Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(357)

Side by Side Diff: components/cronet/ios/test/cronet_pkp_test.mm

Issue 2937523002: add setter for enable_pkp_bypass_etc (Closed)
Patch Set: add test for set_enable_pkp_bypass_etc Created 3 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 // Copyright 2017 The Chromium Authors. All rights reserved. 1 // Copyright 2017 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #import <Cronet/Cronet.h> 5 #import <Cronet/Cronet.h>
6 6
7 #include "components/cronet/ios/test/start_cronet.h" 7 #include "components/cronet/ios/test/start_cronet.h"
8 #include "components/grpc_support/test/quic_test_server.h" 8 #include "components/grpc_support/test/quic_test_server.h"
9 #include "cronet_test_base.h" 9 #include "cronet_test_base.h"
10 #include "net/base/mac/url_conversions.h" 10 #include "net/base/mac/url_conversions.h"
(...skipping 122 matching lines...) Expand 10 before | Expand all | Expand 10 after
133 CalculatePublicKeySha256(*cert, &hash_value); 133 CalculatePublicKeySha256(*cert, &hash_value);
134 ASSERT_EQ(32ul, hash_value.size()); 134 ASSERT_EQ(32ul, hash_value.size());
135 NSData* matching_hash = 135 NSData* matching_hash =
136 [NSData dataWithBytes:hash_value.data() length:hash_value.size()]; 136 [NSData dataWithBytes:hash_value.data() length:hash_value.size()];
137 137
138 AddPkpAndStartCronet(server_host_, matching_hash, kEXCLUDE_SUBDOMAINS, 138 AddPkpAndStartCronet(server_host_, matching_hash, kEXCLUDE_SUBDOMAINS,
139 distant_future); 139 distant_future);
140 ASSERT_NO_FATAL_FAILURE(sendRequestAndAssertResult(request_url_, kSUCCESS)); 140 ASSERT_NO_FATAL_FAILURE(sendRequestAndAssertResult(request_url_, kSUCCESS));
141 } 141 }
142 142
143 TEST_F(PkpTest, TestBypass) {
144 [Cronet setMockCertVerifier:CreateMockCertVerifier({kSERVER_CERT}, NO)];
145 [Cronet setEnablePublicKeyPinningBypassForLocalTrustAnchors:YES];
mef 2017/06/13 21:12:42 This seems to test the default case as if it is no
146 AddPkpAndStartCronet(server_host_, NonMatchingHash(), kEXCLUDE_SUBDOMAINS,
147 distant_future);
148 ASSERT_NO_FATAL_FAILURE(sendRequestAndAssertResult(request_url_, kSUCCESS));
149 }
150
143 // Tests the case when the pin hash does not match and the client accesses the 151 // Tests the case when the pin hash does not match and the client accesses the
144 // subdomain of the configured PKP host with includeSubdomains flag set to true. 152 // subdomain of the configured PKP host with includeSubdomains flag set to true.
145 // The client is expected to receive the error response. 153 // The client is expected to receive the error response.
146 TEST_F(PkpTest, TestIncludeSubdomainsFlagEqualTrue) { 154 TEST_F(PkpTest, TestIncludeSubdomainsFlagEqualTrue) {
147 AddPkpAndStartCronet(domain_, NonMatchingHash(), kINCLUDE_SUBDOMAINS, 155 AddPkpAndStartCronet(domain_, NonMatchingHash(), kINCLUDE_SUBDOMAINS,
148 distant_future); 156 distant_future);
149 ASSERT_NO_FATAL_FAILURE(sendRequestAndAssertResult(request_url_, kERROR)); 157 ASSERT_NO_FATAL_FAILURE(sendRequestAndAssertResult(request_url_, kERROR));
150 } 158 }
151 159
152 // Tests the case when the pin hash does not match and the client accesses the 160 // Tests the case when the pin hash does not match and the client accesses the
(...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after
186 ASSERT_NO_FATAL_FAILURE(sendRequestAndAssertResult(request_url_, kERROR)); 194 ASSERT_NO_FATAL_FAILURE(sendRequestAndAssertResult(request_url_, kERROR));
187 [Cronet shutdownForTesting]; 195 [Cronet shutdownForTesting];
188 196
189 // Restart Cronet engine and try the same request again. Since the pins are 197 // Restart Cronet engine and try the same request again. Since the pins are
190 // not persisted, a successful response is expected. 198 // not persisted, a successful response is expected.
191 StartCronet(grpc_support::GetQuicTestServerPort()); 199 StartCronet(grpc_support::GetQuicTestServerPort());
192 ASSERT_NO_FATAL_FAILURE(sendRequestAndAssertResult(request_url_, kSUCCESS)); 200 ASSERT_NO_FATAL_FAILURE(sendRequestAndAssertResult(request_url_, kSUCCESS));
193 } 201 }
194 202
195 } // namespace cronet 203 } // namespace cronet
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698