| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "components/certificate_transparency/log_proof_fetcher.h" |
| 6 |
| 7 #include <string> |
| 8 |
| 9 #include "base/strings/stringprintf.h" |
| 10 #include "components/safe_json/testing_json_parser.h" |
| 11 #include "net/base/net_errors.h" |
| 12 #include "net/base/network_delegate.h" |
| 13 #include "net/cert/signed_tree_head.h" |
| 14 #include "net/http/http_status_code.h" |
| 15 #include "net/test/ct_test_util.h" |
| 16 #include "net/url_request/url_request_context.h" |
| 17 #include "net/url_request/url_request_filter.h" |
| 18 #include "net/url_request/url_request_interceptor.h" |
| 19 #include "net/url_request/url_request_job.h" |
| 20 #include "net/url_request/url_request_test_job.h" |
| 21 #include "net/url_request/url_request_test_util.h" |
| 22 #include "testing/gtest/include/gtest/gtest.h" |
| 23 |
| 24 namespace certificate_transparency { |
| 25 |
| 26 namespace { |
| 27 |
| 28 const char kGetSTHHeaders[] = |
| 29 "HTTP/1.1 200 OK\0" |
| 30 "Content-Type: application/json; charset=ISO-8859-1\0"; |
| 31 |
| 32 const char kGetSTHNotFoundHeaders[] = |
| 33 "HTTP/1.1 404 Not Found\0" |
| 34 "Content-Type: text/html; charset=iso-8859-1\0"; |
| 35 |
| 36 const char kLogSchema[] = "https"; |
| 37 const char kLogHost[] = "ct.log.example.com"; |
| 38 const char kLogPathPrefix[] = "somelog"; |
| 39 const char kLogID[] = "some_id"; |
| 40 |
| 41 class FetchSTHTestJob : public net::URLRequestTestJob { |
| 42 public: |
| 43 FetchSTHTestJob(const std::string& get_sth_data, |
| 44 const std::string& get_sth_headers, |
| 45 net::URLRequest* request, |
| 46 net::NetworkDelegate* network_delegate) |
| 47 : URLRequestTestJob(request, |
| 48 network_delegate, |
| 49 get_sth_headers, |
| 50 get_sth_data, |
| 51 true), |
| 52 async_io_(false) {} |
| 53 |
| 54 void set_async_io(bool async_io) { async_io_ = async_io; } |
| 55 |
| 56 private: |
| 57 ~FetchSTHTestJob() override {} |
| 58 |
| 59 bool NextReadAsync() override { |
| 60 // Response with indication of async IO only once, otherwise the final |
| 61 // Read would (incorrectly) be classified as async, causing the |
| 62 // URLRequestJob to try reading another time and failing on a CHECK |
| 63 // that the raw_read_buffer_ is not null. |
| 64 // According to mmenke@, this is a bug in the URLRequestTestJob code. |
| 65 // TODO(eranm): Once said bug is fixed, switch most tests to using async |
| 66 // IO. |
| 67 if (async_io_) { |
| 68 async_io_ = false; |
| 69 return true; |
| 70 } |
| 71 return false; |
| 72 } |
| 73 |
| 74 bool async_io_; |
| 75 |
| 76 DISALLOW_COPY_AND_ASSIGN(FetchSTHTestJob); |
| 77 }; |
| 78 |
| 79 class GetSTHResponseHandler : public net::URLRequestInterceptor { |
| 80 public: |
| 81 GetSTHResponseHandler() |
| 82 : async_io_(false), |
| 83 response_body_(""), |
| 84 response_headers_( |
| 85 std::string(kGetSTHHeaders, arraysize(kGetSTHHeaders))) {} |
| 86 ~GetSTHResponseHandler() override {} |
| 87 |
| 88 // URLRequestInterceptor implementation: |
| 89 net::URLRequestJob* MaybeInterceptRequest( |
| 90 net::URLRequest* request, |
| 91 net::NetworkDelegate* network_delegate) const override { |
| 92 std::string expected_url = base::StringPrintf( |
| 93 "%s://%s/%s/ct/v1/get-sth", kLogSchema, kLogHost, kLogPathPrefix); |
| 94 EXPECT_EQ(GURL(expected_url), request->url()); |
| 95 FetchSTHTestJob* job = new FetchSTHTestJob( |
| 96 response_body_, response_headers_, request, network_delegate); |
| 97 job->set_async_io(async_io_); |
| 98 return job; |
| 99 } |
| 100 |
| 101 void set_response_body(std::string response_body) { |
| 102 response_body_ = response_body; |
| 103 } |
| 104 |
| 105 void set_response_headers(std::string response_headers) { |
| 106 response_headers_ = response_headers; |
| 107 } |
| 108 |
| 109 void set_async_io(bool async_io) { async_io_ = async_io; } |
| 110 |
| 111 private: |
| 112 bool async_io_; |
| 113 std::string response_body_; |
| 114 std::string response_headers_; |
| 115 |
| 116 DISALLOW_COPY_AND_ASSIGN(GetSTHResponseHandler); |
| 117 }; |
| 118 |
| 119 class RecordFetchCallbackInvocations { |
| 120 public: |
| 121 RecordFetchCallbackInvocations(bool expect_success) |
| 122 : expect_success_(expect_success), |
| 123 invoked_(false), |
| 124 net_error_(net::OK), |
| 125 http_response_code_(-1) {} |
| 126 |
| 127 void STHFetched(const std::string& log_id, |
| 128 const net::ct::SignedTreeHead& sth) { |
| 129 ASSERT_TRUE(expect_success_); |
| 130 ASSERT_FALSE(invoked_); |
| 131 invoked_ = true; |
| 132 // If expected to succeed, expecting the known_good STH. |
| 133 net::ct::SignedTreeHead expected_sth; |
| 134 net::ct::GetSampleSignedTreeHead(&expected_sth); |
| 135 |
| 136 EXPECT_EQ(kLogID, log_id); |
| 137 EXPECT_EQ(expected_sth.version, sth.version); |
| 138 EXPECT_EQ(expected_sth.timestamp, sth.timestamp); |
| 139 EXPECT_EQ(expected_sth.tree_size, sth.tree_size); |
| 140 EXPECT_STREQ(expected_sth.sha256_root_hash, sth.sha256_root_hash); |
| 141 EXPECT_EQ(expected_sth.signature.hash_algorithm, |
| 142 sth.signature.hash_algorithm); |
| 143 EXPECT_EQ(expected_sth.signature.signature_algorithm, |
| 144 sth.signature.signature_algorithm); |
| 145 EXPECT_EQ(expected_sth.signature.signature_data, |
| 146 sth.signature.signature_data); |
| 147 } |
| 148 |
| 149 void FetchingFailed(const std::string& log_id, |
| 150 int net_error, |
| 151 int http_response_code) { |
| 152 ASSERT_FALSE(expect_success_); |
| 153 ASSERT_FALSE(invoked_); |
| 154 invoked_ = true; |
| 155 net_error_ = net_error; |
| 156 http_response_code_ = http_response_code; |
| 157 if (net_error_ == net::OK) { |
| 158 EXPECT_NE(net::HTTP_OK, http_response_code_); |
| 159 } |
| 160 } |
| 161 |
| 162 bool invoked() const { return invoked_; } |
| 163 |
| 164 int net_error() const { return net_error_; } |
| 165 |
| 166 int http_response_code() const { return http_response_code_; } |
| 167 |
| 168 private: |
| 169 const bool expect_success_; |
| 170 bool invoked_; |
| 171 int net_error_; |
| 172 int http_response_code_; |
| 173 }; |
| 174 |
| 175 class LogProofFetcherTest : public ::testing::Test { |
| 176 public: |
| 177 LogProofFetcherTest() |
| 178 : log_url_(base::StringPrintf("%s://%s/%s/", |
| 179 kLogSchema, |
| 180 kLogHost, |
| 181 kLogPathPrefix)) { |
| 182 scoped_ptr<GetSTHResponseHandler> handler(new GetSTHResponseHandler()); |
| 183 handler_ = handler.get(); |
| 184 |
| 185 net::URLRequestFilter::GetInstance()->AddHostnameInterceptor( |
| 186 kLogSchema, kLogHost, handler.Pass()); |
| 187 |
| 188 fetcher_.reset(new LogProofFetcher(&context_)); |
| 189 } |
| 190 |
| 191 ~LogProofFetcherTest() override { |
| 192 net::URLRequestFilter::GetInstance()->RemoveHostnameHandler(kLogSchema, |
| 193 kLogHost); |
| 194 } |
| 195 |
| 196 protected: |
| 197 void SetValidSTHJSONResponse() { |
| 198 std::string sth_json_reply_data = net::ct::GetSampleSTHAsJson(); |
| 199 handler_->set_response_body(sth_json_reply_data); |
| 200 } |
| 201 |
| 202 void RunFetcherWithCallback(RecordFetchCallbackInvocations* callback) { |
| 203 fetcher_->FetchSignedTreeHead( |
| 204 log_url_, kLogID, |
| 205 base::Bind(&RecordFetchCallbackInvocations::STHFetched, |
| 206 base::Unretained(callback)), |
| 207 base::Bind(&RecordFetchCallbackInvocations::FetchingFailed, |
| 208 base::Unretained(callback))); |
| 209 message_loop_.RunUntilIdle(); |
| 210 } |
| 211 |
| 212 base::MessageLoopForIO message_loop_; |
| 213 net::TestURLRequestContext context_; |
| 214 safe_json::TestingJsonParser::ScopedFactoryOverride factory_override_; |
| 215 scoped_ptr<LogProofFetcher> fetcher_; |
| 216 const GURL log_url_; |
| 217 GetSTHResponseHandler* handler_; |
| 218 }; |
| 219 |
| 220 TEST_F(LogProofFetcherTest, TestValidGetReply) { |
| 221 SetValidSTHJSONResponse(); |
| 222 |
| 223 RecordFetchCallbackInvocations callback(true); |
| 224 |
| 225 RunFetcherWithCallback(&callback); |
| 226 |
| 227 ASSERT_TRUE(callback.invoked()); |
| 228 } |
| 229 |
| 230 TEST_F(LogProofFetcherTest, TestValidGetReplyAsyncIO) { |
| 231 SetValidSTHJSONResponse(); |
| 232 handler_->set_async_io(true); |
| 233 |
| 234 RecordFetchCallbackInvocations callback(true); |
| 235 RunFetcherWithCallback(&callback); |
| 236 |
| 237 ASSERT_TRUE(callback.invoked()); |
| 238 } |
| 239 |
| 240 TEST_F(LogProofFetcherTest, TestInvalidGetReplyIncompleteJSON) { |
| 241 std::string sth_json_reply_data = net::ct::CreateSignedTreeHeadJsonString( |
| 242 21 /* tree_size */, 123456u /* timestamp */, std::string(), |
| 243 std::string()); |
| 244 handler_->set_response_body(sth_json_reply_data); |
| 245 |
| 246 RecordFetchCallbackInvocations callback(false); |
| 247 RunFetcherWithCallback(&callback); |
| 248 |
| 249 ASSERT_TRUE(callback.invoked()); |
| 250 EXPECT_EQ(net::ERR_CT_STH_INCOMPLETE, callback.net_error()); |
| 251 } |
| 252 |
| 253 TEST_F(LogProofFetcherTest, TestInvalidGetReplyInvalidJSON) { |
| 254 std::string sth_json_reply_data = "{\"tree_size\":21,\"timestamp\":}"; |
| 255 handler_->set_response_body(sth_json_reply_data); |
| 256 |
| 257 RecordFetchCallbackInvocations callback(false); |
| 258 RunFetcherWithCallback(&callback); |
| 259 |
| 260 ASSERT_TRUE(callback.invoked()); |
| 261 EXPECT_EQ(net::ERR_CT_STH_PARSING_FAILED, callback.net_error()); |
| 262 } |
| 263 |
| 264 TEST_F(LogProofFetcherTest, TestLogReplyIsTooLong) { |
| 265 std::string sth_json_reply_data = net::ct::GetSampleSTHAsJson(); |
| 266 // Add kMaxLogResponseSizeInBytes to make sure the response is too big. |
| 267 sth_json_reply_data.append( |
| 268 std::string(LogProofFetcher::kMaxLogResponseSizeInBytes, ' ')); |
| 269 handler_->set_response_body(sth_json_reply_data); |
| 270 |
| 271 RecordFetchCallbackInvocations callback(false); |
| 272 RunFetcherWithCallback(&callback); |
| 273 |
| 274 ASSERT_TRUE(callback.invoked()); |
| 275 EXPECT_EQ(net::ERR_FILE_TOO_BIG, callback.net_error()); |
| 276 EXPECT_EQ(net::HTTP_OK, callback.http_response_code()); |
| 277 } |
| 278 |
| 279 TEST_F(LogProofFetcherTest, TestLogReplyIsExactlyMaxSize) { |
| 280 std::string sth_json_reply_data = net::ct::GetSampleSTHAsJson(); |
| 281 // Extend the reply to be exactly kMaxLogResponseSizeInBytes. |
| 282 sth_json_reply_data.append(std::string( |
| 283 LogProofFetcher::kMaxLogResponseSizeInBytes - sth_json_reply_data.size(), |
| 284 ' ')); |
| 285 handler_->set_response_body(sth_json_reply_data); |
| 286 |
| 287 RecordFetchCallbackInvocations callback(true); |
| 288 RunFetcherWithCallback(&callback); |
| 289 |
| 290 ASSERT_TRUE(callback.invoked()); |
| 291 } |
| 292 |
| 293 TEST_F(LogProofFetcherTest, TestLogRepliesWithHttpError) { |
| 294 handler_->set_response_headers( |
| 295 std::string(kGetSTHNotFoundHeaders, arraysize(kGetSTHNotFoundHeaders))); |
| 296 |
| 297 RecordFetchCallbackInvocations callback(false); |
| 298 RunFetcherWithCallback(&callback); |
| 299 |
| 300 ASSERT_TRUE(callback.invoked()); |
| 301 EXPECT_EQ(net::OK, callback.net_error()); |
| 302 EXPECT_EQ(net::HTTP_NOT_FOUND, callback.http_response_code()); |
| 303 } |
| 304 |
| 305 } // namespace |
| 306 |
| 307 } // namespace certificate_transparency |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1222953002:
Certificate Transparency: Add STH Fetching capability. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master