diff options
author | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2021-09-01 11:08:40 +0200 |
---|---|---|
committer | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2021-10-01 12:16:21 +0000 |
commit | 03c549e0392f92c02536d3f86d5e1d8dfa3435ac (patch) | |
tree | fe49d170a929b34ba82cd10db1a0bd8e3760fa4b /chromium/net/http/transport_security_persister_unittest.cc | |
parent | 5d013f5804a0d91fcf6c626b2d6fb6eca5c845b0 (diff) | |
download | qtwebengine-chromium-03c549e0392f92c02536d3f86d5e1d8dfa3435ac.tar.gz |
BASELINE: Update Chromium to 91.0.4472.160
Change-Id: I0def1f08a2412aeed79a9ab95dd50eb5c3f65f31
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Diffstat (limited to 'chromium/net/http/transport_security_persister_unittest.cc')
-rw-r--r-- | chromium/net/http/transport_security_persister_unittest.cc | 80 |
1 files changed, 39 insertions, 41 deletions
diff --git a/chromium/net/http/transport_security_persister_unittest.cc b/chromium/net/http/transport_security_persister_unittest.cc index 3797a7c82f9..070f1d37588 100644 --- a/chromium/net/http/transport_security_persister_unittest.cc +++ b/chromium/net/http/transport_security_persister_unittest.cc @@ -12,8 +12,11 @@ #include "base/files/file_path.h" #include "base/files/file_util.h" #include "base/files/scoped_temp_dir.h" +#include "base/json/json_writer.h" #include "base/run_loop.h" +#include "base/strings/string_util.h" #include "base/task/current_thread.h" +#include "base/task/thread_pool.h" #include "base/test/scoped_feature_list.h" #include "base/threading/thread_task_runner_handle.h" #include "net/base/features.h" @@ -540,14 +543,16 @@ TEST_P(TransportSecurityPersisterTest, ExpectCTWithNetworkIsolationKey) { } } -// Test the case when deserializing a NetworkIsolationKey fails. This happens -// when data is persisted with kAppendFrameOriginToNetworkIsolationKey, but -// loaded without it, or vice-versa. +// Test the case when deserializing a NetworkIsolationKey fails. TEST_P(TransportSecurityPersisterTest, ExpectCTNetworkIsolationKeyDeserializationFails) { base::test::ScopedFeatureList feature_list; - feature_list.InitAndEnableFeature( - TransportSecurityState::kDynamicExpectCTFeature); + feature_list.InitWithFeatures( + // enabled_features + {TransportSecurityState::kDynamicExpectCTFeature, + features::kPartitionExpectCTStateByNetworkIsolationKey}, + // disabled_features + {}); const GURL report_uri(kReportUri); static const char kTestDomain[] = "example.test"; @@ -559,49 +564,42 @@ TEST_P(TransportSecurityPersisterTest, const base::Time expiry1 = current_time + base::TimeDelta::FromSeconds(1000); const base::Time expiry2 = current_time + base::TimeDelta::FromSeconds(2000); - // Serialize data with kPartitionExpectCTStateByNetworkIsolationKey and - // kAppendFrameOriginToNetworkIsolationKey enabled, and then revert the - // features to their previous values. + // Serialize data. std::string serialized; - { - base::test::ScopedFeatureList feature_list2; - feature_list2.InitWithFeatures( - // enabled_features - {features::kPartitionExpectCTStateByNetworkIsolationKey, - features::kAppendFrameOriginToNetworkIsolationKey}, - // disabled_features - {}); - TransportSecurityState state2; - TransportSecurityPersister persister2( - &state2, temp_dir_.GetPath(), - std::move(base::ThreadPool::CreateSequencedTaskRunner( - {base::MayBlock(), base::TaskPriority::BEST_EFFORT, - base::TaskShutdownBehavior::BLOCK_SHUTDOWN}))); - TransportSecurityState::ExpectCTState expect_ct_state; - state2.AddExpectCT(kTestDomain, expiry1, true /* enforce */, GURL(), - empty_network_isolation_key); - state2.AddExpectCT(kTestDomain, expiry2, true /* enforce */, GURL(), - network_isolation_key); - EXPECT_TRUE(persister2.SerializeData(&serialized)); - - EXPECT_TRUE(state2.GetDynamicExpectCTState( - kTestDomain, empty_network_isolation_key, &expect_ct_state)); - EXPECT_TRUE(state2.GetDynamicExpectCTState( - kTestDomain, network_isolation_key, &expect_ct_state)); - } - - base::test::ScopedFeatureList feature_list3; - feature_list3.InitAndDisableFeature( - features::kAppendFrameOriginToNetworkIsolationKey); + TransportSecurityState state2; + TransportSecurityPersister persister2( + &state2, temp_dir_.GetPath(), + std::move(base::ThreadPool::CreateSequencedTaskRunner( + {base::MayBlock(), base::TaskPriority::BEST_EFFORT, + base::TaskShutdownBehavior::BLOCK_SHUTDOWN}))); + TransportSecurityState::ExpectCTState expect_ct_state; + state2.AddExpectCT(kTestDomain, expiry1, true /* enforce */, GURL(), + empty_network_isolation_key); + state2.AddExpectCT(kTestDomain, expiry2, true /* enforce */, GURL(), + network_isolation_key); + EXPECT_TRUE(persister2.SerializeData(&serialized)); + + EXPECT_TRUE(state2.GetDynamicExpectCTState( + kTestDomain, empty_network_isolation_key, &expect_ct_state)); + EXPECT_TRUE(state2.GetDynamicExpectCTState(kTestDomain, network_isolation_key, + &expect_ct_state)); + + // Replace reference to |network_isolation_key|'s value with an invalid NIK + // value. + base::Value nik_value; + ASSERT_TRUE(network_isolation_key.ToValue(&nik_value)); + std::string nik_string; + ASSERT_TRUE(base::JSONWriter::Write(nik_value, &nik_string)); + base::ReplaceFirstSubstringAfterOffset(&serialized, 0, nik_string, + "\"Not a valid NIK\""); bool data_in_old_format; // Load entries into the other persister. EXPECT_TRUE(persister_->LoadEntries(serialized, &data_in_old_format)); EXPECT_FALSE(data_in_old_format); - // Regardless of whether kPartitionExpectCTStateByNetworkIsolationKey is - // enabled or not, the different kAppendFrameOriginToNetworkIsolationKey state - // will cause the entry with a non-empty NetworkIsolationKey to be dropped. + // The entry with the non-empty NetworkIsolationKey should be dropped, since + // its NIK is now invalid. The other entry should be preserved. std::set<std::string> expect_ct_saved; TransportSecurityState::ExpectCTStateIterator expect_ct_iter(*state_); ASSERT_TRUE(expect_ct_iter.HasNext()); |