Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(552)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/http/http_security_headers_unittest.cc

Issue 1267513003: Add parsing for Public-Key-Pins-Report-Only header (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« net/http/http_security_headers.h ('K') | « net/http/http_security_headers.cc ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/http/http_security_headers_unittest.cc
diff --git a/net/http/http_security_headers_unittest.cc b/net/http/http_security_headers_unittest.cc
index b7ddcf153179dbd147342403ad53863318c24358..8ddadd2555b88ce88f6c4864644e0082bfb14dc1 100644
--- a/net/http/http_security_headers_unittest.cc
+++ b/net/http/http_security_headers_unittest.cc
@@ -64,6 +64,37 @@ std::string GetTestPinUnquoted(uint8 label, HashValueTag tag) {
};
+// Parses the given header |value| as both a Public-Key-Pins-Report-Only
+// and Public-Key-Pins header. Returns true if the value parses
+// successfully for both header types, and if the parsed hashes and
+// report_uri match for both header types.
+bool ParseBothHPKPHeaders(const std::string& value,
Ryan Sleevi 2015/07/30 01:43:50 Naming wise, this feels a bit odd - you're not par
estark 2015/07/30 02:43:49 I thought it might be weird to shadow net::ParseHP
Ryan Sleevi 2015/07/30 02:53:32 ParsesAsHPKPHeader ? :)
estark 2015/07/30 15:21:21 Done.
+ const HashValueVector& chain_hashes,
+ base::TimeDelta* max_age,
+ bool* include_subdomains,
+ HashValueVector* hashes,
+ GURL* report_uri) {
+ GURL report_only_uri;
+ HashValueVector report_only_hashes;
+ if (!ParseHPKPReportOnlyHeader(value, &report_only_hashes,
+ &report_only_uri)) {
+ return false;
+ }
+
+ bool result = ParseHPKPHeader(value, chain_hashes, max_age,
+ include_subdomains, hashes, report_uri);
+ if (!result || report_only_uri != *report_uri ||
+ report_only_hashes.size() != hashes->size()) {
+ return false;
+ }
+
+ for (size_t i = 0; i < report_only_hashes.size(); i++) {
+ if (!(*hashes)[i].Equals(report_only_hashes[i]))
+ return false;
+ }
+
+ return true;
+}
class HttpSecurityHeadersTest : public testing::Test {
};
@@ -165,104 +196,108 @@ static void TestBogusPinsHeaders(HashValueTag tag) {
std::string good_pin_unquoted = GetTestPinUnquoted(2, tag);
std::string backup_pin = GetTestPin(4, tag);
- EXPECT_FALSE(ParseHPKPHeader(std::string(), chain_hashes, &max_age,
- &include_subdomains, &hashes, &report_uri));
- EXPECT_FALSE(ParseHPKPHeader(" ", chain_hashes, &max_age,
- &include_subdomains, &hashes, &report_uri));
- EXPECT_FALSE(ParseHPKPHeader("abc", chain_hashes, &max_age,
- &include_subdomains, &hashes, &report_uri));
- EXPECT_FALSE(ParseHPKPHeader(" abc", chain_hashes, &max_age,
- &include_subdomains, &hashes, &report_uri));
- EXPECT_FALSE(ParseHPKPHeader(" abc ", chain_hashes, &max_age,
- &include_subdomains, &hashes, &report_uri));
- EXPECT_FALSE(ParseHPKPHeader("max-age", chain_hashes, &max_age,
- &include_subdomains, &hashes, &report_uri));
- EXPECT_FALSE(ParseHPKPHeader(" max-age", chain_hashes, &max_age,
- &include_subdomains, &hashes, &report_uri));
- EXPECT_FALSE(ParseHPKPHeader(" max-age ", chain_hashes, &max_age,
- &include_subdomains, &hashes, &report_uri));
- EXPECT_FALSE(ParseHPKPHeader("max-age=", chain_hashes, &max_age,
- &include_subdomains, &hashes, &report_uri));
- EXPECT_FALSE(ParseHPKPHeader(" max-age=", chain_hashes, &max_age,
- &include_subdomains, &hashes, &report_uri));
- EXPECT_FALSE(ParseHPKPHeader(" max-age =", chain_hashes, &max_age,
- &include_subdomains, &hashes, &report_uri));
- EXPECT_FALSE(ParseHPKPHeader(" max-age= ", chain_hashes, &max_age,
- &include_subdomains, &hashes, &report_uri));
- EXPECT_FALSE(ParseHPKPHeader(" max-age = ", chain_hashes, &max_age,
- &include_subdomains, &hashes, &report_uri));
- EXPECT_FALSE(ParseHPKPHeader(" max-age = xy", chain_hashes, &max_age,
- &include_subdomains, &hashes, &report_uri));
- EXPECT_FALSE(ParseHPKPHeader(" max-age = 3488a923", chain_hashes,
- &max_age, &include_subdomains, &hashes,
- &report_uri));
- EXPECT_FALSE(ParseHPKPHeader("max-age=3488a923 ", chain_hashes, &max_age,
- &include_subdomains, &hashes, &report_uri));
- EXPECT_FALSE(ParseHPKPHeader(
+ EXPECT_FALSE(ParseBothHPKPHeaders(std::string(), chain_hashes, &max_age,
+ &include_subdomains, &hashes, &report_uri));
+ EXPECT_FALSE(ParseBothHPKPHeaders(" ", chain_hashes, &max_age,
+ &include_subdomains, &hashes, &report_uri));
+ EXPECT_FALSE(ParseBothHPKPHeaders("abc", chain_hashes, &max_age,
+ &include_subdomains, &hashes, &report_uri));
+ EXPECT_FALSE(ParseBothHPKPHeaders(" abc", chain_hashes, &max_age,
+ &include_subdomains, &hashes, &report_uri));
+ EXPECT_FALSE(ParseBothHPKPHeaders(" abc ", chain_hashes, &max_age,
+ &include_subdomains, &hashes, &report_uri));
+ EXPECT_FALSE(ParseBothHPKPHeaders("max-age", chain_hashes, &max_age,
+ &include_subdomains, &hashes, &report_uri));
+ EXPECT_FALSE(ParseBothHPKPHeaders(" max-age", chain_hashes, &max_age,
+ &include_subdomains, &hashes, &report_uri));
+ EXPECT_FALSE(ParseBothHPKPHeaders(" max-age ", chain_hashes, &max_age,
+ &include_subdomains, &hashes, &report_uri));
+ EXPECT_FALSE(ParseBothHPKPHeaders("max-age=", chain_hashes, &max_age,
+ &include_subdomains, &hashes, &report_uri));
+ EXPECT_FALSE(ParseBothHPKPHeaders(" max-age=", chain_hashes, &max_age,
+ &include_subdomains, &hashes, &report_uri));
+ EXPECT_FALSE(ParseBothHPKPHeaders(" max-age =", chain_hashes, &max_age,
+ &include_subdomains, &hashes, &report_uri));
+ EXPECT_FALSE(ParseBothHPKPHeaders(" max-age= ", chain_hashes, &max_age,
+ &include_subdomains, &hashes, &report_uri));
+ EXPECT_FALSE(ParseBothHPKPHeaders(" max-age = ", chain_hashes,
+ &max_age, &include_subdomains, &hashes,
+ &report_uri));
+ EXPECT_FALSE(ParseBothHPKPHeaders(" max-age = xy", chain_hashes,
+ &max_age, &include_subdomains, &hashes,
+ &report_uri));
+ EXPECT_FALSE(ParseBothHPKPHeaders(" max-age = 3488a923", chain_hashes,
+ &max_age, &include_subdomains, &hashes,
+ &report_uri));
+ EXPECT_FALSE(ParseBothHPKPHeaders("max-age=3488a923 ", chain_hashes,
+ &max_age, &include_subdomains, &hashes,
+ &report_uri));
+ EXPECT_FALSE(ParseBothHPKPHeaders(
"max-ag=3488923pins=" + good_pin + "," + backup_pin, chain_hashes,
&max_age, &include_subdomains, &hashes, &report_uri));
- EXPECT_FALSE(ParseHPKPHeader("max-age=3488923;pins=" + good_pin + "," +
- backup_pin + "report-uri=\"http://foo.com\"",
- chain_hashes, &max_age, &include_subdomains,
- &hashes, &report_uri));
- EXPECT_FALSE(ParseHPKPHeader("max-aged=3488923" + backup_pin, chain_hashes,
- &max_age, &include_subdomains, &hashes,
- &report_uri));
- EXPECT_FALSE(ParseHPKPHeader("max-aged=3488923; " + backup_pin, chain_hashes,
- &max_age, &include_subdomains, &hashes,
- &report_uri));
- EXPECT_FALSE(ParseHPKPHeader(
+ EXPECT_FALSE(ParseBothHPKPHeaders(
+ "max-age=3488923;pins=" + good_pin + "," + backup_pin +
+ "report-uri=\"http://foo.com\"",
+ chain_hashes, &max_age, &include_subdomains, &hashes, &report_uri));
+ EXPECT_FALSE(ParseBothHPKPHeaders("max-aged=3488923" + backup_pin,
+ chain_hashes, &max_age, &include_subdomains,
+ &hashes, &report_uri));
+ EXPECT_FALSE(ParseBothHPKPHeaders("max-aged=3488923; " + backup_pin,
+ chain_hashes, &max_age, &include_subdomains,
+ &hashes, &report_uri));
+ EXPECT_FALSE(ParseBothHPKPHeaders(
"max-aged=3488923; " + backup_pin + ";" + backup_pin, chain_hashes,
&max_age, &include_subdomains, &hashes, &report_uri));
- EXPECT_FALSE(ParseHPKPHeader("max-aged=3488923; " + good_pin + ";" + good_pin,
- chain_hashes, &max_age, &include_subdomains,
- &hashes, &report_uri));
- EXPECT_FALSE(ParseHPKPHeader("max-aged=3488923; " + good_pin, chain_hashes,
- &max_age, &include_subdomains, &hashes,
- &report_uri));
- EXPECT_FALSE(ParseHPKPHeader("max-age==3488923", chain_hashes, &max_age,
- &include_subdomains, &hashes, &report_uri));
- EXPECT_FALSE(ParseHPKPHeader("amax-age=3488923", chain_hashes, &max_age,
- &include_subdomains, &hashes, &report_uri));
- EXPECT_FALSE(ParseHPKPHeader("max-age=-3488923", chain_hashes, &max_age,
- &include_subdomains, &hashes, &report_uri));
- EXPECT_FALSE(ParseHPKPHeader("max-age=3488923;", chain_hashes, &max_age,
- &include_subdomains, &hashes, &report_uri));
- EXPECT_FALSE(ParseHPKPHeader("max-age=3488923 e", chain_hashes, &max_age,
- &include_subdomains, &hashes, &report_uri));
- EXPECT_FALSE(ParseHPKPHeader("max-age=3488923 includesubdomain",
- chain_hashes, &max_age, &include_subdomains,
- &hashes, &report_uri));
- EXPECT_FALSE(ParseHPKPHeader(
+ EXPECT_FALSE(ParseBothHPKPHeaders(
+ "max-aged=3488923; " + good_pin + ";" + good_pin, chain_hashes, &max_age,
+ &include_subdomains, &hashes, &report_uri));
+ EXPECT_FALSE(ParseBothHPKPHeaders("max-aged=3488923; " + good_pin,
+ chain_hashes, &max_age, &include_subdomains,
+ &hashes, &report_uri));
+ EXPECT_FALSE(ParseBothHPKPHeaders("max-age==3488923", chain_hashes, &max_age,
+ &include_subdomains, &hashes, &report_uri));
+ EXPECT_FALSE(ParseBothHPKPHeaders("amax-age=3488923", chain_hashes, &max_age,
+ &include_subdomains, &hashes, &report_uri));
+ EXPECT_FALSE(ParseBothHPKPHeaders("max-age=-3488923", chain_hashes, &max_age,
+ &include_subdomains, &hashes, &report_uri));
+ EXPECT_FALSE(ParseBothHPKPHeaders("max-age=3488923;", chain_hashes, &max_age,
+ &include_subdomains, &hashes, &report_uri));
+ EXPECT_FALSE(ParseBothHPKPHeaders("max-age=3488923 e", chain_hashes,
+ &max_age, &include_subdomains, &hashes,
+ &report_uri));
+ EXPECT_FALSE(ParseBothHPKPHeaders("max-age=3488923 includesubdomain",
+ chain_hashes, &max_age, &include_subdomains,
+ &hashes, &report_uri));
+ EXPECT_FALSE(ParseBothHPKPHeaders(
"max-age=3488923 report-uri=\"http://foo.com\"", chain_hashes,
&max_age, &include_subdomains, &hashes, &report_uri));
- EXPECT_FALSE(ParseHPKPHeader("max-age=34889.23", chain_hashes, &max_age,
- &include_subdomains, &hashes, &report_uri));
- EXPECT_FALSE(ParseHPKPHeader(
+ EXPECT_FALSE(ParseBothHPKPHeaders("max-age=34889.23", chain_hashes, &max_age,
+ &include_subdomains, &hashes, &report_uri));
+ EXPECT_FALSE(ParseBothHPKPHeaders(
"max-age=243; " + good_pin_unquoted + ";" + backup_pin, chain_hashes,
&max_age, &include_subdomains, &hashes, &report_uri));
- EXPECT_FALSE(ParseHPKPHeader(
+ EXPECT_FALSE(ParseBothHPKPHeaders(
"max-age=243; " + good_pin + ";" + backup_pin + ";report-uri=;",
chain_hashes, &max_age, &include_subdomains, &hashes, &report_uri));
- EXPECT_FALSE(ParseHPKPHeader("max-age=243; " + good_pin + ";" + backup_pin +
- ";report-uri=http://foo.com;",
- chain_hashes, &max_age, &include_subdomains,
- &hashes, &report_uri));
- EXPECT_FALSE(ParseHPKPHeader(
+ EXPECT_FALSE(ParseBothHPKPHeaders(
+ "max-age=243; " + good_pin + ";" + backup_pin +
+ ";report-uri=http://foo.com;",
+ chain_hashes, &max_age, &include_subdomains, &hashes, &report_uri));
+ EXPECT_FALSE(ParseBothHPKPHeaders(
"max-age=243; " + good_pin + ";" + backup_pin + ";report-uri=''",
chain_hashes, &max_age, &include_subdomains, &hashes, &report_uri));
// Test that the parser rejects misquoted strings.
- EXPECT_FALSE(ParseHPKPHeader("max-age=999; " + backup_pin + "; " + good_pin +
- "; report-uri=\"http://foo;bar\'",
- chain_hashes, &max_age, &include_subdomains,
- &hashes, &report_uri));
+ EXPECT_FALSE(ParseBothHPKPHeaders(
+ "max-age=999; " + backup_pin + "; " + good_pin +
+ "; report-uri=\"http://foo;bar\'",
+ chain_hashes, &max_age, &include_subdomains, &hashes, &report_uri));
// Test that the parser rejects invalid report-uris.
- EXPECT_FALSE(ParseHPKPHeader("max-age=999; " + backup_pin + "; " + good_pin +
- "; report-uri=\"foo;bar\'",
- chain_hashes, &max_age, &include_subdomains,
- &hashes, &report_uri));
+ EXPECT_FALSE(ParseBothHPKPHeaders("max-age=999; " + backup_pin + "; " +
+ good_pin + "; report-uri=\"foo;bar\'",
+ chain_hashes, &max_age, &include_subdomains,
+ &hashes, &report_uri));
// Check the out args were not updated by checking the default
// values for its predictable fields.
@@ -446,25 +481,25 @@ static void TestValidPKPHeaders(HashValueTag tag) {
std::string good_pin2 = GetTestPin(3, tag);
std::string backup_pin = GetTestPin(4, tag);
- EXPECT_TRUE(ParseHPKPHeader("max-age=243; " + good_pin + ";" + backup_pin,
- chain_hashes, &max_age, &include_subdomains,
- &hashes, &report_uri));
+ EXPECT_TRUE(ParseBothHPKPHeaders(
+ "max-age=243; " + good_pin + ";" + backup_pin, chain_hashes, &max_age,
+ &include_subdomains, &hashes, &report_uri));
expect_max_age = base::TimeDelta::FromSeconds(243);
EXPECT_EQ(expect_max_age, max_age);
EXPECT_FALSE(include_subdomains);
EXPECT_TRUE(report_uri.is_empty());
- EXPECT_TRUE(ParseHPKPHeader("max-age=243; " + good_pin + ";" + backup_pin +
- "; report-uri= \"http://example.test/foo\"",
- chain_hashes, &max_age, &include_subdomains,
- &hashes, &report_uri));
+ EXPECT_TRUE(ParseBothHPKPHeaders(
+ "max-age=243; " + good_pin + ";" + backup_pin +
+ "; report-uri= \"http://example.test/foo\"",
+ chain_hashes, &max_age, &include_subdomains, &hashes, &report_uri));
expect_max_age = base::TimeDelta::FromSeconds(243);
expect_report_uri = GURL("http://example.test/foo");
EXPECT_EQ(expect_max_age, max_age);
EXPECT_FALSE(include_subdomains);
EXPECT_EQ(expect_report_uri, report_uri);
- EXPECT_TRUE(ParseHPKPHeader(
+ EXPECT_TRUE(ParseBothHPKPHeaders(
" " + good_pin + "; " + backup_pin +
" ; Max-agE = 567; repOrT-URi = \"http://example.test/foo\"",
chain_hashes, &max_age, &include_subdomains, &hashes, &report_uri));
@@ -474,29 +509,29 @@ static void TestValidPKPHeaders(HashValueTag tag) {
EXPECT_FALSE(include_subdomains);
EXPECT_EQ(expect_report_uri, report_uri);
- EXPECT_TRUE(ParseHPKPHeader("includeSubDOMAINS;" + good_pin + ";" +
- backup_pin + " ; mAx-aGe = 890 ",
- chain_hashes, &max_age, &include_subdomains,
- &hashes, &report_uri));
+ EXPECT_TRUE(ParseBothHPKPHeaders(
+ "includeSubDOMAINS;" + good_pin + ";" + backup_pin +
+ " ; mAx-aGe = 890 ",
+ chain_hashes, &max_age, &include_subdomains, &hashes, &report_uri));
expect_max_age = base::TimeDelta::FromSeconds(890);
EXPECT_EQ(expect_max_age, max_age);
EXPECT_TRUE(include_subdomains);
- EXPECT_TRUE(ParseHPKPHeader(
+ EXPECT_TRUE(ParseBothHPKPHeaders(
good_pin + ";" + backup_pin + "; max-age=123;IGNORED;", chain_hashes,
&max_age, &include_subdomains, &hashes, &report_uri));
expect_max_age = base::TimeDelta::FromSeconds(123);
EXPECT_EQ(expect_max_age, max_age);
EXPECT_FALSE(include_subdomains);
- EXPECT_TRUE(ParseHPKPHeader(
+ EXPECT_TRUE(ParseBothHPKPHeaders(
"max-age=394082;" + backup_pin + ";" + good_pin + "; ", chain_hashes,
&max_age, &include_subdomains, &hashes, &report_uri));
expect_max_age = base::TimeDelta::FromSeconds(394082);
EXPECT_EQ(expect_max_age, max_age);
EXPECT_FALSE(include_subdomains);
- EXPECT_TRUE(ParseHPKPHeader(
+ EXPECT_TRUE(ParseBothHPKPHeaders(
"max-age=39408299 ;" + backup_pin + ";" + good_pin + "; ", chain_hashes,
&max_age, &include_subdomains, &hashes, &report_uri));
expect_max_age = base::TimeDelta::FromSeconds(
@@ -504,7 +539,7 @@ static void TestValidPKPHeaders(HashValueTag tag) {
EXPECT_EQ(expect_max_age, max_age);
EXPECT_FALSE(include_subdomains);
- EXPECT_TRUE(ParseHPKPHeader(
+ EXPECT_TRUE(ParseBothHPKPHeaders(
"max-age=39408038 ; cybers=39408038 ; includeSubdomains; " +
good_pin + ";" + backup_pin + "; ",
chain_hashes, &max_age, &include_subdomains, &hashes, &report_uri));
@@ -513,21 +548,21 @@ static void TestValidPKPHeaders(HashValueTag tag) {
EXPECT_EQ(expect_max_age, max_age);
EXPECT_TRUE(include_subdomains);
- EXPECT_TRUE(ParseHPKPHeader(" max-age=0 ; " + good_pin + ";" + backup_pin,
- chain_hashes, &max_age, &include_subdomains,
- &hashes, &report_uri));
+ EXPECT_TRUE(ParseBothHPKPHeaders(
+ " max-age=0 ; " + good_pin + ";" + backup_pin, chain_hashes, &max_age,
+ &include_subdomains, &hashes, &report_uri));
expect_max_age = base::TimeDelta::FromSeconds(0);
EXPECT_EQ(expect_max_age, max_age);
EXPECT_FALSE(include_subdomains);
- EXPECT_TRUE(ParseHPKPHeader(
+ EXPECT_TRUE(ParseBothHPKPHeaders(
" max-age=0 ; includeSubdomains; " + good_pin + ";" + backup_pin,
chain_hashes, &max_age, &include_subdomains, &hashes, &report_uri));
expect_max_age = base::TimeDelta::FromSeconds(0);
EXPECT_EQ(expect_max_age, max_age);
EXPECT_TRUE(include_subdomains);
- EXPECT_TRUE(ParseHPKPHeader(
+ EXPECT_TRUE(ParseBothHPKPHeaders(
" max-age=999999999999999999999999999999999999999999999 ; " +
backup_pin + ";" + good_pin + "; ",
chain_hashes, &max_age, &include_subdomains, &hashes, &report_uri));
@@ -535,7 +570,7 @@ static void TestValidPKPHeaders(HashValueTag tag) {
EXPECT_EQ(expect_max_age, max_age);
EXPECT_FALSE(include_subdomains);
- EXPECT_TRUE(ParseHPKPHeader(
+ EXPECT_TRUE(ParseBothHPKPHeaders(
" max-age=999999999999999999999999999999999999999999999 ; " +
backup_pin + ";" + good_pin +
"; report-uri=\"http://example.test/foo\"",
@@ -548,21 +583,21 @@ static void TestValidPKPHeaders(HashValueTag tag) {
// Test that parsing a different header resets the hashes.
hashes.clear();
- EXPECT_TRUE(ParseHPKPHeader(
+ EXPECT_TRUE(ParseBothHPKPHeaders(
" max-age=999; " + backup_pin + ";" + good_pin + "; ", chain_hashes,
&max_age, &include_subdomains, &hashes, &report_uri));
EXPECT_EQ(2u, hashes.size());
- EXPECT_TRUE(ParseHPKPHeader(
+ EXPECT_TRUE(ParseBothHPKPHeaders(
" max-age=999; " + backup_pin + ";" + good_pin2 + "; ", chain_hashes,
&max_age, &include_subdomains, &hashes, &report_uri));
EXPECT_EQ(2u, hashes.size());
// Test that the parser correctly parses an unencoded ';' inside a
// quoted report-uri.
- EXPECT_TRUE(ParseHPKPHeader("max-age=999; " + backup_pin + "; " + good_pin +
- "; report-uri=\"http://foo.com/?;bar\"",
- chain_hashes, &max_age, &include_subdomains,
- &hashes, &report_uri));
+ EXPECT_TRUE(ParseBothHPKPHeaders(
+ "max-age=999; " + backup_pin + "; " + good_pin +
+ "; report-uri=\"http://foo.com/?;bar\"",
+ chain_hashes, &max_age, &include_subdomains, &hashes, &report_uri));
expect_max_age = base::TimeDelta::FromSeconds(999);
expect_report_uri = GURL("http://foo.com/?;bar");
EXPECT_EQ(expect_max_age, max_age);
@@ -574,33 +609,41 @@ static void TestValidPKPHeaders(HashValueTag tag) {
std::string uri = "http://foo.com/";
uri += char(0x7f);
expect_report_uri = GURL(uri);
- EXPECT_TRUE(ParseHPKPHeader("max-age=999; " + backup_pin + "; " + good_pin +
- "; report-uri=\"" + uri + "\"",
- chain_hashes, &max_age, &include_subdomains,
- &hashes, &report_uri));
+ EXPECT_TRUE(ParseBothHPKPHeaders(
+ "max-age=999; " + backup_pin + "; " + good_pin + "; report-uri=\"" + uri +
+ "\"",
+ chain_hashes, &max_age, &include_subdomains, &hashes, &report_uri));
expect_max_age = base::TimeDelta::FromSeconds(999);
EXPECT_EQ(expect_max_age, max_age);
EXPECT_FALSE(include_subdomains);
EXPECT_EQ(expect_report_uri, report_uri);
// Test that the parser allows quoted max-age values.
- EXPECT_TRUE(ParseHPKPHeader("max-age='999'; " + backup_pin + "; " + good_pin,
- chain_hashes, &max_age, &include_subdomains,
- &hashes, &report_uri));
+ EXPECT_TRUE(ParseBothHPKPHeaders(
+ "max-age='999'; " + backup_pin + "; " + good_pin, chain_hashes, &max_age,
+ &include_subdomains, &hashes, &report_uri));
expect_max_age = base::TimeDelta::FromSeconds(999);
EXPECT_EQ(expect_max_age, max_age);
EXPECT_FALSE(include_subdomains);
// Test that the parser handles escaped values.
expect_report_uri = GURL("http://foo.com'a");
- EXPECT_TRUE(ParseHPKPHeader("max-age=999; " + backup_pin + "; " + good_pin +
- "; report-uri='http://foo.com\\'\\a'",
- chain_hashes, &max_age, &include_subdomains,
- &hashes, &report_uri));
+ EXPECT_TRUE(ParseBothHPKPHeaders(
+ "max-age=999; " + backup_pin + "; " + good_pin +
+ "; report-uri='http://foo.com\\'\\a'",
+ chain_hashes, &max_age, &include_subdomains, &hashes, &report_uri));
expect_max_age = base::TimeDelta::FromSeconds(999);
EXPECT_EQ(expect_max_age, max_age);
EXPECT_FALSE(include_subdomains);
EXPECT_EQ(expect_report_uri, report_uri);
+
+ // Test that the parser does not require max-age for Report-Only
+ // headers.
+ expect_report_uri = GURL("http://foo.com");
+ EXPECT_TRUE(ParseHPKPReportOnlyHeader(
+ backup_pin + "; " + good_pin + "; report-uri='http://foo.com'", &hashes,
+ &report_uri));
+ EXPECT_EQ(expect_report_uri, report_uri);
}
TEST_F(HttpSecurityHeadersTest, BogusPinsHeadersSHA1) {
« net/http/http_security_headers.h ('K') | « net/http/http_security_headers.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698