Attach a SecurityStyle to each request in ResourceLoader

content/browser/loader/resource_loader_unittest.cc

 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/browser/loader/resource_loader.h"
 
 #include "base/files/file.h"
 #include "base/files/file_util.h"
 #include "base/location.h"
 #include "base/macros.h"
 #include "base/run_loop.h"
 #include "base/single_thread_task_runner.h"
 #include "base/thread_task_runner_handle.h"
 #include "content/browser/browser_thread_impl.h"
 #include "content/browser/loader/redirect_to_file_resource_handler.h"
 #include "content/browser/loader/resource_loader_delegate.h"
+#include "content/common/ssl_status_serialization.h"
+#include "content/public/browser/cert_store.h"
 #include "content/public/browser/client_certificate_delegate.h"
 #include "content/public/browser/resource_request_info.h"
 #include "content/public/common/content_paths.h"
 #include "content/public/common/resource_response.h"
 #include "content/public/test/mock_resource_context.h"
 #include "content/public/test/test_browser_context.h"
 #include "content/public/test/test_browser_thread_bundle.h"
 #include "content/public/test/test_renderer_host.h"
 #include "content/test/test_content_browser_client.h"
 #include "content/test/test_web_contents.h"
 #include "ipc/ipc_message.h"
 #include "net/base/chunked_upload_data_stream.h"
 #include "net/base/io_buffer.h"
 #include "net/base/mock_file_stream.h"
 #include "net/base/net_errors.h"
 #include "net/base/request_priority.h"
+#include "net/base/test_data_directory.h"
 #include "net/base/upload_bytes_element_reader.h"
 #include "net/cert/x509_certificate.h"
 #include "net/ssl/client_cert_store.h"
 #include "net/ssl/ssl_cert_request_info.h"
+#include "net/test/cert_test_util.h"
 #include "net/test/embedded_test_server/embedded_test_server.h"
 #include "net/url_request/url_request.h"
+#include "net/url_request/url_request_filter.h"
+#include "net/url_request/url_request_interceptor.h"
 #include "net/url_request/url_request_job_factory.h"
 #include "net/url_request/url_request_job_factory_impl.h"
 #include "net/url_request/url_request_test_job.h"
 #include "net/url_request/url_request_test_util.h"
 #include "storage/browser/blob/shareable_file_reference.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
 using storage::ShareableFileReference;
 
 namespace content {
@@ skipping 108 matching lines @@
     : public net::URLRequestJobFactory::ProtocolHandler {
  public:
   // URLRequestJobFactory::ProtocolHandler implementation:
   net::URLRequestJob* MaybeCreateJob(
       net::URLRequest* request,
       net::NetworkDelegate* network_delegate) const override {
     return new MockClientCertURLRequestJob(request, network_delegate);
   }
 };
 
+// Set up dummy values to use in test HTTPS requests.
+
+scoped_refptr<net::X509Certificate> GetTestCert() {
+  return net::ImportCertFromFile(net::GetTestCertsDirectory(),
+                                 "test_mail_google_com.pem");
+}
+
+const net::CertStatus kTestCertError = net::CERT_STATUS_DATE_INVALID;
+const int kTestSecurityBits = 256;
+// SSL3 TLS_DHE_RSA_WITH_AES_256_CBC_SHA
+const int kTestConnectionStatus = 0x300039;
+
+// A mock URLRequestJob which simulates an HTTPS request.
+class MockHTTPSURLRequestJob : public net::URLRequestTestJob {
+ public:
+  MockHTTPSURLRequestJob(net::URLRequest* request,
+                         net::NetworkDelegate* network_delegate,
+                         const std::string& response_headers,
+                         const std::string& response_data,
+                         bool auto_advance)
+      : net::URLRequestTestJob(request,
+                               network_delegate,
+                               response_headers,
+                               response_data,
+                               auto_advance) {}
+
+  // net::URLRequestTestJob:
+  void GetResponseInfo(net::HttpResponseInfo* info) override {
+    // Get the original response info, but override the SSL info.
+    net::URLRequestJob::GetResponseInfo(info);
+    info->ssl_info.cert = GetTestCert();
+    info->ssl_info.cert_status = kTestCertError;
+    info->ssl_info.security_bits = kTestSecurityBits;
+    info->ssl_info.connection_status = kTestConnectionStatus;
+  }
+
+ private:
+  ~MockHTTPSURLRequestJob() override {}
+
+  DISALLOW_COPY_AND_ASSIGN(MockHTTPSURLRequestJob);
+};
+
+class MockHTTPSJobURLRequestInterceptor : public net::URLRequestInterceptor {
+ public:
+  MockHTTPSJobURLRequestInterceptor() {}
+  ~MockHTTPSJobURLRequestInterceptor() override {}
+
+  // net::URLRequestInterceptor:
+  net::URLRequestJob* MaybeInterceptRequest(
+      net::URLRequest* request,
+      net::NetworkDelegate* network_delegate) const override {
+    return new MockHTTPSURLRequestJob(request, network_delegate,
+                                      net::URLRequestTestJob::test_headers(),
+                                      "dummy response", true);
+  }
+};
+
 // Arbitrary read buffer size.
 const int kReadBufSize = 1024;
 
 // Dummy implementation of ResourceHandler, instance of which is needed to
 // initialize ResourceLoader.
 class ResourceHandlerStub : public ResourceHandler {
  public:
   explicit ResourceHandlerStub(net::URLRequest* request)
       : ResourceHandler(request),
         read_buffer_(new net::IOBuffer(kReadBufSize)),
@@ skipping 354 matching lines @@
   scoped_ptr<ResourceLoader> loader_;
 };
 
 class ClientCertResourceLoaderTest : public ResourceLoaderTest {
  protected:
   net::URLRequestJobFactory::ProtocolHandler* CreateProtocolHandler() override {
     return new MockClientCertJobProtocolHandler;
   }
 };
 
+// A ResourceLoaderTest that intercepts https://example.test URLs and
+// sets SSL info on the responses.
+class HTTPSSecurityInfoResourceLoaderTest : public ResourceLoaderTest {
+ public:
+  HTTPSSecurityInfoResourceLoaderTest()
+      : ResourceLoaderTest(), test_https_url_("https://example.test") {}
+
+  ~HTTPSSecurityInfoResourceLoaderTest() override {}
+
+  const GURL& test_https_url() { return test_https_url_; }
+
+ protected:
+  void SetUp() override {
+    ResourceLoaderTest::SetUp();
+    net::URLRequestFilter::GetInstance()->AddHostnameInterceptor(
+        "https", "example.test", scoped_ptr<net::URLRequestInterceptor>(
+                                     new MockHTTPSJobURLRequestInterceptor));
+  }
+
+ private:
+  const GURL test_https_url_;
+};
+
 // Tests that client certificates are requested with ClientCertStore lookup.
 TEST_F(ClientCertResourceLoaderTest, WithStoreLookup) {
   // Set up the test client cert store.
   int store_request_count;
   std::vector<std::string> store_requested_authorities;
   net::CertificateList dummy_certs(1, scoped_refptr<net::X509Certificate>(
       new net::X509Certificate("test", "test", base::Time(), base::Time())));
   scoped_ptr<ClientCertStoreStub> test_store(new ClientCertStoreStub(
       dummy_certs, &store_request_count, &store_requested_authorities));
   resource_context_.SetClientCertStore(test_store.Pass());
@@ skipping 435 matching lines @@
   std::string contents;
   ASSERT_TRUE(base::ReadFileToString(temp_path(), &contents));
   EXPECT_EQ(test_data(), contents);
 
   // Release the loader. The file should be gone now.
   ReleaseLoader();
   base::RunLoop().RunUntilIdle();
   EXPECT_FALSE(base::PathExists(temp_path()));
 }
 
+// Test that an HTTPS resource has the expected security info attached
+// to it.
+TEST_F(HTTPSSecurityInfoResourceLoaderTest, SecurityInfoOnHTTPSResource) {
+  // Start the request and wait for it to finish.
+  scoped_ptr<net::URLRequest> request(
+      resource_context_.GetRequestContext()->CreateRequest(
+          test_https_url(), net::DEFAULT_PRIORITY, nullptr /* delegate */));
+  SetUpResourceLoader(request.Pass());
+
+  // Send the request and wait until it completes.
+  loader_->StartRequest();
+  base::RunLoop().RunUntilIdle();
+  ASSERT_EQ(net::URLRequestStatus::SUCCESS,
+            raw_ptr_to_request_->status().status());
+  ASSERT_TRUE(raw_ptr_resource_handler_->received_response_completed());
+
+  ResourceResponse* response = raw_ptr_resource_handler_->response();
+  ASSERT_TRUE(response);
+
+  // Deserialize the security info from the response and check that it
+  // is as expected.
+  SSLStatus deserialized;
+  ASSERT_TRUE(
+      DeserializeSecurityInfo(response->head.security_info, &deserialized));
+
+  // Expect a BROKEN security style because the cert status has errors.
+  EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATION_BROKEN,
+            deserialized.security_style);
+  scoped_refptr<net::X509Certificate> cert;
+  ASSERT_TRUE(
+      CertStore::GetInstance()->RetrieveCert(deserialized.cert_id, &cert));
+  EXPECT_TRUE(cert->Equals(GetTestCert().get()));
+
+  EXPECT_EQ(kTestCertError, deserialized.cert_status);
+  EXPECT_EQ(kTestConnectionStatus, deserialized.connection_status);
+  EXPECT_EQ(kTestSecurityBits, deserialized.security_bits);
+}
+
 }  // namespace content