Index: net/http/transport_security_state_unittest.cc |
diff --git a/net/http/transport_security_state_unittest.cc b/net/http/transport_security_state_unittest.cc |
index be41ec32f2932ba5bdf28a119e7d3e0f375b9f67..9597efe3b2d507c96d35cf305acdd4f43497875e 100644 |
--- a/net/http/transport_security_state_unittest.cc |
+++ b/net/http/transport_security_state_unittest.cc |
@@ -18,6 +18,7 @@ |
#include "base/strings/string_piece.h" |
#include "base/test/histogram_tester.h" |
#include "base/test/mock_entropy_provider.h" |
+#include "base/test/scoped_feature_list.h" |
#include "base/values.h" |
#include "crypto/openssl_util.h" |
#include "crypto/sha2.h" |
@@ -2600,4 +2601,53 @@ TEST_F(TransportSecurityStateTest, RequireCTForSymantec) { |
state.ShouldRequireCT("www.example.com", after_cert.get(), hashes)); |
} |
+// Tests that dynamic Expect-CT state can be added and retrieved. |
+TEST_F(TransportSecurityStateTest, DynamicExpectCTState) { |
+ base::test::ScopedFeatureList feature_list; |
+ feature_list.InitAndEnableFeature( |
+ TransportSecurityState::kDynamicExpectCTFeature); |
+ const std::string host("example.test"); |
+ TransportSecurityState state; |
+ TransportSecurityState::ExpectCTState expect_ct_state; |
+ const base::Time current_time = base::Time::Now(); |
+ const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); |
+ |
+ // Test that Expect-CT state can be added and retrieved. |
+ state.AddExpectCT(host, expiry, true, GURL()); |
+ EXPECT_TRUE(state.GetDynamicExpectCTState(host, &expect_ct_state)); |
+ EXPECT_TRUE(expect_ct_state.enforce); |
+ EXPECT_TRUE(expect_ct_state.report_uri.is_empty()); |
+ EXPECT_EQ(expiry, expect_ct_state.expiry); |
+ |
+ // Test that Expect-CT can be updated (e.g. by changing |enforce| to false and |
+ // adding a report-uri). |
+ const GURL report_uri("https://example-report.test"); |
+ state.AddExpectCT(host, expiry, false, report_uri); |
+ EXPECT_TRUE(state.GetDynamicExpectCTState(host, &expect_ct_state)); |
+ EXPECT_FALSE(expect_ct_state.enforce); |
+ EXPECT_EQ(report_uri, expect_ct_state.report_uri); |
+ EXPECT_EQ(expiry, expect_ct_state.expiry); |
+ |
+ // Test that Expect-CT state is discarded when expired. |
+ state.AddExpectCT(host, current_time - base::TimeDelta::FromSeconds(1000), |
+ true, report_uri); |
+ EXPECT_FALSE(state.GetDynamicExpectCTState(host, &expect_ct_state)); |
+} |
+ |
+// Tests that dynamic Expect-CT state cannot be added when the feature is not |
+// enabled. |
+TEST_F(TransportSecurityStateTest, DynamicExpectCTStateDisabled) { |
+ base::test::ScopedFeatureList feature_list; |
+ feature_list.InitAndDisableFeature( |
+ TransportSecurityState::kDynamicExpectCTFeature); |
+ const std::string host("example.test"); |
+ TransportSecurityState state; |
+ TransportSecurityState::ExpectCTState expect_ct_state; |
+ const base::Time current_time = base::Time::Now(); |
+ const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); |
+ |
+ state.AddExpectCT(host, expiry, true, GURL()); |
+ EXPECT_FALSE(state.GetDynamicExpectCTState(host, &expect_ct_state)); |
+} |
+ |
} // namespace net |