| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/http/transport_security_persister.h" | 5 #include "net/http/transport_security_persister.h" |
| 6 | 6 |
| 7 #include <map> | 7 #include <map> |
| 8 #include <string> | 8 #include <string> |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| 11 #include "base/files/file_path.h" | 11 #include "base/files/file_path.h" |
| 12 #include "base/files/file_util.h" | 12 #include "base/files/file_util.h" |
| 13 #include "base/files/scoped_temp_dir.h" | 13 #include "base/files/scoped_temp_dir.h" |
| 14 #include "base/message_loop/message_loop.h" | 14 #include "base/message_loop/message_loop.h" |
| 15 #include "net/http/transport_security_state.h" | 15 #include "net/http/transport_security_state.h" |
| 16 #include "testing/gtest/include/gtest/gtest.h" | 16 #include "testing/gtest/include/gtest/gtest.h" |
| 17 | 17 |
| 18 namespace net { | 18 namespace net { |
| 19 | 19 |
| 20 namespace { | 20 namespace { |
| 21 | 21 |
| 22 const char kReportUri[] = "http://www.example.test/report"; |
| 23 |
| 22 class TransportSecurityPersisterTest : public testing::Test { | 24 class TransportSecurityPersisterTest : public testing::Test { |
| 23 public: | 25 public: |
| 24 TransportSecurityPersisterTest() { | 26 TransportSecurityPersisterTest() { |
| 25 } | 27 } |
| 26 | 28 |
| 27 ~TransportSecurityPersisterTest() override { | 29 ~TransportSecurityPersisterTest() override { |
| 28 base::MessageLoopForIO::current()->RunUntilIdle(); | 30 base::MessageLoopForIO::current()->RunUntilIdle(); |
| 29 } | 31 } |
| 30 | 32 |
| 31 void SetUp() override { | 33 void SetUp() override { |
| (...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 79 EXPECT_TRUE(state_.GetDynamicSTSState("foo.bar.yahoo.com", &sts_state)); | 81 EXPECT_TRUE(state_.GetDynamicSTSState("foo.bar.yahoo.com", &sts_state)); |
| 80 EXPECT_EQ(sts_state.upgrade_mode, | 82 EXPECT_EQ(sts_state.upgrade_mode, |
| 81 TransportSecurityState::STSState::MODE_FORCE_HTTPS); | 83 TransportSecurityState::STSState::MODE_FORCE_HTTPS); |
| 82 EXPECT_TRUE(state_.GetDynamicSTSState("foo.bar.baz.yahoo.com", &sts_state)); | 84 EXPECT_TRUE(state_.GetDynamicSTSState("foo.bar.baz.yahoo.com", &sts_state)); |
| 83 EXPECT_EQ(sts_state.upgrade_mode, | 85 EXPECT_EQ(sts_state.upgrade_mode, |
| 84 TransportSecurityState::STSState::MODE_FORCE_HTTPS); | 86 TransportSecurityState::STSState::MODE_FORCE_HTTPS); |
| 85 EXPECT_FALSE(state_.GetStaticDomainState("com", &sts_state, &pkp_state)); | 87 EXPECT_FALSE(state_.GetStaticDomainState("com", &sts_state, &pkp_state)); |
| 86 } | 88 } |
| 87 | 89 |
| 88 TEST_F(TransportSecurityPersisterTest, SerializeData3) { | 90 TEST_F(TransportSecurityPersisterTest, SerializeData3) { |
| 91 const GURL report_uri(kReportUri); |
| 89 // Add an entry. | 92 // Add an entry. |
| 90 HashValue fp1(HASH_VALUE_SHA1); | 93 HashValue fp1(HASH_VALUE_SHA1); |
| 91 memset(fp1.data(), 0, fp1.size()); | 94 memset(fp1.data(), 0, fp1.size()); |
| 92 HashValue fp2(HASH_VALUE_SHA1); | 95 HashValue fp2(HASH_VALUE_SHA1); |
| 93 memset(fp2.data(), 1, fp2.size()); | 96 memset(fp2.data(), 1, fp2.size()); |
| 94 base::Time expiry = | 97 base::Time expiry = |
| 95 base::Time::Now() + base::TimeDelta::FromSeconds(1000); | 98 base::Time::Now() + base::TimeDelta::FromSeconds(1000); |
| 96 HashValueVector dynamic_spki_hashes; | 99 HashValueVector dynamic_spki_hashes; |
| 97 dynamic_spki_hashes.push_back(fp1); | 100 dynamic_spki_hashes.push_back(fp1); |
| 98 dynamic_spki_hashes.push_back(fp2); | 101 dynamic_spki_hashes.push_back(fp2); |
| 99 bool include_subdomains = false; | 102 bool include_subdomains = false; |
| 100 state_.AddHSTS("www.example.com", expiry, include_subdomains); | 103 state_.AddHSTS("www.example.com", expiry, include_subdomains); |
| 101 state_.AddHPKP("www.example.com", expiry, include_subdomains, | 104 state_.AddHPKP("www.example.com", expiry, include_subdomains, |
| 102 dynamic_spki_hashes); | 105 dynamic_spki_hashes, report_uri); |
| 103 | 106 |
| 104 // Add another entry. | 107 // Add another entry. |
| 105 memset(fp1.data(), 2, fp1.size()); | 108 memset(fp1.data(), 2, fp1.size()); |
| 106 memset(fp2.data(), 3, fp2.size()); | 109 memset(fp2.data(), 3, fp2.size()); |
| 107 expiry = | 110 expiry = |
| 108 base::Time::Now() + base::TimeDelta::FromSeconds(3000); | 111 base::Time::Now() + base::TimeDelta::FromSeconds(3000); |
| 109 dynamic_spki_hashes.push_back(fp1); | 112 dynamic_spki_hashes.push_back(fp1); |
| 110 dynamic_spki_hashes.push_back(fp2); | 113 dynamic_spki_hashes.push_back(fp2); |
| 111 state_.AddHSTS("www.example.net", expiry, include_subdomains); | 114 state_.AddHSTS("www.example.net", expiry, include_subdomains); |
| 112 state_.AddHPKP("www.example.net", expiry, include_subdomains, | 115 state_.AddHPKP("www.example.net", expiry, include_subdomains, |
| 113 dynamic_spki_hashes); | 116 dynamic_spki_hashes, report_uri); |
| 114 | 117 |
| 115 // Save a copy of everything. | 118 // Save a copy of everything. |
| 116 std::set<std::string> sts_saved; | 119 std::set<std::string> sts_saved; |
| 117 TransportSecurityState::STSStateIterator sts_iter(state_); | 120 TransportSecurityState::STSStateIterator sts_iter(state_); |
| 118 while (sts_iter.HasNext()) { | 121 while (sts_iter.HasNext()) { |
| 119 sts_saved.insert(sts_iter.hostname()); | 122 sts_saved.insert(sts_iter.hostname()); |
| 120 sts_iter.Advance(); | 123 sts_iter.Advance(); |
| 121 } | 124 } |
| 122 | 125 |
| 123 std::set<std::string> pkp_saved; | 126 std::set<std::string> pkp_saved; |
| (...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 173 "\"expiry\": 1266815027.983453, " | 176 "\"expiry\": 1266815027.983453, " |
| 174 "\"include_subdomains\": false, " | 177 "\"include_subdomains\": false, " |
| 175 "\"mode\": \"strict\" " | 178 "\"mode\": \"strict\" " |
| 176 "}" | 179 "}" |
| 177 "}"; | 180 "}"; |
| 178 bool dirty; | 181 bool dirty; |
| 179 EXPECT_TRUE(persister_->LoadEntries(output, &dirty)); | 182 EXPECT_TRUE(persister_->LoadEntries(output, &dirty)); |
| 180 EXPECT_TRUE(dirty); | 183 EXPECT_TRUE(dirty); |
| 181 } | 184 } |
| 182 | 185 |
| 183 TEST_F(TransportSecurityPersisterTest, PublicKeyHashes) { | 186 TEST_F(TransportSecurityPersisterTest, PublicKeyPins) { |
| 187 const GURL report_uri(kReportUri); |
| 184 TransportSecurityState::PKPState pkp_state; | 188 TransportSecurityState::PKPState pkp_state; |
| 185 static const char kTestDomain[] = "example.com"; | 189 static const char kTestDomain[] = "example.com"; |
| 190 |
| 186 EXPECT_FALSE(state_.GetDynamicPKPState(kTestDomain, &pkp_state)); | 191 EXPECT_FALSE(state_.GetDynamicPKPState(kTestDomain, &pkp_state)); |
| 187 HashValueVector hashes; | 192 HashValueVector hashes; |
| 188 std::string failure_log; | 193 std::string failure_log; |
| 189 EXPECT_FALSE(pkp_state.CheckPublicKeyPins(hashes, &failure_log)); | 194 EXPECT_FALSE(pkp_state.CheckPublicKeyPins(hashes, &failure_log)); |
| 190 | 195 |
| 191 HashValue sha1(HASH_VALUE_SHA1); | 196 HashValue sha1(HASH_VALUE_SHA1); |
| 192 memset(sha1.data(), '1', sha1.size()); | 197 memset(sha1.data(), '1', sha1.size()); |
| 193 pkp_state.spki_hashes.push_back(sha1); | 198 pkp_state.spki_hashes.push_back(sha1); |
| 194 | 199 |
| 195 EXPECT_FALSE(pkp_state.CheckPublicKeyPins(hashes, &failure_log)); | 200 EXPECT_FALSE(pkp_state.CheckPublicKeyPins(hashes, &failure_log)); |
| 196 | 201 |
| 197 hashes.push_back(sha1); | 202 hashes.push_back(sha1); |
| 198 EXPECT_TRUE(pkp_state.CheckPublicKeyPins(hashes, &failure_log)); | 203 EXPECT_TRUE(pkp_state.CheckPublicKeyPins(hashes, &failure_log)); |
| 199 | 204 |
| 200 hashes[0].data()[0] = '2'; | 205 hashes[0].data()[0] = '2'; |
| 201 EXPECT_FALSE(pkp_state.CheckPublicKeyPins(hashes, &failure_log)); | 206 EXPECT_FALSE(pkp_state.CheckPublicKeyPins(hashes, &failure_log)); |
| 202 | 207 |
| 203 const base::Time current_time(base::Time::Now()); | 208 const base::Time current_time(base::Time::Now()); |
| 204 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); | 209 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); |
| 205 bool include_subdomains = false; | 210 bool include_subdomains = false; |
| 206 state_.AddHSTS(kTestDomain, expiry, include_subdomains); | 211 state_.AddHSTS(kTestDomain, expiry, include_subdomains); |
| 207 state_.AddHPKP(kTestDomain, expiry, include_subdomains, | 212 state_.AddHPKP(kTestDomain, expiry, include_subdomains, pkp_state.spki_hashes, |
| 208 pkp_state.spki_hashes); | 213 report_uri); |
| 209 std::string serialized; | 214 std::string serialized; |
| 210 EXPECT_TRUE(persister_->SerializeData(&serialized)); | 215 EXPECT_TRUE(persister_->SerializeData(&serialized)); |
| 211 bool dirty; | 216 bool dirty; |
| 212 EXPECT_TRUE(persister_->LoadEntries(serialized, &dirty)); | 217 EXPECT_TRUE(persister_->LoadEntries(serialized, &dirty)); |
| 213 | 218 |
| 214 TransportSecurityState::PKPState new_pkp_state; | 219 TransportSecurityState::PKPState new_pkp_state; |
| 215 EXPECT_TRUE(state_.GetDynamicPKPState(kTestDomain, &new_pkp_state)); | 220 EXPECT_TRUE(state_.GetDynamicPKPState(kTestDomain, &new_pkp_state)); |
| 216 EXPECT_EQ(1u, new_pkp_state.spki_hashes.size()); | 221 EXPECT_EQ(1u, new_pkp_state.spki_hashes.size()); |
| 217 EXPECT_EQ(sha1.tag, new_pkp_state.spki_hashes[0].tag); | 222 EXPECT_EQ(sha1.tag, new_pkp_state.spki_hashes[0].tag); |
| 218 EXPECT_EQ( | 223 EXPECT_EQ( |
| 219 0, memcmp(new_pkp_state.spki_hashes[0].data(), sha1.data(), sha1.size())); | 224 0, memcmp(new_pkp_state.spki_hashes[0].data(), sha1.data(), sha1.size())); |
| 225 EXPECT_EQ(report_uri, new_pkp_state.report_uri); |
| 220 } | 226 } |
| 221 | 227 |
| 222 } // namespace | 228 } // namespace |
| 223 | 229 |
| 224 } // namespace net | 230 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1211363005:
Parse HPKP report-uri and persist in TransportSecurityPersister (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master