| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <memory> | 5 #include <memory> |
| 6 #include <utility> | 6 #include <utility> |
| 7 | 7 |
| 8 // This must be before Windows headers | 8 // This must be before Windows headers |
| 9 #include "build/build_config.h" | 9 #include "build/build_config.h" |
| 10 | 10 |
| (...skipping 137 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 148 using net::test::IsOk; | 148 using net::test::IsOk; |
| 149 | 149 |
| 150 using base::ASCIIToUTF16; | 150 using base::ASCIIToUTF16; |
| 151 using base::Time; | 151 using base::Time; |
| 152 using std::string; | 152 using std::string; |
| 153 | 153 |
| 154 namespace net { | 154 namespace net { |
| 155 | 155 |
| 156 namespace { | 156 namespace { |
| 157 | 157 |
| 158 namespace test0 { |
| 159 #include "net/http/transport_security_state_static_unittest0.h" |
| 160 } |
| 161 |
| 158 const base::string16 kChrome(ASCIIToUTF16("chrome")); | 162 const base::string16 kChrome(ASCIIToUTF16("chrome")); |
| 159 const base::string16 kSecret(ASCIIToUTF16("secret")); | 163 const base::string16 kSecret(ASCIIToUTF16("secret")); |
| 160 const base::string16 kUser(ASCIIToUTF16("user")); | 164 const base::string16 kUser(ASCIIToUTF16("user")); |
| 161 | 165 |
| 162 const base::FilePath::CharType kTestFilePath[] = | 166 const base::FilePath::CharType kTestFilePath[] = |
| 163 FILE_PATH_LITERAL("net/data/url_request_unittest"); | 167 FILE_PATH_LITERAL("net/data/url_request_unittest"); |
| 164 | 168 |
| 165 #if !BUILDFLAG(DISABLE_FTP_SUPPORT) && !defined(OS_ANDROID) | 169 #if !BUILDFLAG(DISABLE_FTP_SUPPORT) && !defined(OS_ANDROID) |
| 166 // Test file used in most FTP tests. | 170 // Test file used in most FTP tests. |
| 167 const char kFtpTestFile[] = "BullRunSpeech.txt"; | 171 const char kFtpTestFile[] = "BullRunSpeech.txt"; |
| (...skipping 6572 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 6740 void set_default_result(ct::CertPolicyCompliance default_result) { | 6744 void set_default_result(ct::CertPolicyCompliance default_result) { |
| 6741 default_result_ = default_result; | 6745 default_result_ = default_result; |
| 6742 } | 6746 } |
| 6743 | 6747 |
| 6744 private: | 6748 private: |
| 6745 ct::CertPolicyCompliance default_result_; | 6749 ct::CertPolicyCompliance default_result_; |
| 6746 }; | 6750 }; |
| 6747 | 6751 |
| 6748 // Tests that Expect CT headers are processed correctly. | 6752 // Tests that Expect CT headers are processed correctly. |
| 6749 TEST_F(URLRequestTestHTTP, ExpectCTHeader) { | 6753 TEST_F(URLRequestTestHTTP, ExpectCTHeader) { |
| 6754 #if !BUILDFLAG(INCLUDE_TRANSPORT_SECURITY_STATE_PRELOAD_LIST) |
| 6755 SetTransportSecurityStateSourceForTesting(&test0::kHSTSSource); |
| 6756 #endif |
| 6750 EmbeddedTestServer https_test_server(net::EmbeddedTestServer::TYPE_HTTPS); | 6757 EmbeddedTestServer https_test_server(net::EmbeddedTestServer::TYPE_HTTPS); |
| 6751 https_test_server.SetSSLConfig( | 6758 https_test_server.SetSSLConfig( |
| 6752 net::EmbeddedTestServer::CERT_COMMON_NAME_IS_DOMAIN); | 6759 net::EmbeddedTestServer::CERT_COMMON_NAME_IS_DOMAIN); |
| 6753 https_test_server.ServeFilesFromSourceDirectory( | 6760 https_test_server.ServeFilesFromSourceDirectory( |
| 6754 base::FilePath(kTestFilePath)); | 6761 base::FilePath(kTestFilePath)); |
| 6755 ASSERT_TRUE(https_test_server.Start()); | 6762 ASSERT_TRUE(https_test_server.Start()); |
| 6756 | 6763 |
| 6757 MockExpectCTReporter reporter; | 6764 MockExpectCTReporter reporter; |
| 6758 TransportSecurityState transport_security_state; | 6765 TransportSecurityState transport_security_state; |
| 6759 transport_security_state.enable_static_expect_ct_ = true; | 6766 transport_security_state.enable_static_expect_ct_ = true; |
| (...skipping 2448 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 9208 } | 9215 } |
| 9209 } | 9216 } |
| 9210 | 9217 |
| 9211 // TODO(svaldez): iOS tests are flaky with EmbeddedTestServer and transport | 9218 // TODO(svaldez): iOS tests are flaky with EmbeddedTestServer and transport |
| 9212 // security state. (see http://crbug.com/550977). | 9219 // security state. (see http://crbug.com/550977). |
| 9213 #if !defined(OS_IOS) | 9220 #if !defined(OS_IOS) |
| 9214 // This tests that a load of www.google.com with a certificate error sets | 9221 // This tests that a load of www.google.com with a certificate error sets |
| 9215 // the |certificate_errors_are_fatal| flag correctly. This flag will cause | 9222 // the |certificate_errors_are_fatal| flag correctly. This flag will cause |
| 9216 // the interstitial to be fatal. | 9223 // the interstitial to be fatal. |
| 9217 TEST_F(HTTPSRequestTest, HTTPSPreloadedHSTSTest) { | 9224 TEST_F(HTTPSRequestTest, HTTPSPreloadedHSTSTest) { |
| 9225 #if !BUILDFLAG(INCLUDE_TRANSPORT_SECURITY_STATE_PRELOAD_LIST) |
| 9226 SetTransportSecurityStateSourceForTesting(&test0::kHSTSSource); |
| 9227 #endif |
| 9218 EmbeddedTestServer test_server(net::EmbeddedTestServer::TYPE_HTTPS); | 9228 EmbeddedTestServer test_server(net::EmbeddedTestServer::TYPE_HTTPS); |
| 9219 test_server.SetSSLConfig(net::EmbeddedTestServer::CERT_MISMATCHED_NAME); | 9229 test_server.SetSSLConfig(net::EmbeddedTestServer::CERT_MISMATCHED_NAME); |
| 9220 test_server.ServeFilesFromSourceDirectory("net/data/ssl"); | 9230 test_server.ServeFilesFromSourceDirectory("net/data/ssl"); |
| 9221 ASSERT_TRUE(test_server.Start()); | 9231 ASSERT_TRUE(test_server.Start()); |
| 9222 | 9232 |
| 9223 // We require that the URL be www.google.com in order to pick up the | 9233 // We require that the URL be www.google.com in order to pick up the |
| 9224 // preloaded HSTS entries in the TransportSecurityState. This means that we | 9234 // preloaded HSTS entries in the TransportSecurityState. This means that we |
| 9225 // have to use a MockHostResolver in order to direct www.google.com to the | 9235 // have to use a MockHostResolver in order to direct www.google.com to the |
| 9226 // testserver. By default, MockHostResolver maps all hosts to 127.0.0.1. | 9236 // testserver. By default, MockHostResolver maps all hosts to 127.0.0.1. |
| 9227 | 9237 |
| (...skipping 19 matching lines...) Expand all Loading... |
| 9247 | 9257 |
| 9248 EXPECT_EQ(1, d.response_started_count()); | 9258 EXPECT_EQ(1, d.response_started_count()); |
| 9249 EXPECT_FALSE(d.received_data_before_response()); | 9259 EXPECT_FALSE(d.received_data_before_response()); |
| 9250 EXPECT_TRUE(d.have_certificate_errors()); | 9260 EXPECT_TRUE(d.have_certificate_errors()); |
| 9251 EXPECT_TRUE(d.certificate_errors_are_fatal()); | 9261 EXPECT_TRUE(d.certificate_errors_are_fatal()); |
| 9252 } | 9262 } |
| 9253 | 9263 |
| 9254 // This tests that cached HTTPS page loads do not cause any updates to the | 9264 // This tests that cached HTTPS page loads do not cause any updates to the |
| 9255 // TransportSecurityState. | 9265 // TransportSecurityState. |
| 9256 TEST_F(HTTPSRequestTest, HTTPSErrorsNoClobberTSSTest) { | 9266 TEST_F(HTTPSRequestTest, HTTPSErrorsNoClobberTSSTest) { |
| 9267 #if !BUILDFLAG(INCLUDE_TRANSPORT_SECURITY_STATE_PRELOAD_LIST) |
| 9268 SetTransportSecurityStateSourceForTesting(&test0::kHSTSSource); |
| 9269 #endif |
| 9257 // The actual problem -- CERT_MISMATCHED_NAME in this case -- doesn't | 9270 // The actual problem -- CERT_MISMATCHED_NAME in this case -- doesn't |
| 9258 // matter. It just has to be any error. | 9271 // matter. It just has to be any error. |
| 9259 EmbeddedTestServer test_server(net::EmbeddedTestServer::TYPE_HTTPS); | 9272 EmbeddedTestServer test_server(net::EmbeddedTestServer::TYPE_HTTPS); |
| 9260 test_server.SetSSLConfig(net::EmbeddedTestServer::CERT_MISMATCHED_NAME); | 9273 test_server.SetSSLConfig(net::EmbeddedTestServer::CERT_MISMATCHED_NAME); |
| 9261 test_server.ServeFilesFromSourceDirectory("net/data/ssl"); | 9274 test_server.ServeFilesFromSourceDirectory("net/data/ssl"); |
| 9262 ASSERT_TRUE(test_server.Start()); | 9275 ASSERT_TRUE(test_server.Start()); |
| 9263 | 9276 |
| 9264 // We require that the URL be www.google.com in order to pick up the static | 9277 // We require that the URL be www.google.com in order to pick up the static |
| 9265 // and dynamic STS and PKP entries in the TransportSecurityState. This means | 9278 // and dynamic STS and PKP entries in the TransportSecurityState. This means |
| 9266 // that we have to use a MockHostResolver in order to direct www.google.com to | 9279 // that we have to use a MockHostResolver in order to direct www.google.com to |
| (...skipping 883 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 10150 | 10163 |
| 10151 CertStatus cert_status; | 10164 CertStatus cert_status; |
| 10152 DoConnection(ssl_options, &cert_status); | 10165 DoConnection(ssl_options, &cert_status); |
| 10153 | 10166 |
| 10154 EXPECT_EQ(CERT_STATUS_REVOKED, cert_status & CERT_STATUS_ALL_ERRORS); | 10167 EXPECT_EQ(CERT_STATUS_REVOKED, cert_status & CERT_STATUS_ALL_ERRORS); |
| 10155 EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV); | 10168 EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV); |
| 10156 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED); | 10169 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED); |
| 10157 } | 10170 } |
| 10158 | 10171 |
| 10159 TEST_F(HTTPSOCSPTest, ExpectStapleReportSentOnMissing) { | 10172 TEST_F(HTTPSOCSPTest, ExpectStapleReportSentOnMissing) { |
| 10173 #if !BUILDFLAG(INCLUDE_TRANSPORT_SECURITY_STATE_PRELOAD_LIST) |
| 10174 SetTransportSecurityStateSourceForTesting(&test0::kHSTSSource); |
| 10175 #endif |
| 10160 EmbeddedTestServer https_test_server(net::EmbeddedTestServer::TYPE_HTTPS); | 10176 EmbeddedTestServer https_test_server(net::EmbeddedTestServer::TYPE_HTTPS); |
| 10161 https_test_server.SetSSLConfig( | 10177 https_test_server.SetSSLConfig( |
| 10162 net::EmbeddedTestServer::CERT_COMMON_NAME_IS_DOMAIN); | 10178 net::EmbeddedTestServer::CERT_COMMON_NAME_IS_DOMAIN); |
| 10163 https_test_server.ServeFilesFromSourceDirectory( | 10179 https_test_server.ServeFilesFromSourceDirectory( |
| 10164 base::FilePath(kTestFilePath)); | 10180 base::FilePath(kTestFilePath)); |
| 10165 ASSERT_TRUE(https_test_server.Start()); | 10181 ASSERT_TRUE(https_test_server.Start()); |
| 10166 | 10182 |
| 10167 // Set up a MockCertVerifier to accept the certificate that the server sends, | 10183 // Set up a MockCertVerifier to accept the certificate that the server sends, |
| 10168 // but not provide any OCSP information. | 10184 // but not provide any OCSP information. |
| 10169 scoped_refptr<X509Certificate> cert = https_test_server.GetCertificate(); | 10185 scoped_refptr<X509Certificate> cert = https_test_server.GetCertificate(); |
| (...skipping 1179 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 11349 AddTestInterceptor()->set_main_intercept_job(std::move(job)); | 11365 AddTestInterceptor()->set_main_intercept_job(std::move(job)); |
| 11350 | 11366 |
| 11351 req->Start(); | 11367 req->Start(); |
| 11352 req->Cancel(); | 11368 req->Cancel(); |
| 11353 base::RunLoop().RunUntilIdle(); | 11369 base::RunLoop().RunUntilIdle(); |
| 11354 EXPECT_EQ(ERR_ABORTED, d.request_status()); | 11370 EXPECT_EQ(ERR_ABORTED, d.request_status()); |
| 11355 EXPECT_EQ(0, d.received_redirect_count()); | 11371 EXPECT_EQ(0, d.received_redirect_count()); |
| 11356 } | 11372 } |
| 11357 | 11373 |
| 11358 } // namespace net | 11374 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2906633003:
Add a build flag to configure bundling of HSTS preload list (Closed)
