Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(55)

Side by Side Diff: chrome/browser/net/chrome_fraudulent_certificate_reporter_unittest.cc

Issue 1117173004: Split cert reporter class into report building/serializing and sending (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: move //c/b/ssl classes into global namespace Created 5 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
(Empty)
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chrome/browser/net/chrome_fraudulent_certificate_reporter.h"
6
7 #include <string>
8
9 #include "base/bind.h"
10 #include "base/files/file_path.h"
11 #include "base/memory/scoped_ptr.h"
12 #include "base/message_loop/message_loop.h"
13 #include "base/synchronization/waitable_event.h"
14 #include "base/threading/thread.h"
15 #include "chrome/browser/net/certificate_error_reporter.h"
16 #include "content/public/test/test_browser_thread.h"
17 #include "net/base/request_priority.h"
18 #include "net/base/test_data_directory.h"
19 #include "net/cert/x509_certificate.h"
20 #include "net/http/transport_security_state.h"
21 #include "net/ssl/ssl_info.h"
22 #include "net/test/cert_test_util.h"
23 #include "net/url_request/fraudulent_certificate_reporter.h"
24 #include "net/url_request/url_request.h"
25 #include "net/url_request/url_request_context.h"
26 #include "net/url_request/url_request_test_util.h"
27 #include "testing/gtest/include/gtest/gtest.h"
28
29 using content::BrowserThread;
30 using net::SSLInfo;
31
32 namespace chrome_browser_net {
33
34 // Builds an SSLInfo from an invalid cert chain. In this case, the cert is
35 // expired; what matters is that the cert would not pass even a normal
36 // sanity check. We test that we DO NOT send a fraudulent certificate report
37 // in this case.
38 static SSLInfo GetBadSSLInfo() {
39 SSLInfo info;
40
41 info.cert = net::ImportCertFromFile(net::GetTestCertsDirectory(),
42 "expired_cert.pem");
43 info.cert_status = net::CERT_STATUS_DATE_INVALID;
44 info.is_issued_by_known_root = false;
45
46 return info;
47 }
48
49 // Builds an SSLInfo from a "good" cert chain, as defined by IsGoodSSLInfo,
50 // but which does not pass DomainState::IsChainOfPublicKeysPermitted. In this
51 // case, the certificate is for mail.google.com, signed by our Chrome test
52 // CA. During testing, Chrome believes this CA is part of the root system
53 // store. But, this CA is not in the pin list; we test that we DO send a
54 // fraudulent certicate report in this case.
55 static SSLInfo GetGoodSSLInfo() {
56 SSLInfo info;
57
58 info.cert = net::ImportCertFromFile(net::GetTestCertsDirectory(),
59 "test_mail_google_com.pem");
60 info.is_issued_by_known_root = true;
61
62 return info;
63 }
64
65 // Checks that |info| is good as required by the SSL checks performed in
66 // URLRequestHttpJob::OnStartCompleted, which are enough to trigger pin
67 // checking but not sufficient to pass
68 // DomainState::IsChainOfPublicKeysPermitted.
69 static bool IsGoodSSLInfo(const SSLInfo& info) {
70 return info.is_valid() && info.is_issued_by_known_root;
71 }
72
73 class TestReporter : public ChromeFraudulentCertificateReporter {
74 public:
75 explicit TestReporter(net::URLRequestContext* request_context)
76 : ChromeFraudulentCertificateReporter(request_context) {}
77 };
78
79 class SendingTestReporter : public TestReporter {
80 public:
81 explicit SendingTestReporter(net::URLRequestContext* request_context)
82 : TestReporter(request_context), passed_(false) {}
83
84 // Passes if invoked with a good SSLInfo and for a hostname that is a Google
85 // pinned property.
86 void SendReport(const std::string& hostname,
87 const SSLInfo& ssl_info) override {
88 EXPECT_TRUE(IsGoodSSLInfo(ssl_info));
89 EXPECT_TRUE(net::TransportSecurityState::IsGooglePinnedProperty(hostname));
90 passed_ = true;
91 }
92
93 ~SendingTestReporter() override {
94 // If the object is destroyed without having its SendReport method invoked,
95 // we failed.
96 EXPECT_TRUE(passed_);
97 }
98
99 bool passed_;
100 };
101
102 class NotSendingTestReporter : public TestReporter {
103 public:
104 explicit NotSendingTestReporter(net::URLRequestContext* request_context)
105 : TestReporter(request_context) {}
106
107 // Passes if invoked with a bad SSLInfo and for a hostname that is not a
108 // Google pinned property.
109 void SendReport(const std::string& hostname,
110 const SSLInfo& ssl_info) override {
111 EXPECT_FALSE(IsGoodSSLInfo(ssl_info));
112 EXPECT_FALSE(net::TransportSecurityState::IsGooglePinnedProperty(hostname));
113 }
114 };
115
116 // A CertificateErrorReporter that uses a MockURLRequest, but is
117 // otherwise normal: reports are constructed and sent in the usual way.
118 class MockReporter : public CertificateErrorReporter {
119 public:
120 explicit MockReporter(net::URLRequestContext* request_context)
121 : CertificateErrorReporter(
122 request_context,
123 GURL("http://example.com"),
124 CertificateErrorReporter::DO_NOT_SEND_COOKIES) {}
125
126 void SendReport(ReportType type,
127 const std::string& hostname,
128 const net::SSLInfo& ssl_info) override {
129 EXPECT_EQ(type, REPORT_TYPE_PINNING_VIOLATION);
130 EXPECT_FALSE(hostname.empty());
131 EXPECT_TRUE(ssl_info.is_valid());
132 CertificateErrorReporter::SendReport(type, hostname, ssl_info);
133 }
134
135 private:
136 scoped_ptr<net::URLRequest> CreateURLRequest(
137 net::URLRequestContext* context) override {
138 return context->CreateRequest(GURL(std::string()),
139 net::DEFAULT_PRIORITY,
140 NULL);
141 }
142 };
143
144 static void DoReportIsSent() {
145 net::TestURLRequestContext context;
146 SendingTestReporter reporter(&context);
147 SSLInfo info = GetGoodSSLInfo();
148 reporter.SendReport("mail.google.com", info);
149 }
150
151 static void DoReportIsNotSent() {
152 net::TestURLRequestContext context;
153 NotSendingTestReporter reporter(&context);
154 SSLInfo info = GetBadSSLInfo();
155 reporter.SendReport("www.example.com", info);
156 }
157
158 static void DoMockReportIsSent() {
159 net::TestURLRequestContext context;
160 scoped_ptr<MockReporter> error_reporter(new MockReporter(&context));
161 ChromeFraudulentCertificateReporter reporter(error_reporter.Pass());
162 SSLInfo info = GetGoodSSLInfo();
163 reporter.SendReport("mail.google.com", info);
164 }
165
166 TEST(ChromeFraudulentCertificateReporterTest, GoodBadInfo) {
167 SSLInfo good = GetGoodSSLInfo();
168 EXPECT_TRUE(IsGoodSSLInfo(good));
169
170 SSLInfo bad = GetBadSSLInfo();
171 EXPECT_FALSE(IsGoodSSLInfo(bad));
172 }
173
174 TEST(ChromeFraudulentCertificateReporterTest, ReportIsSent) {
175 base::MessageLoopForIO loop;
176 content::TestBrowserThread io_thread(BrowserThread::IO, &loop);
177 loop.PostTask(FROM_HERE, base::Bind(&DoReportIsSent));
178 loop.RunUntilIdle();
179 }
180
181 TEST(ChromeFraudulentCertificateReporterTest, MockReportIsSent) {
182 base::MessageLoopForIO loop;
183 content::TestBrowserThread io_thread(BrowserThread::IO, &loop);
184 loop.PostTask(FROM_HERE, base::Bind(&DoMockReportIsSent));
185 loop.RunUntilIdle();
186 }
187
188 TEST(ChromeFraudulentCertificateReporterTest, ReportIsNotSent) {
189 base::MessageLoopForIO loop;
190 content::TestBrowserThread io_thread(BrowserThread::IO, &loop);
191 loop.PostTask(FROM_HERE, base::Bind(&DoReportIsNotSent));
192 loop.RunUntilIdle();
193 }
194
195 } // namespace chrome_browser_net
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698