Index: components/certificate_transparency/log_proof_fetcher_unittest.cc |
diff --git a/components/certificate_transparency/log_proof_fetcher_unittest.cc b/components/certificate_transparency/log_proof_fetcher_unittest.cc |
new file mode 100644 |
index 0000000000000000000000000000000000000000..039713ea058a204b186ba7f462be896c528986bb |
--- /dev/null |
+++ b/components/certificate_transparency/log_proof_fetcher_unittest.cc |
@@ -0,0 +1,312 @@ |
+// Copyright 2015 The Chromium Authors. All rights reserved. |
+// Use of this source code is governed by a BSD-style license that can be |
+// found in the LICENSE file. |
+ |
+#include "components/certificate_transparency/log_proof_fetcher.h" |
+ |
+#include <string> |
+ |
+#include "components/safe_json/testing_json_parser.h" |
+#include "net/base/net_errors.h" |
+#include "net/base/network_delegate.h" |
+#include "net/cert/signed_tree_head.h" |
+#include "net/http/http_status_code.h" |
+#include "net/test/ct_test_util.h" |
+#include "net/url_request/url_request_context.h" |
+#include "net/url_request/url_request_filter.h" |
+#include "net/url_request/url_request_interceptor.h" |
+#include "net/url_request/url_request_job.h" |
+#include "net/url_request/url_request_test_job.h" |
+#include "net/url_request/url_request_test_util.h" |
+ |
+#include "testing/gtest/include/gtest/gtest.h" |
mmenke
2015/08/03 18:18:54
This should go up a line
Eran Messeri
2015/08/04 16:15:43
Done.
|
+ |
+namespace certificate_transparency { |
+ |
+namespace { |
+ |
+const char kGetSTHHeaders[] = |
+ "HTTP/1.1 200 OK\0" |
+ "Content-Type: application/json; charset=ISO-8859-1\0" |
+ "\0"; |
+ |
+const char kLogSchema[] = "https"; |
+const char kLogURL[] = "ct.log.example.com"; |
+ |
+std::string GetLogID() { |
+ return std::string("some_id"); |
+} |
mmenke
2015/08/03 18:18:54
Can't this just be a const char[]?
Eran Messeri
2015/08/04 16:15:43
Done.
|
+ |
+class FetchSTHTestJob : public net::URLRequestTestJob { |
+ public: |
+ FetchSTHTestJob(const std::string& get_sth_data, |
+ net::URLRequest* request, |
+ net::NetworkDelegate* network_delegate) |
+ : URLRequestTestJob(request, |
+ network_delegate, |
+ std::string(kGetSTHHeaders), |
mmenke
2015/08/03 18:18:54
BUG: This std::string only includes the first lin
Eran Messeri
2015/08/04 16:15:43
Good point, I've passed the size to the std::strin
|
+ get_sth_data, |
+ true), |
+ async_io_(false), |
+ response_code_(net::HTTP_OK) {} |
+ |
+ void SetAsyncIO(bool async_io) { async_io_ = async_io; } |
+ |
+ void SetResponseCode(int response_code) { response_code_ = response_code; } |
+ |
+ int GetResponseCode() const override { return response_code_; } |
+ |
+ protected: |
+ bool NextReadAsync() override { |
+ // Response with indication of async IO only once, otherwise the final |
+ // Read would (incorrectly) be classified as async, causing the |
+ // URLRequestJob to try reading another time and failing on a CHECK |
+ // that the raw_read_buffer_ is not null. |
+ if (async_io_) { |
+ async_io_ = false; |
+ return true; |
+ } |
+ return false; |
+ } |
+ |
+ private: |
+ bool async_io_; |
+ int response_code_; |
+ |
+ ~FetchSTHTestJob() override {} |
+ DISALLOW_COPY_AND_ASSIGN(FetchSTHTestJob); |
+}; |
+ |
+class GetSTHResponseHandler : public net::URLRequestInterceptor { |
+ public: |
+ GetSTHResponseHandler() |
+ : async_io_(false), response_data_(""), response_code_(net::HTTP_OK) {} |
+ ~GetSTHResponseHandler() override {} |
+ |
+ // URLRequestInterceptor implementation: |
+ net::URLRequestJob* MaybeInterceptRequest( |
+ net::URLRequest* request, |
+ net::NetworkDelegate* network_delegate) const override { |
+ FetchSTHTestJob* job = |
+ new FetchSTHTestJob(response_data_, request, network_delegate); |
+ job->SetAsyncIO(async_io_); |
+ job->SetResponseCode(response_code_); |
+ return job; |
+ } |
+ |
+ void SetResponseData(std::string response_data) { |
+ response_data_ = response_data; |
+ } |
+ |
+ void SetAsyncIO(bool async_io) { async_io_ = async_io; } |
+ |
+ void SetResponseCode(int response_code) { response_code_ = response_code; } |
+ |
+ private: |
+ bool async_io_; |
+ std::string response_data_; |
+ int response_code_; |
+ |
+ DISALLOW_COPY_AND_ASSIGN(GetSTHResponseHandler); |
+}; |
+ |
+class RecordFetchCallbackInvocations { |
+ public: |
+ RecordFetchCallbackInvocations() : invoked_(false), failed_(false) {} |
+ |
+ virtual void STHFetched(const std::string& log_id, |
+ const net::ct::SignedTreeHead& sth) { |
+ invoked_ = true; |
+ } |
+ |
+ void FetchingFailed(const std::string& log_id, |
+ int net_error, |
+ int http_response_code) { |
+ invoked_ = true; |
+ failed_ = true; |
+ net_error_ = net_error; |
+ http_response_code_ = http_response_code; |
mmenke
2015/08/03 18:18:54
Suggest a sanity check here:
if (net_error_ == ne
Eran Messeri
2015/08/04 16:15:43
Partly done - I've adopted the first clause, as it
|
+ } |
+ |
+ bool invoked() { return invoked_; } |
+ |
+ bool failed() { return failed_; } |
+ |
+ int net_error() { return net_error_; } |
+ |
+ int http_response_code() { return http_response_code_; } |
+ |
+ private: |
+ bool invoked_; |
+ bool failed_; |
+ int net_error_; |
+ int http_response_code_; |
+}; |
+ |
+class ExpectedSuccessCallback : public RecordFetchCallbackInvocations { |
+ public: |
+ ExpectedSuccessCallback() { net::ct::GetSampleSignedTreeHead(&known_sth_); } |
+ |
+ explicit ExpectedSuccessCallback(const net::ct::SignedTreeHead& sth) |
+ : known_sth_(sth) {} |
+ |
+ void STHFetched(const std::string& log_id, |
+ const net::ct::SignedTreeHead& sth) override { |
+ ASSERT_EQ(GetLogID(), log_id); |
+ ASSERT_EQ(sth.version, known_sth_.version); |
+ ASSERT_EQ(sth.timestamp, known_sth_.timestamp); |
+ ASSERT_EQ(sth.tree_size, known_sth_.tree_size); |
+ ASSERT_STREQ(sth.sha256_root_hash, known_sth_.sha256_root_hash); |
+ ASSERT_EQ(sth.signature.hash_algorithm, |
+ known_sth_.signature.hash_algorithm); |
+ ASSERT_EQ(sth.signature.signature_algorithm, |
+ known_sth_.signature.signature_algorithm); |
+ ASSERT_EQ(sth.signature.signature_data, |
+ known_sth_.signature.signature_data); |
mmenke
2015/08/03 18:18:54
Can we just move this into RecordFetchCallbackInvo
Eran Messeri
2015/08/04 16:15:43
Done - since it's the same expected_sth, I've adde
|
+ |
+ RecordFetchCallbackInvocations::STHFetched(log_id, sth); |
+ } |
+ |
+ private: |
+ net::ct::SignedTreeHead known_sth_; |
+}; |
+ |
+class LogProofFetcherTest : public ::testing::Test { |
+ public: |
+ LogProofFetcherTest() |
+ : context_(true), |
+ log_url_(std::string(kLogSchema) + "://" + std::string(kLogURL) + "/") { |
+ context_.Init(); |
mmenke
2015/08/03 18:18:54
Not reason to do this - just remove the Init() cal
Eran Messeri
2015/08/04 16:15:43
Done.
|
+ } |
+ |
+ void SetUp() override { |
+ scoped_ptr<GetSTHResponseHandler> handler(new GetSTHResponseHandler()); |
+ handler_ = handler.get(); |
+ |
+ net::URLRequestFilter::GetInstance()->AddHostnameInterceptor( |
+ kLogSchema, kLogURL, handler.Pass()); |
+ |
+ fetcher_.reset(new LogProofFetcher(&context_)); |
mmenke
2015/08/03 18:18:54
Can just do this in the constructor (And TearDown
Eran Messeri
2015/08/04 16:15:43
Done.
|
+ } |
+ |
+ void TearDown() override { |
+ net::URLRequestFilter::GetInstance()->RemoveHostnameHandler(kLogSchema, |
+ kLogURL); |
+ } |
+ |
+ protected: |
+ void SetValidSTHJSONResponse() { |
+ std::string sth_json_reply_data = net::ct::GetSampleSTHAsJson(); |
+ handler_->SetResponseData(sth_json_reply_data); |
+ } |
+ |
+ void RunFetcherWithCallback(RecordFetchCallbackInvocations* callback) { |
+ fetcher_->FetchSignedTreeHead( |
+ log_url_, GetLogID(), |
+ base::Bind(&RecordFetchCallbackInvocations::STHFetched, |
+ base::Unretained(callback)), |
+ base::Bind(&RecordFetchCallbackInvocations::FetchingFailed, |
+ base::Unretained(callback))); |
+ message_loop_.RunUntilIdle(); |
mmenke
2015/08/03 18:18:54
Not a big fan of RunUntilIdle - it does generally
Eran Messeri
2015/08/04 16:15:43
Not entirely sure why, but the interceptor (added
mmenke
2015/08/04 19:54:29
Not that I'm aware of. You need a MessageLoopForI
|
+ } |
+ |
+ base::MessageLoopForIO message_loop_; |
+ net::TestURLRequestContext context_; |
+ safe_json::TestingJsonParser::ScopedFactoryOverride factory_override_; |
+ scoped_ptr<LogProofFetcher> fetcher_; |
+ GURL log_url_; |
mmenke
2015/08/03 18:18:54
const
Eran Messeri
2015/08/04 16:15:43
Done.
|
+ GetSTHResponseHandler* handler_; |
+}; |
+ |
+TEST_F(LogProofFetcherTest, TestValidGetSTHReply) { |
mmenke
2015/08/03 18:18:54
Suggest getting rid of STH in test names, to make
Eran Messeri
2015/08/04 16:15:43
Done - removed STH from test names.
|
+ SetValidSTHJSONResponse(); |
+ |
+ ExpectedSuccessCallback cb; |
mmenke
2015/08/03 18:18:54
optional: Suggest just writing out callback. Sty
Eran Messeri
2015/08/04 16:15:43
Done.
|
+ RunFetcherWithCallback(&cb); |
+ |
+ ASSERT_TRUE(cb.invoked()); |
+ ASSERT_FALSE(cb.failed()); |
+} |
+ |
+TEST_F(LogProofFetcherTest, TestValidGetSTHReplyAsyncIO) { |
+ SetValidSTHJSONResponse(); |
+ handler_->SetAsyncIO(true); |
+ |
+ ExpectedSuccessCallback cb; |
+ RunFetcherWithCallback(&cb); |
+ |
+ ASSERT_TRUE(cb.invoked()); |
+ ASSERT_FALSE(cb.failed()); |
+} |
+ |
+TEST_F(LogProofFetcherTest, TestInvalidGetSTHReplyIncompleteSTH) { |
+ std::string sth_json_reply_data = net::ct::CreateSignedTreeHeadJsonString( |
+ 21 /* tree_size */, 123456u /* timestamp */, std::string(""), |
+ std::string("")); |
+ handler_->SetResponseData(sth_json_reply_data); |
+ |
+ RecordFetchCallbackInvocations cb; |
+ RunFetcherWithCallback(&cb); |
+ |
+ ASSERT_TRUE(cb.invoked()); |
+ ASSERT_TRUE(cb.failed()); |
+ ASSERT_EQ(net::ERR_CT_STH_INCOMPLETE, cb.net_error()); |
+} |
+ |
+TEST_F(LogProofFetcherTest, TestInvalidGetSTHReplyInvalidJSON) { |
+ std::string sth_json_reply_data = "{\"tree_size\":21,\"timestamp\":}"; |
+ handler_->SetResponseData(sth_json_reply_data); |
+ |
+ RecordFetchCallbackInvocations cb; |
+ RunFetcherWithCallback(&cb); |
+ |
+ ASSERT_TRUE(cb.invoked()); |
+ ASSERT_TRUE(cb.failed()); |
+ ASSERT_EQ(net::ERR_CT_STH_PARSING_FAILED, cb.net_error()); |
+} |
+ |
+TEST_F(LogProofFetcherTest, TestLogReplyIsTooLong) { |
+ std::string sth_json_reply_data = net::ct::GetSampleSTHAsJson(); |
+ // kMaxLogResponseSizeInBytes is 600 - add that much to make sure the response |
+ // is too big. |
+ sth_json_reply_data.append(std::string(600, ' ')); |
mmenke
2015/08/03 18:18:54
It's much better to expose MaxLogResponseSizeInByt
Eran Messeri
2015/08/04 16:15:43
Done.
|
+ handler_->SetResponseData(sth_json_reply_data); |
+ |
+ RecordFetchCallbackInvocations cb; |
+ RunFetcherWithCallback(&cb); |
+ |
+ ASSERT_TRUE(cb.invoked()); |
+ ASSERT_TRUE(cb.failed()); |
+ ASSERT_EQ(net::ERR_FILE_TOO_BIG, cb.net_error()); |
+ ASSERT_EQ(net::HTTP_OK, cb.http_response_code()); |
+} |
+ |
+TEST_F(LogProofFetcherTest, TestLogReplyIsExactlyMaxSize) { |
+ std::string sth_json_reply_data = net::ct::GetSampleSTHAsJson(); |
+ // Extend the reply to be exactly kMaxLogResponseSizeInBytes. |
+ sth_json_reply_data.append( |
+ std::string(600 - sth_json_reply_data.size(), ' ')); |
+ handler_->SetResponseData(sth_json_reply_data); |
+ |
+ ExpectedSuccessCallback cb; |
+ RunFetcherWithCallback(&cb); |
+ |
+ ASSERT_TRUE(cb.invoked()); |
+ ASSERT_FALSE(cb.failed()); |
+} |
+ |
+TEST_F(LogProofFetcherTest, TestLogRepliesWithHttpError) { |
+ handler_->SetResponseCode(net::HTTP_NOT_FOUND); |
+ |
+ RecordFetchCallbackInvocations cb; |
+ RunFetcherWithCallback(&cb); |
+ |
+ ASSERT_TRUE(cb.invoked()); |
+ ASSERT_TRUE(cb.failed()); |
+ ASSERT_EQ(net::OK, cb.net_error()); |
+ ASSERT_EQ(net::HTTP_NOT_FOUND, cb.http_response_code()); |
+} |
+ |
+} // namespace |
+ |
+} // namespace certificate_transparency |