| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "components/security_state/core/security_state.h" | 5 #include "components/security_state/core/security_state.h" |
| 6 | 6 |
| 7 #include <stdint.h> | 7 #include <stdint.h> |
| 8 | 8 |
| 9 #include "base/bind.h" | 9 #include "base/bind.h" |
| 10 #include "base/command_line.h" | 10 #include "base/command_line.h" |
| (...skipping 97 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 108 net::CertStatus cert_status_; | 108 net::CertStatus cert_status_; |
| 109 bool displayed_mixed_content_; | 109 bool displayed_mixed_content_; |
| 110 bool ran_mixed_content_; | 110 bool ran_mixed_content_; |
| 111 MaliciousContentStatus malicious_content_status_; | 111 MaliciousContentStatus malicious_content_status_; |
| 112 bool displayed_password_field_on_http_; | 112 bool displayed_password_field_on_http_; |
| 113 bool displayed_credit_card_field_on_http_; | 113 bool displayed_credit_card_field_on_http_; |
| 114 }; | 114 }; |
| 115 | 115 |
| 116 } // namespace | 116 } // namespace |
| 117 | 117 |
| 118 // Tests that SHA1-signed certificates expiring in 2016 downgrade the | 118 // Tests that SHA1-signed certificates, when not allowed by policy, downgrade |
| 119 // security state of the page. | 119 // the security state of the page to DANGEROUS. |
| 120 TEST(SecurityStateTest, SHA1Blocked) { |
| 121 TestSecurityStateHelper helper; |
| 122 helper.AddCertStatus(net::CERT_STATUS_WEAK_SIGNATURE_ALGORITHM); |
| 123 helper.AddCertStatus(net::CERT_STATUS_SHA1_SIGNATURE_PRESENT); |
| 124 SecurityInfo security_info; |
| 125 helper.GetSecurityInfo(&security_info); |
| 126 EXPECT_TRUE(security_info.sha1_in_chain); |
| 127 EXPECT_EQ(DANGEROUS, security_info.security_level); |
| 128 } |
| 129 |
| 130 // Tests that SHA1-signed certificates, when allowed by policy, downgrade the |
| 131 // security state of the page to NONE. |
| 120 TEST(SecurityStateTest, SHA1Warning) { | 132 TEST(SecurityStateTest, SHA1Warning) { |
| 121 TestSecurityStateHelper helper; | 133 TestSecurityStateHelper helper; |
| 122 SecurityInfo security_info; | 134 SecurityInfo security_info; |
| 123 helper.GetSecurityInfo(&security_info); | 135 helper.GetSecurityInfo(&security_info); |
| 124 EXPECT_EQ(DEPRECATED_SHA1_MINOR, security_info.sha1_deprecation_status); | 136 EXPECT_TRUE(security_info.sha1_in_chain); |
| 125 EXPECT_EQ(DANGEROUS, security_info.security_level); | 137 EXPECT_EQ(NONE, security_info.security_level); |
| 126 } | 138 } |
| 127 | 139 |
| 128 // Tests that SHA1 warnings don't interfere with the handling of mixed | 140 // Tests that SHA1-signed certificates, when allowed by policy, don't interfere |
| 129 // content. | 141 // with the handling of mixed content. |
| 130 TEST(SecurityStateTest, SHA1WarningMixedContent) { | 142 TEST(SecurityStateTest, SHA1WarningMixedContent) { |
| 131 TestSecurityStateHelper helper; | 143 TestSecurityStateHelper helper; |
| 132 helper.SetDisplayedMixedContent(true); | 144 helper.SetDisplayedMixedContent(true); |
| 133 SecurityInfo security_info1; | 145 SecurityInfo security_info1; |
| 134 helper.GetSecurityInfo(&security_info1); | 146 helper.GetSecurityInfo(&security_info1); |
| 135 EXPECT_EQ(DEPRECATED_SHA1_MINOR, security_info1.sha1_deprecation_status); | 147 EXPECT_TRUE(security_info1.sha1_in_chain); |
| 136 EXPECT_EQ(CONTENT_STATUS_DISPLAYED, security_info1.mixed_content_status); | 148 EXPECT_EQ(CONTENT_STATUS_DISPLAYED, security_info1.mixed_content_status); |
| 137 EXPECT_EQ(DANGEROUS, security_info1.security_level); | 149 EXPECT_EQ(NONE, security_info1.security_level); |
| 138 | 150 |
| 139 helper.SetDisplayedMixedContent(false); | 151 helper.SetDisplayedMixedContent(false); |
| 140 helper.SetRanMixedContent(true); | 152 helper.SetRanMixedContent(true); |
| 141 SecurityInfo security_info2; | 153 SecurityInfo security_info2; |
| 142 helper.GetSecurityInfo(&security_info2); | 154 helper.GetSecurityInfo(&security_info2); |
| 143 EXPECT_EQ(DEPRECATED_SHA1_MINOR, security_info2.sha1_deprecation_status); | 155 EXPECT_TRUE(security_info2.sha1_in_chain); |
| 144 EXPECT_EQ(CONTENT_STATUS_RAN, security_info2.mixed_content_status); | 156 EXPECT_EQ(CONTENT_STATUS_RAN, security_info2.mixed_content_status); |
| 145 EXPECT_EQ(DANGEROUS, security_info2.security_level); | 157 EXPECT_EQ(DANGEROUS, security_info2.security_level); |
| 146 } | 158 } |
| 147 | 159 |
| 148 // Tests that SHA1 warnings don't interfere with the handling of major | 160 // Tests that SHA1-signed certificates, when allowed by policy, |
| 149 // cert errors. | 161 // don't interfere with the handling of major cert errors. |
| 150 TEST(SecurityStateTest, SHA1WarningBrokenHTTPS) { | 162 TEST(SecurityStateTest, SHA1WarningBrokenHTTPS) { |
| 151 TestSecurityStateHelper helper; | 163 TestSecurityStateHelper helper; |
| 152 helper.AddCertStatus(net::CERT_STATUS_DATE_INVALID); | 164 helper.AddCertStatus(net::CERT_STATUS_DATE_INVALID); |
| 153 SecurityInfo security_info; | 165 SecurityInfo security_info; |
| 154 helper.GetSecurityInfo(&security_info); | 166 helper.GetSecurityInfo(&security_info); |
| 155 EXPECT_EQ(DEPRECATED_SHA1_MINOR, security_info.sha1_deprecation_status); | 167 EXPECT_TRUE(security_info.sha1_in_chain); |
| 156 EXPECT_EQ(DANGEROUS, security_info.security_level); | 168 EXPECT_EQ(DANGEROUS, security_info.security_level); |
| 157 } | 169 } |
| 158 | 170 |
| 159 // Tests that |security_info.is_secure_protocol_and_ciphersuite| is | 171 // Tests that |security_info.is_secure_protocol_and_ciphersuite| is |
| 160 // computed correctly. | 172 // computed correctly. |
| 161 TEST(SecurityStateTest, SecureProtocolAndCiphersuite) { | 173 TEST(SecurityStateTest, SecureProtocolAndCiphersuite) { |
| 162 TestSecurityStateHelper helper; | 174 TestSecurityStateHelper helper; |
| 163 // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 from | 175 // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 from |
| 164 // http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-param
eters-4 | 176 // http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-param
eters-4 |
| 165 const uint16_t ciphersuite = 0xc02f; | 177 const uint16_t ciphersuite = 0xc02f; |
| (...skipping 145 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 311 helper.GetSecurityInfo(&security_info); | 323 helper.GetSecurityInfo(&security_info); |
| 312 histograms.ExpectUniqueSample(kHistogramName, 2 /* HTTP_SHOW_WARNING */, 1); | 324 histograms.ExpectUniqueSample(kHistogramName, 2 /* HTTP_SHOW_WARNING */, 1); |
| 313 | 325 |
| 314 // Ensure histogram recorded correctly even without a password input. | 326 // Ensure histogram recorded correctly even without a password input. |
| 315 helper.set_displayed_password_field_on_http(false); | 327 helper.set_displayed_password_field_on_http(false); |
| 316 helper.GetSecurityInfo(&security_info); | 328 helper.GetSecurityInfo(&security_info); |
| 317 histograms.ExpectUniqueSample(kHistogramName, 2 /* HTTP_SHOW_WARNING */, 2); | 329 histograms.ExpectUniqueSample(kHistogramName, 2 /* HTTP_SHOW_WARNING */, 2); |
| 318 } | 330 } |
| 319 | 331 |
| 320 } // namespace security_state | 332 } // namespace security_state |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2616553002:
Remove obsolete SHA-1 UX elements (Closed)
