Google Git
Sign in
chromium / chromium / src / 2fc4c21d0b6cebaf8ebc101cc3fe20ef38407373^! / . / net / base / transport_security_state_unittest.cc
commit2fc4c21d0b6cebaf8ebc101cc3fe20ef38407373[log] [tgz]
author[email protected] <[email protected]@0039d316-1c4b-4281-b951-d872f2087c98>Wed Mar 10 18:59:06 2010
committer[email protected] <[email protected]@0039d316-1c4b-4281-b951-d872f2087c98>Wed Mar 10 18:59:06 2010
tree9dbd8252cd5ad79a1ee356b0bfc0635b73d07bac
parenta39f1a98657144b7be6eb294820fb363f8267582 [diff] [blame]
Add paypal.com to the preloaded STS list.

TEST=Navigating to http://paypal.com should always be rewritten to https
BUG=none

http://codereview.chromium.org/815003

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@41180 0039d316-1c4b-4281-b951-d872f2087c98

diff --git a/net/base/transport_security_state_unittest.cc b/net/base/transport_security_state_unittest.cc
index 2561b0b..6250105 100644
--- a/net/base/transport_security_state_unittest.cc
+++ b/net/base/transport_security_state_unittest.cc

@@ -5,6 +5,8 @@
 #include "net/base/transport_security_state.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
+namespace net {
+
 class TransportSecurityStateTest : public testing::Test {
 };
 
@@ -12,71 +14,71 @@
   int max_age = 42;
   bool include_subdomains = false;
 
-  EXPECT_FALSE(net::TransportSecurityState::ParseHeader(
+  EXPECT_FALSE(TransportSecurityState::ParseHeader(
       "", &max_age, &include_subdomains));
-  EXPECT_FALSE(net::TransportSecurityState::ParseHeader(
+  EXPECT_FALSE(TransportSecurityState::ParseHeader(
       "    ", &max_age, &include_subdomains));
-  EXPECT_FALSE(net::TransportSecurityState::ParseHeader(
+  EXPECT_FALSE(TransportSecurityState::ParseHeader(
       "abc", &max_age, &include_subdomains));
-  EXPECT_FALSE(net::TransportSecurityState::ParseHeader(
+  EXPECT_FALSE(TransportSecurityState::ParseHeader(
       "  abc", &max_age, &include_subdomains));
-  EXPECT_FALSE(net::TransportSecurityState::ParseHeader(
+  EXPECT_FALSE(TransportSecurityState::ParseHeader(
       "  abc   ", &max_age, &include_subdomains));
-  EXPECT_FALSE(net::TransportSecurityState::ParseHeader(
+  EXPECT_FALSE(TransportSecurityState::ParseHeader(
       "max-age", &max_age, &include_subdomains));
-  EXPECT_FALSE(net::TransportSecurityState::ParseHeader(
+  EXPECT_FALSE(TransportSecurityState::ParseHeader(
       "  max-age", &max_age, &include_subdomains));
-  EXPECT_FALSE(net::TransportSecurityState::ParseHeader(
+  EXPECT_FALSE(TransportSecurityState::ParseHeader(
       "  max-age  ", &max_age, &include_subdomains));
-  EXPECT_FALSE(net::TransportSecurityState::ParseHeader(
+  EXPECT_FALSE(TransportSecurityState::ParseHeader(
       "max-age=", &max_age, &include_subdomains));
-  EXPECT_FALSE(net::TransportSecurityState::ParseHeader(
+  EXPECT_FALSE(TransportSecurityState::ParseHeader(
       "   max-age=", &max_age, &include_subdomains));
-  EXPECT_FALSE(net::TransportSecurityState::ParseHeader(
+  EXPECT_FALSE(TransportSecurityState::ParseHeader(
       "   max-age  =", &max_age, &include_subdomains));
-  EXPECT_FALSE(net::TransportSecurityState::ParseHeader(
+  EXPECT_FALSE(TransportSecurityState::ParseHeader(
       "   max-age=   ", &max_age, &include_subdomains));
-  EXPECT_FALSE(net::TransportSecurityState::ParseHeader(
+  EXPECT_FALSE(TransportSecurityState::ParseHeader(
       "   max-age  =     ", &max_age, &include_subdomains));
-  EXPECT_FALSE(net::TransportSecurityState::ParseHeader(
+  EXPECT_FALSE(TransportSecurityState::ParseHeader(
       "   max-age  =     xy", &max_age, &include_subdomains));
-  EXPECT_FALSE(net::TransportSecurityState::ParseHeader(
+  EXPECT_FALSE(TransportSecurityState::ParseHeader(
       "   max-age  =     3488a923", &max_age, &include_subdomains));
-  EXPECT_FALSE(net::TransportSecurityState::ParseHeader(
+  EXPECT_FALSE(TransportSecurityState::ParseHeader(
       "max-age=3488a923  ", &max_age, &include_subdomains));
-  EXPECT_FALSE(net::TransportSecurityState::ParseHeader(
+  EXPECT_FALSE(TransportSecurityState::ParseHeader(
       "max-ag=3488923", &max_age, &include_subdomains));
-  EXPECT_FALSE(net::TransportSecurityState::ParseHeader(
+  EXPECT_FALSE(TransportSecurityState::ParseHeader(
       "max-aged=3488923", &max_age, &include_subdomains));
-  EXPECT_FALSE(net::TransportSecurityState::ParseHeader(
+  EXPECT_FALSE(TransportSecurityState::ParseHeader(
       "max-age==3488923", &max_age, &include_subdomains));
-  EXPECT_FALSE(net::TransportSecurityState::ParseHeader(
+  EXPECT_FALSE(TransportSecurityState::ParseHeader(
       "amax-age=3488923", &max_age, &include_subdomains));
-  EXPECT_FALSE(net::TransportSecurityState::ParseHeader(
+  EXPECT_FALSE(TransportSecurityState::ParseHeader(
       "max-age=-3488923", &max_age, &include_subdomains));
-  EXPECT_FALSE(net::TransportSecurityState::ParseHeader(
+  EXPECT_FALSE(TransportSecurityState::ParseHeader(
       "max-age=3488923;", &max_age, &include_subdomains));
-  EXPECT_FALSE(net::TransportSecurityState::ParseHeader(
+  EXPECT_FALSE(TransportSecurityState::ParseHeader(
       "max-age=3488923     e", &max_age, &include_subdomains));
-  EXPECT_FALSE(net::TransportSecurityState::ParseHeader(
+  EXPECT_FALSE(TransportSecurityState::ParseHeader(
       "max-age=3488923     includesubdomain", &max_age, &include_subdomains));
-  EXPECT_FALSE(net::TransportSecurityState::ParseHeader(
+  EXPECT_FALSE(TransportSecurityState::ParseHeader(
       "max-age=3488923includesubdomains", &max_age, &include_subdomains));
-  EXPECT_FALSE(net::TransportSecurityState::ParseHeader(
+  EXPECT_FALSE(TransportSecurityState::ParseHeader(
       "max-age=3488923=includesubdomains", &max_age, &include_subdomains));
-  EXPECT_FALSE(net::TransportSecurityState::ParseHeader(
+  EXPECT_FALSE(TransportSecurityState::ParseHeader(
       "max-age=3488923 includesubdomainx", &max_age, &include_subdomains));
-  EXPECT_FALSE(net::TransportSecurityState::ParseHeader(
+  EXPECT_FALSE(TransportSecurityState::ParseHeader(
       "max-age=3488923 includesubdomain=", &max_age, &include_subdomains));
-  EXPECT_FALSE(net::TransportSecurityState::ParseHeader(
+  EXPECT_FALSE(TransportSecurityState::ParseHeader(
       "max-age=3488923 includesubdomain=true", &max_age, &include_subdomains));
-  EXPECT_FALSE(net::TransportSecurityState::ParseHeader(
+  EXPECT_FALSE(TransportSecurityState::ParseHeader(
       "max-age=3488923 includesubdomainsx", &max_age, &include_subdomains));
-  EXPECT_FALSE(net::TransportSecurityState::ParseHeader(
+  EXPECT_FALSE(TransportSecurityState::ParseHeader(
       "max-age=3488923 includesubdomains x", &max_age, &include_subdomains));
-  EXPECT_FALSE(net::TransportSecurityState::ParseHeader(
+  EXPECT_FALSE(TransportSecurityState::ParseHeader(
       "max-age=34889.23 includesubdomains", &max_age, &include_subdomains));
-  EXPECT_FALSE(net::TransportSecurityState::ParseHeader(
+  EXPECT_FALSE(TransportSecurityState::ParseHeader(
       "max-age=34889 includesubdomains", &max_age, &include_subdomains));
 
   EXPECT_EQ(max_age, 42);
@@ -87,51 +89,51 @@
   int max_age = 42;
   bool include_subdomains = true;
 
-  EXPECT_TRUE(net::TransportSecurityState::ParseHeader(
+  EXPECT_TRUE(TransportSecurityState::ParseHeader(
       "max-age=243", &max_age, &include_subdomains));
   EXPECT_EQ(max_age, 243);
   EXPECT_FALSE(include_subdomains);
 
-  EXPECT_TRUE(net::TransportSecurityState::ParseHeader(
+  EXPECT_TRUE(TransportSecurityState::ParseHeader(
       "  Max-agE    = 567", &max_age, &include_subdomains));
   EXPECT_EQ(max_age, 567);
   EXPECT_FALSE(include_subdomains);
 
-  EXPECT_TRUE(net::TransportSecurityState::ParseHeader(
+  EXPECT_TRUE(TransportSecurityState::ParseHeader(
       "  mAx-aGe    = 890      ", &max_age, &include_subdomains));
   EXPECT_EQ(max_age, 890);
   EXPECT_FALSE(include_subdomains);
 
-  EXPECT_TRUE(net::TransportSecurityState::ParseHeader(
+  EXPECT_TRUE(TransportSecurityState::ParseHeader(
       "max-age=123;incLudesUbdOmains", &max_age, &include_subdomains));
   EXPECT_EQ(max_age, 123);
   EXPECT_TRUE(include_subdomains);
 
-  EXPECT_TRUE(net::TransportSecurityState::ParseHeader(
+  EXPECT_TRUE(TransportSecurityState::ParseHeader(
       "max-age=394082;  incLudesUbdOmains", &max_age, &include_subdomains));
   EXPECT_EQ(max_age, 394082);
   EXPECT_TRUE(include_subdomains);
 
-  EXPECT_TRUE(net::TransportSecurityState::ParseHeader(
+  EXPECT_TRUE(TransportSecurityState::ParseHeader(
       "max-age=39408299  ;incLudesUbdOmains", &max_age, &include_subdomains));
   EXPECT_EQ(max_age, 39408299);
   EXPECT_TRUE(include_subdomains);
 
-  EXPECT_TRUE(net::TransportSecurityState::ParseHeader(
+  EXPECT_TRUE(TransportSecurityState::ParseHeader(
       "max-age=394082038  ;  incLudesUbdOmains", &max_age, &include_subdomains));
   EXPECT_EQ(max_age, 394082038);
   EXPECT_TRUE(include_subdomains);
 
-  EXPECT_TRUE(net::TransportSecurityState::ParseHeader(
+  EXPECT_TRUE(TransportSecurityState::ParseHeader(
       "  max-age=0  ;  incLudesUbdOmains   ", &max_age, &include_subdomains));
   EXPECT_EQ(max_age, 0);
   EXPECT_TRUE(include_subdomains);
 }
 
 TEST_F(TransportSecurityStateTest, SimpleMatches) {
-  scoped_refptr<net::TransportSecurityState> state(
-      new net::TransportSecurityState);
-  net::TransportSecurityState::DomainState domain_state;
+  scoped_refptr<TransportSecurityState> state(
+      new TransportSecurityState);
+  TransportSecurityState::DomainState domain_state;
   const base::Time current_time(base::Time::Now());
   const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
 
@@ -142,9 +144,9 @@
 }
 
 TEST_F(TransportSecurityStateTest, MatchesCase1) {
-  scoped_refptr<net::TransportSecurityState> state(
-      new net::TransportSecurityState);
-  net::TransportSecurityState::DomainState domain_state;
+  scoped_refptr<TransportSecurityState> state(
+      new TransportSecurityState);
+  TransportSecurityState::DomainState domain_state;
   const base::Time current_time(base::Time::Now());
   const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
 
@@ -155,9 +157,9 @@
 }
 
 TEST_F(TransportSecurityStateTest, MatchesCase2) {
-  scoped_refptr<net::TransportSecurityState> state(
-      new net::TransportSecurityState);
-  net::TransportSecurityState::DomainState domain_state;
+  scoped_refptr<TransportSecurityState> state(
+      new TransportSecurityState);
+  TransportSecurityState::DomainState domain_state;
   const base::Time current_time(base::Time::Now());
   const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
 
@@ -168,9 +170,9 @@
 }
 
 TEST_F(TransportSecurityStateTest, SubdomainMatches) {
-  scoped_refptr<net::TransportSecurityState> state(
-      new net::TransportSecurityState);
-  net::TransportSecurityState::DomainState domain_state;
+  scoped_refptr<TransportSecurityState> state(
+      new TransportSecurityState);
+  TransportSecurityState::DomainState domain_state;
   const base::Time current_time(base::Time::Now());
   const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
 
@@ -187,8 +189,8 @@
 }
 
 TEST_F(TransportSecurityStateTest, Serialise1) {
-  scoped_refptr<net::TransportSecurityState> state(
-      new net::TransportSecurityState);
+  scoped_refptr<TransportSecurityState> state(
+      new TransportSecurityState);
   std::string output;
   bool dirty;
   state->Serialise(&output);
@@ -197,15 +199,15 @@
 }
 
 TEST_F(TransportSecurityStateTest, Serialise2) {
-  scoped_refptr<net::TransportSecurityState> state(
-      new net::TransportSecurityState);
+  scoped_refptr<TransportSecurityState> state(
+      new TransportSecurityState);
 
-  net::TransportSecurityState::DomainState domain_state;
+  TransportSecurityState::DomainState domain_state;
   const base::Time current_time(base::Time::Now());
   const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
 
   EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "google.com"));
-  domain_state.mode = net::TransportSecurityState::DomainState::MODE_STRICT;
+  domain_state.mode = TransportSecurityState::DomainState::MODE_STRICT;
   domain_state.expiry = expiry;
   domain_state.include_subdomains = true;
   state->EnableHost("google.com", domain_state);
@@ -216,27 +218,27 @@
   EXPECT_TRUE(state->Deserialise(output, &dirty));
 
   EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "google.com"));
-  EXPECT_EQ(domain_state.mode, net::TransportSecurityState::DomainState::MODE_STRICT);
+  EXPECT_EQ(domain_state.mode, TransportSecurityState::DomainState::MODE_STRICT);
   EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "foo.google.com"));
-  EXPECT_EQ(domain_state.mode, net::TransportSecurityState::DomainState::MODE_STRICT);
+  EXPECT_EQ(domain_state.mode, TransportSecurityState::DomainState::MODE_STRICT);
   EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "foo.bar.google.com"));
-  EXPECT_EQ(domain_state.mode, net::TransportSecurityState::DomainState::MODE_STRICT);
+  EXPECT_EQ(domain_state.mode, TransportSecurityState::DomainState::MODE_STRICT);
   EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
                                       "foo.bar.baz.google.com"));
-  EXPECT_EQ(domain_state.mode, net::TransportSecurityState::DomainState::MODE_STRICT);
+  EXPECT_EQ(domain_state.mode, TransportSecurityState::DomainState::MODE_STRICT);
   EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "com"));
 }
 
 TEST_F(TransportSecurityStateTest, Serialise3) {
-  scoped_refptr<net::TransportSecurityState> state(
-      new net::TransportSecurityState);
+  scoped_refptr<TransportSecurityState> state(
+      new TransportSecurityState);
 
-  net::TransportSecurityState::DomainState domain_state;
+  TransportSecurityState::DomainState domain_state;
   const base::Time current_time(base::Time::Now());
   const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
 
   EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "google.com"));
-  domain_state.mode = net::TransportSecurityState::DomainState::MODE_OPPORTUNISTIC;
+  domain_state.mode = TransportSecurityState::DomainState::MODE_OPPORTUNISTIC;
   domain_state.expiry = expiry;
   state->EnableHost("google.com", domain_state);
 
@@ -247,20 +249,20 @@
 
   EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "google.com"));
   EXPECT_EQ(domain_state.mode,
-            net::TransportSecurityState::DomainState::MODE_OPPORTUNISTIC);
+            TransportSecurityState::DomainState::MODE_OPPORTUNISTIC);
 }
 
 TEST_F(TransportSecurityStateTest, DeleteSince) {
-  scoped_refptr<net::TransportSecurityState> state(
-      new net::TransportSecurityState);
+  scoped_refptr<TransportSecurityState> state(
+      new TransportSecurityState);
 
-  net::TransportSecurityState::DomainState domain_state;
+  TransportSecurityState::DomainState domain_state;
   const base::Time current_time(base::Time::Now());
   const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
   const base::Time older = current_time - base::TimeDelta::FromSeconds(1000);
 
   EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "google.com"));
-  domain_state.mode = net::TransportSecurityState::DomainState::MODE_STRICT;
+  domain_state.mode = TransportSecurityState::DomainState::MODE_STRICT;
   domain_state.expiry = expiry;
   state->EnableHost("google.com", domain_state);
 
@@ -271,8 +273,8 @@
 }
 
 TEST_F(TransportSecurityStateTest, SerialiseOld) {
-  scoped_refptr<net::TransportSecurityState> state(
-      new net::TransportSecurityState);
+  scoped_refptr<TransportSecurityState> state(
+      new TransportSecurityState);
   // This is an old-style piece of transport state JSON, which has no creation
   // date.
   std::string output =
@@ -288,3 +290,41 @@
   EXPECT_TRUE(dirty);
 }
 
+TEST_F(TransportSecurityStateTest, IsPreloaded) {
+  const std::string paypal =
+      TransportSecurityState::CanonicaliseHost("paypal.com");
+  const std::string www_paypal =
+      TransportSecurityState::CanonicaliseHost("www.paypal.com");
+  const std::string a_www_paypal =
+      TransportSecurityState::CanonicaliseHost("a.www.paypal.com");
+  const std::string abc_paypal =
+      TransportSecurityState::CanonicaliseHost("a.b.c.paypal.com");
+  const std::string example =
+      TransportSecurityState::CanonicaliseHost("example.com");
+  const std::string aypal =
+      TransportSecurityState::CanonicaliseHost("aypal.com");
+
+  bool b;
+  EXPECT_FALSE(TransportSecurityState::isPreloadedSTS(paypal, &b));
+  EXPECT_TRUE(TransportSecurityState::isPreloadedSTS(www_paypal, &b));
+  EXPECT_FALSE(b);
+  EXPECT_FALSE(TransportSecurityState::isPreloadedSTS(a_www_paypal, &b));
+  EXPECT_FALSE(TransportSecurityState::isPreloadedSTS(abc_paypal, &b));
+  EXPECT_FALSE(TransportSecurityState::isPreloadedSTS(example, &b));
+  EXPECT_FALSE(TransportSecurityState::isPreloadedSTS(aypal, &b));
+}
+
+TEST_F(TransportSecurityStateTest, Preloaded) {
+  scoped_refptr<TransportSecurityState> state(
+      new TransportSecurityState);
+  TransportSecurityState::DomainState domain_state;
+  EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "paypal.com"));
+  EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.paypal.com"));
+  EXPECT_EQ(domain_state.mode,
+            TransportSecurityState::DomainState::MODE_STRICT);
+  EXPECT_FALSE(domain_state.include_subdomains);
+  EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "www2.paypal.com"));
+  EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "a.www.paypal.com"));
+}
+
+}  // namespace net