Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(80)

Side by Side Diff: chrome/browser/net/chrome_fraudulent_certificate_reporter_unittest.cc

Issue 8302019: Recommit fraudulent certificate reporting infrastructure. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: '' Created 9 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
OLDNEW
(Empty)
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chrome/browser/net/chrome_fraudulent_certificate_reporter.h"
6
7 #include <string>
8
9 #include "base/bind.h"
10 #include "base/file_path.h"
11 #include "base/memory/scoped_ptr.h"
12 #include "base/message_loop.h"
13 #include "base/synchronization/waitable_event.h"
14 #include "base/threading/thread.h"
15 #include "chrome/browser/net/chrome_url_request_context.h"
16 #include "content/browser/browser_thread.h"
17 #include "net/base/cert_test_util.h"
18 #include "net/base/ssl_info.h"
19 #include "net/base/transport_security_state.h"
20 #include "net/base/x509_certificate.h"
21 #include "net/url_request/fraudulent_certificate_reporter.h"
22 #include "net/url_request/url_request.h"
23 #include "testing/gtest/include/gtest/gtest.h"
24
25 using net::SSLInfo;
26
27 namespace chrome_browser_net {
28
29 // Builds an SSLInfo from an invalid cert chain. In this case, the cert is
30 // expired; what matters is that the cert would not pass even a normal
31 // sanity check. We test that we DO NOT send a fraudulent certificate report
32 // in this case.
33 static SSLInfo GetBadSSLInfo() {
34 SSLInfo info;
35
36 info.cert = net::ImportCertFromFile(net::GetTestCertsDirectory(),
37 "expired_cert.pem");
38 info.is_issued_by_known_root = false;
39
40 return info;
41 }
42
43 // Builds an SSLInfo from a "good" cert chain, as defined by IsGoodSSLInfo,
44 // but which does not pass DomainState::IsChainOfPublicKeysPermitted. In this
45 // case, the certificate is for mail.google.com, signed by our Chrome test
46 // CA. During testing, Chrome believes this CA is part of the root system
47 // store. But, this CA is not in the pin list; we test that we DO send a
48 // fraudulent certicate report in this case.
49 static SSLInfo GetGoodSSLInfo() {
50 SSLInfo info;
51
52 info.cert = net::ImportCertFromFile(net::GetTestCertsDirectory(),
53 "test_mail_google_com.pem");
54 info.is_issued_by_known_root = true;
55
56 return info;
57 }
58
59 // Checks that |info| is good as required by the SSL checks performed in
60 // URLRequestHttpJob::OnStartCompleted, which are enough to trigger pin
61 // checking but not sufficient to pass
62 // DomainState::IsChainOfPublicKeysPermitted.
63 static bool IsGoodSSLInfo(const SSLInfo& info) {
64 return info.is_valid() && info.is_issued_by_known_root;
65 }
66
67 class TestReporter : public ChromeFraudulentCertificateReporter {
68 public:
69 explicit TestReporter(net::URLRequestContext* request_context)
70 : ChromeFraudulentCertificateReporter(request_context) {}
71 };
72
73 class SendingTestReporter : public TestReporter {
74 public:
75 explicit SendingTestReporter(net::URLRequestContext* request_context)
76 : TestReporter(request_context), passed_(false) {}
77
78 // Passes if invoked with a good SSLInfo and for a hostname that is a Google
79 // pinned property.
80 virtual void SendReport(const std::string& hostname,
81 const SSLInfo& ssl_info,
82 bool sni_available) OVERRIDE {
83 EXPECT_TRUE(IsGoodSSLInfo(ssl_info));
84 EXPECT_TRUE(net::TransportSecurityState::IsGooglePinnedProperty(
85 hostname, sni_available));
86 passed_ = true;
87 }
88
89 virtual ~SendingTestReporter() {
90 // If the object is destroyed without having its SendReport method invoked,
91 // we failed.
92 EXPECT_TRUE(passed_);
93 }
94
95 bool passed_;
96 };
97
98 class NotSendingTestReporter : public TestReporter {
99 public:
100 explicit NotSendingTestReporter(net::URLRequestContext* request_context)
101 : TestReporter(request_context) {}
102
103 // Passes if invoked with a bad SSLInfo and for a hostname that is not a
104 // Google pinned property.
105 virtual void SendReport(const std::string& hostname,
106 const SSLInfo& ssl_info,
107 bool sni_available) OVERRIDE {
108 EXPECT_FALSE(IsGoodSSLInfo(ssl_info));
109 EXPECT_FALSE(net::TransportSecurityState::IsGooglePinnedProperty(
110 hostname, sni_available));
111 }
112 };
113
114 // For the first version of the feature, sending reports is "fire and forget".
115 // Therefore, we test only that the Reporter tried to send a request at all.
116 // In the future, when we have more sophisticated (i.e., any) error handling
117 // and re-tries, we will need more sopisticated tests as well.
118 //
119 // This class doesn't do anything now, but in near future versions it will.
120 class MockURLRequest : public net::URLRequest {
121 public:
122 MockURLRequest() : net::URLRequest(GURL(""), NULL), passed_(false) {
123 }
124
125 private:
126 bool passed_;
127 };
128
129 // A ChromeFraudulentCertificateReporter that uses a MockURLRequest, but is
130 // otherwise normal: reports are constructed and sent in the usual way.
131 class MockReporter : public ChromeFraudulentCertificateReporter {
132 public:
133 explicit MockReporter(net::URLRequestContext* request_context)
134 : ChromeFraudulentCertificateReporter(request_context) {}
135
136 virtual net::URLRequest* CreateURLRequest() OVERRIDE {
137 return new MockURLRequest();
138 }
139
140 virtual void SendReport(
141 const std::string& hostname,
142 const net::SSLInfo& ssl_info,
143 bool sni_available) {
144 DCHECK(!hostname.empty());
145 DCHECK(ssl_info.is_valid());
146 ChromeFraudulentCertificateReporter::SendReport(hostname, ssl_info, sni_avai lable);
147 }
148 };
149
150 static void DoReportIsSent() {
151 scoped_refptr<ChromeURLRequestContext> context = new ChromeURLRequestContext;
152 SendingTestReporter reporter(context.get());
153 SSLInfo info = GetGoodSSLInfo();
154 reporter.SendReport("mail.google.com", info, true);
155 }
156
157 static void DoReportIsNotSent() {
158 scoped_refptr<ChromeURLRequestContext> context = new ChromeURLRequestContext;
159 NotSendingTestReporter reporter(context.get());
160 SSLInfo info = GetBadSSLInfo();
161 reporter.SendReport("127.0.0.1", info, true);
162 }
163
164 static void DoMockReportIsSent() {
165 scoped_refptr<ChromeURLRequestContext> context = new ChromeURLRequestContext;
166 MockReporter reporter(context.get());
167 SSLInfo info = GetGoodSSLInfo();
168 reporter.SendReport("mail.google.com", info, true);
169 }
170
171 TEST(ChromeFraudulentCertificateReporterTest, GoodBadInfo) {
172 SSLInfo good = GetGoodSSLInfo();
173 EXPECT_TRUE(IsGoodSSLInfo(good));
174
175 SSLInfo bad = GetBadSSLInfo();
176 EXPECT_FALSE(IsGoodSSLInfo(bad));
177 }
178
179 TEST(ChromeFraudulentCertificateReporterTest, ReportIsSent) {
180 MessageLoop loop(MessageLoop::TYPE_IO);
181 BrowserThread io_thread(BrowserThread::IO, &loop);
182 loop.PostTask(FROM_HERE, base::Bind(&DoReportIsSent));
183 loop.RunAllPending();
184 }
185
186 TEST(ChromeFraudulentCertificateReporterTest, MockReportIsSent) {
187 MessageLoop loop(MessageLoop::TYPE_IO);
188 BrowserThread io_thread(BrowserThread::IO, &loop);
189 loop.PostTask(FROM_HERE, base::Bind(&DoMockReportIsSent));
190 loop.RunAllPending();
191 }
192
193 TEST(ChromeFraudulentCertificateReporterTest, ReportIsNotSent) {
194 MessageLoop loop(MessageLoop::TYPE_IO);
195 BrowserThread io_thread(BrowserThread::IO, &loop);
196 loop.PostTask(FROM_HERE, base::Bind(&DoReportIsNotSent));
197 loop.RunAllPending();
198 }
199
200 } // namespace chrome_browser_net
201
OLDNEW
« no previous file with comments | « chrome/browser/net/chrome_fraudulent_certificate_reporter.cc ('k') | chrome/chrome_browser.gypi » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698