| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/http/transport_security_state.h" | 5 #include "net/http/transport_security_state.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 #include <string> | 8 #include <string> |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| (...skipping 28 matching lines...) Expand all Loading... |
| 39 class TransportSecurityStateTest : public testing::Test { | 39 class TransportSecurityStateTest : public testing::Test { |
| 40 virtual void SetUp() { | 40 virtual void SetUp() { |
| 41 #if defined(USE_OPENSSL) | 41 #if defined(USE_OPENSSL) |
| 42 crypto::EnsureOpenSSLInit(); | 42 crypto::EnsureOpenSSLInit(); |
| 43 #else | 43 #else |
| 44 crypto::EnsureNSSInit(); | 44 crypto::EnsureNSSInit(); |
| 45 #endif | 45 #endif |
| 46 } | 46 } |
| 47 | 47 |
| 48 protected: | 48 protected: |
| 49 std::string CanonicalizeHost(const std::string& host) { | |
| 50 return TransportSecurityState::CanonicalizeHost(host); | |
| 51 } | |
| 52 | |
| 53 bool GetStaticDomainState(TransportSecurityState* state, | 49 bool GetStaticDomainState(TransportSecurityState* state, |
| 54 const std::string& host, | 50 const std::string& host, |
| 55 bool sni_enabled, | 51 bool sni_enabled, |
| 56 TransportSecurityState::DomainState* result) { | 52 TransportSecurityState::DomainState* result) { |
| 57 return state->GetStaticDomainState(host, sni_enabled, result); | 53 return state->GetStaticDomainState(host, sni_enabled, result); |
| 58 } | 54 } |
| 59 | 55 |
| 60 void EnableHost(TransportSecurityState* state, | 56 void EnableHost(TransportSecurityState* state, |
| 61 const std::string& host, | 57 const std::string& host, |
| 62 const TransportSecurityState::DomainState& domain_state) { | 58 const TransportSecurityState::DomainState& domain_state) { |
| 63 return state->EnableHost(host, domain_state); | 59 return state->EnableHost(host, domain_state); |
| 64 } | 60 } |
| 65 }; | 61 }; |
| 66 | 62 |
| 67 TEST_F(TransportSecurityStateTest, SimpleMatches) { | 63 TEST_F(TransportSecurityStateTest, SimpleMatches) { |
| 68 TransportSecurityState state; | 64 TransportSecurityState state; |
| 69 TransportSecurityState::DomainState domain_state; | 65 TransportSecurityState::DomainState domain_state; |
| 70 const base::Time current_time(base::Time::Now()); | 66 const base::Time current_time(base::Time::Now()); |
| 71 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); | 67 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); |
| 72 | 68 |
| 73 EXPECT_FALSE(state.GetDomainState("yahoo.com", true, &domain_state)); | 69 EXPECT_FALSE(state.GetDynamicDomainState("yahoo.com", &domain_state)); |
| 74 bool include_subdomains = false; | 70 bool include_subdomains = false; |
| 75 state.AddHSTS("yahoo.com", expiry, include_subdomains); | 71 state.AddHSTS("yahoo.com", expiry, include_subdomains); |
| 76 EXPECT_TRUE(state.GetDomainState("yahoo.com", true, &domain_state)); | 72 EXPECT_TRUE(state.GetDynamicDomainState("yahoo.com", &domain_state)); |
| 77 } | 73 } |
| 78 | 74 |
| 79 TEST_F(TransportSecurityStateTest, MatchesCase1) { | 75 TEST_F(TransportSecurityStateTest, MatchesCase1) { |
| 80 TransportSecurityState state; | 76 TransportSecurityState state; |
| 81 TransportSecurityState::DomainState domain_state; | 77 TransportSecurityState::DomainState domain_state; |
| 82 const base::Time current_time(base::Time::Now()); | 78 const base::Time current_time(base::Time::Now()); |
| 83 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); | 79 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); |
| 84 | 80 |
| 85 EXPECT_FALSE(state.GetDomainState("yahoo.com", true, &domain_state)); | 81 EXPECT_FALSE(state.GetDynamicDomainState("yahoo.com", &domain_state)); |
| 86 bool include_subdomains = false; | 82 bool include_subdomains = false; |
| 87 state.AddHSTS("YAhoo.coM", expiry, include_subdomains); | 83 state.AddHSTS("YAhoo.coM", expiry, include_subdomains); |
| 88 EXPECT_TRUE(state.GetDomainState("yahoo.com", true, &domain_state)); | 84 EXPECT_TRUE(state.GetDynamicDomainState("yahoo.com", &domain_state)); |
| 89 } | 85 } |
| 90 | 86 |
| 91 TEST_F(TransportSecurityStateTest, MatchesCase2) { | 87 TEST_F(TransportSecurityStateTest, MatchesCase2) { |
| 92 TransportSecurityState state; | 88 TransportSecurityState state; |
| 93 TransportSecurityState::DomainState domain_state; | 89 TransportSecurityState::DomainState domain_state; |
| 94 const base::Time current_time(base::Time::Now()); | 90 const base::Time current_time(base::Time::Now()); |
| 95 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); | 91 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); |
| 96 | 92 |
| 97 EXPECT_FALSE(state.GetDomainState("YAhoo.coM", true, &domain_state)); | 93 EXPECT_FALSE(state.GetDynamicDomainState("YAhoo.coM", &domain_state)); |
| 98 bool include_subdomains = false; | 94 bool include_subdomains = false; |
| 99 state.AddHSTS("yahoo.com", expiry, include_subdomains); | 95 state.AddHSTS("yahoo.com", expiry, include_subdomains); |
| 100 EXPECT_TRUE(state.GetDomainState("YAhoo.coM", true, &domain_state)); | 96 EXPECT_TRUE(state.GetDynamicDomainState("YAhoo.coM", &domain_state)); |
| 101 } | 97 } |
| 102 | 98 |
| 103 TEST_F(TransportSecurityStateTest, SubdomainMatches) { | 99 TEST_F(TransportSecurityStateTest, SubdomainMatches) { |
| 104 TransportSecurityState state; | 100 TransportSecurityState state; |
| 105 TransportSecurityState::DomainState domain_state; | 101 TransportSecurityState::DomainState domain_state; |
| 106 const base::Time current_time(base::Time::Now()); | 102 const base::Time current_time(base::Time::Now()); |
| 107 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); | 103 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); |
| 108 | 104 |
| 109 EXPECT_FALSE(state.GetDomainState("yahoo.com", true, &domain_state)); | 105 EXPECT_FALSE(state.GetDynamicDomainState("yahoo.com", &domain_state)); |
| 110 bool include_subdomains = true; | 106 bool include_subdomains = true; |
| 111 state.AddHSTS("yahoo.com", expiry, include_subdomains); | 107 state.AddHSTS("yahoo.com", expiry, include_subdomains); |
| 112 EXPECT_TRUE(state.GetDomainState("yahoo.com", true, &domain_state)); | 108 EXPECT_TRUE(state.GetDynamicDomainState("yahoo.com", &domain_state)); |
| 113 EXPECT_TRUE(state.GetDomainState("foo.yahoo.com", true, &domain_state)); | 109 EXPECT_TRUE(state.GetDynamicDomainState("foo.yahoo.com", &domain_state)); |
| 114 EXPECT_TRUE(state.GetDomainState("foo.bar.yahoo.com", true, &domain_state)); | 110 EXPECT_TRUE(state.GetDynamicDomainState("foo.bar.yahoo.com", &domain_state)); |
| 115 EXPECT_TRUE(state.GetDomainState("foo.bar.baz.yahoo.com", true, | 111 EXPECT_TRUE( |
| 116 &domain_state)); | 112 state.GetDynamicDomainState("foo.bar.baz.yahoo.com", &domain_state)); |
| 117 EXPECT_FALSE(state.GetDomainState("com", true, &domain_state)); | 113 EXPECT_FALSE(state.GetDynamicDomainState("com", &domain_state)); |
| 118 } | 114 } |
| 119 | 115 |
| 120 TEST_F(TransportSecurityStateTest, InvalidDomains) { | 116 TEST_F(TransportSecurityStateTest, InvalidDomains) { |
| 121 TransportSecurityState state; | 117 TransportSecurityState state; |
| 122 TransportSecurityState::DomainState domain_state; | 118 TransportSecurityState::DomainState domain_state; |
| 123 const base::Time current_time(base::Time::Now()); | 119 const base::Time current_time(base::Time::Now()); |
| 124 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); | 120 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); |
| 125 | 121 |
| 126 EXPECT_FALSE(state.GetDomainState("yahoo.com", true, &domain_state)); | 122 EXPECT_FALSE(state.GetDynamicDomainState("yahoo.com", &domain_state)); |
| 127 bool include_subdomains = true; | 123 bool include_subdomains = true; |
| 128 state.AddHSTS("yahoo.com", expiry, include_subdomains); | 124 state.AddHSTS("yahoo.com", expiry, include_subdomains); |
| 129 EXPECT_TRUE(state.GetDomainState("www-.foo.yahoo.com", true, &domain_state)); | 125 EXPECT_TRUE(state.GetDynamicDomainState("www-.foo.yahoo.com", &domain_state)); |
| 130 EXPECT_TRUE(state.GetDomainState("2\x01.foo.yahoo.com", true, &domain_state)); | 126 EXPECT_TRUE( |
| 127 state.GetDynamicDomainState("2\x01.foo.yahoo.com", &domain_state)); |
| 131 } | 128 } |
| 132 | 129 |
| 133 TEST_F(TransportSecurityStateTest, DeleteAllDynamicDataSince) { | 130 TEST_F(TransportSecurityStateTest, DeleteAllDynamicDataSince) { |
| 134 TransportSecurityState state; | 131 TransportSecurityState state; |
| 135 TransportSecurityState::DomainState domain_state; | 132 TransportSecurityState::DomainState domain_state; |
| 136 const base::Time current_time(base::Time::Now()); | 133 const base::Time current_time(base::Time::Now()); |
| 137 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); | 134 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); |
| 138 const base::Time older = current_time - base::TimeDelta::FromSeconds(1000); | 135 const base::Time older = current_time - base::TimeDelta::FromSeconds(1000); |
| 139 | 136 |
| 140 EXPECT_FALSE(state.GetDomainState("yahoo.com", true, &domain_state)); | 137 EXPECT_FALSE(state.GetDynamicDomainState("yahoo.com", &domain_state)); |
| 141 bool include_subdomains = false; | 138 bool include_subdomains = false; |
| 142 state.AddHSTS("yahoo.com", expiry, include_subdomains); | 139 state.AddHSTS("yahoo.com", expiry, include_subdomains); |
| 143 | 140 |
| 144 state.DeleteAllDynamicDataSince(expiry); | 141 state.DeleteAllDynamicDataSince(expiry); |
| 145 EXPECT_TRUE(state.GetDomainState("yahoo.com", true, &domain_state)); | 142 EXPECT_TRUE(state.GetDynamicDomainState("yahoo.com", &domain_state)); |
| 143 EXPECT_EQ(TransportSecurityState::DomainState::MODE_FORCE_HTTPS, |
| 144 domain_state.sts.upgrade_mode); |
| 146 state.DeleteAllDynamicDataSince(older); | 145 state.DeleteAllDynamicDataSince(older); |
| 147 EXPECT_FALSE(state.GetDomainState("yahoo.com", true, &domain_state)); | 146 EXPECT_TRUE(state.GetDynamicDomainState("yahoo.com", &domain_state)); |
| 147 EXPECT_EQ(TransportSecurityState::DomainState::MODE_DEFAULT, |
| 148 domain_state.sts.upgrade_mode); |
| 148 } | 149 } |
| 149 | 150 |
| 150 TEST_F(TransportSecurityStateTest, DeleteDynamicDataForHost) { | 151 TEST_F(TransportSecurityStateTest, DeleteDynamicDataForHost) { |
| 151 TransportSecurityState state; | 152 TransportSecurityState state; |
| 152 TransportSecurityState::DomainState domain_state; | 153 TransportSecurityState::DomainState domain_state; |
| 153 const base::Time current_time(base::Time::Now()); | 154 const base::Time current_time(base::Time::Now()); |
| 154 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); | 155 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); |
| 155 bool include_subdomains = false; | 156 bool include_subdomains = false; |
| 156 state.AddHSTS("yahoo.com", expiry, include_subdomains); | 157 state.AddHSTS("yahoo.com", expiry, include_subdomains); |
| 157 | 158 |
| 158 EXPECT_TRUE(state.GetDomainState("yahoo.com", true, &domain_state)); | 159 EXPECT_TRUE(state.GetDynamicDomainState("yahoo.com", &domain_state)); |
| 159 EXPECT_FALSE(state.GetDomainState("example.com", true, &domain_state)); | 160 EXPECT_FALSE(state.GetDynamicDomainState("example.com", &domain_state)); |
| 160 EXPECT_TRUE(state.DeleteDynamicDataForHost("yahoo.com")); | 161 EXPECT_TRUE(state.DeleteDynamicDataForHost("yahoo.com")); |
| 161 EXPECT_FALSE(state.GetDomainState("yahoo.com", true, &domain_state)); | 162 EXPECT_FALSE(state.GetDynamicDomainState("yahoo.com", &domain_state)); |
| 162 } | 163 } |
| 163 | 164 |
| 164 TEST_F(TransportSecurityStateTest, IsPreloaded) { | 165 TEST_F(TransportSecurityStateTest, IsPreloaded) { |
| 165 const std::string paypal = CanonicalizeHost("paypal.com"); | 166 const std::string paypal = "paypal.com"; |
| 166 const std::string www_paypal = CanonicalizeHost("www.paypal.com"); | 167 const std::string www_paypal = "www.paypal.com"; |
| 167 const std::string foo_paypal = CanonicalizeHost("foo.paypal.com"); | 168 const std::string foo_paypal = "foo.paypal.com"; |
| 168 const std::string a_www_paypal = CanonicalizeHost("a.www.paypal.com"); | 169 const std::string a_www_paypal = "a.www.paypal.com"; |
| 169 const std::string abc_paypal = CanonicalizeHost("a.b.c.paypal.com"); | 170 const std::string abc_paypal = "a.b.c.paypal.com"; |
| 170 const std::string example = CanonicalizeHost("example.com"); | 171 const std::string example = "example.com"; |
| 171 const std::string aypal = CanonicalizeHost("aypal.com"); | 172 const std::string aypal = "aypal.com"; |
| 172 | 173 |
| 173 TransportSecurityState state; | 174 TransportSecurityState state; |
| 174 TransportSecurityState::DomainState domain_state; | 175 TransportSecurityState::DomainState domain_state; |
| 175 | 176 |
| 176 EXPECT_TRUE(GetStaticDomainState(&state, paypal, true, &domain_state)); | 177 EXPECT_TRUE(GetStaticDomainState(&state, paypal, true, &domain_state)); |
| 177 EXPECT_TRUE(GetStaticDomainState(&state, www_paypal, true, &domain_state)); | 178 EXPECT_TRUE(GetStaticDomainState(&state, www_paypal, true, &domain_state)); |
| 178 EXPECT_FALSE(domain_state.sts_include_subdomains); | 179 EXPECT_FALSE(domain_state.sts.include_subdomains); |
| 179 EXPECT_FALSE(domain_state.pkp_include_subdomains); | 180 EXPECT_FALSE(domain_state.pkp.include_subdomains); |
| 180 EXPECT_FALSE(GetStaticDomainState(&state, a_www_paypal, true, &domain_state)); | 181 EXPECT_FALSE(GetStaticDomainState(&state, a_www_paypal, true, &domain_state)); |
| 181 EXPECT_FALSE(GetStaticDomainState(&state, abc_paypal, true, &domain_state)); | 182 EXPECT_FALSE(GetStaticDomainState(&state, abc_paypal, true, &domain_state)); |
| 182 EXPECT_FALSE(GetStaticDomainState(&state, example, true, &domain_state)); | 183 EXPECT_FALSE(GetStaticDomainState(&state, example, true, &domain_state)); |
| 183 EXPECT_FALSE(GetStaticDomainState(&state, aypal, true, &domain_state)); | 184 EXPECT_FALSE(GetStaticDomainState(&state, aypal, true, &domain_state)); |
| 184 } | 185 } |
| 185 | 186 |
| 186 TEST_F(TransportSecurityStateTest, PreloadedDomainSet) { | 187 TEST_F(TransportSecurityStateTest, PreloadedDomainSet) { |
| 187 TransportSecurityState state; | 188 TransportSecurityState state; |
| 188 TransportSecurityState::DomainState domain_state; | 189 TransportSecurityState::DomainState domain_state; |
| 189 | 190 |
| 190 // The domain wasn't being set, leading to a blank string in the | 191 // The domain wasn't being set, leading to a blank string in the |
| 191 // chrome://net-internals/#hsts UI. So test that. | 192 // chrome://net-internals/#hsts UI. So test that. |
| 192 EXPECT_TRUE(state.GetDomainState("market.android.com", true, &domain_state)); | 193 EXPECT_TRUE( |
| 194 state.GetStaticDomainState("market.android.com", true, &domain_state)); |
| 193 EXPECT_EQ(domain_state.domain, "market.android.com"); | 195 EXPECT_EQ(domain_state.domain, "market.android.com"); |
| 194 EXPECT_TRUE(state.GetDomainState("sub.market.android.com", true, | 196 EXPECT_TRUE(state.GetStaticDomainState( |
| 195 &domain_state)); | 197 "sub.market.android.com", true, &domain_state)); |
| 196 EXPECT_EQ(domain_state.domain, "market.android.com"); | 198 EXPECT_EQ(domain_state.domain, "market.android.com"); |
| 197 } | 199 } |
| 198 | 200 |
| 199 static bool ShouldRedirect(const char* hostname) { | 201 static bool StaticShouldRedirect(const char* hostname) { |
| 200 TransportSecurityState state; | 202 TransportSecurityState state; |
| 201 TransportSecurityState::DomainState domain_state; | 203 TransportSecurityState::DomainState domain_state; |
| 202 return state.GetDomainState(hostname, true /* SNI ok */, &domain_state) && | 204 return state.GetStaticDomainState( |
| 205 hostname, true /* SNI ok */, &domain_state) && |
| 203 domain_state.ShouldUpgradeToSSL(); | 206 domain_state.ShouldUpgradeToSSL(); |
| 204 } | 207 } |
| 205 | 208 |
| 206 static bool HasState(const char* hostname) { | 209 static bool HasStaticState(const char* hostname) { |
| 207 TransportSecurityState state; | 210 TransportSecurityState state; |
| 208 TransportSecurityState::DomainState domain_state; | 211 TransportSecurityState::DomainState domain_state; |
| 209 return state.GetDomainState(hostname, true /* SNI ok */, &domain_state); | 212 return state.GetStaticDomainState(hostname, true /* SNI ok */, &domain_state); |
| 210 } | 213 } |
| 211 | 214 |
| 212 static bool HasPublicKeyPins(const char* hostname, bool sni_enabled) { | 215 static bool HasStaticPublicKeyPins(const char* hostname, bool sni_enabled) { |
| 213 TransportSecurityState state; | 216 TransportSecurityState state; |
| 214 TransportSecurityState::DomainState domain_state; | 217 TransportSecurityState::DomainState domain_state; |
| 215 if (!state.GetDomainState(hostname, sni_enabled, &domain_state)) | 218 if (!state.GetStaticDomainState(hostname, sni_enabled, &domain_state)) |
| 216 return false; | 219 return false; |
| 217 | 220 |
| 218 return domain_state.HasPublicKeyPins(); | 221 return domain_state.HasPublicKeyPins(); |
| 219 } | 222 } |
| 220 | 223 |
| 221 static bool HasPublicKeyPins(const char* hostname) { | 224 static bool HasStaticPublicKeyPins(const char* hostname) { |
| 222 return HasPublicKeyPins(hostname, true); | 225 return HasStaticPublicKeyPins(hostname, true); |
| 223 } | 226 } |
| 224 | 227 |
| 225 static bool OnlyPinning(const char *hostname) { | 228 static bool OnlyPinningInStaticState(const char* hostname) { |
| 226 TransportSecurityState state; | 229 TransportSecurityState state; |
| 227 TransportSecurityState::DomainState domain_state; | 230 TransportSecurityState::DomainState domain_state; |
| 228 if (!state.GetDomainState(hostname, true /* SNI ok */, &domain_state)) | 231 if (!state.GetStaticDomainState(hostname, true /* SNI ok */, &domain_state)) |
| 229 return false; | 232 return false; |
| 230 | 233 |
| 231 return (domain_state.static_spki_hashes.size() > 0 || | 234 return (domain_state.pkp.spki_hashes.size() > 0 || |
| 232 domain_state.bad_static_spki_hashes.size() > 0 || | 235 domain_state.pkp.bad_spki_hashes.size() > 0) && |
| 233 domain_state.dynamic_spki_hashes.size() > 0) && | |
| 234 !domain_state.ShouldUpgradeToSSL(); | 236 !domain_state.ShouldUpgradeToSSL(); |
| 235 } | 237 } |
| 236 | 238 |
| 237 TEST_F(TransportSecurityStateTest, Preloaded) { | 239 TEST_F(TransportSecurityStateTest, Preloaded) { |
| 238 TransportSecurityState state; | 240 TransportSecurityState state; |
| 239 TransportSecurityState::DomainState domain_state; | 241 TransportSecurityState::DomainState domain_state; |
| 240 | 242 |
| 241 // We do more extensive checks for the first domain. | 243 // We do more extensive checks for the first domain. |
| 242 EXPECT_TRUE(state.GetDomainState("www.paypal.com", true, &domain_state)); | 244 EXPECT_TRUE( |
| 243 EXPECT_EQ(domain_state.upgrade_mode, | 245 state.GetStaticDomainState("www.paypal.com", true, &domain_state)); |
| 246 EXPECT_EQ(domain_state.sts.upgrade_mode, |
| 244 TransportSecurityState::DomainState::MODE_FORCE_HTTPS); | 247 TransportSecurityState::DomainState::MODE_FORCE_HTTPS); |
| 245 EXPECT_FALSE(domain_state.sts_include_subdomains); | 248 EXPECT_FALSE(domain_state.sts.include_subdomains); |
| 246 EXPECT_FALSE(domain_state.pkp_include_subdomains); | 249 EXPECT_FALSE(domain_state.pkp.include_subdomains); |
| 247 | 250 |
| 248 EXPECT_TRUE(HasState("paypal.com")); | 251 EXPECT_TRUE(HasStaticState("paypal.com")); |
| 249 EXPECT_FALSE(HasState("www2.paypal.com")); | 252 EXPECT_FALSE(HasStaticState("www2.paypal.com")); |
| 250 EXPECT_FALSE(HasState("www2.paypal.com")); | 253 EXPECT_FALSE(HasStaticState("www2.paypal.com")); |
| 251 | 254 |
| 252 // Google hosts: | 255 // Google hosts: |
| 253 | 256 |
| 254 EXPECT_TRUE(ShouldRedirect("chrome.google.com")); | 257 EXPECT_TRUE(StaticShouldRedirect("chrome.google.com")); |
| 255 EXPECT_TRUE(ShouldRedirect("checkout.google.com")); | 258 EXPECT_TRUE(StaticShouldRedirect("checkout.google.com")); |
| 256 EXPECT_TRUE(ShouldRedirect("wallet.google.com")); | 259 EXPECT_TRUE(StaticShouldRedirect("wallet.google.com")); |
| 257 EXPECT_TRUE(ShouldRedirect("docs.google.com")); | 260 EXPECT_TRUE(StaticShouldRedirect("docs.google.com")); |
| 258 EXPECT_TRUE(ShouldRedirect("sites.google.com")); | 261 EXPECT_TRUE(StaticShouldRedirect("sites.google.com")); |
| 259 EXPECT_TRUE(ShouldRedirect("drive.google.com")); | 262 EXPECT_TRUE(StaticShouldRedirect("drive.google.com")); |
| 260 EXPECT_TRUE(ShouldRedirect("spreadsheets.google.com")); | 263 EXPECT_TRUE(StaticShouldRedirect("spreadsheets.google.com")); |
| 261 EXPECT_TRUE(ShouldRedirect("appengine.google.com")); | 264 EXPECT_TRUE(StaticShouldRedirect("appengine.google.com")); |
| 262 EXPECT_TRUE(ShouldRedirect("market.android.com")); | 265 EXPECT_TRUE(StaticShouldRedirect("market.android.com")); |
| 263 EXPECT_TRUE(ShouldRedirect("encrypted.google.com")); | 266 EXPECT_TRUE(StaticShouldRedirect("encrypted.google.com")); |
| 264 EXPECT_TRUE(ShouldRedirect("accounts.google.com")); | 267 EXPECT_TRUE(StaticShouldRedirect("accounts.google.com")); |
| 265 EXPECT_TRUE(ShouldRedirect("profiles.google.com")); | 268 EXPECT_TRUE(StaticShouldRedirect("profiles.google.com")); |
| 266 EXPECT_TRUE(ShouldRedirect("mail.google.com")); | 269 EXPECT_TRUE(StaticShouldRedirect("mail.google.com")); |
| 267 EXPECT_TRUE(ShouldRedirect("chatenabled.mail.google.com")); | 270 EXPECT_TRUE(StaticShouldRedirect("chatenabled.mail.google.com")); |
| 268 EXPECT_TRUE(ShouldRedirect("talkgadget.google.com")); | 271 EXPECT_TRUE(StaticShouldRedirect("talkgadget.google.com")); |
| 269 EXPECT_TRUE(ShouldRedirect("hostedtalkgadget.google.com")); | 272 EXPECT_TRUE(StaticShouldRedirect("hostedtalkgadget.google.com")); |
| 270 EXPECT_TRUE(ShouldRedirect("talk.google.com")); | 273 EXPECT_TRUE(StaticShouldRedirect("talk.google.com")); |
| 271 EXPECT_TRUE(ShouldRedirect("plus.google.com")); | 274 EXPECT_TRUE(StaticShouldRedirect("plus.google.com")); |
| 272 EXPECT_TRUE(ShouldRedirect("groups.google.com")); | 275 EXPECT_TRUE(StaticShouldRedirect("groups.google.com")); |
| 273 EXPECT_TRUE(ShouldRedirect("apis.google.com")); | 276 EXPECT_TRUE(StaticShouldRedirect("apis.google.com")); |
| 274 EXPECT_FALSE(ShouldRedirect("chart.apis.google.com")); | 277 EXPECT_FALSE(StaticShouldRedirect("chart.apis.google.com")); |
| 275 EXPECT_TRUE(ShouldRedirect("ssl.google-analytics.com")); | 278 EXPECT_TRUE(StaticShouldRedirect("ssl.google-analytics.com")); |
| 276 EXPECT_TRUE(ShouldRedirect("gmail.com")); | 279 EXPECT_TRUE(StaticShouldRedirect("gmail.com")); |
| 277 EXPECT_TRUE(ShouldRedirect("www.gmail.com")); | 280 EXPECT_TRUE(StaticShouldRedirect("www.gmail.com")); |
| 278 EXPECT_TRUE(ShouldRedirect("googlemail.com")); | 281 EXPECT_TRUE(StaticShouldRedirect("googlemail.com")); |
| 279 EXPECT_TRUE(ShouldRedirect("www.googlemail.com")); | 282 EXPECT_TRUE(StaticShouldRedirect("www.googlemail.com")); |
| 280 EXPECT_TRUE(ShouldRedirect("googleplex.com")); | 283 EXPECT_TRUE(StaticShouldRedirect("googleplex.com")); |
| 281 EXPECT_TRUE(ShouldRedirect("www.googleplex.com")); | 284 EXPECT_TRUE(StaticShouldRedirect("www.googleplex.com")); |
| 282 EXPECT_FALSE(HasState("m.gmail.com")); | 285 EXPECT_FALSE(HasStaticState("m.gmail.com")); |
| 283 EXPECT_FALSE(HasState("m.googlemail.com")); | 286 EXPECT_FALSE(HasStaticState("m.googlemail.com")); |
| 284 | 287 |
| 285 EXPECT_TRUE(OnlyPinning("www.google.com")); | 288 EXPECT_TRUE(OnlyPinningInStaticState("www.google.com")); |
| 286 EXPECT_TRUE(OnlyPinning("foo.google.com")); | 289 EXPECT_TRUE(OnlyPinningInStaticState("foo.google.com")); |
| 287 EXPECT_TRUE(OnlyPinning("google.com")); | 290 EXPECT_TRUE(OnlyPinningInStaticState("google.com")); |
| 288 EXPECT_TRUE(OnlyPinning("www.youtube.com")); | 291 EXPECT_TRUE(OnlyPinningInStaticState("www.youtube.com")); |
| 289 EXPECT_TRUE(OnlyPinning("youtube.com")); | 292 EXPECT_TRUE(OnlyPinningInStaticState("youtube.com")); |
| 290 EXPECT_TRUE(OnlyPinning("i.ytimg.com")); | 293 EXPECT_TRUE(OnlyPinningInStaticState("i.ytimg.com")); |
| 291 EXPECT_TRUE(OnlyPinning("ytimg.com")); | 294 EXPECT_TRUE(OnlyPinningInStaticState("ytimg.com")); |
| 292 EXPECT_TRUE(OnlyPinning("googleusercontent.com")); | 295 EXPECT_TRUE(OnlyPinningInStaticState("googleusercontent.com")); |
| 293 EXPECT_TRUE(OnlyPinning("www.googleusercontent.com")); | 296 EXPECT_TRUE(OnlyPinningInStaticState("www.googleusercontent.com")); |
| 294 EXPECT_TRUE(OnlyPinning("www.google-analytics.com")); | 297 EXPECT_TRUE(OnlyPinningInStaticState("www.google-analytics.com")); |
| 295 EXPECT_TRUE(OnlyPinning("googleapis.com")); | 298 EXPECT_TRUE(OnlyPinningInStaticState("googleapis.com")); |
| 296 EXPECT_TRUE(OnlyPinning("googleadservices.com")); | 299 EXPECT_TRUE(OnlyPinningInStaticState("googleadservices.com")); |
| 297 EXPECT_TRUE(OnlyPinning("googlecode.com")); | 300 EXPECT_TRUE(OnlyPinningInStaticState("googlecode.com")); |
| 298 EXPECT_TRUE(OnlyPinning("appspot.com")); | 301 EXPECT_TRUE(OnlyPinningInStaticState("appspot.com")); |
| 299 EXPECT_TRUE(OnlyPinning("googlesyndication.com")); | 302 EXPECT_TRUE(OnlyPinningInStaticState("googlesyndication.com")); |
| 300 EXPECT_TRUE(OnlyPinning("doubleclick.net")); | 303 EXPECT_TRUE(OnlyPinningInStaticState("doubleclick.net")); |
| 301 EXPECT_TRUE(OnlyPinning("googlegroups.com")); | 304 EXPECT_TRUE(OnlyPinningInStaticState("googlegroups.com")); |
| 302 | 305 |
| 303 // Tests for domains that don't work without SNI. | 306 // Tests for domains that don't work without SNI. |
| 304 EXPECT_FALSE(state.GetDomainState("gmail.com", false, &domain_state)); | 307 EXPECT_FALSE(state.GetStaticDomainState("gmail.com", false, &domain_state)); |
| 305 EXPECT_FALSE(state.GetDomainState("www.gmail.com", false, &domain_state)); | 308 EXPECT_FALSE( |
| 306 EXPECT_FALSE(state.GetDomainState("m.gmail.com", false, &domain_state)); | 309 state.GetStaticDomainState("www.gmail.com", false, &domain_state)); |
| 307 EXPECT_FALSE(state.GetDomainState("googlemail.com", false, &domain_state)); | 310 EXPECT_FALSE(state.GetStaticDomainState("m.gmail.com", false, &domain_state)); |
| 308 EXPECT_FALSE(state.GetDomainState("www.googlemail.com", false, | 311 EXPECT_FALSE( |
| 309 &domain_state)); | 312 state.GetStaticDomainState("googlemail.com", false, &domain_state)); |
| 310 EXPECT_FALSE(state.GetDomainState("m.googlemail.com", false, &domain_state)); | 313 EXPECT_FALSE( |
| 314 state.GetStaticDomainState("www.googlemail.com", false, &domain_state)); |
| 315 EXPECT_FALSE( |
| 316 state.GetStaticDomainState("m.googlemail.com", false, &domain_state)); |
| 311 | 317 |
| 312 // Other hosts: | 318 // Other hosts: |
| 313 | 319 |
| 314 EXPECT_TRUE(ShouldRedirect("aladdinschools.appspot.com")); | 320 EXPECT_TRUE(StaticShouldRedirect("aladdinschools.appspot.com")); |
| 315 | 321 |
| 316 EXPECT_TRUE(ShouldRedirect("ottospora.nl")); | 322 EXPECT_TRUE(StaticShouldRedirect("ottospora.nl")); |
| 317 EXPECT_TRUE(ShouldRedirect("www.ottospora.nl")); | 323 EXPECT_TRUE(StaticShouldRedirect("www.ottospora.nl")); |
| 318 | 324 |
| 319 EXPECT_TRUE(ShouldRedirect("www.paycheckrecords.com")); | 325 EXPECT_TRUE(StaticShouldRedirect("www.paycheckrecords.com")); |
| 320 | 326 |
| 321 EXPECT_TRUE(ShouldRedirect("lastpass.com")); | 327 EXPECT_TRUE(StaticShouldRedirect("lastpass.com")); |
| 322 EXPECT_TRUE(ShouldRedirect("www.lastpass.com")); | 328 EXPECT_TRUE(StaticShouldRedirect("www.lastpass.com")); |
| 323 EXPECT_FALSE(HasState("blog.lastpass.com")); | 329 EXPECT_FALSE(HasStaticState("blog.lastpass.com")); |
| 324 | 330 |
| 325 EXPECT_TRUE(ShouldRedirect("keyerror.com")); | 331 EXPECT_TRUE(StaticShouldRedirect("keyerror.com")); |
| 326 EXPECT_TRUE(ShouldRedirect("www.keyerror.com")); | 332 EXPECT_TRUE(StaticShouldRedirect("www.keyerror.com")); |
| 327 | 333 |
| 328 EXPECT_TRUE(ShouldRedirect("entropia.de")); | 334 EXPECT_TRUE(StaticShouldRedirect("entropia.de")); |
| 329 EXPECT_TRUE(ShouldRedirect("www.entropia.de")); | 335 EXPECT_TRUE(StaticShouldRedirect("www.entropia.de")); |
| 330 EXPECT_FALSE(HasState("foo.entropia.de")); | 336 EXPECT_FALSE(HasStaticState("foo.entropia.de")); |
| 331 | 337 |
| 332 EXPECT_TRUE(ShouldRedirect("www.elanex.biz")); | 338 EXPECT_TRUE(StaticShouldRedirect("www.elanex.biz")); |
| 333 EXPECT_FALSE(HasState("elanex.biz")); | 339 EXPECT_FALSE(HasStaticState("elanex.biz")); |
| 334 EXPECT_FALSE(HasState("foo.elanex.biz")); | 340 EXPECT_FALSE(HasStaticState("foo.elanex.biz")); |
| 335 | 341 |
| 336 EXPECT_TRUE(ShouldRedirect("sunshinepress.org")); | 342 EXPECT_TRUE(StaticShouldRedirect("sunshinepress.org")); |
| 337 EXPECT_TRUE(ShouldRedirect("www.sunshinepress.org")); | 343 EXPECT_TRUE(StaticShouldRedirect("www.sunshinepress.org")); |
| 338 EXPECT_TRUE(ShouldRedirect("a.b.sunshinepress.org")); | 344 EXPECT_TRUE(StaticShouldRedirect("a.b.sunshinepress.org")); |
| 339 | 345 |
| 340 EXPECT_TRUE(ShouldRedirect("www.noisebridge.net")); | 346 EXPECT_TRUE(StaticShouldRedirect("www.noisebridge.net")); |
| 341 EXPECT_FALSE(HasState("noisebridge.net")); | 347 EXPECT_FALSE(HasStaticState("noisebridge.net")); |
| 342 EXPECT_FALSE(HasState("foo.noisebridge.net")); | 348 EXPECT_FALSE(HasStaticState("foo.noisebridge.net")); |
| 343 | 349 |
| 344 EXPECT_TRUE(ShouldRedirect("neg9.org")); | 350 EXPECT_TRUE(StaticShouldRedirect("neg9.org")); |
| 345 EXPECT_FALSE(HasState("www.neg9.org")); | 351 EXPECT_FALSE(HasStaticState("www.neg9.org")); |
| 346 | 352 |
| 347 EXPECT_TRUE(ShouldRedirect("riseup.net")); | 353 EXPECT_TRUE(StaticShouldRedirect("riseup.net")); |
| 348 EXPECT_TRUE(ShouldRedirect("foo.riseup.net")); | 354 EXPECT_TRUE(StaticShouldRedirect("foo.riseup.net")); |
| 349 | 355 |
| 350 EXPECT_TRUE(ShouldRedirect("factor.cc")); | 356 EXPECT_TRUE(StaticShouldRedirect("factor.cc")); |
| 351 EXPECT_FALSE(HasState("www.factor.cc")); | 357 EXPECT_FALSE(HasStaticState("www.factor.cc")); |
| 352 | 358 |
| 353 EXPECT_TRUE(ShouldRedirect("members.mayfirst.org")); | 359 EXPECT_TRUE(StaticShouldRedirect("members.mayfirst.org")); |
| 354 EXPECT_TRUE(ShouldRedirect("support.mayfirst.org")); | 360 EXPECT_TRUE(StaticShouldRedirect("support.mayfirst.org")); |
| 355 EXPECT_TRUE(ShouldRedirect("id.mayfirst.org")); | 361 EXPECT_TRUE(StaticShouldRedirect("id.mayfirst.org")); |
| 356 EXPECT_TRUE(ShouldRedirect("lists.mayfirst.org")); | 362 EXPECT_TRUE(StaticShouldRedirect("lists.mayfirst.org")); |
| 357 EXPECT_FALSE(HasState("www.mayfirst.org")); | 363 EXPECT_FALSE(HasStaticState("www.mayfirst.org")); |
| 358 | 364 |
| 359 EXPECT_TRUE(ShouldRedirect("romab.com")); | 365 EXPECT_TRUE(StaticShouldRedirect("romab.com")); |
| 360 EXPECT_TRUE(ShouldRedirect("www.romab.com")); | 366 EXPECT_TRUE(StaticShouldRedirect("www.romab.com")); |
| 361 EXPECT_TRUE(ShouldRedirect("foo.romab.com")); | 367 EXPECT_TRUE(StaticShouldRedirect("foo.romab.com")); |
| 362 | 368 |
| 363 EXPECT_TRUE(ShouldRedirect("logentries.com")); | 369 EXPECT_TRUE(StaticShouldRedirect("logentries.com")); |
| 364 EXPECT_TRUE(ShouldRedirect("www.logentries.com")); | 370 EXPECT_TRUE(StaticShouldRedirect("www.logentries.com")); |
| 365 EXPECT_FALSE(HasState("foo.logentries.com")); | 371 EXPECT_FALSE(HasStaticState("foo.logentries.com")); |
| 366 | 372 |
| 367 EXPECT_TRUE(ShouldRedirect("stripe.com")); | 373 EXPECT_TRUE(StaticShouldRedirect("stripe.com")); |
| 368 EXPECT_TRUE(ShouldRedirect("foo.stripe.com")); | 374 EXPECT_TRUE(StaticShouldRedirect("foo.stripe.com")); |
| 369 | 375 |
| 370 EXPECT_TRUE(ShouldRedirect("cloudsecurityalliance.org")); | 376 EXPECT_TRUE(StaticShouldRedirect("cloudsecurityalliance.org")); |
| 371 EXPECT_TRUE(ShouldRedirect("foo.cloudsecurityalliance.org")); | 377 EXPECT_TRUE(StaticShouldRedirect("foo.cloudsecurityalliance.org")); |
| 372 | 378 |
| 373 EXPECT_TRUE(ShouldRedirect("login.sapo.pt")); | 379 EXPECT_TRUE(StaticShouldRedirect("login.sapo.pt")); |
| 374 EXPECT_TRUE(ShouldRedirect("foo.login.sapo.pt")); | 380 EXPECT_TRUE(StaticShouldRedirect("foo.login.sapo.pt")); |
| 375 | 381 |
| 376 EXPECT_TRUE(ShouldRedirect("mattmccutchen.net")); | 382 EXPECT_TRUE(StaticShouldRedirect("mattmccutchen.net")); |
| 377 EXPECT_TRUE(ShouldRedirect("foo.mattmccutchen.net")); | 383 EXPECT_TRUE(StaticShouldRedirect("foo.mattmccutchen.net")); |
| 378 | 384 |
| 379 EXPECT_TRUE(ShouldRedirect("betnet.fr")); | 385 EXPECT_TRUE(StaticShouldRedirect("betnet.fr")); |
| 380 EXPECT_TRUE(ShouldRedirect("foo.betnet.fr")); | 386 EXPECT_TRUE(StaticShouldRedirect("foo.betnet.fr")); |
| 381 | 387 |
| 382 EXPECT_TRUE(ShouldRedirect("uprotect.it")); | 388 EXPECT_TRUE(StaticShouldRedirect("uprotect.it")); |
| 383 EXPECT_TRUE(ShouldRedirect("foo.uprotect.it")); | 389 EXPECT_TRUE(StaticShouldRedirect("foo.uprotect.it")); |
| 384 | 390 |
| 385 EXPECT_TRUE(ShouldRedirect("squareup.com")); | 391 EXPECT_TRUE(StaticShouldRedirect("squareup.com")); |
| 386 EXPECT_FALSE(HasState("foo.squareup.com")); | 392 EXPECT_FALSE(HasStaticState("foo.squareup.com")); |
| 387 | 393 |
| 388 EXPECT_TRUE(ShouldRedirect("cert.se")); | 394 EXPECT_TRUE(StaticShouldRedirect("cert.se")); |
| 389 EXPECT_TRUE(ShouldRedirect("foo.cert.se")); | 395 EXPECT_TRUE(StaticShouldRedirect("foo.cert.se")); |
| 390 | 396 |
| 391 EXPECT_TRUE(ShouldRedirect("crypto.is")); | 397 EXPECT_TRUE(StaticShouldRedirect("crypto.is")); |
| 392 EXPECT_TRUE(ShouldRedirect("foo.crypto.is")); | 398 EXPECT_TRUE(StaticShouldRedirect("foo.crypto.is")); |
| 393 | 399 |
| 394 EXPECT_TRUE(ShouldRedirect("simon.butcher.name")); | 400 EXPECT_TRUE(StaticShouldRedirect("simon.butcher.name")); |
| 395 EXPECT_TRUE(ShouldRedirect("foo.simon.butcher.name")); | 401 EXPECT_TRUE(StaticShouldRedirect("foo.simon.butcher.name")); |
| 396 | 402 |
| 397 EXPECT_TRUE(ShouldRedirect("linx.net")); | 403 EXPECT_TRUE(StaticShouldRedirect("linx.net")); |
| 398 EXPECT_TRUE(ShouldRedirect("foo.linx.net")); | 404 EXPECT_TRUE(StaticShouldRedirect("foo.linx.net")); |
| 399 | 405 |
| 400 EXPECT_TRUE(ShouldRedirect("dropcam.com")); | 406 EXPECT_TRUE(StaticShouldRedirect("dropcam.com")); |
| 401 EXPECT_TRUE(ShouldRedirect("www.dropcam.com")); | 407 EXPECT_TRUE(StaticShouldRedirect("www.dropcam.com")); |
| 402 EXPECT_FALSE(HasState("foo.dropcam.com")); | 408 EXPECT_FALSE(HasStaticState("foo.dropcam.com")); |
| 403 | 409 |
| 404 EXPECT_TRUE(state.GetDomainState("torproject.org", false, &domain_state)); | 410 EXPECT_TRUE( |
| 405 EXPECT_FALSE(domain_state.static_spki_hashes.empty()); | 411 state.GetStaticDomainState("torproject.org", false, &domain_state)); |
| 406 EXPECT_TRUE(state.GetDomainState("www.torproject.org", false, | 412 EXPECT_FALSE(domain_state.pkp.spki_hashes.empty()); |
| 407 &domain_state)); | 413 EXPECT_TRUE( |
| 408 EXPECT_FALSE(domain_state.static_spki_hashes.empty()); | 414 state.GetStaticDomainState("www.torproject.org", false, &domain_state)); |
| 409 EXPECT_TRUE(state.GetDomainState("check.torproject.org", false, | 415 EXPECT_FALSE(domain_state.pkp.spki_hashes.empty()); |
| 410 &domain_state)); | 416 EXPECT_TRUE( |
| 411 EXPECT_FALSE(domain_state.static_spki_hashes.empty()); | 417 state.GetStaticDomainState("check.torproject.org", false, &domain_state)); |
| 412 EXPECT_TRUE(state.GetDomainState("blog.torproject.org", false, | 418 EXPECT_FALSE(domain_state.pkp.spki_hashes.empty()); |
| 413 &domain_state)); | 419 EXPECT_TRUE( |
| 414 EXPECT_FALSE(domain_state.static_spki_hashes.empty()); | 420 state.GetStaticDomainState("blog.torproject.org", false, &domain_state)); |
| 415 EXPECT_TRUE(ShouldRedirect("ebanking.indovinabank.com.vn")); | 421 EXPECT_FALSE(domain_state.pkp.spki_hashes.empty()); |
| 416 EXPECT_TRUE(ShouldRedirect("foo.ebanking.indovinabank.com.vn")); | 422 EXPECT_TRUE(StaticShouldRedirect("ebanking.indovinabank.com.vn")); |
| 417 | 423 EXPECT_TRUE(StaticShouldRedirect("foo.ebanking.indovinabank.com.vn")); |
| 418 EXPECT_TRUE(ShouldRedirect("epoxate.com")); | 424 |
| 419 EXPECT_FALSE(HasState("foo.epoxate.com")); | 425 EXPECT_TRUE(StaticShouldRedirect("epoxate.com")); |
| 420 | 426 EXPECT_FALSE(HasStaticState("foo.epoxate.com")); |
| 421 EXPECT_TRUE(HasPublicKeyPins("torproject.org")); | 427 |
| 422 EXPECT_TRUE(HasPublicKeyPins("www.torproject.org")); | 428 EXPECT_TRUE(HasStaticPublicKeyPins("torproject.org")); |
| 423 EXPECT_TRUE(HasPublicKeyPins("check.torproject.org")); | 429 EXPECT_TRUE(HasStaticPublicKeyPins("www.torproject.org")); |
| 424 EXPECT_TRUE(HasPublicKeyPins("blog.torproject.org")); | 430 EXPECT_TRUE(HasStaticPublicKeyPins("check.torproject.org")); |
| 425 EXPECT_FALSE(HasState("foo.torproject.org")); | 431 EXPECT_TRUE(HasStaticPublicKeyPins("blog.torproject.org")); |
| 426 | 432 EXPECT_FALSE(HasStaticState("foo.torproject.org")); |
| 427 EXPECT_TRUE(ShouldRedirect("www.moneybookers.com")); | 433 |
| 428 EXPECT_FALSE(HasState("moneybookers.com")); | 434 EXPECT_TRUE(StaticShouldRedirect("www.moneybookers.com")); |
| 429 | 435 EXPECT_FALSE(HasStaticState("moneybookers.com")); |
| 430 EXPECT_TRUE(ShouldRedirect("ledgerscope.net")); | 436 |
| 431 EXPECT_TRUE(ShouldRedirect("www.ledgerscope.net")); | 437 EXPECT_TRUE(StaticShouldRedirect("ledgerscope.net")); |
| 432 EXPECT_FALSE(HasState("status.ledgerscope.net")); | 438 EXPECT_TRUE(StaticShouldRedirect("www.ledgerscope.net")); |
| 433 | 439 EXPECT_FALSE(HasStaticState("status.ledgerscope.net")); |
| 434 EXPECT_TRUE(ShouldRedirect("foo.app.recurly.com")); | 440 |
| 435 EXPECT_TRUE(ShouldRedirect("foo.api.recurly.com")); | 441 EXPECT_TRUE(StaticShouldRedirect("foo.app.recurly.com")); |
| 436 | 442 EXPECT_TRUE(StaticShouldRedirect("foo.api.recurly.com")); |
| 437 EXPECT_TRUE(ShouldRedirect("greplin.com")); | 443 |
| 438 EXPECT_TRUE(ShouldRedirect("www.greplin.com")); | 444 EXPECT_TRUE(StaticShouldRedirect("greplin.com")); |
| 439 EXPECT_FALSE(HasState("foo.greplin.com")); | 445 EXPECT_TRUE(StaticShouldRedirect("www.greplin.com")); |
| 440 | 446 EXPECT_FALSE(HasStaticState("foo.greplin.com")); |
| 441 EXPECT_TRUE(ShouldRedirect("luneta.nearbuysystems.com")); | 447 |
| 442 EXPECT_TRUE(ShouldRedirect("foo.luneta.nearbuysystems.com")); | 448 EXPECT_TRUE(StaticShouldRedirect("luneta.nearbuysystems.com")); |
| 443 | 449 EXPECT_TRUE(StaticShouldRedirect("foo.luneta.nearbuysystems.com")); |
| 444 EXPECT_TRUE(ShouldRedirect("ubertt.org")); | 450 |
| 445 EXPECT_TRUE(ShouldRedirect("foo.ubertt.org")); | 451 EXPECT_TRUE(StaticShouldRedirect("ubertt.org")); |
| 446 | 452 EXPECT_TRUE(StaticShouldRedirect("foo.ubertt.org")); |
| 447 EXPECT_TRUE(ShouldRedirect("pixi.me")); | 453 |
| 448 EXPECT_TRUE(ShouldRedirect("www.pixi.me")); | 454 EXPECT_TRUE(StaticShouldRedirect("pixi.me")); |
| 449 | 455 EXPECT_TRUE(StaticShouldRedirect("www.pixi.me")); |
| 450 EXPECT_TRUE(ShouldRedirect("grepular.com")); | 456 |
| 451 EXPECT_TRUE(ShouldRedirect("www.grepular.com")); | 457 EXPECT_TRUE(StaticShouldRedirect("grepular.com")); |
| 452 | 458 EXPECT_TRUE(StaticShouldRedirect("www.grepular.com")); |
| 453 EXPECT_TRUE(ShouldRedirect("mydigipass.com")); | 459 |
| 454 EXPECT_FALSE(ShouldRedirect("foo.mydigipass.com")); | 460 EXPECT_TRUE(StaticShouldRedirect("mydigipass.com")); |
| 455 EXPECT_TRUE(ShouldRedirect("www.mydigipass.com")); | 461 EXPECT_FALSE(StaticShouldRedirect("foo.mydigipass.com")); |
| 456 EXPECT_FALSE(ShouldRedirect("foo.www.mydigipass.com")); | 462 EXPECT_TRUE(StaticShouldRedirect("www.mydigipass.com")); |
| 457 EXPECT_TRUE(ShouldRedirect("developer.mydigipass.com")); | 463 EXPECT_FALSE(StaticShouldRedirect("foo.www.mydigipass.com")); |
| 458 EXPECT_FALSE(ShouldRedirect("foo.developer.mydigipass.com")); | 464 EXPECT_TRUE(StaticShouldRedirect("developer.mydigipass.com")); |
| 459 EXPECT_TRUE(ShouldRedirect("www.developer.mydigipass.com")); | 465 EXPECT_FALSE(StaticShouldRedirect("foo.developer.mydigipass.com")); |
| 460 EXPECT_FALSE(ShouldRedirect("foo.www.developer.mydigipass.com")); | 466 EXPECT_TRUE(StaticShouldRedirect("www.developer.mydigipass.com")); |
| 461 EXPECT_TRUE(ShouldRedirect("sandbox.mydigipass.com")); | 467 EXPECT_FALSE(StaticShouldRedirect("foo.www.developer.mydigipass.com")); |
| 462 EXPECT_FALSE(ShouldRedirect("foo.sandbox.mydigipass.com")); | 468 EXPECT_TRUE(StaticShouldRedirect("sandbox.mydigipass.com")); |
| 463 EXPECT_TRUE(ShouldRedirect("www.sandbox.mydigipass.com")); | 469 EXPECT_FALSE(StaticShouldRedirect("foo.sandbox.mydigipass.com")); |
| 464 EXPECT_FALSE(ShouldRedirect("foo.www.sandbox.mydigipass.com")); | 470 EXPECT_TRUE(StaticShouldRedirect("www.sandbox.mydigipass.com")); |
| 465 | 471 EXPECT_FALSE(StaticShouldRedirect("foo.www.sandbox.mydigipass.com")); |
| 466 EXPECT_TRUE(ShouldRedirect("crypto.cat")); | 472 |
| 467 EXPECT_FALSE(ShouldRedirect("foo.crypto.cat")); | 473 EXPECT_TRUE(StaticShouldRedirect("crypto.cat")); |
| 468 | 474 EXPECT_FALSE(StaticShouldRedirect("foo.crypto.cat")); |
| 469 EXPECT_TRUE(ShouldRedirect("bigshinylock.minazo.net")); | 475 |
| 470 EXPECT_TRUE(ShouldRedirect("foo.bigshinylock.minazo.net")); | 476 EXPECT_TRUE(StaticShouldRedirect("bigshinylock.minazo.net")); |
| 471 | 477 EXPECT_TRUE(StaticShouldRedirect("foo.bigshinylock.minazo.net")); |
| 472 EXPECT_TRUE(ShouldRedirect("crate.io")); | 478 |
| 473 EXPECT_TRUE(ShouldRedirect("foo.crate.io")); | 479 EXPECT_TRUE(StaticShouldRedirect("crate.io")); |
| 474 | 480 EXPECT_TRUE(StaticShouldRedirect("foo.crate.io")); |
| 475 EXPECT_TRUE(HasPublicKeyPins("www.twitter.com")); | 481 |
| 482 EXPECT_TRUE(HasStaticPublicKeyPins("www.twitter.com")); |
| 476 } | 483 } |
| 477 | 484 |
| 478 TEST_F(TransportSecurityStateTest, LongNames) { | 485 TEST_F(TransportSecurityStateTest, LongNames) { |
| 479 TransportSecurityState state; | 486 TransportSecurityState state; |
| 480 const char kLongName[] = | 487 const char kLongName[] = |
| 481 "lookupByWaveIdHashAndWaveIdIdAndWaveIdDomainAndWaveletIdIdAnd" | 488 "lookupByWaveIdHashAndWaveIdIdAndWaveIdDomainAndWaveletIdIdAnd" |
| 482 "WaveletIdDomainAndBlipBlipid"; | 489 "WaveletIdDomainAndBlipBlipid"; |
| 483 TransportSecurityState::DomainState domain_state; | 490 TransportSecurityState::DomainState domain_state; |
| 484 // Just checks that we don't hit a NOTREACHED. | 491 // Just checks that we don't hit a NOTREACHED. |
| 485 EXPECT_FALSE(state.GetDomainState(kLongName, true, &domain_state)); | 492 EXPECT_FALSE(state.GetStaticDomainState(kLongName, true, &domain_state)); |
| 493 EXPECT_FALSE(state.GetDynamicDomainState(kLongName, &domain_state)); |
| 486 } | 494 } |
| 487 | 495 |
| 488 TEST_F(TransportSecurityStateTest, BuiltinCertPins) { | 496 TEST_F(TransportSecurityStateTest, BuiltinCertPins) { |
| 489 TransportSecurityState state; | 497 TransportSecurityState state; |
| 490 TransportSecurityState::DomainState domain_state; | 498 TransportSecurityState::DomainState domain_state; |
| 491 | 499 |
| 492 EXPECT_TRUE(state.GetDomainState("chrome.google.com", true, &domain_state)); | 500 EXPECT_TRUE( |
| 493 EXPECT_TRUE(HasPublicKeyPins("chrome.google.com")); | 501 state.GetStaticDomainState("chrome.google.com", true, &domain_state)); |
| 502 EXPECT_TRUE(HasStaticPublicKeyPins("chrome.google.com")); |
| 494 | 503 |
| 495 HashValueVector hashes; | 504 HashValueVector hashes; |
| 496 std::string failure_log; | 505 std::string failure_log; |
| 497 // Checks that a built-in list does exist. | 506 // Checks that a built-in list does exist. |
| 498 EXPECT_FALSE(domain_state.CheckPublicKeyPins(hashes, &failure_log)); | 507 EXPECT_FALSE(domain_state.CheckPublicKeyPins(hashes, &failure_log)); |
| 499 EXPECT_FALSE(HasPublicKeyPins("www.paypal.com")); | 508 EXPECT_FALSE(HasStaticPublicKeyPins("www.paypal.com")); |
| 500 | 509 |
| 501 EXPECT_TRUE(HasPublicKeyPins("docs.google.com")); | 510 EXPECT_TRUE(HasStaticPublicKeyPins("docs.google.com")); |
| 502 EXPECT_TRUE(HasPublicKeyPins("1.docs.google.com")); | 511 EXPECT_TRUE(HasStaticPublicKeyPins("1.docs.google.com")); |
| 503 EXPECT_TRUE(HasPublicKeyPins("sites.google.com")); | 512 EXPECT_TRUE(HasStaticPublicKeyPins("sites.google.com")); |
| 504 EXPECT_TRUE(HasPublicKeyPins("drive.google.com")); | 513 EXPECT_TRUE(HasStaticPublicKeyPins("drive.google.com")); |
| 505 EXPECT_TRUE(HasPublicKeyPins("spreadsheets.google.com")); | 514 EXPECT_TRUE(HasStaticPublicKeyPins("spreadsheets.google.com")); |
| 506 EXPECT_TRUE(HasPublicKeyPins("wallet.google.com")); | 515 EXPECT_TRUE(HasStaticPublicKeyPins("wallet.google.com")); |
| 507 EXPECT_TRUE(HasPublicKeyPins("checkout.google.com")); | 516 EXPECT_TRUE(HasStaticPublicKeyPins("checkout.google.com")); |
| 508 EXPECT_TRUE(HasPublicKeyPins("appengine.google.com")); | 517 EXPECT_TRUE(HasStaticPublicKeyPins("appengine.google.com")); |
| 509 EXPECT_TRUE(HasPublicKeyPins("market.android.com")); | 518 EXPECT_TRUE(HasStaticPublicKeyPins("market.android.com")); |
| 510 EXPECT_TRUE(HasPublicKeyPins("encrypted.google.com")); | 519 EXPECT_TRUE(HasStaticPublicKeyPins("encrypted.google.com")); |
| 511 EXPECT_TRUE(HasPublicKeyPins("accounts.google.com")); | 520 EXPECT_TRUE(HasStaticPublicKeyPins("accounts.google.com")); |
| 512 EXPECT_TRUE(HasPublicKeyPins("profiles.google.com")); | 521 EXPECT_TRUE(HasStaticPublicKeyPins("profiles.google.com")); |
| 513 EXPECT_TRUE(HasPublicKeyPins("mail.google.com")); | 522 EXPECT_TRUE(HasStaticPublicKeyPins("mail.google.com")); |
| 514 EXPECT_TRUE(HasPublicKeyPins("chatenabled.mail.google.com")); | 523 EXPECT_TRUE(HasStaticPublicKeyPins("chatenabled.mail.google.com")); |
| 515 EXPECT_TRUE(HasPublicKeyPins("talkgadget.google.com")); | 524 EXPECT_TRUE(HasStaticPublicKeyPins("talkgadget.google.com")); |
| 516 EXPECT_TRUE(HasPublicKeyPins("hostedtalkgadget.google.com")); | 525 EXPECT_TRUE(HasStaticPublicKeyPins("hostedtalkgadget.google.com")); |
| 517 EXPECT_TRUE(HasPublicKeyPins("talk.google.com")); | 526 EXPECT_TRUE(HasStaticPublicKeyPins("talk.google.com")); |
| 518 EXPECT_TRUE(HasPublicKeyPins("plus.google.com")); | 527 EXPECT_TRUE(HasStaticPublicKeyPins("plus.google.com")); |
| 519 EXPECT_TRUE(HasPublicKeyPins("groups.google.com")); | 528 EXPECT_TRUE(HasStaticPublicKeyPins("groups.google.com")); |
| 520 EXPECT_TRUE(HasPublicKeyPins("apis.google.com")); | 529 EXPECT_TRUE(HasStaticPublicKeyPins("apis.google.com")); |
| 521 | 530 |
| 522 EXPECT_TRUE(HasPublicKeyPins("ssl.gstatic.com")); | 531 EXPECT_TRUE(HasStaticPublicKeyPins("ssl.gstatic.com")); |
| 523 EXPECT_TRUE(HasPublicKeyPins("gstatic.com")); | 532 EXPECT_TRUE(HasStaticPublicKeyPins("gstatic.com")); |
| 524 EXPECT_TRUE(HasPublicKeyPins("www.gstatic.com")); | 533 EXPECT_TRUE(HasStaticPublicKeyPins("www.gstatic.com")); |
| 525 EXPECT_TRUE(HasPublicKeyPins("ssl.google-analytics.com")); | 534 EXPECT_TRUE(HasStaticPublicKeyPins("ssl.google-analytics.com")); |
| 526 EXPECT_TRUE(HasPublicKeyPins("www.googleplex.com")); | 535 EXPECT_TRUE(HasStaticPublicKeyPins("www.googleplex.com")); |
| 527 | 536 |
| 528 // Disabled in order to help track down pinning failures --agl | 537 // Disabled in order to help track down pinning failures --agl |
| 529 EXPECT_TRUE(HasPublicKeyPins("twitter.com")); | 538 EXPECT_TRUE(HasStaticPublicKeyPins("twitter.com")); |
| 530 EXPECT_FALSE(HasPublicKeyPins("foo.twitter.com")); | 539 EXPECT_FALSE(HasStaticPublicKeyPins("foo.twitter.com")); |
| 531 EXPECT_TRUE(HasPublicKeyPins("www.twitter.com")); | 540 EXPECT_TRUE(HasStaticPublicKeyPins("www.twitter.com")); |
| 532 EXPECT_TRUE(HasPublicKeyPins("api.twitter.com")); | 541 EXPECT_TRUE(HasStaticPublicKeyPins("api.twitter.com")); |
| 533 EXPECT_TRUE(HasPublicKeyPins("oauth.twitter.com")); | 542 EXPECT_TRUE(HasStaticPublicKeyPins("oauth.twitter.com")); |
| 534 EXPECT_TRUE(HasPublicKeyPins("mobile.twitter.com")); | 543 EXPECT_TRUE(HasStaticPublicKeyPins("mobile.twitter.com")); |
| 535 EXPECT_TRUE(HasPublicKeyPins("dev.twitter.com")); | 544 EXPECT_TRUE(HasStaticPublicKeyPins("dev.twitter.com")); |
| 536 EXPECT_TRUE(HasPublicKeyPins("business.twitter.com")); | 545 EXPECT_TRUE(HasStaticPublicKeyPins("business.twitter.com")); |
| 537 EXPECT_TRUE(HasPublicKeyPins("platform.twitter.com")); | 546 EXPECT_TRUE(HasStaticPublicKeyPins("platform.twitter.com")); |
| 538 EXPECT_TRUE(HasPublicKeyPins("si0.twimg.com")); | 547 EXPECT_TRUE(HasStaticPublicKeyPins("si0.twimg.com")); |
| 539 } | 548 } |
| 540 | 549 |
| 541 static bool AddHash(const std::string& type_and_base64, | 550 static bool AddHash(const std::string& type_and_base64, |
| 542 HashValueVector* out) { | 551 HashValueVector* out) { |
| 543 HashValue hash; | 552 HashValue hash; |
| 544 if (!hash.FromString(type_and_base64)) | 553 if (!hash.FromString(type_and_base64)) |
| 545 return false; | 554 return false; |
| 546 | 555 |
| 547 out->push_back(hash); | 556 out->push_back(hash); |
| 548 return true; | 557 return true; |
| (...skipping 21 matching lines...) Expand all Loading... |
| 570 | 579 |
| 571 for (size_t i = 0; kGoodPath[i]; i++) { | 580 for (size_t i = 0; kGoodPath[i]; i++) { |
| 572 EXPECT_TRUE(AddHash(kGoodPath[i], &good_hashes)); | 581 EXPECT_TRUE(AddHash(kGoodPath[i], &good_hashes)); |
| 573 } | 582 } |
| 574 for (size_t i = 0; kBadPath[i]; i++) { | 583 for (size_t i = 0; kBadPath[i]; i++) { |
| 575 EXPECT_TRUE(AddHash(kBadPath[i], &bad_hashes)); | 584 EXPECT_TRUE(AddHash(kBadPath[i], &bad_hashes)); |
| 576 } | 585 } |
| 577 | 586 |
| 578 TransportSecurityState state; | 587 TransportSecurityState state; |
| 579 TransportSecurityState::DomainState domain_state; | 588 TransportSecurityState::DomainState domain_state; |
| 580 EXPECT_TRUE(state.GetDomainState("blog.torproject.org", true, &domain_state)); | 589 EXPECT_TRUE( |
| 590 state.GetStaticDomainState("blog.torproject.org", true, &domain_state)); |
| 581 EXPECT_TRUE(domain_state.HasPublicKeyPins()); | 591 EXPECT_TRUE(domain_state.HasPublicKeyPins()); |
| 582 | 592 |
| 583 std::string failure_log; | 593 std::string failure_log; |
| 584 EXPECT_TRUE(domain_state.CheckPublicKeyPins(good_hashes, &failure_log)); | 594 EXPECT_TRUE(domain_state.CheckPublicKeyPins(good_hashes, &failure_log)); |
| 585 EXPECT_FALSE(domain_state.CheckPublicKeyPins(bad_hashes, &failure_log)); | 595 EXPECT_FALSE(domain_state.CheckPublicKeyPins(bad_hashes, &failure_log)); |
| 586 } | 596 } |
| 587 | 597 |
| 588 TEST_F(TransportSecurityStateTest, OptionalHSTSCertPins) { | 598 TEST_F(TransportSecurityStateTest, OptionalHSTSCertPins) { |
| 589 TransportSecurityState state; | 599 TransportSecurityState state; |
| 590 TransportSecurityState::DomainState domain_state; | 600 TransportSecurityState::DomainState domain_state; |
| 591 | 601 |
| 592 EXPECT_FALSE(ShouldRedirect("www.google-analytics.com")); | 602 EXPECT_FALSE(StaticShouldRedirect("www.google-analytics.com")); |
| 593 | 603 |
| 594 EXPECT_FALSE(HasPublicKeyPins("www.google-analytics.com", false)); | 604 EXPECT_FALSE(HasStaticPublicKeyPins("www.google-analytics.com", false)); |
| 595 EXPECT_TRUE(HasPublicKeyPins("www.google-analytics.com")); | 605 EXPECT_TRUE(HasStaticPublicKeyPins("www.google-analytics.com")); |
| 596 EXPECT_TRUE(HasPublicKeyPins("google.com")); | 606 EXPECT_TRUE(HasStaticPublicKeyPins("google.com")); |
| 597 EXPECT_TRUE(HasPublicKeyPins("www.google.com")); | 607 EXPECT_TRUE(HasStaticPublicKeyPins("www.google.com")); |
| 598 EXPECT_TRUE(HasPublicKeyPins("mail-attachment.googleusercontent.com")); | 608 EXPECT_TRUE(HasStaticPublicKeyPins("mail-attachment.googleusercontent.com")); |
| 599 EXPECT_TRUE(HasPublicKeyPins("www.youtube.com")); | 609 EXPECT_TRUE(HasStaticPublicKeyPins("www.youtube.com")); |
| 600 EXPECT_TRUE(HasPublicKeyPins("i.ytimg.com")); | 610 EXPECT_TRUE(HasStaticPublicKeyPins("i.ytimg.com")); |
| 601 EXPECT_TRUE(HasPublicKeyPins("googleapis.com")); | 611 EXPECT_TRUE(HasStaticPublicKeyPins("googleapis.com")); |
| 602 EXPECT_TRUE(HasPublicKeyPins("ajax.googleapis.com")); | 612 EXPECT_TRUE(HasStaticPublicKeyPins("ajax.googleapis.com")); |
| 603 EXPECT_TRUE(HasPublicKeyPins("googleadservices.com")); | 613 EXPECT_TRUE(HasStaticPublicKeyPins("googleadservices.com")); |
| 604 EXPECT_TRUE(HasPublicKeyPins("pagead2.googleadservices.com")); | 614 EXPECT_TRUE(HasStaticPublicKeyPins("pagead2.googleadservices.com")); |
| 605 EXPECT_TRUE(HasPublicKeyPins("googlecode.com")); | 615 EXPECT_TRUE(HasStaticPublicKeyPins("googlecode.com")); |
| 606 EXPECT_TRUE(HasPublicKeyPins("kibbles.googlecode.com")); | 616 EXPECT_TRUE(HasStaticPublicKeyPins("kibbles.googlecode.com")); |
| 607 EXPECT_TRUE(HasPublicKeyPins("appspot.com")); | 617 EXPECT_TRUE(HasStaticPublicKeyPins("appspot.com")); |
| 608 EXPECT_TRUE(HasPublicKeyPins("googlesyndication.com")); | 618 EXPECT_TRUE(HasStaticPublicKeyPins("googlesyndication.com")); |
| 609 EXPECT_TRUE(HasPublicKeyPins("doubleclick.net")); | 619 EXPECT_TRUE(HasStaticPublicKeyPins("doubleclick.net")); |
| 610 EXPECT_TRUE(HasPublicKeyPins("ad.doubleclick.net")); | 620 EXPECT_TRUE(HasStaticPublicKeyPins("ad.doubleclick.net")); |
| 611 EXPECT_FALSE(HasPublicKeyPins("learn.doubleclick.net")); | 621 EXPECT_FALSE(HasStaticPublicKeyPins("learn.doubleclick.net")); |
| 612 EXPECT_TRUE(HasPublicKeyPins("a.googlegroups.com")); | 622 EXPECT_TRUE(HasStaticPublicKeyPins("a.googlegroups.com")); |
| 613 EXPECT_FALSE(HasPublicKeyPins("a.googlegroups.com", false)); | 623 EXPECT_FALSE(HasStaticPublicKeyPins("a.googlegroups.com", false)); |
| 614 } | 624 } |
| 615 | 625 |
| 616 TEST_F(TransportSecurityStateTest, OverrideBuiltins) { | 626 TEST_F(TransportSecurityStateTest, OverrideBuiltins) { |
| 617 EXPECT_TRUE(HasPublicKeyPins("google.com")); | 627 EXPECT_TRUE(HasStaticPublicKeyPins("google.com")); |
| 618 EXPECT_FALSE(ShouldRedirect("google.com")); | 628 EXPECT_FALSE(StaticShouldRedirect("google.com")); |
| 619 EXPECT_FALSE(ShouldRedirect("www.google.com")); | 629 EXPECT_FALSE(StaticShouldRedirect("www.google.com")); |
| 620 | 630 |
| 621 TransportSecurityState state; | 631 TransportSecurityState state; |
| 622 TransportSecurityState::DomainState domain_state; | 632 TransportSecurityState::DomainState domain_state; |
| 623 const base::Time current_time(base::Time::Now()); | 633 const base::Time current_time(base::Time::Now()); |
| 624 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); | 634 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); |
| 625 domain_state.upgrade_expiry = expiry; | 635 domain_state.sts.expiry = expiry; |
| 626 EnableHost(&state, "www.google.com", domain_state); | 636 EnableHost(&state, "www.google.com", domain_state); |
| 627 | 637 |
| 628 EXPECT_TRUE(state.GetDomainState("www.google.com", true, &domain_state)); | 638 EXPECT_TRUE(state.GetDynamicDomainState("www.google.com", &domain_state)); |
| 629 } | 639 } |
| 630 | 640 |
| 631 TEST_F(TransportSecurityStateTest, GooglePinnedProperties) { | 641 TEST_F(TransportSecurityStateTest, GooglePinnedProperties) { |
| 632 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty( | 642 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty( |
| 633 "www.example.com", true)); | 643 "www.example.com", true)); |
| 634 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty( | 644 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty( |
| 635 "www.paypal.com", true)); | 645 "www.paypal.com", true)); |
| 636 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty( | 646 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty( |
| 637 "mail.twitter.com", true)); | 647 "mail.twitter.com", true)); |
| 638 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty( | 648 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty( |
| (...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 685 // Expect to fail for SNI hosts when not searching the SNI list: | 695 // Expect to fail for SNI hosts when not searching the SNI list: |
| 686 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty( | 696 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty( |
| 687 "gmail.com", false)); | 697 "gmail.com", false)); |
| 688 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty( | 698 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty( |
| 689 "googlegroups.com", false)); | 699 "googlegroups.com", false)); |
| 690 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty( | 700 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty( |
| 691 "www.googlegroups.com", false)); | 701 "www.googlegroups.com", false)); |
| 692 } | 702 } |
| 693 | 703 |
| 694 } // namespace net | 704 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 103803012:
Make HSTS headers not clobber preloaded pins. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src