Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(13)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/renderer/origin_trials/trial_token_unittest.cc

Issue 1742053002: Move trial token code to content/common. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: rebase Created 4 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« chrome/common/origin_trials/origin_trial_key_manager.h ('K') | « content/renderer/origin_trials/trial_token.cc ('k') | content/renderer/origin_trials/trial_token_validator.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "content/renderer/origin_trials/trial_token.h"
6
7 #include "base/macros.h"
8 #include "base/memory/scoped_ptr.h"
9 #include "base/strings/string_piece.h"
10 #include "base/strings/string_util.h"
11 #include "base/test/simple_test_clock.h"
12 #include "base/time/time.h"
13 #include "testing/gtest/include/gtest/gtest.h"
14 #include "url/gurl.h"
15
16 namespace content {
17
18 namespace {
19
20 // This is a sample public key for testing the API. The corresponding private
21 // key (use this to generate new samples for this test file) is:
22 //
23 // 0x83, 0x67, 0xf4, 0xcd, 0x2a, 0x1f, 0x0e, 0x04, 0x0d, 0x43, 0x13,
24 // 0x4c, 0x67, 0xc4, 0xf4, 0x28, 0xc9, 0x90, 0x15, 0x02, 0xe2, 0xba,
25 // 0xfd, 0xbb, 0xfa, 0xbc, 0x92, 0x76, 0x8a, 0x2c, 0x4b, 0xc7, 0x75,
26 // 0x10, 0xac, 0xf9, 0x3a, 0x1c, 0xb8, 0xa9, 0x28, 0x70, 0xd2, 0x9a,
27 // 0xd0, 0x0b, 0x59, 0xe1, 0xac, 0x2b, 0xb7, 0xd5, 0xca, 0x1f, 0x64,
28 // 0x90, 0x08, 0x8e, 0xa8, 0xe0, 0x56, 0x3a, 0x04, 0xd0
29 const uint8_t kTestPublicKey[] = {
30 0x75, 0x10, 0xac, 0xf9, 0x3a, 0x1c, 0xb8, 0xa9, 0x28, 0x70, 0xd2,
31 0x9a, 0xd0, 0x0b, 0x59, 0xe1, 0xac, 0x2b, 0xb7, 0xd5, 0xca, 0x1f,
32 0x64, 0x90, 0x08, 0x8e, 0xa8, 0xe0, 0x56, 0x3a, 0x04, 0xd0,
33 };
34
35 // This is a valid, but incorrect, public key for testing signatures against.
36 // The corresponding private key is:
37 //
38 // 0x21, 0xee, 0xfa, 0x81, 0x6a, 0xff, 0xdf, 0xb8, 0xc1, 0xdd, 0x75,
39 // 0x05, 0x04, 0x29, 0x68, 0x67, 0x60, 0x85, 0x91, 0xd0, 0x50, 0x16,
40 // 0x0a, 0xcf, 0xa2, 0x37, 0xa3, 0x2e, 0x11, 0x7a, 0x17, 0x96, 0x50,
41 // 0x07, 0x4d, 0x76, 0x55, 0x56, 0x42, 0x17, 0x2d, 0x8a, 0x9c, 0x47,
42 // 0x96, 0x25, 0xda, 0x70, 0xaa, 0xb9, 0xfd, 0x53, 0x5d, 0x51, 0x3e,
43 // 0x16, 0xab, 0xb4, 0x86, 0xea, 0xf3, 0x35, 0xc6, 0xca
44 const uint8_t kTestPublicKey2[] = {
45 0x50, 0x07, 0x4d, 0x76, 0x55, 0x56, 0x42, 0x17, 0x2d, 0x8a, 0x9c,
46 0x47, 0x96, 0x25, 0xda, 0x70, 0xaa, 0xb9, 0xfd, 0x53, 0x5d, 0x51,
47 0x3e, 0x16, 0xab, 0xb4, 0x86, 0xea, 0xf3, 0x35, 0xc6, 0xca,
48 };
49
50 // This is a good trial token, signed with the above test private key.
51 const char* kSampleToken =
52 "1|UsEO0cNxoUtBnHDJdGPWTlXuLENjXcEIPL7Bs7sbvicPCcvAtyqhQuTJ9h/u1R3VZpWigtI+"
53 "SdUwk7Dyk/qbDw==|https://valid.example.com|Frobulate|1458766277";
54 const uint8_t kExpectedVersion = 1;
55 const char* kExpectedSignature =
56 "UsEO0cNxoUtBnHDJdGPWTlXuLENjXcEIPL7Bs7sbvicPCcvAtyqhQuTJ9h/u1R3VZpWigtI+S"
57 "dUwk7Dyk/qbDw==";
58 const char* kExpectedData = "https://valid.example.com|Frobulate|1458766277";
59 const char* kExpectedFeatureName = "Frobulate";
60 const char* kExpectedOrigin = "https://valid.example.com";
61 const uint64_t kExpectedExpiry = 1458766277;
62
63 // The token should not be valid for this origin, or for this feature.
64 const char* kInvalidOrigin = "https://invalid.example.com";
65 const char* kInsecureOrigin = "http://valid.example.com";
66 const char* kInvalidFeatureName = "Grokalyze";
67
68 // The token should be valid if the current time is kValidTimestamp or earlier.
69 double kValidTimestamp = 1458766276.0;
70
71 // The token should be invalid if the current time is kInvalidTimestamp or
72 // later.
73 double kInvalidTimestamp = 1458766278.0;
74
75 // Well-formed trial token with an invalid signature.
76 const char* kInvalidSignatureToken =
77 "1|CO8hDne98QeFeOJ0DbRZCBN3uE0nyaPgaLlkYhSWnbRoDfEAg+TXELaYfQPfEvKYFauBg/"
78 "hnxmba765hz0mXMc==|https://valid.example.com|Frobulate|1458766277";
79
80 // Various ill-formed trial tokens. These should all fail to parse.
81 const char* kInvalidTokens[] = {
82 // Invalid - only one part
83 "abcde",
84 // Not enough parts
85 "https://valid.example.com|FeatureName|1458766277",
86 "Signature|https://valid.example.com|FeatureName|1458766277",
87 // Non-numeric version
88 "a|Signature|https://valid.example.com|FeatureName|1458766277",
89 "1x|Signature|https://valid.example.com|FeatureName|1458766277",
90 // Unsupported version (< min, > max, negative, overflow)
91 "0|Signature|https://valid.example.com|FeatureName|1458766277",
92 "2|Signature|https://valid.example.com|FeatureName|1458766277",
93 "-1|Signature|https://valid.example.com|FeatureName|1458766277",
94 "99999|Signature|https://valid.example.com|FeatureName|1458766277",
95 // Delimiter in feature name
96 "1|Signature|https://valid.example.com|Feature|Name|1458766277",
97 // Extra string field
98 "1|Signature|https://valid.example.com|FeatureName|1458766277|ExtraField",
99 // Extra numeric field
100 "1|Signature|https://valid.example.com|FeatureName|1458766277|1458766277",
101 // Non-numeric expiry timestamp
102 "1|Signature|https://valid.example.com|FeatureName|abcdefghij",
103 "1|Signature|https://valid.example.com|FeatureName|1458766277x",
104 // Negative expiry timestamp
105 "1|Signature|https://valid.example.com|FeatureName|-1458766277",
106 // Origin not a proper origin URL
107 "1|Signature|abcdef|FeatureName|1458766277",
108 "1|Signature|data:text/plain,abcdef|FeatureName|1458766277",
109 "1|Signature|javascript:alert(1)|FeatureName|1458766277"};
110 const size_t kNumInvalidTokens = arraysize(kInvalidTokens);
111
112 } // namespace
113
114 class TrialTokenTest : public testing::Test {
115 public:
116 TrialTokenTest()
117 : expected_origin_(GURL(kExpectedOrigin)),
118 invalid_origin_(GURL(kInvalidOrigin)),
119 insecure_origin_(GURL(kInsecureOrigin)),
120 correct_public_key_(
121 base::StringPiece(reinterpret_cast<const char*>(kTestPublicKey),
122 arraysize(kTestPublicKey))),
123 incorrect_public_key_(
124 base::StringPiece(reinterpret_cast<const char*>(kTestPublicKey2),
125 arraysize(kTestPublicKey2))) {}
126
127 protected:
128 bool ValidateOrigin(TrialToken* token, const url::Origin origin) {
129 return token->ValidateOrigin(origin);
130 }
131
132 bool ValidateFeatureName(TrialToken* token, const char* feature_name) {
133 return token->ValidateFeatureName(feature_name);
134 }
135
136 bool ValidateDate(TrialToken* token, const base::Time& now) {
137 return token->ValidateDate(now);
138 }
139
140 bool ValidateSignature(TrialToken* token,
141 const base::StringPiece& public_key) {
142 return token->ValidateSignature(public_key);
143 }
144
145 base::StringPiece correct_public_key() { return correct_public_key_; }
146 base::StringPiece incorrect_public_key() { return incorrect_public_key_; }
147
148 const url::Origin expected_origin_;
149 const url::Origin invalid_origin_;
150 const url::Origin insecure_origin_;
151
152 private:
153 base::StringPiece correct_public_key_;
154 base::StringPiece incorrect_public_key_;
155 };
156
157 TEST_F(TrialTokenTest, ParseEmptyString) {
158 scoped_ptr<TrialToken> empty_token = TrialToken::Parse("");
159 EXPECT_FALSE(empty_token);
160 }
161
162 TEST_F(TrialTokenTest, ParseInvalidStrings) {
163 for (size_t i = 0; i < kNumInvalidTokens; ++i) {
164 scoped_ptr<TrialToken> empty_token = TrialToken::Parse(kInvalidTokens[i]);
165 EXPECT_FALSE(empty_token) << "Invalid trial token should not parse: "
166 << kInvalidTokens[i];
167 }
168 }
169
170 TEST_F(TrialTokenTest, ParseValidToken) {
171 scoped_ptr<TrialToken> token = TrialToken::Parse(kSampleToken);
172 ASSERT_TRUE(token);
173 EXPECT_EQ(kExpectedVersion, token->version());
174 EXPECT_EQ(kExpectedFeatureName, token->feature_name());
175 EXPECT_EQ(kExpectedSignature, token->signature());
176 EXPECT_EQ(kExpectedData, token->data());
177 EXPECT_EQ(expected_origin_, token->origin());
178 EXPECT_EQ(base::Time::FromDoubleT(kExpectedExpiry), token->expiry_time());
179 }
180
181 TEST_F(TrialTokenTest, ValidateValidToken) {
182 scoped_ptr<TrialToken> token = TrialToken::Parse(kSampleToken);
183 ASSERT_TRUE(token);
184 EXPECT_TRUE(ValidateOrigin(token.get(), expected_origin_));
185 EXPECT_FALSE(ValidateOrigin(token.get(), invalid_origin_));
186 EXPECT_FALSE(ValidateOrigin(token.get(), insecure_origin_));
187 EXPECT_TRUE(ValidateFeatureName(token.get(), kExpectedFeatureName));
188 EXPECT_FALSE(ValidateFeatureName(token.get(), kInvalidFeatureName));
189 EXPECT_FALSE(ValidateFeatureName(
190 token.get(), base::ToUpperASCII(kExpectedFeatureName).c_str()));
191 EXPECT_FALSE(ValidateFeatureName(
192 token.get(), base::ToLowerASCII(kExpectedFeatureName).c_str()));
193 EXPECT_TRUE(
194 ValidateDate(token.get(), base::Time::FromDoubleT(kValidTimestamp)));
195 EXPECT_FALSE(
196 ValidateDate(token.get(), base::Time::FromDoubleT(kInvalidTimestamp)));
197 }
198
199 TEST_F(TrialTokenTest, TokenIsAppropriateForOriginAndFeature) {
200 scoped_ptr<TrialToken> token = TrialToken::Parse(kSampleToken);
201 ASSERT_TRUE(token);
202 EXPECT_TRUE(token->IsAppropriate(expected_origin_, kExpectedFeatureName));
203 EXPECT_FALSE(token->IsAppropriate(expected_origin_,
204 base::ToUpperASCII(kExpectedFeatureName)));
205 EXPECT_FALSE(token->IsAppropriate(expected_origin_,
206 base::ToLowerASCII(kExpectedFeatureName)));
207 EXPECT_FALSE(token->IsAppropriate(invalid_origin_, kExpectedFeatureName));
208 EXPECT_FALSE(token->IsAppropriate(insecure_origin_, kExpectedFeatureName));
209 EXPECT_FALSE(token->IsAppropriate(expected_origin_, kInvalidFeatureName));
210 }
211
212 TEST_F(TrialTokenTest, ValidateValidSignature) {
213 scoped_ptr<TrialToken> token = TrialToken::Parse(kSampleToken);
214 ASSERT_TRUE(token);
215 EXPECT_TRUE(ValidateSignature(token.get(), correct_public_key()));
216 }
217
218 TEST_F(TrialTokenTest, ValidateInvalidSignature) {
219 scoped_ptr<TrialToken> token = TrialToken::Parse(kInvalidSignatureToken);
220 ASSERT_TRUE(token);
221 EXPECT_FALSE(ValidateSignature(token.get(), correct_public_key()));
222 }
223
224 TEST_F(TrialTokenTest, ValidateTokenWithCorrectKey) {
225 scoped_ptr<TrialToken> token = TrialToken::Parse(kSampleToken);
226 ASSERT_TRUE(token);
227 EXPECT_TRUE(token->IsValid(base::Time::FromDoubleT(kValidTimestamp),
228 correct_public_key()));
229 }
230
231 TEST_F(TrialTokenTest, ValidateSignatureWithIncorrectKey) {
232 scoped_ptr<TrialToken> token = TrialToken::Parse(kSampleToken);
233 ASSERT_TRUE(token);
234 EXPECT_FALSE(token->IsValid(base::Time::FromDoubleT(kValidTimestamp),
235 incorrect_public_key()));
236 }
237
238 TEST_F(TrialTokenTest, ValidateWhenNotExpired) {
239 scoped_ptr<TrialToken> token = TrialToken::Parse(kSampleToken);
240 ASSERT_TRUE(token);
241 }
242
243 } // namespace content
OLDNEW
« chrome/common/origin_trials/origin_trial_key_manager.h ('K') | « content/renderer/origin_trials/trial_token.cc ('k') | content/renderer/origin_trials/trial_token_validator.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698