OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/http/transport_security_state.h" | 5 #include "net/http/transport_security_state.h" |
6 | 6 |
7 #include <algorithm> | 7 #include <algorithm> |
8 #include <string> | 8 #include <string> |
9 #include <vector> | 9 #include <vector> |
10 | 10 |
(...skipping 194 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
205 EXPECT_TRUE(state.ShouldUpgradeToSSL("foo.bar.example.test")); | 205 EXPECT_TRUE(state.ShouldUpgradeToSSL("foo.bar.example.test")); |
206 EXPECT_TRUE(state.ShouldUpgradeToSSL("foo.bar.baz.example.test")); | 206 EXPECT_TRUE(state.ShouldUpgradeToSSL("foo.bar.baz.example.test")); |
207 EXPECT_FALSE(state.ShouldUpgradeToSSL("test")); | 207 EXPECT_FALSE(state.ShouldUpgradeToSSL("test")); |
208 EXPECT_FALSE(state.ShouldUpgradeToSSL("notexample.test")); | 208 EXPECT_FALSE(state.ShouldUpgradeToSSL("notexample.test")); |
209 } | 209 } |
210 | 210 |
211 // Tests that a more-specific HSTS or HPKP rule overrides a less-specific rule | 211 // Tests that a more-specific HSTS or HPKP rule overrides a less-specific rule |
212 // with it, regardless of the includeSubDomains bit. This is a regression test | 212 // with it, regardless of the includeSubDomains bit. This is a regression test |
213 // for https://crbug.com/469957. | 213 // for https://crbug.com/469957. |
214 TEST_F(TransportSecurityStateTest, SubdomainCarveout) { | 214 TEST_F(TransportSecurityStateTest, SubdomainCarveout) { |
215 static const char kReportUri[] = "http://example.com/test"; | |
216 std::string report_uri(kReportUri); | |
217 | |
215 TransportSecurityState state; | 218 TransportSecurityState state; |
216 const base::Time current_time(base::Time::Now()); | 219 const base::Time current_time(base::Time::Now()); |
217 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); | 220 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); |
218 const base::Time older = current_time - base::TimeDelta::FromSeconds(1000); | 221 const base::Time older = current_time - base::TimeDelta::FromSeconds(1000); |
219 | 222 |
220 state.AddHSTS("example1.test", expiry, true); | 223 state.AddHSTS("example1.test", expiry, true); |
221 state.AddHSTS("foo.example1.test", expiry, false); | 224 state.AddHSTS("foo.example1.test", expiry, false); |
222 | 225 |
223 state.AddHPKP("example2.test", expiry, true, GetSampleSPKIHashes()); | 226 state.AddHPKP("example2.test", expiry, true, GetSampleSPKIHashes(), |
224 state.AddHPKP("foo.example2.test", expiry, false, GetSampleSPKIHashes()); | 227 report_uri); |
228 state.AddHPKP("foo.example2.test", expiry, false, GetSampleSPKIHashes(), | |
229 report_uri); | |
225 | 230 |
226 EXPECT_TRUE(state.ShouldUpgradeToSSL("example1.test")); | 231 EXPECT_TRUE(state.ShouldUpgradeToSSL("example1.test")); |
227 EXPECT_TRUE(state.ShouldUpgradeToSSL("foo.example1.test")); | 232 EXPECT_TRUE(state.ShouldUpgradeToSSL("foo.example1.test")); |
228 | 233 |
229 // The foo.example1.test rule overrides the example1.test rule, so | 234 // The foo.example1.test rule overrides the example1.test rule, so |
230 // bar.foo.example1.test has no HSTS state. | 235 // bar.foo.example1.test has no HSTS state. |
231 EXPECT_FALSE(state.ShouldUpgradeToSSL("bar.foo.example1.test")); | 236 EXPECT_FALSE(state.ShouldUpgradeToSSL("bar.foo.example1.test")); |
232 EXPECT_FALSE(state.ShouldSSLErrorsBeFatal("bar.foo.example1.test")); | 237 EXPECT_FALSE(state.ShouldSSLErrorsBeFatal("bar.foo.example1.test")); |
233 | 238 |
234 EXPECT_TRUE(state.HasPublicKeyPins("example2.test")); | 239 EXPECT_TRUE(state.HasPublicKeyPins("example2.test")); |
235 EXPECT_TRUE(state.HasPublicKeyPins("foo.example2.test")); | 240 EXPECT_TRUE(state.HasPublicKeyPins("foo.example2.test")); |
236 | 241 |
237 // The foo.example2.test rule overrides the example1.test rule, so | 242 // The foo.example2.test rule overrides the example1.test rule, so |
238 // bar.foo.example2.test has no HPKP state. | 243 // bar.foo.example2.test has no HPKP state. |
239 EXPECT_FALSE(state.HasPublicKeyPins("bar.foo.example2.test")); | 244 EXPECT_FALSE(state.HasPublicKeyPins("bar.foo.example2.test")); |
240 EXPECT_FALSE(state.ShouldSSLErrorsBeFatal("bar.foo.example2.test")); | 245 EXPECT_FALSE(state.ShouldSSLErrorsBeFatal("bar.foo.example2.test")); |
241 | 246 |
242 // Expire the foo.example*.test rules. | 247 // Expire the foo.example*.test rules. |
243 state.AddHSTS("foo.example1.test", older, false); | 248 state.AddHSTS("foo.example1.test", older, false); |
244 state.AddHPKP("foo.example2.test", older, false, GetSampleSPKIHashes()); | 249 state.AddHPKP("foo.example2.test", older, false, GetSampleSPKIHashes(), |
250 report_uri); | |
245 | 251 |
246 // Now the base example*.test rules apply to bar.foo.example*.test. | 252 // Now the base example*.test rules apply to bar.foo.example*.test. |
247 EXPECT_TRUE(state.ShouldUpgradeToSSL("bar.foo.example1.test")); | 253 EXPECT_TRUE(state.ShouldUpgradeToSSL("bar.foo.example1.test")); |
248 EXPECT_TRUE(state.ShouldSSLErrorsBeFatal("bar.foo.example1.test")); | 254 EXPECT_TRUE(state.ShouldSSLErrorsBeFatal("bar.foo.example1.test")); |
249 EXPECT_TRUE(state.HasPublicKeyPins("bar.foo.example2.test")); | 255 EXPECT_TRUE(state.HasPublicKeyPins("bar.foo.example2.test")); |
250 EXPECT_TRUE(state.ShouldSSLErrorsBeFatal("bar.foo.example2.test")); | 256 EXPECT_TRUE(state.ShouldSSLErrorsBeFatal("bar.foo.example2.test")); |
251 } | 257 } |
252 | 258 |
253 TEST_F(TransportSecurityStateTest, FatalSSLErrors) { | 259 TEST_F(TransportSecurityStateTest, FatalSSLErrors) { |
260 static const char kReportUri[] = "http://example.com/test"; | |
261 std::string report_uri(kReportUri); | |
262 | |
254 TransportSecurityState state; | 263 TransportSecurityState state; |
255 const base::Time current_time(base::Time::Now()); | 264 const base::Time current_time(base::Time::Now()); |
256 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); | 265 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); |
257 | 266 |
258 state.AddHSTS("example1.test", expiry, false); | 267 state.AddHSTS("example1.test", expiry, false); |
259 state.AddHPKP("example2.test", expiry, false, GetSampleSPKIHashes()); | 268 state.AddHPKP("example2.test", expiry, false, GetSampleSPKIHashes(), |
269 report_uri); | |
260 | 270 |
261 // The presense of either HSTS or HPKP is enough to make SSL errors fatal. | 271 // The presense of either HSTS or HPKP is enough to make SSL errors fatal. |
262 EXPECT_TRUE(state.ShouldSSLErrorsBeFatal("example1.test")); | 272 EXPECT_TRUE(state.ShouldSSLErrorsBeFatal("example1.test")); |
263 EXPECT_TRUE(state.ShouldSSLErrorsBeFatal("example2.test")); | 273 EXPECT_TRUE(state.ShouldSSLErrorsBeFatal("example2.test")); |
264 } | 274 } |
265 | 275 |
266 // Tests that HPKP and HSTS state both expire. Also tests that expired entries | 276 // Tests that HPKP and HSTS state both expire. Also tests that expired entries |
267 // are pruned. | 277 // are pruned. |
268 TEST_F(TransportSecurityStateTest, Expiration) { | 278 TEST_F(TransportSecurityStateTest, Expiration) { |
279 static const char kReportUri[] = "http://example.com/test"; | |
280 std::string report_uri(kReportUri); | |
281 | |
269 TransportSecurityState state; | 282 TransportSecurityState state; |
270 const base::Time current_time(base::Time::Now()); | 283 const base::Time current_time(base::Time::Now()); |
271 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); | 284 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); |
272 const base::Time older = current_time - base::TimeDelta::FromSeconds(1000); | 285 const base::Time older = current_time - base::TimeDelta::FromSeconds(1000); |
273 | 286 |
274 // Note: this test assumes that inserting an entry with an expiration time in | 287 // Note: this test assumes that inserting an entry with an expiration time in |
275 // the past works and is pruned on query. | 288 // the past works and is pruned on query. |
276 state.AddHSTS("example1.test", older, false); | 289 state.AddHSTS("example1.test", older, false); |
277 EXPECT_TRUE(TransportSecurityState::Iterator(state).HasNext()); | 290 EXPECT_TRUE(TransportSecurityState::Iterator(state).HasNext()); |
278 EXPECT_FALSE(state.ShouldUpgradeToSSL("example1.test")); | 291 EXPECT_FALSE(state.ShouldUpgradeToSSL("example1.test")); |
279 // Querying |state| for a domain should flush out expired entries. | 292 // Querying |state| for a domain should flush out expired entries. |
280 EXPECT_FALSE(TransportSecurityState::Iterator(state).HasNext()); | 293 EXPECT_FALSE(TransportSecurityState::Iterator(state).HasNext()); |
281 | 294 |
282 state.AddHPKP("example1.test", older, false, GetSampleSPKIHashes()); | 295 state.AddHPKP("example1.test", older, false, GetSampleSPKIHashes(), |
296 report_uri); | |
283 EXPECT_TRUE(TransportSecurityState::Iterator(state).HasNext()); | 297 EXPECT_TRUE(TransportSecurityState::Iterator(state).HasNext()); |
284 EXPECT_FALSE(state.HasPublicKeyPins("example1.test")); | 298 EXPECT_FALSE(state.HasPublicKeyPins("example1.test")); |
285 // Querying |state| for a domain should flush out expired entries. | 299 // Querying |state| for a domain should flush out expired entries. |
286 EXPECT_FALSE(TransportSecurityState::Iterator(state).HasNext()); | 300 EXPECT_FALSE(TransportSecurityState::Iterator(state).HasNext()); |
287 | 301 |
288 state.AddHSTS("example1.test", older, false); | 302 state.AddHSTS("example1.test", older, false); |
289 state.AddHPKP("example1.test", older, false, GetSampleSPKIHashes()); | 303 state.AddHPKP("example1.test", older, false, GetSampleSPKIHashes(), |
304 report_uri); | |
290 EXPECT_TRUE(TransportSecurityState::Iterator(state).HasNext()); | 305 EXPECT_TRUE(TransportSecurityState::Iterator(state).HasNext()); |
291 EXPECT_FALSE(state.ShouldSSLErrorsBeFatal("example1.test")); | 306 EXPECT_FALSE(state.ShouldSSLErrorsBeFatal("example1.test")); |
292 // Querying |state| for a domain should flush out expired entries. | 307 // Querying |state| for a domain should flush out expired entries. |
293 EXPECT_FALSE(TransportSecurityState::Iterator(state).HasNext()); | 308 EXPECT_FALSE(TransportSecurityState::Iterator(state).HasNext()); |
294 | 309 |
295 // Test that HSTS can outlive HPKP. | 310 // Test that HSTS can outlive HPKP. |
296 state.AddHSTS("example1.test", expiry, false); | 311 state.AddHSTS("example1.test", expiry, false); |
297 state.AddHPKP("example1.test", older, false, GetSampleSPKIHashes()); | 312 state.AddHPKP("example1.test", older, false, GetSampleSPKIHashes(), |
313 report_uri); | |
298 EXPECT_TRUE(state.ShouldUpgradeToSSL("example1.test")); | 314 EXPECT_TRUE(state.ShouldUpgradeToSSL("example1.test")); |
299 EXPECT_FALSE(state.HasPublicKeyPins("example1.test")); | 315 EXPECT_FALSE(state.HasPublicKeyPins("example1.test")); |
300 | 316 |
301 // Test that HPKP can outlive HSTS. | 317 // Test that HPKP can outlive HSTS. |
302 state.AddHSTS("example2.test", older, false); | 318 state.AddHSTS("example2.test", older, false); |
303 state.AddHPKP("example2.test", expiry, false, GetSampleSPKIHashes()); | 319 state.AddHPKP("example2.test", expiry, false, GetSampleSPKIHashes(), |
320 report_uri); | |
304 EXPECT_FALSE(state.ShouldUpgradeToSSL("example2.test")); | 321 EXPECT_FALSE(state.ShouldUpgradeToSSL("example2.test")); |
305 EXPECT_TRUE(state.HasPublicKeyPins("example2.test")); | 322 EXPECT_TRUE(state.HasPublicKeyPins("example2.test")); |
306 } | 323 } |
307 | 324 |
308 TEST_F(TransportSecurityStateTest, InvalidDomains) { | 325 TEST_F(TransportSecurityStateTest, InvalidDomains) { |
309 TransportSecurityState state; | 326 TransportSecurityState state; |
310 const base::Time current_time(base::Time::Now()); | 327 const base::Time current_time(base::Time::Now()); |
311 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); | 328 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); |
312 | 329 |
313 EXPECT_FALSE(state.ShouldUpgradeToSSL("example.test")); | 330 EXPECT_FALSE(state.ShouldUpgradeToSSL("example.test")); |
314 bool include_subdomains = true; | 331 bool include_subdomains = true; |
315 state.AddHSTS("example.test", expiry, include_subdomains); | 332 state.AddHSTS("example.test", expiry, include_subdomains); |
316 EXPECT_TRUE(state.ShouldUpgradeToSSL("www-.foo.example.test")); | 333 EXPECT_TRUE(state.ShouldUpgradeToSSL("www-.foo.example.test")); |
317 EXPECT_TRUE(state.ShouldUpgradeToSSL("2\x01.foo.example.test")); | 334 EXPECT_TRUE(state.ShouldUpgradeToSSL("2\x01.foo.example.test")); |
318 } | 335 } |
319 | 336 |
320 // Tests that HPKP and HSTS state are queried independently for subdomain | 337 // Tests that HPKP and HSTS state are queried independently for subdomain |
321 // matches. | 338 // matches. |
322 TEST_F(TransportSecurityStateTest, IndependentSubdomain) { | 339 TEST_F(TransportSecurityStateTest, IndependentSubdomain) { |
340 static const char kReportUri[] = "http://example.com/test"; | |
341 std::string report_uri(kReportUri); | |
342 | |
323 TransportSecurityState state; | 343 TransportSecurityState state; |
324 const base::Time current_time(base::Time::Now()); | 344 const base::Time current_time(base::Time::Now()); |
325 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); | 345 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); |
326 | 346 |
327 state.AddHSTS("example1.test", expiry, true); | 347 state.AddHSTS("example1.test", expiry, true); |
328 state.AddHPKP("example1.test", expiry, false, GetSampleSPKIHashes()); | 348 state.AddHPKP("example1.test", expiry, false, GetSampleSPKIHashes(), |
349 report_uri); | |
329 | 350 |
330 state.AddHSTS("example2.test", expiry, false); | 351 state.AddHSTS("example2.test", expiry, false); |
331 state.AddHPKP("example2.test", expiry, true, GetSampleSPKIHashes()); | 352 state.AddHPKP("example2.test", expiry, true, GetSampleSPKIHashes(), |
353 report_uri); | |
332 | 354 |
333 EXPECT_TRUE(state.ShouldUpgradeToSSL("foo.example1.test")); | 355 EXPECT_TRUE(state.ShouldUpgradeToSSL("foo.example1.test")); |
334 EXPECT_FALSE(state.HasPublicKeyPins("foo.example1.test")); | 356 EXPECT_FALSE(state.HasPublicKeyPins("foo.example1.test")); |
335 EXPECT_FALSE(state.ShouldUpgradeToSSL("foo.example2.test")); | 357 EXPECT_FALSE(state.ShouldUpgradeToSSL("foo.example2.test")); |
336 EXPECT_TRUE(state.HasPublicKeyPins("foo.example2.test")); | 358 EXPECT_TRUE(state.HasPublicKeyPins("foo.example2.test")); |
337 } | 359 } |
338 | 360 |
339 // Tests that HPKP and HSTS state are inserted and overridden independently. | 361 // Tests that HPKP and HSTS state are inserted and overridden independently. |
340 TEST_F(TransportSecurityStateTest, IndependentInsertion) { | 362 TEST_F(TransportSecurityStateTest, IndependentInsertion) { |
363 static const char kReportUri[] = "http://example.com/test"; | |
364 std::string report_uri(kReportUri); | |
365 | |
341 TransportSecurityState state; | 366 TransportSecurityState state; |
342 const base::Time current_time(base::Time::Now()); | 367 const base::Time current_time(base::Time::Now()); |
343 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); | 368 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); |
344 | 369 |
345 // Place an includeSubdomains HSTS entry below a normal HPKP entry. | 370 // Place an includeSubdomains HSTS entry below a normal HPKP entry. |
346 state.AddHSTS("example1.test", expiry, true); | 371 state.AddHSTS("example1.test", expiry, true); |
347 state.AddHPKP("foo.example1.test", expiry, false, GetSampleSPKIHashes()); | 372 state.AddHPKP("foo.example1.test", expiry, false, GetSampleSPKIHashes(), |
373 report_uri); | |
348 | 374 |
349 EXPECT_TRUE(state.ShouldUpgradeToSSL("foo.example1.test")); | 375 EXPECT_TRUE(state.ShouldUpgradeToSSL("foo.example1.test")); |
350 EXPECT_TRUE(state.HasPublicKeyPins("foo.example1.test")); | 376 EXPECT_TRUE(state.HasPublicKeyPins("foo.example1.test")); |
351 EXPECT_TRUE(state.ShouldUpgradeToSSL("example1.test")); | 377 EXPECT_TRUE(state.ShouldUpgradeToSSL("example1.test")); |
352 EXPECT_FALSE(state.HasPublicKeyPins("example1.test")); | 378 EXPECT_FALSE(state.HasPublicKeyPins("example1.test")); |
353 | 379 |
354 // Drop the includeSubdomains from the HSTS entry. | 380 // Drop the includeSubdomains from the HSTS entry. |
355 state.AddHSTS("example1.test", expiry, false); | 381 state.AddHSTS("example1.test", expiry, false); |
356 | 382 |
357 EXPECT_FALSE(state.ShouldUpgradeToSSL("foo.example1.test")); | 383 EXPECT_FALSE(state.ShouldUpgradeToSSL("foo.example1.test")); |
358 EXPECT_TRUE(state.HasPublicKeyPins("foo.example1.test")); | 384 EXPECT_TRUE(state.HasPublicKeyPins("foo.example1.test")); |
359 | 385 |
360 // Place an includeSubdomains HPKP entry below a normal HSTS entry. | 386 // Place an includeSubdomains HPKP entry below a normal HSTS entry. |
361 state.AddHSTS("foo.example2.test", expiry, false); | 387 state.AddHSTS("foo.example2.test", expiry, false); |
362 state.AddHPKP("example2.test", expiry, true, GetSampleSPKIHashes()); | 388 state.AddHPKP("example2.test", expiry, true, GetSampleSPKIHashes(), |
389 report_uri); | |
363 | 390 |
364 EXPECT_TRUE(state.ShouldUpgradeToSSL("foo.example2.test")); | 391 EXPECT_TRUE(state.ShouldUpgradeToSSL("foo.example2.test")); |
365 EXPECT_TRUE(state.HasPublicKeyPins("foo.example2.test")); | 392 EXPECT_TRUE(state.HasPublicKeyPins("foo.example2.test")); |
366 | 393 |
367 // Drop the includeSubdomains from the HSTS entry. | 394 // Drop the includeSubdomains from the HSTS entry. |
368 state.AddHPKP("example2.test", expiry, false, GetSampleSPKIHashes()); | 395 state.AddHPKP("example2.test", expiry, false, GetSampleSPKIHashes(), |
396 report_uri); | |
369 | 397 |
370 EXPECT_TRUE(state.ShouldUpgradeToSSL("foo.example2.test")); | 398 EXPECT_TRUE(state.ShouldUpgradeToSSL("foo.example2.test")); |
371 EXPECT_FALSE(state.HasPublicKeyPins("foo.example2.test")); | 399 EXPECT_FALSE(state.HasPublicKeyPins("foo.example2.test")); |
372 } | 400 } |
373 | 401 |
374 // Tests that GetDynamicDomainState appropriately stitches together the results | 402 // Tests that GetDynamicDomainState appropriately stitches together the results |
375 // of HSTS and HPKP. | 403 // of HSTS and HPKP. |
376 TEST_F(TransportSecurityStateTest, DynamicDomainState) { | 404 TEST_F(TransportSecurityStateTest, DynamicDomainState) { |
405 static const char kReportUri[] = "http://example.com/test"; | |
406 std::string report_uri(kReportUri); | |
407 | |
377 TransportSecurityState state; | 408 TransportSecurityState state; |
378 const base::Time current_time(base::Time::Now()); | 409 const base::Time current_time(base::Time::Now()); |
379 const base::Time expiry1 = current_time + base::TimeDelta::FromSeconds(1000); | 410 const base::Time expiry1 = current_time + base::TimeDelta::FromSeconds(1000); |
380 const base::Time expiry2 = current_time + base::TimeDelta::FromSeconds(2000); | 411 const base::Time expiry2 = current_time + base::TimeDelta::FromSeconds(2000); |
381 | 412 |
382 state.AddHSTS("example.com", expiry1, true); | 413 state.AddHSTS("example.com", expiry1, true); |
383 state.AddHPKP("foo.example.com", expiry2, false, GetSampleSPKIHashes()); | 414 state.AddHPKP("foo.example.com", expiry2, false, GetSampleSPKIHashes(), |
415 report_uri); | |
384 | 416 |
385 TransportSecurityState::DomainState domain_state; | 417 TransportSecurityState::DomainState domain_state; |
386 ASSERT_TRUE(state.GetDynamicDomainState("foo.example.com", &domain_state)); | 418 ASSERT_TRUE(state.GetDynamicDomainState("foo.example.com", &domain_state)); |
387 EXPECT_TRUE(domain_state.ShouldUpgradeToSSL()); | 419 EXPECT_TRUE(domain_state.ShouldUpgradeToSSL()); |
388 EXPECT_TRUE(domain_state.HasPublicKeyPins()); | 420 EXPECT_TRUE(domain_state.HasPublicKeyPins()); |
389 EXPECT_TRUE(domain_state.sts.include_subdomains); | 421 EXPECT_TRUE(domain_state.sts.include_subdomains); |
390 EXPECT_FALSE(domain_state.pkp.include_subdomains); | 422 EXPECT_FALSE(domain_state.pkp.include_subdomains); |
391 EXPECT_EQ(expiry1, domain_state.sts.expiry); | 423 EXPECT_EQ(expiry1, domain_state.sts.expiry); |
392 EXPECT_EQ(expiry2, domain_state.pkp.expiry); | 424 EXPECT_EQ(expiry2, domain_state.pkp.expiry); |
393 EXPECT_EQ("example.com", domain_state.sts.domain); | 425 EXPECT_EQ("example.com", domain_state.sts.domain); |
394 EXPECT_EQ("foo.example.com", domain_state.pkp.domain); | 426 EXPECT_EQ("foo.example.com", domain_state.pkp.domain); |
395 } | 427 } |
396 | 428 |
397 // Tests that new pins always override previous pins. This should be true for | 429 // Tests that new pins always override previous pins. This should be true for |
398 // both pins at the same domain or includeSubdomains pins at a parent domain. | 430 // both pins at the same domain or includeSubdomains pins at a parent domain. |
399 TEST_F(TransportSecurityStateTest, NewPinsOverride) { | 431 TEST_F(TransportSecurityStateTest, NewPinsOverride) { |
432 static const char kReportUri[] = "http://example.com/test"; | |
Ryan Sleevi
2015/06/26 19:41:52
nit: Rather than constantly duplicating this - sti
estark
2015/06/26 22:42:11
Done.
| |
433 std::string report_uri(kReportUri); | |
434 | |
400 TransportSecurityState state; | 435 TransportSecurityState state; |
401 TransportSecurityState::DomainState domain_state; | 436 TransportSecurityState::DomainState domain_state; |
402 const base::Time current_time(base::Time::Now()); | 437 const base::Time current_time(base::Time::Now()); |
403 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); | 438 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); |
404 HashValue hash1(HASH_VALUE_SHA1); | 439 HashValue hash1(HASH_VALUE_SHA1); |
405 memset(hash1.data(), 0x01, hash1.size()); | 440 memset(hash1.data(), 0x01, hash1.size()); |
406 HashValue hash2(HASH_VALUE_SHA1); | 441 HashValue hash2(HASH_VALUE_SHA1); |
407 memset(hash2.data(), 0x02, hash1.size()); | 442 memset(hash2.data(), 0x02, hash1.size()); |
408 HashValue hash3(HASH_VALUE_SHA1); | 443 HashValue hash3(HASH_VALUE_SHA1); |
409 memset(hash3.data(), 0x03, hash1.size()); | 444 memset(hash3.data(), 0x03, hash1.size()); |
410 | 445 |
411 state.AddHPKP("example.com", expiry, true, HashValueVector(1, hash1)); | 446 state.AddHPKP("example.com", expiry, true, HashValueVector(1, hash1), |
447 report_uri); | |
412 | 448 |
413 ASSERT_TRUE(state.GetDynamicDomainState("foo.example.com", &domain_state)); | 449 ASSERT_TRUE(state.GetDynamicDomainState("foo.example.com", &domain_state)); |
414 ASSERT_EQ(1u, domain_state.pkp.spki_hashes.size()); | 450 ASSERT_EQ(1u, domain_state.pkp.spki_hashes.size()); |
415 EXPECT_TRUE(domain_state.pkp.spki_hashes[0].Equals(hash1)); | 451 EXPECT_TRUE(domain_state.pkp.spki_hashes[0].Equals(hash1)); |
416 | 452 |
417 state.AddHPKP("foo.example.com", expiry, false, HashValueVector(1, hash2)); | 453 state.AddHPKP("foo.example.com", expiry, false, HashValueVector(1, hash2), |
454 report_uri); | |
418 | 455 |
419 ASSERT_TRUE(state.GetDynamicDomainState("foo.example.com", &domain_state)); | 456 ASSERT_TRUE(state.GetDynamicDomainState("foo.example.com", &domain_state)); |
420 ASSERT_EQ(1u, domain_state.pkp.spki_hashes.size()); | 457 ASSERT_EQ(1u, domain_state.pkp.spki_hashes.size()); |
421 EXPECT_TRUE(domain_state.pkp.spki_hashes[0].Equals(hash2)); | 458 EXPECT_TRUE(domain_state.pkp.spki_hashes[0].Equals(hash2)); |
422 | 459 |
423 state.AddHPKP("foo.example.com", expiry, false, HashValueVector(1, hash3)); | 460 state.AddHPKP("foo.example.com", expiry, false, HashValueVector(1, hash3), |
461 report_uri); | |
424 | 462 |
425 ASSERT_TRUE(state.GetDynamicDomainState("foo.example.com", &domain_state)); | 463 ASSERT_TRUE(state.GetDynamicDomainState("foo.example.com", &domain_state)); |
426 ASSERT_EQ(1u, domain_state.pkp.spki_hashes.size()); | 464 ASSERT_EQ(1u, domain_state.pkp.spki_hashes.size()); |
427 EXPECT_TRUE(domain_state.pkp.spki_hashes[0].Equals(hash3)); | 465 EXPECT_TRUE(domain_state.pkp.spki_hashes[0].Equals(hash3)); |
428 } | 466 } |
429 | 467 |
430 TEST_F(TransportSecurityStateTest, DeleteAllDynamicDataSince) { | 468 TEST_F(TransportSecurityStateTest, DeleteAllDynamicDataSince) { |
431 TransportSecurityState state; | 469 TransportSecurityState state; |
432 const base::Time current_time(base::Time::Now()); | 470 const base::Time current_time(base::Time::Now()); |
433 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); | 471 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); |
(...skipping 601 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1035 // These hosts used to only be HSTS when SNI was available. | 1073 // These hosts used to only be HSTS when SNI was available. |
1036 EXPECT_TRUE(TransportSecurityState::IsGooglePinnedProperty( | 1074 EXPECT_TRUE(TransportSecurityState::IsGooglePinnedProperty( |
1037 "gmail.com")); | 1075 "gmail.com")); |
1038 EXPECT_TRUE(TransportSecurityState::IsGooglePinnedProperty( | 1076 EXPECT_TRUE(TransportSecurityState::IsGooglePinnedProperty( |
1039 "googlegroups.com")); | 1077 "googlegroups.com")); |
1040 EXPECT_TRUE(TransportSecurityState::IsGooglePinnedProperty( | 1078 EXPECT_TRUE(TransportSecurityState::IsGooglePinnedProperty( |
1041 "www.googlegroups.com")); | 1079 "www.googlegroups.com")); |
1042 } | 1080 } |
1043 | 1081 |
1044 } // namespace net | 1082 } // namespace net |
OLD | NEW |