Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(5608)

Unified Diff: chrome/browser/ssl/ssl_error_handler_unittest.cc

Issue 2777383002: Update SSL error handling code to account for Subject CN deprecation (Closed)
Patch Set: Address Emily's feedback, add new histogram values. Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: chrome/browser/ssl/ssl_error_handler_unittest.cc
diff --git a/chrome/browser/ssl/ssl_error_handler_unittest.cc b/chrome/browser/ssl/ssl_error_handler_unittest.cc
index 19471ae78d789477045d3911fed819458300186c..986fe4d57b8fb4d74f6ccc2624e0f63a9cbeec0f 100644
--- a/chrome/browser/ssl/ssl_error_handler_unittest.cc
+++ b/chrome/browser/ssl/ssl_error_handler_unittest.cc
@@ -201,8 +201,7 @@ class SSLErrorHandlerNameMismatchTest : public ChromeRenderViewHostTestHarness {
ChromeRenderViewHostTestHarness::SetUp();
SSLErrorHandler::ResetConfigForTesting();
SSLErrorHandler::SetInterstitialDelayForTesting(base::TimeDelta());
- ssl_info_.cert =
- net::ImportCertFromFile(net::GetTestCertsDirectory(), "ok_cert.pem");
+ ssl_info_.cert = GetCertificate();
ssl_info_.cert_status = net::CERT_STATUS_COMMON_NAME_INVALID;
ssl_info_.public_key_hashes.push_back(
net::HashValue(kCertPublicKeyHashValue));
@@ -217,6 +216,13 @@ class SSLErrorHandlerNameMismatchTest : public ChromeRenderViewHostTestHarness {
base::Callback<void(content::CertificateRequestResultType)>()));
}
+ // Returns a certificate for the test. Virtual to allow derived fixtures to
+ // use a certificate with different characteristics.
+ virtual scoped_refptr<net::X509Certificate> GetCertificate() {
estark 2017/04/04 17:22:07 nit: make protected
elawrence 2017/04/04 19:53:24 I made it private based on usage.
+ return net::ImportCertFromFile(net::GetTestCertsDirectory(),
+ "subjectAltName_www_example_com.pem");
+ }
+
void TearDown() override {
EXPECT_FALSE(error_handler()->IsTimerRunningForTesting());
error_handler_.reset(nullptr);
@@ -224,6 +230,8 @@ class SSLErrorHandlerNameMismatchTest : public ChromeRenderViewHostTestHarness {
ChromeRenderViewHostTestHarness::TearDown();
}
+ ~SSLErrorHandlerNameMismatchTest() override {}
estark 2017/04/04 17:22:07 nit: should go at line 199
elawrence 2017/04/04 19:53:24 Done.
+
TestSSLErrorHandler* error_handler() { return error_handler_.get(); }
TestSSLErrorHandlerDelegate* delegate() { return delegate_; }
@@ -238,6 +246,21 @@ class SSLErrorHandlerNameMismatchTest : public ChromeRenderViewHostTestHarness {
DISALLOW_COPY_AND_ASSIGN(SSLErrorHandlerNameMismatchTest);
};
+// A class to test name mismatch errors, where the certificate lacks a
+// SubjectAltName. Creates an error handler with a name mismatch error.
+class SSLErrorHandlerNameMismatchNoSANTest
+ : public SSLErrorHandlerNameMismatchTest {
+ public:
+ SSLErrorHandlerNameMismatchNoSANTest() {}
+
+ // Return a certificate that contains no SubjectAltName field.
+ scoped_refptr<net::X509Certificate> GetCertificate() override {
+ return net::ImportCertFromFile(net::GetTestCertsDirectory(), "ok_cert.pem");
+ }
+
+ DISALLOW_COPY_AND_ASSIGN(SSLErrorHandlerNameMismatchNoSANTest);
+};
+
// A class to test the captive portal certificate list feature. Creates an error
// handler with a name mismatch error by default. The error handler can be
// recreated by calling ResetErrorHandler() with an appropriate cert status.
@@ -575,7 +598,7 @@ TEST_F(SSLErrorHandlerNameMismatchTest,
histograms.ExpectBucketCount(SSLErrorHandler::GetHistogramNameForTesting(),
SSLErrorHandler::HANDLE_ALL, 1);
histograms.ExpectBucketCount(SSLErrorHandler::GetHistogramNameForTesting(),
- SSLErrorHandler::WWW_MISMATCH_FOUND, 1);
+ SSLErrorHandler::WWW_MISMATCH_FOUND_IN_SAN, 1);
histograms.ExpectBucketCount(
SSLErrorHandler::GetHistogramNameForTesting(),
SSLErrorHandler::SHOW_SSL_INTERSTITIAL_OVERRIDABLE, 1);
@@ -649,7 +672,7 @@ TEST_F(SSLErrorHandlerNameMismatchTest,
histograms.ExpectBucketCount(SSLErrorHandler::GetHistogramNameForTesting(),
SSLErrorHandler::HANDLE_ALL, 1);
histograms.ExpectBucketCount(SSLErrorHandler::GetHistogramNameForTesting(),
- SSLErrorHandler::WWW_MISMATCH_FOUND, 1);
+ SSLErrorHandler::WWW_MISMATCH_FOUND_IN_SAN, 1);
histograms.ExpectBucketCount(
SSLErrorHandler::GetHistogramNameForTesting(),
SSLErrorHandler::SHOW_SSL_INTERSTITIAL_OVERRIDABLE, 1);
@@ -681,11 +704,35 @@ TEST_F(SSLErrorHandlerNameMismatchTest,
histograms.ExpectBucketCount(SSLErrorHandler::GetHistogramNameForTesting(),
SSLErrorHandler::HANDLE_ALL, 1);
histograms.ExpectBucketCount(SSLErrorHandler::GetHistogramNameForTesting(),
- SSLErrorHandler::WWW_MISMATCH_FOUND, 1);
+ SSLErrorHandler::WWW_MISMATCH_FOUND_IN_SAN, 1);
histograms.ExpectBucketCount(SSLErrorHandler::GetHistogramNameForTesting(),
SSLErrorHandler::WWW_MISMATCH_URL_AVAILABLE, 1);
}
+// No suggestions should be requested if certificate lacks a SubjectAltName.
+TEST_F(SSLErrorHandlerNameMismatchNoSANTest,
+ SSLCommonNameMismatchHandlingRequiresSubjectAltName) {
+ base::HistogramTester histograms;
+ EXPECT_FALSE(error_handler()->IsTimerRunningForTesting());
+ delegate()->set_suggested_url_exists();
+ error_handler()->StartHandlingError();
+
+ EXPECT_FALSE(delegate()->suggested_url_checked());
+ base::RunLoop().RunUntilIdle();
+
+ EXPECT_TRUE(delegate()->ssl_interstitial_shown());
+ EXPECT_FALSE(delegate()->redirected_to_suggested_url());
+
+ histograms.ExpectTotalCount(SSLErrorHandler::GetHistogramNameForTesting(), 2);
+ histograms.ExpectBucketCount(SSLErrorHandler::GetHistogramNameForTesting(),
+ SSLErrorHandler::HANDLE_ALL, 1);
+ histograms.ExpectBucketCount(SSLErrorHandler::GetHistogramNameForTesting(),
+ SSLErrorHandler::WWW_MISMATCH_FOUND_IN_SAN, 0);
+ histograms.ExpectBucketCount(
+ SSLErrorHandler::GetHistogramNameForTesting(),
+ SSLErrorHandler::SHOW_SSL_INTERSTITIAL_OVERRIDABLE, 1);
+}
+
TEST_F(SSLErrorHandlerNameMismatchTest,
ShouldShowSSLInterstitialOnInvalidUrlCheckResult) {
base::HistogramTester histograms;
@@ -710,7 +757,7 @@ TEST_F(SSLErrorHandlerNameMismatchTest,
histograms.ExpectBucketCount(SSLErrorHandler::GetHistogramNameForTesting(),
SSLErrorHandler::HANDLE_ALL, 1);
histograms.ExpectBucketCount(SSLErrorHandler::GetHistogramNameForTesting(),
- SSLErrorHandler::WWW_MISMATCH_FOUND, 1);
+ SSLErrorHandler::WWW_MISMATCH_FOUND_IN_SAN, 1);
histograms.ExpectBucketCount(SSLErrorHandler::GetHistogramNameForTesting(),
SSLErrorHandler::WWW_MISMATCH_URL_NOT_AVAILABLE,
1);

Powered by Google App Engine
This is Rietveld 408576698