OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <utility> | 5 #include <utility> |
6 | 6 |
7 #include "build/build_config.h" | 7 #include "build/build_config.h" |
8 | 8 |
9 #if defined(OS_WIN) | 9 #if defined(OS_WIN) |
10 #include <windows.h> | 10 #include <windows.h> |
(...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
52 #include "net/base/load_timing_info_test_util.h" | 52 #include "net/base/load_timing_info_test_util.h" |
53 #include "net/base/net_errors.h" | 53 #include "net/base/net_errors.h" |
54 #include "net/base/net_module.h" | 54 #include "net/base/net_module.h" |
55 #include "net/base/network_quality_estimator.h" | 55 #include "net/base/network_quality_estimator.h" |
56 #include "net/base/request_priority.h" | 56 #include "net/base/request_priority.h" |
57 #include "net/base/test_data_directory.h" | 57 #include "net/base/test_data_directory.h" |
58 #include "net/base/upload_bytes_element_reader.h" | 58 #include "net/base/upload_bytes_element_reader.h" |
59 #include "net/base/upload_data_stream.h" | 59 #include "net/base/upload_data_stream.h" |
60 #include "net/base/upload_file_element_reader.h" | 60 #include "net/base/upload_file_element_reader.h" |
61 #include "net/base/url_util.h" | 61 #include "net/base/url_util.h" |
| 62 #include "net/cert/ct_policy_status.h" |
| 63 #include "net/cert/ct_verifier.h" |
| 64 #include "net/cert/ct_verify_result.h" |
62 #include "net/cert/ev_root_ca_metadata.h" | 65 #include "net/cert/ev_root_ca_metadata.h" |
63 #include "net/cert/mock_cert_verifier.h" | 66 #include "net/cert/mock_cert_verifier.h" |
64 #include "net/cert/test_root_certs.h" | 67 #include "net/cert/test_root_certs.h" |
65 #include "net/cert_net/nss_ocsp.h" | 68 #include "net/cert_net/nss_ocsp.h" |
66 #include "net/cookies/cookie_monster.h" | 69 #include "net/cookies/cookie_monster.h" |
67 #include "net/cookies/cookie_store_test_helpers.h" | 70 #include "net/cookies/cookie_store_test_helpers.h" |
68 #include "net/disk_cache/disk_cache.h" | 71 #include "net/disk_cache/disk_cache.h" |
69 #include "net/dns/mock_host_resolver.h" | 72 #include "net/dns/mock_host_resolver.h" |
70 #include "net/http/http_byte_range.h" | 73 #include "net/http/http_byte_range.h" |
71 #include "net/http/http_cache.h" | 74 #include "net/http/http_cache.h" |
(...skipping 5811 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
5883 DISABLED_ProcessPKPReportOnlyWithNoViolation | 5886 DISABLED_ProcessPKPReportOnlyWithNoViolation |
5884 #else | 5887 #else |
5885 #define MAYBE_ProcessPKP ProcessPKP | 5888 #define MAYBE_ProcessPKP ProcessPKP |
5886 #define MAYBE_ProcessPKPAndSendReport ProcessPKPAndSendReport | 5889 #define MAYBE_ProcessPKPAndSendReport ProcessPKPAndSendReport |
5887 #define MAYBE_ProcessPKPReportOnly ProcessPKPReportOnly | 5890 #define MAYBE_ProcessPKPReportOnly ProcessPKPReportOnly |
5888 #define MAYBE_ProcessPKPReportOnlyWithNoViolation \ | 5891 #define MAYBE_ProcessPKPReportOnlyWithNoViolation \ |
5889 ProcessPKPReportOnlyWithNoViolation | 5892 ProcessPKPReportOnlyWithNoViolation |
5890 #endif | 5893 #endif |
5891 | 5894 |
5892 namespace { | 5895 namespace { |
| 5896 const char kExpectCTStaticHostname[] = "preloaded-expect-ct.badssl.com"; |
5893 const char kHPKPReportUri[] = "https://hpkp-report.test"; | 5897 const char kHPKPReportUri[] = "https://hpkp-report.test"; |
5894 } // namespace | 5898 } // namespace |
5895 | 5899 |
5896 // Tests that enabling HPKP on a domain does not affect the HSTS | 5900 // Tests that enabling HPKP on a domain does not affect the HSTS |
5897 // validity/expiration. | 5901 // validity/expiration. |
5898 TEST_F(URLRequestTestHTTP, MAYBE_ProcessPKP) { | 5902 TEST_F(URLRequestTestHTTP, MAYBE_ProcessPKP) { |
5899 GURL report_uri(kHPKPReportUri); | 5903 GURL report_uri(kHPKPReportUri); |
5900 EmbeddedTestServer https_test_server(net::EmbeddedTestServer::TYPE_HTTPS); | 5904 EmbeddedTestServer https_test_server(net::EmbeddedTestServer::TYPE_HTTPS); |
5901 https_test_server.SetSSLConfig( | 5905 https_test_server.SetSSLConfig( |
5902 net::EmbeddedTestServer::CERT_COMMON_NAME_IS_DOMAIN); | 5906 net::EmbeddedTestServer::CERT_COMMON_NAME_IS_DOMAIN); |
(...skipping 331 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
6234 // Android's CertVerifyProc does not (yet) handle pins. | 6238 // Android's CertVerifyProc does not (yet) handle pins. |
6235 #else | 6239 #else |
6236 EXPECT_TRUE(pkp_state.HasPublicKeyPins()); | 6240 EXPECT_TRUE(pkp_state.HasPublicKeyPins()); |
6237 #endif | 6241 #endif |
6238 EXPECT_NE(sts_state.expiry, pkp_state.expiry); | 6242 EXPECT_NE(sts_state.expiry, pkp_state.expiry); |
6239 | 6243 |
6240 EXPECT_TRUE(sts_state.include_subdomains); | 6244 EXPECT_TRUE(sts_state.include_subdomains); |
6241 EXPECT_FALSE(pkp_state.include_subdomains); | 6245 EXPECT_FALSE(pkp_state.include_subdomains); |
6242 } | 6246 } |
6243 | 6247 |
| 6248 // An ExpectCTReporter that records the number of times OnExpectCTFailed() was |
| 6249 // called. |
| 6250 class MockExpectCTReporter : public TransportSecurityState::ExpectCTReporter { |
| 6251 public: |
| 6252 MockExpectCTReporter() : num_failures_(0) {} |
| 6253 ~MockExpectCTReporter() override {} |
| 6254 |
| 6255 void OnExpectCTFailed(const HostPortPair& host_port_pair, |
| 6256 const GURL& report_uri, |
| 6257 const net::SSLInfo& ssl_info) override { |
| 6258 num_failures_++; |
| 6259 } |
| 6260 |
| 6261 uint32_t num_failures() { return num_failures_; } |
| 6262 |
| 6263 private: |
| 6264 uint32_t num_failures_; |
| 6265 }; |
| 6266 |
| 6267 // A CTVerifier that returns net::OK for every certificate. |
| 6268 class MockCTVerifier : public CTVerifier { |
| 6269 public: |
| 6270 MockCTVerifier() {} |
| 6271 ~MockCTVerifier() override {} |
| 6272 |
| 6273 int Verify(X509Certificate* cert, |
| 6274 const std::string& stapled_ocsp_response, |
| 6275 const std::string& sct_list_from_tls_extension, |
| 6276 ct::CTVerifyResult* result, |
| 6277 const BoundNetLog& net_log) override { |
| 6278 return net::OK; |
| 6279 } |
| 6280 |
| 6281 void SetObserver(Observer* observer) override {} |
| 6282 }; |
| 6283 |
| 6284 // A CTPolicyEnforcer that returns a default CertPolicyCompliance value |
| 6285 // for every certificate. |
| 6286 class MockCTPolicyEnforcer : public CTPolicyEnforcer { |
| 6287 public: |
| 6288 MockCTPolicyEnforcer() |
| 6289 : default_result_( |
| 6290 ct::CertPolicyCompliance::CERT_POLICY_COMPLIES_VIA_SCTS) {} |
| 6291 ~MockCTPolicyEnforcer() override {} |
| 6292 |
| 6293 ct::CertPolicyCompliance DoesConformToCertPolicy( |
| 6294 X509Certificate* cert, |
| 6295 const SCTList& verified_scts, |
| 6296 const BoundNetLog& net_log) override { |
| 6297 return default_result_; |
| 6298 } |
| 6299 |
| 6300 void set_default_result(ct::CertPolicyCompliance default_result) { |
| 6301 default_result_ = default_result; |
| 6302 } |
| 6303 |
| 6304 private: |
| 6305 ct::CertPolicyCompliance default_result_; |
| 6306 }; |
| 6307 |
| 6308 // Tests that Expect CT headers are processed correctly. |
| 6309 TEST_F(URLRequestTestHTTP, ExpectCTHeader) { |
| 6310 EmbeddedTestServer https_test_server(net::EmbeddedTestServer::TYPE_HTTPS); |
| 6311 https_test_server.SetSSLConfig( |
| 6312 net::EmbeddedTestServer::CERT_COMMON_NAME_IS_DOMAIN); |
| 6313 https_test_server.ServeFilesFromSourceDirectory( |
| 6314 base::FilePath(kTestFilePath)); |
| 6315 ASSERT_TRUE(https_test_server.Start()); |
| 6316 |
| 6317 MockExpectCTReporter reporter; |
| 6318 TransportSecurityState transport_security_state; |
| 6319 transport_security_state.enable_static_expect_ct_ = true; |
| 6320 transport_security_state.SetExpectCTReporter(&reporter); |
| 6321 |
| 6322 // Set up a MockCertVerifier to accept the certificate that the server sends. |
| 6323 scoped_refptr<X509Certificate> cert = https_test_server.GetCertificate(); |
| 6324 ASSERT_TRUE(cert); |
| 6325 MockCertVerifier cert_verifier; |
| 6326 CertVerifyResult verify_result; |
| 6327 verify_result.verified_cert = cert; |
| 6328 verify_result.is_issued_by_known_root = true; |
| 6329 cert_verifier.AddResultForCert(cert.get(), verify_result, OK); |
| 6330 |
| 6331 // Set up a MockCTVerifier and MockCTPolicyEnforcer to trigger an Expect CT |
| 6332 // violation. |
| 6333 MockCTVerifier ct_verifier; |
| 6334 MockCTPolicyEnforcer ct_policy_enforcer; |
| 6335 ct_policy_enforcer.set_default_result( |
| 6336 ct::CertPolicyCompliance::CERT_POLICY_NOT_ENOUGH_SCTS); |
| 6337 |
| 6338 TestNetworkDelegate network_delegate; |
| 6339 // Use a MockHostResolver (which by default maps all hosts to |
| 6340 // 127.0.0.1) so that the request can be sent to a site on the Expect |
| 6341 // CT preload list. |
| 6342 MockHostResolver host_resolver; |
| 6343 TestURLRequestContext context(true); |
| 6344 context.set_host_resolver(&host_resolver); |
| 6345 context.set_transport_security_state(&transport_security_state); |
| 6346 context.set_network_delegate(&network_delegate); |
| 6347 context.set_cert_verifier(&cert_verifier); |
| 6348 context.set_cert_transparency_verifier(&ct_verifier); |
| 6349 context.set_ct_policy_enforcer(&ct_policy_enforcer); |
| 6350 context.Init(); |
| 6351 |
| 6352 // Now send a request to trigger the violation. |
| 6353 TestDelegate d; |
| 6354 GURL url = https_test_server.GetURL("/expect-ct-header.html"); |
| 6355 GURL::Replacements replace_host; |
| 6356 replace_host.SetHostStr(kExpectCTStaticHostname); |
| 6357 url = url.ReplaceComponents(replace_host); |
| 6358 scoped_ptr<URLRequest> violating_request( |
| 6359 context.CreateRequest(url, DEFAULT_PRIORITY, &d)); |
| 6360 violating_request->Start(); |
| 6361 base::RunLoop().Run(); |
| 6362 |
| 6363 EXPECT_EQ(1u, reporter.num_failures()); |
| 6364 } |
| 6365 |
6244 #endif // !defined(OS_IOS) | 6366 #endif // !defined(OS_IOS) |
6245 | 6367 |
6246 TEST_F(URLRequestTestHTTP, ContentTypeNormalizationTest) { | 6368 TEST_F(URLRequestTestHTTP, ContentTypeNormalizationTest) { |
6247 ASSERT_TRUE(http_test_server()->Start()); | 6369 ASSERT_TRUE(http_test_server()->Start()); |
6248 | 6370 |
6249 TestDelegate d; | 6371 TestDelegate d; |
6250 scoped_ptr<URLRequest> req(default_context_.CreateRequest( | 6372 scoped_ptr<URLRequest> req(default_context_.CreateRequest( |
6251 http_test_server()->GetURL("/content-type-normalization.html"), | 6373 http_test_server()->GetURL("/content-type-normalization.html"), |
6252 DEFAULT_PRIORITY, &d)); | 6374 DEFAULT_PRIORITY, &d)); |
6253 req->Start(); | 6375 req->Start(); |
(...skipping 3641 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
9895 AddTestInterceptor()->set_main_intercept_job(std::move(job)); | 10017 AddTestInterceptor()->set_main_intercept_job(std::move(job)); |
9896 | 10018 |
9897 req->Start(); | 10019 req->Start(); |
9898 req->Cancel(); | 10020 req->Cancel(); |
9899 base::RunLoop().RunUntilIdle(); | 10021 base::RunLoop().RunUntilIdle(); |
9900 EXPECT_EQ(URLRequestStatus::CANCELED, req->status().status()); | 10022 EXPECT_EQ(URLRequestStatus::CANCELED, req->status().status()); |
9901 EXPECT_EQ(0, d.received_redirect_count()); | 10023 EXPECT_EQ(0, d.received_redirect_count()); |
9902 } | 10024 } |
9903 | 10025 |
9904 } // namespace net | 10026 } // namespace net |
OLD | NEW |