Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(821)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/base/transport_security_state_unittest.cc

Issue 8084008: net: add certificate pins for Twitter. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 9 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« net/base/transport_security_state.cc ('K') | « net/base/transport_security_state.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "base/string_piece.h" 5 #include "base/string_piece.h"
6 #include "net/base/transport_security_state.h" 6 #include "net/base/transport_security_state.h"
7 #include "testing/gtest/include/gtest/gtest.h" 7 #include "testing/gtest/include/gtest/gtest.h"
8 8
9 #if defined(USE_OPENSSL) 9 #if defined(USE_OPENSSL)
10 #include "crypto/openssl_util.h" 10 #include "crypto/openssl_util.h"
(...skipping 688 matching lines...) Expand 10 before | Expand all | Expand 10 after
699 699
700 EXPECT_TRUE(state.IsEnabledForHost(&domain_state, 700 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
701 "greplin.com", 701 "greplin.com",
702 false)); 702 false));
703 EXPECT_TRUE(state.IsEnabledForHost(&domain_state, 703 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
704 "www.greplin.com", 704 "www.greplin.com",
705 false)); 705 false));
706 EXPECT_FALSE(state.IsEnabledForHost(&domain_state, 706 EXPECT_FALSE(state.IsEnabledForHost(&domain_state,
707 "foo.greplin.com", 707 "foo.greplin.com",
708 false)); 708 false));
709
710 #if defined(OS_CHROMEOS)
711 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
712 "twitter.com",
713 false));
714 #else
715 EXPECT_FALSE(state.IsEnabledForHost(&domain_state,
716 "twitter.com",
717 false));
718 #endif
709 } 719 }
710 720
711 TEST_F(TransportSecurityStateTest, LongNames) { 721 TEST_F(TransportSecurityStateTest, LongNames) {
712 TransportSecurityState state(""); 722 TransportSecurityState state("");
713 const char kLongName[] = 723 const char kLongName[] =
714 "lookupByWaveIdHashAndWaveIdIdAndWaveIdDomainAndWaveletIdIdAnd" 724 "lookupByWaveIdHashAndWaveIdIdAndWaveIdDomainAndWaveletIdIdAnd"
715 "WaveletIdDomainAndBlipBlipid"; 725 "WaveletIdDomainAndBlipBlipid";
716 TransportSecurityState::DomainState domain_state; 726 TransportSecurityState::DomainState domain_state;
717 // Just checks that we don't hit a NOTREACHED. 727 // Just checks that we don't hit a NOTREACHED.
718 EXPECT_FALSE(state.IsEnabledForHost(&domain_state, kLongName, true)); 728 EXPECT_FALSE(state.IsEnabledForHost(&domain_state, kLongName, true));
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after
753 TransportSecurityState state(""); 763 TransportSecurityState state("");
754 TransportSecurityState::DomainState domain_state; 764 TransportSecurityState::DomainState domain_state;
755 EXPECT_TRUE(state.IsEnabledForHost(&domain_state, 765 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
756 "chrome.google.com", 766 "chrome.google.com",
757 true)); 767 true));
758 EXPECT_TRUE(state.HasPinsForHost(&domain_state, "chrome.google.com", true)); 768 EXPECT_TRUE(state.HasPinsForHost(&domain_state, "chrome.google.com", true));
759 std::vector<SHA1Fingerprint> hashes; 769 std::vector<SHA1Fingerprint> hashes;
760 // This essential checks that a built-in list does exist. 770 // This essential checks that a built-in list does exist.
761 EXPECT_FALSE(domain_state.IsChainOfPublicKeysPermitted(hashes)); 771 EXPECT_FALSE(domain_state.IsChainOfPublicKeysPermitted(hashes));
762 EXPECT_FALSE(state.HasPinsForHost(&domain_state, "www.paypal.com", true)); 772 EXPECT_FALSE(state.HasPinsForHost(&domain_state, "www.paypal.com", true));
763 EXPECT_FALSE(state.HasPinsForHost(&domain_state, "twitter.com", true));
764 773
765 EXPECT_TRUE(state.HasPinsForHost(&domain_state, "docs.google.com", true)); 774 EXPECT_TRUE(state.HasPinsForHost(&domain_state, "docs.google.com", true));
766 EXPECT_TRUE(state.HasPinsForHost(&domain_state, "1.docs.google.com", true)); 775 EXPECT_TRUE(state.HasPinsForHost(&domain_state, "1.docs.google.com", true));
767 EXPECT_TRUE(state.HasPinsForHost(&domain_state, "sites.google.com", true)); 776 EXPECT_TRUE(state.HasPinsForHost(&domain_state, "sites.google.com", true));
768 EXPECT_TRUE(state.HasPinsForHost(&domain_state, "drive.google.com", true)); 777 EXPECT_TRUE(state.HasPinsForHost(&domain_state, "drive.google.com", true));
769 EXPECT_TRUE(state.HasPinsForHost(&domain_state, 778 EXPECT_TRUE(state.HasPinsForHost(&domain_state,
770 "spreadsheets.google.com", 779 "spreadsheets.google.com",
771 true)); 780 true));
772 EXPECT_TRUE(state.HasPinsForHost(&domain_state, "health.google.com", true)); 781 EXPECT_TRUE(state.HasPinsForHost(&domain_state, "health.google.com", true));
773 EXPECT_TRUE(state.HasPinsForHost(&domain_state, 782 EXPECT_TRUE(state.HasPinsForHost(&domain_state,
(...skipping 22 matching lines...) Expand all
796 EXPECT_TRUE(state.HasPinsForHost(&domain_state, 805 EXPECT_TRUE(state.HasPinsForHost(&domain_state,
797 "hostedtalkgadget.google.com", 806 "hostedtalkgadget.google.com",
798 true)); 807 true));
799 EXPECT_TRUE(state.HasPinsForHost(&domain_state, "talk.google.com", true)); 808 EXPECT_TRUE(state.HasPinsForHost(&domain_state, "talk.google.com", true));
800 EXPECT_TRUE(state.HasPinsForHost(&domain_state, "plus.google.com", true)); 809 EXPECT_TRUE(state.HasPinsForHost(&domain_state, "plus.google.com", true));
801 EXPECT_TRUE(state.HasPinsForHost(&domain_state, "ssl.gstatic.com", true)); 810 EXPECT_TRUE(state.HasPinsForHost(&domain_state, "ssl.gstatic.com", true));
802 EXPECT_FALSE(state.HasPinsForHost(&domain_state, "www.gstatic.com", true)); 811 EXPECT_FALSE(state.HasPinsForHost(&domain_state, "www.gstatic.com", true));
803 EXPECT_TRUE(state.HasPinsForHost(&domain_state, 812 EXPECT_TRUE(state.HasPinsForHost(&domain_state,
804 "ssl.google-analytics.com", 813 "ssl.google-analytics.com",
805 true)); 814 true));
815
816 EXPECT_TRUE(state.HasPinsForHost(&domain_state, "twitter.com", true));
817 EXPECT_FALSE(state.HasPinsForHost(&domain_state, "foo.twitter.com", true));
818 EXPECT_TRUE(state.HasPinsForHost(&domain_state, "www.twitter.com", true));
819 EXPECT_TRUE(state.HasPinsForHost(&domain_state, "api.twitter.com", true));
820 EXPECT_TRUE(state.HasPinsForHost(&domain_state, "oauth.twitter.com", true));
821 EXPECT_TRUE(state.HasPinsForHost(&domain_state, "mobile.twitter.com", true));
822 EXPECT_TRUE(state.HasPinsForHost(&domain_state, "dev.twitter.com", true));
823 EXPECT_TRUE(state.HasPinsForHost(&domain_state, "business.twitter.com", true)) ;
824 EXPECT_TRUE(state.HasPinsForHost(&domain_state, "platform.twitter.com", true)) ;
825 EXPECT_TRUE(state.HasPinsForHost(&domain_state, "si0.twimg.com", true));
826 EXPECT_TRUE(state.HasPinsForHost(&domain_state, "twimg0-a.akamaihd.net", true) );
806 } 827 }
807 828
808 TEST_F(TransportSecurityStateTest, OptionalHSTSCertPins) { 829 TEST_F(TransportSecurityStateTest, OptionalHSTSCertPins) {
809 TransportSecurityState state(""); 830 TransportSecurityState state("");
810 TransportSecurityState::DomainState domain_state; 831 TransportSecurityState::DomainState domain_state;
811 EXPECT_FALSE(state.IsEnabledForHost(&domain_state, 832 EXPECT_FALSE(state.IsEnabledForHost(&domain_state,
812 "www.google-analytics.com", 833 "www.google-analytics.com",
813 false)); 834 false));
814 EXPECT_FALSE(state.IsEnabledForHost(&domain_state, 835 EXPECT_FALSE(state.IsEnabledForHost(&domain_state,
815 "www.google-analytics.com", 836 "www.google-analytics.com",
(...skipping 166 matching lines...) Expand 10 before | Expand all | Expand 10 after
982 size_t bit = bit_to_flip & 7; 1003 size_t bit = bit_to_flip & 7;
983 side_info_copy[byte] ^= (1 << bit); 1004 side_info_copy[byte] ^= (1 << bit);
984 1005
985 EXPECT_FALSE(TransportSecurityState::ParseSidePin( 1006 EXPECT_FALSE(TransportSecurityState::ParseSidePin(
986 leaf_spki, side_info, &pub_key_hashes)); 1007 leaf_spki, side_info, &pub_key_hashes));
987 ASSERT_EQ(0u, pub_key_hashes.size()); 1008 ASSERT_EQ(0u, pub_key_hashes.size());
988 } 1009 }
989 } 1010 }
990 1011
991 } // namespace net 1012 } // namespace net
OLDNEW
« net/base/transport_security_state.cc ('K') | « net/base/transport_security_state.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698