1 // Copyright 2010 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/http/url_security_manager.h"
6
7 #include <utility>
8
9 #include "net/base/net_errors.h"
10 #include "net/http/http_auth_filter.h"
11 #include "testing/gtest/include/gtest/gtest.h"
12 #include "url/gurl.h"
13 #include "url/scheme_host_port.h"
14
15 namespace net {
16
17 namespace {
18
19 struct TestData {
20 const char* const scheme_host_port;
21 bool succeds_in_windows_default;
22 bool succeeds_in_allowlist;
23 };
24
25 const char kTestAuthAllowlist[] = "*example.com,*foobar.com,baz";
26
27 // Under Windows the following will be allowed by default:
28 // localhost
29 // host names without a period.
30 // In Posix systems (or on Windows if an allowlist is specified explicitly),
31 // everything depends on the allowlist.
32 const TestData kTestDataList[] = {
33 { "http://localhost", true, false },
34 { "http://bat", true, false },
35 { "http://www.example.com", false, true },
36 { "http://example.com", false, true },
37 { "http://foobar.com", false, true },
38 { "http://boo.foobar.com", false, true },
39 { "http://baz", true, true },
40 { "http://www.exampl.com", false, false },
41 { "http://example.org", false, false },
42 { "http://foobar.net", false, false },
43 { "http://boo.fubar.com", false, false },
44 };
45
46 } // namespace
47
TEST(URLSecurityManager,UseDefaultCredentials)48 TEST(URLSecurityManager, UseDefaultCredentials) {
49 auto auth_filter =
50 std::make_unique<HttpAuthFilterAllowlist>(kTestAuthAllowlist);
51 ASSERT_TRUE(auth_filter);
52 // The URL security manager takes ownership of |auth_filter|.
53 std::unique_ptr<URLSecurityManager> url_security_manager(
54 URLSecurityManager::Create());
55 url_security_manager->SetDefaultAllowlist(std::move(auth_filter));
56 ASSERT_TRUE(url_security_manager.get());
57
58 for (size_t i = 0; i < std::size(kTestDataList); ++i) {
59 url::SchemeHostPort scheme_host_port(
60 GURL(kTestDataList[i].scheme_host_port));
61 bool can_use_default =
62 url_security_manager->CanUseDefaultCredentials(scheme_host_port);
63
64 EXPECT_EQ(kTestDataList[i].succeeds_in_allowlist, can_use_default)
65 << " Run: " << i << " scheme_host_port: '"
66 << scheme_host_port.Serialize() << "'";
67 }
68 }
69
TEST(URLSecurityManager,CanDelegate)70 TEST(URLSecurityManager, CanDelegate) {
71 auto auth_filter =
72 std::make_unique<HttpAuthFilterAllowlist>(kTestAuthAllowlist);
73 ASSERT_TRUE(auth_filter);
74 // The URL security manager takes ownership of |auth_filter|.
75 std::unique_ptr<URLSecurityManager> url_security_manager(
76 URLSecurityManager::Create());
77 url_security_manager->SetDelegateAllowlist(std::move(auth_filter));
78 ASSERT_TRUE(url_security_manager.get());
79
80 for (size_t i = 0; i < std::size(kTestDataList); ++i) {
81 url::SchemeHostPort scheme_host_port(
82 GURL(kTestDataList[i].scheme_host_port));
83 bool can_delegate = url_security_manager->CanDelegate(scheme_host_port);
84 EXPECT_EQ(kTestDataList[i].succeeds_in_allowlist, can_delegate)
85 << " Run: " << i << " scheme_host_port: '"
86 << scheme_host_port.Serialize() << "'";
87 }
88 }
89
TEST(URLSecurityManager,CanDelegate_NoAllowlist)90 TEST(URLSecurityManager, CanDelegate_NoAllowlist) {
91 // Nothing can delegate in this case.
92 std::unique_ptr<URLSecurityManager> url_security_manager(
93 URLSecurityManager::Create());
94 ASSERT_TRUE(url_security_manager.get());
95
96 for (const auto& test : kTestDataList) {
97 url::SchemeHostPort scheme_host_port(GURL(test.scheme_host_port));
98 bool can_delegate = url_security_manager->CanDelegate(scheme_host_port);
99 EXPECT_FALSE(can_delegate);
100 }
101 }
102
103 } // namespace net
104