| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <memory> | 5 #include <memory> |
| 6 #include <utility> | 6 #include <utility> |
| 7 | 7 |
| 8 #include "base/memory/ptr_util.h" | 8 #include "base/memory/ptr_util.h" |
| 9 #include "base/run_loop.h" | 9 #include "base/run_loop.h" |
| 10 #include "build/build_config.h" | 10 #include "build/build_config.h" |
| (...skipping 134 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 145 using net::test::IsOk; | 145 using net::test::IsOk; |
| 146 | 146 |
| 147 using base::ASCIIToUTF16; | 147 using base::ASCIIToUTF16; |
| 148 using base::Time; | 148 using base::Time; |
| 149 using std::string; | 149 using std::string; |
| 150 | 150 |
| 151 namespace net { | 151 namespace net { |
| 152 | 152 |
| 153 namespace { | 153 namespace { |
| 154 | 154 |
| 155 namespace test0 { |
| 156 #include "net/http/transport_security_state_static_unittest0.h" |
| 157 } |
| 158 |
| 155 const base::string16 kChrome(ASCIIToUTF16("chrome")); | 159 const base::string16 kChrome(ASCIIToUTF16("chrome")); |
| 156 const base::string16 kSecret(ASCIIToUTF16("secret")); | 160 const base::string16 kSecret(ASCIIToUTF16("secret")); |
| 157 const base::string16 kUser(ASCIIToUTF16("user")); | 161 const base::string16 kUser(ASCIIToUTF16("user")); |
| 158 | 162 |
| 159 const base::FilePath::CharType kTestFilePath[] = | 163 const base::FilePath::CharType kTestFilePath[] = |
| 160 FILE_PATH_LITERAL("net/data/url_request_unittest"); | 164 FILE_PATH_LITERAL("net/data/url_request_unittest"); |
| 161 | 165 |
| 162 #if !BUILDFLAG(DISABLE_FTP_SUPPORT) && !defined(OS_ANDROID) | 166 #if !BUILDFLAG(DISABLE_FTP_SUPPORT) && !defined(OS_ANDROID) |
| 163 // Test file used in most FTP tests. | 167 // Test file used in most FTP tests. |
| 164 const char kFtpTestFile[] = "BullRunSpeech.txt"; | 168 const char kFtpTestFile[] = "BullRunSpeech.txt"; |
| (...skipping 6571 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 6736 void set_default_result(ct::CertPolicyCompliance default_result) { | 6740 void set_default_result(ct::CertPolicyCompliance default_result) { |
| 6737 default_result_ = default_result; | 6741 default_result_ = default_result; |
| 6738 } | 6742 } |
| 6739 | 6743 |
| 6740 private: | 6744 private: |
| 6741 ct::CertPolicyCompliance default_result_; | 6745 ct::CertPolicyCompliance default_result_; |
| 6742 }; | 6746 }; |
| 6743 | 6747 |
| 6744 // Tests that Expect CT headers are processed correctly. | 6748 // Tests that Expect CT headers are processed correctly. |
| 6745 TEST_F(URLRequestTestHTTP, ExpectCTHeader) { | 6749 TEST_F(URLRequestTestHTTP, ExpectCTHeader) { |
| 6750 #if !BUILDFLAG(INCLUDE_TRANSPORT_SECURITY_STATE_PRELOAD_LIST) |
| 6751 SetTransportSecurityStateSourceForTesting(&test0::kHSTSSource); |
| 6752 #endif |
| 6746 EmbeddedTestServer https_test_server(net::EmbeddedTestServer::TYPE_HTTPS); | 6753 EmbeddedTestServer https_test_server(net::EmbeddedTestServer::TYPE_HTTPS); |
| 6747 https_test_server.SetSSLConfig( | 6754 https_test_server.SetSSLConfig( |
| 6748 net::EmbeddedTestServer::CERT_COMMON_NAME_IS_DOMAIN); | 6755 net::EmbeddedTestServer::CERT_COMMON_NAME_IS_DOMAIN); |
| 6749 https_test_server.ServeFilesFromSourceDirectory( | 6756 https_test_server.ServeFilesFromSourceDirectory( |
| 6750 base::FilePath(kTestFilePath)); | 6757 base::FilePath(kTestFilePath)); |
| 6751 ASSERT_TRUE(https_test_server.Start()); | 6758 ASSERT_TRUE(https_test_server.Start()); |
| 6752 | 6759 |
| 6753 MockExpectCTReporter reporter; | 6760 MockExpectCTReporter reporter; |
| 6754 TransportSecurityState transport_security_state; | 6761 TransportSecurityState transport_security_state; |
| 6755 transport_security_state.enable_static_expect_ct_ = true; | 6762 transport_security_state.enable_static_expect_ct_ = true; |
| (...skipping 2344 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 9100 } | 9107 } |
| 9101 } | 9108 } |
| 9102 | 9109 |
| 9103 // TODO(svaldez): iOS tests are flaky with EmbeddedTestServer and transport | 9110 // TODO(svaldez): iOS tests are flaky with EmbeddedTestServer and transport |
| 9104 // security state. (see http://crbug.com/550977). | 9111 // security state. (see http://crbug.com/550977). |
| 9105 #if !defined(OS_IOS) | 9112 #if !defined(OS_IOS) |
| 9106 // This tests that a load of www.google.com with a certificate error sets | 9113 // This tests that a load of www.google.com with a certificate error sets |
| 9107 // the |certificate_errors_are_fatal| flag correctly. This flag will cause | 9114 // the |certificate_errors_are_fatal| flag correctly. This flag will cause |
| 9108 // the interstitial to be fatal. | 9115 // the interstitial to be fatal. |
| 9109 TEST_F(HTTPSRequestTest, HTTPSPreloadedHSTSTest) { | 9116 TEST_F(HTTPSRequestTest, HTTPSPreloadedHSTSTest) { |
| 9117 #if !BUILDFLAG(INCLUDE_TRANSPORT_SECURITY_STATE_PRELOAD_LIST) |
| 9118 SetTransportSecurityStateSourceForTesting(&test0::kHSTSSource); |
| 9119 #endif |
| 9110 EmbeddedTestServer test_server(net::EmbeddedTestServer::TYPE_HTTPS); | 9120 EmbeddedTestServer test_server(net::EmbeddedTestServer::TYPE_HTTPS); |
| 9111 test_server.SetSSLConfig(net::EmbeddedTestServer::CERT_MISMATCHED_NAME); | 9121 test_server.SetSSLConfig(net::EmbeddedTestServer::CERT_MISMATCHED_NAME); |
| 9112 test_server.ServeFilesFromSourceDirectory("net/data/ssl"); | 9122 test_server.ServeFilesFromSourceDirectory("net/data/ssl"); |
| 9113 ASSERT_TRUE(test_server.Start()); | 9123 ASSERT_TRUE(test_server.Start()); |
| 9114 | 9124 |
| 9115 // We require that the URL be www.google.com in order to pick up the | 9125 // We require that the URL be www.google.com in order to pick up the |
| 9116 // preloaded HSTS entries in the TransportSecurityState. This means that we | 9126 // preloaded HSTS entries in the TransportSecurityState. This means that we |
| 9117 // have to use a MockHostResolver in order to direct www.google.com to the | 9127 // have to use a MockHostResolver in order to direct www.google.com to the |
| 9118 // testserver. By default, MockHostResolver maps all hosts to 127.0.0.1. | 9128 // testserver. By default, MockHostResolver maps all hosts to 127.0.0.1. |
| 9119 | 9129 |
| (...skipping 19 matching lines...) Expand all Loading... |
| 9139 | 9149 |
| 9140 EXPECT_EQ(1, d.response_started_count()); | 9150 EXPECT_EQ(1, d.response_started_count()); |
| 9141 EXPECT_FALSE(d.received_data_before_response()); | 9151 EXPECT_FALSE(d.received_data_before_response()); |
| 9142 EXPECT_TRUE(d.have_certificate_errors()); | 9152 EXPECT_TRUE(d.have_certificate_errors()); |
| 9143 EXPECT_TRUE(d.certificate_errors_are_fatal()); | 9153 EXPECT_TRUE(d.certificate_errors_are_fatal()); |
| 9144 } | 9154 } |
| 9145 | 9155 |
| 9146 // This tests that cached HTTPS page loads do not cause any updates to the | 9156 // This tests that cached HTTPS page loads do not cause any updates to the |
| 9147 // TransportSecurityState. | 9157 // TransportSecurityState. |
| 9148 TEST_F(HTTPSRequestTest, HTTPSErrorsNoClobberTSSTest) { | 9158 TEST_F(HTTPSRequestTest, HTTPSErrorsNoClobberTSSTest) { |
| 9159 #if !BUILDFLAG(INCLUDE_TRANSPORT_SECURITY_STATE_PRELOAD_LIST) |
| 9160 SetTransportSecurityStateSourceForTesting(&test0::kHSTSSource); |
| 9161 #endif |
| 9149 // The actual problem -- CERT_MISMATCHED_NAME in this case -- doesn't | 9162 // The actual problem -- CERT_MISMATCHED_NAME in this case -- doesn't |
| 9150 // matter. It just has to be any error. | 9163 // matter. It just has to be any error. |
| 9151 EmbeddedTestServer test_server(net::EmbeddedTestServer::TYPE_HTTPS); | 9164 EmbeddedTestServer test_server(net::EmbeddedTestServer::TYPE_HTTPS); |
| 9152 test_server.SetSSLConfig(net::EmbeddedTestServer::CERT_MISMATCHED_NAME); | 9165 test_server.SetSSLConfig(net::EmbeddedTestServer::CERT_MISMATCHED_NAME); |
| 9153 test_server.ServeFilesFromSourceDirectory("net/data/ssl"); | 9166 test_server.ServeFilesFromSourceDirectory("net/data/ssl"); |
| 9154 ASSERT_TRUE(test_server.Start()); | 9167 ASSERT_TRUE(test_server.Start()); |
| 9155 | 9168 |
| 9156 // We require that the URL be www.google.com in order to pick up the static | 9169 // We require that the URL be www.google.com in order to pick up the static |
| 9157 // and dynamic STS and PKP entries in the TransportSecurityState. This means | 9170 // and dynamic STS and PKP entries in the TransportSecurityState. This means |
| 9158 // that we have to use a MockHostResolver in order to direct www.google.com to | 9171 // that we have to use a MockHostResolver in order to direct www.google.com to |
| (...skipping 891 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 10050 | 10063 |
| 10051 CertStatus cert_status; | 10064 CertStatus cert_status; |
| 10052 DoConnection(ssl_options, &cert_status); | 10065 DoConnection(ssl_options, &cert_status); |
| 10053 | 10066 |
| 10054 EXPECT_EQ(CERT_STATUS_REVOKED, cert_status & CERT_STATUS_ALL_ERRORS); | 10067 EXPECT_EQ(CERT_STATUS_REVOKED, cert_status & CERT_STATUS_ALL_ERRORS); |
| 10055 EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV); | 10068 EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV); |
| 10056 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED); | 10069 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED); |
| 10057 } | 10070 } |
| 10058 | 10071 |
| 10059 TEST_F(HTTPSOCSPTest, ExpectStapleReportSentOnMissing) { | 10072 TEST_F(HTTPSOCSPTest, ExpectStapleReportSentOnMissing) { |
| 10073 #if !BUILDFLAG(INCLUDE_TRANSPORT_SECURITY_STATE_PRELOAD_LIST) |
| 10074 SetTransportSecurityStateSourceForTesting(&test0::kHSTSSource); |
| 10075 #endif |
| 10060 EmbeddedTestServer https_test_server(net::EmbeddedTestServer::TYPE_HTTPS); | 10076 EmbeddedTestServer https_test_server(net::EmbeddedTestServer::TYPE_HTTPS); |
| 10061 https_test_server.SetSSLConfig( | 10077 https_test_server.SetSSLConfig( |
| 10062 net::EmbeddedTestServer::CERT_COMMON_NAME_IS_DOMAIN); | 10078 net::EmbeddedTestServer::CERT_COMMON_NAME_IS_DOMAIN); |
| 10063 https_test_server.ServeFilesFromSourceDirectory( | 10079 https_test_server.ServeFilesFromSourceDirectory( |
| 10064 base::FilePath(kTestFilePath)); | 10080 base::FilePath(kTestFilePath)); |
| 10065 ASSERT_TRUE(https_test_server.Start()); | 10081 ASSERT_TRUE(https_test_server.Start()); |
| 10066 | 10082 |
| 10067 // Set up a MockCertVerifier to accept the certificate that the server sends, | 10083 // Set up a MockCertVerifier to accept the certificate that the server sends, |
| 10068 // but not provide any OCSP information. | 10084 // but not provide any OCSP information. |
| 10069 scoped_refptr<X509Certificate> cert = https_test_server.GetCertificate(); | 10085 scoped_refptr<X509Certificate> cert = https_test_server.GetCertificate(); |
| (...skipping 1179 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 11249 AddTestInterceptor()->set_main_intercept_job(std::move(job)); | 11265 AddTestInterceptor()->set_main_intercept_job(std::move(job)); |
| 11250 | 11266 |
| 11251 req->Start(); | 11267 req->Start(); |
| 11252 req->Cancel(); | 11268 req->Cancel(); |
| 11253 base::RunLoop().RunUntilIdle(); | 11269 base::RunLoop().RunUntilIdle(); |
| 11254 EXPECT_EQ(ERR_ABORTED, d.request_status()); | 11270 EXPECT_EQ(ERR_ABORTED, d.request_status()); |
| 11255 EXPECT_EQ(0, d.received_redirect_count()); | 11271 EXPECT_EQ(0, d.received_redirect_count()); |
| 11256 } | 11272 } |
| 11257 | 11273 |
| 11258 } // namespace net | 11274 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2906633003:
Add a build flag to configure bundling of HSTS preload list (Closed)
