| Index: components/certificate_transparency/single_tree_tracker_unittest.cc
|
| diff --git a/components/certificate_transparency/single_tree_tracker_unittest.cc b/components/certificate_transparency/single_tree_tracker_unittest.cc
|
| index cbdfe6175b8702c1532a6830790c7d2deba04836..33ff899fe3a5ca85153a204f7bd1eb4d4fa9e3f9 100644
|
| --- a/components/certificate_transparency/single_tree_tracker_unittest.cc
|
| +++ b/components/certificate_transparency/single_tree_tracker_unittest.cc
|
| @@ -8,6 +8,7 @@
|
| #include <utility>
|
|
|
| #include "base/strings/string_piece.h"
|
| +#include "base/test/histogram_tester.h"
|
| #include "net/cert/ct_log_verifier.h"
|
| #include "net/cert/ct_serialization.h"
|
| #include "net/cert/signed_certificate_timestamp.h"
|
| @@ -19,6 +20,8 @@
|
| namespace certificate_transparency {
|
|
|
| namespace {
|
| +const char kHistogramName[] =
|
| + "Net.CertificateTransparency.CanInclusionCheckSCT";
|
|
|
| bool GetOldSignedTreeHead(net::ct::SignedTreeHead* sth) {
|
| sth->version = net::ct::SignedTreeHead::V1;
|
| @@ -75,6 +78,7 @@ class SingleTreeTrackerTest : public ::testing::Test {
|
| // Test that an SCT is classified as pending for a newer STH if the
|
| // SingleTreeTracker has not seen any STHs so far.
|
| TEST_F(SingleTreeTrackerTest, CorrectlyClassifiesUnobservedSCTNoSTH) {
|
| + base::HistogramTester histograms;
|
| // First make sure the SCT has not been observed at all.
|
| EXPECT_EQ(
|
| SingleTreeTracker::SCT_NOT_OBSERVED,
|
| @@ -87,11 +91,15 @@ TEST_F(SingleTreeTrackerTest, CorrectlyClassifiesUnobservedSCTNoSTH) {
|
| EXPECT_EQ(
|
| SingleTreeTracker::SCT_PENDING_NEWER_STH,
|
| tree_tracker_->GetLogEntryInclusionStatus(chain_.get(), cert_sct_.get()));
|
| +
|
| + // Since there's no valid STH expect nothing was logged to UMA.
|
| + histograms.ExpectTotalCount(kHistogramName, 0);
|
| }
|
|
|
| // Test that an SCT is classified as pending an inclusion check if the
|
| // SingleTreeTracker has a fresh-enough STH to check inclusion against.
|
| TEST_F(SingleTreeTrackerTest, CorrectlyClassifiesUnobservedSCTWithRecentSTH) {
|
| + base::HistogramTester histograms;
|
| // Provide an STH to the tree_tracker_.
|
| net::ct::SignedTreeHead sth;
|
| net::ct::GetSampleSignedTreeHead(&sth);
|
| @@ -110,18 +118,25 @@ TEST_F(SingleTreeTrackerTest, CorrectlyClassifiesUnobservedSCTWithRecentSTH) {
|
| EXPECT_EQ(
|
| SingleTreeTracker::SCT_PENDING_INCLUSION_CHECK,
|
| tree_tracker_->GetLogEntryInclusionStatus(chain_.get(), cert_sct_.get()));
|
| +
|
| + // Exactly one value should be logged, indicating the SCT
|
| + // can be checked for inclusion.
|
| + histograms.ExpectTotalCount(kHistogramName, 1);
|
| + histograms.ExpectBucketCount(kHistogramName, true, 1);
|
| }
|
|
|
| // Test that the SingleTreeTracker correctly queues verified SCTs for inclusion
|
| // checking such that, upon receiving a fresh STH, it changes the SCT's status
|
| // from pending newer STH to pending inclusion check.
|
| TEST_F(SingleTreeTrackerTest, CorrectlyUpdatesSCTStatusOnNewSTH) {
|
| + base::HistogramTester histograms;
|
| // Report an observed SCT and make sure it's in the pending newer STH
|
| // state.
|
| tree_tracker_->OnSCTVerified(chain_.get(), cert_sct_.get());
|
| EXPECT_EQ(
|
| SingleTreeTracker::SCT_PENDING_NEWER_STH,
|
| tree_tracker_->GetLogEntryInclusionStatus(chain_.get(), cert_sct_.get()));
|
| + histograms.ExpectTotalCount(kHistogramName, 0);
|
|
|
| // Provide with a fresh STH
|
| net::ct::SignedTreeHead sth;
|
| @@ -132,6 +147,9 @@ TEST_F(SingleTreeTrackerTest, CorrectlyUpdatesSCTStatusOnNewSTH) {
|
| EXPECT_EQ(
|
| SingleTreeTracker::SCT_PENDING_INCLUSION_CHECK,
|
| tree_tracker_->GetLogEntryInclusionStatus(chain_.get(), cert_sct_.get()));
|
| + // Check that no UMA was logged for this case as the histogram is only
|
| + // supposed to measure the state of newly-observed SCTs, not pending ones.
|
| + histograms.ExpectTotalCount(kHistogramName, 0);
|
| }
|
|
|
| // Test that the SingleTreeTracker does not change an SCT's status if an STH
|
| @@ -155,4 +173,22 @@ TEST_F(SingleTreeTrackerTest, DoesNotUpdatesSCTStatusOnOldSTH) {
|
| tree_tracker_->GetLogEntryInclusionStatus(chain_.get(), cert_sct_.get()));
|
| }
|
|
|
| +// Test that the SingleTreeTracker correctly logs that an SCT is pending a new
|
| +// STH when it has STH but the observed SCT is newer than that.
|
| +TEST_F(SingleTreeTrackerTest, LogsUMAForNewSCTAndOldSTH) {
|
| + base::HistogramTester histograms;
|
| + // Provide an old STH for the same log.
|
| + net::ct::SignedTreeHead sth;
|
| + GetOldSignedTreeHead(&sth);
|
| + tree_tracker_->NewSTHObserved(sth);
|
| +
|
| + histograms.ExpectTotalCount(kHistogramName, 0);
|
| + // Notify of an SCT and make sure it's in the 'pending newer STH' state.
|
| + tree_tracker_->OnSCTVerified(chain_.get(), cert_sct_.get());
|
| + // Exactly one value should be logged, indicating the SCT cannot be checked
|
| + // for inclusion as the STH is too old.
|
| + histograms.ExpectTotalCount(kHistogramName, 1);
|
| + histograms.ExpectBucketCount(kHistogramName, false, 1);
|
| +}
|
| +
|
| } // namespace certificate_transparency
|
|
|
Chromium Code Reviews
Issue 2153123002:
Certificate Transparency: Collect metrics on age of SCT vs STH (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master