blob: 5bb7fb8d9f44490d35fe01a8987088c2b84af800 [file] [log] [blame]
// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "base/base64.h"
#include "base/stl_util.h"
#include "base/strings/string_piece.h"
#include "crypto/sha2.h"
#include "net/base/host_port_pair.h"
#include "net/base/test_completion_callback.h"
#include "net/http/http_security_headers.h"
#include "net/http/http_util.h"
#include "net/http/transport_security_state.h"
#include "net/ssl/ssl_info.h"
#include "testing/gtest/include/gtest/gtest.h"
#ifdef STARBOARD
#include "net/net_buildflags.h"
#endif
namespace net {
namespace {
namespace test_default {
#include "net/http/transport_security_state_static_unittest_default.h"
#include "starboard/memory.h"
#include "starboard/types.h"
}
HashValue GetTestHashValue(uint8_t label, HashValueTag tag) {
HashValue hash_value(tag);
memset(hash_value.data(), label, hash_value.size());
return hash_value;
}
std::string GetTestPinImpl(uint8_t label, HashValueTag tag, bool quoted) {
HashValue hash_value = GetTestHashValue(label, tag);
std::string base64;
base::Base64Encode(base::StringPiece(
reinterpret_cast<char*>(hash_value.data()), hash_value.size()), &base64);
std::string ret;
switch (hash_value.tag()) {
case HASH_VALUE_SHA256:
ret = "pin-sha256=";
break;
default:
NOTREACHED() << "Unknown HashValueTag " << hash_value.tag();
return std::string("ERROR");
}
if (quoted)
ret += '\"';
ret += base64;
if (quoted)
ret += '\"';
return ret;
}
std::string GetTestPin(uint8_t label, HashValueTag tag) {
return GetTestPinImpl(label, tag, true);
}
std::string GetTestPinUnquoted(uint8_t label, HashValueTag tag) {
return GetTestPinImpl(label, tag, false);
}
} // anonymous namespace
// Parses the given header |value| as both a Public-Key-Pins-Report-Only
// and Public-Key-Pins header. Returns true if the value parses
// successfully for both header types, and if the parsed hashes and
// report_uri match for both header types.
bool ParseAsHPKPHeader(const std::string& value,
const HashValueVector& chain_hashes,
base::TimeDelta* max_age,
bool* include_subdomains,
HashValueVector* hashes,
GURL* report_uri) {
GURL report_only_uri;
bool report_only_include_subdomains;
HashValueVector report_only_hashes;
if (!ParseHPKPReportOnlyHeader(value, &report_only_include_subdomains,
&report_only_hashes, &report_only_uri)) {
return false;
}
bool result = ParseHPKPHeader(value, chain_hashes, max_age,
include_subdomains, hashes, report_uri);
if (!result || report_only_include_subdomains != *include_subdomains ||
report_only_uri != *report_uri || report_only_hashes != *hashes) {
return false;
}
return true;
}
class HttpSecurityHeadersTest : public testing::Test {
public:
~HttpSecurityHeadersTest() override {
SetTransportSecurityStateSourceForTesting(nullptr);
}
};
TEST_F(HttpSecurityHeadersTest, BogusHeaders) {
base::TimeDelta max_age;
bool include_subdomains = false;
EXPECT_FALSE(
ParseHSTSHeader(std::string(), &max_age, &include_subdomains));
EXPECT_FALSE(ParseHSTSHeader(" ", &max_age, &include_subdomains));
EXPECT_FALSE(ParseHSTSHeader("abc", &max_age, &include_subdomains));
EXPECT_FALSE(ParseHSTSHeader(" abc", &max_age, &include_subdomains));
EXPECT_FALSE(ParseHSTSHeader(" abc ", &max_age, &include_subdomains));
EXPECT_FALSE(ParseHSTSHeader("max-age", &max_age, &include_subdomains));
EXPECT_FALSE(ParseHSTSHeader(" max-age", &max_age,
&include_subdomains));
EXPECT_FALSE(ParseHSTSHeader(" max-age ", &max_age,
&include_subdomains));
EXPECT_FALSE(ParseHSTSHeader("max-age=", &max_age, &include_subdomains));
EXPECT_FALSE(ParseHSTSHeader(" max-age=", &max_age,
&include_subdomains));
EXPECT_FALSE(ParseHSTSHeader(" max-age =", &max_age,
&include_subdomains));
EXPECT_FALSE(ParseHSTSHeader(" max-age= ", &max_age,
&include_subdomains));
EXPECT_FALSE(ParseHSTSHeader(" max-age = ", &max_age,
&include_subdomains));
EXPECT_FALSE(ParseHSTSHeader(" max-age = xy", &max_age,
&include_subdomains));
EXPECT_FALSE(ParseHSTSHeader(" max-age = 3488a923", &max_age,
&include_subdomains));
EXPECT_FALSE(ParseHSTSHeader("max-age=3488a923 ", &max_age,
&include_subdomains));
EXPECT_FALSE(ParseHSTSHeader("max-ag=3488923", &max_age,
&include_subdomains));
EXPECT_FALSE(ParseHSTSHeader("max-aged=3488923", &max_age,
&include_subdomains));
EXPECT_FALSE(ParseHSTSHeader("max-age==3488923", &max_age,
&include_subdomains));
EXPECT_FALSE(ParseHSTSHeader("amax-age=3488923", &max_age,
&include_subdomains));
EXPECT_FALSE(ParseHSTSHeader("max-age=-3488923", &max_age,
&include_subdomains));
EXPECT_FALSE(
ParseHSTSHeader("max-age=+3488923", &max_age, &include_subdomains));
EXPECT_FALSE(
ParseHSTSHeader("max-age=13####", &max_age, &include_subdomains));
EXPECT_FALSE(ParseHSTSHeader("max-age=9223372036854775807#####", &max_age,
&include_subdomains));
EXPECT_FALSE(ParseHSTSHeader("max-age=18446744073709551615####", &max_age,
&include_subdomains));
EXPECT_FALSE(ParseHSTSHeader("max-age=999999999999999999999999$.&#!",
&max_age, &include_subdomains));
EXPECT_FALSE(ParseHSTSHeader("max-age=3488923 e", &max_age,
&include_subdomains));
EXPECT_FALSE(ParseHSTSHeader("max-age=3488923 includesubdomain",
&max_age, &include_subdomains));
EXPECT_FALSE(ParseHSTSHeader("max-age=3488923includesubdomains",
&max_age, &include_subdomains));
EXPECT_FALSE(ParseHSTSHeader("max-age=3488923=includesubdomains",
&max_age, &include_subdomains));
EXPECT_FALSE(ParseHSTSHeader("max-age=3488923 includesubdomainx",
&max_age, &include_subdomains));
EXPECT_FALSE(ParseHSTSHeader("max-age=3488923 includesubdomain=",
&max_age, &include_subdomains));
EXPECT_FALSE(ParseHSTSHeader("max-age=3488923 includesubdomain=true",
&max_age, &include_subdomains));
EXPECT_FALSE(ParseHSTSHeader("max-age=3488923 includesubdomainsx",
&max_age, &include_subdomains));
EXPECT_FALSE(ParseHSTSHeader("max-age=3488923 includesubdomains x",
&max_age, &include_subdomains));
EXPECT_FALSE(ParseHSTSHeader("max-age=34889.23 includesubdomains",
&max_age, &include_subdomains));
EXPECT_FALSE(ParseHSTSHeader("max-age=34889 includesubdomains",
&max_age, &include_subdomains));
EXPECT_FALSE(ParseHSTSHeader(";;;; ;;;",
&max_age, &include_subdomains));
EXPECT_FALSE(ParseHSTSHeader(";;;; includeSubDomains;;;",
&max_age, &include_subdomains));
EXPECT_FALSE(ParseHSTSHeader(" includeSubDomains; ",
&max_age, &include_subdomains));
EXPECT_FALSE(ParseHSTSHeader(";",
&max_age, &include_subdomains));
EXPECT_FALSE(ParseHSTSHeader("max-age; ;",
&max_age, &include_subdomains));
// Check the out args were not updated by checking the default
// values for its predictable fields.
EXPECT_EQ(0, max_age.InSeconds());
EXPECT_FALSE(include_subdomains);
}
static void TestBogusPinsHeaders(HashValueTag tag) {
base::TimeDelta max_age;
bool include_subdomains;
HashValueVector hashes;
HashValueVector chain_hashes;
GURL report_uri;
// Set some fake "chain" hashes
chain_hashes.push_back(GetTestHashValue(1, tag));
chain_hashes.push_back(GetTestHashValue(2, tag));
chain_hashes.push_back(GetTestHashValue(3, tag));
// The good pin must be in the chain, the backup pin must not be
std::string good_pin = GetTestPin(2, tag);
std::string good_pin_unquoted = GetTestPinUnquoted(2, tag);
std::string backup_pin = GetTestPin(4, tag);
EXPECT_FALSE(ParseAsHPKPHeader(std::string(), chain_hashes, &max_age,
&include_subdomains, &hashes, &report_uri));
EXPECT_FALSE(ParseAsHPKPHeader(" ", chain_hashes, &max_age,
&include_subdomains, &hashes, &report_uri));
EXPECT_FALSE(ParseAsHPKPHeader("abc", chain_hashes, &max_age,
&include_subdomains, &hashes, &report_uri));
EXPECT_FALSE(ParseAsHPKPHeader(" abc", chain_hashes, &max_age,
&include_subdomains, &hashes, &report_uri));
EXPECT_FALSE(ParseAsHPKPHeader(" abc ", chain_hashes, &max_age,
&include_subdomains, &hashes, &report_uri));
EXPECT_FALSE(ParseAsHPKPHeader("max-age", chain_hashes, &max_age,
&include_subdomains, &hashes, &report_uri));
EXPECT_FALSE(ParseAsHPKPHeader(" max-age", chain_hashes, &max_age,
&include_subdomains, &hashes, &report_uri));
EXPECT_FALSE(ParseAsHPKPHeader(" max-age ", chain_hashes, &max_age,
&include_subdomains, &hashes, &report_uri));
EXPECT_FALSE(ParseAsHPKPHeader("max-age=", chain_hashes, &max_age,
&include_subdomains, &hashes, &report_uri));
EXPECT_FALSE(ParseAsHPKPHeader(" max-age=", chain_hashes, &max_age,
&include_subdomains, &hashes, &report_uri));
EXPECT_FALSE(ParseAsHPKPHeader(" max-age =", chain_hashes, &max_age,
&include_subdomains, &hashes, &report_uri));
EXPECT_FALSE(ParseAsHPKPHeader(" max-age= ", chain_hashes, &max_age,
&include_subdomains, &hashes, &report_uri));
EXPECT_FALSE(ParseAsHPKPHeader(" max-age = ", chain_hashes, &max_age,
&include_subdomains, &hashes, &report_uri));
EXPECT_FALSE(ParseAsHPKPHeader(" max-age = xy", chain_hashes, &max_age,
&include_subdomains, &hashes, &report_uri));
EXPECT_FALSE(ParseAsHPKPHeader(" max-age = 3488a923", chain_hashes,
&max_age, &include_subdomains, &hashes,
&report_uri));
EXPECT_FALSE(ParseAsHPKPHeader("max-age=3488a923 ", chain_hashes, &max_age,
&include_subdomains, &hashes, &report_uri));
EXPECT_FALSE(ParseAsHPKPHeader(
"max-ag=3488923pins=" + good_pin + "," + backup_pin, chain_hashes,
&max_age, &include_subdomains, &hashes, &report_uri));
EXPECT_FALSE(ParseAsHPKPHeader(
"max-age=3488923;pins=" + good_pin + "," + backup_pin +
"report-uri=\"http://foo.com\"",
chain_hashes, &max_age, &include_subdomains, &hashes, &report_uri));
EXPECT_FALSE(ParseAsHPKPHeader("max-aged=3488923" + backup_pin, chain_hashes,
&max_age, &include_subdomains, &hashes,
&report_uri));
EXPECT_FALSE(ParseAsHPKPHeader("max-aged=3488923; " + backup_pin,
chain_hashes, &max_age, &include_subdomains,
&hashes, &report_uri));
EXPECT_FALSE(ParseAsHPKPHeader(
"max-aged=3488923; " + backup_pin + ";" + backup_pin, chain_hashes,
&max_age, &include_subdomains, &hashes, &report_uri));
EXPECT_FALSE(ParseAsHPKPHeader(
"max-aged=3488923; " + good_pin + ";" + good_pin, chain_hashes, &max_age,
&include_subdomains, &hashes, &report_uri));
EXPECT_FALSE(ParseAsHPKPHeader("max-aged=3488923; " + good_pin, chain_hashes,
&max_age, &include_subdomains, &hashes,
&report_uri));
EXPECT_FALSE(ParseAsHPKPHeader("max-age==3488923", chain_hashes, &max_age,
&include_subdomains, &hashes, &report_uri));
EXPECT_FALSE(ParseAsHPKPHeader("amax-age=3488923", chain_hashes, &max_age,
&include_subdomains, &hashes, &report_uri));
EXPECT_FALSE(ParseAsHPKPHeader("max-age=-3488923", chain_hashes, &max_age,
&include_subdomains, &hashes, &report_uri));
EXPECT_FALSE(ParseAsHPKPHeader("max-age=3488923;", chain_hashes, &max_age,
&include_subdomains, &hashes, &report_uri));
EXPECT_FALSE(ParseAsHPKPHeader("max-age=3488923 e", chain_hashes,
&max_age, &include_subdomains, &hashes,
&report_uri));
EXPECT_FALSE(ParseAsHPKPHeader("max-age=3488923 includesubdomain",
chain_hashes, &max_age, &include_subdomains,
&hashes, &report_uri));
EXPECT_FALSE(ParseAsHPKPHeader(
"max-age=3488923 report-uri=\"http://foo.com\"", chain_hashes,
&max_age, &include_subdomains, &hashes, &report_uri));
EXPECT_FALSE(ParseAsHPKPHeader("max-age=34889.23", chain_hashes, &max_age,
&include_subdomains, &hashes, &report_uri));
EXPECT_FALSE(ParseAsHPKPHeader(
"max-age=243; " + good_pin_unquoted + ";" + backup_pin, chain_hashes,
&max_age, &include_subdomains, &hashes, &report_uri));
EXPECT_FALSE(ParseAsHPKPHeader(
"max-age=243; " + good_pin + ";" + backup_pin + ";report-uri=;",
chain_hashes, &max_age, &include_subdomains, &hashes, &report_uri));
EXPECT_FALSE(ParseAsHPKPHeader("max-age=243; " + good_pin + ";" + backup_pin +
";report-uri=http://foo.com;",
chain_hashes, &max_age, &include_subdomains,
&hashes, &report_uri));
EXPECT_FALSE(ParseAsHPKPHeader(
"max-age=243; " + good_pin + ";" + backup_pin + ";report-uri=''",
chain_hashes, &max_age, &include_subdomains, &hashes, &report_uri));
// Test that the parser rejects misquoted strings.
EXPECT_FALSE(ParseAsHPKPHeader(
"max-age=999; " + backup_pin + "; " + good_pin +
"; report-uri=\"http://foo;bar\'",
chain_hashes, &max_age, &include_subdomains, &hashes, &report_uri));
// Test that the parser rejects invalid report-uris.
EXPECT_FALSE(ParseAsHPKPHeader("max-age=999; " + backup_pin + "; " +
good_pin + "; report-uri=\"foo;bar\'",
chain_hashes, &max_age, &include_subdomains,
&hashes, &report_uri));
// Check the out args were not updated by checking the default
// values for its predictable fields.
EXPECT_EQ(0, max_age.InSeconds());
EXPECT_EQ(hashes.size(), (size_t)0);
}
TEST_F(HttpSecurityHeadersTest, ValidSTSHeaders) {
base::TimeDelta max_age;
base::TimeDelta expect_max_age;
bool include_subdomains = false;
EXPECT_TRUE(ParseHSTSHeader("max-age=243", &max_age,
&include_subdomains));
expect_max_age = base::TimeDelta::FromSeconds(243);
EXPECT_EQ(expect_max_age, max_age);
EXPECT_FALSE(include_subdomains);
EXPECT_TRUE(ParseHSTSHeader("max-age=3488923;", &max_age,
&include_subdomains));
EXPECT_TRUE(ParseHSTSHeader(" Max-agE = 567", &max_age,
&include_subdomains));
expect_max_age = base::TimeDelta::FromSeconds(567);
EXPECT_EQ(expect_max_age, max_age);
EXPECT_FALSE(include_subdomains);
EXPECT_TRUE(ParseHSTSHeader(" mAx-aGe = 890 ", &max_age,
&include_subdomains));
expect_max_age = base::TimeDelta::FromSeconds(890);
EXPECT_EQ(expect_max_age, max_age);
EXPECT_FALSE(include_subdomains);
EXPECT_TRUE(ParseHSTSHeader("max-age=123;incLudesUbdOmains", &max_age,
&include_subdomains));
expect_max_age = base::TimeDelta::FromSeconds(123);
EXPECT_EQ(expect_max_age, max_age);
EXPECT_TRUE(include_subdomains);
EXPECT_TRUE(ParseHSTSHeader("incLudesUbdOmains; max-age=123", &max_age,
&include_subdomains));
expect_max_age = base::TimeDelta::FromSeconds(123);
EXPECT_EQ(expect_max_age, max_age);
EXPECT_TRUE(include_subdomains);
EXPECT_TRUE(ParseHSTSHeader(" incLudesUbdOmains; max-age=123",
&max_age, &include_subdomains));
expect_max_age = base::TimeDelta::FromSeconds(123);
EXPECT_EQ(expect_max_age, max_age);
EXPECT_TRUE(include_subdomains);
EXPECT_TRUE(ParseHSTSHeader(
" incLudesUbdOmains; max-age=123; pumpkin=kitten", &max_age,
&include_subdomains));
expect_max_age = base::TimeDelta::FromSeconds(123);
EXPECT_EQ(expect_max_age, max_age);
EXPECT_TRUE(include_subdomains);
EXPECT_TRUE(ParseHSTSHeader(
" pumpkin=894; incLudesUbdOmains; max-age=123 ", &max_age,
&include_subdomains));
expect_max_age = base::TimeDelta::FromSeconds(123);
EXPECT_EQ(expect_max_age, max_age);
EXPECT_TRUE(include_subdomains);
EXPECT_TRUE(ParseHSTSHeader(
" pumpkin; incLudesUbdOmains; max-age=123 ", &max_age,
&include_subdomains));
expect_max_age = base::TimeDelta::FromSeconds(123);
EXPECT_EQ(expect_max_age, max_age);
EXPECT_TRUE(include_subdomains);
EXPECT_TRUE(ParseHSTSHeader(
" pumpkin; incLudesUbdOmains; max-age=\"123\" ", &max_age,
&include_subdomains));
expect_max_age = base::TimeDelta::FromSeconds(123);
EXPECT_EQ(expect_max_age, max_age);
EXPECT_TRUE(include_subdomains);
EXPECT_TRUE(ParseHSTSHeader(
"animal=\"squirrel; distinguished\"; incLudesUbdOmains; max-age=123",
&max_age, &include_subdomains));
expect_max_age = base::TimeDelta::FromSeconds(123);
EXPECT_EQ(expect_max_age, max_age);
EXPECT_TRUE(include_subdomains);
EXPECT_TRUE(ParseHSTSHeader("max-age=394082; incLudesUbdOmains",
&max_age, &include_subdomains));
expect_max_age = base::TimeDelta::FromSeconds(394082);
EXPECT_EQ(expect_max_age, max_age);
EXPECT_TRUE(include_subdomains);
EXPECT_TRUE(ParseHSTSHeader(
"max-age=39408299 ;incLudesUbdOmains", &max_age,
&include_subdomains));
expect_max_age =
base::TimeDelta::FromSeconds(std::min(kMaxHSTSAgeSecs, 39408299u));
EXPECT_EQ(expect_max_age, max_age);
EXPECT_TRUE(include_subdomains);
EXPECT_TRUE(ParseHSTSHeader(
"max-age=394082038 ; incLudesUbdOmains", &max_age,
&include_subdomains));
expect_max_age =
base::TimeDelta::FromSeconds(std::min(kMaxHSTSAgeSecs, 394082038u));
EXPECT_EQ(expect_max_age, max_age);
EXPECT_TRUE(include_subdomains);
EXPECT_TRUE(ParseHSTSHeader(
"max-age=394082038 ; incLudesUbdOmains;", &max_age,
&include_subdomains));
expect_max_age =
base::TimeDelta::FromSeconds(std::min(kMaxHSTSAgeSecs, 394082038u));
EXPECT_EQ(expect_max_age, max_age);
EXPECT_TRUE(include_subdomains);
EXPECT_TRUE(ParseHSTSHeader(
";; max-age=394082038 ; incLudesUbdOmains; ;", &max_age,
&include_subdomains));
expect_max_age =
base::TimeDelta::FromSeconds(std::min(kMaxHSTSAgeSecs, 394082038u));
EXPECT_EQ(expect_max_age, max_age);
EXPECT_TRUE(include_subdomains);
EXPECT_TRUE(ParseHSTSHeader(
";; max-age=394082038 ;", &max_age,
&include_subdomains));
expect_max_age =
base::TimeDelta::FromSeconds(std::min(kMaxHSTSAgeSecs, 394082038u));
EXPECT_EQ(expect_max_age, max_age);
EXPECT_FALSE(include_subdomains);
EXPECT_TRUE(ParseHSTSHeader(
";; ; ; max-age=394082038;;; includeSubdomains ;; ;", &max_age,
&include_subdomains));
expect_max_age =
base::TimeDelta::FromSeconds(std::min(kMaxHSTSAgeSecs, 394082038u));
EXPECT_EQ(expect_max_age, max_age);
EXPECT_TRUE(include_subdomains);
EXPECT_TRUE(ParseHSTSHeader(
"incLudesUbdOmains ; max-age=394082038 ;;", &max_age,
&include_subdomains));
expect_max_age =
base::TimeDelta::FromSeconds(std::min(kMaxHSTSAgeSecs, 394082038u));
EXPECT_EQ(expect_max_age, max_age);
EXPECT_TRUE(include_subdomains);
EXPECT_TRUE(ParseHSTSHeader(
" max-age=0 ; incLudesUbdOmains ", &max_age,
&include_subdomains));
expect_max_age = base::TimeDelta::FromSeconds(0);
EXPECT_EQ(expect_max_age, max_age);
EXPECT_TRUE(include_subdomains);
EXPECT_TRUE(ParseHSTSHeader(
" max-age=999999999999999999999999999999999999999999999 ;"
" incLudesUbdOmains ", &max_age, &include_subdomains));
expect_max_age = base::TimeDelta::FromSeconds(
kMaxHSTSAgeSecs);
EXPECT_EQ(expect_max_age, max_age);
EXPECT_TRUE(include_subdomains);
}
static void TestValidPKPHeaders(HashValueTag tag) {
base::TimeDelta max_age;
base::TimeDelta expect_max_age;
bool include_subdomains;
HashValueVector hashes;
HashValueVector chain_hashes;
GURL expect_report_uri;
GURL report_uri;
// Set some fake "chain" hashes into chain_hashes
chain_hashes.push_back(GetTestHashValue(1, tag));
chain_hashes.push_back(GetTestHashValue(2, tag));
chain_hashes.push_back(GetTestHashValue(3, tag));
// The good pin must be in the chain, the backup pin must not be
std::string good_pin = GetTestPin(2, tag);
std::string good_pin2 = GetTestPin(3, tag);
std::string backup_pin = GetTestPin(4, tag);
EXPECT_TRUE(ParseAsHPKPHeader("max-age=243; " + good_pin + ";" + backup_pin,
chain_hashes, &max_age, &include_subdomains,
&hashes, &report_uri));
expect_max_age = base::TimeDelta::FromSeconds(243);
EXPECT_EQ(expect_max_age, max_age);
EXPECT_FALSE(include_subdomains);
EXPECT_TRUE(report_uri.is_empty());
EXPECT_TRUE(ParseAsHPKPHeader("max-age=243; " + good_pin + ";" + backup_pin +
"; report-uri= \"http://example.test/foo\"",
chain_hashes, &max_age, &include_subdomains,
&hashes, &report_uri));
expect_max_age = base::TimeDelta::FromSeconds(243);
expect_report_uri = GURL("http://example.test/foo");
EXPECT_EQ(expect_max_age, max_age);
EXPECT_FALSE(include_subdomains);
EXPECT_EQ(expect_report_uri, report_uri);
EXPECT_TRUE(ParseAsHPKPHeader(
" " + good_pin + "; " + backup_pin +
" ; Max-agE = 567; repOrT-URi = \"http://example.test/foo\"",
chain_hashes, &max_age, &include_subdomains, &hashes, &report_uri));
expect_max_age = base::TimeDelta::FromSeconds(567);
expect_report_uri = GURL("http://example.test/foo");
EXPECT_EQ(expect_max_age, max_age);
EXPECT_FALSE(include_subdomains);
EXPECT_EQ(expect_report_uri, report_uri);
EXPECT_TRUE(ParseAsHPKPHeader("includeSubDOMAINS;" + good_pin + ";" +
backup_pin + " ; mAx-aGe = 890 ",
chain_hashes, &max_age, &include_subdomains,
&hashes, &report_uri));
expect_max_age = base::TimeDelta::FromSeconds(890);
EXPECT_EQ(expect_max_age, max_age);
EXPECT_TRUE(include_subdomains);
EXPECT_TRUE(ParseAsHPKPHeader(
good_pin + ";" + backup_pin + "; max-age=123;IGNORED;", chain_hashes,
&max_age, &include_subdomains, &hashes, &report_uri));
expect_max_age = base::TimeDelta::FromSeconds(123);
EXPECT_EQ(expect_max_age, max_age);
EXPECT_FALSE(include_subdomains);
EXPECT_TRUE(ParseAsHPKPHeader(
"max-age=394082;" + backup_pin + ";" + good_pin + "; ", chain_hashes,
&max_age, &include_subdomains, &hashes, &report_uri));
expect_max_age = base::TimeDelta::FromSeconds(394082);
EXPECT_EQ(expect_max_age, max_age);
EXPECT_FALSE(include_subdomains);
EXPECT_TRUE(ParseAsHPKPHeader(
"max-age=39408299 ;" + backup_pin + ";" + good_pin + "; ", chain_hashes,
&max_age, &include_subdomains, &hashes, &report_uri));
expect_max_age =
base::TimeDelta::FromSeconds(std::min(kMaxHPKPAgeSecs, 39408299u));
EXPECT_EQ(expect_max_age, max_age);
EXPECT_FALSE(include_subdomains);
EXPECT_TRUE(ParseAsHPKPHeader(
"max-age=39408038 ; cybers=39408038 ; includeSubdomains; " +
good_pin + ";" + backup_pin + "; ",
chain_hashes, &max_age, &include_subdomains, &hashes, &report_uri));
expect_max_age =
base::TimeDelta::FromSeconds(std::min(kMaxHPKPAgeSecs, 394082038u));
EXPECT_EQ(expect_max_age, max_age);
EXPECT_TRUE(include_subdomains);
EXPECT_TRUE(ParseAsHPKPHeader(
" max-age=0 ; " + good_pin + ";" + backup_pin, chain_hashes, &max_age,
&include_subdomains, &hashes, &report_uri));
expect_max_age = base::TimeDelta::FromSeconds(0);
EXPECT_EQ(expect_max_age, max_age);
EXPECT_FALSE(include_subdomains);
EXPECT_TRUE(ParseAsHPKPHeader(
" max-age=0 ; includeSubdomains; " + good_pin + ";" + backup_pin,
chain_hashes, &max_age, &include_subdomains, &hashes, &report_uri));
expect_max_age = base::TimeDelta::FromSeconds(0);
EXPECT_EQ(expect_max_age, max_age);
EXPECT_TRUE(include_subdomains);
EXPECT_TRUE(ParseAsHPKPHeader(
" max-age=999999999999999999999999999999999999999999999 ; " +
backup_pin + ";" + good_pin + "; ",
chain_hashes, &max_age, &include_subdomains, &hashes, &report_uri));
expect_max_age = base::TimeDelta::FromSeconds(kMaxHPKPAgeSecs);
EXPECT_EQ(expect_max_age, max_age);
EXPECT_FALSE(include_subdomains);
EXPECT_TRUE(ParseAsHPKPHeader(
" max-age=999999999999999999999999999999999999999999999 ; " +
backup_pin + ";" + good_pin +
"; report-uri=\"http://example.test/foo\"",
chain_hashes, &max_age, &include_subdomains, &hashes, &report_uri));
expect_max_age = base::TimeDelta::FromSeconds(kMaxHPKPAgeSecs);
expect_report_uri = GURL("http://example.test/foo");
EXPECT_EQ(expect_max_age, max_age);
EXPECT_FALSE(include_subdomains);
EXPECT_EQ(expect_report_uri, report_uri);
// Test that parsing a different header resets the hashes.
hashes.clear();
EXPECT_TRUE(ParseAsHPKPHeader(
" max-age=999; " + backup_pin + ";" + good_pin + "; ", chain_hashes,
&max_age, &include_subdomains, &hashes, &report_uri));
EXPECT_EQ(2u, hashes.size());
EXPECT_TRUE(ParseAsHPKPHeader(
" max-age=999; " + backup_pin + ";" + good_pin2 + "; ", chain_hashes,
&max_age, &include_subdomains, &hashes, &report_uri));
EXPECT_EQ(2u, hashes.size());
// Test that the parser correctly parses an unencoded ';' inside a
// quoted report-uri.
EXPECT_TRUE(ParseAsHPKPHeader("max-age=999; " + backup_pin + "; " + good_pin +
"; report-uri=\"http://foo.com/?;bar\"",
chain_hashes, &max_age, &include_subdomains,
&hashes, &report_uri));
expect_max_age = base::TimeDelta::FromSeconds(999);
expect_report_uri = GURL("http://foo.com/?;bar");
EXPECT_EQ(expect_max_age, max_age);
EXPECT_FALSE(include_subdomains);
EXPECT_EQ(expect_report_uri, report_uri);
// Test that the parser correctly parses a report-uri with a >0x7f
// character.
std::string uri = "http://foo.com/";
uri += char(0x7f);
expect_report_uri = GURL(uri);
EXPECT_TRUE(ParseAsHPKPHeader("max-age=999; " + backup_pin + "; " + good_pin +
"; report-uri=\"" + uri + "\"",
chain_hashes, &max_age, &include_subdomains,
&hashes, &report_uri));
expect_max_age = base::TimeDelta::FromSeconds(999);
EXPECT_EQ(expect_max_age, max_age);
EXPECT_FALSE(include_subdomains);
EXPECT_EQ(expect_report_uri, report_uri);
// Test that the parser allows quoted max-age values.
EXPECT_TRUE(ParseAsHPKPHeader(
"max-age='999'; " + backup_pin + "; " + good_pin, chain_hashes, &max_age,
&include_subdomains, &hashes, &report_uri));
expect_max_age = base::TimeDelta::FromSeconds(999);
EXPECT_EQ(expect_max_age, max_age);
EXPECT_FALSE(include_subdomains);
// Test that the parser handles escaped values.
expect_report_uri = GURL("http://foo.com'a");
EXPECT_TRUE(ParseAsHPKPHeader("max-age=999; " + backup_pin + "; " + good_pin +
"; report-uri='http://foo.com\\'\\a'",
chain_hashes, &max_age, &include_subdomains,
&hashes, &report_uri));
expect_max_age = base::TimeDelta::FromSeconds(999);
EXPECT_EQ(expect_max_age, max_age);
EXPECT_FALSE(include_subdomains);
EXPECT_EQ(expect_report_uri, report_uri);
// Test that the parser does not require max-age for Report-Only
// headers.
expect_report_uri = GURL("http://foo.com");
EXPECT_TRUE(ParseHPKPReportOnlyHeader(
backup_pin + "; " + good_pin + "; report-uri='http://foo.com'",
&include_subdomains, &hashes, &report_uri));
EXPECT_EQ(expect_report_uri, report_uri);
}
TEST_F(HttpSecurityHeadersTest, BogusPinsHeadersSHA256) {
TestBogusPinsHeaders(HASH_VALUE_SHA256);
}
TEST_F(HttpSecurityHeadersTest, ValidPKPHeadersSHA256) {
TestValidPKPHeaders(HASH_VALUE_SHA256);
}
#if BUILDFLAG(INCLUDE_TRANSPORT_SECURITY_STATE_PRELOAD_LIST)
TEST_F(HttpSecurityHeadersTest, UpdateDynamicPKPOnly) {
SetTransportSecurityStateSourceForTesting(&test_default::kHSTSSource);
TransportSecurityState state;
TransportSecurityState::STSState static_sts_state;
TransportSecurityState::PKPState static_pkp_state;
std::string domain = "no-rejected-pins-pkp.preloaded.test";
state.enable_static_pins_ = true;
EXPECT_TRUE(
state.GetStaticDomainState(domain, &static_sts_state, &static_pkp_state));
EXPECT_GT(static_pkp_state.spki_hashes.size(), 1UL);
HashValueVector saved_hashes = static_pkp_state.spki_hashes;
// Add a header, which should only update the dynamic state.
HashValue good_hash = GetTestHashValue(1, HASH_VALUE_SHA256);
HashValue backup_hash = GetTestHashValue(2, HASH_VALUE_SHA256);
std::string good_pin = GetTestPin(1, HASH_VALUE_SHA256);
std::string backup_pin = GetTestPin(2, HASH_VALUE_SHA256);
GURL report_uri("http://report-uri.test/pkp");
std::string header = "max-age = 10000; " + good_pin + "; " + backup_pin +
";report-uri=\"" + report_uri.spec() + "\"";
// Construct a fake SSLInfo that will pass AddHPKPHeader's checks.
SSLInfo ssl_info;
ssl_info.public_key_hashes.push_back(good_hash);
ssl_info.public_key_hashes.push_back(saved_hashes[0]);
EXPECT_TRUE(state.AddHPKPHeader(domain, header, ssl_info));
// Expect the static state to remain unchanged.
TransportSecurityState::STSState new_static_sts_state;
TransportSecurityState::PKPState new_static_pkp_state;
EXPECT_TRUE(state.GetStaticDomainState(domain, &new_static_sts_state,
&new_static_pkp_state));
EXPECT_EQ(saved_hashes, new_static_pkp_state.spki_hashes);
// Expect the dynamic state to reflect the header.
TransportSecurityState::PKPState dynamic_pkp_state;
EXPECT_TRUE(state.GetDynamicPKPState(domain, &dynamic_pkp_state));
EXPECT_EQ(2UL, dynamic_pkp_state.spki_hashes.size());
EXPECT_EQ(report_uri, dynamic_pkp_state.report_uri);
EXPECT_TRUE(base::ContainsValue(dynamic_pkp_state.spki_hashes, good_hash));
EXPECT_TRUE(base::ContainsValue(dynamic_pkp_state.spki_hashes, backup_hash));
// Expect the overall state to reflect the header, too.
EXPECT_TRUE(state.HasPublicKeyPins(domain));
HashValueVector hashes;
hashes.push_back(good_hash);
std::string failure_log;
const bool is_issued_by_known_root = true;
HostPortPair domain_port(domain, 443);
EXPECT_EQ(TransportSecurityState::PKPStatus::OK,
state.CheckPublicKeyPins(
domain_port, is_issued_by_known_root, hashes, nullptr, nullptr,
TransportSecurityState::DISABLE_PIN_REPORTS, &failure_log));
TransportSecurityState::PKPState new_dynamic_pkp_state;
EXPECT_TRUE(state.GetDynamicPKPState(domain, &new_dynamic_pkp_state));
EXPECT_EQ(2UL, new_dynamic_pkp_state.spki_hashes.size());
EXPECT_EQ(report_uri, new_dynamic_pkp_state.report_uri);
EXPECT_TRUE(
base::ContainsValue(new_dynamic_pkp_state.spki_hashes, good_hash));
EXPECT_TRUE(
base::ContainsValue(new_dynamic_pkp_state.spki_hashes, backup_hash));
}
TEST_F(HttpSecurityHeadersTest, UpdateDynamicPKPMaxAge0) {
SetTransportSecurityStateSourceForTesting(&test_default::kHSTSSource);
TransportSecurityState state;
TransportSecurityState::STSState static_sts_state;
TransportSecurityState::PKPState static_pkp_state;
std::string domain = "no-rejected-pins-pkp.preloaded.test";
state.enable_static_pins_ = true;
ASSERT_TRUE(
state.GetStaticDomainState(domain, &static_sts_state, &static_pkp_state));
EXPECT_GT(static_pkp_state.spki_hashes.size(), 1UL);
HashValueVector saved_hashes = static_pkp_state.spki_hashes;
// Add a header, which should only update the dynamic state.
HashValue good_hash = GetTestHashValue(1, HASH_VALUE_SHA256);
std::string good_pin = GetTestPin(1, HASH_VALUE_SHA256);
std::string backup_pin = GetTestPin(2, HASH_VALUE_SHA256);
std::string header = "max-age = 10000; " + good_pin + "; " + backup_pin;
// Construct a fake SSLInfo that will pass AddHPKPHeader's checks.
SSLInfo ssl_info;
ssl_info.public_key_hashes.push_back(good_hash);
ssl_info.public_key_hashes.push_back(saved_hashes[0]);
EXPECT_TRUE(state.AddHPKPHeader(domain, header, ssl_info));
// Expect the static state to remain unchanged.
TransportSecurityState::STSState new_static_sts_state;
TransportSecurityState::PKPState new_static_pkp_state;
EXPECT_TRUE(state.GetStaticDomainState(domain, &new_static_sts_state,
&new_static_pkp_state));
EXPECT_EQ(saved_hashes, new_static_pkp_state.spki_hashes);
// Expect the dynamic state to have pins.
TransportSecurityState::PKPState new_dynamic_pkp_state;
EXPECT_TRUE(state.GetDynamicPKPState(domain, &new_dynamic_pkp_state));
EXPECT_EQ(2UL, new_dynamic_pkp_state.spki_hashes.size());
EXPECT_TRUE(new_dynamic_pkp_state.HasPublicKeyPins());
// Now set another header with max-age=0, and check that the pins are
// cleared in the dynamic state only.
header = "max-age = 0; " + good_pin + "; " + backup_pin;
EXPECT_TRUE(state.AddHPKPHeader(domain, header, ssl_info));
// Expect the static state to remain unchanged.
TransportSecurityState::PKPState new_static_pkp_state2;
EXPECT_TRUE(state.GetStaticDomainState(domain, &static_sts_state,
&new_static_pkp_state2));
EXPECT_EQ(saved_hashes, new_static_pkp_state2.spki_hashes);
// Expect the dynamic pins to be gone.
TransportSecurityState::PKPState new_dynamic_pkp_state2;
EXPECT_FALSE(state.GetDynamicPKPState(domain, &new_dynamic_pkp_state2));
// Expect the exact-matching static policy to continue to apply, even
// though dynamic policy has been removed. (This policy may change in the
// future, in which case this test must be updated.)
EXPECT_TRUE(state.HasPublicKeyPins(domain));
EXPECT_TRUE(state.ShouldSSLErrorsBeFatal(domain));
std::string failure_log;
// Damage the hashes to cause a pin validation failure.
for (size_t i = 0; i < new_static_pkp_state2.spki_hashes.size(); i++) {
new_static_pkp_state2.spki_hashes[i].data()[0] ^= 0x80;
}
const bool is_issued_by_known_root = true;
HostPortPair domain_port(domain, 443);
EXPECT_EQ(TransportSecurityState::PKPStatus::VIOLATED,
state.CheckPublicKeyPins(
domain_port, is_issued_by_known_root,
new_static_pkp_state2.spki_hashes, nullptr, nullptr,
TransportSecurityState::DISABLE_PIN_REPORTS, &failure_log));
EXPECT_NE(0UL, failure_log.length());
}
// Tests that when a static HSTS and a static HPKP entry are present, adding a
// dynamic HSTS header does not clobber the static HPKP entry. Further, adding a
// dynamic HPKP entry could not affect the HSTS entry for the site.
TEST_F(HttpSecurityHeadersTest, NoClobberPins) {
SetTransportSecurityStateSourceForTesting(&test_default::kHSTSSource);
TransportSecurityState state;
TransportSecurityState::STSState sts_state;
TransportSecurityState::PKPState pkp_state;
std::string domain = "hsts-hpkp-preloaded.test";
state.enable_static_pins_ = true;
// Retrieve the static STS and PKP states as it is by default, including its
// known good pins.
EXPECT_TRUE(state.GetStaticDomainState(domain, &sts_state, &pkp_state));
HashValueVector saved_hashes = pkp_state.spki_hashes;
EXPECT_TRUE(sts_state.ShouldUpgradeToSSL());
EXPECT_TRUE(pkp_state.HasPublicKeyPins());
EXPECT_TRUE(state.ShouldUpgradeToSSL(domain));
EXPECT_TRUE(state.HasPublicKeyPins(domain));
// Add a dynamic HSTS header. CheckPublicKeyPins should still pass when given
// the original |saved_hashes|, indicating that the static PKP data is still
// configured for the domain.
EXPECT_TRUE(state.AddHSTSHeader(domain, "includesubdomains; max-age=10000"));
EXPECT_TRUE(state.ShouldUpgradeToSSL(domain));
std::string failure_log;
const bool is_issued_by_known_root = true;
HostPortPair domain_port(domain, 443);
EXPECT_EQ(
TransportSecurityState::PKPStatus::OK,
state.CheckPublicKeyPins(
domain_port, is_issued_by_known_root, saved_hashes, nullptr, nullptr,
TransportSecurityState::DISABLE_PIN_REPORTS, &failure_log));
// Add an HPKP header, which should only update the dynamic state.
HashValue good_hash = GetTestHashValue(1, HASH_VALUE_SHA256);
std::string good_pin = GetTestPin(1, HASH_VALUE_SHA256);
std::string backup_pin = GetTestPin(2, HASH_VALUE_SHA256);
std::string header = "max-age = 10000; " + good_pin + "; " + backup_pin;
// Construct a fake SSLInfo that will pass AddHPKPHeader's checks.
SSLInfo ssl_info;
ssl_info.public_key_hashes.push_back(good_hash);
ssl_info.public_key_hashes.push_back(saved_hashes[0]);
EXPECT_TRUE(state.AddHPKPHeader(domain, header, ssl_info));
EXPECT_TRUE(state.AddHPKPHeader(domain, header, ssl_info));
// HSTS should still be configured for this domain.
EXPECT_TRUE(sts_state.ShouldUpgradeToSSL());
EXPECT_TRUE(state.ShouldUpgradeToSSL(domain));
// The dynamic pins, which do not match |saved_hashes|, should take
// precedence over the static pins and cause the check to fail.
EXPECT_EQ(
TransportSecurityState::PKPStatus::VIOLATED,
state.CheckPublicKeyPins(
domain_port, is_issued_by_known_root, saved_hashes, nullptr, nullptr,
TransportSecurityState::DISABLE_PIN_REPORTS, &failure_log));
}
#endif
// Tests that seeing an invalid HPKP header leaves the existing one alone.
TEST_F(HttpSecurityHeadersTest, IgnoreInvalidHeaders) {
TransportSecurityState state;
HashValue good_hash = GetTestHashValue(1, HASH_VALUE_SHA256);
std::string good_pin = GetTestPin(1, HASH_VALUE_SHA256);
std::string bad_pin = GetTestPin(2, HASH_VALUE_SHA256);
std::string backup_pin = GetTestPin(3, HASH_VALUE_SHA256);
SSLInfo ssl_info;
ssl_info.public_key_hashes.push_back(good_hash);
// Add a valid HPKP header.
EXPECT_TRUE(state.AddHPKPHeader(
"example.com", "max-age = 10000; " + good_pin + "; " + backup_pin,
ssl_info));
// Check the insertion was valid.
EXPECT_TRUE(state.HasPublicKeyPins("example.com"));
std::string failure_log;
bool is_issued_by_known_root = true;
HostPortPair domain_port("example.com", 443);
EXPECT_EQ(TransportSecurityState::PKPStatus::OK,
state.CheckPublicKeyPins(
domain_port, is_issued_by_known_root,
ssl_info.public_key_hashes, nullptr, nullptr,
TransportSecurityState::DISABLE_PIN_REPORTS, &failure_log));
// Now assert an invalid one. This should fail.
EXPECT_FALSE(state.AddHPKPHeader(
"example.com", "max-age = 10000; " + bad_pin + "; " + backup_pin,
ssl_info));
// The old pins must still exist.
EXPECT_TRUE(state.HasPublicKeyPins("example.com"));
EXPECT_EQ(TransportSecurityState::PKPStatus::OK,
state.CheckPublicKeyPins(
domain_port, is_issued_by_known_root,
ssl_info.public_key_hashes, nullptr, nullptr,
TransportSecurityState::DISABLE_PIN_REPORTS, &failure_log));
}
TEST_F(HttpSecurityHeadersTest, BogusExpectCTHeaders) {
base::TimeDelta max_age;
bool enforce = false;
GURL report_uri;
EXPECT_FALSE(
ParseExpectCTHeader(std::string(), &max_age, &enforce, &report_uri));
EXPECT_FALSE(ParseExpectCTHeader(" ", &max_age, &enforce, &report_uri));
EXPECT_FALSE(ParseExpectCTHeader("abc", &max_age, &enforce, &report_uri));
EXPECT_FALSE(ParseExpectCTHeader(" abc", &max_age, &enforce, &report_uri));
EXPECT_FALSE(
ParseExpectCTHeader(" abc ", &max_age, &enforce, &report_uri));
EXPECT_FALSE(ParseExpectCTHeader("max-age", &max_age, &enforce, &report_uri));
EXPECT_FALSE(
ParseExpectCTHeader(" max-age", &max_age, &enforce, &report_uri));
EXPECT_FALSE(
ParseExpectCTHeader(" max-age ", &max_age, &enforce, &report_uri));
EXPECT_FALSE(
ParseExpectCTHeader("max-age=", &max_age, &enforce, &report_uri));
EXPECT_FALSE(
ParseExpectCTHeader(" max-age=", &max_age, &enforce, &report_uri));
EXPECT_FALSE(
ParseExpectCTHeader(" max-age =", &max_age, &enforce, &report_uri));
EXPECT_FALSE(
ParseExpectCTHeader(" max-age= ", &max_age, &enforce, &report_uri));
EXPECT_FALSE(ParseExpectCTHeader(" max-age = ", &max_age, &enforce,
&report_uri));
EXPECT_FALSE(ParseExpectCTHeader(" max-age = xy", &max_age, &enforce,
&report_uri));
EXPECT_FALSE(ParseExpectCTHeader(" max-age = 3488a923", &max_age,
&enforce, &report_uri));
EXPECT_FALSE(ParseExpectCTHeader("max-age=3488a923 ", &max_age, &enforce,
&report_uri));
EXPECT_FALSE(
ParseExpectCTHeader("max-ag=3488923", &max_age, &enforce, &report_uri));
EXPECT_FALSE(
ParseExpectCTHeader("max-aged=3488923", &max_age, &enforce, &report_uri));
EXPECT_FALSE(
ParseExpectCTHeader("max-age==3488923", &max_age, &enforce, &report_uri));
EXPECT_FALSE(
ParseExpectCTHeader("amax-age=3488923", &max_age, &enforce, &report_uri));
EXPECT_FALSE(
ParseExpectCTHeader("max-age=-3488923", &max_age, &enforce, &report_uri));
EXPECT_FALSE(
ParseExpectCTHeader("max-age=+3488923", &max_age, &enforce, &report_uri));
EXPECT_FALSE(
ParseExpectCTHeader("max-age=13####", &max_age, &enforce, &report_uri));
EXPECT_FALSE(ParseExpectCTHeader("max-age=9223372036854775807#####", &max_age,
&enforce, &report_uri));
EXPECT_FALSE(ParseExpectCTHeader("max-age=18446744073709551615####", &max_age,
&enforce, &report_uri));
EXPECT_FALSE(ParseExpectCTHeader("max-age=999999999999999999999999$.&#!",
&max_age, &enforce, &report_uri));
EXPECT_FALSE(ParseExpectCTHeader("max-age=3488923 e", &max_age, &enforce,
&report_uri));
EXPECT_FALSE(ParseExpectCTHeader("max-age=3488923 includesubdomain",
&max_age, &enforce, &report_uri));
EXPECT_FALSE(ParseExpectCTHeader("max-age=3488923includesubdomains", &max_age,
&enforce, &report_uri));
EXPECT_FALSE(ParseExpectCTHeader("max-age=3488923=includesubdomains",
&max_age, &enforce, &report_uri));
EXPECT_FALSE(ParseExpectCTHeader("max-age=3488923 includesubdomainx",
&max_age, &enforce, &report_uri));
EXPECT_FALSE(ParseExpectCTHeader(
"max-age=3488923 includesubdomain=", &max_age, &enforce, &report_uri));
EXPECT_FALSE(ParseExpectCTHeader("max-age=3488923 includesubdomain=true",
&max_age, &enforce, &report_uri));
EXPECT_FALSE(ParseExpectCTHeader("max-age=3488923 includesubdomainsx",
&max_age, &enforce, &report_uri));
EXPECT_FALSE(ParseExpectCTHeader("max-age=3488923 includesubdomains x",
&max_age, &enforce, &report_uri));
EXPECT_FALSE(ParseExpectCTHeader("max-age=34889.23 includesubdomains",
&max_age, &enforce, &report_uri));
EXPECT_FALSE(ParseExpectCTHeader("max-age=34889 includesubdomains", &max_age,
&enforce, &report_uri));
EXPECT_FALSE(
ParseExpectCTHeader(",,,, ,,,", &max_age, &enforce, &report_uri));
EXPECT_FALSE(ParseExpectCTHeader(",,,, includeSubDomains,,,", &max_age,
&enforce, &report_uri));
EXPECT_FALSE(ParseExpectCTHeader(" includeSubDomains, ", &max_age,
&enforce, &report_uri));
EXPECT_FALSE(ParseExpectCTHeader(",", &max_age, &enforce, &report_uri));
EXPECT_FALSE(
ParseExpectCTHeader("max-age, ,", &max_age, &enforce, &report_uri));
// Test that the parser rejects misquoted or invalid report-uris.
EXPECT_FALSE(ParseExpectCTHeader("max-age=999, report-uri=\"http://foo;bar\'",
&max_age, &enforce, &report_uri));
EXPECT_FALSE(ParseExpectCTHeader("max-age=999, report-uri=\"foo;bar\"",
&max_age, &enforce, &report_uri));
EXPECT_FALSE(ParseExpectCTHeader("max-age=999, report-uri=\"\"", &max_age,
&enforce, &report_uri));
// Test that the parser does not fix up misquoted values.
EXPECT_FALSE(
ParseExpectCTHeader("max-age=\"999", &max_age, &enforce, &report_uri));
// Test that the parser rejects headers that contain duplicate directives.
EXPECT_FALSE(ParseExpectCTHeader("max-age=999, enforce, max-age=99999",
&max_age, &enforce, &report_uri));
EXPECT_FALSE(ParseExpectCTHeader("enforce, max-age=999, enforce", &max_age,
&enforce, &report_uri));
EXPECT_FALSE(
ParseExpectCTHeader("report-uri=\"http://foo\", max-age=999, enforce, "
"report-uri=\"http://foo\"",
&max_age, &enforce, &report_uri));
// Test that the parser rejects headers with values for the valueless
// 'enforce' directive.
EXPECT_FALSE(ParseExpectCTHeader("max-age=999, enforce=true", &max_age,
&enforce, &report_uri));
// Check the out args were not updated by checking the default
// values for its predictable fields.
EXPECT_EQ(0, max_age.InSeconds());
EXPECT_FALSE(enforce);
EXPECT_TRUE(report_uri.is_empty());
}
TEST_F(HttpSecurityHeadersTest, ValidExpectCTHeaders) {
base::TimeDelta max_age;
bool enforce = false;
GURL report_uri;
EXPECT_TRUE(
ParseExpectCTHeader("max-age=243", &max_age, &enforce, &report_uri));
EXPECT_EQ(base::TimeDelta::FromSeconds(243), max_age);
EXPECT_FALSE(enforce);
EXPECT_TRUE(report_uri.is_empty());
EXPECT_TRUE(ParseExpectCTHeader(" Max-agE = 567", &max_age, &enforce,
&report_uri));
EXPECT_EQ(base::TimeDelta::FromSeconds(567), max_age);
EXPECT_FALSE(enforce);
EXPECT_TRUE(report_uri.is_empty());
EXPECT_TRUE(ParseExpectCTHeader(" mAx-aGe = 890 ", &max_age,
&enforce, &report_uri));
EXPECT_EQ(base::TimeDelta::FromSeconds(890), max_age);
EXPECT_FALSE(enforce);
EXPECT_TRUE(report_uri.is_empty());
EXPECT_TRUE(ParseExpectCTHeader("max-age=123,enFoRce", &max_age, &enforce,
&report_uri));
EXPECT_EQ(base::TimeDelta::FromSeconds(123), max_age);
EXPECT_TRUE(enforce);
EXPECT_TRUE(report_uri.is_empty());
enforce = false;
EXPECT_TRUE(ParseExpectCTHeader("enFoRCE, max-age=123", &max_age, &enforce,
&report_uri));
EXPECT_EQ(base::TimeDelta::FromSeconds(123), max_age);
EXPECT_TRUE(enforce);
EXPECT_TRUE(report_uri.is_empty());
enforce = false;
EXPECT_TRUE(ParseExpectCTHeader(" enFORce, max-age=123", &max_age, &enforce,
&report_uri));
EXPECT_EQ(base::TimeDelta::FromSeconds(123), max_age);
EXPECT_TRUE(enforce);
EXPECT_TRUE(report_uri.is_empty());
enforce = false;
EXPECT_TRUE(ParseExpectCTHeader(
"report-uri=\"https://foo.test\", enFORce, max-age=123", &max_age,
&enforce, &report_uri));
EXPECT_EQ(base::TimeDelta::FromSeconds(123), max_age);
EXPECT_TRUE(enforce);
EXPECT_EQ(GURL("https://foo.test"), report_uri);
enforce = false;
report_uri = GURL();
EXPECT_TRUE(
ParseExpectCTHeader("enforce,report-uri=\"https://foo.test\",max-age=123",
&max_age, &enforce, &report_uri));
EXPECT_EQ(base::TimeDelta::FromSeconds(123), max_age);
EXPECT_TRUE(enforce);
EXPECT_EQ(GURL("https://foo.test"), report_uri);
enforce = false;
report_uri = GURL();
EXPECT_TRUE(
ParseExpectCTHeader("enforce,report-uri=https://foo.test,max-age=123",
&max_age, &enforce, &report_uri));
EXPECT_EQ(base::TimeDelta::FromSeconds(123), max_age);
EXPECT_TRUE(enforce);
EXPECT_EQ(GURL("https://foo.test"), report_uri);
report_uri = GURL();
enforce = false;
EXPECT_TRUE(ParseExpectCTHeader("report-uri=\"https://foo.test\",max-age=123",
&max_age, &enforce, &report_uri));
EXPECT_EQ(base::TimeDelta::FromSeconds(123), max_age);
EXPECT_FALSE(enforce);
EXPECT_EQ(GURL("https://foo.test"), report_uri);
report_uri = GURL();
EXPECT_TRUE(ParseExpectCTHeader(" enFORcE, max-age=123, pumpkin=kitten",
&max_age, &enforce, &report_uri));
EXPECT_EQ(base::TimeDelta::FromSeconds(123), max_age);
EXPECT_TRUE(enforce);
EXPECT_TRUE(report_uri.is_empty());
enforce = false;
EXPECT_TRUE(ParseExpectCTHeader(
" pumpkin=894, report-uri= \"https://bar\", enFORce, max-age=123 ",
&max_age, &enforce, &report_uri));
EXPECT_EQ(base::TimeDelta::FromSeconds(123), max_age);
EXPECT_TRUE(enforce);
EXPECT_EQ(GURL("https://bar"), report_uri);
enforce = false;
report_uri = GURL();
EXPECT_TRUE(ParseExpectCTHeader(" pumpkin, enFoRcE, max-age=123 ",
&max_age, &enforce, &report_uri));
EXPECT_EQ(base::TimeDelta::FromSeconds(123), max_age);
EXPECT_TRUE(enforce);
EXPECT_TRUE(report_uri.is_empty());
enforce = false;
EXPECT_TRUE(ParseExpectCTHeader(" pumpkin, enforce, max-age=\"123\" ",
&max_age, &enforce, &report_uri));
EXPECT_EQ(base::TimeDelta::FromSeconds(123), max_age);
EXPECT_TRUE(enforce);
EXPECT_TRUE(report_uri.is_empty());
enforce = false;
EXPECT_TRUE(ParseExpectCTHeader(
"animal=\"squirrel, distinguished\", enFoRce, max-age=123", &max_age,
&enforce, &report_uri));
EXPECT_EQ(base::TimeDelta::FromSeconds(123), max_age);
EXPECT_TRUE(enforce);
EXPECT_TRUE(report_uri.is_empty());
enforce = false;
EXPECT_TRUE(ParseExpectCTHeader("max-age=394082, enforce", &max_age,
&enforce, &report_uri));
EXPECT_EQ(base::TimeDelta::FromSeconds(394082), max_age);
EXPECT_TRUE(enforce);
EXPECT_TRUE(report_uri.is_empty());
enforce = false;
EXPECT_TRUE(ParseExpectCTHeader("max-age=39408299 ,enforce", &max_age,
&enforce, &report_uri));
EXPECT_EQ(base::TimeDelta::FromSeconds(kMaxExpectCTAgeSecs), max_age);
EXPECT_TRUE(enforce);
EXPECT_TRUE(report_uri.is_empty());
// Per RFC 7230, "a recipient MUST parse and ignore a reasonable number of
// empty list elements".
enforce = false;
EXPECT_TRUE(ParseExpectCTHeader(",, max-age=394082038 , enfoRce, ,",
&max_age, &enforce, &report_uri));
EXPECT_EQ(base::TimeDelta::FromSeconds(kMaxExpectCTAgeSecs), max_age);
EXPECT_TRUE(enforce);
EXPECT_TRUE(report_uri.is_empty());
enforce = false;
EXPECT_TRUE(ParseExpectCTHeader(",, max-age=394082038 ,", &max_age, &enforce,
&report_uri));
EXPECT_EQ(base::TimeDelta::FromSeconds(kMaxExpectCTAgeSecs), max_age);
EXPECT_FALSE(enforce);
EXPECT_TRUE(report_uri.is_empty());
EXPECT_TRUE(
ParseExpectCTHeader(",, , , max-age=394082038,,, enforce ,, ,",
&max_age, &enforce, &report_uri));
EXPECT_EQ(base::TimeDelta::FromSeconds(kMaxExpectCTAgeSecs), max_age);
EXPECT_TRUE(enforce);
EXPECT_TRUE(report_uri.is_empty());
enforce = false;
EXPECT_TRUE(ParseExpectCTHeader("enfORce , max-age=394082038 ,,", &max_age,
&enforce, &report_uri));
EXPECT_EQ(base::TimeDelta::FromSeconds(kMaxExpectCTAgeSecs), max_age);
EXPECT_TRUE(enforce);
EXPECT_TRUE(report_uri.is_empty());
enforce = false;
EXPECT_TRUE(ParseExpectCTHeader(" max-age=0 , enforce ", &max_age,
&enforce, &report_uri));
EXPECT_EQ(base::TimeDelta::FromSeconds(0), max_age);
EXPECT_TRUE(enforce);
EXPECT_TRUE(report_uri.is_empty());
enforce = false;
EXPECT_TRUE(ParseExpectCTHeader(
" max-age=999999999999999999999999999999999999999999999 ,"
" enforce ",
&max_age, &enforce, &report_uri));
EXPECT_EQ(base::TimeDelta::FromSeconds(kMaxExpectCTAgeSecs), max_age);
EXPECT_TRUE(enforce);
EXPECT_TRUE(report_uri.is_empty());
}
} // namespace net