Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(134)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/http/transport_security_persister_unittest.cc

Issue 1211363005: Parse HPKP report-uri and persist in TransportSecurityPersister (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: davidben comments Created 5 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« net/http/http_util.cc ('K') | « net/http/transport_security_persister.cc ('k') | net/http/transport_security_state.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/http/transport_security_persister.h" 5 #include "net/http/transport_security_persister.h"
6 6
7 #include <map> 7 #include <map>
8 #include <string> 8 #include <string>
9 #include <vector> 9 #include <vector>
10 10
11 #include "base/files/file_path.h" 11 #include "base/files/file_path.h"
12 #include "base/files/file_util.h" 12 #include "base/files/file_util.h"
13 #include "base/files/scoped_temp_dir.h" 13 #include "base/files/scoped_temp_dir.h"
14 #include "base/message_loop/message_loop.h" 14 #include "base/message_loop/message_loop.h"
15 #include "net/http/transport_security_state.h" 15 #include "net/http/transport_security_state.h"
16 #include "testing/gtest/include/gtest/gtest.h" 16 #include "testing/gtest/include/gtest/gtest.h"
17 17
18 namespace net { 18 namespace net {
19 19
20 namespace { 20 namespace {
21 21
22 const char kReportUri[] = "http://www.example.test/report";
23
22 class TransportSecurityPersisterTest : public testing::Test { 24 class TransportSecurityPersisterTest : public testing::Test {
23 public: 25 public:
24 TransportSecurityPersisterTest() { 26 TransportSecurityPersisterTest() {
25 } 27 }
26 28
27 ~TransportSecurityPersisterTest() override { 29 ~TransportSecurityPersisterTest() override {
28 base::MessageLoopForIO::current()->RunUntilIdle(); 30 base::MessageLoopForIO::current()->RunUntilIdle();
29 } 31 }
30 32
31 void SetUp() override { 33 void SetUp() override {
(...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after
92 HashValue fp2(HASH_VALUE_SHA1); 94 HashValue fp2(HASH_VALUE_SHA1);
93 memset(fp2.data(), 1, fp2.size()); 95 memset(fp2.data(), 1, fp2.size());
94 base::Time expiry = 96 base::Time expiry =
95 base::Time::Now() + base::TimeDelta::FromSeconds(1000); 97 base::Time::Now() + base::TimeDelta::FromSeconds(1000);
96 HashValueVector dynamic_spki_hashes; 98 HashValueVector dynamic_spki_hashes;
97 dynamic_spki_hashes.push_back(fp1); 99 dynamic_spki_hashes.push_back(fp1);
98 dynamic_spki_hashes.push_back(fp2); 100 dynamic_spki_hashes.push_back(fp2);
99 bool include_subdomains = false; 101 bool include_subdomains = false;
100 state_.AddHSTS("www.example.com", expiry, include_subdomains); 102 state_.AddHSTS("www.example.com", expiry, include_subdomains);
101 state_.AddHPKP("www.example.com", expiry, include_subdomains, 103 state_.AddHPKP("www.example.com", expiry, include_subdomains,
102 dynamic_spki_hashes); 104 dynamic_spki_hashes, kReportUri);
103 105
104 // Add another entry. 106 // Add another entry.
105 memset(fp1.data(), 2, fp1.size()); 107 memset(fp1.data(), 2, fp1.size());
106 memset(fp2.data(), 3, fp2.size()); 108 memset(fp2.data(), 3, fp2.size());
107 expiry = 109 expiry =
108 base::Time::Now() + base::TimeDelta::FromSeconds(3000); 110 base::Time::Now() + base::TimeDelta::FromSeconds(3000);
109 dynamic_spki_hashes.push_back(fp1); 111 dynamic_spki_hashes.push_back(fp1);
110 dynamic_spki_hashes.push_back(fp2); 112 dynamic_spki_hashes.push_back(fp2);
111 state_.AddHSTS("www.example.net", expiry, include_subdomains); 113 state_.AddHSTS("www.example.net", expiry, include_subdomains);
112 state_.AddHPKP("www.example.net", expiry, include_subdomains, 114 state_.AddHPKP("www.example.net", expiry, include_subdomains,
113 dynamic_spki_hashes); 115 dynamic_spki_hashes, kReportUri);
114 116
115 // Save a copy of everything. 117 // Save a copy of everything.
116 std::set<std::string> sts_saved; 118 std::set<std::string> sts_saved;
117 TransportSecurityState::STSStateIterator sts_iter(state_); 119 TransportSecurityState::STSStateIterator sts_iter(state_);
118 while (sts_iter.HasNext()) { 120 while (sts_iter.HasNext()) {
119 sts_saved.insert(sts_iter.hostname()); 121 sts_saved.insert(sts_iter.hostname());
120 sts_iter.Advance(); 122 sts_iter.Advance();
121 } 123 }
122 124
123 std::set<std::string> pkp_saved; 125 std::set<std::string> pkp_saved;
(...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after
173 "\"expiry\": 1266815027.983453, " 175 "\"expiry\": 1266815027.983453, "
174 "\"include_subdomains\": false, " 176 "\"include_subdomains\": false, "
175 "\"mode\": \"strict\" " 177 "\"mode\": \"strict\" "
176 "}" 178 "}"
177 "}"; 179 "}";
178 bool dirty; 180 bool dirty;
179 EXPECT_TRUE(persister_->LoadEntries(output, &dirty)); 181 EXPECT_TRUE(persister_->LoadEntries(output, &dirty));
180 EXPECT_TRUE(dirty); 182 EXPECT_TRUE(dirty);
181 } 183 }
182 184
183 TEST_F(TransportSecurityPersisterTest, PublicKeyHashes) { 185 TEST_F(TransportSecurityPersisterTest, PublicKeyPins) {
184 TransportSecurityState::PKPState pkp_state; 186 TransportSecurityState::PKPState pkp_state;
185 static const char kTestDomain[] = "example.com"; 187 static const char kTestDomain[] = "example.com";
188
186 EXPECT_FALSE(state_.GetDynamicPKPState(kTestDomain, &pkp_state)); 189 EXPECT_FALSE(state_.GetDynamicPKPState(kTestDomain, &pkp_state));
187 HashValueVector hashes; 190 HashValueVector hashes;
188 std::string failure_log; 191 std::string failure_log;
189 EXPECT_FALSE(pkp_state.CheckPublicKeyPins(hashes, &failure_log)); 192 EXPECT_FALSE(pkp_state.CheckPublicKeyPins(hashes, &failure_log));
190 193
191 HashValue sha1(HASH_VALUE_SHA1); 194 HashValue sha1(HASH_VALUE_SHA1);
192 memset(sha1.data(), '1', sha1.size()); 195 memset(sha1.data(), '1', sha1.size());
193 pkp_state.spki_hashes.push_back(sha1); 196 pkp_state.spki_hashes.push_back(sha1);
194 197
195 EXPECT_FALSE(pkp_state.CheckPublicKeyPins(hashes, &failure_log)); 198 EXPECT_FALSE(pkp_state.CheckPublicKeyPins(hashes, &failure_log));
196 199
197 hashes.push_back(sha1); 200 hashes.push_back(sha1);
198 EXPECT_TRUE(pkp_state.CheckPublicKeyPins(hashes, &failure_log)); 201 EXPECT_TRUE(pkp_state.CheckPublicKeyPins(hashes, &failure_log));
199 202
200 hashes[0].data()[0] = '2'; 203 hashes[0].data()[0] = '2';
201 EXPECT_FALSE(pkp_state.CheckPublicKeyPins(hashes, &failure_log)); 204 EXPECT_FALSE(pkp_state.CheckPublicKeyPins(hashes, &failure_log));
202 205
203 const base::Time current_time(base::Time::Now()); 206 const base::Time current_time(base::Time::Now());
204 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); 207 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
205 bool include_subdomains = false; 208 bool include_subdomains = false;
206 state_.AddHSTS(kTestDomain, expiry, include_subdomains); 209 state_.AddHSTS(kTestDomain, expiry, include_subdomains);
207 state_.AddHPKP(kTestDomain, expiry, include_subdomains, 210 state_.AddHPKP(kTestDomain, expiry, include_subdomains, pkp_state.spki_hashes,
208 pkp_state.spki_hashes); 211 kReportUri);
209 std::string serialized; 212 std::string serialized;
210 EXPECT_TRUE(persister_->SerializeData(&serialized)); 213 EXPECT_TRUE(persister_->SerializeData(&serialized));
211 bool dirty; 214 bool dirty;
212 EXPECT_TRUE(persister_->LoadEntries(serialized, &dirty)); 215 EXPECT_TRUE(persister_->LoadEntries(serialized, &dirty));
213 216
214 TransportSecurityState::PKPState new_pkp_state; 217 TransportSecurityState::PKPState new_pkp_state;
215 EXPECT_TRUE(state_.GetDynamicPKPState(kTestDomain, &new_pkp_state)); 218 EXPECT_TRUE(state_.GetDynamicPKPState(kTestDomain, &new_pkp_state));
216 EXPECT_EQ(1u, new_pkp_state.spki_hashes.size()); 219 EXPECT_EQ(1u, new_pkp_state.spki_hashes.size());
217 EXPECT_EQ(sha1.tag, new_pkp_state.spki_hashes[0].tag); 220 EXPECT_EQ(sha1.tag, new_pkp_state.spki_hashes[0].tag);
218 EXPECT_EQ( 221 EXPECT_EQ(
219 0, memcmp(new_pkp_state.spki_hashes[0].data(), sha1.data(), sha1.size())); 222 0, memcmp(new_pkp_state.spki_hashes[0].data(), sha1.data(), sha1.size()));
223 EXPECT_EQ(kReportUri, new_pkp_state.report_uri);
220 } 224 }
221 225
222 } // namespace 226 } // namespace
223 227
224 } // namespace net 228 } // namespace net
OLDNEW
« net/http/http_util.cc ('K') | « net/http/transport_security_persister.cc ('k') | net/http/transport_security_state.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698