diff options
| author | phajdan.jr@chromium.org <phajdan.jr@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-09-27 21:04:49 +0000 |
|---|---|---|
| committer | phajdan.jr@chromium.org <phajdan.jr@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-09-27 21:04:49 +0000 |
| commit | edbc4f91345a02160137f8fd506fefaca4e33f6a (patch) | |
| tree | 98e5a1f9096b79e6f60f2c7c0ebd09218ac9780d /net | |
| parent | bb6ec17d7939713e4d0d9d2c25c2e1e734b0e96e (diff) | |
| download | chromium_src-edbc4f91345a02160137f8fd506fefaca4e33f6a.zip chromium_src-edbc4f91345a02160137f8fd506fefaca4e33f6a.tar.gz chromium_src-edbc4f91345a02160137f8fd506fefaca4e33f6a.tar.bz2 | |
Make TransportSecurityState not ref-counted for simplicity.
BUG=none
Review URL: http://codereview.chromium.org/8054001
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@103012 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net')
| -rw-r--r-- | net/base/transport_security_state.cc | 32 | ||||
| -rw-r--r-- | net/base/transport_security_state.h | 36 | ||||
| -rw-r--r-- | net/base/transport_security_state_unittest.cc | 1010 | ||||
| -rw-r--r-- | net/url_request/url_request_context.h | 2 | ||||
| -rw-r--r-- | net/url_request/url_request_context_storage.cc | 2 | ||||
| -rw-r--r-- | net/url_request/url_request_context_storage.h | 2 | ||||
| -rw-r--r-- | net/websockets/websocket_job_unittest.cc | 10 |
7 files changed, 543 insertions, 551 deletions
diff --git a/net/base/transport_security_state.cc b/net/base/transport_security_state.cc index c0ba4e2..fd6f11b 100644 --- a/net/base/transport_security_state.cc +++ b/net/base/transport_security_state.cc @@ -49,8 +49,15 @@ static std::string HashHost(const std::string& canonicalized_host) { return std::string(hashed, sizeof(hashed)); } +void TransportSecurityState::SetDelegate( + TransportSecurityState::Delegate* delegate) { + delegate_ = delegate; +} + void TransportSecurityState::EnableHost(const std::string& host, const DomainState& state) { + DCHECK(CalledOnValidThread()); + const std::string canonicalized_host = CanonicalizeHost(host); if (canonicalized_host.empty()) return; @@ -79,6 +86,8 @@ void TransportSecurityState::EnableHost(const std::string& host, } bool TransportSecurityState::DeleteHost(const std::string& host) { + DCHECK(CalledOnValidThread()); + const std::string canonicalized_host = CanonicalizeHost(host); if (canonicalized_host.empty()) return false; @@ -96,6 +105,8 @@ bool TransportSecurityState::DeleteHost(const std::string& host) { bool TransportSecurityState::HasPinsForHost(DomainState* result, const std::string& host, bool sni_available) { + DCHECK(CalledOnValidThread()); + return HasMetadata(result, host, sni_available) && !result->public_key_hashes.empty(); } @@ -103,6 +114,8 @@ bool TransportSecurityState::HasPinsForHost(DomainState* result, bool TransportSecurityState::IsEnabledForHost(DomainState* result, const std::string& host, bool sni_available) { + DCHECK(CalledOnValidThread()); + return HasMetadata(result, host, sni_available) && result->mode != DomainState::MODE_NONE; } @@ -110,6 +123,8 @@ bool TransportSecurityState::IsEnabledForHost(DomainState* result, bool TransportSecurityState::HasMetadata(DomainState* result, const std::string& host, bool sni_available) { + DCHECK(CalledOnValidThread()); + *result = DomainState(); const std::string canonicalized_host = CanonicalizeHost(host); @@ -154,6 +169,8 @@ bool TransportSecurityState::HasMetadata(DomainState* result, } void TransportSecurityState::DeleteSince(const base::Time& time) { + DCHECK(CalledOnValidThread()); + bool dirtied = false; std::map<std::string, DomainState>::iterator i = enabled_hosts_.begin(); @@ -190,6 +207,8 @@ static bool MaxAgeToInt(std::string::const_iterator begin, // "Strict-Transport-Security" ":" // "max-age" "=" delta-seconds [ ";" "includeSubDomains" ] +// +// static bool TransportSecurityState::ParseHeader(const std::string& value, int* max_age, bool* include_subdomains) { @@ -501,11 +520,6 @@ bool TransportSecurityState::ParseSidePin( return have_parsed_a_key; } -void TransportSecurityState::SetDelegate( - TransportSecurityState::Delegate* delegate) { - delegate_ = delegate; -} - // This function converts the binary hashes, which we store in // |enabled_hosts_|, to a base64 string which we can include in a JSON file. static std::string HashedDomainToExternalString(const std::string& hashed) { @@ -527,6 +541,8 @@ static std::string ExternalStringToHashedDomain(const std::string& external) { } bool TransportSecurityState::Serialise(std::string* output) { + DCHECK(CalledOnValidThread()); + DictionaryValue toplevel; for (std::map<std::string, DomainState>::const_iterator i = enabled_hosts_.begin(); i != enabled_hosts_.end(); ++i) { @@ -569,6 +585,8 @@ bool TransportSecurityState::Serialise(std::string* output) { bool TransportSecurityState::LoadEntries(const std::string& input, bool* dirty) { + DCHECK(CalledOnValidThread()); + enabled_hosts_.clear(); return Deserialise(input, dirty, &enabled_hosts_); } @@ -683,6 +701,8 @@ TransportSecurityState::~TransportSecurityState() { } void TransportSecurityState::DirtyNotify() { + DCHECK(CalledOnValidThread()); + if (delegate_) delegate_->StateIsDirty(this); } @@ -766,6 +786,8 @@ bool TransportSecurityState::IsPreloadedSTS( const std::string& canonicalized_host, bool sni_available, DomainState* out) { + DCHECK(CalledOnValidThread()); + out->preloaded = true; out->mode = DomainState::MODE_STRICT; out->include_subdomains = false; diff --git a/net/base/transport_security_state.h b/net/base/transport_security_state.h index d5d2e4d..ad4c7da 100644 --- a/net/base/transport_security_state.h +++ b/net/base/transport_security_state.h @@ -12,7 +12,7 @@ #include "base/basictypes.h" #include "base/gtest_prod_util.h" -#include "base/memory/ref_counted.h" +#include "base/threading/non_thread_safe.h" #include "base/time.h" #include "net/base/net_export.h" #include "net/base/x509_cert_types.h" @@ -24,16 +24,13 @@ namespace net { // Tracks which hosts have enabled *-Transport-Security. This object manages // the in-memory store. A separate object must register itself with this object // in order to persist the state to disk. -// -// TODO(phajdan.jr): Convert this to non-thread-safe non-ref-counted -// for simplicity. -class NET_EXPORT TransportSecurityState : - public base::RefCountedThreadSafe<TransportSecurityState> { +class NET_EXPORT TransportSecurityState : public base::NonThreadSafe { public: // If non-empty, |hsts_hosts| is a JSON-formatted string to treat as if it // were a built-in entry (same format as persisted metadata in the // TransportSecurityState file). explicit TransportSecurityState(const std::string& hsts_hosts); + ~TransportSecurityState(); // A DomainState is the information that we persist about a given domain. struct NET_EXPORT DomainState { @@ -74,6 +71,18 @@ class NET_EXPORT TransportSecurityState : std::string domain; // the domain which matched }; + class Delegate { + public: + // This function may not block and may be called with internal locks held. + // Thus it must not reenter the TransportSecurityState object. + virtual void StateIsDirty(TransportSecurityState* state) = 0; + + protected: + virtual ~Delegate() {} + }; + + void SetDelegate(Delegate*); + // Enable TransportSecurity for |host|. void EnableHost(const std::string& host, const DomainState& state); @@ -123,18 +132,6 @@ class NET_EXPORT TransportSecurityState : const base::StringPiece& side_info, std::vector<SHA1Fingerprint> *out_pub_key_hash); - class Delegate { - public: - // This function may not block and may be called with internal locks held. - // Thus it must not reenter the TransportSecurityState object. - virtual void StateIsDirty(TransportSecurityState* state) = 0; - - protected: - virtual ~Delegate() {} - }; - - void SetDelegate(Delegate*); - bool Serialise(std::string* output); // Existing non-preloaded entries are cleared and repopulated from the // passed JSON string. @@ -144,11 +141,8 @@ class NET_EXPORT TransportSecurityState : static const long int kMaxHSTSAgeSecs; private: - friend class base::RefCountedThreadSafe<TransportSecurityState>; FRIEND_TEST_ALL_PREFIXES(TransportSecurityStateTest, IsPreloaded); - ~TransportSecurityState(); - // If we have a callback configured, call it to let our serialiser know that // our state is dirty. void DirtyNotify(); diff --git a/net/base/transport_security_state_unittest.cc b/net/base/transport_security_state_unittest.cc index 263e29a..11c6edf 100644 --- a/net/base/transport_security_state_unittest.cc +++ b/net/base/transport_security_state_unittest.cc @@ -142,168 +142,155 @@ TEST_F(TransportSecurityStateTest, ValidHeaders) { } TEST_F(TransportSecurityStateTest, SimpleMatches) { - scoped_refptr<TransportSecurityState> state( - new TransportSecurityState(std::string())); + TransportSecurityState state(""); TransportSecurityState::DomainState domain_state; const base::Time current_time(base::Time::Now()); const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); - EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "yahoo.com", true)); + EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "yahoo.com", true)); domain_state.expiry = expiry; - state->EnableHost("yahoo.com", domain_state); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "yahoo.com", true)); + state.EnableHost("yahoo.com", domain_state); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "yahoo.com", true)); } TEST_F(TransportSecurityStateTest, MatchesCase1) { - scoped_refptr<TransportSecurityState> state( - new TransportSecurityState(std::string())); + TransportSecurityState state(""); TransportSecurityState::DomainState domain_state; const base::Time current_time(base::Time::Now()); const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); - EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "yahoo.com", true)); + EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "yahoo.com", true)); domain_state.expiry = expiry; - state->EnableHost("YAhoo.coM", domain_state); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "yahoo.com", true)); + state.EnableHost("YAhoo.coM", domain_state); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "yahoo.com", true)); } TEST_F(TransportSecurityStateTest, MatchesCase2) { - scoped_refptr<TransportSecurityState> state( - new TransportSecurityState(std::string())); + TransportSecurityState state(""); TransportSecurityState::DomainState domain_state; const base::Time current_time(base::Time::Now()); const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); - EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "YAhoo.coM", true)); + EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "YAhoo.coM", true)); domain_state.expiry = expiry; - state->EnableHost("yahoo.com", domain_state); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "YAhoo.coM", true)); + state.EnableHost("yahoo.com", domain_state); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "YAhoo.coM", true)); } TEST_F(TransportSecurityStateTest, SubdomainMatches) { - scoped_refptr<TransportSecurityState> state( - new TransportSecurityState(std::string())); + TransportSecurityState state(""); TransportSecurityState::DomainState domain_state; const base::Time current_time(base::Time::Now()); const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); - EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "yahoo.com", true)); + EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "yahoo.com", true)); domain_state.expiry = expiry; domain_state.include_subdomains = true; - state->EnableHost("yahoo.com", domain_state); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "yahoo.com", true)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "foo.yahoo.com", true)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, - "foo.bar.yahoo.com", - true)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, - "foo.bar.baz.yahoo.com", - true)); - EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "com", true)); + state.EnableHost("yahoo.com", domain_state); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "yahoo.com", true)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "foo.yahoo.com", true)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, + "foo.bar.yahoo.com", + true)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, + "foo.bar.baz.yahoo.com", + true)); + EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "com", true)); } TEST_F(TransportSecurityStateTest, Serialise1) { - scoped_refptr<TransportSecurityState> state( - new TransportSecurityState(std::string())); + TransportSecurityState state(""); std::string output; bool dirty; - state->Serialise(&output); - EXPECT_TRUE(state->LoadEntries(output, &dirty)); + state.Serialise(&output); + EXPECT_TRUE(state.LoadEntries(output, &dirty)); EXPECT_FALSE(dirty); } TEST_F(TransportSecurityStateTest, Serialise2) { - scoped_refptr<TransportSecurityState> state( - new TransportSecurityState(std::string())); - + TransportSecurityState state(""); TransportSecurityState::DomainState domain_state; const base::Time current_time(base::Time::Now()); const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); - EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "yahoo.com", true)); + EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "yahoo.com", true)); domain_state.mode = TransportSecurityState::DomainState::MODE_STRICT; domain_state.expiry = expiry; domain_state.include_subdomains = true; - state->EnableHost("yahoo.com", domain_state); + state.EnableHost("yahoo.com", domain_state); std::string output; bool dirty; - state->Serialise(&output); - EXPECT_TRUE(state->LoadEntries(output, &dirty)); + state.Serialise(&output); + EXPECT_TRUE(state.LoadEntries(output, &dirty)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "yahoo.com", true)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "yahoo.com", true)); EXPECT_EQ(domain_state.mode, TransportSecurityState::DomainState::MODE_STRICT); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "foo.yahoo.com", true)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "foo.yahoo.com", true)); EXPECT_EQ(domain_state.mode, TransportSecurityState::DomainState::MODE_STRICT); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, - "foo.bar.yahoo.com", - true)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, + "foo.bar.yahoo.com", + true)); EXPECT_EQ(domain_state.mode, TransportSecurityState::DomainState::MODE_STRICT); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, - "foo.bar.baz.yahoo.com", - true)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, + "foo.bar.baz.yahoo.com", + true)); EXPECT_EQ(domain_state.mode, TransportSecurityState::DomainState::MODE_STRICT); - EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "com", true)); + EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "com", true)); } TEST_F(TransportSecurityStateTest, DeleteSince) { - scoped_refptr<TransportSecurityState> state( - new TransportSecurityState(std::string())); - + TransportSecurityState state(""); TransportSecurityState::DomainState domain_state; const base::Time current_time(base::Time::Now()); const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); const base::Time older = current_time - base::TimeDelta::FromSeconds(1000); - EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "yahoo.com", true)); + EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "yahoo.com", true)); domain_state.mode = TransportSecurityState::DomainState::MODE_STRICT; domain_state.expiry = expiry; - state->EnableHost("yahoo.com", domain_state); + state.EnableHost("yahoo.com", domain_state); - state->DeleteSince(expiry); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "yahoo.com", true)); - state->DeleteSince(older); - EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "yahoo.com", true)); + state.DeleteSince(expiry); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "yahoo.com", true)); + state.DeleteSince(older); + EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "yahoo.com", true)); } TEST_F(TransportSecurityStateTest, DeleteHost) { - scoped_refptr<TransportSecurityState> state( - new TransportSecurityState(std::string())); - + TransportSecurityState state(""); TransportSecurityState::DomainState domain_state; const base::Time current_time(base::Time::Now()); const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); domain_state.mode = TransportSecurityState::DomainState::MODE_STRICT; domain_state.expiry = expiry; - state->EnableHost("yahoo.com", domain_state); + state.EnableHost("yahoo.com", domain_state); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "yahoo.com", true)); - EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "example.com", true)); - EXPECT_TRUE(state->DeleteHost("yahoo.com")); - EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "yahoo.com", true)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "yahoo.com", true)); + EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "example.com", true)); + EXPECT_TRUE(state.DeleteHost("yahoo.com")); + EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "yahoo.com", true)); } TEST_F(TransportSecurityStateTest, SerialiseOld) { - scoped_refptr<TransportSecurityState> state( - new TransportSecurityState(std::string())); + TransportSecurityState state(""); // This is an old-style piece of transport state JSON, which has no creation // date. std::string output = "{ " - "\"NiyD+3J1r6z1wjl2n1ALBu94Zj9OsEAMo0kCN8js0Uk=\": {" - "\"expiry\": 1266815027.983453, " - "\"include_subdomains\": false, " - "\"mode\": \"strict\" " - "}" + "\"NiyD+3J1r6z1wjl2n1ALBu94Zj9OsEAMo0kCN8js0Uk=\": {" + "\"expiry\": 1266815027.983453, " + "\"include_subdomains\": false, " + "\"mode\": \"strict\" " + "}" "}"; bool dirty; - EXPECT_TRUE(state->LoadEntries(output, &dirty)); + EXPECT_TRUE(state.LoadEntries(output, &dirty)); EXPECT_TRUE(dirty); } TEST_F(TransportSecurityStateTest, IsPreloaded) { - scoped_refptr<TransportSecurityState> state( - new TransportSecurityState(std::string())); + TransportSecurityState state(""); const std::string paypal = TransportSecurityState::CanonicalizeHost("paypal.com"); @@ -319,414 +306,410 @@ TEST_F(TransportSecurityStateTest, IsPreloaded) { TransportSecurityState::CanonicalizeHost("aypal.com"); TransportSecurityState::DomainState domain_state; - EXPECT_FALSE(state->IsPreloadedSTS(paypal, true, &domain_state)); - EXPECT_TRUE(state->IsPreloadedSTS(www_paypal, true, &domain_state)); + EXPECT_FALSE(state.IsPreloadedSTS(paypal, true, &domain_state)); + EXPECT_TRUE(state.IsPreloadedSTS(www_paypal, true, &domain_state)); EXPECT_FALSE(domain_state.include_subdomains); - EXPECT_FALSE(state->IsPreloadedSTS(a_www_paypal, true, &domain_state)); - EXPECT_FALSE(state->IsPreloadedSTS(abc_paypal, true, &domain_state)); - EXPECT_FALSE(state->IsPreloadedSTS(example, true, &domain_state)); - EXPECT_FALSE(state->IsPreloadedSTS(aypal, true, &domain_state)); + EXPECT_FALSE(state.IsPreloadedSTS(a_www_paypal, true, &domain_state)); + EXPECT_FALSE(state.IsPreloadedSTS(abc_paypal, true, &domain_state)); + EXPECT_FALSE(state.IsPreloadedSTS(example, true, &domain_state)); + EXPECT_FALSE(state.IsPreloadedSTS(aypal, true, &domain_state)); } TEST_F(TransportSecurityStateTest, Preloaded) { - scoped_refptr<TransportSecurityState> state( - new TransportSecurityState(std::string())); + TransportSecurityState state(""); TransportSecurityState::DomainState domain_state; - EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "paypal.com", true)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.paypal.com", true)); + EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "paypal.com", true)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "www.paypal.com", true)); EXPECT_EQ(domain_state.mode, TransportSecurityState::DomainState::MODE_STRICT); EXPECT_TRUE(domain_state.preloaded); EXPECT_FALSE(domain_state.include_subdomains); - EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "www2.paypal.com", true)); - EXPECT_FALSE(state->IsEnabledForHost(&domain_state, - "a.www.paypal.com", - true)); + EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "www2.paypal.com", true)); + EXPECT_FALSE(state.IsEnabledForHost(&domain_state, + "a.www.paypal.com", + true)); - EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "elanex.biz", true)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.elanex.biz", true)); + EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "elanex.biz", true)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "www.elanex.biz", true)); EXPECT_EQ(domain_state.mode, TransportSecurityState::DomainState::MODE_STRICT); - EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "foo.elanex.biz", true)); - EXPECT_FALSE(state->IsEnabledForHost(&domain_state, - "a.foo.elanex.biz", - true)); - - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, - "sunshinepress.org", + EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "foo.elanex.biz", true)); + EXPECT_FALSE(state.IsEnabledForHost(&domain_state, + "a.foo.elanex.biz", true)); + + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, + "sunshinepress.org", + true)); EXPECT_EQ(domain_state.mode, TransportSecurityState::DomainState::MODE_STRICT); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, - "www.sunshinepress.org", - true)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, - "a.b.sunshinepress.org", - true)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, + "www.sunshinepress.org", + true)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, + "a.b.sunshinepress.org", + true)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, - "www.noisebridge.net", + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, + "www.noisebridge.net", + true)); + EXPECT_FALSE(state.IsEnabledForHost(&domain_state, + "noisebridge.net", + true)); + EXPECT_FALSE(state.IsEnabledForHost(&domain_state, + "foo.noisebridge.net", true)); - EXPECT_FALSE(state->IsEnabledForHost(&domain_state, - "noisebridge.net", - true)); - EXPECT_FALSE(state->IsEnabledForHost(&domain_state, - "foo.noisebridge.net", - true)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "neg9.org", true)); - EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "www.neg9.org", true)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "neg9.org", true)); + EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "www.neg9.org", true)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "riseup.net", true)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "foo.riseup.net", true)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "riseup.net", true)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "foo.riseup.net", true)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "factor.cc", true)); - EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "www.factor.cc", true)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "factor.cc", true)); + EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "www.factor.cc", true)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, - "members.mayfirst.org", - true)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, - "support.mayfirst.org", - true)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "id.mayfirst.org", true)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, - "lists.mayfirst.org", + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, + "members.mayfirst.org", + true)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, + "support.mayfirst.org", + true)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "id.mayfirst.org", true)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, + "lists.mayfirst.org", + true)); + EXPECT_FALSE(state.IsEnabledForHost(&domain_state, + "www.mayfirst.org", true)); - EXPECT_FALSE(state->IsEnabledForHost(&domain_state, - "www.mayfirst.org", - true)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, - "splendidbacon.com", - true)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, - "www.splendidbacon.com", - true)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, - "foo.splendidbacon.com", - true)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, + "splendidbacon.com", + true)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, + "www.splendidbacon.com", + true)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, + "foo.splendidbacon.com", + true)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, - "chrome.google.com", - true)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, - "checkout.google.com", - true)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, - "health.google.com", - true)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, - "aladdinschools.appspot.com", - true)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "ottospora.nl", true)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.ottospora.nl", true)); - - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "docs.google.com", true)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "sites.google.com", true)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "drive.google.com", true)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, - "spreadsheets.google.com", - true)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, - "appengine.google.com", - true)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, + "chrome.google.com", + true)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, + "checkout.google.com", + true)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, + "health.google.com", + true)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, + "aladdinschools.appspot.com", + true)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "ottospora.nl", true)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "www.ottospora.nl", true)); + + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "docs.google.com", true)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "sites.google.com", true)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "drive.google.com", true)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, + "spreadsheets.google.com", + true)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, + "appengine.google.com", + true)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, - "www.paycheckrecords.com", - true)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, - "market.android.com", - true)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, + "www.paycheckrecords.com", + true)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, + "market.android.com", + true)); // The domain wasn't being set, leading to a blank string in the // chrome://net-internals/#hsts UI. So test that. EXPECT_EQ(domain_state.domain, "market.android.com"); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, - "sub.market.android.com", - true)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, + "sub.market.android.com", + true)); EXPECT_EQ(domain_state.domain, "market.android.com"); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "lastpass.com", true)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.lastpass.com", true)); - EXPECT_FALSE(state->IsEnabledForHost(&domain_state, - "blog.lastpass.com", - true)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "lastpass.com", true)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "www.lastpass.com", true)); + EXPECT_FALSE(state.IsEnabledForHost(&domain_state, + "blog.lastpass.com", + true)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "keyerror.com", true)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.keyerror.com", true)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "keyerror.com", true)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "www.keyerror.com", true)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, - "encrypted.google.com", + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, + "encrypted.google.com", + true)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, + "accounts.google.com", + true)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, + "profiles.google.com", + true)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "mail.google.com", true)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, + "chatenabled.mail.google.com", + true)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, + "talkgadget.google.com", + true)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, + "hostedtalkgadget.google.com", + true)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "talk.google.com", true)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "plus.google.com", true)); + + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "entropia.de", true)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "www.entropia.de", true)); + EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "foo.entropia.de", true)); + + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, + "ssl.google-analytics.com", + true)); + + EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "www.google.com", true)); + EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "google.com", true)); + EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "www.youtube.com", true)); + EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "youtube.com", true)); + EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "i.ytimg.com", true)); + EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "ytimg.com", true)); + EXPECT_FALSE(state.IsEnabledForHost(&domain_state, + "googleusercontent.com", true)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, - "accounts.google.com", + EXPECT_FALSE(state.IsEnabledForHost(&domain_state, + "www.googleusercontent.com", true)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, - "profiles.google.com", + EXPECT_FALSE(state.IsEnabledForHost(&domain_state, + "www.google-analytics.com", true)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "mail.google.com", true)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, - "chatenabled.mail.google.com", + EXPECT_FALSE(state.IsEnabledForHost(&domain_state, + "google-analytics.com", true)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, - "talkgadget.google.com", + EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "googleapis.com", true)); + EXPECT_FALSE(state.IsEnabledForHost(&domain_state, + "googleadservices.com", true)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, - "hostedtalkgadget.google.com", + EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "googlecode.com", true)); + EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "appspot.com", true)); + EXPECT_FALSE(state.IsEnabledForHost(&domain_state, + "googlesyndication.com", true)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "talk.google.com", true)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "plus.google.com", true)); - - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "entropia.de", true)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.entropia.de", true)); - EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "foo.entropia.de", true)); - - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, - "ssl.google-analytics.com", + EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "doubleclick.net", true)); + EXPECT_FALSE(state.IsEnabledForHost(&domain_state, + "googlegroups.com", true)); - EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "www.google.com", true)); - EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "google.com", true)); - EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "www.youtube.com", true)); - EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "youtube.com", true)); - EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "i.ytimg.com", true)); - EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "ytimg.com", true)); - EXPECT_FALSE(state->IsEnabledForHost(&domain_state, - "googleusercontent.com", - true)); - EXPECT_FALSE(state->IsEnabledForHost(&domain_state, - "www.googleusercontent.com", - true)); - EXPECT_FALSE(state->IsEnabledForHost(&domain_state, - "www.google-analytics.com", - true)); - EXPECT_FALSE(state->IsEnabledForHost(&domain_state, - "google-analytics.com", - true)); - EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "googleapis.com", true)); - EXPECT_FALSE(state->IsEnabledForHost(&domain_state, - "googleadservices.com", - true)); - EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "googlecode.com", true)); - EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "appspot.com", true)); - EXPECT_FALSE(state->IsEnabledForHost(&domain_state, - "googlesyndication.com", - true)); - EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "doubleclick.net", true)); - EXPECT_FALSE(state->IsEnabledForHost(&domain_state, - "googlegroups.com", - true)); - - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "gmail.com", true)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.gmail.com", true)); - EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "m.gmail.com", true)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "googlemail.com", true)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "gmail.com", true)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "www.gmail.com", true)); + EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "m.gmail.com", true)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "googlemail.com", true)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, + "www.googlemail.com", + true)); + EXPECT_FALSE(state.IsEnabledForHost(&domain_state, + "m.googlemail.com", + true)); + EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "gmail.com", false)); + EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "www.gmail.com", false)); + EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "m.gmail.com", false)); + EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "googlemail.com", false)); + EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "www.googlemail.com", - true)); - EXPECT_FALSE(state->IsEnabledForHost(&domain_state, - "m.googlemail.com", - true)); - EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "gmail.com", false)); - EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "www.gmail.com", false)); - EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "m.gmail.com", false)); - EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "googlemail.com", false)); - EXPECT_FALSE(state->IsEnabledForHost(&domain_state, - "www.googlemail.com", - false)); - EXPECT_FALSE(state->IsEnabledForHost(&domain_state, - "m.googlemail.com", - false)); - - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "romab.com", false)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.romab.com", false)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "foo.romab.com", false)); - - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "logentries.com", false)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, - "www.logentries.com", false)); - EXPECT_FALSE(state->IsEnabledForHost(&domain_state, - "foo.logentries.com", - false)); + EXPECT_FALSE(state.IsEnabledForHost(&domain_state, + "m.googlemail.com", + false)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "stripe.com", false)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "foo.stripe.com", false)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "romab.com", false)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "www.romab.com", false)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "foo.romab.com", false)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, - "cloudsecurityalliance.org", - false)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, - "foo.cloudsecurityalliance.org", + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "logentries.com", false)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, + "www.logentries.com", + false)); + EXPECT_FALSE(state.IsEnabledForHost(&domain_state, + "foo.logentries.com", false)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, - "login.sapo.pt", - false)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, - "foo.login.sapo.pt", - false)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "stripe.com", false)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "foo.stripe.com", false)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, - "mattmccutchen.net", - false)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, - "foo.mattmccutchen.net", - false)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, + "cloudsecurityalliance.org", + false)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, + "foo.cloudsecurityalliance.org", + false)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, - "betnet.fr", - false)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, - "foo.betnet.fr", - false)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, + "login.sapo.pt", + false)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, + "foo.login.sapo.pt", + false)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, - "uprotect.it", - false)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, - "foo.uprotect.it", - false)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, + "mattmccutchen.net", + false)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, + "foo.mattmccutchen.net", + false)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, - "squareup.com", - false)); - EXPECT_FALSE(state->IsEnabledForHost(&domain_state, - "foo.squareup.com", - false)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, + "betnet.fr", + false)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, + "foo.betnet.fr", + false)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, - "cert.se", - false)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, - "foo.cert.se", - false)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, + "uprotect.it", + false)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, + "foo.uprotect.it", + false)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, - "crypto.is", - false)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, - "foo.crypto.is", + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, + "squareup.com", + false)); + EXPECT_FALSE(state.IsEnabledForHost(&domain_state, + "foo.squareup.com", false)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, - "simon.butcher.name", - false)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, - "foo.simon.butcher.name", - false)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, + "cert.se", + false)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, + "foo.cert.se", + false)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, - "linx.net", - false)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, - "foo.linx.net", - false)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, + "crypto.is", + false)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, + "foo.crypto.is", + false)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, - "dropcam.com", - false)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, - "foo.dropcam.com", - false)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, + "simon.butcher.name", + false)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, + "foo.simon.butcher.name", + false)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, - "ebanking.indovinabank.com.vn", - false)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, - "foo.ebanking.indovinabank.com.vn", - false)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, + "linx.net", + false)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, + "foo.linx.net", + false)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, - "epoxate.com", - false)); - EXPECT_FALSE(state->IsEnabledForHost(&domain_state, - "foo.epoxate.com", - false)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, + "dropcam.com", + false)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, + "foo.dropcam.com", + false)); + + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, + "ebanking.indovinabank.com.vn", + false)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, + "foo.ebanking.indovinabank.com.vn", + false)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, - "torproject.org", + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, + "epoxate.com", + false)); + EXPECT_FALSE(state.IsEnabledForHost(&domain_state, + "foo.epoxate.com", false)); + + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, + "torproject.org", + false)); EXPECT_TRUE(domain_state.public_key_hashes.size() != 0); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, - "www.torproject.org", - false)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, + "www.torproject.org", + false)); EXPECT_TRUE(domain_state.public_key_hashes.size() != 0); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, - "check.torproject.org", - false)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, + "check.torproject.org", + false)); EXPECT_TRUE(domain_state.public_key_hashes.size() != 0); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, - "blog.torproject.org", - false)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, + "blog.torproject.org", + false)); EXPECT_TRUE(domain_state.public_key_hashes.size() != 0); - EXPECT_FALSE(state->IsEnabledForHost(&domain_state, - "foo.torproject.org", - false)); - - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, - "www.moneybookers.com", + EXPECT_FALSE(state.IsEnabledForHost(&domain_state, + "foo.torproject.org", false)); - EXPECT_FALSE(state->IsEnabledForHost(&domain_state, + + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, + "www.moneybookers.com", + false)); + EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "moneybookers.com", false)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, - "ledgerscope.net", - false)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, - "www.ledgerscope.net", + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, + "ledgerscope.net", + false)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, + "www.ledgerscope.net", + false)); + EXPECT_FALSE(state.IsEnabledForHost(&domain_state, + "status.ledgerscope.net", false)); - EXPECT_FALSE(state->IsEnabledForHost(&domain_state, - "status.ledgerscope.net", - false)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, - "kyps.net", - false)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, - "www.kyps.net", + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, + "kyps.net", + false)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, + "www.kyps.net", + false)); + EXPECT_FALSE(state.IsEnabledForHost(&domain_state, + "foo.kyps.net", false)); - EXPECT_FALSE(state->IsEnabledForHost(&domain_state, - "foo.kyps.net", - false)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, - "foo.app.recurly.com", - false)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, - "foo.api.recurly.com", - false)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, + "foo.app.recurly.com", + false)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, + "foo.api.recurly.com", + false)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, - "greplin.com", - false)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, - "www.greplin.com", + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, + "greplin.com", + false)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, + "www.greplin.com", + false)); + EXPECT_FALSE(state.IsEnabledForHost(&domain_state, + "foo.greplin.com", false)); - EXPECT_FALSE(state->IsEnabledForHost(&domain_state, - "foo.greplin.com", - false)); } TEST_F(TransportSecurityStateTest, LongNames) { - scoped_refptr<TransportSecurityState> state( - new TransportSecurityState(std::string())); + TransportSecurityState state(""); const char kLongName[] = "lookupByWaveIdHashAndWaveIdIdAndWaveIdDomainAndWaveletIdIdAnd" "WaveletIdDomainAndBlipBlipid"; TransportSecurityState::DomainState domain_state; // Just checks that we don't hit a NOTREACHED. - EXPECT_FALSE(state->IsEnabledForHost(&domain_state, kLongName, true)); + EXPECT_FALSE(state.IsEnabledForHost(&domain_state, kLongName, true)); } TEST_F(TransportSecurityStateTest, PublicKeyHashes) { - scoped_refptr<TransportSecurityState> state( - new TransportSecurityState(std::string())); - + TransportSecurityState state(""); TransportSecurityState::DomainState domain_state; - EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "example.com", false)); + EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "example.com", false)); std::vector<SHA1Fingerprint> hashes; EXPECT_TRUE(domain_state.IsChainOfPublicKeysPermitted(hashes)); @@ -743,161 +726,154 @@ TEST_F(TransportSecurityStateTest, PublicKeyHashes) { const base::Time current_time(base::Time::Now()); const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); domain_state.expiry = expiry; - state->EnableHost("example.com", domain_state); + state.EnableHost("example.com", domain_state); std::string ser; - EXPECT_TRUE(state->Serialise(&ser)); + EXPECT_TRUE(state.Serialise(&ser)); bool dirty; - EXPECT_TRUE(state->LoadEntries(ser, &dirty)); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "example.com", false)); + EXPECT_TRUE(state.LoadEntries(ser, &dirty)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "example.com", false)); EXPECT_EQ(1u, domain_state.public_key_hashes.size()); EXPECT_TRUE(0 == memcmp(domain_state.public_key_hashes[0].data, hash.data, sizeof(hash.data))); } TEST_F(TransportSecurityStateTest, BuiltinCertPins) { - scoped_refptr<TransportSecurityState> state( - new TransportSecurityState(std::string())); - + TransportSecurityState state(""); TransportSecurityState::DomainState domain_state; - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, - "chrome.google.com", - true)); - EXPECT_TRUE(state->HasPinsForHost(&domain_state, "chrome.google.com", true)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, + "chrome.google.com", + true)); + EXPECT_TRUE(state.HasPinsForHost(&domain_state, "chrome.google.com", true)); std::vector<SHA1Fingerprint> hashes; // This essential checks that a built-in list does exist. EXPECT_FALSE(domain_state.IsChainOfPublicKeysPermitted(hashes)); - EXPECT_FALSE(state->HasPinsForHost(&domain_state, "www.paypal.com", true)); - EXPECT_FALSE(state->HasPinsForHost(&domain_state, "twitter.com", true)); - - EXPECT_TRUE(state->HasPinsForHost(&domain_state, "docs.google.com", true)); - EXPECT_TRUE(state->HasPinsForHost(&domain_state, "1.docs.google.com", true)); - EXPECT_TRUE(state->HasPinsForHost(&domain_state, "sites.google.com", true)); - EXPECT_TRUE(state->HasPinsForHost(&domain_state, "drive.google.com", true)); - EXPECT_TRUE(state->HasPinsForHost(&domain_state, - "spreadsheets.google.com", - true)); - EXPECT_TRUE(state->HasPinsForHost(&domain_state, "health.google.com", true)); - EXPECT_TRUE(state->HasPinsForHost(&domain_state, - "checkout.google.com", - true)); - EXPECT_TRUE(state->HasPinsForHost(&domain_state, - "appengine.google.com", - true)); - EXPECT_TRUE(state->HasPinsForHost(&domain_state, "market.android.com", true)); - EXPECT_TRUE(state->HasPinsForHost(&domain_state, - "encrypted.google.com", - true)); - EXPECT_TRUE(state->HasPinsForHost(&domain_state, - "accounts.google.com", - true)); - EXPECT_TRUE(state->HasPinsForHost(&domain_state, - "profiles.google.com", - true)); - EXPECT_TRUE(state->HasPinsForHost(&domain_state, "mail.google.com", true)); - EXPECT_TRUE(state->HasPinsForHost(&domain_state, - "chatenabled.mail.google.com", - true)); - EXPECT_TRUE(state->HasPinsForHost(&domain_state, - "talkgadget.google.com", - true)); - EXPECT_TRUE(state->HasPinsForHost(&domain_state, - "hostedtalkgadget.google.com", - true)); - EXPECT_TRUE(state->HasPinsForHost(&domain_state, "talk.google.com", true)); - EXPECT_TRUE(state->HasPinsForHost(&domain_state, "plus.google.com", true)); - EXPECT_TRUE(state->HasPinsForHost(&domain_state, "ssl.gstatic.com", true)); - EXPECT_FALSE(state->HasPinsForHost(&domain_state, "www.gstatic.com", true)); - EXPECT_TRUE(state->HasPinsForHost(&domain_state, - "ssl.google-analytics.com", - true)); + EXPECT_FALSE(state.HasPinsForHost(&domain_state, "www.paypal.com", true)); + EXPECT_FALSE(state.HasPinsForHost(&domain_state, "twitter.com", true)); + + EXPECT_TRUE(state.HasPinsForHost(&domain_state, "docs.google.com", true)); + EXPECT_TRUE(state.HasPinsForHost(&domain_state, "1.docs.google.com", true)); + EXPECT_TRUE(state.HasPinsForHost(&domain_state, "sites.google.com", true)); + EXPECT_TRUE(state.HasPinsForHost(&domain_state, "drive.google.com", true)); + EXPECT_TRUE(state.HasPinsForHost(&domain_state, + "spreadsheets.google.com", + true)); + EXPECT_TRUE(state.HasPinsForHost(&domain_state, "health.google.com", true)); + EXPECT_TRUE(state.HasPinsForHost(&domain_state, + "checkout.google.com", + true)); + EXPECT_TRUE(state.HasPinsForHost(&domain_state, + "appengine.google.com", + true)); + EXPECT_TRUE(state.HasPinsForHost(&domain_state, "market.android.com", true)); + EXPECT_TRUE(state.HasPinsForHost(&domain_state, + "encrypted.google.com", + true)); + EXPECT_TRUE(state.HasPinsForHost(&domain_state, + "accounts.google.com", + true)); + EXPECT_TRUE(state.HasPinsForHost(&domain_state, + "profiles.google.com", + true)); + EXPECT_TRUE(state.HasPinsForHost(&domain_state, "mail.google.com", true)); + EXPECT_TRUE(state.HasPinsForHost(&domain_state, + "chatenabled.mail.google.com", + true)); + EXPECT_TRUE(state.HasPinsForHost(&domain_state, + "talkgadget.google.com", + true)); + EXPECT_TRUE(state.HasPinsForHost(&domain_state, + "hostedtalkgadget.google.com", + true)); + EXPECT_TRUE(state.HasPinsForHost(&domain_state, "talk.google.com", true)); + EXPECT_TRUE(state.HasPinsForHost(&domain_state, "plus.google.com", true)); + EXPECT_TRUE(state.HasPinsForHost(&domain_state, "ssl.gstatic.com", true)); + EXPECT_FALSE(state.HasPinsForHost(&domain_state, "www.gstatic.com", true)); + EXPECT_TRUE(state.HasPinsForHost(&domain_state, + "ssl.google-analytics.com", + true)); } TEST_F(TransportSecurityStateTest, OptionalHSTSCertPins) { - scoped_refptr<TransportSecurityState> state( - new TransportSecurityState(std::string())); - + TransportSecurityState state(""); TransportSecurityState::DomainState domain_state; - EXPECT_FALSE(state->IsEnabledForHost(&domain_state, - "www.google-analytics.com", - false)); - EXPECT_FALSE(state->IsEnabledForHost(&domain_state, - "www.google-analytics.com", - true)); - EXPECT_FALSE(state->HasPinsForHost(&domain_state, - "www.google-analytics.com", - false)); - EXPECT_TRUE(state->HasPinsForHost(&domain_state, + EXPECT_FALSE(state.IsEnabledForHost(&domain_state, + "www.google-analytics.com", + false)); + EXPECT_FALSE(state.IsEnabledForHost(&domain_state, + "www.google-analytics.com", + true)); + EXPECT_FALSE(state.HasPinsForHost(&domain_state, "www.google-analytics.com", + false)); + EXPECT_TRUE(state.HasPinsForHost(&domain_state, + "www.google-analytics.com", + true)); + EXPECT_TRUE(state.HasPinsForHost(&domain_state, "google.com", true)); + EXPECT_TRUE(state.HasPinsForHost(&domain_state, "www.google.com", true)); + EXPECT_TRUE(state.HasPinsForHost(&domain_state, + "mail-attachment.googleusercontent.com", + true)); + EXPECT_TRUE(state.HasPinsForHost(&domain_state, "www.youtube.com", true)); + EXPECT_TRUE(state.HasPinsForHost(&domain_state, "i.ytimg.com", true)); + EXPECT_TRUE(state.HasPinsForHost(&domain_state, "googleapis.com", true)); + EXPECT_TRUE(state.HasPinsForHost(&domain_state, + "ajax.googleapis.com", + true)); + EXPECT_TRUE(state.HasPinsForHost(&domain_state, + "googleadservices.com", + true)); + EXPECT_TRUE(state.HasPinsForHost(&domain_state, + "pagead2.googleadservices.com", + true)); + EXPECT_TRUE(state.HasPinsForHost(&domain_state, "googlecode.com", true)); + EXPECT_TRUE(state.HasPinsForHost(&domain_state, + "kibbles.googlecode.com", + true)); + EXPECT_TRUE(state.HasPinsForHost(&domain_state, "appspot.com", true)); + EXPECT_TRUE(state.HasPinsForHost(&domain_state, + "googlesyndication.com", + true)); + EXPECT_TRUE(state.HasPinsForHost(&domain_state, "doubleclick.net", true)); + EXPECT_TRUE(state.HasPinsForHost(&domain_state, "ad.doubleclick.net", true)); + EXPECT_FALSE(state.HasPinsForHost(&domain_state, + "learn.doubleclick.net", true)); - EXPECT_TRUE(state->HasPinsForHost(&domain_state, "google.com", true)); - EXPECT_TRUE(state->HasPinsForHost(&domain_state, "www.google.com", true)); - EXPECT_TRUE(state->HasPinsForHost(&domain_state, - "mail-attachment.googleusercontent.com", - true)); - EXPECT_TRUE(state->HasPinsForHost(&domain_state, "www.youtube.com", true)); - EXPECT_TRUE(state->HasPinsForHost(&domain_state, "i.ytimg.com", true)); - EXPECT_TRUE(state->HasPinsForHost(&domain_state, "googleapis.com", true)); - EXPECT_TRUE(state->HasPinsForHost(&domain_state, - "ajax.googleapis.com", - true)); - EXPECT_TRUE(state->HasPinsForHost(&domain_state, - "googleadservices.com", - true)); - EXPECT_TRUE(state->HasPinsForHost(&domain_state, - "pagead2.googleadservices.com", - true)); - EXPECT_TRUE(state->HasPinsForHost(&domain_state, "googlecode.com", true)); - EXPECT_TRUE(state->HasPinsForHost(&domain_state, - "kibbles.googlecode.com", - true)); - EXPECT_TRUE(state->HasPinsForHost(&domain_state, "appspot.com", true)); - EXPECT_TRUE(state->HasPinsForHost(&domain_state, - "googlesyndication.com", - true)); - EXPECT_TRUE(state->HasPinsForHost(&domain_state, "doubleclick.net", true)); - EXPECT_TRUE(state->HasPinsForHost(&domain_state, "ad.doubleclick.net", true)); - EXPECT_FALSE(state->HasPinsForHost(&domain_state, - "learn.doubleclick.net", - true)); - EXPECT_TRUE(state->HasPinsForHost(&domain_state, "a.googlegroups.com", true)); - EXPECT_FALSE(state->HasPinsForHost(&domain_state, - "a.googlegroups.com", - false)); + EXPECT_TRUE(state.HasPinsForHost(&domain_state, "a.googlegroups.com", true)); + EXPECT_FALSE(state.HasPinsForHost(&domain_state, + "a.googlegroups.com", + false)); } TEST_F(TransportSecurityStateTest, ForcePreloads) { // This is a docs.google.com override. std::string preload("{" - "\"4AGT3lHihuMSd5rUj7B4u6At0jlSH3HFePovjPR+oLE=\": {" - "\"created\": 0.0," - "\"expiry\": 2000000000.0," - "\"include_subdomains\": false," - "\"mode\": \"none\"" - "}}"); - - scoped_refptr<TransportSecurityState> state( - new TransportSecurityState(preload)); + "\"4AGT3lHihuMSd5rUj7B4u6At0jlSH3HFePovjPR+oLE=\": {" + "\"created\": 0.0," + "\"expiry\": 2000000000.0," + "\"include_subdomains\": false," + "\"mode\": \"none\"" + "}}"); + + TransportSecurityState state(preload); TransportSecurityState::DomainState domain_state; - EXPECT_FALSE(state->HasPinsForHost(&domain_state, "docs.google.com", true)); - EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "docs.google.com", true)); + EXPECT_FALSE(state.HasPinsForHost(&domain_state, "docs.google.com", true)); + EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "docs.google.com", true)); } TEST_F(TransportSecurityStateTest, OverrideBuiltins) { - scoped_refptr<TransportSecurityState> state( - new TransportSecurityState(std::string())); - + TransportSecurityState state(""); TransportSecurityState::DomainState domain_state; - EXPECT_TRUE(state->HasPinsForHost(&domain_state, "google.com", true)); - EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "google.com", true)); - EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "www.google.com", true)); + EXPECT_TRUE(state.HasPinsForHost(&domain_state, "google.com", true)); + EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "google.com", true)); + EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "www.google.com", true)); domain_state = TransportSecurityState::DomainState(); const base::Time current_time(base::Time::Now()); const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); domain_state.expiry = expiry; - state->EnableHost("www.google.com", domain_state); + state.EnableHost("www.google.com", domain_state); - EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.google.com", true)); + EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "www.google.com", true)); } static const uint8 kSidePinLeafSPKI[] = { diff --git a/net/url_request/url_request_context.h b/net/url_request/url_request_context.h index eb2f61f..35c4a82 100644 --- a/net/url_request/url_request_context.h +++ b/net/url_request/url_request_context.h @@ -214,7 +214,7 @@ class NET_EXPORT URLRequestContext scoped_refptr<SSLConfigService> ssl_config_service_; NetworkDelegate* network_delegate_; scoped_refptr<CookieStore> cookie_store_; - scoped_refptr<TransportSecurityState> transport_security_state_; + TransportSecurityState* transport_security_state_; scoped_ptr<FtpAuthCache> ftp_auth_cache_; std::string accept_language_; std::string accept_charset_; diff --git a/net/url_request/url_request_context_storage.cc b/net/url_request/url_request_context_storage.cc index 8e0464d..e555987 100644 --- a/net/url_request/url_request_context_storage.cc +++ b/net/url_request/url_request_context_storage.cc @@ -93,7 +93,7 @@ void URLRequestContextStorage::set_cookie_store(CookieStore* cookie_store) { void URLRequestContextStorage::set_transport_security_state( TransportSecurityState* transport_security_state) { context_->set_transport_security_state(transport_security_state); - transport_security_state_ = transport_security_state; + transport_security_state_.reset(transport_security_state); } void URLRequestContextStorage::set_http_transaction_factory( diff --git a/net/url_request/url_request_context_storage.h b/net/url_request/url_request_context_storage.h index 0c93f0f..a7583d1 100644 --- a/net/url_request/url_request_context_storage.h +++ b/net/url_request/url_request_context_storage.h @@ -83,7 +83,7 @@ class NET_EXPORT URLRequestContextStorage { scoped_refptr<SSLConfigService> ssl_config_service_; scoped_ptr<NetworkDelegate> network_delegate_; scoped_refptr<CookieStore> cookie_store_; - scoped_refptr<TransportSecurityState> transport_security_state_; + scoped_ptr<TransportSecurityState> transport_security_state_; scoped_ptr<HttpTransactionFactory> http_transaction_factory_; scoped_ptr<FtpTransactionFactory> ftp_transaction_factory_; diff --git a/net/websockets/websocket_job_unittest.cc b/net/websockets/websocket_job_unittest.cc index 3555014..9a1a8bc 100644 --- a/net/websockets/websocket_job_unittest.cc +++ b/net/websockets/websocket_job_unittest.cc @@ -228,20 +228,20 @@ class MockSSLConfigService : public net::SSLConfigService { class MockURLRequestContext : public net::URLRequestContext { public: - explicit MockURLRequestContext(net::CookieStore* cookie_store) { + explicit MockURLRequestContext(net::CookieStore* cookie_store) + : transport_security_state_(std::string()) { set_cookie_store(cookie_store); - transport_security_state_ = new net::TransportSecurityState(std::string()); - set_transport_security_state(transport_security_state_.get()); + set_transport_security_state(&transport_security_state_); net::TransportSecurityState::DomainState state; state.expiry = base::Time::Now() + base::TimeDelta::FromSeconds(1000); - transport_security_state_->EnableHost("upgrademe.com", state); + transport_security_state_.EnableHost("upgrademe.com", state); } private: friend class base::RefCountedThreadSafe<MockURLRequestContext>; virtual ~MockURLRequestContext() {} - scoped_refptr<net::TransportSecurityState> transport_security_state_; + net::TransportSecurityState transport_security_state_; }; class MockHttpTransactionFactory : public net::HttpTransactionFactory { |