net/http/transport_security_persister_unittest.cc - Issue 1211363005: Parse HPKP report-uri and persist in TransportSecurityPersister

Side by Side Diff: net/http/transport_security_persister_unittest.cc

Issue 1211363005: Parse HPKP report-uri and persist in TransportSecurityPersister (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: rebase Created 5 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/http/transport_security_persister.h"	5 #include "net/http/transport_security_persister.h"

6	6

7 #include <map>	7 #include <map>

8 #include <string>	8 #include <string>

9 #include <vector>	9 #include <vector>

10	10

11 #include "base/files/file_path.h"	11 #include "base/files/file_path.h"

12 #include "base/files/file_util.h"	12 #include "base/files/file_util.h"

13 #include "base/files/scoped_temp_dir.h"	13 #include "base/files/scoped_temp_dir.h"

14 #include "base/message_loop/message_loop.h"	14 #include "base/message_loop/message_loop.h"

15 #include "net/http/transport_security_state.h"	15 #include "net/http/transport_security_state.h"

16 #include "testing/gtest/include/gtest/gtest.h"	16 #include "testing/gtest/include/gtest/gtest.h"

17	17

18 namespace net {	18 namespace net {

19	19

20 namespace {	20 namespace {

21	21

	22 const char kReportUri[] = "http://www.example.com/report";

	23

22 class TransportSecurityPersisterTest : public testing::Test {	24 class TransportSecurityPersisterTest : public testing::Test {

23 public:	25 public:

24 TransportSecurityPersisterTest() {	26 TransportSecurityPersisterTest() {

25 }	27 }

26	28

27 ~TransportSecurityPersisterTest() override {	29 ~TransportSecurityPersisterTest() override {

28 base::MessageLoopForIO::current()->RunUntilIdle();	30 base::MessageLoopForIO::current()->RunUntilIdle();

29 }	31 }

30	32

31 void SetUp() override {	33 void SetUp() override {

(...skipping 60 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
92 HashValue fp2(HASH_VALUE_SHA1);	94 HashValue fp2(HASH_VALUE_SHA1);

93 memset(fp2.data(), 1, fp2.size());	95 memset(fp2.data(), 1, fp2.size());

94 base::Time expiry =	96 base::Time expiry =

95 base::Time::Now() + base::TimeDelta::FromSeconds(1000);	97 base::Time::Now() + base::TimeDelta::FromSeconds(1000);

96 HashValueVector dynamic_spki_hashes;	98 HashValueVector dynamic_spki_hashes;

97 dynamic_spki_hashes.push_back(fp1);	99 dynamic_spki_hashes.push_back(fp1);

98 dynamic_spki_hashes.push_back(fp2);	100 dynamic_spki_hashes.push_back(fp2);

99 bool include_subdomains = false;	101 bool include_subdomains = false;

100 state_.AddHSTS("www.example.com", expiry, include_subdomains);	102 state_.AddHSTS("www.example.com", expiry, include_subdomains);

101 state_.AddHPKP("www.example.com", expiry, include_subdomains,	103 state_.AddHPKP("www.example.com", expiry, include_subdomains,

102 dynamic_spki_hashes);	104 dynamic_spki_hashes, kReportUri);

103	105

104 // Add another entry.	106 // Add another entry.

105 memset(fp1.data(), 2, fp1.size());	107 memset(fp1.data(), 2, fp1.size());

106 memset(fp2.data(), 3, fp2.size());	108 memset(fp2.data(), 3, fp2.size());

107 expiry =	109 expiry =

108 base::Time::Now() + base::TimeDelta::FromSeconds(3000);	110 base::Time::Now() + base::TimeDelta::FromSeconds(3000);

109 dynamic_spki_hashes.push_back(fp1);	111 dynamic_spki_hashes.push_back(fp1);

110 dynamic_spki_hashes.push_back(fp2);	112 dynamic_spki_hashes.push_back(fp2);

111 state_.AddHSTS("www.example.net", expiry, include_subdomains);	113 state_.AddHSTS("www.example.net", expiry, include_subdomains);

112 state_.AddHPKP("www.example.net", expiry, include_subdomains,	114 state_.AddHPKP("www.example.net", expiry, include_subdomains,

113 dynamic_spki_hashes);	115 dynamic_spki_hashes, kReportUri);

114	116

115 // Save a copy of everything.	117 // Save a copy of everything.

116 std::set<std::string> sts_saved;	118 std::set<std::string> sts_saved;

117 TransportSecurityState::STSStateIterator sts_iter(state_);	119 TransportSecurityState::STSStateIterator sts_iter(state_);

118 while (sts_iter.HasNext()) {	120 while (sts_iter.HasNext()) {

119 sts_saved.insert(sts_iter.hostname());	121 sts_saved.insert(sts_iter.hostname());

120 sts_iter.Advance();	122 sts_iter.Advance();

121 }	123 }

122	124

123 std::set<std::string> pkp_saved;	125 std::set<std::string> pkp_saved;

(...skipping 51 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
175 "\"mode\": \"strict\" "	177 "\"mode\": \"strict\" "

176 "}"	178 "}"

177 "}";	179 "}";

178 bool dirty;	180 bool dirty;

179 EXPECT_TRUE(persister_->LoadEntries(output, &dirty));	181 EXPECT_TRUE(persister_->LoadEntries(output, &dirty));

180 EXPECT_TRUE(dirty);	182 EXPECT_TRUE(dirty);

181 }	183 }

182	184

183 TEST_F(TransportSecurityPersisterTest, PublicKeyHashes) {	185 TEST_F(TransportSecurityPersisterTest, PublicKeyHashes) {

184 TransportSecurityState::PKPState pkp_state;	186 TransportSecurityState::PKPState pkp_state;

	187 static const char kReportUri[] = "http://example.com/test";
	davidben 2015/07/15 22:21:06 Remove this line in favor of the global one? (Conf Remove this line in favor of the global one? (Confusing the shadow the name anyway.) estark 2015/07/16 00:07:01 Done. Show quoted text On 2015/07/15 22:21:06, David Benjamin wrote: > Remove this line in favor of the global one? (Confusing the shadow the name > anyway.) Done.
185 static const char kTestDomain[] = "example.com";	188 static const char kTestDomain[] = "example.com";

	189

186 EXPECT_FALSE(state_.GetDynamicPKPState(kTestDomain, &pkp_state));	190 EXPECT_FALSE(state_.GetDynamicPKPState(kTestDomain, &pkp_state));

187 HashValueVector hashes;	191 HashValueVector hashes;

188 std::string failure_log;	192 std::string failure_log;

189 EXPECT_FALSE(pkp_state.CheckPublicKeyPins(hashes, &failure_log));	193 EXPECT_FALSE(pkp_state.CheckPublicKeyPins(hashes, &failure_log));

190	194

191 HashValue sha1(HASH_VALUE_SHA1);	195 HashValue sha1(HASH_VALUE_SHA1);

192 memset(sha1.data(), '1', sha1.size());	196 memset(sha1.data(), '1', sha1.size());

193 pkp_state.spki_hashes.push_back(sha1);	197 pkp_state.spki_hashes.push_back(sha1);

194	198

195 EXPECT_FALSE(pkp_state.CheckPublicKeyPins(hashes, &failure_log));	199 EXPECT_FALSE(pkp_state.CheckPublicKeyPins(hashes, &failure_log));

196	200

197 hashes.push_back(sha1);	201 hashes.push_back(sha1);

198 EXPECT_TRUE(pkp_state.CheckPublicKeyPins(hashes, &failure_log));	202 EXPECT_TRUE(pkp_state.CheckPublicKeyPins(hashes, &failure_log));

199	203

200 hashes[0].data()[0] = '2';	204 hashes[0].data()[0] = '2';

201 EXPECT_FALSE(pkp_state.CheckPublicKeyPins(hashes, &failure_log));	205 EXPECT_FALSE(pkp_state.CheckPublicKeyPins(hashes, &failure_log));

202	206

203 const base::Time current_time(base::Time::Now());	207 const base::Time current_time(base::Time::Now());

204 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);	208 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);

205 bool include_subdomains = false;	209 bool include_subdomains = false;

206 state_.AddHSTS(kTestDomain, expiry, include_subdomains);	210 state_.AddHSTS(kTestDomain, expiry, include_subdomains);

207 state_.AddHPKP(kTestDomain, expiry, include_subdomains,	211 state_.AddHPKP(kTestDomain, expiry, include_subdomains, pkp_state.spki_hashes,

208 pkp_state.spki_hashes);	212 kReportUri);

209 std::string serialized;	213 std::string serialized;

210 EXPECT_TRUE(persister_->SerializeData(&serialized));	214 EXPECT_TRUE(persister_->SerializeData(&serialized));

211 bool dirty;	215 bool dirty;

	216 EXPECT_TRUE(persister_->LoadEntries(serialized, &dirty));

	217

	218 TransportSecurityState::PKPState new_pkp_state;

	219 EXPECT_TRUE(state_.GetDynamicPKPState(kTestDomain, &new_pkp_state));

	220 EXPECT_EQ(1u, new_pkp_state.spki_hashes.size());

	221 EXPECT_EQ(sha1.tag, new_pkp_state.spki_hashes[0].tag);

	222 EXPECT_EQ(

	223 0, memcmp(new_pkp_state.spki_hashes[0].data(), sha1.data(), sha1.size()));

	224 EXPECT_EQ(kReportUri, new_pkp_state.report_uri);

	225 }

	226

	227 TEST_F(TransportSecurityPersisterTest, PublicKeyPinReportUri) {
	davidben 2015/07/15 22:21:06 Isn't this test the same as the one above, or am I Isn't this test the same as the one above, or am I missing something? (Maybe just rename it to PublicKeyPins.) estark 2015/07/16 00:07:01 Er, sorry, don't know what I was thinking there. D Show quoted text On 2015/07/15 22:21:06, David Benjamin wrote: > Isn't this test the same as the one above, or am I missing something? (Maybe > just rename it to PublicKeyPins.) Er, sorry, don't know what I was thinking there. Done.
	228 TransportSecurityState::PKPState pkp_state;

	229 static const char kTestDomain[] = "example.com";

	230 static const char kTestReportUri[] = "http://example.com/report";

	231

	232 EXPECT_FALSE(state_.GetDynamicPKPState(kTestDomain, &pkp_state));

	233 HashValueVector hashes;

	234 std::string failure_log;

	235 EXPECT_FALSE(pkp_state.CheckPublicKeyPins(hashes, &failure_log));

	236

	237 HashValue sha1(HASH_VALUE_SHA1);

	238 memset(sha1.data(), '1', sha1.size());

	239 pkp_state.spki_hashes.push_back(sha1);

	240

	241 EXPECT_FALSE(pkp_state.CheckPublicKeyPins(hashes, &failure_log));

	242

	243 hashes.push_back(sha1);

	244 EXPECT_TRUE(pkp_state.CheckPublicKeyPins(hashes, &failure_log));

	245

	246 hashes[0].data()[0] = '2';

	247 EXPECT_FALSE(pkp_state.CheckPublicKeyPins(hashes, &failure_log));

	248

	249 const base::Time current_time(base::Time::Now());

	250 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);

	251 bool include_subdomains = false;

	252 state_.AddHPKP(kTestDomain, expiry, include_subdomains, pkp_state.spki_hashes,

	253 kTestReportUri);

	254 std::string serialized;

	255 EXPECT_TRUE(persister_->SerializeData(&serialized));

	256 bool dirty;

212 EXPECT_TRUE(persister_->LoadEntries(serialized, &dirty));	257 EXPECT_TRUE(persister_->LoadEntries(serialized, &dirty));

213	258

214 TransportSecurityState::PKPState new_pkp_state;	259 TransportSecurityState::PKPState new_pkp_state;

215 EXPECT_TRUE(state_.GetDynamicPKPState(kTestDomain, &new_pkp_state));	260 EXPECT_TRUE(state_.GetDynamicPKPState(kTestDomain, &new_pkp_state));

216 EXPECT_EQ(1u, new_pkp_state.spki_hashes.size());	261 EXPECT_EQ(1u, new_pkp_state.spki_hashes.size());

217 EXPECT_EQ(sha1.tag, new_pkp_state.spki_hashes[0].tag);	262 EXPECT_EQ(sha1.tag, new_pkp_state.spki_hashes[0].tag);

218 EXPECT_EQ(	263 EXPECT_EQ(

219 0, memcmp(new_pkp_state.spki_hashes[0].data(), sha1.data(), sha1.size()));	264 0, memcmp(new_pkp_state.spki_hashes[0].data(), sha1.data(), sha1.size()));

	265 EXPECT_EQ(kTestReportUri, new_pkp_state.report_uri);

220 }	266 }

221	267

222 } // namespace	268 } // namespace

223	269

224 } // namespace net	270 } // namespace net

OLD	NEW

« net/http/http_util_unittest.cc ('K') | « net/http/transport_security_persister.cc ('k') | net/http/transport_security_state.h » ('j') | net/http/transport_security_state.h » ('J')