Google Git
Sign in
quiche/quiche.git/2789c408aa2677e170a7f4f8a044e42a2f5c8bfe^!/.
commit
2789c408aa2677e170a7f4f8a044e42a2f5c8bfe
[log] [tgz]
author
elburrito <elburrito@google.com>
Mon Jan 08 07:50:48 2024 -0800
committer
Copybara-Service <copybara-worker@google.com>
Mon Jan 08 07:51:42 2024 -0800
tree
4222bae6a162ba8475335226beff3e19d436890e
parent
ac3b8f2eb90ab081c4acb4c1c5bab265bd7ace01 [diff]
BlindSignAuth: Fix deserialization of StatusOr from AnonymousTokensRsaBssaClient::CreateRequest that bypasses Ok check

PiperOrigin-RevId: 596592005

diff --git a/quiche/blind_sign_auth/blind_sign_auth.cc b/quiche/blind_sign_auth/blind_sign_auth.cc
index 5d78a87..a9902cf 100644
--- a/quiche/blind_sign_auth/blind_sign_auth.cc
+++ b/quiche/blind_sign_auth/blind_sign_auth.cc

@@ -301,7 +301,7 @@
   }
   absl::StatusOr<
       anonymous_tokens::AnonymousTokensSignRequest>
-      at_sign_request = *bssa_client.value()->CreateRequest(plaintext_tokens);
+      at_sign_request = bssa_client.value()->CreateRequest(plaintext_tokens);
   if (!at_sign_request.ok()) {
     QUICHE_LOG(WARNING) << "Failed to create AT Sign Request: "
                         << at_sign_request.status();

diff --git a/quiche/blind_sign_auth/blind_sign_auth_test.cc b/quiche/blind_sign_auth/blind_sign_auth_test.cc
index 27883ce..e776f71 100644
--- a/quiche/blind_sign_auth/blind_sign_auth_test.cc
+++ b/quiche/blind_sign_auth/blind_sign_auth_test.cc

@@ -381,6 +381,42 @@
   done.WaitForNotification();
 }
 
+TEST_F(BlindSignAuthTest, TestGetTokensFailedBadRSABlindSignaturePublicKey) {
+  anonymous_tokens::Timestamp start_time;
+  start_time.set_seconds(absl::ToUnixSeconds(absl::Now() + absl::Hours(1)));
+  *public_key_proto_.mutable_key_validity_start_time() = start_time;
+  *fake_get_initial_data_response_.mutable_at_public_metadata_public_key() =
+      public_key_proto_;
+
+  BlindSignHttpResponse fake_public_key_response(
+      200, fake_get_initial_data_response_.SerializeAsString());
+
+  EXPECT_CALL(
+      mock_http_interface_,
+      DoRequest(Eq(BlindSignHttpRequestType::kGetInitialData), Eq(oauth_token_),
+                Eq(expected_get_initial_data_request_.SerializeAsString()), _))
+      .Times(1)
+      .WillOnce([=](auto&&, auto&&, auto&&, auto get_initial_data_cb) {
+        std::move(get_initial_data_cb)(fake_public_key_response);
+      });
+
+  EXPECT_CALL(mock_http_interface_,
+              DoRequest(Eq(BlindSignHttpRequestType::kAuthAndSign), _, _, _))
+      .Times(0);
+
+  int num_tokens = 1;
+  QuicheNotification done;
+  SignedTokenCallback callback =
+      [&done](absl::StatusOr<absl::Span<BlindSignToken>> tokens) {
+        EXPECT_THAT(tokens.status().code(),
+                    absl::StatusCode::kFailedPrecondition);
+        done.Notify();
+      };
+  blind_sign_auth_->GetTokens(oauth_token_, num_tokens, ProxyLayer::kProxyA,
+                              std::move(callback));
+  done.WaitForNotification();
+}
+
 TEST_F(BlindSignAuthTest, TestGetTokensFailedBadAuthAndSignResponse) {
   BlindSignHttpResponse fake_public_key_response(
       200, fake_get_initial_data_response_.SerializeAsString());