| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/http/transport_security_state.h" | 5 #include "net/http/transport_security_state.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 #include <string> | 8 #include <string> |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| 11 #include "base/base64.h" | 11 #include "base/base64.h" |
| 12 #include "base/files/file_path.h" | 12 #include "base/files/file_path.h" |
| 13 #include "base/json/json_reader.h" | 13 #include "base/json/json_reader.h" |
| 14 #include "base/memory/ptr_util.h" | 14 #include "base/memory/ptr_util.h" |
| 15 #include "base/metrics/field_trial.h" | 15 #include "base/metrics/field_trial.h" |
| 16 #include "base/rand_util.h" | 16 #include "base/rand_util.h" |
| 17 #include "base/sha1.h" | 17 #include "base/sha1.h" |
| 18 #include "base/strings/string_piece.h" | 18 #include "base/strings/string_piece.h" |
| 19 #include "base/test/histogram_tester.h" | 19 #include "base/test/histogram_tester.h" |
| 20 #include "base/test/mock_entropy_provider.h" | 20 #include "base/test/mock_entropy_provider.h" |
| 21 #include "base/test/scoped_feature_list.h" |
| 21 #include "base/values.h" | 22 #include "base/values.h" |
| 22 #include "crypto/openssl_util.h" | 23 #include "crypto/openssl_util.h" |
| 23 #include "crypto/sha2.h" | 24 #include "crypto/sha2.h" |
| 24 #include "net/base/host_port_pair.h" | 25 #include "net/base/host_port_pair.h" |
| 25 #include "net/base/net_errors.h" | 26 #include "net/base/net_errors.h" |
| 26 #include "net/base/test_completion_callback.h" | 27 #include "net/base/test_completion_callback.h" |
| 27 #include "net/cert/asn1_util.h" | 28 #include "net/cert/asn1_util.h" |
| 28 #include "net/cert/cert_verifier.h" | 29 #include "net/cert/cert_verifier.h" |
| 29 #include "net/cert/cert_verify_result.h" | 30 #include "net/cert/cert_verify_result.h" |
| 30 #include "net/cert/ct_policy_status.h" | 31 #include "net/cert/ct_policy_status.h" |
| (...skipping 2562 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2593 base::MakeUnique<base::MockEntropyProvider>()); | 2594 base::MakeUnique<base::MockEntropyProvider>()); |
| 2594 base::FieldTrialList::CreateFieldTrial("EnforceCTForProblematicRoots", | 2595 base::FieldTrialList::CreateFieldTrial("EnforceCTForProblematicRoots", |
| 2595 "disabled"); | 2596 "disabled"); |
| 2596 | 2597 |
| 2597 EXPECT_FALSE( | 2598 EXPECT_FALSE( |
| 2598 state.ShouldRequireCT("www.example.com", before_cert.get(), hashes)); | 2599 state.ShouldRequireCT("www.example.com", before_cert.get(), hashes)); |
| 2599 EXPECT_FALSE( | 2600 EXPECT_FALSE( |
| 2600 state.ShouldRequireCT("www.example.com", after_cert.get(), hashes)); | 2601 state.ShouldRequireCT("www.example.com", after_cert.get(), hashes)); |
| 2601 } | 2602 } |
| 2602 | 2603 |
| 2604 // Tests that dynamic Expect-CT state can be added and retrieved. |
| 2605 TEST_F(TransportSecurityStateTest, DynamicExpectCTState) { |
| 2606 base::test::ScopedFeatureList feature_list; |
| 2607 feature_list.InitAndEnableFeature( |
| 2608 TransportSecurityState::kDynamicExpectCTFeature); |
| 2609 const std::string host("example.test"); |
| 2610 TransportSecurityState state; |
| 2611 TransportSecurityState::ExpectCTState expect_ct_state; |
| 2612 const base::Time current_time = base::Time::Now(); |
| 2613 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); |
| 2614 |
| 2615 // Test that Expect-CT state can be added and retrieved. |
| 2616 state.AddExpectCT(host, expiry, true, GURL()); |
| 2617 EXPECT_TRUE(state.GetDynamicExpectCTState(host, &expect_ct_state)); |
| 2618 EXPECT_TRUE(expect_ct_state.enforce); |
| 2619 EXPECT_TRUE(expect_ct_state.report_uri.is_empty()); |
| 2620 EXPECT_EQ(expiry, expect_ct_state.expiry); |
| 2621 |
| 2622 // Test that Expect-CT can be updated (e.g. by changing |enforce| to false and |
| 2623 // adding a report-uri). |
| 2624 const GURL report_uri("https://example-report.test"); |
| 2625 state.AddExpectCT(host, expiry, false, report_uri); |
| 2626 EXPECT_TRUE(state.GetDynamicExpectCTState(host, &expect_ct_state)); |
| 2627 EXPECT_FALSE(expect_ct_state.enforce); |
| 2628 EXPECT_EQ(report_uri, expect_ct_state.report_uri); |
| 2629 EXPECT_EQ(expiry, expect_ct_state.expiry); |
| 2630 |
| 2631 // Test that Expect-CT state is discarded when expired. |
| 2632 state.AddExpectCT(host, current_time - base::TimeDelta::FromSeconds(1000), |
| 2633 true, report_uri); |
| 2634 EXPECT_FALSE(state.GetDynamicExpectCTState(host, &expect_ct_state)); |
| 2635 } |
| 2636 |
| 2637 // Tests that dynamic Expect-CT state cannot be added when the feature is not |
| 2638 // enabled. |
| 2639 TEST_F(TransportSecurityStateTest, DynamicExpectCTStateDisabled) { |
| 2640 base::test::ScopedFeatureList feature_list; |
| 2641 feature_list.InitAndDisableFeature( |
| 2642 TransportSecurityState::kDynamicExpectCTFeature); |
| 2643 const std::string host("example.test"); |
| 2644 TransportSecurityState state; |
| 2645 TransportSecurityState::ExpectCTState expect_ct_state; |
| 2646 const base::Time current_time = base::Time::Now(); |
| 2647 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); |
| 2648 |
| 2649 state.AddExpectCT(host, expiry, true, GURL()); |
| 2650 EXPECT_FALSE(state.GetDynamicExpectCTState(host, &expect_ct_state)); |
| 2651 } |
| 2652 |
| 2603 } // namespace net | 2653 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2747173005:
Store dynamic Expect-CT state (Closed)
