OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/http/transport_security_persister.h" | 5 #include "net/http/transport_security_persister.h" |
6 | 6 |
7 #include <map> | 7 #include <map> |
8 #include <string> | 8 #include <string> |
9 #include <vector> | 9 #include <vector> |
10 | 10 |
11 #include "base/files/file_path.h" | 11 #include "base/files/file_path.h" |
12 #include "base/files/file_util.h" | 12 #include "base/files/file_util.h" |
13 #include "base/files/scoped_temp_dir.h" | 13 #include "base/files/scoped_temp_dir.h" |
14 #include "base/message_loop/message_loop.h" | 14 #include "base/message_loop/message_loop.h" |
15 #include "net/http/transport_security_state.h" | 15 #include "net/http/transport_security_state.h" |
16 #include "testing/gtest/include/gtest/gtest.h" | 16 #include "testing/gtest/include/gtest/gtest.h" |
17 | 17 |
18 namespace net { | 18 namespace net { |
19 | 19 |
20 namespace { | 20 namespace { |
21 | 21 |
22 const char kReportUri[] = "http://www.example.com/report"; | |
23 | |
22 class TransportSecurityPersisterTest : public testing::Test { | 24 class TransportSecurityPersisterTest : public testing::Test { |
23 public: | 25 public: |
24 TransportSecurityPersisterTest() { | 26 TransportSecurityPersisterTest() { |
25 } | 27 } |
26 | 28 |
27 ~TransportSecurityPersisterTest() override { | 29 ~TransportSecurityPersisterTest() override { |
28 base::MessageLoopForIO::current()->RunUntilIdle(); | 30 base::MessageLoopForIO::current()->RunUntilIdle(); |
29 } | 31 } |
30 | 32 |
31 void SetUp() override { | 33 void SetUp() override { |
(...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
92 HashValue fp2(HASH_VALUE_SHA1); | 94 HashValue fp2(HASH_VALUE_SHA1); |
93 memset(fp2.data(), 1, fp2.size()); | 95 memset(fp2.data(), 1, fp2.size()); |
94 base::Time expiry = | 96 base::Time expiry = |
95 base::Time::Now() + base::TimeDelta::FromSeconds(1000); | 97 base::Time::Now() + base::TimeDelta::FromSeconds(1000); |
96 HashValueVector dynamic_spki_hashes; | 98 HashValueVector dynamic_spki_hashes; |
97 dynamic_spki_hashes.push_back(fp1); | 99 dynamic_spki_hashes.push_back(fp1); |
98 dynamic_spki_hashes.push_back(fp2); | 100 dynamic_spki_hashes.push_back(fp2); |
99 bool include_subdomains = false; | 101 bool include_subdomains = false; |
100 state_.AddHSTS("www.example.com", expiry, include_subdomains); | 102 state_.AddHSTS("www.example.com", expiry, include_subdomains); |
101 state_.AddHPKP("www.example.com", expiry, include_subdomains, | 103 state_.AddHPKP("www.example.com", expiry, include_subdomains, |
102 dynamic_spki_hashes); | 104 dynamic_spki_hashes, kReportUri); |
103 | 105 |
104 // Add another entry. | 106 // Add another entry. |
105 memset(fp1.data(), 2, fp1.size()); | 107 memset(fp1.data(), 2, fp1.size()); |
106 memset(fp2.data(), 3, fp2.size()); | 108 memset(fp2.data(), 3, fp2.size()); |
107 expiry = | 109 expiry = |
108 base::Time::Now() + base::TimeDelta::FromSeconds(3000); | 110 base::Time::Now() + base::TimeDelta::FromSeconds(3000); |
109 dynamic_spki_hashes.push_back(fp1); | 111 dynamic_spki_hashes.push_back(fp1); |
110 dynamic_spki_hashes.push_back(fp2); | 112 dynamic_spki_hashes.push_back(fp2); |
111 state_.AddHSTS("www.example.net", expiry, include_subdomains); | 113 state_.AddHSTS("www.example.net", expiry, include_subdomains); |
112 state_.AddHPKP("www.example.net", expiry, include_subdomains, | 114 state_.AddHPKP("www.example.net", expiry, include_subdomains, |
113 dynamic_spki_hashes); | 115 dynamic_spki_hashes, kReportUri); |
114 | 116 |
115 // Save a copy of everything. | 117 // Save a copy of everything. |
116 std::set<std::string> sts_saved; | 118 std::set<std::string> sts_saved; |
117 TransportSecurityState::STSStateIterator sts_iter(state_); | 119 TransportSecurityState::STSStateIterator sts_iter(state_); |
118 while (sts_iter.HasNext()) { | 120 while (sts_iter.HasNext()) { |
119 sts_saved.insert(sts_iter.hostname()); | 121 sts_saved.insert(sts_iter.hostname()); |
120 sts_iter.Advance(); | 122 sts_iter.Advance(); |
121 } | 123 } |
122 | 124 |
123 std::set<std::string> pkp_saved; | 125 std::set<std::string> pkp_saved; |
(...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
175 "\"mode\": \"strict\" " | 177 "\"mode\": \"strict\" " |
176 "}" | 178 "}" |
177 "}"; | 179 "}"; |
178 bool dirty; | 180 bool dirty; |
179 EXPECT_TRUE(persister_->LoadEntries(output, &dirty)); | 181 EXPECT_TRUE(persister_->LoadEntries(output, &dirty)); |
180 EXPECT_TRUE(dirty); | 182 EXPECT_TRUE(dirty); |
181 } | 183 } |
182 | 184 |
183 TEST_F(TransportSecurityPersisterTest, PublicKeyHashes) { | 185 TEST_F(TransportSecurityPersisterTest, PublicKeyHashes) { |
184 TransportSecurityState::PKPState pkp_state; | 186 TransportSecurityState::PKPState pkp_state; |
187 static const char kReportUri[] = "http://example.com/test"; | |
davidben
2015/07/15 22:21:06
Remove this line in favor of the global one? (Conf
estark
2015/07/16 00:07:01
Done.
| |
185 static const char kTestDomain[] = "example.com"; | 188 static const char kTestDomain[] = "example.com"; |
189 | |
186 EXPECT_FALSE(state_.GetDynamicPKPState(kTestDomain, &pkp_state)); | 190 EXPECT_FALSE(state_.GetDynamicPKPState(kTestDomain, &pkp_state)); |
187 HashValueVector hashes; | 191 HashValueVector hashes; |
188 std::string failure_log; | 192 std::string failure_log; |
189 EXPECT_FALSE(pkp_state.CheckPublicKeyPins(hashes, &failure_log)); | 193 EXPECT_FALSE(pkp_state.CheckPublicKeyPins(hashes, &failure_log)); |
190 | 194 |
191 HashValue sha1(HASH_VALUE_SHA1); | 195 HashValue sha1(HASH_VALUE_SHA1); |
192 memset(sha1.data(), '1', sha1.size()); | 196 memset(sha1.data(), '1', sha1.size()); |
193 pkp_state.spki_hashes.push_back(sha1); | 197 pkp_state.spki_hashes.push_back(sha1); |
194 | 198 |
195 EXPECT_FALSE(pkp_state.CheckPublicKeyPins(hashes, &failure_log)); | 199 EXPECT_FALSE(pkp_state.CheckPublicKeyPins(hashes, &failure_log)); |
196 | 200 |
197 hashes.push_back(sha1); | 201 hashes.push_back(sha1); |
198 EXPECT_TRUE(pkp_state.CheckPublicKeyPins(hashes, &failure_log)); | 202 EXPECT_TRUE(pkp_state.CheckPublicKeyPins(hashes, &failure_log)); |
199 | 203 |
200 hashes[0].data()[0] = '2'; | 204 hashes[0].data()[0] = '2'; |
201 EXPECT_FALSE(pkp_state.CheckPublicKeyPins(hashes, &failure_log)); | 205 EXPECT_FALSE(pkp_state.CheckPublicKeyPins(hashes, &failure_log)); |
202 | 206 |
203 const base::Time current_time(base::Time::Now()); | 207 const base::Time current_time(base::Time::Now()); |
204 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); | 208 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); |
205 bool include_subdomains = false; | 209 bool include_subdomains = false; |
206 state_.AddHSTS(kTestDomain, expiry, include_subdomains); | 210 state_.AddHSTS(kTestDomain, expiry, include_subdomains); |
207 state_.AddHPKP(kTestDomain, expiry, include_subdomains, | 211 state_.AddHPKP(kTestDomain, expiry, include_subdomains, pkp_state.spki_hashes, |
208 pkp_state.spki_hashes); | 212 kReportUri); |
209 std::string serialized; | 213 std::string serialized; |
210 EXPECT_TRUE(persister_->SerializeData(&serialized)); | 214 EXPECT_TRUE(persister_->SerializeData(&serialized)); |
211 bool dirty; | 215 bool dirty; |
216 EXPECT_TRUE(persister_->LoadEntries(serialized, &dirty)); | |
217 | |
218 TransportSecurityState::PKPState new_pkp_state; | |
219 EXPECT_TRUE(state_.GetDynamicPKPState(kTestDomain, &new_pkp_state)); | |
220 EXPECT_EQ(1u, new_pkp_state.spki_hashes.size()); | |
221 EXPECT_EQ(sha1.tag, new_pkp_state.spki_hashes[0].tag); | |
222 EXPECT_EQ( | |
223 0, memcmp(new_pkp_state.spki_hashes[0].data(), sha1.data(), sha1.size())); | |
224 EXPECT_EQ(kReportUri, new_pkp_state.report_uri); | |
225 } | |
226 | |
227 TEST_F(TransportSecurityPersisterTest, PublicKeyPinReportUri) { | |
davidben
2015/07/15 22:21:06
Isn't this test the same as the one above, or am I
estark
2015/07/16 00:07:01
Er, sorry, don't know what I was thinking there. D
| |
228 TransportSecurityState::PKPState pkp_state; | |
229 static const char kTestDomain[] = "example.com"; | |
230 static const char kTestReportUri[] = "http://example.com/report"; | |
231 | |
232 EXPECT_FALSE(state_.GetDynamicPKPState(kTestDomain, &pkp_state)); | |
233 HashValueVector hashes; | |
234 std::string failure_log; | |
235 EXPECT_FALSE(pkp_state.CheckPublicKeyPins(hashes, &failure_log)); | |
236 | |
237 HashValue sha1(HASH_VALUE_SHA1); | |
238 memset(sha1.data(), '1', sha1.size()); | |
239 pkp_state.spki_hashes.push_back(sha1); | |
240 | |
241 EXPECT_FALSE(pkp_state.CheckPublicKeyPins(hashes, &failure_log)); | |
242 | |
243 hashes.push_back(sha1); | |
244 EXPECT_TRUE(pkp_state.CheckPublicKeyPins(hashes, &failure_log)); | |
245 | |
246 hashes[0].data()[0] = '2'; | |
247 EXPECT_FALSE(pkp_state.CheckPublicKeyPins(hashes, &failure_log)); | |
248 | |
249 const base::Time current_time(base::Time::Now()); | |
250 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); | |
251 bool include_subdomains = false; | |
252 state_.AddHPKP(kTestDomain, expiry, include_subdomains, pkp_state.spki_hashes, | |
253 kTestReportUri); | |
254 std::string serialized; | |
255 EXPECT_TRUE(persister_->SerializeData(&serialized)); | |
256 bool dirty; | |
212 EXPECT_TRUE(persister_->LoadEntries(serialized, &dirty)); | 257 EXPECT_TRUE(persister_->LoadEntries(serialized, &dirty)); |
213 | 258 |
214 TransportSecurityState::PKPState new_pkp_state; | 259 TransportSecurityState::PKPState new_pkp_state; |
215 EXPECT_TRUE(state_.GetDynamicPKPState(kTestDomain, &new_pkp_state)); | 260 EXPECT_TRUE(state_.GetDynamicPKPState(kTestDomain, &new_pkp_state)); |
216 EXPECT_EQ(1u, new_pkp_state.spki_hashes.size()); | 261 EXPECT_EQ(1u, new_pkp_state.spki_hashes.size()); |
217 EXPECT_EQ(sha1.tag, new_pkp_state.spki_hashes[0].tag); | 262 EXPECT_EQ(sha1.tag, new_pkp_state.spki_hashes[0].tag); |
218 EXPECT_EQ( | 263 EXPECT_EQ( |
219 0, memcmp(new_pkp_state.spki_hashes[0].data(), sha1.data(), sha1.size())); | 264 0, memcmp(new_pkp_state.spki_hashes[0].data(), sha1.data(), sha1.size())); |
265 EXPECT_EQ(kTestReportUri, new_pkp_state.report_uri); | |
220 } | 266 } |
221 | 267 |
222 } // namespace | 268 } // namespace |
223 | 269 |
224 } // namespace net | 270 } // namespace net |
OLD | NEW |