OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/http/transport_security_state.h" | 5 #include "net/http/transport_security_state.h" |
6 | 6 |
7 #include <algorithm> | 7 #include <algorithm> |
8 #include <string> | 8 #include <string> |
9 #include <vector> | 9 #include <vector> |
10 | 10 |
11 #include "base/base64.h" | 11 #include "base/base64.h" |
12 #include "base/files/file_path.h" | 12 #include "base/files/file_path.h" |
13 #include "base/json/json_reader.h" | 13 #include "base/json/json_reader.h" |
14 #include "base/rand_util.h" | 14 #include "base/rand_util.h" |
15 #include "base/sha1.h" | 15 #include "base/sha1.h" |
16 #include "base/strings/string_piece.h" | 16 #include "base/strings/string_piece.h" |
17 #include "base/test/histogram_tester.h" | 17 #include "base/test/histogram_tester.h" |
18 #include "base/values.h" | 18 #include "base/values.h" |
19 #include "crypto/openssl_util.h" | 19 #include "crypto/openssl_util.h" |
20 #include "crypto/sha2.h" | 20 #include "crypto/sha2.h" |
21 #include "net/base/host_port_pair.h" | 21 #include "net/base/host_port_pair.h" |
22 #include "net/base/net_errors.h" | 22 #include "net/base/net_errors.h" |
23 #include "net/base/test_completion_callback.h" | 23 #include "net/base/test_completion_callback.h" |
24 #include "net/base/test_data_directory.h" | 24 #include "net/base/test_data_directory.h" |
25 #include "net/cert/asn1_util.h" | 25 #include "net/cert/asn1_util.h" |
26 #include "net/cert/cert_verifier.h" | 26 #include "net/cert/cert_verifier.h" |
27 #include "net/cert/cert_verify_result.h" | 27 #include "net/cert/cert_verify_result.h" |
28 #include "net/cert/ct_policy_status.h" | 28 #include "net/cert/ct_policy_status.h" |
29 #include "net/cert/internal/test_helpers.h" | |
29 #include "net/cert/test_root_certs.h" | 30 #include "net/cert/test_root_certs.h" |
30 #include "net/cert/x509_cert_types.h" | 31 #include "net/cert/x509_cert_types.h" |
31 #include "net/cert/x509_certificate.h" | 32 #include "net/cert/x509_certificate.h" |
32 #include "net/http/http_util.h" | 33 #include "net/http/http_util.h" |
33 #include "net/log/net_log.h" | 34 #include "net/log/net_log.h" |
34 #include "net/ssl/ssl_info.h" | 35 #include "net/ssl/ssl_info.h" |
35 #include "net/test/cert_test_util.h" | 36 #include "net/test/cert_test_util.h" |
36 #include "testing/gtest/include/gtest/gtest.h" | 37 #include "testing/gtest/include/gtest/gtest.h" |
37 | 38 |
38 namespace net { | 39 namespace net { |
(...skipping 1805 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1844 state.ProcessExpectCTHeader("preload", host_port, ssl_info); | 1845 state.ProcessExpectCTHeader("preload", host_port, ssl_info); |
1845 EXPECT_EQ(1u, reporter.num_failures()); | 1846 EXPECT_EQ(1u, reporter.num_failures()); |
1846 EXPECT_TRUE(reporter.ssl_info().ct_compliance_details_available); | 1847 EXPECT_TRUE(reporter.ssl_info().ct_compliance_details_available); |
1847 EXPECT_EQ(ssl_info.ct_cert_policy_compliance, | 1848 EXPECT_EQ(ssl_info.ct_cert_policy_compliance, |
1848 reporter.ssl_info().ct_cert_policy_compliance); | 1849 reporter.ssl_info().ct_cert_policy_compliance); |
1849 EXPECT_EQ(host_port.host(), reporter.host_port_pair().host()); | 1850 EXPECT_EQ(host_port.host(), reporter.host_port_pair().host()); |
1850 EXPECT_EQ(host_port.port(), reporter.host_port_pair().port()); | 1851 EXPECT_EQ(host_port.port(), reporter.host_port_pair().port()); |
1851 EXPECT_EQ(GURL(kExpectCTStaticReportURI), reporter.report_uri()); | 1852 EXPECT_EQ(GURL(kExpectCTStaticReportURI), reporter.report_uri()); |
1852 } | 1853 } |
1853 | 1854 |
1855 static const char kOCSPPathPrefix[] = "net/data/parse_ocsp_unittest/"; | |
svaldez
2016/06/13 14:03:04
Doesn't need to be static?
dadrian
2016/06/13 23:03:32
Done.
| |
1856 | |
1857 class MockExpectStapleReportSender : public MockCertificateReportSender { | |
1858 public: | |
1859 bool ReportSent() { return latest_report() != ""; } | |
1860 }; | |
1861 | |
1862 class ExpectStapleTest : public TransportSecurityStateTest { | |
1863 public: | |
1864 void SetUp() override { | |
1865 TransportSecurityStateTest::SetUp(); | |
1866 security_state_.SetReportSender(&report_sender_); | |
1867 EnableStaticExpectStaple(&security_state_); | |
1868 } | |
1869 | |
1870 struct OCSPTest { | |
1871 std::string ocsp_response; | |
1872 scoped_refptr<X509Certificate> certificate; | |
1873 }; | |
1874 | |
1875 static bool LoadOCSPFromFile(std::string file_name, OCSPTest* ocsp) { | |
1876 std::string ca_data; | |
1877 std::string cert_data; | |
1878 const PemBlockMapping mappings[] = { | |
1879 {"OCSP RESPONSE", &ocsp->ocsp_response}, | |
1880 {"CA CERTIFICATE", &ca_data}, | |
1881 {"CERTIFICATE", &cert_data}, | |
1882 }; | |
1883 std::string full_path = std::string(kOCSPPathPrefix) + file_name; | |
1884 if (!ReadTestDataFromPemFile(full_path, mappings)) | |
1885 return false; | |
1886 | |
1887 // Parse the server certificate | |
1888 CertificateList server_cert_list = | |
1889 X509Certificate::CreateCertificateListFromBytes( | |
1890 cert_data.data(), cert_data.size(), | |
1891 X509Certificate::FORMAT_SINGLE_CERTIFICATE); | |
1892 ocsp->certificate = server_cert_list[0]; | |
1893 return true; | |
1894 } | |
1895 | |
1896 static TransportSecurityState::ExpectStapleState | |
1897 GetDefaultExpectStapleState() { | |
1898 TransportSecurityState::ExpectStapleState state; | |
1899 state.domain = "example.com"; // Doesn't matter | |
svaldez
2016/06/13 14:03:04
Can you use kHost?
dadrian
2016/06/13 23:03:32
Done.
| |
1900 state.report_uri = GURL("reports.example.com/expect-staple"); | |
svaldez
2016/06/13 14:03:04
Use constant.
dadrian
2016/06/13 23:03:32
Done.
| |
1901 state.include_subdomains = false; | |
1902 return state; | |
1903 } | |
1904 | |
1905 protected: | |
1906 void CheckExpectStaple(const OCSPTest& ocsp) { | |
1907 TransportSecurityState::ExpectStapleState expect_staple_state = | |
1908 GetDefaultExpectStapleState(); | |
1909 HostPortPair host_port(kExpectCTStaticHostname, 443); | |
1910 security_state_.CheckExpectStaple(host_port, expect_staple_state, | |
1911 *ocsp.certificate, ocsp.ocsp_response); | |
1912 } | |
1913 | |
1914 TransportSecurityState security_state_; | |
1915 MockExpectStapleReportSender report_sender_; | |
1916 }; | |
1917 | |
1918 TEST_F(ExpectStapleTest, Valid) { | |
1919 OCSPTest ocsp; | |
1920 ASSERT_TRUE(LoadOCSPFromFile("good_response.pem", &ocsp)); | |
1921 CheckExpectStaple(ocsp); | |
1922 EXPECT_FALSE(report_sender_.ReportSent()); | |
1923 }; | |
1924 | |
1925 TEST_F(ExpectStapleTest, ValidWithExtension) { | |
1926 OCSPTest ocsp; | |
1927 ASSERT_TRUE(LoadOCSPFromFile("has_extension.pem", &ocsp)); | |
1928 CheckExpectStaple(ocsp); | |
1929 EXPECT_FALSE(report_sender_.ReportSent()); | |
1930 }; | |
1931 | |
1932 TEST_F(ExpectStapleTest, MissingSingleResponse) { | |
1933 OCSPTest ocsp; | |
1934 ASSERT_TRUE(LoadOCSPFromFile("missing_response.pem", &ocsp)); | |
1935 CheckExpectStaple(ocsp); | |
1936 EXPECT_TRUE(report_sender_.ReportSent()); | |
1937 }; | |
1938 | |
1854 } // namespace net | 1939 } // namespace net |
OLD | NEW |