OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/ssl/chrome_fraudulent_certificate_reporter.h" | 5 #include "chrome/browser/ssl/chrome_fraudulent_certificate_reporter.h" |
6 | 6 |
7 #include <string> | 7 #include <string> |
8 | 8 |
9 #include "base/bind.h" | 9 #include "base/bind.h" |
10 #include "base/files/file_path.h" | 10 #include "base/files/file_path.h" |
11 #include "base/location.h" | 11 #include "base/location.h" |
12 #include "base/memory/scoped_ptr.h" | 12 #include "base/memory/scoped_ptr.h" |
13 #include "base/message_loop/message_loop.h" | 13 #include "base/message_loop/message_loop.h" |
14 #include "base/single_thread_task_runner.h" | 14 #include "base/single_thread_task_runner.h" |
15 #include "base/synchronization/waitable_event.h" | 15 #include "base/synchronization/waitable_event.h" |
16 #include "base/threading/thread.h" | 16 #include "base/threading/thread.h" |
17 #include "chrome/browser/net/certificate_error_reporter.h" | 17 #include "chrome/browser/net/certificate_error_reporter.h" |
18 #include "content/public/test/test_browser_thread.h" | 18 #include "content/public/test/test_browser_thread.h" |
19 #include "net/base/request_priority.h" | 19 #include "net/base/request_priority.h" |
20 #include "net/base/test_data_directory.h" | 20 #include "net/base/test_data_directory.h" |
21 #include "net/cert/x509_certificate.h" | 21 #include "net/cert/x509_certificate.h" |
22 #include "net/http/transport_security_state.h" | 22 #include "net/http/transport_security_state.h" |
23 #include "net/ssl/ssl_info.h" | 23 #include "net/ssl/ssl_info.h" |
24 #include "net/test/cert_test_util.h" | 24 #include "net/test/cert_test_util.h" |
25 #include "net/url_request/certificate_report_sender.h" | |
25 #include "net/url_request/fraudulent_certificate_reporter.h" | 26 #include "net/url_request/fraudulent_certificate_reporter.h" |
26 #include "net/url_request/url_request.h" | 27 #include "net/url_request/url_request.h" |
27 #include "net/url_request/url_request_context.h" | 28 #include "net/url_request/url_request_context.h" |
28 #include "net/url_request/url_request_test_util.h" | 29 #include "net/url_request/url_request_test_util.h" |
29 #include "testing/gtest/include/gtest/gtest.h" | 30 #include "testing/gtest/include/gtest/gtest.h" |
30 | 31 |
31 using chrome_browser_net::CertificateErrorReporter; | 32 using chrome_browser_net::CertificateErrorReporter; |
32 using content::BrowserThread; | 33 using content::BrowserThread; |
33 using net::SSLInfo; | 34 using net::SSLInfo; |
34 | 35 |
35 namespace { | 36 namespace { |
36 | 37 |
38 const uint32 kServerPublicKeyVersion = 1; | |
39 const uint8 kServerPublicKey[32] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, | |
40 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, | |
41 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; | |
42 | |
37 // Builds an SSLInfo from an invalid cert chain. In this case, the cert is | 43 // Builds an SSLInfo from an invalid cert chain. In this case, the cert is |
38 // expired; what matters is that the cert would not pass even a normal | 44 // expired; what matters is that the cert would not pass even a normal |
39 // sanity check. We test that we DO NOT send a fraudulent certificate report | 45 // sanity check. We test that we DO NOT send a fraudulent certificate report |
40 // in this case. | 46 // in this case. |
41 static SSLInfo GetBadSSLInfo() { | 47 static SSLInfo GetBadSSLInfo() { |
42 SSLInfo info; | 48 SSLInfo info; |
43 | 49 |
44 info.cert = | 50 info.cert = |
45 net::ImportCertFromFile(net::GetTestCertsDirectory(), "expired_cert.pem"); | 51 net::ImportCertFromFile(net::GetTestCertsDirectory(), "expired_cert.pem"); |
46 info.cert_status = net::CERT_STATUS_DATE_INVALID; | 52 info.cert_status = net::CERT_STATUS_DATE_INVALID; |
(...skipping 62 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
109 | 115 |
110 // Passes if invoked with a bad SSLInfo and for a hostname that is not a | 116 // Passes if invoked with a bad SSLInfo and for a hostname that is not a |
111 // Google pinned property. | 117 // Google pinned property. |
112 void SendReport(const std::string& hostname, | 118 void SendReport(const std::string& hostname, |
113 const SSLInfo& ssl_info) override { | 119 const SSLInfo& ssl_info) override { |
114 EXPECT_FALSE(IsGoodSSLInfo(ssl_info)); | 120 EXPECT_FALSE(IsGoodSSLInfo(ssl_info)); |
115 EXPECT_FALSE(net::TransportSecurityState::IsGooglePinnedProperty(hostname)); | 121 EXPECT_FALSE(net::TransportSecurityState::IsGooglePinnedProperty(hostname)); |
116 } | 122 } |
117 }; | 123 }; |
118 | 124 |
125 class MockCertificateReportSender : public net::CertificateReportSender { | |
126 public: | |
127 MockCertificateReportSender( | |
128 net::URLRequestContext* request_context, | |
129 net::CertificateReportSender::CookiesPreference cookies_preference) | |
130 : net::CertificateReportSender(request_context, cookies_preference) {} | |
131 | |
132 private: | |
133 scoped_ptr<net::URLRequest> CreateURLRequest( | |
134 net::URLRequestContext* context, | |
135 const GURL& report_uri) override { | |
136 return context->CreateRequest(GURL(std::string()), net::DEFAULT_PRIORITY, | |
137 NULL); | |
138 } | |
davidben
2015/07/24 18:54:11
Does it work to just implement TransportSecuritySt
estark
2015/07/24 22:56:03
I made CertificateErrorReporter depend on net::Cer
| |
139 }; | |
140 | |
119 // A CertificateErrorReporter that uses a MockURLRequest, but is | 141 // A CertificateErrorReporter that uses a MockURLRequest, but is |
120 // otherwise normal: reports are constructed and sent in the usual way. | 142 // otherwise normal: reports are constructed and sent in the usual way. |
121 class MockReporter : public CertificateErrorReporter { | 143 class MockReporter : public CertificateErrorReporter { |
122 public: | 144 public: |
123 explicit MockReporter(net::URLRequestContext* request_context) | 145 explicit MockReporter(net::URLRequestContext* request_context) |
124 : CertificateErrorReporter( | 146 : CertificateErrorReporter( |
125 request_context, | |
126 GURL("http://example.com"), | 147 GURL("http://example.com"), |
127 CertificateErrorReporter::DO_NOT_SEND_COOKIES) {} | 148 kServerPublicKey, |
149 kServerPublicKeyVersion, | |
150 scoped_ptr<net::CertificateReportSender>( | |
151 new MockCertificateReportSender( | |
152 request_context, | |
153 net::CertificateReportSender::DO_NOT_SEND_COOKIES))) {} | |
128 | 154 |
129 void SendReport(ReportType type, | 155 void SendReport(ReportType type, |
130 const std::string& serialized_report) override { | 156 const std::string& serialized_report) override { |
131 EXPECT_EQ(type, REPORT_TYPE_PINNING_VIOLATION); | 157 EXPECT_EQ(type, REPORT_TYPE_PINNING_VIOLATION); |
132 EXPECT_FALSE(serialized_report.empty()); | 158 EXPECT_FALSE(serialized_report.empty()); |
133 CertificateErrorReporter::SendReport(type, serialized_report); | 159 CertificateErrorReporter::SendReport(type, serialized_report); |
134 } | 160 } |
135 | |
136 private: | |
137 scoped_ptr<net::URLRequest> CreateURLRequest( | |
138 net::URLRequestContext* context) override { | |
139 return context->CreateRequest(GURL(std::string()), net::DEFAULT_PRIORITY, | |
140 NULL); | |
141 } | |
142 }; | 161 }; |
143 | 162 |
144 static void DoReportIsSent() { | 163 static void DoReportIsSent() { |
145 net::TestURLRequestContext context; | 164 net::TestURLRequestContext context; |
146 SendingTestReporter reporter(&context); | 165 SendingTestReporter reporter(&context); |
147 SSLInfo info = GetGoodSSLInfo(); | 166 SSLInfo info = GetGoodSSLInfo(); |
148 reporter.SendReport("mail.google.com", info); | 167 reporter.SendReport("mail.google.com", info); |
149 } | 168 } |
150 | 169 |
151 static void DoReportIsNotSent() { | 170 static void DoReportIsNotSent() { |
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
186 } | 205 } |
187 | 206 |
188 TEST(ChromeFraudulentCertificateReporterTest, ReportIsNotSent) { | 207 TEST(ChromeFraudulentCertificateReporterTest, ReportIsNotSent) { |
189 base::MessageLoopForIO loop; | 208 base::MessageLoopForIO loop; |
190 content::TestBrowserThread io_thread(BrowserThread::IO, &loop); | 209 content::TestBrowserThread io_thread(BrowserThread::IO, &loop); |
191 loop.task_runner()->PostTask(FROM_HERE, base::Bind(&DoReportIsNotSent)); | 210 loop.task_runner()->PostTask(FROM_HERE, base::Bind(&DoReportIsNotSent)); |
192 loop.RunUntilIdle(); | 211 loop.RunUntilIdle(); |
193 } | 212 } |
194 | 213 |
195 } // namespace | 214 } // namespace |
OLD | NEW |