net/http/transport_security_persister_unittest.cc - Issue 1249823002: Revert of Parse HPKP report-uri and persist in TransportSecurityPersister

Side by Side Diff: net/http/transport_security_persister_unittest.cc

Issue 1249823002: Revert of Parse HPKP report-uri and persist in TransportSecurityPersister (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 5 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/http/transport_security_persister.h"	5 #include "net/http/transport_security_persister.h"

6	6

7 #include <map>	7 #include <map>

8 #include <string>	8 #include <string>

9 #include <vector>	9 #include <vector>

10	10

11 #include "base/files/file_path.h"	11 #include "base/files/file_path.h"

12 #include "base/files/file_util.h"	12 #include "base/files/file_util.h"

13 #include "base/files/scoped_temp_dir.h"	13 #include "base/files/scoped_temp_dir.h"

14 #include "base/message_loop/message_loop.h"	14 #include "base/message_loop/message_loop.h"

15 #include "net/http/transport_security_state.h"	15 #include "net/http/transport_security_state.h"

16 #include "testing/gtest/include/gtest/gtest.h"	16 #include "testing/gtest/include/gtest/gtest.h"

17	17

18 namespace net {	18 namespace net {

19	19

20 namespace {	20 namespace {

21	21

22 const char kReportUri[] = "http://www.example.test/report";

23

24 class TransportSecurityPersisterTest : public testing::Test {	22 class TransportSecurityPersisterTest : public testing::Test {

25 public:	23 public:

26 TransportSecurityPersisterTest() {	24 TransportSecurityPersisterTest() {

27 }	25 }

28	26

29 ~TransportSecurityPersisterTest() override {	27 ~TransportSecurityPersisterTest() override {

30 base::MessageLoopForIO::current()->RunUntilIdle();	28 base::MessageLoopForIO::current()->RunUntilIdle();

31 }	29 }

32	30

33 void SetUp() override {	31 void SetUp() override {

(...skipping 47 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
81 EXPECT_TRUE(state_.GetDynamicSTSState("foo.bar.yahoo.com", &sts_state));	79 EXPECT_TRUE(state_.GetDynamicSTSState("foo.bar.yahoo.com", &sts_state));

82 EXPECT_EQ(sts_state.upgrade_mode,	80 EXPECT_EQ(sts_state.upgrade_mode,

83 TransportSecurityState::STSState::MODE_FORCE_HTTPS);	81 TransportSecurityState::STSState::MODE_FORCE_HTTPS);

84 EXPECT_TRUE(state_.GetDynamicSTSState("foo.bar.baz.yahoo.com", &sts_state));	82 EXPECT_TRUE(state_.GetDynamicSTSState("foo.bar.baz.yahoo.com", &sts_state));

85 EXPECT_EQ(sts_state.upgrade_mode,	83 EXPECT_EQ(sts_state.upgrade_mode,

86 TransportSecurityState::STSState::MODE_FORCE_HTTPS);	84 TransportSecurityState::STSState::MODE_FORCE_HTTPS);

87 EXPECT_FALSE(state_.GetStaticDomainState("com", &sts_state, &pkp_state));	85 EXPECT_FALSE(state_.GetStaticDomainState("com", &sts_state, &pkp_state));

88 }	86 }

89	87

90 TEST_F(TransportSecurityPersisterTest, SerializeData3) {	88 TEST_F(TransportSecurityPersisterTest, SerializeData3) {

91 const GURL report_uri(kReportUri);

92 // Add an entry.	89 // Add an entry.

93 HashValue fp1(HASH_VALUE_SHA1);	90 HashValue fp1(HASH_VALUE_SHA1);

94 memset(fp1.data(), 0, fp1.size());	91 memset(fp1.data(), 0, fp1.size());

95 HashValue fp2(HASH_VALUE_SHA1);	92 HashValue fp2(HASH_VALUE_SHA1);

96 memset(fp2.data(), 1, fp2.size());	93 memset(fp2.data(), 1, fp2.size());

97 base::Time expiry =	94 base::Time expiry =

98 base::Time::Now() + base::TimeDelta::FromSeconds(1000);	95 base::Time::Now() + base::TimeDelta::FromSeconds(1000);

99 HashValueVector dynamic_spki_hashes;	96 HashValueVector dynamic_spki_hashes;

100 dynamic_spki_hashes.push_back(fp1);	97 dynamic_spki_hashes.push_back(fp1);

101 dynamic_spki_hashes.push_back(fp2);	98 dynamic_spki_hashes.push_back(fp2);

102 bool include_subdomains = false;	99 bool include_subdomains = false;

103 state_.AddHSTS("www.example.com", expiry, include_subdomains);	100 state_.AddHSTS("www.example.com", expiry, include_subdomains);

104 state_.AddHPKP("www.example.com", expiry, include_subdomains,	101 state_.AddHPKP("www.example.com", expiry, include_subdomains,

105 dynamic_spki_hashes, report_uri);	102 dynamic_spki_hashes);

106	103

107 // Add another entry.	104 // Add another entry.

108 memset(fp1.data(), 2, fp1.size());	105 memset(fp1.data(), 2, fp1.size());

109 memset(fp2.data(), 3, fp2.size());	106 memset(fp2.data(), 3, fp2.size());

110 expiry =	107 expiry =

111 base::Time::Now() + base::TimeDelta::FromSeconds(3000);	108 base::Time::Now() + base::TimeDelta::FromSeconds(3000);

112 dynamic_spki_hashes.push_back(fp1);	109 dynamic_spki_hashes.push_back(fp1);

113 dynamic_spki_hashes.push_back(fp2);	110 dynamic_spki_hashes.push_back(fp2);

114 state_.AddHSTS("www.example.net", expiry, include_subdomains);	111 state_.AddHSTS("www.example.net", expiry, include_subdomains);

115 state_.AddHPKP("www.example.net", expiry, include_subdomains,	112 state_.AddHPKP("www.example.net", expiry, include_subdomains,

116 dynamic_spki_hashes, report_uri);	113 dynamic_spki_hashes);

117	114

118 // Save a copy of everything.	115 // Save a copy of everything.

119 std::set<std::string> sts_saved;	116 std::set<std::string> sts_saved;

120 TransportSecurityState::STSStateIterator sts_iter(state_);	117 TransportSecurityState::STSStateIterator sts_iter(state_);

121 while (sts_iter.HasNext()) {	118 while (sts_iter.HasNext()) {

122 sts_saved.insert(sts_iter.hostname());	119 sts_saved.insert(sts_iter.hostname());

123 sts_iter.Advance();	120 sts_iter.Advance();

124 }	121 }

125	122

126 std::set<std::string> pkp_saved;	123 std::set<std::string> pkp_saved;

(...skipping 49 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
176 "\"expiry\": 1266815027.983453, "	173 "\"expiry\": 1266815027.983453, "

177 "\"include_subdomains\": false, "	174 "\"include_subdomains\": false, "

178 "\"mode\": \"strict\" "	175 "\"mode\": \"strict\" "

179 "}"	176 "}"

180 "}";	177 "}";

181 bool dirty;	178 bool dirty;

182 EXPECT_TRUE(persister_->LoadEntries(output, &dirty));	179 EXPECT_TRUE(persister_->LoadEntries(output, &dirty));

183 EXPECT_TRUE(dirty);	180 EXPECT_TRUE(dirty);

184 }	181 }

185	182

186 TEST_F(TransportSecurityPersisterTest, PublicKeyPins) {	183 TEST_F(TransportSecurityPersisterTest, PublicKeyHashes) {

187 const GURL report_uri(kReportUri);

188 TransportSecurityState::PKPState pkp_state;	184 TransportSecurityState::PKPState pkp_state;

189 static const char kTestDomain[] = "example.com";	185 static const char kTestDomain[] = "example.com";

190

191 EXPECT_FALSE(state_.GetDynamicPKPState(kTestDomain, &pkp_state));	186 EXPECT_FALSE(state_.GetDynamicPKPState(kTestDomain, &pkp_state));

192 HashValueVector hashes;	187 HashValueVector hashes;

193 std::string failure_log;	188 std::string failure_log;

194 EXPECT_FALSE(pkp_state.CheckPublicKeyPins(hashes, &failure_log));	189 EXPECT_FALSE(pkp_state.CheckPublicKeyPins(hashes, &failure_log));

195	190

196 HashValue sha1(HASH_VALUE_SHA1);	191 HashValue sha1(HASH_VALUE_SHA1);

197 memset(sha1.data(), '1', sha1.size());	192 memset(sha1.data(), '1', sha1.size());

198 pkp_state.spki_hashes.push_back(sha1);	193 pkp_state.spki_hashes.push_back(sha1);

199	194

200 EXPECT_FALSE(pkp_state.CheckPublicKeyPins(hashes, &failure_log));	195 EXPECT_FALSE(pkp_state.CheckPublicKeyPins(hashes, &failure_log));

201	196

202 hashes.push_back(sha1);	197 hashes.push_back(sha1);

203 EXPECT_TRUE(pkp_state.CheckPublicKeyPins(hashes, &failure_log));	198 EXPECT_TRUE(pkp_state.CheckPublicKeyPins(hashes, &failure_log));

204	199

205 hashes[0].data()[0] = '2';	200 hashes[0].data()[0] = '2';

206 EXPECT_FALSE(pkp_state.CheckPublicKeyPins(hashes, &failure_log));	201 EXPECT_FALSE(pkp_state.CheckPublicKeyPins(hashes, &failure_log));

207	202

208 const base::Time current_time(base::Time::Now());	203 const base::Time current_time(base::Time::Now());

209 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);	204 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);

210 bool include_subdomains = false;	205 bool include_subdomains = false;

211 state_.AddHSTS(kTestDomain, expiry, include_subdomains);	206 state_.AddHSTS(kTestDomain, expiry, include_subdomains);

212 state_.AddHPKP(kTestDomain, expiry, include_subdomains, pkp_state.spki_hashes,	207 state_.AddHPKP(kTestDomain, expiry, include_subdomains,

213 report_uri);	208 pkp_state.spki_hashes);

214 std::string serialized;	209 std::string serialized;

215 EXPECT_TRUE(persister_->SerializeData(&serialized));	210 EXPECT_TRUE(persister_->SerializeData(&serialized));

216 bool dirty;	211 bool dirty;

217 EXPECT_TRUE(persister_->LoadEntries(serialized, &dirty));	212 EXPECT_TRUE(persister_->LoadEntries(serialized, &dirty));

218	213

219 TransportSecurityState::PKPState new_pkp_state;	214 TransportSecurityState::PKPState new_pkp_state;

220 EXPECT_TRUE(state_.GetDynamicPKPState(kTestDomain, &new_pkp_state));	215 EXPECT_TRUE(state_.GetDynamicPKPState(kTestDomain, &new_pkp_state));

221 EXPECT_EQ(1u, new_pkp_state.spki_hashes.size());	216 EXPECT_EQ(1u, new_pkp_state.spki_hashes.size());

222 EXPECT_EQ(sha1.tag, new_pkp_state.spki_hashes[0].tag);	217 EXPECT_EQ(sha1.tag, new_pkp_state.spki_hashes[0].tag);

223 EXPECT_EQ(	218 EXPECT_EQ(

224 0, memcmp(new_pkp_state.spki_hashes[0].data(), sha1.data(), sha1.size()));	219 0, memcmp(new_pkp_state.spki_hashes[0].data(), sha1.data(), sha1.size()));

225 EXPECT_EQ(report_uri, new_pkp_state.report_uri);

226 }	220 }

227	221

228 } // namespace	222 } // namespace

229	223

230 } // namespace net	224 } // namespace net

OLD	NEW

« no previous file with comments | « net/http/transport_security_persister.cc ('k') | net/http/transport_security_state.h » ('j') | no next file with comments »