OLD | NEW |
(Empty) | |
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "chrome/browser/net/chrome_fraudulent_certificate_reporter.h" |
| 6 |
| 7 #include <string> |
| 8 |
| 9 #include "base/bind.h" |
| 10 #include "base/file_path.h" |
| 11 #include "base/memory/scoped_ptr.h" |
| 12 #include "base/message_loop.h" |
| 13 #include "base/synchronization/waitable_event.h" |
| 14 #include "base/threading/thread.h" |
| 15 #include "chrome/browser/net/chrome_url_request_context.h" |
| 16 #include "content/browser/browser_thread.h" |
| 17 #include "net/base/cert_test_util.h" |
| 18 #include "net/base/ssl_info.h" |
| 19 #include "net/base/transport_security_state.h" |
| 20 #include "net/base/x509_certificate.h" |
| 21 #include "net/url_request/fraudulent_certificate_reporter.h" |
| 22 #include "net/url_request/url_request.h" |
| 23 #include "testing/gtest/include/gtest/gtest.h" |
| 24 |
| 25 using net::SSLInfo; |
| 26 |
| 27 namespace chrome_browser_net { |
| 28 |
| 29 // Builds an SSLInfo from an invalid cert chain. In this case, the cert is |
| 30 // expired; what matters is that the cert would not pass even a normal |
| 31 // sanity check. We test that we DO NOT send a fraudulent certificate report |
| 32 // in this case. |
| 33 static SSLInfo GetBadSSLInfo() { |
| 34 SSLInfo info; |
| 35 |
| 36 info.cert = net::ImportCertFromFile(net::GetTestCertsDirectory(), |
| 37 "expired_cert.pem"); |
| 38 info.is_issued_by_known_root = false; |
| 39 |
| 40 return info; |
| 41 } |
| 42 |
| 43 // Builds an SSLInfo from a "good" cert chain, as defined by IsGoodSSLInfo, |
| 44 // but which does not pass DomainState::IsChainOfPublicKeysPermitted. In this |
| 45 // case, the certificate is for mail.google.com, signed by our Chrome test |
| 46 // CA. During testing, Chrome believes this CA is part of the root system |
| 47 // store. But, this CA is not in the pin list; we test that we DO send a |
| 48 // fraudulent certicate report in this case. |
| 49 static SSLInfo GetGoodSSLInfo() { |
| 50 SSLInfo info; |
| 51 |
| 52 info.cert = net::ImportCertFromFile(net::GetTestCertsDirectory(), |
| 53 "test_mail_google_com.pem"); |
| 54 info.is_issued_by_known_root = true; |
| 55 |
| 56 return info; |
| 57 } |
| 58 |
| 59 // Checks that |info| is good as required by the SSL checks performed in |
| 60 // URLRequestHttpJob::OnStartCompleted, which are enough to trigger pin |
| 61 // checking but not sufficient to pass |
| 62 // DomainState::IsChainOfPublicKeysPermitted. |
| 63 static bool IsGoodSSLInfo(const SSLInfo& info) { |
| 64 return info.is_valid() && info.is_issued_by_known_root; |
| 65 } |
| 66 |
| 67 class TestReporter : public ChromeFraudulentCertificateReporter { |
| 68 public: |
| 69 explicit TestReporter(net::URLRequestContext* request_context) |
| 70 : ChromeFraudulentCertificateReporter(request_context) {} |
| 71 }; |
| 72 |
| 73 class SendingTestReporter : public TestReporter { |
| 74 public: |
| 75 explicit SendingTestReporter(net::URLRequestContext* request_context) |
| 76 : TestReporter(request_context), passed_(false) {} |
| 77 |
| 78 // Passes if invoked with a good SSLInfo and for a hostname that is a Google |
| 79 // pinned property. |
| 80 virtual void SendReport(const std::string& hostname, |
| 81 const SSLInfo& ssl_info, |
| 82 bool sni_available) OVERRIDE { |
| 83 EXPECT_TRUE(IsGoodSSLInfo(ssl_info)); |
| 84 EXPECT_TRUE(net::TransportSecurityState::IsGooglePinnedProperty( |
| 85 hostname, sni_available)); |
| 86 passed_ = true; |
| 87 } |
| 88 |
| 89 virtual ~SendingTestReporter() { |
| 90 // If the object is destroyed without having its SendReport method invoked, |
| 91 // we failed. |
| 92 EXPECT_TRUE(passed_); |
| 93 } |
| 94 |
| 95 bool passed_; |
| 96 }; |
| 97 |
| 98 class NotSendingTestReporter : public TestReporter { |
| 99 public: |
| 100 explicit NotSendingTestReporter(net::URLRequestContext* request_context) |
| 101 : TestReporter(request_context) {} |
| 102 |
| 103 // Passes if invoked with a bad SSLInfo and for a hostname that is not a |
| 104 // Google pinned property. |
| 105 virtual void SendReport(const std::string& hostname, |
| 106 const SSLInfo& ssl_info, |
| 107 bool sni_available) OVERRIDE { |
| 108 EXPECT_FALSE(IsGoodSSLInfo(ssl_info)); |
| 109 EXPECT_FALSE(net::TransportSecurityState::IsGooglePinnedProperty( |
| 110 hostname, sni_available)); |
| 111 } |
| 112 }; |
| 113 |
| 114 // For the first version of the feature, sending reports is "fire and forget". |
| 115 // Therefore, we test only that the Reporter tried to send a request at all. |
| 116 // In the future, when we have more sophisticated (i.e., any) error handling |
| 117 // and re-tries, we will need more sopisticated tests as well. |
| 118 // |
| 119 // This class doesn't do anything now, but in near future versions it will. |
| 120 class MockURLRequest : public net::URLRequest { |
| 121 public: |
| 122 MockURLRequest() : net::URLRequest(GURL(""), NULL), passed_(false) { |
| 123 } |
| 124 |
| 125 private: |
| 126 bool passed_; |
| 127 }; |
| 128 |
| 129 // A ChromeFraudulentCertificateReporter that uses a MockURLRequest, but is |
| 130 // otherwise normal: reports are constructed and sent in the usual way. |
| 131 class MockReporter : public ChromeFraudulentCertificateReporter { |
| 132 public: |
| 133 explicit MockReporter(net::URLRequestContext* request_context) |
| 134 : ChromeFraudulentCertificateReporter(request_context) {} |
| 135 |
| 136 virtual net::URLRequest* CreateURLRequest() OVERRIDE { |
| 137 return new MockURLRequest(); |
| 138 } |
| 139 |
| 140 virtual void SendReport( |
| 141 const std::string& hostname, |
| 142 const net::SSLInfo& ssl_info, |
| 143 bool sni_available) { |
| 144 DCHECK(!hostname.empty()); |
| 145 DCHECK(ssl_info.is_valid()); |
| 146 ChromeFraudulentCertificateReporter::SendReport(hostname, ssl_info, sni_avai
lable); |
| 147 } |
| 148 }; |
| 149 |
| 150 static void DoReportIsSent() { |
| 151 scoped_refptr<ChromeURLRequestContext> context = new ChromeURLRequestContext; |
| 152 SendingTestReporter reporter(context.get()); |
| 153 SSLInfo info = GetGoodSSLInfo(); |
| 154 reporter.SendReport("mail.google.com", info, true); |
| 155 } |
| 156 |
| 157 static void DoReportIsNotSent() { |
| 158 scoped_refptr<ChromeURLRequestContext> context = new ChromeURLRequestContext; |
| 159 NotSendingTestReporter reporter(context.get()); |
| 160 SSLInfo info = GetBadSSLInfo(); |
| 161 reporter.SendReport("127.0.0.1", info, true); |
| 162 } |
| 163 |
| 164 static void DoMockReportIsSent() { |
| 165 scoped_refptr<ChromeURLRequestContext> context = new ChromeURLRequestContext; |
| 166 MockReporter reporter(context.get()); |
| 167 SSLInfo info = GetGoodSSLInfo(); |
| 168 reporter.SendReport("mail.google.com", info, true); |
| 169 } |
| 170 |
| 171 TEST(ChromeFraudulentCertificateReporterTest, GoodBadInfo) { |
| 172 SSLInfo good = GetGoodSSLInfo(); |
| 173 EXPECT_TRUE(IsGoodSSLInfo(good)); |
| 174 |
| 175 SSLInfo bad = GetBadSSLInfo(); |
| 176 EXPECT_FALSE(IsGoodSSLInfo(bad)); |
| 177 } |
| 178 |
| 179 TEST(ChromeFraudulentCertificateReporterTest, ReportIsSent) { |
| 180 MessageLoop loop(MessageLoop::TYPE_IO); |
| 181 BrowserThread io_thread(BrowserThread::IO, &loop); |
| 182 loop.PostTask(FROM_HERE, base::Bind(&DoReportIsSent)); |
| 183 loop.RunAllPending(); |
| 184 } |
| 185 |
| 186 TEST(ChromeFraudulentCertificateReporterTest, MockReportIsSent) { |
| 187 MessageLoop loop(MessageLoop::TYPE_IO); |
| 188 BrowserThread io_thread(BrowserThread::IO, &loop); |
| 189 loop.PostTask(FROM_HERE, base::Bind(&DoMockReportIsSent)); |
| 190 loop.RunAllPending(); |
| 191 } |
| 192 |
| 193 TEST(ChromeFraudulentCertificateReporterTest, ReportIsNotSent) { |
| 194 MessageLoop loop(MessageLoop::TYPE_IO); |
| 195 BrowserThread io_thread(BrowserThread::IO, &loop); |
| 196 loop.PostTask(FROM_HERE, base::Bind(&DoReportIsNotSent)); |
| 197 loop.RunAllPending(); |
| 198 } |
| 199 |
| 200 } // namespace chrome_browser_net |
| 201 |
OLD | NEW |