| OLD | NEW |
|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/ssl/chrome_security_state_model_client.h" | 5 #include "components/security_state/content/content_utils.h" |
| 6 | 6 |
| 7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
| 8 #include "base/test/histogram_tester.h" | 8 #include "base/test/histogram_tester.h" |
| 9 #include "chrome/test/base/chrome_render_view_host_test_harness.h" | 9 #include "components/security_state/core/security_state.h" |
| 10 #include "components/security_state/security_state_model.h" | 10 #include "components/security_state/core/switches.h" |
| 11 #include "components/security_state/switches.h" | |
| 12 #include "content/public/browser/security_style_explanation.h" | 11 #include "content/public/browser/security_style_explanation.h" |
| 13 #include "content/public/browser/security_style_explanations.h" | 12 #include "content/public/browser/security_style_explanations.h" |
| 14 #include "net/cert/cert_status_flags.h" | 13 #include "net/cert/cert_status_flags.h" |
| 15 #include "net/ssl/ssl_cipher_suite_names.h" | 14 #include "net/ssl/ssl_cipher_suite_names.h" |
| 16 #include "net/ssl/ssl_connection_status_flags.h" | 15 #include "net/ssl/ssl_connection_status_flags.h" |
| 17 #include "testing/gtest/include/gtest/gtest.h" | 16 #include "testing/gtest/include/gtest/gtest.h" |
| 18 | 17 |
| 19 namespace { | 18 namespace { |
| 20 | 19 |
| 20 using security_state::GetSecurityStyle; |
| 21 |
| 21 // Tests that SecurityInfo flags for subresources with certificate | 22 // Tests that SecurityInfo flags for subresources with certificate |
| 22 // errors are reflected in the SecurityStyleExplanations produced by | 23 // errors are reflected in the SecurityStyleExplanations produced by |
| 23 // ChromeSecurityStateModelClient. | 24 // GetSecurityStyle. |
| 24 TEST(ChromeSecurityStateModelClientTest, | 25 TEST(SecurityStateContentUtilsTest, GetSecurityStyleForContentWithCertErrors) { |
| 25 GetSecurityStyleForContentWithCertErrors) { | |
| 26 content::SecurityStyleExplanations explanations; | 26 content::SecurityStyleExplanations explanations; |
| 27 security_state::SecurityStateModel::SecurityInfo security_info; | 27 security_state::SecurityInfo security_info; |
| 28 security_info.cert_status = 0; | 28 security_info.cert_status = 0; |
| 29 security_info.scheme_is_cryptographic = true; | 29 security_info.scheme_is_cryptographic = true; |
| 30 | 30 |
| 31 security_info.content_with_cert_errors_status = | 31 security_info.content_with_cert_errors_status = |
| 32 security_state::SecurityStateModel::CONTENT_STATUS_DISPLAYED_AND_RAN; | 32 security_state::CONTENT_STATUS_DISPLAYED_AND_RAN; |
| 33 ChromeSecurityStateModelClient::GetSecurityStyle(security_info, | 33 GetSecurityStyle(security_info, &explanations); |
| 34 &explanations); | |
| 35 EXPECT_TRUE(explanations.ran_content_with_cert_errors); | 34 EXPECT_TRUE(explanations.ran_content_with_cert_errors); |
| 36 EXPECT_TRUE(explanations.displayed_content_with_cert_errors); | 35 EXPECT_TRUE(explanations.displayed_content_with_cert_errors); |
| 37 | 36 |
| 38 security_info.content_with_cert_errors_status = | 37 security_info.content_with_cert_errors_status = |
| 39 security_state::SecurityStateModel::CONTENT_STATUS_RAN; | 38 security_state::CONTENT_STATUS_RAN; |
| 40 ChromeSecurityStateModelClient::GetSecurityStyle(security_info, | 39 GetSecurityStyle(security_info, &explanations); |
| 41 &explanations); | |
| 42 EXPECT_TRUE(explanations.ran_content_with_cert_errors); | 40 EXPECT_TRUE(explanations.ran_content_with_cert_errors); |
| 43 EXPECT_FALSE(explanations.displayed_content_with_cert_errors); | 41 EXPECT_FALSE(explanations.displayed_content_with_cert_errors); |
| 44 | 42 |
| 45 security_info.content_with_cert_errors_status = | 43 security_info.content_with_cert_errors_status = |
| 46 security_state::SecurityStateModel::CONTENT_STATUS_DISPLAYED; | 44 security_state::CONTENT_STATUS_DISPLAYED; |
| 47 ChromeSecurityStateModelClient::GetSecurityStyle(security_info, | 45 GetSecurityStyle(security_info, &explanations); |
| 48 &explanations); | |
| 49 EXPECT_FALSE(explanations.ran_content_with_cert_errors); | 46 EXPECT_FALSE(explanations.ran_content_with_cert_errors); |
| 50 EXPECT_TRUE(explanations.displayed_content_with_cert_errors); | 47 EXPECT_TRUE(explanations.displayed_content_with_cert_errors); |
| 51 | 48 |
| 52 security_info.content_with_cert_errors_status = | 49 security_info.content_with_cert_errors_status = |
| 53 security_state::SecurityStateModel::CONTENT_STATUS_NONE; | 50 security_state::CONTENT_STATUS_NONE; |
| 54 ChromeSecurityStateModelClient::GetSecurityStyle(security_info, | 51 GetSecurityStyle(security_info, &explanations); |
| 55 &explanations); | |
| 56 EXPECT_FALSE(explanations.ran_content_with_cert_errors); | 52 EXPECT_FALSE(explanations.ran_content_with_cert_errors); |
| 57 EXPECT_FALSE(explanations.displayed_content_with_cert_errors); | 53 EXPECT_FALSE(explanations.displayed_content_with_cert_errors); |
| 58 } | 54 } |
| 59 | 55 |
| 60 // Tests that SecurityStyleExplanations for subresources with cert | 56 // Tests that SecurityStyleExplanations for subresources with cert |
| 61 // errors are *not* set when the main resource has major certificate | 57 // errors are *not* set when the main resource has major certificate |
| 62 // errors. If the main resource has certificate errors, it would be | 58 // errors. If the main resource has certificate errors, it would be |
| 63 // duplicative/confusing to also report subresources with cert errors. | 59 // duplicative/confusing to also report subresources with cert errors. |
| 64 TEST(ChromeSecurityStateModelClientTest, | 60 TEST(SecurityStateContentUtilsTest, |
| 65 SubresourcesAndMainResourceWithMajorCertErrors) { | 61 SubresourcesAndMainResourceWithMajorCertErrors) { |
| 66 content::SecurityStyleExplanations explanations; | 62 content::SecurityStyleExplanations explanations; |
| 67 security_state::SecurityStateModel::SecurityInfo security_info; | 63 security_state::SecurityInfo security_info; |
| 68 security_info.cert_status = net::CERT_STATUS_DATE_INVALID; | 64 security_info.cert_status = net::CERT_STATUS_DATE_INVALID; |
| 69 security_info.scheme_is_cryptographic = true; | 65 security_info.scheme_is_cryptographic = true; |
| 70 | 66 |
| 71 security_info.content_with_cert_errors_status = | 67 security_info.content_with_cert_errors_status = |
| 72 security_state::SecurityStateModel::CONTENT_STATUS_DISPLAYED_AND_RAN; | 68 security_state::CONTENT_STATUS_DISPLAYED_AND_RAN; |
| 73 ChromeSecurityStateModelClient::GetSecurityStyle(security_info, | 69 GetSecurityStyle(security_info, &explanations); |
| 74 &explanations); | |
| 75 EXPECT_FALSE(explanations.ran_content_with_cert_errors); | 70 EXPECT_FALSE(explanations.ran_content_with_cert_errors); |
| 76 EXPECT_FALSE(explanations.displayed_content_with_cert_errors); | 71 EXPECT_FALSE(explanations.displayed_content_with_cert_errors); |
| 77 | 72 |
| 78 security_info.content_with_cert_errors_status = | 73 security_info.content_with_cert_errors_status = |
| 79 security_state::SecurityStateModel::CONTENT_STATUS_RAN; | 74 security_state::CONTENT_STATUS_RAN; |
| 80 ChromeSecurityStateModelClient::GetSecurityStyle(security_info, | 75 GetSecurityStyle(security_info, &explanations); |
| 81 &explanations); | |
| 82 EXPECT_FALSE(explanations.ran_content_with_cert_errors); | 76 EXPECT_FALSE(explanations.ran_content_with_cert_errors); |
| 83 EXPECT_FALSE(explanations.displayed_content_with_cert_errors); | 77 EXPECT_FALSE(explanations.displayed_content_with_cert_errors); |
| 84 | 78 |
| 85 security_info.content_with_cert_errors_status = | 79 security_info.content_with_cert_errors_status = |
| 86 security_state::SecurityStateModel::CONTENT_STATUS_DISPLAYED; | 80 security_state::CONTENT_STATUS_DISPLAYED; |
| 87 ChromeSecurityStateModelClient::GetSecurityStyle(security_info, | 81 GetSecurityStyle(security_info, &explanations); |
| 88 &explanations); | |
| 89 EXPECT_FALSE(explanations.ran_content_with_cert_errors); | 82 EXPECT_FALSE(explanations.ran_content_with_cert_errors); |
| 90 EXPECT_FALSE(explanations.displayed_content_with_cert_errors); | 83 EXPECT_FALSE(explanations.displayed_content_with_cert_errors); |
| 91 | 84 |
| 92 security_info.content_with_cert_errors_status = | 85 security_info.content_with_cert_errors_status = |
| 93 security_state::SecurityStateModel::CONTENT_STATUS_NONE; | 86 security_state::CONTENT_STATUS_NONE; |
| 94 ChromeSecurityStateModelClient::GetSecurityStyle(security_info, | 87 GetSecurityStyle(security_info, &explanations); |
| 95 &explanations); | |
| 96 EXPECT_FALSE(explanations.ran_content_with_cert_errors); | 88 EXPECT_FALSE(explanations.ran_content_with_cert_errors); |
| 97 EXPECT_FALSE(explanations.displayed_content_with_cert_errors); | 89 EXPECT_FALSE(explanations.displayed_content_with_cert_errors); |
| 98 } | 90 } |
| 99 | 91 |
| 100 // Tests that SecurityStyleExplanations for subresources with cert | 92 // Tests that SecurityStyleExplanations for subresources with cert |
| 101 // errors are set when the main resource has only minor certificate | 93 // errors are set when the main resource has only minor certificate |
| 102 // errors. Minor errors on the main resource should not hide major | 94 // errors. Minor errors on the main resource should not hide major |
| 103 // errors on subresources. | 95 // errors on subresources. |
| 104 TEST(ChromeSecurityStateModelClientTest, | 96 TEST(SecurityStateContentUtilsTest, |
| 105 SubresourcesAndMainResourceWithMinorCertErrors) { | 97 SubresourcesAndMainResourceWithMinorCertErrors) { |
| 106 content::SecurityStyleExplanations explanations; | 98 content::SecurityStyleExplanations explanations; |
| 107 security_state::SecurityStateModel::SecurityInfo security_info; | 99 security_state::SecurityInfo security_info; |
| 108 security_info.cert_status = net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION; | 100 security_info.cert_status = net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION; |
| 109 security_info.scheme_is_cryptographic = true; | 101 security_info.scheme_is_cryptographic = true; |
| 110 | 102 |
| 111 security_info.content_with_cert_errors_status = | 103 security_info.content_with_cert_errors_status = |
| 112 security_state::SecurityStateModel::CONTENT_STATUS_DISPLAYED_AND_RAN; | 104 security_state::CONTENT_STATUS_DISPLAYED_AND_RAN; |
| 113 ChromeSecurityStateModelClient::GetSecurityStyle(security_info, | 105 GetSecurityStyle(security_info, &explanations); |
| 114 &explanations); | |
| 115 EXPECT_TRUE(explanations.ran_content_with_cert_errors); | 106 EXPECT_TRUE(explanations.ran_content_with_cert_errors); |
| 116 EXPECT_TRUE(explanations.displayed_content_with_cert_errors); | 107 EXPECT_TRUE(explanations.displayed_content_with_cert_errors); |
| 117 | 108 |
| 118 security_info.content_with_cert_errors_status = | 109 security_info.content_with_cert_errors_status = |
| 119 security_state::SecurityStateModel::CONTENT_STATUS_RAN; | 110 security_state::CONTENT_STATUS_RAN; |
| 120 ChromeSecurityStateModelClient::GetSecurityStyle(security_info, | 111 GetSecurityStyle(security_info, &explanations); |
| 121 &explanations); | |
| 122 EXPECT_TRUE(explanations.ran_content_with_cert_errors); | 112 EXPECT_TRUE(explanations.ran_content_with_cert_errors); |
| 123 EXPECT_FALSE(explanations.displayed_content_with_cert_errors); | 113 EXPECT_FALSE(explanations.displayed_content_with_cert_errors); |
| 124 | 114 |
| 125 security_info.content_with_cert_errors_status = | 115 security_info.content_with_cert_errors_status = |
| 126 security_state::SecurityStateModel::CONTENT_STATUS_DISPLAYED; | 116 security_state::CONTENT_STATUS_DISPLAYED; |
| 127 ChromeSecurityStateModelClient::GetSecurityStyle(security_info, | 117 GetSecurityStyle(security_info, &explanations); |
| 128 &explanations); | |
| 129 EXPECT_FALSE(explanations.ran_content_with_cert_errors); | 118 EXPECT_FALSE(explanations.ran_content_with_cert_errors); |
| 130 EXPECT_TRUE(explanations.displayed_content_with_cert_errors); | 119 EXPECT_TRUE(explanations.displayed_content_with_cert_errors); |
| 131 | 120 |
| 132 security_info.content_with_cert_errors_status = | 121 security_info.content_with_cert_errors_status = |
| 133 security_state::SecurityStateModel::CONTENT_STATUS_NONE; | 122 security_state::CONTENT_STATUS_NONE; |
| 134 ChromeSecurityStateModelClient::GetSecurityStyle(security_info, | 123 GetSecurityStyle(security_info, &explanations); |
| 135 &explanations); | |
| 136 EXPECT_FALSE(explanations.ran_content_with_cert_errors); | 124 EXPECT_FALSE(explanations.ran_content_with_cert_errors); |
| 137 EXPECT_FALSE(explanations.displayed_content_with_cert_errors); | 125 EXPECT_FALSE(explanations.displayed_content_with_cert_errors); |
| 138 } | 126 } |
| 139 | 127 |
| 140 bool FindSecurityStyleExplanation( | 128 bool FindSecurityStyleExplanation( |
| 141 const std::vector<content::SecurityStyleExplanation>& explanations, | 129 const std::vector<content::SecurityStyleExplanation>& explanations, |
| 142 const char* summary, | 130 const char* summary, |
| 143 content::SecurityStyleExplanation* explanation) { | 131 content::SecurityStyleExplanation* explanation) { |
| 144 for (const auto& entry : explanations) { | 132 for (const auto& entry : explanations) { |
| 145 if (entry.summary == summary) { | 133 if (entry.summary == summary) { |
| 146 *explanation = entry; | 134 *explanation = entry; |
| 147 return true; | 135 return true; |
| 148 } | 136 } |
| 149 } | 137 } |
| 150 | 138 |
| 151 return false; | 139 return false; |
| 152 } | 140 } |
| 153 | 141 |
| 154 // Test that connection explanations are formated as expected. Note the strings | 142 // Test that connection explanations are formated as expected. Note the strings |
| 155 // are not translated and so will be the same in any locale. | 143 // are not translated and so will be the same in any locale. |
| 156 TEST(ChromeSecurityStateModelClientTest, ConnectionExplanation) { | 144 TEST(SecurityStateContentUtilsTest, ConnectionExplanation) { |
| 157 // Test a modern configuration with a key exchange group. | 145 // Test a modern configuration with a key exchange group. |
| 158 security_state::SecurityStateModel::SecurityInfo security_info; | 146 security_state::SecurityInfo security_info; |
| 159 security_info.cert_status = net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION; | 147 security_info.cert_status = net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION; |
| 160 security_info.scheme_is_cryptographic = true; | 148 security_info.scheme_is_cryptographic = true; |
| 161 net::SSLConnectionStatusSetCipherSuite( | 149 net::SSLConnectionStatusSetCipherSuite( |
| 162 0xcca8 /* TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 */, | 150 0xcca8 /* TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 */, |
| 163 &security_info.connection_status); | 151 &security_info.connection_status); |
| 164 net::SSLConnectionStatusSetVersion(net::SSL_CONNECTION_VERSION_TLS1_2, | 152 net::SSLConnectionStatusSetVersion(net::SSL_CONNECTION_VERSION_TLS1_2, |
| 165 &security_info.connection_status); | 153 &security_info.connection_status); |
| 166 security_info.key_exchange_group = 29; // X25519 | 154 security_info.key_exchange_group = 29; // X25519 |
| 167 | 155 |
| 168 { | 156 { |
| 169 content::SecurityStyleExplanations explanations; | 157 content::SecurityStyleExplanations explanations; |
| 170 ChromeSecurityStateModelClient::GetSecurityStyle(security_info, | 158 GetSecurityStyle(security_info, &explanations); |
| 171 &explanations); | |
| 172 content::SecurityStyleExplanation explanation; | 159 content::SecurityStyleExplanation explanation; |
| 173 ASSERT_TRUE(FindSecurityStyleExplanation( | 160 ASSERT_TRUE(FindSecurityStyleExplanation( |
| 174 explanations.secure_explanations, "Secure Connection", &explanation)); | 161 explanations.secure_explanations, "Secure Connection", &explanation)); |
| 175 EXPECT_EQ( | 162 EXPECT_EQ( |
| 176 "The connection to this site is encrypted and authenticated using a " | 163 "The connection to this site is encrypted and authenticated using a " |
| 177 "strong protocol (TLS 1.2), a strong key exchange (ECDHE_RSA with " | 164 "strong protocol (TLS 1.2), a strong key exchange (ECDHE_RSA with " |
| 178 "X25519), and a strong cipher (CHACHA20_POLY1305).", | 165 "X25519), and a strong cipher (CHACHA20_POLY1305).", |
| 179 explanation.description); | 166 explanation.description); |
| 180 } | 167 } |
| 181 | 168 |
| 182 // Some older cache entries may be missing the key exchange group, despite | 169 // Some older cache entries may be missing the key exchange group, despite |
| 183 // having a cipher which should supply one. | 170 // having a cipher which should supply one. |
| 184 security_info.key_exchange_group = 0; | 171 security_info.key_exchange_group = 0; |
| 185 { | 172 { |
| 186 content::SecurityStyleExplanations explanations; | 173 content::SecurityStyleExplanations explanations; |
| 187 ChromeSecurityStateModelClient::GetSecurityStyle(security_info, | 174 GetSecurityStyle(security_info, &explanations); |
| 188 &explanations); | |
| 189 content::SecurityStyleExplanation explanation; | 175 content::SecurityStyleExplanation explanation; |
| 190 ASSERT_TRUE(FindSecurityStyleExplanation( | 176 ASSERT_TRUE(FindSecurityStyleExplanation( |
| 191 explanations.secure_explanations, "Secure Connection", &explanation)); | 177 explanations.secure_explanations, "Secure Connection", &explanation)); |
| 192 EXPECT_EQ( | 178 EXPECT_EQ( |
| 193 "The connection to this site is encrypted and authenticated using a " | 179 "The connection to this site is encrypted and authenticated using a " |
| 194 "strong protocol (TLS 1.2), a strong key exchange (ECDHE_RSA), and a " | 180 "strong protocol (TLS 1.2), a strong key exchange (ECDHE_RSA), and a " |
| 195 "strong cipher (CHACHA20_POLY1305).", | 181 "strong cipher (CHACHA20_POLY1305).", |
| 196 explanation.description); | 182 explanation.description); |
| 197 } | 183 } |
| 198 | 184 |
| 199 // TLS 1.3 ciphers use the key exchange group exclusively. | 185 // TLS 1.3 ciphers use the key exchange group exclusively. |
| 200 net::SSLConnectionStatusSetCipherSuite(0x1301 /* TLS_AES_128_GCM_SHA256 */, | 186 net::SSLConnectionStatusSetCipherSuite(0x1301 /* TLS_AES_128_GCM_SHA256 */, |
| 201 &security_info.connection_status); | 187 &security_info.connection_status); |
| 202 net::SSLConnectionStatusSetVersion(net::SSL_CONNECTION_VERSION_TLS1_3, | 188 net::SSLConnectionStatusSetVersion(net::SSL_CONNECTION_VERSION_TLS1_3, |
| 203 &security_info.connection_status); | 189 &security_info.connection_status); |
| 204 security_info.key_exchange_group = 29; // X25519 | 190 security_info.key_exchange_group = 29; // X25519 |
| 205 { | 191 { |
| 206 content::SecurityStyleExplanations explanations; | 192 content::SecurityStyleExplanations explanations; |
| 207 ChromeSecurityStateModelClient::GetSecurityStyle(security_info, | 193 GetSecurityStyle(security_info, &explanations); |
| 208 &explanations); | |
| 209 content::SecurityStyleExplanation explanation; | 194 content::SecurityStyleExplanation explanation; |
| 210 ASSERT_TRUE(FindSecurityStyleExplanation( | 195 ASSERT_TRUE(FindSecurityStyleExplanation( |
| 211 explanations.secure_explanations, "Secure Connection", &explanation)); | 196 explanations.secure_explanations, "Secure Connection", &explanation)); |
| 212 EXPECT_EQ( | 197 EXPECT_EQ( |
| 213 "The connection to this site is encrypted and authenticated using a " | 198 "The connection to this site is encrypted and authenticated using a " |
| 214 "strong protocol (TLS 1.3), a strong key exchange (X25519), and a " | 199 "strong protocol (TLS 1.3), a strong key exchange (X25519), and a " |
| 215 "strong cipher (AES_128_GCM).", | 200 "strong cipher (AES_128_GCM).", |
| 216 explanation.description); | 201 explanation.description); |
| 217 } | 202 } |
| 218 } | 203 } |
| 219 | 204 |
| 220 // Tests that a security level of HTTP_SHOW_WARNING produces a | 205 // Tests that a security level of HTTP_SHOW_WARNING produces a |
| 221 // content::SecurityStyle of UNAUTHENTICATED, with an explanation. | 206 // content::SecurityStyle of UNAUTHENTICATED, with an explanation. |
| 222 TEST(ChromeSecurityStateModelClientTest, HTTPWarning) { | 207 TEST(SecurityStateContentUtilsTest, HTTPWarning) { |
| 223 security_state::SecurityStateModel::SecurityInfo security_info; | 208 security_state::SecurityInfo security_info; |
| 224 content::SecurityStyleExplanations explanations; | 209 content::SecurityStyleExplanations explanations; |
| 225 security_info.security_level = | 210 security_info.security_level = security_state::HTTP_SHOW_WARNING; |
| 226 security_state::SecurityStateModel::HTTP_SHOW_WARNING; | |
| 227 blink::WebSecurityStyle security_style = | 211 blink::WebSecurityStyle security_style = |
| 228 ChromeSecurityStateModelClient::GetSecurityStyle(security_info, | 212 GetSecurityStyle(security_info, &explanations); |
| 229 &explanations); | |
| 230 EXPECT_EQ(blink::WebSecurityStyleUnauthenticated, security_style); | 213 EXPECT_EQ(blink::WebSecurityStyleUnauthenticated, security_style); |
| 231 EXPECT_EQ(1u, explanations.unauthenticated_explanations.size()); | 214 EXPECT_EQ(1u, explanations.unauthenticated_explanations.size()); |
| 232 } | 215 } |
| 233 | 216 |
| 234 // Tests that a security level of NONE when there is a password or | 217 // Tests that a security level of NONE when there is a password or |
| 235 // credit card field on HTTP produces a content::SecurityStyle of | 218 // credit card field on HTTP produces a content::SecurityStyle of |
| 236 // UNAUTHENTICATED, with an info explanation for each. | 219 // UNAUTHENTICATED, with an info explanation for each. |
| 237 TEST(ChromeSecurityStateModelClientTest, HTTPWarningInFuture) { | 220 TEST(SecurityStateContentUtilsTest, HTTPWarningInFuture) { |
| 238 security_state::SecurityStateModel::SecurityInfo security_info; | 221 security_state::SecurityInfo security_info; |
| 239 content::SecurityStyleExplanations explanations; | 222 content::SecurityStyleExplanations explanations; |
| 240 security_info.security_level = security_state::SecurityStateModel::NONE; | 223 security_info.security_level = security_state::NONE; |
| 241 security_info.displayed_password_field_on_http = true; | 224 security_info.displayed_password_field_on_http = true; |
| 242 blink::WebSecurityStyle security_style = | 225 blink::WebSecurityStyle security_style = |
| 243 ChromeSecurityStateModelClient::GetSecurityStyle(security_info, | 226 GetSecurityStyle(security_info, &explanations); |
| 244 &explanations); | |
| 245 EXPECT_EQ(blink::WebSecurityStyleUnauthenticated, security_style); | 227 EXPECT_EQ(blink::WebSecurityStyleUnauthenticated, security_style); |
| 246 EXPECT_EQ(1u, explanations.info_explanations.size()); | 228 EXPECT_EQ(1u, explanations.info_explanations.size()); |
| 247 | 229 |
| 248 explanations.info_explanations.clear(); | 230 explanations.info_explanations.clear(); |
| 249 security_info.displayed_credit_card_field_on_http = true; | 231 security_info.displayed_credit_card_field_on_http = true; |
| 250 security_style = ChromeSecurityStateModelClient::GetSecurityStyle( | 232 security_style = GetSecurityStyle(security_info, &explanations); |
| 251 security_info, &explanations); | |
| 252 EXPECT_EQ(blink::WebSecurityStyleUnauthenticated, security_style); | 233 EXPECT_EQ(blink::WebSecurityStyleUnauthenticated, security_style); |
| 253 EXPECT_EQ(1u, explanations.info_explanations.size()); | 234 EXPECT_EQ(1u, explanations.info_explanations.size()); |
| 254 | 235 |
| 255 // Check that when both password and credit card fields get displayed, only | 236 // Check that when both password and credit card fields get displayed, only |
| 256 // one explanation is added. | 237 // one explanation is added. |
| 257 explanations.info_explanations.clear(); | 238 explanations.info_explanations.clear(); |
| 258 security_info.displayed_credit_card_field_on_http = true; | 239 security_info.displayed_credit_card_field_on_http = true; |
| 259 security_info.displayed_password_field_on_http = true; | 240 security_info.displayed_password_field_on_http = true; |
| 260 security_style = ChromeSecurityStateModelClient::GetSecurityStyle( | 241 security_style = GetSecurityStyle(security_info, &explanations); |
| 261 security_info, &explanations); | |
| 262 EXPECT_EQ(blink::WebSecurityStyleUnauthenticated, security_style); | 242 EXPECT_EQ(blink::WebSecurityStyleUnauthenticated, security_style); |
| 263 EXPECT_EQ(1u, explanations.info_explanations.size()); | 243 EXPECT_EQ(1u, explanations.info_explanations.size()); |
| 264 } | 244 } |
| 265 | 245 |
| 266 class ChromeSecurityStateModelClientHistogramTest | |
| 267 : public ChromeRenderViewHostTestHarness, | |
| 268 public testing::WithParamInterface<bool> { | |
| 269 public: | |
| 270 ChromeSecurityStateModelClientHistogramTest() {} | |
| 271 ~ChromeSecurityStateModelClientHistogramTest() override {} | |
| 272 | |
| 273 void SetUp() override { | |
| 274 ChromeRenderViewHostTestHarness::SetUp(); | |
| 275 | |
| 276 ChromeSecurityStateModelClient::CreateForWebContents(web_contents()); | |
| 277 client_ = ChromeSecurityStateModelClient::FromWebContents(web_contents()); | |
| 278 navigate_to_http(); | |
| 279 } | |
| 280 | |
| 281 protected: | |
| 282 ChromeSecurityStateModelClient* client() { return client_; } | |
| 283 | |
| 284 void signal_sensitive_input() { | |
| 285 if (GetParam()) | |
| 286 web_contents()->OnPasswordInputShownOnHttp(); | |
| 287 else | |
| 288 web_contents()->OnCreditCardInputShownOnHttp(); | |
| 289 client_->VisibleSecurityStateChanged(); | |
| 290 } | |
| 291 | |
| 292 const std::string histogram_name() { | |
| 293 if (GetParam()) | |
| 294 return "Security.HTTPBad.UserWarnedAboutSensitiveInput.Password"; | |
| 295 else | |
| 296 return "Security.HTTPBad.UserWarnedAboutSensitiveInput.CreditCard"; | |
| 297 } | |
| 298 | |
| 299 void navigate_to_http() { NavigateAndCommit(GURL("http://example.test")); } | |
| 300 | |
| 301 void navigate_to_different_http_page() { | |
| 302 NavigateAndCommit(GURL("http://example2.test")); | |
| 303 } | |
| 304 | |
| 305 private: | |
| 306 ChromeSecurityStateModelClient* client_; | |
| 307 DISALLOW_COPY_AND_ASSIGN(ChromeSecurityStateModelClientHistogramTest); | |
| 308 }; | |
| 309 | |
| 310 // Tests that UMA logs the omnibox warning when security level is | |
| 311 // HTTP_SHOW_WARNING. | |
| 312 TEST_P(ChromeSecurityStateModelClientHistogramTest, | |
| 313 HTTPOmniboxWarningHistogram) { | |
| 314 // Show Warning Chip. | |
| 315 base::CommandLine::ForCurrentProcess()->AppendSwitchASCII( | |
| 316 security_state::switches::kMarkHttpAs, | |
| 317 security_state::switches::kMarkHttpWithPasswordsOrCcWithChip); | |
| 318 | |
| 319 base::HistogramTester histograms; | |
| 320 signal_sensitive_input(); | |
| 321 histograms.ExpectUniqueSample(histogram_name(), true, 1); | |
| 322 | |
| 323 // Fire again and ensure no sample is recorded. | |
| 324 signal_sensitive_input(); | |
| 325 histograms.ExpectUniqueSample(histogram_name(), true, 1); | |
| 326 | |
| 327 // Navigate to a new page and ensure a sample is recorded. | |
| 328 navigate_to_different_http_page(); | |
| 329 histograms.ExpectUniqueSample(histogram_name(), true, 1); | |
| 330 signal_sensitive_input(); | |
| 331 histograms.ExpectUniqueSample(histogram_name(), true, 2); | |
| 332 } | |
| 333 | |
| 334 // Tests that UMA logs the console warning when security level is NONE. | |
| 335 TEST_P(ChromeSecurityStateModelClientHistogramTest, | |
| 336 HTTPConsoleWarningHistogram) { | |
| 337 // Show Neutral for HTTP | |
| 338 base::CommandLine::ForCurrentProcess()->AppendSwitchASCII( | |
| 339 security_state::switches::kMarkHttpAs, | |
| 340 security_state::switches::kMarkHttpAsNeutral); | |
| 341 | |
| 342 base::HistogramTester histograms; | |
| 343 signal_sensitive_input(); | |
| 344 histograms.ExpectUniqueSample(histogram_name(), false, 1); | |
| 345 | |
| 346 // Fire again and ensure no sample is recorded. | |
| 347 signal_sensitive_input(); | |
| 348 histograms.ExpectUniqueSample(histogram_name(), false, 1); | |
| 349 | |
| 350 // Navigate to a new page and ensure a sample is recorded. | |
| 351 navigate_to_different_http_page(); | |
| 352 histograms.ExpectUniqueSample(histogram_name(), false, 1); | |
| 353 signal_sensitive_input(); | |
| 354 histograms.ExpectUniqueSample(histogram_name(), false, 2); | |
| 355 } | |
| 356 | |
| 357 INSTANTIATE_TEST_CASE_P(ChromeSecurityStateModelClientHistogramTest, | |
| 358 ChromeSecurityStateModelClientHistogramTest, | |
| 359 // Here 'true' to test password field triggered | |
| 360 // histogram and 'false' to test credit card field. | |
| 361 testing::Bool()); | |
| 362 | |
| 363 } // namespace | 246 } // namespace |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2448943002:
Refactor SecurityStateModel/Clients for simplicity and reusability. (Closed)
