// Copyright 2020 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "services/cert_verifier/cert_verifier_service_factory.h" #include <cstddef> #include <memory> #include <string_view> #include <vector> #include "base/check_op.h" #include "base/files/file_path.h" #include "base/files/file_util.h" #include "base/functional/bind.h" #include "base/functional/callback_helpers.h" #include "base/memory/scoped_refptr.h" #include "base/run_loop.h" #include "base/test/bind.h" #include "base/test/task_environment.h" #include "base/time/time.h" #include "crypto/ec_private_key.h" #include "crypto/sha2.h" #include "mojo/public/cpp/base/proto_wrapper.h" #include "mojo/public/cpp/bindings/pending_receiver.h" #include "mojo/public/cpp/bindings/pending_remote.h" #include "mojo/public/cpp/bindings/remote.h" #include "net/base/net_errors.h" #include "net/cert/cert_status_flags.h" #include "net/cert/cert_verify_result.h" #include "net/cert/test_root_certs.h" #include "net/cert/x509_certificate.h" #include "net/cert/x509_util.h" #include "net/log/net_log_with_source.h" #include "net/net_buildflags.h" #include "net/test/cert_builder.h" #include "net/test/cert_test_util.h" #include "net/test/gtest_util.h" #include "net/test/test_data_directory.h" #include "services/cert_verifier/public/mojom/cert_verifier_service_factory.mojom.h" #include "services/network/public/mojom/cert_verifier_service.mojom.h" #include "services/network/public/mojom/network_context.mojom.h" #include "services/network/public/mojom/url_loader_factory.mojom.h" #include "testing/gtest/include/gtest/gtest.h" #include "testing/platform_test.h" #if BUILDFLAG(IS_CT_SUPPORTED) #include "components/certificate_transparency/chrome_ct_policy_enforcer.h" #include "services/network/public/mojom/ct_log_info.mojom.h" #endif #if BUILDFLAG(CHROME_ROOT_STORE_SUPPORTED) #include "base/version_info/version_info.h" // nogncheck #include "mojo/public/cpp/base/big_buffer.h" #include "net/cert/internal/trust_store_chrome.h" #include "net/cert/root_store_proto_lite/root_store.pb.h" #include "third_party/boringssl/src/pki/input.h" #include "third_party/boringssl/src/pki/parse_name.h" #endif IsError; IsOk; namespace cert_verifier { namespace { struct DummyCVServiceRequest : public mojom::CertVerifierRequest { … }; class DummyCVServiceClient : public mojom::CertVerifierServiceClient { … }; std::tuple<int, net::CertVerifyResult> Verify( const mojo::Remote<mojom::CertVerifierService>& cv_service_remote, scoped_refptr<net::X509Certificate> cert, const std::string& hostname) { … } void UpdateCRLSetWithTestFile( CertVerifierServiceFactoryImpl* cv_service_factory_impl, std::string_view crlset_file_name) { … } void EnableChromeRootStoreIfOptional(CertVerifierServiceFactoryImpl* factory) { … } } // namespace TEST(CertVerifierServiceFactoryTest, GetNewCertVerifier) { … } #if BUILDFLAG(CHROME_ROOT_STORE_SUPPORTED) // Test that a new Cert verifier will use an updated Chrome Root Store if // one was already passed into CertVerifierServiceFactory. TEST(CertVerifierServiceFactoryTest, GetNewCertVerifierWithUpdatedRootStore) { … } // Test that an existing CertVerifierService will use an updated Chrome Root // Store if one is provided to the CertVerifierServiceFactory TEST(CertVerifierServiceFactoryTest, UpdateExistingCertVerifierWithRootStore) { … } TEST(CertVerifierServiceFactoryTest, OldRootStoreUpdateIgnored) { … } TEST(CertVerifierServiceFactoryTest, BadRootStoreUpdateIgnored) { … } void GetRootStoreInfo(cert_verifier::mojom::ChromeRootStoreInfoPtr* return_ptr, base::RepeatingClosure quit_closure, cert_verifier::mojom::ChromeRootStoreInfoPtr info) { … } TEST(CertVerifierServiceFactoryTest, RootStoreInfoWithUpdatedRootStore) { … } std::string CurVersionString() { … } std::string NextVersionString() { … } std::string PrevVersionString() { … } TEST(CertVerifierServiceFactoryTest, RootStoreInfoWithVersionConstraintUnmet) { … } TEST(CertVerifierServiceFactoryTest, RootStoreInfoWithVersionConstraintMet) { … } TEST(CertVerifierServiceFactoryTest, RootStoreInfoWithCompiledRootStore) { … } #endif // BUILDFLAG(CHROME_ROOT_STORE_SUPPORTED) #if BUILDFLAG(IS_CT_SUPPORTED) TEST(CertVerifierServiceFactoryTest, UpdateCtLogList) { … } TEST(CertVerifierServiceFactoryTest, CTPolicyEnforcerConfig) { … } TEST(CertVerifierServiceFactoryTest, CTPolicyEnforcerConfigWithOperatorSwitches) { … } #endif class CertVerifierServiceFactoryBuiltinVerifierTest : public ::testing::Test { … }; // Test that a new Cert verifier will use an updated CRLSet if // one was already passed into CertVerifierServiceFactory. TEST_F(CertVerifierServiceFactoryBuiltinVerifierTest, GetNewCertVerifierWithUpdatedCRLSet) { … } // Test that an existing CertVerifierService will use an updated CRLSet if one // is provided to the CertVerifierServiceFactory TEST_F(CertVerifierServiceFactoryBuiltinVerifierTest, UpdateExistingCertVerifierWithCRLSet) { … } // Verifies newer CRLSets (by sequence number) are applied. TEST_F(CertVerifierServiceFactoryBuiltinVerifierTest, CRLSetIsUpdatedIfNewer) { … } // Verifies that attempting to send an older CRLSet (by sequence number) // does not apply to existing or new contexts. TEST_F(CertVerifierServiceFactoryBuiltinVerifierTest, CRLSetDoesNotDowngrade) { … } // Verifies that attempting to send an invalid CRLSet does not affect existing // or new contexts. TEST_F(CertVerifierServiceFactoryBuiltinVerifierTest, BadCRLSetIgnored) { … } TEST_F(CertVerifierServiceFactoryBuiltinVerifierTest, GetNewCertVerifierWithAdditionalCerts) { … } // Tests that UpdateNetworkTime being called causes new cert verifiers to use // the time tracker time for verification. TEST_F(CertVerifierServiceFactoryBuiltinVerifierTest, UpdateNetworkTimeNewVerifier) { … } // Tests that UpdateNetworkTime being called causes existing cert verifiers to // use the time tracker time for verification. TEST_F(CertVerifierServiceFactoryBuiltinVerifierTest, UpdateNetworkTimeExistingVerifier) { … } } // namespace cert_verifier
Codebase Browser
chromium