| OLD | NEW |
|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/ssl/chrome_security_state_model_client.h" | 5 #include "chrome/browser/ssl/chrome_security_state_model_client.h" |
| 6 | 6 |
| 7 #include "components/security_state/security_state_model.h" | 7 #include "components/security_state/security_state_model.h" |
| 8 #include "content/public/browser/security_style_explanation.h" |
| 8 #include "content/public/browser/security_style_explanations.h" | 9 #include "content/public/browser/security_style_explanations.h" |
| 9 #include "net/cert/cert_status_flags.h" | 10 #include "net/cert/cert_status_flags.h" |
| 11 #include "net/ssl/ssl_cipher_suite_names.h" |
| 12 #include "net/ssl/ssl_connection_status_flags.h" |
| 10 #include "testing/gtest/include/gtest/gtest.h" | 13 #include "testing/gtest/include/gtest/gtest.h" |
| 11 | 14 |
| 12 namespace { | 15 namespace { |
| 13 | 16 |
| 14 // Tests that SecurityInfo flags for subresources with certificate | 17 // Tests that SecurityInfo flags for subresources with certificate |
| 15 // errors are reflected in the SecurityStyleExplanations produced by | 18 // errors are reflected in the SecurityStyleExplanations produced by |
| 16 // ChromeSecurityStateModelClient. | 19 // ChromeSecurityStateModelClient. |
| 17 TEST(ChromeSecurityStateModelClientTest, | 20 TEST(ChromeSecurityStateModelClientTest, |
| 18 GetSecurityStyleForContentWithCertErrors) { | 21 GetSecurityStyleForContentWithCertErrors) { |
| 19 content::SecurityStyleExplanations explanations; | 22 content::SecurityStyleExplanations explanations; |
| (...skipping 103 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 123 EXPECT_TRUE(explanations.displayed_content_with_cert_errors); | 126 EXPECT_TRUE(explanations.displayed_content_with_cert_errors); |
| 124 | 127 |
| 125 security_info.content_with_cert_errors_status = | 128 security_info.content_with_cert_errors_status = |
| 126 security_state::SecurityStateModel::CONTENT_STATUS_NONE; | 129 security_state::SecurityStateModel::CONTENT_STATUS_NONE; |
| 127 ChromeSecurityStateModelClient::GetSecurityStyle(security_info, | 130 ChromeSecurityStateModelClient::GetSecurityStyle(security_info, |
| 128 &explanations); | 131 &explanations); |
| 129 EXPECT_FALSE(explanations.ran_content_with_cert_errors); | 132 EXPECT_FALSE(explanations.ran_content_with_cert_errors); |
| 130 EXPECT_FALSE(explanations.displayed_content_with_cert_errors); | 133 EXPECT_FALSE(explanations.displayed_content_with_cert_errors); |
| 131 } | 134 } |
| 132 | 135 |
| 136 bool FindSecurityStyleExplanation( |
| 137 const std::vector<content::SecurityStyleExplanation>& explanations, |
| 138 const char* summary, |
| 139 content::SecurityStyleExplanation* explanation) { |
| 140 for (const auto& entry : explanations) { |
| 141 if (entry.summary == summary) { |
| 142 *explanation = entry; |
| 143 return true; |
| 144 } |
| 145 } |
| 146 |
| 147 return false; |
| 148 } |
| 149 |
| 150 // Test that connection explanations are formated as expected. Note the strings |
| 151 // are not translated and so will be the same in any locale. |
| 152 TEST(ChromeSecurityStateModelClientTest, ConnectionExplanation) { |
| 153 // Test a modern configuration with a key exchange group. |
| 154 security_state::SecurityStateModel::SecurityInfo security_info; |
| 155 security_info.cert_status = net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION; |
| 156 security_info.scheme_is_cryptographic = true; |
| 157 net::SSLConnectionStatusSetCipherSuite( |
| 158 0xcca8 /* TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 */, |
| 159 &security_info.connection_status); |
| 160 net::SSLConnectionStatusSetVersion(net::SSL_CONNECTION_VERSION_TLS1_2, |
| 161 &security_info.connection_status); |
| 162 security_info.key_exchange_group = 29; // X25519 |
| 163 |
| 164 { |
| 165 content::SecurityStyleExplanations explanations; |
| 166 ChromeSecurityStateModelClient::GetSecurityStyle(security_info, |
| 167 &explanations); |
| 168 content::SecurityStyleExplanation explanation; |
| 169 ASSERT_TRUE(FindSecurityStyleExplanation( |
| 170 explanations.secure_explanations, "Secure Connection", &explanation)); |
| 171 EXPECT_EQ( |
| 172 "The connection to this site is encrypted and authenticated using a " |
| 173 "strong protocol (TLS 1.2), a strong key exchange (ECDHE_RSA with " |
| 174 "X25519), and a strong cipher (CHACHA20_POLY1305).", |
| 175 explanation.description); |
| 176 } |
| 177 |
| 178 // Some older cache entries may be missing the key exchange group, despite |
| 179 // having a cipher which should supply one. |
| 180 security_info.key_exchange_group = 0; |
| 181 { |
| 182 content::SecurityStyleExplanations explanations; |
| 183 ChromeSecurityStateModelClient::GetSecurityStyle(security_info, |
| 184 &explanations); |
| 185 content::SecurityStyleExplanation explanation; |
| 186 ASSERT_TRUE(FindSecurityStyleExplanation( |
| 187 explanations.secure_explanations, "Secure Connection", &explanation)); |
| 188 EXPECT_EQ( |
| 189 "The connection to this site is encrypted and authenticated using a " |
| 190 "strong protocol (TLS 1.2), a strong key exchange (ECDHE_RSA), and a " |
| 191 "strong cipher (CHACHA20_POLY1305).", |
| 192 explanation.description); |
| 193 } |
| 194 } |
| 195 |
| 133 } // namespace | 196 } // namespace |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2272603003:
Route key_exchange_group over to DevTools. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master