chromium/chrome/browser/component_updater/pki_metadata_component_installer_unittest.cc

// Copyright 2022 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifdef UNSAFE_BUFFERS_BUILD
// TODO(crbug.com/40285824): Remove this and convert code to safer constructs.
#pragma allow_unsafe_buffers
#endif

#include "chrome/browser/component_updater/pki_metadata_component_installer.h"

#include "base/base64.h"
#include "base/files/file_path.h"
#include "base/files/file_util.h"
#include "base/files/scoped_temp_dir.h"
#include "base/test/scoped_feature_list.h"
#include "chrome/browser/browser_features.h"
#include "chrome/browser/net/key_pinning.pb.h"
#include "components/certificate_transparency/certificate_transparency_config.pb.h"
#include "components/component_updater/component_installer.h"
#include "components/component_updater/mock_component_updater_service.h"
#include "content/public/browser/network_service_instance.h"
#include "content/public/test/browser_task_environment.h"
#include "net/base/features.h"
#include "net/cert/cert_verify_proc.h"
#include "net/http/transport_security_state.h"
#include "net/net_buildflags.h"
#include "services/cert_verifier/cert_verifier_service_factory.h"
#include "services/network/network_service.h"
#include "services/network/public/cpp/network_service_buildflags.h"
#include "services/network/public/mojom/ct_log_info.mojom.h"
#include "services/network/sct_auditing/sct_auditing_cache.h"
#include "testing/gmock/include/gmock/gmock.h"
#include "testing/gtest/include/gtest/gtest.h"
#include "third_party/protobuf/src/google/protobuf/repeated_field.h"

namespace component_updater {

namespace {
// An arbitrary, DER-encoded subjectpublickeyinfo encoded as BASE64.
const char kLogSPKIBase64[] = …;
const char kLogIdBase64[] = …;
constexpr uint64_t kLogMMDSeconds = …;
const char kLogURL[] = …;
const char kLogName[] = …;
const char kLogOperatorName[] = …;
const char kLogOperatorEmail[] = …;
constexpr base::TimeDelta kCurrentOperatorStart = …;
const char kPreviousOperator1Name[] = …;
constexpr base::TimeDelta kPreviousOperator1Start = …;
const char kPreviousOperator2Name[] = …;
constexpr base::TimeDelta kPreviousOperator2Start = …;
const char kGoogleLogName[] = …;
const char kGoogleLogOperatorName[] = …;
constexpr base::TimeDelta kGoogleLogDisqualificationDate = …;

// BASE64 encoded fake leaf hashes.
const char kPopularSCT1[] = …;
const char kPopularSCT2[] = …;

// Constants for test pinset.
const char kPinsetName[] = …;
const char kPinsetHostName[] = …;
const bool kPinsetIncludeSubdomains = …;

// SHA256 SPKI hashes.
const std::vector<uint8_t> kSpkiHash1 = …;
const std::vector<uint8_t> kSpkiHash2 = …;

constexpr uint64_t kMaxSupportedCTCompatibilityVersion = …;
constexpr uint64_t kMaxSupportedKPCompatibilityVersion = …;

}  // namespace

class PKIMetadataComponentInstallerTest : public testing::Test { … };

TEST_F(PKIMetadataComponentInstallerTest, TestProtoBytesConversion) { … }

// Tests that the installation is verified iff the component install directory
// exists.
TEST_F(PKIMetadataComponentInstallerTest, VerifyInstallation) { … }

// Tests that the PKI Metadata component is registered if the features are
// enabled.
TEST_F(PKIMetadataComponentInstallerTest, RegisterComponent) { … }

// Tests that setting the CT enforcement kill switch successfully disables CT
// enforcement.
TEST_F(PKIMetadataComponentInstallerTest, CTEnforcementKillSwitch) { … }

// Tests that installing the component updates the key pinning configuration in
// the network service.
TEST_F(PKIMetadataComponentInstallerTest,
       InstallComponentUpdatesPinningConfig) { … }

// Tests that installing the PKI Metadata component bails out if the KP proto is
// invalid.
TEST_F(PKIMetadataComponentInstallerTest, InstallComponentInvalidKPProto) { … }

// Tests that installing the PKI Metadata component does not update the pinning
// list if its compatibility version exceeds the value supported.
TEST_F(PKIMetadataComponentInstallerTest,
       InstallComponentIncompatibleKPVersion) { … }

#if BUILDFLAG(IS_CT_SUPPORTED)
// Tests that installing the PKI Metadata component updates the CT configuration
// in the network service.
TEST_F(PKIMetadataComponentInstallerTest, InstallComponentUpdatesCTConfig) { … }

// Tests that installing the PKI Metadata component bails out if the CT proto is
// invalid.
TEST_F(PKIMetadataComponentInstallerTest, InstallComponentInvalidCTProto) { … }

// Tests that installing the PKI Metadata component does not update the CT log
// list if its compatibility version exceeds the value supported.
TEST_F(PKIMetadataComponentInstallerTest,
       InstallComponentIncompatibleCTVersion) { … }

// Tests that calling |ReconfigureAfterNetworkRestart| is a no-op if the
// component has not been installed.
TEST_F(PKIMetadataComponentInstallerTest, ReconfigureWhenNotInstalled) { … }
#endif  // BUILDFLAG(IS_CT_SUPPORTED)

class PKIMetadataComponentInstallerDisabledTest
    : public PKIMetadataComponentInstallerTest { … };

// Tests that the PKI Metadata component does not get registered if both the CT
// component updater and KP component updater features are disabled.
TEST_F(PKIMetadataComponentInstallerDisabledTest,
       MaybeDoNotRegisterIfFeatureDisabled) { … }

}  // namespace component_updater