Google Git
Sign in
chromium / chromium / src / 0a86afaaa91e199a209f6dff3d678146ef8d0a91 / . / net / base / transport_security_state_unittest.cc
blob: 8bbf64136f375929987e45a5d10bd0514b92e83e [file] [log] [blame]
[email protected]b7f9fb22011-04-09 20:28:47[diff] [blame]1// Copyright (c) 2011 The Chromium Authors. All rights reserved.
[email protected]326e6792009-12-11 21:04:42[diff] [blame]2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
[email protected]ae780c82011-09-20 19:39:06[diff] [blame]5#include "base/string_piece.h"
[email protected]326e6792009-12-11 21:04:42[diff] [blame]6#include "net/base/transport_security_state.h"
7#include "testing/gtest/include/gtest/gtest.h"
8
[email protected]06256e52011-09-29 15:08:48[diff] [blame]9#if defined(USE_OPENSSL)
10#include "crypto/openssl_util.h"
11#else
12#include "crypto/nss_util.h"
13#endif
14
[email protected]2fc4c212010-03-10 18:59:06[diff] [blame]15namespace net {
16
[email protected]326e6792009-12-11 21:04:42[diff] [blame]17class TransportSecurityStateTest : public testing::Test {
[email protected]06256e52011-09-29 15:08:48[diff] [blame]18 virtual void SetUp() {
[email protected]54356432011-10-05 21:49:42[diff] [blame]19#if defined(USE_OPENSSL)
[email protected]06256e52011-09-29 15:08:48[diff] [blame]20 crypto::EnsureOpenSSLInit();
[email protected]54356432011-10-05 21:49:42[diff] [blame]21#else
22 crypto::EnsureNSSInit();
[email protected]06256e52011-09-29 15:08:48[diff] [blame]23#endif
24 }
[email protected]326e6792009-12-11 21:04:42[diff] [blame]25};
26
27TEST_F(TransportSecurityStateTest, BogusHeaders) {
28 int max_age = 42;
29 bool include_subdomains = false;
30
[email protected]2fc4c212010-03-10 18:59:06[diff] [blame]31 EXPECT_FALSE(TransportSecurityState::ParseHeader(
[email protected]326e6792009-12-11 21:04:42[diff] [blame]32 "", &max_age, &include_subdomains));
[email protected]2fc4c212010-03-10 18:59:06[diff] [blame]33 EXPECT_FALSE(TransportSecurityState::ParseHeader(
[email protected]326e6792009-12-11 21:04:42[diff] [blame]34 " ", &max_age, &include_subdomains));
[email protected]2fc4c212010-03-10 18:59:06[diff] [blame]35 EXPECT_FALSE(TransportSecurityState::ParseHeader(
[email protected]326e6792009-12-11 21:04:42[diff] [blame]36 "abc", &max_age, &include_subdomains));
[email protected]2fc4c212010-03-10 18:59:06[diff] [blame]37 EXPECT_FALSE(TransportSecurityState::ParseHeader(
[email protected]326e6792009-12-11 21:04:42[diff] [blame]38 " abc", &max_age, &include_subdomains));
[email protected]2fc4c212010-03-10 18:59:06[diff] [blame]39 EXPECT_FALSE(TransportSecurityState::ParseHeader(
[email protected]326e6792009-12-11 21:04:42[diff] [blame]40 " abc ", &max_age, &include_subdomains));
[email protected]2fc4c212010-03-10 18:59:06[diff] [blame]41 EXPECT_FALSE(TransportSecurityState::ParseHeader(
[email protected]326e6792009-12-11 21:04:42[diff] [blame]42 "max-age", &max_age, &include_subdomains));
[email protected]2fc4c212010-03-10 18:59:06[diff] [blame]43 EXPECT_FALSE(TransportSecurityState::ParseHeader(
[email protected]326e6792009-12-11 21:04:42[diff] [blame]44 " max-age", &max_age, &include_subdomains));
[email protected]2fc4c212010-03-10 18:59:06[diff] [blame]45 EXPECT_FALSE(TransportSecurityState::ParseHeader(
[email protected]326e6792009-12-11 21:04:42[diff] [blame]46 " max-age ", &max_age, &include_subdomains));
[email protected]2fc4c212010-03-10 18:59:06[diff] [blame]47 EXPECT_FALSE(TransportSecurityState::ParseHeader(
[email protected]326e6792009-12-11 21:04:42[diff] [blame]48 "max-age=", &max_age, &include_subdomains));
[email protected]2fc4c212010-03-10 18:59:06[diff] [blame]49 EXPECT_FALSE(TransportSecurityState::ParseHeader(
[email protected]326e6792009-12-11 21:04:42[diff] [blame]50 " max-age=", &max_age, &include_subdomains));
[email protected]2fc4c212010-03-10 18:59:06[diff] [blame]51 EXPECT_FALSE(TransportSecurityState::ParseHeader(
[email protected]326e6792009-12-11 21:04:42[diff] [blame]52 " max-age =", &max_age, &include_subdomains));
[email protected]2fc4c212010-03-10 18:59:06[diff] [blame]53 EXPECT_FALSE(TransportSecurityState::ParseHeader(
[email protected]326e6792009-12-11 21:04:42[diff] [blame]54 " max-age= ", &max_age, &include_subdomains));
[email protected]2fc4c212010-03-10 18:59:06[diff] [blame]55 EXPECT_FALSE(TransportSecurityState::ParseHeader(
[email protected]326e6792009-12-11 21:04:42[diff] [blame]56 " max-age = ", &max_age, &include_subdomains));
[email protected]2fc4c212010-03-10 18:59:06[diff] [blame]57 EXPECT_FALSE(TransportSecurityState::ParseHeader(
[email protected]326e6792009-12-11 21:04:42[diff] [blame]58 " max-age = xy", &max_age, &include_subdomains));
[email protected]2fc4c212010-03-10 18:59:06[diff] [blame]59 EXPECT_FALSE(TransportSecurityState::ParseHeader(
[email protected]326e6792009-12-11 21:04:42[diff] [blame]60 " max-age = 3488a923", &max_age, &include_subdomains));
[email protected]2fc4c212010-03-10 18:59:06[diff] [blame]61 EXPECT_FALSE(TransportSecurityState::ParseHeader(
[email protected]326e6792009-12-11 21:04:42[diff] [blame]62 "max-age=3488a923 ", &max_age, &include_subdomains));
[email protected]2fc4c212010-03-10 18:59:06[diff] [blame]63 EXPECT_FALSE(TransportSecurityState::ParseHeader(
[email protected]326e6792009-12-11 21:04:42[diff] [blame]64 "max-ag=3488923", &max_age, &include_subdomains));
[email protected]2fc4c212010-03-10 18:59:06[diff] [blame]65 EXPECT_FALSE(TransportSecurityState::ParseHeader(
[email protected]326e6792009-12-11 21:04:42[diff] [blame]66 "max-aged=3488923", &max_age, &include_subdomains));
[email protected]2fc4c212010-03-10 18:59:06[diff] [blame]67 EXPECT_FALSE(TransportSecurityState::ParseHeader(
[email protected]326e6792009-12-11 21:04:42[diff] [blame]68 "max-age==3488923", &max_age, &include_subdomains));
[email protected]2fc4c212010-03-10 18:59:06[diff] [blame]69 EXPECT_FALSE(TransportSecurityState::ParseHeader(
[email protected]326e6792009-12-11 21:04:42[diff] [blame]70 "amax-age=3488923", &max_age, &include_subdomains));
[email protected]2fc4c212010-03-10 18:59:06[diff] [blame]71 EXPECT_FALSE(TransportSecurityState::ParseHeader(
[email protected]326e6792009-12-11 21:04:42[diff] [blame]72 "max-age=-3488923", &max_age, &include_subdomains));
[email protected]2fc4c212010-03-10 18:59:06[diff] [blame]73 EXPECT_FALSE(TransportSecurityState::ParseHeader(
[email protected]326e6792009-12-11 21:04:42[diff] [blame]74 "max-age=3488923;", &max_age, &include_subdomains));
[email protected]2fc4c212010-03-10 18:59:06[diff] [blame]75 EXPECT_FALSE(TransportSecurityState::ParseHeader(
[email protected]326e6792009-12-11 21:04:42[diff] [blame]76 "max-age=3488923 e", &max_age, &include_subdomains));
[email protected]2fc4c212010-03-10 18:59:06[diff] [blame]77 EXPECT_FALSE(TransportSecurityState::ParseHeader(
[email protected]326e6792009-12-11 21:04:42[diff] [blame]78 "max-age=3488923 includesubdomain", &max_age, &include_subdomains));
[email protected]2fc4c212010-03-10 18:59:06[diff] [blame]79 EXPECT_FALSE(TransportSecurityState::ParseHeader(
[email protected]326e6792009-12-11 21:04:42[diff] [blame]80 "max-age=3488923includesubdomains", &max_age, &include_subdomains));
[email protected]2fc4c212010-03-10 18:59:06[diff] [blame]81 EXPECT_FALSE(TransportSecurityState::ParseHeader(
[email protected]326e6792009-12-11 21:04:42[diff] [blame]82 "max-age=3488923=includesubdomains", &max_age, &include_subdomains));
[email protected]2fc4c212010-03-10 18:59:06[diff] [blame]83 EXPECT_FALSE(TransportSecurityState::ParseHeader(
[email protected]326e6792009-12-11 21:04:42[diff] [blame]84 "max-age=3488923 includesubdomainx", &max_age, &include_subdomains));
[email protected]2fc4c212010-03-10 18:59:06[diff] [blame]85 EXPECT_FALSE(TransportSecurityState::ParseHeader(
[email protected]326e6792009-12-11 21:04:42[diff] [blame]86 "max-age=3488923 includesubdomain=", &max_age, &include_subdomains));
[email protected]2fc4c212010-03-10 18:59:06[diff] [blame]87 EXPECT_FALSE(TransportSecurityState::ParseHeader(
[email protected]326e6792009-12-11 21:04:42[diff] [blame]88 "max-age=3488923 includesubdomain=true", &max_age, &include_subdomains));
[email protected]2fc4c212010-03-10 18:59:06[diff] [blame]89 EXPECT_FALSE(TransportSecurityState::ParseHeader(
[email protected]326e6792009-12-11 21:04:42[diff] [blame]90 "max-age=3488923 includesubdomainsx", &max_age, &include_subdomains));
[email protected]2fc4c212010-03-10 18:59:06[diff] [blame]91 EXPECT_FALSE(TransportSecurityState::ParseHeader(
[email protected]326e6792009-12-11 21:04:42[diff] [blame]92 "max-age=3488923 includesubdomains x", &max_age, &include_subdomains));
[email protected]2fc4c212010-03-10 18:59:06[diff] [blame]93 EXPECT_FALSE(TransportSecurityState::ParseHeader(
[email protected]326e6792009-12-11 21:04:42[diff] [blame]94 "max-age=34889.23 includesubdomains", &max_age, &include_subdomains));
[email protected]2fc4c212010-03-10 18:59:06[diff] [blame]95 EXPECT_FALSE(TransportSecurityState::ParseHeader(
[email protected]326e6792009-12-11 21:04:42[diff] [blame]96 "max-age=34889 includesubdomains", &max_age, &include_subdomains));
97
98 EXPECT_EQ(max_age, 42);
99 EXPECT_FALSE(include_subdomains);
100}
101
102TEST_F(TransportSecurityStateTest, ValidHeaders) {
103 int max_age = 42;
104 bool include_subdomains = true;
105
[email protected]2fc4c212010-03-10 18:59:06[diff] [blame]106 EXPECT_TRUE(TransportSecurityState::ParseHeader(
[email protected]326e6792009-12-11 21:04:42[diff] [blame]107 "max-age=243", &max_age, &include_subdomains));
108 EXPECT_EQ(max_age, 243);
109 EXPECT_FALSE(include_subdomains);
110
[email protected]2fc4c212010-03-10 18:59:06[diff] [blame]111 EXPECT_TRUE(TransportSecurityState::ParseHeader(
[email protected]326e6792009-12-11 21:04:42[diff] [blame]112 " Max-agE = 567", &max_age, &include_subdomains));
113 EXPECT_EQ(max_age, 567);
114 EXPECT_FALSE(include_subdomains);
115
[email protected]2fc4c212010-03-10 18:59:06[diff] [blame]116 EXPECT_TRUE(TransportSecurityState::ParseHeader(
[email protected]326e6792009-12-11 21:04:42[diff] [blame]117 " mAx-aGe = 890 ", &max_age, &include_subdomains));
118 EXPECT_EQ(max_age, 890);
119 EXPECT_FALSE(include_subdomains);
120
[email protected]2fc4c212010-03-10 18:59:06[diff] [blame]121 EXPECT_TRUE(TransportSecurityState::ParseHeader(
[email protected]326e6792009-12-11 21:04:42[diff] [blame]122 "max-age=123;incLudesUbdOmains", &max_age, &include_subdomains));
123 EXPECT_EQ(max_age, 123);
124 EXPECT_TRUE(include_subdomains);
125
[email protected]2fc4c212010-03-10 18:59:06[diff] [blame]126 EXPECT_TRUE(TransportSecurityState::ParseHeader(
[email protected]326e6792009-12-11 21:04:42[diff] [blame]127 "max-age=394082; incLudesUbdOmains", &max_age, &include_subdomains));
128 EXPECT_EQ(max_age, 394082);
129 EXPECT_TRUE(include_subdomains);
130
[email protected]2fc4c212010-03-10 18:59:06[diff] [blame]131 EXPECT_TRUE(TransportSecurityState::ParseHeader(
[email protected]326e6792009-12-11 21:04:42[diff] [blame]132 "max-age=39408299 ;incLudesUbdOmains", &max_age, &include_subdomains));
[email protected]337a4052010-11-30 15:09:33[diff] [blame]133 EXPECT_EQ(max_age,
134 std::min(TransportSecurityState::kMaxHSTSAgeSecs, 39408299l));
[email protected]326e6792009-12-11 21:04:42[diff] [blame]135 EXPECT_TRUE(include_subdomains);
136
[email protected]2fc4c212010-03-10 18:59:06[diff] [blame]137 EXPECT_TRUE(TransportSecurityState::ParseHeader(
[email protected]326e6792009-12-11 21:04:42[diff] [blame]138 "max-age=394082038 ; incLudesUbdOmains", &max_age, &include_subdomains));
[email protected]337a4052010-11-30 15:09:33[diff] [blame]139 EXPECT_EQ(max_age,
140 std::min(TransportSecurityState::kMaxHSTSAgeSecs, 394082038l));
[email protected]326e6792009-12-11 21:04:42[diff] [blame]141 EXPECT_TRUE(include_subdomains);
142
[email protected]2fc4c212010-03-10 18:59:06[diff] [blame]143 EXPECT_TRUE(TransportSecurityState::ParseHeader(
[email protected]326e6792009-12-11 21:04:42[diff] [blame]144 " max-age=0 ; incLudesUbdOmains ", &max_age, &include_subdomains));
145 EXPECT_EQ(max_age, 0);
146 EXPECT_TRUE(include_subdomains);
[email protected]337a4052010-11-30 15:09:33[diff] [blame]147
148 EXPECT_TRUE(TransportSecurityState::ParseHeader(
149 " max-age=999999999999999999999999999999999999999999999 ;"
150 " incLudesUbdOmains ",
151 &max_age, &include_subdomains));
152 EXPECT_EQ(max_age, TransportSecurityState::kMaxHSTSAgeSecs);
153 EXPECT_TRUE(include_subdomains);
[email protected]326e6792009-12-11 21:04:42[diff] [blame]154}
155
156TEST_F(TransportSecurityStateTest, SimpleMatches) {
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]157 TransportSecurityState state("");
[email protected]2fc4c212010-03-10 18:59:06[diff] [blame]158 TransportSecurityState::DomainState domain_state;
[email protected]326e6792009-12-11 21:04:42[diff] [blame]159 const base::Time current_time(base::Time::Now());
160 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
161
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]162 EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "yahoo.com", true));
[email protected]326e6792009-12-11 21:04:42[diff] [blame]163 domain_state.expiry = expiry;
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]164 state.EnableHost("yahoo.com", domain_state);
165 EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "yahoo.com", true));
[email protected]326e6792009-12-11 21:04:42[diff] [blame]166}
167
168TEST_F(TransportSecurityStateTest, MatchesCase1) {
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]169 TransportSecurityState state("");
[email protected]2fc4c212010-03-10 18:59:06[diff] [blame]170 TransportSecurityState::DomainState domain_state;
[email protected]326e6792009-12-11 21:04:42[diff] [blame]171 const base::Time current_time(base::Time::Now());
172 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
173
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]174 EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "yahoo.com", true));
[email protected]326e6792009-12-11 21:04:42[diff] [blame]175 domain_state.expiry = expiry;
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]176 state.EnableHost("YAhoo.coM", domain_state);
177 EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "yahoo.com", true));
[email protected]326e6792009-12-11 21:04:42[diff] [blame]178}
179
180TEST_F(TransportSecurityStateTest, MatchesCase2) {
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]181 TransportSecurityState state("");
[email protected]2fc4c212010-03-10 18:59:06[diff] [blame]182 TransportSecurityState::DomainState domain_state;
[email protected]326e6792009-12-11 21:04:42[diff] [blame]183 const base::Time current_time(base::Time::Now());
184 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
185
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]186 EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "YAhoo.coM", true));
[email protected]326e6792009-12-11 21:04:42[diff] [blame]187 domain_state.expiry = expiry;
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]188 state.EnableHost("yahoo.com", domain_state);
189 EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "YAhoo.coM", true));
[email protected]326e6792009-12-11 21:04:42[diff] [blame]190}
191
192TEST_F(TransportSecurityStateTest, SubdomainMatches) {
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]193 TransportSecurityState state("");
[email protected]2fc4c212010-03-10 18:59:06[diff] [blame]194 TransportSecurityState::DomainState domain_state;
[email protected]326e6792009-12-11 21:04:42[diff] [blame]195 const base::Time current_time(base::Time::Now());
196 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
197
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]198 EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "yahoo.com", true));
[email protected]326e6792009-12-11 21:04:42[diff] [blame]199 domain_state.expiry = expiry;
200 domain_state.include_subdomains = true;
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]201 state.EnableHost("yahoo.com", domain_state);
202 EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "yahoo.com", true));
203 EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "foo.yahoo.com", true));
204 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
205 "foo.bar.yahoo.com",
206 true));
207 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
208 "foo.bar.baz.yahoo.com",
209 true));
210 EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "com", true));
[email protected]326e6792009-12-11 21:04:42[diff] [blame]211}
212
213TEST_F(TransportSecurityStateTest, Serialise1) {
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]214 TransportSecurityState state("");
[email protected]326e6792009-12-11 21:04:42[diff] [blame]215 std::string output;
[email protected]4d0d8082010-02-23 01:03:10[diff] [blame]216 bool dirty;
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]217 state.Serialise(&output);
218 EXPECT_TRUE(state.LoadEntries(output, &dirty));
[email protected]4d0d8082010-02-23 01:03:10[diff] [blame]219 EXPECT_FALSE(dirty);
[email protected]326e6792009-12-11 21:04:42[diff] [blame]220}
221
222TEST_F(TransportSecurityStateTest, Serialise2) {
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]223 TransportSecurityState state("");
[email protected]2fc4c212010-03-10 18:59:06[diff] [blame]224 TransportSecurityState::DomainState domain_state;
[email protected]326e6792009-12-11 21:04:42[diff] [blame]225 const base::Time current_time(base::Time::Now());
226 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
227
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]228 EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "yahoo.com", true));
[email protected]2fc4c212010-03-10 18:59:06[diff] [blame]229 domain_state.mode = TransportSecurityState::DomainState::MODE_STRICT;
[email protected]326e6792009-12-11 21:04:42[diff] [blame]230 domain_state.expiry = expiry;
231 domain_state.include_subdomains = true;
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]232 state.EnableHost("yahoo.com", domain_state);
[email protected]326e6792009-12-11 21:04:42[diff] [blame]233
234 std::string output;
[email protected]4d0d8082010-02-23 01:03:10[diff] [blame]235 bool dirty;
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]236 state.Serialise(&output);
237 EXPECT_TRUE(state.LoadEntries(output, &dirty));
[email protected]326e6792009-12-11 21:04:42[diff] [blame]238
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]239 EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "yahoo.com", true));
[email protected]2fc4c212010-03-10 18:59:06[diff] [blame]240 EXPECT_EQ(domain_state.mode, TransportSecurityState::DomainState::MODE_STRICT);
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]241 EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "foo.yahoo.com", true));
[email protected]2fc4c212010-03-10 18:59:06[diff] [blame]242 EXPECT_EQ(domain_state.mode, TransportSecurityState::DomainState::MODE_STRICT);
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]243 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
244 "foo.bar.yahoo.com",
245 true));
[email protected]2fc4c212010-03-10 18:59:06[diff] [blame]246 EXPECT_EQ(domain_state.mode, TransportSecurityState::DomainState::MODE_STRICT);
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]247 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
248 "foo.bar.baz.yahoo.com",
249 true));
[email protected]b7f9fb22011-04-09 20:28:47[diff] [blame]250 EXPECT_EQ(domain_state.mode, TransportSecurityState::DomainState::MODE_STRICT);
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]251 EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "com", true));
[email protected]326e6792009-12-11 21:04:42[diff] [blame]252}
253
[email protected]4d0d8082010-02-23 01:03:10[diff] [blame]254TEST_F(TransportSecurityStateTest, DeleteSince) {
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]255 TransportSecurityState state("");
[email protected]2fc4c212010-03-10 18:59:06[diff] [blame]256 TransportSecurityState::DomainState domain_state;
[email protected]4d0d8082010-02-23 01:03:10[diff] [blame]257 const base::Time current_time(base::Time::Now());
258 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
259 const base::Time older = current_time - base::TimeDelta::FromSeconds(1000);
260
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]261 EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "yahoo.com", true));
[email protected]2fc4c212010-03-10 18:59:06[diff] [blame]262 domain_state.mode = TransportSecurityState::DomainState::MODE_STRICT;
[email protected]4d0d8082010-02-23 01:03:10[diff] [blame]263 domain_state.expiry = expiry;
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]264 state.EnableHost("yahoo.com", domain_state);
[email protected]4d0d8082010-02-23 01:03:10[diff] [blame]265
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]266 state.DeleteSince(expiry);
267 EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "yahoo.com", true));
268 state.DeleteSince(older);
269 EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "yahoo.com", true));
[email protected]4d0d8082010-02-23 01:03:10[diff] [blame]270}
271
[email protected]f060be32011-02-17 17:20:28[diff] [blame]272TEST_F(TransportSecurityStateTest, DeleteHost) {
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]273 TransportSecurityState state("");
[email protected]f060be32011-02-17 17:20:28[diff] [blame]274 TransportSecurityState::DomainState domain_state;
275 const base::Time current_time(base::Time::Now());
276 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
277 domain_state.mode = TransportSecurityState::DomainState::MODE_STRICT;
278 domain_state.expiry = expiry;
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]279 state.EnableHost("yahoo.com", domain_state);
[email protected]f060be32011-02-17 17:20:28[diff] [blame]280
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]281 EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "yahoo.com", true));
282 EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "example.com", true));
283 EXPECT_TRUE(state.DeleteHost("yahoo.com"));
284 EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "yahoo.com", true));
[email protected]f060be32011-02-17 17:20:28[diff] [blame]285}
286
[email protected]4d0d8082010-02-23 01:03:10[diff] [blame]287TEST_F(TransportSecurityStateTest, SerialiseOld) {
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]288 TransportSecurityState state("");
[email protected]4d0d8082010-02-23 01:03:10[diff] [blame]289 // This is an old-style piece of transport state JSON, which has no creation
290 // date.
291 std::string output =
292 "{ "
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]293 "\"NiyD+3J1r6z1wjl2n1ALBu94Zj9OsEAMo0kCN8js0Uk=\": {"
294 "\"expiry\": 1266815027.983453, "
295 "\"include_subdomains\": false, "
296 "\"mode\": \"strict\" "
297 "}"
[email protected]4d0d8082010-02-23 01:03:10[diff] [blame]298 "}";
299 bool dirty;
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]300 EXPECT_TRUE(state.LoadEntries(output, &dirty));
[email protected]4d0d8082010-02-23 01:03:10[diff] [blame]301 EXPECT_TRUE(dirty);
302}
303
[email protected]2fc4c212010-03-10 18:59:06[diff] [blame]304TEST_F(TransportSecurityStateTest, IsPreloaded) {
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]305 TransportSecurityState state("");
[email protected]d7cf831a2011-05-02 22:18:48[diff] [blame]306
[email protected]2fc4c212010-03-10 18:59:06[diff] [blame]307 const std::string paypal =
[email protected]f060be32011-02-17 17:20:28[diff] [blame]308 TransportSecurityState::CanonicalizeHost("paypal.com");
[email protected]2fc4c212010-03-10 18:59:06[diff] [blame]309 const std::string www_paypal =
[email protected]f060be32011-02-17 17:20:28[diff] [blame]310 TransportSecurityState::CanonicalizeHost("www.paypal.com");
[email protected]2fc4c212010-03-10 18:59:06[diff] [blame]311 const std::string a_www_paypal =
[email protected]f060be32011-02-17 17:20:28[diff] [blame]312 TransportSecurityState::CanonicalizeHost("a.www.paypal.com");
[email protected]2fc4c212010-03-10 18:59:06[diff] [blame]313 const std::string abc_paypal =
[email protected]f060be32011-02-17 17:20:28[diff] [blame]314 TransportSecurityState::CanonicalizeHost("a.b.c.paypal.com");
[email protected]2fc4c212010-03-10 18:59:06[diff] [blame]315 const std::string example =
[email protected]f060be32011-02-17 17:20:28[diff] [blame]316 TransportSecurityState::CanonicalizeHost("example.com");
[email protected]2fc4c212010-03-10 18:59:06[diff] [blame]317 const std::string aypal =
[email protected]f060be32011-02-17 17:20:28[diff] [blame]318 TransportSecurityState::CanonicalizeHost("aypal.com");
[email protected]2fc4c212010-03-10 18:59:06[diff] [blame]319
[email protected]aa904432011-04-21 00:07:16[diff] [blame]320 TransportSecurityState::DomainState domain_state;
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]321 EXPECT_FALSE(state.IsPreloadedSTS(paypal, true, &domain_state));
322 EXPECT_TRUE(state.IsPreloadedSTS(www_paypal, true, &domain_state));
[email protected]aa904432011-04-21 00:07:16[diff] [blame]323 EXPECT_FALSE(domain_state.include_subdomains);
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]324 EXPECT_FALSE(state.IsPreloadedSTS(a_www_paypal, true, &domain_state));
325 EXPECT_FALSE(state.IsPreloadedSTS(abc_paypal, true, &domain_state));
326 EXPECT_FALSE(state.IsPreloadedSTS(example, true, &domain_state));
327 EXPECT_FALSE(state.IsPreloadedSTS(aypal, true, &domain_state));
[email protected]2fc4c212010-03-10 18:59:06[diff] [blame]328}
329
330TEST_F(TransportSecurityStateTest, Preloaded) {
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]331 TransportSecurityState state("");
[email protected]2fc4c212010-03-10 18:59:06[diff] [blame]332 TransportSecurityState::DomainState domain_state;
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]333 EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "paypal.com", true));
334 EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "www.paypal.com", true));
[email protected]2fc4c212010-03-10 18:59:06[diff] [blame]335 EXPECT_EQ(domain_state.mode,
336 TransportSecurityState::DomainState::MODE_STRICT);
[email protected]f060be32011-02-17 17:20:28[diff] [blame]337 EXPECT_TRUE(domain_state.preloaded);
[email protected]2fc4c212010-03-10 18:59:06[diff] [blame]338 EXPECT_FALSE(domain_state.include_subdomains);
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]339 EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "www2.paypal.com", true));
340 EXPECT_FALSE(state.IsEnabledForHost(&domain_state,
341 "a.www.paypal.com",
342 true));
[email protected]f091469f2010-05-05 21:05:28[diff] [blame]343
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]344 EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "elanex.biz", true));
345 EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "www.elanex.biz", true));
[email protected]f091469f2010-05-05 21:05:28[diff] [blame]346 EXPECT_EQ(domain_state.mode,
347 TransportSecurityState::DomainState::MODE_STRICT);
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]348 EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "foo.elanex.biz", true));
349 EXPECT_FALSE(state.IsEnabledForHost(&domain_state,
350 "a.foo.elanex.biz",
[email protected]b7f9fb22011-04-09 20:28:47[diff] [blame]351 true));
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]352
353 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
354 "sunshinepress.org",
355 true));
[email protected]0ae0f3e2010-07-26 18:16:31[diff] [blame]356 EXPECT_EQ(domain_state.mode,
357 TransportSecurityState::DomainState::MODE_STRICT);
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]358 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
359 "www.sunshinepress.org",
360 true));
361 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
362 "a.b.sunshinepress.org",
363 true));
364
365 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
366 "www.noisebridge.net",
367 true));
368 EXPECT_FALSE(state.IsEnabledForHost(&domain_state,
369 "noisebridge.net",
[email protected]b7f9fb22011-04-09 20:28:47[diff] [blame]370 true));
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]371 EXPECT_FALSE(state.IsEnabledForHost(&domain_state,
372 "foo.noisebridge.net",
[email protected]b7f9fb22011-04-09 20:28:47[diff] [blame]373 true));
[email protected]bee76312011-03-17 18:35:35[diff] [blame]374
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]375 EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "neg9.org", true));
376 EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "www.neg9.org", true));
[email protected]b4adfdf02011-03-18 20:54:43[diff] [blame]377
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]378 EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "riseup.net", true));
379 EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "foo.riseup.net", true));
[email protected]abaeacb2011-03-21 13:43:17[diff] [blame]380
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]381 EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "factor.cc", true));
382 EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "www.factor.cc", true));
[email protected]88ec4442011-03-21 13:49:14[diff] [blame]383
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]384 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
385 "members.mayfirst.org",
386 true));
387 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
388 "support.mayfirst.org",
389 true));
390 EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "id.mayfirst.org", true));
391 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
392 "lists.mayfirst.org",
393 true));
394 EXPECT_FALSE(state.IsEnabledForHost(&domain_state,
395 "www.mayfirst.org",
[email protected]b7f9fb22011-04-09 20:28:47[diff] [blame]396 true));
397
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]398 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
399 "splendidbacon.com",
400 true));
401 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
402 "www.splendidbacon.com",
403 true));
404 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
405 "foo.splendidbacon.com",
406 true));
[email protected]b7f9fb22011-04-09 20:28:47[diff] [blame]407
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]408 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
409 "chrome.google.com",
410 true));
411 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
412 "checkout.google.com",
413 true));
414 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
415 "health.google.com",
416 true));
417 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
418 "aladdinschools.appspot.com",
419 true));
420 EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "ottospora.nl", true));
421 EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "www.ottospora.nl", true));
[email protected]b7f9fb22011-04-09 20:28:47[diff] [blame]422
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]423 EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "docs.google.com", true));
424 EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "sites.google.com", true));
425 EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "drive.google.com", true));
426 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
427 "spreadsheets.google.com",
428 true));
429 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
430 "appengine.google.com",
431 true));
432
433 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
434 "www.paycheckrecords.com",
435 true));
436 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
437 "market.android.com",
438 true));
[email protected]aa904432011-04-21 00:07:16[diff] [blame]439 // The domain wasn't being set, leading to a blank string in the
440 // chrome://net-internals/#hsts UI. So test that.
441 EXPECT_EQ(domain_state.domain, "market.android.com");
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]442 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
443 "sub.market.android.com",
444 true));
[email protected]aa904432011-04-21 00:07:16[diff] [blame]445 EXPECT_EQ(domain_state.domain, "market.android.com");
[email protected]b7f9fb22011-04-09 20:28:47[diff] [blame]446
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]447 EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "lastpass.com", true));
448 EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "www.lastpass.com", true));
449 EXPECT_FALSE(state.IsEnabledForHost(&domain_state,
450 "blog.lastpass.com",
[email protected]6a571112011-04-28 23:00:03[diff] [blame]451 true));
452
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]453 EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "keyerror.com", true));
454 EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "www.keyerror.com", true));
[email protected]6a571112011-04-28 23:00:03[diff] [blame]455
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]456 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
457 "encrypted.google.com",
458 true));
459 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
460 "accounts.google.com",
461 true));
462 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
463 "profiles.google.com",
464 true));
465 EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "mail.google.com", true));
466 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
467 "chatenabled.mail.google.com",
468 true));
469 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
470 "talkgadget.google.com",
471 true));
472 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
473 "hostedtalkgadget.google.com",
474 true));
475 EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "talk.google.com", true));
476 EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "plus.google.com", true));
477
478 EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "entropia.de", true));
479 EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "www.entropia.de", true));
480 EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "foo.entropia.de", true));
481
482 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
483 "ssl.google-analytics.com",
484 true));
485
486 EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "www.google.com", true));
487 EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "google.com", true));
488 EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "www.youtube.com", true));
489 EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "youtube.com", true));
490 EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "i.ytimg.com", true));
491 EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "ytimg.com", true));
492 EXPECT_FALSE(state.IsEnabledForHost(&domain_state,
493 "googleusercontent.com",
494 true));
495 EXPECT_FALSE(state.IsEnabledForHost(&domain_state,
496 "www.googleusercontent.com",
497 true));
498 EXPECT_FALSE(state.IsEnabledForHost(&domain_state,
499 "www.google-analytics.com",
500 true));
501 EXPECT_FALSE(state.IsEnabledForHost(&domain_state,
502 "google-analytics.com",
503 true));
504 EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "googleapis.com", true));
505 EXPECT_FALSE(state.IsEnabledForHost(&domain_state,
506 "googleadservices.com",
507 true));
508 EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "googlecode.com", true));
509 EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "appspot.com", true));
510 EXPECT_FALSE(state.IsEnabledForHost(&domain_state,
511 "googlesyndication.com",
512 true));
513 EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "doubleclick.net", true));
514 EXPECT_FALSE(state.IsEnabledForHost(&domain_state,
515 "googlegroups.com",
516 true));
517
518 EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "gmail.com", true));
519 EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "www.gmail.com", true));
520 EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "m.gmail.com", true));
521 EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "googlemail.com", true));
522 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
523 "www.googlemail.com",
524 true));
525 EXPECT_FALSE(state.IsEnabledForHost(&domain_state,
526 "m.googlemail.com",
527 true));
528 EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "gmail.com", false));
529 EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "www.gmail.com", false));
530 EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "m.gmail.com", false));
531 EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "googlemail.com", false));
532 EXPECT_FALSE(state.IsEnabledForHost(&domain_state,
[email protected]b7f9fb22011-04-09 20:28:47[diff] [blame]533 "www.googlemail.com",
[email protected]229f8fda2011-05-04 21:03:05[diff] [blame]534 false));
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]535 EXPECT_FALSE(state.IsEnabledForHost(&domain_state,
536 "m.googlemail.com",
[email protected]c6bf6512011-05-05 15:00:13[diff] [blame]537 false));
[email protected]0a86afa2011-10-14 00:54:51[diff] [blame^]538 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
539 "www.googleplex.com",
540 true));
[email protected]bef90f32011-05-13 19:25:25[diff] [blame]541
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]542 EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "romab.com", false));
543 EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "www.romab.com", false));
544 EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "foo.romab.com", false));
545
546 EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "logentries.com", false));
547 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
548 "www.logentries.com",
549 false));
550 EXPECT_FALSE(state.IsEnabledForHost(&domain_state,
551 "foo.logentries.com",
[email protected]bef90f32011-05-13 19:25:25[diff] [blame]552 false));
[email protected]4e7075a2011-05-16 17:44:06[diff] [blame]553
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]554 EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "stripe.com", false));
555 EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "foo.stripe.com", false));
556
557 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
558 "cloudsecurityalliance.org",
559 false));
560 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
561 "foo.cloudsecurityalliance.org",
562 false));
563
564 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
565 "login.sapo.pt",
566 false));
567 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
568 "foo.login.sapo.pt",
569 false));
570
571 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
572 "mattmccutchen.net",
573 false));
574 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
575 "foo.mattmccutchen.net",
576 false));
577
578 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
579 "betnet.fr",
580 false));
581 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
582 "foo.betnet.fr",
583 false));
584
585 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
586 "uprotect.it",
587 false));
588 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
589 "foo.uprotect.it",
590 false));
591
592 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
593 "squareup.com",
594 false));
595 EXPECT_FALSE(state.IsEnabledForHost(&domain_state,
596 "foo.squareup.com",
[email protected]4e7075a2011-05-16 17:44:06[diff] [blame]597 false));
[email protected]0526e7a2011-05-19 16:49:40[diff] [blame]598
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]599 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
600 "cert.se",
601 false));
602 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
603 "foo.cert.se",
604 false));
605
606 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
607 "crypto.is",
608 false));
609 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
610 "foo.crypto.is",
611 false));
612
613 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
614 "simon.butcher.name",
615 false));
616 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
617 "foo.simon.butcher.name",
618 false));
619
620 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
621 "linx.net",
622 false));
623 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
624 "foo.linx.net",
625 false));
626
627 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
628 "dropcam.com",
629 false));
630 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
[email protected]da0e0252011-10-12 16:52:53[diff] [blame]631 "www.dropcam.com",
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]632 false));
[email protected]da0e0252011-10-12 16:52:53[diff] [blame]633 EXPECT_FALSE(state.IsEnabledForHost(&domain_state,
634 "foo.dropcam.com",
635 false));
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]636
637 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
638 "ebanking.indovinabank.com.vn",
639 false));
640 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
641 "foo.ebanking.indovinabank.com.vn",
642 false));
643
644 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
645 "epoxate.com",
646 false));
647 EXPECT_FALSE(state.IsEnabledForHost(&domain_state,
648 "foo.epoxate.com",
[email protected]0526e7a2011-05-19 16:49:40[diff] [blame]649 false));
[email protected]5287d0092011-05-30 19:19:36[diff] [blame]650
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]651 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
652 "torproject.org",
653 false));
[email protected]7179d2f42011-09-07 21:08:40[diff] [blame]654 EXPECT_TRUE(domain_state.public_key_hashes.size() != 0);
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]655 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
656 "www.torproject.org",
657 false));
[email protected]7179d2f42011-09-07 21:08:40[diff] [blame]658 EXPECT_TRUE(domain_state.public_key_hashes.size() != 0);
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]659 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
660 "check.torproject.org",
661 false));
[email protected]7179d2f42011-09-07 21:08:40[diff] [blame]662 EXPECT_TRUE(domain_state.public_key_hashes.size() != 0);
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]663 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
664 "blog.torproject.org",
665 false));
[email protected]7179d2f42011-09-07 21:08:40[diff] [blame]666 EXPECT_TRUE(domain_state.public_key_hashes.size() != 0);
667
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]668 EXPECT_FALSE(state.IsEnabledForHost(&domain_state,
669 "foo.torproject.org",
[email protected]d43846e2011-09-09 19:21:23[diff] [blame]670 false));
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]671
672 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
673 "www.moneybookers.com",
674 false));
675 EXPECT_FALSE(state.IsEnabledForHost(&domain_state,
[email protected]d43846e2011-09-09 19:21:23[diff] [blame]676 "moneybookers.com",
677 false));
678
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]679 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
680 "ledgerscope.net",
681 false));
682 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
683 "www.ledgerscope.net",
684 false));
685 EXPECT_FALSE(state.IsEnabledForHost(&domain_state,
686 "status.ledgerscope.net",
[email protected]e59d0fa2011-09-16 13:19:08[diff] [blame]687 false));
688
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]689 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
690 "kyps.net",
691 false));
692 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
693 "www.kyps.net",
694 false));
695 EXPECT_FALSE(state.IsEnabledForHost(&domain_state,
696 "foo.kyps.net",
[email protected]e59d0fa2011-09-16 13:19:08[diff] [blame]697 false));
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]698
699 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
700 "foo.app.recurly.com",
701 false));
702 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
703 "foo.api.recurly.com",
704 false));
705
706 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
707 "greplin.com",
708 false));
709 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
710 "www.greplin.com",
711 false));
712 EXPECT_FALSE(state.IsEnabledForHost(&domain_state,
713 "foo.greplin.com",
[email protected]e59d0fa2011-09-16 13:19:08[diff] [blame]714 false));
[email protected]94fb7aec2011-09-29 22:20:19[diff] [blame]715 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
716 "luneta.nearbuysystems.com",
717 false));
718 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
719 "foo.luneta.nearbuysystems.com",
720 false));
[email protected]e0a18fe2011-10-12 14:26:05[diff] [blame]721 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
722 "ubertt.org",
723 false));
724 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
725 "foo.ubertt.org",
726 false));
727
[email protected]7ccf34e2011-10-04 18:29:29[diff] [blame]728
729#if defined(OS_CHROMEOS)
730 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
731 "twitter.com",
732 false));
733#else
734 EXPECT_FALSE(state.IsEnabledForHost(&domain_state,
735 "twitter.com",
736 false));
737#endif
[email protected]2fc4c212010-03-10 18:59:06[diff] [blame]738}
739
[email protected]442845a2010-09-01 16:57:33[diff] [blame]740TEST_F(TransportSecurityStateTest, LongNames) {
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]741 TransportSecurityState state("");
[email protected]442845a2010-09-01 16:57:33[diff] [blame]742 const char kLongName[] =
743 "lookupByWaveIdHashAndWaveIdIdAndWaveIdDomainAndWaveletIdIdAnd"
744 "WaveletIdDomainAndBlipBlipid";
745 TransportSecurityState::DomainState domain_state;
746 // Just checks that we don't hit a NOTREACHED.
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]747 EXPECT_FALSE(state.IsEnabledForHost(&domain_state, kLongName, true));
[email protected]442845a2010-09-01 16:57:33[diff] [blame]748}
749
[email protected]381e8852011-04-14 14:30:58[diff] [blame]750TEST_F(TransportSecurityStateTest, PublicKeyHashes) {
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]751 TransportSecurityState state("");
[email protected]381e8852011-04-14 14:30:58[diff] [blame]752 TransportSecurityState::DomainState domain_state;
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]753 EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "example.com", false));
[email protected]381e8852011-04-14 14:30:58[diff] [blame]754 std::vector<SHA1Fingerprint> hashes;
755 EXPECT_TRUE(domain_state.IsChainOfPublicKeysPermitted(hashes));
756
757 SHA1Fingerprint hash;
758 memset(hash.data, '1', sizeof(hash.data));
759 domain_state.public_key_hashes.push_back(hash);
760
761 EXPECT_FALSE(domain_state.IsChainOfPublicKeysPermitted(hashes));
762 hashes.push_back(hash);
763 EXPECT_TRUE(domain_state.IsChainOfPublicKeysPermitted(hashes));
764 hashes[0].data[0] = '2';
765 EXPECT_FALSE(domain_state.IsChainOfPublicKeysPermitted(hashes));
766
767 const base::Time current_time(base::Time::Now());
768 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
769 domain_state.expiry = expiry;
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]770 state.EnableHost("example.com", domain_state);
[email protected]381e8852011-04-14 14:30:58[diff] [blame]771 std::string ser;
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]772 EXPECT_TRUE(state.Serialise(&ser));
[email protected]381e8852011-04-14 14:30:58[diff] [blame]773 bool dirty;
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]774 EXPECT_TRUE(state.LoadEntries(ser, &dirty));
775 EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "example.com", false));
[email protected]381e8852011-04-14 14:30:58[diff] [blame]776 EXPECT_EQ(1u, domain_state.public_key_hashes.size());
777 EXPECT_TRUE(0 == memcmp(domain_state.public_key_hashes[0].data, hash.data,
778 sizeof(hash.data)));
779}
780
[email protected]938d6a32011-04-25 21:09:38[diff] [blame]781TEST_F(TransportSecurityStateTest, BuiltinCertPins) {
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]782 TransportSecurityState state("");
[email protected]938d6a32011-04-25 21:09:38[diff] [blame]783 TransportSecurityState::DomainState domain_state;
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]784 EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
785 "chrome.google.com",
786 true));
787 EXPECT_TRUE(state.HasPinsForHost(&domain_state, "chrome.google.com", true));
[email protected]938d6a32011-04-25 21:09:38[diff] [blame]788 std::vector<SHA1Fingerprint> hashes;
789 // This essential checks that a built-in list does exist.
790 EXPECT_FALSE(domain_state.IsChainOfPublicKeysPermitted(hashes));
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]791 EXPECT_FALSE(state.HasPinsForHost(&domain_state, "www.paypal.com", true));
[email protected]6a571112011-04-28 23:00:03[diff] [blame]792
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]793 EXPECT_TRUE(state.HasPinsForHost(&domain_state, "docs.google.com", true));
794 EXPECT_TRUE(state.HasPinsForHost(&domain_state, "1.docs.google.com", true));
795 EXPECT_TRUE(state.HasPinsForHost(&domain_state, "sites.google.com", true));
796 EXPECT_TRUE(state.HasPinsForHost(&domain_state, "drive.google.com", true));
797 EXPECT_TRUE(state.HasPinsForHost(&domain_state,
798 "spreadsheets.google.com",
799 true));
800 EXPECT_TRUE(state.HasPinsForHost(&domain_state, "health.google.com", true));
801 EXPECT_TRUE(state.HasPinsForHost(&domain_state,
802 "checkout.google.com",
803 true));
804 EXPECT_TRUE(state.HasPinsForHost(&domain_state,
805 "appengine.google.com",
806 true));
807 EXPECT_TRUE(state.HasPinsForHost(&domain_state, "market.android.com", true));
808 EXPECT_TRUE(state.HasPinsForHost(&domain_state,
809 "encrypted.google.com",
810 true));
811 EXPECT_TRUE(state.HasPinsForHost(&domain_state,
812 "accounts.google.com",
813 true));
814 EXPECT_TRUE(state.HasPinsForHost(&domain_state,
815 "profiles.google.com",
816 true));
817 EXPECT_TRUE(state.HasPinsForHost(&domain_state, "mail.google.com", true));
818 EXPECT_TRUE(state.HasPinsForHost(&domain_state,
819 "chatenabled.mail.google.com",
820 true));
821 EXPECT_TRUE(state.HasPinsForHost(&domain_state,
822 "talkgadget.google.com",
823 true));
824 EXPECT_TRUE(state.HasPinsForHost(&domain_state,
825 "hostedtalkgadget.google.com",
826 true));
827 EXPECT_TRUE(state.HasPinsForHost(&domain_state, "talk.google.com", true));
828 EXPECT_TRUE(state.HasPinsForHost(&domain_state, "plus.google.com", true));
829 EXPECT_TRUE(state.HasPinsForHost(&domain_state, "ssl.gstatic.com", true));
830 EXPECT_FALSE(state.HasPinsForHost(&domain_state, "www.gstatic.com", true));
831 EXPECT_TRUE(state.HasPinsForHost(&domain_state,
832 "ssl.google-analytics.com",
833 true));
[email protected]0a86afa2011-10-14 00:54:51[diff] [blame^]834 EXPECT_TRUE(state.HasPinsForHost(&domain_state, "www.googleplex.com", true));
[email protected]7ccf34e2011-10-04 18:29:29[diff] [blame]835
836 EXPECT_TRUE(state.HasPinsForHost(&domain_state, "twitter.com", true));
837 EXPECT_FALSE(state.HasPinsForHost(&domain_state, "foo.twitter.com", true));
838 EXPECT_TRUE(state.HasPinsForHost(&domain_state, "www.twitter.com", true));
839 EXPECT_TRUE(state.HasPinsForHost(&domain_state, "api.twitter.com", true));
840 EXPECT_TRUE(state.HasPinsForHost(&domain_state, "oauth.twitter.com", true));
841 EXPECT_TRUE(state.HasPinsForHost(&domain_state, "mobile.twitter.com", true));
842 EXPECT_TRUE(state.HasPinsForHost(&domain_state, "dev.twitter.com", true));
843 EXPECT_TRUE(state.HasPinsForHost(&domain_state, "business.twitter.com", true));
[email protected]8f8146f2011-10-12 16:36:09[diff] [blame]844#if 0
845 // Disabled in order to help track down pinning failures --agl
[email protected]7ccf34e2011-10-04 18:29:29[diff] [blame]846 EXPECT_TRUE(state.HasPinsForHost(&domain_state, "platform.twitter.com", true));
847 EXPECT_TRUE(state.HasPinsForHost(&domain_state, "si0.twimg.com", true));
848 EXPECT_TRUE(state.HasPinsForHost(&domain_state, "twimg0-a.akamaihd.net", true));
[email protected]8f8146f2011-10-12 16:36:09[diff] [blame]849#endif
[email protected]dee9ae92011-04-26 03:58:30[diff] [blame]850}
851
852TEST_F(TransportSecurityStateTest, OptionalHSTSCertPins) {
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]853 TransportSecurityState state("");
[email protected]dee9ae92011-04-26 03:58:30[diff] [blame]854 TransportSecurityState::DomainState domain_state;
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]855 EXPECT_FALSE(state.IsEnabledForHost(&domain_state,
856 "www.google-analytics.com",
857 false));
858 EXPECT_FALSE(state.IsEnabledForHost(&domain_state,
859 "www.google-analytics.com",
860 true));
861 EXPECT_FALSE(state.HasPinsForHost(&domain_state,
[email protected]dee9ae92011-04-26 03:58:30[diff] [blame]862 "www.google-analytics.com",
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]863 false));
864 EXPECT_TRUE(state.HasPinsForHost(&domain_state,
865 "www.google-analytics.com",
866 true));
867 EXPECT_TRUE(state.HasPinsForHost(&domain_state, "google.com", true));
868 EXPECT_TRUE(state.HasPinsForHost(&domain_state, "www.google.com", true));
869 EXPECT_TRUE(state.HasPinsForHost(&domain_state,
870 "mail-attachment.googleusercontent.com",
871 true));
872 EXPECT_TRUE(state.HasPinsForHost(&domain_state, "www.youtube.com", true));
873 EXPECT_TRUE(state.HasPinsForHost(&domain_state, "i.ytimg.com", true));
874 EXPECT_TRUE(state.HasPinsForHost(&domain_state, "googleapis.com", true));
875 EXPECT_TRUE(state.HasPinsForHost(&domain_state,
876 "ajax.googleapis.com",
877 true));
878 EXPECT_TRUE(state.HasPinsForHost(&domain_state,
879 "googleadservices.com",
880 true));
881 EXPECT_TRUE(state.HasPinsForHost(&domain_state,
882 "pagead2.googleadservices.com",
883 true));
884 EXPECT_TRUE(state.HasPinsForHost(&domain_state, "googlecode.com", true));
885 EXPECT_TRUE(state.HasPinsForHost(&domain_state,
886 "kibbles.googlecode.com",
887 true));
888 EXPECT_TRUE(state.HasPinsForHost(&domain_state, "appspot.com", true));
889 EXPECT_TRUE(state.HasPinsForHost(&domain_state,
890 "googlesyndication.com",
891 true));
892 EXPECT_TRUE(state.HasPinsForHost(&domain_state, "doubleclick.net", true));
893 EXPECT_TRUE(state.HasPinsForHost(&domain_state, "ad.doubleclick.net", true));
894 EXPECT_FALSE(state.HasPinsForHost(&domain_state,
895 "learn.doubleclick.net",
[email protected]dee9ae92011-04-26 03:58:30[diff] [blame]896 true));
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]897 EXPECT_TRUE(state.HasPinsForHost(&domain_state, "a.googlegroups.com", true));
898 EXPECT_FALSE(state.HasPinsForHost(&domain_state,
899 "a.googlegroups.com",
900 false));
[email protected]938d6a32011-04-25 21:09:38[diff] [blame]901}
902
[email protected]d7cf831a2011-05-02 22:18:48[diff] [blame]903TEST_F(TransportSecurityStateTest, ForcePreloads) {
904 // This is a docs.google.com override.
905 std::string preload("{"
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]906 "\"4AGT3lHihuMSd5rUj7B4u6At0jlSH3HFePovjPR+oLE=\": {"
907 "\"created\": 0.0,"
908 "\"expiry\": 2000000000.0,"
909 "\"include_subdomains\": false,"
910 "\"mode\": \"none\""
911 "}}");
[email protected]d7cf831a2011-05-02 22:18:48[diff] [blame]912
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]913 TransportSecurityState state(preload);
[email protected]d7cf831a2011-05-02 22:18:48[diff] [blame]914 TransportSecurityState::DomainState domain_state;
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]915 EXPECT_FALSE(state.HasPinsForHost(&domain_state, "docs.google.com", true));
916 EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "docs.google.com", true));
[email protected]d7cf831a2011-05-02 22:18:48[diff] [blame]917}
918
[email protected]55cb21182011-05-09 19:55:00[diff] [blame]919TEST_F(TransportSecurityStateTest, OverrideBuiltins) {
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]920 TransportSecurityState state("");
[email protected]55cb21182011-05-09 19:55:00[diff] [blame]921 TransportSecurityState::DomainState domain_state;
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]922 EXPECT_TRUE(state.HasPinsForHost(&domain_state, "google.com", true));
923 EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "google.com", true));
924 EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "www.google.com", true));
[email protected]55cb21182011-05-09 19:55:00[diff] [blame]925
926 domain_state = TransportSecurityState::DomainState();
927 const base::Time current_time(base::Time::Now());
928 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
929 domain_state.expiry = expiry;
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]930 state.EnableHost("www.google.com", domain_state);
[email protected]55cb21182011-05-09 19:55:00[diff] [blame]931
[email protected]edbc4f92011-09-27 21:04:49[diff] [blame]932 EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "www.google.com", true));
[email protected]55cb21182011-05-09 19:55:00[diff] [blame]933}
934
[email protected]ae780c82011-09-20 19:39:06[diff] [blame]935static const uint8 kSidePinLeafSPKI[] = {
936 0x30, 0x5c, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
937 0x01, 0x01, 0x05, 0x00, 0x03, 0x4b, 0x00, 0x30, 0x48, 0x02, 0x41, 0x00, 0xe4,
938 0x1d, 0xcc, 0xf2, 0x92, 0xe7, 0x7a, 0xc6, 0x36, 0xf7, 0x1a, 0x62, 0x31, 0x7d,
939 0x37, 0xea, 0x0d, 0xa2, 0xa8, 0x12, 0x2b, 0xc2, 0x1c, 0x82, 0x3e, 0xa5, 0x70,
940 0x4a, 0x83, 0x5d, 0x9b, 0x84, 0x82, 0x70, 0xa4, 0x88, 0x98, 0x98, 0x41, 0x29,
941 0x31, 0xcb, 0x6e, 0x2a, 0x54, 0x65, 0x14, 0x60, 0xcc, 0x00, 0xe8, 0x10, 0x30,
942 0x0a, 0x4a, 0xd1, 0xa7, 0x52, 0xfe, 0x2d, 0x31, 0x2a, 0x1d, 0x0d, 0x02, 0x03,
943 0x01, 0x00, 0x01,
944};
945
946static const uint8 kSidePinInfo[] = {
947 0x01, 0x00, 0x53, 0x50, 0x49, 0x4e, 0xa0, 0x00, 0x03, 0x00, 0x53, 0x49, 0x47,
948 0x00, 0x50, 0x55, 0x42, 0x4b, 0x41, 0x4c, 0x47, 0x4f, 0x47, 0x00, 0x41, 0x00,
949 0x04, 0x00, 0x30, 0x45, 0x02, 0x21, 0x00, 0xfb, 0x26, 0xd5, 0xe8, 0x76, 0x35,
950 0x96, 0x6d, 0x91, 0x9b, 0x5b, 0x27, 0xe6, 0x09, 0x1c, 0x7b, 0x6c, 0xcd, 0xc8,
951 0x10, 0x25, 0x95, 0xc0, 0xa5, 0xf6, 0x6c, 0x6f, 0xfb, 0x59, 0x1e, 0x2d, 0xf4,
952 0x02, 0x20, 0x33, 0x0a, 0xf8, 0x8b, 0x3e, 0xc4, 0xca, 0x75, 0x28, 0xdf, 0x5f,
953 0xab, 0xe4, 0x46, 0xa0, 0xdd, 0x2d, 0xe5, 0xad, 0xc3, 0x81, 0x44, 0x70, 0xb2,
954 0x10, 0x87, 0xe8, 0xc3, 0xd6, 0x6e, 0x12, 0x5d, 0x04, 0x67, 0x0b, 0x7d, 0xf2,
955 0x99, 0x75, 0x57, 0x99, 0x3a, 0x98, 0xf8, 0xe4, 0xdf, 0x79, 0xdf, 0x8e, 0x02,
956 0x2c, 0xbe, 0xd8, 0xfd, 0x75, 0x80, 0x18, 0xb1, 0x6f, 0x43, 0xd9, 0x8a, 0x79,
957 0xc3, 0x6e, 0x18, 0xdf, 0x79, 0xc0, 0x59, 0xab, 0xd6, 0x77, 0x37, 0x6a, 0x94,
958 0x5a, 0x7e, 0xfb, 0xa9, 0xc5, 0x54, 0x14, 0x3a, 0x7b, 0x97, 0x17, 0x2a, 0xb6,
959 0x1e, 0x59, 0x4f, 0x2f, 0xb1, 0x15, 0x1a, 0x34, 0x50, 0x32, 0x35, 0x36,
960};
961
962static const uint8 kSidePinExpectedHash[20] = {
963 0xb5, 0x91, 0x66, 0x47, 0x43, 0x16, 0x62, 0x86, 0xd4, 0x1e, 0x5d, 0x36, 0xe1,
964 0xc4, 0x09, 0x3d, 0x2d, 0x1d, 0xea, 0x1e,
965};
966
967TEST_F(TransportSecurityStateTest, ParseSidePins) {
[email protected]ae780c82011-09-20 19:39:06[diff] [blame]968
969 base::StringPiece leaf_spki(reinterpret_cast<const char*>(kSidePinLeafSPKI),
970 sizeof(kSidePinLeafSPKI));
971 base::StringPiece side_info(reinterpret_cast<const char*>(kSidePinInfo),
972 sizeof(kSidePinInfo));
973
974 std::vector<SHA1Fingerprint> pub_key_hashes;
975 EXPECT_TRUE(TransportSecurityState::ParseSidePin(
976 leaf_spki, side_info, &pub_key_hashes));
977 ASSERT_EQ(1u, pub_key_hashes.size());
978 EXPECT_TRUE(0 == memcmp(pub_key_hashes[0].data, kSidePinExpectedHash,
979 sizeof(kSidePinExpectedHash)));
980}
981
982TEST_F(TransportSecurityStateTest, ParseSidePinsFailsWithBadData) {
[email protected]ae780c82011-09-20 19:39:06[diff] [blame]983
984 uint8 leaf_spki_copy[sizeof(kSidePinLeafSPKI)];
985 memcpy(leaf_spki_copy, kSidePinLeafSPKI, sizeof(leaf_spki_copy));
986
987 uint8 side_info_copy[sizeof(kSidePinInfo)];
988 memcpy(side_info_copy, kSidePinInfo, sizeof(kSidePinInfo));
989
990 base::StringPiece leaf_spki(reinterpret_cast<const char*>(leaf_spki_copy),
991 sizeof(leaf_spki_copy));
992 base::StringPiece side_info(reinterpret_cast<const char*>(side_info_copy),
993 sizeof(side_info_copy));
994 std::vector<SHA1Fingerprint> pub_key_hashes;
995
996 // Tweak |leaf_spki| and expect a failure.
997 leaf_spki_copy[10] ^= 1;
998 EXPECT_FALSE(TransportSecurityState::ParseSidePin(
999 leaf_spki, side_info, &pub_key_hashes));
1000 ASSERT_EQ(0u, pub_key_hashes.size());
1001
1002 // Undo the change to |leaf_spki| and tweak |side_info|.
1003 leaf_spki_copy[10] ^= 1;
1004 side_info_copy[30] ^= 1;
1005 EXPECT_FALSE(TransportSecurityState::ParseSidePin(
1006 leaf_spki, side_info, &pub_key_hashes));
1007 ASSERT_EQ(0u, pub_key_hashes.size());
1008}
1009
1010TEST_F(TransportSecurityStateTest, DISABLED_ParseSidePinsFuzz) {
1011 // Disabled because it's too slow for normal tests. Run manually when
1012 // changing the underlying code.
1013
[email protected]ae780c82011-09-20 19:39:06[diff] [blame]1014 base::StringPiece leaf_spki(reinterpret_cast<const char*>(kSidePinLeafSPKI),
1015 sizeof(kSidePinLeafSPKI));
1016 uint8 side_info_copy[sizeof(kSidePinInfo)];
1017 base::StringPiece side_info(reinterpret_cast<const char*>(side_info_copy),
1018 sizeof(side_info_copy));
1019 std::vector<SHA1Fingerprint> pub_key_hashes;
1020 static const size_t bit_length = sizeof(kSidePinInfo) * 8;
1021
1022 for (size_t bit_to_flip = 0; bit_to_flip < bit_length; bit_to_flip++) {
1023 memcpy(side_info_copy, kSidePinInfo, sizeof(kSidePinInfo));
1024
1025 size_t byte = bit_to_flip >> 3;
1026 size_t bit = bit_to_flip & 7;
1027 side_info_copy[byte] ^= (1 << bit);
1028
1029 EXPECT_FALSE(TransportSecurityState::ParseSidePin(
1030 leaf_spki, side_info, &pub_key_hashes));
1031 ASSERT_EQ(0u, pub_key_hashes.size());
1032 }
1033}
1034
[email protected]2fc4c212010-03-10 18:59:06[diff] [blame]1035} // namespace net