| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/http/transport_security_state.h" | 5 #include "net/http/transport_security_state.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 #include <string> | 8 #include <string> |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| (...skipping 15 matching lines...) Expand all Loading... |
| 26 #include "net/base/test_completion_callback.h" | 26 #include "net/base/test_completion_callback.h" |
| 27 #include "net/cert/asn1_util.h" | 27 #include "net/cert/asn1_util.h" |
| 28 #include "net/cert/cert_verifier.h" | 28 #include "net/cert/cert_verifier.h" |
| 29 #include "net/cert/cert_verify_result.h" | 29 #include "net/cert/cert_verify_result.h" |
| 30 #include "net/cert/ct_policy_status.h" | 30 #include "net/cert/ct_policy_status.h" |
| 31 #include "net/cert/test_root_certs.h" | 31 #include "net/cert/test_root_certs.h" |
| 32 #include "net/cert/x509_cert_types.h" | 32 #include "net/cert/x509_cert_types.h" |
| 33 #include "net/cert/x509_certificate.h" | 33 #include "net/cert/x509_certificate.h" |
| 34 #include "net/http/http_status_code.h" | 34 #include "net/http/http_status_code.h" |
| 35 #include "net/http/http_util.h" | 35 #include "net/http/http_util.h" |
| 36 #include "net/net_features.h" |
| 36 #include "net/ssl/ssl_info.h" | 37 #include "net/ssl/ssl_info.h" |
| 37 #include "net/test/cert_test_util.h" | 38 #include "net/test/cert_test_util.h" |
| 38 #include "net/test/test_data_directory.h" | 39 #include "net/test/test_data_directory.h" |
| 39 #include "testing/gmock/include/gmock/gmock.h" | 40 #include "testing/gmock/include/gmock/gmock.h" |
| 40 #include "testing/gtest/include/gtest/gtest.h" | 41 #include "testing/gtest/include/gtest/gtest.h" |
| 41 | 42 |
| 42 namespace net { | 43 namespace net { |
| 43 | 44 |
| 44 namespace { | 45 namespace { |
| 45 | 46 |
| 47 namespace test0 { |
| 48 #include "net/http/transport_security_state_static_unittest0.h" |
| 49 } |
| 50 |
| 46 namespace test1 { | 51 namespace test1 { |
| 47 #include "net/http/transport_security_state_static_unittest1.h" | 52 #include "net/http/transport_security_state_static_unittest1.h" |
| 48 } | 53 } |
| 49 namespace test2 { | 54 namespace test2 { |
| 50 #include "net/http/transport_security_state_static_unittest2.h" | 55 #include "net/http/transport_security_state_static_unittest2.h" |
| 51 } | 56 } |
| 52 namespace test3 { | 57 namespace test3 { |
| 53 #include "net/http/transport_security_state_static_unittest3.h" | 58 #include "net/http/transport_security_state_static_unittest3.h" |
| 54 } | 59 } |
| 55 | 60 |
| (...skipping 335 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 391 std::string serialized_report = reporter->latest_report(); | 396 std::string serialized_report = reporter->latest_report(); |
| 392 EXPECT_NO_FATAL_FAILURE(CheckSerializedExpectStapleReport( | 397 EXPECT_NO_FATAL_FAILURE(CheckSerializedExpectStapleReport( |
| 393 serialized_report, host_port, ssl_info, ocsp_response, response_status, | 398 serialized_report, host_port, ssl_info, ocsp_response, response_status, |
| 394 cert_status)); | 399 cert_status)); |
| 395 } | 400 } |
| 396 | 401 |
| 397 } // namespace | 402 } // namespace |
| 398 | 403 |
| 399 class TransportSecurityStateTest : public testing::Test { | 404 class TransportSecurityStateTest : public testing::Test { |
| 400 public: | 405 public: |
| 406 TransportSecurityStateTest() { |
| 407 old_transport_security_state_source_ = |
| 408 GetTransportSecurityStateSourceForTesting(); |
| 409 #if !BUILDFLAG(INCLUDE_TRANSPORT_SECURITY_STATE_PRELOAD_LIST) |
| 410 SetTransportSecurityStateSourceForTesting(&test0::kHSTSSource); |
| 411 #endif |
| 412 } |
| 413 |
| 401 ~TransportSecurityStateTest() override { | 414 ~TransportSecurityStateTest() override { |
| 402 SetTransportSecurityStateSourceForTesting(nullptr); | 415 SetTransportSecurityStateSourceForTesting( |
| 416 old_transport_security_state_source_); |
| 403 } | 417 } |
| 404 | 418 |
| 405 void SetUp() override { | 419 void SetUp() override { |
| 406 crypto::EnsureOpenSSLInit(); | 420 crypto::EnsureOpenSSLInit(); |
| 407 } | 421 } |
| 408 | 422 |
| 409 static void DisableStaticPins(TransportSecurityState* state) { | 423 static void DisableStaticPins(TransportSecurityState* state) { |
| 410 state->enable_static_pins_ = false; | 424 state->enable_static_pins_ = false; |
| 411 } | 425 } |
| 412 | 426 |
| (...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 449 const std::string& host, | 463 const std::string& host, |
| 450 TransportSecurityState::ExpectCTState* result) { | 464 TransportSecurityState::ExpectCTState* result) { |
| 451 return state->GetStaticExpectCTState(host, result); | 465 return state->GetStaticExpectCTState(host, result); |
| 452 } | 466 } |
| 453 | 467 |
| 454 bool GetExpectStapleState(TransportSecurityState* state, | 468 bool GetExpectStapleState(TransportSecurityState* state, |
| 455 const std::string& host, | 469 const std::string& host, |
| 456 TransportSecurityState::ExpectStapleState* result) { | 470 TransportSecurityState::ExpectStapleState* result) { |
| 457 return state->GetStaticExpectStapleState(host, result); | 471 return state->GetStaticExpectStapleState(host, result); |
| 458 } | 472 } |
| 473 |
| 474 private: |
| 475 const TransportSecurityStateSource* old_transport_security_state_source_; |
| 459 }; | 476 }; |
| 460 | 477 |
| 461 TEST_F(TransportSecurityStateTest, DomainNameOddities) { | 478 TEST_F(TransportSecurityStateTest, DomainNameOddities) { |
| 462 TransportSecurityState state; | 479 TransportSecurityState state; |
| 463 const base::Time current_time(base::Time::Now()); | 480 const base::Time current_time(base::Time::Now()); |
| 464 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); | 481 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); |
| 465 | 482 |
| 466 // DNS suffix search tests. Some DNS resolvers allow a terminal "." to | 483 // DNS suffix search tests. Some DNS resolvers allow a terminal "." to |
| 467 // indicate not perform DNS suffix searching. Ensure that regardless | 484 // indicate not perform DNS suffix searching. Ensure that regardless |
| 468 // of how this is treated at the resolver layer, or at the URL/origin | 485 // of how this is treated at the resolver layer, or at the URL/origin |
| (...skipping 880 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1349 static bool AddHash(const std::string& type_and_base64, | 1366 static bool AddHash(const std::string& type_and_base64, |
| 1350 HashValueVector* out) { | 1367 HashValueVector* out) { |
| 1351 HashValue hash; | 1368 HashValue hash; |
| 1352 if (!hash.FromString(type_and_base64)) | 1369 if (!hash.FromString(type_and_base64)) |
| 1353 return false; | 1370 return false; |
| 1354 | 1371 |
| 1355 out->push_back(hash); | 1372 out->push_back(hash); |
| 1356 return true; | 1373 return true; |
| 1357 } | 1374 } |
| 1358 | 1375 |
| 1359 TEST_F(TransportSecurityStateTest, PinValidationWithoutRejectedCerts) { | 1376 // This test depends on the pinset of tor. |
| 1377 #if !BUILDFLAG(INCLUDE_TRANSPORT_SECURITY_STATE_PRELOAD_LIST) |
| 1378 #define MAYBE_PinValidationWithoutRejectedCerts \ |
| 1379 DISABLED_PinValidationWithoutRejectedCerts |
| 1380 #else |
| 1381 #define MAYBE_PinValidationWithoutRejectedCerts \ |
| 1382 PinValidationWithoutRejectedCerts |
| 1383 #endif |
| 1384 TEST_F(TransportSecurityStateTest, MAYBE_PinValidationWithoutRejectedCerts) { |
| 1360 HashValueVector good_hashes, bad_hashes; | 1385 HashValueVector good_hashes, bad_hashes; |
| 1361 | 1386 |
| 1362 for (size_t i = 0; kGoodPath[i]; i++) { | 1387 for (size_t i = 0; kGoodPath[i]; i++) { |
| 1363 EXPECT_TRUE(AddHash(kGoodPath[i], &good_hashes)); | 1388 EXPECT_TRUE(AddHash(kGoodPath[i], &good_hashes)); |
| 1364 } | 1389 } |
| 1365 for (size_t i = 0; kBadPath[i]; i++) { | 1390 for (size_t i = 0; kBadPath[i]; i++) { |
| 1366 EXPECT_TRUE(AddHash(kBadPath[i], &bad_hashes)); | 1391 EXPECT_TRUE(AddHash(kBadPath[i], &bad_hashes)); |
| 1367 } | 1392 } |
| 1368 | 1393 |
| 1369 TransportSecurityState state; | 1394 TransportSecurityState state; |
| (...skipping 1995 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3365 EXPECT_EQ(expiry, reporter.expiration()); | 3390 EXPECT_EQ(expiry, reporter.expiration()); |
| 3366 EXPECT_EQ(cert1.get(), reporter.validated_certificate_chain()); | 3391 EXPECT_EQ(cert1.get(), reporter.validated_certificate_chain()); |
| 3367 EXPECT_EQ(cert2.get(), reporter.served_certificate_chain()); | 3392 EXPECT_EQ(cert2.get(), reporter.served_certificate_chain()); |
| 3368 EXPECT_EQ(sct_list.size(), reporter.signed_certificate_timestamps().size()); | 3393 EXPECT_EQ(sct_list.size(), reporter.signed_certificate_timestamps().size()); |
| 3369 EXPECT_EQ(sct_list[0].status, | 3394 EXPECT_EQ(sct_list[0].status, |
| 3370 reporter.signed_certificate_timestamps()[0].status); | 3395 reporter.signed_certificate_timestamps()[0].status); |
| 3371 EXPECT_EQ(sct_list[0].sct, reporter.signed_certificate_timestamps()[0].sct); | 3396 EXPECT_EQ(sct_list[0].sct, reporter.signed_certificate_timestamps()[0].sct); |
| 3372 } | 3397 } |
| 3373 | 3398 |
| 3374 } // namespace net | 3399 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2906633003:
Add a build flag to configure bundling of HSTS preload list (Closed)
