search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Move parseFontFaceDescriptor to CSSPropertyParser.cpp
[chromium-blink-merge.git] / third_party / WebKit / Source / core / frame / SubresourceIntegrityTest.cpp
blob498d33b9c5b1515b35084d60491284a221374bfd
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "config.h"
6 #include "core/frame/SubresourceIntegrity.h"
7
8 #include "core/HTMLNames.h"
9 #include "core/dom/Document.h"
10 #include "core/fetch/Resource.h"
11 #include "core/fetch/ResourcePtr.h"
12 #include "core/html/HTMLScriptElement.h"
13 #include "platform/Crypto.h"
14 #include "platform/weborigin/KURL.h"
15 #include "platform/weborigin/SecurityOrigin.h"
16 #include "wtf/RefPtr.h"
17 #include "wtf/Vector.h"
18 #include "wtf/dtoa/utils.h"
19 #include "wtf/text/WTFString.h"
20 #include <gtest/gtest.h>
21
22 namespace blink {
23
24 static const char kBasicScript[] = "alert('test');";
25 static const char kSha256Integrity[] = "sha256-GAF48QOoxRvu0gZAmQivUdJPyBacqznBAXwnkfpmQX4=";
26 static const char kSha256IntegrityLenientSyntax[] = "sha256-GAF48QOoxRvu0gZAmQivUdJPyBacqznBAXwnkfpmQX4=";
27 static const char kSha256IntegrityWithEmptyOption[] = "sha256-GAF48QOoxRvu0gZAmQivUdJPyBacqznBAXwnkfpmQX4=?";
28 static const char kSha256IntegrityWithOption[] = "sha256-GAF48QOoxRvu0gZAmQivUdJPyBacqznBAXwnkfpmQX4=?foo=bar";
29 static const char kSha256IntegrityWithOptions[] = "sha256-GAF48QOoxRvu0gZAmQivUdJPyBacqznBAXwnkfpmQX4=?foo=bar?baz=foz";
30 static const char kSha256IntegrityWithMimeOption[] = "sha256-GAF48QOoxRvu0gZAmQivUdJPyBacqznBAXwnkfpmQX4=?ct=application/javascript";
31 static const char kSha384Integrity[] = "sha384-nep3XpvhUxpCMOVXIFPecThAqdY_uVeiD4kXSqXpx0YJUWU4fTTaFgciTuZk7fmE";
32 static const char kSha512Integrity[] = "sha512-TXkJw18PqlVlEUXXjeXbGetop1TKB3wYQIp1_ihxCOFGUfG9TYOaA1MlkpTAqSV6yaevLO8Tj5pgH1JmZ--ItA==";
33 static const char kSha384IntegrityLabeledAs256[] = "sha256-nep3XpvhUxpCMOVXIFPecThAqdY_uVeiD4kXSqXpx0YJUWU4fTTaFgciTuZk7fmE";
34 static const char kSha256AndSha384Integrities[] = "sha256-GAF48QOoxRvu0gZAmQivUdJPyBacqznBAXwnkfpmQX4= sha384-nep3XpvhUxpCMOVXIFPecThAqdY_uVeiD4kXSqXpx0YJUWU4fTTaFgciTuZk7fmE";
35 static const char kBadSha256AndGoodSha384Integrities[] = "sha256-deadbeef sha384-nep3XpvhUxpCMOVXIFPecThAqdY_uVeiD4kXSqXpx0YJUWU4fTTaFgciTuZk7fmE";
36 static const char kGoodSha256AndBadSha384Integrities[] = "sha256-GAF48QOoxRvu0gZAmQivUdJPyBacqznBAXwnkfpmQX4= sha384-deadbeef";
37 static const char kBadSha256AndBadSha384Integrities[] = "sha256-deadbeef sha384-deadbeef";
38 static const char kUnsupportedHashFunctionIntegrity[] = "sha1-JfLW308qMPKfb4DaHpUBEESwuPc=";
39
40 class SubresourceIntegrityTest : public ::testing::Test {
41 public:
42 SubresourceIntegrityTest()
43 : secureURL(ParsedURLString, "https://example.test:443")
44 , insecureURL(ParsedURLString, "http://example.test:80")
45 , secureOrigin(SecurityOrigin::create(secureURL))
46 , insecureOrigin(SecurityOrigin::create(insecureURL))
47 {
48 }
49
50 protected:
51 virtual void SetUp()
52 {
53 document = Document::create();
54 scriptElement = HTMLScriptElement::create(*document, true);
55 }
56
57 void expectAlgorithm(const String& text, HashAlgorithm expectedAlgorithm)
58 {
59 Vector<UChar> characters;
60 text.appendTo(characters);
61 const UChar* position = characters.data();
62 const UChar* end = characters.end();
63 HashAlgorithm algorithm;
64
65 EXPECT_EQ(SubresourceIntegrity::AlgorithmValid, SubresourceIntegrity::parseAlgorithm(position, end, algorithm));
66 EXPECT_EQ(expectedAlgorithm, algorithm);
67 EXPECT_EQ(end, position);
68 }
69
70 void expectAlgorithmFailure(const String& text, SubresourceIntegrity::AlgorithmParseResult expectedResult)
71 {
72 Vector<UChar> characters;
73 text.appendTo(characters);
74 const UChar* position = characters.data();
75 const UChar* begin = characters.data();
76 const UChar* end = characters.end();
77 HashAlgorithm algorithm;
78
79 EXPECT_EQ(expectedResult, SubresourceIntegrity::parseAlgorithm(position, end, algorithm));
80 EXPECT_EQ(begin, position);
81 }
82
83 void expectDigest(const String& text, const char* expectedDigest)
84 {
85 Vector<UChar> characters;
86 text.appendTo(characters);
87 const UChar* position = characters.data();
88 const UChar* end = characters.end();
89 String digest;
90
91 EXPECT_TRUE(SubresourceIntegrity::parseDigest(position, end, digest));
92 EXPECT_EQ(expectedDigest, digest);
93 }
94
95 void expectDigestFailure(const String& text)
96 {
97 Vector<UChar> characters;
98 text.appendTo(characters);
99 const UChar* position = characters.data();
100 const UChar* end = characters.end();
101 String digest;
102
103 EXPECT_FALSE(SubresourceIntegrity::parseDigest(position, end, digest));
104 EXPECT_TRUE(digest.isEmpty());
105 }
106
107 void expectParse(const char* integrityAttribute, const char* expectedDigest, HashAlgorithm expectedAlgorithm)
108 {
109 Vector<SubresourceIntegrity::IntegrityMetadata> metadataList;
110
111 EXPECT_EQ(SubresourceIntegrity::IntegrityParseValidResult, SubresourceIntegrity::parseIntegrityAttribute(integrityAttribute, metadataList, *document));
112 EXPECT_EQ(1u, metadataList.size());
113 if (metadataList.size() > 0) {
114 EXPECT_EQ(expectedDigest, metadataList[0].digest);
115 EXPECT_EQ(expectedAlgorithm, metadataList[0].algorithm);
116 }
117 }
118
119 void expectParseMultipleHashes(const char* integrityAttribute, const SubresourceIntegrity::IntegrityMetadata expectedMetadataArray[], size_t expectedMetadataArraySize)
120 {
121 Vector<SubresourceIntegrity::IntegrityMetadata> expectedMetadataList;
122 expectedMetadataList.append(expectedMetadataArray, expectedMetadataArraySize);
123 Vector<SubresourceIntegrity::IntegrityMetadata> metadataList;
124 EXPECT_EQ(SubresourceIntegrity::IntegrityParseValidResult, SubresourceIntegrity::parseIntegrityAttribute(integrityAttribute, metadataList, *document));
125 EXPECT_EQ(expectedMetadataList.size(), metadataList.size());
126 if (expectedMetadataList.size() == metadataList.size()) {
127 for (size_t i = 0; i < metadataList.size(); i++) {
128 EXPECT_EQ(expectedMetadataList[i].digest, metadataList[i].digest);
129 EXPECT_EQ(expectedMetadataList[i].algorithm, metadataList[i].algorithm);
130 }
131 }
132 }
133
134 void expectParseFailure(const char* integrityAttribute)
135 {
136 Vector<SubresourceIntegrity::IntegrityMetadata> metadataList;
137
138 EXPECT_EQ(SubresourceIntegrity::IntegrityParseNoValidResult, SubresourceIntegrity::parseIntegrityAttribute(integrityAttribute, metadataList, *document));
139 }
140
141 void expectEmptyParseResult(const char* integrityAttribute)
142 {
143 Vector<SubresourceIntegrity::IntegrityMetadata> metadataList;
144
145 EXPECT_EQ(SubresourceIntegrity::IntegrityParseValidResult, SubresourceIntegrity::parseIntegrityAttribute(integrityAttribute, metadataList, *document));
146 EXPECT_EQ(0u, metadataList.size());
147 }
148
149 enum CorsStatus {
150 WithCors,
151 NoCors
152 };
153
154 void expectIntegrity(const char* integrity, const char* script, const KURL& url, const KURL& requestorUrl, CorsStatus corsStatus = WithCors)
155 {
156 scriptElement->setAttribute(HTMLNames::integrityAttr, integrity);
157 EXPECT_TRUE(SubresourceIntegrity::CheckSubresourceIntegrity(*scriptElement, script, url, *createTestResource(url, requestorUrl, corsStatus).get()));
158 }
159
160 void expectIntegrityFailure(const char* integrity, const char* script, const KURL& url, const KURL& requestorUrl, CorsStatus corsStatus = WithCors)
161 {
162 scriptElement->setAttribute(HTMLNames::integrityAttr, integrity);
163 EXPECT_FALSE(SubresourceIntegrity::CheckSubresourceIntegrity(*scriptElement, script, url, *createTestResource(url, requestorUrl, corsStatus).get()));
164 }
165
166 ResourcePtr<Resource> createTestResource(const KURL& url, const KURL& allowOriginUrl, CorsStatus corsStatus)
167 {
168 OwnPtr<ResourceResponse> response = adoptPtr(new ResourceResponse);
169 response->setURL(url);
170 response->setHTTPStatusCode(200);
171 if (corsStatus == WithCors) {
172 response->setHTTPHeaderField("access-control-allow-origin", SecurityOrigin::create(allowOriginUrl)->toAtomicString());
173 response->setHTTPHeaderField("access-control-allow-credentials", "true");
174 }
175 ResourcePtr<Resource> resource = new Resource(ResourceRequest(response->url()), Resource::Raw);
176 resource->setResponse(*response);
177 return resource;
178 }
179
180 KURL secureURL;
181 KURL insecureURL;
182 RefPtr<SecurityOrigin> secureOrigin;
183 RefPtr<SecurityOrigin> insecureOrigin;
184
185 RefPtrWillBePersistent<Document> document;
186 RefPtrWillBePersistent<HTMLScriptElement> scriptElement;
187 };
188
189 TEST_F(SubresourceIntegrityTest, Prioritization)
190 {
191 EXPECT_EQ(HashAlgorithmSha256, SubresourceIntegrity::getPrioritizedHashFunction(HashAlgorithmSha256, HashAlgorithmSha256));
192 EXPECT_EQ(HashAlgorithmSha384, SubresourceIntegrity::getPrioritizedHashFunction(HashAlgorithmSha384, HashAlgorithmSha384));
193 EXPECT_EQ(HashAlgorithmSha512, SubresourceIntegrity::getPrioritizedHashFunction(HashAlgorithmSha512, HashAlgorithmSha512));
194
195 EXPECT_EQ(HashAlgorithmSha384, SubresourceIntegrity::getPrioritizedHashFunction(HashAlgorithmSha384, HashAlgorithmSha256));
196 EXPECT_EQ(HashAlgorithmSha512, SubresourceIntegrity::getPrioritizedHashFunction(HashAlgorithmSha512, HashAlgorithmSha256));
197 EXPECT_EQ(HashAlgorithmSha512, SubresourceIntegrity::getPrioritizedHashFunction(HashAlgorithmSha512, HashAlgorithmSha384));
198
199 EXPECT_EQ(HashAlgorithmSha384, SubresourceIntegrity::getPrioritizedHashFunction(HashAlgorithmSha256, HashAlgorithmSha384));
200 EXPECT_EQ(HashAlgorithmSha512, SubresourceIntegrity::getPrioritizedHashFunction(HashAlgorithmSha256, HashAlgorithmSha512));
201 EXPECT_EQ(HashAlgorithmSha512, SubresourceIntegrity::getPrioritizedHashFunction(HashAlgorithmSha384, HashAlgorithmSha512));
202 }
203
204 TEST_F(SubresourceIntegrityTest, ParseAlgorithm)
205 {
206 expectAlgorithm("sha256-", HashAlgorithmSha256);
207 expectAlgorithm("sha384-", HashAlgorithmSha384);
208 expectAlgorithm("sha512-", HashAlgorithmSha512);
209 expectAlgorithm("sha-256-", HashAlgorithmSha256);
210 expectAlgorithm("sha-384-", HashAlgorithmSha384);
211 expectAlgorithm("sha-512-", HashAlgorithmSha512);
212
213 expectAlgorithmFailure("sha1-", SubresourceIntegrity::AlgorithmUnknown);
214 expectAlgorithmFailure("sha-1-", SubresourceIntegrity::AlgorithmUnknown);
215 expectAlgorithmFailure("foobarsha256-", SubresourceIntegrity::AlgorithmUnknown);
216 expectAlgorithmFailure("foobar-", SubresourceIntegrity::AlgorithmUnknown);
217 expectAlgorithmFailure("-", SubresourceIntegrity::AlgorithmUnknown);
218
219 expectAlgorithmFailure("sha256", SubresourceIntegrity::AlgorithmUnparsable);
220 expectAlgorithmFailure("", SubresourceIntegrity::AlgorithmUnparsable);
221 }
222
223 TEST_F(SubresourceIntegrityTest, ParseDigest)
224 {
225 expectDigest("abcdefg", "abcdefg");
226 expectDigest("abcdefg?", "abcdefg");
227 expectDigest("ab+de/g", "ab+de/g");
228 expectDigest("ab-de_g", "ab+de/g");
229
230 expectDigestFailure("?");
231 expectDigestFailure("&&&foobar&&&");
232 expectDigestFailure("\x01\x02\x03\x04");
233 }
234
235 //
236 // End-to-end parsing tests.
237 //
238
239 TEST_F(SubresourceIntegrityTest, Parsing)
240 {
241 expectParseFailure("not_really_a_valid_anything");
242 expectParseFailure("sha256-&&&foobar&&&");
243 expectParseFailure("sha256-\x01\x02\x03\x04");
244 expectParseFailure("sha256-!!! sha256-!!!");
245
246 expectEmptyParseResult("foobar:///sha256-abcdefg");
247 expectEmptyParseResult("ni://sha256-abcdefg");
248 expectEmptyParseResult("ni:///sha256-abcdefg");
249 expectEmptyParseResult("notsha256atall-abcdefg");
250
251 expectParse(
252 "sha256-BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=",
253 "BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=",
254 HashAlgorithmSha256);
255
256 expectParse(
257 "sha-256-BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=",
258 "BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=",
259 HashAlgorithmSha256);
260
261 expectParse(
262 " sha256-BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE= ",
263 "BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=",
264 HashAlgorithmSha256);
265
266 expectParse(
267 "sha384-XVVXBGoYw6AJOh9J-Z8pBDMVVPfkBpngexkA7JqZu8d5GENND6TEIup_tA1v5GPr",
268 "XVVXBGoYw6AJOh9J+Z8pBDMVVPfkBpngexkA7JqZu8d5GENND6TEIup/tA1v5GPr",
269 HashAlgorithmSha384);
270
271 expectParse(
272 "sha-384-XVVXBGoYw6AJOh9J_Z8pBDMVVPfkBpngexkA7JqZu8d5GENND6TEIup_tA1v5GPr",
273 "XVVXBGoYw6AJOh9J/Z8pBDMVVPfkBpngexkA7JqZu8d5GENND6TEIup/tA1v5GPr",
274 HashAlgorithmSha384);
275
276 expectParse(
277 "sha512-tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ-07yMK81ytlg0MPaIrPAjcHqba5csorDWtKg==",
278 "tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ+07yMK81ytlg0MPaIrPAjcHqba5csorDWtKg==",
279 HashAlgorithmSha512);
280
281 expectParse(
282 "sha-512-tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ-07yMK81ytlg0MPaIrPAjcHqba5csorDWtKg==",
283 "tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ+07yMK81ytlg0MPaIrPAjcHqba5csorDWtKg==",
284 HashAlgorithmSha512);
285
286 expectParse(
287 "sha-512-tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ-07yMK81ytlg0MPaIrPAjcHqba5csorDWtKg==?ct=application/javascript",
288 "tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ+07yMK81ytlg0MPaIrPAjcHqba5csorDWtKg==",
289 HashAlgorithmSha512);
290
291 expectParse(
292 "sha-512-tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ-07yMK81ytlg0MPaIrPAjcHqba5csorDWtKg==?ct=application/xhtml+xml",
293 "tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ+07yMK81ytlg0MPaIrPAjcHqba5csorDWtKg==",
294 HashAlgorithmSha512);
295
296 expectParse(
297 "sha-512-tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ-07yMK81ytlg0MPaIrPAjcHqba5csorDWtKg==?foo=bar?ct=application/xhtml+xml",
298 "tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ+07yMK81ytlg0MPaIrPAjcHqba5csorDWtKg==",
299 HashAlgorithmSha512);
300
301 expectParse(
302 "sha-512-tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ-07yMK81ytlg0MPaIrPAjcHqba5csorDWtKg==?ct=application/xhtml+xml?foo=bar",
303 "tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ+07yMK81ytlg0MPaIrPAjcHqba5csorDWtKg==",
304 HashAlgorithmSha512);
305
306 expectParse(
307 "sha-512-tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ-07yMK81ytlg0MPaIrPAjcHqba5csorDWtKg==?baz=foz?ct=application/xhtml+xml?foo=bar",
308 "tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ+07yMK81ytlg0MPaIrPAjcHqba5csorDWtKg==",
309 HashAlgorithmSha512);
310
311 expectParseMultipleHashes("", 0, 0);
312 expectParseMultipleHashes(" ", 0, 0);
313
314 const SubresourceIntegrity::IntegrityMetadata kValidSha384AndSha512[] = {
315 {"XVVXBGoYw6AJOh9J+Z8pBDMVVPfkBpngexkA7JqZu8d5GENND6TEIup/tA1v5GPr", HashAlgorithmSha384},
316 {"tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ+07yMK81ytlg0MPaIrPAjcHqba5csorDWtKg==", HashAlgorithmSha512}
317 };
318 expectParseMultipleHashes(
319 "sha384-XVVXBGoYw6AJOh9J+Z8pBDMVVPfkBpngexkA7JqZu8d5GENND6TEIup/tA1v5GPr sha512-tbUPioKbVBplr0b1ucnWB57SJWt4x9dOE0Vy2mzCXvH3FepqDZ+07yMK81ytlg0MPaIrPAjcHqba5csorDWtKg==",
320 kValidSha384AndSha512,
321 ARRAY_SIZE(kValidSha384AndSha512));
322
323 const SubresourceIntegrity::IntegrityMetadata kValidSha256AndSha256[] = {
324 {"BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=", HashAlgorithmSha256},
325 {"deadbeef", HashAlgorithmSha256}
326 };
327 expectParseMultipleHashes(
328 "sha256-BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE= sha256-deadbeef",
329 kValidSha256AndSha256,
330 ARRAY_SIZE(kValidSha256AndSha256));
331
332 const SubresourceIntegrity::IntegrityMetadata kValidSha256AndInvalidSha256[] = {
333 {"BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=", HashAlgorithmSha256}
334 };
335 expectParseMultipleHashes(
336 "sha256-BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE= sha256-!!!!",
337 kValidSha256AndInvalidSha256,
338 ARRAY_SIZE(kValidSha256AndInvalidSha256));
339
340 const SubresourceIntegrity::IntegrityMetadata kInvalidSha256AndValidSha256[] = {
341 {"BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=", HashAlgorithmSha256}
342 };
343 expectParseMultipleHashes(
344 "sha256-!!! sha256-BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=",
345 kInvalidSha256AndValidSha256,
346 ARRAY_SIZE(kInvalidSha256AndValidSha256));
347
348 expectParse(
349 "sha256-BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=?foo=bar",
350 "BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=",
351 HashAlgorithmSha256);
352
353 expectParse(
354 "sha256-BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=?foo=bar?baz=foz",
355 "BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=",
356 HashAlgorithmSha256);
357
358 expectParse("sha256-BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=?",
359 "BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=",
360 HashAlgorithmSha256);
361 expectParse("sha256-BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=?foo=bar",
362 "BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=",
363 HashAlgorithmSha256);
364 expectParse("sha256-BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=?foo=bar?baz=foz",
365 "BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=",
366 HashAlgorithmSha256);
367 expectParse("sha256-BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=?foo",
368 "BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=",
369 HashAlgorithmSha256);
370 expectParse("sha256-BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=?foo=bar?",
371 "BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=",
372 HashAlgorithmSha256);
373 expectParse("sha256-BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=?foo:bar",
374 "BpfBw7ivV8q2jLiT13fxDYAe2tJllusRSZ273h2nFSE=",
375 HashAlgorithmSha256);
376 }
377
378 TEST_F(SubresourceIntegrityTest, ParsingBase64)
379 {
380 expectParse(
381 "sha384-XVVXBGoYw6AJOh9J+Z8pBDMVVPfkBpngexkA7JqZu8d5GENND6TEIup/tA1v5GPr",
382 "XVVXBGoYw6AJOh9J+Z8pBDMVVPfkBpngexkA7JqZu8d5GENND6TEIup/tA1v5GPr",
383 HashAlgorithmSha384);
384 }
385
386 //
387 // End-to-end tests of ::CheckSubresourceIntegrity.
388 //
389
390 TEST_F(SubresourceIntegrityTest, CheckSubresourceIntegrityInSecureOrigin)
391 {
392 document->updateSecurityOrigin(secureOrigin->isolatedCopy());
393
394 // Verify basic sha256, sha384, and sha512 integrity checks.
395 expectIntegrity(kSha256Integrity, kBasicScript, secureURL, secureURL);
396 expectIntegrity(kSha256IntegrityLenientSyntax, kBasicScript, secureURL, secureURL);
397 expectIntegrity(kSha384Integrity, kBasicScript, secureURL, secureURL);
398 expectIntegrity(kSha512Integrity, kBasicScript, secureURL, secureURL);
399
400 // Verify multiple hashes in an attribute.
401 expectIntegrity(kSha256AndSha384Integrities, kBasicScript, secureURL, secureURL);
402 expectIntegrity(kBadSha256AndGoodSha384Integrities, kBasicScript, secureURL, secureURL);
403
404 // The hash label must match the hash value.
405 expectIntegrityFailure(kSha384IntegrityLabeledAs256, kBasicScript, secureURL, secureURL);
406
407 // With multiple values, at least one must match, and it must be the
408 // strongest hash algorithm.
409 expectIntegrityFailure(kGoodSha256AndBadSha384Integrities, kBasicScript, secureURL, secureURL);
410 expectIntegrityFailure(kBadSha256AndBadSha384Integrities, kBasicScript, secureURL, secureURL);
411
412 // Unsupported hash functions should succeed.
413 expectIntegrity(kUnsupportedHashFunctionIntegrity, kBasicScript, secureURL, secureURL);
414
415 // All parameters are fine, and because this is not cross origin, CORS is
416 // not needed.
417 expectIntegrity(kSha256Integrity, kBasicScript, secureURL, secureURL, NoCors);
418
419 // Options should be ignored
420 expectIntegrity(kSha256IntegrityWithEmptyOption, kBasicScript, secureURL, secureURL, NoCors);
421 expectIntegrity(kSha256IntegrityWithOption, kBasicScript, secureURL, secureURL, NoCors);
422 expectIntegrity(kSha256IntegrityWithOptions, kBasicScript, secureURL, secureURL, NoCors);
423 expectIntegrity(kSha256IntegrityWithMimeOption, kBasicScript, secureURL, secureURL, NoCors);
424 }
425
426 TEST_F(SubresourceIntegrityTest, CheckSubresourceIntegrityInInsecureOrigin)
427 {
428 // The same checks as CheckSubresourceIntegrityInSecureOrigin should pass
429 // here, with the expection of the NoCors check at the end.
430 document->updateSecurityOrigin(insecureOrigin->isolatedCopy());
431
432 expectIntegrity(kSha256Integrity, kBasicScript, secureURL, insecureURL);
433 expectIntegrity(kSha256IntegrityLenientSyntax, kBasicScript, secureURL, insecureURL);
434 expectIntegrity(kSha384Integrity, kBasicScript, secureURL, insecureURL);
435 expectIntegrity(kSha512Integrity, kBasicScript, secureURL, insecureURL);
436 expectIntegrityFailure(kSha384IntegrityLabeledAs256, kBasicScript, secureURL, insecureURL);
437 expectIntegrity(kUnsupportedHashFunctionIntegrity, kBasicScript, secureURL, insecureURL);
438
439 expectIntegrity(kSha256AndSha384Integrities, kBasicScript, secureURL, insecureURL);
440 expectIntegrity(kBadSha256AndGoodSha384Integrities, kBasicScript, secureURL, insecureURL);
441
442 expectIntegrityFailure(kSha256Integrity, kBasicScript, secureURL, insecureURL, NoCors);
443 expectIntegrityFailure(kGoodSha256AndBadSha384Integrities, kBasicScript, secureURL, insecureURL);
444 }
445
446 } // namespace blink