Add effective-expiration-date to Expect-CT reports

chrome/browser/ssl/chrome_expect_ct_reporter_unittest.cc

 // Copyright 2016 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/ssl/chrome_expect_ct_reporter.h"
 
 #include <string>
 
 #include "base/base64.h"
 #include "base/command_line.h"
@@ skipping 218 matching lines @@
     }
   }
 }
 
 // Checks that the |serialized_report| deserializes properly and
 // contains the correct information (hostname, port, served and
 // validated certificate chains, SCTs) for the given |host_port| and
 // |ssl_info|.
 void CheckExpectCTReport(const std::string& serialized_report,
                          const net::HostPortPair& host_port,
+                         const std::string& expiration,
                          const net::SSLInfo& ssl_info) {
   std::unique_ptr<base::Value> value(base::JSONReader::Read(serialized_report));
   ASSERT_TRUE(value);
   ASSERT_TRUE(value->IsType(base::Value::Type::DICTIONARY));
 
   base::DictionaryValue* report_dict;
   ASSERT_TRUE(value->GetAsDictionary(&report_dict));
 
   std::string report_hostname;
   EXPECT_TRUE(report_dict->GetString("hostname", &report_hostname));
   EXPECT_EQ(host_port.host(), report_hostname);
   int report_port;
   EXPECT_TRUE(report_dict->GetInteger("port", &report_port));
   EXPECT_EQ(host_port.port(), report_port);
 
+  std::string report_expiration;
+  EXPECT_TRUE(
+      report_dict->GetString("effective-expiration-date", &report_expiration));
+  EXPECT_EQ(expiration, report_expiration);
+
   const base::ListValue* report_served_certificate_chain = nullptr;
   ASSERT_TRUE(report_dict->GetList("served-certificate-chain",
                                    &report_served_certificate_chain));
   ASSERT_NO_FATAL_FAILURE(CheckReportCertificateChain(
       ssl_info.unverified_cert, *report_served_certificate_chain));
 
   const base::ListValue* report_validated_certificate_chain = nullptr;
   ASSERT_TRUE(report_dict->GetList("validated-certificate-chain",
                                    &report_validated_certificate_chain));
   ASSERT_NO_FATAL_FAILURE(CheckReportCertificateChain(
@@ skipping 51 matching lines @@
   void TearDown() override {
     net::URLRequestFilter::GetInstance()->ClearHandlers();
   }
 
   net::TestURLRequestContext* context() { return context_.get(); }
 
  protected:
   void SendReport(ChromeExpectCTReporter* reporter,
                   const net::HostPortPair& host_port,
                   const GURL& report_uri,
+                  base::Time expiration,
                   const net::SSLInfo& ssl_info) {
     base::RunLoop run_loop;
     network_delegate_.set_url_request_destroyed_callback(
         run_loop.QuitClosure());
-    reporter->OnExpectCTFailed(host_port, report_uri, ssl_info.cert.get(),
-                               ssl_info.unverified_cert.get(),
-                               ssl_info.signed_certificate_timestamps);
+    reporter->OnExpectCTFailed(
+        host_port, report_uri, expiration, ssl_info.cert.get(),
+        ssl_info.unverified_cert.get(), ssl_info.signed_certificate_timestamps);
     run_loop.Run();
   }
 
  private:
   TestExpectCTNetworkDelegate network_delegate_;
   std::unique_ptr<net::TestURLRequestContext> context_;
   content::TestBrowserThreadBundle thread_bundle_;
 
   DISALLOW_COPY_AND_ASSIGN(ChromeExpectCTReporterWaitTest);
 };
@@ skipping 18 matching lines @@
 
   net::SSLInfo ssl_info;
   ssl_info.cert =
       net::ImportCertFromFile(net::GetTestCertsDirectory(), "ok_cert.pem");
   ssl_info.unverified_cert = net::ImportCertFromFile(
       net::GetTestCertsDirectory(), "localhost_cert.pem");
 
   net::HostPortPair host_port("example.test", 443);
   GURL report_uri("http://example-report.test");
 
-  reporter.OnExpectCTFailed(host_port, report_uri, ssl_info.cert.get(),
-                            ssl_info.unverified_cert.get(),
+  reporter.OnExpectCTFailed(host_port, report_uri, base::Time(),
+                            ssl_info.cert.get(), ssl_info.unverified_cert.get(),
                             ssl_info.signed_certificate_timestamps);
   EXPECT_TRUE(sender->latest_report_uri().is_empty());
   EXPECT_TRUE(sender->latest_serialized_report().empty());
 
   histograms.ExpectTotalCount(kSendHistogramName, 0);
 }
 
 // Test that no report is sent if the report URI is empty.
 TEST(ChromeExpectCTReporterTest, EmptyReportURI) {
   base::MessageLoop message_loop;
   base::HistogramTester histograms;
   histograms.ExpectTotalCount(kSendHistogramName, 0);
 
   TestCertificateReportSender* sender = new TestCertificateReportSender();
   net::TestURLRequestContext context;
   ChromeExpectCTReporter reporter(&context);
   reporter.report_sender_.reset(sender);
   EXPECT_TRUE(sender->latest_report_uri().is_empty());
   EXPECT_TRUE(sender->latest_serialized_report().empty());
 
-  reporter.OnExpectCTFailed(net::HostPortPair(), GURL(), nullptr, nullptr,
+  reporter.OnExpectCTFailed(net::HostPortPair(), GURL(), base::Time(), nullptr,
+                            nullptr,
                             net::SignedCertificateTimestampAndStatusList());
   EXPECT_TRUE(sender->latest_report_uri().is_empty());
   EXPECT_TRUE(sender->latest_serialized_report().empty());
 
   histograms.ExpectTotalCount(kSendHistogramName, 0);
 }
 
 // Test that if a report fails to send, the UMA metric is recorded.
 TEST_F(ChromeExpectCTReporterWaitTest, SendReportFailure) {
   base::HistogramTester histograms;
   histograms.ExpectTotalCount(kFailureHistogramName, 0);
   histograms.ExpectTotalCount(kSendHistogramName, 0);
 
   ChromeExpectCTReporter reporter(context());
 
   net::SSLInfo ssl_info;
   ssl_info.cert =
       net::ImportCertFromFile(net::GetTestCertsDirectory(), "ok_cert.pem");
   ssl_info.unverified_cert = net::ImportCertFromFile(
       net::GetTestCertsDirectory(), "localhost_cert.pem");
 
   net::HostPortPair host_port("example.test", 443);
   GURL report_uri(
       net::URLRequestFailedJob::GetMockHttpUrl(net::ERR_CONNECTION_FAILED));
 
-  SendReport(&reporter, host_port, report_uri, ssl_info);
+  SendReport(&reporter, host_port, report_uri, base::Time(), ssl_info);
 
   histograms.ExpectTotalCount(kFailureHistogramName, 1);
   histograms.ExpectBucketCount(kFailureHistogramName,
                                -net::ERR_CONNECTION_FAILED, 1);
   histograms.ExpectTotalCount(kSendHistogramName, 1);
   histograms.ExpectBucketCount(kSendHistogramName, true, 1);
 }
 
 // Test that a sent report has the right format.
 TEST(ChromeExpectCTReporterTest, SendReport) {
@@ skipping 51 matching lines @@
       "valid_log_id1", "extensions1", "signature1", now, net::ct::SCT_STATUS_OK,
       &ssl_info.signed_certificate_timestamps);
   MakeTestSCTAndStatus(net::ct::SignedCertificateTimestamp::SCT_EMBEDDED,
                        "valid_log_id2", "extensions2", "signature2", now,
                        net::ct::SCT_STATUS_OK,
                        &ssl_info.signed_certificate_timestamps);
 
   net::HostPortPair host_port("example.test", 443);
   GURL report_uri("http://example-report.test");
 
+  const char kExpirationTimeStr[] = "2017-01-01T00:00:00.000Z";
+  base::Time expiration;
+  ASSERT_TRUE(
+      base::Time::FromUTCExploded({2017, 1, 0, 1, 0, 0, 0, 0}, &expiration));
+
   // Check that the report is sent and contains the correct information.
-  reporter.OnExpectCTFailed(host_port, report_uri, ssl_info.cert.get(),
-                            ssl_info.unverified_cert.get(),
+  reporter.OnExpectCTFailed(host_port, report_uri, expiration,
+                            ssl_info.cert.get(), ssl_info.unverified_cert.get(),
                             ssl_info.signed_certificate_timestamps);
   EXPECT_EQ(report_uri, sender->latest_report_uri());
   EXPECT_FALSE(sender->latest_serialized_report().empty());
   EXPECT_EQ("application/json; charset=utf-8", sender->latest_content_type());
-  ASSERT_NO_FATAL_FAILURE(CheckExpectCTReport(
-      sender->latest_serialized_report(), host_port, ssl_info));
+  ASSERT_NO_FATAL_FAILURE(
+      CheckExpectCTReport(sender->latest_serialized_report(), host_port,
+                          kExpirationTimeStr, ssl_info));
 
   histograms.ExpectTotalCount(kFailureHistogramName, 0);
   histograms.ExpectTotalCount(kSendHistogramName, 1);
   histograms.ExpectBucketCount(kSendHistogramName, true, 1);
 }