1// Copyright (c) 2012 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "chrome/browser/net/chrome_fraudulent_certificate_reporter.h" 6 7#include <string> 8 9#include "base/bind.h" 10#include "base/files/file_path.h" 11#include "base/memory/scoped_ptr.h" 12#include "base/message_loop/message_loop.h" 13#include "base/synchronization/waitable_event.h" 14#include "base/threading/thread.h" 15#include "chrome/browser/net/chrome_url_request_context.h" 16#include "content/public/test/test_browser_thread.h" 17#include "net/base/test_data_directory.h" 18#include "net/cert/x509_certificate.h" 19#include "net/http/transport_security_state.h" 20#include "net/ssl/ssl_info.h" 21#include "net/test/cert_test_util.h" 22#include "net/url_request/fraudulent_certificate_reporter.h" 23#include "net/url_request/url_request.h" 24#include "testing/gtest/include/gtest/gtest.h" 25 26using content::BrowserThread; 27using net::SSLInfo; 28 29namespace chrome_browser_net { 30 31// Builds an SSLInfo from an invalid cert chain. In this case, the cert is 32// expired; what matters is that the cert would not pass even a normal 33// sanity check. We test that we DO NOT send a fraudulent certificate report 34// in this case. 35static SSLInfo GetBadSSLInfo() { 36 SSLInfo info; 37 38 info.cert = net::ImportCertFromFile(net::GetTestCertsDirectory(), 39 "expired_cert.pem"); 40 info.cert_status = net::CERT_STATUS_DATE_INVALID; 41 info.is_issued_by_known_root = false; 42 43 return info; 44} 45 46// Builds an SSLInfo from a "good" cert chain, as defined by IsGoodSSLInfo, 47// but which does not pass DomainState::IsChainOfPublicKeysPermitted. In this 48// case, the certificate is for mail.google.com, signed by our Chrome test 49// CA. During testing, Chrome believes this CA is part of the root system 50// store. But, this CA is not in the pin list; we test that we DO send a 51// fraudulent certicate report in this case. 52static SSLInfo GetGoodSSLInfo() { 53 SSLInfo info; 54 55 info.cert = net::ImportCertFromFile(net::GetTestCertsDirectory(), 56 "test_mail_google_com.pem"); 57 info.is_issued_by_known_root = true; 58 59 return info; 60} 61 62// Checks that |info| is good as required by the SSL checks performed in 63// URLRequestHttpJob::OnStartCompleted, which are enough to trigger pin 64// checking but not sufficient to pass 65// DomainState::IsChainOfPublicKeysPermitted. 66static bool IsGoodSSLInfo(const SSLInfo& info) { 67 return info.is_valid() && info.is_issued_by_known_root; 68} 69 70class TestReporter : public ChromeFraudulentCertificateReporter { 71 public: 72 explicit TestReporter(net::URLRequestContext* request_context) 73 : ChromeFraudulentCertificateReporter(request_context) {} 74}; 75 76class SendingTestReporter : public TestReporter { 77 public: 78 explicit SendingTestReporter(net::URLRequestContext* request_context) 79 : TestReporter(request_context), passed_(false) {} 80 81 // Passes if invoked with a good SSLInfo and for a hostname that is a Google 82 // pinned property. 83 virtual void SendReport(const std::string& hostname, 84 const SSLInfo& ssl_info, 85 bool sni_available) OVERRIDE { 86 EXPECT_TRUE(IsGoodSSLInfo(ssl_info)); 87 EXPECT_TRUE(net::TransportSecurityState::IsGooglePinnedProperty( 88 hostname, sni_available)); 89 passed_ = true; 90 } 91 92 virtual ~SendingTestReporter() { 93 // If the object is destroyed without having its SendReport method invoked, 94 // we failed. 95 EXPECT_TRUE(passed_); 96 } 97 98 bool passed_; 99}; 100 101class NotSendingTestReporter : public TestReporter { 102 public: 103 explicit NotSendingTestReporter(net::URLRequestContext* request_context) 104 : TestReporter(request_context) {} 105 106 // Passes if invoked with a bad SSLInfo and for a hostname that is not a 107 // Google pinned property. 108 virtual void SendReport(const std::string& hostname, 109 const SSLInfo& ssl_info, 110 bool sni_available) OVERRIDE { 111 EXPECT_FALSE(IsGoodSSLInfo(ssl_info)); 112 EXPECT_FALSE(net::TransportSecurityState::IsGooglePinnedProperty( 113 hostname, sni_available)); 114 } 115}; 116 117// For the first version of the feature, sending reports is "fire and forget". 118// Therefore, we test only that the Reporter tried to send a request at all. 119// In the future, when we have more sophisticated (i.e., any) error handling 120// and re-tries, we will need more sopisticated tests as well. 121// 122// This class doesn't do anything now, but in near future versions it will. 123class MockURLRequest : public net::URLRequest { 124 public: 125 explicit MockURLRequest(net::URLRequestContext* context) 126 : net::URLRequest(GURL(std::string()), NULL, context) {} 127 128 private: 129}; 130 131// A ChromeFraudulentCertificateReporter that uses a MockURLRequest, but is 132// otherwise normal: reports are constructed and sent in the usual way. 133class MockReporter : public ChromeFraudulentCertificateReporter { 134 public: 135 explicit MockReporter(net::URLRequestContext* request_context) 136 : ChromeFraudulentCertificateReporter(request_context) {} 137 138 virtual net::URLRequest* CreateURLRequest( 139 net::URLRequestContext* context) OVERRIDE { 140 return new MockURLRequest(context); 141 } 142 143 virtual void SendReport( 144 const std::string& hostname, 145 const net::SSLInfo& ssl_info, 146 bool sni_available) OVERRIDE { 147 DCHECK(!hostname.empty()); 148 DCHECK(ssl_info.is_valid()); 149 ChromeFraudulentCertificateReporter::SendReport(hostname, ssl_info, 150 sni_available); 151 } 152}; 153 154static void DoReportIsSent() { 155 ChromeURLRequestContext context(ChromeURLRequestContext::CONTEXT_TYPE_MAIN, 156 NULL); 157 SendingTestReporter reporter(&context); 158 SSLInfo info = GetGoodSSLInfo(); 159 reporter.SendReport("mail.google.com", info, true); 160} 161 162static void DoReportIsNotSent() { 163 ChromeURLRequestContext context(ChromeURLRequestContext::CONTEXT_TYPE_MAIN, 164 NULL); 165 NotSendingTestReporter reporter(&context); 166 SSLInfo info = GetBadSSLInfo(); 167 reporter.SendReport("www.example.com", info, true); 168} 169 170static void DoMockReportIsSent() { 171 ChromeURLRequestContext context(ChromeURLRequestContext::CONTEXT_TYPE_MAIN, 172 NULL); 173 MockReporter reporter(&context); 174 SSLInfo info = GetGoodSSLInfo(); 175 reporter.SendReport("mail.google.com", info, true); 176} 177 178TEST(ChromeFraudulentCertificateReporterTest, GoodBadInfo) { 179 SSLInfo good = GetGoodSSLInfo(); 180 EXPECT_TRUE(IsGoodSSLInfo(good)); 181 182 SSLInfo bad = GetBadSSLInfo(); 183 EXPECT_FALSE(IsGoodSSLInfo(bad)); 184} 185 186TEST(ChromeFraudulentCertificateReporterTest, ReportIsSent) { 187 base::MessageLoop loop(base::MessageLoop::TYPE_IO); 188 content::TestBrowserThread io_thread(BrowserThread::IO, &loop); 189 loop.PostTask(FROM_HERE, base::Bind(&DoReportIsSent)); 190 loop.RunUntilIdle(); 191} 192 193TEST(ChromeFraudulentCertificateReporterTest, MockReportIsSent) { 194 base::MessageLoop loop(base::MessageLoop::TYPE_IO); 195 content::TestBrowserThread io_thread(BrowserThread::IO, &loop); 196 loop.PostTask(FROM_HERE, base::Bind(&DoMockReportIsSent)); 197 loop.RunUntilIdle(); 198} 199 200TEST(ChromeFraudulentCertificateReporterTest, ReportIsNotSent) { 201 base::MessageLoop loop(base::MessageLoop::TYPE_IO); 202 content::TestBrowserThread io_thread(BrowserThread::IO, &loop); 203 loop.PostTask(FROM_HERE, base::Bind(&DoReportIsNotSent)); 204 loop.RunUntilIdle(); 205} 206 207} // namespace chrome_browser_net 208