OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/spdy/chromium/spdy_session.h" | 5 #include "net/spdy/chromium/spdy_session.h" |
6 | 6 |
7 #include <algorithm> | 7 #include <algorithm> |
8 #include <memory> | 8 #include <memory> |
9 #include <utility> | 9 #include <utility> |
10 | 10 |
(...skipping 5927 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
5938 EXPECT_TRUE(SpdySession::CanPool( | 5938 EXPECT_TRUE(SpdySession::CanPool( |
5939 &tss, ssl_info, "www.example.org", "www.example.org")); | 5939 &tss, ssl_info, "www.example.org", "www.example.org")); |
5940 EXPECT_TRUE(SpdySession::CanPool( | 5940 EXPECT_TRUE(SpdySession::CanPool( |
5941 &tss, ssl_info, "www.example.org", "mail.example.org")); | 5941 &tss, ssl_info, "www.example.org", "mail.example.org")); |
5942 EXPECT_TRUE(SpdySession::CanPool( | 5942 EXPECT_TRUE(SpdySession::CanPool( |
5943 &tss, ssl_info, "www.example.org", "mail.example.com")); | 5943 &tss, ssl_info, "www.example.org", "mail.example.com")); |
5944 EXPECT_FALSE(SpdySession::CanPool( | 5944 EXPECT_FALSE(SpdySession::CanPool( |
5945 &tss, ssl_info, "www.example.org", "mail.google.com")); | 5945 &tss, ssl_info, "www.example.org", "mail.google.com")); |
5946 } | 5946 } |
5947 | 5947 |
| 5948 TEST(CanPoolTest, CanPoolExpectCT) { |
| 5949 base::test::ScopedFeatureList feature_list; |
| 5950 feature_list.InitAndEnableFeature( |
| 5951 TransportSecurityState::kDynamicExpectCTFeature); |
| 5952 // Load a cert that is valid for: |
| 5953 // www.example.org |
| 5954 // mail.example.org |
| 5955 // mail.example.com |
| 5956 |
| 5957 TransportSecurityState tss; |
| 5958 SSLInfo ssl_info; |
| 5959 ssl_info.cert = |
| 5960 ImportCertFromFile(GetTestCertsDirectory(), "spdy_pooling.pem"); |
| 5961 ssl_info.unverified_cert = ssl_info.cert; |
| 5962 ssl_info.ct_cert_policy_compliance = |
| 5963 ct::CertPolicyCompliance::CERT_POLICY_NOT_ENOUGH_SCTS; |
| 5964 ssl_info.is_issued_by_known_root = true; |
| 5965 |
| 5966 EXPECT_TRUE(SpdySession::CanPool(&tss, ssl_info, "www.example.org", |
| 5967 "www.example.org")); |
| 5968 |
| 5969 const base::Time current_time(base::Time::Now()); |
| 5970 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); |
| 5971 ssl_info.ct_cert_policy_compliance = |
| 5972 ct::CertPolicyCompliance::CERT_POLICY_NOT_ENOUGH_SCTS; |
| 5973 |
| 5974 // A different Expect-CT enabled host should not be allowed to pool. |
| 5975 tss.AddExpectCT("mail.example.org", expiry, true, GURL()); |
| 5976 EXPECT_FALSE(SpdySession::CanPool(&tss, ssl_info, "www.example.org", |
| 5977 "mail.example.org")); |
| 5978 // A report-only Expect-CT configuration should not prevent pooling. |
| 5979 tss.AddExpectCT("mail.example.org", expiry, false, |
| 5980 GURL("https://report.test")); |
| 5981 EXPECT_TRUE(SpdySession::CanPool(&tss, ssl_info, "www.example.org", |
| 5982 "mail.example.org")); |
| 5983 // If Expect-CT becomes enabled for the same host for which the connection was |
| 5984 // already made, subsequent connections to that host should not be allowed to |
| 5985 // pool. |
| 5986 tss.AddExpectCT("www.example.org", expiry, true, GURL()); |
| 5987 EXPECT_FALSE(SpdySession::CanPool(&tss, ssl_info, "www.example.org", |
| 5988 "www.example.org")); |
| 5989 } |
| 5990 |
5948 TEST(CanPoolTest, CanNotPoolWithCertErrors) { | 5991 TEST(CanPoolTest, CanNotPoolWithCertErrors) { |
5949 // Load a cert that is valid for: | 5992 // Load a cert that is valid for: |
5950 // www.example.org | 5993 // www.example.org |
5951 // mail.example.org | 5994 // mail.example.org |
5952 // mail.example.com | 5995 // mail.example.com |
5953 | 5996 |
5954 TransportSecurityState tss; | 5997 TransportSecurityState tss; |
5955 SSLInfo ssl_info; | 5998 SSLInfo ssl_info; |
5956 ssl_info.cert = ImportCertFromFile(GetTestCertsDirectory(), | 5999 ssl_info.cert = ImportCertFromFile(GetTestCertsDirectory(), |
5957 "spdy_pooling.pem"); | 6000 "spdy_pooling.pem"); |
(...skipping 142 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
6100 ssl_info.cert = ImportCertFromFile(GetTestCertsDirectory(), | 6143 ssl_info.cert = ImportCertFromFile(GetTestCertsDirectory(), |
6101 "spdy_pooling.pem"); | 6144 "spdy_pooling.pem"); |
6102 ssl_info.is_issued_by_known_root = true; | 6145 ssl_info.is_issued_by_known_root = true; |
6103 ssl_info.public_key_hashes.push_back(test::GetTestHashValue(primary_pin)); | 6146 ssl_info.public_key_hashes.push_back(test::GetTestHashValue(primary_pin)); |
6104 | 6147 |
6105 EXPECT_TRUE(SpdySession::CanPool( | 6148 EXPECT_TRUE(SpdySession::CanPool( |
6106 &tss, ssl_info, "www.example.org", "mail.example.org")); | 6149 &tss, ssl_info, "www.example.org", "mail.example.org")); |
6107 } | 6150 } |
6108 | 6151 |
6109 } // namespace net | 6152 } // namespace net |
OLD | NEW |