chrome/browser/ssl/certificate_error_report_unittest.cc

   1 // Copyright 2015 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "chrome/browser/ssl/certificate_error_report.h"
   6
   7 #include <set>
   8 #include <string>
   9
  10 #include "base/files/file_path.h"
  11 #include "base/files/file_util.h"
  12 #include "base/path_service.h"
  13 #include "chrome/browser/ssl/cert_logger.pb.h"
  14 #include "chrome/common/chrome_paths.h"
  15 #include "net/base/test_data_directory.h"
  16 #include "net/cert/cert_status_flags.h"
  17 #include "net/ssl/ssl_info.h"
  18 #include "net/test/cert_test_util.h"
  19 #include "testing/gtest/include/gtest/gtest.h"
  20
  21 using net::SSLInfo;
  22
  23 namespace {
  24
  25 const char kDummyHostname[] = "dummy.hostname.com";
  26 const char kDummyFailureLog[] = "dummy failure log";
  27 const char kTestCertFilename[] = "test_mail_google_com.pem";
  28
  29 const net::CertStatus kCertStatus =
  30     net::CERT_STATUS_COMMON_NAME_INVALID | net::CERT_STATUS_REVOKED;
  31 const size_t kNumCertErrors = 2;
  32
  33 const CertLoggerRequest::CertError kFirstReportedCertError =
  34     CertLoggerRequest::ERR_CERT_COMMON_NAME_INVALID;
  35 const CertLoggerRequest::CertError kSecondReportedCertError =
  36     CertLoggerRequest::ERR_CERT_REVOKED;
  37
  38 // Whether to include an unverified certificate chain in the test
  39 // SSLInfo. In production code, an unverified cert chain will not be
  40 // present if the resource was loaded from cache.
  41 enum UnverifiedCertChainStatus {
  42   INCLUDE_UNVERIFIED_CERT_CHAIN,
  43   EXCLUDE_UNVERIFIED_CERT_CHAIN
  44 };
  45
  46 SSLInfo GetTestSSLInfo(UnverifiedCertChainStatus unverified_cert_chain_status) {
  47   SSLInfo info;
  48   info.cert =
  49       net::ImportCertFromFile(net::GetTestCertsDirectory(), kTestCertFilename);
  50   if (unverified_cert_chain_status == INCLUDE_UNVERIFIED_CERT_CHAIN) {
  51     info.unverified_cert = net::ImportCertFromFile(net::GetTestCertsDirectory(),
  52                                                    kTestCertFilename);
  53   }
  54   info.is_issued_by_known_root = true;
  55   info.cert_status = kCertStatus;
  56   info.pinning_failure_log = kDummyFailureLog;
  57   return info;
  58 }
  59
  60 std::string GetPEMEncodedChain() {
  61   base::FilePath cert_path =
  62       net::GetTestCertsDirectory().AppendASCII(kTestCertFilename);
  63   std::string cert_data;
  64   EXPECT_TRUE(base::ReadFileToString(cert_path, &cert_data));
  65   return cert_data;
  66 }
  67
  68 // Test that a serialized CertificateErrorReport can be deserialized as
  69 // a CertLoggerRequest protobuf (which is the format that the receiving
  70 // server expects it in) with the right data in it.
  71 TEST(CertificateErrorReportTest, SerializedReportAsProtobuf) {
  72   SSLInfo ssl_info = GetTestSSLInfo(INCLUDE_UNVERIFIED_CERT_CHAIN);
  73
  74   std::string serialized_report;
  75   CertificateErrorReport report(kDummyHostname, ssl_info);
  76   report.Serialize(&serialized_report);
  77
  78   CertLoggerRequest deserialized_report;
  79   ASSERT_TRUE(deserialized_report.ParseFromString(serialized_report));
  80   EXPECT_EQ(kDummyHostname, deserialized_report.hostname());
  81   EXPECT_EQ(GetPEMEncodedChain(), deserialized_report.cert_chain());
  82   EXPECT_EQ(GetPEMEncodedChain(), deserialized_report.unverified_cert_chain());
  83   EXPECT_EQ(1, deserialized_report.pin().size());
  84   EXPECT_EQ(kDummyFailureLog, deserialized_report.pin().Get(0));
  85
  86   std::set<CertLoggerRequest::CertError> reported_errors;
  87   reported_errors.insert(static_cast<CertLoggerRequest::CertError>(
  88       deserialized_report.cert_error().Get(0)));
  89   reported_errors.insert(static_cast<CertLoggerRequest::CertError>(
  90       deserialized_report.cert_error().Get(1)));
  91   EXPECT_EQ(kNumCertErrors, reported_errors.size());
  92   EXPECT_EQ(1u, reported_errors.count(kFirstReportedCertError));
  93   EXPECT_EQ(1u, reported_errors.count(kSecondReportedCertError));
  94 }
  95
  96 TEST(CertificateErrorReportTest,
  97      SerializedReportAsProtobufWithInterstitialInfo) {
  98   // Use EXCLUDE_UNVERIFIED_CERT_CHAIN here to exercise the code path
  99   // where SSLInfo does not contain the unverified cert chain. (The test
 100   // above exercises the path where it does.)
 101   SSLInfo ssl_info = GetTestSSLInfo(EXCLUDE_UNVERIFIED_CERT_CHAIN);
 102
 103   std::string serialized_report;
 104   CertificateErrorReport report(kDummyHostname, ssl_info);
 105
 106   const CertificateErrorReport::InterstitialReason interstitial_reason =
 107       CertificateErrorReport::INTERSTITIAL_CLOCK;
 108   const CertificateErrorReport::ProceedDecision proceeded =
 109       CertificateErrorReport::USER_PROCEEDED;
 110   const CertificateErrorReport::Overridable overridable =
 111       CertificateErrorReport::INTERSTITIAL_OVERRIDABLE;
 112
 113   report.SetInterstitialInfo(interstitial_reason, proceeded, overridable);
 114
 115   report.Serialize(&serialized_report);
 116
 117   CertLoggerRequest deserialized_report;
 118   ASSERT_TRUE(deserialized_report.ParseFromString(serialized_report));
 119   EXPECT_EQ(kDummyHostname, deserialized_report.hostname());
 120   EXPECT_EQ(GetPEMEncodedChain(), deserialized_report.cert_chain());
 121   EXPECT_EQ(std::string(), deserialized_report.unverified_cert_chain());
 122   EXPECT_EQ(1, deserialized_report.pin().size());
 123   EXPECT_EQ(kDummyFailureLog, deserialized_report.pin().Get(0));
 124
 125   EXPECT_EQ(CertLoggerInterstitialInfo::INTERSTITIAL_CLOCK,
 126             deserialized_report.interstitial_info().interstitial_reason());
 127   EXPECT_EQ(true, deserialized_report.interstitial_info().user_proceeded());
 128   EXPECT_EQ(true, deserialized_report.interstitial_info().overridable());
 129
 130   std::set<CertLoggerRequest::CertError> reported_errors;
 131   reported_errors.insert(static_cast<CertLoggerRequest::CertError>(
 132       deserialized_report.cert_error().Get(0)));
 133   reported_errors.insert(static_cast<CertLoggerRequest::CertError>(
 134       deserialized_report.cert_error().Get(1)));
 135   EXPECT_EQ(kNumCertErrors, reported_errors.size());
 136   EXPECT_EQ(1u, reported_errors.count(kFirstReportedCertError));
 137   EXPECT_EQ(1u, reported_errors.count(kSecondReportedCertError));
 138 }
 139
 140 // Test that a serialized report can be parsed.
 141 TEST(CertificateErrorReportTest, ParseSerializedReport) {
 142   SSLInfo ssl_info = GetTestSSLInfo(EXCLUDE_UNVERIFIED_CERT_CHAIN);
 143
 144   std::string serialized_report;
 145   CertificateErrorReport report(kDummyHostname, ssl_info);
 146   EXPECT_EQ(kDummyHostname, report.hostname());
 147   report.Serialize(&serialized_report);
 148
 149   CertificateErrorReport parsed;
 150   ASSERT_TRUE(parsed.InitializeFromString(serialized_report));
 151   EXPECT_EQ(report.hostname(), parsed.hostname());
 152 }
 153
 154 }  // namespace