Index: net/cert/ignore_errors_cert_verifier_unittest.cc |
diff --git a/net/cert/ignore_errors_cert_verifier_unittest.cc b/net/cert/ignore_errors_cert_verifier_unittest.cc |
new file mode 100644 |
index 0000000000000000000000000000000000000000..ff8c1588c7db4887ae251fbbbc45fb222bde5ddd |
--- /dev/null |
+++ b/net/cert/ignore_errors_cert_verifier_unittest.cc |
@@ -0,0 +1,147 @@ |
+// Copyright (c) 2017 The Chromium Authors. All rights reserved. |
+// Use of this source code is governed by a BSD-style license that can be |
+// found in the LICENSE file. |
+ |
+#include "net/cert/ignore_errors_cert_verifier.h" |
+ |
+#include "base/files/file_path.h" |
+#include "base/memory/ptr_util.h" |
+#include "base/memory/ref_counted.h" |
+#include "net/base/net_errors.h" |
+#include "net/base/test_completion_callback.h" |
+#include "net/cert/mock_cert_verifier.h" |
+#include "net/cert/x509_certificate.h" |
+#include "net/log/net_log_with_source.h" |
+#include "net/test/cert_test_util.h" |
+#include "net/test/gtest_util.h" |
+#include "net/test/test_data_directory.h" |
+#include "testing/gmock/include/gmock/gmock.h" |
+#include "testing/gtest/include/gtest/gtest.h" |
+ |
+namespace net { |
+ |
+using test::IsError; |
+using test::IsOk; |
+ |
+static IgnoreErrorsCertVerifier::SPKIHashSet MakeWhitelist() { |
+ std::vector<std::string> fingerprints{ |
+ "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=", "foobar", |
+ // SPKI fingerprint of the intermediate from |
+ // x509_verify_results.chain.pem: |
+ "MtnqgdSwAIgEjse7SpxnmyKoo/RTiL9CDIWwFnz4nas=", |
+ "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB="}; |
+ return IgnoreErrorsCertVerifier::MakeWhitelist(fingerprints); |
+}; |
+ |
+class IgnoreErrorsCertVerifierTest : public ::testing::Test { |
+ public: |
+ IgnoreErrorsCertVerifierTest() |
+ : mock_verifier_(new MockCertVerifier()), |
+ verifier_(base::WrapUnique(mock_verifier_), MakeWhitelist()) {} |
+ ~IgnoreErrorsCertVerifierTest() override {} |
+ |
+ protected: |
+ // The wrapped CertVerifier. Defaults to returning ERR_CERT_INVALID. Owned by |
+ // verifier_. |
+ MockCertVerifier* mock_verifier_; |
+ IgnoreErrorsCertVerifier verifier_; |
+}; |
+ |
+static scoped_refptr<X509Certificate> GetNonWhitelistedTestCert() { |
+ base::FilePath certs_dir = GetTestCertsDirectory(); |
+ scoped_refptr<X509Certificate> test_cert( |
+ ImportCertFromFile(certs_dir, "ok_cert.pem")); |
+ CHECK(test_cert); |
+ return test_cert; |
+} |
+ |
+static CertVerifier::RequestParams MakeRequestParams( |
+ const scoped_refptr<X509Certificate>& cert) { |
+ return CertVerifier::RequestParams(cert, "example.com", 0, "", |
+ CertificateList()); |
+} |
+ |
+static scoped_refptr<X509Certificate> GetWhitelistedTestCert() { |
+ base::FilePath certs_dir = GetTestCertsDirectory(); |
+ CertificateList certs = CreateCertificateListFromFile( |
+ certs_dir, "x509_verify_results.chain.pem", X509Certificate::FORMAT_AUTO); |
+ CHECK_EQ(3U, certs.size()); |
+ X509Certificate::OSCertHandles intermediates; |
+ intermediates.push_back(certs[1]->os_cert_handle()); |
+ intermediates.push_back(certs[2]->os_cert_handle()); |
+ scoped_refptr<X509Certificate> cert_chain = X509Certificate::CreateFromHandle( |
+ certs[0]->os_cert_handle(), intermediates); |
+ CHECK(cert_chain); |
+ CHECK_EQ(2U, cert_chain->GetIntermediateCertificates().size()); |
+ return cert_chain; |
+} |
+ |
+TEST_F(IgnoreErrorsCertVerifierTest, TestNoMatchCertOk) { |
+ mock_verifier_->set_default_result(OK); |
+ |
+ auto test_cert = GetNonWhitelistedTestCert(); |
Ryan Sleevi
2017/04/07 16:08:05
We try to forbid auto here when it can hide memory
martinkr
2017/04/07 21:40:57
Yep, agreed. Done.
|
+ CertVerifyResult verify_result; |
+ TestCompletionCallback callback; |
+ std::unique_ptr<CertVerifier::Request> request; |
+ |
+ EXPECT_THAT(callback.GetResult(verifier_.Verify( |
+ MakeRequestParams(test_cert), nullptr, &verify_result, |
+ callback.callback(), &request, NetLogWithSource())), |
+ IsOk()); |
+} |
+ |
+TEST_F(IgnoreErrorsCertVerifierTest, TestNoMatchCertError) { |
+ auto test_cert = GetNonWhitelistedTestCert(); |
+ CertVerifyResult verify_result; |
+ TestCompletionCallback callback; |
+ std::unique_ptr<CertVerifier::Request> request; |
+ |
+ EXPECT_THAT(callback.GetResult(verifier_.Verify( |
+ MakeRequestParams(test_cert), nullptr, &verify_result, |
+ callback.callback(), &request, NetLogWithSource())), |
+ IsError(ERR_CERT_INVALID)); |
+} |
+ |
+TEST_F(IgnoreErrorsCertVerifierTest, TestNoMatchCertErrorCallback) { |
+ mock_verifier_->set_async(true); |
+ |
+ auto test_cert = GetNonWhitelistedTestCert(); |
+ CertVerifyResult verify_result; |
+ TestCompletionCallback callback; |
+ std::unique_ptr<CertVerifier::Request> request; |
+ |
+ EXPECT_THAT( |
+ verifier_.Verify(MakeRequestParams(test_cert), nullptr, &verify_result, |
+ callback.callback(), &request, NetLogWithSource()), |
+ IsError(ERR_IO_PENDING)); |
+ EXPECT_THAT(callback.WaitForResult(), IsError(ERR_CERT_INVALID)); |
+} |
+ |
+TEST_F(IgnoreErrorsCertVerifierTest, TestMatch) { |
+ auto test_cert = GetWhitelistedTestCert(); |
+ CertVerifyResult verify_result; |
+ TestCompletionCallback callback; |
+ std::unique_ptr<CertVerifier::Request> request; |
+ |
+ EXPECT_THAT(callback.GetResult(verifier_.Verify( |
+ MakeRequestParams(test_cert), nullptr, &verify_result, |
+ callback.callback(), &request, NetLogWithSource())), |
+ IsOk()); |
+} |
+ |
+TEST_F(IgnoreErrorsCertVerifierTest, TestMatchCallback) { |
+ mock_verifier_->set_async(true); |
+ |
+ auto test_cert = GetWhitelistedTestCert(); |
+ CertVerifyResult verify_result; |
+ TestCompletionCallback callback; |
+ std::unique_ptr<CertVerifier::Request> request; |
+ |
+ EXPECT_THAT( |
+ verifier_.Verify(MakeRequestParams(test_cert), nullptr, &verify_result, |
+ callback.callback(), &request, NetLogWithSource()), |
+ IsError(ERR_IO_PENDING)); |
+ EXPECT_THAT(callback.WaitForResult(), IsOk()); |
+} |
+ |
+} // namespace net |