| Index: components/certificate_transparency/log_proof_fetcher_unittest.cc
|
| diff --git a/components/certificate_transparency/log_proof_fetcher_unittest.cc b/components/certificate_transparency/log_proof_fetcher_unittest.cc
|
| new file mode 100644
|
| index 0000000000000000000000000000000000000000..945325e533fc157ce3bbb3dd483af535da8524e7
|
| --- /dev/null
|
| +++ b/components/certificate_transparency/log_proof_fetcher_unittest.cc
|
| @@ -0,0 +1,307 @@
|
| +// Copyright 2015 The Chromium Authors. All rights reserved.
|
| +// Use of this source code is governed by a BSD-style license that can be
|
| +// found in the LICENSE file.
|
| +
|
| +#include "components/certificate_transparency/log_proof_fetcher.h"
|
| +
|
| +#include <string>
|
| +
|
| +#include "base/strings/stringprintf.h"
|
| +#include "components/safe_json/testing_json_parser.h"
|
| +#include "net/base/net_errors.h"
|
| +#include "net/base/network_delegate.h"
|
| +#include "net/cert/signed_tree_head.h"
|
| +#include "net/http/http_status_code.h"
|
| +#include "net/test/ct_test_util.h"
|
| +#include "net/url_request/url_request_context.h"
|
| +#include "net/url_request/url_request_filter.h"
|
| +#include "net/url_request/url_request_interceptor.h"
|
| +#include "net/url_request/url_request_job.h"
|
| +#include "net/url_request/url_request_test_job.h"
|
| +#include "net/url_request/url_request_test_util.h"
|
| +#include "testing/gtest/include/gtest/gtest.h"
|
| +
|
| +namespace certificate_transparency {
|
| +
|
| +namespace {
|
| +
|
| +const char kGetSTHHeaders[] =
|
| + "HTTP/1.1 200 OK\0"
|
| + "Content-Type: application/json; charset=ISO-8859-1\0";
|
| +
|
| +const char kGetSTHNotFoundHeaders[] =
|
| + "HTTP/1.1 404 Not Found\0"
|
| + "Content-Type: text/html; charset=iso-8859-1\0";
|
| +
|
| +const char kLogSchema[] = "https";
|
| +const char kLogHost[] = "ct.log.example.com";
|
| +const char kLogPathPrefix[] = "somelog";
|
| +const char kLogID[] = "some_id";
|
| +
|
| +class FetchSTHTestJob : public net::URLRequestTestJob {
|
| + public:
|
| + FetchSTHTestJob(const std::string& get_sth_data,
|
| + const std::string& get_sth_headers,
|
| + net::URLRequest* request,
|
| + net::NetworkDelegate* network_delegate)
|
| + : URLRequestTestJob(request,
|
| + network_delegate,
|
| + get_sth_headers,
|
| + get_sth_data,
|
| + true),
|
| + async_io_(false) {}
|
| +
|
| + void set_async_io(bool async_io) { async_io_ = async_io; }
|
| +
|
| + private:
|
| + ~FetchSTHTestJob() override {}
|
| +
|
| + bool NextReadAsync() override {
|
| + // Response with indication of async IO only once, otherwise the final
|
| + // Read would (incorrectly) be classified as async, causing the
|
| + // URLRequestJob to try reading another time and failing on a CHECK
|
| + // that the raw_read_buffer_ is not null.
|
| + // According to mmenke@, this is a bug in the URLRequestTestJob code.
|
| + // TODO(eranm): Once said bug is fixed, switch most tests to using async
|
| + // IO.
|
| + if (async_io_) {
|
| + async_io_ = false;
|
| + return true;
|
| + }
|
| + return false;
|
| + }
|
| +
|
| + bool async_io_;
|
| +
|
| + DISALLOW_COPY_AND_ASSIGN(FetchSTHTestJob);
|
| +};
|
| +
|
| +class GetSTHResponseHandler : public net::URLRequestInterceptor {
|
| + public:
|
| + GetSTHResponseHandler()
|
| + : async_io_(false),
|
| + response_body_(""),
|
| + response_headers_(
|
| + std::string(kGetSTHHeaders, arraysize(kGetSTHHeaders))) {}
|
| + ~GetSTHResponseHandler() override {}
|
| +
|
| + // URLRequestInterceptor implementation:
|
| + net::URLRequestJob* MaybeInterceptRequest(
|
| + net::URLRequest* request,
|
| + net::NetworkDelegate* network_delegate) const override {
|
| + std::string expected_url = base::StringPrintf(
|
| + "%s://%s/%s/ct/v1/get-sth", kLogSchema, kLogHost, kLogPathPrefix);
|
| + EXPECT_EQ(GURL(expected_url), request->url());
|
| + FetchSTHTestJob* job = new FetchSTHTestJob(
|
| + response_body_, response_headers_, request, network_delegate);
|
| + job->set_async_io(async_io_);
|
| + return job;
|
| + }
|
| +
|
| + void set_response_body(std::string response_body) {
|
| + response_body_ = response_body;
|
| + }
|
| +
|
| + void set_response_headers(std::string response_headers) {
|
| + response_headers_ = response_headers;
|
| + }
|
| +
|
| + void set_async_io(bool async_io) { async_io_ = async_io; }
|
| +
|
| + private:
|
| + bool async_io_;
|
| + std::string response_body_;
|
| + std::string response_headers_;
|
| +
|
| + DISALLOW_COPY_AND_ASSIGN(GetSTHResponseHandler);
|
| +};
|
| +
|
| +class RecordFetchCallbackInvocations {
|
| + public:
|
| + RecordFetchCallbackInvocations(bool expect_success)
|
| + : expect_success_(expect_success),
|
| + invoked_(false),
|
| + net_error_(net::OK),
|
| + http_response_code_(-1) {}
|
| +
|
| + void STHFetched(const std::string& log_id,
|
| + const net::ct::SignedTreeHead& sth) {
|
| + ASSERT_TRUE(expect_success_);
|
| + ASSERT_FALSE(invoked_);
|
| + invoked_ = true;
|
| + // If expected to succeed, expecting the known_good STH.
|
| + net::ct::SignedTreeHead expected_sth;
|
| + net::ct::GetSampleSignedTreeHead(&expected_sth);
|
| +
|
| + EXPECT_EQ(kLogID, log_id);
|
| + EXPECT_EQ(expected_sth.version, sth.version);
|
| + EXPECT_EQ(expected_sth.timestamp, sth.timestamp);
|
| + EXPECT_EQ(expected_sth.tree_size, sth.tree_size);
|
| + EXPECT_STREQ(expected_sth.sha256_root_hash, sth.sha256_root_hash);
|
| + EXPECT_EQ(expected_sth.signature.hash_algorithm,
|
| + sth.signature.hash_algorithm);
|
| + EXPECT_EQ(expected_sth.signature.signature_algorithm,
|
| + sth.signature.signature_algorithm);
|
| + EXPECT_EQ(expected_sth.signature.signature_data,
|
| + sth.signature.signature_data);
|
| + }
|
| +
|
| + void FetchingFailed(const std::string& log_id,
|
| + int net_error,
|
| + int http_response_code) {
|
| + ASSERT_FALSE(expect_success_);
|
| + ASSERT_FALSE(invoked_);
|
| + invoked_ = true;
|
| + net_error_ = net_error;
|
| + http_response_code_ = http_response_code;
|
| + if (net_error_ == net::OK) {
|
| + EXPECT_NE(net::HTTP_OK, http_response_code_);
|
| + }
|
| + }
|
| +
|
| + bool invoked() const { return invoked_; }
|
| +
|
| + int net_error() const { return net_error_; }
|
| +
|
| + int http_response_code() const { return http_response_code_; }
|
| +
|
| + private:
|
| + const bool expect_success_;
|
| + bool invoked_;
|
| + int net_error_;
|
| + int http_response_code_;
|
| +};
|
| +
|
| +class LogProofFetcherTest : public ::testing::Test {
|
| + public:
|
| + LogProofFetcherTest()
|
| + : log_url_(base::StringPrintf("%s://%s/%s/",
|
| + kLogSchema,
|
| + kLogHost,
|
| + kLogPathPrefix)) {
|
| + scoped_ptr<GetSTHResponseHandler> handler(new GetSTHResponseHandler());
|
| + handler_ = handler.get();
|
| +
|
| + net::URLRequestFilter::GetInstance()->AddHostnameInterceptor(
|
| + kLogSchema, kLogHost, handler.Pass());
|
| +
|
| + fetcher_.reset(new LogProofFetcher(&context_));
|
| + }
|
| +
|
| + ~LogProofFetcherTest() override {
|
| + net::URLRequestFilter::GetInstance()->RemoveHostnameHandler(kLogSchema,
|
| + kLogHost);
|
| + }
|
| +
|
| + protected:
|
| + void SetValidSTHJSONResponse() {
|
| + std::string sth_json_reply_data = net::ct::GetSampleSTHAsJson();
|
| + handler_->set_response_body(sth_json_reply_data);
|
| + }
|
| +
|
| + void RunFetcherWithCallback(RecordFetchCallbackInvocations* callback) {
|
| + fetcher_->FetchSignedTreeHead(
|
| + log_url_, kLogID,
|
| + base::Bind(&RecordFetchCallbackInvocations::STHFetched,
|
| + base::Unretained(callback)),
|
| + base::Bind(&RecordFetchCallbackInvocations::FetchingFailed,
|
| + base::Unretained(callback)));
|
| + message_loop_.RunUntilIdle();
|
| + }
|
| +
|
| + base::MessageLoopForIO message_loop_;
|
| + net::TestURLRequestContext context_;
|
| + safe_json::TestingJsonParser::ScopedFactoryOverride factory_override_;
|
| + scoped_ptr<LogProofFetcher> fetcher_;
|
| + const GURL log_url_;
|
| + GetSTHResponseHandler* handler_;
|
| +};
|
| +
|
| +TEST_F(LogProofFetcherTest, TestValidGetReply) {
|
| + SetValidSTHJSONResponse();
|
| +
|
| + RecordFetchCallbackInvocations callback(true);
|
| +
|
| + RunFetcherWithCallback(&callback);
|
| +
|
| + ASSERT_TRUE(callback.invoked());
|
| +}
|
| +
|
| +TEST_F(LogProofFetcherTest, TestValidGetReplyAsyncIO) {
|
| + SetValidSTHJSONResponse();
|
| + handler_->set_async_io(true);
|
| +
|
| + RecordFetchCallbackInvocations callback(true);
|
| + RunFetcherWithCallback(&callback);
|
| +
|
| + ASSERT_TRUE(callback.invoked());
|
| +}
|
| +
|
| +TEST_F(LogProofFetcherTest, TestInvalidGetReplyIncompleteJSON) {
|
| + std::string sth_json_reply_data = net::ct::CreateSignedTreeHeadJsonString(
|
| + 21 /* tree_size */, 123456u /* timestamp */, std::string(),
|
| + std::string());
|
| + handler_->set_response_body(sth_json_reply_data);
|
| +
|
| + RecordFetchCallbackInvocations callback(false);
|
| + RunFetcherWithCallback(&callback);
|
| +
|
| + ASSERT_TRUE(callback.invoked());
|
| + EXPECT_EQ(net::ERR_CT_STH_INCOMPLETE, callback.net_error());
|
| +}
|
| +
|
| +TEST_F(LogProofFetcherTest, TestInvalidGetReplyInvalidJSON) {
|
| + std::string sth_json_reply_data = "{\"tree_size\":21,\"timestamp\":}";
|
| + handler_->set_response_body(sth_json_reply_data);
|
| +
|
| + RecordFetchCallbackInvocations callback(false);
|
| + RunFetcherWithCallback(&callback);
|
| +
|
| + ASSERT_TRUE(callback.invoked());
|
| + EXPECT_EQ(net::ERR_CT_STH_PARSING_FAILED, callback.net_error());
|
| +}
|
| +
|
| +TEST_F(LogProofFetcherTest, TestLogReplyIsTooLong) {
|
| + std::string sth_json_reply_data = net::ct::GetSampleSTHAsJson();
|
| + // Add kMaxLogResponseSizeInBytes to make sure the response is too big.
|
| + sth_json_reply_data.append(
|
| + std::string(LogProofFetcher::kMaxLogResponseSizeInBytes, ' '));
|
| + handler_->set_response_body(sth_json_reply_data);
|
| +
|
| + RecordFetchCallbackInvocations callback(false);
|
| + RunFetcherWithCallback(&callback);
|
| +
|
| + ASSERT_TRUE(callback.invoked());
|
| + EXPECT_EQ(net::ERR_FILE_TOO_BIG, callback.net_error());
|
| + EXPECT_EQ(net::HTTP_OK, callback.http_response_code());
|
| +}
|
| +
|
| +TEST_F(LogProofFetcherTest, TestLogReplyIsExactlyMaxSize) {
|
| + std::string sth_json_reply_data = net::ct::GetSampleSTHAsJson();
|
| + // Extend the reply to be exactly kMaxLogResponseSizeInBytes.
|
| + sth_json_reply_data.append(std::string(
|
| + LogProofFetcher::kMaxLogResponseSizeInBytes - sth_json_reply_data.size(),
|
| + ' '));
|
| + handler_->set_response_body(sth_json_reply_data);
|
| +
|
| + RecordFetchCallbackInvocations callback(true);
|
| + RunFetcherWithCallback(&callback);
|
| +
|
| + ASSERT_TRUE(callback.invoked());
|
| +}
|
| +
|
| +TEST_F(LogProofFetcherTest, TestLogRepliesWithHttpError) {
|
| + handler_->set_response_headers(
|
| + std::string(kGetSTHNotFoundHeaders, arraysize(kGetSTHNotFoundHeaders)));
|
| +
|
| + RecordFetchCallbackInvocations callback(false);
|
| + RunFetcherWithCallback(&callback);
|
| +
|
| + ASSERT_TRUE(callback.invoked());
|
| + EXPECT_EQ(net::OK, callback.net_error());
|
| + EXPECT_EQ(net::HTTP_NOT_FOUND, callback.http_response_code());
|
| +}
|
| +
|
| +} // namespace
|
| +
|
| +} // namespace certificate_transparency
|
|
|
Chromium Code Reviews
Issue 1100003006:
Certificate Transparency: Fetching of Signed Tree Heads (DRAFT) (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master