Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(128)

Side by Side Diff: net/http/http_security_headers_unittest.cc

Issue 292183003: Disabled failing HttpSecurityHeadersTest.UpdateDynamicPKPMaxAge0 on Windows. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 6 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <algorithm> 5 #include <algorithm>
6 6
7 #include "base/base64.h" 7 #include "base/base64.h"
8 #include "base/sha1.h" 8 #include "base/sha1.h"
9 #include "base/strings/string_piece.h" 9 #include "base/strings/string_piece.h"
10 #include "crypto/sha2.h" 10 #include "crypto/sha2.h"
(...skipping 554 matching lines...) Expand 10 before | Expand all | Expand 10 after
565 new_dynamic_domain_state.pkp.spki_hashes.end(), 565 new_dynamic_domain_state.pkp.spki_hashes.end(),
566 HashValuesEqual(good_hash)); 566 HashValuesEqual(good_hash));
567 EXPECT_NE(new_dynamic_domain_state.pkp.spki_hashes.end(), hash); 567 EXPECT_NE(new_dynamic_domain_state.pkp.spki_hashes.end(), hash);
568 568
569 hash = std::find_if(new_dynamic_domain_state.pkp.spki_hashes.begin(), 569 hash = std::find_if(new_dynamic_domain_state.pkp.spki_hashes.begin(),
570 new_dynamic_domain_state.pkp.spki_hashes.end(), 570 new_dynamic_domain_state.pkp.spki_hashes.end(),
571 HashValuesEqual(backup_hash)); 571 HashValuesEqual(backup_hash));
572 EXPECT_NE(new_dynamic_domain_state.pkp.spki_hashes.end(), hash); 572 EXPECT_NE(new_dynamic_domain_state.pkp.spki_hashes.end(), hash);
573 } 573 }
574 574
575 TEST_F(HttpSecurityHeadersTest, UpdateDynamicPKPMaxAge0) { 575 // Failing on win_chromium_rel. crbug.com/375538
576 #if defined(OS_WIN)
577 #define MAYBE_UpdateDynamicPKPMaxAge0 DISABLED_UpdateDynamicPKPMaxAge0
578 #else
579 #define MAYBE_UpdateDynamicPKPMaxAge0 UpdateDynamicPKPMaxAge0
580 #endif
581 TEST_F(HttpSecurityHeadersTest, MAYBE_UpdateDynamicPKPMaxAge0) {
576 TransportSecurityState state; 582 TransportSecurityState state;
577 TransportSecurityState::DomainState static_domain_state; 583 TransportSecurityState::DomainState static_domain_state;
578 584
579 // docs.google.com has preloaded pins. 585 // docs.google.com has preloaded pins.
580 const bool sni_enabled = true; 586 const bool sni_enabled = true;
581 std::string domain = "docs.google.com"; 587 std::string domain = "docs.google.com";
582 ASSERT_TRUE( 588 ASSERT_TRUE(
583 state.GetStaticDomainState(domain, sni_enabled, &static_domain_state)); 589 state.GetStaticDomainState(domain, sni_enabled, &static_domain_state));
584 EXPECT_GT(static_domain_state.pkp.spki_hashes.size(), 1UL); 590 EXPECT_GT(static_domain_state.pkp.spki_hashes.size(), 1UL);
585 HashValueVector saved_hashes = static_domain_state.pkp.spki_hashes; 591 HashValueVector saved_hashes = static_domain_state.pkp.spki_hashes;
(...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after
639 EXPECT_TRUE(state.HasPublicKeyPins(domain, true)); 645 EXPECT_TRUE(state.HasPublicKeyPins(domain, true));
640 EXPECT_TRUE(state.ShouldSSLErrorsBeFatal(domain, true)); 646 EXPECT_TRUE(state.ShouldSSLErrorsBeFatal(domain, true));
641 std::string failure_log; 647 std::string failure_log;
642 // Damage the hashes to cause a pin validation failure. 648 // Damage the hashes to cause a pin validation failure.
643 new_static_domain_state2.pkp.spki_hashes[0].data()[0] ^= 0x80; 649 new_static_domain_state2.pkp.spki_hashes[0].data()[0] ^= 0x80;
644 new_static_domain_state2.pkp.spki_hashes[1].data()[0] ^= 0x80; 650 new_static_domain_state2.pkp.spki_hashes[1].data()[0] ^= 0x80;
645 EXPECT_FALSE(state.CheckPublicKeyPins( 651 EXPECT_FALSE(state.CheckPublicKeyPins(
646 domain, true, new_static_domain_state2.pkp.spki_hashes, &failure_log)); 652 domain, true, new_static_domain_state2.pkp.spki_hashes, &failure_log));
647 EXPECT_NE(0UL, failure_log.length()); 653 EXPECT_NE(0UL, failure_log.length());
648 } 654 }
655 #undef MAYBE_UpdateDynamicPKPMaxAge0
649 656
650 // Tests that when a static HSTS and a static HPKP entry are present, adding a 657 // Tests that when a static HSTS and a static HPKP entry are present, adding a
651 // dynamic HSTS header does not clobber the static HPKP entry. Further, adding a 658 // dynamic HSTS header does not clobber the static HPKP entry. Further, adding a
652 // dynamic HPKP entry could not affect the HSTS entry for the site. 659 // dynamic HPKP entry could not affect the HSTS entry for the site.
653 TEST_F(HttpSecurityHeadersTest, NoClobberPins) { 660 TEST_F(HttpSecurityHeadersTest, NoClobberPins) {
654 TransportSecurityState state; 661 TransportSecurityState state;
655 TransportSecurityState::DomainState domain_state; 662 TransportSecurityState::DomainState domain_state;
656 663
657 // accounts.google.com has preloaded pins. 664 // accounts.google.com has preloaded pins.
658 std::string domain = "accounts.google.com"; 665 std::string domain = "accounts.google.com";
(...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after
692 // HSTS should still be configured for this domain. 699 // HSTS should still be configured for this domain.
693 EXPECT_TRUE(domain_state.ShouldUpgradeToSSL()); 700 EXPECT_TRUE(domain_state.ShouldUpgradeToSSL());
694 EXPECT_TRUE(state.ShouldUpgradeToSSL(domain, sni_enabled)); 701 EXPECT_TRUE(state.ShouldUpgradeToSSL(domain, sni_enabled));
695 // The dynamic pins, which do not match |saved_hashes|, should take 702 // The dynamic pins, which do not match |saved_hashes|, should take
696 // precedence over the static pins and cause the check to fail. 703 // precedence over the static pins and cause the check to fail.
697 EXPECT_FALSE(state.CheckPublicKeyPins( 704 EXPECT_FALSE(state.CheckPublicKeyPins(
698 domain, sni_enabled, saved_hashes, &failure_log)); 705 domain, sni_enabled, saved_hashes, &failure_log));
699 } 706 }
700 707
701 }; // namespace net 708 }; // namespace net
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698