Route key_exchange_group over to DevTools.

chrome/browser/ssl/chrome_security_state_model_client_unittest.cc

Index: chrome/browser/ssl/chrome_security_state_model_client_unittest.cc
diff --git a/chrome/browser/ssl/chrome_security_state_model_client_unittest.cc b/chrome/browser/ssl/chrome_security_state_model_client_unittest.cc
index df7bd4b6f850440ed30c3bab89b9a63ab7c426c4..3f6ed9da8d213076deb21894c32858068857ba93 100644
--- a/chrome/browser/ssl/chrome_security_state_model_client_unittest.cc
+++ b/chrome/browser/ssl/chrome_security_state_model_client_unittest.cc
@@ -5,8 +5,11 @@
 #include "chrome/browser/ssl/chrome_security_state_model_client.h"
 
 #include "components/security_state/security_state_model.h"
+#include "content/public/browser/security_style_explanation.h"
 #include "content/public/browser/security_style_explanations.h"
 #include "net/cert/cert_status_flags.h"
+#include "net/ssl/ssl_cipher_suite_names.h"
+#include "net/ssl/ssl_connection_status_flags.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
 namespace {
@@ -130,4 +133,64 @@ TEST(ChromeSecurityStateModelClientTest,
   EXPECT_FALSE(explanations.displayed_content_with_cert_errors);
 }
 
+bool FindSecurityStyleExplanation(
+    const std::vector<content::SecurityStyleExplanation>& explanations,
+    const char* summary,
+    content::SecurityStyleExplanation* explanation) {
+  for (const auto& entry : explanations) {
+    if (entry.summary == summary) {
+      *explanation = entry;
+      return true;
+    }
+  }
+
+  return false;
+}
+
+// Test that connection explanations are formated as expected. Note the strings
+// are not translated and so will be the same in any locale.
+TEST(ChromeSecurityStateModelClientTest, ConnectionExplanation) {
+  // Test a modern configuration with a key exchange group.
+  security_state::SecurityStateModel::SecurityInfo security_info;
+  security_info.cert_status = net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION;
+  security_info.scheme_is_cryptographic = true;
+  net::SSLConnectionStatusSetCipherSuite(
+      0xcca8 /* TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 */,
+      &security_info.connection_status);
+  net::SSLConnectionStatusSetVersion(net::SSL_CONNECTION_VERSION_TLS1_2,
+                                     &security_info.connection_status);
+  security_info.key_exchange_group = 29;  // X25519
+
+  {
+    content::SecurityStyleExplanations explanations;
+    ChromeSecurityStateModelClient::GetSecurityStyle(security_info,
+                                                     &explanations);
+    content::SecurityStyleExplanation explanation;
+    ASSERT_TRUE(FindSecurityStyleExplanation(
+        explanations.secure_explanations, "Secure Connection", &explanation));
+    EXPECT_EQ(
+        "The connection to this site is encrypted and authenticated using a "
+        "strong protocol (TLS 1.2), a strong key exchange (ECDHE_RSA with "
+        "X25519), and a strong cipher (CHACHA20_POLY1305).",
+        explanation.description);
+  }
+
+  // Some older cache entries may be missing the key exchange group, despite
+  // having a cipher which should supply one.
+  security_info.key_exchange_group = 0;
+  {
+    content::SecurityStyleExplanations explanations;
+    ChromeSecurityStateModelClient::GetSecurityStyle(security_info,
+                                                     &explanations);
+    content::SecurityStyleExplanation explanation;
+    ASSERT_TRUE(FindSecurityStyleExplanation(
+        explanations.secure_explanations, "Secure Connection", &explanation));
+    EXPECT_EQ(
+        "The connection to this site is encrypted and authenticated using a "
+        "strong protocol (TLS 1.2), a strong key exchange (ECDHE_RSA), and a "
+        "strong cipher (CHACHA20_POLY1305).",
+        explanation.description);
+  }
+}
+
 }  // namespace