| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/http/transport_security_state.h" | 5 #include "net/http/transport_security_state.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 #include <string> | 8 #include <string> |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| (...skipping 16 matching lines...) Expand all Loading... |
| 27 #include "net/base/test_completion_callback.h" | 27 #include "net/base/test_completion_callback.h" |
| 28 #include "net/cert/asn1_util.h" | 28 #include "net/cert/asn1_util.h" |
| 29 #include "net/cert/cert_verifier.h" | 29 #include "net/cert/cert_verifier.h" |
| 30 #include "net/cert/cert_verify_result.h" | 30 #include "net/cert/cert_verify_result.h" |
| 31 #include "net/cert/ct_policy_status.h" | 31 #include "net/cert/ct_policy_status.h" |
| 32 #include "net/cert/test_root_certs.h" | 32 #include "net/cert/test_root_certs.h" |
| 33 #include "net/cert/x509_cert_types.h" | 33 #include "net/cert/x509_cert_types.h" |
| 34 #include "net/cert/x509_certificate.h" | 34 #include "net/cert/x509_certificate.h" |
| 35 #include "net/http/http_status_code.h" | 35 #include "net/http/http_status_code.h" |
| 36 #include "net/http/http_util.h" | 36 #include "net/http/http_util.h" |
| 37 #include "net/net_features.h" |
| 37 #include "net/ssl/ssl_info.h" | 38 #include "net/ssl/ssl_info.h" |
| 38 #include "net/test/cert_test_util.h" | 39 #include "net/test/cert_test_util.h" |
| 39 #include "net/test/test_data_directory.h" | 40 #include "net/test/test_data_directory.h" |
| 40 #include "testing/gmock/include/gmock/gmock.h" | 41 #include "testing/gmock/include/gmock/gmock.h" |
| 41 #include "testing/gtest/include/gtest/gtest.h" | 42 #include "testing/gtest/include/gtest/gtest.h" |
| 42 | 43 |
| 43 namespace net { | 44 namespace net { |
| 44 | 45 |
| 45 namespace { | 46 namespace { |
| 46 | 47 |
| 48 namespace test0 { |
| 49 #include "net/http/transport_security_state_static_unittest0.h" |
| 50 } |
| 51 |
| 47 namespace test1 { | 52 namespace test1 { |
| 48 #include "net/http/transport_security_state_static_unittest1.h" | 53 #include "net/http/transport_security_state_static_unittest1.h" |
| 49 } | 54 } |
| 50 namespace test2 { | 55 namespace test2 { |
| 51 #include "net/http/transport_security_state_static_unittest2.h" | 56 #include "net/http/transport_security_state_static_unittest2.h" |
| 52 } | 57 } |
| 53 namespace test3 { | 58 namespace test3 { |
| 54 #include "net/http/transport_security_state_static_unittest3.h" | 59 #include "net/http/transport_security_state_static_unittest3.h" |
| 55 } | 60 } |
| 56 | 61 |
| (...skipping 337 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 394 std::string serialized_report = reporter->latest_report(); | 399 std::string serialized_report = reporter->latest_report(); |
| 395 EXPECT_NO_FATAL_FAILURE(CheckSerializedExpectStapleReport( | 400 EXPECT_NO_FATAL_FAILURE(CheckSerializedExpectStapleReport( |
| 396 serialized_report, host_port, ssl_info, ocsp_response, response_status, | 401 serialized_report, host_port, ssl_info, ocsp_response, response_status, |
| 397 cert_status)); | 402 cert_status)); |
| 398 } | 403 } |
| 399 | 404 |
| 400 } // namespace | 405 } // namespace |
| 401 | 406 |
| 402 class TransportSecurityStateTest : public testing::Test { | 407 class TransportSecurityStateTest : public testing::Test { |
| 403 public: | 408 public: |
| 409 TransportSecurityStateTest() { |
| 410 #if !BUILDFLAG(INCLUDE_TRANSPORT_SECURITY_STATE_PRELOAD_LIST) |
| 411 SetTransportSecurityStateSourceForTesting(&test0::kHSTSSource); |
| 412 #endif |
| 413 } |
| 414 |
| 404 ~TransportSecurityStateTest() override { | 415 ~TransportSecurityStateTest() override { |
| 405 SetTransportSecurityStateSourceForTesting(nullptr); | 416 SetTransportSecurityStateSourceForTesting(nullptr); |
| 406 } | 417 } |
| 407 | 418 |
| 408 void SetUp() override { | 419 void SetUp() override { |
| 409 crypto::EnsureOpenSSLInit(); | 420 crypto::EnsureOpenSSLInit(); |
| 410 } | 421 } |
| 411 | 422 |
| 412 static void DisableStaticPins(TransportSecurityState* state) { | 423 static void DisableStaticPins(TransportSecurityState* state) { |
| 413 state->enable_static_pins_ = false; | 424 state->enable_static_pins_ = false; |
| (...skipping 939 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1353 HashValueVector* out) { | 1364 HashValueVector* out) { |
| 1354 HashValue hash; | 1365 HashValue hash; |
| 1355 if (!hash.FromString(type_and_base64)) | 1366 if (!hash.FromString(type_and_base64)) |
| 1356 return false; | 1367 return false; |
| 1357 | 1368 |
| 1358 out->push_back(hash); | 1369 out->push_back(hash); |
| 1359 return true; | 1370 return true; |
| 1360 } | 1371 } |
| 1361 | 1372 |
| 1362 TEST_F(TransportSecurityStateTest, PinValidationWithoutRejectedCerts) { | 1373 TEST_F(TransportSecurityStateTest, PinValidationWithoutRejectedCerts) { |
| 1374 // This test depends on the pinset of tor. |
| 1375 #if !BUILDFLAG(INCLUDE_TRANSPORT_SECURITY_STATE_PRELOAD_LIST) |
| 1376 return; |
| 1377 #endif |
| 1378 |
| 1363 HashValueVector good_hashes, bad_hashes; | 1379 HashValueVector good_hashes, bad_hashes; |
| 1364 | 1380 |
| 1365 for (size_t i = 0; kGoodPath[i]; i++) { | 1381 for (size_t i = 0; kGoodPath[i]; i++) { |
| 1366 EXPECT_TRUE(AddHash(kGoodPath[i], &good_hashes)); | 1382 EXPECT_TRUE(AddHash(kGoodPath[i], &good_hashes)); |
| 1367 } | 1383 } |
| 1368 for (size_t i = 0; kBadPath[i]; i++) { | 1384 for (size_t i = 0; kBadPath[i]; i++) { |
| 1369 EXPECT_TRUE(AddHash(kBadPath[i], &bad_hashes)); | 1385 EXPECT_TRUE(AddHash(kBadPath[i], &bad_hashes)); |
| 1370 } | 1386 } |
| 1371 | 1387 |
| 1372 TransportSecurityState state; | 1388 TransportSecurityState state; |
| (...skipping 1991 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3364 EXPECT_EQ(443, reporter.host_port_pair().port()); | 3380 EXPECT_EQ(443, reporter.host_port_pair().port()); |
| 3365 EXPECT_EQ(cert1.get(), reporter.validated_certificate_chain()); | 3381 EXPECT_EQ(cert1.get(), reporter.validated_certificate_chain()); |
| 3366 EXPECT_EQ(cert2.get(), reporter.served_certificate_chain()); | 3382 EXPECT_EQ(cert2.get(), reporter.served_certificate_chain()); |
| 3367 EXPECT_EQ(sct_list.size(), reporter.signed_certificate_timestamps().size()); | 3383 EXPECT_EQ(sct_list.size(), reporter.signed_certificate_timestamps().size()); |
| 3368 EXPECT_EQ(sct_list[0].status, | 3384 EXPECT_EQ(sct_list[0].status, |
| 3369 reporter.signed_certificate_timestamps()[0].status); | 3385 reporter.signed_certificate_timestamps()[0].status); |
| 3370 EXPECT_EQ(sct_list[0].sct, reporter.signed_certificate_timestamps()[0].sct); | 3386 EXPECT_EQ(sct_list[0].sct, reporter.signed_certificate_timestamps()[0].sct); |
| 3371 } | 3387 } |
| 3372 | 3388 |
| 3373 } // namespace net | 3389 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2906633003:
Add a build flag to configure bundling of HSTS preload list (Closed)
