Attach security info to redirect responses

content/browser/loader/resource_loader_unittest.cc

 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/browser/loader/resource_loader.h"
 
 #include "base/files/file.h"
 #include "base/files/file_util.h"
 #include "base/location.h"
 #include "base/macros.h"
@@ skipping 194 matching lines @@
     info->ssl_info.security_bits = kTestSecurityBits;
     info->ssl_info.connection_status = kTestConnectionStatus;
   }
 
  private:
   ~MockHTTPSURLRequestJob() override {}
 
   DISALLOW_COPY_AND_ASSIGN(MockHTTPSURLRequestJob);
 };
 
+const char kRedirectHeaders[] =
+    "HTTP/1.1 302 MOVED\0"

[davidben, 2015/08/12 16:33:41]

Nit: It seems "Found" is the canonical description.

https://tools.ietf.org/html/rfc7231#section-6.4.3

(Not that we're remotely consistent here:
https://code.google.com/p/chromium/codesearch#search/&q=HTTP/1.1%5C%20302&sq=...
)

[estark, 2015/08/12 16:42:26]

Done.

+    "Location: https://example.test\0"
+    "\0";
+
 class MockHTTPSJobURLRequestInterceptor : public net::URLRequestInterceptor {
  public:
-  MockHTTPSJobURLRequestInterceptor() {}
+  MockHTTPSJobURLRequestInterceptor(bool redirect) : redirect_(redirect) {}
   ~MockHTTPSJobURLRequestInterceptor() override {}
 
   // net::URLRequestInterceptor:
   net::URLRequestJob* MaybeInterceptRequest(
       net::URLRequest* request,
       net::NetworkDelegate* network_delegate) const override {
-    return new MockHTTPSURLRequestJob(request, network_delegate,
-                                      net::URLRequestTestJob::test_headers(),
+    std::string headers =
+        redirect_ ? std::string(kRedirectHeaders, arraysize(kRedirectHeaders))
+                  : net::URLRequestTestJob::test_headers();
+    return new MockHTTPSURLRequestJob(request, network_delegate, headers,
                                       "dummy response", true);
   }
+
+ private:
+  bool redirect_;
 };
 
 // Arbitrary read buffer size.
 const int kReadBufSize = 1024;
 
 // Dummy implementation of ResourceHandler, instance of which is needed to
 // initialize ResourceLoader.
 class ResourceHandlerStub : public ResourceHandler {
  public:
   explicit ResourceHandlerStub(net::URLRequest* request)
       : ResourceHandler(request),
         read_buffer_(new net::IOBuffer(kReadBufSize)),
         defer_request_on_will_start_(false),
         expect_reads_(true),
         cancel_on_read_completed_(false),
         defer_eof_(false),
         received_on_will_read_(false),
         received_eof_(false),
         received_response_completed_(false),
+        received_request_redirected_(false),
         total_bytes_downloaded_(0),
-        upload_position_(0) {
-  }
+        upload_position_(0) {}
 
   // If true, defers the resource load in OnWillStart.
   void set_defer_request_on_will_start(bool defer_request_on_will_start) {
     defer_request_on_will_start_ = defer_request_on_will_start;
   }
 
   // If true, expect OnWillRead / OnReadCompleted pairs for handling
   // data. Otherwise, expect OnDataDownloaded.
   void set_expect_reads(bool expect_reads) { expect_reads_ = expect_reads; }
 
   // If true, cancel the request in OnReadCompleted by returning false.
   void set_cancel_on_read_completed(bool cancel_on_read_completed) {
     cancel_on_read_completed_ = cancel_on_read_completed;
   }
 
   // If true, cancel the request in OnReadCompleted by returning false.
   void set_defer_eof(bool defer_eof) { defer_eof_ = defer_eof; }
 
   const GURL& start_url() const { return start_url_; }
   ResourceResponse* response() const { return response_.get(); }
+  ResourceResponse* redirect_response() const {
+    return redirect_response_.get();
+  }
   bool received_response_completed() const {
     return received_response_completed_;
   }
+  bool received_request_redirected() const {
+    return received_request_redirected_;
+  }
   const net::URLRequestStatus& status() const { return status_; }
   int total_bytes_downloaded() const { return total_bytes_downloaded_; }
 
   void Resume() {
     controller()->Resume();
   }
 
   // Waits until OnUploadProgress is called and returns the upload position.
   uint64 WaitForUploadProgress() {
     wait_for_progress_loop_.reset(new base::RunLoop());
     wait_for_progress_loop_->Run();
     wait_for_progress_loop_.reset();
     return upload_position_;
   }
 
   // ResourceHandler implementation:
   bool OnUploadProgress(uint64 position, uint64 size) override {
     EXPECT_LE(position, size);
     EXPECT_GT(position, upload_position_);
     upload_position_ = position;
     if (wait_for_progress_loop_)
       wait_for_progress_loop_->Quit();
     return true;
   }
 
   bool OnRequestRedirected(const net::RedirectInfo& redirect_info,
                            ResourceResponse* response,
                            bool* defer) override {
-    NOTREACHED();
+    redirect_response_ = response;
+    received_request_redirected_ = true;
     return true;
   }
 
   bool OnResponseStarted(ResourceResponse* response, bool* defer) override {
     EXPECT_FALSE(response_.get());
     response_ = response;
     return true;
   }
 
   bool OnWillStart(const GURL& url, bool* defer) override {
@@ skipping 59 matching lines @@
  private:
   scoped_refptr<net::IOBuffer> read_buffer_;
 
   bool defer_request_on_will_start_;
   bool expect_reads_;
   bool cancel_on_read_completed_;
   bool defer_eof_;
 
   GURL start_url_;
   scoped_refptr<ResourceResponse> response_;
+  scoped_refptr<ResourceResponse> redirect_response_;
   bool received_on_will_read_;
   bool received_eof_;
   bool received_response_completed_;
+  bool received_request_redirected_;
   net::URLRequestStatus status_;
   int total_bytes_downloaded_;
   scoped_ptr<base::RunLoop> wait_for_progress_loop_;
   uint64 upload_position_;
 };
 
 // Test browser client that captures calls to SelectClientCertificates and
 // records the arguments of the most recent call for later inspection.
 class SelectCertificateBrowserClient : public TestContentBrowserClient {
  public:
@@ skipping 200 matching lines @@
   scoped_ptr<ResourceLoader> loader_;
 };
 
 class ClientCertResourceLoaderTest : public ResourceLoaderTest {
  protected:
   net::URLRequestJobFactory::ProtocolHandler* CreateProtocolHandler() override {
     return new MockClientCertJobProtocolHandler;
   }
 };
 
-// A ResourceLoaderTest that intercepts https://example.test URLs and
-// sets SSL info on the responses.
+// A ResourceLoaderTest that intercepts https://example.test and
+// https://example-redirect.test URLs and sets SSL info on the
+// responses. The latter serves a Location: header in the response.
 class HTTPSSecurityInfoResourceLoaderTest : public ResourceLoaderTest {
  public:
   HTTPSSecurityInfoResourceLoaderTest()
-      : ResourceLoaderTest(), test_https_url_("https://example.test") {}
+      : ResourceLoaderTest(),
+        test_https_url_("https://example.test"),
+        test_https_redirect_url_("https://example-redirect.test") {}
 
   ~HTTPSSecurityInfoResourceLoaderTest() override {}
 
-  const GURL& test_https_url() { return test_https_url_; }
+  const GURL& test_https_url() const { return test_https_url_; }
+  const GURL& test_https_redirect_url() const {
+    return test_https_redirect_url_;
+  }
 
  protected:
   void SetUp() override {
     ResourceLoaderTest::SetUp();
+    net::URLRequestFilter::GetInstance()->ClearHandlers();
     net::URLRequestFilter::GetInstance()->AddHostnameInterceptor(
-        "https", "example.test", scoped_ptr<net::URLRequestInterceptor>(
-                                     new MockHTTPSJobURLRequestInterceptor));
+        "https", "example.test",
+        scoped_ptr<net::URLRequestInterceptor>(
+            new MockHTTPSJobURLRequestInterceptor(false /* redirect */)));
+    net::URLRequestFilter::GetInstance()->AddHostnameInterceptor(
+        "https", "example-redirect.test",
+        scoped_ptr<net::URLRequestInterceptor>(
+            new MockHTTPSJobURLRequestInterceptor(true /* redirect */)));
   }
 
- private:

[davidben, 2015/08/12 16:33:41]

Stray removal? (Looks like you added an accessor anyway.)

[estark, 2015/08/12 16:42:26]

Done.

   const GURL test_https_url_;
+  const GURL test_https_redirect_url_;
 };
 
 // Tests that client certificates are requested with ClientCertStore lookup.
 TEST_F(ClientCertResourceLoaderTest, WithStoreLookup) {
   // Set up the test client cert store.
   int store_request_count;
   std::vector<std::string> store_requested_authorities;
   net::CertificateList dummy_certs(1, scoped_refptr<net::X509Certificate>(
       new net::X509Certificate("test", "test", base::Time(), base::Time())));
   scoped_ptr<ClientCertStoreStub> test_store(new ClientCertStoreStub(
@@ skipping 475 matching lines @@
   scoped_refptr<net::X509Certificate> cert;
   ASSERT_TRUE(
       CertStore::GetInstance()->RetrieveCert(deserialized.cert_id, &cert));
   EXPECT_TRUE(cert->Equals(GetTestCert().get()));
 
   EXPECT_EQ(kTestCertError, deserialized.cert_status);
   EXPECT_EQ(kTestConnectionStatus, deserialized.connection_status);
   EXPECT_EQ(kTestSecurityBits, deserialized.security_bits);
 }
 
+// Test that an HTTPS redirect response has the expected security info
+// attached to it.
+TEST_F(HTTPSSecurityInfoResourceLoaderTest,
+       SecurityInfoOnHTTPSRedirectResource) {
+  // Start the request and wait for it to finish.
+  scoped_ptr<net::URLRequest> request(
+      resource_context_.GetRequestContext()->CreateRequest(
+          test_https_redirect_url(), net::DEFAULT_PRIORITY,
+          nullptr /* delegate */));
+  SetUpResourceLoader(request.Pass());
+
+  // Send the request and wait until it completes.
+  loader_->StartRequest();
+  base::RunLoop().RunUntilIdle();
+  ASSERT_EQ(net::URLRequestStatus::SUCCESS,
+            raw_ptr_to_request_->status().status());
+  ASSERT_TRUE(raw_ptr_resource_handler_->received_response_completed());
+  ASSERT_TRUE(raw_ptr_resource_handler_->received_request_redirected());
+
+  ResourceResponse* redirect_response =
+      raw_ptr_resource_handler_->redirect_response();
+  ASSERT_TRUE(redirect_response);
+
+  // Deserialize the security info from the redirect response and check
+  // that it is as expected.
+  SSLStatus deserialized;
+  ASSERT_TRUE(DeserializeSecurityInfo(redirect_response->head.security_info,
+                                      &deserialized));
+
+  // Expect a BROKEN security style because the cert status has errors.
+  EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATION_BROKEN,
+            deserialized.security_style);
+  scoped_refptr<net::X509Certificate> cert;
+  ASSERT_TRUE(
+      CertStore::GetInstance()->RetrieveCert(deserialized.cert_id, &cert));
+  EXPECT_TRUE(cert->Equals(GetTestCert().get()));
+
+  EXPECT_EQ(kTestCertError, deserialized.cert_status);
+  EXPECT_EQ(kTestConnectionStatus, deserialized.connection_status);
+  EXPECT_EQ(kTestSecurityBits, deserialized.security_bits);
+}
+
 }  // namespace content