OLD | NEW |
1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "components/certificate_transparency/log_dns_client.h" | 5 #include "components/certificate_transparency/log_dns_client.h" |
6 | 6 |
7 #include <memory> | 7 #include <memory> |
8 #include <numeric> | 8 #include <numeric> |
9 #include <string> | 9 #include <string> |
10 #include <utility> | 10 #include <utility> |
(...skipping 113 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
124 // test. It is accessed statically by LogDnsClient. | 124 // test. It is accessed statically by LogDnsClient. |
125 std::unique_ptr<net::NetworkChangeNotifier> network_change_notifier_; | 125 std::unique_ptr<net::NetworkChangeNotifier> network_change_notifier_; |
126 // Queues and handles asynchronous DNS tasks. Indirectly used by LogDnsClient, | 126 // Queues and handles asynchronous DNS tasks. Indirectly used by LogDnsClient, |
127 // the underlying net::DnsClient, and NetworkChangeNotifier. | 127 // the underlying net::DnsClient, and NetworkChangeNotifier. |
128 base::MessageLoopForIO message_loop_; | 128 base::MessageLoopForIO message_loop_; |
129 // Allows mock DNS sockets to be setup. | 129 // Allows mock DNS sockets to be setup. |
130 MockLogDnsTraffic mock_dns_; | 130 MockLogDnsTraffic mock_dns_; |
131 }; | 131 }; |
132 | 132 |
133 TEST_P(LogDnsClientTest, QueryAuditProofReportsThatLogDomainDoesNotExist) { | 133 TEST_P(LogDnsClientTest, QueryAuditProofReportsThatLogDomainDoesNotExist) { |
134 mock_dns_.ExpectRequestAndErrorResponse(kLeafIndexQnames[0], | 134 ASSERT_TRUE(mock_dns_.ExpectRequestAndErrorResponse( |
135 net::dns_protocol::kRcodeNXDOMAIN); | 135 kLeafIndexQnames[0], net::dns_protocol::kRcodeNXDOMAIN)); |
136 | 136 |
137 net::ct::MerkleAuditProof proof; | 137 net::ct::MerkleAuditProof proof; |
138 ASSERT_THAT(QueryAuditProof("ct.test", kLeafHashes[0], kTreeSizes[0], &proof), | 138 ASSERT_THAT(QueryAuditProof("ct.test", kLeafHashes[0], kTreeSizes[0], &proof), |
139 IsError(net::ERR_NAME_NOT_RESOLVED)); | 139 IsError(net::ERR_NAME_NOT_RESOLVED)); |
140 } | 140 } |
141 | 141 |
142 TEST_P(LogDnsClientTest, | 142 TEST_P(LogDnsClientTest, |
143 QueryAuditProofReportsServerFailuresDuringLeafIndexRequests) { | 143 QueryAuditProofReportsServerFailuresDuringLeafIndexRequests) { |
144 mock_dns_.ExpectRequestAndErrorResponse(kLeafIndexQnames[0], | 144 ASSERT_TRUE(mock_dns_.ExpectRequestAndErrorResponse( |
145 net::dns_protocol::kRcodeSERVFAIL); | 145 kLeafIndexQnames[0], net::dns_protocol::kRcodeSERVFAIL)); |
146 | 146 |
147 net::ct::MerkleAuditProof proof; | 147 net::ct::MerkleAuditProof proof; |
148 ASSERT_THAT(QueryAuditProof("ct.test", kLeafHashes[0], kTreeSizes[0], &proof), | 148 ASSERT_THAT(QueryAuditProof("ct.test", kLeafHashes[0], kTreeSizes[0], &proof), |
149 IsError(net::ERR_DNS_SERVER_FAILED)); | 149 IsError(net::ERR_DNS_SERVER_FAILED)); |
150 } | 150 } |
151 | 151 |
152 TEST_P(LogDnsClientTest, | 152 TEST_P(LogDnsClientTest, |
153 QueryAuditProofReportsServerRefusalsDuringLeafIndexRequests) { | 153 QueryAuditProofReportsServerRefusalsDuringLeafIndexRequests) { |
154 mock_dns_.ExpectRequestAndErrorResponse(kLeafIndexQnames[0], | 154 ASSERT_TRUE(mock_dns_.ExpectRequestAndErrorResponse( |
155 net::dns_protocol::kRcodeREFUSED); | 155 kLeafIndexQnames[0], net::dns_protocol::kRcodeREFUSED)); |
156 | 156 |
157 net::ct::MerkleAuditProof proof; | 157 net::ct::MerkleAuditProof proof; |
158 ASSERT_THAT(QueryAuditProof("ct.test", kLeafHashes[0], kTreeSizes[0], &proof), | 158 ASSERT_THAT(QueryAuditProof("ct.test", kLeafHashes[0], kTreeSizes[0], &proof), |
159 IsError(net::ERR_DNS_SERVER_FAILED)); | 159 IsError(net::ERR_DNS_SERVER_FAILED)); |
160 } | 160 } |
161 | 161 |
162 TEST_P( | 162 TEST_P( |
163 LogDnsClientTest, | 163 LogDnsClientTest, |
164 QueryAuditProofReportsMalformedResponseIfLeafIndexResponseContainsNoStrings)
{ | 164 QueryAuditProofReportsMalformedResponseIfLeafIndexResponseContainsNoStrings)
{ |
165 mock_dns_.ExpectRequestAndResponse(kLeafIndexQnames[0], | 165 ASSERT_TRUE(mock_dns_.ExpectRequestAndResponse( |
166 std::vector<base::StringPiece>()); | 166 kLeafIndexQnames[0], std::vector<base::StringPiece>())); |
167 | 167 |
168 net::ct::MerkleAuditProof proof; | 168 net::ct::MerkleAuditProof proof; |
169 ASSERT_THAT(QueryAuditProof("ct.test", kLeafHashes[0], kTreeSizes[0], &proof), | 169 ASSERT_THAT(QueryAuditProof("ct.test", kLeafHashes[0], kTreeSizes[0], &proof), |
170 IsError(net::ERR_DNS_MALFORMED_RESPONSE)); | 170 IsError(net::ERR_DNS_MALFORMED_RESPONSE)); |
171 } | 171 } |
172 | 172 |
173 TEST_P( | 173 TEST_P( |
174 LogDnsClientTest, | 174 LogDnsClientTest, |
175 QueryAuditProofReportsMalformedResponseIfLeafIndexResponseContainsMoreThanOn
eString) { | 175 QueryAuditProofReportsMalformedResponseIfLeafIndexResponseContainsMoreThanOn
eString) { |
176 mock_dns_.ExpectRequestAndResponse(kLeafIndexQnames[0], {"123456", "7"}); | 176 ASSERT_TRUE( |
| 177 mock_dns_.ExpectRequestAndResponse(kLeafIndexQnames[0], {"123456", "7"})); |
177 | 178 |
178 net::ct::MerkleAuditProof proof; | 179 net::ct::MerkleAuditProof proof; |
179 ASSERT_THAT(QueryAuditProof("ct.test", kLeafHashes[0], kTreeSizes[0], &proof), | 180 ASSERT_THAT(QueryAuditProof("ct.test", kLeafHashes[0], kTreeSizes[0], &proof), |
180 IsError(net::ERR_DNS_MALFORMED_RESPONSE)); | 181 IsError(net::ERR_DNS_MALFORMED_RESPONSE)); |
181 } | 182 } |
182 | 183 |
183 TEST_P(LogDnsClientTest, | 184 TEST_P(LogDnsClientTest, |
184 QueryAuditProofReportsMalformedResponseIfLeafIndexIsNotNumeric) { | 185 QueryAuditProofReportsMalformedResponseIfLeafIndexIsNotNumeric) { |
185 mock_dns_.ExpectRequestAndResponse(kLeafIndexQnames[0], {"foo"}); | 186 ASSERT_TRUE(mock_dns_.ExpectRequestAndResponse(kLeafIndexQnames[0], {"foo"})); |
186 | 187 |
187 net::ct::MerkleAuditProof proof; | 188 net::ct::MerkleAuditProof proof; |
188 ASSERT_THAT(QueryAuditProof("ct.test", kLeafHashes[0], kTreeSizes[0], &proof), | 189 ASSERT_THAT(QueryAuditProof("ct.test", kLeafHashes[0], kTreeSizes[0], &proof), |
189 IsError(net::ERR_DNS_MALFORMED_RESPONSE)); | 190 IsError(net::ERR_DNS_MALFORMED_RESPONSE)); |
190 } | 191 } |
191 | 192 |
192 TEST_P(LogDnsClientTest, | 193 TEST_P(LogDnsClientTest, |
193 QueryAuditProofReportsMalformedResponseIfLeafIndexIsFloatingPoint) { | 194 QueryAuditProofReportsMalformedResponseIfLeafIndexIsFloatingPoint) { |
194 mock_dns_.ExpectRequestAndResponse(kLeafIndexQnames[0], {"123456.0"}); | 195 ASSERT_TRUE( |
| 196 mock_dns_.ExpectRequestAndResponse(kLeafIndexQnames[0], {"123456.0"})); |
195 | 197 |
196 net::ct::MerkleAuditProof proof; | 198 net::ct::MerkleAuditProof proof; |
197 ASSERT_THAT(QueryAuditProof("ct.test", kLeafHashes[0], kTreeSizes[0], &proof), | 199 ASSERT_THAT(QueryAuditProof("ct.test", kLeafHashes[0], kTreeSizes[0], &proof), |
198 IsError(net::ERR_DNS_MALFORMED_RESPONSE)); | 200 IsError(net::ERR_DNS_MALFORMED_RESPONSE)); |
199 } | 201 } |
200 | 202 |
201 TEST_P(LogDnsClientTest, | 203 TEST_P(LogDnsClientTest, |
202 QueryAuditProofReportsMalformedResponseIfLeafIndexIsEmpty) { | 204 QueryAuditProofReportsMalformedResponseIfLeafIndexIsEmpty) { |
203 mock_dns_.ExpectRequestAndResponse(kLeafIndexQnames[0], {""}); | 205 ASSERT_TRUE(mock_dns_.ExpectRequestAndResponse(kLeafIndexQnames[0], {""})); |
204 | 206 |
205 net::ct::MerkleAuditProof proof; | 207 net::ct::MerkleAuditProof proof; |
206 ASSERT_THAT(QueryAuditProof("ct.test", kLeafHashes[0], kTreeSizes[0], &proof), | 208 ASSERT_THAT(QueryAuditProof("ct.test", kLeafHashes[0], kTreeSizes[0], &proof), |
207 IsError(net::ERR_DNS_MALFORMED_RESPONSE)); | 209 IsError(net::ERR_DNS_MALFORMED_RESPONSE)); |
208 } | 210 } |
209 | 211 |
210 TEST_P(LogDnsClientTest, | 212 TEST_P(LogDnsClientTest, |
211 QueryAuditProofReportsMalformedResponseIfLeafIndexHasNonNumericPrefix) { | 213 QueryAuditProofReportsMalformedResponseIfLeafIndexHasNonNumericPrefix) { |
212 mock_dns_.ExpectRequestAndResponse(kLeafIndexQnames[0], {"foo123456"}); | 214 ASSERT_TRUE( |
| 215 mock_dns_.ExpectRequestAndResponse(kLeafIndexQnames[0], {"foo123456"})); |
213 | 216 |
214 net::ct::MerkleAuditProof proof; | 217 net::ct::MerkleAuditProof proof; |
215 ASSERT_THAT(QueryAuditProof("ct.test", kLeafHashes[0], kTreeSizes[0], &proof), | 218 ASSERT_THAT(QueryAuditProof("ct.test", kLeafHashes[0], kTreeSizes[0], &proof), |
216 IsError(net::ERR_DNS_MALFORMED_RESPONSE)); | 219 IsError(net::ERR_DNS_MALFORMED_RESPONSE)); |
217 } | 220 } |
218 | 221 |
219 TEST_P(LogDnsClientTest, | 222 TEST_P(LogDnsClientTest, |
220 QueryAuditProofReportsMalformedResponseIfLeafIndexHasNonNumericSuffix) { | 223 QueryAuditProofReportsMalformedResponseIfLeafIndexHasNonNumericSuffix) { |
221 mock_dns_.ExpectRequestAndResponse(kLeafIndexQnames[0], {"123456foo"}); | 224 ASSERT_TRUE( |
| 225 mock_dns_.ExpectRequestAndResponse(kLeafIndexQnames[0], {"123456foo"})); |
222 | 226 |
223 net::ct::MerkleAuditProof proof; | 227 net::ct::MerkleAuditProof proof; |
224 ASSERT_THAT(QueryAuditProof("ct.test", kLeafHashes[0], kTreeSizes[0], &proof), | 228 ASSERT_THAT(QueryAuditProof("ct.test", kLeafHashes[0], kTreeSizes[0], &proof), |
225 IsError(net::ERR_DNS_MALFORMED_RESPONSE)); | 229 IsError(net::ERR_DNS_MALFORMED_RESPONSE)); |
226 } | 230 } |
227 | 231 |
228 TEST_P(LogDnsClientTest, QueryAuditProofReportsInvalidArgIfLogDomainIsEmpty) { | 232 TEST_P(LogDnsClientTest, QueryAuditProofReportsInvalidArgIfLogDomainIsEmpty) { |
229 net::ct::MerkleAuditProof proof; | 233 net::ct::MerkleAuditProof proof; |
230 ASSERT_THAT(QueryAuditProof("", kLeafHashes[0], kTreeSizes[0], &proof), | 234 ASSERT_THAT(QueryAuditProof("", kLeafHashes[0], kTreeSizes[0], &proof), |
231 IsError(net::ERR_INVALID_ARGUMENT)); | 235 IsError(net::ERR_INVALID_ARGUMENT)); |
232 } | 236 } |
233 | 237 |
234 TEST_P(LogDnsClientTest, QueryAuditProofReportsInvalidArgIfLeafHashIsInvalid) { | 238 TEST_P(LogDnsClientTest, QueryAuditProofReportsInvalidArgIfLeafHashIsInvalid) { |
235 net::ct::MerkleAuditProof proof; | 239 net::ct::MerkleAuditProof proof; |
236 ASSERT_THAT(QueryAuditProof("ct.test", "foo", kTreeSizes[0], &proof), | 240 ASSERT_THAT(QueryAuditProof("ct.test", "foo", kTreeSizes[0], &proof), |
237 IsError(net::ERR_INVALID_ARGUMENT)); | 241 IsError(net::ERR_INVALID_ARGUMENT)); |
238 } | 242 } |
239 | 243 |
240 TEST_P(LogDnsClientTest, QueryAuditProofReportsInvalidArgIfLeafHashIsEmpty) { | 244 TEST_P(LogDnsClientTest, QueryAuditProofReportsInvalidArgIfLeafHashIsEmpty) { |
241 net::ct::MerkleAuditProof proof; | 245 net::ct::MerkleAuditProof proof; |
242 ASSERT_THAT(QueryAuditProof("ct.test", "", kTreeSizes[0], &proof), | 246 ASSERT_THAT(QueryAuditProof("ct.test", "", kTreeSizes[0], &proof), |
243 IsError(net::ERR_INVALID_ARGUMENT)); | 247 IsError(net::ERR_INVALID_ARGUMENT)); |
244 } | 248 } |
245 | 249 |
246 TEST_P(LogDnsClientTest, | 250 TEST_P(LogDnsClientTest, |
247 QueryAuditProofReportsSocketErrorsDuringLeafIndexRequests) { | 251 QueryAuditProofReportsSocketErrorsDuringLeafIndexRequests) { |
248 mock_dns_.ExpectRequestAndSocketError(kLeafIndexQnames[0], | 252 ASSERT_TRUE(mock_dns_.ExpectRequestAndSocketError( |
249 net::ERR_CONNECTION_REFUSED); | 253 kLeafIndexQnames[0], net::ERR_CONNECTION_REFUSED)); |
250 | 254 |
251 net::ct::MerkleAuditProof proof; | 255 net::ct::MerkleAuditProof proof; |
252 ASSERT_THAT(QueryAuditProof("ct.test", kLeafHashes[0], kTreeSizes[0], &proof), | 256 ASSERT_THAT(QueryAuditProof("ct.test", kLeafHashes[0], kTreeSizes[0], &proof), |
253 IsError(net::ERR_CONNECTION_REFUSED)); | 257 IsError(net::ERR_CONNECTION_REFUSED)); |
254 } | 258 } |
255 | 259 |
256 TEST_P(LogDnsClientTest, | 260 TEST_P(LogDnsClientTest, |
257 QueryAuditProofReportsTimeoutsDuringLeafIndexRequests) { | 261 QueryAuditProofReportsTimeoutsDuringLeafIndexRequests) { |
258 mock_dns_.ExpectRequestAndTimeout(kLeafIndexQnames[0]); | 262 ASSERT_TRUE(mock_dns_.ExpectRequestAndTimeout(kLeafIndexQnames[0])); |
259 | 263 |
260 net::ct::MerkleAuditProof proof; | 264 net::ct::MerkleAuditProof proof; |
261 ASSERT_THAT(QueryAuditProof("ct.test", kLeafHashes[0], kTreeSizes[0], &proof), | 265 ASSERT_THAT(QueryAuditProof("ct.test", kLeafHashes[0], kTreeSizes[0], &proof), |
262 IsError(net::ERR_DNS_TIMED_OUT)); | 266 IsError(net::ERR_DNS_TIMED_OUT)); |
263 } | 267 } |
264 | 268 |
265 TEST_P(LogDnsClientTest, QueryAuditProof) { | 269 TEST_P(LogDnsClientTest, QueryAuditProof) { |
266 const std::vector<std::string> audit_proof = GetSampleAuditProof(20); | 270 const std::vector<std::string> audit_proof = GetSampleAuditProof(20); |
267 | 271 |
268 // Expect a leaf index query first, to map the leaf hash to a leaf index. | 272 // Expect a leaf index query first, to map the leaf hash to a leaf index. |
269 mock_dns_.ExpectLeafIndexRequestAndResponse(kLeafIndexQnames[0], 123456); | 273 ASSERT_TRUE( |
| 274 mock_dns_.ExpectLeafIndexRequestAndResponse(kLeafIndexQnames[0], 123456)); |
270 | 275 |
271 // It takes a number of DNS requests to retrieve the entire |audit_proof| | 276 // It takes a number of DNS requests to retrieve the entire |audit_proof| |
272 // (see |kMaxProofNodesPerDnsResponse|). | 277 // (see |kMaxProofNodesPerDnsResponse|). |
273 for (size_t nodes_begin = 0; nodes_begin < audit_proof.size(); | 278 for (size_t nodes_begin = 0; nodes_begin < audit_proof.size(); |
274 nodes_begin += kMaxProofNodesPerDnsResponse) { | 279 nodes_begin += kMaxProofNodesPerDnsResponse) { |
275 const size_t nodes_end = std::min( | 280 const size_t nodes_end = std::min( |
276 nodes_begin + kMaxProofNodesPerDnsResponse, audit_proof.size()); | 281 nodes_begin + kMaxProofNodesPerDnsResponse, audit_proof.size()); |
277 | 282 |
278 mock_dns_.ExpectAuditProofRequestAndResponse( | 283 ASSERT_TRUE(mock_dns_.ExpectAuditProofRequestAndResponse( |
279 base::StringPrintf("%zu.123456.999999.tree.ct.test.", nodes_begin), | 284 base::StringPrintf("%zu.123456.999999.tree.ct.test.", nodes_begin), |
280 audit_proof.begin() + nodes_begin, audit_proof.begin() + nodes_end); | 285 audit_proof.begin() + nodes_begin, audit_proof.begin() + nodes_end)); |
281 } | 286 } |
282 | 287 |
283 net::ct::MerkleAuditProof proof; | 288 net::ct::MerkleAuditProof proof; |
284 ASSERT_THAT(QueryAuditProof("ct.test", kLeafHashes[0], 999999, &proof), | 289 ASSERT_THAT(QueryAuditProof("ct.test", kLeafHashes[0], 999999, &proof), |
285 IsOk()); | 290 IsOk()); |
286 EXPECT_THAT(proof.leaf_index, Eq(123456u)); | 291 EXPECT_THAT(proof.leaf_index, Eq(123456u)); |
287 // TODO(robpercival): Enable this once MerkleAuditProof has tree_size. | 292 // TODO(robpercival): Enable this once MerkleAuditProof has tree_size. |
288 // EXPECT_THAT(proof.tree_size, Eq(999999)); | 293 // EXPECT_THAT(proof.tree_size, Eq(999999)); |
289 EXPECT_THAT(proof.nodes, Eq(audit_proof)); | 294 EXPECT_THAT(proof.nodes, Eq(audit_proof)); |
290 } | 295 } |
291 | 296 |
292 TEST_P(LogDnsClientTest, QueryAuditProofHandlesResponsesWithShortAuditPaths) { | 297 TEST_P(LogDnsClientTest, QueryAuditProofHandlesResponsesWithShortAuditPaths) { |
293 const std::vector<std::string> audit_proof = GetSampleAuditProof(20); | 298 const std::vector<std::string> audit_proof = GetSampleAuditProof(20); |
294 | 299 |
295 // Expect a leaf index query first, to map the leaf hash to a leaf index. | 300 // Expect a leaf index query first, to map the leaf hash to a leaf index. |
296 mock_dns_.ExpectLeafIndexRequestAndResponse(kLeafIndexQnames[0], 123456); | 301 ASSERT_TRUE( |
| 302 mock_dns_.ExpectLeafIndexRequestAndResponse(kLeafIndexQnames[0], 123456)); |
297 | 303 |
298 // Make some of the responses contain fewer proof nodes than they can hold. | 304 // Make some of the responses contain fewer proof nodes than they can hold. |
299 mock_dns_.ExpectAuditProofRequestAndResponse("0.123456.999999.tree.ct.test.", | 305 ASSERT_TRUE(mock_dns_.ExpectAuditProofRequestAndResponse( |
300 audit_proof.begin(), | 306 "0.123456.999999.tree.ct.test.", audit_proof.begin(), |
301 audit_proof.begin() + 1); | 307 audit_proof.begin() + 1)); |
302 mock_dns_.ExpectAuditProofRequestAndResponse("1.123456.999999.tree.ct.test.", | 308 ASSERT_TRUE(mock_dns_.ExpectAuditProofRequestAndResponse( |
303 audit_proof.begin() + 1, | 309 "1.123456.999999.tree.ct.test.", audit_proof.begin() + 1, |
304 audit_proof.begin() + 3); | 310 audit_proof.begin() + 3)); |
305 mock_dns_.ExpectAuditProofRequestAndResponse("3.123456.999999.tree.ct.test.", | 311 ASSERT_TRUE(mock_dns_.ExpectAuditProofRequestAndResponse( |
306 audit_proof.begin() + 3, | 312 "3.123456.999999.tree.ct.test.", audit_proof.begin() + 3, |
307 audit_proof.begin() + 6); | 313 audit_proof.begin() + 6)); |
308 mock_dns_.ExpectAuditProofRequestAndResponse("6.123456.999999.tree.ct.test.", | 314 ASSERT_TRUE(mock_dns_.ExpectAuditProofRequestAndResponse( |
309 audit_proof.begin() + 6, | 315 "6.123456.999999.tree.ct.test.", audit_proof.begin() + 6, |
310 audit_proof.begin() + 10); | 316 audit_proof.begin() + 10)); |
311 mock_dns_.ExpectAuditProofRequestAndResponse("10.123456.999999.tree.ct.test.", | 317 ASSERT_TRUE(mock_dns_.ExpectAuditProofRequestAndResponse( |
312 audit_proof.begin() + 10, | 318 "10.123456.999999.tree.ct.test.", audit_proof.begin() + 10, |
313 audit_proof.begin() + 13); | 319 audit_proof.begin() + 13)); |
314 mock_dns_.ExpectAuditProofRequestAndResponse("13.123456.999999.tree.ct.test.", | 320 ASSERT_TRUE(mock_dns_.ExpectAuditProofRequestAndResponse( |
315 audit_proof.begin() + 13, | 321 "13.123456.999999.tree.ct.test.", audit_proof.begin() + 13, |
316 audit_proof.end()); | 322 audit_proof.end())); |
317 | 323 |
318 net::ct::MerkleAuditProof proof; | 324 net::ct::MerkleAuditProof proof; |
319 ASSERT_THAT(QueryAuditProof("ct.test", kLeafHashes[0], 999999, &proof), | 325 ASSERT_THAT(QueryAuditProof("ct.test", kLeafHashes[0], 999999, &proof), |
320 IsOk()); | 326 IsOk()); |
321 EXPECT_THAT(proof.leaf_index, Eq(123456u)); | 327 EXPECT_THAT(proof.leaf_index, Eq(123456u)); |
322 // TODO(robpercival): Enable this once MerkleAuditProof has tree_size. | 328 // TODO(robpercival): Enable this once MerkleAuditProof has tree_size. |
323 // EXPECT_THAT(proof.tree_size, Eq(999999)); | 329 // EXPECT_THAT(proof.tree_size, Eq(999999)); |
324 EXPECT_THAT(proof.nodes, Eq(audit_proof)); | 330 EXPECT_THAT(proof.nodes, Eq(audit_proof)); |
325 } | 331 } |
326 | 332 |
327 TEST_P(LogDnsClientTest, | 333 TEST_P(LogDnsClientTest, |
328 QueryAuditProofReportsThatAuditProofQnameDoesNotExist) { | 334 QueryAuditProofReportsThatAuditProofQnameDoesNotExist) { |
329 mock_dns_.ExpectLeafIndexRequestAndResponse(kLeafIndexQnames[0], 123456); | 335 ASSERT_TRUE( |
330 mock_dns_.ExpectRequestAndErrorResponse("0.123456.999999.tree.ct.test.", | 336 mock_dns_.ExpectLeafIndexRequestAndResponse(kLeafIndexQnames[0], 123456)); |
331 net::dns_protocol::kRcodeNXDOMAIN); | 337 ASSERT_TRUE(mock_dns_.ExpectRequestAndErrorResponse( |
| 338 "0.123456.999999.tree.ct.test.", net::dns_protocol::kRcodeNXDOMAIN)); |
332 | 339 |
333 net::ct::MerkleAuditProof proof; | 340 net::ct::MerkleAuditProof proof; |
334 ASSERT_THAT(QueryAuditProof("ct.test", kLeafHashes[0], 999999, &proof), | 341 ASSERT_THAT(QueryAuditProof("ct.test", kLeafHashes[0], 999999, &proof), |
335 IsError(net::ERR_NAME_NOT_RESOLVED)); | 342 IsError(net::ERR_NAME_NOT_RESOLVED)); |
336 } | 343 } |
337 | 344 |
338 TEST_P(LogDnsClientTest, | 345 TEST_P(LogDnsClientTest, |
339 QueryAuditProofReportsServerFailuresDuringAuditProofRequests) { | 346 QueryAuditProofReportsServerFailuresDuringAuditProofRequests) { |
340 mock_dns_.ExpectLeafIndexRequestAndResponse(kLeafIndexQnames[0], 123456); | 347 ASSERT_TRUE( |
341 mock_dns_.ExpectRequestAndErrorResponse("0.123456.999999.tree.ct.test.", | 348 mock_dns_.ExpectLeafIndexRequestAndResponse(kLeafIndexQnames[0], 123456)); |
342 net::dns_protocol::kRcodeSERVFAIL); | 349 ASSERT_TRUE(mock_dns_.ExpectRequestAndErrorResponse( |
| 350 "0.123456.999999.tree.ct.test.", net::dns_protocol::kRcodeSERVFAIL)); |
343 | 351 |
344 net::ct::MerkleAuditProof proof; | 352 net::ct::MerkleAuditProof proof; |
345 ASSERT_THAT(QueryAuditProof("ct.test", kLeafHashes[0], 999999, &proof), | 353 ASSERT_THAT(QueryAuditProof("ct.test", kLeafHashes[0], 999999, &proof), |
346 IsError(net::ERR_DNS_SERVER_FAILED)); | 354 IsError(net::ERR_DNS_SERVER_FAILED)); |
347 } | 355 } |
348 | 356 |
349 TEST_P(LogDnsClientTest, | 357 TEST_P(LogDnsClientTest, |
350 QueryAuditProofReportsServerRefusalsDuringAuditProofRequests) { | 358 QueryAuditProofReportsServerRefusalsDuringAuditProofRequests) { |
351 mock_dns_.ExpectLeafIndexRequestAndResponse(kLeafIndexQnames[0], 123456); | 359 ASSERT_TRUE( |
352 mock_dns_.ExpectRequestAndErrorResponse("0.123456.999999.tree.ct.test.", | 360 mock_dns_.ExpectLeafIndexRequestAndResponse(kLeafIndexQnames[0], 123456)); |
353 net::dns_protocol::kRcodeREFUSED); | 361 ASSERT_TRUE(mock_dns_.ExpectRequestAndErrorResponse( |
| 362 "0.123456.999999.tree.ct.test.", net::dns_protocol::kRcodeREFUSED)); |
354 | 363 |
355 net::ct::MerkleAuditProof proof; | 364 net::ct::MerkleAuditProof proof; |
356 ASSERT_THAT(QueryAuditProof("ct.test", kLeafHashes[0], 999999, &proof), | 365 ASSERT_THAT(QueryAuditProof("ct.test", kLeafHashes[0], 999999, &proof), |
357 IsError(net::ERR_DNS_SERVER_FAILED)); | 366 IsError(net::ERR_DNS_SERVER_FAILED)); |
358 } | 367 } |
359 | 368 |
360 TEST_P( | 369 TEST_P( |
361 LogDnsClientTest, | 370 LogDnsClientTest, |
362 QueryAuditProofReportsResponseMalformedIfProofNodesResponseContainsNoStrings
) { | 371 QueryAuditProofReportsResponseMalformedIfProofNodesResponseContainsNoStrings
) { |
363 // Expect a leaf index query first, to map the leaf hash to a leaf index. | 372 // Expect a leaf index query first, to map the leaf hash to a leaf index. |
364 mock_dns_.ExpectLeafIndexRequestAndResponse(kLeafIndexQnames[0], 123456); | 373 ASSERT_TRUE( |
| 374 mock_dns_.ExpectLeafIndexRequestAndResponse(kLeafIndexQnames[0], 123456)); |
365 | 375 |
366 mock_dns_.ExpectRequestAndResponse("0.123456.999999.tree.ct.test.", | 376 ASSERT_TRUE(mock_dns_.ExpectRequestAndResponse( |
367 std::vector<base::StringPiece>()); | 377 "0.123456.999999.tree.ct.test.", std::vector<base::StringPiece>())); |
368 | 378 |
369 net::ct::MerkleAuditProof proof; | 379 net::ct::MerkleAuditProof proof; |
370 ASSERT_THAT(QueryAuditProof("ct.test", kLeafHashes[0], 999999, &proof), | 380 ASSERT_THAT(QueryAuditProof("ct.test", kLeafHashes[0], 999999, &proof), |
371 IsError(net::ERR_DNS_MALFORMED_RESPONSE)); | 381 IsError(net::ERR_DNS_MALFORMED_RESPONSE)); |
372 } | 382 } |
373 | 383 |
374 TEST_P( | 384 TEST_P( |
375 LogDnsClientTest, | 385 LogDnsClientTest, |
376 QueryAuditProofReportsResponseMalformedIfProofNodesResponseContainsMoreThanO
neString) { | 386 QueryAuditProofReportsResponseMalformedIfProofNodesResponseContainsMoreThanO
neString) { |
377 // The CT-over-DNS draft RFC states that the response will contain "exactly | 387 // The CT-over-DNS draft RFC states that the response will contain "exactly |
378 // one character-string." | 388 // one character-string." |
379 const std::vector<std::string> audit_proof = GetSampleAuditProof(10); | 389 const std::vector<std::string> audit_proof = GetSampleAuditProof(10); |
380 | 390 |
381 std::string first_chunk_of_proof = std::accumulate( | 391 std::string first_chunk_of_proof = std::accumulate( |
382 audit_proof.begin(), audit_proof.begin() + 7, std::string()); | 392 audit_proof.begin(), audit_proof.begin() + 7, std::string()); |
383 std::string second_chunk_of_proof = std::accumulate( | 393 std::string second_chunk_of_proof = std::accumulate( |
384 audit_proof.begin() + 7, audit_proof.end(), std::string()); | 394 audit_proof.begin() + 7, audit_proof.end(), std::string()); |
385 | 395 |
386 // Expect a leaf index query first, to map the leaf hash to a leaf index. | 396 // Expect a leaf index query first, to map the leaf hash to a leaf index. |
387 mock_dns_.ExpectLeafIndexRequestAndResponse(kLeafIndexQnames[0], 123456); | 397 ASSERT_TRUE( |
| 398 mock_dns_.ExpectLeafIndexRequestAndResponse(kLeafIndexQnames[0], 123456)); |
388 | 399 |
389 mock_dns_.ExpectRequestAndResponse( | 400 ASSERT_TRUE(mock_dns_.ExpectRequestAndResponse( |
390 "0.123456.999999.tree.ct.test.", | 401 "0.123456.999999.tree.ct.test.", |
391 {first_chunk_of_proof, second_chunk_of_proof}); | 402 {first_chunk_of_proof, second_chunk_of_proof})); |
392 | 403 |
393 net::ct::MerkleAuditProof proof; | 404 net::ct::MerkleAuditProof proof; |
394 ASSERT_THAT(QueryAuditProof("ct.test", kLeafHashes[0], 999999, &proof), | 405 ASSERT_THAT(QueryAuditProof("ct.test", kLeafHashes[0], 999999, &proof), |
395 IsError(net::ERR_DNS_MALFORMED_RESPONSE)); | 406 IsError(net::ERR_DNS_MALFORMED_RESPONSE)); |
396 } | 407 } |
397 | 408 |
398 TEST_P(LogDnsClientTest, | 409 TEST_P(LogDnsClientTest, |
399 QueryAuditProofReportsResponseMalformedIfNodeTooShort) { | 410 QueryAuditProofReportsResponseMalformedIfNodeTooShort) { |
400 // node is shorter than a SHA-256 hash (31 vs 32 bytes) | 411 // node is shorter than a SHA-256 hash (31 vs 32 bytes) |
401 const std::vector<std::string> audit_proof(1, std::string(31, 'a')); | 412 const std::vector<std::string> audit_proof(1, std::string(31, 'a')); |
402 | 413 |
403 mock_dns_.ExpectLeafIndexRequestAndResponse(kLeafIndexQnames[0], 123456); | 414 ASSERT_TRUE( |
404 mock_dns_.ExpectAuditProofRequestAndResponse( | 415 mock_dns_.ExpectLeafIndexRequestAndResponse(kLeafIndexQnames[0], 123456)); |
405 "0.123456.999999.tree.ct.test.", audit_proof.begin(), audit_proof.end()); | 416 ASSERT_TRUE(mock_dns_.ExpectAuditProofRequestAndResponse( |
| 417 "0.123456.999999.tree.ct.test.", audit_proof.begin(), audit_proof.end())); |
406 | 418 |
407 net::ct::MerkleAuditProof proof; | 419 net::ct::MerkleAuditProof proof; |
408 ASSERT_THAT(QueryAuditProof("ct.test", kLeafHashes[0], 999999, &proof), | 420 ASSERT_THAT(QueryAuditProof("ct.test", kLeafHashes[0], 999999, &proof), |
409 IsError(net::ERR_DNS_MALFORMED_RESPONSE)); | 421 IsError(net::ERR_DNS_MALFORMED_RESPONSE)); |
410 } | 422 } |
411 | 423 |
412 TEST_P(LogDnsClientTest, QueryAuditProofReportsResponseMalformedIfNodeTooLong) { | 424 TEST_P(LogDnsClientTest, QueryAuditProofReportsResponseMalformedIfNodeTooLong) { |
413 // node is longer than a SHA-256 hash (33 vs 32 bytes) | 425 // node is longer than a SHA-256 hash (33 vs 32 bytes) |
414 const std::vector<std::string> audit_proof(1, std::string(33, 'a')); | 426 const std::vector<std::string> audit_proof(1, std::string(33, 'a')); |
415 | 427 |
416 mock_dns_.ExpectLeafIndexRequestAndResponse(kLeafIndexQnames[0], 123456); | 428 ASSERT_TRUE( |
417 mock_dns_.ExpectAuditProofRequestAndResponse( | 429 mock_dns_.ExpectLeafIndexRequestAndResponse(kLeafIndexQnames[0], 123456)); |
418 "0.123456.999999.tree.ct.test.", audit_proof.begin(), audit_proof.end()); | 430 ASSERT_TRUE(mock_dns_.ExpectAuditProofRequestAndResponse( |
| 431 "0.123456.999999.tree.ct.test.", audit_proof.begin(), audit_proof.end())); |
419 | 432 |
420 net::ct::MerkleAuditProof proof; | 433 net::ct::MerkleAuditProof proof; |
421 ASSERT_THAT(QueryAuditProof("ct.test", kLeafHashes[0], 999999, &proof), | 434 ASSERT_THAT(QueryAuditProof("ct.test", kLeafHashes[0], 999999, &proof), |
422 IsError(net::ERR_DNS_MALFORMED_RESPONSE)); | 435 IsError(net::ERR_DNS_MALFORMED_RESPONSE)); |
423 } | 436 } |
424 | 437 |
425 TEST_P(LogDnsClientTest, QueryAuditProofReportsResponseMalformedIfEmpty) { | 438 TEST_P(LogDnsClientTest, QueryAuditProofReportsResponseMalformedIfEmpty) { |
426 const std::vector<std::string> audit_proof; | 439 const std::vector<std::string> audit_proof; |
427 | 440 |
428 mock_dns_.ExpectLeafIndexRequestAndResponse(kLeafIndexQnames[0], 123456); | 441 ASSERT_TRUE( |
429 mock_dns_.ExpectAuditProofRequestAndResponse( | 442 mock_dns_.ExpectLeafIndexRequestAndResponse(kLeafIndexQnames[0], 123456)); |
430 "0.123456.999999.tree.ct.test.", audit_proof.begin(), audit_proof.end()); | 443 ASSERT_TRUE(mock_dns_.ExpectAuditProofRequestAndResponse( |
| 444 "0.123456.999999.tree.ct.test.", audit_proof.begin(), audit_proof.end())); |
431 | 445 |
432 net::ct::MerkleAuditProof proof; | 446 net::ct::MerkleAuditProof proof; |
433 ASSERT_THAT(QueryAuditProof("ct.test", kLeafHashes[0], 999999, &proof), | 447 ASSERT_THAT(QueryAuditProof("ct.test", kLeafHashes[0], 999999, &proof), |
434 IsError(net::ERR_DNS_MALFORMED_RESPONSE)); | 448 IsError(net::ERR_DNS_MALFORMED_RESPONSE)); |
435 } | 449 } |
436 | 450 |
437 TEST_P(LogDnsClientTest, | 451 TEST_P(LogDnsClientTest, |
438 QueryAuditProofReportsInvalidArgIfLeafIndexEqualToTreeSize) { | 452 QueryAuditProofReportsInvalidArgIfLeafIndexEqualToTreeSize) { |
439 mock_dns_.ExpectLeafIndexRequestAndResponse(kLeafIndexQnames[0], 123456); | 453 ASSERT_TRUE( |
| 454 mock_dns_.ExpectLeafIndexRequestAndResponse(kLeafIndexQnames[0], 123456)); |
440 | 455 |
441 net::ct::MerkleAuditProof proof; | 456 net::ct::MerkleAuditProof proof; |
442 ASSERT_THAT(QueryAuditProof("ct.test", kLeafHashes[0], 123456, &proof), | 457 ASSERT_THAT(QueryAuditProof("ct.test", kLeafHashes[0], 123456, &proof), |
443 IsError(net::ERR_INVALID_ARGUMENT)); | 458 IsError(net::ERR_INVALID_ARGUMENT)); |
444 } | 459 } |
445 | 460 |
446 TEST_P(LogDnsClientTest, | 461 TEST_P(LogDnsClientTest, |
447 QueryAuditProofReportsInvalidArgIfLeafIndexGreaterThanTreeSize) { | 462 QueryAuditProofReportsInvalidArgIfLeafIndexGreaterThanTreeSize) { |
448 mock_dns_.ExpectLeafIndexRequestAndResponse(kLeafIndexQnames[0], 999999); | 463 ASSERT_TRUE( |
| 464 mock_dns_.ExpectLeafIndexRequestAndResponse(kLeafIndexQnames[0], 999999)); |
449 | 465 |
450 net::ct::MerkleAuditProof proof; | 466 net::ct::MerkleAuditProof proof; |
451 ASSERT_THAT(QueryAuditProof("ct.test", kLeafHashes[0], 123456, &proof), | 467 ASSERT_THAT(QueryAuditProof("ct.test", kLeafHashes[0], 123456, &proof), |
452 IsError(net::ERR_INVALID_ARGUMENT)); | 468 IsError(net::ERR_INVALID_ARGUMENT)); |
453 } | 469 } |
454 | 470 |
455 TEST_P(LogDnsClientTest, | 471 TEST_P(LogDnsClientTest, |
456 QueryAuditProofReportsSocketErrorsDuringAuditProofRequests) { | 472 QueryAuditProofReportsSocketErrorsDuringAuditProofRequests) { |
457 mock_dns_.ExpectLeafIndexRequestAndResponse(kLeafIndexQnames[0], 123456); | 473 ASSERT_TRUE( |
458 mock_dns_.ExpectRequestAndSocketError("0.123456.999999.tree.ct.test.", | 474 mock_dns_.ExpectLeafIndexRequestAndResponse(kLeafIndexQnames[0], 123456)); |
459 net::ERR_CONNECTION_REFUSED); | 475 ASSERT_TRUE(mock_dns_.ExpectRequestAndSocketError( |
| 476 "0.123456.999999.tree.ct.test.", net::ERR_CONNECTION_REFUSED)); |
460 | 477 |
461 net::ct::MerkleAuditProof proof; | 478 net::ct::MerkleAuditProof proof; |
462 ASSERT_THAT(QueryAuditProof("ct.test", kLeafHashes[0], 999999, &proof), | 479 ASSERT_THAT(QueryAuditProof("ct.test", kLeafHashes[0], 999999, &proof), |
463 IsError(net::ERR_CONNECTION_REFUSED)); | 480 IsError(net::ERR_CONNECTION_REFUSED)); |
464 } | 481 } |
465 | 482 |
466 TEST_P(LogDnsClientTest, | 483 TEST_P(LogDnsClientTest, |
467 QueryAuditProofReportsTimeoutsDuringAuditProofRequests) { | 484 QueryAuditProofReportsTimeoutsDuringAuditProofRequests) { |
468 mock_dns_.ExpectLeafIndexRequestAndResponse(kLeafIndexQnames[0], 123456); | 485 ASSERT_TRUE( |
469 mock_dns_.ExpectRequestAndTimeout("0.123456.999999.tree.ct.test."); | 486 mock_dns_.ExpectLeafIndexRequestAndResponse(kLeafIndexQnames[0], 123456)); |
| 487 ASSERT_TRUE( |
| 488 mock_dns_.ExpectRequestAndTimeout("0.123456.999999.tree.ct.test.")); |
470 | 489 |
471 net::ct::MerkleAuditProof proof; | 490 net::ct::MerkleAuditProof proof; |
472 ASSERT_THAT(QueryAuditProof("ct.test", kLeafHashes[0], 999999, &proof), | 491 ASSERT_THAT(QueryAuditProof("ct.test", kLeafHashes[0], 999999, &proof), |
473 IsError(net::ERR_DNS_TIMED_OUT)); | 492 IsError(net::ERR_DNS_TIMED_OUT)); |
474 } | 493 } |
475 | 494 |
476 TEST_P(LogDnsClientTest, AdoptsLatestDnsConfigIfValid) { | 495 TEST_P(LogDnsClientTest, AdoptsLatestDnsConfigIfValid) { |
477 std::unique_ptr<net::DnsClient> tmp = mock_dns_.CreateDnsClient(); | 496 std::unique_ptr<net::DnsClient> tmp = mock_dns_.CreateDnsClient(); |
478 net::DnsClient* dns_client = tmp.get(); | 497 net::DnsClient* dns_client = tmp.get(); |
479 LogDnsClient log_client(std::move(tmp), net::NetLogWithSource(), 0); | 498 LogDnsClient log_client(std::move(tmp), net::NetLogWithSource(), 0); |
(...skipping 24 matching lines...) Expand all Loading... |
504 base::RunLoop().RunUntilIdle(); | 523 base::RunLoop().RunUntilIdle(); |
505 EXPECT_THAT(dns_client->GetConfig()->nameservers, Not(IsEmpty())); | 524 EXPECT_THAT(dns_client->GetConfig()->nameservers, Not(IsEmpty())); |
506 } | 525 } |
507 | 526 |
508 // Test that changes to the DNS config after starting a query are adopted and | 527 // Test that changes to the DNS config after starting a query are adopted and |
509 // that the query is not disrupted. | 528 // that the query is not disrupted. |
510 TEST_P(LogDnsClientTest, AdoptsLatestDnsConfigMidQuery) { | 529 TEST_P(LogDnsClientTest, AdoptsLatestDnsConfigMidQuery) { |
511 const std::vector<std::string> audit_proof = GetSampleAuditProof(20); | 530 const std::vector<std::string> audit_proof = GetSampleAuditProof(20); |
512 | 531 |
513 // Expect a leaf index query first, to map the leaf hash to a leaf index. | 532 // Expect a leaf index query first, to map the leaf hash to a leaf index. |
514 mock_dns_.ExpectLeafIndexRequestAndResponse(kLeafIndexQnames[0], 123456); | 533 ASSERT_TRUE( |
| 534 mock_dns_.ExpectLeafIndexRequestAndResponse(kLeafIndexQnames[0], 123456)); |
515 | 535 |
516 // It takes a number of DNS requests to retrieve the entire |audit_proof| | 536 // It takes a number of DNS requests to retrieve the entire |audit_proof| |
517 // (see |kMaxProofNodesPerDnsResponse|). | 537 // (see |kMaxProofNodesPerDnsResponse|). |
518 for (size_t nodes_begin = 0; nodes_begin < audit_proof.size(); | 538 for (size_t nodes_begin = 0; nodes_begin < audit_proof.size(); |
519 nodes_begin += kMaxProofNodesPerDnsResponse) { | 539 nodes_begin += kMaxProofNodesPerDnsResponse) { |
520 const size_t nodes_end = std::min( | 540 const size_t nodes_end = std::min( |
521 nodes_begin + kMaxProofNodesPerDnsResponse, audit_proof.size()); | 541 nodes_begin + kMaxProofNodesPerDnsResponse, audit_proof.size()); |
522 | 542 |
523 mock_dns_.ExpectAuditProofRequestAndResponse( | 543 ASSERT_TRUE(mock_dns_.ExpectAuditProofRequestAndResponse( |
524 base::StringPrintf("%zu.123456.999999.tree.ct.test.", nodes_begin), | 544 base::StringPrintf("%zu.123456.999999.tree.ct.test.", nodes_begin), |
525 audit_proof.begin() + nodes_begin, audit_proof.begin() + nodes_end); | 545 audit_proof.begin() + nodes_begin, audit_proof.begin() + nodes_end)); |
526 } | 546 } |
527 | 547 |
528 std::unique_ptr<net::DnsClient> tmp = mock_dns_.CreateDnsClient(); | 548 std::unique_ptr<net::DnsClient> tmp = mock_dns_.CreateDnsClient(); |
529 net::DnsClient* dns_client = tmp.get(); | 549 net::DnsClient* dns_client = tmp.get(); |
530 LogDnsClient log_client(std::move(tmp), net::NetLogWithSource(), 0); | 550 LogDnsClient log_client(std::move(tmp), net::NetLogWithSource(), 0); |
531 | 551 |
532 // Start query. | 552 // Start query. |
533 net::ct::MerkleAuditProof proof; | 553 net::ct::MerkleAuditProof proof; |
534 net::TestCompletionCallback callback; | 554 net::TestCompletionCallback callback; |
535 ASSERT_THAT(log_client.QueryAuditProof("ct.test", kLeafHashes[0], 999999, | 555 ASSERT_THAT(log_client.QueryAuditProof("ct.test", kLeafHashes[0], 999999, |
(...skipping 29 matching lines...) Expand all Loading... |
565 AllOf(Le(arraysize(kLeafIndexQnames)), | 585 AllOf(Le(arraysize(kLeafIndexQnames)), |
566 Le(arraysize(kLeafIndices)), Le(arraysize(kTreeSizes)))) | 586 Le(arraysize(kLeafIndices)), Le(arraysize(kTreeSizes)))) |
567 << "Not enough test data for this many parallel queries"; | 587 << "Not enough test data for this many parallel queries"; |
568 | 588 |
569 std::unique_ptr<LogDnsClient> log_client = | 589 std::unique_ptr<LogDnsClient> log_client = |
570 CreateLogDnsClient(kNumOfParallelQueries); | 590 CreateLogDnsClient(kNumOfParallelQueries); |
571 net::TestCompletionCallback callbacks[kNumOfParallelQueries]; | 591 net::TestCompletionCallback callbacks[kNumOfParallelQueries]; |
572 | 592 |
573 // Expect multiple leaf index requests. | 593 // Expect multiple leaf index requests. |
574 for (size_t i = 0; i < kNumOfParallelQueries; ++i) { | 594 for (size_t i = 0; i < kNumOfParallelQueries; ++i) { |
575 mock_dns_.ExpectLeafIndexRequestAndResponse(kLeafIndexQnames[i], | 595 ASSERT_TRUE(mock_dns_.ExpectLeafIndexRequestAndResponse(kLeafIndexQnames[i], |
576 kLeafIndices[i]); | 596 kLeafIndices[i])); |
577 } | 597 } |
578 | 598 |
579 // Make each query require one more audit proof request than the last, by | 599 // Make each query require one more audit proof request than the last, by |
580 // increasing the number of nodes in the audit proof by | 600 // increasing the number of nodes in the audit proof by |
581 // kMaxProofNodesPerDnsResponse for each query. This helps to test that | 601 // kMaxProofNodesPerDnsResponse for each query. This helps to test that |
582 // parallel queries do not intefere with each other, e.g. one query causing | 602 // parallel queries do not intefere with each other, e.g. one query causing |
583 // another to end prematurely. | 603 // another to end prematurely. |
584 std::vector<std::string> audit_proofs[kNumOfParallelQueries]; | 604 std::vector<std::string> audit_proofs[kNumOfParallelQueries]; |
585 for (size_t query_i = 0; query_i < kNumOfParallelQueries; ++query_i) { | 605 for (size_t query_i = 0; query_i < kNumOfParallelQueries; ++query_i) { |
586 const size_t dns_requests_required = query_i + 1; | 606 const size_t dns_requests_required = query_i + 1; |
(...skipping 13 matching lines...) Expand all Loading... |
600 for (size_t dns_req_i = 0; dns_req_i < kMaxDnsRequestsPerQuery; ++dns_req_i) { | 620 for (size_t dns_req_i = 0; dns_req_i < kMaxDnsRequestsPerQuery; ++dns_req_i) { |
601 for (size_t query_i = 0; query_i < kNumOfParallelQueries; ++query_i) { | 621 for (size_t query_i = 0; query_i < kNumOfParallelQueries; ++query_i) { |
602 const std::vector<std::string>& proof = audit_proofs[query_i]; | 622 const std::vector<std::string>& proof = audit_proofs[query_i]; |
603 // Closed-open range of |proof| nodes that are expected in this response. | 623 // Closed-open range of |proof| nodes that are expected in this response. |
604 const size_t start_node = dns_req_i * 7; | 624 const size_t start_node = dns_req_i * 7; |
605 const size_t end_node = | 625 const size_t end_node = |
606 std::min(start_node + kMaxProofNodesPerDnsResponse, proof.size()); | 626 std::min(start_node + kMaxProofNodesPerDnsResponse, proof.size()); |
607 | 627 |
608 // If there are any nodes left, expect another request and response. | 628 // If there are any nodes left, expect another request and response. |
609 if (start_node < end_node) { | 629 if (start_node < end_node) { |
610 mock_dns_.ExpectAuditProofRequestAndResponse( | 630 ASSERT_TRUE(mock_dns_.ExpectAuditProofRequestAndResponse( |
611 base::StringPrintf("%zu.%" PRIu64 ".%" PRIu64 ".tree.ct.test.", | 631 base::StringPrintf("%zu.%" PRIu64 ".%" PRIu64 ".tree.ct.test.", |
612 start_node, kLeafIndices[query_i], | 632 start_node, kLeafIndices[query_i], |
613 kTreeSizes[query_i]), | 633 kTreeSizes[query_i]), |
614 proof.begin() + start_node, proof.begin() + end_node); | 634 proof.begin() + start_node, proof.begin() + end_node)); |
615 } | 635 } |
616 } | 636 } |
617 } | 637 } |
618 | 638 |
619 net::ct::MerkleAuditProof proofs[kNumOfParallelQueries]; | 639 net::ct::MerkleAuditProof proofs[kNumOfParallelQueries]; |
620 | 640 |
621 // Start the queries. | 641 // Start the queries. |
622 for (size_t i = 0; i < kNumOfParallelQueries; ++i) { | 642 for (size_t i = 0; i < kNumOfParallelQueries; ++i) { |
623 ASSERT_THAT( | 643 ASSERT_THAT( |
624 log_client->QueryAuditProof("ct.test", kLeafHashes[i], kTreeSizes[i], | 644 log_client->QueryAuditProof("ct.test", kLeafHashes[i], kTreeSizes[i], |
(...skipping 15 matching lines...) Expand all Loading... |
640 } | 660 } |
641 } | 661 } |
642 | 662 |
643 TEST_P(LogDnsClientTest, CanBeThrottledToOneQueryAtATime) { | 663 TEST_P(LogDnsClientTest, CanBeThrottledToOneQueryAtATime) { |
644 // Check that queries can be rate-limited to one at a time. | 664 // Check that queries can be rate-limited to one at a time. |
645 // The second query, initiated while the first is in progress, should fail. | 665 // The second query, initiated while the first is in progress, should fail. |
646 const std::vector<std::string> audit_proof = GetSampleAuditProof(20); | 666 const std::vector<std::string> audit_proof = GetSampleAuditProof(20); |
647 | 667 |
648 // Expect the first query to send leaf index and audit proof requests, but the | 668 // Expect the first query to send leaf index and audit proof requests, but the |
649 // second should not due to throttling. | 669 // second should not due to throttling. |
650 mock_dns_.ExpectLeafIndexRequestAndResponse(kLeafIndexQnames[0], 123456); | 670 ASSERT_TRUE( |
| 671 mock_dns_.ExpectLeafIndexRequestAndResponse(kLeafIndexQnames[0], 123456)); |
651 | 672 |
652 // It should require 3 requests to collect the entire audit proof, as there is | 673 // It should require 3 requests to collect the entire audit proof, as there is |
653 // only space for 7 nodes per TXT record. One node is 32 bytes long and the | 674 // only space for 7 nodes per TXT record. One node is 32 bytes long and the |
654 // TXT RDATA can have a maximum length of 255 bytes (255 / 32). | 675 // TXT RDATA can have a maximum length of 255 bytes (255 / 32). |
655 // Rate limiting should not interfere with these requests. | 676 // Rate limiting should not interfere with these requests. |
656 mock_dns_.ExpectAuditProofRequestAndResponse("0.123456.999999.tree.ct.test.", | 677 ASSERT_TRUE(mock_dns_.ExpectAuditProofRequestAndResponse( |
657 audit_proof.begin(), | 678 "0.123456.999999.tree.ct.test.", audit_proof.begin(), |
658 audit_proof.begin() + 7); | 679 audit_proof.begin() + 7)); |
659 mock_dns_.ExpectAuditProofRequestAndResponse("7.123456.999999.tree.ct.test.", | 680 ASSERT_TRUE(mock_dns_.ExpectAuditProofRequestAndResponse( |
660 audit_proof.begin() + 7, | 681 "7.123456.999999.tree.ct.test.", audit_proof.begin() + 7, |
661 audit_proof.begin() + 14); | 682 audit_proof.begin() + 14)); |
662 mock_dns_.ExpectAuditProofRequestAndResponse("14.123456.999999.tree.ct.test.", | 683 ASSERT_TRUE(mock_dns_.ExpectAuditProofRequestAndResponse( |
663 audit_proof.begin() + 14, | 684 "14.123456.999999.tree.ct.test.", audit_proof.begin() + 14, |
664 audit_proof.end()); | 685 audit_proof.end())); |
665 | 686 |
666 const size_t kMaxConcurrentQueries = 1; | 687 const size_t kMaxConcurrentQueries = 1; |
667 std::unique_ptr<LogDnsClient> log_client = | 688 std::unique_ptr<LogDnsClient> log_client = |
668 CreateLogDnsClient(kMaxConcurrentQueries); | 689 CreateLogDnsClient(kMaxConcurrentQueries); |
669 | 690 |
670 // Try to start the queries. | 691 // Try to start the queries. |
671 net::ct::MerkleAuditProof proof1; | 692 net::ct::MerkleAuditProof proof1; |
672 net::TestCompletionCallback callback1; | 693 net::TestCompletionCallback callback1; |
673 ASSERT_THAT(log_client->QueryAuditProof("ct.test", kLeafHashes[0], 999999, | 694 ASSERT_THAT(log_client->QueryAuditProof("ct.test", kLeafHashes[0], 999999, |
674 &proof1, callback1.callback()), | 695 &proof1, callback1.callback()), |
675 IsError(net::ERR_IO_PENDING)); | 696 IsError(net::ERR_IO_PENDING)); |
676 | 697 |
677 net::ct::MerkleAuditProof proof2; | 698 net::ct::MerkleAuditProof proof2; |
678 net::TestCompletionCallback callback2; | 699 net::TestCompletionCallback callback2; |
679 ASSERT_THAT(log_client->QueryAuditProof("ct.test", kLeafHashes[1], 999999, | 700 ASSERT_THAT(log_client->QueryAuditProof("ct.test", kLeafHashes[1], 999999, |
680 &proof2, callback2.callback()), | 701 &proof2, callback2.callback()), |
681 IsError(net::ERR_TEMPORARILY_THROTTLED)); | 702 IsError(net::ERR_TEMPORARILY_THROTTLED)); |
682 | 703 |
683 // Check that the first query succeeded. | 704 // Check that the first query succeeded. |
684 EXPECT_THAT(callback1.WaitForResult(), IsOk()); | 705 EXPECT_THAT(callback1.WaitForResult(), IsOk()); |
685 EXPECT_THAT(proof1.leaf_index, Eq(123456u)); | 706 EXPECT_THAT(proof1.leaf_index, Eq(123456u)); |
686 // TODO(robpercival): Enable this once MerkleAuditProof has tree_size. | 707 // TODO(robpercival): Enable this once MerkleAuditProof has tree_size. |
687 // EXPECT_THAT(proof1.tree_size, Eq(999999)); | 708 // EXPECT_THAT(proof1.tree_size, Eq(999999)); |
688 EXPECT_THAT(proof1.nodes, Eq(audit_proof)); | 709 EXPECT_THAT(proof1.nodes, Eq(audit_proof)); |
689 | 710 |
690 // Try a third query, which should succeed now that the first is finished. | 711 // Try a third query, which should succeed now that the first is finished. |
691 mock_dns_.ExpectLeafIndexRequestAndResponse(kLeafIndexQnames[2], 666); | 712 ASSERT_TRUE( |
692 mock_dns_.ExpectAuditProofRequestAndResponse("0.666.999999.tree.ct.test.", | 713 mock_dns_.ExpectLeafIndexRequestAndResponse(kLeafIndexQnames[2], 666)); |
693 audit_proof.begin(), | 714 ASSERT_TRUE(mock_dns_.ExpectAuditProofRequestAndResponse( |
694 audit_proof.begin() + 7); | 715 "0.666.999999.tree.ct.test.", audit_proof.begin(), |
695 mock_dns_.ExpectAuditProofRequestAndResponse("7.666.999999.tree.ct.test.", | 716 audit_proof.begin() + 7)); |
696 audit_proof.begin() + 7, | 717 ASSERT_TRUE(mock_dns_.ExpectAuditProofRequestAndResponse( |
697 audit_proof.begin() + 14); | 718 "7.666.999999.tree.ct.test.", audit_proof.begin() + 7, |
698 mock_dns_.ExpectAuditProofRequestAndResponse("14.666.999999.tree.ct.test.", | 719 audit_proof.begin() + 14)); |
699 audit_proof.begin() + 14, | 720 ASSERT_TRUE(mock_dns_.ExpectAuditProofRequestAndResponse( |
700 audit_proof.end()); | 721 "14.666.999999.tree.ct.test.", audit_proof.begin() + 14, |
| 722 audit_proof.end())); |
701 | 723 |
702 net::ct::MerkleAuditProof proof3; | 724 net::ct::MerkleAuditProof proof3; |
703 net::TestCompletionCallback callback3; | 725 net::TestCompletionCallback callback3; |
704 ASSERT_THAT(log_client->QueryAuditProof("ct.test", kLeafHashes[2], 999999, | 726 ASSERT_THAT(log_client->QueryAuditProof("ct.test", kLeafHashes[2], 999999, |
705 &proof3, callback3.callback()), | 727 &proof3, callback3.callback()), |
706 IsError(net::ERR_IO_PENDING)); | 728 IsError(net::ERR_IO_PENDING)); |
707 | 729 |
708 // Check that the third query succeeded. | 730 // Check that the third query succeeded. |
709 EXPECT_THAT(callback3.WaitForResult(), IsOk()); | 731 EXPECT_THAT(callback3.WaitForResult(), IsOk()); |
710 EXPECT_THAT(proof3.leaf_index, Eq(666u)); | 732 EXPECT_THAT(proof3.leaf_index, Eq(666u)); |
711 // TODO(robpercival): Enable this once MerkleAuditProof has tree_size. | 733 // TODO(robpercival): Enable this once MerkleAuditProof has tree_size. |
712 // EXPECT_THAT(proof3.tree_size, Eq(999999)); | 734 // EXPECT_THAT(proof3.tree_size, Eq(999999)); |
713 EXPECT_THAT(proof3.nodes, Eq(audit_proof)); | 735 EXPECT_THAT(proof3.nodes, Eq(audit_proof)); |
714 } | 736 } |
715 | 737 |
716 TEST_P(LogDnsClientTest, NotifiesWhenNoLongerThrottled) { | 738 TEST_P(LogDnsClientTest, NotifiesWhenNoLongerThrottled) { |
717 const std::vector<std::string> audit_proof = GetSampleAuditProof(20); | 739 const std::vector<std::string> audit_proof = GetSampleAuditProof(20); |
718 | 740 |
719 mock_dns_.ExpectLeafIndexRequestAndResponse(kLeafIndexQnames[0], 123456); | 741 ASSERT_TRUE( |
720 mock_dns_.ExpectAuditProofRequestAndResponse("0.123456.999999.tree.ct.test.", | 742 mock_dns_.ExpectLeafIndexRequestAndResponse(kLeafIndexQnames[0], 123456)); |
721 audit_proof.begin(), | 743 ASSERT_TRUE(mock_dns_.ExpectAuditProofRequestAndResponse( |
722 audit_proof.begin() + 7); | 744 "0.123456.999999.tree.ct.test.", audit_proof.begin(), |
723 mock_dns_.ExpectAuditProofRequestAndResponse("7.123456.999999.tree.ct.test.", | 745 audit_proof.begin() + 7)); |
724 audit_proof.begin() + 7, | 746 ASSERT_TRUE(mock_dns_.ExpectAuditProofRequestAndResponse( |
725 audit_proof.begin() + 14); | 747 "7.123456.999999.tree.ct.test.", audit_proof.begin() + 7, |
726 mock_dns_.ExpectAuditProofRequestAndResponse("14.123456.999999.tree.ct.test.", | 748 audit_proof.begin() + 14)); |
727 audit_proof.begin() + 14, | 749 ASSERT_TRUE(mock_dns_.ExpectAuditProofRequestAndResponse( |
728 audit_proof.end()); | 750 "14.123456.999999.tree.ct.test.", audit_proof.begin() + 14, |
| 751 audit_proof.end())); |
729 | 752 |
730 const size_t kMaxConcurrentQueries = 1; | 753 const size_t kMaxConcurrentQueries = 1; |
731 std::unique_ptr<LogDnsClient> log_client = | 754 std::unique_ptr<LogDnsClient> log_client = |
732 CreateLogDnsClient(kMaxConcurrentQueries); | 755 CreateLogDnsClient(kMaxConcurrentQueries); |
733 | 756 |
734 // Start a query. | 757 // Start a query. |
735 net::ct::MerkleAuditProof proof1; | 758 net::ct::MerkleAuditProof proof1; |
736 net::TestCompletionCallback proof_callback1; | 759 net::TestCompletionCallback proof_callback1; |
737 ASSERT_THAT(log_client->QueryAuditProof("ct.test", kLeafHashes[0], 999999, | 760 ASSERT_THAT(log_client->QueryAuditProof("ct.test", kLeafHashes[0], 999999, |
738 &proof1, proof_callback1.callback()), | 761 &proof1, proof_callback1.callback()), |
739 IsError(net::ERR_IO_PENDING)); | 762 IsError(net::ERR_IO_PENDING)); |
740 | 763 |
741 net::TestClosure not_throttled_callback; | 764 net::TestClosure not_throttled_callback; |
742 log_client->NotifyWhenNotThrottled(not_throttled_callback.closure()); | 765 log_client->NotifyWhenNotThrottled(not_throttled_callback.closure()); |
743 | 766 |
744 ASSERT_THAT(proof_callback1.WaitForResult(), IsOk()); | 767 ASSERT_THAT(proof_callback1.WaitForResult(), IsOk()); |
745 not_throttled_callback.WaitForResult(); | 768 not_throttled_callback.WaitForResult(); |
746 | 769 |
747 // Start another query to check |not_throttled_callback| doesn't fire again. | 770 // Start another query to check |not_throttled_callback| doesn't fire again. |
748 mock_dns_.ExpectLeafIndexRequestAndResponse(kLeafIndexQnames[1], 666); | 771 ASSERT_TRUE( |
749 mock_dns_.ExpectAuditProofRequestAndResponse("0.666.999999.tree.ct.test.", | 772 mock_dns_.ExpectLeafIndexRequestAndResponse(kLeafIndexQnames[1], 666)); |
750 audit_proof.begin(), | 773 ASSERT_TRUE(mock_dns_.ExpectAuditProofRequestAndResponse( |
751 audit_proof.begin() + 7); | 774 "0.666.999999.tree.ct.test.", audit_proof.begin(), |
752 mock_dns_.ExpectAuditProofRequestAndResponse("7.666.999999.tree.ct.test.", | 775 audit_proof.begin() + 7)); |
753 audit_proof.begin() + 7, | 776 ASSERT_TRUE(mock_dns_.ExpectAuditProofRequestAndResponse( |
754 audit_proof.begin() + 14); | 777 "7.666.999999.tree.ct.test.", audit_proof.begin() + 7, |
755 mock_dns_.ExpectAuditProofRequestAndResponse("14.666.999999.tree.ct.test.", | 778 audit_proof.begin() + 14)); |
756 audit_proof.begin() + 14, | 779 ASSERT_TRUE(mock_dns_.ExpectAuditProofRequestAndResponse( |
757 audit_proof.end()); | 780 "14.666.999999.tree.ct.test.", audit_proof.begin() + 14, |
| 781 audit_proof.end())); |
758 | 782 |
759 net::ct::MerkleAuditProof proof2; | 783 net::ct::MerkleAuditProof proof2; |
760 net::TestCompletionCallback proof_callback2; | 784 net::TestCompletionCallback proof_callback2; |
761 ASSERT_THAT(log_client->QueryAuditProof("ct.test", kLeafHashes[1], 999999, | 785 ASSERT_THAT(log_client->QueryAuditProof("ct.test", kLeafHashes[1], 999999, |
762 &proof2, proof_callback2.callback()), | 786 &proof2, proof_callback2.callback()), |
763 IsError(net::ERR_IO_PENDING)); | 787 IsError(net::ERR_IO_PENDING)); |
764 | 788 |
765 // Give the query a chance to run. | 789 // Give the query a chance to run. |
766 ASSERT_THAT(proof_callback2.WaitForResult(), IsOk()); | 790 ASSERT_THAT(proof_callback2.WaitForResult(), IsOk()); |
767 // Give |not_throttled_callback| a chance to run - it shouldn't though. | 791 // Give |not_throttled_callback| a chance to run - it shouldn't though. |
768 base::RunLoop().RunUntilIdle(); | 792 base::RunLoop().RunUntilIdle(); |
769 ASSERT_FALSE(not_throttled_callback.have_result()); | 793 ASSERT_FALSE(not_throttled_callback.have_result()); |
770 } | 794 } |
771 | 795 |
772 INSTANTIATE_TEST_CASE_P(ReadMode, | 796 INSTANTIATE_TEST_CASE_P(ReadMode, |
773 LogDnsClientTest, | 797 LogDnsClientTest, |
774 ::testing::Values(net::IoMode::ASYNC, | 798 ::testing::Values(net::IoMode::ASYNC, |
775 net::IoMode::SYNCHRONOUS)); | 799 net::IoMode::SYNCHRONOUS)); |
776 | 800 |
777 } // namespace certificate_transparency | 801 } // namespace certificate_transparency |
OLD | NEW |