// Copyright 2021 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "services/network/sct_auditing/sct_auditing_handler.h" #include <memory> #include <string_view> #include "base/base64.h" #include "base/feature_list.h" #include "base/files/file_util.h" #include "base/files/scoped_temp_dir.h" #include "base/test/bind.h" #include "base/test/metrics/histogram_tester.h" #include "base/test/task_environment.h" #include "mojo/public/cpp/bindings/remote.h" #include "net/base/hash_value.h" #include "net/cert/ct_serialization.h" #include "net/cert/merkle_tree_leaf.h" #include "net/cert/sct_status_flags.h" #include "net/test/cert_test_util.h" #include "net/test/test_data_directory.h" #include "net/traffic_annotation/network_traffic_annotation.h" #include "net/traffic_annotation/network_traffic_annotation_test_helper.h" #include "services/network/network_context.h" #include "services/network/network_service.h" #include "services/network/public/cpp/resource_request.h" #include "services/network/public/proto/sct_audit_report.pb.h" #include "services/network/sct_auditing/sct_auditing_cache.h" #include "services/network/sct_auditing/sct_auditing_reporter.h" #include "services/network/test/fake_test_cert_verifier_params_factory.h" #include "services/network/test/test_network_context_client.h" #include "services/network/test/test_url_loader_factory.h" #include "services/network/test/test_utils.h" #include "services/network/url_loader_factory.h" #include "testing/gtest/include/gtest/gtest.h" #include "third_party/abseil-cpp/absl/utility/utility.h" namespace network { namespace { // The particular value of the log ID doesn't matter; it just has to be the // correct length. constexpr uint8_t kTestLogId[] = …; const std::string kTestLogIdAsString(reinterpret_cast<const char*>(kTestLogId), sizeof(kTestLogId)); constexpr base::TimeDelta kTestLogMMD = …; constexpr base::TimeDelta kTestHWMPeriod = …; class SCTAuditingHandlerTest : public testing::Test { … }; // Constructs a net::SignedCertificateTimestampAndStatus with the given // information and appends it to |sct_list|. void MakeTestSCTAndStatus( net::ct::SignedCertificateTimestamp::Origin origin, const std::string& extensions, const std::string& signature_data, const base::Time& timestamp, net::ct::SCTVerifyStatus status, net::SignedCertificateTimestampAndStatusList* sct_list) { … } // Tests that if reporting is disabled, reports are not created. TEST_F(SCTAuditingHandlerTest, DisableReporting) { … } // Tests that when a new report is sampled, it will be sent to the server. // TODO(cthomp): Allow tracking success/failure of the report being sent. One // way would be to have OnSuccess/OnError handlers installed on the handler. TEST_F(SCTAuditingHandlerTest, ReportsSentWithServerOK) { … } // Tests when the report server returns an HTTP error code. TEST_F(SCTAuditingHandlerTest, ReportSentWithServerError) { … } // Connections that have a mix of valid and invalid SCTs should only include the // valid SCTs in the report. TEST_F(SCTAuditingHandlerTest, ReportsOnlyIncludesValidSCTs) { … } // If operating on hashdance mode, calculate and store the SCT leaf hash and // append log metadata. TEST_F(SCTAuditingHandlerTest, PopulateSCTMetadataOnHashdanceMode) { … } // If operating on hashdance mode, do not report popular SCTs. TEST_F(SCTAuditingHandlerTest, DoNotReportPopularSCT) { … } // Tests a single retry. The server initially returns an error, but then returns // OK the second try. TEST_F(SCTAuditingHandlerTest, ReportSucceedsOnSecondTry) { … } // Tests that after max_tries, the reporter stops and is deleted. TEST_F(SCTAuditingHandlerTest, ExhaustAllRetriesShouldDeleteReporter) { … } // Tests that report completion metrics are correctly recorded when a report // succeeds on the first try. TEST_F(SCTAuditingHandlerTest, RetriesEnabledSucceedFirstTryMetrics) { … } TEST_F(SCTAuditingHandlerTest, ReportHighWaterMarkMetrics) { … } // If a report doesn't have any valid SCTs, it should not get sent at all. TEST_F(SCTAuditingHandlerTest, ReportNotGeneratedIfNoValidSCTs) { … } // Test that when the SCTAuditingHandler is created without a persistence path // (e.g., as happens for ephemeral profiles), no file writer is created. TEST_F(SCTAuditingHandlerTest, HandlerWithoutPersistencePath) { … } // Test that when the SCTAuditingHandler is created with a valid persistence // path, then pending reports get stored to disk. TEST_F(SCTAuditingHandlerTest, HandlerWithPersistencePath) { … } // Tests that serializing reports and then deserializing them results in the // same data. TEST_F(SCTAuditingHandlerTest, DataRoundTrip) { … } // Test that deserializing bad data shouldn't result in any reporters being // created. TEST_F(SCTAuditingHandlerTest, DeserializeBadData) { … } // Test that a handler loads valid persisted data from disk and creates pending // reporters for each entry. TEST_F(SCTAuditingHandlerTest, HandlerWithExistingPersistedData) { … } // Test that scheduling a retry causes the failure count to increment in // persisted storage. TEST_F(SCTAuditingHandlerTest, RetryUpdatesPersistedBackoffEntry) { … } // Test that retries carry over correctly. Specifically, a persisted entry with // 14 retries already (one less than kMaxRetries), if after being loaded from // persisted storage tries and fails once more, should get deleted. TEST_F(SCTAuditingHandlerTest, RestoringMaxRetries) { … } // Regression test for crbug.com/134432. For hashdance clients, when log list is // empty the handler should just gracefully drop the report instead of crashing, // and log a histogram for this case. TEST_F(SCTAuditingHandlerTest, LogNotFound) { … } // Regression test for crbug.com/1344881 // Writes a pre-existing persisted reporter, starts up the SCTAuditingHandler, // waits for the Reporter to be created from the persisted data, and then // clears the pending reporters. (Prior to the fix for crbug.com/1344881, it was // possible for the ImportantFileWriter `after_write_callback` to run on the // background sequence in some circumstances, causing thread safety violations // when dereferencing the WeakPtr. This test explicitly covers the case where // the `after_write_callback` code path is exercised.) TEST_F(SCTAuditingHandlerTest, ClearPendingReports) { … } // Test that the "counted_towards_report_limit" flag is correctly reapplied when // deserialize a persisted reporter. See crbug.com/1348313. TEST_F(SCTAuditingHandlerTest, PersistedDataWithReportAlreadyCounted) { … } // Test that when a persisted reporter is deserialized that does not have the // "counted_towards_report_limit" flag set, it gets defaulted to `false` in the // newly created SCTAuditingReporter. (This covers the case for existing // serialized data from versions before the flag was added.) // See crbug.com/1348313. TEST_F(SCTAuditingHandlerTest, PersistedDataWithoutReportAlreadyCounted) { … } } // namespace } // namespace network
Codebase Browser
chromium