net/http/transport_security_persister_unittest.cc - Issue 1211363005: Parse HPKP report-uri and persist in TransportSecurityPersister

Side by Side Diff: net/http/transport_security_persister_unittest.cc

Issue 1211363005: Parse HPKP report-uri and persist in TransportSecurityPersister (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: GetNext() fix Created 5 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/http/transport_security_persister.h"	5 #include "net/http/transport_security_persister.h"

6	6

7 #include <map>	7 #include <map>

8 #include <string>	8 #include <string>

9 #include <vector>	9 #include <vector>

10	10

11 #include "base/files/file_path.h"	11 #include "base/files/file_path.h"

12 #include "base/files/file_util.h"	12 #include "base/files/file_util.h"

13 #include "base/files/scoped_temp_dir.h"	13 #include "base/files/scoped_temp_dir.h"

14 #include "base/message_loop/message_loop.h"	14 #include "base/message_loop/message_loop.h"

15 #include "net/http/transport_security_state.h"	15 #include "net/http/transport_security_state.h"

16 #include "testing/gtest/include/gtest/gtest.h"	16 #include "testing/gtest/include/gtest/gtest.h"

17	17

18 namespace net {	18 namespace net {

19	19

20 namespace {	20 namespace {

21	21

	22 const char kReportUri[] = "http://www.example.test/report";

	23

22 class TransportSecurityPersisterTest : public testing::Test {	24 class TransportSecurityPersisterTest : public testing::Test {

23 public:	25 public:

24 TransportSecurityPersisterTest() {	26 TransportSecurityPersisterTest() {

25 }	27 }

26	28

27 ~TransportSecurityPersisterTest() override {	29 ~TransportSecurityPersisterTest() override {

28 base::MessageLoopForIO::current()->RunUntilIdle();	30 base::MessageLoopForIO::current()->RunUntilIdle();

29 }	31 }

30	32

31 void SetUp() override {	33 void SetUp() override {

(...skipping 47 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
79 EXPECT_TRUE(state_.GetDynamicSTSState("foo.bar.yahoo.com", &sts_state));	81 EXPECT_TRUE(state_.GetDynamicSTSState("foo.bar.yahoo.com", &sts_state));

80 EXPECT_EQ(sts_state.upgrade_mode,	82 EXPECT_EQ(sts_state.upgrade_mode,

81 TransportSecurityState::STSState::MODE_FORCE_HTTPS);	83 TransportSecurityState::STSState::MODE_FORCE_HTTPS);

82 EXPECT_TRUE(state_.GetDynamicSTSState("foo.bar.baz.yahoo.com", &sts_state));	84 EXPECT_TRUE(state_.GetDynamicSTSState("foo.bar.baz.yahoo.com", &sts_state));

83 EXPECT_EQ(sts_state.upgrade_mode,	85 EXPECT_EQ(sts_state.upgrade_mode,

84 TransportSecurityState::STSState::MODE_FORCE_HTTPS);	86 TransportSecurityState::STSState::MODE_FORCE_HTTPS);

85 EXPECT_FALSE(state_.GetStaticDomainState("com", &sts_state, &pkp_state));	87 EXPECT_FALSE(state_.GetStaticDomainState("com", &sts_state, &pkp_state));

86 }	88 }

87	89

88 TEST_F(TransportSecurityPersisterTest, SerializeData3) {	90 TEST_F(TransportSecurityPersisterTest, SerializeData3) {

	91 const GURL report_uri(kReportUri);

89 // Add an entry.	92 // Add an entry.

90 HashValue fp1(HASH_VALUE_SHA1);	93 HashValue fp1(HASH_VALUE_SHA1);

91 memset(fp1.data(), 0, fp1.size());	94 memset(fp1.data(), 0, fp1.size());

92 HashValue fp2(HASH_VALUE_SHA1);	95 HashValue fp2(HASH_VALUE_SHA1);

93 memset(fp2.data(), 1, fp2.size());	96 memset(fp2.data(), 1, fp2.size());

94 base::Time expiry =	97 base::Time expiry =

95 base::Time::Now() + base::TimeDelta::FromSeconds(1000);	98 base::Time::Now() + base::TimeDelta::FromSeconds(1000);

96 HashValueVector dynamic_spki_hashes;	99 HashValueVector dynamic_spki_hashes;

97 dynamic_spki_hashes.push_back(fp1);	100 dynamic_spki_hashes.push_back(fp1);

98 dynamic_spki_hashes.push_back(fp2);	101 dynamic_spki_hashes.push_back(fp2);

99 bool include_subdomains = false;	102 bool include_subdomains = false;

100 state_.AddHSTS("www.example.com", expiry, include_subdomains);	103 state_.AddHSTS("www.example.com", expiry, include_subdomains);

101 state_.AddHPKP("www.example.com", expiry, include_subdomains,	104 state_.AddHPKP("www.example.com", expiry, include_subdomains,

102 dynamic_spki_hashes);	105 dynamic_spki_hashes, report_uri);

103	106

104 // Add another entry.	107 // Add another entry.

105 memset(fp1.data(), 2, fp1.size());	108 memset(fp1.data(), 2, fp1.size());

106 memset(fp2.data(), 3, fp2.size());	109 memset(fp2.data(), 3, fp2.size());

107 expiry =	110 expiry =

108 base::Time::Now() + base::TimeDelta::FromSeconds(3000);	111 base::Time::Now() + base::TimeDelta::FromSeconds(3000);

109 dynamic_spki_hashes.push_back(fp1);	112 dynamic_spki_hashes.push_back(fp1);

110 dynamic_spki_hashes.push_back(fp2);	113 dynamic_spki_hashes.push_back(fp2);

111 state_.AddHSTS("www.example.net", expiry, include_subdomains);	114 state_.AddHSTS("www.example.net", expiry, include_subdomains);

112 state_.AddHPKP("www.example.net", expiry, include_subdomains,	115 state_.AddHPKP("www.example.net", expiry, include_subdomains,

113 dynamic_spki_hashes);	116 dynamic_spki_hashes, report_uri);

114	117

115 // Save a copy of everything.	118 // Save a copy of everything.

116 std::set<std::string> sts_saved;	119 std::set<std::string> sts_saved;

117 TransportSecurityState::STSStateIterator sts_iter(state_);	120 TransportSecurityState::STSStateIterator sts_iter(state_);

118 while (sts_iter.HasNext()) {	121 while (sts_iter.HasNext()) {

119 sts_saved.insert(sts_iter.hostname());	122 sts_saved.insert(sts_iter.hostname());

120 sts_iter.Advance();	123 sts_iter.Advance();

121 }	124 }

122	125

123 std::set<std::string> pkp_saved;	126 std::set<std::string> pkp_saved;

(...skipping 49 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
173 "\"expiry\": 1266815027.983453, "	176 "\"expiry\": 1266815027.983453, "

174 "\"include_subdomains\": false, "	177 "\"include_subdomains\": false, "

175 "\"mode\": \"strict\" "	178 "\"mode\": \"strict\" "

176 "}"	179 "}"

177 "}";	180 "}";

178 bool dirty;	181 bool dirty;

179 EXPECT_TRUE(persister_->LoadEntries(output, &dirty));	182 EXPECT_TRUE(persister_->LoadEntries(output, &dirty));

180 EXPECT_TRUE(dirty);	183 EXPECT_TRUE(dirty);

181 }	184 }

182	185

183 TEST_F(TransportSecurityPersisterTest, PublicKeyHashes) {	186 TEST_F(TransportSecurityPersisterTest, PublicKeyPins) {

	187 const GURL report_uri(kReportUri);

184 TransportSecurityState::PKPState pkp_state;	188 TransportSecurityState::PKPState pkp_state;

185 static const char kTestDomain[] = "example.com";	189 static const char kTestDomain[] = "example.com";

	190

186 EXPECT_FALSE(state_.GetDynamicPKPState(kTestDomain, &pkp_state));	191 EXPECT_FALSE(state_.GetDynamicPKPState(kTestDomain, &pkp_state));

187 HashValueVector hashes;	192 HashValueVector hashes;

188 std::string failure_log;	193 std::string failure_log;

189 EXPECT_FALSE(pkp_state.CheckPublicKeyPins(hashes, &failure_log));	194 EXPECT_FALSE(pkp_state.CheckPublicKeyPins(hashes, &failure_log));

190	195

191 HashValue sha1(HASH_VALUE_SHA1);	196 HashValue sha1(HASH_VALUE_SHA1);

192 memset(sha1.data(), '1', sha1.size());	197 memset(sha1.data(), '1', sha1.size());

193 pkp_state.spki_hashes.push_back(sha1);	198 pkp_state.spki_hashes.push_back(sha1);

194	199

195 EXPECT_FALSE(pkp_state.CheckPublicKeyPins(hashes, &failure_log));	200 EXPECT_FALSE(pkp_state.CheckPublicKeyPins(hashes, &failure_log));

196	201

197 hashes.push_back(sha1);	202 hashes.push_back(sha1);

198 EXPECT_TRUE(pkp_state.CheckPublicKeyPins(hashes, &failure_log));	203 EXPECT_TRUE(pkp_state.CheckPublicKeyPins(hashes, &failure_log));

199	204

200 hashes[0].data()[0] = '2';	205 hashes[0].data()[0] = '2';

201 EXPECT_FALSE(pkp_state.CheckPublicKeyPins(hashes, &failure_log));	206 EXPECT_FALSE(pkp_state.CheckPublicKeyPins(hashes, &failure_log));

202	207

203 const base::Time current_time(base::Time::Now());	208 const base::Time current_time(base::Time::Now());

204 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);	209 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);

205 bool include_subdomains = false;	210 bool include_subdomains = false;

206 state_.AddHSTS(kTestDomain, expiry, include_subdomains);	211 state_.AddHSTS(kTestDomain, expiry, include_subdomains);

207 state_.AddHPKP(kTestDomain, expiry, include_subdomains,	212 state_.AddHPKP(kTestDomain, expiry, include_subdomains, pkp_state.spki_hashes,

208 pkp_state.spki_hashes);	213 report_uri);

209 std::string serialized;	214 std::string serialized;

210 EXPECT_TRUE(persister_->SerializeData(&serialized));	215 EXPECT_TRUE(persister_->SerializeData(&serialized));

211 bool dirty;	216 bool dirty;

212 EXPECT_TRUE(persister_->LoadEntries(serialized, &dirty));	217 EXPECT_TRUE(persister_->LoadEntries(serialized, &dirty));

213	218

214 TransportSecurityState::PKPState new_pkp_state;	219 TransportSecurityState::PKPState new_pkp_state;

215 EXPECT_TRUE(state_.GetDynamicPKPState(kTestDomain, &new_pkp_state));	220 EXPECT_TRUE(state_.GetDynamicPKPState(kTestDomain, &new_pkp_state));

216 EXPECT_EQ(1u, new_pkp_state.spki_hashes.size());	221 EXPECT_EQ(1u, new_pkp_state.spki_hashes.size());

217 EXPECT_EQ(sha1.tag, new_pkp_state.spki_hashes[0].tag);	222 EXPECT_EQ(sha1.tag, new_pkp_state.spki_hashes[0].tag);

218 EXPECT_EQ(	223 EXPECT_EQ(

219 0, memcmp(new_pkp_state.spki_hashes[0].data(), sha1.data(), sha1.size()));	224 0, memcmp(new_pkp_state.spki_hashes[0].data(), sha1.data(), sha1.size()));

	225 EXPECT_EQ(report_uri, new_pkp_state.report_uri);

220 }	226 }

221	227

222 } // namespace	228 } // namespace

223	229

224 } // namespace net	230 } // namespace net

OLD	NEW

« no previous file with comments | « net/http/transport_security_persister.cc ('k') | net/http/transport_security_state.h » ('j') | no next file with comments »