Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(2127)

Unified Diff: net/url_request/url_request_unittest.cc

Issue 1059303002: Don't process HSTS/HPKP headers when host is an IP address (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: ugly workaround for mac 10.6 getaddrinfo bug Created 5 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/url_request/url_request_http_job.cc ('k') | net/websockets/websocket_end_to_end_test.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/url_request/url_request_unittest.cc
diff --git a/net/url_request/url_request_unittest.cc b/net/url_request/url_request_unittest.cc
index 52b63a1591710ddabd2d7d0c39d731cdd82c201e..ed04ba6091a63e42e383734e194953132ccb3631 100644
--- a/net/url_request/url_request_unittest.cc
+++ b/net/url_request/url_request_unittest.cc
@@ -5258,13 +5258,16 @@ TEST_F(URLRequestTestHTTP, ResponseHeadersTest) {
}
TEST_F(URLRequestTestHTTP, ProcessSTS) {
- SpawnedTestServer::SSLOptions ssl_options;
+ SpawnedTestServer::SSLOptions ssl_options(
+ SpawnedTestServer::SSLOptions::CERT_COMMON_NAME_IS_DOMAIN);
SpawnedTestServer https_test_server(
SpawnedTestServer::TYPE_HTTPS,
ssl_options,
base::FilePath(FILE_PATH_LITERAL("net/data/url_request_unittest")));
ASSERT_TRUE(https_test_server.Start());
+ std::string test_server_hostname = https_test_server.GetURL("").host();
+
TestDelegate d;
scoped_ptr<URLRequest> request(default_context_.CreateRequest(
https_test_server.GetURL("files/hsts-headers.html"), DEFAULT_PRIORITY,
@@ -5275,8 +5278,8 @@ TEST_F(URLRequestTestHTTP, ProcessSTS) {
TransportSecurityState* security_state =
default_context_.transport_security_state();
TransportSecurityState::DomainState domain_state;
- EXPECT_TRUE(security_state->GetDynamicDomainState(
- SpawnedTestServer::kLocalhost, &domain_state));
+ EXPECT_TRUE(security_state->GetDynamicDomainState(test_server_hostname,
+ &domain_state));
EXPECT_EQ(TransportSecurityState::DomainState::MODE_FORCE_HTTPS,
domain_state.sts.upgrade_mode);
EXPECT_TRUE(domain_state.sts.include_subdomains);
@@ -5288,6 +5291,30 @@ TEST_F(URLRequestTestHTTP, ProcessSTS) {
#endif
}
+TEST_F(URLRequestTestHTTP, STSNotProcessedOnIP) {
+ SpawnedTestServer https_test_server(
+ SpawnedTestServer::TYPE_HTTPS, SpawnedTestServer::SSLOptions(),
+ base::FilePath(FILE_PATH_LITERAL("net/data/url_request_unittest")));
+ ASSERT_TRUE(https_test_server.Start());
+ // Make sure this test fails if the test server is changed to not
+ // listen on an IP by default.
+ ASSERT_TRUE(https_test_server.GetURL("").HostIsIPAddress());
+ std::string test_server_hostname = https_test_server.GetURL("").host();
+
+ TestDelegate d;
+ scoped_ptr<URLRequest> request(default_context_.CreateRequest(
+ https_test_server.GetURL("files/hsts-headers.html"), DEFAULT_PRIORITY,
+ &d));
+ request->Start();
+ base::RunLoop().Run();
+
+ TransportSecurityState* security_state =
+ default_context_.transport_security_state();
+ TransportSecurityState::DomainState domain_state;
+ EXPECT_FALSE(security_state->GetDynamicDomainState(test_server_hostname,
+ &domain_state));
+}
+
// Android's CertVerifyProc does not (yet) handle pins. Therefore, it will
// reject HPKP headers, and a test setting only HPKP headers will fail (no
// DomainState present because header rejected).
@@ -5300,13 +5327,16 @@ TEST_F(URLRequestTestHTTP, ProcessSTS) {
// Tests that enabling HPKP on a domain does not affect the HSTS
// validity/expiration.
TEST_F(URLRequestTestHTTP, MAYBE_ProcessPKP) {
- SpawnedTestServer::SSLOptions ssl_options;
+ SpawnedTestServer::SSLOptions ssl_options(
+ SpawnedTestServer::SSLOptions::CERT_COMMON_NAME_IS_DOMAIN);
SpawnedTestServer https_test_server(
SpawnedTestServer::TYPE_HTTPS,
ssl_options,
base::FilePath(FILE_PATH_LITERAL("net/data/url_request_unittest")));
ASSERT_TRUE(https_test_server.Start());
+ std::string test_server_hostname = https_test_server.GetURL("").host();
+
TestDelegate d;
scoped_ptr<URLRequest> request(default_context_.CreateRequest(
https_test_server.GetURL("files/hpkp-headers.html"), DEFAULT_PRIORITY,
@@ -5317,8 +5347,8 @@ TEST_F(URLRequestTestHTTP, MAYBE_ProcessPKP) {
TransportSecurityState* security_state =
default_context_.transport_security_state();
TransportSecurityState::DomainState domain_state;
- EXPECT_TRUE(security_state->GetDynamicDomainState(
- SpawnedTestServer::kLocalhost, &domain_state));
+ EXPECT_TRUE(security_state->GetDynamicDomainState(test_server_hostname,
+ &domain_state));
EXPECT_EQ(TransportSecurityState::DomainState::MODE_DEFAULT,
domain_state.sts.upgrade_mode);
EXPECT_FALSE(domain_state.sts.include_subdomains);
@@ -5327,14 +5357,41 @@ TEST_F(URLRequestTestHTTP, MAYBE_ProcessPKP) {
EXPECT_NE(domain_state.sts.expiry, domain_state.pkp.expiry);
}
+TEST_F(URLRequestTestHTTP, PKPNotProcessedOnIP) {
+ SpawnedTestServer https_test_server(
+ SpawnedTestServer::TYPE_HTTPS, SpawnedTestServer::SSLOptions(),
+ base::FilePath(FILE_PATH_LITERAL("net/data/url_request_unittest")));
+ ASSERT_TRUE(https_test_server.Start());
+ // Make sure this test fails if the test server is changed to not
+ // listen on an IP by default.
+ ASSERT_TRUE(https_test_server.GetURL("").HostIsIPAddress());
+ std::string test_server_hostname = https_test_server.GetURL("").host();
+
+ TestDelegate d;
+ scoped_ptr<URLRequest> request(default_context_.CreateRequest(
+ https_test_server.GetURL("files/hpkp-headers.html"), DEFAULT_PRIORITY,
+ &d));
+ request->Start();
+ base::RunLoop().Run();
+
+ TransportSecurityState* security_state =
+ default_context_.transport_security_state();
+ TransportSecurityState::DomainState domain_state;
+ EXPECT_FALSE(security_state->GetDynamicDomainState(test_server_hostname,
+ &domain_state));
+}
+
TEST_F(URLRequestTestHTTP, ProcessSTSOnce) {
- SpawnedTestServer::SSLOptions ssl_options;
+ SpawnedTestServer::SSLOptions ssl_options(
+ SpawnedTestServer::SSLOptions::CERT_COMMON_NAME_IS_DOMAIN);
SpawnedTestServer https_test_server(
SpawnedTestServer::TYPE_HTTPS,
ssl_options,
base::FilePath(FILE_PATH_LITERAL("net/data/url_request_unittest")));
ASSERT_TRUE(https_test_server.Start());
+ std::string test_server_hostname = https_test_server.GetURL("").host();
+
TestDelegate d;
scoped_ptr<URLRequest> request(default_context_.CreateRequest(
https_test_server.GetURL("files/hsts-multiple-headers.html"),
@@ -5346,8 +5403,8 @@ TEST_F(URLRequestTestHTTP, ProcessSTSOnce) {
TransportSecurityState* security_state =
default_context_.transport_security_state();
TransportSecurityState::DomainState domain_state;
- EXPECT_TRUE(security_state->GetDynamicDomainState(
- SpawnedTestServer::kLocalhost, &domain_state));
+ EXPECT_TRUE(security_state->GetDynamicDomainState(test_server_hostname,
+ &domain_state));
EXPECT_EQ(TransportSecurityState::DomainState::MODE_FORCE_HTTPS,
domain_state.sts.upgrade_mode);
EXPECT_FALSE(domain_state.sts.include_subdomains);
@@ -5355,13 +5412,16 @@ TEST_F(URLRequestTestHTTP, ProcessSTSOnce) {
}
TEST_F(URLRequestTestHTTP, ProcessSTSAndPKP) {
- SpawnedTestServer::SSLOptions ssl_options;
+ SpawnedTestServer::SSLOptions ssl_options(
+ SpawnedTestServer::SSLOptions::CERT_COMMON_NAME_IS_DOMAIN);
SpawnedTestServer https_test_server(
SpawnedTestServer::TYPE_HTTPS,
ssl_options,
base::FilePath(FILE_PATH_LITERAL("net/data/url_request_unittest")));
ASSERT_TRUE(https_test_server.Start());
+ std::string test_server_hostname = https_test_server.GetURL("").host();
+
TestDelegate d;
scoped_ptr<URLRequest> request(default_context_.CreateRequest(
https_test_server.GetURL("files/hsts-and-hpkp-headers.html"),
@@ -5373,8 +5433,8 @@ TEST_F(URLRequestTestHTTP, ProcessSTSAndPKP) {
TransportSecurityState* security_state =
default_context_.transport_security_state();
TransportSecurityState::DomainState domain_state;
- EXPECT_TRUE(security_state->GetDynamicDomainState(
- SpawnedTestServer::kLocalhost, &domain_state));
+ EXPECT_TRUE(security_state->GetDynamicDomainState(test_server_hostname,
+ &domain_state));
EXPECT_EQ(TransportSecurityState::DomainState::MODE_FORCE_HTTPS,
domain_state.sts.upgrade_mode);
#if defined(OS_ANDROID)
@@ -5394,13 +5454,16 @@ TEST_F(URLRequestTestHTTP, ProcessSTSAndPKP) {
// Tests that when multiple HPKP headers are present, asserting different
// policies, that only the first such policy is processed.
TEST_F(URLRequestTestHTTP, ProcessSTSAndPKP2) {
- SpawnedTestServer::SSLOptions ssl_options;
+ SpawnedTestServer::SSLOptions ssl_options(
+ SpawnedTestServer::SSLOptions::CERT_COMMON_NAME_IS_DOMAIN);
SpawnedTestServer https_test_server(
SpawnedTestServer::TYPE_HTTPS,
ssl_options,
base::FilePath(FILE_PATH_LITERAL("net/data/url_request_unittest")));
ASSERT_TRUE(https_test_server.Start());
+ std::string test_server_hostname = https_test_server.GetURL("").host();
+
TestDelegate d;
scoped_ptr<URLRequest> request(default_context_.CreateRequest(
https_test_server.GetURL("files/hsts-and-hpkp-headers2.html"),
@@ -5411,8 +5474,8 @@ TEST_F(URLRequestTestHTTP, ProcessSTSAndPKP2) {
TransportSecurityState* security_state =
default_context_.transport_security_state();
TransportSecurityState::DomainState domain_state;
- EXPECT_TRUE(security_state->GetDynamicDomainState(
- SpawnedTestServer::kLocalhost, &domain_state));
+ EXPECT_TRUE(security_state->GetDynamicDomainState(test_server_hostname,
+ &domain_state));
EXPECT_EQ(TransportSecurityState::DomainState::MODE_FORCE_HTTPS,
domain_state.sts.upgrade_mode);
#if defined(OS_ANDROID)
« no previous file with comments | « net/url_request/url_request_http_job.cc ('k') | net/websockets/websocket_end_to_end_test.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698