summaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
Diffstat (limited to 'net')
-rw-r--r--net/base/transport_security_state.cc32
-rw-r--r--net/base/transport_security_state.h36
-rw-r--r--net/base/transport_security_state_unittest.cc1010
-rw-r--r--net/url_request/url_request_context.h2
-rw-r--r--net/url_request/url_request_context_storage.cc2
-rw-r--r--net/url_request/url_request_context_storage.h2
-rw-r--r--net/websockets/websocket_job_unittest.cc10
7 files changed, 543 insertions, 551 deletions
diff --git a/net/base/transport_security_state.cc b/net/base/transport_security_state.cc
index c0ba4e2..fd6f11b 100644
--- a/net/base/transport_security_state.cc
+++ b/net/base/transport_security_state.cc
@@ -49,8 +49,15 @@ static std::string HashHost(const std::string& canonicalized_host) {
return std::string(hashed, sizeof(hashed));
}
+void TransportSecurityState::SetDelegate(
+ TransportSecurityState::Delegate* delegate) {
+ delegate_ = delegate;
+}
+
void TransportSecurityState::EnableHost(const std::string& host,
const DomainState& state) {
+ DCHECK(CalledOnValidThread());
+
const std::string canonicalized_host = CanonicalizeHost(host);
if (canonicalized_host.empty())
return;
@@ -79,6 +86,8 @@ void TransportSecurityState::EnableHost(const std::string& host,
}
bool TransportSecurityState::DeleteHost(const std::string& host) {
+ DCHECK(CalledOnValidThread());
+
const std::string canonicalized_host = CanonicalizeHost(host);
if (canonicalized_host.empty())
return false;
@@ -96,6 +105,8 @@ bool TransportSecurityState::DeleteHost(const std::string& host) {
bool TransportSecurityState::HasPinsForHost(DomainState* result,
const std::string& host,
bool sni_available) {
+ DCHECK(CalledOnValidThread());
+
return HasMetadata(result, host, sni_available) &&
!result->public_key_hashes.empty();
}
@@ -103,6 +114,8 @@ bool TransportSecurityState::HasPinsForHost(DomainState* result,
bool TransportSecurityState::IsEnabledForHost(DomainState* result,
const std::string& host,
bool sni_available) {
+ DCHECK(CalledOnValidThread());
+
return HasMetadata(result, host, sni_available) &&
result->mode != DomainState::MODE_NONE;
}
@@ -110,6 +123,8 @@ bool TransportSecurityState::IsEnabledForHost(DomainState* result,
bool TransportSecurityState::HasMetadata(DomainState* result,
const std::string& host,
bool sni_available) {
+ DCHECK(CalledOnValidThread());
+
*result = DomainState();
const std::string canonicalized_host = CanonicalizeHost(host);
@@ -154,6 +169,8 @@ bool TransportSecurityState::HasMetadata(DomainState* result,
}
void TransportSecurityState::DeleteSince(const base::Time& time) {
+ DCHECK(CalledOnValidThread());
+
bool dirtied = false;
std::map<std::string, DomainState>::iterator i = enabled_hosts_.begin();
@@ -190,6 +207,8 @@ static bool MaxAgeToInt(std::string::const_iterator begin,
// "Strict-Transport-Security" ":"
// "max-age" "=" delta-seconds [ ";" "includeSubDomains" ]
+//
+// static
bool TransportSecurityState::ParseHeader(const std::string& value,
int* max_age,
bool* include_subdomains) {
@@ -501,11 +520,6 @@ bool TransportSecurityState::ParseSidePin(
return have_parsed_a_key;
}
-void TransportSecurityState::SetDelegate(
- TransportSecurityState::Delegate* delegate) {
- delegate_ = delegate;
-}
-
// This function converts the binary hashes, which we store in
// |enabled_hosts_|, to a base64 string which we can include in a JSON file.
static std::string HashedDomainToExternalString(const std::string& hashed) {
@@ -527,6 +541,8 @@ static std::string ExternalStringToHashedDomain(const std::string& external) {
}
bool TransportSecurityState::Serialise(std::string* output) {
+ DCHECK(CalledOnValidThread());
+
DictionaryValue toplevel;
for (std::map<std::string, DomainState>::const_iterator
i = enabled_hosts_.begin(); i != enabled_hosts_.end(); ++i) {
@@ -569,6 +585,8 @@ bool TransportSecurityState::Serialise(std::string* output) {
bool TransportSecurityState::LoadEntries(const std::string& input,
bool* dirty) {
+ DCHECK(CalledOnValidThread());
+
enabled_hosts_.clear();
return Deserialise(input, dirty, &enabled_hosts_);
}
@@ -683,6 +701,8 @@ TransportSecurityState::~TransportSecurityState() {
}
void TransportSecurityState::DirtyNotify() {
+ DCHECK(CalledOnValidThread());
+
if (delegate_)
delegate_->StateIsDirty(this);
}
@@ -766,6 +786,8 @@ bool TransportSecurityState::IsPreloadedSTS(
const std::string& canonicalized_host,
bool sni_available,
DomainState* out) {
+ DCHECK(CalledOnValidThread());
+
out->preloaded = true;
out->mode = DomainState::MODE_STRICT;
out->include_subdomains = false;
diff --git a/net/base/transport_security_state.h b/net/base/transport_security_state.h
index d5d2e4d..ad4c7da 100644
--- a/net/base/transport_security_state.h
+++ b/net/base/transport_security_state.h
@@ -12,7 +12,7 @@
#include "base/basictypes.h"
#include "base/gtest_prod_util.h"
-#include "base/memory/ref_counted.h"
+#include "base/threading/non_thread_safe.h"
#include "base/time.h"
#include "net/base/net_export.h"
#include "net/base/x509_cert_types.h"
@@ -24,16 +24,13 @@ namespace net {
// Tracks which hosts have enabled *-Transport-Security. This object manages
// the in-memory store. A separate object must register itself with this object
// in order to persist the state to disk.
-//
-// TODO(phajdan.jr): Convert this to non-thread-safe non-ref-counted
-// for simplicity.
-class NET_EXPORT TransportSecurityState :
- public base::RefCountedThreadSafe<TransportSecurityState> {
+class NET_EXPORT TransportSecurityState : public base::NonThreadSafe {
public:
// If non-empty, |hsts_hosts| is a JSON-formatted string to treat as if it
// were a built-in entry (same format as persisted metadata in the
// TransportSecurityState file).
explicit TransportSecurityState(const std::string& hsts_hosts);
+ ~TransportSecurityState();
// A DomainState is the information that we persist about a given domain.
struct NET_EXPORT DomainState {
@@ -74,6 +71,18 @@ class NET_EXPORT TransportSecurityState :
std::string domain; // the domain which matched
};
+ class Delegate {
+ public:
+ // This function may not block and may be called with internal locks held.
+ // Thus it must not reenter the TransportSecurityState object.
+ virtual void StateIsDirty(TransportSecurityState* state) = 0;
+
+ protected:
+ virtual ~Delegate() {}
+ };
+
+ void SetDelegate(Delegate*);
+
// Enable TransportSecurity for |host|.
void EnableHost(const std::string& host, const DomainState& state);
@@ -123,18 +132,6 @@ class NET_EXPORT TransportSecurityState :
const base::StringPiece& side_info,
std::vector<SHA1Fingerprint> *out_pub_key_hash);
- class Delegate {
- public:
- // This function may not block and may be called with internal locks held.
- // Thus it must not reenter the TransportSecurityState object.
- virtual void StateIsDirty(TransportSecurityState* state) = 0;
-
- protected:
- virtual ~Delegate() {}
- };
-
- void SetDelegate(Delegate*);
-
bool Serialise(std::string* output);
// Existing non-preloaded entries are cleared and repopulated from the
// passed JSON string.
@@ -144,11 +141,8 @@ class NET_EXPORT TransportSecurityState :
static const long int kMaxHSTSAgeSecs;
private:
- friend class base::RefCountedThreadSafe<TransportSecurityState>;
FRIEND_TEST_ALL_PREFIXES(TransportSecurityStateTest, IsPreloaded);
- ~TransportSecurityState();
-
// If we have a callback configured, call it to let our serialiser know that
// our state is dirty.
void DirtyNotify();
diff --git a/net/base/transport_security_state_unittest.cc b/net/base/transport_security_state_unittest.cc
index 263e29a..11c6edf 100644
--- a/net/base/transport_security_state_unittest.cc
+++ b/net/base/transport_security_state_unittest.cc
@@ -142,168 +142,155 @@ TEST_F(TransportSecurityStateTest, ValidHeaders) {
}
TEST_F(TransportSecurityStateTest, SimpleMatches) {
- scoped_refptr<TransportSecurityState> state(
- new TransportSecurityState(std::string()));
+ TransportSecurityState state("");
TransportSecurityState::DomainState domain_state;
const base::Time current_time(base::Time::Now());
const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "yahoo.com", true));
+ EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "yahoo.com", true));
domain_state.expiry = expiry;
- state->EnableHost("yahoo.com", domain_state);
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "yahoo.com", true));
+ state.EnableHost("yahoo.com", domain_state);
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "yahoo.com", true));
}
TEST_F(TransportSecurityStateTest, MatchesCase1) {
- scoped_refptr<TransportSecurityState> state(
- new TransportSecurityState(std::string()));
+ TransportSecurityState state("");
TransportSecurityState::DomainState domain_state;
const base::Time current_time(base::Time::Now());
const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "yahoo.com", true));
+ EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "yahoo.com", true));
domain_state.expiry = expiry;
- state->EnableHost("YAhoo.coM", domain_state);
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "yahoo.com", true));
+ state.EnableHost("YAhoo.coM", domain_state);
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "yahoo.com", true));
}
TEST_F(TransportSecurityStateTest, MatchesCase2) {
- scoped_refptr<TransportSecurityState> state(
- new TransportSecurityState(std::string()));
+ TransportSecurityState state("");
TransportSecurityState::DomainState domain_state;
const base::Time current_time(base::Time::Now());
const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "YAhoo.coM", true));
+ EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "YAhoo.coM", true));
domain_state.expiry = expiry;
- state->EnableHost("yahoo.com", domain_state);
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "YAhoo.coM", true));
+ state.EnableHost("yahoo.com", domain_state);
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "YAhoo.coM", true));
}
TEST_F(TransportSecurityStateTest, SubdomainMatches) {
- scoped_refptr<TransportSecurityState> state(
- new TransportSecurityState(std::string()));
+ TransportSecurityState state("");
TransportSecurityState::DomainState domain_state;
const base::Time current_time(base::Time::Now());
const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "yahoo.com", true));
+ EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "yahoo.com", true));
domain_state.expiry = expiry;
domain_state.include_subdomains = true;
- state->EnableHost("yahoo.com", domain_state);
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "yahoo.com", true));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "foo.yahoo.com", true));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "foo.bar.yahoo.com",
- true));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "foo.bar.baz.yahoo.com",
- true));
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "com", true));
+ state.EnableHost("yahoo.com", domain_state);
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "yahoo.com", true));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "foo.yahoo.com", true));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
+ "foo.bar.yahoo.com",
+ true));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
+ "foo.bar.baz.yahoo.com",
+ true));
+ EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "com", true));
}
TEST_F(TransportSecurityStateTest, Serialise1) {
- scoped_refptr<TransportSecurityState> state(
- new TransportSecurityState(std::string()));
+ TransportSecurityState state("");
std::string output;
bool dirty;
- state->Serialise(&output);
- EXPECT_TRUE(state->LoadEntries(output, &dirty));
+ state.Serialise(&output);
+ EXPECT_TRUE(state.LoadEntries(output, &dirty));
EXPECT_FALSE(dirty);
}
TEST_F(TransportSecurityStateTest, Serialise2) {
- scoped_refptr<TransportSecurityState> state(
- new TransportSecurityState(std::string()));
-
+ TransportSecurityState state("");
TransportSecurityState::DomainState domain_state;
const base::Time current_time(base::Time::Now());
const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "yahoo.com", true));
+ EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "yahoo.com", true));
domain_state.mode = TransportSecurityState::DomainState::MODE_STRICT;
domain_state.expiry = expiry;
domain_state.include_subdomains = true;
- state->EnableHost("yahoo.com", domain_state);
+ state.EnableHost("yahoo.com", domain_state);
std::string output;
bool dirty;
- state->Serialise(&output);
- EXPECT_TRUE(state->LoadEntries(output, &dirty));
+ state.Serialise(&output);
+ EXPECT_TRUE(state.LoadEntries(output, &dirty));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "yahoo.com", true));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "yahoo.com", true));
EXPECT_EQ(domain_state.mode, TransportSecurityState::DomainState::MODE_STRICT);
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "foo.yahoo.com", true));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "foo.yahoo.com", true));
EXPECT_EQ(domain_state.mode, TransportSecurityState::DomainState::MODE_STRICT);
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "foo.bar.yahoo.com",
- true));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
+ "foo.bar.yahoo.com",
+ true));
EXPECT_EQ(domain_state.mode, TransportSecurityState::DomainState::MODE_STRICT);
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "foo.bar.baz.yahoo.com",
- true));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
+ "foo.bar.baz.yahoo.com",
+ true));
EXPECT_EQ(domain_state.mode, TransportSecurityState::DomainState::MODE_STRICT);
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "com", true));
+ EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "com", true));
}
TEST_F(TransportSecurityStateTest, DeleteSince) {
- scoped_refptr<TransportSecurityState> state(
- new TransportSecurityState(std::string()));
-
+ TransportSecurityState state("");
TransportSecurityState::DomainState domain_state;
const base::Time current_time(base::Time::Now());
const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
const base::Time older = current_time - base::TimeDelta::FromSeconds(1000);
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "yahoo.com", true));
+ EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "yahoo.com", true));
domain_state.mode = TransportSecurityState::DomainState::MODE_STRICT;
domain_state.expiry = expiry;
- state->EnableHost("yahoo.com", domain_state);
+ state.EnableHost("yahoo.com", domain_state);
- state->DeleteSince(expiry);
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "yahoo.com", true));
- state->DeleteSince(older);
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "yahoo.com", true));
+ state.DeleteSince(expiry);
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "yahoo.com", true));
+ state.DeleteSince(older);
+ EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "yahoo.com", true));
}
TEST_F(TransportSecurityStateTest, DeleteHost) {
- scoped_refptr<TransportSecurityState> state(
- new TransportSecurityState(std::string()));
-
+ TransportSecurityState state("");
TransportSecurityState::DomainState domain_state;
const base::Time current_time(base::Time::Now());
const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
domain_state.mode = TransportSecurityState::DomainState::MODE_STRICT;
domain_state.expiry = expiry;
- state->EnableHost("yahoo.com", domain_state);
+ state.EnableHost("yahoo.com", domain_state);
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "yahoo.com", true));
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "example.com", true));
- EXPECT_TRUE(state->DeleteHost("yahoo.com"));
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "yahoo.com", true));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "yahoo.com", true));
+ EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "example.com", true));
+ EXPECT_TRUE(state.DeleteHost("yahoo.com"));
+ EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "yahoo.com", true));
}
TEST_F(TransportSecurityStateTest, SerialiseOld) {
- scoped_refptr<TransportSecurityState> state(
- new TransportSecurityState(std::string()));
+ TransportSecurityState state("");
// This is an old-style piece of transport state JSON, which has no creation
// date.
std::string output =
"{ "
- "\"NiyD+3J1r6z1wjl2n1ALBu94Zj9OsEAMo0kCN8js0Uk=\": {"
- "\"expiry\": 1266815027.983453, "
- "\"include_subdomains\": false, "
- "\"mode\": \"strict\" "
- "}"
+ "\"NiyD+3J1r6z1wjl2n1ALBu94Zj9OsEAMo0kCN8js0Uk=\": {"
+ "\"expiry\": 1266815027.983453, "
+ "\"include_subdomains\": false, "
+ "\"mode\": \"strict\" "
+ "}"
"}";
bool dirty;
- EXPECT_TRUE(state->LoadEntries(output, &dirty));
+ EXPECT_TRUE(state.LoadEntries(output, &dirty));
EXPECT_TRUE(dirty);
}
TEST_F(TransportSecurityStateTest, IsPreloaded) {
- scoped_refptr<TransportSecurityState> state(
- new TransportSecurityState(std::string()));
+ TransportSecurityState state("");
const std::string paypal =
TransportSecurityState::CanonicalizeHost("paypal.com");
@@ -319,414 +306,410 @@ TEST_F(TransportSecurityStateTest, IsPreloaded) {
TransportSecurityState::CanonicalizeHost("aypal.com");
TransportSecurityState::DomainState domain_state;
- EXPECT_FALSE(state->IsPreloadedSTS(paypal, true, &domain_state));
- EXPECT_TRUE(state->IsPreloadedSTS(www_paypal, true, &domain_state));
+ EXPECT_FALSE(state.IsPreloadedSTS(paypal, true, &domain_state));
+ EXPECT_TRUE(state.IsPreloadedSTS(www_paypal, true, &domain_state));
EXPECT_FALSE(domain_state.include_subdomains);
- EXPECT_FALSE(state->IsPreloadedSTS(a_www_paypal, true, &domain_state));
- EXPECT_FALSE(state->IsPreloadedSTS(abc_paypal, true, &domain_state));
- EXPECT_FALSE(state->IsPreloadedSTS(example, true, &domain_state));
- EXPECT_FALSE(state->IsPreloadedSTS(aypal, true, &domain_state));
+ EXPECT_FALSE(state.IsPreloadedSTS(a_www_paypal, true, &domain_state));
+ EXPECT_FALSE(state.IsPreloadedSTS(abc_paypal, true, &domain_state));
+ EXPECT_FALSE(state.IsPreloadedSTS(example, true, &domain_state));
+ EXPECT_FALSE(state.IsPreloadedSTS(aypal, true, &domain_state));
}
TEST_F(TransportSecurityStateTest, Preloaded) {
- scoped_refptr<TransportSecurityState> state(
- new TransportSecurityState(std::string()));
+ TransportSecurityState state("");
TransportSecurityState::DomainState domain_state;
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "paypal.com", true));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.paypal.com", true));
+ EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "paypal.com", true));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "www.paypal.com", true));
EXPECT_EQ(domain_state.mode,
TransportSecurityState::DomainState::MODE_STRICT);
EXPECT_TRUE(domain_state.preloaded);
EXPECT_FALSE(domain_state.include_subdomains);
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "www2.paypal.com", true));
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state,
- "a.www.paypal.com",
- true));
+ EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "www2.paypal.com", true));
+ EXPECT_FALSE(state.IsEnabledForHost(&domain_state,
+ "a.www.paypal.com",
+ true));
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "elanex.biz", true));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.elanex.biz", true));
+ EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "elanex.biz", true));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "www.elanex.biz", true));
EXPECT_EQ(domain_state.mode,
TransportSecurityState::DomainState::MODE_STRICT);
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "foo.elanex.biz", true));
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state,
- "a.foo.elanex.biz",
- true));
-
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "sunshinepress.org",
+ EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "foo.elanex.biz", true));
+ EXPECT_FALSE(state.IsEnabledForHost(&domain_state,
+ "a.foo.elanex.biz",
true));
+
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
+ "sunshinepress.org",
+ true));
EXPECT_EQ(domain_state.mode,
TransportSecurityState::DomainState::MODE_STRICT);
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "www.sunshinepress.org",
- true));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "a.b.sunshinepress.org",
- true));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
+ "www.sunshinepress.org",
+ true));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
+ "a.b.sunshinepress.org",
+ true));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "www.noisebridge.net",
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
+ "www.noisebridge.net",
+ true));
+ EXPECT_FALSE(state.IsEnabledForHost(&domain_state,
+ "noisebridge.net",
+ true));
+ EXPECT_FALSE(state.IsEnabledForHost(&domain_state,
+ "foo.noisebridge.net",
true));
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state,
- "noisebridge.net",
- true));
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state,
- "foo.noisebridge.net",
- true));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "neg9.org", true));
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "www.neg9.org", true));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "neg9.org", true));
+ EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "www.neg9.org", true));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "riseup.net", true));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "foo.riseup.net", true));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "riseup.net", true));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "foo.riseup.net", true));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "factor.cc", true));
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "www.factor.cc", true));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "factor.cc", true));
+ EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "www.factor.cc", true));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "members.mayfirst.org",
- true));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "support.mayfirst.org",
- true));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "id.mayfirst.org", true));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "lists.mayfirst.org",
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
+ "members.mayfirst.org",
+ true));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
+ "support.mayfirst.org",
+ true));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "id.mayfirst.org", true));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
+ "lists.mayfirst.org",
+ true));
+ EXPECT_FALSE(state.IsEnabledForHost(&domain_state,
+ "www.mayfirst.org",
true));
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state,
- "www.mayfirst.org",
- true));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "splendidbacon.com",
- true));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "www.splendidbacon.com",
- true));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "foo.splendidbacon.com",
- true));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
+ "splendidbacon.com",
+ true));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
+ "www.splendidbacon.com",
+ true));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
+ "foo.splendidbacon.com",
+ true));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "chrome.google.com",
- true));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "checkout.google.com",
- true));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "health.google.com",
- true));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "aladdinschools.appspot.com",
- true));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "ottospora.nl", true));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.ottospora.nl", true));
-
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "docs.google.com", true));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "sites.google.com", true));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "drive.google.com", true));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "spreadsheets.google.com",
- true));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "appengine.google.com",
- true));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
+ "chrome.google.com",
+ true));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
+ "checkout.google.com",
+ true));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
+ "health.google.com",
+ true));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
+ "aladdinschools.appspot.com",
+ true));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "ottospora.nl", true));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "www.ottospora.nl", true));
+
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "docs.google.com", true));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "sites.google.com", true));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "drive.google.com", true));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
+ "spreadsheets.google.com",
+ true));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
+ "appengine.google.com",
+ true));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "www.paycheckrecords.com",
- true));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "market.android.com",
- true));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
+ "www.paycheckrecords.com",
+ true));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
+ "market.android.com",
+ true));
// The domain wasn't being set, leading to a blank string in the
// chrome://net-internals/#hsts UI. So test that.
EXPECT_EQ(domain_state.domain, "market.android.com");
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "sub.market.android.com",
- true));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
+ "sub.market.android.com",
+ true));
EXPECT_EQ(domain_state.domain, "market.android.com");
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "lastpass.com", true));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.lastpass.com", true));
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state,
- "blog.lastpass.com",
- true));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "lastpass.com", true));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "www.lastpass.com", true));
+ EXPECT_FALSE(state.IsEnabledForHost(&domain_state,
+ "blog.lastpass.com",
+ true));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "keyerror.com", true));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.keyerror.com", true));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "keyerror.com", true));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "www.keyerror.com", true));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "encrypted.google.com",
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
+ "encrypted.google.com",
+ true));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
+ "accounts.google.com",
+ true));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
+ "profiles.google.com",
+ true));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "mail.google.com", true));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
+ "chatenabled.mail.google.com",
+ true));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
+ "talkgadget.google.com",
+ true));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
+ "hostedtalkgadget.google.com",
+ true));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "talk.google.com", true));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "plus.google.com", true));
+
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "entropia.de", true));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "www.entropia.de", true));
+ EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "foo.entropia.de", true));
+
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
+ "ssl.google-analytics.com",
+ true));
+
+ EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "www.google.com", true));
+ EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "google.com", true));
+ EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "www.youtube.com", true));
+ EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "youtube.com", true));
+ EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "i.ytimg.com", true));
+ EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "ytimg.com", true));
+ EXPECT_FALSE(state.IsEnabledForHost(&domain_state,
+ "googleusercontent.com",
true));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "accounts.google.com",
+ EXPECT_FALSE(state.IsEnabledForHost(&domain_state,
+ "www.googleusercontent.com",
true));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "profiles.google.com",
+ EXPECT_FALSE(state.IsEnabledForHost(&domain_state,
+ "www.google-analytics.com",
true));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "mail.google.com", true));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "chatenabled.mail.google.com",
+ EXPECT_FALSE(state.IsEnabledForHost(&domain_state,
+ "google-analytics.com",
true));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "talkgadget.google.com",
+ EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "googleapis.com", true));
+ EXPECT_FALSE(state.IsEnabledForHost(&domain_state,
+ "googleadservices.com",
true));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "hostedtalkgadget.google.com",
+ EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "googlecode.com", true));
+ EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "appspot.com", true));
+ EXPECT_FALSE(state.IsEnabledForHost(&domain_state,
+ "googlesyndication.com",
true));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "talk.google.com", true));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "plus.google.com", true));
-
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "entropia.de", true));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.entropia.de", true));
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "foo.entropia.de", true));
-
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "ssl.google-analytics.com",
+ EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "doubleclick.net", true));
+ EXPECT_FALSE(state.IsEnabledForHost(&domain_state,
+ "googlegroups.com",
true));
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "www.google.com", true));
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "google.com", true));
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "www.youtube.com", true));
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "youtube.com", true));
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "i.ytimg.com", true));
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "ytimg.com", true));
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state,
- "googleusercontent.com",
- true));
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state,
- "www.googleusercontent.com",
- true));
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state,
- "www.google-analytics.com",
- true));
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state,
- "google-analytics.com",
- true));
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "googleapis.com", true));
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state,
- "googleadservices.com",
- true));
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "googlecode.com", true));
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "appspot.com", true));
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state,
- "googlesyndication.com",
- true));
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "doubleclick.net", true));
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state,
- "googlegroups.com",
- true));
-
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "gmail.com", true));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.gmail.com", true));
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "m.gmail.com", true));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "googlemail.com", true));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "gmail.com", true));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "www.gmail.com", true));
+ EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "m.gmail.com", true));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "googlemail.com", true));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
+ "www.googlemail.com",
+ true));
+ EXPECT_FALSE(state.IsEnabledForHost(&domain_state,
+ "m.googlemail.com",
+ true));
+ EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "gmail.com", false));
+ EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "www.gmail.com", false));
+ EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "m.gmail.com", false));
+ EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "googlemail.com", false));
+ EXPECT_FALSE(state.IsEnabledForHost(&domain_state,
"www.googlemail.com",
- true));
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state,
- "m.googlemail.com",
- true));
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "gmail.com", false));
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "www.gmail.com", false));
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "m.gmail.com", false));
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "googlemail.com", false));
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state,
- "www.googlemail.com",
- false));
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state,
- "m.googlemail.com",
- false));
-
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "romab.com", false));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.romab.com", false));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "foo.romab.com", false));
-
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "logentries.com", false));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "www.logentries.com",
false));
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state,
- "foo.logentries.com",
- false));
+ EXPECT_FALSE(state.IsEnabledForHost(&domain_state,
+ "m.googlemail.com",
+ false));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "stripe.com", false));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "foo.stripe.com", false));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "romab.com", false));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "www.romab.com", false));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "foo.romab.com", false));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "cloudsecurityalliance.org",
- false));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "foo.cloudsecurityalliance.org",
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "logentries.com", false));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
+ "www.logentries.com",
+ false));
+ EXPECT_FALSE(state.IsEnabledForHost(&domain_state,
+ "foo.logentries.com",
false));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "login.sapo.pt",
- false));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "foo.login.sapo.pt",
- false));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "stripe.com", false));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "foo.stripe.com", false));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "mattmccutchen.net",
- false));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "foo.mattmccutchen.net",
- false));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
+ "cloudsecurityalliance.org",
+ false));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
+ "foo.cloudsecurityalliance.org",
+ false));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "betnet.fr",
- false));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "foo.betnet.fr",
- false));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
+ "login.sapo.pt",
+ false));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
+ "foo.login.sapo.pt",
+ false));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "uprotect.it",
- false));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "foo.uprotect.it",
- false));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
+ "mattmccutchen.net",
+ false));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
+ "foo.mattmccutchen.net",
+ false));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "squareup.com",
- false));
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state,
- "foo.squareup.com",
- false));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
+ "betnet.fr",
+ false));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
+ "foo.betnet.fr",
+ false));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "cert.se",
- false));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "foo.cert.se",
- false));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
+ "uprotect.it",
+ false));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
+ "foo.uprotect.it",
+ false));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "crypto.is",
- false));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "foo.crypto.is",
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
+ "squareup.com",
+ false));
+ EXPECT_FALSE(state.IsEnabledForHost(&domain_state,
+ "foo.squareup.com",
false));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "simon.butcher.name",
- false));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "foo.simon.butcher.name",
- false));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
+ "cert.se",
+ false));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
+ "foo.cert.se",
+ false));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "linx.net",
- false));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "foo.linx.net",
- false));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
+ "crypto.is",
+ false));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
+ "foo.crypto.is",
+ false));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "dropcam.com",
- false));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "foo.dropcam.com",
- false));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
+ "simon.butcher.name",
+ false));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
+ "foo.simon.butcher.name",
+ false));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "ebanking.indovinabank.com.vn",
- false));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "foo.ebanking.indovinabank.com.vn",
- false));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
+ "linx.net",
+ false));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
+ "foo.linx.net",
+ false));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "epoxate.com",
- false));
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state,
- "foo.epoxate.com",
- false));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
+ "dropcam.com",
+ false));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
+ "foo.dropcam.com",
+ false));
+
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
+ "ebanking.indovinabank.com.vn",
+ false));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
+ "foo.ebanking.indovinabank.com.vn",
+ false));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "torproject.org",
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
+ "epoxate.com",
+ false));
+ EXPECT_FALSE(state.IsEnabledForHost(&domain_state,
+ "foo.epoxate.com",
false));
+
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
+ "torproject.org",
+ false));
EXPECT_TRUE(domain_state.public_key_hashes.size() != 0);
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "www.torproject.org",
- false));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
+ "www.torproject.org",
+ false));
EXPECT_TRUE(domain_state.public_key_hashes.size() != 0);
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "check.torproject.org",
- false));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
+ "check.torproject.org",
+ false));
EXPECT_TRUE(domain_state.public_key_hashes.size() != 0);
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "blog.torproject.org",
- false));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
+ "blog.torproject.org",
+ false));
EXPECT_TRUE(domain_state.public_key_hashes.size() != 0);
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state,
- "foo.torproject.org",
- false));
-
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "www.moneybookers.com",
+ EXPECT_FALSE(state.IsEnabledForHost(&domain_state,
+ "foo.torproject.org",
false));
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state,
+
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
+ "www.moneybookers.com",
+ false));
+ EXPECT_FALSE(state.IsEnabledForHost(&domain_state,
"moneybookers.com",
false));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "ledgerscope.net",
- false));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "www.ledgerscope.net",
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
+ "ledgerscope.net",
+ false));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
+ "www.ledgerscope.net",
+ false));
+ EXPECT_FALSE(state.IsEnabledForHost(&domain_state,
+ "status.ledgerscope.net",
false));
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state,
- "status.ledgerscope.net",
- false));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "kyps.net",
- false));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "www.kyps.net",
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
+ "kyps.net",
+ false));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
+ "www.kyps.net",
+ false));
+ EXPECT_FALSE(state.IsEnabledForHost(&domain_state,
+ "foo.kyps.net",
false));
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state,
- "foo.kyps.net",
- false));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "foo.app.recurly.com",
- false));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "foo.api.recurly.com",
- false));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
+ "foo.app.recurly.com",
+ false));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
+ "foo.api.recurly.com",
+ false));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "greplin.com",
- false));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "www.greplin.com",
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
+ "greplin.com",
+ false));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
+ "www.greplin.com",
+ false));
+ EXPECT_FALSE(state.IsEnabledForHost(&domain_state,
+ "foo.greplin.com",
false));
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state,
- "foo.greplin.com",
- false));
}
TEST_F(TransportSecurityStateTest, LongNames) {
- scoped_refptr<TransportSecurityState> state(
- new TransportSecurityState(std::string()));
+ TransportSecurityState state("");
const char kLongName[] =
"lookupByWaveIdHashAndWaveIdIdAndWaveIdDomainAndWaveletIdIdAnd"
"WaveletIdDomainAndBlipBlipid";
TransportSecurityState::DomainState domain_state;
// Just checks that we don't hit a NOTREACHED.
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state, kLongName, true));
+ EXPECT_FALSE(state.IsEnabledForHost(&domain_state, kLongName, true));
}
TEST_F(TransportSecurityStateTest, PublicKeyHashes) {
- scoped_refptr<TransportSecurityState> state(
- new TransportSecurityState(std::string()));
-
+ TransportSecurityState state("");
TransportSecurityState::DomainState domain_state;
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "example.com", false));
+ EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "example.com", false));
std::vector<SHA1Fingerprint> hashes;
EXPECT_TRUE(domain_state.IsChainOfPublicKeysPermitted(hashes));
@@ -743,161 +726,154 @@ TEST_F(TransportSecurityStateTest, PublicKeyHashes) {
const base::Time current_time(base::Time::Now());
const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
domain_state.expiry = expiry;
- state->EnableHost("example.com", domain_state);
+ state.EnableHost("example.com", domain_state);
std::string ser;
- EXPECT_TRUE(state->Serialise(&ser));
+ EXPECT_TRUE(state.Serialise(&ser));
bool dirty;
- EXPECT_TRUE(state->LoadEntries(ser, &dirty));
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "example.com", false));
+ EXPECT_TRUE(state.LoadEntries(ser, &dirty));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "example.com", false));
EXPECT_EQ(1u, domain_state.public_key_hashes.size());
EXPECT_TRUE(0 == memcmp(domain_state.public_key_hashes[0].data, hash.data,
sizeof(hash.data)));
}
TEST_F(TransportSecurityStateTest, BuiltinCertPins) {
- scoped_refptr<TransportSecurityState> state(
- new TransportSecurityState(std::string()));
-
+ TransportSecurityState state("");
TransportSecurityState::DomainState domain_state;
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
- "chrome.google.com",
- true));
- EXPECT_TRUE(state->HasPinsForHost(&domain_state, "chrome.google.com", true));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state,
+ "chrome.google.com",
+ true));
+ EXPECT_TRUE(state.HasPinsForHost(&domain_state, "chrome.google.com", true));
std::vector<SHA1Fingerprint> hashes;
// This essential checks that a built-in list does exist.
EXPECT_FALSE(domain_state.IsChainOfPublicKeysPermitted(hashes));
- EXPECT_FALSE(state->HasPinsForHost(&domain_state, "www.paypal.com", true));
- EXPECT_FALSE(state->HasPinsForHost(&domain_state, "twitter.com", true));
-
- EXPECT_TRUE(state->HasPinsForHost(&domain_state, "docs.google.com", true));
- EXPECT_TRUE(state->HasPinsForHost(&domain_state, "1.docs.google.com", true));
- EXPECT_TRUE(state->HasPinsForHost(&domain_state, "sites.google.com", true));
- EXPECT_TRUE(state->HasPinsForHost(&domain_state, "drive.google.com", true));
- EXPECT_TRUE(state->HasPinsForHost(&domain_state,
- "spreadsheets.google.com",
- true));
- EXPECT_TRUE(state->HasPinsForHost(&domain_state, "health.google.com", true));
- EXPECT_TRUE(state->HasPinsForHost(&domain_state,
- "checkout.google.com",
- true));
- EXPECT_TRUE(state->HasPinsForHost(&domain_state,
- "appengine.google.com",
- true));
- EXPECT_TRUE(state->HasPinsForHost(&domain_state, "market.android.com", true));
- EXPECT_TRUE(state->HasPinsForHost(&domain_state,
- "encrypted.google.com",
- true));
- EXPECT_TRUE(state->HasPinsForHost(&domain_state,
- "accounts.google.com",
- true));
- EXPECT_TRUE(state->HasPinsForHost(&domain_state,
- "profiles.google.com",
- true));
- EXPECT_TRUE(state->HasPinsForHost(&domain_state, "mail.google.com", true));
- EXPECT_TRUE(state->HasPinsForHost(&domain_state,
- "chatenabled.mail.google.com",
- true));
- EXPECT_TRUE(state->HasPinsForHost(&domain_state,
- "talkgadget.google.com",
- true));
- EXPECT_TRUE(state->HasPinsForHost(&domain_state,
- "hostedtalkgadget.google.com",
- true));
- EXPECT_TRUE(state->HasPinsForHost(&domain_state, "talk.google.com", true));
- EXPECT_TRUE(state->HasPinsForHost(&domain_state, "plus.google.com", true));
- EXPECT_TRUE(state->HasPinsForHost(&domain_state, "ssl.gstatic.com", true));
- EXPECT_FALSE(state->HasPinsForHost(&domain_state, "www.gstatic.com", true));
- EXPECT_TRUE(state->HasPinsForHost(&domain_state,
- "ssl.google-analytics.com",
- true));
+ EXPECT_FALSE(state.HasPinsForHost(&domain_state, "www.paypal.com", true));
+ EXPECT_FALSE(state.HasPinsForHost(&domain_state, "twitter.com", true));
+
+ EXPECT_TRUE(state.HasPinsForHost(&domain_state, "docs.google.com", true));
+ EXPECT_TRUE(state.HasPinsForHost(&domain_state, "1.docs.google.com", true));
+ EXPECT_TRUE(state.HasPinsForHost(&domain_state, "sites.google.com", true));
+ EXPECT_TRUE(state.HasPinsForHost(&domain_state, "drive.google.com", true));
+ EXPECT_TRUE(state.HasPinsForHost(&domain_state,
+ "spreadsheets.google.com",
+ true));
+ EXPECT_TRUE(state.HasPinsForHost(&domain_state, "health.google.com", true));
+ EXPECT_TRUE(state.HasPinsForHost(&domain_state,
+ "checkout.google.com",
+ true));
+ EXPECT_TRUE(state.HasPinsForHost(&domain_state,
+ "appengine.google.com",
+ true));
+ EXPECT_TRUE(state.HasPinsForHost(&domain_state, "market.android.com", true));
+ EXPECT_TRUE(state.HasPinsForHost(&domain_state,
+ "encrypted.google.com",
+ true));
+ EXPECT_TRUE(state.HasPinsForHost(&domain_state,
+ "accounts.google.com",
+ true));
+ EXPECT_TRUE(state.HasPinsForHost(&domain_state,
+ "profiles.google.com",
+ true));
+ EXPECT_TRUE(state.HasPinsForHost(&domain_state, "mail.google.com", true));
+ EXPECT_TRUE(state.HasPinsForHost(&domain_state,
+ "chatenabled.mail.google.com",
+ true));
+ EXPECT_TRUE(state.HasPinsForHost(&domain_state,
+ "talkgadget.google.com",
+ true));
+ EXPECT_TRUE(state.HasPinsForHost(&domain_state,
+ "hostedtalkgadget.google.com",
+ true));
+ EXPECT_TRUE(state.HasPinsForHost(&domain_state, "talk.google.com", true));
+ EXPECT_TRUE(state.HasPinsForHost(&domain_state, "plus.google.com", true));
+ EXPECT_TRUE(state.HasPinsForHost(&domain_state, "ssl.gstatic.com", true));
+ EXPECT_FALSE(state.HasPinsForHost(&domain_state, "www.gstatic.com", true));
+ EXPECT_TRUE(state.HasPinsForHost(&domain_state,
+ "ssl.google-analytics.com",
+ true));
}
TEST_F(TransportSecurityStateTest, OptionalHSTSCertPins) {
- scoped_refptr<TransportSecurityState> state(
- new TransportSecurityState(std::string()));
-
+ TransportSecurityState state("");
TransportSecurityState::DomainState domain_state;
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state,
- "www.google-analytics.com",
- false));
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state,
- "www.google-analytics.com",
- true));
- EXPECT_FALSE(state->HasPinsForHost(&domain_state,
- "www.google-analytics.com",
- false));
- EXPECT_TRUE(state->HasPinsForHost(&domain_state,
+ EXPECT_FALSE(state.IsEnabledForHost(&domain_state,
+ "www.google-analytics.com",
+ false));
+ EXPECT_FALSE(state.IsEnabledForHost(&domain_state,
+ "www.google-analytics.com",
+ true));
+ EXPECT_FALSE(state.HasPinsForHost(&domain_state,
"www.google-analytics.com",
+ false));
+ EXPECT_TRUE(state.HasPinsForHost(&domain_state,
+ "www.google-analytics.com",
+ true));
+ EXPECT_TRUE(state.HasPinsForHost(&domain_state, "google.com", true));
+ EXPECT_TRUE(state.HasPinsForHost(&domain_state, "www.google.com", true));
+ EXPECT_TRUE(state.HasPinsForHost(&domain_state,
+ "mail-attachment.googleusercontent.com",
+ true));
+ EXPECT_TRUE(state.HasPinsForHost(&domain_state, "www.youtube.com", true));
+ EXPECT_TRUE(state.HasPinsForHost(&domain_state, "i.ytimg.com", true));
+ EXPECT_TRUE(state.HasPinsForHost(&domain_state, "googleapis.com", true));
+ EXPECT_TRUE(state.HasPinsForHost(&domain_state,
+ "ajax.googleapis.com",
+ true));
+ EXPECT_TRUE(state.HasPinsForHost(&domain_state,
+ "googleadservices.com",
+ true));
+ EXPECT_TRUE(state.HasPinsForHost(&domain_state,
+ "pagead2.googleadservices.com",
+ true));
+ EXPECT_TRUE(state.HasPinsForHost(&domain_state, "googlecode.com", true));
+ EXPECT_TRUE(state.HasPinsForHost(&domain_state,
+ "kibbles.googlecode.com",
+ true));
+ EXPECT_TRUE(state.HasPinsForHost(&domain_state, "appspot.com", true));
+ EXPECT_TRUE(state.HasPinsForHost(&domain_state,
+ "googlesyndication.com",
+ true));
+ EXPECT_TRUE(state.HasPinsForHost(&domain_state, "doubleclick.net", true));
+ EXPECT_TRUE(state.HasPinsForHost(&domain_state, "ad.doubleclick.net", true));
+ EXPECT_FALSE(state.HasPinsForHost(&domain_state,
+ "learn.doubleclick.net",
true));
- EXPECT_TRUE(state->HasPinsForHost(&domain_state, "google.com", true));
- EXPECT_TRUE(state->HasPinsForHost(&domain_state, "www.google.com", true));
- EXPECT_TRUE(state->HasPinsForHost(&domain_state,
- "mail-attachment.googleusercontent.com",
- true));
- EXPECT_TRUE(state->HasPinsForHost(&domain_state, "www.youtube.com", true));
- EXPECT_TRUE(state->HasPinsForHost(&domain_state, "i.ytimg.com", true));
- EXPECT_TRUE(state->HasPinsForHost(&domain_state, "googleapis.com", true));
- EXPECT_TRUE(state->HasPinsForHost(&domain_state,
- "ajax.googleapis.com",
- true));
- EXPECT_TRUE(state->HasPinsForHost(&domain_state,
- "googleadservices.com",
- true));
- EXPECT_TRUE(state->HasPinsForHost(&domain_state,
- "pagead2.googleadservices.com",
- true));
- EXPECT_TRUE(state->HasPinsForHost(&domain_state, "googlecode.com", true));
- EXPECT_TRUE(state->HasPinsForHost(&domain_state,
- "kibbles.googlecode.com",
- true));
- EXPECT_TRUE(state->HasPinsForHost(&domain_state, "appspot.com", true));
- EXPECT_TRUE(state->HasPinsForHost(&domain_state,
- "googlesyndication.com",
- true));
- EXPECT_TRUE(state->HasPinsForHost(&domain_state, "doubleclick.net", true));
- EXPECT_TRUE(state->HasPinsForHost(&domain_state, "ad.doubleclick.net", true));
- EXPECT_FALSE(state->HasPinsForHost(&domain_state,
- "learn.doubleclick.net",
- true));
- EXPECT_TRUE(state->HasPinsForHost(&domain_state, "a.googlegroups.com", true));
- EXPECT_FALSE(state->HasPinsForHost(&domain_state,
- "a.googlegroups.com",
- false));
+ EXPECT_TRUE(state.HasPinsForHost(&domain_state, "a.googlegroups.com", true));
+ EXPECT_FALSE(state.HasPinsForHost(&domain_state,
+ "a.googlegroups.com",
+ false));
}
TEST_F(TransportSecurityStateTest, ForcePreloads) {
// This is a docs.google.com override.
std::string preload("{"
- "\"4AGT3lHihuMSd5rUj7B4u6At0jlSH3HFePovjPR+oLE=\": {"
- "\"created\": 0.0,"
- "\"expiry\": 2000000000.0,"
- "\"include_subdomains\": false,"
- "\"mode\": \"none\""
- "}}");
-
- scoped_refptr<TransportSecurityState> state(
- new TransportSecurityState(preload));
+ "\"4AGT3lHihuMSd5rUj7B4u6At0jlSH3HFePovjPR+oLE=\": {"
+ "\"created\": 0.0,"
+ "\"expiry\": 2000000000.0,"
+ "\"include_subdomains\": false,"
+ "\"mode\": \"none\""
+ "}}");
+
+ TransportSecurityState state(preload);
TransportSecurityState::DomainState domain_state;
- EXPECT_FALSE(state->HasPinsForHost(&domain_state, "docs.google.com", true));
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "docs.google.com", true));
+ EXPECT_FALSE(state.HasPinsForHost(&domain_state, "docs.google.com", true));
+ EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "docs.google.com", true));
}
TEST_F(TransportSecurityStateTest, OverrideBuiltins) {
- scoped_refptr<TransportSecurityState> state(
- new TransportSecurityState(std::string()));
-
+ TransportSecurityState state("");
TransportSecurityState::DomainState domain_state;
- EXPECT_TRUE(state->HasPinsForHost(&domain_state, "google.com", true));
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "google.com", true));
- EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "www.google.com", true));
+ EXPECT_TRUE(state.HasPinsForHost(&domain_state, "google.com", true));
+ EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "google.com", true));
+ EXPECT_FALSE(state.IsEnabledForHost(&domain_state, "www.google.com", true));
domain_state = TransportSecurityState::DomainState();
const base::Time current_time(base::Time::Now());
const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
domain_state.expiry = expiry;
- state->EnableHost("www.google.com", domain_state);
+ state.EnableHost("www.google.com", domain_state);
- EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.google.com", true));
+ EXPECT_TRUE(state.IsEnabledForHost(&domain_state, "www.google.com", true));
}
static const uint8 kSidePinLeafSPKI[] = {
diff --git a/net/url_request/url_request_context.h b/net/url_request/url_request_context.h
index eb2f61f..35c4a82 100644
--- a/net/url_request/url_request_context.h
+++ b/net/url_request/url_request_context.h
@@ -214,7 +214,7 @@ class NET_EXPORT URLRequestContext
scoped_refptr<SSLConfigService> ssl_config_service_;
NetworkDelegate* network_delegate_;
scoped_refptr<CookieStore> cookie_store_;
- scoped_refptr<TransportSecurityState> transport_security_state_;
+ TransportSecurityState* transport_security_state_;
scoped_ptr<FtpAuthCache> ftp_auth_cache_;
std::string accept_language_;
std::string accept_charset_;
diff --git a/net/url_request/url_request_context_storage.cc b/net/url_request/url_request_context_storage.cc
index 8e0464d..e555987 100644
--- a/net/url_request/url_request_context_storage.cc
+++ b/net/url_request/url_request_context_storage.cc
@@ -93,7 +93,7 @@ void URLRequestContextStorage::set_cookie_store(CookieStore* cookie_store) {
void URLRequestContextStorage::set_transport_security_state(
TransportSecurityState* transport_security_state) {
context_->set_transport_security_state(transport_security_state);
- transport_security_state_ = transport_security_state;
+ transport_security_state_.reset(transport_security_state);
}
void URLRequestContextStorage::set_http_transaction_factory(
diff --git a/net/url_request/url_request_context_storage.h b/net/url_request/url_request_context_storage.h
index 0c93f0f..a7583d1 100644
--- a/net/url_request/url_request_context_storage.h
+++ b/net/url_request/url_request_context_storage.h
@@ -83,7 +83,7 @@ class NET_EXPORT URLRequestContextStorage {
scoped_refptr<SSLConfigService> ssl_config_service_;
scoped_ptr<NetworkDelegate> network_delegate_;
scoped_refptr<CookieStore> cookie_store_;
- scoped_refptr<TransportSecurityState> transport_security_state_;
+ scoped_ptr<TransportSecurityState> transport_security_state_;
scoped_ptr<HttpTransactionFactory> http_transaction_factory_;
scoped_ptr<FtpTransactionFactory> ftp_transaction_factory_;
diff --git a/net/websockets/websocket_job_unittest.cc b/net/websockets/websocket_job_unittest.cc
index 3555014..9a1a8bc 100644
--- a/net/websockets/websocket_job_unittest.cc
+++ b/net/websockets/websocket_job_unittest.cc
@@ -228,20 +228,20 @@ class MockSSLConfigService : public net::SSLConfigService {
class MockURLRequestContext : public net::URLRequestContext {
public:
- explicit MockURLRequestContext(net::CookieStore* cookie_store) {
+ explicit MockURLRequestContext(net::CookieStore* cookie_store)
+ : transport_security_state_(std::string()) {
set_cookie_store(cookie_store);
- transport_security_state_ = new net::TransportSecurityState(std::string());
- set_transport_security_state(transport_security_state_.get());
+ set_transport_security_state(&transport_security_state_);
net::TransportSecurityState::DomainState state;
state.expiry = base::Time::Now() + base::TimeDelta::FromSeconds(1000);
- transport_security_state_->EnableHost("upgrademe.com", state);
+ transport_security_state_.EnableHost("upgrademe.com", state);
}
private:
friend class base::RefCountedThreadSafe<MockURLRequestContext>;
virtual ~MockURLRequestContext() {}
- scoped_refptr<net::TransportSecurityState> transport_security_state_;
+ net::TransportSecurityState transport_security_state_;
};
class MockHttpTransactionFactory : public net::HttpTransactionFactory {
generated by cgit v1.1 at 2025-01-17 07:36:44 +0000