chromium/chrome/browser/web_applications/isolated_web_apps/signed_web_bundle_reader_unittest.cc

// Copyright 2022 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "chrome/browser/web_applications/isolated_web_apps/signed_web_bundle_reader.h"

#include <cstdint>
#include <memory>
#include <string>
#include <vector>

#include "base/containers/span.h"
#include "base/files/file_util.h"
#include "base/files/scoped_temp_dir.h"
#include "base/functional/callback_helpers.h"
#include "base/run_loop.h"
#include "base/task/sequenced_task_runner.h"
#include "base/test/bind.h"
#include "base/test/gmock_expected_support.h"
#include "base/test/metrics/histogram_tester.h"
#include "base/test/repeating_test_future.h"
#include "base/test/test_future.h"
#include "base/types/cxx23_to_underlying.h"
#include "base/types/expected.h"
#include "chrome/browser/web_applications/isolated_web_apps/error/unusable_swbn_file_error.h"
#include "chrome/browser/web_applications/isolated_web_apps/isolated_web_app_trust_checker.h"
#include "chrome/browser/web_applications/isolated_web_apps/iwa_identity_validator.h"
#include "chrome/browser/web_applications/isolated_web_apps/test/test_signed_web_bundle_builder.h"
#include "chrome/browser/web_applications/test/signed_web_bundle_utils.h"
#include "components/web_package/mojom/web_bundle_parser.mojom.h"
#include "components/web_package/signed_web_bundles/ed25519_public_key.h"
#include "components/web_package/signed_web_bundles/signed_web_bundle_id.h"
#include "components/web_package/signed_web_bundles/signed_web_bundle_integrity_block.h"
#include "components/web_package/signed_web_bundles/signed_web_bundle_signature_stack.h"
#include "components/web_package/signed_web_bundles/signed_web_bundle_signature_stack_entry.h"
#include "components/web_package/signed_web_bundles/signed_web_bundle_signature_verifier.h"
#include "components/web_package/test_support/mock_web_bundle_parser_factory.h"
#include "components/web_package/test_support/signed_web_bundles/signature_verifier_test_utils.h"
#include "components/web_package/test_support/signed_web_bundles/web_bundle_signer.h"
#include "content/public/test/browser_task_environment.h"
#include "services/data_decoder/public/cpp/test_support/in_process_data_decoder.h"
#include "services/network/public/cpp/resource_request.h"
#include "testing/gmock/include/gmock/gmock.h"
#include "testing/gtest/include/gtest/gtest.h"
#include "third_party/abseil-cpp/absl/types/variant.h"

namespace web_app {

namespace {

IntegritySignatureErrorForTesting;
IntegrityBlockErrorForTesting;

ErrorIs;
HasValue;
Eq;
IsTrue;
Message;
Property;
UnorderedElementsAre;

VerificationAction;

constexpr std::array<uint8_t, 64> kEd25519Signature = …;

void StartReadingIntegrityBlock(
    SignedWebBundleReader* reader,
    VerificationAction requested_verification_action,
    SignedWebBundleReader::ReadErrorCallback callback,
    web_package::Ed25519PublicKey expected_key) { … }

}  // namespace

class SignedWebBundleReaderWithRealBundlesTest : public testing::Test { … };

// Note that Isolated Web Apps (IWAs) don't support having primary URLs, but the
// reader does, as it can be used for any Signed Web Bundle, even those not
// compatible with IWAs. Also, when baseURL is empty, relative URLs are used.
TEST_F(SignedWebBundleReaderWithRealBundlesTest,
       ReadValidWebBundleWithPrimaryUrlAndRelativeUrls) { … }

TEST_F(SignedWebBundleReaderWithRealBundlesTest, ReadValidResponse) { … }

TEST_F(SignedWebBundleReaderWithRealBundlesTest,
       ReadIntegrityBlockWithInvalidVersion) { … }

TEST_F(SignedWebBundleReaderWithRealBundlesTest,
       ReadIntegrityBlockWithInvalidStructure) { … }

TEST_F(SignedWebBundleReaderWithRealBundlesTest, ReadIntegrityBlockAndAbort) { … }

TEST_F(SignedWebBundleReaderWithRealBundlesTest, Close) { … }

class SignedWebBundleReaderTest : public testing::Test { … };

TEST(SignedWebBundleReaderFileFalureTest, CantOpenFile) { … }

TEST_F(SignedWebBundleReaderTest, ReadValidIntegrityBlockAndMetadata) { … }

TEST_F(SignedWebBundleReaderTest, ReadIntegrityBlockError) { … }

TEST_F(SignedWebBundleReaderTest, ReadIntegrityBlockWithParserCrash) { … }

class SignedWebBundleReaderSignatureVerificationErrorTest
    : public SignedWebBundleReaderTest,
      public ::testing::WithParamInterface<
          web_package::SignedWebBundleSignatureVerifier::Error> { … };

TEST_P(SignedWebBundleReaderSignatureVerificationErrorTest,
       SignatureVerificationError) { … }

INSTANTIATE_TEST_SUITE_P(…);

#if BUILDFLAG(IS_CHROMEOS)

// Test that signatures are not verified when the
// `integrity_block_callback` asks to skip signature verification and
// thus the provided `web_package::SignedWebBundleSignatureVerifier::Error` is
// never triggered.
TEST_F(SignedWebBundleReaderTest,
       ReadIntegrityBlockAndSkipSignatureVerification) {
  base::test::TestFuture<base::expected<void, UnusableSwbnFileError>>
      parse_status_future;
  auto reader = CreateReaderAndInitialize(
      parse_status_future.GetCallback(),
      VerificationAction::ContinueAndSkipSignatureVerification(),
      web_package::SignedWebBundleSignatureVerifier::Error::ForInvalidSignature(
          "invalid signature"));

  parser_factory_->RunIntegrityBlockCallback(integrity_block_.Clone());
  parser_factory_->RunMetadataCallback(integrity_block_->size,
                                       metadata_->Clone());

  auto parse_status = parse_status_future.Take();
  EXPECT_THAT(parse_status, HasValue());
  EXPECT_EQ(reader->GetState(), SignedWebBundleReader::State::kInitialized);
}

#endif  // BUILDFLAG(IS_CHROMEOS)

TEST_F(SignedWebBundleReaderTest, ReadMetadataError) { … }

TEST_F(SignedWebBundleReaderTest, ReadMetadataWithParserCrash) { … }

TEST_F(SignedWebBundleReaderTest, ReadResponse) { … }

TEST_F(SignedWebBundleReaderTest, ReadResponseWithFragment) { … }

TEST_F(SignedWebBundleReaderTest, ReadNonExistingResponseWithPath) { … }

TEST_F(SignedWebBundleReaderTest, ReadNonExistingResponseWithQuery) { … }

TEST_F(SignedWebBundleReaderTest, ReadResponseError) { … }

TEST_F(SignedWebBundleReaderTest, ReadResponseWithParserDisconnect) { … }


TEST_F(SignedWebBundleReaderTest, ReadResponseWithParserCrash) { … }

TEST_F(SignedWebBundleReaderTest, ReadResponseBody) { … }

TEST_F(SignedWebBundleReaderTest, CloseWhileReadingResponseBody) { … }

TEST_F(SignedWebBundleReaderTest, ResponseBodyEndDoesntFitInUint64) { … }

class SignedWebBundleReaderBaseUrlTest
    : public SignedWebBundleReaderTest,
      public ::testing::WithParamInterface<std::optional<std::string>> { … };

TEST_P(SignedWebBundleReaderBaseUrlTest, IsPassedThroughCorrectly) { … }

INSTANTIATE_TEST_SUITE_P(…);

class UnsecureSignedWebBundleReaderTest : public testing::Test { … };

TEST_F(UnsecureSignedWebBundleReaderTest, ReadValidId) { … }

TEST_F(UnsecureSignedWebBundleReaderTest, ErrorId) { … }

}  // namespace web_app