Index: net/http/http_security_headers_unittest.cc |
diff --git a/net/http/http_security_headers_unittest.cc b/net/http/http_security_headers_unittest.cc |
index 3564245ccd62c88740293a8d23b9eb5d7327d08b..62c6b2fb6e277684494004dca9f8c41a0bf81ed6 100644 |
--- a/net/http/http_security_headers_unittest.cc |
+++ b/net/http/http_security_headers_unittest.cc |
@@ -152,6 +152,7 @@ static void TestBogusPinsHeaders(HashValueTag tag) { |
bool include_subdomains; |
HashValueVector hashes; |
HashValueVector chain_hashes; |
+ std::string report_uri; |
// Set some fake "chain" hashes |
chain_hashes.push_back(GetTestHashValue(1, tag)); |
@@ -164,77 +165,91 @@ static void TestBogusPinsHeaders(HashValueTag tag) { |
std::string backup_pin = GetTestPin(4, tag); |
EXPECT_FALSE(ParseHPKPHeader(std::string(), chain_hashes, &max_age, |
- &include_subdomains, &hashes)); |
+ &include_subdomains, &hashes, &report_uri)); |
EXPECT_FALSE(ParseHPKPHeader(" ", chain_hashes, &max_age, |
- &include_subdomains, &hashes)); |
+ &include_subdomains, &hashes, &report_uri)); |
EXPECT_FALSE(ParseHPKPHeader("abc", chain_hashes, &max_age, |
- &include_subdomains, &hashes)); |
+ &include_subdomains, &hashes, &report_uri)); |
EXPECT_FALSE(ParseHPKPHeader(" abc", chain_hashes, &max_age, |
- &include_subdomains, &hashes)); |
+ &include_subdomains, &hashes, &report_uri)); |
EXPECT_FALSE(ParseHPKPHeader(" abc ", chain_hashes, &max_age, |
- &include_subdomains, &hashes)); |
+ &include_subdomains, &hashes, &report_uri)); |
EXPECT_FALSE(ParseHPKPHeader("max-age", chain_hashes, &max_age, |
- &include_subdomains, &hashes)); |
+ &include_subdomains, &hashes, &report_uri)); |
EXPECT_FALSE(ParseHPKPHeader(" max-age", chain_hashes, &max_age, |
- &include_subdomains, &hashes)); |
+ &include_subdomains, &hashes, &report_uri)); |
EXPECT_FALSE(ParseHPKPHeader(" max-age ", chain_hashes, &max_age, |
- &include_subdomains, &hashes)); |
+ &include_subdomains, &hashes, &report_uri)); |
EXPECT_FALSE(ParseHPKPHeader("max-age=", chain_hashes, &max_age, |
- &include_subdomains, &hashes)); |
+ &include_subdomains, &hashes, &report_uri)); |
EXPECT_FALSE(ParseHPKPHeader(" max-age=", chain_hashes, &max_age, |
- &include_subdomains, &hashes)); |
+ &include_subdomains, &hashes, &report_uri)); |
EXPECT_FALSE(ParseHPKPHeader(" max-age =", chain_hashes, &max_age, |
- &include_subdomains, &hashes)); |
+ &include_subdomains, &hashes, &report_uri)); |
EXPECT_FALSE(ParseHPKPHeader(" max-age= ", chain_hashes, &max_age, |
- &include_subdomains, &hashes)); |
- EXPECT_FALSE(ParseHPKPHeader(" max-age = ", chain_hashes, |
- &max_age, &include_subdomains, &hashes)); |
- EXPECT_FALSE(ParseHPKPHeader(" max-age = xy", chain_hashes, |
- &max_age, &include_subdomains, &hashes)); |
- EXPECT_FALSE(ParseHPKPHeader(" max-age = 3488a923", |
+ &include_subdomains, &hashes, &report_uri)); |
+ EXPECT_FALSE(ParseHPKPHeader(" max-age = ", chain_hashes, &max_age, |
+ &include_subdomains, &hashes, &report_uri)); |
+ EXPECT_FALSE(ParseHPKPHeader(" max-age = xy", chain_hashes, &max_age, |
+ &include_subdomains, &hashes, &report_uri)); |
+ EXPECT_FALSE(ParseHPKPHeader(" max-age = 3488a923", chain_hashes, |
+ &max_age, &include_subdomains, &hashes, |
+ &report_uri)); |
+ EXPECT_FALSE(ParseHPKPHeader("max-age=3488a923 ", chain_hashes, &max_age, |
+ &include_subdomains, &hashes, &report_uri)); |
+ EXPECT_FALSE(ParseHPKPHeader( |
+ "max-ag=3488923pins=" + good_pin + "," + backup_pin, chain_hashes, |
+ &max_age, &include_subdomains, &hashes, &report_uri)); |
+ EXPECT_FALSE(ParseHPKPHeader("max-age=3488923;pins=" + good_pin + "," + |
+ backup_pin + "report-uri=\"http://foo.com\"", |
chain_hashes, &max_age, &include_subdomains, |
- &hashes)); |
- EXPECT_FALSE(ParseHPKPHeader("max-age=3488a923 ", chain_hashes, |
- &max_age, &include_subdomains, &hashes)); |
- EXPECT_FALSE(ParseHPKPHeader("max-ag=3488923pins=" + good_pin + "," + |
- backup_pin, |
+ &hashes, &report_uri)); |
+ EXPECT_FALSE(ParseHPKPHeader("max-aged=3488923" + backup_pin, chain_hashes, |
+ &max_age, &include_subdomains, &hashes, |
+ &report_uri)); |
+ EXPECT_FALSE(ParseHPKPHeader("max-aged=3488923; " + backup_pin, chain_hashes, |
+ &max_age, &include_subdomains, &hashes, |
+ &report_uri)); |
+ EXPECT_FALSE(ParseHPKPHeader( |
+ "max-aged=3488923; " + backup_pin + ";" + backup_pin, chain_hashes, |
+ &max_age, &include_subdomains, &hashes, &report_uri)); |
+ EXPECT_FALSE(ParseHPKPHeader("max-aged=3488923; " + good_pin + ";" + good_pin, |
chain_hashes, &max_age, &include_subdomains, |
- &hashes)); |
- EXPECT_FALSE(ParseHPKPHeader("max-aged=3488923" + backup_pin, |
- chain_hashes, &max_age, &include_subdomains, |
- &hashes)); |
- EXPECT_FALSE(ParseHPKPHeader("max-aged=3488923; " + backup_pin, |
- chain_hashes, &max_age, &include_subdomains, |
- &hashes)); |
- EXPECT_FALSE(ParseHPKPHeader("max-aged=3488923; " + backup_pin + ";" + |
- backup_pin, |
- chain_hashes, &max_age, &include_subdomains, |
- &hashes)); |
- EXPECT_FALSE(ParseHPKPHeader("max-aged=3488923; " + good_pin + ";" + |
- good_pin, |
- chain_hashes, &max_age, &include_subdomains, |
- &hashes)); |
- EXPECT_FALSE(ParseHPKPHeader("max-aged=3488923; " + good_pin, |
- chain_hashes, &max_age, &include_subdomains, |
- &hashes)); |
+ &hashes, &report_uri)); |
+ EXPECT_FALSE(ParseHPKPHeader("max-aged=3488923; " + good_pin, chain_hashes, |
+ &max_age, &include_subdomains, &hashes, |
+ &report_uri)); |
EXPECT_FALSE(ParseHPKPHeader("max-age==3488923", chain_hashes, &max_age, |
- &include_subdomains, &hashes)); |
+ &include_subdomains, &hashes, &report_uri)); |
EXPECT_FALSE(ParseHPKPHeader("amax-age=3488923", chain_hashes, &max_age, |
- &include_subdomains, &hashes)); |
+ &include_subdomains, &hashes, &report_uri)); |
EXPECT_FALSE(ParseHPKPHeader("max-age=-3488923", chain_hashes, &max_age, |
- &include_subdomains, &hashes)); |
+ &include_subdomains, &hashes, &report_uri)); |
EXPECT_FALSE(ParseHPKPHeader("max-age=3488923;", chain_hashes, &max_age, |
- &include_subdomains, &hashes)); |
- EXPECT_FALSE(ParseHPKPHeader("max-age=3488923 e", chain_hashes, |
- &max_age, &include_subdomains, &hashes)); |
+ &include_subdomains, &hashes, &report_uri)); |
+ EXPECT_FALSE(ParseHPKPHeader("max-age=3488923 e", chain_hashes, &max_age, |
+ &include_subdomains, &hashes, &report_uri)); |
EXPECT_FALSE(ParseHPKPHeader("max-age=3488923 includesubdomain", |
chain_hashes, &max_age, &include_subdomains, |
- &hashes)); |
+ &hashes, &report_uri)); |
+ EXPECT_FALSE(ParseHPKPHeader( |
+ "max-age=3488923 report-uri=\"http://foo.com\"", chain_hashes, |
+ &max_age, &include_subdomains, &hashes, &report_uri)); |
EXPECT_FALSE(ParseHPKPHeader("max-age=34889.23", chain_hashes, &max_age, |
- &include_subdomains, &hashes)); |
- EXPECT_FALSE( |
- ParseHPKPHeader("max-age=243; " + good_pin_unquoted + ";" + backup_pin, |
- chain_hashes, &max_age, &include_subdomains, &hashes)); |
+ &include_subdomains, &hashes, &report_uri)); |
+ EXPECT_FALSE(ParseHPKPHeader( |
+ "max-age=243; " + good_pin_unquoted + ";" + backup_pin, chain_hashes, |
+ &max_age, &include_subdomains, &hashes, &report_uri)); |
+ EXPECT_FALSE(ParseHPKPHeader( |
+ "max-age=243; " + good_pin + ";" + backup_pin + ";report-uri=;", |
+ chain_hashes, &max_age, &include_subdomains, &hashes, &report_uri)); |
+ EXPECT_FALSE(ParseHPKPHeader("max-age=243; " + good_pin + ";" + backup_pin + |
+ ";report-uri=http://foo.com;", |
+ chain_hashes, &max_age, &include_subdomains, |
+ &hashes, &report_uri)); |
+ EXPECT_FALSE(ParseHPKPHeader( |
+ "max-age=243; " + good_pin + ";" + backup_pin + ";report-uri=''", |
+ chain_hashes, &max_age, &include_subdomains, &hashes, &report_uri)); |
// Check the out args were not updated by checking the default |
// values for its predictable fields. |
@@ -405,6 +420,8 @@ static void TestValidPKPHeaders(HashValueTag tag) { |
bool include_subdomains; |
HashValueVector hashes; |
HashValueVector chain_hashes; |
+ std::string expect_report_uri; |
+ std::string report_uri; |
// Set some fake "chain" hashes into chain_hashes |
chain_hashes.push_back(GetTestHashValue(1, tag)); |
@@ -416,45 +433,58 @@ static void TestValidPKPHeaders(HashValueTag tag) { |
std::string good_pin2 = GetTestPin(3, tag); |
std::string backup_pin = GetTestPin(4, tag); |
- EXPECT_TRUE(ParseHPKPHeader( |
- "max-age=243; " + good_pin + ";" + backup_pin, |
- chain_hashes, &max_age, &include_subdomains, &hashes)); |
+ EXPECT_TRUE(ParseHPKPHeader("max-age=243; " + good_pin + ";" + backup_pin, |
+ chain_hashes, &max_age, &include_subdomains, |
+ &hashes, &report_uri)); |
expect_max_age = base::TimeDelta::FromSeconds(243); |
EXPECT_EQ(expect_max_age, max_age); |
EXPECT_FALSE(include_subdomains); |
+ EXPECT_EQ(std::string(), report_uri); |
EXPECT_TRUE(ParseHPKPHeader( |
- " " + good_pin + "; " + backup_pin + " ; Max-agE = 567", |
- chain_hashes, &max_age, &include_subdomains, &hashes)); |
+ "max-age=243; " + good_pin + ";" + backup_pin + "; report-uri= \"/foo\"", |
+ chain_hashes, &max_age, &include_subdomains, &hashes, &report_uri)); |
+ expect_max_age = base::TimeDelta::FromSeconds(243); |
+ expect_report_uri = "/foo"; |
+ EXPECT_EQ(expect_max_age, max_age); |
+ EXPECT_FALSE(include_subdomains); |
+ EXPECT_EQ(expect_report_uri, report_uri); |
+ |
+ EXPECT_TRUE(ParseHPKPHeader(" " + good_pin + "; " + backup_pin + |
+ " ; Max-agE = 567; repOrT-URi = \"/foo\"", |
+ chain_hashes, &max_age, &include_subdomains, |
+ &hashes, &report_uri)); |
expect_max_age = base::TimeDelta::FromSeconds(567); |
+ expect_report_uri = "/foo"; |
EXPECT_EQ(expect_max_age, max_age); |
EXPECT_FALSE(include_subdomains); |
+ EXPECT_EQ(expect_report_uri, report_uri); |
- EXPECT_TRUE(ParseHPKPHeader( |
- "includeSubDOMAINS;" + good_pin + ";" + backup_pin + |
- " ; mAx-aGe = 890 ", |
- chain_hashes, &max_age, &include_subdomains, &hashes)); |
+ EXPECT_TRUE(ParseHPKPHeader("includeSubDOMAINS;" + good_pin + ";" + |
+ backup_pin + " ; mAx-aGe = 890 ", |
+ chain_hashes, &max_age, &include_subdomains, |
+ &hashes, &report_uri)); |
expect_max_age = base::TimeDelta::FromSeconds(890); |
EXPECT_EQ(expect_max_age, max_age); |
EXPECT_TRUE(include_subdomains); |
EXPECT_TRUE(ParseHPKPHeader( |
- good_pin + ";" + backup_pin + "; max-age=123;IGNORED;", |
- chain_hashes, &max_age, &include_subdomains, &hashes)); |
+ good_pin + ";" + backup_pin + "; max-age=123;IGNORED;", chain_hashes, |
+ &max_age, &include_subdomains, &hashes, &report_uri)); |
expect_max_age = base::TimeDelta::FromSeconds(123); |
EXPECT_EQ(expect_max_age, max_age); |
EXPECT_FALSE(include_subdomains); |
EXPECT_TRUE(ParseHPKPHeader( |
- "max-age=394082;" + backup_pin + ";" + good_pin + "; ", |
- chain_hashes, &max_age, &include_subdomains, &hashes)); |
+ "max-age=394082;" + backup_pin + ";" + good_pin + "; ", chain_hashes, |
+ &max_age, &include_subdomains, &hashes, &report_uri)); |
expect_max_age = base::TimeDelta::FromSeconds(394082); |
EXPECT_EQ(expect_max_age, max_age); |
EXPECT_FALSE(include_subdomains); |
EXPECT_TRUE(ParseHPKPHeader( |
- "max-age=39408299 ;" + backup_pin + ";" + good_pin + "; ", |
- chain_hashes, &max_age, &include_subdomains, &hashes)); |
+ "max-age=39408299 ;" + backup_pin + ";" + good_pin + "; ", chain_hashes, |
+ &max_age, &include_subdomains, &hashes, &report_uri)); |
expect_max_age = base::TimeDelta::FromSeconds( |
std::min(kMaxHSTSAgeSecs, static_cast<int64>(INT64_C(39408299)))); |
EXPECT_EQ(expect_max_age, max_age); |
@@ -463,22 +493,22 @@ static void TestValidPKPHeaders(HashValueTag tag) { |
EXPECT_TRUE(ParseHPKPHeader( |
"max-age=39408038 ; cybers=39408038 ; includeSubdomains; " + |
good_pin + ";" + backup_pin + "; ", |
- chain_hashes, &max_age, &include_subdomains, &hashes)); |
+ chain_hashes, &max_age, &include_subdomains, &hashes, &report_uri)); |
expect_max_age = base::TimeDelta::FromSeconds( |
std::min(kMaxHSTSAgeSecs, static_cast<int64>(INT64_C(394082038)))); |
EXPECT_EQ(expect_max_age, max_age); |
EXPECT_TRUE(include_subdomains); |
- EXPECT_TRUE(ParseHPKPHeader( |
- " max-age=0 ; " + good_pin + ";" + backup_pin, |
- chain_hashes, &max_age, &include_subdomains, &hashes)); |
+ EXPECT_TRUE(ParseHPKPHeader(" max-age=0 ; " + good_pin + ";" + backup_pin, |
+ chain_hashes, &max_age, &include_subdomains, |
+ &hashes, &report_uri)); |
expect_max_age = base::TimeDelta::FromSeconds(0); |
EXPECT_EQ(expect_max_age, max_age); |
EXPECT_FALSE(include_subdomains); |
EXPECT_TRUE(ParseHPKPHeader( |
" max-age=0 ; includeSubdomains; " + good_pin + ";" + backup_pin, |
- chain_hashes, &max_age, &include_subdomains, &hashes)); |
+ chain_hashes, &max_age, &include_subdomains, &hashes, &report_uri)); |
expect_max_age = base::TimeDelta::FromSeconds(0); |
EXPECT_EQ(expect_max_age, max_age); |
EXPECT_TRUE(include_subdomains); |
@@ -486,21 +516,30 @@ static void TestValidPKPHeaders(HashValueTag tag) { |
EXPECT_TRUE(ParseHPKPHeader( |
" max-age=999999999999999999999999999999999999999999999 ; " + |
backup_pin + ";" + good_pin + "; ", |
- chain_hashes, &max_age, &include_subdomains, &hashes)); |
+ chain_hashes, &max_age, &include_subdomains, &hashes, &report_uri)); |
+ expect_max_age = base::TimeDelta::FromSeconds(kMaxHSTSAgeSecs); |
+ EXPECT_EQ(expect_max_age, max_age); |
+ EXPECT_FALSE(include_subdomains); |
+ |
+ EXPECT_TRUE(ParseHPKPHeader( |
+ " max-age=999999999999999999999999999999999999999999999 ; " + |
+ backup_pin + ";" + good_pin + "; report-uri=\"/foo\"", |
+ chain_hashes, &max_age, &include_subdomains, &hashes, &report_uri)); |
expect_max_age = base::TimeDelta::FromSeconds(kMaxHSTSAgeSecs); |
+ expect_report_uri = "/foo"; |
EXPECT_EQ(expect_max_age, max_age); |
EXPECT_FALSE(include_subdomains); |
+ EXPECT_EQ(expect_report_uri, report_uri); |
// Test that parsing a different header resets the hashes. |
hashes.clear(); |
EXPECT_TRUE(ParseHPKPHeader( |
- " max-age=999; " + |
- backup_pin + ";" + good_pin + "; ", |
- chain_hashes, &max_age, &include_subdomains, &hashes)); |
+ " max-age=999; " + backup_pin + ";" + good_pin + "; ", chain_hashes, |
+ &max_age, &include_subdomains, &hashes, &report_uri)); |
EXPECT_EQ(2u, hashes.size()); |
EXPECT_TRUE(ParseHPKPHeader( |
" max-age=999; " + backup_pin + ";" + good_pin2 + "; ", chain_hashes, |
- &max_age, &include_subdomains, &hashes)); |
+ &max_age, &include_subdomains, &hashes, &report_uri)); |
EXPECT_EQ(2u, hashes.size()); |
} |
@@ -537,7 +576,9 @@ TEST_F(HttpSecurityHeadersTest, UpdateDynamicPKPOnly) { |
HashValue backup_hash = GetTestHashValue(2, HASH_VALUE_SHA1); |
std::string good_pin = GetTestPin(1, HASH_VALUE_SHA1); |
std::string backup_pin = GetTestPin(2, HASH_VALUE_SHA1); |
- std::string header = "max-age = 10000; " + good_pin + "; " + backup_pin; |
+ std::string report_uri = "http://google.com"; |
+ std::string header = "max-age = 10000; " + good_pin + "; " + backup_pin + |
+ ";report-uri=\"" + report_uri + "\""; |
// Construct a fake SSLInfo that will pass AddHPKPHeader's checks. |
SSLInfo ssl_info; |
@@ -558,6 +599,7 @@ TEST_F(HttpSecurityHeadersTest, UpdateDynamicPKPOnly) { |
TransportSecurityState::DomainState dynamic_domain_state; |
EXPECT_TRUE(state.GetDynamicDomainState(domain, &dynamic_domain_state)); |
EXPECT_EQ(2UL, dynamic_domain_state.pkp.spki_hashes.size()); |
+ EXPECT_EQ(report_uri, dynamic_domain_state.pkp.report_uri); |
HashValueVector::const_iterator hash = |
std::find_if(dynamic_domain_state.pkp.spki_hashes.begin(), |
@@ -577,11 +619,13 @@ TEST_F(HttpSecurityHeadersTest, UpdateDynamicPKPOnly) { |
std::string failure_log; |
const bool is_issued_by_known_root = true; |
EXPECT_TRUE(state.CheckPublicKeyPins( |
- domain, is_issued_by_known_root, hashes, &failure_log)); |
+ domain, is_issued_by_known_root, hashes, 0, nullptr, nullptr, |
+ TransportSecurityState::DO_NOT_SEND_PUBLIC_KEY_PIN_REPORT, &failure_log)); |
TransportSecurityState::DomainState new_dynamic_domain_state; |
EXPECT_TRUE(state.GetDynamicDomainState(domain, &new_dynamic_domain_state)); |
EXPECT_EQ(2UL, new_dynamic_domain_state.pkp.spki_hashes.size()); |
+ EXPECT_EQ(report_uri, dynamic_domain_state.pkp.report_uri); |
hash = std::find_if(new_dynamic_domain_state.pkp.spki_hashes.begin(), |
new_dynamic_domain_state.pkp.spki_hashes.end(), |
@@ -666,11 +710,10 @@ TEST_F(HttpSecurityHeadersTest, UpdateDynamicPKPMaxAge0) { |
new_static_domain_state2.pkp.spki_hashes[1].data()[0] ^= 0x80; |
new_static_domain_state2.pkp.spki_hashes[2].data()[0] ^= 0x80; |
const bool is_issued_by_known_root = true; |
- EXPECT_FALSE( |
- state.CheckPublicKeyPins(domain, |
- is_issued_by_known_root, |
- new_static_domain_state2.pkp.spki_hashes, |
- &failure_log)); |
+ EXPECT_FALSE(state.CheckPublicKeyPins( |
+ domain, is_issued_by_known_root, new_static_domain_state2.pkp.spki_hashes, |
+ 0, nullptr, nullptr, |
+ TransportSecurityState::DO_NOT_SEND_PUBLIC_KEY_PIN_REPORT, &failure_log)); |
EXPECT_NE(0UL, failure_log.length()); |
} |
@@ -701,10 +744,9 @@ TEST_F(HttpSecurityHeadersTest, NoClobberPins) { |
EXPECT_TRUE(state.ShouldUpgradeToSSL(domain)); |
std::string failure_log; |
const bool is_issued_by_known_root = true; |
- EXPECT_TRUE(state.CheckPublicKeyPins(domain, |
- is_issued_by_known_root, |
- saved_hashes, |
- &failure_log)); |
+ EXPECT_TRUE(state.CheckPublicKeyPins( |
+ domain, is_issued_by_known_root, saved_hashes, 0, nullptr, nullptr, |
+ TransportSecurityState::DO_NOT_SEND_PUBLIC_KEY_PIN_REPORT, &failure_log)); |
// Add an HPKP header, which should only update the dynamic state. |
HashValue good_hash = GetTestHashValue(1, HASH_VALUE_SHA1); |
@@ -724,10 +766,9 @@ TEST_F(HttpSecurityHeadersTest, NoClobberPins) { |
EXPECT_TRUE(state.ShouldUpgradeToSSL(domain)); |
// The dynamic pins, which do not match |saved_hashes|, should take |
// precedence over the static pins and cause the check to fail. |
- EXPECT_FALSE(state.CheckPublicKeyPins(domain, |
- is_issued_by_known_root, |
- saved_hashes, |
- &failure_log)); |
+ EXPECT_FALSE(state.CheckPublicKeyPins( |
+ domain, is_issued_by_known_root, saved_hashes, 0, nullptr, nullptr, |
+ TransportSecurityState::DO_NOT_SEND_PUBLIC_KEY_PIN_REPORT, &failure_log)); |
} |
// Tests that seeing an invalid HPKP header leaves the existing one alone. |
@@ -751,9 +792,10 @@ TEST_F(HttpSecurityHeadersTest, IgnoreInvalidHeaders) { |
EXPECT_TRUE(state.HasPublicKeyPins("example.com")); |
std::string failure_log; |
bool is_issued_by_known_root = true; |
- EXPECT_TRUE(state.CheckPublicKeyPins("example.com", is_issued_by_known_root, |
- ssl_info.public_key_hashes, |
- &failure_log)); |
+ EXPECT_TRUE(state.CheckPublicKeyPins( |
+ "example.com", is_issued_by_known_root, ssl_info.public_key_hashes, 0, |
+ nullptr, nullptr, |
+ TransportSecurityState::DO_NOT_SEND_PUBLIC_KEY_PIN_REPORT, &failure_log)); |
// Now assert an invalid one. This should fail. |
EXPECT_FALSE(state.AddHPKPHeader( |
@@ -762,9 +804,10 @@ TEST_F(HttpSecurityHeadersTest, IgnoreInvalidHeaders) { |
// The old pins must still exist. |
EXPECT_TRUE(state.HasPublicKeyPins("example.com")); |
- EXPECT_TRUE(state.CheckPublicKeyPins("example.com", is_issued_by_known_root, |
- ssl_info.public_key_hashes, |
- &failure_log)); |
+ EXPECT_TRUE(state.CheckPublicKeyPins( |
+ "example.com", is_issued_by_known_root, ssl_info.public_key_hashes, 0, |
+ nullptr, nullptr, |
+ TransportSecurityState::DO_NOT_SEND_PUBLIC_KEY_PIN_REPORT, &failure_log)); |
} |
}; // namespace net |