Chromium Code Reviews Chromium Code Reviews
Issue 1968053002:
Certificate Transparency: Notify STH Observers of known STHs (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| (Empty) | |
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "net/cert/sth_distributor.h" | |
| 6 | |
| 7 #include <map> | |
| 8 #include <string> | |
| 9 | |
| 10 #include "base/test/histogram_tester.h" | |
| 11 #include "crypto/sha2.h" | |
| 12 #include "net/cert/signed_tree_head.h" | |
| 13 #include "net/cert/sth_observer.h" | |
| 14 #include "net/test/ct_test_util.h" | |
| 15 #include "testing/gtest/include/gtest/gtest.h" | |
| 16 | |
| 17 namespace net { | |
| 18 | |
| 19 namespace ct { | |
| 20 | |
| 21 namespace { | |
| 22 | |
| 23 // An STHObserver implementation that simply stores all | |
| 24 // observed STHs, keyed by log ID. | |
| 25 class StoringSTHObserver : public STHObserver { | |
| 26 public: | |
| 27 void NewSTHObserved(const SignedTreeHead& sth) override { | |
| 28 sths[sth.log_id] = sth; | |
| 29 } | |
| 30 | |
| 31 std::map<std::string, SignedTreeHead> sths; | |
| 32 }; | |
| 33 | |
| 34 class STHDistributorTest : public ::testing::Test { | |
| 35 public: | |
| 36 STHDistributorTest() {} | |
| 37 | |
| 38 void SetUp() override { | |
| 39 ASSERT_TRUE(GetSampleSignedTreeHead(&sample_sth_)); | |
| 40 sample_sth_.log_id = GetTestPublicKeyId(); | |
| 41 } | |
| 42 | |
| 43 protected: | |
| 44 STHDistributor distributor_; | |
| 45 SignedTreeHead sample_sth_; | |
| 46 }; | |
| 47 | |
| 48 // Test that when a new observer is registered, the STHDistributor notifies it | |
| 49 // of all the observed STHs it received so far. | |
| 50 // This test makes sure that all observed STHs are reported to the observer. | |
| 51 TEST_F(STHDistributorTest, NotifiesOfExistingSTHs) { | |
| 52 // Create an STH that differs from the |sample_sth_| by belonging to a | |
| 53 // different log. | |
| 54 const std::string other_log = "another log"; | |
| 55 SignedTreeHead second_sth(sample_sth_); | |
| 56 second_sth.log_id = other_log; | |
| 57 | |
| 58 // Notify |distributor_| of both STHs. | |
| 59 distributor_.NewSTHObserved(sample_sth_); | |
| 60 distributor_.NewSTHObserved(second_sth); | |
| 61 | |
| 62 StoringSTHObserver observer; | |
| 63 distributor_.RegisterObserver(&observer); | |
| 64 | |
| 65 // Check that two STHs from different logs received prior to observer | |
| 66 // registration were reported to the observer once registered. | |
| 67 EXPECT_EQ(2u, observer.sths.size()); | |
| 68 EXPECT_EQ(1u, observer.sths.count(other_log)); | |
| 69 } | |
| 70 | |
| 71 // Test that histograms are properly recorded for the STH age when an STH | |
| 72 // from Google's Pilot log is observed. | |
| 73 TEST_F(STHDistributorTest, LogsUMAForPilotSTH) { | |
| 74 const char kPilotSTHAgeHistogram[] = | |
| 75 "Net.CertificateTransparency.PilotSTHAge"; | |
| 76 base::HistogramTester histograms; | |
| 77 histograms.ExpectTotalCount(kPilotSTHAgeHistogram, 0); | |
| 78 | |
| 79 const uint8_t kPilotLogID[] = { | |
| 80 0xa4, 0xb9, 0x09, 0x90, 0xb4, 0x18, 0x58, 0x14, 0x87, 0xbb, 0x13, | |
| 81 0xa2, 0xcc, 0x67, 0x70, 0x0a, 0x3c, 0x35, 0x98, 0x04, 0xf9, 0x1b, | |
| 82 0xdf, 0xb8, 0xe3, 0x77, 0xcd, 0x0e, 0xc8, 0x0d, 0xdc, 0x10}; | |
| 83 sample_sth_.log_id = std::string(reinterpret_cast<const char*>(kPilotLogID), | |
| 84 crypto::kSHA256Length); | |
| 85 | |
| 86 distributor_.NewSTHObserved(sample_sth_); | |
| 87 histograms.ExpectTotalCount(kPilotSTHAgeHistogram, 1); | |
| 88 } | |
| 89 | |
| 90 // Test that the STHDistributor updates, rather than accumulates, STHs | |
| 91 // coming from the same log. | |
| 92 // This is tested by notifying the STHDistributor of an STH, modifying that | |
| 93 // STH, notifying the STHDistributor of the modified STH, then registering | |
| 94 // an observer which should get notified only once, with the modified STH. | |
| 95 TEST_F(STHDistributorTest, UpdatesObservedSTHData) { | |
| 96 // Observe an initial STH | |
| 97 StoringSTHObserver observer; | |
| 98 distributor_.RegisterObserver(&observer); | |
| 99 | |
| 100 distributor_.NewSTHObserved(sample_sth_); | |
| 101 | |
| 102 EXPECT_EQ(1u, observer.sths.size()); | |
| 103 EXPECT_EQ(sample_sth_, observer.sths[GetTestPublicKeyId()]); | |
| 104 | |
| 105 // Observe a new STH. "new" simply means that it is a more recently observed | |
| 106 // SignedTreeHead for the given log ID, not necessarily that it's newer | |
| 107 // chronologically (the timestamp) or the log state (the tree size). | |
| 108 // To make sure the more recently observed SignedTreeHead is returned, just | |
| 109 // modify some fields. | |
| 110 SignedTreeHead new_sth = sample_sth_; | |
| 111 new_sth.tree_size++; | |
| 112 new_sth.timestamp -= base::TimeDelta::FromSeconds(3); | |
| 113 | |
| 114 distributor_.NewSTHObserved(new_sth); | |
| 115 // The STH should have been broadcast to existing observers. | |
| 116 EXPECT_EQ(1u, observer.sths.size()); | |
| 117 EXPECT_NE(sample_sth_, observer.sths[GetTestPublicKeyId()]); | |
| 118 EXPECT_EQ(new_sth, observer.sths[GetTestPublicKeyId()]); | |
| 119 | |
| 120 // Registering a new observer should only receive the most recently observed | |
| 121 // STH | |
|
Ryan Sleevi
2016/05/17 22:20:16
grammar: STH. (end with a period/full-stop)
Eran Messeri
2016/05/18 10:37:20
Done.
| |
| 122 StoringSTHObserver new_observer; | |
| 123 distributor_.RegisterObserver(&new_observer); | |
| 124 EXPECT_EQ(1u, new_observer.sths.size()); | |
| 125 EXPECT_NE(sample_sth_, new_observer.sths[GetTestPublicKeyId()]); | |
| 126 EXPECT_EQ(new_sth, new_observer.sths[GetTestPublicKeyId()]); | |
| 127 } | |
| 128 | |
| 129 } // namespace | |
| 130 | |
| 131 } // namespace ct | |
| 132 | |
| 133 } // namespace net | |
| OLD | NEW |
