OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/http/transport_security_state.h" | 5 #include "net/http/transport_security_state.h" |
6 | 6 |
7 #include <algorithm> | 7 #include <algorithm> |
8 #include <string> | 8 #include <string> |
9 #include <vector> | 9 #include <vector> |
10 | 10 |
(...skipping 24 matching lines...) Expand all Loading... | |
35 #include "net/ssl/ssl_info.h" | 35 #include "net/ssl/ssl_info.h" |
36 #include "net/test/cert_test_util.h" | 36 #include "net/test/cert_test_util.h" |
37 #include "net/test/test_data_directory.h" | 37 #include "net/test/test_data_directory.h" |
38 #include "testing/gmock/include/gmock/gmock.h" | 38 #include "testing/gmock/include/gmock/gmock.h" |
39 #include "testing/gtest/include/gtest/gtest.h" | 39 #include "testing/gtest/include/gtest/gtest.h" |
40 | 40 |
41 namespace net { | 41 namespace net { |
42 | 42 |
43 namespace { | 43 namespace { |
44 | 44 |
45 namespace test1 { | |
martijnc
2017/02/08 20:58:21
I tried to mix several cases (common prefix, no co
| |
46 #include "net/http/transport_security_state_static_unittest1.h" | |
47 } | |
48 namespace test2 { | |
49 #include "net/http/transport_security_state_static_unittest2.h" | |
50 } | |
51 namespace test3 { | |
52 #include "net/http/transport_security_state_static_unittest3.h" | |
53 } | |
54 | |
45 const char kHost[] = "example.test"; | 55 const char kHost[] = "example.test"; |
46 const char kSubdomain[] = "foo.example.test"; | 56 const char kSubdomain[] = "foo.example.test"; |
47 const uint16_t kPort = 443; | 57 const uint16_t kPort = 443; |
48 const char kReportUri[] = "http://report-example.test/test"; | 58 const char kReportUri[] = "http://report-example.test/test"; |
49 const char kExpectCTStaticHostname[] = "preloaded-expect-ct.badssl.com"; | 59 const char kExpectCTStaticHostname[] = "preloaded-expect-ct.badssl.com"; |
50 const char kExpectCTStaticReportURI[] = "https://clients3.google.com/ct_upload"; | 60 const char kExpectCTStaticReportURI[] = "https://clients3.google.com/ct_upload"; |
51 const char kExpectStapleStaticHostname[] = "preloaded-expect-staple.badssl.com"; | 61 const char kExpectStapleStaticHostname[] = "preloaded-expect-staple.badssl.com"; |
52 const char kExpectStapleStaticReportURI[] = | 62 const char kExpectStapleStaticReportURI[] = |
53 "https://report.badssl.com/expect-staple"; | 63 "https://report.badssl.com/expect-staple"; |
54 const char kExpectStapleStaticIncludeSubdomainsHostname[] = | 64 const char kExpectStapleStaticIncludeSubdomainsHostname[] = |
(...skipping 320 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
375 } | 385 } |
376 | 386 |
377 static HashValueVector GetSampleSPKIHashes() { | 387 static HashValueVector GetSampleSPKIHashes() { |
378 HashValueVector spki_hashes; | 388 HashValueVector spki_hashes; |
379 HashValue hash(HASH_VALUE_SHA256); | 389 HashValue hash(HASH_VALUE_SHA256); |
380 memset(hash.data(), 0, hash.size()); | 390 memset(hash.data(), 0, hash.size()); |
381 spki_hashes.push_back(hash); | 391 spki_hashes.push_back(hash); |
382 return spki_hashes; | 392 return spki_hashes; |
383 } | 393 } |
384 | 394 |
395 static HashValue GetSampleSPKIHash(uint8_t value) { | |
396 HashValue hash(HASH_VALUE_SHA256); | |
397 memset(hash.data(), value, hash.size()); | |
398 return hash; | |
399 } | |
400 | |
385 protected: | 401 protected: |
386 bool GetStaticDomainState(TransportSecurityState* state, | 402 bool GetStaticDomainState(TransportSecurityState* state, |
387 const std::string& host, | 403 const std::string& host, |
388 TransportSecurityState::STSState* sts_result, | 404 TransportSecurityState::STSState* sts_result, |
389 TransportSecurityState::PKPState* pkp_result) { | 405 TransportSecurityState::PKPState* pkp_result) { |
390 return state->GetStaticDomainState(host, sts_result, pkp_result); | 406 return state->GetStaticDomainState(host, sts_result, pkp_result); |
391 } | 407 } |
392 | 408 |
393 bool GetExpectCTState(TransportSecurityState* state, | 409 bool GetExpectCTState(TransportSecurityState* state, |
394 const std::string& host, | 410 const std::string& host, |
(...skipping 1596 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1991 state.ProcessExpectCTHeader("preload", host_port, ssl_info); | 2007 state.ProcessExpectCTHeader("preload", host_port, ssl_info); |
1992 EXPECT_EQ(1u, reporter.num_failures()); | 2008 EXPECT_EQ(1u, reporter.num_failures()); |
1993 EXPECT_TRUE(reporter.ssl_info().ct_compliance_details_available); | 2009 EXPECT_TRUE(reporter.ssl_info().ct_compliance_details_available); |
1994 EXPECT_EQ(ssl_info.ct_cert_policy_compliance, | 2010 EXPECT_EQ(ssl_info.ct_cert_policy_compliance, |
1995 reporter.ssl_info().ct_cert_policy_compliance); | 2011 reporter.ssl_info().ct_cert_policy_compliance); |
1996 EXPECT_EQ(host_port.host(), reporter.host_port_pair().host()); | 2012 EXPECT_EQ(host_port.host(), reporter.host_port_pair().host()); |
1997 EXPECT_EQ(host_port.port(), reporter.host_port_pair().port()); | 2013 EXPECT_EQ(host_port.port(), reporter.host_port_pair().port()); |
1998 EXPECT_EQ(GURL(kExpectCTStaticReportURI), reporter.report_uri()); | 2014 EXPECT_EQ(GURL(kExpectCTStaticReportURI), reporter.report_uri()); |
1999 } | 2015 } |
2000 | 2016 |
2017 TEST_F(TransportSecurityStateTest, DecodePreloadedSingle) { | |
2018 SetTransportSecurityStateSource( | |
2019 test1::kHSTSHuffmanTree, sizeof(test1::kHSTSHuffmanTree), | |
2020 test1::kPreloadedHSTSData, test1::kPreloadedHSTSBits, | |
2021 test1::kHSTSRootPosition, test1::kExpectCTReportURIs, | |
2022 test1::kExpectStapleReportURIs, test1::kPinsets, | |
2023 arraysize(test1::kPinsets)); | |
2024 | |
2025 TransportSecurityState state; | |
2026 TransportSecurityStateTest::EnableStaticPins(&state); | |
2027 TransportSecurityStateTest::EnableStaticExpectCT(&state); | |
2028 TransportSecurityStateTest::SetEnableStaticExpectStaple(&state, true); | |
2029 | |
2030 TransportSecurityState::STSState sts_state; | |
2031 TransportSecurityState::PKPState pkp_state; | |
2032 EXPECT_TRUE( | |
2033 GetStaticDomainState(&state, "hsts.example.com", &sts_state, &pkp_state)); | |
2034 EXPECT_TRUE(sts_state.include_subdomains); | |
2035 EXPECT_EQ(TransportSecurityState::STSState::MODE_FORCE_HTTPS, | |
2036 sts_state.upgrade_mode); | |
2037 EXPECT_TRUE(pkp_state.include_subdomains); | |
2038 EXPECT_EQ(GURL(""), pkp_state.report_uri); | |
2039 ASSERT_EQ(1u, pkp_state.spki_hashes.size()); | |
2040 EXPECT_EQ(pkp_state.spki_hashes[0], GetSampleSPKIHash(0x1)); | |
2041 ASSERT_EQ(1u, pkp_state.bad_spki_hashes.size()); | |
2042 EXPECT_EQ(pkp_state.bad_spki_hashes[0], GetSampleSPKIHash(0x2)); | |
2043 | |
2044 TransportSecurityState::ExpectCTState ct_state; | |
2045 EXPECT_FALSE(GetExpectCTState(&state, "hsts.example.com", &ct_state)); | |
2046 | |
2047 TransportSecurityState::ExpectStapleState staple_state; | |
2048 EXPECT_FALSE(GetExpectStapleState(&state, "hsts.example.com", &staple_state)); | |
2049 | |
2050 SetDefaultTransportSecurityStateSource(); | |
2051 } | |
2052 | |
2053 TEST_F(TransportSecurityStateTest, DecodePreloadedMultiplePrefix) { | |
2054 SetTransportSecurityStateSource( | |
2055 test2::kHSTSHuffmanTree, sizeof(test2::kHSTSHuffmanTree), | |
2056 test2::kPreloadedHSTSData, test2::kPreloadedHSTSBits, | |
2057 test2::kHSTSRootPosition, test2::kExpectCTReportURIs, | |
2058 test2::kExpectStapleReportURIs, test2::kPinsets, | |
2059 arraysize(test2::kPinsets)); | |
2060 | |
2061 TransportSecurityState state; | |
2062 TransportSecurityStateTest::EnableStaticPins(&state); | |
2063 TransportSecurityStateTest::EnableStaticExpectCT(&state); | |
2064 TransportSecurityStateTest::SetEnableStaticExpectStaple(&state, true); | |
2065 | |
2066 TransportSecurityState::STSState sts_state; | |
2067 TransportSecurityState::PKPState pkp_state; | |
2068 TransportSecurityState::ExpectCTState ct_state; | |
2069 TransportSecurityState::ExpectStapleState staple_state; | |
2070 | |
2071 EXPECT_TRUE( | |
2072 GetStaticDomainState(&state, "hsts.example.com", &sts_state, &pkp_state)); | |
2073 EXPECT_FALSE(sts_state.include_subdomains); | |
2074 EXPECT_EQ(TransportSecurityState::STSState::MODE_FORCE_HTTPS, | |
2075 sts_state.upgrade_mode); | |
2076 EXPECT_FALSE(pkp_state.include_subdomains); | |
2077 EXPECT_EQ(GURL(""), pkp_state.report_uri); | |
2078 EXPECT_EQ(0U, pkp_state.spki_hashes.size()); | |
2079 EXPECT_EQ(0U, pkp_state.bad_spki_hashes.size()); | |
2080 EXPECT_FALSE(GetExpectCTState(&state, "hsts.example.com", &ct_state)); | |
2081 EXPECT_FALSE(GetExpectStapleState(&state, "hsts.example.com", &staple_state)); | |
2082 | |
2083 sts_state = TransportSecurityState::STSState(); | |
2084 pkp_state = TransportSecurityState::PKPState(); | |
2085 ct_state = TransportSecurityState::ExpectCTState(); | |
2086 staple_state = TransportSecurityState::ExpectStapleState(); | |
2087 EXPECT_TRUE( | |
2088 GetStaticDomainState(&state, "hpkp.example.com", &sts_state, &pkp_state)); | |
2089 EXPECT_FALSE(sts_state.include_subdomains); | |
2090 EXPECT_EQ(TransportSecurityState::STSState::MODE_DEFAULT, | |
2091 sts_state.upgrade_mode); | |
2092 EXPECT_TRUE(pkp_state.include_subdomains); | |
2093 EXPECT_EQ(GURL("https://report.example.com/hpkp-upload"), | |
2094 pkp_state.report_uri); | |
2095 EXPECT_EQ(1U, pkp_state.spki_hashes.size()); | |
2096 EXPECT_EQ(pkp_state.spki_hashes[0], GetSampleSPKIHash(0x1)); | |
2097 EXPECT_EQ(0U, pkp_state.bad_spki_hashes.size()); | |
2098 EXPECT_FALSE(GetExpectCTState(&state, "hpkp.example.com", &ct_state)); | |
2099 EXPECT_FALSE(GetExpectStapleState(&state, "hpkp.example.com", &staple_state)); | |
2100 | |
2101 sts_state = TransportSecurityState::STSState(); | |
2102 pkp_state = TransportSecurityState::PKPState(); | |
2103 ct_state = TransportSecurityState::ExpectCTState(); | |
2104 staple_state = TransportSecurityState::ExpectStapleState(); | |
2105 EXPECT_TRUE(GetStaticDomainState(&state, "expect-ct.example.com", &sts_state, | |
2106 &pkp_state)); | |
2107 EXPECT_FALSE(sts_state.include_subdomains); | |
2108 EXPECT_EQ(TransportSecurityState::STSState::MODE_DEFAULT, | |
2109 sts_state.upgrade_mode); | |
2110 EXPECT_FALSE(pkp_state.include_subdomains); | |
2111 EXPECT_EQ(GURL(""), pkp_state.report_uri); | |
2112 EXPECT_EQ(0U, pkp_state.spki_hashes.size()); | |
2113 EXPECT_EQ(0U, pkp_state.bad_spki_hashes.size()); | |
2114 EXPECT_TRUE(GetExpectCTState(&state, "expect-ct.example.com", &ct_state)); | |
2115 EXPECT_EQ(GURL("https://report.example.com/ct-upload"), ct_state.report_uri); | |
2116 EXPECT_FALSE( | |
2117 GetExpectStapleState(&state, "expect-ct.example.com", &staple_state)); | |
2118 | |
2119 sts_state = TransportSecurityState::STSState(); | |
2120 pkp_state = TransportSecurityState::PKPState(); | |
2121 ct_state = TransportSecurityState::ExpectCTState(); | |
2122 staple_state = TransportSecurityState::ExpectStapleState(); | |
2123 EXPECT_TRUE(GetStaticDomainState(&state, "expect-staple.example.com", | |
2124 &sts_state, &pkp_state)); | |
2125 EXPECT_FALSE(sts_state.include_subdomains); | |
2126 EXPECT_EQ(TransportSecurityState::STSState::MODE_DEFAULT, | |
2127 sts_state.upgrade_mode); | |
2128 EXPECT_FALSE(pkp_state.include_subdomains); | |
2129 EXPECT_EQ(GURL(""), pkp_state.report_uri); | |
2130 EXPECT_EQ(0U, pkp_state.spki_hashes.size()); | |
2131 EXPECT_EQ(0U, pkp_state.bad_spki_hashes.size()); | |
2132 EXPECT_FALSE( | |
2133 GetExpectCTState(&state, "expect-staple.example.com", &ct_state)); | |
2134 EXPECT_TRUE( | |
2135 GetExpectStapleState(&state, "expect-staple.example.com", &staple_state)); | |
2136 EXPECT_FALSE(staple_state.include_subdomains); | |
2137 EXPECT_EQ(GURL("https://report.example.com/staple-upload"), | |
2138 staple_state.report_uri); | |
2139 | |
2140 sts_state = TransportSecurityState::STSState(); | |
2141 pkp_state = TransportSecurityState::PKPState(); | |
2142 ct_state = TransportSecurityState::ExpectCTState(); | |
2143 staple_state = TransportSecurityState::ExpectStapleState(); | |
2144 EXPECT_TRUE( | |
2145 GetStaticDomainState(&state, "mix.example.com", &sts_state, &pkp_state)); | |
2146 EXPECT_FALSE(sts_state.include_subdomains); | |
2147 EXPECT_EQ(TransportSecurityState::STSState::MODE_FORCE_HTTPS, | |
2148 sts_state.upgrade_mode); | |
2149 EXPECT_TRUE(pkp_state.include_subdomains); | |
2150 EXPECT_EQ(GURL(""), pkp_state.report_uri); | |
2151 EXPECT_EQ(1U, pkp_state.spki_hashes.size()); | |
2152 EXPECT_EQ(pkp_state.spki_hashes[0], GetSampleSPKIHash(0x2)); | |
2153 EXPECT_EQ(1U, pkp_state.bad_spki_hashes.size()); | |
2154 EXPECT_EQ(pkp_state.bad_spki_hashes[0], GetSampleSPKIHash(0x1)); | |
2155 EXPECT_TRUE(GetExpectCTState(&state, "mix.example.com", &ct_state)); | |
2156 EXPECT_EQ(GURL("https://report.example.com/ct-upload-alt"), | |
2157 ct_state.report_uri); | |
2158 EXPECT_TRUE(GetExpectStapleState(&state, "mix.example.com", &staple_state)); | |
2159 EXPECT_TRUE(staple_state.include_subdomains); | |
2160 EXPECT_EQ(GURL("https://report.example.com/staple-upload-alt"), | |
2161 staple_state.report_uri); | |
2162 | |
2163 SetDefaultTransportSecurityStateSource(); | |
2164 } | |
2165 | |
2166 TEST_F(TransportSecurityStateTest, DecodePreloadedMultipleMix) { | |
2167 SetTransportSecurityStateSource( | |
2168 test3::kHSTSHuffmanTree, sizeof(test3::kHSTSHuffmanTree), | |
2169 test3::kPreloadedHSTSData, test3::kPreloadedHSTSBits, | |
2170 test3::kHSTSRootPosition, test3::kExpectCTReportURIs, | |
2171 test3::kExpectStapleReportURIs, test3::kPinsets, | |
2172 arraysize(test3::kPinsets)); | |
2173 | |
2174 TransportSecurityState state; | |
2175 TransportSecurityStateTest::EnableStaticPins(&state); | |
2176 TransportSecurityStateTest::EnableStaticExpectCT(&state); | |
2177 TransportSecurityStateTest::SetEnableStaticExpectStaple(&state, true); | |
2178 | |
2179 TransportSecurityState::STSState sts_state; | |
2180 TransportSecurityState::PKPState pkp_state; | |
2181 TransportSecurityState::ExpectCTState ct_state; | |
2182 TransportSecurityState::ExpectStapleState staple_state; | |
2183 | |
2184 EXPECT_TRUE( | |
2185 GetStaticDomainState(&state, "example.com", &sts_state, &pkp_state)); | |
2186 EXPECT_TRUE(sts_state.include_subdomains); | |
2187 EXPECT_EQ(TransportSecurityState::STSState::MODE_FORCE_HTTPS, | |
2188 sts_state.upgrade_mode); | |
2189 EXPECT_FALSE(pkp_state.include_subdomains); | |
2190 EXPECT_EQ(GURL(""), pkp_state.report_uri); | |
2191 EXPECT_EQ(0U, pkp_state.spki_hashes.size()); | |
2192 EXPECT_EQ(0U, pkp_state.bad_spki_hashes.size()); | |
2193 EXPECT_FALSE(GetExpectCTState(&state, "example.com", &ct_state)); | |
2194 EXPECT_EQ(GURL(""), ct_state.report_uri); | |
2195 EXPECT_TRUE(GetExpectStapleState(&state, "example.com", &staple_state)); | |
2196 EXPECT_FALSE(staple_state.include_subdomains); | |
2197 EXPECT_EQ(GURL("https://report.example.com/staple-upload"), | |
2198 staple_state.report_uri); | |
2199 | |
2200 sts_state = TransportSecurityState::STSState(); | |
2201 pkp_state = TransportSecurityState::PKPState(); | |
2202 ct_state = TransportSecurityState::ExpectCTState(); | |
2203 staple_state = TransportSecurityState::ExpectStapleState(); | |
2204 EXPECT_TRUE( | |
2205 GetStaticDomainState(&state, "hpkp.example.com", &sts_state, &pkp_state)); | |
2206 EXPECT_FALSE(sts_state.include_subdomains); | |
2207 EXPECT_EQ(TransportSecurityState::STSState::MODE_DEFAULT, | |
2208 sts_state.upgrade_mode); | |
2209 EXPECT_TRUE(pkp_state.include_subdomains); | |
2210 EXPECT_EQ(GURL("https://report.example.com/hpkp-upload"), | |
2211 pkp_state.report_uri); | |
2212 EXPECT_EQ(1U, pkp_state.spki_hashes.size()); | |
2213 EXPECT_EQ(pkp_state.spki_hashes[0], GetSampleSPKIHash(0x1)); | |
2214 EXPECT_EQ(0U, pkp_state.bad_spki_hashes.size()); | |
2215 EXPECT_FALSE(GetExpectCTState(&state, "hpkp.example.com", &ct_state)); | |
2216 EXPECT_EQ(GURL(""), ct_state.report_uri); | |
2217 EXPECT_FALSE(GetExpectStapleState(&state, "hpkp.example.com", &staple_state)); | |
2218 EXPECT_FALSE(staple_state.include_subdomains); | |
2219 EXPECT_EQ(GURL(""), staple_state.report_uri); | |
2220 | |
2221 sts_state = TransportSecurityState::STSState(); | |
2222 pkp_state = TransportSecurityState::PKPState(); | |
2223 ct_state = TransportSecurityState::ExpectCTState(); | |
2224 staple_state = TransportSecurityState::ExpectStapleState(); | |
2225 EXPECT_TRUE( | |
2226 GetStaticDomainState(&state, "example.org", &sts_state, &pkp_state)); | |
2227 EXPECT_FALSE(sts_state.include_subdomains); | |
2228 EXPECT_EQ(TransportSecurityState::STSState::MODE_FORCE_HTTPS, | |
2229 sts_state.upgrade_mode); | |
2230 EXPECT_FALSE(pkp_state.include_subdomains); | |
2231 EXPECT_EQ(GURL(""), pkp_state.report_uri); | |
2232 EXPECT_EQ(0U, pkp_state.spki_hashes.size()); | |
2233 EXPECT_EQ(0U, pkp_state.bad_spki_hashes.size()); | |
2234 EXPECT_TRUE(GetExpectCTState(&state, "example.org", &ct_state)); | |
2235 EXPECT_EQ(GURL("https://report.example.org/ct-upload"), ct_state.report_uri); | |
2236 EXPECT_FALSE(GetExpectStapleState(&state, "example.org", &staple_state)); | |
2237 EXPECT_FALSE(staple_state.include_subdomains); | |
2238 EXPECT_EQ(GURL(""), staple_state.report_uri); | |
2239 | |
2240 sts_state = TransportSecurityState::STSState(); | |
2241 pkp_state = TransportSecurityState::PKPState(); | |
2242 ct_state = TransportSecurityState::ExpectCTState(); | |
2243 staple_state = TransportSecurityState::ExpectStapleState(); | |
2244 EXPECT_TRUE( | |
2245 GetStaticDomainState(&state, "badssl.com", &sts_state, &pkp_state)); | |
2246 EXPECT_TRUE(sts_state.include_subdomains); | |
2247 EXPECT_EQ(TransportSecurityState::STSState::MODE_DEFAULT, | |
2248 sts_state.upgrade_mode); | |
2249 EXPECT_TRUE(pkp_state.include_subdomains); | |
2250 EXPECT_EQ(GURL("https://report.example.com/hpkp-upload"), | |
2251 pkp_state.report_uri); | |
2252 EXPECT_EQ(1U, pkp_state.spki_hashes.size()); | |
2253 EXPECT_EQ(pkp_state.spki_hashes[0], GetSampleSPKIHash(0x1)); | |
2254 EXPECT_EQ(0U, pkp_state.bad_spki_hashes.size()); | |
2255 EXPECT_FALSE(GetExpectCTState(&state, "badssl.com", &ct_state)); | |
2256 EXPECT_EQ(GURL(""), ct_state.report_uri); | |
2257 EXPECT_TRUE(GetExpectStapleState(&state, "badssl.com", &staple_state)); | |
2258 EXPECT_TRUE(staple_state.include_subdomains); | |
2259 EXPECT_EQ(GURL("https://report.badssl.com/staple-upload"), | |
2260 staple_state.report_uri); | |
2261 | |
2262 sts_state = TransportSecurityState::STSState(); | |
2263 pkp_state = TransportSecurityState::PKPState(); | |
2264 ct_state = TransportSecurityState::ExpectCTState(); | |
2265 staple_state = TransportSecurityState::ExpectStapleState(); | |
2266 EXPECT_TRUE( | |
2267 GetStaticDomainState(&state, "mix.badssl.com", &sts_state, &pkp_state)); | |
2268 EXPECT_FALSE(sts_state.include_subdomains); | |
2269 EXPECT_EQ(TransportSecurityState::STSState::MODE_FORCE_HTTPS, | |
2270 sts_state.upgrade_mode); | |
2271 EXPECT_TRUE(pkp_state.include_subdomains); | |
2272 EXPECT_EQ(GURL(""), pkp_state.report_uri); | |
2273 EXPECT_EQ(1U, pkp_state.spki_hashes.size()); | |
2274 EXPECT_EQ(pkp_state.spki_hashes[0], GetSampleSPKIHash(0x2)); | |
2275 EXPECT_EQ(1U, pkp_state.bad_spki_hashes.size()); | |
2276 EXPECT_EQ(pkp_state.bad_spki_hashes[0], GetSampleSPKIHash(0x1)); | |
2277 EXPECT_TRUE(GetExpectCTState(&state, "mix.badssl.com", &ct_state)); | |
2278 EXPECT_EQ(GURL("https://report.example.com/ct-upload"), ct_state.report_uri); | |
2279 EXPECT_TRUE(GetExpectStapleState(&state, "mix.badssl.com", &staple_state)); | |
2280 EXPECT_TRUE(staple_state.include_subdomains); | |
2281 EXPECT_EQ(GURL("https://report.badssl.com/staple-upload"), | |
2282 staple_state.report_uri); | |
2283 | |
2284 SetDefaultTransportSecurityStateSource(); | |
2285 } | |
2286 | |
2001 static const struct ExpectStapleErrorResponseData { | 2287 static const struct ExpectStapleErrorResponseData { |
2002 OCSPVerifyResult::ResponseStatus response_status; | 2288 OCSPVerifyResult::ResponseStatus response_status; |
2003 std::string response_status_string; | 2289 std::string response_status_string; |
2004 } kExpectStapleReportData[] = { | 2290 } kExpectStapleReportData[] = { |
2005 {OCSPVerifyResult::MISSING, "MISSING"}, | 2291 {OCSPVerifyResult::MISSING, "MISSING"}, |
2006 {OCSPVerifyResult::ERROR_RESPONSE, "ERROR_RESPONSE"}, | 2292 {OCSPVerifyResult::ERROR_RESPONSE, "ERROR_RESPONSE"}, |
2007 {OCSPVerifyResult::BAD_PRODUCED_AT, "BAD_PRODUCED_AT"}, | 2293 {OCSPVerifyResult::BAD_PRODUCED_AT, "BAD_PRODUCED_AT"}, |
2008 {OCSPVerifyResult::NO_MATCHING_RESPONSE, "NO_MATCHING_RESPONSE"}, | 2294 {OCSPVerifyResult::NO_MATCHING_RESPONSE, "NO_MATCHING_RESPONSE"}, |
2009 {OCSPVerifyResult::INVALID_DATE, "INVALID_DATE"}, | 2295 {OCSPVerifyResult::INVALID_DATE, "INVALID_DATE"}, |
2010 {OCSPVerifyResult::PARSE_RESPONSE_ERROR, "PARSE_RESPONSE_ERROR"}, | 2296 {OCSPVerifyResult::PARSE_RESPONSE_ERROR, "PARSE_RESPONSE_ERROR"}, |
(...skipping 298 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
2309 base::FieldTrialList::CreateFieldTrial("EnforceCTForProblematicRoots", | 2595 base::FieldTrialList::CreateFieldTrial("EnforceCTForProblematicRoots", |
2310 "disabled"); | 2596 "disabled"); |
2311 | 2597 |
2312 EXPECT_FALSE( | 2598 EXPECT_FALSE( |
2313 state.ShouldRequireCT("www.example.com", before_cert.get(), hashes)); | 2599 state.ShouldRequireCT("www.example.com", before_cert.get(), hashes)); |
2314 EXPECT_FALSE( | 2600 EXPECT_FALSE( |
2315 state.ShouldRequireCT("www.example.com", after_cert.get(), hashes)); | 2601 state.ShouldRequireCT("www.example.com", after_cert.get(), hashes)); |
2316 } | 2602 } |
2317 | 2603 |
2318 } // namespace net | 2604 } // namespace net |
OLD | NEW |