diff options
author | Claudio Saavedra <csaavedra@igalia.com> | 2018-09-26 18:01:37 +0300 |
---|---|---|
committer | Claudio Saavedra <csaavedra@igalia.com> | 2019-05-22 14:59:14 +0000 |
commit | 1ee1f933ab3db67c0967124adebffd0513783415 (patch) | |
tree | 5c8f55986d383cc8d8bc1d90085a2c0bf47b4e0f /tests/hsts-test.c | |
parent | 4b3cc35d28b71172acd907d7cf3680a7674d25e8 (diff) | |
download | libsoup-1ee1f933ab3db67c0967124adebffd0513783415.tar.gz |
Ensure that hostnames in the HSTS enforcer are IDNA-canonicalized
The specification requires hostnames to be canonicalized before they
are processed by clients. Do this, add a comment about it to the
documentation, and add a couple of tests that mix ASCII-encoded
hostnames and IDNA-canonicalized ones.
Diffstat (limited to 'tests/hsts-test.c')
-rw-r--r-- | tests/hsts-test.c | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/tests/hsts-test.c b/tests/hsts-test.c index aba7859c..0f916e4b 100644 --- a/tests/hsts-test.c +++ b/tests/hsts-test.c @@ -432,6 +432,35 @@ do_hsts_session_policy_test (void) g_object_unref (enforcer); } +static void +on_idna_test_enforcer_changed (SoupHSTSEnforcer *enforcer, SoupHSTSPolicy *old, SoupHSTSPolicy *new, gpointer data) +{ + /* If NULL, then instead of replacing we're adding a new + * policy and somewhere we're failing to canonicalize a hostname. */ + g_assert_nonnull (old); + g_assert_cmpstr (old->domain, ==, new->domain); + /* Domains should not have punycoded segments at this point. */ + g_assert_false (g_hostname_is_ascii_encoded (old->domain)); +} + +static void +do_hsts_idna_addresses_test (void) +{ + SoupHSTSEnforcer *enforcer = soup_hsts_enforcer_new (); + + soup_hsts_enforcer_set_session_policy (enforcer, "áéí.com", FALSE); + soup_hsts_enforcer_set_session_policy (enforcer, "xn--6scagyk0fc4c.in", FALSE); + + g_assert_true (soup_hsts_enforcer_has_valid_policy (enforcer, "xn--1caqm.com")); + + g_signal_connect (enforcer, "changed", G_CALLBACK (on_idna_test_enforcer_changed), NULL); + + soup_hsts_enforcer_set_session_policy (enforcer, "xn--1caqm.com", TRUE); + soup_hsts_enforcer_set_session_policy (enforcer, "ನೆನಪಿರಲಿ.in", TRUE); + + g_object_unref (enforcer); +} + int main (int argc, char **argv) { @@ -473,6 +502,7 @@ main (int argc, char **argv) g_test_add_func ("/hsts/ip-address", do_hsts_ip_address_test); g_test_add_func ("/hsts/utf8-address", do_hsts_utf8_address_test); g_test_add_func ("/hsts/session-policy", do_hsts_session_policy_test); + g_test_add_func ("/hsts/idna-addresses", do_hsts_idna_addresses_test); ret = g_test_run (); |