Add transport security state generator tests.

net/http/transport_security_state.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/http/transport_security_state.h"
 
 #include <algorithm>
 #include <memory>
 #include <utility>
 #include <vector>
@@ skipping 29 matching lines @@
 
 namespace {
 
 #include "net/http/transport_security_state_ct_policies.inc"
 #include "net/http/transport_security_state_static.h"
 
 const size_t kMaxHPKPReportCacheEntries = 50;
 const int kTimeToRememberHPKPReportsMins = 60;
 const size_t kReportCacheKeyLength = 16;
 
+const uint8_t* g_hsts_huffman_tree = kHSTSHuffmanTree;
+size_t g_hsts_huffman_tree_size = sizeof(kHSTSHuffmanTree);
+const uint8_t* g_preloaded_hsts_data = kPreloadedHSTSData;
+size_t g_preloaded_hsts_bits = kPreloadedHSTSBits;
+size_t g_hsts_root_position = kHSTSRootPosition;
+const char* const* g_expect_ct_report_uris = kExpectCTReportURIs;
+const char* const* g_expect_staple_report_uris = kExpectStapleReportURIs;
+const struct Pinset* g_hsts_pinsets = kPinsets;
+size_t g_hsts_pinsets_count = arraysize(kPinsets);
+
 // Override for ShouldRequireCT() for unit tests. Possible values:
 //  -1: Unless a delegate says otherwise, do not require CT.
 //   0: Use the default implementation (e.g. production)
 //   1: Unless a delegate says otherwise, require CT.
 int g_ct_required_for_testing = 0;
 
 // LessThan comparator for use with std::binary_search() in determining
 // whether a SHA-256 HashValue appears within a sorted array of
 // SHA256HashValues.
 struct SHA256ToHashValueComparator {
@@ skipping 367 matching lines @@
 // it contains the HSTS information: whether subdomains are included, pinsets
 // etc. If an "end of string" matches a period in the hostname then the
 // information is remembered because, if no more specific node is found, then
 // that information applies to the hostname.
 //
 // Dispatch tables are always given in order, but the "end of string" (zero)
 // value always comes before an entry for '.'.
 bool DecodeHSTSPreloadRaw(const std::string& search_hostname,
                           bool* out_found,
                           PreloadResult* out) {
-  HuffmanDecoder huffman(kHSTSHuffmanTree, sizeof(kHSTSHuffmanTree));
-  BitReader reader(kPreloadedHSTSData, kPreloadedHSTSBits);
-  size_t bit_offset = kHSTSRootPosition;
+  HuffmanDecoder huffman(g_hsts_huffman_tree, g_hsts_huffman_tree_size);
+  BitReader reader(g_preloaded_hsts_data, g_preloaded_hsts_bits);
+  size_t bit_offset = g_hsts_root_position;
   static const char kEndOfString = 0;
   static const char kEndOfTable = 127;
 
   *out_found = false;
 
   // Ensure that |search_hostname| is a valid hostname before
   // processing.
   if (CanonicalizeHost(search_hostname).empty()) {
     return true;
   }
@@ skipping 264 matching lines @@
   report.Set("validated-certificate-chain",
              GetPEMEncodedChainAsList(ssl_info.cert.get()));
 
   if (!base::JSONWriter::Write(report, out_serialized_report))
     return false;
   return true;
 }
 
 }  // namespace
 
+void SetTransportSecurityStateSource(
+    const uint8_t* hsts_huffman_tree,
+    const size_t hsts_huffman_tree_size,
+    const uint8_t* preloaded_hsts_data,
+    const size_t preloaded_hsts_bits,
+    const size_t hsts_root_position,
+    const char* const* expect_ct_report_uris,
+    const char* const* expect_staple_report_uris,
+    const struct Pinset hsts_pinsets[],
+    const size_t hsts_pinsets_count) {
+  g_hsts_huffman_tree = hsts_huffman_tree;
+  g_hsts_huffman_tree_size = hsts_huffman_tree_size;
+  g_preloaded_hsts_data = preloaded_hsts_data;
+  g_preloaded_hsts_bits = preloaded_hsts_bits;
+  g_hsts_root_position = hsts_root_position;
+  g_expect_ct_report_uris = expect_ct_report_uris;
+  g_expect_staple_report_uris = expect_staple_report_uris;
+  g_hsts_pinsets = hsts_pinsets;
+  g_hsts_pinsets_count = hsts_pinsets_count;
+}
+
+void SetDefaultTransportSecurityStateSource() {
+  g_hsts_huffman_tree = kHSTSHuffmanTree;
+  g_hsts_huffman_tree_size = sizeof(kHSTSHuffmanTree);
+  g_preloaded_hsts_data = kPreloadedHSTSData;
+  g_preloaded_hsts_bits = kPreloadedHSTSBits;
+  g_hsts_root_position = kHSTSRootPosition;
+  g_expect_ct_report_uris = kExpectCTReportURIs;
+  g_expect_staple_report_uris = kExpectStapleReportURIs;
+  g_hsts_pinsets = kPinsets;
+  g_hsts_pinsets_count = arraysize(kPinsets);
+}
+
 TransportSecurityState::TransportSecurityState()
     : enable_static_pins_(true),
       enable_static_expect_ct_(true),
       enable_static_expect_staple_(true),
       enable_pkp_bypass_for_local_trust_anchors_(true),
       sent_reports_cache_(kMaxHPKPReportCacheEntries) {
 // Static pinning is only enabled for official builds to make sure that
 // others don't end up with pins that cannot be easily updated.
 #if !defined(OFFICIAL_BUILD) || defined(OS_ANDROID) || defined(OS_IOS)
   enable_static_pins_ = false;
@@ skipping 364 matching lines @@
 
   PreloadResult result;
   if (!DecodeHSTSPreload(host, &result))
     return false;
 
   if (!enable_static_expect_ct_ || !result.expect_ct)
     return false;
 
   expect_ct_state->domain = host.substr(result.hostname_offset);
   expect_ct_state->report_uri =
-      GURL(kExpectCTReportURIs[result.expect_ct_report_uri_id]);
+      GURL(g_expect_ct_report_uris[result.expect_ct_report_uri_id]);
   return true;
 }
 
 bool TransportSecurityState::GetStaticExpectStapleState(
     const std::string& host,
     ExpectStapleState* expect_staple_state) const {
   DCHECK(CalledOnValidThread());
 
   if (!IsBuildTimely())
     return false;
 
   PreloadResult result;
   if (!DecodeHSTSPreload(host, &result))
     return false;
 
   if (!enable_static_expect_staple_ || !result.expect_staple)
     return false;
 
   expect_staple_state->domain = host.substr(result.hostname_offset);
   expect_staple_state->include_subdomains =
       result.expect_staple_include_subdomains;
   expect_staple_state->report_uri =
-      GURL(kExpectStapleReportURIs[result.expect_staple_report_uri_id]);
+      GURL(g_expect_staple_report_uris[result.expect_staple_report_uri_id]);
   return true;
 }
 
 bool TransportSecurityState::DeleteDynamicDataForHost(const std::string& host) {
   DCHECK(CalledOnValidThread());
 
   const std::string canonicalized_host = CanonicalizeHost(host);
   if (canonicalized_host.empty())
     return false;
 
@@ skipping 283 matching lines @@
   sts_state->last_observed = base::GetBuildTime();
   sts_state->upgrade_mode = STSState::MODE_DEFAULT;
   if (result.force_https) {
     sts_state->upgrade_mode = STSState::MODE_FORCE_HTTPS;
   }
 
   if (enable_static_pins_ && result.has_pins) {
     pkp_state->include_subdomains = result.pkp_include_subdomains;
     pkp_state->last_observed = base::GetBuildTime();
 
-    if (result.pinset_id >= arraysize(kPinsets))
+    if (result.pinset_id >= g_hsts_pinsets_count)
       return false;
-    const Pinset *pinset = &kPinsets[result.pinset_id];
+    const Pinset* pinset = &g_hsts_pinsets[result.pinset_id];
 
     if (pinset->report_uri != kNoReportURI)
       pkp_state->report_uri = GURL(pinset->report_uri);
 
     if (pinset->accepted_pins) {
       const char* const* sha256_hash = pinset->accepted_pins;
       while (*sha256_hash) {
         AddHash(*sha256_hash, &pkp_state->spki_hashes);
         sha256_hash++;
       }
@@ skipping 206 matching lines @@
 TransportSecurityState::PKPStateIterator::PKPStateIterator(
     const TransportSecurityState& state)
     : iterator_(state.enabled_pkp_hosts_.begin()),
       end_(state.enabled_pkp_hosts_.end()) {
 }
 
 TransportSecurityState::PKPStateIterator::~PKPStateIterator() {
 }
 
 }  // namespace