| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/http/transport_security_state.h" | 5 #include "net/http/transport_security_state.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 #include <string> | 8 #include <string> |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| (...skipping 72 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 83 }; | 83 }; |
| 84 | 84 |
| 85 // A mock ReportSenderInterface that just remembers the latest report | 85 // A mock ReportSenderInterface that just remembers the latest report |
| 86 // URI and report to be sent. | 86 // URI and report to be sent. |
| 87 class MockCertificateReportSender | 87 class MockCertificateReportSender |
| 88 : public TransportSecurityState::ReportSenderInterface { | 88 : public TransportSecurityState::ReportSenderInterface { |
| 89 public: | 89 public: |
| 90 MockCertificateReportSender() {} | 90 MockCertificateReportSender() {} |
| 91 ~MockCertificateReportSender() override {} | 91 ~MockCertificateReportSender() override {} |
| 92 | 92 |
| 93 void Send(const GURL& report_uri, const std::string& report) override { | 93 void Send(const GURL& report_uri, |
| 94 const std::string& content_type, |
| 95 const std::string& report) override { |
| 94 latest_report_uri_ = report_uri; | 96 latest_report_uri_ = report_uri; |
| 95 latest_report_ = report; | 97 latest_report_ = report; |
| 98 latest_content_type_ = content_type; |
| 96 } | 99 } |
| 97 | 100 |
| 98 void SetErrorCallback( | 101 void SetErrorCallback( |
| 99 const base::Callback<void(const GURL&, int)>& error_callback) override {} | 102 const base::Callback<void(const GURL&, int)>& error_callback) override {} |
| 100 | 103 |
| 101 void Clear() { | 104 void Clear() { |
| 102 latest_report_uri_ = GURL(); | 105 latest_report_uri_ = GURL(); |
| 103 latest_report_ = std::string(); | 106 latest_report_ = std::string(); |
| 104 } | 107 } |
| 105 | 108 |
| 106 const GURL& latest_report_uri() { return latest_report_uri_; } | 109 const GURL& latest_report_uri() { return latest_report_uri_; } |
| 107 const std::string& latest_report() { return latest_report_; } | 110 const std::string& latest_report() { return latest_report_; } |
| 111 const std::string& latest_content_type() { return latest_content_type_; } |
| 108 | 112 |
| 109 private: | 113 private: |
| 110 GURL latest_report_uri_; | 114 GURL latest_report_uri_; |
| 111 std::string latest_report_; | 115 std::string latest_report_; |
| 116 std::string latest_content_type_; |
| 112 }; | 117 }; |
| 113 | 118 |
| 114 // A mock ReportSenderInterface that simulates a net error on every report sent. | 119 // A mock ReportSenderInterface that simulates a net error on every report sent. |
| 115 class MockFailingCertificateReportSender | 120 class MockFailingCertificateReportSender |
| 116 : public TransportSecurityState::ReportSenderInterface { | 121 : public TransportSecurityState::ReportSenderInterface { |
| 117 public: | 122 public: |
| 118 MockFailingCertificateReportSender() : net_error_(ERR_CONNECTION_FAILED) {} | 123 MockFailingCertificateReportSender() : net_error_(ERR_CONNECTION_FAILED) {} |
| 119 ~MockFailingCertificateReportSender() override {} | 124 ~MockFailingCertificateReportSender() override {} |
| 120 | 125 |
| 121 int net_error() { return net_error_; } | 126 int net_error() { return net_error_; } |
| 122 | 127 |
| 123 // TransportSecurityState::ReportSenderInterface: | 128 // TransportSecurityState::ReportSenderInterface: |
| 124 void Send(const GURL& report_uri, const std::string& report) override { | 129 void Send(const GURL& report_uri, |
| 130 const std::string& content_type, |
| 131 const std::string& report) override { |
| 125 ASSERT_FALSE(error_callback_.is_null()); | 132 ASSERT_FALSE(error_callback_.is_null()); |
| 126 error_callback_.Run(report_uri, net_error_); | 133 error_callback_.Run(report_uri, net_error_); |
| 127 } | 134 } |
| 128 | 135 |
| 129 void SetErrorCallback( | 136 void SetErrorCallback( |
| 130 const base::Callback<void(const GURL&, int)>& error_callback) override { | 137 const base::Callback<void(const GURL&, int)>& error_callback) override { |
| 131 error_callback_ = error_callback; | 138 error_callback_ = error_callback; |
| 132 } | 139 } |
| 133 | 140 |
| 134 private: | 141 private: |
| (...skipping 197 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 332 const SSLInfo& ssl_info, | 339 const SSLInfo& ssl_info, |
| 333 const std::string& ocsp_response, | 340 const std::string& ocsp_response, |
| 334 const std::string& response_status, | 341 const std::string& response_status, |
| 335 const std::string& cert_status) { | 342 const std::string& cert_status) { |
| 336 // Expect-Staple is preload list based, so we use the baked-in test hostname | 343 // Expect-Staple is preload list based, so we use the baked-in test hostname |
| 337 // from the list ("preloaded-expect-staple.badssl.com"). | 344 // from the list ("preloaded-expect-staple.badssl.com"). |
| 338 HostPortPair host_port(kExpectStapleStaticHostname, 443); | 345 HostPortPair host_port(kExpectStapleStaticHostname, 443); |
| 339 state->SetReportSender(reporter); | 346 state->SetReportSender(reporter); |
| 340 state->CheckExpectStaple(host_port, ssl_info, ocsp_response); | 347 state->CheckExpectStaple(host_port, ssl_info, ocsp_response); |
| 341 EXPECT_EQ(GURL(kExpectStapleStaticReportURI), reporter->latest_report_uri()); | 348 EXPECT_EQ(GURL(kExpectStapleStaticReportURI), reporter->latest_report_uri()); |
| 349 EXPECT_EQ("application/json", reporter->latest_content_type()); |
| 342 std::string serialized_report = reporter->latest_report(); | 350 std::string serialized_report = reporter->latest_report(); |
| 343 EXPECT_NO_FATAL_FAILURE(CheckSerializedExpectStapleReport( | 351 EXPECT_NO_FATAL_FAILURE(CheckSerializedExpectStapleReport( |
| 344 serialized_report, host_port, ssl_info, ocsp_response, response_status, | 352 serialized_report, host_port, ssl_info, ocsp_response, response_status, |
| 345 cert_status)); | 353 cert_status)); |
| 346 } | 354 } |
| 347 | 355 |
| 348 } // namespace | 356 } // namespace |
| 349 | 357 |
| 350 class TransportSecurityStateTest : public testing::Test { | 358 class TransportSecurityStateTest : public testing::Test { |
| 351 public: | 359 public: |
| (...skipping 1085 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1437 EXPECT_EQ(TransportSecurityState::PKPStatus::VIOLATED, | 1445 EXPECT_EQ(TransportSecurityState::PKPStatus::VIOLATED, |
| 1438 state.CheckPublicKeyPins( | 1446 state.CheckPublicKeyPins( |
| 1439 host_port_pair, true, bad_hashes, cert1.get(), cert2.get(), | 1447 host_port_pair, true, bad_hashes, cert1.get(), cert2.get(), |
| 1440 TransportSecurityState::ENABLE_PIN_REPORTS, &failure_log)); | 1448 TransportSecurityState::ENABLE_PIN_REPORTS, &failure_log)); |
| 1441 | 1449 |
| 1442 // Now a report should have been sent. Check that it contains the | 1450 // Now a report should have been sent. Check that it contains the |
| 1443 // right information. | 1451 // right information. |
| 1444 EXPECT_EQ(report_uri, mock_report_sender.latest_report_uri()); | 1452 EXPECT_EQ(report_uri, mock_report_sender.latest_report_uri()); |
| 1445 std::string report = mock_report_sender.latest_report(); | 1453 std::string report = mock_report_sender.latest_report(); |
| 1446 ASSERT_FALSE(report.empty()); | 1454 ASSERT_FALSE(report.empty()); |
| 1455 EXPECT_EQ("application/json", mock_report_sender.latest_content_type()); |
| 1447 ASSERT_NO_FATAL_FAILURE(CheckHPKPReport(report, host_port_pair, true, kHost, | 1456 ASSERT_NO_FATAL_FAILURE(CheckHPKPReport(report, host_port_pair, true, kHost, |
| 1448 cert1.get(), cert2.get(), | 1457 cert1.get(), cert2.get(), |
| 1449 good_hashes)); | 1458 good_hashes)); |
| 1450 mock_report_sender.Clear(); | 1459 mock_report_sender.Clear(); |
| 1451 EXPECT_EQ(TransportSecurityState::PKPStatus::VIOLATED, | 1460 EXPECT_EQ(TransportSecurityState::PKPStatus::VIOLATED, |
| 1452 state.CheckPublicKeyPins(subdomain_host_port_pair, true, bad_hashes, | 1461 state.CheckPublicKeyPins(subdomain_host_port_pair, true, bad_hashes, |
| 1453 cert1.get(), cert2.get(), | 1462 cert1.get(), cert2.get(), |
| 1454 TransportSecurityState::ENABLE_PIN_REPORTS, | 1463 TransportSecurityState::ENABLE_PIN_REPORTS, |
| 1455 &failure_log)); | 1464 &failure_log)); |
| 1456 | 1465 |
| 1457 // Now a report should have been sent for the subdomain. Check that it | 1466 // Now a report should have been sent for the subdomain. Check that it |
| 1458 // contains the right information. | 1467 // contains the right information. |
| 1459 EXPECT_EQ(report_uri, mock_report_sender.latest_report_uri()); | 1468 EXPECT_EQ(report_uri, mock_report_sender.latest_report_uri()); |
| 1460 report = mock_report_sender.latest_report(); | 1469 report = mock_report_sender.latest_report(); |
| 1461 ASSERT_FALSE(report.empty()); | 1470 ASSERT_FALSE(report.empty()); |
| 1471 EXPECT_EQ("application/json", mock_report_sender.latest_content_type()); |
| 1462 ASSERT_NO_FATAL_FAILURE(CheckHPKPReport(report, subdomain_host_port_pair, | 1472 ASSERT_NO_FATAL_FAILURE(CheckHPKPReport(report, subdomain_host_port_pair, |
| 1463 true, kHost, cert1.get(), cert2.get(), | 1473 true, kHost, cert1.get(), cert2.get(), |
| 1464 good_hashes)); | 1474 good_hashes)); |
| 1465 } | 1475 } |
| 1466 | 1476 |
| 1467 // Tests that a histogram entry is recorded when TransportSecurityState | 1477 // Tests that a histogram entry is recorded when TransportSecurityState |
| 1468 // fails to send an HPKP violation report. | 1478 // fails to send an HPKP violation report. |
| 1469 TEST_F(TransportSecurityStateTest, UMAOnHPKPReportingFailure) { | 1479 TEST_F(TransportSecurityStateTest, UMAOnHPKPReportingFailure) { |
| 1470 base::HistogramTester histograms; | 1480 base::HistogramTester histograms; |
| 1471 const std::string histogram_name = "Net.PublicKeyPinReportSendingFailure2"; | 1481 const std::string histogram_name = "Net.PublicKeyPinReportSendingFailure2"; |
| (...skipping 90 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1562 // violation. | 1572 // violation. |
| 1563 ssl_info.public_key_hashes.clear(); | 1573 ssl_info.public_key_hashes.clear(); |
| 1564 for (size_t i = 0; kBadPath[i]; i++) | 1574 for (size_t i = 0; kBadPath[i]; i++) |
| 1565 EXPECT_TRUE(AddHash(kBadPath[i], &ssl_info.public_key_hashes)); | 1575 EXPECT_TRUE(AddHash(kBadPath[i], &ssl_info.public_key_hashes)); |
| 1566 | 1576 |
| 1567 EXPECT_TRUE( | 1577 EXPECT_TRUE( |
| 1568 state.ProcessHPKPReportOnlyHeader(header, host_port_pair, ssl_info)); | 1578 state.ProcessHPKPReportOnlyHeader(header, host_port_pair, ssl_info)); |
| 1569 EXPECT_EQ(report_uri, mock_report_sender.latest_report_uri()); | 1579 EXPECT_EQ(report_uri, mock_report_sender.latest_report_uri()); |
| 1570 std::string report = mock_report_sender.latest_report(); | 1580 std::string report = mock_report_sender.latest_report(); |
| 1571 ASSERT_FALSE(report.empty()); | 1581 ASSERT_FALSE(report.empty()); |
| 1582 EXPECT_EQ("application/json", mock_report_sender.latest_content_type()); |
| 1572 ASSERT_NO_FATAL_FAILURE(CheckHPKPReport(report, host_port_pair, true, kHost, | 1583 ASSERT_NO_FATAL_FAILURE(CheckHPKPReport(report, host_port_pair, true, kHost, |
| 1573 cert1.get(), cert2.get(), | 1584 cert1.get(), cert2.get(), |
| 1574 ssl_info.public_key_hashes)); | 1585 ssl_info.public_key_hashes)); |
| 1575 } | 1586 } |
| 1576 | 1587 |
| 1577 // Tests that Report-Only reports are not sent on certs that chain to | 1588 // Tests that Report-Only reports are not sent on certs that chain to |
| 1578 // local roots. | 1589 // local roots. |
| 1579 TEST_F(TransportSecurityStateTest, HPKPReportOnlyOnLocalRoot) { | 1590 TEST_F(TransportSecurityStateTest, HPKPReportOnlyOnLocalRoot) { |
| 1580 HostPortPair host_port_pair(kHost, kPort); | 1591 HostPortPair host_port_pair(kHost, kPort); |
| 1581 GURL report_uri(kReportUri); | 1592 GURL report_uri(kReportUri); |
| (...skipping 106 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1688 std::string failure_log; | 1699 std::string failure_log; |
| 1689 EXPECT_EQ(TransportSecurityState::PKPStatus::VIOLATED, | 1700 EXPECT_EQ(TransportSecurityState::PKPStatus::VIOLATED, |
| 1690 state.CheckPublicKeyPins( | 1701 state.CheckPublicKeyPins( |
| 1691 host_port_pair, true, bad_hashes, cert1.get(), cert2.get(), | 1702 host_port_pair, true, bad_hashes, cert1.get(), cert2.get(), |
| 1692 TransportSecurityState::ENABLE_PIN_REPORTS, &failure_log)); | 1703 TransportSecurityState::ENABLE_PIN_REPORTS, &failure_log)); |
| 1693 | 1704 |
| 1694 EXPECT_EQ(report_uri, mock_report_sender.latest_report_uri()); | 1705 EXPECT_EQ(report_uri, mock_report_sender.latest_report_uri()); |
| 1695 | 1706 |
| 1696 std::string report = mock_report_sender.latest_report(); | 1707 std::string report = mock_report_sender.latest_report(); |
| 1697 ASSERT_FALSE(report.empty()); | 1708 ASSERT_FALSE(report.empty()); |
| 1709 EXPECT_EQ("application/json", mock_report_sender.latest_content_type()); |
| 1698 ASSERT_NO_FATAL_FAILURE(CheckHPKPReport( | 1710 ASSERT_NO_FATAL_FAILURE(CheckHPKPReport( |
| 1699 report, host_port_pair, pkp_state.include_subdomains, pkp_state.domain, | 1711 report, host_port_pair, pkp_state.include_subdomains, pkp_state.domain, |
| 1700 cert1.get(), cert2.get(), pkp_state.spki_hashes)); | 1712 cert1.get(), cert2.get(), pkp_state.spki_hashes)); |
| 1701 } | 1713 } |
| 1702 | 1714 |
| 1703 // Tests that report URIs are thrown out if they point to the same host, | 1715 // Tests that report URIs are thrown out if they point to the same host, |
| 1704 // over HTTPS, for which a pin was violated. | 1716 // over HTTPS, for which a pin was violated. |
| 1705 TEST_F(TransportSecurityStateTest, HPKPReportUriToSameHost) { | 1717 TEST_F(TransportSecurityStateTest, HPKPReportUriToSameHost) { |
| 1706 HostPortPair host_port_pair(kHost, kPort); | 1718 HostPortPair host_port_pair(kHost, kPort); |
| 1707 GURL https_report_uri("https://example.test/report"); | 1719 GURL https_report_uri("https://example.test/report"); |
| (...skipping 613 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2321 base::FieldTrialList::CreateFieldTrial("EnforceCTForProblematicRoots", | 2333 base::FieldTrialList::CreateFieldTrial("EnforceCTForProblematicRoots", |
| 2322 "disabled"); | 2334 "disabled"); |
| 2323 | 2335 |
| 2324 EXPECT_FALSE( | 2336 EXPECT_FALSE( |
| 2325 state.ShouldRequireCT("www.example.com", before_cert.get(), hashes)); | 2337 state.ShouldRequireCT("www.example.com", before_cert.get(), hashes)); |
| 2326 EXPECT_FALSE( | 2338 EXPECT_FALSE( |
| 2327 state.ShouldRequireCT("www.example.com", after_cert.get(), hashes)); | 2339 state.ShouldRequireCT("www.example.com", after_cert.get(), hashes)); |
| 2328 } | 2340 } |
| 2329 | 2341 |
| 2330 } // namespace net | 2342 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2365353004:
Add Content-Type header to net::ReportSender reports (Closed)
