Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(805)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/http/transport_security_state_unittest.cc

Issue 103803012: Make HSTS headers not clobber preloaded pins. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 7 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« net/http/transport_security_state.cc ('K') | « net/http/transport_security_state.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/http/transport_security_state.h" 5 #include "net/http/transport_security_state.h"
6 6
7 #include <algorithm> 7 #include <algorithm>
8 #include <string> 8 #include <string>
9 #include <vector> 9 #include <vector>
10 10
(...skipping 216 matching lines...) Expand 10 before | Expand all | Expand 10 after
227 TransportSecurityState::DomainState domain_state; 227 TransportSecurityState::DomainState domain_state;
228 if (!state.GetDomainState(hostname, true /* SNI ok */, &domain_state)) 228 if (!state.GetDomainState(hostname, true /* SNI ok */, &domain_state))
229 return false; 229 return false;
230 230
231 return (domain_state.static_spki_hashes.size() > 0 || 231 return (domain_state.static_spki_hashes.size() > 0 ||
232 domain_state.bad_static_spki_hashes.size() > 0 || 232 domain_state.bad_static_spki_hashes.size() > 0 ||
233 domain_state.dynamic_spki_hashes.size() > 0) && 233 domain_state.dynamic_spki_hashes.size() > 0) &&
234 !domain_state.ShouldUpgradeToSSL(); 234 !domain_state.ShouldUpgradeToSSL();
235 } 235 }
236 236
237 TEST_F(TransportSecurityStateTest, NoClobberPins) {
238 TransportSecurityState state;
239 TransportSecurityState::DomainState domain_state;
240
241 EXPECT_TRUE(state.GetDomainState("accounts.google.com", true, &domain_state));
242 EXPECT_TRUE(HasPublicKeyPins("accounts.google.com"));
243 EXPECT_TRUE(state.AddHSTSHeader("accounts.google.com",
244 "includesubdomains; max-age=1000000"));
245 EXPECT_TRUE(HasPublicKeyPins("accounts.google.com"));
246 }
247
237 TEST_F(TransportSecurityStateTest, Preloaded) { 248 TEST_F(TransportSecurityStateTest, Preloaded) {
238 TransportSecurityState state; 249 TransportSecurityState state;
239 TransportSecurityState::DomainState domain_state; 250 TransportSecurityState::DomainState domain_state;
240 251
241 // We do more extensive checks for the first domain. 252 // We do more extensive checks for the first domain.
242 EXPECT_TRUE(state.GetDomainState("www.paypal.com", true, &domain_state)); 253 EXPECT_TRUE(state.GetDomainState("www.paypal.com", true, &domain_state));
243 EXPECT_EQ(domain_state.upgrade_mode, 254 EXPECT_EQ(domain_state.upgrade_mode,
244 TransportSecurityState::DomainState::MODE_FORCE_HTTPS); 255 TransportSecurityState::DomainState::MODE_FORCE_HTTPS);
245 EXPECT_FALSE(domain_state.sts_include_subdomains); 256 EXPECT_FALSE(domain_state.sts_include_subdomains);
246 EXPECT_FALSE(domain_state.pkp_include_subdomains); 257 EXPECT_FALSE(domain_state.pkp_include_subdomains);
(...skipping 436 matching lines...) Expand 10 before | Expand all | Expand 10 after
683 // Expect to fail for SNI hosts when not searching the SNI list: 694 // Expect to fail for SNI hosts when not searching the SNI list:
684 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty( 695 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty(
685 "gmail.com", false)); 696 "gmail.com", false));
686 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty( 697 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty(
687 "googlegroups.com", false)); 698 "googlegroups.com", false));
688 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty( 699 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty(
689 "www.googlegroups.com", false)); 700 "www.googlegroups.com", false));
690 } 701 }
691 702
692 } // namespace net 703 } // namespace net
OLDNEW
« net/http/transport_security_state.cc ('K') | « net/http/transport_security_state.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698