net/base/transport_security_state_unittest.cc - Issue 11274032: Separate http_security_headers from transport_security_state

Side by Side Diff: net/base/transport_security_state_unittest.cc

Issue 11274032: Separate http_security_headers from transport_security_state (Closed) Base URL: https://src.chromium.org/chrome/trunk/src/

Patch Set: Created 8 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/base/transport_security_state.h"	5 #include "net/base/transport_security_state.h"

6	6

7 #include <algorithm>	7 #include <algorithm>

8 #include <string>	8 #include <string>

9 #include <vector>	9 #include <vector>

10	10

(...skipping 27 matching lines...) Expand all Loading...
38 class TransportSecurityStateTest : public testing::Test {	38 class TransportSecurityStateTest : public testing::Test {

39 virtual void SetUp() {	39 virtual void SetUp() {

40 #if defined(USE_OPENSSL)	40 #if defined(USE_OPENSSL)

41 crypto::EnsureOpenSSLInit();	41 crypto::EnsureOpenSSLInit();

42 #else	42 #else

43 crypto::EnsureNSSInit();	43 crypto::EnsureNSSInit();

44 #endif	44 #endif

45 }	45 }

46 };	46 };

47	47

48 TEST_F(TransportSecurityStateTest, BogusHeaders) {

49 TransportSecurityState::DomainState state;

50 base::Time now = base::Time::Now();

51

52 EXPECT_FALSE(state.ParseSTSHeader(now, ""));

53 EXPECT_FALSE(state.ParseSTSHeader(now, " "));

54 EXPECT_FALSE(state.ParseSTSHeader(now, "abc"));

55 EXPECT_FALSE(state.ParseSTSHeader(now, " abc"));

56 EXPECT_FALSE(state.ParseSTSHeader(now, " abc "));

57 EXPECT_FALSE(state.ParseSTSHeader(now, "max-age"));

58 EXPECT_FALSE(state.ParseSTSHeader(now, " max-age"));

59 EXPECT_FALSE(state.ParseSTSHeader(now, " max-age "));

60 EXPECT_FALSE(state.ParseSTSHeader(now, "max-age="));

61 EXPECT_FALSE(state.ParseSTSHeader(now, " max-age="));

62 EXPECT_FALSE(state.ParseSTSHeader(now, " max-age ="));

63 EXPECT_FALSE(state.ParseSTSHeader(now, " max-age= "));

64 EXPECT_FALSE(state.ParseSTSHeader(now, " max-age = "));

65 EXPECT_FALSE(state.ParseSTSHeader(now, " max-age = xy"));

66 EXPECT_FALSE(state.ParseSTSHeader(now, " max-age = 3488a923"));

67 EXPECT_FALSE(state.ParseSTSHeader(now, "max-age=3488a923 "));

68 EXPECT_FALSE(state.ParseSTSHeader(now, "max-ag=3488923"));

69 EXPECT_FALSE(state.ParseSTSHeader(now, "max-aged=3488923"));

70 EXPECT_FALSE(state.ParseSTSHeader(now, "max-age==3488923"));

71 EXPECT_FALSE(state.ParseSTSHeader(now, "amax-age=3488923"));

72 EXPECT_FALSE(state.ParseSTSHeader(now, "max-age=-3488923"));

73 EXPECT_FALSE(state.ParseSTSHeader(now, "max-age=3488923;"));

74 EXPECT_FALSE(state.ParseSTSHeader(now, "max-age=3488923 e"));

75 EXPECT_FALSE(state.ParseSTSHeader(

76 now, "max-age=3488923 includesubdomain"));

77 EXPECT_FALSE(state.ParseSTSHeader(now, "max-age=3488923includesubdomains"));

78 EXPECT_FALSE(state.ParseSTSHeader(now, "max-age=3488923=includesubdomains"));

79 EXPECT_FALSE(state.ParseSTSHeader(now, "max-age=3488923 includesubdomainx"));

80 EXPECT_FALSE(state.ParseSTSHeader(now, "max-age=3488923 includesubdomain="));

81 EXPECT_FALSE(state.ParseSTSHeader(

82 now, "max-age=3488923 includesubdomain=true"));

83 EXPECT_FALSE(state.ParseSTSHeader(now, "max-age=3488923 includesubdomainsx"));

84 EXPECT_FALSE(state.ParseSTSHeader(

85 now, "max-age=3488923 includesubdomains x"));

86 EXPECT_FALSE(state.ParseSTSHeader(now, "max-age=34889.23 includesubdomains"));

87 EXPECT_FALSE(state.ParseSTSHeader(now, "max-age=34889 includesubdomains"));

88

89 // Check that \|state\| was not updated by expecting the default

90 // values for its predictable fields.

91 EXPECT_EQ(state.upgrade_mode,

92 TransportSecurityState::DomainState::MODE_FORCE_HTTPS);

93 EXPECT_FALSE(state.include_subdomains);

94 }

95

96 static bool GetPublicKeyHash(const net::X509Certificate::OSCertHandle& cert,

97 HashValue* hash) {

98 std::string der_bytes;

99 if (!net::X509Certificate::GetDEREncoded(cert, &der_bytes))

100 return false;

101

102 base::StringPiece spki;

103 if (!asn1::ExtractSPKIFromDERCert(der_bytes, &spki))

104 return false;

105

106 switch (hash->tag) {

107 case HASH_VALUE_SHA1:

108 base::SHA1HashBytes(reinterpret_cast<const unsigned char*>(spki.data()),

109 spki.size(), hash->data());

110 break;

111 case HASH_VALUE_SHA256:

112 crypto::SHA256HashString(spki, hash->data(), crypto::kSHA256Length);

113 break;

114 default:

115 NOTREACHED() << "Unknown HashValueTag " << hash->tag;

116 }

117

118 return true;

119 }

120

121 static std::string GetPinFromCert(X509Certificate* cert, HashValueTag tag) {

122 HashValue spki_hash(tag);

123 EXPECT_TRUE(GetPublicKeyHash(cert->os_cert_handle(), &spki_hash));

124

125 std::string base64;

126 base::Base64Encode(base::StringPiece(

127 reinterpret_cast<char*>(spki_hash.data()), spki_hash.size()), &base64);

128

129 std::string label;

130 switch (tag) {

131 case HASH_VALUE_SHA1:

132 label = "pin-sha1=";

133 break;

134 case HASH_VALUE_SHA256:

135 label = "pin-sha256=";

136 break;

137 default:

138 NOTREACHED() << "Unknown HashValueTag " << tag;

139 }

140

141 return label + HttpUtil::Quote(base64);

142 }

143

144 static void TestBogusPinsHeaders(HashValueTag tag) {

145 TransportSecurityState::DomainState state;

146 SSLInfo ssl_info;

147 ssl_info.cert =

148 ImportCertFromFile(GetTestCertsDirectory(), "test_mail_google_com.pem");

149 std::string good_pin = GetPinFromCert(ssl_info.cert, tag);

150 base::Time now = base::Time::Now();

151

152 // The backup pin is fake --- it just has to not be in the chain.

153 std::string backup_pin = "pin-sha1=" +

154 HttpUtil::Quote("6dcfXufJLW3J6S/9rRe4vUlBj5g=");

155

156 EXPECT_FALSE(state.ParsePinsHeader(now, "", ssl_info));

157 EXPECT_FALSE(state.ParsePinsHeader(now, " ", ssl_info));

158 EXPECT_FALSE(state.ParsePinsHeader(now, "abc", ssl_info));

159 EXPECT_FALSE(state.ParsePinsHeader(now, " abc", ssl_info));

160 EXPECT_FALSE(state.ParsePinsHeader(now, " abc ", ssl_info));

161 EXPECT_FALSE(state.ParsePinsHeader(now, "max-age", ssl_info));

162 EXPECT_FALSE(state.ParsePinsHeader(now, " max-age", ssl_info));

163 EXPECT_FALSE(state.ParsePinsHeader(now, " max-age ", ssl_info));

164 EXPECT_FALSE(state.ParsePinsHeader(now, "max-age=", ssl_info));

165 EXPECT_FALSE(state.ParsePinsHeader(now, " max-age=", ssl_info));

166 EXPECT_FALSE(state.ParsePinsHeader(now, " max-age =", ssl_info));

167 EXPECT_FALSE(state.ParsePinsHeader(now, " max-age= ", ssl_info));

168 EXPECT_FALSE(state.ParsePinsHeader(now, " max-age = ", ssl_info));

169 EXPECT_FALSE(state.ParsePinsHeader(now, " max-age = xy", ssl_info));

170 EXPECT_FALSE(state.ParsePinsHeader(

171 now,

172 " max-age = 3488a923",

173 ssl_info));

174 EXPECT_FALSE(state.ParsePinsHeader(now, "max-age=3488a923 ", ssl_info));

175 EXPECT_FALSE(state.ParsePinsHeader(now,

176 "max-ag=3488923pins=" + good_pin + "," + backup_pin,

177 ssl_info));

178 EXPECT_FALSE(state.ParsePinsHeader(now, "max-aged=3488923" + backup_pin,

179 ssl_info));

180 EXPECT_FALSE(state.ParsePinsHeader(now, "max-aged=3488923; " + backup_pin,

181 ssl_info));

182 EXPECT_FALSE(state.ParsePinsHeader(now,

183 "max-aged=3488923; " + backup_pin + ";" + backup_pin,

184 ssl_info));

185 EXPECT_FALSE(state.ParsePinsHeader(now,

186 "max-aged=3488923; " + good_pin + ";" + good_pin,

187 ssl_info));

188 EXPECT_FALSE(state.ParsePinsHeader(now, "max-aged=3488923; " + good_pin,

189 ssl_info));

190 EXPECT_FALSE(state.ParsePinsHeader(now, "max-age==3488923", ssl_info));

191 EXPECT_FALSE(state.ParsePinsHeader(now, "amax-age=3488923", ssl_info));

192 EXPECT_FALSE(state.ParsePinsHeader(now, "max-age=-3488923", ssl_info));

193 EXPECT_FALSE(state.ParsePinsHeader(now, "max-age=3488923;", ssl_info));

194 EXPECT_FALSE(state.ParsePinsHeader(now, "max-age=3488923 e", ssl_info));

195 EXPECT_FALSE(state.ParsePinsHeader(

196 now,

197 "max-age=3488923 includesubdomain",

198 ssl_info));

199 EXPECT_FALSE(state.ParsePinsHeader(now, "max-age=34889.23", ssl_info));

200

201 // Check that \|state\| was not updated by expecting the default

202 // values for its predictable fields.

203 EXPECT_EQ(state.upgrade_mode,

204 TransportSecurityState::DomainState::MODE_FORCE_HTTPS);

205 EXPECT_FALSE(state.include_subdomains);

206 }

207

208 TEST_F(TransportSecurityStateTest, BogusPinsHeadersSHA1) {

209 TestBogusPinsHeaders(HASH_VALUE_SHA1);

210 }

211

212 TEST_F(TransportSecurityStateTest, BogusPinsHeadersSHA256) {

213 TestBogusPinsHeaders(HASH_VALUE_SHA256);

214 }

215

216 TEST_F(TransportSecurityStateTest, ValidSTSHeaders) {

217 TransportSecurityState::DomainState state;

218 base::Time expiry;

219 base::Time now = base::Time::Now();

220

221 EXPECT_TRUE(state.ParseSTSHeader(now, "max-age=243"));

222 expiry = now + base::TimeDelta::FromSeconds(243);

223 EXPECT_EQ(expiry, state.upgrade_expiry);

224 EXPECT_FALSE(state.include_subdomains);

225

226 EXPECT_TRUE(state.ParseSTSHeader(now, " Max-agE = 567"));

227 expiry = now + base::TimeDelta::FromSeconds(567);

228 EXPECT_EQ(expiry, state.upgrade_expiry);

229 EXPECT_FALSE(state.include_subdomains);

230

231 EXPECT_TRUE(state.ParseSTSHeader(now, " mAx-aGe = 890 "));

232 expiry = now + base::TimeDelta::FromSeconds(890);

233 EXPECT_EQ(expiry, state.upgrade_expiry);

234 EXPECT_FALSE(state.include_subdomains);

235

236 EXPECT_TRUE(state.ParseSTSHeader(now, "max-age=123;incLudesUbdOmains"));

237 expiry = now + base::TimeDelta::FromSeconds(123);

238 EXPECT_EQ(expiry, state.upgrade_expiry);

239 EXPECT_TRUE(state.include_subdomains);

240

241 EXPECT_TRUE(state.ParseSTSHeader(now, "incLudesUbdOmains; max-age=123"));

242 expiry = now + base::TimeDelta::FromSeconds(123);

243 EXPECT_EQ(expiry, state.upgrade_expiry);

244 EXPECT_TRUE(state.include_subdomains);

245

246 EXPECT_TRUE(state.ParseSTSHeader(now, " incLudesUbdOmains; max-age=123"));

247 expiry = now + base::TimeDelta::FromSeconds(123);

248 EXPECT_EQ(expiry, state.upgrade_expiry);

249 EXPECT_TRUE(state.include_subdomains);

250

251 EXPECT_TRUE(state.ParseSTSHeader(now,

252 " incLudesUbdOmains; max-age=123; pumpkin=kitten"));

253 expiry = now + base::TimeDelta::FromSeconds(123);

254 EXPECT_EQ(expiry, state.upgrade_expiry);

255 EXPECT_TRUE(state.include_subdomains);

256

257 EXPECT_TRUE(state.ParseSTSHeader(now,

258 " pumpkin=894; incLudesUbdOmains; max-age=123 "));

259 expiry = now + base::TimeDelta::FromSeconds(123);

260 EXPECT_EQ(expiry, state.upgrade_expiry);

261 EXPECT_TRUE(state.include_subdomains);

262

263 EXPECT_TRUE(state.ParseSTSHeader(now,

264 " pumpkin; incLudesUbdOmains; max-age=123 "));

265 expiry = now + base::TimeDelta::FromSeconds(123);

266 EXPECT_EQ(expiry, state.upgrade_expiry);

267 EXPECT_TRUE(state.include_subdomains);

268

269 EXPECT_TRUE(state.ParseSTSHeader(now,

270 " pumpkin; incLudesUbdOmains; max-age=\"123\" "));

271 expiry = now + base::TimeDelta::FromSeconds(123);

272 EXPECT_EQ(expiry, state.upgrade_expiry);

273 EXPECT_TRUE(state.include_subdomains);

274

275 EXPECT_TRUE(state.ParseSTSHeader(now,

276 "animal=\"squirrel; distinguished\"; incLudesUbdOmains; max-age=123"));

277 expiry = now + base::TimeDelta::FromSeconds(123);

278 EXPECT_EQ(expiry, state.upgrade_expiry);

279 EXPECT_TRUE(state.include_subdomains);

280

281 EXPECT_TRUE(state.ParseSTSHeader(now, "max-age=394082; incLudesUbdOmains"));

282 expiry = now + base::TimeDelta::FromSeconds(394082);

283 EXPECT_EQ(expiry, state.upgrade_expiry);

284 EXPECT_TRUE(state.include_subdomains);

285

286 EXPECT_TRUE(state.ParseSTSHeader(

287 now, "max-age=39408299 ;incLudesUbdOmains"));

288 expiry = now + base::TimeDelta::FromSeconds(

289 std::min(TransportSecurityState::kMaxHSTSAgeSecs, 39408299l));

290 EXPECT_EQ(expiry, state.upgrade_expiry);

291 EXPECT_TRUE(state.include_subdomains);

292

293 EXPECT_TRUE(state.ParseSTSHeader(

294 now, "max-age=394082038 ; incLudesUbdOmains"));

295 expiry = now + base::TimeDelta::FromSeconds(

296 std::min(TransportSecurityState::kMaxHSTSAgeSecs, 394082038l));

297 EXPECT_EQ(expiry, state.upgrade_expiry);

298 EXPECT_TRUE(state.include_subdomains);

299

300 EXPECT_TRUE(state.ParseSTSHeader(

301 now, " max-age=0 ; incLudesUbdOmains "));

302 expiry = now + base::TimeDelta::FromSeconds(0);

303 EXPECT_EQ(expiry, state.upgrade_expiry);

304 EXPECT_TRUE(state.include_subdomains);

305

306 EXPECT_TRUE(state.ParseSTSHeader(

307 now,

308 " max-age=999999999999999999999999999999999999999999999 ;"

309 " incLudesUbdOmains "));

310 expiry = now + base::TimeDelta::FromSeconds(

311 TransportSecurityState::kMaxHSTSAgeSecs);

312 EXPECT_EQ(expiry, state.upgrade_expiry);

313 EXPECT_TRUE(state.include_subdomains);

314 }

315

316 static void TestValidPinsHeaders(HashValueTag tag) {

317 TransportSecurityState::DomainState state;

318 base::Time expiry;

319 base::Time now = base::Time::Now();

320

321 // Set up a realistic SSLInfo with a realistic cert chain.

322 FilePath certs_dir = GetTestCertsDirectory();

323 scoped_refptr<X509Certificate> ee_cert =

324 ImportCertFromFile(certs_dir, "2048-rsa-ee-by-2048-rsa-intermediate.pem");

325 ASSERT_NE(static_cast<X509Certificate*>(NULL), ee_cert);

326 scoped_refptr<X509Certificate> intermediate =

327 ImportCertFromFile(certs_dir, "2048-rsa-intermediate.pem");

328 ASSERT_NE(static_cast<X509Certificate*>(NULL), intermediate);

329 X509Certificate::OSCertHandles intermediates;

330 intermediates.push_back(intermediate->os_cert_handle());

331 SSLInfo ssl_info;

332 ssl_info.cert = X509Certificate::CreateFromHandle(ee_cert->os_cert_handle(),

333 intermediates);

334

335 // Add the root that signed the intermediate for this test.

336 scoped_refptr<X509Certificate> root_cert =

337 ImportCertFromFile(certs_dir, "2048-rsa-root.pem");

338 ASSERT_NE(static_cast<X509Certificate*>(NULL), root_cert);

339 ScopedTestRoot scoped_root(root_cert);

340

341 // Verify has the side-effect of populating public_key_hashes, which

342 // ParsePinsHeader needs. (It wants to check pins against the validated

343 // chain, not just the presented chain.)

344 int rv = ERR_FAILED;

345 CertVerifyResult result;

346 scoped_ptr<CertVerifier> verifier(CertVerifier::CreateDefault());

347 TestCompletionCallback callback;

348 CertVerifier::RequestHandle handle = NULL;

349 rv = verifier->Verify(ssl_info.cert, "127.0.0.1", 0, NULL, &result,

350 callback.callback(), &handle, BoundNetLog());

351 rv = callback.GetResult(rv);

352 ASSERT_EQ(OK, rv);

353 // Normally, ssl_client_socket_nss would do this, but for a unit test we

354 // fake it.

355 ssl_info.public_key_hashes = result.public_key_hashes;

356 std::string good_pin = GetPinFromCert(ssl_info.cert, /tag/HASH_VALUE_SHA1);

357 DLOG(WARNING) << "good pin: " << good_pin;

358

359 // The backup pin is fake --- we just need an SPKI hash that does not match

360 // the hash of any SPKI in the certificate chain.

361 std::string backup_pin = "pin-sha1=" +

362 HttpUtil::Quote("6dcfXufJLW3J6S/9rRe4vUlBj5g=");

363

364 EXPECT_TRUE(state.ParsePinsHeader(

365 now,

366 "max-age=243; " + good_pin + ";" + backup_pin,

367 ssl_info));

368 expiry = now + base::TimeDelta::FromSeconds(243);

369 EXPECT_EQ(expiry, state.dynamic_spki_hashes_expiry);

370

371 EXPECT_TRUE(state.ParsePinsHeader(

372 now,

373 " " + good_pin + "; " + backup_pin + " ; Max-agE = 567",

374 ssl_info));

375 expiry = now + base::TimeDelta::FromSeconds(567);

376 EXPECT_EQ(expiry, state.dynamic_spki_hashes_expiry);

377

378 EXPECT_TRUE(state.ParsePinsHeader(

379 now,

380 good_pin + ";" + backup_pin + " ; mAx-aGe = 890 ",

381 ssl_info));

382 expiry = now + base::TimeDelta::FromSeconds(890);

383 EXPECT_EQ(expiry, state.dynamic_spki_hashes_expiry);

384

385 EXPECT_TRUE(state.ParsePinsHeader(

386 now,

387 good_pin + ";" + backup_pin + "; max-age=123;IGNORED;",

388 ssl_info));

389 expiry = now + base::TimeDelta::FromSeconds(123);

390 EXPECT_EQ(expiry, state.dynamic_spki_hashes_expiry);

391

392 EXPECT_TRUE(state.ParsePinsHeader(

393 now,

394 "max-age=394082;" + backup_pin + ";" + good_pin + "; ",

395 ssl_info));

396 expiry = now + base::TimeDelta::FromSeconds(394082);

397 EXPECT_EQ(expiry, state.dynamic_spki_hashes_expiry);

398

399 EXPECT_TRUE(state.ParsePinsHeader(

400 now,

401 "max-age=39408299 ;" + backup_pin + ";" + good_pin + "; ",

402 ssl_info));

403 expiry = now + base::TimeDelta::FromSeconds(

404 std::min(TransportSecurityState::kMaxHSTSAgeSecs, 39408299l));

405 EXPECT_EQ(expiry, state.dynamic_spki_hashes_expiry);

406

407 EXPECT_TRUE(state.ParsePinsHeader(

408 now,

409 "max-age=39408038 ; cybers=39408038 ; " +

410 good_pin + ";" + backup_pin + "; ",

411 ssl_info));

412 expiry = now + base::TimeDelta::FromSeconds(

413 std::min(TransportSecurityState::kMaxHSTSAgeSecs, 394082038l));

414 EXPECT_EQ(expiry, state.dynamic_spki_hashes_expiry);

415

416 EXPECT_TRUE(state.ParsePinsHeader(

417 now,

418 " max-age=0 ; " + good_pin + ";" + backup_pin,

419 ssl_info));

420 expiry = now + base::TimeDelta::FromSeconds(0);

421 EXPECT_EQ(expiry, state.dynamic_spki_hashes_expiry);

422

423 EXPECT_TRUE(state.ParsePinsHeader(

424 now,

425 " max-age=999999999999999999999999999999999999999999999 ; " +

426 backup_pin + ";" + good_pin + "; ",

427 ssl_info));

428 expiry = now +

429 base::TimeDelta::FromSeconds(TransportSecurityState::kMaxHSTSAgeSecs);

430 EXPECT_EQ(expiry, state.dynamic_spki_hashes_expiry);

431 }

432

433 TEST_F(TransportSecurityStateTest, ValidPinsHeadersSHA1) {

434 TestValidPinsHeaders(HASH_VALUE_SHA1);

435 }

436

437 TEST_F(TransportSecurityStateTest, ValidPinsHeadersSHA256) {

438 TestValidPinsHeaders(HASH_VALUE_SHA256);

439 }

440	48

441 TEST_F(TransportSecurityStateTest, SimpleMatches) {	49 TEST_F(TransportSecurityStateTest, SimpleMatches) {

442 TransportSecurityState state;	50 TransportSecurityState state;

443 TransportSecurityState::DomainState domain_state;	51 TransportSecurityState::DomainState domain_state;

444 const base::Time current_time(base::Time::Now());	52 const base::Time current_time(base::Time::Now());

445 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);	53 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);

446	54

447 EXPECT_FALSE(state.GetDomainState("yahoo.com", true, &domain_state));	55 EXPECT_FALSE(state.GetDomainState("yahoo.com", true, &domain_state));

448 domain_state.upgrade_expiry = expiry;	56 domain_state.upgrade_expiry = expiry;

449 state.EnableHost("yahoo.com", domain_state);	57 state.EnableHost("yahoo.com", domain_state);

(...skipping 456 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
906 EXPECT_TRUE(HasPins("dev.twitter.com"));	514 EXPECT_TRUE(HasPins("dev.twitter.com"));

907 EXPECT_TRUE(HasPins("business.twitter.com"));	515 EXPECT_TRUE(HasPins("business.twitter.com"));

908 EXPECT_TRUE(HasPins("platform.twitter.com"));	516 EXPECT_TRUE(HasPins("platform.twitter.com"));

909 EXPECT_TRUE(HasPins("si0.twimg.com"));	517 EXPECT_TRUE(HasPins("si0.twimg.com"));

910 EXPECT_TRUE(HasPins("twimg0-a.akamaihd.net"));	518 EXPECT_TRUE(HasPins("twimg0-a.akamaihd.net"));

911 }	519 }

912	520

913 static bool AddHash(const std::string& type_and_base64,	521 static bool AddHash(const std::string& type_and_base64,

914 HashValueVector* out) {	522 HashValueVector* out) {

915 HashValue hash;	523 HashValue hash;

916	524 if (!hash.ParseBase64String(type_and_base64))

917 if (!TransportSecurityState::ParsePin(type_and_base64, &hash))

918 return false;	525 return false;

919	526

920 out->push_back(hash);	527 out->push_back(hash);

921 return true;	528 return true;

922 }	529 }

923	530

924 TEST_F(TransportSecurityStateTest, PinValidationWithRejectedCerts) {	531 TEST_F(TransportSecurityStateTest, PinValidationWithRejectedCerts) {

925 // kGoodPath is plus.google.com via Google Internet Authority.	532 // kGoodPath is plus.google.com via Google Internet Authority.

926 static const char* kGoodPath[] = {	533 static const char* kGoodPath[] = {

927 "sha1/4BjDjn8v2lWeUFQnqSs0BgbIcrU=",	534 "sha1/4BjDjn8v2lWeUFQnqSs0BgbIcrU=",

(...skipping 292 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1220 // Expect to fail for SNI hosts when not searching the SNI list:	827 // Expect to fail for SNI hosts when not searching the SNI list:

1221 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty(	828 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty(

1222 "gmail.com", false));	829 "gmail.com", false));

1223 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty(	830 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty(

1224 "googlegroups.com", false));	831 "googlegroups.com", false));

1225 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty(	832 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty(

1226 "www.googlegroups.com", false));	833 "www.googlegroups.com", false));

1227 }	834 }

1228	835

1229 } // namespace net	836 } // namespace net

OLD	NEW

« no previous file with comments | « net/base/transport_security_state_static_generate.go ('k') | net/base/x509_cert_types.h » ('j') | net/base/x509_cert_types.h » ('J')