OLD | NEW |
| (Empty) |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "chrome/browser/ssl/chrome_fraudulent_certificate_reporter.h" | |
6 | |
7 #include <string> | |
8 | |
9 #include "base/bind.h" | |
10 #include "base/files/file_path.h" | |
11 #include "base/location.h" | |
12 #include "base/memory/scoped_ptr.h" | |
13 #include "base/message_loop/message_loop.h" | |
14 #include "base/single_thread_task_runner.h" | |
15 #include "base/synchronization/waitable_event.h" | |
16 #include "base/threading/thread.h" | |
17 #include "chrome/browser/net/certificate_error_reporter.h" | |
18 #include "content/public/test/test_browser_thread.h" | |
19 #include "net/base/request_priority.h" | |
20 #include "net/base/test_data_directory.h" | |
21 #include "net/cert/x509_certificate.h" | |
22 #include "net/http/transport_security_state.h" | |
23 #include "net/ssl/ssl_info.h" | |
24 #include "net/test/cert_test_util.h" | |
25 #include "net/url_request/certificate_report_sender.h" | |
26 #include "net/url_request/fraudulent_certificate_reporter.h" | |
27 #include "net/url_request/url_request.h" | |
28 #include "net/url_request/url_request_context.h" | |
29 #include "net/url_request/url_request_test_util.h" | |
30 #include "testing/gtest/include/gtest/gtest.h" | |
31 | |
32 using chrome_browser_net::CertificateErrorReporter; | |
33 using content::BrowserThread; | |
34 using net::SSLInfo; | |
35 | |
36 namespace { | |
37 | |
38 const uint32 kServerPublicKeyVersion = 1; | |
39 const uint8 kServerPublicKey[32] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, | |
40 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, | |
41 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; | |
42 | |
43 // Builds an SSLInfo from an invalid cert chain. In this case, the cert is | |
44 // expired; what matters is that the cert would not pass even a normal | |
45 // sanity check. We test that we DO NOT send a fraudulent certificate report | |
46 // in this case. | |
47 static SSLInfo GetBadSSLInfo() { | |
48 SSLInfo info; | |
49 | |
50 info.cert = | |
51 net::ImportCertFromFile(net::GetTestCertsDirectory(), "expired_cert.pem"); | |
52 info.cert_status = net::CERT_STATUS_DATE_INVALID; | |
53 info.is_issued_by_known_root = false; | |
54 | |
55 return info; | |
56 } | |
57 | |
58 // Builds an SSLInfo from a "good" cert chain, as defined by IsGoodSSLInfo, | |
59 // but which does not pass DomainState::IsChainOfPublicKeysPermitted. In this | |
60 // case, the certificate is for mail.google.com, signed by our Chrome test | |
61 // CA. During testing, Chrome believes this CA is part of the root system | |
62 // store. But, this CA is not in the pin list; we test that we DO send a | |
63 // fraudulent certicate report in this case. | |
64 static SSLInfo GetGoodSSLInfo() { | |
65 SSLInfo info; | |
66 | |
67 info.cert = net::ImportCertFromFile(net::GetTestCertsDirectory(), | |
68 "test_mail_google_com.pem"); | |
69 info.is_issued_by_known_root = true; | |
70 | |
71 return info; | |
72 } | |
73 | |
74 // Checks that |info| is good as required by the SSL checks performed in | |
75 // URLRequestHttpJob::OnStartCompleted, which are enough to trigger pin | |
76 // checking but not sufficient to pass | |
77 // DomainState::IsChainOfPublicKeysPermitted. | |
78 static bool IsGoodSSLInfo(const SSLInfo& info) { | |
79 return info.is_valid() && info.is_issued_by_known_root; | |
80 } | |
81 | |
82 class TestReporter : public ChromeFraudulentCertificateReporter { | |
83 public: | |
84 explicit TestReporter(net::URLRequestContext* request_context) | |
85 : ChromeFraudulentCertificateReporter(request_context) {} | |
86 }; | |
87 | |
88 class SendingTestReporter : public TestReporter { | |
89 public: | |
90 explicit SendingTestReporter(net::URLRequestContext* request_context) | |
91 : TestReporter(request_context), passed_(false) {} | |
92 | |
93 // Passes if invoked with a good SSLInfo and for a hostname that is a Google | |
94 // pinned property. | |
95 void SendReport(const std::string& hostname, | |
96 const SSLInfo& ssl_info) override { | |
97 EXPECT_TRUE(IsGoodSSLInfo(ssl_info)); | |
98 EXPECT_TRUE(net::TransportSecurityState::IsGooglePinnedProperty(hostname)); | |
99 passed_ = true; | |
100 } | |
101 | |
102 ~SendingTestReporter() override { | |
103 // If the object is destroyed without having its SendReport method invoked, | |
104 // we failed. | |
105 EXPECT_TRUE(passed_); | |
106 } | |
107 | |
108 bool passed_; | |
109 }; | |
110 | |
111 class NotSendingTestReporter : public TestReporter { | |
112 public: | |
113 explicit NotSendingTestReporter(net::URLRequestContext* request_context) | |
114 : TestReporter(request_context) {} | |
115 | |
116 // Passes if invoked with a bad SSLInfo and for a hostname that is not a | |
117 // Google pinned property. | |
118 void SendReport(const std::string& hostname, | |
119 const SSLInfo& ssl_info) override { | |
120 EXPECT_FALSE(IsGoodSSLInfo(ssl_info)); | |
121 EXPECT_FALSE(net::TransportSecurityState::IsGooglePinnedProperty(hostname)); | |
122 } | |
123 }; | |
124 | |
125 class MockCertificateReportSender : public net::CertificateReportSender { | |
126 public: | |
127 MockCertificateReportSender( | |
128 net::URLRequestContext* request_context, | |
129 net::CertificateReportSender::CookiesPreference cookies_preference) | |
130 : net::CertificateReportSender(request_context, cookies_preference) {} | |
131 | |
132 private: | |
133 scoped_ptr<net::URLRequest> CreateURLRequest( | |
134 net::URLRequestContext* context, | |
135 const GURL& report_uri) override { | |
136 return context->CreateRequest(GURL(std::string()), net::DEFAULT_PRIORITY, | |
137 NULL); | |
138 } | |
139 }; | |
140 | |
141 // A CertificateErrorReporter that uses a MockURLRequest, but is | |
142 // otherwise normal: reports are constructed and sent in the usual way. | |
143 class MockReporter : public CertificateErrorReporter { | |
144 public: | |
145 explicit MockReporter(net::URLRequestContext* request_context) | |
146 : CertificateErrorReporter( | |
147 GURL("http://example.com"), | |
148 kServerPublicKey, | |
149 kServerPublicKeyVersion, | |
150 scoped_ptr<net::CertificateReportSender>( | |
151 new MockCertificateReportSender( | |
152 request_context, | |
153 net::CertificateReportSender::DO_NOT_SEND_COOKIES))) {} | |
154 | |
155 void SendPinningViolationReport( | |
156 const std::string& serialized_report) override { | |
157 EXPECT_FALSE(serialized_report.empty()); | |
158 CertificateErrorReporter::SendPinningViolationReport(serialized_report); | |
159 } | |
160 }; | |
161 | |
162 static void DoReportIsSent() { | |
163 net::TestURLRequestContext context; | |
164 SendingTestReporter reporter(&context); | |
165 SSLInfo info = GetGoodSSLInfo(); | |
166 reporter.SendReport("mail.google.com", info); | |
167 } | |
168 | |
169 static void DoReportIsNotSent() { | |
170 net::TestURLRequestContext context; | |
171 NotSendingTestReporter reporter(&context); | |
172 SSLInfo info = GetBadSSLInfo(); | |
173 reporter.SendReport("www.example.com", info); | |
174 } | |
175 | |
176 static void DoMockReportIsSent() { | |
177 net::TestURLRequestContext context; | |
178 scoped_ptr<MockReporter> error_reporter(new MockReporter(&context)); | |
179 ChromeFraudulentCertificateReporter reporter(error_reporter.Pass()); | |
180 SSLInfo info = GetGoodSSLInfo(); | |
181 reporter.SendReport("mail.google.com", info); | |
182 } | |
183 | |
184 TEST(ChromeFraudulentCertificateReporterTest, GoodBadInfo) { | |
185 SSLInfo good = GetGoodSSLInfo(); | |
186 EXPECT_TRUE(IsGoodSSLInfo(good)); | |
187 | |
188 SSLInfo bad = GetBadSSLInfo(); | |
189 EXPECT_FALSE(IsGoodSSLInfo(bad)); | |
190 } | |
191 | |
192 TEST(ChromeFraudulentCertificateReporterTest, ReportIsSent) { | |
193 base::MessageLoopForIO loop; | |
194 content::TestBrowserThread io_thread(BrowserThread::IO, &loop); | |
195 loop.task_runner()->PostTask(FROM_HERE, base::Bind(&DoReportIsSent)); | |
196 loop.RunUntilIdle(); | |
197 } | |
198 | |
199 TEST(ChromeFraudulentCertificateReporterTest, MockReportIsSent) { | |
200 base::MessageLoopForIO loop; | |
201 content::TestBrowserThread io_thread(BrowserThread::IO, &loop); | |
202 loop.task_runner()->PostTask(FROM_HERE, base::Bind(&DoMockReportIsSent)); | |
203 loop.RunUntilIdle(); | |
204 } | |
205 | |
206 TEST(ChromeFraudulentCertificateReporterTest, ReportIsNotSent) { | |
207 base::MessageLoopForIO loop; | |
208 content::TestBrowserThread io_thread(BrowserThread::IO, &loop); | |
209 loop.task_runner()->PostTask(FROM_HERE, base::Bind(&DoReportIsNotSent)); | |
210 loop.RunUntilIdle(); | |
211 } | |
212 | |
213 } // namespace | |
OLD | NEW |