net/http/transport_security_state_unittest.cc - Issue 433123003: Centralize the logic for checking public key pins

Side by Side Diff: net/http/transport_security_state_unittest.cc

Issue 433123003: Centralize the logic for checking public key pins (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: make IsBuildTimely and ReportUMAOnPinFailure static, as per wtc Created 6 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/http/transport_security_state.h"	5 #include "net/http/transport_security_state.h"

6	6

7 #include <algorithm>	7 #include <algorithm>

8 #include <string>	8 #include <string>

9 #include <vector>	9 #include <vector>

10	10

(...skipping 19 matching lines...) Expand all Loading...
30	30

31 #if defined(USE_OPENSSL)	31 #if defined(USE_OPENSSL)

32 #include "crypto/openssl_util.h"	32 #include "crypto/openssl_util.h"

33 #else	33 #else

34 #include "crypto/nss_util.h"	34 #include "crypto/nss_util.h"

35 #endif	35 #endif

36	36

37 namespace net {	37 namespace net {

38	38

39 class TransportSecurityStateTest : public testing::Test {	39 class TransportSecurityStateTest : public testing::Test {

	40 public:

40 virtual void SetUp() {	41 virtual void SetUp() {

41 #if defined(USE_OPENSSL)	42 #if defined(USE_OPENSSL)

42 crypto::EnsureOpenSSLInit();	43 crypto::EnsureOpenSSLInit();

43 #else	44 #else

44 crypto::EnsureNSSInit();	45 crypto::EnsureNSSInit();

45 #endif	46 #endif

46 }	47 }

47	48

	49 static void DisableStaticPinning(TransportSecurityState* state) {

	50 state->enable_static_pinning_ = false;

	51 }

	52

	53 static void EnableStaticPinning(TransportSecurityState* state) {
	wtc 2014/08/07 23:39:13 These methods (and the EnableStaticPinning test) s These methods (and the EnableStaticPinning test) should be renamed DisableStaticPins and EnableStaticPins if enable_static_pinning_ is renamed enable_static_pins_. Ryan Hamilton 2014/08/08 00:54:01 Done. Show quoted text On 2014/08/07 23:39:13, wtc wrote: > > These methods (and the EnableStaticPinning test) should be renamed > DisableStaticPins and EnableStaticPins if enable_static_pinning_ is renamed > enable_static_pins_. Done.
	54 state->enable_static_pinning_ = true;

	55 }

	56

48 protected:	57 protected:

49 bool GetStaticDomainState(TransportSecurityState* state,	58 bool GetStaticDomainState(TransportSecurityState* state,

50 const std::string& host,	59 const std::string& host,

51 bool sni_enabled,	60 bool sni_enabled,

52 TransportSecurityState::DomainState* result) {	61 TransportSecurityState::DomainState* result) {

53 return state->GetStaticDomainState(host, sni_enabled, result);	62 return state->GetStaticDomainState(host, sni_enabled, result);

54 }	63 }

55	64

56 void EnableHost(TransportSecurityState* state,	65 void EnableHost(TransportSecurityState* state,

57 const std::string& host,	66 const std::string& host,

(...skipping 97 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
155 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);	164 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);

156 bool include_subdomains = false;	165 bool include_subdomains = false;

157 state.AddHSTS("yahoo.com", expiry, include_subdomains);	166 state.AddHSTS("yahoo.com", expiry, include_subdomains);

158	167

159 EXPECT_TRUE(state.GetDynamicDomainState("yahoo.com", &domain_state));	168 EXPECT_TRUE(state.GetDynamicDomainState("yahoo.com", &domain_state));

160 EXPECT_FALSE(state.GetDynamicDomainState("example.com", &domain_state));	169 EXPECT_FALSE(state.GetDynamicDomainState("example.com", &domain_state));

161 EXPECT_TRUE(state.DeleteDynamicDataForHost("yahoo.com"));	170 EXPECT_TRUE(state.DeleteDynamicDataForHost("yahoo.com"));

162 EXPECT_FALSE(state.GetDynamicDomainState("yahoo.com", &domain_state));	171 EXPECT_FALSE(state.GetDynamicDomainState("yahoo.com", &domain_state));

163 }	172 }

164	173

	174 TEST_F(TransportSecurityStateTest, EnableStaticPinning) {

	175 TransportSecurityState state;

	176 TransportSecurityState::DomainState domain_state;

	177

	178 EnableStaticPinning(&state);

	179 EXPECT_TRUE(

	180 state.GetStaticDomainState("chrome.google.com", true, &domain_state));

	181

	182 DisableStaticPinning(&state);

	183 EXPECT_FALSE(

	184 state.GetStaticDomainState("chrome.google.com", true, &domain_state));

	185 }

	186

165 TEST_F(TransportSecurityStateTest, IsPreloaded) {	187 TEST_F(TransportSecurityStateTest, IsPreloaded) {

166 const std::string paypal = "paypal.com";	188 const std::string paypal = "paypal.com";

167 const std::string www_paypal = "www.paypal.com";	189 const std::string www_paypal = "www.paypal.com";

168 const std::string foo_paypal = "foo.paypal.com";	190 const std::string foo_paypal = "foo.paypal.com";

169 const std::string a_www_paypal = "a.www.paypal.com";	191 const std::string a_www_paypal = "a.www.paypal.com";

170 const std::string abc_paypal = "a.b.c.paypal.com";	192 const std::string abc_paypal = "a.b.c.paypal.com";

171 const std::string example = "example.com";	193 const std::string example = "example.com";

172 const std::string aypal = "aypal.com";	194 const std::string aypal = "aypal.com";

173	195

174 TransportSecurityState state;	196 TransportSecurityState state;

	197 EnableStaticPinning(&state);
	Ryan Sleevi 2014/08/07 23:48:40 Let's make this test more explicit about the STS b Let's make this test more explicit about the STS bit vs the PKP part Delete this line, and remove line 203 Ryan Hamilton 2014/08/08 00:54:00 Done. Show quoted text On 2014/08/07 23:48:40, Ryan Sleevi wrote: > Let's make this test more explicit about the STS bit vs the PKP part > > Delete this line, and remove line 203 Done.
175 TransportSecurityState::DomainState domain_state;	198 TransportSecurityState::DomainState domain_state;

176	199

177 EXPECT_TRUE(GetStaticDomainState(&state, paypal, true, &domain_state));	200 EXPECT_TRUE(GetStaticDomainState(&state, paypal, true, &domain_state));

178 EXPECT_TRUE(GetStaticDomainState(&state, www_paypal, true, &domain_state));	201 EXPECT_TRUE(GetStaticDomainState(&state, www_paypal, true, &domain_state));

179 EXPECT_FALSE(domain_state.sts.include_subdomains);	202 EXPECT_FALSE(domain_state.sts.include_subdomains);

180 EXPECT_FALSE(domain_state.pkp.include_subdomains);	203 EXPECT_FALSE(domain_state.pkp.include_subdomains);

181 EXPECT_FALSE(GetStaticDomainState(&state, a_www_paypal, true, &domain_state));	204 EXPECT_FALSE(GetStaticDomainState(&state, a_www_paypal, true, &domain_state));

182 EXPECT_FALSE(GetStaticDomainState(&state, abc_paypal, true, &domain_state));	205 EXPECT_FALSE(GetStaticDomainState(&state, abc_paypal, true, &domain_state));

183 EXPECT_FALSE(GetStaticDomainState(&state, example, true, &domain_state));	206 EXPECT_FALSE(GetStaticDomainState(&state, example, true, &domain_state));

184 EXPECT_FALSE(GetStaticDomainState(&state, aypal, true, &domain_state));	207 EXPECT_FALSE(GetStaticDomainState(&state, aypal, true, &domain_state));

185 }	208 }

186	209

187 TEST_F(TransportSecurityStateTest, PreloadedDomainSet) {	210 TEST_F(TransportSecurityStateTest, PreloadedDomainSet) {

188 TransportSecurityState state;	211 TransportSecurityState state;

	212 EnableStaticPinning(&state);
	Ryan Sleevi 2014/08/07 23:48:39 Remove this Remove this Ryan Hamilton 2014/08/08 00:54:00 Done. Show quoted text On 2014/08/07 23:48:39, Ryan Sleevi wrote: > Remove this Done.
189 TransportSecurityState::DomainState domain_state;	213 TransportSecurityState::DomainState domain_state;

190	214

191 // The domain wasn't being set, leading to a blank string in the	215 // The domain wasn't being set, leading to a blank string in the

192 // chrome://net-internals/#hsts UI. So test that.	216 // chrome://net-internals/#hsts UI. So test that.

193 EXPECT_TRUE(	217 EXPECT_TRUE(

194 state.GetStaticDomainState("market.android.com", true, &domain_state));	218 state.GetStaticDomainState("market.android.com", true, &domain_state));

195 EXPECT_EQ(domain_state.domain, "market.android.com");	219 EXPECT_EQ(domain_state.domain, "market.android.com");

196 EXPECT_TRUE(state.GetStaticDomainState(	220 EXPECT_TRUE(state.GetStaticDomainState(

197 "sub.market.android.com", true, &domain_state));	221 "sub.market.android.com", true, &domain_state));

198 EXPECT_EQ(domain_state.domain, "market.android.com");	222 EXPECT_EQ(domain_state.domain, "market.android.com");

199 }	223 }

200	224

201 static bool StaticShouldRedirect(const char* hostname) {	225 static bool StaticShouldRedirect(const char* hostname) {

202 TransportSecurityState state;	226 TransportSecurityState state;

	227 TransportSecurityStateTest::EnableStaticPinning(&state);
	Ryan Sleevi 2014/08/07 23:48:39 Definitely removed - would have caught this bug :) Definitely removed - would have caught this bug :) Ryan Hamilton 2014/08/08 00:54:01 Done. Show quoted text On 2014/08/07 23:48:39, Ryan Sleevi wrote: > Definitely removed - would have caught this bug :) Done.
203 TransportSecurityState::DomainState domain_state;	228 TransportSecurityState::DomainState domain_state;

204 return state.GetStaticDomainState(	229 return state.GetStaticDomainState(

205 hostname, true /* SNI ok */, &domain_state) &&	230 hostname, true /* SNI ok */, &domain_state) &&

206 domain_state.ShouldUpgradeToSSL();	231 domain_state.ShouldUpgradeToSSL();

207 }	232 }

208	233

209 static bool HasStaticState(const char* hostname) {	234 static bool HasStaticState(const char* hostname) {

210 TransportSecurityState state;	235 TransportSecurityState state;

	236 TransportSecurityStateTest::EnableStaticPinning(&state);
	Ryan Sleevi 2014/08/07 23:48:39 This should be removed, I think. At least from the This should be removed, I think. At least from the usage. Ryan Hamilton 2014/08/08 00:54:00 Done. Show quoted text On 2014/08/07 23:48:39, Ryan Sleevi wrote: > This should be removed, I think. At least from the usage. Done.
211 TransportSecurityState::DomainState domain_state;	237 TransportSecurityState::DomainState domain_state;

212 return state.GetStaticDomainState(hostname, true /* SNI ok */, &domain_state);	238 return state.GetStaticDomainState(hostname, true /* SNI ok */, &domain_state);

213 }	239 }

214	240

215 static bool HasStaticPublicKeyPins(const char* hostname, bool sni_enabled) {	241 static bool HasStaticPublicKeyPins(const char* hostname, bool sni_enabled) {

216 TransportSecurityState state;	242 TransportSecurityState state;

	243 TransportSecurityStateTest::EnableStaticPinning(&state);

217 TransportSecurityState::DomainState domain_state;	244 TransportSecurityState::DomainState domain_state;

218 if (!state.GetStaticDomainState(hostname, sni_enabled, &domain_state))	245 if (!state.GetStaticDomainState(hostname, sni_enabled, &domain_state))

219 return false;	246 return false;

220	247

221 return domain_state.HasPublicKeyPins();	248 return domain_state.HasPublicKeyPins();

222 }	249 }

223	250

224 static bool HasStaticPublicKeyPins(const char* hostname) {	251 static bool HasStaticPublicKeyPins(const char* hostname) {

225 return HasStaticPublicKeyPins(hostname, true);	252 return HasStaticPublicKeyPins(hostname, true);

226 }	253 }

227	254

228 static bool OnlyPinningInStaticState(const char* hostname) {	255 static bool OnlyPinningInStaticState(const char* hostname) {

229 TransportSecurityState state;	256 TransportSecurityState state;

	257 TransportSecurityStateTest::EnableStaticPinning(&state);

230 TransportSecurityState::DomainState domain_state;	258 TransportSecurityState::DomainState domain_state;

231 if (!state.GetStaticDomainState(hostname, true /* SNI ok */, &domain_state))	259 if (!state.GetStaticDomainState(hostname, true /* SNI ok */, &domain_state))

232 return false;	260 return false;

233	261

234 return (domain_state.pkp.spki_hashes.size() > 0 \|\|	262 return (domain_state.pkp.spki_hashes.size() > 0 \|\|

235 domain_state.pkp.bad_spki_hashes.size() > 0) &&	263 domain_state.pkp.bad_spki_hashes.size() > 0) &&

236 !domain_state.ShouldUpgradeToSSL();	264 !domain_state.ShouldUpgradeToSSL();

237 }	265 }

238	266

239 TEST_F(TransportSecurityStateTest, Preloaded) {	267 TEST_F(TransportSecurityStateTest, Preloaded) {

240 TransportSecurityState state;	268 TransportSecurityState state;

	269 EnableStaticPinning(&state);
	Ryan Sleevi 2014/08/07 23:48:40 So, we should probably split this in two, with onl So, we should probably split this in two, with only the latter calling EnableStaticPinning which domains you need to transfer over "should" be easy - the OnlyPinningInStaticState / HasStaticPublicPins tests move over. I'm not sure how we got here, since BuiltinCertPins was meant to be this split (in that it only tests for pinning data). You should be able to do a superbowl shuffle of those few pinned bits into the BuiltinCertPins Ryan Hamilton 2014/08/08 00:54:00 Done. Show quoted text On 2014/08/07 23:48:40, Ryan Sleevi wrote: > So, we should probably split this in two, with only the latter calling > EnableStaticPinning > > which domains you need to transfer over "should" be easy - the > OnlyPinningInStaticState / HasStaticPublicPins tests move over. > > I'm not sure how we got here, since BuiltinCertPins was meant to be this split > (in that it only tests for pinning data). You should be able to do a superbowl > shuffle of those few pinned bits into the BuiltinCertPins Done.
241 TransportSecurityState::DomainState domain_state;	270 TransportSecurityState::DomainState domain_state;

242	271

243 // We do more extensive checks for the first domain.	272 // We do more extensive checks for the first domain.

244 EXPECT_TRUE(	273 EXPECT_TRUE(

245 state.GetStaticDomainState("www.paypal.com", true, &domain_state));	274 state.GetStaticDomainState("www.paypal.com", true, &domain_state));

246 EXPECT_EQ(domain_state.sts.upgrade_mode,	275 EXPECT_EQ(domain_state.sts.upgrade_mode,

247 TransportSecurityState::DomainState::MODE_FORCE_HTTPS);	276 TransportSecurityState::DomainState::MODE_FORCE_HTTPS);

248 EXPECT_FALSE(domain_state.sts.include_subdomains);	277 EXPECT_FALSE(domain_state.sts.include_subdomains);

249 EXPECT_FALSE(domain_state.pkp.include_subdomains);	278 EXPECT_FALSE(domain_state.pkp.include_subdomains);

250	279

(...skipping 237 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
488 "lookupByWaveIdHashAndWaveIdIdAndWaveIdDomainAndWaveletIdIdAnd"	517 "lookupByWaveIdHashAndWaveIdIdAndWaveIdDomainAndWaveletIdIdAnd"

489 "WaveletIdDomainAndBlipBlipid";	518 "WaveletIdDomainAndBlipBlipid";

490 TransportSecurityState::DomainState domain_state;	519 TransportSecurityState::DomainState domain_state;

491 // Just checks that we don't hit a NOTREACHED.	520 // Just checks that we don't hit a NOTREACHED.

492 EXPECT_FALSE(state.GetStaticDomainState(kLongName, true, &domain_state));	521 EXPECT_FALSE(state.GetStaticDomainState(kLongName, true, &domain_state));

493 EXPECT_FALSE(state.GetDynamicDomainState(kLongName, &domain_state));	522 EXPECT_FALSE(state.GetDynamicDomainState(kLongName, &domain_state));

494 }	523 }

495	524

496 TEST_F(TransportSecurityStateTest, BuiltinCertPins) {	525 TEST_F(TransportSecurityStateTest, BuiltinCertPins) {

497 TransportSecurityState state;	526 TransportSecurityState state;

	527 EnableStaticPinning(&state);

498 TransportSecurityState::DomainState domain_state;	528 TransportSecurityState::DomainState domain_state;

499	529

500 EXPECT_TRUE(	530 EXPECT_TRUE(

501 state.GetStaticDomainState("chrome.google.com", true, &domain_state));	531 state.GetStaticDomainState("chrome.google.com", true, &domain_state));

502 EXPECT_TRUE(HasStaticPublicKeyPins("chrome.google.com"));	532 EXPECT_TRUE(HasStaticPublicKeyPins("chrome.google.com"));

503	533

504 HashValueVector hashes;	534 HashValueVector hashes;

505 std::string failure_log;	535 std::string failure_log;

506 // Checks that a built-in list does exist.	536 // Checks that a built-in list does exist.

507 EXPECT_FALSE(domain_state.CheckPublicKeyPins(hashes, &failure_log));	537 EXPECT_FALSE(domain_state.CheckPublicKeyPins(hashes, &failure_log));

(...skipping 19 matching lines...) Expand all Loading...
527 EXPECT_TRUE(HasStaticPublicKeyPins("plus.google.com"));	557 EXPECT_TRUE(HasStaticPublicKeyPins("plus.google.com"));

528 EXPECT_TRUE(HasStaticPublicKeyPins("groups.google.com"));	558 EXPECT_TRUE(HasStaticPublicKeyPins("groups.google.com"));

529 EXPECT_TRUE(HasStaticPublicKeyPins("apis.google.com"));	559 EXPECT_TRUE(HasStaticPublicKeyPins("apis.google.com"));

530	560

531 EXPECT_TRUE(HasStaticPublicKeyPins("ssl.gstatic.com"));	561 EXPECT_TRUE(HasStaticPublicKeyPins("ssl.gstatic.com"));

532 EXPECT_TRUE(HasStaticPublicKeyPins("gstatic.com"));	562 EXPECT_TRUE(HasStaticPublicKeyPins("gstatic.com"));

533 EXPECT_TRUE(HasStaticPublicKeyPins("www.gstatic.com"));	563 EXPECT_TRUE(HasStaticPublicKeyPins("www.gstatic.com"));

534 EXPECT_TRUE(HasStaticPublicKeyPins("ssl.google-analytics.com"));	564 EXPECT_TRUE(HasStaticPublicKeyPins("ssl.google-analytics.com"));

535 EXPECT_TRUE(HasStaticPublicKeyPins("www.googleplex.com"));	565 EXPECT_TRUE(HasStaticPublicKeyPins("www.googleplex.com"));

536	566

537 // Disabled in order to help track down pinning failures --agl	567 // Disabled in order to help track down pinning failures --agl
	Ryan Sleevi 2014/08/07 23:48:39 Cough Let's nuke this comment ;) Cough Let's nuke this comment ;) Ryan Hamilton 2014/08/08 00:54:00 Done. Show quoted text On 2014/08/07 23:48:39, Ryan Sleevi wrote: > Cough Let's nuke this comment ;) Done.
538 EXPECT_TRUE(HasStaticPublicKeyPins("twitter.com"));	568 EXPECT_TRUE(HasStaticPublicKeyPins("twitter.com"));

539 EXPECT_FALSE(HasStaticPublicKeyPins("foo.twitter.com"));	569 EXPECT_FALSE(HasStaticPublicKeyPins("foo.twitter.com"));

540 EXPECT_TRUE(HasStaticPublicKeyPins("www.twitter.com"));	570 EXPECT_TRUE(HasStaticPublicKeyPins("www.twitter.com"));

541 EXPECT_TRUE(HasStaticPublicKeyPins("api.twitter.com"));	571 EXPECT_TRUE(HasStaticPublicKeyPins("api.twitter.com"));

542 EXPECT_TRUE(HasStaticPublicKeyPins("oauth.twitter.com"));	572 EXPECT_TRUE(HasStaticPublicKeyPins("oauth.twitter.com"));

543 EXPECT_TRUE(HasStaticPublicKeyPins("mobile.twitter.com"));	573 EXPECT_TRUE(HasStaticPublicKeyPins("mobile.twitter.com"));

544 EXPECT_TRUE(HasStaticPublicKeyPins("dev.twitter.com"));	574 EXPECT_TRUE(HasStaticPublicKeyPins("dev.twitter.com"));

545 EXPECT_TRUE(HasStaticPublicKeyPins("business.twitter.com"));	575 EXPECT_TRUE(HasStaticPublicKeyPins("business.twitter.com"));

546 EXPECT_TRUE(HasStaticPublicKeyPins("platform.twitter.com"));	576 EXPECT_TRUE(HasStaticPublicKeyPins("platform.twitter.com"));

547 EXPECT_TRUE(HasStaticPublicKeyPins("si0.twimg.com"));	577 EXPECT_TRUE(HasStaticPublicKeyPins("si0.twimg.com"));

(...skipping 30 matching lines...) Expand all Loading...
578 HashValueVector good_hashes, bad_hashes;	608 HashValueVector good_hashes, bad_hashes;

579	609

580 for (size_t i = 0; kGoodPath[i]; i++) {	610 for (size_t i = 0; kGoodPath[i]; i++) {

581 EXPECT_TRUE(AddHash(kGoodPath[i], &good_hashes));	611 EXPECT_TRUE(AddHash(kGoodPath[i], &good_hashes));

582 }	612 }

583 for (size_t i = 0; kBadPath[i]; i++) {	613 for (size_t i = 0; kBadPath[i]; i++) {

584 EXPECT_TRUE(AddHash(kBadPath[i], &bad_hashes));	614 EXPECT_TRUE(AddHash(kBadPath[i], &bad_hashes));

585 }	615 }

586	616

587 TransportSecurityState state;	617 TransportSecurityState state;

	618 EnableStaticPinning(&state);

	619

588 TransportSecurityState::DomainState domain_state;	620 TransportSecurityState::DomainState domain_state;

589 EXPECT_TRUE(	621 EXPECT_TRUE(

590 state.GetStaticDomainState("blog.torproject.org", true, &domain_state));	622 state.GetStaticDomainState("blog.torproject.org", true, &domain_state));

591 EXPECT_TRUE(domain_state.HasPublicKeyPins());	623 EXPECT_TRUE(domain_state.HasPublicKeyPins());

592	624

593 std::string failure_log;	625 std::string failure_log;

594 EXPECT_TRUE(domain_state.CheckPublicKeyPins(good_hashes, &failure_log));	626 EXPECT_TRUE(domain_state.CheckPublicKeyPins(good_hashes, &failure_log));

595 EXPECT_FALSE(domain_state.CheckPublicKeyPins(bad_hashes, &failure_log));	627 EXPECT_FALSE(domain_state.CheckPublicKeyPins(bad_hashes, &failure_log));

596 }	628 }

597	629

598 TEST_F(TransportSecurityStateTest, OptionalHSTSCertPins) {	630 TEST_F(TransportSecurityStateTest, OptionalHSTSCertPins) {

599 TransportSecurityState state;	631 TransportSecurityState state;

	632 EnableStaticPinning(&state);

600 TransportSecurityState::DomainState domain_state;	633 TransportSecurityState::DomainState domain_state;

601	634

602 EXPECT_FALSE(StaticShouldRedirect("www.google-analytics.com"));	635 EXPECT_FALSE(StaticShouldRedirect("www.google-analytics.com"));

603	636

604 EXPECT_FALSE(HasStaticPublicKeyPins("www.google-analytics.com", false));	637 EXPECT_FALSE(HasStaticPublicKeyPins("www.google-analytics.com", false));

605 EXPECT_TRUE(HasStaticPublicKeyPins("www.google-analytics.com"));	638 EXPECT_TRUE(HasStaticPublicKeyPins("www.google-analytics.com"));

606 EXPECT_TRUE(HasStaticPublicKeyPins("google.com"));	639 EXPECT_TRUE(HasStaticPublicKeyPins("google.com"));

607 EXPECT_TRUE(HasStaticPublicKeyPins("www.google.com"));	640 EXPECT_TRUE(HasStaticPublicKeyPins("www.google.com"));

608 EXPECT_TRUE(HasStaticPublicKeyPins("mail-attachment.googleusercontent.com"));	641 EXPECT_TRUE(HasStaticPublicKeyPins("mail-attachment.googleusercontent.com"));

609 EXPECT_TRUE(HasStaticPublicKeyPins("www.youtube.com"));	642 EXPECT_TRUE(HasStaticPublicKeyPins("www.youtube.com"));

(...skipping 12 matching lines...) Expand all Loading...
622 EXPECT_TRUE(HasStaticPublicKeyPins("a.googlegroups.com"));	655 EXPECT_TRUE(HasStaticPublicKeyPins("a.googlegroups.com"));

623 EXPECT_FALSE(HasStaticPublicKeyPins("a.googlegroups.com", false));	656 EXPECT_FALSE(HasStaticPublicKeyPins("a.googlegroups.com", false));

624 }	657 }

625	658

626 TEST_F(TransportSecurityStateTest, OverrideBuiltins) {	659 TEST_F(TransportSecurityStateTest, OverrideBuiltins) {

627 EXPECT_TRUE(HasStaticPublicKeyPins("google.com"));	660 EXPECT_TRUE(HasStaticPublicKeyPins("google.com"));

628 EXPECT_FALSE(StaticShouldRedirect("google.com"));	661 EXPECT_FALSE(StaticShouldRedirect("google.com"));

629 EXPECT_FALSE(StaticShouldRedirect("www.google.com"));	662 EXPECT_FALSE(StaticShouldRedirect("www.google.com"));

630	663

631 TransportSecurityState state;	664 TransportSecurityState state;

	665 EnableStaticPinning(&state);
	Ryan Sleevi 2014/08/07 23:48:39 This should be removed. This is an HSTS test. This should be removed. This is an HSTS test. Ryan Hamilton 2014/08/08 00:54:00 Done. Show quoted text On 2014/08/07 23:48:39, Ryan Sleevi wrote: > This should be removed. This is an HSTS test. Done.
632 TransportSecurityState::DomainState domain_state;	666 TransportSecurityState::DomainState domain_state;

633 const base::Time current_time(base::Time::Now());	667 const base::Time current_time(base::Time::Now());

634 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);	668 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);

635 domain_state.sts.expiry = expiry;	669 domain_state.sts.expiry = expiry;

636 EnableHost(&state, "www.google.com", domain_state);	670 EnableHost(&state, "www.google.com", domain_state);

637	671

638 EXPECT_TRUE(state.GetDynamicDomainState("www.google.com", &domain_state));	672 EXPECT_TRUE(state.GetDynamicDomainState("www.google.com", &domain_state));

639 }	673 }

640	674

641 TEST_F(TransportSecurityStateTest, GooglePinnedProperties) {	675 TEST_F(TransportSecurityStateTest, GooglePinnedProperties) {

(...skipping 53 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
695 // Expect to fail for SNI hosts when not searching the SNI list:	729 // Expect to fail for SNI hosts when not searching the SNI list:

696 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty(	730 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty(

697 "gmail.com", false));	731 "gmail.com", false));

698 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty(	732 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty(

699 "googlegroups.com", false));	733 "googlegroups.com", false));

700 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty(	734 EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty(

701 "www.googlegroups.com", false));	735 "www.googlegroups.com", false));

702 }	736 }

703	737

704 } // namespace net	738 } // namespace net

OLD	NEW

« net/http/transport_security_state.cc ('K') | « net/http/transport_security_state.cc ('k') | net/quic/crypto/proof_verifier_chromium.cc » ('j') | no next file with comments »