| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/http/http_response_info.h" | 5 #include "net/http/http_response_info.h" |
| 6 | 6 |
| 7 #include "base/pickle.h" | 7 #include "base/pickle.h" |
| 8 #include "net/cert/signed_certificate_timestamp.h" | 8 #include "net/cert/signed_certificate_timestamp.h" |
| 9 #include "net/cert/signed_certificate_timestamp_and_status.h" | 9 #include "net/cert/signed_certificate_timestamp_and_status.h" |
| 10 #include "net/http/http_response_headers.h" | 10 #include "net/http/http_response_headers.h" |
| 11 #include "net/ssl/ssl_connection_status_flags.h" |
| 12 #include "net/test/cert_test_util.h" |
| 11 #include "net/test/ct_test_util.h" | 13 #include "net/test/ct_test_util.h" |
| 14 #include "net/test/test_data_directory.h" |
| 12 #include "testing/gtest/include/gtest/gtest.h" | 15 #include "testing/gtest/include/gtest/gtest.h" |
| 13 | 16 |
| 14 namespace net { | 17 namespace net { |
| 15 | 18 |
| 16 namespace { | 19 namespace { |
| 17 | 20 |
| 18 class HttpResponseInfoTest : public testing::Test { | 21 class HttpResponseInfoTest : public testing::Test { |
| 19 protected: | 22 protected: |
| 20 void SetUp() override { | 23 void SetUp() override { |
| 21 response_info_.headers = new HttpResponseHeaders(""); | 24 response_info_.headers = new HttpResponseHeaders(""); |
| 22 } | 25 } |
| 23 | 26 |
| 24 void PickleAndRestore(const HttpResponseInfo& response_info, | 27 void PickleAndRestore(const HttpResponseInfo& response_info, |
| 25 HttpResponseInfo* restored_response_info) const { | 28 HttpResponseInfo* restored_response_info) const { |
| 26 base::Pickle pickle; | 29 base::Pickle pickle; |
| 27 response_info.Persist(&pickle, false, false); | 30 response_info.Persist(&pickle, false, false); |
| 28 bool truncated = false; | 31 bool truncated = false; |
| 29 restored_response_info->InitFromPickle(pickle, &truncated); | 32 EXPECT_TRUE(restored_response_info->InitFromPickle(pickle, &truncated)); |
| 30 } | 33 } |
| 31 | 34 |
| 32 HttpResponseInfo response_info_; | 35 HttpResponseInfo response_info_; |
| 33 }; | 36 }; |
| 34 | 37 |
| 35 TEST_F(HttpResponseInfoTest, UnusedSincePrefetchDefault) { | 38 TEST_F(HttpResponseInfoTest, UnusedSincePrefetchDefault) { |
| 36 EXPECT_FALSE(response_info_.unused_since_prefetch); | 39 EXPECT_FALSE(response_info_.unused_since_prefetch); |
| 37 } | 40 } |
| 38 | 41 |
| 39 TEST_F(HttpResponseInfoTest, UnusedSincePrefetchCopy) { | 42 TEST_F(HttpResponseInfoTest, UnusedSincePrefetchCopy) { |
| (...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 89 TEST_F(HttpResponseInfoTest, AsyncRevalidationRequiredNotPersisted) { | 92 TEST_F(HttpResponseInfoTest, AsyncRevalidationRequiredNotPersisted) { |
| 90 response_info_.async_revalidation_required = true; | 93 response_info_.async_revalidation_required = true; |
| 91 net::HttpResponseInfo restored_response_info; | 94 net::HttpResponseInfo restored_response_info; |
| 92 PickleAndRestore(response_info_, &restored_response_info); | 95 PickleAndRestore(response_info_, &restored_response_info); |
| 93 EXPECT_FALSE(restored_response_info.async_revalidation_required); | 96 EXPECT_FALSE(restored_response_info.async_revalidation_required); |
| 94 } | 97 } |
| 95 | 98 |
| 96 TEST_F(HttpResponseInfoTest, FailsInitFromPickleWithInvalidSCTStatus) { | 99 TEST_F(HttpResponseInfoTest, FailsInitFromPickleWithInvalidSCTStatus) { |
| 97 // A valid certificate is needed for ssl_info.is_valid() to be true | 100 // A valid certificate is needed for ssl_info.is_valid() to be true |
| 98 // so that the SCTs would be serialized. | 101 // so that the SCTs would be serialized. |
| 99 const std::string der_test_cert(net::ct::GetDerEncodedX509Cert()); | 102 response_info_.ssl_info.cert = |
| 100 response_info_.ssl_info.cert = net::X509Certificate::CreateFromBytes( | 103 ImportCertFromFile(GetTestCertsDirectory(), "ok_cert.pem"); |
| 101 der_test_cert.data(), der_test_cert.length()); | |
| 102 | 104 |
| 103 scoped_refptr<ct::SignedCertificateTimestamp> sct; | 105 scoped_refptr<ct::SignedCertificateTimestamp> sct; |
| 104 ct::GetX509CertSCT(&sct); | 106 ct::GetX509CertSCT(&sct); |
| 105 | 107 |
| 106 response_info_.ssl_info.signed_certificate_timestamps.push_back( | 108 response_info_.ssl_info.signed_certificate_timestamps.push_back( |
| 107 SignedCertificateTimestampAndStatus( | 109 SignedCertificateTimestampAndStatus( |
| 108 sct, ct::SCTVerifyStatus::SCT_STATUS_LOG_UNKNOWN)); | 110 sct, ct::SCTVerifyStatus::SCT_STATUS_LOG_UNKNOWN)); |
| 109 | 111 |
| 110 base::Pickle pickle; | 112 base::Pickle pickle; |
| 111 response_info_.Persist(&pickle, false, false); | 113 response_info_.Persist(&pickle, false, false); |
| 112 bool truncated = false; | 114 bool truncated = false; |
| 113 net::HttpResponseInfo restored_response_info; | 115 net::HttpResponseInfo restored_response_info; |
| 114 EXPECT_TRUE(restored_response_info.InitFromPickle(pickle, &truncated)); | 116 EXPECT_TRUE(restored_response_info.InitFromPickle(pickle, &truncated)); |
| 115 | 117 |
| 116 response_info_.ssl_info.signed_certificate_timestamps.push_back( | 118 response_info_.ssl_info.signed_certificate_timestamps.push_back( |
| 117 SignedCertificateTimestampAndStatus(sct, | 119 SignedCertificateTimestampAndStatus(sct, |
| 118 static_cast<ct::SCTVerifyStatus>(2))); | 120 static_cast<ct::SCTVerifyStatus>(2))); |
| 119 base::Pickle pickle_invalid; | 121 base::Pickle pickle_invalid; |
| 120 response_info_.Persist(&pickle_invalid, false, false); | 122 response_info_.Persist(&pickle_invalid, false, false); |
| 121 net::HttpResponseInfo restored_invalid_response; | 123 net::HttpResponseInfo restored_invalid_response; |
| 122 EXPECT_FALSE( | 124 EXPECT_FALSE( |
| 123 restored_invalid_response.InitFromPickle(pickle_invalid, &truncated)); | 125 restored_invalid_response.InitFromPickle(pickle_invalid, &truncated)); |
| 124 } | 126 } |
| 125 | 127 |
| 128 // Test that key_exchange_group is preserved for ECDHE ciphers. |
| 129 TEST_F(HttpResponseInfoTest, KeyExchangeGroupECDHE) { |
| 130 response_info_.ssl_info.cert = |
| 131 ImportCertFromFile(GetTestCertsDirectory(), "ok_cert.pem"); |
| 132 SSLConnectionStatusSetVersion(SSL_CONNECTION_VERSION_TLS1_2, |
| 133 &response_info_.ssl_info.connection_status); |
| 134 SSLConnectionStatusSetCipherSuite( |
| 135 0xcca8 /* TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 */, |
| 136 &response_info_.ssl_info.connection_status); |
| 137 response_info_.ssl_info.key_exchange_group = 23; // X25519 |
| 138 net::HttpResponseInfo restored_response_info; |
| 139 PickleAndRestore(response_info_, &restored_response_info); |
| 140 EXPECT_EQ(23, restored_response_info.ssl_info.key_exchange_group); |
| 141 } |
| 142 |
| 143 // Test that key_exchange_group is preserved for TLS 1.3. |
| 144 TEST_F(HttpResponseInfoTest, KeyExchangeGroupTLS13) { |
| 145 response_info_.ssl_info.cert = |
| 146 ImportCertFromFile(GetTestCertsDirectory(), "ok_cert.pem"); |
| 147 SSLConnectionStatusSetVersion(SSL_CONNECTION_VERSION_TLS1_3, |
| 148 &response_info_.ssl_info.connection_status); |
| 149 SSLConnectionStatusSetCipherSuite(0x1303 /* TLS_CHACHA20_POLY1305_SHA256 */, |
| 150 &response_info_.ssl_info.connection_status); |
| 151 response_info_.ssl_info.key_exchange_group = 23; // X25519 |
| 152 net::HttpResponseInfo restored_response_info; |
| 153 PickleAndRestore(response_info_, &restored_response_info); |
| 154 EXPECT_EQ(23, restored_response_info.ssl_info.key_exchange_group); |
| 155 } |
| 156 |
| 157 // Test that key_exchange_group is discarded for non-ECDHE ciphers prior to TLS |
| 158 // 1.3, to account for the historical key_exchange_info field. See |
| 159 // https://crbug.com/639421. |
| 160 TEST_F(HttpResponseInfoTest, LegacyKeyExchangeInfoDHE) { |
| 161 response_info_.ssl_info.cert = |
| 162 ImportCertFromFile(GetTestCertsDirectory(), "ok_cert.pem"); |
| 163 SSLConnectionStatusSetVersion(SSL_CONNECTION_VERSION_TLS1_2, |
| 164 &response_info_.ssl_info.connection_status); |
| 165 SSLConnectionStatusSetCipherSuite( |
| 166 0x0093 /* TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 */, |
| 167 &response_info_.ssl_info.connection_status); |
| 168 response_info_.ssl_info.key_exchange_group = 1024; |
| 169 net::HttpResponseInfo restored_response_info; |
| 170 PickleAndRestore(response_info_, &restored_response_info); |
| 171 EXPECT_EQ(0, restored_response_info.ssl_info.key_exchange_group); |
| 172 } |
| 173 |
| 174 // Test that key_exchange_group is discarded for unknown ciphers prior to TLS |
| 175 // 1.3, to account for the historical key_exchange_info field. See |
| 176 // https://crbug.com/639421. |
| 177 TEST_F(HttpResponseInfoTest, LegacyKeyExchangeInfoUnknown) { |
| 178 response_info_.ssl_info.cert = |
| 179 ImportCertFromFile(GetTestCertsDirectory(), "ok_cert.pem"); |
| 180 SSLConnectionStatusSetVersion(SSL_CONNECTION_VERSION_TLS1_2, |
| 181 &response_info_.ssl_info.connection_status); |
| 182 SSLConnectionStatusSetCipherSuite(0xffff, |
| 183 &response_info_.ssl_info.connection_status); |
| 184 response_info_.ssl_info.key_exchange_group = 1024; |
| 185 net::HttpResponseInfo restored_response_info; |
| 186 PickleAndRestore(response_info_, &restored_response_info); |
| 187 EXPECT_EQ(0, restored_response_info.ssl_info.key_exchange_group); |
| 188 } |
| 189 |
| 126 } // namespace | 190 } // namespace |
| 127 | 191 |
| 128 } // namespace net | 192 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2349713004:
Replace key_exchange_info with key_exchange_group. (Closed)
