| Index: net/http/http_security_headers_unittest.cc
|
| diff --git a/net/http/http_security_headers_unittest.cc b/net/http/http_security_headers_unittest.cc
|
| index 4c7bff32eb0e1cc2d136000a9ae9937c3e3e1aca..e4904dd1b5c1a2ae87b67966ba1e4af8916650d6 100644
|
| --- a/net/http/http_security_headers_unittest.cc
|
| +++ b/net/http/http_security_headers_unittest.cc
|
| @@ -710,9 +710,10 @@ TEST_F(HttpSecurityHeadersTest, UpdateDynamicPKPOnly) {
|
| std::string failure_log;
|
| const bool is_issued_by_known_root = true;
|
| HostPortPair domain_port(domain, 443);
|
| - EXPECT_TRUE(state.CheckPublicKeyPins(
|
| - domain_port, is_issued_by_known_root, hashes, nullptr, nullptr,
|
| - TransportSecurityState::DISABLE_PIN_REPORTS, &failure_log));
|
| + EXPECT_EQ(TransportSecurityState::PKPStatus::OK,
|
| + state.CheckPublicKeyPins(
|
| + domain_port, is_issued_by_known_root, hashes, nullptr, nullptr,
|
| + TransportSecurityState::DISABLE_PIN_REPORTS, &failure_log));
|
|
|
| TransportSecurityState::PKPState new_dynamic_pkp_state;
|
| EXPECT_TRUE(state.GetDynamicPKPState(domain, &new_dynamic_pkp_state));
|
| @@ -795,10 +796,11 @@ TEST_F(HttpSecurityHeadersTest, UpdateDynamicPKPMaxAge0) {
|
|
|
| const bool is_issued_by_known_root = true;
|
| HostPortPair domain_port(domain, 443);
|
| - EXPECT_FALSE(state.CheckPublicKeyPins(
|
| - domain_port, is_issued_by_known_root, new_static_pkp_state2.spki_hashes,
|
| - nullptr, nullptr, TransportSecurityState::DISABLE_PIN_REPORTS,
|
| - &failure_log));
|
| + EXPECT_EQ(TransportSecurityState::PKPStatus::VIOLATED,
|
| + state.CheckPublicKeyPins(
|
| + domain_port, is_issued_by_known_root,
|
| + new_static_pkp_state2.spki_hashes, nullptr, nullptr,
|
| + TransportSecurityState::DISABLE_PIN_REPORTS, &failure_log));
|
| EXPECT_NE(0UL, failure_log.length());
|
| }
|
|
|
| @@ -831,9 +833,11 @@ TEST_F(HttpSecurityHeadersTest, NoClobberPins) {
|
| std::string failure_log;
|
| const bool is_issued_by_known_root = true;
|
| HostPortPair domain_port(domain, 443);
|
| - EXPECT_TRUE(state.CheckPublicKeyPins(
|
| - domain_port, is_issued_by_known_root, saved_hashes, nullptr, nullptr,
|
| - TransportSecurityState::DISABLE_PIN_REPORTS, &failure_log));
|
| + EXPECT_EQ(
|
| + TransportSecurityState::PKPStatus::OK,
|
| + state.CheckPublicKeyPins(
|
| + domain_port, is_issued_by_known_root, saved_hashes, nullptr, nullptr,
|
| + TransportSecurityState::DISABLE_PIN_REPORTS, &failure_log));
|
|
|
| // Add an HPKP header, which should only update the dynamic state.
|
| HashValue good_hash = GetTestHashValue(1, HASH_VALUE_SHA256);
|
| @@ -853,9 +857,11 @@ TEST_F(HttpSecurityHeadersTest, NoClobberPins) {
|
| EXPECT_TRUE(state.ShouldUpgradeToSSL(domain));
|
| // The dynamic pins, which do not match |saved_hashes|, should take
|
| // precedence over the static pins and cause the check to fail.
|
| - EXPECT_FALSE(state.CheckPublicKeyPins(
|
| - domain_port, is_issued_by_known_root, saved_hashes, nullptr, nullptr,
|
| - TransportSecurityState::DISABLE_PIN_REPORTS, &failure_log));
|
| + EXPECT_EQ(
|
| + TransportSecurityState::PKPStatus::VIOLATED,
|
| + state.CheckPublicKeyPins(
|
| + domain_port, is_issued_by_known_root, saved_hashes, nullptr, nullptr,
|
| + TransportSecurityState::DISABLE_PIN_REPORTS, &failure_log));
|
| }
|
|
|
| // Tests that seeing an invalid HPKP header leaves the existing one alone.
|
| @@ -880,9 +886,11 @@ TEST_F(HttpSecurityHeadersTest, IgnoreInvalidHeaders) {
|
| std::string failure_log;
|
| bool is_issued_by_known_root = true;
|
| HostPortPair domain_port("example.com", 443);
|
| - EXPECT_TRUE(state.CheckPublicKeyPins(
|
| - domain_port, is_issued_by_known_root, ssl_info.public_key_hashes, nullptr,
|
| - nullptr, TransportSecurityState::DISABLE_PIN_REPORTS, &failure_log));
|
| + EXPECT_EQ(TransportSecurityState::PKPStatus::OK,
|
| + state.CheckPublicKeyPins(
|
| + domain_port, is_issued_by_known_root,
|
| + ssl_info.public_key_hashes, nullptr, nullptr,
|
| + TransportSecurityState::DISABLE_PIN_REPORTS, &failure_log));
|
|
|
| // Now assert an invalid one. This should fail.
|
| EXPECT_FALSE(state.AddHPKPHeader(
|
| @@ -891,9 +899,11 @@ TEST_F(HttpSecurityHeadersTest, IgnoreInvalidHeaders) {
|
|
|
| // The old pins must still exist.
|
| EXPECT_TRUE(state.HasPublicKeyPins("example.com"));
|
| - EXPECT_TRUE(state.CheckPublicKeyPins(
|
| - domain_port, is_issued_by_known_root, ssl_info.public_key_hashes, nullptr,
|
| - nullptr, TransportSecurityState::DISABLE_PIN_REPORTS, &failure_log));
|
| + EXPECT_EQ(TransportSecurityState::PKPStatus::OK,
|
| + state.CheckPublicKeyPins(
|
| + domain_port, is_issued_by_known_root,
|
| + ssl_info.public_key_hashes, nullptr, nullptr,
|
| + TransportSecurityState::DISABLE_PIN_REPORTS, &failure_log));
|
| }
|
|
|
| }; // namespace net
|
|
|
Chromium Code Reviews
Issue 2066603004:
Return enum from TransportSecurityState::CheckPublicKeyPins (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master