Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(207)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/browser/loader/resource_loader_unittest.cc

Issue 1244863003: Attach a SecurityStyle to each request in ResourceLoader (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: update forgotten SerializeSecurityInfo() callsite Created 5 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« content/browser/loader/resource_loader.cc ('K') | « content/browser/loader/resource_loader.cc ('k') | content/browser/ssl/ssl_manager.h » ('j') | content/browser/ssl/ssl_manager.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/browser/loader/resource_loader_unittest.cc
diff --git a/content/browser/loader/resource_loader_unittest.cc b/content/browser/loader/resource_loader_unittest.cc
index 7b4000e3e3344ff3dbb4114d3b5eae8c2c5f3c6c..14ee69b784479c82f7f7ee209f2011214209e94c 100644
--- a/content/browser/loader/resource_loader_unittest.cc
+++ b/content/browser/loader/resource_loader_unittest.cc
@@ -14,6 +14,8 @@
#include "content/browser/browser_thread_impl.h"
#include "content/browser/loader/redirect_to_file_resource_handler.h"
#include "content/browser/loader/resource_loader_delegate.h"
+#include "content/common/ssl_status_serialization.h"
+#include "content/public/browser/cert_store.h"
#include "content/public/browser/client_certificate_delegate.h"
#include "content/public/browser/resource_request_info.h"
#include "content/public/common/content_paths.h"
@@ -30,12 +32,16 @@
#include "net/base/mock_file_stream.h"
#include "net/base/net_errors.h"
#include "net/base/request_priority.h"
+#include "net/base/test_data_directory.h"
#include "net/base/upload_bytes_element_reader.h"
#include "net/cert/x509_certificate.h"
#include "net/ssl/client_cert_store.h"
#include "net/ssl/ssl_cert_request_info.h"
+#include "net/test/cert_test_util.h"
#include "net/test/embedded_test_server/embedded_test_server.h"
#include "net/url_request/url_request.h"
+#include "net/url_request/url_request_filter.h"
+#include "net/url_request/url_request_interceptor.h"
#include "net/url_request/url_request_job_factory.h"
#include "net/url_request/url_request_job_factory_impl.h"
#include "net/url_request/url_request_test_job.h"
@@ -164,6 +170,63 @@ class MockClientCertJobProtocolHandler
}
};
+// Set up dummy values to use in test HTTPS requests.
+
+scoped_refptr<net::X509Certificate> GetTestCert() {
+ return net::ImportCertFromFile(net::GetTestCertsDirectory(),
+ "test_mail_google_com.pem");
+}
+
+const net::CertStatus kTestCertError = net::CERT_STATUS_DATE_INVALID;
+const int kTestSecurityBits = 256;
+// SSL3 TLS_DHE_RSA_WITH_AES_256_CBC_SHA
+const int kTestConnectionStatus = 0x300039;
+
+// A mock URLRequestJob which simulates an HTTPS request.
+class MockHTTPSURLRequestJob : public net::URLRequestTestJob {
+ public:
+ MockHTTPSURLRequestJob(net::URLRequest* request,
+ net::NetworkDelegate* network_delegate,
+ const std::string& response_headers,
+ const std::string& response_data,
+ bool auto_advance)
+ : net::URLRequestTestJob(request,
+ network_delegate,
+ response_headers,
+ response_data,
+ auto_advance) {}
+
+ // net::URLRequestTestJob:
+ void GetResponseInfo(net::HttpResponseInfo* info) override {
+ // Get the original response info, but override the SSL info.
+ net::URLRequestJob::GetResponseInfo(info);
+ info->ssl_info.cert = GetTestCert();
+ info->ssl_info.cert_status = kTestCertError;
+ info->ssl_info.security_bits = kTestSecurityBits;
+ info->ssl_info.connection_status = kTestConnectionStatus;
+ }
+
+ private:
+ ~MockHTTPSURLRequestJob() override {}
+
+ DISALLOW_COPY_AND_ASSIGN(MockHTTPSURLRequestJob);
+};
+
+class MockHTTPSJobURLRequestInterceptor : public net::URLRequestInterceptor {
+ public:
+ MockHTTPSJobURLRequestInterceptor() {}
+ ~MockHTTPSJobURLRequestInterceptor() override {}
+
+ // net::URLRequestInterceptor:
+ net::URLRequestJob* MaybeInterceptRequest(
+ net::URLRequest* request,
+ net::NetworkDelegate* network_delegate) const override {
+ return new MockHTTPSURLRequestJob(request, network_delegate,
+ net::URLRequestTestJob::test_headers(),
+ "dummy response", true);
+ }
+};
+
// Arbitrary read buffer size.
const int kReadBufSize = 1024;
@@ -538,6 +601,29 @@ class ClientCertResourceLoaderTest : public ResourceLoaderTest {
}
};
+// A ResourceLoaderTest that intercepts https://example.test URLs and
+// sets SSL info on the responses.
+class HTTPSSecurityInfoResourceLoaderTest : public ResourceLoaderTest {
+ public:
+ HTTPSSecurityInfoResourceLoaderTest()
+ : ResourceLoaderTest(), test_https_url_("https://example.test") {}
+
+ ~HTTPSSecurityInfoResourceLoaderTest() override {}
+
+ const GURL& test_https_url() { return test_https_url_; }
+
+ protected:
+ void SetUp() override {
+ ResourceLoaderTest::SetUp();
+ net::URLRequestFilter::GetInstance()->AddHostnameInterceptor(
+ "https", "example.test", scoped_ptr<net::URLRequestInterceptor>(
+ new MockHTTPSJobURLRequestInterceptor));
+ }
+
+ private:
+ const GURL test_https_url_;
+};
+
// Tests that client certificates are requested with ClientCertStore lookup.
TEST_F(ClientCertResourceLoaderTest, WithStoreLookup) {
// Set up the test client cert store.
@@ -993,4 +1079,42 @@ TEST_F(ResourceLoaderRedirectToFileTest, DownstreamDeferStart) {
EXPECT_FALSE(base::PathExists(temp_path()));
}
+// Test that an HTTPS resource has the expected security info attached
+// to it.
+TEST_F(HTTPSSecurityInfoResourceLoaderTest, SecurityInfoOnHTTPSResource) {
+ // Start the request and wait for it to finish.
+ scoped_ptr<net::URLRequest> request(
+ resource_context_.GetRequestContext()->CreateRequest(
+ test_https_url(), net::DEFAULT_PRIORITY, nullptr /* delegate */));
+ SetUpResourceLoader(request.Pass());
+
+ // Send the request and wait until it completes.
+ loader_->StartRequest();
+ base::RunLoop().RunUntilIdle();
+ ASSERT_EQ(net::URLRequestStatus::SUCCESS,
+ raw_ptr_to_request_->status().status());
+ ASSERT_TRUE(raw_ptr_resource_handler_->received_response_completed());
+
+ ResourceResponse* response = raw_ptr_resource_handler_->response();
+ ASSERT_TRUE(response);
+
+ // Deserialize the security info from the response and check that it
+ // is as expected.
+ SSLStatus deserialized;
+ ASSERT_TRUE(
+ DeserializeSecurityInfo(response->head.security_info, &deserialized));
+
+ // Expect a BROKEN security style because the cert status has errors.
+ EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATION_BROKEN,
+ deserialized.security_style);
+ scoped_refptr<net::X509Certificate> cert;
+ ASSERT_TRUE(
+ CertStore::GetInstance()->RetrieveCert(deserialized.cert_id, &cert));
+ EXPECT_TRUE(cert->Equals(GetTestCert().get()));
+
+ EXPECT_EQ(kTestCertError, deserialized.cert_status);
+ EXPECT_EQ(kTestConnectionStatus, deserialized.connection_status);
+ EXPECT_EQ(kTestSecurityBits, deserialized.security_bits);
+}
+
} // namespace content
« content/browser/loader/resource_loader.cc ('K') | « content/browser/loader/resource_loader.cc ('k') | content/browser/ssl/ssl_manager.h » ('j') | content/browser/ssl/ssl_manager.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698