Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1055)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: components/certificate_transparency/log_dns_client_unittest.cc

Issue 2124873002: Revert of Certificate Transparency DNS log client (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@mock_dns_responses
Patch Set: Created 4 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « components/certificate_transparency/log_dns_client.cc ('k') | components/components_tests.gyp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright 2016 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "components/certificate_transparency/log_dns_client.h"
6
7 #include <algorithm>
8 #include <numeric>
9 #include <utility>
10 #include <vector>
11
12 #include "base/big_endian.h"
13 #include "base/macros.h"
14 #include "base/message_loop/message_loop.h"
15 #include "base/run_loop.h"
16 #include "base/sys_byteorder.h"
17 #include "base/test/test_timeouts.h"
18 #include "crypto/sha2.h"
19 #include "net/base/net_errors.h"
20 #include "net/cert/merkle_audit_proof.h"
21 #include "net/cert/merkle_tree_leaf.h"
22 #include "net/cert/signed_certificate_timestamp.h"
23 #include "net/dns/dns_client.h"
24 #include "net/dns/dns_config_service.h"
25 #include "net/dns/dns_protocol.h"
26 #include "net/log/net_log.h"
27 #include "net/socket/socket_test_util.h"
28 #include "net/test/gtest_util.h"
29 #include "testing/gmock/include/gmock/gmock.h"
30 #include "testing/gtest/include/gtest/gtest.h"
31
32 namespace certificate_transparency {
33 namespace {
34
35 using ::testing::IsNull;
36 using ::testing::NotNull;
37 using net::test::IsError;
38 using net::test::IsOk;
39
40 constexpr char kLeafHash[] =
41 "\x1f\x25\xe1\xca\xba\x4f\xf9\xb8\x27\x24\x83\x0f\xca\x60\xe4\xc2\xbe\xa8"
42 "\xc3\xa9\x44\x1c\x27\xb0\xb4\x3e\x6a\x96\x94\xc7\xb8\x04";
43
44 // Always return min, to simplify testing.
45 // This should result in the DNS query ID always being 0.
46 int FakeRandInt(int min, int max) {
47 return min;
48 }
49
50 std::vector<char> CreateDnsTxtRequest(base::StringPiece qname) {
51 std::string encoded_qname;
52 EXPECT_TRUE(net::DNSDomainFromDot(qname, &encoded_qname));
53
54 const size_t query_section_size = encoded_qname.size() + 4;
55
56 std::vector<char> request(sizeof(net::dns_protocol::Header) +
57 query_section_size);
58 base::BigEndianWriter writer(request.data(), request.size());
59
60 // Header
61 net::dns_protocol::Header header = {};
62 header.flags = base::HostToNet16(net::dns_protocol::kFlagRD);
63 header.qdcount = base::HostToNet16(1);
64 EXPECT_TRUE(writer.WriteBytes(&header, sizeof(header)));
65 // Query section
66 EXPECT_TRUE(writer.WriteBytes(encoded_qname.data(), encoded_qname.size()));
67 EXPECT_TRUE(writer.WriteU16(net::dns_protocol::kTypeTXT));
68 EXPECT_TRUE(writer.WriteU16(net::dns_protocol::kClassIN));
69 EXPECT_EQ(0, writer.remaining());
70
71 return request;
72 }
73
74 std::vector<char> CreateDnsTxtResponse(const std::vector<char>& request,
75 base::StringPiece answer) {
76 const size_t answers_section_size = 12 + answer.size();
77 constexpr uint32_t ttl = 86400; // seconds
78
79 std::vector<char> response(request.size() + answers_section_size);
80 std::copy(request.begin(), request.end(), response.begin());
81 // Modify the header
82 net::dns_protocol::Header* header =
83 reinterpret_cast<net::dns_protocol::Header*>(response.data());
84 header->ancount = base::HostToNet16(1);
85 header->flags |= base::HostToNet16(net::dns_protocol::kFlagResponse);
86
87 // Write the answer section
88 base::BigEndianWriter writer(response.data() + request.size(),
89 response.size() - request.size());
90 EXPECT_TRUE(writer.WriteU8(0xc0)); // qname is a pointer
91 EXPECT_TRUE(writer.WriteU8(
92 sizeof(*header))); // address of qname (start of query section)
93 EXPECT_TRUE(writer.WriteU16(net::dns_protocol::kTypeTXT));
94 EXPECT_TRUE(writer.WriteU16(net::dns_protocol::kClassIN));
95 EXPECT_TRUE(writer.WriteU32(ttl));
96 EXPECT_TRUE(writer.WriteU16(answer.size()));
97 EXPECT_TRUE(writer.WriteBytes(answer.data(), answer.size()));
98 EXPECT_EQ(0, writer.remaining());
99
100 return response;
101 }
102
103 std::vector<char> CreateDnsErrorResponse(const std::vector<char>& request,
104 uint8_t rcode) {
105 std::vector<char> response(request);
106 // Modify the header
107 net::dns_protocol::Header* header =
108 reinterpret_cast<net::dns_protocol::Header*>(response.data());
109 header->ancount = base::HostToNet16(1);
110 header->flags |= base::HostToNet16(net::dns_protocol::kFlagResponse | rcode);
111
112 return response;
113 }
114
115 std::vector<std::string> GetSampleAuditProof(size_t length) {
116 std::vector<std::string> audit_proof(length);
117 // Makes each node of the audit proof different, so that tests are able to
118 // confirm that the audit proof is reconstructed in the correct order.
119 for (size_t i = 0; i < length; ++i) {
120 std::string node(crypto::kSHA256Length, '\0');
121 // Each node is 32 bytes, with each byte having a different value.
122 for (size_t j = 0; j < crypto::kSHA256Length; ++j) {
123 node[j] = static_cast<char>((-127 + i + j) % 128);
124 }
125 audit_proof[i].assign(std::move(node));
126 }
127
128 return audit_proof;
129 }
130
131 class MockLeafIndexCallback {
132 public:
133 MockLeafIndexCallback() : called_(false) {}
134
135 bool called() const { return called_; }
136 int net_error() const { return net_error_; }
137 uint64_t leaf_index() const { return leaf_index_; }
138
139 void Run(int net_error, uint64_t leaf_index) {
140 EXPECT_TRUE(!called_);
141 called_ = true;
142 net_error_ = net_error;
143 leaf_index_ = leaf_index;
144 run_loop_.Quit();
145 }
146
147 LogDnsClient::LeafIndexCallback AsCallback() {
148 return base::Bind(&MockLeafIndexCallback::Run, base::Unretained(this));
149 }
150
151 void WaitUntilRun() { run_loop_.Run(); }
152
153 private:
154 bool called_;
155 int net_error_;
156 uint64_t leaf_index_;
157 base::RunLoop run_loop_;
158 };
159
160 class MockAuditProofCallback {
161 public:
162 MockAuditProofCallback() : called_(false) {}
163
164 bool called() const { return called_; }
165 int net_error() const { return net_error_; }
166 const net::ct::MerkleAuditProof* proof() const { return proof_.get(); }
167
168 void Run(int net_error, std::unique_ptr<net::ct::MerkleAuditProof> proof) {
169 EXPECT_TRUE(!called_);
170 called_ = true;
171 net_error_ = net_error;
172 proof_ = std::move(proof);
173 run_loop_.Quit();
174 }
175
176 LogDnsClient::AuditProofCallback AsCallback() {
177 return base::Bind(&MockAuditProofCallback::Run, base::Unretained(this));
178 }
179
180 void WaitUntilRun() { run_loop_.Run(); }
181
182 private:
183 bool called_;
184 int net_error_;
185 std::unique_ptr<net::ct::MerkleAuditProof> proof_;
186 base::RunLoop run_loop_;
187 };
188
189 // A container for all of the data we need to keep alive for a mock socket.
190 // This is useful because Mock{Read,Write}, SequencedSocketData and
191 // MockClientSocketFactory all do not take ownership of or copy their arguments,
192 // so we have to manage the lifetime of those arguments ourselves. Wrapping all
193 // of that up in a single class simplifies this.
194 class MockSocketData {
195 public:
196 // A socket that expects one write and one read operation.
197 MockSocketData(const std::vector<char>& write, const std::vector<char>& read)
198 : expected_write_payload_(write),
199 expected_read_payload_(read),
200 expected_write_(net::SYNCHRONOUS,
201 expected_write_payload_.data(),
202 expected_write_payload_.size(),
203 0),
204 expected_reads_{net::MockRead(net::ASYNC,
205 expected_read_payload_.data(),
206 expected_read_payload_.size(),
207 1),
208 eof_},
209 socket_data_(expected_reads_, 2, &expected_write_, 1) {}
210
211 // A socket that expects one write and a read error.
212 MockSocketData(const std::vector<char>& write, int net_error)
213 : expected_write_payload_(write),
214 expected_write_(net::SYNCHRONOUS,
215 expected_write_payload_.data(),
216 expected_write_payload_.size(),
217 0),
218 expected_reads_{net::MockRead(net::ASYNC, net_error, 1), eof_},
219 socket_data_(expected_reads_, 2, &expected_write_, 1) {}
220
221 // A socket that expects one write and no response.
222 MockSocketData(const std::vector<char>& write)
223 : expected_write_payload_(write),
224 expected_write_(net::SYNCHRONOUS,
225 expected_write_payload_.data(),
226 expected_write_payload_.size(),
227 0),
228 expected_reads_{net::MockRead(net::SYNCHRONOUS, net::ERR_IO_PENDING, 1),
229 eof_},
230 socket_data_(expected_reads_, 2, &expected_write_, 1) {}
231
232 void SetWriteMode(net::IoMode mode) { expected_write_.mode = mode; }
233 void SetReadMode(net::IoMode mode) { expected_reads_[0].mode = mode; }
234
235 void AddToFactory(net::MockClientSocketFactory* socket_factory) {
236 socket_factory->AddSocketDataProvider(&socket_data_);
237 }
238
239 private:
240 // Prevents read overruns and makes a socket timeout the default behaviour.
241 static const net::MockRead eof_;
242
243 const std::vector<char> expected_write_payload_;
244 const std::vector<char> expected_read_payload_;
245 // Encapsulates the data that is expected to be written to a socket.
246 net::MockWrite expected_write_;
247 // Encapsulates the data/error that should be returned when reading from a
248 // socket. The expected response is followed by |eof_|, to catch further,
249 // unexpected read attempts.
250 net::MockRead expected_reads_[2];
251 net::SequencedSocketData socket_data_;
252
253 DISALLOW_COPY_AND_ASSIGN(MockSocketData);
254 };
255
256 const net::MockRead MockSocketData::eof_(net::SYNCHRONOUS,
257 net::ERR_IO_PENDING,
258 2);
259
260 class LogDnsClientTest : public ::testing::TestWithParam<net::IoMode> {
261 protected:
262 LogDnsClientTest() {
263 // Use an invalid nameserver address. This prevents the tests accidentally
264 // sending real DNS queries. The mock sockets don't care that the address
265 // is invalid.
266 dns_config_.nameservers.push_back(net::IPEndPoint());
267 // Don't attempt retransmissions - just fail.
268 dns_config_.attempts = 1;
269 // This ensures timeouts are long enough for memory tests.
270 dns_config_.timeout = TestTimeouts::action_timeout();
271 // Simplify testing - don't require random numbers for the source port.
272 // This means our FakeRandInt function should only be called to get query
273 // IDs.
274 dns_config_.randomize_ports = false;
275 }
276
277 void ExpectRequestAndErrorResponse(base::StringPiece qname, uint8_t rcode) {
278 std::vector<char> request = CreateDnsTxtRequest(qname);
279 std::vector<char> response = CreateDnsErrorResponse(request, rcode);
280
281 mock_socket_data_.emplace_back(new MockSocketData(request, response));
282 mock_socket_data_.back()->SetReadMode(GetParam());
283 mock_socket_data_.back()->AddToFactory(&socket_factory_);
284 }
285
286 void ExpectRequestAndSocketError(base::StringPiece qname, int net_error) {
287 std::vector<char> request = CreateDnsTxtRequest(qname);
288
289 mock_socket_data_.emplace_back(new MockSocketData(request, net_error));
290 mock_socket_data_.back()->SetReadMode(GetParam());
291 mock_socket_data_.back()->AddToFactory(&socket_factory_);
292 }
293
294 void ExpectRequestAndTimeout(base::StringPiece qname) {
295 std::vector<char> request = CreateDnsTxtRequest(qname);
296
297 mock_socket_data_.emplace_back(new MockSocketData(request));
298 mock_socket_data_.back()->SetReadMode(GetParam());
299 mock_socket_data_.back()->AddToFactory(&socket_factory_);
300
301 // Speed up timeout tests.
302 dns_config_.timeout = TestTimeouts::tiny_timeout();
303 }
304
305 void ExpectLeafIndexRequestAndResponse(base::StringPiece qname,
306 base::StringPiece leaf_index) {
307 // Prepend size to leaf_index to create the query answer (rdata)
308 ASSERT_LE(leaf_index.size(), 0xFFul); // size must fit into a single byte
309 std::string answer = leaf_index.as_string();
310 answer.insert(answer.begin(), static_cast<char>(leaf_index.size()));
311
312 ExpectRequestAndResponse(qname, answer);
313 }
314
315 void ExpectAuditProofRequestAndResponse(
316 base::StringPiece qname,
317 std::vector<std::string>::const_iterator audit_path_start,
318 std::vector<std::string>::const_iterator audit_path_end) {
319 // Join nodes in the audit path into a single string.
320 std::string proof =
321 std::accumulate(audit_path_start, audit_path_end, std::string());
322
323 // Prepend size to proof to create the query answer (rdata)
324 ASSERT_LE(proof.size(), 0xFFul); // size must fit into a single byte
325 proof.insert(proof.begin(), static_cast<char>(proof.size()));
326
327 ExpectRequestAndResponse(qname, proof);
328 }
329
330 void QueryLeafIndex(base::StringPiece log_domain,
331 base::StringPiece leaf_hash,
332 MockLeafIndexCallback* callback) {
333 std::unique_ptr<net::DnsClient> dns_client = CreateDnsClient();
334 LogDnsClient log_client(std::move(dns_client), net::BoundNetLog());
335
336 log_client.QueryLeafIndex(log_domain, leaf_hash, callback->AsCallback());
337 callback->WaitUntilRun();
338 }
339
340 void QueryAuditProof(base::StringPiece log_domain,
341 uint64_t leaf_index,
342 uint64_t tree_size,
343 MockAuditProofCallback* callback) {
344 std::unique_ptr<net::DnsClient> dns_client = CreateDnsClient();
345 LogDnsClient log_client(std::move(dns_client), net::BoundNetLog());
346
347 log_client.QueryAuditProof(log_domain, leaf_index, tree_size,
348 callback->AsCallback());
349 callback->WaitUntilRun();
350 }
351
352 private:
353 std::unique_ptr<net::DnsClient> CreateDnsClient() {
354 std::unique_ptr<net::DnsClient> client =
355 net::DnsClient::CreateClientForTesting(nullptr, &socket_factory_,
356 base::Bind(&FakeRandInt));
357 client->SetConfig(dns_config_);
358 return client;
359 }
360
361 void ExpectRequestAndResponse(base::StringPiece qname,
362 base::StringPiece answer) {
363 std::vector<char> request = CreateDnsTxtRequest(qname);
364 std::vector<char> response = CreateDnsTxtResponse(request, answer);
365
366 mock_socket_data_.emplace_back(new MockSocketData(request, response));
367 mock_socket_data_.back()->SetReadMode(GetParam());
368 mock_socket_data_.back()->AddToFactory(&socket_factory_);
369 }
370
371 net::DnsConfig dns_config_;
372 base::MessageLoopForIO message_loop_;
373 std::vector<std::unique_ptr<MockSocketData>> mock_socket_data_;
374 net::MockClientSocketFactory socket_factory_;
375 };
376
377 TEST_P(LogDnsClientTest, QueryLeafIndex) {
378 ExpectLeafIndexRequestAndResponse(
379 "D4S6DSV2J743QJZEQMH4UYHEYK7KRQ5JIQOCPMFUHZVJNFGHXACA.hash.ct.test.",
380 "123456");
381
382 MockLeafIndexCallback callback;
383 QueryLeafIndex("ct.test", kLeafHash, &callback);
384 ASSERT_TRUE(callback.called());
385 EXPECT_THAT(callback.net_error(), IsOk());
386 EXPECT_THAT(callback.leaf_index(), 123456);
387 }
388
389 TEST_P(LogDnsClientTest, QueryLeafIndexReportsThatLogDomainDoesNotExist) {
390 ExpectRequestAndErrorResponse(
391 "D4S6DSV2J743QJZEQMH4UYHEYK7KRQ5JIQOCPMFUHZVJNFGHXACA.hash.ct.test.",
392 net::dns_protocol::kRcodeNXDOMAIN);
393
394 MockLeafIndexCallback callback;
395 QueryLeafIndex("ct.test", kLeafHash, &callback);
396 ASSERT_TRUE(callback.called());
397 EXPECT_THAT(callback.net_error(), IsError(net::ERR_NAME_NOT_RESOLVED));
398 EXPECT_THAT(callback.leaf_index(), 0);
399 }
400
401 TEST_P(LogDnsClientTest, QueryLeafIndexReportsServerFailure) {
402 ExpectRequestAndErrorResponse(
403 "D4S6DSV2J743QJZEQMH4UYHEYK7KRQ5JIQOCPMFUHZVJNFGHXACA.hash.ct.test.",
404 net::dns_protocol::kRcodeSERVFAIL);
405
406 MockLeafIndexCallback callback;
407 QueryLeafIndex("ct.test", kLeafHash, &callback);
408 ASSERT_TRUE(callback.called());
409 EXPECT_THAT(callback.net_error(), IsError(net::ERR_DNS_SERVER_FAILED));
410 EXPECT_THAT(callback.leaf_index(), 0);
411 }
412
413 TEST_P(LogDnsClientTest, QueryLeafIndexReportsServerRefusal) {
414 ExpectRequestAndErrorResponse(
415 "D4S6DSV2J743QJZEQMH4UYHEYK7KRQ5JIQOCPMFUHZVJNFGHXACA.hash.ct.test.",
416 net::dns_protocol::kRcodeREFUSED);
417
418 MockLeafIndexCallback callback;
419 QueryLeafIndex("ct.test", kLeafHash, &callback);
420 ASSERT_TRUE(callback.called());
421 EXPECT_THAT(callback.net_error(), IsError(net::ERR_DNS_SERVER_FAILED));
422 EXPECT_THAT(callback.leaf_index(), 0);
423 }
424
425 TEST_P(LogDnsClientTest,
426 QueryLeafIndexReportsMalformedResponseIfLeafIndexIsNotNumeric) {
427 ExpectLeafIndexRequestAndResponse(
428 "D4S6DSV2J743QJZEQMH4UYHEYK7KRQ5JIQOCPMFUHZVJNFGHXACA.hash.ct.test.",
429 "foo");
430
431 MockLeafIndexCallback callback;
432 QueryLeafIndex("ct.test", kLeafHash, &callback);
433 ASSERT_TRUE(callback.called());
434 EXPECT_THAT(callback.net_error(), IsError(net::ERR_DNS_MALFORMED_RESPONSE));
435 EXPECT_THAT(callback.leaf_index(), 0);
436 }
437
438 TEST_P(LogDnsClientTest,
439 QueryLeafIndexReportsMalformedResponseIfLeafIndexIsFloatingPoint) {
440 ExpectLeafIndexRequestAndResponse(
441 "D4S6DSV2J743QJZEQMH4UYHEYK7KRQ5JIQOCPMFUHZVJNFGHXACA.hash.ct.test.",
442 "123456.0");
443
444 MockLeafIndexCallback callback;
445 QueryLeafIndex("ct.test", kLeafHash, &callback);
446 ASSERT_TRUE(callback.called());
447 EXPECT_THAT(callback.net_error(), IsError(net::ERR_DNS_MALFORMED_RESPONSE));
448 EXPECT_THAT(callback.leaf_index(), 0);
449 }
450
451 TEST_P(LogDnsClientTest,
452 QueryLeafIndexReportsMalformedResponseIfLeafIndexIsEmpty) {
453 ExpectLeafIndexRequestAndResponse(
454 "D4S6DSV2J743QJZEQMH4UYHEYK7KRQ5JIQOCPMFUHZVJNFGHXACA.hash.ct.test.", "");
455
456 MockLeafIndexCallback callback;
457 QueryLeafIndex("ct.test", kLeafHash, &callback);
458 ASSERT_TRUE(callback.called());
459 EXPECT_THAT(callback.net_error(), IsError(net::ERR_DNS_MALFORMED_RESPONSE));
460 EXPECT_THAT(callback.leaf_index(), 0);
461 }
462
463 TEST_P(LogDnsClientTest,
464 QueryLeafIndexReportsMalformedResponseIfLeafIndexHasNonNumericPrefix) {
465 ExpectLeafIndexRequestAndResponse(
466 "D4S6DSV2J743QJZEQMH4UYHEYK7KRQ5JIQOCPMFUHZVJNFGHXACA.hash.ct.test.",
467 "foo123456");
468
469 MockLeafIndexCallback callback;
470 QueryLeafIndex("ct.test", kLeafHash, &callback);
471 ASSERT_TRUE(callback.called());
472 EXPECT_THAT(callback.net_error(), IsError(net::ERR_DNS_MALFORMED_RESPONSE));
473 EXPECT_THAT(callback.leaf_index(), 0);
474 }
475
476 TEST_P(LogDnsClientTest,
477 QueryLeafIndexReportsMalformedResponseIfLeafIndexHasNonNumericSuffix) {
478 ExpectLeafIndexRequestAndResponse(
479 "D4S6DSV2J743QJZEQMH4UYHEYK7KRQ5JIQOCPMFUHZVJNFGHXACA.hash.ct.test.",
480 "123456foo");
481
482 MockLeafIndexCallback callback;
483 QueryLeafIndex("ct.test", kLeafHash, &callback);
484 ASSERT_TRUE(callback.called());
485 EXPECT_THAT(callback.net_error(), IsError(net::ERR_DNS_MALFORMED_RESPONSE));
486 EXPECT_THAT(callback.leaf_index(), 0);
487 }
488
489 TEST_P(LogDnsClientTest, QueryLeafIndexReportsInvalidArgIfLogDomainIsEmpty) {
490 MockLeafIndexCallback callback;
491 QueryLeafIndex("", kLeafHash, &callback);
492 ASSERT_TRUE(callback.called());
493 EXPECT_THAT(callback.net_error(), IsError(net::ERR_INVALID_ARGUMENT));
494 EXPECT_THAT(callback.leaf_index(), 0);
495 }
496
497 TEST_P(LogDnsClientTest, QueryLeafIndexReportsInvalidArgIfLogDomainIsNull) {
498 MockLeafIndexCallback callback;
499 QueryLeafIndex(nullptr, kLeafHash, &callback);
500 ASSERT_TRUE(callback.called());
501 EXPECT_THAT(callback.net_error(), IsError(net::ERR_INVALID_ARGUMENT));
502 EXPECT_THAT(callback.leaf_index(), 0);
503 }
504
505 TEST_P(LogDnsClientTest, QueryLeafIndexReportsInvalidArgIfLeafHashIsInvalid) {
506 MockLeafIndexCallback callback;
507 QueryLeafIndex("ct.test", "foo", &callback);
508 ASSERT_TRUE(callback.called());
509 EXPECT_THAT(callback.net_error(), IsError(net::ERR_INVALID_ARGUMENT));
510 EXPECT_THAT(callback.leaf_index(), 0);
511 }
512
513 TEST_P(LogDnsClientTest, QueryLeafIndexReportsInvalidArgIfLeafHashIsEmpty) {
514 MockLeafIndexCallback callback;
515 QueryLeafIndex("ct.test", "", &callback);
516 ASSERT_TRUE(callback.called());
517 EXPECT_THAT(callback.net_error(), IsError(net::ERR_INVALID_ARGUMENT));
518 EXPECT_THAT(callback.leaf_index(), 0);
519 }
520
521 TEST_P(LogDnsClientTest, QueryLeafIndexReportsInvalidArgIfLeafHashIsNull) {
522 MockLeafIndexCallback callback;
523 QueryLeafIndex("ct.test", nullptr, &callback);
524 ASSERT_TRUE(callback.called());
525 EXPECT_THAT(callback.net_error(), IsError(net::ERR_INVALID_ARGUMENT));
526 EXPECT_THAT(callback.leaf_index(), 0);
527 }
528
529 TEST_P(LogDnsClientTest, QueryLeafIndexReportsSocketError) {
530 ExpectRequestAndSocketError(
531 "D4S6DSV2J743QJZEQMH4UYHEYK7KRQ5JIQOCPMFUHZVJNFGHXACA.hash.ct.test.",
532 net::ERR_CONNECTION_REFUSED);
533
534 MockLeafIndexCallback callback;
535 QueryLeafIndex("ct.test", kLeafHash, &callback);
536 ASSERT_TRUE(callback.called());
537 EXPECT_THAT(callback.net_error(), IsError(net::ERR_CONNECTION_REFUSED));
538 EXPECT_THAT(callback.leaf_index(), 0);
539 }
540
541 TEST_P(LogDnsClientTest, QueryLeafIndexReportsTimeout) {
542 ExpectRequestAndTimeout(
543 "D4S6DSV2J743QJZEQMH4UYHEYK7KRQ5JIQOCPMFUHZVJNFGHXACA.hash.ct.test.");
544
545 MockLeafIndexCallback callback;
546 QueryLeafIndex("ct.test", kLeafHash, &callback);
547 ASSERT_TRUE(callback.called());
548 EXPECT_THAT(callback.net_error(), IsError(net::ERR_DNS_TIMED_OUT));
549 EXPECT_THAT(callback.leaf_index(), 0);
550 }
551
552 TEST_P(LogDnsClientTest, QueryAuditProof) {
553 const std::vector<std::string> audit_proof = GetSampleAuditProof(20);
554
555 // It should require 3 queries to collect the entire audit proof, as there is
556 // only space for 7 nodes per UDP packet.
557 ExpectAuditProofRequestAndResponse("0.123456.999999.tree.ct.test.",
558 audit_proof.begin(),
559 audit_proof.begin() + 7);
560 ExpectAuditProofRequestAndResponse("7.123456.999999.tree.ct.test.",
561 audit_proof.begin() + 7,
562 audit_proof.begin() + 14);
563 ExpectAuditProofRequestAndResponse("14.123456.999999.tree.ct.test.",
564 audit_proof.begin() + 14,
565 audit_proof.end());
566
567 MockAuditProofCallback callback;
568 QueryAuditProof("ct.test", 123456, 999999, &callback);
569 ASSERT_TRUE(callback.called());
570 EXPECT_THAT(callback.net_error(), IsOk());
571 ASSERT_THAT(callback.proof(), NotNull());
572 EXPECT_THAT(callback.proof()->leaf_index, 123456);
573 // EXPECT_THAT(callback.proof()->tree_size, 999999);
574 EXPECT_THAT(callback.proof()->nodes, audit_proof);
575 }
576
577 TEST_P(LogDnsClientTest, QueryAuditProofHandlesResponsesWithShortAuditPaths) {
578 const std::vector<std::string> audit_proof = GetSampleAuditProof(20);
579
580 // Make some of the responses contain fewer proof nodes than they can hold.
581 ExpectAuditProofRequestAndResponse("0.123456.999999.tree.ct.test.",
582 audit_proof.begin(),
583 audit_proof.begin() + 1);
584 ExpectAuditProofRequestAndResponse("1.123456.999999.tree.ct.test.",
585 audit_proof.begin() + 1,
586 audit_proof.begin() + 3);
587 ExpectAuditProofRequestAndResponse("3.123456.999999.tree.ct.test.",
588 audit_proof.begin() + 3,
589 audit_proof.begin() + 6);
590 ExpectAuditProofRequestAndResponse("6.123456.999999.tree.ct.test.",
591 audit_proof.begin() + 6,
592 audit_proof.begin() + 10);
593 ExpectAuditProofRequestAndResponse("10.123456.999999.tree.ct.test.",
594 audit_proof.begin() + 10,
595 audit_proof.begin() + 13);
596 ExpectAuditProofRequestAndResponse("13.123456.999999.tree.ct.test.",
597 audit_proof.begin() + 13,
598 audit_proof.end());
599
600 MockAuditProofCallback callback;
601 QueryAuditProof("ct.test", 123456, 999999, &callback);
602 ASSERT_TRUE(callback.called());
603 EXPECT_THAT(callback.net_error(), IsOk());
604 ASSERT_THAT(callback.proof(), NotNull());
605 EXPECT_THAT(callback.proof()->leaf_index, 123456);
606 // EXPECT_THAT(callback.proof()->tree_size, 999999);
607 EXPECT_THAT(callback.proof()->nodes, audit_proof);
608 }
609
610 TEST_P(LogDnsClientTest, QueryAuditProofReportsThatLogDomainDoesNotExist) {
611 ExpectRequestAndErrorResponse("0.123456.999999.tree.ct.test.",
612 net::dns_protocol::kRcodeNXDOMAIN);
613
614 MockAuditProofCallback callback;
615 QueryAuditProof("ct.test", 123456, 999999, &callback);
616 ASSERT_TRUE(callback.called());
617 EXPECT_THAT(callback.net_error(), IsError(net::ERR_NAME_NOT_RESOLVED));
618 EXPECT_THAT(callback.proof(), IsNull());
619 }
620
621 TEST_P(LogDnsClientTest, QueryAuditProofReportsServerFailure) {
622 ExpectRequestAndErrorResponse("0.123456.999999.tree.ct.test.",
623 net::dns_protocol::kRcodeSERVFAIL);
624
625 MockAuditProofCallback callback;
626 QueryAuditProof("ct.test", 123456, 999999, &callback);
627 ASSERT_TRUE(callback.called());
628 EXPECT_THAT(callback.net_error(), IsError(net::ERR_DNS_SERVER_FAILED));
629 EXPECT_THAT(callback.proof(), IsNull());
630 }
631
632 TEST_P(LogDnsClientTest, QueryAuditProofReportsServerRefusal) {
633 ExpectRequestAndErrorResponse("0.123456.999999.tree.ct.test.",
634 net::dns_protocol::kRcodeREFUSED);
635
636 MockAuditProofCallback callback;
637 QueryAuditProof("ct.test", 123456, 999999, &callback);
638 ASSERT_TRUE(callback.called());
639 EXPECT_THAT(callback.net_error(), IsError(net::ERR_DNS_SERVER_FAILED));
640 EXPECT_THAT(callback.proof(), IsNull());
641 }
642
643 TEST_P(LogDnsClientTest,
644 QueryAuditProofReportsResponseMalformedIfNodeTooShort) {
645 // node is shorter than a SHA-256 hash (31 vs 32 bytes)
646 const std::vector<std::string> audit_proof(1, std::string(31, 'a'));
647
648 ExpectAuditProofRequestAndResponse("0.123456.999999.tree.ct.test.",
649 audit_proof.begin(), audit_proof.end());
650
651 MockAuditProofCallback callback;
652 QueryAuditProof("ct.test", 123456, 999999, &callback);
653 ASSERT_TRUE(callback.called());
654 EXPECT_THAT(callback.net_error(), IsError(net::ERR_DNS_MALFORMED_RESPONSE));
655 EXPECT_THAT(callback.proof(), IsNull());
656 }
657
658 TEST_P(LogDnsClientTest, QueryAuditProofReportsResponseMalformedIfNodeTooLong) {
659 // node is longer than a SHA-256 hash (33 vs 32 bytes)
660 const std::vector<std::string> audit_proof(1, std::string(33, 'a'));
661
662 ExpectAuditProofRequestAndResponse("0.123456.999999.tree.ct.test.",
663 audit_proof.begin(), audit_proof.end());
664
665 MockAuditProofCallback callback;
666 QueryAuditProof("ct.test", 123456, 999999, &callback);
667 ASSERT_TRUE(callback.called());
668 EXPECT_THAT(callback.net_error(), IsError(net::ERR_DNS_MALFORMED_RESPONSE));
669 EXPECT_THAT(callback.proof(), IsNull());
670 }
671
672 TEST_P(LogDnsClientTest, QueryAuditProofReportsResponseMalformedIfEmpty) {
673 const std::vector<std::string> audit_proof;
674
675 ExpectAuditProofRequestAndResponse("0.123456.999999.tree.ct.test.",
676 audit_proof.begin(), audit_proof.end());
677
678 MockAuditProofCallback callback;
679 QueryAuditProof("ct.test", 123456, 999999, &callback);
680 ASSERT_TRUE(callback.called());
681 EXPECT_THAT(callback.net_error(), IsError(net::ERR_DNS_MALFORMED_RESPONSE));
682 EXPECT_THAT(callback.proof(), IsNull());
683 }
684
685 TEST_P(LogDnsClientTest, QueryAuditProofReportsInvalidArgIfLogDomainIsEmpty) {
686 MockAuditProofCallback callback;
687 QueryAuditProof("", 123456, 999999, &callback);
688 ASSERT_TRUE(callback.called());
689 EXPECT_THAT(callback.net_error(), IsError(net::ERR_INVALID_ARGUMENT));
690 EXPECT_THAT(callback.proof(), IsNull());
691 }
692
693 TEST_P(LogDnsClientTest, QueryAuditProofReportsInvalidArgIfLogDomainIsNull) {
694 MockAuditProofCallback callback;
695 QueryAuditProof(nullptr, 123456, 999999, &callback);
696 ASSERT_TRUE(callback.called());
697 EXPECT_THAT(callback.net_error(), IsError(net::ERR_INVALID_ARGUMENT));
698 EXPECT_THAT(callback.proof(), IsNull());
699 }
700
701 TEST_P(LogDnsClientTest,
702 QueryAuditProofReportsInvalidArgIfLeafIndexEqualToTreeSize) {
703 MockAuditProofCallback callback;
704 QueryAuditProof("ct.test", 123456, 123456, &callback);
705 ASSERT_TRUE(callback.called());
706 EXPECT_THAT(callback.net_error(), IsError(net::ERR_INVALID_ARGUMENT));
707 EXPECT_THAT(callback.proof(), IsNull());
708 }
709
710 TEST_P(LogDnsClientTest,
711 QueryAuditProofReportsInvalidArgIfLeafIndexGreaterThanTreeSize) {
712 MockAuditProofCallback callback;
713 QueryAuditProof("ct.test", 999999, 123456, &callback);
714 ASSERT_TRUE(callback.called());
715 EXPECT_THAT(callback.net_error(), IsError(net::ERR_INVALID_ARGUMENT));
716 EXPECT_THAT(callback.proof(), IsNull());
717 }
718
719 TEST_P(LogDnsClientTest, QueryAuditProofReportsSocketError) {
720 ExpectRequestAndSocketError("0.123456.999999.tree.ct.test.",
721 net::ERR_CONNECTION_REFUSED);
722
723 MockAuditProofCallback callback;
724 QueryAuditProof("ct.test", 123456, 999999, &callback);
725 ASSERT_TRUE(callback.called());
726 EXPECT_THAT(callback.net_error(), IsError(net::ERR_CONNECTION_REFUSED));
727 EXPECT_THAT(callback.proof(), IsNull());
728 }
729
730 TEST_P(LogDnsClientTest, QueryAuditProofReportsTimeout) {
731 ExpectRequestAndTimeout("0.123456.999999.tree.ct.test.");
732
733 MockAuditProofCallback callback;
734 QueryAuditProof("ct.test", 123456, 999999, &callback);
735 ASSERT_TRUE(callback.called());
736 EXPECT_THAT(callback.net_error(), IsError(net::ERR_DNS_TIMED_OUT));
737 EXPECT_THAT(callback.proof(), IsNull());
738 }
739
740 INSTANTIATE_TEST_CASE_P(ReadMode,
741 LogDnsClientTest,
742 ::testing::Values(net::IoMode::ASYNC,
743 net::IoMode::SYNCHRONOUS));
744
745 } // namespace
746 } // namespace certificate_transparency
OLDNEW
« no previous file with comments | « components/certificate_transparency/log_dns_client.cc ('k') | components/components_tests.gyp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698