OLD | NEW |
1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/ssl/chrome_expect_ct_reporter.h" | 5 #include "chrome/browser/ssl/chrome_expect_ct_reporter.h" |
6 | 6 |
7 #include <string> | 7 #include <string> |
8 | 8 |
9 #include "base/base64.h" | 9 #include "base/base64.h" |
10 #include "base/command_line.h" | 10 #include "base/command_line.h" |
11 #include "base/json/json_reader.h" | 11 #include "base/json/json_reader.h" |
12 #include "base/message_loop/message_loop.h" | 12 #include "base/message_loop/message_loop.h" |
13 #include "base/run_loop.h" | 13 #include "base/run_loop.h" |
14 #include "base/test/histogram_tester.h" | 14 #include "base/test/histogram_tester.h" |
15 #include "base/test/scoped_feature_list.h" | 15 #include "base/test/scoped_feature_list.h" |
16 #include "base/values.h" | 16 #include "base/values.h" |
17 #include "chrome/common/chrome_features.h" | 17 #include "chrome/common/chrome_features.h" |
18 #include "content/public/test/test_browser_thread_bundle.h" | 18 #include "content/public/test/test_browser_thread_bundle.h" |
| 19 #include "net/cert/ct_serialization.h" |
19 #include "net/cert/signed_certificate_timestamp_and_status.h" | 20 #include "net/cert/signed_certificate_timestamp_and_status.h" |
20 #include "net/test/cert_test_util.h" | 21 #include "net/test/cert_test_util.h" |
21 #include "net/test/test_data_directory.h" | 22 #include "net/test/test_data_directory.h" |
22 #include "net/test/url_request/url_request_failed_job.h" | 23 #include "net/test/url_request/url_request_failed_job.h" |
23 #include "net/traffic_annotation/network_traffic_annotation_test_helper.h" | 24 #include "net/traffic_annotation/network_traffic_annotation_test_helper.h" |
24 #include "net/url_request/report_sender.h" | 25 #include "net/url_request/report_sender.h" |
25 #include "net/url_request/url_request_filter.h" | 26 #include "net/url_request/url_request_filter.h" |
26 #include "net/url_request/url_request_test_util.h" | 27 #include "net/url_request/url_request_test_util.h" |
27 #include "testing/gtest/include/gtest/gtest.h" | 28 #include "testing/gtest/include/gtest/gtest.h" |
28 #include "url/gurl.h" | 29 #include "url/gurl.h" |
(...skipping 74 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
103 EXPECT_EQ(pem_encoded_chain[i], cert_pem); | 104 EXPECT_EQ(pem_encoded_chain[i], cert_pem); |
104 } | 105 } |
105 } | 106 } |
106 | 107 |
107 // Converts the string value of a reported SCT's origin to a | 108 // Converts the string value of a reported SCT's origin to a |
108 // net::ct::SignedCertificateTimestamp::Origin value. | 109 // net::ct::SignedCertificateTimestamp::Origin value. |
109 net::ct::SignedCertificateTimestamp::Origin SCTOriginStringToOrigin( | 110 net::ct::SignedCertificateTimestamp::Origin SCTOriginStringToOrigin( |
110 const std::string& origin_string) { | 111 const std::string& origin_string) { |
111 if (origin_string == "embedded") | 112 if (origin_string == "embedded") |
112 return net::ct::SignedCertificateTimestamp::SCT_EMBEDDED; | 113 return net::ct::SignedCertificateTimestamp::SCT_EMBEDDED; |
113 if (origin_string == "from-tls-extension") | 114 if (origin_string == "tls-extension") |
114 return net::ct::SignedCertificateTimestamp::SCT_FROM_TLS_EXTENSION; | 115 return net::ct::SignedCertificateTimestamp::SCT_FROM_TLS_EXTENSION; |
115 if (origin_string == "from-ocsp-response") | 116 if (origin_string == "ocsp") |
116 return net::ct::SignedCertificateTimestamp::SCT_FROM_OCSP_RESPONSE; | 117 return net::ct::SignedCertificateTimestamp::SCT_FROM_OCSP_RESPONSE; |
117 NOTREACHED(); | 118 NOTREACHED(); |
118 return net::ct::SignedCertificateTimestamp::SCT_EMBEDDED; | 119 return net::ct::SignedCertificateTimestamp::SCT_EMBEDDED; |
119 } | 120 } |
120 | 121 |
121 // Checks that an SCT |sct| appears (with the format determined by | 122 // Checks that an SCT |sct| appears with status |status| in |report_list|, a |
122 // |status|) in |report_list|, a list of SCTs from an Expect CT | 123 // list of SCTs from an Expect-CT report. |
123 // report. |status| determines the format in that only certain fields | 124 ::testing::AssertionResult FindSCTInReportList( |
124 // are reported for certain verify statuses; SCTs from unknown logs | 125 const scoped_refptr<net::ct::SignedCertificateTimestamp>& expected_sct, |
125 // contain very little information, for example, to avoid compromising | 126 net::ct::SCTVerifyStatus expected_status, |
126 // privacy. | |
127 void FindSCTInReportList( | |
128 const scoped_refptr<net::ct::SignedCertificateTimestamp>& sct, | |
129 net::ct::SCTVerifyStatus status, | |
130 const base::ListValue& report_list) { | 127 const base::ListValue& report_list) { |
131 bool found = false; | 128 std::string expected_serialized_sct; |
132 for (size_t i = 0; !found && i < report_list.GetSize(); i++) { | 129 net::ct::EncodeSignedCertificateTimestamp(expected_sct, |
| 130 &expected_serialized_sct); |
| 131 |
| 132 for (size_t i = 0; i < report_list.GetSize(); i++) { |
133 const base::DictionaryValue* report_sct; | 133 const base::DictionaryValue* report_sct; |
134 ASSERT_TRUE(report_list.GetDictionary(i, &report_sct)); | 134 if (!report_list.GetDictionary(i, &report_sct)) { |
| 135 return ::testing::AssertionFailure() |
| 136 << "Failed to get dictionary value from report SCT list"; |
| 137 } |
135 | 138 |
136 std::string origin; | 139 std::string serialized_sct; |
137 ASSERT_TRUE(report_sct->GetString("origin", &origin)); | 140 EXPECT_TRUE(report_sct->GetString("serialized_sct", &serialized_sct)); |
| 141 std::string decoded_serialized_sct; |
| 142 EXPECT_TRUE(base::Base64Decode(serialized_sct, &decoded_serialized_sct)); |
| 143 if (decoded_serialized_sct != expected_serialized_sct) |
| 144 continue; |
138 | 145 |
139 switch (status) { | 146 std::string source; |
| 147 EXPECT_TRUE(report_sct->GetString("source", &source)); |
| 148 EXPECT_EQ(expected_sct->origin, SCTOriginStringToOrigin(source)); |
| 149 |
| 150 std::string report_status; |
| 151 EXPECT_TRUE(report_sct->GetString("status", &report_status)); |
| 152 switch (expected_status) { |
140 case net::ct::SCT_STATUS_LOG_UNKNOWN: | 153 case net::ct::SCT_STATUS_LOG_UNKNOWN: |
141 // SCTs from unknown logs only have an origin. | 154 EXPECT_EQ("unknown", report_status); |
142 EXPECT_FALSE(report_sct->HasKey("sct")); | |
143 EXPECT_FALSE(report_sct->HasKey("id")); | |
144 if (SCTOriginStringToOrigin(origin) == sct->origin) | |
145 found = true; | |
146 break; | 155 break; |
147 | |
148 case net::ct::SCT_STATUS_INVALID_SIGNATURE: | 156 case net::ct::SCT_STATUS_INVALID_SIGNATURE: |
149 case net::ct::SCT_STATUS_INVALID_TIMESTAMP: { | 157 case net::ct::SCT_STATUS_INVALID_TIMESTAMP: { |
150 // Invalid SCTs have a log id and an origin and nothing else. | 158 EXPECT_EQ("invalid", report_status); |
151 EXPECT_FALSE(report_sct->HasKey("sct")); | |
152 std::string id_base64; | |
153 ASSERT_TRUE(report_sct->GetString("id", &id_base64)); | |
154 std::string id; | |
155 ASSERT_TRUE(base::Base64Decode(id_base64, &id)); | |
156 if (SCTOriginStringToOrigin(origin) == sct->origin && id == sct->log_id) | |
157 found = true; | |
158 break; | 159 break; |
159 } | 160 } |
160 | |
161 case net::ct::SCT_STATUS_OK: { | 161 case net::ct::SCT_STATUS_OK: { |
162 // Valid SCTs have the full SCT. | 162 EXPECT_EQ("valid", report_status); |
163 const base::DictionaryValue* report_sct_object; | |
164 ASSERT_TRUE(report_sct->GetDictionary("sct", &report_sct_object)); | |
165 int version; | |
166 ASSERT_TRUE(report_sct_object->GetInteger("sct_version", &version)); | |
167 std::string id_base64; | |
168 ASSERT_TRUE(report_sct_object->GetString("id", &id_base64)); | |
169 std::string id; | |
170 ASSERT_TRUE(base::Base64Decode(id_base64, &id)); | |
171 std::string extensions_base64; | |
172 ASSERT_TRUE( | |
173 report_sct_object->GetString("extensions", &extensions_base64)); | |
174 std::string extensions; | |
175 ASSERT_TRUE(base::Base64Decode(extensions_base64, &extensions)); | |
176 std::string signature_data_base64; | |
177 ASSERT_TRUE( | |
178 report_sct_object->GetString("signature", &signature_data_base64)); | |
179 std::string signature_data; | |
180 ASSERT_TRUE(base::Base64Decode(signature_data_base64, &signature_data)); | |
181 | |
182 if (version == sct->version && | |
183 SCTOriginStringToOrigin(origin) == sct->origin && | |
184 id == sct->log_id && extensions == sct->extensions && | |
185 signature_data == sct->signature.signature_data) { | |
186 found = true; | |
187 } | |
188 break; | 163 break; |
189 } | 164 } |
190 default: | 165 case net::ct::SCT_STATUS_NONE: |
191 NOTREACHED(); | 166 NOTREACHED(); |
192 } | 167 } |
| 168 return ::testing::AssertionSuccess(); |
193 } | 169 } |
194 EXPECT_TRUE(found); | 170 |
| 171 return ::testing::AssertionFailure() << "Failed to find SCT in report list"; |
195 } | 172 } |
196 | 173 |
197 // Checks that all |expected_scts| appears in the given lists of SCTs | 174 // Checks that all |expected_scts| appears in the given lists of SCTs |
198 // from an Expect CT report. | 175 // from an Expect CT report. |
199 void CheckReportSCTs( | 176 void CheckReportSCTs( |
200 const net::SignedCertificateTimestampAndStatusList& expected_scts, | 177 const net::SignedCertificateTimestampAndStatusList& expected_scts, |
201 const base::ListValue& unknown_scts, | 178 const base::ListValue& scts) { |
202 const base::ListValue& invalid_scts, | 179 EXPECT_EQ(expected_scts.size(), scts.GetSize()); |
203 const base::ListValue& valid_scts) { | |
204 EXPECT_EQ( | |
205 expected_scts.size(), | |
206 unknown_scts.GetSize() + invalid_scts.GetSize() + valid_scts.GetSize()); | |
207 for (const auto& expected_sct : expected_scts) { | 180 for (const auto& expected_sct : expected_scts) { |
208 switch (expected_sct.status) { | 181 ASSERT_TRUE( |
209 case net::ct::SCT_STATUS_LOG_UNKNOWN: | 182 FindSCTInReportList(expected_sct.sct, expected_sct.status, scts)); |
210 ASSERT_NO_FATAL_FAILURE(FindSCTInReportList( | |
211 expected_sct.sct, net::ct::SCT_STATUS_LOG_UNKNOWN, unknown_scts)); | |
212 break; | |
213 case net::ct::SCT_STATUS_INVALID_SIGNATURE: | |
214 ASSERT_NO_FATAL_FAILURE(FindSCTInReportList( | |
215 expected_sct.sct, net::ct::SCT_STATUS_INVALID_SIGNATURE, | |
216 invalid_scts)); | |
217 break; | |
218 case net::ct::SCT_STATUS_INVALID_TIMESTAMP: | |
219 ASSERT_NO_FATAL_FAILURE(FindSCTInReportList( | |
220 expected_sct.sct, net::ct::SCT_STATUS_INVALID_TIMESTAMP, | |
221 invalid_scts)); | |
222 break; | |
223 case net::ct::SCT_STATUS_OK: | |
224 ASSERT_NO_FATAL_FAILURE(FindSCTInReportList( | |
225 expected_sct.sct, net::ct::SCT_STATUS_OK, valid_scts)); | |
226 break; | |
227 default: | |
228 NOTREACHED(); | |
229 } | |
230 } | 183 } |
231 } | 184 } |
232 | 185 |
233 // Checks that the |serialized_report| deserializes properly and | 186 // Checks that the |serialized_report| deserializes properly and |
234 // contains the correct information (hostname, port, served and | 187 // contains the correct information (hostname, port, served and |
235 // validated certificate chains, SCTs) for the given |host_port| and | 188 // validated certificate chains, SCTs) for the given |host_port| and |
236 // |ssl_info|. | 189 // |ssl_info|. |
237 void CheckExpectCTReport(const std::string& serialized_report, | 190 void CheckExpectCTReport(const std::string& serialized_report, |
238 const net::HostPortPair& host_port, | 191 const net::HostPortPair& host_port, |
239 const std::string& expiration, | 192 const std::string& expiration, |
240 const net::SSLInfo& ssl_info) { | 193 const net::SSLInfo& ssl_info) { |
241 std::unique_ptr<base::Value> value(base::JSONReader::Read(serialized_report)); | 194 std::unique_ptr<base::Value> value(base::JSONReader::Read(serialized_report)); |
242 ASSERT_TRUE(value); | 195 ASSERT_TRUE(value); |
243 ASSERT_TRUE(value->IsType(base::Value::Type::DICTIONARY)); | 196 ASSERT_TRUE(value->IsType(base::Value::Type::DICTIONARY)); |
244 | 197 |
| 198 base::DictionaryValue* outer_report_dict; |
| 199 ASSERT_TRUE(value->GetAsDictionary(&outer_report_dict)); |
| 200 |
245 base::DictionaryValue* report_dict; | 201 base::DictionaryValue* report_dict; |
246 ASSERT_TRUE(value->GetAsDictionary(&report_dict)); | 202 ASSERT_TRUE( |
| 203 outer_report_dict->GetDictionary("expect-ct-report", &report_dict)); |
247 | 204 |
248 std::string report_hostname; | 205 std::string report_hostname; |
249 EXPECT_TRUE(report_dict->GetString("hostname", &report_hostname)); | 206 EXPECT_TRUE(report_dict->GetString("hostname", &report_hostname)); |
250 EXPECT_EQ(host_port.host(), report_hostname); | 207 EXPECT_EQ(host_port.host(), report_hostname); |
251 int report_port; | 208 int report_port; |
252 EXPECT_TRUE(report_dict->GetInteger("port", &report_port)); | 209 EXPECT_TRUE(report_dict->GetInteger("port", &report_port)); |
253 EXPECT_EQ(host_port.port(), report_port); | 210 EXPECT_EQ(host_port.port(), report_port); |
254 | 211 |
255 std::string report_expiration; | 212 std::string report_expiration; |
256 EXPECT_TRUE( | 213 EXPECT_TRUE( |
257 report_dict->GetString("effective-expiration-date", &report_expiration)); | 214 report_dict->GetString("effective-expiration-date", &report_expiration)); |
258 EXPECT_EQ(expiration, report_expiration); | 215 EXPECT_EQ(expiration, report_expiration); |
259 | 216 |
260 const base::ListValue* report_served_certificate_chain = nullptr; | 217 const base::ListValue* report_served_certificate_chain = nullptr; |
261 ASSERT_TRUE(report_dict->GetList("served-certificate-chain", | 218 ASSERT_TRUE(report_dict->GetList("served-certificate-chain", |
262 &report_served_certificate_chain)); | 219 &report_served_certificate_chain)); |
263 ASSERT_NO_FATAL_FAILURE(CheckReportCertificateChain( | 220 ASSERT_NO_FATAL_FAILURE(CheckReportCertificateChain( |
264 ssl_info.unverified_cert, *report_served_certificate_chain)); | 221 ssl_info.unverified_cert, *report_served_certificate_chain)); |
265 | 222 |
266 const base::ListValue* report_validated_certificate_chain = nullptr; | 223 const base::ListValue* report_validated_certificate_chain = nullptr; |
267 ASSERT_TRUE(report_dict->GetList("validated-certificate-chain", | 224 ASSERT_TRUE(report_dict->GetList("validated-certificate-chain", |
268 &report_validated_certificate_chain)); | 225 &report_validated_certificate_chain)); |
269 ASSERT_NO_FATAL_FAILURE(CheckReportCertificateChain( | 226 ASSERT_NO_FATAL_FAILURE(CheckReportCertificateChain( |
270 ssl_info.cert, *report_validated_certificate_chain)); | 227 ssl_info.cert, *report_validated_certificate_chain)); |
271 | 228 |
272 const base::ListValue* report_unknown_scts = nullptr; | 229 const base::ListValue* report_scts = nullptr; |
273 ASSERT_TRUE(report_dict->GetList("unknown-scts", &report_unknown_scts)); | 230 ASSERT_TRUE(report_dict->GetList("scts", &report_scts)); |
274 const base::ListValue* report_invalid_scts = nullptr; | |
275 ASSERT_TRUE(report_dict->GetList("invalid-scts", &report_invalid_scts)); | |
276 const base::ListValue* report_valid_scts = nullptr; | |
277 ASSERT_TRUE(report_dict->GetList("valid-scts", &report_valid_scts)); | |
278 | 231 |
279 ASSERT_NO_FATAL_FAILURE(CheckReportSCTs( | 232 ASSERT_NO_FATAL_FAILURE( |
280 ssl_info.signed_certificate_timestamps, *report_unknown_scts, | 233 CheckReportSCTs(ssl_info.signed_certificate_timestamps, *report_scts)); |
281 *report_invalid_scts, *report_valid_scts)); | |
282 } | 234 } |
283 | 235 |
284 // A test network delegate that allows the user to specify a callback to | 236 // A test network delegate that allows the user to specify a callback to |
285 // be run whenever a net::URLRequest is destroyed. | 237 // be run whenever a net::URLRequest is destroyed. |
286 class TestExpectCTNetworkDelegate : public net::NetworkDelegateImpl { | 238 class TestExpectCTNetworkDelegate : public net::NetworkDelegateImpl { |
287 public: | 239 public: |
288 TestExpectCTNetworkDelegate() | 240 TestExpectCTNetworkDelegate() |
289 : url_request_destroyed_callback_(base::Bind(&base::DoNothing)) {} | 241 : url_request_destroyed_callback_(base::Bind(&base::DoNothing)) {} |
290 | 242 |
291 void set_url_request_destroyed_callback(const base::Closure& callback) { | 243 void set_url_request_destroyed_callback(const base::Closure& callback) { |
(...skipping 158 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
450 ssl_info.cert = | 402 ssl_info.cert = |
451 net::ImportCertFromFile(net::GetTestCertsDirectory(), "ok_cert.pem"); | 403 net::ImportCertFromFile(net::GetTestCertsDirectory(), "ok_cert.pem"); |
452 ssl_info.unverified_cert = net::ImportCertFromFile( | 404 ssl_info.unverified_cert = net::ImportCertFromFile( |
453 net::GetTestCertsDirectory(), "localhost_cert.pem"); | 405 net::GetTestCertsDirectory(), "localhost_cert.pem"); |
454 | 406 |
455 base::Time now = base::Time::Now(); | 407 base::Time now = base::Time::Now(); |
456 | 408 |
457 // Append a variety of SCTs: two of each possible status, with a | 409 // Append a variety of SCTs: two of each possible status, with a |
458 // mixture of different origins. | 410 // mixture of different origins. |
459 | 411 |
| 412 // The particular value of the log ID doesn't matter; it just has to be the |
| 413 // correct length. |
| 414 const unsigned char kTestLogId[] = { |
| 415 0xdf, 0x1c, 0x2e, 0xc1, 0x15, 0x00, 0x94, 0x52, 0x47, 0xa9, 0x61, |
| 416 0x68, 0x32, 0x5d, 0xdc, 0x5c, 0x79, 0x59, 0xe8, 0xf7, 0xc6, 0xd3, |
| 417 0x88, 0xfc, 0x00, 0x2e, 0x0b, 0xbd, 0x3f, 0x74, 0xd7, 0x01}; |
| 418 const std::string log_id(reinterpret_cast<const char*>(kTestLogId), |
| 419 sizeof(kTestLogId)); |
| 420 // The values of the extensions and signature data don't matter |
| 421 // either. However, each SCT has to be unique for the test expectation to be |
| 422 // checked properly in CheckExpectCTReport(), so each SCT has a unique |
| 423 // extensions value to make sure the serialized SCTs are unique. |
460 MakeTestSCTAndStatus(net::ct::SignedCertificateTimestamp::SCT_EMBEDDED, | 424 MakeTestSCTAndStatus(net::ct::SignedCertificateTimestamp::SCT_EMBEDDED, |
461 "unknown_log_id1", "extensions1", "signature1", now, | 425 log_id, "extensions1", "signature1", now, |
462 net::ct::SCT_STATUS_LOG_UNKNOWN, | 426 net::ct::SCT_STATUS_LOG_UNKNOWN, |
463 &ssl_info.signed_certificate_timestamps); | 427 &ssl_info.signed_certificate_timestamps); |
464 MakeTestSCTAndStatus(net::ct::SignedCertificateTimestamp::SCT_EMBEDDED, | 428 MakeTestSCTAndStatus(net::ct::SignedCertificateTimestamp::SCT_EMBEDDED, |
465 "unknown_log_id2", "extensions2", "signature2", now, | 429 log_id, "extensions2", "signature2", now, |
466 net::ct::SCT_STATUS_LOG_UNKNOWN, | 430 net::ct::SCT_STATUS_LOG_UNKNOWN, |
467 &ssl_info.signed_certificate_timestamps); | 431 &ssl_info.signed_certificate_timestamps); |
468 | 432 |
469 MakeTestSCTAndStatus( | 433 MakeTestSCTAndStatus( |
470 net::ct::SignedCertificateTimestamp::SCT_FROM_TLS_EXTENSION, | 434 net::ct::SignedCertificateTimestamp::SCT_FROM_TLS_EXTENSION, log_id, |
471 "invalid_log_id1", "extensions1", "signature1", now, | 435 "extensions3", "signature1", now, net::ct::SCT_STATUS_INVALID_TIMESTAMP, |
472 net::ct::SCT_STATUS_INVALID_TIMESTAMP, | |
473 &ssl_info.signed_certificate_timestamps); | 436 &ssl_info.signed_certificate_timestamps); |
474 | 437 |
475 MakeTestSCTAndStatus( | 438 MakeTestSCTAndStatus( |
476 net::ct::SignedCertificateTimestamp::SCT_FROM_TLS_EXTENSION, | 439 net::ct::SignedCertificateTimestamp::SCT_FROM_TLS_EXTENSION, log_id, |
477 "invalid_log_id1", "extensions1", "signature1", now, | 440 "extensions4", "signature1", now, net::ct::SCT_STATUS_INVALID_SIGNATURE, |
478 net::ct::SCT_STATUS_INVALID_SIGNATURE, | |
479 &ssl_info.signed_certificate_timestamps); | 441 &ssl_info.signed_certificate_timestamps); |
480 | 442 |
481 MakeTestSCTAndStatus(net::ct::SignedCertificateTimestamp::SCT_EMBEDDED, | 443 MakeTestSCTAndStatus(net::ct::SignedCertificateTimestamp::SCT_EMBEDDED, |
482 "invalid_log_id2", "extensions2", "signature2", now, | 444 log_id, "extensions5", "signature2", now, |
483 net::ct::SCT_STATUS_INVALID_SIGNATURE, | 445 net::ct::SCT_STATUS_INVALID_SIGNATURE, |
484 &ssl_info.signed_certificate_timestamps); | 446 &ssl_info.signed_certificate_timestamps); |
485 | 447 |
486 MakeTestSCTAndStatus( | 448 MakeTestSCTAndStatus( |
487 net::ct::SignedCertificateTimestamp::SCT_FROM_OCSP_RESPONSE, | 449 net::ct::SignedCertificateTimestamp::SCT_FROM_OCSP_RESPONSE, log_id, |
488 "valid_log_id1", "extensions1", "signature1", now, net::ct::SCT_STATUS_OK, | 450 "extensions6", "signature1", now, net::ct::SCT_STATUS_OK, |
489 &ssl_info.signed_certificate_timestamps); | 451 &ssl_info.signed_certificate_timestamps); |
490 MakeTestSCTAndStatus(net::ct::SignedCertificateTimestamp::SCT_EMBEDDED, | 452 MakeTestSCTAndStatus(net::ct::SignedCertificateTimestamp::SCT_EMBEDDED, |
491 "valid_log_id2", "extensions2", "signature2", now, | 453 log_id, "extensions7", "signature2", now, |
492 net::ct::SCT_STATUS_OK, | 454 net::ct::SCT_STATUS_OK, |
493 &ssl_info.signed_certificate_timestamps); | 455 &ssl_info.signed_certificate_timestamps); |
494 | 456 |
495 net::HostPortPair host_port("example.test", 443); | 457 net::HostPortPair host_port("example.test", 443); |
496 GURL report_uri("http://example-report.test"); | 458 GURL report_uri("http://example-report.test"); |
497 | 459 |
498 const char kExpirationTimeStr[] = "2017-01-01T00:00:00.000Z"; | 460 const char kExpirationTimeStr[] = "2017-01-01T00:00:00.000Z"; |
499 base::Time expiration; | 461 base::Time expiration; |
500 ASSERT_TRUE( | 462 ASSERT_TRUE( |
501 base::Time::FromUTCExploded({2017, 1, 0, 1, 0, 0, 0, 0}, &expiration)); | 463 base::Time::FromUTCExploded({2017, 1, 0, 1, 0, 0, 0, 0}, &expiration)); |
502 | 464 |
503 // Check that the report is sent and contains the correct information. | 465 // Check that the report is sent and contains the correct information. |
504 reporter.OnExpectCTFailed(host_port, report_uri, expiration, | 466 reporter.OnExpectCTFailed(host_port, report_uri, expiration, |
505 ssl_info.cert.get(), ssl_info.unverified_cert.get(), | 467 ssl_info.cert.get(), ssl_info.unverified_cert.get(), |
506 ssl_info.signed_certificate_timestamps); | 468 ssl_info.signed_certificate_timestamps); |
507 EXPECT_EQ(report_uri, sender->latest_report_uri()); | 469 EXPECT_EQ(report_uri, sender->latest_report_uri()); |
508 EXPECT_FALSE(sender->latest_serialized_report().empty()); | 470 EXPECT_FALSE(sender->latest_serialized_report().empty()); |
509 EXPECT_EQ("application/json; charset=utf-8", sender->latest_content_type()); | 471 EXPECT_EQ("application/json; charset=utf-8", sender->latest_content_type()); |
510 ASSERT_NO_FATAL_FAILURE( | 472 ASSERT_NO_FATAL_FAILURE( |
511 CheckExpectCTReport(sender->latest_serialized_report(), host_port, | 473 CheckExpectCTReport(sender->latest_serialized_report(), host_port, |
512 kExpirationTimeStr, ssl_info)); | 474 kExpirationTimeStr, ssl_info)); |
513 | 475 |
514 histograms.ExpectTotalCount(kFailureHistogramName, 0); | 476 histograms.ExpectTotalCount(kFailureHistogramName, 0); |
515 histograms.ExpectTotalCount(kSendHistogramName, 1); | 477 histograms.ExpectTotalCount(kSendHistogramName, 1); |
516 histograms.ExpectBucketCount(kSendHistogramName, true, 1); | 478 histograms.ExpectBucketCount(kSendHistogramName, true, 1); |
517 } | 479 } |
OLD | NEW |