OLD | NEW |
1 // Copyright (c) 2009 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
| 5 #include "base/file_path.h" |
| 6 #include "base/string_util.h" |
| 7 #include "base/time.h" |
| 8 #include "net/base/cert_test_util.h" |
5 #include "net/base/transport_security_state.h" | 9 #include "net/base/transport_security_state.h" |
| 10 #include "net/base/x509_certificate.h" |
6 #include "testing/gtest/include/gtest/gtest.h" | 11 #include "testing/gtest/include/gtest/gtest.h" |
7 | 12 |
8 namespace net { | 13 namespace net { |
9 | 14 |
10 class TransportSecurityStateTest : public testing::Test { | 15 class TransportSecurityStateTest : public testing::Test { |
11 }; | 16 }; |
12 | 17 |
13 TEST_F(TransportSecurityStateTest, BogusHeaders) { | 18 TEST_F(TransportSecurityStateTest, BogusHeaders) { |
14 int max_age = 42; | 19 int max_age = 42; |
15 bool include_subdomains = false; | 20 bool include_subdomains = false; |
(...skipping 409 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
425 scoped_refptr<TransportSecurityState> state( | 430 scoped_refptr<TransportSecurityState> state( |
426 new TransportSecurityState); | 431 new TransportSecurityState); |
427 const char kLongName[] = | 432 const char kLongName[] = |
428 "lookupByWaveIdHashAndWaveIdIdAndWaveIdDomainAndWaveletIdIdAnd" | 433 "lookupByWaveIdHashAndWaveIdIdAndWaveIdDomainAndWaveletIdIdAnd" |
429 "WaveletIdDomainAndBlipBlipid"; | 434 "WaveletIdDomainAndBlipBlipid"; |
430 TransportSecurityState::DomainState domain_state; | 435 TransportSecurityState::DomainState domain_state; |
431 // Just checks that we don't hit a NOTREACHED. | 436 // Just checks that we don't hit a NOTREACHED. |
432 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, kLongName)); | 437 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, kLongName)); |
433 } | 438 } |
434 | 439 |
| 440 TEST_F(TransportSecurityStateTest, CertLocks) { |
| 441 scoped_refptr<TransportSecurityState> state( |
| 442 new TransportSecurityState); |
| 443 FilePath certs_dir = GetTestCertsDirectory(); |
| 444 scoped_refptr<X509Certificate> google_cert( |
| 445 ImportCertFromFile(certs_dir, "google.chain.pem")); |
| 446 |
| 447 TransportSecurityState::DomainState domain_state; |
| 448 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "www.evil.com")); |
| 449 EXPECT_TRUE(state->IsAcceptableCertificate("www.evil.com", google_cert)); |
| 450 const base::Time current_time(base::Time::Now()); |
| 451 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); |
| 452 domain_state.expiry = expiry; |
| 453 state->EnableHost("www.evil.com", domain_state); |
| 454 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.evil.com")); |
| 455 EXPECT_TRUE(state->IsAcceptableCertificate("www.evil.com", google_cert)); |
| 456 |
| 457 domain_state.cert_locks.push_back("0000000000000000000000000000000000000001"); |
| 458 state->EnableHost("www.evil.com", domain_state); |
| 459 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.evil.com")); |
| 460 EXPECT_FALSE(state->IsAcceptableCertificate("www.evil.com", google_cert)); |
| 461 |
| 462 std::string ser; |
| 463 EXPECT_TRUE(state->Serialise(&ser)); |
| 464 bool dirty; |
| 465 EXPECT_TRUE(state->Deserialise(ser, &dirty)); |
| 466 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.evil.com")); |
| 467 EXPECT_FALSE(state->IsAcceptableCertificate("www.evil.com", google_cert)); |
| 468 |
| 469 const SHA1Fingerprint& fp = google_cert->fingerprint(); |
| 470 std::string hash; |
| 471 for (size_t i = 0; i < sizeof(fp.data); ++i) |
| 472 hash += StringPrintf("%02X", fp.data[i]); |
| 473 domain_state.cert_locks.push_back(hash); |
| 474 state->EnableHost("www.evil.com", domain_state); |
| 475 EXPECT_TRUE(state->IsAcceptableCertificate("www.evil.com", google_cert)); |
| 476 |
| 477 EXPECT_TRUE(state->Serialise(&ser)); |
| 478 EXPECT_TRUE(state->Deserialise(ser, &dirty)); |
| 479 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.evil.com")); |
| 480 EXPECT_TRUE(state->IsAcceptableCertificate("www.evil.com", google_cert)); |
| 481 } |
| 482 |
435 } // namespace net | 483 } // namespace net |
OLD | NEW |