/
DomainPinningPolicyTest.java
138 lines (117 loc) · 4.76 KB
/
DomainPinningPolicyTest.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
package com.datatheorem.android.trustkit.config;
import static junit.framework.Assert.assertEquals;
import static junit.framework.Assert.assertTrue;
import android.support.test.runner.AndroidJUnit4;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.Date;
import java.util.HashSet;
import java.util.Set;
import org.junit.Test;
import org.junit.runner.RunWith;
@RunWith(AndroidJUnit4.class)
public class DomainPinningPolicyTest {
private final static Set<String> pins = new HashSet<>();
static {
pins.add("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=");
pins.add("rFjc3wG7lTZe43zeYTvPq8k4xdDEutCmIhI5dn4oCeE=");
}
private final static Set<String> reportUris = new HashSet<>();
static {
reportUris.add("https://www.test.com");
reportUris.add("https://www.test2.com");
}
private final static Date date = new Date();
@Test
public void testValidPolicy() throws MalformedURLException {
// Given a valid policy for a domain
// When parsing it, it succeeds
DomainPinningPolicy policy = new DomainPinningPolicy(
"www.test.com", true, pins, true, date, reportUris, false
);
// And the right configuration was saved
assertEquals("www.test.com", policy.getHostname());
assertEquals(date, policy.getExpirationDate());
assertTrue(policy.shouldEnforcePinning());
assertTrue(policy.shouldIncludeSubdomains());
// And right pins were saved
Set<PublicKeyPin> expectedPins = new HashSet<>();
for (String pinStr : pins) {
expectedPins.add(new PublicKeyPin(pinStr));
}
assertEquals(expectedPins, policy.getPublicKeyPins());
// And the default report URI was added as shouldDisableDefaultReportUri is false
Set<URL> expectedReportUris = new HashSet<>();
for (String uriStr : reportUris) {
expectedReportUris.add(new URL(uriStr));
}
expectedReportUris.add(new URL("https://overmind.datatheorem.com/trustkit/report"));
assertEquals(expectedReportUris, policy.getReportUris());
}
@Test
public void testValidPolicyInternationalizeHostname() throws MalformedURLException {
// Given a valid policy for a domain name with international characters
String internationalDomain = "českárepublika.icom.museum";
// When parsing it, it succeeds
DomainPinningPolicy policy = new DomainPinningPolicy(
internationalDomain, true, pins, true, date, reportUris, false
);
assertEquals(policy.getHostname(), internationalDomain);
}
);
assertEquals(policy.getHostname(), "českárepublika.icom.museum");
}
@Test
public void testBadPolicyOnlyOnePin() throws MalformedURLException {
// Given a bad policy for a domain that only has one pin
Set<String> badPins = new HashSet<>();
badPins.add("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=");
// When parsing it, it fails
boolean didReceiveConfigError = false;
try {
new DomainPinningPolicy("www.test.com", true, badPins, true, date, reportUris, false);
} catch (ConfigurationException e) {
if (e.getMessage().startsWith("Less than two pins")) {
didReceiveConfigError = true;
} else {
throw e;
}
}
assertTrue(didReceiveConfigError);
}
@Test
public void testNoPinsButPinningEnforceDisabledShouldBeValid() throws MalformedURLException {
// Given a bad policy for a domain that has one pins at all
Set<String> emptyPins = new HashSet<>();
boolean didReceivedConfigError = false;
// When parsing it, it fails
try {
new DomainPinningPolicy("www.test.com", true, emptyPins, true, date, reportUris, false);
} catch (ConfigurationException e) {
if (e.getMessage().startsWith("An empty pin-set")) {
didReceivedConfigError = true;
} else {
throw e;
}
}
assertTrue(didReceivedConfigError);
}
@Test
public void testBadPolicyPinTld() throws MalformedURLException {
// Given a policy for an invalid domain
String badDomain = ".com";
// When parsing it, it fails
boolean didReceiveConfigError = false;
try {
new DomainPinningPolicy(badDomain, true, pins, true, date, reportUris, false);
}
catch (ConfigurationException e) {
if (e.getMessage().startsWith("Tried to pin an invalid domain")) {
didReceiveConfigError = true;
} else {
throw e;
}
}
assertTrue(didReceiveConfigError);
}
}