Index: net/url_request/url_request_unittest.cc |
diff --git a/net/url_request/url_request_unittest.cc b/net/url_request/url_request_unittest.cc |
index 0fce7f0ca3762f56fd719892e0daa2039daad276..0d9558fe532a14150a4c524edda958f8a1a6b249 100644 |
--- a/net/url_request/url_request_unittest.cc |
+++ b/net/url_request/url_request_unittest.cc |
@@ -6216,6 +6216,52 @@ TEST_F(URLRequestTestHTTP, PKPNotProcessedOnIP) { |
security_state->GetDynamicPKPState(test_server_hostname, &pkp_state)); |
} |
+TEST_F(URLRequestTestHTTP, PKPBypassRecorded) { |
+ EmbeddedTestServer https_test_server(net::EmbeddedTestServer::TYPE_HTTPS); |
+ https_test_server.SetSSLConfig( |
+ net::EmbeddedTestServer::CERT_COMMON_NAME_IS_DOMAIN); |
+ https_test_server.ServeFilesFromSourceDirectory( |
+ base::FilePath(kTestFilePath)); |
+ ASSERT_TRUE(https_test_server.Start()); |
+ |
+ // Set up a MockCertVerifier to be a local root that violates the pin |
+ scoped_refptr<X509Certificate> cert = https_test_server.GetCertificate(); |
+ ASSERT_TRUE(cert); |
+ |
+ MockCertVerifier cert_verifier; |
+ CertVerifyResult verify_result; |
+ verify_result.verified_cert = cert; |
+ verify_result.is_issued_by_known_root = false; |
+ verify_result.pkp_bypassed = true; |
+ HashValue hash; |
+ ASSERT_TRUE( |
+ hash.FromString("sha256/1111111111111111111111111111111111111111111=")); |
+ verify_result.public_key_hashes.push_back(hash); |
+ cert_verifier.AddResultForCert(cert.get(), verify_result, OK); |
+ cert_verifier.set_default_result(OK); |
+ |
+ TestNetworkDelegate network_delegate; |
+ TransportSecurityState security_state; |
+ TestURLRequestContext context(true); |
+ context.set_transport_security_state(&security_state); |
+ context.set_network_delegate(&network_delegate); |
+ context.set_cert_verifier(&cert_verifier); |
+ context.Init(); |
+ |
+ TestDelegate d; |
+ std::unique_ptr<URLRequest> request(context.CreateRequest( |
+ https_test_server.GetURL("/hpkp-headers.html"), DEFAULT_PRIORITY, &d)); |
+ request->Start(); |
+ base::RunLoop().Run(); |
+ |
+ std::string test_server_hostname = https_test_server.GetURL("/").host(); |
+ |
+ TransportSecurityState::PKPState pkp_state; |
+ EXPECT_FALSE( |
+ security_state.GetDynamicPKPState(test_server_hostname, &pkp_state)); |
+ EXPECT_TRUE(request->ssl_info().pkp_bypassed); |
+} |
+ |
TEST_F(URLRequestTestHTTP, ProcessSTSOnce) { |
EmbeddedTestServer https_test_server(net::EmbeddedTestServer::TYPE_HTTPS); |
https_test_server.SetSSLConfig( |