Prepare security bullets for Android: add issuer and change connection details.

components/security_state/content/content_utils_unittest.cc

 // Copyright 2016 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "components/security_state/content/content_utils.h"
 
 #include <vector>
 
 #include "base/command_line.h"
 #include "base/test/histogram_tester.h"
@@ skipping 146 matching lines @@
   for (const auto& entry : explanations) {
     if (entry.summary == summary) {
       *explanation = entry;
       return true;
     }
   }
 
   return false;
 }
 
-// Test that connection explanations are formated as expected. Note the strings
+// Test that connection explanations are formatted as expected. Note the strings
 // are not translated and so will be the same in any locale.
 TEST(SecurityStateContentUtilsTest, ConnectionExplanation) {
   // Test a modern configuration with a key exchange group.
   security_state::SecurityInfo security_info;
   security_info.cert_status = net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION;
   security_info.scheme_is_cryptographic = true;
   net::SSLConnectionStatusSetCipherSuite(
       0xcca8 /* TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 */,
       &security_info.connection_status);
   net::SSLConnectionStatusSetVersion(net::SSL_CONNECTION_VERSION_TLS1_2,
                                      &security_info.connection_status);
   security_info.key_exchange_group = 29;  // X25519
 
   {
     content::SecurityStyleExplanations explanations;
     GetSecurityStyle(security_info, &explanations);
     content::SecurityStyleExplanation explanation;
     ASSERT_TRUE(FindSecurityStyleExplanation(
         explanations.secure_explanations, "Secure connection", &explanation));
     EXPECT_EQ(
-        "The connection to this site is encrypted and authenticated using a "
-        "strong protocol (TLS 1.2), a strong key exchange (ECDHE_RSA with "
-        "X25519), and a strong cipher (CHACHA20_POLY1305).",
+        "The connection to this site is encrypted and authenticated using TLS "
+        "1.2 (a strong protocol), ECDHE_RSA with X25519 (a strong key "
+        "exchange), and CHACHA20_POLY1305 (a strong cipher).",
         explanation.description);
   }
 
   // Some older cache entries may be missing the key exchange group, despite
   // having a cipher which should supply one.
   security_info.key_exchange_group = 0;
   {
     content::SecurityStyleExplanations explanations;
     GetSecurityStyle(security_info, &explanations);
     content::SecurityStyleExplanation explanation;
     ASSERT_TRUE(FindSecurityStyleExplanation(
         explanations.secure_explanations, "Secure connection", &explanation));
     EXPECT_EQ(
-        "The connection to this site is encrypted and authenticated using a "
-        "strong protocol (TLS 1.2), a strong key exchange (ECDHE_RSA), and a "
-        "strong cipher (CHACHA20_POLY1305).",
+        "The connection to this site is encrypted and authenticated using TLS "
+        "1.2 (a strong protocol), ECDHE_RSA (a strong key exchange), and "
+        "CHACHA20_POLY1305 (a strong cipher).",
         explanation.description);
   }
 
   // TLS 1.3 ciphers use the key exchange group exclusively.
   net::SSLConnectionStatusSetCipherSuite(0x1301 /* TLS_AES_128_GCM_SHA256 */,
                                          &security_info.connection_status);
   net::SSLConnectionStatusSetVersion(net::SSL_CONNECTION_VERSION_TLS1_3,
                                      &security_info.connection_status);
   security_info.key_exchange_group = 29;  // X25519
   {
     content::SecurityStyleExplanations explanations;
     GetSecurityStyle(security_info, &explanations);
     content::SecurityStyleExplanation explanation;
     ASSERT_TRUE(FindSecurityStyleExplanation(
         explanations.secure_explanations, "Secure connection", &explanation));
     EXPECT_EQ(
-        "The connection to this site is encrypted and authenticated using a "
-        "strong protocol (TLS 1.3), a strong key exchange (X25519), and a "
-        "strong cipher (AES_128_GCM).",
+        "The connection to this site is encrypted and authenticated using TLS "
+        "1.3 (a strong protocol), X25519 (a strong key exchange), and "
+        "AES_128_GCM (a strong cipher).",
         explanation.description);
   }
 }
+
+// Test that obsolete connection explanations are formatted as expected.
+TEST(SecurityStateContentUtilsTest, ObsoleteConnectionExplanation) {
+  security_state::SecurityInfo security_info;
+  security_info.cert_status = net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION;
+  security_info.scheme_is_cryptographic = true;
+  net::SSLConnectionStatusSetCipherSuite(
+      0xc013 /* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA */,
+      &security_info.connection_status);
+  net::SSLConnectionStatusSetVersion(net::SSL_CONNECTION_VERSION_TLS1_2,
+                                     &security_info.connection_status);
+  security_info.key_exchange_group = 29;  // X25519
+  security_info.obsolete_ssl_status =
+      net::ObsoleteSSLMask::OBSOLETE_SSL_MASK_CIPHER;
+
+  {
+    content::SecurityStyleExplanations explanations;
+    GetSecurityStyle(security_info, &explanations);
+    content::SecurityStyleExplanation explanation;
+    ASSERT_TRUE(FindSecurityStyleExplanation(explanations.info_explanations,
+                                             "Obsolete connection settings",
+                                             &explanation));
+    EXPECT_EQ(
+        "The connection to this site uses TLS 1.2 (a strong protocol), "
+        "ECDHE_RSA with X25519 (a strong key exchange), and AES_128_CBC with "
+        "HMAC-SHA1 (an obsolete cipher).",
+        explanation.description);
+  }
+}
 
 // Tests that a security level of HTTP_SHOW_WARNING produces
 // blink::WebSecurityStyleNeutral and an explanation if appropriate.
 TEST(SecurityStateContentUtilsTest, HTTPWarning) {
   security_state::SecurityInfo security_info;
   content::SecurityStyleExplanations explanations;
   security_info.security_level = security_state::HTTP_SHOW_WARNING;
   blink::WebSecurityStyle security_style =
       GetSecurityStyle(security_info, &explanations);
   EXPECT_EQ(blink::kWebSecurityStyleNeutral, security_style);
@@ skipping 45 matching lines @@
   EXPECT_EQ(1u, explanations.insecure_explanations.size());
 
   explanations.insecure_explanations.clear();
   security_info.cert_missing_subject_alt_name = false;
   GetSecurityStyle(security_info, &explanations);
   // Verify that no explanation is shown if the subjectAltName is present.
   EXPECT_EQ(0u, explanations.insecure_explanations.size());
 }
 
 }  // namespace