Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(9)

Side by Side Diff: net/base/transport_security_state_unittest.cc

Issue 11274032: Separate http_security_headers from transport_security_state (Closed) Base URL: https://src.chromium.org/chrome/trunk/src/
Patch Set: Created 8 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/base/transport_security_state.h" 5 #include "net/base/transport_security_state.h"
6 6
7 #include <algorithm> 7 #include <algorithm>
8 #include <string> 8 #include <string>
9 #include <vector> 9 #include <vector>
10 10
(...skipping 27 matching lines...) Expand all
38 class TransportSecurityStateTest : public testing::Test { 38 class TransportSecurityStateTest : public testing::Test {
39 virtual void SetUp() { 39 virtual void SetUp() {
40 #if defined(USE_OPENSSL) 40 #if defined(USE_OPENSSL)
41 crypto::EnsureOpenSSLInit(); 41 crypto::EnsureOpenSSLInit();
42 #else 42 #else
43 crypto::EnsureNSSInit(); 43 crypto::EnsureNSSInit();
44 #endif 44 #endif
45 } 45 }
46 }; 46 };
47 47
48 TEST_F(TransportSecurityStateTest, BogusHeaders) {
49 TransportSecurityState::DomainState state;
50 base::Time now = base::Time::Now();
51
52 EXPECT_FALSE(state.ParseSTSHeader(now, ""));
53 EXPECT_FALSE(state.ParseSTSHeader(now, " "));
54 EXPECT_FALSE(state.ParseSTSHeader(now, "abc"));
55 EXPECT_FALSE(state.ParseSTSHeader(now, " abc"));
56 EXPECT_FALSE(state.ParseSTSHeader(now, " abc "));
57 EXPECT_FALSE(state.ParseSTSHeader(now, "max-age"));
58 EXPECT_FALSE(state.ParseSTSHeader(now, " max-age"));
59 EXPECT_FALSE(state.ParseSTSHeader(now, " max-age "));
60 EXPECT_FALSE(state.ParseSTSHeader(now, "max-age="));
61 EXPECT_FALSE(state.ParseSTSHeader(now, " max-age="));
62 EXPECT_FALSE(state.ParseSTSHeader(now, " max-age ="));
63 EXPECT_FALSE(state.ParseSTSHeader(now, " max-age= "));
64 EXPECT_FALSE(state.ParseSTSHeader(now, " max-age = "));
65 EXPECT_FALSE(state.ParseSTSHeader(now, " max-age = xy"));
66 EXPECT_FALSE(state.ParseSTSHeader(now, " max-age = 3488a923"));
67 EXPECT_FALSE(state.ParseSTSHeader(now, "max-age=3488a923 "));
68 EXPECT_FALSE(state.ParseSTSHeader(now, "max-ag=3488923"));
69 EXPECT_FALSE(state.ParseSTSHeader(now, "max-aged=3488923"));
70 EXPECT_FALSE(state.ParseSTSHeader(now, "max-age==3488923"));
71 EXPECT_FALSE(state.ParseSTSHeader(now, "amax-age=3488923"));
72 EXPECT_FALSE(state.ParseSTSHeader(now, "max-age=-3488923"));
73 EXPECT_FALSE(state.ParseSTSHeader(now, "max-age=3488923;"));
74 EXPECT_FALSE(state.ParseSTSHeader(now, "max-age=3488923 e"));
75 EXPECT_FALSE(state.ParseSTSHeader(
76 now, "max-age=3488923 includesubdomain"));
77 EXPECT_FALSE(state.ParseSTSHeader(now, "max-age=3488923includesubdomains"));
78 EXPECT_FALSE(state.ParseSTSHeader(now, "max-age=3488923=includesubdomains"));
79 EXPECT_FALSE(state.ParseSTSHeader(now, "max-age=3488923 includesubdomainx"));
80 EXPECT_FALSE(state.ParseSTSHeader(now, "max-age=3488923 includesubdomain="));
81 EXPECT_FALSE(state.ParseSTSHeader(
82 now, "max-age=3488923 includesubdomain=true"));
83 EXPECT_FALSE(state.ParseSTSHeader(now, "max-age=3488923 includesubdomainsx"));
84 EXPECT_FALSE(state.ParseSTSHeader(
85 now, "max-age=3488923 includesubdomains x"));
86 EXPECT_FALSE(state.ParseSTSHeader(now, "max-age=34889.23 includesubdomains"));
87 EXPECT_FALSE(state.ParseSTSHeader(now, "max-age=34889 includesubdomains"));
88
89 // Check that |state| was not updated by expecting the default
90 // values for its predictable fields.
91 EXPECT_EQ(state.upgrade_mode,
92 TransportSecurityState::DomainState::MODE_FORCE_HTTPS);
93 EXPECT_FALSE(state.include_subdomains);
94 }
95
96 static bool GetPublicKeyHash(const net::X509Certificate::OSCertHandle& cert,
97 HashValue* hash) {
98 std::string der_bytes;
99 if (!net::X509Certificate::GetDEREncoded(cert, &der_bytes))
100 return false;
101
102 base::StringPiece spki;
103 if (!asn1::ExtractSPKIFromDERCert(der_bytes, &spki))
104 return false;
105
106 switch (hash->tag) {
107 case HASH_VALUE_SHA1:
108 base::SHA1HashBytes(reinterpret_cast<const unsigned char*>(spki.data()),
109 spki.size(), hash->data());
110 break;
111 case HASH_VALUE_SHA256:
112 crypto::SHA256HashString(spki, hash->data(), crypto::kSHA256Length);
113 break;
114 default:
115 NOTREACHED() << "Unknown HashValueTag " << hash->tag;
116 }
117
118 return true;
119 }
120
121 static std::string GetPinFromCert(X509Certificate* cert, HashValueTag tag) {
122 HashValue spki_hash(tag);
123 EXPECT_TRUE(GetPublicKeyHash(cert->os_cert_handle(), &spki_hash));
124
125 std::string base64;
126 base::Base64Encode(base::StringPiece(
127 reinterpret_cast<char*>(spki_hash.data()), spki_hash.size()), &base64);
128
129 std::string label;
130 switch (tag) {
131 case HASH_VALUE_SHA1:
132 label = "pin-sha1=";
133 break;
134 case HASH_VALUE_SHA256:
135 label = "pin-sha256=";
136 break;
137 default:
138 NOTREACHED() << "Unknown HashValueTag " << tag;
139 }
140
141 return label + HttpUtil::Quote(base64);
142 }
143
144 static void TestBogusPinsHeaders(HashValueTag tag) {
145 TransportSecurityState::DomainState state;
146 SSLInfo ssl_info;
147 ssl_info.cert =
148 ImportCertFromFile(GetTestCertsDirectory(), "test_mail_google_com.pem");
149 std::string good_pin = GetPinFromCert(ssl_info.cert, tag);
150 base::Time now = base::Time::Now();
151
152 // The backup pin is fake --- it just has to not be in the chain.
153 std::string backup_pin = "pin-sha1=" +
154 HttpUtil::Quote("6dcfXufJLW3J6S/9rRe4vUlBj5g=");
155
156 EXPECT_FALSE(state.ParsePinsHeader(now, "", ssl_info));
157 EXPECT_FALSE(state.ParsePinsHeader(now, " ", ssl_info));
158 EXPECT_FALSE(state.ParsePinsHeader(now, "abc", ssl_info));
159 EXPECT_FALSE(state.ParsePinsHeader(now, " abc", ssl_info));
160 EXPECT_FALSE(state.ParsePinsHeader(now, " abc ", ssl_info));
161 EXPECT_FALSE(state.ParsePinsHeader(now, "max-age", ssl_info));
162 EXPECT_FALSE(state.ParsePinsHeader(now, " max-age", ssl_info));
163 EXPECT_FALSE(state.ParsePinsHeader(now, " max-age ", ssl_info));
164 EXPECT_FALSE(state.ParsePinsHeader(now, "max-age=", ssl_info));
165 EXPECT_FALSE(state.ParsePinsHeader(now, " max-age=", ssl_info));
166 EXPECT_FALSE(state.ParsePinsHeader(now, " max-age =", ssl_info));
167 EXPECT_FALSE(state.ParsePinsHeader(now, " max-age= ", ssl_info));
168 EXPECT_FALSE(state.ParsePinsHeader(now, " max-age = ", ssl_info));
169 EXPECT_FALSE(state.ParsePinsHeader(now, " max-age = xy", ssl_info));
170 EXPECT_FALSE(state.ParsePinsHeader(
171 now,
172 " max-age = 3488a923",
173 ssl_info));
174 EXPECT_FALSE(state.ParsePinsHeader(now, "max-age=3488a923 ", ssl_info));
175 EXPECT_FALSE(state.ParsePinsHeader(now,
176 "max-ag=3488923pins=" + good_pin + "," + backup_pin,
177 ssl_info));
178 EXPECT_FALSE(state.ParsePinsHeader(now, "max-aged=3488923" + backup_pin,
179 ssl_info));
180 EXPECT_FALSE(state.ParsePinsHeader(now, "max-aged=3488923; " + backup_pin,
181 ssl_info));
182 EXPECT_FALSE(state.ParsePinsHeader(now,
183 "max-aged=3488923; " + backup_pin + ";" + backup_pin,
184 ssl_info));
185 EXPECT_FALSE(state.ParsePinsHeader(now,
186 "max-aged=3488923; " + good_pin + ";" + good_pin,
187 ssl_info));
188 EXPECT_FALSE(state.ParsePinsHeader(now, "max-aged=3488923; " + good_pin,
189 ssl_info));
190 EXPECT_FALSE(state.ParsePinsHeader(now, "max-age==3488923", ssl_info));
191 EXPECT_FALSE(state.ParsePinsHeader(now, "amax-age=3488923", ssl_info));
192 EXPECT_FALSE(state.ParsePinsHeader(now, "max-age=-3488923", ssl_info));
193 EXPECT_FALSE(state.ParsePinsHeader(now, "max-age=3488923;", ssl_info));
194 EXPECT_FALSE(state.ParsePinsHeader(now, "max-age=3488923 e", ssl_info));
195 EXPECT_FALSE(state.ParsePinsHeader(
196 now,
197 "max-age=3488923 includesubdomain",
198 ssl_info));
199 EXPECT_FALSE(state.ParsePinsHeader(now, "max-age=34889.23", ssl_info));
200
201 // Check that |state| was not updated by expecting the default
202 // values for its predictable fields.
203 EXPECT_EQ(state.upgrade_mode,
204 TransportSecurityState::DomainState::MODE_FORCE_HTTPS);
205 EXPECT_FALSE(state.include_subdomains);
206 }
207
208 TEST_F(TransportSecurityStateTest, BogusPinsHeadersSHA1) {
209 TestBogusPinsHeaders(HASH_VALUE_SHA1);
210 }
211
212 TEST_F(TransportSecurityStateTest, BogusPinsHeadersSHA256) {
213 TestBogusPinsHeaders(HASH_VALUE_SHA256);
214 }
215
216 TEST_F(TransportSecurityStateTest, ValidSTSHeaders) {
217 TransportSecurityState::DomainState state;
218 base::Time expiry;
219 base::Time now = base::Time::Now();
220
221 EXPECT_TRUE(state.ParseSTSHeader(now, "max-age=243"));
222 expiry = now + base::TimeDelta::FromSeconds(243);
223 EXPECT_EQ(expiry, state.upgrade_expiry);
224 EXPECT_FALSE(state.include_subdomains);
225
226 EXPECT_TRUE(state.ParseSTSHeader(now, " Max-agE = 567"));
227 expiry = now + base::TimeDelta::FromSeconds(567);
228 EXPECT_EQ(expiry, state.upgrade_expiry);
229 EXPECT_FALSE(state.include_subdomains);
230
231 EXPECT_TRUE(state.ParseSTSHeader(now, " mAx-aGe = 890 "));
232 expiry = now + base::TimeDelta::FromSeconds(890);
233 EXPECT_EQ(expiry, state.upgrade_expiry);
234 EXPECT_FALSE(state.include_subdomains);
235
236 EXPECT_TRUE(state.ParseSTSHeader(now, "max-age=123;incLudesUbdOmains"));
237 expiry = now + base::TimeDelta::FromSeconds(123);
238 EXPECT_EQ(expiry, state.upgrade_expiry);
239 EXPECT_TRUE(state.include_subdomains);
240
241 EXPECT_TRUE(state.ParseSTSHeader(now, "incLudesUbdOmains; max-age=123"));
242 expiry = now + base::TimeDelta::FromSeconds(123);
243 EXPECT_EQ(expiry, state.upgrade_expiry);
244 EXPECT_TRUE(state.include_subdomains);
245
246 EXPECT_TRUE(state.ParseSTSHeader(now, " incLudesUbdOmains; max-age=123"));
247 expiry = now + base::TimeDelta::FromSeconds(123);
248 EXPECT_EQ(expiry, state.upgrade_expiry);
249 EXPECT_TRUE(state.include_subdomains);
250
251 EXPECT_TRUE(state.ParseSTSHeader(now,
252 " incLudesUbdOmains; max-age=123; pumpkin=kitten"));
253 expiry = now + base::TimeDelta::FromSeconds(123);
254 EXPECT_EQ(expiry, state.upgrade_expiry);
255 EXPECT_TRUE(state.include_subdomains);
256
257 EXPECT_TRUE(state.ParseSTSHeader(now,
258 " pumpkin=894; incLudesUbdOmains; max-age=123 "));
259 expiry = now + base::TimeDelta::FromSeconds(123);
260 EXPECT_EQ(expiry, state.upgrade_expiry);
261 EXPECT_TRUE(state.include_subdomains);
262
263 EXPECT_TRUE(state.ParseSTSHeader(now,
264 " pumpkin; incLudesUbdOmains; max-age=123 "));
265 expiry = now + base::TimeDelta::FromSeconds(123);
266 EXPECT_EQ(expiry, state.upgrade_expiry);
267 EXPECT_TRUE(state.include_subdomains);
268
269 EXPECT_TRUE(state.ParseSTSHeader(now,
270 " pumpkin; incLudesUbdOmains; max-age=\"123\" "));
271 expiry = now + base::TimeDelta::FromSeconds(123);
272 EXPECT_EQ(expiry, state.upgrade_expiry);
273 EXPECT_TRUE(state.include_subdomains);
274
275 EXPECT_TRUE(state.ParseSTSHeader(now,
276 "animal=\"squirrel; distinguished\"; incLudesUbdOmains; max-age=123"));
277 expiry = now + base::TimeDelta::FromSeconds(123);
278 EXPECT_EQ(expiry, state.upgrade_expiry);
279 EXPECT_TRUE(state.include_subdomains);
280
281 EXPECT_TRUE(state.ParseSTSHeader(now, "max-age=394082; incLudesUbdOmains"));
282 expiry = now + base::TimeDelta::FromSeconds(394082);
283 EXPECT_EQ(expiry, state.upgrade_expiry);
284 EXPECT_TRUE(state.include_subdomains);
285
286 EXPECT_TRUE(state.ParseSTSHeader(
287 now, "max-age=39408299 ;incLudesUbdOmains"));
288 expiry = now + base::TimeDelta::FromSeconds(
289 std::min(TransportSecurityState::kMaxHSTSAgeSecs, 39408299l));
290 EXPECT_EQ(expiry, state.upgrade_expiry);
291 EXPECT_TRUE(state.include_subdomains);
292
293 EXPECT_TRUE(state.ParseSTSHeader(
294 now, "max-age=394082038 ; incLudesUbdOmains"));
295 expiry = now + base::TimeDelta::FromSeconds(
296 std::min(TransportSecurityState::kMaxHSTSAgeSecs, 394082038l));
297 EXPECT_EQ(expiry, state.upgrade_expiry);
298 EXPECT_TRUE(state.include_subdomains);
299
300 EXPECT_TRUE(state.ParseSTSHeader(
301 now, " max-age=0 ; incLudesUbdOmains "));
302 expiry = now + base::TimeDelta::FromSeconds(0);
303 EXPECT_EQ(expiry, state.upgrade_expiry);
304 EXPECT_TRUE(state.include_subdomains);
305 // When max-age == 0, we downgrade to MODE_DEFAULT rather than deleting
306 // the entire DomainState. (That is because we currently overload
307 // DomainState to also include pins, and we don't want to invalidate any
308 // opportunistic pins that may be in place.)
309 EXPECT_EQ(TransportSecurityState::DomainState::MODE_DEFAULT,
310 state.upgrade_mode);
311
312 EXPECT_TRUE(state.ParseSTSHeader(
313 now,
314 " max-age=999999999999999999999999999999999999999999999 ;"
315 " incLudesUbdOmains "));
316 expiry = now + base::TimeDelta::FromSeconds(
317 TransportSecurityState::kMaxHSTSAgeSecs);
318 EXPECT_EQ(expiry, state.upgrade_expiry);
319 EXPECT_TRUE(state.include_subdomains);
320 }
321
322 static void TestValidPinsHeaders(HashValueTag tag) {
323 TransportSecurityState::DomainState state;
324 base::Time expiry;
325 base::Time now = base::Time::Now();
326
327 // Set up a realistic SSLInfo with a realistic cert chain.
328 FilePath certs_dir = GetTestCertsDirectory();
329 scoped_refptr<X509Certificate> ee_cert =
330 ImportCertFromFile(certs_dir, "2048-rsa-ee-by-2048-rsa-intermediate.pem");
331 ASSERT_NE(static_cast<X509Certificate*>(NULL), ee_cert);
332 scoped_refptr<X509Certificate> intermediate =
333 ImportCertFromFile(certs_dir, "2048-rsa-intermediate.pem");
334 ASSERT_NE(static_cast<X509Certificate*>(NULL), intermediate);
335 X509Certificate::OSCertHandles intermediates;
336 intermediates.push_back(intermediate->os_cert_handle());
337 SSLInfo ssl_info;
338 ssl_info.cert = X509Certificate::CreateFromHandle(ee_cert->os_cert_handle(),
339 intermediates);
340
341 // Add the root that signed the intermediate for this test.
342 scoped_refptr<X509Certificate> root_cert =
343 ImportCertFromFile(certs_dir, "2048-rsa-root.pem");
344 ASSERT_NE(static_cast<X509Certificate*>(NULL), root_cert);
345 ScopedTestRoot scoped_root(root_cert);
346
347 // Verify has the side-effect of populating public_key_hashes, which
348 // ParsePinsHeader needs. (It wants to check pins against the validated
349 // chain, not just the presented chain.)
350 int rv = ERR_FAILED;
351 CertVerifyResult result;
352 scoped_ptr<CertVerifier> verifier(CertVerifier::CreateDefault());
353 TestCompletionCallback callback;
354 CertVerifier::RequestHandle handle = NULL;
355 rv = verifier->Verify(ssl_info.cert, "127.0.0.1", 0, NULL, &result,
356 callback.callback(), &handle, BoundNetLog());
357 rv = callback.GetResult(rv);
358 ASSERT_EQ(OK, rv);
359 // Normally, ssl_client_socket_nss would do this, but for a unit test we
360 // fake it.
361 ssl_info.public_key_hashes = result.public_key_hashes;
362 std::string good_pin = GetPinFromCert(ssl_info.cert, /*tag*/HASH_VALUE_SHA1);
363 DLOG(WARNING) << "good pin: " << good_pin;
364
365 // The backup pin is fake --- we just need an SPKI hash that does not match
366 // the hash of any SPKI in the certificate chain.
367 std::string backup_pin = "pin-sha1=" +
368 HttpUtil::Quote("6dcfXufJLW3J6S/9rRe4vUlBj5g=");
369
370 EXPECT_TRUE(state.ParsePinsHeader(
371 now,
372 "max-age=243; " + good_pin + ";" + backup_pin,
373 ssl_info));
374 expiry = now + base::TimeDelta::FromSeconds(243);
375 EXPECT_EQ(expiry, state.dynamic_spki_hashes_expiry);
376
377 EXPECT_TRUE(state.ParsePinsHeader(
378 now,
379 " " + good_pin + "; " + backup_pin + " ; Max-agE = 567",
380 ssl_info));
381 expiry = now + base::TimeDelta::FromSeconds(567);
382 EXPECT_EQ(expiry, state.dynamic_spki_hashes_expiry);
383
384 EXPECT_TRUE(state.ParsePinsHeader(
385 now,
386 good_pin + ";" + backup_pin + " ; mAx-aGe = 890 ",
387 ssl_info));
388 expiry = now + base::TimeDelta::FromSeconds(890);
389 EXPECT_EQ(expiry, state.dynamic_spki_hashes_expiry);
390
391 EXPECT_TRUE(state.ParsePinsHeader(
392 now,
393 good_pin + ";" + backup_pin + "; max-age=123;IGNORED;",
394 ssl_info));
395 expiry = now + base::TimeDelta::FromSeconds(123);
396 EXPECT_EQ(expiry, state.dynamic_spki_hashes_expiry);
397
398 EXPECT_TRUE(state.ParsePinsHeader(
399 now,
400 "max-age=394082;" + backup_pin + ";" + good_pin + "; ",
401 ssl_info));
402 expiry = now + base::TimeDelta::FromSeconds(394082);
403 EXPECT_EQ(expiry, state.dynamic_spki_hashes_expiry);
404
405 EXPECT_TRUE(state.ParsePinsHeader(
406 now,
407 "max-age=39408299 ;" + backup_pin + ";" + good_pin + "; ",
408 ssl_info));
409 expiry = now + base::TimeDelta::FromSeconds(
410 std::min(TransportSecurityState::kMaxHSTSAgeSecs, 39408299l));
411 EXPECT_EQ(expiry, state.dynamic_spki_hashes_expiry);
412
413 EXPECT_TRUE(state.ParsePinsHeader(
414 now,
415 "max-age=39408038 ; cybers=39408038 ; " +
416 good_pin + ";" + backup_pin + "; ",
417 ssl_info));
418 expiry = now + base::TimeDelta::FromSeconds(
419 std::min(TransportSecurityState::kMaxHSTSAgeSecs, 394082038l));
420 EXPECT_EQ(expiry, state.dynamic_spki_hashes_expiry);
421
422 EXPECT_TRUE(state.ParsePinsHeader(
423 now,
424 " max-age=0 ; " + good_pin + ";" + backup_pin,
425 ssl_info));
426 expiry = now + base::TimeDelta::FromSeconds(0);
427 EXPECT_EQ(expiry, state.dynamic_spki_hashes_expiry);
428
429 EXPECT_TRUE(state.ParsePinsHeader(
430 now,
431 " max-age=999999999999999999999999999999999999999999999 ; " +
432 backup_pin + ";" + good_pin + "; ",
433 ssl_info));
434 expiry = now +
435 base::TimeDelta::FromSeconds(TransportSecurityState::kMaxHSTSAgeSecs);
436 EXPECT_EQ(expiry, state.dynamic_spki_hashes_expiry);
437 }
438
439 TEST_F(TransportSecurityStateTest, ValidPinsHeadersSHA1) {
440 TestValidPinsHeaders(HASH_VALUE_SHA1);
441 }
442
443 TEST_F(TransportSecurityStateTest, ValidPinsHeadersSHA256) {
444 TestValidPinsHeaders(HASH_VALUE_SHA256);
445 }
446
447 TEST_F(TransportSecurityStateTest, SimpleMatches) { 48 TEST_F(TransportSecurityStateTest, SimpleMatches) {
448 TransportSecurityState state; 49 TransportSecurityState state;
449 TransportSecurityState::DomainState domain_state; 50 TransportSecurityState::DomainState domain_state;
450 const base::Time current_time(base::Time::Now()); 51 const base::Time current_time(base::Time::Now());
451 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); 52 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
452 53
453 EXPECT_FALSE(state.GetDomainState("yahoo.com", true, &domain_state)); 54 EXPECT_FALSE(state.GetDomainState("yahoo.com", true, &domain_state));
454 domain_state.upgrade_expiry = expiry; 55 domain_state.upgrade_expiry = expiry;
455 state.EnableHost("yahoo.com", domain_state); 56 state.EnableHost("yahoo.com", domain_state);
456 EXPECT_TRUE(state.GetDomainState("yahoo.com", true, &domain_state)); 57 EXPECT_TRUE(state.GetDomainState("yahoo.com", true, &domain_state));
(...skipping 455 matching lines...) Expand 10 before | Expand all | Expand 10 after
912 EXPECT_TRUE(HasPins("dev.twitter.com")); 513 EXPECT_TRUE(HasPins("dev.twitter.com"));
913 EXPECT_TRUE(HasPins("business.twitter.com")); 514 EXPECT_TRUE(HasPins("business.twitter.com"));
914 EXPECT_TRUE(HasPins("platform.twitter.com")); 515 EXPECT_TRUE(HasPins("platform.twitter.com"));
915 EXPECT_TRUE(HasPins("si0.twimg.com")); 516 EXPECT_TRUE(HasPins("si0.twimg.com"));
916 EXPECT_TRUE(HasPins("twimg0-a.akamaihd.net")); 517 EXPECT_TRUE(HasPins("twimg0-a.akamaihd.net"));
917 } 518 }
918 519
919 static bool AddHash(const std::string& type_and_base64, 520 static bool AddHash(const std::string& type_and_base64,
920 HashValueVector* out) { 521 HashValueVector* out) {
921 HashValue hash; 522 HashValue hash;
922 523 if (!hash.FromString(type_and_base64))
923 if (!TransportSecurityState::ParsePin(type_and_base64, &hash))
924 return false; 524 return false;
925 525
926 out->push_back(hash); 526 out->push_back(hash);
927 return true; 527 return true;
928 } 528 }
929 529
930 TEST_F(TransportSecurityStateTest, PinValidationWithRejectedCerts) { 530 TEST_F(TransportSecurityStateTest, PinValidationWithRejectedCerts) {
931 // kGoodPath is plus.google.com via Google Internet Authority. 531 // kGoodPath is plus.google.com via Google Internet Authority.
932 static const char* kGoodPath[] = { 532 static const char* kGoodPath[] = {
933 "sha1/4BjDjn8v2lWeUFQnqSs0BgbIcrU=", 533 "sha1/4BjDjn8v2lWeUFQnqSs0BgbIcrU=",
(...skipping 292 matching lines...) Expand 10 before | Expand all | Expand 10 after
1226 // Expect to fail for SNI hosts when not searching the SNI list: 826 // Expect to fail for SNI hosts when not searching the SNI list:
1227 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty( 827 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty(
1228 "gmail.com", false)); 828 "gmail.com", false));
1229 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty( 829 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty(
1230 "googlegroups.com", false)); 830 "googlegroups.com", false));
1231 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty( 831 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty(
1232 "www.googlegroups.com", false)); 832 "www.googlegroups.com", false));
1233 } 833 }
1234 834
1235 } // namespace net 835 } // namespace net
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698