Chromium Code Reviews Chromium Code Reviews
Issue 1781003003:
Implement referred Token Bindings (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <utility> | 5 #include <utility> |
| 6 | 6 |
| 7 #include "build/build_config.h" | 7 #include "build/build_config.h" |
| 8 | 8 |
| 9 #if defined(OS_WIN) | 9 #if defined(OS_WIN) |
| 10 #include <windows.h> | 10 #include <windows.h> |
| (...skipping 3446 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 3457 EXPECT_EQ(URLRequestStatus::SUCCESS, r->status().status()); | 3457 EXPECT_EQ(URLRequestStatus::SUCCESS, r->status().status()); |
| 3458 | 3458 |
| 3459 HttpRequestHeaders headers; | 3459 HttpRequestHeaders headers; |
| 3460 std::string token_binding_header, token_binding_message; | 3460 std::string token_binding_header, token_binding_message; |
| 3461 EXPECT_TRUE(r->GetFullRequestHeaders(&headers)); | 3461 EXPECT_TRUE(r->GetFullRequestHeaders(&headers)); |
| 3462 EXPECT_TRUE(headers.GetHeader(HttpRequestHeaders::kTokenBinding, | 3462 EXPECT_TRUE(headers.GetHeader(HttpRequestHeaders::kTokenBinding, |
| 3463 &token_binding_header)); | 3463 &token_binding_header)); |
| 3464 EXPECT_TRUE(base::Base64UrlDecode( | 3464 EXPECT_TRUE(base::Base64UrlDecode( |
| 3465 token_binding_header, base::Base64UrlDecodePolicy::REQUIRE_PADDING, | 3465 token_binding_header, base::Base64UrlDecodePolicy::REQUIRE_PADDING, |
| 3466 &token_binding_message)); | 3466 &token_binding_message)); |
| 3467 base::StringPiece ec_point, signature; | 3467 std::vector<TokenBinding> token_bindings; |
| 3468 EXPECT_TRUE( | 3468 ASSERT_TRUE( |
| 3469 ParseTokenBindingMessage(token_binding_message, &ec_point, &signature)); | 3469 ParseTokenBindingMessage(token_binding_message, &token_bindings)); |
| 3470 ASSERT_EQ(1ull, token_bindings.size()); | |
| 3470 | 3471 |
| 3471 EXPECT_GT(d.bytes_received(), 0); | 3472 EXPECT_GT(d.bytes_received(), 0); |
| 3472 std::string ekm = d.data_received(); | 3473 std::string ekm = d.data_received(); |
| 3473 | 3474 |
| 3474 EXPECT_TRUE(VerifyEKMSignature(ec_point, signature, ekm)); | 3475 EXPECT_EQ(TB_TYPE_PROVIDED, token_bindings[0].type); |
| 3476 EXPECT_TRUE(VerifyEKMSignature(token_bindings[0].ec_point, | |
| 3477 token_bindings[0].signature, ekm)); | |
| 3478 } | |
| 3479 } | |
| 3480 | |
| 3481 TEST_F(TokenBindingURLRequestTest, ForwardTokenBinding) { | |
| 3482 SpawnedTestServer::SSLOptions ssl_options; | |
| 3483 ssl_options.supported_token_binding_params.push_back(TB_PARAM_ECDSAP256); | |
| 3484 SpawnedTestServer https_test_server(SpawnedTestServer::TYPE_HTTPS, | |
| 3485 ssl_options, | |
| 3486 base::FilePath(kTestFilePath)); | |
| 3487 ASSERT_TRUE(https_test_server.Start()); | |
| 3488 | |
| 3489 TestDelegate d; | |
| 3490 { | |
| 3491 GURL redirect_url = | |
| 3492 https_test_server.GetURL("forward-tokbind?/tokbind-ekm"); | |
| 3493 scoped_ptr<URLRequest> r( | |
| 3494 default_context_.CreateRequest(redirect_url, DEFAULT_PRIORITY, &d)); | |
| 3495 r->Start(); | |
| 3496 EXPECT_TRUE(r->is_pending()); | |
| 3497 | |
| 3498 base::RunLoop().Run(); | |
| 3499 | |
| 3500 EXPECT_EQ(URLRequestStatus::SUCCESS, r->status().status()); | |
| 3501 | |
| 3502 HttpRequestHeaders headers; | |
| 3503 std::string token_binding_header, token_binding_message; | |
| 3504 EXPECT_TRUE(r->GetFullRequestHeaders(&headers)); | |
| 3505 EXPECT_TRUE(headers.GetHeader(HttpRequestHeaders::kTokenBinding, | |
| 3506 &token_binding_header)); | |
| 3507 EXPECT_TRUE(base::Base64UrlDecode( | |
| 3508 token_binding_header, base::Base64UrlDecodePolicy::REQUIRE_PADDING, | |
| 3509 &token_binding_message)); | |
| 3510 std::vector<TokenBinding> token_bindings; | |
| 3511 ASSERT_TRUE( | |
| 3512 ParseTokenBindingMessage(token_binding_message, &token_bindings)); | |
| 3513 ASSERT_EQ(2ull, token_bindings.size()); | |
| 3514 | |
| 3515 EXPECT_GT(d.bytes_received(), 0); | |
| 3516 std::string ekm = d.data_received(); | |
| 3517 | |
| 3518 EXPECT_EQ(TB_TYPE_PROVIDED, token_bindings[0].type); | |
| 3519 EXPECT_TRUE(VerifyEKMSignature(token_bindings[0].ec_point, | |
| 3520 token_bindings[0].signature, ekm)); | |
| 3521 EXPECT_EQ(TB_TYPE_REFERRED, token_bindings[1].type); | |
| 3522 EXPECT_TRUE(VerifyEKMSignature(token_bindings[1].ec_point, | |
| 3523 token_bindings[1].signature, ekm)); | |
| 3524 } | |
| 3525 } | |
| 3526 | |
| 3527 TEST_F(TokenBindingURLRequestTest, DontForwardHeaderFromHttp) { | |
|
davidben
2016/03/15 22:49:56
Do we also need a DontForwardHeaderToHttp test?
nharper
2016/03/16 17:49:22
It would be covered by a DontSendTokenBindingHeade
| |
| 3528 SpawnedTestServer http_server(SpawnedTestServer::TYPE_HTTP, | |
| 3529 SpawnedTestServer::kLocalhost, | |
| 3530 base::FilePath()); | |
| 3531 ASSERT_TRUE(http_server.Start()); | |
| 3532 SpawnedTestServer::SSLOptions ssl_options; | |
| 3533 ssl_options.supported_token_binding_params.push_back(TB_PARAM_ECDSAP256); | |
| 3534 SpawnedTestServer https_test_server(SpawnedTestServer::TYPE_HTTPS, | |
| 3535 ssl_options, | |
| 3536 base::FilePath(kTestFilePath)); | |
| 3537 ASSERT_TRUE(https_test_server.Start()); | |
| 3538 | |
| 3539 TestDelegate d; | |
| 3540 { | |
| 3541 GURL redirect_url = http_server.GetURL( | |
| 3542 "forward-tokbind?" + https_test_server.GetURL("tokbind-ekm").spec()); | |
| 3543 scoped_ptr<URLRequest> r( | |
| 3544 default_context_.CreateRequest(redirect_url, DEFAULT_PRIORITY, &d)); | |
| 3545 r->Start(); | |
| 3546 EXPECT_TRUE(r->is_pending()); | |
| 3547 | |
| 3548 base::RunLoop().Run(); | |
| 3549 | |
| 3550 EXPECT_EQ(URLRequestStatus::SUCCESS, r->status().status()); | |
| 3551 | |
| 3552 HttpRequestHeaders headers; | |
| 3553 std::string token_binding_header, token_binding_message; | |
| 3554 EXPECT_TRUE(r->GetFullRequestHeaders(&headers)); | |
| 3555 EXPECT_TRUE(headers.GetHeader(HttpRequestHeaders::kTokenBinding, | |
| 3556 &token_binding_header)); | |
| 3557 EXPECT_TRUE(base::Base64UrlDecode( | |
| 3558 token_binding_header, base::Base64UrlDecodePolicy::REQUIRE_PADDING, | |
| 3559 &token_binding_message)); | |
| 3560 std::vector<TokenBinding> token_bindings; | |
| 3561 ASSERT_TRUE( | |
| 3562 ParseTokenBindingMessage(token_binding_message, &token_bindings)); | |
| 3563 ASSERT_EQ(1ull, token_bindings.size()); | |
| 3564 | |
| 3565 EXPECT_GT(d.bytes_received(), 0); | |
| 3566 std::string ekm = d.data_received(); | |
| 3567 | |
| 3568 EXPECT_EQ(TB_TYPE_PROVIDED, token_bindings[0].type); | |
| 3569 EXPECT_TRUE(VerifyEKMSignature(token_bindings[0].ec_point, | |
| 3570 token_bindings[0].signature, ekm)); | |
| 3475 } | 3571 } |
| 3476 } | 3572 } |
| 3477 #endif // !defined(OS_IOS) | 3573 #endif // !defined(OS_IOS) |
| 3478 | 3574 |
| 3479 // In this unit test, we're using the HTTPTestServer as a proxy server and | 3575 // In this unit test, we're using the HTTPTestServer as a proxy server and |
| 3480 // issuing a CONNECT request with the magic host name "www.redirect.com". | 3576 // issuing a CONNECT request with the magic host name "www.redirect.com". |
| 3481 // The EmbeddedTestServer will return a 302 response, which we should not | 3577 // The EmbeddedTestServer will return a 302 response, which we should not |
| 3482 // follow. | 3578 // follow. |
| 3483 TEST_F(URLRequestTestHTTP, ProxyTunnelRedirectTest) { | 3579 TEST_F(URLRequestTestHTTP, ProxyTunnelRedirectTest) { |
| 3484 http_test_server()->RegisterRequestHandler( | 3580 http_test_server()->RegisterRequestHandler( |
| (...skipping 6408 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 9893 AddTestInterceptor()->set_main_intercept_job(std::move(job)); | 9989 AddTestInterceptor()->set_main_intercept_job(std::move(job)); |
| 9894 | 9990 |
| 9895 req->Start(); | 9991 req->Start(); |
| 9896 req->Cancel(); | 9992 req->Cancel(); |
| 9897 base::RunLoop().RunUntilIdle(); | 9993 base::RunLoop().RunUntilIdle(); |
| 9898 EXPECT_EQ(URLRequestStatus::CANCELED, req->status().status()); | 9994 EXPECT_EQ(URLRequestStatus::CANCELED, req->status().status()); |
| 9899 EXPECT_EQ(0, d.received_redirect_count()); | 9995 EXPECT_EQ(0, d.received_redirect_count()); |
| 9900 } | 9996 } |
| 9901 | 9997 |
| 9902 } // namespace net | 9998 } // namespace net |
| OLD | NEW |
