Chromium Code Reviews Chromium Code Reviews
Issue 2153123002:
Certificate Transparency: Collect metrics on age of SCT vs STH (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: components/certificate_transparency/single_tree_tracker_unittest.cc |
| diff --git a/components/certificate_transparency/single_tree_tracker_unittest.cc b/components/certificate_transparency/single_tree_tracker_unittest.cc |
| index cbdfe6175b8702c1532a6830790c7d2deba04836..0ee2c6ef991ee467f013d50a3d36b1055f1c7743 100644 |
| --- a/components/certificate_transparency/single_tree_tracker_unittest.cc |
| +++ b/components/certificate_transparency/single_tree_tracker_unittest.cc |
| @@ -8,6 +8,7 @@ |
| #include <utility> |
| #include "base/strings/string_piece.h" |
| +#include "base/test/histogram_tester.h" |
| #include "net/cert/ct_log_verifier.h" |
| #include "net/cert/ct_serialization.h" |
| #include "net/cert/signed_certificate_timestamp.h" |
| @@ -19,6 +20,8 @@ |
| namespace certificate_transparency { |
| namespace { |
| +const char kPendingSTHHistogramName[] = |
| + "Net.CertificateTransparency.SCTNeedsFreshSTH"; |
| bool GetOldSignedTreeHead(net::ct::SignedTreeHead* sth) { |
| sth->version = net::ct::SignedTreeHead::V1; |
| @@ -75,6 +78,7 @@ class SingleTreeTrackerTest : public ::testing::Test { |
| // Test that an SCT is classified as pending for a newer STH if the |
| // SingleTreeTracker has not seen any STHs so far. |
| TEST_F(SingleTreeTrackerTest, CorrectlyClassifiesUnobservedSCTNoSTH) { |
| + base::HistogramTester histograms; |
| // First make sure the SCT has not been observed at all. |
| EXPECT_EQ( |
| SingleTreeTracker::SCT_NOT_OBSERVED, |
| @@ -87,11 +91,14 @@ TEST_F(SingleTreeTrackerTest, CorrectlyClassifiesUnobservedSCTNoSTH) { |
| EXPECT_EQ( |
| SingleTreeTracker::SCT_PENDING_NEWER_STH, |
| tree_tracker_->GetLogEntryInclusionStatus(chain_.get(), cert_sct_.get())); |
| + |
| + histograms.ExpectTotalCount(kPendingSTHHistogramName, 0); |
| } |
| // Test that an SCT is classified as pending an inclusion check if the |
| // SingleTreeTracker has a fresh-enough STH to check inclusion against. |
| TEST_F(SingleTreeTrackerTest, CorrectlyClassifiesUnobservedSCTWithRecentSTH) { |
| + base::HistogramTester histograms; |
| // Provide an STH to the tree_tracker_. |
| net::ct::SignedTreeHead sth; |
| net::ct::GetSampleSignedTreeHead(&sth); |
| @@ -110,18 +117,22 @@ TEST_F(SingleTreeTrackerTest, CorrectlyClassifiesUnobservedSCTWithRecentSTH) { |
| EXPECT_EQ( |
| SingleTreeTracker::SCT_PENDING_INCLUSION_CHECK, |
| tree_tracker_->GetLogEntryInclusionStatus(chain_.get(), cert_sct_.get())); |
| + histograms.ExpectTotalCount(kPendingSTHHistogramName, 1); |
| + histograms.ExpectBucketCount(kPendingSTHHistogramName, false, 1); |
| } |
| // Test that the SingleTreeTracker correctly queues verified SCTs for inclusion |
| // checking such that, upon receiving a fresh STH, it changes the SCT's status |
| // from pending newer STH to pending inclusion check. |
| TEST_F(SingleTreeTrackerTest, CorrectlyUpdatesSCTStatusOnNewSTH) { |
| + base::HistogramTester histograms; |
| // Report an observed SCT and make sure it's in the pending newer STH |
| // state. |
| tree_tracker_->OnSCTVerified(chain_.get(), cert_sct_.get()); |
| EXPECT_EQ( |
| SingleTreeTracker::SCT_PENDING_NEWER_STH, |
| tree_tracker_->GetLogEntryInclusionStatus(chain_.get(), cert_sct_.get())); |
| + histograms.ExpectTotalCount(kPendingSTHHistogramName, 0); |
|
Rob Percival
2016/07/15 14:38:16
I think it's worth adding a comment for this line,
Eran Messeri
2016/07/18 08:53:41
Done.
|
| // Provide with a fresh STH |
| net::ct::SignedTreeHead sth; |
| @@ -132,6 +143,7 @@ TEST_F(SingleTreeTrackerTest, CorrectlyUpdatesSCTStatusOnNewSTH) { |
| EXPECT_EQ( |
| SingleTreeTracker::SCT_PENDING_INCLUSION_CHECK, |
| tree_tracker_->GetLogEntryInclusionStatus(chain_.get(), cert_sct_.get())); |
| + histograms.ExpectTotalCount(kPendingSTHHistogramName, 0); |
| } |
| // Test that the SingleTreeTracker does not change an SCT's status if an STH |
| @@ -155,4 +167,20 @@ TEST_F(SingleTreeTrackerTest, DoesNotUpdatesSCTStatusOnOldSTH) { |
| tree_tracker_->GetLogEntryInclusionStatus(chain_.get(), cert_sct_.get())); |
| } |
| +// Test that the SingleTreeTracker correctly logs that an SCT is pending a new |
| +// STH when it has STH but the observed SCT is newer than that. |
| +TEST_F(SingleTreeTrackerTest, LogsUMAForNewSCTAndOldSTH) { |
| + base::HistogramTester histograms; |
| + // Provide an old STH for the same log. |
| + net::ct::SignedTreeHead sth; |
| + GetOldSignedTreeHead(&sth); |
| + tree_tracker_->NewSTHObserved(sth); |
| + |
| + histograms.ExpectTotalCount(kPendingSTHHistogramName, 0); |
| + // Notify of an SCT and make sure it's in the 'pending newer STH' state. |
| + tree_tracker_->OnSCTVerified(chain_.get(), cert_sct_.get()); |
| + histograms.ExpectTotalCount(kPendingSTHHistogramName, 1); |
| + histograms.ExpectBucketCount(kPendingSTHHistogramName, true, 1); |
| +} |
| + |
| } // namespace certificate_transparency |
