Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(793)

Unified Diff: net/url_request/url_request_unittest.cc

Issue 1781003003: Implement referred Token Bindings (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Add #ifdef for OS_ANDROID in TokenBindingURLRequestTest Created 4 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/url_request/url_request_job.cc ('k') | third_party/tlslite/README.chromium » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/url_request/url_request_unittest.cc
diff --git a/net/url_request/url_request_unittest.cc b/net/url_request/url_request_unittest.cc
index 3cbeca5aca4b356320e01b7bbd6ebbd59715a786..2aa46085bd85dfdc134e5b6d0b742746c6c9102f 100644
--- a/net/url_request/url_request_unittest.cc
+++ b/net/url_request/url_request_unittest.cc
@@ -3499,16 +3499,153 @@ TEST_F(TokenBindingURLRequestTest, TokenBindingTest) {
EXPECT_TRUE(base::Base64UrlDecode(
token_binding_header, base::Base64UrlDecodePolicy::REQUIRE_PADDING,
&token_binding_message));
- base::StringPiece ec_point, signature;
- EXPECT_TRUE(
- ParseTokenBindingMessage(token_binding_message, &ec_point, &signature));
+ std::vector<TokenBinding> token_bindings;
+ ASSERT_TRUE(
+ ParseTokenBindingMessage(token_binding_message, &token_bindings));
+ ASSERT_EQ(1ull, token_bindings.size());
EXPECT_GT(d.bytes_received(), 0);
std::string ekm = d.data_received();
- EXPECT_TRUE(VerifyEKMSignature(ec_point, signature, ekm));
+ EXPECT_EQ(TokenBindingType::PROVIDED, token_bindings[0].type);
+ EXPECT_TRUE(VerifyEKMSignature(token_bindings[0].ec_point,
+ token_bindings[0].signature, ekm));
}
}
+
+TEST_F(TokenBindingURLRequestTest, ForwardTokenBinding) {
+ SpawnedTestServer::SSLOptions ssl_options;
+ ssl_options.supported_token_binding_params.push_back(TB_PARAM_ECDSAP256);
+ SpawnedTestServer https_test_server(SpawnedTestServer::TYPE_HTTPS,
+ ssl_options,
+ base::FilePath(kTestFilePath));
+ ASSERT_TRUE(https_test_server.Start());
+
+ TestDelegate d;
+ {
+ GURL redirect_url =
+ https_test_server.GetURL("forward-tokbind?/tokbind-ekm");
+ scoped_ptr<URLRequest> r(
+ default_context_.CreateRequest(redirect_url, DEFAULT_PRIORITY, &d));
+ r->Start();
+ EXPECT_TRUE(r->is_pending());
+
+ base::RunLoop().Run();
+
+ EXPECT_EQ(URLRequestStatus::SUCCESS, r->status().status());
+
+ HttpRequestHeaders headers;
+ std::string token_binding_header, token_binding_message;
+ EXPECT_TRUE(r->GetFullRequestHeaders(&headers));
+ EXPECT_TRUE(headers.GetHeader(HttpRequestHeaders::kTokenBinding,
+ &token_binding_header));
+ EXPECT_TRUE(base::Base64UrlDecode(
+ token_binding_header, base::Base64UrlDecodePolicy::REQUIRE_PADDING,
+ &token_binding_message));
+ std::vector<TokenBinding> token_bindings;
+ ASSERT_TRUE(
+ ParseTokenBindingMessage(token_binding_message, &token_bindings));
+ ASSERT_EQ(2ull, token_bindings.size());
+
+ EXPECT_GT(d.bytes_received(), 0);
+ std::string ekm = d.data_received();
+
+ EXPECT_EQ(TokenBindingType::PROVIDED, token_bindings[0].type);
+ EXPECT_TRUE(VerifyEKMSignature(token_bindings[0].ec_point,
+ token_bindings[0].signature, ekm));
+ EXPECT_EQ(TokenBindingType::REFERRED, token_bindings[1].type);
+ EXPECT_TRUE(VerifyEKMSignature(token_bindings[1].ec_point,
+ token_bindings[1].signature, ekm));
+ }
+}
+
+// TODO(nharper): Remove this #ifdef and replace SpawnedTestServer with
+// EmbeddedTestServer once crbug.com/599187 is resolved.
+#if !defined(OS_ANDROID)
+TEST_F(TokenBindingURLRequestTest, DontForwardHeaderFromHttp) {
+ SpawnedTestServer http_server(SpawnedTestServer::TYPE_HTTP,
+ SpawnedTestServer::kLocalhost,
+ base::FilePath());
+ ASSERT_TRUE(http_server.Start());
+ SpawnedTestServer::SSLOptions ssl_options;
+ ssl_options.supported_token_binding_params.push_back(TB_PARAM_ECDSAP256);
+ SpawnedTestServer https_test_server(SpawnedTestServer::TYPE_HTTPS,
+ ssl_options,
+ base::FilePath(kTestFilePath));
+ ASSERT_TRUE(https_test_server.Start());
+
+ TestDelegate d;
+ {
+ GURL redirect_url = http_server.GetURL(
+ "forward-tokbind?" + https_test_server.GetURL("tokbind-ekm").spec());
+ scoped_ptr<URLRequest> r(
+ default_context_.CreateRequest(redirect_url, DEFAULT_PRIORITY, &d));
+ r->Start();
+ EXPECT_TRUE(r->is_pending());
+
+ base::RunLoop().Run();
+
+ EXPECT_EQ(URLRequestStatus::SUCCESS, r->status().status());
+
+ HttpRequestHeaders headers;
+ std::string token_binding_header, token_binding_message;
+ EXPECT_TRUE(r->GetFullRequestHeaders(&headers));
+ EXPECT_TRUE(headers.GetHeader(HttpRequestHeaders::kTokenBinding,
+ &token_binding_header));
+ EXPECT_TRUE(base::Base64UrlDecode(
+ token_binding_header, base::Base64UrlDecodePolicy::REQUIRE_PADDING,
+ &token_binding_message));
+ std::vector<TokenBinding> token_bindings;
+ ASSERT_TRUE(
+ ParseTokenBindingMessage(token_binding_message, &token_bindings));
+ ASSERT_EQ(1ull, token_bindings.size());
+
+ EXPECT_GT(d.bytes_received(), 0);
+ std::string ekm = d.data_received();
+
+ EXPECT_EQ(TokenBindingType::PROVIDED, token_bindings[0].type);
+ EXPECT_TRUE(VerifyEKMSignature(token_bindings[0].ec_point,
+ token_bindings[0].signature, ekm));
+ }
+}
+
+// Test that if a server supporting Token Binding redirects (with
+// Include-Referer-Token-Binding-ID) to an https url on a server that does not
+// support Token Binding, then we do not send a Sec-Token-Binding when following
+// the redirect.
+TEST_F(TokenBindingURLRequestTest, ForwardWithoutTokenBinding) {
+ SpawnedTestServer::SSLOptions ssl_options;
+ SpawnedTestServer https_test_server(SpawnedTestServer::TYPE_HTTPS,
+ ssl_options,
+ base::FilePath(kTestFilePath));
+ ASSERT_TRUE(https_test_server.Start());
+ ssl_options.supported_token_binding_params.push_back(TB_PARAM_ECDSAP256);
+ SpawnedTestServer token_binding_test_server(SpawnedTestServer::TYPE_HTTPS,
+ ssl_options,
+ base::FilePath(kTestFilePath));
+ ASSERT_TRUE(token_binding_test_server.Start());
+
+ TestDelegate d;
+ {
+ GURL redirect_url = token_binding_test_server.GetURL(
+ "forward-tokbind?" + https_test_server.GetURL("tokbind-ekm").spec());
+ scoped_ptr<URLRequest> r(
+ default_context_.CreateRequest(redirect_url, DEFAULT_PRIORITY, &d));
+ r->Start();
+ EXPECT_TRUE(r->is_pending());
+
+ base::RunLoop().Run();
+
+ EXPECT_EQ(URLRequestStatus::SUCCESS, r->status().status());
+
+ HttpRequestHeaders headers;
+ std::string token_binding_header, token_binding_message;
+ EXPECT_TRUE(r->GetFullRequestHeaders(&headers));
+ EXPECT_FALSE(headers.GetHeader(HttpRequestHeaders::kTokenBinding,
+ &token_binding_header));
+ }
+}
+#endif // !defined(OS_ANDROID)
#endif // !defined(OS_IOS)
// In this unit test, we're using the HTTPTestServer as a proxy server and
« no previous file with comments | « net/url_request/url_request_job.cc ('k') | third_party/tlslite/README.chromium » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698