OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "base/string_piece.h" | 5 #include "base/string_piece.h" |
6 #include "net/base/transport_security_state.h" | 6 #include "net/base/transport_security_state.h" |
7 #include "testing/gtest/include/gtest/gtest.h" | 7 #include "testing/gtest/include/gtest/gtest.h" |
8 | 8 |
9 #if defined(USE_OPENSSL) | 9 #if defined(USE_OPENSSL) |
10 #include "crypto/openssl_util.h" | 10 #include "crypto/openssl_util.h" |
(...skipping 1014 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1025 size_t byte = bit_to_flip >> 3; | 1025 size_t byte = bit_to_flip >> 3; |
1026 size_t bit = bit_to_flip & 7; | 1026 size_t bit = bit_to_flip & 7; |
1027 side_info_copy[byte] ^= (1 << bit); | 1027 side_info_copy[byte] ^= (1 << bit); |
1028 | 1028 |
1029 EXPECT_FALSE(TransportSecurityState::ParseSidePin( | 1029 EXPECT_FALSE(TransportSecurityState::ParseSidePin( |
1030 leaf_spki, side_info, &pub_key_hashes)); | 1030 leaf_spki, side_info, &pub_key_hashes)); |
1031 ASSERT_EQ(0u, pub_key_hashes.size()); | 1031 ASSERT_EQ(0u, pub_key_hashes.size()); |
1032 } | 1032 } |
1033 } | 1033 } |
1034 | 1034 |
| 1035 TEST_F(TransportSecurityStateTest, GooglePinnedProperties) { |
| 1036 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty( |
| 1037 "www.example.com", true)); |
| 1038 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty( |
| 1039 "www.paypal.com", true)); |
| 1040 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty( |
| 1041 "mail.twitter.com", true)); |
| 1042 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty( |
| 1043 "www.google.com.int", true)); |
| 1044 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty( |
| 1045 "jottit.com", true)); |
| 1046 // learn.doubleclick.net has a more specific match than |
| 1047 // *.doubleclick.com, and has 0 or NULL for its required certs. |
| 1048 // This test ensures that the exact-match-preferred behavior |
| 1049 // works. |
| 1050 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty( |
| 1051 "learn.doubleclick.net", true)); |
| 1052 |
| 1053 EXPECT_TRUE(TransportSecurityState::IsGooglePinnedProperty( |
| 1054 "encrypted.google.com", true)); |
| 1055 EXPECT_TRUE(TransportSecurityState::IsGooglePinnedProperty( |
| 1056 "mail.google.com", true)); |
| 1057 EXPECT_TRUE(TransportSecurityState::IsGooglePinnedProperty( |
| 1058 "accounts.google.com", true)); |
| 1059 EXPECT_TRUE(TransportSecurityState::IsGooglePinnedProperty( |
| 1060 "doubleclick.net", true)); |
| 1061 EXPECT_TRUE(TransportSecurityState::IsGooglePinnedProperty( |
| 1062 "ad.doubleclick.net", true)); |
| 1063 EXPECT_TRUE(TransportSecurityState::IsGooglePinnedProperty( |
| 1064 "youtube.com", true)); |
| 1065 EXPECT_TRUE(TransportSecurityState::IsGooglePinnedProperty( |
| 1066 "www.profiles.google.com", true)); |
| 1067 EXPECT_TRUE(TransportSecurityState::IsGooglePinnedProperty( |
| 1068 "checkout.google.com", true)); |
| 1069 EXPECT_TRUE(TransportSecurityState::IsGooglePinnedProperty( |
| 1070 "googleadservices.com", true)); |
| 1071 |
| 1072 // Test with sni_enabled false: |
| 1073 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty( |
| 1074 "www.example.com", false)); |
| 1075 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty( |
| 1076 "www.paypal.com", false)); |
| 1077 EXPECT_TRUE(TransportSecurityState::IsGooglePinnedProperty( |
| 1078 "checkout.google.com", false)); |
| 1079 EXPECT_TRUE(TransportSecurityState::IsGooglePinnedProperty( |
| 1080 "googleadservices.com", false)); |
| 1081 |
| 1082 // Test some SNI hosts: |
| 1083 EXPECT_TRUE(TransportSecurityState::IsGooglePinnedProperty( |
| 1084 "gmail.com", true)); |
| 1085 EXPECT_TRUE(TransportSecurityState::IsGooglePinnedProperty( |
| 1086 "googlegroups.com", true)); |
| 1087 EXPECT_TRUE(TransportSecurityState::IsGooglePinnedProperty( |
| 1088 "www.googlegroups.com", true)); |
| 1089 // Expect to fail for SNI hosts when not searching the SNI list: |
| 1090 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty( |
| 1091 "gmail.com", false)); |
| 1092 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty( |
| 1093 "googlegroups.com", false)); |
| 1094 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty( |
| 1095 "www.googlegroups.com", false)); |
| 1096 } |
| 1097 |
1035 } // namespace net | 1098 } // namespace net |
OLD | NEW |