OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <stdint.h> | 5 #include <stdint.h> |
6 #include <algorithm> | 6 #include <algorithm> |
7 | 7 |
8 #include "base/base64.h" | 8 #include "base/base64.h" |
9 #include "base/sha1.h" | 9 #include "base/sha1.h" |
10 #include "base/strings/string_piece.h" | 10 #include "base/strings/string_piece.h" |
(...skipping 134 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
145 // values for its predictable fields. | 145 // values for its predictable fields. |
146 EXPECT_EQ(0, max_age.InSeconds()); | 146 EXPECT_EQ(0, max_age.InSeconds()); |
147 EXPECT_FALSE(include_subdomains); | 147 EXPECT_FALSE(include_subdomains); |
148 } | 148 } |
149 | 149 |
150 static void TestBogusPinsHeaders(HashValueTag tag) { | 150 static void TestBogusPinsHeaders(HashValueTag tag) { |
151 base::TimeDelta max_age; | 151 base::TimeDelta max_age; |
152 bool include_subdomains; | 152 bool include_subdomains; |
153 HashValueVector hashes; | 153 HashValueVector hashes; |
154 HashValueVector chain_hashes; | 154 HashValueVector chain_hashes; |
| 155 std::string report_uri; |
155 | 156 |
156 // Set some fake "chain" hashes | 157 // Set some fake "chain" hashes |
157 chain_hashes.push_back(GetTestHashValue(1, tag)); | 158 chain_hashes.push_back(GetTestHashValue(1, tag)); |
158 chain_hashes.push_back(GetTestHashValue(2, tag)); | 159 chain_hashes.push_back(GetTestHashValue(2, tag)); |
159 chain_hashes.push_back(GetTestHashValue(3, tag)); | 160 chain_hashes.push_back(GetTestHashValue(3, tag)); |
160 | 161 |
161 // The good pin must be in the chain, the backup pin must not be | 162 // The good pin must be in the chain, the backup pin must not be |
162 std::string good_pin = GetTestPin(2, tag); | 163 std::string good_pin = GetTestPin(2, tag); |
163 std::string good_pin_unquoted = GetTestPinUnquoted(2, tag); | 164 std::string good_pin_unquoted = GetTestPinUnquoted(2, tag); |
164 std::string backup_pin = GetTestPin(4, tag); | 165 std::string backup_pin = GetTestPin(4, tag); |
165 | 166 |
166 EXPECT_FALSE(ParseHPKPHeader(std::string(), chain_hashes, &max_age, | 167 EXPECT_FALSE(ParseHPKPHeader(std::string(), chain_hashes, &max_age, |
167 &include_subdomains, &hashes)); | 168 &include_subdomains, &hashes, &report_uri)); |
168 EXPECT_FALSE(ParseHPKPHeader(" ", chain_hashes, &max_age, | 169 EXPECT_FALSE(ParseHPKPHeader(" ", chain_hashes, &max_age, |
169 &include_subdomains, &hashes)); | 170 &include_subdomains, &hashes, &report_uri)); |
170 EXPECT_FALSE(ParseHPKPHeader("abc", chain_hashes, &max_age, | 171 EXPECT_FALSE(ParseHPKPHeader("abc", chain_hashes, &max_age, |
171 &include_subdomains, &hashes)); | 172 &include_subdomains, &hashes, &report_uri)); |
172 EXPECT_FALSE(ParseHPKPHeader(" abc", chain_hashes, &max_age, | 173 EXPECT_FALSE(ParseHPKPHeader(" abc", chain_hashes, &max_age, |
173 &include_subdomains, &hashes)); | 174 &include_subdomains, &hashes, &report_uri)); |
174 EXPECT_FALSE(ParseHPKPHeader(" abc ", chain_hashes, &max_age, | 175 EXPECT_FALSE(ParseHPKPHeader(" abc ", chain_hashes, &max_age, |
175 &include_subdomains, &hashes)); | 176 &include_subdomains, &hashes, &report_uri)); |
176 EXPECT_FALSE(ParseHPKPHeader("max-age", chain_hashes, &max_age, | 177 EXPECT_FALSE(ParseHPKPHeader("max-age", chain_hashes, &max_age, |
177 &include_subdomains, &hashes)); | 178 &include_subdomains, &hashes, &report_uri)); |
178 EXPECT_FALSE(ParseHPKPHeader(" max-age", chain_hashes, &max_age, | 179 EXPECT_FALSE(ParseHPKPHeader(" max-age", chain_hashes, &max_age, |
179 &include_subdomains, &hashes)); | 180 &include_subdomains, &hashes, &report_uri)); |
180 EXPECT_FALSE(ParseHPKPHeader(" max-age ", chain_hashes, &max_age, | 181 EXPECT_FALSE(ParseHPKPHeader(" max-age ", chain_hashes, &max_age, |
181 &include_subdomains, &hashes)); | 182 &include_subdomains, &hashes, &report_uri)); |
182 EXPECT_FALSE(ParseHPKPHeader("max-age=", chain_hashes, &max_age, | 183 EXPECT_FALSE(ParseHPKPHeader("max-age=", chain_hashes, &max_age, |
183 &include_subdomains, &hashes)); | 184 &include_subdomains, &hashes, &report_uri)); |
184 EXPECT_FALSE(ParseHPKPHeader(" max-age=", chain_hashes, &max_age, | 185 EXPECT_FALSE(ParseHPKPHeader(" max-age=", chain_hashes, &max_age, |
185 &include_subdomains, &hashes)); | 186 &include_subdomains, &hashes, &report_uri)); |
186 EXPECT_FALSE(ParseHPKPHeader(" max-age =", chain_hashes, &max_age, | 187 EXPECT_FALSE(ParseHPKPHeader(" max-age =", chain_hashes, &max_age, |
187 &include_subdomains, &hashes)); | 188 &include_subdomains, &hashes, &report_uri)); |
188 EXPECT_FALSE(ParseHPKPHeader(" max-age= ", chain_hashes, &max_age, | 189 EXPECT_FALSE(ParseHPKPHeader(" max-age= ", chain_hashes, &max_age, |
189 &include_subdomains, &hashes)); | 190 &include_subdomains, &hashes, &report_uri)); |
190 EXPECT_FALSE(ParseHPKPHeader(" max-age = ", chain_hashes, | 191 EXPECT_FALSE(ParseHPKPHeader(" max-age = ", chain_hashes, &max_age, |
191 &max_age, &include_subdomains, &hashes)); | 192 &include_subdomains, &hashes, &report_uri)); |
192 EXPECT_FALSE(ParseHPKPHeader(" max-age = xy", chain_hashes, | 193 EXPECT_FALSE(ParseHPKPHeader(" max-age = xy", chain_hashes, &max_age, |
193 &max_age, &include_subdomains, &hashes)); | 194 &include_subdomains, &hashes, &report_uri)); |
194 EXPECT_FALSE(ParseHPKPHeader(" max-age = 3488a923", | 195 EXPECT_FALSE(ParseHPKPHeader(" max-age = 3488a923", chain_hashes, |
| 196 &max_age, &include_subdomains, &hashes, |
| 197 &report_uri)); |
| 198 EXPECT_FALSE(ParseHPKPHeader("max-age=3488a923 ", chain_hashes, &max_age, |
| 199 &include_subdomains, &hashes, &report_uri)); |
| 200 EXPECT_FALSE(ParseHPKPHeader( |
| 201 "max-ag=3488923pins=" + good_pin + "," + backup_pin, chain_hashes, |
| 202 &max_age, &include_subdomains, &hashes, &report_uri)); |
| 203 EXPECT_FALSE(ParseHPKPHeader("max-age=3488923;pins=" + good_pin + "," + |
| 204 backup_pin + "report-uri=\"http://foo.com\"", |
195 chain_hashes, &max_age, &include_subdomains, | 205 chain_hashes, &max_age, &include_subdomains, |
196 &hashes)); | 206 &hashes, &report_uri)); |
197 EXPECT_FALSE(ParseHPKPHeader("max-age=3488a923 ", chain_hashes, | 207 EXPECT_FALSE(ParseHPKPHeader("max-aged=3488923" + backup_pin, chain_hashes, |
198 &max_age, &include_subdomains, &hashes)); | 208 &max_age, &include_subdomains, &hashes, |
199 EXPECT_FALSE(ParseHPKPHeader("max-ag=3488923pins=" + good_pin + "," + | 209 &report_uri)); |
200 backup_pin, | 210 EXPECT_FALSE(ParseHPKPHeader("max-aged=3488923; " + backup_pin, chain_hashes, |
| 211 &max_age, &include_subdomains, &hashes, |
| 212 &report_uri)); |
| 213 EXPECT_FALSE(ParseHPKPHeader( |
| 214 "max-aged=3488923; " + backup_pin + ";" + backup_pin, chain_hashes, |
| 215 &max_age, &include_subdomains, &hashes, &report_uri)); |
| 216 EXPECT_FALSE(ParseHPKPHeader("max-aged=3488923; " + good_pin + ";" + good_pin, |
201 chain_hashes, &max_age, &include_subdomains, | 217 chain_hashes, &max_age, &include_subdomains, |
202 &hashes)); | 218 &hashes, &report_uri)); |
203 EXPECT_FALSE(ParseHPKPHeader("max-aged=3488923" + backup_pin, | 219 EXPECT_FALSE(ParseHPKPHeader("max-aged=3488923; " + good_pin, chain_hashes, |
204 chain_hashes, &max_age, &include_subdomains, | 220 &max_age, &include_subdomains, &hashes, |
205 &hashes)); | 221 &report_uri)); |
206 EXPECT_FALSE(ParseHPKPHeader("max-aged=3488923; " + backup_pin, | |
207 chain_hashes, &max_age, &include_subdomains, | |
208 &hashes)); | |
209 EXPECT_FALSE(ParseHPKPHeader("max-aged=3488923; " + backup_pin + ";" + | |
210 backup_pin, | |
211 chain_hashes, &max_age, &include_subdomains, | |
212 &hashes)); | |
213 EXPECT_FALSE(ParseHPKPHeader("max-aged=3488923; " + good_pin + ";" + | |
214 good_pin, | |
215 chain_hashes, &max_age, &include_subdomains, | |
216 &hashes)); | |
217 EXPECT_FALSE(ParseHPKPHeader("max-aged=3488923; " + good_pin, | |
218 chain_hashes, &max_age, &include_subdomains, | |
219 &hashes)); | |
220 EXPECT_FALSE(ParseHPKPHeader("max-age==3488923", chain_hashes, &max_age, | 222 EXPECT_FALSE(ParseHPKPHeader("max-age==3488923", chain_hashes, &max_age, |
221 &include_subdomains, &hashes)); | 223 &include_subdomains, &hashes, &report_uri)); |
222 EXPECT_FALSE(ParseHPKPHeader("amax-age=3488923", chain_hashes, &max_age, | 224 EXPECT_FALSE(ParseHPKPHeader("amax-age=3488923", chain_hashes, &max_age, |
223 &include_subdomains, &hashes)); | 225 &include_subdomains, &hashes, &report_uri)); |
224 EXPECT_FALSE(ParseHPKPHeader("max-age=-3488923", chain_hashes, &max_age, | 226 EXPECT_FALSE(ParseHPKPHeader("max-age=-3488923", chain_hashes, &max_age, |
225 &include_subdomains, &hashes)); | 227 &include_subdomains, &hashes, &report_uri)); |
226 EXPECT_FALSE(ParseHPKPHeader("max-age=3488923;", chain_hashes, &max_age, | 228 EXPECT_FALSE(ParseHPKPHeader("max-age=3488923;", chain_hashes, &max_age, |
227 &include_subdomains, &hashes)); | 229 &include_subdomains, &hashes, &report_uri)); |
228 EXPECT_FALSE(ParseHPKPHeader("max-age=3488923 e", chain_hashes, | 230 EXPECT_FALSE(ParseHPKPHeader("max-age=3488923 e", chain_hashes, &max_age, |
229 &max_age, &include_subdomains, &hashes)); | 231 &include_subdomains, &hashes, &report_uri)); |
230 EXPECT_FALSE(ParseHPKPHeader("max-age=3488923 includesubdomain", | 232 EXPECT_FALSE(ParseHPKPHeader("max-age=3488923 includesubdomain", |
231 chain_hashes, &max_age, &include_subdomains, | 233 chain_hashes, &max_age, &include_subdomains, |
232 &hashes)); | 234 &hashes, &report_uri)); |
| 235 EXPECT_FALSE(ParseHPKPHeader( |
| 236 "max-age=3488923 report-uri=\"http://foo.com\"", chain_hashes, |
| 237 &max_age, &include_subdomains, &hashes, &report_uri)); |
233 EXPECT_FALSE(ParseHPKPHeader("max-age=34889.23", chain_hashes, &max_age, | 238 EXPECT_FALSE(ParseHPKPHeader("max-age=34889.23", chain_hashes, &max_age, |
234 &include_subdomains, &hashes)); | 239 &include_subdomains, &hashes, &report_uri)); |
235 EXPECT_FALSE( | 240 EXPECT_FALSE(ParseHPKPHeader( |
236 ParseHPKPHeader("max-age=243; " + good_pin_unquoted + ";" + backup_pin, | 241 "max-age=243; " + good_pin_unquoted + ";" + backup_pin, chain_hashes, |
237 chain_hashes, &max_age, &include_subdomains, &hashes)); | 242 &max_age, &include_subdomains, &hashes, &report_uri)); |
| 243 EXPECT_FALSE(ParseHPKPHeader( |
| 244 "max-age=243; " + good_pin + ";" + backup_pin + ";report-uri=;", |
| 245 chain_hashes, &max_age, &include_subdomains, &hashes, &report_uri)); |
| 246 EXPECT_FALSE(ParseHPKPHeader("max-age=243; " + good_pin + ";" + backup_pin + |
| 247 ";report-uri=http://foo.com;", |
| 248 chain_hashes, &max_age, &include_subdomains, |
| 249 &hashes, &report_uri)); |
| 250 EXPECT_FALSE(ParseHPKPHeader( |
| 251 "max-age=243; " + good_pin + ";" + backup_pin + ";report-uri=''", |
| 252 chain_hashes, &max_age, &include_subdomains, &hashes, &report_uri)); |
238 | 253 |
239 // Check the out args were not updated by checking the default | 254 // Check the out args were not updated by checking the default |
240 // values for its predictable fields. | 255 // values for its predictable fields. |
241 EXPECT_EQ(0, max_age.InSeconds()); | 256 EXPECT_EQ(0, max_age.InSeconds()); |
242 EXPECT_EQ(hashes.size(), (size_t)0); | 257 EXPECT_EQ(hashes.size(), (size_t)0); |
243 } | 258 } |
244 | 259 |
245 TEST_F(HttpSecurityHeadersTest, ValidSTSHeaders) { | 260 TEST_F(HttpSecurityHeadersTest, ValidSTSHeaders) { |
246 base::TimeDelta max_age; | 261 base::TimeDelta max_age; |
247 base::TimeDelta expect_max_age; | 262 base::TimeDelta expect_max_age; |
(...skipping 150 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
398 EXPECT_EQ(expect_max_age, max_age); | 413 EXPECT_EQ(expect_max_age, max_age); |
399 EXPECT_TRUE(include_subdomains); | 414 EXPECT_TRUE(include_subdomains); |
400 } | 415 } |
401 | 416 |
402 static void TestValidPKPHeaders(HashValueTag tag) { | 417 static void TestValidPKPHeaders(HashValueTag tag) { |
403 base::TimeDelta max_age; | 418 base::TimeDelta max_age; |
404 base::TimeDelta expect_max_age; | 419 base::TimeDelta expect_max_age; |
405 bool include_subdomains; | 420 bool include_subdomains; |
406 HashValueVector hashes; | 421 HashValueVector hashes; |
407 HashValueVector chain_hashes; | 422 HashValueVector chain_hashes; |
| 423 std::string expect_report_uri; |
| 424 std::string report_uri; |
408 | 425 |
409 // Set some fake "chain" hashes into chain_hashes | 426 // Set some fake "chain" hashes into chain_hashes |
410 chain_hashes.push_back(GetTestHashValue(1, tag)); | 427 chain_hashes.push_back(GetTestHashValue(1, tag)); |
411 chain_hashes.push_back(GetTestHashValue(2, tag)); | 428 chain_hashes.push_back(GetTestHashValue(2, tag)); |
412 chain_hashes.push_back(GetTestHashValue(3, tag)); | 429 chain_hashes.push_back(GetTestHashValue(3, tag)); |
413 | 430 |
414 // The good pin must be in the chain, the backup pin must not be | 431 // The good pin must be in the chain, the backup pin must not be |
415 std::string good_pin = GetTestPin(2, tag); | 432 std::string good_pin = GetTestPin(2, tag); |
416 std::string good_pin2 = GetTestPin(3, tag); | 433 std::string good_pin2 = GetTestPin(3, tag); |
417 std::string backup_pin = GetTestPin(4, tag); | 434 std::string backup_pin = GetTestPin(4, tag); |
418 | 435 |
419 EXPECT_TRUE(ParseHPKPHeader( | 436 EXPECT_TRUE(ParseHPKPHeader("max-age=243; " + good_pin + ";" + backup_pin, |
420 "max-age=243; " + good_pin + ";" + backup_pin, | 437 chain_hashes, &max_age, &include_subdomains, |
421 chain_hashes, &max_age, &include_subdomains, &hashes)); | 438 &hashes, &report_uri)); |
422 expect_max_age = base::TimeDelta::FromSeconds(243); | 439 expect_max_age = base::TimeDelta::FromSeconds(243); |
423 EXPECT_EQ(expect_max_age, max_age); | 440 EXPECT_EQ(expect_max_age, max_age); |
424 EXPECT_FALSE(include_subdomains); | 441 EXPECT_FALSE(include_subdomains); |
| 442 EXPECT_EQ(std::string(), report_uri); |
425 | 443 |
426 EXPECT_TRUE(ParseHPKPHeader( | 444 EXPECT_TRUE(ParseHPKPHeader( |
427 " " + good_pin + "; " + backup_pin + " ; Max-agE = 567", | 445 "max-age=243; " + good_pin + ";" + backup_pin + "; report-uri= \"/foo\"", |
428 chain_hashes, &max_age, &include_subdomains, &hashes)); | 446 chain_hashes, &max_age, &include_subdomains, &hashes, &report_uri)); |
429 expect_max_age = base::TimeDelta::FromSeconds(567); | 447 expect_max_age = base::TimeDelta::FromSeconds(243); |
| 448 expect_report_uri = "/foo"; |
430 EXPECT_EQ(expect_max_age, max_age); | 449 EXPECT_EQ(expect_max_age, max_age); |
431 EXPECT_FALSE(include_subdomains); | 450 EXPECT_FALSE(include_subdomains); |
| 451 EXPECT_EQ(expect_report_uri, report_uri); |
432 | 452 |
433 EXPECT_TRUE(ParseHPKPHeader( | 453 EXPECT_TRUE(ParseHPKPHeader(" " + good_pin + "; " + backup_pin + |
434 "includeSubDOMAINS;" + good_pin + ";" + backup_pin + | 454 " ; Max-agE = 567; repOrT-URi = \"/foo\"", |
435 " ; mAx-aGe = 890 ", | 455 chain_hashes, &max_age, &include_subdomains, |
436 chain_hashes, &max_age, &include_subdomains, &hashes)); | 456 &hashes, &report_uri)); |
| 457 expect_max_age = base::TimeDelta::FromSeconds(567); |
| 458 expect_report_uri = "/foo"; |
| 459 EXPECT_EQ(expect_max_age, max_age); |
| 460 EXPECT_FALSE(include_subdomains); |
| 461 EXPECT_EQ(expect_report_uri, report_uri); |
| 462 |
| 463 EXPECT_TRUE(ParseHPKPHeader("includeSubDOMAINS;" + good_pin + ";" + |
| 464 backup_pin + " ; mAx-aGe = 890 ", |
| 465 chain_hashes, &max_age, &include_subdomains, |
| 466 &hashes, &report_uri)); |
437 expect_max_age = base::TimeDelta::FromSeconds(890); | 467 expect_max_age = base::TimeDelta::FromSeconds(890); |
438 EXPECT_EQ(expect_max_age, max_age); | 468 EXPECT_EQ(expect_max_age, max_age); |
439 EXPECT_TRUE(include_subdomains); | 469 EXPECT_TRUE(include_subdomains); |
440 | 470 |
441 EXPECT_TRUE(ParseHPKPHeader( | 471 EXPECT_TRUE(ParseHPKPHeader( |
442 good_pin + ";" + backup_pin + "; max-age=123;IGNORED;", | 472 good_pin + ";" + backup_pin + "; max-age=123;IGNORED;", chain_hashes, |
443 chain_hashes, &max_age, &include_subdomains, &hashes)); | 473 &max_age, &include_subdomains, &hashes, &report_uri)); |
444 expect_max_age = base::TimeDelta::FromSeconds(123); | 474 expect_max_age = base::TimeDelta::FromSeconds(123); |
445 EXPECT_EQ(expect_max_age, max_age); | 475 EXPECT_EQ(expect_max_age, max_age); |
446 EXPECT_FALSE(include_subdomains); | 476 EXPECT_FALSE(include_subdomains); |
447 | 477 |
448 EXPECT_TRUE(ParseHPKPHeader( | 478 EXPECT_TRUE(ParseHPKPHeader( |
449 "max-age=394082;" + backup_pin + ";" + good_pin + "; ", | 479 "max-age=394082;" + backup_pin + ";" + good_pin + "; ", chain_hashes, |
450 chain_hashes, &max_age, &include_subdomains, &hashes)); | 480 &max_age, &include_subdomains, &hashes, &report_uri)); |
451 expect_max_age = base::TimeDelta::FromSeconds(394082); | 481 expect_max_age = base::TimeDelta::FromSeconds(394082); |
452 EXPECT_EQ(expect_max_age, max_age); | 482 EXPECT_EQ(expect_max_age, max_age); |
453 EXPECT_FALSE(include_subdomains); | 483 EXPECT_FALSE(include_subdomains); |
454 | 484 |
455 EXPECT_TRUE(ParseHPKPHeader( | 485 EXPECT_TRUE(ParseHPKPHeader( |
456 "max-age=39408299 ;" + backup_pin + ";" + good_pin + "; ", | 486 "max-age=39408299 ;" + backup_pin + ";" + good_pin + "; ", chain_hashes, |
457 chain_hashes, &max_age, &include_subdomains, &hashes)); | 487 &max_age, &include_subdomains, &hashes, &report_uri)); |
458 expect_max_age = base::TimeDelta::FromSeconds( | 488 expect_max_age = base::TimeDelta::FromSeconds( |
459 std::min(kMaxHSTSAgeSecs, static_cast<int64>(INT64_C(39408299)))); | 489 std::min(kMaxHSTSAgeSecs, static_cast<int64>(INT64_C(39408299)))); |
460 EXPECT_EQ(expect_max_age, max_age); | 490 EXPECT_EQ(expect_max_age, max_age); |
461 EXPECT_FALSE(include_subdomains); | 491 EXPECT_FALSE(include_subdomains); |
462 | 492 |
463 EXPECT_TRUE(ParseHPKPHeader( | 493 EXPECT_TRUE(ParseHPKPHeader( |
464 "max-age=39408038 ; cybers=39408038 ; includeSubdomains; " + | 494 "max-age=39408038 ; cybers=39408038 ; includeSubdomains; " + |
465 good_pin + ";" + backup_pin + "; ", | 495 good_pin + ";" + backup_pin + "; ", |
466 chain_hashes, &max_age, &include_subdomains, &hashes)); | 496 chain_hashes, &max_age, &include_subdomains, &hashes, &report_uri)); |
467 expect_max_age = base::TimeDelta::FromSeconds( | 497 expect_max_age = base::TimeDelta::FromSeconds( |
468 std::min(kMaxHSTSAgeSecs, static_cast<int64>(INT64_C(394082038)))); | 498 std::min(kMaxHSTSAgeSecs, static_cast<int64>(INT64_C(394082038)))); |
469 EXPECT_EQ(expect_max_age, max_age); | 499 EXPECT_EQ(expect_max_age, max_age); |
470 EXPECT_TRUE(include_subdomains); | 500 EXPECT_TRUE(include_subdomains); |
471 | 501 |
472 EXPECT_TRUE(ParseHPKPHeader( | 502 EXPECT_TRUE(ParseHPKPHeader(" max-age=0 ; " + good_pin + ";" + backup_pin, |
473 " max-age=0 ; " + good_pin + ";" + backup_pin, | 503 chain_hashes, &max_age, &include_subdomains, |
474 chain_hashes, &max_age, &include_subdomains, &hashes)); | 504 &hashes, &report_uri)); |
475 expect_max_age = base::TimeDelta::FromSeconds(0); | 505 expect_max_age = base::TimeDelta::FromSeconds(0); |
476 EXPECT_EQ(expect_max_age, max_age); | 506 EXPECT_EQ(expect_max_age, max_age); |
477 EXPECT_FALSE(include_subdomains); | 507 EXPECT_FALSE(include_subdomains); |
478 | 508 |
479 EXPECT_TRUE(ParseHPKPHeader( | 509 EXPECT_TRUE(ParseHPKPHeader( |
480 " max-age=0 ; includeSubdomains; " + good_pin + ";" + backup_pin, | 510 " max-age=0 ; includeSubdomains; " + good_pin + ";" + backup_pin, |
481 chain_hashes, &max_age, &include_subdomains, &hashes)); | 511 chain_hashes, &max_age, &include_subdomains, &hashes, &report_uri)); |
482 expect_max_age = base::TimeDelta::FromSeconds(0); | 512 expect_max_age = base::TimeDelta::FromSeconds(0); |
483 EXPECT_EQ(expect_max_age, max_age); | 513 EXPECT_EQ(expect_max_age, max_age); |
484 EXPECT_TRUE(include_subdomains); | 514 EXPECT_TRUE(include_subdomains); |
485 | 515 |
486 EXPECT_TRUE(ParseHPKPHeader( | 516 EXPECT_TRUE(ParseHPKPHeader( |
487 " max-age=999999999999999999999999999999999999999999999 ; " + | 517 " max-age=999999999999999999999999999999999999999999999 ; " + |
488 backup_pin + ";" + good_pin + "; ", | 518 backup_pin + ";" + good_pin + "; ", |
489 chain_hashes, &max_age, &include_subdomains, &hashes)); | 519 chain_hashes, &max_age, &include_subdomains, &hashes, &report_uri)); |
490 expect_max_age = base::TimeDelta::FromSeconds(kMaxHSTSAgeSecs); | 520 expect_max_age = base::TimeDelta::FromSeconds(kMaxHSTSAgeSecs); |
491 EXPECT_EQ(expect_max_age, max_age); | 521 EXPECT_EQ(expect_max_age, max_age); |
492 EXPECT_FALSE(include_subdomains); | 522 EXPECT_FALSE(include_subdomains); |
493 | 523 |
| 524 EXPECT_TRUE(ParseHPKPHeader( |
| 525 " max-age=999999999999999999999999999999999999999999999 ; " + |
| 526 backup_pin + ";" + good_pin + "; report-uri=\"/foo\"", |
| 527 chain_hashes, &max_age, &include_subdomains, &hashes, &report_uri)); |
| 528 expect_max_age = base::TimeDelta::FromSeconds(kMaxHSTSAgeSecs); |
| 529 expect_report_uri = "/foo"; |
| 530 EXPECT_EQ(expect_max_age, max_age); |
| 531 EXPECT_FALSE(include_subdomains); |
| 532 EXPECT_EQ(expect_report_uri, report_uri); |
| 533 |
494 // Test that parsing a different header resets the hashes. | 534 // Test that parsing a different header resets the hashes. |
495 hashes.clear(); | 535 hashes.clear(); |
496 EXPECT_TRUE(ParseHPKPHeader( | 536 EXPECT_TRUE(ParseHPKPHeader( |
497 " max-age=999; " + | 537 " max-age=999; " + backup_pin + ";" + good_pin + "; ", chain_hashes, |
498 backup_pin + ";" + good_pin + "; ", | 538 &max_age, &include_subdomains, &hashes, &report_uri)); |
499 chain_hashes, &max_age, &include_subdomains, &hashes)); | |
500 EXPECT_EQ(2u, hashes.size()); | 539 EXPECT_EQ(2u, hashes.size()); |
501 EXPECT_TRUE(ParseHPKPHeader( | 540 EXPECT_TRUE(ParseHPKPHeader( |
502 " max-age=999; " + backup_pin + ";" + good_pin2 + "; ", chain_hashes, | 541 " max-age=999; " + backup_pin + ";" + good_pin2 + "; ", chain_hashes, |
503 &max_age, &include_subdomains, &hashes)); | 542 &max_age, &include_subdomains, &hashes, &report_uri)); |
504 EXPECT_EQ(2u, hashes.size()); | 543 EXPECT_EQ(2u, hashes.size()); |
505 } | 544 } |
506 | 545 |
507 TEST_F(HttpSecurityHeadersTest, BogusPinsHeadersSHA1) { | 546 TEST_F(HttpSecurityHeadersTest, BogusPinsHeadersSHA1) { |
508 TestBogusPinsHeaders(HASH_VALUE_SHA1); | 547 TestBogusPinsHeaders(HASH_VALUE_SHA1); |
509 } | 548 } |
510 | 549 |
511 TEST_F(HttpSecurityHeadersTest, BogusPinsHeadersSHA256) { | 550 TEST_F(HttpSecurityHeadersTest, BogusPinsHeadersSHA256) { |
512 TestBogusPinsHeaders(HASH_VALUE_SHA256); | 551 TestBogusPinsHeaders(HASH_VALUE_SHA256); |
513 } | 552 } |
(...skipping 16 matching lines...) Expand all Loading... |
530 EXPECT_TRUE( | 569 EXPECT_TRUE( |
531 state.GetStaticDomainState(domain, &static_domain_state)); | 570 state.GetStaticDomainState(domain, &static_domain_state)); |
532 EXPECT_GT(static_domain_state.pkp.spki_hashes.size(), 1UL); | 571 EXPECT_GT(static_domain_state.pkp.spki_hashes.size(), 1UL); |
533 HashValueVector saved_hashes = static_domain_state.pkp.spki_hashes; | 572 HashValueVector saved_hashes = static_domain_state.pkp.spki_hashes; |
534 | 573 |
535 // Add a header, which should only update the dynamic state. | 574 // Add a header, which should only update the dynamic state. |
536 HashValue good_hash = GetTestHashValue(1, HASH_VALUE_SHA1); | 575 HashValue good_hash = GetTestHashValue(1, HASH_VALUE_SHA1); |
537 HashValue backup_hash = GetTestHashValue(2, HASH_VALUE_SHA1); | 576 HashValue backup_hash = GetTestHashValue(2, HASH_VALUE_SHA1); |
538 std::string good_pin = GetTestPin(1, HASH_VALUE_SHA1); | 577 std::string good_pin = GetTestPin(1, HASH_VALUE_SHA1); |
539 std::string backup_pin = GetTestPin(2, HASH_VALUE_SHA1); | 578 std::string backup_pin = GetTestPin(2, HASH_VALUE_SHA1); |
540 std::string header = "max-age = 10000; " + good_pin + "; " + backup_pin; | 579 std::string report_uri = "http://google.com"; |
| 580 std::string header = "max-age = 10000; " + good_pin + "; " + backup_pin + |
| 581 ";report-uri=\"" + report_uri + "\""; |
541 | 582 |
542 // Construct a fake SSLInfo that will pass AddHPKPHeader's checks. | 583 // Construct a fake SSLInfo that will pass AddHPKPHeader's checks. |
543 SSLInfo ssl_info; | 584 SSLInfo ssl_info; |
544 ssl_info.public_key_hashes.push_back(good_hash); | 585 ssl_info.public_key_hashes.push_back(good_hash); |
545 ssl_info.public_key_hashes.push_back(saved_hashes[0]); | 586 ssl_info.public_key_hashes.push_back(saved_hashes[0]); |
546 EXPECT_TRUE(state.AddHPKPHeader(domain, header, ssl_info)); | 587 EXPECT_TRUE(state.AddHPKPHeader(domain, header, ssl_info)); |
547 | 588 |
548 // Expect the static state to remain unchanged. | 589 // Expect the static state to remain unchanged. |
549 TransportSecurityState::DomainState new_static_domain_state; | 590 TransportSecurityState::DomainState new_static_domain_state; |
550 EXPECT_TRUE(state.GetStaticDomainState( | 591 EXPECT_TRUE(state.GetStaticDomainState( |
551 domain, &new_static_domain_state)); | 592 domain, &new_static_domain_state)); |
552 for (size_t i = 0; i < saved_hashes.size(); ++i) { | 593 for (size_t i = 0; i < saved_hashes.size(); ++i) { |
553 EXPECT_TRUE(HashValuesEqual(saved_hashes[i])( | 594 EXPECT_TRUE(HashValuesEqual(saved_hashes[i])( |
554 new_static_domain_state.pkp.spki_hashes[i])); | 595 new_static_domain_state.pkp.spki_hashes[i])); |
555 } | 596 } |
556 | 597 |
557 // Expect the dynamic state to reflect the header. | 598 // Expect the dynamic state to reflect the header. |
558 TransportSecurityState::DomainState dynamic_domain_state; | 599 TransportSecurityState::DomainState dynamic_domain_state; |
559 EXPECT_TRUE(state.GetDynamicDomainState(domain, &dynamic_domain_state)); | 600 EXPECT_TRUE(state.GetDynamicDomainState(domain, &dynamic_domain_state)); |
560 EXPECT_EQ(2UL, dynamic_domain_state.pkp.spki_hashes.size()); | 601 EXPECT_EQ(2UL, dynamic_domain_state.pkp.spki_hashes.size()); |
| 602 EXPECT_EQ(report_uri, dynamic_domain_state.pkp.report_uri); |
561 | 603 |
562 HashValueVector::const_iterator hash = | 604 HashValueVector::const_iterator hash = |
563 std::find_if(dynamic_domain_state.pkp.spki_hashes.begin(), | 605 std::find_if(dynamic_domain_state.pkp.spki_hashes.begin(), |
564 dynamic_domain_state.pkp.spki_hashes.end(), | 606 dynamic_domain_state.pkp.spki_hashes.end(), |
565 HashValuesEqual(good_hash)); | 607 HashValuesEqual(good_hash)); |
566 EXPECT_NE(dynamic_domain_state.pkp.spki_hashes.end(), hash); | 608 EXPECT_NE(dynamic_domain_state.pkp.spki_hashes.end(), hash); |
567 | 609 |
568 hash = std::find_if(dynamic_domain_state.pkp.spki_hashes.begin(), | 610 hash = std::find_if(dynamic_domain_state.pkp.spki_hashes.begin(), |
569 dynamic_domain_state.pkp.spki_hashes.end(), | 611 dynamic_domain_state.pkp.spki_hashes.end(), |
570 HashValuesEqual(backup_hash)); | 612 HashValuesEqual(backup_hash)); |
571 EXPECT_NE(dynamic_domain_state.pkp.spki_hashes.end(), hash); | 613 EXPECT_NE(dynamic_domain_state.pkp.spki_hashes.end(), hash); |
572 | 614 |
573 // Expect the overall state to reflect the header, too. | 615 // Expect the overall state to reflect the header, too. |
574 EXPECT_TRUE(state.HasPublicKeyPins(domain)); | 616 EXPECT_TRUE(state.HasPublicKeyPins(domain)); |
575 HashValueVector hashes; | 617 HashValueVector hashes; |
576 hashes.push_back(good_hash); | 618 hashes.push_back(good_hash); |
577 std::string failure_log; | 619 std::string failure_log; |
578 const bool is_issued_by_known_root = true; | 620 const bool is_issued_by_known_root = true; |
579 EXPECT_TRUE(state.CheckPublicKeyPins( | 621 EXPECT_TRUE(state.CheckPublicKeyPins( |
580 domain, is_issued_by_known_root, hashes, &failure_log)); | 622 domain, is_issued_by_known_root, hashes, 0, nullptr, nullptr, |
| 623 TransportSecurityState::DO_NOT_SEND_PUBLIC_KEY_PIN_REPORT, &failure_log)); |
581 | 624 |
582 TransportSecurityState::DomainState new_dynamic_domain_state; | 625 TransportSecurityState::DomainState new_dynamic_domain_state; |
583 EXPECT_TRUE(state.GetDynamicDomainState(domain, &new_dynamic_domain_state)); | 626 EXPECT_TRUE(state.GetDynamicDomainState(domain, &new_dynamic_domain_state)); |
584 EXPECT_EQ(2UL, new_dynamic_domain_state.pkp.spki_hashes.size()); | 627 EXPECT_EQ(2UL, new_dynamic_domain_state.pkp.spki_hashes.size()); |
| 628 EXPECT_EQ(report_uri, dynamic_domain_state.pkp.report_uri); |
585 | 629 |
586 hash = std::find_if(new_dynamic_domain_state.pkp.spki_hashes.begin(), | 630 hash = std::find_if(new_dynamic_domain_state.pkp.spki_hashes.begin(), |
587 new_dynamic_domain_state.pkp.spki_hashes.end(), | 631 new_dynamic_domain_state.pkp.spki_hashes.end(), |
588 HashValuesEqual(good_hash)); | 632 HashValuesEqual(good_hash)); |
589 EXPECT_NE(new_dynamic_domain_state.pkp.spki_hashes.end(), hash); | 633 EXPECT_NE(new_dynamic_domain_state.pkp.spki_hashes.end(), hash); |
590 | 634 |
591 hash = std::find_if(new_dynamic_domain_state.pkp.spki_hashes.begin(), | 635 hash = std::find_if(new_dynamic_domain_state.pkp.spki_hashes.begin(), |
592 new_dynamic_domain_state.pkp.spki_hashes.end(), | 636 new_dynamic_domain_state.pkp.spki_hashes.end(), |
593 HashValuesEqual(backup_hash)); | 637 HashValuesEqual(backup_hash)); |
594 EXPECT_NE(new_dynamic_domain_state.pkp.spki_hashes.end(), hash); | 638 EXPECT_NE(new_dynamic_domain_state.pkp.spki_hashes.end(), hash); |
(...skipping 64 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
659 // though dynamic policy has been removed. (This policy may change in the | 703 // though dynamic policy has been removed. (This policy may change in the |
660 // future, in which case this test must be updated.) | 704 // future, in which case this test must be updated.) |
661 EXPECT_TRUE(state.HasPublicKeyPins(domain)); | 705 EXPECT_TRUE(state.HasPublicKeyPins(domain)); |
662 EXPECT_TRUE(state.ShouldSSLErrorsBeFatal(domain)); | 706 EXPECT_TRUE(state.ShouldSSLErrorsBeFatal(domain)); |
663 std::string failure_log; | 707 std::string failure_log; |
664 // Damage the hashes to cause a pin validation failure. | 708 // Damage the hashes to cause a pin validation failure. |
665 new_static_domain_state2.pkp.spki_hashes[0].data()[0] ^= 0x80; | 709 new_static_domain_state2.pkp.spki_hashes[0].data()[0] ^= 0x80; |
666 new_static_domain_state2.pkp.spki_hashes[1].data()[0] ^= 0x80; | 710 new_static_domain_state2.pkp.spki_hashes[1].data()[0] ^= 0x80; |
667 new_static_domain_state2.pkp.spki_hashes[2].data()[0] ^= 0x80; | 711 new_static_domain_state2.pkp.spki_hashes[2].data()[0] ^= 0x80; |
668 const bool is_issued_by_known_root = true; | 712 const bool is_issued_by_known_root = true; |
669 EXPECT_FALSE( | 713 EXPECT_FALSE(state.CheckPublicKeyPins( |
670 state.CheckPublicKeyPins(domain, | 714 domain, is_issued_by_known_root, new_static_domain_state2.pkp.spki_hashes, |
671 is_issued_by_known_root, | 715 0, nullptr, nullptr, |
672 new_static_domain_state2.pkp.spki_hashes, | 716 TransportSecurityState::DO_NOT_SEND_PUBLIC_KEY_PIN_REPORT, &failure_log)); |
673 &failure_log)); | |
674 EXPECT_NE(0UL, failure_log.length()); | 717 EXPECT_NE(0UL, failure_log.length()); |
675 } | 718 } |
676 | 719 |
677 // Tests that when a static HSTS and a static HPKP entry are present, adding a | 720 // Tests that when a static HSTS and a static HPKP entry are present, adding a |
678 // dynamic HSTS header does not clobber the static HPKP entry. Further, adding a | 721 // dynamic HSTS header does not clobber the static HPKP entry. Further, adding a |
679 // dynamic HPKP entry could not affect the HSTS entry for the site. | 722 // dynamic HPKP entry could not affect the HSTS entry for the site. |
680 TEST_F(HttpSecurityHeadersTest, NoClobberPins) { | 723 TEST_F(HttpSecurityHeadersTest, NoClobberPins) { |
681 TransportSecurityState state; | 724 TransportSecurityState state; |
682 TransportSecurityState::DomainState domain_state; | 725 TransportSecurityState::DomainState domain_state; |
683 | 726 |
(...skipping 10 matching lines...) Expand all Loading... |
694 EXPECT_TRUE(state.ShouldUpgradeToSSL(domain)); | 737 EXPECT_TRUE(state.ShouldUpgradeToSSL(domain)); |
695 EXPECT_TRUE(state.HasPublicKeyPins(domain)); | 738 EXPECT_TRUE(state.HasPublicKeyPins(domain)); |
696 | 739 |
697 // Add a dynamic HSTS header. CheckPublicKeyPins should still pass when given | 740 // Add a dynamic HSTS header. CheckPublicKeyPins should still pass when given |
698 // the original |saved_hashes|, indicating that the static PKP data is still | 741 // the original |saved_hashes|, indicating that the static PKP data is still |
699 // configured for the domain. | 742 // configured for the domain. |
700 EXPECT_TRUE(state.AddHSTSHeader(domain, "includesubdomains; max-age=10000")); | 743 EXPECT_TRUE(state.AddHSTSHeader(domain, "includesubdomains; max-age=10000")); |
701 EXPECT_TRUE(state.ShouldUpgradeToSSL(domain)); | 744 EXPECT_TRUE(state.ShouldUpgradeToSSL(domain)); |
702 std::string failure_log; | 745 std::string failure_log; |
703 const bool is_issued_by_known_root = true; | 746 const bool is_issued_by_known_root = true; |
704 EXPECT_TRUE(state.CheckPublicKeyPins(domain, | 747 EXPECT_TRUE(state.CheckPublicKeyPins( |
705 is_issued_by_known_root, | 748 domain, is_issued_by_known_root, saved_hashes, 0, nullptr, nullptr, |
706 saved_hashes, | 749 TransportSecurityState::DO_NOT_SEND_PUBLIC_KEY_PIN_REPORT, &failure_log)); |
707 &failure_log)); | |
708 | 750 |
709 // Add an HPKP header, which should only update the dynamic state. | 751 // Add an HPKP header, which should only update the dynamic state. |
710 HashValue good_hash = GetTestHashValue(1, HASH_VALUE_SHA1); | 752 HashValue good_hash = GetTestHashValue(1, HASH_VALUE_SHA1); |
711 std::string good_pin = GetTestPin(1, HASH_VALUE_SHA1); | 753 std::string good_pin = GetTestPin(1, HASH_VALUE_SHA1); |
712 std::string backup_pin = GetTestPin(2, HASH_VALUE_SHA1); | 754 std::string backup_pin = GetTestPin(2, HASH_VALUE_SHA1); |
713 std::string header = "max-age = 10000; " + good_pin + "; " + backup_pin; | 755 std::string header = "max-age = 10000; " + good_pin + "; " + backup_pin; |
714 | 756 |
715 // Construct a fake SSLInfo that will pass AddHPKPHeader's checks. | 757 // Construct a fake SSLInfo that will pass AddHPKPHeader's checks. |
716 SSLInfo ssl_info; | 758 SSLInfo ssl_info; |
717 ssl_info.public_key_hashes.push_back(good_hash); | 759 ssl_info.public_key_hashes.push_back(good_hash); |
718 ssl_info.public_key_hashes.push_back(saved_hashes[0]); | 760 ssl_info.public_key_hashes.push_back(saved_hashes[0]); |
719 EXPECT_TRUE(state.AddHPKPHeader(domain, header, ssl_info)); | 761 EXPECT_TRUE(state.AddHPKPHeader(domain, header, ssl_info)); |
720 | 762 |
721 EXPECT_TRUE(state.AddHPKPHeader(domain, header, ssl_info)); | 763 EXPECT_TRUE(state.AddHPKPHeader(domain, header, ssl_info)); |
722 // HSTS should still be configured for this domain. | 764 // HSTS should still be configured for this domain. |
723 EXPECT_TRUE(domain_state.ShouldUpgradeToSSL()); | 765 EXPECT_TRUE(domain_state.ShouldUpgradeToSSL()); |
724 EXPECT_TRUE(state.ShouldUpgradeToSSL(domain)); | 766 EXPECT_TRUE(state.ShouldUpgradeToSSL(domain)); |
725 // The dynamic pins, which do not match |saved_hashes|, should take | 767 // The dynamic pins, which do not match |saved_hashes|, should take |
726 // precedence over the static pins and cause the check to fail. | 768 // precedence over the static pins and cause the check to fail. |
727 EXPECT_FALSE(state.CheckPublicKeyPins(domain, | 769 EXPECT_FALSE(state.CheckPublicKeyPins( |
728 is_issued_by_known_root, | 770 domain, is_issued_by_known_root, saved_hashes, 0, nullptr, nullptr, |
729 saved_hashes, | 771 TransportSecurityState::DO_NOT_SEND_PUBLIC_KEY_PIN_REPORT, &failure_log)); |
730 &failure_log)); | |
731 } | 772 } |
732 | 773 |
733 // Tests that seeing an invalid HPKP header leaves the existing one alone. | 774 // Tests that seeing an invalid HPKP header leaves the existing one alone. |
734 TEST_F(HttpSecurityHeadersTest, IgnoreInvalidHeaders) { | 775 TEST_F(HttpSecurityHeadersTest, IgnoreInvalidHeaders) { |
735 TransportSecurityState state; | 776 TransportSecurityState state; |
736 | 777 |
737 HashValue good_hash = GetTestHashValue(1, HASH_VALUE_SHA256); | 778 HashValue good_hash = GetTestHashValue(1, HASH_VALUE_SHA256); |
738 std::string good_pin = GetTestPin(1, HASH_VALUE_SHA256); | 779 std::string good_pin = GetTestPin(1, HASH_VALUE_SHA256); |
739 std::string bad_pin = GetTestPin(2, HASH_VALUE_SHA256); | 780 std::string bad_pin = GetTestPin(2, HASH_VALUE_SHA256); |
740 std::string backup_pin = GetTestPin(3, HASH_VALUE_SHA256); | 781 std::string backup_pin = GetTestPin(3, HASH_VALUE_SHA256); |
741 | 782 |
742 SSLInfo ssl_info; | 783 SSLInfo ssl_info; |
743 ssl_info.public_key_hashes.push_back(good_hash); | 784 ssl_info.public_key_hashes.push_back(good_hash); |
744 | 785 |
745 // Add a valid HPKP header. | 786 // Add a valid HPKP header. |
746 EXPECT_TRUE(state.AddHPKPHeader( | 787 EXPECT_TRUE(state.AddHPKPHeader( |
747 "example.com", "max-age = 10000; " + good_pin + "; " + backup_pin, | 788 "example.com", "max-age = 10000; " + good_pin + "; " + backup_pin, |
748 ssl_info)); | 789 ssl_info)); |
749 | 790 |
750 // Check the insertion was valid. | 791 // Check the insertion was valid. |
751 EXPECT_TRUE(state.HasPublicKeyPins("example.com")); | 792 EXPECT_TRUE(state.HasPublicKeyPins("example.com")); |
752 std::string failure_log; | 793 std::string failure_log; |
753 bool is_issued_by_known_root = true; | 794 bool is_issued_by_known_root = true; |
754 EXPECT_TRUE(state.CheckPublicKeyPins("example.com", is_issued_by_known_root, | 795 EXPECT_TRUE(state.CheckPublicKeyPins( |
755 ssl_info.public_key_hashes, | 796 "example.com", is_issued_by_known_root, ssl_info.public_key_hashes, 0, |
756 &failure_log)); | 797 nullptr, nullptr, |
| 798 TransportSecurityState::DO_NOT_SEND_PUBLIC_KEY_PIN_REPORT, &failure_log)); |
757 | 799 |
758 // Now assert an invalid one. This should fail. | 800 // Now assert an invalid one. This should fail. |
759 EXPECT_FALSE(state.AddHPKPHeader( | 801 EXPECT_FALSE(state.AddHPKPHeader( |
760 "example.com", "max-age = 10000; " + bad_pin + "; " + backup_pin, | 802 "example.com", "max-age = 10000; " + bad_pin + "; " + backup_pin, |
761 ssl_info)); | 803 ssl_info)); |
762 | 804 |
763 // The old pins must still exist. | 805 // The old pins must still exist. |
764 EXPECT_TRUE(state.HasPublicKeyPins("example.com")); | 806 EXPECT_TRUE(state.HasPublicKeyPins("example.com")); |
765 EXPECT_TRUE(state.CheckPublicKeyPins("example.com", is_issued_by_known_root, | 807 EXPECT_TRUE(state.CheckPublicKeyPins( |
766 ssl_info.public_key_hashes, | 808 "example.com", is_issued_by_known_root, ssl_info.public_key_hashes, 0, |
767 &failure_log)); | 809 nullptr, nullptr, |
| 810 TransportSecurityState::DO_NOT_SEND_PUBLIC_KEY_PIN_REPORT, &failure_log)); |
768 } | 811 } |
769 | 812 |
770 }; // namespace net | 813 }; // namespace net |
OLD | NEW |