OLD | NEW |
---|---|
1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/ssl/chrome_expect_ct_reporter.h" | 5 #include "chrome/browser/ssl/chrome_expect_ct_reporter.h" |
6 | 6 |
7 #include <string> | 7 #include <string> |
8 | 8 |
9 #include "base/base64.h" | 9 #include "base/base64.h" |
10 #include "base/command_line.h" | 10 #include "base/command_line.h" |
(...skipping 218 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
229 } | 229 } |
230 } | 230 } |
231 } | 231 } |
232 | 232 |
233 // Checks that the |serialized_report| deserializes properly and | 233 // Checks that the |serialized_report| deserializes properly and |
234 // contains the correct information (hostname, port, served and | 234 // contains the correct information (hostname, port, served and |
235 // validated certificate chains, SCTs) for the given |host_port| and | 235 // validated certificate chains, SCTs) for the given |host_port| and |
236 // |ssl_info|. | 236 // |ssl_info|. |
237 void CheckExpectCTReport(const std::string& serialized_report, | 237 void CheckExpectCTReport(const std::string& serialized_report, |
238 const net::HostPortPair& host_port, | 238 const net::HostPortPair& host_port, |
239 const std::string expiration_time, | |
meacer
2017/06/20 00:28:10
nit: expiration_date to be consistent with the fie
estark
2017/06/20 21:45:01
Done.
| |
239 const net::SSLInfo& ssl_info) { | 240 const net::SSLInfo& ssl_info) { |
240 std::unique_ptr<base::Value> value(base::JSONReader::Read(serialized_report)); | 241 std::unique_ptr<base::Value> value(base::JSONReader::Read(serialized_report)); |
241 ASSERT_TRUE(value); | 242 ASSERT_TRUE(value); |
242 ASSERT_TRUE(value->IsType(base::Value::Type::DICTIONARY)); | 243 ASSERT_TRUE(value->IsType(base::Value::Type::DICTIONARY)); |
243 | 244 |
244 base::DictionaryValue* report_dict; | 245 base::DictionaryValue* report_dict; |
245 ASSERT_TRUE(value->GetAsDictionary(&report_dict)); | 246 ASSERT_TRUE(value->GetAsDictionary(&report_dict)); |
246 | 247 |
247 std::string report_hostname; | 248 std::string report_hostname; |
248 EXPECT_TRUE(report_dict->GetString("hostname", &report_hostname)); | 249 EXPECT_TRUE(report_dict->GetString("hostname", &report_hostname)); |
249 EXPECT_EQ(host_port.host(), report_hostname); | 250 EXPECT_EQ(host_port.host(), report_hostname); |
250 int report_port; | 251 int report_port; |
251 EXPECT_TRUE(report_dict->GetInteger("port", &report_port)); | 252 EXPECT_TRUE(report_dict->GetInteger("port", &report_port)); |
252 EXPECT_EQ(host_port.port(), report_port); | 253 EXPECT_EQ(host_port.port(), report_port); |
253 | 254 |
255 std::string expiration; | |
256 EXPECT_TRUE(report_dict->GetString("effective-expiration-date", &expiration)); | |
257 EXPECT_EQ(expiration_time, expiration); | |
258 | |
254 const base::ListValue* report_served_certificate_chain = nullptr; | 259 const base::ListValue* report_served_certificate_chain = nullptr; |
255 ASSERT_TRUE(report_dict->GetList("served-certificate-chain", | 260 ASSERT_TRUE(report_dict->GetList("served-certificate-chain", |
256 &report_served_certificate_chain)); | 261 &report_served_certificate_chain)); |
257 ASSERT_NO_FATAL_FAILURE(CheckReportCertificateChain( | 262 ASSERT_NO_FATAL_FAILURE(CheckReportCertificateChain( |
258 ssl_info.unverified_cert, *report_served_certificate_chain)); | 263 ssl_info.unverified_cert, *report_served_certificate_chain)); |
259 | 264 |
260 const base::ListValue* report_validated_certificate_chain = nullptr; | 265 const base::ListValue* report_validated_certificate_chain = nullptr; |
261 ASSERT_TRUE(report_dict->GetList("validated-certificate-chain", | 266 ASSERT_TRUE(report_dict->GetList("validated-certificate-chain", |
262 &report_validated_certificate_chain)); | 267 &report_validated_certificate_chain)); |
263 ASSERT_NO_FATAL_FAILURE(CheckReportCertificateChain( | 268 ASSERT_NO_FATAL_FAILURE(CheckReportCertificateChain( |
(...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
315 void TearDown() override { | 320 void TearDown() override { |
316 net::URLRequestFilter::GetInstance()->ClearHandlers(); | 321 net::URLRequestFilter::GetInstance()->ClearHandlers(); |
317 } | 322 } |
318 | 323 |
319 net::TestURLRequestContext* context() { return context_.get(); } | 324 net::TestURLRequestContext* context() { return context_.get(); } |
320 | 325 |
321 protected: | 326 protected: |
322 void SendReport(ChromeExpectCTReporter* reporter, | 327 void SendReport(ChromeExpectCTReporter* reporter, |
323 const net::HostPortPair& host_port, | 328 const net::HostPortPair& host_port, |
324 const GURL& report_uri, | 329 const GURL& report_uri, |
330 base::Time expiration, | |
325 const net::SSLInfo& ssl_info) { | 331 const net::SSLInfo& ssl_info) { |
326 base::RunLoop run_loop; | 332 base::RunLoop run_loop; |
327 network_delegate_.set_url_request_destroyed_callback( | 333 network_delegate_.set_url_request_destroyed_callback( |
328 run_loop.QuitClosure()); | 334 run_loop.QuitClosure()); |
329 reporter->OnExpectCTFailed(host_port, report_uri, ssl_info.cert.get(), | 335 reporter->OnExpectCTFailed( |
330 ssl_info.unverified_cert.get(), | 336 host_port, report_uri, expiration, ssl_info.cert.get(), |
331 ssl_info.signed_certificate_timestamps); | 337 ssl_info.unverified_cert.get(), ssl_info.signed_certificate_timestamps); |
332 run_loop.Run(); | 338 run_loop.Run(); |
333 } | 339 } |
334 | 340 |
335 private: | 341 private: |
336 TestExpectCTNetworkDelegate network_delegate_; | 342 TestExpectCTNetworkDelegate network_delegate_; |
337 std::unique_ptr<net::TestURLRequestContext> context_; | 343 std::unique_ptr<net::TestURLRequestContext> context_; |
338 content::TestBrowserThreadBundle thread_bundle_; | 344 content::TestBrowserThreadBundle thread_bundle_; |
339 | 345 |
340 DISALLOW_COPY_AND_ASSIGN(ChromeExpectCTReporterWaitTest); | 346 DISALLOW_COPY_AND_ASSIGN(ChromeExpectCTReporterWaitTest); |
341 }; | 347 }; |
(...skipping 18 matching lines...) Expand all Loading... | |
360 | 366 |
361 net::SSLInfo ssl_info; | 367 net::SSLInfo ssl_info; |
362 ssl_info.cert = | 368 ssl_info.cert = |
363 net::ImportCertFromFile(net::GetTestCertsDirectory(), "ok_cert.pem"); | 369 net::ImportCertFromFile(net::GetTestCertsDirectory(), "ok_cert.pem"); |
364 ssl_info.unverified_cert = net::ImportCertFromFile( | 370 ssl_info.unverified_cert = net::ImportCertFromFile( |
365 net::GetTestCertsDirectory(), "localhost_cert.pem"); | 371 net::GetTestCertsDirectory(), "localhost_cert.pem"); |
366 | 372 |
367 net::HostPortPair host_port("example.test", 443); | 373 net::HostPortPair host_port("example.test", 443); |
368 GURL report_uri("http://example-report.test"); | 374 GURL report_uri("http://example-report.test"); |
369 | 375 |
370 reporter.OnExpectCTFailed(host_port, report_uri, ssl_info.cert.get(), | 376 reporter.OnExpectCTFailed(host_port, report_uri, base::Time(), |
371 ssl_info.unverified_cert.get(), | 377 ssl_info.cert.get(), ssl_info.unverified_cert.get(), |
372 ssl_info.signed_certificate_timestamps); | 378 ssl_info.signed_certificate_timestamps); |
373 EXPECT_TRUE(sender->latest_report_uri().is_empty()); | 379 EXPECT_TRUE(sender->latest_report_uri().is_empty()); |
374 EXPECT_TRUE(sender->latest_serialized_report().empty()); | 380 EXPECT_TRUE(sender->latest_serialized_report().empty()); |
375 | 381 |
376 histograms.ExpectTotalCount(kSendHistogramName, 0); | 382 histograms.ExpectTotalCount(kSendHistogramName, 0); |
377 } | 383 } |
378 | 384 |
379 // Test that no report is sent if the report URI is empty. | 385 // Test that no report is sent if the report URI is empty. |
380 TEST(ChromeExpectCTReporterTest, EmptyReportURI) { | 386 TEST(ChromeExpectCTReporterTest, EmptyReportURI) { |
381 base::MessageLoop message_loop; | 387 base::MessageLoop message_loop; |
382 base::HistogramTester histograms; | 388 base::HistogramTester histograms; |
383 histograms.ExpectTotalCount(kSendHistogramName, 0); | 389 histograms.ExpectTotalCount(kSendHistogramName, 0); |
384 | 390 |
385 TestCertificateReportSender* sender = new TestCertificateReportSender(); | 391 TestCertificateReportSender* sender = new TestCertificateReportSender(); |
386 net::TestURLRequestContext context; | 392 net::TestURLRequestContext context; |
387 ChromeExpectCTReporter reporter(&context); | 393 ChromeExpectCTReporter reporter(&context); |
388 reporter.report_sender_.reset(sender); | 394 reporter.report_sender_.reset(sender); |
389 EXPECT_TRUE(sender->latest_report_uri().is_empty()); | 395 EXPECT_TRUE(sender->latest_report_uri().is_empty()); |
390 EXPECT_TRUE(sender->latest_serialized_report().empty()); | 396 EXPECT_TRUE(sender->latest_serialized_report().empty()); |
391 | 397 |
392 reporter.OnExpectCTFailed(net::HostPortPair(), GURL(), nullptr, nullptr, | 398 reporter.OnExpectCTFailed(net::HostPortPair(), GURL(), base::Time(), nullptr, |
399 nullptr, | |
393 net::SignedCertificateTimestampAndStatusList()); | 400 net::SignedCertificateTimestampAndStatusList()); |
394 EXPECT_TRUE(sender->latest_report_uri().is_empty()); | 401 EXPECT_TRUE(sender->latest_report_uri().is_empty()); |
395 EXPECT_TRUE(sender->latest_serialized_report().empty()); | 402 EXPECT_TRUE(sender->latest_serialized_report().empty()); |
396 | 403 |
397 histograms.ExpectTotalCount(kSendHistogramName, 0); | 404 histograms.ExpectTotalCount(kSendHistogramName, 0); |
398 } | 405 } |
399 | 406 |
400 // Test that if a report fails to send, the UMA metric is recorded. | 407 // Test that if a report fails to send, the UMA metric is recorded. |
401 TEST_F(ChromeExpectCTReporterWaitTest, SendReportFailure) { | 408 TEST_F(ChromeExpectCTReporterWaitTest, SendReportFailure) { |
402 base::HistogramTester histograms; | 409 base::HistogramTester histograms; |
403 histograms.ExpectTotalCount(kFailureHistogramName, 0); | 410 histograms.ExpectTotalCount(kFailureHistogramName, 0); |
404 histograms.ExpectTotalCount(kSendHistogramName, 0); | 411 histograms.ExpectTotalCount(kSendHistogramName, 0); |
405 | 412 |
406 ChromeExpectCTReporter reporter(context()); | 413 ChromeExpectCTReporter reporter(context()); |
407 | 414 |
408 net::SSLInfo ssl_info; | 415 net::SSLInfo ssl_info; |
409 ssl_info.cert = | 416 ssl_info.cert = |
410 net::ImportCertFromFile(net::GetTestCertsDirectory(), "ok_cert.pem"); | 417 net::ImportCertFromFile(net::GetTestCertsDirectory(), "ok_cert.pem"); |
411 ssl_info.unverified_cert = net::ImportCertFromFile( | 418 ssl_info.unverified_cert = net::ImportCertFromFile( |
412 net::GetTestCertsDirectory(), "localhost_cert.pem"); | 419 net::GetTestCertsDirectory(), "localhost_cert.pem"); |
413 | 420 |
414 net::HostPortPair host_port("example.test", 443); | 421 net::HostPortPair host_port("example.test", 443); |
415 GURL report_uri( | 422 GURL report_uri( |
416 net::URLRequestFailedJob::GetMockHttpUrl(net::ERR_CONNECTION_FAILED)); | 423 net::URLRequestFailedJob::GetMockHttpUrl(net::ERR_CONNECTION_FAILED)); |
417 | 424 |
418 SendReport(&reporter, host_port, report_uri, ssl_info); | 425 SendReport(&reporter, host_port, report_uri, base::Time(), ssl_info); |
419 | 426 |
420 histograms.ExpectTotalCount(kFailureHistogramName, 1); | 427 histograms.ExpectTotalCount(kFailureHistogramName, 1); |
421 histograms.ExpectBucketCount(kFailureHistogramName, | 428 histograms.ExpectBucketCount(kFailureHistogramName, |
422 -net::ERR_CONNECTION_FAILED, 1); | 429 -net::ERR_CONNECTION_FAILED, 1); |
423 histograms.ExpectTotalCount(kSendHistogramName, 1); | 430 histograms.ExpectTotalCount(kSendHistogramName, 1); |
424 histograms.ExpectBucketCount(kSendHistogramName, true, 1); | 431 histograms.ExpectBucketCount(kSendHistogramName, true, 1); |
425 } | 432 } |
426 | 433 |
427 // Test that a sent report has the right format. | 434 // Test that a sent report has the right format. |
428 TEST(ChromeExpectCTReporterTest, SendReport) { | 435 TEST(ChromeExpectCTReporterTest, SendReport) { |
436 const char kExpirationTimeStr[] = "2017-01-01T00:00:00.000Z"; | |
437 base::Time expiration; | |
438 ASSERT_TRUE( | |
439 base::Time::FromUTCExploded({2017, 1, 0, 1, 0, 0, 0, 0}, &expiration)); | |
meacer
2017/06/20 00:28:10
nit: Perhaps move this to around line 500 so that
estark
2017/06/20 21:45:01
Done.
| |
440 | |
429 base::MessageLoop message_loop; | 441 base::MessageLoop message_loop; |
430 base::HistogramTester histograms; | 442 base::HistogramTester histograms; |
431 histograms.ExpectTotalCount(kFailureHistogramName, 0); | 443 histograms.ExpectTotalCount(kFailureHistogramName, 0); |
432 histograms.ExpectTotalCount(kSendHistogramName, 0); | 444 histograms.ExpectTotalCount(kSendHistogramName, 0); |
433 | 445 |
434 TestCertificateReportSender* sender = new TestCertificateReportSender(); | 446 TestCertificateReportSender* sender = new TestCertificateReportSender(); |
435 net::TestURLRequestContext context; | 447 net::TestURLRequestContext context; |
436 ChromeExpectCTReporter reporter(&context); | 448 ChromeExpectCTReporter reporter(&context); |
437 reporter.report_sender_.reset(sender); | 449 reporter.report_sender_.reset(sender); |
438 EXPECT_TRUE(sender->latest_report_uri().is_empty()); | 450 EXPECT_TRUE(sender->latest_report_uri().is_empty()); |
(...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
481 &ssl_info.signed_certificate_timestamps); | 493 &ssl_info.signed_certificate_timestamps); |
482 MakeTestSCTAndStatus(net::ct::SignedCertificateTimestamp::SCT_EMBEDDED, | 494 MakeTestSCTAndStatus(net::ct::SignedCertificateTimestamp::SCT_EMBEDDED, |
483 "valid_log_id2", "extensions2", "signature2", now, | 495 "valid_log_id2", "extensions2", "signature2", now, |
484 net::ct::SCT_STATUS_OK, | 496 net::ct::SCT_STATUS_OK, |
485 &ssl_info.signed_certificate_timestamps); | 497 &ssl_info.signed_certificate_timestamps); |
486 | 498 |
487 net::HostPortPair host_port("example.test", 443); | 499 net::HostPortPair host_port("example.test", 443); |
488 GURL report_uri("http://example-report.test"); | 500 GURL report_uri("http://example-report.test"); |
489 | 501 |
490 // Check that the report is sent and contains the correct information. | 502 // Check that the report is sent and contains the correct information. |
491 reporter.OnExpectCTFailed(host_port, report_uri, ssl_info.cert.get(), | 503 reporter.OnExpectCTFailed(host_port, report_uri, expiration, |
492 ssl_info.unverified_cert.get(), | 504 ssl_info.cert.get(), ssl_info.unverified_cert.get(), |
493 ssl_info.signed_certificate_timestamps); | 505 ssl_info.signed_certificate_timestamps); |
494 EXPECT_EQ(report_uri, sender->latest_report_uri()); | 506 EXPECT_EQ(report_uri, sender->latest_report_uri()); |
495 EXPECT_FALSE(sender->latest_serialized_report().empty()); | 507 EXPECT_FALSE(sender->latest_serialized_report().empty()); |
496 EXPECT_EQ("application/json; charset=utf-8", sender->latest_content_type()); | 508 EXPECT_EQ("application/json; charset=utf-8", sender->latest_content_type()); |
497 ASSERT_NO_FATAL_FAILURE(CheckExpectCTReport( | 509 ASSERT_NO_FATAL_FAILURE( |
498 sender->latest_serialized_report(), host_port, ssl_info)); | 510 CheckExpectCTReport(sender->latest_serialized_report(), host_port, |
511 kExpirationTimeStr, ssl_info)); | |
499 | 512 |
500 histograms.ExpectTotalCount(kFailureHistogramName, 0); | 513 histograms.ExpectTotalCount(kFailureHistogramName, 0); |
501 histograms.ExpectTotalCount(kSendHistogramName, 1); | 514 histograms.ExpectTotalCount(kSendHistogramName, 1); |
502 histograms.ExpectBucketCount(kSendHistogramName, true, 1); | 515 histograms.ExpectBucketCount(kSendHistogramName, true, 1); |
503 } | 516 } |
OLD | NEW |