Home | History | Annotate | Download | only in base
      1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #include "net/base/transport_security_state.h"
      6 #include "testing/gtest/include/gtest/gtest.h"
      7 
      8 namespace net {
      9 
     10 class TransportSecurityStateTest : public testing::Test {
     11 };
     12 
     13 TEST_F(TransportSecurityStateTest, BogusHeaders) {
     14   int max_age = 42;
     15   bool include_subdomains = false;
     16 
     17   EXPECT_FALSE(TransportSecurityState::ParseHeader(
     18       "", &max_age, &include_subdomains));
     19   EXPECT_FALSE(TransportSecurityState::ParseHeader(
     20       "    ", &max_age, &include_subdomains));
     21   EXPECT_FALSE(TransportSecurityState::ParseHeader(
     22       "abc", &max_age, &include_subdomains));
     23   EXPECT_FALSE(TransportSecurityState::ParseHeader(
     24       "  abc", &max_age, &include_subdomains));
     25   EXPECT_FALSE(TransportSecurityState::ParseHeader(
     26       "  abc   ", &max_age, &include_subdomains));
     27   EXPECT_FALSE(TransportSecurityState::ParseHeader(
     28       "max-age", &max_age, &include_subdomains));
     29   EXPECT_FALSE(TransportSecurityState::ParseHeader(
     30       "  max-age", &max_age, &include_subdomains));
     31   EXPECT_FALSE(TransportSecurityState::ParseHeader(
     32       "  max-age  ", &max_age, &include_subdomains));
     33   EXPECT_FALSE(TransportSecurityState::ParseHeader(
     34       "max-age=", &max_age, &include_subdomains));
     35   EXPECT_FALSE(TransportSecurityState::ParseHeader(
     36       "   max-age=", &max_age, &include_subdomains));
     37   EXPECT_FALSE(TransportSecurityState::ParseHeader(
     38       "   max-age  =", &max_age, &include_subdomains));
     39   EXPECT_FALSE(TransportSecurityState::ParseHeader(
     40       "   max-age=   ", &max_age, &include_subdomains));
     41   EXPECT_FALSE(TransportSecurityState::ParseHeader(
     42       "   max-age  =     ", &max_age, &include_subdomains));
     43   EXPECT_FALSE(TransportSecurityState::ParseHeader(
     44       "   max-age  =     xy", &max_age, &include_subdomains));
     45   EXPECT_FALSE(TransportSecurityState::ParseHeader(
     46       "   max-age  =     3488a923", &max_age, &include_subdomains));
     47   EXPECT_FALSE(TransportSecurityState::ParseHeader(
     48       "max-age=3488a923  ", &max_age, &include_subdomains));
     49   EXPECT_FALSE(TransportSecurityState::ParseHeader(
     50       "max-ag=3488923", &max_age, &include_subdomains));
     51   EXPECT_FALSE(TransportSecurityState::ParseHeader(
     52       "max-aged=3488923", &max_age, &include_subdomains));
     53   EXPECT_FALSE(TransportSecurityState::ParseHeader(
     54       "max-age==3488923", &max_age, &include_subdomains));
     55   EXPECT_FALSE(TransportSecurityState::ParseHeader(
     56       "amax-age=3488923", &max_age, &include_subdomains));
     57   EXPECT_FALSE(TransportSecurityState::ParseHeader(
     58       "max-age=-3488923", &max_age, &include_subdomains));
     59   EXPECT_FALSE(TransportSecurityState::ParseHeader(
     60       "max-age=3488923;", &max_age, &include_subdomains));
     61   EXPECT_FALSE(TransportSecurityState::ParseHeader(
     62       "max-age=3488923     e", &max_age, &include_subdomains));
     63   EXPECT_FALSE(TransportSecurityState::ParseHeader(
     64       "max-age=3488923     includesubdomain", &max_age, &include_subdomains));
     65   EXPECT_FALSE(TransportSecurityState::ParseHeader(
     66       "max-age=3488923includesubdomains", &max_age, &include_subdomains));
     67   EXPECT_FALSE(TransportSecurityState::ParseHeader(
     68       "max-age=3488923=includesubdomains", &max_age, &include_subdomains));
     69   EXPECT_FALSE(TransportSecurityState::ParseHeader(
     70       "max-age=3488923 includesubdomainx", &max_age, &include_subdomains));
     71   EXPECT_FALSE(TransportSecurityState::ParseHeader(
     72       "max-age=3488923 includesubdomain=", &max_age, &include_subdomains));
     73   EXPECT_FALSE(TransportSecurityState::ParseHeader(
     74       "max-age=3488923 includesubdomain=true", &max_age, &include_subdomains));
     75   EXPECT_FALSE(TransportSecurityState::ParseHeader(
     76       "max-age=3488923 includesubdomainsx", &max_age, &include_subdomains));
     77   EXPECT_FALSE(TransportSecurityState::ParseHeader(
     78       "max-age=3488923 includesubdomains x", &max_age, &include_subdomains));
     79   EXPECT_FALSE(TransportSecurityState::ParseHeader(
     80       "max-age=34889.23 includesubdomains", &max_age, &include_subdomains));
     81   EXPECT_FALSE(TransportSecurityState::ParseHeader(
     82       "max-age=34889 includesubdomains", &max_age, &include_subdomains));
     83 
     84   EXPECT_EQ(max_age, 42);
     85   EXPECT_FALSE(include_subdomains);
     86 }
     87 
     88 TEST_F(TransportSecurityStateTest, ValidHeaders) {
     89   int max_age = 42;
     90   bool include_subdomains = true;
     91 
     92   EXPECT_TRUE(TransportSecurityState::ParseHeader(
     93       "max-age=243", &max_age, &include_subdomains));
     94   EXPECT_EQ(max_age, 243);
     95   EXPECT_FALSE(include_subdomains);
     96 
     97   EXPECT_TRUE(TransportSecurityState::ParseHeader(
     98       "  Max-agE    = 567", &max_age, &include_subdomains));
     99   EXPECT_EQ(max_age, 567);
    100   EXPECT_FALSE(include_subdomains);
    101 
    102   EXPECT_TRUE(TransportSecurityState::ParseHeader(
    103       "  mAx-aGe    = 890      ", &max_age, &include_subdomains));
    104   EXPECT_EQ(max_age, 890);
    105   EXPECT_FALSE(include_subdomains);
    106 
    107   EXPECT_TRUE(TransportSecurityState::ParseHeader(
    108       "max-age=123;incLudesUbdOmains", &max_age, &include_subdomains));
    109   EXPECT_EQ(max_age, 123);
    110   EXPECT_TRUE(include_subdomains);
    111 
    112   EXPECT_TRUE(TransportSecurityState::ParseHeader(
    113       "max-age=394082;  incLudesUbdOmains", &max_age, &include_subdomains));
    114   EXPECT_EQ(max_age, 394082);
    115   EXPECT_TRUE(include_subdomains);
    116 
    117   EXPECT_TRUE(TransportSecurityState::ParseHeader(
    118       "max-age=39408299  ;incLudesUbdOmains", &max_age, &include_subdomains));
    119   EXPECT_EQ(max_age,
    120             std::min(TransportSecurityState::kMaxHSTSAgeSecs, 39408299l));
    121   EXPECT_TRUE(include_subdomains);
    122 
    123   EXPECT_TRUE(TransportSecurityState::ParseHeader(
    124       "max-age=394082038  ;  incLudesUbdOmains", &max_age, &include_subdomains));
    125   EXPECT_EQ(max_age,
    126             std::min(TransportSecurityState::kMaxHSTSAgeSecs, 394082038l));
    127   EXPECT_TRUE(include_subdomains);
    128 
    129   EXPECT_TRUE(TransportSecurityState::ParseHeader(
    130       "  max-age=0  ;  incLudesUbdOmains   ", &max_age, &include_subdomains));
    131   EXPECT_EQ(max_age, 0);
    132   EXPECT_TRUE(include_subdomains);
    133 
    134   EXPECT_TRUE(TransportSecurityState::ParseHeader(
    135       "  max-age=999999999999999999999999999999999999999999999  ;"
    136       "  incLudesUbdOmains   ",
    137       &max_age, &include_subdomains));
    138   EXPECT_EQ(max_age, TransportSecurityState::kMaxHSTSAgeSecs);
    139   EXPECT_TRUE(include_subdomains);
    140 }
    141 
    142 TEST_F(TransportSecurityStateTest, SimpleMatches) {
    143   scoped_refptr<TransportSecurityState> state(
    144       new TransportSecurityState);
    145   TransportSecurityState::DomainState domain_state;
    146   const base::Time current_time(base::Time::Now());
    147   const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
    148 
    149   EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "google.com", true));
    150   domain_state.expiry = expiry;
    151   state->EnableHost("google.com", domain_state);
    152   EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "google.com", true));
    153 }
    154 
    155 TEST_F(TransportSecurityStateTest, MatchesCase1) {
    156   scoped_refptr<TransportSecurityState> state(
    157       new TransportSecurityState);
    158   TransportSecurityState::DomainState domain_state;
    159   const base::Time current_time(base::Time::Now());
    160   const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
    161 
    162   EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "google.com", true));
    163   domain_state.expiry = expiry;
    164   state->EnableHost("GOOgle.coM", domain_state);
    165   EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "google.com", true));
    166 }
    167 
    168 TEST_F(TransportSecurityStateTest, MatchesCase2) {
    169   scoped_refptr<TransportSecurityState> state(
    170       new TransportSecurityState);
    171   TransportSecurityState::DomainState domain_state;
    172   const base::Time current_time(base::Time::Now());
    173   const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
    174 
    175   EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "GOOgle.coM", true));
    176   domain_state.expiry = expiry;
    177   state->EnableHost("google.com", domain_state);
    178   EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "GOOgle.coM", true));
    179 }
    180 
    181 TEST_F(TransportSecurityStateTest, SubdomainMatches) {
    182   scoped_refptr<TransportSecurityState> state(
    183       new TransportSecurityState);
    184   TransportSecurityState::DomainState domain_state;
    185   const base::Time current_time(base::Time::Now());
    186   const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
    187 
    188   EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "google.com", true));
    189   domain_state.expiry = expiry;
    190   domain_state.include_subdomains = true;
    191   state->EnableHost("google.com", domain_state);
    192   EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "google.com", true));
    193   EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "foo.google.com", true));
    194   EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
    195                                       "foo.bar.google.com",
    196                                       true));
    197   EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
    198                                       "foo.bar.baz.google.com",
    199                                       true));
    200   EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "com", true));
    201 }
    202 
    203 TEST_F(TransportSecurityStateTest, Serialise1) {
    204   scoped_refptr<TransportSecurityState> state(
    205       new TransportSecurityState);
    206   std::string output;
    207   bool dirty;
    208   state->Serialise(&output);
    209   EXPECT_TRUE(state->LoadEntries(output, &dirty));
    210   EXPECT_FALSE(dirty);
    211 }
    212 
    213 TEST_F(TransportSecurityStateTest, Serialise2) {
    214   scoped_refptr<TransportSecurityState> state(
    215       new TransportSecurityState);
    216 
    217   TransportSecurityState::DomainState domain_state;
    218   const base::Time current_time(base::Time::Now());
    219   const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
    220 
    221   EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "google.com", true));
    222   domain_state.mode = TransportSecurityState::DomainState::MODE_STRICT;
    223   domain_state.expiry = expiry;
    224   domain_state.include_subdomains = true;
    225   state->EnableHost("google.com", domain_state);
    226 
    227   std::string output;
    228   bool dirty;
    229   state->Serialise(&output);
    230   EXPECT_TRUE(state->LoadEntries(output, &dirty));
    231 
    232   EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "google.com", true));
    233   EXPECT_EQ(domain_state.mode, TransportSecurityState::DomainState::MODE_STRICT);
    234   EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "foo.google.com", true));
    235   EXPECT_EQ(domain_state.mode, TransportSecurityState::DomainState::MODE_STRICT);
    236   EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
    237                                       "foo.bar.google.com",
    238                                       true));
    239   EXPECT_EQ(domain_state.mode, TransportSecurityState::DomainState::MODE_STRICT);
    240   EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
    241                                       "foo.bar.baz.google.com",
    242                                       true));
    243   EXPECT_EQ(domain_state.mode, TransportSecurityState::DomainState::MODE_STRICT);
    244   EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "com", true));
    245 }
    246 
    247 TEST_F(TransportSecurityStateTest, Serialise3) {
    248   scoped_refptr<TransportSecurityState> state(
    249       new TransportSecurityState);
    250 
    251   TransportSecurityState::DomainState domain_state;
    252   const base::Time current_time(base::Time::Now());
    253   const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
    254 
    255   EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "google.com", true));
    256   domain_state.mode = TransportSecurityState::DomainState::MODE_OPPORTUNISTIC;
    257   domain_state.expiry = expiry;
    258   state->EnableHost("google.com", domain_state);
    259 
    260   std::string output;
    261   bool dirty;
    262   state->Serialise(&output);
    263   EXPECT_TRUE(state->LoadEntries(output, &dirty));
    264 
    265   EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "google.com", true));
    266   EXPECT_EQ(domain_state.mode,
    267             TransportSecurityState::DomainState::MODE_OPPORTUNISTIC);
    268 }
    269 
    270 TEST_F(TransportSecurityStateTest, DeleteSince) {
    271   scoped_refptr<TransportSecurityState> state(
    272       new TransportSecurityState);
    273 
    274   TransportSecurityState::DomainState domain_state;
    275   const base::Time current_time(base::Time::Now());
    276   const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
    277   const base::Time older = current_time - base::TimeDelta::FromSeconds(1000);
    278 
    279   EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "google.com", true));
    280   domain_state.mode = TransportSecurityState::DomainState::MODE_STRICT;
    281   domain_state.expiry = expiry;
    282   state->EnableHost("google.com", domain_state);
    283 
    284   state->DeleteSince(expiry);
    285   EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "google.com", true));
    286   state->DeleteSince(older);
    287   EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "google.com", true));
    288 }
    289 
    290 TEST_F(TransportSecurityStateTest, DeleteHost) {
    291   scoped_refptr<TransportSecurityState> state(
    292       new TransportSecurityState);
    293 
    294   TransportSecurityState::DomainState domain_state;
    295   const base::Time current_time(base::Time::Now());
    296   const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
    297   domain_state.mode = TransportSecurityState::DomainState::MODE_STRICT;
    298   domain_state.expiry = expiry;
    299   state->EnableHost("google.com", domain_state);
    300 
    301   EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "google.com", true));
    302   EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "example.com", true));
    303   EXPECT_TRUE(state->DeleteHost("google.com"));
    304   EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "google.com", true));
    305 }
    306 
    307 TEST_F(TransportSecurityStateTest, SerialiseOld) {
    308   scoped_refptr<TransportSecurityState> state(
    309       new TransportSecurityState);
    310   // This is an old-style piece of transport state JSON, which has no creation
    311   // date.
    312   std::string output =
    313       "{ "
    314         "\"NiyD+3J1r6z1wjl2n1ALBu94Zj9OsEAMo0kCN8js0Uk=\": {"
    315           "\"expiry\": 1266815027.983453, "
    316           "\"include_subdomains\": false, "
    317           "\"mode\": \"strict\" "
    318         "}"
    319       "}";
    320   bool dirty;
    321   EXPECT_TRUE(state->LoadEntries(output, &dirty));
    322   EXPECT_TRUE(dirty);
    323 }
    324 
    325 TEST_F(TransportSecurityStateTest, IsPreloaded) {
    326   const std::string paypal =
    327       TransportSecurityState::CanonicalizeHost("paypal.com");
    328   const std::string www_paypal =
    329       TransportSecurityState::CanonicalizeHost("www.paypal.com");
    330   const std::string a_www_paypal =
    331       TransportSecurityState::CanonicalizeHost("a.www.paypal.com");
    332   const std::string abc_paypal =
    333       TransportSecurityState::CanonicalizeHost("a.b.c.paypal.com");
    334   const std::string example =
    335       TransportSecurityState::CanonicalizeHost("example.com");
    336   const std::string aypal =
    337       TransportSecurityState::CanonicalizeHost("aypal.com");
    338 
    339   TransportSecurityState::DomainState domain_state;
    340   EXPECT_FALSE(TransportSecurityState::IsPreloadedSTS(
    341       paypal, true, &domain_state));
    342   EXPECT_TRUE(TransportSecurityState::IsPreloadedSTS(
    343       www_paypal, true, &domain_state));
    344   EXPECT_FALSE(domain_state.include_subdomains);
    345   EXPECT_FALSE(TransportSecurityState::IsPreloadedSTS(
    346       a_www_paypal, true, &domain_state));
    347   EXPECT_FALSE(TransportSecurityState::IsPreloadedSTS(
    348       abc_paypal, true, &domain_state));
    349   EXPECT_FALSE(TransportSecurityState::IsPreloadedSTS(
    350       example, true, &domain_state));
    351   EXPECT_FALSE(TransportSecurityState::IsPreloadedSTS(
    352       aypal, true, &domain_state));
    353 }
    354 
    355 TEST_F(TransportSecurityStateTest, Preloaded) {
    356   scoped_refptr<TransportSecurityState> state(
    357       new TransportSecurityState);
    358   TransportSecurityState::DomainState domain_state;
    359   EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "paypal.com", true));
    360   EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.paypal.com", true));
    361   EXPECT_EQ(domain_state.mode,
    362             TransportSecurityState::DomainState::MODE_STRICT);
    363   EXPECT_TRUE(domain_state.preloaded);
    364   EXPECT_FALSE(domain_state.include_subdomains);
    365   EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "www2.paypal.com", true));
    366   EXPECT_FALSE(state->IsEnabledForHost(&domain_state,
    367                                        "a.www.paypal.com",
    368                                        true));
    369 
    370   EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "elanex.biz", true));
    371   EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.elanex.biz", true));
    372   EXPECT_EQ(domain_state.mode,
    373             TransportSecurityState::DomainState::MODE_STRICT);
    374   EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "foo.elanex.biz", true));
    375   EXPECT_FALSE(state->IsEnabledForHost(&domain_state,
    376                                        "a.foo.elanex.biz",
    377                                        true));
    378 
    379   EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
    380                                       "sunshinepress.org",
    381                                       true));
    382   EXPECT_EQ(domain_state.mode,
    383             TransportSecurityState::DomainState::MODE_STRICT);
    384   EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
    385                                       "www.sunshinepress.org",
    386                                       true));
    387   EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
    388                                       "a.b.sunshinepress.org",
    389                                       true));
    390 
    391   EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
    392                                       "www.noisebridge.net",
    393                                       true));
    394   EXPECT_FALSE(state->IsEnabledForHost(&domain_state,
    395                                        "noisebridge.net",
    396                                        true));
    397   EXPECT_FALSE(state->IsEnabledForHost(&domain_state,
    398                                        "foo.noisebridge.net",
    399                                        true));
    400 
    401   EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "neg9.org", true));
    402   EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "www.neg9.org", true));
    403 
    404   EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "riseup.net", true));
    405   EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "foo.riseup.net", true));
    406 
    407   EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "factor.cc", true));
    408   EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "www.factor.cc", true));
    409 
    410   EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
    411                                       "members.mayfirst.org",
    412                                       true));
    413   EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
    414                                       "support.mayfirst.org",
    415                                       true));
    416   EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "id.mayfirst.org", true));
    417   EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
    418                                       "lists.mayfirst.org",
    419                                       true));
    420   EXPECT_FALSE(state->IsEnabledForHost(&domain_state,
    421                                        "www.mayfirst.org",
    422                                        true));
    423 
    424   EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
    425                                       "splendidbacon.com",
    426                                       true));
    427   EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
    428                                       "www.splendidbacon.com",
    429                                       true));
    430   EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
    431                                       "foo.splendidbacon.com",
    432                                       true));
    433 
    434   EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
    435                                       "chrome.google.com",
    436                                       true));
    437   EXPECT_FALSE(state->IsEnabledForHost(&domain_state,
    438                                        "foo.latest.chrome.google.com",
    439                                        true));
    440   EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
    441                                       "latest.chrome.google.com",
    442                                       true));
    443   EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
    444                                       "checkout.google.com",
    445                                       true));
    446   EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
    447                                       "health.google.com",
    448                                       true));
    449   EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
    450                                       "aladdinschools.appspot.com",
    451                                       true));
    452   EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "ottospora.nl", true));
    453   EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.ottospora.nl", true));
    454 
    455   EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "docs.google.com", true));
    456   EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "sites.google.com", true));
    457   EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
    458                                       "spreadsheets.google.com",
    459                                       true));
    460   EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
    461                                       "appengine.google.com",
    462                                       true));
    463 
    464   EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
    465                                       "www.paycheckrecords.com",
    466                                       true));
    467   EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
    468                                       "market.android.com",
    469                                       true));
    470   // The domain wasn't being set, leading to a blank string in the
    471   // chrome://net-internals/#hsts UI. So test that.
    472   EXPECT_EQ(domain_state.domain, "market.android.com");
    473   EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
    474                                       "sub.market.android.com",
    475                                       true));
    476   EXPECT_EQ(domain_state.domain, "market.android.com");
    477 
    478   EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "lastpass.com", true));
    479   EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.lastpass.com", true));
    480   EXPECT_FALSE(state->IsEnabledForHost(&domain_state,
    481                                        "blog.lastpass.com",
    482                                        true));
    483 
    484   EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "keyerror.com", true));
    485   EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.keyerror.com", true));
    486 
    487   EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
    488                                       "encrypted.google.com",
    489                                       true));
    490   EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
    491                                       "accounts.google.com",
    492                                       true));
    493 
    494   EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "entropia.de", true));
    495   EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.entropia.de", true));
    496   EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "foo.entropia.de", true));
    497 
    498   EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "gmail.com", true));
    499   EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.gmail.com", true));
    500   EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "m.gmail.com", true));
    501   EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "googlemail.com", true));
    502   EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
    503                                       "www.googlemail.com",
    504                                       true));
    505   EXPECT_FALSE(state->IsEnabledForHost(&domain_state,
    506                                        "m.googlemail.com",
    507                                        true));
    508   EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "gmail.com", false));
    509   EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "www.gmail.com", false));
    510   EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "m.gmail.com", false));
    511   EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "googlemail.com", false));
    512   EXPECT_FALSE(state->IsEnabledForHost(&domain_state,
    513                                        "www.googlemail.com",
    514                                        false));
    515   EXPECT_FALSE(state->IsEnabledForHost(&domain_state,
    516                                        "m.googlemail.com",
    517                                        false));
    518 }
    519 
    520 TEST_F(TransportSecurityStateTest, LongNames) {
    521   scoped_refptr<TransportSecurityState> state(
    522       new TransportSecurityState);
    523   const char kLongName[] =
    524       "lookupByWaveIdHashAndWaveIdIdAndWaveIdDomainAndWaveletIdIdAnd"
    525       "WaveletIdDomainAndBlipBlipid";
    526   TransportSecurityState::DomainState domain_state;
    527   // Just checks that we don't hit a NOTREACHED.
    528   EXPECT_FALSE(state->IsEnabledForHost(&domain_state, kLongName, true));
    529 }
    530 
    531 TEST_F(TransportSecurityStateTest, PublicKeyHashes) {
    532   scoped_refptr<TransportSecurityState> state(
    533       new TransportSecurityState);
    534 
    535   TransportSecurityState::DomainState domain_state;
    536   EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "example.com", false));
    537   std::vector<SHA1Fingerprint> hashes;
    538   EXPECT_TRUE(domain_state.IsChainOfPublicKeysPermitted(hashes));
    539 
    540   SHA1Fingerprint hash;
    541   memset(hash.data, '1', sizeof(hash.data));
    542   domain_state.public_key_hashes.push_back(hash);
    543 
    544   EXPECT_FALSE(domain_state.IsChainOfPublicKeysPermitted(hashes));
    545   hashes.push_back(hash);
    546   EXPECT_TRUE(domain_state.IsChainOfPublicKeysPermitted(hashes));
    547   hashes[0].data[0] = '2';
    548   EXPECT_FALSE(domain_state.IsChainOfPublicKeysPermitted(hashes));
    549 
    550   const base::Time current_time(base::Time::Now());
    551   const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
    552   domain_state.expiry = expiry;
    553   state->EnableHost("example.com", domain_state);
    554   std::string ser;
    555   EXPECT_TRUE(state->Serialise(&ser));
    556   bool dirty;
    557   EXPECT_TRUE(state->LoadEntries(ser, &dirty));
    558   EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "example.com", false));
    559   EXPECT_EQ(1u, domain_state.public_key_hashes.size());
    560   EXPECT_TRUE(0 == memcmp(domain_state.public_key_hashes[0].data, hash.data,
    561                           sizeof(hash.data)));
    562 }
    563 
    564 }  // namespace net
    565