1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "chrome/browser/net/chrome_fraudulent_certificate_reporter.h"
6
7#include <string>
8
9#include "base/bind.h"
10#include "base/files/file_path.h"
11#include "base/memory/scoped_ptr.h"
12#include "base/message_loop/message_loop.h"
13#include "base/synchronization/waitable_event.h"
14#include "base/threading/thread.h"
15#include "content/public/test/test_browser_thread.h"
16#include "net/base/request_priority.h"
17#include "net/base/test_data_directory.h"
18#include "net/cert/x509_certificate.h"
19#include "net/http/transport_security_state.h"
20#include "net/ssl/ssl_info.h"
21#include "net/test/cert_test_util.h"
22#include "net/url_request/fraudulent_certificate_reporter.h"
23#include "net/url_request/url_request.h"
24#include "net/url_request/url_request_context.h"
25#include "net/url_request/url_request_test_util.h"
26#include "testing/gtest/include/gtest/gtest.h"
27
28using content::BrowserThread;
29using net::SSLInfo;
30
31namespace chrome_browser_net {
32
33// Builds an SSLInfo from an invalid cert chain. In this case, the cert is
34// expired; what matters is that the cert would not pass even a normal
35// sanity check. We test that we DO NOT send a fraudulent certificate report
36// in this case.
37static SSLInfo GetBadSSLInfo() {
38  SSLInfo info;
39
40  info.cert = net::ImportCertFromFile(net::GetTestCertsDirectory(),
41                                      "expired_cert.pem");
42  info.cert_status = net::CERT_STATUS_DATE_INVALID;
43  info.is_issued_by_known_root = false;
44
45  return info;
46}
47
48// Builds an SSLInfo from a "good" cert chain, as defined by IsGoodSSLInfo,
49// but which does not pass DomainState::IsChainOfPublicKeysPermitted. In this
50// case, the certificate is for mail.google.com, signed by our Chrome test
51// CA. During testing, Chrome believes this CA is part of the root system
52// store. But, this CA is not in the pin list; we test that we DO send a
53// fraudulent certicate report in this case.
54static SSLInfo GetGoodSSLInfo() {
55  SSLInfo info;
56
57  info.cert = net::ImportCertFromFile(net::GetTestCertsDirectory(),
58                                      "test_mail_google_com.pem");
59  info.is_issued_by_known_root = true;
60
61  return info;
62}
63
64// Checks that |info| is good as required by the SSL checks performed in
65// URLRequestHttpJob::OnStartCompleted, which are enough to trigger pin
66// checking but not sufficient to pass
67// DomainState::IsChainOfPublicKeysPermitted.
68static bool IsGoodSSLInfo(const SSLInfo& info) {
69  return info.is_valid() && info.is_issued_by_known_root;
70}
71
72class TestReporter : public ChromeFraudulentCertificateReporter {
73 public:
74  explicit TestReporter(net::URLRequestContext* request_context)
75      : ChromeFraudulentCertificateReporter(request_context) {}
76};
77
78class SendingTestReporter : public TestReporter {
79 public:
80  explicit SendingTestReporter(net::URLRequestContext* request_context)
81      : TestReporter(request_context), passed_(false) {}
82
83  // Passes if invoked with a good SSLInfo and for a hostname that is a Google
84  // pinned property.
85  virtual void SendReport(const std::string& hostname,
86                          const SSLInfo& ssl_info) OVERRIDE {
87    EXPECT_TRUE(IsGoodSSLInfo(ssl_info));
88    EXPECT_TRUE(net::TransportSecurityState::IsGooglePinnedProperty(hostname));
89    passed_ = true;
90  }
91
92  virtual ~SendingTestReporter() {
93    // If the object is destroyed without having its SendReport method invoked,
94    // we failed.
95    EXPECT_TRUE(passed_);
96  }
97
98  bool passed_;
99};
100
101class NotSendingTestReporter : public TestReporter {
102 public:
103  explicit NotSendingTestReporter(net::URLRequestContext* request_context)
104      : TestReporter(request_context) {}
105
106  // Passes if invoked with a bad SSLInfo and for a hostname that is not a
107  // Google pinned property.
108  virtual void SendReport(const std::string& hostname,
109                          const SSLInfo& ssl_info) OVERRIDE {
110    EXPECT_FALSE(IsGoodSSLInfo(ssl_info));
111    EXPECT_FALSE(net::TransportSecurityState::IsGooglePinnedProperty(hostname));
112  }
113};
114
115// A ChromeFraudulentCertificateReporter that uses a MockURLRequest, but is
116// otherwise normal: reports are constructed and sent in the usual way.
117class MockReporter : public ChromeFraudulentCertificateReporter {
118 public:
119  explicit MockReporter(net::URLRequestContext* request_context)
120    : ChromeFraudulentCertificateReporter(request_context) {}
121
122  virtual scoped_ptr<net::URLRequest> CreateURLRequest(
123      net::URLRequestContext* context) OVERRIDE {
124    return context->CreateRequest(GURL(std::string()),
125                                  net::DEFAULT_PRIORITY,
126                                  NULL,
127                                  NULL);
128  }
129
130  virtual void SendReport(
131      const std::string& hostname,
132      const net::SSLInfo& ssl_info) OVERRIDE {
133    DCHECK(!hostname.empty());
134    DCHECK(ssl_info.is_valid());
135    ChromeFraudulentCertificateReporter::SendReport(hostname, ssl_info);
136  }
137};
138
139static void DoReportIsSent() {
140  net::TestURLRequestContext context;
141  SendingTestReporter reporter(&context);
142  SSLInfo info = GetGoodSSLInfo();
143  reporter.SendReport("mail.google.com", info);
144}
145
146static void DoReportIsNotSent() {
147  net::TestURLRequestContext context;
148  NotSendingTestReporter reporter(&context);
149  SSLInfo info = GetBadSSLInfo();
150  reporter.SendReport("www.example.com", info);
151}
152
153static void DoMockReportIsSent() {
154  net::TestURLRequestContext context;
155  MockReporter reporter(&context);
156  SSLInfo info = GetGoodSSLInfo();
157  reporter.SendReport("mail.google.com", info);
158}
159
160TEST(ChromeFraudulentCertificateReporterTest, GoodBadInfo) {
161  SSLInfo good = GetGoodSSLInfo();
162  EXPECT_TRUE(IsGoodSSLInfo(good));
163
164  SSLInfo bad = GetBadSSLInfo();
165  EXPECT_FALSE(IsGoodSSLInfo(bad));
166}
167
168TEST(ChromeFraudulentCertificateReporterTest, ReportIsSent) {
169  base::MessageLoopForIO loop;
170  content::TestBrowserThread io_thread(BrowserThread::IO, &loop);
171  loop.PostTask(FROM_HERE, base::Bind(&DoReportIsSent));
172  loop.RunUntilIdle();
173}
174
175TEST(ChromeFraudulentCertificateReporterTest, MockReportIsSent) {
176  base::MessageLoopForIO loop;
177  content::TestBrowserThread io_thread(BrowserThread::IO, &loop);
178  loop.PostTask(FROM_HERE, base::Bind(&DoMockReportIsSent));
179  loop.RunUntilIdle();
180}
181
182TEST(ChromeFraudulentCertificateReporterTest, ReportIsNotSent) {
183  base::MessageLoopForIO loop;
184  content::TestBrowserThread io_thread(BrowserThread::IO, &loop);
185  loop.PostTask(FROM_HERE, base::Bind(&DoReportIsNotSent));
186  loop.RunUntilIdle();
187}
188
189}  // namespace chrome_browser_net
190