| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/net/transport_security_persister.h" | 5 #include "chrome/browser/net/transport_security_persister.h" |
| 6 | 6 |
| 7 #include <map> | 7 #include <map> |
| 8 #include <string> | 8 #include <string> |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| (...skipping 73 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 84 EXPECT_EQ(domain_state.upgrade_mode, | 84 EXPECT_EQ(domain_state.upgrade_mode, |
| 85 TransportSecurityState::DomainState::MODE_FORCE_HTTPS); | 85 TransportSecurityState::DomainState::MODE_FORCE_HTTPS); |
| 86 EXPECT_TRUE(state_.GetDomainState("foo.bar.yahoo.com", true, &domain_state)); | 86 EXPECT_TRUE(state_.GetDomainState("foo.bar.yahoo.com", true, &domain_state)); |
| 87 EXPECT_EQ(domain_state.upgrade_mode, | 87 EXPECT_EQ(domain_state.upgrade_mode, |
| 88 TransportSecurityState::DomainState::MODE_FORCE_HTTPS); | 88 TransportSecurityState::DomainState::MODE_FORCE_HTTPS); |
| 89 EXPECT_TRUE(state_.GetDomainState("foo.bar.baz.yahoo.com", true, | 89 EXPECT_TRUE(state_.GetDomainState("foo.bar.baz.yahoo.com", true, |
| 90 &domain_state)); | 90 &domain_state)); |
| 91 EXPECT_EQ(domain_state.upgrade_mode, | 91 EXPECT_EQ(domain_state.upgrade_mode, |
| 92 TransportSecurityState::DomainState::MODE_FORCE_HTTPS); | 92 TransportSecurityState::DomainState::MODE_FORCE_HTTPS); |
| 93 EXPECT_FALSE(state_.GetDomainState("com", true, &domain_state)); | 93 EXPECT_FALSE(state_.GetDomainState("com", true, &domain_state)); |
| 94 |
| 95 EXPECT_EQ(domain_state.ssl_version_min, net::SSL_CONNECTION_VERSION_SSL3); |
| 94 } | 96 } |
| 95 | 97 |
| 96 TEST_F(TransportSecurityPersisterTest, SerializeData3) { | 98 TEST_F(TransportSecurityPersisterTest, SerializeData3) { |
| 97 // Add an entry. | 99 // Add an entry. |
| 98 net::HashValue fp1(net::HASH_VALUE_SHA1); | 100 net::HashValue fp1(net::HASH_VALUE_SHA1); |
| 99 memset(fp1.data(), 0, fp1.size()); | 101 memset(fp1.data(), 0, fp1.size()); |
| 100 net::HashValue fp2(net::HASH_VALUE_SHA1); | 102 net::HashValue fp2(net::HASH_VALUE_SHA1); |
| 101 memset(fp2.data(), 1, fp2.size()); | 103 memset(fp2.data(), 1, fp2.size()); |
| 102 base::Time expiry = | 104 base::Time expiry = |
| 103 base::Time::Now() + base::TimeDelta::FromSeconds(1000); | 105 base::Time::Now() + base::TimeDelta::FromSeconds(1000); |
| (...skipping 121 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 225 "\"mode\": \"pinning-only\"" | 227 "\"mode\": \"pinning-only\"" |
| 226 "}}"); | 228 "}}"); |
| 227 | 229 |
| 228 EXPECT_TRUE(persister_->DeserializeFromCommandLine(preload)); | 230 EXPECT_TRUE(persister_->DeserializeFromCommandLine(preload)); |
| 229 | 231 |
| 230 TransportSecurityState::DomainState domain_state; | 232 TransportSecurityState::DomainState domain_state; |
| 231 EXPECT_TRUE(state_.GetDomainState("docs.google.com", true, &domain_state)); | 233 EXPECT_TRUE(state_.GetDomainState("docs.google.com", true, &domain_state)); |
| 232 EXPECT_FALSE(domain_state.HasPublicKeyPins()); | 234 EXPECT_FALSE(domain_state.HasPublicKeyPins()); |
| 233 EXPECT_FALSE(domain_state.ShouldUpgradeToSSL()); | 235 EXPECT_FALSE(domain_state.ShouldUpgradeToSSL()); |
| 234 } | 236 } |
| 237 |
| 238 TEST_F(TransportSecurityPersisterTest, SSLVersionMin1) { |
| 239 std::string preload("{" |
| 240 "\"4AGT3lHihuMSd5rUj7B4u6At0jlSH3HFePovjPR+oLE=\": {" |
| 241 "\"created\": 0.0," |
| 242 "\"expiry\": 2000000000.0," |
| 243 "\"include_subdomains\": false," |
| 244 "\"mode\": \"pinning-only\"" |
| 245 "}}"); |
| 246 |
| 247 EXPECT_TRUE(persister_->DeserializeFromCommandLine(preload)); |
| 248 |
| 249 TransportSecurityState::DomainState domain_state; |
| 250 EXPECT_TRUE(state_.GetDomainState("docs.google.com", true, &domain_state)); |
| 251 EXPECT_EQ(domain_state.ssl_version_min, net::SSL_CONNECTION_VERSION_SSL3); |
| 252 } |
| 253 |
| 254 |
| 255 TEST_F(TransportSecurityPersisterTest, SSLVersionMin2) { |
| 256 std::string preload("{" |
| 257 "\"4AGT3lHihuMSd5rUj7B4u6At0jlSH3HFePovjPR+oLE=\": {" |
| 258 "\"created\": 0.0," |
| 259 "\"expiry\": 2000000000.0," |
| 260 "\"include_subdomains\": false," |
| 261 "\"mode\": \"pinning-only\"," |
| 262 "\"ssl_version_min\": \"sslv3.0\"" |
| 263 "}}"); |
| 264 |
| 265 EXPECT_TRUE(persister_->DeserializeFromCommandLine(preload)); |
| 266 |
| 267 TransportSecurityState::DomainState domain_state; |
| 268 EXPECT_TRUE(state_.GetDomainState("docs.google.com", true, &domain_state)); |
| 269 EXPECT_EQ(domain_state.ssl_version_min, net::SSL_CONNECTION_VERSION_SSL3); |
| 270 } |
| 271 |
| 272 TEST_F(TransportSecurityPersisterTest, SSLVersionMin3) { |
| 273 std::string preload("{" |
| 274 "\"4AGT3lHihuMSd5rUj7B4u6At0jlSH3HFePovjPR+oLE=\": {" |
| 275 "\"created\": 0.0," |
| 276 "\"expiry\": 2000000000.0," |
| 277 "\"include_subdomains\": false," |
| 278 "\"mode\": \"pinning-only\"," |
| 279 "\"ssl_version_min\": \"tlsv1.0\"" |
| 280 "}}"); |
| 281 |
| 282 EXPECT_TRUE(persister_->DeserializeFromCommandLine(preload)); |
| 283 |
| 284 TransportSecurityState::DomainState domain_state; |
| 285 EXPECT_TRUE(state_.GetDomainState("docs.google.com", true, &domain_state)); |
| 286 EXPECT_EQ(domain_state.ssl_version_min, net::SSL_CONNECTION_VERSION_TLS1); |
| 287 } |
| 288 |
| 289 TEST_F(TransportSecurityPersisterTest, SSLVersionMin4) { |
| 290 std::string preload("{" |
| 291 "\"4AGT3lHihuMSd5rUj7B4u6At0jlSH3HFePovjPR+oLE=\": {" |
| 292 "\"created\": 0.0," |
| 293 "\"expiry\": 2000000000.0," |
| 294 "\"include_subdomains\": false," |
| 295 "\"mode\": \"pinning-only\"," |
| 296 "\"ssl_version_min\": \"tlsv1.1\"" |
| 297 "}}"); |
| 298 |
| 299 EXPECT_TRUE(persister_->DeserializeFromCommandLine(preload)); |
| 300 |
| 301 TransportSecurityState::DomainState domain_state; |
| 302 EXPECT_TRUE(state_.GetDomainState("docs.google.com", true, &domain_state)); |
| 303 EXPECT_EQ(domain_state.ssl_version_min, net::SSL_CONNECTION_VERSION_TLS1_1); |
| 304 } |
| 305 |
| 306 |
| 307 TEST_F(TransportSecurityPersisterTest, SSLVersionMin5) { |
| 308 std::string preload("{" |
| 309 "\"4AGT3lHihuMSd5rUj7B4u6At0jlSH3HFePovjPR+oLE=\": {" |
| 310 "\"created\": 0.0," |
| 311 "\"expiry\": 2000000000.0," |
| 312 "\"include_subdomains\": false," |
| 313 "\"mode\": \"pinning-only\"," |
| 314 "\"ssl_version_min\": \"tlsv1.2\"" |
| 315 "}}"); |
| 316 |
| 317 EXPECT_TRUE(persister_->DeserializeFromCommandLine(preload)); |
| 318 |
| 319 TransportSecurityState::DomainState domain_state; |
| 320 EXPECT_TRUE(state_.GetDomainState("docs.google.com", true, &domain_state)); |
| 321 EXPECT_EQ(domain_state.ssl_version_min, net::SSL_CONNECTION_VERSION_TLS1_2); |
| 322 } |
| 323 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 14125003:
Do not roll back to SSL 3.0 for Google properties. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master