OLD | NEW |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "components/security_state/security_state_model.h" | 5 #include "components/security_state/security_state_model.h" |
6 | 6 |
7 #include <stdint.h> | 7 #include <stdint.h> |
8 | 8 |
9 #include "components/security_state/security_state_model_client.h" | 9 #include "components/security_state/security_state_model_client.h" |
10 #include "net/cert/x509_certificate.h" | 10 #include "net/cert/x509_certificate.h" |
| 11 #include "net/ssl/ssl_cipher_suite_names.h" |
11 #include "net/ssl/ssl_connection_status_flags.h" | 12 #include "net/ssl/ssl_connection_status_flags.h" |
12 #include "net/test/cert_test_util.h" | 13 #include "net/test/cert_test_util.h" |
13 #include "net/test/test_certificate_data.h" | 14 #include "net/test/test_certificate_data.h" |
14 #include "net/test/test_data_directory.h" | 15 #include "net/test/test_data_directory.h" |
15 #include "testing/gtest/include/gtest/gtest.h" | 16 #include "testing/gtest/include/gtest/gtest.h" |
16 | 17 |
17 namespace security_state { | 18 namespace security_state { |
18 | 19 |
19 namespace { | 20 namespace { |
20 | 21 |
(...skipping 135 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
156 SecurityStateModel model; | 157 SecurityStateModel model; |
157 model.SetClient(&client); | 158 model.SetClient(&client); |
158 // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 from | 159 // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 from |
159 // http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-param
eters-4 | 160 // http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-param
eters-4 |
160 const uint16_t ciphersuite = 0xc02f; | 161 const uint16_t ciphersuite = 0xc02f; |
161 client.set_connection_status(net::SSL_CONNECTION_VERSION_TLS1_2 | 162 client.set_connection_status(net::SSL_CONNECTION_VERSION_TLS1_2 |
162 << net::SSL_CONNECTION_VERSION_SHIFT); | 163 << net::SSL_CONNECTION_VERSION_SHIFT); |
163 client.SetCipherSuite(ciphersuite); | 164 client.SetCipherSuite(ciphersuite); |
164 const SecurityStateModel::SecurityInfo& security_info = | 165 const SecurityStateModel::SecurityInfo& security_info = |
165 model.GetSecurityInfo(); | 166 model.GetSecurityInfo(); |
166 EXPECT_TRUE(security_info.is_secure_protocol_and_ciphersuite); | 167 EXPECT_EQ(net::OBSOLETE_SSL_NONE, security_info.obsolete_ssl_status); |
167 } | 168 } |
168 | 169 |
169 TEST(SecurityStateModelTest, NonsecureProtocol) { | 170 TEST(SecurityStateModelTest, NonsecureProtocol) { |
170 TestSecurityStateModelClient client; | 171 TestSecurityStateModelClient client; |
171 SecurityStateModel model; | 172 SecurityStateModel model; |
172 model.SetClient(&client); | 173 model.SetClient(&client); |
173 // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 from | 174 // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 from |
174 // http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-param
eters-4 | 175 // http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-param
eters-4 |
175 const uint16_t ciphersuite = 0xc02f; | 176 const uint16_t ciphersuite = 0xc02f; |
176 client.set_connection_status(net::SSL_CONNECTION_VERSION_TLS1_1 | 177 client.set_connection_status(net::SSL_CONNECTION_VERSION_TLS1_1 |
177 << net::SSL_CONNECTION_VERSION_SHIFT); | 178 << net::SSL_CONNECTION_VERSION_SHIFT); |
178 client.SetCipherSuite(ciphersuite); | 179 client.SetCipherSuite(ciphersuite); |
179 const SecurityStateModel::SecurityInfo& security_info = | 180 const SecurityStateModel::SecurityInfo& security_info = |
180 model.GetSecurityInfo(); | 181 model.GetSecurityInfo(); |
181 EXPECT_FALSE(security_info.is_secure_protocol_and_ciphersuite); | 182 EXPECT_EQ(net::OBSOLETE_SSL_MASK_PROTOCOL, security_info.obsolete_ssl_status); |
182 } | 183 } |
183 | 184 |
184 TEST(SecurityStateModelTest, NonsecureCiphersuite) { | 185 TEST(SecurityStateModelTest, NonsecureCiphersuite) { |
185 TestSecurityStateModelClient client; | 186 TestSecurityStateModelClient client; |
186 SecurityStateModel model; | 187 SecurityStateModel model; |
187 model.SetClient(&client); | 188 model.SetClient(&client); |
188 // TLS_RSA_WITH_AES_128_CCM_8 from | 189 // TLS_RSA_WITH_AES_128_CCM_8 from |
189 // http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-param
eters-4 | 190 // http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-param
eters-4 |
190 const uint16_t ciphersuite = 0xc0a0; | 191 const uint16_t ciphersuite = 0xc0a0; |
191 client.set_connection_status(net::SSL_CONNECTION_VERSION_TLS1_2 | 192 client.set_connection_status(net::SSL_CONNECTION_VERSION_TLS1_2 |
192 << net::SSL_CONNECTION_VERSION_SHIFT); | 193 << net::SSL_CONNECTION_VERSION_SHIFT); |
193 client.SetCipherSuite(ciphersuite); | 194 client.SetCipherSuite(ciphersuite); |
194 const SecurityStateModel::SecurityInfo& security_info = | 195 const SecurityStateModel::SecurityInfo& security_info = |
195 model.GetSecurityInfo(); | 196 model.GetSecurityInfo(); |
196 EXPECT_FALSE(security_info.is_secure_protocol_and_ciphersuite); | 197 EXPECT_EQ(net::OBSOLETE_SSL_MASK_KEY_EXCHANGE | net::OBSOLETE_SSL_MASK_CIPHER, |
| 198 security_info.obsolete_ssl_status); |
197 } | 199 } |
198 | 200 |
199 // Tests that the malware/phishing status is set, and it overrides valid HTTPS. | 201 // Tests that the malware/phishing status is set, and it overrides valid HTTPS. |
200 TEST(SecurityStateModelTest, MalwareOverride) { | 202 TEST(SecurityStateModelTest, MalwareOverride) { |
201 TestSecurityStateModelClient client; | 203 TestSecurityStateModelClient client; |
202 SecurityStateModel model; | 204 SecurityStateModel model; |
203 model.SetClient(&client); | 205 model.SetClient(&client); |
204 // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 from | 206 // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 from |
205 // http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-param
eters-4 | 207 // http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-param
eters-4 |
206 const uint16_t ciphersuite = 0xc02f; | 208 const uint16_t ciphersuite = 0xc02f; |
(...skipping 16 matching lines...) Expand all Loading... |
223 client.set_fails_malware_check(true); | 225 client.set_fails_malware_check(true); |
224 const SecurityStateModel::SecurityInfo& security_info = | 226 const SecurityStateModel::SecurityInfo& security_info = |
225 model.GetSecurityInfo(); | 227 model.GetSecurityInfo(); |
226 EXPECT_TRUE(security_info.fails_malware_check); | 228 EXPECT_TRUE(security_info.fails_malware_check); |
227 EXPECT_EQ(SecurityStateModel::SECURITY_ERROR, security_info.security_level); | 229 EXPECT_EQ(SecurityStateModel::SECURITY_ERROR, security_info.security_level); |
228 } | 230 } |
229 | 231 |
230 } // namespace | 232 } // namespace |
231 | 233 |
232 } // namespace security_state | 234 } // namespace security_state |
OLD | NEW |