Chromium Code Reviews Chromium Code Reviews
Issue 201033:
ForceTLS: hash hostnames, handle subdomains, canonicalise. (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2009 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2009 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/base/strict_transport_security_state.h" | 5 #include "net/base/strict_transport_security_state.h" |
| 6 #include "testing/gtest/include/gtest/gtest.h" | 6 #include "testing/gtest/include/gtest/gtest.h" |
| 7 | 7 |
| 8 namespace { | 8 namespace net { |
|
abarth-chromium
2009/09/09 00:54:22
I think we don't need to put this in the net names
| |
| 9 | 9 |
| 10 class StrictTransportSecurityStateTest : public testing::Test { | 10 class StrictTransportSecurityStateTest : public testing::Test { |
| 11 }; | 11 }; |
| 12 | 12 |
| 13 TEST_F(StrictTransportSecurityStateTest, BogusHeaders) { | 13 TEST_F(StrictTransportSecurityStateTest, BogusHeaders) { |
| 14 int max_age = 42; | 14 int max_age = 42; |
| 15 bool include_subdomains = false; | 15 bool include_subdomains = false; |
| 16 | 16 |
| 17 EXPECT_FALSE(net::StrictTransportSecurityState::ParseHeader( | 17 EXPECT_FALSE(net::StrictTransportSecurityState::ParseHeader( |
| 18 "", &max_age, &include_subdomains)); | 18 "", &max_age, &include_subdomains)); |
| (...skipping 92 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 111 "max-age=394082038 incLudesUbdOmains", &max_age, &include_subdomains)); | 111 "max-age=394082038 incLudesUbdOmains", &max_age, &include_subdomains)); |
| 112 EXPECT_EQ(max_age, 394082038); | 112 EXPECT_EQ(max_age, 394082038); |
| 113 EXPECT_TRUE(include_subdomains); | 113 EXPECT_TRUE(include_subdomains); |
| 114 | 114 |
| 115 EXPECT_TRUE(net::StrictTransportSecurityState::ParseHeader( | 115 EXPECT_TRUE(net::StrictTransportSecurityState::ParseHeader( |
| 116 " max-age=0 incLudesUbdOmains ", &max_age, &include_subdomains)); | 116 " max-age=0 incLudesUbdOmains ", &max_age, &include_subdomains)); |
| 117 EXPECT_EQ(max_age, 0); | 117 EXPECT_EQ(max_age, 0); |
| 118 EXPECT_TRUE(include_subdomains); | 118 EXPECT_TRUE(include_subdomains); |
| 119 } | 119 } |
| 120 | 120 |
| 121 } // namespace | 121 TEST_F(StrictTransportSecurityStateTest, SimpleMatches) { |
| 122 scoped_refptr<StrictTransportSecurityState> state( | |
| 123 new StrictTransportSecurityState); | |
| 124 const base::Time current_time(base::Time::Now()); | |
| 125 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); | |
| 126 | |
| 127 EXPECT_FALSE(state->IsEnabledForHost("google.com")); | |
| 128 state->EnableHost("google.com", expiry, false); | |
| 129 EXPECT_TRUE(state->IsEnabledForHost("google.com")); | |
| 130 } | |
| 131 | |
| 132 TEST_F(StrictTransportSecurityStateTest, MatchesCase1) { | |
| 133 scoped_refptr<StrictTransportSecurityState> state( | |
| 134 new StrictTransportSecurityState); | |
| 135 const base::Time current_time(base::Time::Now()); | |
| 136 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); | |
| 137 | |
| 138 EXPECT_FALSE(state->IsEnabledForHost("google.com")); | |
| 139 state->EnableHost("GOOgle.coM", expiry, false); | |
| 140 EXPECT_TRUE(state->IsEnabledForHost("google.com")); | |
| 141 } | |
| 142 | |
| 143 TEST_F(StrictTransportSecurityStateTest, MatchesCase2) { | |
| 144 scoped_refptr<StrictTransportSecurityState> state( | |
| 145 new StrictTransportSecurityState); | |
| 146 const base::Time current_time(base::Time::Now()); | |
| 147 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); | |
| 148 | |
| 149 EXPECT_FALSE(state->IsEnabledForHost("GOOgle.coM")); | |
| 150 state->EnableHost("google.com", expiry, false); | |
| 151 EXPECT_TRUE(state->IsEnabledForHost("GOOgle.coM")); | |
| 152 } | |
| 153 | |
| 154 TEST_F(StrictTransportSecurityStateTest, SubdomainMatches) { | |
| 155 scoped_refptr<StrictTransportSecurityState> state( | |
| 156 new StrictTransportSecurityState); | |
| 157 const base::Time current_time(base::Time::Now()); | |
| 158 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); | |
| 159 | |
| 160 EXPECT_FALSE(state->IsEnabledForHost("google.com")); | |
| 161 state->EnableHost("google.com", expiry, true); | |
| 162 EXPECT_TRUE(state->IsEnabledForHost("google.com")); | |
| 163 EXPECT_TRUE(state->IsEnabledForHost("foo.google.com")); | |
| 164 EXPECT_TRUE(state->IsEnabledForHost("foo.bar.google.com")); | |
| 165 EXPECT_TRUE(state->IsEnabledForHost("foo.bar.baz.google.com")); | |
| 166 EXPECT_FALSE(state->IsEnabledForHost("com")); | |
| 167 } | |
| 168 | |
| 169 TEST_F(StrictTransportSecurityStateTest, Serialise1) { | |
| 170 scoped_refptr<StrictTransportSecurityState> state( | |
| 171 new StrictTransportSecurityState); | |
| 172 std::string output; | |
| 173 state->Serialise(&output); | |
| 174 EXPECT_TRUE(state->Deserialise(output)); | |
| 175 } | |
| 176 | |
| 177 TEST_F(StrictTransportSecurityStateTest, Serialise2) { | |
| 178 scoped_refptr<StrictTransportSecurityState> state( | |
| 179 new StrictTransportSecurityState); | |
| 180 | |
| 181 const base::Time current_time(base::Time::Now()); | |
| 182 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); | |
| 183 | |
| 184 EXPECT_FALSE(state->IsEnabledForHost("google.com")); | |
| 185 state->EnableHost("google.com", expiry, true); | |
| 186 | |
| 187 std::string output; | |
| 188 state->Serialise(&output); | |
| 189 EXPECT_TRUE(state->Deserialise(output)); | |
| 190 | |
| 191 EXPECT_TRUE(state->IsEnabledForHost("google.com")); | |
| 192 EXPECT_TRUE(state->IsEnabledForHost("foo.google.com")); | |
| 193 EXPECT_TRUE(state->IsEnabledForHost("foo.bar.google.com")); | |
| 194 EXPECT_TRUE(state->IsEnabledForHost("foo.bar.baz.google.com")); | |
| 195 EXPECT_FALSE(state->IsEnabledForHost("com")); | |
| 196 } | |
| 197 | |
| 198 } // namespace net | |
| OLD | NEW |
