| Index: net/url_request/url_request_unittest.cc
|
| diff --git a/net/url_request/url_request_unittest.cc b/net/url_request/url_request_unittest.cc
|
| index 52b63a1591710ddabd2d7d0c39d731cdd82c201e..ed04ba6091a63e42e383734e194953132ccb3631 100644
|
| --- a/net/url_request/url_request_unittest.cc
|
| +++ b/net/url_request/url_request_unittest.cc
|
| @@ -5258,13 +5258,16 @@ TEST_F(URLRequestTestHTTP, ResponseHeadersTest) {
|
| }
|
|
|
| TEST_F(URLRequestTestHTTP, ProcessSTS) {
|
| - SpawnedTestServer::SSLOptions ssl_options;
|
| + SpawnedTestServer::SSLOptions ssl_options(
|
| + SpawnedTestServer::SSLOptions::CERT_COMMON_NAME_IS_DOMAIN);
|
| SpawnedTestServer https_test_server(
|
| SpawnedTestServer::TYPE_HTTPS,
|
| ssl_options,
|
| base::FilePath(FILE_PATH_LITERAL("net/data/url_request_unittest")));
|
| ASSERT_TRUE(https_test_server.Start());
|
|
|
| + std::string test_server_hostname = https_test_server.GetURL("").host();
|
| +
|
| TestDelegate d;
|
| scoped_ptr<URLRequest> request(default_context_.CreateRequest(
|
| https_test_server.GetURL("files/hsts-headers.html"), DEFAULT_PRIORITY,
|
| @@ -5275,8 +5278,8 @@ TEST_F(URLRequestTestHTTP, ProcessSTS) {
|
| TransportSecurityState* security_state =
|
| default_context_.transport_security_state();
|
| TransportSecurityState::DomainState domain_state;
|
| - EXPECT_TRUE(security_state->GetDynamicDomainState(
|
| - SpawnedTestServer::kLocalhost, &domain_state));
|
| + EXPECT_TRUE(security_state->GetDynamicDomainState(test_server_hostname,
|
| + &domain_state));
|
| EXPECT_EQ(TransportSecurityState::DomainState::MODE_FORCE_HTTPS,
|
| domain_state.sts.upgrade_mode);
|
| EXPECT_TRUE(domain_state.sts.include_subdomains);
|
| @@ -5288,6 +5291,30 @@ TEST_F(URLRequestTestHTTP, ProcessSTS) {
|
| #endif
|
| }
|
|
|
| +TEST_F(URLRequestTestHTTP, STSNotProcessedOnIP) {
|
| + SpawnedTestServer https_test_server(
|
| + SpawnedTestServer::TYPE_HTTPS, SpawnedTestServer::SSLOptions(),
|
| + base::FilePath(FILE_PATH_LITERAL("net/data/url_request_unittest")));
|
| + ASSERT_TRUE(https_test_server.Start());
|
| + // Make sure this test fails if the test server is changed to not
|
| + // listen on an IP by default.
|
| + ASSERT_TRUE(https_test_server.GetURL("").HostIsIPAddress());
|
| + std::string test_server_hostname = https_test_server.GetURL("").host();
|
| +
|
| + TestDelegate d;
|
| + scoped_ptr<URLRequest> request(default_context_.CreateRequest(
|
| + https_test_server.GetURL("files/hsts-headers.html"), DEFAULT_PRIORITY,
|
| + &d));
|
| + request->Start();
|
| + base::RunLoop().Run();
|
| +
|
| + TransportSecurityState* security_state =
|
| + default_context_.transport_security_state();
|
| + TransportSecurityState::DomainState domain_state;
|
| + EXPECT_FALSE(security_state->GetDynamicDomainState(test_server_hostname,
|
| + &domain_state));
|
| +}
|
| +
|
| // Android's CertVerifyProc does not (yet) handle pins. Therefore, it will
|
| // reject HPKP headers, and a test setting only HPKP headers will fail (no
|
| // DomainState present because header rejected).
|
| @@ -5300,13 +5327,16 @@ TEST_F(URLRequestTestHTTP, ProcessSTS) {
|
| // Tests that enabling HPKP on a domain does not affect the HSTS
|
| // validity/expiration.
|
| TEST_F(URLRequestTestHTTP, MAYBE_ProcessPKP) {
|
| - SpawnedTestServer::SSLOptions ssl_options;
|
| + SpawnedTestServer::SSLOptions ssl_options(
|
| + SpawnedTestServer::SSLOptions::CERT_COMMON_NAME_IS_DOMAIN);
|
| SpawnedTestServer https_test_server(
|
| SpawnedTestServer::TYPE_HTTPS,
|
| ssl_options,
|
| base::FilePath(FILE_PATH_LITERAL("net/data/url_request_unittest")));
|
| ASSERT_TRUE(https_test_server.Start());
|
|
|
| + std::string test_server_hostname = https_test_server.GetURL("").host();
|
| +
|
| TestDelegate d;
|
| scoped_ptr<URLRequest> request(default_context_.CreateRequest(
|
| https_test_server.GetURL("files/hpkp-headers.html"), DEFAULT_PRIORITY,
|
| @@ -5317,8 +5347,8 @@ TEST_F(URLRequestTestHTTP, MAYBE_ProcessPKP) {
|
| TransportSecurityState* security_state =
|
| default_context_.transport_security_state();
|
| TransportSecurityState::DomainState domain_state;
|
| - EXPECT_TRUE(security_state->GetDynamicDomainState(
|
| - SpawnedTestServer::kLocalhost, &domain_state));
|
| + EXPECT_TRUE(security_state->GetDynamicDomainState(test_server_hostname,
|
| + &domain_state));
|
| EXPECT_EQ(TransportSecurityState::DomainState::MODE_DEFAULT,
|
| domain_state.sts.upgrade_mode);
|
| EXPECT_FALSE(domain_state.sts.include_subdomains);
|
| @@ -5327,14 +5357,41 @@ TEST_F(URLRequestTestHTTP, MAYBE_ProcessPKP) {
|
| EXPECT_NE(domain_state.sts.expiry, domain_state.pkp.expiry);
|
| }
|
|
|
| +TEST_F(URLRequestTestHTTP, PKPNotProcessedOnIP) {
|
| + SpawnedTestServer https_test_server(
|
| + SpawnedTestServer::TYPE_HTTPS, SpawnedTestServer::SSLOptions(),
|
| + base::FilePath(FILE_PATH_LITERAL("net/data/url_request_unittest")));
|
| + ASSERT_TRUE(https_test_server.Start());
|
| + // Make sure this test fails if the test server is changed to not
|
| + // listen on an IP by default.
|
| + ASSERT_TRUE(https_test_server.GetURL("").HostIsIPAddress());
|
| + std::string test_server_hostname = https_test_server.GetURL("").host();
|
| +
|
| + TestDelegate d;
|
| + scoped_ptr<URLRequest> request(default_context_.CreateRequest(
|
| + https_test_server.GetURL("files/hpkp-headers.html"), DEFAULT_PRIORITY,
|
| + &d));
|
| + request->Start();
|
| + base::RunLoop().Run();
|
| +
|
| + TransportSecurityState* security_state =
|
| + default_context_.transport_security_state();
|
| + TransportSecurityState::DomainState domain_state;
|
| + EXPECT_FALSE(security_state->GetDynamicDomainState(test_server_hostname,
|
| + &domain_state));
|
| +}
|
| +
|
| TEST_F(URLRequestTestHTTP, ProcessSTSOnce) {
|
| - SpawnedTestServer::SSLOptions ssl_options;
|
| + SpawnedTestServer::SSLOptions ssl_options(
|
| + SpawnedTestServer::SSLOptions::CERT_COMMON_NAME_IS_DOMAIN);
|
| SpawnedTestServer https_test_server(
|
| SpawnedTestServer::TYPE_HTTPS,
|
| ssl_options,
|
| base::FilePath(FILE_PATH_LITERAL("net/data/url_request_unittest")));
|
| ASSERT_TRUE(https_test_server.Start());
|
|
|
| + std::string test_server_hostname = https_test_server.GetURL("").host();
|
| +
|
| TestDelegate d;
|
| scoped_ptr<URLRequest> request(default_context_.CreateRequest(
|
| https_test_server.GetURL("files/hsts-multiple-headers.html"),
|
| @@ -5346,8 +5403,8 @@ TEST_F(URLRequestTestHTTP, ProcessSTSOnce) {
|
| TransportSecurityState* security_state =
|
| default_context_.transport_security_state();
|
| TransportSecurityState::DomainState domain_state;
|
| - EXPECT_TRUE(security_state->GetDynamicDomainState(
|
| - SpawnedTestServer::kLocalhost, &domain_state));
|
| + EXPECT_TRUE(security_state->GetDynamicDomainState(test_server_hostname,
|
| + &domain_state));
|
| EXPECT_EQ(TransportSecurityState::DomainState::MODE_FORCE_HTTPS,
|
| domain_state.sts.upgrade_mode);
|
| EXPECT_FALSE(domain_state.sts.include_subdomains);
|
| @@ -5355,13 +5412,16 @@ TEST_F(URLRequestTestHTTP, ProcessSTSOnce) {
|
| }
|
|
|
| TEST_F(URLRequestTestHTTP, ProcessSTSAndPKP) {
|
| - SpawnedTestServer::SSLOptions ssl_options;
|
| + SpawnedTestServer::SSLOptions ssl_options(
|
| + SpawnedTestServer::SSLOptions::CERT_COMMON_NAME_IS_DOMAIN);
|
| SpawnedTestServer https_test_server(
|
| SpawnedTestServer::TYPE_HTTPS,
|
| ssl_options,
|
| base::FilePath(FILE_PATH_LITERAL("net/data/url_request_unittest")));
|
| ASSERT_TRUE(https_test_server.Start());
|
|
|
| + std::string test_server_hostname = https_test_server.GetURL("").host();
|
| +
|
| TestDelegate d;
|
| scoped_ptr<URLRequest> request(default_context_.CreateRequest(
|
| https_test_server.GetURL("files/hsts-and-hpkp-headers.html"),
|
| @@ -5373,8 +5433,8 @@ TEST_F(URLRequestTestHTTP, ProcessSTSAndPKP) {
|
| TransportSecurityState* security_state =
|
| default_context_.transport_security_state();
|
| TransportSecurityState::DomainState domain_state;
|
| - EXPECT_TRUE(security_state->GetDynamicDomainState(
|
| - SpawnedTestServer::kLocalhost, &domain_state));
|
| + EXPECT_TRUE(security_state->GetDynamicDomainState(test_server_hostname,
|
| + &domain_state));
|
| EXPECT_EQ(TransportSecurityState::DomainState::MODE_FORCE_HTTPS,
|
| domain_state.sts.upgrade_mode);
|
| #if defined(OS_ANDROID)
|
| @@ -5394,13 +5454,16 @@ TEST_F(URLRequestTestHTTP, ProcessSTSAndPKP) {
|
| // Tests that when multiple HPKP headers are present, asserting different
|
| // policies, that only the first such policy is processed.
|
| TEST_F(URLRequestTestHTTP, ProcessSTSAndPKP2) {
|
| - SpawnedTestServer::SSLOptions ssl_options;
|
| + SpawnedTestServer::SSLOptions ssl_options(
|
| + SpawnedTestServer::SSLOptions::CERT_COMMON_NAME_IS_DOMAIN);
|
| SpawnedTestServer https_test_server(
|
| SpawnedTestServer::TYPE_HTTPS,
|
| ssl_options,
|
| base::FilePath(FILE_PATH_LITERAL("net/data/url_request_unittest")));
|
| ASSERT_TRUE(https_test_server.Start());
|
|
|
| + std::string test_server_hostname = https_test_server.GetURL("").host();
|
| +
|
| TestDelegate d;
|
| scoped_ptr<URLRequest> request(default_context_.CreateRequest(
|
| https_test_server.GetURL("files/hsts-and-hpkp-headers2.html"),
|
| @@ -5411,8 +5474,8 @@ TEST_F(URLRequestTestHTTP, ProcessSTSAndPKP2) {
|
| TransportSecurityState* security_state =
|
| default_context_.transport_security_state();
|
| TransportSecurityState::DomainState domain_state;
|
| - EXPECT_TRUE(security_state->GetDynamicDomainState(
|
| - SpawnedTestServer::kLocalhost, &domain_state));
|
| + EXPECT_TRUE(security_state->GetDynamicDomainState(test_server_hostname,
|
| + &domain_state));
|
| EXPECT_EQ(TransportSecurityState::DomainState::MODE_FORCE_HTTPS,
|
| domain_state.sts.upgrade_mode);
|
| #if defined(OS_ANDROID)
|
|
|
Chromium Code Reviews
Issue 1059303002:
Don't process HSTS/HPKP headers when host is an IP address (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master