OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/spdy/chromium/spdy_session.h" | 5 #include "net/spdy/chromium/spdy_session.h" |
6 | 6 |
7 #include <algorithm> | 7 #include <algorithm> |
8 #include <memory> | 8 #include <memory> |
9 #include <utility> | 9 #include <utility> |
10 | 10 |
(...skipping 5927 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
5938 EXPECT_TRUE(SpdySession::CanPool( | 5938 EXPECT_TRUE(SpdySession::CanPool( |
5939 &tss, ssl_info, "www.example.org", "www.example.org")); | 5939 &tss, ssl_info, "www.example.org", "www.example.org")); |
5940 EXPECT_TRUE(SpdySession::CanPool( | 5940 EXPECT_TRUE(SpdySession::CanPool( |
5941 &tss, ssl_info, "www.example.org", "mail.example.org")); | 5941 &tss, ssl_info, "www.example.org", "mail.example.org")); |
5942 EXPECT_TRUE(SpdySession::CanPool( | 5942 EXPECT_TRUE(SpdySession::CanPool( |
5943 &tss, ssl_info, "www.example.org", "mail.example.com")); | 5943 &tss, ssl_info, "www.example.org", "mail.example.com")); |
5944 EXPECT_FALSE(SpdySession::CanPool( | 5944 EXPECT_FALSE(SpdySession::CanPool( |
5945 &tss, ssl_info, "www.example.org", "mail.google.com")); | 5945 &tss, ssl_info, "www.example.org", "mail.google.com")); |
5946 } | 5946 } |
5947 | 5947 |
5948 TEST(CanPoolTest, CanPoolExpectCT) { | |
5949 base::test::ScopedFeatureList feature_list; | |
5950 feature_list.InitAndEnableFeature( | |
5951 TransportSecurityState::kDynamicExpectCTFeature); | |
5952 // Load a cert that is valid for: | |
5953 // www.example.org | |
5954 // mail.example.org | |
5955 // mail.example.com | |
5956 | |
5957 TransportSecurityState tss; | |
5958 SSLInfo ssl_info; | |
5959 ssl_info.cert = | |
5960 ImportCertFromFile(GetTestCertsDirectory(), "spdy_pooling.pem"); | |
5961 ssl_info.unverified_cert = ssl_info.cert; | |
5962 ssl_info.ct_cert_policy_compliance = | |
5963 ct::CertPolicyCompliance::CERT_POLICY_NOT_ENOUGH_SCTS; | |
5964 ssl_info.is_issued_by_known_root = true; | |
5965 | |
5966 EXPECT_TRUE(SpdySession::CanPool(&tss, ssl_info, "www.example.org", | |
5967 "www.example.org")); | |
5968 | |
5969 const base::Time current_time(base::Time::Now()); | |
5970 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); | |
5971 tss.AddExpectCT("www.example.org", expiry, true, GURL()); | |
5972 ssl_info.ct_cert_policy_compliance = | |
5973 ct::CertPolicyCompliance::CERT_POLICY_NOT_ENOUGH_SCTS; | |
5974 EXPECT_FALSE(SpdySession::CanPool(&tss, ssl_info, "www.example.org", | |
5975 "www.example.org")); | |
mattm
2017/05/02 23:32:52
use different hostnames so that the test verifies
estark
2017/05/04 01:18:30
Done.
| |
5976 } | |
5977 | |
5948 TEST(CanPoolTest, CanNotPoolWithCertErrors) { | 5978 TEST(CanPoolTest, CanNotPoolWithCertErrors) { |
5949 // Load a cert that is valid for: | 5979 // Load a cert that is valid for: |
5950 // www.example.org | 5980 // www.example.org |
5951 // mail.example.org | 5981 // mail.example.org |
5952 // mail.example.com | 5982 // mail.example.com |
5953 | 5983 |
5954 TransportSecurityState tss; | 5984 TransportSecurityState tss; |
5955 SSLInfo ssl_info; | 5985 SSLInfo ssl_info; |
5956 ssl_info.cert = ImportCertFromFile(GetTestCertsDirectory(), | 5986 ssl_info.cert = ImportCertFromFile(GetTestCertsDirectory(), |
5957 "spdy_pooling.pem"); | 5987 "spdy_pooling.pem"); |
(...skipping 142 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
6100 ssl_info.cert = ImportCertFromFile(GetTestCertsDirectory(), | 6130 ssl_info.cert = ImportCertFromFile(GetTestCertsDirectory(), |
6101 "spdy_pooling.pem"); | 6131 "spdy_pooling.pem"); |
6102 ssl_info.is_issued_by_known_root = true; | 6132 ssl_info.is_issued_by_known_root = true; |
6103 ssl_info.public_key_hashes.push_back(test::GetTestHashValue(primary_pin)); | 6133 ssl_info.public_key_hashes.push_back(test::GetTestHashValue(primary_pin)); |
6104 | 6134 |
6105 EXPECT_TRUE(SpdySession::CanPool( | 6135 EXPECT_TRUE(SpdySession::CanPool( |
6106 &tss, ssl_info, "www.example.org", "mail.example.org")); | 6136 &tss, ssl_info, "www.example.org", "mail.example.org")); |
6107 } | 6137 } |
6108 | 6138 |
6109 } // namespace net | 6139 } // namespace net |
OLD | NEW |