Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(417)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/base/transport_security_state_unittest.cc

Issue 8302019: Recommit fraudulent certificate reporting infrastructure. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: '' Created 9 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/base/transport_security_state.cc ('k') | net/data/ssl/certificates/README » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "base/string_piece.h" 5 #include "base/string_piece.h"
6 #include "net/base/transport_security_state.h" 6 #include "net/base/transport_security_state.h"
7 #include "testing/gtest/include/gtest/gtest.h" 7 #include "testing/gtest/include/gtest/gtest.h"
8 8
9 #if defined(USE_OPENSSL) 9 #if defined(USE_OPENSSL)
10 #include "crypto/openssl_util.h" 10 #include "crypto/openssl_util.h"
(...skipping 1014 matching lines...) Expand 10 before | Expand all | Expand 10 after
1025 size_t byte = bit_to_flip >> 3; 1025 size_t byte = bit_to_flip >> 3;
1026 size_t bit = bit_to_flip & 7; 1026 size_t bit = bit_to_flip & 7;
1027 side_info_copy[byte] ^= (1 << bit); 1027 side_info_copy[byte] ^= (1 << bit);
1028 1028
1029 EXPECT_FALSE(TransportSecurityState::ParseSidePin( 1029 EXPECT_FALSE(TransportSecurityState::ParseSidePin(
1030 leaf_spki, side_info, &pub_key_hashes)); 1030 leaf_spki, side_info, &pub_key_hashes));
1031 ASSERT_EQ(0u, pub_key_hashes.size()); 1031 ASSERT_EQ(0u, pub_key_hashes.size());
1032 } 1032 }
1033 } 1033 }
1034 1034
1035 TEST_F(TransportSecurityStateTest, GooglePinnedProperties) {
1036 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty(
1037 "www.example.com", true));
1038 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty(
1039 "www.paypal.com", true));
1040 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty(
1041 "mail.twitter.com", true));
1042 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty(
1043 "www.google.com.int", true));
1044 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty(
1045 "jottit.com", true));
1046 // learn.doubleclick.net has a more specific match than
1047 // *.doubleclick.com, and has 0 or NULL for its required certs.
1048 // This test ensures that the exact-match-preferred behavior
1049 // works.
1050 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty(
1051 "learn.doubleclick.net", true));
1052
1053 EXPECT_TRUE(TransportSecurityState::IsGooglePinnedProperty(
1054 "encrypted.google.com", true));
1055 EXPECT_TRUE(TransportSecurityState::IsGooglePinnedProperty(
1056 "mail.google.com", true));
1057 EXPECT_TRUE(TransportSecurityState::IsGooglePinnedProperty(
1058 "accounts.google.com", true));
1059 EXPECT_TRUE(TransportSecurityState::IsGooglePinnedProperty(
1060 "doubleclick.net", true));
1061 EXPECT_TRUE(TransportSecurityState::IsGooglePinnedProperty(
1062 "ad.doubleclick.net", true));
1063 EXPECT_TRUE(TransportSecurityState::IsGooglePinnedProperty(
1064 "youtube.com", true));
1065 EXPECT_TRUE(TransportSecurityState::IsGooglePinnedProperty(
1066 "www.profiles.google.com", true));
1067 EXPECT_TRUE(TransportSecurityState::IsGooglePinnedProperty(
1068 "checkout.google.com", true));
1069 EXPECT_TRUE(TransportSecurityState::IsGooglePinnedProperty(
1070 "googleadservices.com", true));
1071
1072 // Test with sni_enabled false:
1073 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty(
1074 "www.example.com", false));
1075 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty(
1076 "www.paypal.com", false));
1077 EXPECT_TRUE(TransportSecurityState::IsGooglePinnedProperty(
1078 "checkout.google.com", false));
1079 EXPECT_TRUE(TransportSecurityState::IsGooglePinnedProperty(
1080 "googleadservices.com", false));
1081
1082 // Test some SNI hosts:
1083 EXPECT_TRUE(TransportSecurityState::IsGooglePinnedProperty(
1084 "gmail.com", true));
1085 EXPECT_TRUE(TransportSecurityState::IsGooglePinnedProperty(
1086 "googlegroups.com", true));
1087 EXPECT_TRUE(TransportSecurityState::IsGooglePinnedProperty(
1088 "www.googlegroups.com", true));
1089 // Expect to fail for SNI hosts when not searching the SNI list:
1090 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty(
1091 "gmail.com", false));
1092 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty(
1093 "googlegroups.com", false));
1094 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty(
1095 "www.googlegroups.com", false));
1096 }
1097
1035 } // namespace net 1098 } // namespace net
OLDNEW
« no previous file with comments | « net/base/transport_security_state.cc ('k') | net/data/ssl/certificates/README » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698