| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <algorithm> | 5 #include <algorithm> |
| 6 | 6 |
| 7 #include "base/base64.h" | 7 #include "base/base64.h" |
| 8 #include "base/sha1.h" | 8 #include "base/sha1.h" |
| 9 #include "base/strings/string_piece.h" | 9 #include "base/strings/string_piece.h" |
| 10 #include "crypto/sha2.h" | 10 #include "crypto/sha2.h" |
| (...skipping 575 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 586 new_dynamic_domain_state.pkp.spki_hashes.end(), | 586 new_dynamic_domain_state.pkp.spki_hashes.end(), |
| 587 HashValuesEqual(good_hash)); | 587 HashValuesEqual(good_hash)); |
| 588 EXPECT_NE(new_dynamic_domain_state.pkp.spki_hashes.end(), hash); | 588 EXPECT_NE(new_dynamic_domain_state.pkp.spki_hashes.end(), hash); |
| 589 | 589 |
| 590 hash = std::find_if(new_dynamic_domain_state.pkp.spki_hashes.begin(), | 590 hash = std::find_if(new_dynamic_domain_state.pkp.spki_hashes.begin(), |
| 591 new_dynamic_domain_state.pkp.spki_hashes.end(), | 591 new_dynamic_domain_state.pkp.spki_hashes.end(), |
| 592 HashValuesEqual(backup_hash)); | 592 HashValuesEqual(backup_hash)); |
| 593 EXPECT_NE(new_dynamic_domain_state.pkp.spki_hashes.end(), hash); | 593 EXPECT_NE(new_dynamic_domain_state.pkp.spki_hashes.end(), hash); |
| 594 } | 594 } |
| 595 | 595 |
| 596 // Failing on win_chromium_rel. crbug.com/375538 | 596 TEST_F(HttpSecurityHeadersTest, UpdateDynamicPKPMaxAge0) { |
| 597 #if defined(OS_WIN) | |
| 598 #define MAYBE_UpdateDynamicPKPMaxAge0 DISABLED_UpdateDynamicPKPMaxAge0 | |
| 599 #else | |
| 600 #define MAYBE_UpdateDynamicPKPMaxAge0 UpdateDynamicPKPMaxAge0 | |
| 601 #endif | |
| 602 TEST_F(HttpSecurityHeadersTest, MAYBE_UpdateDynamicPKPMaxAge0) { | |
| 603 TransportSecurityState state; | 597 TransportSecurityState state; |
| 604 TransportSecurityState::DomainState static_domain_state; | 598 TransportSecurityState::DomainState static_domain_state; |
| 605 | 599 |
| 606 // docs.google.com has preloaded pins. | 600 // docs.google.com has preloaded pins. |
| 607 std::string domain = "docs.google.com"; | 601 std::string domain = "docs.google.com"; |
| 608 state.enable_static_pins_ = true; | 602 state.enable_static_pins_ = true; |
| 609 ASSERT_TRUE( | 603 ASSERT_TRUE( |
| 610 state.GetStaticDomainState(domain, &static_domain_state)); | 604 state.GetStaticDomainState(domain, &static_domain_state)); |
| 611 EXPECT_GT(static_domain_state.pkp.spki_hashes.size(), 1UL); | 605 EXPECT_GT(static_domain_state.pkp.spki_hashes.size(), 1UL); |
| 612 HashValueVector saved_hashes = static_domain_state.pkp.spki_hashes; | 606 HashValueVector saved_hashes = static_domain_state.pkp.spki_hashes; |
| (...skipping 57 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 670 new_static_domain_state2.pkp.spki_hashes[0].data()[0] ^= 0x80; | 664 new_static_domain_state2.pkp.spki_hashes[0].data()[0] ^= 0x80; |
| 671 new_static_domain_state2.pkp.spki_hashes[1].data()[0] ^= 0x80; | 665 new_static_domain_state2.pkp.spki_hashes[1].data()[0] ^= 0x80; |
| 672 const bool is_issued_by_known_root = true; | 666 const bool is_issued_by_known_root = true; |
| 673 EXPECT_FALSE( | 667 EXPECT_FALSE( |
| 674 state.CheckPublicKeyPins(domain, | 668 state.CheckPublicKeyPins(domain, |
| 675 is_issued_by_known_root, | 669 is_issued_by_known_root, |
| 676 new_static_domain_state2.pkp.spki_hashes, | 670 new_static_domain_state2.pkp.spki_hashes, |
| 677 &failure_log)); | 671 &failure_log)); |
| 678 EXPECT_NE(0UL, failure_log.length()); | 672 EXPECT_NE(0UL, failure_log.length()); |
| 679 } | 673 } |
| 680 #undef MAYBE_UpdateDynamicPKPMaxAge0 | |
| 681 | 674 |
| 682 // Tests that when a static HSTS and a static HPKP entry are present, adding a | 675 // Tests that when a static HSTS and a static HPKP entry are present, adding a |
| 683 // dynamic HSTS header does not clobber the static HPKP entry. Further, adding a | 676 // dynamic HSTS header does not clobber the static HPKP entry. Further, adding a |
| 684 // dynamic HPKP entry could not affect the HSTS entry for the site. | 677 // dynamic HPKP entry could not affect the HSTS entry for the site. |
| 685 TEST_F(HttpSecurityHeadersTest, NoClobberPins) { | 678 TEST_F(HttpSecurityHeadersTest, NoClobberPins) { |
| 686 TransportSecurityState state; | 679 TransportSecurityState state; |
| 687 TransportSecurityState::DomainState domain_state; | 680 TransportSecurityState::DomainState domain_state; |
| 688 | 681 |
| 689 // accounts.google.com has preloaded pins. | 682 // accounts.google.com has preloaded pins. |
| 690 std::string domain = "accounts.google.com"; | 683 std::string domain = "accounts.google.com"; |
| (...skipping 75 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 766 ssl_info)); | 759 ssl_info)); |
| 767 | 760 |
| 768 // The old pins must still exist. | 761 // The old pins must still exist. |
| 769 EXPECT_TRUE(state.HasPublicKeyPins("example.com")); | 762 EXPECT_TRUE(state.HasPublicKeyPins("example.com")); |
| 770 EXPECT_TRUE(state.CheckPublicKeyPins("example.com", is_issued_by_known_root, | 763 EXPECT_TRUE(state.CheckPublicKeyPins("example.com", is_issued_by_known_root, |
| 771 ssl_info.public_key_hashes, | 764 ssl_info.public_key_hashes, |
| 772 &failure_log)); | 765 &failure_log)); |
| 773 } | 766 } |
| 774 | 767 |
| 775 }; // namespace net | 768 }; // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 948733002:
Re-enable HttpSecurityHeadersTest.UpdateDynamicPKPMaxAge0 (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master