Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(91)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/http/transport_security_state_unittest.cc

Issue 2747173005: Store dynamic Expect-CT state (Closed)
Patch Set: fix rebase mishap Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« net/http/transport_security_state.cc ('K') | « net/http/transport_security_state.cc ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/http/transport_security_state_unittest.cc
diff --git a/net/http/transport_security_state_unittest.cc b/net/http/transport_security_state_unittest.cc
index be41ec32f2932ba5bdf28a119e7d3e0f375b9f67..9597efe3b2d507c96d35cf305acdd4f43497875e 100644
--- a/net/http/transport_security_state_unittest.cc
+++ b/net/http/transport_security_state_unittest.cc
@@ -18,6 +18,7 @@
#include "base/strings/string_piece.h"
#include "base/test/histogram_tester.h"
#include "base/test/mock_entropy_provider.h"
+#include "base/test/scoped_feature_list.h"
#include "base/values.h"
#include "crypto/openssl_util.h"
#include "crypto/sha2.h"
@@ -2600,4 +2601,53 @@ TEST_F(TransportSecurityStateTest, RequireCTForSymantec) {
state.ShouldRequireCT("www.example.com", after_cert.get(), hashes));
}
+// Tests that dynamic Expect-CT state can be added and retrieved.
+TEST_F(TransportSecurityStateTest, DynamicExpectCTState) {
+ base::test::ScopedFeatureList feature_list;
+ feature_list.InitAndEnableFeature(
+ TransportSecurityState::kDynamicExpectCTFeature);
+ const std::string host("example.test");
+ TransportSecurityState state;
+ TransportSecurityState::ExpectCTState expect_ct_state;
+ const base::Time current_time = base::Time::Now();
+ const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
+
+ // Test that Expect-CT state can be added and retrieved.
+ state.AddExpectCT(host, expiry, true, GURL());
+ EXPECT_TRUE(state.GetDynamicExpectCTState(host, &expect_ct_state));
+ EXPECT_TRUE(expect_ct_state.enforce);
+ EXPECT_TRUE(expect_ct_state.report_uri.is_empty());
+ EXPECT_EQ(expiry, expect_ct_state.expiry);
+
+ // Test that Expect-CT can be updated (e.g. by changing |enforce| to false and
+ // adding a report-uri).
+ const GURL report_uri("https://example-report.test");
+ state.AddExpectCT(host, expiry, false, report_uri);
+ EXPECT_TRUE(state.GetDynamicExpectCTState(host, &expect_ct_state));
+ EXPECT_FALSE(expect_ct_state.enforce);
+ EXPECT_EQ(report_uri, expect_ct_state.report_uri);
+ EXPECT_EQ(expiry, expect_ct_state.expiry);
+
+ // Test that Expect-CT state is discarded when expired.
+ state.AddExpectCT(host, current_time - base::TimeDelta::FromSeconds(1000),
+ true, report_uri);
+ EXPECT_FALSE(state.GetDynamicExpectCTState(host, &expect_ct_state));
+}
+
+// Tests that dynamic Expect-CT state cannot be added when the feature is not
+// enabled.
+TEST_F(TransportSecurityStateTest, DynamicExpectCTStateDisabled) {
+ base::test::ScopedFeatureList feature_list;
+ feature_list.InitAndDisableFeature(
+ TransportSecurityState::kDynamicExpectCTFeature);
+ const std::string host("example.test");
+ TransportSecurityState state;
+ TransportSecurityState::ExpectCTState expect_ct_state;
+ const base::Time current_time = base::Time::Now();
+ const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
+
+ state.AddExpectCT(host, expiry, true, GURL());
+ EXPECT_FALSE(state.GetDynamicExpectCTState(host, &expect_ct_state));
+}
+
} // namespace net
« net/http/transport_security_state.cc ('K') | « net/http/transport_security_state.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698