Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(187)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/http/http_security_headers_unittest.cc

Issue 1212613004: Build and send HPKP violation reports (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: move report building code to TransportSecurityState; wire up to CheckPublicKeyPins Created 5 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« chrome/browser/profiles/profile_io_data.h ('K') | « net/base/hash_value.h ('k') | net/http/transport_security_state.h » ('j') | net/http/transport_security_state.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/http/http_security_headers_unittest.cc
diff --git a/net/http/http_security_headers_unittest.cc b/net/http/http_security_headers_unittest.cc
index 029b16730fd3325716b38df5b61f8433d4f20052..48bb6c5f326a42df52124c975a7b3f34c0dec434 100644
--- a/net/http/http_security_headers_unittest.cc
+++ b/net/http/http_security_headers_unittest.cc
@@ -9,6 +9,7 @@
#include "base/sha1.h"
#include "base/strings/string_piece.h"
#include "crypto/sha2.h"
+#include "net/base/host_port_pair.h"
#include "net/base/test_completion_callback.h"
#include "net/http/http_security_headers.h"
#include "net/http/http_util.h"
@@ -678,8 +679,10 @@ TEST_F(HttpSecurityHeadersTest, UpdateDynamicPKPOnly) {
hashes.push_back(good_hash);
std::string failure_log;
const bool is_issued_by_known_root = true;
+ HostPortPair domain_port(domain, 80);
davidben 2015/07/24 20:42:55 Nit: 443 might be a slightly more realistic port n
estark 2015/07/25 00:10:31 Done.
EXPECT_TRUE(state.CheckPublicKeyPins(
- domain, is_issued_by_known_root, hashes, &failure_log));
+ domain_port, is_issued_by_known_root, hashes, nullptr, nullptr,
+ TransportSecurityState::DISABLE_PIN_REPORTS, &failure_log));
TransportSecurityState::PKPState new_dynamic_pkp_state;
EXPECT_TRUE(state.GetDynamicPKPState(domain, &new_dynamic_pkp_state));
@@ -771,9 +774,11 @@ TEST_F(HttpSecurityHeadersTest, UpdateDynamicPKPMaxAge0) {
new_static_pkp_state2.spki_hashes[2].data()[0] ^= 0x80;
const bool is_issued_by_known_root = true;
- EXPECT_FALSE(state.CheckPublicKeyPins(domain, is_issued_by_known_root,
- new_static_pkp_state2.spki_hashes,
- &failure_log));
+ HostPortPair domain_port(domain, 80);
+ EXPECT_FALSE(state.CheckPublicKeyPins(
+ domain_port, is_issued_by_known_root, new_static_pkp_state2.spki_hashes,
+ nullptr, nullptr, TransportSecurityState::DISABLE_PIN_REPORTS,
+ &failure_log));
EXPECT_NE(0UL, failure_log.length());
}
@@ -805,10 +810,10 @@ TEST_F(HttpSecurityHeadersTest, NoClobberPins) {
EXPECT_TRUE(state.ShouldUpgradeToSSL(domain));
std::string failure_log;
const bool is_issued_by_known_root = true;
- EXPECT_TRUE(state.CheckPublicKeyPins(domain,
- is_issued_by_known_root,
- saved_hashes,
- &failure_log));
+ HostPortPair domain_port(domain, 80);
+ EXPECT_TRUE(state.CheckPublicKeyPins(
+ domain_port, is_issued_by_known_root, saved_hashes, nullptr, nullptr,
+ TransportSecurityState::DISABLE_PIN_REPORTS, &failure_log));
// Add an HPKP header, which should only update the dynamic state.
HashValue good_hash = GetTestHashValue(1, HASH_VALUE_SHA1);
@@ -828,10 +833,9 @@ TEST_F(HttpSecurityHeadersTest, NoClobberPins) {
EXPECT_TRUE(state.ShouldUpgradeToSSL(domain));
// The dynamic pins, which do not match |saved_hashes|, should take
// precedence over the static pins and cause the check to fail.
- EXPECT_FALSE(state.CheckPublicKeyPins(domain,
- is_issued_by_known_root,
- saved_hashes,
- &failure_log));
+ EXPECT_FALSE(state.CheckPublicKeyPins(
+ domain_port, is_issued_by_known_root, saved_hashes, nullptr, nullptr,
+ TransportSecurityState::DISABLE_PIN_REPORTS, &failure_log));
}
// Tests that seeing an invalid HPKP header leaves the existing one alone.
@@ -855,9 +859,10 @@ TEST_F(HttpSecurityHeadersTest, IgnoreInvalidHeaders) {
EXPECT_TRUE(state.HasPublicKeyPins("example.com"));
std::string failure_log;
bool is_issued_by_known_root = true;
- EXPECT_TRUE(state.CheckPublicKeyPins("example.com", is_issued_by_known_root,
- ssl_info.public_key_hashes,
- &failure_log));
+ HostPortPair domain_port("example.com", 80);
+ EXPECT_TRUE(state.CheckPublicKeyPins(
+ domain_port, is_issued_by_known_root, ssl_info.public_key_hashes, nullptr,
+ nullptr, TransportSecurityState::DISABLE_PIN_REPORTS, &failure_log));
// Now assert an invalid one. This should fail.
EXPECT_FALSE(state.AddHPKPHeader(
@@ -866,9 +871,9 @@ TEST_F(HttpSecurityHeadersTest, IgnoreInvalidHeaders) {
// The old pins must still exist.
EXPECT_TRUE(state.HasPublicKeyPins("example.com"));
- EXPECT_TRUE(state.CheckPublicKeyPins("example.com", is_issued_by_known_root,
- ssl_info.public_key_hashes,
- &failure_log));
+ EXPECT_TRUE(state.CheckPublicKeyPins(
+ domain_port, is_issued_by_known_root, ssl_info.public_key_hashes, nullptr,
+ nullptr, TransportSecurityState::DISABLE_PIN_REPORTS, &failure_log));
}
}; // namespace net
« chrome/browser/profiles/profile_io_data.h ('K') | « net/base/hash_value.h ('k') | net/http/transport_security_state.h » ('j') | net/http/transport_security_state.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698