net/cert/multi_log_ct_verifier_unittest.cc - Issue 1216153010: Certificate Transparency: Add observer for Signed Certificate Timestamps

Side by Side Diff: net/cert/multi_log_ct_verifier_unittest.cc

Issue 1216153010: Certificate Transparency: Add observer for Signed Certificate Timestamps (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Addressed review comments Created 5 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright 2013 The Chromium Authors. All rights reserved.	1 // Copyright 2013 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/cert/multi_log_ct_verifier.h"	5 #include "net/cert/multi_log_ct_verifier.h"

6	6

7 #include <string>	7 #include <string>

8	8

9 #include "base/files/file_path.h"	9 #include "base/files/file_path.h"

10 #include "base/files/file_util.h"	10 #include "base/files/file_util.h"

11 #include "base/metrics/histogram.h"	11 #include "base/metrics/histogram.h"

12 #include "base/metrics/histogram_samples.h"	12 #include "base/metrics/histogram_samples.h"

13 #include "base/metrics/statistics_recorder.h"	13 #include "base/metrics/statistics_recorder.h"

14 #include "base/values.h"	14 #include "base/values.h"

15 #include "net/base/net_errors.h"	15 #include "net/base/net_errors.h"

16 #include "net/base/test_data_directory.h"	16 #include "net/base/test_data_directory.h"

17 #include "net/cert/ct_log_verifier.h"	17 #include "net/cert/ct_log_verifier.h"

18 #include "net/cert/ct_serialization.h"	18 #include "net/cert/ct_serialization.h"

19 #include "net/cert/ct_verify_result.h"	19 #include "net/cert/ct_verify_result.h"

20 #include "net/cert/pem_tokenizer.h"	20 #include "net/cert/pem_tokenizer.h"

21 #include "net/cert/sct_status_flags.h"	21 #include "net/cert/sct_status_flags.h"

22 #include "net/cert/signed_certificate_timestamp.h"	22 #include "net/cert/signed_certificate_timestamp.h"

23 #include "net/cert/x509_certificate.h"	23 #include "net/cert/x509_certificate.h"

24 #include "net/log/net_log.h"	24 #include "net/log/net_log.h"

25 #include "net/log/test_net_log.h"	25 #include "net/log/test_net_log.h"

26 #include "net/log/test_net_log_entry.h"	26 #include "net/log/test_net_log_entry.h"

27 #include "net/test/cert_test_util.h"	27 #include "net/test/cert_test_util.h"

28 #include "net/test/ct_test_util.h"	28 #include "net/test/ct_test_util.h"

	29 #include "testing/gmock/include/gmock/gmock.h"

29 #include "testing/gtest/include/gtest/gtest.h"	30 #include "testing/gtest/include/gtest/gtest.h"

30	31

	32 using testing::_;

	33 using testing::Mock;

	34

31 namespace net {	35 namespace net {

32	36

33 namespace {	37 namespace {

34	38

35 const char kLogDescription[] = "somelog";	39 const char kLogDescription[] = "somelog";

36 const char kSCTCountHistogram[] =	40 const char kSCTCountHistogram[] =

37 "Net.CertificateTransparency.SCTsPerConnection";	41 "Net.CertificateTransparency.SCTsPerConnection";

38	42

	43 class MockSCTObserver : public CTVerifier::Observer {

	44 public:

	45 MOCK_METHOD2(OnSCTVerified,

	46 void(X509Certificate* cert,

	47 const ct::SignedCertificateTimestamp* sct));

	48 };

	49

39 class MultiLogCTVerifierTest : public ::testing::Test {	50 class MultiLogCTVerifierTest : public ::testing::Test {

40 public:	51 public:

41 void SetUp() override {	52 void SetUp() override {

42 scoped_refptr<CTLogVerifier> log(CTLogVerifier::Create(	53 scoped_refptr<CTLogVerifier> log(CTLogVerifier::Create(

43 ct::GetTestPublicKey(), kLogDescription, "https://ct.example.com"));	54 ct::GetTestPublicKey(), kLogDescription, "https://ct.example.com"));

44 ASSERT_TRUE(log);	55 ASSERT_TRUE(log);

45 log_verifiers_.push_back(log);	56 log_verifiers_.push_back(log);

46	57

47 verifier_.reset(new MultiLogCTVerifier());	58 verifier_.reset(new MultiLogCTVerifier());

48 verifier_->AddLogs(log_verifiers_);	59 verifier_->AddLogs(log_verifiers_);

(...skipping 245 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
294 EXPECT_EQ(old_embedded_count + 1, NumEmbeddedSCTsInHistogram());	305 EXPECT_EQ(old_embedded_count + 1, NumEmbeddedSCTsInHistogram());

295 }	306 }

296	307

297 TEST_F(MultiLogCTVerifierTest, CountsZeroSCTsCorrectly) {	308 TEST_F(MultiLogCTVerifierTest, CountsZeroSCTsCorrectly) {

298 int connections_without_scts = GetValueFromHistogram(kSCTCountHistogram, 0);	309 int connections_without_scts = GetValueFromHistogram(kSCTCountHistogram, 0);

299 EXPECT_FALSE(VerifySinglePrecertificateChain(chain_));	310 EXPECT_FALSE(VerifySinglePrecertificateChain(chain_));

300 ASSERT_EQ(connections_without_scts + 1,	311 ASSERT_EQ(connections_without_scts + 1,

301 GetValueFromHistogram(kSCTCountHistogram, 0));	312 GetValueFromHistogram(kSCTCountHistogram, 0));

302 }	313 }

303	314

	315 TEST_F(MultiLogCTVerifierTest, NotifiesOfValidSCT) {

	316 MockSCTObserver observer;

	317 verifier_->SetObserver(&observer);

	318

	319 EXPECT_CALL(observer, OnSCTVerified(embedded_sct_chain_.get(), _));

	320 ASSERT_TRUE(VerifySinglePrecertificateChain(embedded_sct_chain_));

	321 Mock::VerifyAndClearExpectations(&observer);
	Ryan Sleevi 2015/07/02 14:25:46 This isn't needed if you remove 322/323, since thi This isn't needed if you remove 322/323, since this is implicitly handled as the mock object goes out of scope. Eran Messeri 2015/07/02 15:04:38 Done. Show quoted text On 2015/07/02 14:25:46, Ryan Sleevi (slow through 7-15 wrote: > This isn't needed if you remove 322/323, since this is implicitly handled as the > mock object goes out of scope. Done.
	322

	323 verifier_->SetObserver(nullptr);
	Ryan Sleevi 2015/07/02 14:25:46 This isn't necessary - is it? verifier_ gets delet This isn't necessary - is it? verifier_ gets deleted as soon as this test completed. Eran Messeri 2015/07/02 15:04:39 Done. Show quoted text On 2015/07/02 14:25:46, Ryan Sleevi (slow through 7-15 wrote: > This isn't necessary - is it? verifier_ gets deleted as soon as this test > completed. Done.
	324 }

	325

	326 TEST_F(MultiLogCTVerifierTest, StopsNotifyingCorrectly) {

	327 MockSCTObserver observer;

	328 verifier_->SetObserver(&observer);

	329

	330 EXPECT_CALL(observer, OnSCTVerified(embedded_sct_chain_.get(), _)).Times(1);

	331 ASSERT_TRUE(VerifySinglePrecertificateChain(embedded_sct_chain_));

	332 verifier_->SetObserver(nullptr);
	Ryan Sleevi 2015/07/02 14:25:46 335 isn't strictly necessary, but it seems like yo 335 isn't strictly necessary, but it seems like you're not testing the ordering of the calls (namely, that the delivery of notifications happens prior to the SetObserver(nullptr) Suggested restructuring: 331 ASSERT_TRUE(...); 332 Mock::VerifyAndClearExpectations(&observer); 333 334 verifier_->SetObserver(nullptr) 335 ASSERT_TRUE(...); 336 } Eran Messeri 2015/07/02 15:04:38 Done, though I had to add: EXPECT_CALL(observer, O Show quoted text On 2015/07/02 14:25:46, Ryan Sleevi (slow through 7-15 wrote: > 335 isn't strictly necessary, but it seems like you're not testing the ordering > of the calls (namely, that the delivery of notifications happens prior to the > SetObserver(nullptr) > > Suggested restructuring: > > 331 ASSERT_TRUE(...); > 332 Mock::VerifyAndClearExpectations(&observer); > 333 > 334 verifier_->SetObserver(nullptr) > 335 ASSERT_TRUE(...); > 336 } Done, though I had to add: EXPECT_CALL(observer, OnSCTVerified(...)).Times(0); after VerifyAndClearExpectations otherwise the call would be allowed (and a warning would be emitted about an uninteresting mock function call)
	333 ASSERT_TRUE(VerifySinglePrecertificateChain(embedded_sct_chain_));

	334

	335 Mock::VerifyAndClearExpectations(&observer);

	336 }

	337

304 } // namespace	338 } // namespace

305	339

306 } // namespace net	340 } // namespace net

OLD	NEW

« net/cert/ct_verifier.h ('K') | « net/cert/multi_log_ct_verifier.cc ('k') | net/socket/ssl_client_socket_unittest.cc » ('j') | no next file with comments »