// Copyright (c) 2011 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "net/base/transport_security_state.h"
#include "testing/gtest/include/gtest/gtest.h"
namespace net {
class TransportSecurityStateTest : public testing::Test {
};
TEST_F(TransportSecurityStateTest, BogusHeaders) {
int max_age = 42;
bool include_subdomains = false;
EXPECT_FALSE(TransportSecurityState::ParseHeader(
"", &max_age, &include_subdomains));
EXPECT_FALSE(TransportSecurityState::ParseHeader(
" ", &max_age, &include_subdomains));
EXPECT_FALSE(TransportSecurityState::ParseHeader(
"abc", &max_age, &include_subdomains));
EXPECT_FALSE(TransportSecurityState::ParseHeader(
" abc", &max_age, &include_subdomains));
EXPECT_FALSE(TransportSecurityState::ParseHeader(
" abc ", &max_age, &include_subdomains));
EXPECT_FALSE(TransportSecurityState::ParseHeader(
"max-age", &max_age, &include_subdomains));
EXPECT_FALSE(TransportSecurityState::ParseHeader(
" max-age", &max_age, &include_subdomains));
EXPECT_FALSE(TransportSecurityState::ParseHeader(
" max-age ", &max_age, &include_subdomains));
EXPECT_FALSE(TransportSecurityState::ParseHeader(
"max-age=", &max_age, &include_subdomains));
EXPECT_FALSE(TransportSecurityState::ParseHeader(
" max-age=", &max_age, &include_subdomains));
EXPECT_FALSE(TransportSecurityState::ParseHeader(
" max-age =", &max_age, &include_subdomains));
EXPECT_FALSE(TransportSecurityState::ParseHeader(
" max-age= ", &max_age, &include_subdomains));
EXPECT_FALSE(TransportSecurityState::ParseHeader(
" max-age = ", &max_age, &include_subdomains));
EXPECT_FALSE(TransportSecurityState::ParseHeader(
" max-age = xy", &max_age, &include_subdomains));
EXPECT_FALSE(TransportSecurityState::ParseHeader(
" max-age = 3488a923", &max_age, &include_subdomains));
EXPECT_FALSE(TransportSecurityState::ParseHeader(
"max-age=3488a923 ", &max_age, &include_subdomains));
EXPECT_FALSE(TransportSecurityState::ParseHeader(
"max-ag=3488923", &max_age, &include_subdomains));
EXPECT_FALSE(TransportSecurityState::ParseHeader(
"max-aged=3488923", &max_age, &include_subdomains));
EXPECT_FALSE(TransportSecurityState::ParseHeader(
"max-age==3488923", &max_age, &include_subdomains));
EXPECT_FALSE(TransportSecurityState::ParseHeader(
"amax-age=3488923", &max_age, &include_subdomains));
EXPECT_FALSE(TransportSecurityState::ParseHeader(
"max-age=-3488923", &max_age, &include_subdomains));
EXPECT_FALSE(TransportSecurityState::ParseHeader(
"max-age=3488923;", &max_age, &include_subdomains));
EXPECT_FALSE(TransportSecurityState::ParseHeader(
"max-age=3488923 e", &max_age, &include_subdomains));
EXPECT_FALSE(TransportSecurityState::ParseHeader(
"max-age=3488923 includesubdomain", &max_age, &include_subdomains));
EXPECT_FALSE(TransportSecurityState::ParseHeader(
"max-age=3488923includesubdomains", &max_age, &include_subdomains));
EXPECT_FALSE(TransportSecurityState::ParseHeader(
"max-age=3488923=includesubdomains", &max_age, &include_subdomains));
EXPECT_FALSE(TransportSecurityState::ParseHeader(
"max-age=3488923 includesubdomainx", &max_age, &include_subdomains));
EXPECT_FALSE(TransportSecurityState::ParseHeader(
"max-age=3488923 includesubdomain=", &max_age, &include_subdomains));
EXPECT_FALSE(TransportSecurityState::ParseHeader(
"max-age=3488923 includesubdomain=true", &max_age, &include_subdomains));
EXPECT_FALSE(TransportSecurityState::ParseHeader(
"max-age=3488923 includesubdomainsx", &max_age, &include_subdomains));
EXPECT_FALSE(TransportSecurityState::ParseHeader(
"max-age=3488923 includesubdomains x", &max_age, &include_subdomains));
EXPECT_FALSE(TransportSecurityState::ParseHeader(
"max-age=34889.23 includesubdomains", &max_age, &include_subdomains));
EXPECT_FALSE(TransportSecurityState::ParseHeader(
"max-age=34889 includesubdomains", &max_age, &include_subdomains));
EXPECT_EQ(max_age, 42);
EXPECT_FALSE(include_subdomains);
}
TEST_F(TransportSecurityStateTest, ValidHeaders) {
int max_age = 42;
bool include_subdomains = true;
EXPECT_TRUE(TransportSecurityState::ParseHeader(
"max-age=243", &max_age, &include_subdomains));
EXPECT_EQ(max_age, 243);
EXPECT_FALSE(include_subdomains);
EXPECT_TRUE(TransportSecurityState::ParseHeader(
" Max-agE = 567", &max_age, &include_subdomains));
EXPECT_EQ(max_age, 567);
EXPECT_FALSE(include_subdomains);
EXPECT_TRUE(TransportSecurityState::ParseHeader(
" mAx-aGe = 890 ", &max_age, &include_subdomains));
EXPECT_EQ(max_age, 890);
EXPECT_FALSE(include_subdomains);
EXPECT_TRUE(TransportSecurityState::ParseHeader(
"max-age=123;incLudesUbdOmains", &max_age, &include_subdomains));
EXPECT_EQ(max_age, 123);
EXPECT_TRUE(include_subdomains);
EXPECT_TRUE(TransportSecurityState::ParseHeader(
"max-age=394082; incLudesUbdOmains", &max_age, &include_subdomains));
EXPECT_EQ(max_age, 394082);
EXPECT_TRUE(include_subdomains);
EXPECT_TRUE(TransportSecurityState::ParseHeader(
"max-age=39408299 ;incLudesUbdOmains", &max_age, &include_subdomains));
EXPECT_EQ(max_age,
std::min(TransportSecurityState::kMaxHSTSAgeSecs, 39408299l));
EXPECT_TRUE(include_subdomains);
EXPECT_TRUE(TransportSecurityState::ParseHeader(
"max-age=394082038 ; incLudesUbdOmains", &max_age, &include_subdomains));
EXPECT_EQ(max_age,
std::min(TransportSecurityState::kMaxHSTSAgeSecs, 394082038l));
EXPECT_TRUE(include_subdomains);
EXPECT_TRUE(TransportSecurityState::ParseHeader(
" max-age=0 ; incLudesUbdOmains ", &max_age, &include_subdomains));
EXPECT_EQ(max_age, 0);
EXPECT_TRUE(include_subdomains);
EXPECT_TRUE(TransportSecurityState::ParseHeader(
" max-age=999999999999999999999999999999999999999999999 ;"
" incLudesUbdOmains ",
&max_age, &include_subdomains));
EXPECT_EQ(max_age, TransportSecurityState::kMaxHSTSAgeSecs);
EXPECT_TRUE(include_subdomains);
}
TEST_F(TransportSecurityStateTest, SimpleMatches) {
scoped_refptr<TransportSecurityState> state(
new TransportSecurityState);
TransportSecurityState::DomainState domain_state;
const base::Time current_time(base::Time::Now());
const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "google.com", true));
domain_state.expiry = expiry;
state->EnableHost("google.com", domain_state);
EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "google.com", true));
}
TEST_F(TransportSecurityStateTest, MatchesCase1) {
scoped_refptr<TransportSecurityState> state(
new TransportSecurityState);
TransportSecurityState::DomainState domain_state;
const base::Time current_time(base::Time::Now());
const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "google.com", true));
domain_state.expiry = expiry;
state->EnableHost("GOOgle.coM", domain_state);
EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "google.com", true));
}
TEST_F(TransportSecurityStateTest, MatchesCase2) {
scoped_refptr<TransportSecurityState> state(
new TransportSecurityState);
TransportSecurityState::DomainState domain_state;
const base::Time current_time(base::Time::Now());
const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "GOOgle.coM", true));
domain_state.expiry = expiry;
state->EnableHost("google.com", domain_state);
EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "GOOgle.coM", true));
}
TEST_F(TransportSecurityStateTest, SubdomainMatches) {
scoped_refptr<TransportSecurityState> state(
new TransportSecurityState);
TransportSecurityState::DomainState domain_state;
const base::Time current_time(base::Time::Now());
const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "google.com", true));
domain_state.expiry = expiry;
domain_state.include_subdomains = true;
state->EnableHost("google.com", domain_state);
EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "google.com", true));
EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "foo.google.com", true));
EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
"foo.bar.google.com",
true));
EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
"foo.bar.baz.google.com",
true));
EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "com", true));
}
TEST_F(TransportSecurityStateTest, Serialise1) {
scoped_refptr<TransportSecurityState> state(
new TransportSecurityState);
std::string output;
bool dirty;
state->Serialise(&output);
EXPECT_TRUE(state->LoadEntries(output, &dirty));
EXPECT_FALSE(dirty);
}
TEST_F(TransportSecurityStateTest, Serialise2) {
scoped_refptr<TransportSecurityState> state(
new TransportSecurityState);
TransportSecurityState::DomainState domain_state;
const base::Time current_time(base::Time::Now());
const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "google.com", true));
domain_state.mode = TransportSecurityState::DomainState::MODE_STRICT;
domain_state.expiry = expiry;
domain_state.include_subdomains = true;
state->EnableHost("google.com", domain_state);
std::string output;
bool dirty;
state->Serialise(&output);
EXPECT_TRUE(state->LoadEntries(output, &dirty));
EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "google.com", true));
EXPECT_EQ(domain_state.mode, TransportSecurityState::DomainState::MODE_STRICT);
EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "foo.google.com", true));
EXPECT_EQ(domain_state.mode, TransportSecurityState::DomainState::MODE_STRICT);
EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
"foo.bar.google.com",
true));
EXPECT_EQ(domain_state.mode, TransportSecurityState::DomainState::MODE_STRICT);
EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
"foo.bar.baz.google.com",
true));
EXPECT_EQ(domain_state.mode, TransportSecurityState::DomainState::MODE_STRICT);
EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "com", true));
}
TEST_F(TransportSecurityStateTest, Serialise3) {
scoped_refptr<TransportSecurityState> state(
new TransportSecurityState);
TransportSecurityState::DomainState domain_state;
const base::Time current_time(base::Time::Now());
const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "google.com", true));
domain_state.mode = TransportSecurityState::DomainState::MODE_OPPORTUNISTIC;
domain_state.expiry = expiry;
state->EnableHost("google.com", domain_state);
std::string output;
bool dirty;
state->Serialise(&output);
EXPECT_TRUE(state->LoadEntries(output, &dirty));
EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "google.com", true));
EXPECT_EQ(domain_state.mode,
TransportSecurityState::DomainState::MODE_OPPORTUNISTIC);
}
TEST_F(TransportSecurityStateTest, DeleteSince) {
scoped_refptr<TransportSecurityState> state(
new TransportSecurityState);
TransportSecurityState::DomainState domain_state;
const base::Time current_time(base::Time::Now());
const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
const base::Time older = current_time - base::TimeDelta::FromSeconds(1000);
EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "google.com", true));
domain_state.mode = TransportSecurityState::DomainState::MODE_STRICT;
domain_state.expiry = expiry;
state->EnableHost("google.com", domain_state);
state->DeleteSince(expiry);
EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "google.com", true));
state->DeleteSince(older);
EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "google.com", true));
}
TEST_F(TransportSecurityStateTest, DeleteHost) {
scoped_refptr<TransportSecurityState> state(
new TransportSecurityState);
TransportSecurityState::DomainState domain_state;
const base::Time current_time(base::Time::Now());
const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
domain_state.mode = TransportSecurityState::DomainState::MODE_STRICT;
domain_state.expiry = expiry;
state->EnableHost("google.com", domain_state);
EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "google.com", true));
EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "example.com", true));
EXPECT_TRUE(state->DeleteHost("google.com"));
EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "google.com", true));
}
TEST_F(TransportSecurityStateTest, SerialiseOld) {
scoped_refptr<TransportSecurityState> state(
new TransportSecurityState);
// This is an old-style piece of transport state JSON, which has no creation
// date.
std::string output =
"{ "
"\"NiyD+3J1r6z1wjl2n1ALBu94Zj9OsEAMo0kCN8js0Uk=\": {"
"\"expiry\": 1266815027.983453, "
"\"include_subdomains\": false, "
"\"mode\": \"strict\" "
"}"
"}";
bool dirty;
EXPECT_TRUE(state->LoadEntries(output, &dirty));
EXPECT_TRUE(dirty);
}
TEST_F(TransportSecurityStateTest, IsPreloaded) {
const std::string paypal =
TransportSecurityState::CanonicalizeHost("paypal.com");
const std::string www_paypal =
TransportSecurityState::CanonicalizeHost("www.paypal.com");
const std::string a_www_paypal =
TransportSecurityState::CanonicalizeHost("a.www.paypal.com");
const std::string abc_paypal =
TransportSecurityState::CanonicalizeHost("a.b.c.paypal.com");
const std::string example =
TransportSecurityState::CanonicalizeHost("example.com");
const std::string aypal =
TransportSecurityState::CanonicalizeHost("aypal.com");
TransportSecurityState::DomainState domain_state;
EXPECT_FALSE(TransportSecurityState::IsPreloadedSTS(
paypal, true, &domain_state));
EXPECT_TRUE(TransportSecurityState::IsPreloadedSTS(
www_paypal, true, &domain_state));
EXPECT_FALSE(domain_state.include_subdomains);
EXPECT_FALSE(TransportSecurityState::IsPreloadedSTS(
a_www_paypal, true, &domain_state));
EXPECT_FALSE(TransportSecurityState::IsPreloadedSTS(
abc_paypal, true, &domain_state));
EXPECT_FALSE(TransportSecurityState::IsPreloadedSTS(
example, true, &domain_state));
EXPECT_FALSE(TransportSecurityState::IsPreloadedSTS(
aypal, true, &domain_state));
}
TEST_F(TransportSecurityStateTest, Preloaded) {
scoped_refptr<TransportSecurityState> state(
new TransportSecurityState);
TransportSecurityState::DomainState domain_state;
EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "paypal.com", true));
EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.paypal.com", true));
EXPECT_EQ(domain_state.mode,
TransportSecurityState::DomainState::MODE_STRICT);
EXPECT_TRUE(domain_state.preloaded);
EXPECT_FALSE(domain_state.include_subdomains);
EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "www2.paypal.com", true));
EXPECT_FALSE(state->IsEnabledForHost(&domain_state,
"a.www.paypal.com",
true));
EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "elanex.biz", true));
EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.elanex.biz", true));
EXPECT_EQ(domain_state.mode,
TransportSecurityState::DomainState::MODE_STRICT);
EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "foo.elanex.biz", true));
EXPECT_FALSE(state->IsEnabledForHost(&domain_state,
"a.foo.elanex.biz",
true));
EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
"sunshinepress.org",
true));
EXPECT_EQ(domain_state.mode,
TransportSecurityState::DomainState::MODE_STRICT);
EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
"www.sunshinepress.org",
true));
EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
"a.b.sunshinepress.org",
true));
EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
"www.noisebridge.net",
true));
EXPECT_FALSE(state->IsEnabledForHost(&domain_state,
"noisebridge.net",
true));
EXPECT_FALSE(state->IsEnabledForHost(&domain_state,
"foo.noisebridge.net",
true));
EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "neg9.org", true));
EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "www.neg9.org", true));
EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "riseup.net", true));
EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "foo.riseup.net", true));
EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "factor.cc", true));
EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "www.factor.cc", true));
EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
"members.mayfirst.org",
true));
EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
"support.mayfirst.org",
true));
EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "id.mayfirst.org", true));
EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
"lists.mayfirst.org",
true));
EXPECT_FALSE(state->IsEnabledForHost(&domain_state,
"www.mayfirst.org",
true));
EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
"splendidbacon.com",
true));
EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
"www.splendidbacon.com",
true));
EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
"foo.splendidbacon.com",
true));
EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
"chrome.google.com",
true));
EXPECT_FALSE(state->IsEnabledForHost(&domain_state,
"foo.latest.chrome.google.com",
true));
EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
"latest.chrome.google.com",
true));
EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
"checkout.google.com",
true));
EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
"health.google.com",
true));
EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
"aladdinschools.appspot.com",
true));
EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "ottospora.nl", true));
EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.ottospora.nl", true));
EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "docs.google.com", true));
EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "sites.google.com", true));
EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
"spreadsheets.google.com",
true));
EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
"appengine.google.com",
true));
EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
"www.paycheckrecords.com",
true));
EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
"market.android.com",
true));
// The domain wasn't being set, leading to a blank string in the
// chrome://net-internals/#hsts UI. So test that.
EXPECT_EQ(domain_state.domain, "market.android.com");
EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
"sub.market.android.com",
true));
EXPECT_EQ(domain_state.domain, "market.android.com");
EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "lastpass.com", true));
EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.lastpass.com", true));
EXPECT_FALSE(state->IsEnabledForHost(&domain_state,
"blog.lastpass.com",
true));
EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "keyerror.com", true));
EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.keyerror.com", true));
EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
"encrypted.google.com",
true));
EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
"accounts.google.com",
true));
EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "entropia.de", true));
EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.entropia.de", true));
EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "foo.entropia.de", true));
EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "gmail.com", true));
EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.gmail.com", true));
EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "m.gmail.com", true));
EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "googlemail.com", true));
EXPECT_TRUE(state->IsEnabledForHost(&domain_state,
"www.googlemail.com",
true));
EXPECT_FALSE(state->IsEnabledForHost(&domain_state,
"m.googlemail.com",
true));
EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "gmail.com", false));
EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "www.gmail.com", false));
EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "m.gmail.com", false));
EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "googlemail.com", false));
EXPECT_FALSE(state->IsEnabledForHost(&domain_state,
"www.googlemail.com",
false));
EXPECT_FALSE(state->IsEnabledForHost(&domain_state,
"m.googlemail.com",
false));
}
TEST_F(TransportSecurityStateTest, LongNames) {
scoped_refptr<TransportSecurityState> state(
new TransportSecurityState);
const char kLongName[] =
"lookupByWaveIdHashAndWaveIdIdAndWaveIdDomainAndWaveletIdIdAnd"
"WaveletIdDomainAndBlipBlipid";
TransportSecurityState::DomainState domain_state;
// Just checks that we don't hit a NOTREACHED.
EXPECT_FALSE(state->IsEnabledForHost(&domain_state, kLongName, true));
}
TEST_F(TransportSecurityStateTest, PublicKeyHashes) {
scoped_refptr<TransportSecurityState> state(
new TransportSecurityState);
TransportSecurityState::DomainState domain_state;
EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "example.com", false));
std::vector<SHA1Fingerprint> hashes;
EXPECT_TRUE(domain_state.IsChainOfPublicKeysPermitted(hashes));
SHA1Fingerprint hash;
memset(hash.data, '1', sizeof(hash.data));
domain_state.public_key_hashes.push_back(hash);
EXPECT_FALSE(domain_state.IsChainOfPublicKeysPermitted(hashes));
hashes.push_back(hash);
EXPECT_TRUE(domain_state.IsChainOfPublicKeysPermitted(hashes));
hashes[0].data[0] = '2';
EXPECT_FALSE(domain_state.IsChainOfPublicKeysPermitted(hashes));
const base::Time current_time(base::Time::Now());
const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
domain_state.expiry = expiry;
state->EnableHost("example.com", domain_state);
std::string ser;
EXPECT_TRUE(state->Serialise(&ser));
bool dirty;
EXPECT_TRUE(state->LoadEntries(ser, &dirty));
EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "example.com", false));
EXPECT_EQ(1u, domain_state.public_key_hashes.size());
EXPECT_TRUE(0 == memcmp(domain_state.public_key_hashes[0].data, hash.data,
sizeof(hash.data)));
}
} // namespace net