Index: net/cert/cert_verify_proc_whitelist_unittest.cc |
diff --git a/net/cert/cert_verify_proc_whitelist_unittest.cc b/net/cert/cert_verify_proc_whitelist_unittest.cc |
index 27320356cb28cd1fd3e9e2bef5be1bf0858a0ba1..8bed3978e528efc914c02a1df6a662c0b5f6a6d5 100644 |
--- a/net/cert/cert_verify_proc_whitelist_unittest.cc |
+++ b/net/cert/cert_verify_proc_whitelist_unittest.cc |
@@ -14,7 +14,15 @@ namespace net { |
namespace { |
+namespace test1 { |
svaldez
2017/01/26 20:54:48
Slightly ugly of a namespace for test data, though
|
+#include "net/cert/cert_verify_proc_whitelist_unittest1-inc.cc" |
+} // namespace test |
+ |
TEST(CertVerifyProcWhitelistTest, HandlesWosignCerts) { |
+ // The domain must be in the whitelist from |
+ // //net/data/ssl/wosign/wosign_domains.gperf |
+ const char kWhitelistedDomain[] = "005.tv"; |
svaldez
2017/01/26 20:54:48
Add a sanity check for a nonwhitelisted domain fro
|
+ |
scoped_refptr<X509Certificate> cert = |
ImportCertFromFile(GetTestCertsDirectory(), "wosign_before_oct_21.pem"); |
ASSERT_TRUE(cert); |
@@ -25,12 +33,44 @@ TEST(CertVerifyProcWhitelistTest, HandlesWosignCerts) { |
0x95, 0xa5, 0x99, 0x68, 0xce, 0xf2, 0x34, 0x77, 0x37, 0x79, 0xdf, |
0x51, 0x81, 0xcf, 0x10, 0xfa, 0x64, 0x75, 0x34, 0xbb, 0x65}}); |
- EXPECT_FALSE(IsNonWhitelistedCertificate(*cert, public_key_hashes)); |
+ EXPECT_FALSE(IsNonWhitelistedCertificate(*cert, public_key_hashes, |
+ kWhitelistedDomain)); |
cert = ImportCertFromFile(GetTestCertsDirectory(), "wosign_after_oct_21.pem"); |
ASSERT_TRUE(cert); |
- EXPECT_TRUE(IsNonWhitelistedCertificate(*cert, public_key_hashes)); |
+ EXPECT_TRUE(IsNonWhitelistedCertificate(*cert, public_key_hashes, |
+ kWhitelistedDomain)); |
+} |
+ |
+TEST(CertVerifyProcWhitelistTest, IsWhitelistedHost) { |
+ const unsigned char* graph = test1::kDafsa; |
+ size_t graph_size = arraysize(test1::kDafsa); |
+ |
+ // Test malformed inputs. |
+ EXPECT_FALSE(IsWhitelistedHost(graph, graph_size, "")); |
+ EXPECT_FALSE(IsWhitelistedHost(graph, graph_size, ".")); |
+ EXPECT_FALSE(IsWhitelistedHost(graph, graph_size, "..")); |
+ |
+ // Make sure that TLDs aren't accepted just because a subdomain is. |
+ EXPECT_FALSE(IsWhitelistedHost(graph, graph_size, "com")); |
+ |
+ // Test various forms of domain names that GURL will accept for entries in |
+ // the graph. |
+ EXPECT_TRUE(IsWhitelistedHost(graph, graph_size, "example.com")); |
+ EXPECT_TRUE(IsWhitelistedHost(graph, graph_size, "subdomain.example.com")); |
+ EXPECT_TRUE(IsWhitelistedHost(graph, graph_size, ".subdomain.example.com")); |
+ EXPECT_TRUE(IsWhitelistedHost(graph, graph_size, "example.com.")); |
+ EXPECT_TRUE(IsWhitelistedHost(graph, graph_size, ".example.com.")); |
+ EXPECT_TRUE(IsWhitelistedHost(graph, graph_size, "www.example.bar.jp")); |
+ |
svaldez
2017/01/26 20:54:48
Add tests for pre/postfix of whitelisted domains.
|
+ // Test various forms of domain names that GURL will accept for entries not |
+ // in the graph. |
+ EXPECT_FALSE(IsWhitelistedHost(graph, graph_size, "anotherexample.com")); |
+ EXPECT_FALSE(IsWhitelistedHost(graph, graph_size, "domain.com")); |
+ EXPECT_FALSE(IsWhitelistedHost(graph, graph_size, "example..com")); |
+ EXPECT_FALSE(IsWhitelistedHost(graph, graph_size, "www.co.uk")); |
+ EXPECT_FALSE(IsWhitelistedHost(graph, graph_size, "www..co.uk")); |
} |
} // namespace |