chrome/browser/ssl/chrome_fraudulent_certificate_reporter_unittest.cc

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "chrome/browser/ssl/chrome_fraudulent_certificate_reporter.h"
   6
   7 #include <string>
   8
   9 #include "base/bind.h"
  10 #include "base/files/file_path.h"
  11 #include "base/location.h"
  12 #include "base/memory/scoped_ptr.h"
  13 #include "base/message_loop/message_loop.h"
  14 #include "base/single_thread_task_runner.h"
  15 #include "base/synchronization/waitable_event.h"
  16 #include "base/threading/thread.h"
  17 #include "chrome/browser/net/certificate_error_reporter.h"
  18 #include "content/public/test/test_browser_thread.h"
  19 #include "net/base/request_priority.h"
  20 #include "net/base/test_data_directory.h"
  21 #include "net/cert/x509_certificate.h"
  22 #include "net/http/transport_security_state.h"
  23 #include "net/ssl/ssl_info.h"
  24 #include "net/test/cert_test_util.h"
  25 #include "net/url_request/fraudulent_certificate_reporter.h"
  26 #include "net/url_request/url_request.h"
  27 #include "net/url_request/url_request_context.h"
  28 #include "net/url_request/url_request_test_util.h"
  29 #include "testing/gtest/include/gtest/gtest.h"
  30
  31 using chrome_browser_net::CertificateErrorReporter;
  32 using content::BrowserThread;
  33 using net::SSLInfo;
  34
  35 namespace {
  36
  37 // Builds an SSLInfo from an invalid cert chain. In this case, the cert is
  38 // expired; what matters is that the cert would not pass even a normal
  39 // sanity check. We test that we DO NOT send a fraudulent certificate report
  40 // in this case.
  41 static SSLInfo GetBadSSLInfo() {
  42   SSLInfo info;
  43
  44   info.cert =
  45       net::ImportCertFromFile(net::GetTestCertsDirectory(), "expired_cert.pem");
  46   info.cert_status = net::CERT_STATUS_DATE_INVALID;
  47   info.is_issued_by_known_root = false;
  48
  49   return info;
  50 }
  51
  52 // Builds an SSLInfo from a "good" cert chain, as defined by IsGoodSSLInfo,
  53 // but which does not pass DomainState::IsChainOfPublicKeysPermitted. In this
  54 // case, the certificate is for mail.google.com, signed by our Chrome test
  55 // CA. During testing, Chrome believes this CA is part of the root system
  56 // store. But, this CA is not in the pin list; we test that we DO send a
  57 // fraudulent certicate report in this case.
  58 static SSLInfo GetGoodSSLInfo() {
  59   SSLInfo info;
  60
  61   info.cert = net::ImportCertFromFile(net::GetTestCertsDirectory(),
  62                                       "test_mail_google_com.pem");
  63   info.is_issued_by_known_root = true;
  64
  65   return info;
  66 }
  67
  68 // Checks that |info| is good as required by the SSL checks performed in
  69 // URLRequestHttpJob::OnStartCompleted, which are enough to trigger pin
  70 // checking but not sufficient to pass
  71 // DomainState::IsChainOfPublicKeysPermitted.
  72 static bool IsGoodSSLInfo(const SSLInfo& info) {
  73   return info.is_valid() && info.is_issued_by_known_root;
  74 }
  75
  76 class TestReporter : public ChromeFraudulentCertificateReporter {
  77  public:
  78   explicit TestReporter(net::URLRequestContext* request_context)
  79       : ChromeFraudulentCertificateReporter(request_context) {}
  80 };
  81
  82 class SendingTestReporter : public TestReporter {
  83  public:
  84   explicit SendingTestReporter(net::URLRequestContext* request_context)
  85       : TestReporter(request_context), passed_(false) {}
  86
  87   // Passes if invoked with a good SSLInfo and for a hostname that is a Google
  88   // pinned property.
  89   void SendReport(const std::string& hostname,
  90                   const SSLInfo& ssl_info) override {
  91     EXPECT_TRUE(IsGoodSSLInfo(ssl_info));
  92     EXPECT_TRUE(net::TransportSecurityState::IsGooglePinnedProperty(hostname));
  93     passed_ = true;
  94   }
  95
  96   ~SendingTestReporter() override {
  97     // If the object is destroyed without having its SendReport method invoked,
  98     // we failed.
  99     EXPECT_TRUE(passed_);
 100   }
 101
 102   bool passed_;
 103 };
 104
 105 class NotSendingTestReporter : public TestReporter {
 106  public:
 107   explicit NotSendingTestReporter(net::URLRequestContext* request_context)
 108       : TestReporter(request_context) {}
 109
 110   // Passes if invoked with a bad SSLInfo and for a hostname that is not a
 111   // Google pinned property.
 112   void SendReport(const std::string& hostname,
 113                   const SSLInfo& ssl_info) override {
 114     EXPECT_FALSE(IsGoodSSLInfo(ssl_info));
 115     EXPECT_FALSE(net::TransportSecurityState::IsGooglePinnedProperty(hostname));
 116   }
 117 };
 118
 119 // A CertificateErrorReporter that uses a MockURLRequest, but is
 120 // otherwise normal: reports are constructed and sent in the usual way.
 121 class MockReporter : public CertificateErrorReporter {
 122  public:
 123   explicit MockReporter(net::URLRequestContext* request_context)
 124       : CertificateErrorReporter(
 125             request_context,
 126             GURL("http://example.com"),
 127             CertificateErrorReporter::DO_NOT_SEND_COOKIES) {}
 128
 129   void SendReport(ReportType type,
 130                   const std::string& serialized_report) override {
 131     EXPECT_EQ(type, REPORT_TYPE_PINNING_VIOLATION);
 132     EXPECT_FALSE(serialized_report.empty());
 133     CertificateErrorReporter::SendReport(type, serialized_report);
 134   }
 135
 136  private:
 137   scoped_ptr<net::URLRequest> CreateURLRequest(
 138       net::URLRequestContext* context) override {
 139     return context->CreateRequest(GURL(std::string()), net::DEFAULT_PRIORITY,
 140                                   NULL);
 141   }
 142 };
 143
 144 static void DoReportIsSent() {
 145   net::TestURLRequestContext context;
 146   SendingTestReporter reporter(&context);
 147   SSLInfo info = GetGoodSSLInfo();
 148   reporter.SendReport("mail.google.com", info);
 149 }
 150
 151 static void DoReportIsNotSent() {
 152   net::TestURLRequestContext context;
 153   NotSendingTestReporter reporter(&context);
 154   SSLInfo info = GetBadSSLInfo();
 155   reporter.SendReport("www.example.com", info);
 156 }
 157
 158 static void DoMockReportIsSent() {
 159   net::TestURLRequestContext context;
 160   scoped_ptr<MockReporter> error_reporter(new MockReporter(&context));
 161   ChromeFraudulentCertificateReporter reporter(error_reporter.Pass());
 162   SSLInfo info = GetGoodSSLInfo();
 163   reporter.SendReport("mail.google.com", info);
 164 }
 165
 166 TEST(ChromeFraudulentCertificateReporterTest, GoodBadInfo) {
 167   SSLInfo good = GetGoodSSLInfo();
 168   EXPECT_TRUE(IsGoodSSLInfo(good));
 169
 170   SSLInfo bad = GetBadSSLInfo();
 171   EXPECT_FALSE(IsGoodSSLInfo(bad));
 172 }
 173
 174 TEST(ChromeFraudulentCertificateReporterTest, ReportIsSent) {
 175   base::MessageLoopForIO loop;
 176   content::TestBrowserThread io_thread(BrowserThread::IO, &loop);
 177   loop.task_runner()->PostTask(FROM_HERE, base::Bind(&DoReportIsSent));
 178   loop.RunUntilIdle();
 179 }
 180
 181 TEST(ChromeFraudulentCertificateReporterTest, MockReportIsSent) {
 182   base::MessageLoopForIO loop;
 183   content::TestBrowserThread io_thread(BrowserThread::IO, &loop);
 184   loop.task_runner()->PostTask(FROM_HERE, base::Bind(&DoMockReportIsSent));
 185   loop.RunUntilIdle();
 186 }
 187
 188 TEST(ChromeFraudulentCertificateReporterTest, ReportIsNotSent) {
 189   base::MessageLoopForIO loop;
 190   content::TestBrowserThread io_thread(BrowserThread::IO, &loop);
 191   loop.task_runner()->PostTask(FROM_HERE, base::Bind(&DoReportIsNotSent));
 192   loop.RunUntilIdle();
 193 }
 194
 195 }  // namespace