net/http/transport_security_state_unittest.cc - Issue 2040513003: Implement Expect-Staple

Side by Side Diff: net/http/transport_security_state_unittest.cc

Issue 2040513003: Implement Expect-Staple (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Start writing tests Created 4 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/http/transport_security_state.h"	5 #include "net/http/transport_security_state.h"

6	6

7 #include <algorithm>	7 #include <algorithm>

8 #include <string>	8 #include <string>

9 #include <vector>	9 #include <vector>

10	10

11 #include "base/base64.h"	11 #include "base/base64.h"

12 #include "base/files/file_path.h"	12 #include "base/files/file_path.h"

13 #include "base/json/json_reader.h"	13 #include "base/json/json_reader.h"

14 #include "base/rand_util.h"	14 #include "base/rand_util.h"

15 #include "base/sha1.h"	15 #include "base/sha1.h"

16 #include "base/strings/string_piece.h"	16 #include "base/strings/string_piece.h"

17 #include "base/test/histogram_tester.h"	17 #include "base/test/histogram_tester.h"

18 #include "base/values.h"	18 #include "base/values.h"

19 #include "crypto/openssl_util.h"	19 #include "crypto/openssl_util.h"

20 #include "crypto/sha2.h"	20 #include "crypto/sha2.h"

21 #include "net/base/host_port_pair.h"	21 #include "net/base/host_port_pair.h"

22 #include "net/base/net_errors.h"	22 #include "net/base/net_errors.h"

23 #include "net/base/test_completion_callback.h"	23 #include "net/base/test_completion_callback.h"

24 #include "net/base/test_data_directory.h"	24 #include "net/base/test_data_directory.h"

25 #include "net/cert/asn1_util.h"	25 #include "net/cert/asn1_util.h"

26 #include "net/cert/cert_verifier.h"	26 #include "net/cert/cert_verifier.h"

27 #include "net/cert/cert_verify_result.h"	27 #include "net/cert/cert_verify_result.h"

28 #include "net/cert/ct_policy_status.h"	28 #include "net/cert/ct_policy_status.h"

	29 #include "net/cert/internal/test_helpers.h"

29 #include "net/cert/test_root_certs.h"	30 #include "net/cert/test_root_certs.h"

30 #include "net/cert/x509_cert_types.h"	31 #include "net/cert/x509_cert_types.h"

31 #include "net/cert/x509_certificate.h"	32 #include "net/cert/x509_certificate.h"

32 #include "net/http/http_util.h"	33 #include "net/http/http_util.h"

33 #include "net/log/net_log.h"	34 #include "net/log/net_log.h"

34 #include "net/ssl/ssl_info.h"	35 #include "net/ssl/ssl_info.h"

35 #include "net/test/cert_test_util.h"	36 #include "net/test/cert_test_util.h"

36 #include "testing/gtest/include/gtest/gtest.h"	37 #include "testing/gtest/include/gtest/gtest.h"

37	38

38 namespace net {	39 namespace net {

(...skipping 1805 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1844 state.ProcessExpectCTHeader("preload", host_port, ssl_info);	1845 state.ProcessExpectCTHeader("preload", host_port, ssl_info);

1845 EXPECT_EQ(1u, reporter.num_failures());	1846 EXPECT_EQ(1u, reporter.num_failures());

1846 EXPECT_TRUE(reporter.ssl_info().ct_compliance_details_available);	1847 EXPECT_TRUE(reporter.ssl_info().ct_compliance_details_available);

1847 EXPECT_EQ(ssl_info.ct_cert_policy_compliance,	1848 EXPECT_EQ(ssl_info.ct_cert_policy_compliance,

1848 reporter.ssl_info().ct_cert_policy_compliance);	1849 reporter.ssl_info().ct_cert_policy_compliance);

1849 EXPECT_EQ(host_port.host(), reporter.host_port_pair().host());	1850 EXPECT_EQ(host_port.host(), reporter.host_port_pair().host());

1850 EXPECT_EQ(host_port.port(), reporter.host_port_pair().port());	1851 EXPECT_EQ(host_port.port(), reporter.host_port_pair().port());

1851 EXPECT_EQ(GURL(kExpectCTStaticReportURI), reporter.report_uri());	1852 EXPECT_EQ(GURL(kExpectCTStaticReportURI), reporter.report_uri());

1852 }	1853 }

1853	1854

	1855 static const char kOCSPPathPrefix[] = "net/data/parse_ocsp_unittest/";
	svaldez 2016/06/13 14:03:04 Doesn't need to be static? Doesn't need to be static? dadrian 2016/06/13 23:03:32 Done. Show quoted text On 2016/06/13 14:03:04, svaldez wrote: > Doesn't need to be static? Done.
	1856

	1857 class MockExpectStapleReportSender : public MockCertificateReportSender {

	1858 public:

	1859 bool ReportSent() { return latest_report() != ""; }

	1860 };

	1861

	1862 class ExpectStapleTest : public TransportSecurityStateTest {

	1863 public:

	1864 void SetUp() override {

	1865 TransportSecurityStateTest::SetUp();

	1866 security_state_.SetReportSender(&report_sender_);

	1867 EnableStaticExpectStaple(&security_state_);

	1868 }

	1869

	1870 struct OCSPTest {

	1871 std::string ocsp_response;

	1872 scoped_refptr<X509Certificate> certificate;

	1873 };

	1874

	1875 static bool LoadOCSPFromFile(std::string file_name, OCSPTest* ocsp) {

	1876 std::string ca_data;

	1877 std::string cert_data;

	1878 const PemBlockMapping mappings[] = {

	1879 {"OCSP RESPONSE", &ocsp->ocsp_response},

	1880 {"CA CERTIFICATE", &ca_data},

	1881 {"CERTIFICATE", &cert_data},

	1882 };

	1883 std::string full_path = std::string(kOCSPPathPrefix) + file_name;

	1884 if (!ReadTestDataFromPemFile(full_path, mappings))

	1885 return false;

	1886

	1887 // Parse the server certificate

	1888 CertificateList server_cert_list =

	1889 X509Certificate::CreateCertificateListFromBytes(

	1890 cert_data.data(), cert_data.size(),

	1891 X509Certificate::FORMAT_SINGLE_CERTIFICATE);

	1892 ocsp->certificate = server_cert_list[0];

	1893 return true;

	1894 }

	1895

	1896 static TransportSecurityState::ExpectStapleState

	1897 GetDefaultExpectStapleState() {

	1898 TransportSecurityState::ExpectStapleState state;

	1899 state.domain = "example.com"; // Doesn't matter
	svaldez 2016/06/13 14:03:04 Can you use kHost? Can you use kHost? dadrian 2016/06/13 23:03:32 Done. Show quoted text On 2016/06/13 14:03:04, svaldez wrote: > Can you use kHost? Done.
	1900 state.report_uri = GURL("reports.example.com/expect-staple");
	svaldez 2016/06/13 14:03:04 Use constant. Use constant. dadrian 2016/06/13 23:03:32 Done. Show quoted text On 2016/06/13 14:03:04, svaldez wrote: > Use constant. Done.
	1901 state.include_subdomains = false;

	1902 return state;

	1903 }

	1904

	1905 protected:

	1906 void CheckExpectStaple(const OCSPTest& ocsp) {

	1907 TransportSecurityState::ExpectStapleState expect_staple_state =

	1908 GetDefaultExpectStapleState();

	1909 HostPortPair host_port(kExpectCTStaticHostname, 443);

	1910 security_state_.CheckExpectStaple(host_port, expect_staple_state,

	1911 *ocsp.certificate, ocsp.ocsp_response);

	1912 }

	1913

	1914 TransportSecurityState security_state_;

	1915 MockExpectStapleReportSender report_sender_;

	1916 };

	1917

	1918 TEST_F(ExpectStapleTest, Valid) {

	1919 OCSPTest ocsp;

	1920 ASSERT_TRUE(LoadOCSPFromFile("good_response.pem", &ocsp));

	1921 CheckExpectStaple(ocsp);

	1922 EXPECT_FALSE(report_sender_.ReportSent());

	1923 };

	1924

	1925 TEST_F(ExpectStapleTest, ValidWithExtension) {

	1926 OCSPTest ocsp;

	1927 ASSERT_TRUE(LoadOCSPFromFile("has_extension.pem", &ocsp));

	1928 CheckExpectStaple(ocsp);

	1929 EXPECT_FALSE(report_sender_.ReportSent());

	1930 };

	1931

	1932 TEST_F(ExpectStapleTest, MissingSingleResponse) {

	1933 OCSPTest ocsp;

	1934 ASSERT_TRUE(LoadOCSPFromFile("missing_response.pem", &ocsp));

	1935 CheckExpectStaple(ocsp);

	1936 EXPECT_TRUE(report_sender_.ReportSent());

	1937 };

	1938

1854 } // namespace net	1939 } // namespace net

OLD	NEW

« net/http/transport_security_state.cc ('K') | « net/http/transport_security_state.cc ('k') | net/socket/ssl_client_socket_impl.h » ('j') | net/socket/ssl_client_socket_impl.cc » ('J')