| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "components/security_state/security_state_model.h" | 5 #include "components/security_state/core/security_state_model.h" |
| 6 | 6 |
| 7 #include <stdint.h> | 7 #include <stdint.h> |
| 8 | 8 |
| 9 #include "base/bind.h" |
| 9 #include "base/command_line.h" | 10 #include "base/command_line.h" |
| 11 #include "base/memory/ptr_util.h" |
| 10 #include "base/test/histogram_tester.h" | 12 #include "base/test/histogram_tester.h" |
| 11 #include "components/security_state/security_state_model_client.h" | 13 #include "components/security_state/core/switches.h" |
| 12 #include "components/security_state/switches.h" | |
| 13 #include "net/cert/x509_certificate.h" | 14 #include "net/cert/x509_certificate.h" |
| 14 #include "net/ssl/ssl_cipher_suite_names.h" | 15 #include "net/ssl/ssl_cipher_suite_names.h" |
| 15 #include "net/ssl/ssl_connection_status_flags.h" | 16 #include "net/ssl/ssl_connection_status_flags.h" |
| 16 #include "net/test/cert_test_util.h" | 17 #include "net/test/cert_test_util.h" |
| 17 #include "net/test/test_certificate_data.h" | 18 #include "net/test/test_certificate_data.h" |
| 18 #include "net/test/test_data_directory.h" | 19 #include "net/test/test_data_directory.h" |
| 19 #include "testing/gtest/include/gtest/gtest.h" | 20 #include "testing/gtest/include/gtest/gtest.h" |
| 20 | 21 |
| 21 namespace security_state { | 22 namespace security_state { |
| 22 | 23 |
| 23 namespace { | 24 namespace { |
| 24 | 25 |
| 25 const char kHttpsUrl[] = "https://foo.test"; | 26 const char kHttpsUrl[] = "https://foo.test"; |
| 26 const char kHttpUrl[] = "http://foo.test"; | 27 const char kHttpUrl[] = "http://foo.test"; |
| 27 | 28 |
| 28 class TestSecurityStateModelClient : public SecurityStateModelClient { | 29 bool IsOriginSecure(const GURL& url) { |
| 30 return url == GURL(kHttpsUrl); |
| 31 } |
| 32 |
| 33 class TestSecurityStateModelHelper { |
| 29 public: | 34 public: |
| 30 TestSecurityStateModelClient() | 35 TestSecurityStateModelHelper() |
| 31 : url_(kHttpsUrl), | 36 : url_(kHttpsUrl), |
| 32 connection_status_(net::SSL_CONNECTION_VERSION_TLS1_2 | 37 connection_status_(net::SSL_CONNECTION_VERSION_TLS1_2 |
| 33 << net::SSL_CONNECTION_VERSION_SHIFT), | 38 << net::SSL_CONNECTION_VERSION_SHIFT), |
| 34 cert_status_(net::CERT_STATUS_SHA1_SIGNATURE_PRESENT), | 39 cert_status_(net::CERT_STATUS_SHA1_SIGNATURE_PRESENT), |
| 35 displayed_mixed_content_(false), | 40 displayed_mixed_content_(false), |
| 36 ran_mixed_content_(false), | 41 ran_mixed_content_(false), |
| 37 fails_malware_check_(false), | 42 fails_malware_check_(false), |
| 38 displayed_password_field_on_http_(false), | 43 displayed_password_field_on_http_(false), |
| 39 displayed_credit_card_field_on_http_(false) { | 44 displayed_credit_card_field_on_http_(false) { |
| 40 cert_ = | 45 cert_ = |
| 41 net::ImportCertFromFile(net::GetTestCertsDirectory(), "sha1_2016.pem"); | 46 net::ImportCertFromFile(net::GetTestCertsDirectory(), "sha1_2016.pem"); |
| 42 } | 47 } |
| 43 ~TestSecurityStateModelClient() override {} | 48 virtual ~TestSecurityStateModelHelper() {} |
| 44 | 49 |
| 45 void set_connection_status(int connection_status) { | 50 void set_connection_status(int connection_status) { |
| 46 connection_status_ = connection_status; | 51 connection_status_ = connection_status; |
| 47 } | 52 } |
| 48 void SetCipherSuite(uint16_t ciphersuite) { | 53 void SetCipherSuite(uint16_t ciphersuite) { |
| 49 net::SSLConnectionStatusSetCipherSuite(ciphersuite, &connection_status_); | 54 net::SSLConnectionStatusSetCipherSuite(ciphersuite, &connection_status_); |
| 50 } | 55 } |
| 51 void AddCertStatus(net::CertStatus cert_status) { | 56 void AddCertStatus(net::CertStatus cert_status) { |
| 52 cert_status_ |= cert_status; | 57 cert_status_ |= cert_status; |
| 53 } | 58 } |
| (...skipping 10 matching lines...) Expand all Loading... |
| 64 bool displayed_password_field_on_http) { | 69 bool displayed_password_field_on_http) { |
| 65 displayed_password_field_on_http_ = displayed_password_field_on_http; | 70 displayed_password_field_on_http_ = displayed_password_field_on_http; |
| 66 } | 71 } |
| 67 void set_displayed_credit_card_field_on_http( | 72 void set_displayed_credit_card_field_on_http( |
| 68 bool displayed_credit_card_field_on_http) { | 73 bool displayed_credit_card_field_on_http) { |
| 69 displayed_credit_card_field_on_http_ = displayed_credit_card_field_on_http; | 74 displayed_credit_card_field_on_http_ = displayed_credit_card_field_on_http; |
| 70 } | 75 } |
| 71 | 76 |
| 72 void UseHttpUrl() { url_ = GURL(kHttpUrl); } | 77 void UseHttpUrl() { url_ = GURL(kHttpUrl); } |
| 73 | 78 |
| 74 // SecurityStateModelClient: | 79 std::unique_ptr<SecurityStateModel::VisibleSecurityState> |
| 75 void GetVisibleSecurityState( | 80 GetVisibleSecurityState() { |
| 76 SecurityStateModel::VisibleSecurityState* state) override { | 81 auto state = base::MakeUnique<SecurityStateModel::VisibleSecurityState>(); |
| 77 state->connection_info_initialized = true; | 82 state->connection_info_initialized = true; |
| 78 state->url = url_; | 83 state->url = url_; |
| 79 state->certificate = cert_; | 84 state->certificate = cert_; |
| 80 state->cert_status = cert_status_; | 85 state->cert_status = cert_status_; |
| 81 state->connection_status = connection_status_; | 86 state->connection_status = connection_status_; |
| 82 state->security_bits = 256; | 87 state->security_bits = 256; |
| 83 state->displayed_mixed_content = displayed_mixed_content_; | 88 state->displayed_mixed_content = displayed_mixed_content_; |
| 84 state->ran_mixed_content = ran_mixed_content_; | 89 state->ran_mixed_content = ran_mixed_content_; |
| 85 state->fails_malware_check = fails_malware_check_; | 90 state->fails_malware_check = fails_malware_check_; |
| 86 state->displayed_password_field_on_http = displayed_password_field_on_http_; | 91 state->displayed_password_field_on_http = displayed_password_field_on_http_; |
| 87 state->displayed_credit_card_field_on_http = | 92 state->displayed_credit_card_field_on_http = |
| 88 displayed_credit_card_field_on_http_; | 93 displayed_credit_card_field_on_http_; |
| 94 return state; |
| 89 } | 95 } |
| 90 | 96 |
| 91 bool UsedPolicyInstalledCertificate() override { return false; } | 97 bool UsedPolicyInstalledCertificate() { return false; } |
| 92 | 98 |
| 93 bool IsOriginSecure(const GURL& url) override { | 99 void GetSecurityInfo(SecurityStateModel::SecurityInfo* security_info) { |
| 94 return url_ == GURL(kHttpsUrl); | 100 model_.GetSecurityInfo(security_info, GetVisibleSecurityState(), |
| 101 UsedPolicyInstalledCertificate(), |
| 102 base::Bind(&IsOriginSecure)); |
| 95 } | 103 } |
| 96 | 104 |
| 97 private: | 105 private: |
| 106 SecurityStateModel model_; |
| 98 GURL url_; | 107 GURL url_; |
| 99 scoped_refptr<net::X509Certificate> cert_; | 108 scoped_refptr<net::X509Certificate> cert_; |
| 100 int connection_status_; | 109 int connection_status_; |
| 101 net::CertStatus cert_status_; | 110 net::CertStatus cert_status_; |
| 102 bool displayed_mixed_content_; | 111 bool displayed_mixed_content_; |
| 103 bool ran_mixed_content_; | 112 bool ran_mixed_content_; |
| 104 bool fails_malware_check_; | 113 bool fails_malware_check_; |
| 105 bool displayed_password_field_on_http_; | 114 bool displayed_password_field_on_http_; |
| 106 bool displayed_credit_card_field_on_http_; | 115 bool displayed_credit_card_field_on_http_; |
| 107 }; | 116 }; |
| 108 | 117 |
| 118 } // namespace |
| 119 |
| 109 // Tests that SHA1-signed certificates expiring in 2016 downgrade the | 120 // Tests that SHA1-signed certificates expiring in 2016 downgrade the |
| 110 // security state of the page. | 121 // security state of the page. |
| 111 TEST(SecurityStateModelTest, SHA1Warning) { | 122 TEST(SecurityStateModelTest, SHA1Warning) { |
| 112 TestSecurityStateModelClient client; | 123 TestSecurityStateModelHelper helper; |
| 113 SecurityStateModel model; | |
| 114 model.SetClient(&client); | |
| 115 SecurityStateModel::SecurityInfo security_info; | 124 SecurityStateModel::SecurityInfo security_info; |
| 116 model.GetSecurityInfo(&security_info); | 125 helper.GetSecurityInfo(&security_info); |
| 117 EXPECT_EQ(SecurityStateModel::DEPRECATED_SHA1_MINOR, | 126 EXPECT_EQ(SecurityStateModel::DEPRECATED_SHA1_MINOR, |
| 118 security_info.sha1_deprecation_status); | 127 security_info.sha1_deprecation_status); |
| 119 EXPECT_EQ(SecurityStateModel::NONE, security_info.security_level); | 128 EXPECT_EQ(SecurityStateModel::NONE, security_info.security_level); |
| 120 } | 129 } |
| 121 | 130 |
| 122 // Tests that SHA1 warnings don't interfere with the handling of mixed | 131 // Tests that SHA1 warnings don't interfere with the handling of mixed |
| 123 // content. | 132 // content. |
| 124 TEST(SecurityStateModelTest, SHA1WarningMixedContent) { | 133 TEST(SecurityStateModelTest, SHA1WarningMixedContent) { |
| 125 TestSecurityStateModelClient client; | 134 TestSecurityStateModelHelper helper; |
| 126 SecurityStateModel model; | 135 helper.SetDisplayedMixedContent(true); |
| 127 model.SetClient(&client); | |
| 128 client.SetDisplayedMixedContent(true); | |
| 129 SecurityStateModel::SecurityInfo security_info1; | 136 SecurityStateModel::SecurityInfo security_info1; |
| 130 model.GetSecurityInfo(&security_info1); | 137 helper.GetSecurityInfo(&security_info1); |
| 131 EXPECT_EQ(SecurityStateModel::DEPRECATED_SHA1_MINOR, | 138 EXPECT_EQ(SecurityStateModel::DEPRECATED_SHA1_MINOR, |
| 132 security_info1.sha1_deprecation_status); | 139 security_info1.sha1_deprecation_status); |
| 133 EXPECT_EQ(SecurityStateModel::CONTENT_STATUS_DISPLAYED, | 140 EXPECT_EQ(SecurityStateModel::CONTENT_STATUS_DISPLAYED, |
| 134 security_info1.mixed_content_status); | 141 security_info1.mixed_content_status); |
| 135 EXPECT_EQ(SecurityStateModel::NONE, security_info1.security_level); | 142 EXPECT_EQ(SecurityStateModel::NONE, security_info1.security_level); |
| 136 | 143 |
| 137 client.SetDisplayedMixedContent(false); | 144 helper.SetDisplayedMixedContent(false); |
| 138 client.SetRanMixedContent(true); | 145 helper.SetRanMixedContent(true); |
| 139 SecurityStateModel::SecurityInfo security_info2; | 146 SecurityStateModel::SecurityInfo security_info2; |
| 140 model.GetSecurityInfo(&security_info2); | 147 helper.GetSecurityInfo(&security_info2); |
| 141 EXPECT_EQ(SecurityStateModel::DEPRECATED_SHA1_MINOR, | 148 EXPECT_EQ(SecurityStateModel::DEPRECATED_SHA1_MINOR, |
| 142 security_info2.sha1_deprecation_status); | 149 security_info2.sha1_deprecation_status); |
| 143 EXPECT_EQ(SecurityStateModel::CONTENT_STATUS_RAN, | 150 EXPECT_EQ(SecurityStateModel::CONTENT_STATUS_RAN, |
| 144 security_info2.mixed_content_status); | 151 security_info2.mixed_content_status); |
| 145 EXPECT_EQ(SecurityStateModel::DANGEROUS, security_info2.security_level); | 152 EXPECT_EQ(SecurityStateModel::DANGEROUS, security_info2.security_level); |
| 146 } | 153 } |
| 147 | 154 |
| 148 // Tests that SHA1 warnings don't interfere with the handling of major | 155 // Tests that SHA1 warnings don't interfere with the handling of major |
| 149 // cert errors. | 156 // cert errors. |
| 150 TEST(SecurityStateModelTest, SHA1WarningBrokenHTTPS) { | 157 TEST(SecurityStateModelTest, SHA1WarningBrokenHTTPS) { |
| 151 TestSecurityStateModelClient client; | 158 TestSecurityStateModelHelper helper; |
| 152 SecurityStateModel model; | 159 helper.AddCertStatus(net::CERT_STATUS_DATE_INVALID); |
| 153 model.SetClient(&client); | |
| 154 client.AddCertStatus(net::CERT_STATUS_DATE_INVALID); | |
| 155 SecurityStateModel::SecurityInfo security_info; | 160 SecurityStateModel::SecurityInfo security_info; |
| 156 model.GetSecurityInfo(&security_info); | 161 helper.GetSecurityInfo(&security_info); |
| 157 EXPECT_EQ(SecurityStateModel::DEPRECATED_SHA1_MINOR, | 162 EXPECT_EQ(SecurityStateModel::DEPRECATED_SHA1_MINOR, |
| 158 security_info.sha1_deprecation_status); | 163 security_info.sha1_deprecation_status); |
| 159 EXPECT_EQ(SecurityStateModel::DANGEROUS, security_info.security_level); | 164 EXPECT_EQ(SecurityStateModel::DANGEROUS, security_info.security_level); |
| 160 } | 165 } |
| 161 | 166 |
| 162 // Tests that |security_info.is_secure_protocol_and_ciphersuite| is | 167 // Tests that |security_info.is_secure_protocol_and_ciphersuite| is |
| 163 // computed correctly. | 168 // computed correctly. |
| 164 TEST(SecurityStateModelTest, SecureProtocolAndCiphersuite) { | 169 TEST(SecurityStateModelTest, SecureProtocolAndCiphersuite) { |
| 165 TestSecurityStateModelClient client; | 170 TestSecurityStateModelHelper helper; |
| 166 SecurityStateModel model; | |
| 167 model.SetClient(&client); | |
| 168 // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 from | 171 // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 from |
| 169 // http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-param
eters-4 | 172 // http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-param
eters-4 |
| 170 const uint16_t ciphersuite = 0xc02f; | 173 const uint16_t ciphersuite = 0xc02f; |
| 171 client.set_connection_status(net::SSL_CONNECTION_VERSION_TLS1_2 | 174 helper.set_connection_status(net::SSL_CONNECTION_VERSION_TLS1_2 |
| 172 << net::SSL_CONNECTION_VERSION_SHIFT); | 175 << net::SSL_CONNECTION_VERSION_SHIFT); |
| 173 client.SetCipherSuite(ciphersuite); | 176 helper.SetCipherSuite(ciphersuite); |
| 174 SecurityStateModel::SecurityInfo security_info; | 177 SecurityStateModel::SecurityInfo security_info; |
| 175 model.GetSecurityInfo(&security_info); | 178 helper.GetSecurityInfo(&security_info); |
| 176 EXPECT_EQ(net::OBSOLETE_SSL_NONE, security_info.obsolete_ssl_status); | 179 EXPECT_EQ(net::OBSOLETE_SSL_NONE, security_info.obsolete_ssl_status); |
| 177 } | 180 } |
| 178 | 181 |
| 179 TEST(SecurityStateModelTest, NonsecureProtocol) { | 182 TEST(SecurityStateModelTest, NonsecureProtocol) { |
| 180 TestSecurityStateModelClient client; | 183 TestSecurityStateModelHelper helper; |
| 181 SecurityStateModel model; | |
| 182 model.SetClient(&client); | |
| 183 // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 from | 184 // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 from |
| 184 // http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-param
eters-4 | 185 // http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-param
eters-4 |
| 185 const uint16_t ciphersuite = 0xc02f; | 186 const uint16_t ciphersuite = 0xc02f; |
| 186 client.set_connection_status(net::SSL_CONNECTION_VERSION_TLS1_1 | 187 helper.set_connection_status(net::SSL_CONNECTION_VERSION_TLS1_1 |
| 187 << net::SSL_CONNECTION_VERSION_SHIFT); | 188 << net::SSL_CONNECTION_VERSION_SHIFT); |
| 188 client.SetCipherSuite(ciphersuite); | 189 helper.SetCipherSuite(ciphersuite); |
| 189 SecurityStateModel::SecurityInfo security_info; | 190 SecurityStateModel::SecurityInfo security_info; |
| 190 model.GetSecurityInfo(&security_info); | 191 helper.GetSecurityInfo(&security_info); |
| 191 EXPECT_EQ(net::OBSOLETE_SSL_MASK_PROTOCOL, security_info.obsolete_ssl_status); | 192 EXPECT_EQ(net::OBSOLETE_SSL_MASK_PROTOCOL, security_info.obsolete_ssl_status); |
| 192 } | 193 } |
| 193 | 194 |
| 194 TEST(SecurityStateModelTest, NonsecureCiphersuite) { | 195 TEST(SecurityStateModelTest, NonsecureCiphersuite) { |
| 195 TestSecurityStateModelClient client; | 196 TestSecurityStateModelHelper helper; |
| 196 SecurityStateModel model; | |
| 197 model.SetClient(&client); | |
| 198 // TLS_RSA_WITH_AES_128_CCM_8 from | 197 // TLS_RSA_WITH_AES_128_CCM_8 from |
| 199 // http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-param
eters-4 | 198 // http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-param
eters-4 |
| 200 const uint16_t ciphersuite = 0xc0a0; | 199 const uint16_t ciphersuite = 0xc0a0; |
| 201 client.set_connection_status(net::SSL_CONNECTION_VERSION_TLS1_2 | 200 helper.set_connection_status(net::SSL_CONNECTION_VERSION_TLS1_2 |
| 202 << net::SSL_CONNECTION_VERSION_SHIFT); | 201 << net::SSL_CONNECTION_VERSION_SHIFT); |
| 203 client.SetCipherSuite(ciphersuite); | 202 helper.SetCipherSuite(ciphersuite); |
| 204 SecurityStateModel::SecurityInfo security_info; | 203 SecurityStateModel::SecurityInfo security_info; |
| 205 model.GetSecurityInfo(&security_info); | 204 helper.GetSecurityInfo(&security_info); |
| 206 EXPECT_EQ(net::OBSOLETE_SSL_MASK_KEY_EXCHANGE | net::OBSOLETE_SSL_MASK_CIPHER, | 205 EXPECT_EQ(net::OBSOLETE_SSL_MASK_KEY_EXCHANGE | net::OBSOLETE_SSL_MASK_CIPHER, |
| 207 security_info.obsolete_ssl_status); | 206 security_info.obsolete_ssl_status); |
| 208 } | 207 } |
| 209 | 208 |
| 210 // Tests that the malware/phishing status is set, and it overrides valid HTTPS. | 209 // Tests that the malware/phishing status is set, and it overrides valid HTTPS. |
| 211 TEST(SecurityStateModelTest, MalwareOverride) { | 210 TEST(SecurityStateModelTest, MalwareOverride) { |
| 212 TestSecurityStateModelClient client; | 211 TestSecurityStateModelHelper helper; |
| 213 SecurityStateModel model; | |
| 214 model.SetClient(&client); | |
| 215 // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 from | 212 // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 from |
| 216 // http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-param
eters-4 | 213 // http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-param
eters-4 |
| 217 const uint16_t ciphersuite = 0xc02f; | 214 const uint16_t ciphersuite = 0xc02f; |
| 218 client.set_connection_status(net::SSL_CONNECTION_VERSION_TLS1_2 | 215 helper.set_connection_status(net::SSL_CONNECTION_VERSION_TLS1_2 |
| 219 << net::SSL_CONNECTION_VERSION_SHIFT); | 216 << net::SSL_CONNECTION_VERSION_SHIFT); |
| 220 client.SetCipherSuite(ciphersuite); | 217 helper.SetCipherSuite(ciphersuite); |
| 221 client.set_fails_malware_check(true); | 218 helper.set_fails_malware_check(true); |
| 222 SecurityStateModel::SecurityInfo security_info; | 219 SecurityStateModel::SecurityInfo security_info; |
| 223 model.GetSecurityInfo(&security_info); | 220 helper.GetSecurityInfo(&security_info); |
| 224 EXPECT_TRUE(security_info.fails_malware_check); | 221 EXPECT_TRUE(security_info.fails_malware_check); |
| 225 EXPECT_EQ(SecurityStateModel::DANGEROUS, security_info.security_level); | 222 EXPECT_EQ(SecurityStateModel::DANGEROUS, security_info.security_level); |
| 226 } | 223 } |
| 227 | 224 |
| 228 // Tests that the malware/phishing status is set, even if other connection info | 225 // Tests that the malware/phishing status is set, even if other connection info |
| 229 // is not available. | 226 // is not available. |
| 230 TEST(SecurityStateModelTest, MalwareWithoutCOnnectionState) { | 227 TEST(SecurityStateModelTest, MalwareWithoutCOnnectionState) { |
| 231 TestSecurityStateModelClient client; | 228 TestSecurityStateModelHelper helper; |
| 232 SecurityStateModel model; | 229 helper.set_fails_malware_check(true); |
| 233 model.SetClient(&client); | |
| 234 client.set_fails_malware_check(true); | |
| 235 SecurityStateModel::SecurityInfo security_info; | 230 SecurityStateModel::SecurityInfo security_info; |
| 236 model.GetSecurityInfo(&security_info); | 231 helper.GetSecurityInfo(&security_info); |
| 237 EXPECT_TRUE(security_info.fails_malware_check); | 232 EXPECT_TRUE(security_info.fails_malware_check); |
| 238 EXPECT_EQ(SecurityStateModel::DANGEROUS, security_info.security_level); | 233 EXPECT_EQ(SecurityStateModel::DANGEROUS, security_info.security_level); |
| 239 } | 234 } |
| 240 | 235 |
| 241 // Tests that password fields cause the security level to be downgraded | 236 // Tests that password fields cause the security level to be downgraded |
| 242 // to HTTP_SHOW_WARNING when the command-line switch is set. | 237 // to HTTP_SHOW_WARNING when the command-line switch is set. |
| 243 TEST(SecurityStateModelTest, PasswordFieldWarning) { | 238 TEST(SecurityStateModelTest, PasswordFieldWarning) { |
| 244 base::CommandLine::ForCurrentProcess()->AppendSwitchASCII( | 239 base::CommandLine::ForCurrentProcess()->AppendSwitchASCII( |
| 245 switches::kMarkHttpAs, | 240 switches::kMarkHttpAs, |
| 246 switches::kMarkHttpWithPasswordsOrCcWithChip); | 241 switches::kMarkHttpWithPasswordsOrCcWithChip); |
| 247 TestSecurityStateModelClient client; | 242 TestSecurityStateModelHelper helper; |
| 248 client.UseHttpUrl(); | 243 helper.UseHttpUrl(); |
| 249 SecurityStateModel model; | 244 helper.set_displayed_password_field_on_http(true); |
| 250 model.SetClient(&client); | |
| 251 client.set_displayed_password_field_on_http(true); | |
| 252 SecurityStateModel::SecurityInfo security_info; | 245 SecurityStateModel::SecurityInfo security_info; |
| 253 model.GetSecurityInfo(&security_info); | 246 helper.GetSecurityInfo(&security_info); |
| 254 EXPECT_TRUE(security_info.displayed_private_user_data_input_on_http); | 247 EXPECT_TRUE(security_info.displayed_private_user_data_input_on_http); |
| 255 EXPECT_EQ(SecurityStateModel::HTTP_SHOW_WARNING, | 248 EXPECT_EQ(SecurityStateModel::HTTP_SHOW_WARNING, |
| 256 security_info.security_level); | 249 security_info.security_level); |
| 257 } | 250 } |
| 258 | 251 |
| 259 // Tests that credit card fields cause the security level to be downgraded | 252 // Tests that credit card fields cause the security level to be downgraded |
| 260 // to HTTP_SHOW_WARNING when the command-line switch is set. | 253 // to HTTP_SHOW_WARNING when the command-line switch is set. |
| 261 TEST(SecurityStateModelTest, CreditCardFieldWarning) { | 254 TEST(SecurityStateModelTest, CreditCardFieldWarning) { |
| 262 base::CommandLine::ForCurrentProcess()->AppendSwitchASCII( | 255 base::CommandLine::ForCurrentProcess()->AppendSwitchASCII( |
| 263 switches::kMarkHttpAs, | 256 switches::kMarkHttpAs, |
| 264 switches::kMarkHttpWithPasswordsOrCcWithChip); | 257 switches::kMarkHttpWithPasswordsOrCcWithChip); |
| 265 TestSecurityStateModelClient client; | 258 TestSecurityStateModelHelper helper; |
| 266 client.UseHttpUrl(); | 259 helper.UseHttpUrl(); |
| 267 SecurityStateModel model; | 260 helper.set_displayed_credit_card_field_on_http(true); |
| 268 model.SetClient(&client); | |
| 269 client.set_displayed_credit_card_field_on_http(true); | |
| 270 SecurityStateModel::SecurityInfo security_info; | 261 SecurityStateModel::SecurityInfo security_info; |
| 271 model.GetSecurityInfo(&security_info); | 262 helper.GetSecurityInfo(&security_info); |
| 272 EXPECT_TRUE(security_info.displayed_private_user_data_input_on_http); | 263 EXPECT_TRUE(security_info.displayed_private_user_data_input_on_http); |
| 273 EXPECT_EQ(SecurityStateModel::HTTP_SHOW_WARNING, | 264 EXPECT_EQ(SecurityStateModel::HTTP_SHOW_WARNING, |
| 274 security_info.security_level); | 265 security_info.security_level); |
| 275 } | 266 } |
| 276 | 267 |
| 277 // Tests that neither password nor credit fields cause the security | 268 // Tests that neither password nor credit fields cause the security |
| 278 // level to be downgraded to HTTP_SHOW_WARNING when the command-line switch | 269 // level to be downgraded to HTTP_SHOW_WARNING when the command-line switch |
| 279 // is NOT set. | 270 // is NOT set. |
| 280 TEST(SecurityStateModelTest, HttpWarningNotSetWithoutSwitch) { | 271 TEST(SecurityStateModelTest, HttpWarningNotSetWithoutSwitch) { |
| 281 TestSecurityStateModelClient client; | 272 TestSecurityStateModelHelper helper; |
| 282 client.UseHttpUrl(); | 273 helper.UseHttpUrl(); |
| 283 SecurityStateModel model; | 274 helper.set_displayed_password_field_on_http(true); |
| 284 model.SetClient(&client); | 275 helper.set_displayed_credit_card_field_on_http(true); |
| 285 client.set_displayed_password_field_on_http(true); | |
| 286 client.set_displayed_credit_card_field_on_http(true); | |
| 287 SecurityStateModel::SecurityInfo security_info; | 276 SecurityStateModel::SecurityInfo security_info; |
| 288 model.GetSecurityInfo(&security_info); | 277 helper.GetSecurityInfo(&security_info); |
| 289 EXPECT_TRUE(security_info.displayed_private_user_data_input_on_http); | 278 EXPECT_TRUE(security_info.displayed_private_user_data_input_on_http); |
| 290 EXPECT_EQ(SecurityStateModel::NONE, security_info.security_level); | 279 EXPECT_EQ(SecurityStateModel::NONE, security_info.security_level); |
| 291 } | 280 } |
| 292 | 281 |
| 293 // Tests that |displayed_private_user_data_input_on_http| is not set | 282 // Tests that |displayed_private_user_data_input_on_http| is not set |
| 294 // when the corresponding VisibleSecurityState flags are not set. | 283 // when the corresponding VisibleSecurityState flags are not set. |
| 295 TEST(SecurityStateModelTest, PrivateUserDataNotSet) { | 284 TEST(SecurityStateModelTest, PrivateUserDataNotSet) { |
| 296 TestSecurityStateModelClient client; | 285 TestSecurityStateModelHelper helper; |
| 297 client.UseHttpUrl(); | 286 helper.UseHttpUrl(); |
| 298 SecurityStateModel model; | |
| 299 model.SetClient(&client); | |
| 300 SecurityStateModel::SecurityInfo security_info; | 287 SecurityStateModel::SecurityInfo security_info; |
| 301 model.GetSecurityInfo(&security_info); | 288 helper.GetSecurityInfo(&security_info); |
| 302 EXPECT_FALSE(security_info.displayed_private_user_data_input_on_http); | 289 EXPECT_FALSE(security_info.displayed_private_user_data_input_on_http); |
| 303 EXPECT_EQ(SecurityStateModel::NONE, security_info.security_level); | 290 EXPECT_EQ(SecurityStateModel::NONE, security_info.security_level); |
| 304 } | 291 } |
| 305 | 292 |
| 306 // Tests that SSL.MarkHttpAsStatus histogram is updated when security state is | 293 // Tests that SSL.MarkHttpAsStatus histogram is updated when security state is |
| 307 // computed for a page. | 294 // computed for a page. |
| 308 TEST(SecurityStateModelTest, MarkHttpAsStatusHistogram) { | 295 TEST(SecurityStateModelTest, MarkHttpAsStatusHistogram) { |
| 309 const char* kHistogramName = "SSL.MarkHttpAsStatus"; | 296 const char* kHistogramName = "SSL.MarkHttpAsStatus"; |
| 310 base::HistogramTester histograms; | 297 base::HistogramTester histograms; |
| 311 base::CommandLine::ForCurrentProcess()->AppendSwitchASCII( | 298 base::CommandLine::ForCurrentProcess()->AppendSwitchASCII( |
| 312 switches::kMarkHttpAs, switches::kMarkHttpWithPasswordsOrCcWithChip); | 299 switches::kMarkHttpAs, switches::kMarkHttpWithPasswordsOrCcWithChip); |
| 313 TestSecurityStateModelClient client; | 300 TestSecurityStateModelHelper helper; |
| 314 client.UseHttpUrl(); | 301 helper.UseHttpUrl(); |
| 315 SecurityStateModel model; | |
| 316 model.SetClient(&client); | |
| 317 | 302 |
| 318 // Ensure histogram recorded correctly when a non-secure password input is | 303 // Ensure histogram recorded correctly when a non-secure password input is |
| 319 // found on the page. | 304 // found on the page. |
| 320 client.set_displayed_password_field_on_http(true); | 305 helper.set_displayed_password_field_on_http(true); |
| 321 SecurityStateModel::SecurityInfo security_info; | 306 SecurityStateModel::SecurityInfo security_info; |
| 322 histograms.ExpectTotalCount(kHistogramName, 0); | 307 histograms.ExpectTotalCount(kHistogramName, 0); |
| 323 model.GetSecurityInfo(&security_info); | 308 helper.GetSecurityInfo(&security_info); |
| 324 histograms.ExpectUniqueSample(kHistogramName, 2 /* HTTP_SHOW_WARNING */, 1); | 309 histograms.ExpectUniqueSample(kHistogramName, 2 /* HTTP_SHOW_WARNING */, 1); |
| 325 | 310 |
| 326 // Ensure histogram recorded correctly even without a password input. | 311 // Ensure histogram recorded correctly even without a password input. |
| 327 client.set_displayed_password_field_on_http(false); | 312 helper.set_displayed_password_field_on_http(false); |
| 328 model.GetSecurityInfo(&security_info); | 313 helper.GetSecurityInfo(&security_info); |
| 329 histograms.ExpectUniqueSample(kHistogramName, 2 /* HTTP_SHOW_WARNING */, 2); | 314 histograms.ExpectUniqueSample(kHistogramName, 2 /* HTTP_SHOW_WARNING */, 2); |
| 330 } | 315 } |
| 331 | 316 |
| 332 } // namespace | |
| 333 | |
| 334 } // namespace security_state | 317 } // namespace security_state |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2448943002:
Refactor SecurityStateModel/Clients for simplicity and reusability. (Closed)
