Certificate Transparency: Fetching consistency proofs.

components/certificate_transparency/log_proof_fetcher_unittest.cc

Index: components/certificate_transparency/log_proof_fetcher_unittest.cc
diff --git a/components/certificate_transparency/log_proof_fetcher_unittest.cc b/components/certificate_transparency/log_proof_fetcher_unittest.cc
index f6caa3beb98bfd091dff8a772d4e987fe5a60abf..2f6e389220a1ce6cfd1a92286cad1d6fb26d6f4a 100644
--- a/components/certificate_transparency/log_proof_fetcher_unittest.cc
+++ b/components/certificate_transparency/log_proof_fetcher_unittest.cc
@@ -25,11 +25,11 @@ namespace certificate_transparency {
 
 namespace {
 
-const char kGetSTHHeaders[] =
+const char kGetResponseHeaders[] =
     "HTTP/1.1 200 OK\n"
     "Content-Type: application/json; charset=ISO-8859-1\n";
 
-const char kGetSTHNotFoundHeaders[] =
+const char kGetResponseNotFoundHeaders[] =
     "HTTP/1.1 404 Not Found\n"
     "Content-Type: text/html; charset=iso-8859-1\n";
 
@@ -38,9 +38,17 @@ const char kLogHost[] = "ct.log.example.com";
 const char kLogPathPrefix[] = "somelog";
 const char kLogID[] = "some_id";
 
-class FetchSTHTestJob : public net::URLRequestTestJob {
+// Nodes returned will be 'a' * 32 for node_id 0, 'b' * 32 for node_id 1 and
+// so forth.
+std::string GetDummyConsistencyProofNode(size_t node_id) {
+  return std::string(32, 'a' + node_id);

[svaldez, 2015/11/12 20:11:03]

Consider hashing the node_id or some alternative dummy values so that
kDummyConsistencyProofLength doesn't have to be constrained by this
implementation.

[Eran Messeri, 2015/11/16 13:39:46]

Done.

+}
+
+const size_t kDummyConsistencyProofLength = 4;
+
+class LogFetchTestJob : public net::URLRequestTestJob {
  public:
-  FetchSTHTestJob(const std::string& get_sth_data,
+  LogFetchTestJob(const std::string& get_sth_data,

[svaldez, 2015/11/12 20:11:03]

nit: Rename to something more general. get_log_data/get_log_headers

[Eran Messeri, 2015/11/16 13:39:46]

Done.

                   const std::string& get_sth_headers,
                   net::URLRequest* request,
                   net::NetworkDelegate* network_delegate)
@@ -54,7 +62,7 @@ class FetchSTHTestJob : public net::URLRequestTestJob {
   void set_async_io(bool async_io) { async_io_ = async_io; }
 
  private:
-  ~FetchSTHTestJob() override {}
+  ~LogFetchTestJob() override {}
 
   bool NextReadAsync() override {
     // Response with indication of async IO only once, otherwise the final
@@ -73,26 +81,38 @@ class FetchSTHTestJob : public net::URLRequestTestJob {
 
   bool async_io_;
 
-  DISALLOW_COPY_AND_ASSIGN(FetchSTHTestJob);
+  DISALLOW_COPY_AND_ASSIGN(LogFetchTestJob);
 };
 
-class GetSTHResponseHandler : public net::URLRequestInterceptor {
+class LogGetResponseHandler : public net::URLRequestInterceptor {
  public:
-  GetSTHResponseHandler()
+  LogGetResponseHandler()
       : async_io_(false),
         response_body_(""),
         response_headers_(
-            std::string(kGetSTHHeaders, arraysize(kGetSTHHeaders))) {}
-  ~GetSTHResponseHandler() override {}
+            std::string(kGetResponseHeaders, arraysize(kGetResponseHeaders))) {}
+  ~LogGetResponseHandler() override {}
 
   // URLRequestInterceptor implementation:
   net::URLRequestJob* MaybeInterceptRequest(
       net::URLRequest* request,
       net::NetworkDelegate* network_delegate) const override {
-    std::string expected_url = base::StringPrintf(
-        "%s://%s/%s/ct/v1/get-sth", kLogSchema, kLogHost, kLogPathPrefix);
+    std::string base_expected_url = base::StringPrintf(
+        "%s://%s/%s/ct/v1/", kLogSchema, kLogHost, kLogPathPrefix);
+
+    std::string expected_url;
+    if (expected_old_tree_size_ == 0 && expected_new_tree_size_ == 0) {
+      // Expecting get-sth
+      expected_url = base_expected_url + std::string("get-sth");
+    } else {
+      // Expecting get-consistency-proof
+      expected_url =
+          base_expected_url +
+          base::StringPrintf("get-sth-consistency?first=%lu&second=%lu",
+                             expected_old_tree_size_, expected_new_tree_size_);
+    }
     EXPECT_EQ(GURL(expected_url), request->url());
-    FetchSTHTestJob* job = new FetchSTHTestJob(
+    LogFetchTestJob* job = new LogFetchTestJob(
         response_body_, response_headers_, request, network_delegate);
     job->set_async_io(async_io_);
     return job;
@@ -106,6 +126,12 @@ class GetSTHResponseHandler : public net::URLRequestInterceptor {
     response_headers_ = response_headers;
   }
 
+  void set_expect_get_consistency_proof(size_t expected_old_tree_size,
+                                        size_t expected_new_tree_size) {
+    expected_old_tree_size_ = expected_old_tree_size;
+    expected_new_tree_size_ = expected_new_tree_size;
+  }
+
   void set_async_io(bool async_io) { async_io_ = async_io; }
 
  private:
@@ -113,7 +139,10 @@ class GetSTHResponseHandler : public net::URLRequestInterceptor {
   std::string response_body_;
   std::string response_headers_;
 
-  DISALLOW_COPY_AND_ASSIGN(GetSTHResponseHandler);
+  size_t expected_old_tree_size_;
+  size_t expected_new_tree_size_;
+
+  DISALLOW_COPY_AND_ASSIGN(LogGetResponseHandler);
 };
 
 class RecordFetchCallbackInvocations {
@@ -146,6 +175,19 @@ class RecordFetchCallbackInvocations {
               sth.signature.signature_data);
   }
 
+  void ConsistencyProofFetched(
+      const std::string& log_id,
+      const std::vector<std::string>& consistency_proof) {
+    ASSERT_TRUE(expect_success_);
+    ASSERT_FALSE(invoked_);
+    invoked_ = true;
+    EXPECT_EQ(kDummyConsistencyProofLength, consistency_proof.size());
+    for (size_t i = 0; i < kDummyConsistencyProofLength; ++i) {
+      EXPECT_EQ(GetDummyConsistencyProofNode(i), consistency_proof[i])
+          << " node: " << i;
+    }
+  }
+
   void FetchingFailed(const std::string& log_id,
                       int net_error,
                       int http_response_code) {
@@ -179,7 +221,7 @@ class LogProofFetcherTest : public ::testing::Test {
                                     kLogSchema,
                                     kLogHost,
                                     kLogPathPrefix)) {
-    scoped_ptr<GetSTHResponseHandler> handler(new GetSTHResponseHandler());
+    scoped_ptr<LogGetResponseHandler> handler(new LogGetResponseHandler());
     handler_ = handler.get();
 
     net::URLRequestFilter::GetInstance()->AddHostnameInterceptor(
@@ -200,6 +242,7 @@ class LogProofFetcherTest : public ::testing::Test {
   }
 
   void RunFetcherWithCallback(RecordFetchCallbackInvocations* callback) {
+    handler_->set_expect_get_consistency_proof(0, 0);
     fetcher_->FetchSignedTreeHead(
         log_url_, kLogID,
         base::Bind(&RecordFetchCallbackInvocations::STHFetched,
@@ -209,12 +252,26 @@ class LogProofFetcherTest : public ::testing::Test {
     message_loop_.RunUntilIdle();
   }
 
+  void RunGetConsistencyFetcherWithCallback(
+      RecordFetchCallbackInvocations* callback) {
+    const int kOldTree = 5;
+    const int kNewTree = 8;

[svaldez, 2015/11/12 20:11:03]

nit: size_t

[Eran Messeri, 2015/11/16 13:39:46]

Done.

+    handler_->set_expect_get_consistency_proof(kOldTree, kNewTree);
+    fetcher_->FetchConsistencyProof(
+        log_url_, kLogID, kOldTree, kNewTree,
+        base::Bind(&RecordFetchCallbackInvocations::ConsistencyProofFetched,
+                   base::Unretained(callback)),
+        base::Bind(&RecordFetchCallbackInvocations::FetchingFailed,
+                   base::Unretained(callback)));
+    message_loop_.RunUntilIdle();
+  }
+
   base::MessageLoopForIO message_loop_;
   net::TestURLRequestContext context_;
   safe_json::TestingJsonParser::ScopedFactoryOverride factory_override_;
   scoped_ptr<LogProofFetcher> fetcher_;
   const GURL log_url_;
-  GetSTHResponseHandler* handler_;
+  LogGetResponseHandler* handler_;
 };
 
 TEST_F(LogProofFetcherTest, TestValidGetReply) {
@@ -291,8 +348,8 @@ TEST_F(LogProofFetcherTest, TestLogReplyIsExactlyMaxSize) {
 }
 
 TEST_F(LogProofFetcherTest, TestLogRepliesWithHttpError) {
-  handler_->set_response_headers(
-      std::string(kGetSTHNotFoundHeaders, arraysize(kGetSTHNotFoundHeaders)));
+  handler_->set_response_headers(std::string(
+      kGetResponseNotFoundHeaders, arraysize(kGetResponseNotFoundHeaders)));
 
   RecordFetchCallbackInvocations callback(false);
   RunFetcherWithCallback(&callback);
@@ -302,6 +359,32 @@ TEST_F(LogProofFetcherTest, TestLogRepliesWithHttpError) {
   EXPECT_EQ(net::HTTP_NOT_FOUND, callback.http_response_code());
 }
 
+TEST_F(LogProofFetcherTest, TestInvalidGetConsistencyReplyInvalidJSON) {
+  std::string consistency_proof_reply_data = "{\"consistency\": [1,2]}";
+  handler_->set_response_body(consistency_proof_reply_data);
+
+  RecordFetchCallbackInvocations callback(false);
+  RunGetConsistencyFetcherWithCallback(&callback);
+
+  ASSERT_TRUE(callback.invoked());
+  EXPECT_EQ(net::ERR_CT_CONSISTENCY_PROOF_PARSING_FAILED, callback.net_error());

[svaldez, 2015/11/12 20:11:03]

Check the callback response code?

[Eran Messeri, 2015/11/16 13:39:46]

Done.

+}
+
+TEST_F(LogProofFetcherTest, TestInvalidGetConsistencyValidReply) {

[svaldez, 2015/11/12 20:11:03]

Should this be TestValidGetConsistency...?

Might also want to move it above the Invalid test, to match ordering of the
previous tests.

[Eran Messeri, 2015/11/16 13:39:46]

Done.

+  std::vector<std::string> proof;
+  for (size_t i = 0; i < kDummyConsistencyProofLength; ++i)
+    proof.push_back(GetDummyConsistencyProofNode(i));
+
+  std::string consistency_proof_reply_data =
+      net::ct::CreateConsistencyProofJsonString(proof);
+  handler_->set_response_body(consistency_proof_reply_data);
+
+  RecordFetchCallbackInvocations callback(true);
+  RunGetConsistencyFetcherWithCallback(&callback);
+
+  ASSERT_TRUE(callback.invoked());
+}
+
 }  // namespace
 
 }  // namespace certificate_transparency