| Index: trunk/src/net/http/transport_security_state_unittest.cc
|
| ===================================================================
|
| --- trunk/src/net/http/transport_security_state_unittest.cc (revision 224274)
|
| +++ trunk/src/net/http/transport_security_state_unittest.cc (working copy)
|
| @@ -70,10 +70,10 @@
|
| const base::Time current_time(base::Time::Now());
|
| const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
|
|
|
| - EXPECT_FALSE(state.GetDomainState("yahoo.com", true, true, &domain_state));
|
| + EXPECT_FALSE(state.GetDomainState("yahoo.com", true, &domain_state));
|
| bool include_subdomains = false;
|
| state.AddHSTS("yahoo.com", expiry, include_subdomains);
|
| - EXPECT_TRUE(state.GetDomainState("yahoo.com", true, true, &domain_state));
|
| + EXPECT_TRUE(state.GetDomainState("yahoo.com", true, &domain_state));
|
| }
|
|
|
| TEST_F(TransportSecurityStateTest, MatchesCase1) {
|
| @@ -82,10 +82,10 @@
|
| const base::Time current_time(base::Time::Now());
|
| const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
|
|
|
| - EXPECT_FALSE(state.GetDomainState("yahoo.com", true, true, &domain_state));
|
| + EXPECT_FALSE(state.GetDomainState("yahoo.com", true, &domain_state));
|
| bool include_subdomains = false;
|
| state.AddHSTS("YAhoo.coM", expiry, include_subdomains);
|
| - EXPECT_TRUE(state.GetDomainState("yahoo.com", true, true, &domain_state));
|
| + EXPECT_TRUE(state.GetDomainState("yahoo.com", true, &domain_state));
|
| }
|
|
|
| TEST_F(TransportSecurityStateTest, MatchesCase2) {
|
| @@ -94,10 +94,10 @@
|
| const base::Time current_time(base::Time::Now());
|
| const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
|
|
|
| - EXPECT_FALSE(state.GetDomainState("YAhoo.coM", true, true, &domain_state));
|
| + EXPECT_FALSE(state.GetDomainState("YAhoo.coM", true, &domain_state));
|
| bool include_subdomains = false;
|
| state.AddHSTS("yahoo.com", expiry, include_subdomains);
|
| - EXPECT_TRUE(state.GetDomainState("YAhoo.coM", true, true, &domain_state));
|
| + EXPECT_TRUE(state.GetDomainState("YAhoo.coM", true, &domain_state));
|
| }
|
|
|
| TEST_F(TransportSecurityStateTest, SubdomainMatches) {
|
| @@ -106,16 +106,15 @@
|
| const base::Time current_time(base::Time::Now());
|
| const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
|
|
|
| - EXPECT_FALSE(state.GetDomainState("yahoo.com", true, true, &domain_state));
|
| + EXPECT_FALSE(state.GetDomainState("yahoo.com", true, &domain_state));
|
| bool include_subdomains = true;
|
| state.AddHSTS("yahoo.com", expiry, include_subdomains);
|
| - EXPECT_TRUE(state.GetDomainState("yahoo.com", true, true, &domain_state));
|
| - EXPECT_TRUE(state.GetDomainState("foo.yahoo.com", true, true, &domain_state));
|
| - EXPECT_TRUE(
|
| - state.GetDomainState("foo.bar.yahoo.com", true, true, &domain_state));
|
| - EXPECT_TRUE(
|
| - state.GetDomainState("foo.bar.baz.yahoo.com", true, true, &domain_state));
|
| - EXPECT_FALSE(state.GetDomainState("com", true, true, &domain_state));
|
| + EXPECT_TRUE(state.GetDomainState("yahoo.com", true, &domain_state));
|
| + EXPECT_TRUE(state.GetDomainState("foo.yahoo.com", true, &domain_state));
|
| + EXPECT_TRUE(state.GetDomainState("foo.bar.yahoo.com", true, &domain_state));
|
| + EXPECT_TRUE(state.GetDomainState("foo.bar.baz.yahoo.com", true,
|
| + &domain_state));
|
| + EXPECT_FALSE(state.GetDomainState("com", true, &domain_state));
|
| }
|
|
|
| TEST_F(TransportSecurityStateTest, DeleteAllDynamicDataSince) {
|
| @@ -125,14 +124,14 @@
|
| const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
|
| const base::Time older = current_time - base::TimeDelta::FromSeconds(1000);
|
|
|
| - EXPECT_FALSE(state.GetDomainState("yahoo.com", true, true, &domain_state));
|
| + EXPECT_FALSE(state.GetDomainState("yahoo.com", true, &domain_state));
|
| bool include_subdomains = false;
|
| state.AddHSTS("yahoo.com", expiry, include_subdomains);
|
|
|
| state.DeleteAllDynamicDataSince(expiry);
|
| - EXPECT_TRUE(state.GetDomainState("yahoo.com", true, true, &domain_state));
|
| + EXPECT_TRUE(state.GetDomainState("yahoo.com", true, &domain_state));
|
| state.DeleteAllDynamicDataSince(older);
|
| - EXPECT_FALSE(state.GetDomainState("yahoo.com", true, true, &domain_state));
|
| + EXPECT_FALSE(state.GetDomainState("yahoo.com", true, &domain_state));
|
| }
|
|
|
| TEST_F(TransportSecurityStateTest, DeleteDynamicDataForHost) {
|
| @@ -143,10 +142,10 @@
|
| bool include_subdomains = false;
|
| state.AddHSTS("yahoo.com", expiry, include_subdomains);
|
|
|
| - EXPECT_TRUE(state.GetDomainState("yahoo.com", true, true, &domain_state));
|
| - EXPECT_FALSE(state.GetDomainState("example.com", true, true, &domain_state));
|
| + EXPECT_TRUE(state.GetDomainState("yahoo.com", true, &domain_state));
|
| + EXPECT_FALSE(state.GetDomainState("example.com", true, &domain_state));
|
| EXPECT_TRUE(state.DeleteDynamicDataForHost("yahoo.com"));
|
| - EXPECT_FALSE(state.GetDomainState("yahoo.com", true, true, &domain_state));
|
| + EXPECT_FALSE(state.GetDomainState("yahoo.com", true, &domain_state));
|
| }
|
|
|
| TEST_F(TransportSecurityStateTest, IsPreloaded) {
|
| @@ -177,32 +176,30 @@
|
|
|
| // The domain wasn't being set, leading to a blank string in the
|
| // chrome://net-internals/#hsts UI. So test that.
|
| - EXPECT_TRUE(
|
| - state.GetDomainState("market.android.com", true, true, &domain_state));
|
| + EXPECT_TRUE(state.GetDomainState("market.android.com", true, &domain_state));
|
| EXPECT_EQ(domain_state.domain, "market.android.com");
|
| - EXPECT_TRUE(state.GetDomainState(
|
| - "sub.market.android.com", true, true, &domain_state));
|
| + EXPECT_TRUE(state.GetDomainState("sub.market.android.com", true,
|
| + &domain_state));
|
| EXPECT_EQ(domain_state.domain, "market.android.com");
|
| }
|
|
|
| static bool ShouldRedirect(const char* hostname) {
|
| TransportSecurityState state;
|
| TransportSecurityState::DomainState domain_state;
|
| - return state.GetDomainState(
|
| - hostname, true /* SNI ok */, true, &domain_state) &&
|
| + return state.GetDomainState(hostname, true /* SNI ok */, &domain_state) &&
|
| domain_state.ShouldUpgradeToSSL();
|
| }
|
|
|
| static bool HasState(const char* hostname) {
|
| TransportSecurityState state;
|
| TransportSecurityState::DomainState domain_state;
|
| - return state.GetDomainState(hostname, true /* SNI ok */, true, &domain_state);
|
| + return state.GetDomainState(hostname, true /* SNI ok */, &domain_state);
|
| }
|
|
|
| static bool HasPublicKeyPins(const char* hostname, bool sni_enabled) {
|
| TransportSecurityState state;
|
| TransportSecurityState::DomainState domain_state;
|
| - if (!state.GetDomainState(hostname, sni_enabled, true, &domain_state))
|
| + if (!state.GetDomainState(hostname, sni_enabled, &domain_state))
|
| return false;
|
|
|
| return domain_state.HasPublicKeyPins();
|
| @@ -215,7 +212,7 @@
|
| static bool OnlyPinning(const char *hostname) {
|
| TransportSecurityState state;
|
| TransportSecurityState::DomainState domain_state;
|
| - if (!state.GetDomainState(hostname, true /* SNI ok */, true, &domain_state))
|
| + if (!state.GetDomainState(hostname, true /* SNI ok */, &domain_state))
|
| return false;
|
|
|
| return (domain_state.static_spki_hashes.size() > 0 ||
|
| @@ -229,8 +226,7 @@
|
| TransportSecurityState::DomainState domain_state;
|
|
|
| // We do more extensive checks for the first domain.
|
| - EXPECT_TRUE(
|
| - state.GetDomainState("www.paypal.com", true, true, &domain_state));
|
| + EXPECT_TRUE(state.GetDomainState("www.paypal.com", true, &domain_state));
|
| EXPECT_EQ(domain_state.upgrade_mode,
|
| TransportSecurityState::DomainState::MODE_FORCE_HTTPS);
|
| EXPECT_FALSE(domain_state.sts_include_subdomains);
|
| @@ -292,16 +288,13 @@
|
| EXPECT_TRUE(OnlyPinning("googlegroups.com"));
|
|
|
| // Tests for domains that don't work without SNI.
|
| - EXPECT_FALSE(state.GetDomainState("gmail.com", false, true, &domain_state));
|
| - EXPECT_FALSE(
|
| - state.GetDomainState("www.gmail.com", false, true, &domain_state));
|
| - EXPECT_FALSE(state.GetDomainState("m.gmail.com", false, true, &domain_state));
|
| - EXPECT_FALSE(
|
| - state.GetDomainState("googlemail.com", false, true, &domain_state));
|
| - EXPECT_FALSE(
|
| - state.GetDomainState("www.googlemail.com", false, true, &domain_state));
|
| - EXPECT_FALSE(
|
| - state.GetDomainState("m.googlemail.com", false, true, &domain_state));
|
| + EXPECT_FALSE(state.GetDomainState("gmail.com", false, &domain_state));
|
| + EXPECT_FALSE(state.GetDomainState("www.gmail.com", false, &domain_state));
|
| + EXPECT_FALSE(state.GetDomainState("m.gmail.com", false, &domain_state));
|
| + EXPECT_FALSE(state.GetDomainState("googlemail.com", false, &domain_state));
|
| + EXPECT_FALSE(state.GetDomainState("www.googlemail.com", false,
|
| + &domain_state));
|
| + EXPECT_FALSE(state.GetDomainState("m.googlemail.com", false, &domain_state));
|
|
|
| // Other hosts:
|
|
|
| @@ -395,17 +388,16 @@
|
| EXPECT_TRUE(ShouldRedirect("www.dropcam.com"));
|
| EXPECT_FALSE(HasState("foo.dropcam.com"));
|
|
|
| - EXPECT_TRUE(
|
| - state.GetDomainState("torproject.org", false, true, &domain_state));
|
| + EXPECT_TRUE(state.GetDomainState("torproject.org", false, &domain_state));
|
| EXPECT_FALSE(domain_state.static_spki_hashes.empty());
|
| - EXPECT_TRUE(
|
| - state.GetDomainState("www.torproject.org", false, true, &domain_state));
|
| + EXPECT_TRUE(state.GetDomainState("www.torproject.org", false,
|
| + &domain_state));
|
| EXPECT_FALSE(domain_state.static_spki_hashes.empty());
|
| - EXPECT_TRUE(
|
| - state.GetDomainState("check.torproject.org", false, true, &domain_state));
|
| + EXPECT_TRUE(state.GetDomainState("check.torproject.org", false,
|
| + &domain_state));
|
| EXPECT_FALSE(domain_state.static_spki_hashes.empty());
|
| - EXPECT_TRUE(
|
| - state.GetDomainState("blog.torproject.org", false, true, &domain_state));
|
| + EXPECT_TRUE(state.GetDomainState("blog.torproject.org", false,
|
| + &domain_state));
|
| EXPECT_FALSE(domain_state.static_spki_hashes.empty());
|
| EXPECT_TRUE(ShouldRedirect("ebanking.indovinabank.com.vn"));
|
| EXPECT_TRUE(ShouldRedirect("foo.ebanking.indovinabank.com.vn"));
|
| @@ -477,15 +469,14 @@
|
| "WaveletIdDomainAndBlipBlipid";
|
| TransportSecurityState::DomainState domain_state;
|
| // Just checks that we don't hit a NOTREACHED.
|
| - EXPECT_FALSE(state.GetDomainState(kLongName, true, true, &domain_state));
|
| + EXPECT_FALSE(state.GetDomainState(kLongName, true, &domain_state));
|
| }
|
|
|
| TEST_F(TransportSecurityStateTest, BuiltinCertPins) {
|
| TransportSecurityState state;
|
| TransportSecurityState::DomainState domain_state;
|
|
|
| - EXPECT_TRUE(
|
| - state.GetDomainState("chrome.google.com", true, true, &domain_state));
|
| + EXPECT_TRUE(state.GetDomainState("chrome.google.com", true, &domain_state));
|
| EXPECT_TRUE(HasPublicKeyPins("chrome.google.com"));
|
|
|
| HashValueVector hashes;
|
| @@ -573,8 +564,7 @@
|
|
|
| TransportSecurityState state;
|
| TransportSecurityState::DomainState domain_state;
|
| - EXPECT_TRUE(
|
| - state.GetDomainState("plus.google.com", true, true, &domain_state));
|
| + EXPECT_TRUE(state.GetDomainState("plus.google.com", true, &domain_state));
|
| EXPECT_TRUE(domain_state.HasPublicKeyPins());
|
|
|
| EXPECT_TRUE(domain_state.CheckPublicKeyPins(good_hashes));
|
| @@ -610,8 +600,7 @@
|
|
|
| TransportSecurityState state;
|
| TransportSecurityState::DomainState domain_state;
|
| - EXPECT_TRUE(
|
| - state.GetDomainState("blog.torproject.org", true, true, &domain_state));
|
| + EXPECT_TRUE(state.GetDomainState("blog.torproject.org", true, &domain_state));
|
| EXPECT_TRUE(domain_state.HasPublicKeyPins());
|
|
|
| EXPECT_TRUE(domain_state.CheckPublicKeyPins(good_hashes));
|
| @@ -640,8 +629,7 @@
|
|
|
| TransportSecurityState state;
|
| TransportSecurityState::DomainState domain_state;
|
| - EXPECT_TRUE(
|
| - state.GetDomainState("plus.google.com", true, true, &domain_state));
|
| + EXPECT_TRUE(state.GetDomainState("plus.google.com", true, &domain_state));
|
| EXPECT_TRUE(domain_state.HasPublicKeyPins());
|
|
|
| // The statically-defined pins are all SHA-1, so we add some SHA-256 pins
|
| @@ -753,8 +741,7 @@
|
| domain_state.upgrade_expiry = expiry;
|
| EnableHost(&state, "www.google.com", domain_state);
|
|
|
| - EXPECT_TRUE(
|
| - state.GetDomainState("www.google.com", true, true, &domain_state));
|
| + EXPECT_TRUE(state.GetDomainState("www.google.com", true, &domain_state));
|
| }
|
|
|
| static const uint8 kSidePinLeafSPKI[] = {
|
|
|
Chromium Code Reviews
Issue 24251011:
Revert 224269 "Don't persist HPKP if PrivacyMode is enabled." (Closed)
Base URL: svn://svn.chromium.org/chrome/