| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/http/transport_security_state.h" | 5 #include "net/http/transport_security_state.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 #include <string> | 8 #include <string> |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| (...skipping 15 matching lines...) Expand all Loading... |
| 26 #include "net/base/test_completion_callback.h" | 26 #include "net/base/test_completion_callback.h" |
| 27 #include "net/cert/asn1_util.h" | 27 #include "net/cert/asn1_util.h" |
| 28 #include "net/cert/cert_verifier.h" | 28 #include "net/cert/cert_verifier.h" |
| 29 #include "net/cert/cert_verify_result.h" | 29 #include "net/cert/cert_verify_result.h" |
| 30 #include "net/cert/ct_policy_status.h" | 30 #include "net/cert/ct_policy_status.h" |
| 31 #include "net/cert/test_root_certs.h" | 31 #include "net/cert/test_root_certs.h" |
| 32 #include "net/cert/x509_cert_types.h" | 32 #include "net/cert/x509_cert_types.h" |
| 33 #include "net/cert/x509_certificate.h" | 33 #include "net/cert/x509_certificate.h" |
| 34 #include "net/http/http_status_code.h" | 34 #include "net/http/http_status_code.h" |
| 35 #include "net/http/http_util.h" | 35 #include "net/http/http_util.h" |
| 36 #include "net/net_features.h" |
| 36 #include "net/ssl/ssl_info.h" | 37 #include "net/ssl/ssl_info.h" |
| 37 #include "net/test/cert_test_util.h" | 38 #include "net/test/cert_test_util.h" |
| 38 #include "net/test/test_data_directory.h" | 39 #include "net/test/test_data_directory.h" |
| 39 #include "testing/gmock/include/gmock/gmock.h" | 40 #include "testing/gmock/include/gmock/gmock.h" |
| 40 #include "testing/gtest/include/gtest/gtest.h" | 41 #include "testing/gtest/include/gtest/gtest.h" |
| 41 | 42 |
| 42 namespace net { | 43 namespace net { |
| 43 | 44 |
| 44 namespace { | 45 namespace { |
| 45 | 46 |
| 47 namespace test0 { |
| 48 #include "net/http/transport_security_state_static_unittest0.h" |
| 49 } |
| 50 |
| 46 namespace test1 { | 51 namespace test1 { |
| 47 #include "net/http/transport_security_state_static_unittest1.h" | 52 #include "net/http/transport_security_state_static_unittest1.h" |
| 48 } | 53 } |
| 49 namespace test2 { | 54 namespace test2 { |
| 50 #include "net/http/transport_security_state_static_unittest2.h" | 55 #include "net/http/transport_security_state_static_unittest2.h" |
| 51 } | 56 } |
| 52 namespace test3 { | 57 namespace test3 { |
| 53 #include "net/http/transport_security_state_static_unittest3.h" | 58 #include "net/http/transport_security_state_static_unittest3.h" |
| 54 } | 59 } |
| 55 | 60 |
| (...skipping 335 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 391 std::string serialized_report = reporter->latest_report(); | 396 std::string serialized_report = reporter->latest_report(); |
| 392 EXPECT_NO_FATAL_FAILURE(CheckSerializedExpectStapleReport( | 397 EXPECT_NO_FATAL_FAILURE(CheckSerializedExpectStapleReport( |
| 393 serialized_report, host_port, ssl_info, ocsp_response, response_status, | 398 serialized_report, host_port, ssl_info, ocsp_response, response_status, |
| 394 cert_status)); | 399 cert_status)); |
| 395 } | 400 } |
| 396 | 401 |
| 397 } // namespace | 402 } // namespace |
| 398 | 403 |
| 399 class TransportSecurityStateTest : public testing::Test { | 404 class TransportSecurityStateTest : public testing::Test { |
| 400 public: | 405 public: |
| 406 TransportSecurityStateTest() { |
| 407 #if !BUILDFLAG(INCLUDE_TRANSPORT_SECURITY_STATE_PRELOAD_LIST) |
| 408 SetTransportSecurityStateSourceForTesting(&test0::kHSTSSource); |
| 409 #endif |
| 410 } |
| 411 |
| 401 ~TransportSecurityStateTest() override { | 412 ~TransportSecurityStateTest() override { |
| 402 SetTransportSecurityStateSourceForTesting(nullptr); | 413 SetTransportSecurityStateSourceForTesting(nullptr); |
| 403 } | 414 } |
| 404 | 415 |
| 405 void SetUp() override { | 416 void SetUp() override { |
| 406 crypto::EnsureOpenSSLInit(); | 417 crypto::EnsureOpenSSLInit(); |
| 407 } | 418 } |
| 408 | 419 |
| 409 static void DisableStaticPins(TransportSecurityState* state) { | 420 static void DisableStaticPins(TransportSecurityState* state) { |
| 410 state->enable_static_pins_ = false; | 421 state->enable_static_pins_ = false; |
| (...skipping 938 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1349 static bool AddHash(const std::string& type_and_base64, | 1360 static bool AddHash(const std::string& type_and_base64, |
| 1350 HashValueVector* out) { | 1361 HashValueVector* out) { |
| 1351 HashValue hash; | 1362 HashValue hash; |
| 1352 if (!hash.FromString(type_and_base64)) | 1363 if (!hash.FromString(type_and_base64)) |
| 1353 return false; | 1364 return false; |
| 1354 | 1365 |
| 1355 out->push_back(hash); | 1366 out->push_back(hash); |
| 1356 return true; | 1367 return true; |
| 1357 } | 1368 } |
| 1358 | 1369 |
| 1359 TEST_F(TransportSecurityStateTest, PinValidationWithoutRejectedCerts) { | 1370 // This test depends on the pinset of tor. |
| 1371 #if !BUILDFLAG(INCLUDE_TRANSPORT_SECURITY_STATE_PRELOAD_LIST) |
| 1372 #define MAYBE_PinValidationWithoutRejectedCerts \ |
| 1373 DISABLED_PinValidationWithoutRejectedCerts |
| 1374 #else |
| 1375 #define MAYBE_PinValidationWithoutRejectedCerts \ |
| 1376 PinValidationWithoutRejectedCerts |
| 1377 #endif |
| 1378 TEST_F(TransportSecurityStateTest, MAYBE_PinValidationWithoutRejectedCerts) { |
| 1360 HashValueVector good_hashes, bad_hashes; | 1379 HashValueVector good_hashes, bad_hashes; |
| 1361 | 1380 |
| 1362 for (size_t i = 0; kGoodPath[i]; i++) { | 1381 for (size_t i = 0; kGoodPath[i]; i++) { |
| 1363 EXPECT_TRUE(AddHash(kGoodPath[i], &good_hashes)); | 1382 EXPECT_TRUE(AddHash(kGoodPath[i], &good_hashes)); |
| 1364 } | 1383 } |
| 1365 for (size_t i = 0; kBadPath[i]; i++) { | 1384 for (size_t i = 0; kBadPath[i]; i++) { |
| 1366 EXPECT_TRUE(AddHash(kBadPath[i], &bad_hashes)); | 1385 EXPECT_TRUE(AddHash(kBadPath[i], &bad_hashes)); |
| 1367 } | 1386 } |
| 1368 | 1387 |
| 1369 TransportSecurityState state; | 1388 TransportSecurityState state; |
| (...skipping 1995 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3365 EXPECT_EQ(expiry, reporter.expiration()); | 3384 EXPECT_EQ(expiry, reporter.expiration()); |
| 3366 EXPECT_EQ(cert1.get(), reporter.validated_certificate_chain()); | 3385 EXPECT_EQ(cert1.get(), reporter.validated_certificate_chain()); |
| 3367 EXPECT_EQ(cert2.get(), reporter.served_certificate_chain()); | 3386 EXPECT_EQ(cert2.get(), reporter.served_certificate_chain()); |
| 3368 EXPECT_EQ(sct_list.size(), reporter.signed_certificate_timestamps().size()); | 3387 EXPECT_EQ(sct_list.size(), reporter.signed_certificate_timestamps().size()); |
| 3369 EXPECT_EQ(sct_list[0].status, | 3388 EXPECT_EQ(sct_list[0].status, |
| 3370 reporter.signed_certificate_timestamps()[0].status); | 3389 reporter.signed_certificate_timestamps()[0].status); |
| 3371 EXPECT_EQ(sct_list[0].sct, reporter.signed_certificate_timestamps()[0].sct); | 3390 EXPECT_EQ(sct_list[0].sct, reporter.signed_certificate_timestamps()[0].sct); |
| 3372 } | 3391 } |
| 3373 | 3392 |
| 3374 } // namespace net | 3393 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2906633003:
Add a build flag to configure bundling of HSTS preload list (Closed)
