Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(154)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/http/transport_security_persister_unittest.cc

Issue 103803012: Make HSTS headers not clobber preloaded pins. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Rebase and resolve conflict. Created 6 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/http/transport_security_persister.cc ('k') | net/http/transport_security_state.h » ('j') | net/http/transport_security_state.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/http/transport_security_persister.h" 5 #include "net/http/transport_security_persister.h"
6 6
7 #include <map> 7 #include <map>
8 #include <string> 8 #include <string>
9 #include <vector> 9 #include <vector>
10 10
(...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after
50 EXPECT_TRUE(persister_->LoadEntries(output, &dirty)); 50 EXPECT_TRUE(persister_->LoadEntries(output, &dirty));
51 EXPECT_FALSE(dirty); 51 EXPECT_FALSE(dirty);
52 } 52 }
53 53
54 TEST_F(TransportSecurityPersisterTest, SerializeData2) { 54 TEST_F(TransportSecurityPersisterTest, SerializeData2) {
55 TransportSecurityState::DomainState domain_state; 55 TransportSecurityState::DomainState domain_state;
56 const base::Time current_time(base::Time::Now()); 56 const base::Time current_time(base::Time::Now());
57 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); 57 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
58 static const char kYahooDomain[] = "yahoo.com"; 58 static const char kYahooDomain[] = "yahoo.com";
59 59
60 EXPECT_FALSE(state_.GetDomainState(kYahooDomain, true, &domain_state)); 60 EXPECT_FALSE(state_.GetStaticDomainState(kYahooDomain, true, &domain_state));
61 EXPECT_FALSE(state_.GetDynamicDomainState(kYahooDomain, &domain_state));
61 62
62 bool include_subdomains = true; 63 bool include_subdomains = true;
63 state_.AddHSTS(kYahooDomain, expiry, include_subdomains); 64 state_.AddHSTS(kYahooDomain, expiry, include_subdomains);
64 65
65 std::string output; 66 std::string output;
66 bool dirty; 67 bool dirty;
67 EXPECT_TRUE(persister_->SerializeData(&output)); 68 EXPECT_TRUE(persister_->SerializeData(&output));
68 EXPECT_TRUE(persister_->LoadEntries(output, &dirty)); 69 EXPECT_TRUE(persister_->LoadEntries(output, &dirty));
69 70
70 EXPECT_TRUE(state_.GetDomainState(kYahooDomain, true, &domain_state)); 71 EXPECT_TRUE(state_.GetDynamicDomainState(kYahooDomain, &domain_state));
71 EXPECT_EQ(domain_state.upgrade_mode, 72 EXPECT_EQ(domain_state.sts.upgrade_mode,
72 TransportSecurityState::DomainState::MODE_FORCE_HTTPS); 73 TransportSecurityState::DomainState::MODE_FORCE_HTTPS);
73 EXPECT_TRUE(state_.GetDomainState("foo.yahoo.com", true, &domain_state)); 74 EXPECT_TRUE(state_.GetDynamicDomainState("foo.yahoo.com", &domain_state));
74 EXPECT_EQ(domain_state.upgrade_mode, 75 EXPECT_EQ(domain_state.sts.upgrade_mode,
75 TransportSecurityState::DomainState::MODE_FORCE_HTTPS); 76 TransportSecurityState::DomainState::MODE_FORCE_HTTPS);
76 EXPECT_TRUE(state_.GetDomainState("foo.bar.yahoo.com", true, &domain_state)); 77 EXPECT_TRUE(state_.GetDynamicDomainState("foo.bar.yahoo.com", &domain_state));
77 EXPECT_EQ(domain_state.upgrade_mode, 78 EXPECT_EQ(domain_state.sts.upgrade_mode,
78 TransportSecurityState::DomainState::MODE_FORCE_HTTPS); 79 TransportSecurityState::DomainState::MODE_FORCE_HTTPS);
79 EXPECT_TRUE(state_.GetDomainState("foo.bar.baz.yahoo.com", true, 80 EXPECT_TRUE(
80 &domain_state)); 81 state_.GetDynamicDomainState("foo.bar.baz.yahoo.com", &domain_state));
81 EXPECT_EQ(domain_state.upgrade_mode, 82 EXPECT_EQ(domain_state.sts.upgrade_mode,
82 TransportSecurityState::DomainState::MODE_FORCE_HTTPS); 83 TransportSecurityState::DomainState::MODE_FORCE_HTTPS);
83 EXPECT_FALSE(state_.GetDomainState("com", true, &domain_state)); 84 EXPECT_FALSE(state_.GetStaticDomainState("com", true, &domain_state));
84 } 85 }
85 86
86 TEST_F(TransportSecurityPersisterTest, SerializeData3) { 87 TEST_F(TransportSecurityPersisterTest, SerializeData3) {
87 // Add an entry. 88 // Add an entry.
88 net::HashValue fp1(net::HASH_VALUE_SHA1); 89 net::HashValue fp1(net::HASH_VALUE_SHA1);
89 memset(fp1.data(), 0, fp1.size()); 90 memset(fp1.data(), 0, fp1.size());
90 net::HashValue fp2(net::HASH_VALUE_SHA1); 91 net::HashValue fp2(net::HASH_VALUE_SHA1);
91 memset(fp2.data(), 1, fp2.size()); 92 memset(fp2.data(), 1, fp2.size());
92 base::Time expiry = 93 base::Time expiry =
93 base::Time::Now() + base::TimeDelta::FromSeconds(1000); 94 base::Time::Now() + base::TimeDelta::FromSeconds(1000);
(...skipping 65 matching lines...) Expand 10 before | Expand all | Expand 10 after
159 "}" 160 "}"
160 "}"; 161 "}";
161 bool dirty; 162 bool dirty;
162 EXPECT_TRUE(persister_->LoadEntries(output, &dirty)); 163 EXPECT_TRUE(persister_->LoadEntries(output, &dirty));
163 EXPECT_TRUE(dirty); 164 EXPECT_TRUE(dirty);
164 } 165 }
165 166
166 TEST_F(TransportSecurityPersisterTest, PublicKeyHashes) { 167 TEST_F(TransportSecurityPersisterTest, PublicKeyHashes) {
167 TransportSecurityState::DomainState domain_state; 168 TransportSecurityState::DomainState domain_state;
168 static const char kTestDomain[] = "example.com"; 169 static const char kTestDomain[] = "example.com";
169 EXPECT_FALSE(state_.GetDomainState(kTestDomain, false, &domain_state)); 170 EXPECT_FALSE(state_.GetDynamicDomainState(kTestDomain, &domain_state));
170 net::HashValueVector hashes; 171 net::HashValueVector hashes;
171 std::string failure_log; 172 std::string failure_log;
172 EXPECT_FALSE(domain_state.CheckPublicKeyPins(hashes, &failure_log)); 173 EXPECT_FALSE(domain_state.CheckPublicKeyPins(hashes, &failure_log));
173 174
174 net::HashValue sha1(net::HASH_VALUE_SHA1); 175 net::HashValue sha1(net::HASH_VALUE_SHA1);
175 memset(sha1.data(), '1', sha1.size()); 176 memset(sha1.data(), '1', sha1.size());
176 domain_state.dynamic_spki_hashes.push_back(sha1); 177 domain_state.pkp.spki_hashes.push_back(sha1);
177 178
178 EXPECT_FALSE(domain_state.CheckPublicKeyPins(hashes, &failure_log)); 179 EXPECT_FALSE(domain_state.CheckPublicKeyPins(hashes, &failure_log));
179 180
180 hashes.push_back(sha1); 181 hashes.push_back(sha1);
181 EXPECT_TRUE(domain_state.CheckPublicKeyPins(hashes, &failure_log)); 182 EXPECT_TRUE(domain_state.CheckPublicKeyPins(hashes, &failure_log));
182 183
183 hashes[0].data()[0] = '2'; 184 hashes[0].data()[0] = '2';
184 EXPECT_FALSE(domain_state.CheckPublicKeyPins(hashes, &failure_log)); 185 EXPECT_FALSE(domain_state.CheckPublicKeyPins(hashes, &failure_log));
185 186
186 const base::Time current_time(base::Time::Now()); 187 const base::Time current_time(base::Time::Now());
187 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); 188 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
188 bool include_subdomains = false; 189 bool include_subdomains = false;
189 state_.AddHSTS(kTestDomain, expiry, include_subdomains); 190 state_.AddHSTS(kTestDomain, expiry, include_subdomains);
190 state_.AddHPKP(kTestDomain, expiry, include_subdomains, 191 state_.AddHPKP(
191 domain_state.dynamic_spki_hashes); 192 kTestDomain, expiry, include_subdomains, domain_state.pkp.spki_hashes);
192 std::string ser; 193 std::string serialized;
193 EXPECT_TRUE(persister_->SerializeData(&ser)); 194 EXPECT_TRUE(persister_->SerializeData(&serialized));
194 bool dirty; 195 bool dirty;
195 EXPECT_TRUE(persister_->LoadEntries(ser, &dirty)); 196 EXPECT_TRUE(persister_->LoadEntries(serialized, &dirty));
196 EXPECT_TRUE(state_.GetDomainState(kTestDomain, false, &domain_state)); 197
197 EXPECT_EQ(1u, domain_state.dynamic_spki_hashes.size()); 198 TransportSecurityState::DomainState new_domain_state;
198 EXPECT_EQ(sha1.tag, domain_state.dynamic_spki_hashes[0].tag); 199 EXPECT_TRUE(state_.GetDynamicDomainState(kTestDomain, &new_domain_state));
199 EXPECT_EQ(0, memcmp(domain_state.dynamic_spki_hashes[0].data(), sha1.data(), 200 EXPECT_EQ(1u, new_domain_state.pkp.spki_hashes.size());
200 sha1.size())); 201 EXPECT_EQ(sha1.tag, new_domain_state.pkp.spki_hashes[0].tag);
202 EXPECT_EQ(0,
203 memcmp(new_domain_state.pkp.spki_hashes[0].data(),
204 sha1.data(),
205 sha1.size()));
201 } 206 }
OLDNEW
« no previous file with comments | « net/http/transport_security_persister.cc ('k') | net/http/transport_security_state.h » ('j') | net/http/transport_security_state.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698