Certificate Transparency: Add STH Fetching capability.

components/certificate_transparency/log_proof_fetcher_unittest.cc

+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "components/certificate_transparency/log_proof_fetcher.h"
+
+#include <string>
+
+#include "components/safe_json/testing_json_parser.h"
+#include "net/base/net_errors.h"
+#include "net/base/network_delegate.h"
+#include "net/cert/signed_tree_head.h"
+#include "net/http/http_status_code.h"
+#include "net/test/ct_test_util.h"
+#include "net/url_request/url_request_context.h"
+#include "net/url_request/url_request_filter.h"
+#include "net/url_request/url_request_interceptor.h"
+#include "net/url_request/url_request_job.h"
+#include "net/url_request/url_request_test_job.h"
+#include "net/url_request/url_request_test_util.h"
+
+#include "testing/gtest/include/gtest/gtest.h"
+
+namespace certificate_transparency {
+
+namespace {
+
+const char kGetSTHHeaders[] =
+    "HTTP/1.1 200 OK\0"
+    "Content-Type: application/json; charset=ISO-8859-1\0"
+    "\0";
+
+const char kLogSchema[] = "https";
+const char kLogURL[] = "ct.log.example.com";
+
+std::string GetLogID() {
+  return std::string("some_id");
+}
+
+class FetchSTHTestJob : public net::URLRequestTestJob {
+ public:
+  FetchSTHTestJob(const std::string& get_sth_data,
+                  net::URLRequest* request,
+                  net::NetworkDelegate* network_delegate)
+      : URLRequestTestJob(request,
+                          network_delegate,
+                          std::string(kGetSTHHeaders),
+                          get_sth_data,
+                          true),
+        async_io_(false),
+        response_code_(net::HTTP_OK) {}
+
+  void SetAsyncIO(bool async_io) { async_io_ = async_io; }
+
+  void SetResponseCode(int response_code) { response_code_ = response_code; }
+
+  int GetResponseCode() const override { return response_code_; }
+
+ protected:
+  bool NextReadAsync() override { return async_io_; }
+
+ private:
+  bool async_io_;
+  int response_code_;
+
+  ~FetchSTHTestJob() override {}
+  DISALLOW_COPY_AND_ASSIGN(FetchSTHTestJob);
+};
+
+class GetSTHResponseHandler : public net::URLRequestInterceptor {
+ public:
+  GetSTHResponseHandler()
+      : async_io_(false), response_data_(""), response_code_(net::HTTP_OK) {}
+  ~GetSTHResponseHandler() override {}
+
+  // URLRequestInterceptor implementation:
+  net::URLRequestJob* MaybeInterceptRequest(
+      net::URLRequest* request,
+      net::NetworkDelegate* network_delegate) const override {
+    FetchSTHTestJob* job =
+        new FetchSTHTestJob(response_data_, request, network_delegate);
+    job->SetAsyncIO(async_io_);
+    job->SetResponseCode(response_code_);
+    return job;
+  }
+
+  void SetResponseData(std::string response_data) {
+    response_data_ = response_data;
+  }
+
+  void SetAsyncIO(bool async_io) { async_io_ = async_io; }
+
+  void SetResponseCode(int response_code) { response_code_ = response_code; }
+
+ private:
+  bool async_io_;
+  std::string response_data_;
+  int response_code_;
+
+  DISALLOW_COPY_AND_ASSIGN(GetSTHResponseHandler);
+};
+
+class RecordFetchCallbackInvocations {
+ public:
+  RecordFetchCallbackInvocations() : invoked_(false), failed_(false) {}
+
+  virtual void STHFetched(const std::string& log_id,
+                          const net::ct::SignedTreeHead& sth) {
+    invoked_ = true;
+  }
+
+  void FetchingFailed(const std::string& log_id,
+                      int net_error,
+                      int http_response_code) {
+    invoked_ = true;
+    failed_ = true;
+    net_error_ = net_error;
+    http_response_code_ = http_response_code;
+  }
+
+  bool invoked() { return invoked_; }
+
+  bool failed() { return failed_; }
+
+  int net_error() { return net_error_; }
+
+  int http_response_code() { return http_response_code_; }
+
+ private:
+  bool invoked_;
+  bool failed_;
+  int net_error_;
+  int http_response_code_;
+};
+
+class ExpectedSuccessCallback : public RecordFetchCallbackInvocations {
+ public:
+  ExpectedSuccessCallback() { net::ct::GetSampleSignedTreeHead(&known_sth_); }
+
+  explicit ExpectedSuccessCallback(const net::ct::SignedTreeHead& sth)
+      : known_sth_(sth) {}
+
+  void STHFetched(const std::string& log_id,
+                  const net::ct::SignedTreeHead& sth) override {
+    ASSERT_EQ(GetLogID(), log_id);
+    ASSERT_EQ(sth.version, known_sth_.version);
+    ASSERT_EQ(sth.timestamp, known_sth_.timestamp);
+    ASSERT_EQ(sth.tree_size, known_sth_.tree_size);
+    ASSERT_STREQ(sth.sha256_root_hash, known_sth_.sha256_root_hash);
+    ASSERT_EQ(sth.signature.hash_algorithm,
+              known_sth_.signature.hash_algorithm);
+    ASSERT_EQ(sth.signature.signature_algorithm,
+              known_sth_.signature.signature_algorithm);
+    ASSERT_EQ(sth.signature.signature_data,
+              known_sth_.signature.signature_data);
+
+    RecordFetchCallbackInvocations::STHFetched(log_id, sth);
+  }
+
+ private:
+  net::ct::SignedTreeHead known_sth_;
+};
+
+class LogProofFetcherTest : public ::testing::Test {
+ public:
+  LogProofFetcherTest()
+      : context_(true),
+        log_url_(std::string(kLogSchema) + "://" + std::string(kLogURL) + "/") {
+    context_.Init();
+  }
+
+  void SetUp() override {
+    scoped_ptr<GetSTHResponseHandler> handler(new GetSTHResponseHandler());
+    handler_ = handler.get();
+
+    net::URLRequestFilter::GetInstance()->AddHostnameInterceptor(
+        kLogSchema, kLogURL, handler.Pass());
+
+    fetcher_.reset(new LogProofFetcher(&context_));
+  }
+
+  void TearDown() override {
+    net::URLRequestFilter::GetInstance()->RemoveHostnameHandler(kLogSchema,
+                                                                kLogURL);
+  }
+
+ protected:
+  void SetValidSTHJSONResponse() {
+    std::string sth_json_reply_data = net::ct::GetSampleSTHAsJson();
+    handler_->SetResponseData(sth_json_reply_data);
+  }
+
+  void RunFetcherWithCallback(RecordFetchCallbackInvocations* callback) {
+    fetcher_->FetchSignedTreeHead(
+        log_url_, GetLogID(),
+        base::Bind(&RecordFetchCallbackInvocations::STHFetched,
+                   base::Unretained(callback)),
+        base::Bind(&RecordFetchCallbackInvocations::FetchingFailed,
+                   base::Unretained(callback)));
+    message_loop_.RunUntilIdle();
+  }
+
+  base::MessageLoopForIO message_loop_;
+  net::TestURLRequestContext context_;
+  safe_json::TestingJsonParser::ScopedFactoryOverride factory_override_;
+  scoped_ptr<LogProofFetcher> fetcher_;
+  GURL log_url_;
+  GetSTHResponseHandler* handler_;
+};
+
+TEST_F(LogProofFetcherTest, TestValidGetSTHReply) {
+  SetValidSTHJSONResponse();
+
+  ExpectedSuccessCallback cb;
+  RunFetcherWithCallback(&cb);
+
+  ASSERT_TRUE(cb.invoked());
+  ASSERT_FALSE(cb.failed());
+}
+
+TEST_F(LogProofFetcherTest, TestValidGetSTHReplyAsyncIO) {
+  SetValidSTHJSONResponse();
+  handler_->SetAsyncIO(true);
+
+  ExpectedSuccessCallback cb;
+  RunFetcherWithCallback(&cb);
+
+  ASSERT_TRUE(cb.invoked());
+  ASSERT_FALSE(cb.failed());
+}
+
+TEST_F(LogProofFetcherTest, TestInvalidGetSTHReplyIncompleteSTH) {
+  std::string sth_json_reply_data = net::ct::CreateSignedTreeHeadJsonString(
+      21 /* tree_size */, 123456u /* timestamp */, std::string(""),
+      std::string(""));
+  handler_->SetResponseData(sth_json_reply_data);
+
+  RecordFetchCallbackInvocations cb;
+  RunFetcherWithCallback(&cb);
+
+  ASSERT_TRUE(cb.invoked());
+  ASSERT_TRUE(cb.failed());
+  ASSERT_EQ(net::ERR_CT_STH_INCOMPLETE, cb.net_error());
+}
+
+TEST_F(LogProofFetcherTest, TestInvalidGetSTHReplyInvalidJSON) {
+  std::string sth_json_reply_data = "{\"tree_size\":21,\"timestamp\":}";
+  handler_->SetResponseData(sth_json_reply_data);
+
+  RecordFetchCallbackInvocations cb;
+  RunFetcherWithCallback(&cb);
+
+  ASSERT_TRUE(cb.invoked());
+  ASSERT_TRUE(cb.failed());
+  ASSERT_EQ(net::ERR_CT_STH_PARSING_FAILED, cb.net_error());
+}
+
+TEST_F(LogProofFetcherTest, TestLogReplyIsTooLong) {
+  std::string sth_json_reply_data = net::ct::GetSampleSTHAsJson();
+  // kMaxLogResponseSizeInBytes is 600 - add that much to make sure the response
+  // is too big.
+  sth_json_reply_data.append(std::string(600, ' '));
+  handler_->SetResponseData(sth_json_reply_data);
+
+  RecordFetchCallbackInvocations cb;
+  RunFetcherWithCallback(&cb);
+
+  ASSERT_TRUE(cb.invoked());
+  ASSERT_TRUE(cb.failed());
+  ASSERT_EQ(net::ERR_FILE_TOO_BIG, cb.net_error());
+  ASSERT_EQ(net::HTTP_OK, cb.http_response_code());
+}
+
+TEST_F(LogProofFetcherTest, TestLogReplyIsExactlyMaxSize) {
+  std::string sth_json_reply_data = net::ct::GetSampleSTHAsJson();
+  // Extend the reply to be exactly kMaxLogResponseSizeInBytes.
+  sth_json_reply_data.append(
+      std::string(600 - sth_json_reply_data.size(), ' '));
+  handler_->SetResponseData(sth_json_reply_data);
+
+  ExpectedSuccessCallback cb;
+  RunFetcherWithCallback(&cb);
+
+  ASSERT_TRUE(cb.invoked());
+  ASSERT_FALSE(cb.failed());
+}
+
+TEST_F(LogProofFetcherTest, TestLogRepliesWithHttpError) {
+  handler_->SetResponseCode(net::HTTP_NOT_FOUND);
+
+  RecordFetchCallbackInvocations cb;
+  RunFetcherWithCallback(&cb);
+
+  ASSERT_TRUE(cb.invoked());
+  ASSERT_TRUE(cb.failed());
+  ASSERT_EQ(net::OK, cb.net_error());
+  ASSERT_EQ(net::HTTP_NOT_FOUND, cb.http_response_code());
+}
+
+}  // namespace
+
+}  // namespace certificate_transparency