OLD | NEW |
---|---|
1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "components/security_state/content/content_utils.h" | 5 #include "components/security_state/content/content_utils.h" |
6 | 6 |
7 #include <vector> | 7 #include <vector> |
8 | 8 |
9 #include "base/command_line.h" | 9 #include "base/command_line.h" |
10 #include "base/test/histogram_tester.h" | 10 #include "base/test/histogram_tester.h" |
(...skipping 167 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
178 &security_info.connection_status); | 178 &security_info.connection_status); |
179 security_info.key_exchange_group = 29; // X25519 | 179 security_info.key_exchange_group = 29; // X25519 |
180 | 180 |
181 { | 181 { |
182 content::SecurityStyleExplanations explanations; | 182 content::SecurityStyleExplanations explanations; |
183 GetSecurityStyle(security_info, &explanations); | 183 GetSecurityStyle(security_info, &explanations); |
184 content::SecurityStyleExplanation explanation; | 184 content::SecurityStyleExplanation explanation; |
185 ASSERT_TRUE(FindSecurityStyleExplanation( | 185 ASSERT_TRUE(FindSecurityStyleExplanation( |
186 explanations.secure_explanations, "Secure connection", &explanation)); | 186 explanations.secure_explanations, "Secure connection", &explanation)); |
187 EXPECT_EQ( | 187 EXPECT_EQ( |
188 "The connection to this site is encrypted and authenticated using a " | 188 "The connection to this site is encrypted and authenticated using TLS " |
189 "strong protocol (TLS 1.2), a strong key exchange (ECDHE_RSA with " | 189 "1.2 (a strong protocol), ECDHE_RSA with X25519 (a strong key " |
190 "X25519), and a strong cipher (CHACHA20_POLY1305).", | 190 "exchange), and CHACHA20_POLY1305 (a strong cipher).", |
191 explanation.description); | 191 explanation.description); |
192 } | 192 } |
193 | 193 |
194 // Some older cache entries may be missing the key exchange group, despite | 194 // Some older cache entries may be missing the key exchange group, despite |
195 // having a cipher which should supply one. | 195 // having a cipher which should supply one. |
196 security_info.key_exchange_group = 0; | 196 security_info.key_exchange_group = 0; |
197 { | 197 { |
198 content::SecurityStyleExplanations explanations; | 198 content::SecurityStyleExplanations explanations; |
199 GetSecurityStyle(security_info, &explanations); | 199 GetSecurityStyle(security_info, &explanations); |
200 content::SecurityStyleExplanation explanation; | 200 content::SecurityStyleExplanation explanation; |
201 ASSERT_TRUE(FindSecurityStyleExplanation( | 201 ASSERT_TRUE(FindSecurityStyleExplanation( |
202 explanations.secure_explanations, "Secure connection", &explanation)); | 202 explanations.secure_explanations, "Secure connection", &explanation)); |
203 EXPECT_EQ( | 203 EXPECT_EQ( |
204 "The connection to this site is encrypted and authenticated using a " | 204 "The connection to this site is encrypted and authenticated using TLS " |
205 "strong protocol (TLS 1.2), a strong key exchange (ECDHE_RSA), and a " | 205 "1.2 (a strong protocol), ECDHE_RSA (a strong key exchange), and " |
206 "strong cipher (CHACHA20_POLY1305).", | 206 "CHACHA20_POLY1305 (a strong cipher).", |
207 explanation.description); | 207 explanation.description); |
208 } | 208 } |
209 | 209 |
210 // TLS 1.3 ciphers use the key exchange group exclusively. | 210 // TLS 1.3 ciphers use the key exchange group exclusively. |
211 net::SSLConnectionStatusSetCipherSuite(0x1301 /* TLS_AES_128_GCM_SHA256 */, | 211 net::SSLConnectionStatusSetCipherSuite(0x1301 /* TLS_AES_128_GCM_SHA256 */, |
212 &security_info.connection_status); | 212 &security_info.connection_status); |
213 net::SSLConnectionStatusSetVersion(net::SSL_CONNECTION_VERSION_TLS1_3, | 213 net::SSLConnectionStatusSetVersion(net::SSL_CONNECTION_VERSION_TLS1_3, |
214 &security_info.connection_status); | 214 &security_info.connection_status); |
215 security_info.key_exchange_group = 29; // X25519 | 215 security_info.key_exchange_group = 29; // X25519 |
216 { | 216 { |
217 content::SecurityStyleExplanations explanations; | 217 content::SecurityStyleExplanations explanations; |
218 GetSecurityStyle(security_info, &explanations); | 218 GetSecurityStyle(security_info, &explanations); |
219 content::SecurityStyleExplanation explanation; | 219 content::SecurityStyleExplanation explanation; |
220 ASSERT_TRUE(FindSecurityStyleExplanation( | 220 ASSERT_TRUE(FindSecurityStyleExplanation( |
221 explanations.secure_explanations, "Secure connection", &explanation)); | 221 explanations.secure_explanations, "Secure connection", &explanation)); |
222 EXPECT_EQ( | 222 EXPECT_EQ( |
223 "The connection to this site is encrypted and authenticated using a " | 223 "The connection to this site is encrypted and authenticated using TLS " |
224 "strong protocol (TLS 1.3), a strong key exchange (X25519), and a " | 224 "1.3 (a strong protocol), X25519 (a strong key exchange), and " |
225 "strong cipher (AES_128_GCM).", | 225 "AES_128_GCM (a strong cipher).", |
226 explanation.description); | 226 explanation.description); |
227 } | 227 } |
228 } | 228 } |
229 | |
230 // Test that obsolete connection explanations are formated as expected. | |
estark
2017/06/23 01:25:20
nit: formatted
| |
231 TEST(SecurityStateContentUtilsTest, ObsoleteConnectionExplanation) { | |
232 security_state::SecurityInfo security_info; | |
233 security_info.cert_status = net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION; | |
234 security_info.scheme_is_cryptographic = true; | |
235 net::SSLConnectionStatusSetCipherSuite( | |
236 0xc013 /* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA */, | |
237 &security_info.connection_status); | |
238 net::SSLConnectionStatusSetVersion(net::SSL_CONNECTION_VERSION_TLS1_2, | |
239 &security_info.connection_status); | |
240 security_info.key_exchange_group = 29; // X25519 | |
241 security_info.obsolete_ssl_status = | |
242 net::ObsoleteSSLMask::OBSOLETE_SSL_MASK_CIPHER; | |
243 | |
244 { | |
245 content::SecurityStyleExplanations explanations; | |
246 GetSecurityStyle(security_info, &explanations); | |
247 content::SecurityStyleExplanation explanation; | |
248 ASSERT_TRUE(FindSecurityStyleExplanation(explanations.info_explanations, | |
249 "Obsolete connection settings", | |
250 &explanation)); | |
251 EXPECT_EQ( | |
252 "The connection to this site uses TLS 1.2 (a strong protocol), " | |
253 "ECDHE_RSA with X25519 (a strong key exchange), and AES_128_CBC with " | |
254 "HMAC-SHA1 (an obsolete cipher).", | |
255 explanation.description); | |
256 } | |
257 } | |
229 | 258 |
230 // Tests that a security level of HTTP_SHOW_WARNING produces | 259 // Tests that a security level of HTTP_SHOW_WARNING produces |
231 // blink::WebSecurityStyleNeutral and an explanation if appropriate. | 260 // blink::WebSecurityStyleNeutral and an explanation if appropriate. |
232 TEST(SecurityStateContentUtilsTest, HTTPWarning) { | 261 TEST(SecurityStateContentUtilsTest, HTTPWarning) { |
233 security_state::SecurityInfo security_info; | 262 security_state::SecurityInfo security_info; |
234 content::SecurityStyleExplanations explanations; | 263 content::SecurityStyleExplanations explanations; |
235 security_info.security_level = security_state::HTTP_SHOW_WARNING; | 264 security_info.security_level = security_state::HTTP_SHOW_WARNING; |
236 blink::WebSecurityStyle security_style = | 265 blink::WebSecurityStyle security_style = |
237 GetSecurityStyle(security_info, &explanations); | 266 GetSecurityStyle(security_info, &explanations); |
238 EXPECT_EQ(blink::kWebSecurityStyleNeutral, security_style); | 267 EXPECT_EQ(blink::kWebSecurityStyleNeutral, security_style); |
(...skipping 45 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
284 EXPECT_EQ(1u, explanations.insecure_explanations.size()); | 313 EXPECT_EQ(1u, explanations.insecure_explanations.size()); |
285 | 314 |
286 explanations.insecure_explanations.clear(); | 315 explanations.insecure_explanations.clear(); |
287 security_info.cert_missing_subject_alt_name = false; | 316 security_info.cert_missing_subject_alt_name = false; |
288 GetSecurityStyle(security_info, &explanations); | 317 GetSecurityStyle(security_info, &explanations); |
289 // Verify that no explanation is shown if the subjectAltName is present. | 318 // Verify that no explanation is shown if the subjectAltName is present. |
290 EXPECT_EQ(0u, explanations.insecure_explanations.size()); | 319 EXPECT_EQ(0u, explanations.insecure_explanations.size()); |
291 } | 320 } |
292 | 321 |
293 } // namespace | 322 } // namespace |
OLD | NEW |