chrome/browser/transport_security_persister_unittest.cc - Issue 9415040: Refactor TransportSecurityState.

Side by Side Diff: chrome/browser/transport_security_persister_unittest.cc

Issue 9415040: Refactor TransportSecurityState. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/

Patch Set: Created 8 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

« chrome/browser/transport_security_persister.cc ('K') | « chrome/browser/transport_security_persister.cc ('k') | chrome/browser/ui/webui/net_internals/net_internals_ui.cc » ('j') | chrome/browser/ui/webui/net_internals/net_internals_ui.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Property Changes:

Added: svn:eol-style
+ LF

OLD	NEW
(Empty)
	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #include "chrome/browser/transport_security_persister.h"

	6

	7 #include <string>

	8

	9 #include "net/base/transport_security_state.h"

	10 #include "net/base/x509_cert_types.h"

	11 #include "testing/gtest/include/gtest/gtest.h"

	12

	13 using net::TransportSecurityState;

	14

	15 TEST_F(TransportSecurityPersisterTest, Serialise1) {

	16 TransportSecurityState state;

	17 std::string output;

	18 TransportSecurityPersister persister;

	19 bool dirty;

	20

	21 EXPECT_TRUE(persister.Serialize(TransportSecurityState::Iterator(state),

	22 &output));

	23 EXPECT_TRUE(persister.LoadEntries(output, &dirty));

	24 EXPECT_FALSE(dirty);

	25 }

	26

	27 TEST_F(TransportSecurityPersisterTest, Serialise2) {

	28 TransportSecurityState state;

	29 TransportSecurityState::DomainState domain_state;

	30 const base::Time current_time(base::Time::Now());

	31 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);

	32

	33 EXPECT_FALSE(state.GetDomainState("yahoo.com", true, &domain_state));

	34 domain_state.upgrade_mode =

	35 TransportSecurityState::DomainState::MODE_FORCE_HTTPS;

	36 domain_state.upgrade_expiry = expiry;

	37 domain_state.include_subdomains = true;

	38 state.EnableHost("yahoo.com", domain_state);

	39

	40 std::string output;

	41 bool dirty;

	42 TransportSecurityPersister persister;

	43 EXPECT_TRUE(persister.Serialize(TransportSecurityState::Iterator(state),

	44 &output));

	45 EXPECT_TRUE(persister.LoadEntries(output, &dirty));

	46

	47 EXPECT_TRUE(state.GetDomainState("yahoo.com", true, &domain_state));

	48 EXPECT_EQ(domain_state.upgrade_mode,

	49 TransportSecurityState::DomainState::MODE_FORCE_HTTPS);

	50 EXPECT_TRUE(state.GetDomainState("foo.yahoo.com", true, &domain_state));

	51 EXPECT_EQ(domain_state.upgrade_mode,

	52 TransportSecurityState::DomainState::MODE_FORCE_HTTPS);

	53 EXPECT_TRUE(state.GetDomainState("foo.bar.yahoo.com", true, &domain_state));

	54 EXPECT_EQ(domain_state.upgrade_mode,

	55 TransportSecurityState::DomainState::MODE_FORCE_HTTPS);

	56 EXPECT_TRUE(state.GetDomainState("foo.bar.baz.yahoo.com", true,

	57 &domain_state));

	58 EXPECT_EQ(domain_state.upgrade_mode,

	59 TransportSecurityState::DomainState::MODE_FORCE_HTTPS);

	60 EXPECT_FALSE(state.GetDomainState("com", true, &domain_state));

	61 }

	62

	63 TEST_F(TransportSecurityPersisterTest, SerialiseOld) {

	64 TransportSecurityState state;

	65 TransportSecurityPersister persister;

	66 // This is an old-style piece of transport state JSON, which has no creation

	67 // date.

	68 std::string output =

	69 "{ "

	70 "\"NiyD+3J1r6z1wjl2n1ALBu94Zj9OsEAMo0kCN8js0Uk=\": {"

	71 "\"expiry\": 1266815027.983453, "

	72 "\"include_subdomains\": false, "

	73 "\"mode\": \"strict\" "

	74 "}"

	75 "}";
	Ryan Sleevi 2012/03/28 00:50:32 I think you should add additional variants, such a I think you should add additional variants, such as the SPDY handling, if this was something previously surfaced to users via command-line or UI and may have been serialized. palmer 2012/04/10 23:25:51 It was never used. From a source tree that does no Show quoted text > I think you should add additional variants, such as the SPDY handling, if this > was something previously surfaced to users via command-line or UI and may have > been serialized. It was never used. From a source tree that does not have this refactoring CL: ~/chromium/src $ search -v -n '\.(h\|cpp)$' -C SPDY_ONLY ./net/base/transport_security_state.h:50: // SPDY_ONLY (aka X-Bodge-Transport-Security) is a hopefully temporary ./net/base/transport_security_state.h:54: MODE_SPDY_ONLY = 2, ./net/base/transport_security_state.h ./net/base/transport_security_state_static.h:2095: case DomainState::MODE_SPDY_ONLY: ./net/base/transport_security_state_static.h:2202: mode = DomainState::MODE_SPDY_ONLY; ./net/base/transport_security_state_static.h So it's defined, and then handled in new code by agl that does not take this refactoring into account. Nobody else uses it; we'll remove the case from agl's code too.
	76 bool dirty;

	77 EXPECT_TRUE(persister.LoadEntries(output, &dirty));

	78 EXPECT_TRUE(dirty);

	79 }

	80

	81 TEST_F(TransportSecurityPersisterTest, PublicKeyHashes) {

	82 TransportSecurityState state;

	83 TransportSecurityState::DomainState domain_state;

	84 TransportSecurityPersister persister;

	85 EXPECT_FALSE(state.GetDomainState("example.com", false, &domain_state));

	86 FingerprintVector hashes;

	87 EXPECT_TRUE(domain_state.IsChainOfPublicKeysPermitted(hashes));

	88

	89 SHA1Fingerprint hash;

	90 memset(hash.data, '1', sizeof(hash.data));

	91 domain_state.static_spki_hashes.push_back(hash);

	92

	93 EXPECT_FALSE(domain_state.IsChainOfPublicKeysPermitted(hashes));

	94 hashes.push_back(hash);

	95 EXPECT_TRUE(domain_state.IsChainOfPublicKeysPermitted(hashes));

	96 hashes[0].data[0] = '2';

	97 EXPECT_FALSE(domain_state.IsChainOfPublicKeysPermitted(hashes));

	98

	99 const base::Time current_time(base::Time::Now());

	100 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);

	101 domain_state.upgrade_expiry = expiry;

	102 state.EnableHost("example.com", domain_state);

	103 std::string ser;

	104 EXPECT_TRUE(persister.Serialize(TransportSecurityState::Iterator(state),

	105 &ser));

	106 bool dirty;

	107 EXPECT_TRUE(persister.LoadEntries(ser, &dirty));

	108 EXPECT_TRUE(state.GetDomainState("example.com", false, &domain_state));

	109 EXPECT_EQ(1u, domain_state.static_spki_hashes.size());

	110 EXPECT_EQ(0, memcmp(domain_state.static_spki_hashes[0].data, hash.data,

	111 sizeof(hash.data)));

	112 }

	113

	114 TEST_F(TransportSecurityPersisterTest, ForcePreloads) {

	115 // This is a docs.google.com override.
	Ryan Sleevi 2012/03/28 00:50:32 Could you expand this comment? It's not clear wha Could you expand this comment? It's not clear what it's an override of - an internal preload? palmer 2012/04/10 23:25:51 Done. Show quoted text On 2012/03/28 00:50:32, Ryan Sleevi wrote: > Could you expand this comment? > > It's not clear what it's an override of - an internal preload? Done.
	116 std::string preload("{"

	117 "\"4AGT3lHihuMSd5rUj7B4u6At0jlSH3HFePovjPR+oLE=\": {"

	118 "\"created\": 0.0,"

	119 "\"expiry\": 2000000000.0,"

	120 "\"include_subdomains\": false,"

	121 "\"mode\": \"pinning-only\""

	122 "}}");

	123

	124 TransportSecurityPersister persister;

	125 EXPECT_TRUE(persister.LoadEntries(preload, &dirty));

	126 EXPECT_TRUE(dirty);

	127

	128 TransportSecurityState state(preload);

	129 TransportSecurityState::DomainState domain_state;

	130 EXPECT_TRUE(state.GetDomainState("docs.google.com", true, &domain_state));

	131 EXPECT_FALSE(HasPins(domain_state));

	132 EXPECT_FALSE(domain_state.ShouldRedirectHTTPToHTTPS());

	133 }

	134

OLD	NEW