OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/http/transport_security_persister.h" | 5 #include "net/http/transport_security_persister.h" |
6 | 6 |
7 #include <map> | 7 #include <map> |
8 #include <string> | 8 #include <string> |
9 #include <vector> | 9 #include <vector> |
10 | 10 |
(...skipping 66 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
77 EXPECT_EQ(domain_state.sts.upgrade_mode, | 77 EXPECT_EQ(domain_state.sts.upgrade_mode, |
78 TransportSecurityState::DomainState::MODE_FORCE_HTTPS); | 78 TransportSecurityState::DomainState::MODE_FORCE_HTTPS); |
79 EXPECT_TRUE( | 79 EXPECT_TRUE( |
80 state_.GetDynamicDomainState("foo.bar.baz.yahoo.com", &domain_state)); | 80 state_.GetDynamicDomainState("foo.bar.baz.yahoo.com", &domain_state)); |
81 EXPECT_EQ(domain_state.sts.upgrade_mode, | 81 EXPECT_EQ(domain_state.sts.upgrade_mode, |
82 TransportSecurityState::DomainState::MODE_FORCE_HTTPS); | 82 TransportSecurityState::DomainState::MODE_FORCE_HTTPS); |
83 EXPECT_FALSE(state_.GetStaticDomainState("com", &domain_state)); | 83 EXPECT_FALSE(state_.GetStaticDomainState("com", &domain_state)); |
84 } | 84 } |
85 | 85 |
86 TEST_F(TransportSecurityPersisterTest, SerializeData3) { | 86 TEST_F(TransportSecurityPersisterTest, SerializeData3) { |
87 static const char kReportUri[] = "http://www.example.com/report"; | |
88 std::string report_uri(kReportUri); | |
Ryan Sleevi
2015/06/26 19:41:52
Why the explicit string? Implicit string construct
estark
2015/06/26 22:42:11
Done.
| |
89 | |
87 // Add an entry. | 90 // Add an entry. |
88 HashValue fp1(HASH_VALUE_SHA1); | 91 HashValue fp1(HASH_VALUE_SHA1); |
89 memset(fp1.data(), 0, fp1.size()); | 92 memset(fp1.data(), 0, fp1.size()); |
90 HashValue fp2(HASH_VALUE_SHA1); | 93 HashValue fp2(HASH_VALUE_SHA1); |
91 memset(fp2.data(), 1, fp2.size()); | 94 memset(fp2.data(), 1, fp2.size()); |
92 base::Time expiry = | 95 base::Time expiry = |
93 base::Time::Now() + base::TimeDelta::FromSeconds(1000); | 96 base::Time::Now() + base::TimeDelta::FromSeconds(1000); |
94 HashValueVector dynamic_spki_hashes; | 97 HashValueVector dynamic_spki_hashes; |
95 dynamic_spki_hashes.push_back(fp1); | 98 dynamic_spki_hashes.push_back(fp1); |
96 dynamic_spki_hashes.push_back(fp2); | 99 dynamic_spki_hashes.push_back(fp2); |
97 bool include_subdomains = false; | 100 bool include_subdomains = false; |
98 state_.AddHSTS("www.example.com", expiry, include_subdomains); | 101 state_.AddHSTS("www.example.com", expiry, include_subdomains); |
99 state_.AddHPKP("www.example.com", expiry, include_subdomains, | 102 state_.AddHPKP("www.example.com", expiry, include_subdomains, |
100 dynamic_spki_hashes); | 103 dynamic_spki_hashes, report_uri); |
101 | 104 |
102 // Add another entry. | 105 // Add another entry. |
103 memset(fp1.data(), 2, fp1.size()); | 106 memset(fp1.data(), 2, fp1.size()); |
104 memset(fp2.data(), 3, fp2.size()); | 107 memset(fp2.data(), 3, fp2.size()); |
105 expiry = | 108 expiry = |
106 base::Time::Now() + base::TimeDelta::FromSeconds(3000); | 109 base::Time::Now() + base::TimeDelta::FromSeconds(3000); |
107 dynamic_spki_hashes.push_back(fp1); | 110 dynamic_spki_hashes.push_back(fp1); |
108 dynamic_spki_hashes.push_back(fp2); | 111 dynamic_spki_hashes.push_back(fp2); |
109 state_.AddHSTS("www.example.net", expiry, include_subdomains); | 112 state_.AddHSTS("www.example.net", expiry, include_subdomains); |
110 state_.AddHPKP("www.example.net", expiry, include_subdomains, | 113 state_.AddHPKP("www.example.net", expiry, include_subdomains, |
111 dynamic_spki_hashes); | 114 dynamic_spki_hashes, report_uri); |
112 | 115 |
113 // Save a copy of everything. | 116 // Save a copy of everything. |
114 std::map<std::string, TransportSecurityState::DomainState> saved; | 117 std::map<std::string, TransportSecurityState::DomainState> saved; |
115 TransportSecurityState::Iterator i(state_); | 118 TransportSecurityState::Iterator i(state_); |
116 while (i.HasNext()) { | 119 while (i.HasNext()) { |
117 saved[i.hostname()] = i.domain_state(); | 120 saved[i.hostname()] = i.domain_state(); |
118 i.Advance(); | 121 i.Advance(); |
119 } | 122 } |
120 | 123 |
121 std::string serialized; | 124 std::string serialized; |
(...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
157 "\"include_subdomains\": false, " | 160 "\"include_subdomains\": false, " |
158 "\"mode\": \"strict\" " | 161 "\"mode\": \"strict\" " |
159 "}" | 162 "}" |
160 "}"; | 163 "}"; |
161 bool dirty; | 164 bool dirty; |
162 EXPECT_TRUE(persister_->LoadEntries(output, &dirty)); | 165 EXPECT_TRUE(persister_->LoadEntries(output, &dirty)); |
163 EXPECT_TRUE(dirty); | 166 EXPECT_TRUE(dirty); |
164 } | 167 } |
165 | 168 |
166 TEST_F(TransportSecurityPersisterTest, PublicKeyHashes) { | 169 TEST_F(TransportSecurityPersisterTest, PublicKeyHashes) { |
170 static const char kReportUri[] = "http://example.com/test"; | |
171 std::string report_uri(kReportUri); | |
172 | |
167 TransportSecurityState::DomainState domain_state; | 173 TransportSecurityState::DomainState domain_state; |
168 static const char kTestDomain[] = "example.com"; | 174 static const char kTestDomain[] = "example.com"; |
169 EXPECT_FALSE(state_.GetDynamicDomainState(kTestDomain, &domain_state)); | 175 EXPECT_FALSE(state_.GetDynamicDomainState(kTestDomain, &domain_state)); |
170 HashValueVector hashes; | 176 HashValueVector hashes; |
171 std::string failure_log; | 177 std::string failure_log; |
172 EXPECT_FALSE(domain_state.CheckPublicKeyPins(hashes, &failure_log)); | 178 EXPECT_FALSE(domain_state.CheckPublicKeyPins(hashes, &failure_log)); |
173 | 179 |
174 HashValue sha1(HASH_VALUE_SHA1); | 180 HashValue sha1(HASH_VALUE_SHA1); |
175 memset(sha1.data(), '1', sha1.size()); | 181 memset(sha1.data(), '1', sha1.size()); |
176 domain_state.pkp.spki_hashes.push_back(sha1); | 182 domain_state.pkp.spki_hashes.push_back(sha1); |
177 | 183 |
178 EXPECT_FALSE(domain_state.CheckPublicKeyPins(hashes, &failure_log)); | 184 EXPECT_FALSE(domain_state.CheckPublicKeyPins(hashes, &failure_log)); |
179 | 185 |
180 hashes.push_back(sha1); | 186 hashes.push_back(sha1); |
181 EXPECT_TRUE(domain_state.CheckPublicKeyPins(hashes, &failure_log)); | 187 EXPECT_TRUE(domain_state.CheckPublicKeyPins(hashes, &failure_log)); |
182 | 188 |
183 hashes[0].data()[0] = '2'; | 189 hashes[0].data()[0] = '2'; |
184 EXPECT_FALSE(domain_state.CheckPublicKeyPins(hashes, &failure_log)); | 190 EXPECT_FALSE(domain_state.CheckPublicKeyPins(hashes, &failure_log)); |
185 | 191 |
186 const base::Time current_time(base::Time::Now()); | 192 const base::Time current_time(base::Time::Now()); |
187 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); | 193 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); |
188 bool include_subdomains = false; | 194 bool include_subdomains = false; |
189 state_.AddHSTS(kTestDomain, expiry, include_subdomains); | 195 state_.AddHSTS(kTestDomain, expiry, include_subdomains); |
190 state_.AddHPKP( | 196 state_.AddHPKP(kTestDomain, expiry, include_subdomains, |
191 kTestDomain, expiry, include_subdomains, domain_state.pkp.spki_hashes); | 197 domain_state.pkp.spki_hashes, report_uri); |
192 std::string serialized; | 198 std::string serialized; |
193 EXPECT_TRUE(persister_->SerializeData(&serialized)); | 199 EXPECT_TRUE(persister_->SerializeData(&serialized)); |
194 bool dirty; | 200 bool dirty; |
201 EXPECT_TRUE(persister_->LoadEntries(serialized, &dirty)); | |
202 | |
203 TransportSecurityState::DomainState new_domain_state; | |
204 EXPECT_TRUE(state_.GetDynamicDomainState(kTestDomain, &new_domain_state)); | |
205 EXPECT_EQ(1u, new_domain_state.pkp.spki_hashes.size()); | |
206 EXPECT_EQ(sha1.tag, new_domain_state.pkp.spki_hashes[0].tag); | |
207 EXPECT_EQ(0, memcmp(new_domain_state.pkp.spki_hashes[0].data(), sha1.data(), | |
208 sha1.size())); | |
209 } | |
210 | |
211 TEST_F(TransportSecurityPersisterTest, PublicKeyPinReportUri) { | |
212 TransportSecurityState::DomainState domain_state; | |
213 static const char kTestDomain[] = "example.com"; | |
214 static const char kTestReportUri[] = "http://example.com/report"; | |
215 | |
216 EXPECT_FALSE(state_.GetDynamicDomainState(kTestDomain, &domain_state)); | |
217 HashValueVector hashes; | |
218 std::string failure_log; | |
219 EXPECT_FALSE(domain_state.CheckPublicKeyPins(hashes, &failure_log)); | |
220 | |
221 HashValue sha1(HASH_VALUE_SHA1); | |
222 memset(sha1.data(), '1', sha1.size()); | |
223 domain_state.pkp.spki_hashes.push_back(sha1); | |
224 | |
225 EXPECT_FALSE(domain_state.CheckPublicKeyPins(hashes, &failure_log)); | |
226 | |
227 hashes.push_back(sha1); | |
228 EXPECT_TRUE(domain_state.CheckPublicKeyPins(hashes, &failure_log)); | |
229 | |
230 hashes[0].data()[0] = '2'; | |
231 EXPECT_FALSE(domain_state.CheckPublicKeyPins(hashes, &failure_log)); | |
232 | |
233 const base::Time current_time(base::Time::Now()); | |
234 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); | |
235 bool include_subdomains = false; | |
236 state_.AddHPKP(kTestDomain, expiry, include_subdomains, | |
237 domain_state.pkp.spki_hashes, std::string(kTestReportUri)); | |
238 std::string serialized; | |
239 EXPECT_TRUE(persister_->SerializeData(&serialized)); | |
240 bool dirty; | |
195 EXPECT_TRUE(persister_->LoadEntries(serialized, &dirty)); | 241 EXPECT_TRUE(persister_->LoadEntries(serialized, &dirty)); |
196 | 242 |
197 TransportSecurityState::DomainState new_domain_state; | 243 TransportSecurityState::DomainState new_domain_state; |
198 EXPECT_TRUE(state_.GetDynamicDomainState(kTestDomain, &new_domain_state)); | 244 EXPECT_TRUE(state_.GetDynamicDomainState(kTestDomain, &new_domain_state)); |
199 EXPECT_EQ(1u, new_domain_state.pkp.spki_hashes.size()); | 245 EXPECT_EQ(1u, new_domain_state.pkp.spki_hashes.size()); |
200 EXPECT_EQ(sha1.tag, new_domain_state.pkp.spki_hashes[0].tag); | 246 EXPECT_EQ(sha1.tag, new_domain_state.pkp.spki_hashes[0].tag); |
201 EXPECT_EQ(0, | 247 EXPECT_EQ(0, |
202 memcmp(new_domain_state.pkp.spki_hashes[0].data(), | 248 memcmp(new_domain_state.pkp.spki_hashes[0].data(), |
203 sha1.data(), | 249 sha1.data(), |
204 sha1.size())); | 250 sha1.size())); |
251 EXPECT_EQ(kTestReportUri, new_domain_state.pkp.report_uri); | |
205 } | 252 } |
206 | 253 |
207 } // namespace | 254 } // namespace |
208 | 255 |
209 } // namespace net | 256 } // namespace net |
OLD | NEW |