1 // Copyright 2015 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/http/http_response_info.h"
6
7 #include "base/pickle.h"
8 #include "net/base/proxy_chain.h"
9 #include "net/cert/signed_certificate_timestamp.h"
10 #include "net/cert/signed_certificate_timestamp_and_status.h"
11 #include "net/http/http_response_headers.h"
12 #include "net/ssl/ssl_connection_status_flags.h"
13 #include "net/test/cert_test_util.h"
14 #include "net/test/ct_test_util.h"
15 #include "net/test/test_data_directory.h"
16 #include "testing/gmock/include/gmock/gmock.h"
17 #include "testing/gtest/include/gtest/gtest.h"
18
19 namespace net {
20
21 namespace {
22
23 class HttpResponseInfoTest : public testing::Test {
24 protected:
SetUp()25 void SetUp() override {
26 response_info_.headers = base::MakeRefCounted<HttpResponseHeaders>("");
27 }
28
PickleAndRestore(const HttpResponseInfo & response_info,HttpResponseInfo * restored_response_info) const29 void PickleAndRestore(const HttpResponseInfo& response_info,
30 HttpResponseInfo* restored_response_info) const {
31 base::Pickle pickle;
32 response_info.Persist(&pickle, false, false);
33 bool truncated = false;
34 EXPECT_TRUE(restored_response_info->InitFromPickle(pickle, &truncated));
35 }
36
37 HttpResponseInfo response_info_;
38 };
39
TEST_F(HttpResponseInfoTest,UnusedSincePrefetchDefault)40 TEST_F(HttpResponseInfoTest, UnusedSincePrefetchDefault) {
41 EXPECT_FALSE(response_info_.unused_since_prefetch);
42 }
43
TEST_F(HttpResponseInfoTest,UnusedSincePrefetchCopy)44 TEST_F(HttpResponseInfoTest, UnusedSincePrefetchCopy) {
45 response_info_.unused_since_prefetch = true;
46 HttpResponseInfo response_info_clone(response_info_);
47 EXPECT_TRUE(response_info_clone.unused_since_prefetch);
48 }
49
TEST_F(HttpResponseInfoTest,UnusedSincePrefetchPersistFalse)50 TEST_F(HttpResponseInfoTest, UnusedSincePrefetchPersistFalse) {
51 HttpResponseInfo restored_response_info;
52 PickleAndRestore(response_info_, &restored_response_info);
53 EXPECT_FALSE(restored_response_info.unused_since_prefetch);
54 }
55
TEST_F(HttpResponseInfoTest,UnusedSincePrefetchPersistTrue)56 TEST_F(HttpResponseInfoTest, UnusedSincePrefetchPersistTrue) {
57 response_info_.unused_since_prefetch = true;
58 HttpResponseInfo restored_response_info;
59 PickleAndRestore(response_info_, &restored_response_info);
60 EXPECT_TRUE(restored_response_info.unused_since_prefetch);
61 }
62
TEST_F(HttpResponseInfoTest,ProxyChainDefault)63 TEST_F(HttpResponseInfoTest, ProxyChainDefault) {
64 EXPECT_FALSE(response_info_.proxy_chain.IsValid());
65 EXPECT_FALSE(response_info_.WasFetchedViaProxy());
66 }
67
TEST_F(HttpResponseInfoTest,ProxyChainCopy)68 TEST_F(HttpResponseInfoTest, ProxyChainCopy) {
69 response_info_.proxy_chain =
70 ProxyChain::FromSchemeHostAndPort(ProxyServer::SCHEME_HTTP, "foo", 80);
71 HttpResponseInfo response_info_clone(response_info_);
72 EXPECT_TRUE(response_info_clone.proxy_chain.IsValid());
73 EXPECT_TRUE(response_info_clone.WasFetchedViaProxy());
74 }
75
TEST_F(HttpResponseInfoTest,ProxyChainPersistDirect)76 TEST_F(HttpResponseInfoTest, ProxyChainPersistDirect) {
77 response_info_.proxy_chain = ProxyChain::Direct();
78 HttpResponseInfo restored_response_info;
79 PickleAndRestore(response_info_, &restored_response_info);
80 EXPECT_TRUE(restored_response_info.proxy_chain.IsValid());
81 EXPECT_FALSE(restored_response_info.WasFetchedViaProxy());
82 }
83
TEST_F(HttpResponseInfoTest,ProxyChainPersistProxy)84 TEST_F(HttpResponseInfoTest, ProxyChainPersistProxy) {
85 response_info_.proxy_chain =
86 ProxyChain::FromSchemeHostAndPort(ProxyServer::SCHEME_HTTP, "foo", 80);
87 HttpResponseInfo restored_response_info;
88 PickleAndRestore(response_info_, &restored_response_info);
89 EXPECT_TRUE(restored_response_info.proxy_chain.IsValid());
90 EXPECT_TRUE(restored_response_info.WasFetchedViaProxy());
91 }
92
TEST_F(HttpResponseInfoTest,PKPBypassPersistTrue)93 TEST_F(HttpResponseInfoTest, PKPBypassPersistTrue) {
94 response_info_.ssl_info.pkp_bypassed = true;
95 HttpResponseInfo restored_response_info;
96 PickleAndRestore(response_info_, &restored_response_info);
97 EXPECT_TRUE(restored_response_info.ssl_info.pkp_bypassed);
98 }
99
TEST_F(HttpResponseInfoTest,PKPBypassPersistFalse)100 TEST_F(HttpResponseInfoTest, PKPBypassPersistFalse) {
101 response_info_.ssl_info.pkp_bypassed = false;
102 HttpResponseInfo restored_response_info;
103 PickleAndRestore(response_info_, &restored_response_info);
104 EXPECT_FALSE(restored_response_info.ssl_info.pkp_bypassed);
105 }
106
TEST_F(HttpResponseInfoTest,AsyncRevalidationRequestedDefault)107 TEST_F(HttpResponseInfoTest, AsyncRevalidationRequestedDefault) {
108 EXPECT_FALSE(response_info_.async_revalidation_requested);
109 }
110
TEST_F(HttpResponseInfoTest,AsyncRevalidationRequestedCopy)111 TEST_F(HttpResponseInfoTest, AsyncRevalidationRequestedCopy) {
112 response_info_.async_revalidation_requested = true;
113 HttpResponseInfo response_info_clone(response_info_);
114 EXPECT_TRUE(response_info_clone.async_revalidation_requested);
115 }
116
TEST_F(HttpResponseInfoTest,AsyncRevalidationRequestedAssign)117 TEST_F(HttpResponseInfoTest, AsyncRevalidationRequestedAssign) {
118 response_info_.async_revalidation_requested = true;
119 HttpResponseInfo response_info_clone;
120 response_info_clone = response_info_;
121 EXPECT_TRUE(response_info_clone.async_revalidation_requested);
122 }
123
TEST_F(HttpResponseInfoTest,AsyncRevalidationRequestedNotPersisted)124 TEST_F(HttpResponseInfoTest, AsyncRevalidationRequestedNotPersisted) {
125 response_info_.async_revalidation_requested = true;
126 HttpResponseInfo restored_response_info;
127 PickleAndRestore(response_info_, &restored_response_info);
128 EXPECT_FALSE(restored_response_info.async_revalidation_requested);
129 }
130
TEST_F(HttpResponseInfoTest,StaleRevalidationTimeoutDefault)131 TEST_F(HttpResponseInfoTest, StaleRevalidationTimeoutDefault) {
132 EXPECT_TRUE(response_info_.stale_revalidate_timeout.is_null());
133 }
134
TEST_F(HttpResponseInfoTest,StaleRevalidationTimeoutCopy)135 TEST_F(HttpResponseInfoTest, StaleRevalidationTimeoutCopy) {
136 base::Time test_time = base::Time::FromSecondsSinceUnixEpoch(1000);
137 response_info_.stale_revalidate_timeout = test_time;
138 HttpResponseInfo response_info_clone(response_info_);
139 EXPECT_EQ(test_time, response_info_clone.stale_revalidate_timeout);
140 }
141
TEST_F(HttpResponseInfoTest,StaleRevalidationTimeoutRestoreValue)142 TEST_F(HttpResponseInfoTest, StaleRevalidationTimeoutRestoreValue) {
143 base::Time test_time = base::Time::FromSecondsSinceUnixEpoch(1000);
144 response_info_.stale_revalidate_timeout = test_time;
145 HttpResponseInfo restored_response_info;
146 PickleAndRestore(response_info_, &restored_response_info);
147 EXPECT_EQ(test_time, restored_response_info.stale_revalidate_timeout);
148 }
149
TEST_F(HttpResponseInfoTest,StaleRevalidationTimeoutRestoreNoValue)150 TEST_F(HttpResponseInfoTest, StaleRevalidationTimeoutRestoreNoValue) {
151 EXPECT_TRUE(response_info_.stale_revalidate_timeout.is_null());
152 HttpResponseInfo restored_response_info;
153 PickleAndRestore(response_info_, &restored_response_info);
154 EXPECT_TRUE(restored_response_info.stale_revalidate_timeout.is_null());
155 }
156
157 // Test that key_exchange_group is preserved for ECDHE ciphers.
TEST_F(HttpResponseInfoTest,KeyExchangeGroupECDHE)158 TEST_F(HttpResponseInfoTest, KeyExchangeGroupECDHE) {
159 response_info_.ssl_info.cert =
160 ImportCertFromFile(GetTestCertsDirectory(), "ok_cert.pem");
161 SSLConnectionStatusSetVersion(SSL_CONNECTION_VERSION_TLS1_2,
162 &response_info_.ssl_info.connection_status);
163 SSLConnectionStatusSetCipherSuite(
164 0xcca8 /* TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 */,
165 &response_info_.ssl_info.connection_status);
166 response_info_.ssl_info.key_exchange_group = 23; // secp256r1
167 HttpResponseInfo restored_response_info;
168 PickleAndRestore(response_info_, &restored_response_info);
169 EXPECT_EQ(23, restored_response_info.ssl_info.key_exchange_group);
170 }
171
172 // Test that key_exchange_group is preserved for TLS 1.3.
TEST_F(HttpResponseInfoTest,KeyExchangeGroupTLS13)173 TEST_F(HttpResponseInfoTest, KeyExchangeGroupTLS13) {
174 response_info_.ssl_info.cert =
175 ImportCertFromFile(GetTestCertsDirectory(), "ok_cert.pem");
176 SSLConnectionStatusSetVersion(SSL_CONNECTION_VERSION_TLS1_3,
177 &response_info_.ssl_info.connection_status);
178 SSLConnectionStatusSetCipherSuite(0x1303 /* TLS_CHACHA20_POLY1305_SHA256 */,
179 &response_info_.ssl_info.connection_status);
180 response_info_.ssl_info.key_exchange_group = 23; // secp256r1
181 HttpResponseInfo restored_response_info;
182 PickleAndRestore(response_info_, &restored_response_info);
183 EXPECT_EQ(23, restored_response_info.ssl_info.key_exchange_group);
184 }
185
186 // Test that key_exchange_group is discarded for non-ECDHE ciphers prior to TLS
187 // 1.3, to account for the historical key_exchange_info field. See
188 // https://crbug.com/639421.
TEST_F(HttpResponseInfoTest,LegacyKeyExchangeInfoDHE)189 TEST_F(HttpResponseInfoTest, LegacyKeyExchangeInfoDHE) {
190 response_info_.ssl_info.cert =
191 ImportCertFromFile(GetTestCertsDirectory(), "ok_cert.pem");
192 SSLConnectionStatusSetVersion(SSL_CONNECTION_VERSION_TLS1_2,
193 &response_info_.ssl_info.connection_status);
194 SSLConnectionStatusSetCipherSuite(
195 0x0093 /* TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 */,
196 &response_info_.ssl_info.connection_status);
197 response_info_.ssl_info.key_exchange_group = 1024;
198 HttpResponseInfo restored_response_info;
199 PickleAndRestore(response_info_, &restored_response_info);
200 EXPECT_EQ(0, restored_response_info.ssl_info.key_exchange_group);
201 }
202
203 // Test that key_exchange_group is discarded for unknown ciphers prior to TLS
204 // 1.3, to account for the historical key_exchange_info field. See
205 // https://crbug.com/639421.
TEST_F(HttpResponseInfoTest,LegacyKeyExchangeInfoUnknown)206 TEST_F(HttpResponseInfoTest, LegacyKeyExchangeInfoUnknown) {
207 response_info_.ssl_info.cert =
208 ImportCertFromFile(GetTestCertsDirectory(), "ok_cert.pem");
209 SSLConnectionStatusSetVersion(SSL_CONNECTION_VERSION_TLS1_2,
210 &response_info_.ssl_info.connection_status);
211 SSLConnectionStatusSetCipherSuite(0xffff,
212 &response_info_.ssl_info.connection_status);
213 response_info_.ssl_info.key_exchange_group = 1024;
214 HttpResponseInfo restored_response_info;
215 PickleAndRestore(response_info_, &restored_response_info);
216 EXPECT_EQ(0, restored_response_info.ssl_info.key_exchange_group);
217 }
218
219 // Test that peer_signature_algorithm is preserved.
TEST_F(HttpResponseInfoTest,PeerSignatureAlgorithm)220 TEST_F(HttpResponseInfoTest, PeerSignatureAlgorithm) {
221 response_info_.ssl_info.cert =
222 ImportCertFromFile(GetTestCertsDirectory(), "ok_cert.pem");
223 response_info_.ssl_info.peer_signature_algorithm =
224 0x0804; // rsa_pss_rsae_sha256
225 HttpResponseInfo restored_response_info;
226 PickleAndRestore(response_info_, &restored_response_info);
227 EXPECT_EQ(0x0804, restored_response_info.ssl_info.peer_signature_algorithm);
228 }
229
230 // Test that encrypted_client_hello is preserved.
TEST_F(HttpResponseInfoTest,EncryptedClientHello)231 TEST_F(HttpResponseInfoTest, EncryptedClientHello) {
232 response_info_.ssl_info.cert =
233 ImportCertFromFile(GetTestCertsDirectory(), "ok_cert.pem");
234 {
235 HttpResponseInfo restored_response_info;
236 PickleAndRestore(response_info_, &restored_response_info);
237 EXPECT_FALSE(restored_response_info.ssl_info.encrypted_client_hello);
238 }
239
240 response_info_.ssl_info.encrypted_client_hello = true;
241 {
242 HttpResponseInfo restored_response_info;
243 PickleAndRestore(response_info_, &restored_response_info);
244 EXPECT_TRUE(restored_response_info.ssl_info.encrypted_client_hello);
245 }
246 }
247
248 // Tests that cache entries loaded over SSLv3 (no longer supported) are dropped.
TEST_F(HttpResponseInfoTest,FailsInitFromPickleWithSSLV3)249 TEST_F(HttpResponseInfoTest, FailsInitFromPickleWithSSLV3) {
250 // A valid certificate is needed for ssl_info.is_valid() to be true.
251 response_info_.ssl_info.cert =
252 ImportCertFromFile(GetTestCertsDirectory(), "ok_cert.pem");
253
254 // Non-SSLv3 versions should succeed.
255 SSLConnectionStatusSetVersion(SSL_CONNECTION_VERSION_TLS1_2,
256 &response_info_.ssl_info.connection_status);
257 base::Pickle tls12_pickle;
258 response_info_.Persist(&tls12_pickle, false, false);
259 bool truncated = false;
260 HttpResponseInfo restored_tls12_response_info;
261 EXPECT_TRUE(
262 restored_tls12_response_info.InitFromPickle(tls12_pickle, &truncated));
263 EXPECT_EQ(SSL_CONNECTION_VERSION_TLS1_2,
264 SSLConnectionStatusToVersion(
265 restored_tls12_response_info.ssl_info.connection_status));
266 EXPECT_FALSE(truncated);
267
268 // SSLv3 should fail.
269 SSLConnectionStatusSetVersion(SSL_CONNECTION_VERSION_SSL3,
270 &response_info_.ssl_info.connection_status);
271 base::Pickle ssl3_pickle;
272 response_info_.Persist(&ssl3_pickle, false, false);
273 HttpResponseInfo restored_ssl3_response_info;
274 EXPECT_FALSE(
275 restored_ssl3_response_info.InitFromPickle(ssl3_pickle, &truncated));
276 }
277
278 // Test that `dns_aliases` is preserved.
TEST_F(HttpResponseInfoTest,DnsAliases)279 TEST_F(HttpResponseInfoTest, DnsAliases) {
280 response_info_.dns_aliases = {"alias1", "alias2", "alias3"};
281 HttpResponseInfo restored_response_info;
282 PickleAndRestore(response_info_, &restored_response_info);
283 EXPECT_THAT(restored_response_info.dns_aliases,
284 testing::ElementsAre("alias1", "alias2", "alias3"));
285 }
286
287 // Test that an empty `dns_aliases` is preserved and doesn't throw an error.
TEST_F(HttpResponseInfoTest,EmptyDnsAliases)288 TEST_F(HttpResponseInfoTest, EmptyDnsAliases) {
289 response_info_.dns_aliases = {};
290 HttpResponseInfo restored_response_info;
291 PickleAndRestore(response_info_, &restored_response_info);
292 EXPECT_TRUE(restored_response_info.dns_aliases.empty());
293 }
294
295 // Test that `browser_run_id` is preserved.
TEST_F(HttpResponseInfoTest,BrowserRunId)296 TEST_F(HttpResponseInfoTest, BrowserRunId) {
297 response_info_.browser_run_id = 1;
298 HttpResponseInfo restored_response_info;
299 PickleAndRestore(response_info_, &restored_response_info);
300 EXPECT_EQ(1, restored_response_info.browser_run_id);
301 }
302
303 // Test that an empty `browser_run_id` is preserved and doesn't throw an error.
TEST_F(HttpResponseInfoTest,EmptyBrowserRunId)304 TEST_F(HttpResponseInfoTest, EmptyBrowserRunId) {
305 response_info_.browser_run_id = std::nullopt;
306 HttpResponseInfo restored_response_info;
307 PickleAndRestore(response_info_, &restored_response_info);
308 EXPECT_FALSE(restored_response_info.browser_run_id.has_value());
309 }
310
311 // Test that did_use_shared_dictionary is preserved .
TEST_F(HttpResponseInfoTest,DidUseSharedDictionary)312 TEST_F(HttpResponseInfoTest, DidUseSharedDictionary) {
313 response_info_.did_use_shared_dictionary = true;
314 HttpResponseInfo restored_response_info;
315 PickleAndRestore(response_info_, &restored_response_info);
316 EXPECT_TRUE(restored_response_info.did_use_shared_dictionary);
317 }
318
319 } // namespace
320
321 } // namespace net
322