components/certificate_transparency/log_proof_fetcher_unittest.cc

   1 // Copyright 2015 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "components/certificate_transparency/log_proof_fetcher.h"
   6
   7 #include <string>
   8
   9 #include "base/strings/stringprintf.h"
  10 #include "components/safe_json/testing_json_parser.h"
  11 #include "net/base/net_errors.h"
  12 #include "net/base/network_delegate.h"
  13 #include "net/cert/signed_tree_head.h"
  14 #include "net/http/http_status_code.h"
  15 #include "net/test/ct_test_util.h"
  16 #include "net/url_request/url_request_context.h"
  17 #include "net/url_request/url_request_filter.h"
  18 #include "net/url_request/url_request_interceptor.h"
  19 #include "net/url_request/url_request_job.h"
  20 #include "net/url_request/url_request_test_job.h"
  21 #include "net/url_request/url_request_test_util.h"
  22 #include "testing/gtest/include/gtest/gtest.h"
  23
  24 namespace certificate_transparency {
  25
  26 namespace {
  27
  28 const char kGetSTHHeaders[] =
  29     "HTTP/1.1 200 OK\0"
  30     "Content-Type: application/json; charset=ISO-8859-1\0";
  31
  32 const char kGetSTHNotFoundHeaders[] =
  33     "HTTP/1.1 404 Not Found\0"
  34     "Content-Type: text/html; charset=iso-8859-1\0";
  35
  36 const char kLogSchema[] = "https";
  37 const char kLogHost[] = "ct.log.example.com";
  38 const char kLogPathPrefix[] = "somelog";
  39 const char kLogID[] = "some_id";
  40
  41 class FetchSTHTestJob : public net::URLRequestTestJob {
  42  public:
  43   FetchSTHTestJob(const std::string& get_sth_data,
  44                   const std::string& get_sth_headers,
  45                   net::URLRequest* request,
  46                   net::NetworkDelegate* network_delegate)
  47       : URLRequestTestJob(request,
  48                           network_delegate,
  49                           get_sth_headers,
  50                           get_sth_data,
  51                           true),
  52         async_io_(false) {}
  53
  54   void set_async_io(bool async_io) { async_io_ = async_io; }
  55
  56  private:
  57   ~FetchSTHTestJob() override {}
  58
  59   bool NextReadAsync() override {
  60     // Response with indication of async IO only once, otherwise the final
  61     // Read would (incorrectly) be classified as async, causing the
  62     // URLRequestJob to try reading another time and failing on a CHECK
  63     // that the raw_read_buffer_ is not null.
  64     // According to mmenke@, this is a bug in the URLRequestTestJob code.
  65     // TODO(eranm): Once said bug is fixed, switch most tests to using async
  66     // IO.
  67     if (async_io_) {
  68       async_io_ = false;
  69       return true;
  70     }
  71     return false;
  72   }
  73
  74   bool async_io_;
  75
  76   DISALLOW_COPY_AND_ASSIGN(FetchSTHTestJob);
  77 };
  78
  79 class GetSTHResponseHandler : public net::URLRequestInterceptor {
  80  public:
  81   GetSTHResponseHandler()
  82       : async_io_(false),
  83         response_body_(""),
  84         response_headers_(
  85             std::string(kGetSTHHeaders, arraysize(kGetSTHHeaders))) {}
  86   ~GetSTHResponseHandler() override {}
  87
  88   // URLRequestInterceptor implementation:
  89   net::URLRequestJob* MaybeInterceptRequest(
  90       net::URLRequest* request,
  91       net::NetworkDelegate* network_delegate) const override {
  92     std::string expected_url = base::StringPrintf(
  93         "%s://%s/%s/ct/v1/get-sth", kLogSchema, kLogHost, kLogPathPrefix);
  94     EXPECT_EQ(GURL(expected_url), request->url());
  95     FetchSTHTestJob* job = new FetchSTHTestJob(
  96         response_body_, response_headers_, request, network_delegate);
  97     job->set_async_io(async_io_);
  98     return job;
  99   }
 100
 101   void set_response_body(std::string response_body) {
 102     response_body_ = response_body;
 103   }
 104
 105   void set_response_headers(std::string response_headers) {
 106     response_headers_ = response_headers;
 107   }
 108
 109   void set_async_io(bool async_io) { async_io_ = async_io; }
 110
 111  private:
 112   bool async_io_;
 113   std::string response_body_;
 114   std::string response_headers_;
 115
 116   DISALLOW_COPY_AND_ASSIGN(GetSTHResponseHandler);
 117 };
 118
 119 class RecordFetchCallbackInvocations {
 120  public:
 121   RecordFetchCallbackInvocations(bool expect_success)
 122       : expect_success_(expect_success),
 123         invoked_(false),
 124         net_error_(net::OK),
 125         http_response_code_(-1) {}
 126
 127   void STHFetched(const std::string& log_id,
 128                   const net::ct::SignedTreeHead& sth) {
 129     ASSERT_TRUE(expect_success_);
 130     ASSERT_FALSE(invoked_);
 131     invoked_ = true;
 132     // If expected to succeed, expecting the known_good STH.
 133     net::ct::SignedTreeHead expected_sth;
 134     net::ct::GetSampleSignedTreeHead(&expected_sth);
 135
 136     EXPECT_EQ(kLogID, log_id);
 137     EXPECT_EQ(expected_sth.version, sth.version);
 138     EXPECT_EQ(expected_sth.timestamp, sth.timestamp);
 139     EXPECT_EQ(expected_sth.tree_size, sth.tree_size);
 140     EXPECT_STREQ(expected_sth.sha256_root_hash, sth.sha256_root_hash);
 141     EXPECT_EQ(expected_sth.signature.hash_algorithm,
 142               sth.signature.hash_algorithm);
 143     EXPECT_EQ(expected_sth.signature.signature_algorithm,
 144               sth.signature.signature_algorithm);
 145     EXPECT_EQ(expected_sth.signature.signature_data,
 146               sth.signature.signature_data);
 147   }
 148
 149   void FetchingFailed(const std::string& log_id,
 150                       int net_error,
 151                       int http_response_code) {
 152     ASSERT_FALSE(expect_success_);
 153     ASSERT_FALSE(invoked_);
 154     invoked_ = true;
 155     net_error_ = net_error;
 156     http_response_code_ = http_response_code;
 157     if (net_error_ == net::OK) {
 158       EXPECT_NE(net::HTTP_OK, http_response_code_);
 159     }
 160   }
 161
 162   bool invoked() const { return invoked_; }
 163
 164   int net_error() const { return net_error_; }
 165
 166   int http_response_code() const { return http_response_code_; }
 167
 168  private:
 169   const bool expect_success_;
 170   bool invoked_;
 171   int net_error_;
 172   int http_response_code_;
 173 };
 174
 175 class LogProofFetcherTest : public ::testing::Test {
 176  public:
 177   LogProofFetcherTest()
 178       : log_url_(base::StringPrintf("%s://%s/%s/",
 179                                     kLogSchema,
 180                                     kLogHost,
 181                                     kLogPathPrefix)) {
 182     scoped_ptr<GetSTHResponseHandler> handler(new GetSTHResponseHandler());
 183     handler_ = handler.get();
 184
 185     net::URLRequestFilter::GetInstance()->AddHostnameInterceptor(
 186         kLogSchema, kLogHost, handler.Pass());
 187
 188     fetcher_.reset(new LogProofFetcher(&context_));
 189   }
 190
 191   ~LogProofFetcherTest() override {
 192     net::URLRequestFilter::GetInstance()->RemoveHostnameHandler(kLogSchema,
 193                                                                 kLogHost);
 194   }
 195
 196  protected:
 197   void SetValidSTHJSONResponse() {
 198     std::string sth_json_reply_data = net::ct::GetSampleSTHAsJson();
 199     handler_->set_response_body(sth_json_reply_data);
 200   }
 201
 202   void RunFetcherWithCallback(RecordFetchCallbackInvocations* callback) {
 203     fetcher_->FetchSignedTreeHead(
 204         log_url_, kLogID,
 205         base::Bind(&RecordFetchCallbackInvocations::STHFetched,
 206                    base::Unretained(callback)),
 207         base::Bind(&RecordFetchCallbackInvocations::FetchingFailed,
 208                    base::Unretained(callback)));
 209     message_loop_.RunUntilIdle();
 210   }
 211
 212   base::MessageLoopForIO message_loop_;
 213   net::TestURLRequestContext context_;
 214   safe_json::TestingJsonParser::ScopedFactoryOverride factory_override_;
 215   scoped_ptr<LogProofFetcher> fetcher_;
 216   const GURL log_url_;
 217   GetSTHResponseHandler* handler_;
 218 };
 219
 220 TEST_F(LogProofFetcherTest, TestValidGetReply) {
 221   SetValidSTHJSONResponse();
 222
 223   RecordFetchCallbackInvocations callback(true);
 224
 225   RunFetcherWithCallback(&callback);
 226
 227   ASSERT_TRUE(callback.invoked());
 228 }
 229
 230 TEST_F(LogProofFetcherTest, TestValidGetReplyAsyncIO) {
 231   SetValidSTHJSONResponse();
 232   handler_->set_async_io(true);
 233
 234   RecordFetchCallbackInvocations callback(true);
 235   RunFetcherWithCallback(&callback);
 236
 237   ASSERT_TRUE(callback.invoked());
 238 }
 239
 240 TEST_F(LogProofFetcherTest, TestInvalidGetReplyIncompleteJSON) {
 241   std::string sth_json_reply_data = net::ct::CreateSignedTreeHeadJsonString(
 242       21 /* tree_size */, 123456u /* timestamp */, std::string(),
 243       std::string());
 244   handler_->set_response_body(sth_json_reply_data);
 245
 246   RecordFetchCallbackInvocations callback(false);
 247   RunFetcherWithCallback(&callback);
 248
 249   ASSERT_TRUE(callback.invoked());
 250   EXPECT_EQ(net::ERR_CT_STH_INCOMPLETE, callback.net_error());
 251 }
 252
 253 TEST_F(LogProofFetcherTest, TestInvalidGetReplyInvalidJSON) {
 254   std::string sth_json_reply_data = "{\"tree_size\":21,\"timestamp\":}";
 255   handler_->set_response_body(sth_json_reply_data);
 256
 257   RecordFetchCallbackInvocations callback(false);
 258   RunFetcherWithCallback(&callback);
 259
 260   ASSERT_TRUE(callback.invoked());
 261   EXPECT_EQ(net::ERR_CT_STH_PARSING_FAILED, callback.net_error());
 262 }
 263
 264 TEST_F(LogProofFetcherTest, TestLogReplyIsTooLong) {
 265   std::string sth_json_reply_data = net::ct::GetSampleSTHAsJson();
 266   // Add kMaxLogResponseSizeInBytes to make sure the response is too big.
 267   sth_json_reply_data.append(
 268       std::string(LogProofFetcher::kMaxLogResponseSizeInBytes, ' '));
 269   handler_->set_response_body(sth_json_reply_data);
 270
 271   RecordFetchCallbackInvocations callback(false);
 272   RunFetcherWithCallback(&callback);
 273
 274   ASSERT_TRUE(callback.invoked());
 275   EXPECT_EQ(net::ERR_FILE_TOO_BIG, callback.net_error());
 276   EXPECT_EQ(net::HTTP_OK, callback.http_response_code());
 277 }
 278
 279 TEST_F(LogProofFetcherTest, TestLogReplyIsExactlyMaxSize) {
 280   std::string sth_json_reply_data = net::ct::GetSampleSTHAsJson();
 281   // Extend the reply to be exactly kMaxLogResponseSizeInBytes.
 282   sth_json_reply_data.append(std::string(
 283       LogProofFetcher::kMaxLogResponseSizeInBytes - sth_json_reply_data.size(),
 284       ' '));
 285   handler_->set_response_body(sth_json_reply_data);
 286
 287   RecordFetchCallbackInvocations callback(true);
 288   RunFetcherWithCallback(&callback);
 289
 290   ASSERT_TRUE(callback.invoked());
 291 }
 292
 293 TEST_F(LogProofFetcherTest, TestLogRepliesWithHttpError) {
 294   handler_->set_response_headers(
 295       std::string(kGetSTHNotFoundHeaders, arraysize(kGetSTHNotFoundHeaders)));
 296
 297   RecordFetchCallbackInvocations callback(false);
 298   RunFetcherWithCallback(&callback);
 299
 300   ASSERT_TRUE(callback.invoked());
 301   EXPECT_EQ(net::OK, callback.net_error());
 302   EXPECT_EQ(net::HTTP_NOT_FOUND, callback.http_response_code());
 303 }
 304
 305 }  // namespace
 306
 307 }  // namespace certificate_transparency