| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <stdint.h> | 5 #include <stdint.h> |
| 6 | 6 |
| 7 #include "base/base64.h" | 7 #include "base/base64.h" |
| 8 #include "base/stl_util.h" | 8 #include "base/stl_util.h" |
| 9 #include "base/strings/string_piece.h" | 9 #include "base/strings/string_piece.h" |
| 10 #include "crypto/sha2.h" | 10 #include "crypto/sha2.h" |
| (...skipping 634 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 645 } | 645 } |
| 646 | 646 |
| 647 TEST_F(HttpSecurityHeadersTest, BogusPinsHeadersSHA256) { | 647 TEST_F(HttpSecurityHeadersTest, BogusPinsHeadersSHA256) { |
| 648 TestBogusPinsHeaders(HASH_VALUE_SHA256); | 648 TestBogusPinsHeaders(HASH_VALUE_SHA256); |
| 649 } | 649 } |
| 650 | 650 |
| 651 TEST_F(HttpSecurityHeadersTest, ValidPKPHeadersSHA256) { | 651 TEST_F(HttpSecurityHeadersTest, ValidPKPHeadersSHA256) { |
| 652 TestValidPKPHeaders(HASH_VALUE_SHA256); | 652 TestValidPKPHeaders(HASH_VALUE_SHA256); |
| 653 } | 653 } |
| 654 | 654 |
| 655 TEST_F(HttpSecurityHeadersTest, UpdateDynamicPKPOnly) { | 655 #if !BUILDFLAG(INCLUDE_TRANSPORT_SECURITY_STATE_PRELOAD_LIST) |
| 656 #define MAYBE_UpdateDynamicPKPOnly DISABLED_UpdateDynamicPKPOnly |
| 657 #else |
| 658 #define MAYBE_UpdateDynamicPKPOnly UpdateDynamicPKPOnly |
| 659 #endif |
| 660 |
| 661 TEST_F(HttpSecurityHeadersTest, MAYBE_UpdateDynamicPKPOnly) { |
| 656 TransportSecurityState state; | 662 TransportSecurityState state; |
| 657 TransportSecurityState::STSState static_sts_state; | 663 TransportSecurityState::STSState static_sts_state; |
| 658 TransportSecurityState::PKPState static_pkp_state; | 664 TransportSecurityState::PKPState static_pkp_state; |
| 659 | 665 |
| 660 // docs.google.com has preloaded pins. | 666 // docs.google.com has preloaded pins. |
| 661 std::string domain = "docs.google.com"; | 667 std::string domain = "docs.google.com"; |
| 662 state.enable_static_pins_ = true; | 668 state.enable_static_pins_ = true; |
| 663 EXPECT_TRUE( | 669 EXPECT_TRUE( |
| 664 state.GetStaticDomainState(domain, &static_sts_state, &static_pkp_state)); | 670 state.GetStaticDomainState(domain, &static_sts_state, &static_pkp_state)); |
| 665 EXPECT_GT(static_pkp_state.spki_hashes.size(), 1UL); | 671 EXPECT_GT(static_pkp_state.spki_hashes.size(), 1UL); |
| (...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 714 EXPECT_EQ(2UL, new_dynamic_pkp_state.spki_hashes.size()); | 720 EXPECT_EQ(2UL, new_dynamic_pkp_state.spki_hashes.size()); |
| 715 EXPECT_EQ(report_uri, new_dynamic_pkp_state.report_uri); | 721 EXPECT_EQ(report_uri, new_dynamic_pkp_state.report_uri); |
| 716 | 722 |
| 717 EXPECT_TRUE( | 723 EXPECT_TRUE( |
| 718 base::ContainsValue(new_dynamic_pkp_state.spki_hashes, good_hash)); | 724 base::ContainsValue(new_dynamic_pkp_state.spki_hashes, good_hash)); |
| 719 | 725 |
| 720 EXPECT_TRUE( | 726 EXPECT_TRUE( |
| 721 base::ContainsValue(new_dynamic_pkp_state.spki_hashes, backup_hash)); | 727 base::ContainsValue(new_dynamic_pkp_state.spki_hashes, backup_hash)); |
| 722 } | 728 } |
| 723 | 729 |
| 724 TEST_F(HttpSecurityHeadersTest, UpdateDynamicPKPMaxAge0) { | 730 #if !BUILDFLAG(INCLUDE_TRANSPORT_SECURITY_STATE_PRELOAD_LIST) |
| 731 #define MAYBE_UpdateDynamicPKPMaxAge0 DISABLED_UpdateDynamicPKPMaxAge0 |
| 732 #else |
| 733 #define MAYBE_UpdateDynamicPKPMaxAge0 UpdateDynamicPKPMaxAge0 |
| 734 #endif |
| 735 |
| 736 TEST_F(HttpSecurityHeadersTest, MAYBE_UpdateDynamicPKPMaxAge0) { |
| 725 TransportSecurityState state; | 737 TransportSecurityState state; |
| 726 TransportSecurityState::STSState static_sts_state; | 738 TransportSecurityState::STSState static_sts_state; |
| 727 TransportSecurityState::PKPState static_pkp_state; | 739 TransportSecurityState::PKPState static_pkp_state; |
| 728 | 740 |
| 729 // docs.google.com has preloaded pins. | 741 // docs.google.com has preloaded pins. |
| 730 std::string domain = "docs.google.com"; | 742 std::string domain = "docs.google.com"; |
| 731 state.enable_static_pins_ = true; | 743 state.enable_static_pins_ = true; |
| 732 ASSERT_TRUE( | 744 ASSERT_TRUE( |
| 733 state.GetStaticDomainState(domain, &static_sts_state, &static_pkp_state)); | 745 state.GetStaticDomainState(domain, &static_sts_state, &static_pkp_state)); |
| 734 EXPECT_GT(static_pkp_state.spki_hashes.size(), 1UL); | 746 EXPECT_GT(static_pkp_state.spki_hashes.size(), 1UL); |
| (...skipping 57 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 792 state.CheckPublicKeyPins( | 804 state.CheckPublicKeyPins( |
| 793 domain_port, is_issued_by_known_root, | 805 domain_port, is_issued_by_known_root, |
| 794 new_static_pkp_state2.spki_hashes, nullptr, nullptr, | 806 new_static_pkp_state2.spki_hashes, nullptr, nullptr, |
| 795 TransportSecurityState::DISABLE_PIN_REPORTS, &failure_log)); | 807 TransportSecurityState::DISABLE_PIN_REPORTS, &failure_log)); |
| 796 EXPECT_NE(0UL, failure_log.length()); | 808 EXPECT_NE(0UL, failure_log.length()); |
| 797 } | 809 } |
| 798 | 810 |
| 799 // Tests that when a static HSTS and a static HPKP entry are present, adding a | 811 // Tests that when a static HSTS and a static HPKP entry are present, adding a |
| 800 // dynamic HSTS header does not clobber the static HPKP entry. Further, adding a | 812 // dynamic HSTS header does not clobber the static HPKP entry. Further, adding a |
| 801 // dynamic HPKP entry could not affect the HSTS entry for the site. | 813 // dynamic HPKP entry could not affect the HSTS entry for the site. |
| 802 TEST_F(HttpSecurityHeadersTest, NoClobberPins) { | 814 #if !BUILDFLAG(INCLUDE_TRANSPORT_SECURITY_STATE_PRELOAD_LIST) |
| 815 #define MAYBE_NoClobberPins DISABLED_NoClobberPins |
| 816 #else |
| 817 #define MAYBE_NoClobberPins NoClobberPins |
| 818 #endif |
| 819 |
| 820 TEST_F(HttpSecurityHeadersTest, MAYBE_NoClobberPins) { |
| 803 TransportSecurityState state; | 821 TransportSecurityState state; |
| 804 TransportSecurityState::STSState sts_state; | 822 TransportSecurityState::STSState sts_state; |
| 805 TransportSecurityState::PKPState pkp_state; | 823 TransportSecurityState::PKPState pkp_state; |
| 806 | 824 |
| 807 // accounts.google.com has preloaded pins. | 825 // accounts.google.com has preloaded pins. |
| 808 std::string domain = "accounts.google.com"; | 826 std::string domain = "accounts.google.com"; |
| 809 state.enable_static_pins_ = true; | 827 state.enable_static_pins_ = true; |
| 810 | 828 |
| 811 // Retrieve the static STS and PKP states as it is by default, including its | 829 // Retrieve the static STS and PKP states as it is by default, including its |
| 812 // known good pins. | 830 // known good pins. |
| (...skipping 373 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1186 EXPECT_TRUE(ParseExpectCTHeader( | 1204 EXPECT_TRUE(ParseExpectCTHeader( |
| 1187 " max-age=999999999999999999999999999999999999999999999 ," | 1205 " max-age=999999999999999999999999999999999999999999999 ," |
| 1188 " enforce ", | 1206 " enforce ", |
| 1189 &max_age, &enforce, &report_uri)); | 1207 &max_age, &enforce, &report_uri)); |
| 1190 EXPECT_EQ(base::TimeDelta::FromSeconds(kMaxExpectCTAgeSecs), max_age); | 1208 EXPECT_EQ(base::TimeDelta::FromSeconds(kMaxExpectCTAgeSecs), max_age); |
| 1191 EXPECT_TRUE(enforce); | 1209 EXPECT_TRUE(enforce); |
| 1192 EXPECT_TRUE(report_uri.is_empty()); | 1210 EXPECT_TRUE(report_uri.is_empty()); |
| 1193 } | 1211 } |
| 1194 | 1212 |
| 1195 } // namespace net | 1213 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2906633003:
Add a build flag to configure bundling of HSTS preload list (Closed)
