| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/net/chrome_fraudulent_certificate_reporter.h" | 5 #include "chrome/browser/net/chrome_fraudulent_certificate_reporter.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 | 8 |
| 9 #include "base/bind.h" | 9 #include "base/bind.h" |
| 10 #include "base/files/file_path.h" | 10 #include "base/files/file_path.h" |
| 11 #include "base/memory/scoped_ptr.h" | 11 #include "base/memory/scoped_ptr.h" |
| 12 #include "base/message_loop/message_loop.h" | 12 #include "base/message_loop/message_loop.h" |
| 13 #include "base/synchronization/waitable_event.h" | 13 #include "base/synchronization/waitable_event.h" |
| 14 #include "base/threading/thread.h" | 14 #include "base/threading/thread.h" |
| 15 #include "content/public/test/test_browser_thread.h" | 15 #include "content/public/test/test_browser_thread.h" |
| 16 #include "net/base/request_priority.h" | 16 #include "net/base/request_priority.h" |
| 17 #include "net/base/test_data_directory.h" | 17 #include "net/base/test_data_directory.h" |
| 18 #include "net/cert/x509_certificate.h" | 18 #include "net/cert/x509_certificate.h" |
| 19 #include "net/http/transport_security_state.h" | 19 #include "net/http/transport_security_state.h" |
| 20 #include "net/ssl/ssl_info.h" | 20 #include "net/ssl/ssl_info.h" |
| 21 #include "net/test/cert_test_util.h" | 21 #include "net/test/cert_test_util.h" |
| 22 #include "net/url_request/fraudulent_certificate_reporter.h" | 22 #include "net/url_request/fraudulent_certificate_reporter.h" |
| 23 #include "net/url_request/url_request.h" | 23 #include "net/url_request/url_request.h" |
| 24 #include "net/url_request/url_request_context.h" | 24 #include "net/url_request/url_request_context.h" |
| 25 #include "net/url_request/url_request_test_util.h" | 25 #include "net/url_request/url_request_test_util.h" |
| 26 #include "testing/gtest/include/gtest/gtest.h" | 26 #include "testing/gtest/include/gtest/gtest.h" |
| 27 | 27 |
| 28 using content::BrowserThread; | 28 using content::BrowserThread; |
| 29 using net::FraudulentCertificateReporter; |
| 29 using net::SSLInfo; | 30 using net::SSLInfo; |
| 30 | 31 |
| 31 namespace chrome_browser_net { | 32 namespace chrome_browser_net { |
| 32 | 33 |
| 33 // Builds an SSLInfo from an invalid cert chain. In this case, the cert is | 34 // Builds an SSLInfo from an invalid cert chain. In this case, the cert is |
| 34 // expired; what matters is that the cert would not pass even a normal | 35 // expired; what matters is that the cert would not pass even a normal |
| 35 // sanity check. We test that we DO NOT send a fraudulent certificate report | 36 // sanity check. We test that we DO NOT send a fraudulent certificate report |
| 36 // in this case. | 37 // in this case. |
| 37 static SSLInfo GetBadSSLInfo() { | 38 static SSLInfo GetBadSSLInfo() { |
| 38 SSLInfo info; | 39 SSLInfo info; |
| (...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 75 : ChromeFraudulentCertificateReporter(request_context) {} | 76 : ChromeFraudulentCertificateReporter(request_context) {} |
| 76 }; | 77 }; |
| 77 | 78 |
| 78 class SendingTestReporter : public TestReporter { | 79 class SendingTestReporter : public TestReporter { |
| 79 public: | 80 public: |
| 80 explicit SendingTestReporter(net::URLRequestContext* request_context) | 81 explicit SendingTestReporter(net::URLRequestContext* request_context) |
| 81 : TestReporter(request_context), passed_(false) {} | 82 : TestReporter(request_context), passed_(false) {} |
| 82 | 83 |
| 83 // Passes if invoked with a good SSLInfo and for a hostname that is a Google | 84 // Passes if invoked with a good SSLInfo and for a hostname that is a Google |
| 84 // pinned property. | 85 // pinned property. |
| 85 void SendReport(const std::string& hostname, | 86 void SendReport(ReportType type, |
| 87 const std::string& hostname, |
| 86 const SSLInfo& ssl_info) override { | 88 const SSLInfo& ssl_info) override { |
| 87 EXPECT_TRUE(IsGoodSSLInfo(ssl_info)); | 89 EXPECT_TRUE(IsGoodSSLInfo(ssl_info)); |
| 88 EXPECT_TRUE(net::TransportSecurityState::IsGooglePinnedProperty(hostname)); | 90 EXPECT_TRUE(net::TransportSecurityState::IsGooglePinnedProperty(hostname)); |
| 89 passed_ = true; | 91 passed_ = true; |
| 90 } | 92 } |
| 91 | 93 |
| 92 ~SendingTestReporter() override { | 94 ~SendingTestReporter() override { |
| 93 // If the object is destroyed without having its SendReport method invoked, | 95 // If the object is destroyed without having its SendReport method invoked, |
| 94 // we failed. | 96 // we failed. |
| 95 EXPECT_TRUE(passed_); | 97 EXPECT_TRUE(passed_); |
| 96 } | 98 } |
| 97 | 99 |
| 98 bool passed_; | 100 bool passed_; |
| 99 }; | 101 }; |
| 100 | 102 |
| 101 class NotSendingTestReporter : public TestReporter { | 103 class NotSendingTestReporter : public TestReporter { |
| 102 public: | 104 public: |
| 103 explicit NotSendingTestReporter(net::URLRequestContext* request_context) | 105 explicit NotSendingTestReporter(net::URLRequestContext* request_context) |
| 104 : TestReporter(request_context) {} | 106 : TestReporter(request_context) {} |
| 105 | 107 |
| 106 // Passes if invoked with a bad SSLInfo and for a hostname that is not a | 108 // Passes if invoked with a bad SSLInfo and for a hostname that is not a |
| 107 // Google pinned property. | 109 // Google pinned property. |
| 108 void SendReport(const std::string& hostname, | 110 void SendReport(ReportType type, |
| 111 const std::string& hostname, |
| 109 const SSLInfo& ssl_info) override { | 112 const SSLInfo& ssl_info) override { |
| 110 EXPECT_FALSE(IsGoodSSLInfo(ssl_info)); | 113 EXPECT_FALSE(IsGoodSSLInfo(ssl_info)); |
| 111 EXPECT_FALSE(net::TransportSecurityState::IsGooglePinnedProperty(hostname)); | 114 EXPECT_FALSE(net::TransportSecurityState::IsGooglePinnedProperty(hostname)); |
| 112 } | 115 } |
| 113 }; | 116 }; |
| 114 | 117 |
| 115 // A ChromeFraudulentCertificateReporter that uses a MockURLRequest, but is | 118 // A ChromeFraudulentCertificateReporter that uses a MockURLRequest, but is |
| 116 // otherwise normal: reports are constructed and sent in the usual way. | 119 // otherwise normal: reports are constructed and sent in the usual way. |
| 117 class MockReporter : public ChromeFraudulentCertificateReporter { | 120 class MockReporter : public ChromeFraudulentCertificateReporter { |
| 118 public: | 121 public: |
| 119 explicit MockReporter(net::URLRequestContext* request_context) | 122 explicit MockReporter(net::URLRequestContext* request_context) |
| 120 : ChromeFraudulentCertificateReporter(request_context) {} | 123 : ChromeFraudulentCertificateReporter(request_context) {} |
| 121 | 124 |
| 122 scoped_ptr<net::URLRequest> CreateURLRequest( | 125 scoped_ptr<net::URLRequest> CreateURLRequest( |
| 123 net::URLRequestContext* context) override { | 126 net::URLRequestContext* context, |
| 127 const GURL& upload_url) override { |
| 124 return context->CreateRequest(GURL(std::string()), | 128 return context->CreateRequest(GURL(std::string()), |
| 125 net::DEFAULT_PRIORITY, | 129 net::DEFAULT_PRIORITY, |
| 126 NULL, | 130 NULL, |
| 127 NULL); | 131 NULL); |
| 128 } | 132 } |
| 129 | 133 |
| 130 void SendReport(const std::string& hostname, | 134 void SendReport(ReportType type, |
| 135 const std::string& hostname, |
| 131 const net::SSLInfo& ssl_info) override { | 136 const net::SSLInfo& ssl_info) override { |
| 132 DCHECK(!hostname.empty()); | 137 DCHECK(!hostname.empty()); |
| 133 DCHECK(ssl_info.is_valid()); | 138 DCHECK(ssl_info.is_valid()); |
| 134 ChromeFraudulentCertificateReporter::SendReport(hostname, ssl_info); | 139 ChromeFraudulentCertificateReporter::SendReport(REPORT_TYPE_PIN_VIOLATION, |
| 140 hostname, ssl_info); |
| 135 } | 141 } |
| 136 }; | 142 }; |
| 137 | 143 |
| 138 static void DoReportIsSent() { | 144 static void DoReportIsSent() { |
| 139 net::TestURLRequestContext context; | 145 net::TestURLRequestContext context; |
| 140 SendingTestReporter reporter(&context); | 146 SendingTestReporter reporter(&context); |
| 141 SSLInfo info = GetGoodSSLInfo(); | 147 SSLInfo info = GetGoodSSLInfo(); |
| 142 reporter.SendReport("mail.google.com", info); | 148 reporter.SendReport(FraudulentCertificateReporter::REPORT_TYPE_PIN_VIOLATION, |
| 149 "mail.google.com", info); |
| 143 } | 150 } |
| 144 | 151 |
| 145 static void DoReportIsNotSent() { | 152 static void DoReportIsNotSent() { |
| 146 net::TestURLRequestContext context; | 153 net::TestURLRequestContext context; |
| 147 NotSendingTestReporter reporter(&context); | 154 NotSendingTestReporter reporter(&context); |
| 148 SSLInfo info = GetBadSSLInfo(); | 155 SSLInfo info = GetBadSSLInfo(); |
| 149 reporter.SendReport("www.example.com", info); | 156 reporter.SendReport(FraudulentCertificateReporter::REPORT_TYPE_PIN_VIOLATION, |
| 157 "www.example.com", info); |
| 150 } | 158 } |
| 151 | 159 |
| 152 static void DoMockReportIsSent() { | 160 static void DoMockReportIsSent() { |
| 153 net::TestURLRequestContext context; | 161 net::TestURLRequestContext context; |
| 154 MockReporter reporter(&context); | 162 MockReporter reporter(&context); |
| 155 SSLInfo info = GetGoodSSLInfo(); | 163 SSLInfo info = GetGoodSSLInfo(); |
| 156 reporter.SendReport("mail.google.com", info); | 164 reporter.SendReport(FraudulentCertificateReporter::REPORT_TYPE_PIN_VIOLATION, |
| 165 "mail.google.com", info); |
| 157 } | 166 } |
| 158 | 167 |
| 159 TEST(ChromeFraudulentCertificateReporterTest, GoodBadInfo) { | 168 TEST(ChromeFraudulentCertificateReporterTest, GoodBadInfo) { |
| 160 SSLInfo good = GetGoodSSLInfo(); | 169 SSLInfo good = GetGoodSSLInfo(); |
| 161 EXPECT_TRUE(IsGoodSSLInfo(good)); | 170 EXPECT_TRUE(IsGoodSSLInfo(good)); |
| 162 | 171 |
| 163 SSLInfo bad = GetBadSSLInfo(); | 172 SSLInfo bad = GetBadSSLInfo(); |
| 164 EXPECT_FALSE(IsGoodSSLInfo(bad)); | 173 EXPECT_FALSE(IsGoodSSLInfo(bad)); |
| 165 } | 174 } |
| 166 | 175 |
| (...skipping 12 matching lines...) Expand all Loading... |
| 179 } | 188 } |
| 180 | 189 |
| 181 TEST(ChromeFraudulentCertificateReporterTest, ReportIsNotSent) { | 190 TEST(ChromeFraudulentCertificateReporterTest, ReportIsNotSent) { |
| 182 base::MessageLoopForIO loop; | 191 base::MessageLoopForIO loop; |
| 183 content::TestBrowserThread io_thread(BrowserThread::IO, &loop); | 192 content::TestBrowserThread io_thread(BrowserThread::IO, &loop); |
| 184 loop.PostTask(FROM_HERE, base::Bind(&DoReportIsNotSent)); | 193 loop.PostTask(FROM_HERE, base::Bind(&DoReportIsNotSent)); |
| 185 loop.RunUntilIdle(); | 194 loop.RunUntilIdle(); |
| 186 } | 195 } |
| 187 | 196 |
| 188 } // namespace chrome_browser_net | 197 } // namespace chrome_browser_net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 935663004:
Add checkbox for reporting invalid TLS/SSL cert chains (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master