OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/net/chrome_fraudulent_certificate_reporter.h" | 5 #include "chrome/browser/ssl/chrome_fraudulent_certificate_reporter.h" |
6 | 6 |
7 #include <string> | 7 #include <string> |
8 | 8 |
9 #include "base/bind.h" | 9 #include "base/bind.h" |
10 #include "base/files/file_path.h" | 10 #include "base/files/file_path.h" |
11 #include "base/memory/scoped_ptr.h" | 11 #include "base/memory/scoped_ptr.h" |
12 #include "base/message_loop/message_loop.h" | 12 #include "base/message_loop/message_loop.h" |
13 #include "base/synchronization/waitable_event.h" | 13 #include "base/synchronization/waitable_event.h" |
14 #include "base/threading/thread.h" | 14 #include "base/threading/thread.h" |
15 #include "chrome/browser/net/certificate_error_reporter.h" | 15 #include "chrome/browser/net/certificate_error_reporter.h" |
16 #include "content/public/test/test_browser_thread.h" | 16 #include "content/public/test/test_browser_thread.h" |
17 #include "net/base/request_priority.h" | 17 #include "net/base/request_priority.h" |
18 #include "net/base/test_data_directory.h" | 18 #include "net/base/test_data_directory.h" |
19 #include "net/cert/x509_certificate.h" | 19 #include "net/cert/x509_certificate.h" |
20 #include "net/http/transport_security_state.h" | 20 #include "net/http/transport_security_state.h" |
21 #include "net/ssl/ssl_info.h" | 21 #include "net/ssl/ssl_info.h" |
22 #include "net/test/cert_test_util.h" | 22 #include "net/test/cert_test_util.h" |
23 #include "net/url_request/fraudulent_certificate_reporter.h" | 23 #include "net/url_request/fraudulent_certificate_reporter.h" |
24 #include "net/url_request/url_request.h" | 24 #include "net/url_request/url_request.h" |
25 #include "net/url_request/url_request_context.h" | 25 #include "net/url_request/url_request_context.h" |
26 #include "net/url_request/url_request_test_util.h" | 26 #include "net/url_request/url_request_test_util.h" |
27 #include "testing/gtest/include/gtest/gtest.h" | 27 #include "testing/gtest/include/gtest/gtest.h" |
28 | 28 |
| 29 using chrome_browser_net::CertificateErrorReporter; |
29 using content::BrowserThread; | 30 using content::BrowserThread; |
30 using net::SSLInfo; | 31 using net::SSLInfo; |
31 | 32 |
32 namespace chrome_browser_net { | 33 namespace { |
33 | 34 |
34 // Builds an SSLInfo from an invalid cert chain. In this case, the cert is | 35 // Builds an SSLInfo from an invalid cert chain. In this case, the cert is |
35 // expired; what matters is that the cert would not pass even a normal | 36 // expired; what matters is that the cert would not pass even a normal |
36 // sanity check. We test that we DO NOT send a fraudulent certificate report | 37 // sanity check. We test that we DO NOT send a fraudulent certificate report |
37 // in this case. | 38 // in this case. |
38 static SSLInfo GetBadSSLInfo() { | 39 static SSLInfo GetBadSSLInfo() { |
39 SSLInfo info; | 40 SSLInfo info; |
40 | 41 |
41 info.cert = net::ImportCertFromFile(net::GetTestCertsDirectory(), | 42 info.cert = |
42 "expired_cert.pem"); | 43 net::ImportCertFromFile(net::GetTestCertsDirectory(), "expired_cert.pem"); |
43 info.cert_status = net::CERT_STATUS_DATE_INVALID; | 44 info.cert_status = net::CERT_STATUS_DATE_INVALID; |
44 info.is_issued_by_known_root = false; | 45 info.is_issued_by_known_root = false; |
45 | 46 |
46 return info; | 47 return info; |
47 } | 48 } |
48 | 49 |
49 // Builds an SSLInfo from a "good" cert chain, as defined by IsGoodSSLInfo, | 50 // Builds an SSLInfo from a "good" cert chain, as defined by IsGoodSSLInfo, |
50 // but which does not pass DomainState::IsChainOfPublicKeysPermitted. In this | 51 // but which does not pass DomainState::IsChainOfPublicKeysPermitted. In this |
51 // case, the certificate is for mail.google.com, signed by our Chrome test | 52 // case, the certificate is for mail.google.com, signed by our Chrome test |
52 // CA. During testing, Chrome believes this CA is part of the root system | 53 // CA. During testing, Chrome believes this CA is part of the root system |
(...skipping 64 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
117 // otherwise normal: reports are constructed and sent in the usual way. | 118 // otherwise normal: reports are constructed and sent in the usual way. |
118 class MockReporter : public CertificateErrorReporter { | 119 class MockReporter : public CertificateErrorReporter { |
119 public: | 120 public: |
120 explicit MockReporter(net::URLRequestContext* request_context) | 121 explicit MockReporter(net::URLRequestContext* request_context) |
121 : CertificateErrorReporter( | 122 : CertificateErrorReporter( |
122 request_context, | 123 request_context, |
123 GURL("http://example.com"), | 124 GURL("http://example.com"), |
124 CertificateErrorReporter::DO_NOT_SEND_COOKIES) {} | 125 CertificateErrorReporter::DO_NOT_SEND_COOKIES) {} |
125 | 126 |
126 void SendReport(ReportType type, | 127 void SendReport(ReportType type, |
127 const std::string& hostname, | 128 const std::string& serialized_report) override { |
128 const net::SSLInfo& ssl_info) override { | |
129 EXPECT_EQ(type, REPORT_TYPE_PINNING_VIOLATION); | 129 EXPECT_EQ(type, REPORT_TYPE_PINNING_VIOLATION); |
130 EXPECT_FALSE(hostname.empty()); | 130 EXPECT_FALSE(serialized_report.empty()); |
131 EXPECT_TRUE(ssl_info.is_valid()); | 131 CertificateErrorReporter::SendReport(type, serialized_report); |
132 CertificateErrorReporter::SendReport(type, hostname, ssl_info); | |
133 } | 132 } |
134 | 133 |
135 private: | 134 private: |
136 scoped_ptr<net::URLRequest> CreateURLRequest( | 135 scoped_ptr<net::URLRequest> CreateURLRequest( |
137 net::URLRequestContext* context) override { | 136 net::URLRequestContext* context) override { |
138 return context->CreateRequest(GURL(std::string()), | 137 return context->CreateRequest(GURL(std::string()), net::DEFAULT_PRIORITY, |
139 net::DEFAULT_PRIORITY, | |
140 NULL); | 138 NULL); |
141 } | 139 } |
142 }; | 140 }; |
143 | 141 |
144 static void DoReportIsSent() { | 142 static void DoReportIsSent() { |
145 net::TestURLRequestContext context; | 143 net::TestURLRequestContext context; |
146 SendingTestReporter reporter(&context); | 144 SendingTestReporter reporter(&context); |
147 SSLInfo info = GetGoodSSLInfo(); | 145 SSLInfo info = GetGoodSSLInfo(); |
148 reporter.SendReport("mail.google.com", info); | 146 reporter.SendReport("mail.google.com", info); |
149 } | 147 } |
(...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
185 loop.RunUntilIdle(); | 183 loop.RunUntilIdle(); |
186 } | 184 } |
187 | 185 |
188 TEST(ChromeFraudulentCertificateReporterTest, ReportIsNotSent) { | 186 TEST(ChromeFraudulentCertificateReporterTest, ReportIsNotSent) { |
189 base::MessageLoopForIO loop; | 187 base::MessageLoopForIO loop; |
190 content::TestBrowserThread io_thread(BrowserThread::IO, &loop); | 188 content::TestBrowserThread io_thread(BrowserThread::IO, &loop); |
191 loop.PostTask(FROM_HERE, base::Bind(&DoReportIsNotSent)); | 189 loop.PostTask(FROM_HERE, base::Bind(&DoReportIsNotSent)); |
192 loop.RunUntilIdle(); | 190 loop.RunUntilIdle(); |
193 } | 191 } |
194 | 192 |
195 } // namespace chrome_browser_net | 193 } // namespace |
OLD | NEW |