1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/base/transport_security_state.h"
6 #include "testing/gtest/include/gtest/gtest.h"
7
8 namespace net {
9
10 class TransportSecurityStateTest : public testing::Test {
11 };
12
TEST_F(TransportSecurityStateTest,BogusHeaders)13 TEST_F(TransportSecurityStateTest, BogusHeaders) {
14 int max_age = 42;
15 bool include_subdomains = false;
16
17 EXPECT_FALSE(TransportSecurityState::ParseHeader(
18 "", &max_age, &include_subdomains));
19 EXPECT_FALSE(TransportSecurityState::ParseHeader(
20 " ", &max_age, &include_subdomains));
21 EXPECT_FALSE(TransportSecurityState::ParseHeader(
22 "abc", &max_age, &include_subdomains));
23 EXPECT_FALSE(TransportSecurityState::ParseHeader(
24 " abc", &max_age, &include_subdomains));
25 EXPECT_FALSE(TransportSecurityState::ParseHeader(
26 " abc ", &max_age, &include_subdomains));
27 EXPECT_FALSE(TransportSecurityState::ParseHeader(
28 "max-age", &max_age, &include_subdomains));
29 EXPECT_FALSE(TransportSecurityState::ParseHeader(
30 " max-age", &max_age, &include_subdomains));
31 EXPECT_FALSE(TransportSecurityState::ParseHeader(
32 " max-age ", &max_age, &include_subdomains));
33 EXPECT_FALSE(TransportSecurityState::ParseHeader(
34 "max-age=", &max_age, &include_subdomains));
35 EXPECT_FALSE(TransportSecurityState::ParseHeader(
36 " max-age=", &max_age, &include_subdomains));
37 EXPECT_FALSE(TransportSecurityState::ParseHeader(
38 " max-age =", &max_age, &include_subdomains));
39 EXPECT_FALSE(TransportSecurityState::ParseHeader(
40 " max-age= ", &max_age, &include_subdomains));
41 EXPECT_FALSE(TransportSecurityState::ParseHeader(
42 " max-age = ", &max_age, &include_subdomains));
43 EXPECT_FALSE(TransportSecurityState::ParseHeader(
44 " max-age = xy", &max_age, &include_subdomains));
45 EXPECT_FALSE(TransportSecurityState::ParseHeader(
46 " max-age = 3488a923", &max_age, &include_subdomains));
47 EXPECT_FALSE(TransportSecurityState::ParseHeader(
48 "max-age=3488a923 ", &max_age, &include_subdomains));
49 EXPECT_FALSE(TransportSecurityState::ParseHeader(
50 "max-ag=3488923", &max_age, &include_subdomains));
51 EXPECT_FALSE(TransportSecurityState::ParseHeader(
52 "max-aged=3488923", &max_age, &include_subdomains));
53 EXPECT_FALSE(TransportSecurityState::ParseHeader(
54 "max-age==3488923", &max_age, &include_subdomains));
55 EXPECT_FALSE(TransportSecurityState::ParseHeader(
56 "amax-age=3488923", &max_age, &include_subdomains));
57 EXPECT_FALSE(TransportSecurityState::ParseHeader(
58 "max-age=-3488923", &max_age, &include_subdomains));
59 EXPECT_FALSE(TransportSecurityState::ParseHeader(
60 "max-age=3488923;", &max_age, &include_subdomains));
61 EXPECT_FALSE(TransportSecurityState::ParseHeader(
62 "max-age=3488923 e", &max_age, &include_subdomains));
63 EXPECT_FALSE(TransportSecurityState::ParseHeader(
64 "max-age=3488923 includesubdomain", &max_age, &include_subdomains));
65 EXPECT_FALSE(TransportSecurityState::ParseHeader(
66 "max-age=3488923includesubdomains", &max_age, &include_subdomains));
67 EXPECT_FALSE(TransportSecurityState::ParseHeader(
68 "max-age=3488923=includesubdomains", &max_age, &include_subdomains));
69 EXPECT_FALSE(TransportSecurityState::ParseHeader(
70 "max-age=3488923 includesubdomainx", &max_age, &include_subdomains));
71 EXPECT_FALSE(TransportSecurityState::ParseHeader(
72 "max-age=3488923 includesubdomain=", &max_age, &include_subdomains));
73 EXPECT_FALSE(TransportSecurityState::ParseHeader(
74 "max-age=3488923 includesubdomain=true", &max_age, &include_subdomains));
75 EXPECT_FALSE(TransportSecurityState::ParseHeader(
76 "max-age=3488923 includesubdomainsx", &max_age, &include_subdomains));
77 EXPECT_FALSE(TransportSecurityState::ParseHeader(
78 "max-age=3488923 includesubdomains x", &max_age, &include_subdomains));
79 EXPECT_FALSE(TransportSecurityState::ParseHeader(
80 "max-age=34889.23 includesubdomains", &max_age, &include_subdomains));
81 EXPECT_FALSE(TransportSecurityState::ParseHeader(
82 "max-age=34889 includesubdomains", &max_age, &include_subdomains));
83
84 EXPECT_EQ(max_age, 42);
85 EXPECT_FALSE(include_subdomains);
86 }
87
TEST_F(TransportSecurityStateTest,ValidHeaders)88 TEST_F(TransportSecurityStateTest, ValidHeaders) {
89 int max_age = 42;
90 bool include_subdomains = true;
91
92 EXPECT_TRUE(TransportSecurityState::ParseHeader(
93 "max-age=243", &max_age, &include_subdomains));
94 EXPECT_EQ(max_age, 243);
95 EXPECT_FALSE(include_subdomains);
96
97 EXPECT_TRUE(TransportSecurityState::ParseHeader(
98 " Max-agE = 567", &max_age, &include_subdomains));
99 EXPECT_EQ(max_age, 567);
100 EXPECT_FALSE(include_subdomains);
101
102 EXPECT_TRUE(TransportSecurityState::ParseHeader(
103 " mAx-aGe = 890 ", &max_age, &include_subdomains));
104 EXPECT_EQ(max_age, 890);
105 EXPECT_FALSE(include_subdomains);
106
107 EXPECT_TRUE(TransportSecurityState::ParseHeader(
108 "max-age=123;incLudesUbdOmains", &max_age, &include_subdomains));
109 EXPECT_EQ(max_age, 123);
110 EXPECT_TRUE(include_subdomains);
111
112 EXPECT_TRUE(TransportSecurityState::ParseHeader(
113 "max-age=394082; incLudesUbdOmains", &max_age, &include_subdomains));
114 EXPECT_EQ(max_age, 394082);
115 EXPECT_TRUE(include_subdomains);
116
117 EXPECT_TRUE(TransportSecurityState::ParseHeader(
118 "max-age=39408299 ;incLudesUbdOmains", &max_age, &include_subdomains));
119 EXPECT_EQ(max_age,
120 std::min(TransportSecurityState::kMaxHSTSAgeSecs, 39408299l));
121 EXPECT_TRUE(include_subdomains);
122
123 EXPECT_TRUE(TransportSecurityState::ParseHeader(
124 "max-age=394082038 ; incLudesUbdOmains", &max_age, &include_subdomains));
125 EXPECT_EQ(max_age,
126 std::min(TransportSecurityState::kMaxHSTSAgeSecs, 394082038l));
127 EXPECT_TRUE(include_subdomains);
128
129 EXPECT_TRUE(TransportSecurityState::ParseHeader(
130 " max-age=0 ; incLudesUbdOmains ", &max_age, &include_subdomains));
131 EXPECT_EQ(max_age, 0);
132 EXPECT_TRUE(include_subdomains);
133
134 EXPECT_TRUE(TransportSecurityState::ParseHeader(
135 " max-age=999999999999999999999999999999999999999999999 ;"
136 " incLudesUbdOmains ",
137 &max_age, &include_subdomains));
138 EXPECT_EQ(max_age, TransportSecurityState::kMaxHSTSAgeSecs);
139 EXPECT_TRUE(include_subdomains);
140 }
141
TEST_F(TransportSecurityStateTest,SimpleMatches)142 TEST_F(TransportSecurityStateTest, SimpleMatches) {
143 scoped_refptr<TransportSecurityState> state(
144 new TransportSecurityState);
145 TransportSecurityState::DomainState domain_state;
146 const base::Time current_time(base::Time::Now());
147 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
148
149 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "google.com", true));
150 domain_state.expiry = expiry;
151 state->EnableHost("google.com", domain_state);
152 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "google.com", true));
153 }
154
TEST_F(TransportSecurityStateTest,MatchesCase1)155 TEST_F(TransportSecurityStateTest, MatchesCase1) {
156 scoped_refptr<TransportSecurityState> state(
157 new TransportSecurityState);
158 TransportSecurityState::DomainState domain_state;
159 const base::Time current_time(base::Time::Now());
160 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
161
162 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "google.com", true));
163 domain_state.expiry = expiry;
164 state->EnableHost("GOOgle.coM", domain_state);
165 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "google.com", true));
166 }
167
TEST_F(TransportSecurityStateTest,MatchesCase2)168 TEST_F(TransportSecurityStateTest, MatchesCase2) {
169 scoped_refptr<TransportSecurityState> state(
170 new TransportSecurityState);
171 TransportSecurityState::DomainState domain_state;
172 const base::Time current_time(base::Time::Now());
173 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
174
175 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "GOOgle.coM", true));
176 domain_state.expiry = expiry;
177 state->EnableHost("google.com", domain_state);
178 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "GOOgle.coM", true));
179 }
180
TEST_F(TransportSecurityStateTest,SubdomainMatches)181 TEST_F(TransportSecurityStateTest, SubdomainMatches) {
182 scoped_refptr<TransportSecurityState> state(
183 new TransportSecurityState);
184 TransportSecurityState::DomainState domain_state;
185 const base::Time current_time(base::Time::Now());
186 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
187
188 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "google.com", true));
189 domain_state.expiry = expiry;
190 domain_state.include_subdomains = true;
191 state->EnableHost("google.com", domain_state);
192 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "google.com", true));
193 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "foo.google.com", true));
194 EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
195 "foo.bar.google.com",
196 true));
197 EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
198 "foo.bar.baz.google.com",
199 true));
200 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "com", true));
201 }
202
TEST_F(TransportSecurityStateTest,Serialise1)203 TEST_F(TransportSecurityStateTest, Serialise1) {
204 scoped_refptr<TransportSecurityState> state(
205 new TransportSecurityState);
206 std::string output;
207 bool dirty;
208 state->Serialise(&output);
209 EXPECT_TRUE(state->LoadEntries(output, &dirty));
210 EXPECT_FALSE(dirty);
211 }
212
TEST_F(TransportSecurityStateTest,Serialise2)213 TEST_F(TransportSecurityStateTest, Serialise2) {
214 scoped_refptr<TransportSecurityState> state(
215 new TransportSecurityState);
216
217 TransportSecurityState::DomainState domain_state;
218 const base::Time current_time(base::Time::Now());
219 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
220
221 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "google.com", true));
222 domain_state.mode = TransportSecurityState::DomainState::MODE_STRICT;
223 domain_state.expiry = expiry;
224 domain_state.include_subdomains = true;
225 state->EnableHost("google.com", domain_state);
226
227 std::string output;
228 bool dirty;
229 state->Serialise(&output);
230 EXPECT_TRUE(state->LoadEntries(output, &dirty));
231
232 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "google.com", true));
233 EXPECT_EQ(domain_state.mode, TransportSecurityState::DomainState::MODE_STRICT);
234 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "foo.google.com", true));
235 EXPECT_EQ(domain_state.mode, TransportSecurityState::DomainState::MODE_STRICT);
236 EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
237 "foo.bar.google.com",
238 true));
239 EXPECT_EQ(domain_state.mode, TransportSecurityState::DomainState::MODE_STRICT);
240 EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
241 "foo.bar.baz.google.com",
242 true));
243 EXPECT_EQ(domain_state.mode, TransportSecurityState::DomainState::MODE_STRICT);
244 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "com", true));
245 }
246
TEST_F(TransportSecurityStateTest,Serialise3)247 TEST_F(TransportSecurityStateTest, Serialise3) {
248 scoped_refptr<TransportSecurityState> state(
249 new TransportSecurityState);
250
251 TransportSecurityState::DomainState domain_state;
252 const base::Time current_time(base::Time::Now());
253 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
254
255 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "google.com", true));
256 domain_state.mode = TransportSecurityState::DomainState::MODE_OPPORTUNISTIC;
257 domain_state.expiry = expiry;
258 state->EnableHost("google.com", domain_state);
259
260 std::string output;
261 bool dirty;
262 state->Serialise(&output);
263 EXPECT_TRUE(state->LoadEntries(output, &dirty));
264
265 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "google.com", true));
266 EXPECT_EQ(domain_state.mode,
267 TransportSecurityState::DomainState::MODE_OPPORTUNISTIC);
268 }
269
TEST_F(TransportSecurityStateTest,DeleteSince)270 TEST_F(TransportSecurityStateTest, DeleteSince) {
271 scoped_refptr<TransportSecurityState> state(
272 new TransportSecurityState);
273
274 TransportSecurityState::DomainState domain_state;
275 const base::Time current_time(base::Time::Now());
276 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
277 const base::Time older = current_time - base::TimeDelta::FromSeconds(1000);
278
279 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "google.com", true));
280 domain_state.mode = TransportSecurityState::DomainState::MODE_STRICT;
281 domain_state.expiry = expiry;
282 state->EnableHost("google.com", domain_state);
283
284 state->DeleteSince(expiry);
285 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "google.com", true));
286 state->DeleteSince(older);
287 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "google.com", true));
288 }
289
TEST_F(TransportSecurityStateTest,DeleteHost)290 TEST_F(TransportSecurityStateTest, DeleteHost) {
291 scoped_refptr<TransportSecurityState> state(
292 new TransportSecurityState);
293
294 TransportSecurityState::DomainState domain_state;
295 const base::Time current_time(base::Time::Now());
296 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
297 domain_state.mode = TransportSecurityState::DomainState::MODE_STRICT;
298 domain_state.expiry = expiry;
299 state->EnableHost("google.com", domain_state);
300
301 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "google.com", true));
302 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "example.com", true));
303 EXPECT_TRUE(state->DeleteHost("google.com"));
304 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "google.com", true));
305 }
306
TEST_F(TransportSecurityStateTest,SerialiseOld)307 TEST_F(TransportSecurityStateTest, SerialiseOld) {
308 scoped_refptr<TransportSecurityState> state(
309 new TransportSecurityState);
310 // This is an old-style piece of transport state JSON, which has no creation
311 // date.
312 std::string output =
313 "{ "
314 "\"NiyD+3J1r6z1wjl2n1ALBu94Zj9OsEAMo0kCN8js0Uk=\": {"
315 "\"expiry\": 1266815027.983453, "
316 "\"include_subdomains\": false, "
317 "\"mode\": \"strict\" "
318 "}"
319 "}";
320 bool dirty;
321 EXPECT_TRUE(state->LoadEntries(output, &dirty));
322 EXPECT_TRUE(dirty);
323 }
324
TEST_F(TransportSecurityStateTest,IsPreloaded)325 TEST_F(TransportSecurityStateTest, IsPreloaded) {
326 const std::string paypal =
327 TransportSecurityState::CanonicalizeHost("paypal.com");
328 const std::string www_paypal =
329 TransportSecurityState::CanonicalizeHost("www.paypal.com");
330 const std::string a_www_paypal =
331 TransportSecurityState::CanonicalizeHost("a.www.paypal.com");
332 const std::string abc_paypal =
333 TransportSecurityState::CanonicalizeHost("a.b.c.paypal.com");
334 const std::string example =
335 TransportSecurityState::CanonicalizeHost("example.com");
336 const std::string aypal =
337 TransportSecurityState::CanonicalizeHost("aypal.com");
338
339 TransportSecurityState::DomainState domain_state;
340 EXPECT_FALSE(TransportSecurityState::IsPreloadedSTS(
341 paypal, true, &domain_state));
342 EXPECT_TRUE(TransportSecurityState::IsPreloadedSTS(
343 www_paypal, true, &domain_state));
344 EXPECT_FALSE(domain_state.include_subdomains);
345 EXPECT_FALSE(TransportSecurityState::IsPreloadedSTS(
346 a_www_paypal, true, &domain_state));
347 EXPECT_FALSE(TransportSecurityState::IsPreloadedSTS(
348 abc_paypal, true, &domain_state));
349 EXPECT_FALSE(TransportSecurityState::IsPreloadedSTS(
350 example, true, &domain_state));
351 EXPECT_FALSE(TransportSecurityState::IsPreloadedSTS(
352 aypal, true, &domain_state));
353 }
354
TEST_F(TransportSecurityStateTest,Preloaded)355 TEST_F(TransportSecurityStateTest, Preloaded) {
356 scoped_refptr<TransportSecurityState> state(
357 new TransportSecurityState);
358 TransportSecurityState::DomainState domain_state;
359 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "paypal.com", true));
360 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.paypal.com", true));
361 EXPECT_EQ(domain_state.mode,
362 TransportSecurityState::DomainState::MODE_STRICT);
363 EXPECT_TRUE(domain_state.preloaded);
364 EXPECT_FALSE(domain_state.include_subdomains);
365 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "www2.paypal.com", true));
366 EXPECT_FALSE(state->IsEnabledForHost(&domain_state,
367 "a.www.paypal.com",
368 true));
369
370 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "elanex.biz", true));
371 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.elanex.biz", true));
372 EXPECT_EQ(domain_state.mode,
373 TransportSecurityState::DomainState::MODE_STRICT);
374 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "foo.elanex.biz", true));
375 EXPECT_FALSE(state->IsEnabledForHost(&domain_state,
376 "a.foo.elanex.biz",
377 true));
378
379 EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
380 "sunshinepress.org",
381 true));
382 EXPECT_EQ(domain_state.mode,
383 TransportSecurityState::DomainState::MODE_STRICT);
384 EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
385 "www.sunshinepress.org",
386 true));
387 EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
388 "a.b.sunshinepress.org",
389 true));
390
391 EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
392 "www.noisebridge.net",
393 true));
394 EXPECT_FALSE(state->IsEnabledForHost(&domain_state,
395 "noisebridge.net",
396 true));
397 EXPECT_FALSE(state->IsEnabledForHost(&domain_state,
398 "foo.noisebridge.net",
399 true));
400
401 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "neg9.org", true));
402 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "www.neg9.org", true));
403
404 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "riseup.net", true));
405 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "foo.riseup.net", true));
406
407 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "factor.cc", true));
408 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "www.factor.cc", true));
409
410 EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
411 "members.mayfirst.org",
412 true));
413 EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
414 "support.mayfirst.org",
415 true));
416 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "id.mayfirst.org", true));
417 EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
418 "lists.mayfirst.org",
419 true));
420 EXPECT_FALSE(state->IsEnabledForHost(&domain_state,
421 "www.mayfirst.org",
422 true));
423
424 EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
425 "splendidbacon.com",
426 true));
427 EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
428 "www.splendidbacon.com",
429 true));
430 EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
431 "foo.splendidbacon.com",
432 true));
433
434 EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
435 "chrome.google.com",
436 true));
437 EXPECT_FALSE(state->IsEnabledForHost(&domain_state,
438 "foo.latest.chrome.google.com",
439 true));
440 EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
441 "latest.chrome.google.com",
442 true));
443 EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
444 "checkout.google.com",
445 true));
446 EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
447 "health.google.com",
448 true));
449 EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
450 "aladdinschools.appspot.com",
451 true));
452 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "ottospora.nl", true));
453 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.ottospora.nl", true));
454
455 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "docs.google.com", true));
456 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "sites.google.com", true));
457 EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
458 "spreadsheets.google.com",
459 true));
460 EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
461 "appengine.google.com",
462 true));
463
464 EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
465 "www.paycheckrecords.com",
466 true));
467 EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
468 "market.android.com",
469 true));
470 // The domain wasn't being set, leading to a blank string in the
471 // chrome://net-internals/#hsts UI. So test that.
472 EXPECT_EQ(domain_state.domain, "market.android.com");
473 EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
474 "sub.market.android.com",
475 true));
476 EXPECT_EQ(domain_state.domain, "market.android.com");
477
478 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "lastpass.com", true));
479 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.lastpass.com", true));
480 EXPECT_FALSE(state->IsEnabledForHost(&domain_state,
481 "blog.lastpass.com",
482 true));
483
484 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "keyerror.com", true));
485 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.keyerror.com", true));
486
487 EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
488 "encrypted.google.com",
489 true));
490 EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
491 "accounts.google.com",
492 true));
493
494 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "entropia.de", true));
495 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.entropia.de", true));
496 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "foo.entropia.de", true));
497
498 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "gmail.com", true));
499 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.gmail.com", true));
500 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "m.gmail.com", true));
501 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "googlemail.com", true));
502 EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
503 "www.googlemail.com",
504 true));
505 EXPECT_FALSE(state->IsEnabledForHost(&domain_state,
506 "m.googlemail.com",
507 true));
508 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "gmail.com", false));
509 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "www.gmail.com", false));
510 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "m.gmail.com", false));
511 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "googlemail.com", false));
512 EXPECT_FALSE(state->IsEnabledForHost(&domain_state,
513 "www.googlemail.com",
514 false));
515 EXPECT_FALSE(state->IsEnabledForHost(&domain_state,
516 "m.googlemail.com",
517 false));
518 }
519
TEST_F(TransportSecurityStateTest,LongNames)520 TEST_F(TransportSecurityStateTest, LongNames) {
521 scoped_refptr<TransportSecurityState> state(
522 new TransportSecurityState);
523 const char kLongName[] =
524 "lookupByWaveIdHashAndWaveIdIdAndWaveIdDomainAndWaveletIdIdAnd"
525 "WaveletIdDomainAndBlipBlipid";
526 TransportSecurityState::DomainState domain_state;
527 // Just checks that we don't hit a NOTREACHED.
528 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, kLongName, true));
529 }
530
TEST_F(TransportSecurityStateTest,PublicKeyHashes)531 TEST_F(TransportSecurityStateTest, PublicKeyHashes) {
532 scoped_refptr<TransportSecurityState> state(
533 new TransportSecurityState);
534
535 TransportSecurityState::DomainState domain_state;
536 EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "example.com", false));
537 std::vector<SHA1Fingerprint> hashes;
538 EXPECT_TRUE(domain_state.IsChainOfPublicKeysPermitted(hashes));
539
540 SHA1Fingerprint hash;
541 memset(hash.data, '1', sizeof(hash.data));
542 domain_state.public_key_hashes.push_back(hash);
543
544 EXPECT_FALSE(domain_state.IsChainOfPublicKeysPermitted(hashes));
545 hashes.push_back(hash);
546 EXPECT_TRUE(domain_state.IsChainOfPublicKeysPermitted(hashes));
547 hashes[0].data[0] = '2';
548 EXPECT_FALSE(domain_state.IsChainOfPublicKeysPermitted(hashes));
549
550 const base::Time current_time(base::Time::Now());
551 const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
552 domain_state.expiry = expiry;
553 state->EnableHost("example.com", domain_state);
554 std::string ser;
555 EXPECT_TRUE(state->Serialise(&ser));
556 bool dirty;
557 EXPECT_TRUE(state->LoadEntries(ser, &dirty));
558 EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "example.com", false));
559 EXPECT_EQ(1u, domain_state.public_key_hashes.size());
560 EXPECT_TRUE(0 == memcmp(domain_state.public_key_hashes[0].data, hash.data,
561 sizeof(hash.data)));
562 }
563
564 } // namespace net
565