| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <stdint.h> | 5 #include <stdint.h> |
| 6 #include <algorithm> | 6 #include <algorithm> |
| 7 | 7 |
| 8 #include "base/base64.h" | 8 #include "base/base64.h" |
| 9 #include "base/strings/string_piece.h" | 9 #include "base/strings/string_piece.h" |
| 10 #include "crypto/sha2.h" | 10 #include "crypto/sha2.h" |
| (...skipping 771 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 782 EXPECT_FALSE(state.GetDynamicPKPState(domain, &new_dynamic_pkp_state2)); | 782 EXPECT_FALSE(state.GetDynamicPKPState(domain, &new_dynamic_pkp_state2)); |
| 783 | 783 |
| 784 // Expect the exact-matching static policy to continue to apply, even | 784 // Expect the exact-matching static policy to continue to apply, even |
| 785 // though dynamic policy has been removed. (This policy may change in the | 785 // though dynamic policy has been removed. (This policy may change in the |
| 786 // future, in which case this test must be updated.) | 786 // future, in which case this test must be updated.) |
| 787 EXPECT_TRUE(state.HasPublicKeyPins(domain)); | 787 EXPECT_TRUE(state.HasPublicKeyPins(domain)); |
| 788 EXPECT_TRUE(state.ShouldSSLErrorsBeFatal(domain)); | 788 EXPECT_TRUE(state.ShouldSSLErrorsBeFatal(domain)); |
| 789 std::string failure_log; | 789 std::string failure_log; |
| 790 | 790 |
| 791 // Damage the hashes to cause a pin validation failure. | 791 // Damage the hashes to cause a pin validation failure. |
| 792 new_static_pkp_state2.spki_hashes[0].data()[0] ^= 0x80; | 792 for (size_t i = 0; i < new_static_pkp_state2.spki_hashes.size(); i++) { |
| 793 new_static_pkp_state2.spki_hashes[1].data()[0] ^= 0x80; | 793 new_static_pkp_state2.spki_hashes[i].data()[0] ^= 0x80; |
| 794 new_static_pkp_state2.spki_hashes[2].data()[0] ^= 0x80; | 794 } |
| 795 | 795 |
| 796 const bool is_issued_by_known_root = true; | 796 const bool is_issued_by_known_root = true; |
| 797 HostPortPair domain_port(domain, 443); | 797 HostPortPair domain_port(domain, 443); |
| 798 EXPECT_EQ(TransportSecurityState::PKPStatus::VIOLATED, | 798 EXPECT_EQ(TransportSecurityState::PKPStatus::VIOLATED, |
| 799 state.CheckPublicKeyPins( | 799 state.CheckPublicKeyPins( |
| 800 domain_port, is_issued_by_known_root, | 800 domain_port, is_issued_by_known_root, |
| 801 new_static_pkp_state2.spki_hashes, nullptr, nullptr, | 801 new_static_pkp_state2.spki_hashes, nullptr, nullptr, |
| 802 TransportSecurityState::DISABLE_PIN_REPORTS, &failure_log)); | 802 TransportSecurityState::DISABLE_PIN_REPORTS, &failure_log)); |
| 803 EXPECT_NE(0UL, failure_log.length()); | 803 EXPECT_NE(0UL, failure_log.length()); |
| 804 } | 804 } |
| (...skipping 94 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 899 // The old pins must still exist. | 899 // The old pins must still exist. |
| 900 EXPECT_TRUE(state.HasPublicKeyPins("example.com")); | 900 EXPECT_TRUE(state.HasPublicKeyPins("example.com")); |
| 901 EXPECT_EQ(TransportSecurityState::PKPStatus::OK, | 901 EXPECT_EQ(TransportSecurityState::PKPStatus::OK, |
| 902 state.CheckPublicKeyPins( | 902 state.CheckPublicKeyPins( |
| 903 domain_port, is_issued_by_known_root, | 903 domain_port, is_issued_by_known_root, |
| 904 ssl_info.public_key_hashes, nullptr, nullptr, | 904 ssl_info.public_key_hashes, nullptr, nullptr, |
| 905 TransportSecurityState::DISABLE_PIN_REPORTS, &failure_log)); | 905 TransportSecurityState::DISABLE_PIN_REPORTS, &failure_log)); |
| 906 } | 906 } |
| 907 | 907 |
| 908 }; // namespace net | 908 }; // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2539853002:
Update Google pins. (Closed)
