1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
7 #include "base/base64.h"
9 #include "base/strings/string_piece.h"
10 #include "crypto/sha2.h"
11 #include "net/base/net_log.h"
12 #include "net/base/test_completion_callback.h"
13 #include "net/http/http_security_headers.h"
14 #include "net/http/http_util.h"
15 #include "net/http/transport_security_state.h"
16 #include "net/ssl/ssl_info.h"
17 #include "testing/gtest/include/gtest/gtest.h"
23 HashValue
GetTestHashValue(uint8 label
, HashValueTag tag
) {
24 HashValue
hash_value(tag
);
25 memset(hash_value
.data(), label
, hash_value
.size());
29 std::string
GetTestPin(uint8 label
, HashValueTag tag
) {
30 HashValue hash_value
= GetTestHashValue(label
, tag
);
32 base::Base64Encode(base::StringPiece(
33 reinterpret_cast<char*>(hash_value
.data()), hash_value
.size()), &base64
);
35 switch (hash_value
.tag
) {
37 return std::string("pin-sha1=\"") + base64
+ "\"";
38 case HASH_VALUE_SHA256
:
39 return std::string("pin-sha256=\"") + base64
+ "\"";
41 NOTREACHED() << "Unknown HashValueTag " << hash_value
.tag
;
42 return std::string("ERROR");
49 class HttpSecurityHeadersTest
: public testing::Test
{
53 TEST_F(HttpSecurityHeadersTest
, BogusHeaders
) {
54 base::TimeDelta max_age
;
55 bool include_subdomains
= false;
58 ParseHSTSHeader(std::string(), &max_age
, &include_subdomains
));
59 EXPECT_FALSE(ParseHSTSHeader(" ", &max_age
, &include_subdomains
));
60 EXPECT_FALSE(ParseHSTSHeader("abc", &max_age
, &include_subdomains
));
61 EXPECT_FALSE(ParseHSTSHeader(" abc", &max_age
, &include_subdomains
));
62 EXPECT_FALSE(ParseHSTSHeader(" abc ", &max_age
, &include_subdomains
));
63 EXPECT_FALSE(ParseHSTSHeader("max-age", &max_age
, &include_subdomains
));
64 EXPECT_FALSE(ParseHSTSHeader(" max-age", &max_age
,
65 &include_subdomains
));
66 EXPECT_FALSE(ParseHSTSHeader(" max-age ", &max_age
,
67 &include_subdomains
));
68 EXPECT_FALSE(ParseHSTSHeader("max-age=", &max_age
, &include_subdomains
));
69 EXPECT_FALSE(ParseHSTSHeader(" max-age=", &max_age
,
70 &include_subdomains
));
71 EXPECT_FALSE(ParseHSTSHeader(" max-age =", &max_age
,
72 &include_subdomains
));
73 EXPECT_FALSE(ParseHSTSHeader(" max-age= ", &max_age
,
74 &include_subdomains
));
75 EXPECT_FALSE(ParseHSTSHeader(" max-age = ", &max_age
,
76 &include_subdomains
));
77 EXPECT_FALSE(ParseHSTSHeader(" max-age = xy", &max_age
,
78 &include_subdomains
));
79 EXPECT_FALSE(ParseHSTSHeader(" max-age = 3488a923", &max_age
,
80 &include_subdomains
));
81 EXPECT_FALSE(ParseHSTSHeader("max-age=3488a923 ", &max_age
,
82 &include_subdomains
));
83 EXPECT_FALSE(ParseHSTSHeader("max-ag=3488923", &max_age
,
84 &include_subdomains
));
85 EXPECT_FALSE(ParseHSTSHeader("max-aged=3488923", &max_age
,
86 &include_subdomains
));
87 EXPECT_FALSE(ParseHSTSHeader("max-age==3488923", &max_age
,
88 &include_subdomains
));
89 EXPECT_FALSE(ParseHSTSHeader("amax-age=3488923", &max_age
,
90 &include_subdomains
));
91 EXPECT_FALSE(ParseHSTSHeader("max-age=-3488923", &max_age
,
92 &include_subdomains
));
93 EXPECT_FALSE(ParseHSTSHeader("max-age=3488923 e", &max_age
,
94 &include_subdomains
));
95 EXPECT_FALSE(ParseHSTSHeader("max-age=3488923 includesubdomain",
96 &max_age
, &include_subdomains
));
97 EXPECT_FALSE(ParseHSTSHeader("max-age=3488923includesubdomains",
98 &max_age
, &include_subdomains
));
99 EXPECT_FALSE(ParseHSTSHeader("max-age=3488923=includesubdomains",
100 &max_age
, &include_subdomains
));
101 EXPECT_FALSE(ParseHSTSHeader("max-age=3488923 includesubdomainx",
102 &max_age
, &include_subdomains
));
103 EXPECT_FALSE(ParseHSTSHeader("max-age=3488923 includesubdomain=",
104 &max_age
, &include_subdomains
));
105 EXPECT_FALSE(ParseHSTSHeader("max-age=3488923 includesubdomain=true",
106 &max_age
, &include_subdomains
));
107 EXPECT_FALSE(ParseHSTSHeader("max-age=3488923 includesubdomainsx",
108 &max_age
, &include_subdomains
));
109 EXPECT_FALSE(ParseHSTSHeader("max-age=3488923 includesubdomains x",
110 &max_age
, &include_subdomains
));
111 EXPECT_FALSE(ParseHSTSHeader("max-age=34889.23 includesubdomains",
112 &max_age
, &include_subdomains
));
113 EXPECT_FALSE(ParseHSTSHeader("max-age=34889 includesubdomains",
114 &max_age
, &include_subdomains
));
115 EXPECT_FALSE(ParseHSTSHeader(";;;; ;;;",
116 &max_age
, &include_subdomains
));
117 EXPECT_FALSE(ParseHSTSHeader(";;;; includeSubDomains;;;",
118 &max_age
, &include_subdomains
));
119 EXPECT_FALSE(ParseHSTSHeader(" includeSubDomains; ",
120 &max_age
, &include_subdomains
));
121 EXPECT_FALSE(ParseHSTSHeader(";",
122 &max_age
, &include_subdomains
));
123 EXPECT_FALSE(ParseHSTSHeader("max-age; ;",
124 &max_age
, &include_subdomains
));
126 // Check the out args were not updated by checking the default
127 // values for its predictable fields.
128 EXPECT_EQ(0, max_age
.InSeconds());
129 EXPECT_FALSE(include_subdomains
);
132 static void TestBogusPinsHeaders(HashValueTag tag
) {
133 base::TimeDelta max_age
;
134 bool include_subdomains
;
135 HashValueVector hashes
;
136 HashValueVector chain_hashes
;
138 // Set some fake "chain" hashes
139 chain_hashes
.push_back(GetTestHashValue(1, tag
));
140 chain_hashes
.push_back(GetTestHashValue(2, tag
));
141 chain_hashes
.push_back(GetTestHashValue(3, tag
));
143 // The good pin must be in the chain, the backup pin must not be
144 std::string good_pin
= GetTestPin(2, tag
);
145 std::string backup_pin
= GetTestPin(4, tag
);
147 EXPECT_FALSE(ParseHPKPHeader(std::string(), chain_hashes
, &max_age
,
148 &include_subdomains
, &hashes
));
149 EXPECT_FALSE(ParseHPKPHeader(" ", chain_hashes
, &max_age
,
150 &include_subdomains
, &hashes
));
151 EXPECT_FALSE(ParseHPKPHeader("abc", chain_hashes
, &max_age
,
152 &include_subdomains
, &hashes
));
153 EXPECT_FALSE(ParseHPKPHeader(" abc", chain_hashes
, &max_age
,
154 &include_subdomains
, &hashes
));
155 EXPECT_FALSE(ParseHPKPHeader(" abc ", chain_hashes
, &max_age
,
156 &include_subdomains
, &hashes
));
157 EXPECT_FALSE(ParseHPKPHeader("max-age", chain_hashes
, &max_age
,
158 &include_subdomains
, &hashes
));
159 EXPECT_FALSE(ParseHPKPHeader(" max-age", chain_hashes
, &max_age
,
160 &include_subdomains
, &hashes
));
161 EXPECT_FALSE(ParseHPKPHeader(" max-age ", chain_hashes
, &max_age
,
162 &include_subdomains
, &hashes
));
163 EXPECT_FALSE(ParseHPKPHeader("max-age=", chain_hashes
, &max_age
,
164 &include_subdomains
, &hashes
));
165 EXPECT_FALSE(ParseHPKPHeader(" max-age=", chain_hashes
, &max_age
,
166 &include_subdomains
, &hashes
));
167 EXPECT_FALSE(ParseHPKPHeader(" max-age =", chain_hashes
, &max_age
,
168 &include_subdomains
, &hashes
));
169 EXPECT_FALSE(ParseHPKPHeader(" max-age= ", chain_hashes
, &max_age
,
170 &include_subdomains
, &hashes
));
171 EXPECT_FALSE(ParseHPKPHeader(" max-age = ", chain_hashes
,
172 &max_age
, &include_subdomains
, &hashes
));
173 EXPECT_FALSE(ParseHPKPHeader(" max-age = xy", chain_hashes
,
174 &max_age
, &include_subdomains
, &hashes
));
175 EXPECT_FALSE(ParseHPKPHeader(" max-age = 3488a923",
176 chain_hashes
, &max_age
, &include_subdomains
,
178 EXPECT_FALSE(ParseHPKPHeader("max-age=3488a923 ", chain_hashes
,
179 &max_age
, &include_subdomains
, &hashes
));
180 EXPECT_FALSE(ParseHPKPHeader("max-ag=3488923pins=" + good_pin
+ "," +
182 chain_hashes
, &max_age
, &include_subdomains
,
184 EXPECT_FALSE(ParseHPKPHeader("max-aged=3488923" + backup_pin
,
185 chain_hashes
, &max_age
, &include_subdomains
,
187 EXPECT_FALSE(ParseHPKPHeader("max-aged=3488923; " + backup_pin
,
188 chain_hashes
, &max_age
, &include_subdomains
,
190 EXPECT_FALSE(ParseHPKPHeader("max-aged=3488923; " + backup_pin
+ ";" +
192 chain_hashes
, &max_age
, &include_subdomains
,
194 EXPECT_FALSE(ParseHPKPHeader("max-aged=3488923; " + good_pin
+ ";" +
196 chain_hashes
, &max_age
, &include_subdomains
,
198 EXPECT_FALSE(ParseHPKPHeader("max-aged=3488923; " + good_pin
,
199 chain_hashes
, &max_age
, &include_subdomains
,
201 EXPECT_FALSE(ParseHPKPHeader("max-age==3488923", chain_hashes
, &max_age
,
202 &include_subdomains
, &hashes
));
203 EXPECT_FALSE(ParseHPKPHeader("amax-age=3488923", chain_hashes
, &max_age
,
204 &include_subdomains
, &hashes
));
205 EXPECT_FALSE(ParseHPKPHeader("max-age=-3488923", chain_hashes
, &max_age
,
206 &include_subdomains
, &hashes
));
207 EXPECT_FALSE(ParseHPKPHeader("max-age=3488923;", chain_hashes
, &max_age
,
208 &include_subdomains
, &hashes
));
209 EXPECT_FALSE(ParseHPKPHeader("max-age=3488923 e", chain_hashes
,
210 &max_age
, &include_subdomains
, &hashes
));
211 EXPECT_FALSE(ParseHPKPHeader("max-age=3488923 includesubdomain",
212 chain_hashes
, &max_age
, &include_subdomains
,
214 EXPECT_FALSE(ParseHPKPHeader("max-age=34889.23", chain_hashes
, &max_age
,
215 &include_subdomains
, &hashes
));
217 // Check the out args were not updated by checking the default
218 // values for its predictable fields.
219 EXPECT_EQ(0, max_age
.InSeconds());
220 EXPECT_EQ(hashes
.size(), (size_t)0);
223 TEST_F(HttpSecurityHeadersTest
, ValidSTSHeaders
) {
224 base::TimeDelta max_age
;
225 base::TimeDelta expect_max_age
;
226 bool include_subdomains
= false;
228 EXPECT_TRUE(ParseHSTSHeader("max-age=243", &max_age
,
229 &include_subdomains
));
230 expect_max_age
= base::TimeDelta::FromSeconds(243);
231 EXPECT_EQ(expect_max_age
, max_age
);
232 EXPECT_FALSE(include_subdomains
);
234 EXPECT_TRUE(ParseHSTSHeader("max-age=3488923;", &max_age
,
235 &include_subdomains
));
237 EXPECT_TRUE(ParseHSTSHeader(" Max-agE = 567", &max_age
,
238 &include_subdomains
));
239 expect_max_age
= base::TimeDelta::FromSeconds(567);
240 EXPECT_EQ(expect_max_age
, max_age
);
241 EXPECT_FALSE(include_subdomains
);
243 EXPECT_TRUE(ParseHSTSHeader(" mAx-aGe = 890 ", &max_age
,
244 &include_subdomains
));
245 expect_max_age
= base::TimeDelta::FromSeconds(890);
246 EXPECT_EQ(expect_max_age
, max_age
);
247 EXPECT_FALSE(include_subdomains
);
249 EXPECT_TRUE(ParseHSTSHeader("max-age=123;incLudesUbdOmains", &max_age
,
250 &include_subdomains
));
251 expect_max_age
= base::TimeDelta::FromSeconds(123);
252 EXPECT_EQ(expect_max_age
, max_age
);
253 EXPECT_TRUE(include_subdomains
);
255 EXPECT_TRUE(ParseHSTSHeader("incLudesUbdOmains; max-age=123", &max_age
,
256 &include_subdomains
));
257 expect_max_age
= base::TimeDelta::FromSeconds(123);
258 EXPECT_EQ(expect_max_age
, max_age
);
259 EXPECT_TRUE(include_subdomains
);
261 EXPECT_TRUE(ParseHSTSHeader(" incLudesUbdOmains; max-age=123",
262 &max_age
, &include_subdomains
));
263 expect_max_age
= base::TimeDelta::FromSeconds(123);
264 EXPECT_EQ(expect_max_age
, max_age
);
265 EXPECT_TRUE(include_subdomains
);
267 EXPECT_TRUE(ParseHSTSHeader(
268 " incLudesUbdOmains; max-age=123; pumpkin=kitten", &max_age
,
269 &include_subdomains
));
270 expect_max_age
= base::TimeDelta::FromSeconds(123);
271 EXPECT_EQ(expect_max_age
, max_age
);
272 EXPECT_TRUE(include_subdomains
);
274 EXPECT_TRUE(ParseHSTSHeader(
275 " pumpkin=894; incLudesUbdOmains; max-age=123 ", &max_age
,
276 &include_subdomains
));
277 expect_max_age
= base::TimeDelta::FromSeconds(123);
278 EXPECT_EQ(expect_max_age
, max_age
);
279 EXPECT_TRUE(include_subdomains
);
281 EXPECT_TRUE(ParseHSTSHeader(
282 " pumpkin; incLudesUbdOmains; max-age=123 ", &max_age
,
283 &include_subdomains
));
284 expect_max_age
= base::TimeDelta::FromSeconds(123);
285 EXPECT_EQ(expect_max_age
, max_age
);
286 EXPECT_TRUE(include_subdomains
);
288 EXPECT_TRUE(ParseHSTSHeader(
289 " pumpkin; incLudesUbdOmains; max-age=\"123\" ", &max_age
,
290 &include_subdomains
));
291 expect_max_age
= base::TimeDelta::FromSeconds(123);
292 EXPECT_EQ(expect_max_age
, max_age
);
293 EXPECT_TRUE(include_subdomains
);
295 EXPECT_TRUE(ParseHSTSHeader(
296 "animal=\"squirrel; distinguished\"; incLudesUbdOmains; max-age=123",
297 &max_age
, &include_subdomains
));
298 expect_max_age
= base::TimeDelta::FromSeconds(123);
299 EXPECT_EQ(expect_max_age
, max_age
);
300 EXPECT_TRUE(include_subdomains
);
302 EXPECT_TRUE(ParseHSTSHeader("max-age=394082; incLudesUbdOmains",
303 &max_age
, &include_subdomains
));
304 expect_max_age
= base::TimeDelta::FromSeconds(394082);
305 EXPECT_EQ(expect_max_age
, max_age
);
306 EXPECT_TRUE(include_subdomains
);
308 EXPECT_TRUE(ParseHSTSHeader(
309 "max-age=39408299 ;incLudesUbdOmains", &max_age
,
310 &include_subdomains
));
311 expect_max_age
= base::TimeDelta::FromSeconds(
312 std::min(kMaxHSTSAgeSecs
, static_cast<int64
>(GG_INT64_C(39408299))));
313 EXPECT_EQ(expect_max_age
, max_age
);
314 EXPECT_TRUE(include_subdomains
);
316 EXPECT_TRUE(ParseHSTSHeader(
317 "max-age=394082038 ; incLudesUbdOmains", &max_age
,
318 &include_subdomains
));
319 expect_max_age
= base::TimeDelta::FromSeconds(
320 std::min(kMaxHSTSAgeSecs
, static_cast<int64
>(GG_INT64_C(394082038))));
321 EXPECT_EQ(expect_max_age
, max_age
);
322 EXPECT_TRUE(include_subdomains
);
324 EXPECT_TRUE(ParseHSTSHeader(
325 "max-age=394082038 ; incLudesUbdOmains;", &max_age
,
326 &include_subdomains
));
327 expect_max_age
= base::TimeDelta::FromSeconds(
328 std::min(kMaxHSTSAgeSecs
, static_cast<int64
>(GG_INT64_C(394082038))));
329 EXPECT_EQ(expect_max_age
, max_age
);
330 EXPECT_TRUE(include_subdomains
);
332 EXPECT_TRUE(ParseHSTSHeader(
333 ";; max-age=394082038 ; incLudesUbdOmains; ;", &max_age
,
334 &include_subdomains
));
335 expect_max_age
= base::TimeDelta::FromSeconds(
336 std::min(kMaxHSTSAgeSecs
, static_cast<int64
>(GG_INT64_C(394082038))));
337 EXPECT_EQ(expect_max_age
, max_age
);
338 EXPECT_TRUE(include_subdomains
);
340 EXPECT_TRUE(ParseHSTSHeader(
341 ";; max-age=394082038 ;", &max_age
,
342 &include_subdomains
));
343 expect_max_age
= base::TimeDelta::FromSeconds(
344 std::min(kMaxHSTSAgeSecs
, static_cast<int64
>(GG_INT64_C(394082038))));
345 EXPECT_EQ(expect_max_age
, max_age
);
346 EXPECT_FALSE(include_subdomains
);
348 EXPECT_TRUE(ParseHSTSHeader(
349 ";; ; ; max-age=394082038;;; includeSubdomains ;; ;", &max_age
,
350 &include_subdomains
));
351 expect_max_age
= base::TimeDelta::FromSeconds(
352 std::min(kMaxHSTSAgeSecs
, static_cast<int64
>(GG_INT64_C(394082038))));
353 EXPECT_EQ(expect_max_age
, max_age
);
354 EXPECT_TRUE(include_subdomains
);
356 EXPECT_TRUE(ParseHSTSHeader(
357 "incLudesUbdOmains ; max-age=394082038 ;;", &max_age
,
358 &include_subdomains
));
359 expect_max_age
= base::TimeDelta::FromSeconds(
360 std::min(kMaxHSTSAgeSecs
, static_cast<int64
>(GG_INT64_C(394082038))));
361 EXPECT_EQ(expect_max_age
, max_age
);
362 EXPECT_TRUE(include_subdomains
);
364 EXPECT_TRUE(ParseHSTSHeader(
365 " max-age=0 ; incLudesUbdOmains ", &max_age
,
366 &include_subdomains
));
367 expect_max_age
= base::TimeDelta::FromSeconds(0);
368 EXPECT_EQ(expect_max_age
, max_age
);
369 EXPECT_TRUE(include_subdomains
);
371 EXPECT_TRUE(ParseHSTSHeader(
372 " max-age=999999999999999999999999999999999999999999999 ;"
373 " incLudesUbdOmains ", &max_age
, &include_subdomains
));
374 expect_max_age
= base::TimeDelta::FromSeconds(
376 EXPECT_EQ(expect_max_age
, max_age
);
377 EXPECT_TRUE(include_subdomains
);
380 static void TestValidPKPHeaders(HashValueTag tag
) {
381 base::TimeDelta max_age
;
382 base::TimeDelta expect_max_age
;
383 bool include_subdomains
;
384 HashValueVector hashes
;
385 HashValueVector chain_hashes
;
387 // Set some fake "chain" hashes into chain_hashes
388 chain_hashes
.push_back(GetTestHashValue(1, tag
));
389 chain_hashes
.push_back(GetTestHashValue(2, tag
));
390 chain_hashes
.push_back(GetTestHashValue(3, tag
));
392 // The good pin must be in the chain, the backup pin must not be
393 std::string good_pin
= GetTestPin(2, tag
);
394 std::string backup_pin
= GetTestPin(4, tag
);
396 EXPECT_TRUE(ParseHPKPHeader(
397 "max-age=243; " + good_pin
+ ";" + backup_pin
,
398 chain_hashes
, &max_age
, &include_subdomains
, &hashes
));
399 expect_max_age
= base::TimeDelta::FromSeconds(243);
400 EXPECT_EQ(expect_max_age
, max_age
);
401 EXPECT_FALSE(include_subdomains
);
403 EXPECT_TRUE(ParseHPKPHeader(
404 " " + good_pin
+ "; " + backup_pin
+ " ; Max-agE = 567",
405 chain_hashes
, &max_age
, &include_subdomains
, &hashes
));
406 expect_max_age
= base::TimeDelta::FromSeconds(567);
407 EXPECT_EQ(expect_max_age
, max_age
);
408 EXPECT_FALSE(include_subdomains
);
410 EXPECT_TRUE(ParseHPKPHeader(
411 "includeSubDOMAINS;" + good_pin
+ ";" + backup_pin
+
413 chain_hashes
, &max_age
, &include_subdomains
, &hashes
));
414 expect_max_age
= base::TimeDelta::FromSeconds(890);
415 EXPECT_EQ(expect_max_age
, max_age
);
416 EXPECT_TRUE(include_subdomains
);
418 EXPECT_TRUE(ParseHPKPHeader(
419 good_pin
+ ";" + backup_pin
+ "; max-age=123;IGNORED;",
420 chain_hashes
, &max_age
, &include_subdomains
, &hashes
));
421 expect_max_age
= base::TimeDelta::FromSeconds(123);
422 EXPECT_EQ(expect_max_age
, max_age
);
423 EXPECT_FALSE(include_subdomains
);
425 EXPECT_TRUE(ParseHPKPHeader(
426 "max-age=394082;" + backup_pin
+ ";" + good_pin
+ "; ",
427 chain_hashes
, &max_age
, &include_subdomains
, &hashes
));
428 expect_max_age
= base::TimeDelta::FromSeconds(394082);
429 EXPECT_EQ(expect_max_age
, max_age
);
430 EXPECT_FALSE(include_subdomains
);
432 EXPECT_TRUE(ParseHPKPHeader(
433 "max-age=39408299 ;" + backup_pin
+ ";" + good_pin
+ "; ",
434 chain_hashes
, &max_age
, &include_subdomains
, &hashes
));
435 expect_max_age
= base::TimeDelta::FromSeconds(
436 std::min(kMaxHSTSAgeSecs
, static_cast<int64
>(GG_INT64_C(39408299))));
437 EXPECT_EQ(expect_max_age
, max_age
);
438 EXPECT_FALSE(include_subdomains
);
440 EXPECT_TRUE(ParseHPKPHeader(
441 "max-age=39408038 ; cybers=39408038 ; includeSubdomains; " +
442 good_pin
+ ";" + backup_pin
+ "; ",
443 chain_hashes
, &max_age
, &include_subdomains
, &hashes
));
444 expect_max_age
= base::TimeDelta::FromSeconds(
445 std::min(kMaxHSTSAgeSecs
, static_cast<int64
>(GG_INT64_C(394082038))));
446 EXPECT_EQ(expect_max_age
, max_age
);
447 EXPECT_TRUE(include_subdomains
);
449 EXPECT_TRUE(ParseHPKPHeader(
450 " max-age=0 ; " + good_pin
+ ";" + backup_pin
,
451 chain_hashes
, &max_age
, &include_subdomains
, &hashes
));
452 expect_max_age
= base::TimeDelta::FromSeconds(0);
453 EXPECT_EQ(expect_max_age
, max_age
);
454 EXPECT_FALSE(include_subdomains
);
456 EXPECT_TRUE(ParseHPKPHeader(
457 " max-age=0 ; includeSubdomains; " + good_pin
+ ";" + backup_pin
,
458 chain_hashes
, &max_age
, &include_subdomains
, &hashes
));
459 expect_max_age
= base::TimeDelta::FromSeconds(0);
460 EXPECT_EQ(expect_max_age
, max_age
);
461 EXPECT_TRUE(include_subdomains
);
463 EXPECT_TRUE(ParseHPKPHeader(
464 " max-age=999999999999999999999999999999999999999999999 ; " +
465 backup_pin
+ ";" + good_pin
+ "; ",
466 chain_hashes
, &max_age
, &include_subdomains
, &hashes
));
467 expect_max_age
= base::TimeDelta::FromSeconds(kMaxHSTSAgeSecs
);
468 EXPECT_EQ(expect_max_age
, max_age
);
469 EXPECT_FALSE(include_subdomains
);
471 // Test that parsing the same header twice doesn't duplicate the recorded
474 EXPECT_TRUE(ParseHPKPHeader(
476 backup_pin
+ ";" + good_pin
+ "; ",
477 chain_hashes
, &max_age
, &include_subdomains
, &hashes
));
478 EXPECT_EQ(2u, hashes
.size());
479 EXPECT_TRUE(ParseHPKPHeader(
481 backup_pin
+ ";" + good_pin
+ "; ",
482 chain_hashes
, &max_age
, &include_subdomains
, &hashes
));
483 EXPECT_EQ(2u, hashes
.size());
486 TEST_F(HttpSecurityHeadersTest
, BogusPinsHeadersSHA1
) {
487 TestBogusPinsHeaders(HASH_VALUE_SHA1
);
490 TEST_F(HttpSecurityHeadersTest
, BogusPinsHeadersSHA256
) {
491 TestBogusPinsHeaders(HASH_VALUE_SHA256
);
494 TEST_F(HttpSecurityHeadersTest
, ValidPKPHeadersSHA1
) {
495 TestValidPKPHeaders(HASH_VALUE_SHA1
);
498 TEST_F(HttpSecurityHeadersTest
, ValidPKPHeadersSHA256
) {
499 TestValidPKPHeaders(HASH_VALUE_SHA256
);
502 TEST_F(HttpSecurityHeadersTest
, UpdateDynamicPKPOnly
) {
503 TransportSecurityState state
;
504 TransportSecurityState::DomainState static_domain_state
;
506 // docs.google.com has preloaded pins.
507 const bool sni_enabled
= true;
508 std::string domain
= "docs.google.com";
509 state
.enable_static_pins_
= true;
511 state
.GetStaticDomainState(domain
, sni_enabled
, &static_domain_state
));
512 EXPECT_GT(static_domain_state
.pkp
.spki_hashes
.size(), 1UL);
513 HashValueVector saved_hashes
= static_domain_state
.pkp
.spki_hashes
;
515 // Add a header, which should only update the dynamic state.
516 HashValue good_hash
= GetTestHashValue(1, HASH_VALUE_SHA1
);
517 HashValue backup_hash
= GetTestHashValue(2, HASH_VALUE_SHA1
);
518 std::string good_pin
= GetTestPin(1, HASH_VALUE_SHA1
);
519 std::string backup_pin
= GetTestPin(2, HASH_VALUE_SHA1
);
520 std::string header
= "max-age = 10000; " + good_pin
+ "; " + backup_pin
;
522 // Construct a fake SSLInfo that will pass AddHPKPHeader's checks.
524 ssl_info
.public_key_hashes
.push_back(good_hash
);
525 ssl_info
.public_key_hashes
.push_back(saved_hashes
[0]);
526 EXPECT_TRUE(state
.AddHPKPHeader(domain
, header
, ssl_info
));
528 // Expect the static state to remain unchanged.
529 TransportSecurityState::DomainState new_static_domain_state
;
530 EXPECT_TRUE(state
.GetStaticDomainState(
531 domain
, sni_enabled
, &new_static_domain_state
));
532 for (size_t i
= 0; i
< saved_hashes
.size(); ++i
) {
533 EXPECT_TRUE(HashValuesEqual(saved_hashes
[i
])(
534 new_static_domain_state
.pkp
.spki_hashes
[i
]));
537 // Expect the dynamic state to reflect the header.
538 TransportSecurityState::DomainState dynamic_domain_state
;
539 EXPECT_TRUE(state
.GetDynamicDomainState(domain
, &dynamic_domain_state
));
540 EXPECT_EQ(2UL, dynamic_domain_state
.pkp
.spki_hashes
.size());
542 HashValueVector::const_iterator hash
=
543 std::find_if(dynamic_domain_state
.pkp
.spki_hashes
.begin(),
544 dynamic_domain_state
.pkp
.spki_hashes
.end(),
545 HashValuesEqual(good_hash
));
546 EXPECT_NE(dynamic_domain_state
.pkp
.spki_hashes
.end(), hash
);
548 hash
= std::find_if(dynamic_domain_state
.pkp
.spki_hashes
.begin(),
549 dynamic_domain_state
.pkp
.spki_hashes
.end(),
550 HashValuesEqual(backup_hash
));
551 EXPECT_NE(dynamic_domain_state
.pkp
.spki_hashes
.end(), hash
);
553 // Expect the overall state to reflect the header, too.
554 EXPECT_TRUE(state
.HasPublicKeyPins(domain
, sni_enabled
));
555 HashValueVector hashes
;
556 hashes
.push_back(good_hash
);
557 std::string failure_log
;
558 const bool is_issued_by_known_root
= true;
559 EXPECT_TRUE(state
.CheckPublicKeyPins(
560 domain
, sni_enabled
, is_issued_by_known_root
, hashes
, &failure_log
));
562 TransportSecurityState::DomainState new_dynamic_domain_state
;
563 EXPECT_TRUE(state
.GetDynamicDomainState(domain
, &new_dynamic_domain_state
));
564 EXPECT_EQ(2UL, new_dynamic_domain_state
.pkp
.spki_hashes
.size());
566 hash
= std::find_if(new_dynamic_domain_state
.pkp
.spki_hashes
.begin(),
567 new_dynamic_domain_state
.pkp
.spki_hashes
.end(),
568 HashValuesEqual(good_hash
));
569 EXPECT_NE(new_dynamic_domain_state
.pkp
.spki_hashes
.end(), hash
);
571 hash
= std::find_if(new_dynamic_domain_state
.pkp
.spki_hashes
.begin(),
572 new_dynamic_domain_state
.pkp
.spki_hashes
.end(),
573 HashValuesEqual(backup_hash
));
574 EXPECT_NE(new_dynamic_domain_state
.pkp
.spki_hashes
.end(), hash
);
577 // Failing on win_chromium_rel. crbug.com/375538
579 #define MAYBE_UpdateDynamicPKPMaxAge0 DISABLED_UpdateDynamicPKPMaxAge0
581 #define MAYBE_UpdateDynamicPKPMaxAge0 UpdateDynamicPKPMaxAge0
583 TEST_F(HttpSecurityHeadersTest
, MAYBE_UpdateDynamicPKPMaxAge0
) {
584 TransportSecurityState state
;
585 TransportSecurityState::DomainState static_domain_state
;
587 // docs.google.com has preloaded pins.
588 const bool sni_enabled
= true;
589 std::string domain
= "docs.google.com";
590 state
.enable_static_pins_
= true;
592 state
.GetStaticDomainState(domain
, sni_enabled
, &static_domain_state
));
593 EXPECT_GT(static_domain_state
.pkp
.spki_hashes
.size(), 1UL);
594 HashValueVector saved_hashes
= static_domain_state
.pkp
.spki_hashes
;
596 // Add a header, which should only update the dynamic state.
597 HashValue good_hash
= GetTestHashValue(1, HASH_VALUE_SHA1
);
598 std::string good_pin
= GetTestPin(1, HASH_VALUE_SHA1
);
599 std::string backup_pin
= GetTestPin(2, HASH_VALUE_SHA1
);
600 std::string header
= "max-age = 10000; " + good_pin
+ "; " + backup_pin
;
602 // Construct a fake SSLInfo that will pass AddHPKPHeader's checks.
604 ssl_info
.public_key_hashes
.push_back(good_hash
);
605 ssl_info
.public_key_hashes
.push_back(saved_hashes
[0]);
606 EXPECT_TRUE(state
.AddHPKPHeader(domain
, header
, ssl_info
));
608 // Expect the static state to remain unchanged.
609 TransportSecurityState::DomainState new_static_domain_state
;
610 EXPECT_TRUE(state
.GetStaticDomainState(
611 domain
, sni_enabled
, &new_static_domain_state
));
612 EXPECT_EQ(saved_hashes
.size(),
613 new_static_domain_state
.pkp
.spki_hashes
.size());
614 for (size_t i
= 0; i
< saved_hashes
.size(); ++i
) {
615 EXPECT_TRUE(HashValuesEqual(saved_hashes
[i
])(
616 new_static_domain_state
.pkp
.spki_hashes
[i
]));
619 // Expect the dynamic state to have pins.
620 TransportSecurityState::DomainState new_dynamic_domain_state
;
621 EXPECT_TRUE(state
.GetDynamicDomainState(domain
, &new_dynamic_domain_state
));
622 EXPECT_EQ(2UL, new_dynamic_domain_state
.pkp
.spki_hashes
.size());
623 EXPECT_TRUE(new_dynamic_domain_state
.HasPublicKeyPins());
625 // Now set another header with max-age=0, and check that the pins are
626 // cleared in the dynamic state only.
627 header
= "max-age = 0; " + good_pin
+ "; " + backup_pin
;
628 EXPECT_TRUE(state
.AddHPKPHeader(domain
, header
, ssl_info
));
630 // Expect the static state to remain unchanged.
631 TransportSecurityState::DomainState new_static_domain_state2
;
632 EXPECT_TRUE(state
.GetStaticDomainState(
633 domain
, sni_enabled
, &new_static_domain_state2
));
634 EXPECT_EQ(saved_hashes
.size(),
635 new_static_domain_state2
.pkp
.spki_hashes
.size());
636 for (size_t i
= 0; i
< saved_hashes
.size(); ++i
) {
637 EXPECT_TRUE(HashValuesEqual(saved_hashes
[i
])(
638 new_static_domain_state2
.pkp
.spki_hashes
[i
]));
641 // Expect the dynamic pins to be gone.
642 TransportSecurityState::DomainState new_dynamic_domain_state2
;
643 EXPECT_FALSE(state
.GetDynamicDomainState(domain
, &new_dynamic_domain_state2
));
645 // Expect the exact-matching static policy to continue to apply, even
646 // though dynamic policy has been removed. (This policy may change in the
647 // future, in which case this test must be updated.)
648 EXPECT_TRUE(state
.HasPublicKeyPins(domain
, true));
649 EXPECT_TRUE(state
.ShouldSSLErrorsBeFatal(domain
, true));
650 std::string failure_log
;
651 // Damage the hashes to cause a pin validation failure.
652 new_static_domain_state2
.pkp
.spki_hashes
[0].data()[0] ^= 0x80;
653 new_static_domain_state2
.pkp
.spki_hashes
[1].data()[0] ^= 0x80;
654 const bool is_issued_by_known_root
= true;
656 state
.CheckPublicKeyPins(domain
,
658 is_issued_by_known_root
,
659 new_static_domain_state2
.pkp
.spki_hashes
,
661 EXPECT_NE(0UL, failure_log
.length());
663 #undef MAYBE_UpdateDynamicPKPMaxAge0
665 // Tests that when a static HSTS and a static HPKP entry are present, adding a
666 // dynamic HSTS header does not clobber the static HPKP entry. Further, adding a
667 // dynamic HPKP entry could not affect the HSTS entry for the site.
668 TEST_F(HttpSecurityHeadersTest
, NoClobberPins
) {
669 TransportSecurityState state
;
670 TransportSecurityState::DomainState domain_state
;
672 // accounts.google.com has preloaded pins.
673 std::string domain
= "accounts.google.com";
674 state
.enable_static_pins_
= true;
676 // Retrieve the DomainState as it is by default, including its known good
678 const bool sni_enabled
= true;
679 EXPECT_TRUE(state
.GetStaticDomainState(domain
, sni_enabled
, &domain_state
));
680 HashValueVector saved_hashes
= domain_state
.pkp
.spki_hashes
;
681 EXPECT_TRUE(domain_state
.ShouldUpgradeToSSL());
682 EXPECT_TRUE(domain_state
.HasPublicKeyPins());
683 EXPECT_TRUE(state
.ShouldUpgradeToSSL(domain
, sni_enabled
));
684 EXPECT_TRUE(state
.HasPublicKeyPins(domain
, sni_enabled
));
686 // Add a dynamic HSTS header. CheckPublicKeyPins should still pass when given
687 // the original |saved_hashes|, indicating that the static PKP data is still
688 // configured for the domain.
689 EXPECT_TRUE(state
.AddHSTSHeader(domain
, "includesubdomains; max-age=10000"));
690 EXPECT_TRUE(state
.ShouldUpgradeToSSL(domain
, sni_enabled
));
691 std::string failure_log
;
692 const bool is_issued_by_known_root
= true;
693 EXPECT_TRUE(state
.CheckPublicKeyPins(domain
,
695 is_issued_by_known_root
,
699 // Add an HPKP header, which should only update the dynamic state.
700 HashValue good_hash
= GetTestHashValue(1, HASH_VALUE_SHA1
);
701 std::string good_pin
= GetTestPin(1, HASH_VALUE_SHA1
);
702 std::string backup_pin
= GetTestPin(2, HASH_VALUE_SHA1
);
703 std::string header
= "max-age = 10000; " + good_pin
+ "; " + backup_pin
;
705 // Construct a fake SSLInfo that will pass AddHPKPHeader's checks.
707 ssl_info
.public_key_hashes
.push_back(good_hash
);
708 ssl_info
.public_key_hashes
.push_back(saved_hashes
[0]);
709 EXPECT_TRUE(state
.AddHPKPHeader(domain
, header
, ssl_info
));
711 EXPECT_TRUE(state
.AddHPKPHeader(domain
, header
, ssl_info
));
712 // HSTS should still be configured for this domain.
713 EXPECT_TRUE(domain_state
.ShouldUpgradeToSSL());
714 EXPECT_TRUE(state
.ShouldUpgradeToSSL(domain
, sni_enabled
));
715 // The dynamic pins, which do not match |saved_hashes|, should take
716 // precedence over the static pins and cause the check to fail.
717 EXPECT_FALSE(state
.CheckPublicKeyPins(domain
,
719 is_issued_by_known_root
,