chrome/browser/ssl/security_state_model_unittest.cc - Issue 1440303002: Componentize SecurityStateModel

Side by Side Diff: chrome/browser/ssl/security_state_model_unittest.cc

Issue 1440303002: Componentize SecurityStateModel (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: android/cros fixes Created 5 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
	(Empty)
1 // Copyright 2015 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.

4

5 #include "chrome/browser/ssl/security_state_model.h"

6

7 #include "chrome/test/base/chrome_render_view_host_test_harness.h"

8 #include "chrome/test/base/testing_profile.h"

9 #include "content/public/browser/cert_store.h"

10 #include "content/public/test/mock_render_process_host.h"

11 #include "content/public/test/test_browser_thread_bundle.h"

12 #include "net/base/test_data_directory.h"

13 #include "net/cert/x509_certificate.h"

14 #include "net/ssl/ssl_connection_status_flags.h"

15 #include "net/test/cert_test_util.h"

16 #include "net/test/test_certificate_data.h"

17 #include "testing/gtest/include/gtest/gtest.h"

18

19 namespace {

20

21 const char kUrl[] = "https://foo.test";

22

23 void GetTestSSLStatus(int process_id, content::SSLStatus* ssl_status) {

24 content::CertStore* cert_store = content::CertStore::GetInstance();

25 const scoped_refptr<net::X509Certificate>& cert =

26 net::ImportCertFromFile(net::GetTestCertsDirectory(), "sha1_2016.pem");

27 ASSERT_TRUE(cert);

28 ssl_status->cert_id = cert_store->StoreCert(cert.get(), process_id);

29 EXPECT_GT(ssl_status->cert_id, 0);

30 ssl_status->cert_status = net::CERT_STATUS_SHA1_SIGNATURE_PRESENT;

31 ssl_status->security_bits = 256;

32 ssl_status->connection_status = net::SSL_CONNECTION_VERSION_TLS1_2

33 << net::SSL_CONNECTION_VERSION_SHIFT;

34 }

35

36 class SecurityStateModelTest : public ChromeRenderViewHostTestHarness {};

37

38 // Tests that SHA1-signed certificates expiring in 2016 downgrade the

39 // security state of the page.

40 TEST_F(SecurityStateModelTest, SHA1Warning) {

41 GURL url(kUrl);

42 Profile* test_profile = profile();

43 SecurityStateModel::SecurityInfo security_info;

44 content::SSLStatus ssl_status;

45 ASSERT_NO_FATAL_FAILURE(GetTestSSLStatus(process()->GetID(), &ssl_status));

46 SecurityStateModel::SecurityInfoForRequest(url, ssl_status, test_profile,

47 &security_info);

48 EXPECT_EQ(SecurityStateModel::DEPRECATED_SHA1_MINOR,

49 security_info.sha1_deprecation_status);

50 EXPECT_EQ(SecurityStateModel::NONE, security_info.security_level);

51 }

52

53 // Tests that SHA1 warnings don't interfere with the handling of mixed

54 // content.

55 TEST_F(SecurityStateModelTest, SHA1WarningMixedContent) {

56 GURL url(kUrl);

57 Profile* test_profile = profile();

58 SecurityStateModel::SecurityInfo security_info;

59 content::SSLStatus ssl_status;

60 ASSERT_NO_FATAL_FAILURE(GetTestSSLStatus(process()->GetID(), &ssl_status));

61 ssl_status.content_status = content::SSLStatus::DISPLAYED_INSECURE_CONTENT;

62 SecurityStateModel::SecurityInfoForRequest(url, ssl_status, test_profile,

63 &security_info);

64 EXPECT_EQ(SecurityStateModel::DEPRECATED_SHA1_MINOR,

65 security_info.sha1_deprecation_status);

66 EXPECT_EQ(SecurityStateModel::DISPLAYED_MIXED_CONTENT,

67 security_info.mixed_content_status);

68 EXPECT_EQ(SecurityStateModel::NONE, security_info.security_level);

69

70 ssl_status.security_style = content::SECURITY_STYLE_AUTHENTICATION_BROKEN;

71 ssl_status.content_status = content::SSLStatus::RAN_INSECURE_CONTENT;

72 SecurityStateModel::SecurityInfoForRequest(url, ssl_status, test_profile,

73 &security_info);

74 EXPECT_EQ(SecurityStateModel::DEPRECATED_SHA1_MINOR,

75 security_info.sha1_deprecation_status);

76 EXPECT_EQ(SecurityStateModel::RAN_MIXED_CONTENT,

77 security_info.mixed_content_status);

78 EXPECT_EQ(SecurityStateModel::SECURITY_ERROR, security_info.security_level);

79 }

80

81 // Tests that SHA1 warnings don't interfere with the handling of major

82 // cert errors.

83 TEST_F(SecurityStateModelTest, SHA1WarningBrokenHTTPS) {

84 GURL url(kUrl);

85 Profile* test_profile = profile();

86 SecurityStateModel::SecurityInfo security_info;

87 content::SSLStatus ssl_status;

88 ASSERT_NO_FATAL_FAILURE(GetTestSSLStatus(process()->GetID(), &ssl_status));

89 ssl_status.security_style = content::SECURITY_STYLE_AUTHENTICATION_BROKEN;

90 ssl_status.cert_status \|= net::CERT_STATUS_DATE_INVALID;

91 SecurityStateModel::SecurityInfoForRequest(url, ssl_status, test_profile,

92 &security_info);

93 EXPECT_EQ(SecurityStateModel::DEPRECATED_SHA1_MINOR,

94 security_info.sha1_deprecation_status);

95 EXPECT_EQ(SecurityStateModel::SECURITY_ERROR, security_info.security_level);

96 }

97

98 // Tests that \|security_info.is_secure_protocol_and_ciphersuite\| is

99 // computed correctly.

100 TEST_F(SecurityStateModelTest, SecureProtocolAndCiphersuite) {

101 GURL url(kUrl);

102 Profile* test_profile = profile();

103 SecurityStateModel::SecurityInfo security_info;

104 content::SSLStatus ssl_status;

105 ASSERT_NO_FATAL_FAILURE(GetTestSSLStatus(process()->GetID(), &ssl_status));

106 // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 from

107 // http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-param eters-4

108 const uint16 ciphersuite = 0xc02f;

109 ssl_status.connection_status =

110 (net::SSL_CONNECTION_VERSION_TLS1_2 << net::SSL_CONNECTION_VERSION_SHIFT);

111 net::SSLConnectionStatusSetCipherSuite(ciphersuite,

112 &ssl_status.connection_status);

113 SecurityStateModel::SecurityInfoForRequest(url, ssl_status, test_profile,

114 &security_info);

115 EXPECT_TRUE(security_info.is_secure_protocol_and_ciphersuite);

116 }

117

118 TEST_F(SecurityStateModelTest, NonsecureProtocol) {

119 GURL url(kUrl);

120 Profile* test_profile = profile();

121 SecurityStateModel::SecurityInfo security_info;

122 content::SSLStatus ssl_status;

123 ASSERT_NO_FATAL_FAILURE(GetTestSSLStatus(process()->GetID(), &ssl_status));

124 // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 from

125 // http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-param eters-4

126 const uint16 ciphersuite = 0xc02f;

127 ssl_status.connection_status =

128 (net::SSL_CONNECTION_VERSION_TLS1_1 << net::SSL_CONNECTION_VERSION_SHIFT);

129 net::SSLConnectionStatusSetCipherSuite(ciphersuite,

130 &ssl_status.connection_status);

131 SecurityStateModel::SecurityInfoForRequest(url, ssl_status, test_profile,

132 &security_info);

133 EXPECT_FALSE(security_info.is_secure_protocol_and_ciphersuite);

134 }

135

136 TEST_F(SecurityStateModelTest, NonsecureCiphersuite) {

137 GURL url(kUrl);

138 Profile* test_profile = profile();

139 SecurityStateModel::SecurityInfo security_info;

140 content::SSLStatus ssl_status;

141 ASSERT_NO_FATAL_FAILURE(GetTestSSLStatus(process()->GetID(), &ssl_status));

142 // TLS_RSA_WITH_AES_128_CCM_8 from

143 // http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-param eters-4

144 const uint16 ciphersuite = 0xc0a0;

145 ssl_status.connection_status =

146 (net::SSL_CONNECTION_VERSION_TLS1_2 << net::SSL_CONNECTION_VERSION_SHIFT);

147 net::SSLConnectionStatusSetCipherSuite(ciphersuite,

148 &ssl_status.connection_status);

149 SecurityStateModel::SecurityInfoForRequest(url, ssl_status, test_profile,

150 &security_info);

151 EXPECT_FALSE(security_info.is_secure_protocol_and_ciphersuite);

152 }

153

154 } // namespace

OLD	NEW

« no previous file with comments | « chrome/browser/ssl/security_state_model_browser_tests.cc ('k') | chrome/browser/ssl/ssl_browser_tests.cc » ('j') | no next file with comments »