net/http/transport_security_state_unittest.cc - Issue 1212613004: Build and send HPKP violation reports

Unified Diff: net/http/transport_security_state_unittest.cc

Issue 1212613004: Build and send HPKP violation reports (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: move report building code to TransportSecurityState; wire up to CheckPublicKeyPins Created 5 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/http/transport_security_state_unittest.cc

diff --git a/net/http/transport_security_state_unittest.cc b/net/http/transport_security_state_unittest.cc

index dfe1b6722bb6bbc7c69d8e97b072db1a00b3fa89..46b6a493d1e07a5734381cc37c35840048f4a732 100644

--- a/net/http/transport_security_state_unittest.cc

+++ b/net/http/transport_security_state_unittest.cc

@@ -10,10 +10,13 @@

#include "base/base64.h"

#include "base/files/file_path.h"

+#include "base/json/json_reader.h"

#include "base/rand_util.h"

#include "base/sha1.h"

#include "base/strings/string_piece.h"

+#include "base/values.h"

#include "crypto/sha2.h"

+#include "net/base/host_port_pair.h"

#include "net/base/net_errors.h"

#include "net/base/test_completion_callback.h"

#include "net/base/test_data_directory.h"

@@ -35,13 +38,93 @@

#include "crypto/nss_util.h"

#endif

-namespace {

+namespace net {

const char kReportUri[] = "http://example.test/test";

estark 2015/07/23 08:53:29 Is everything supposed to be in the net namespace

davidben 2015/07/24 20:42:55 See my second comment here: https://codereview.chr

estark 2015/07/25 00:10:31 Done. I left the existing test fixtures and tests

-} // namespace

+// A mock ReportSender that just remembers the latest report

+// URI and report to be sent.

+class MockCertificateReportSender

+ : public TransportSecurityState::ReportSender {

+ public:

+ MockCertificateReportSender() {}

+ ~MockCertificateReportSender() override {}

-namespace net {

+ void Send(const GURL& report_uri, const std::string& report) override {

+ latest_report_uri_ = report_uri;

+ latest_report_ = report;

+ }

+ const GURL& latest_report_uri() { return latest_report_uri_; }

+ const std::string& latest_report() { return latest_report_; }

+ private:

+ GURL latest_report_uri_;

+ std::string latest_report_;

+};

+void CompareCertificateChainWithList(

+ const scoped_refptr<X509Certificate>& cert_chain,

+ const base::ListValue* cert_list) {

+ ASSERT_TRUE(cert_chain);

+ std::vector<std::string> pem_encoded_chain;

+ cert_chain->GetPEMEncodedChain(&pem_encoded_chain);

+ EXPECT_EQ(pem_encoded_chain.size(), cert_list->GetSize());

+ for (size_t i = 0; i < pem_encoded_chain.size(); i++) {

+ std::string list_cert;

+ ASSERT_TRUE(cert_list->GetString(i, &list_cert));

+ EXPECT_EQ(pem_encoded_chain[i], list_cert);

+ }

+void CheckHPKPReport(

+ const std::string& report,

+ const HostPortPair& host_port_pair,

+ const base::Time& expiry,

+ bool include_subdomains,

+ const std::string& noted_hostname,

+ const scoped_refptr<X509Certificate>& served_certificate_chain,

+ const scoped_refptr<X509Certificate>& validated_certificate_chain,

+ const net::HashValueVector& known_pins) {

+ // TODO(estark): check time in RFC3339 format.

+ scoped_ptr<base::Value> value(base::JSONReader::Read(report));

+ ASSERT_TRUE(value);

+ ASSERT_TRUE(value->IsType(base::Value::TYPE_DICTIONARY));

+ scoped_ptr<base::DictionaryValue> report_dict(

+ static_cast<base::DictionaryValue*>(value.release()));

davidben 2015/07/24 20:42:55 You can also do: base::DictionaryValue* report_d

estark 2015/07/25 00:10:31 Done.

+ std::string report_hostname;

+ EXPECT_TRUE(report_dict->GetString("hostname", &report_hostname));

+ EXPECT_EQ(host_port_pair.host(), report_hostname);

+ int report_port;

+ EXPECT_TRUE(report_dict->GetInteger("port", &report_port));

+ EXPECT_EQ(host_port_pair.port(), report_port);

+ bool report_include_subdomains;

+ EXPECT_TRUE(report_dict->GetBoolean("include-subdomains",

+ &report_include_subdomains));

+ EXPECT_EQ(include_subdomains, report_include_subdomains);

+ std::string report_noted_hostname;

+ EXPECT_TRUE(report_dict->GetString("noted-hostname", &report_noted_hostname));

+ EXPECT_EQ(noted_hostname, report_noted_hostname);

+ base::ListValue* report_served_certificate_chain;

+ EXPECT_TRUE(report_dict->GetList("served-certificate-chain",

+ &report_served_certificate_chain));

+ ASSERT_NO_FATAL_FAILURE(CompareCertificateChainWithList(

+ served_certificate_chain, report_served_certificate_chain));

+ base::ListValue* report_validated_certificate_chain;

+ EXPECT_TRUE(report_dict->GetList("validated-certificate-chain",

+ &report_validated_certificate_chain));

+ ASSERT_NO_FATAL_FAILURE(CompareCertificateChainWithList(

+ validated_certificate_chain, report_validated_certificate_chain));

class TransportSecurityStateTest : public testing::Test {

public:

@@ -1112,4 +1195,100 @@ TEST_F(TransportSecurityStateTest, GooglePinnedProperties) {

"www.googlegroups.com"));

}

+TEST_F(TransportSecurityStateTest, HPKPReporting) {

+ const char kHost[] = "example.test";

+ const char kSubdomain[] = "foo.example.test";

+ const uint16_t kPort = 443;

davidben 2015/07/24 20:42:55 Nit: static const

estark 2015/07/25 00:10:31 Done.

+ HostPortPair host_port_pair(kHost, kPort);

+ HostPortPair subdomain_host_port_pair(kSubdomain, kPort);

+ GURL report_uri("http://www.example.test/report");

+ // Two dummy certs to use as the server-sent and validated chains. The

+ // contents don't matter.

+ scoped_refptr<X509Certificate> cert1 =

+ ImportCertFromFile(GetTestCertsDirectory(), "test_mail_google_com.pem");

+ scoped_refptr<X509Certificate> cert2 =

+ ImportCertFromFile(GetTestCertsDirectory(), "expired_cert.pem");

+ ASSERT_TRUE(cert1);

+ ASSERT_TRUE(cert2);

+ // kGoodPath is blog.torproject.org.

+ static const char* const kGoodPath[] = {

+ "sha1/m9lHYJYke9k0GtVZ+bXSQYE8nDI=",

+ "sha1/o5OZxATDsgmwgcIfIWIneMJ0jkw=",

+ "sha1/wHqYaI2J+6sFZAwRfap9ZbjKzE4=",

+ NULL,

+ };

+ // kBadPath is plus.google.com via Trustcenter, which is utterly wrong for

+ // torproject.org.

+ static const char* const kBadPath[] = {

+ "sha1/4BjDjn8v2lWeUFQnqSs0BgbIcrU=",

+ "sha1/gzuEEAB/bkqdQS3EIjk2by7lW+k=",

+ "sha1/SOZo+SvSspXXR9gjIBBPM5iQn9Q=",

+ NULL,

+ };

+ HashValueVector good_hashes, bad_hashes;

+ for (size_t i = 0; kGoodPath[i]; i++)

+ EXPECT_TRUE(AddHash(kGoodPath[i], &good_hashes));

+ for (size_t i = 0; kBadPath[i]; i++)

+ EXPECT_TRUE(AddHash(kBadPath[i], &bad_hashes));

+ TransportSecurityState state;

+ MockCertificateReportSender mock_report_sender;

+ state.SetReportSender(&mock_report_sender);

+ const base::Time current_time(base::Time::Now());

davidben 2015/07/24 20:42:55 Nit: I'd probably just use equals here.

estark 2015/07/25 00:10:31 Done.

+ const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);

+ state.AddHPKP(kHost, expiry, true, good_hashes, report_uri);

+ EXPECT_EQ(GURL(), mock_report_sender.latest_report_uri());

+ EXPECT_EQ(std::string(), mock_report_sender.latest_report());

+ std::string failure_log;

+ EXPECT_FALSE(state.CheckPublicKeyPins(

+ host_port_pair, true, bad_hashes, cert1.get(), cert2.get(),

+ TransportSecurityState::DISABLE_PIN_REPORTS, &failure_log));

+ // No report should have been sent because of the DO_NOT_SEND_REPORT

davidben 2015/07/24 20:42:55 DO_NOT_SEND_REPORT -> DISABLE_PIN_REPORTS?

estark 2015/07/25 00:10:31 Done.

+ // argument.

+ EXPECT_EQ(GURL(), mock_report_sender.latest_report_uri());

+ EXPECT_EQ(std::string(), mock_report_sender.latest_report());

+ EXPECT_TRUE(state.CheckPublicKeyPins(

+ host_port_pair, true, good_hashes, cert1.get(), cert2.get(),

+ TransportSecurityState::ENABLE_PIN_REPORTS, &failure_log));

+ // No report should have been sent because there was no violation.

+ EXPECT_EQ(GURL(), mock_report_sender.latest_report_uri());

+ EXPECT_EQ(std::string(), mock_report_sender.latest_report());

+ EXPECT_FALSE(state.CheckPublicKeyPins(

+ host_port_pair, true, bad_hashes, cert1.get(), cert2.get(),

+ TransportSecurityState::ENABLE_PIN_REPORTS, &failure_log));

+ // Now a report should have been sent. Check that it contains the

+ // right information.

+ EXPECT_EQ(report_uri, mock_report_sender.latest_report_uri());

+ std::string report = mock_report_sender.latest_report();

+ ASSERT_FALSE(report.empty());

+ ASSERT_NO_FATAL_FAILURE(CheckHPKPReport(report, host_port_pair, expiry, true,

+ kHost, cert1.get(), cert2.get(),

+ good_hashes));

+ EXPECT_FALSE(state.CheckPublicKeyPins(

+ subdomain_host_port_pair, true, bad_hashes, cert1.get(), cert2.get(),

+ TransportSecurityState::ENABLE_PIN_REPORTS, &failure_log));

+ // Now a report should have been sent for the subdomain. Check that it

+ // contains the right information.

+ EXPECT_EQ(report_uri, mock_report_sender.latest_report_uri());

+ report = mock_report_sender.latest_report();

+ ASSERT_FALSE(report.empty());

+ ASSERT_NO_FATAL_FAILURE(CheckHPKPReport(report, subdomain_host_port_pair,

+ expiry, true, kHost, cert1.get(),

+ cert2.get(), good_hashes));

} // namespace net

« net/http/transport_security_state.cc ('K') | « net/http/transport_security_state.cc ('k') | net/quic/crypto/proof_verifier_chromium.cc » ('j') | net/spdy/spdy_session.cc » ('J')