| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/ssl/certificate_error_report.h" | 5 #include "chrome/browser/ssl/certificate_error_report.h" |
| 6 | 6 |
| 7 #include <set> | 7 #include <set> |
| 8 #include <string> | 8 #include <string> |
| 9 | 9 |
| 10 #include "base/files/file_path.h" | 10 #include "base/files/file_path.h" |
| (...skipping 17 matching lines...) Expand all Loading... |
| 28 | 28 |
| 29 const net::CertStatus kCertStatus = | 29 const net::CertStatus kCertStatus = |
| 30 net::CERT_STATUS_COMMON_NAME_INVALID | net::CERT_STATUS_REVOKED; | 30 net::CERT_STATUS_COMMON_NAME_INVALID | net::CERT_STATUS_REVOKED; |
| 31 const size_t kNumCertErrors = 2; | 31 const size_t kNumCertErrors = 2; |
| 32 | 32 |
| 33 const CertLoggerRequest::CertError kFirstReportedCertError = | 33 const CertLoggerRequest::CertError kFirstReportedCertError = |
| 34 CertLoggerRequest::ERR_CERT_COMMON_NAME_INVALID; | 34 CertLoggerRequest::ERR_CERT_COMMON_NAME_INVALID; |
| 35 const CertLoggerRequest::CertError kSecondReportedCertError = | 35 const CertLoggerRequest::CertError kSecondReportedCertError = |
| 36 CertLoggerRequest::ERR_CERT_REVOKED; | 36 CertLoggerRequest::ERR_CERT_REVOKED; |
| 37 | 37 |
| 38 SSLInfo GetTestSSLInfo() { | 38 // Whether to include an unverified certificate chain in the test |
| 39 // SSLInfo. In production code, an unverified cert chain will not be |
| 40 // present if the resource was loaded from cache. |
| 41 enum UnverifiedCertChainStatus { |
| 42 INCLUDE_UNVERIFIED_CERT_CHAIN, |
| 43 EXCLUDE_UNVERIFIED_CERT_CHAIN |
| 44 }; |
| 45 |
| 46 SSLInfo GetTestSSLInfo(UnverifiedCertChainStatus unverified_cert_chain_status) { |
| 39 SSLInfo info; | 47 SSLInfo info; |
| 40 info.cert = | 48 info.cert = |
| 41 net::ImportCertFromFile(net::GetTestCertsDirectory(), kTestCertFilename); | 49 net::ImportCertFromFile(net::GetTestCertsDirectory(), kTestCertFilename); |
| 50 if (unverified_cert_chain_status == INCLUDE_UNVERIFIED_CERT_CHAIN) { |
| 51 info.unverified_cert = net::ImportCertFromFile(net::GetTestCertsDirectory(), |
| 52 kTestCertFilename); |
| 53 } |
| 42 info.is_issued_by_known_root = true; | 54 info.is_issued_by_known_root = true; |
| 43 info.cert_status = kCertStatus; | 55 info.cert_status = kCertStatus; |
| 44 info.pinning_failure_log = kDummyFailureLog; | 56 info.pinning_failure_log = kDummyFailureLog; |
| 45 return info; | 57 return info; |
| 46 } | 58 } |
| 47 | 59 |
| 48 std::string GetPEMEncodedChain() { | 60 std::string GetPEMEncodedChain() { |
| 49 base::FilePath cert_path = | 61 base::FilePath cert_path = |
| 50 net::GetTestCertsDirectory().AppendASCII(kTestCertFilename); | 62 net::GetTestCertsDirectory().AppendASCII(kTestCertFilename); |
| 51 std::string cert_data; | 63 std::string cert_data; |
| 52 EXPECT_TRUE(base::ReadFileToString(cert_path, &cert_data)); | 64 EXPECT_TRUE(base::ReadFileToString(cert_path, &cert_data)); |
| 53 return cert_data; | 65 return cert_data; |
| 54 } | 66 } |
| 55 | 67 |
| 56 // Test that a serialized CertificateErrorReport can be deserialized as | 68 // Test that a serialized CertificateErrorReport can be deserialized as |
| 57 // a CertLoggerRequest protobuf (which is the format that the receiving | 69 // a CertLoggerRequest protobuf (which is the format that the receiving |
| 58 // server expects it in) with the right data in it. | 70 // server expects it in) with the right data in it. |
| 59 TEST(CertificateErrorReportTest, SerializedReportAsProtobuf) { | 71 TEST(CertificateErrorReportTest, SerializedReportAsProtobuf) { |
| 60 SSLInfo ssl_info = GetTestSSLInfo(); | 72 SSLInfo ssl_info = GetTestSSLInfo(INCLUDE_UNVERIFIED_CERT_CHAIN); |
| 61 | 73 |
| 62 std::string serialized_report; | 74 std::string serialized_report; |
| 63 CertificateErrorReport report(kDummyHostname, ssl_info); | 75 CertificateErrorReport report(kDummyHostname, ssl_info); |
| 64 report.Serialize(&serialized_report); | 76 report.Serialize(&serialized_report); |
| 65 | 77 |
| 66 CertLoggerRequest deserialized_report; | 78 CertLoggerRequest deserialized_report; |
| 67 ASSERT_TRUE(deserialized_report.ParseFromString(serialized_report)); | 79 ASSERT_TRUE(deserialized_report.ParseFromString(serialized_report)); |
| 68 EXPECT_EQ(kDummyHostname, deserialized_report.hostname()); | 80 EXPECT_EQ(kDummyHostname, deserialized_report.hostname()); |
| 69 EXPECT_EQ(GetPEMEncodedChain(), deserialized_report.cert_chain()); | 81 EXPECT_EQ(GetPEMEncodedChain(), deserialized_report.cert_chain()); |
| 82 EXPECT_EQ(GetPEMEncodedChain(), deserialized_report.unverified_cert_chain()); |
| 70 EXPECT_EQ(1, deserialized_report.pin().size()); | 83 EXPECT_EQ(1, deserialized_report.pin().size()); |
| 71 EXPECT_EQ(kDummyFailureLog, deserialized_report.pin().Get(0)); | 84 EXPECT_EQ(kDummyFailureLog, deserialized_report.pin().Get(0)); |
| 72 | 85 |
| 73 std::set<CertLoggerRequest::CertError> reported_errors; | 86 std::set<CertLoggerRequest::CertError> reported_errors; |
| 74 reported_errors.insert(static_cast<CertLoggerRequest::CertError>( | 87 reported_errors.insert(static_cast<CertLoggerRequest::CertError>( |
| 75 deserialized_report.cert_error().Get(0))); | 88 deserialized_report.cert_error().Get(0))); |
| 76 reported_errors.insert(static_cast<CertLoggerRequest::CertError>( | 89 reported_errors.insert(static_cast<CertLoggerRequest::CertError>( |
| 77 deserialized_report.cert_error().Get(1))); | 90 deserialized_report.cert_error().Get(1))); |
| 78 EXPECT_EQ(kNumCertErrors, reported_errors.size()); | 91 EXPECT_EQ(kNumCertErrors, reported_errors.size()); |
| 79 EXPECT_EQ(1u, reported_errors.count(kFirstReportedCertError)); | 92 EXPECT_EQ(1u, reported_errors.count(kFirstReportedCertError)); |
| 80 EXPECT_EQ(1u, reported_errors.count(kSecondReportedCertError)); | 93 EXPECT_EQ(1u, reported_errors.count(kSecondReportedCertError)); |
| 81 } | 94 } |
| 82 | 95 |
| 83 TEST(CertificateErrorReportTest, | 96 TEST(CertificateErrorReportTest, |
| 84 SerializedReportAsProtobufWithInterstitialInfo) { | 97 SerializedReportAsProtobufWithInterstitialInfo) { |
| 85 SSLInfo ssl_info = GetTestSSLInfo(); | 98 // Use EXCLUDE_UNVERIFIED_CERT_CHAIN here to exercise the code path |
| 99 // where SSLInfo does not contain the unverified cert chain. (The test |
| 100 // above exercises the path where it does.) |
| 101 SSLInfo ssl_info = GetTestSSLInfo(EXCLUDE_UNVERIFIED_CERT_CHAIN); |
| 86 | 102 |
| 87 std::string serialized_report; | 103 std::string serialized_report; |
| 88 CertificateErrorReport report(kDummyHostname, ssl_info); | 104 CertificateErrorReport report(kDummyHostname, ssl_info); |
| 89 | 105 |
| 90 const CertificateErrorReport::InterstitialReason interstitial_reason = | 106 const CertificateErrorReport::InterstitialReason interstitial_reason = |
| 91 CertificateErrorReport::INTERSTITIAL_CLOCK; | 107 CertificateErrorReport::INTERSTITIAL_CLOCK; |
| 92 const CertificateErrorReport::ProceedDecision proceeded = | 108 const CertificateErrorReport::ProceedDecision proceeded = |
| 93 CertificateErrorReport::USER_PROCEEDED; | 109 CertificateErrorReport::USER_PROCEEDED; |
| 94 const CertificateErrorReport::Overridable overridable = | 110 const CertificateErrorReport::Overridable overridable = |
| 95 CertificateErrorReport::INTERSTITIAL_OVERRIDABLE; | 111 CertificateErrorReport::INTERSTITIAL_OVERRIDABLE; |
| 96 | 112 |
| 97 report.SetInterstitialInfo(interstitial_reason, proceeded, overridable); | 113 report.SetInterstitialInfo(interstitial_reason, proceeded, overridable); |
| 98 | 114 |
| 99 report.Serialize(&serialized_report); | 115 report.Serialize(&serialized_report); |
| 100 | 116 |
| 101 CertLoggerRequest deserialized_report; | 117 CertLoggerRequest deserialized_report; |
| 102 ASSERT_TRUE(deserialized_report.ParseFromString(serialized_report)); | 118 ASSERT_TRUE(deserialized_report.ParseFromString(serialized_report)); |
| 103 EXPECT_EQ(kDummyHostname, deserialized_report.hostname()); | 119 EXPECT_EQ(kDummyHostname, deserialized_report.hostname()); |
| 104 EXPECT_EQ(GetPEMEncodedChain(), deserialized_report.cert_chain()); | 120 EXPECT_EQ(GetPEMEncodedChain(), deserialized_report.cert_chain()); |
| 121 EXPECT_EQ(std::string(), deserialized_report.unverified_cert_chain()); |
| 105 EXPECT_EQ(1, deserialized_report.pin().size()); | 122 EXPECT_EQ(1, deserialized_report.pin().size()); |
| 106 EXPECT_EQ(kDummyFailureLog, deserialized_report.pin().Get(0)); | 123 EXPECT_EQ(kDummyFailureLog, deserialized_report.pin().Get(0)); |
| 107 | 124 |
| 108 EXPECT_EQ(CertLoggerInterstitialInfo::INTERSTITIAL_CLOCK, | 125 EXPECT_EQ(CertLoggerInterstitialInfo::INTERSTITIAL_CLOCK, |
| 109 deserialized_report.interstitial_info().interstitial_reason()); | 126 deserialized_report.interstitial_info().interstitial_reason()); |
| 110 EXPECT_EQ(true, deserialized_report.interstitial_info().user_proceeded()); | 127 EXPECT_EQ(true, deserialized_report.interstitial_info().user_proceeded()); |
| 111 EXPECT_EQ(true, deserialized_report.interstitial_info().overridable()); | 128 EXPECT_EQ(true, deserialized_report.interstitial_info().overridable()); |
| 112 | 129 |
| 113 std::set<CertLoggerRequest::CertError> reported_errors; | 130 std::set<CertLoggerRequest::CertError> reported_errors; |
| 114 reported_errors.insert(static_cast<CertLoggerRequest::CertError>( | 131 reported_errors.insert(static_cast<CertLoggerRequest::CertError>( |
| 115 deserialized_report.cert_error().Get(0))); | 132 deserialized_report.cert_error().Get(0))); |
| 116 reported_errors.insert(static_cast<CertLoggerRequest::CertError>( | 133 reported_errors.insert(static_cast<CertLoggerRequest::CertError>( |
| 117 deserialized_report.cert_error().Get(1))); | 134 deserialized_report.cert_error().Get(1))); |
| 118 EXPECT_EQ(kNumCertErrors, reported_errors.size()); | 135 EXPECT_EQ(kNumCertErrors, reported_errors.size()); |
| 119 EXPECT_EQ(1u, reported_errors.count(kFirstReportedCertError)); | 136 EXPECT_EQ(1u, reported_errors.count(kFirstReportedCertError)); |
| 120 EXPECT_EQ(1u, reported_errors.count(kSecondReportedCertError)); | 137 EXPECT_EQ(1u, reported_errors.count(kSecondReportedCertError)); |
| 121 } | 138 } |
| 122 | 139 |
| 123 // Test that a serialized report can be parsed. | 140 // Test that a serialized report can be parsed. |
| 124 TEST(CertificateErrorReportTest, ParseSerializedReport) { | 141 TEST(CertificateErrorReportTest, ParseSerializedReport) { |
| 125 SSLInfo ssl_info = GetTestSSLInfo(); | 142 SSLInfo ssl_info = GetTestSSLInfo(EXCLUDE_UNVERIFIED_CERT_CHAIN); |
| 126 | 143 |
| 127 std::string serialized_report; | 144 std::string serialized_report; |
| 128 CertificateErrorReport report(kDummyHostname, ssl_info); | 145 CertificateErrorReport report(kDummyHostname, ssl_info); |
| 129 EXPECT_EQ(kDummyHostname, report.hostname()); | 146 EXPECT_EQ(kDummyHostname, report.hostname()); |
| 130 report.Serialize(&serialized_report); | 147 report.Serialize(&serialized_report); |
| 131 | 148 |
| 132 CertificateErrorReport parsed; | 149 CertificateErrorReport parsed; |
| 133 ASSERT_TRUE(parsed.InitializeFromString(serialized_report)); | 150 ASSERT_TRUE(parsed.InitializeFromString(serialized_report)); |
| 134 EXPECT_EQ(report.hostname(), parsed.hostname()); | 151 EXPECT_EQ(report.hostname(), parsed.hostname()); |
| 135 } | 152 } |
| 136 | 153 |
| 137 } // namespace | 154 } // namespace |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1180313006:
Include unverified server-sent cert chain in reports (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master