Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(164)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/url_request/url_request_unittest.cc

Issue 1579063002: Implement a skeleton version of Expect CT reports (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: remove unnecessary (?) NET_EXPORTs Created 4 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« net/url_request/url_request_test_util.h ('K') | « net/url_request/url_request_test_util.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <utility> 5 #include <utility>
6 6
7 #include "build/build_config.h" 7 #include "build/build_config.h"
8 8
9 #if defined(OS_WIN) 9 #if defined(OS_WIN)
10 #include <windows.h> 10 #include <windows.h>
(...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after
52 #include "net/base/load_timing_info_test_util.h" 52 #include "net/base/load_timing_info_test_util.h"
53 #include "net/base/net_errors.h" 53 #include "net/base/net_errors.h"
54 #include "net/base/net_module.h" 54 #include "net/base/net_module.h"
55 #include "net/base/network_quality_estimator.h" 55 #include "net/base/network_quality_estimator.h"
56 #include "net/base/request_priority.h" 56 #include "net/base/request_priority.h"
57 #include "net/base/test_data_directory.h" 57 #include "net/base/test_data_directory.h"
58 #include "net/base/upload_bytes_element_reader.h" 58 #include "net/base/upload_bytes_element_reader.h"
59 #include "net/base/upload_data_stream.h" 59 #include "net/base/upload_data_stream.h"
60 #include "net/base/upload_file_element_reader.h" 60 #include "net/base/upload_file_element_reader.h"
61 #include "net/base/url_util.h" 61 #include "net/base/url_util.h"
62 #include "net/cert/ct_policy_status.h"
63 #include "net/cert/ct_verifier.h"
64 #include "net/cert/ct_verify_result.h"
62 #include "net/cert/ev_root_ca_metadata.h" 65 #include "net/cert/ev_root_ca_metadata.h"
63 #include "net/cert/mock_cert_verifier.h" 66 #include "net/cert/mock_cert_verifier.h"
64 #include "net/cert/test_root_certs.h" 67 #include "net/cert/test_root_certs.h"
65 #include "net/cert_net/nss_ocsp.h" 68 #include "net/cert_net/nss_ocsp.h"
66 #include "net/cookies/cookie_monster.h" 69 #include "net/cookies/cookie_monster.h"
67 #include "net/cookies/cookie_store_test_helpers.h" 70 #include "net/cookies/cookie_store_test_helpers.h"
68 #include "net/disk_cache/disk_cache.h" 71 #include "net/disk_cache/disk_cache.h"
69 #include "net/dns/mock_host_resolver.h" 72 #include "net/dns/mock_host_resolver.h"
70 #include "net/http/http_byte_range.h" 73 #include "net/http/http_byte_range.h"
71 #include "net/http/http_cache.h" 74 #include "net/http/http_cache.h"
(...skipping 5811 matching lines...) Expand 10 before | Expand all | Expand 10 after
5883 DISABLED_ProcessPKPReportOnlyWithNoViolation 5886 DISABLED_ProcessPKPReportOnlyWithNoViolation
5884 #else 5887 #else
5885 #define MAYBE_ProcessPKP ProcessPKP 5888 #define MAYBE_ProcessPKP ProcessPKP
5886 #define MAYBE_ProcessPKPAndSendReport ProcessPKPAndSendReport 5889 #define MAYBE_ProcessPKPAndSendReport ProcessPKPAndSendReport
5887 #define MAYBE_ProcessPKPReportOnly ProcessPKPReportOnly 5890 #define MAYBE_ProcessPKPReportOnly ProcessPKPReportOnly
5888 #define MAYBE_ProcessPKPReportOnlyWithNoViolation \ 5891 #define MAYBE_ProcessPKPReportOnlyWithNoViolation \
5889 ProcessPKPReportOnlyWithNoViolation 5892 ProcessPKPReportOnlyWithNoViolation
5890 #endif 5893 #endif
5891 5894
5892 namespace { 5895 namespace {
5896 const char kExpectCTStaticHostname[] = "preloaded-expect-ct.badssl.com";
5893 const char kHPKPReportUri[] = "https://hpkp-report.test"; 5897 const char kHPKPReportUri[] = "https://hpkp-report.test";
5894 } // namespace 5898 } // namespace
5895 5899
5896 // Tests that enabling HPKP on a domain does not affect the HSTS 5900 // Tests that enabling HPKP on a domain does not affect the HSTS
5897 // validity/expiration. 5901 // validity/expiration.
5898 TEST_F(URLRequestTestHTTP, MAYBE_ProcessPKP) { 5902 TEST_F(URLRequestTestHTTP, MAYBE_ProcessPKP) {
5899 GURL report_uri(kHPKPReportUri); 5903 GURL report_uri(kHPKPReportUri);
5900 EmbeddedTestServer https_test_server(net::EmbeddedTestServer::TYPE_HTTPS); 5904 EmbeddedTestServer https_test_server(net::EmbeddedTestServer::TYPE_HTTPS);
5901 https_test_server.SetSSLConfig( 5905 https_test_server.SetSSLConfig(
5902 net::EmbeddedTestServer::CERT_COMMON_NAME_IS_DOMAIN); 5906 net::EmbeddedTestServer::CERT_COMMON_NAME_IS_DOMAIN);
(...skipping 331 matching lines...) Expand 10 before | Expand all | Expand 10 after
6234 // Android's CertVerifyProc does not (yet) handle pins. 6238 // Android's CertVerifyProc does not (yet) handle pins.
6235 #else 6239 #else
6236 EXPECT_TRUE(pkp_state.HasPublicKeyPins()); 6240 EXPECT_TRUE(pkp_state.HasPublicKeyPins());
6237 #endif 6241 #endif
6238 EXPECT_NE(sts_state.expiry, pkp_state.expiry); 6242 EXPECT_NE(sts_state.expiry, pkp_state.expiry);
6239 6243
6240 EXPECT_TRUE(sts_state.include_subdomains); 6244 EXPECT_TRUE(sts_state.include_subdomains);
6241 EXPECT_FALSE(pkp_state.include_subdomains); 6245 EXPECT_FALSE(pkp_state.include_subdomains);
6242 } 6246 }
6243 6247
6248 // An ExpectCTReporter that records the number of times OnExpectCTFailed() was
6249 // called.
6250 class MockExpectCTReporter : public TransportSecurityState::ExpectCTReporter {
6251 public:
6252 MockExpectCTReporter() : num_failures_(0) {}
6253 ~MockExpectCTReporter() override {}
6254
6255 void OnExpectCTFailed(const HostPortPair& host_port_pair,
6256 const GURL& report_uri,
6257 const net::SSLInfo& ssl_info) override {
6258 num_failures_++;
6259 }
6260
6261 uint32_t num_failures() { return num_failures_; }
6262
6263 private:
6264 uint32_t num_failures_;
6265 };
6266
6267 // A CTVerifier that returns net::OK for every certificate.
6268 class MockCTVerifier : public CTVerifier {
6269 public:
6270 MockCTVerifier() {}
6271 ~MockCTVerifier() override {}
6272
6273 int Verify(X509Certificate* cert,
6274 const std::string& stapled_ocsp_response,
6275 const std::string& sct_list_from_tls_extension,
6276 ct::CTVerifyResult* result,
6277 const BoundNetLog& net_log) override {
6278 return net::OK;
6279 }
6280
6281 void SetObserver(Observer* observer) override {}
6282 };
6283
6284 // A CTPolicyEnforcer that returns a default CertPolicyCompliance value
6285 // for every certificate.
6286 class MockCTPolicyEnforcer : public CTPolicyEnforcer {
6287 public:
6288 MockCTPolicyEnforcer()
6289 : default_result_(
6290 ct::CertPolicyCompliance::CERT_POLICY_COMPLIES_VIA_SCTS) {}
6291 ~MockCTPolicyEnforcer() override {}
6292
6293 ct::CertPolicyCompliance DoesConformToCertPolicy(
6294 X509Certificate* cert,
6295 const SCTList& verified_scts,
6296 const BoundNetLog& net_log) override {
6297 return default_result_;
6298 }
6299
6300 void set_default_result(ct::CertPolicyCompliance default_result) {
6301 default_result_ = default_result;
6302 }
6303
6304 private:
6305 ct::CertPolicyCompliance default_result_;
6306 };
6307
6308 // Tests that Expect CT headers are processed correctly.
6309 TEST_F(URLRequestTestHTTP, ExpectCTHeader) {
6310 EmbeddedTestServer https_test_server(net::EmbeddedTestServer::TYPE_HTTPS);
6311 https_test_server.SetSSLConfig(
6312 net::EmbeddedTestServer::CERT_COMMON_NAME_IS_DOMAIN);
6313 https_test_server.ServeFilesFromSourceDirectory(
6314 base::FilePath(kTestFilePath));
6315 ASSERT_TRUE(https_test_server.Start());
6316
6317 MockExpectCTReporter reporter;
6318 TransportSecurityState transport_security_state;
6319 transport_security_state.enable_static_expect_ct_ = true;
6320 transport_security_state.SetExpectCTReporter(&reporter);
6321
6322 // Set up a MockCertVerifier to accept the certificate that the server sends.
6323 scoped_refptr<X509Certificate> cert = https_test_server.GetCertificate();
6324 ASSERT_TRUE(cert);
6325 MockCertVerifier cert_verifier;
6326 CertVerifyResult verify_result;
6327 verify_result.verified_cert = cert;
6328 verify_result.is_issued_by_known_root = true;
6329 cert_verifier.AddResultForCert(cert.get(), verify_result, OK);
6330
6331 // Set up a MockCTVerifier and MockCTPolicyEnforcer to trigger an Expect CT
6332 // violation.
6333 MockCTVerifier ct_verifier;
6334 MockCTPolicyEnforcer ct_policy_enforcer;
6335 ct_policy_enforcer.set_default_result(
6336 ct::CertPolicyCompliance::CERT_POLICY_NOT_ENOUGH_SCTS);
6337
6338 TestNetworkDelegate network_delegate;
6339 // Use a MockHostResolver (which by default maps all hosts to
6340 // 127.0.0.1) so that the request can be sent to a site on the Expect
6341 // CT preload list.
6342 MockHostResolver host_resolver;
6343 TestURLRequestContext context(true);
6344 context.set_host_resolver(&host_resolver);
6345 context.set_transport_security_state(&transport_security_state);
6346 context.set_network_delegate(&network_delegate);
6347 context.set_cert_verifier(&cert_verifier);
6348 context.set_cert_transparency_verifier(&ct_verifier);
6349 context.set_ct_policy_enforcer(&ct_policy_enforcer);
6350 context.Init();
6351
6352 // Now send a request to trigger the violation.
6353 TestDelegate d;
6354 GURL url = https_test_server.GetURL("/expect-ct-header.html");
6355 GURL::Replacements replace_host;
6356 replace_host.SetHostStr(kExpectCTStaticHostname);
6357 url = url.ReplaceComponents(replace_host);
6358 scoped_ptr<URLRequest> violating_request(
6359 context.CreateRequest(url, DEFAULT_PRIORITY, &d));
6360 violating_request->Start();
6361 base::RunLoop().Run();
6362
6363 EXPECT_EQ(1u, reporter.num_failures());
6364 }
6365
6244 #endif // !defined(OS_IOS) 6366 #endif // !defined(OS_IOS)
6245 6367
6246 TEST_F(URLRequestTestHTTP, ContentTypeNormalizationTest) { 6368 TEST_F(URLRequestTestHTTP, ContentTypeNormalizationTest) {
6247 ASSERT_TRUE(http_test_server()->Start()); 6369 ASSERT_TRUE(http_test_server()->Start());
6248 6370
6249 TestDelegate d; 6371 TestDelegate d;
6250 scoped_ptr<URLRequest> req(default_context_.CreateRequest( 6372 scoped_ptr<URLRequest> req(default_context_.CreateRequest(
6251 http_test_server()->GetURL("/content-type-normalization.html"), 6373 http_test_server()->GetURL("/content-type-normalization.html"),
6252 DEFAULT_PRIORITY, &d)); 6374 DEFAULT_PRIORITY, &d));
6253 req->Start(); 6375 req->Start();
(...skipping 3641 matching lines...) Expand 10 before | Expand all | Expand 10 after
9895 AddTestInterceptor()->set_main_intercept_job(std::move(job)); 10017 AddTestInterceptor()->set_main_intercept_job(std::move(job));
9896 10018
9897 req->Start(); 10019 req->Start();
9898 req->Cancel(); 10020 req->Cancel();
9899 base::RunLoop().RunUntilIdle(); 10021 base::RunLoop().RunUntilIdle();
9900 EXPECT_EQ(URLRequestStatus::CANCELED, req->status().status()); 10022 EXPECT_EQ(URLRequestStatus::CANCELED, req->status().status());
9901 EXPECT_EQ(0, d.received_redirect_count()); 10023 EXPECT_EQ(0, d.received_redirect_count());
9902 } 10024 }
9903 10025
9904 } // namespace net 10026 } // namespace net
OLDNEW
« net/url_request/url_request_test_util.h ('K') | « net/url_request/url_request_test_util.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698