| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/http/transport_security_state.h" | 5 #include "net/http/transport_security_state.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 #include <string> | 8 #include <string> |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| (...skipping 1252 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1263 state.SetReportSender(&mock_report_sender); | 1263 state.SetReportSender(&mock_report_sender); |
| 1264 | 1264 |
| 1265 const base::Time current_time = base::Time::Now(); | 1265 const base::Time current_time = base::Time::Now(); |
| 1266 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); | 1266 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); |
| 1267 state.AddHPKP(kHost, expiry, true, good_hashes, report_uri); | 1267 state.AddHPKP(kHost, expiry, true, good_hashes, report_uri); |
| 1268 | 1268 |
| 1269 EXPECT_EQ(GURL(), mock_report_sender.latest_report_uri()); | 1269 EXPECT_EQ(GURL(), mock_report_sender.latest_report_uri()); |
| 1270 EXPECT_EQ(std::string(), mock_report_sender.latest_report()); | 1270 EXPECT_EQ(std::string(), mock_report_sender.latest_report()); |
| 1271 | 1271 |
| 1272 std::string failure_log; | 1272 std::string failure_log; |
| 1273 EXPECT_FALSE(state.CheckPublicKeyPins( | 1273 EXPECT_EQ(TransportSecurityState::PKPStatus::VIOLATED, |
| 1274 host_port_pair, true, bad_hashes, cert1.get(), cert2.get(), | 1274 state.CheckPublicKeyPins( |
| 1275 TransportSecurityState::DISABLE_PIN_REPORTS, &failure_log)); | 1275 host_port_pair, true, bad_hashes, cert1.get(), cert2.get(), |
| 1276 TransportSecurityState::DISABLE_PIN_REPORTS, &failure_log)); |
| 1276 | 1277 |
| 1277 // No report should have been sent because of the DISABLE_PIN_REPORTS | 1278 // No report should have been sent because of the DISABLE_PIN_REPORTS |
| 1278 // argument. | 1279 // argument. |
| 1279 EXPECT_EQ(GURL(), mock_report_sender.latest_report_uri()); | 1280 EXPECT_EQ(GURL(), mock_report_sender.latest_report_uri()); |
| 1280 EXPECT_EQ(std::string(), mock_report_sender.latest_report()); | 1281 EXPECT_EQ(std::string(), mock_report_sender.latest_report()); |
| 1281 | 1282 |
| 1282 EXPECT_TRUE(state.CheckPublicKeyPins( | 1283 EXPECT_EQ(TransportSecurityState::PKPStatus::OK, |
| 1283 host_port_pair, true, good_hashes, cert1.get(), cert2.get(), | 1284 state.CheckPublicKeyPins( |
| 1284 TransportSecurityState::ENABLE_PIN_REPORTS, &failure_log)); | 1285 host_port_pair, true, good_hashes, cert1.get(), cert2.get(), |
| 1286 TransportSecurityState::ENABLE_PIN_REPORTS, &failure_log)); |
| 1285 | 1287 |
| 1286 // No report should have been sent because there was no violation. | 1288 // No report should have been sent because there was no violation. |
| 1287 EXPECT_EQ(GURL(), mock_report_sender.latest_report_uri()); | 1289 EXPECT_EQ(GURL(), mock_report_sender.latest_report_uri()); |
| 1288 EXPECT_EQ(std::string(), mock_report_sender.latest_report()); | 1290 EXPECT_EQ(std::string(), mock_report_sender.latest_report()); |
| 1289 | 1291 |
| 1290 EXPECT_FALSE(state.CheckPublicKeyPins( | 1292 EXPECT_EQ(TransportSecurityState::PKPStatus::BYPASSED, |
| 1291 host_port_pair, false, bad_hashes, cert1.get(), cert2.get(), | 1293 state.CheckPublicKeyPins( |
| 1292 TransportSecurityState::ENABLE_PIN_REPORTS, &failure_log)); | 1294 host_port_pair, false, bad_hashes, cert1.get(), cert2.get(), |
| 1295 TransportSecurityState::ENABLE_PIN_REPORTS, &failure_log)); |
| 1293 | 1296 |
| 1294 // No report should have been sent because the certificate chained to a | 1297 // No report should have been sent because the certificate chained to a |
| 1295 // non-public root. | 1298 // non-public root. |
| 1296 EXPECT_EQ(GURL(), mock_report_sender.latest_report_uri()); | 1299 EXPECT_EQ(GURL(), mock_report_sender.latest_report_uri()); |
| 1297 EXPECT_EQ(std::string(), mock_report_sender.latest_report()); | 1300 EXPECT_EQ(std::string(), mock_report_sender.latest_report()); |
| 1298 | 1301 |
| 1299 EXPECT_TRUE(state.CheckPublicKeyPins( | 1302 EXPECT_EQ(TransportSecurityState::PKPStatus::OK, |
| 1300 host_port_pair, false, good_hashes, cert1.get(), cert2.get(), | 1303 state.CheckPublicKeyPins( |
| 1301 TransportSecurityState::ENABLE_PIN_REPORTS, &failure_log)); | 1304 host_port_pair, false, good_hashes, cert1.get(), cert2.get(), |
| 1305 TransportSecurityState::ENABLE_PIN_REPORTS, &failure_log)); |
| 1302 | 1306 |
| 1303 // No report should have been sent because there was no violation, even though | 1307 // No report should have been sent because there was no violation, even though |
| 1304 // the certificate chained to a local trust anchor. | 1308 // the certificate chained to a local trust anchor. |
| 1305 EXPECT_EQ(GURL(), mock_report_sender.latest_report_uri()); | 1309 EXPECT_EQ(GURL(), mock_report_sender.latest_report_uri()); |
| 1306 EXPECT_EQ(std::string(), mock_report_sender.latest_report()); | 1310 EXPECT_EQ(std::string(), mock_report_sender.latest_report()); |
| 1307 | 1311 |
| 1308 EXPECT_FALSE(state.CheckPublicKeyPins( | 1312 EXPECT_EQ(TransportSecurityState::PKPStatus::VIOLATED, |
| 1309 host_port_pair, true, bad_hashes, cert1.get(), cert2.get(), | 1313 state.CheckPublicKeyPins( |
| 1310 TransportSecurityState::ENABLE_PIN_REPORTS, &failure_log)); | 1314 host_port_pair, true, bad_hashes, cert1.get(), cert2.get(), |
| 1315 TransportSecurityState::ENABLE_PIN_REPORTS, &failure_log)); |
| 1311 | 1316 |
| 1312 // Now a report should have been sent. Check that it contains the | 1317 // Now a report should have been sent. Check that it contains the |
| 1313 // right information. | 1318 // right information. |
| 1314 EXPECT_EQ(report_uri, mock_report_sender.latest_report_uri()); | 1319 EXPECT_EQ(report_uri, mock_report_sender.latest_report_uri()); |
| 1315 std::string report = mock_report_sender.latest_report(); | 1320 std::string report = mock_report_sender.latest_report(); |
| 1316 ASSERT_FALSE(report.empty()); | 1321 ASSERT_FALSE(report.empty()); |
| 1317 ASSERT_NO_FATAL_FAILURE(CheckHPKPReport(report, host_port_pair, true, kHost, | 1322 ASSERT_NO_FATAL_FAILURE(CheckHPKPReport(report, host_port_pair, true, kHost, |
| 1318 cert1.get(), cert2.get(), | 1323 cert1.get(), cert2.get(), |
| 1319 good_hashes)); | 1324 good_hashes)); |
| 1320 mock_report_sender.Clear(); | 1325 mock_report_sender.Clear(); |
| 1321 EXPECT_FALSE(state.CheckPublicKeyPins( | 1326 EXPECT_EQ(TransportSecurityState::PKPStatus::VIOLATED, |
| 1322 subdomain_host_port_pair, true, bad_hashes, cert1.get(), cert2.get(), | 1327 state.CheckPublicKeyPins(subdomain_host_port_pair, true, bad_hashes, |
| 1323 TransportSecurityState::ENABLE_PIN_REPORTS, &failure_log)); | 1328 cert1.get(), cert2.get(), |
| 1329 TransportSecurityState::ENABLE_PIN_REPORTS, |
| 1330 &failure_log)); |
| 1324 | 1331 |
| 1325 // Now a report should have been sent for the subdomain. Check that it | 1332 // Now a report should have been sent for the subdomain. Check that it |
| 1326 // contains the right information. | 1333 // contains the right information. |
| 1327 EXPECT_EQ(report_uri, mock_report_sender.latest_report_uri()); | 1334 EXPECT_EQ(report_uri, mock_report_sender.latest_report_uri()); |
| 1328 report = mock_report_sender.latest_report(); | 1335 report = mock_report_sender.latest_report(); |
| 1329 ASSERT_FALSE(report.empty()); | 1336 ASSERT_FALSE(report.empty()); |
| 1330 ASSERT_NO_FATAL_FAILURE(CheckHPKPReport(report, subdomain_host_port_pair, | 1337 ASSERT_NO_FATAL_FAILURE(CheckHPKPReport(report, subdomain_host_port_pair, |
| 1331 true, kHost, cert1.get(), cert2.get(), | 1338 true, kHost, cert1.get(), cert2.get(), |
| 1332 good_hashes)); | 1339 good_hashes)); |
| 1333 } | 1340 } |
| (...skipping 26 matching lines...) Expand all Loading... |
| 1360 | 1367 |
| 1361 TransportSecurityState state; | 1368 TransportSecurityState state; |
| 1362 MockFailingCertificateReportSender mock_report_sender; | 1369 MockFailingCertificateReportSender mock_report_sender; |
| 1363 state.SetReportSender(&mock_report_sender); | 1370 state.SetReportSender(&mock_report_sender); |
| 1364 | 1371 |
| 1365 const base::Time current_time = base::Time::Now(); | 1372 const base::Time current_time = base::Time::Now(); |
| 1366 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); | 1373 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); |
| 1367 state.AddHPKP(kHost, expiry, true, good_hashes, report_uri); | 1374 state.AddHPKP(kHost, expiry, true, good_hashes, report_uri); |
| 1368 | 1375 |
| 1369 std::string failure_log; | 1376 std::string failure_log; |
| 1370 EXPECT_FALSE(state.CheckPublicKeyPins( | 1377 EXPECT_EQ(TransportSecurityState::PKPStatus::VIOLATED, |
| 1371 host_port_pair, true, bad_hashes, cert1.get(), cert2.get(), | 1378 state.CheckPublicKeyPins( |
| 1372 TransportSecurityState::ENABLE_PIN_REPORTS, &failure_log)); | 1379 host_port_pair, true, bad_hashes, cert1.get(), cert2.get(), |
| 1380 TransportSecurityState::ENABLE_PIN_REPORTS, &failure_log)); |
| 1373 | 1381 |
| 1374 // Check that the UMA histogram was updated when the report failed to | 1382 // Check that the UMA histogram was updated when the report failed to |
| 1375 // send. | 1383 // send. |
| 1376 histograms.ExpectTotalCount(histogram_name, 1); | 1384 histograms.ExpectTotalCount(histogram_name, 1); |
| 1377 histograms.ExpectBucketCount(histogram_name, mock_report_sender.net_error(), | 1385 histograms.ExpectBucketCount(histogram_name, mock_report_sender.net_error(), |
| 1378 1); | 1386 1); |
| 1379 } | 1387 } |
| 1380 | 1388 |
| 1381 TEST_F(TransportSecurityStateTest, HPKPReportOnly) { | 1389 TEST_F(TransportSecurityStateTest, HPKPReportOnly) { |
| 1382 HostPortPair host_port_pair(kHost, kPort); | 1390 HostPortPair host_port_pair(kHost, kPort); |
| (...skipping 163 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1546 ImportCertFromFile(GetTestCertsDirectory(), "expired_cert.pem"); | 1554 ImportCertFromFile(GetTestCertsDirectory(), "expired_cert.pem"); |
| 1547 ASSERT_TRUE(cert1); | 1555 ASSERT_TRUE(cert1); |
| 1548 ASSERT_TRUE(cert2); | 1556 ASSERT_TRUE(cert2); |
| 1549 | 1557 |
| 1550 HashValueVector bad_hashes; | 1558 HashValueVector bad_hashes; |
| 1551 for (size_t i = 0; kBadPath[i]; i++) | 1559 for (size_t i = 0; kBadPath[i]; i++) |
| 1552 EXPECT_TRUE(AddHash(kBadPath[i], &bad_hashes)); | 1560 EXPECT_TRUE(AddHash(kBadPath[i], &bad_hashes)); |
| 1553 | 1561 |
| 1554 // Trigger a violation and check that it sends a report. | 1562 // Trigger a violation and check that it sends a report. |
| 1555 std::string failure_log; | 1563 std::string failure_log; |
| 1556 EXPECT_FALSE(state.CheckPublicKeyPins( | 1564 EXPECT_EQ(TransportSecurityState::PKPStatus::VIOLATED, |
| 1557 host_port_pair, true, bad_hashes, cert1.get(), cert2.get(), | 1565 state.CheckPublicKeyPins( |
| 1558 TransportSecurityState::ENABLE_PIN_REPORTS, &failure_log)); | 1566 host_port_pair, true, bad_hashes, cert1.get(), cert2.get(), |
| 1567 TransportSecurityState::ENABLE_PIN_REPORTS, &failure_log)); |
| 1559 | 1568 |
| 1560 EXPECT_EQ(report_uri, mock_report_sender.latest_report_uri()); | 1569 EXPECT_EQ(report_uri, mock_report_sender.latest_report_uri()); |
| 1561 | 1570 |
| 1562 std::string report = mock_report_sender.latest_report(); | 1571 std::string report = mock_report_sender.latest_report(); |
| 1563 ASSERT_FALSE(report.empty()); | 1572 ASSERT_FALSE(report.empty()); |
| 1564 ASSERT_NO_FATAL_FAILURE(CheckHPKPReport( | 1573 ASSERT_NO_FATAL_FAILURE(CheckHPKPReport( |
| 1565 report, host_port_pair, pkp_state.include_subdomains, pkp_state.domain, | 1574 report, host_port_pair, pkp_state.include_subdomains, pkp_state.domain, |
| 1566 cert1.get(), cert2.get(), pkp_state.spki_hashes)); | 1575 cert1.get(), cert2.get(), pkp_state.spki_hashes)); |
| 1567 } | 1576 } |
| 1568 | 1577 |
| (...skipping 25 matching lines...) Expand all Loading... |
| 1594 | 1603 |
| 1595 HashValueVector bad_hashes; | 1604 HashValueVector bad_hashes; |
| 1596 for (size_t i = 0; kBadPath[i]; i++) | 1605 for (size_t i = 0; kBadPath[i]; i++) |
| 1597 EXPECT_TRUE(AddHash(kBadPath[i], &bad_hashes)); | 1606 EXPECT_TRUE(AddHash(kBadPath[i], &bad_hashes)); |
| 1598 | 1607 |
| 1599 state.AddHPKP(kHost, expiry, true, good_hashes, https_report_uri); | 1608 state.AddHPKP(kHost, expiry, true, good_hashes, https_report_uri); |
| 1600 | 1609 |
| 1601 // Trigger a violation and check that it does not send a report | 1610 // Trigger a violation and check that it does not send a report |
| 1602 // because the report-uri is HTTPS and same-host as the pins. | 1611 // because the report-uri is HTTPS and same-host as the pins. |
| 1603 std::string failure_log; | 1612 std::string failure_log; |
| 1604 EXPECT_FALSE(state.CheckPublicKeyPins( | 1613 EXPECT_EQ(TransportSecurityState::PKPStatus::VIOLATED, |
| 1605 host_port_pair, true, bad_hashes, cert1.get(), cert2.get(), | 1614 state.CheckPublicKeyPins( |
| 1606 TransportSecurityState::ENABLE_PIN_REPORTS, &failure_log)); | 1615 host_port_pair, true, bad_hashes, cert1.get(), cert2.get(), |
| 1616 TransportSecurityState::ENABLE_PIN_REPORTS, &failure_log)); |
| 1607 | 1617 |
| 1608 EXPECT_TRUE(mock_report_sender.latest_report_uri().is_empty()); | 1618 EXPECT_TRUE(mock_report_sender.latest_report_uri().is_empty()); |
| 1609 | 1619 |
| 1610 // An HTTP report uri to the same host should be okay. | 1620 // An HTTP report uri to the same host should be okay. |
| 1611 state.AddHPKP("example.test", expiry, true, good_hashes, http_report_uri); | 1621 state.AddHPKP("example.test", expiry, true, good_hashes, http_report_uri); |
| 1612 EXPECT_FALSE(state.CheckPublicKeyPins( | 1622 EXPECT_EQ(TransportSecurityState::PKPStatus::VIOLATED, |
| 1613 host_port_pair, true, bad_hashes, cert1.get(), cert2.get(), | 1623 state.CheckPublicKeyPins( |
| 1614 TransportSecurityState::ENABLE_PIN_REPORTS, &failure_log)); | 1624 host_port_pair, true, bad_hashes, cert1.get(), cert2.get(), |
| 1625 TransportSecurityState::ENABLE_PIN_REPORTS, &failure_log)); |
| 1615 | 1626 |
| 1616 EXPECT_EQ(http_report_uri, mock_report_sender.latest_report_uri()); | 1627 EXPECT_EQ(http_report_uri, mock_report_sender.latest_report_uri()); |
| 1617 } | 1628 } |
| 1618 | 1629 |
| 1619 // Tests that redundant reports are rate-limited. | 1630 // Tests that redundant reports are rate-limited. |
| 1620 TEST_F(TransportSecurityStateTest, HPKPReportRateLimiting) { | 1631 TEST_F(TransportSecurityStateTest, HPKPReportRateLimiting) { |
| 1621 HostPortPair host_port_pair(kHost, kPort); | 1632 HostPortPair host_port_pair(kHost, kPort); |
| 1622 HostPortPair subdomain_host_port_pair(kSubdomain, kPort); | 1633 HostPortPair subdomain_host_port_pair(kSubdomain, kPort); |
| 1623 GURL report_uri(kReportUri); | 1634 GURL report_uri(kReportUri); |
| 1624 // Two dummy certs to use as the server-sent and validated chains. The | 1635 // Two dummy certs to use as the server-sent and validated chains. The |
| (...skipping 17 matching lines...) Expand all Loading... |
| 1642 state.SetReportSender(&mock_report_sender); | 1653 state.SetReportSender(&mock_report_sender); |
| 1643 | 1654 |
| 1644 const base::Time current_time = base::Time::Now(); | 1655 const base::Time current_time = base::Time::Now(); |
| 1645 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); | 1656 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); |
| 1646 state.AddHPKP(kHost, expiry, true, good_hashes, report_uri); | 1657 state.AddHPKP(kHost, expiry, true, good_hashes, report_uri); |
| 1647 | 1658 |
| 1648 EXPECT_EQ(GURL(), mock_report_sender.latest_report_uri()); | 1659 EXPECT_EQ(GURL(), mock_report_sender.latest_report_uri()); |
| 1649 EXPECT_EQ(std::string(), mock_report_sender.latest_report()); | 1660 EXPECT_EQ(std::string(), mock_report_sender.latest_report()); |
| 1650 | 1661 |
| 1651 std::string failure_log; | 1662 std::string failure_log; |
| 1652 EXPECT_FALSE(state.CheckPublicKeyPins( | 1663 EXPECT_EQ(TransportSecurityState::PKPStatus::VIOLATED, |
| 1653 host_port_pair, true, bad_hashes, cert1.get(), cert2.get(), | 1664 state.CheckPublicKeyPins( |
| 1654 TransportSecurityState::ENABLE_PIN_REPORTS, &failure_log)); | 1665 host_port_pair, true, bad_hashes, cert1.get(), cert2.get(), |
| 1666 TransportSecurityState::ENABLE_PIN_REPORTS, &failure_log)); |
| 1655 | 1667 |
| 1656 // A report should have been sent. Check that it contains the | 1668 // A report should have been sent. Check that it contains the |
| 1657 // right information. | 1669 // right information. |
| 1658 EXPECT_EQ(report_uri, mock_report_sender.latest_report_uri()); | 1670 EXPECT_EQ(report_uri, mock_report_sender.latest_report_uri()); |
| 1659 std::string report = mock_report_sender.latest_report(); | 1671 std::string report = mock_report_sender.latest_report(); |
| 1660 ASSERT_FALSE(report.empty()); | 1672 ASSERT_FALSE(report.empty()); |
| 1661 ASSERT_NO_FATAL_FAILURE(CheckHPKPReport(report, host_port_pair, true, kHost, | 1673 ASSERT_NO_FATAL_FAILURE(CheckHPKPReport(report, host_port_pair, true, kHost, |
| 1662 cert1.get(), cert2.get(), | 1674 cert1.get(), cert2.get(), |
| 1663 good_hashes)); | 1675 good_hashes)); |
| 1664 mock_report_sender.Clear(); | 1676 mock_report_sender.Clear(); |
| 1665 | 1677 |
| 1666 // Now trigger the same violation; a duplicative report should not be | 1678 // Now trigger the same violation; a duplicative report should not be |
| 1667 // sent. | 1679 // sent. |
| 1668 EXPECT_FALSE(state.CheckPublicKeyPins( | 1680 EXPECT_EQ(TransportSecurityState::PKPStatus::VIOLATED, |
| 1669 host_port_pair, true, bad_hashes, cert1.get(), cert2.get(), | 1681 state.CheckPublicKeyPins( |
| 1670 TransportSecurityState::ENABLE_PIN_REPORTS, &failure_log)); | 1682 host_port_pair, true, bad_hashes, cert1.get(), cert2.get(), |
| 1683 TransportSecurityState::ENABLE_PIN_REPORTS, &failure_log)); |
| 1671 EXPECT_EQ(GURL(), mock_report_sender.latest_report_uri()); | 1684 EXPECT_EQ(GURL(), mock_report_sender.latest_report_uri()); |
| 1672 EXPECT_EQ(std::string(), mock_report_sender.latest_report()); | 1685 EXPECT_EQ(std::string(), mock_report_sender.latest_report()); |
| 1673 | 1686 |
| 1674 // Trigger the same violation but with a different report-uri: it | 1687 // Trigger the same violation but with a different report-uri: it |
| 1675 // should be sent. | 1688 // should be sent. |
| 1676 GURL report_uri2("http://report-example2.test/test"); | 1689 GURL report_uri2("http://report-example2.test/test"); |
| 1677 state.AddHPKP(kHost, expiry, true, good_hashes, report_uri2); | 1690 state.AddHPKP(kHost, expiry, true, good_hashes, report_uri2); |
| 1678 EXPECT_FALSE(state.CheckPublicKeyPins( | 1691 EXPECT_EQ(TransportSecurityState::PKPStatus::VIOLATED, |
| 1679 host_port_pair, true, bad_hashes, cert1.get(), cert2.get(), | 1692 state.CheckPublicKeyPins( |
| 1680 TransportSecurityState::ENABLE_PIN_REPORTS, &failure_log)); | 1693 host_port_pair, true, bad_hashes, cert1.get(), cert2.get(), |
| 1694 TransportSecurityState::ENABLE_PIN_REPORTS, &failure_log)); |
| 1681 EXPECT_EQ(report_uri2, mock_report_sender.latest_report_uri()); | 1695 EXPECT_EQ(report_uri2, mock_report_sender.latest_report_uri()); |
| 1682 report = mock_report_sender.latest_report(); | 1696 report = mock_report_sender.latest_report(); |
| 1683 ASSERT_FALSE(report.empty()); | 1697 ASSERT_FALSE(report.empty()); |
| 1684 ASSERT_NO_FATAL_FAILURE(CheckHPKPReport(report, host_port_pair, true, kHost, | 1698 ASSERT_NO_FATAL_FAILURE(CheckHPKPReport(report, host_port_pair, true, kHost, |
| 1685 cert1.get(), cert2.get(), | 1699 cert1.get(), cert2.get(), |
| 1686 good_hashes)); | 1700 good_hashes)); |
| 1687 mock_report_sender.Clear(); | 1701 mock_report_sender.Clear(); |
| 1688 } | 1702 } |
| 1689 | 1703 |
| 1690 // Tests that static (preloaded) expect CT state is read correctly. | 1704 // Tests that static (preloaded) expect CT state is read correctly. |
| (...skipping 172 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1863 EXPECT_EQ(1u, reporter.num_failures()); | 1877 EXPECT_EQ(1u, reporter.num_failures()); |
| 1864 EXPECT_TRUE(reporter.ssl_info().ct_compliance_details_available); | 1878 EXPECT_TRUE(reporter.ssl_info().ct_compliance_details_available); |
| 1865 EXPECT_EQ(ssl_info.ct_cert_policy_compliance, | 1879 EXPECT_EQ(ssl_info.ct_cert_policy_compliance, |
| 1866 reporter.ssl_info().ct_cert_policy_compliance); | 1880 reporter.ssl_info().ct_cert_policy_compliance); |
| 1867 EXPECT_EQ(host_port.host(), reporter.host_port_pair().host()); | 1881 EXPECT_EQ(host_port.host(), reporter.host_port_pair().host()); |
| 1868 EXPECT_EQ(host_port.port(), reporter.host_port_pair().port()); | 1882 EXPECT_EQ(host_port.port(), reporter.host_port_pair().port()); |
| 1869 EXPECT_EQ(GURL(kExpectCTStaticReportURI), reporter.report_uri()); | 1883 EXPECT_EQ(GURL(kExpectCTStaticReportURI), reporter.report_uri()); |
| 1870 } | 1884 } |
| 1871 | 1885 |
| 1872 } // namespace net | 1886 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2066603004:
Return enum from TransportSecurityState::CheckPublicKeyPins (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master