Chromium Code Reviews Chromium Code Reviews
Issue 2660793002:
Add transport security state generator tests. (Closed)
| Index: net/http/transport_security_state_unittest.cc |
| diff --git a/net/http/transport_security_state_unittest.cc b/net/http/transport_security_state_unittest.cc |
| index 7fb0b491049ba0a661003c451a3f81d6fdf5bad5..37fd43a02805226f346b3efac6ec00d33849f419 100644 |
| --- a/net/http/transport_security_state_unittest.cc |
| +++ b/net/http/transport_security_state_unittest.cc |
| @@ -42,6 +42,16 @@ namespace net { |
| namespace { |
| +namespace test1 { |
|
martijnc
2017/02/08 20:58:21
I tried to mix several cases (common prefix, no co
|
| +#include "net/http/transport_security_state_static_unittest1.h" |
| +} |
| +namespace test2 { |
| +#include "net/http/transport_security_state_static_unittest2.h" |
| +} |
| +namespace test3 { |
| +#include "net/http/transport_security_state_static_unittest3.h" |
| +} |
| + |
| const char kHost[] = "example.test"; |
| const char kSubdomain[] = "foo.example.test"; |
| const uint16_t kPort = 443; |
| @@ -382,6 +392,12 @@ class TransportSecurityStateTest : public testing::Test { |
| return spki_hashes; |
| } |
| + static HashValue GetSampleSPKIHash(uint8_t value) { |
| + HashValue hash(HASH_VALUE_SHA256); |
| + memset(hash.data(), value, hash.size()); |
| + return hash; |
| + } |
| + |
| protected: |
| bool GetStaticDomainState(TransportSecurityState* state, |
| const std::string& host, |
| @@ -1998,6 +2014,276 @@ TEST_F(TransportSecurityStateTest, ExpectCTReporter) { |
| EXPECT_EQ(GURL(kExpectCTStaticReportURI), reporter.report_uri()); |
| } |
| +TEST_F(TransportSecurityStateTest, DecodePreloadedSingle) { |
| + SetTransportSecurityStateSource( |
| + test1::kHSTSHuffmanTree, sizeof(test1::kHSTSHuffmanTree), |
| + test1::kPreloadedHSTSData, test1::kPreloadedHSTSBits, |
| + test1::kHSTSRootPosition, test1::kExpectCTReportURIs, |
| + test1::kExpectStapleReportURIs, test1::kPinsets, |
| + arraysize(test1::kPinsets)); |
| + |
| + TransportSecurityState state; |
| + TransportSecurityStateTest::EnableStaticPins(&state); |
| + TransportSecurityStateTest::EnableStaticExpectCT(&state); |
| + TransportSecurityStateTest::SetEnableStaticExpectStaple(&state, true); |
| + |
| + TransportSecurityState::STSState sts_state; |
| + TransportSecurityState::PKPState pkp_state; |
| + EXPECT_TRUE( |
| + GetStaticDomainState(&state, "hsts.example.com", &sts_state, &pkp_state)); |
| + EXPECT_TRUE(sts_state.include_subdomains); |
| + EXPECT_EQ(TransportSecurityState::STSState::MODE_FORCE_HTTPS, |
| + sts_state.upgrade_mode); |
| + EXPECT_TRUE(pkp_state.include_subdomains); |
| + EXPECT_EQ(GURL(""), pkp_state.report_uri); |
| + ASSERT_EQ(1u, pkp_state.spki_hashes.size()); |
| + EXPECT_EQ(pkp_state.spki_hashes[0], GetSampleSPKIHash(0x1)); |
| + ASSERT_EQ(1u, pkp_state.bad_spki_hashes.size()); |
| + EXPECT_EQ(pkp_state.bad_spki_hashes[0], GetSampleSPKIHash(0x2)); |
| + |
| + TransportSecurityState::ExpectCTState ct_state; |
| + EXPECT_FALSE(GetExpectCTState(&state, "hsts.example.com", &ct_state)); |
| + |
| + TransportSecurityState::ExpectStapleState staple_state; |
| + EXPECT_FALSE(GetExpectStapleState(&state, "hsts.example.com", &staple_state)); |
| + |
| + SetDefaultTransportSecurityStateSource(); |
| +} |
| + |
| +TEST_F(TransportSecurityStateTest, DecodePreloadedMultiplePrefix) { |
| + SetTransportSecurityStateSource( |
| + test2::kHSTSHuffmanTree, sizeof(test2::kHSTSHuffmanTree), |
| + test2::kPreloadedHSTSData, test2::kPreloadedHSTSBits, |
| + test2::kHSTSRootPosition, test2::kExpectCTReportURIs, |
| + test2::kExpectStapleReportURIs, test2::kPinsets, |
| + arraysize(test2::kPinsets)); |
| + |
| + TransportSecurityState state; |
| + TransportSecurityStateTest::EnableStaticPins(&state); |
| + TransportSecurityStateTest::EnableStaticExpectCT(&state); |
| + TransportSecurityStateTest::SetEnableStaticExpectStaple(&state, true); |
| + |
| + TransportSecurityState::STSState sts_state; |
| + TransportSecurityState::PKPState pkp_state; |
| + TransportSecurityState::ExpectCTState ct_state; |
| + TransportSecurityState::ExpectStapleState staple_state; |
| + |
| + EXPECT_TRUE( |
| + GetStaticDomainState(&state, "hsts.example.com", &sts_state, &pkp_state)); |
| + EXPECT_FALSE(sts_state.include_subdomains); |
| + EXPECT_EQ(TransportSecurityState::STSState::MODE_FORCE_HTTPS, |
| + sts_state.upgrade_mode); |
| + EXPECT_FALSE(pkp_state.include_subdomains); |
| + EXPECT_EQ(GURL(""), pkp_state.report_uri); |
| + EXPECT_EQ(0U, pkp_state.spki_hashes.size()); |
| + EXPECT_EQ(0U, pkp_state.bad_spki_hashes.size()); |
| + EXPECT_FALSE(GetExpectCTState(&state, "hsts.example.com", &ct_state)); |
| + EXPECT_FALSE(GetExpectStapleState(&state, "hsts.example.com", &staple_state)); |
| + |
| + sts_state = TransportSecurityState::STSState(); |
| + pkp_state = TransportSecurityState::PKPState(); |
| + ct_state = TransportSecurityState::ExpectCTState(); |
| + staple_state = TransportSecurityState::ExpectStapleState(); |
| + EXPECT_TRUE( |
| + GetStaticDomainState(&state, "hpkp.example.com", &sts_state, &pkp_state)); |
| + EXPECT_FALSE(sts_state.include_subdomains); |
| + EXPECT_EQ(TransportSecurityState::STSState::MODE_DEFAULT, |
| + sts_state.upgrade_mode); |
| + EXPECT_TRUE(pkp_state.include_subdomains); |
| + EXPECT_EQ(GURL("https://report.example.com/hpkp-upload"), |
| + pkp_state.report_uri); |
| + EXPECT_EQ(1U, pkp_state.spki_hashes.size()); |
| + EXPECT_EQ(pkp_state.spki_hashes[0], GetSampleSPKIHash(0x1)); |
| + EXPECT_EQ(0U, pkp_state.bad_spki_hashes.size()); |
| + EXPECT_FALSE(GetExpectCTState(&state, "hpkp.example.com", &ct_state)); |
| + EXPECT_FALSE(GetExpectStapleState(&state, "hpkp.example.com", &staple_state)); |
| + |
| + sts_state = TransportSecurityState::STSState(); |
| + pkp_state = TransportSecurityState::PKPState(); |
| + ct_state = TransportSecurityState::ExpectCTState(); |
| + staple_state = TransportSecurityState::ExpectStapleState(); |
| + EXPECT_TRUE(GetStaticDomainState(&state, "expect-ct.example.com", &sts_state, |
| + &pkp_state)); |
| + EXPECT_FALSE(sts_state.include_subdomains); |
| + EXPECT_EQ(TransportSecurityState::STSState::MODE_DEFAULT, |
| + sts_state.upgrade_mode); |
| + EXPECT_FALSE(pkp_state.include_subdomains); |
| + EXPECT_EQ(GURL(""), pkp_state.report_uri); |
| + EXPECT_EQ(0U, pkp_state.spki_hashes.size()); |
| + EXPECT_EQ(0U, pkp_state.bad_spki_hashes.size()); |
| + EXPECT_TRUE(GetExpectCTState(&state, "expect-ct.example.com", &ct_state)); |
| + EXPECT_EQ(GURL("https://report.example.com/ct-upload"), ct_state.report_uri); |
| + EXPECT_FALSE( |
| + GetExpectStapleState(&state, "expect-ct.example.com", &staple_state)); |
| + |
| + sts_state = TransportSecurityState::STSState(); |
| + pkp_state = TransportSecurityState::PKPState(); |
| + ct_state = TransportSecurityState::ExpectCTState(); |
| + staple_state = TransportSecurityState::ExpectStapleState(); |
| + EXPECT_TRUE(GetStaticDomainState(&state, "expect-staple.example.com", |
| + &sts_state, &pkp_state)); |
| + EXPECT_FALSE(sts_state.include_subdomains); |
| + EXPECT_EQ(TransportSecurityState::STSState::MODE_DEFAULT, |
| + sts_state.upgrade_mode); |
| + EXPECT_FALSE(pkp_state.include_subdomains); |
| + EXPECT_EQ(GURL(""), pkp_state.report_uri); |
| + EXPECT_EQ(0U, pkp_state.spki_hashes.size()); |
| + EXPECT_EQ(0U, pkp_state.bad_spki_hashes.size()); |
| + EXPECT_FALSE( |
| + GetExpectCTState(&state, "expect-staple.example.com", &ct_state)); |
| + EXPECT_TRUE( |
| + GetExpectStapleState(&state, "expect-staple.example.com", &staple_state)); |
| + EXPECT_FALSE(staple_state.include_subdomains); |
| + EXPECT_EQ(GURL("https://report.example.com/staple-upload"), |
| + staple_state.report_uri); |
| + |
| + sts_state = TransportSecurityState::STSState(); |
| + pkp_state = TransportSecurityState::PKPState(); |
| + ct_state = TransportSecurityState::ExpectCTState(); |
| + staple_state = TransportSecurityState::ExpectStapleState(); |
| + EXPECT_TRUE( |
| + GetStaticDomainState(&state, "mix.example.com", &sts_state, &pkp_state)); |
| + EXPECT_FALSE(sts_state.include_subdomains); |
| + EXPECT_EQ(TransportSecurityState::STSState::MODE_FORCE_HTTPS, |
| + sts_state.upgrade_mode); |
| + EXPECT_TRUE(pkp_state.include_subdomains); |
| + EXPECT_EQ(GURL(""), pkp_state.report_uri); |
| + EXPECT_EQ(1U, pkp_state.spki_hashes.size()); |
| + EXPECT_EQ(pkp_state.spki_hashes[0], GetSampleSPKIHash(0x2)); |
| + EXPECT_EQ(1U, pkp_state.bad_spki_hashes.size()); |
| + EXPECT_EQ(pkp_state.bad_spki_hashes[0], GetSampleSPKIHash(0x1)); |
| + EXPECT_TRUE(GetExpectCTState(&state, "mix.example.com", &ct_state)); |
| + EXPECT_EQ(GURL("https://report.example.com/ct-upload-alt"), |
| + ct_state.report_uri); |
| + EXPECT_TRUE(GetExpectStapleState(&state, "mix.example.com", &staple_state)); |
| + EXPECT_TRUE(staple_state.include_subdomains); |
| + EXPECT_EQ(GURL("https://report.example.com/staple-upload-alt"), |
| + staple_state.report_uri); |
| + |
| + SetDefaultTransportSecurityStateSource(); |
| +} |
| + |
| +TEST_F(TransportSecurityStateTest, DecodePreloadedMultipleMix) { |
| + SetTransportSecurityStateSource( |
| + test3::kHSTSHuffmanTree, sizeof(test3::kHSTSHuffmanTree), |
| + test3::kPreloadedHSTSData, test3::kPreloadedHSTSBits, |
| + test3::kHSTSRootPosition, test3::kExpectCTReportURIs, |
| + test3::kExpectStapleReportURIs, test3::kPinsets, |
| + arraysize(test3::kPinsets)); |
| + |
| + TransportSecurityState state; |
| + TransportSecurityStateTest::EnableStaticPins(&state); |
| + TransportSecurityStateTest::EnableStaticExpectCT(&state); |
| + TransportSecurityStateTest::SetEnableStaticExpectStaple(&state, true); |
| + |
| + TransportSecurityState::STSState sts_state; |
| + TransportSecurityState::PKPState pkp_state; |
| + TransportSecurityState::ExpectCTState ct_state; |
| + TransportSecurityState::ExpectStapleState staple_state; |
| + |
| + EXPECT_TRUE( |
| + GetStaticDomainState(&state, "example.com", &sts_state, &pkp_state)); |
| + EXPECT_TRUE(sts_state.include_subdomains); |
| + EXPECT_EQ(TransportSecurityState::STSState::MODE_FORCE_HTTPS, |
| + sts_state.upgrade_mode); |
| + EXPECT_FALSE(pkp_state.include_subdomains); |
| + EXPECT_EQ(GURL(""), pkp_state.report_uri); |
| + EXPECT_EQ(0U, pkp_state.spki_hashes.size()); |
| + EXPECT_EQ(0U, pkp_state.bad_spki_hashes.size()); |
| + EXPECT_FALSE(GetExpectCTState(&state, "example.com", &ct_state)); |
| + EXPECT_EQ(GURL(""), ct_state.report_uri); |
| + EXPECT_TRUE(GetExpectStapleState(&state, "example.com", &staple_state)); |
| + EXPECT_FALSE(staple_state.include_subdomains); |
| + EXPECT_EQ(GURL("https://report.example.com/staple-upload"), |
| + staple_state.report_uri); |
| + |
| + sts_state = TransportSecurityState::STSState(); |
| + pkp_state = TransportSecurityState::PKPState(); |
| + ct_state = TransportSecurityState::ExpectCTState(); |
| + staple_state = TransportSecurityState::ExpectStapleState(); |
| + EXPECT_TRUE( |
| + GetStaticDomainState(&state, "hpkp.example.com", &sts_state, &pkp_state)); |
| + EXPECT_FALSE(sts_state.include_subdomains); |
| + EXPECT_EQ(TransportSecurityState::STSState::MODE_DEFAULT, |
| + sts_state.upgrade_mode); |
| + EXPECT_TRUE(pkp_state.include_subdomains); |
| + EXPECT_EQ(GURL("https://report.example.com/hpkp-upload"), |
| + pkp_state.report_uri); |
| + EXPECT_EQ(1U, pkp_state.spki_hashes.size()); |
| + EXPECT_EQ(pkp_state.spki_hashes[0], GetSampleSPKIHash(0x1)); |
| + EXPECT_EQ(0U, pkp_state.bad_spki_hashes.size()); |
| + EXPECT_FALSE(GetExpectCTState(&state, "hpkp.example.com", &ct_state)); |
| + EXPECT_EQ(GURL(""), ct_state.report_uri); |
| + EXPECT_FALSE(GetExpectStapleState(&state, "hpkp.example.com", &staple_state)); |
| + EXPECT_FALSE(staple_state.include_subdomains); |
| + EXPECT_EQ(GURL(""), staple_state.report_uri); |
| + |
| + sts_state = TransportSecurityState::STSState(); |
| + pkp_state = TransportSecurityState::PKPState(); |
| + ct_state = TransportSecurityState::ExpectCTState(); |
| + staple_state = TransportSecurityState::ExpectStapleState(); |
| + EXPECT_TRUE( |
| + GetStaticDomainState(&state, "example.org", &sts_state, &pkp_state)); |
| + EXPECT_FALSE(sts_state.include_subdomains); |
| + EXPECT_EQ(TransportSecurityState::STSState::MODE_FORCE_HTTPS, |
| + sts_state.upgrade_mode); |
| + EXPECT_FALSE(pkp_state.include_subdomains); |
| + EXPECT_EQ(GURL(""), pkp_state.report_uri); |
| + EXPECT_EQ(0U, pkp_state.spki_hashes.size()); |
| + EXPECT_EQ(0U, pkp_state.bad_spki_hashes.size()); |
| + EXPECT_TRUE(GetExpectCTState(&state, "example.org", &ct_state)); |
| + EXPECT_EQ(GURL("https://report.example.org/ct-upload"), ct_state.report_uri); |
| + EXPECT_FALSE(GetExpectStapleState(&state, "example.org", &staple_state)); |
| + EXPECT_FALSE(staple_state.include_subdomains); |
| + EXPECT_EQ(GURL(""), staple_state.report_uri); |
| + |
| + sts_state = TransportSecurityState::STSState(); |
| + pkp_state = TransportSecurityState::PKPState(); |
| + ct_state = TransportSecurityState::ExpectCTState(); |
| + staple_state = TransportSecurityState::ExpectStapleState(); |
| + EXPECT_TRUE( |
| + GetStaticDomainState(&state, "badssl.com", &sts_state, &pkp_state)); |
| + EXPECT_TRUE(sts_state.include_subdomains); |
| + EXPECT_EQ(TransportSecurityState::STSState::MODE_DEFAULT, |
| + sts_state.upgrade_mode); |
| + EXPECT_TRUE(pkp_state.include_subdomains); |
| + EXPECT_EQ(GURL("https://report.example.com/hpkp-upload"), |
| + pkp_state.report_uri); |
| + EXPECT_EQ(1U, pkp_state.spki_hashes.size()); |
| + EXPECT_EQ(pkp_state.spki_hashes[0], GetSampleSPKIHash(0x1)); |
| + EXPECT_EQ(0U, pkp_state.bad_spki_hashes.size()); |
| + EXPECT_FALSE(GetExpectCTState(&state, "badssl.com", &ct_state)); |
| + EXPECT_EQ(GURL(""), ct_state.report_uri); |
| + EXPECT_TRUE(GetExpectStapleState(&state, "badssl.com", &staple_state)); |
| + EXPECT_TRUE(staple_state.include_subdomains); |
| + EXPECT_EQ(GURL("https://report.badssl.com/staple-upload"), |
| + staple_state.report_uri); |
| + |
| + sts_state = TransportSecurityState::STSState(); |
| + pkp_state = TransportSecurityState::PKPState(); |
| + ct_state = TransportSecurityState::ExpectCTState(); |
| + staple_state = TransportSecurityState::ExpectStapleState(); |
| + EXPECT_TRUE( |
| + GetStaticDomainState(&state, "mix.badssl.com", &sts_state, &pkp_state)); |
| + EXPECT_FALSE(sts_state.include_subdomains); |
| + EXPECT_EQ(TransportSecurityState::STSState::MODE_FORCE_HTTPS, |
| + sts_state.upgrade_mode); |
| + EXPECT_TRUE(pkp_state.include_subdomains); |
| + EXPECT_EQ(GURL(""), pkp_state.report_uri); |
| + EXPECT_EQ(1U, pkp_state.spki_hashes.size()); |
| + EXPECT_EQ(pkp_state.spki_hashes[0], GetSampleSPKIHash(0x2)); |
| + EXPECT_EQ(1U, pkp_state.bad_spki_hashes.size()); |
| + EXPECT_EQ(pkp_state.bad_spki_hashes[0], GetSampleSPKIHash(0x1)); |
| + EXPECT_TRUE(GetExpectCTState(&state, "mix.badssl.com", &ct_state)); |
| + EXPECT_EQ(GURL("https://report.example.com/ct-upload"), ct_state.report_uri); |
| + EXPECT_TRUE(GetExpectStapleState(&state, "mix.badssl.com", &staple_state)); |
| + EXPECT_TRUE(staple_state.include_subdomains); |
| + EXPECT_EQ(GURL("https://report.badssl.com/staple-upload"), |
| + staple_state.report_uri); |
| + |
| + SetDefaultTransportSecurityStateSource(); |
| +} |
| + |
| static const struct ExpectStapleErrorResponseData { |
| OCSPVerifyResult::ResponseStatus response_status; |
| std::string response_status_string; |
