summaryrefslogtreecommitdiff
path: root/chromium/net/quic/crypto
diff options
context:
space:
mode:
authorAllan Sandfeld Jensen <allan.jensen@qt.io>2020-10-12 14:27:29 +0200
committerAllan Sandfeld Jensen <allan.jensen@qt.io>2020-10-13 09:35:20 +0000
commitc30a6232df03e1efbd9f3b226777b07e087a1122 (patch)
treee992f45784689f373bcc38d1b79a239ebe17ee23 /chromium/net/quic/crypto
parent7b5b123ac58f58ffde0f4f6e488bcd09aa4decd3 (diff)
downloadqtwebengine-chromium-85-based.tar.gz
BASELINE: Update Chromium to 85.0.4183.14085-based
Change-Id: Iaa42f4680837c57725b1344f108c0196741f6057 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Diffstat (limited to 'chromium/net/quic/crypto')
-rw-r--r--chromium/net/quic/crypto/proof_verifier_chromium.cc10
-rw-r--r--chromium/net/quic/crypto/proof_verifier_chromium.h6
-rw-r--r--chromium/net/quic/crypto/proof_verifier_chromium_test.cc216
3 files changed, 123 insertions, 109 deletions
diff --git a/chromium/net/quic/crypto/proof_verifier_chromium.cc b/chromium/net/quic/crypto/proof_verifier_chromium.cc
index ee05dce91ca..d49b1db3218 100644
--- a/chromium/net/quic/crypto/proof_verifier_chromium.cc
+++ b/chromium/net/quic/crypto/proof_verifier_chromium.cc
@@ -16,6 +16,7 @@
#include "crypto/signature_verifier.h"
#include "net/base/host_port_pair.h"
#include "net/base/net_errors.h"
+#include "net/base/network_isolation_key.h"
#include "net/cert/cert_status_flags.h"
#include "net/cert/cert_verifier.h"
#include "net/cert/ct_policy_enforcer.h"
@@ -459,7 +460,8 @@ int ProofVerifierChromium::Job::DoVerifyCertComplete(int result) {
cert_verify_result.verified_cert.get(), cert_.get(),
verify_details_->ct_verify_result.scts,
TransportSecurityState::ENABLE_EXPECT_CT_REPORTS,
- verify_details_->ct_verify_result.policy_compliance);
+ verify_details_->ct_verify_result.policy_compliance,
+ proof_verifier_->network_isolation_key_);
if (ct_requirement_status != TransportSecurityState::CT_NOT_REQUIRED) {
verify_details_->ct_verify_result.policy_compliance_required = true;
if (verify_details_->cert_verify_result.is_issued_by_known_root) {
@@ -594,12 +596,14 @@ ProofVerifierChromium::ProofVerifierChromium(
CTPolicyEnforcer* ct_policy_enforcer,
TransportSecurityState* transport_security_state,
CTVerifier* cert_transparency_verifier,
- std::set<std::string> hostnames_to_allow_unknown_roots)
+ std::set<std::string> hostnames_to_allow_unknown_roots,
+ const NetworkIsolationKey& network_isolation_key)
: cert_verifier_(cert_verifier),
ct_policy_enforcer_(ct_policy_enforcer),
transport_security_state_(transport_security_state),
cert_transparency_verifier_(cert_transparency_verifier),
- hostnames_to_allow_unknown_roots_(hostnames_to_allow_unknown_roots) {
+ hostnames_to_allow_unknown_roots_(hostnames_to_allow_unknown_roots),
+ network_isolation_key_(network_isolation_key) {
DCHECK(cert_verifier_);
DCHECK(ct_policy_enforcer_);
DCHECK(transport_security_state_);
diff --git a/chromium/net/quic/crypto/proof_verifier_chromium.h b/chromium/net/quic/crypto/proof_verifier_chromium.h
index beacd3d0d63..f05da2eb259 100644
--- a/chromium/net/quic/crypto/proof_verifier_chromium.h
+++ b/chromium/net/quic/crypto/proof_verifier_chromium.h
@@ -13,6 +13,7 @@
#include "base/compiler_specific.h"
#include "base/macros.h"
#include "net/base/net_export.h"
+#include "net/base/network_isolation_key.h"
#include "net/cert/cert_verify_result.h"
#include "net/cert/ct_verify_result.h"
#include "net/cert/x509_certificate.h"
@@ -74,7 +75,8 @@ class NET_EXPORT_PRIVATE ProofVerifierChromium : public quic::ProofVerifier {
CTPolicyEnforcer* ct_policy_enforcer,
TransportSecurityState* transport_security_state,
CTVerifier* cert_transparency_verifier,
- std::set<std::string> hostnames_to_allow_unknown_roots);
+ std::set<std::string> hostnames_to_allow_unknown_roots,
+ const NetworkIsolationKey& network_isolation_key);
~ProofVerifierChromium() override;
// quic::ProofVerifier interface
@@ -120,6 +122,8 @@ class NET_EXPORT_PRIVATE ProofVerifierChromium : public quic::ProofVerifier {
std::set<std::string> hostnames_to_allow_unknown_roots_;
+ const NetworkIsolationKey network_isolation_key_;
+
DISALLOW_COPY_AND_ASSIGN(ProofVerifierChromium);
};
diff --git a/chromium/net/quic/crypto/proof_verifier_chromium_test.cc b/chromium/net/quic/crypto/proof_verifier_chromium_test.cc
index 62504d05827..e04f01a8566 100644
--- a/chromium/net/quic/crypto/proof_verifier_chromium_test.cc
+++ b/chromium/net/quic/crypto/proof_verifier_chromium_test.cc
@@ -10,6 +10,7 @@
#include "base/test/metrics/histogram_tester.h"
#include "net/base/completion_once_callback.h"
#include "net/base/net_errors.h"
+#include "net/base/network_isolation_key.h"
#include "net/cert/cert_status_flags.h"
#include "net/cert/cert_verifier.h"
#include "net/cert/ct_log_verifier.h"
@@ -113,6 +114,11 @@ const char kTestEmptySignature[] = "";
const char kLogDescription[] = "somelog";
+// This test exercises code that does not depend on the QUIC version in use
+// but that still requires a version so we just use the first one.
+const quic::QuicTransportVersion kTestTransportVersion =
+ quic::AllSupportedVersions().front().transport_version;
+
} // namespace
class ProofVerifierChromiumTest : public ::testing::Test {
@@ -152,7 +158,7 @@ class ProofVerifierChromiumTest : public ::testing::Test {
base::FilePath());
std::string signature;
source.GetProof(quic::QuicSocketAddress(), quic::QuicSocketAddress(),
- kTestHostname, kTestConfig, quic::QUIC_VERSION_43,
+ kTestHostname, kTestConfig, kTestTransportVersion,
kTestChloHash,
std::make_unique<SignatureSaver>(&signature));
return signature;
@@ -204,14 +210,14 @@ TEST_F(ProofVerifierChromiumTest, VerifyProof) {
MockCertVerifier dummy_verifier;
dummy_verifier.AddResultForCert(test_cert_.get(), dummy_result_, OK);
- ProofVerifierChromium proof_verifier(&dummy_verifier, &ct_policy_enforcer_,
- &transport_security_state_,
- ct_verifier_.get(), {});
+ ProofVerifierChromium proof_verifier(
+ &dummy_verifier, &ct_policy_enforcer_, &transport_security_state_,
+ ct_verifier_.get(), {}, NetworkIsolationKey());
std::unique_ptr<DummyProofVerifierCallback> callback(
new DummyProofVerifierCallback);
quic::QuicAsyncStatus status = proof_verifier.VerifyProof(
- kTestHostname, kTestPort, kTestConfig, quic::QUIC_VERSION_43,
+ kTestHostname, kTestPort, kTestConfig, kTestTransportVersion,
kTestChloHash, certs_, kTestEmptySCT, GetTestSignature(),
verify_context_.get(), &error_details_, &details_, std::move(callback));
ASSERT_EQ(quic::QUIC_SUCCESS, status);
@@ -238,14 +244,14 @@ TEST_F(ProofVerifierChromiumTest, VerifyProof) {
// verification fails.
TEST_F(ProofVerifierChromiumTest, FailsIfCertFails) {
MockCertVerifier dummy_verifier;
- ProofVerifierChromium proof_verifier(&dummy_verifier, &ct_policy_enforcer_,
- &transport_security_state_,
- ct_verifier_.get(), {});
+ ProofVerifierChromium proof_verifier(
+ &dummy_verifier, &ct_policy_enforcer_, &transport_security_state_,
+ ct_verifier_.get(), {}, NetworkIsolationKey());
std::unique_ptr<DummyProofVerifierCallback> callback(
new DummyProofVerifierCallback);
quic::QuicAsyncStatus status = proof_verifier.VerifyProof(
- kTestHostname, kTestPort, kTestConfig, quic::QUIC_VERSION_43,
+ kTestHostname, kTestPort, kTestConfig, kTestTransportVersion,
kTestChloHash, certs_, kTestEmptySCT, GetTestSignature(),
verify_context_.get(), &error_details_, &details_, std::move(callback));
ASSERT_EQ(quic::QUIC_FAILURE, status);
@@ -264,14 +270,14 @@ TEST_F(ProofVerifierChromiumTest, ValidSCTList) {
MockCertVerifier cert_verifier;
- ProofVerifierChromium proof_verifier(&cert_verifier, &ct_policy_enforcer_,
- &transport_security_state_,
- ct_verifier_.get(), {});
+ ProofVerifierChromium proof_verifier(
+ &cert_verifier, &ct_policy_enforcer_, &transport_security_state_,
+ ct_verifier_.get(), {}, NetworkIsolationKey());
std::unique_ptr<DummyProofVerifierCallback> callback(
new DummyProofVerifierCallback);
quic::QuicAsyncStatus status = proof_verifier.VerifyProof(
- kTestHostname, kTestPort, kTestConfig, quic::QUIC_VERSION_43,
+ kTestHostname, kTestPort, kTestConfig, kTestTransportVersion,
kTestChloHash, certs_, ct::GetSCTListForTesting(), kTestEmptySignature,
verify_context_.get(), &error_details_, &details_, std::move(callback));
ASSERT_EQ(quic::QUIC_FAILURE, status);
@@ -292,14 +298,14 @@ TEST_F(ProofVerifierChromiumTest, InvalidSCTList) {
ASSERT_NO_FATAL_FAILURE(GetSCTTestCertificates(&certs_));
MockCertVerifier cert_verifier;
- ProofVerifierChromium proof_verifier(&cert_verifier, &ct_policy_enforcer_,
- &transport_security_state_,
- ct_verifier_.get(), {});
+ ProofVerifierChromium proof_verifier(
+ &cert_verifier, &ct_policy_enforcer_, &transport_security_state_,
+ ct_verifier_.get(), {}, NetworkIsolationKey());
std::unique_ptr<DummyProofVerifierCallback> callback(
new DummyProofVerifierCallback);
quic::QuicAsyncStatus status = proof_verifier.VerifyProof(
- kTestHostname, kTestPort, kTestConfig, quic::QUIC_VERSION_43,
+ kTestHostname, kTestPort, kTestConfig, kTestTransportVersion,
kTestChloHash, certs_, ct::GetSCTListWithInvalidSCT(),
kTestEmptySignature, verify_context_.get(), &error_details_, &details_,
std::move(callback));
@@ -319,14 +325,14 @@ TEST_F(ProofVerifierChromiumTest, InvalidSCTList) {
// signature fails.
TEST_F(ProofVerifierChromiumTest, FailsIfSignatureFails) {
FailsTestCertVerifier cert_verifier;
- ProofVerifierChromium proof_verifier(&cert_verifier, &ct_policy_enforcer_,
- &transport_security_state_,
- ct_verifier_.get(), {});
+ ProofVerifierChromium proof_verifier(
+ &cert_verifier, &ct_policy_enforcer_, &transport_security_state_,
+ ct_verifier_.get(), {}, NetworkIsolationKey());
std::unique_ptr<DummyProofVerifierCallback> callback(
new DummyProofVerifierCallback);
quic::QuicAsyncStatus status = proof_verifier.VerifyProof(
- kTestHostname, kTestPort, kTestConfig, quic::QUIC_VERSION_43,
+ kTestHostname, kTestPort, kTestConfig, kTestTransportVersion,
kTestChloHash, certs_, kTestEmptySCT, kTestEmptySignature,
verify_context_.get(), &error_details_, &details_, std::move(callback));
ASSERT_EQ(quic::QUIC_FAILURE, status);
@@ -344,14 +350,14 @@ TEST_F(ProofVerifierChromiumTest, PreservesEVIfAllowed) {
.WillRepeatedly(
Return(ct::CTPolicyCompliance::CT_POLICY_COMPLIES_VIA_SCTS));
- ProofVerifierChromium proof_verifier(&dummy_verifier, &ct_policy_enforcer_,
- &transport_security_state_,
- ct_verifier_.get(), {});
+ ProofVerifierChromium proof_verifier(
+ &dummy_verifier, &ct_policy_enforcer_, &transport_security_state_,
+ ct_verifier_.get(), {}, NetworkIsolationKey());
std::unique_ptr<DummyProofVerifierCallback> callback(
new DummyProofVerifierCallback);
quic::QuicAsyncStatus status = proof_verifier.VerifyProof(
- kTestHostname, kTestPort, kTestConfig, quic::QUIC_VERSION_43,
+ kTestHostname, kTestPort, kTestConfig, kTestTransportVersion,
kTestChloHash, certs_, kTestEmptySCT, GetTestSignature(),
verify_context_.get(), &error_details_, &details_, std::move(callback));
ASSERT_EQ(quic::QUIC_SUCCESS, status);
@@ -387,14 +393,14 @@ TEST_F(ProofVerifierChromiumTest, StripsEVIfNotAllowed) {
.WillRepeatedly(
Return(ct::CTPolicyCompliance::CT_POLICY_NOT_ENOUGH_SCTS));
- ProofVerifierChromium proof_verifier(&dummy_verifier, &ct_policy_enforcer_,
- &transport_security_state_,
- ct_verifier_.get(), {});
+ ProofVerifierChromium proof_verifier(
+ &dummy_verifier, &ct_policy_enforcer_, &transport_security_state_,
+ ct_verifier_.get(), {}, NetworkIsolationKey());
std::unique_ptr<DummyProofVerifierCallback> callback(
new DummyProofVerifierCallback);
quic::QuicAsyncStatus status = proof_verifier.VerifyProof(
- kTestHostname, kTestPort, kTestConfig, quic::QUIC_VERSION_43,
+ kTestHostname, kTestPort, kTestConfig, kTestTransportVersion,
kTestChloHash, certs_, kTestEmptySCT, GetTestSignature(),
verify_context_.get(), &error_details_, &details_, std::move(callback));
ASSERT_EQ(quic::QUIC_SUCCESS, status);
@@ -436,14 +442,14 @@ TEST_F(ProofVerifierChromiumTest, CTEVHistogramNonCompliant) {
.WillRepeatedly(
Return(ct::CTPolicyCompliance::CT_POLICY_NOT_ENOUGH_SCTS));
- ProofVerifierChromium proof_verifier(&dummy_verifier, &ct_policy_enforcer_,
- &transport_security_state_,
- ct_verifier_.get(), {});
+ ProofVerifierChromium proof_verifier(
+ &dummy_verifier, &ct_policy_enforcer_, &transport_security_state_,
+ ct_verifier_.get(), {}, NetworkIsolationKey());
std::unique_ptr<DummyProofVerifierCallback> callback(
new DummyProofVerifierCallback);
quic::QuicAsyncStatus status = proof_verifier.VerifyProof(
- kTestHostname, kTestPort, kTestConfig, quic::QUIC_VERSION_43,
+ kTestHostname, kTestPort, kTestConfig, kTestTransportVersion,
kTestChloHash, certs_, kTestEmptySCT, GetTestSignature(),
verify_context_.get(), &error_details_, &details_, std::move(callback));
ASSERT_EQ(quic::QUIC_SUCCESS, status);
@@ -492,14 +498,14 @@ TEST_F(ProofVerifierChromiumTest, CTEVHistogramCompliant) {
.WillRepeatedly(
Return(ct::CTPolicyCompliance::CT_POLICY_COMPLIES_VIA_SCTS));
- ProofVerifierChromium proof_verifier(&dummy_verifier, &ct_policy_enforcer_,
- &transport_security_state_,
- ct_verifier_.get(), {});
+ ProofVerifierChromium proof_verifier(
+ &dummy_verifier, &ct_policy_enforcer_, &transport_security_state_,
+ ct_verifier_.get(), {}, NetworkIsolationKey());
std::unique_ptr<DummyProofVerifierCallback> callback(
new DummyProofVerifierCallback);
quic::QuicAsyncStatus status = proof_verifier.VerifyProof(
- kTestHostname, kTestPort, kTestConfig, quic::QUIC_VERSION_43,
+ kTestHostname, kTestPort, kTestConfig, kTestTransportVersion,
kTestChloHash, certs_, kTestEmptySCT, GetTestSignature(),
verify_context_.get(), &error_details_, &details_, std::move(callback));
ASSERT_EQ(quic::QUIC_SUCCESS, status);
@@ -544,14 +550,14 @@ TEST_F(ProofVerifierChromiumTest, IsFatalErrorNotSetForNonFatalError) {
dummy_verifier.AddResultForCert(test_cert_.get(), dummy_result_,
ERR_CERT_DATE_INVALID);
- ProofVerifierChromium proof_verifier(&dummy_verifier, &ct_policy_enforcer_,
- &transport_security_state_,
- ct_verifier_.get(), {});
+ ProofVerifierChromium proof_verifier(
+ &dummy_verifier, &ct_policy_enforcer_, &transport_security_state_,
+ ct_verifier_.get(), {}, NetworkIsolationKey());
std::unique_ptr<DummyProofVerifierCallback> callback(
new DummyProofVerifierCallback);
quic::QuicAsyncStatus status = proof_verifier.VerifyProof(
- kTestHostname, kTestPort, kTestConfig, quic::QUIC_VERSION_43,
+ kTestHostname, kTestPort, kTestConfig, kTestTransportVersion,
kTestChloHash, certs_, kTestEmptySCT, GetTestSignature(),
verify_context_.get(), &error_details_, &details_, std::move(callback));
ASSERT_EQ(quic::QUIC_FAILURE, status);
@@ -581,14 +587,14 @@ TEST_F(ProofVerifierChromiumTest, IsFatalErrorSetForFatalError) {
base::Time::Now() + base::TimeDelta::FromSeconds(1000);
transport_security_state_.AddHSTS(kTestHostname, expiry, true);
- ProofVerifierChromium proof_verifier(&dummy_verifier, &ct_policy_enforcer_,
- &transport_security_state_,
- ct_verifier_.get(), {});
+ ProofVerifierChromium proof_verifier(
+ &dummy_verifier, &ct_policy_enforcer_, &transport_security_state_,
+ ct_verifier_.get(), {}, NetworkIsolationKey());
std::unique_ptr<DummyProofVerifierCallback> callback(
new DummyProofVerifierCallback);
quic::QuicAsyncStatus status = proof_verifier.VerifyProof(
- kTestHostname, kTestPort, kTestConfig, quic::QUIC_VERSION_43,
+ kTestHostname, kTestPort, kTestConfig, kTestTransportVersion,
kTestChloHash, certs_, kTestEmptySCT, GetTestSignature(),
verify_context_.get(), &error_details_, &details_, std::move(callback));
ASSERT_EQ(quic::QUIC_FAILURE, status);
@@ -616,14 +622,14 @@ TEST_F(ProofVerifierChromiumTest, PKPEnforced) {
transport_security_state_.EnableStaticPinsForTesting();
ScopedTransportSecurityStateSource scoped_security_state_source;
- ProofVerifierChromium proof_verifier(&dummy_verifier, &ct_policy_enforcer_,
- &transport_security_state_,
- ct_verifier_.get(), {});
+ ProofVerifierChromium proof_verifier(
+ &dummy_verifier, &ct_policy_enforcer_, &transport_security_state_,
+ ct_verifier_.get(), {}, NetworkIsolationKey());
std::unique_ptr<DummyProofVerifierCallback> callback(
new DummyProofVerifierCallback);
quic::QuicAsyncStatus status = proof_verifier.VerifyProof(
- kCTAndPKPHost, kTestPort, kTestConfig, quic::QUIC_VERSION_43,
+ kCTAndPKPHost, kTestPort, kTestConfig, kTestTransportVersion,
kTestChloHash, certs_, kTestEmptySCT, GetTestSignature(),
verify_context_.get(), &error_details_, &details_, std::move(callback));
ASSERT_EQ(quic::QUIC_FAILURE, status);
@@ -662,14 +668,14 @@ TEST_F(ProofVerifierChromiumTest, PKPBypassFlagSet) {
transport_security_state_.EnableStaticPinsForTesting();
ScopedTransportSecurityStateSource scoped_security_state_source;
- ProofVerifierChromium proof_verifier(&dummy_verifier, &ct_policy_enforcer_,
- &transport_security_state_,
- ct_verifier_.get(), {kCTAndPKPHost});
+ ProofVerifierChromium proof_verifier(
+ &dummy_verifier, &ct_policy_enforcer_, &transport_security_state_,
+ ct_verifier_.get(), {kCTAndPKPHost}, NetworkIsolationKey());
std::unique_ptr<DummyProofVerifierCallback> callback(
new DummyProofVerifierCallback);
quic::QuicAsyncStatus status = proof_verifier.VerifyProof(
- kCTAndPKPHost, kTestPort, kTestConfig, quic::QUIC_VERSION_43,
+ kCTAndPKPHost, kTestPort, kTestConfig, kTestTransportVersion,
kTestChloHash, certs_, kTestEmptySCT, GetTestSignature(),
verify_context_.get(), &error_details_, &details_, std::move(callback));
ASSERT_EQ(quic::QUIC_SUCCESS, status);
@@ -712,14 +718,14 @@ TEST_F(ProofVerifierChromiumTest, CTIsRequired) {
.WillRepeatedly(
Return(ct::CTPolicyCompliance::CT_POLICY_NOT_ENOUGH_SCTS));
- ProofVerifierChromium proof_verifier(&dummy_verifier, &ct_policy_enforcer_,
- &transport_security_state_,
- ct_verifier_.get(), {});
+ ProofVerifierChromium proof_verifier(
+ &dummy_verifier, &ct_policy_enforcer_, &transport_security_state_,
+ ct_verifier_.get(), {}, NetworkIsolationKey());
std::unique_ptr<DummyProofVerifierCallback> callback(
new DummyProofVerifierCallback);
quic::QuicAsyncStatus status = proof_verifier.VerifyProof(
- kTestHostname, kTestPort, kTestConfig, quic::QUIC_VERSION_43,
+ kTestHostname, kTestPort, kTestConfig, kTestTransportVersion,
kTestChloHash, certs_, kTestEmptySCT, GetTestSignature(),
verify_context_.get(), &error_details_, &details_, std::move(callback));
ASSERT_EQ(quic::QUIC_FAILURE, status);
@@ -769,14 +775,14 @@ TEST_F(ProofVerifierChromiumTest, CTIsRequiredHistogramNonCompliant) {
.WillRepeatedly(
Return(ct::CTPolicyCompliance::CT_POLICY_NOT_ENOUGH_SCTS));
- ProofVerifierChromium proof_verifier(&dummy_verifier, &ct_policy_enforcer_,
- &transport_security_state_,
- ct_verifier_.get(), {});
+ ProofVerifierChromium proof_verifier(
+ &dummy_verifier, &ct_policy_enforcer_, &transport_security_state_,
+ ct_verifier_.get(), {}, NetworkIsolationKey());
std::unique_ptr<DummyProofVerifierCallback> callback(
new DummyProofVerifierCallback);
quic::QuicAsyncStatus status = proof_verifier.VerifyProof(
- kTestHostname, kTestPort, kTestConfig, quic::QUIC_VERSION_43,
+ kTestHostname, kTestPort, kTestConfig, kTestTransportVersion,
kTestChloHash, certs_, kTestEmptySCT, GetTestSignature(),
verify_context_.get(), &error_details_, &details_, std::move(callback));
ASSERT_EQ(quic::QUIC_FAILURE, status);
@@ -824,14 +830,14 @@ TEST_F(ProofVerifierChromiumTest, CTIsRequiredHistogramCompliant) {
{
MockCertVerifier dummy_verifier;
dummy_verifier.AddResultForCert(test_cert_.get(), dummy_result_, OK);
- ProofVerifierChromium proof_verifier(&dummy_verifier, &ct_policy_enforcer_,
- &transport_security_state_,
- ct_verifier_.get(), {kTestHostname});
+ ProofVerifierChromium proof_verifier(
+ &dummy_verifier, &ct_policy_enforcer_, &transport_security_state_,
+ ct_verifier_.get(), {kTestHostname}, NetworkIsolationKey());
std::unique_ptr<DummyProofVerifierCallback> callback(
new DummyProofVerifierCallback);
quic::QuicAsyncStatus status = proof_verifier.VerifyProof(
- kTestHostname, kTestPort, kTestConfig, quic::QUIC_VERSION_43,
+ kTestHostname, kTestPort, kTestConfig, kTestTransportVersion,
kTestChloHash, certs_, kTestEmptySCT, GetTestSignature(),
verify_context_.get(), &error_details_, &details_, std::move(callback));
ASSERT_EQ(quic::QUIC_SUCCESS, status);
@@ -849,14 +855,14 @@ TEST_F(ProofVerifierChromiumTest, CTIsRequiredHistogramCompliant) {
dummy_result_.is_issued_by_known_root = true;
MockCertVerifier dummy_verifier;
dummy_verifier.AddResultForCert(test_cert_.get(), dummy_result_, OK);
- ProofVerifierChromium proof_verifier(&dummy_verifier, &ct_policy_enforcer_,
- &transport_security_state_,
- ct_verifier_.get(), {});
+ ProofVerifierChromium proof_verifier(
+ &dummy_verifier, &ct_policy_enforcer_, &transport_security_state_,
+ ct_verifier_.get(), {}, NetworkIsolationKey());
std::unique_ptr<DummyProofVerifierCallback> callback(
new DummyProofVerifierCallback);
quic::QuicAsyncStatus status = proof_verifier.VerifyProof(
- kTestHostname, kTestPort, kTestConfig, quic::QUIC_VERSION_43,
+ kTestHostname, kTestPort, kTestConfig, kTestTransportVersion,
kTestChloHash, certs_, kTestEmptySCT, GetTestSignature(),
verify_context_.get(), &error_details_, &details_, std::move(callback));
ASSERT_EQ(quic::QUIC_SUCCESS, status);
@@ -892,14 +898,14 @@ TEST_F(ProofVerifierChromiumTest, CTIsNotRequiredHistogram) {
MockCertVerifier dummy_verifier;
dummy_verifier.AddResultForCert(test_cert_.get(), dummy_result_, OK);
- ProofVerifierChromium proof_verifier(&dummy_verifier, &ct_policy_enforcer_,
- &transport_security_state_,
- ct_verifier_.get(), {kTestHostname});
+ ProofVerifierChromium proof_verifier(
+ &dummy_verifier, &ct_policy_enforcer_, &transport_security_state_,
+ ct_verifier_.get(), {kTestHostname}, NetworkIsolationKey());
std::unique_ptr<DummyProofVerifierCallback> callback(
new DummyProofVerifierCallback);
quic::QuicAsyncStatus status = proof_verifier.VerifyProof(
- kTestHostname, kTestPort, kTestConfig, quic::QUIC_VERSION_43,
+ kTestHostname, kTestPort, kTestConfig, kTestTransportVersion,
kTestChloHash, certs_, kTestEmptySCT, GetTestSignature(),
verify_context_.get(), &error_details_, &details_, std::move(callback));
ASSERT_EQ(quic::QUIC_SUCCESS, status);
@@ -938,14 +944,14 @@ TEST_F(ProofVerifierChromiumTest, PKPAndCTBothTested) {
.WillRepeatedly(
Return(ct::CTPolicyCompliance::CT_POLICY_NOT_ENOUGH_SCTS));
- ProofVerifierChromium proof_verifier(&dummy_verifier, &ct_policy_enforcer_,
- &transport_security_state_,
- ct_verifier_.get(), {});
+ ProofVerifierChromium proof_verifier(
+ &dummy_verifier, &ct_policy_enforcer_, &transport_security_state_,
+ ct_verifier_.get(), {}, NetworkIsolationKey());
std::unique_ptr<DummyProofVerifierCallback> callback(
new DummyProofVerifierCallback);
quic::QuicAsyncStatus status = proof_verifier.VerifyProof(
- kCTAndPKPHost, kTestPort, kTestConfig, quic::QUIC_VERSION_43,
+ kCTAndPKPHost, kTestPort, kTestConfig, kTestTransportVersion,
kTestChloHash, certs_, kTestEmptySCT, GetTestSignature(),
verify_context_.get(), &error_details_, &details_, std::move(callback));
ASSERT_EQ(quic::QUIC_FAILURE, status);
@@ -989,14 +995,14 @@ TEST_F(ProofVerifierChromiumTest, CTComplianceStatusHistogram) {
{
MockCertVerifier dummy_verifier;
dummy_verifier.AddResultForCert(test_cert_.get(), dummy_result_, OK);
- ProofVerifierChromium proof_verifier(&dummy_verifier, &ct_policy_enforcer_,
- &transport_security_state_,
- ct_verifier_.get(), {kTestHostname});
+ ProofVerifierChromium proof_verifier(
+ &dummy_verifier, &ct_policy_enforcer_, &transport_security_state_,
+ ct_verifier_.get(), {kTestHostname}, NetworkIsolationKey());
std::unique_ptr<DummyProofVerifierCallback> callback(
new DummyProofVerifierCallback);
quic::QuicAsyncStatus status = proof_verifier.VerifyProof(
- kTestHostname, kTestPort, kTestConfig, quic::QUIC_VERSION_43,
+ kTestHostname, kTestPort, kTestConfig, kTestTransportVersion,
kTestChloHash, certs_, kTestEmptySCT, GetTestSignature(),
verify_context_.get(), &error_details_, &details_, std::move(callback));
ASSERT_EQ(quic::QUIC_SUCCESS, status);
@@ -1016,14 +1022,14 @@ TEST_F(ProofVerifierChromiumTest, CTComplianceStatusHistogram) {
dummy_result_.is_issued_by_known_root = true;
MockCertVerifier dummy_verifier;
dummy_verifier.AddResultForCert(test_cert_.get(), dummy_result_, OK);
- ProofVerifierChromium proof_verifier(&dummy_verifier, &ct_policy_enforcer_,
- &transport_security_state_,
- ct_verifier_.get(), {});
+ ProofVerifierChromium proof_verifier(
+ &dummy_verifier, &ct_policy_enforcer_, &transport_security_state_,
+ ct_verifier_.get(), {}, NetworkIsolationKey());
std::unique_ptr<DummyProofVerifierCallback> callback(
new DummyProofVerifierCallback);
quic::QuicAsyncStatus status = proof_verifier.VerifyProof(
- kTestHostname, kTestPort, kTestConfig, quic::QUIC_VERSION_43,
+ kTestHostname, kTestPort, kTestConfig, kTestTransportVersion,
kTestChloHash, certs_, kTestEmptySCT, GetTestSignature(),
verify_context_.get(), &error_details_, &details_, std::move(callback));
ASSERT_EQ(quic::QUIC_SUCCESS, status);
@@ -1065,15 +1071,15 @@ TEST_F(ProofVerifierChromiumTest, CTRequirementsFlagNotMet) {
.WillRepeatedly(
Return(ct::CTPolicyCompliance::CT_POLICY_NOT_DIVERSE_SCTS));
- ProofVerifierChromium proof_verifier(&dummy_verifier, &ct_policy_enforcer_,
- &transport_security_state_,
- ct_verifier_.get(), {});
+ ProofVerifierChromium proof_verifier(
+ &dummy_verifier, &ct_policy_enforcer_, &transport_security_state_,
+ ct_verifier_.get(), {}, NetworkIsolationKey());
{
std::unique_ptr<DummyProofVerifierCallback> callback(
new DummyProofVerifierCallback);
proof_verifier.VerifyProof(
- kTestHostname, kTestPort, kTestConfig, quic::QUIC_VERSION_43,
+ kTestHostname, kTestPort, kTestConfig, kTestTransportVersion,
kTestChloHash, certs_, kTestEmptySCT, GetTestSignature(),
verify_context_.get(), &error_details_, &details_, std::move(callback));
@@ -1118,15 +1124,15 @@ TEST_F(ProofVerifierChromiumTest, CTRequirementsFlagMet) {
.WillRepeatedly(
Return(ct::CTPolicyCompliance::CT_POLICY_COMPLIES_VIA_SCTS));
- ProofVerifierChromium proof_verifier(&dummy_verifier, &ct_policy_enforcer_,
- &transport_security_state_,
- ct_verifier_.get(), {});
+ ProofVerifierChromium proof_verifier(
+ &dummy_verifier, &ct_policy_enforcer_, &transport_security_state_,
+ ct_verifier_.get(), {}, NetworkIsolationKey());
{
std::unique_ptr<DummyProofVerifierCallback> callback(
new DummyProofVerifierCallback);
proof_verifier.VerifyProof(
- kTestHostname, kTestPort, kTestConfig, quic::QUIC_VERSION_43,
+ kTestHostname, kTestPort, kTestConfig, kTestTransportVersion,
kTestChloHash, certs_, kTestEmptySCT, GetTestSignature(),
verify_context_.get(), &error_details_, &details_, std::move(callback));
@@ -1160,14 +1166,14 @@ TEST_F(ProofVerifierChromiumTest, UnknownRootRejected) {
MockCertVerifier dummy_verifier;
dummy_verifier.AddResultForCert(test_cert_.get(), dummy_result_, OK);
- ProofVerifierChromium proof_verifier(&dummy_verifier, &ct_policy_enforcer_,
- &transport_security_state_,
- ct_verifier_.get(), {});
+ ProofVerifierChromium proof_verifier(
+ &dummy_verifier, &ct_policy_enforcer_, &transport_security_state_,
+ ct_verifier_.get(), {}, NetworkIsolationKey());
std::unique_ptr<DummyProofVerifierCallback> callback(
new DummyProofVerifierCallback);
quic::QuicAsyncStatus status = proof_verifier.VerifyProof(
- kTestHostname, kTestPort, kTestConfig, quic::QUIC_VERSION_43,
+ kTestHostname, kTestPort, kTestConfig, kTestTransportVersion,
kTestChloHash, certs_, kTestEmptySCT, GetTestSignature(),
verify_context_.get(), &error_details_, &details_, std::move(callback));
ASSERT_EQ(quic::QUIC_FAILURE, status);
@@ -1191,14 +1197,14 @@ TEST_F(ProofVerifierChromiumTest, UnknownRootAcceptedWithOverride) {
MockCertVerifier dummy_verifier;
dummy_verifier.AddResultForCert(test_cert_.get(), dummy_result_, OK);
- ProofVerifierChromium proof_verifier(&dummy_verifier, &ct_policy_enforcer_,
- &transport_security_state_,
- ct_verifier_.get(), {kTestHostname});
+ ProofVerifierChromium proof_verifier(
+ &dummy_verifier, &ct_policy_enforcer_, &transport_security_state_,
+ ct_verifier_.get(), {kTestHostname}, NetworkIsolationKey());
std::unique_ptr<DummyProofVerifierCallback> callback(
new DummyProofVerifierCallback);
quic::QuicAsyncStatus status = proof_verifier.VerifyProof(
- kTestHostname, kTestPort, kTestConfig, quic::QUIC_VERSION_43,
+ kTestHostname, kTestPort, kTestConfig, kTestTransportVersion,
kTestChloHash, certs_, kTestEmptySCT, GetTestSignature(),
verify_context_.get(), &error_details_, &details_, std::move(callback));
ASSERT_EQ(quic::QUIC_SUCCESS, status);
@@ -1227,14 +1233,14 @@ TEST_F(ProofVerifierChromiumTest, UnknownRootAcceptedWithWildcardOverride) {
MockCertVerifier dummy_verifier;
dummy_verifier.AddResultForCert(test_cert_.get(), dummy_result_, OK);
- ProofVerifierChromium proof_verifier(&dummy_verifier, &ct_policy_enforcer_,
- &transport_security_state_,
- ct_verifier_.get(), {""});
+ ProofVerifierChromium proof_verifier(
+ &dummy_verifier, &ct_policy_enforcer_, &transport_security_state_,
+ ct_verifier_.get(), {""}, NetworkIsolationKey());
std::unique_ptr<DummyProofVerifierCallback> callback(
new DummyProofVerifierCallback);
quic::QuicAsyncStatus status = proof_verifier.VerifyProof(
- kTestHostname, kTestPort, kTestConfig, quic::QUIC_VERSION_43,
+ kTestHostname, kTestPort, kTestConfig, kTestTransportVersion,
kTestChloHash, certs_, kTestEmptySCT, GetTestSignature(),
verify_context_.get(), &error_details_, &details_, std::move(callback));
ASSERT_EQ(quic::QUIC_SUCCESS, status);
View Lorry Controller Status