OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <algorithm> | 5 #include <algorithm> |
6 | 6 |
7 #include "base/base64.h" | 7 #include "base/base64.h" |
8 #include "base/sha1.h" | 8 #include "base/sha1.h" |
9 #include "base/strings/string_piece.h" | 9 #include "base/strings/string_piece.h" |
10 #include "crypto/sha2.h" | 10 #include "crypto/sha2.h" |
(...skipping 554 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
565 new_dynamic_domain_state.pkp.spki_hashes.end(), | 565 new_dynamic_domain_state.pkp.spki_hashes.end(), |
566 HashValuesEqual(good_hash)); | 566 HashValuesEqual(good_hash)); |
567 EXPECT_NE(new_dynamic_domain_state.pkp.spki_hashes.end(), hash); | 567 EXPECT_NE(new_dynamic_domain_state.pkp.spki_hashes.end(), hash); |
568 | 568 |
569 hash = std::find_if(new_dynamic_domain_state.pkp.spki_hashes.begin(), | 569 hash = std::find_if(new_dynamic_domain_state.pkp.spki_hashes.begin(), |
570 new_dynamic_domain_state.pkp.spki_hashes.end(), | 570 new_dynamic_domain_state.pkp.spki_hashes.end(), |
571 HashValuesEqual(backup_hash)); | 571 HashValuesEqual(backup_hash)); |
572 EXPECT_NE(new_dynamic_domain_state.pkp.spki_hashes.end(), hash); | 572 EXPECT_NE(new_dynamic_domain_state.pkp.spki_hashes.end(), hash); |
573 } | 573 } |
574 | 574 |
575 TEST_F(HttpSecurityHeadersTest, UpdateDynamicPKPMaxAge0) { | 575 // Failing on win_chromium_rel. crbug.com/375538 |
| 576 #if defined(OS_WIN) |
| 577 #define MAYBE_UpdateDynamicPKPMaxAge0 DISABLED_UpdateDynamicPKPMaxAge0 |
| 578 #else |
| 579 #define MAYBE_UpdateDynamicPKPMaxAge0 UpdateDynamicPKPMaxAge0 |
| 580 #endif |
| 581 TEST_F(HttpSecurityHeadersTest, MAYBE_UpdateDynamicPKPMaxAge0) { |
576 TransportSecurityState state; | 582 TransportSecurityState state; |
577 TransportSecurityState::DomainState static_domain_state; | 583 TransportSecurityState::DomainState static_domain_state; |
578 | 584 |
579 // docs.google.com has preloaded pins. | 585 // docs.google.com has preloaded pins. |
580 const bool sni_enabled = true; | 586 const bool sni_enabled = true; |
581 std::string domain = "docs.google.com"; | 587 std::string domain = "docs.google.com"; |
582 ASSERT_TRUE( | 588 ASSERT_TRUE( |
583 state.GetStaticDomainState(domain, sni_enabled, &static_domain_state)); | 589 state.GetStaticDomainState(domain, sni_enabled, &static_domain_state)); |
584 EXPECT_GT(static_domain_state.pkp.spki_hashes.size(), 1UL); | 590 EXPECT_GT(static_domain_state.pkp.spki_hashes.size(), 1UL); |
585 HashValueVector saved_hashes = static_domain_state.pkp.spki_hashes; | 591 HashValueVector saved_hashes = static_domain_state.pkp.spki_hashes; |
(...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
639 EXPECT_TRUE(state.HasPublicKeyPins(domain, true)); | 645 EXPECT_TRUE(state.HasPublicKeyPins(domain, true)); |
640 EXPECT_TRUE(state.ShouldSSLErrorsBeFatal(domain, true)); | 646 EXPECT_TRUE(state.ShouldSSLErrorsBeFatal(domain, true)); |
641 std::string failure_log; | 647 std::string failure_log; |
642 // Damage the hashes to cause a pin validation failure. | 648 // Damage the hashes to cause a pin validation failure. |
643 new_static_domain_state2.pkp.spki_hashes[0].data()[0] ^= 0x80; | 649 new_static_domain_state2.pkp.spki_hashes[0].data()[0] ^= 0x80; |
644 new_static_domain_state2.pkp.spki_hashes[1].data()[0] ^= 0x80; | 650 new_static_domain_state2.pkp.spki_hashes[1].data()[0] ^= 0x80; |
645 EXPECT_FALSE(state.CheckPublicKeyPins( | 651 EXPECT_FALSE(state.CheckPublicKeyPins( |
646 domain, true, new_static_domain_state2.pkp.spki_hashes, &failure_log)); | 652 domain, true, new_static_domain_state2.pkp.spki_hashes, &failure_log)); |
647 EXPECT_NE(0UL, failure_log.length()); | 653 EXPECT_NE(0UL, failure_log.length()); |
648 } | 654 } |
| 655 #undef MAYBE_UpdateDynamicPKPMaxAge0 |
649 | 656 |
650 // Tests that when a static HSTS and a static HPKP entry are present, adding a | 657 // Tests that when a static HSTS and a static HPKP entry are present, adding a |
651 // dynamic HSTS header does not clobber the static HPKP entry. Further, adding a | 658 // dynamic HSTS header does not clobber the static HPKP entry. Further, adding a |
652 // dynamic HPKP entry could not affect the HSTS entry for the site. | 659 // dynamic HPKP entry could not affect the HSTS entry for the site. |
653 TEST_F(HttpSecurityHeadersTest, NoClobberPins) { | 660 TEST_F(HttpSecurityHeadersTest, NoClobberPins) { |
654 TransportSecurityState state; | 661 TransportSecurityState state; |
655 TransportSecurityState::DomainState domain_state; | 662 TransportSecurityState::DomainState domain_state; |
656 | 663 |
657 // accounts.google.com has preloaded pins. | 664 // accounts.google.com has preloaded pins. |
658 std::string domain = "accounts.google.com"; | 665 std::string domain = "accounts.google.com"; |
(...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
692 // HSTS should still be configured for this domain. | 699 // HSTS should still be configured for this domain. |
693 EXPECT_TRUE(domain_state.ShouldUpgradeToSSL()); | 700 EXPECT_TRUE(domain_state.ShouldUpgradeToSSL()); |
694 EXPECT_TRUE(state.ShouldUpgradeToSSL(domain, sni_enabled)); | 701 EXPECT_TRUE(state.ShouldUpgradeToSSL(domain, sni_enabled)); |
695 // The dynamic pins, which do not match |saved_hashes|, should take | 702 // The dynamic pins, which do not match |saved_hashes|, should take |
696 // precedence over the static pins and cause the check to fail. | 703 // precedence over the static pins and cause the check to fail. |
697 EXPECT_FALSE(state.CheckPublicKeyPins( | 704 EXPECT_FALSE(state.CheckPublicKeyPins( |
698 domain, sni_enabled, saved_hashes, &failure_log)); | 705 domain, sni_enabled, saved_hashes, &failure_log)); |
699 } | 706 } |
700 | 707 |
701 }; // namespace net | 708 }; // namespace net |
OLD | NEW |