| Index: chrome/browser/ssl/chrome_security_state_model_client_browser_tests.cc
|
| diff --git a/chrome/browser/ssl/chrome_security_state_model_client_browser_tests.cc b/chrome/browser/ssl/chrome_security_state_model_client_browser_tests.cc
|
| index ca2331d233787e1ef7e3248a842871cc0158acd7..e7c25a71c9fee762ae797a29b008fb0b80bc054d 100644
|
| --- a/chrome/browser/ssl/chrome_security_state_model_client_browser_tests.cc
|
| +++ b/chrome/browser/ssl/chrome_security_state_model_client_browser_tests.cc
|
| @@ -158,11 +158,36 @@ void CheckSecureExplanations(
|
| EXPECT_EQ(cert_id, secure_explanations[0].cert_id);
|
| }
|
|
|
| - EXPECT_EQ(l10n_util::GetStringUTF8(IDS_SECURE_PROTOCOL_AND_CIPHERSUITE),
|
| + EXPECT_EQ(l10n_util::GetStringUTF8(IDS_STRONG_SSL_SUMMARY),
|
| secure_explanations.back().summary);
|
| - EXPECT_EQ(
|
| - l10n_util::GetStringUTF8(IDS_SECURE_PROTOCOL_AND_CIPHERSUITE_DESCRIPTION),
|
| - secure_explanations.back().description);
|
| +
|
| + content::WebContents* web_contents =
|
| + browser->tab_strip_model()->GetActiveWebContents();
|
| + const SecurityStateModel::SecurityInfo& security_info =
|
| + ChromeSecurityStateModelClient::FromWebContents(web_contents)
|
| + ->GetSecurityInfo();
|
| +
|
| + const char *protocol, *key_exchange, *cipher, *mac;
|
| + int ssl_version =
|
| + net::SSLConnectionStatusToVersion(security_info.connection_status);
|
| + net::SSLVersionToString(&protocol, ssl_version);
|
| + bool is_aead;
|
| + uint16_t cipher_suite =
|
| + net::SSLConnectionStatusToCipherSuite(security_info.connection_status);
|
| + net::SSLCipherSuiteToStrings(&key_exchange, &cipher, &mac, &is_aead,
|
| + cipher_suite);
|
| + EXPECT_TRUE(is_aead);
|
| + EXPECT_EQ(NULL, mac); // The default secure cipher does not have a MAC.
|
| +
|
| + std::vector<base::string16> description_replacements;
|
| + description_replacements.push_back(base::ASCIIToUTF16(protocol));
|
| + description_replacements.push_back(base::ASCIIToUTF16(key_exchange));
|
| + description_replacements.push_back(base::ASCIIToUTF16(cipher));
|
| + base::string16 secure_description = l10n_util::GetStringFUTF16(
|
| + IDS_STRONG_SSL_DESCRIPTION, description_replacements, nullptr);
|
| +
|
| + EXPECT_EQ(secure_description,
|
| + base::ASCIIToUTF16(secure_explanations.back().description));
|
| }
|
|
|
| void CheckSecurityInfoForSecure(
|
| @@ -1081,9 +1106,13 @@ IN_PROC_BROWSER_TEST_F(SecurityStyleChangedTest,
|
| // After AddNonsecureUrlHandler() is called, requests to this hostname
|
| // will use obsolete TLS settings.
|
| const char kMockNonsecureHostname[] = "example-nonsecure.test";
|
| +const int kObsoleteTLSVersion = net::SSL_CONNECTION_VERSION_TLS1_1;
|
| +// ECDHE_RSA + AES_128_CBC with HMAC-SHA1
|
| +const uint16_t kObsoleteCipherSuite = 0xc013;
|
|
|
| -// A URLRequestMockHTTPJob that mocks a TLS connection with an obsolete
|
| -// protocol version.
|
| +// A URLRequestMockHTTPJob that mocks a TLS connection with the obsolete
|
| +// TLS settings specified in kObsoleteTLSVersion and
|
| +// kObsoleteCipherSuite.
|
| class URLRequestObsoleteTLSJob : public net::URLRequestMockHTTPJob {
|
| public:
|
| URLRequestObsoleteTLSJob(net::URLRequest* request,
|
| @@ -1099,10 +1128,9 @@ class URLRequestObsoleteTLSJob : public net::URLRequestMockHTTPJob {
|
|
|
| void GetResponseInfo(net::HttpResponseInfo* info) override {
|
| net::URLRequestMockHTTPJob::GetResponseInfo(info);
|
| - net::SSLConnectionStatusSetVersion(net::SSL_CONNECTION_VERSION_TLS1_1,
|
| + net::SSLConnectionStatusSetVersion(kObsoleteTLSVersion,
|
| &info->ssl_info.connection_status);
|
| - const uint16_t kTlsEcdheRsaWithAes128CbcSha = 0xc013;
|
| - net::SSLConnectionStatusSetCipherSuite(kTlsEcdheRsaWithAes128CbcSha,
|
| + net::SSLConnectionStatusSetCipherSuite(kObsoleteCipherSuite,
|
| &info->ssl_info.connection_status);
|
| info->ssl_info.cert = cert_;
|
| }
|
| @@ -1210,9 +1238,30 @@ IN_PROC_BROWSER_TEST_F(BrowserTestNonsecureURLRequest,
|
| // the TLS settings are obsolete.
|
| for (const auto& explanation :
|
| observer.latest_explanations().secure_explanations) {
|
| - EXPECT_NE(l10n_util::GetStringUTF8(IDS_SECURE_PROTOCOL_AND_CIPHERSUITE),
|
| + EXPECT_NE(l10n_util::GetStringUTF8(IDS_STRONG_SSL_SUMMARY),
|
| explanation.summary);
|
| }
|
| +
|
| + // Populate description string replacement with values corresponding
|
| + // to test constants.
|
| + std::vector<base::string16> description_replacements;
|
| + description_replacements.push_back(
|
| + l10n_util::GetStringUTF16(IDS_SSL_AN_OBSOLETE_PROTOCOL));
|
| + description_replacements.push_back(base::ASCIIToUTF16("TLS 1.1"));
|
| + description_replacements.push_back(
|
| + l10n_util::GetStringUTF16(IDS_SSL_A_STRONG_KEY_EXCHANGE));
|
| + description_replacements.push_back(base::ASCIIToUTF16("ECDHE_RSA"));
|
| + description_replacements.push_back(
|
| + l10n_util::GetStringUTF16(IDS_SSL_AN_OBSOLETE_CIPHER));
|
| + description_replacements.push_back(
|
| + base::ASCIIToUTF16("AES_128_CBC with HMAC-SHA1"));
|
| + base::string16 obsolete_description = l10n_util::GetStringFUTF16(
|
| + IDS_OBSOLETE_SSL_DESCRIPTION, description_replacements, nullptr);
|
| +
|
| + EXPECT_EQ(
|
| + obsolete_description,
|
| + base::ASCIIToUTF16(
|
| + observer.latest_explanations().info_explanations[0].description));
|
| }
|
|
|
| // After AddSCTUrlHandler() is called, requests to this hostname
|
|
|
Chromium Code Reviews
Issue 1727133002:
Expose TLS settings in the Security panel overview, and call out individual obsolete settings. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master