OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <stdint.h> | 5 #include <stdint.h> |
6 #include <algorithm> | 6 #include <algorithm> |
7 | 7 |
8 #include "base/base64.h" | 8 #include "base/base64.h" |
9 #include "base/strings/string_piece.h" | 9 #include "base/strings/string_piece.h" |
10 #include "crypto/sha2.h" | 10 #include "crypto/sha2.h" |
(...skipping 512 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
523 "max-age=394082;" + backup_pin + ";" + good_pin + "; ", chain_hashes, | 523 "max-age=394082;" + backup_pin + ";" + good_pin + "; ", chain_hashes, |
524 &max_age, &include_subdomains, &hashes, &report_uri)); | 524 &max_age, &include_subdomains, &hashes, &report_uri)); |
525 expect_max_age = base::TimeDelta::FromSeconds(394082); | 525 expect_max_age = base::TimeDelta::FromSeconds(394082); |
526 EXPECT_EQ(expect_max_age, max_age); | 526 EXPECT_EQ(expect_max_age, max_age); |
527 EXPECT_FALSE(include_subdomains); | 527 EXPECT_FALSE(include_subdomains); |
528 | 528 |
529 EXPECT_TRUE(ParseAsHPKPHeader( | 529 EXPECT_TRUE(ParseAsHPKPHeader( |
530 "max-age=39408299 ;" + backup_pin + ";" + good_pin + "; ", chain_hashes, | 530 "max-age=39408299 ;" + backup_pin + ";" + good_pin + "; ", chain_hashes, |
531 &max_age, &include_subdomains, &hashes, &report_uri)); | 531 &max_age, &include_subdomains, &hashes, &report_uri)); |
532 expect_max_age = base::TimeDelta::FromSeconds( | 532 expect_max_age = base::TimeDelta::FromSeconds( |
533 std::min(kMaxHSTSAgeSecs, static_cast<int64_t>(INT64_C(39408299)))); | 533 std::min(kMaxHPKPAgeSecs, static_cast<int64_t>(INT64_C(39408299)))); |
534 EXPECT_EQ(expect_max_age, max_age); | 534 EXPECT_EQ(expect_max_age, max_age); |
535 EXPECT_FALSE(include_subdomains); | 535 EXPECT_FALSE(include_subdomains); |
536 | 536 |
537 EXPECT_TRUE(ParseAsHPKPHeader( | 537 EXPECT_TRUE(ParseAsHPKPHeader( |
538 "max-age=39408038 ; cybers=39408038 ; includeSubdomains; " + | 538 "max-age=39408038 ; cybers=39408038 ; includeSubdomains; " + |
539 good_pin + ";" + backup_pin + "; ", | 539 good_pin + ";" + backup_pin + "; ", |
540 chain_hashes, &max_age, &include_subdomains, &hashes, &report_uri)); | 540 chain_hashes, &max_age, &include_subdomains, &hashes, &report_uri)); |
541 expect_max_age = base::TimeDelta::FromSeconds( | 541 expect_max_age = base::TimeDelta::FromSeconds( |
542 std::min(kMaxHSTSAgeSecs, static_cast<int64_t>(INT64_C(394082038)))); | 542 std::min(kMaxHPKPAgeSecs, static_cast<int64_t>(INT64_C(394082038)))); |
543 EXPECT_EQ(expect_max_age, max_age); | 543 EXPECT_EQ(expect_max_age, max_age); |
544 EXPECT_TRUE(include_subdomains); | 544 EXPECT_TRUE(include_subdomains); |
545 | 545 |
546 EXPECT_TRUE(ParseAsHPKPHeader( | 546 EXPECT_TRUE(ParseAsHPKPHeader( |
547 " max-age=0 ; " + good_pin + ";" + backup_pin, chain_hashes, &max_age, | 547 " max-age=0 ; " + good_pin + ";" + backup_pin, chain_hashes, &max_age, |
548 &include_subdomains, &hashes, &report_uri)); | 548 &include_subdomains, &hashes, &report_uri)); |
549 expect_max_age = base::TimeDelta::FromSeconds(0); | 549 expect_max_age = base::TimeDelta::FromSeconds(0); |
550 EXPECT_EQ(expect_max_age, max_age); | 550 EXPECT_EQ(expect_max_age, max_age); |
551 EXPECT_FALSE(include_subdomains); | 551 EXPECT_FALSE(include_subdomains); |
552 | 552 |
553 EXPECT_TRUE(ParseAsHPKPHeader( | 553 EXPECT_TRUE(ParseAsHPKPHeader( |
554 " max-age=0 ; includeSubdomains; " + good_pin + ";" + backup_pin, | 554 " max-age=0 ; includeSubdomains; " + good_pin + ";" + backup_pin, |
555 chain_hashes, &max_age, &include_subdomains, &hashes, &report_uri)); | 555 chain_hashes, &max_age, &include_subdomains, &hashes, &report_uri)); |
556 expect_max_age = base::TimeDelta::FromSeconds(0); | 556 expect_max_age = base::TimeDelta::FromSeconds(0); |
557 EXPECT_EQ(expect_max_age, max_age); | 557 EXPECT_EQ(expect_max_age, max_age); |
558 EXPECT_TRUE(include_subdomains); | 558 EXPECT_TRUE(include_subdomains); |
559 | 559 |
560 EXPECT_TRUE(ParseAsHPKPHeader( | 560 EXPECT_TRUE(ParseAsHPKPHeader( |
561 " max-age=999999999999999999999999999999999999999999999 ; " + | 561 " max-age=999999999999999999999999999999999999999999999 ; " + |
562 backup_pin + ";" + good_pin + "; ", | 562 backup_pin + ";" + good_pin + "; ", |
563 chain_hashes, &max_age, &include_subdomains, &hashes, &report_uri)); | 563 chain_hashes, &max_age, &include_subdomains, &hashes, &report_uri)); |
564 expect_max_age = base::TimeDelta::FromSeconds(kMaxHSTSAgeSecs); | 564 expect_max_age = base::TimeDelta::FromSeconds(kMaxHPKPAgeSecs); |
565 EXPECT_EQ(expect_max_age, max_age); | 565 EXPECT_EQ(expect_max_age, max_age); |
566 EXPECT_FALSE(include_subdomains); | 566 EXPECT_FALSE(include_subdomains); |
567 | 567 |
568 EXPECT_TRUE(ParseAsHPKPHeader( | 568 EXPECT_TRUE(ParseAsHPKPHeader( |
569 " max-age=999999999999999999999999999999999999999999999 ; " + | 569 " max-age=999999999999999999999999999999999999999999999 ; " + |
570 backup_pin + ";" + good_pin + | 570 backup_pin + ";" + good_pin + |
571 "; report-uri=\"http://example.test/foo\"", | 571 "; report-uri=\"http://example.test/foo\"", |
572 chain_hashes, &max_age, &include_subdomains, &hashes, &report_uri)); | 572 chain_hashes, &max_age, &include_subdomains, &hashes, &report_uri)); |
573 expect_max_age = base::TimeDelta::FromSeconds(kMaxHSTSAgeSecs); | 573 expect_max_age = base::TimeDelta::FromSeconds(kMaxHPKPAgeSecs); |
574 expect_report_uri = GURL("http://example.test/foo"); | 574 expect_report_uri = GURL("http://example.test/foo"); |
575 EXPECT_EQ(expect_max_age, max_age); | 575 EXPECT_EQ(expect_max_age, max_age); |
576 EXPECT_FALSE(include_subdomains); | 576 EXPECT_FALSE(include_subdomains); |
577 EXPECT_EQ(expect_report_uri, report_uri); | 577 EXPECT_EQ(expect_report_uri, report_uri); |
578 | 578 |
579 // Test that parsing a different header resets the hashes. | 579 // Test that parsing a different header resets the hashes. |
580 hashes.clear(); | 580 hashes.clear(); |
581 EXPECT_TRUE(ParseAsHPKPHeader( | 581 EXPECT_TRUE(ParseAsHPKPHeader( |
582 " max-age=999; " + backup_pin + ";" + good_pin + "; ", chain_hashes, | 582 " max-age=999; " + backup_pin + ";" + good_pin + "; ", chain_hashes, |
583 &max_age, &include_subdomains, &hashes, &report_uri)); | 583 &max_age, &include_subdomains, &hashes, &report_uri)); |
(...skipping 316 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
900 ssl_info)); | 900 ssl_info)); |
901 | 901 |
902 // The old pins must still exist. | 902 // The old pins must still exist. |
903 EXPECT_TRUE(state.HasPublicKeyPins("example.com")); | 903 EXPECT_TRUE(state.HasPublicKeyPins("example.com")); |
904 EXPECT_TRUE(state.CheckPublicKeyPins( | 904 EXPECT_TRUE(state.CheckPublicKeyPins( |
905 domain_port, is_issued_by_known_root, ssl_info.public_key_hashes, nullptr, | 905 domain_port, is_issued_by_known_root, ssl_info.public_key_hashes, nullptr, |
906 nullptr, TransportSecurityState::DISABLE_PIN_REPORTS, &failure_log)); | 906 nullptr, TransportSecurityState::DISABLE_PIN_REPORTS, &failure_log)); |
907 } | 907 } |
908 | 908 |
909 }; // namespace net | 909 }; // namespace net |
OLD | NEW |