1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "net/base/transport_security_state.h" 6 #include "testing/gtest/include/gtest/gtest.h" 7 8 namespace net { 9 10 class TransportSecurityStateTest : public testing::Test { 11 }; 12 13 TEST_F(TransportSecurityStateTest, BogusHeaders) { 14 int max_age = 42; 15 bool include_subdomains = false; 16 17 EXPECT_FALSE(TransportSecurityState::ParseHeader( 18 "", &max_age, &include_subdomains)); 19 EXPECT_FALSE(TransportSecurityState::ParseHeader( 20 " ", &max_age, &include_subdomains)); 21 EXPECT_FALSE(TransportSecurityState::ParseHeader( 22 "abc", &max_age, &include_subdomains)); 23 EXPECT_FALSE(TransportSecurityState::ParseHeader( 24 " abc", &max_age, &include_subdomains)); 25 EXPECT_FALSE(TransportSecurityState::ParseHeader( 26 " abc ", &max_age, &include_subdomains)); 27 EXPECT_FALSE(TransportSecurityState::ParseHeader( 28 "max-age", &max_age, &include_subdomains)); 29 EXPECT_FALSE(TransportSecurityState::ParseHeader( 30 " max-age", &max_age, &include_subdomains)); 31 EXPECT_FALSE(TransportSecurityState::ParseHeader( 32 " max-age ", &max_age, &include_subdomains)); 33 EXPECT_FALSE(TransportSecurityState::ParseHeader( 34 "max-age=", &max_age, &include_subdomains)); 35 EXPECT_FALSE(TransportSecurityState::ParseHeader( 36 " max-age=", &max_age, &include_subdomains)); 37 EXPECT_FALSE(TransportSecurityState::ParseHeader( 38 " max-age =", &max_age, &include_subdomains)); 39 EXPECT_FALSE(TransportSecurityState::ParseHeader( 40 " max-age= ", &max_age, &include_subdomains)); 41 EXPECT_FALSE(TransportSecurityState::ParseHeader( 42 " max-age = ", &max_age, &include_subdomains)); 43 EXPECT_FALSE(TransportSecurityState::ParseHeader( 44 " max-age = xy", &max_age, &include_subdomains)); 45 EXPECT_FALSE(TransportSecurityState::ParseHeader( 46 " max-age = 3488a923", &max_age, &include_subdomains)); 47 EXPECT_FALSE(TransportSecurityState::ParseHeader( 48 "max-age=3488a923 ", &max_age, &include_subdomains)); 49 EXPECT_FALSE(TransportSecurityState::ParseHeader( 50 "max-ag=3488923", &max_age, &include_subdomains)); 51 EXPECT_FALSE(TransportSecurityState::ParseHeader( 52 "max-aged=3488923", &max_age, &include_subdomains)); 53 EXPECT_FALSE(TransportSecurityState::ParseHeader( 54 "max-age==3488923", &max_age, &include_subdomains)); 55 EXPECT_FALSE(TransportSecurityState::ParseHeader( 56 "amax-age=3488923", &max_age, &include_subdomains)); 57 EXPECT_FALSE(TransportSecurityState::ParseHeader( 58 "max-age=-3488923", &max_age, &include_subdomains)); 59 EXPECT_FALSE(TransportSecurityState::ParseHeader( 60 "max-age=3488923;", &max_age, &include_subdomains)); 61 EXPECT_FALSE(TransportSecurityState::ParseHeader( 62 "max-age=3488923 e", &max_age, &include_subdomains)); 63 EXPECT_FALSE(TransportSecurityState::ParseHeader( 64 "max-age=3488923 includesubdomain", &max_age, &include_subdomains)); 65 EXPECT_FALSE(TransportSecurityState::ParseHeader( 66 "max-age=3488923includesubdomains", &max_age, &include_subdomains)); 67 EXPECT_FALSE(TransportSecurityState::ParseHeader( 68 "max-age=3488923=includesubdomains", &max_age, &include_subdomains)); 69 EXPECT_FALSE(TransportSecurityState::ParseHeader( 70 "max-age=3488923 includesubdomainx", &max_age, &include_subdomains)); 71 EXPECT_FALSE(TransportSecurityState::ParseHeader( 72 "max-age=3488923 includesubdomain=", &max_age, &include_subdomains)); 73 EXPECT_FALSE(TransportSecurityState::ParseHeader( 74 "max-age=3488923 includesubdomain=true", &max_age, &include_subdomains)); 75 EXPECT_FALSE(TransportSecurityState::ParseHeader( 76 "max-age=3488923 includesubdomainsx", &max_age, &include_subdomains)); 77 EXPECT_FALSE(TransportSecurityState::ParseHeader( 78 "max-age=3488923 includesubdomains x", &max_age, &include_subdomains)); 79 EXPECT_FALSE(TransportSecurityState::ParseHeader( 80 "max-age=34889.23 includesubdomains", &max_age, &include_subdomains)); 81 EXPECT_FALSE(TransportSecurityState::ParseHeader( 82 "max-age=34889 includesubdomains", &max_age, &include_subdomains)); 83 84 EXPECT_EQ(max_age, 42); 85 EXPECT_FALSE(include_subdomains); 86 } 87 88 TEST_F(TransportSecurityStateTest, ValidHeaders) { 89 int max_age = 42; 90 bool include_subdomains = true; 91 92 EXPECT_TRUE(TransportSecurityState::ParseHeader( 93 "max-age=243", &max_age, &include_subdomains)); 94 EXPECT_EQ(max_age, 243); 95 EXPECT_FALSE(include_subdomains); 96 97 EXPECT_TRUE(TransportSecurityState::ParseHeader( 98 " Max-agE = 567", &max_age, &include_subdomains)); 99 EXPECT_EQ(max_age, 567); 100 EXPECT_FALSE(include_subdomains); 101 102 EXPECT_TRUE(TransportSecurityState::ParseHeader( 103 " mAx-aGe = 890 ", &max_age, &include_subdomains)); 104 EXPECT_EQ(max_age, 890); 105 EXPECT_FALSE(include_subdomains); 106 107 EXPECT_TRUE(TransportSecurityState::ParseHeader( 108 "max-age=123;incLudesUbdOmains", &max_age, &include_subdomains)); 109 EXPECT_EQ(max_age, 123); 110 EXPECT_TRUE(include_subdomains); 111 112 EXPECT_TRUE(TransportSecurityState::ParseHeader( 113 "max-age=394082; incLudesUbdOmains", &max_age, &include_subdomains)); 114 EXPECT_EQ(max_age, 394082); 115 EXPECT_TRUE(include_subdomains); 116 117 EXPECT_TRUE(TransportSecurityState::ParseHeader( 118 "max-age=39408299 ;incLudesUbdOmains", &max_age, &include_subdomains)); 119 EXPECT_EQ(max_age, 120 std::min(TransportSecurityState::kMaxHSTSAgeSecs, 39408299l)); 121 EXPECT_TRUE(include_subdomains); 122 123 EXPECT_TRUE(TransportSecurityState::ParseHeader( 124 "max-age=394082038 ; incLudesUbdOmains", &max_age, &include_subdomains)); 125 EXPECT_EQ(max_age, 126 std::min(TransportSecurityState::kMaxHSTSAgeSecs, 394082038l)); 127 EXPECT_TRUE(include_subdomains); 128 129 EXPECT_TRUE(TransportSecurityState::ParseHeader( 130 " max-age=0 ; incLudesUbdOmains ", &max_age, &include_subdomains)); 131 EXPECT_EQ(max_age, 0); 132 EXPECT_TRUE(include_subdomains); 133 134 EXPECT_TRUE(TransportSecurityState::ParseHeader( 135 " max-age=999999999999999999999999999999999999999999999 ;" 136 " incLudesUbdOmains ", 137 &max_age, &include_subdomains)); 138 EXPECT_EQ(max_age, TransportSecurityState::kMaxHSTSAgeSecs); 139 EXPECT_TRUE(include_subdomains); 140 } 141 142 TEST_F(TransportSecurityStateTest, SimpleMatches) { 143 scoped_refptr<TransportSecurityState> state( 144 new TransportSecurityState); 145 TransportSecurityState::DomainState domain_state; 146 const base::Time current_time(base::Time::Now()); 147 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); 148 149 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "google.com", true)); 150 domain_state.expiry = expiry; 151 state->EnableHost("google.com", domain_state); 152 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "google.com", true)); 153 } 154 155 TEST_F(TransportSecurityStateTest, MatchesCase1) { 156 scoped_refptr<TransportSecurityState> state( 157 new TransportSecurityState); 158 TransportSecurityState::DomainState domain_state; 159 const base::Time current_time(base::Time::Now()); 160 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); 161 162 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "google.com", true)); 163 domain_state.expiry = expiry; 164 state->EnableHost("GOOgle.coM", domain_state); 165 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "google.com", true)); 166 } 167 168 TEST_F(TransportSecurityStateTest, MatchesCase2) { 169 scoped_refptr<TransportSecurityState> state( 170 new TransportSecurityState); 171 TransportSecurityState::DomainState domain_state; 172 const base::Time current_time(base::Time::Now()); 173 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); 174 175 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "GOOgle.coM", true)); 176 domain_state.expiry = expiry; 177 state->EnableHost("google.com", domain_state); 178 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "GOOgle.coM", true)); 179 } 180 181 TEST_F(TransportSecurityStateTest, SubdomainMatches) { 182 scoped_refptr<TransportSecurityState> state( 183 new TransportSecurityState); 184 TransportSecurityState::DomainState domain_state; 185 const base::Time current_time(base::Time::Now()); 186 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); 187 188 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "google.com", true)); 189 domain_state.expiry = expiry; 190 domain_state.include_subdomains = true; 191 state->EnableHost("google.com", domain_state); 192 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "google.com", true)); 193 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "foo.google.com", true)); 194 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, 195 "foo.bar.google.com", 196 true)); 197 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, 198 "foo.bar.baz.google.com", 199 true)); 200 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "com", true)); 201 } 202 203 TEST_F(TransportSecurityStateTest, Serialise1) { 204 scoped_refptr<TransportSecurityState> state( 205 new TransportSecurityState); 206 std::string output; 207 bool dirty; 208 state->Serialise(&output); 209 EXPECT_TRUE(state->LoadEntries(output, &dirty)); 210 EXPECT_FALSE(dirty); 211 } 212 213 TEST_F(TransportSecurityStateTest, Serialise2) { 214 scoped_refptr<TransportSecurityState> state( 215 new TransportSecurityState); 216 217 TransportSecurityState::DomainState domain_state; 218 const base::Time current_time(base::Time::Now()); 219 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); 220 221 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "google.com", true)); 222 domain_state.mode = TransportSecurityState::DomainState::MODE_STRICT; 223 domain_state.expiry = expiry; 224 domain_state.include_subdomains = true; 225 state->EnableHost("google.com", domain_state); 226 227 std::string output; 228 bool dirty; 229 state->Serialise(&output); 230 EXPECT_TRUE(state->LoadEntries(output, &dirty)); 231 232 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "google.com", true)); 233 EXPECT_EQ(domain_state.mode, TransportSecurityState::DomainState::MODE_STRICT); 234 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "foo.google.com", true)); 235 EXPECT_EQ(domain_state.mode, TransportSecurityState::DomainState::MODE_STRICT); 236 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, 237 "foo.bar.google.com", 238 true)); 239 EXPECT_EQ(domain_state.mode, TransportSecurityState::DomainState::MODE_STRICT); 240 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, 241 "foo.bar.baz.google.com", 242 true)); 243 EXPECT_EQ(domain_state.mode, TransportSecurityState::DomainState::MODE_STRICT); 244 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "com", true)); 245 } 246 247 TEST_F(TransportSecurityStateTest, Serialise3) { 248 scoped_refptr<TransportSecurityState> state( 249 new TransportSecurityState); 250 251 TransportSecurityState::DomainState domain_state; 252 const base::Time current_time(base::Time::Now()); 253 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); 254 255 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "google.com", true)); 256 domain_state.mode = TransportSecurityState::DomainState::MODE_OPPORTUNISTIC; 257 domain_state.expiry = expiry; 258 state->EnableHost("google.com", domain_state); 259 260 std::string output; 261 bool dirty; 262 state->Serialise(&output); 263 EXPECT_TRUE(state->LoadEntries(output, &dirty)); 264 265 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "google.com", true)); 266 EXPECT_EQ(domain_state.mode, 267 TransportSecurityState::DomainState::MODE_OPPORTUNISTIC); 268 } 269 270 TEST_F(TransportSecurityStateTest, DeleteSince) { 271 scoped_refptr<TransportSecurityState> state( 272 new TransportSecurityState); 273 274 TransportSecurityState::DomainState domain_state; 275 const base::Time current_time(base::Time::Now()); 276 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); 277 const base::Time older = current_time - base::TimeDelta::FromSeconds(1000); 278 279 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "google.com", true)); 280 domain_state.mode = TransportSecurityState::DomainState::MODE_STRICT; 281 domain_state.expiry = expiry; 282 state->EnableHost("google.com", domain_state); 283 284 state->DeleteSince(expiry); 285 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "google.com", true)); 286 state->DeleteSince(older); 287 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "google.com", true)); 288 } 289 290 TEST_F(TransportSecurityStateTest, DeleteHost) { 291 scoped_refptr<TransportSecurityState> state( 292 new TransportSecurityState); 293 294 TransportSecurityState::DomainState domain_state; 295 const base::Time current_time(base::Time::Now()); 296 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); 297 domain_state.mode = TransportSecurityState::DomainState::MODE_STRICT; 298 domain_state.expiry = expiry; 299 state->EnableHost("google.com", domain_state); 300 301 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "google.com", true)); 302 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "example.com", true)); 303 EXPECT_TRUE(state->DeleteHost("google.com")); 304 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "google.com", true)); 305 } 306 307 TEST_F(TransportSecurityStateTest, SerialiseOld) { 308 scoped_refptr<TransportSecurityState> state( 309 new TransportSecurityState); 310 // This is an old-style piece of transport state JSON, which has no creation 311 // date. 312 std::string output = 313 "{ " 314 "\"NiyD+3J1r6z1wjl2n1ALBu94Zj9OsEAMo0kCN8js0Uk=\": {" 315 "\"expiry\": 1266815027.983453, " 316 "\"include_subdomains\": false, " 317 "\"mode\": \"strict\" " 318 "}" 319 "}"; 320 bool dirty; 321 EXPECT_TRUE(state->LoadEntries(output, &dirty)); 322 EXPECT_TRUE(dirty); 323 } 324 325 TEST_F(TransportSecurityStateTest, IsPreloaded) { 326 const std::string paypal = 327 TransportSecurityState::CanonicalizeHost("paypal.com"); 328 const std::string www_paypal = 329 TransportSecurityState::CanonicalizeHost("www.paypal.com"); 330 const std::string a_www_paypal = 331 TransportSecurityState::CanonicalizeHost("a.www.paypal.com"); 332 const std::string abc_paypal = 333 TransportSecurityState::CanonicalizeHost("a.b.c.paypal.com"); 334 const std::string example = 335 TransportSecurityState::CanonicalizeHost("example.com"); 336 const std::string aypal = 337 TransportSecurityState::CanonicalizeHost("aypal.com"); 338 339 TransportSecurityState::DomainState domain_state; 340 EXPECT_FALSE(TransportSecurityState::IsPreloadedSTS( 341 paypal, true, &domain_state)); 342 EXPECT_TRUE(TransportSecurityState::IsPreloadedSTS( 343 www_paypal, true, &domain_state)); 344 EXPECT_FALSE(domain_state.include_subdomains); 345 EXPECT_FALSE(TransportSecurityState::IsPreloadedSTS( 346 a_www_paypal, true, &domain_state)); 347 EXPECT_FALSE(TransportSecurityState::IsPreloadedSTS( 348 abc_paypal, true, &domain_state)); 349 EXPECT_FALSE(TransportSecurityState::IsPreloadedSTS( 350 example, true, &domain_state)); 351 EXPECT_FALSE(TransportSecurityState::IsPreloadedSTS( 352 aypal, true, &domain_state)); 353 } 354 355 TEST_F(TransportSecurityStateTest, Preloaded) { 356 scoped_refptr<TransportSecurityState> state( 357 new TransportSecurityState); 358 TransportSecurityState::DomainState domain_state; 359 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "paypal.com", true)); 360 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.paypal.com", true)); 361 EXPECT_EQ(domain_state.mode, 362 TransportSecurityState::DomainState::MODE_STRICT); 363 EXPECT_TRUE(domain_state.preloaded); 364 EXPECT_FALSE(domain_state.include_subdomains); 365 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "www2.paypal.com", true)); 366 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, 367 "a.www.paypal.com", 368 true)); 369 370 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "elanex.biz", true)); 371 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.elanex.biz", true)); 372 EXPECT_EQ(domain_state.mode, 373 TransportSecurityState::DomainState::MODE_STRICT); 374 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "foo.elanex.biz", true)); 375 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, 376 "a.foo.elanex.biz", 377 true)); 378 379 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, 380 "sunshinepress.org", 381 true)); 382 EXPECT_EQ(domain_state.mode, 383 TransportSecurityState::DomainState::MODE_STRICT); 384 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, 385 "www.sunshinepress.org", 386 true)); 387 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, 388 "a.b.sunshinepress.org", 389 true)); 390 391 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, 392 "www.noisebridge.net", 393 true)); 394 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, 395 "noisebridge.net", 396 true)); 397 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, 398 "foo.noisebridge.net", 399 true)); 400 401 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "neg9.org", true)); 402 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "www.neg9.org", true)); 403 404 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "riseup.net", true)); 405 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "foo.riseup.net", true)); 406 407 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "factor.cc", true)); 408 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "www.factor.cc", true)); 409 410 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, 411 "members.mayfirst.org", 412 true)); 413 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, 414 "support.mayfirst.org", 415 true)); 416 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "id.mayfirst.org", true)); 417 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, 418 "lists.mayfirst.org", 419 true)); 420 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, 421 "www.mayfirst.org", 422 true)); 423 424 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, 425 "splendidbacon.com", 426 true)); 427 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, 428 "www.splendidbacon.com", 429 true)); 430 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, 431 "foo.splendidbacon.com", 432 true)); 433 434 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, 435 "chrome.google.com", 436 true)); 437 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, 438 "foo.latest.chrome.google.com", 439 true)); 440 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, 441 "latest.chrome.google.com", 442 true)); 443 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, 444 "checkout.google.com", 445 true)); 446 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, 447 "health.google.com", 448 true)); 449 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, 450 "aladdinschools.appspot.com", 451 true)); 452 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "ottospora.nl", true)); 453 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.ottospora.nl", true)); 454 455 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "docs.google.com", true)); 456 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "sites.google.com", true)); 457 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, 458 "spreadsheets.google.com", 459 true)); 460 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, 461 "appengine.google.com", 462 true)); 463 464 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, 465 "www.paycheckrecords.com", 466 true)); 467 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, 468 "market.android.com", 469 true)); 470 // The domain wasn't being set, leading to a blank string in the 471 // chrome://net-internals/#hsts UI. So test that. 472 EXPECT_EQ(domain_state.domain, "market.android.com"); 473 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, 474 "sub.market.android.com", 475 true)); 476 EXPECT_EQ(domain_state.domain, "market.android.com"); 477 478 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "lastpass.com", true)); 479 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.lastpass.com", true)); 480 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, 481 "blog.lastpass.com", 482 true)); 483 484 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "keyerror.com", true)); 485 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.keyerror.com", true)); 486 487 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, 488 "encrypted.google.com", 489 true)); 490 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, 491 "accounts.google.com", 492 true)); 493 494 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "entropia.de", true)); 495 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.entropia.de", true)); 496 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "foo.entropia.de", true)); 497 498 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "gmail.com", true)); 499 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.gmail.com", true)); 500 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "m.gmail.com", true)); 501 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "googlemail.com", true)); 502 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, 503 "www.googlemail.com", 504 true)); 505 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, 506 "m.googlemail.com", 507 true)); 508 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "gmail.com", false)); 509 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "www.gmail.com", false)); 510 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "m.gmail.com", false)); 511 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "googlemail.com", false)); 512 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, 513 "www.googlemail.com", 514 false)); 515 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, 516 "m.googlemail.com", 517 false)); 518 } 519 520 TEST_F(TransportSecurityStateTest, LongNames) { 521 scoped_refptr<TransportSecurityState> state( 522 new TransportSecurityState); 523 const char kLongName[] = 524 "lookupByWaveIdHashAndWaveIdIdAndWaveIdDomainAndWaveletIdIdAnd" 525 "WaveletIdDomainAndBlipBlipid"; 526 TransportSecurityState::DomainState domain_state; 527 // Just checks that we don't hit a NOTREACHED. 528 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, kLongName, true)); 529 } 530 531 TEST_F(TransportSecurityStateTest, PublicKeyHashes) { 532 scoped_refptr<TransportSecurityState> state( 533 new TransportSecurityState); 534 535 TransportSecurityState::DomainState domain_state; 536 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "example.com", false)); 537 std::vector<SHA1Fingerprint> hashes; 538 EXPECT_TRUE(domain_state.IsChainOfPublicKeysPermitted(hashes)); 539 540 SHA1Fingerprint hash; 541 memset(hash.data, '1', sizeof(hash.data)); 542 domain_state.public_key_hashes.push_back(hash); 543 544 EXPECT_FALSE(domain_state.IsChainOfPublicKeysPermitted(hashes)); 545 hashes.push_back(hash); 546 EXPECT_TRUE(domain_state.IsChainOfPublicKeysPermitted(hashes)); 547 hashes[0].data[0] = '2'; 548 EXPECT_FALSE(domain_state.IsChainOfPublicKeysPermitted(hashes)); 549 550 const base::Time current_time(base::Time::Now()); 551 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); 552 domain_state.expiry = expiry; 553 state->EnableHost("example.com", domain_state); 554 std::string ser; 555 EXPECT_TRUE(state->Serialise(&ser)); 556 bool dirty; 557 EXPECT_TRUE(state->LoadEntries(ser, &dirty)); 558 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "example.com", false)); 559 EXPECT_EQ(1u, domain_state.public_key_hashes.size()); 560 EXPECT_TRUE(0 == memcmp(domain_state.public_key_hashes[0].data, hash.data, 561 sizeof(hash.data))); 562 } 563 564 } // namespace net 565
