Add command-line control of the HSTS preload list.

net/base/transport_security_state_unittest.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/base/transport_security_state.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
 namespace net {
 
 class TransportSecurityStateTest : public testing::Test {
@@ skipping 188 matching lines @@
                                       true));
   EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "com", true));
 }
 
 TEST_F(TransportSecurityStateTest, Serialise1) {
   scoped_refptr<TransportSecurityState> state(
       new TransportSecurityState);
   std::string output;
   bool dirty;
   state->Serialise(&output);
-  EXPECT_TRUE(state->Deserialise(output, &dirty));
+  EXPECT_TRUE(state->LoadEntries(output, &dirty));
   EXPECT_FALSE(dirty);
 }
 
 TEST_F(TransportSecurityStateTest, Serialise2) {
   scoped_refptr<TransportSecurityState> state(
       new TransportSecurityState);
 
   TransportSecurityState::DomainState domain_state;
   const base::Time current_time(base::Time::Now());
   const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
 
   EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "google.com", true));
   domain_state.mode = TransportSecurityState::DomainState::MODE_STRICT;
   domain_state.expiry = expiry;
   domain_state.include_subdomains = true;
   state->EnableHost("google.com", domain_state);
 
   std::string output;
   bool dirty;
   state->Serialise(&output);
-  EXPECT_TRUE(state->Deserialise(output, &dirty));
+  EXPECT_TRUE(state->LoadEntries(output, &dirty));
 
   EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "google.com", true));
   EXPECT_EQ(domain_state.mode, TransportSecurityState::DomainState::MODE_STRICT);
   EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "foo.google.com", true));
   EXPECT_EQ(domain_state.mode, TransportSecurityState::DomainState::MODE_STRICT);
   EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
                                       "foo.bar.google.com",
                                       true));
   EXPECT_EQ(domain_state.mode, TransportSecurityState::DomainState::MODE_STRICT);
   EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
@@ skipping 12 matching lines @@
   const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
 
   EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "google.com", true));
   domain_state.mode = TransportSecurityState::DomainState::MODE_OPPORTUNISTIC;
   domain_state.expiry = expiry;
   state->EnableHost("google.com", domain_state);
 
   std::string output;
   bool dirty;
   state->Serialise(&output);
-  EXPECT_TRUE(state->Deserialise(output, &dirty));
+  EXPECT_TRUE(state->LoadEntries(output, &dirty));
 
   EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "google.com", true));
   EXPECT_EQ(domain_state.mode,
             TransportSecurityState::DomainState::MODE_OPPORTUNISTIC);
 }
 
 TEST_F(TransportSecurityStateTest, DeleteSince) {
   scoped_refptr<TransportSecurityState> state(
       new TransportSecurityState);
 
@@ skipping 37 matching lines @@
   // date.
   std::string output =
       "{ "
         "\"NiyD+3J1r6z1wjl2n1ALBu94Zj9OsEAMo0kCN8js0Uk=\": {"
           "\"expiry\": 1266815027.983453, "
           "\"include_subdomains\": false, "
           "\"mode\": \"strict\" "
         "}"
       "}";
   bool dirty;
-  EXPECT_TRUE(state->Deserialise(output, &dirty));
+  EXPECT_TRUE(state->LoadEntries(output, &dirty));
   EXPECT_TRUE(dirty);
 }
 
 TEST_F(TransportSecurityStateTest, IsPreloaded) {
   const std::string paypal =
       TransportSecurityState::CanonicalizeHost("paypal.com");
   const std::string www_paypal =
       TransportSecurityState::CanonicalizeHost("www.paypal.com");
   const std::string a_www_paypal =
       TransportSecurityState::CanonicalizeHost("a.www.paypal.com");
   const std::string abc_paypal =
       TransportSecurityState::CanonicalizeHost("a.b.c.paypal.com");
   const std::string example =
       TransportSecurityState::CanonicalizeHost("example.com");
   const std::string aypal =
       TransportSecurityState::CanonicalizeHost("aypal.com");
 
-  bool b;
-  EXPECT_FALSE(TransportSecurityState::IsPreloadedSTS(paypal, true, &b));
-  EXPECT_TRUE(TransportSecurityState::IsPreloadedSTS(www_paypal, true, &b));
-  EXPECT_FALSE(b);
-  EXPECT_FALSE(TransportSecurityState::IsPreloadedSTS(a_www_paypal, true, &b));
-  EXPECT_FALSE(TransportSecurityState::IsPreloadedSTS(abc_paypal, true, &b));
-  EXPECT_FALSE(TransportSecurityState::IsPreloadedSTS(example, true, &b));
-  EXPECT_FALSE(TransportSecurityState::IsPreloadedSTS(aypal, true, &b));
+  TransportSecurityState::DomainState domain_state;
+  EXPECT_FALSE(TransportSecurityState::IsPreloadedSTS(
+      paypal, true, &domain_state));
+  EXPECT_TRUE(TransportSecurityState::IsPreloadedSTS(
+      www_paypal, true, &domain_state));
+  EXPECT_FALSE(domain_state.include_subdomains);
+  EXPECT_FALSE(TransportSecurityState::IsPreloadedSTS(
+      a_www_paypal, true, &domain_state));
+  EXPECT_FALSE(TransportSecurityState::IsPreloadedSTS(
+      abc_paypal, true, &domain_state));
+  EXPECT_FALSE(TransportSecurityState::IsPreloadedSTS(
+      example, true, &domain_state));
+  EXPECT_FALSE(TransportSecurityState::IsPreloadedSTS(
+      aypal, true, &domain_state));
 }
 
 TEST_F(TransportSecurityStateTest, Preloaded) {
   scoped_refptr<TransportSecurityState> state(
       new TransportSecurityState);
   TransportSecurityState::DomainState domain_state;
   EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "paypal.com", true));
   EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.paypal.com", true));
   EXPECT_EQ(domain_state.mode,
             TransportSecurityState::DomainState::MODE_STRICT);
@@ skipping 97 matching lines @@
   EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
                                       "appengine.google.com",
                                       true));
 
   EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
                                       "www.paycheckrecords.com",
                                       true));
   EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
                                       "market.android.com",
                                       true));
+  // The domain wasn't being set, leading to a blank string in the
+  // chrome://net-internals/#hsts UI. So test that.
+  EXPECT_EQ(domain_state.domain, "market.android.com");
+  EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
+                                      "sub.market.android.com",
+                                      true));
+  EXPECT_EQ(domain_state.domain, "market.android.com");
 
   EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "lastpass.com", true));
   EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.lastpass.com", true));
   EXPECT_FALSE(state->IsEnabledForHost(&domain_state,
                                        "blog.lastpass.com",
                                        true));
 
   EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "keyerror.com", true));
   EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.keyerror.com", true));
 
@@ skipping 52 matching lines @@
   hashes[0].data[0] = '2';
   EXPECT_FALSE(domain_state.IsChainOfPublicKeysPermitted(hashes));
 
   const base::Time current_time(base::Time::Now());
   const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
   domain_state.expiry = expiry;
   state->EnableHost("example.com", domain_state);
   std::string ser;
   EXPECT_TRUE(state->Serialise(&ser));
   bool dirty;
-  EXPECT_TRUE(state->Deserialise(ser, &dirty));
+  EXPECT_TRUE(state->LoadEntries(ser, &dirty));
   EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "example.com", false));
   EXPECT_EQ(1u, domain_state.public_key_hashes.size());
   EXPECT_TRUE(0 == memcmp(domain_state.public_key_hashes[0].data, hash.data,
                           sizeof(hash.data)));
 }
 
 }  // namespace net