1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
7 #include "base/base64.h"
9 #include "base/strings/string_piece.h"
10 #include "crypto/sha2.h"
11 #include "net/base/net_log.h"
12 #include "net/base/test_completion_callback.h"
13 #include "net/http/http_security_headers.h"
14 #include "net/http/http_util.h"
15 #include "net/http/transport_security_state.h"
16 #include "net/ssl/ssl_info.h"
17 #include "testing/gtest/include/gtest/gtest.h"
23 HashValue GetTestHashValue(uint8 label, HashValueTag tag) {
24 HashValue hash_value(tag);
25 memset(hash_value.data(), label, hash_value.size());
29 std::string GetTestPin(uint8 label, HashValueTag tag) {
30 HashValue hash_value = GetTestHashValue(label, tag);
32 base::Base64Encode(base::StringPiece(
33 reinterpret_cast<char*>(hash_value.data()), hash_value.size()), &base64);
35 switch (hash_value.tag) {
37 return std::string("pin-sha1=\"") + base64 + "\"";
38 case HASH_VALUE_SHA256:
39 return std::string("pin-sha256=\"") + base64 + "\"";
41 NOTREACHED() << "Unknown HashValueTag " << hash_value.tag;
42 return std::string("ERROR");
49 class HttpSecurityHeadersTest : public testing::Test {
53 TEST_F(HttpSecurityHeadersTest, BogusHeaders) {
54 base::TimeDelta max_age;
55 bool include_subdomains = false;
58 ParseHSTSHeader(std::string(), &max_age, &include_subdomains));
59 EXPECT_FALSE(ParseHSTSHeader(" ", &max_age, &include_subdomains));
60 EXPECT_FALSE(ParseHSTSHeader("abc", &max_age, &include_subdomains));
61 EXPECT_FALSE(ParseHSTSHeader(" abc", &max_age, &include_subdomains));
62 EXPECT_FALSE(ParseHSTSHeader(" abc ", &max_age, &include_subdomains));
63 EXPECT_FALSE(ParseHSTSHeader("max-age", &max_age, &include_subdomains));
64 EXPECT_FALSE(ParseHSTSHeader(" max-age", &max_age,
65 &include_subdomains));
66 EXPECT_FALSE(ParseHSTSHeader(" max-age ", &max_age,
67 &include_subdomains));
68 EXPECT_FALSE(ParseHSTSHeader("max-age=", &max_age, &include_subdomains));
69 EXPECT_FALSE(ParseHSTSHeader(" max-age=", &max_age,
70 &include_subdomains));
71 EXPECT_FALSE(ParseHSTSHeader(" max-age =", &max_age,
72 &include_subdomains));
73 EXPECT_FALSE(ParseHSTSHeader(" max-age= ", &max_age,
74 &include_subdomains));
75 EXPECT_FALSE(ParseHSTSHeader(" max-age = ", &max_age,
76 &include_subdomains));
77 EXPECT_FALSE(ParseHSTSHeader(" max-age = xy", &max_age,
78 &include_subdomains));
79 EXPECT_FALSE(ParseHSTSHeader(" max-age = 3488a923", &max_age,
80 &include_subdomains));
81 EXPECT_FALSE(ParseHSTSHeader("max-age=3488a923 ", &max_age,
82 &include_subdomains));
83 EXPECT_FALSE(ParseHSTSHeader("max-ag=3488923", &max_age,
84 &include_subdomains));
85 EXPECT_FALSE(ParseHSTSHeader("max-aged=3488923", &max_age,
86 &include_subdomains));
87 EXPECT_FALSE(ParseHSTSHeader("max-age==3488923", &max_age,
88 &include_subdomains));
89 EXPECT_FALSE(ParseHSTSHeader("amax-age=3488923", &max_age,
90 &include_subdomains));
91 EXPECT_FALSE(ParseHSTSHeader("max-age=-3488923", &max_age,
92 &include_subdomains));
93 EXPECT_FALSE(ParseHSTSHeader("max-age=3488923 e", &max_age,
94 &include_subdomains));
95 EXPECT_FALSE(ParseHSTSHeader("max-age=3488923 includesubdomain",
96 &max_age, &include_subdomains));
97 EXPECT_FALSE(ParseHSTSHeader("max-age=3488923includesubdomains",
98 &max_age, &include_subdomains));
99 EXPECT_FALSE(ParseHSTSHeader("max-age=3488923=includesubdomains",
100 &max_age, &include_subdomains));
101 EXPECT_FALSE(ParseHSTSHeader("max-age=3488923 includesubdomainx",
102 &max_age, &include_subdomains));
103 EXPECT_FALSE(ParseHSTSHeader("max-age=3488923 includesubdomain=",
104 &max_age, &include_subdomains));
105 EXPECT_FALSE(ParseHSTSHeader("max-age=3488923 includesubdomain=true",
106 &max_age, &include_subdomains));
107 EXPECT_FALSE(ParseHSTSHeader("max-age=3488923 includesubdomainsx",
108 &max_age, &include_subdomains));
109 EXPECT_FALSE(ParseHSTSHeader("max-age=3488923 includesubdomains x",
110 &max_age, &include_subdomains));
111 EXPECT_FALSE(ParseHSTSHeader("max-age=34889.23 includesubdomains",
112 &max_age, &include_subdomains));
113 EXPECT_FALSE(ParseHSTSHeader("max-age=34889 includesubdomains",
114 &max_age, &include_subdomains));
115 EXPECT_FALSE(ParseHSTSHeader(";;;; ;;;",
116 &max_age, &include_subdomains));
117 EXPECT_FALSE(ParseHSTSHeader(";;;; includeSubDomains;;;",
118 &max_age, &include_subdomains));
119 EXPECT_FALSE(ParseHSTSHeader(" includeSubDomains; ",
120 &max_age, &include_subdomains));
121 EXPECT_FALSE(ParseHSTSHeader(";",
122 &max_age, &include_subdomains));
123 EXPECT_FALSE(ParseHSTSHeader("max-age; ;",
124 &max_age, &include_subdomains));
126 // Check the out args were not updated by checking the default
127 // values for its predictable fields.
128 EXPECT_EQ(0, max_age.InSeconds());
129 EXPECT_FALSE(include_subdomains);
132 static void TestBogusPinsHeaders(HashValueTag tag) {
133 base::TimeDelta max_age;
134 bool include_subdomains;
135 HashValueVector hashes;
136 HashValueVector chain_hashes;
138 // Set some fake "chain" hashes
139 chain_hashes.push_back(GetTestHashValue(1, tag));
140 chain_hashes.push_back(GetTestHashValue(2, tag));
141 chain_hashes.push_back(GetTestHashValue(3, tag));
143 // The good pin must be in the chain, the backup pin must not be
144 std::string good_pin = GetTestPin(2, tag);
145 std::string backup_pin = GetTestPin(4, tag);
147 EXPECT_FALSE(ParseHPKPHeader(std::string(), chain_hashes, &max_age,
148 &include_subdomains, &hashes));
149 EXPECT_FALSE(ParseHPKPHeader(" ", chain_hashes, &max_age,
150 &include_subdomains, &hashes));
151 EXPECT_FALSE(ParseHPKPHeader("abc", chain_hashes, &max_age,
152 &include_subdomains, &hashes));
153 EXPECT_FALSE(ParseHPKPHeader(" abc", chain_hashes, &max_age,
154 &include_subdomains, &hashes));
155 EXPECT_FALSE(ParseHPKPHeader(" abc ", chain_hashes, &max_age,
156 &include_subdomains, &hashes));
157 EXPECT_FALSE(ParseHPKPHeader("max-age", chain_hashes, &max_age,
158 &include_subdomains, &hashes));
159 EXPECT_FALSE(ParseHPKPHeader(" max-age", chain_hashes, &max_age,
160 &include_subdomains, &hashes));
161 EXPECT_FALSE(ParseHPKPHeader(" max-age ", chain_hashes, &max_age,
162 &include_subdomains, &hashes));
163 EXPECT_FALSE(ParseHPKPHeader("max-age=", chain_hashes, &max_age,
164 &include_subdomains, &hashes));
165 EXPECT_FALSE(ParseHPKPHeader(" max-age=", chain_hashes, &max_age,
166 &include_subdomains, &hashes));
167 EXPECT_FALSE(ParseHPKPHeader(" max-age =", chain_hashes, &max_age,
168 &include_subdomains, &hashes));
169 EXPECT_FALSE(ParseHPKPHeader(" max-age= ", chain_hashes, &max_age,
170 &include_subdomains, &hashes));
171 EXPECT_FALSE(ParseHPKPHeader(" max-age = ", chain_hashes,
172 &max_age, &include_subdomains, &hashes));
173 EXPECT_FALSE(ParseHPKPHeader(" max-age = xy", chain_hashes,
174 &max_age, &include_subdomains, &hashes));
175 EXPECT_FALSE(ParseHPKPHeader(" max-age = 3488a923",
176 chain_hashes, &max_age, &include_subdomains,
178 EXPECT_FALSE(ParseHPKPHeader("max-age=3488a923 ", chain_hashes,
179 &max_age, &include_subdomains, &hashes));
180 EXPECT_FALSE(ParseHPKPHeader("max-ag=3488923pins=" + good_pin + "," +
182 chain_hashes, &max_age, &include_subdomains,
184 EXPECT_FALSE(ParseHPKPHeader("max-aged=3488923" + backup_pin,
185 chain_hashes, &max_age, &include_subdomains,
187 EXPECT_FALSE(ParseHPKPHeader("max-aged=3488923; " + backup_pin,
188 chain_hashes, &max_age, &include_subdomains,
190 EXPECT_FALSE(ParseHPKPHeader("max-aged=3488923; " + backup_pin + ";" +
192 chain_hashes, &max_age, &include_subdomains,
194 EXPECT_FALSE(ParseHPKPHeader("max-aged=3488923; " + good_pin + ";" +
196 chain_hashes, &max_age, &include_subdomains,
198 EXPECT_FALSE(ParseHPKPHeader("max-aged=3488923; " + good_pin,
199 chain_hashes, &max_age, &include_subdomains,
201 EXPECT_FALSE(ParseHPKPHeader("max-age==3488923", chain_hashes, &max_age,
202 &include_subdomains, &hashes));
203 EXPECT_FALSE(ParseHPKPHeader("amax-age=3488923", chain_hashes, &max_age,
204 &include_subdomains, &hashes));
205 EXPECT_FALSE(ParseHPKPHeader("max-age=-3488923", chain_hashes, &max_age,
206 &include_subdomains, &hashes));
207 EXPECT_FALSE(ParseHPKPHeader("max-age=3488923;", chain_hashes, &max_age,
208 &include_subdomains, &hashes));
209 EXPECT_FALSE(ParseHPKPHeader("max-age=3488923 e", chain_hashes,
210 &max_age, &include_subdomains, &hashes));
211 EXPECT_FALSE(ParseHPKPHeader("max-age=3488923 includesubdomain",
212 chain_hashes, &max_age, &include_subdomains,
214 EXPECT_FALSE(ParseHPKPHeader("max-age=34889.23", chain_hashes, &max_age,
215 &include_subdomains, &hashes));
217 // Check the out args were not updated by checking the default
218 // values for its predictable fields.
219 EXPECT_EQ(0, max_age.InSeconds());
220 EXPECT_EQ(hashes.size(), (size_t)0);
223 TEST_F(HttpSecurityHeadersTest, ValidSTSHeaders) {
224 base::TimeDelta max_age;
225 base::TimeDelta expect_max_age;
226 bool include_subdomains = false;
228 EXPECT_TRUE(ParseHSTSHeader("max-age=243", &max_age,
229 &include_subdomains));
230 expect_max_age = base::TimeDelta::FromSeconds(243);
231 EXPECT_EQ(expect_max_age, max_age);
232 EXPECT_FALSE(include_subdomains);
234 EXPECT_TRUE(ParseHSTSHeader("max-age=3488923;", &max_age,
235 &include_subdomains));
237 EXPECT_TRUE(ParseHSTSHeader(" Max-agE = 567", &max_age,
238 &include_subdomains));
239 expect_max_age = base::TimeDelta::FromSeconds(567);
240 EXPECT_EQ(expect_max_age, max_age);
241 EXPECT_FALSE(include_subdomains);
243 EXPECT_TRUE(ParseHSTSHeader(" mAx-aGe = 890 ", &max_age,
244 &include_subdomains));
245 expect_max_age = base::TimeDelta::FromSeconds(890);
246 EXPECT_EQ(expect_max_age, max_age);
247 EXPECT_FALSE(include_subdomains);
249 EXPECT_TRUE(ParseHSTSHeader("max-age=123;incLudesUbdOmains", &max_age,
250 &include_subdomains));
251 expect_max_age = base::TimeDelta::FromSeconds(123);
252 EXPECT_EQ(expect_max_age, max_age);
253 EXPECT_TRUE(include_subdomains);
255 EXPECT_TRUE(ParseHSTSHeader("incLudesUbdOmains; max-age=123", &max_age,
256 &include_subdomains));
257 expect_max_age = base::TimeDelta::FromSeconds(123);
258 EXPECT_EQ(expect_max_age, max_age);
259 EXPECT_TRUE(include_subdomains);
261 EXPECT_TRUE(ParseHSTSHeader(" incLudesUbdOmains; max-age=123",
262 &max_age, &include_subdomains));
263 expect_max_age = base::TimeDelta::FromSeconds(123);
264 EXPECT_EQ(expect_max_age, max_age);
265 EXPECT_TRUE(include_subdomains);
267 EXPECT_TRUE(ParseHSTSHeader(
268 " incLudesUbdOmains; max-age=123; pumpkin=kitten", &max_age,
269 &include_subdomains));
270 expect_max_age = base::TimeDelta::FromSeconds(123);
271 EXPECT_EQ(expect_max_age, max_age);
272 EXPECT_TRUE(include_subdomains);
274 EXPECT_TRUE(ParseHSTSHeader(
275 " pumpkin=894; incLudesUbdOmains; max-age=123 ", &max_age,
276 &include_subdomains));
277 expect_max_age = base::TimeDelta::FromSeconds(123);
278 EXPECT_EQ(expect_max_age, max_age);
279 EXPECT_TRUE(include_subdomains);
281 EXPECT_TRUE(ParseHSTSHeader(
282 " pumpkin; incLudesUbdOmains; max-age=123 ", &max_age,
283 &include_subdomains));
284 expect_max_age = base::TimeDelta::FromSeconds(123);
285 EXPECT_EQ(expect_max_age, max_age);
286 EXPECT_TRUE(include_subdomains);
288 EXPECT_TRUE(ParseHSTSHeader(
289 " pumpkin; incLudesUbdOmains; max-age=\"123\" ", &max_age,
290 &include_subdomains));
291 expect_max_age = base::TimeDelta::FromSeconds(123);
292 EXPECT_EQ(expect_max_age, max_age);
293 EXPECT_TRUE(include_subdomains);
295 EXPECT_TRUE(ParseHSTSHeader(
296 "animal=\"squirrel; distinguished\"; incLudesUbdOmains; max-age=123",
297 &max_age, &include_subdomains));
298 expect_max_age = base::TimeDelta::FromSeconds(123);
299 EXPECT_EQ(expect_max_age, max_age);
300 EXPECT_TRUE(include_subdomains);
302 EXPECT_TRUE(ParseHSTSHeader("max-age=394082; incLudesUbdOmains",
303 &max_age, &include_subdomains));
304 expect_max_age = base::TimeDelta::FromSeconds(394082);
305 EXPECT_EQ(expect_max_age, max_age);
306 EXPECT_TRUE(include_subdomains);
308 EXPECT_TRUE(ParseHSTSHeader(
309 "max-age=39408299 ;incLudesUbdOmains", &max_age,
310 &include_subdomains));
311 expect_max_age = base::TimeDelta::FromSeconds(
312 std::min(kMaxHSTSAgeSecs, static_cast<int64>(GG_INT64_C(39408299))));
313 EXPECT_EQ(expect_max_age, max_age);
314 EXPECT_TRUE(include_subdomains);
316 EXPECT_TRUE(ParseHSTSHeader(
317 "max-age=394082038 ; incLudesUbdOmains", &max_age,
318 &include_subdomains));
319 expect_max_age = base::TimeDelta::FromSeconds(
320 std::min(kMaxHSTSAgeSecs, static_cast<int64>(GG_INT64_C(394082038))));
321 EXPECT_EQ(expect_max_age, max_age);
322 EXPECT_TRUE(include_subdomains);
324 EXPECT_TRUE(ParseHSTSHeader(
325 "max-age=394082038 ; incLudesUbdOmains;", &max_age,
326 &include_subdomains));
327 expect_max_age = base::TimeDelta::FromSeconds(
328 std::min(kMaxHSTSAgeSecs, static_cast<int64>(GG_INT64_C(394082038))));
329 EXPECT_EQ(expect_max_age, max_age);
330 EXPECT_TRUE(include_subdomains);
332 EXPECT_TRUE(ParseHSTSHeader(
333 ";; max-age=394082038 ; incLudesUbdOmains; ;", &max_age,
334 &include_subdomains));
335 expect_max_age = base::TimeDelta::FromSeconds(
336 std::min(kMaxHSTSAgeSecs, static_cast<int64>(GG_INT64_C(394082038))));
337 EXPECT_EQ(expect_max_age, max_age);
338 EXPECT_TRUE(include_subdomains);
340 EXPECT_TRUE(ParseHSTSHeader(
341 ";; max-age=394082038 ;", &max_age,
342 &include_subdomains));
343 expect_max_age = base::TimeDelta::FromSeconds(
344 std::min(kMaxHSTSAgeSecs, static_cast<int64>(GG_INT64_C(394082038))));
345 EXPECT_EQ(expect_max_age, max_age);
346 EXPECT_FALSE(include_subdomains);
348 EXPECT_TRUE(ParseHSTSHeader(
349 ";; ; ; max-age=394082038;;; includeSubdomains ;; ;", &max_age,
350 &include_subdomains));
351 expect_max_age = base::TimeDelta::FromSeconds(
352 std::min(kMaxHSTSAgeSecs, static_cast<int64>(GG_INT64_C(394082038))));
353 EXPECT_EQ(expect_max_age, max_age);
354 EXPECT_TRUE(include_subdomains);
356 EXPECT_TRUE(ParseHSTSHeader(
357 "incLudesUbdOmains ; max-age=394082038 ;;", &max_age,
358 &include_subdomains));
359 expect_max_age = base::TimeDelta::FromSeconds(
360 std::min(kMaxHSTSAgeSecs, static_cast<int64>(GG_INT64_C(394082038))));
361 EXPECT_EQ(expect_max_age, max_age);
362 EXPECT_TRUE(include_subdomains);
364 EXPECT_TRUE(ParseHSTSHeader(
365 " max-age=0 ; incLudesUbdOmains ", &max_age,
366 &include_subdomains));
367 expect_max_age = base::TimeDelta::FromSeconds(0);
368 EXPECT_EQ(expect_max_age, max_age);
369 EXPECT_TRUE(include_subdomains);
371 EXPECT_TRUE(ParseHSTSHeader(
372 " max-age=999999999999999999999999999999999999999999999 ;"
373 " incLudesUbdOmains ", &max_age, &include_subdomains));
374 expect_max_age = base::TimeDelta::FromSeconds(
376 EXPECT_EQ(expect_max_age, max_age);
377 EXPECT_TRUE(include_subdomains);
380 static void TestValidPKPHeaders(HashValueTag tag) {
381 base::TimeDelta max_age;
382 base::TimeDelta expect_max_age;
383 bool include_subdomains;
384 HashValueVector hashes;
385 HashValueVector chain_hashes;
387 // Set some fake "chain" hashes into chain_hashes
388 chain_hashes.push_back(GetTestHashValue(1, tag));
389 chain_hashes.push_back(GetTestHashValue(2, tag));
390 chain_hashes.push_back(GetTestHashValue(3, tag));
392 // The good pin must be in the chain, the backup pin must not be
393 std::string good_pin = GetTestPin(2, tag);
394 std::string backup_pin = GetTestPin(4, tag);
396 EXPECT_TRUE(ParseHPKPHeader(
397 "max-age=243; " + good_pin + ";" + backup_pin,
398 chain_hashes, &max_age, &include_subdomains, &hashes));
399 expect_max_age = base::TimeDelta::FromSeconds(243);
400 EXPECT_EQ(expect_max_age, max_age);
401 EXPECT_FALSE(include_subdomains);
403 EXPECT_TRUE(ParseHPKPHeader(
404 " " + good_pin + "; " + backup_pin + " ; Max-agE = 567",
405 chain_hashes, &max_age, &include_subdomains, &hashes));
406 expect_max_age = base::TimeDelta::FromSeconds(567);
407 EXPECT_EQ(expect_max_age, max_age);
408 EXPECT_FALSE(include_subdomains);
410 EXPECT_TRUE(ParseHPKPHeader(
411 "includeSubDOMAINS;" + good_pin + ";" + backup_pin +
413 chain_hashes, &max_age, &include_subdomains, &hashes));
414 expect_max_age = base::TimeDelta::FromSeconds(890);
415 EXPECT_EQ(expect_max_age, max_age);
416 EXPECT_TRUE(include_subdomains);
418 EXPECT_TRUE(ParseHPKPHeader(
419 good_pin + ";" + backup_pin + "; max-age=123;IGNORED;",
420 chain_hashes, &max_age, &include_subdomains, &hashes));
421 expect_max_age = base::TimeDelta::FromSeconds(123);
422 EXPECT_EQ(expect_max_age, max_age);
423 EXPECT_FALSE(include_subdomains);
425 EXPECT_TRUE(ParseHPKPHeader(
426 "max-age=394082;" + backup_pin + ";" + good_pin + "; ",
427 chain_hashes, &max_age, &include_subdomains, &hashes));
428 expect_max_age = base::TimeDelta::FromSeconds(394082);
429 EXPECT_EQ(expect_max_age, max_age);
430 EXPECT_FALSE(include_subdomains);
432 EXPECT_TRUE(ParseHPKPHeader(
433 "max-age=39408299 ;" + backup_pin + ";" + good_pin + "; ",
434 chain_hashes, &max_age, &include_subdomains, &hashes));
435 expect_max_age = base::TimeDelta::FromSeconds(
436 std::min(kMaxHSTSAgeSecs, static_cast<int64>(GG_INT64_C(39408299))));
437 EXPECT_EQ(expect_max_age, max_age);
438 EXPECT_FALSE(include_subdomains);
440 EXPECT_TRUE(ParseHPKPHeader(
441 "max-age=39408038 ; cybers=39408038 ; includeSubdomains; " +
442 good_pin + ";" + backup_pin + "; ",
443 chain_hashes, &max_age, &include_subdomains, &hashes));
444 expect_max_age = base::TimeDelta::FromSeconds(
445 std::min(kMaxHSTSAgeSecs, static_cast<int64>(GG_INT64_C(394082038))));
446 EXPECT_EQ(expect_max_age, max_age);
447 EXPECT_TRUE(include_subdomains);
449 EXPECT_TRUE(ParseHPKPHeader(
450 " max-age=0 ; " + good_pin + ";" + backup_pin,
451 chain_hashes, &max_age, &include_subdomains, &hashes));
452 expect_max_age = base::TimeDelta::FromSeconds(0);
453 EXPECT_EQ(expect_max_age, max_age);
454 EXPECT_FALSE(include_subdomains);
456 EXPECT_TRUE(ParseHPKPHeader(
457 " max-age=0 ; includeSubdomains; " + good_pin + ";" + backup_pin,
458 chain_hashes, &max_age, &include_subdomains, &hashes));
459 expect_max_age = base::TimeDelta::FromSeconds(0);
460 EXPECT_EQ(expect_max_age, max_age);
461 EXPECT_TRUE(include_subdomains);
463 EXPECT_TRUE(ParseHPKPHeader(
464 " max-age=999999999999999999999999999999999999999999999 ; " +
465 backup_pin + ";" + good_pin + "; ",
466 chain_hashes, &max_age, &include_subdomains, &hashes));
467 expect_max_age = base::TimeDelta::FromSeconds(kMaxHSTSAgeSecs);
468 EXPECT_EQ(expect_max_age, max_age);
469 EXPECT_FALSE(include_subdomains);
471 // Test that parsing the same header twice doesn't duplicate the recorded
474 EXPECT_TRUE(ParseHPKPHeader(
476 backup_pin + ";" + good_pin + "; ",
477 chain_hashes, &max_age, &include_subdomains, &hashes));
478 EXPECT_EQ(2u, hashes.size());
479 EXPECT_TRUE(ParseHPKPHeader(
481 backup_pin + ";" + good_pin + "; ",
482 chain_hashes, &max_age, &include_subdomains, &hashes));
483 EXPECT_EQ(2u, hashes.size());
486 TEST_F(HttpSecurityHeadersTest, BogusPinsHeadersSHA1) {
487 TestBogusPinsHeaders(HASH_VALUE_SHA1);
490 TEST_F(HttpSecurityHeadersTest, BogusPinsHeadersSHA256) {
491 TestBogusPinsHeaders(HASH_VALUE_SHA256);
494 TEST_F(HttpSecurityHeadersTest, ValidPKPHeadersSHA1) {
495 TestValidPKPHeaders(HASH_VALUE_SHA1);
498 TEST_F(HttpSecurityHeadersTest, ValidPKPHeadersSHA256) {
499 TestValidPKPHeaders(HASH_VALUE_SHA256);
502 TEST_F(HttpSecurityHeadersTest, UpdateDynamicPKPOnly) {
503 TransportSecurityState state;
504 TransportSecurityState::DomainState static_domain_state;
506 // docs.google.com has preloaded pins.
507 const bool sni_enabled = true;
508 std::string domain = "docs.google.com";
509 state.enable_static_pins_ = true;
511 state.GetStaticDomainState(domain, sni_enabled, &static_domain_state));
512 EXPECT_GT(static_domain_state.pkp.spki_hashes.size(), 1UL);
513 HashValueVector saved_hashes = static_domain_state.pkp.spki_hashes;
515 // Add a header, which should only update the dynamic state.
516 HashValue good_hash = GetTestHashValue(1, HASH_VALUE_SHA1);
517 HashValue backup_hash = GetTestHashValue(2, HASH_VALUE_SHA1);
518 std::string good_pin = GetTestPin(1, HASH_VALUE_SHA1);
519 std::string backup_pin = GetTestPin(2, HASH_VALUE_SHA1);
520 std::string header = "max-age = 10000; " + good_pin + "; " + backup_pin;
522 // Construct a fake SSLInfo that will pass AddHPKPHeader's checks.
524 ssl_info.public_key_hashes.push_back(good_hash);
525 ssl_info.public_key_hashes.push_back(saved_hashes[0]);
526 EXPECT_TRUE(state.AddHPKPHeader(domain, header, ssl_info));
528 // Expect the static state to remain unchanged.
529 TransportSecurityState::DomainState new_static_domain_state;
530 EXPECT_TRUE(state.GetStaticDomainState(
531 domain, sni_enabled, &new_static_domain_state));
532 for (size_t i = 0; i < saved_hashes.size(); ++i) {
533 EXPECT_TRUE(HashValuesEqual(saved_hashes[i])(
534 new_static_domain_state.pkp.spki_hashes[i]));
537 // Expect the dynamic state to reflect the header.
538 TransportSecurityState::DomainState dynamic_domain_state;
539 EXPECT_TRUE(state.GetDynamicDomainState(domain, &dynamic_domain_state));
540 EXPECT_EQ(2UL, dynamic_domain_state.pkp.spki_hashes.size());
542 HashValueVector::const_iterator hash =
543 std::find_if(dynamic_domain_state.pkp.spki_hashes.begin(),
544 dynamic_domain_state.pkp.spki_hashes.end(),
545 HashValuesEqual(good_hash));
546 EXPECT_NE(dynamic_domain_state.pkp.spki_hashes.end(), hash);
548 hash = std::find_if(dynamic_domain_state.pkp.spki_hashes.begin(),
549 dynamic_domain_state.pkp.spki_hashes.end(),
550 HashValuesEqual(backup_hash));
551 EXPECT_NE(dynamic_domain_state.pkp.spki_hashes.end(), hash);
553 // Expect the overall state to reflect the header, too.
554 EXPECT_TRUE(state.HasPublicKeyPins(domain, sni_enabled));
555 HashValueVector hashes;
556 hashes.push_back(good_hash);
557 std::string failure_log;
558 const bool is_issued_by_known_root = true;
559 EXPECT_TRUE(state.CheckPublicKeyPins(
560 domain, sni_enabled, is_issued_by_known_root, hashes, &failure_log));
562 TransportSecurityState::DomainState new_dynamic_domain_state;
563 EXPECT_TRUE(state.GetDynamicDomainState(domain, &new_dynamic_domain_state));
564 EXPECT_EQ(2UL, new_dynamic_domain_state.pkp.spki_hashes.size());
566 hash = std::find_if(new_dynamic_domain_state.pkp.spki_hashes.begin(),
567 new_dynamic_domain_state.pkp.spki_hashes.end(),
568 HashValuesEqual(good_hash));
569 EXPECT_NE(new_dynamic_domain_state.pkp.spki_hashes.end(), hash);
571 hash = std::find_if(new_dynamic_domain_state.pkp.spki_hashes.begin(),
572 new_dynamic_domain_state.pkp.spki_hashes.end(),
573 HashValuesEqual(backup_hash));
574 EXPECT_NE(new_dynamic_domain_state.pkp.spki_hashes.end(), hash);
577 // Failing on win_chromium_rel. crbug.com/375538
579 #define MAYBE_UpdateDynamicPKPMaxAge0 DISABLED_UpdateDynamicPKPMaxAge0
581 #define MAYBE_UpdateDynamicPKPMaxAge0 UpdateDynamicPKPMaxAge0
583 TEST_F(HttpSecurityHeadersTest, MAYBE_UpdateDynamicPKPMaxAge0) {
584 TransportSecurityState state;
585 TransportSecurityState::DomainState static_domain_state;
587 // docs.google.com has preloaded pins.
588 const bool sni_enabled = true;
589 std::string domain = "docs.google.com";
590 state.enable_static_pins_ = true;
592 state.GetStaticDomainState(domain, sni_enabled, &static_domain_state));
593 EXPECT_GT(static_domain_state.pkp.spki_hashes.size(), 1UL);
594 HashValueVector saved_hashes = static_domain_state.pkp.spki_hashes;
596 // Add a header, which should only update the dynamic state.
597 HashValue good_hash = GetTestHashValue(1, HASH_VALUE_SHA1);
598 std::string good_pin = GetTestPin(1, HASH_VALUE_SHA1);
599 std::string backup_pin = GetTestPin(2, HASH_VALUE_SHA1);
600 std::string header = "max-age = 10000; " + good_pin + "; " + backup_pin;
602 // Construct a fake SSLInfo that will pass AddHPKPHeader's checks.
604 ssl_info.public_key_hashes.push_back(good_hash);
605 ssl_info.public_key_hashes.push_back(saved_hashes[0]);
606 EXPECT_TRUE(state.AddHPKPHeader(domain, header, ssl_info));
608 // Expect the static state to remain unchanged.
609 TransportSecurityState::DomainState new_static_domain_state;
610 EXPECT_TRUE(state.GetStaticDomainState(
611 domain, sni_enabled, &new_static_domain_state));
612 EXPECT_EQ(saved_hashes.size(),
613 new_static_domain_state.pkp.spki_hashes.size());
614 for (size_t i = 0; i < saved_hashes.size(); ++i) {
615 EXPECT_TRUE(HashValuesEqual(saved_hashes[i])(
616 new_static_domain_state.pkp.spki_hashes[i]));
619 // Expect the dynamic state to have pins.
620 TransportSecurityState::DomainState new_dynamic_domain_state;
621 EXPECT_TRUE(state.GetDynamicDomainState(domain, &new_dynamic_domain_state));
622 EXPECT_EQ(2UL, new_dynamic_domain_state.pkp.spki_hashes.size());
623 EXPECT_TRUE(new_dynamic_domain_state.HasPublicKeyPins());
625 // Now set another header with max-age=0, and check that the pins are
626 // cleared in the dynamic state only.
627 header = "max-age = 0; " + good_pin + "; " + backup_pin;
628 EXPECT_TRUE(state.AddHPKPHeader(domain, header, ssl_info));
630 // Expect the static state to remain unchanged.
631 TransportSecurityState::DomainState new_static_domain_state2;
632 EXPECT_TRUE(state.GetStaticDomainState(
633 domain, sni_enabled, &new_static_domain_state2));
634 EXPECT_EQ(saved_hashes.size(),
635 new_static_domain_state2.pkp.spki_hashes.size());
636 for (size_t i = 0; i < saved_hashes.size(); ++i) {
637 EXPECT_TRUE(HashValuesEqual(saved_hashes[i])(
638 new_static_domain_state2.pkp.spki_hashes[i]));
641 // Expect the dynamic pins to be gone.
642 TransportSecurityState::DomainState new_dynamic_domain_state2;
643 EXPECT_FALSE(state.GetDynamicDomainState(domain, &new_dynamic_domain_state2));
645 // Expect the exact-matching static policy to continue to apply, even
646 // though dynamic policy has been removed. (This policy may change in the
647 // future, in which case this test must be updated.)
648 EXPECT_TRUE(state.HasPublicKeyPins(domain, true));
649 EXPECT_TRUE(state.ShouldSSLErrorsBeFatal(domain, true));
650 std::string failure_log;
651 // Damage the hashes to cause a pin validation failure.
652 new_static_domain_state2.pkp.spki_hashes[0].data()[0] ^= 0x80;
653 new_static_domain_state2.pkp.spki_hashes[1].data()[0] ^= 0x80;
654 const bool is_issued_by_known_root = true;
656 state.CheckPublicKeyPins(domain,
658 is_issued_by_known_root,
659 new_static_domain_state2.pkp.spki_hashes,
661 EXPECT_NE(0UL, failure_log.length());
663 #undef MAYBE_UpdateDynamicPKPMaxAge0
665 // Tests that when a static HSTS and a static HPKP entry are present, adding a
666 // dynamic HSTS header does not clobber the static HPKP entry. Further, adding a
667 // dynamic HPKP entry could not affect the HSTS entry for the site.
668 TEST_F(HttpSecurityHeadersTest, NoClobberPins) {
669 TransportSecurityState state;
670 TransportSecurityState::DomainState domain_state;
672 // accounts.google.com has preloaded pins.
673 std::string domain = "accounts.google.com";
674 state.enable_static_pins_ = true;
676 // Retrieve the DomainState as it is by default, including its known good
678 const bool sni_enabled = true;
679 EXPECT_TRUE(state.GetStaticDomainState(domain, sni_enabled, &domain_state));
680 HashValueVector saved_hashes = domain_state.pkp.spki_hashes;
681 EXPECT_TRUE(domain_state.ShouldUpgradeToSSL());
682 EXPECT_TRUE(domain_state.HasPublicKeyPins());
683 EXPECT_TRUE(state.ShouldUpgradeToSSL(domain, sni_enabled));
684 EXPECT_TRUE(state.HasPublicKeyPins(domain, sni_enabled));
686 // Add a dynamic HSTS header. CheckPublicKeyPins should still pass when given
687 // the original |saved_hashes|, indicating that the static PKP data is still
688 // configured for the domain.
689 EXPECT_TRUE(state.AddHSTSHeader(domain, "includesubdomains; max-age=10000"));
690 EXPECT_TRUE(state.ShouldUpgradeToSSL(domain, sni_enabled));
691 std::string failure_log;
692 const bool is_issued_by_known_root = true;
693 EXPECT_TRUE(state.CheckPublicKeyPins(domain,
695 is_issued_by_known_root,
699 // Add an HPKP header, which should only update the dynamic state.
700 HashValue good_hash = GetTestHashValue(1, HASH_VALUE_SHA1);
701 std::string good_pin = GetTestPin(1, HASH_VALUE_SHA1);
702 std::string backup_pin = GetTestPin(2, HASH_VALUE_SHA1);
703 std::string header = "max-age = 10000; " + good_pin + "; " + backup_pin;
705 // Construct a fake SSLInfo that will pass AddHPKPHeader's checks.
707 ssl_info.public_key_hashes.push_back(good_hash);
708 ssl_info.public_key_hashes.push_back(saved_hashes[0]);
709 EXPECT_TRUE(state.AddHPKPHeader(domain, header, ssl_info));
711 EXPECT_TRUE(state.AddHPKPHeader(domain, header, ssl_info));
712 // HSTS should still be configured for this domain.
713 EXPECT_TRUE(domain_state.ShouldUpgradeToSSL());
714 EXPECT_TRUE(state.ShouldUpgradeToSSL(domain, sni_enabled));
715 // The dynamic pins, which do not match |saved_hashes|, should take
716 // precedence over the static pins and cause the check to fail.
717 EXPECT_FALSE(state.CheckPublicKeyPins(domain,
719 is_issued_by_known_root,
projects / platform / framework / web / crosswalk.git / blob