Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1079)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/transport_security_persister_unittest.cc

Issue 9415040: Refactor TransportSecurityState. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Created 8 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« chrome/browser/transport_security_persister.cc ('K') | « chrome/browser/transport_security_persister.cc ('k') | chrome/browser/ui/webui/net_internals/net_internals_ui.cc » ('j') | net/base/transport_security_state.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/transport_security_persister_unittest.cc
===================================================================
--- chrome/browser/transport_security_persister_unittest.cc (revision 0)
+++ chrome/browser/transport_security_persister_unittest.cc (revision 0)
@@ -0,0 +1,148 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/transport_security_persister.h"
+
+#include <string>
+
+#include "base/bind.h"
+#include "base/file_path.h"
+#include "base/message_loop.h"
+#include "base/scoped_temp_dir.h"
+#include "content/test/test_browser_thread.h"
+#include "content/public/browser/browser_thread.h"
+#include "net/base/transport_security_state.h"
+#include "net/base/x509_cert_types.h"
+#include "testing/gtest/include/gtest/gtest.h"
+
+using net::TransportSecurityState;
+using content::BrowserThread;
+
+class TransportSecurityPersisterTest : public testing::Test {
+ public:
+ TransportSecurityPersisterTest()
+ : test_io_thread(BrowserThread::IO, &message_loop),
+ persister(&state, temp_dir.path(), false)
+ { }
Ryan Sleevi 2012/04/26 19:21:12 nit: the opening brace should be on the end of lin
palmer 2012/04/27 23:52:34 Done.
+
+ virtual void SetUp() {
+ }
Ryan Sleevi 2012/04/26 19:21:12 nit: Move this up to line 29, in keeping with htt
palmer 2012/04/27 23:52:34 Done.
+
+ MessageLoop message_loop;
+ content::TestBrowserThread test_io_thread;
Ryan Sleevi 2012/04/26 19:21:12 I don't see any tests covering serializing from ac
palmer 2012/04/27 23:52:34 Done.
+ ScopedTempDir temp_dir;
+ TransportSecurityPersister persister;
+ TransportSecurityState state;
+};
+
+TEST_F(TransportSecurityPersisterTest, SerializeData1) {
+ std::string output;
+ bool dirty;
+
+ EXPECT_TRUE(persister.SerializeData(&output));
+ EXPECT_TRUE(persister.LoadEntries(output, &dirty));
+ EXPECT_FALSE(dirty);
+}
+
+TEST_F(TransportSecurityPersisterTest, SerializeData2) {
+ TransportSecurityState::DomainState domain_state;
+ const base::Time current_time(base::Time::Now());
+ const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
+
+ EXPECT_FALSE(state.GetDomainState("yahoo.com", true, &domain_state));
+ domain_state.upgrade_mode =
+ TransportSecurityState::DomainState::MODE_FORCE_HTTPS;
+ domain_state.upgrade_expiry = expiry;
+ domain_state.include_subdomains = true;
+ state.EnableHost("yahoo.com", domain_state);
+
+ std::string output;
+ bool dirty;
+ EXPECT_TRUE(persister.SerializeData(&output));
+ EXPECT_TRUE(persister.LoadEntries(output, &dirty));
+
+ EXPECT_TRUE(state.GetDomainState("yahoo.com", true, &domain_state));
+ EXPECT_EQ(domain_state.upgrade_mode,
+ TransportSecurityState::DomainState::MODE_FORCE_HTTPS);
+ EXPECT_TRUE(state.GetDomainState("foo.yahoo.com", true, &domain_state));
+ EXPECT_EQ(domain_state.upgrade_mode,
+ TransportSecurityState::DomainState::MODE_FORCE_HTTPS);
+ EXPECT_TRUE(state.GetDomainState("foo.bar.yahoo.com", true, &domain_state));
+ EXPECT_EQ(domain_state.upgrade_mode,
+ TransportSecurityState::DomainState::MODE_FORCE_HTTPS);
+ EXPECT_TRUE(state.GetDomainState("foo.bar.baz.yahoo.com", true,
+ &domain_state));
+ EXPECT_EQ(domain_state.upgrade_mode,
+ TransportSecurityState::DomainState::MODE_FORCE_HTTPS);
+ EXPECT_FALSE(state.GetDomainState("com", true, &domain_state));
+}
+
+TEST_F(TransportSecurityPersisterTest, SerializeDataOld) {
+ // This is an old-style piece of transport state JSON, which has no creation
+ // date.
+ std::string output =
+ "{ "
+ "\"NiyD+3J1r6z1wjl2n1ALBu94Zj9OsEAMo0kCN8js0Uk=\": {"
+ "\"expiry\": 1266815027.983453, "
+ "\"include_subdomains\": false, "
+ "\"mode\": \"strict\" "
+ "}"
+ "}";
+ bool dirty;
+ EXPECT_TRUE(persister.LoadEntries(output, &dirty));
+ EXPECT_TRUE(dirty);
+}
+
+TEST_F(TransportSecurityPersisterTest, PublicKeyHashes) {
+ TransportSecurityState::DomainState domain_state;
+ EXPECT_FALSE(state.GetDomainState("example.com", false, &domain_state));
+ net::FingerprintVector hashes;
+ EXPECT_TRUE(domain_state.IsChainOfPublicKeysPermitted(hashes));
+
+ net::SHA1Fingerprint hash;
+ memset(hash.data, '1', sizeof(hash.data));
+ domain_state.static_spki_hashes.push_back(hash);
+
+ EXPECT_FALSE(domain_state.IsChainOfPublicKeysPermitted(hashes));
+ hashes.push_back(hash);
+ EXPECT_TRUE(domain_state.IsChainOfPublicKeysPermitted(hashes));
+ hashes[0].data[0] = '2';
+ EXPECT_FALSE(domain_state.IsChainOfPublicKeysPermitted(hashes));
+
+ const base::Time current_time(base::Time::Now());
+ const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
+ domain_state.upgrade_expiry = expiry;
+ state.EnableHost("example.com", domain_state);
+ std::string ser;
+ EXPECT_TRUE(persister.SerializeData(&ser));
+ bool dirty;
+ EXPECT_TRUE(persister.LoadEntries(ser, &dirty));
+ EXPECT_TRUE(state.GetDomainState("example.com", false, &domain_state));
+ EXPECT_EQ(1u, domain_state.static_spki_hashes.size());
+ EXPECT_EQ(0, memcmp(domain_state.static_spki_hashes[0].data, hash.data,
+ sizeof(hash.data)));
+}
+
+TEST_F(TransportSecurityPersisterTest, ForcePreloads) {
+ // The static state for docs.google.com, defined in
+ // net/base/transport_security_state_static.h, has pins and mode strict.
+ // This new policy overrides that with no pins and a weaker mode. We apply
+ // this new policy with |DeserializeFromCommandLine| and expect that the
+ // new policy is in effect, overriding the static policy.
+ std::string preload("{"
+ "\"4AGT3lHihuMSd5rUj7B4u6At0jlSH3HFePovjPR+oLE=\": {"
+ "\"created\": 0.0,"
+ "\"expiry\": 2000000000.0,"
+ "\"include_subdomains\": false,"
+ "\"mode\": \"pinning-only\""
+ "}}");
+
+ EXPECT_TRUE(persister.DeserializeFromCommandLine(preload));
+
+ TransportSecurityState::DomainState domain_state;
+ EXPECT_TRUE(state.GetDomainState("docs.google.com", true, &domain_state));
+ EXPECT_FALSE(domain_state.HasPins());
+ EXPECT_FALSE(domain_state.ShouldRedirectHTTPToHTTPS());
+}
+
Property changes on: chrome/browser/transport_security_persister_unittest.cc
___________________________________________________________________
Added: svn:eol-style
+ LF
« chrome/browser/transport_security_persister.cc ('K') | « chrome/browser/transport_security_persister.cc ('k') | chrome/browser/ui/webui/net_internals/net_internals_ui.cc » ('j') | net/base/transport_security_state.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698