| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/http/transport_security_persister.h" | 5 #include "net/http/transport_security_persister.h" |
| 6 | 6 |
| 7 #include <map> | 7 #include <map> |
| 8 #include <string> | 8 #include <string> |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| (...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 61 | 61 |
| 62 bool include_subdomains = true; | 62 bool include_subdomains = true; |
| 63 state_.AddHSTS(kYahooDomain, expiry, include_subdomains); | 63 state_.AddHSTS(kYahooDomain, expiry, include_subdomains); |
| 64 | 64 |
| 65 std::string output; | 65 std::string output; |
| 66 bool dirty; | 66 bool dirty; |
| 67 EXPECT_TRUE(persister_->SerializeData(&output)); | 67 EXPECT_TRUE(persister_->SerializeData(&output)); |
| 68 EXPECT_TRUE(persister_->LoadEntries(output, &dirty)); | 68 EXPECT_TRUE(persister_->LoadEntries(output, &dirty)); |
| 69 | 69 |
| 70 EXPECT_TRUE(state_.GetDomainState(kYahooDomain, true, &domain_state)); | 70 EXPECT_TRUE(state_.GetDomainState(kYahooDomain, true, &domain_state)); |
| 71 EXPECT_EQ(domain_state.upgrade_mode, | 71 EXPECT_EQ(domain_state.dynamic_sts.upgrade_mode, |
| 72 TransportSecurityState::DomainState::MODE_FORCE_HTTPS); | 72 TransportSecurityState::DomainState::MODE_FORCE_HTTPS); |
| 73 EXPECT_TRUE(state_.GetDomainState("foo.yahoo.com", true, &domain_state)); | 73 EXPECT_TRUE(state_.GetDomainState("foo.yahoo.com", true, &domain_state)); |
| 74 EXPECT_EQ(domain_state.upgrade_mode, | 74 EXPECT_EQ(domain_state.dynamic_sts.upgrade_mode, |
| 75 TransportSecurityState::DomainState::MODE_FORCE_HTTPS); | 75 TransportSecurityState::DomainState::MODE_FORCE_HTTPS); |
| 76 EXPECT_TRUE(state_.GetDomainState("foo.bar.yahoo.com", true, &domain_state)); | 76 EXPECT_TRUE(state_.GetDomainState("foo.bar.yahoo.com", true, &domain_state)); |
| 77 EXPECT_EQ(domain_state.upgrade_mode, | 77 EXPECT_EQ(domain_state.dynamic_sts.upgrade_mode, |
| 78 TransportSecurityState::DomainState::MODE_FORCE_HTTPS); | 78 TransportSecurityState::DomainState::MODE_FORCE_HTTPS); |
| 79 EXPECT_TRUE(state_.GetDomainState("foo.bar.baz.yahoo.com", true, | 79 EXPECT_TRUE(state_.GetDomainState("foo.bar.baz.yahoo.com", true, |
| 80 &domain_state)); | 80 &domain_state)); |
| 81 EXPECT_EQ(domain_state.upgrade_mode, | 81 EXPECT_EQ(domain_state.dynamic_sts.upgrade_mode, |
| 82 TransportSecurityState::DomainState::MODE_FORCE_HTTPS); | 82 TransportSecurityState::DomainState::MODE_FORCE_HTTPS); |
| 83 EXPECT_FALSE(state_.GetDomainState("com", true, &domain_state)); | 83 EXPECT_FALSE(state_.GetDomainState("com", true, &domain_state)); |
| 84 } | 84 } |
| 85 | 85 |
| 86 TEST_F(TransportSecurityPersisterTest, SerializeData3) { | 86 TEST_F(TransportSecurityPersisterTest, SerializeData3) { |
| 87 // Add an entry. | 87 // Add an entry. |
| 88 net::HashValue fp1(net::HASH_VALUE_SHA1); | 88 net::HashValue fp1(net::HASH_VALUE_SHA1); |
| 89 memset(fp1.data(), 0, fp1.size()); | 89 memset(fp1.data(), 0, fp1.size()); |
| 90 net::HashValue fp2(net::HASH_VALUE_SHA1); | 90 net::HashValue fp2(net::HASH_VALUE_SHA1); |
| 91 memset(fp2.data(), 1, fp2.size()); | 91 memset(fp2.data(), 1, fp2.size()); |
| (...skipping 74 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 166 | 166 |
| 167 TEST_F(TransportSecurityPersisterTest, PublicKeyHashes) { | 167 TEST_F(TransportSecurityPersisterTest, PublicKeyHashes) { |
| 168 TransportSecurityState::DomainState domain_state; | 168 TransportSecurityState::DomainState domain_state; |
| 169 static const char kTestDomain[] = "example.com"; | 169 static const char kTestDomain[] = "example.com"; |
| 170 EXPECT_FALSE(state_.GetDomainState(kTestDomain, false, &domain_state)); | 170 EXPECT_FALSE(state_.GetDomainState(kTestDomain, false, &domain_state)); |
| 171 net::HashValueVector hashes; | 171 net::HashValueVector hashes; |
| 172 EXPECT_FALSE(domain_state.CheckPublicKeyPins(hashes)); | 172 EXPECT_FALSE(domain_state.CheckPublicKeyPins(hashes)); |
| 173 | 173 |
| 174 net::HashValue sha1(net::HASH_VALUE_SHA1); | 174 net::HashValue sha1(net::HASH_VALUE_SHA1); |
| 175 memset(sha1.data(), '1', sha1.size()); | 175 memset(sha1.data(), '1', sha1.size()); |
| 176 domain_state.dynamic_spki_hashes.push_back(sha1); | 176 domain_state.dynamic_pkp.spki_hashes.push_back(sha1); |
| 177 | 177 |
| 178 EXPECT_FALSE(domain_state.CheckPublicKeyPins(hashes)); | 178 EXPECT_FALSE(domain_state.CheckPublicKeyPins(hashes)); |
| 179 | 179 |
| 180 hashes.push_back(sha1); | 180 hashes.push_back(sha1); |
| 181 EXPECT_TRUE(domain_state.CheckPublicKeyPins(hashes)); | 181 EXPECT_TRUE(domain_state.CheckPublicKeyPins(hashes)); |
| 182 | 182 |
| 183 hashes[0].data()[0] = '2'; | 183 hashes[0].data()[0] = '2'; |
| 184 EXPECT_FALSE(domain_state.CheckPublicKeyPins(hashes)); | 184 EXPECT_FALSE(domain_state.CheckPublicKeyPins(hashes)); |
| 185 | 185 |
| 186 const base::Time current_time(base::Time::Now()); | 186 const base::Time current_time(base::Time::Now()); |
| 187 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); | 187 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); |
| 188 bool include_subdomains = false; | 188 bool include_subdomains = false; |
| 189 state_.AddHSTS(kTestDomain, expiry, include_subdomains); | 189 state_.AddHSTS(kTestDomain, expiry, include_subdomains); |
| 190 state_.AddHPKP(kTestDomain, expiry, include_subdomains, | 190 state_.AddHPKP(kTestDomain, expiry, include_subdomains, |
| 191 domain_state.dynamic_spki_hashes); | 191 domain_state.dynamic_pkp.spki_hashes); |
| 192 std::string ser; | 192 std::string ser; |
| 193 EXPECT_TRUE(persister_->SerializeData(&ser)); | 193 EXPECT_TRUE(persister_->SerializeData(&ser)); |
| 194 bool dirty; | 194 bool dirty; |
| 195 EXPECT_TRUE(persister_->LoadEntries(ser, &dirty)); | 195 EXPECT_TRUE(persister_->LoadEntries(ser, &dirty)); |
| 196 EXPECT_TRUE(state_.GetDomainState(kTestDomain, false, &domain_state)); | 196 EXPECT_TRUE(state_.GetDomainState(kTestDomain, false, &domain_state)); |
| 197 EXPECT_EQ(1u, domain_state.dynamic_spki_hashes.size()); | 197 EXPECT_EQ(1u, domain_state.dynamic_pkp.spki_hashes.size()); |
| 198 EXPECT_EQ(sha1.tag, domain_state.dynamic_spki_hashes[0].tag); | 198 EXPECT_EQ(sha1.tag, domain_state.dynamic_pkp.spki_hashes[0].tag); |
| 199 EXPECT_EQ(0, memcmp(domain_state.dynamic_spki_hashes[0].data(), sha1.data(), | 199 EXPECT_EQ(0, memcmp(domain_state.dynamic_pkp.spki_hashes[0].data(), |
| 200 sha1.size())); | 200 sha1.data(), sha1.size())); |
| 201 } | 201 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 103803012:
Make HSTS headers not clobber preloaded pins. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src