| Index: net/http/http_security_headers_unittest.cc
|
| diff --git a/net/http/http_security_headers_unittest.cc b/net/http/http_security_headers_unittest.cc
|
| index b7ddcf153179dbd147342403ad53863318c24358..f9e3e18636c6184afb0f0f589b4f79016befe767 100644
|
| --- a/net/http/http_security_headers_unittest.cc
|
| +++ b/net/http/http_security_headers_unittest.cc
|
| @@ -64,6 +64,39 @@ std::string GetTestPinUnquoted(uint8 label, HashValueTag tag) {
|
|
|
| };
|
|
|
| +// Parses the given header |value| as both a Public-Key-Pins-Report-Only
|
| +// and Public-Key-Pins header. Returns true if the value parses
|
| +// successfully for both header types, and if the parsed hashes and
|
| +// report_uri match for both header types.
|
| +bool ParseAsHPKPHeader(const std::string& value,
|
| + const HashValueVector& chain_hashes,
|
| + base::TimeDelta* max_age,
|
| + bool* include_subdomains,
|
| + HashValueVector* hashes,
|
| + GURL* report_uri) {
|
| + GURL report_only_uri;
|
| + bool report_only_include_subdomains;
|
| + HashValueVector report_only_hashes;
|
| + if (!ParseHPKPReportOnlyHeader(value, &report_only_include_subdomains,
|
| + &report_only_hashes, &report_only_uri)) {
|
| + return false;
|
| + }
|
| +
|
| + bool result = ParseHPKPHeader(value, chain_hashes, max_age,
|
| + include_subdomains, hashes, report_uri);
|
| + if (!result || report_only_include_subdomains != *include_subdomains ||
|
| + report_only_uri != *report_uri ||
|
| + report_only_hashes.size() != hashes->size()) {
|
| + return false;
|
| + }
|
| +
|
| + for (size_t i = 0; i < report_only_hashes.size(); i++) {
|
| + if (!(*hashes)[i].Equals(report_only_hashes[i]))
|
| + return false;
|
| + }
|
| +
|
| + return true;
|
| +}
|
|
|
| class HttpSecurityHeadersTest : public testing::Test {
|
| };
|
| @@ -165,104 +198,105 @@ static void TestBogusPinsHeaders(HashValueTag tag) {
|
| std::string good_pin_unquoted = GetTestPinUnquoted(2, tag);
|
| std::string backup_pin = GetTestPin(4, tag);
|
|
|
| - EXPECT_FALSE(ParseHPKPHeader(std::string(), chain_hashes, &max_age,
|
| - &include_subdomains, &hashes, &report_uri));
|
| - EXPECT_FALSE(ParseHPKPHeader(" ", chain_hashes, &max_age,
|
| - &include_subdomains, &hashes, &report_uri));
|
| - EXPECT_FALSE(ParseHPKPHeader("abc", chain_hashes, &max_age,
|
| - &include_subdomains, &hashes, &report_uri));
|
| - EXPECT_FALSE(ParseHPKPHeader(" abc", chain_hashes, &max_age,
|
| - &include_subdomains, &hashes, &report_uri));
|
| - EXPECT_FALSE(ParseHPKPHeader(" abc ", chain_hashes, &max_age,
|
| - &include_subdomains, &hashes, &report_uri));
|
| - EXPECT_FALSE(ParseHPKPHeader("max-age", chain_hashes, &max_age,
|
| - &include_subdomains, &hashes, &report_uri));
|
| - EXPECT_FALSE(ParseHPKPHeader(" max-age", chain_hashes, &max_age,
|
| - &include_subdomains, &hashes, &report_uri));
|
| - EXPECT_FALSE(ParseHPKPHeader(" max-age ", chain_hashes, &max_age,
|
| - &include_subdomains, &hashes, &report_uri));
|
| - EXPECT_FALSE(ParseHPKPHeader("max-age=", chain_hashes, &max_age,
|
| - &include_subdomains, &hashes, &report_uri));
|
| - EXPECT_FALSE(ParseHPKPHeader(" max-age=", chain_hashes, &max_age,
|
| - &include_subdomains, &hashes, &report_uri));
|
| - EXPECT_FALSE(ParseHPKPHeader(" max-age =", chain_hashes, &max_age,
|
| - &include_subdomains, &hashes, &report_uri));
|
| - EXPECT_FALSE(ParseHPKPHeader(" max-age= ", chain_hashes, &max_age,
|
| - &include_subdomains, &hashes, &report_uri));
|
| - EXPECT_FALSE(ParseHPKPHeader(" max-age = ", chain_hashes, &max_age,
|
| - &include_subdomains, &hashes, &report_uri));
|
| - EXPECT_FALSE(ParseHPKPHeader(" max-age = xy", chain_hashes, &max_age,
|
| - &include_subdomains, &hashes, &report_uri));
|
| - EXPECT_FALSE(ParseHPKPHeader(" max-age = 3488a923", chain_hashes,
|
| - &max_age, &include_subdomains, &hashes,
|
| - &report_uri));
|
| - EXPECT_FALSE(ParseHPKPHeader("max-age=3488a923 ", chain_hashes, &max_age,
|
| - &include_subdomains, &hashes, &report_uri));
|
| - EXPECT_FALSE(ParseHPKPHeader(
|
| + EXPECT_FALSE(ParseAsHPKPHeader(std::string(), chain_hashes, &max_age,
|
| + &include_subdomains, &hashes, &report_uri));
|
| + EXPECT_FALSE(ParseAsHPKPHeader(" ", chain_hashes, &max_age,
|
| + &include_subdomains, &hashes, &report_uri));
|
| + EXPECT_FALSE(ParseAsHPKPHeader("abc", chain_hashes, &max_age,
|
| + &include_subdomains, &hashes, &report_uri));
|
| + EXPECT_FALSE(ParseAsHPKPHeader(" abc", chain_hashes, &max_age,
|
| + &include_subdomains, &hashes, &report_uri));
|
| + EXPECT_FALSE(ParseAsHPKPHeader(" abc ", chain_hashes, &max_age,
|
| + &include_subdomains, &hashes, &report_uri));
|
| + EXPECT_FALSE(ParseAsHPKPHeader("max-age", chain_hashes, &max_age,
|
| + &include_subdomains, &hashes, &report_uri));
|
| + EXPECT_FALSE(ParseAsHPKPHeader(" max-age", chain_hashes, &max_age,
|
| + &include_subdomains, &hashes, &report_uri));
|
| + EXPECT_FALSE(ParseAsHPKPHeader(" max-age ", chain_hashes, &max_age,
|
| + &include_subdomains, &hashes, &report_uri));
|
| + EXPECT_FALSE(ParseAsHPKPHeader("max-age=", chain_hashes, &max_age,
|
| + &include_subdomains, &hashes, &report_uri));
|
| + EXPECT_FALSE(ParseAsHPKPHeader(" max-age=", chain_hashes, &max_age,
|
| + &include_subdomains, &hashes, &report_uri));
|
| + EXPECT_FALSE(ParseAsHPKPHeader(" max-age =", chain_hashes, &max_age,
|
| + &include_subdomains, &hashes, &report_uri));
|
| + EXPECT_FALSE(ParseAsHPKPHeader(" max-age= ", chain_hashes, &max_age,
|
| + &include_subdomains, &hashes, &report_uri));
|
| + EXPECT_FALSE(ParseAsHPKPHeader(" max-age = ", chain_hashes, &max_age,
|
| + &include_subdomains, &hashes, &report_uri));
|
| + EXPECT_FALSE(ParseAsHPKPHeader(" max-age = xy", chain_hashes, &max_age,
|
| + &include_subdomains, &hashes, &report_uri));
|
| + EXPECT_FALSE(ParseAsHPKPHeader(" max-age = 3488a923", chain_hashes,
|
| + &max_age, &include_subdomains, &hashes,
|
| + &report_uri));
|
| + EXPECT_FALSE(ParseAsHPKPHeader("max-age=3488a923 ", chain_hashes, &max_age,
|
| + &include_subdomains, &hashes, &report_uri));
|
| + EXPECT_FALSE(ParseAsHPKPHeader(
|
| "max-ag=3488923pins=" + good_pin + "," + backup_pin, chain_hashes,
|
| &max_age, &include_subdomains, &hashes, &report_uri));
|
| - EXPECT_FALSE(ParseHPKPHeader("max-age=3488923;pins=" + good_pin + "," +
|
| - backup_pin + "report-uri=\"http://foo.com\"",
|
| - chain_hashes, &max_age, &include_subdomains,
|
| - &hashes, &report_uri));
|
| - EXPECT_FALSE(ParseHPKPHeader("max-aged=3488923" + backup_pin, chain_hashes,
|
| - &max_age, &include_subdomains, &hashes,
|
| - &report_uri));
|
| - EXPECT_FALSE(ParseHPKPHeader("max-aged=3488923; " + backup_pin, chain_hashes,
|
| - &max_age, &include_subdomains, &hashes,
|
| - &report_uri));
|
| - EXPECT_FALSE(ParseHPKPHeader(
|
| + EXPECT_FALSE(ParseAsHPKPHeader(
|
| + "max-age=3488923;pins=" + good_pin + "," + backup_pin +
|
| + "report-uri=\"http://foo.com\"",
|
| + chain_hashes, &max_age, &include_subdomains, &hashes, &report_uri));
|
| + EXPECT_FALSE(ParseAsHPKPHeader("max-aged=3488923" + backup_pin, chain_hashes,
|
| + &max_age, &include_subdomains, &hashes,
|
| + &report_uri));
|
| + EXPECT_FALSE(ParseAsHPKPHeader("max-aged=3488923; " + backup_pin,
|
| + chain_hashes, &max_age, &include_subdomains,
|
| + &hashes, &report_uri));
|
| + EXPECT_FALSE(ParseAsHPKPHeader(
|
| "max-aged=3488923; " + backup_pin + ";" + backup_pin, chain_hashes,
|
| &max_age, &include_subdomains, &hashes, &report_uri));
|
| - EXPECT_FALSE(ParseHPKPHeader("max-aged=3488923; " + good_pin + ";" + good_pin,
|
| - chain_hashes, &max_age, &include_subdomains,
|
| - &hashes, &report_uri));
|
| - EXPECT_FALSE(ParseHPKPHeader("max-aged=3488923; " + good_pin, chain_hashes,
|
| - &max_age, &include_subdomains, &hashes,
|
| - &report_uri));
|
| - EXPECT_FALSE(ParseHPKPHeader("max-age==3488923", chain_hashes, &max_age,
|
| - &include_subdomains, &hashes, &report_uri));
|
| - EXPECT_FALSE(ParseHPKPHeader("amax-age=3488923", chain_hashes, &max_age,
|
| - &include_subdomains, &hashes, &report_uri));
|
| - EXPECT_FALSE(ParseHPKPHeader("max-age=-3488923", chain_hashes, &max_age,
|
| - &include_subdomains, &hashes, &report_uri));
|
| - EXPECT_FALSE(ParseHPKPHeader("max-age=3488923;", chain_hashes, &max_age,
|
| - &include_subdomains, &hashes, &report_uri));
|
| - EXPECT_FALSE(ParseHPKPHeader("max-age=3488923 e", chain_hashes, &max_age,
|
| - &include_subdomains, &hashes, &report_uri));
|
| - EXPECT_FALSE(ParseHPKPHeader("max-age=3488923 includesubdomain",
|
| - chain_hashes, &max_age, &include_subdomains,
|
| - &hashes, &report_uri));
|
| - EXPECT_FALSE(ParseHPKPHeader(
|
| + EXPECT_FALSE(ParseAsHPKPHeader(
|
| + "max-aged=3488923; " + good_pin + ";" + good_pin, chain_hashes, &max_age,
|
| + &include_subdomains, &hashes, &report_uri));
|
| + EXPECT_FALSE(ParseAsHPKPHeader("max-aged=3488923; " + good_pin, chain_hashes,
|
| + &max_age, &include_subdomains, &hashes,
|
| + &report_uri));
|
| + EXPECT_FALSE(ParseAsHPKPHeader("max-age==3488923", chain_hashes, &max_age,
|
| + &include_subdomains, &hashes, &report_uri));
|
| + EXPECT_FALSE(ParseAsHPKPHeader("amax-age=3488923", chain_hashes, &max_age,
|
| + &include_subdomains, &hashes, &report_uri));
|
| + EXPECT_FALSE(ParseAsHPKPHeader("max-age=-3488923", chain_hashes, &max_age,
|
| + &include_subdomains, &hashes, &report_uri));
|
| + EXPECT_FALSE(ParseAsHPKPHeader("max-age=3488923;", chain_hashes, &max_age,
|
| + &include_subdomains, &hashes, &report_uri));
|
| + EXPECT_FALSE(ParseAsHPKPHeader("max-age=3488923 e", chain_hashes,
|
| + &max_age, &include_subdomains, &hashes,
|
| + &report_uri));
|
| + EXPECT_FALSE(ParseAsHPKPHeader("max-age=3488923 includesubdomain",
|
| + chain_hashes, &max_age, &include_subdomains,
|
| + &hashes, &report_uri));
|
| + EXPECT_FALSE(ParseAsHPKPHeader(
|
| "max-age=3488923 report-uri=\"http://foo.com\"", chain_hashes,
|
| &max_age, &include_subdomains, &hashes, &report_uri));
|
| - EXPECT_FALSE(ParseHPKPHeader("max-age=34889.23", chain_hashes, &max_age,
|
| - &include_subdomains, &hashes, &report_uri));
|
| - EXPECT_FALSE(ParseHPKPHeader(
|
| + EXPECT_FALSE(ParseAsHPKPHeader("max-age=34889.23", chain_hashes, &max_age,
|
| + &include_subdomains, &hashes, &report_uri));
|
| + EXPECT_FALSE(ParseAsHPKPHeader(
|
| "max-age=243; " + good_pin_unquoted + ";" + backup_pin, chain_hashes,
|
| &max_age, &include_subdomains, &hashes, &report_uri));
|
| - EXPECT_FALSE(ParseHPKPHeader(
|
| + EXPECT_FALSE(ParseAsHPKPHeader(
|
| "max-age=243; " + good_pin + ";" + backup_pin + ";report-uri=;",
|
| chain_hashes, &max_age, &include_subdomains, &hashes, &report_uri));
|
| - EXPECT_FALSE(ParseHPKPHeader("max-age=243; " + good_pin + ";" + backup_pin +
|
| - ";report-uri=http://foo.com;",
|
| - chain_hashes, &max_age, &include_subdomains,
|
| - &hashes, &report_uri));
|
| - EXPECT_FALSE(ParseHPKPHeader(
|
| + EXPECT_FALSE(ParseAsHPKPHeader("max-age=243; " + good_pin + ";" + backup_pin +
|
| + ";report-uri=http://foo.com;",
|
| + chain_hashes, &max_age, &include_subdomains,
|
| + &hashes, &report_uri));
|
| + EXPECT_FALSE(ParseAsHPKPHeader(
|
| "max-age=243; " + good_pin + ";" + backup_pin + ";report-uri=''",
|
| chain_hashes, &max_age, &include_subdomains, &hashes, &report_uri));
|
|
|
| // Test that the parser rejects misquoted strings.
|
| - EXPECT_FALSE(ParseHPKPHeader("max-age=999; " + backup_pin + "; " + good_pin +
|
| - "; report-uri=\"http://foo;bar\'",
|
| - chain_hashes, &max_age, &include_subdomains,
|
| - &hashes, &report_uri));
|
| + EXPECT_FALSE(ParseAsHPKPHeader(
|
| + "max-age=999; " + backup_pin + "; " + good_pin +
|
| + "; report-uri=\"http://foo;bar\'",
|
| + chain_hashes, &max_age, &include_subdomains, &hashes, &report_uri));
|
|
|
| // Test that the parser rejects invalid report-uris.
|
| - EXPECT_FALSE(ParseHPKPHeader("max-age=999; " + backup_pin + "; " + good_pin +
|
| - "; report-uri=\"foo;bar\'",
|
| - chain_hashes, &max_age, &include_subdomains,
|
| - &hashes, &report_uri));
|
| + EXPECT_FALSE(ParseAsHPKPHeader("max-age=999; " + backup_pin + "; " +
|
| + good_pin + "; report-uri=\"foo;bar\'",
|
| + chain_hashes, &max_age, &include_subdomains,
|
| + &hashes, &report_uri));
|
|
|
| // Check the out args were not updated by checking the default
|
| // values for its predictable fields.
|
| @@ -446,25 +480,25 @@ static void TestValidPKPHeaders(HashValueTag tag) {
|
| std::string good_pin2 = GetTestPin(3, tag);
|
| std::string backup_pin = GetTestPin(4, tag);
|
|
|
| - EXPECT_TRUE(ParseHPKPHeader("max-age=243; " + good_pin + ";" + backup_pin,
|
| - chain_hashes, &max_age, &include_subdomains,
|
| - &hashes, &report_uri));
|
| + EXPECT_TRUE(ParseAsHPKPHeader("max-age=243; " + good_pin + ";" + backup_pin,
|
| + chain_hashes, &max_age, &include_subdomains,
|
| + &hashes, &report_uri));
|
| expect_max_age = base::TimeDelta::FromSeconds(243);
|
| EXPECT_EQ(expect_max_age, max_age);
|
| EXPECT_FALSE(include_subdomains);
|
| EXPECT_TRUE(report_uri.is_empty());
|
|
|
| - EXPECT_TRUE(ParseHPKPHeader("max-age=243; " + good_pin + ";" + backup_pin +
|
| - "; report-uri= \"http://example.test/foo\"",
|
| - chain_hashes, &max_age, &include_subdomains,
|
| - &hashes, &report_uri));
|
| + EXPECT_TRUE(ParseAsHPKPHeader("max-age=243; " + good_pin + ";" + backup_pin +
|
| + "; report-uri= \"http://example.test/foo\"",
|
| + chain_hashes, &max_age, &include_subdomains,
|
| + &hashes, &report_uri));
|
| expect_max_age = base::TimeDelta::FromSeconds(243);
|
| expect_report_uri = GURL("http://example.test/foo");
|
| EXPECT_EQ(expect_max_age, max_age);
|
| EXPECT_FALSE(include_subdomains);
|
| EXPECT_EQ(expect_report_uri, report_uri);
|
|
|
| - EXPECT_TRUE(ParseHPKPHeader(
|
| + EXPECT_TRUE(ParseAsHPKPHeader(
|
| " " + good_pin + "; " + backup_pin +
|
| " ; Max-agE = 567; repOrT-URi = \"http://example.test/foo\"",
|
| chain_hashes, &max_age, &include_subdomains, &hashes, &report_uri));
|
| @@ -474,29 +508,29 @@ static void TestValidPKPHeaders(HashValueTag tag) {
|
| EXPECT_FALSE(include_subdomains);
|
| EXPECT_EQ(expect_report_uri, report_uri);
|
|
|
| - EXPECT_TRUE(ParseHPKPHeader("includeSubDOMAINS;" + good_pin + ";" +
|
| - backup_pin + " ; mAx-aGe = 890 ",
|
| - chain_hashes, &max_age, &include_subdomains,
|
| - &hashes, &report_uri));
|
| + EXPECT_TRUE(ParseAsHPKPHeader("includeSubDOMAINS;" + good_pin + ";" +
|
| + backup_pin + " ; mAx-aGe = 890 ",
|
| + chain_hashes, &max_age, &include_subdomains,
|
| + &hashes, &report_uri));
|
| expect_max_age = base::TimeDelta::FromSeconds(890);
|
| EXPECT_EQ(expect_max_age, max_age);
|
| EXPECT_TRUE(include_subdomains);
|
|
|
| - EXPECT_TRUE(ParseHPKPHeader(
|
| + EXPECT_TRUE(ParseAsHPKPHeader(
|
| good_pin + ";" + backup_pin + "; max-age=123;IGNORED;", chain_hashes,
|
| &max_age, &include_subdomains, &hashes, &report_uri));
|
| expect_max_age = base::TimeDelta::FromSeconds(123);
|
| EXPECT_EQ(expect_max_age, max_age);
|
| EXPECT_FALSE(include_subdomains);
|
|
|
| - EXPECT_TRUE(ParseHPKPHeader(
|
| + EXPECT_TRUE(ParseAsHPKPHeader(
|
| "max-age=394082;" + backup_pin + ";" + good_pin + "; ", chain_hashes,
|
| &max_age, &include_subdomains, &hashes, &report_uri));
|
| expect_max_age = base::TimeDelta::FromSeconds(394082);
|
| EXPECT_EQ(expect_max_age, max_age);
|
| EXPECT_FALSE(include_subdomains);
|
|
|
| - EXPECT_TRUE(ParseHPKPHeader(
|
| + EXPECT_TRUE(ParseAsHPKPHeader(
|
| "max-age=39408299 ;" + backup_pin + ";" + good_pin + "; ", chain_hashes,
|
| &max_age, &include_subdomains, &hashes, &report_uri));
|
| expect_max_age = base::TimeDelta::FromSeconds(
|
| @@ -504,7 +538,7 @@ static void TestValidPKPHeaders(HashValueTag tag) {
|
| EXPECT_EQ(expect_max_age, max_age);
|
| EXPECT_FALSE(include_subdomains);
|
|
|
| - EXPECT_TRUE(ParseHPKPHeader(
|
| + EXPECT_TRUE(ParseAsHPKPHeader(
|
| "max-age=39408038 ; cybers=39408038 ; includeSubdomains; " +
|
| good_pin + ";" + backup_pin + "; ",
|
| chain_hashes, &max_age, &include_subdomains, &hashes, &report_uri));
|
| @@ -513,21 +547,21 @@ static void TestValidPKPHeaders(HashValueTag tag) {
|
| EXPECT_EQ(expect_max_age, max_age);
|
| EXPECT_TRUE(include_subdomains);
|
|
|
| - EXPECT_TRUE(ParseHPKPHeader(" max-age=0 ; " + good_pin + ";" + backup_pin,
|
| - chain_hashes, &max_age, &include_subdomains,
|
| - &hashes, &report_uri));
|
| + EXPECT_TRUE(ParseAsHPKPHeader(
|
| + " max-age=0 ; " + good_pin + ";" + backup_pin, chain_hashes, &max_age,
|
| + &include_subdomains, &hashes, &report_uri));
|
| expect_max_age = base::TimeDelta::FromSeconds(0);
|
| EXPECT_EQ(expect_max_age, max_age);
|
| EXPECT_FALSE(include_subdomains);
|
|
|
| - EXPECT_TRUE(ParseHPKPHeader(
|
| + EXPECT_TRUE(ParseAsHPKPHeader(
|
| " max-age=0 ; includeSubdomains; " + good_pin + ";" + backup_pin,
|
| chain_hashes, &max_age, &include_subdomains, &hashes, &report_uri));
|
| expect_max_age = base::TimeDelta::FromSeconds(0);
|
| EXPECT_EQ(expect_max_age, max_age);
|
| EXPECT_TRUE(include_subdomains);
|
|
|
| - EXPECT_TRUE(ParseHPKPHeader(
|
| + EXPECT_TRUE(ParseAsHPKPHeader(
|
| " max-age=999999999999999999999999999999999999999999999 ; " +
|
| backup_pin + ";" + good_pin + "; ",
|
| chain_hashes, &max_age, &include_subdomains, &hashes, &report_uri));
|
| @@ -535,7 +569,7 @@ static void TestValidPKPHeaders(HashValueTag tag) {
|
| EXPECT_EQ(expect_max_age, max_age);
|
| EXPECT_FALSE(include_subdomains);
|
|
|
| - EXPECT_TRUE(ParseHPKPHeader(
|
| + EXPECT_TRUE(ParseAsHPKPHeader(
|
| " max-age=999999999999999999999999999999999999999999999 ; " +
|
| backup_pin + ";" + good_pin +
|
| "; report-uri=\"http://example.test/foo\"",
|
| @@ -548,21 +582,21 @@ static void TestValidPKPHeaders(HashValueTag tag) {
|
|
|
| // Test that parsing a different header resets the hashes.
|
| hashes.clear();
|
| - EXPECT_TRUE(ParseHPKPHeader(
|
| + EXPECT_TRUE(ParseAsHPKPHeader(
|
| " max-age=999; " + backup_pin + ";" + good_pin + "; ", chain_hashes,
|
| &max_age, &include_subdomains, &hashes, &report_uri));
|
| EXPECT_EQ(2u, hashes.size());
|
| - EXPECT_TRUE(ParseHPKPHeader(
|
| + EXPECT_TRUE(ParseAsHPKPHeader(
|
| " max-age=999; " + backup_pin + ";" + good_pin2 + "; ", chain_hashes,
|
| &max_age, &include_subdomains, &hashes, &report_uri));
|
| EXPECT_EQ(2u, hashes.size());
|
|
|
| // Test that the parser correctly parses an unencoded ';' inside a
|
| // quoted report-uri.
|
| - EXPECT_TRUE(ParseHPKPHeader("max-age=999; " + backup_pin + "; " + good_pin +
|
| - "; report-uri=\"http://foo.com/?;bar\"",
|
| - chain_hashes, &max_age, &include_subdomains,
|
| - &hashes, &report_uri));
|
| + EXPECT_TRUE(ParseAsHPKPHeader("max-age=999; " + backup_pin + "; " + good_pin +
|
| + "; report-uri=\"http://foo.com/?;bar\"",
|
| + chain_hashes, &max_age, &include_subdomains,
|
| + &hashes, &report_uri));
|
| expect_max_age = base::TimeDelta::FromSeconds(999);
|
| expect_report_uri = GURL("http://foo.com/?;bar");
|
| EXPECT_EQ(expect_max_age, max_age);
|
| @@ -574,33 +608,41 @@ static void TestValidPKPHeaders(HashValueTag tag) {
|
| std::string uri = "http://foo.com/";
|
| uri += char(0x7f);
|
| expect_report_uri = GURL(uri);
|
| - EXPECT_TRUE(ParseHPKPHeader("max-age=999; " + backup_pin + "; " + good_pin +
|
| - "; report-uri=\"" + uri + "\"",
|
| - chain_hashes, &max_age, &include_subdomains,
|
| - &hashes, &report_uri));
|
| + EXPECT_TRUE(ParseAsHPKPHeader("max-age=999; " + backup_pin + "; " + good_pin +
|
| + "; report-uri=\"" + uri + "\"",
|
| + chain_hashes, &max_age, &include_subdomains,
|
| + &hashes, &report_uri));
|
| expect_max_age = base::TimeDelta::FromSeconds(999);
|
| EXPECT_EQ(expect_max_age, max_age);
|
| EXPECT_FALSE(include_subdomains);
|
| EXPECT_EQ(expect_report_uri, report_uri);
|
|
|
| // Test that the parser allows quoted max-age values.
|
| - EXPECT_TRUE(ParseHPKPHeader("max-age='999'; " + backup_pin + "; " + good_pin,
|
| - chain_hashes, &max_age, &include_subdomains,
|
| - &hashes, &report_uri));
|
| + EXPECT_TRUE(ParseAsHPKPHeader(
|
| + "max-age='999'; " + backup_pin + "; " + good_pin, chain_hashes, &max_age,
|
| + &include_subdomains, &hashes, &report_uri));
|
| expect_max_age = base::TimeDelta::FromSeconds(999);
|
| EXPECT_EQ(expect_max_age, max_age);
|
| EXPECT_FALSE(include_subdomains);
|
|
|
| // Test that the parser handles escaped values.
|
| expect_report_uri = GURL("http://foo.com'a");
|
| - EXPECT_TRUE(ParseHPKPHeader("max-age=999; " + backup_pin + "; " + good_pin +
|
| - "; report-uri='http://foo.com\\'\\a'",
|
| - chain_hashes, &max_age, &include_subdomains,
|
| - &hashes, &report_uri));
|
| + EXPECT_TRUE(ParseAsHPKPHeader("max-age=999; " + backup_pin + "; " + good_pin +
|
| + "; report-uri='http://foo.com\\'\\a'",
|
| + chain_hashes, &max_age, &include_subdomains,
|
| + &hashes, &report_uri));
|
| expect_max_age = base::TimeDelta::FromSeconds(999);
|
| EXPECT_EQ(expect_max_age, max_age);
|
| EXPECT_FALSE(include_subdomains);
|
| EXPECT_EQ(expect_report_uri, report_uri);
|
| +
|
| + // Test that the parser does not require max-age for Report-Only
|
| + // headers.
|
| + expect_report_uri = GURL("http://foo.com");
|
| + EXPECT_TRUE(ParseHPKPReportOnlyHeader(
|
| + backup_pin + "; " + good_pin + "; report-uri='http://foo.com'",
|
| + &include_subdomains, &hashes, &report_uri));
|
| + EXPECT_EQ(expect_report_uri, report_uri);
|
| }
|
|
|
| TEST_F(HttpSecurityHeadersTest, BogusPinsHeadersSHA1) {
|
|
|
Chromium Code Reviews
Issue 1267513003:
Add parsing for Public-Key-Pins-Report-Only header (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master