Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(692)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/url_request/url_request_unittest.cc

Issue 103803012: Make HSTS headers not clobber preloaded pins. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Rebase and updated comment. Created 6 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« net/http/transport_security_state.cc ('K') | « net/http/transport_security_state_unittest.cc ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/url_request/url_request_unittest.cc
diff --git a/net/url_request/url_request_unittest.cc b/net/url_request/url_request_unittest.cc
index 63e7c757244ddf6c31f28adcd369cd86c2a0ef48..b62c8624e2cff4c702f91d6f7ad192513733b79d 100644
--- a/net/url_request/url_request_unittest.cc
+++ b/net/url_request/url_request_unittest.cc
@@ -4921,9 +4921,9 @@ TEST_F(URLRequestTestHTTP, ProcessSTS) {
EXPECT_TRUE(security_state->GetDomainState(
SpawnedTestServer::kLocalhost, sni_available, &domain_state));
EXPECT_EQ(TransportSecurityState::DomainState::MODE_FORCE_HTTPS,
- domain_state.upgrade_mode);
- EXPECT_TRUE(domain_state.sts_include_subdomains);
- EXPECT_FALSE(domain_state.pkp_include_subdomains);
+ domain_state.dynamic_sts.upgrade_mode);
+ EXPECT_TRUE(domain_state.dynamic_sts.include_subdomains);
+ EXPECT_FALSE(domain_state.dynamic_pkp.include_subdomains);
#if defined(OS_ANDROID)
// Android's CertVerifyProc does not (yet) handle pins.
#else
@@ -4965,12 +4965,11 @@ TEST_F(URLRequestTestHTTP, MAYBE_ProcessPKP) {
EXPECT_TRUE(security_state->GetDomainState(
SpawnedTestServer::kLocalhost, sni_available, &domain_state));
EXPECT_EQ(TransportSecurityState::DomainState::MODE_DEFAULT,
- domain_state.upgrade_mode);
- EXPECT_FALSE(domain_state.sts_include_subdomains);
- EXPECT_FALSE(domain_state.pkp_include_subdomains);
+ domain_state.dynamic_sts.upgrade_mode);
+ EXPECT_FALSE(domain_state.dynamic_sts.include_subdomains);
+ EXPECT_FALSE(domain_state.dynamic_pkp.include_subdomains);
EXPECT_TRUE(domain_state.HasPublicKeyPins());
- EXPECT_NE(domain_state.upgrade_expiry,
- domain_state.dynamic_spki_hashes_expiry);
+ EXPECT_NE(domain_state.dynamic_sts.expiry, domain_state.dynamic_pkp.expiry);
}
TEST_F(URLRequestTestHTTP, ProcessSTSOnce) {
@@ -4998,9 +4997,9 @@ TEST_F(URLRequestTestHTTP, ProcessSTSOnce) {
EXPECT_TRUE(security_state->GetDomainState(
SpawnedTestServer::kLocalhost, sni_available, &domain_state));
EXPECT_EQ(TransportSecurityState::DomainState::MODE_FORCE_HTTPS,
- domain_state.upgrade_mode);
- EXPECT_FALSE(domain_state.sts_include_subdomains);
- EXPECT_FALSE(domain_state.pkp_include_subdomains);
+ domain_state.dynamic_sts.upgrade_mode);
+ EXPECT_FALSE(domain_state.dynamic_sts.include_subdomains);
+ EXPECT_FALSE(domain_state.dynamic_pkp.include_subdomains);
}
TEST_F(URLRequestTestHTTP, ProcessSTSAndPKP) {
@@ -5028,20 +5027,19 @@ TEST_F(URLRequestTestHTTP, ProcessSTSAndPKP) {
EXPECT_TRUE(security_state->GetDomainState(
SpawnedTestServer::kLocalhost, sni_available, &domain_state));
EXPECT_EQ(TransportSecurityState::DomainState::MODE_FORCE_HTTPS,
- domain_state.upgrade_mode);
+ domain_state.dynamic_sts.upgrade_mode);
#if defined(OS_ANDROID)
// Android's CertVerifyProc does not (yet) handle pins.
#else
EXPECT_TRUE(domain_state.HasPublicKeyPins());
#endif
- EXPECT_NE(domain_state.upgrade_expiry,
- domain_state.dynamic_spki_hashes_expiry);
+ EXPECT_NE(domain_state.dynamic_sts.expiry, domain_state.dynamic_pkp.expiry);
// Even though there is an HSTS header asserting includeSubdomains, it is
// the *second* such header, and we MUST process only the first.
- EXPECT_FALSE(domain_state.sts_include_subdomains);
+ EXPECT_FALSE(domain_state.dynamic_sts.include_subdomains);
// includeSubdomains does not occur in the test HPKP header.
- EXPECT_FALSE(domain_state.pkp_include_subdomains);
+ EXPECT_FALSE(domain_state.dynamic_pkp.include_subdomains);
}
// Tests that when multiple HPKP headers are present, asserting different
@@ -5070,17 +5068,16 @@ TEST_F(URLRequestTestHTTP, ProcessSTSAndPKP2) {
EXPECT_TRUE(security_state->GetDomainState(
SpawnedTestServer::kLocalhost, sni_available, &domain_state));
EXPECT_EQ(TransportSecurityState::DomainState::MODE_FORCE_HTTPS,
- domain_state.upgrade_mode);
+ domain_state.dynamic_sts.upgrade_mode);
#if defined(OS_ANDROID)
// Android's CertVerifyProc does not (yet) handle pins.
#else
EXPECT_TRUE(domain_state.HasPublicKeyPins());
#endif
- EXPECT_NE(domain_state.upgrade_expiry,
- domain_state.dynamic_spki_hashes_expiry);
+ EXPECT_NE(domain_state.dynamic_sts.expiry, domain_state.dynamic_pkp.expiry);
- EXPECT_TRUE(domain_state.sts_include_subdomains);
- EXPECT_FALSE(domain_state.pkp_include_subdomains);
+ EXPECT_TRUE(domain_state.dynamic_sts.include_subdomains);
+ EXPECT_FALSE(domain_state.dynamic_pkp.include_subdomains);
}
TEST_F(URLRequestTestHTTP, ContentTypeNormalizationTest) {
@@ -6300,17 +6297,18 @@ TEST_F(HTTPSRequestTest, HTTPSErrorsNoClobberTSSTest) {
TransportSecurityState::DomainState new_domain_state;
EXPECT_TRUE(transport_security_state.GetDomainState("www.google.com", true,
&new_domain_state));
- EXPECT_EQ(new_domain_state.upgrade_mode, domain_state.upgrade_mode);
- EXPECT_EQ(new_domain_state.sts_include_subdomains,
- domain_state.sts_include_subdomains);
- EXPECT_EQ(new_domain_state.pkp_include_subdomains,
- domain_state.pkp_include_subdomains);
- EXPECT_TRUE(FingerprintsEqual(new_domain_state.static_spki_hashes,
- domain_state.static_spki_hashes));
- EXPECT_TRUE(FingerprintsEqual(new_domain_state.dynamic_spki_hashes,
- domain_state.dynamic_spki_hashes));
- EXPECT_TRUE(FingerprintsEqual(new_domain_state.bad_static_spki_hashes,
- domain_state.bad_static_spki_hashes));
+ EXPECT_EQ(new_domain_state.dynamic_sts.upgrade_mode,
+ domain_state.dynamic_sts.upgrade_mode);
+ EXPECT_EQ(new_domain_state.dynamic_sts.include_subdomains,
+ domain_state.dynamic_sts.include_subdomains);
+ EXPECT_EQ(new_domain_state.dynamic_pkp.include_subdomains,
+ domain_state.dynamic_pkp.include_subdomains);
+ EXPECT_TRUE(FingerprintsEqual(new_domain_state.static_pkp.spki_hashes,
+ domain_state.static_pkp.spki_hashes));
+ EXPECT_TRUE(FingerprintsEqual(new_domain_state.dynamic_pkp.spki_hashes,
+ domain_state.dynamic_pkp.spki_hashes));
+ EXPECT_TRUE(FingerprintsEqual(new_domain_state.static_pkp.bad_spki_hashes,
+ domain_state.static_pkp.bad_spki_hashes));
}
// Make sure HSTS preserves a POST request's method and body.
« net/http/transport_security_state.cc ('K') | « net/http/transport_security_state_unittest.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698