| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <stdint.h> | 5 #include <stdint.h> |
| 6 #include <algorithm> | 6 #include <algorithm> |
| 7 | 7 |
| 8 #include "base/base64.h" | 8 #include "base/base64.h" |
| 9 #include "base/strings/string_piece.h" | 9 #include "base/strings/string_piece.h" |
| 10 #include "crypto/sha2.h" | 10 #include "crypto/sha2.h" |
| (...skipping 512 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 523 "max-age=394082;" + backup_pin + ";" + good_pin + "; ", chain_hashes, | 523 "max-age=394082;" + backup_pin + ";" + good_pin + "; ", chain_hashes, |
| 524 &max_age, &include_subdomains, &hashes, &report_uri)); | 524 &max_age, &include_subdomains, &hashes, &report_uri)); |
| 525 expect_max_age = base::TimeDelta::FromSeconds(394082); | 525 expect_max_age = base::TimeDelta::FromSeconds(394082); |
| 526 EXPECT_EQ(expect_max_age, max_age); | 526 EXPECT_EQ(expect_max_age, max_age); |
| 527 EXPECT_FALSE(include_subdomains); | 527 EXPECT_FALSE(include_subdomains); |
| 528 | 528 |
| 529 EXPECT_TRUE(ParseAsHPKPHeader( | 529 EXPECT_TRUE(ParseAsHPKPHeader( |
| 530 "max-age=39408299 ;" + backup_pin + ";" + good_pin + "; ", chain_hashes, | 530 "max-age=39408299 ;" + backup_pin + ";" + good_pin + "; ", chain_hashes, |
| 531 &max_age, &include_subdomains, &hashes, &report_uri)); | 531 &max_age, &include_subdomains, &hashes, &report_uri)); |
| 532 expect_max_age = base::TimeDelta::FromSeconds( | 532 expect_max_age = base::TimeDelta::FromSeconds( |
| 533 std::min(kMaxHSTSAgeSecs, static_cast<int64_t>(INT64_C(39408299)))); | 533 std::min(kMaxHPKPAgeSecs, static_cast<int64_t>(INT64_C(39408299)))); |
| 534 EXPECT_EQ(expect_max_age, max_age); | 534 EXPECT_EQ(expect_max_age, max_age); |
| 535 EXPECT_FALSE(include_subdomains); | 535 EXPECT_FALSE(include_subdomains); |
| 536 | 536 |
| 537 EXPECT_TRUE(ParseAsHPKPHeader( | 537 EXPECT_TRUE(ParseAsHPKPHeader( |
| 538 "max-age=39408038 ; cybers=39408038 ; includeSubdomains; " + | 538 "max-age=39408038 ; cybers=39408038 ; includeSubdomains; " + |
| 539 good_pin + ";" + backup_pin + "; ", | 539 good_pin + ";" + backup_pin + "; ", |
| 540 chain_hashes, &max_age, &include_subdomains, &hashes, &report_uri)); | 540 chain_hashes, &max_age, &include_subdomains, &hashes, &report_uri)); |
| 541 expect_max_age = base::TimeDelta::FromSeconds( | 541 expect_max_age = base::TimeDelta::FromSeconds( |
| 542 std::min(kMaxHSTSAgeSecs, static_cast<int64_t>(INT64_C(394082038)))); | 542 std::min(kMaxHPKPAgeSecs, static_cast<int64_t>(INT64_C(394082038)))); |
| 543 EXPECT_EQ(expect_max_age, max_age); | 543 EXPECT_EQ(expect_max_age, max_age); |
| 544 EXPECT_TRUE(include_subdomains); | 544 EXPECT_TRUE(include_subdomains); |
| 545 | 545 |
| 546 EXPECT_TRUE(ParseAsHPKPHeader( | 546 EXPECT_TRUE(ParseAsHPKPHeader( |
| 547 " max-age=0 ; " + good_pin + ";" + backup_pin, chain_hashes, &max_age, | 547 " max-age=0 ; " + good_pin + ";" + backup_pin, chain_hashes, &max_age, |
| 548 &include_subdomains, &hashes, &report_uri)); | 548 &include_subdomains, &hashes, &report_uri)); |
| 549 expect_max_age = base::TimeDelta::FromSeconds(0); | 549 expect_max_age = base::TimeDelta::FromSeconds(0); |
| 550 EXPECT_EQ(expect_max_age, max_age); | 550 EXPECT_EQ(expect_max_age, max_age); |
| 551 EXPECT_FALSE(include_subdomains); | 551 EXPECT_FALSE(include_subdomains); |
| 552 | 552 |
| 553 EXPECT_TRUE(ParseAsHPKPHeader( | 553 EXPECT_TRUE(ParseAsHPKPHeader( |
| 554 " max-age=0 ; includeSubdomains; " + good_pin + ";" + backup_pin, | 554 " max-age=0 ; includeSubdomains; " + good_pin + ";" + backup_pin, |
| 555 chain_hashes, &max_age, &include_subdomains, &hashes, &report_uri)); | 555 chain_hashes, &max_age, &include_subdomains, &hashes, &report_uri)); |
| 556 expect_max_age = base::TimeDelta::FromSeconds(0); | 556 expect_max_age = base::TimeDelta::FromSeconds(0); |
| 557 EXPECT_EQ(expect_max_age, max_age); | 557 EXPECT_EQ(expect_max_age, max_age); |
| 558 EXPECT_TRUE(include_subdomains); | 558 EXPECT_TRUE(include_subdomains); |
| 559 | 559 |
| 560 EXPECT_TRUE(ParseAsHPKPHeader( | 560 EXPECT_TRUE(ParseAsHPKPHeader( |
| 561 " max-age=999999999999999999999999999999999999999999999 ; " + | 561 " max-age=999999999999999999999999999999999999999999999 ; " + |
| 562 backup_pin + ";" + good_pin + "; ", | 562 backup_pin + ";" + good_pin + "; ", |
| 563 chain_hashes, &max_age, &include_subdomains, &hashes, &report_uri)); | 563 chain_hashes, &max_age, &include_subdomains, &hashes, &report_uri)); |
| 564 expect_max_age = base::TimeDelta::FromSeconds(kMaxHSTSAgeSecs); | 564 expect_max_age = base::TimeDelta::FromSeconds(kMaxHPKPAgeSecs); |
| 565 EXPECT_EQ(expect_max_age, max_age); | 565 EXPECT_EQ(expect_max_age, max_age); |
| 566 EXPECT_FALSE(include_subdomains); | 566 EXPECT_FALSE(include_subdomains); |
| 567 | 567 |
| 568 EXPECT_TRUE(ParseAsHPKPHeader( | 568 EXPECT_TRUE(ParseAsHPKPHeader( |
| 569 " max-age=999999999999999999999999999999999999999999999 ; " + | 569 " max-age=999999999999999999999999999999999999999999999 ; " + |
| 570 backup_pin + ";" + good_pin + | 570 backup_pin + ";" + good_pin + |
| 571 "; report-uri=\"http://example.test/foo\"", | 571 "; report-uri=\"http://example.test/foo\"", |
| 572 chain_hashes, &max_age, &include_subdomains, &hashes, &report_uri)); | 572 chain_hashes, &max_age, &include_subdomains, &hashes, &report_uri)); |
| 573 expect_max_age = base::TimeDelta::FromSeconds(kMaxHSTSAgeSecs); | 573 expect_max_age = base::TimeDelta::FromSeconds(kMaxHPKPAgeSecs); |
| 574 expect_report_uri = GURL("http://example.test/foo"); | 574 expect_report_uri = GURL("http://example.test/foo"); |
| 575 EXPECT_EQ(expect_max_age, max_age); | 575 EXPECT_EQ(expect_max_age, max_age); |
| 576 EXPECT_FALSE(include_subdomains); | 576 EXPECT_FALSE(include_subdomains); |
| 577 EXPECT_EQ(expect_report_uri, report_uri); | 577 EXPECT_EQ(expect_report_uri, report_uri); |
| 578 | 578 |
| 579 // Test that parsing a different header resets the hashes. | 579 // Test that parsing a different header resets the hashes. |
| 580 hashes.clear(); | 580 hashes.clear(); |
| 581 EXPECT_TRUE(ParseAsHPKPHeader( | 581 EXPECT_TRUE(ParseAsHPKPHeader( |
| 582 " max-age=999; " + backup_pin + ";" + good_pin + "; ", chain_hashes, | 582 " max-age=999; " + backup_pin + ";" + good_pin + "; ", chain_hashes, |
| 583 &max_age, &include_subdomains, &hashes, &report_uri)); | 583 &max_age, &include_subdomains, &hashes, &report_uri)); |
| (...skipping 316 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 900 ssl_info)); | 900 ssl_info)); |
| 901 | 901 |
| 902 // The old pins must still exist. | 902 // The old pins must still exist. |
| 903 EXPECT_TRUE(state.HasPublicKeyPins("example.com")); | 903 EXPECT_TRUE(state.HasPublicKeyPins("example.com")); |
| 904 EXPECT_TRUE(state.CheckPublicKeyPins( | 904 EXPECT_TRUE(state.CheckPublicKeyPins( |
| 905 domain_port, is_issued_by_known_root, ssl_info.public_key_hashes, nullptr, | 905 domain_port, is_issued_by_known_root, ssl_info.public_key_hashes, nullptr, |
| 906 nullptr, TransportSecurityState::DISABLE_PIN_REPORTS, &failure_log)); | 906 nullptr, TransportSecurityState::DISABLE_PIN_REPORTS, &failure_log)); |
| 907 } | 907 } |
| 908 | 908 |
| 909 }; // namespace net | 909 }; // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1733973004:
Limit Public-Key-Pins max-age to 60 days (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master