// Copyright 2020 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "services/network/trust_tokens/trust_token_request_redemption_helper.h" #include <memory> #include "base/functional/callback.h" #include "base/no_destructor.h" #include "base/strings/stringprintf.h" #include "base/test/metrics/histogram_tester.h" #include "base/test/task_environment.h" #include "net/base/load_flags.h" #include "net/base/request_priority.h" #include "net/http/http_response_headers.h" #include "net/traffic_annotation/network_traffic_annotation_test_helper.h" #include "net/url_request/url_request.h" #include "net/url_request/url_request_test_util.h" #include "services/network/public/cpp/trust_token_http_headers.h" #include "services/network/public/cpp/trust_token_parameterization.h" #include "services/network/public/mojom/url_response_head.mojom.h" #include "services/network/test/trust_token_test_util.h" #include "services/network/trust_tokens/proto/public.pb.h" #include "services/network/trust_tokens/trust_token_key_commitment_getter.h" #include "services/network/trust_tokens/trust_token_parameterization.h" #include "services/network/trust_tokens/trust_token_store.h" #include "services/network/trust_tokens/types.h" #include "testing/gmock/include/gmock/gmock.h" #include "testing/gtest/include/gtest/gtest.h" namespace network { namespace { _; Optional; Property; Return; class TrustTokenRequestRedemptionHelperTest : public TrustTokenRequestHelperTest { … }; // FixedKeyCommitmentGetter returns the provided commitment result when // |Get| is called by the tested code. class FixedKeyCommitmentGetter : public TrustTokenKeyCommitmentGetter { … }; base::NoDestructor<FixedKeyCommitmentGetter> g_fixed_key_commitment_getter{ … }; // MockCryptographer mocks out the cryptographic operations // underlying Trust Tokens redemption. class MockCryptographer : public TrustTokenRequestRedemptionHelper::Cryptographer { … }; } // namespace // Check that redemption fails if it would result in too many issuers being // configured for the redemption top-level origin. TEST_F(TrustTokenRequestRedemptionHelperTest, RejectsIfTooManyIssuers) { … } // Check that redemption fails if its key commitment request fails. TEST_F(TrustTokenRequestRedemptionHelperTest, RejectsIfKeyCommitmentFails) { … } // Check that redemption fails with kResourceExhausted if there are no trust // tokens stored for the (issuer, top-level origin) pair. TEST_F(TrustTokenRequestRedemptionHelperTest, RejectsIfNoTokensToRedeem) { … } // Check that redemption fails with kInternalError if there's an error during // initializing the cryptography delegate. TEST_F(TrustTokenRequestRedemptionHelperTest, RejectsIfInitializingCryptographerFails) { … } // Check that redemption fails with kInternalError if there's an error during // encoding of the request header. TEST_F(TrustTokenRequestRedemptionHelperTest, RejectsIfAddingRequestHeaderFails) { … } namespace { class TrustTokenBeginRedemptionPostconditionsTest : public TrustTokenRequestRedemptionHelperTest { … }; } // namespace // Check that the redemption helper sets the Sec-Private-State-Token and // Sec-Private-State-Token-Crypto-Version headers on the outgoing request. TEST_F(TrustTokenBeginRedemptionPostconditionsTest, SetsHeaders) { … } class TrustTokenBeginRedemptionPostconditionsTestWithMetrics : public TrustTokenBeginRedemptionPostconditionsTest { … }; TEST_F(TrustTokenBeginRedemptionPostconditionsTestWithMetrics, RecordsNonemptyRequestHistogram) { … } TEST_F(TrustTokenRequestRedemptionHelperTest, RecordsEmptyRequestHistogram) { … } // Check that the redemption helper rejects responses lacking the // Sec-Private-State-Token response header. TEST_F(TrustTokenRequestRedemptionHelperTest, RejectsIfResponseOmitsHeader) { … } // Check that the redemption helper handles a redemption response rejected by // the underlying cryptographic library. TEST_F(TrustTokenRequestRedemptionHelperTest, RejectsIfResponseIsUnusable) { … } // Check that, when preconditions are met and the underlying cryptographic steps // successfully complete, the begin/finalize methods succeed. TEST_F(TrustTokenRequestRedemptionHelperTest, Success) { … } // Check that a successful Begin call associates the issuer with the redemption // toplevel origin. TEST_F(TrustTokenRequestRedemptionHelperTest, AssociatesIssuerWithToplevel) { … } // Negative lifetime should be ignored. TEST_F(TrustTokenRequestRedemptionHelperTest, NegativeLifetime) { … } // Nonnumeric lifetime should be ignored. TEST_F(TrustTokenRequestRedemptionHelperTest, NonnumericLifetime) { … } // Check that a successful end-to-end Begin/Finalize flow stores the obtained // redemption record (and associated key pair) in the trust token store. TEST_F(TrustTokenRequestRedemptionHelperTest, StoresObtainedRedemptionRecord) { … } // On a redemption operation parameterized by kUseCachedRr, if there's an RR // present in the store for the given issuer-toplevel pair, the request should // return early with kAlreadyExists. TEST_F(TrustTokenRequestRedemptionHelperTest, RedemptionRecordCacheHit) { … } // Check that a successful end-to-end Begin/Finalize flow with kRefresh // overwrites the previously stored redemption record (and associated key pair) // in the trust token store. TEST_F(TrustTokenRequestRedemptionHelperTest, SuccessUsingRefreshRrOverwritesStoredRr) { … } TEST_F(TrustTokenRequestRedemptionHelperTest, RejectsUnsuitableInsecureIssuer) { … } TEST_F(TrustTokenRequestRedemptionHelperTest, RejectsUnsuitableNonHttpNonHttpsIssuer) { … } TEST_F(TrustTokenRequestRedemptionHelperTest, BadCustomKeys) { … } // Check that, when preconditions are met and the underlying cryptographic steps // successfully complete, the begin/finalize methods with custom key commitments // succeed. TEST_F(TrustTokenRequestRedemptionHelperTest, CustomKeysSuccess) { … } TEST_F(TrustTokenRequestRedemptionHelperTest, BadCustomIssuer) { … } // Check that, when preconditions are met and the underlying cryptographic steps // successfully complete, the begin/finalize methods with custom key commitments // succeed. TEST_F(TrustTokenRequestRedemptionHelperTest, CustomIssuerSuccess) { … } TEST_F(TrustTokenRequestRedemptionHelperTest, LimitThirdRedemptionAllowFourth) { … } TEST_F(TrustTokenRequestRedemptionHelperTest, AllowFirstThreeRedemptionsLimitFourth) { … } } // namespace network
Codebase Browser
chromium