| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <utility> | 5 #include <utility> |
| 6 | 6 |
| 7 #include "build/build_config.h" | 7 #include "build/build_config.h" |
| 8 | 8 |
| 9 #if defined(OS_WIN) | 9 #if defined(OS_WIN) |
| 10 #include <windows.h> | 10 #include <windows.h> |
| (...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 52 #include "net/base/load_timing_info_test_util.h" | 52 #include "net/base/load_timing_info_test_util.h" |
| 53 #include "net/base/net_errors.h" | 53 #include "net/base/net_errors.h" |
| 54 #include "net/base/net_module.h" | 54 #include "net/base/net_module.h" |
| 55 #include "net/base/network_quality_estimator.h" | 55 #include "net/base/network_quality_estimator.h" |
| 56 #include "net/base/request_priority.h" | 56 #include "net/base/request_priority.h" |
| 57 #include "net/base/test_data_directory.h" | 57 #include "net/base/test_data_directory.h" |
| 58 #include "net/base/upload_bytes_element_reader.h" | 58 #include "net/base/upload_bytes_element_reader.h" |
| 59 #include "net/base/upload_data_stream.h" | 59 #include "net/base/upload_data_stream.h" |
| 60 #include "net/base/upload_file_element_reader.h" | 60 #include "net/base/upload_file_element_reader.h" |
| 61 #include "net/base/url_util.h" | 61 #include "net/base/url_util.h" |
| 62 #include "net/cert/ct_policy_status.h" |
| 63 #include "net/cert/ct_verifier.h" |
| 64 #include "net/cert/ct_verify_result.h" |
| 62 #include "net/cert/ev_root_ca_metadata.h" | 65 #include "net/cert/ev_root_ca_metadata.h" |
| 63 #include "net/cert/mock_cert_verifier.h" | 66 #include "net/cert/mock_cert_verifier.h" |
| 64 #include "net/cert/test_root_certs.h" | 67 #include "net/cert/test_root_certs.h" |
| 65 #include "net/cert_net/nss_ocsp.h" | 68 #include "net/cert_net/nss_ocsp.h" |
| 66 #include "net/cookies/cookie_monster.h" | 69 #include "net/cookies/cookie_monster.h" |
| 67 #include "net/cookies/cookie_store_test_helpers.h" | 70 #include "net/cookies/cookie_store_test_helpers.h" |
| 68 #include "net/disk_cache/disk_cache.h" | 71 #include "net/disk_cache/disk_cache.h" |
| 69 #include "net/dns/mock_host_resolver.h" | 72 #include "net/dns/mock_host_resolver.h" |
| 70 #include "net/http/http_byte_range.h" | 73 #include "net/http/http_byte_range.h" |
| 71 #include "net/http/http_cache.h" | 74 #include "net/http/http_cache.h" |
| (...skipping 59 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 131 | 134 |
| 132 namespace { | 135 namespace { |
| 133 | 136 |
| 134 const base::string16 kChrome(ASCIIToUTF16("chrome")); | 137 const base::string16 kChrome(ASCIIToUTF16("chrome")); |
| 135 const base::string16 kSecret(ASCIIToUTF16("secret")); | 138 const base::string16 kSecret(ASCIIToUTF16("secret")); |
| 136 const base::string16 kUser(ASCIIToUTF16("user")); | 139 const base::string16 kUser(ASCIIToUTF16("user")); |
| 137 | 140 |
| 138 const base::FilePath::CharType kTestFilePath[] = | 141 const base::FilePath::CharType kTestFilePath[] = |
| 139 FILE_PATH_LITERAL("net/data/url_request_unittest"); | 142 FILE_PATH_LITERAL("net/data/url_request_unittest"); |
| 140 | 143 |
| 144 const char kExpectCTStaticHostname[] = "preloaded-expect-ct.badssl.com"; |
| 145 |
| 141 #if !defined(DISABLE_FTP_SUPPORT) && !defined(OS_ANDROID) | 146 #if !defined(DISABLE_FTP_SUPPORT) && !defined(OS_ANDROID) |
| 142 // Test file used in most FTP tests. | 147 // Test file used in most FTP tests. |
| 143 const char kFtpTestFile[] = "BullRunSpeech.txt"; | 148 const char kFtpTestFile[] = "BullRunSpeech.txt"; |
| 144 #endif | 149 #endif |
| 145 | 150 |
| 146 // Tests load timing information in the case a fresh connection was used, with | 151 // Tests load timing information in the case a fresh connection was used, with |
| 147 // no proxy. | 152 // no proxy. |
| 148 void TestLoadTimingNotReused(const LoadTimingInfo& load_timing_info, | 153 void TestLoadTimingNotReused(const LoadTimingInfo& load_timing_info, |
| 149 int connect_timing_flags) { | 154 int connect_timing_flags) { |
| 150 EXPECT_FALSE(load_timing_info.socket_reused); | 155 EXPECT_FALSE(load_timing_info.socket_reused); |
| (...skipping 6083 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 6234 // Android's CertVerifyProc does not (yet) handle pins. | 6239 // Android's CertVerifyProc does not (yet) handle pins. |
| 6235 #else | 6240 #else |
| 6236 EXPECT_TRUE(pkp_state.HasPublicKeyPins()); | 6241 EXPECT_TRUE(pkp_state.HasPublicKeyPins()); |
| 6237 #endif | 6242 #endif |
| 6238 EXPECT_NE(sts_state.expiry, pkp_state.expiry); | 6243 EXPECT_NE(sts_state.expiry, pkp_state.expiry); |
| 6239 | 6244 |
| 6240 EXPECT_TRUE(sts_state.include_subdomains); | 6245 EXPECT_TRUE(sts_state.include_subdomains); |
| 6241 EXPECT_FALSE(pkp_state.include_subdomains); | 6246 EXPECT_FALSE(pkp_state.include_subdomains); |
| 6242 } | 6247 } |
| 6243 | 6248 |
| 6249 // An ExpectCTReporter that records the number of times OnExpectCTFailed() was |
| 6250 // called. |
| 6251 class MockExpectCTReporter : public TransportSecurityState::ExpectCTReporter { |
| 6252 public: |
| 6253 MockExpectCTReporter() : num_failures_(0) {} |
| 6254 ~MockExpectCTReporter() override {} |
| 6255 |
| 6256 void OnExpectCTFailed(const HostPortPair& host_port_pair, |
| 6257 const GURL& report_uri, |
| 6258 const net::SSLInfo& ssl_info) override { |
| 6259 num_failures_++; |
| 6260 } |
| 6261 |
| 6262 uint32_t num_failures() { return num_failures_; } |
| 6263 |
| 6264 private: |
| 6265 uint32_t num_failures_; |
| 6266 }; |
| 6267 |
| 6268 // A CTVerifier that returns net::OK for every certificate. |
| 6269 class MockCTVerifier : public CTVerifier { |
| 6270 public: |
| 6271 MockCTVerifier() {} |
| 6272 ~MockCTVerifier() override {} |
| 6273 |
| 6274 int Verify(X509Certificate* cert, |
| 6275 const std::string& stapled_ocsp_response, |
| 6276 const std::string& sct_list_from_tls_extension, |
| 6277 ct::CTVerifyResult* result, |
| 6278 const BoundNetLog& net_log) override { |
| 6279 return net::OK; |
| 6280 } |
| 6281 |
| 6282 void SetObserver(Observer* observer) override {} |
| 6283 }; |
| 6284 |
| 6285 // A CTPolicyEnforcer that returns a default CertPolicyCompliance value |
| 6286 // for every certificate. |
| 6287 class MockCTPolicyEnforcer : public CTPolicyEnforcer { |
| 6288 public: |
| 6289 MockCTPolicyEnforcer() |
| 6290 : default_result_( |
| 6291 ct::CertPolicyCompliance::CERT_POLICY_COMPLIES_VIA_SCTS) {} |
| 6292 ~MockCTPolicyEnforcer() override {} |
| 6293 |
| 6294 ct::CertPolicyCompliance DoesConformToCertPolicy( |
| 6295 X509Certificate* cert, |
| 6296 const SCTList& verified_scts, |
| 6297 const BoundNetLog& net_log) override { |
| 6298 return default_result_; |
| 6299 } |
| 6300 |
| 6301 void set_default_result(ct::CertPolicyCompliance default_result) { |
| 6302 default_result_ = default_result; |
| 6303 } |
| 6304 |
| 6305 private: |
| 6306 ct::CertPolicyCompliance default_result_; |
| 6307 }; |
| 6308 |
| 6309 // Tests that Expect CT headers are processed correctly. |
| 6310 TEST_F(URLRequestTestHTTP, ExpectCTHeader) { |
| 6311 EmbeddedTestServer https_test_server(net::EmbeddedTestServer::TYPE_HTTPS); |
| 6312 https_test_server.SetSSLConfig( |
| 6313 net::EmbeddedTestServer::CERT_COMMON_NAME_IS_DOMAIN); |
| 6314 https_test_server.ServeFilesFromSourceDirectory( |
| 6315 base::FilePath(kTestFilePath)); |
| 6316 ASSERT_TRUE(https_test_server.Start()); |
| 6317 |
| 6318 MockExpectCTReporter reporter; |
| 6319 TransportSecurityState transport_security_state; |
| 6320 transport_security_state.enable_static_expect_ct_ = true; |
| 6321 transport_security_state.SetExpectCTReporter(&reporter); |
| 6322 |
| 6323 // Set up a MockCertVerifier to accept the certificate that the server sends. |
| 6324 scoped_refptr<X509Certificate> cert = https_test_server.GetCertificate(); |
| 6325 ASSERT_TRUE(cert); |
| 6326 MockCertVerifier cert_verifier; |
| 6327 CertVerifyResult verify_result; |
| 6328 verify_result.verified_cert = cert; |
| 6329 verify_result.is_issued_by_known_root = true; |
| 6330 cert_verifier.AddResultForCert(cert.get(), verify_result, OK); |
| 6331 |
| 6332 // Set up a MockCTVerifier and MockCTPolicyEnforcer to trigger an Expect CT |
| 6333 // violation. |
| 6334 MockCTVerifier ct_verifier; |
| 6335 MockCTPolicyEnforcer ct_policy_enforcer; |
| 6336 ct_policy_enforcer.set_default_result( |
| 6337 ct::CertPolicyCompliance::CERT_POLICY_NOT_ENOUGH_SCTS); |
| 6338 |
| 6339 TestNetworkDelegate network_delegate; |
| 6340 // Use a MockHostResolver (which by default maps all hosts to |
| 6341 // 127.0.0.1) so that the request can be sent to a site on the Expect |
| 6342 // CT preload list. |
| 6343 MockHostResolver host_resolver; |
| 6344 TestURLRequestContext context(true); |
| 6345 context.set_host_resolver(&host_resolver); |
| 6346 context.set_transport_security_state(&transport_security_state); |
| 6347 context.set_network_delegate(&network_delegate); |
| 6348 context.set_cert_verifier(&cert_verifier); |
| 6349 context.set_cert_transparency_verifier(&ct_verifier); |
| 6350 context.set_ct_policy_enforcer(&ct_policy_enforcer); |
| 6351 context.Init(); |
| 6352 |
| 6353 // Now send a request to trigger the violation. |
| 6354 TestDelegate d; |
| 6355 GURL url = https_test_server.GetURL("/expect-ct-header.html"); |
| 6356 GURL::Replacements replace_host; |
| 6357 replace_host.SetHostStr(kExpectCTStaticHostname); |
| 6358 url = url.ReplaceComponents(replace_host); |
| 6359 scoped_ptr<URLRequest> violating_request( |
| 6360 context.CreateRequest(url, DEFAULT_PRIORITY, &d)); |
| 6361 violating_request->Start(); |
| 6362 base::RunLoop().Run(); |
| 6363 |
| 6364 EXPECT_EQ(1u, reporter.num_failures()); |
| 6365 } |
| 6366 |
| 6244 #endif // !defined(OS_IOS) | 6367 #endif // !defined(OS_IOS) |
| 6245 | 6368 |
| 6246 TEST_F(URLRequestTestHTTP, ContentTypeNormalizationTest) { | 6369 TEST_F(URLRequestTestHTTP, ContentTypeNormalizationTest) { |
| 6247 ASSERT_TRUE(http_test_server()->Start()); | 6370 ASSERT_TRUE(http_test_server()->Start()); |
| 6248 | 6371 |
| 6249 TestDelegate d; | 6372 TestDelegate d; |
| 6250 scoped_ptr<URLRequest> req(default_context_.CreateRequest( | 6373 scoped_ptr<URLRequest> req(default_context_.CreateRequest( |
| 6251 http_test_server()->GetURL("/content-type-normalization.html"), | 6374 http_test_server()->GetURL("/content-type-normalization.html"), |
| 6252 DEFAULT_PRIORITY, &d)); | 6375 DEFAULT_PRIORITY, &d)); |
| 6253 req->Start(); | 6376 req->Start(); |
| (...skipping 3641 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 9895 AddTestInterceptor()->set_main_intercept_job(std::move(job)); | 10018 AddTestInterceptor()->set_main_intercept_job(std::move(job)); |
| 9896 | 10019 |
| 9897 req->Start(); | 10020 req->Start(); |
| 9898 req->Cancel(); | 10021 req->Cancel(); |
| 9899 base::RunLoop().RunUntilIdle(); | 10022 base::RunLoop().RunUntilIdle(); |
| 9900 EXPECT_EQ(URLRequestStatus::CANCELED, req->status().status()); | 10023 EXPECT_EQ(URLRequestStatus::CANCELED, req->status().status()); |
| 9901 EXPECT_EQ(0, d.received_redirect_count()); | 10024 EXPECT_EQ(0, d.received_redirect_count()); |
| 9902 } | 10025 } |
| 9903 | 10026 |
| 9904 } // namespace net | 10027 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1579063002:
Implement a skeleton version of Expect CT reports (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master