OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <utility> | 5 #include <utility> |
6 | 6 |
7 #include "build/build_config.h" | 7 #include "build/build_config.h" |
8 | 8 |
9 #if defined(OS_WIN) | 9 #if defined(OS_WIN) |
10 #include <windows.h> | 10 #include <windows.h> |
(...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
52 #include "net/base/load_timing_info_test_util.h" | 52 #include "net/base/load_timing_info_test_util.h" |
53 #include "net/base/net_errors.h" | 53 #include "net/base/net_errors.h" |
54 #include "net/base/net_module.h" | 54 #include "net/base/net_module.h" |
55 #include "net/base/network_quality_estimator.h" | 55 #include "net/base/network_quality_estimator.h" |
56 #include "net/base/request_priority.h" | 56 #include "net/base/request_priority.h" |
57 #include "net/base/test_data_directory.h" | 57 #include "net/base/test_data_directory.h" |
58 #include "net/base/upload_bytes_element_reader.h" | 58 #include "net/base/upload_bytes_element_reader.h" |
59 #include "net/base/upload_data_stream.h" | 59 #include "net/base/upload_data_stream.h" |
60 #include "net/base/upload_file_element_reader.h" | 60 #include "net/base/upload_file_element_reader.h" |
61 #include "net/base/url_util.h" | 61 #include "net/base/url_util.h" |
| 62 #include "net/cert/ct_policy_status.h" |
| 63 #include "net/cert/ct_verifier.h" |
| 64 #include "net/cert/ct_verify_result.h" |
62 #include "net/cert/ev_root_ca_metadata.h" | 65 #include "net/cert/ev_root_ca_metadata.h" |
63 #include "net/cert/mock_cert_verifier.h" | 66 #include "net/cert/mock_cert_verifier.h" |
64 #include "net/cert/test_root_certs.h" | 67 #include "net/cert/test_root_certs.h" |
65 #include "net/cert_net/nss_ocsp.h" | 68 #include "net/cert_net/nss_ocsp.h" |
66 #include "net/cookies/cookie_monster.h" | 69 #include "net/cookies/cookie_monster.h" |
67 #include "net/cookies/cookie_store_test_helpers.h" | 70 #include "net/cookies/cookie_store_test_helpers.h" |
68 #include "net/disk_cache/disk_cache.h" | 71 #include "net/disk_cache/disk_cache.h" |
69 #include "net/dns/mock_host_resolver.h" | 72 #include "net/dns/mock_host_resolver.h" |
70 #include "net/http/http_byte_range.h" | 73 #include "net/http/http_byte_range.h" |
71 #include "net/http/http_cache.h" | 74 #include "net/http/http_cache.h" |
(...skipping 59 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
131 | 134 |
132 namespace { | 135 namespace { |
133 | 136 |
134 const base::string16 kChrome(ASCIIToUTF16("chrome")); | 137 const base::string16 kChrome(ASCIIToUTF16("chrome")); |
135 const base::string16 kSecret(ASCIIToUTF16("secret")); | 138 const base::string16 kSecret(ASCIIToUTF16("secret")); |
136 const base::string16 kUser(ASCIIToUTF16("user")); | 139 const base::string16 kUser(ASCIIToUTF16("user")); |
137 | 140 |
138 const base::FilePath::CharType kTestFilePath[] = | 141 const base::FilePath::CharType kTestFilePath[] = |
139 FILE_PATH_LITERAL("net/data/url_request_unittest"); | 142 FILE_PATH_LITERAL("net/data/url_request_unittest"); |
140 | 143 |
| 144 const char kExpectCTStaticHostname[] = "preloaded-expect-ct.badssl.com"; |
| 145 |
141 #if !defined(DISABLE_FTP_SUPPORT) && !defined(OS_ANDROID) | 146 #if !defined(DISABLE_FTP_SUPPORT) && !defined(OS_ANDROID) |
142 // Test file used in most FTP tests. | 147 // Test file used in most FTP tests. |
143 const char kFtpTestFile[] = "BullRunSpeech.txt"; | 148 const char kFtpTestFile[] = "BullRunSpeech.txt"; |
144 #endif | 149 #endif |
145 | 150 |
146 // Tests load timing information in the case a fresh connection was used, with | 151 // Tests load timing information in the case a fresh connection was used, with |
147 // no proxy. | 152 // no proxy. |
148 void TestLoadTimingNotReused(const LoadTimingInfo& load_timing_info, | 153 void TestLoadTimingNotReused(const LoadTimingInfo& load_timing_info, |
149 int connect_timing_flags) { | 154 int connect_timing_flags) { |
150 EXPECT_FALSE(load_timing_info.socket_reused); | 155 EXPECT_FALSE(load_timing_info.socket_reused); |
(...skipping 6083 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
6234 // Android's CertVerifyProc does not (yet) handle pins. | 6239 // Android's CertVerifyProc does not (yet) handle pins. |
6235 #else | 6240 #else |
6236 EXPECT_TRUE(pkp_state.HasPublicKeyPins()); | 6241 EXPECT_TRUE(pkp_state.HasPublicKeyPins()); |
6237 #endif | 6242 #endif |
6238 EXPECT_NE(sts_state.expiry, pkp_state.expiry); | 6243 EXPECT_NE(sts_state.expiry, pkp_state.expiry); |
6239 | 6244 |
6240 EXPECT_TRUE(sts_state.include_subdomains); | 6245 EXPECT_TRUE(sts_state.include_subdomains); |
6241 EXPECT_FALSE(pkp_state.include_subdomains); | 6246 EXPECT_FALSE(pkp_state.include_subdomains); |
6242 } | 6247 } |
6243 | 6248 |
| 6249 // An ExpectCTReporter that records the number of times OnExpectCTFailed() was |
| 6250 // called. |
| 6251 class MockExpectCTReporter : public TransportSecurityState::ExpectCTReporter { |
| 6252 public: |
| 6253 MockExpectCTReporter() : num_failures_(0) {} |
| 6254 ~MockExpectCTReporter() override {} |
| 6255 |
| 6256 void OnExpectCTFailed(const HostPortPair& host_port_pair, |
| 6257 const GURL& report_uri, |
| 6258 const net::SSLInfo& ssl_info) override { |
| 6259 num_failures_++; |
| 6260 } |
| 6261 |
| 6262 uint32_t num_failures() { return num_failures_; } |
| 6263 |
| 6264 private: |
| 6265 uint32_t num_failures_; |
| 6266 }; |
| 6267 |
| 6268 // A CTVerifier that returns net::OK for every certificate. |
| 6269 class MockCTVerifier : public CTVerifier { |
| 6270 public: |
| 6271 MockCTVerifier() {} |
| 6272 ~MockCTVerifier() override {} |
| 6273 |
| 6274 int Verify(X509Certificate* cert, |
| 6275 const std::string& stapled_ocsp_response, |
| 6276 const std::string& sct_list_from_tls_extension, |
| 6277 ct::CTVerifyResult* result, |
| 6278 const BoundNetLog& net_log) override { |
| 6279 return net::OK; |
| 6280 } |
| 6281 |
| 6282 void SetObserver(Observer* observer) override {} |
| 6283 }; |
| 6284 |
| 6285 // A CTPolicyEnforcer that returns a default CertPolicyCompliance value |
| 6286 // for every certificate. |
| 6287 class MockCTPolicyEnforcer : public CTPolicyEnforcer { |
| 6288 public: |
| 6289 MockCTPolicyEnforcer() |
| 6290 : default_result_( |
| 6291 ct::CertPolicyCompliance::CERT_POLICY_COMPLIES_VIA_SCTS) {} |
| 6292 ~MockCTPolicyEnforcer() override {} |
| 6293 |
| 6294 ct::CertPolicyCompliance DoesConformToCertPolicy( |
| 6295 X509Certificate* cert, |
| 6296 const SCTList& verified_scts, |
| 6297 const BoundNetLog& net_log) override { |
| 6298 return default_result_; |
| 6299 } |
| 6300 |
| 6301 void set_default_result(ct::CertPolicyCompliance default_result) { |
| 6302 default_result_ = default_result; |
| 6303 } |
| 6304 |
| 6305 private: |
| 6306 ct::CertPolicyCompliance default_result_; |
| 6307 }; |
| 6308 |
| 6309 // Tests that Expect CT headers are processed correctly. |
| 6310 TEST_F(URLRequestTestHTTP, ExpectCTHeader) { |
| 6311 EmbeddedTestServer https_test_server(net::EmbeddedTestServer::TYPE_HTTPS); |
| 6312 https_test_server.SetSSLConfig( |
| 6313 net::EmbeddedTestServer::CERT_COMMON_NAME_IS_DOMAIN); |
| 6314 https_test_server.ServeFilesFromSourceDirectory( |
| 6315 base::FilePath(kTestFilePath)); |
| 6316 ASSERT_TRUE(https_test_server.Start()); |
| 6317 |
| 6318 MockExpectCTReporter reporter; |
| 6319 TransportSecurityState transport_security_state; |
| 6320 transport_security_state.enable_static_expect_ct_ = true; |
| 6321 transport_security_state.SetExpectCTReporter(&reporter); |
| 6322 |
| 6323 // Set up a MockCertVerifier to accept the certificate that the server sends. |
| 6324 scoped_refptr<X509Certificate> cert = https_test_server.GetCertificate(); |
| 6325 ASSERT_TRUE(cert); |
| 6326 MockCertVerifier cert_verifier; |
| 6327 CertVerifyResult verify_result; |
| 6328 verify_result.verified_cert = cert; |
| 6329 verify_result.is_issued_by_known_root = true; |
| 6330 cert_verifier.AddResultForCert(cert.get(), verify_result, OK); |
| 6331 |
| 6332 // Set up a MockCTVerifier and MockCTPolicyEnforcer to trigger an Expect CT |
| 6333 // violation. |
| 6334 MockCTVerifier ct_verifier; |
| 6335 MockCTPolicyEnforcer ct_policy_enforcer; |
| 6336 ct_policy_enforcer.set_default_result( |
| 6337 ct::CertPolicyCompliance::CERT_POLICY_NOT_ENOUGH_SCTS); |
| 6338 |
| 6339 TestNetworkDelegate network_delegate; |
| 6340 // Use a MockHostResolver (which by default maps all hosts to |
| 6341 // 127.0.0.1) so that the request can be sent to a site on the Expect |
| 6342 // CT preload list. |
| 6343 MockHostResolver host_resolver; |
| 6344 TestURLRequestContext context(true); |
| 6345 context.set_host_resolver(&host_resolver); |
| 6346 context.set_transport_security_state(&transport_security_state); |
| 6347 context.set_network_delegate(&network_delegate); |
| 6348 context.set_cert_verifier(&cert_verifier); |
| 6349 context.set_cert_transparency_verifier(&ct_verifier); |
| 6350 context.set_ct_policy_enforcer(&ct_policy_enforcer); |
| 6351 context.Init(); |
| 6352 |
| 6353 // Now send a request to trigger the violation. |
| 6354 TestDelegate d; |
| 6355 GURL url = https_test_server.GetURL("/expect-ct-header.html"); |
| 6356 GURL::Replacements replace_host; |
| 6357 replace_host.SetHostStr(kExpectCTStaticHostname); |
| 6358 url = url.ReplaceComponents(replace_host); |
| 6359 scoped_ptr<URLRequest> violating_request( |
| 6360 context.CreateRequest(url, DEFAULT_PRIORITY, &d)); |
| 6361 violating_request->Start(); |
| 6362 base::RunLoop().Run(); |
| 6363 |
| 6364 EXPECT_EQ(1u, reporter.num_failures()); |
| 6365 } |
| 6366 |
6244 #endif // !defined(OS_IOS) | 6367 #endif // !defined(OS_IOS) |
6245 | 6368 |
6246 TEST_F(URLRequestTestHTTP, ContentTypeNormalizationTest) { | 6369 TEST_F(URLRequestTestHTTP, ContentTypeNormalizationTest) { |
6247 ASSERT_TRUE(http_test_server()->Start()); | 6370 ASSERT_TRUE(http_test_server()->Start()); |
6248 | 6371 |
6249 TestDelegate d; | 6372 TestDelegate d; |
6250 scoped_ptr<URLRequest> req(default_context_.CreateRequest( | 6373 scoped_ptr<URLRequest> req(default_context_.CreateRequest( |
6251 http_test_server()->GetURL("/content-type-normalization.html"), | 6374 http_test_server()->GetURL("/content-type-normalization.html"), |
6252 DEFAULT_PRIORITY, &d)); | 6375 DEFAULT_PRIORITY, &d)); |
6253 req->Start(); | 6376 req->Start(); |
(...skipping 3641 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
9895 AddTestInterceptor()->set_main_intercept_job(std::move(job)); | 10018 AddTestInterceptor()->set_main_intercept_job(std::move(job)); |
9896 | 10019 |
9897 req->Start(); | 10020 req->Start(); |
9898 req->Cancel(); | 10021 req->Cancel(); |
9899 base::RunLoop().RunUntilIdle(); | 10022 base::RunLoop().RunUntilIdle(); |
9900 EXPECT_EQ(URLRequestStatus::CANCELED, req->status().status()); | 10023 EXPECT_EQ(URLRequestStatus::CANCELED, req->status().status()); |
9901 EXPECT_EQ(0, d.received_redirect_count()); | 10024 EXPECT_EQ(0, d.received_redirect_count()); |
9902 } | 10025 } |
9903 | 10026 |
9904 } // namespace net | 10027 } // namespace net |
OLD | NEW |