Chromium Code Reviews Chromium Code Reviews
Issue 949633002:
Include both certificate chains in invalid cert reporting (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: chrome/browser/net/chrome_fraudulent_certificate_reporter_unittest.cc |
| diff --git a/chrome/browser/net/chrome_fraudulent_certificate_reporter_unittest.cc b/chrome/browser/net/chrome_fraudulent_certificate_reporter_unittest.cc |
| index 0a8d77b21bf820f71bcb282a37643295ed79a9c5..215a71d4e99d83a6670077fa209e84b12c0f05b8 100644 |
| --- a/chrome/browser/net/chrome_fraudulent_certificate_reporter_unittest.cc |
| +++ b/chrome/browser/net/chrome_fraudulent_certificate_reporter_unittest.cc |
| @@ -12,6 +12,7 @@ |
| #include "base/message_loop/message_loop.h" |
| #include "base/synchronization/waitable_event.h" |
| #include "base/threading/thread.h" |
| +#include "chrome/browser/net/cert_logger.pb.h" |
| #include "content/public/test/test_browser_thread.h" |
| #include "net/base/request_priority.h" |
| #include "net/base/test_data_directory.h" |
| @@ -62,6 +63,19 @@ static SSLInfo GetGoodSSLInfo() { |
| return info; |
| } |
| +static SSLInfo GetExtendedReportingSSLInfo() { |
| + SSLInfo info; |
| + // Use different cert chains for the verified chain and the chain as |
| + // sent by the server, and make sure that they are both included in |
| + // the report. |
| + info.cert = net::ImportCertFromFile(net::GetTestCertsDirectory(), |
| + "test_mail_google_com.pem"); |
| + info.is_issued_by_known_root = true; |
| + info.unverified_server_cert = |
| + net::ImportCertFromFile(net::GetTestCertsDirectory(), "expired_cert.pem"); |
| + return info; |
| +} |
| + |
| // Checks that |info| is good as required by the SSL checks performed in |
| // URLRequestHttpJob::OnStartCompleted, which are enough to trigger pin |
| // checking but not sufficient to pass |
| @@ -139,6 +153,12 @@ class MockReporter : public ChromeFraudulentCertificateReporter { |
| ChromeFraudulentCertificateReporter::SendReport(REPORT_TYPE_PIN_VIOLATION, |
| hostname, ssl_info); |
| } |
| + |
| + static std::string BuildReportPublic(ReportType type, |
|
estark
2015/02/21 06:42:23
Is this a weird pattern and/or weird name? My goal
|
| + const std::string& hostname, |
| + const net::SSLInfo& ssl_info) { |
| + return BuildReport(type, hostname, ssl_info); |
| + } |
| }; |
| static void DoReportIsSent() { |
| @@ -194,4 +214,52 @@ TEST(ChromeFraudulentCertificateReporterTest, ReportIsNotSent) { |
| loop.RunUntilIdle(); |
| } |
| +TEST(ChromeFraudulentCertificateReporterTest, BuildReportForPinningViolation) { |
| + SSLInfo info = GetGoodSSLInfo(); |
| + std::string report = MockReporter::BuildReportPublic( |
| + ChromeFraudulentCertificateReporter::REPORT_TYPE_EXTENDED_REPORTING, |
| + "mail.google.com", info); |
| + CertLoggerRequest request; |
| + request.ParseFromString(report); |
| + |
| + std::vector<std::string> cert_chain; |
| + info.cert->GetPEMEncodedChain(&cert_chain); |
| + |
| + std::string cert; |
| + for (size_t i = 0; i < cert_chain.size(); ++i) { |
| + cert += cert_chain[i]; |
| + } |
| + |
| + EXPECT_EQ(request.hostname(), "mail.google.com"); |
| + EXPECT_EQ(request.cert_chain(), cert); |
| +} |
| + |
| +TEST(ChromeFraudulentCertificateReporterTest, BuildReportForInvalidCertChain) { |
| + SSLInfo info = GetExtendedReportingSSLInfo(); |
| + std::string report = MockReporter::BuildReportPublic( |
| + ChromeFraudulentCertificateReporter::REPORT_TYPE_EXTENDED_REPORTING, |
| + "mail.google.com", info); |
| + CertLoggerRequest request; |
| + request.ParseFromString(report); |
| + |
| + std::vector<std::string> cert_chain; |
| + info.cert->GetPEMEncodedChain(&cert_chain); |
| + std::vector<std::string> unverified_server_cert_chain; |
| + info.unverified_server_cert->GetPEMEncodedChain( |
| + &unverified_server_cert_chain); |
| + |
| + std::string cert; |
| + std::string unverified_server_cert; |
| + for (size_t i = 0; i < cert_chain.size(); ++i) { |
| + cert += cert_chain[i]; |
| + } |
| + for (size_t i = 0; i < cert_chain.size(); ++i) { |
| + unverified_server_cert += unverified_server_cert_chain[i]; |
| + } |
| + |
| + EXPECT_EQ(request.hostname(), "mail.google.com"); |
| + EXPECT_EQ(request.cert_chain(), cert); |
| + EXPECT_EQ(request.unverified_server_cert_chain(), unverified_server_cert); |
| +} |
| + |
| } // namespace chrome_browser_net |
