OLD | NEW |
1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "components/security_state/content/content_utils.h" | 5 #include "components/security_state/content/content_utils.h" |
6 | 6 |
7 #include <vector> | 7 #include <vector> |
8 | 8 |
9 #include "base/command_line.h" | 9 #include "base/command_line.h" |
10 #include "base/test/histogram_tester.h" | 10 #include "base/test/histogram_tester.h" |
(...skipping 146 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
157 for (const auto& entry : explanations) { | 157 for (const auto& entry : explanations) { |
158 if (entry.summary == summary) { | 158 if (entry.summary == summary) { |
159 *explanation = entry; | 159 *explanation = entry; |
160 return true; | 160 return true; |
161 } | 161 } |
162 } | 162 } |
163 | 163 |
164 return false; | 164 return false; |
165 } | 165 } |
166 | 166 |
167 // Test that connection explanations are formated as expected. Note the strings | 167 // Test that connection explanations are formatted as expected. Note the strings |
168 // are not translated and so will be the same in any locale. | 168 // are not translated and so will be the same in any locale. |
169 TEST(SecurityStateContentUtilsTest, ConnectionExplanation) { | 169 TEST(SecurityStateContentUtilsTest, ConnectionExplanation) { |
170 // Test a modern configuration with a key exchange group. | 170 // Test a modern configuration with a key exchange group. |
171 security_state::SecurityInfo security_info; | 171 security_state::SecurityInfo security_info; |
172 security_info.cert_status = net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION; | 172 security_info.cert_status = net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION; |
173 security_info.scheme_is_cryptographic = true; | 173 security_info.scheme_is_cryptographic = true; |
174 net::SSLConnectionStatusSetCipherSuite( | 174 net::SSLConnectionStatusSetCipherSuite( |
175 0xcca8 /* TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 */, | 175 0xcca8 /* TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 */, |
176 &security_info.connection_status); | 176 &security_info.connection_status); |
177 net::SSLConnectionStatusSetVersion(net::SSL_CONNECTION_VERSION_TLS1_2, | 177 net::SSLConnectionStatusSetVersion(net::SSL_CONNECTION_VERSION_TLS1_2, |
178 &security_info.connection_status); | 178 &security_info.connection_status); |
179 security_info.key_exchange_group = 29; // X25519 | 179 security_info.key_exchange_group = 29; // X25519 |
180 | 180 |
181 { | 181 { |
182 content::SecurityStyleExplanations explanations; | 182 content::SecurityStyleExplanations explanations; |
183 GetSecurityStyle(security_info, &explanations); | 183 GetSecurityStyle(security_info, &explanations); |
184 content::SecurityStyleExplanation explanation; | 184 content::SecurityStyleExplanation explanation; |
185 ASSERT_TRUE(FindSecurityStyleExplanation( | 185 ASSERT_TRUE(FindSecurityStyleExplanation( |
186 explanations.secure_explanations, "Secure connection", &explanation)); | 186 explanations.secure_explanations, "Secure connection", &explanation)); |
187 EXPECT_EQ( | 187 EXPECT_EQ( |
188 "The connection to this site is encrypted and authenticated using a " | 188 "The connection to this site is encrypted and authenticated using TLS " |
189 "strong protocol (TLS 1.2), a strong key exchange (ECDHE_RSA with " | 189 "1.2 (a strong protocol), ECDHE_RSA with X25519 (a strong key " |
190 "X25519), and a strong cipher (CHACHA20_POLY1305).", | 190 "exchange), and CHACHA20_POLY1305 (a strong cipher).", |
191 explanation.description); | 191 explanation.description); |
192 } | 192 } |
193 | 193 |
194 // Some older cache entries may be missing the key exchange group, despite | 194 // Some older cache entries may be missing the key exchange group, despite |
195 // having a cipher which should supply one. | 195 // having a cipher which should supply one. |
196 security_info.key_exchange_group = 0; | 196 security_info.key_exchange_group = 0; |
197 { | 197 { |
198 content::SecurityStyleExplanations explanations; | 198 content::SecurityStyleExplanations explanations; |
199 GetSecurityStyle(security_info, &explanations); | 199 GetSecurityStyle(security_info, &explanations); |
200 content::SecurityStyleExplanation explanation; | 200 content::SecurityStyleExplanation explanation; |
201 ASSERT_TRUE(FindSecurityStyleExplanation( | 201 ASSERT_TRUE(FindSecurityStyleExplanation( |
202 explanations.secure_explanations, "Secure connection", &explanation)); | 202 explanations.secure_explanations, "Secure connection", &explanation)); |
203 EXPECT_EQ( | 203 EXPECT_EQ( |
204 "The connection to this site is encrypted and authenticated using a " | 204 "The connection to this site is encrypted and authenticated using TLS " |
205 "strong protocol (TLS 1.2), a strong key exchange (ECDHE_RSA), and a " | 205 "1.2 (a strong protocol), ECDHE_RSA (a strong key exchange), and " |
206 "strong cipher (CHACHA20_POLY1305).", | 206 "CHACHA20_POLY1305 (a strong cipher).", |
207 explanation.description); | 207 explanation.description); |
208 } | 208 } |
209 | 209 |
210 // TLS 1.3 ciphers use the key exchange group exclusively. | 210 // TLS 1.3 ciphers use the key exchange group exclusively. |
211 net::SSLConnectionStatusSetCipherSuite(0x1301 /* TLS_AES_128_GCM_SHA256 */, | 211 net::SSLConnectionStatusSetCipherSuite(0x1301 /* TLS_AES_128_GCM_SHA256 */, |
212 &security_info.connection_status); | 212 &security_info.connection_status); |
213 net::SSLConnectionStatusSetVersion(net::SSL_CONNECTION_VERSION_TLS1_3, | 213 net::SSLConnectionStatusSetVersion(net::SSL_CONNECTION_VERSION_TLS1_3, |
214 &security_info.connection_status); | 214 &security_info.connection_status); |
215 security_info.key_exchange_group = 29; // X25519 | 215 security_info.key_exchange_group = 29; // X25519 |
216 { | 216 { |
217 content::SecurityStyleExplanations explanations; | 217 content::SecurityStyleExplanations explanations; |
218 GetSecurityStyle(security_info, &explanations); | 218 GetSecurityStyle(security_info, &explanations); |
219 content::SecurityStyleExplanation explanation; | 219 content::SecurityStyleExplanation explanation; |
220 ASSERT_TRUE(FindSecurityStyleExplanation( | 220 ASSERT_TRUE(FindSecurityStyleExplanation( |
221 explanations.secure_explanations, "Secure connection", &explanation)); | 221 explanations.secure_explanations, "Secure connection", &explanation)); |
222 EXPECT_EQ( | 222 EXPECT_EQ( |
223 "The connection to this site is encrypted and authenticated using a " | 223 "The connection to this site is encrypted and authenticated using TLS " |
224 "strong protocol (TLS 1.3), a strong key exchange (X25519), and a " | 224 "1.3 (a strong protocol), X25519 (a strong key exchange), and " |
225 "strong cipher (AES_128_GCM).", | 225 "AES_128_GCM (a strong cipher).", |
226 explanation.description); | 226 explanation.description); |
227 } | 227 } |
228 } | 228 } |
| 229 |
| 230 // Test that obsolete connection explanations are formatted as expected. |
| 231 TEST(SecurityStateContentUtilsTest, ObsoleteConnectionExplanation) { |
| 232 security_state::SecurityInfo security_info; |
| 233 security_info.cert_status = net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION; |
| 234 security_info.scheme_is_cryptographic = true; |
| 235 net::SSLConnectionStatusSetCipherSuite( |
| 236 0xc013 /* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA */, |
| 237 &security_info.connection_status); |
| 238 net::SSLConnectionStatusSetVersion(net::SSL_CONNECTION_VERSION_TLS1_2, |
| 239 &security_info.connection_status); |
| 240 security_info.key_exchange_group = 29; // X25519 |
| 241 security_info.obsolete_ssl_status = |
| 242 net::ObsoleteSSLMask::OBSOLETE_SSL_MASK_CIPHER; |
| 243 |
| 244 { |
| 245 content::SecurityStyleExplanations explanations; |
| 246 GetSecurityStyle(security_info, &explanations); |
| 247 content::SecurityStyleExplanation explanation; |
| 248 ASSERT_TRUE(FindSecurityStyleExplanation(explanations.info_explanations, |
| 249 "Obsolete connection settings", |
| 250 &explanation)); |
| 251 EXPECT_EQ( |
| 252 "The connection to this site uses TLS 1.2 (a strong protocol), " |
| 253 "ECDHE_RSA with X25519 (a strong key exchange), and AES_128_CBC with " |
| 254 "HMAC-SHA1 (an obsolete cipher).", |
| 255 explanation.description); |
| 256 } |
| 257 } |
229 | 258 |
230 // Tests that a security level of HTTP_SHOW_WARNING produces | 259 // Tests that a security level of HTTP_SHOW_WARNING produces |
231 // blink::WebSecurityStyleNeutral and an explanation if appropriate. | 260 // blink::WebSecurityStyleNeutral and an explanation if appropriate. |
232 TEST(SecurityStateContentUtilsTest, HTTPWarning) { | 261 TEST(SecurityStateContentUtilsTest, HTTPWarning) { |
233 security_state::SecurityInfo security_info; | 262 security_state::SecurityInfo security_info; |
234 content::SecurityStyleExplanations explanations; | 263 content::SecurityStyleExplanations explanations; |
235 security_info.security_level = security_state::HTTP_SHOW_WARNING; | 264 security_info.security_level = security_state::HTTP_SHOW_WARNING; |
236 blink::WebSecurityStyle security_style = | 265 blink::WebSecurityStyle security_style = |
237 GetSecurityStyle(security_info, &explanations); | 266 GetSecurityStyle(security_info, &explanations); |
238 EXPECT_EQ(blink::kWebSecurityStyleNeutral, security_style); | 267 EXPECT_EQ(blink::kWebSecurityStyleNeutral, security_style); |
(...skipping 45 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
284 EXPECT_EQ(1u, explanations.insecure_explanations.size()); | 313 EXPECT_EQ(1u, explanations.insecure_explanations.size()); |
285 | 314 |
286 explanations.insecure_explanations.clear(); | 315 explanations.insecure_explanations.clear(); |
287 security_info.cert_missing_subject_alt_name = false; | 316 security_info.cert_missing_subject_alt_name = false; |
288 GetSecurityStyle(security_info, &explanations); | 317 GetSecurityStyle(security_info, &explanations); |
289 // Verify that no explanation is shown if the subjectAltName is present. | 318 // Verify that no explanation is shown if the subjectAltName is present. |
290 EXPECT_EQ(0u, explanations.insecure_explanations.size()); | 319 EXPECT_EQ(0u, explanations.insecure_explanations.size()); |
291 } | 320 } |
292 | 321 |
293 } // namespace | 322 } // namespace |
OLD | NEW |