OLD | NEW |
1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/ssl/chrome_expect_ct_reporter.h" | 5 #include "chrome/browser/ssl/chrome_expect_ct_reporter.h" |
6 | 6 |
7 #include <string> | 7 #include <string> |
8 | 8 |
9 #include "base/base64.h" | 9 #include "base/base64.h" |
10 #include "base/command_line.h" | 10 #include "base/command_line.h" |
11 #include "base/json/json_reader.h" | 11 #include "base/json/json_reader.h" |
12 #include "base/message_loop/message_loop.h" | |
13 #include "base/run_loop.h" | 12 #include "base/run_loop.h" |
14 #include "base/test/histogram_tester.h" | 13 #include "base/test/histogram_tester.h" |
15 #include "base/test/scoped_feature_list.h" | 14 #include "base/test/scoped_feature_list.h" |
16 #include "base/values.h" | 15 #include "base/values.h" |
17 #include "chrome/common/chrome_features.h" | 16 #include "chrome/common/chrome_features.h" |
18 #include "content/public/test/test_browser_thread_bundle.h" | 17 #include "content/public/test/test_browser_thread_bundle.h" |
19 #include "net/cert/ct_serialization.h" | 18 #include "net/cert/ct_serialization.h" |
20 #include "net/cert/signed_certificate_timestamp_and_status.h" | 19 #include "net/cert/signed_certificate_timestamp_and_status.h" |
21 #include "net/test/cert_test_util.h" | 20 #include "net/test/cert_test_util.h" |
| 21 #include "net/test/embedded_test_server/embedded_test_server.h" |
| 22 #include "net/test/embedded_test_server/http_response.h" |
22 #include "net/test/test_data_directory.h" | 23 #include "net/test/test_data_directory.h" |
23 #include "net/test/url_request/url_request_failed_job.h" | 24 #include "net/test/url_request/url_request_failed_job.h" |
24 #include "net/traffic_annotation/network_traffic_annotation_test_helper.h" | 25 #include "net/traffic_annotation/network_traffic_annotation_test_helper.h" |
25 #include "net/url_request/report_sender.h" | 26 #include "net/url_request/report_sender.h" |
26 #include "net/url_request/url_request_filter.h" | 27 #include "net/url_request/url_request_filter.h" |
27 #include "net/url_request/url_request_test_util.h" | 28 #include "net/url_request/url_request_test_util.h" |
28 #include "testing/gtest/include/gtest/gtest.h" | 29 #include "testing/gtest/include/gtest/gtest.h" |
29 #include "url/gurl.h" | 30 #include "url/gurl.h" |
30 | 31 |
31 namespace { | 32 namespace { |
(...skipping 11 matching lines...) Expand all Loading... |
43 | 44 |
44 void Send(const GURL& report_uri, | 45 void Send(const GURL& report_uri, |
45 base::StringPiece content_type, | 46 base::StringPiece content_type, |
46 base::StringPiece serialized_report, | 47 base::StringPiece serialized_report, |
47 const base::Callback<void()>& success_callback, | 48 const base::Callback<void()>& success_callback, |
48 const base::Callback<void(const GURL&, int, int)>& error_callback) | 49 const base::Callback<void(const GURL&, int, int)>& error_callback) |
49 override { | 50 override { |
50 latest_report_uri_ = report_uri; | 51 latest_report_uri_ = report_uri; |
51 serialized_report.CopyToString(&latest_serialized_report_); | 52 serialized_report.CopyToString(&latest_serialized_report_); |
52 content_type.CopyToString(&latest_content_type_); | 53 content_type.CopyToString(&latest_content_type_); |
| 54 if (!report_callback_.is_null()) { |
| 55 EXPECT_EQ(expected_report_uri_, latest_report_uri_); |
| 56 report_callback_.Run(); |
| 57 } |
53 } | 58 } |
54 | 59 |
55 const GURL& latest_report_uri() const { return latest_report_uri_; } | 60 const GURL& latest_report_uri() const { return latest_report_uri_; } |
56 | 61 |
57 const std::string& latest_content_type() const { | 62 const std::string& latest_content_type() const { |
58 return latest_content_type_; | 63 return latest_content_type_; |
59 } | 64 } |
60 | 65 |
61 const std::string& latest_serialized_report() const { | 66 const std::string& latest_serialized_report() const { |
62 return latest_serialized_report_; | 67 return latest_serialized_report_; |
63 } | 68 } |
64 | 69 |
| 70 // Can be called to wait for a single report, which is expected to be sent to |
| 71 // |report_uri|. Returns immediately if a report has already been sent in the |
| 72 // past. |
| 73 void WaitForReport(const GURL& report_uri) { |
| 74 if (!latest_report_uri_.is_empty()) { |
| 75 EXPECT_EQ(report_uri, latest_report_uri_); |
| 76 return; |
| 77 } |
| 78 base::RunLoop run_loop; |
| 79 report_callback_ = run_loop.QuitClosure(); |
| 80 expected_report_uri_ = report_uri; |
| 81 run_loop.Run(); |
| 82 } |
| 83 |
65 private: | 84 private: |
66 GURL latest_report_uri_; | 85 GURL latest_report_uri_; |
67 std::string latest_content_type_; | 86 std::string latest_content_type_; |
68 std::string latest_serialized_report_; | 87 std::string latest_serialized_report_; |
| 88 base::Closure report_callback_; |
| 89 GURL expected_report_uri_; |
69 }; | 90 }; |
70 | 91 |
71 // Constructs a net::SignedCertificateTimestampAndStatus with the given | 92 // Constructs a net::SignedCertificateTimestampAndStatus with the given |
72 // information and appends it to |sct_list|. | 93 // information and appends it to |sct_list|. |
73 void MakeTestSCTAndStatus( | 94 void MakeTestSCTAndStatus( |
74 net::ct::SignedCertificateTimestamp::Origin origin, | 95 net::ct::SignedCertificateTimestamp::Origin origin, |
75 const std::string& log_id, | 96 const std::string& log_id, |
76 const std::string& extensions, | 97 const std::string& extensions, |
77 const std::string& signature_data, | 98 const std::string& signature_data, |
78 const base::Time& timestamp, | 99 const base::Time& timestamp, |
(...skipping 213 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
292 } | 313 } |
293 | 314 |
294 private: | 315 private: |
295 TestExpectCTNetworkDelegate network_delegate_; | 316 TestExpectCTNetworkDelegate network_delegate_; |
296 std::unique_ptr<net::TestURLRequestContext> context_; | 317 std::unique_ptr<net::TestURLRequestContext> context_; |
297 content::TestBrowserThreadBundle thread_bundle_; | 318 content::TestBrowserThreadBundle thread_bundle_; |
298 | 319 |
299 DISALLOW_COPY_AND_ASSIGN(ChromeExpectCTReporterWaitTest); | 320 DISALLOW_COPY_AND_ASSIGN(ChromeExpectCTReporterWaitTest); |
300 }; | 321 }; |
301 | 322 |
| 323 // A test fixture that responds properly to CORS preflights so that reports can |
| 324 // be successfully sent to test_server(). |
| 325 class ChromeExpectCTReporterTest : public ::testing::Test { |
| 326 public: |
| 327 ChromeExpectCTReporterTest() |
| 328 : thread_bundle_(content::TestBrowserThreadBundle::IO_MAINLOOP) {} |
| 329 ~ChromeExpectCTReporterTest() override {} |
| 330 |
| 331 void SetUp() override { |
| 332 report_server_.RegisterRequestHandler( |
| 333 base::Bind(&ChromeExpectCTReporterTest::HandleReportPreflight, |
| 334 base::Unretained(this))); |
| 335 ASSERT_TRUE(report_server_.Start()); |
| 336 } |
| 337 |
| 338 std::unique_ptr<net::test_server::HttpResponse> HandleReportPreflight( |
| 339 const net::test_server::HttpRequest& request) { |
| 340 num_requests_++; |
| 341 if (!requests_callback_.is_null()) { |
| 342 requests_callback_.Run(); |
| 343 } |
| 344 std::unique_ptr<net::test_server::BasicHttpResponse> http_response( |
| 345 new net::test_server::BasicHttpResponse()); |
| 346 http_response->set_code(net::HTTP_OK); |
| 347 for (const auto& cors_header : cors_headers_) { |
| 348 http_response->AddCustomHeader(cors_header.first, cors_header.second); |
| 349 } |
| 350 return http_response; |
| 351 } |
| 352 |
| 353 void WaitForReportPreflight() { |
| 354 if (num_requests_ >= 1) { |
| 355 return; |
| 356 } |
| 357 base::RunLoop run_loop; |
| 358 requests_callback_ = run_loop.QuitClosure(); |
| 359 run_loop.Run(); |
| 360 } |
| 361 |
| 362 protected: |
| 363 const net::EmbeddedTestServer& test_server() { return report_server_; } |
| 364 |
| 365 // Tests that reports are not sent when the CORS preflight request returns the |
| 366 // header field |preflight_header_name| with value given by |
| 367 // |preflight_header_bad_value|, and that reports are successfully sent when |
| 368 // it has value given by |preflight_header_good_value|. |
| 369 void TestForReportPreflightFailure( |
| 370 ChromeExpectCTReporter* reporter, |
| 371 TestCertificateReportSender* sender, |
| 372 const net::HostPortPair& host_port, |
| 373 const net::SSLInfo& ssl_info, |
| 374 const std::string& preflight_header_name, |
| 375 const std::string& preflight_header_bad_value, |
| 376 const std::string& preflight_header_good_value) { |
| 377 cors_headers_[preflight_header_name] = preflight_header_bad_value; |
| 378 const GURL fail_report_uri = test_server().GetURL("/report1"); |
| 379 reporter->OnExpectCTFailed( |
| 380 host_port, fail_report_uri, base::Time(), ssl_info.cert.get(), |
| 381 ssl_info.unverified_cert.get(), ssl_info.signed_certificate_timestamps); |
| 382 WaitForReportPreflight(); |
| 383 EXPECT_TRUE(sender->latest_report_uri().is_empty()); |
| 384 EXPECT_TRUE(sender->latest_serialized_report().empty()); |
| 385 |
| 386 // Set the proper header value and send a dummy report. The test will fail |
| 387 // if the previous OnExpectCTFailed() call unexpectedly resulted in a |
| 388 // report, as WaitForReport() would see the previous report to /report1 |
| 389 // instead of the expected report to /report2. |
| 390 const GURL successful_report_uri = test_server().GetURL("/report2"); |
| 391 cors_headers_[preflight_header_name] = preflight_header_good_value; |
| 392 reporter->OnExpectCTFailed( |
| 393 host_port, successful_report_uri, base::Time(), ssl_info.cert.get(), |
| 394 ssl_info.unverified_cert.get(), ssl_info.signed_certificate_timestamps); |
| 395 sender->WaitForReport(successful_report_uri); |
| 396 EXPECT_EQ(successful_report_uri, sender->latest_report_uri()); |
| 397 } |
| 398 |
| 399 private: |
| 400 content::TestBrowserThreadBundle thread_bundle_; |
| 401 net::EmbeddedTestServer report_server_; |
| 402 uint32_t num_requests_ = 0; |
| 403 base::Closure requests_callback_; |
| 404 std::map<std::string, std::string> cors_headers_{ |
| 405 {"Access-Control-Allow-Origin", "*"}, |
| 406 {"Access-Control-Allow-Methods", "GET,POST"}, |
| 407 {"Access-Control-Allow-Headers", "content-type,another-header"}}; |
| 408 }; |
| 409 |
302 } // namespace | 410 } // namespace |
303 | 411 |
304 // Test that no report is sent when the feature is not enabled. | 412 // Test that no report is sent when the feature is not enabled. |
305 TEST(ChromeExpectCTReporterTest, FeatureDisabled) { | 413 TEST_F(ChromeExpectCTReporterTest, FeatureDisabled) { |
306 base::test::ScopedFeatureList scoped_feature_list; | |
307 scoped_feature_list.InitAndDisableFeature(features::kExpectCTReporting); | |
308 | |
309 base::MessageLoop message_loop; | |
310 base::HistogramTester histograms; | 414 base::HistogramTester histograms; |
311 histograms.ExpectTotalCount(kSendHistogramName, 0); | 415 histograms.ExpectTotalCount(kSendHistogramName, 0); |
312 | 416 |
313 TestCertificateReportSender* sender = new TestCertificateReportSender(); | 417 TestCertificateReportSender* sender = new TestCertificateReportSender(); |
314 net::TestURLRequestContext context; | 418 net::TestURLRequestContext context; |
315 ChromeExpectCTReporter reporter(&context); | 419 ChromeExpectCTReporter reporter(&context); |
316 reporter.report_sender_.reset(sender); | 420 reporter.report_sender_.reset(sender); |
317 EXPECT_TRUE(sender->latest_report_uri().is_empty()); | 421 EXPECT_TRUE(sender->latest_report_uri().is_empty()); |
318 EXPECT_TRUE(sender->latest_serialized_report().empty()); | 422 EXPECT_TRUE(sender->latest_serialized_report().empty()); |
319 | 423 |
320 net::SSLInfo ssl_info; | 424 net::SSLInfo ssl_info; |
321 ssl_info.cert = | 425 ssl_info.cert = |
322 net::ImportCertFromFile(net::GetTestCertsDirectory(), "ok_cert.pem"); | 426 net::ImportCertFromFile(net::GetTestCertsDirectory(), "ok_cert.pem"); |
323 ssl_info.unverified_cert = net::ImportCertFromFile( | 427 ssl_info.unverified_cert = net::ImportCertFromFile( |
324 net::GetTestCertsDirectory(), "localhost_cert.pem"); | 428 net::GetTestCertsDirectory(), "localhost_cert.pem"); |
325 | 429 |
326 net::HostPortPair host_port("example.test", 443); | 430 net::HostPortPair host_port("example.test", 443); |
327 GURL report_uri("http://example-report.test"); | |
328 | 431 |
329 reporter.OnExpectCTFailed(host_port, report_uri, base::Time(), | 432 { |
330 ssl_info.cert.get(), ssl_info.unverified_cert.get(), | 433 const GURL report_uri = test_server().GetURL("/report1"); |
331 ssl_info.signed_certificate_timestamps); | 434 base::test::ScopedFeatureList scoped_feature_list; |
332 EXPECT_TRUE(sender->latest_report_uri().is_empty()); | 435 scoped_feature_list.InitAndDisableFeature(features::kExpectCTReporting); |
333 EXPECT_TRUE(sender->latest_serialized_report().empty()); | |
334 | 436 |
335 histograms.ExpectTotalCount(kSendHistogramName, 0); | 437 reporter.OnExpectCTFailed( |
| 438 host_port, report_uri, base::Time(), ssl_info.cert.get(), |
| 439 ssl_info.unverified_cert.get(), ssl_info.signed_certificate_timestamps); |
| 440 EXPECT_TRUE(sender->latest_report_uri().is_empty()); |
| 441 EXPECT_TRUE(sender->latest_serialized_report().empty()); |
| 442 |
| 443 histograms.ExpectTotalCount(kSendHistogramName, 0); |
| 444 } |
| 445 |
| 446 // Enable the feature and send a dummy report. The test will fail if the |
| 447 // previous OnExpectCTFailed() call unexpectedly resulted in a report, as the |
| 448 // WaitForReport() would see the previous report to /report1 instead of the |
| 449 // expected report to /report2. |
| 450 { |
| 451 const GURL report_uri = test_server().GetURL("/report2"); |
| 452 base::test::ScopedFeatureList scoped_feature_list; |
| 453 scoped_feature_list.InitAndEnableFeature(features::kExpectCTReporting); |
| 454 reporter.OnExpectCTFailed( |
| 455 host_port, report_uri, base::Time(), ssl_info.cert.get(), |
| 456 ssl_info.unverified_cert.get(), ssl_info.signed_certificate_timestamps); |
| 457 sender->WaitForReport(report_uri); |
| 458 EXPECT_EQ(report_uri, sender->latest_report_uri()); |
| 459 } |
336 } | 460 } |
337 | 461 |
338 // Test that no report is sent if the report URI is empty. | 462 // Test that no report is sent if the report URI is empty. |
339 TEST(ChromeExpectCTReporterTest, EmptyReportURI) { | 463 TEST_F(ChromeExpectCTReporterTest, EmptyReportURI) { |
340 base::MessageLoop message_loop; | |
341 base::HistogramTester histograms; | 464 base::HistogramTester histograms; |
342 histograms.ExpectTotalCount(kSendHistogramName, 0); | 465 histograms.ExpectTotalCount(kSendHistogramName, 0); |
343 | 466 |
344 TestCertificateReportSender* sender = new TestCertificateReportSender(); | 467 TestCertificateReportSender* sender = new TestCertificateReportSender(); |
345 net::TestURLRequestContext context; | 468 net::TestURLRequestContext context; |
346 ChromeExpectCTReporter reporter(&context); | 469 ChromeExpectCTReporter reporter(&context); |
347 reporter.report_sender_.reset(sender); | 470 reporter.report_sender_.reset(sender); |
348 EXPECT_TRUE(sender->latest_report_uri().is_empty()); | 471 EXPECT_TRUE(sender->latest_report_uri().is_empty()); |
349 EXPECT_TRUE(sender->latest_serialized_report().empty()); | 472 EXPECT_TRUE(sender->latest_serialized_report().empty()); |
350 | 473 |
(...skipping 27 matching lines...) Expand all Loading... |
378 SendReport(&reporter, host_port, report_uri, base::Time(), ssl_info); | 501 SendReport(&reporter, host_port, report_uri, base::Time(), ssl_info); |
379 | 502 |
380 histograms.ExpectTotalCount(kFailureHistogramName, 1); | 503 histograms.ExpectTotalCount(kFailureHistogramName, 1); |
381 histograms.ExpectBucketCount(kFailureHistogramName, | 504 histograms.ExpectBucketCount(kFailureHistogramName, |
382 -net::ERR_CONNECTION_FAILED, 1); | 505 -net::ERR_CONNECTION_FAILED, 1); |
383 histograms.ExpectTotalCount(kSendHistogramName, 1); | 506 histograms.ExpectTotalCount(kSendHistogramName, 1); |
384 histograms.ExpectBucketCount(kSendHistogramName, true, 1); | 507 histograms.ExpectBucketCount(kSendHistogramName, true, 1); |
385 } | 508 } |
386 | 509 |
387 // Test that a sent report has the right format. | 510 // Test that a sent report has the right format. |
388 TEST(ChromeExpectCTReporterTest, SendReport) { | 511 TEST_F(ChromeExpectCTReporterTest, SendReport) { |
389 base::MessageLoop message_loop; | |
390 base::HistogramTester histograms; | 512 base::HistogramTester histograms; |
391 histograms.ExpectTotalCount(kFailureHistogramName, 0); | 513 histograms.ExpectTotalCount(kFailureHistogramName, 0); |
392 histograms.ExpectTotalCount(kSendHistogramName, 0); | 514 histograms.ExpectTotalCount(kSendHistogramName, 0); |
393 | 515 |
394 TestCertificateReportSender* sender = new TestCertificateReportSender(); | 516 TestCertificateReportSender* sender = new TestCertificateReportSender(); |
395 net::TestURLRequestContext context; | 517 net::TestURLRequestContext context; |
396 ChromeExpectCTReporter reporter(&context); | 518 ChromeExpectCTReporter reporter(&context); |
397 reporter.report_sender_.reset(sender); | 519 reporter.report_sender_.reset(sender); |
398 EXPECT_TRUE(sender->latest_report_uri().is_empty()); | 520 EXPECT_TRUE(sender->latest_report_uri().is_empty()); |
399 EXPECT_TRUE(sender->latest_serialized_report().empty()); | 521 EXPECT_TRUE(sender->latest_serialized_report().empty()); |
(...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
447 | 569 |
448 MakeTestSCTAndStatus( | 570 MakeTestSCTAndStatus( |
449 net::ct::SignedCertificateTimestamp::SCT_FROM_OCSP_RESPONSE, log_id, | 571 net::ct::SignedCertificateTimestamp::SCT_FROM_OCSP_RESPONSE, log_id, |
450 "extensions6", "signature1", now, net::ct::SCT_STATUS_OK, | 572 "extensions6", "signature1", now, net::ct::SCT_STATUS_OK, |
451 &ssl_info.signed_certificate_timestamps); | 573 &ssl_info.signed_certificate_timestamps); |
452 MakeTestSCTAndStatus(net::ct::SignedCertificateTimestamp::SCT_EMBEDDED, | 574 MakeTestSCTAndStatus(net::ct::SignedCertificateTimestamp::SCT_EMBEDDED, |
453 log_id, "extensions7", "signature2", now, | 575 log_id, "extensions7", "signature2", now, |
454 net::ct::SCT_STATUS_OK, | 576 net::ct::SCT_STATUS_OK, |
455 &ssl_info.signed_certificate_timestamps); | 577 &ssl_info.signed_certificate_timestamps); |
456 | 578 |
457 net::HostPortPair host_port("example.test", 443); | |
458 GURL report_uri("http://example-report.test"); | |
459 | |
460 const char kExpirationTimeStr[] = "2017-01-01T00:00:00.000Z"; | 579 const char kExpirationTimeStr[] = "2017-01-01T00:00:00.000Z"; |
461 base::Time expiration; | 580 base::Time expiration; |
462 ASSERT_TRUE( | 581 ASSERT_TRUE( |
463 base::Time::FromUTCExploded({2017, 1, 0, 1, 0, 0, 0, 0}, &expiration)); | 582 base::Time::FromUTCExploded({2017, 1, 0, 1, 0, 0, 0, 0}, &expiration)); |
464 | 583 |
| 584 const GURL report_uri = test_server().GetURL("/report"); |
| 585 |
465 // Check that the report is sent and contains the correct information. | 586 // Check that the report is sent and contains the correct information. |
466 reporter.OnExpectCTFailed(host_port, report_uri, expiration, | 587 reporter.OnExpectCTFailed(net::HostPortPair::FromURL(report_uri), report_uri, |
467 ssl_info.cert.get(), ssl_info.unverified_cert.get(), | 588 expiration, ssl_info.cert.get(), |
| 589 ssl_info.unverified_cert.get(), |
468 ssl_info.signed_certificate_timestamps); | 590 ssl_info.signed_certificate_timestamps); |
| 591 |
| 592 // A CORS preflight request should be sent before the actual report. |
| 593 WaitForReportPreflight(); |
| 594 sender->WaitForReport(report_uri); |
| 595 |
469 EXPECT_EQ(report_uri, sender->latest_report_uri()); | 596 EXPECT_EQ(report_uri, sender->latest_report_uri()); |
470 EXPECT_FALSE(sender->latest_serialized_report().empty()); | 597 EXPECT_FALSE(sender->latest_serialized_report().empty()); |
471 EXPECT_EQ("application/json; charset=utf-8", sender->latest_content_type()); | 598 EXPECT_EQ("application/expect-ct-report+json; charset=utf-8", |
472 ASSERT_NO_FATAL_FAILURE( | 599 sender->latest_content_type()); |
473 CheckExpectCTReport(sender->latest_serialized_report(), host_port, | 600 ASSERT_NO_FATAL_FAILURE(CheckExpectCTReport( |
474 kExpirationTimeStr, ssl_info)); | 601 sender->latest_serialized_report(), |
| 602 net::HostPortPair::FromURL(report_uri), kExpirationTimeStr, ssl_info)); |
475 | 603 |
476 histograms.ExpectTotalCount(kFailureHistogramName, 0); | 604 histograms.ExpectTotalCount(kFailureHistogramName, 0); |
477 histograms.ExpectTotalCount(kSendHistogramName, 1); | 605 histograms.ExpectTotalCount(kSendHistogramName, 1); |
478 histograms.ExpectBucketCount(kSendHistogramName, true, 1); | 606 histograms.ExpectBucketCount(kSendHistogramName, true, 1); |
479 } | 607 } |
| 608 |
| 609 // Test that no report is sent when the CORS preflight returns an invalid |
| 610 // Access-Control-Allow-Origin. |
| 611 TEST_F(ChromeExpectCTReporterTest, BadCORSPreflightResponseOrigin) { |
| 612 TestCertificateReportSender* sender = new TestCertificateReportSender(); |
| 613 net::TestURLRequestContext context; |
| 614 ChromeExpectCTReporter reporter(&context); |
| 615 reporter.report_sender_.reset(sender); |
| 616 EXPECT_TRUE(sender->latest_report_uri().is_empty()); |
| 617 EXPECT_TRUE(sender->latest_serialized_report().empty()); |
| 618 |
| 619 net::SSLInfo ssl_info; |
| 620 ssl_info.cert = |
| 621 net::ImportCertFromFile(net::GetTestCertsDirectory(), "ok_cert.pem"); |
| 622 ssl_info.unverified_cert = net::ImportCertFromFile( |
| 623 net::GetTestCertsDirectory(), "localhost_cert.pem"); |
| 624 |
| 625 base::test::ScopedFeatureList scoped_feature_list; |
| 626 scoped_feature_list.InitAndEnableFeature(features::kExpectCTReporting); |
| 627 EXPECT_TRUE(sender->latest_serialized_report().empty()); |
| 628 ASSERT_NO_FATAL_FAILURE(TestForReportPreflightFailure( |
| 629 &reporter, sender, net::HostPortPair("example.test", 443), ssl_info, |
| 630 "Access-Control-Allow-Origin", "https://another-origin.test", "null")); |
| 631 } |
| 632 |
| 633 // Test that no report is sent when the CORS preflight returns an invalid |
| 634 // Access-Control-Allow-Methods. |
| 635 TEST_F(ChromeExpectCTReporterTest, BadCORSPreflightResponseMethods) { |
| 636 TestCertificateReportSender* sender = new TestCertificateReportSender(); |
| 637 net::TestURLRequestContext context; |
| 638 ChromeExpectCTReporter reporter(&context); |
| 639 reporter.report_sender_.reset(sender); |
| 640 EXPECT_TRUE(sender->latest_report_uri().is_empty()); |
| 641 EXPECT_TRUE(sender->latest_serialized_report().empty()); |
| 642 |
| 643 net::SSLInfo ssl_info; |
| 644 ssl_info.cert = |
| 645 net::ImportCertFromFile(net::GetTestCertsDirectory(), "ok_cert.pem"); |
| 646 ssl_info.unverified_cert = net::ImportCertFromFile( |
| 647 net::GetTestCertsDirectory(), "localhost_cert.pem"); |
| 648 |
| 649 base::test::ScopedFeatureList scoped_feature_list; |
| 650 scoped_feature_list.InitAndEnableFeature(features::kExpectCTReporting); |
| 651 EXPECT_TRUE(sender->latest_serialized_report().empty()); |
| 652 ASSERT_NO_FATAL_FAILURE(TestForReportPreflightFailure( |
| 653 &reporter, sender, net::HostPortPair("example.test", 443), ssl_info, |
| 654 "Access-Control-Allow-Methods", "GET,HEAD,POSSSST", "POST")); |
| 655 } |
| 656 |
| 657 // Test that no report is sent when the CORS preflight returns an invalid |
| 658 // Access-Control-Allow-Headers. |
| 659 TEST_F(ChromeExpectCTReporterTest, BadCORSPreflightResponseHeaders) { |
| 660 TestCertificateReportSender* sender = new TestCertificateReportSender(); |
| 661 net::TestURLRequestContext context; |
| 662 ChromeExpectCTReporter reporter(&context); |
| 663 reporter.report_sender_.reset(sender); |
| 664 EXPECT_TRUE(sender->latest_report_uri().is_empty()); |
| 665 EXPECT_TRUE(sender->latest_serialized_report().empty()); |
| 666 |
| 667 net::SSLInfo ssl_info; |
| 668 ssl_info.cert = |
| 669 net::ImportCertFromFile(net::GetTestCertsDirectory(), "ok_cert.pem"); |
| 670 ssl_info.unverified_cert = net::ImportCertFromFile( |
| 671 net::GetTestCertsDirectory(), "localhost_cert.pem"); |
| 672 |
| 673 base::test::ScopedFeatureList scoped_feature_list; |
| 674 scoped_feature_list.InitAndEnableFeature(features::kExpectCTReporting); |
| 675 EXPECT_TRUE(sender->latest_serialized_report().empty()); |
| 676 ASSERT_NO_FATAL_FAILURE(TestForReportPreflightFailure( |
| 677 &reporter, sender, net::HostPortPair("example.test", 443), ssl_info, |
| 678 "Access-Control-Allow-Headers", "Not-Content-Type", "Content-Type")); |
| 679 } |
OLD | NEW |