Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(236)

Side by Side Diff: chrome/browser/ssl/chrome_fraudulent_certificate_reporter_unittest.cc

Issue 1211933005: Initial (partial) implementation of HPKP violation reporting (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: style fixes, comments Created 5 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/browser/ssl/chrome_fraudulent_certificate_reporter.h" 5 #include "chrome/browser/ssl/chrome_fraudulent_certificate_reporter.h"
6 6
7 #include <string> 7 #include <string>
8 8
9 #include "base/bind.h" 9 #include "base/bind.h"
10 #include "base/files/file_path.h" 10 #include "base/files/file_path.h"
11 #include "base/location.h" 11 #include "base/location.h"
12 #include "base/memory/scoped_ptr.h" 12 #include "base/memory/scoped_ptr.h"
13 #include "base/message_loop/message_loop.h" 13 #include "base/message_loop/message_loop.h"
14 #include "base/single_thread_task_runner.h" 14 #include "base/single_thread_task_runner.h"
15 #include "base/synchronization/waitable_event.h" 15 #include "base/synchronization/waitable_event.h"
16 #include "base/threading/thread.h" 16 #include "base/threading/thread.h"
17 #include "chrome/browser/net/certificate_error_reporter.h" 17 #include "chrome/browser/net/certificate_error_reporter.h"
18 #include "content/public/test/test_browser_thread.h" 18 #include "content/public/test/test_browser_thread.h"
19 #include "net/base/request_priority.h" 19 #include "net/base/request_priority.h"
20 #include "net/base/test_data_directory.h" 20 #include "net/base/test_data_directory.h"
21 #include "net/cert/x509_certificate.h" 21 #include "net/cert/x509_certificate.h"
22 #include "net/http/certificate_report_sender.h"
23 #include "net/http/certificate_report_sender_impl.h"
22 #include "net/http/transport_security_state.h" 24 #include "net/http/transport_security_state.h"
23 #include "net/ssl/ssl_info.h" 25 #include "net/ssl/ssl_info.h"
24 #include "net/test/cert_test_util.h" 26 #include "net/test/cert_test_util.h"
25 #include "net/url_request/fraudulent_certificate_reporter.h" 27 #include "net/url_request/fraudulent_certificate_reporter.h"
26 #include "net/url_request/url_request.h" 28 #include "net/url_request/url_request.h"
27 #include "net/url_request/url_request_context.h" 29 #include "net/url_request/url_request_context.h"
28 #include "net/url_request/url_request_test_util.h" 30 #include "net/url_request/url_request_test_util.h"
29 #include "testing/gtest/include/gtest/gtest.h" 31 #include "testing/gtest/include/gtest/gtest.h"
30 32
31 using chrome_browser_net::CertificateErrorReporter; 33 using chrome_browser_net::CertificateErrorReporter;
32 using content::BrowserThread; 34 using content::BrowserThread;
33 using net::SSLInfo; 35 using net::SSLInfo;
34 36
35 namespace { 37 namespace {
36 38
39 const uint32 kServerPublicKeyVersion = 1;
40 const uint8 kServerPublicKey[32] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
41 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
42 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
43
37 // Builds an SSLInfo from an invalid cert chain. In this case, the cert is 44 // Builds an SSLInfo from an invalid cert chain. In this case, the cert is
38 // expired; what matters is that the cert would not pass even a normal 45 // expired; what matters is that the cert would not pass even a normal
39 // sanity check. We test that we DO NOT send a fraudulent certificate report 46 // sanity check. We test that we DO NOT send a fraudulent certificate report
40 // in this case. 47 // in this case.
41 static SSLInfo GetBadSSLInfo() { 48 static SSLInfo GetBadSSLInfo() {
42 SSLInfo info; 49 SSLInfo info;
43 50
44 info.cert = 51 info.cert =
45 net::ImportCertFromFile(net::GetTestCertsDirectory(), "expired_cert.pem"); 52 net::ImportCertFromFile(net::GetTestCertsDirectory(), "expired_cert.pem");
46 info.cert_status = net::CERT_STATUS_DATE_INVALID; 53 info.cert_status = net::CERT_STATUS_DATE_INVALID;
(...skipping 62 matching lines...) Expand 10 before | Expand all | Expand 10 after
109 116
110 // Passes if invoked with a bad SSLInfo and for a hostname that is not a 117 // Passes if invoked with a bad SSLInfo and for a hostname that is not a
111 // Google pinned property. 118 // Google pinned property.
112 void SendReport(const std::string& hostname, 119 void SendReport(const std::string& hostname,
113 const SSLInfo& ssl_info) override { 120 const SSLInfo& ssl_info) override {
114 EXPECT_FALSE(IsGoodSSLInfo(ssl_info)); 121 EXPECT_FALSE(IsGoodSSLInfo(ssl_info));
115 EXPECT_FALSE(net::TransportSecurityState::IsGooglePinnedProperty(hostname)); 122 EXPECT_FALSE(net::TransportSecurityState::IsGooglePinnedProperty(hostname));
116 } 123 }
117 }; 124 };
118 125
126 class MockCertificateReportSender : public net::CertificateReportSenderImpl {
127 public:
128 MockCertificateReportSender(
129 net::URLRequestContext* request_context,
130 net::CertificateReportSender::CookiesPreference cookies_preference)
131 : net::CertificateReportSenderImpl(request_context, cookies_preference) {}
132
133 private:
134 scoped_ptr<net::URLRequest> CreateURLRequest(
135 net::URLRequestContext* context,
136 const GURL& report_uri) override {
137 return context->CreateRequest(GURL(std::string()), net::DEFAULT_PRIORITY,
138 NULL);
139 }
140 };
141
119 // A CertificateErrorReporter that uses a MockURLRequest, but is 142 // A CertificateErrorReporter that uses a MockURLRequest, but is
120 // otherwise normal: reports are constructed and sent in the usual way. 143 // otherwise normal: reports are constructed and sent in the usual way.
121 class MockReporter : public CertificateErrorReporter { 144 class MockReporter : public CertificateErrorReporter {
122 public: 145 public:
123 explicit MockReporter(net::URLRequestContext* request_context) 146 explicit MockReporter(net::URLRequestContext* request_context)
124 : CertificateErrorReporter( 147 : CertificateErrorReporter(
125 request_context,
126 GURL("http://example.com"), 148 GURL("http://example.com"),
127 CertificateErrorReporter::DO_NOT_SEND_COOKIES) {} 149 kServerPublicKey,
150 kServerPublicKeyVersion,
151 scoped_ptr<net::CertificateReportSender>(
152 new MockCertificateReportSender(
153 request_context,
154 net::CertificateReportSender::DO_NOT_SEND_COOKIES))) {}
128 155
129 void SendReport(ReportType type, 156 void SendReport(ReportType type,
130 const std::string& serialized_report) override { 157 const std::string& serialized_report) override {
131 EXPECT_EQ(type, REPORT_TYPE_PINNING_VIOLATION); 158 EXPECT_EQ(type, REPORT_TYPE_PINNING_VIOLATION);
132 EXPECT_FALSE(serialized_report.empty()); 159 EXPECT_FALSE(serialized_report.empty());
133 CertificateErrorReporter::SendReport(type, serialized_report); 160 CertificateErrorReporter::SendReport(type, serialized_report);
134 } 161 }
135
136 private:
137 scoped_ptr<net::URLRequest> CreateURLRequest(
138 net::URLRequestContext* context) override {
139 return context->CreateRequest(GURL(std::string()), net::DEFAULT_PRIORITY,
140 NULL);
141 }
142 }; 162 };
143 163
144 static void DoReportIsSent() { 164 static void DoReportIsSent() {
145 net::TestURLRequestContext context; 165 net::TestURLRequestContext context;
146 SendingTestReporter reporter(&context); 166 SendingTestReporter reporter(&context);
147 SSLInfo info = GetGoodSSLInfo(); 167 SSLInfo info = GetGoodSSLInfo();
148 reporter.SendReport("mail.google.com", info); 168 reporter.SendReport("mail.google.com", info);
149 } 169 }
150 170
151 static void DoReportIsNotSent() { 171 static void DoReportIsNotSent() {
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after
186 } 206 }
187 207
188 TEST(ChromeFraudulentCertificateReporterTest, ReportIsNotSent) { 208 TEST(ChromeFraudulentCertificateReporterTest, ReportIsNotSent) {
189 base::MessageLoopForIO loop; 209 base::MessageLoopForIO loop;
190 content::TestBrowserThread io_thread(BrowserThread::IO, &loop); 210 content::TestBrowserThread io_thread(BrowserThread::IO, &loop);
191 loop.task_runner()->PostTask(FROM_HERE, base::Bind(&DoReportIsNotSent)); 211 loop.task_runner()->PostTask(FROM_HERE, base::Bind(&DoReportIsNotSent));
192 loop.RunUntilIdle(); 212 loop.RunUntilIdle();
193 } 213 }
194 214
195 } // namespace 215 } // namespace
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698