| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/ssl/security_state_model.h" | 5 #include "components/security_state/security_state_model.h" |
| 6 | 6 |
| 7 #include "chrome/browser/ssl/security_state_model_client.h" | 7 #include "components/security_state/security_state_model_client.h" |
| 8 #include "chrome/test/base/chrome_render_view_host_test_harness.h" | |
| 9 #include "chrome/test/base/testing_profile.h" | |
| 10 #include "content/public/browser/cert_store.h" | |
| 11 #include "content/public/common/origin_util.h" | |
| 12 #include "content/public/test/mock_render_process_host.h" | |
| 13 #include "content/public/test/test_browser_thread_bundle.h" | |
| 14 #include "net/base/test_data_directory.h" | 8 #include "net/base/test_data_directory.h" |
| 15 #include "net/cert/x509_certificate.h" | 9 #include "net/cert/x509_certificate.h" |
| 16 #include "net/ssl/ssl_connection_status_flags.h" | 10 #include "net/ssl/ssl_connection_status_flags.h" |
| 17 #include "net/test/cert_test_util.h" | 11 #include "net/test/cert_test_util.h" |
| 18 #include "net/test/test_certificate_data.h" | 12 #include "net/test/test_certificate_data.h" |
| 19 #include "testing/gtest/include/gtest/gtest.h" | 13 #include "testing/gtest/include/gtest/gtest.h" |
| 20 | 14 |
| 15 namespace security_state { |
| 16 |
| 21 namespace { | 17 namespace { |
| 22 | 18 |
| 23 const char kUrl[] = "https://foo.test"; | 19 const char kUrl[] = "https://foo.test"; |
| 24 | 20 |
| 25 class TestSecurityStateModelClient : public SecurityStateModelClient { | 21 class TestSecurityStateModelClient : public SecurityStateModelClient { |
| 26 public: | 22 public: |
| 27 TestSecurityStateModelClient() | 23 TestSecurityStateModelClient() |
| 28 : initial_security_level_(SecurityStateModel::SECURE), | 24 : initial_security_level_(SecurityStateModel::SECURE), |
| 29 connection_status_(net::SSL_CONNECTION_VERSION_TLS1_2 | 25 connection_status_(net::SSL_CONNECTION_VERSION_TLS1_2 |
| 30 << net::SSL_CONNECTION_VERSION_SHIFT), | 26 << net::SSL_CONNECTION_VERSION_SHIFT), |
| (...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 71 } | 67 } |
| 72 | 68 |
| 73 bool RetrieveCert(scoped_refptr<net::X509Certificate>* cert) override { | 69 bool RetrieveCert(scoped_refptr<net::X509Certificate>* cert) override { |
| 74 *cert = cert_; | 70 *cert = cert_; |
| 75 return true; | 71 return true; |
| 76 } | 72 } |
| 77 | 73 |
| 78 bool UsedPolicyInstalledCertificate() override { return false; } | 74 bool UsedPolicyInstalledCertificate() override { return false; } |
| 79 | 75 |
| 80 bool IsOriginSecure(const GURL& url) override { | 76 bool IsOriginSecure(const GURL& url) override { |
| 81 return content::IsOriginSecure(url); | 77 return true; |
| 82 } | 78 } |
| 83 | 79 |
| 84 private: | 80 private: |
| 85 SecurityStateModel::SecurityLevel initial_security_level_; | 81 SecurityStateModel::SecurityLevel initial_security_level_; |
| 86 scoped_refptr<net::X509Certificate> cert_; | 82 scoped_refptr<net::X509Certificate> cert_; |
| 87 int connection_status_; | 83 int connection_status_; |
| 88 net::CertStatus cert_status_; | 84 net::CertStatus cert_status_; |
| 89 bool displayed_mixed_content_; | 85 bool displayed_mixed_content_; |
| 90 bool ran_mixed_content_; | 86 bool ran_mixed_content_; |
| 91 }; | 87 }; |
| 92 | 88 |
| 93 class SecurityStateModelTest : public ChromeRenderViewHostTestHarness {}; | |
| 94 | |
| 95 // Tests that SHA1-signed certificates expiring in 2016 downgrade the | 89 // Tests that SHA1-signed certificates expiring in 2016 downgrade the |
| 96 // security state of the page. | 90 // security state of the page. |
| 97 TEST_F(SecurityStateModelTest, SHA1Warning) { | 91 TEST(SecurityStateModelTest, SHA1Warning) { |
| 98 TestSecurityStateModelClient client; | 92 TestSecurityStateModelClient client; |
| 99 SecurityStateModel model; | 93 SecurityStateModel model; |
| 100 model.SetClient(&client); | 94 model.SetClient(&client); |
| 101 const SecurityStateModel::SecurityInfo& security_info = | 95 const SecurityStateModel::SecurityInfo& security_info = |
| 102 model.GetSecurityInfo(); | 96 model.GetSecurityInfo(); |
| 103 EXPECT_EQ(SecurityStateModel::DEPRECATED_SHA1_MINOR, | 97 EXPECT_EQ(SecurityStateModel::DEPRECATED_SHA1_MINOR, |
| 104 security_info.sha1_deprecation_status); | 98 security_info.sha1_deprecation_status); |
| 105 EXPECT_EQ(SecurityStateModel::NONE, security_info.security_level); | 99 EXPECT_EQ(SecurityStateModel::NONE, security_info.security_level); |
| 106 } | 100 } |
| 107 | 101 |
| 108 // Tests that SHA1 warnings don't interfere with the handling of mixed | 102 // Tests that SHA1 warnings don't interfere with the handling of mixed |
| 109 // content. | 103 // content. |
| 110 TEST_F(SecurityStateModelTest, SHA1WarningMixedContent) { | 104 TEST(SecurityStateModelTest, SHA1WarningMixedContent) { |
| 111 TestSecurityStateModelClient client; | 105 TestSecurityStateModelClient client; |
| 112 SecurityStateModel model; | 106 SecurityStateModel model; |
| 113 model.SetClient(&client); | 107 model.SetClient(&client); |
| 114 client.SetDisplayedMixedContent(true); | 108 client.SetDisplayedMixedContent(true); |
| 115 const SecurityStateModel::SecurityInfo& security_info1 = | 109 const SecurityStateModel::SecurityInfo& security_info1 = |
| 116 model.GetSecurityInfo(); | 110 model.GetSecurityInfo(); |
| 117 EXPECT_EQ(SecurityStateModel::DEPRECATED_SHA1_MINOR, | 111 EXPECT_EQ(SecurityStateModel::DEPRECATED_SHA1_MINOR, |
| 118 security_info1.sha1_deprecation_status); | 112 security_info1.sha1_deprecation_status); |
| 119 EXPECT_EQ(SecurityStateModel::DISPLAYED_MIXED_CONTENT, | 113 EXPECT_EQ(SecurityStateModel::DISPLAYED_MIXED_CONTENT, |
| 120 security_info1.mixed_content_status); | 114 security_info1.mixed_content_status); |
| 121 EXPECT_EQ(SecurityStateModel::NONE, security_info1.security_level); | 115 EXPECT_EQ(SecurityStateModel::NONE, security_info1.security_level); |
| 122 | 116 |
| 123 client.set_initial_security_level(SecurityStateModel::SECURITY_ERROR); | 117 client.set_initial_security_level(SecurityStateModel::SECURITY_ERROR); |
| 124 client.SetDisplayedMixedContent(false); | 118 client.SetDisplayedMixedContent(false); |
| 125 client.SetRanMixedContent(true); | 119 client.SetRanMixedContent(true); |
| 126 const SecurityStateModel::SecurityInfo& security_info2 = | 120 const SecurityStateModel::SecurityInfo& security_info2 = |
| 127 model.GetSecurityInfo(); | 121 model.GetSecurityInfo(); |
| 128 EXPECT_EQ(SecurityStateModel::DEPRECATED_SHA1_MINOR, | 122 EXPECT_EQ(SecurityStateModel::DEPRECATED_SHA1_MINOR, |
| 129 security_info2.sha1_deprecation_status); | 123 security_info2.sha1_deprecation_status); |
| 130 EXPECT_EQ(SecurityStateModel::RAN_MIXED_CONTENT, | 124 EXPECT_EQ(SecurityStateModel::RAN_MIXED_CONTENT, |
| 131 security_info2.mixed_content_status); | 125 security_info2.mixed_content_status); |
| 132 EXPECT_EQ(SecurityStateModel::SECURITY_ERROR, security_info2.security_level); | 126 EXPECT_EQ(SecurityStateModel::SECURITY_ERROR, security_info2.security_level); |
| 133 } | 127 } |
| 134 | 128 |
| 135 // Tests that SHA1 warnings don't interfere with the handling of major | 129 // Tests that SHA1 warnings don't interfere with the handling of major |
| 136 // cert errors. | 130 // cert errors. |
| 137 TEST_F(SecurityStateModelTest, SHA1WarningBrokenHTTPS) { | 131 TEST(SecurityStateModelTest, SHA1WarningBrokenHTTPS) { |
| 138 TestSecurityStateModelClient client; | 132 TestSecurityStateModelClient client; |
| 139 SecurityStateModel model; | 133 SecurityStateModel model; |
| 140 model.SetClient(&client); | 134 model.SetClient(&client); |
| 141 client.set_initial_security_level(SecurityStateModel::SECURITY_ERROR); | 135 client.set_initial_security_level(SecurityStateModel::SECURITY_ERROR); |
| 142 client.AddCertStatus(net::CERT_STATUS_DATE_INVALID); | 136 client.AddCertStatus(net::CERT_STATUS_DATE_INVALID); |
| 143 const SecurityStateModel::SecurityInfo& security_info = | 137 const SecurityStateModel::SecurityInfo& security_info = |
| 144 model.GetSecurityInfo(); | 138 model.GetSecurityInfo(); |
| 145 EXPECT_EQ(SecurityStateModel::DEPRECATED_SHA1_MINOR, | 139 EXPECT_EQ(SecurityStateModel::DEPRECATED_SHA1_MINOR, |
| 146 security_info.sha1_deprecation_status); | 140 security_info.sha1_deprecation_status); |
| 147 EXPECT_EQ(SecurityStateModel::SECURITY_ERROR, security_info.security_level); | 141 EXPECT_EQ(SecurityStateModel::SECURITY_ERROR, security_info.security_level); |
| 148 } | 142 } |
| 149 | 143 |
| 150 // Tests that |security_info.is_secure_protocol_and_ciphersuite| is | 144 // Tests that |security_info.is_secure_protocol_and_ciphersuite| is |
| 151 // computed correctly. | 145 // computed correctly. |
| 152 TEST_F(SecurityStateModelTest, SecureProtocolAndCiphersuite) { | 146 TEST(SecurityStateModelTest, SecureProtocolAndCiphersuite) { |
| 153 TestSecurityStateModelClient client; | 147 TestSecurityStateModelClient client; |
| 154 SecurityStateModel model; | 148 SecurityStateModel model; |
| 155 model.SetClient(&client); | 149 model.SetClient(&client); |
| 156 // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 from | 150 // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 from |
| 157 // http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-param
eters-4 | 151 // http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-param
eters-4 |
| 158 const uint16 ciphersuite = 0xc02f; | 152 const uint16 ciphersuite = 0xc02f; |
| 159 client.set_connection_status(net::SSL_CONNECTION_VERSION_TLS1_2 | 153 client.set_connection_status(net::SSL_CONNECTION_VERSION_TLS1_2 |
| 160 << net::SSL_CONNECTION_VERSION_SHIFT); | 154 << net::SSL_CONNECTION_VERSION_SHIFT); |
| 161 client.SetCipherSuite(ciphersuite); | 155 client.SetCipherSuite(ciphersuite); |
| 162 const SecurityStateModel::SecurityInfo& security_info = | 156 const SecurityStateModel::SecurityInfo& security_info = |
| 163 model.GetSecurityInfo(); | 157 model.GetSecurityInfo(); |
| 164 EXPECT_TRUE(security_info.is_secure_protocol_and_ciphersuite); | 158 EXPECT_TRUE(security_info.is_secure_protocol_and_ciphersuite); |
| 165 } | 159 } |
| 166 | 160 |
| 167 TEST_F(SecurityStateModelTest, NonsecureProtocol) { | 161 TEST(SecurityStateModelTest, NonsecureProtocol) { |
| 168 TestSecurityStateModelClient client; | 162 TestSecurityStateModelClient client; |
| 169 SecurityStateModel model; | 163 SecurityStateModel model; |
| 170 model.SetClient(&client); | 164 model.SetClient(&client); |
| 171 // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 from | 165 // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 from |
| 172 // http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-param
eters-4 | 166 // http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-param
eters-4 |
| 173 const uint16 ciphersuite = 0xc02f; | 167 const uint16 ciphersuite = 0xc02f; |
| 174 client.set_connection_status(net::SSL_CONNECTION_VERSION_TLS1_1 | 168 client.set_connection_status(net::SSL_CONNECTION_VERSION_TLS1_1 |
| 175 << net::SSL_CONNECTION_VERSION_SHIFT); | 169 << net::SSL_CONNECTION_VERSION_SHIFT); |
| 176 client.SetCipherSuite(ciphersuite); | 170 client.SetCipherSuite(ciphersuite); |
| 177 const SecurityStateModel::SecurityInfo& security_info = | 171 const SecurityStateModel::SecurityInfo& security_info = |
| 178 model.GetSecurityInfo(); | 172 model.GetSecurityInfo(); |
| 179 EXPECT_FALSE(security_info.is_secure_protocol_and_ciphersuite); | 173 EXPECT_FALSE(security_info.is_secure_protocol_and_ciphersuite); |
| 180 } | 174 } |
| 181 | 175 |
| 182 TEST_F(SecurityStateModelTest, NonsecureCiphersuite) { | 176 TEST(SecurityStateModelTest, NonsecureCiphersuite) { |
| 183 TestSecurityStateModelClient client; | 177 TestSecurityStateModelClient client; |
| 184 SecurityStateModel model; | 178 SecurityStateModel model; |
| 185 model.SetClient(&client); | 179 model.SetClient(&client); |
| 186 // TLS_RSA_WITH_AES_128_CCM_8 from | 180 // TLS_RSA_WITH_AES_128_CCM_8 from |
| 187 // http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-param
eters-4 | 181 // http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-param
eters-4 |
| 188 const uint16 ciphersuite = 0xc0a0; | 182 const uint16 ciphersuite = 0xc0a0; |
| 189 client.set_connection_status(net::SSL_CONNECTION_VERSION_TLS1_2 | 183 client.set_connection_status(net::SSL_CONNECTION_VERSION_TLS1_2 |
| 190 << net::SSL_CONNECTION_VERSION_SHIFT); | 184 << net::SSL_CONNECTION_VERSION_SHIFT); |
| 191 client.SetCipherSuite(ciphersuite); | 185 client.SetCipherSuite(ciphersuite); |
| 192 const SecurityStateModel::SecurityInfo& security_info = | 186 const SecurityStateModel::SecurityInfo& security_info = |
| 193 model.GetSecurityInfo(); | 187 model.GetSecurityInfo(); |
| 194 EXPECT_FALSE(security_info.is_secure_protocol_and_ciphersuite); | 188 EXPECT_FALSE(security_info.is_secure_protocol_and_ciphersuite); |
| 195 } | 189 } |
| 196 | 190 |
| 197 } // namespace | 191 } // namespace |
| 192 |
| 193 } // namespace security_state |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1539043002:
Pull SecurityStateModel out into a component (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master