OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <stdint.h> | 5 #include <stdint.h> |
6 #include <algorithm> | 6 #include <algorithm> |
7 | 7 |
8 #include "base/base64.h" | 8 #include "base/base64.h" |
9 #include "base/strings/string_piece.h" | 9 #include "base/strings/string_piece.h" |
10 #include "crypto/sha2.h" | 10 #include "crypto/sha2.h" |
11 #include "net/base/host_port_pair.h" | 11 #include "net/base/host_port_pair.h" |
12 #include "net/base/test_completion_callback.h" | 12 #include "net/base/test_completion_callback.h" |
13 #include "net/http/http_security_headers.h" | 13 #include "net/http/http_security_headers.h" |
14 #include "net/http/http_util.h" | 14 #include "net/http/http_util.h" |
15 #include "net/http/transport_security_state.h" | 15 #include "net/http/transport_security_state.h" |
16 #include "net/log/net_log.h" | 16 #include "net/log/net_log.h" |
17 #include "net/ssl/ssl_info.h" | 17 #include "net/ssl/ssl_info.h" |
18 #include "testing/gtest/include/gtest/gtest.h" | 18 #include "testing/gtest/include/gtest/gtest.h" |
19 | 19 |
20 namespace net { | 20 namespace net { |
21 | 21 |
22 namespace { | 22 namespace { |
23 | 23 |
24 HashValue GetTestHashValue(uint8 label, HashValueTag tag) { | 24 HashValue GetTestHashValue(uint8_t label, HashValueTag tag) { |
25 HashValue hash_value(tag); | 25 HashValue hash_value(tag); |
26 memset(hash_value.data(), label, hash_value.size()); | 26 memset(hash_value.data(), label, hash_value.size()); |
27 return hash_value; | 27 return hash_value; |
28 } | 28 } |
29 | 29 |
30 std::string GetTestPinImpl(uint8 label, HashValueTag tag, bool quoted) { | 30 std::string GetTestPinImpl(uint8_t label, HashValueTag tag, bool quoted) { |
31 HashValue hash_value = GetTestHashValue(label, tag); | 31 HashValue hash_value = GetTestHashValue(label, tag); |
32 std::string base64; | 32 std::string base64; |
33 base::Base64Encode(base::StringPiece( | 33 base::Base64Encode(base::StringPiece( |
34 reinterpret_cast<char*>(hash_value.data()), hash_value.size()), &base64); | 34 reinterpret_cast<char*>(hash_value.data()), hash_value.size()), &base64); |
35 | 35 |
36 std::string ret; | 36 std::string ret; |
37 switch (hash_value.tag) { | 37 switch (hash_value.tag) { |
38 case HASH_VALUE_SHA256: | 38 case HASH_VALUE_SHA256: |
39 ret = "pin-sha256="; | 39 ret = "pin-sha256="; |
40 break; | 40 break; |
41 default: | 41 default: |
42 NOTREACHED() << "Unknown HashValueTag " << hash_value.tag; | 42 NOTREACHED() << "Unknown HashValueTag " << hash_value.tag; |
43 return std::string("ERROR"); | 43 return std::string("ERROR"); |
44 } | 44 } |
45 if (quoted) | 45 if (quoted) |
46 ret += '\"'; | 46 ret += '\"'; |
47 ret += base64; | 47 ret += base64; |
48 if (quoted) | 48 if (quoted) |
49 ret += '\"'; | 49 ret += '\"'; |
50 return ret; | 50 return ret; |
51 } | 51 } |
52 | 52 |
53 std::string GetTestPin(uint8 label, HashValueTag tag) { | 53 std::string GetTestPin(uint8_t label, HashValueTag tag) { |
54 return GetTestPinImpl(label, tag, true); | 54 return GetTestPinImpl(label, tag, true); |
55 } | 55 } |
56 | 56 |
57 std::string GetTestPinUnquoted(uint8 label, HashValueTag tag) { | 57 std::string GetTestPinUnquoted(uint8_t label, HashValueTag tag) { |
58 return GetTestPinImpl(label, tag, false); | 58 return GetTestPinImpl(label, tag, false); |
59 } | 59 } |
60 | 60 |
61 }; | 61 }; |
62 | 62 |
63 // Parses the given header |value| as both a Public-Key-Pins-Report-Only | 63 // Parses the given header |value| as both a Public-Key-Pins-Report-Only |
64 // and Public-Key-Pins header. Returns true if the value parses | 64 // and Public-Key-Pins header. Returns true if the value parses |
65 // successfully for both header types, and if the parsed hashes and | 65 // successfully for both header types, and if the parsed hashes and |
66 // report_uri match for both header types. | 66 // report_uri match for both header types. |
67 bool ParseAsHPKPHeader(const std::string& value, | 67 bool ParseAsHPKPHeader(const std::string& value, |
(...skipping 314 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
382 EXPECT_TRUE(ParseHSTSHeader("max-age=394082; incLudesUbdOmains", | 382 EXPECT_TRUE(ParseHSTSHeader("max-age=394082; incLudesUbdOmains", |
383 &max_age, &include_subdomains)); | 383 &max_age, &include_subdomains)); |
384 expect_max_age = base::TimeDelta::FromSeconds(394082); | 384 expect_max_age = base::TimeDelta::FromSeconds(394082); |
385 EXPECT_EQ(expect_max_age, max_age); | 385 EXPECT_EQ(expect_max_age, max_age); |
386 EXPECT_TRUE(include_subdomains); | 386 EXPECT_TRUE(include_subdomains); |
387 | 387 |
388 EXPECT_TRUE(ParseHSTSHeader( | 388 EXPECT_TRUE(ParseHSTSHeader( |
389 "max-age=39408299 ;incLudesUbdOmains", &max_age, | 389 "max-age=39408299 ;incLudesUbdOmains", &max_age, |
390 &include_subdomains)); | 390 &include_subdomains)); |
391 expect_max_age = base::TimeDelta::FromSeconds( | 391 expect_max_age = base::TimeDelta::FromSeconds( |
392 std::min(kMaxHSTSAgeSecs, static_cast<int64>(INT64_C(39408299)))); | 392 std::min(kMaxHSTSAgeSecs, static_cast<int64_t>(INT64_C(39408299)))); |
393 EXPECT_EQ(expect_max_age, max_age); | 393 EXPECT_EQ(expect_max_age, max_age); |
394 EXPECT_TRUE(include_subdomains); | 394 EXPECT_TRUE(include_subdomains); |
395 | 395 |
396 EXPECT_TRUE(ParseHSTSHeader( | 396 EXPECT_TRUE(ParseHSTSHeader( |
397 "max-age=394082038 ; incLudesUbdOmains", &max_age, | 397 "max-age=394082038 ; incLudesUbdOmains", &max_age, |
398 &include_subdomains)); | 398 &include_subdomains)); |
399 expect_max_age = base::TimeDelta::FromSeconds( | 399 expect_max_age = base::TimeDelta::FromSeconds( |
400 std::min(kMaxHSTSAgeSecs, static_cast<int64>(INT64_C(394082038)))); | 400 std::min(kMaxHSTSAgeSecs, static_cast<int64_t>(INT64_C(394082038)))); |
401 EXPECT_EQ(expect_max_age, max_age); | 401 EXPECT_EQ(expect_max_age, max_age); |
402 EXPECT_TRUE(include_subdomains); | 402 EXPECT_TRUE(include_subdomains); |
403 | 403 |
404 EXPECT_TRUE(ParseHSTSHeader( | 404 EXPECT_TRUE(ParseHSTSHeader( |
405 "max-age=394082038 ; incLudesUbdOmains;", &max_age, | 405 "max-age=394082038 ; incLudesUbdOmains;", &max_age, |
406 &include_subdomains)); | 406 &include_subdomains)); |
407 expect_max_age = base::TimeDelta::FromSeconds( | 407 expect_max_age = base::TimeDelta::FromSeconds( |
408 std::min(kMaxHSTSAgeSecs, static_cast<int64>(INT64_C(394082038)))); | 408 std::min(kMaxHSTSAgeSecs, static_cast<int64_t>(INT64_C(394082038)))); |
409 EXPECT_EQ(expect_max_age, max_age); | 409 EXPECT_EQ(expect_max_age, max_age); |
410 EXPECT_TRUE(include_subdomains); | 410 EXPECT_TRUE(include_subdomains); |
411 | 411 |
412 EXPECT_TRUE(ParseHSTSHeader( | 412 EXPECT_TRUE(ParseHSTSHeader( |
413 ";; max-age=394082038 ; incLudesUbdOmains; ;", &max_age, | 413 ";; max-age=394082038 ; incLudesUbdOmains; ;", &max_age, |
414 &include_subdomains)); | 414 &include_subdomains)); |
415 expect_max_age = base::TimeDelta::FromSeconds( | 415 expect_max_age = base::TimeDelta::FromSeconds( |
416 std::min(kMaxHSTSAgeSecs, static_cast<int64>(INT64_C(394082038)))); | 416 std::min(kMaxHSTSAgeSecs, static_cast<int64_t>(INT64_C(394082038)))); |
417 EXPECT_EQ(expect_max_age, max_age); | 417 EXPECT_EQ(expect_max_age, max_age); |
418 EXPECT_TRUE(include_subdomains); | 418 EXPECT_TRUE(include_subdomains); |
419 | 419 |
420 EXPECT_TRUE(ParseHSTSHeader( | 420 EXPECT_TRUE(ParseHSTSHeader( |
421 ";; max-age=394082038 ;", &max_age, | 421 ";; max-age=394082038 ;", &max_age, |
422 &include_subdomains)); | 422 &include_subdomains)); |
423 expect_max_age = base::TimeDelta::FromSeconds( | 423 expect_max_age = base::TimeDelta::FromSeconds( |
424 std::min(kMaxHSTSAgeSecs, static_cast<int64>(INT64_C(394082038)))); | 424 std::min(kMaxHSTSAgeSecs, static_cast<int64_t>(INT64_C(394082038)))); |
425 EXPECT_EQ(expect_max_age, max_age); | 425 EXPECT_EQ(expect_max_age, max_age); |
426 EXPECT_FALSE(include_subdomains); | 426 EXPECT_FALSE(include_subdomains); |
427 | 427 |
428 EXPECT_TRUE(ParseHSTSHeader( | 428 EXPECT_TRUE(ParseHSTSHeader( |
429 ";; ; ; max-age=394082038;;; includeSubdomains ;; ;", &max_age, | 429 ";; ; ; max-age=394082038;;; includeSubdomains ;; ;", &max_age, |
430 &include_subdomains)); | 430 &include_subdomains)); |
431 expect_max_age = base::TimeDelta::FromSeconds( | 431 expect_max_age = base::TimeDelta::FromSeconds( |
432 std::min(kMaxHSTSAgeSecs, static_cast<int64>(INT64_C(394082038)))); | 432 std::min(kMaxHSTSAgeSecs, static_cast<int64_t>(INT64_C(394082038)))); |
433 EXPECT_EQ(expect_max_age, max_age); | 433 EXPECT_EQ(expect_max_age, max_age); |
434 EXPECT_TRUE(include_subdomains); | 434 EXPECT_TRUE(include_subdomains); |
435 | 435 |
436 EXPECT_TRUE(ParseHSTSHeader( | 436 EXPECT_TRUE(ParseHSTSHeader( |
437 "incLudesUbdOmains ; max-age=394082038 ;;", &max_age, | 437 "incLudesUbdOmains ; max-age=394082038 ;;", &max_age, |
438 &include_subdomains)); | 438 &include_subdomains)); |
439 expect_max_age = base::TimeDelta::FromSeconds( | 439 expect_max_age = base::TimeDelta::FromSeconds( |
440 std::min(kMaxHSTSAgeSecs, static_cast<int64>(INT64_C(394082038)))); | 440 std::min(kMaxHSTSAgeSecs, static_cast<int64_t>(INT64_C(394082038)))); |
441 EXPECT_EQ(expect_max_age, max_age); | 441 EXPECT_EQ(expect_max_age, max_age); |
442 EXPECT_TRUE(include_subdomains); | 442 EXPECT_TRUE(include_subdomains); |
443 | 443 |
444 EXPECT_TRUE(ParseHSTSHeader( | 444 EXPECT_TRUE(ParseHSTSHeader( |
445 " max-age=0 ; incLudesUbdOmains ", &max_age, | 445 " max-age=0 ; incLudesUbdOmains ", &max_age, |
446 &include_subdomains)); | 446 &include_subdomains)); |
447 expect_max_age = base::TimeDelta::FromSeconds(0); | 447 expect_max_age = base::TimeDelta::FromSeconds(0); |
448 EXPECT_EQ(expect_max_age, max_age); | 448 EXPECT_EQ(expect_max_age, max_age); |
449 EXPECT_TRUE(include_subdomains); | 449 EXPECT_TRUE(include_subdomains); |
450 | 450 |
(...skipping 72 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
523 "max-age=394082;" + backup_pin + ";" + good_pin + "; ", chain_hashes, | 523 "max-age=394082;" + backup_pin + ";" + good_pin + "; ", chain_hashes, |
524 &max_age, &include_subdomains, &hashes, &report_uri)); | 524 &max_age, &include_subdomains, &hashes, &report_uri)); |
525 expect_max_age = base::TimeDelta::FromSeconds(394082); | 525 expect_max_age = base::TimeDelta::FromSeconds(394082); |
526 EXPECT_EQ(expect_max_age, max_age); | 526 EXPECT_EQ(expect_max_age, max_age); |
527 EXPECT_FALSE(include_subdomains); | 527 EXPECT_FALSE(include_subdomains); |
528 | 528 |
529 EXPECT_TRUE(ParseAsHPKPHeader( | 529 EXPECT_TRUE(ParseAsHPKPHeader( |
530 "max-age=39408299 ;" + backup_pin + ";" + good_pin + "; ", chain_hashes, | 530 "max-age=39408299 ;" + backup_pin + ";" + good_pin + "; ", chain_hashes, |
531 &max_age, &include_subdomains, &hashes, &report_uri)); | 531 &max_age, &include_subdomains, &hashes, &report_uri)); |
532 expect_max_age = base::TimeDelta::FromSeconds( | 532 expect_max_age = base::TimeDelta::FromSeconds( |
533 std::min(kMaxHSTSAgeSecs, static_cast<int64>(INT64_C(39408299)))); | 533 std::min(kMaxHSTSAgeSecs, static_cast<int64_t>(INT64_C(39408299)))); |
534 EXPECT_EQ(expect_max_age, max_age); | 534 EXPECT_EQ(expect_max_age, max_age); |
535 EXPECT_FALSE(include_subdomains); | 535 EXPECT_FALSE(include_subdomains); |
536 | 536 |
537 EXPECT_TRUE(ParseAsHPKPHeader( | 537 EXPECT_TRUE(ParseAsHPKPHeader( |
538 "max-age=39408038 ; cybers=39408038 ; includeSubdomains; " + | 538 "max-age=39408038 ; cybers=39408038 ; includeSubdomains; " + |
539 good_pin + ";" + backup_pin + "; ", | 539 good_pin + ";" + backup_pin + "; ", |
540 chain_hashes, &max_age, &include_subdomains, &hashes, &report_uri)); | 540 chain_hashes, &max_age, &include_subdomains, &hashes, &report_uri)); |
541 expect_max_age = base::TimeDelta::FromSeconds( | 541 expect_max_age = base::TimeDelta::FromSeconds( |
542 std::min(kMaxHSTSAgeSecs, static_cast<int64>(INT64_C(394082038)))); | 542 std::min(kMaxHSTSAgeSecs, static_cast<int64_t>(INT64_C(394082038)))); |
543 EXPECT_EQ(expect_max_age, max_age); | 543 EXPECT_EQ(expect_max_age, max_age); |
544 EXPECT_TRUE(include_subdomains); | 544 EXPECT_TRUE(include_subdomains); |
545 | 545 |
546 EXPECT_TRUE(ParseAsHPKPHeader( | 546 EXPECT_TRUE(ParseAsHPKPHeader( |
547 " max-age=0 ; " + good_pin + ";" + backup_pin, chain_hashes, &max_age, | 547 " max-age=0 ; " + good_pin + ";" + backup_pin, chain_hashes, &max_age, |
548 &include_subdomains, &hashes, &report_uri)); | 548 &include_subdomains, &hashes, &report_uri)); |
549 expect_max_age = base::TimeDelta::FromSeconds(0); | 549 expect_max_age = base::TimeDelta::FromSeconds(0); |
550 EXPECT_EQ(expect_max_age, max_age); | 550 EXPECT_EQ(expect_max_age, max_age); |
551 EXPECT_FALSE(include_subdomains); | 551 EXPECT_FALSE(include_subdomains); |
552 | 552 |
(...skipping 347 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
900 ssl_info)); | 900 ssl_info)); |
901 | 901 |
902 // The old pins must still exist. | 902 // The old pins must still exist. |
903 EXPECT_TRUE(state.HasPublicKeyPins("example.com")); | 903 EXPECT_TRUE(state.HasPublicKeyPins("example.com")); |
904 EXPECT_TRUE(state.CheckPublicKeyPins( | 904 EXPECT_TRUE(state.CheckPublicKeyPins( |
905 domain_port, is_issued_by_known_root, ssl_info.public_key_hashes, nullptr, | 905 domain_port, is_issued_by_known_root, ssl_info.public_key_hashes, nullptr, |
906 nullptr, TransportSecurityState::DISABLE_PIN_REPORTS, &failure_log)); | 906 nullptr, TransportSecurityState::DISABLE_PIN_REPORTS, &failure_log)); |
907 } | 907 } |
908 | 908 |
909 }; // namespace net | 909 }; // namespace net |
OLD | NEW |