OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <stdint.h> | 5 #include <stdint.h> |
6 #include <algorithm> | |
7 | 6 |
8 #include "base/base64.h" | 7 #include "base/base64.h" |
| 8 #include "base/stl_util.h" |
9 #include "base/strings/string_piece.h" | 9 #include "base/strings/string_piece.h" |
10 #include "crypto/sha2.h" | 10 #include "crypto/sha2.h" |
11 #include "net/base/host_port_pair.h" | 11 #include "net/base/host_port_pair.h" |
12 #include "net/base/test_completion_callback.h" | 12 #include "net/base/test_completion_callback.h" |
13 #include "net/http/http_security_headers.h" | 13 #include "net/http/http_security_headers.h" |
14 #include "net/http/http_util.h" | 14 #include "net/http/http_util.h" |
15 #include "net/http/transport_security_state.h" | 15 #include "net/http/transport_security_state.h" |
16 #include "net/ssl/ssl_info.h" | 16 #include "net/ssl/ssl_info.h" |
17 #include "testing/gtest/include/gtest/gtest.h" | 17 #include "testing/gtest/include/gtest/gtest.h" |
18 | 18 |
(...skipping 667 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
686 EXPECT_TRUE(state.GetStaticDomainState(domain, &new_static_sts_state, | 686 EXPECT_TRUE(state.GetStaticDomainState(domain, &new_static_sts_state, |
687 &new_static_pkp_state)); | 687 &new_static_pkp_state)); |
688 EXPECT_EQ(saved_hashes, new_static_pkp_state.spki_hashes); | 688 EXPECT_EQ(saved_hashes, new_static_pkp_state.spki_hashes); |
689 | 689 |
690 // Expect the dynamic state to reflect the header. | 690 // Expect the dynamic state to reflect the header. |
691 TransportSecurityState::PKPState dynamic_pkp_state; | 691 TransportSecurityState::PKPState dynamic_pkp_state; |
692 EXPECT_TRUE(state.GetDynamicPKPState(domain, &dynamic_pkp_state)); | 692 EXPECT_TRUE(state.GetDynamicPKPState(domain, &dynamic_pkp_state)); |
693 EXPECT_EQ(2UL, dynamic_pkp_state.spki_hashes.size()); | 693 EXPECT_EQ(2UL, dynamic_pkp_state.spki_hashes.size()); |
694 EXPECT_EQ(report_uri, dynamic_pkp_state.report_uri); | 694 EXPECT_EQ(report_uri, dynamic_pkp_state.report_uri); |
695 | 695 |
696 HashValueVector::const_iterator hash = | 696 EXPECT_TRUE(base::ContainsValue(dynamic_pkp_state.spki_hashes, good_hash)); |
697 std::find(dynamic_pkp_state.spki_hashes.begin(), | |
698 dynamic_pkp_state.spki_hashes.end(), good_hash); | |
699 EXPECT_NE(dynamic_pkp_state.spki_hashes.end(), hash); | |
700 | 697 |
701 hash = std::find(dynamic_pkp_state.spki_hashes.begin(), | 698 EXPECT_TRUE(base::ContainsValue(dynamic_pkp_state.spki_hashes, backup_hash)); |
702 dynamic_pkp_state.spki_hashes.end(), backup_hash); | |
703 EXPECT_NE(dynamic_pkp_state.spki_hashes.end(), hash); | |
704 | 699 |
705 // Expect the overall state to reflect the header, too. | 700 // Expect the overall state to reflect the header, too. |
706 EXPECT_TRUE(state.HasPublicKeyPins(domain)); | 701 EXPECT_TRUE(state.HasPublicKeyPins(domain)); |
707 HashValueVector hashes; | 702 HashValueVector hashes; |
708 hashes.push_back(good_hash); | 703 hashes.push_back(good_hash); |
709 std::string failure_log; | 704 std::string failure_log; |
710 const bool is_issued_by_known_root = true; | 705 const bool is_issued_by_known_root = true; |
711 HostPortPair domain_port(domain, 443); | 706 HostPortPair domain_port(domain, 443); |
712 EXPECT_EQ(TransportSecurityState::PKPStatus::OK, | 707 EXPECT_EQ(TransportSecurityState::PKPStatus::OK, |
713 state.CheckPublicKeyPins( | 708 state.CheckPublicKeyPins( |
714 domain_port, is_issued_by_known_root, hashes, nullptr, nullptr, | 709 domain_port, is_issued_by_known_root, hashes, nullptr, nullptr, |
715 TransportSecurityState::DISABLE_PIN_REPORTS, &failure_log)); | 710 TransportSecurityState::DISABLE_PIN_REPORTS, &failure_log)); |
716 | 711 |
717 TransportSecurityState::PKPState new_dynamic_pkp_state; | 712 TransportSecurityState::PKPState new_dynamic_pkp_state; |
718 EXPECT_TRUE(state.GetDynamicPKPState(domain, &new_dynamic_pkp_state)); | 713 EXPECT_TRUE(state.GetDynamicPKPState(domain, &new_dynamic_pkp_state)); |
719 EXPECT_EQ(2UL, new_dynamic_pkp_state.spki_hashes.size()); | 714 EXPECT_EQ(2UL, new_dynamic_pkp_state.spki_hashes.size()); |
720 EXPECT_EQ(report_uri, new_dynamic_pkp_state.report_uri); | 715 EXPECT_EQ(report_uri, new_dynamic_pkp_state.report_uri); |
721 | 716 |
722 hash = std::find(new_dynamic_pkp_state.spki_hashes.begin(), | 717 EXPECT_TRUE( |
723 new_dynamic_pkp_state.spki_hashes.end(), good_hash); | 718 base::ContainsValue(new_dynamic_pkp_state.spki_hashes, good_hash)); |
724 EXPECT_NE(new_dynamic_pkp_state.spki_hashes.end(), hash); | |
725 | 719 |
726 hash = std::find(new_dynamic_pkp_state.spki_hashes.begin(), | 720 EXPECT_TRUE( |
727 new_dynamic_pkp_state.spki_hashes.end(), backup_hash); | 721 base::ContainsValue(new_dynamic_pkp_state.spki_hashes, backup_hash)); |
728 EXPECT_NE(new_dynamic_pkp_state.spki_hashes.end(), hash); | |
729 } | 722 } |
730 | 723 |
731 TEST_F(HttpSecurityHeadersTest, UpdateDynamicPKPMaxAge0) { | 724 TEST_F(HttpSecurityHeadersTest, UpdateDynamicPKPMaxAge0) { |
732 TransportSecurityState state; | 725 TransportSecurityState state; |
733 TransportSecurityState::STSState static_sts_state; | 726 TransportSecurityState::STSState static_sts_state; |
734 TransportSecurityState::PKPState static_pkp_state; | 727 TransportSecurityState::PKPState static_pkp_state; |
735 | 728 |
736 // docs.google.com has preloaded pins. | 729 // docs.google.com has preloaded pins. |
737 std::string domain = "docs.google.com"; | 730 std::string domain = "docs.google.com"; |
738 state.enable_static_pins_ = true; | 731 state.enable_static_pins_ = true; |
(...skipping 454 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1193 EXPECT_TRUE(ParseExpectCTHeader( | 1186 EXPECT_TRUE(ParseExpectCTHeader( |
1194 " max-age=999999999999999999999999999999999999999999999 ," | 1187 " max-age=999999999999999999999999999999999999999999999 ," |
1195 " enforce ", | 1188 " enforce ", |
1196 &max_age, &enforce, &report_uri)); | 1189 &max_age, &enforce, &report_uri)); |
1197 EXPECT_EQ(base::TimeDelta::FromSeconds(kMaxExpectCTAgeSecs), max_age); | 1190 EXPECT_EQ(base::TimeDelta::FromSeconds(kMaxExpectCTAgeSecs), max_age); |
1198 EXPECT_TRUE(enforce); | 1191 EXPECT_TRUE(enforce); |
1199 EXPECT_TRUE(report_uri.is_empty()); | 1192 EXPECT_TRUE(report_uri.is_empty()); |
1200 } | 1193 } |
1201 | 1194 |
1202 } // namespace net | 1195 } // namespace net |
OLD | NEW |