Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(6187)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/net/chrome_fraudulent_certificate_reporter_unittest.cc

Issue 949633002: Include both certificate chains in invalid cert reporting (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: add a comment to cert logger pb Created 5 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« chrome/browser/net/chrome_fraudulent_certificate_reporter.cc ('K') | « chrome/browser/net/chrome_fraudulent_certificate_reporter.cc ('k') | net/cert/cert_verify_proc.cc » ('j') | net/cert/cert_verify_result.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/net/chrome_fraudulent_certificate_reporter_unittest.cc
diff --git a/chrome/browser/net/chrome_fraudulent_certificate_reporter_unittest.cc b/chrome/browser/net/chrome_fraudulent_certificate_reporter_unittest.cc
index 0a8d77b21bf820f71bcb282a37643295ed79a9c5..68677d8d5f36790075fa484677497b3b042a1624 100644
--- a/chrome/browser/net/chrome_fraudulent_certificate_reporter_unittest.cc
+++ b/chrome/browser/net/chrome_fraudulent_certificate_reporter_unittest.cc
@@ -12,6 +12,7 @@
#include "base/message_loop/message_loop.h"
#include "base/synchronization/waitable_event.h"
#include "base/threading/thread.h"
+#include "chrome/browser/net/cert_logger.pb.h"
#include "content/public/test/test_browser_thread.h"
#include "net/base/request_priority.h"
#include "net/base/test_data_directory.h"
@@ -62,6 +63,19 @@ static SSLInfo GetGoodSSLInfo() {
return info;
}
+static SSLInfo GetExtendedReportingSSLInfo() {
+ SSLInfo info;
+ // Use different cert chains for the verified chain and the chain as
+ // sent by the server, and make sure that they are both included in
+ // the report.
+ info.cert = net::ImportCertFromFile(net::GetTestCertsDirectory(),
+ "test_mail_google_com.pem");
+ info.is_issued_by_known_root = true;
+ info.unverified_server_cert =
+ net::ImportCertFromFile(net::GetTestCertsDirectory(), "expired_cert.pem");
+ return info;
+}
+
// Checks that |info| is good as required by the SSL checks performed in
// URLRequestHttpJob::OnStartCompleted, which are enough to trigger pin
// checking but not sufficient to pass
@@ -139,6 +153,12 @@ class MockReporter : public ChromeFraudulentCertificateReporter {
ChromeFraudulentCertificateReporter::SendReport(REPORT_TYPE_PIN_VIOLATION,
hostname, ssl_info);
}
+
+ static std::string BuildReportPublic(ReportType type,
+ const std::string& hostname,
+ const net::SSLInfo& ssl_info) {
+ return BuildReport(type, hostname, ssl_info);
+ }
};
static void DoReportIsSent() {
@@ -194,4 +214,59 @@ TEST(ChromeFraudulentCertificateReporterTest, ReportIsNotSent) {
loop.RunUntilIdle();
}
+// Test that a report for a google.com pinning violation contains the
+// right data.
+TEST(ChromeFraudulentCertificateReporterTest, BuildReportForPinningViolation) {
+ SSLInfo info = GetGoodSSLInfo();
+ std::string report = MockReporter::BuildReportPublic(
+ ChromeFraudulentCertificateReporter::REPORT_TYPE_EXTENDED_REPORTING,
+ "mail.google.com", info);
+ CertLoggerRequest request;
+ request.ParseFromString(report);
+
+ std::vector<std::string> cert_chain;
+ info.cert->GetPEMEncodedChain(&cert_chain);
+
+ std::string expected_cert_chain;
+ for (size_t i = 0; i < cert_chain.size(); ++i) {
+ expected_cert_chain += cert_chain[i];
+ }
+
+ EXPECT_EQ(request.hostname(), "mail.google.com");
+ EXPECT_EQ(request.cert_chain(), expected_cert_chain);
+}
+
+// Test that an extended reporting report (used for invalid certificate
+// chains) contains the right data, including the chain as received by
+// the client and as verified by the client (which could be different
+// chains).
+TEST(ChromeFraudulentCertificateReporterTest, BuildReportForInvalidCertChain) {
+ SSLInfo info = GetExtendedReportingSSLInfo();
+ std::string report = MockReporter::BuildReportPublic(
+ ChromeFraudulentCertificateReporter::REPORT_TYPE_EXTENDED_REPORTING,
+ "mail.google.com", info);
+ CertLoggerRequest request;
+ request.ParseFromString(report);
+
+ std::vector<std::string> cert_chain;
+ info.cert->GetPEMEncodedChain(&cert_chain);
+ std::vector<std::string> unverified_server_cert_chain;
+ info.unverified_server_cert->GetPEMEncodedChain(
+ &unverified_server_cert_chain);
+
+ std::string expected_cert;
+ std::string expected_unverified_server_cert;
+ for (size_t i = 0; i < cert_chain.size(); ++i) {
+ expected_cert += cert_chain[i];
+ }
+ for (size_t i = 0; i < cert_chain.size(); ++i) {
+ expected_unverified_server_cert += unverified_server_cert_chain[i];
+ }
+
+ EXPECT_EQ(request.hostname(), "mail.google.com");
+ EXPECT_EQ(request.cert_chain(), expected_cert);
+ EXPECT_EQ(request.unverified_server_cert_chain(),
+ expected_unverified_server_cert);
+}
+
} // namespace chrome_browser_net
« chrome/browser/net/chrome_fraudulent_certificate_reporter.cc ('K') | « chrome/browser/net/chrome_fraudulent_certificate_reporter.cc ('k') | net/cert/cert_verify_proc.cc » ('j') | net/cert/cert_verify_result.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698