diff options
author | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2021-09-03 13:32:17 +0200 |
---|---|---|
committer | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2021-10-01 14:31:55 +0200 |
commit | 21ba0c5d4bf8fba15dddd97cd693bad2358b77fd (patch) | |
tree | 91be119f694044dfc1ff9fdc054459e925de9df0 /chromium/net/http/transport_security_persister_unittest.cc | |
parent | 03c549e0392f92c02536d3f86d5e1d8dfa3435ac (diff) | |
download | qtwebengine-chromium-21ba0c5d4bf8fba15dddd97cd693bad2358b77fd.tar.gz |
BASELINE: Update Chromium to 92.0.4515.166
Change-Id: I42a050486714e9e54fc271f2a8939223a02ae364
Diffstat (limited to 'chromium/net/http/transport_security_persister_unittest.cc')
-rw-r--r-- | chromium/net/http/transport_security_persister_unittest.cc | 135 |
1 files changed, 43 insertions, 92 deletions
diff --git a/chromium/net/http/transport_security_persister_unittest.cc b/chromium/net/http/transport_security_persister_unittest.cc index 070f1d37588..530e98ff7be 100644 --- a/chromium/net/http/transport_security_persister_unittest.cc +++ b/chromium/net/http/transport_security_persister_unittest.cc @@ -88,7 +88,6 @@ TEST_P(TransportSecurityPersisterTest, LoadEntriesClearsExistingState) { base::test::ScopedFeatureList feature_list; feature_list.InitAndEnableFeature( TransportSecurityState::kDynamicExpectCTFeature); - bool data_in_old_format; TransportSecurityState::STSState sts_state; TransportSecurityState::ExpectCTState expect_ct_state; @@ -106,21 +105,24 @@ TEST_P(TransportSecurityPersisterTest, LoadEntriesClearsExistingState) { EXPECT_TRUE(state_->GetDynamicExpectCTState( kYahooDomain, NetworkIsolationKey(), &expect_ct_state)); - EXPECT_TRUE(persister_->LoadEntries("{\"version\":2}", &data_in_old_format)); - EXPECT_FALSE(data_in_old_format); + persister_->LoadEntries("{\"version\":2}"); EXPECT_FALSE(state_->GetDynamicSTSState(kYahooDomain, &sts_state)); EXPECT_FALSE(state_->GetDynamicExpectCTState( kYahooDomain, NetworkIsolationKey(), &expect_ct_state)); } +// Tests that serializing -> deserializing -> reserializing results in the same +// output. TEST_P(TransportSecurityPersisterTest, SerializeData1) { std::string output; - bool data_in_old_format; EXPECT_TRUE(persister_->SerializeData(&output)); - EXPECT_TRUE(persister_->LoadEntries(output, &data_in_old_format)); - EXPECT_FALSE(data_in_old_format); + persister_->LoadEntries(output); + + std::string output2; + EXPECT_TRUE(persister_->SerializeData(&output2)); + EXPECT_EQ(output, output2); } TEST_P(TransportSecurityPersisterTest, SerializeData2) { @@ -135,10 +137,8 @@ TEST_P(TransportSecurityPersisterTest, SerializeData2) { state_->AddHSTS(kYahooDomain, expiry, include_subdomains); std::string output; - bool data_in_old_format; EXPECT_TRUE(persister_->SerializeData(&output)); - EXPECT_TRUE(persister_->LoadEntries(output, &data_in_old_format)); - EXPECT_FALSE(data_in_old_format); + persister_->LoadEntries(output); EXPECT_TRUE(state_->GetDynamicSTSState(kYahooDomain, &sts_state)); EXPECT_EQ(sts_state.upgrade_mode, @@ -202,9 +202,7 @@ TEST_P(TransportSecurityPersisterTest, SerializeData3) { std::string persisted; EXPECT_TRUE(base::ReadFileToString(path, &persisted)); EXPECT_EQ(persisted, serialized); - bool data_in_old_format; - EXPECT_TRUE(persister_->LoadEntries(persisted, &data_in_old_format)); - EXPECT_FALSE(data_in_old_format); + persister_->LoadEntries(persisted); // Check that states are the same as saved. size_t count = 0; @@ -224,18 +222,31 @@ TEST_P(TransportSecurityPersisterTest, SerializeData3) { EXPECT_EQ(count, expect_ct_saved.size()); } +// Tests that deserializing bad data shouldn't result in any ExpectCT or STS +// entries being added to the transport security state. TEST_P(TransportSecurityPersisterTest, DeserializeBadData) { - bool data_in_old_format; - EXPECT_FALSE(persister_->LoadEntries("", &data_in_old_format)); - EXPECT_FALSE(persister_->LoadEntries("Foopy", &data_in_old_format)); - EXPECT_FALSE(persister_->LoadEntries("15", &data_in_old_format)); - EXPECT_FALSE(persister_->LoadEntries("[15]", &data_in_old_format)); - EXPECT_FALSE(persister_->LoadEntries("{\"version\":1}", &data_in_old_format)); + persister_->LoadEntries(""); + EXPECT_EQ(0u, state_->num_expect_ct_entries()); + EXPECT_EQ(0u, state_->num_sts_entries()); + + persister_->LoadEntries("Foopy"); + EXPECT_EQ(0u, state_->num_expect_ct_entries()); + EXPECT_EQ(0u, state_->num_sts_entries()); + + persister_->LoadEntries("15"); + EXPECT_EQ(0u, state_->num_expect_ct_entries()); + EXPECT_EQ(0u, state_->num_sts_entries()); + + persister_->LoadEntries("[15]"); + EXPECT_EQ(0u, state_->num_expect_ct_entries()); + EXPECT_EQ(0u, state_->num_sts_entries()); + + persister_->LoadEntries("{\"version\":1}"); + EXPECT_EQ(0u, state_->num_expect_ct_entries()); + EXPECT_EQ(0u, state_->num_sts_entries()); } TEST_P(TransportSecurityPersisterTest, DeserializeDataOldWithoutCreationDate) { - const char kDomain[] = "example.test"; - // This is an old-style piece of transport state JSON, which has no creation // date. const std::string kInput = @@ -246,24 +257,12 @@ TEST_P(TransportSecurityPersisterTest, DeserializeDataOldWithoutCreationDate) { "\"mode\": \"strict\" " "}" "}"; - bool data_in_old_format; - EXPECT_TRUE(persister_->LoadEntries(kInput, &data_in_old_format)); - EXPECT_TRUE(data_in_old_format); - - TransportSecurityState::STSState sts_state; - EXPECT_TRUE(state_->GetDynamicSTSState(kDomain, &sts_state)); - EXPECT_EQ(kDomain, sts_state.domain); - EXPECT_FALSE(sts_state.include_subdomains); - EXPECT_EQ(TransportSecurityState::STSState::MODE_FORCE_HTTPS, - sts_state.upgrade_mode); + persister_->LoadEntries(kInput); + EXPECT_EQ(0u, state_->num_expect_ct_entries()); + EXPECT_EQ(0u, state_->num_sts_entries()); } TEST_P(TransportSecurityPersisterTest, DeserializeDataOldMergedDictionary) { - const char kStsDomain[] = "sts.test"; - const char kExpectCTDomain[] = "expect_ct.test"; - const GURL kExpectCTReportUri = GURL("https://expect_ct.test/report_uri"); - const char kBothDomain[] = "both.test"; - // This is an old-style piece of transport state JSON, which uses a single // unversioned host-keyed dictionary of merged ExpectCT and HSTS data. const std::string kInput = @@ -300,50 +299,9 @@ TEST_P(TransportSecurityPersisterTest, DeserializeDataOldMergedDictionary) { " }" "}"; - bool data_in_old_format; - EXPECT_TRUE(persister_->LoadEntries(kInput, &data_in_old_format)); - EXPECT_TRUE(data_in_old_format); - - // kStsDomain should only have HSTS information. - TransportSecurityState::STSState sts_state; - EXPECT_TRUE(state_->GetDynamicSTSState(kStsDomain, &sts_state)); - EXPECT_EQ(kStsDomain, sts_state.domain); - EXPECT_FALSE(sts_state.include_subdomains); - EXPECT_EQ(TransportSecurityState::STSState::MODE_FORCE_HTTPS, - sts_state.upgrade_mode); - EXPECT_LT(base::Time::Now(), sts_state.last_observed); - EXPECT_LT(sts_state.last_observed, sts_state.expiry); - TransportSecurityState::ExpectCTState expect_ct_state; - EXPECT_FALSE(state_->GetDynamicExpectCTState( - kStsDomain, NetworkIsolationKey(), &expect_ct_state)); - - // kExpectCTDomain should only have HSTS information. - sts_state = TransportSecurityState::STSState(); - EXPECT_FALSE(state_->GetDynamicSTSState(kExpectCTDomain, &sts_state)); - expect_ct_state = TransportSecurityState::ExpectCTState(); - EXPECT_TRUE(state_->GetDynamicExpectCTState( - kExpectCTDomain, NetworkIsolationKey(), &expect_ct_state)); - EXPECT_EQ(kExpectCTReportUri, expect_ct_state.report_uri); - EXPECT_TRUE(expect_ct_state.enforce); - EXPECT_LT(base::Time::Now(), expect_ct_state.last_observed); - EXPECT_LT(expect_ct_state.last_observed, expect_ct_state.expiry); - - // kBothDomain should have HSTS and ExpectCT information. - sts_state = TransportSecurityState::STSState(); - EXPECT_TRUE(state_->GetDynamicSTSState(kBothDomain, &sts_state)); - EXPECT_EQ(kBothDomain, sts_state.domain); - EXPECT_TRUE(sts_state.include_subdomains); - EXPECT_EQ(TransportSecurityState::STSState::MODE_FORCE_HTTPS, - sts_state.upgrade_mode); - EXPECT_LT(base::Time::Now(), sts_state.last_observed); - EXPECT_LT(sts_state.last_observed, sts_state.expiry); - expect_ct_state = TransportSecurityState::ExpectCTState(); - EXPECT_TRUE(state_->GetDynamicExpectCTState( - kBothDomain, NetworkIsolationKey(), &expect_ct_state)); - EXPECT_TRUE(expect_ct_state.report_uri.is_empty()); - EXPECT_TRUE(expect_ct_state.enforce); - EXPECT_LT(base::Time::Now(), expect_ct_state.last_observed); - EXPECT_LT(expect_ct_state.last_observed, expect_ct_state.expiry); + persister_->LoadEntries(kInput); + EXPECT_EQ(0u, state_->num_expect_ct_entries()); + EXPECT_EQ(0u, state_->num_sts_entries()); } // Tests that dynamic Expect-CT state is serialized and deserialized correctly. @@ -364,10 +322,9 @@ TEST_P(TransportSecurityPersisterTest, ExpectCT) { NetworkIsolationKey()); std::string serialized; EXPECT_TRUE(persister_->SerializeData(&serialized)); - bool data_in_old_format; // LoadEntries() clears existing dynamic data before loading entries from // |serialized|. - EXPECT_TRUE(persister_->LoadEntries(serialized, &data_in_old_format)); + persister_->LoadEntries(serialized); TransportSecurityState::ExpectCTState new_expect_ct_state; EXPECT_TRUE(state_->GetDynamicExpectCTState( @@ -381,7 +338,7 @@ TEST_P(TransportSecurityPersisterTest, ExpectCT) { state_->AddExpectCT(kTestDomain, expiry, false /* enforce */, report_uri, NetworkIsolationKey()); EXPECT_TRUE(persister_->SerializeData(&serialized)); - EXPECT_TRUE(persister_->LoadEntries(serialized, &data_in_old_format)); + persister_->LoadEntries(serialized); EXPECT_TRUE(state_->GetDynamicExpectCTState( kTestDomain, NetworkIsolationKey(), &new_expect_ct_state)); EXPECT_FALSE(new_expect_ct_state.enforce); @@ -410,10 +367,9 @@ TEST_P(TransportSecurityPersisterTest, ExpectCTWithSTSDataPresent) { std::string serialized; EXPECT_TRUE(persister_->SerializeData(&serialized)); - bool data_in_old_format; // LoadEntries() clears existing dynamic data before loading entries from // |serialized|. - EXPECT_TRUE(persister_->LoadEntries(serialized, &data_in_old_format)); + persister_->LoadEntries(serialized); TransportSecurityState::ExpectCTState new_expect_ct_state; EXPECT_TRUE(state_->GetDynamicExpectCTState( @@ -447,8 +403,7 @@ TEST_P(TransportSecurityPersisterTest, ExpectCTDisabled) { NetworkIsolationKey()); std::string serialized; EXPECT_TRUE(persister_->SerializeData(&serialized)); - bool data_in_old_format; - EXPECT_TRUE(persister_->LoadEntries(serialized, &data_in_old_format)); + persister_->LoadEntries(serialized); TransportSecurityState::ExpectCTState new_expect_ct_state; EXPECT_FALSE(state_->GetDynamicExpectCTState( @@ -507,10 +462,8 @@ TEST_P(TransportSecurityPersisterTest, ExpectCTWithNetworkIsolationKey) { kTestDomain, transient_network_isolation_key, &expect_ct_state)); } - bool data_in_old_format; // Load entries into the other persister. - EXPECT_TRUE(persister_->LoadEntries(serialized, &data_in_old_format)); - EXPECT_FALSE(data_in_old_format); + persister_->LoadEntries(serialized); if (partition_expect_ct_state()) { TransportSecurityState::ExpectCTState new_expect_ct_state; @@ -593,10 +546,8 @@ TEST_P(TransportSecurityPersisterTest, base::ReplaceFirstSubstringAfterOffset(&serialized, 0, nik_string, "\"Not a valid NIK\""); - bool data_in_old_format; // Load entries into the other persister. - EXPECT_TRUE(persister_->LoadEntries(serialized, &data_in_old_format)); - EXPECT_FALSE(data_in_old_format); + persister_->LoadEntries(serialized); // The entry with the non-empty NetworkIsolationKey should be dropped, since // its NIK is now invalid. The other entry should be preserved. |