OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/http/transport_security_persister.h" | 5 #include "net/http/transport_security_persister.h" |
6 | 6 |
7 #include <map> | 7 #include <map> |
8 #include <memory> | 8 #include <memory> |
9 #include <string> | 9 #include <string> |
10 #include <vector> | 10 #include <vector> |
11 | 11 |
12 #include "base/files/file_path.h" | 12 #include "base/files/file_path.h" |
13 #include "base/files/file_util.h" | 13 #include "base/files/file_util.h" |
14 #include "base/files/scoped_temp_dir.h" | 14 #include "base/files/scoped_temp_dir.h" |
15 #include "base/message_loop/message_loop.h" | 15 #include "base/message_loop/message_loop.h" |
16 #include "base/run_loop.h" | 16 #include "base/run_loop.h" |
17 #include "base/test/scoped_feature_list.h" | |
17 #include "base/threading/thread_task_runner_handle.h" | 18 #include "base/threading/thread_task_runner_handle.h" |
18 #include "net/http/transport_security_state.h" | 19 #include "net/http/transport_security_state.h" |
19 #include "testing/gtest/include/gtest/gtest.h" | 20 #include "testing/gtest/include/gtest/gtest.h" |
20 | 21 |
21 namespace net { | 22 namespace net { |
22 | 23 |
23 namespace { | 24 namespace { |
24 | 25 |
25 const char kReportUri[] = "http://www.example.test/report"; | 26 const char kReportUri[] = "http://www.example.test/report"; |
26 | 27 |
(...skipping 197 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
224 | 225 |
225 TransportSecurityState::PKPState new_pkp_state; | 226 TransportSecurityState::PKPState new_pkp_state; |
226 EXPECT_TRUE(state_.GetDynamicPKPState(kTestDomain, &new_pkp_state)); | 227 EXPECT_TRUE(state_.GetDynamicPKPState(kTestDomain, &new_pkp_state)); |
227 EXPECT_EQ(1u, new_pkp_state.spki_hashes.size()); | 228 EXPECT_EQ(1u, new_pkp_state.spki_hashes.size()); |
228 EXPECT_EQ(sha256.tag, new_pkp_state.spki_hashes[0].tag); | 229 EXPECT_EQ(sha256.tag, new_pkp_state.spki_hashes[0].tag); |
229 EXPECT_EQ(0, memcmp(new_pkp_state.spki_hashes[0].data(), sha256.data(), | 230 EXPECT_EQ(0, memcmp(new_pkp_state.spki_hashes[0].data(), sha256.data(), |
230 sha256.size())); | 231 sha256.size())); |
231 EXPECT_EQ(report_uri, new_pkp_state.report_uri); | 232 EXPECT_EQ(report_uri, new_pkp_state.report_uri); |
232 } | 233 } |
233 | 234 |
235 TEST_F(TransportSecurityPersisterTest, ExpectCT) { | |
236 base::test::ScopedFeatureList feature_list; | |
237 feature_list.InitAndEnableFeature( | |
238 TransportSecurityState::kDynamicExpectCTFeature); | |
239 const GURL report_uri(kReportUri); | |
240 TransportSecurityState::ExpectCTState expect_ct_state; | |
241 static const char kTestDomain[] = "example.test"; | |
242 | |
243 EXPECT_FALSE(state_.GetDynamicExpectCTState(kTestDomain, &expect_ct_state)); | |
244 | |
245 const base::Time current_time(base::Time::Now()); | |
246 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); | |
247 state_.AddExpectCT(kTestDomain, expiry, true /* enforce */, GURL()); | |
248 std::string serialized; | |
249 EXPECT_TRUE(persister_->SerializeData(&serialized)); | |
250 bool dirty; | |
251 EXPECT_TRUE(persister_->LoadEntries(serialized, &dirty)); | |
mattm
2017/04/15 04:45:02
So this is loading the serialized data back into t
estark
2017/04/15 20:18:03
LoadEntries() clears existing dynamic data (https:
mattm
2017/04/18 20:25:35
I think this would be fine if there was another te
estark
2017/04/18 22:36:26
Done.
| |
252 | |
253 TransportSecurityState::ExpectCTState new_expect_ct_state; | |
254 EXPECT_TRUE( | |
255 state_.GetDynamicExpectCTState(kTestDomain, &new_expect_ct_state)); | |
256 EXPECT_TRUE(new_expect_ct_state.enforce); | |
257 EXPECT_TRUE(new_expect_ct_state.report_uri.is_empty()); | |
258 EXPECT_EQ(expiry, new_expect_ct_state.expiry); | |
259 | |
260 // Update the state for the domian and check that it is | |
mattm
2017/04/15 04:45:01
domain
estark
2017/04/15 20:18:03
Done.
| |
261 // serialized/deserialized correctly. | |
262 state_.AddExpectCT(kTestDomain, expiry, false /* enforce */, report_uri); | |
263 EXPECT_TRUE(persister_->SerializeData(&serialized)); | |
264 EXPECT_TRUE(persister_->LoadEntries(serialized, &dirty)); | |
265 EXPECT_TRUE( | |
266 state_.GetDynamicExpectCTState(kTestDomain, &new_expect_ct_state)); | |
267 EXPECT_FALSE(new_expect_ct_state.enforce); | |
268 EXPECT_EQ(report_uri, new_expect_ct_state.report_uri); | |
269 EXPECT_EQ(expiry, new_expect_ct_state.expiry); | |
270 } | |
271 | |
272 // Tests that Expect-CT state is not serialized and persisted when the feature | |
273 // is disabled. | |
274 TEST_F(TransportSecurityPersisterTest, ExpectCTDisabled) { | |
275 base::test::ScopedFeatureList feature_list; | |
276 feature_list.InitAndDisableFeature( | |
277 TransportSecurityState::kDynamicExpectCTFeature); | |
278 const GURL report_uri(kReportUri); | |
279 TransportSecurityState::ExpectCTState expect_ct_state; | |
280 static const char kTestDomain[] = "example.test"; | |
281 | |
282 EXPECT_FALSE(state_.GetDynamicExpectCTState(kTestDomain, &expect_ct_state)); | |
283 | |
284 const base::Time current_time(base::Time::Now()); | |
285 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); | |
286 state_.AddExpectCT(kTestDomain, expiry, true /* enforce */, GURL()); | |
287 std::string serialized; | |
288 EXPECT_TRUE(persister_->SerializeData(&serialized)); | |
289 bool dirty; | |
290 EXPECT_TRUE(persister_->LoadEntries(serialized, &dirty)); | |
291 | |
292 TransportSecurityState::ExpectCTState new_expect_ct_state; | |
293 EXPECT_FALSE( | |
294 state_.GetDynamicExpectCTState(kTestDomain, &new_expect_ct_state)); | |
295 } | |
296 | |
234 } // namespace | 297 } // namespace |
235 | 298 |
236 } // namespace net | 299 } // namespace net |
OLD | NEW |