| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "chrome/browser/transport_security_persister.h" |
| 6 |
| 7 #include <string> |
| 8 |
| 9 #include "net/base/transport_security_state.h" |
| 10 #include "net/base/x509_cert_types.h" |
| 11 #include "testing/gtest/include/gtest/gtest.h" |
| 12 |
| 13 using net::TransportSecurityState; |
| 14 |
| 15 TEST_F(TransportSecurityPersisterTest, Serialise1) { |
| 16 TransportSecurityState state; |
| 17 std::string output; |
| 18 TransportSecurityPersister persister; |
| 19 bool dirty; |
| 20 |
| 21 EXPECT_TRUE(persister.Serialize(TransportSecurityState::Iterator(state), |
| 22 &output)); |
| 23 EXPECT_TRUE(persister.LoadEntries(output, &dirty)); |
| 24 EXPECT_FALSE(dirty); |
| 25 } |
| 26 |
| 27 TEST_F(TransportSecurityPersisterTest, Serialise2) { |
| 28 TransportSecurityState state; |
| 29 TransportSecurityState::DomainState domain_state; |
| 30 const base::Time current_time(base::Time::Now()); |
| 31 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); |
| 32 |
| 33 EXPECT_FALSE(state.GetDomainState("yahoo.com", true, &domain_state)); |
| 34 domain_state.upgrade_mode = |
| 35 TransportSecurityState::DomainState::MODE_FORCE_HTTPS; |
| 36 domain_state.upgrade_expiry = expiry; |
| 37 domain_state.include_subdomains = true; |
| 38 state.EnableHost("yahoo.com", domain_state); |
| 39 |
| 40 std::string output; |
| 41 bool dirty; |
| 42 TransportSecurityPersister persister; |
| 43 EXPECT_TRUE(persister.Serialize(TransportSecurityState::Iterator(state), |
| 44 &output)); |
| 45 EXPECT_TRUE(persister.LoadEntries(output, &dirty)); |
| 46 |
| 47 EXPECT_TRUE(state.GetDomainState("yahoo.com", true, &domain_state)); |
| 48 EXPECT_EQ(domain_state.upgrade_mode, |
| 49 TransportSecurityState::DomainState::MODE_FORCE_HTTPS); |
| 50 EXPECT_TRUE(state.GetDomainState("foo.yahoo.com", true, &domain_state)); |
| 51 EXPECT_EQ(domain_state.upgrade_mode, |
| 52 TransportSecurityState::DomainState::MODE_FORCE_HTTPS); |
| 53 EXPECT_TRUE(state.GetDomainState("foo.bar.yahoo.com", true, &domain_state)); |
| 54 EXPECT_EQ(domain_state.upgrade_mode, |
| 55 TransportSecurityState::DomainState::MODE_FORCE_HTTPS); |
| 56 EXPECT_TRUE(state.GetDomainState("foo.bar.baz.yahoo.com", true, |
| 57 &domain_state)); |
| 58 EXPECT_EQ(domain_state.upgrade_mode, |
| 59 TransportSecurityState::DomainState::MODE_FORCE_HTTPS); |
| 60 EXPECT_FALSE(state.GetDomainState("com", true, &domain_state)); |
| 61 } |
| 62 |
| 63 TEST_F(TransportSecurityPersisterTest, SerialiseOld) { |
| 64 TransportSecurityState state; |
| 65 TransportSecurityPersister persister; |
| 66 // This is an old-style piece of transport state JSON, which has no creation |
| 67 // date. |
| 68 std::string output = |
| 69 "{ " |
| 70 "\"NiyD+3J1r6z1wjl2n1ALBu94Zj9OsEAMo0kCN8js0Uk=\": {" |
| 71 "\"expiry\": 1266815027.983453, " |
| 72 "\"include_subdomains\": false, " |
| 73 "\"mode\": \"strict\" " |
| 74 "}" |
| 75 "}"; |
| 76 bool dirty; |
| 77 EXPECT_TRUE(persister.LoadEntries(output, &dirty)); |
| 78 EXPECT_TRUE(dirty); |
| 79 } |
| 80 |
| 81 TEST_F(TransportSecurityPersisterTest, PublicKeyHashes) { |
| 82 TransportSecurityState state; |
| 83 TransportSecurityState::DomainState domain_state; |
| 84 TransportSecurityPersister persister; |
| 85 EXPECT_FALSE(state.GetDomainState("example.com", false, &domain_state)); |
| 86 FingerprintVector hashes; |
| 87 EXPECT_TRUE(domain_state.IsChainOfPublicKeysPermitted(hashes)); |
| 88 |
| 89 SHA1Fingerprint hash; |
| 90 memset(hash.data, '1', sizeof(hash.data)); |
| 91 domain_state.static_spki_hashes.push_back(hash); |
| 92 |
| 93 EXPECT_FALSE(domain_state.IsChainOfPublicKeysPermitted(hashes)); |
| 94 hashes.push_back(hash); |
| 95 EXPECT_TRUE(domain_state.IsChainOfPublicKeysPermitted(hashes)); |
| 96 hashes[0].data[0] = '2'; |
| 97 EXPECT_FALSE(domain_state.IsChainOfPublicKeysPermitted(hashes)); |
| 98 |
| 99 const base::Time current_time(base::Time::Now()); |
| 100 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); |
| 101 domain_state.upgrade_expiry = expiry; |
| 102 state.EnableHost("example.com", domain_state); |
| 103 std::string ser; |
| 104 EXPECT_TRUE(persister.Serialize(TransportSecurityState::Iterator(state), |
| 105 &ser)); |
| 106 bool dirty; |
| 107 EXPECT_TRUE(persister.LoadEntries(ser, &dirty)); |
| 108 EXPECT_TRUE(state.GetDomainState("example.com", false, &domain_state)); |
| 109 EXPECT_EQ(1u, domain_state.static_spki_hashes.size()); |
| 110 EXPECT_EQ(0, memcmp(domain_state.static_spki_hashes[0].data, hash.data, |
| 111 sizeof(hash.data))); |
| 112 } |
| 113 |
| 114 TEST_F(TransportSecurityPersisterTest, ForcePreloads) { |
| 115 // This is a docs.google.com override. |
| 116 std::string preload("{" |
| 117 "\"4AGT3lHihuMSd5rUj7B4u6At0jlSH3HFePovjPR+oLE=\": {" |
| 118 "\"created\": 0.0," |
| 119 "\"expiry\": 2000000000.0," |
| 120 "\"include_subdomains\": false," |
| 121 "\"mode\": \"pinning-only\"" |
| 122 "}}"); |
| 123 |
| 124 TransportSecurityPersister persister; |
| 125 EXPECT_TRUE(persister.LoadEntries(preload, &dirty)); |
| 126 EXPECT_TRUE(dirty); |
| 127 |
| 128 TransportSecurityState state(preload); |
| 129 TransportSecurityState::DomainState domain_state; |
| 130 EXPECT_TRUE(state.GetDomainState("docs.google.com", true, &domain_state)); |
| 131 EXPECT_FALSE(HasPins(domain_state)); |
| 132 EXPECT_FALSE(domain_state.ShouldRedirectHTTPToHTTPS()); |
| 133 } |
| 134 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 9415040:
Refactor TransportSecurityState. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/