509Certificate> test_cert = GetNonWhitelistedTestCert(); | |
108 CertVerifyResult verify_result; | |
109 TestCompletionCallback callback; | |
110 std::unique_ptr<CertVerifier::Request> request; | |
111 | |
112 EXPECT_THAT(callback.GetResult(verifier_.Verify( | |
113 MakeRequestParams(test_cert), nullptr, &verify_result, | |
114 callback.callback(), &request, NetLogWithSource())), | |
115 IsError(ERR_CERT_INVALID)); | |
116 } | |
117 | |
118 TEST_F(IgnoreErrorsCertVerifierTest, TestNoMatchCertErrorCallback) { | |
119 mock_verifier_->set_async(true); | |
120 | |
121 scoped_refptr<X509Certificate> test_cert = GetNonWhitelistedTestCert(); | |
122 CertVerifyResult verify_result; | |
123 TestCompletionCallback callback; | |
124 std::unique_ptr<CertVerifier::Request> request; | |
125 | |
126 EXPECT_THAT( | |
127 verifier_.Verify(MakeRequestParams(test_cert), nullptr, &verify_result, | |
128 callback.callback(), &request, NetLogWithSource()), | |
129 IsError(ERR_IO_PENDING)); | |
130 EXPECT_THAT(callback.WaitForResult(), IsError(ERR_CERT_INVALID)); | |
131 } | |
132 | |
133 TEST_F(IgnoreErrorsCertVerifierTest, TestMatch) { | |
134 scoped_refptr<X509Certificate> test_cert = GetWhitelistedTestCert(); | |
135 CertVerifyResult verify_result; | |
136 TestCompletionCallback callback; | |
137 std::unique_ptr<CertVerifier::Request> request; | |
138 | |
139 EXPECT_THAT(callback.GetResult(verifier_.Verify( | |
140 MakeRequestParams(test_cert), nullptr, &verify_result, | |
141 callback.callback(), &request, NetLogWithSource())), | |
142 IsOk()); | |
143 } | |
144 | |
145 TEST_F(IgnoreErrorsCertVerifierTest, TestMatchCallback) { | |
146 mock_verifier_->set_async(true); | |
147 | |
148 scoped_refptr<X509Certificate> test_cert = GetWhitelistedTestCert(); | |
149 CertVerifyResult verify_result; | |
150 TestCompletionCallback callback; | |
151 std::unique_ptr<CertVerifier::Request> request; | |
152 | |
153 EXPECT_THAT( | |
154 verifier_.Verify(MakeRequestParams(test_cert), nullptr, &verify_result, | |
155 callback.callback(), &request, NetLogWithSource()), | |
156 IsError(ERR_IO_PENDING)); | |
157 EXPECT_THAT(callback.WaitForResult(), IsOk()); | |
158 } | |
OLD | NEW |