| OLD | NEW |
|---|
| 1 // Copyright 2017 The Chromium Authors. All rights reserved. | 1 // Copyright 2017 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #import <Cronet/Cronet.h> | 5 #import <Cronet/Cronet.h> |
| 6 | 6 |
| 7 #include "components/cronet/ios/test/start_cronet.h" | 7 #include "components/cronet/ios/test/start_cronet.h" |
| 8 #include "components/grpc_support/test/quic_test_server.h" | 8 #include "components/grpc_support/test/quic_test_server.h" |
| 9 #include "cronet_test_base.h" | 9 #include "cronet_test_base.h" |
| 10 #include "net/base/mac/url_conversions.h" | 10 #include "net/base/mac/url_conversions.h" |
| (...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 71 } else { | 71 } else { |
| 72 ASSERT_FALSE(IsResponseSuccessful()); | 72 ASSERT_FALSE(IsResponseSuccessful()); |
| 73 } | 73 } |
| 74 } | 74 } |
| 75 | 75 |
| 76 // Adds a given public-key-pin and starts a Cronet engine for testing. | 76 // Adds a given public-key-pin and starts a Cronet engine for testing. |
| 77 void AddPkpAndStartCronet(NSString* host, | 77 void AddPkpAndStartCronet(NSString* host, |
| 78 NSData* hash, | 78 NSData* hash, |
| 79 BOOL include_subdomains, | 79 BOOL include_subdomains, |
| 80 NSDate* expiration_date) { | 80 NSDate* expiration_date) { |
| 81 [Cronet setEnablePublicKeyPinningBypassForLocalTrustAnchors:NO]; |
| 81 NSSet* hashes = [NSSet setWithObject:hash]; | 82 NSSet* hashes = [NSSet setWithObject:hash]; |
| 82 NSError* error; | 83 NSError* error; |
| 83 BOOL success = [Cronet addPublicKeyPinsForHost:host | 84 BOOL success = [Cronet addPublicKeyPinsForHost:host |
| 84 pinHashes:hashes | 85 pinHashes:hashes |
| 85 includeSubdomains:include_subdomains | 86 includeSubdomains:include_subdomains |
| 86 expirationDate:(NSDate*)expiration_date | 87 expirationDate:(NSDate*)expiration_date |
| 87 error:&error]; | 88 error:&error]; |
| 88 CHECK(success); | 89 CHECK(success); |
| 89 CHECK(!error); | 90 CHECK(!error); |
| 90 StartCronet(grpc_support::GetQuicTestServerPort()); | 91 StartCronet(grpc_support::GetQuicTestServerPort()); |
| (...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 134 } | 135 } |
| 135 | 136 |
| 136 // Tests the case when the pin hash matches. The client is expected to | 137 // Tests the case when the pin hash matches. The client is expected to |
| 137 // receive the successful response with the response code 200. | 138 // receive the successful response with the response code 200. |
| 138 TEST_F(PkpTest, TestSuccessIfPinMatches) { | 139 TEST_F(PkpTest, TestSuccessIfPinMatches) { |
| 139 AddPkpAndStartCronet(server_host_, MatchingHash(), kExcludeSubdomains, | 140 AddPkpAndStartCronet(server_host_, MatchingHash(), kExcludeSubdomains, |
| 140 kDistantFuture); | 141 kDistantFuture); |
| 141 ASSERT_NO_FATAL_FAILURE(sendRequestAndAssertResult(request_url_, kSuccess)); | 142 ASSERT_NO_FATAL_FAILURE(sendRequestAndAssertResult(request_url_, kSuccess)); |
| 142 } | 143 } |
| 143 | 144 |
| 145 TEST_F(PkpTest, TestBypass) { |
| 146 [Cronet setEnablePublicKeyPinningBypassForLocalTrustAnchors:YES]; |
| 147 |
| 148 NSSet* hashes = [NSSet setWithObject:NonMatchingHash()]; |
| 149 NSError* error; |
| 150 BOOL success = [Cronet addPublicKeyPinsForHost:server_host_ |
| 151 pinHashes:hashes |
| 152 includeSubdomains:kExcludeSubdomains |
| 153 expirationDate:(NSDate*)kDistantFuture |
| 154 error:&error]; |
| 155 |
| 156 EXPECT_FALSE(success); |
| 157 EXPECT_EQ([error code], CRNErrorUnsupportedConfig); |
| 158 } |
| 159 |
| 144 // Tests the case when the pin hash does not match and the client accesses the | 160 // Tests the case when the pin hash does not match and the client accesses the |
| 145 // subdomain of the configured PKP host with includeSubdomains flag set to true. | 161 // subdomain of the configured PKP host with includeSubdomains flag set to true. |
| 146 // The client is expected to receive the error response. | 162 // The client is expected to receive the error response. |
| 147 TEST_F(PkpTest, TestIncludeSubdomainsFlagEqualTrue) { | 163 TEST_F(PkpTest, TestIncludeSubdomainsFlagEqualTrue) { |
| 148 AddPkpAndStartCronet(server_domain_, NonMatchingHash(), kIncludeSubdomains, | 164 AddPkpAndStartCronet(server_domain_, NonMatchingHash(), kIncludeSubdomains, |
| 149 kDistantFuture); | 165 kDistantFuture); |
| 150 ASSERT_NO_FATAL_FAILURE(sendRequestAndAssertResult(request_url_, kError)); | 166 ASSERT_NO_FATAL_FAILURE(sendRequestAndAssertResult(request_url_, kError)); |
| 151 } | 167 } |
| 152 | 168 |
| 153 // Tests the case when the pin hash does not match and the client accesses the | 169 // Tests the case when the pin hash does not match and the client accesses the |
| (...skipping 90 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 244 expirationDate:kDistantFuture | 260 expirationDate:kDistantFuture |
| 245 error:nil]; | 261 error:nil]; |
| 246 ASSERT_TRUE(success); | 262 ASSERT_TRUE(success); |
| 247 // Add non-matching pin. | 263 // Add non-matching pin. |
| 248 AddPkpAndStartCronet(server_host_, NonMatchingHash(), kExcludeSubdomains, | 264 AddPkpAndStartCronet(server_host_, NonMatchingHash(), kExcludeSubdomains, |
| 249 kDistantFuture); | 265 kDistantFuture); |
| 250 ASSERT_NO_FATAL_FAILURE(sendRequestAndAssertResult(request_url_, kError)); | 266 ASSERT_NO_FATAL_FAILURE(sendRequestAndAssertResult(request_url_, kError)); |
| 251 } | 267 } |
| 252 | 268 |
| 253 } // namespace cronet | 269 } // namespace cronet |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2937523002:
add setter for enable_pkp_bypass_etc (Closed)
