Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(48)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/spdy/chromium/spdy_session_unittest.cc

Issue 2850033002: Check Expect-CT at connection setup (Closed)
Patch Set: fix comment typo Created 3 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/spdy/chromium/spdy_session.cc ('k') | net/url_request/url_request_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/spdy/chromium/spdy_session.h" 5 #include "net/spdy/chromium/spdy_session.h"
6 6
7 #include <algorithm> 7 #include <algorithm>
8 #include <memory> 8 #include <memory>
9 #include <utility> 9 #include <utility>
10 10
(...skipping 5927 matching lines...) Expand 10 before | Expand all | Expand 10 after
5938 EXPECT_TRUE(SpdySession::CanPool( 5938 EXPECT_TRUE(SpdySession::CanPool(
5939 &tss, ssl_info, "www.example.org", "www.example.org")); 5939 &tss, ssl_info, "www.example.org", "www.example.org"));
5940 EXPECT_TRUE(SpdySession::CanPool( 5940 EXPECT_TRUE(SpdySession::CanPool(
5941 &tss, ssl_info, "www.example.org", "mail.example.org")); 5941 &tss, ssl_info, "www.example.org", "mail.example.org"));
5942 EXPECT_TRUE(SpdySession::CanPool( 5942 EXPECT_TRUE(SpdySession::CanPool(
5943 &tss, ssl_info, "www.example.org", "mail.example.com")); 5943 &tss, ssl_info, "www.example.org", "mail.example.com"));
5944 EXPECT_FALSE(SpdySession::CanPool( 5944 EXPECT_FALSE(SpdySession::CanPool(
5945 &tss, ssl_info, "www.example.org", "mail.google.com")); 5945 &tss, ssl_info, "www.example.org", "mail.google.com"));
5946 } 5946 }
5947 5947
5948 TEST(CanPoolTest, CanPoolExpectCT) {
5949 base::test::ScopedFeatureList feature_list;
5950 feature_list.InitAndEnableFeature(
5951 TransportSecurityState::kDynamicExpectCTFeature);
5952 // Load a cert that is valid for:
5953 // www.example.org
5954 // mail.example.org
5955 // mail.example.com
5956
5957 TransportSecurityState tss;
5958 SSLInfo ssl_info;
5959 ssl_info.cert =
5960 ImportCertFromFile(GetTestCertsDirectory(), "spdy_pooling.pem");
5961 ssl_info.unverified_cert = ssl_info.cert;
5962 ssl_info.ct_cert_policy_compliance =
5963 ct::CertPolicyCompliance::CERT_POLICY_NOT_ENOUGH_SCTS;
5964 ssl_info.is_issued_by_known_root = true;
5965
5966 EXPECT_TRUE(SpdySession::CanPool(&tss, ssl_info, "www.example.org",
5967 "www.example.org"));
5968
5969 const base::Time current_time(base::Time::Now());
5970 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
5971 ssl_info.ct_cert_policy_compliance =
5972 ct::CertPolicyCompliance::CERT_POLICY_NOT_ENOUGH_SCTS;
5973
5974 // A different Expect-CT enabled host should not be allowed to pool.
5975 tss.AddExpectCT("mail.example.org", expiry, true, GURL());
5976 EXPECT_FALSE(SpdySession::CanPool(&tss, ssl_info, "www.example.org",
5977 "mail.example.org"));
5978 // A report-only Expect-CT configuration should not prevent pooling.
5979 tss.AddExpectCT("mail.example.org", expiry, false,
5980 GURL("https://report.test"));
5981 EXPECT_TRUE(SpdySession::CanPool(&tss, ssl_info, "www.example.org",
5982 "mail.example.org"));
5983 // If Expect-CT becomes enabled for the same host for which the connection was
5984 // already made, subsequent connections to that host should not be allowed to
5985 // pool.
5986 tss.AddExpectCT("www.example.org", expiry, true, GURL());
5987 EXPECT_FALSE(SpdySession::CanPool(&tss, ssl_info, "www.example.org",
5988 "www.example.org"));
5989 }
5990
5948 TEST(CanPoolTest, CanNotPoolWithCertErrors) { 5991 TEST(CanPoolTest, CanNotPoolWithCertErrors) {
5949 // Load a cert that is valid for: 5992 // Load a cert that is valid for:
5950 // www.example.org 5993 // www.example.org
5951 // mail.example.org 5994 // mail.example.org
5952 // mail.example.com 5995 // mail.example.com
5953 5996
5954 TransportSecurityState tss; 5997 TransportSecurityState tss;
5955 SSLInfo ssl_info; 5998 SSLInfo ssl_info;
5956 ssl_info.cert = ImportCertFromFile(GetTestCertsDirectory(), 5999 ssl_info.cert = ImportCertFromFile(GetTestCertsDirectory(),
5957 "spdy_pooling.pem"); 6000 "spdy_pooling.pem");
(...skipping 142 matching lines...) Expand 10 before | Expand all | Expand 10 after
6100 ssl_info.cert = ImportCertFromFile(GetTestCertsDirectory(), 6143 ssl_info.cert = ImportCertFromFile(GetTestCertsDirectory(),
6101 "spdy_pooling.pem"); 6144 "spdy_pooling.pem");
6102 ssl_info.is_issued_by_known_root = true; 6145 ssl_info.is_issued_by_known_root = true;
6103 ssl_info.public_key_hashes.push_back(test::GetTestHashValue(primary_pin)); 6146 ssl_info.public_key_hashes.push_back(test::GetTestHashValue(primary_pin));
6104 6147
6105 EXPECT_TRUE(SpdySession::CanPool( 6148 EXPECT_TRUE(SpdySession::CanPool(
6106 &tss, ssl_info, "www.example.org", "mail.example.org")); 6149 &tss, ssl_info, "www.example.org", "mail.example.org"));
6107 } 6150 }
6108 6151
6109 } // namespace net 6152 } // namespace net
OLDNEW
« no previous file with comments | « net/spdy/chromium/spdy_session.cc ('k') | net/url_request/url_request_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698