net: implement the beginnings of HSTS pinning
(Based on a patch by Chris Evans.)
Doesn't yet actually get the information from the HSTS header, but all the
infrastructure is in place.
BUG=none
TEST=none
Review URL: http://codereview.chromium.org/6835033
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@81584 0039d316-1c4b-4281-b951-d872f2087c98
diff --git a/net/base/transport_security_state_unittest.cc b/net/base/transport_security_state_unittest.cc
index 9823072..d2db7f9e 100644
--- a/net/base/transport_security_state_unittest.cc
+++ b/net/base/transport_security_state_unittest.cc
@@ -501,4 +501,37 @@
EXPECT_FALSE(state->IsEnabledForHost(&domain_state, kLongName, true));
}
+TEST_F(TransportSecurityStateTest, PublicKeyHashes) {
+ scoped_refptr<TransportSecurityState> state(
+ new TransportSecurityState);
+
+ TransportSecurityState::DomainState domain_state;
+ EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "example.com", false));
+ std::vector<SHA1Fingerprint> hashes;
+ EXPECT_TRUE(domain_state.IsChainOfPublicKeysPermitted(hashes));
+
+ SHA1Fingerprint hash;
+ memset(hash.data, '1', sizeof(hash.data));
+ domain_state.public_key_hashes.push_back(hash);
+
+ EXPECT_FALSE(domain_state.IsChainOfPublicKeysPermitted(hashes));
+ hashes.push_back(hash);
+ EXPECT_TRUE(domain_state.IsChainOfPublicKeysPermitted(hashes));
+ hashes[0].data[0] = '2';
+ EXPECT_FALSE(domain_state.IsChainOfPublicKeysPermitted(hashes));
+
+ const base::Time current_time(base::Time::Now());
+ const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
+ domain_state.expiry = expiry;
+ state->EnableHost("example.com", domain_state);
+ std::string ser;
+ EXPECT_TRUE(state->Serialise(&ser));
+ bool dirty;
+ EXPECT_TRUE(state->Deserialise(ser, &dirty));
+ EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "example.com", false));
+ EXPECT_EQ(1u, domain_state.public_key_hashes.size());
+ EXPECT_TRUE(0 == memcmp(domain_state.public_key_hashes[0].data, hash.data,
+ sizeof(hash.data)));
+}
+
} // namespace net
