chrome/browser/transport_security_persister_unittest.cc - Issue 9415040: Refactor TransportSecurityState.

Unified Diff: chrome/browser/transport_security_persister_unittest.cc

Issue 9415040: Refactor TransportSecurityState. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/

Patch Set: Created 8 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

« no previous file with comments | « chrome/browser/transport_security_persister.cc ('k') | chrome/browser/ui/webui/net_internals/net_internals_ui.cc » ('j') | chrome/browser/ui/webui/net_internals/net_internals_ui.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: chrome/browser/transport_security_persister_unittest.cc

===================================================================

--- chrome/browser/transport_security_persister_unittest.cc (revision 0)

+++ chrome/browser/transport_security_persister_unittest.cc (revision 0)

@@ -0,0 +1,134 @@

+// Use of this source code is governed by a BSD-style license that can be

+// found in the LICENSE file.

+#include "chrome/browser/transport_security_persister.h"

+#include <string>

+#include "net/base/transport_security_state.h"

+#include "net/base/x509_cert_types.h"

+#include "testing/gtest/include/gtest/gtest.h"

+using net::TransportSecurityState;

+TEST_F(TransportSecurityPersisterTest, Serialise1) {

+ TransportSecurityState state;

+ std::string output;

+ TransportSecurityPersister persister;

+ bool dirty;

+ EXPECT_TRUE(persister.Serialize(TransportSecurityState::Iterator(state),

+ &output));

+ EXPECT_TRUE(persister.LoadEntries(output, &dirty));

+ EXPECT_FALSE(dirty);

+TEST_F(TransportSecurityPersisterTest, Serialise2) {

+ TransportSecurityState state;

+ TransportSecurityState::DomainState domain_state;

+ const base::Time current_time(base::Time::Now());

+ const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);

+ EXPECT_FALSE(state.GetDomainState("yahoo.com", true, &domain_state));

+ domain_state.upgrade_mode =

+ TransportSecurityState::DomainState::MODE_FORCE_HTTPS;

+ domain_state.upgrade_expiry = expiry;

+ domain_state.include_subdomains = true;

+ state.EnableHost("yahoo.com", domain_state);

+ std::string output;

+ bool dirty;

+ TransportSecurityPersister persister;

+ EXPECT_TRUE(persister.Serialize(TransportSecurityState::Iterator(state),

+ &output));

+ EXPECT_TRUE(persister.LoadEntries(output, &dirty));

+ EXPECT_TRUE(state.GetDomainState("yahoo.com", true, &domain_state));

+ EXPECT_EQ(domain_state.upgrade_mode,

+ TransportSecurityState::DomainState::MODE_FORCE_HTTPS);

+ EXPECT_TRUE(state.GetDomainState("foo.yahoo.com", true, &domain_state));

+ EXPECT_EQ(domain_state.upgrade_mode,

+ TransportSecurityState::DomainState::MODE_FORCE_HTTPS);

+ EXPECT_TRUE(state.GetDomainState("foo.bar.yahoo.com", true, &domain_state));

+ EXPECT_EQ(domain_state.upgrade_mode,

+ TransportSecurityState::DomainState::MODE_FORCE_HTTPS);

+ EXPECT_TRUE(state.GetDomainState("foo.bar.baz.yahoo.com", true,

+ &domain_state));

+ EXPECT_EQ(domain_state.upgrade_mode,

+ TransportSecurityState::DomainState::MODE_FORCE_HTTPS);

+ EXPECT_FALSE(state.GetDomainState("com", true, &domain_state));

+TEST_F(TransportSecurityPersisterTest, SerialiseOld) {

+ TransportSecurityState state;

+ TransportSecurityPersister persister;

+ // This is an old-style piece of transport state JSON, which has no creation

+ // date.

+ std::string output =

+ "{ "

+ "\"NiyD+3J1r6z1wjl2n1ALBu94Zj9OsEAMo0kCN8js0Uk=\": {"

+ "\"expiry\": 1266815027.983453, "

+ "\"include_subdomains\": false, "

+ "\"mode\": \"strict\" "

+ "}"

+ "}";

+ bool dirty;

+ EXPECT_TRUE(persister.LoadEntries(output, &dirty));

+ EXPECT_TRUE(dirty);

+TEST_F(TransportSecurityPersisterTest, PublicKeyHashes) {

+ TransportSecurityState state;

+ TransportSecurityState::DomainState domain_state;

+ TransportSecurityPersister persister;

+ EXPECT_FALSE(state.GetDomainState("example.com", false, &domain_state));

+ FingerprintVector hashes;

+ EXPECT_TRUE(domain_state.IsChainOfPublicKeysPermitted(hashes));

+ SHA1Fingerprint hash;

+ memset(hash.data, '1', sizeof(hash.data));

+ domain_state.static_spki_hashes.push_back(hash);

+ EXPECT_FALSE(domain_state.IsChainOfPublicKeysPermitted(hashes));

+ hashes.push_back(hash);

+ EXPECT_TRUE(domain_state.IsChainOfPublicKeysPermitted(hashes));

+ hashes[0].data[0] = '2';

+ EXPECT_FALSE(domain_state.IsChainOfPublicKeysPermitted(hashes));

+ const base::Time current_time(base::Time::Now());

+ const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);

+ domain_state.upgrade_expiry = expiry;

+ state.EnableHost("example.com", domain_state);

+ std::string ser;

+ EXPECT_TRUE(persister.Serialize(TransportSecurityState::Iterator(state),

+ &ser));

+ bool dirty;

+ EXPECT_TRUE(persister.LoadEntries(ser, &dirty));

+ EXPECT_TRUE(state.GetDomainState("example.com", false, &domain_state));

+ EXPECT_EQ(1u, domain_state.static_spki_hashes.size());

+ EXPECT_EQ(0, memcmp(domain_state.static_spki_hashes[0].data, hash.data,

+ sizeof(hash.data)));

+TEST_F(TransportSecurityPersisterTest, ForcePreloads) {

+ // This is a docs.google.com override.

+ std::string preload("{"

+ "\"4AGT3lHihuMSd5rUj7B4u6At0jlSH3HFePovjPR+oLE=\": {"

+ "\"created\": 0.0,"

+ "\"expiry\": 2000000000.0,"

+ "\"include_subdomains\": false,"

+ "\"mode\": \"pinning-only\""

+ "}}");

+ TransportSecurityPersister persister;

+ EXPECT_TRUE(persister.LoadEntries(preload, &dirty));

+ EXPECT_TRUE(dirty);

+ TransportSecurityState state(preload);

+ TransportSecurityState::DomainState domain_state;

+ EXPECT_TRUE(state.GetDomainState("docs.google.com", true, &domain_state));

+ EXPECT_FALSE(HasPins(domain_state));

+ EXPECT_FALSE(domain_state.ShouldRedirectHTTPToHTTPS());

Property changes on: chrome/browser/transport_security_persister_unittest.cc

___________________________________________________________________

Added: svn:eol-style

+ LF