Chromium Code Reviews Chromium Code Reviews
Issue 83333003:
Add support for fetching Certificate Transparency SCTs over a TLS extension (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/socket/ssl_client_socket.h" | 5 #include "net/socket/ssl_client_socket.h" |
| 6 | 6 |
| 7 #include "base/callback_helpers.h" | 7 #include "base/callback_helpers.h" |
| 8 #include "base/memory/ref_counted.h" | 8 #include "base/memory/ref_counted.h" |
| 9 #include "net/base/address_list.h" | 9 #include "net/base/address_list.h" |
| 10 #include "net/base/io_buffer.h" | 10 #include "net/base/io_buffer.h" |
| (...skipping 1775 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1786 scoped_refptr<SSLCertRequestInfo> request_info = GetCertRequest(ssl_options); | 1786 scoped_refptr<SSLCertRequestInfo> request_info = GetCertRequest(ssl_options); |
| 1787 ASSERT_TRUE(request_info.get()); | 1787 ASSERT_TRUE(request_info.get()); |
| 1788 ASSERT_EQ(2u, request_info->cert_authorities.size()); | 1788 ASSERT_EQ(2u, request_info->cert_authorities.size()); |
| 1789 EXPECT_EQ(std::string(reinterpret_cast<const char*>(kThawteDN), kThawteLen), | 1789 EXPECT_EQ(std::string(reinterpret_cast<const char*>(kThawteDN), kThawteLen), |
| 1790 request_info->cert_authorities[0]); | 1790 request_info->cert_authorities[0]); |
| 1791 EXPECT_EQ( | 1791 EXPECT_EQ( |
| 1792 std::string(reinterpret_cast<const char*>(kDiginotarDN), kDiginotarLen), | 1792 std::string(reinterpret_cast<const char*>(kDiginotarDN), kDiginotarLen), |
| 1793 request_info->cert_authorities[1]); | 1793 request_info->cert_authorities[1]); |
| 1794 } | 1794 } |
| 1795 | 1795 |
| 1796 TEST_F(SSLClientSocketTest, ConnectSignedCertTimestampsEnabled) { | |
| 1797 SpawnedTestServer::SSLOptions ssl_options; | |
| 1798 ssl_options.signed_cert_timestamps = "test"; | |
| 1799 | |
| 1800 SpawnedTestServer test_server(SpawnedTestServer::TYPE_HTTPS, | |
| 1801 ssl_options, | |
| 1802 base::FilePath()); | |
| 1803 ASSERT_TRUE(test_server.Start()); | |
| 1804 | |
| 1805 AddressList addr; | |
| 1806 ASSERT_TRUE(test_server.GetAddressList(&addr)); | |
| 1807 | |
| 1808 TestCompletionCallback callback; | |
| 1809 CapturingNetLog log; | |
| 1810 scoped_ptr<StreamSocket> transport( | |
| 1811 new TCPClientSocket(addr, &log, NetLog::Source())); | |
| 1812 int rv = transport->Connect(callback.callback()); | |
| 1813 if (rv == ERR_IO_PENDING) | |
| 1814 rv = callback.WaitForResult(); | |
| 1815 EXPECT_EQ(OK, rv); | |
| 1816 | |
| 1817 SSLConfig ssl_config; | |
| 1818 ssl_config.signed_cert_timestamps_enabled = true; | |
| 1819 | |
| 1820 scoped_ptr<SSLClientSocket> sock(CreateSSLClientSocket( | |
| 1821 transport.Pass(), test_server.host_port_pair(), ssl_config)); | |
| 1822 | |
| 1823 EXPECT_FALSE(sock->IsConnected()); | |
| 1824 | |
| 1825 rv = sock->Connect(callback.callback()); | |
| 1826 | |
| 1827 CapturingNetLog::CapturedEntryList entries; | |
| 1828 log.GetEntries(&entries); | |
| 1829 EXPECT_TRUE(LogContainsBeginEvent(entries, 5, NetLog::TYPE_SSL_CONNECT)); | |
| 1830 if (rv == ERR_IO_PENDING) | |
| 1831 rv = callback.WaitForResult(); | |
| 1832 EXPECT_EQ(OK, rv); | |
| 1833 EXPECT_TRUE(sock->IsConnected()); | |
| 1834 log.GetEntries(&entries); | |
| 1835 EXPECT_TRUE(LogContainsSSLConnectEndEvent(entries, -1)); | |
| 1836 | |
| 1837 #if !defined(USE_OPENSSL) | |
| 1838 EXPECT_TRUE(sock->WereSignedCertTimestampsReceived()); | |
| 1839 #else | |
| 1840 // Enabling CT for OpenSSL is currently a noop. | |
| 1841 EXPECT_FALSE(sock->WereSignedCertTimestampsReceived()); | |
| 1842 #endif | |
| 1843 | |
| 1844 sock->Disconnect(); | |
| 1845 EXPECT_FALSE(sock->IsConnected()); | |
| 1846 } | |
| 1847 | |
| 1848 TEST_F(SSLClientSocketTest, ConnectSignedCertTimestampsDisabled) { | |
| 1849 SpawnedTestServer test_server(SpawnedTestServer::TYPE_HTTPS, | |
|
wtc
2013/11/26 17:32:55
The test_server in this unit test should also have
ekasper
2013/11/26 19:33:54
Good point - I wanted to test that no "SCTs" were
| |
| 1850 SpawnedTestServer::kLocalhost, | |
| 1851 base::FilePath()); | |
| 1852 ASSERT_TRUE(test_server.Start()); | |
| 1853 | |
| 1854 AddressList addr; | |
| 1855 ASSERT_TRUE(test_server.GetAddressList(&addr)); | |
| 1856 | |
| 1857 TestCompletionCallback callback; | |
| 1858 CapturingNetLog log; | |
| 1859 scoped_ptr<StreamSocket> transport( | |
| 1860 new TCPClientSocket(addr, &log, NetLog::Source())); | |
| 1861 int rv = transport->Connect(callback.callback()); | |
| 1862 if (rv == ERR_IO_PENDING) | |
| 1863 rv = callback.WaitForResult(); | |
| 1864 EXPECT_EQ(OK, rv); | |
| 1865 | |
| 1866 SSLConfig ssl_config; | |
| 1867 ssl_config.signed_cert_timestamps_enabled = false; | |
| 1868 | |
| 1869 scoped_ptr<SSLClientSocket> sock(CreateSSLClientSocket( | |
| 1870 transport.Pass(), test_server.host_port_pair(), ssl_config)); | |
| 1871 | |
| 1872 EXPECT_FALSE(sock->IsConnected()); | |
| 1873 | |
| 1874 rv = sock->Connect(callback.callback()); | |
| 1875 | |
| 1876 CapturingNetLog::CapturedEntryList entries; | |
| 1877 log.GetEntries(&entries); | |
| 1878 EXPECT_TRUE(LogContainsBeginEvent(entries, 5, NetLog::TYPE_SSL_CONNECT)); | |
| 1879 if (rv == ERR_IO_PENDING) | |
| 1880 rv = callback.WaitForResult(); | |
| 1881 EXPECT_EQ(OK, rv); | |
| 1882 EXPECT_TRUE(sock->IsConnected()); | |
| 1883 log.GetEntries(&entries); | |
| 1884 EXPECT_TRUE(LogContainsSSLConnectEndEvent(entries, -1)); | |
| 1885 | |
| 1886 EXPECT_FALSE(sock->WereSignedCertTimestampsReceived()); | |
| 1887 | |
| 1888 sock->Disconnect(); | |
| 1889 EXPECT_FALSE(sock->IsConnected()); | |
| 1890 } | |
| 1891 | |
| 1796 } // namespace | 1892 } // namespace |
| 1797 | 1893 |
| 1798 } // namespace net | 1894 } // namespace net |
| OLD | NEW |
