Process Public-Key-Pin-Report-Only headers

net/http/transport_security_state_unittest.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/http/transport_security_state.h"
 
 #include <algorithm>
 #include <string>
 #include <vector>
 
@@ skipping 39 matching lines @@
     : public TransportSecurityState::ReportSender {
  public:
   MockCertificateReportSender() {}
   ~MockCertificateReportSender() override {}
 
   void Send(const GURL& report_uri, const std::string& report) override {
     latest_report_uri_ = report_uri;
     latest_report_ = report;
   }
 
+  void Clear() {
+    latest_report_uri_ = GURL();
+    latest_report_ = std::string();
+  }
+
   const GURL& latest_report_uri() { return latest_report_uri_; }
   const std::string& latest_report() { return latest_report_; }
 
  private:
   GURL latest_report_uri_;
   std::string latest_report_;
 };
 
 void CompareCertificateChainWithList(
     const scoped_refptr<X509Certificate>& cert_chain,
@@ skipping 1199 matching lines @@
       TransportSecurityState::ENABLE_PIN_REPORTS, &failure_log));
 
   // Now a report should have been sent. Check that it contains the
   // right information.
   EXPECT_EQ(report_uri, mock_report_sender.latest_report_uri());
   std::string report = mock_report_sender.latest_report();
   ASSERT_FALSE(report.empty());
   ASSERT_NO_FATAL_FAILURE(CheckHPKPReport(report, host_port_pair, expiry, true,
                                           kHost, cert1.get(), cert2.get(),
                                           good_hashes));
-
+  mock_report_sender.Clear();
   EXPECT_FALSE(state.CheckPublicKeyPins(
       subdomain_host_port_pair, true, bad_hashes, cert1.get(), cert2.get(),
       TransportSecurityState::ENABLE_PIN_REPORTS, &failure_log));
 
   // Now a report should have been sent for the subdomain. Check that it
   // contains the right information.
   EXPECT_EQ(report_uri, mock_report_sender.latest_report_uri());
   report = mock_report_sender.latest_report();
   ASSERT_FALSE(report.empty());
   ASSERT_NO_FATAL_FAILURE(CheckHPKPReport(report, subdomain_host_port_pair,
                                           expiry, true, kHost, cert1.get(),
                                           cert2.get(), good_hashes));
+
+  // Check that a report is not sent for a Report-Only header with no
+  // violation.

[Ryan Sleevi, 2015/07/30 01:52:17]

Seems like this could / should just be a new test? In general, lots of tests
(even if they duplicate some state) isn't the end of the world :)

[estark, 2015/07/31 00:49:44]

Done.

+  mock_report_sender.Clear();
+  const std::string pin1 = "m9lHYJYke9k0GtVZ+bXSQYE8nDI=";
+  const std::string pin2 = "o5OZxATDsgmwgcIfIWIneMJ0jkw=";
+  const std::string pin3 = "wHqYaI2J+6sFZAwRfap9ZbjKzE4=";
+  std::string header = "pin-sha1=\"" + pin1 + "\";pin-sha1=\"" + pin2 +
+                       "\";pin-sha1=\"" + pin3 + "\";report-uri=\"" +
+                       report_uri.spec() + "\"";
+  SSLInfo ssl_info;
+  ssl_info.is_issued_by_known_root = true;
+  ssl_info.unverified_cert = cert1;
+  ssl_info.cert = cert2;
+  for (size_t i = 0; kGoodPath[i]; i++)
+    EXPECT_TRUE(AddHash(kGoodPath[i], &ssl_info.public_key_hashes));
+
+  EXPECT_TRUE(
+      state.ProcessHPKPReportOnlyHeader(host_port_pair, header, ssl_info));
+  EXPECT_EQ(GURL(), mock_report_sender.latest_report_uri());
+  EXPECT_EQ(std::string(), mock_report_sender.latest_report());
+
+  // Check that a report is sent for a Report-Only header with a
+  // violation.
+  ssl_info.public_key_hashes.clear();
+  for (size_t i = 0; kBadPath[i]; i++)
+    EXPECT_TRUE(AddHash(kBadPath[i], &ssl_info.public_key_hashes));
+
+  EXPECT_TRUE(
+      state.ProcessHPKPReportOnlyHeader(host_port_pair, header, ssl_info));
+  EXPECT_EQ(report_uri, mock_report_sender.latest_report_uri());
+  report = mock_report_sender.latest_report();
+  ASSERT_FALSE(report.empty());
+  ASSERT_NO_FATAL_FAILURE(CheckHPKPReport(report, host_port_pair, expiry, false,
+                                          kHost, cert1.get(), cert2.get(),
+                                          good_hashes));
+
+  // Test that Report-Only reports are not sent on certs that chain to
+  // local roots.

[Ryan Sleevi, 2015/07/30 01:52:17]

Ditto here as perhaps a unique test.

[estark, 2015/07/31 00:49:44]

Done.

+  mock_report_sender.Clear();
+  ssl_info.is_issued_by_known_root = false;
+  EXPECT_TRUE(
+      state.ProcessHPKPReportOnlyHeader(host_port_pair, header, ssl_info));
+  EXPECT_EQ(GURL(), mock_report_sender.latest_report_uri());
+  EXPECT_EQ(std::string(), mock_report_sender.latest_report());
+
+  // Test that ProcessHPKPReportOnlyHeader() returns false if a
+  // report-uri wasn't specified or if the header fails to parse;

[Ryan Sleevi, 2015/07/30 01:52:16]

Ditto for unique test :)

[estark, 2015/07/31 00:49:44]

Done.

+  header = "pin-sha1=\"" + pin1 + "\";pin-sha1=\"" + pin2 + "\";pin-sha1=\"" +
+           pin3 + "\"";
+  EXPECT_FALSE(
+      state.ProcessHPKPReportOnlyHeader(host_port_pair, header, ssl_info));
+  header = "pin-sha1=\"" + pin1 + "\";pin-sha1=\"" + pin2 + "\";pin-sha1=\"" +
+           pin3 + "\";report-uri=\"";
+  EXPECT_FALSE(
+      state.ProcessHPKPReportOnlyHeader(host_port_pair, header, ssl_info));
 }
 
 }  // namespace net