// Copyright 2020 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "services/network/trust_tokens/trust_token_request_issuance_helper.h" #include <memory> #include "base/functional/callback.h" #include "base/no_destructor.h" #include "base/strings/stringprintf.h" #include "base/test/bind.h" #include "base/test/metrics/histogram_tester.h" #include "base/test/scoped_feature_list.h" #include "base/test/task_environment.h" #include "build/build_config.h" #include "net/base/load_flags.h" #include "net/base/request_priority.h" #include "net/http/http_response_headers.h" #include "net/traffic_annotation/network_traffic_annotation_test_helper.h" #include "net/url_request/url_request.h" #include "net/url_request/url_request_test_util.h" #include "services/network/public/cpp/features.h" #include "services/network/public/cpp/trust_token_http_headers.h" #include "services/network/public/cpp/trust_token_parameterization.h" #include "services/network/public/mojom/trust_tokens.mojom.h" #include "services/network/public/mojom/url_response_head.mojom.h" #include "services/network/test/trust_token_test_util.h" #include "services/network/trust_tokens/operating_system_matching.h" #include "services/network/trust_tokens/proto/public.pb.h" #include "services/network/trust_tokens/proto/storage.pb.h" #include "services/network/trust_tokens/trust_token_key_commitment_getter.h" #include "services/network/trust_tokens/trust_token_parameterization.h" #include "services/network/trust_tokens/trust_token_store.h" #include "testing/gmock/include/gmock/gmock.h" #include "testing/gtest/include/gtest/gtest.h" #include "url/origin.h" namespace network { namespace { _; ByMove; ElementsAre; Invoke; IsEmpty; Optional; Property; Return; ReturnNull; StrEq; StrictMock; WithArgs; UnblindedTokens; class TrustTokenRequestIssuanceHelperTest : public TrustTokenRequestHelperTest { … }; // FixedKeyCommitmentGetter returns the provided commitment result when // |Get| is called by the tested code. class FixedKeyCommitmentGetter : public TrustTokenKeyCommitmentGetter { … }; base::NoDestructor<FixedKeyCommitmentGetter> g_fixed_key_commitment_getter{ … }; // MockCryptographer mocks out the cryptographic operations underlying Trust // Tokens issuance. class MockCryptographer : public TrustTokenRequestIssuanceHelper::Cryptographer { … }; class MockExpiryDelegate : public TrustTokenStore::RecordExpiryDelegate { … }; class MockTrustTokenPersister : public TrustTokenPersister { … }; class MockTrustTokenStore : public TrustTokenStore { … }; // Returns a key commitment result with reasonable values for all parameters. mojom::TrustTokenKeyCommitmentResultPtr ReasonableKeyCommitmentResult() { … } FixedKeyCommitmentGetter* ReasonableKeyCommitmentGetter() { … } } // namespace // Check that issuance fails if it would result in too many issuers being // configured for the issuance top-level origin. TEST_F(TrustTokenRequestIssuanceHelperTest, RejectsIfTooManyIssuers) { … } // Check that issuance fails if the number of tokens stored for the issuer is // already at capacity. TEST_F(TrustTokenRequestIssuanceHelperTest, RejectsIfAtCapacity) { … } // Check that issuance fails if its key commitment request fails. TEST_F(TrustTokenRequestIssuanceHelperTest, RejectsIfKeyCommitmentFails) { … } // Reject if initializing the cryptography delegate fails. TEST_F(TrustTokenRequestIssuanceHelperTest, RejectsIfInitializingCryptographerFails) { … } // Reject if one of the keys in the commitment is malformed. TEST_F(TrustTokenRequestIssuanceHelperTest, RejectsIfAddingKeyFails) { … } // Reject if there's an error getting blinded, unsigned tokens from BoringSSL. TEST_F(TrustTokenRequestIssuanceHelperTest, RejectsIfGettingBlindedTokensFails) { … } // Check that the issuance helper sets the Sec-Private-State-Token and // Sec-Private-State-Token-Crypto-Version headers on the outgoing request. TEST_F(TrustTokenRequestIssuanceHelperTest, SetsRequestHeaders) { … } // Check that the issuance helper rejects responses lacking the // Sec-Private-State-Token response header. TEST_F(TrustTokenRequestIssuanceHelperTest, RejectsIfResponseOmitsHeader) { … } // Check that the issuance helper correctly handles responses bearing empty // Sec-Private-State-Token headers, which represent "success but no tokens // issued". TEST_F(TrustTokenRequestIssuanceHelperTest, TreatsEmptyHeaderAsSuccess) { … } // Check that the issuance helper handles an issuance response rejected by the // underlying cryptographic library. TEST_F(TrustTokenRequestIssuanceHelperTest, RejectsIfResponseIsUnusable) { … } // Check that, when preconditions are met and the underlying cryptographic steps // successfully complete, the begin/finalize methods succeed. TEST_F(TrustTokenRequestIssuanceHelperTest, Success) { … } // Check that a successful Begin call associates the issuer with the issuance // toplevel origin. TEST_F(TrustTokenRequestIssuanceHelperTest, AssociatesIssuerWithToplevel) { … } // Check that a successful end-to-end Begin/Finalize flow stores the obtained // trust tokens in the trust token store. TEST_F(TrustTokenRequestIssuanceHelperTest, StoresObtainedTokens) { … } // Check that the issuance helper ignores the // Sec-Private-State-Token-Clear-Data header. TEST_F(TrustTokenRequestIssuanceHelperTest, ClearDataHeaderIgnored) { … } TEST_F(TrustTokenRequestIssuanceHelperTest, RejectsUnsuitableInsecureIssuer) { … } TEST_F(TrustTokenRequestIssuanceHelperTest, RejectsUnsuitableNonHttpNonHttpsIssuer) { … } TEST_F(TrustTokenRequestIssuanceHelperTest, RespectsMaximumBatchsize) { … } // Check that attempting to issue with custom key commitments fails if custom // key commitments are invalid. TEST_F(TrustTokenRequestIssuanceHelperTest, BadCustomKeys) { … } // Check that a successful end-to-end Begin/Finalize flow with custom key // commitments stores the obtained trust tokens in the trust token store. TEST_F(TrustTokenRequestIssuanceHelperTest, CustomKeysStoresObtainedTokens) { … } // Check that attempting to issue with custom key commitments fails if custom // key commitments are invalid. TEST_F(TrustTokenRequestIssuanceHelperTest, BadCustomIssuer) { … } // Check that a successful end-to-end Begin/Finalize flow with custom key // commitments stores the obtained trust tokens in the trust token store. TEST_F(TrustTokenRequestIssuanceHelperTest, CustomIssuerStoresObtainedTokens) { … } // Check that the last issuance time is recorded for a given issuer. TEST_F(TrustTokenRequestIssuanceHelperTest, RecordsIssuanceTime) { … } // Check that the issuance time is updated after it is recorded // a second time. TEST_F(TrustTokenRequestIssuanceHelperTest, UpdatesIssuanceTime) { … } } // namespace network
Codebase Browser
chromium