1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
|
// Copyright 2013 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "net/quic/test_tools/crypto_test_utils.h"
#include "base/memory/ref_counted.h"
#include "base/memory/scoped_ptr.h"
#include "net/base/net_errors.h"
#include "net/base/test_data_directory.h"
#include "net/cert/cert_verifier.h"
#include "net/cert/mock_cert_verifier.h"
#include "net/cert/test_root_certs.h"
#include "net/cert/x509_certificate.h"
#include "net/http/transport_security_state.h"
#include "net/quic/crypto/proof_source_chromium.h"
#include "net/quic/crypto/proof_verifier_chromium.h"
#include "net/test/cert_test_util.h"
namespace net {
namespace test {
namespace {
class TestProofVerifierChromium : public ProofVerifierChromium {
public:
TestProofVerifierChromium(
scoped_ptr<CertVerifier> cert_verifier,
scoped_ptr<TransportSecurityState> transport_security_state,
const std::string& cert_file)
: ProofVerifierChromium(cert_verifier.get(),
nullptr,
transport_security_state.get()),
cert_verifier_(cert_verifier.Pass()),
transport_security_state_(transport_security_state.Pass()) {
// Load and install the root for the validated chain.
scoped_refptr<X509Certificate> root_cert =
ImportCertFromFile(GetTestCertsDirectory(), cert_file);
scoped_root_.Reset(root_cert.get());
}
~TestProofVerifierChromium() override {}
private:
ScopedTestRoot scoped_root_;
scoped_ptr<CertVerifier> cert_verifier_;
scoped_ptr<TransportSecurityState> transport_security_state_;
};
const char kLeafCert[] = "leaf";
const char kIntermediateCert[] = "intermediate";
const char kSignature[] = "signature";
class FakeProofSource : public ProofSource {
public:
FakeProofSource() : certs_(2) {
certs_[0] = kLeafCert;
certs_[1] = kIntermediateCert;
}
~FakeProofSource() override {}
// ProofSource interface
bool GetProof(const IPAddressNumber& server_ip,
const std::string& hostname,
const std::string& server_config,
bool ecdsa_ok,
const std::vector<std::string>** out_certs,
std::string* out_signature) override {
*out_certs = &certs_;
*out_signature = kSignature;
return true;
}
private:
std::vector<std::string> certs_;
DISALLOW_COPY_AND_ASSIGN(FakeProofSource);
};
class FakeProofVerifier : public ProofVerifier {
public:
FakeProofVerifier() {}
~FakeProofVerifier() override {}
// ProofVerifier interface
QuicAsyncStatus VerifyProof(const std::string& hostname,
const std::string& server_config,
const std::vector<std::string>& certs,
const std::string& signature,
const ProofVerifyContext* verify_context,
std::string* error_details,
scoped_ptr<ProofVerifyDetails>* verify_details,
ProofVerifierCallback* callback) override {
error_details->clear();
scoped_ptr<ProofVerifyDetailsChromium> verify_details_chromium(
new ProofVerifyDetailsChromium);
if (certs.size() != 2 || certs[0] != kLeafCert ||
certs[1] != kIntermediateCert || signature != kSignature) {
*error_details = "Invalid proof";
verify_details_chromium->cert_verify_result.cert_status =
CERT_STATUS_INVALID;
*verify_details = verify_details_chromium.Pass();
return QUIC_FAILURE;
}
*verify_details = verify_details_chromium.Pass();
return QUIC_SUCCESS;
}
private:
DISALLOW_COPY_AND_ASSIGN(FakeProofVerifier);
};
} // namespace
// static
ProofSource* CryptoTestUtils::ProofSourceForTesting() {
ProofSourceChromium* source = new ProofSourceChromium();
base::FilePath certs_dir = GetTestCertsDirectory();
CHECK(source->Initialize(
certs_dir.AppendASCII("quic_chain.crt"),
certs_dir.AppendASCII("quic_test.example.com.key.pkcs8")));
return source;
}
// static
ProofVerifier* CryptoTestUtils::ProofVerifierForTesting() {
// TODO(rch): use a real cert verifier?
scoped_ptr<MockCertVerifier> cert_verifier(new MockCertVerifier());
net::CertVerifyResult verify_result;
verify_result.verified_cert =
ImportCertFromFile(GetTestCertsDirectory(), "quic_test.example.com.crt");
cert_verifier->AddResultForCertAndHost(verify_result.verified_cert.get(),
"test.example.com", verify_result, OK);
verify_result.verified_cert = ImportCertFromFile(
GetTestCertsDirectory(), "quic_test_ecc.example.com.crt");
cert_verifier->AddResultForCertAndHost(verify_result.verified_cert.get(),
"test.example.com", verify_result, OK);
return new TestProofVerifierChromium(
cert_verifier.Pass(), make_scoped_ptr(new TransportSecurityState),
"quic_root.crt");
}
// static
ProofVerifyContext* CryptoTestUtils::ProofVerifyContextForTesting() {
return new ProofVerifyContextChromium(/*cert_verify_flags=*/0, BoundNetLog());
}
// static
ProofSource* CryptoTestUtils::FakeProofSourceForTesting() {
return new FakeProofSource();
}
// static
ProofVerifier* CryptoTestUtils::FakeProofVerifierForTesting() {
return new FakeProofVerifier();
}
// static
ProofVerifyContext* CryptoTestUtils::FakeProofVerifyContextForTesting() {
return nullptr;
}
} // namespace test
} // namespace net
|
