| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "components/security_state/security_state_model.h" |
| 6 |
| 7 #include "components/security_state/security_state_model_delegate.h" |
| 8 #include "net/base/test_data_directory.h" |
| 9 #include "net/cert/x509_certificate.h" |
| 10 #include "net/ssl/ssl_connection_status_flags.h" |
| 11 #include "net/test/cert_test_util.h" |
| 12 #include "net/test/test_certificate_data.h" |
| 13 #include "testing/gtest/include/gtest/gtest.h" |
| 14 #include "url/gurl.h" |
| 15 |
| 16 namespace security_state { |
| 17 |
| 18 namespace { |
| 19 |
| 20 const char kUrl[] = "https://foo.test"; |
| 21 |
| 22 class TestSHA1SecurityStateModelDelegate : public SecurityStateModelDelegate { |
| 23 public: |
| 24 TestSHA1SecurityStateModelDelegate() |
| 25 : url_(kUrl), |
| 26 cert_(net::ImportCertFromFile(net::GetTestCertsDirectory(), |
| 27 "sha1_2016.pem")), |
| 28 security_level_(SECURE), |
| 29 cert_status_(net::CERT_STATUS_SHA1_SIGNATURE_PRESENT), |
| 30 ran_mixed_content_(false), |
| 31 displayed_mixed_content_(false) {} |
| 32 |
| 33 ~TestSHA1SecurityStateModelDelegate() override {} |
| 34 |
| 35 // SecurityStateModelDelegate overrides |
| 36 bool VisibleSecurityStateChanged() override { return true; } |
| 37 bool RetrieveCert(scoped_refptr<net::X509Certificate>* cert) override { |
| 38 *cert = cert_; |
| 39 return true; |
| 40 } |
| 41 SecurityLevel GetInitialSecurityLevel() override { return security_level_; } |
| 42 SecurityLevel GetSecurityLevelForNonSecure(const GURL& url) override { |
| 43 return NONE; |
| 44 } |
| 45 bool UsedKnownMITMCertificate() override { return false; } |
| 46 int GetCertId() override { return 1; } |
| 47 net::CertStatus GetCertStatus() override { return cert_status_; } |
| 48 int GetConnectionStatus() override { return connection_status_; } |
| 49 int GetSecurityBits() override { return 256; } |
| 50 const GURL& GetURL() override { return url_; } |
| 51 bool RanMixedContent() override { return ran_mixed_content_; } |
| 52 bool DisplayedMixedContent() override { return displayed_mixed_content_; } |
| 53 void GetSCTVerifyStatuses( |
| 54 std::vector<net::ct::SCTVerifyStatus>* sct_verify_statuses) override {} |
| 55 |
| 56 void AddCertStatus(net::CertStatus cert_status) { |
| 57 cert_status_ |= cert_status; |
| 58 } |
| 59 void set_connection_status(int connection_status) { |
| 60 connection_status_ = connection_status; |
| 61 } |
| 62 void SetCipherSuite(int ciphersuite) { |
| 63 net::SSLConnectionStatusSetCipherSuite(ciphersuite, &connection_status_); |
| 64 } |
| 65 void set_security_level(SecurityLevel level) { security_level_ = level; } |
| 66 void set_ran_mixed_content(bool ran_mixed_content) { |
| 67 ran_mixed_content_ = ran_mixed_content; |
| 68 } |
| 69 void set_displayed_mixed_content(bool displayed_mixed_content) { |
| 70 displayed_mixed_content_ = displayed_mixed_content; |
| 71 } |
| 72 |
| 73 private: |
| 74 GURL url_; |
| 75 scoped_refptr<net::X509Certificate> cert_; |
| 76 SecurityLevel security_level_; |
| 77 net::CertStatus cert_status_; |
| 78 int connection_status_; |
| 79 bool ran_mixed_content_; |
| 80 bool displayed_mixed_content_; |
| 81 }; |
| 82 |
| 83 // Tests that SHA1-signed certificates expiring in 2016 downgrade the |
| 84 // security state of the page. |
| 85 TEST(SecurityStateModelTest, SHA1Warning) { |
| 86 TestSHA1SecurityStateModelDelegate delegate; |
| 87 SecurityStateModel model; |
| 88 model.SetDelegate(&delegate); |
| 89 const SecurityInfo& security_info = model.GetSecurityInfo(); |
| 90 EXPECT_EQ(DEPRECATED_SHA1_MINOR, security_info.sha1_deprecation_status); |
| 91 EXPECT_EQ(NONE, security_info.security_level); |
| 92 } |
| 93 |
| 94 // Tests that SHA1 warnings don't interfere with the handling of mixed |
| 95 // content. |
| 96 TEST(SecurityStateModelTest, SHA1WarningMixedContent) { |
| 97 TestSHA1SecurityStateModelDelegate delegate; |
| 98 SecurityStateModel model; |
| 99 model.SetDelegate(&delegate); |
| 100 delegate.set_displayed_mixed_content(true); |
| 101 const SecurityInfo& security_info1 = model.GetSecurityInfo(); |
| 102 EXPECT_EQ(DEPRECATED_SHA1_MINOR, security_info1.sha1_deprecation_status); |
| 103 EXPECT_EQ(DISPLAYED_MIXED_CONTENT, security_info1.mixed_content_status); |
| 104 EXPECT_EQ(NONE, security_info1.security_level); |
| 105 |
| 106 delegate.set_security_level(SECURITY_ERROR); |
| 107 delegate.set_displayed_mixed_content(false); |
| 108 delegate.set_ran_mixed_content(true); |
| 109 const SecurityInfo& security_info2 = model.GetSecurityInfo(); |
| 110 EXPECT_EQ(DEPRECATED_SHA1_MINOR, security_info2.sha1_deprecation_status); |
| 111 EXPECT_EQ(RAN_MIXED_CONTENT, security_info2.mixed_content_status); |
| 112 EXPECT_EQ(SECURITY_ERROR, security_info2.security_level); |
| 113 } |
| 114 |
| 115 // Tests that SHA1 warnings don't interfere with the handling of major |
| 116 // cert errors. |
| 117 TEST(SecurityStateModelTest, SHA1WarningBrokenHTTPS) { |
| 118 TestSHA1SecurityStateModelDelegate delegate; |
| 119 SecurityStateModel model; |
| 120 model.SetDelegate(&delegate); |
| 121 delegate.set_security_level(SECURITY_ERROR); |
| 122 delegate.AddCertStatus(net::CERT_STATUS_DATE_INVALID); |
| 123 const SecurityInfo& security_info = model.GetSecurityInfo(); |
| 124 EXPECT_EQ(DEPRECATED_SHA1_MINOR, security_info.sha1_deprecation_status); |
| 125 EXPECT_EQ(SECURITY_ERROR, security_info.security_level); |
| 126 } |
| 127 |
| 128 // Tests that |security_info.is_secure_protocol_and_ciphersuite| is |
| 129 // computed correctly. |
| 130 TEST(SecurityStateModelTest, SecureProtocolAndCiphersuite) { |
| 131 TestSHA1SecurityStateModelDelegate delegate; |
| 132 SecurityStateModel model; |
| 133 model.SetDelegate(&delegate); |
| 134 delegate.set_connection_status((net::SSL_CONNECTION_VERSION_TLS1_2 |
| 135 << net::SSL_CONNECTION_VERSION_SHIFT)); |
| 136 // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 from |
| 137 // http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-param
eters-4 |
| 138 const uint16 ciphersuite = 0xc02f; |
| 139 delegate.SetCipherSuite(ciphersuite); |
| 140 |
| 141 const SecurityInfo& security_info = model.GetSecurityInfo(); |
| 142 EXPECT_TRUE(security_info.is_secure_protocol_and_ciphersuite); |
| 143 } |
| 144 |
| 145 TEST(SecurityStateModelTest, NonsecureProtocol) { |
| 146 TestSHA1SecurityStateModelDelegate delegate; |
| 147 SecurityStateModel model; |
| 148 model.SetDelegate(&delegate); |
| 149 delegate.set_connection_status((net::SSL_CONNECTION_VERSION_TLS1_1 |
| 150 << net::SSL_CONNECTION_VERSION_SHIFT)); |
| 151 // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 from |
| 152 // http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-param
eters-4 |
| 153 const uint16 ciphersuite = 0xc02f; |
| 154 delegate.SetCipherSuite(ciphersuite); |
| 155 |
| 156 const SecurityInfo& security_info = model.GetSecurityInfo(); |
| 157 EXPECT_FALSE(security_info.is_secure_protocol_and_ciphersuite); |
| 158 } |
| 159 |
| 160 TEST(SecurityStateModelTest, NonsecureCiphersuite) { |
| 161 TestSHA1SecurityStateModelDelegate delegate; |
| 162 SecurityStateModel model; |
| 163 model.SetDelegate(&delegate); |
| 164 delegate.set_connection_status((net::SSL_CONNECTION_VERSION_TLS1_1 |
| 165 << net::SSL_CONNECTION_VERSION_SHIFT)); |
| 166 // TLS_RSA_WITH_AES_128_CCM_8 from |
| 167 // http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-param
eters-4 |
| 168 const uint16 ciphersuite = 0xc02f; |
| 169 delegate.SetCipherSuite(ciphersuite); |
| 170 |
| 171 const SecurityInfo& security_info = model.GetSecurityInfo(); |
| 172 EXPECT_FALSE(security_info.is_secure_protocol_and_ciphersuite); |
| 173 } |
| 174 |
| 175 } // namespace |
| 176 |
| 177 } // namespace security_state |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1440303002:
Componentize SecurityStateModel (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master