ForceTLS: hash hostnames, handle subdomains, canonicalise.

net/base/strict_transport_security_state_unittest.cc

Index: net/base/strict_transport_security_state_unittest.cc
diff --git a/net/base/strict_transport_security_state_unittest.cc b/net/base/strict_transport_security_state_unittest.cc
index 34ef7aee7129c47cf10ee8d3a33123f969c4966e..6bb3d4d9862725929f0f53f24c19ddfc2363d009 100644
--- a/net/base/strict_transport_security_state_unittest.cc
+++ b/net/base/strict_transport_security_state_unittest.cc
@@ -5,7 +5,7 @@
 #include "net/base/strict_transport_security_state.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
-namespace {
+namespace net {

[abarth-chromium, 2009/09/09 00:54:22]

I think we don't need to put this in the net namespace anymore now that we're
not using a friend test.

 
 class StrictTransportSecurityStateTest : public testing::Test {
 };
@@ -118,4 +118,81 @@ TEST_F(StrictTransportSecurityStateTest, ValidHeaders) {
   EXPECT_TRUE(include_subdomains);
 }
 
-}  // namespace
+TEST_F(StrictTransportSecurityStateTest, SimpleMatches) {
+  scoped_refptr<StrictTransportSecurityState> state(
+      new StrictTransportSecurityState);
+  const base::Time current_time(base::Time::Now());
+  const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
+
+  EXPECT_FALSE(state->IsEnabledForHost("google.com"));
+  state->EnableHost("google.com", expiry, false);
+  EXPECT_TRUE(state->IsEnabledForHost("google.com"));
+}
+
+TEST_F(StrictTransportSecurityStateTest, MatchesCase1) {
+  scoped_refptr<StrictTransportSecurityState> state(
+      new StrictTransportSecurityState);
+  const base::Time current_time(base::Time::Now());
+  const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
+
+  EXPECT_FALSE(state->IsEnabledForHost("google.com"));
+  state->EnableHost("GOOgle.coM", expiry, false);
+  EXPECT_TRUE(state->IsEnabledForHost("google.com"));
+}
+
+TEST_F(StrictTransportSecurityStateTest, MatchesCase2) {
+  scoped_refptr<StrictTransportSecurityState> state(
+      new StrictTransportSecurityState);
+  const base::Time current_time(base::Time::Now());
+  const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
+
+  EXPECT_FALSE(state->IsEnabledForHost("GOOgle.coM"));
+  state->EnableHost("google.com", expiry, false);
+  EXPECT_TRUE(state->IsEnabledForHost("GOOgle.coM"));
+}
+
+TEST_F(StrictTransportSecurityStateTest, SubdomainMatches) {
+  scoped_refptr<StrictTransportSecurityState> state(
+      new StrictTransportSecurityState);
+  const base::Time current_time(base::Time::Now());
+  const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
+
+  EXPECT_FALSE(state->IsEnabledForHost("google.com"));
+  state->EnableHost("google.com", expiry, true);
+  EXPECT_TRUE(state->IsEnabledForHost("google.com"));
+  EXPECT_TRUE(state->IsEnabledForHost("foo.google.com"));
+  EXPECT_TRUE(state->IsEnabledForHost("foo.bar.google.com"));
+  EXPECT_TRUE(state->IsEnabledForHost("foo.bar.baz.google.com"));
+  EXPECT_FALSE(state->IsEnabledForHost("com"));
+}
+
+TEST_F(StrictTransportSecurityStateTest, Serialise1) {
+  scoped_refptr<StrictTransportSecurityState> state(
+      new StrictTransportSecurityState);
+  std::string output;
+  state->Serialise(&output);
+  EXPECT_TRUE(state->Deserialise(output));
+}
+
+TEST_F(StrictTransportSecurityStateTest, Serialise2) {
+  scoped_refptr<StrictTransportSecurityState> state(
+      new StrictTransportSecurityState);
+
+  const base::Time current_time(base::Time::Now());
+  const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
+
+  EXPECT_FALSE(state->IsEnabledForHost("google.com"));
+  state->EnableHost("google.com", expiry, true);
+
+  std::string output;
+  state->Serialise(&output);
+  EXPECT_TRUE(state->Deserialise(output));
+
+  EXPECT_TRUE(state->IsEnabledForHost("google.com"));
+  EXPECT_TRUE(state->IsEnabledForHost("foo.google.com"));
+  EXPECT_TRUE(state->IsEnabledForHost("foo.bar.google.com"));
+  EXPECT_TRUE(state->IsEnabledForHost("foo.bar.baz.google.com"));
+  EXPECT_FALSE(state->IsEnabledForHost("com"));
+}
+
+}  // namespace net