Index: chrome/browser/ssl/chrome_fraudulent_certificate_reporter_unittest.cc |
diff --git a/chrome/browser/ssl/chrome_fraudulent_certificate_reporter_unittest.cc b/chrome/browser/ssl/chrome_fraudulent_certificate_reporter_unittest.cc |
deleted file mode 100644 |
index 4f81a6b47aba7f540880446120802d2ab15284ac..0000000000000000000000000000000000000000 |
--- a/chrome/browser/ssl/chrome_fraudulent_certificate_reporter_unittest.cc |
+++ /dev/null |
@@ -1,213 +0,0 @@ |
-// Copyright (c) 2012 The Chromium Authors. All rights reserved. |
-// Use of this source code is governed by a BSD-style license that can be |
-// found in the LICENSE file. |
- |
-#include "chrome/browser/ssl/chrome_fraudulent_certificate_reporter.h" |
- |
-#include <string> |
- |
-#include "base/bind.h" |
-#include "base/files/file_path.h" |
-#include "base/location.h" |
-#include "base/memory/scoped_ptr.h" |
-#include "base/message_loop/message_loop.h" |
-#include "base/single_thread_task_runner.h" |
-#include "base/synchronization/waitable_event.h" |
-#include "base/threading/thread.h" |
-#include "chrome/browser/net/certificate_error_reporter.h" |
-#include "content/public/test/test_browser_thread.h" |
-#include "net/base/request_priority.h" |
-#include "net/base/test_data_directory.h" |
-#include "net/cert/x509_certificate.h" |
-#include "net/http/transport_security_state.h" |
-#include "net/ssl/ssl_info.h" |
-#include "net/test/cert_test_util.h" |
-#include "net/url_request/certificate_report_sender.h" |
-#include "net/url_request/fraudulent_certificate_reporter.h" |
-#include "net/url_request/url_request.h" |
-#include "net/url_request/url_request_context.h" |
-#include "net/url_request/url_request_test_util.h" |
-#include "testing/gtest/include/gtest/gtest.h" |
- |
-using chrome_browser_net::CertificateErrorReporter; |
-using content::BrowserThread; |
-using net::SSLInfo; |
- |
-namespace { |
- |
-const uint32 kServerPublicKeyVersion = 1; |
-const uint8 kServerPublicKey[32] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; |
- |
-// Builds an SSLInfo from an invalid cert chain. In this case, the cert is |
-// expired; what matters is that the cert would not pass even a normal |
-// sanity check. We test that we DO NOT send a fraudulent certificate report |
-// in this case. |
-static SSLInfo GetBadSSLInfo() { |
- SSLInfo info; |
- |
- info.cert = |
- net::ImportCertFromFile(net::GetTestCertsDirectory(), "expired_cert.pem"); |
- info.cert_status = net::CERT_STATUS_DATE_INVALID; |
- info.is_issued_by_known_root = false; |
- |
- return info; |
-} |
- |
-// Builds an SSLInfo from a "good" cert chain, as defined by IsGoodSSLInfo, |
-// but which does not pass DomainState::IsChainOfPublicKeysPermitted. In this |
-// case, the certificate is for mail.google.com, signed by our Chrome test |
-// CA. During testing, Chrome believes this CA is part of the root system |
-// store. But, this CA is not in the pin list; we test that we DO send a |
-// fraudulent certicate report in this case. |
-static SSLInfo GetGoodSSLInfo() { |
- SSLInfo info; |
- |
- info.cert = net::ImportCertFromFile(net::GetTestCertsDirectory(), |
- "test_mail_google_com.pem"); |
- info.is_issued_by_known_root = true; |
- |
- return info; |
-} |
- |
-// Checks that |info| is good as required by the SSL checks performed in |
-// URLRequestHttpJob::OnStartCompleted, which are enough to trigger pin |
-// checking but not sufficient to pass |
-// DomainState::IsChainOfPublicKeysPermitted. |
-static bool IsGoodSSLInfo(const SSLInfo& info) { |
- return info.is_valid() && info.is_issued_by_known_root; |
-} |
- |
-class TestReporter : public ChromeFraudulentCertificateReporter { |
- public: |
- explicit TestReporter(net::URLRequestContext* request_context) |
- : ChromeFraudulentCertificateReporter(request_context) {} |
-}; |
- |
-class SendingTestReporter : public TestReporter { |
- public: |
- explicit SendingTestReporter(net::URLRequestContext* request_context) |
- : TestReporter(request_context), passed_(false) {} |
- |
- // Passes if invoked with a good SSLInfo and for a hostname that is a Google |
- // pinned property. |
- void SendReport(const std::string& hostname, |
- const SSLInfo& ssl_info) override { |
- EXPECT_TRUE(IsGoodSSLInfo(ssl_info)); |
- EXPECT_TRUE(net::TransportSecurityState::IsGooglePinnedProperty(hostname)); |
- passed_ = true; |
- } |
- |
- ~SendingTestReporter() override { |
- // If the object is destroyed without having its SendReport method invoked, |
- // we failed. |
- EXPECT_TRUE(passed_); |
- } |
- |
- bool passed_; |
-}; |
- |
-class NotSendingTestReporter : public TestReporter { |
- public: |
- explicit NotSendingTestReporter(net::URLRequestContext* request_context) |
- : TestReporter(request_context) {} |
- |
- // Passes if invoked with a bad SSLInfo and for a hostname that is not a |
- // Google pinned property. |
- void SendReport(const std::string& hostname, |
- const SSLInfo& ssl_info) override { |
- EXPECT_FALSE(IsGoodSSLInfo(ssl_info)); |
- EXPECT_FALSE(net::TransportSecurityState::IsGooglePinnedProperty(hostname)); |
- } |
-}; |
- |
-class MockCertificateReportSender : public net::CertificateReportSender { |
- public: |
- MockCertificateReportSender( |
- net::URLRequestContext* request_context, |
- net::CertificateReportSender::CookiesPreference cookies_preference) |
- : net::CertificateReportSender(request_context, cookies_preference) {} |
- |
- private: |
- scoped_ptr<net::URLRequest> CreateURLRequest( |
- net::URLRequestContext* context, |
- const GURL& report_uri) override { |
- return context->CreateRequest(GURL(std::string()), net::DEFAULT_PRIORITY, |
- NULL); |
- } |
-}; |
- |
-// A CertificateErrorReporter that uses a MockURLRequest, but is |
-// otherwise normal: reports are constructed and sent in the usual way. |
-class MockReporter : public CertificateErrorReporter { |
- public: |
- explicit MockReporter(net::URLRequestContext* request_context) |
- : CertificateErrorReporter( |
- GURL("http://example.com"), |
- kServerPublicKey, |
- kServerPublicKeyVersion, |
- scoped_ptr<net::CertificateReportSender>( |
- new MockCertificateReportSender( |
- request_context, |
- net::CertificateReportSender::DO_NOT_SEND_COOKIES))) {} |
- |
- void SendPinningViolationReport( |
- const std::string& serialized_report) override { |
- EXPECT_FALSE(serialized_report.empty()); |
- CertificateErrorReporter::SendPinningViolationReport(serialized_report); |
- } |
-}; |
- |
-static void DoReportIsSent() { |
- net::TestURLRequestContext context; |
- SendingTestReporter reporter(&context); |
- SSLInfo info = GetGoodSSLInfo(); |
- reporter.SendReport("mail.google.com", info); |
-} |
- |
-static void DoReportIsNotSent() { |
- net::TestURLRequestContext context; |
- NotSendingTestReporter reporter(&context); |
- SSLInfo info = GetBadSSLInfo(); |
- reporter.SendReport("www.example.com", info); |
-} |
- |
-static void DoMockReportIsSent() { |
- net::TestURLRequestContext context; |
- scoped_ptr<MockReporter> error_reporter(new MockReporter(&context)); |
- ChromeFraudulentCertificateReporter reporter(error_reporter.Pass()); |
- SSLInfo info = GetGoodSSLInfo(); |
- reporter.SendReport("mail.google.com", info); |
-} |
- |
-TEST(ChromeFraudulentCertificateReporterTest, GoodBadInfo) { |
- SSLInfo good = GetGoodSSLInfo(); |
- EXPECT_TRUE(IsGoodSSLInfo(good)); |
- |
- SSLInfo bad = GetBadSSLInfo(); |
- EXPECT_FALSE(IsGoodSSLInfo(bad)); |
-} |
- |
-TEST(ChromeFraudulentCertificateReporterTest, ReportIsSent) { |
- base::MessageLoopForIO loop; |
- content::TestBrowserThread io_thread(BrowserThread::IO, &loop); |
- loop.task_runner()->PostTask(FROM_HERE, base::Bind(&DoReportIsSent)); |
- loop.RunUntilIdle(); |
-} |
- |
-TEST(ChromeFraudulentCertificateReporterTest, MockReportIsSent) { |
- base::MessageLoopForIO loop; |
- content::TestBrowserThread io_thread(BrowserThread::IO, &loop); |
- loop.task_runner()->PostTask(FROM_HERE, base::Bind(&DoMockReportIsSent)); |
- loop.RunUntilIdle(); |
-} |
- |
-TEST(ChromeFraudulentCertificateReporterTest, ReportIsNotSent) { |
- base::MessageLoopForIO loop; |
- content::TestBrowserThread io_thread(BrowserThread::IO, &loop); |
- loop.task_runner()->PostTask(FROM_HERE, base::Bind(&DoReportIsNotSent)); |
- loop.RunUntilIdle(); |
-} |
- |
-} // namespace |