Parse HPKP report-uri and persist in TransportSecurityPersister

net/http/http_security_headers_unittest.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <stdint.h>
 #include <algorithm>
 
 #include "base/base64.h"
 #include "base/sha1.h"
 #include "base/strings/string_piece.h"
@@ skipping 134 matching lines @@
   // values for its predictable fields.
   EXPECT_EQ(0, max_age.InSeconds());
   EXPECT_FALSE(include_subdomains);
 }
 
 static void TestBogusPinsHeaders(HashValueTag tag) {
   base::TimeDelta max_age;
   bool include_subdomains;
   HashValueVector hashes;
   HashValueVector chain_hashes;
+  std::string report_uri;
 
   // Set some fake "chain" hashes
   chain_hashes.push_back(GetTestHashValue(1, tag));
   chain_hashes.push_back(GetTestHashValue(2, tag));
   chain_hashes.push_back(GetTestHashValue(3, tag));
 
   // The good pin must be in the chain, the backup pin must not be
   std::string good_pin = GetTestPin(2, tag);
   std::string good_pin_unquoted = GetTestPinUnquoted(2, tag);
   std::string backup_pin = GetTestPin(4, tag);
 
   EXPECT_FALSE(ParseHPKPHeader(std::string(), chain_hashes, &max_age,
-                               &include_subdomains, &hashes));
+                               &include_subdomains, &hashes, &report_uri));
   EXPECT_FALSE(ParseHPKPHeader("    ", chain_hashes, &max_age,
-                               &include_subdomains, &hashes));
+                               &include_subdomains, &hashes, &report_uri));
   EXPECT_FALSE(ParseHPKPHeader("abc", chain_hashes, &max_age,
-                               &include_subdomains, &hashes));
+                               &include_subdomains, &hashes, &report_uri));
   EXPECT_FALSE(ParseHPKPHeader("  abc", chain_hashes, &max_age,
-                               &include_subdomains, &hashes));
+                               &include_subdomains, &hashes, &report_uri));
   EXPECT_FALSE(ParseHPKPHeader("  abc   ", chain_hashes, &max_age,
-                               &include_subdomains, &hashes));
+                               &include_subdomains, &hashes, &report_uri));
   EXPECT_FALSE(ParseHPKPHeader("max-age", chain_hashes, &max_age,
-                               &include_subdomains, &hashes));
+                               &include_subdomains, &hashes, &report_uri));
   EXPECT_FALSE(ParseHPKPHeader("  max-age", chain_hashes, &max_age,
-                               &include_subdomains, &hashes));
+                               &include_subdomains, &hashes, &report_uri));
   EXPECT_FALSE(ParseHPKPHeader("  max-age  ", chain_hashes, &max_age,
-                               &include_subdomains, &hashes));
+                               &include_subdomains, &hashes, &report_uri));
   EXPECT_FALSE(ParseHPKPHeader("max-age=", chain_hashes, &max_age,
-                               &include_subdomains, &hashes));
+                               &include_subdomains, &hashes, &report_uri));
   EXPECT_FALSE(ParseHPKPHeader("   max-age=", chain_hashes, &max_age,
-                               &include_subdomains, &hashes));
+                               &include_subdomains, &hashes, &report_uri));
   EXPECT_FALSE(ParseHPKPHeader("   max-age  =", chain_hashes, &max_age,
-                               &include_subdomains, &hashes));
+                               &include_subdomains, &hashes, &report_uri));
   EXPECT_FALSE(ParseHPKPHeader("   max-age=   ", chain_hashes, &max_age,
-                               &include_subdomains, &hashes));
-  EXPECT_FALSE(ParseHPKPHeader("   max-age  =     ", chain_hashes,
-                               &max_age, &include_subdomains, &hashes));
-  EXPECT_FALSE(ParseHPKPHeader("   max-age  =     xy", chain_hashes,
-                               &max_age, &include_subdomains, &hashes));
-  EXPECT_FALSE(ParseHPKPHeader("   max-age  =     3488a923",
+                               &include_subdomains, &hashes, &report_uri));
+  EXPECT_FALSE(ParseHPKPHeader("   max-age  =     ", chain_hashes, &max_age,
+                               &include_subdomains, &hashes, &report_uri));
+  EXPECT_FALSE(ParseHPKPHeader("   max-age  =     xy", chain_hashes, &max_age,
+                               &include_subdomains, &hashes, &report_uri));
+  EXPECT_FALSE(ParseHPKPHeader("   max-age  =     3488a923", chain_hashes,
+                               &max_age, &include_subdomains, &hashes,
+                               &report_uri));
+  EXPECT_FALSE(ParseHPKPHeader("max-age=3488a923  ", chain_hashes, &max_age,
+                               &include_subdomains, &hashes, &report_uri));
+  EXPECT_FALSE(ParseHPKPHeader(
+      "max-ag=3488923pins=" + good_pin + "," + backup_pin, chain_hashes,
+      &max_age, &include_subdomains, &hashes, &report_uri));
+  EXPECT_FALSE(ParseHPKPHeader("max-age=3488923;pins=" + good_pin + "," +
+                                   backup_pin + "report-uri=\"http://foo.com\"",
                                chain_hashes, &max_age, &include_subdomains,
-                               &hashes));
-  EXPECT_FALSE(ParseHPKPHeader("max-age=3488a923  ", chain_hashes,
-                               &max_age, &include_subdomains, &hashes));
-  EXPECT_FALSE(ParseHPKPHeader("max-ag=3488923pins=" + good_pin + "," +
-                               backup_pin,
+                               &hashes, &report_uri));
+  EXPECT_FALSE(ParseHPKPHeader("max-aged=3488923" + backup_pin, chain_hashes,
+                               &max_age, &include_subdomains, &hashes,
+                               &report_uri));
+  EXPECT_FALSE(ParseHPKPHeader("max-aged=3488923; " + backup_pin, chain_hashes,
+                               &max_age, &include_subdomains, &hashes,
+                               &report_uri));
+  EXPECT_FALSE(ParseHPKPHeader(
+      "max-aged=3488923; " + backup_pin + ";" + backup_pin, chain_hashes,
+      &max_age, &include_subdomains, &hashes, &report_uri));
+  EXPECT_FALSE(ParseHPKPHeader("max-aged=3488923; " + good_pin + ";" + good_pin,
                                chain_hashes, &max_age, &include_subdomains,
-                               &hashes));
-  EXPECT_FALSE(ParseHPKPHeader("max-aged=3488923" + backup_pin,
-                               chain_hashes, &max_age, &include_subdomains,
-                               &hashes));
-  EXPECT_FALSE(ParseHPKPHeader("max-aged=3488923; " + backup_pin,
-                               chain_hashes, &max_age, &include_subdomains,
-                               &hashes));
-  EXPECT_FALSE(ParseHPKPHeader("max-aged=3488923; " + backup_pin + ";" +
-                               backup_pin,
-                               chain_hashes, &max_age, &include_subdomains,
-                               &hashes));
-  EXPECT_FALSE(ParseHPKPHeader("max-aged=3488923; " + good_pin + ";" +
-                               good_pin,
-                               chain_hashes, &max_age, &include_subdomains,
-                               &hashes));
-  EXPECT_FALSE(ParseHPKPHeader("max-aged=3488923; " + good_pin,
-                               chain_hashes, &max_age, &include_subdomains,
-                               &hashes));
+                               &hashes, &report_uri));
+  EXPECT_FALSE(ParseHPKPHeader("max-aged=3488923; " + good_pin, chain_hashes,
+                               &max_age, &include_subdomains, &hashes,
+                               &report_uri));
   EXPECT_FALSE(ParseHPKPHeader("max-age==3488923", chain_hashes, &max_age,
-                               &include_subdomains, &hashes));
+                               &include_subdomains, &hashes, &report_uri));
   EXPECT_FALSE(ParseHPKPHeader("amax-age=3488923", chain_hashes, &max_age,
-                               &include_subdomains, &hashes));
+                               &include_subdomains, &hashes, &report_uri));
   EXPECT_FALSE(ParseHPKPHeader("max-age=-3488923", chain_hashes, &max_age,
-                               &include_subdomains, &hashes));
+                               &include_subdomains, &hashes, &report_uri));
   EXPECT_FALSE(ParseHPKPHeader("max-age=3488923;", chain_hashes, &max_age,
-                               &include_subdomains, &hashes));
-  EXPECT_FALSE(ParseHPKPHeader("max-age=3488923     e", chain_hashes,
-                               &max_age, &include_subdomains, &hashes));
+                               &include_subdomains, &hashes, &report_uri));
+  EXPECT_FALSE(ParseHPKPHeader("max-age=3488923     e", chain_hashes, &max_age,
+                               &include_subdomains, &hashes, &report_uri));
   EXPECT_FALSE(ParseHPKPHeader("max-age=3488923     includesubdomain",
                                chain_hashes, &max_age, &include_subdomains,
-                               &hashes));
+                               &hashes, &report_uri));
+  EXPECT_FALSE(ParseHPKPHeader(
+      "max-age=3488923     report-uri=\"http://foo.com\"", chain_hashes,
+      &max_age, &include_subdomains, &hashes, &report_uri));
   EXPECT_FALSE(ParseHPKPHeader("max-age=34889.23", chain_hashes, &max_age,
-                               &include_subdomains, &hashes));
-  EXPECT_FALSE(
-      ParseHPKPHeader("max-age=243; " + good_pin_unquoted + ";" + backup_pin,
-                      chain_hashes, &max_age, &include_subdomains, &hashes));
+                               &include_subdomains, &hashes, &report_uri));
+  EXPECT_FALSE(ParseHPKPHeader(
+      "max-age=243; " + good_pin_unquoted + ";" + backup_pin, chain_hashes,
+      &max_age, &include_subdomains, &hashes, &report_uri));
+  EXPECT_FALSE(ParseHPKPHeader(
+      "max-age=243; " + good_pin + ";" + backup_pin + ";report-uri=;",
+      chain_hashes, &max_age, &include_subdomains, &hashes, &report_uri));
+  EXPECT_FALSE(ParseHPKPHeader("max-age=243; " + good_pin + ";" + backup_pin +
+                                   ";report-uri=http://foo.com;",
+                               chain_hashes, &max_age, &include_subdomains,
+                               &hashes, &report_uri));
+  EXPECT_FALSE(ParseHPKPHeader(
+      "max-age=243; " + good_pin + ";" + backup_pin + ";report-uri=''",
+      chain_hashes, &max_age, &include_subdomains, &hashes, &report_uri));
+
+  // Test that the parser rejects misquoted strings.
+  EXPECT_FALSE(ParseHPKPHeader("max-age=999; " + backup_pin + "; " + good_pin +
+                                   "; report-uri=\"http://foo;bar\'",
+                               chain_hashes, &max_age, &include_subdomains,
+                               &hashes, &report_uri));
 
   // Check the out args were not updated by checking the default
   // values for its predictable fields.
   EXPECT_EQ(0, max_age.InSeconds());
   EXPECT_EQ(hashes.size(), (size_t)0);
 }
 
 TEST_F(HttpSecurityHeadersTest, ValidSTSHeaders) {
   base::TimeDelta max_age;
   base::TimeDelta expect_max_age;
@@ skipping 150 matching lines @@
   EXPECT_EQ(expect_max_age, max_age);
   EXPECT_TRUE(include_subdomains);
 }
 
 static void TestValidPKPHeaders(HashValueTag tag) {
   base::TimeDelta max_age;
   base::TimeDelta expect_max_age;
   bool include_subdomains;
   HashValueVector hashes;
   HashValueVector chain_hashes;
+  std::string expect_report_uri;
+  std::string report_uri;
 
   // Set some fake "chain" hashes into chain_hashes
   chain_hashes.push_back(GetTestHashValue(1, tag));
   chain_hashes.push_back(GetTestHashValue(2, tag));
   chain_hashes.push_back(GetTestHashValue(3, tag));
 
   // The good pin must be in the chain, the backup pin must not be
   std::string good_pin = GetTestPin(2, tag);
   std::string good_pin2 = GetTestPin(3, tag);
   std::string backup_pin = GetTestPin(4, tag);
 
-  EXPECT_TRUE(ParseHPKPHeader(
-      "max-age=243; " + good_pin + ";" + backup_pin,
-      chain_hashes, &max_age, &include_subdomains, &hashes));
+  EXPECT_TRUE(ParseHPKPHeader("max-age=243; " + good_pin + ";" + backup_pin,
+                              chain_hashes, &max_age, &include_subdomains,
+                              &hashes, &report_uri));
   expect_max_age = base::TimeDelta::FromSeconds(243);
   EXPECT_EQ(expect_max_age, max_age);
   EXPECT_FALSE(include_subdomains);
+  EXPECT_EQ(std::string(), report_uri);
 
   EXPECT_TRUE(ParseHPKPHeader(
-      "   " + good_pin + "; " + backup_pin + "  ; Max-agE    = 567",
-      chain_hashes, &max_age, &include_subdomains, &hashes));
-  expect_max_age = base::TimeDelta::FromSeconds(567);
+      "max-age=243; " + good_pin + ";" + backup_pin + "; report-uri= \"/foo\"",
+      chain_hashes, &max_age, &include_subdomains, &hashes, &report_uri));
+  expect_max_age = base::TimeDelta::FromSeconds(243);
+  expect_report_uri = "/foo";
   EXPECT_EQ(expect_max_age, max_age);
   EXPECT_FALSE(include_subdomains);
+  EXPECT_EQ(expect_report_uri, report_uri);
 
-  EXPECT_TRUE(ParseHPKPHeader(
-      "includeSubDOMAINS;" + good_pin + ";" + backup_pin +
-      "  ; mAx-aGe    = 890      ",
-      chain_hashes, &max_age, &include_subdomains, &hashes));
+  EXPECT_TRUE(ParseHPKPHeader("   " + good_pin + "; " + backup_pin +
+                                  "  ; Max-agE    = 567; repOrT-URi = \"/foo\"",
+                              chain_hashes, &max_age, &include_subdomains,
+                              &hashes, &report_uri));
+  expect_max_age = base::TimeDelta::FromSeconds(567);
+  expect_report_uri = "/foo";
+  EXPECT_EQ(expect_max_age, max_age);
+  EXPECT_FALSE(include_subdomains);
+  EXPECT_EQ(expect_report_uri, report_uri);
+
+  EXPECT_TRUE(ParseHPKPHeader("includeSubDOMAINS;" + good_pin + ";" +
+                                  backup_pin + "  ; mAx-aGe    = 890      ",
+                              chain_hashes, &max_age, &include_subdomains,
+                              &hashes, &report_uri));
   expect_max_age = base::TimeDelta::FromSeconds(890);
   EXPECT_EQ(expect_max_age, max_age);
   EXPECT_TRUE(include_subdomains);
 
   EXPECT_TRUE(ParseHPKPHeader(
-      good_pin + ";" + backup_pin + "; max-age=123;IGNORED;",
-      chain_hashes, &max_age, &include_subdomains, &hashes));
+      good_pin + ";" + backup_pin + "; max-age=123;IGNORED;", chain_hashes,
+      &max_age, &include_subdomains, &hashes, &report_uri));
   expect_max_age = base::TimeDelta::FromSeconds(123);
   EXPECT_EQ(expect_max_age, max_age);
   EXPECT_FALSE(include_subdomains);
 
   EXPECT_TRUE(ParseHPKPHeader(
-      "max-age=394082;" + backup_pin + ";" + good_pin + ";  ",
-      chain_hashes, &max_age, &include_subdomains, &hashes));
+      "max-age=394082;" + backup_pin + ";" + good_pin + ";  ", chain_hashes,
+      &max_age, &include_subdomains, &hashes, &report_uri));
   expect_max_age = base::TimeDelta::FromSeconds(394082);
   EXPECT_EQ(expect_max_age, max_age);
   EXPECT_FALSE(include_subdomains);
 
   EXPECT_TRUE(ParseHPKPHeader(
-      "max-age=39408299  ;" + backup_pin + ";" + good_pin + ";  ",
-      chain_hashes, &max_age, &include_subdomains, &hashes));
+      "max-age=39408299  ;" + backup_pin + ";" + good_pin + ";  ", chain_hashes,
+      &max_age, &include_subdomains, &hashes, &report_uri));
   expect_max_age = base::TimeDelta::FromSeconds(
       std::min(kMaxHSTSAgeSecs, static_cast<int64>(INT64_C(39408299))));
   EXPECT_EQ(expect_max_age, max_age);
   EXPECT_FALSE(include_subdomains);
 
   EXPECT_TRUE(ParseHPKPHeader(
       "max-age=39408038  ;    cybers=39408038  ;  includeSubdomains; " +
           good_pin + ";" + backup_pin + ";   ",
-      chain_hashes, &max_age, &include_subdomains, &hashes));
+      chain_hashes, &max_age, &include_subdomains, &hashes, &report_uri));
   expect_max_age = base::TimeDelta::FromSeconds(
       std::min(kMaxHSTSAgeSecs, static_cast<int64>(INT64_C(394082038))));
   EXPECT_EQ(expect_max_age, max_age);
   EXPECT_TRUE(include_subdomains);
 
-  EXPECT_TRUE(ParseHPKPHeader(
-      "  max-age=0  ;  " + good_pin + ";" + backup_pin,
-      chain_hashes, &max_age, &include_subdomains, &hashes));
+  EXPECT_TRUE(ParseHPKPHeader("  max-age=0  ;  " + good_pin + ";" + backup_pin,
+                              chain_hashes, &max_age, &include_subdomains,
+                              &hashes, &report_uri));
   expect_max_age = base::TimeDelta::FromSeconds(0);
   EXPECT_EQ(expect_max_age, max_age);
   EXPECT_FALSE(include_subdomains);
 
   EXPECT_TRUE(ParseHPKPHeader(
       "  max-age=0 ; includeSubdomains;  " + good_pin + ";" + backup_pin,
-      chain_hashes, &max_age, &include_subdomains, &hashes));
+      chain_hashes, &max_age, &include_subdomains, &hashes, &report_uri));
   expect_max_age = base::TimeDelta::FromSeconds(0);
   EXPECT_EQ(expect_max_age, max_age);
   EXPECT_TRUE(include_subdomains);
 
   EXPECT_TRUE(ParseHPKPHeader(
       "  max-age=999999999999999999999999999999999999999999999  ;  " +
           backup_pin + ";" + good_pin + ";   ",
-      chain_hashes, &max_age, &include_subdomains, &hashes));
+      chain_hashes, &max_age, &include_subdomains, &hashes, &report_uri));
   expect_max_age = base::TimeDelta::FromSeconds(kMaxHSTSAgeSecs);
   EXPECT_EQ(expect_max_age, max_age);
   EXPECT_FALSE(include_subdomains);
 
+  EXPECT_TRUE(ParseHPKPHeader(
+      "  max-age=999999999999999999999999999999999999999999999  ;  " +
+          backup_pin + ";" + good_pin + ";   report-uri=\"/foo\"",
+      chain_hashes, &max_age, &include_subdomains, &hashes, &report_uri));
+  expect_max_age = base::TimeDelta::FromSeconds(kMaxHSTSAgeSecs);
+  expect_report_uri = "/foo";
+  EXPECT_EQ(expect_max_age, max_age);
+  EXPECT_FALSE(include_subdomains);
+  EXPECT_EQ(expect_report_uri, report_uri);
+
   // Test that parsing a different header resets the hashes.
   hashes.clear();
   EXPECT_TRUE(ParseHPKPHeader(
-      "  max-age=999;  " +
-          backup_pin + ";" + good_pin + ";   ",
-      chain_hashes, &max_age, &include_subdomains, &hashes));
+      "  max-age=999;  " + backup_pin + ";" + good_pin + ";   ", chain_hashes,
+      &max_age, &include_subdomains, &hashes, &report_uri));
   EXPECT_EQ(2u, hashes.size());
   EXPECT_TRUE(ParseHPKPHeader(
       "  max-age=999;  " + backup_pin + ";" + good_pin2 + ";   ", chain_hashes,
-      &max_age, &include_subdomains, &hashes));
+      &max_age, &include_subdomains, &hashes, &report_uri));
   EXPECT_EQ(2u, hashes.size());
+
+  // Test that the parser correctly parses an unencoded ';' inside a
+  // quoted report-uri.
+  EXPECT_TRUE(ParseHPKPHeader("max-age=999; " + backup_pin + "; " + good_pin +
+                                  "; report-uri=\"http://foo;bar\"",
+                              chain_hashes, &max_age, &include_subdomains,
+                              &hashes, &report_uri));
+  expect_max_age = base::TimeDelta::FromSeconds(999);
+  expect_report_uri = "http://foo;bar";
+  EXPECT_EQ(expect_max_age, max_age);
+  EXPECT_FALSE(include_subdomains);
+  EXPECT_EQ(expect_report_uri, report_uri);
+
+  // Test that the parser correctly parses a report-uri with a >0x7f
+  // character.
+  expect_report_uri = "http://foo";
+  expect_report_uri += char(0x7f);
+  EXPECT_TRUE(ParseHPKPHeader("max-age=999; " + backup_pin + "; " + good_pin +
+                                  "; report-uri=\"" + expect_report_uri + "\"",
+                              chain_hashes, &max_age, &include_subdomains,
+                              &hashes, &report_uri));
+  expect_max_age = base::TimeDelta::FromSeconds(999);
+  EXPECT_EQ(expect_max_age, max_age);
+  EXPECT_FALSE(include_subdomains);
+  EXPECT_EQ(expect_report_uri, report_uri);
 }
 
 TEST_F(HttpSecurityHeadersTest, BogusPinsHeadersSHA1) {
   TestBogusPinsHeaders(HASH_VALUE_SHA1);
 }
 
 TEST_F(HttpSecurityHeadersTest, BogusPinsHeadersSHA256) {
   TestBogusPinsHeaders(HASH_VALUE_SHA256);
 }
 
@@ skipping 15 matching lines @@
   EXPECT_TRUE(
       state.GetStaticDomainState(domain, &static_domain_state));
   EXPECT_GT(static_domain_state.pkp.spki_hashes.size(), 1UL);
   HashValueVector saved_hashes = static_domain_state.pkp.spki_hashes;
 
   // Add a header, which should only update the dynamic state.
   HashValue good_hash = GetTestHashValue(1, HASH_VALUE_SHA1);
   HashValue backup_hash = GetTestHashValue(2, HASH_VALUE_SHA1);
   std::string good_pin = GetTestPin(1, HASH_VALUE_SHA1);
   std::string backup_pin = GetTestPin(2, HASH_VALUE_SHA1);
-  std::string header = "max-age = 10000; " + good_pin + "; " + backup_pin;
+  std::string report_uri = "http://google.com";
+  std::string header = "max-age = 10000; " + good_pin + "; " + backup_pin +
+                       ";report-uri=\"" + report_uri + "\"";
 
   // Construct a fake SSLInfo that will pass AddHPKPHeader's checks.
   SSLInfo ssl_info;
   ssl_info.public_key_hashes.push_back(good_hash);
   ssl_info.public_key_hashes.push_back(saved_hashes[0]);
   EXPECT_TRUE(state.AddHPKPHeader(domain, header, ssl_info));
 
   // Expect the static state to remain unchanged.
   TransportSecurityState::DomainState new_static_domain_state;
   EXPECT_TRUE(state.GetStaticDomainState(
       domain, &new_static_domain_state));
   for (size_t i = 0; i < saved_hashes.size(); ++i) {
     EXPECT_TRUE(HashValuesEqual(saved_hashes[i])(
         new_static_domain_state.pkp.spki_hashes[i]));
   }
 
   // Expect the dynamic state to reflect the header.
   TransportSecurityState::DomainState dynamic_domain_state;
   EXPECT_TRUE(state.GetDynamicDomainState(domain, &dynamic_domain_state));
   EXPECT_EQ(2UL, dynamic_domain_state.pkp.spki_hashes.size());
+  EXPECT_EQ(report_uri, dynamic_domain_state.pkp.report_uri);
 
   HashValueVector::const_iterator hash =
       std::find_if(dynamic_domain_state.pkp.spki_hashes.begin(),
                    dynamic_domain_state.pkp.spki_hashes.end(),
                    HashValuesEqual(good_hash));
   EXPECT_NE(dynamic_domain_state.pkp.spki_hashes.end(), hash);
 
   hash = std::find_if(dynamic_domain_state.pkp.spki_hashes.begin(),
                       dynamic_domain_state.pkp.spki_hashes.end(),
                       HashValuesEqual(backup_hash));
   EXPECT_NE(dynamic_domain_state.pkp.spki_hashes.end(), hash);
 
   // Expect the overall state to reflect the header, too.
   EXPECT_TRUE(state.HasPublicKeyPins(domain));
   HashValueVector hashes;
   hashes.push_back(good_hash);
   std::string failure_log;
   const bool is_issued_by_known_root = true;
   EXPECT_TRUE(state.CheckPublicKeyPins(
       domain, is_issued_by_known_root, hashes, &failure_log));
 
   TransportSecurityState::DomainState new_dynamic_domain_state;
   EXPECT_TRUE(state.GetDynamicDomainState(domain, &new_dynamic_domain_state));
   EXPECT_EQ(2UL, new_dynamic_domain_state.pkp.spki_hashes.size());
+  EXPECT_EQ(report_uri, dynamic_domain_state.pkp.report_uri);
 
   hash = std::find_if(new_dynamic_domain_state.pkp.spki_hashes.begin(),
                       new_dynamic_domain_state.pkp.spki_hashes.end(),
                       HashValuesEqual(good_hash));
   EXPECT_NE(new_dynamic_domain_state.pkp.spki_hashes.end(), hash);
 
   hash = std::find_if(new_dynamic_domain_state.pkp.spki_hashes.begin(),
                       new_dynamic_domain_state.pkp.spki_hashes.end(),
                       HashValuesEqual(backup_hash));
   EXPECT_NE(new_dynamic_domain_state.pkp.spki_hashes.end(), hash);
@@ skipping 166 matching lines @@
       ssl_info));
 
   // The old pins must still exist.
   EXPECT_TRUE(state.HasPublicKeyPins("example.com"));
   EXPECT_TRUE(state.CheckPublicKeyPins("example.com", is_issued_by_known_root,
                                        ssl_info.public_key_hashes,
                                        &failure_log));
 }
 
 };    // namespace net