Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(731)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/base/transport_security_state_unittest.cc

Issue 10545166: Support SHA-256 in public key pins for HTTPS. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Created 8 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/base/transport_security_state.cc ('k') | net/base/x509_cert_types.h » ('j') | net/base/x509_cert_types.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/base/transport_security_state.h" 5 #include "net/base/transport_security_state.h"
6 6
7 #include <algorithm> 7 #include <algorithm>
8 #include <string> 8 #include <string>
9 9
10 #include "base/base64.h" 10 #include "base/base64.h"
(...skipping 812 matching lines...) Expand 10 before | Expand all | Expand 10 after
823 EXPECT_TRUE(HasPins("mobile.twitter.com")); 823 EXPECT_TRUE(HasPins("mobile.twitter.com"));
824 EXPECT_TRUE(HasPins("dev.twitter.com")); 824 EXPECT_TRUE(HasPins("dev.twitter.com"));
825 EXPECT_TRUE(HasPins("business.twitter.com")); 825 EXPECT_TRUE(HasPins("business.twitter.com"));
826 EXPECT_TRUE(HasPins("platform.twitter.com")); 826 EXPECT_TRUE(HasPins("platform.twitter.com"));
827 EXPECT_TRUE(HasPins("si0.twimg.com")); 827 EXPECT_TRUE(HasPins("si0.twimg.com"));
828 EXPECT_TRUE(HasPins("twimg0-a.akamaihd.net")); 828 EXPECT_TRUE(HasPins("twimg0-a.akamaihd.net"));
829 } 829 }
830 830
831 static bool AddHash(const std::string& type_and_base64, 831 static bool AddHash(const std::string& type_and_base64,
832 FingerprintVector* out) { 832 FingerprintVector* out) {
833 std::string hash_str; 833 Fingerprint hash;
834 if (type_and_base64.find("sha1/") == 0 && 834
835 base::Base64Decode(type_and_base64.substr(5, type_and_base64.size() - 5), 835 if (!TransportSecurityState::ParsePin(type_and_base64, &hash))
836 &hash_str) && 836 return false;
837 hash_str.size() == base::kSHA1Length) { 837
838 SHA1Fingerprint hash; 838 out->push_back(hash);
839 memcpy(hash.data, hash_str.data(), sizeof(hash.data)); 839 return true;
840 out->push_back(hash);
841 return true;
842 }
843 return false;
844 } 840 }
845 841
842
846 TEST_F(TransportSecurityStateTest, PinValidationWithRejectedCerts) { 843 TEST_F(TransportSecurityStateTest, PinValidationWithRejectedCerts) {
847 // kGoodPath is plus.google.com via Google Internet Authority. 844 // kGoodPath is plus.google.com via Google Internet Authority.
848 static const char* kGoodPath[] = { 845 static const char* kGoodPath[] = {
849 "sha1/4BjDjn8v2lWeUFQnqSs0BgbIcrU=", 846 "sha1/4BjDjn8v2lWeUFQnqSs0BgbIcrU=",
850 "sha1/QMVAHW+MuvCLAO3vse6H0AWzuc0=", 847 "sha1/QMVAHW+MuvCLAO3vse6H0AWzuc0=",
851 "sha1/SOZo+SvSspXXR9gjIBBPM5iQn9Q=", 848 "sha1/SOZo+SvSspXXR9gjIBBPM5iQn9Q=",
852 NULL, 849 NULL,
853 }; 850 };
854 851
855 // kBadPath is plus.google.com via Trustcenter, which contains a required 852 // kBadPath is plus.google.com via Trustcenter, which contains a required
856 // certificate (Equifax root), but also an excluded certificate 853 // certificate (Equifax root), but also an excluded certificate
857 // (Trustcenter). 854 // (Trustcenter).
858 static const char* kBadPath[] = { 855 static const char* kBadPath[] = {
859 "sha1/4BjDjn8v2lWeUFQnqSs0BgbIcrU=", 856 "sha1/4BjDjn8v2lWeUFQnqSs0BgbIcrU=",
860 "sha1/gzuEEAB/bkqdQS3EIjk2by7lW+k=", 857 "sha1/gzuEEAB/bkqdQS3EIjk2by7lW+k=",
861 "sha1/SOZo+SvSspXXR9gjIBBPM5iQn9Q=", 858 "sha1/SOZo+SvSspXXR9gjIBBPM5iQn9Q=",
862 NULL, 859 NULL,
863 }; 860 };
864 861
865 std::vector<net::SHA1Fingerprint> good_hashes, bad_hashes; 862 std::vector<net::Fingerprint> good_hashes, bad_hashes;
866 863
867 for (size_t i = 0; kGoodPath[i]; i++) { 864 for (size_t i = 0; kGoodPath[i]; i++) {
868 EXPECT_TRUE(AddHash(kGoodPath[i], &good_hashes)); 865 EXPECT_TRUE(AddHash(kGoodPath[i], &good_hashes));
869 } 866 }
870 for (size_t i = 0; kBadPath[i]; i++) { 867 for (size_t i = 0; kBadPath[i]; i++) {
871 EXPECT_TRUE(AddHash(kBadPath[i], &bad_hashes)); 868 EXPECT_TRUE(AddHash(kBadPath[i], &bad_hashes));
872 } 869 }
873 870
874 TransportSecurityState state; 871 TransportSecurityState state;
875 TransportSecurityState::DomainState domain_state; 872 TransportSecurityState::DomainState domain_state;
(...skipping 15 matching lines...) Expand all
891 888
892 // kBadPath is plus.google.com via Trustcenter, which is utterly wrong for 889 // kBadPath is plus.google.com via Trustcenter, which is utterly wrong for
893 // torproject.org. 890 // torproject.org.
894 static const char* kBadPath[] = { 891 static const char* kBadPath[] = {
895 "sha1/4BjDjn8v2lWeUFQnqSs0BgbIcrU=", 892 "sha1/4BjDjn8v2lWeUFQnqSs0BgbIcrU=",
896 "sha1/gzuEEAB/bkqdQS3EIjk2by7lW+k=", 893 "sha1/gzuEEAB/bkqdQS3EIjk2by7lW+k=",
897 "sha1/SOZo+SvSspXXR9gjIBBPM5iQn9Q=", 894 "sha1/SOZo+SvSspXXR9gjIBBPM5iQn9Q=",
898 NULL, 895 NULL,
899 }; 896 };
900 897
901 std::vector<net::SHA1Fingerprint> good_hashes, bad_hashes; 898 std::vector<net::Fingerprint> good_hashes, bad_hashes;
902 899
903 for (size_t i = 0; kGoodPath[i]; i++) { 900 for (size_t i = 0; kGoodPath[i]; i++) {
904 EXPECT_TRUE(AddHash(kGoodPath[i], &good_hashes)); 901 EXPECT_TRUE(AddHash(kGoodPath[i], &good_hashes));
905 } 902 }
906 for (size_t i = 0; kBadPath[i]; i++) { 903 for (size_t i = 0; kBadPath[i]; i++) {
907 EXPECT_TRUE(AddHash(kBadPath[i], &bad_hashes)); 904 EXPECT_TRUE(AddHash(kBadPath[i], &bad_hashes));
908 } 905 }
909 906
910 TransportSecurityState state; 907 TransportSecurityState state;
911 TransportSecurityState::DomainState domain_state; 908 TransportSecurityState::DomainState domain_state;
(...skipping 136 matching lines...) Expand 10 before | Expand all | Expand 10 after
1048 // Expect to fail for SNI hosts when not searching the SNI list: 1045 // Expect to fail for SNI hosts when not searching the SNI list:
1049 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty( 1046 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty(
1050 "gmail.com", false)); 1047 "gmail.com", false));
1051 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty( 1048 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty(
1052 "googlegroups.com", false)); 1049 "googlegroups.com", false));
1053 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty( 1050 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty(
1054 "www.googlegroups.com", false)); 1051 "www.googlegroups.com", false));
1055 } 1052 }
1056 1053
1057 } // namespace net 1054 } // namespace net
OLDNEW
« no previous file with comments | « net/base/transport_security_state.cc ('k') | net/base/x509_cert_types.h » ('j') | net/base/x509_cert_types.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698