OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/http/transport_security_persister.h" | 5 #include "net/http/transport_security_persister.h" |
6 | 6 |
7 #include <map> | 7 #include <map> |
8 #include <string> | 8 #include <string> |
9 #include <vector> | 9 #include <vector> |
10 | 10 |
11 #include "base/files/file_path.h" | 11 #include "base/files/file_path.h" |
12 #include "base/files/file_util.h" | 12 #include "base/files/file_util.h" |
13 #include "base/files/scoped_temp_dir.h" | 13 #include "base/files/scoped_temp_dir.h" |
14 #include "base/message_loop/message_loop.h" | 14 #include "base/message_loop/message_loop.h" |
15 #include "net/http/transport_security_state.h" | 15 #include "net/http/transport_security_state.h" |
16 #include "testing/gtest/include/gtest/gtest.h" | 16 #include "testing/gtest/include/gtest/gtest.h" |
17 | 17 |
18 namespace net { | 18 namespace net { |
19 | 19 |
20 namespace { | 20 namespace { |
21 | 21 |
22 const char kReportUri[] = "http://www.example.test/report"; | |
23 | |
24 class TransportSecurityPersisterTest : public testing::Test { | 22 class TransportSecurityPersisterTest : public testing::Test { |
25 public: | 23 public: |
26 TransportSecurityPersisterTest() { | 24 TransportSecurityPersisterTest() { |
27 } | 25 } |
28 | 26 |
29 ~TransportSecurityPersisterTest() override { | 27 ~TransportSecurityPersisterTest() override { |
30 base::MessageLoopForIO::current()->RunUntilIdle(); | 28 base::MessageLoopForIO::current()->RunUntilIdle(); |
31 } | 29 } |
32 | 30 |
33 void SetUp() override { | 31 void SetUp() override { |
(...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
81 EXPECT_TRUE(state_.GetDynamicSTSState("foo.bar.yahoo.com", &sts_state)); | 79 EXPECT_TRUE(state_.GetDynamicSTSState("foo.bar.yahoo.com", &sts_state)); |
82 EXPECT_EQ(sts_state.upgrade_mode, | 80 EXPECT_EQ(sts_state.upgrade_mode, |
83 TransportSecurityState::STSState::MODE_FORCE_HTTPS); | 81 TransportSecurityState::STSState::MODE_FORCE_HTTPS); |
84 EXPECT_TRUE(state_.GetDynamicSTSState("foo.bar.baz.yahoo.com", &sts_state)); | 82 EXPECT_TRUE(state_.GetDynamicSTSState("foo.bar.baz.yahoo.com", &sts_state)); |
85 EXPECT_EQ(sts_state.upgrade_mode, | 83 EXPECT_EQ(sts_state.upgrade_mode, |
86 TransportSecurityState::STSState::MODE_FORCE_HTTPS); | 84 TransportSecurityState::STSState::MODE_FORCE_HTTPS); |
87 EXPECT_FALSE(state_.GetStaticDomainState("com", &sts_state, &pkp_state)); | 85 EXPECT_FALSE(state_.GetStaticDomainState("com", &sts_state, &pkp_state)); |
88 } | 86 } |
89 | 87 |
90 TEST_F(TransportSecurityPersisterTest, SerializeData3) { | 88 TEST_F(TransportSecurityPersisterTest, SerializeData3) { |
91 const GURL report_uri(kReportUri); | |
92 // Add an entry. | 89 // Add an entry. |
93 HashValue fp1(HASH_VALUE_SHA1); | 90 HashValue fp1(HASH_VALUE_SHA1); |
94 memset(fp1.data(), 0, fp1.size()); | 91 memset(fp1.data(), 0, fp1.size()); |
95 HashValue fp2(HASH_VALUE_SHA1); | 92 HashValue fp2(HASH_VALUE_SHA1); |
96 memset(fp2.data(), 1, fp2.size()); | 93 memset(fp2.data(), 1, fp2.size()); |
97 base::Time expiry = | 94 base::Time expiry = |
98 base::Time::Now() + base::TimeDelta::FromSeconds(1000); | 95 base::Time::Now() + base::TimeDelta::FromSeconds(1000); |
99 HashValueVector dynamic_spki_hashes; | 96 HashValueVector dynamic_spki_hashes; |
100 dynamic_spki_hashes.push_back(fp1); | 97 dynamic_spki_hashes.push_back(fp1); |
101 dynamic_spki_hashes.push_back(fp2); | 98 dynamic_spki_hashes.push_back(fp2); |
102 bool include_subdomains = false; | 99 bool include_subdomains = false; |
103 state_.AddHSTS("www.example.com", expiry, include_subdomains); | 100 state_.AddHSTS("www.example.com", expiry, include_subdomains); |
104 state_.AddHPKP("www.example.com", expiry, include_subdomains, | 101 state_.AddHPKP("www.example.com", expiry, include_subdomains, |
105 dynamic_spki_hashes, report_uri); | 102 dynamic_spki_hashes); |
106 | 103 |
107 // Add another entry. | 104 // Add another entry. |
108 memset(fp1.data(), 2, fp1.size()); | 105 memset(fp1.data(), 2, fp1.size()); |
109 memset(fp2.data(), 3, fp2.size()); | 106 memset(fp2.data(), 3, fp2.size()); |
110 expiry = | 107 expiry = |
111 base::Time::Now() + base::TimeDelta::FromSeconds(3000); | 108 base::Time::Now() + base::TimeDelta::FromSeconds(3000); |
112 dynamic_spki_hashes.push_back(fp1); | 109 dynamic_spki_hashes.push_back(fp1); |
113 dynamic_spki_hashes.push_back(fp2); | 110 dynamic_spki_hashes.push_back(fp2); |
114 state_.AddHSTS("www.example.net", expiry, include_subdomains); | 111 state_.AddHSTS("www.example.net", expiry, include_subdomains); |
115 state_.AddHPKP("www.example.net", expiry, include_subdomains, | 112 state_.AddHPKP("www.example.net", expiry, include_subdomains, |
116 dynamic_spki_hashes, report_uri); | 113 dynamic_spki_hashes); |
117 | 114 |
118 // Save a copy of everything. | 115 // Save a copy of everything. |
119 std::set<std::string> sts_saved; | 116 std::set<std::string> sts_saved; |
120 TransportSecurityState::STSStateIterator sts_iter(state_); | 117 TransportSecurityState::STSStateIterator sts_iter(state_); |
121 while (sts_iter.HasNext()) { | 118 while (sts_iter.HasNext()) { |
122 sts_saved.insert(sts_iter.hostname()); | 119 sts_saved.insert(sts_iter.hostname()); |
123 sts_iter.Advance(); | 120 sts_iter.Advance(); |
124 } | 121 } |
125 | 122 |
126 std::set<std::string> pkp_saved; | 123 std::set<std::string> pkp_saved; |
(...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
176 "\"expiry\": 1266815027.983453, " | 173 "\"expiry\": 1266815027.983453, " |
177 "\"include_subdomains\": false, " | 174 "\"include_subdomains\": false, " |
178 "\"mode\": \"strict\" " | 175 "\"mode\": \"strict\" " |
179 "}" | 176 "}" |
180 "}"; | 177 "}"; |
181 bool dirty; | 178 bool dirty; |
182 EXPECT_TRUE(persister_->LoadEntries(output, &dirty)); | 179 EXPECT_TRUE(persister_->LoadEntries(output, &dirty)); |
183 EXPECT_TRUE(dirty); | 180 EXPECT_TRUE(dirty); |
184 } | 181 } |
185 | 182 |
186 TEST_F(TransportSecurityPersisterTest, PublicKeyPins) { | 183 TEST_F(TransportSecurityPersisterTest, PublicKeyHashes) { |
187 const GURL report_uri(kReportUri); | |
188 TransportSecurityState::PKPState pkp_state; | 184 TransportSecurityState::PKPState pkp_state; |
189 static const char kTestDomain[] = "example.com"; | 185 static const char kTestDomain[] = "example.com"; |
190 | |
191 EXPECT_FALSE(state_.GetDynamicPKPState(kTestDomain, &pkp_state)); | 186 EXPECT_FALSE(state_.GetDynamicPKPState(kTestDomain, &pkp_state)); |
192 HashValueVector hashes; | 187 HashValueVector hashes; |
193 std::string failure_log; | 188 std::string failure_log; |
194 EXPECT_FALSE(pkp_state.CheckPublicKeyPins(hashes, &failure_log)); | 189 EXPECT_FALSE(pkp_state.CheckPublicKeyPins(hashes, &failure_log)); |
195 | 190 |
196 HashValue sha1(HASH_VALUE_SHA1); | 191 HashValue sha1(HASH_VALUE_SHA1); |
197 memset(sha1.data(), '1', sha1.size()); | 192 memset(sha1.data(), '1', sha1.size()); |
198 pkp_state.spki_hashes.push_back(sha1); | 193 pkp_state.spki_hashes.push_back(sha1); |
199 | 194 |
200 EXPECT_FALSE(pkp_state.CheckPublicKeyPins(hashes, &failure_log)); | 195 EXPECT_FALSE(pkp_state.CheckPublicKeyPins(hashes, &failure_log)); |
201 | 196 |
202 hashes.push_back(sha1); | 197 hashes.push_back(sha1); |
203 EXPECT_TRUE(pkp_state.CheckPublicKeyPins(hashes, &failure_log)); | 198 EXPECT_TRUE(pkp_state.CheckPublicKeyPins(hashes, &failure_log)); |
204 | 199 |
205 hashes[0].data()[0] = '2'; | 200 hashes[0].data()[0] = '2'; |
206 EXPECT_FALSE(pkp_state.CheckPublicKeyPins(hashes, &failure_log)); | 201 EXPECT_FALSE(pkp_state.CheckPublicKeyPins(hashes, &failure_log)); |
207 | 202 |
208 const base::Time current_time(base::Time::Now()); | 203 const base::Time current_time(base::Time::Now()); |
209 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); | 204 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); |
210 bool include_subdomains = false; | 205 bool include_subdomains = false; |
211 state_.AddHSTS(kTestDomain, expiry, include_subdomains); | 206 state_.AddHSTS(kTestDomain, expiry, include_subdomains); |
212 state_.AddHPKP(kTestDomain, expiry, include_subdomains, pkp_state.spki_hashes, | 207 state_.AddHPKP(kTestDomain, expiry, include_subdomains, |
213 report_uri); | 208 pkp_state.spki_hashes); |
214 std::string serialized; | 209 std::string serialized; |
215 EXPECT_TRUE(persister_->SerializeData(&serialized)); | 210 EXPECT_TRUE(persister_->SerializeData(&serialized)); |
216 bool dirty; | 211 bool dirty; |
217 EXPECT_TRUE(persister_->LoadEntries(serialized, &dirty)); | 212 EXPECT_TRUE(persister_->LoadEntries(serialized, &dirty)); |
218 | 213 |
219 TransportSecurityState::PKPState new_pkp_state; | 214 TransportSecurityState::PKPState new_pkp_state; |
220 EXPECT_TRUE(state_.GetDynamicPKPState(kTestDomain, &new_pkp_state)); | 215 EXPECT_TRUE(state_.GetDynamicPKPState(kTestDomain, &new_pkp_state)); |
221 EXPECT_EQ(1u, new_pkp_state.spki_hashes.size()); | 216 EXPECT_EQ(1u, new_pkp_state.spki_hashes.size()); |
222 EXPECT_EQ(sha1.tag, new_pkp_state.spki_hashes[0].tag); | 217 EXPECT_EQ(sha1.tag, new_pkp_state.spki_hashes[0].tag); |
223 EXPECT_EQ( | 218 EXPECT_EQ( |
224 0, memcmp(new_pkp_state.spki_hashes[0].data(), sha1.data(), sha1.size())); | 219 0, memcmp(new_pkp_state.spki_hashes[0].data(), sha1.data(), sha1.size())); |
225 EXPECT_EQ(report_uri, new_pkp_state.report_uri); | |
226 } | 220 } |
227 | 221 |
228 } // namespace | 222 } // namespace |
229 | 223 |
230 } // namespace net | 224 } // namespace net |
OLD | NEW |