| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/http/transport_security_state.h" | 5 #include "net/http/transport_security_state.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 #include <string> | 8 #include <string> |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| (...skipping 71 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 82 }; | 82 }; |
| 83 | 83 |
| 84 // A mock ReportSenderInterface that just remembers the latest report | 84 // A mock ReportSenderInterface that just remembers the latest report |
| 85 // URI and report to be sent. | 85 // URI and report to be sent. |
| 86 class MockCertificateReportSender | 86 class MockCertificateReportSender |
| 87 : public TransportSecurityState::ReportSenderInterface { | 87 : public TransportSecurityState::ReportSenderInterface { |
| 88 public: | 88 public: |
| 89 MockCertificateReportSender() {} | 89 MockCertificateReportSender() {} |
| 90 ~MockCertificateReportSender() override {} | 90 ~MockCertificateReportSender() override {} |
| 91 | 91 |
| 92 void Send(const GURL& report_uri, const std::string& report) override { | 92 void Send(const GURL& report_uri, |
| 93 base::StringPiece content_type, |
| 94 base::StringPiece report) override { |
| 93 latest_report_uri_ = report_uri; | 95 latest_report_uri_ = report_uri; |
| 94 latest_report_ = report; | 96 report.CopyToString(&latest_report_); |
| 97 content_type.CopyToString(&latest_content_type_); |
| 95 } | 98 } |
| 96 | 99 |
| 97 void SetErrorCallback( | 100 void SetErrorCallback( |
| 98 const base::Callback<void(const GURL&, int)>& error_callback) override {} | 101 const base::Callback<void(const GURL&, int)>& error_callback) override {} |
| 99 | 102 |
| 100 void Clear() { | 103 void Clear() { |
| 101 latest_report_uri_ = GURL(); | 104 latest_report_uri_ = GURL(); |
| 102 latest_report_ = std::string(); | 105 latest_report_ = std::string(); |
| 106 latest_content_type_ = std::string(); |
| 103 } | 107 } |
| 104 | 108 |
| 105 const GURL& latest_report_uri() { return latest_report_uri_; } | 109 const GURL& latest_report_uri() { return latest_report_uri_; } |
| 106 const std::string& latest_report() { return latest_report_; } | 110 const std::string& latest_report() { return latest_report_; } |
| 111 const std::string& latest_content_type() { return latest_content_type_; } |
| 107 | 112 |
| 108 private: | 113 private: |
| 109 GURL latest_report_uri_; | 114 GURL latest_report_uri_; |
| 110 std::string latest_report_; | 115 std::string latest_report_; |
| 116 std::string latest_content_type_; |
| 111 }; | 117 }; |
| 112 | 118 |
| 113 // A mock ReportSenderInterface that simulates a net error on every report sent. | 119 // A mock ReportSenderInterface that simulates a net error on every report sent. |
| 114 class MockFailingCertificateReportSender | 120 class MockFailingCertificateReportSender |
| 115 : public TransportSecurityState::ReportSenderInterface { | 121 : public TransportSecurityState::ReportSenderInterface { |
| 116 public: | 122 public: |
| 117 MockFailingCertificateReportSender() : net_error_(ERR_CONNECTION_FAILED) {} | 123 MockFailingCertificateReportSender() : net_error_(ERR_CONNECTION_FAILED) {} |
| 118 ~MockFailingCertificateReportSender() override {} | 124 ~MockFailingCertificateReportSender() override {} |
| 119 | 125 |
| 120 int net_error() { return net_error_; } | 126 int net_error() { return net_error_; } |
| 121 | 127 |
| 122 // TransportSecurityState::ReportSenderInterface: | 128 // TransportSecurityState::ReportSenderInterface: |
| 123 void Send(const GURL& report_uri, const std::string& report) override { | 129 void Send(const GURL& report_uri, |
| 130 base::StringPiece content_type, |
| 131 base::StringPiece report) override { |
| 124 ASSERT_FALSE(error_callback_.is_null()); | 132 ASSERT_FALSE(error_callback_.is_null()); |
| 125 error_callback_.Run(report_uri, net_error_); | 133 error_callback_.Run(report_uri, net_error_); |
| 126 } | 134 } |
| 127 | 135 |
| 128 void SetErrorCallback( | 136 void SetErrorCallback( |
| 129 const base::Callback<void(const GURL&, int)>& error_callback) override { | 137 const base::Callback<void(const GURL&, int)>& error_callback) override { |
| 130 error_callback_ = error_callback; | 138 error_callback_ = error_callback; |
| 131 } | 139 } |
| 132 | 140 |
| 133 private: | 141 private: |
| (...skipping 197 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 331 const SSLInfo& ssl_info, | 339 const SSLInfo& ssl_info, |
| 332 const std::string& ocsp_response, | 340 const std::string& ocsp_response, |
| 333 const std::string& response_status, | 341 const std::string& response_status, |
| 334 const std::string& cert_status) { | 342 const std::string& cert_status) { |
| 335 // Expect-Staple is preload list based, so we use the baked-in test hostname | 343 // Expect-Staple is preload list based, so we use the baked-in test hostname |
| 336 // from the list ("preloaded-expect-staple.badssl.com"). | 344 // from the list ("preloaded-expect-staple.badssl.com"). |
| 337 HostPortPair host_port(kExpectStapleStaticHostname, 443); | 345 HostPortPair host_port(kExpectStapleStaticHostname, 443); |
| 338 state->SetReportSender(reporter); | 346 state->SetReportSender(reporter); |
| 339 state->CheckExpectStaple(host_port, ssl_info, ocsp_response); | 347 state->CheckExpectStaple(host_port, ssl_info, ocsp_response); |
| 340 EXPECT_EQ(GURL(kExpectStapleStaticReportURI), reporter->latest_report_uri()); | 348 EXPECT_EQ(GURL(kExpectStapleStaticReportURI), reporter->latest_report_uri()); |
| 349 EXPECT_EQ("application/json; charset=utf-8", reporter->latest_content_type()); |
| 341 std::string serialized_report = reporter->latest_report(); | 350 std::string serialized_report = reporter->latest_report(); |
| 342 EXPECT_NO_FATAL_FAILURE(CheckSerializedExpectStapleReport( | 351 EXPECT_NO_FATAL_FAILURE(CheckSerializedExpectStapleReport( |
| 343 serialized_report, host_port, ssl_info, ocsp_response, response_status, | 352 serialized_report, host_port, ssl_info, ocsp_response, response_status, |
| 344 cert_status)); | 353 cert_status)); |
| 345 } | 354 } |
| 346 | 355 |
| 347 } // namespace | 356 } // namespace |
| 348 | 357 |
| 349 class TransportSecurityStateTest : public testing::Test { | 358 class TransportSecurityStateTest : public testing::Test { |
| 350 public: | 359 public: |
| (...skipping 1085 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1436 EXPECT_EQ(TransportSecurityState::PKPStatus::VIOLATED, | 1445 EXPECT_EQ(TransportSecurityState::PKPStatus::VIOLATED, |
| 1437 state.CheckPublicKeyPins( | 1446 state.CheckPublicKeyPins( |
| 1438 host_port_pair, true, bad_hashes, cert1.get(), cert2.get(), | 1447 host_port_pair, true, bad_hashes, cert1.get(), cert2.get(), |
| 1439 TransportSecurityState::ENABLE_PIN_REPORTS, &failure_log)); | 1448 TransportSecurityState::ENABLE_PIN_REPORTS, &failure_log)); |
| 1440 | 1449 |
| 1441 // Now a report should have been sent. Check that it contains the | 1450 // Now a report should have been sent. Check that it contains the |
| 1442 // right information. | 1451 // right information. |
| 1443 EXPECT_EQ(report_uri, mock_report_sender.latest_report_uri()); | 1452 EXPECT_EQ(report_uri, mock_report_sender.latest_report_uri()); |
| 1444 std::string report = mock_report_sender.latest_report(); | 1453 std::string report = mock_report_sender.latest_report(); |
| 1445 ASSERT_FALSE(report.empty()); | 1454 ASSERT_FALSE(report.empty()); |
| 1455 EXPECT_EQ("application/json; charset=utf-8", |
| 1456 mock_report_sender.latest_content_type()); |
| 1446 ASSERT_NO_FATAL_FAILURE(CheckHPKPReport(report, host_port_pair, true, kHost, | 1457 ASSERT_NO_FATAL_FAILURE(CheckHPKPReport(report, host_port_pair, true, kHost, |
| 1447 cert1.get(), cert2.get(), | 1458 cert1.get(), cert2.get(), |
| 1448 good_hashes)); | 1459 good_hashes)); |
| 1449 mock_report_sender.Clear(); | 1460 mock_report_sender.Clear(); |
| 1450 EXPECT_EQ(TransportSecurityState::PKPStatus::VIOLATED, | 1461 EXPECT_EQ(TransportSecurityState::PKPStatus::VIOLATED, |
| 1451 state.CheckPublicKeyPins(subdomain_host_port_pair, true, bad_hashes, | 1462 state.CheckPublicKeyPins(subdomain_host_port_pair, true, bad_hashes, |
| 1452 cert1.get(), cert2.get(), | 1463 cert1.get(), cert2.get(), |
| 1453 TransportSecurityState::ENABLE_PIN_REPORTS, | 1464 TransportSecurityState::ENABLE_PIN_REPORTS, |
| 1454 &failure_log)); | 1465 &failure_log)); |
| 1455 | 1466 |
| 1456 // Now a report should have been sent for the subdomain. Check that it | 1467 // Now a report should have been sent for the subdomain. Check that it |
| 1457 // contains the right information. | 1468 // contains the right information. |
| 1458 EXPECT_EQ(report_uri, mock_report_sender.latest_report_uri()); | 1469 EXPECT_EQ(report_uri, mock_report_sender.latest_report_uri()); |
| 1459 report = mock_report_sender.latest_report(); | 1470 report = mock_report_sender.latest_report(); |
| 1460 ASSERT_FALSE(report.empty()); | 1471 ASSERT_FALSE(report.empty()); |
| 1472 EXPECT_EQ("application/json; charset=utf-8", |
| 1473 mock_report_sender.latest_content_type()); |
| 1461 ASSERT_NO_FATAL_FAILURE(CheckHPKPReport(report, subdomain_host_port_pair, | 1474 ASSERT_NO_FATAL_FAILURE(CheckHPKPReport(report, subdomain_host_port_pair, |
| 1462 true, kHost, cert1.get(), cert2.get(), | 1475 true, kHost, cert1.get(), cert2.get(), |
| 1463 good_hashes)); | 1476 good_hashes)); |
| 1464 } | 1477 } |
| 1465 | 1478 |
| 1466 // Tests that a histogram entry is recorded when TransportSecurityState | 1479 // Tests that a histogram entry is recorded when TransportSecurityState |
| 1467 // fails to send an HPKP violation report. | 1480 // fails to send an HPKP violation report. |
| 1468 TEST_F(TransportSecurityStateTest, UMAOnHPKPReportingFailure) { | 1481 TEST_F(TransportSecurityStateTest, UMAOnHPKPReportingFailure) { |
| 1469 base::HistogramTester histograms; | 1482 base::HistogramTester histograms; |
| 1470 const std::string histogram_name = "Net.PublicKeyPinReportSendingFailure2"; | 1483 const std::string histogram_name = "Net.PublicKeyPinReportSendingFailure2"; |
| (...skipping 90 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1561 // violation. | 1574 // violation. |
| 1562 ssl_info.public_key_hashes.clear(); | 1575 ssl_info.public_key_hashes.clear(); |
| 1563 for (size_t i = 0; kBadPath[i]; i++) | 1576 for (size_t i = 0; kBadPath[i]; i++) |
| 1564 EXPECT_TRUE(AddHash(kBadPath[i], &ssl_info.public_key_hashes)); | 1577 EXPECT_TRUE(AddHash(kBadPath[i], &ssl_info.public_key_hashes)); |
| 1565 | 1578 |
| 1566 EXPECT_TRUE( | 1579 EXPECT_TRUE( |
| 1567 state.ProcessHPKPReportOnlyHeader(header, host_port_pair, ssl_info)); | 1580 state.ProcessHPKPReportOnlyHeader(header, host_port_pair, ssl_info)); |
| 1568 EXPECT_EQ(report_uri, mock_report_sender.latest_report_uri()); | 1581 EXPECT_EQ(report_uri, mock_report_sender.latest_report_uri()); |
| 1569 std::string report = mock_report_sender.latest_report(); | 1582 std::string report = mock_report_sender.latest_report(); |
| 1570 ASSERT_FALSE(report.empty()); | 1583 ASSERT_FALSE(report.empty()); |
| 1584 EXPECT_EQ("application/json; charset=utf-8", |
| 1585 mock_report_sender.latest_content_type()); |
| 1571 ASSERT_NO_FATAL_FAILURE(CheckHPKPReport(report, host_port_pair, true, kHost, | 1586 ASSERT_NO_FATAL_FAILURE(CheckHPKPReport(report, host_port_pair, true, kHost, |
| 1572 cert1.get(), cert2.get(), | 1587 cert1.get(), cert2.get(), |
| 1573 ssl_info.public_key_hashes)); | 1588 ssl_info.public_key_hashes)); |
| 1574 } | 1589 } |
| 1575 | 1590 |
| 1576 // Tests that Report-Only reports are not sent on certs that chain to | 1591 // Tests that Report-Only reports are not sent on certs that chain to |
| 1577 // local roots. | 1592 // local roots. |
| 1578 TEST_F(TransportSecurityStateTest, HPKPReportOnlyOnLocalRoot) { | 1593 TEST_F(TransportSecurityStateTest, HPKPReportOnlyOnLocalRoot) { |
| 1579 HostPortPair host_port_pair(kHost, kPort); | 1594 HostPortPair host_port_pair(kHost, kPort); |
| 1580 GURL report_uri(kReportUri); | 1595 GURL report_uri(kReportUri); |
| (...skipping 106 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1687 std::string failure_log; | 1702 std::string failure_log; |
| 1688 EXPECT_EQ(TransportSecurityState::PKPStatus::VIOLATED, | 1703 EXPECT_EQ(TransportSecurityState::PKPStatus::VIOLATED, |
| 1689 state.CheckPublicKeyPins( | 1704 state.CheckPublicKeyPins( |
| 1690 host_port_pair, true, bad_hashes, cert1.get(), cert2.get(), | 1705 host_port_pair, true, bad_hashes, cert1.get(), cert2.get(), |
| 1691 TransportSecurityState::ENABLE_PIN_REPORTS, &failure_log)); | 1706 TransportSecurityState::ENABLE_PIN_REPORTS, &failure_log)); |
| 1692 | 1707 |
| 1693 EXPECT_EQ(report_uri, mock_report_sender.latest_report_uri()); | 1708 EXPECT_EQ(report_uri, mock_report_sender.latest_report_uri()); |
| 1694 | 1709 |
| 1695 std::string report = mock_report_sender.latest_report(); | 1710 std::string report = mock_report_sender.latest_report(); |
| 1696 ASSERT_FALSE(report.empty()); | 1711 ASSERT_FALSE(report.empty()); |
| 1712 EXPECT_EQ("application/json; charset=utf-8", |
| 1713 mock_report_sender.latest_content_type()); |
| 1697 ASSERT_NO_FATAL_FAILURE(CheckHPKPReport( | 1714 ASSERT_NO_FATAL_FAILURE(CheckHPKPReport( |
| 1698 report, host_port_pair, pkp_state.include_subdomains, pkp_state.domain, | 1715 report, host_port_pair, pkp_state.include_subdomains, pkp_state.domain, |
| 1699 cert1.get(), cert2.get(), pkp_state.spki_hashes)); | 1716 cert1.get(), cert2.get(), pkp_state.spki_hashes)); |
| 1700 } | 1717 } |
| 1701 | 1718 |
| 1702 // Tests that report URIs are thrown out if they point to the same host, | 1719 // Tests that report URIs are thrown out if they point to the same host, |
| 1703 // over HTTPS, for which a pin was violated. | 1720 // over HTTPS, for which a pin was violated. |
| 1704 TEST_F(TransportSecurityStateTest, HPKPReportUriToSameHost) { | 1721 TEST_F(TransportSecurityStateTest, HPKPReportUriToSameHost) { |
| 1705 HostPortPair host_port_pair(kHost, kPort); | 1722 HostPortPair host_port_pair(kHost, kPort); |
| 1706 GURL https_report_uri("https://example.test/report"); | 1723 GURL https_report_uri("https://example.test/report"); |
| (...skipping 612 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2319 base::FieldTrialList::CreateFieldTrial("EnforceCTForProblematicRoots", | 2336 base::FieldTrialList::CreateFieldTrial("EnforceCTForProblematicRoots", |
| 2320 "disabled"); | 2337 "disabled"); |
| 2321 | 2338 |
| 2322 EXPECT_FALSE( | 2339 EXPECT_FALSE( |
| 2323 state.ShouldRequireCT("www.example.com", before_cert.get(), hashes)); | 2340 state.ShouldRequireCT("www.example.com", before_cert.get(), hashes)); |
| 2324 EXPECT_FALSE( | 2341 EXPECT_FALSE( |
| 2325 state.ShouldRequireCT("www.example.com", after_cert.get(), hashes)); | 2342 state.ShouldRequireCT("www.example.com", after_cert.get(), hashes)); |
| 2326 } | 2343 } |
| 2327 | 2344 |
| 2328 } // namespace net | 2345 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2374253010:
Add Content-Type header to net::ReportSender reports (Closed)
