OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <algorithm> | 5 #include <algorithm> |
6 | 6 |
7 #include "base/basictypes.h" | 7 #include "base/basictypes.h" |
8 #include "base/files/file_path.h" | |
8 #include "base/strings/string_util.h" | 9 #include "base/strings/string_util.h" |
10 #include "net/base/test_data_directory.h" | |
11 #include "net/cert/cert_verify_result.h" | |
9 #include "net/http/http_util.h" | 12 #include "net/http/http_util.h" |
13 #include "net/http/transport_security_state.h" | |
14 #include "net/ssl/ssl_info.h" | |
15 #include "net/test/cert_test_util.h" | |
10 #include "testing/gtest/include/gtest/gtest.h" | 16 #include "testing/gtest/include/gtest/gtest.h" |
11 | 17 |
12 using net::HttpUtil; | 18 using net::HttpUtil; |
13 | 19 |
14 namespace { | 20 namespace { |
15 class HttpUtilTest : public testing::Test {}; | 21 class HttpUtilTest : public testing::Test {}; |
16 } | 22 } |
17 | 23 |
18 TEST(HttpUtilTest, IsSafeHeader) { | 24 TEST(HttpUtilTest, IsSafeHeader) { |
19 static const char* unsafe_headers[] = { | 25 static const char* unsafe_headers[] = { |
(...skipping 1044 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1064 TEST(HttpUtilTest, NameValuePairsIteratorMissingEndQuote) { | 1070 TEST(HttpUtilTest, NameValuePairsIteratorMissingEndQuote) { |
1065 std::string data = "name='value"; | 1071 std::string data = "name='value"; |
1066 HttpUtil::NameValuePairsIterator parser(data.begin(), data.end(), ';'); | 1072 HttpUtil::NameValuePairsIterator parser(data.begin(), data.end(), ';'); |
1067 EXPECT_TRUE(parser.valid()); | 1073 EXPECT_TRUE(parser.valid()); |
1068 | 1074 |
1069 ASSERT_NO_FATAL_FAILURE( | 1075 ASSERT_NO_FATAL_FAILURE( |
1070 CheckNextNameValuePair(&parser, true, true, "name", "value")); | 1076 CheckNextNameValuePair(&parser, true, true, "name", "value")); |
1071 ASSERT_NO_FATAL_FAILURE(CheckNextNameValuePair( | 1077 ASSERT_NO_FATAL_FAILURE(CheckNextNameValuePair( |
1072 &parser, false, true, std::string(), std::string())); | 1078 &parser, false, true, std::string(), std::string())); |
1073 } | 1079 } |
1080 | |
1081 TEST(HttpUtilTest, CanPool) { | |
1082 // Load a cert that is valid for: | |
1083 // www.example.org | |
1084 // mail.example.org | |
1085 // www.example.com | |
1086 base::FilePath certs_dir = net::GetTestCertsDirectory(); | |
1087 | |
1088 net::TransportSecurityState tss; | |
1089 net::SSLInfo ssl_info; | |
1090 ssl_info.cert = net::ImportCertFromFile(certs_dir, "spdy_pooling.pem"); | |
1091 | |
1092 EXPECT_TRUE(net::HttpUtil::CanPool( | |
1093 &tss, ssl_info, "www.example.org", "www.example.org")); | |
1094 EXPECT_TRUE(net::HttpUtil::CanPool( | |
1095 &tss, ssl_info, "www.example.org", "mail.example.org")); | |
1096 EXPECT_TRUE(net::HttpUtil::CanPool( | |
1097 &tss, ssl_info, "www.example.org", "mail.example.com")); | |
1098 EXPECT_FALSE(net::HttpUtil::CanPool( | |
1099 &tss, ssl_info, "www.example.org", "mail.google.com")); | |
1100 } | |
1101 | |
1102 TEST(HttpUtilTest, CanNotPoolWithCertErrors) { | |
1103 // Load a cert that is valid for: | |
1104 // www.example.org | |
1105 // mail.example.org | |
1106 // www.example.com | |
1107 base::FilePath certs_dir = net::GetTestCertsDirectory(); | |
1108 | |
1109 net::TransportSecurityState tss; | |
1110 net::SSLInfo ssl_info; | |
1111 ssl_info.cert = net::ImportCertFromFile(certs_dir, "spdy_pooling.pem"); | |
1112 ssl_info.cert_status = net::CERT_STATUS_REVOKED; | |
1113 | |
1114 EXPECT_FALSE(net::HttpUtil::CanPool( | |
1115 &tss, ssl_info, "www.example.org", "mail.example.org")); | |
1116 } | |
1117 | |
1118 TEST(HttpUtilTest, CanNotPoolWithClientCerts) { | |
1119 // Load a cert that is valid for: | |
1120 // www.example.org | |
1121 // mail.example.org | |
1122 // www.example.com | |
1123 base::FilePath certs_dir = net::GetTestCertsDirectory(); | |
1124 | |
1125 net::TransportSecurityState tss; | |
1126 net::SSLInfo ssl_info; | |
1127 ssl_info.cert = net::ImportCertFromFile(certs_dir, "spdy_pooling.pem"); | |
1128 ssl_info.client_cert_sent = true; | |
1129 | |
1130 EXPECT_FALSE(net::HttpUtil::CanPool( | |
1131 &tss, ssl_info, "www.example.org", "mail.example.org")); | |
1132 } | |
1133 | |
1134 TEST(HttpUtilTest, CanNotPoolAcrossETLDsWithChannelID) { | |
Ryan Sleevi
2014/08/07 18:49:29
Need pinning test
Ryan Hamilton
2014/08/08 19:27:43
Right, but I couldn't write such a test until we g
| |
1135 // Load a cert that is valid for: | |
1136 // www.example.org | |
1137 // mail.example.org | |
1138 // www.example.com | |
1139 base::FilePath certs_dir = net::GetTestCertsDirectory(); | |
1140 | |
1141 net::TransportSecurityState tss; | |
1142 net::SSLInfo ssl_info; | |
1143 ssl_info.cert = net::ImportCertFromFile(certs_dir, "spdy_pooling.pem"); | |
1144 ssl_info.channel_id_sent = true; | |
1145 | |
1146 EXPECT_TRUE(net::HttpUtil::CanPool( | |
1147 &tss, ssl_info, "www.example.org", "mail.example.org")); | |
1148 EXPECT_FALSE(net::HttpUtil::CanPool( | |
1149 &tss, ssl_info, "www.example.org", "www.example.com")); | |
1150 } | |
OLD | NEW |