Parse HPKP report-uri and persist in TransportSecurityPersister

net/http/transport_security_persister_unittest.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/http/transport_security_persister.h"
 
 #include <map>
 #include <string>
 #include <vector>
 
 #include "base/files/file_path.h"
 #include "base/files/file_util.h"
 #include "base/files/scoped_temp_dir.h"
 #include "base/message_loop/message_loop.h"
 #include "net/http/transport_security_state.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
 namespace net {
 
 namespace {
 
+const char kReportUri[] = "http://www.example.com/report";
+
 class TransportSecurityPersisterTest : public testing::Test {
  public:
   TransportSecurityPersisterTest() {
   }
 
   ~TransportSecurityPersisterTest() override {
     base::MessageLoopForIO::current()->RunUntilIdle();
   }
 
   void SetUp() override {
@@ skipping 58 matching lines @@
   HashValue fp2(HASH_VALUE_SHA1);
   memset(fp2.data(), 1, fp2.size());
   base::Time expiry =
       base::Time::Now() + base::TimeDelta::FromSeconds(1000);
   HashValueVector dynamic_spki_hashes;
   dynamic_spki_hashes.push_back(fp1);
   dynamic_spki_hashes.push_back(fp2);
   bool include_subdomains = false;
   state_.AddHSTS("www.example.com", expiry, include_subdomains);
   state_.AddHPKP("www.example.com", expiry, include_subdomains,
-                 dynamic_spki_hashes);
+                 dynamic_spki_hashes, kReportUri);
 
   // Add another entry.
   memset(fp1.data(), 2, fp1.size());
   memset(fp2.data(), 3, fp2.size());
   expiry =
       base::Time::Now() + base::TimeDelta::FromSeconds(3000);
   dynamic_spki_hashes.push_back(fp1);
   dynamic_spki_hashes.push_back(fp2);
   state_.AddHSTS("www.example.net", expiry, include_subdomains);
   state_.AddHPKP("www.example.net", expiry, include_subdomains,
-                 dynamic_spki_hashes);
+                 dynamic_spki_hashes, kReportUri);
 
   // Save a copy of everything.
   std::map<std::string, TransportSecurityState::DomainState> saved;
   TransportSecurityState::Iterator i(state_);
   while (i.HasNext()) {
     saved[i.hostname()] = i.domain_state();
     i.Advance();
   }
 
   std::string serialized;
@@ skipping 58 matching lines @@
   hashes.push_back(sha1);
   EXPECT_TRUE(domain_state.CheckPublicKeyPins(hashes, &failure_log));
 
   hashes[0].data()[0] = '2';
   EXPECT_FALSE(domain_state.CheckPublicKeyPins(hashes, &failure_log));
 
   const base::Time current_time(base::Time::Now());
   const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
   bool include_subdomains = false;
   state_.AddHSTS(kTestDomain, expiry, include_subdomains);
-  state_.AddHPKP(
-      kTestDomain, expiry, include_subdomains, domain_state.pkp.spki_hashes);
+  state_.AddHPKP(kTestDomain, expiry, include_subdomains,
+                 domain_state.pkp.spki_hashes, kReportUri);
   std::string serialized;
   EXPECT_TRUE(persister_->SerializeData(&serialized));
   bool dirty;
+  EXPECT_TRUE(persister_->LoadEntries(serialized, &dirty));
+
+  TransportSecurityState::DomainState new_domain_state;
+  EXPECT_TRUE(state_.GetDynamicDomainState(kTestDomain, &new_domain_state));
+  EXPECT_EQ(1u, new_domain_state.pkp.spki_hashes.size());
+  EXPECT_EQ(sha1.tag, new_domain_state.pkp.spki_hashes[0].tag);
+  EXPECT_EQ(0, memcmp(new_domain_state.pkp.spki_hashes[0].data(), sha1.data(),
+                      sha1.size()));
+}
+
+TEST_F(TransportSecurityPersisterTest, PublicKeyPinReportUri) {
+  TransportSecurityState::DomainState domain_state;
+  static const char kTestDomain[] = "example.com";
+  static const char kTestReportUri[] = "http://example.com/report";
+
+  EXPECT_FALSE(state_.GetDynamicDomainState(kTestDomain, &domain_state));
+  HashValueVector hashes;
+  std::string failure_log;
+  EXPECT_FALSE(domain_state.CheckPublicKeyPins(hashes, &failure_log));
+
+  HashValue sha1(HASH_VALUE_SHA1);
+  memset(sha1.data(), '1', sha1.size());
+  domain_state.pkp.spki_hashes.push_back(sha1);
+
+  EXPECT_FALSE(domain_state.CheckPublicKeyPins(hashes, &failure_log));
+
+  hashes.push_back(sha1);
+  EXPECT_TRUE(domain_state.CheckPublicKeyPins(hashes, &failure_log));
+
+  hashes[0].data()[0] = '2';
+  EXPECT_FALSE(domain_state.CheckPublicKeyPins(hashes, &failure_log));
+
+  const base::Time current_time(base::Time::Now());
+  const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
+  bool include_subdomains = false;
+  state_.AddHPKP(kTestDomain, expiry, include_subdomains,
+                 domain_state.pkp.spki_hashes, std::string(kTestReportUri));
+  std::string serialized;
+  EXPECT_TRUE(persister_->SerializeData(&serialized));
+  bool dirty;
   EXPECT_TRUE(persister_->LoadEntries(serialized, &dirty));
 
   TransportSecurityState::DomainState new_domain_state;
   EXPECT_TRUE(state_.GetDynamicDomainState(kTestDomain, &new_domain_state));
   EXPECT_EQ(1u, new_domain_state.pkp.spki_hashes.size());
   EXPECT_EQ(sha1.tag, new_domain_state.pkp.spki_hashes[0].tag);
   EXPECT_EQ(0,
             memcmp(new_domain_state.pkp.spki_hashes[0].data(),
                    sha1.data(),
                    sha1.size()));
+  EXPECT_EQ(kTestReportUri, new_domain_state.pkp.report_uri);
 }
 
 }  // namespace
 
 }  // namespace net