Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(365)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/http/transport_security_state_unittest.cc

Issue 19269012: Don't persist HPKP if PrivacyMode is enabled. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Address codereview nit and fix compilation error in OFFICIAL_BUILD. Created 7 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/http/transport_security_state.cc ('k') | net/socket/ssl_client_socket_nss.cc » ('j') | net/socket/ssl_client_socket_nss.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/http/transport_security_state_unittest.cc
diff --git a/net/http/transport_security_state_unittest.cc b/net/http/transport_security_state_unittest.cc
index 936d5628249a557959d5307e84eb55db2524e28d..4c78f269da829ec712d0668a1700e8f0c38647cb 100644
--- a/net/http/transport_security_state_unittest.cc
+++ b/net/http/transport_security_state_unittest.cc
@@ -70,10 +70,10 @@ TEST_F(TransportSecurityStateTest, SimpleMatches) {
const base::Time current_time(base::Time::Now());
const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
- EXPECT_FALSE(state.GetDomainState("yahoo.com", true, &domain_state));
+ EXPECT_FALSE(state.GetDomainState("yahoo.com", true, true, &domain_state));
bool include_subdomains = false;
state.AddHSTS("yahoo.com", expiry, include_subdomains);
- EXPECT_TRUE(state.GetDomainState("yahoo.com", true, &domain_state));
+ EXPECT_TRUE(state.GetDomainState("yahoo.com", true, true, &domain_state));
}
TEST_F(TransportSecurityStateTest, MatchesCase1) {
@@ -82,10 +82,10 @@ TEST_F(TransportSecurityStateTest, MatchesCase1) {
const base::Time current_time(base::Time::Now());
const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
- EXPECT_FALSE(state.GetDomainState("yahoo.com", true, &domain_state));
+ EXPECT_FALSE(state.GetDomainState("yahoo.com", true, true, &domain_state));
bool include_subdomains = false;
state.AddHSTS("YAhoo.coM", expiry, include_subdomains);
- EXPECT_TRUE(state.GetDomainState("yahoo.com", true, &domain_state));
+ EXPECT_TRUE(state.GetDomainState("yahoo.com", true, true, &domain_state));
}
TEST_F(TransportSecurityStateTest, MatchesCase2) {
@@ -94,10 +94,10 @@ TEST_F(TransportSecurityStateTest, MatchesCase2) {
const base::Time current_time(base::Time::Now());
const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
- EXPECT_FALSE(state.GetDomainState("YAhoo.coM", true, &domain_state));
+ EXPECT_FALSE(state.GetDomainState("YAhoo.coM", true, true, &domain_state));
bool include_subdomains = false;
state.AddHSTS("yahoo.com", expiry, include_subdomains);
- EXPECT_TRUE(state.GetDomainState("YAhoo.coM", true, &domain_state));
+ EXPECT_TRUE(state.GetDomainState("YAhoo.coM", true, true, &domain_state));
}
TEST_F(TransportSecurityStateTest, SubdomainMatches) {
@@ -106,15 +106,16 @@ TEST_F(TransportSecurityStateTest, SubdomainMatches) {
const base::Time current_time(base::Time::Now());
const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
- EXPECT_FALSE(state.GetDomainState("yahoo.com", true, &domain_state));
+ EXPECT_FALSE(state.GetDomainState("yahoo.com", true, true, &domain_state));
bool include_subdomains = true;
state.AddHSTS("yahoo.com", expiry, include_subdomains);
- EXPECT_TRUE(state.GetDomainState("yahoo.com", true, &domain_state));
- EXPECT_TRUE(state.GetDomainState("foo.yahoo.com", true, &domain_state));
- EXPECT_TRUE(state.GetDomainState("foo.bar.yahoo.com", true, &domain_state));
- EXPECT_TRUE(state.GetDomainState("foo.bar.baz.yahoo.com", true,
- &domain_state));
- EXPECT_FALSE(state.GetDomainState("com", true, &domain_state));
+ EXPECT_TRUE(state.GetDomainState("yahoo.com", true, true, &domain_state));
+ EXPECT_TRUE(state.GetDomainState("foo.yahoo.com", true, true, &domain_state));
+ EXPECT_TRUE(
+ state.GetDomainState("foo.bar.yahoo.com", true, true, &domain_state));
+ EXPECT_TRUE(
+ state.GetDomainState("foo.bar.baz.yahoo.com", true, true, &domain_state));
+ EXPECT_FALSE(state.GetDomainState("com", true, true, &domain_state));
}
TEST_F(TransportSecurityStateTest, DeleteAllDynamicDataSince) {
@@ -124,14 +125,14 @@ TEST_F(TransportSecurityStateTest, DeleteAllDynamicDataSince) {
const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
const base::Time older = current_time - base::TimeDelta::FromSeconds(1000);
- EXPECT_FALSE(state.GetDomainState("yahoo.com", true, &domain_state));
+ EXPECT_FALSE(state.GetDomainState("yahoo.com", true, true, &domain_state));
bool include_subdomains = false;
state.AddHSTS("yahoo.com", expiry, include_subdomains);
state.DeleteAllDynamicDataSince(expiry);
- EXPECT_TRUE(state.GetDomainState("yahoo.com", true, &domain_state));
+ EXPECT_TRUE(state.GetDomainState("yahoo.com", true, true, &domain_state));
state.DeleteAllDynamicDataSince(older);
- EXPECT_FALSE(state.GetDomainState("yahoo.com", true, &domain_state));
+ EXPECT_FALSE(state.GetDomainState("yahoo.com", true, true, &domain_state));
}
TEST_F(TransportSecurityStateTest, DeleteDynamicDataForHost) {
@@ -142,10 +143,10 @@ TEST_F(TransportSecurityStateTest, DeleteDynamicDataForHost) {
bool include_subdomains = false;
state.AddHSTS("yahoo.com", expiry, include_subdomains);
- EXPECT_TRUE(state.GetDomainState("yahoo.com", true, &domain_state));
- EXPECT_FALSE(state.GetDomainState("example.com", true, &domain_state));
+ EXPECT_TRUE(state.GetDomainState("yahoo.com", true, true, &domain_state));
+ EXPECT_FALSE(state.GetDomainState("example.com", true, true, &domain_state));
EXPECT_TRUE(state.DeleteDynamicDataForHost("yahoo.com"));
- EXPECT_FALSE(state.GetDomainState("yahoo.com", true, &domain_state));
+ EXPECT_FALSE(state.GetDomainState("yahoo.com", true, true, &domain_state));
}
TEST_F(TransportSecurityStateTest, IsPreloaded) {
@@ -176,30 +177,32 @@ TEST_F(TransportSecurityStateTest, PreloadedDomainSet) {
// The domain wasn't being set, leading to a blank string in the
// chrome://net-internals/#hsts UI. So test that.
- EXPECT_TRUE(state.GetDomainState("market.android.com", true, &domain_state));
+ EXPECT_TRUE(
+ state.GetDomainState("market.android.com", true, true, &domain_state));
EXPECT_EQ(domain_state.domain, "market.android.com");
- EXPECT_TRUE(state.GetDomainState("sub.market.android.com", true,
- &domain_state));
+ EXPECT_TRUE(state.GetDomainState(
+ "sub.market.android.com", true, true, &domain_state));
EXPECT_EQ(domain_state.domain, "market.android.com");
}
static bool ShouldRedirect(const char* hostname) {
TransportSecurityState state;
TransportSecurityState::DomainState domain_state;
- return state.GetDomainState(hostname, true /* SNI ok */, &domain_state) &&
+ return state.GetDomainState(
+ hostname, true /* SNI ok */, true, &domain_state) &&
domain_state.ShouldUpgradeToSSL();
}
static bool HasState(const char* hostname) {
TransportSecurityState state;
TransportSecurityState::DomainState domain_state;
- return state.GetDomainState(hostname, true /* SNI ok */, &domain_state);
+ return state.GetDomainState(hostname, true /* SNI ok */, true, &domain_state);
}
static bool HasPublicKeyPins(const char* hostname, bool sni_enabled) {
TransportSecurityState state;
TransportSecurityState::DomainState domain_state;
- if (!state.GetDomainState(hostname, sni_enabled, &domain_state))
+ if (!state.GetDomainState(hostname, sni_enabled, true, &domain_state))
return false;
return domain_state.HasPublicKeyPins();
@@ -212,7 +215,7 @@ static bool HasPublicKeyPins(const char* hostname) {
static bool OnlyPinning(const char *hostname) {
TransportSecurityState state;
TransportSecurityState::DomainState domain_state;
- if (!state.GetDomainState(hostname, true /* SNI ok */, &domain_state))
+ if (!state.GetDomainState(hostname, true /* SNI ok */, true, &domain_state))
return false;
return (domain_state.static_spki_hashes.size() > 0 ||
@@ -226,7 +229,8 @@ TEST_F(TransportSecurityStateTest, Preloaded) {
TransportSecurityState::DomainState domain_state;
// We do more extensive checks for the first domain.
- EXPECT_TRUE(state.GetDomainState("www.paypal.com", true, &domain_state));
+ EXPECT_TRUE(
+ state.GetDomainState("www.paypal.com", true, true, &domain_state));
EXPECT_EQ(domain_state.upgrade_mode,
TransportSecurityState::DomainState::MODE_FORCE_HTTPS);
EXPECT_FALSE(domain_state.sts_include_subdomains);
@@ -288,13 +292,16 @@ TEST_F(TransportSecurityStateTest, Preloaded) {
EXPECT_TRUE(OnlyPinning("googlegroups.com"));
// Tests for domains that don't work without SNI.
- EXPECT_FALSE(state.GetDomainState("gmail.com", false, &domain_state));
- EXPECT_FALSE(state.GetDomainState("www.gmail.com", false, &domain_state));
- EXPECT_FALSE(state.GetDomainState("m.gmail.com", false, &domain_state));
- EXPECT_FALSE(state.GetDomainState("googlemail.com", false, &domain_state));
- EXPECT_FALSE(state.GetDomainState("www.googlemail.com", false,
- &domain_state));
- EXPECT_FALSE(state.GetDomainState("m.googlemail.com", false, &domain_state));
+ EXPECT_FALSE(state.GetDomainState("gmail.com", false, true, &domain_state));
+ EXPECT_FALSE(
+ state.GetDomainState("www.gmail.com", false, true, &domain_state));
+ EXPECT_FALSE(state.GetDomainState("m.gmail.com", false, true, &domain_state));
+ EXPECT_FALSE(
+ state.GetDomainState("googlemail.com", false, true, &domain_state));
+ EXPECT_FALSE(
+ state.GetDomainState("www.googlemail.com", false, true, &domain_state));
+ EXPECT_FALSE(
+ state.GetDomainState("m.googlemail.com", false, true, &domain_state));
// Other hosts:
@@ -388,16 +395,17 @@ TEST_F(TransportSecurityStateTest, Preloaded) {
EXPECT_TRUE(ShouldRedirect("www.dropcam.com"));
EXPECT_FALSE(HasState("foo.dropcam.com"));
- EXPECT_TRUE(state.GetDomainState("torproject.org", false, &domain_state));
+ EXPECT_TRUE(
+ state.GetDomainState("torproject.org", false, true, &domain_state));
EXPECT_FALSE(domain_state.static_spki_hashes.empty());
- EXPECT_TRUE(state.GetDomainState("www.torproject.org", false,
- &domain_state));
+ EXPECT_TRUE(
+ state.GetDomainState("www.torproject.org", false, true, &domain_state));
EXPECT_FALSE(domain_state.static_spki_hashes.empty());
- EXPECT_TRUE(state.GetDomainState("check.torproject.org", false,
- &domain_state));
+ EXPECT_TRUE(
+ state.GetDomainState("check.torproject.org", false, true, &domain_state));
EXPECT_FALSE(domain_state.static_spki_hashes.empty());
- EXPECT_TRUE(state.GetDomainState("blog.torproject.org", false,
- &domain_state));
+ EXPECT_TRUE(
+ state.GetDomainState("blog.torproject.org", false, true, &domain_state));
EXPECT_FALSE(domain_state.static_spki_hashes.empty());
EXPECT_TRUE(ShouldRedirect("ebanking.indovinabank.com.vn"));
EXPECT_TRUE(ShouldRedirect("foo.ebanking.indovinabank.com.vn"));
@@ -469,14 +477,15 @@ TEST_F(TransportSecurityStateTest, LongNames) {
"WaveletIdDomainAndBlipBlipid";
TransportSecurityState::DomainState domain_state;
// Just checks that we don't hit a NOTREACHED.
- EXPECT_FALSE(state.GetDomainState(kLongName, true, &domain_state));
+ EXPECT_FALSE(state.GetDomainState(kLongName, true, true, &domain_state));
}
TEST_F(TransportSecurityStateTest, BuiltinCertPins) {
TransportSecurityState state;
TransportSecurityState::DomainState domain_state;
- EXPECT_TRUE(state.GetDomainState("chrome.google.com", true, &domain_state));
+ EXPECT_TRUE(
+ state.GetDomainState("chrome.google.com", true, true, &domain_state));
EXPECT_TRUE(HasPublicKeyPins("chrome.google.com"));
HashValueVector hashes;
@@ -564,7 +573,8 @@ TEST_F(TransportSecurityStateTest, PinValidationWithRejectedCerts) {
TransportSecurityState state;
TransportSecurityState::DomainState domain_state;
- EXPECT_TRUE(state.GetDomainState("plus.google.com", true, &domain_state));
+ EXPECT_TRUE(
+ state.GetDomainState("plus.google.com", true, true, &domain_state));
EXPECT_TRUE(domain_state.HasPublicKeyPins());
EXPECT_TRUE(domain_state.CheckPublicKeyPins(good_hashes));
@@ -600,7 +610,8 @@ TEST_F(TransportSecurityStateTest, PinValidationWithoutRejectedCerts) {
TransportSecurityState state;
TransportSecurityState::DomainState domain_state;
- EXPECT_TRUE(state.GetDomainState("blog.torproject.org", true, &domain_state));
+ EXPECT_TRUE(
+ state.GetDomainState("blog.torproject.org", true, true, &domain_state));
EXPECT_TRUE(domain_state.HasPublicKeyPins());
EXPECT_TRUE(domain_state.CheckPublicKeyPins(good_hashes));
@@ -629,7 +640,8 @@ TEST_F(TransportSecurityStateTest, PinValidationWithRejectedCertsMixedHashes) {
TransportSecurityState state;
TransportSecurityState::DomainState domain_state;
- EXPECT_TRUE(state.GetDomainState("plus.google.com", true, &domain_state));
+ EXPECT_TRUE(
+ state.GetDomainState("plus.google.com", true, true, &domain_state));
EXPECT_TRUE(domain_state.HasPublicKeyPins());
// The statically-defined pins are all SHA-1, so we add some SHA-256 pins
@@ -741,7 +753,8 @@ TEST_F(TransportSecurityStateTest, OverrideBuiltins) {
domain_state.upgrade_expiry = expiry;
EnableHost(&state, "www.google.com", domain_state);
- EXPECT_TRUE(state.GetDomainState("www.google.com", true, &domain_state));
+ EXPECT_TRUE(
+ state.GetDomainState("www.google.com", true, true, &domain_state));
}
static const uint8 kSidePinLeafSPKI[] = {
« no previous file with comments | « net/http/transport_security_state.cc ('k') | net/socket/ssl_client_socket_nss.cc » ('j') | net/socket/ssl_client_socket_nss.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698