summaryrefslogtreecommitdiffstats
path: root/net/base
diff options
context:
space:
mode:
authorcevans@chromium.org <cevans@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2011-04-09 20:28:47 +0000
committercevans@chromium.org <cevans@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2011-04-09 20:28:47 +0000
commitb7f9fb2e5ebe7ba2308ddf95c5c6663bfc55e86f (patch)
tree2cbccf3277a23b65022f897a340f5ecb065b7fc2 /net/base
parentb167c4c2512e5a9bc16dd0338bad8f4e715f52be (diff)
downloadchromium_src-b7f9fb2e5ebe7ba2308ddf95c5c6663bfc55e86f.zip
chromium_src-b7f9fb2e5ebe7ba2308ddf95c5c6663bfc55e86f.tar.gz
chromium_src-b7f9fb2e5ebe7ba2308ddf95c5c6663bfc55e86f.tar.bz2
Add gmail.com and googlemail.com to the HSTS hardcoded list. These domains
are important because although they don't have any content, they often form the start of a user navigation into Gmail. If https is used, then the chain of redirects to login is secured (https://gmail.com -> https://mail.google.com -> https://www.google.com/accounts). Without https, an sslstrip attack can be fully mounted all the way to the login page (Tunisia?) It's a tricky add because https on these domains is SNI-only and the availability of SNI varies depending on preferences, but I added the plumbing to take care of this easily for future additions. TEST=TransportSecurityStateTest.Preloaded Review URL: http://codereview.chromium.org/6812031 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@81041 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/base')
-rw-r--r--net/base/transport_security_state.cc34
-rw-r--r--net/base/transport_security_state.h9
-rw-r--r--net/base/transport_security_state_unittest.cc235
3 files changed, 187 insertions, 91 deletions
diff --git a/net/base/transport_security_state.cc b/net/base/transport_security_state.cc
index 4449fa8..44dce0e 100644
--- a/net/base/transport_security_state.cc
+++ b/net/base/transport_security_state.cc
@@ -33,7 +33,7 @@ void TransportSecurityState::EnableHost(const std::string& host,
return;
bool temp;
- if (IsPreloadedSTS(canonicalized_host, &temp))
+ if (IsPreloadedSTS(canonicalized_host, true, &temp))
return;
char hashed[base::SHA256_LENGTH];
@@ -42,7 +42,7 @@ void TransportSecurityState::EnableHost(const std::string& host,
// Use the original creation date if we already have this host.
DomainState state_copy(state);
DomainState existing_state;
- if (IsEnabledForHost(&existing_state, host))
+ if (IsEnabledForHost(&existing_state, host, true))
state_copy.created = existing_state.created;
// We don't store these values.
@@ -78,7 +78,8 @@ static std::string IncludeNUL(const char* in) {
}
bool TransportSecurityState::IsEnabledForHost(DomainState* result,
- const std::string& host) {
+ const std::string& host,
+ bool sni_available) {
*result = DomainState();
const std::string canonicalized_host = CanonicalizeHost(host);
@@ -86,7 +87,7 @@ bool TransportSecurityState::IsEnabledForHost(DomainState* result,
return false;
bool include_subdomains;
- if (IsPreloadedSTS(canonicalized_host, &include_subdomains)) {
+ if (IsPreloadedSTS(canonicalized_host, sni_available, &include_subdomains)) {
result->created = result->expiry = base::Time::FromTimeT(0);
result->mode = DomainState::MODE_STRICT;
result->include_subdomains = include_subdomains;
@@ -443,7 +444,9 @@ std::string TransportSecurityState::CanonicalizeHost(const std::string& host) {
// considered to have STS enabled.
// static
bool TransportSecurityState::IsPreloadedSTS(
- const std::string& canonicalized_host, bool *include_subdomains) {
+ const std::string& canonicalized_host,
+ bool sni_available,
+ bool *include_subdomains) {
// In the medium term this list is likely to just be hardcoded here. This,
// slightly odd, form removes the need for additional relocations records.
static const struct {
@@ -485,6 +488,16 @@ bool TransportSecurityState::IsPreloadedSTS(
};
static const size_t kNumPreloadedSTS = ARRAYSIZE_UNSAFE(kPreloadedSTS);
+ static const struct {
+ uint8 length;
+ bool include_subdomains;
+ char dns_name[30];
+ } kPreloadedSNISTS[] = {
+ {11, true, "\005gmail\003com"},
+ {16, true, "\012googlemail\003com"},
+ };
+ static const size_t kNumPreloadedSNISTS = ARRAYSIZE_UNSAFE(kPreloadedSNISTS);
+
for (size_t i = 0; canonicalized_host[i]; i += canonicalized_host[i] + 1) {
for (size_t j = 0; j < kNumPreloadedSTS; j++) {
if (kPreloadedSTS[j].length == canonicalized_host.size() - i &&
@@ -495,6 +508,17 @@ bool TransportSecurityState::IsPreloadedSTS(
return true;
}
}
+ if (sni_available) {
+ for (size_t j = 0; j < kNumPreloadedSNISTS; j++) {
+ if (kPreloadedSNISTS[j].length == canonicalized_host.size() - i &&
+ (kPreloadedSNISTS[j].include_subdomains || i == 0) &&
+ memcmp(kPreloadedSNISTS[j].dns_name, &canonicalized_host[i],
+ kPreloadedSNISTS[j].length) == 0) {
+ *include_subdomains = kPreloadedSNISTS[j].include_subdomains;
+ return true;
+ }
+ }
+ }
}
return false;
diff --git a/net/base/transport_security_state.h b/net/base/transport_security_state.h
index 18bf51c..e7705f5 100644
--- a/net/base/transport_security_state.h
+++ b/net/base/transport_security_state.h
@@ -67,9 +67,11 @@ class TransportSecurityState :
// action is taken. Returns true iff an entry was deleted.
bool DeleteHost(const std::string& host);
- // Returns true if |host| has TransportSecurity enabled. If that case,
- // *result is filled out.
- bool IsEnabledForHost(DomainState* result, const std::string& host);
+ // Returns true if |host| has TransportSecurity enabled, in the context of
+ // |sni_available|. In that case, *result is filled out.
+ bool IsEnabledForHost(DomainState* result,
+ const std::string& host,
+ bool sni_available);
// Deletes all records created since a given time.
void DeleteSince(const base::Time& time);
@@ -112,6 +114,7 @@ class TransportSecurityState :
static std::string CanonicalizeHost(const std::string& host);
static bool IsPreloadedSTS(const std::string& canonicalized_host,
+ bool sni_available,
bool* out_include_subdomains);
// The set of hosts that have enabled TransportSecurity. The keys here
diff --git a/net/base/transport_security_state_unittest.cc b/net/base/transport_security_state_unittest.cc
index f58bdcc..9823072 100644
--- a/net/base/transport_security_state_unittest.cc
+++ b/net/base/transport_security_state_unittest.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2009 The Chromium Authors. All rights reserved.
+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
@@ -146,10 +146,10 @@ TEST_F(TransportSecurityStateTest, SimpleMatches) {
const base::Time current_time(base::Time::Now());
const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "google.com"));
+ EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "google.com", true));
domain_state.expiry = expiry;
state->EnableHost("google.com", domain_state);
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "google.com"));
+ EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "google.com", true));
}
TEST_F(TransportSecurityStateTest, MatchesCase1) {
@@ -159,10 +159,10 @@ TEST_F(TransportSecurityStateTest, MatchesCase1) {
const base::Time current_time(base::Time::Now());
const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "google.com"));
+ EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "google.com", true));
domain_state.expiry = expiry;
state->EnableHost("GOOgle.coM", domain_state);
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "google.com"));
+ EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "google.com", true));
}
TEST_F(TransportSecurityStateTest, MatchesCase2) {
@@ -172,10 +172,10 @@ TEST_F(TransportSecurityStateTest, MatchesCase2) {
const base::Time current_time(base::Time::Now());
const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "GOOgle.coM"));
+ EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "GOOgle.coM", true));
domain_state.expiry = expiry;
state->EnableHost("google.com", domain_state);
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "GOOgle.coM"));
+ EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "GOOgle.coM", true));
}
TEST_F(TransportSecurityStateTest, SubdomainMatches) {
@@ -185,16 +185,19 @@ TEST_F(TransportSecurityStateTest, SubdomainMatches) {
const base::Time current_time(base::Time::Now());
const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "google.com"));
+ EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "google.com", true));
domain_state.expiry = expiry;
domain_state.include_subdomains = true;
state->EnableHost("google.com", domain_state);
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "google.com"));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "foo.google.com"));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "foo.bar.google.com"));
+ EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "google.com", true));
+ EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "foo.google.com", true));
EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "foo.bar.baz.google.com"));
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "com"));
+ "foo.bar.google.com",
+ true));
+ EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
+ "foo.bar.baz.google.com",
+ true));
+ EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "com", true));
}
TEST_F(TransportSecurityStateTest, Serialise1) {
@@ -215,7 +218,7 @@ TEST_F(TransportSecurityStateTest, Serialise2) {
const base::Time current_time(base::Time::Now());
const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "google.com"));
+ EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "google.com", true));
domain_state.mode = TransportSecurityState::DomainState::MODE_STRICT;
domain_state.expiry = expiry;
domain_state.include_subdomains = true;
@@ -226,16 +229,19 @@ TEST_F(TransportSecurityStateTest, Serialise2) {
state->Serialise(&output);
EXPECT_TRUE(state->Deserialise(output, &dirty));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "google.com"));
+ EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "google.com", true));
EXPECT_EQ(domain_state.mode, TransportSecurityState::DomainState::MODE_STRICT);
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "foo.google.com"));
+ EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "foo.google.com", true));
EXPECT_EQ(domain_state.mode, TransportSecurityState::DomainState::MODE_STRICT);
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "foo.bar.google.com"));
+ EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
+ "foo.bar.google.com",
+ true));
EXPECT_EQ(domain_state.mode, TransportSecurityState::DomainState::MODE_STRICT);
EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "foo.bar.baz.google.com"));
+ "foo.bar.baz.google.com",
+ true));
EXPECT_EQ(domain_state.mode, TransportSecurityState::DomainState::MODE_STRICT);
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "com"));
+ EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "com", true));
}
TEST_F(TransportSecurityStateTest, Serialise3) {
@@ -246,7 +252,7 @@ TEST_F(TransportSecurityStateTest, Serialise3) {
const base::Time current_time(base::Time::Now());
const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "google.com"));
+ EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "google.com", true));
domain_state.mode = TransportSecurityState::DomainState::MODE_OPPORTUNISTIC;
domain_state.expiry = expiry;
state->EnableHost("google.com", domain_state);
@@ -256,7 +262,7 @@ TEST_F(TransportSecurityStateTest, Serialise3) {
state->Serialise(&output);
EXPECT_TRUE(state->Deserialise(output, &dirty));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "google.com"));
+ EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "google.com", true));
EXPECT_EQ(domain_state.mode,
TransportSecurityState::DomainState::MODE_OPPORTUNISTIC);
}
@@ -270,15 +276,15 @@ TEST_F(TransportSecurityStateTest, DeleteSince) {
const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
const base::Time older = current_time - base::TimeDelta::FromSeconds(1000);
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "google.com"));
+ EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "google.com", true));
domain_state.mode = TransportSecurityState::DomainState::MODE_STRICT;
domain_state.expiry = expiry;
state->EnableHost("google.com", domain_state);
state->DeleteSince(expiry);
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "google.com"));
+ EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "google.com", true));
state->DeleteSince(older);
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "google.com"));
+ EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "google.com", true));
}
TEST_F(TransportSecurityStateTest, DeleteHost) {
@@ -292,10 +298,10 @@ TEST_F(TransportSecurityStateTest, DeleteHost) {
domain_state.expiry = expiry;
state->EnableHost("google.com", domain_state);
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "google.com"));
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "example.com"));
+ EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "google.com", true));
+ EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "example.com", true));
EXPECT_TRUE(state->DeleteHost("google.com"));
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "google.com"));
+ EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "google.com", true));
}
TEST_F(TransportSecurityStateTest, SerialiseOld) {
@@ -331,94 +337,157 @@ TEST_F(TransportSecurityStateTest, IsPreloaded) {
TransportSecurityState::CanonicalizeHost("aypal.com");
bool b;
- EXPECT_FALSE(TransportSecurityState::IsPreloadedSTS(paypal, &b));
- EXPECT_TRUE(TransportSecurityState::IsPreloadedSTS(www_paypal, &b));
+ EXPECT_FALSE(TransportSecurityState::IsPreloadedSTS(paypal, true, &b));
+ EXPECT_TRUE(TransportSecurityState::IsPreloadedSTS(www_paypal, true, &b));
EXPECT_FALSE(b);
- EXPECT_FALSE(TransportSecurityState::IsPreloadedSTS(a_www_paypal, &b));
- EXPECT_FALSE(TransportSecurityState::IsPreloadedSTS(abc_paypal, &b));
- EXPECT_FALSE(TransportSecurityState::IsPreloadedSTS(example, &b));
- EXPECT_FALSE(TransportSecurityState::IsPreloadedSTS(aypal, &b));
+ EXPECT_FALSE(TransportSecurityState::IsPreloadedSTS(a_www_paypal, true, &b));
+ EXPECT_FALSE(TransportSecurityState::IsPreloadedSTS(abc_paypal, true, &b));
+ EXPECT_FALSE(TransportSecurityState::IsPreloadedSTS(example, true, &b));
+ EXPECT_FALSE(TransportSecurityState::IsPreloadedSTS(aypal, true, &b));
}
TEST_F(TransportSecurityStateTest, Preloaded) {
scoped_refptr<TransportSecurityState> state(
new TransportSecurityState);
TransportSecurityState::DomainState domain_state;
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "paypal.com"));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.paypal.com"));
+ EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "paypal.com", true));
+ EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.paypal.com", true));
EXPECT_EQ(domain_state.mode,
TransportSecurityState::DomainState::MODE_STRICT);
EXPECT_TRUE(domain_state.preloaded);
EXPECT_FALSE(domain_state.include_subdomains);
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "www2.paypal.com"));
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "a.www.paypal.com"));
+ EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "www2.paypal.com", true));
+ EXPECT_FALSE(state->IsEnabledForHost(&domain_state,
+ "a.www.paypal.com",
+ true));
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "elanex.biz"));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.elanex.biz"));
+ EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "elanex.biz", true));
+ EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.elanex.biz", true));
EXPECT_EQ(domain_state.mode,
TransportSecurityState::DomainState::MODE_STRICT);
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "foo.elanex.biz"));
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "a.foo.elanex.biz"));
+ EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "foo.elanex.biz", true));
+ EXPECT_FALSE(state->IsEnabledForHost(&domain_state,
+ "a.foo.elanex.biz",
+ true));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "sunshinepress.org"));
+ EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
+ "sunshinepress.org",
+ true));
EXPECT_EQ(domain_state.mode,
TransportSecurityState::DomainState::MODE_STRICT);
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.sunshinepress.org"));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "a.b.sunshinepress.org"));
+ EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
+ "www.sunshinepress.org",
+ true));
+ EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
+ "a.b.sunshinepress.org",
+ true));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.noisebridge.net"));
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "noisebridge.net"));
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "foo.noisebridge.net"));
+ EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
+ "www.noisebridge.net",
+ true));
+ EXPECT_FALSE(state->IsEnabledForHost(&domain_state,
+ "noisebridge.net",
+ true));
+ EXPECT_FALSE(state->IsEnabledForHost(&domain_state,
+ "foo.noisebridge.net",
+ true));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "neg9.org"));
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "www.neg9.org"));
+ EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "neg9.org", true));
+ EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "www.neg9.org", true));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "riseup.net"));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "foo.riseup.net"));
+ EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "riseup.net", true));
+ EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "foo.riseup.net", true));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "factor.cc"));
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "www.factor.cc"));
+ EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "factor.cc", true));
+ EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "www.factor.cc", true));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "members.mayfirst.org"));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "support.mayfirst.org"));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "id.mayfirst.org"));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "lists.mayfirst.org"));
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "www.mayfirst.org"));
+ EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
+ "members.mayfirst.org",
+ true));
+ EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
+ "support.mayfirst.org",
+ true));
+ EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "id.mayfirst.org", true));
+ EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
+ "lists.mayfirst.org",
+ true));
+ EXPECT_FALSE(state->IsEnabledForHost(&domain_state,
+ "www.mayfirst.org",
+ true));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "splendidbacon.com"));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.splendidbacon.com"));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "foo.splendidbacon.com"));
+ EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
+ "splendidbacon.com",
+ true));
+ EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
+ "www.splendidbacon.com",
+ true));
+ EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
+ "foo.splendidbacon.com",
+ true));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "chrome.google.com"));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "checkout.google.com"));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "health.google.com"));
EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "aladdinschools.appspot.com"));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "ottospora.nl"));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.ottospora.nl"));
+ "chrome.google.com",
+ true));
+ EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
+ "checkout.google.com",
+ true));
+ EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
+ "health.google.com",
+ true));
+ EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
+ "aladdinschools.appspot.com",
+ true));
+ EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "ottospora.nl", true));
+ EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.ottospora.nl", true));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "docs.google.com"));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "sites.google.com"));
+ EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "docs.google.com", true));
+ EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "sites.google.com", true));
+ EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
+ "spreadsheets.google.com",
+ true));
EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "spreadsheets.google.com"));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "appengine.google.com"));
+ "appengine.google.com",
+ true));
EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "www.paycheckrecords.com"));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "market.android.com"));
+ "www.paycheckrecords.com",
+ true));
+ EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
+ "market.android.com",
+ true));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "lastpass.com"));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.lastpass.com"));
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "blog.lastpass.com"));
+ EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "lastpass.com", true));
+ EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.lastpass.com", true));
+ EXPECT_FALSE(state->IsEnabledForHost(&domain_state,
+ "blog.lastpass.com",
+ true));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "keyerror.com"));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.keyerror.com"));
+ EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "keyerror.com", true));
+ EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.keyerror.com", true));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "encrypted.google.com"));
+ EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
+ "encrypted.google.com",
+ true));
+ EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
+ "accounts.google.com",
+ true));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "entropia.de"));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.entropia.de"));
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "foo.entropia.de"));
+ EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "entropia.de", true));
+ EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.entropia.de", true));
+ EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "foo.entropia.de", true));
+
+ EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "gmail.com", true));
+ EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.gmail.com", true));
+ EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "googlemail.com", true));
+ EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
+ "www.googlemail.com",
+ true));
+ EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "gmail.com", false));
+ EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "www.gmail.com", false));
+ EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "googlemail.com", false));
+ EXPECT_FALSE(state->IsEnabledForHost(&domain_state,
+ "www.googlemail.com",
+ false));
}
TEST_F(TransportSecurityStateTest, LongNames) {
@@ -429,7 +498,7 @@ TEST_F(TransportSecurityStateTest, LongNames) {
"WaveletIdDomainAndBlipBlipid";
TransportSecurityState::DomainState domain_state;
// Just checks that we don't hit a NOTREACHED.
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state, kLongName));
+ EXPECT_FALSE(state->IsEnabledForHost(&domain_state, kLongName, true));
}
} // namespace net
generated by cgit v1.1 at 2025-01-31 23:52:10 +0000