Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(749)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/http/transport_security_persister_unittest.cc

Issue 1211933005: Initial (partial) implementation of HPKP violation reporting (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: style fixes, comments Created 5 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/http/transport_security_persister.cc ('k') | net/http/transport_security_reporter.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/http/transport_security_persister_unittest.cc
diff --git a/net/http/transport_security_persister_unittest.cc b/net/http/transport_security_persister_unittest.cc
index 2c9419e5cff600f0de2f1205d280444f552cea48..0e8e06688fbeddbc36cd6424e08948483910273e 100644
--- a/net/http/transport_security_persister_unittest.cc
+++ b/net/http/transport_security_persister_unittest.cc
@@ -84,6 +84,9 @@ TEST_F(TransportSecurityPersisterTest, SerializeData2) {
}
TEST_F(TransportSecurityPersisterTest, SerializeData3) {
+ static const char kReportUri[] = "http://www.example.com/report";
+ std::string report_uri(kReportUri);
+
// Add an entry.
HashValue fp1(HASH_VALUE_SHA1);
memset(fp1.data(), 0, fp1.size());
@@ -97,7 +100,7 @@ TEST_F(TransportSecurityPersisterTest, SerializeData3) {
bool include_subdomains = false;
state_.AddHSTS("www.example.com", expiry, include_subdomains);
state_.AddHPKP("www.example.com", expiry, include_subdomains,
- dynamic_spki_hashes);
+ dynamic_spki_hashes, report_uri);
// Add another entry.
memset(fp1.data(), 2, fp1.size());
@@ -108,7 +111,7 @@ TEST_F(TransportSecurityPersisterTest, SerializeData3) {
dynamic_spki_hashes.push_back(fp2);
state_.AddHSTS("www.example.net", expiry, include_subdomains);
state_.AddHPKP("www.example.net", expiry, include_subdomains,
- dynamic_spki_hashes);
+ dynamic_spki_hashes, report_uri);
// Save a copy of everything.
std::map<std::string, TransportSecurityState::DomainState> saved;
@@ -164,6 +167,9 @@ TEST_F(TransportSecurityPersisterTest, SerializeDataOld) {
}
TEST_F(TransportSecurityPersisterTest, PublicKeyHashes) {
+ static const char kReportUri[] = "http://example.com/test";
+ std::string report_uri(kReportUri);
+
TransportSecurityState::DomainState domain_state;
static const char kTestDomain[] = "example.com";
EXPECT_FALSE(state_.GetDynamicDomainState(kTestDomain, &domain_state));
@@ -187,8 +193,48 @@ TEST_F(TransportSecurityPersisterTest, PublicKeyHashes) {
const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
bool include_subdomains = false;
state_.AddHSTS(kTestDomain, expiry, include_subdomains);
- state_.AddHPKP(
- kTestDomain, expiry, include_subdomains, domain_state.pkp.spki_hashes);
+ state_.AddHPKP(kTestDomain, expiry, include_subdomains,
+ domain_state.pkp.spki_hashes, report_uri);
+ std::string serialized;
+ EXPECT_TRUE(persister_->SerializeData(&serialized));
+ bool dirty;
+ EXPECT_TRUE(persister_->LoadEntries(serialized, &dirty));
+
+ TransportSecurityState::DomainState new_domain_state;
+ EXPECT_TRUE(state_.GetDynamicDomainState(kTestDomain, &new_domain_state));
+ EXPECT_EQ(1u, new_domain_state.pkp.spki_hashes.size());
+ EXPECT_EQ(sha1.tag, new_domain_state.pkp.spki_hashes[0].tag);
+ EXPECT_EQ(0, memcmp(new_domain_state.pkp.spki_hashes[0].data(), sha1.data(),
+ sha1.size()));
+}
+
+TEST_F(TransportSecurityPersisterTest, PublicKeyPinReportUri) {
+ TransportSecurityState::DomainState domain_state;
+ static const char kTestDomain[] = "example.com";
+ static const char kTestReportUri[] = "http://example.com/report";
+
+ EXPECT_FALSE(state_.GetDynamicDomainState(kTestDomain, &domain_state));
+ HashValueVector hashes;
+ std::string failure_log;
+ EXPECT_FALSE(domain_state.CheckPublicKeyPins(hashes, &failure_log));
+
+ HashValue sha1(HASH_VALUE_SHA1);
+ memset(sha1.data(), '1', sha1.size());
+ domain_state.pkp.spki_hashes.push_back(sha1);
+
+ EXPECT_FALSE(domain_state.CheckPublicKeyPins(hashes, &failure_log));
+
+ hashes.push_back(sha1);
+ EXPECT_TRUE(domain_state.CheckPublicKeyPins(hashes, &failure_log));
+
+ hashes[0].data()[0] = '2';
+ EXPECT_FALSE(domain_state.CheckPublicKeyPins(hashes, &failure_log));
+
+ const base::Time current_time(base::Time::Now());
+ const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
+ bool include_subdomains = false;
+ state_.AddHPKP(kTestDomain, expiry, include_subdomains,
+ domain_state.pkp.spki_hashes, std::string(kTestReportUri));
std::string serialized;
EXPECT_TRUE(persister_->SerializeData(&serialized));
bool dirty;
@@ -202,6 +248,7 @@ TEST_F(TransportSecurityPersisterTest, PublicKeyHashes) {
memcmp(new_domain_state.pkp.spki_hashes[0].data(),
sha1.data(),
sha1.size()));
+ EXPECT_EQ(kTestReportUri, new_domain_state.pkp.report_uri);
}
} // namespace
« no previous file with comments | « net/http/transport_security_persister.cc ('k') | net/http/transport_security_reporter.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698