1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "chrome/browser/net/chrome_fraudulent_certificate_reporter.h"
6
7#include <string>
8
9#include "base/bind.h"
10#include "base/files/file_path.h"
11#include "base/memory/scoped_ptr.h"
12#include "base/message_loop/message_loop.h"
13#include "base/synchronization/waitable_event.h"
14#include "base/threading/thread.h"
15#include "chrome/browser/net/chrome_url_request_context.h"
16#include "content/public/test/test_browser_thread.h"
17#include "net/base/test_data_directory.h"
18#include "net/cert/x509_certificate.h"
19#include "net/http/transport_security_state.h"
20#include "net/ssl/ssl_info.h"
21#include "net/test/cert_test_util.h"
22#include "net/url_request/fraudulent_certificate_reporter.h"
23#include "net/url_request/url_request.h"
24#include "testing/gtest/include/gtest/gtest.h"
25
26using content::BrowserThread;
27using net::SSLInfo;
28
29namespace chrome_browser_net {
30
31// Builds an SSLInfo from an invalid cert chain. In this case, the cert is
32// expired; what matters is that the cert would not pass even a normal
33// sanity check. We test that we DO NOT send a fraudulent certificate report
34// in this case.
35static SSLInfo GetBadSSLInfo() {
36  SSLInfo info;
37
38  info.cert = net::ImportCertFromFile(net::GetTestCertsDirectory(),
39                                      "expired_cert.pem");
40  info.cert_status = net::CERT_STATUS_DATE_INVALID;
41  info.is_issued_by_known_root = false;
42
43  return info;
44}
45
46// Builds an SSLInfo from a "good" cert chain, as defined by IsGoodSSLInfo,
47// but which does not pass DomainState::IsChainOfPublicKeysPermitted. In this
48// case, the certificate is for mail.google.com, signed by our Chrome test
49// CA. During testing, Chrome believes this CA is part of the root system
50// store. But, this CA is not in the pin list; we test that we DO send a
51// fraudulent certicate report in this case.
52static SSLInfo GetGoodSSLInfo() {
53  SSLInfo info;
54
55  info.cert = net::ImportCertFromFile(net::GetTestCertsDirectory(),
56                                      "test_mail_google_com.pem");
57  info.is_issued_by_known_root = true;
58
59  return info;
60}
61
62// Checks that |info| is good as required by the SSL checks performed in
63// URLRequestHttpJob::OnStartCompleted, which are enough to trigger pin
64// checking but not sufficient to pass
65// DomainState::IsChainOfPublicKeysPermitted.
66static bool IsGoodSSLInfo(const SSLInfo& info) {
67  return info.is_valid() && info.is_issued_by_known_root;
68}
69
70class TestReporter : public ChromeFraudulentCertificateReporter {
71 public:
72  explicit TestReporter(net::URLRequestContext* request_context)
73      : ChromeFraudulentCertificateReporter(request_context) {}
74};
75
76class SendingTestReporter : public TestReporter {
77 public:
78  explicit SendingTestReporter(net::URLRequestContext* request_context)
79      : TestReporter(request_context), passed_(false) {}
80
81  // Passes if invoked with a good SSLInfo and for a hostname that is a Google
82  // pinned property.
83  virtual void SendReport(const std::string& hostname,
84                          const SSLInfo& ssl_info,
85                          bool sni_available) OVERRIDE {
86    EXPECT_TRUE(IsGoodSSLInfo(ssl_info));
87    EXPECT_TRUE(net::TransportSecurityState::IsGooglePinnedProperty(
88        hostname, sni_available));
89    passed_ = true;
90  }
91
92  virtual ~SendingTestReporter() {
93    // If the object is destroyed without having its SendReport method invoked,
94    // we failed.
95    EXPECT_TRUE(passed_);
96  }
97
98  bool passed_;
99};
100
101class NotSendingTestReporter : public TestReporter {
102 public:
103  explicit NotSendingTestReporter(net::URLRequestContext* request_context)
104      : TestReporter(request_context) {}
105
106  // Passes if invoked with a bad SSLInfo and for a hostname that is not a
107  // Google pinned property.
108  virtual void SendReport(const std::string& hostname,
109                          const SSLInfo& ssl_info,
110                          bool sni_available) OVERRIDE {
111    EXPECT_FALSE(IsGoodSSLInfo(ssl_info));
112    EXPECT_FALSE(net::TransportSecurityState::IsGooglePinnedProperty(
113        hostname, sni_available));
114  }
115};
116
117// For the first version of the feature, sending reports is "fire and forget".
118// Therefore, we test only that the Reporter tried to send a request at all.
119// In the future, when we have more sophisticated (i.e., any) error handling
120// and re-tries, we will need more sopisticated tests as well.
121//
122// This class doesn't do anything now, but in near future versions it will.
123class MockURLRequest : public net::URLRequest {
124 public:
125  explicit MockURLRequest(net::URLRequestContext* context)
126      : net::URLRequest(GURL(std::string()), NULL, context) {}
127
128 private:
129};
130
131// A ChromeFraudulentCertificateReporter that uses a MockURLRequest, but is
132// otherwise normal: reports are constructed and sent in the usual way.
133class MockReporter : public ChromeFraudulentCertificateReporter {
134 public:
135  explicit MockReporter(net::URLRequestContext* request_context)
136    : ChromeFraudulentCertificateReporter(request_context) {}
137
138  virtual net::URLRequest* CreateURLRequest(
139      net::URLRequestContext* context) OVERRIDE {
140    return new MockURLRequest(context);
141  }
142
143  virtual void SendReport(
144      const std::string& hostname,
145      const net::SSLInfo& ssl_info,
146      bool sni_available) OVERRIDE {
147    DCHECK(!hostname.empty());
148    DCHECK(ssl_info.is_valid());
149    ChromeFraudulentCertificateReporter::SendReport(hostname, ssl_info,
150                                                    sni_available);
151  }
152};
153
154static void DoReportIsSent() {
155  ChromeURLRequestContext context(ChromeURLRequestContext::CONTEXT_TYPE_MAIN,
156                                  NULL);
157  SendingTestReporter reporter(&context);
158  SSLInfo info = GetGoodSSLInfo();
159  reporter.SendReport("mail.google.com", info, true);
160}
161
162static void DoReportIsNotSent() {
163  ChromeURLRequestContext context(ChromeURLRequestContext::CONTEXT_TYPE_MAIN,
164                                  NULL);
165  NotSendingTestReporter reporter(&context);
166  SSLInfo info = GetBadSSLInfo();
167  reporter.SendReport("www.example.com", info, true);
168}
169
170static void DoMockReportIsSent() {
171  ChromeURLRequestContext context(ChromeURLRequestContext::CONTEXT_TYPE_MAIN,
172                                  NULL);
173  MockReporter reporter(&context);
174  SSLInfo info = GetGoodSSLInfo();
175  reporter.SendReport("mail.google.com", info, true);
176}
177
178TEST(ChromeFraudulentCertificateReporterTest, GoodBadInfo) {
179  SSLInfo good = GetGoodSSLInfo();
180  EXPECT_TRUE(IsGoodSSLInfo(good));
181
182  SSLInfo bad = GetBadSSLInfo();
183  EXPECT_FALSE(IsGoodSSLInfo(bad));
184}
185
186TEST(ChromeFraudulentCertificateReporterTest, ReportIsSent) {
187  base::MessageLoop loop(base::MessageLoop::TYPE_IO);
188  content::TestBrowserThread io_thread(BrowserThread::IO, &loop);
189  loop.PostTask(FROM_HERE, base::Bind(&DoReportIsSent));
190  loop.RunUntilIdle();
191}
192
193TEST(ChromeFraudulentCertificateReporterTest, MockReportIsSent) {
194  base::MessageLoop loop(base::MessageLoop::TYPE_IO);
195  content::TestBrowserThread io_thread(BrowserThread::IO, &loop);
196  loop.PostTask(FROM_HERE, base::Bind(&DoMockReportIsSent));
197  loop.RunUntilIdle();
198}
199
200TEST(ChromeFraudulentCertificateReporterTest, ReportIsNotSent) {
201  base::MessageLoop loop(base::MessageLoop::TYPE_IO);
202  content::TestBrowserThread io_thread(BrowserThread::IO, &loop);
203  loop.PostTask(FROM_HERE, base::Bind(&DoReportIsNotSent));
204  loop.RunUntilIdle();
205}
206
207}  // namespace chrome_browser_net
208