// Copyright 2020 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "components/trusted_vault/download_keys_response_handler.h" #include <vector> #include "base/strings/string_number_conversions.h" #include "components/trusted_vault/proto/vault.pb.h" #include "components/trusted_vault/proto_string_bytes_conversion.h" #include "components/trusted_vault/securebox.h" #include "components/trusted_vault/trusted_vault_connection.h" #include "components/trusted_vault/trusted_vault_crypto.h" #include "components/trusted_vault/trusted_vault_server_constants.h" #include "testing/gmock/include/gmock/gmock.h" #include "testing/gtest/include/gtest/gtest.h" namespace trusted_vault { namespace { ElementsAre; Eq; IsEmpty; const char kEncodedPrivateKey[] = …; std::unique_ptr<SecureBoxKeyPair> MakeTestKeyPair() { … } void AddSecurityDomainMembership( const std::string security_domain_path, const SecureBoxPublicKey& member_public_key, const std::vector<std::vector<uint8_t>>& trusted_vault_keys, const std::vector<int>& trusted_vault_keys_versions, const std::vector<std::vector<uint8_t>>& signing_keys, trusted_vault_pb::SecurityDomainMember* member) { … } std::string CreateGetSecurityDomainMemberResponseWithSyncMembership( const std::vector<std::vector<uint8_t>>& trusted_vault_keys, const std::vector<int>& trusted_vault_keys_versions, const std::vector<std::vector<uint8_t>>& signing_keys) { … } class DownloadKeysResponseHandlerTest : public testing::Test { … }; // All HttpStatuses except kSuccess should end up in kOtherError, kNetworkError // or kMemberNotFound reporting. TEST_F(DownloadKeysResponseHandlerTest, ShouldHandleHttpErrors) { … } // Simplest legitimate case of key rotation, server side state corresponds to // kKnownTrustedVaultKey -> kTrustedVaultKey1 key chain. TEST_F(DownloadKeysResponseHandlerTest, ShouldHandleSingleKeyRotation) { … } // Multiple key rotations may happen while client is offline, server-side key // chain is kKnownTrustedVaultKey -> kTrustedVaultKey1 -> kTrustedVaultKey2. TEST_F(DownloadKeysResponseHandlerTest, ShouldHandleMultipleKeyRotations) { … } // Server can already clean-up kKnownTrustedVaultKey, but it might still be // possible to validate the key-chain. // Full key chain is: kKnownTrustedVaultKey -> kTrustedVaultKey1 -> // kTrustedVaultKey2. // Server-side key chain is: kTrustedVaultKey1 -> kTrustedVaultKey2. TEST_F(DownloadKeysResponseHandlerTest, ShouldHandleAbsenseOfKnownKeyWhenKeyChainIsRecoverable) { … } // Server can already clean-up kKnownTrustedVaultKey and the following key. In // this case client state is not sufficient to silently download keys and // kKeyProofsVerificationFailed should be reported. // Possible full key chain is: kKnownTrustedVaultKey -> kTrustedVaultKey1 -> // kTrustedVaultKey2 -> kTrustedVaultKey3. // Server side key chain is: kTrustedVaultKey2 -> kTrustedVaultKey3. TEST_F(DownloadKeysResponseHandlerTest, ShouldHandleAbsenseOfKnownKeyWhenKeyChainIsNotRecoverable) { … } // The test populates undecryptable/corrupted |wrapped_key| field, handler // should return kMembershipCorrupted to allow client to restore the member by // re-registration. TEST_F(DownloadKeysResponseHandlerTest, ShouldHandleUndecryptableKey) { … } // The test populates invalid |rotation_proof| field for the single key // rotation. kTrustedVaultKey1 is expected to be signed with // kKnownTrustedVaultKey, but instead it's signed with kTrustedVaultKey2. TEST_F(DownloadKeysResponseHandlerTest, ShouldHandleInvalidKeyProofOnSingleKeyRotation) { … } // The test populates invalid |rotation_proof| field for intermediate key when // multiple key rotations have happened. // kTrustedVaultKey1 is expected to be signed with kKnownTrustedVaultKey, but // instead it's signed with kTrustedVaultKey2. TEST_F(DownloadKeysResponseHandlerTest, ShouldHandleInvalidKeyProofOnMultipleKeyRotations) { … } // In this scenario client already has most recent trusted vault key. TEST_F(DownloadKeysResponseHandlerTest, ShouldHandleAbsenseOfNewKeys) { … } // Tests handling the situation, when response isn't a valid serialized // SecurityDomainMemberProto proto. TEST_F(DownloadKeysResponseHandlerTest, ShouldHandleCorruptedResponseProto) { … } // Client expects that the sync security domain membership exists, but the // response indicates it doesn't by having no memberships. TEST_F(DownloadKeysResponseHandlerTest, ShouldHandleAbsenseOfMemberships) { … } // Same as above, but there is a different security domain membership. TEST_F(DownloadKeysResponseHandlerTest, ShouldHandleAbsenseOfSyncMembership) { … } TEST_F(DownloadKeysResponseHandlerTest, ShouldHandleEmptyMembership) { … } TEST_F(DownloadKeysResponseHandlerTest, ShouldHandleAllSecurityDomains) { … } // Tests handling presence of other security domain memberships. TEST_F(DownloadKeysResponseHandlerTest, ShouldHandleMultipleSecurityDomains) { … } } // namespace } // namespace trusted_vault
Codebase Browser
chromium