Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(538)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/browser/ssl/chrome_expect_ct_reporter_unittest.cc

Issue 2241213002: Distinguish between SCT invalidity reasons in UMA (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Addressing review comments Created 4 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « chrome/browser/ssl/chrome_expect_ct_reporter.cc ('k') | chrome/browser/ui/website_settings/website_settings.cc » ('j') | content/common/ssl_status_serialization.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2016 The Chromium Authors. All rights reserved. 1 // Copyright 2016 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/browser/ssl/chrome_expect_ct_reporter.h" 5 #include "chrome/browser/ssl/chrome_expect_ct_reporter.h"
6 6
7 #include <string> 7 #include <string>
8 8
9 #include "base/base64.h" 9 #include "base/base64.h"
10 #include "base/command_line.h" 10 #include "base/command_line.h"
(...skipping 115 matching lines...) Expand 10 before | Expand all | Expand 10 after
126 126
127 switch (status) { 127 switch (status) {
128 case net::ct::SCT_STATUS_LOG_UNKNOWN: 128 case net::ct::SCT_STATUS_LOG_UNKNOWN:
129 // SCTs from unknown logs only have an origin. 129 // SCTs from unknown logs only have an origin.
130 EXPECT_FALSE(report_sct->HasKey("sct")); 130 EXPECT_FALSE(report_sct->HasKey("sct"));
131 EXPECT_FALSE(report_sct->HasKey("id")); 131 EXPECT_FALSE(report_sct->HasKey("id"));
132 if (SCTOriginStringToOrigin(origin) == sct->origin) 132 if (SCTOriginStringToOrigin(origin) == sct->origin)
133 found = true; 133 found = true;
134 break; 134 break;
135 135
136 case net::ct::SCT_STATUS_INVALID: { 136 case net::ct::SCT_STATUS_INVALID_SIGNATURE:
137 case net::ct::SCT_STATUS_INVALID_TIMESTAMP: {
137 // Invalid SCTs have a log id and an origin and nothing else. 138 // Invalid SCTs have a log id and an origin and nothing else.
138 EXPECT_FALSE(report_sct->HasKey("sct")); 139 EXPECT_FALSE(report_sct->HasKey("sct"));
139 std::string id_base64; 140 std::string id_base64;
140 ASSERT_TRUE(report_sct->GetString("id", &id_base64)); 141 ASSERT_TRUE(report_sct->GetString("id", &id_base64));
141 std::string id; 142 std::string id;
142 ASSERT_TRUE(base::Base64Decode(id_base64, &id)); 143 ASSERT_TRUE(base::Base64Decode(id_base64, &id));
143 if (SCTOriginStringToOrigin(origin) == sct->origin && id == sct->log_id) 144 if (SCTOriginStringToOrigin(origin) == sct->origin && id == sct->log_id)
144 found = true; 145 found = true;
145 break; 146 break;
146 } 147 }
(...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after
190 const base::ListValue& valid_scts) { 191 const base::ListValue& valid_scts) {
191 EXPECT_EQ( 192 EXPECT_EQ(
192 expected_scts.size(), 193 expected_scts.size(),
193 unknown_scts.GetSize() + invalid_scts.GetSize() + valid_scts.GetSize()); 194 unknown_scts.GetSize() + invalid_scts.GetSize() + valid_scts.GetSize());
194 for (const auto& expected_sct : expected_scts) { 195 for (const auto& expected_sct : expected_scts) {
195 switch (expected_sct.status) { 196 switch (expected_sct.status) {
196 case net::ct::SCT_STATUS_LOG_UNKNOWN: 197 case net::ct::SCT_STATUS_LOG_UNKNOWN:
197 ASSERT_NO_FATAL_FAILURE(FindSCTInReportList( 198 ASSERT_NO_FATAL_FAILURE(FindSCTInReportList(
198 expected_sct.sct, net::ct::SCT_STATUS_LOG_UNKNOWN, unknown_scts)); 199 expected_sct.sct, net::ct::SCT_STATUS_LOG_UNKNOWN, unknown_scts));
199 break; 200 break;
200 case net::ct::SCT_STATUS_INVALID: 201 case net::ct::SCT_STATUS_INVALID_SIGNATURE:
201 ASSERT_NO_FATAL_FAILURE(FindSCTInReportList( 202 ASSERT_NO_FATAL_FAILURE(FindSCTInReportList(
202 expected_sct.sct, net::ct::SCT_STATUS_INVALID, invalid_scts)); 203 expected_sct.sct, net::ct::SCT_STATUS_INVALID_SIGNATURE,
204 invalid_scts));
205 break;
206 case net::ct::SCT_STATUS_INVALID_TIMESTAMP:
207 ASSERT_NO_FATAL_FAILURE(FindSCTInReportList(
208 expected_sct.sct, net::ct::SCT_STATUS_INVALID_TIMESTAMP,
209 invalid_scts));
203 break; 210 break;
204 case net::ct::SCT_STATUS_OK: 211 case net::ct::SCT_STATUS_OK:
205 ASSERT_NO_FATAL_FAILURE(FindSCTInReportList( 212 ASSERT_NO_FATAL_FAILURE(FindSCTInReportList(
206 expected_sct.sct, net::ct::SCT_STATUS_OK, valid_scts)); 213 expected_sct.sct, net::ct::SCT_STATUS_OK, valid_scts));
207 break; 214 break;
208 default: 215 default:
209 NOTREACHED(); 216 NOTREACHED();
210 } 217 }
211 } 218 }
212 } 219 }
(...skipping 221 matching lines...) Expand 10 before | Expand all | Expand 10 after
434 net::ct::SCT_STATUS_LOG_UNKNOWN, 441 net::ct::SCT_STATUS_LOG_UNKNOWN,
435 &ssl_info.signed_certificate_timestamps); 442 &ssl_info.signed_certificate_timestamps);
436 MakeTestSCTAndStatus(net::ct::SignedCertificateTimestamp::SCT_EMBEDDED, 443 MakeTestSCTAndStatus(net::ct::SignedCertificateTimestamp::SCT_EMBEDDED,
437 "unknown_log_id2", "extensions2", "signature2", now, 444 "unknown_log_id2", "extensions2", "signature2", now,
438 net::ct::SCT_STATUS_LOG_UNKNOWN, 445 net::ct::SCT_STATUS_LOG_UNKNOWN,
439 &ssl_info.signed_certificate_timestamps); 446 &ssl_info.signed_certificate_timestamps);
440 447
441 MakeTestSCTAndStatus( 448 MakeTestSCTAndStatus(
442 net::ct::SignedCertificateTimestamp::SCT_FROM_TLS_EXTENSION, 449 net::ct::SignedCertificateTimestamp::SCT_FROM_TLS_EXTENSION,
443 "invalid_log_id1", "extensions1", "signature1", now, 450 "invalid_log_id1", "extensions1", "signature1", now,
444 net::ct::SCT_STATUS_INVALID, &ssl_info.signed_certificate_timestamps); 451 net::ct::SCT_STATUS_INVALID_TIMESTAMP,
452 &ssl_info.signed_certificate_timestamps);
453
454 MakeTestSCTAndStatus(
455 net::ct::SignedCertificateTimestamp::SCT_FROM_TLS_EXTENSION,
456 "invalid_log_id1", "extensions1", "signature1", now,
457 net::ct::SCT_STATUS_INVALID_SIGNATURE,
458 &ssl_info.signed_certificate_timestamps);
459
445 MakeTestSCTAndStatus(net::ct::SignedCertificateTimestamp::SCT_EMBEDDED, 460 MakeTestSCTAndStatus(net::ct::SignedCertificateTimestamp::SCT_EMBEDDED,
446 "invalid_log_id2", "extensions2", "signature2", now, 461 "invalid_log_id2", "extensions2", "signature2", now,
447 net::ct::SCT_STATUS_INVALID, 462 net::ct::SCT_STATUS_INVALID_SIGNATURE,
448 &ssl_info.signed_certificate_timestamps); 463 &ssl_info.signed_certificate_timestamps);
449 464
450 MakeTestSCTAndStatus( 465 MakeTestSCTAndStatus(
451 net::ct::SignedCertificateTimestamp::SCT_FROM_OCSP_RESPONSE, 466 net::ct::SignedCertificateTimestamp::SCT_FROM_OCSP_RESPONSE,
452 "valid_log_id1", "extensions1", "signature1", now, net::ct::SCT_STATUS_OK, 467 "valid_log_id1", "extensions1", "signature1", now, net::ct::SCT_STATUS_OK,
453 &ssl_info.signed_certificate_timestamps); 468 &ssl_info.signed_certificate_timestamps);
454 MakeTestSCTAndStatus(net::ct::SignedCertificateTimestamp::SCT_EMBEDDED, 469 MakeTestSCTAndStatus(net::ct::SignedCertificateTimestamp::SCT_EMBEDDED,
455 "valid_log_id2", "extensions2", "signature2", now, 470 "valid_log_id2", "extensions2", "signature2", now,
456 net::ct::SCT_STATUS_OK, 471 net::ct::SCT_STATUS_OK,
457 &ssl_info.signed_certificate_timestamps); 472 &ssl_info.signed_certificate_timestamps);
458 473
459 net::HostPortPair host_port("example.test", 443); 474 net::HostPortPair host_port("example.test", 443);
460 GURL report_uri("http://example-report.test"); 475 GURL report_uri("http://example-report.test");
461 476
462 // Check that the report is sent and contains the correct information. 477 // Check that the report is sent and contains the correct information.
463 reporter.OnExpectCTFailed(host_port, report_uri, ssl_info); 478 reporter.OnExpectCTFailed(host_port, report_uri, ssl_info);
464 EXPECT_EQ(report_uri, sender->latest_report_uri()); 479 EXPECT_EQ(report_uri, sender->latest_report_uri());
465 EXPECT_FALSE(sender->latest_serialized_report().empty()); 480 EXPECT_FALSE(sender->latest_serialized_report().empty());
466 ASSERT_NO_FATAL_FAILURE(CheckExpectCTReport( 481 ASSERT_NO_FATAL_FAILURE(CheckExpectCTReport(
467 sender->latest_serialized_report(), host_port, ssl_info)); 482 sender->latest_serialized_report(), host_port, ssl_info));
468 483
469 histograms.ExpectTotalCount(kFailureHistogramName, 0); 484 histograms.ExpectTotalCount(kFailureHistogramName, 0);
470 histograms.ExpectTotalCount(kSendHistogramName, 1); 485 histograms.ExpectTotalCount(kSendHistogramName, 1);
471 histograms.ExpectBucketCount(kSendHistogramName, true, 1); 486 histograms.ExpectBucketCount(kSendHistogramName, true, 1);
472 } 487 }
OLDNEW
« no previous file with comments | « chrome/browser/ssl/chrome_expect_ct_reporter.cc ('k') | chrome/browser/ui/website_settings/website_settings.cc » ('j') | content/common/ssl_status_serialization.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698