net/http/transport_security_persister_unittest.cc - Issue 1211363005: Parse HPKP report-uri and persist in TransportSecurityPersister

Side by Side Diff: net/http/transport_security_persister_unittest.cc

Issue 1211363005: Parse HPKP report-uri and persist in TransportSecurityPersister (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: minor cleanup Created 5 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« net/http/http_security_headers_unittest.cc ('K') | « net/http/transport_security_persister.cc ('k') | net/http/transport_security_state.h » ('j') | net/http/transport_security_state_unittest.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/http/transport_security_persister.h"	5 #include "net/http/transport_security_persister.h"

6	6

7 #include <map>	7 #include <map>

8 #include <string>	8 #include <string>

9 #include <vector>	9 #include <vector>

10	10

(...skipping 66 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
77 EXPECT_EQ(domain_state.sts.upgrade_mode,	77 EXPECT_EQ(domain_state.sts.upgrade_mode,

78 TransportSecurityState::DomainState::MODE_FORCE_HTTPS);	78 TransportSecurityState::DomainState::MODE_FORCE_HTTPS);

79 EXPECT_TRUE(	79 EXPECT_TRUE(

80 state_.GetDynamicDomainState("foo.bar.baz.yahoo.com", &domain_state));	80 state_.GetDynamicDomainState("foo.bar.baz.yahoo.com", &domain_state));

81 EXPECT_EQ(domain_state.sts.upgrade_mode,	81 EXPECT_EQ(domain_state.sts.upgrade_mode,

82 TransportSecurityState::DomainState::MODE_FORCE_HTTPS);	82 TransportSecurityState::DomainState::MODE_FORCE_HTTPS);

83 EXPECT_FALSE(state_.GetStaticDomainState("com", &domain_state));	83 EXPECT_FALSE(state_.GetStaticDomainState("com", &domain_state));

84 }	84 }

85	85

86 TEST_F(TransportSecurityPersisterTest, SerializeData3) {	86 TEST_F(TransportSecurityPersisterTest, SerializeData3) {

	87 static const char kReportUri[] = "http://www.example.com/report";

	88 std::string report_uri(kReportUri);
	Ryan Sleevi 2015/06/26 19:41:52 Why the explicit string? Implicit string construct Why the explicit string? Implicit string construction would be fine (e.g. line 103 saying kReportUri) estark 2015/06/26 22:42:11 Done. Show quoted text On 2015/06/26 19:41:52, Ryan Sleevi (slow through 7-15 wrote: > Why the explicit string? Implicit string construction would be fine (e.g. line > 103 saying kReportUri) Done.
	89

87 // Add an entry.	90 // Add an entry.

88 HashValue fp1(HASH_VALUE_SHA1);	91 HashValue fp1(HASH_VALUE_SHA1);

89 memset(fp1.data(), 0, fp1.size());	92 memset(fp1.data(), 0, fp1.size());

90 HashValue fp2(HASH_VALUE_SHA1);	93 HashValue fp2(HASH_VALUE_SHA1);

91 memset(fp2.data(), 1, fp2.size());	94 memset(fp2.data(), 1, fp2.size());

92 base::Time expiry =	95 base::Time expiry =

93 base::Time::Now() + base::TimeDelta::FromSeconds(1000);	96 base::Time::Now() + base::TimeDelta::FromSeconds(1000);

94 HashValueVector dynamic_spki_hashes;	97 HashValueVector dynamic_spki_hashes;

95 dynamic_spki_hashes.push_back(fp1);	98 dynamic_spki_hashes.push_back(fp1);

96 dynamic_spki_hashes.push_back(fp2);	99 dynamic_spki_hashes.push_back(fp2);

97 bool include_subdomains = false;	100 bool include_subdomains = false;

98 state_.AddHSTS("www.example.com", expiry, include_subdomains);	101 state_.AddHSTS("www.example.com", expiry, include_subdomains);

99 state_.AddHPKP("www.example.com", expiry, include_subdomains,	102 state_.AddHPKP("www.example.com", expiry, include_subdomains,

100 dynamic_spki_hashes);	103 dynamic_spki_hashes, report_uri);

101	104

102 // Add another entry.	105 // Add another entry.

103 memset(fp1.data(), 2, fp1.size());	106 memset(fp1.data(), 2, fp1.size());

104 memset(fp2.data(), 3, fp2.size());	107 memset(fp2.data(), 3, fp2.size());

105 expiry =	108 expiry =

106 base::Time::Now() + base::TimeDelta::FromSeconds(3000);	109 base::Time::Now() + base::TimeDelta::FromSeconds(3000);

107 dynamic_spki_hashes.push_back(fp1);	110 dynamic_spki_hashes.push_back(fp1);

108 dynamic_spki_hashes.push_back(fp2);	111 dynamic_spki_hashes.push_back(fp2);

109 state_.AddHSTS("www.example.net", expiry, include_subdomains);	112 state_.AddHSTS("www.example.net", expiry, include_subdomains);

110 state_.AddHPKP("www.example.net", expiry, include_subdomains,	113 state_.AddHPKP("www.example.net", expiry, include_subdomains,

111 dynamic_spki_hashes);	114 dynamic_spki_hashes, report_uri);

112	115

113 // Save a copy of everything.	116 // Save a copy of everything.

114 std::map<std::string, TransportSecurityState::DomainState> saved;	117 std::map<std::string, TransportSecurityState::DomainState> saved;

115 TransportSecurityState::Iterator i(state_);	118 TransportSecurityState::Iterator i(state_);

116 while (i.HasNext()) {	119 while (i.HasNext()) {

117 saved[i.hostname()] = i.domain_state();	120 saved[i.hostname()] = i.domain_state();

118 i.Advance();	121 i.Advance();

119 }	122 }

120	123

121 std::string serialized;	124 std::string serialized;

(...skipping 35 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
157 "\"include_subdomains\": false, "	160 "\"include_subdomains\": false, "

158 "\"mode\": \"strict\" "	161 "\"mode\": \"strict\" "

159 "}"	162 "}"

160 "}";	163 "}";

161 bool dirty;	164 bool dirty;

162 EXPECT_TRUE(persister_->LoadEntries(output, &dirty));	165 EXPECT_TRUE(persister_->LoadEntries(output, &dirty));

163 EXPECT_TRUE(dirty);	166 EXPECT_TRUE(dirty);

164 }	167 }

165	168

166 TEST_F(TransportSecurityPersisterTest, PublicKeyHashes) {	169 TEST_F(TransportSecurityPersisterTest, PublicKeyHashes) {

	170 static const char kReportUri[] = "http://example.com/test";

	171 std::string report_uri(kReportUri);

	172

167 TransportSecurityState::DomainState domain_state;	173 TransportSecurityState::DomainState domain_state;

168 static const char kTestDomain[] = "example.com";	174 static const char kTestDomain[] = "example.com";

169 EXPECT_FALSE(state_.GetDynamicDomainState(kTestDomain, &domain_state));	175 EXPECT_FALSE(state_.GetDynamicDomainState(kTestDomain, &domain_state));

170 HashValueVector hashes;	176 HashValueVector hashes;

171 std::string failure_log;	177 std::string failure_log;

172 EXPECT_FALSE(domain_state.CheckPublicKeyPins(hashes, &failure_log));	178 EXPECT_FALSE(domain_state.CheckPublicKeyPins(hashes, &failure_log));

173	179

174 HashValue sha1(HASH_VALUE_SHA1);	180 HashValue sha1(HASH_VALUE_SHA1);

175 memset(sha1.data(), '1', sha1.size());	181 memset(sha1.data(), '1', sha1.size());

176 domain_state.pkp.spki_hashes.push_back(sha1);	182 domain_state.pkp.spki_hashes.push_back(sha1);

177	183

178 EXPECT_FALSE(domain_state.CheckPublicKeyPins(hashes, &failure_log));	184 EXPECT_FALSE(domain_state.CheckPublicKeyPins(hashes, &failure_log));

179	185

180 hashes.push_back(sha1);	186 hashes.push_back(sha1);

181 EXPECT_TRUE(domain_state.CheckPublicKeyPins(hashes, &failure_log));	187 EXPECT_TRUE(domain_state.CheckPublicKeyPins(hashes, &failure_log));

182	188

183 hashes[0].data()[0] = '2';	189 hashes[0].data()[0] = '2';

184 EXPECT_FALSE(domain_state.CheckPublicKeyPins(hashes, &failure_log));	190 EXPECT_FALSE(domain_state.CheckPublicKeyPins(hashes, &failure_log));

185	191

186 const base::Time current_time(base::Time::Now());	192 const base::Time current_time(base::Time::Now());

187 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);	193 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);

188 bool include_subdomains = false;	194 bool include_subdomains = false;

189 state_.AddHSTS(kTestDomain, expiry, include_subdomains);	195 state_.AddHSTS(kTestDomain, expiry, include_subdomains);

190 state_.AddHPKP(	196 state_.AddHPKP(kTestDomain, expiry, include_subdomains,

191 kTestDomain, expiry, include_subdomains, domain_state.pkp.spki_hashes);	197 domain_state.pkp.spki_hashes, report_uri);

192 std::string serialized;	198 std::string serialized;

193 EXPECT_TRUE(persister_->SerializeData(&serialized));	199 EXPECT_TRUE(persister_->SerializeData(&serialized));

194 bool dirty;	200 bool dirty;

	201 EXPECT_TRUE(persister_->LoadEntries(serialized, &dirty));

	202

	203 TransportSecurityState::DomainState new_domain_state;

	204 EXPECT_TRUE(state_.GetDynamicDomainState(kTestDomain, &new_domain_state));

	205 EXPECT_EQ(1u, new_domain_state.pkp.spki_hashes.size());

	206 EXPECT_EQ(sha1.tag, new_domain_state.pkp.spki_hashes[0].tag);

	207 EXPECT_EQ(0, memcmp(new_domain_state.pkp.spki_hashes[0].data(), sha1.data(),

	208 sha1.size()));

	209 }

	210

	211 TEST_F(TransportSecurityPersisterTest, PublicKeyPinReportUri) {

	212 TransportSecurityState::DomainState domain_state;

	213 static const char kTestDomain[] = "example.com";

	214 static const char kTestReportUri[] = "http://example.com/report";

	215

	216 EXPECT_FALSE(state_.GetDynamicDomainState(kTestDomain, &domain_state));

	217 HashValueVector hashes;

	218 std::string failure_log;

	219 EXPECT_FALSE(domain_state.CheckPublicKeyPins(hashes, &failure_log));

	220

	221 HashValue sha1(HASH_VALUE_SHA1);

	222 memset(sha1.data(), '1', sha1.size());

	223 domain_state.pkp.spki_hashes.push_back(sha1);

	224

	225 EXPECT_FALSE(domain_state.CheckPublicKeyPins(hashes, &failure_log));

	226

	227 hashes.push_back(sha1);

	228 EXPECT_TRUE(domain_state.CheckPublicKeyPins(hashes, &failure_log));

	229

	230 hashes[0].data()[0] = '2';

	231 EXPECT_FALSE(domain_state.CheckPublicKeyPins(hashes, &failure_log));

	232

	233 const base::Time current_time(base::Time::Now());

	234 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);

	235 bool include_subdomains = false;

	236 state_.AddHPKP(kTestDomain, expiry, include_subdomains,

	237 domain_state.pkp.spki_hashes, std::string(kTestReportUri));

	238 std::string serialized;

	239 EXPECT_TRUE(persister_->SerializeData(&serialized));

	240 bool dirty;

195 EXPECT_TRUE(persister_->LoadEntries(serialized, &dirty));	241 EXPECT_TRUE(persister_->LoadEntries(serialized, &dirty));

196	242

197 TransportSecurityState::DomainState new_domain_state;	243 TransportSecurityState::DomainState new_domain_state;

198 EXPECT_TRUE(state_.GetDynamicDomainState(kTestDomain, &new_domain_state));	244 EXPECT_TRUE(state_.GetDynamicDomainState(kTestDomain, &new_domain_state));

199 EXPECT_EQ(1u, new_domain_state.pkp.spki_hashes.size());	245 EXPECT_EQ(1u, new_domain_state.pkp.spki_hashes.size());

200 EXPECT_EQ(sha1.tag, new_domain_state.pkp.spki_hashes[0].tag);	246 EXPECT_EQ(sha1.tag, new_domain_state.pkp.spki_hashes[0].tag);

201 EXPECT_EQ(0,	247 EXPECT_EQ(0,

202 memcmp(new_domain_state.pkp.spki_hashes[0].data(),	248 memcmp(new_domain_state.pkp.spki_hashes[0].data(),

203 sha1.data(),	249 sha1.data(),

204 sha1.size()));	250 sha1.size()));

	251 EXPECT_EQ(kTestReportUri, new_domain_state.pkp.report_uri);

205 }	252 }

206	253

207 } // namespace	254 } // namespace

208	255

209 } // namespace net	256 } // namespace net

OLD	NEW