| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/ssl/security_state_tab_helper.h" | 5 #include "chrome/browser/ssl/security_state_tab_helper.h" |
| 6 | 6 |
| 7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
| 8 #include "base/files/file_path.h" | 8 #include "base/files/file_path.h" |
| 9 #include "base/macros.h" | 9 #include "base/macros.h" |
| 10 #include "base/strings/string_split.h" | 10 #include "base/strings/string_split.h" |
| (...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 61 #include "third_party/boringssl/src/include/openssl/ssl.h" | 61 #include "third_party/boringssl/src/include/openssl/ssl.h" |
| 62 #include "ui/base/l10n/l10n_util.h" | 62 #include "ui/base/l10n/l10n_util.h" |
| 63 | 63 |
| 64 namespace { | 64 namespace { |
| 65 | 65 |
| 66 enum CertificateStatus { VALID_CERTIFICATE, INVALID_CERTIFICATE }; | 66 enum CertificateStatus { VALID_CERTIFICATE, INVALID_CERTIFICATE }; |
| 67 | 67 |
| 68 const base::FilePath::CharType kDocRoot[] = | 68 const base::FilePath::CharType kDocRoot[] = |
| 69 FILE_PATH_LITERAL("chrome/test/data"); | 69 FILE_PATH_LITERAL("chrome/test/data"); |
| 70 | 70 |
| 71 const std::string kTestCertificateIssuerName = "Test Root CA"; |
| 72 |
| 71 // Inject a script into every frame in the page. Used by tests that check for | 73 // Inject a script into every frame in the page. Used by tests that check for |
| 72 // visible password fields to wait for notifications about these | 74 // visible password fields to wait for notifications about these |
| 73 // fields. Notifications about visible password fields are queued at the end of | 75 // fields. Notifications about visible password fields are queued at the end of |
| 74 // the event loop, so waiting for a dummy script to run ensures that these | 76 // the event loop, so waiting for a dummy script to run ensures that these |
| 75 // notifications have been sent. | 77 // notifications have been sent. |
| 76 void InjectScript(content::WebContents* contents) { | 78 void InjectScript(content::WebContents* contents) { |
| 77 // Any frame in the page might have a password field, so inject scripts into | 79 // Any frame in the page might have a password field, so inject scripts into |
| 78 // all of them to ensure that notifications from all of them have been sent. | 80 // all of them to ensure that notifications from all of them have been sent. |
| 79 for (auto* frame : contents->GetAllFrames()) { | 81 for (auto* frame : contents->GetAllFrames()) { |
| 80 bool js_result = false; | 82 bool js_result = false; |
| (...skipping 78 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 159 // Checks that the given |secure_explanations| contains an appropriate | 161 // Checks that the given |secure_explanations| contains an appropriate |
| 160 // explanation if the certificate status is valid. | 162 // explanation if the certificate status is valid. |
| 161 void CheckSecureExplanations( | 163 void CheckSecureExplanations( |
| 162 const std::vector<content::SecurityStyleExplanation>& secure_explanations, | 164 const std::vector<content::SecurityStyleExplanation>& secure_explanations, |
| 163 CertificateStatus cert_status, | 165 CertificateStatus cert_status, |
| 164 Browser* browser, | 166 Browser* browser, |
| 165 net::X509Certificate* expected_cert) { | 167 net::X509Certificate* expected_cert) { |
| 166 ASSERT_EQ(cert_status == VALID_CERTIFICATE ? 2u : 1u, | 168 ASSERT_EQ(cert_status == VALID_CERTIFICATE ? 2u : 1u, |
| 167 secure_explanations.size()); | 169 secure_explanations.size()); |
| 168 if (cert_status == VALID_CERTIFICATE) { | 170 if (cert_status == VALID_CERTIFICATE) { |
| 171 ASSERT_EQ(kTestCertificateIssuerName, |
| 172 expected_cert->issuer().GetDisplayName()); |
| 169 EXPECT_EQ(l10n_util::GetStringUTF8(IDS_VALID_SERVER_CERTIFICATE), | 173 EXPECT_EQ(l10n_util::GetStringUTF8(IDS_VALID_SERVER_CERTIFICATE), |
| 170 secure_explanations[0].summary); | 174 secure_explanations[0].summary); |
| 171 EXPECT_EQ( | 175 EXPECT_EQ(l10n_util::GetStringFUTF8( |
| 172 l10n_util::GetStringUTF8(IDS_VALID_SERVER_CERTIFICATE_DESCRIPTION), | 176 IDS_VALID_SERVER_CERTIFICATE_DESCRIPTION, |
| 173 secure_explanations[0].description); | 177 base::UTF8ToUTF16(kTestCertificateIssuerName)), |
| 178 secure_explanations[0].description); |
| 174 net::X509Certificate* cert = browser->tab_strip_model() | 179 net::X509Certificate* cert = browser->tab_strip_model() |
| 175 ->GetActiveWebContents() | 180 ->GetActiveWebContents() |
| 176 ->GetController() | 181 ->GetController() |
| 177 .GetActiveEntry() | 182 .GetActiveEntry() |
| 178 ->GetSSL() | 183 ->GetSSL() |
| 179 .certificate.get(); | 184 .certificate.get(); |
| 180 EXPECT_TRUE(cert->Equals(expected_cert)); | 185 EXPECT_TRUE(cert->Equals(expected_cert)); |
| 181 EXPECT_TRUE(secure_explanations[0].has_certificate); | 186 EXPECT_TRUE(secure_explanations[0].has_certificate); |
| 182 } | 187 } |
| 183 | 188 |
| (...skipping 1929 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2113 // the TLS settings are obsolete. | 2118 // the TLS settings are obsolete. |
| 2114 for (const auto& explanation : | 2119 for (const auto& explanation : |
| 2115 observer.latest_explanations().secure_explanations) { | 2120 observer.latest_explanations().secure_explanations) { |
| 2116 EXPECT_NE(l10n_util::GetStringUTF8(IDS_STRONG_SSL_SUMMARY), | 2121 EXPECT_NE(l10n_util::GetStringUTF8(IDS_STRONG_SSL_SUMMARY), |
| 2117 explanation.summary); | 2122 explanation.summary); |
| 2118 } | 2123 } |
| 2119 | 2124 |
| 2120 // Populate description string replacement with values corresponding | 2125 // Populate description string replacement with values corresponding |
| 2121 // to test constants. | 2126 // to test constants. |
| 2122 std::vector<base::string16> description_replacements; | 2127 std::vector<base::string16> description_replacements; |
| 2128 description_replacements.push_back(base::ASCIIToUTF16("TLS 1.1")); |
| 2123 description_replacements.push_back( | 2129 description_replacements.push_back( |
| 2124 l10n_util::GetStringUTF16(IDS_SSL_AN_OBSOLETE_PROTOCOL)); | 2130 l10n_util::GetStringUTF16(IDS_SSL_AN_OBSOLETE_PROTOCOL)); |
| 2125 description_replacements.push_back(base::ASCIIToUTF16("TLS 1.1")); | 2131 description_replacements.push_back(base::ASCIIToUTF16("ECDHE_RSA")); |
| 2126 description_replacements.push_back( | 2132 description_replacements.push_back( |
| 2127 l10n_util::GetStringUTF16(IDS_SSL_A_STRONG_KEY_EXCHANGE)); | 2133 l10n_util::GetStringUTF16(IDS_SSL_A_STRONG_KEY_EXCHANGE)); |
| 2128 description_replacements.push_back(base::ASCIIToUTF16("ECDHE_RSA")); | 2134 description_replacements.push_back( |
| 2135 base::ASCIIToUTF16("AES_128_CBC with HMAC-SHA1")); |
| 2129 description_replacements.push_back( | 2136 description_replacements.push_back( |
| 2130 l10n_util::GetStringUTF16(IDS_SSL_AN_OBSOLETE_CIPHER)); | 2137 l10n_util::GetStringUTF16(IDS_SSL_AN_OBSOLETE_CIPHER)); |
| 2131 description_replacements.push_back( | |
| 2132 base::ASCIIToUTF16("AES_128_CBC with HMAC-SHA1")); | |
| 2133 base::string16 obsolete_description = l10n_util::GetStringFUTF16( | 2138 base::string16 obsolete_description = l10n_util::GetStringFUTF16( |
| 2134 IDS_OBSOLETE_SSL_DESCRIPTION, description_replacements, nullptr); | 2139 IDS_OBSOLETE_SSL_DESCRIPTION, description_replacements, nullptr); |
| 2135 | 2140 |
| 2136 EXPECT_EQ( | 2141 EXPECT_EQ( |
| 2137 obsolete_description, | 2142 obsolete_description, |
| 2138 base::ASCIIToUTF16( | 2143 base::ASCIIToUTF16( |
| 2139 observer.latest_explanations().info_explanations[0].description)); | 2144 observer.latest_explanations().info_explanations[0].description)); |
| 2140 } | 2145 } |
| 2141 | 2146 |
| 2142 } // namespace | 2147 } // namespace |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2951043002:
Prepare security bullets for Android: add issuer and change connection details. (Closed)
