proof_verifier_chromium_test.cc | Explore in Territory

// Copyright 2015 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "net/quic/crypto/proof_verifier_chromium.h"

#include <memory>
#include <string_view>
#include <utility>

#include "base/memory/raw_ptr.h"
#include "base/memory/ref_counted.h"
#include "base/test/metrics/histogram_tester.h"
#include "base/test/scoped_feature_list.h"
#include "base/test/task_environment.h"
#include "net/base/completion_once_callback.h"
#include "net/base/features.h"
#include "net/base/net_errors.h"
#include "net/base/network_anonymization_key.h"
#include "net/cert/cert_status_flags.h"
#include "net/cert/cert_verifier.h"
#include "net/cert/ct_log_verifier.h"
#include "net/cert/ct_policy_enforcer.h"
#include "net/cert/ct_policy_status.h"
#include "net/cert/ct_serialization.h"
#include "net/cert/mock_cert_verifier.h"
#include "net/cert/multi_log_ct_verifier.h"
#include "net/cert/sct_auditing_delegate.h"
#include "net/cert/sct_status_flags.h"
#include "net/cert/x509_util.h"
#include "net/http/transport_security_state.h"
#include "net/http/transport_security_state_test_util.h"
#include "net/quic/crypto/proof_source_chromium.h"
#include "net/quic/quic_context.h"
#include "net/test/cert_test_util.h"
#include "net/test/test_data_directory.h"
#include "net/third_party/quiche/src/quiche/quic/core/crypto/proof_verifier.h"
#include "net/third_party/quiche/src/quiche/quic/core/quic_error_codes.h"
#include "testing/gmock/include/gmock/gmock.h"
#include "testing/gtest/include/gtest/gtest.h"

_;
Return;

namespace net::test {

namespace {

const char kCTAndPKPHost[] = …;

// CertVerifier that will fail the test if it is ever called.
class FailsTestCertVerifier : public CertVerifier { … };

class MockRequireCTDelegate : public TransportSecurityState::RequireCTDelegate { … };

class MockSCTAuditingDelegate : public SCTAuditingDelegate { … };

// Proof source callback which saves the signature into |signature|.
class SignatureSaver : public quic::ProofSource::Callback { … };

class DummyProofVerifierCallback : public quic::ProofVerifierCallback { … };

const char kTestHostname[] = …;
const uint16_t kTestPort = …;
const char kTestConfig[] = …;
const char kTestChloHash[] = …;
const char kTestEmptyOCSPResponse[] = …;
const char kTestEmptySCT[] = …;
const char kTestEmptySignature[] = …;

// This test exercises code that does not depend on the QUIC version in use
// but that still requires a version so we just use the first one.
const quic::QuicTransportVersion kTestTransportVersion = …;

}  // namespace

class ProofVerifierChromiumTest : public ::testing::Test { … };

TEST_F(ProofVerifierChromiumTest, VerifyProof) { … }

// Tests that the quic::ProofVerifier fails verification if certificate
// verification fails.
TEST_F(ProofVerifierChromiumTest, FailsIfCertFails) { … }

// Confirms that the parameters get passed through to the
// CertVerifier::RequestParams as expected.
TEST_F(ProofVerifierChromiumTest, PassesCertVerifierRequestParams) { … }

// Tests that the quic::ProofVerifier doesn't verify certificates if the config
// signature fails.
TEST_F(ProofVerifierChromiumTest, FailsIfSignatureFails) { … }

HashValueVector MakeHashValueVector(uint8_t tag) { … }

TEST_F(ProofVerifierChromiumTest, IsFatalErrorNotSetForNonFatalError) { … }

TEST_F(ProofVerifierChromiumTest, IsFatalErrorSetForFatalError) { … }

// Test that PKP is enforced for certificates that chain up to known roots.
TEST_F(ProofVerifierChromiumTest, PKPEnforced) { … }

// Test |pkp_bypassed| is set when PKP is bypassed due to a local
// trust anchor
TEST_F(ProofVerifierChromiumTest, PKPBypassFlagSet) { … }

// Test that when CT is required (in this case, by the delegate), the
// absence of CT information is a socket error.
TEST_F(ProofVerifierChromiumTest, CTIsRequired) { … }

// Test that CT is considered even when PKP fails.
TEST_F(ProofVerifierChromiumTest, PKPAndCTBothTested) { … }

TEST_F(ProofVerifierChromiumTest, UnknownRootRejected) { … }

TEST_F(ProofVerifierChromiumTest, UnknownRootAcceptedWithOverride) { … }

TEST_F(ProofVerifierChromiumTest, UnknownRootAcceptedWithWildcardOverride) { … }

// Tests that the SCTAuditingDelegate is called to enqueue SCT reports when
// verifying a good proof and cert.
TEST_F(ProofVerifierChromiumTest, SCTAuditingReportCollected) { … }

// Make sure that destroying ProofVerifierChromium while there's a pending
// request doesn't result in any raw pointer warnings or other crashes.
TEST_F(ProofVerifierChromiumTest, DestroyWithPendingRequest) { … }

}  // namespace net::test
chromium/net/quic/crypto/proof_verifier_chromium_test.cc
