15821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Copyright (c) 2012 The Chromium Authors. All rights reserved. 25821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 35821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// found in the LICENSE file. 45821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 52a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#include "net/http/transport_security_state.h" 65821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 75821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include <algorithm> 85821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include <string> 95821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include <vector> 105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "base/base64.h" 122a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#include "base/files/file_path.h" 135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "base/sha1.h" 14c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "base/strings/string_piece.h" 155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "crypto/sha2.h" 165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "net/base/net_errors.h" 175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "net/base/net_log.h" 185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "net/base/test_completion_callback.h" 195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "net/base/test_data_directory.h" 20c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "net/cert/asn1_util.h" 21c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "net/cert/cert_verifier.h" 22c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "net/cert/cert_verify_result.h" 23c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "net/cert/test_root_certs.h" 24c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "net/cert/x509_cert_types.h" 25c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "net/cert/x509_certificate.h" 265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "net/http/http_util.h" 272a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#include "net/ssl/ssl_info.h" 28c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "net/test/cert_test_util.h" 295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "testing/gtest/include/gtest/gtest.h" 305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#if defined(USE_OPENSSL) 325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "crypto/openssl_util.h" 335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#else 345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "crypto/nss_util.h" 355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#endif 365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)namespace net { 385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)class TransportSecurityStateTest : public testing::Test { 406e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) public: 415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) virtual void SetUp() { 425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#if defined(USE_OPENSSL) 435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) crypto::EnsureOpenSSLInit(); 445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#else 455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) crypto::EnsureNSSInit(); 465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#endif 475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 496e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) static void DisableStaticPins(TransportSecurityState* state) { 506e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) state->enable_static_pins_ = false; 516e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) } 526e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) 536e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) static void EnableStaticPins(TransportSecurityState* state) { 546e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) state->enable_static_pins_ = true; 556e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) } 566e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) 572a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) protected: 582a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) bool GetStaticDomainState(TransportSecurityState* state, 592a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) const std::string& host, 602a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) TransportSecurityState::DomainState* result) { 611320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci return state->GetStaticDomainState(host, result); 625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 642a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) void EnableHost(TransportSecurityState* state, 652a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) const std::string& host, 662a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) const TransportSecurityState::DomainState& domain_state) { 672a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) return state->EnableHost(host, domain_state); 682a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) } 692a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)}; 705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)TEST_F(TransportSecurityStateTest, SimpleMatches) { 725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) TransportSecurityState state; 735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) TransportSecurityState::DomainState domain_state; 745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const base::Time current_time(base::Time::Now()); 755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); 765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 77010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_FALSE(state.GetDynamicDomainState("yahoo.com", &domain_state)); 782a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) bool include_subdomains = false; 792a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) state.AddHSTS("yahoo.com", expiry, include_subdomains); 80010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(state.GetDynamicDomainState("yahoo.com", &domain_state)); 815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)TEST_F(TransportSecurityStateTest, MatchesCase1) { 845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) TransportSecurityState state; 855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) TransportSecurityState::DomainState domain_state; 865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const base::Time current_time(base::Time::Now()); 875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); 885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 89010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_FALSE(state.GetDynamicDomainState("yahoo.com", &domain_state)); 902a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) bool include_subdomains = false; 912a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) state.AddHSTS("YAhoo.coM", expiry, include_subdomains); 92010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(state.GetDynamicDomainState("yahoo.com", &domain_state)); 935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 955821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)TEST_F(TransportSecurityStateTest, MatchesCase2) { 965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) TransportSecurityState state; 975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) TransportSecurityState::DomainState domain_state; 985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const base::Time current_time(base::Time::Now()); 995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); 1005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 101010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_FALSE(state.GetDynamicDomainState("YAhoo.coM", &domain_state)); 1022a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) bool include_subdomains = false; 1032a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) state.AddHSTS("yahoo.com", expiry, include_subdomains); 104010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(state.GetDynamicDomainState("YAhoo.coM", &domain_state)); 1055821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 1065821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1075821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)TEST_F(TransportSecurityStateTest, SubdomainMatches) { 1085821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) TransportSecurityState state; 1095821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) TransportSecurityState::DomainState domain_state; 1105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const base::Time current_time(base::Time::Now()); 1115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); 1125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 113010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_FALSE(state.GetDynamicDomainState("yahoo.com", &domain_state)); 1142a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) bool include_subdomains = true; 1152a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) state.AddHSTS("yahoo.com", expiry, include_subdomains); 116010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(state.GetDynamicDomainState("yahoo.com", &domain_state)); 117010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(state.GetDynamicDomainState("foo.yahoo.com", &domain_state)); 118010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(state.GetDynamicDomainState("foo.bar.yahoo.com", &domain_state)); 119010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE( 120010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) state.GetDynamicDomainState("foo.bar.baz.yahoo.com", &domain_state)); 121010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_FALSE(state.GetDynamicDomainState("com", &domain_state)); 1225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 1235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1240f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles)TEST_F(TransportSecurityStateTest, InvalidDomains) { 1250f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) TransportSecurityState state; 1260f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) TransportSecurityState::DomainState domain_state; 1270f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) const base::Time current_time(base::Time::Now()); 1280f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); 1290f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) 130010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_FALSE(state.GetDynamicDomainState("yahoo.com", &domain_state)); 1310f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) bool include_subdomains = true; 1320f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) state.AddHSTS("yahoo.com", expiry, include_subdomains); 133010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(state.GetDynamicDomainState("www-.foo.yahoo.com", &domain_state)); 134010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE( 135010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) state.GetDynamicDomainState("2\x01.foo.yahoo.com", &domain_state)); 1360f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles)} 1370f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) 1382a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)TEST_F(TransportSecurityStateTest, DeleteAllDynamicDataSince) { 1395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) TransportSecurityState state; 1405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) TransportSecurityState::DomainState domain_state; 1415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const base::Time current_time(base::Time::Now()); 1425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); 1435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const base::Time older = current_time - base::TimeDelta::FromSeconds(1000); 1445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 145010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_FALSE(state.GetDynamicDomainState("yahoo.com", &domain_state)); 1462a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) bool include_subdomains = false; 1472a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) state.AddHSTS("yahoo.com", expiry, include_subdomains); 1485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1492a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) state.DeleteAllDynamicDataSince(expiry); 150010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(state.GetDynamicDomainState("yahoo.com", &domain_state)); 151010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_EQ(TransportSecurityState::DomainState::MODE_FORCE_HTTPS, 152010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) domain_state.sts.upgrade_mode); 1532a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) state.DeleteAllDynamicDataSince(older); 154010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(state.GetDynamicDomainState("yahoo.com", &domain_state)); 155010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_EQ(TransportSecurityState::DomainState::MODE_DEFAULT, 156010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) domain_state.sts.upgrade_mode); 1575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 1585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1592a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)TEST_F(TransportSecurityStateTest, DeleteDynamicDataForHost) { 1605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) TransportSecurityState state; 1615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) TransportSecurityState::DomainState domain_state; 1625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const base::Time current_time(base::Time::Now()); 1635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); 1642a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) bool include_subdomains = false; 1652a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) state.AddHSTS("yahoo.com", expiry, include_subdomains); 1665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 167010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(state.GetDynamicDomainState("yahoo.com", &domain_state)); 168010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_FALSE(state.GetDynamicDomainState("example.com", &domain_state)); 1692a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) EXPECT_TRUE(state.DeleteDynamicDataForHost("yahoo.com")); 170010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_FALSE(state.GetDynamicDomainState("yahoo.com", &domain_state)); 1715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 1725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1736e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)TEST_F(TransportSecurityStateTest, EnableStaticPins) { 1746e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) TransportSecurityState state; 1756e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) TransportSecurityState::DomainState domain_state; 1766e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) 1776e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) EnableStaticPins(&state); 1786e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) 1796e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) EXPECT_TRUE( 1801320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci state.GetStaticDomainState("chrome.google.com", &domain_state)); 1816e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) EXPECT_FALSE(domain_state.pkp.spki_hashes.empty()); 1826e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)} 1836e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) 1846e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)TEST_F(TransportSecurityStateTest, DisableStaticPins) { 1856e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) TransportSecurityState state; 1866e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) TransportSecurityState::DomainState domain_state; 1876e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) 1886e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) DisableStaticPins(&state); 1896e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) EXPECT_TRUE( 1901320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci state.GetStaticDomainState("chrome.google.com", &domain_state)); 1916e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) EXPECT_TRUE(domain_state.pkp.spki_hashes.empty()); 1926e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)} 1936e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) 1945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)TEST_F(TransportSecurityStateTest, IsPreloaded) { 195010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) const std::string paypal = "paypal.com"; 196010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) const std::string www_paypal = "www.paypal.com"; 197010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) const std::string foo_paypal = "foo.paypal.com"; 198010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) const std::string a_www_paypal = "a.www.paypal.com"; 199010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) const std::string abc_paypal = "a.b.c.paypal.com"; 200010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) const std::string example = "example.com"; 201010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) const std::string aypal = "aypal.com"; 2025821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2035821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) TransportSecurityState state; 2045821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) TransportSecurityState::DomainState domain_state; 2055821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2061320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci EXPECT_TRUE(GetStaticDomainState(&state, paypal, &domain_state)); 2071320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci EXPECT_TRUE(GetStaticDomainState(&state, www_paypal, &domain_state)); 208010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_FALSE(domain_state.sts.include_subdomains); 2091320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci EXPECT_FALSE(GetStaticDomainState(&state, a_www_paypal, &domain_state)); 2101320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci EXPECT_FALSE(GetStaticDomainState(&state, abc_paypal, &domain_state)); 2111320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci EXPECT_FALSE(GetStaticDomainState(&state, example, &domain_state)); 2121320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci EXPECT_FALSE(GetStaticDomainState(&state, aypal, &domain_state)); 2135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 2145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)TEST_F(TransportSecurityStateTest, PreloadedDomainSet) { 2165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) TransportSecurityState state; 2175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) TransportSecurityState::DomainState domain_state; 2185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // The domain wasn't being set, leading to a blank string in the 2205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // chrome://net-internals/#hsts UI. So test that. 221010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE( 2221320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci state.GetStaticDomainState("market.android.com", &domain_state)); 2235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_EQ(domain_state.domain, "market.android.com"); 224010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(state.GetStaticDomainState( 2251320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci "sub.market.android.com", &domain_state)); 2265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_EQ(domain_state.domain, "market.android.com"); 2275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 2285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 229010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)static bool StaticShouldRedirect(const char* hostname) { 2305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) TransportSecurityState state; 2315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) TransportSecurityState::DomainState domain_state; 232010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) return state.GetStaticDomainState( 2331320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci hostname, &domain_state) && 2342a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) domain_state.ShouldUpgradeToSSL(); 2355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 2365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 237010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)static bool HasStaticState(const char* hostname) { 2385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) TransportSecurityState state; 2395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) TransportSecurityState::DomainState domain_state; 2401320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci return state.GetStaticDomainState(hostname, &domain_state); 2415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 2425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2431320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tuccistatic bool HasStaticPublicKeyPins(const char* hostname) { 2445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) TransportSecurityState state; 2456e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) TransportSecurityStateTest::EnableStaticPins(&state); 2465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) TransportSecurityState::DomainState domain_state; 2471320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci if (!state.GetStaticDomainState(hostname, &domain_state)) 2485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return false; 2495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2502a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) return domain_state.HasPublicKeyPins(); 2515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 2525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 253010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)static bool OnlyPinningInStaticState(const char* hostname) { 2545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) TransportSecurityState state; 2556e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) TransportSecurityStateTest::EnableStaticPins(&state); 2565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) TransportSecurityState::DomainState domain_state; 2571320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci if (!state.GetStaticDomainState(hostname, &domain_state)) 2585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return false; 2595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 260010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) return (domain_state.pkp.spki_hashes.size() > 0 || 261010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) domain_state.pkp.bad_spki_hashes.size() > 0) && 2622a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) !domain_state.ShouldUpgradeToSSL(); 2635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 2645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)TEST_F(TransportSecurityStateTest, Preloaded) { 2665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) TransportSecurityState state; 2675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) TransportSecurityState::DomainState domain_state; 2685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // We do more extensive checks for the first domain. 270010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE( 2711320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci state.GetStaticDomainState("www.paypal.com", &domain_state)); 272010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_EQ(domain_state.sts.upgrade_mode, 2735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) TransportSecurityState::DomainState::MODE_FORCE_HTTPS); 274010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_FALSE(domain_state.sts.include_subdomains); 275010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_FALSE(domain_state.pkp.include_subdomains); 2765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 277010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(HasStaticState("paypal.com")); 278010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_FALSE(HasStaticState("www2.paypal.com")); 279010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_FALSE(HasStaticState("www2.paypal.com")); 2805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Google hosts: 2825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 283010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("chrome.google.com")); 284010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("checkout.google.com")); 285010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("wallet.google.com")); 286010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("docs.google.com")); 287010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("sites.google.com")); 288010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("drive.google.com")); 289010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("spreadsheets.google.com")); 290010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("appengine.google.com")); 291010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("market.android.com")); 292010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("encrypted.google.com")); 293010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("accounts.google.com")); 294010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("profiles.google.com")); 295010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("mail.google.com")); 296010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("chatenabled.mail.google.com")); 297010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("talkgadget.google.com")); 298010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("hostedtalkgadget.google.com")); 299010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("talk.google.com")); 300010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("plus.google.com")); 301010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("groups.google.com")); 302010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("apis.google.com")); 303010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_FALSE(StaticShouldRedirect("chart.apis.google.com")); 304010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("ssl.google-analytics.com")); 305010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("gmail.com")); 306010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("www.gmail.com")); 307010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("googlemail.com")); 308010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("www.googlemail.com")); 309010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("googleplex.com")); 310010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("www.googleplex.com")); 3111320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci 3121320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci // These domains used to be only HSTS when SNI was available. 3131320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci EXPECT_TRUE(state.GetStaticDomainState("gmail.com", &domain_state)); 3141320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci EXPECT_TRUE(state.GetStaticDomainState("www.gmail.com", &domain_state)); 3151320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci EXPECT_TRUE(state.GetStaticDomainState("googlemail.com", &domain_state)); 3161320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci EXPECT_TRUE(state.GetStaticDomainState("www.googlemail.com", &domain_state)); 3175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Other hosts: 3195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 320010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("aladdinschools.appspot.com")); 3215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 322010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("ottospora.nl")); 323010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("www.ottospora.nl")); 3245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 325010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("www.paycheckrecords.com")); 3265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 327010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("lastpass.com")); 328010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("www.lastpass.com")); 329010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_FALSE(HasStaticState("blog.lastpass.com")); 3305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 331010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("keyerror.com")); 332010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("www.keyerror.com")); 3335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 334010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("entropia.de")); 335010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("www.entropia.de")); 336010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_FALSE(HasStaticState("foo.entropia.de")); 3375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 338010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("www.elanex.biz")); 339010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_FALSE(HasStaticState("elanex.biz")); 340010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_FALSE(HasStaticState("foo.elanex.biz")); 3415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 342010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("sunshinepress.org")); 343010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("www.sunshinepress.org")); 344010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("a.b.sunshinepress.org")); 3455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 346010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("www.noisebridge.net")); 347010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_FALSE(HasStaticState("noisebridge.net")); 348010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_FALSE(HasStaticState("foo.noisebridge.net")); 3495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 350010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("neg9.org")); 351010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_FALSE(HasStaticState("www.neg9.org")); 3525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 353010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("riseup.net")); 354010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("foo.riseup.net")); 3555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 356010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("factor.cc")); 357010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_FALSE(HasStaticState("www.factor.cc")); 3585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 359010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("members.mayfirst.org")); 360010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("support.mayfirst.org")); 361010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("id.mayfirst.org")); 362010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("lists.mayfirst.org")); 363010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_FALSE(HasStaticState("www.mayfirst.org")); 3645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 365010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("romab.com")); 366010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("www.romab.com")); 367010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("foo.romab.com")); 3685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 369010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("logentries.com")); 370010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("www.logentries.com")); 371010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_FALSE(HasStaticState("foo.logentries.com")); 3725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 373010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("stripe.com")); 374010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("foo.stripe.com")); 3755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 376010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("cloudsecurityalliance.org")); 377010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("foo.cloudsecurityalliance.org")); 3785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 379010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("login.sapo.pt")); 380010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("foo.login.sapo.pt")); 3815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 382010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("mattmccutchen.net")); 383010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("foo.mattmccutchen.net")); 3845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 385010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("betnet.fr")); 386010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("foo.betnet.fr")); 3875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 388010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("uprotect.it")); 389010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("foo.uprotect.it")); 3905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 391010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("squareup.com")); 392010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_FALSE(HasStaticState("foo.squareup.com")); 3935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 394010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("cert.se")); 395010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("foo.cert.se")); 3965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 397010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("crypto.is")); 398010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("foo.crypto.is")); 3995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 400010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("simon.butcher.name")); 401010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("foo.simon.butcher.name")); 4025821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 403010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("linx.net")); 404010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("foo.linx.net")); 4055821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 406010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("dropcam.com")); 407010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("www.dropcam.com")); 408010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_FALSE(HasStaticState("foo.dropcam.com")); 4095821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 410010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("ebanking.indovinabank.com.vn")); 411010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("foo.ebanking.indovinabank.com.vn")); 4125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 413010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("epoxate.com")); 414010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_FALSE(HasStaticState("foo.epoxate.com")); 4155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 416010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_FALSE(HasStaticState("foo.torproject.org")); 4175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 418010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("www.moneybookers.com")); 419010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_FALSE(HasStaticState("moneybookers.com")); 4205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 421010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("ledgerscope.net")); 422010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("www.ledgerscope.net")); 423010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_FALSE(HasStaticState("status.ledgerscope.net")); 4245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 425010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("foo.app.recurly.com")); 426010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("foo.api.recurly.com")); 4275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 428010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("greplin.com")); 429010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("www.greplin.com")); 430010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_FALSE(HasStaticState("foo.greplin.com")); 4315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 432010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("luneta.nearbuysystems.com")); 433010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("foo.luneta.nearbuysystems.com")); 4345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 435010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("ubertt.org")); 436010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("foo.ubertt.org")); 4375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 438010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("pixi.me")); 439010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("www.pixi.me")); 4405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 441010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("grepular.com")); 442010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("www.grepular.com")); 443010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) 444010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("mydigipass.com")); 445010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_FALSE(StaticShouldRedirect("foo.mydigipass.com")); 446010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("www.mydigipass.com")); 447010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_FALSE(StaticShouldRedirect("foo.www.mydigipass.com")); 448010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("developer.mydigipass.com")); 449010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_FALSE(StaticShouldRedirect("foo.developer.mydigipass.com")); 450010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("www.developer.mydigipass.com")); 451010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_FALSE(StaticShouldRedirect("foo.www.developer.mydigipass.com")); 452010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("sandbox.mydigipass.com")); 453010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_FALSE(StaticShouldRedirect("foo.sandbox.mydigipass.com")); 454010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("www.sandbox.mydigipass.com")); 455010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_FALSE(StaticShouldRedirect("foo.www.sandbox.mydigipass.com")); 4565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 457010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("crypto.cat")); 458010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_FALSE(StaticShouldRedirect("foo.crypto.cat")); 4595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 460010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("bigshinylock.minazo.net")); 461010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("foo.bigshinylock.minazo.net")); 4625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 463010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("crate.io")); 464010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(StaticShouldRedirect("foo.crate.io")); 4656e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)} 4666e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) 4676e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)TEST_F(TransportSecurityStateTest, PreloadedPins) { 4686e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) TransportSecurityState state; 4696e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) EnableStaticPins(&state); 4706e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) TransportSecurityState::DomainState domain_state; 4716e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) 4726e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) // We do more extensive checks for the first domain. 4736e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) EXPECT_TRUE( 4741320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci state.GetStaticDomainState("www.paypal.com", &domain_state)); 4756e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) EXPECT_EQ(domain_state.sts.upgrade_mode, 4766e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) TransportSecurityState::DomainState::MODE_FORCE_HTTPS); 4776e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) EXPECT_FALSE(domain_state.sts.include_subdomains); 4786e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) EXPECT_FALSE(domain_state.pkp.include_subdomains); 4796e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) 4806e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) EXPECT_TRUE(OnlyPinningInStaticState("www.google.com")); 4816e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) EXPECT_TRUE(OnlyPinningInStaticState("foo.google.com")); 4826e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) EXPECT_TRUE(OnlyPinningInStaticState("google.com")); 4836e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) EXPECT_TRUE(OnlyPinningInStaticState("www.youtube.com")); 4846e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) EXPECT_TRUE(OnlyPinningInStaticState("youtube.com")); 4856e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) EXPECT_TRUE(OnlyPinningInStaticState("i.ytimg.com")); 4866e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) EXPECT_TRUE(OnlyPinningInStaticState("ytimg.com")); 4876e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) EXPECT_TRUE(OnlyPinningInStaticState("googleusercontent.com")); 4886e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) EXPECT_TRUE(OnlyPinningInStaticState("www.googleusercontent.com")); 4896e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) EXPECT_TRUE(OnlyPinningInStaticState("www.google-analytics.com")); 4906e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) EXPECT_TRUE(OnlyPinningInStaticState("googleapis.com")); 4916e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) EXPECT_TRUE(OnlyPinningInStaticState("googleadservices.com")); 4926e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) EXPECT_TRUE(OnlyPinningInStaticState("googlecode.com")); 4936e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) EXPECT_TRUE(OnlyPinningInStaticState("appspot.com")); 4946e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) EXPECT_TRUE(OnlyPinningInStaticState("googlesyndication.com")); 4956e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) EXPECT_TRUE(OnlyPinningInStaticState("doubleclick.net")); 4966e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) EXPECT_TRUE(OnlyPinningInStaticState("googlegroups.com")); 4976e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) 4986e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) EXPECT_TRUE(HasStaticPublicKeyPins("torproject.org")); 4996e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) EXPECT_TRUE(HasStaticPublicKeyPins("www.torproject.org")); 5006e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) EXPECT_TRUE(HasStaticPublicKeyPins("check.torproject.org")); 5016e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) EXPECT_TRUE(HasStaticPublicKeyPins("blog.torproject.org")); 5026e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) EXPECT_FALSE(HasStaticState("foo.torproject.org")); 5036e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) 5041320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci EXPECT_TRUE(state.GetStaticDomainState("torproject.org", &domain_state)); 5056e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) EXPECT_FALSE(domain_state.pkp.spki_hashes.empty()); 5061320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci EXPECT_TRUE(state.GetStaticDomainState("www.torproject.org", &domain_state)); 5076e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) EXPECT_FALSE(domain_state.pkp.spki_hashes.empty()); 5086e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) EXPECT_TRUE( 5091320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci state.GetStaticDomainState("check.torproject.org", &domain_state)); 5106e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) EXPECT_FALSE(domain_state.pkp.spki_hashes.empty()); 5111320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci EXPECT_TRUE(state.GetStaticDomainState("blog.torproject.org", &domain_state)); 5126e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) EXPECT_FALSE(domain_state.pkp.spki_hashes.empty()); 5135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 514010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(HasStaticPublicKeyPins("www.twitter.com")); 5155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 5165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 5175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)TEST_F(TransportSecurityStateTest, LongNames) { 5185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) TransportSecurityState state; 5195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const char kLongName[] = 5205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) "lookupByWaveIdHashAndWaveIdIdAndWaveIdDomainAndWaveletIdIdAnd" 5215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) "WaveletIdDomainAndBlipBlipid"; 5225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) TransportSecurityState::DomainState domain_state; 5235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Just checks that we don't hit a NOTREACHED. 5241320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci EXPECT_FALSE(state.GetStaticDomainState(kLongName, &domain_state)); 525010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_FALSE(state.GetDynamicDomainState(kLongName, &domain_state)); 5265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 5275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 5285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)TEST_F(TransportSecurityStateTest, BuiltinCertPins) { 5295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) TransportSecurityState state; 5306e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) EnableStaticPins(&state); 5315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) TransportSecurityState::DomainState domain_state; 5325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 533010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE( 5341320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci state.GetStaticDomainState("chrome.google.com", &domain_state)); 535010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(HasStaticPublicKeyPins("chrome.google.com")); 5365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 5375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) HashValueVector hashes; 538c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch std::string failure_log; 5395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Checks that a built-in list does exist. 540c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch EXPECT_FALSE(domain_state.CheckPublicKeyPins(hashes, &failure_log)); 541010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_FALSE(HasStaticPublicKeyPins("www.paypal.com")); 542010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) 543010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(HasStaticPublicKeyPins("docs.google.com")); 544010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(HasStaticPublicKeyPins("1.docs.google.com")); 545010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(HasStaticPublicKeyPins("sites.google.com")); 546010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(HasStaticPublicKeyPins("drive.google.com")); 547010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(HasStaticPublicKeyPins("spreadsheets.google.com")); 548010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(HasStaticPublicKeyPins("wallet.google.com")); 549010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(HasStaticPublicKeyPins("checkout.google.com")); 550010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(HasStaticPublicKeyPins("appengine.google.com")); 551010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(HasStaticPublicKeyPins("market.android.com")); 552010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(HasStaticPublicKeyPins("encrypted.google.com")); 553010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(HasStaticPublicKeyPins("accounts.google.com")); 554010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(HasStaticPublicKeyPins("profiles.google.com")); 555010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(HasStaticPublicKeyPins("mail.google.com")); 556010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(HasStaticPublicKeyPins("chatenabled.mail.google.com")); 557010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(HasStaticPublicKeyPins("talkgadget.google.com")); 558010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(HasStaticPublicKeyPins("hostedtalkgadget.google.com")); 559010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(HasStaticPublicKeyPins("talk.google.com")); 560010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(HasStaticPublicKeyPins("plus.google.com")); 561010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(HasStaticPublicKeyPins("groups.google.com")); 562010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(HasStaticPublicKeyPins("apis.google.com")); 563010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) 564010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(HasStaticPublicKeyPins("ssl.gstatic.com")); 565010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(HasStaticPublicKeyPins("gstatic.com")); 566010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(HasStaticPublicKeyPins("www.gstatic.com")); 567010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(HasStaticPublicKeyPins("ssl.google-analytics.com")); 568010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(HasStaticPublicKeyPins("www.googleplex.com")); 5695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 570010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(HasStaticPublicKeyPins("twitter.com")); 571010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_FALSE(HasStaticPublicKeyPins("foo.twitter.com")); 572010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(HasStaticPublicKeyPins("www.twitter.com")); 573010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(HasStaticPublicKeyPins("api.twitter.com")); 574010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(HasStaticPublicKeyPins("oauth.twitter.com")); 575010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(HasStaticPublicKeyPins("mobile.twitter.com")); 576010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(HasStaticPublicKeyPins("dev.twitter.com")); 577010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(HasStaticPublicKeyPins("business.twitter.com")); 578010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(HasStaticPublicKeyPins("platform.twitter.com")); 579010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(HasStaticPublicKeyPins("si0.twimg.com")); 5805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 5815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 5825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)static bool AddHash(const std::string& type_and_base64, 5835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) HashValueVector* out) { 5845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) HashValue hash; 5852a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) if (!hash.FromString(type_and_base64)) 5865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return false; 5875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 5885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) out->push_back(hash); 5895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return true; 5905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 5915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 5925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)TEST_F(TransportSecurityStateTest, PinValidationWithoutRejectedCerts) { 5935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // kGoodPath is blog.torproject.org. 5945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) static const char* kGoodPath[] = { 5955821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) "sha1/m9lHYJYke9k0GtVZ+bXSQYE8nDI=", 5965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) "sha1/o5OZxATDsgmwgcIfIWIneMJ0jkw=", 5975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) "sha1/wHqYaI2J+6sFZAwRfap9ZbjKzE4=", 5985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) NULL, 5995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) }; 6005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 6015821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // kBadPath is plus.google.com via Trustcenter, which is utterly wrong for 6025821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // torproject.org. 6035821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) static const char* kBadPath[] = { 6045821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) "sha1/4BjDjn8v2lWeUFQnqSs0BgbIcrU=", 6055821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) "sha1/gzuEEAB/bkqdQS3EIjk2by7lW+k=", 6065821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) "sha1/SOZo+SvSspXXR9gjIBBPM5iQn9Q=", 6075821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) NULL, 6085821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) }; 6095821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 6105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) HashValueVector good_hashes, bad_hashes; 6115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 6125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) for (size_t i = 0; kGoodPath[i]; i++) { 6135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_TRUE(AddHash(kGoodPath[i], &good_hashes)); 6145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 6155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) for (size_t i = 0; kBadPath[i]; i++) { 6165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_TRUE(AddHash(kBadPath[i], &bad_hashes)); 6175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 6185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 6195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) TransportSecurityState state; 6206e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) EnableStaticPins(&state); 6216e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) 6225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) TransportSecurityState::DomainState domain_state; 623010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE( 6241320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci state.GetStaticDomainState("blog.torproject.org", &domain_state)); 6252a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) EXPECT_TRUE(domain_state.HasPublicKeyPins()); 6265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 627c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch std::string failure_log; 628c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch EXPECT_TRUE(domain_state.CheckPublicKeyPins(good_hashes, &failure_log)); 629c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch EXPECT_FALSE(domain_state.CheckPublicKeyPins(bad_hashes, &failure_log)); 6305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 6315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 6325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)TEST_F(TransportSecurityStateTest, OptionalHSTSCertPins) { 6335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) TransportSecurityState state; 6346e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) EnableStaticPins(&state); 6355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) TransportSecurityState::DomainState domain_state; 6365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 637010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_FALSE(StaticShouldRedirect("www.google-analytics.com")); 638010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) 639010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(HasStaticPublicKeyPins("www.google-analytics.com")); 640010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(HasStaticPublicKeyPins("google.com")); 641010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(HasStaticPublicKeyPins("www.google.com")); 642010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(HasStaticPublicKeyPins("mail-attachment.googleusercontent.com")); 643010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(HasStaticPublicKeyPins("www.youtube.com")); 644010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(HasStaticPublicKeyPins("i.ytimg.com")); 645010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(HasStaticPublicKeyPins("googleapis.com")); 646010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(HasStaticPublicKeyPins("ajax.googleapis.com")); 647010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(HasStaticPublicKeyPins("googleadservices.com")); 648010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(HasStaticPublicKeyPins("pagead2.googleadservices.com")); 649010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(HasStaticPublicKeyPins("googlecode.com")); 650010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(HasStaticPublicKeyPins("kibbles.googlecode.com")); 651010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(HasStaticPublicKeyPins("appspot.com")); 652010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(HasStaticPublicKeyPins("googlesyndication.com")); 653010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(HasStaticPublicKeyPins("doubleclick.net")); 654010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(HasStaticPublicKeyPins("ad.doubleclick.net")); 655010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_FALSE(HasStaticPublicKeyPins("learn.doubleclick.net")); 656010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(HasStaticPublicKeyPins("a.googlegroups.com")); 6575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 6585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 6595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)TEST_F(TransportSecurityStateTest, OverrideBuiltins) { 660010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(HasStaticPublicKeyPins("google.com")); 661010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_FALSE(StaticShouldRedirect("google.com")); 662010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_FALSE(StaticShouldRedirect("www.google.com")); 6635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 6645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) TransportSecurityState state; 6655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) TransportSecurityState::DomainState domain_state; 6665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const base::Time current_time(base::Time::Now()); 6675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000); 668010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) domain_state.sts.expiry = expiry; 6692a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) EnableHost(&state, "www.google.com", domain_state); 6705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 671010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EXPECT_TRUE(state.GetDynamicDomainState("www.google.com", &domain_state)); 6725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 6735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 6745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)TEST_F(TransportSecurityStateTest, GooglePinnedProperties) { 6755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty( 6761320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci "www.example.com")); 6775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty( 6781320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci "www.paypal.com")); 6795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty( 6801320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci "mail.twitter.com")); 6815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty( 6821320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci "www.google.com.int")); 6835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty( 6841320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci "jottit.com")); 6855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // learn.doubleclick.net has a more specific match than 6865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // *.doubleclick.com, and has 0 or NULL for its required certs. 6875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // This test ensures that the exact-match-preferred behavior 6885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // works. 6895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty( 6901320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci "learn.doubleclick.net")); 6915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 6925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_TRUE(TransportSecurityState::IsGooglePinnedProperty( 6931320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci "encrypted.google.com")); 6945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_TRUE(TransportSecurityState::IsGooglePinnedProperty( 6951320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci "mail.google.com")); 6965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_TRUE(TransportSecurityState::IsGooglePinnedProperty( 6971320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci "accounts.google.com")); 6985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_TRUE(TransportSecurityState::IsGooglePinnedProperty( 6991320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci "doubleclick.net")); 7005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_TRUE(TransportSecurityState::IsGooglePinnedProperty( 7011320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci "ad.doubleclick.net")); 7025821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_TRUE(TransportSecurityState::IsGooglePinnedProperty( 7031320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci "youtube.com")); 7045821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_TRUE(TransportSecurityState::IsGooglePinnedProperty( 7051320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci "www.profiles.google.com")); 7065821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_TRUE(TransportSecurityState::IsGooglePinnedProperty( 7071320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci "checkout.google.com")); 7085821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_TRUE(TransportSecurityState::IsGooglePinnedProperty( 7091320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci "googleadservices.com")); 7105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 7115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty( 7121320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci "www.example.com")); 7135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_FALSE(TransportSecurityState::IsGooglePinnedProperty( 7141320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci "www.paypal.com")); 7155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_TRUE(TransportSecurityState::IsGooglePinnedProperty( 7161320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci "checkout.google.com")); 7175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_TRUE(TransportSecurityState::IsGooglePinnedProperty( 7181320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci "googleadservices.com")); 7195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 7205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Test some SNI hosts: 7215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_TRUE(TransportSecurityState::IsGooglePinnedProperty( 7221320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci "gmail.com")); 7235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_TRUE(TransportSecurityState::IsGooglePinnedProperty( 7241320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci "googlegroups.com")); 7255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_TRUE(TransportSecurityState::IsGooglePinnedProperty( 7261320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci "www.googlegroups.com")); 7271320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci 7281320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci // These hosts used to only be HSTS when SNI was available. 7291320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci EXPECT_TRUE(TransportSecurityState::IsGooglePinnedProperty( 7301320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci "gmail.com")); 7311320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci EXPECT_TRUE(TransportSecurityState::IsGooglePinnedProperty( 7321320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci "googlegroups.com")); 7331320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci EXPECT_TRUE(TransportSecurityState::IsGooglePinnedProperty( 7341320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci "www.googlegroups.com")); 7355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 7365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 7375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} // namespace net 738