| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/ssl/security_state_model.h" | 5 #include "chrome/browser/ssl/security_state_model.h" |
| 6 | 6 |
| 7 #include "chrome/test/base/chrome_render_view_host_test_harness.h" | 7 #include "chrome/test/base/chrome_render_view_host_test_harness.h" |
| 8 #include "chrome/test/base/testing_profile.h" | 8 #include "chrome/test/base/testing_profile.h" |
| 9 #include "content/public/browser/cert_store.h" | 9 #include "content/public/browser/cert_store.h" |
| 10 #include "content/public/test/mock_render_process_host.h" | 10 #include "content/public/test/mock_render_process_host.h" |
| (...skipping 26 matching lines...) Expand all Loading... |
| 37 | 37 |
| 38 // Tests that SHA1-signed certificates expiring in 2016 downgrade the | 38 // Tests that SHA1-signed certificates expiring in 2016 downgrade the |
| 39 // security state of the page. | 39 // security state of the page. |
| 40 TEST_F(SecurityStateModelTest, SHA1Warning) { | 40 TEST_F(SecurityStateModelTest, SHA1Warning) { |
| 41 GURL url(kUrl); | 41 GURL url(kUrl); |
| 42 Profile* test_profile = profile(); | 42 Profile* test_profile = profile(); |
| 43 SecurityStateModel::SecurityInfo security_info; | 43 SecurityStateModel::SecurityInfo security_info; |
| 44 content::SSLStatus ssl_status; | 44 content::SSLStatus ssl_status; |
| 45 ASSERT_NO_FATAL_FAILURE(GetTestSSLStatus(process()->GetID(), &ssl_status)); | 45 ASSERT_NO_FATAL_FAILURE(GetTestSSLStatus(process()->GetID(), &ssl_status)); |
| 46 SecurityStateModel::SecurityInfoForRequest(url, ssl_status, test_profile, | 46 SecurityStateModel::SecurityInfoForRequest(url, ssl_status, test_profile, |
| 47 &security_info); | 47 false, &security_info); |
| 48 EXPECT_EQ(SecurityStateModel::DEPRECATED_SHA1_MINOR, | 48 EXPECT_EQ(SecurityStateModel::DEPRECATED_SHA1_MINOR, |
| 49 security_info.sha1_deprecation_status); | 49 security_info.sha1_deprecation_status); |
| 50 EXPECT_EQ(SecurityStateModel::NONE, security_info.security_level); | 50 EXPECT_EQ(SecurityStateModel::NONE, security_info.security_level); |
| 51 } | 51 } |
| 52 | 52 |
| 53 // Tests that SHA1 warnings don't interfere with the handling of mixed | 53 // Tests that SHA1 warnings don't interfere with the handling of mixed |
| 54 // content. | 54 // content. |
| 55 TEST_F(SecurityStateModelTest, SHA1WarningMixedContent) { | 55 TEST_F(SecurityStateModelTest, SHA1WarningMixedContent) { |
| 56 GURL url(kUrl); | 56 GURL url(kUrl); |
| 57 Profile* test_profile = profile(); | 57 Profile* test_profile = profile(); |
| 58 SecurityStateModel::SecurityInfo security_info; | 58 SecurityStateModel::SecurityInfo security_info; |
| 59 content::SSLStatus ssl_status; | 59 content::SSLStatus ssl_status; |
| 60 ASSERT_NO_FATAL_FAILURE(GetTestSSLStatus(process()->GetID(), &ssl_status)); | 60 ASSERT_NO_FATAL_FAILURE(GetTestSSLStatus(process()->GetID(), &ssl_status)); |
| 61 ssl_status.content_status = content::SSLStatus::DISPLAYED_INSECURE_CONTENT; | 61 ssl_status.content_status = content::SSLStatus::DISPLAYED_INSECURE_CONTENT; |
| 62 SecurityStateModel::SecurityInfoForRequest(url, ssl_status, test_profile, | 62 SecurityStateModel::SecurityInfoForRequest(url, ssl_status, test_profile, |
| 63 &security_info); | 63 false, &security_info); |
| 64 EXPECT_EQ(SecurityStateModel::DEPRECATED_SHA1_MINOR, | 64 EXPECT_EQ(SecurityStateModel::DEPRECATED_SHA1_MINOR, |
| 65 security_info.sha1_deprecation_status); | 65 security_info.sha1_deprecation_status); |
| 66 EXPECT_EQ(SecurityStateModel::DISPLAYED_MIXED_CONTENT, | 66 EXPECT_EQ(SecurityStateModel::DISPLAYED_MIXED_CONTENT, |
| 67 security_info.mixed_content_status); | 67 security_info.mixed_content_status); |
| 68 EXPECT_EQ(SecurityStateModel::NONE, security_info.security_level); | 68 EXPECT_EQ(SecurityStateModel::NONE, security_info.security_level); |
| 69 | 69 |
| 70 ssl_status.security_style = content::SECURITY_STYLE_AUTHENTICATION_BROKEN; | 70 ssl_status.security_style = content::SECURITY_STYLE_AUTHENTICATION_BROKEN; |
| 71 ssl_status.content_status = content::SSLStatus::RAN_INSECURE_CONTENT; | 71 ssl_status.content_status = content::SSLStatus::RAN_INSECURE_CONTENT; |
| 72 SecurityStateModel::SecurityInfoForRequest(url, ssl_status, test_profile, | 72 SecurityStateModel::SecurityInfoForRequest(url, ssl_status, test_profile, |
| 73 &security_info); | 73 false, &security_info); |
| 74 EXPECT_EQ(SecurityStateModel::DEPRECATED_SHA1_MINOR, | 74 EXPECT_EQ(SecurityStateModel::DEPRECATED_SHA1_MINOR, |
| 75 security_info.sha1_deprecation_status); | 75 security_info.sha1_deprecation_status); |
| 76 EXPECT_EQ(SecurityStateModel::RAN_MIXED_CONTENT, | 76 EXPECT_EQ(SecurityStateModel::RAN_MIXED_CONTENT, |
| 77 security_info.mixed_content_status); | 77 security_info.mixed_content_status); |
| 78 EXPECT_EQ(SecurityStateModel::SECURITY_ERROR, security_info.security_level); | 78 EXPECT_EQ(SecurityStateModel::SECURITY_ERROR, security_info.security_level); |
| 79 } | 79 } |
| 80 | 80 |
| 81 // Tests that SHA1 warnings don't interfere with the handling of major | 81 // Tests that SHA1 warnings don't interfere with the handling of major |
| 82 // cert errors. | 82 // cert errors. |
| 83 TEST_F(SecurityStateModelTest, SHA1WarningBrokenHTTPS) { | 83 TEST_F(SecurityStateModelTest, SHA1WarningBrokenHTTPS) { |
| 84 GURL url(kUrl); | 84 GURL url(kUrl); |
| 85 Profile* test_profile = profile(); | 85 Profile* test_profile = profile(); |
| 86 SecurityStateModel::SecurityInfo security_info; | 86 SecurityStateModel::SecurityInfo security_info; |
| 87 content::SSLStatus ssl_status; | 87 content::SSLStatus ssl_status; |
| 88 ASSERT_NO_FATAL_FAILURE(GetTestSSLStatus(process()->GetID(), &ssl_status)); | 88 ASSERT_NO_FATAL_FAILURE(GetTestSSLStatus(process()->GetID(), &ssl_status)); |
| 89 ssl_status.security_style = content::SECURITY_STYLE_AUTHENTICATION_BROKEN; | 89 ssl_status.security_style = content::SECURITY_STYLE_AUTHENTICATION_BROKEN; |
| 90 ssl_status.cert_status |= net::CERT_STATUS_DATE_INVALID; | 90 ssl_status.cert_status |= net::CERT_STATUS_DATE_INVALID; |
| 91 SecurityStateModel::SecurityInfoForRequest(url, ssl_status, test_profile, | 91 SecurityStateModel::SecurityInfoForRequest(url, ssl_status, test_profile, |
| 92 &security_info); | 92 false, &security_info); |
| 93 EXPECT_EQ(SecurityStateModel::DEPRECATED_SHA1_MINOR, | 93 EXPECT_EQ(SecurityStateModel::DEPRECATED_SHA1_MINOR, |
| 94 security_info.sha1_deprecation_status); | 94 security_info.sha1_deprecation_status); |
| 95 EXPECT_EQ(SecurityStateModel::SECURITY_ERROR, security_info.security_level); | 95 EXPECT_EQ(SecurityStateModel::SECURITY_ERROR, security_info.security_level); |
| 96 } | 96 } |
| 97 | 97 |
| 98 // Tests that |security_info.is_secure_protocol_and_ciphersuite| is | 98 // Tests that |security_info.is_secure_protocol_and_ciphersuite| is |
| 99 // computed correctly. | 99 // computed correctly. |
| 100 TEST_F(SecurityStateModelTest, SecureProtocolAndCiphersuite) { | 100 TEST_F(SecurityStateModelTest, SecureProtocolAndCiphersuite) { |
| 101 GURL url(kUrl); | 101 GURL url(kUrl); |
| 102 Profile* test_profile = profile(); | 102 Profile* test_profile = profile(); |
| 103 SecurityStateModel::SecurityInfo security_info; | 103 SecurityStateModel::SecurityInfo security_info; |
| 104 content::SSLStatus ssl_status; | 104 content::SSLStatus ssl_status; |
| 105 ASSERT_NO_FATAL_FAILURE(GetTestSSLStatus(process()->GetID(), &ssl_status)); | 105 ASSERT_NO_FATAL_FAILURE(GetTestSSLStatus(process()->GetID(), &ssl_status)); |
| 106 // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 from | 106 // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 from |
| 107 // http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-param
eters-4 | 107 // http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-param
eters-4 |
| 108 const uint16 ciphersuite = 0xc02f; | 108 const uint16 ciphersuite = 0xc02f; |
| 109 ssl_status.connection_status = | 109 ssl_status.connection_status = |
| 110 (net::SSL_CONNECTION_VERSION_TLS1_2 << net::SSL_CONNECTION_VERSION_SHIFT); | 110 (net::SSL_CONNECTION_VERSION_TLS1_2 << net::SSL_CONNECTION_VERSION_SHIFT); |
| 111 net::SSLConnectionStatusSetCipherSuite(ciphersuite, | 111 net::SSLConnectionStatusSetCipherSuite(ciphersuite, |
| 112 &ssl_status.connection_status); | 112 &ssl_status.connection_status); |
| 113 SecurityStateModel::SecurityInfoForRequest(url, ssl_status, test_profile, | 113 SecurityStateModel::SecurityInfoForRequest(url, ssl_status, test_profile, |
| 114 &security_info); | 114 false, &security_info); |
| 115 EXPECT_TRUE(security_info.is_secure_protocol_and_ciphersuite); | 115 EXPECT_TRUE(security_info.is_secure_protocol_and_ciphersuite); |
| 116 } | 116 } |
| 117 | 117 |
| 118 TEST_F(SecurityStateModelTest, NonsecureProtocol) { | 118 TEST_F(SecurityStateModelTest, NonsecureProtocol) { |
| 119 GURL url(kUrl); | 119 GURL url(kUrl); |
| 120 Profile* test_profile = profile(); | 120 Profile* test_profile = profile(); |
| 121 SecurityStateModel::SecurityInfo security_info; | 121 SecurityStateModel::SecurityInfo security_info; |
| 122 content::SSLStatus ssl_status; | 122 content::SSLStatus ssl_status; |
| 123 ASSERT_NO_FATAL_FAILURE(GetTestSSLStatus(process()->GetID(), &ssl_status)); | 123 ASSERT_NO_FATAL_FAILURE(GetTestSSLStatus(process()->GetID(), &ssl_status)); |
| 124 // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 from | 124 // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 from |
| 125 // http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-param
eters-4 | 125 // http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-param
eters-4 |
| 126 const uint16 ciphersuite = 0xc02f; | 126 const uint16 ciphersuite = 0xc02f; |
| 127 ssl_status.connection_status = | 127 ssl_status.connection_status = |
| 128 (net::SSL_CONNECTION_VERSION_TLS1_1 << net::SSL_CONNECTION_VERSION_SHIFT); | 128 (net::SSL_CONNECTION_VERSION_TLS1_1 << net::SSL_CONNECTION_VERSION_SHIFT); |
| 129 net::SSLConnectionStatusSetCipherSuite(ciphersuite, | 129 net::SSLConnectionStatusSetCipherSuite(ciphersuite, |
| 130 &ssl_status.connection_status); | 130 &ssl_status.connection_status); |
| 131 SecurityStateModel::SecurityInfoForRequest(url, ssl_status, test_profile, | 131 SecurityStateModel::SecurityInfoForRequest(url, ssl_status, test_profile, |
| 132 &security_info); | 132 false, &security_info); |
| 133 EXPECT_FALSE(security_info.is_secure_protocol_and_ciphersuite); | 133 EXPECT_FALSE(security_info.is_secure_protocol_and_ciphersuite); |
| 134 } | 134 } |
| 135 | 135 |
| 136 TEST_F(SecurityStateModelTest, NonsecureCiphersuite) { | 136 TEST_F(SecurityStateModelTest, NonsecureCiphersuite) { |
| 137 GURL url(kUrl); | 137 GURL url(kUrl); |
| 138 Profile* test_profile = profile(); | 138 Profile* test_profile = profile(); |
| 139 SecurityStateModel::SecurityInfo security_info; | 139 SecurityStateModel::SecurityInfo security_info; |
| 140 content::SSLStatus ssl_status; | 140 content::SSLStatus ssl_status; |
| 141 ASSERT_NO_FATAL_FAILURE(GetTestSSLStatus(process()->GetID(), &ssl_status)); | 141 ASSERT_NO_FATAL_FAILURE(GetTestSSLStatus(process()->GetID(), &ssl_status)); |
| 142 // TLS_RSA_WITH_AES_128_CCM_8 from | 142 // TLS_RSA_WITH_AES_128_CCM_8 from |
| 143 // http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-param
eters-4 | 143 // http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-param
eters-4 |
| 144 const uint16 ciphersuite = 0xc0a0; | 144 const uint16 ciphersuite = 0xc0a0; |
| 145 ssl_status.connection_status = | 145 ssl_status.connection_status = |
| 146 (net::SSL_CONNECTION_VERSION_TLS1_2 << net::SSL_CONNECTION_VERSION_SHIFT); | 146 (net::SSL_CONNECTION_VERSION_TLS1_2 << net::SSL_CONNECTION_VERSION_SHIFT); |
| 147 net::SSLConnectionStatusSetCipherSuite(ciphersuite, | 147 net::SSLConnectionStatusSetCipherSuite(ciphersuite, |
| 148 &ssl_status.connection_status); | 148 &ssl_status.connection_status); |
| 149 SecurityStateModel::SecurityInfoForRequest(url, ssl_status, test_profile, | 149 SecurityStateModel::SecurityInfoForRequest(url, ssl_status, test_profile, |
| 150 &security_info); | 150 false, &security_info); |
| 151 EXPECT_FALSE(security_info.is_secure_protocol_and_ciphersuite); | 151 EXPECT_FALSE(security_info.is_secure_protocol_and_ciphersuite); |
| 152 } | 152 } |
| 153 | 153 |
| 154 } // namespace | 154 } // namespace |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1470813002:
Add SecurityStateModelClient interface and implementation (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master