OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/socket/ssl_client_socket.h" | 5 #include "net/socket/ssl_client_socket.h" |
6 | 6 |
7 #include <errno.h> | 7 #include <errno.h> |
8 #include <string.h> | 8 #include <string.h> |
9 | 9 |
10 #include <algorithm> | 10 #include <algorithm> |
(...skipping 851 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
862 MOCK_METHOD1(SetObserver, void(CTVerifier::Observer*)); | 862 MOCK_METHOD1(SetObserver, void(CTVerifier::Observer*)); |
863 }; | 863 }; |
864 | 864 |
865 // A mock CTPolicyEnforcer that returns a custom verification result. | 865 // A mock CTPolicyEnforcer that returns a custom verification result. |
866 class MockCTPolicyEnforcer : public CTPolicyEnforcer { | 866 class MockCTPolicyEnforcer : public CTPolicyEnforcer { |
867 public: | 867 public: |
868 MOCK_METHOD3(DoesConformToCertPolicy, | 868 MOCK_METHOD3(DoesConformToCertPolicy, |
869 ct::CertPolicyCompliance(X509Certificate* cert, | 869 ct::CertPolicyCompliance(X509Certificate* cert, |
870 const ct::SCTList&, | 870 const ct::SCTList&, |
871 const NetLogWithSource&)); | 871 const NetLogWithSource&)); |
872 MOCK_METHOD4(DoesConformToCTEVPolicy, | |
873 ct::EVPolicyCompliance(X509Certificate* cert, | |
874 const ct::EVCertsWhitelist*, | |
875 const ct::SCTList&, | |
876 const NetLogWithSource&)); | |
877 }; | 872 }; |
878 | 873 |
879 class MockRequireCTDelegate : public TransportSecurityState::RequireCTDelegate { | 874 class MockRequireCTDelegate : public TransportSecurityState::RequireCTDelegate { |
880 public: | 875 public: |
881 MOCK_METHOD1(IsCTRequiredForHost, | 876 MOCK_METHOD1(IsCTRequiredForHost, |
882 CTRequirementLevel(const std::string& host)); | 877 CTRequirementLevel(const std::string& host)); |
883 }; | 878 }; |
884 | 879 |
885 class SSLClientSocketTest : public PlatformTest { | 880 class SSLClientSocketTest : public PlatformTest { |
886 public: | 881 public: |
887 SSLClientSocketTest() | 882 SSLClientSocketTest() |
888 : socket_factory_(ClientSocketFactory::GetDefaultFactory()), | 883 : socket_factory_(ClientSocketFactory::GetDefaultFactory()), |
889 cert_verifier_(new MockCertVerifier), | 884 cert_verifier_(new MockCertVerifier), |
890 transport_security_state_(new TransportSecurityState), | 885 transport_security_state_(new TransportSecurityState), |
891 ct_verifier_(new DoNothingCTVerifier), | 886 ct_verifier_(new DoNothingCTVerifier), |
892 ct_policy_enforcer_(new MockCTPolicyEnforcer) { | 887 ct_policy_enforcer_(new MockCTPolicyEnforcer) { |
893 cert_verifier_->set_default_result(OK); | 888 cert_verifier_->set_default_result(OK); |
894 context_.cert_verifier = cert_verifier_.get(); | 889 context_.cert_verifier = cert_verifier_.get(); |
895 context_.transport_security_state = transport_security_state_.get(); | 890 context_.transport_security_state = transport_security_state_.get(); |
896 context_.cert_transparency_verifier = ct_verifier_.get(); | 891 context_.cert_transparency_verifier = ct_verifier_.get(); |
897 context_.ct_policy_enforcer = ct_policy_enforcer_.get(); | 892 context_.ct_policy_enforcer = ct_policy_enforcer_.get(); |
898 | 893 |
899 EXPECT_CALL(*ct_policy_enforcer_, DoesConformToCertPolicy(_, _, _)) | 894 EXPECT_CALL(*ct_policy_enforcer_, DoesConformToCertPolicy(_, _, _)) |
900 .WillRepeatedly( | 895 .WillRepeatedly( |
901 Return(ct::CertPolicyCompliance::CERT_POLICY_COMPLIES_VIA_SCTS)); | 896 Return(ct::CertPolicyCompliance::CERT_POLICY_COMPLIES_VIA_SCTS)); |
902 EXPECT_CALL(*ct_policy_enforcer_, DoesConformToCTEVPolicy(_, _, _, _)) | |
903 .WillRepeatedly( | |
904 Return(ct::EVPolicyCompliance::EV_POLICY_COMPLIES_VIA_SCTS)); | |
905 } | 897 } |
906 | 898 |
907 protected: | 899 protected: |
908 // The address of the spawned test server, after calling StartTestServer(). | 900 // The address of the spawned test server, after calling StartTestServer(). |
909 const AddressList& addr() const { return addr_; } | 901 const AddressList& addr() const { return addr_; } |
910 | 902 |
911 // The SpawnedTestServer object, after calling StartTestServer(). | 903 // The SpawnedTestServer object, after calling StartTestServer(). |
912 const SpawnedTestServer* spawned_test_server() const { | 904 const SpawnedTestServer* spawned_test_server() const { |
913 return spawned_test_server_.get(); | 905 return spawned_test_server_.get(); |
914 } | 906 } |
(...skipping 1642 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2557 | 2549 |
2558 SSLConfig ssl_config; | 2550 SSLConfig ssl_config; |
2559 AddServerCertStatusToSSLConfig(CERT_STATUS_IS_EV, &ssl_config); | 2551 AddServerCertStatusToSSLConfig(CERT_STATUS_IS_EV, &ssl_config); |
2560 | 2552 |
2561 // Emulate compliance of the certificate to the policy. | 2553 // Emulate compliance of the certificate to the policy. |
2562 MockCTPolicyEnforcer policy_enforcer; | 2554 MockCTPolicyEnforcer policy_enforcer; |
2563 SetCTPolicyEnforcer(&policy_enforcer); | 2555 SetCTPolicyEnforcer(&policy_enforcer); |
2564 EXPECT_CALL(policy_enforcer, DoesConformToCertPolicy(_, _, _)) | 2556 EXPECT_CALL(policy_enforcer, DoesConformToCertPolicy(_, _, _)) |
2565 .WillRepeatedly( | 2557 .WillRepeatedly( |
2566 Return(ct::CertPolicyCompliance::CERT_POLICY_COMPLIES_VIA_SCTS)); | 2558 Return(ct::CertPolicyCompliance::CERT_POLICY_COMPLIES_VIA_SCTS)); |
2567 EXPECT_CALL(policy_enforcer, DoesConformToCTEVPolicy(_, _, _, _)) | |
2568 .WillRepeatedly( | |
2569 Return(ct::EVPolicyCompliance::EV_POLICY_COMPLIES_VIA_SCTS)); | |
2570 | 2559 |
2571 int rv; | 2560 int rv; |
2572 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); | 2561 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); |
2573 EXPECT_THAT(rv, IsOk()); | 2562 EXPECT_THAT(rv, IsOk()); |
2574 | 2563 |
2575 SSLInfo result; | 2564 SSLInfo result; |
2576 ASSERT_TRUE(sock_->GetSSLInfo(&result)); | 2565 ASSERT_TRUE(sock_->GetSSLInfo(&result)); |
2577 | 2566 |
2578 EXPECT_TRUE(result.cert_status & CERT_STATUS_IS_EV); | 2567 EXPECT_TRUE(result.cert_status & CERT_STATUS_IS_EV); |
2579 } | 2568 } |
2580 | 2569 |
2581 // Test that when a CT verifier and a CTPolicyEnforcer are defined, but | 2570 // Test that when a CT verifier and a CTPolicyEnforcer are defined, but |
2582 // the EV certificate used does not conform to the CT/EV policy, its EV status | 2571 // the EV certificate used does not conform to the CT/EV policy, its EV status |
2583 // is removed. | 2572 // is removed. |
2584 TEST_F(SSLClientSocketTest, EVCertStatusRemovedForNonCompliantCert) { | 2573 TEST_F(SSLClientSocketTest, EVCertStatusRemovedForNonCompliantCert) { |
2585 SpawnedTestServer::SSLOptions ssl_options; | 2574 SpawnedTestServer::SSLOptions ssl_options; |
2586 ASSERT_TRUE(StartTestServer(ssl_options)); | 2575 ASSERT_TRUE(StartTestServer(ssl_options)); |
2587 | 2576 |
2588 SSLConfig ssl_config; | 2577 SSLConfig ssl_config; |
2589 AddServerCertStatusToSSLConfig(CERT_STATUS_IS_EV, &ssl_config); | 2578 AddServerCertStatusToSSLConfig(CERT_STATUS_IS_EV, &ssl_config); |
2590 | 2579 |
2591 // Emulate non-compliance of the certificate to the policy. | 2580 // Emulate non-compliance of the certificate to the policy. |
2592 MockCTPolicyEnforcer policy_enforcer; | 2581 MockCTPolicyEnforcer policy_enforcer; |
2593 SetCTPolicyEnforcer(&policy_enforcer); | 2582 SetCTPolicyEnforcer(&policy_enforcer); |
2594 EXPECT_CALL(policy_enforcer, DoesConformToCertPolicy(_, _, _)) | 2583 EXPECT_CALL(policy_enforcer, DoesConformToCertPolicy(_, _, _)) |
2595 .WillRepeatedly( | 2584 .WillRepeatedly( |
2596 Return(ct::CertPolicyCompliance::CERT_POLICY_NOT_ENOUGH_SCTS)); | 2585 Return(ct::CertPolicyCompliance::CERT_POLICY_NOT_ENOUGH_SCTS)); |
2597 EXPECT_CALL(policy_enforcer, DoesConformToCTEVPolicy(_, _, _, _)) | |
2598 .WillRepeatedly( | |
2599 Return(ct::EVPolicyCompliance::EV_POLICY_NOT_ENOUGH_SCTS)); | |
2600 | 2586 |
2601 int rv; | 2587 int rv; |
2602 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); | 2588 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); |
2603 EXPECT_THAT(rv, IsOk()); | 2589 EXPECT_THAT(rv, IsOk()); |
2604 | 2590 |
2605 SSLInfo result; | 2591 SSLInfo result; |
2606 ASSERT_TRUE(sock_->GetSSLInfo(&result)); | 2592 ASSERT_TRUE(sock_->GetSSLInfo(&result)); |
2607 | 2593 |
2608 EXPECT_FALSE(result.cert_status & CERT_STATUS_IS_EV); | 2594 EXPECT_FALSE(result.cert_status & CERT_STATUS_IS_EV); |
2609 EXPECT_TRUE(result.cert_status & CERT_STATUS_CT_COMPLIANCE_FAILED); | 2595 EXPECT_TRUE(result.cert_status & CERT_STATUS_CT_COMPLIANCE_FAILED); |
(...skipping 1391 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
4001 // The read buffer should be released. | 3987 // The read buffer should be released. |
4002 StreamSocket::SocketMemoryStats stats; | 3988 StreamSocket::SocketMemoryStats stats; |
4003 client->DumpMemoryStats(&stats); | 3989 client->DumpMemoryStats(&stats); |
4004 EXPECT_EQ(0u, stats.buffer_size); | 3990 EXPECT_EQ(0u, stats.buffer_size); |
4005 EXPECT_EQ(1u, stats.cert_count); | 3991 EXPECT_EQ(1u, stats.cert_count); |
4006 EXPECT_LT(0u, stats.cert_size); | 3992 EXPECT_LT(0u, stats.cert_size); |
4007 EXPECT_EQ(stats.cert_size, stats.total_size); | 3993 EXPECT_EQ(stats.cert_size, stats.total_size); |
4008 } | 3994 } |
4009 | 3995 |
4010 } // namespace net | 3996 } // namespace net |
OLD | NEW |