Index: net/http/transport_security_persister_unittest.cc |
diff --git a/net/http/transport_security_persister_unittest.cc b/net/http/transport_security_persister_unittest.cc |
index 6e7e8047a8bb85ceee75bc78a4a265f288627326..18fd1d6dede3cb1f7b87546310300dcd15170021 100644 |
--- a/net/http/transport_security_persister_unittest.cc |
+++ b/net/http/transport_security_persister_unittest.cc |
@@ -14,6 +14,7 @@ |
#include "base/files/scoped_temp_dir.h" |
#include "base/message_loop/message_loop.h" |
#include "base/run_loop.h" |
+#include "base/test/scoped_feature_list.h" |
#include "base/threading/thread_task_runner_handle.h" |
#include "net/http/transport_security_state.h" |
#include "testing/gtest/include/gtest/gtest.h" |
@@ -231,6 +232,68 @@ TEST_F(TransportSecurityPersisterTest, PublicKeyPins) { |
EXPECT_EQ(report_uri, new_pkp_state.report_uri); |
} |
+TEST_F(TransportSecurityPersisterTest, ExpectCT) { |
+ base::test::ScopedFeatureList feature_list; |
+ feature_list.InitAndEnableFeature( |
+ TransportSecurityState::kDynamicExpectCTFeature); |
+ const GURL report_uri(kReportUri); |
+ TransportSecurityState::ExpectCTState expect_ct_state; |
+ static const char kTestDomain[] = "example.test"; |
+ |
+ EXPECT_FALSE(state_.GetDynamicExpectCTState(kTestDomain, &expect_ct_state)); |
+ |
+ const base::Time current_time(base::Time::Now()); |
+ const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); |
+ state_.AddExpectCT(kTestDomain, expiry, true /* enforce */, GURL()); |
+ std::string serialized; |
+ EXPECT_TRUE(persister_->SerializeData(&serialized)); |
+ bool dirty; |
+ EXPECT_TRUE(persister_->LoadEntries(serialized, &dirty)); |
mattm
2017/04/15 04:45:02
So this is loading the serialized data back into t
estark
2017/04/15 20:18:03
LoadEntries() clears existing dynamic data (https:
mattm
2017/04/18 20:25:35
I think this would be fine if there was another te
estark
2017/04/18 22:36:26
Done.
|
+ |
+ TransportSecurityState::ExpectCTState new_expect_ct_state; |
+ EXPECT_TRUE( |
+ state_.GetDynamicExpectCTState(kTestDomain, &new_expect_ct_state)); |
+ EXPECT_TRUE(new_expect_ct_state.enforce); |
+ EXPECT_TRUE(new_expect_ct_state.report_uri.is_empty()); |
+ EXPECT_EQ(expiry, new_expect_ct_state.expiry); |
+ |
+ // Update the state for the domian and check that it is |
mattm
2017/04/15 04:45:01
domain
estark
2017/04/15 20:18:03
Done.
|
+ // serialized/deserialized correctly. |
+ state_.AddExpectCT(kTestDomain, expiry, false /* enforce */, report_uri); |
+ EXPECT_TRUE(persister_->SerializeData(&serialized)); |
+ EXPECT_TRUE(persister_->LoadEntries(serialized, &dirty)); |
+ EXPECT_TRUE( |
+ state_.GetDynamicExpectCTState(kTestDomain, &new_expect_ct_state)); |
+ EXPECT_FALSE(new_expect_ct_state.enforce); |
+ EXPECT_EQ(report_uri, new_expect_ct_state.report_uri); |
+ EXPECT_EQ(expiry, new_expect_ct_state.expiry); |
+} |
+ |
+// Tests that Expect-CT state is not serialized and persisted when the feature |
+// is disabled. |
+TEST_F(TransportSecurityPersisterTest, ExpectCTDisabled) { |
+ base::test::ScopedFeatureList feature_list; |
+ feature_list.InitAndDisableFeature( |
+ TransportSecurityState::kDynamicExpectCTFeature); |
+ const GURL report_uri(kReportUri); |
+ TransportSecurityState::ExpectCTState expect_ct_state; |
+ static const char kTestDomain[] = "example.test"; |
+ |
+ EXPECT_FALSE(state_.GetDynamicExpectCTState(kTestDomain, &expect_ct_state)); |
+ |
+ const base::Time current_time(base::Time::Now()); |
+ const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); |
+ state_.AddExpectCT(kTestDomain, expiry, true /* enforce */, GURL()); |
+ std::string serialized; |
+ EXPECT_TRUE(persister_->SerializeData(&serialized)); |
+ bool dirty; |
+ EXPECT_TRUE(persister_->LoadEntries(serialized, &dirty)); |
+ |
+ TransportSecurityState::ExpectCTState new_expect_ct_state; |
+ EXPECT_FALSE( |
+ state_.GetDynamicExpectCTState(kTestDomain, &new_expect_ct_state)); |
+} |
+ |
} // namespace |
} // namespace net |