OLD | NEW |
---|---|
1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/ssl/chrome_expect_ct_reporter.h" | 5 #include "chrome/browser/ssl/chrome_expect_ct_reporter.h" |
6 | 6 |
7 #include <string> | 7 #include <string> |
8 | 8 |
9 #include "base/base64.h" | 9 #include "base/base64.h" |
10 #include "base/command_line.h" | 10 #include "base/command_line.h" |
11 #include "base/json/json_reader.h" | 11 #include "base/json/json_reader.h" |
12 #include "base/message_loop/message_loop.h" | |
13 #include "base/run_loop.h" | 12 #include "base/run_loop.h" |
14 #include "base/test/histogram_tester.h" | 13 #include "base/test/histogram_tester.h" |
15 #include "base/test/scoped_feature_list.h" | 14 #include "base/test/scoped_feature_list.h" |
16 #include "base/values.h" | 15 #include "base/values.h" |
17 #include "chrome/common/chrome_features.h" | 16 #include "chrome/common/chrome_features.h" |
18 #include "content/public/test/test_browser_thread_bundle.h" | 17 #include "content/public/test/test_browser_thread_bundle.h" |
19 #include "net/cert/ct_serialization.h" | 18 #include "net/cert/ct_serialization.h" |
20 #include "net/cert/signed_certificate_timestamp_and_status.h" | 19 #include "net/cert/signed_certificate_timestamp_and_status.h" |
21 #include "net/test/cert_test_util.h" | 20 #include "net/test/cert_test_util.h" |
21 #include "net/test/embedded_test_server/embedded_test_server.h" | |
22 #include "net/test/embedded_test_server/http_response.h" | |
22 #include "net/test/test_data_directory.h" | 23 #include "net/test/test_data_directory.h" |
23 #include "net/test/url_request/url_request_failed_job.h" | 24 #include "net/test/url_request/url_request_failed_job.h" |
24 #include "net/traffic_annotation/network_traffic_annotation_test_helper.h" | 25 #include "net/traffic_annotation/network_traffic_annotation_test_helper.h" |
25 #include "net/url_request/report_sender.h" | 26 #include "net/url_request/report_sender.h" |
26 #include "net/url_request/url_request_filter.h" | 27 #include "net/url_request/url_request_filter.h" |
27 #include "net/url_request/url_request_test_util.h" | 28 #include "net/url_request/url_request_test_util.h" |
28 #include "testing/gtest/include/gtest/gtest.h" | 29 #include "testing/gtest/include/gtest/gtest.h" |
29 #include "url/gurl.h" | 30 #include "url/gurl.h" |
30 | 31 |
31 namespace { | 32 namespace { |
(...skipping 11 matching lines...) Expand all Loading... | |
43 | 44 |
44 void Send(const GURL& report_uri, | 45 void Send(const GURL& report_uri, |
45 base::StringPiece content_type, | 46 base::StringPiece content_type, |
46 base::StringPiece serialized_report, | 47 base::StringPiece serialized_report, |
47 const base::Callback<void()>& success_callback, | 48 const base::Callback<void()>& success_callback, |
48 const base::Callback<void(const GURL&, int, int)>& error_callback) | 49 const base::Callback<void(const GURL&, int, int)>& error_callback) |
49 override { | 50 override { |
50 latest_report_uri_ = report_uri; | 51 latest_report_uri_ = report_uri; |
51 serialized_report.CopyToString(&latest_serialized_report_); | 52 serialized_report.CopyToString(&latest_serialized_report_); |
52 content_type.CopyToString(&latest_content_type_); | 53 content_type.CopyToString(&latest_content_type_); |
54 if (!report_callback_.is_null()) { | |
55 EXPECT_EQ(expected_report_uri_, latest_report_uri_); | |
56 report_callback_.Run(); | |
57 } | |
53 } | 58 } |
54 | 59 |
55 const GURL& latest_report_uri() const { return latest_report_uri_; } | 60 const GURL& latest_report_uri() const { return latest_report_uri_; } |
56 | 61 |
57 const std::string& latest_content_type() const { | 62 const std::string& latest_content_type() const { |
58 return latest_content_type_; | 63 return latest_content_type_; |
59 } | 64 } |
60 | 65 |
61 const std::string& latest_serialized_report() const { | 66 const std::string& latest_serialized_report() const { |
62 return latest_serialized_report_; | 67 return latest_serialized_report_; |
63 } | 68 } |
64 | 69 |
70 // Can be called to wait for a single report, which is expected to be sent to | |
71 // |report_uri|. |callback| will be run immediately (before return) if a | |
72 // report has already been sent in the past, and otherwise it will be called | |
73 // on the next Send() call. | |
74 void WaitForReport(const GURL& report_uri, const base::Closure& callback) { | |
meacer
2017/07/05 23:48:59
This isn't actually waiting for a report, is it?
estark
2017/07/06 06:39:43
I changed it to create and run the run loop inside
meacer
2017/07/06 22:03:45
Sorry, you are right. I missed the fact that you a
| |
75 report_callback_ = callback; | |
76 expected_report_uri_ = report_uri; | |
77 if (!latest_report_uri_.is_empty()) { | |
78 EXPECT_EQ(expected_report_uri_, latest_report_uri_); | |
79 callback.Run(); | |
80 return; | |
meacer
2017/07/05 23:48:59
nit: not necessary
estark
2017/07/06 06:39:43
Done.
| |
81 } | |
82 } | |
83 | |
65 private: | 84 private: |
66 GURL latest_report_uri_; | 85 GURL latest_report_uri_; |
67 std::string latest_content_type_; | 86 std::string latest_content_type_; |
68 std::string latest_serialized_report_; | 87 std::string latest_serialized_report_; |
88 base::Closure report_callback_; | |
89 GURL expected_report_uri_; | |
69 }; | 90 }; |
70 | 91 |
71 // Constructs a net::SignedCertificateTimestampAndStatus with the given | 92 // Constructs a net::SignedCertificateTimestampAndStatus with the given |
72 // information and appends it to |sct_list|. | 93 // information and appends it to |sct_list|. |
73 void MakeTestSCTAndStatus( | 94 void MakeTestSCTAndStatus( |
74 net::ct::SignedCertificateTimestamp::Origin origin, | 95 net::ct::SignedCertificateTimestamp::Origin origin, |
75 const std::string& log_id, | 96 const std::string& log_id, |
76 const std::string& extensions, | 97 const std::string& extensions, |
77 const std::string& signature_data, | 98 const std::string& signature_data, |
78 const base::Time& timestamp, | 99 const base::Time& timestamp, |
(...skipping 213 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
292 } | 313 } |
293 | 314 |
294 private: | 315 private: |
295 TestExpectCTNetworkDelegate network_delegate_; | 316 TestExpectCTNetworkDelegate network_delegate_; |
296 std::unique_ptr<net::TestURLRequestContext> context_; | 317 std::unique_ptr<net::TestURLRequestContext> context_; |
297 content::TestBrowserThreadBundle thread_bundle_; | 318 content::TestBrowserThreadBundle thread_bundle_; |
298 | 319 |
299 DISALLOW_COPY_AND_ASSIGN(ChromeExpectCTReporterWaitTest); | 320 DISALLOW_COPY_AND_ASSIGN(ChromeExpectCTReporterWaitTest); |
300 }; | 321 }; |
301 | 322 |
323 // A test fixture that responds properly to CORS preflights so that reports can | |
324 // be successfully sent to test_server(). | |
325 class ChromeExpectCTReporterTest : public ::testing::Test { | |
326 public: | |
327 ChromeExpectCTReporterTest() | |
328 : thread_bundle_(content::TestBrowserThreadBundle::IO_MAINLOOP) {} | |
329 ~ChromeExpectCTReporterTest() override {} | |
330 | |
331 void SetUp() override { | |
332 report_server_.RegisterRequestHandler( | |
333 base::Bind(&ChromeExpectCTReporterTest::HandleReportPreflight, | |
334 base::Unretained(this))); | |
335 ASSERT_TRUE(report_server_.Start()); | |
336 } | |
337 | |
338 std::unique_ptr<net::test_server::HttpResponse> HandleReportPreflight( | |
339 const net::test_server::HttpRequest& request) { | |
340 num_requests_++; | |
341 if (!requests_callback_.is_null()) { | |
342 requests_callback_.Run(); | |
343 } | |
344 std::unique_ptr<net::test_server::BasicHttpResponse> http_response( | |
345 new net::test_server::BasicHttpResponse()); | |
346 http_response->set_code(net::HTTP_OK); | |
347 for (const auto& cors_header : cors_headers_) { | |
348 http_response->AddCustomHeader(cors_header.first, cors_header.second); | |
349 } | |
350 return http_response; | |
351 } | |
352 | |
353 void WaitForReportPreflight(const base::Closure& callback) { | |
354 if (num_requests_ >= 1) { | |
355 callback.Run(); | |
356 return; | |
357 } | |
358 requests_callback_ = callback; | |
359 } | |
360 | |
361 protected: | |
362 const net::EmbeddedTestServer& test_server() { return report_server_; } | |
363 | |
364 // Tests that reports are not sent when the CORS preflight request returns the | |
365 // header field |preflight_header_name| with value given by | |
366 // |preflight_header_bad_value|, and that reports are successfully sent when | |
367 // it has value given by |preflight_header_good_value|. | |
368 void TestForReportPreflightFailure( | |
369 ChromeExpectCTReporter* reporter, | |
370 TestCertificateReportSender* sender, | |
371 const net::HostPortPair host_port, | |
meacer
2017/07/05 23:48:59
Pass by ref
estark
2017/07/06 06:39:43
Done.
| |
372 const net::SSLInfo& ssl_info, | |
373 const std::string& preflight_header_name, | |
374 const std::string& preflight_header_bad_value, | |
375 const std::string& preflight_header_good_value) { | |
376 cors_headers_[preflight_header_name] = preflight_header_bad_value; | |
377 const GURL fail_report_uri = test_server().GetURL("/report1"); | |
378 reporter->OnExpectCTFailed( | |
379 host_port, fail_report_uri, base::Time(), ssl_info.cert.get(), | |
380 ssl_info.unverified_cert.get(), ssl_info.signed_certificate_timestamps); | |
381 base::RunLoop preflight_run_loop; | |
382 WaitForReportPreflight(preflight_run_loop.QuitClosure()); | |
383 preflight_run_loop.Run(); | |
384 EXPECT_TRUE(sender->latest_report_uri().is_empty()); | |
385 EXPECT_TRUE(sender->latest_serialized_report().empty()); | |
386 | |
387 // Set the proper header value and send a dummy report. The test will fail | |
388 // if the previous OnExpectCTFailed() call unexpectedly resulted in a | |
389 // report, as WaitForReport() would see the previous report to /report1 | |
390 // instead of the expected report to /report2. | |
391 const GURL successful_report_uri = test_server().GetURL("/report2"); | |
392 cors_headers_[preflight_header_name] = preflight_header_good_value; | |
393 reporter->OnExpectCTFailed( | |
394 host_port, successful_report_uri, base::Time(), ssl_info.cert.get(), | |
395 ssl_info.unverified_cert.get(), ssl_info.signed_certificate_timestamps); | |
396 base::RunLoop run_loop; | |
397 sender->WaitForReport(successful_report_uri, run_loop.QuitClosure()); | |
398 run_loop.Run(); | |
399 EXPECT_EQ(successful_report_uri, sender->latest_report_uri()); | |
400 } | |
401 | |
402 private: | |
403 content::TestBrowserThreadBundle thread_bundle_; | |
404 net::EmbeddedTestServer report_server_; | |
405 uint32_t num_requests_ = 0; | |
406 base::Closure requests_callback_; | |
407 std::map<std::string, std::string> cors_headers_{ | |
408 {"Access-Control-Allow-Origin", "*"}, | |
409 {"Access-Control-Allow-Methods", "GET,POST"}, | |
410 {"Access-Control-Allow-Headers", "content-type,another-header"}}; | |
411 }; | |
412 | |
302 } // namespace | 413 } // namespace |
303 | 414 |
304 // Test that no report is sent when the feature is not enabled. | 415 // Test that no report is sent when the feature is not enabled. |
305 TEST(ChromeExpectCTReporterTest, FeatureDisabled) { | 416 TEST_F(ChromeExpectCTReporterTest, FeatureDisabled) { |
306 base::test::ScopedFeatureList scoped_feature_list; | |
307 scoped_feature_list.InitAndDisableFeature(features::kExpectCTReporting); | |
308 | |
309 base::MessageLoop message_loop; | |
310 base::HistogramTester histograms; | 417 base::HistogramTester histograms; |
311 histograms.ExpectTotalCount(kSendHistogramName, 0); | 418 histograms.ExpectTotalCount(kSendHistogramName, 0); |
312 | 419 |
313 TestCertificateReportSender* sender = new TestCertificateReportSender(); | 420 TestCertificateReportSender* sender = new TestCertificateReportSender(); |
314 net::TestURLRequestContext context; | 421 net::TestURLRequestContext context; |
315 ChromeExpectCTReporter reporter(&context); | 422 ChromeExpectCTReporter reporter(&context); |
316 reporter.report_sender_.reset(sender); | 423 reporter.report_sender_.reset(sender); |
317 EXPECT_TRUE(sender->latest_report_uri().is_empty()); | 424 EXPECT_TRUE(sender->latest_report_uri().is_empty()); |
318 EXPECT_TRUE(sender->latest_serialized_report().empty()); | 425 EXPECT_TRUE(sender->latest_serialized_report().empty()); |
319 | 426 |
320 net::SSLInfo ssl_info; | 427 net::SSLInfo ssl_info; |
321 ssl_info.cert = | 428 ssl_info.cert = |
322 net::ImportCertFromFile(net::GetTestCertsDirectory(), "ok_cert.pem"); | 429 net::ImportCertFromFile(net::GetTestCertsDirectory(), "ok_cert.pem"); |
323 ssl_info.unverified_cert = net::ImportCertFromFile( | 430 ssl_info.unverified_cert = net::ImportCertFromFile( |
324 net::GetTestCertsDirectory(), "localhost_cert.pem"); | 431 net::GetTestCertsDirectory(), "localhost_cert.pem"); |
325 | 432 |
326 net::HostPortPair host_port("example.test", 443); | 433 net::HostPortPair host_port("example.test", 443); |
327 GURL report_uri("http://example-report.test"); | |
328 | 434 |
329 reporter.OnExpectCTFailed(host_port, report_uri, base::Time(), | 435 { |
330 ssl_info.cert.get(), ssl_info.unverified_cert.get(), | 436 const GURL report_uri = test_server().GetURL("/report1"); |
331 ssl_info.signed_certificate_timestamps); | 437 base::test::ScopedFeatureList scoped_feature_list; |
332 EXPECT_TRUE(sender->latest_report_uri().is_empty()); | 438 scoped_feature_list.InitAndDisableFeature(features::kExpectCTReporting); |
333 EXPECT_TRUE(sender->latest_serialized_report().empty()); | |
334 | 439 |
335 histograms.ExpectTotalCount(kSendHistogramName, 0); | 440 reporter.OnExpectCTFailed( |
441 host_port, report_uri, base::Time(), ssl_info.cert.get(), | |
442 ssl_info.unverified_cert.get(), ssl_info.signed_certificate_timestamps); | |
443 EXPECT_TRUE(sender->latest_report_uri().is_empty()); | |
444 EXPECT_TRUE(sender->latest_serialized_report().empty()); | |
445 | |
446 histograms.ExpectTotalCount(kSendHistogramName, 0); | |
447 } | |
448 | |
449 // Enable the feature and send a dummy report. The test will fail if the | |
450 // previous OnExpectCTFailed() call unexpectedly resulted in a report, as the | |
451 // WaitForReport() would see the previous report to /report1 instead of the | |
452 // expected report to /report2. | |
453 { | |
454 const GURL report_uri = test_server().GetURL("/report2"); | |
455 base::test::ScopedFeatureList scoped_feature_list; | |
456 scoped_feature_list.InitAndEnableFeature(features::kExpectCTReporting); | |
457 reporter.OnExpectCTFailed( | |
458 host_port, report_uri, base::Time(), ssl_info.cert.get(), | |
459 ssl_info.unverified_cert.get(), ssl_info.signed_certificate_timestamps); | |
460 base::RunLoop run_loop; | |
461 sender->WaitForReport(report_uri, run_loop.QuitClosure()); | |
462 run_loop.Run(); | |
463 EXPECT_EQ(report_uri, sender->latest_report_uri()); | |
464 } | |
336 } | 465 } |
337 | 466 |
338 // Test that no report is sent if the report URI is empty. | 467 // Test that no report is sent if the report URI is empty. |
339 TEST(ChromeExpectCTReporterTest, EmptyReportURI) { | 468 TEST_F(ChromeExpectCTReporterTest, EmptyReportURI) { |
340 base::MessageLoop message_loop; | |
341 base::HistogramTester histograms; | 469 base::HistogramTester histograms; |
342 histograms.ExpectTotalCount(kSendHistogramName, 0); | 470 histograms.ExpectTotalCount(kSendHistogramName, 0); |
343 | 471 |
344 TestCertificateReportSender* sender = new TestCertificateReportSender(); | 472 TestCertificateReportSender* sender = new TestCertificateReportSender(); |
345 net::TestURLRequestContext context; | 473 net::TestURLRequestContext context; |
346 ChromeExpectCTReporter reporter(&context); | 474 ChromeExpectCTReporter reporter(&context); |
347 reporter.report_sender_.reset(sender); | 475 reporter.report_sender_.reset(sender); |
348 EXPECT_TRUE(sender->latest_report_uri().is_empty()); | 476 EXPECT_TRUE(sender->latest_report_uri().is_empty()); |
349 EXPECT_TRUE(sender->latest_serialized_report().empty()); | 477 EXPECT_TRUE(sender->latest_serialized_report().empty()); |
350 | 478 |
(...skipping 27 matching lines...) Expand all Loading... | |
378 SendReport(&reporter, host_port, report_uri, base::Time(), ssl_info); | 506 SendReport(&reporter, host_port, report_uri, base::Time(), ssl_info); |
379 | 507 |
380 histograms.ExpectTotalCount(kFailureHistogramName, 1); | 508 histograms.ExpectTotalCount(kFailureHistogramName, 1); |
381 histograms.ExpectBucketCount(kFailureHistogramName, | 509 histograms.ExpectBucketCount(kFailureHistogramName, |
382 -net::ERR_CONNECTION_FAILED, 1); | 510 -net::ERR_CONNECTION_FAILED, 1); |
383 histograms.ExpectTotalCount(kSendHistogramName, 1); | 511 histograms.ExpectTotalCount(kSendHistogramName, 1); |
384 histograms.ExpectBucketCount(kSendHistogramName, true, 1); | 512 histograms.ExpectBucketCount(kSendHistogramName, true, 1); |
385 } | 513 } |
386 | 514 |
387 // Test that a sent report has the right format. | 515 // Test that a sent report has the right format. |
388 TEST(ChromeExpectCTReporterTest, SendReport) { | 516 TEST_F(ChromeExpectCTReporterTest, SendReport) { |
389 base::MessageLoop message_loop; | |
390 base::HistogramTester histograms; | 517 base::HistogramTester histograms; |
391 histograms.ExpectTotalCount(kFailureHistogramName, 0); | 518 histograms.ExpectTotalCount(kFailureHistogramName, 0); |
392 histograms.ExpectTotalCount(kSendHistogramName, 0); | 519 histograms.ExpectTotalCount(kSendHistogramName, 0); |
393 | 520 |
394 TestCertificateReportSender* sender = new TestCertificateReportSender(); | 521 TestCertificateReportSender* sender = new TestCertificateReportSender(); |
395 net::TestURLRequestContext context; | 522 net::TestURLRequestContext context; |
396 ChromeExpectCTReporter reporter(&context); | 523 ChromeExpectCTReporter reporter(&context); |
397 reporter.report_sender_.reset(sender); | 524 reporter.report_sender_.reset(sender); |
398 EXPECT_TRUE(sender->latest_report_uri().is_empty()); | 525 EXPECT_TRUE(sender->latest_report_uri().is_empty()); |
399 EXPECT_TRUE(sender->latest_serialized_report().empty()); | 526 EXPECT_TRUE(sender->latest_serialized_report().empty()); |
(...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
447 | 574 |
448 MakeTestSCTAndStatus( | 575 MakeTestSCTAndStatus( |
449 net::ct::SignedCertificateTimestamp::SCT_FROM_OCSP_RESPONSE, log_id, | 576 net::ct::SignedCertificateTimestamp::SCT_FROM_OCSP_RESPONSE, log_id, |
450 "extensions6", "signature1", now, net::ct::SCT_STATUS_OK, | 577 "extensions6", "signature1", now, net::ct::SCT_STATUS_OK, |
451 &ssl_info.signed_certificate_timestamps); | 578 &ssl_info.signed_certificate_timestamps); |
452 MakeTestSCTAndStatus(net::ct::SignedCertificateTimestamp::SCT_EMBEDDED, | 579 MakeTestSCTAndStatus(net::ct::SignedCertificateTimestamp::SCT_EMBEDDED, |
453 log_id, "extensions7", "signature2", now, | 580 log_id, "extensions7", "signature2", now, |
454 net::ct::SCT_STATUS_OK, | 581 net::ct::SCT_STATUS_OK, |
455 &ssl_info.signed_certificate_timestamps); | 582 &ssl_info.signed_certificate_timestamps); |
456 | 583 |
457 net::HostPortPair host_port("example.test", 443); | |
458 GURL report_uri("http://example-report.test"); | |
459 | |
460 const char kExpirationTimeStr[] = "2017-01-01T00:00:00.000Z"; | 584 const char kExpirationTimeStr[] = "2017-01-01T00:00:00.000Z"; |
461 base::Time expiration; | 585 base::Time expiration; |
462 ASSERT_TRUE( | 586 ASSERT_TRUE( |
463 base::Time::FromUTCExploded({2017, 1, 0, 1, 0, 0, 0, 0}, &expiration)); | 587 base::Time::FromUTCExploded({2017, 1, 0, 1, 0, 0, 0, 0}, &expiration)); |
464 | 588 |
589 const GURL report_uri = test_server().GetURL("/report"); | |
590 | |
465 // Check that the report is sent and contains the correct information. | 591 // Check that the report is sent and contains the correct information. |
466 reporter.OnExpectCTFailed(host_port, report_uri, expiration, | 592 reporter.OnExpectCTFailed(net::HostPortPair::FromURL(report_uri), report_uri, |
467 ssl_info.cert.get(), ssl_info.unverified_cert.get(), | 593 expiration, ssl_info.cert.get(), |
594 ssl_info.unverified_cert.get(), | |
468 ssl_info.signed_certificate_timestamps); | 595 ssl_info.signed_certificate_timestamps); |
596 | |
597 // A CORS preflight request should be sent before the actual report. | |
598 base::RunLoop preflight_run_loop; | |
599 WaitForReportPreflight(preflight_run_loop.QuitClosure()); | |
600 preflight_run_loop.Run(); | |
601 | |
602 base::RunLoop report_run_loop; | |
603 sender->WaitForReport(report_uri, report_run_loop.QuitClosure()); | |
604 report_run_loop.Run(); | |
605 | |
469 EXPECT_EQ(report_uri, sender->latest_report_uri()); | 606 EXPECT_EQ(report_uri, sender->latest_report_uri()); |
470 EXPECT_FALSE(sender->latest_serialized_report().empty()); | 607 EXPECT_FALSE(sender->latest_serialized_report().empty()); |
471 EXPECT_EQ("application/json; charset=utf-8", sender->latest_content_type()); | 608 EXPECT_EQ("application/expect-ct-report+json; charset=utf-8", |
472 ASSERT_NO_FATAL_FAILURE( | 609 sender->latest_content_type()); |
473 CheckExpectCTReport(sender->latest_serialized_report(), host_port, | 610 ASSERT_NO_FATAL_FAILURE(CheckExpectCTReport( |
474 kExpirationTimeStr, ssl_info)); | 611 sender->latest_serialized_report(), |
612 net::HostPortPair::FromURL(report_uri), kExpirationTimeStr, ssl_info)); | |
475 | 613 |
476 histograms.ExpectTotalCount(kFailureHistogramName, 0); | 614 histograms.ExpectTotalCount(kFailureHistogramName, 0); |
477 histograms.ExpectTotalCount(kSendHistogramName, 1); | 615 histograms.ExpectTotalCount(kSendHistogramName, 1); |
478 histograms.ExpectBucketCount(kSendHistogramName, true, 1); | 616 histograms.ExpectBucketCount(kSendHistogramName, true, 1); |
479 } | 617 } |
618 | |
619 // Test that no report is sent when the CORS preflight returns an invalid | |
620 // Access-Control-Allow-Origin. | |
621 TEST_F(ChromeExpectCTReporterTest, BadCORSPreflightResponseOrigin) { | |
622 TestCertificateReportSender* sender = new TestCertificateReportSender(); | |
623 net::TestURLRequestContext context; | |
624 ChromeExpectCTReporter reporter(&context); | |
625 reporter.report_sender_.reset(sender); | |
626 EXPECT_TRUE(sender->latest_report_uri().is_empty()); | |
627 EXPECT_TRUE(sender->latest_serialized_report().empty()); | |
628 | |
629 net::SSLInfo ssl_info; | |
630 ssl_info.cert = | |
631 net::ImportCertFromFile(net::GetTestCertsDirectory(), "ok_cert.pem"); | |
632 ssl_info.unverified_cert = net::ImportCertFromFile( | |
633 net::GetTestCertsDirectory(), "localhost_cert.pem"); | |
634 | |
635 net::HostPortPair host_port("example.test", 443); | |
meacer
2017/07/05 23:48:59
nit: const (or perhaps inline these in lines 641,
estark
2017/07/06 06:39:43
Done.
| |
636 | |
637 base::test::ScopedFeatureList scoped_feature_list; | |
638 scoped_feature_list.InitAndEnableFeature(features::kExpectCTReporting); | |
639 EXPECT_TRUE(sender->latest_serialized_report().empty()); | |
640 ASSERT_NO_FATAL_FAILURE(TestForReportPreflightFailure( | |
641 &reporter, sender, host_port, ssl_info, "Access-Control-Allow-Origin", | |
642 "https://another-origin.test", "null")); | |
643 } | |
644 | |
645 // Test that no report is sent when the CORS preflight returns an invalid | |
646 // Access-Control-Allow-Methods. | |
647 TEST_F(ChromeExpectCTReporterTest, BadCORSPreflightResponseMethods) { | |
648 TestCertificateReportSender* sender = new TestCertificateReportSender(); | |
649 net::TestURLRequestContext context; | |
650 ChromeExpectCTReporter reporter(&context); | |
651 reporter.report_sender_.reset(sender); | |
652 EXPECT_TRUE(sender->latest_report_uri().is_empty()); | |
653 EXPECT_TRUE(sender->latest_serialized_report().empty()); | |
654 | |
655 net::SSLInfo ssl_info; | |
656 ssl_info.cert = | |
657 net::ImportCertFromFile(net::GetTestCertsDirectory(), "ok_cert.pem"); | |
658 ssl_info.unverified_cert = net::ImportCertFromFile( | |
659 net::GetTestCertsDirectory(), "localhost_cert.pem"); | |
660 | |
661 net::HostPortPair host_port("example.test", 443); | |
662 | |
663 base::test::ScopedFeatureList scoped_feature_list; | |
664 scoped_feature_list.InitAndEnableFeature(features::kExpectCTReporting); | |
665 EXPECT_TRUE(sender->latest_serialized_report().empty()); | |
666 ASSERT_NO_FATAL_FAILURE(TestForReportPreflightFailure( | |
667 &reporter, sender, host_port, ssl_info, "Access-Control-Allow-Methods", | |
668 "GET,HEAD,POSSSST", "POST")); | |
669 } | |
670 | |
671 // Test that no report is sent when the CORS preflight returns an invalid | |
672 // Access-Control-Allow-Headers. | |
673 TEST_F(ChromeExpectCTReporterTest, BadCORSPreflightResponseHeaders) { | |
674 TestCertificateReportSender* sender = new TestCertificateReportSender(); | |
675 net::TestURLRequestContext context; | |
676 ChromeExpectCTReporter reporter(&context); | |
677 reporter.report_sender_.reset(sender); | |
678 EXPECT_TRUE(sender->latest_report_uri().is_empty()); | |
679 EXPECT_TRUE(sender->latest_serialized_report().empty()); | |
680 | |
681 net::SSLInfo ssl_info; | |
682 ssl_info.cert = | |
683 net::ImportCertFromFile(net::GetTestCertsDirectory(), "ok_cert.pem"); | |
684 ssl_info.unverified_cert = net::ImportCertFromFile( | |
685 net::GetTestCertsDirectory(), "localhost_cert.pem"); | |
686 | |
687 net::HostPortPair host_port("example.test", 443); | |
688 | |
689 base::test::ScopedFeatureList scoped_feature_list; | |
690 scoped_feature_list.InitAndEnableFeature(features::kExpectCTReporting); | |
691 EXPECT_TRUE(sender->latest_serialized_report().empty()); | |
692 ASSERT_NO_FATAL_FAILURE(TestForReportPreflightFailure( | |
693 &reporter, sender, host_port, ssl_info, "Access-Control-Allow-Headers", | |
694 "Not-Content-Type", "Content-Type")); | |
695 } | |
OLD | NEW |