Chromium Code Reviews Chromium Code Reviews
Issue 1211363005:
Parse HPKP report-uri and persist in TransportSecurityPersister (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: net/http/transport_security_persister_unittest.cc |
| diff --git a/net/http/transport_security_persister_unittest.cc b/net/http/transport_security_persister_unittest.cc |
| index 2c9419e5cff600f0de2f1205d280444f552cea48..0e8e06688fbeddbc36cd6424e08948483910273e 100644 |
| --- a/net/http/transport_security_persister_unittest.cc |
| +++ b/net/http/transport_security_persister_unittest.cc |
| @@ -84,6 +84,9 @@ TEST_F(TransportSecurityPersisterTest, SerializeData2) { |
| } |
| TEST_F(TransportSecurityPersisterTest, SerializeData3) { |
| + static const char kReportUri[] = "http://www.example.com/report"; |
| + std::string report_uri(kReportUri); |
|
Ryan Sleevi
2015/06/26 19:41:52
Why the explicit string? Implicit string construct
estark
2015/06/26 22:42:11
Done.
|
| + |
| // Add an entry. |
| HashValue fp1(HASH_VALUE_SHA1); |
| memset(fp1.data(), 0, fp1.size()); |
| @@ -97,7 +100,7 @@ TEST_F(TransportSecurityPersisterTest, SerializeData3) { |
| bool include_subdomains = false; |
| state_.AddHSTS("www.example.com", expiry, include_subdomains); |
| state_.AddHPKP("www.example.com", expiry, include_subdomains, |
| - dynamic_spki_hashes); |
| + dynamic_spki_hashes, report_uri); |
| // Add another entry. |
| memset(fp1.data(), 2, fp1.size()); |
| @@ -108,7 +111,7 @@ TEST_F(TransportSecurityPersisterTest, SerializeData3) { |
| dynamic_spki_hashes.push_back(fp2); |
| state_.AddHSTS("www.example.net", expiry, include_subdomains); |
| state_.AddHPKP("www.example.net", expiry, include_subdomains, |
| - dynamic_spki_hashes); |
| + dynamic_spki_hashes, report_uri); |
| // Save a copy of everything. |
| std::map<std::string, TransportSecurityState::DomainState> saved; |
| @@ -164,6 +167,9 @@ TEST_F(TransportSecurityPersisterTest, SerializeDataOld) { |
| } |
| TEST_F(TransportSecurityPersisterTest, PublicKeyHashes) { |
| + static const char kReportUri[] = "http://example.com/test"; |
| + std::string report_uri(kReportUri); |
| + |
| TransportSecurityState::DomainState domain_state; |
| static const char kTestDomain[] = "example.com"; |
| EXPECT_FALSE(state_.GetDynamicDomainState(kTestDomain, &domain_state)); |
| @@ -187,8 +193,48 @@ TEST_F(TransportSecurityPersisterTest, PublicKeyHashes) { |
| const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); |
| bool include_subdomains = false; |
| state_.AddHSTS(kTestDomain, expiry, include_subdomains); |
| - state_.AddHPKP( |
| - kTestDomain, expiry, include_subdomains, domain_state.pkp.spki_hashes); |
| + state_.AddHPKP(kTestDomain, expiry, include_subdomains, |
| + domain_state.pkp.spki_hashes, report_uri); |
| + std::string serialized; |
| + EXPECT_TRUE(persister_->SerializeData(&serialized)); |
| + bool dirty; |
| + EXPECT_TRUE(persister_->LoadEntries(serialized, &dirty)); |
| + |
| + TransportSecurityState::DomainState new_domain_state; |
| + EXPECT_TRUE(state_.GetDynamicDomainState(kTestDomain, &new_domain_state)); |
| + EXPECT_EQ(1u, new_domain_state.pkp.spki_hashes.size()); |
| + EXPECT_EQ(sha1.tag, new_domain_state.pkp.spki_hashes[0].tag); |
| + EXPECT_EQ(0, memcmp(new_domain_state.pkp.spki_hashes[0].data(), sha1.data(), |
| + sha1.size())); |
| +} |
| + |
| +TEST_F(TransportSecurityPersisterTest, PublicKeyPinReportUri) { |
| + TransportSecurityState::DomainState domain_state; |
| + static const char kTestDomain[] = "example.com"; |
| + static const char kTestReportUri[] = "http://example.com/report"; |
| + |
| + EXPECT_FALSE(state_.GetDynamicDomainState(kTestDomain, &domain_state)); |
| + HashValueVector hashes; |
| + std::string failure_log; |
| + EXPECT_FALSE(domain_state.CheckPublicKeyPins(hashes, &failure_log)); |
| + |
| + HashValue sha1(HASH_VALUE_SHA1); |
| + memset(sha1.data(), '1', sha1.size()); |
| + domain_state.pkp.spki_hashes.push_back(sha1); |
| + |
| + EXPECT_FALSE(domain_state.CheckPublicKeyPins(hashes, &failure_log)); |
| + |
| + hashes.push_back(sha1); |
| + EXPECT_TRUE(domain_state.CheckPublicKeyPins(hashes, &failure_log)); |
| + |
| + hashes[0].data()[0] = '2'; |
| + EXPECT_FALSE(domain_state.CheckPublicKeyPins(hashes, &failure_log)); |
| + |
| + const base::Time current_time(base::Time::Now()); |
| + const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); |
| + bool include_subdomains = false; |
| + state_.AddHPKP(kTestDomain, expiry, include_subdomains, |
| + domain_state.pkp.spki_hashes, std::string(kTestReportUri)); |
| std::string serialized; |
| EXPECT_TRUE(persister_->SerializeData(&serialized)); |
| bool dirty; |
| @@ -202,6 +248,7 @@ TEST_F(TransportSecurityPersisterTest, PublicKeyHashes) { |
| memcmp(new_domain_state.pkp.spki_hashes[0].data(), |
| sha1.data(), |
| sha1.size())); |
| + EXPECT_EQ(kTestReportUri, new_domain_state.pkp.report_uri); |
| } |
| } // namespace |
