Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(306)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: components/cronet/android/test/javatests/src/org/chromium/net/PkpTest.java

Issue 1817553002: Add host resolver rules experimental flag for Cronet (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: delete unused definitions, rebase, and fix test Created 4 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « components/cronet/android/test/javatests/src/org/chromium/net/CronetUrlRequestContextTest.java ('k') | components/cronet/android/test/javatests/src/org/chromium/net/QuicTest.java » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 The Chromium Authors. All rights reserved. 1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 package org.chromium.net; 5 package org.chromium.net;
6 6
7 import android.test.suitebuilder.annotation.SmallTest; 7 import android.test.suitebuilder.annotation.SmallTest;
8 8
9 import org.chromium.base.test.util.Feature; 9 import org.chromium.base.test.util.Feature;
10 import org.chromium.net.test.util.CertTestUtil; 10 import org.chromium.net.test.util.CertTestUtil;
(...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after
65 * @throws Exception 65 * @throws Exception
66 */ 66 */
67 @SmallTest 67 @SmallTest
68 @Feature({"Cronet"}) 68 @Feature({"Cronet"})
69 @OnlyRunNativeCronet 69 @OnlyRunNativeCronet
70 public void testErrorCodeIfPinDoesNotMatch() throws Exception { 70 public void testErrorCodeIfPinDoesNotMatch() throws Exception {
71 createCronetEngineBuilder(ENABLE_PINNING_BYPASS_FOR_LOCAL_ANCHORS, KNOWN _ROOT); 71 createCronetEngineBuilder(ENABLE_PINNING_BYPASS_FOR_LOCAL_ANCHORS, KNOWN _ROOT);
72 byte[] nonMatchingHash = generateSomeSha256(); 72 byte[] nonMatchingHash = generateSomeSha256();
73 addPkpSha256(mServerHost, nonMatchingHash, EXCLUDE_SUBDOMAINS, DISTANT_F UTURE); 73 addPkpSha256(mServerHost, nonMatchingHash, EXCLUDE_SUBDOMAINS, DISTANT_F UTURE);
74 startCronetFramework(); 74 startCronetFramework();
75 registerHostResolver(mTestFramework);
76 sendRequestAndWaitForResult(); 75 sendRequestAndWaitForResult();
77 76
78 assertErrorResponse(); 77 assertErrorResponse();
79 } 78 }
80 79
81 /** 80 /**
82 * Tests the case when the pin hash matches. The client is expected to 81 * Tests the case when the pin hash matches. The client is expected to
83 * receive the successful response with the response code 200. 82 * receive the successful response with the response code 200.
84 * 83 *
85 * @throws Exception 84 * @throws Exception
86 */ 85 */
87 @SmallTest 86 @SmallTest
88 @Feature({"Cronet"}) 87 @Feature({"Cronet"})
89 @OnlyRunNativeCronet 88 @OnlyRunNativeCronet
90 public void testSuccessIfPinMatches() throws Exception { 89 public void testSuccessIfPinMatches() throws Exception {
91 createCronetEngineBuilder(ENABLE_PINNING_BYPASS_FOR_LOCAL_ANCHORS, KNOWN _ROOT); 90 createCronetEngineBuilder(ENABLE_PINNING_BYPASS_FOR_LOCAL_ANCHORS, KNOWN _ROOT);
92 // Get PKP hash of the real certificate 91 // Get PKP hash of the real certificate
93 X509Certificate cert = readCertFromFileInPemFormat(CERT_USED); 92 X509Certificate cert = readCertFromFileInPemFormat(CERT_USED);
94 byte[] matchingHash = CertTestUtil.getPublicKeySha256(cert); 93 byte[] matchingHash = CertTestUtil.getPublicKeySha256(cert);
95 94
96 addPkpSha256(mServerHost, matchingHash, EXCLUDE_SUBDOMAINS, DISTANT_FUTU RE); 95 addPkpSha256(mServerHost, matchingHash, EXCLUDE_SUBDOMAINS, DISTANT_FUTU RE);
97 startCronetFramework(); 96 startCronetFramework();
98 registerHostResolver(mTestFramework);
99 sendRequestAndWaitForResult(); 97 sendRequestAndWaitForResult();
100 98
101 assertSuccessfulResponse(); 99 assertSuccessfulResponse();
102 } 100 }
103 101
104 /** 102 /**
105 * Tests the case when the pin hash does not match and the client accesses t he subdomain of 103 * Tests the case when the pin hash does not match and the client accesses t he subdomain of
106 * the configured PKP host with includeSubdomains flag set to true. The clie nt is 104 * the configured PKP host with includeSubdomains flag set to true. The clie nt is
107 * expected to receive the error response. 105 * expected to receive the error response.
108 * 106 *
109 * @throws Exception 107 * @throws Exception
110 */ 108 */
111 @SmallTest 109 @SmallTest
112 @Feature({"Cronet"}) 110 @Feature({"Cronet"})
113 @OnlyRunNativeCronet 111 @OnlyRunNativeCronet
114 public void testIncludeSubdomainsFlagEqualTrue() throws Exception { 112 public void testIncludeSubdomainsFlagEqualTrue() throws Exception {
115 createCronetEngineBuilder(ENABLE_PINNING_BYPASS_FOR_LOCAL_ANCHORS, KNOWN _ROOT); 113 createCronetEngineBuilder(ENABLE_PINNING_BYPASS_FOR_LOCAL_ANCHORS, KNOWN _ROOT);
116 byte[] nonMatchingHash = generateSomeSha256(); 114 byte[] nonMatchingHash = generateSomeSha256();
117 addPkpSha256(mDomain, nonMatchingHash, INCLUDE_SUBDOMAINS, DISTANT_FUTUR E); 115 addPkpSha256(mDomain, nonMatchingHash, INCLUDE_SUBDOMAINS, DISTANT_FUTUR E);
118 startCronetFramework(); 116 startCronetFramework();
119 registerHostResolver(mTestFramework);
120 sendRequestAndWaitForResult(); 117 sendRequestAndWaitForResult();
121 118
122 assertErrorResponse(); 119 assertErrorResponse();
123 } 120 }
124 121
125 /** 122 /**
126 * Tests the case when the pin hash does not match and the client accesses t he subdomain of 123 * Tests the case when the pin hash does not match and the client accesses t he subdomain of
127 * the configured PKP host with includeSubdomains flag set to false. The cli ent is expected to 124 * the configured PKP host with includeSubdomains flag set to false. The cli ent is expected to
128 * receive the successful response with the response code 200. 125 * receive the successful response with the response code 200.
129 * 126 *
130 * @throws Exception 127 * @throws Exception
131 */ 128 */
132 @SmallTest 129 @SmallTest
133 @Feature({"Cronet"}) 130 @Feature({"Cronet"})
134 @OnlyRunNativeCronet 131 @OnlyRunNativeCronet
135 public void testIncludeSubdomainsFlagEqualFalse() throws Exception { 132 public void testIncludeSubdomainsFlagEqualFalse() throws Exception {
136 createCronetEngineBuilder(ENABLE_PINNING_BYPASS_FOR_LOCAL_ANCHORS, KNOWN _ROOT); 133 createCronetEngineBuilder(ENABLE_PINNING_BYPASS_FOR_LOCAL_ANCHORS, KNOWN _ROOT);
137 byte[] nonMatchingHash = generateSomeSha256(); 134 byte[] nonMatchingHash = generateSomeSha256();
138 addPkpSha256(mDomain, nonMatchingHash, EXCLUDE_SUBDOMAINS, DISTANT_FUTUR E); 135 addPkpSha256(mDomain, nonMatchingHash, EXCLUDE_SUBDOMAINS, DISTANT_FUTUR E);
139 startCronetFramework(); 136 startCronetFramework();
140 registerHostResolver(mTestFramework);
141 sendRequestAndWaitForResult(); 137 sendRequestAndWaitForResult();
142 138
143 assertSuccessfulResponse(); 139 assertSuccessfulResponse();
144 } 140 }
145 141
146 /** 142 /**
147 * Tests the case when the mismatching pin is set for some host that is diff erent from the one 143 * Tests the case when the mismatching pin is set for some host that is diff erent from the one
148 * the client wants to access. In that case the other host pinning policy sh ould not be applied 144 * the client wants to access. In that case the other host pinning policy sh ould not be applied
149 * and the client is expected to receive the successful response with the re sponse code 200. 145 * and the client is expected to receive the successful response with the re sponse code 200.
150 * 146 *
151 * @throws Exception 147 * @throws Exception
152 */ 148 */
153 @SmallTest 149 @SmallTest
154 @Feature({"Cronet"}) 150 @Feature({"Cronet"})
155 @OnlyRunNativeCronet 151 @OnlyRunNativeCronet
156 public void testSuccessIfNoPinSpecified() throws Exception { 152 public void testSuccessIfNoPinSpecified() throws Exception {
157 createCronetEngineBuilder(ENABLE_PINNING_BYPASS_FOR_LOCAL_ANCHORS, KNOWN _ROOT); 153 createCronetEngineBuilder(ENABLE_PINNING_BYPASS_FOR_LOCAL_ANCHORS, KNOWN _ROOT);
158 byte[] nonMatchingHash = generateSomeSha256(); 154 byte[] nonMatchingHash = generateSomeSha256();
159 addPkpSha256("otherhost.com", nonMatchingHash, INCLUDE_SUBDOMAINS, DISTA NT_FUTURE); 155 addPkpSha256("otherhost.com", nonMatchingHash, INCLUDE_SUBDOMAINS, DISTA NT_FUTURE);
160 startCronetFramework(); 156 startCronetFramework();
161 registerHostResolver(mTestFramework);
162 sendRequestAndWaitForResult(); 157 sendRequestAndWaitForResult();
163 158
164 assertSuccessfulResponse(); 159 assertSuccessfulResponse();
165 } 160 }
166 161
167 /** 162 /**
168 * Tests mismatching pins that will expire in 10 seconds. The pins should be still valid and 163 * Tests mismatching pins that will expire in 10 seconds. The pins should be still valid and
169 * enforced during the request; thus returning PIN mismatch error. 164 * enforced during the request; thus returning PIN mismatch error.
170 * 165 *
171 * @throws Exception 166 * @throws Exception
172 */ 167 */
173 @SmallTest 168 @SmallTest
174 @Feature({"Cronet"}) 169 @Feature({"Cronet"})
175 @OnlyRunNativeCronet 170 @OnlyRunNativeCronet
176 public void testSoonExpiringPin() throws Exception { 171 public void testSoonExpiringPin() throws Exception {
177 createCronetEngineBuilder(ENABLE_PINNING_BYPASS_FOR_LOCAL_ANCHORS, KNOWN _ROOT); 172 createCronetEngineBuilder(ENABLE_PINNING_BYPASS_FOR_LOCAL_ANCHORS, KNOWN _ROOT);
178 final int tenSecondsAhead = 10; 173 final int tenSecondsAhead = 10;
179 byte[] nonMatchingHash = generateSomeSha256(); 174 byte[] nonMatchingHash = generateSomeSha256();
180 addPkpSha256(mServerHost, nonMatchingHash, EXCLUDE_SUBDOMAINS, tenSecond sAhead); 175 addPkpSha256(mServerHost, nonMatchingHash, EXCLUDE_SUBDOMAINS, tenSecond sAhead);
181 startCronetFramework(); 176 startCronetFramework();
182 registerHostResolver(mTestFramework);
183 sendRequestAndWaitForResult(); 177 sendRequestAndWaitForResult();
184 178
185 assertErrorResponse(); 179 assertErrorResponse();
186 } 180 }
187 181
188 /** 182 /**
189 * Tests mismatching pins that expired 1 second ago. Since the pins have exp ired, they 183 * Tests mismatching pins that expired 1 second ago. Since the pins have exp ired, they
190 * should not be enforced during the request; thus a successful response is expected. 184 * should not be enforced during the request; thus a successful response is expected.
191 * 185 *
192 * @throws Exception 186 * @throws Exception
193 */ 187 */
194 @SmallTest 188 @SmallTest
195 @Feature({"Cronet"}) 189 @Feature({"Cronet"})
196 @OnlyRunNativeCronet 190 @OnlyRunNativeCronet
197 public void testRecentlyExpiredPin() throws Exception { 191 public void testRecentlyExpiredPin() throws Exception {
198 createCronetEngineBuilder(ENABLE_PINNING_BYPASS_FOR_LOCAL_ANCHORS, KNOWN _ROOT); 192 createCronetEngineBuilder(ENABLE_PINNING_BYPASS_FOR_LOCAL_ANCHORS, KNOWN _ROOT);
199 final int oneSecondAgo = -1; 193 final int oneSecondAgo = -1;
200 byte[] nonMatchingHash = generateSomeSha256(); 194 byte[] nonMatchingHash = generateSomeSha256();
201 addPkpSha256(mServerHost, nonMatchingHash, EXCLUDE_SUBDOMAINS, oneSecond Ago); 195 addPkpSha256(mServerHost, nonMatchingHash, EXCLUDE_SUBDOMAINS, oneSecond Ago);
202 startCronetFramework(); 196 startCronetFramework();
203 registerHostResolver(mTestFramework);
204 sendRequestAndWaitForResult(); 197 sendRequestAndWaitForResult();
205 198
206 assertSuccessfulResponse(); 199 assertSuccessfulResponse();
207 } 200 }
208 201
209 /** 202 /**
210 * Tests that the pinning of local trust anchors is enforced when pinning by pass for local 203 * Tests that the pinning of local trust anchors is enforced when pinning by pass for local
211 * trust anchors is disabled. 204 * trust anchors is disabled.
212 * 205 *
213 * @throws Exception 206 * @throws Exception
214 */ 207 */
215 @SmallTest 208 @SmallTest
216 @Feature({"Cronet"}) 209 @Feature({"Cronet"})
217 public void testLocalTrustAnchorPinningEnforced() throws Exception { 210 public void testLocalTrustAnchorPinningEnforced() throws Exception {
218 createCronetEngineBuilder(DISABLE_PINNING_BYPASS_FOR_LOCAL_ANCHORS, UNKN OWN_ROOT); 211 createCronetEngineBuilder(DISABLE_PINNING_BYPASS_FOR_LOCAL_ANCHORS, UNKN OWN_ROOT);
219 byte[] nonMatchingHash = generateSomeSha256(); 212 byte[] nonMatchingHash = generateSomeSha256();
220 addPkpSha256(mServerHost, nonMatchingHash, EXCLUDE_SUBDOMAINS, DISTANT_F UTURE); 213 addPkpSha256(mServerHost, nonMatchingHash, EXCLUDE_SUBDOMAINS, DISTANT_F UTURE);
221 startCronetFramework(); 214 startCronetFramework();
222 registerHostResolver(mTestFramework);
223 sendRequestAndWaitForResult(); 215 sendRequestAndWaitForResult();
224 216
225 assertErrorResponse(); 217 assertErrorResponse();
226 } 218 }
227 219
228 /** 220 /**
229 * Tests that the pinning of local trust anchors is not enforced when pinnin g bypass for local 221 * Tests that the pinning of local trust anchors is not enforced when pinnin g bypass for local
230 * trust anchors is enabled. 222 * trust anchors is enabled.
231 * 223 *
232 * @throws Exception 224 * @throws Exception
233 */ 225 */
234 @SmallTest 226 @SmallTest
235 @Feature({"Cronet"}) 227 @Feature({"Cronet"})
236 public void testLocalTrustAnchorPinningNotEnforced() throws Exception { 228 public void testLocalTrustAnchorPinningNotEnforced() throws Exception {
237 createCronetEngineBuilder(ENABLE_PINNING_BYPASS_FOR_LOCAL_ANCHORS, UNKNO WN_ROOT); 229 createCronetEngineBuilder(ENABLE_PINNING_BYPASS_FOR_LOCAL_ANCHORS, UNKNO WN_ROOT);
238 byte[] nonMatchingHash = generateSomeSha256(); 230 byte[] nonMatchingHash = generateSomeSha256();
239 addPkpSha256(mServerHost, nonMatchingHash, EXCLUDE_SUBDOMAINS, DISTANT_F UTURE); 231 addPkpSha256(mServerHost, nonMatchingHash, EXCLUDE_SUBDOMAINS, DISTANT_F UTURE);
240 startCronetFramework(); 232 startCronetFramework();
241 registerHostResolver(mTestFramework);
242 sendRequestAndWaitForResult(); 233 sendRequestAndWaitForResult();
243 234
244 assertSuccessfulResponse(); 235 assertSuccessfulResponse();
245 } 236 }
246 237
247 /** 238 /**
248 * Tests that host pinning is not persisted between multiple CronetEngine in stances. 239 * Tests that host pinning is not persisted between multiple CronetEngine in stances.
249 * 240 *
250 * @throws Exception 241 * @throws Exception
251 */ 242 */
252 @SmallTest 243 @SmallTest
253 @Feature({"Cronet"}) 244 @Feature({"Cronet"})
254 @OnlyRunNativeCronet 245 @OnlyRunNativeCronet
255 public void testPinsAreNotPersisted() throws Exception { 246 public void testPinsAreNotPersisted() throws Exception {
256 createCronetEngineBuilder(ENABLE_PINNING_BYPASS_FOR_LOCAL_ANCHORS, KNOWN _ROOT); 247 createCronetEngineBuilder(ENABLE_PINNING_BYPASS_FOR_LOCAL_ANCHORS, KNOWN _ROOT);
257 byte[] nonMatchingHash = generateSomeSha256(); 248 byte[] nonMatchingHash = generateSomeSha256();
258 addPkpSha256(mServerHost, nonMatchingHash, EXCLUDE_SUBDOMAINS, DISTANT_F UTURE); 249 addPkpSha256(mServerHost, nonMatchingHash, EXCLUDE_SUBDOMAINS, DISTANT_F UTURE);
259 startCronetFramework(); 250 startCronetFramework();
260 registerHostResolver(mTestFramework);
261 sendRequestAndWaitForResult(); 251 sendRequestAndWaitForResult();
262 assertErrorResponse(); 252 assertErrorResponse();
263 shutdownCronetEngine(); 253 shutdownCronetEngine();
264 254
265 // Restart Cronet engine and try the same request again. Since the pins are not persisted, 255 // Restart Cronet engine and try the same request again. Since the pins are not persisted,
266 // a successful response is expected. 256 // a successful response is expected.
267 createCronetEngineBuilder(ENABLE_PINNING_BYPASS_FOR_LOCAL_ANCHORS, KNOWN _ROOT); 257 createCronetEngineBuilder(ENABLE_PINNING_BYPASS_FOR_LOCAL_ANCHORS, KNOWN _ROOT);
268 startCronetFramework(); 258 startCronetFramework();
269 registerHostResolver(mTestFramework);
270 sendRequestAndWaitForResult(); 259 sendRequestAndWaitForResult();
271 assertSuccessfulResponse(); 260 assertSuccessfulResponse();
272 } 261 }
273 262
274 /** 263 /**
275 * Tests that the client receives {@code InvalidArgumentException} when the pinned host name 264 * Tests that the client receives {@code InvalidArgumentException} when the pinned host name
276 * is invalid. 265 * is invalid.
277 * 266 *
278 * @throws Exception 267 * @throws Exception
279 */ 268 */
(...skipping 117 matching lines...) Expand 10 before | Expand all | Expand 10 after
397 386
398 private void createCronetEngineBuilder(boolean bypassPinningForLocalAnchors, boolean knownRoot) 387 private void createCronetEngineBuilder(boolean bypassPinningForLocalAnchors, boolean knownRoot)
399 throws Exception { 388 throws Exception {
400 // Set common CronetEngine parameters 389 // Set common CronetEngine parameters
401 mBuilder = new CronetEngine.Builder(getContext()); 390 mBuilder = new CronetEngine.Builder(getContext());
402 mBuilder.enablePublicKeyPinningBypassForLocalTrustAnchors(bypassPinningF orLocalAnchors); 391 mBuilder.enablePublicKeyPinningBypassForLocalTrustAnchors(bypassPinningF orLocalAnchors);
403 mBuilder.enableQuic(true); 392 mBuilder.enableQuic(true);
404 mBuilder.addQuicHint(QuicTestServer.getServerHost(), QuicTestServer.getS erverPort(), 393 mBuilder.addQuicHint(QuicTestServer.getServerHost(), QuicTestServer.getS erverPort(),
405 QuicTestServer.getServerPort()); 394 QuicTestServer.getServerPort());
406 JSONObject quicParams = new JSONObject().put("host_whitelist", "test.exa mple.com"); 395 JSONObject quicParams = new JSONObject().put("host_whitelist", "test.exa mple.com");
407 JSONObject experimentalOptions = new JSONObject().put("QUIC", quicParams ); 396 JSONObject hostResolverParams = CronetTestUtil.generateHostResolverRules ();
397 JSONObject experimentalOptions = new JSONObject()
398 .put("QUIC", quicParams)
399 .put("HostResolverRules", hostR esolverParams);
408 mBuilder.setExperimentalOptions(experimentalOptions.toString()); 400 mBuilder.setExperimentalOptions(experimentalOptions.toString());
409 mBuilder.setStoragePath(CronetTestFramework.getTestStorage(getContext()) ); 401 mBuilder.setStoragePath(CronetTestFramework.getTestStorage(getContext()) );
410 mBuilder.enableHttpCache(CronetEngine.Builder.HTTP_CACHE_DISK_NO_HTTP, 1 000 * 1024); 402 mBuilder.enableHttpCache(CronetEngine.Builder.HTTP_CACHE_DISK_NO_HTTP, 1 000 * 1024);
411 mBuilder.setMockCertVerifierForTesting( 403 mBuilder.setMockCertVerifierForTesting(
412 MockCertVerifier.createMockCertVerifier(CERTS_USED, knownRoot)); 404 MockCertVerifier.createMockCertVerifier(CERTS_USED, knownRoot));
413 } 405 }
414 406
415 private void startCronetFramework() { 407 private void startCronetFramework() {
416 mTestFramework = startCronetTestFrameworkWithUrlAndCronetEngineBuilder(n ull, mBuilder); 408 mTestFramework = startCronetTestFrameworkWithUrlAndCronetEngineBuilder(n ull, mBuilder);
417 } 409 }
(...skipping 71 matching lines...) Expand 10 before | Expand all | Expand 10 after
489 if (!shouldThrowNpe) { 481 if (!shouldThrowNpe) {
490 fail("Null pointer exception was not expected: " + ex.toString() ); 482 fail("Null pointer exception was not expected: " + ex.toString() );
491 } 483 }
492 return; 484 return;
493 } 485 }
494 if (shouldThrowNpe) { 486 if (shouldThrowNpe) {
495 fail("NullPointerException was expected"); 487 fail("NullPointerException was expected");
496 } 488 }
497 } 489 }
498 } 490 }
OLDNEW
« no previous file with comments | « components/cronet/android/test/javatests/src/org/chromium/net/CronetUrlRequestContextTest.java ('k') | components/cronet/android/test/javatests/src/org/chromium/net/QuicTest.java » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698