components/certificate_transparency/log_dns_client_unittest.cc - Issue 2375693002: LogDnsClient now rejects responses unless they contain exactly one TXT RDATA string

Side by Side Diff: components/certificate_transparency/log_dns_client_unittest.cc

Issue 2375693002: LogDnsClient now rejects responses unless they contain exactly one TXT RDATA string (Closed)

Patch Set: Adds missing #include <numeric> Created 4 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

« no previous file with comments | « components/certificate_transparency/log_dns_client.cc ('k') | components/certificate_transparency/mock_log_dns_traffic.h » ('j') | components/certificate_transparency/mock_log_dns_traffic.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright 2016 The Chromium Authors. All rights reserved.	1 // Copyright 2016 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "components/certificate_transparency/log_dns_client.h"	5 #include "components/certificate_transparency/log_dns_client.h"

6	6

7 #include <memory>	7 #include <memory>

	8 #include <numeric>

8 #include <string>	9 #include <string>

9 #include <utility>	10 #include <utility>

10 #include <vector>	11 #include <vector>

11	12

12 #include "base/message_loop/message_loop.h"	13 #include "base/message_loop/message_loop.h"

13 #include "base/run_loop.h"	14 #include "base/run_loop.h"

14 #include "components/certificate_transparency/mock_log_dns_traffic.h"	15 #include "components/certificate_transparency/mock_log_dns_traffic.h"

15 #include "crypto/sha2.h"	16 #include "crypto/sha2.h"

16 #include "net/base/net_errors.h"	17 #include "net/base/net_errors.h"

17 #include "net/cert/merkle_audit_proof.h"	18 #include "net/cert/merkle_audit_proof.h"

(...skipping 128 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
146 // Queues and handles asynchronous DNS tasks. Indirectly used by LogDnsClient,	147 // Queues and handles asynchronous DNS tasks. Indirectly used by LogDnsClient,

147 // the underlying net::DnsClient, and NetworkChangeNotifier.	148 // the underlying net::DnsClient, and NetworkChangeNotifier.

148 base::MessageLoopForIO message_loop_;	149 base::MessageLoopForIO message_loop_;

149 // Allows mock DNS sockets to be setup.	150 // Allows mock DNS sockets to be setup.

150 MockLogDnsTraffic mock_dns_;	151 MockLogDnsTraffic mock_dns_;

151 };	152 };

152	153

153 TEST_P(LogDnsClientTest, QueryLeafIndex) {	154 TEST_P(LogDnsClientTest, QueryLeafIndex) {

154 mock_dns_.ExpectLeafIndexRequestAndResponse(	155 mock_dns_.ExpectLeafIndexRequestAndResponse(

155 "D4S6DSV2J743QJZEQMH4UYHEYK7KRQ5JIQOCPMFUHZVJNFGHXACA.hash.ct.test.",	156 "D4S6DSV2J743QJZEQMH4UYHEYK7KRQ5JIQOCPMFUHZVJNFGHXACA.hash.ct.test.",

156 "123456");	157 123456);

157	158

158 MockLeafIndexCallback callback;	159 MockLeafIndexCallback callback;

159 QueryLeafIndex("ct.test", kLeafHash, &callback);	160 QueryLeafIndex("ct.test", kLeafHash, &callback);

160 ASSERT_TRUE(callback.called());	161 ASSERT_TRUE(callback.called());

161 EXPECT_THAT(callback.net_error(), IsOk());	162 EXPECT_THAT(callback.net_error(), IsOk());

162 EXPECT_THAT(callback.leaf_index(), 123456);	163 EXPECT_THAT(callback.leaf_index(), 123456);

163 }	164 }

164	165

165 TEST_P(LogDnsClientTest, QueryLeafIndexReportsThatLogDomainDoesNotExist) {	166 TEST_P(LogDnsClientTest, QueryLeafIndexReportsThatLogDomainDoesNotExist) {

166 mock_dns_.ExpectRequestAndErrorResponse(	167 mock_dns_.ExpectRequestAndErrorResponse(

(...skipping 25 matching lines...) Expand all Loading...
192 net::dns_protocol::kRcodeREFUSED);	193 net::dns_protocol::kRcodeREFUSED);

193	194

194 MockLeafIndexCallback callback;	195 MockLeafIndexCallback callback;

195 QueryLeafIndex("ct.test", kLeafHash, &callback);	196 QueryLeafIndex("ct.test", kLeafHash, &callback);

196 ASSERT_TRUE(callback.called());	197 ASSERT_TRUE(callback.called());

197 EXPECT_THAT(callback.net_error(), IsError(net::ERR_DNS_SERVER_FAILED));	198 EXPECT_THAT(callback.net_error(), IsError(net::ERR_DNS_SERVER_FAILED));

198 EXPECT_THAT(callback.leaf_index(), 0);	199 EXPECT_THAT(callback.leaf_index(), 0);

199 }	200 }

200	201

201 TEST_P(LogDnsClientTest,	202 TEST_P(LogDnsClientTest,

	203 QueryLeafIndexReportsMalformedResponseIfContainsNoStrings) {

	204 mock_dns_.ExpectRequestAndResponse(

	205 "D4S6DSV2J743QJZEQMH4UYHEYK7KRQ5JIQOCPMFUHZVJNFGHXACA.hash.ct.test.",

	206 std::vector<base::StringPiece>());

	207

	208 MockLeafIndexCallback callback;

	209 QueryLeafIndex("ct.test", kLeafHash, &callback);

	210 ASSERT_TRUE(callback.called());

	211 EXPECT_THAT(callback.net_error(), IsError(net::ERR_DNS_MALFORMED_RESPONSE));

	212 EXPECT_THAT(callback.leaf_index(), 0);

	213 }

	214

	215 TEST_P(LogDnsClientTest,

	216 QueryLeafIndexReportsMalformedResponseIfContainsMoreThanOneString) {

	217 mock_dns_.ExpectRequestAndResponse(

	218 "D4S6DSV2J743QJZEQMH4UYHEYK7KRQ5JIQOCPMFUHZVJNFGHXACA.hash.ct.test.",

	219 {"123456", "7"});

	220

	221 MockLeafIndexCallback callback;

	222 QueryLeafIndex("ct.test", kLeafHash, &callback);

	223 ASSERT_TRUE(callback.called());

	224 EXPECT_THAT(callback.net_error(), IsError(net::ERR_DNS_MALFORMED_RESPONSE));

	225 EXPECT_THAT(callback.leaf_index(), 0);

	226 }

	227

	228 TEST_P(LogDnsClientTest,

202 QueryLeafIndexReportsMalformedResponseIfLeafIndexIsNotNumeric) {	229 QueryLeafIndexReportsMalformedResponseIfLeafIndexIsNotNumeric) {

203 mock_dns_.ExpectLeafIndexRequestAndResponse(	230 mock_dns_.ExpectRequestAndResponse(

204 "D4S6DSV2J743QJZEQMH4UYHEYK7KRQ5JIQOCPMFUHZVJNFGHXACA.hash.ct.test.",	231 "D4S6DSV2J743QJZEQMH4UYHEYK7KRQ5JIQOCPMFUHZVJNFGHXACA.hash.ct.test.",

205 "foo");	232 {"foo"});

206	233

207 MockLeafIndexCallback callback;	234 MockLeafIndexCallback callback;

208 QueryLeafIndex("ct.test", kLeafHash, &callback);	235 QueryLeafIndex("ct.test", kLeafHash, &callback);

209 ASSERT_TRUE(callback.called());	236 ASSERT_TRUE(callback.called());

210 EXPECT_THAT(callback.net_error(), IsError(net::ERR_DNS_MALFORMED_RESPONSE));	237 EXPECT_THAT(callback.net_error(), IsError(net::ERR_DNS_MALFORMED_RESPONSE));

211 EXPECT_THAT(callback.leaf_index(), 0);	238 EXPECT_THAT(callback.leaf_index(), 0);

212 }	239 }

213	240

214 TEST_P(LogDnsClientTest,	241 TEST_P(LogDnsClientTest,

215 QueryLeafIndexReportsMalformedResponseIfLeafIndexIsFloatingPoint) {	242 QueryLeafIndexReportsMalformedResponseIfLeafIndexIsFloatingPoint) {

216 mock_dns_.ExpectLeafIndexRequestAndResponse(	243 mock_dns_.ExpectRequestAndResponse(

217 "D4S6DSV2J743QJZEQMH4UYHEYK7KRQ5JIQOCPMFUHZVJNFGHXACA.hash.ct.test.",	244 "D4S6DSV2J743QJZEQMH4UYHEYK7KRQ5JIQOCPMFUHZVJNFGHXACA.hash.ct.test.",

218 "123456.0");	245 {"123456.0"});

219	246

220 MockLeafIndexCallback callback;	247 MockLeafIndexCallback callback;

221 QueryLeafIndex("ct.test", kLeafHash, &callback);	248 QueryLeafIndex("ct.test", kLeafHash, &callback);

222 ASSERT_TRUE(callback.called());	249 ASSERT_TRUE(callback.called());

223 EXPECT_THAT(callback.net_error(), IsError(net::ERR_DNS_MALFORMED_RESPONSE));	250 EXPECT_THAT(callback.net_error(), IsError(net::ERR_DNS_MALFORMED_RESPONSE));

224 EXPECT_THAT(callback.leaf_index(), 0);	251 EXPECT_THAT(callback.leaf_index(), 0);

225 }	252 }

226	253

227 TEST_P(LogDnsClientTest,	254 TEST_P(LogDnsClientTest,

228 QueryLeafIndexReportsMalformedResponseIfLeafIndexIsEmpty) {	255 QueryLeafIndexReportsMalformedResponseIfLeafIndexIsEmpty) {

229 mock_dns_.ExpectLeafIndexRequestAndResponse(	256 mock_dns_.ExpectRequestAndResponse(

230 "D4S6DSV2J743QJZEQMH4UYHEYK7KRQ5JIQOCPMFUHZVJNFGHXACA.hash.ct.test.", "");	257 "D4S6DSV2J743QJZEQMH4UYHEYK7KRQ5JIQOCPMFUHZVJNFGHXACA.hash.ct.test.",

	258 {""});

231	259

232 MockLeafIndexCallback callback;	260 MockLeafIndexCallback callback;

233 QueryLeafIndex("ct.test", kLeafHash, &callback);	261 QueryLeafIndex("ct.test", kLeafHash, &callback);

234 ASSERT_TRUE(callback.called());	262 ASSERT_TRUE(callback.called());

235 EXPECT_THAT(callback.net_error(), IsError(net::ERR_DNS_MALFORMED_RESPONSE));	263 EXPECT_THAT(callback.net_error(), IsError(net::ERR_DNS_MALFORMED_RESPONSE));

236 EXPECT_THAT(callback.leaf_index(), 0);	264 EXPECT_THAT(callback.leaf_index(), 0);

237 }	265 }

238	266

239 TEST_P(LogDnsClientTest,	267 TEST_P(LogDnsClientTest,

240 QueryLeafIndexReportsMalformedResponseIfLeafIndexHasNonNumericPrefix) {	268 QueryLeafIndexReportsMalformedResponseIfLeafIndexHasNonNumericPrefix) {

241 mock_dns_.ExpectLeafIndexRequestAndResponse(	269 mock_dns_.ExpectRequestAndResponse(

242 "D4S6DSV2J743QJZEQMH4UYHEYK7KRQ5JIQOCPMFUHZVJNFGHXACA.hash.ct.test.",	270 "D4S6DSV2J743QJZEQMH4UYHEYK7KRQ5JIQOCPMFUHZVJNFGHXACA.hash.ct.test.",

243 "foo123456");	271 {"foo123456"});

244	272

245 MockLeafIndexCallback callback;	273 MockLeafIndexCallback callback;

246 QueryLeafIndex("ct.test", kLeafHash, &callback);	274 QueryLeafIndex("ct.test", kLeafHash, &callback);

247 ASSERT_TRUE(callback.called());	275 ASSERT_TRUE(callback.called());

248 EXPECT_THAT(callback.net_error(), IsError(net::ERR_DNS_MALFORMED_RESPONSE));	276 EXPECT_THAT(callback.net_error(), IsError(net::ERR_DNS_MALFORMED_RESPONSE));

249 EXPECT_THAT(callback.leaf_index(), 0);	277 EXPECT_THAT(callback.leaf_index(), 0);

250 }	278 }

251	279

252 TEST_P(LogDnsClientTest,	280 TEST_P(LogDnsClientTest,

253 QueryLeafIndexReportsMalformedResponseIfLeafIndexHasNonNumericSuffix) {	281 QueryLeafIndexReportsMalformedResponseIfLeafIndexHasNonNumericSuffix) {

254 mock_dns_.ExpectLeafIndexRequestAndResponse(	282 mock_dns_.ExpectRequestAndResponse(

255 "D4S6DSV2J743QJZEQMH4UYHEYK7KRQ5JIQOCPMFUHZVJNFGHXACA.hash.ct.test.",	283 "D4S6DSV2J743QJZEQMH4UYHEYK7KRQ5JIQOCPMFUHZVJNFGHXACA.hash.ct.test.",

256 "123456foo");	284 {"123456foo"});

257	285

258 MockLeafIndexCallback callback;	286 MockLeafIndexCallback callback;

259 QueryLeafIndex("ct.test", kLeafHash, &callback);	287 QueryLeafIndex("ct.test", kLeafHash, &callback);

260 ASSERT_TRUE(callback.called());	288 ASSERT_TRUE(callback.called());

261 EXPECT_THAT(callback.net_error(), IsError(net::ERR_DNS_MALFORMED_RESPONSE));	289 EXPECT_THAT(callback.net_error(), IsError(net::ERR_DNS_MALFORMED_RESPONSE));

262 EXPECT_THAT(callback.leaf_index(), 0);	290 EXPECT_THAT(callback.leaf_index(), 0);

263 }	291 }

264	292

265 TEST_P(LogDnsClientTest, QueryLeafIndexReportsInvalidArgIfLogDomainIsEmpty) {	293 TEST_P(LogDnsClientTest, QueryLeafIndexReportsInvalidArgIfLogDomainIsEmpty) {

266 MockLeafIndexCallback callback;	294 MockLeafIndexCallback callback;

(...skipping 143 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
410 net::dns_protocol::kRcodeREFUSED);	438 net::dns_protocol::kRcodeREFUSED);

411	439

412 MockAuditProofCallback callback;	440 MockAuditProofCallback callback;

413 QueryAuditProof("ct.test", 123456, 999999, &callback);	441 QueryAuditProof("ct.test", 123456, 999999, &callback);

414 ASSERT_TRUE(callback.called());	442 ASSERT_TRUE(callback.called());

415 EXPECT_THAT(callback.net_error(), IsError(net::ERR_DNS_SERVER_FAILED));	443 EXPECT_THAT(callback.net_error(), IsError(net::ERR_DNS_SERVER_FAILED));

416 EXPECT_THAT(callback.proof(), IsNull());	444 EXPECT_THAT(callback.proof(), IsNull());

417 }	445 }

418	446

419 TEST_P(LogDnsClientTest,	447 TEST_P(LogDnsClientTest,

	448 QueryAuditProofReportsResponseMalformedIfContainsNoStrings) {

	449 mock_dns_.ExpectRequestAndResponse("0.123456.999999.tree.ct.test.",

	450 std::vector<base::StringPiece>());

	451

	452 MockAuditProofCallback callback;

	453 QueryAuditProof("ct.test", 123456, 999999, &callback);

	454 ASSERT_TRUE(callback.called());

	455 EXPECT_THAT(callback.net_error(), IsError(net::ERR_DNS_MALFORMED_RESPONSE));

	456 EXPECT_THAT(callback.proof(), IsNull());

	457 }

	458

	459 TEST_P(LogDnsClientTest,

	460 QueryAuditProofReportsResponseMalformedIfContainsMoreThanOneString) {

	461 // The CT-over-DNS draft RFC states that the response will contain "exactly

	462 // one character-string."

	463 const std::vector<std::string> audit_proof = GetSampleAuditProof(10);

	464

	465 std::string first_chunk_of_proof = std::accumulate(

	466 audit_proof.begin(), audit_proof.begin() + 7, std::string());

	467 std::string second_chunk_of_proof = std::accumulate(

	468 audit_proof.begin() + 7, audit_proof.end(), std::string());

	469

	470 mock_dns_.ExpectRequestAndResponse(

	471 "0.123456.999999.tree.ct.test.",

	472 {first_chunk_of_proof, second_chunk_of_proof});

	473

	474 MockAuditProofCallback callback;

	475 QueryAuditProof("ct.test", 123456, 999999, &callback);

	476 ASSERT_TRUE(callback.called());

	477 EXPECT_THAT(callback.net_error(), IsError(net::ERR_DNS_MALFORMED_RESPONSE));

	478 EXPECT_THAT(callback.proof(), IsNull());

	479 }

	480

	481 TEST_P(LogDnsClientTest,

420 QueryAuditProofReportsResponseMalformedIfNodeTooShort) {	482 QueryAuditProofReportsResponseMalformedIfNodeTooShort) {

421 // node is shorter than a SHA-256 hash (31 vs 32 bytes)	483 // node is shorter than a SHA-256 hash (31 vs 32 bytes)

422 const std::vector<std::string> audit_proof(1, std::string(31, 'a'));	484 const std::vector<std::string> audit_proof(1, std::string(31, 'a'));

423	485

424 mock_dns_.ExpectAuditProofRequestAndResponse(	486 mock_dns_.ExpectAuditProofRequestAndResponse(

425 "0.123456.999999.tree.ct.test.", audit_proof.begin(), audit_proof.end());	487 "0.123456.999999.tree.ct.test.", audit_proof.begin(), audit_proof.end());

426	488

427 MockAuditProofCallback callback;	489 MockAuditProofCallback callback;

428 QueryAuditProof("ct.test", 123456, 999999, &callback);	490 QueryAuditProof("ct.test", 123456, 999999, &callback);

429 ASSERT_TRUE(callback.called());	491 ASSERT_TRUE(callback.called());

(...skipping 115 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
545 EXPECT_THAT(dns_client->GetConfig()->nameservers, Not(IsEmpty()));	607 EXPECT_THAT(dns_client->GetConfig()->nameservers, Not(IsEmpty()));

546 }	608 }

547	609

548 INSTANTIATE_TEST_CASE_P(ReadMode,	610 INSTANTIATE_TEST_CASE_P(ReadMode,

549 LogDnsClientTest,	611 LogDnsClientTest,

550 ::testing::Values(net::IoMode::ASYNC,	612 ::testing::Values(net::IoMode::ASYNC,

551 net::IoMode::SYNCHRONOUS));	613 net::IoMode::SYNCHRONOUS));

552	614

553 } // namespace	615 } // namespace

554 } // namespace certificate_transparency	616 } // namespace certificate_transparency

OLD	NEW