| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/safe_browsing/download_protection_service.h" | 5 #include "chrome/browser/safe_browsing/download_protection_service.h" |
| 6 | 6 |
| 7 #include <map> | 7 #include <map> |
| 8 #include <string> | 8 #include <string> |
| 9 | 9 |
| 10 #include "base/base_paths.h" | 10 #include "base/base_paths.h" |
| 11 #include "base/bind.h" | 11 #include "base/bind.h" |
| 12 #include "base/callback.h" | 12 #include "base/callback.h" |
| 13 #include "base/file_path.h" | 13 #include "base/file_path.h" |
| 14 #include "base/file_util.h" | 14 #include "base/file_util.h" |
| 15 #include "base/memory/ref_counted.h" | 15 #include "base/memory/ref_counted.h" |
| 16 #include "base/memory/scoped_ptr.h" | 16 #include "base/memory/scoped_ptr.h" |
| 17 #include "base/message_loop.h" | 17 #include "base/message_loop.h" |
| 18 #include "base/path_service.h" | 18 #include "base/path_service.h" |
| 19 #include "base/string_number_conversions.h" | 19 #include "base/string_number_conversions.h" |
| 20 #include "chrome/browser/safe_browsing/safe_browsing_service.h" | 20 #include "chrome/browser/safe_browsing/safe_browsing_service.h" |
| 21 #include "chrome/browser/safe_browsing/signature_util.h" | 21 #include "chrome/browser/safe_browsing/signature_util.h" |
| 22 #include "chrome/common/safe_browsing/csd.pb.h" | 22 #include "chrome/common/safe_browsing/csd.pb.h" |
| 23 #include "content/browser/download/download_item.h" | 23 #include "content/browser/download/download_item.h" |
| 24 #include "content/public/common/url_fetcher_delegate.h" | 24 #include "content/public/common/url_fetcher_delegate.h" |
| 25 #include "content/test/test_browser_thread.h" | 25 #include "content/test/test_browser_thread.h" |
| 26 #include "content/test/test_url_fetcher_factory.h" | 26 #include "content/test/test_url_fetcher_factory.h" |
| 27 #include "crypto/rsa_private_key.h" | |
| 28 #include "googleurl/src/gurl.h" | 27 #include "googleurl/src/gurl.h" |
| 29 #include "net/base/x509_certificate.h" | 28 #include "net/base/x509_certificate.h" |
| 30 #include "testing/gmock/include/gmock/gmock.h" | 29 #include "testing/gmock/include/gmock/gmock.h" |
| 31 #include "testing/gtest/include/gtest/gtest.h" | 30 #include "testing/gtest/include/gtest/gtest.h" |
| 32 | 31 |
| 33 using ::testing::ContainerEq; | 32 using ::testing::ContainerEq; |
| 34 using ::testing::DoAll; | 33 using ::testing::DoAll; |
| 35 using ::testing::ElementsAre; | 34 using ::testing::ElementsAre; |
| 36 using ::testing::Mock; | 35 using ::testing::Mock; |
| 37 using ::testing::NotNull; | 36 using ::testing::NotNull; |
| (...skipping 144 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 182 | 181 |
| 183 // Proxy for private method. | 182 // Proxy for private method. |
| 184 static void GetCertificateWhitelistStrings( | 183 static void GetCertificateWhitelistStrings( |
| 185 const net::X509Certificate& certificate, | 184 const net::X509Certificate& certificate, |
| 186 const net::X509Certificate& issuer, | 185 const net::X509Certificate& issuer, |
| 187 std::vector<std::string>* whitelist_strings) { | 186 std::vector<std::string>* whitelist_strings) { |
| 188 DownloadProtectionService::GetCertificateWhitelistStrings( | 187 DownloadProtectionService::GetCertificateWhitelistStrings( |
| 189 certificate, issuer, whitelist_strings); | 188 certificate, issuer, whitelist_strings); |
| 190 } | 189 } |
| 191 | 190 |
| 191 // Reads a single PEM-encoded certificate from the testdata directory. |
| 192 // Returns NULL on failure. |
| 193 scoped_refptr<net::X509Certificate> ReadTestCertificate( |
| 194 const std::string& filename) { |
| 195 std::string cert_data; |
| 196 if (!file_util::ReadFileToString(testdata_path_.AppendASCII(filename), |
| 197 &cert_data)) { |
| 198 return NULL; |
| 199 } |
| 200 net::CertificateList certs = |
| 201 net::X509Certificate::CreateCertificateListFromBytes( |
| 202 cert_data.data(), |
| 203 cert_data.size(), |
| 204 net::X509Certificate::FORMAT_PEM_CERT_SEQUENCE); |
| 205 return certs.empty() ? NULL : certs[0]; |
| 206 } |
| 207 |
| 192 private: | 208 private: |
| 193 // Helper functions for FlushThreadMessageLoops. | 209 // Helper functions for FlushThreadMessageLoops. |
| 194 void RunAllPendingAndQuitUI() { | 210 void RunAllPendingAndQuitUI() { |
| 195 MessageLoop::current()->RunAllPending(); | 211 MessageLoop::current()->RunAllPending(); |
| 196 BrowserThread::PostTask( | 212 BrowserThread::PostTask( |
| 197 BrowserThread::UI, | 213 BrowserThread::UI, |
| 198 FROM_HERE, | 214 FROM_HERE, |
| 199 base::Bind(&DownloadProtectionServiceTest::QuitMessageLoop, | 215 base::Bind(&DownloadProtectionServiceTest::QuitMessageLoop, |
| 200 base::Unretained(this))); | 216 base::Unretained(this))); |
| 201 } | 217 } |
| (...skipping 534 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 736 info, | 752 info, |
| 737 base::Bind(&DownloadProtectionServiceTest::CheckDoneCallback, | 753 base::Bind(&DownloadProtectionServiceTest::CheckDoneCallback, |
| 738 base::Unretained(this))); | 754 base::Unretained(this))); |
| 739 | 755 |
| 740 // The request should time out because the HTTP request hasn't returned | 756 // The request should time out because the HTTP request hasn't returned |
| 741 // anything yet. | 757 // anything yet. |
| 742 msg_loop_.Run(); | 758 msg_loop_.Run(); |
| 743 ExpectResult(DownloadProtectionService::SAFE); | 759 ExpectResult(DownloadProtectionService::SAFE); |
| 744 } | 760 } |
| 745 | 761 |
| 746 TEST_F(DownloadProtectionServiceTest, | 762 TEST_F(DownloadProtectionServiceTest, GetCertificateWhitelistStrings) { |
| 747 GetCertificateWhitelistStrings_TestCert) { | |
| 748 std::string cert_data; | |
| 749 ASSERT_TRUE(file_util::ReadFileToString(testdata_path_.AppendASCII( | |
| 750 "signature_util_test.cer"), &cert_data)); | |
| 751 | |
| 752 scoped_refptr<net::X509Certificate> cert( | |
| 753 net::X509Certificate::CreateFromBytes(cert_data.data(), | |
| 754 cert_data.size())); | |
| 755 ASSERT_TRUE(cert.get()); | |
| 756 | |
| 757 std::vector<std::string> whitelist_strings; | |
| 758 GetCertificateWhitelistStrings(*cert, *cert, &whitelist_strings); | |
| 759 | |
| 760 EXPECT_THAT(whitelist_strings, ElementsAre( | |
| 761 "cert/58AFF702772EB67BDD412571BA40AAC07F0D936C" | |
| 762 "/CN=Joe's-Software-Emporium")); | |
| 763 } | |
| 764 | |
| 765 // Only some implementations have the ability to generate self-signed certs. | |
| 766 #if defined(USE_NSS) || defined(OS_WIN) || defined(OS_MACOSX) | |
| 767 TEST_F(DownloadProtectionServiceTest, | |
| 768 GetCertificateWhitelistStrings_SelfSigned) { | |
| 769 scoped_ptr<crypto::RSAPrivateKey> private_key( | |
| 770 crypto::RSAPrivateKey::Create(1024)); | |
| 771 // We'll pass this cert in as the "issuer", even though it isn't really | 763 // We'll pass this cert in as the "issuer", even though it isn't really |
| 772 // used to sign the certs below. GetCertificateWhitelistStirngs doesn't care | 764 // used to sign the certs below. GetCertificateWhitelistStirngs doesn't care |
| 773 // about this. | 765 // about this. |
| 774 scoped_refptr<net::X509Certificate> issuer_cert = | 766 scoped_refptr<net::X509Certificate> issuer_cert( |
| 775 net::X509Certificate::CreateSelfSigned( | 767 ReadTestCertificate("issuer.pem")); |
| 776 private_key.get(), "CN=issuer", 1, base::TimeDelta::FromDays(1)); | |
| 777 ASSERT_TRUE(issuer_cert.get()); | 768 ASSERT_TRUE(issuer_cert.get()); |
| 778 std::string cert_base = "cert/" + base::HexEncode( | 769 std::string cert_base = "cert/" + base::HexEncode( |
| 779 issuer_cert->fingerprint().data, | 770 issuer_cert->fingerprint().data, |
| 780 sizeof(issuer_cert->fingerprint().data)); | 771 sizeof(issuer_cert->fingerprint().data)); |
| 781 | 772 |
| 782 scoped_refptr<net::X509Certificate> cert = | 773 scoped_refptr<net::X509Certificate> cert(ReadTestCertificate("test_cn.pem")); |
| 783 net::X509Certificate::CreateSelfSigned( | |
| 784 private_key.get(), "CN=subject/%1", 1, base::TimeDelta::FromDays(1)); | |
| 785 ASSERT_TRUE(cert.get()); | 774 ASSERT_TRUE(cert.get()); |
| 786 std::vector<std::string> whitelist_strings; | 775 std::vector<std::string> whitelist_strings; |
| 787 GetCertificateWhitelistStrings(*cert, *issuer_cert, &whitelist_strings); | 776 GetCertificateWhitelistStrings(*cert, *issuer_cert, &whitelist_strings); |
| 788 // This also tests escaping of characters in the certificate attributes. | 777 // This also tests escaping of characters in the certificate attributes. |
| 789 EXPECT_THAT(whitelist_strings, ElementsAre( | 778 EXPECT_THAT(whitelist_strings, ElementsAre( |
| 790 cert_base + "/CN=subject%2F%251")); | 779 cert_base + "/CN=subject%2F%251")); |
| 791 | 780 |
| 792 cert = net::X509Certificate::CreateSelfSigned( | 781 cert = ReadTestCertificate("test_cn_o.pem"); |
| 793 private_key.get(), "CN=subject,O=org", 1, base::TimeDelta::FromDays(1)); | |
| 794 ASSERT_TRUE(cert.get()); | 782 ASSERT_TRUE(cert.get()); |
| 795 whitelist_strings.clear(); | 783 whitelist_strings.clear(); |
| 796 GetCertificateWhitelistStrings(*cert, *issuer_cert, &whitelist_strings); | 784 GetCertificateWhitelistStrings(*cert, *issuer_cert, &whitelist_strings); |
| 797 EXPECT_THAT(whitelist_strings, ElementsAre( | 785 EXPECT_THAT(whitelist_strings, ElementsAre( |
| 798 cert_base + "/CN=subject", | 786 cert_base + "/CN=subject", |
| 799 cert_base + "/CN=subject/O=org", | 787 cert_base + "/CN=subject/O=org", |
| 800 cert_base + "/O=org")); | 788 cert_base + "/O=org")); |
| 801 | 789 |
| 802 cert = net::X509Certificate::CreateSelfSigned( | 790 cert = ReadTestCertificate("test_cn_o_ou.pem"); |
| 803 private_key.get(), "CN=subject,O=org,OU=unit", 1, | |
| 804 base::TimeDelta::FromDays(1)); | |
| 805 ASSERT_TRUE(cert.get()); | 791 ASSERT_TRUE(cert.get()); |
| 806 whitelist_strings.clear(); | 792 whitelist_strings.clear(); |
| 807 GetCertificateWhitelistStrings(*cert, *issuer_cert, &whitelist_strings); | 793 GetCertificateWhitelistStrings(*cert, *issuer_cert, &whitelist_strings); |
| 808 EXPECT_THAT(whitelist_strings, ElementsAre( | 794 EXPECT_THAT(whitelist_strings, ElementsAre( |
| 809 cert_base + "/CN=subject", | 795 cert_base + "/CN=subject", |
| 810 cert_base + "/CN=subject/O=org", | 796 cert_base + "/CN=subject/O=org", |
| 811 cert_base + "/CN=subject/O=org/OU=unit", | 797 cert_base + "/CN=subject/O=org/OU=unit", |
| 812 cert_base + "/CN=subject/OU=unit", | 798 cert_base + "/CN=subject/OU=unit", |
| 813 cert_base + "/O=org", | 799 cert_base + "/O=org", |
| 814 cert_base + "/O=org/OU=unit", | 800 cert_base + "/O=org/OU=unit", |
| 815 cert_base + "/OU=unit")); | 801 cert_base + "/OU=unit")); |
| 816 | 802 |
| 817 cert = net::X509Certificate::CreateSelfSigned( | 803 cert = ReadTestCertificate("test_cn_ou.pem"); |
| 818 private_key.get(), "CN=subject,OU=unit", 1, | |
| 819 base::TimeDelta::FromDays(1)); | |
| 820 ASSERT_TRUE(cert.get()); | 804 ASSERT_TRUE(cert.get()); |
| 821 whitelist_strings.clear(); | 805 whitelist_strings.clear(); |
| 822 GetCertificateWhitelistStrings(*cert, *issuer_cert, &whitelist_strings); | 806 GetCertificateWhitelistStrings(*cert, *issuer_cert, &whitelist_strings); |
| 823 EXPECT_THAT(whitelist_strings, ElementsAre( | 807 EXPECT_THAT(whitelist_strings, ElementsAre( |
| 824 cert_base + "/CN=subject", | 808 cert_base + "/CN=subject", |
| 825 cert_base + "/CN=subject/OU=unit", | 809 cert_base + "/CN=subject/OU=unit", |
| 826 cert_base + "/OU=unit")); | 810 cert_base + "/OU=unit")); |
| 827 | 811 |
| 828 cert = net::X509Certificate::CreateSelfSigned( | 812 cert = ReadTestCertificate("test_o.pem"); |
| 829 private_key.get(), "O=org,", 1, base::TimeDelta::FromDays(1)); | |
| 830 ASSERT_TRUE(cert.get()); | 813 ASSERT_TRUE(cert.get()); |
| 831 whitelist_strings.clear(); | 814 whitelist_strings.clear(); |
| 832 GetCertificateWhitelistStrings(*cert, *issuer_cert, &whitelist_strings); | 815 GetCertificateWhitelistStrings(*cert, *issuer_cert, &whitelist_strings); |
| 833 EXPECT_THAT(whitelist_strings, ElementsAre(cert_base + "/O=org")); | 816 EXPECT_THAT(whitelist_strings, ElementsAre(cert_base + "/O=org")); |
| 834 | 817 |
| 835 cert = net::X509Certificate::CreateSelfSigned( | 818 cert = ReadTestCertificate("test_o_ou.pem"); |
| 836 private_key.get(), "O=org,OU=unit", 1, base::TimeDelta::FromDays(1)); | |
| 837 ASSERT_TRUE(cert.get()); | 819 ASSERT_TRUE(cert.get()); |
| 838 whitelist_strings.clear(); | 820 whitelist_strings.clear(); |
| 839 GetCertificateWhitelistStrings(*cert, *issuer_cert, &whitelist_strings); | 821 GetCertificateWhitelistStrings(*cert, *issuer_cert, &whitelist_strings); |
| 840 EXPECT_THAT(whitelist_strings, ElementsAre( | 822 EXPECT_THAT(whitelist_strings, ElementsAre( |
| 841 cert_base + "/O=org", | 823 cert_base + "/O=org", |
| 842 cert_base + "/O=org/OU=unit", | 824 cert_base + "/O=org/OU=unit", |
| 843 cert_base + "/OU=unit")); | 825 cert_base + "/OU=unit")); |
| 844 | 826 |
| 845 cert = net::X509Certificate::CreateSelfSigned( | 827 cert = ReadTestCertificate("test_ou.pem"); |
| 846 private_key.get(), "OU=unit", 1, base::TimeDelta::FromDays(1)); | |
| 847 ASSERT_TRUE(cert.get()); | 828 ASSERT_TRUE(cert.get()); |
| 848 whitelist_strings.clear(); | 829 whitelist_strings.clear(); |
| 849 GetCertificateWhitelistStrings(*cert, *issuer_cert, &whitelist_strings); | 830 GetCertificateWhitelistStrings(*cert, *issuer_cert, &whitelist_strings); |
| 850 EXPECT_THAT(whitelist_strings, ElementsAre(cert_base + "/OU=unit")); | 831 EXPECT_THAT(whitelist_strings, ElementsAre(cert_base + "/OU=unit")); |
| 851 | 832 |
| 852 cert = net::X509Certificate::CreateSelfSigned( | 833 cert = ReadTestCertificate("test_c.pem"); |
| 853 private_key.get(), "C=US", 1, base::TimeDelta::FromDays(1)); | |
| 854 ASSERT_TRUE(cert.get()); | 834 ASSERT_TRUE(cert.get()); |
| 855 whitelist_strings.clear(); | 835 whitelist_strings.clear(); |
| 856 GetCertificateWhitelistStrings(*cert, *issuer_cert, &whitelist_strings); | 836 GetCertificateWhitelistStrings(*cert, *issuer_cert, &whitelist_strings); |
| 857 EXPECT_THAT(whitelist_strings, ElementsAre()); | 837 EXPECT_THAT(whitelist_strings, ElementsAre()); |
| 858 } | 838 } |
| 859 #endif | |
| 860 } // namespace safe_browsing | 839 } // namespace safe_browsing |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 8803023:
Switch DownloadProtectionServiceTest to use pre-generated certs instead of creating them each time. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src