| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/ssl/certificate_error_report.h" | 5 #include "chrome/browser/ssl/certificate_error_report.h" |
| 6 | 6 |
| 7 #include <set> | 7 #include <set> |
| 8 #include <string> | 8 #include <string> |
| 9 | 9 |
| 10 #include "base/files/file_path.h" | 10 #include "base/files/file_path.h" |
| (...skipping 17 matching lines...) Expand all Loading... |
| 28 | 28 |
| 29 const net::CertStatus kCertStatus = | 29 const net::CertStatus kCertStatus = |
| 30 net::CERT_STATUS_COMMON_NAME_INVALID | net::CERT_STATUS_REVOKED; | 30 net::CERT_STATUS_COMMON_NAME_INVALID | net::CERT_STATUS_REVOKED; |
| 31 const size_t kNumCertErrors = 2; | 31 const size_t kNumCertErrors = 2; |
| 32 | 32 |
| 33 const CertLoggerRequest::CertError kFirstReportedCertError = | 33 const CertLoggerRequest::CertError kFirstReportedCertError = |
| 34 CertLoggerRequest::ERR_CERT_COMMON_NAME_INVALID; | 34 CertLoggerRequest::ERR_CERT_COMMON_NAME_INVALID; |
| 35 const CertLoggerRequest::CertError kSecondReportedCertError = | 35 const CertLoggerRequest::CertError kSecondReportedCertError = |
| 36 CertLoggerRequest::ERR_CERT_REVOKED; | 36 CertLoggerRequest::ERR_CERT_REVOKED; |
| 37 | 37 |
| 38 // Whether to include an unverified certificate chain in the test | 38 SSLInfo GetTestSSLInfo() { |
| 39 // SSLInfo. In production code, an unverified cert chain will not be | |
| 40 // present if the resource was loaded from cache. | |
| 41 enum UnverifiedCertChainStatus { | |
| 42 INCLUDE_UNVERIFIED_CERT_CHAIN, | |
| 43 EXCLUDE_UNVERIFIED_CERT_CHAIN | |
| 44 }; | |
| 45 | |
| 46 SSLInfo GetTestSSLInfo(UnverifiedCertChainStatus unverified_cert_chain_status) { | |
| 47 SSLInfo info; | 39 SSLInfo info; |
| 48 info.cert = | 40 info.cert = |
| 49 net::ImportCertFromFile(net::GetTestCertsDirectory(), kTestCertFilename); | 41 net::ImportCertFromFile(net::GetTestCertsDirectory(), kTestCertFilename); |
| 50 if (unverified_cert_chain_status == INCLUDE_UNVERIFIED_CERT_CHAIN) { | |
| 51 info.unverified_cert = net::ImportCertFromFile(net::GetTestCertsDirectory(), | |
| 52 kTestCertFilename); | |
| 53 } | |
| 54 info.is_issued_by_known_root = true; | 42 info.is_issued_by_known_root = true; |
| 55 info.cert_status = kCertStatus; | 43 info.cert_status = kCertStatus; |
| 56 info.pinning_failure_log = kDummyFailureLog; | 44 info.pinning_failure_log = kDummyFailureLog; |
| 57 return info; | 45 return info; |
| 58 } | 46 } |
| 59 | 47 |
| 60 std::string GetPEMEncodedChain() { | 48 std::string GetPEMEncodedChain() { |
| 61 base::FilePath cert_path = | 49 base::FilePath cert_path = |
| 62 net::GetTestCertsDirectory().AppendASCII(kTestCertFilename); | 50 net::GetTestCertsDirectory().AppendASCII(kTestCertFilename); |
| 63 std::string cert_data; | 51 std::string cert_data; |
| 64 EXPECT_TRUE(base::ReadFileToString(cert_path, &cert_data)); | 52 EXPECT_TRUE(base::ReadFileToString(cert_path, &cert_data)); |
| 65 return cert_data; | 53 return cert_data; |
| 66 } | 54 } |
| 67 | 55 |
| 68 // Test that a serialized CertificateErrorReport can be deserialized as | 56 // Test that a serialized CertificateErrorReport can be deserialized as |
| 69 // a CertLoggerRequest protobuf (which is the format that the receiving | 57 // a CertLoggerRequest protobuf (which is the format that the receiving |
| 70 // server expects it in) with the right data in it. | 58 // server expects it in) with the right data in it. |
| 71 TEST(CertificateErrorReportTest, SerializedReportAsProtobuf) { | 59 TEST(CertificateErrorReportTest, SerializedReportAsProtobuf) { |
| 72 SSLInfo ssl_info = GetTestSSLInfo(INCLUDE_UNVERIFIED_CERT_CHAIN); | 60 SSLInfo ssl_info = GetTestSSLInfo(); |
| 73 | 61 |
| 74 std::string serialized_report; | 62 std::string serialized_report; |
| 75 CertificateErrorReport report(kDummyHostname, ssl_info); | 63 CertificateErrorReport report(kDummyHostname, ssl_info); |
| 76 report.Serialize(&serialized_report); | 64 report.Serialize(&serialized_report); |
| 77 | 65 |
| 78 CertLoggerRequest deserialized_report; | 66 CertLoggerRequest deserialized_report; |
| 79 ASSERT_TRUE(deserialized_report.ParseFromString(serialized_report)); | 67 ASSERT_TRUE(deserialized_report.ParseFromString(serialized_report)); |
| 80 EXPECT_EQ(kDummyHostname, deserialized_report.hostname()); | 68 EXPECT_EQ(kDummyHostname, deserialized_report.hostname()); |
| 81 EXPECT_EQ(GetPEMEncodedChain(), deserialized_report.cert_chain()); | 69 EXPECT_EQ(GetPEMEncodedChain(), deserialized_report.cert_chain()); |
| 82 EXPECT_EQ(GetPEMEncodedChain(), deserialized_report.unverified_cert_chain()); | |
| 83 EXPECT_EQ(1, deserialized_report.pin().size()); | 70 EXPECT_EQ(1, deserialized_report.pin().size()); |
| 84 EXPECT_EQ(kDummyFailureLog, deserialized_report.pin().Get(0)); | 71 EXPECT_EQ(kDummyFailureLog, deserialized_report.pin().Get(0)); |
| 85 | 72 |
| 86 std::set<CertLoggerRequest::CertError> reported_errors; | 73 std::set<CertLoggerRequest::CertError> reported_errors; |
| 87 reported_errors.insert(static_cast<CertLoggerRequest::CertError>( | 74 reported_errors.insert(static_cast<CertLoggerRequest::CertError>( |
| 88 deserialized_report.cert_error().Get(0))); | 75 deserialized_report.cert_error().Get(0))); |
| 89 reported_errors.insert(static_cast<CertLoggerRequest::CertError>( | 76 reported_errors.insert(static_cast<CertLoggerRequest::CertError>( |
| 90 deserialized_report.cert_error().Get(1))); | 77 deserialized_report.cert_error().Get(1))); |
| 91 EXPECT_EQ(kNumCertErrors, reported_errors.size()); | 78 EXPECT_EQ(kNumCertErrors, reported_errors.size()); |
| 92 EXPECT_EQ(1u, reported_errors.count(kFirstReportedCertError)); | 79 EXPECT_EQ(1u, reported_errors.count(kFirstReportedCertError)); |
| 93 EXPECT_EQ(1u, reported_errors.count(kSecondReportedCertError)); | 80 EXPECT_EQ(1u, reported_errors.count(kSecondReportedCertError)); |
| 94 } | 81 } |
| 95 | 82 |
| 96 TEST(CertificateErrorReportTest, | 83 TEST(CertificateErrorReportTest, |
| 97 SerializedReportAsProtobufWithInterstitialInfo) { | 84 SerializedReportAsProtobufWithInterstitialInfo) { |
| 98 // Use EXCLUDE_UNVERIFIED_CERT_CHAIN here to exercise the code path | 85 SSLInfo ssl_info = GetTestSSLInfo(); |
| 99 // where SSLInfo does not contain the unverified cert chain. (The test | |
| 100 // above exercises the path where it does.) | |
| 101 SSLInfo ssl_info = GetTestSSLInfo(EXCLUDE_UNVERIFIED_CERT_CHAIN); | |
| 102 | 86 |
| 103 std::string serialized_report; | 87 std::string serialized_report; |
| 104 CertificateErrorReport report(kDummyHostname, ssl_info); | 88 CertificateErrorReport report(kDummyHostname, ssl_info); |
| 105 | 89 |
| 106 const CertificateErrorReport::InterstitialReason interstitial_reason = | 90 const CertificateErrorReport::InterstitialReason interstitial_reason = |
| 107 CertificateErrorReport::INTERSTITIAL_CLOCK; | 91 CertificateErrorReport::INTERSTITIAL_CLOCK; |
| 108 const CertificateErrorReport::ProceedDecision proceeded = | 92 const CertificateErrorReport::ProceedDecision proceeded = |
| 109 CertificateErrorReport::USER_PROCEEDED; | 93 CertificateErrorReport::USER_PROCEEDED; |
| 110 const CertificateErrorReport::Overridable overridable = | 94 const CertificateErrorReport::Overridable overridable = |
| 111 CertificateErrorReport::INTERSTITIAL_OVERRIDABLE; | 95 CertificateErrorReport::INTERSTITIAL_OVERRIDABLE; |
| 112 | 96 |
| 113 report.SetInterstitialInfo(interstitial_reason, proceeded, overridable); | 97 report.SetInterstitialInfo(interstitial_reason, proceeded, overridable); |
| 114 | 98 |
| 115 report.Serialize(&serialized_report); | 99 report.Serialize(&serialized_report); |
| 116 | 100 |
| 117 CertLoggerRequest deserialized_report; | 101 CertLoggerRequest deserialized_report; |
| 118 ASSERT_TRUE(deserialized_report.ParseFromString(serialized_report)); | 102 ASSERT_TRUE(deserialized_report.ParseFromString(serialized_report)); |
| 119 EXPECT_EQ(kDummyHostname, deserialized_report.hostname()); | 103 EXPECT_EQ(kDummyHostname, deserialized_report.hostname()); |
| 120 EXPECT_EQ(GetPEMEncodedChain(), deserialized_report.cert_chain()); | 104 EXPECT_EQ(GetPEMEncodedChain(), deserialized_report.cert_chain()); |
| 121 EXPECT_EQ(std::string(), deserialized_report.unverified_cert_chain()); | |
| 122 EXPECT_EQ(1, deserialized_report.pin().size()); | 105 EXPECT_EQ(1, deserialized_report.pin().size()); |
| 123 EXPECT_EQ(kDummyFailureLog, deserialized_report.pin().Get(0)); | 106 EXPECT_EQ(kDummyFailureLog, deserialized_report.pin().Get(0)); |
| 124 | 107 |
| 125 EXPECT_EQ(CertLoggerInterstitialInfo::INTERSTITIAL_CLOCK, | 108 EXPECT_EQ(CertLoggerInterstitialInfo::INTERSTITIAL_CLOCK, |
| 126 deserialized_report.interstitial_info().interstitial_reason()); | 109 deserialized_report.interstitial_info().interstitial_reason()); |
| 127 EXPECT_EQ(true, deserialized_report.interstitial_info().user_proceeded()); | 110 EXPECT_EQ(true, deserialized_report.interstitial_info().user_proceeded()); |
| 128 EXPECT_EQ(true, deserialized_report.interstitial_info().overridable()); | 111 EXPECT_EQ(true, deserialized_report.interstitial_info().overridable()); |
| 129 | 112 |
| 130 std::set<CertLoggerRequest::CertError> reported_errors; | 113 std::set<CertLoggerRequest::CertError> reported_errors; |
| 131 reported_errors.insert(static_cast<CertLoggerRequest::CertError>( | 114 reported_errors.insert(static_cast<CertLoggerRequest::CertError>( |
| 132 deserialized_report.cert_error().Get(0))); | 115 deserialized_report.cert_error().Get(0))); |
| 133 reported_errors.insert(static_cast<CertLoggerRequest::CertError>( | 116 reported_errors.insert(static_cast<CertLoggerRequest::CertError>( |
| 134 deserialized_report.cert_error().Get(1))); | 117 deserialized_report.cert_error().Get(1))); |
| 135 EXPECT_EQ(kNumCertErrors, reported_errors.size()); | 118 EXPECT_EQ(kNumCertErrors, reported_errors.size()); |
| 136 EXPECT_EQ(1u, reported_errors.count(kFirstReportedCertError)); | 119 EXPECT_EQ(1u, reported_errors.count(kFirstReportedCertError)); |
| 137 EXPECT_EQ(1u, reported_errors.count(kSecondReportedCertError)); | 120 EXPECT_EQ(1u, reported_errors.count(kSecondReportedCertError)); |
| 138 } | 121 } |
| 139 | 122 |
| 140 // Test that a serialized report can be parsed. | 123 // Test that a serialized report can be parsed. |
| 141 TEST(CertificateErrorReportTest, ParseSerializedReport) { | 124 TEST(CertificateErrorReportTest, ParseSerializedReport) { |
| 142 SSLInfo ssl_info = GetTestSSLInfo(EXCLUDE_UNVERIFIED_CERT_CHAIN); | 125 SSLInfo ssl_info = GetTestSSLInfo(); |
| 143 | 126 |
| 144 std::string serialized_report; | 127 std::string serialized_report; |
| 145 CertificateErrorReport report(kDummyHostname, ssl_info); | 128 CertificateErrorReport report(kDummyHostname, ssl_info); |
| 146 EXPECT_EQ(kDummyHostname, report.hostname()); | 129 EXPECT_EQ(kDummyHostname, report.hostname()); |
| 147 report.Serialize(&serialized_report); | 130 report.Serialize(&serialized_report); |
| 148 | 131 |
| 149 CertificateErrorReport parsed; | 132 CertificateErrorReport parsed; |
| 150 ASSERT_TRUE(parsed.InitializeFromString(serialized_report)); | 133 ASSERT_TRUE(parsed.InitializeFromString(serialized_report)); |
| 151 EXPECT_EQ(report.hostname(), parsed.hostname()); | 134 EXPECT_EQ(report.hostname(), parsed.hostname()); |
| 152 } | 135 } |
| 153 | 136 |
| 154 } // namespace | 137 } // namespace |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1191743002:
Revert of Include unverified server-sent cert chain in reports (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master