Index: net/http/http_util_unittest.cc |
diff --git a/net/http/http_util_unittest.cc b/net/http/http_util_unittest.cc |
index 54acf68d3c3d52c3bc28aa4b0f9ee3603ac098cd..0c92c1c52086e4ff78577131b349180080d86789 100644 |
--- a/net/http/http_util_unittest.cc |
+++ b/net/http/http_util_unittest.cc |
@@ -5,8 +5,14 @@ |
#include <algorithm> |
#include "base/basictypes.h" |
+#include "base/files/file_path.h" |
#include "base/strings/string_util.h" |
+#include "net/base/test_data_directory.h" |
+#include "net/cert/cert_verify_result.h" |
#include "net/http/http_util.h" |
+#include "net/http/transport_security_state.h" |
+#include "net/ssl/ssl_info.h" |
+#include "net/test/cert_test_util.h" |
#include "testing/gtest/include/gtest/gtest.h" |
using net::HttpUtil; |
@@ -1071,3 +1077,74 @@ TEST(HttpUtilTest, NameValuePairsIteratorMissingEndQuote) { |
ASSERT_NO_FATAL_FAILURE(CheckNextNameValuePair( |
&parser, false, true, std::string(), std::string())); |
} |
+ |
+TEST(HttpUtilTest, CanPool) { |
+ // Load a cert that is valid for: |
+ // www.example.org |
+ // mail.example.org |
+ // www.example.com |
+ base::FilePath certs_dir = net::GetTestCertsDirectory(); |
+ |
+ net::TransportSecurityState tss; |
+ net::SSLInfo ssl_info; |
+ ssl_info.cert = net::ImportCertFromFile(certs_dir, "spdy_pooling.pem"); |
+ |
+ EXPECT_TRUE(net::HttpUtil::CanPool( |
+ &tss, ssl_info, "www.example.org", "www.example.org")); |
+ EXPECT_TRUE(net::HttpUtil::CanPool( |
+ &tss, ssl_info, "www.example.org", "mail.example.org")); |
+ EXPECT_TRUE(net::HttpUtil::CanPool( |
+ &tss, ssl_info, "www.example.org", "mail.example.com")); |
+ EXPECT_FALSE(net::HttpUtil::CanPool( |
+ &tss, ssl_info, "www.example.org", "mail.google.com")); |
+} |
+ |
+TEST(HttpUtilTest, CanNotPoolWithCertErrors) { |
+ // Load a cert that is valid for: |
+ // www.example.org |
+ // mail.example.org |
+ // www.example.com |
+ base::FilePath certs_dir = net::GetTestCertsDirectory(); |
+ |
+ net::TransportSecurityState tss; |
+ net::SSLInfo ssl_info; |
+ ssl_info.cert = net::ImportCertFromFile(certs_dir, "spdy_pooling.pem"); |
+ ssl_info.cert_status = net::CERT_STATUS_REVOKED; |
+ |
+ EXPECT_FALSE(net::HttpUtil::CanPool( |
+ &tss, ssl_info, "www.example.org", "mail.example.org")); |
+} |
+ |
+TEST(HttpUtilTest, CanNotPoolWithClientCerts) { |
+ // Load a cert that is valid for: |
+ // www.example.org |
+ // mail.example.org |
+ // www.example.com |
+ base::FilePath certs_dir = net::GetTestCertsDirectory(); |
+ |
+ net::TransportSecurityState tss; |
+ net::SSLInfo ssl_info; |
+ ssl_info.cert = net::ImportCertFromFile(certs_dir, "spdy_pooling.pem"); |
+ ssl_info.client_cert_sent = true; |
+ |
+ EXPECT_FALSE(net::HttpUtil::CanPool( |
+ &tss, ssl_info, "www.example.org", "mail.example.org")); |
+} |
+ |
+TEST(HttpUtilTest, CanNotPoolAcrossETLDsWithChannelID) { |
Ryan Sleevi
2014/08/07 18:49:29
Need pinning test
Ryan Hamilton
2014/08/08 19:27:43
Right, but I couldn't write such a test until we g
|
+ // Load a cert that is valid for: |
+ // www.example.org |
+ // mail.example.org |
+ // www.example.com |
+ base::FilePath certs_dir = net::GetTestCertsDirectory(); |
+ |
+ net::TransportSecurityState tss; |
+ net::SSLInfo ssl_info; |
+ ssl_info.cert = net::ImportCertFromFile(certs_dir, "spdy_pooling.pem"); |
+ ssl_info.channel_id_sent = true; |
+ |
+ EXPECT_TRUE(net::HttpUtil::CanPool( |
+ &tss, ssl_info, "www.example.org", "mail.example.org")); |
+ EXPECT_FALSE(net::HttpUtil::CanPool( |
+ &tss, ssl_info, "www.example.org", "www.example.com")); |
+} |