blob: 2b6dab3284ba8639680dc7f5b3d60bac9dbc0221 [file] [log] [blame]
// Copyright 2015 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "net/http/http_response_info.h"
#include "base/pickle.h"
#include "net/cert/signed_certificate_timestamp.h"
#include "net/cert/signed_certificate_timestamp_and_status.h"
#include "net/http/http_response_headers.h"
#include "net/ssl/ssl_connection_status_flags.h"
#include "net/test/cert_test_util.h"
#include "net/test/ct_test_util.h"
#include "net/test/test_data_directory.h"
#include "testing/gtest/include/gtest/gtest.h"
#include "third_party/boringssl/src/include/openssl/ssl.h"
namespace net {
namespace {
class HttpResponseInfoTest : public testing::Test {
protected:
void SetUp() override {
response_info_.headers = new HttpResponseHeaders("");
}
void PickleAndRestore(const HttpResponseInfo& response_info,
HttpResponseInfo* restored_response_info) const {
base::Pickle pickle;
response_info.Persist(&pickle, false, false);
bool truncated = false;
EXPECT_TRUE(restored_response_info->InitFromPickle(pickle, &truncated));
}
HttpResponseInfo response_info_;
};
TEST_F(HttpResponseInfoTest, UnusedSincePrefetchDefault) {
EXPECT_FALSE(response_info_.unused_since_prefetch);
}
TEST_F(HttpResponseInfoTest, UnusedSincePrefetchCopy) {
response_info_.unused_since_prefetch = true;
HttpResponseInfo response_info_clone(response_info_);
EXPECT_TRUE(response_info_clone.unused_since_prefetch);
}
TEST_F(HttpResponseInfoTest, UnusedSincePrefetchPersistFalse) {
HttpResponseInfo restored_response_info;
PickleAndRestore(response_info_, &restored_response_info);
EXPECT_FALSE(restored_response_info.unused_since_prefetch);
}
TEST_F(HttpResponseInfoTest, UnusedSincePrefetchPersistTrue) {
response_info_.unused_since_prefetch = true;
HttpResponseInfo restored_response_info;
PickleAndRestore(response_info_, &restored_response_info);
EXPECT_TRUE(restored_response_info.unused_since_prefetch);
}
TEST_F(HttpResponseInfoTest, PKPBypassPersistTrue) {
response_info_.ssl_info.pkp_bypassed = true;
HttpResponseInfo restored_response_info;
PickleAndRestore(response_info_, &restored_response_info);
EXPECT_TRUE(restored_response_info.ssl_info.pkp_bypassed);
}
TEST_F(HttpResponseInfoTest, PKPBypassPersistFalse) {
response_info_.ssl_info.pkp_bypassed = false;
HttpResponseInfo restored_response_info;
PickleAndRestore(response_info_, &restored_response_info);
EXPECT_FALSE(restored_response_info.ssl_info.pkp_bypassed);
}
TEST_F(HttpResponseInfoTest, AsyncRevalidationRequestedDefault) {
EXPECT_FALSE(response_info_.async_revalidation_requested);
}
TEST_F(HttpResponseInfoTest, AsyncRevalidationRequestedCopy) {
response_info_.async_revalidation_requested = true;
net::HttpResponseInfo response_info_clone(response_info_);
EXPECT_TRUE(response_info_clone.async_revalidation_requested);
}
TEST_F(HttpResponseInfoTest, AsyncRevalidationRequestedAssign) {
response_info_.async_revalidation_requested = true;
net::HttpResponseInfo response_info_clone;
response_info_clone = response_info_;
EXPECT_TRUE(response_info_clone.async_revalidation_requested);
}
TEST_F(HttpResponseInfoTest, AsyncRevalidationRequestedNotPersisted) {
response_info_.async_revalidation_requested = true;
net::HttpResponseInfo restored_response_info;
PickleAndRestore(response_info_, &restored_response_info);
EXPECT_FALSE(restored_response_info.async_revalidation_requested);
}
TEST_F(HttpResponseInfoTest, StaleRevalidationTimeoutDefault) {
EXPECT_TRUE(response_info_.stale_revalidate_timeout.is_null());
}
TEST_F(HttpResponseInfoTest, StaleRevalidationTimeoutCopy) {
base::Time test_time = base::Time::FromDoubleT(1000);
response_info_.stale_revalidate_timeout = test_time;
HttpResponseInfo response_info_clone(response_info_);
EXPECT_EQ(test_time, response_info_clone.stale_revalidate_timeout);
}
TEST_F(HttpResponseInfoTest, StaleRevalidationTimeoutRestoreValue) {
base::Time test_time = base::Time::FromDoubleT(1000);
response_info_.stale_revalidate_timeout = test_time;
HttpResponseInfo restored_response_info;
PickleAndRestore(response_info_, &restored_response_info);
EXPECT_EQ(test_time, restored_response_info.stale_revalidate_timeout);
}
TEST_F(HttpResponseInfoTest, StaleRevalidationTimeoutRestoreNoValue) {
EXPECT_TRUE(response_info_.stale_revalidate_timeout.is_null());
HttpResponseInfo restored_response_info;
PickleAndRestore(response_info_, &restored_response_info);
EXPECT_TRUE(restored_response_info.stale_revalidate_timeout.is_null());
}
// Test that key_exchange_group is preserved for ECDHE ciphers.
TEST_F(HttpResponseInfoTest, KeyExchangeGroupECDHE) {
response_info_.ssl_info.cert =
ImportCertFromFile(GetTestCertsDirectory(), "ok_cert.pem");
SSLConnectionStatusSetVersion(SSL_CONNECTION_VERSION_TLS1_2,
&response_info_.ssl_info.connection_status);
SSLConnectionStatusSetCipherSuite(
0xcca8 /* TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 */,
&response_info_.ssl_info.connection_status);
response_info_.ssl_info.key_exchange_group = 23; // X25519
net::HttpResponseInfo restored_response_info;
PickleAndRestore(response_info_, &restored_response_info);
EXPECT_EQ(23, restored_response_info.ssl_info.key_exchange_group);
}
// Test that key_exchange_group is preserved for TLS 1.3.
TEST_F(HttpResponseInfoTest, KeyExchangeGroupTLS13) {
response_info_.ssl_info.cert =
ImportCertFromFile(GetTestCertsDirectory(), "ok_cert.pem");
SSLConnectionStatusSetVersion(SSL_CONNECTION_VERSION_TLS1_3,
&response_info_.ssl_info.connection_status);
SSLConnectionStatusSetCipherSuite(0x1303 /* TLS_CHACHA20_POLY1305_SHA256 */,
&response_info_.ssl_info.connection_status);
response_info_.ssl_info.key_exchange_group = 23; // X25519
net::HttpResponseInfo restored_response_info;
PickleAndRestore(response_info_, &restored_response_info);
EXPECT_EQ(23, restored_response_info.ssl_info.key_exchange_group);
}
// Test that key_exchange_group is discarded for non-ECDHE ciphers prior to TLS
// 1.3, to account for the historical key_exchange_info field. See
// https://crbug.com/639421.
TEST_F(HttpResponseInfoTest, LegacyKeyExchangeInfoDHE) {
response_info_.ssl_info.cert =
ImportCertFromFile(GetTestCertsDirectory(), "ok_cert.pem");
SSLConnectionStatusSetVersion(SSL_CONNECTION_VERSION_TLS1_2,
&response_info_.ssl_info.connection_status);
SSLConnectionStatusSetCipherSuite(
0x0093 /* TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 */,
&response_info_.ssl_info.connection_status);
response_info_.ssl_info.key_exchange_group = 1024;
net::HttpResponseInfo restored_response_info;
PickleAndRestore(response_info_, &restored_response_info);
EXPECT_EQ(0, restored_response_info.ssl_info.key_exchange_group);
}
// Test that key_exchange_group is discarded for unknown ciphers prior to TLS
// 1.3, to account for the historical key_exchange_info field. See
// https://crbug.com/639421.
TEST_F(HttpResponseInfoTest, LegacyKeyExchangeInfoUnknown) {
response_info_.ssl_info.cert =
ImportCertFromFile(GetTestCertsDirectory(), "ok_cert.pem");
SSLConnectionStatusSetVersion(SSL_CONNECTION_VERSION_TLS1_2,
&response_info_.ssl_info.connection_status);
SSLConnectionStatusSetCipherSuite(0xffff,
&response_info_.ssl_info.connection_status);
response_info_.ssl_info.key_exchange_group = 1024;
net::HttpResponseInfo restored_response_info;
PickleAndRestore(response_info_, &restored_response_info);
EXPECT_EQ(0, restored_response_info.ssl_info.key_exchange_group);
}
// Tests that cache entries loaded over SSLv3 (no longer supported) are dropped.
TEST_F(HttpResponseInfoTest, FailsInitFromPickleWithSSLV3) {
// A valid certificate is needed for ssl_info.is_valid() to be true.
response_info_.ssl_info.cert =
ImportCertFromFile(GetTestCertsDirectory(), "ok_cert.pem");
// Non-SSLv3 versions should succeed.
SSLConnectionStatusSetVersion(SSL_CONNECTION_VERSION_TLS1_2,
&response_info_.ssl_info.connection_status);
base::Pickle tls12_pickle;
response_info_.Persist(&tls12_pickle, false, false);
bool truncated = false;
net::HttpResponseInfo restored_tls12_response_info;
EXPECT_TRUE(
restored_tls12_response_info.InitFromPickle(tls12_pickle, &truncated));
EXPECT_EQ(SSL_CONNECTION_VERSION_TLS1_2,
SSLConnectionStatusToVersion(
restored_tls12_response_info.ssl_info.connection_status));
EXPECT_FALSE(truncated);
// SSLv3 should fail.
SSLConnectionStatusSetVersion(SSL_CONNECTION_VERSION_SSL3,
&response_info_.ssl_info.connection_status);
base::Pickle ssl3_pickle;
response_info_.Persist(&ssl3_pickle, false, false);
net::HttpResponseInfo restored_ssl3_response_info;
EXPECT_FALSE(
restored_ssl3_response_info.InitFromPickle(ssl3_pickle, &truncated));
}
TEST_F(HttpResponseInfoTest, InitFromPickleWithQUIC) {
// A valid certificate is needed for ssl_info.is_valid() to be true.
response_info_.ssl_info.cert =
ImportCertFromFile(GetTestCertsDirectory(), "ok_cert.pem");
// Set the signature algorithm.
response_info_.ssl_info.peer_signature_algorithm = SSL_SIGN_RSA_PKCS1_SHA1;
base::Pickle pickle;
response_info_.Persist(&pickle, false, false);
bool truncated = false;
net::HttpResponseInfo restored_response_info;
EXPECT_TRUE(restored_response_info.InitFromPickle(pickle, &truncated));
EXPECT_EQ(SSL_SIGN_RSA_PKCS1_SHA1,
restored_response_info.ssl_info.peer_signature_algorithm);
}
} // namespace
} // namespace net