| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "components/security_state/core/security_state.h" | 5 #include "components/security_state/core/security_state.h" |
| 6 | 6 |
| 7 #include <stdint.h> | 7 #include <stdint.h> |
| 8 #include <utility> |
| 8 | 9 |
| 9 #include "base/bind.h" | 10 #include "base/bind.h" |
| 10 #include "base/command_line.h" | 11 #include "base/command_line.h" |
| 11 #include "base/memory/ptr_util.h" | 12 #include "base/memory/ptr_util.h" |
| 12 #include "base/test/histogram_tester.h" | 13 #include "base/test/histogram_tester.h" |
| 14 #include "base/test/scoped_command_line.h" |
| 15 #include "components/security_state/core/switches.h" |
| 13 #include "net/cert/x509_certificate.h" | 16 #include "net/cert/x509_certificate.h" |
| 14 #include "net/ssl/ssl_cipher_suite_names.h" | 17 #include "net/ssl/ssl_cipher_suite_names.h" |
| 15 #include "net/ssl/ssl_connection_status_flags.h" | 18 #include "net/ssl/ssl_connection_status_flags.h" |
| 16 #include "net/test/cert_test_util.h" | 19 #include "net/test/cert_test_util.h" |
| 17 #include "net/test/test_certificate_data.h" | 20 #include "net/test/test_certificate_data.h" |
| 18 #include "net/test/test_data_directory.h" | 21 #include "net/test/test_data_directory.h" |
| 19 #include "testing/gtest/include/gtest/gtest.h" | 22 #include "testing/gtest/include/gtest/gtest.h" |
| 20 | 23 |
| 21 namespace security_state { | 24 namespace security_state { |
| 22 | 25 |
| (...skipping 19 matching lines...) Expand all Loading... |
| 42 cert_(net::ImportCertFromFile(net::GetTestCertsDirectory(), | 45 cert_(net::ImportCertFromFile(net::GetTestCertsDirectory(), |
| 43 "sha1_2016.pem")), | 46 "sha1_2016.pem")), |
| 44 connection_status_(net::SSL_CONNECTION_VERSION_TLS1_2 | 47 connection_status_(net::SSL_CONNECTION_VERSION_TLS1_2 |
| 45 << net::SSL_CONNECTION_VERSION_SHIFT), | 48 << net::SSL_CONNECTION_VERSION_SHIFT), |
| 46 cert_status_(net::CERT_STATUS_SHA1_SIGNATURE_PRESENT), | 49 cert_status_(net::CERT_STATUS_SHA1_SIGNATURE_PRESENT), |
| 47 displayed_mixed_content_(false), | 50 displayed_mixed_content_(false), |
| 48 contained_mixed_form_(false), | 51 contained_mixed_form_(false), |
| 49 ran_mixed_content_(false), | 52 ran_mixed_content_(false), |
| 50 malicious_content_status_(MALICIOUS_CONTENT_STATUS_NONE), | 53 malicious_content_status_(MALICIOUS_CONTENT_STATUS_NONE), |
| 51 displayed_password_field_on_http_(false), | 54 displayed_password_field_on_http_(false), |
| 52 displayed_credit_card_field_on_http_(false) {} | 55 displayed_credit_card_field_on_http_(false), |
| 56 is_incognito_(false) {} |
| 53 virtual ~TestSecurityStateHelper() {} | 57 virtual ~TestSecurityStateHelper() {} |
| 54 | 58 |
| 55 void SetCertificate(scoped_refptr<net::X509Certificate> cert) { | 59 void SetCertificate(scoped_refptr<net::X509Certificate> cert) { |
| 56 cert_ = std::move(cert); | 60 cert_ = std::move(cert); |
| 57 } | 61 } |
| 58 void set_connection_status(int connection_status) { | 62 void set_connection_status(int connection_status) { |
| 59 connection_status_ = connection_status; | 63 connection_status_ = connection_status; |
| 60 } | 64 } |
| 61 void SetCipherSuite(uint16_t ciphersuite) { | 65 void SetCipherSuite(uint16_t ciphersuite) { |
| 62 net::SSLConnectionStatusSetCipherSuite(ciphersuite, &connection_status_); | 66 net::SSLConnectionStatusSetCipherSuite(ciphersuite, &connection_status_); |
| (...skipping 15 matching lines...) Expand all Loading... |
| 78 malicious_content_status_ = malicious_content_status; | 82 malicious_content_status_ = malicious_content_status; |
| 79 } | 83 } |
| 80 void set_displayed_password_field_on_http( | 84 void set_displayed_password_field_on_http( |
| 81 bool displayed_password_field_on_http) { | 85 bool displayed_password_field_on_http) { |
| 82 displayed_password_field_on_http_ = displayed_password_field_on_http; | 86 displayed_password_field_on_http_ = displayed_password_field_on_http; |
| 83 } | 87 } |
| 84 void set_displayed_credit_card_field_on_http( | 88 void set_displayed_credit_card_field_on_http( |
| 85 bool displayed_credit_card_field_on_http) { | 89 bool displayed_credit_card_field_on_http) { |
| 86 displayed_credit_card_field_on_http_ = displayed_credit_card_field_on_http; | 90 displayed_credit_card_field_on_http_ = displayed_credit_card_field_on_http; |
| 87 } | 91 } |
| 92 void set_is_incognito(bool is_incognito) { is_incognito_ = is_incognito; } |
| 88 | 93 |
| 89 void SetUrl(const GURL& url) { url_ = url; } | 94 void SetUrl(const GURL& url) { url_ = url; } |
| 90 | 95 |
| 91 std::unique_ptr<VisibleSecurityState> GetVisibleSecurityState() const { | 96 std::unique_ptr<VisibleSecurityState> GetVisibleSecurityState() const { |
| 92 auto state = base::MakeUnique<VisibleSecurityState>(); | 97 auto state = base::MakeUnique<VisibleSecurityState>(); |
| 93 state->connection_info_initialized = true; | 98 state->connection_info_initialized = true; |
| 94 state->url = url_; | 99 state->url = url_; |
| 95 state->certificate = cert_; | 100 state->certificate = cert_; |
| 96 state->cert_status = cert_status_; | 101 state->cert_status = cert_status_; |
| 97 state->connection_status = connection_status_; | 102 state->connection_status = connection_status_; |
| 98 state->security_bits = 256; | 103 state->security_bits = 256; |
| 99 state->displayed_mixed_content = displayed_mixed_content_; | 104 state->displayed_mixed_content = displayed_mixed_content_; |
| 100 state->contained_mixed_form = contained_mixed_form_; | 105 state->contained_mixed_form = contained_mixed_form_; |
| 101 state->ran_mixed_content = ran_mixed_content_; | 106 state->ran_mixed_content = ran_mixed_content_; |
| 102 state->malicious_content_status = malicious_content_status_; | 107 state->malicious_content_status = malicious_content_status_; |
| 103 state->displayed_password_field_on_http = displayed_password_field_on_http_; | 108 state->displayed_password_field_on_http = displayed_password_field_on_http_; |
| 104 state->displayed_credit_card_field_on_http = | 109 state->displayed_credit_card_field_on_http = |
| 105 displayed_credit_card_field_on_http_; | 110 displayed_credit_card_field_on_http_; |
| 111 state->is_incognito = is_incognito_; |
| 106 return state; | 112 return state; |
| 107 } | 113 } |
| 108 | 114 |
| 109 void GetSecurityInfo(SecurityInfo* security_info) const { | 115 void GetSecurityInfo(SecurityInfo* security_info) const { |
| 110 security_state::GetSecurityInfo( | 116 security_state::GetSecurityInfo( |
| 111 GetVisibleSecurityState(), | 117 GetVisibleSecurityState(), |
| 112 false /* used policy installed certificate */, | 118 false /* used policy installed certificate */, |
| 113 base::Bind(&IsOriginSecure), security_info); | 119 base::Bind(&IsOriginSecure), security_info); |
| 114 } | 120 } |
| 115 | 121 |
| 116 private: | 122 private: |
| 117 GURL url_; | 123 GURL url_; |
| 118 scoped_refptr<net::X509Certificate> cert_; | 124 scoped_refptr<net::X509Certificate> cert_; |
| 119 int connection_status_; | 125 int connection_status_; |
| 120 net::CertStatus cert_status_; | 126 net::CertStatus cert_status_; |
| 121 bool displayed_mixed_content_; | 127 bool displayed_mixed_content_; |
| 122 bool contained_mixed_form_; | 128 bool contained_mixed_form_; |
| 123 bool ran_mixed_content_; | 129 bool ran_mixed_content_; |
| 124 MaliciousContentStatus malicious_content_status_; | 130 MaliciousContentStatus malicious_content_status_; |
| 125 bool displayed_password_field_on_http_; | 131 bool displayed_password_field_on_http_; |
| 126 bool displayed_credit_card_field_on_http_; | 132 bool displayed_credit_card_field_on_http_; |
| 133 bool is_incognito_; |
| 127 }; | 134 }; |
| 128 | 135 |
| 129 } // namespace | 136 } // namespace |
| 130 | 137 |
| 131 // Tests that SHA1-signed certificates, when not allowed by policy, downgrade | 138 // Tests that SHA1-signed certificates, when not allowed by policy, downgrade |
| 132 // the security state of the page to DANGEROUS. | 139 // the security state of the page to DANGEROUS. |
| 133 TEST(SecurityStateTest, SHA1Blocked) { | 140 TEST(SecurityStateTest, SHA1Blocked) { |
| 134 TestSecurityStateHelper helper; | 141 TestSecurityStateHelper helper; |
| 135 helper.AddCertStatus(net::CERT_STATUS_WEAK_SIGNATURE_ALGORITHM); | 142 helper.AddCertStatus(net::CERT_STATUS_WEAK_SIGNATURE_ALGORITHM); |
| 136 helper.AddCertStatus(net::CERT_STATUS_SHA1_SIGNATURE_PRESENT); | 143 helper.AddCertStatus(net::CERT_STATUS_SHA1_SIGNATURE_PRESENT); |
| (...skipping 209 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 346 TestSecurityStateHelper helper; | 353 TestSecurityStateHelper helper; |
| 347 helper.SetUrl(GURL(url)); | 354 helper.SetUrl(GURL(url)); |
| 348 SecurityInfo security_info; | 355 SecurityInfo security_info; |
| 349 helper.GetSecurityInfo(&security_info); | 356 helper.GetSecurityInfo(&security_info); |
| 350 EXPECT_FALSE(security_info.displayed_password_field_on_http); | 357 EXPECT_FALSE(security_info.displayed_password_field_on_http); |
| 351 EXPECT_FALSE(security_info.displayed_credit_card_field_on_http); | 358 EXPECT_FALSE(security_info.displayed_credit_card_field_on_http); |
| 352 EXPECT_EQ(NONE, security_info.security_level); | 359 EXPECT_EQ(NONE, security_info.security_level); |
| 353 } | 360 } |
| 354 } | 361 } |
| 355 | 362 |
| 363 // Tests that |incognito_downgraded_security_level| is set only when the |
| 364 // corresponding VisibleSecurityState flag is set and the HTTPBad Phase 2 |
| 365 // experiment is enabled. |
| 366 TEST(SecurityStateTest, IncognitoFlagPropagates) { |
| 367 TestSecurityStateHelper helper; |
| 368 helper.SetUrl(GURL(kHttpUrl)); |
| 369 SecurityInfo security_info; |
| 370 helper.GetSecurityInfo(&security_info); |
| 371 EXPECT_FALSE(security_info.incognito_downgraded_security_level); |
| 372 |
| 373 helper.set_is_incognito(true); |
| 374 helper.GetSecurityInfo(&security_info); |
| 375 EXPECT_FALSE(security_info.incognito_downgraded_security_level); |
| 376 { |
| 377 // Enable the "non-secure-while-incognito" configuration. |
| 378 base::test::ScopedCommandLine scoped_command_line; |
| 379 scoped_command_line.GetProcessCommandLine()->AppendSwitchASCII( |
| 380 security_state::switches::kMarkHttpAs, |
| 381 security_state::switches::kMarkHttpAsNonSecureWhileIncognito); |
| 382 helper.GetSecurityInfo(&security_info); |
| 383 EXPECT_TRUE(security_info.incognito_downgraded_security_level); |
| 384 } |
| 385 } |
| 386 |
| 356 // Tests that SSL.MarkHttpAsStatus histogram is updated when security state is | 387 // Tests that SSL.MarkHttpAsStatus histogram is updated when security state is |
| 357 // computed for a page. | 388 // computed for a page. |
| 358 TEST(SecurityStateTest, MarkHttpAsStatusHistogram) { | 389 TEST(SecurityStateTest, MarkHttpAsStatusHistogram) { |
| 359 const char* kHistogramName = "SSL.MarkHttpAsStatus"; | 390 const char* kHistogramName = "SSL.MarkHttpAsStatus"; |
| 360 base::HistogramTester histograms; | 391 base::HistogramTester histograms; |
| 361 TestSecurityStateHelper helper; | 392 TestSecurityStateHelper helper; |
| 362 helper.SetUrl(GURL(kHttpUrl)); | 393 helper.SetUrl(GURL(kHttpUrl)); |
| 363 | 394 |
| 364 // Ensure histogram recorded correctly when a non-secure password input is | 395 // Ensure histogram recorded correctly when a non-secure password input is |
| 365 // found on the page. | 396 // found on the page. |
| 366 helper.set_displayed_password_field_on_http(true); | 397 helper.set_displayed_password_field_on_http(true); |
| 367 SecurityInfo security_info; | 398 SecurityInfo security_info; |
| 368 histograms.ExpectTotalCount(kHistogramName, 0); | 399 histograms.ExpectTotalCount(kHistogramName, 0); |
| 369 helper.GetSecurityInfo(&security_info); | 400 helper.GetSecurityInfo(&security_info); |
| 370 histograms.ExpectUniqueSample(kHistogramName, 2 /* HTTP_SHOW_WARNING */, 1); | 401 histograms.ExpectUniqueSample( |
| 402 kHistogramName, 2 /* HTTP_SHOW_WARNING_ON_SENSITIVE_FIELDS */, 1); |
| 371 | 403 |
| 372 // Ensure histogram recorded correctly even without a password input. | 404 // Ensure histogram recorded correctly even without a password input. |
| 373 helper.set_displayed_password_field_on_http(false); | 405 helper.set_displayed_password_field_on_http(false); |
| 374 helper.GetSecurityInfo(&security_info); | 406 helper.GetSecurityInfo(&security_info); |
| 375 histograms.ExpectUniqueSample(kHistogramName, 2 /* HTTP_SHOW_WARNING */, 2); | 407 histograms.ExpectUniqueSample( |
| 408 kHistogramName, 2 /* HTTP_SHOW_WARNING_ON_SENSITIVE_FIELDS */, 2); |
| 409 |
| 410 { |
| 411 // Test the "non-secure-while-incognito" configuration. |
| 412 base::test::ScopedCommandLine scoped_command_line; |
| 413 scoped_command_line.GetProcessCommandLine()->AppendSwitchASCII( |
| 414 security_state::switches::kMarkHttpAs, |
| 415 security_state::switches::kMarkHttpAsNonSecureWhileIncognito); |
| 416 |
| 417 base::HistogramTester histograms; |
| 418 TestSecurityStateHelper helper; |
| 419 helper.SetUrl(GURL(kHttpUrl)); |
| 420 |
| 421 // Ensure histogram recorded correctly when the Incognito flag is present. |
| 422 helper.set_is_incognito(true); |
| 423 SecurityInfo security_info; |
| 424 histograms.ExpectTotalCount(kHistogramName, 0); |
| 425 helper.GetSecurityInfo(&security_info); |
| 426 EXPECT_TRUE(security_info.incognito_downgraded_security_level); |
| 427 histograms.ExpectUniqueSample(kHistogramName, |
| 428 4 /* NON_SECURE_WHILE_INCOGNITO */, 1); |
| 429 |
| 430 // Ensure histogram recorded correctly even without the Incognito flag. |
| 431 helper.set_is_incognito(false); |
| 432 helper.GetSecurityInfo(&security_info); |
| 433 EXPECT_FALSE(security_info.incognito_downgraded_security_level); |
| 434 histograms.ExpectUniqueSample(kHistogramName, |
| 435 4 /* NON_SECURE_WHILE_INCOGNITO */, 2); |
| 436 } |
| 437 |
| 438 { |
| 439 // Test the "non-secure-while-incognito-or-editing" configuration. |
| 440 base::test::ScopedCommandLine scoped_command_line; |
| 441 scoped_command_line.GetProcessCommandLine()->AppendSwitchASCII( |
| 442 security_state::switches::kMarkHttpAs, |
| 443 security_state::switches::kMarkHttpAsNonSecureWhileIncognitoOrEditing); |
| 444 |
| 445 base::HistogramTester histograms; |
| 446 TestSecurityStateHelper helper; |
| 447 helper.SetUrl(GURL(kHttpUrl)); |
| 448 |
| 449 // Ensure histogram recorded correctly when the Incognito flag is present. |
| 450 helper.set_is_incognito(true); |
| 451 SecurityInfo security_info; |
| 452 histograms.ExpectTotalCount(kHistogramName, 0); |
| 453 helper.GetSecurityInfo(&security_info); |
| 454 EXPECT_TRUE(security_info.incognito_downgraded_security_level); |
| 455 histograms.ExpectUniqueSample( |
| 456 kHistogramName, 5 /* NON_SECURE_WHILE_INCOGNITO_OR_EDITING */, 1); |
| 457 |
| 458 // Ensure histogram recorded correctly even without the Incognito flag. |
| 459 helper.set_is_incognito(false); |
| 460 helper.GetSecurityInfo(&security_info); |
| 461 EXPECT_FALSE(security_info.incognito_downgraded_security_level); |
| 462 histograms.ExpectUniqueSample( |
| 463 kHistogramName, 5 /* NON_SECURE_WHILE_INCOGNITO_OR_EDITING */, 2); |
| 464 } |
| 376 } | 465 } |
| 377 | 466 |
| 378 TEST(SecurityStateTest, DetectSubjectAltName) { | 467 TEST(SecurityStateTest, DetectSubjectAltName) { |
| 379 TestSecurityStateHelper helper; | 468 TestSecurityStateHelper helper; |
| 380 | 469 |
| 381 // Ensure subjectAltName is detected as present when the cert includes it. | 470 // Ensure subjectAltName is detected as present when the cert includes it. |
| 382 SecurityInfo san_security_info; | 471 SecurityInfo san_security_info; |
| 383 helper.GetSecurityInfo(&san_security_info); | 472 helper.GetSecurityInfo(&san_security_info); |
| 384 EXPECT_FALSE(san_security_info.cert_missing_subject_alt_name); | 473 EXPECT_FALSE(san_security_info.cert_missing_subject_alt_name); |
| 385 | 474 |
| (...skipping 28 matching lines...) Expand all Loading... |
| 414 helper.set_ran_mixed_content(true); | 503 helper.set_ran_mixed_content(true); |
| 415 SecurityInfo mixed_form_and_active_security_info; | 504 SecurityInfo mixed_form_and_active_security_info; |
| 416 helper.GetSecurityInfo(&mixed_form_and_active_security_info); | 505 helper.GetSecurityInfo(&mixed_form_and_active_security_info); |
| 417 EXPECT_TRUE(mixed_form_and_active_security_info.contained_mixed_form); | 506 EXPECT_TRUE(mixed_form_and_active_security_info.contained_mixed_form); |
| 418 EXPECT_EQ(CONTENT_STATUS_RAN, | 507 EXPECT_EQ(CONTENT_STATUS_RAN, |
| 419 mixed_form_and_active_security_info.mixed_content_status); | 508 mixed_form_and_active_security_info.mixed_content_status); |
| 420 EXPECT_EQ(DANGEROUS, mixed_form_and_active_security_info.security_level); | 509 EXPECT_EQ(DANGEROUS, mixed_form_and_active_security_info.security_level); |
| 421 } | 510 } |
| 422 | 511 |
| 423 } // namespace security_state | 512 } // namespace security_state |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2917873004:
Implement 'Not secure' warning for non-secure pages in Incognito mode (Closed)
