Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(693)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/http/transport_security_persister_unittest.cc

Issue 1211363005: Parse HPKP report-uri and persist in TransportSecurityPersister (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: rebase Created 5 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« net/http/http_util_unittest.cc ('K') | « net/http/transport_security_persister.cc ('k') | net/http/transport_security_state.h » ('j') | net/http/transport_security_state.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/http/transport_security_persister_unittest.cc
diff --git a/net/http/transport_security_persister_unittest.cc b/net/http/transport_security_persister_unittest.cc
index 53cb2f4b7024e2ebf4aecca622ad27b5887ae465..c24224c857b1763c54ff3b03dc4274853436b683 100644
--- a/net/http/transport_security_persister_unittest.cc
+++ b/net/http/transport_security_persister_unittest.cc
@@ -19,6 +19,8 @@ namespace net {
namespace {
+const char kReportUri[] = "http://www.example.com/report";
+
class TransportSecurityPersisterTest : public testing::Test {
public:
TransportSecurityPersisterTest() {
@@ -99,7 +101,7 @@ TEST_F(TransportSecurityPersisterTest, SerializeData3) {
bool include_subdomains = false;
state_.AddHSTS("www.example.com", expiry, include_subdomains);
state_.AddHPKP("www.example.com", expiry, include_subdomains,
- dynamic_spki_hashes);
+ dynamic_spki_hashes, kReportUri);
// Add another entry.
memset(fp1.data(), 2, fp1.size());
@@ -110,7 +112,7 @@ TEST_F(TransportSecurityPersisterTest, SerializeData3) {
dynamic_spki_hashes.push_back(fp2);
state_.AddHSTS("www.example.net", expiry, include_subdomains);
state_.AddHPKP("www.example.net", expiry, include_subdomains,
- dynamic_spki_hashes);
+ dynamic_spki_hashes, kReportUri);
// Save a copy of everything.
std::set<std::string> sts_saved;
@@ -182,7 +184,9 @@ TEST_F(TransportSecurityPersisterTest, SerializeDataOld) {
TEST_F(TransportSecurityPersisterTest, PublicKeyHashes) {
TransportSecurityState::PKPState pkp_state;
+ static const char kReportUri[] = "http://example.com/test";
davidben 2015/07/15 22:21:06 Remove this line in favor of the global one? (Conf
estark 2015/07/16 00:07:01 Done.
static const char kTestDomain[] = "example.com";
+
EXPECT_FALSE(state_.GetDynamicPKPState(kTestDomain, &pkp_state));
HashValueVector hashes;
std::string failure_log;
@@ -204,8 +208,49 @@ TEST_F(TransportSecurityPersisterTest, PublicKeyHashes) {
const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
bool include_subdomains = false;
state_.AddHSTS(kTestDomain, expiry, include_subdomains);
- state_.AddHPKP(kTestDomain, expiry, include_subdomains,
- pkp_state.spki_hashes);
+ state_.AddHPKP(kTestDomain, expiry, include_subdomains, pkp_state.spki_hashes,
+ kReportUri);
+ std::string serialized;
+ EXPECT_TRUE(persister_->SerializeData(&serialized));
+ bool dirty;
+ EXPECT_TRUE(persister_->LoadEntries(serialized, &dirty));
+
+ TransportSecurityState::PKPState new_pkp_state;
+ EXPECT_TRUE(state_.GetDynamicPKPState(kTestDomain, &new_pkp_state));
+ EXPECT_EQ(1u, new_pkp_state.spki_hashes.size());
+ EXPECT_EQ(sha1.tag, new_pkp_state.spki_hashes[0].tag);
+ EXPECT_EQ(
+ 0, memcmp(new_pkp_state.spki_hashes[0].data(), sha1.data(), sha1.size()));
+ EXPECT_EQ(kReportUri, new_pkp_state.report_uri);
+}
+
+TEST_F(TransportSecurityPersisterTest, PublicKeyPinReportUri) {
davidben 2015/07/15 22:21:06 Isn't this test the same as the one above, or am I
estark 2015/07/16 00:07:01 Er, sorry, don't know what I was thinking there. D
+ TransportSecurityState::PKPState pkp_state;
+ static const char kTestDomain[] = "example.com";
+ static const char kTestReportUri[] = "http://example.com/report";
+
+ EXPECT_FALSE(state_.GetDynamicPKPState(kTestDomain, &pkp_state));
+ HashValueVector hashes;
+ std::string failure_log;
+ EXPECT_FALSE(pkp_state.CheckPublicKeyPins(hashes, &failure_log));
+
+ HashValue sha1(HASH_VALUE_SHA1);
+ memset(sha1.data(), '1', sha1.size());
+ pkp_state.spki_hashes.push_back(sha1);
+
+ EXPECT_FALSE(pkp_state.CheckPublicKeyPins(hashes, &failure_log));
+
+ hashes.push_back(sha1);
+ EXPECT_TRUE(pkp_state.CheckPublicKeyPins(hashes, &failure_log));
+
+ hashes[0].data()[0] = '2';
+ EXPECT_FALSE(pkp_state.CheckPublicKeyPins(hashes, &failure_log));
+
+ const base::Time current_time(base::Time::Now());
+ const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
+ bool include_subdomains = false;
+ state_.AddHPKP(kTestDomain, expiry, include_subdomains, pkp_state.spki_hashes,
+ kTestReportUri);
std::string serialized;
EXPECT_TRUE(persister_->SerializeData(&serialized));
bool dirty;
@@ -217,6 +262,7 @@ TEST_F(TransportSecurityPersisterTest, PublicKeyHashes) {
EXPECT_EQ(sha1.tag, new_pkp_state.spki_hashes[0].tag);
EXPECT_EQ(
0, memcmp(new_pkp_state.spki_hashes[0].data(), sha1.data(), sha1.size()));
+ EXPECT_EQ(kTestReportUri, new_pkp_state.report_uri);
}
} // namespace
« net/http/http_util_unittest.cc ('K') | « net/http/transport_security_persister.cc ('k') | net/http/transport_security_state.h » ('j') | net/http/transport_security_state.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698