Chromium Code Reviews Chromium Code Reviews
Issue 2660793002:
Add transport security state generator tests. (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2016 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/tools/transport_security_state_generator/preloaded_state_generator .h" | 5 #include "net/tools/transport_security_state_generator/preloaded_state_generator .h" |
| 6 | 6 |
| 7 #include <iostream> | |
| 8 | |
| 9 #include <string> | 7 #include <string> |
| 10 | 8 |
| 11 #include "base/strings/string_util.h" | 9 #include "base/strings/string_util.h" |
| 12 #include "base/strings/stringprintf.h" | 10 #include "base/strings/stringprintf.h" |
| 13 #include "net/tools/transport_security_state_generator/cert_util.h" | 11 #include "net/tools/transport_security_state_generator/cert_util.h" |
| 14 #include "net/tools/transport_security_state_generator/huffman/huffman_builder.h " | 12 #include "net/tools/transport_security_state_generator/huffman/huffman_builder.h " |
| 15 #include "net/tools/transport_security_state_generator/spki_hash.h" | 13 #include "net/tools/transport_security_state_generator/spki_hash.h" |
| 16 | 14 |
| 17 namespace net { | 15 namespace net { |
| 18 | 16 |
| (...skipping 103 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 122 | 120 |
| 123 return huffman_builder.ToTable(); | 121 return huffman_builder.ToTable(); |
| 124 } | 122 } |
| 125 | 123 |
| 126 } // namespace | 124 } // namespace |
| 127 | 125 |
| 128 PreloadedStateGenerator::PreloadedStateGenerator() {} | 126 PreloadedStateGenerator::PreloadedStateGenerator() {} |
| 129 | 127 |
| 130 PreloadedStateGenerator::~PreloadedStateGenerator() {} | 128 PreloadedStateGenerator::~PreloadedStateGenerator() {} |
| 131 | 129 |
| 132 std::string PreloadedStateGenerator::Generate( | 130 bool PreloadedStateGenerator::Generate( |
| 133 const std::string& preload_template, | 131 const std::string& preload_template, |
| 134 const TransportSecurityStateEntries& entries, | 132 const TransportSecurityStateEntries& entries, |
| 135 const DomainIDList& domain_ids, | 133 const DomainIDList& domain_ids, |
| 136 const Pinsets& pinsets, | 134 const Pinsets& pinsets, |
| 137 bool verbose) { | 135 std::string* output) { |
| 138 std::string output = preload_template; | 136 DCHECK(output); |
| 137 *output = preload_template; | |
| 139 | 138 |
| 140 NameIDMap domain_ids_map; | 139 NameIDMap domain_ids_map; |
| 141 ProcessDomainIds(domain_ids, &domain_ids_map, &output); | 140 ProcessDomainIds(domain_ids, &domain_ids_map, output); |
| 142 | 141 |
| 143 ProcessSPKIHashes(pinsets, &output); | 142 ProcessSPKIHashes(pinsets, output); |
| 144 | 143 |
| 145 NameIDMap expect_ct_report_uri_map; | 144 NameIDMap expect_ct_report_uri_map; |
| 146 ProcessExpectCTURIs(entries, &expect_ct_report_uri_map, &output); | 145 ProcessExpectCTURIs(entries, &expect_ct_report_uri_map, output); |
| 147 | 146 |
| 148 NameIDMap expect_staple_report_uri_map; | 147 NameIDMap expect_staple_report_uri_map; |
| 149 ProcessExpectStapleURIs(entries, &expect_staple_report_uri_map, &output); | 148 ProcessExpectStapleURIs(entries, &expect_staple_report_uri_map, output); |
| 150 | 149 |
| 151 NameIDMap pinsets_map; | 150 NameIDMap pinsets_map; |
| 152 ProcessPinsets(pinsets, &pinsets_map, &output); | 151 ProcessPinsets(pinsets, &pinsets_map, output); |
| 153 | 152 |
| 154 // The trie generation process is ran twice, the first time using an | 153 // The trie generation process is ran twice, the first time using an |
| 155 // approximate Huffman table. During this first run, the correct character | 154 // approximate Huffman table. During this first run, the correct character |
| 156 // frequencies are collected which are then used to calculate the most space | 155 // frequencies are collected which are then used to calculate the most space |
| 157 // efficient Huffman table for the given inputs. This table is used for the | 156 // efficient Huffman table for the given inputs. This table is used for the |
| 158 // second run. | 157 // second run. |
| 159 HuffmanRepresentationTable table = ApproximateHuffman(entries); | 158 HuffmanRepresentationTable table = ApproximateHuffman(entries); |
| 160 HuffmanBuilder huffman_builder; | 159 HuffmanBuilder huffman_builder; |
| 161 TrieWriter writer(table, domain_ids_map, expect_ct_report_uri_map, | 160 TrieWriter writer(table, domain_ids_map, expect_ct_report_uri_map, |
| 162 expect_staple_report_uri_map, pinsets_map, | 161 expect_staple_report_uri_map, pinsets_map, |
| 163 &huffman_builder); | 162 &huffman_builder); |
| 164 writer.WriteEntries(entries); | 163 uint32_t root_position; |
| 165 uint32_t initial_length = writer.position(); | 164 bool success = writer.WriteEntries(entries, &root_position); |
| 166 | 165 |
| 167 HuffmanRepresentationTable optimal_table = huffman_builder.ToTable(); | 166 HuffmanRepresentationTable optimal_table = huffman_builder.ToTable(); |
| 168 TrieWriter new_writer(optimal_table, domain_ids_map, expect_ct_report_uri_map, | 167 TrieWriter new_writer(optimal_table, domain_ids_map, expect_ct_report_uri_map, |
| 169 expect_staple_report_uri_map, pinsets_map, nullptr); | 168 expect_staple_report_uri_map, pinsets_map, nullptr); |
| 170 | 169 |
| 171 uint32_t root_position = new_writer.WriteEntries(entries); | 170 success = success && new_writer.WriteEntries(entries, &root_position); |
| 172 uint32_t new_length = new_writer.position(); | 171 uint32_t new_length = new_writer.position(); |
| 173 | 172 |
| 174 std::vector<uint8_t> huffman_tree = huffman_builder.ToVector(); | 173 std::vector<uint8_t> huffman_tree = huffman_builder.ToVector(); |
| 175 | 174 |
| 176 new_writer.Flush(); | 175 new_writer.Flush(); |
| 177 | 176 |
| 178 ReplaceTag("HUFFMAN_TREE", FormatVectorAsArray(huffman_tree), &output); | 177 ReplaceTag("HUFFMAN_TREE", FormatVectorAsArray(huffman_tree), output); |
| 179 ReplaceTag("HSTS_TRIE", FormatVectorAsArray(new_writer.bytes()), &output); | 178 ReplaceTag("HSTS_TRIE", FormatVectorAsArray(new_writer.bytes()), output); |
| 180 | 179 |
| 181 ReplaceTag("HSTS_TRIE_BITS", std::to_string(new_length), &output); | 180 ReplaceTag("HSTS_TRIE_BITS", std::to_string(new_length), output); |
| 182 ReplaceTag("HSTS_TRIE_ROOT", std::to_string(root_position), &output); | 181 ReplaceTag("HSTS_TRIE_ROOT", std::to_string(root_position), output); |
| 183 | 182 |
| 184 if (verbose) { | 183 return success; |
| 185 std::cout << "Saved " << std::to_string(initial_length - new_length) | |
| 186 << " bits by using accurate Huffman counts." << std::endl; | |
| 187 std::cout << "Bit length " << std::to_string(new_length) << std::endl; | |
| 188 std::cout << "Root position " << std::to_string(root_position) << std::endl; | |
| 189 } | |
| 190 | |
| 191 return output; | |
| 192 } | 184 } |
| 193 | 185 |
| 194 void PreloadedStateGenerator::ProcessDomainIds(const DomainIDList& domain_ids, | 186 void PreloadedStateGenerator::ProcessDomainIds(const DomainIDList& domain_ids, |
| 195 NameIDMap* map, | 187 NameIDMap* map, |
| 196 std::string* tpl) { | 188 std::string* tpl) { |
| 197 std::string output = "{"; | 189 std::string output = "{"; |
| 198 output.append(kNewLine); | 190 output.append(kNewLine); |
| 199 | 191 |
| 200 for (size_t i = 0; i < domain_ids.size(); ++i) { | 192 for (size_t i = 0; i < domain_ids.size(); ++i) { |
| 201 const std::string& current = domain_ids.at(i); | 193 const std::string& current = domain_ids.at(i); |
| (...skipping 66 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 268 output.append(kIndent); | 260 output.append(kIndent); |
| 269 output.append("\"" + entry->expect_ct_report_uri + "\","); | 261 output.append("\"" + entry->expect_ct_report_uri + "\","); |
| 270 output.append(kNewLine); | 262 output.append(kNewLine); |
| 271 | 263 |
| 272 expect_ct_report_uri_map->insert( | 264 expect_ct_report_uri_map->insert( |
| 273 NameIDPair(entry->expect_ct_report_uri, | 265 NameIDPair(entry->expect_ct_report_uri, |
| 274 static_cast<uint32_t>(expect_ct_report_uri_map->size()))); | 266 static_cast<uint32_t>(expect_ct_report_uri_map->size()))); |
| 275 } | 267 } |
| 276 } | 268 } |
| 277 | 269 |
| 270 output.append(kIndent); | |
|
martijnc
2017/02/08 20:58:21
There are tests without Expect-CT and Expect-Stapl
| |
| 271 output.append(kIndent); | |
| 272 output.append("NULL,"); | |
| 273 output.append(kNewLine); | |
| 274 | |
| 278 output.append("}"); | 275 output.append("}"); |
| 279 ReplaceTag("EXPECT_CT_REPORT_URIS", output, tpl); | 276 ReplaceTag("EXPECT_CT_REPORT_URIS", output, tpl); |
| 280 } | 277 } |
| 281 | 278 |
| 282 void PreloadedStateGenerator::ProcessExpectStapleURIs( | 279 void PreloadedStateGenerator::ProcessExpectStapleURIs( |
| 283 const TransportSecurityStateEntries& entries, | 280 const TransportSecurityStateEntries& entries, |
| 284 NameIDMap* expect_staple_report_uri_map, | 281 NameIDMap* expect_staple_report_uri_map, |
| 285 std::string* tpl) { | 282 std::string* tpl) { |
| 286 std::string output = "{"; | 283 std::string output = "{"; |
| 287 output.append(kNewLine); | 284 output.append(kNewLine); |
| 288 | 285 |
| 289 for (const auto& entry : entries) { | 286 for (const auto& entry : entries) { |
| 290 const std::string& url = entry->expect_staple_report_uri; | 287 const std::string& url = entry->expect_staple_report_uri; |
| 291 if (entry->expect_staple && url.size() && | 288 if (entry->expect_staple && url.size() && |
| 292 expect_staple_report_uri_map->find(url) == | 289 expect_staple_report_uri_map->find(url) == |
| 293 expect_staple_report_uri_map->cend()) { | 290 expect_staple_report_uri_map->cend()) { |
| 294 output.append(kIndent); | 291 output.append(kIndent); |
| 295 output.append(kIndent); | 292 output.append(kIndent); |
| 296 output.append("\"" + entry->expect_staple_report_uri + "\","); | 293 output.append("\"" + entry->expect_staple_report_uri + "\","); |
| 297 output.append(kNewLine); | 294 output.append(kNewLine); |
| 298 | 295 |
| 299 expect_staple_report_uri_map->insert(NameIDPair( | 296 expect_staple_report_uri_map->insert(NameIDPair( |
| 300 entry->expect_staple_report_uri, | 297 entry->expect_staple_report_uri, |
| 301 static_cast<uint32_t>(expect_staple_report_uri_map->size()))); | 298 static_cast<uint32_t>(expect_staple_report_uri_map->size()))); |
| 302 } | 299 } |
| 303 } | 300 } |
| 304 | 301 |
| 302 output.append(kIndent); | |
| 303 output.append(kIndent); | |
| 304 output.append("NULL,"); | |
| 305 output.append(kNewLine); | |
| 306 | |
| 305 output.append("}"); | 307 output.append("}"); |
| 306 ReplaceTag("EXPECT_STAPLE_REPORT_URIS", output, tpl); | 308 ReplaceTag("EXPECT_STAPLE_REPORT_URIS", output, tpl); |
| 307 } | 309 } |
| 308 | 310 |
| 309 void PreloadedStateGenerator::ProcessPinsets(const Pinsets& pinset, | 311 void PreloadedStateGenerator::ProcessPinsets(const Pinsets& pinset, |
| 310 NameIDMap* pinset_map, | 312 NameIDMap* pinset_map, |
| 311 std::string* tpl) { | 313 std::string* tpl) { |
| 312 std::string certs_output; | 314 std::string certs_output; |
| 313 std::string pinsets_output = "{"; | 315 std::string pinsets_output = "{"; |
| 314 pinsets_output.append(kNewLine); | 316 pinsets_output.append(kNewLine); |
| (...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 358 | 360 |
| 359 base::TrimString(certs_output, kNewLine, &certs_output); | 361 base::TrimString(certs_output, kNewLine, &certs_output); |
| 360 | 362 |
| 361 ReplaceTag("ACCEPTABLE_CERTS", certs_output, tpl); | 363 ReplaceTag("ACCEPTABLE_CERTS", certs_output, tpl); |
| 362 ReplaceTag("PINSETS", pinsets_output, tpl); | 364 ReplaceTag("PINSETS", pinsets_output, tpl); |
| 363 } | 365 } |
| 364 | 366 |
| 365 } // namespace transport_security_state | 367 } // namespace transport_security_state |
| 366 | 368 |
| 367 } // namespace net | 369 } // namespace net |
| OLD | NEW |
