summaryrefslogtreecommitdiff
path: root/chromium/net/http/transport_security_persister_unittest.cc
diff options
context:
space:
mode:
authorAllan Sandfeld Jensen <allan.jensen@qt.io>2021-09-03 13:32:17 +0200
committerAllan Sandfeld Jensen <allan.jensen@qt.io>2021-10-01 14:31:55 +0200
commit21ba0c5d4bf8fba15dddd97cd693bad2358b77fd (patch)
tree91be119f694044dfc1ff9fdc054459e925de9df0 /chromium/net/http/transport_security_persister_unittest.cc
parent03c549e0392f92c02536d3f86d5e1d8dfa3435ac (diff)
downloadqtwebengine-chromium-21ba0c5d4bf8fba15dddd97cd693bad2358b77fd.tar.gz
BASELINE: Update Chromium to 92.0.4515.166
Change-Id: I42a050486714e9e54fc271f2a8939223a02ae364
Diffstat (limited to 'chromium/net/http/transport_security_persister_unittest.cc')
-rw-r--r--chromium/net/http/transport_security_persister_unittest.cc135
1 files changed, 43 insertions, 92 deletions
diff --git a/chromium/net/http/transport_security_persister_unittest.cc b/chromium/net/http/transport_security_persister_unittest.cc
index 070f1d37588..530e98ff7be 100644
--- a/chromium/net/http/transport_security_persister_unittest.cc
+++ b/chromium/net/http/transport_security_persister_unittest.cc
@@ -88,7 +88,6 @@ TEST_P(TransportSecurityPersisterTest, LoadEntriesClearsExistingState) {
base::test::ScopedFeatureList feature_list;
feature_list.InitAndEnableFeature(
TransportSecurityState::kDynamicExpectCTFeature);
- bool data_in_old_format;
TransportSecurityState::STSState sts_state;
TransportSecurityState::ExpectCTState expect_ct_state;
@@ -106,21 +105,24 @@ TEST_P(TransportSecurityPersisterTest, LoadEntriesClearsExistingState) {
EXPECT_TRUE(state_->GetDynamicExpectCTState(
kYahooDomain, NetworkIsolationKey(), &expect_ct_state));
- EXPECT_TRUE(persister_->LoadEntries("{\"version\":2}", &data_in_old_format));
- EXPECT_FALSE(data_in_old_format);
+ persister_->LoadEntries("{\"version\":2}");
EXPECT_FALSE(state_->GetDynamicSTSState(kYahooDomain, &sts_state));
EXPECT_FALSE(state_->GetDynamicExpectCTState(
kYahooDomain, NetworkIsolationKey(), &expect_ct_state));
}
+// Tests that serializing -> deserializing -> reserializing results in the same
+// output.
TEST_P(TransportSecurityPersisterTest, SerializeData1) {
std::string output;
- bool data_in_old_format;
EXPECT_TRUE(persister_->SerializeData(&output));
- EXPECT_TRUE(persister_->LoadEntries(output, &data_in_old_format));
- EXPECT_FALSE(data_in_old_format);
+ persister_->LoadEntries(output);
+
+ std::string output2;
+ EXPECT_TRUE(persister_->SerializeData(&output2));
+ EXPECT_EQ(output, output2);
}
TEST_P(TransportSecurityPersisterTest, SerializeData2) {
@@ -135,10 +137,8 @@ TEST_P(TransportSecurityPersisterTest, SerializeData2) {
state_->AddHSTS(kYahooDomain, expiry, include_subdomains);
std::string output;
- bool data_in_old_format;
EXPECT_TRUE(persister_->SerializeData(&output));
- EXPECT_TRUE(persister_->LoadEntries(output, &data_in_old_format));
- EXPECT_FALSE(data_in_old_format);
+ persister_->LoadEntries(output);
EXPECT_TRUE(state_->GetDynamicSTSState(kYahooDomain, &sts_state));
EXPECT_EQ(sts_state.upgrade_mode,
@@ -202,9 +202,7 @@ TEST_P(TransportSecurityPersisterTest, SerializeData3) {
std::string persisted;
EXPECT_TRUE(base::ReadFileToString(path, &persisted));
EXPECT_EQ(persisted, serialized);
- bool data_in_old_format;
- EXPECT_TRUE(persister_->LoadEntries(persisted, &data_in_old_format));
- EXPECT_FALSE(data_in_old_format);
+ persister_->LoadEntries(persisted);
// Check that states are the same as saved.
size_t count = 0;
@@ -224,18 +222,31 @@ TEST_P(TransportSecurityPersisterTest, SerializeData3) {
EXPECT_EQ(count, expect_ct_saved.size());
}
+// Tests that deserializing bad data shouldn't result in any ExpectCT or STS
+// entries being added to the transport security state.
TEST_P(TransportSecurityPersisterTest, DeserializeBadData) {
- bool data_in_old_format;
- EXPECT_FALSE(persister_->LoadEntries("", &data_in_old_format));
- EXPECT_FALSE(persister_->LoadEntries("Foopy", &data_in_old_format));
- EXPECT_FALSE(persister_->LoadEntries("15", &data_in_old_format));
- EXPECT_FALSE(persister_->LoadEntries("[15]", &data_in_old_format));
- EXPECT_FALSE(persister_->LoadEntries("{\"version\":1}", &data_in_old_format));
+ persister_->LoadEntries("");
+ EXPECT_EQ(0u, state_->num_expect_ct_entries());
+ EXPECT_EQ(0u, state_->num_sts_entries());
+
+ persister_->LoadEntries("Foopy");
+ EXPECT_EQ(0u, state_->num_expect_ct_entries());
+ EXPECT_EQ(0u, state_->num_sts_entries());
+
+ persister_->LoadEntries("15");
+ EXPECT_EQ(0u, state_->num_expect_ct_entries());
+ EXPECT_EQ(0u, state_->num_sts_entries());
+
+ persister_->LoadEntries("[15]");
+ EXPECT_EQ(0u, state_->num_expect_ct_entries());
+ EXPECT_EQ(0u, state_->num_sts_entries());
+
+ persister_->LoadEntries("{\"version\":1}");
+ EXPECT_EQ(0u, state_->num_expect_ct_entries());
+ EXPECT_EQ(0u, state_->num_sts_entries());
}
TEST_P(TransportSecurityPersisterTest, DeserializeDataOldWithoutCreationDate) {
- const char kDomain[] = "example.test";
-
// This is an old-style piece of transport state JSON, which has no creation
// date.
const std::string kInput =
@@ -246,24 +257,12 @@ TEST_P(TransportSecurityPersisterTest, DeserializeDataOldWithoutCreationDate) {
"\"mode\": \"strict\" "
"}"
"}";
- bool data_in_old_format;
- EXPECT_TRUE(persister_->LoadEntries(kInput, &data_in_old_format));
- EXPECT_TRUE(data_in_old_format);
-
- TransportSecurityState::STSState sts_state;
- EXPECT_TRUE(state_->GetDynamicSTSState(kDomain, &sts_state));
- EXPECT_EQ(kDomain, sts_state.domain);
- EXPECT_FALSE(sts_state.include_subdomains);
- EXPECT_EQ(TransportSecurityState::STSState::MODE_FORCE_HTTPS,
- sts_state.upgrade_mode);
+ persister_->LoadEntries(kInput);
+ EXPECT_EQ(0u, state_->num_expect_ct_entries());
+ EXPECT_EQ(0u, state_->num_sts_entries());
}
TEST_P(TransportSecurityPersisterTest, DeserializeDataOldMergedDictionary) {
- const char kStsDomain[] = "sts.test";
- const char kExpectCTDomain[] = "expect_ct.test";
- const GURL kExpectCTReportUri = GURL("https://expect_ct.test/report_uri");
- const char kBothDomain[] = "both.test";
-
// This is an old-style piece of transport state JSON, which uses a single
// unversioned host-keyed dictionary of merged ExpectCT and HSTS data.
const std::string kInput =
@@ -300,50 +299,9 @@ TEST_P(TransportSecurityPersisterTest, DeserializeDataOldMergedDictionary) {
" }"
"}";
- bool data_in_old_format;
- EXPECT_TRUE(persister_->LoadEntries(kInput, &data_in_old_format));
- EXPECT_TRUE(data_in_old_format);
-
- // kStsDomain should only have HSTS information.
- TransportSecurityState::STSState sts_state;
- EXPECT_TRUE(state_->GetDynamicSTSState(kStsDomain, &sts_state));
- EXPECT_EQ(kStsDomain, sts_state.domain);
- EXPECT_FALSE(sts_state.include_subdomains);
- EXPECT_EQ(TransportSecurityState::STSState::MODE_FORCE_HTTPS,
- sts_state.upgrade_mode);
- EXPECT_LT(base::Time::Now(), sts_state.last_observed);
- EXPECT_LT(sts_state.last_observed, sts_state.expiry);
- TransportSecurityState::ExpectCTState expect_ct_state;
- EXPECT_FALSE(state_->GetDynamicExpectCTState(
- kStsDomain, NetworkIsolationKey(), &expect_ct_state));
-
- // kExpectCTDomain should only have HSTS information.
- sts_state = TransportSecurityState::STSState();
- EXPECT_FALSE(state_->GetDynamicSTSState(kExpectCTDomain, &sts_state));
- expect_ct_state = TransportSecurityState::ExpectCTState();
- EXPECT_TRUE(state_->GetDynamicExpectCTState(
- kExpectCTDomain, NetworkIsolationKey(), &expect_ct_state));
- EXPECT_EQ(kExpectCTReportUri, expect_ct_state.report_uri);
- EXPECT_TRUE(expect_ct_state.enforce);
- EXPECT_LT(base::Time::Now(), expect_ct_state.last_observed);
- EXPECT_LT(expect_ct_state.last_observed, expect_ct_state.expiry);
-
- // kBothDomain should have HSTS and ExpectCT information.
- sts_state = TransportSecurityState::STSState();
- EXPECT_TRUE(state_->GetDynamicSTSState(kBothDomain, &sts_state));
- EXPECT_EQ(kBothDomain, sts_state.domain);
- EXPECT_TRUE(sts_state.include_subdomains);
- EXPECT_EQ(TransportSecurityState::STSState::MODE_FORCE_HTTPS,
- sts_state.upgrade_mode);
- EXPECT_LT(base::Time::Now(), sts_state.last_observed);
- EXPECT_LT(sts_state.last_observed, sts_state.expiry);
- expect_ct_state = TransportSecurityState::ExpectCTState();
- EXPECT_TRUE(state_->GetDynamicExpectCTState(
- kBothDomain, NetworkIsolationKey(), &expect_ct_state));
- EXPECT_TRUE(expect_ct_state.report_uri.is_empty());
- EXPECT_TRUE(expect_ct_state.enforce);
- EXPECT_LT(base::Time::Now(), expect_ct_state.last_observed);
- EXPECT_LT(expect_ct_state.last_observed, expect_ct_state.expiry);
+ persister_->LoadEntries(kInput);
+ EXPECT_EQ(0u, state_->num_expect_ct_entries());
+ EXPECT_EQ(0u, state_->num_sts_entries());
}
// Tests that dynamic Expect-CT state is serialized and deserialized correctly.
@@ -364,10 +322,9 @@ TEST_P(TransportSecurityPersisterTest, ExpectCT) {
NetworkIsolationKey());
std::string serialized;
EXPECT_TRUE(persister_->SerializeData(&serialized));
- bool data_in_old_format;
// LoadEntries() clears existing dynamic data before loading entries from
// |serialized|.
- EXPECT_TRUE(persister_->LoadEntries(serialized, &data_in_old_format));
+ persister_->LoadEntries(serialized);
TransportSecurityState::ExpectCTState new_expect_ct_state;
EXPECT_TRUE(state_->GetDynamicExpectCTState(
@@ -381,7 +338,7 @@ TEST_P(TransportSecurityPersisterTest, ExpectCT) {
state_->AddExpectCT(kTestDomain, expiry, false /* enforce */, report_uri,
NetworkIsolationKey());
EXPECT_TRUE(persister_->SerializeData(&serialized));
- EXPECT_TRUE(persister_->LoadEntries(serialized, &data_in_old_format));
+ persister_->LoadEntries(serialized);
EXPECT_TRUE(state_->GetDynamicExpectCTState(
kTestDomain, NetworkIsolationKey(), &new_expect_ct_state));
EXPECT_FALSE(new_expect_ct_state.enforce);
@@ -410,10 +367,9 @@ TEST_P(TransportSecurityPersisterTest, ExpectCTWithSTSDataPresent) {
std::string serialized;
EXPECT_TRUE(persister_->SerializeData(&serialized));
- bool data_in_old_format;
// LoadEntries() clears existing dynamic data before loading entries from
// |serialized|.
- EXPECT_TRUE(persister_->LoadEntries(serialized, &data_in_old_format));
+ persister_->LoadEntries(serialized);
TransportSecurityState::ExpectCTState new_expect_ct_state;
EXPECT_TRUE(state_->GetDynamicExpectCTState(
@@ -447,8 +403,7 @@ TEST_P(TransportSecurityPersisterTest, ExpectCTDisabled) {
NetworkIsolationKey());
std::string serialized;
EXPECT_TRUE(persister_->SerializeData(&serialized));
- bool data_in_old_format;
- EXPECT_TRUE(persister_->LoadEntries(serialized, &data_in_old_format));
+ persister_->LoadEntries(serialized);
TransportSecurityState::ExpectCTState new_expect_ct_state;
EXPECT_FALSE(state_->GetDynamicExpectCTState(
@@ -507,10 +462,8 @@ TEST_P(TransportSecurityPersisterTest, ExpectCTWithNetworkIsolationKey) {
kTestDomain, transient_network_isolation_key, &expect_ct_state));
}
- bool data_in_old_format;
// Load entries into the other persister.
- EXPECT_TRUE(persister_->LoadEntries(serialized, &data_in_old_format));
- EXPECT_FALSE(data_in_old_format);
+ persister_->LoadEntries(serialized);
if (partition_expect_ct_state()) {
TransportSecurityState::ExpectCTState new_expect_ct_state;
@@ -593,10 +546,8 @@ TEST_P(TransportSecurityPersisterTest,
base::ReplaceFirstSubstringAfterOffset(&serialized, 0, nik_string,
"\"Not a valid NIK\"");
- bool data_in_old_format;
// Load entries into the other persister.
- EXPECT_TRUE(persister_->LoadEntries(serialized, &data_in_old_format));
- EXPECT_FALSE(data_in_old_format);
+ persister_->LoadEntries(serialized);
// The entry with the non-empty NetworkIsolationKey should be dropped, since
// its NIK is now invalid. The other entry should be preserved.
View Lorry Controller Status