Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(375)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/spdy/chromium/spdy_session_unittest.cc

Issue 2850033002: Check Expect-CT at connection setup (Closed)
Patch Set: fix CanPool check Created 3 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« net/socket/ssl_client_socket_unittest.cc ('K') | « net/spdy/chromium/spdy_session.cc ('k') | net/url_request/url_request_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/spdy/chromium/spdy_session.h" 5 #include "net/spdy/chromium/spdy_session.h"
6 6
7 #include <algorithm> 7 #include <algorithm>
8 #include <memory> 8 #include <memory>
9 #include <utility> 9 #include <utility>
10 10
(...skipping 5927 matching lines...) Expand 10 before | Expand all | Expand 10 after
5938 EXPECT_TRUE(SpdySession::CanPool( 5938 EXPECT_TRUE(SpdySession::CanPool(
5939 &tss, ssl_info, "www.example.org", "www.example.org")); 5939 &tss, ssl_info, "www.example.org", "www.example.org"));
5940 EXPECT_TRUE(SpdySession::CanPool( 5940 EXPECT_TRUE(SpdySession::CanPool(
5941 &tss, ssl_info, "www.example.org", "mail.example.org")); 5941 &tss, ssl_info, "www.example.org", "mail.example.org"));
5942 EXPECT_TRUE(SpdySession::CanPool( 5942 EXPECT_TRUE(SpdySession::CanPool(
5943 &tss, ssl_info, "www.example.org", "mail.example.com")); 5943 &tss, ssl_info, "www.example.org", "mail.example.com"));
5944 EXPECT_FALSE(SpdySession::CanPool( 5944 EXPECT_FALSE(SpdySession::CanPool(
5945 &tss, ssl_info, "www.example.org", "mail.google.com")); 5945 &tss, ssl_info, "www.example.org", "mail.google.com"));
5946 } 5946 }
5947 5947
5948 TEST(CanPoolTest, CanPoolExpectCT) {
5949 base::test::ScopedFeatureList feature_list;
5950 feature_list.InitAndEnableFeature(
5951 TransportSecurityState::kDynamicExpectCTFeature);
5952 // Load a cert that is valid for:
5953 // www.example.org
5954 // mail.example.org
5955 // mail.example.com
5956
5957 TransportSecurityState tss;
5958 SSLInfo ssl_info;
5959 ssl_info.cert =
5960 ImportCertFromFile(GetTestCertsDirectory(), "spdy_pooling.pem");
5961 ssl_info.unverified_cert = ssl_info.cert;
5962 ssl_info.ct_cert_policy_compliance =
5963 ct::CertPolicyCompliance::CERT_POLICY_NOT_ENOUGH_SCTS;
5964 ssl_info.is_issued_by_known_root = true;
5965
5966 EXPECT_TRUE(SpdySession::CanPool(&tss, ssl_info, "www.example.org",
5967 "www.example.org"));
5968
5969 const base::Time current_time(base::Time::Now());
5970 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
5971 tss.AddExpectCT("www.example.org", expiry, true, GURL());
5972 ssl_info.ct_cert_policy_compliance =
5973 ct::CertPolicyCompliance::CERT_POLICY_NOT_ENOUGH_SCTS;
5974 EXPECT_FALSE(SpdySession::CanPool(&tss, ssl_info, "www.example.org",
5975 "www.example.org"));
mattm 2017/05/02 23:32:52 use different hostnames so that the test verifies
estark 2017/05/04 01:18:30 Done.
5976 }
5977
5948 TEST(CanPoolTest, CanNotPoolWithCertErrors) { 5978 TEST(CanPoolTest, CanNotPoolWithCertErrors) {
5949 // Load a cert that is valid for: 5979 // Load a cert that is valid for:
5950 // www.example.org 5980 // www.example.org
5951 // mail.example.org 5981 // mail.example.org
5952 // mail.example.com 5982 // mail.example.com
5953 5983
5954 TransportSecurityState tss; 5984 TransportSecurityState tss;
5955 SSLInfo ssl_info; 5985 SSLInfo ssl_info;
5956 ssl_info.cert = ImportCertFromFile(GetTestCertsDirectory(), 5986 ssl_info.cert = ImportCertFromFile(GetTestCertsDirectory(),
5957 "spdy_pooling.pem"); 5987 "spdy_pooling.pem");
(...skipping 142 matching lines...) Expand 10 before | Expand all | Expand 10 after
6100 ssl_info.cert = ImportCertFromFile(GetTestCertsDirectory(), 6130 ssl_info.cert = ImportCertFromFile(GetTestCertsDirectory(),
6101 "spdy_pooling.pem"); 6131 "spdy_pooling.pem");
6102 ssl_info.is_issued_by_known_root = true; 6132 ssl_info.is_issued_by_known_root = true;
6103 ssl_info.public_key_hashes.push_back(test::GetTestHashValue(primary_pin)); 6133 ssl_info.public_key_hashes.push_back(test::GetTestHashValue(primary_pin));
6104 6134
6105 EXPECT_TRUE(SpdySession::CanPool( 6135 EXPECT_TRUE(SpdySession::CanPool(
6106 &tss, ssl_info, "www.example.org", "mail.example.org")); 6136 &tss, ssl_info, "www.example.org", "mail.example.org"));
6107 } 6137 }
6108 6138
6109 } // namespace net 6139 } // namespace net
OLDNEW
« net/socket/ssl_client_socket_unittest.cc ('K') | « net/spdy/chromium/spdy_session.cc ('k') | net/url_request/url_request_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698