| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/quic/chromium/crypto/proof_verifier_chromium.h" | 5 #include "net/quic/chromium/crypto/proof_verifier_chromium.h" |
| 6 | 6 |
| 7 #include "base/memory/ptr_util.h" |
| 7 #include "base/memory/ref_counted.h" | 8 #include "base/memory/ref_counted.h" |
| 8 #include "net/base/net_errors.h" | 9 #include "net/base/net_errors.h" |
| 9 #include "net/cert/cert_status_flags.h" | 10 #include "net/cert/cert_status_flags.h" |
| 10 #include "net/cert/cert_verifier.h" | 11 #include "net/cert/cert_verifier.h" |
| 11 #include "net/cert/ct_log_verifier.h" | 12 #include "net/cert/ct_log_verifier.h" |
| 12 #include "net/cert/ct_policy_enforcer.h" | 13 #include "net/cert/ct_policy_enforcer.h" |
| 13 #include "net/cert/ct_policy_status.h" | 14 #include "net/cert/ct_policy_status.h" |
| 14 #include "net/cert/ct_serialization.h" | 15 #include "net/cert/ct_serialization.h" |
| 15 #include "net/cert/mock_cert_verifier.h" | 16 #include "net/cert/mock_cert_verifier.h" |
| 16 #include "net/cert/multi_log_ct_verifier.h" | 17 #include "net/cert/multi_log_ct_verifier.h" |
| 17 #include "net/http/transport_security_state.h" | 18 #include "net/http/transport_security_state.h" |
| 19 #include "net/quic/chromium/crypto/proof_source_chromium.h" |
| 18 #include "net/quic/core/crypto/proof_verifier.h" | 20 #include "net/quic/core/crypto/proof_verifier.h" |
| 19 #include "net/test/cert_test_util.h" | 21 #include "net/test/cert_test_util.h" |
| 20 #include "net/test/ct_test_util.h" | 22 #include "net/test/ct_test_util.h" |
| 21 #include "net/test/test_data_directory.h" | 23 #include "net/test/test_data_directory.h" |
| 22 #include "testing/gmock/include/gmock/gmock.h" | 24 #include "testing/gmock/include/gmock/gmock.h" |
| 23 #include "testing/gtest/include/gtest/gtest.h" | 25 #include "testing/gtest/include/gtest/gtest.h" |
| 24 | 26 |
| 25 using ::testing::_; | 27 using ::testing::_; |
| 26 using ::testing::Return; | 28 using ::testing::Return; |
| 27 | 29 |
| (...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 78 const ct::SCTList&, | 80 const ct::SCTList&, |
| 79 const NetLogWithSource&)); | 81 const NetLogWithSource&)); |
| 80 }; | 82 }; |
| 81 | 83 |
| 82 class MockRequireCTDelegate : public TransportSecurityState::RequireCTDelegate { | 84 class MockRequireCTDelegate : public TransportSecurityState::RequireCTDelegate { |
| 83 public: | 85 public: |
| 84 MOCK_METHOD1(IsCTRequiredForHost, | 86 MOCK_METHOD1(IsCTRequiredForHost, |
| 85 CTRequirementLevel(const std::string& host)); | 87 CTRequirementLevel(const std::string& host)); |
| 86 }; | 88 }; |
| 87 | 89 |
| 90 // Proof source callback which saves the signature into |signature|. |
| 91 class SignatureSaver : public ProofSource::Callback { |
| 92 public: |
| 93 explicit SignatureSaver(std::string* signature) : signature_(signature) {} |
| 94 ~SignatureSaver() override {} |
| 95 |
| 96 void Run(bool /*ok*/, |
| 97 const QuicReferenceCountedPointer<ProofSource::Chain>& /*chain*/, |
| 98 const QuicCryptoProof& proof, |
| 99 std::unique_ptr<ProofSource::Details> /*details*/) override { |
| 100 *signature_ = proof.signature; |
| 101 } |
| 102 |
| 103 std::string* signature_; |
| 104 }; |
| 105 |
| 88 class DummyProofVerifierCallback : public ProofVerifierCallback { | 106 class DummyProofVerifierCallback : public ProofVerifierCallback { |
| 89 public: | 107 public: |
| 90 DummyProofVerifierCallback() {} | 108 DummyProofVerifierCallback() {} |
| 91 ~DummyProofVerifierCallback() override {} | 109 ~DummyProofVerifierCallback() override {} |
| 92 | 110 |
| 93 void Run(bool ok, | 111 void Run(bool ok, |
| 94 const std::string& error_details, | 112 const std::string& error_details, |
| 95 std::unique_ptr<ProofVerifyDetails>* details) override { | 113 std::unique_ptr<ProofVerifyDetails>* details) override { |
| 96 // Do nothing | 114 // Do nothing |
| 97 } | 115 } |
| 98 }; | 116 }; |
| 99 | 117 |
| 100 const char kTestHostname[] = "test.example.com"; | 118 const char kTestHostname[] = "test.example.com"; |
| 119 const char kTestChloHash[] = "CHLO hash"; |
| 120 const char kTestEmptySCT[] = ""; |
| 101 const uint16_t kTestPort = 8443; | 121 const uint16_t kTestPort = 8443; |
| 102 const char kTestConfig[] = "server config bytes"; | 122 const char kTestConfig[] = "server config bytes"; |
| 103 const char kLogDescription[] = "somelog"; | 123 const char kLogDescription[] = "somelog"; |
| 104 | 124 |
| 105 } // namespace | 125 } // namespace |
| 106 | 126 |
| 107 class ProofVerifierChromiumTest : public ::testing::Test { | 127 class ProofVerifierChromiumTest : public ::testing::Test { |
| 108 public: | 128 public: |
| 109 ProofVerifierChromiumTest() | 129 ProofVerifierChromiumTest() |
| 110 : verify_context_(new ProofVerifyContextChromium(0 /*cert_verify_flags*/, | 130 : verify_context_(new ProofVerifyContextChromium(0 /*cert_verify_flags*/, |
| (...skipping 30 matching lines...) Expand all Loading... |
| 141 | 161 |
| 142 std::string der_bytes; | 162 std::string der_bytes; |
| 143 ASSERT_TRUE( | 163 ASSERT_TRUE( |
| 144 X509Certificate::GetDEREncoded(cert->os_cert_handle(), &der_bytes)); | 164 X509Certificate::GetDEREncoded(cert->os_cert_handle(), &der_bytes)); |
| 145 | 165 |
| 146 certs->clear(); | 166 certs->clear(); |
| 147 certs->push_back(der_bytes); | 167 certs->push_back(der_bytes); |
| 148 } | 168 } |
| 149 | 169 |
| 150 std::string GetTestSignature() { | 170 std::string GetTestSignature() { |
| 151 // Sample known answer test from ProofTest.VerifyRSAKnownAnswerTest. | 171 ProofSourceChromium source; |
| 152 // Generated by dumping the bytes of the |signature| output of | 172 source.Initialize( |
| 153 // ProofSource::GetProof(). | 173 GetTestCertsDirectory().AppendASCII("quic_test.example.com.crt"), |
| 154 static const unsigned char kTestSignature[] = { | 174 GetTestCertsDirectory().AppendASCII("quic_test.example.com.key.pkcs8"), |
| 155 0x31, 0xd5, 0xfb, 0x40, 0x30, 0x75, 0xd2, 0x7d, 0x61, 0xf9, 0xd7, 0x54, | 175 GetTestCertsDirectory().AppendASCII("quic_test.example.com.key.sct")); |
| 156 0x30, 0x06, 0xaf, 0x54, 0x0d, 0xb0, 0x0a, 0xda, 0x63, 0xca, 0x7e, 0x9e, | 176 std::string signature; |
| 157 0xce, 0xba, 0x10, 0x05, 0x1b, 0xa6, 0x7f, 0xef, 0x2b, 0xa3, 0xff, 0x3c, | 177 source.GetProof(QuicSocketAddress(), kTestHostname, kTestConfig, |
| 158 0xbb, 0x9a, 0xe4, 0xbf, 0xb8, 0x0c, 0xc1, 0xbd, 0xed, 0xc2, 0x90, 0x68, | 178 QUIC_VERSION_35, kTestChloHash, QuicTagVector(), |
| 159 0xeb, 0x45, 0x48, 0xea, 0x3c, 0x95, 0xf8, 0xa2, 0xb9, 0xe7, 0x62, 0x29, | 179 base::MakeUnique<SignatureSaver>(&signature)); |
| 160 0x00, 0xc3, 0x18, 0xb4, 0x16, 0x6f, 0x5e, 0xb0, 0xc1, 0x26, 0xc0, 0x4b, | 180 return signature; |
| 161 0x84, 0xf5, 0x97, 0xfc, 0x17, 0xf9, 0x1c, 0x43, 0xb8, 0xf2, 0x3f, 0x38, | |
| 162 0x32, 0xad, 0x36, 0x52, 0x2c, 0x26, 0x92, 0x7a, 0xea, 0x2c, 0xa2, 0xf4, | |
| 163 0x28, 0x2f, 0x19, 0x4d, 0x1f, 0x11, 0x46, 0x82, 0xd0, 0xc4, 0x86, 0x56, | |
| 164 0x5c, 0x97, 0x9e, 0xc6, 0x37, 0x8e, 0xaf, 0x9d, 0x69, 0xe9, 0x4f, 0x5a, | |
| 165 0x6d, 0x70, 0x75, 0xc7, 0x41, 0x95, 0x68, 0x53, 0x94, 0xca, 0x31, 0x63, | |
| 166 0x61, 0x9f, 0xb8, 0x8c, 0x3b, 0x75, 0x36, 0x8b, 0x69, 0xa2, 0x35, 0xc0, | |
| 167 0x4b, 0x77, 0x55, 0x08, 0xc2, 0xb4, 0x56, 0xd2, 0x81, 0xce, 0x9e, 0x25, | |
| 168 0xdb, 0x50, 0x74, 0xb3, 0x8a, 0xd9, 0x20, 0x42, 0x3f, 0x85, 0x2d, 0xaa, | |
| 169 0xfd, 0x66, 0xfa, 0xd6, 0x95, 0x55, 0x6b, 0x63, 0x63, 0x04, 0xf8, 0x6c, | |
| 170 0x3e, 0x08, 0x22, 0x39, 0xb9, 0x9a, 0xe0, 0xd7, 0x01, 0xff, 0xeb, 0x8a, | |
| 171 0xb9, 0xe2, 0x34, 0xa5, 0xa0, 0x51, 0xe9, 0xbe, 0x15, 0x12, 0xbf, 0xbe, | |
| 172 0x64, 0x3d, 0x3f, 0x98, 0xce, 0xc1, 0xa6, 0x33, 0x32, 0xd3, 0x5c, 0xa8, | |
| 173 0x39, 0x93, 0xdc, 0x1c, 0xb9, 0xab, 0x3c, 0x80, 0x62, 0xb3, 0x76, 0x21, | |
| 174 0xdf, 0x47, 0x1e, 0xa9, 0x0e, 0x5e, 0x8a, 0xbe, 0x66, 0x5b, 0x7c, 0x21, | |
| 175 0xfa, 0x78, 0x2d, 0xd1, 0x1d, 0x5c, 0x35, 0x8a, 0x34, 0xb2, 0x1a, 0xc2, | |
| 176 0xc4, 0x4b, 0x53, 0x54, | |
| 177 }; | |
| 178 return std::string(reinterpret_cast<const char*>(kTestSignature), | |
| 179 sizeof(kTestSignature)); | |
| 180 } | 181 } |
| 181 | 182 |
| 182 void GetSCTTestCertificates(std::vector<std::string>* certs) { | 183 void GetSCTTestCertificates(std::vector<std::string>* certs) { |
| 183 std::string der_test_cert(ct::GetDerEncodedX509Cert()); | 184 std::string der_test_cert(ct::GetDerEncodedX509Cert()); |
| 184 scoped_refptr<X509Certificate> test_cert = X509Certificate::CreateFromBytes( | 185 scoped_refptr<X509Certificate> test_cert = X509Certificate::CreateFromBytes( |
| 185 der_test_cert.data(), der_test_cert.length()); | 186 der_test_cert.data(), der_test_cert.length()); |
| 186 ASSERT_TRUE(test_cert.get()); | 187 ASSERT_TRUE(test_cert.get()); |
| 187 | 188 |
| 188 std::string der_bytes; | 189 std::string der_bytes; |
| 189 ASSERT_TRUE(X509Certificate::GetDEREncoded(test_cert->os_cert_handle(), | 190 ASSERT_TRUE(X509Certificate::GetDEREncoded(test_cert->os_cert_handle(), |
| (...skipping 27 matching lines...) Expand all Loading... |
| 217 std::unique_ptr<MultiLogCTVerifier> ct_verifier_; | 218 std::unique_ptr<MultiLogCTVerifier> ct_verifier_; |
| 218 std::vector<scoped_refptr<const CTLogVerifier>> log_verifiers_; | 219 std::vector<scoped_refptr<const CTLogVerifier>> log_verifiers_; |
| 219 std::unique_ptr<ProofVerifyContext> verify_context_; | 220 std::unique_ptr<ProofVerifyContext> verify_context_; |
| 220 std::unique_ptr<ProofVerifyDetails> details_; | 221 std::unique_ptr<ProofVerifyDetails> details_; |
| 221 std::string error_details_; | 222 std::string error_details_; |
| 222 std::vector<std::string> certs_; | 223 std::vector<std::string> certs_; |
| 223 }; | 224 }; |
| 224 | 225 |
| 225 // Tests that the ProofVerifier fails verification if certificate | 226 // Tests that the ProofVerifier fails verification if certificate |
| 226 // verification fails. | 227 // verification fails. |
| 227 TEST_F(ProofVerifierChromiumTest, DISABLED_FailsIfCertFails) { | 228 TEST_F(ProofVerifierChromiumTest, FailsIfCertFails) { |
| 228 MockCertVerifier dummy_verifier; | 229 MockCertVerifier dummy_verifier; |
| 229 ProofVerifierChromium proof_verifier(&dummy_verifier, &ct_policy_enforcer_, | 230 ProofVerifierChromium proof_verifier(&dummy_verifier, &ct_policy_enforcer_, |
| 230 &transport_security_state_, | 231 &transport_security_state_, |
| 231 ct_verifier_.get()); | 232 ct_verifier_.get()); |
| 232 | 233 |
| 233 std::unique_ptr<DummyProofVerifierCallback> callback( | 234 std::unique_ptr<DummyProofVerifierCallback> callback( |
| 234 new DummyProofVerifierCallback); | 235 new DummyProofVerifierCallback); |
| 235 QuicAsyncStatus status = proof_verifier.VerifyProof( | 236 QuicAsyncStatus status = proof_verifier.VerifyProof( |
| 236 kTestHostname, kTestPort, kTestConfig, QUIC_VERSION_35, "", certs_, "", | 237 kTestHostname, kTestPort, kTestConfig, QUIC_VERSION_35, kTestChloHash, |
| 237 GetTestSignature(), verify_context_.get(), &error_details_, &details_, | 238 certs_, kTestEmptySCT, GetTestSignature(), verify_context_.get(), |
| 238 std::move(callback)); | 239 &error_details_, &details_, std::move(callback)); |
| 239 ASSERT_EQ(QUIC_FAILURE, status); | 240 ASSERT_EQ(QUIC_FAILURE, status); |
| 240 } | 241 } |
| 241 | 242 |
| 242 // Valid SCT, but invalid signature. | 243 // Valid SCT, but invalid signature. |
| 243 TEST_F(ProofVerifierChromiumTest, DISABLED_ValidSCTList) { | 244 TEST_F(ProofVerifierChromiumTest, ValidSCTList) { |
| 244 // Use different certificates for SCT tests. | 245 // Use different certificates for SCT tests. |
| 245 ASSERT_NO_FATAL_FAILURE(GetSCTTestCertificates(&certs_)); | 246 ASSERT_NO_FATAL_FAILURE(GetSCTTestCertificates(&certs_)); |
| 246 | 247 |
| 247 MockCertVerifier cert_verifier; | 248 MockCertVerifier cert_verifier; |
| 249 |
| 248 ProofVerifierChromium proof_verifier(&cert_verifier, &ct_policy_enforcer_, | 250 ProofVerifierChromium proof_verifier(&cert_verifier, &ct_policy_enforcer_, |
| 249 &transport_security_state_, | 251 &transport_security_state_, |
| 250 ct_verifier_.get()); | 252 ct_verifier_.get()); |
| 251 | 253 |
| 252 std::unique_ptr<DummyProofVerifierCallback> callback( | 254 std::unique_ptr<DummyProofVerifierCallback> callback( |
| 253 new DummyProofVerifierCallback); | 255 new DummyProofVerifierCallback); |
| 254 QuicAsyncStatus status = proof_verifier.VerifyProof( | 256 QuicAsyncStatus status = proof_verifier.VerifyProof( |
| 255 kTestHostname, kTestPort, kTestConfig, QUIC_VERSION_35, "", certs_, | 257 kTestHostname, kTestPort, kTestConfig, QUIC_VERSION_35, kTestChloHash, |
| 256 ct::GetSCTListForTesting(), "", verify_context_.get(), &error_details_, | 258 certs_, ct::GetSCTListForTesting(), kTestEmptySCT, verify_context_.get(), |
| 257 &details_, std::move(callback)); | 259 &error_details_, &details_, std::move(callback)); |
| 258 ASSERT_EQ(QUIC_FAILURE, status); | 260 ASSERT_EQ(QUIC_FAILURE, status); |
| 259 CheckSCT(/*sct_expected_ok=*/true); | 261 CheckSCT(/*sct_expected_ok=*/true); |
| 260 } | 262 } |
| 261 | 263 |
| 262 // Invalid SCT and signature. | 264 // Invalid SCT and signature. |
| 263 TEST_F(ProofVerifierChromiumTest, DISABLED_InvalidSCTList) { | 265 TEST_F(ProofVerifierChromiumTest, InvalidSCTList) { |
| 264 // Use different certificates for SCT tests. | 266 // Use different certificates for SCT tests. |
| 265 ASSERT_NO_FATAL_FAILURE(GetSCTTestCertificates(&certs_)); | 267 ASSERT_NO_FATAL_FAILURE(GetSCTTestCertificates(&certs_)); |
| 266 | 268 |
| 267 MockCertVerifier cert_verifier; | 269 MockCertVerifier cert_verifier; |
| 268 ProofVerifierChromium proof_verifier(&cert_verifier, &ct_policy_enforcer_, | 270 ProofVerifierChromium proof_verifier(&cert_verifier, &ct_policy_enforcer_, |
| 269 &transport_security_state_, | 271 &transport_security_state_, |
| 270 ct_verifier_.get()); | 272 ct_verifier_.get()); |
| 271 | 273 |
| 272 std::unique_ptr<DummyProofVerifierCallback> callback( | 274 std::unique_ptr<DummyProofVerifierCallback> callback( |
| 273 new DummyProofVerifierCallback); | 275 new DummyProofVerifierCallback); |
| 274 QuicAsyncStatus status = proof_verifier.VerifyProof( | 276 QuicAsyncStatus status = proof_verifier.VerifyProof( |
| 275 kTestHostname, kTestPort, kTestConfig, QUIC_VERSION_35, "", certs_, | 277 kTestHostname, kTestPort, kTestConfig, QUIC_VERSION_35, kTestChloHash, |
| 276 ct::GetSCTListWithInvalidSCT(), "", verify_context_.get(), | 278 certs_, ct::GetSCTListWithInvalidSCT(), kTestEmptySCT, |
| 277 &error_details_, &details_, std::move(callback)); | 279 verify_context_.get(), &error_details_, &details_, std::move(callback)); |
| 278 ASSERT_EQ(QUIC_FAILURE, status); | 280 ASSERT_EQ(QUIC_FAILURE, status); |
| 279 CheckSCT(/*sct_expected_ok=*/false); | 281 CheckSCT(/*sct_expected_ok=*/false); |
| 280 } | 282 } |
| 281 | 283 |
| 282 // Tests that the ProofVerifier doesn't verify certificates if the config | 284 // Tests that the ProofVerifier doesn't verify certificates if the config |
| 283 // signature fails. | 285 // signature fails. |
| 284 TEST_F(ProofVerifierChromiumTest, DISABLED_FailsIfSignatureFails) { | 286 TEST_F(ProofVerifierChromiumTest, FailsIfSignatureFails) { |
| 285 FailsTestCertVerifier cert_verifier; | 287 FailsTestCertVerifier cert_verifier; |
| 286 ProofVerifierChromium proof_verifier(&cert_verifier, &ct_policy_enforcer_, | 288 ProofVerifierChromium proof_verifier(&cert_verifier, &ct_policy_enforcer_, |
| 287 &transport_security_state_, | 289 &transport_security_state_, |
| 288 ct_verifier_.get()); | 290 ct_verifier_.get()); |
| 289 | 291 |
| 290 std::unique_ptr<DummyProofVerifierCallback> callback( | 292 std::unique_ptr<DummyProofVerifierCallback> callback( |
| 291 new DummyProofVerifierCallback); | 293 new DummyProofVerifierCallback); |
| 292 QuicAsyncStatus status = proof_verifier.VerifyProof( | 294 QuicAsyncStatus status = proof_verifier.VerifyProof( |
| 293 kTestHostname, kTestPort, kTestConfig, QUIC_VERSION_35, "", certs_, "", | 295 kTestHostname, kTestPort, kTestConfig, QUIC_VERSION_35, kTestChloHash, |
| 294 kTestConfig, verify_context_.get(), &error_details_, &details_, | 296 certs_, kTestEmptySCT, kTestConfig, verify_context_.get(), |
| 295 std::move(callback)); | 297 &error_details_, &details_, std::move(callback)); |
| 296 ASSERT_EQ(QUIC_FAILURE, status); | 298 ASSERT_EQ(QUIC_FAILURE, status); |
| 297 } | 299 } |
| 298 | 300 |
| 299 // Tests that the certificate policy enforcer is consulted for EV | 301 // Tests that the certificate policy enforcer is consulted for EV |
| 300 // and the certificate is allowed to be EV. | 302 // and the certificate is allowed to be EV. |
| 301 TEST_F(ProofVerifierChromiumTest, DISABLED_PreservesEVIfAllowed) { | 303 TEST_F(ProofVerifierChromiumTest, PreservesEVIfAllowed) { |
| 302 scoped_refptr<X509Certificate> test_cert = GetTestServerCertificate(); | 304 scoped_refptr<X509Certificate> test_cert = GetTestServerCertificate(); |
| 303 ASSERT_TRUE(test_cert); | 305 ASSERT_TRUE(test_cert); |
| 304 | 306 |
| 305 CertVerifyResult dummy_result; | 307 CertVerifyResult dummy_result; |
| 306 dummy_result.verified_cert = test_cert; | 308 dummy_result.verified_cert = test_cert; |
| 307 dummy_result.cert_status = CERT_STATUS_IS_EV; | 309 dummy_result.cert_status = CERT_STATUS_IS_EV; |
| 308 | 310 |
| 309 MockCertVerifier dummy_verifier; | 311 MockCertVerifier dummy_verifier; |
| 310 dummy_verifier.AddResultForCert(test_cert.get(), dummy_result, OK); | 312 dummy_verifier.AddResultForCert(test_cert.get(), dummy_result, OK); |
| 311 | 313 |
| 312 EXPECT_CALL(ct_policy_enforcer_, DoesConformToCTEVPolicy(_, _, _, _)) | 314 EXPECT_CALL(ct_policy_enforcer_, DoesConformToCTEVPolicy(_, _, _, _)) |
| 313 .WillRepeatedly( | 315 .WillRepeatedly( |
| 314 Return(ct::EVPolicyCompliance::EV_POLICY_COMPLIES_VIA_SCTS)); | 316 Return(ct::EVPolicyCompliance::EV_POLICY_COMPLIES_VIA_SCTS)); |
| 315 | 317 |
| 316 ProofVerifierChromium proof_verifier(&dummy_verifier, &ct_policy_enforcer_, | 318 ProofVerifierChromium proof_verifier(&dummy_verifier, &ct_policy_enforcer_, |
| 317 &transport_security_state_, | 319 &transport_security_state_, |
| 318 ct_verifier_.get()); | 320 ct_verifier_.get()); |
| 319 | 321 |
| 320 std::unique_ptr<DummyProofVerifierCallback> callback( | 322 std::unique_ptr<DummyProofVerifierCallback> callback( |
| 321 new DummyProofVerifierCallback); | 323 new DummyProofVerifierCallback); |
| 322 QuicAsyncStatus status = proof_verifier.VerifyProof( | 324 QuicAsyncStatus status = proof_verifier.VerifyProof( |
| 323 kTestHostname, kTestPort, kTestConfig, QUIC_VERSION_35, "", certs_, "", | 325 kTestHostname, kTestPort, kTestConfig, QUIC_VERSION_35, kTestChloHash, |
| 324 GetTestSignature(), verify_context_.get(), &error_details_, &details_, | 326 certs_, kTestEmptySCT, GetTestSignature(), verify_context_.get(), |
| 325 std::move(callback)); | 327 &error_details_, &details_, std::move(callback)); |
| 326 ASSERT_EQ(QUIC_SUCCESS, status); | 328 ASSERT_EQ(QUIC_SUCCESS, status); |
| 327 | 329 |
| 328 ASSERT_TRUE(details_.get()); | 330 ASSERT_TRUE(details_.get()); |
| 329 ProofVerifyDetailsChromium* verify_details = | 331 ProofVerifyDetailsChromium* verify_details = |
| 330 static_cast<ProofVerifyDetailsChromium*>(details_.get()); | 332 static_cast<ProofVerifyDetailsChromium*>(details_.get()); |
| 331 EXPECT_EQ(dummy_result.cert_status, | 333 EXPECT_EQ(dummy_result.cert_status, |
| 332 verify_details->cert_verify_result.cert_status); | 334 verify_details->cert_verify_result.cert_status); |
| 333 } | 335 } |
| 334 | 336 |
| 335 // Tests that the certificate policy enforcer is consulted for EV | 337 // Tests that the certificate policy enforcer is consulted for EV |
| 336 // and the certificate is not allowed to be EV. | 338 // and the certificate is not allowed to be EV. |
| 337 TEST_F(ProofVerifierChromiumTest, DISABLED_StripsEVIfNotAllowed) { | 339 TEST_F(ProofVerifierChromiumTest, StripsEVIfNotAllowed) { |
| 338 scoped_refptr<X509Certificate> test_cert = GetTestServerCertificate(); | 340 scoped_refptr<X509Certificate> test_cert = GetTestServerCertificate(); |
| 339 ASSERT_TRUE(test_cert); | 341 ASSERT_TRUE(test_cert); |
| 340 | 342 |
| 341 CertVerifyResult dummy_result; | 343 CertVerifyResult dummy_result; |
| 342 dummy_result.verified_cert = test_cert; | 344 dummy_result.verified_cert = test_cert; |
| 343 dummy_result.cert_status = CERT_STATUS_IS_EV; | 345 dummy_result.cert_status = CERT_STATUS_IS_EV; |
| 344 | 346 |
| 345 MockCertVerifier dummy_verifier; | 347 MockCertVerifier dummy_verifier; |
| 346 dummy_verifier.AddResultForCert(test_cert.get(), dummy_result, OK); | 348 dummy_verifier.AddResultForCert(test_cert.get(), dummy_result, OK); |
| 347 | 349 |
| 348 EXPECT_CALL(ct_policy_enforcer_, DoesConformToCTEVPolicy(_, _, _, _)) | 350 EXPECT_CALL(ct_policy_enforcer_, DoesConformToCTEVPolicy(_, _, _, _)) |
| 349 .WillRepeatedly( | 351 .WillRepeatedly( |
| 350 Return(ct::EVPolicyCompliance::EV_POLICY_NOT_ENOUGH_SCTS)); | 352 Return(ct::EVPolicyCompliance::EV_POLICY_NOT_ENOUGH_SCTS)); |
| 351 | 353 |
| 352 ProofVerifierChromium proof_verifier(&dummy_verifier, &ct_policy_enforcer_, | 354 ProofVerifierChromium proof_verifier(&dummy_verifier, &ct_policy_enforcer_, |
| 353 &transport_security_state_, | 355 &transport_security_state_, |
| 354 ct_verifier_.get()); | 356 ct_verifier_.get()); |
| 355 | 357 |
| 356 std::unique_ptr<DummyProofVerifierCallback> callback( | 358 std::unique_ptr<DummyProofVerifierCallback> callback( |
| 357 new DummyProofVerifierCallback); | 359 new DummyProofVerifierCallback); |
| 358 QuicAsyncStatus status = proof_verifier.VerifyProof( | 360 QuicAsyncStatus status = proof_verifier.VerifyProof( |
| 359 kTestHostname, kTestPort, kTestConfig, QUIC_VERSION_35, "", certs_, "", | 361 kTestHostname, kTestPort, kTestConfig, QUIC_VERSION_35, kTestChloHash, |
| 360 GetTestSignature(), verify_context_.get(), &error_details_, &details_, | 362 certs_, kTestEmptySCT, GetTestSignature(), verify_context_.get(), |
| 361 std::move(callback)); | 363 &error_details_, &details_, std::move(callback)); |
| 362 ASSERT_EQ(QUIC_SUCCESS, status); | 364 ASSERT_EQ(QUIC_SUCCESS, status); |
| 363 | 365 |
| 364 ASSERT_TRUE(details_.get()); | 366 ASSERT_TRUE(details_.get()); |
| 365 ProofVerifyDetailsChromium* verify_details = | 367 ProofVerifyDetailsChromium* verify_details = |
| 366 static_cast<ProofVerifyDetailsChromium*>(details_.get()); | 368 static_cast<ProofVerifyDetailsChromium*>(details_.get()); |
| 367 EXPECT_EQ(CERT_STATUS_CT_COMPLIANCE_FAILED, | 369 EXPECT_EQ(CERT_STATUS_CT_COMPLIANCE_FAILED, |
| 368 verify_details->cert_verify_result.cert_status & | 370 verify_details->cert_verify_result.cert_status & |
| 369 (CERT_STATUS_CT_COMPLIANCE_FAILED | CERT_STATUS_IS_EV)); | 371 (CERT_STATUS_CT_COMPLIANCE_FAILED | CERT_STATUS_IS_EV)); |
| 370 } | 372 } |
| 371 | 373 |
| 372 // Tests that the certificate policy enforcer is not consulted if | 374 // Tests that the certificate policy enforcer is not consulted if |
| 373 // the certificate is not EV. | 375 // the certificate is not EV. |
| 374 TEST_F(ProofVerifierChromiumTest, DISABLED_IgnoresPolicyEnforcerIfNotEV) { | 376 TEST_F(ProofVerifierChromiumTest, IgnoresPolicyEnforcerIfNotEV) { |
| 375 scoped_refptr<X509Certificate> test_cert = GetTestServerCertificate(); | 377 scoped_refptr<X509Certificate> test_cert = GetTestServerCertificate(); |
| 376 ASSERT_TRUE(test_cert); | 378 ASSERT_TRUE(test_cert); |
| 377 | 379 |
| 378 CertVerifyResult dummy_result; | 380 CertVerifyResult dummy_result; |
| 379 dummy_result.verified_cert = test_cert; | 381 dummy_result.verified_cert = test_cert; |
| 380 dummy_result.cert_status = 0; | 382 dummy_result.cert_status = 0; |
| 381 | 383 |
| 382 MockCertVerifier dummy_verifier; | 384 MockCertVerifier dummy_verifier; |
| 383 dummy_verifier.AddResultForCert(test_cert.get(), dummy_result, OK); | 385 dummy_verifier.AddResultForCert(test_cert.get(), dummy_result, OK); |
| 384 | 386 |
| 385 FailsTestCTPolicyEnforcer policy_enforcer; | 387 FailsTestCTPolicyEnforcer policy_enforcer; |
| 386 | 388 |
| 387 ProofVerifierChromium proof_verifier(&dummy_verifier, &policy_enforcer, | 389 ProofVerifierChromium proof_verifier(&dummy_verifier, &policy_enforcer, |
| 388 &transport_security_state_, | 390 &transport_security_state_, |
| 389 ct_verifier_.get()); | 391 ct_verifier_.get()); |
| 390 | 392 |
| 391 std::unique_ptr<DummyProofVerifierCallback> callback( | 393 std::unique_ptr<DummyProofVerifierCallback> callback( |
| 392 new DummyProofVerifierCallback); | 394 new DummyProofVerifierCallback); |
| 393 QuicAsyncStatus status = proof_verifier.VerifyProof( | 395 QuicAsyncStatus status = proof_verifier.VerifyProof( |
| 394 kTestHostname, kTestPort, kTestConfig, QUIC_VERSION_35, "", certs_, "", | 396 kTestHostname, kTestPort, kTestConfig, QUIC_VERSION_35, kTestChloHash, |
| 395 GetTestSignature(), verify_context_.get(), &error_details_, &details_, | 397 certs_, kTestEmptySCT, GetTestSignature(), verify_context_.get(), |
| 396 std::move(callback)); | 398 &error_details_, &details_, std::move(callback)); |
| 397 ASSERT_EQ(QUIC_SUCCESS, status); | 399 ASSERT_EQ(QUIC_SUCCESS, status); |
| 398 | 400 |
| 399 ASSERT_TRUE(details_.get()); | 401 ASSERT_TRUE(details_.get()); |
| 400 ProofVerifyDetailsChromium* verify_details = | 402 ProofVerifyDetailsChromium* verify_details = |
| 401 static_cast<ProofVerifyDetailsChromium*>(details_.get()); | 403 static_cast<ProofVerifyDetailsChromium*>(details_.get()); |
| 402 EXPECT_EQ(0u, verify_details->cert_verify_result.cert_status); | 404 EXPECT_EQ(0u, verify_details->cert_verify_result.cert_status); |
| 403 } | 405 } |
| 404 | 406 |
| 405 HashValueVector MakeHashValueVector(uint8_t tag) { | 407 HashValueVector MakeHashValueVector(uint8_t tag) { |
| 406 HashValue hash(HASH_VALUE_SHA256); | 408 HashValue hash(HASH_VALUE_SHA256); |
| 407 memset(hash.data(), tag, hash.size()); | 409 memset(hash.data(), tag, hash.size()); |
| 408 HashValueVector hashes; | 410 HashValueVector hashes; |
| 409 hashes.push_back(hash); | 411 hashes.push_back(hash); |
| 410 return hashes; | 412 return hashes; |
| 411 } | 413 } |
| 412 | 414 |
| 413 // Test that PKP is enforced for certificates that chain up to known roots. | 415 // Test that PKP is enforced for certificates that chain up to known roots. |
| 414 TEST_F(ProofVerifierChromiumTest, DISABLED_PKPEnforced) { | 416 TEST_F(ProofVerifierChromiumTest, PKPEnforced) { |
| 415 scoped_refptr<X509Certificate> test_cert = GetTestServerCertificate(); | 417 scoped_refptr<X509Certificate> test_cert = GetTestServerCertificate(); |
| 416 ASSERT_TRUE(test_cert); | 418 ASSERT_TRUE(test_cert); |
| 417 | 419 |
| 418 CertVerifyResult dummy_result; | 420 CertVerifyResult dummy_result; |
| 419 dummy_result.verified_cert = test_cert; | 421 dummy_result.verified_cert = test_cert; |
| 420 dummy_result.is_issued_by_known_root = true; | 422 dummy_result.is_issued_by_known_root = true; |
| 421 dummy_result.public_key_hashes = MakeHashValueVector(0x01); | 423 dummy_result.public_key_hashes = MakeHashValueVector(0x01); |
| 422 dummy_result.cert_status = 0; | 424 dummy_result.cert_status = 0; |
| 423 | 425 |
| 424 MockCertVerifier dummy_verifier; | 426 MockCertVerifier dummy_verifier; |
| 425 dummy_verifier.AddResultForCert(test_cert.get(), dummy_result, OK); | 427 dummy_verifier.AddResultForCert(test_cert.get(), dummy_result, OK); |
| 426 | 428 |
| 427 HashValueVector pin_hashes = MakeHashValueVector(0x02); | 429 HashValueVector pin_hashes = MakeHashValueVector(0x02); |
| 428 transport_security_state_.AddHPKP( | 430 transport_security_state_.AddHPKP( |
| 429 kTestHostname, base::Time::Now() + base::TimeDelta::FromSeconds(10000), | 431 kTestHostname, base::Time::Now() + base::TimeDelta::FromSeconds(10000), |
| 430 true, pin_hashes, GURL()); | 432 true, pin_hashes, GURL()); |
| 431 | 433 |
| 432 ProofVerifierChromium proof_verifier(&dummy_verifier, &ct_policy_enforcer_, | 434 ProofVerifierChromium proof_verifier(&dummy_verifier, &ct_policy_enforcer_, |
| 433 &transport_security_state_, | 435 &transport_security_state_, |
| 434 ct_verifier_.get()); | 436 ct_verifier_.get()); |
| 435 | 437 |
| 436 std::unique_ptr<DummyProofVerifierCallback> callback( | 438 std::unique_ptr<DummyProofVerifierCallback> callback( |
| 437 new DummyProofVerifierCallback); | 439 new DummyProofVerifierCallback); |
| 438 QuicAsyncStatus status = proof_verifier.VerifyProof( | 440 QuicAsyncStatus status = proof_verifier.VerifyProof( |
| 439 kTestHostname, kTestPort, kTestConfig, QUIC_VERSION_35, "", certs_, "", | 441 kTestHostname, kTestPort, kTestConfig, QUIC_VERSION_35, kTestChloHash, |
| 440 GetTestSignature(), verify_context_.get(), &error_details_, &details_, | 442 certs_, kTestEmptySCT, GetTestSignature(), verify_context_.get(), |
| 441 std::move(callback)); | 443 &error_details_, &details_, std::move(callback)); |
| 442 ASSERT_EQ(QUIC_FAILURE, status); | 444 ASSERT_EQ(QUIC_FAILURE, status); |
| 443 | 445 |
| 444 ASSERT_TRUE(details_.get()); | 446 ASSERT_TRUE(details_.get()); |
| 445 ProofVerifyDetailsChromium* verify_details = | 447 ProofVerifyDetailsChromium* verify_details = |
| 446 static_cast<ProofVerifyDetailsChromium*>(details_.get()); | 448 static_cast<ProofVerifyDetailsChromium*>(details_.get()); |
| 447 EXPECT_TRUE(verify_details->cert_verify_result.cert_status & | 449 EXPECT_TRUE(verify_details->cert_verify_result.cert_status & |
| 448 CERT_STATUS_PINNED_KEY_MISSING); | 450 CERT_STATUS_PINNED_KEY_MISSING); |
| 449 EXPECT_FALSE(verify_details->pkp_bypassed); | 451 EXPECT_FALSE(verify_details->pkp_bypassed); |
| 450 EXPECT_NE("", verify_details->pinning_failure_log); | 452 EXPECT_NE("", verify_details->pinning_failure_log); |
| 451 } | 453 } |
| 452 | 454 |
| 453 // Test |pkp_bypassed| is set when PKP is bypassed due to a local | 455 // Test |pkp_bypassed| is set when PKP is bypassed due to a local |
| 454 // trust anchor | 456 // trust anchor |
| 455 TEST_F(ProofVerifierChromiumTest, DISABLED_PKPBypassFlagSet) { | 457 TEST_F(ProofVerifierChromiumTest, PKPBypassFlagSet) { |
| 456 scoped_refptr<X509Certificate> test_cert = GetTestServerCertificate(); | 458 scoped_refptr<X509Certificate> test_cert = GetTestServerCertificate(); |
| 457 ASSERT_TRUE(test_cert); | 459 ASSERT_TRUE(test_cert); |
| 458 | 460 |
| 459 CertVerifyResult dummy_result; | 461 CertVerifyResult dummy_result; |
| 460 dummy_result.verified_cert = test_cert; | 462 dummy_result.verified_cert = test_cert; |
| 461 dummy_result.is_issued_by_known_root = false; | 463 dummy_result.is_issued_by_known_root = false; |
| 462 dummy_result.public_key_hashes = MakeHashValueVector(0x01); | 464 dummy_result.public_key_hashes = MakeHashValueVector(0x01); |
| 463 dummy_result.cert_status = 0; | 465 dummy_result.cert_status = 0; |
| 464 | 466 |
| 465 MockCertVerifier dummy_verifier; | 467 MockCertVerifier dummy_verifier; |
| 466 dummy_verifier.AddResultForCert(test_cert.get(), dummy_result, OK); | 468 dummy_verifier.AddResultForCert(test_cert.get(), dummy_result, OK); |
| 467 | 469 |
| 468 HashValueVector expected_hashes = MakeHashValueVector(0x02); | 470 HashValueVector expected_hashes = MakeHashValueVector(0x02); |
| 469 transport_security_state_.AddHPKP( | 471 transport_security_state_.AddHPKP( |
| 470 kTestHostname, base::Time::Now() + base::TimeDelta::FromSeconds(10000), | 472 kTestHostname, base::Time::Now() + base::TimeDelta::FromSeconds(10000), |
| 471 true, expected_hashes, GURL()); | 473 true, expected_hashes, GURL()); |
| 472 | 474 |
| 473 ProofVerifierChromium proof_verifier(&dummy_verifier, &ct_policy_enforcer_, | 475 ProofVerifierChromium proof_verifier(&dummy_verifier, &ct_policy_enforcer_, |
| 474 &transport_security_state_, | 476 &transport_security_state_, |
| 475 ct_verifier_.get()); | 477 ct_verifier_.get()); |
| 476 | 478 |
| 477 std::unique_ptr<DummyProofVerifierCallback> callback( | 479 std::unique_ptr<DummyProofVerifierCallback> callback( |
| 478 new DummyProofVerifierCallback); | 480 new DummyProofVerifierCallback); |
| 479 QuicAsyncStatus status = proof_verifier.VerifyProof( | 481 QuicAsyncStatus status = proof_verifier.VerifyProof( |
| 480 kTestHostname, kTestPort, kTestConfig, QUIC_VERSION_35, "", certs_, "", | 482 kTestHostname, kTestPort, kTestConfig, QUIC_VERSION_35, kTestChloHash, |
| 481 GetTestSignature(), verify_context_.get(), &error_details_, &details_, | 483 certs_, kTestEmptySCT, GetTestSignature(), verify_context_.get(), |
| 482 std::move(callback)); | 484 &error_details_, &details_, std::move(callback)); |
| 483 ASSERT_EQ(QUIC_SUCCESS, status); | 485 ASSERT_EQ(QUIC_SUCCESS, status); |
| 484 | 486 |
| 485 ASSERT_TRUE(details_.get()); | 487 ASSERT_TRUE(details_.get()); |
| 486 ProofVerifyDetailsChromium* verify_details = | 488 ProofVerifyDetailsChromium* verify_details = |
| 487 static_cast<ProofVerifyDetailsChromium*>(details_.get()); | 489 static_cast<ProofVerifyDetailsChromium*>(details_.get()); |
| 488 EXPECT_TRUE(verify_details->pkp_bypassed); | 490 EXPECT_TRUE(verify_details->pkp_bypassed); |
| 489 } | 491 } |
| 490 | 492 |
| 491 // Test that when CT is required (in this case, by the delegate), the | 493 // Test that when CT is required (in this case, by the delegate), the |
| 492 // absence of CT information is a socket error. | 494 // absence of CT information is a socket error. |
| 493 TEST_F(ProofVerifierChromiumTest, DISABLED_CTIsRequired) { | 495 TEST_F(ProofVerifierChromiumTest, CTIsRequired) { |
| 494 scoped_refptr<X509Certificate> test_cert = GetTestServerCertificate(); | 496 scoped_refptr<X509Certificate> test_cert = GetTestServerCertificate(); |
| 495 ASSERT_TRUE(test_cert); | 497 ASSERT_TRUE(test_cert); |
| 496 | 498 |
| 497 CertVerifyResult dummy_result; | 499 CertVerifyResult dummy_result; |
| 498 dummy_result.verified_cert = test_cert; | 500 dummy_result.verified_cert = test_cert; |
| 499 dummy_result.is_issued_by_known_root = true; | 501 dummy_result.is_issued_by_known_root = true; |
| 500 dummy_result.public_key_hashes = MakeHashValueVector(0x01); | 502 dummy_result.public_key_hashes = MakeHashValueVector(0x01); |
| 501 dummy_result.cert_status = 0; | 503 dummy_result.cert_status = 0; |
| 502 | 504 |
| 503 MockCertVerifier dummy_verifier; | 505 MockCertVerifier dummy_verifier; |
| (...skipping 12 matching lines...) Expand all Loading... |
| 516 .WillRepeatedly( | 518 .WillRepeatedly( |
| 517 Return(ct::CertPolicyCompliance::CERT_POLICY_NOT_ENOUGH_SCTS)); | 519 Return(ct::CertPolicyCompliance::CERT_POLICY_NOT_ENOUGH_SCTS)); |
| 518 | 520 |
| 519 ProofVerifierChromium proof_verifier(&dummy_verifier, &ct_policy_enforcer_, | 521 ProofVerifierChromium proof_verifier(&dummy_verifier, &ct_policy_enforcer_, |
| 520 &transport_security_state_, | 522 &transport_security_state_, |
| 521 ct_verifier_.get()); | 523 ct_verifier_.get()); |
| 522 | 524 |
| 523 std::unique_ptr<DummyProofVerifierCallback> callback( | 525 std::unique_ptr<DummyProofVerifierCallback> callback( |
| 524 new DummyProofVerifierCallback); | 526 new DummyProofVerifierCallback); |
| 525 QuicAsyncStatus status = proof_verifier.VerifyProof( | 527 QuicAsyncStatus status = proof_verifier.VerifyProof( |
| 526 kTestHostname, kTestPort, kTestConfig, QUIC_VERSION_35, "", certs_, "", | 528 kTestHostname, kTestPort, kTestConfig, QUIC_VERSION_35, kTestChloHash, |
| 527 GetTestSignature(), verify_context_.get(), &error_details_, &details_, | 529 certs_, kTestEmptySCT, GetTestSignature(), verify_context_.get(), |
| 528 std::move(callback)); | 530 &error_details_, &details_, std::move(callback)); |
| 529 ASSERT_EQ(QUIC_FAILURE, status); | 531 ASSERT_EQ(QUIC_FAILURE, status); |
| 530 | 532 |
| 531 ASSERT_TRUE(details_.get()); | 533 ASSERT_TRUE(details_.get()); |
| 532 ProofVerifyDetailsChromium* verify_details = | 534 ProofVerifyDetailsChromium* verify_details = |
| 533 static_cast<ProofVerifyDetailsChromium*>(details_.get()); | 535 static_cast<ProofVerifyDetailsChromium*>(details_.get()); |
| 534 EXPECT_TRUE(verify_details->cert_verify_result.cert_status & | 536 EXPECT_TRUE(verify_details->cert_verify_result.cert_status & |
| 535 CERT_STATUS_CERTIFICATE_TRANSPARENCY_REQUIRED); | 537 CERT_STATUS_CERTIFICATE_TRANSPARENCY_REQUIRED); |
| 536 } | 538 } |
| 537 | 539 |
| 538 // Test that CT is considered even when HPKP fails. | 540 // Test that CT is considered even when HPKP fails. |
| 539 TEST_F(ProofVerifierChromiumTest, DISABLED_PKPAndCTBothTested) { | 541 TEST_F(ProofVerifierChromiumTest, PKPAndCTBothTested) { |
| 540 scoped_refptr<X509Certificate> test_cert = GetTestServerCertificate(); | 542 scoped_refptr<X509Certificate> test_cert = GetTestServerCertificate(); |
| 541 ASSERT_TRUE(test_cert); | 543 ASSERT_TRUE(test_cert); |
| 542 | 544 |
| 543 CertVerifyResult dummy_result; | 545 CertVerifyResult dummy_result; |
| 544 dummy_result.verified_cert = test_cert; | 546 dummy_result.verified_cert = test_cert; |
| 545 dummy_result.is_issued_by_known_root = true; | 547 dummy_result.is_issued_by_known_root = true; |
| 546 dummy_result.public_key_hashes = MakeHashValueVector(0x01); | 548 dummy_result.public_key_hashes = MakeHashValueVector(0x01); |
| 547 dummy_result.cert_status = 0; | 549 dummy_result.cert_status = 0; |
| 548 | 550 |
| 549 MockCertVerifier dummy_verifier; | 551 MockCertVerifier dummy_verifier; |
| (...skipping 18 matching lines...) Expand all Loading... |
| 568 .WillRepeatedly( | 570 .WillRepeatedly( |
| 569 Return(ct::CertPolicyCompliance::CERT_POLICY_NOT_ENOUGH_SCTS)); | 571 Return(ct::CertPolicyCompliance::CERT_POLICY_NOT_ENOUGH_SCTS)); |
| 570 | 572 |
| 571 ProofVerifierChromium proof_verifier(&dummy_verifier, &ct_policy_enforcer_, | 573 ProofVerifierChromium proof_verifier(&dummy_verifier, &ct_policy_enforcer_, |
| 572 &transport_security_state_, | 574 &transport_security_state_, |
| 573 ct_verifier_.get()); | 575 ct_verifier_.get()); |
| 574 | 576 |
| 575 std::unique_ptr<DummyProofVerifierCallback> callback( | 577 std::unique_ptr<DummyProofVerifierCallback> callback( |
| 576 new DummyProofVerifierCallback); | 578 new DummyProofVerifierCallback); |
| 577 QuicAsyncStatus status = proof_verifier.VerifyProof( | 579 QuicAsyncStatus status = proof_verifier.VerifyProof( |
| 578 kTestHostname, kTestPort, kTestConfig, QUIC_VERSION_35, "", certs_, "", | 580 kTestHostname, kTestPort, kTestConfig, QUIC_VERSION_35, kTestChloHash, |
| 579 GetTestSignature(), verify_context_.get(), &error_details_, &details_, | 581 certs_, kTestEmptySCT, GetTestSignature(), verify_context_.get(), |
| 580 std::move(callback)); | 582 &error_details_, &details_, std::move(callback)); |
| 581 ASSERT_EQ(QUIC_FAILURE, status); | 583 ASSERT_EQ(QUIC_FAILURE, status); |
| 582 | 584 |
| 583 ASSERT_TRUE(details_.get()); | 585 ASSERT_TRUE(details_.get()); |
| 584 ProofVerifyDetailsChromium* verify_details = | 586 ProofVerifyDetailsChromium* verify_details = |
| 585 static_cast<ProofVerifyDetailsChromium*>(details_.get()); | 587 static_cast<ProofVerifyDetailsChromium*>(details_.get()); |
| 586 EXPECT_TRUE(verify_details->cert_verify_result.cert_status & | 588 EXPECT_TRUE(verify_details->cert_verify_result.cert_status & |
| 587 CERT_STATUS_PINNED_KEY_MISSING); | 589 CERT_STATUS_PINNED_KEY_MISSING); |
| 588 EXPECT_TRUE(verify_details->cert_verify_result.cert_status & | 590 EXPECT_TRUE(verify_details->cert_verify_result.cert_status & |
| 589 CERT_STATUS_CERTIFICATE_TRANSPARENCY_REQUIRED); | 591 CERT_STATUS_CERTIFICATE_TRANSPARENCY_REQUIRED); |
| 590 } | 592 } |
| (...skipping 22 matching lines...) Expand all Loading... |
| 613 ASSERT_EQ(QUIC_SUCCESS, status); | 615 ASSERT_EQ(QUIC_SUCCESS, status); |
| 614 | 616 |
| 615 ASSERT_TRUE(details_.get()); | 617 ASSERT_TRUE(details_.get()); |
| 616 ProofVerifyDetailsChromium* verify_details = | 618 ProofVerifyDetailsChromium* verify_details = |
| 617 static_cast<ProofVerifyDetailsChromium*>(details_.get()); | 619 static_cast<ProofVerifyDetailsChromium*>(details_.get()); |
| 618 EXPECT_EQ(0u, verify_details->cert_verify_result.cert_status); | 620 EXPECT_EQ(0u, verify_details->cert_verify_result.cert_status); |
| 619 } | 621 } |
| 620 | 622 |
| 621 } // namespace test | 623 } // namespace test |
| 622 } // namespace net | 624 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2908413002:
Re-enable ProofVerifierChromium tests by generating a signature (Closed)
