OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/base/transport_security_state.h" | 5 #include "net/base/transport_security_state.h" |
6 #include "testing/gtest/include/gtest/gtest.h" | 6 #include "testing/gtest/include/gtest/gtest.h" |
7 | 7 |
8 namespace net { | 8 namespace net { |
9 | 9 |
10 class TransportSecurityStateTest : public testing::Test { | 10 class TransportSecurityStateTest : public testing::Test { |
(...skipping 188 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
199 true)); | 199 true)); |
200 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "com", true)); | 200 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "com", true)); |
201 } | 201 } |
202 | 202 |
203 TEST_F(TransportSecurityStateTest, Serialise1) { | 203 TEST_F(TransportSecurityStateTest, Serialise1) { |
204 scoped_refptr<TransportSecurityState> state( | 204 scoped_refptr<TransportSecurityState> state( |
205 new TransportSecurityState); | 205 new TransportSecurityState); |
206 std::string output; | 206 std::string output; |
207 bool dirty; | 207 bool dirty; |
208 state->Serialise(&output); | 208 state->Serialise(&output); |
209 EXPECT_TRUE(state->Deserialise(output, &dirty)); | 209 EXPECT_TRUE(state->LoadEntries(output, &dirty)); |
210 EXPECT_FALSE(dirty); | 210 EXPECT_FALSE(dirty); |
211 } | 211 } |
212 | 212 |
213 TEST_F(TransportSecurityStateTest, Serialise2) { | 213 TEST_F(TransportSecurityStateTest, Serialise2) { |
214 scoped_refptr<TransportSecurityState> state( | 214 scoped_refptr<TransportSecurityState> state( |
215 new TransportSecurityState); | 215 new TransportSecurityState); |
216 | 216 |
217 TransportSecurityState::DomainState domain_state; | 217 TransportSecurityState::DomainState domain_state; |
218 const base::Time current_time(base::Time::Now()); | 218 const base::Time current_time(base::Time::Now()); |
219 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); | 219 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); |
220 | 220 |
221 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "google.com", true)); | 221 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "google.com", true)); |
222 domain_state.mode = TransportSecurityState::DomainState::MODE_STRICT; | 222 domain_state.mode = TransportSecurityState::DomainState::MODE_STRICT; |
223 domain_state.expiry = expiry; | 223 domain_state.expiry = expiry; |
224 domain_state.include_subdomains = true; | 224 domain_state.include_subdomains = true; |
225 state->EnableHost("google.com", domain_state); | 225 state->EnableHost("google.com", domain_state); |
226 | 226 |
227 std::string output; | 227 std::string output; |
228 bool dirty; | 228 bool dirty; |
229 state->Serialise(&output); | 229 state->Serialise(&output); |
230 EXPECT_TRUE(state->Deserialise(output, &dirty)); | 230 EXPECT_TRUE(state->LoadEntries(output, &dirty)); |
231 | 231 |
232 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "google.com", true)); | 232 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "google.com", true)); |
233 EXPECT_EQ(domain_state.mode, TransportSecurityState::DomainState::MODE_STRICT)
; | 233 EXPECT_EQ(domain_state.mode, TransportSecurityState::DomainState::MODE_STRICT)
; |
234 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "foo.google.com", true)); | 234 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "foo.google.com", true)); |
235 EXPECT_EQ(domain_state.mode, TransportSecurityState::DomainState::MODE_STRICT)
; | 235 EXPECT_EQ(domain_state.mode, TransportSecurityState::DomainState::MODE_STRICT)
; |
236 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, | 236 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, |
237 "foo.bar.google.com", | 237 "foo.bar.google.com", |
238 true)); | 238 true)); |
239 EXPECT_EQ(domain_state.mode, TransportSecurityState::DomainState::MODE_STRICT)
; | 239 EXPECT_EQ(domain_state.mode, TransportSecurityState::DomainState::MODE_STRICT)
; |
240 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, | 240 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, |
(...skipping 12 matching lines...) Expand all Loading... |
253 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); | 253 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); |
254 | 254 |
255 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "google.com", true)); | 255 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "google.com", true)); |
256 domain_state.mode = TransportSecurityState::DomainState::MODE_OPPORTUNISTIC; | 256 domain_state.mode = TransportSecurityState::DomainState::MODE_OPPORTUNISTIC; |
257 domain_state.expiry = expiry; | 257 domain_state.expiry = expiry; |
258 state->EnableHost("google.com", domain_state); | 258 state->EnableHost("google.com", domain_state); |
259 | 259 |
260 std::string output; | 260 std::string output; |
261 bool dirty; | 261 bool dirty; |
262 state->Serialise(&output); | 262 state->Serialise(&output); |
263 EXPECT_TRUE(state->Deserialise(output, &dirty)); | 263 EXPECT_TRUE(state->LoadEntries(output, &dirty)); |
264 | 264 |
265 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "google.com", true)); | 265 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "google.com", true)); |
266 EXPECT_EQ(domain_state.mode, | 266 EXPECT_EQ(domain_state.mode, |
267 TransportSecurityState::DomainState::MODE_OPPORTUNISTIC); | 267 TransportSecurityState::DomainState::MODE_OPPORTUNISTIC); |
268 } | 268 } |
269 | 269 |
270 TEST_F(TransportSecurityStateTest, DeleteSince) { | 270 TEST_F(TransportSecurityStateTest, DeleteSince) { |
271 scoped_refptr<TransportSecurityState> state( | 271 scoped_refptr<TransportSecurityState> state( |
272 new TransportSecurityState); | 272 new TransportSecurityState); |
273 | 273 |
(...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
311 // date. | 311 // date. |
312 std::string output = | 312 std::string output = |
313 "{ " | 313 "{ " |
314 "\"NiyD+3J1r6z1wjl2n1ALBu94Zj9OsEAMo0kCN8js0Uk=\": {" | 314 "\"NiyD+3J1r6z1wjl2n1ALBu94Zj9OsEAMo0kCN8js0Uk=\": {" |
315 "\"expiry\": 1266815027.983453, " | 315 "\"expiry\": 1266815027.983453, " |
316 "\"include_subdomains\": false, " | 316 "\"include_subdomains\": false, " |
317 "\"mode\": \"strict\" " | 317 "\"mode\": \"strict\" " |
318 "}" | 318 "}" |
319 "}"; | 319 "}"; |
320 bool dirty; | 320 bool dirty; |
321 EXPECT_TRUE(state->Deserialise(output, &dirty)); | 321 EXPECT_TRUE(state->LoadEntries(output, &dirty)); |
322 EXPECT_TRUE(dirty); | 322 EXPECT_TRUE(dirty); |
323 } | 323 } |
324 | 324 |
325 TEST_F(TransportSecurityStateTest, IsPreloaded) { | 325 TEST_F(TransportSecurityStateTest, IsPreloaded) { |
326 const std::string paypal = | 326 const std::string paypal = |
327 TransportSecurityState::CanonicalizeHost("paypal.com"); | 327 TransportSecurityState::CanonicalizeHost("paypal.com"); |
328 const std::string www_paypal = | 328 const std::string www_paypal = |
329 TransportSecurityState::CanonicalizeHost("www.paypal.com"); | 329 TransportSecurityState::CanonicalizeHost("www.paypal.com"); |
330 const std::string a_www_paypal = | 330 const std::string a_www_paypal = |
331 TransportSecurityState::CanonicalizeHost("a.www.paypal.com"); | 331 TransportSecurityState::CanonicalizeHost("a.www.paypal.com"); |
332 const std::string abc_paypal = | 332 const std::string abc_paypal = |
333 TransportSecurityState::CanonicalizeHost("a.b.c.paypal.com"); | 333 TransportSecurityState::CanonicalizeHost("a.b.c.paypal.com"); |
334 const std::string example = | 334 const std::string example = |
335 TransportSecurityState::CanonicalizeHost("example.com"); | 335 TransportSecurityState::CanonicalizeHost("example.com"); |
336 const std::string aypal = | 336 const std::string aypal = |
337 TransportSecurityState::CanonicalizeHost("aypal.com"); | 337 TransportSecurityState::CanonicalizeHost("aypal.com"); |
338 | 338 |
339 bool b; | 339 TransportSecurityState::DomainState domain_state; |
340 EXPECT_FALSE(TransportSecurityState::IsPreloadedSTS(paypal, true, &b)); | 340 EXPECT_FALSE(TransportSecurityState::IsPreloadedSTS( |
341 EXPECT_TRUE(TransportSecurityState::IsPreloadedSTS(www_paypal, true, &b)); | 341 paypal, true, &domain_state)); |
342 EXPECT_FALSE(b); | 342 EXPECT_TRUE(TransportSecurityState::IsPreloadedSTS( |
343 EXPECT_FALSE(TransportSecurityState::IsPreloadedSTS(a_www_paypal, true, &b)); | 343 www_paypal, true, &domain_state)); |
344 EXPECT_FALSE(TransportSecurityState::IsPreloadedSTS(abc_paypal, true, &b)); | 344 EXPECT_FALSE(domain_state.include_subdomains); |
345 EXPECT_FALSE(TransportSecurityState::IsPreloadedSTS(example, true, &b)); | 345 EXPECT_FALSE(TransportSecurityState::IsPreloadedSTS( |
346 EXPECT_FALSE(TransportSecurityState::IsPreloadedSTS(aypal, true, &b)); | 346 a_www_paypal, true, &domain_state)); |
| 347 EXPECT_FALSE(TransportSecurityState::IsPreloadedSTS( |
| 348 abc_paypal, true, &domain_state)); |
| 349 EXPECT_FALSE(TransportSecurityState::IsPreloadedSTS( |
| 350 example, true, &domain_state)); |
| 351 EXPECT_FALSE(TransportSecurityState::IsPreloadedSTS( |
| 352 aypal, true, &domain_state)); |
347 } | 353 } |
348 | 354 |
349 TEST_F(TransportSecurityStateTest, Preloaded) { | 355 TEST_F(TransportSecurityStateTest, Preloaded) { |
350 scoped_refptr<TransportSecurityState> state( | 356 scoped_refptr<TransportSecurityState> state( |
351 new TransportSecurityState); | 357 new TransportSecurityState); |
352 TransportSecurityState::DomainState domain_state; | 358 TransportSecurityState::DomainState domain_state; |
353 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "paypal.com", true)); | 359 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "paypal.com", true)); |
354 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.paypal.com", true)); | 360 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.paypal.com", true)); |
355 EXPECT_EQ(domain_state.mode, | 361 EXPECT_EQ(domain_state.mode, |
356 TransportSecurityState::DomainState::MODE_STRICT); | 362 TransportSecurityState::DomainState::MODE_STRICT); |
(...skipping 97 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
454 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, | 460 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, |
455 "appengine.google.com", | 461 "appengine.google.com", |
456 true)); | 462 true)); |
457 | 463 |
458 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, | 464 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, |
459 "www.paycheckrecords.com", | 465 "www.paycheckrecords.com", |
460 true)); | 466 true)); |
461 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, | 467 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, |
462 "market.android.com", | 468 "market.android.com", |
463 true)); | 469 true)); |
| 470 // The domain wasn't being set, leading to a blank string in the |
| 471 // chrome://net-internals/#hsts UI. So test that. |
| 472 EXPECT_EQ(domain_state.domain, "market.android.com"); |
| 473 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, |
| 474 "sub.market.android.com", |
| 475 true)); |
| 476 EXPECT_EQ(domain_state.domain, "market.android.com"); |
464 | 477 |
465 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "lastpass.com", true)); | 478 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "lastpass.com", true)); |
466 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.lastpass.com", true)); | 479 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.lastpass.com", true)); |
467 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, | 480 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, |
468 "blog.lastpass.com", | 481 "blog.lastpass.com", |
469 true)); | 482 true)); |
470 | 483 |
471 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "keyerror.com", true)); | 484 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "keyerror.com", true)); |
472 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.keyerror.com", true)); | 485 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.keyerror.com", true)); |
473 | 486 |
(...skipping 52 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
526 hashes[0].data[0] = '2'; | 539 hashes[0].data[0] = '2'; |
527 EXPECT_FALSE(domain_state.IsChainOfPublicKeysPermitted(hashes)); | 540 EXPECT_FALSE(domain_state.IsChainOfPublicKeysPermitted(hashes)); |
528 | 541 |
529 const base::Time current_time(base::Time::Now()); | 542 const base::Time current_time(base::Time::Now()); |
530 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); | 543 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); |
531 domain_state.expiry = expiry; | 544 domain_state.expiry = expiry; |
532 state->EnableHost("example.com", domain_state); | 545 state->EnableHost("example.com", domain_state); |
533 std::string ser; | 546 std::string ser; |
534 EXPECT_TRUE(state->Serialise(&ser)); | 547 EXPECT_TRUE(state->Serialise(&ser)); |
535 bool dirty; | 548 bool dirty; |
536 EXPECT_TRUE(state->Deserialise(ser, &dirty)); | 549 EXPECT_TRUE(state->LoadEntries(ser, &dirty)); |
537 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "example.com", false)); | 550 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "example.com", false)); |
538 EXPECT_EQ(1u, domain_state.public_key_hashes.size()); | 551 EXPECT_EQ(1u, domain_state.public_key_hashes.size()); |
539 EXPECT_TRUE(0 == memcmp(domain_state.public_key_hashes[0].data, hash.data, | 552 EXPECT_TRUE(0 == memcmp(domain_state.public_key_hashes[0].data, hash.data, |
540 sizeof(hash.data))); | 553 sizeof(hash.data))); |
541 } | 554 } |
542 | 555 |
543 } // namespace net | 556 } // namespace net |
OLD | NEW |