Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(682)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/http/transport_security_state_unittest.cc

Issue 2951343002: Remove residual support for SHA-1 public key pins. (Closed)
Patch Set: Created 3 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« net/http/transport_security_state.cc ('K') | « net/http/transport_security_state.cc ('k') | net/tools/transport_security_state_generator/spki_hash_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/http/transport_security_state.h" 5 #include "net/http/transport_security_state.h"
6 6
7 #include <algorithm> 7 #include <algorithm>
8 #include <string> 8 #include <string>
9 #include <vector> 9 #include <vector>
10 10
11 #include "base/base64.h" 11 #include "base/base64.h"
12 #include "base/files/file_path.h" 12 #include "base/files/file_path.h"
13 #include "base/json/json_reader.h" 13 #include "base/json/json_reader.h"
14 #include "base/memory/ptr_util.h" 14 #include "base/memory/ptr_util.h"
15 #include "base/metrics/field_trial.h" 15 #include "base/metrics/field_trial.h"
16 #include "base/rand_util.h" 16 #include "base/rand_util.h"
17 #include "base/sha1.h"
18 #include "base/strings/string_piece.h" 17 #include "base/strings/string_piece.h"
19 #include "base/test/histogram_tester.h" 18 #include "base/test/histogram_tester.h"
20 #include "base/test/mock_entropy_provider.h" 19 #include "base/test/mock_entropy_provider.h"
21 #include "base/test/scoped_feature_list.h" 20 #include "base/test/scoped_feature_list.h"
22 #include "base/values.h" 21 #include "base/values.h"
23 #include "crypto/openssl_util.h" 22 #include "crypto/openssl_util.h"
24 #include "crypto/sha2.h" 23 #include "crypto/sha2.h"
25 #include "net/base/host_port_pair.h" 24 #include "net/base/host_port_pair.h"
26 #include "net/base/net_errors.h" 25 #include "net/base/net_errors.h"
27 #include "net/base/test_completion_callback.h" 26 #include "net/base/test_completion_callback.h"
(...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after
61 const char kExpectCTStaticHostname[] = "preloaded-expect-ct.badssl.com"; 60 const char kExpectCTStaticHostname[] = "preloaded-expect-ct.badssl.com";
62 const char kExpectCTStaticReportURI[] = "https://clients3.google.com/ct_upload"; 61 const char kExpectCTStaticReportURI[] = "https://clients3.google.com/ct_upload";
63 const char kExpectStapleStaticHostname[] = "preloaded-expect-staple.badssl.com"; 62 const char kExpectStapleStaticHostname[] = "preloaded-expect-staple.badssl.com";
64 const char kExpectStapleStaticReportURI[] = 63 const char kExpectStapleStaticReportURI[] =
65 "https://report.badssl.com/expect-staple"; 64 "https://report.badssl.com/expect-staple";
66 const char kExpectStapleStaticIncludeSubdomainsHostname[] = 65 const char kExpectStapleStaticIncludeSubdomainsHostname[] =
67 "preloaded-expect-staple-include-subdomains.badssl.com"; 66 "preloaded-expect-staple-include-subdomains.badssl.com";
68 67
69 // kGoodPath is blog.torproject.org. 68 // kGoodPath is blog.torproject.org.
70 const char* const kGoodPath[] = { 69 const char* const kGoodPath[] = {
71 "sha1/Yz4vayd/83rQfDXkDPn2yhzIScw=",
72 "sha1/3lKvjNsfmrn+WmfDhvr2iVh/yRs=",
73 "sha1/gzF+YoVCU9bXeDGQ7JGQVumRueM=",
74 "sha256/4osU79hfY3P2+WJGlT2mxmSL+5FIwLEVxTQcavyBNgQ=", 70 "sha256/4osU79hfY3P2+WJGlT2mxmSL+5FIwLEVxTQcavyBNgQ=",
75 "sha256/k2v657xBsOVe1PQRwOsHsw3bsGT2VzIqz5K+59sNQws=", 71 "sha256/k2v657xBsOVe1PQRwOsHsw3bsGT2VzIqz5K+59sNQws=",
76 "sha256/WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18=", 72 "sha256/WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18=",
77 nullptr, 73 nullptr,
78 }; 74 };
79 75
80 const char kGoodPin1[] = "4osU79hfY3P2+WJGlT2mxmSL+5FIwLEVxTQcavyBNgQ="; 76 const char kGoodPin1[] = "4osU79hfY3P2+WJGlT2mxmSL+5FIwLEVxTQcavyBNgQ=";
81 const char kGoodPin2[] = "k2v657xBsOVe1PQRwOsHsw3bsGT2VzIqz5K+59sNQws="; 77 const char kGoodPin2[] = "k2v657xBsOVe1PQRwOsHsw3bsGT2VzIqz5K+59sNQws=";
82 const char kGoodPin3[] = "WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; 78 const char kGoodPin3[] = "WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18=";
83 79
84 // kBadPath is plus.google.com via Trustcenter, which is utterly wrong for 80 // kBadPath is plus.google.com via Trustcenter, which is utterly wrong for
85 // torproject.org. 81 // torproject.org.
86 const char* const kBadPath[] = { 82 const char* const kBadPath[] = {
87 "sha1/111111111111111111111111111=",
88 "sha1/222222222222222222222222222=",
89 "sha1/333333333333333333333333333=",
90 "sha256/1111111111111111111111111111111111111111111=", 83 "sha256/1111111111111111111111111111111111111111111=",
91 "sha256/2222222222222222222222222222222222222222222=", 84 "sha256/2222222222222222222222222222222222222222222=",
92 "sha256/3333333333333333333333333333333333333333333=", 85 "sha256/3333333333333333333333333333333333333333333=",
93 nullptr, 86 nullptr,
94 }; 87 };
95 88
96 // Constructs a SignedCertificateTimestampAndStatus with the given information 89 // Constructs a SignedCertificateTimestampAndStatus with the given information
97 // and appends it to |sct_list|. 90 // and appends it to |sct_list|.
98 void MakeTestSCTAndStatus(ct::SignedCertificateTimestamp::Origin origin, 91 void MakeTestSCTAndStatus(ct::SignedCertificateTimestamp::Origin origin,
99 const std::string& log_id, 92 const std::string& log_id,
(...skipping 3272 matching lines...) Expand 10 before | Expand all | Expand 10 after
3372 EXPECT_EQ(expiry, reporter.expiration()); 3365 EXPECT_EQ(expiry, reporter.expiration());
3373 EXPECT_EQ(cert1.get(), reporter.validated_certificate_chain()); 3366 EXPECT_EQ(cert1.get(), reporter.validated_certificate_chain());
3374 EXPECT_EQ(cert2.get(), reporter.served_certificate_chain()); 3367 EXPECT_EQ(cert2.get(), reporter.served_certificate_chain());
3375 EXPECT_EQ(sct_list.size(), reporter.signed_certificate_timestamps().size()); 3368 EXPECT_EQ(sct_list.size(), reporter.signed_certificate_timestamps().size());
3376 EXPECT_EQ(sct_list[0].status, 3369 EXPECT_EQ(sct_list[0].status,
3377 reporter.signed_certificate_timestamps()[0].status); 3370 reporter.signed_certificate_timestamps()[0].status);
3378 EXPECT_EQ(sct_list[0].sct, reporter.signed_certificate_timestamps()[0].sct); 3371 EXPECT_EQ(sct_list[0].sct, reporter.signed_certificate_timestamps()[0].sct);
3379 } 3372 }
3380 3373
3381 } // namespace net 3374 } // namespace net
OLDNEW
« net/http/transport_security_state.cc ('K') | « net/http/transport_security_state.cc ('k') | net/tools/transport_security_state_generator/spki_hash_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698