| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/socket/ssl_client_socket.h" | 5 #include "net/socket/ssl_client_socket.h" |
| 6 | 6 |
| 7 #include "base/memory/ref_counted.h" |
| 7 #include "net/base/address_list.h" | 8 #include "net/base/address_list.h" |
| 8 #include "net/base/cert_test_util.h" | 9 #include "net/base/cert_test_util.h" |
| 9 #include "net/base/host_resolver.h" | 10 #include "net/base/host_resolver.h" |
| 10 #include "net/base/io_buffer.h" | 11 #include "net/base/io_buffer.h" |
| 11 #include "net/base/mock_cert_verifier.h" | 12 #include "net/base/mock_cert_verifier.h" |
| 12 #include "net/base/net_errors.h" | 13 #include "net/base/net_errors.h" |
| 13 #include "net/base/net_log.h" | 14 #include "net/base/net_log.h" |
| 14 #include "net/base/net_log_unittest.h" | 15 #include "net/base/net_log_unittest.h" |
| 16 #include "net/base/ssl_cert_request_info.h" |
| 15 #include "net/base/ssl_config_service.h" | 17 #include "net/base/ssl_config_service.h" |
| 16 #include "net/base/test_completion_callback.h" | 18 #include "net/base/test_completion_callback.h" |
| 17 #include "net/base/test_data_directory.h" | 19 #include "net/base/test_data_directory.h" |
| 18 #include "net/base/test_root_certs.h" | 20 #include "net/base/test_root_certs.h" |
| 19 #include "net/socket/client_socket_factory.h" | 21 #include "net/socket/client_socket_factory.h" |
| 20 #include "net/socket/client_socket_handle.h" | 22 #include "net/socket/client_socket_handle.h" |
| 21 #include "net/socket/socket_test_util.h" | 23 #include "net/socket/socket_test_util.h" |
| 22 #include "net/socket/tcp_client_socket.h" | 24 #include "net/socket/tcp_client_socket.h" |
| 23 #include "net/test/test_server.h" | 25 #include "net/test/test_server.h" |
| 24 #include "testing/gtest/include/gtest/gtest.h" | 26 #include "testing/gtest/include/gtest/gtest.h" |
| (...skipping 904 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 929 ssl_info.cert->os_cert_handle(), certs[0]->os_cert_handle())); | 931 ssl_info.cert->os_cert_handle(), certs[0]->os_cert_handle())); |
| 930 EXPECT_TRUE(net::X509Certificate::IsSameOSCert( | 932 EXPECT_TRUE(net::X509Certificate::IsSameOSCert( |
| 931 intermediates[0], certs[1]->os_cert_handle())); | 933 intermediates[0], certs[1]->os_cert_handle())); |
| 932 EXPECT_TRUE(net::X509Certificate::IsSameOSCert( | 934 EXPECT_TRUE(net::X509Certificate::IsSameOSCert( |
| 933 intermediates[1], certs[2]->os_cert_handle())); | 935 intermediates[1], certs[2]->os_cert_handle())); |
| 934 | 936 |
| 935 sock->Disconnect(); | 937 sock->Disconnect(); |
| 936 EXPECT_FALSE(sock->IsConnected()); | 938 EXPECT_FALSE(sock->IsConnected()); |
| 937 } | 939 } |
| 938 | 940 |
| 941 // Verifies the correctness of GetSSLCertRequestInfo. |
| 942 class SSLClientSocketCertRequestInfoTest : public SSLClientSocketTest { |
| 943 protected: |
| 944 // Creates a test server with the given SSLOptions, connects to it and returns |
| 945 // the SSLCertRequestInfo reported by the socket. |
| 946 scoped_refptr<net::SSLCertRequestInfo> GetCertRequest( |
| 947 net::TestServer::SSLOptions ssl_options) { |
| 948 net::TestServer test_server(net::TestServer::TYPE_HTTPS, |
| 949 ssl_options, |
| 950 FilePath()); |
| 951 if (!test_server.Start()) |
| 952 return NULL; |
| 953 |
| 954 net::AddressList addr; |
| 955 if (!test_server.GetAddressList(&addr)) |
| 956 return NULL; |
| 957 |
| 958 net::TestCompletionCallback callback; |
| 959 net::CapturingNetLog log; |
| 960 net::StreamSocket* transport = new net::TCPClientSocket( |
| 961 addr, &log, net::NetLog::Source()); |
| 962 int rv = transport->Connect(callback.callback()); |
| 963 if (rv == net::ERR_IO_PENDING) |
| 964 rv = callback.WaitForResult(); |
| 965 EXPECT_EQ(net::OK, rv); |
| 966 |
| 967 scoped_ptr<net::SSLClientSocket> sock( |
| 968 CreateSSLClientSocket(transport, test_server.host_port_pair(), |
| 969 kDefaultSSLConfig)); |
| 970 EXPECT_FALSE(sock->IsConnected()); |
| 971 |
| 972 rv = sock->Connect(callback.callback()); |
| 973 if (rv == net::ERR_IO_PENDING) |
| 974 rv = callback.WaitForResult(); |
| 975 scoped_refptr<net::SSLCertRequestInfo> request_info = |
| 976 new net::SSLCertRequestInfo(); |
| 977 sock->GetSSLCertRequestInfo(request_info.get()); |
| 978 sock->Disconnect(); |
| 979 EXPECT_FALSE(sock->IsConnected()); |
| 980 |
| 981 return request_info; |
| 982 } |
| 983 |
| 984 // The following is needed to construct paths to certificates passed as |
| 985 // |client_authorities| in server SSLOptions. Current implementation of |
| 986 // RemoteTestServer (used on Android) expects relative paths, as opposed to |
| 987 // LocalTestServer, which expects absolute paths (what to fix?). |
| 988 FilePath CertDirectory() { |
| 989 #ifdef OS_ANDROID |
| 990 return net::GetTestCertsDirectoryRelative(); |
| 991 #else |
| 992 return net::GetTestCertsDirectory(); |
| 993 #endif |
| 994 } |
| 995 }; |
| 996 |
| 997 TEST_F(SSLClientSocketCertRequestInfoTest, NoAuthorities) { |
| 998 net::TestServer::SSLOptions ssl_options; |
| 999 ssl_options.request_client_certificate = true; |
| 1000 scoped_refptr<net::SSLCertRequestInfo> request_info = |
| 1001 GetCertRequest(ssl_options); |
| 1002 ASSERT_TRUE(request_info); |
| 1003 EXPECT_EQ(0u, request_info->cert_authorities.size()); |
| 1004 } |
| 1005 |
| 1006 TEST_F(SSLClientSocketCertRequestInfoTest, TwoAuthorities) { |
| 1007 const FilePath::CharType kThawteFile[] = |
| 1008 FILE_PATH_LITERAL("thawte.single.pem"); |
| 1009 const unsigned char kThawteDN[] = { |
| 1010 0x30, 0x4c, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, |
| 1011 0x02, 0x5a, 0x41, 0x31, 0x25, 0x30, 0x23, 0x06, 0x03, 0x55, 0x04, 0x0a, |
| 1012 0x13, 0x1c, 0x54, 0x68, 0x61, 0x77, 0x74, 0x65, 0x20, 0x43, 0x6f, 0x6e, |
| 1013 0x73, 0x75, 0x6c, 0x74, 0x69, 0x6e, 0x67, 0x20, 0x28, 0x50, 0x74, 0x79, |
| 1014 0x29, 0x20, 0x4c, 0x74, 0x64, 0x2e, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, |
| 1015 0x55, 0x04, 0x03, 0x13, 0x0d, 0x54, 0x68, 0x61, 0x77, 0x74, 0x65, 0x20, |
| 1016 0x53, 0x47, 0x43, 0x20, 0x43, 0x41 |
| 1017 }; |
| 1018 const size_t kThawteLen = sizeof(kThawteDN); |
| 1019 |
| 1020 const FilePath::CharType kDiginotarFile[] = |
| 1021 FILE_PATH_LITERAL("diginotar_root_ca.pem"); |
| 1022 const unsigned char kDiginotarDN[] = { |
| 1023 0x30, 0x5f, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, |
| 1024 0x02, 0x4e, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x0a, |
| 1025 0x13, 0x09, 0x44, 0x69, 0x67, 0x69, 0x4e, 0x6f, 0x74, 0x61, 0x72, 0x31, |
| 1026 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x11, 0x44, 0x69, |
| 1027 0x67, 0x69, 0x4e, 0x6f, 0x74, 0x61, 0x72, 0x20, 0x52, 0x6f, 0x6f, 0x74, |
| 1028 0x20, 0x43, 0x41, 0x31, 0x20, 0x30, 0x1e, 0x06, 0x09, 0x2a, 0x86, 0x48, |
| 1029 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x11, 0x69, 0x6e, 0x66, 0x6f, |
| 1030 0x40, 0x64, 0x69, 0x67, 0x69, 0x6e, 0x6f, 0x74, 0x61, 0x72, 0x2e, 0x6e, |
| 1031 0x6c |
| 1032 }; |
| 1033 const size_t kDiginotarLen = sizeof(kDiginotarDN); |
| 1034 |
| 1035 net::TestServer::SSLOptions ssl_options; |
| 1036 ssl_options.request_client_certificate = true; |
| 1037 ssl_options.client_authorities.push_back(CertDirectory().Append(kThawteFile)); |
| 1038 ssl_options.client_authorities.push_back( |
| 1039 CertDirectory().Append(kDiginotarFile)); |
| 1040 scoped_refptr<net::SSLCertRequestInfo> request_info = |
| 1041 GetCertRequest(ssl_options); |
| 1042 ASSERT_TRUE(request_info); |
| 1043 ASSERT_EQ(2u, request_info->cert_authorities.size()); |
| 1044 EXPECT_EQ(std::string(reinterpret_cast<const char*>(kThawteDN), kThawteLen), |
| 1045 request_info->cert_authorities[0]); |
| 1046 EXPECT_EQ( |
| 1047 std::string(reinterpret_cast<const char*>(kDiginotarDN), kDiginotarLen), |
| 1048 request_info->cert_authorities[1]); |
| 1049 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 11739004:
Add server certificate request parameters to be stored in SSLCertRequestInfo. (Closed)
Base URL: http://git.chromium.org/chromium/src.git@master