| Index: net/base/cert_verifier_unittest.cc
|
| ===================================================================
|
| --- net/base/cert_verifier_unittest.cc (revision 128056)
|
| +++ net/base/cert_verifier_unittest.cc (working copy)
|
| @@ -1,299 +0,0 @@
|
| -// Copyright (c) 2012 The Chromium Authors. All rights reserved.
|
| -// Use of this source code is governed by a BSD-style license that can be
|
| -// found in the LICENSE file.
|
| -
|
| -#include "net/base/cert_verifier.h"
|
| -
|
| -#include "base/bind.h"
|
| -#include "base/file_path.h"
|
| -#include "base/format_macros.h"
|
| -#include "base/stringprintf.h"
|
| -#include "net/base/cert_test_util.h"
|
| -#include "net/base/net_errors.h"
|
| -#include "net/base/net_log.h"
|
| -#include "net/base/test_completion_callback.h"
|
| -#include "net/base/x509_certificate.h"
|
| -#include "testing/gtest/include/gtest/gtest.h"
|
| -
|
| -namespace net {
|
| -
|
| -namespace {
|
| -
|
| -void FailTest(int /* result */) {
|
| - FAIL();
|
| -}
|
| -
|
| -} // namespace;
|
| -
|
| -// Tests a cache hit, which should result in synchronous completion.
|
| -#if defined(OS_MACOSX)
|
| -// http://crbug.com/117372
|
| -#define MAYBE_CacheHit FAILS_CacheHit
|
| -#else
|
| -#define MAYBE_CacheHit CacheHit
|
| -#endif // defined(OS_MACOSX)
|
| -TEST(CertVerifierTest, MAYBE_CacheHit) {
|
| - CertVerifier verifier;
|
| -
|
| - FilePath certs_dir = GetTestCertsDirectory();
|
| - scoped_refptr<X509Certificate> test_cert(
|
| - ImportCertFromFile(certs_dir, "ok_cert.pem"));
|
| - ASSERT_NE(static_cast<X509Certificate*>(NULL), test_cert);
|
| -
|
| - int error;
|
| - CertVerifyResult verify_result;
|
| - TestCompletionCallback callback;
|
| - CertVerifier::RequestHandle request_handle;
|
| -
|
| - error = verifier.Verify(test_cert, "www.example.com", 0, NULL, &verify_result,
|
| - callback.callback(), &request_handle, BoundNetLog());
|
| - ASSERT_EQ(ERR_IO_PENDING, error);
|
| - ASSERT_TRUE(request_handle != NULL);
|
| - error = callback.WaitForResult();
|
| - ASSERT_TRUE(IsCertificateError(error));
|
| - ASSERT_EQ(1u, verifier.requests());
|
| - ASSERT_EQ(0u, verifier.cache_hits());
|
| - ASSERT_EQ(0u, verifier.inflight_joins());
|
| - ASSERT_EQ(1u, verifier.GetCacheSize());
|
| -
|
| - error = verifier.Verify(test_cert, "www.example.com", 0, NULL, &verify_result,
|
| - callback.callback(), &request_handle, BoundNetLog());
|
| - // Synchronous completion.
|
| - ASSERT_NE(ERR_IO_PENDING, error);
|
| - ASSERT_TRUE(IsCertificateError(error));
|
| - ASSERT_TRUE(request_handle == NULL);
|
| - ASSERT_EQ(2u, verifier.requests());
|
| - ASSERT_EQ(1u, verifier.cache_hits());
|
| - ASSERT_EQ(0u, verifier.inflight_joins());
|
| - ASSERT_EQ(1u, verifier.GetCacheSize());
|
| -}
|
| -
|
| -// Tests the same server certificate with different intermediate CA
|
| -// certificates. These should be treated as different certificate chains even
|
| -// though the two X509Certificate objects contain the same server certificate.
|
| -TEST(CertVerifierTest, DifferentCACerts) {
|
| - CertVerifier verifier;
|
| -
|
| - FilePath certs_dir = GetTestCertsDirectory();
|
| -
|
| - scoped_refptr<X509Certificate> server_cert =
|
| - ImportCertFromFile(certs_dir, "salesforce_com_test.pem");
|
| - ASSERT_NE(static_cast<X509Certificate*>(NULL), server_cert);
|
| -
|
| - scoped_refptr<X509Certificate> intermediate_cert1 =
|
| - ImportCertFromFile(certs_dir, "verisign_intermediate_ca_2011.pem");
|
| - ASSERT_NE(static_cast<X509Certificate*>(NULL), intermediate_cert1);
|
| -
|
| - scoped_refptr<X509Certificate> intermediate_cert2 =
|
| - ImportCertFromFile(certs_dir, "verisign_intermediate_ca_2016.pem");
|
| - ASSERT_NE(static_cast<X509Certificate*>(NULL), intermediate_cert2);
|
| -
|
| - X509Certificate::OSCertHandles intermediates;
|
| - intermediates.push_back(intermediate_cert1->os_cert_handle());
|
| - scoped_refptr<X509Certificate> cert_chain1 =
|
| - X509Certificate::CreateFromHandle(server_cert->os_cert_handle(),
|
| - intermediates);
|
| -
|
| - intermediates.clear();
|
| - intermediates.push_back(intermediate_cert2->os_cert_handle());
|
| - scoped_refptr<X509Certificate> cert_chain2 =
|
| - X509Certificate::CreateFromHandle(server_cert->os_cert_handle(),
|
| - intermediates);
|
| -
|
| - int error;
|
| - CertVerifyResult verify_result;
|
| - TestCompletionCallback callback;
|
| - CertVerifier::RequestHandle request_handle;
|
| -
|
| - error = verifier.Verify(cert_chain1, "www.example.com", 0, NULL,
|
| - &verify_result, callback.callback(),
|
| - &request_handle, BoundNetLog());
|
| - ASSERT_EQ(ERR_IO_PENDING, error);
|
| - ASSERT_TRUE(request_handle != NULL);
|
| - error = callback.WaitForResult();
|
| - ASSERT_TRUE(IsCertificateError(error));
|
| - ASSERT_EQ(1u, verifier.requests());
|
| - ASSERT_EQ(0u, verifier.cache_hits());
|
| - ASSERT_EQ(0u, verifier.inflight_joins());
|
| - ASSERT_EQ(1u, verifier.GetCacheSize());
|
| -
|
| - error = verifier.Verify(cert_chain2, "www.example.com", 0, NULL,
|
| - &verify_result, callback.callback(),
|
| - &request_handle, BoundNetLog());
|
| - ASSERT_EQ(ERR_IO_PENDING, error);
|
| - ASSERT_TRUE(request_handle != NULL);
|
| - error = callback.WaitForResult();
|
| - ASSERT_TRUE(IsCertificateError(error));
|
| - ASSERT_EQ(2u, verifier.requests());
|
| - ASSERT_EQ(0u, verifier.cache_hits());
|
| - ASSERT_EQ(0u, verifier.inflight_joins());
|
| - ASSERT_EQ(2u, verifier.GetCacheSize());
|
| -}
|
| -
|
| -// Tests an inflight join.
|
| -TEST(CertVerifierTest, InflightJoin) {
|
| - CertVerifier verifier;
|
| -
|
| - FilePath certs_dir = GetTestCertsDirectory();
|
| - scoped_refptr<X509Certificate> test_cert(
|
| - ImportCertFromFile(certs_dir, "ok_cert.pem"));
|
| - ASSERT_NE(static_cast<X509Certificate*>(NULL), test_cert);
|
| -
|
| - int error;
|
| - CertVerifyResult verify_result;
|
| - TestCompletionCallback callback;
|
| - CertVerifier::RequestHandle request_handle;
|
| - CertVerifyResult verify_result2;
|
| - TestCompletionCallback callback2;
|
| - CertVerifier::RequestHandle request_handle2;
|
| -
|
| - error = verifier.Verify(test_cert, "www.example.com", 0, NULL, &verify_result,
|
| - callback.callback(), &request_handle, BoundNetLog());
|
| - ASSERT_EQ(ERR_IO_PENDING, error);
|
| - ASSERT_TRUE(request_handle != NULL);
|
| - error = verifier.Verify(
|
| - test_cert, "www.example.com", 0, NULL, &verify_result2,
|
| - callback2.callback(), &request_handle2, BoundNetLog());
|
| - ASSERT_EQ(ERR_IO_PENDING, error);
|
| - ASSERT_TRUE(request_handle2 != NULL);
|
| - error = callback.WaitForResult();
|
| - ASSERT_TRUE(IsCertificateError(error));
|
| - error = callback2.WaitForResult();
|
| - ASSERT_TRUE(IsCertificateError(error));
|
| - ASSERT_EQ(2u, verifier.requests());
|
| - ASSERT_EQ(0u, verifier.cache_hits());
|
| - ASSERT_EQ(1u, verifier.inflight_joins());
|
| -}
|
| -
|
| -// Tests that the callback of a canceled request is never made.
|
| -TEST(CertVerifierTest, CancelRequest) {
|
| - CertVerifier verifier;
|
| -
|
| - FilePath certs_dir = GetTestCertsDirectory();
|
| - scoped_refptr<X509Certificate> test_cert(
|
| - ImportCertFromFile(certs_dir, "ok_cert.pem"));
|
| - ASSERT_NE(static_cast<X509Certificate*>(NULL), test_cert);
|
| -
|
| - int error;
|
| - CertVerifyResult verify_result;
|
| - CertVerifier::RequestHandle request_handle;
|
| -
|
| - error = verifier.Verify(
|
| - test_cert, "www.example.com", 0, NULL, &verify_result,
|
| - base::Bind(&FailTest), &request_handle, BoundNetLog());
|
| - ASSERT_EQ(ERR_IO_PENDING, error);
|
| - ASSERT_TRUE(request_handle != NULL);
|
| - verifier.CancelRequest(request_handle);
|
| -
|
| - // Issue a few more requests to the worker pool and wait for their
|
| - // completion, so that the task of the canceled request (which runs on a
|
| - // worker thread) is likely to complete by the end of this test.
|
| - TestCompletionCallback callback;
|
| - for (int i = 0; i < 5; ++i) {
|
| - error = verifier.Verify(
|
| - test_cert, "www2.example.com", 0, NULL, &verify_result,
|
| - callback.callback(), &request_handle, BoundNetLog());
|
| - ASSERT_EQ(ERR_IO_PENDING, error);
|
| - ASSERT_TRUE(request_handle != NULL);
|
| - error = callback.WaitForResult();
|
| - verifier.ClearCache();
|
| - }
|
| -}
|
| -
|
| -// Tests that a canceled request is not leaked.
|
| -TEST(CertVerifierTest, CancelRequestThenQuit) {
|
| - CertVerifier verifier;
|
| -
|
| - FilePath certs_dir = GetTestCertsDirectory();
|
| - scoped_refptr<X509Certificate> test_cert(
|
| - ImportCertFromFile(certs_dir, "ok_cert.pem"));
|
| - ASSERT_NE(static_cast<X509Certificate*>(NULL), test_cert);
|
| -
|
| - int error;
|
| - CertVerifyResult verify_result;
|
| - TestCompletionCallback callback;
|
| - CertVerifier::RequestHandle request_handle;
|
| -
|
| - error = verifier.Verify(test_cert, "www.example.com", 0, NULL, &verify_result,
|
| - callback.callback(), &request_handle, BoundNetLog());
|
| - ASSERT_EQ(ERR_IO_PENDING, error);
|
| - ASSERT_TRUE(request_handle != NULL);
|
| - verifier.CancelRequest(request_handle);
|
| - // Destroy |verifier| by going out of scope.
|
| -}
|
| -
|
| -TEST(CertVerifierTest, RequestParamsComparators) {
|
| - SHA1Fingerprint a_key;
|
| - memset(a_key.data, 'a', sizeof(a_key.data));
|
| -
|
| - SHA1Fingerprint z_key;
|
| - memset(z_key.data, 'z', sizeof(z_key.data));
|
| -
|
| - struct {
|
| - // Keys to test
|
| - CertVerifier::RequestParams key1;
|
| - CertVerifier::RequestParams key2;
|
| -
|
| - // Expectation:
|
| - // -1 means key1 is less than key2
|
| - // 0 means key1 equals key2
|
| - // 1 means key1 is greater than key2
|
| - int expected_result;
|
| - } tests[] = {
|
| - { // Test for basic equivalence.
|
| - CertVerifier::RequestParams(a_key, a_key, "www.example.test", 0),
|
| - CertVerifier::RequestParams(a_key, a_key, "www.example.test", 0),
|
| - 0,
|
| - },
|
| - { // Test that different certificates but with the same CA and for
|
| - // the same host are different validation keys.
|
| - CertVerifier::RequestParams(a_key, a_key, "www.example.test", 0),
|
| - CertVerifier::RequestParams(z_key, a_key, "www.example.test", 0),
|
| - -1,
|
| - },
|
| - { // Test that the same EE certificate for the same host, but with
|
| - // different chains are different validation keys.
|
| - CertVerifier::RequestParams(a_key, z_key, "www.example.test", 0),
|
| - CertVerifier::RequestParams(a_key, a_key, "www.example.test", 0),
|
| - 1,
|
| - },
|
| - { // The same certificate, with the same chain, but for different
|
| - // hosts are different validation keys.
|
| - CertVerifier::RequestParams(a_key, a_key, "www1.example.test", 0),
|
| - CertVerifier::RequestParams(a_key, a_key, "www2.example.test", 0),
|
| - -1,
|
| - },
|
| - { // The same certificate, chain, and host, but with different flags
|
| - // are different validation keys.
|
| - CertVerifier::RequestParams(a_key, a_key, "www.example.test",
|
| - X509Certificate::VERIFY_EV_CERT),
|
| - CertVerifier::RequestParams(a_key, a_key, "www.example.test", 0),
|
| - 1,
|
| - }
|
| - };
|
| - for (size_t i = 0; i < ARRAYSIZE_UNSAFE(tests); ++i) {
|
| - SCOPED_TRACE(base::StringPrintf("Test[%" PRIuS "]", i));
|
| -
|
| - const CertVerifier::RequestParams& key1 = tests[i].key1;
|
| - const CertVerifier::RequestParams& key2 = tests[i].key2;
|
| -
|
| - switch (tests[i].expected_result) {
|
| - case -1:
|
| - EXPECT_TRUE(key1 < key2);
|
| - EXPECT_FALSE(key2 < key1);
|
| - break;
|
| - case 0:
|
| - EXPECT_FALSE(key1 < key2);
|
| - EXPECT_FALSE(key2 < key1);
|
| - break;
|
| - case 1:
|
| - EXPECT_FALSE(key1 < key2);
|
| - EXPECT_TRUE(key2 < key1);
|
| - break;
|
| - default:
|
| - FAIL() << "Invalid expectation. Can be only -1, 0, 1";
|
| - }
|
| - }
|
| -}
|
| -
|
| -} // namespace net
|
|
|
Chromium Code Reviews
Issue 9476035:
Make CertVerifier a pure virtual interface. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src