| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/multi_log_ct_verifier.h" | 5 #include "net/cert/multi_log_ct_verifier.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 | 8 |
| 9 #include "base/file_util.h" | 9 #include "base/file_util.h" |
| 10 #include "base/files/file_path.h" | 10 #include "base/files/file_path.h" |
| (...skipping 30 matching lines...) Expand all Loading... |
| 41 scoped_ptr<CTLogVerifier> log( | 41 scoped_ptr<CTLogVerifier> log( |
| 42 CTLogVerifier::Create(ct::GetTestPublicKey(), kLogDescription)); | 42 CTLogVerifier::Create(ct::GetTestPublicKey(), kLogDescription)); |
| 43 ASSERT_TRUE(log); | 43 ASSERT_TRUE(log); |
| 44 | 44 |
| 45 verifier_.reset(new MultiLogCTVerifier()); | 45 verifier_.reset(new MultiLogCTVerifier()); |
| 46 verifier_->AddLog(log.Pass()); | 46 verifier_->AddLog(log.Pass()); |
| 47 std::string der_test_cert(ct::GetDerEncodedX509Cert()); | 47 std::string der_test_cert(ct::GetDerEncodedX509Cert()); |
| 48 chain_ = X509Certificate::CreateFromBytes( | 48 chain_ = X509Certificate::CreateFromBytes( |
| 49 der_test_cert.data(), | 49 der_test_cert.data(), |
| 50 der_test_cert.length()); | 50 der_test_cert.length()); |
| 51 ASSERT_TRUE(chain_); | 51 ASSERT_TRUE(chain_.get()); |
| 52 | 52 |
| 53 embedded_sct_chain_ = | 53 embedded_sct_chain_ = |
| 54 CreateCertificateChainFromFile(GetTestCertsDirectory(), | 54 CreateCertificateChainFromFile(GetTestCertsDirectory(), |
| 55 "ct-test-embedded-cert.pem", | 55 "ct-test-embedded-cert.pem", |
| 56 X509Certificate::FORMAT_AUTO); | 56 X509Certificate::FORMAT_AUTO); |
| 57 ASSERT_TRUE(embedded_sct_chain_); | 57 ASSERT_TRUE(embedded_sct_chain_.get()); |
| 58 } | 58 } |
| 59 | 59 |
| 60 bool CheckForSingleVerifiedSCTInResult(const ct::CTVerifyResult& result) { | 60 bool CheckForSingleVerifiedSCTInResult(const ct::CTVerifyResult& result) { |
| 61 return (result.verified_scts.size() == 1U) && | 61 return (result.verified_scts.size() == 1U) && |
| 62 result.invalid_scts.empty() && | 62 result.invalid_scts.empty() && |
| 63 result.unknown_logs_scts.empty() && | 63 result.unknown_logs_scts.empty() && |
| 64 result.verified_scts[0]->log_description == kLogDescription; | 64 result.verified_scts[0]->log_description == kLogDescription; |
| 65 } | 65 } |
| 66 | 66 |
| 67 bool CheckForSCTOrigin( | 67 bool CheckForSCTOrigin( |
| (...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 123 sct[15] = 't'; | 123 sct[15] = 't'; |
| 124 | 124 |
| 125 std::string sct_list; | 125 std::string sct_list; |
| 126 ct::EncodeSCTListForTesting(sct, &sct_list); | 126 ct::EncodeSCTListForTesting(sct, &sct_list); |
| 127 return sct_list; | 127 return sct_list; |
| 128 } | 128 } |
| 129 | 129 |
| 130 bool VerifySinglePrecertificateChain(scoped_refptr<X509Certificate> chain, | 130 bool VerifySinglePrecertificateChain(scoped_refptr<X509Certificate> chain, |
| 131 const BoundNetLog& bound_net_log, | 131 const BoundNetLog& bound_net_log, |
| 132 ct::CTVerifyResult* result) { | 132 ct::CTVerifyResult* result) { |
| 133 return verifier_->Verify( | 133 return verifier_->Verify(chain.get(), |
| 134 chain, std::string(), std::string(), result, bound_net_log) == | 134 std::string(), |
| 135 OK; | 135 std::string(), |
| 136 result, |
| 137 bound_net_log) == OK; |
| 136 } | 138 } |
| 137 | 139 |
| 138 bool VerifySinglePrecertificateChain(scoped_refptr<X509Certificate> chain) { | 140 bool VerifySinglePrecertificateChain(scoped_refptr<X509Certificate> chain) { |
| 139 ct::CTVerifyResult result; | 141 ct::CTVerifyResult result; |
| 140 CapturingNetLog net_log; | 142 CapturingNetLog net_log; |
| 141 BoundNetLog bound_net_log = | 143 BoundNetLog bound_net_log = |
| 142 BoundNetLog::Make(&net_log, NetLog::SOURCE_CONNECT_JOB); | 144 BoundNetLog::Make(&net_log, NetLog::SOURCE_CONNECT_JOB); |
| 143 | 145 |
| 144 return verifier_->Verify( | 146 return verifier_->Verify(chain.get(), |
| 145 chain, std::string(), std::string(), &result, bound_net_log) == | 147 std::string(), |
| 146 OK; | 148 std::string(), |
| 149 &result, |
| 150 bound_net_log) == OK; |
| 147 } | 151 } |
| 148 | 152 |
| 149 bool CheckPrecertificateVerification(scoped_refptr<X509Certificate> chain) { | 153 bool CheckPrecertificateVerification(scoped_refptr<X509Certificate> chain) { |
| 150 ct::CTVerifyResult result; | 154 ct::CTVerifyResult result; |
| 151 CapturingNetLog net_log; | 155 CapturingNetLog net_log; |
| 152 BoundNetLog bound_net_log = | 156 BoundNetLog bound_net_log = |
| 153 BoundNetLog::Make(&net_log, NetLog::SOURCE_CONNECT_JOB); | 157 BoundNetLog::Make(&net_log, NetLog::SOURCE_CONNECT_JOB); |
| 154 return (VerifySinglePrecertificateChain(chain, bound_net_log, &result) && | 158 return (VerifySinglePrecertificateChain(chain, bound_net_log, &result) && |
| 155 CheckForSingleVerifiedSCTInResult(result) && | 159 CheckForSingleVerifiedSCTInResult(result) && |
| 156 CheckForSCTOrigin(result, | 160 CheckForSCTOrigin(result, |
| (...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 192 | 196 |
| 193 TEST_F(MultiLogCTVerifierTest, VerifiesEmbeddedSCT) { | 197 TEST_F(MultiLogCTVerifierTest, VerifiesEmbeddedSCT) { |
| 194 ASSERT_TRUE(CheckPrecertificateVerification(embedded_sct_chain_)); | 198 ASSERT_TRUE(CheckPrecertificateVerification(embedded_sct_chain_)); |
| 195 } | 199 } |
| 196 | 200 |
| 197 TEST_F(MultiLogCTVerifierTest, VerifiesEmbeddedSCTWithPreCA) { | 201 TEST_F(MultiLogCTVerifierTest, VerifiesEmbeddedSCTWithPreCA) { |
| 198 scoped_refptr<X509Certificate> chain( | 202 scoped_refptr<X509Certificate> chain( |
| 199 CreateCertificateChainFromFile(GetTestCertsDirectory(), | 203 CreateCertificateChainFromFile(GetTestCertsDirectory(), |
| 200 "ct-test-embedded-with-preca-chain.pem", | 204 "ct-test-embedded-with-preca-chain.pem", |
| 201 X509Certificate::FORMAT_AUTO)); | 205 X509Certificate::FORMAT_AUTO)); |
| 202 ASSERT_TRUE(chain); | 206 ASSERT_TRUE(chain.get()); |
| 203 ASSERT_TRUE(CheckPrecertificateVerification(chain)); | 207 ASSERT_TRUE(CheckPrecertificateVerification(chain)); |
| 204 } | 208 } |
| 205 | 209 |
| 206 TEST_F(MultiLogCTVerifierTest, VerifiesEmbeddedSCTWithIntermediate) { | 210 TEST_F(MultiLogCTVerifierTest, VerifiesEmbeddedSCTWithIntermediate) { |
| 207 scoped_refptr<X509Certificate> chain(CreateCertificateChainFromFile( | 211 scoped_refptr<X509Certificate> chain(CreateCertificateChainFromFile( |
| 208 GetTestCertsDirectory(), | 212 GetTestCertsDirectory(), |
| 209 "ct-test-embedded-with-intermediate-chain.pem", | 213 "ct-test-embedded-with-intermediate-chain.pem", |
| 210 X509Certificate::FORMAT_AUTO)); | 214 X509Certificate::FORMAT_AUTO)); |
| 211 ASSERT_TRUE(chain); | 215 ASSERT_TRUE(chain.get()); |
| 212 ASSERT_TRUE(CheckPrecertificateVerification(chain)); | 216 ASSERT_TRUE(CheckPrecertificateVerification(chain)); |
| 213 } | 217 } |
| 214 | 218 |
| 215 TEST_F(MultiLogCTVerifierTest, | 219 TEST_F(MultiLogCTVerifierTest, |
| 216 VerifiesEmbeddedSCTWithIntermediateAndPreCA) { | 220 VerifiesEmbeddedSCTWithIntermediateAndPreCA) { |
| 217 scoped_refptr<X509Certificate> chain(CreateCertificateChainFromFile( | 221 scoped_refptr<X509Certificate> chain(CreateCertificateChainFromFile( |
| 218 GetTestCertsDirectory(), | 222 GetTestCertsDirectory(), |
| 219 "ct-test-embedded-with-intermediate-preca-chain.pem", | 223 "ct-test-embedded-with-intermediate-preca-chain.pem", |
| 220 X509Certificate::FORMAT_AUTO)); | 224 X509Certificate::FORMAT_AUTO)); |
| 221 ASSERT_TRUE(chain); | 225 ASSERT_TRUE(chain.get()); |
| 222 ASSERT_TRUE(CheckPrecertificateVerification(chain)); | 226 ASSERT_TRUE(CheckPrecertificateVerification(chain)); |
| 223 } | 227 } |
| 224 | 228 |
| 225 TEST_F(MultiLogCTVerifierTest, | 229 TEST_F(MultiLogCTVerifierTest, |
| 226 VerifiesSCTOverX509Cert) { | 230 VerifiesSCTOverX509Cert) { |
| 227 std::string sct(ct::GetTestSignedCertificateTimestamp()); | 231 std::string sct(ct::GetTestSignedCertificateTimestamp()); |
| 228 | 232 |
| 229 std::string sct_list; | 233 std::string sct_list; |
| 230 ASSERT_TRUE(ct::EncodeSCTListForTesting(sct, &sct_list)); | 234 ASSERT_TRUE(ct::EncodeSCTListForTesting(sct, &sct_list)); |
| 231 | 235 |
| 232 ct::CTVerifyResult result; | 236 ct::CTVerifyResult result; |
| 233 EXPECT_EQ(OK, | 237 EXPECT_EQ(OK, |
| 234 verifier_->Verify(chain_, std::string(), sct_list, &result, | 238 verifier_->Verify( |
| 235 BoundNetLog())); | 239 chain_.get(), std::string(), sct_list, &result, BoundNetLog())); |
| 236 ASSERT_TRUE(CheckForSingleVerifiedSCTInResult(result)); | 240 ASSERT_TRUE(CheckForSingleVerifiedSCTInResult(result)); |
| 237 ASSERT_TRUE(CheckForSCTOrigin( | 241 ASSERT_TRUE(CheckForSCTOrigin( |
| 238 result, ct::SignedCertificateTimestamp::SCT_FROM_TLS_EXTENSION)); | 242 result, ct::SignedCertificateTimestamp::SCT_FROM_TLS_EXTENSION)); |
| 239 } | 243 } |
| 240 | 244 |
| 241 TEST_F(MultiLogCTVerifierTest, | 245 TEST_F(MultiLogCTVerifierTest, |
| 242 IdentifiesSCTFromUnknownLog) { | 246 IdentifiesSCTFromUnknownLog) { |
| 243 std::string sct_list = GetSCTListWithInvalidSCT(); | 247 std::string sct_list = GetSCTListWithInvalidSCT(); |
| 244 ct::CTVerifyResult result; | 248 ct::CTVerifyResult result; |
| 245 | 249 |
| 246 EXPECT_NE(OK, | 250 EXPECT_NE(OK, |
| 247 verifier_->Verify( | 251 verifier_->Verify( |
| 248 chain_, std::string(), sct_list, &result, BoundNetLog())); | 252 chain_.get(), std::string(), sct_list, &result, BoundNetLog())); |
| 249 EXPECT_EQ(1U, result.unknown_logs_scts.size()); | 253 EXPECT_EQ(1U, result.unknown_logs_scts.size()); |
| 250 EXPECT_EQ("", result.unknown_logs_scts[0]->log_description); | 254 EXPECT_EQ("", result.unknown_logs_scts[0]->log_description); |
| 251 } | 255 } |
| 252 | 256 |
| 253 TEST_F(MultiLogCTVerifierTest, CountsValidSCTsInStatusHistogram) { | 257 TEST_F(MultiLogCTVerifierTest, CountsValidSCTsInStatusHistogram) { |
| 254 int num_valid_scts = NumValidSCTsInStatusHistogram(); | 258 int num_valid_scts = NumValidSCTsInStatusHistogram(); |
| 255 | 259 |
| 256 ASSERT_TRUE(VerifySinglePrecertificateChain(embedded_sct_chain_)); | 260 ASSERT_TRUE(VerifySinglePrecertificateChain(embedded_sct_chain_)); |
| 257 | 261 |
| 258 EXPECT_EQ(num_valid_scts + 1, NumValidSCTsInStatusHistogram()); | 262 EXPECT_EQ(num_valid_scts + 1, NumValidSCTsInStatusHistogram()); |
| 259 } | 263 } |
| 260 | 264 |
| 261 TEST_F(MultiLogCTVerifierTest, CountsInvalidSCTsInStatusHistogram) { | 265 TEST_F(MultiLogCTVerifierTest, CountsInvalidSCTsInStatusHistogram) { |
| 262 std::string sct_list = GetSCTListWithInvalidSCT(); | 266 std::string sct_list = GetSCTListWithInvalidSCT(); |
| 263 ct::CTVerifyResult result; | 267 ct::CTVerifyResult result; |
| 264 int num_valid_scts = NumValidSCTsInStatusHistogram(); | 268 int num_valid_scts = NumValidSCTsInStatusHistogram(); |
| 265 int num_invalid_scts = GetValueFromHistogram( | 269 int num_invalid_scts = GetValueFromHistogram( |
| 266 "Net.CertificateTransparency.SCTStatus", ct::SCT_STATUS_LOG_UNKNOWN); | 270 "Net.CertificateTransparency.SCTStatus", ct::SCT_STATUS_LOG_UNKNOWN); |
| 267 | 271 |
| 268 EXPECT_NE(OK, | 272 EXPECT_NE(OK, |
| 269 verifier_->Verify(chain_, std::string(), sct_list, &result, | 273 verifier_->Verify( |
| 270 BoundNetLog())); | 274 chain_.get(), std::string(), sct_list, &result, BoundNetLog())); |
| 271 | 275 |
| 272 ASSERT_EQ(num_valid_scts, NumValidSCTsInStatusHistogram()); | 276 ASSERT_EQ(num_valid_scts, NumValidSCTsInStatusHistogram()); |
| 273 ASSERT_EQ(num_invalid_scts + 1, | 277 ASSERT_EQ(num_invalid_scts + 1, |
| 274 GetValueFromHistogram("Net.CertificateTransparency.SCTStatus", | 278 GetValueFromHistogram("Net.CertificateTransparency.SCTStatus", |
| 275 ct::SCT_STATUS_LOG_UNKNOWN)); | 279 ct::SCT_STATUS_LOG_UNKNOWN)); |
| 276 } | 280 } |
| 277 | 281 |
| 278 TEST_F(MultiLogCTVerifierTest, CountsSingleEmbeddedSCTInConnectionsHistogram) { | 282 TEST_F(MultiLogCTVerifierTest, CountsSingleEmbeddedSCTInConnectionsHistogram) { |
| 279 int old_sct_count = NumConnectionsWithSingleSCT(); | 283 int old_sct_count = NumConnectionsWithSingleSCT(); |
| 280 ASSERT_TRUE(CheckPrecertificateVerification(embedded_sct_chain_)); | 284 ASSERT_TRUE(CheckPrecertificateVerification(embedded_sct_chain_)); |
| 281 EXPECT_EQ(old_sct_count + 1, NumConnectionsWithSingleSCT()); | 285 EXPECT_EQ(old_sct_count + 1, NumConnectionsWithSingleSCT()); |
| 282 } | 286 } |
| 283 | 287 |
| 284 TEST_F(MultiLogCTVerifierTest, CountsSingleEmbeddedSCTInOriginsHistogram) { | 288 TEST_F(MultiLogCTVerifierTest, CountsSingleEmbeddedSCTInOriginsHistogram) { |
| 285 int old_embedded_count = NumEmbeddedSCTsInHistogram(); | 289 int old_embedded_count = NumEmbeddedSCTsInHistogram(); |
| 286 ASSERT_TRUE(CheckPrecertificateVerification(embedded_sct_chain_)); | 290 ASSERT_TRUE(CheckPrecertificateVerification(embedded_sct_chain_)); |
| 287 EXPECT_EQ(old_embedded_count + 1, NumEmbeddedSCTsInHistogram()); | 291 EXPECT_EQ(old_embedded_count + 1, NumEmbeddedSCTsInHistogram()); |
| 288 } | 292 } |
| 289 | 293 |
| 290 TEST_F(MultiLogCTVerifierTest, CountsZeroSCTsCorrectly) { | 294 TEST_F(MultiLogCTVerifierTest, CountsZeroSCTsCorrectly) { |
| 291 int connections_without_scts = GetValueFromHistogram(kSCTCountHistogram, 0); | 295 int connections_without_scts = GetValueFromHistogram(kSCTCountHistogram, 0); |
| 292 EXPECT_FALSE(VerifySinglePrecertificateChain(chain_)); | 296 EXPECT_FALSE(VerifySinglePrecertificateChain(chain_)); |
| 293 ASSERT_EQ(connections_without_scts + 1, | 297 ASSERT_EQ(connections_without_scts + 1, |
| 294 GetValueFromHistogram(kSCTCountHistogram, 0)); | 298 GetValueFromHistogram(kSCTCountHistogram, 0)); |
| 295 } | 299 } |
| 296 | 300 |
| 297 } // namespace | 301 } // namespace |
| 298 | 302 |
| 299 } // namespace net | 303 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 503163002:
Remove implicit conversions from scoped_refptr to T* in net/cert/ (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master