Implement CORS preflights for Expect-CT reports

chrome/browser/ssl/chrome_expect_ct_reporter_unittest.cc

 // Copyright 2016 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/ssl/chrome_expect_ct_reporter.h"
 
 #include <string>
 
 #include "base/base64.h"
 #include "base/command_line.h"
 #include "base/json/json_reader.h"
-#include "base/message_loop/message_loop.h"
 #include "base/run_loop.h"
 #include "base/test/histogram_tester.h"
 #include "base/test/scoped_feature_list.h"
 #include "base/values.h"
 #include "chrome/common/chrome_features.h"
 #include "content/public/test/test_browser_thread_bundle.h"
 #include "net/cert/ct_serialization.h"
 #include "net/cert/signed_certificate_timestamp_and_status.h"
 #include "net/test/cert_test_util.h"
+#include "net/test/embedded_test_server/embedded_test_server.h"
+#include "net/test/embedded_test_server/http_response.h"
 #include "net/test/test_data_directory.h"
 #include "net/test/url_request/url_request_failed_job.h"
 #include "net/traffic_annotation/network_traffic_annotation_test_helper.h"
 #include "net/url_request/report_sender.h"
 #include "net/url_request/url_request_filter.h"
 #include "net/url_request/url_request_test_util.h"
 #include "testing/gtest/include/gtest/gtest.h"
 #include "url/gurl.h"
 
 namespace {
@@ skipping 11 matching lines @@
 
   void Send(const GURL& report_uri,
             base::StringPiece content_type,
             base::StringPiece serialized_report,
             const base::Callback<void()>& success_callback,
             const base::Callback<void(const GURL&, int, int)>& error_callback)
       override {
     latest_report_uri_ = report_uri;
     serialized_report.CopyToString(&latest_serialized_report_);
     content_type.CopyToString(&latest_content_type_);
+    if (!report_callback_.is_null()) {
+      EXPECT_EQ(expected_report_uri_, latest_report_uri_);
+      report_callback_.Run();
+    }
   }
 
   const GURL& latest_report_uri() const { return latest_report_uri_; }
 
   const std::string& latest_content_type() const {
     return latest_content_type_;
   }
 
   const std::string& latest_serialized_report() const {
     return latest_serialized_report_;
   }
 
+  // Can be called to wait for a single report, which is expected to be sent to
+  // |report_uri|. Returns immediately if a report has already been sent in the
+  // past.
+  void WaitForReport(const GURL& report_uri) {
+    if (!latest_report_uri_.is_empty()) {
+      EXPECT_EQ(report_uri, latest_report_uri_);
+      return;
+    }
+    base::RunLoop run_loop;
+    report_callback_ = run_loop.QuitClosure();
+    expected_report_uri_ = report_uri;
+    run_loop.Run();
+  }
+
  private:
   GURL latest_report_uri_;
   std::string latest_content_type_;
   std::string latest_serialized_report_;
+  base::Closure report_callback_;
+  GURL expected_report_uri_;
 };
 
 // Constructs a net::SignedCertificateTimestampAndStatus with the given
 // information and appends it to |sct_list|.
 void MakeTestSCTAndStatus(
     net::ct::SignedCertificateTimestamp::Origin origin,
     const std::string& log_id,
     const std::string& extensions,
     const std::string& signature_data,
     const base::Time& timestamp,
@@ skipping 213 matching lines @@
   }
 
  private:
   TestExpectCTNetworkDelegate network_delegate_;
   std::unique_ptr<net::TestURLRequestContext> context_;
   content::TestBrowserThreadBundle thread_bundle_;
 
   DISALLOW_COPY_AND_ASSIGN(ChromeExpectCTReporterWaitTest);
 };
 
+// A test fixture that responds properly to CORS preflights so that reports can
+// be successfully sent to test_server().
+class ChromeExpectCTReporterTest : public ::testing::Test {
+ public:
+  ChromeExpectCTReporterTest()
+      : thread_bundle_(content::TestBrowserThreadBundle::IO_MAINLOOP) {}
+  ~ChromeExpectCTReporterTest() override {}
+
+  void SetUp() override {
+    report_server_.RegisterRequestHandler(
+        base::Bind(&ChromeExpectCTReporterTest::HandleReportPreflight,
+                   base::Unretained(this)));
+    ASSERT_TRUE(report_server_.Start());
+  }
+
+  std::unique_ptr<net::test_server::HttpResponse> HandleReportPreflight(
+      const net::test_server::HttpRequest& request) {
+    num_requests_++;
+    if (!requests_callback_.is_null()) {
+      requests_callback_.Run();
+    }
+    std::unique_ptr<net::test_server::BasicHttpResponse> http_response(
+        new net::test_server::BasicHttpResponse());
+    http_response->set_code(net::HTTP_OK);
+    for (const auto& cors_header : cors_headers_) {
+      http_response->AddCustomHeader(cors_header.first, cors_header.second);
+    }
+    return http_response;
+  }
+
+  void WaitForReportPreflight() {
+    if (num_requests_ >= 1) {
+      return;
+    }
+    base::RunLoop run_loop;
+    requests_callback_ = run_loop.QuitClosure();
+    run_loop.Run();
+  }
+
+ protected:
+  const net::EmbeddedTestServer& test_server() { return report_server_; }
+
+  // Tests that reports are not sent when the CORS preflight request returns the
+  // header field |preflight_header_name| with value given by
+  // |preflight_header_bad_value|, and that reports are successfully sent when
+  // it has value given by |preflight_header_good_value|.
+  void TestForReportPreflightFailure(
+      ChromeExpectCTReporter* reporter,
+      TestCertificateReportSender* sender,
+      const net::HostPortPair& host_port,
+      const net::SSLInfo& ssl_info,
+      const std::string& preflight_header_name,
+      const std::string& preflight_header_bad_value,
+      const std::string& preflight_header_good_value) {
+    cors_headers_[preflight_header_name] = preflight_header_bad_value;
+    const GURL fail_report_uri = test_server().GetURL("/report1");
+    reporter->OnExpectCTFailed(
+        host_port, fail_report_uri, base::Time(), ssl_info.cert.get(),
+        ssl_info.unverified_cert.get(), ssl_info.signed_certificate_timestamps);
+    WaitForReportPreflight();
+    EXPECT_TRUE(sender->latest_report_uri().is_empty());
+    EXPECT_TRUE(sender->latest_serialized_report().empty());
+
+    // Set the proper header value and send a dummy report. The test will fail
+    // if the previous OnExpectCTFailed() call unexpectedly resulted in a
+    // report, as WaitForReport() would see the previous report to /report1
+    // instead of the expected report to /report2.
+    const GURL successful_report_uri = test_server().GetURL("/report2");
+    cors_headers_[preflight_header_name] = preflight_header_good_value;
+    reporter->OnExpectCTFailed(
+        host_port, successful_report_uri, base::Time(), ssl_info.cert.get(),
+        ssl_info.unverified_cert.get(), ssl_info.signed_certificate_timestamps);
+    sender->WaitForReport(successful_report_uri);
+    EXPECT_EQ(successful_report_uri, sender->latest_report_uri());
+  }
+
+ private:
+  content::TestBrowserThreadBundle thread_bundle_;
+  net::EmbeddedTestServer report_server_;
+  uint32_t num_requests_ = 0;
+  base::Closure requests_callback_;
+  std::map<std::string, std::string> cors_headers_{
+      {"Access-Control-Allow-Origin", "*"},
+      {"Access-Control-Allow-Methods", "GET,POST"},
+      {"Access-Control-Allow-Headers", "content-type,another-header"}};
+};
+
 }  // namespace
 
 // Test that no report is sent when the feature is not enabled.
-TEST(ChromeExpectCTReporterTest, FeatureDisabled) {
-  base::test::ScopedFeatureList scoped_feature_list;
-  scoped_feature_list.InitAndDisableFeature(features::kExpectCTReporting);
-
-  base::MessageLoop message_loop;
+TEST_F(ChromeExpectCTReporterTest, FeatureDisabled) {
   base::HistogramTester histograms;
   histograms.ExpectTotalCount(kSendHistogramName, 0);
 
   TestCertificateReportSender* sender = new TestCertificateReportSender();
   net::TestURLRequestContext context;
   ChromeExpectCTReporter reporter(&context);
   reporter.report_sender_.reset(sender);
   EXPECT_TRUE(sender->latest_report_uri().is_empty());
   EXPECT_TRUE(sender->latest_serialized_report().empty());
 
   net::SSLInfo ssl_info;
   ssl_info.cert =
       net::ImportCertFromFile(net::GetTestCertsDirectory(), "ok_cert.pem");
   ssl_info.unverified_cert = net::ImportCertFromFile(
       net::GetTestCertsDirectory(), "localhost_cert.pem");
 
   net::HostPortPair host_port("example.test", 443);
-  GURL report_uri("http://example-report.test");
 
-  reporter.OnExpectCTFailed(host_port, report_uri, base::Time(),
-                            ssl_info.cert.get(), ssl_info.unverified_cert.get(),
-                            ssl_info.signed_certificate_timestamps);
-  EXPECT_TRUE(sender->latest_report_uri().is_empty());
-  EXPECT_TRUE(sender->latest_serialized_report().empty());
+  {
+    const GURL report_uri = test_server().GetURL("/report1");
+    base::test::ScopedFeatureList scoped_feature_list;
+    scoped_feature_list.InitAndDisableFeature(features::kExpectCTReporting);
 
-  histograms.ExpectTotalCount(kSendHistogramName, 0);
+    reporter.OnExpectCTFailed(
+        host_port, report_uri, base::Time(), ssl_info.cert.get(),
+        ssl_info.unverified_cert.get(), ssl_info.signed_certificate_timestamps);
+    EXPECT_TRUE(sender->latest_report_uri().is_empty());
+    EXPECT_TRUE(sender->latest_serialized_report().empty());
+
+    histograms.ExpectTotalCount(kSendHistogramName, 0);
+  }
+
+  // Enable the feature and send a dummy report. The test will fail if the
+  // previous OnExpectCTFailed() call unexpectedly resulted in a report, as the
+  // WaitForReport() would see the previous report to /report1 instead of the
+  // expected report to /report2.
+  {
+    const GURL report_uri = test_server().GetURL("/report2");
+    base::test::ScopedFeatureList scoped_feature_list;
+    scoped_feature_list.InitAndEnableFeature(features::kExpectCTReporting);
+    reporter.OnExpectCTFailed(
+        host_port, report_uri, base::Time(), ssl_info.cert.get(),
+        ssl_info.unverified_cert.get(), ssl_info.signed_certificate_timestamps);
+    sender->WaitForReport(report_uri);
+    EXPECT_EQ(report_uri, sender->latest_report_uri());
+  }
 }
 
 // Test that no report is sent if the report URI is empty.
-TEST(ChromeExpectCTReporterTest, EmptyReportURI) {
-  base::MessageLoop message_loop;
+TEST_F(ChromeExpectCTReporterTest, EmptyReportURI) {
   base::HistogramTester histograms;
   histograms.ExpectTotalCount(kSendHistogramName, 0);
 
   TestCertificateReportSender* sender = new TestCertificateReportSender();
   net::TestURLRequestContext context;
   ChromeExpectCTReporter reporter(&context);
   reporter.report_sender_.reset(sender);
   EXPECT_TRUE(sender->latest_report_uri().is_empty());
   EXPECT_TRUE(sender->latest_serialized_report().empty());
 
@@ skipping 27 matching lines @@
   SendReport(&reporter, host_port, report_uri, base::Time(), ssl_info);
 
   histograms.ExpectTotalCount(kFailureHistogramName, 1);
   histograms.ExpectBucketCount(kFailureHistogramName,
                                -net::ERR_CONNECTION_FAILED, 1);
   histograms.ExpectTotalCount(kSendHistogramName, 1);
   histograms.ExpectBucketCount(kSendHistogramName, true, 1);
 }
 
 // Test that a sent report has the right format.
-TEST(ChromeExpectCTReporterTest, SendReport) {
-  base::MessageLoop message_loop;
+TEST_F(ChromeExpectCTReporterTest, SendReport) {
   base::HistogramTester histograms;
   histograms.ExpectTotalCount(kFailureHistogramName, 0);
   histograms.ExpectTotalCount(kSendHistogramName, 0);
 
   TestCertificateReportSender* sender = new TestCertificateReportSender();
   net::TestURLRequestContext context;
   ChromeExpectCTReporter reporter(&context);
   reporter.report_sender_.reset(sender);
   EXPECT_TRUE(sender->latest_report_uri().is_empty());
   EXPECT_TRUE(sender->latest_serialized_report().empty());
@@ skipping 47 matching lines @@
 
   MakeTestSCTAndStatus(
       net::ct::SignedCertificateTimestamp::SCT_FROM_OCSP_RESPONSE, log_id,
       "extensions6", "signature1", now, net::ct::SCT_STATUS_OK,
       &ssl_info.signed_certificate_timestamps);
   MakeTestSCTAndStatus(net::ct::SignedCertificateTimestamp::SCT_EMBEDDED,
                        log_id, "extensions7", "signature2", now,
                        net::ct::SCT_STATUS_OK,
                        &ssl_info.signed_certificate_timestamps);
 
-  net::HostPortPair host_port("example.test", 443);
-  GURL report_uri("http://example-report.test");
-
   const char kExpirationTimeStr[] = "2017-01-01T00:00:00.000Z";
   base::Time expiration;
   ASSERT_TRUE(
       base::Time::FromUTCExploded({2017, 1, 0, 1, 0, 0, 0, 0}, &expiration));
 
+  const GURL report_uri = test_server().GetURL("/report");
+
   // Check that the report is sent and contains the correct information.
-  reporter.OnExpectCTFailed(host_port, report_uri, expiration,
-                            ssl_info.cert.get(), ssl_info.unverified_cert.get(),
+  reporter.OnExpectCTFailed(net::HostPortPair::FromURL(report_uri), report_uri,
+                            expiration, ssl_info.cert.get(),
+                            ssl_info.unverified_cert.get(),
                             ssl_info.signed_certificate_timestamps);
+
+  // A CORS preflight request should be sent before the actual report.
+  WaitForReportPreflight();
+  sender->WaitForReport(report_uri);
+
   EXPECT_EQ(report_uri, sender->latest_report_uri());
   EXPECT_FALSE(sender->latest_serialized_report().empty());
-  EXPECT_EQ("application/json; charset=utf-8", sender->latest_content_type());
-  ASSERT_NO_FATAL_FAILURE(
-      CheckExpectCTReport(sender->latest_serialized_report(), host_port,
-                          kExpirationTimeStr, ssl_info));
+  EXPECT_EQ("application/expect-ct-report+json; charset=utf-8",
+            sender->latest_content_type());
+  ASSERT_NO_FATAL_FAILURE(CheckExpectCTReport(
+      sender->latest_serialized_report(),
+      net::HostPortPair::FromURL(report_uri), kExpirationTimeStr, ssl_info));
 
   histograms.ExpectTotalCount(kFailureHistogramName, 0);
   histograms.ExpectTotalCount(kSendHistogramName, 1);
   histograms.ExpectBucketCount(kSendHistogramName, true, 1);
 }
+
+// Test that no report is sent when the CORS preflight returns an invalid
+// Access-Control-Allow-Origin.
+TEST_F(ChromeExpectCTReporterTest, BadCORSPreflightResponseOrigin) {
+  TestCertificateReportSender* sender = new TestCertificateReportSender();
+  net::TestURLRequestContext context;
+  ChromeExpectCTReporter reporter(&context);
+  reporter.report_sender_.reset(sender);
+  EXPECT_TRUE(sender->latest_report_uri().is_empty());
+  EXPECT_TRUE(sender->latest_serialized_report().empty());
+
+  net::SSLInfo ssl_info;
+  ssl_info.cert =
+      net::ImportCertFromFile(net::GetTestCertsDirectory(), "ok_cert.pem");
+  ssl_info.unverified_cert = net::ImportCertFromFile(
+      net::GetTestCertsDirectory(), "localhost_cert.pem");
+
+  base::test::ScopedFeatureList scoped_feature_list;
+  scoped_feature_list.InitAndEnableFeature(features::kExpectCTReporting);
+  EXPECT_TRUE(sender->latest_serialized_report().empty());
+  ASSERT_NO_FATAL_FAILURE(TestForReportPreflightFailure(
+      &reporter, sender, net::HostPortPair("example.test", 443), ssl_info,
+      "Access-Control-Allow-Origin", "https://another-origin.test", "null"));
+}
+
+// Test that no report is sent when the CORS preflight returns an invalid
+// Access-Control-Allow-Methods.
+TEST_F(ChromeExpectCTReporterTest, BadCORSPreflightResponseMethods) {
+  TestCertificateReportSender* sender = new TestCertificateReportSender();
+  net::TestURLRequestContext context;
+  ChromeExpectCTReporter reporter(&context);
+  reporter.report_sender_.reset(sender);
+  EXPECT_TRUE(sender->latest_report_uri().is_empty());
+  EXPECT_TRUE(sender->latest_serialized_report().empty());
+
+  net::SSLInfo ssl_info;
+  ssl_info.cert =
+      net::ImportCertFromFile(net::GetTestCertsDirectory(), "ok_cert.pem");
+  ssl_info.unverified_cert = net::ImportCertFromFile(
+      net::GetTestCertsDirectory(), "localhost_cert.pem");
+
+  base::test::ScopedFeatureList scoped_feature_list;
+  scoped_feature_list.InitAndEnableFeature(features::kExpectCTReporting);
+  EXPECT_TRUE(sender->latest_serialized_report().empty());
+  ASSERT_NO_FATAL_FAILURE(TestForReportPreflightFailure(
+      &reporter, sender, net::HostPortPair("example.test", 443), ssl_info,
+      "Access-Control-Allow-Methods", "GET,HEAD,POSSSST", "POST"));
+}
+
+// Test that no report is sent when the CORS preflight returns an invalid
+// Access-Control-Allow-Headers.
+TEST_F(ChromeExpectCTReporterTest, BadCORSPreflightResponseHeaders) {
+  TestCertificateReportSender* sender = new TestCertificateReportSender();
+  net::TestURLRequestContext context;
+  ChromeExpectCTReporter reporter(&context);
+  reporter.report_sender_.reset(sender);
+  EXPECT_TRUE(sender->latest_report_uri().is_empty());
+  EXPECT_TRUE(sender->latest_serialized_report().empty());
+
+  net::SSLInfo ssl_info;
+  ssl_info.cert =
+      net::ImportCertFromFile(net::GetTestCertsDirectory(), "ok_cert.pem");
+  ssl_info.unverified_cert = net::ImportCertFromFile(
+      net::GetTestCertsDirectory(), "localhost_cert.pem");
+
+  base::test::ScopedFeatureList scoped_feature_list;
+  scoped_feature_list.InitAndEnableFeature(features::kExpectCTReporting);
+  EXPECT_TRUE(sender->latest_serialized_report().empty());
+  ASSERT_NO_FATAL_FAILURE(TestForReportPreflightFailure(
+      &reporter, sender, net::HostPortPair("example.test", 443), ssl_info,
+      "Access-Control-Allow-Headers", "Not-Content-Type", "Content-Type"));
+}