chrome/browser/ssl/ssl_error_classification_unittest.cc - Issue 376333003: Find reasons for the SSL common name invalid error.

Side by Side Diff: chrome/browser/ssl/ssl_error_classification_unittest.cc

Issue 376333003: Find reasons for the SSL common name invalid error. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Rebase update Created 6 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright 2014 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2014 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "chrome/browser/ssl/ssl_error_classification.h"	5 #include "chrome/browser/ssl/ssl_error_classification.h"

6	6

7 #include "base/files/file_path.h"	7 #include "base/files/file_path.h"

8 #include "base/time/time.h"	8 #include "base/time/time.h"

9 #include "net/base/test_data_directory.h"	9 #include "net/base/test_data_directory.h"

10 #include "net/cert/x509_certificate.h"	10 #include "net/cert/x509_certificate.h"

11 #include "net/test/cert_test_util.h"	11 #include "net/test/cert_test_util.h"

12 #include "net/test/test_certificate_data.h"	12 #include "net/test/test_certificate_data.h"

13 #include "testing/gtest/include/gtest/gtest.h"	13 #include "testing/gtest/include/gtest/gtest.h"

	14 #include "url/gurl.h"

14	15

15 using base::Time;	16 using base::Time;

16	17

17 TEST(SSLErrorClassification, TestDateInvalidScore) {	18 TEST(SSLErrorClassification, TestDateInvalidScore) {

18 base::FilePath certs_dir = net::GetTestCertsDirectory();	19 base::FilePath certs_dir = net::GetTestCertsDirectory();

19 scoped_refptr<net::X509Certificate> expired_cert =	20 scoped_refptr<net::X509Certificate> expired_cert =

20 net::ImportCertFromFile(certs_dir, "expired_cert.pem");	21 net::ImportCertFromFile(certs_dir, "expired_cert.pem");

21 base::Time time;	22 base::Time time;

	23 GURL origin("https://example.com");

22	24

23 {	25 {

24 EXPECT_TRUE(base::Time::FromString("Wed, 03 Jan 2007 12:00:00 GMT", &time));	26 EXPECT_TRUE(base::Time::FromString("Wed, 03 Jan 2007 12:00:00 GMT", &time));

25 SSLErrorClassification ssl_error(time, *expired_cert);	27 SSLErrorClassification ssl_error(time, origin, *expired_cert);

26 EXPECT_FLOAT_EQ(0.2f, ssl_error.CalculateScoreTimePassedSinceExpiry());	28 EXPECT_FLOAT_EQ(0.2f, ssl_error.CalculateScoreTimePassedSinceExpiry());

27 }	29 }

28	30

29 {	31 {

30 EXPECT_TRUE(base::Time::FromString("Sat, 06 Jan 2007 12:00:00 GMT", &time));	32 EXPECT_TRUE(base::Time::FromString("Sat, 06 Jan 2007 12:00:00 GMT", &time));

31 SSLErrorClassification ssl_error(time, *expired_cert);	33 SSLErrorClassification ssl_error(time, origin, *expired_cert);

32 EXPECT_FLOAT_EQ(0.3f, ssl_error.CalculateScoreTimePassedSinceExpiry());	34 EXPECT_FLOAT_EQ(0.3f, ssl_error.CalculateScoreTimePassedSinceExpiry());

33 }	35 }

34	36

35 {	37 {

36 EXPECT_TRUE(base::Time::FromString("Mon, 08 Jan 2007 12:00:00 GMT", &time));	38 EXPECT_TRUE(base::Time::FromString("Mon, 08 Jan 2007 12:00:00 GMT", &time));

37 SSLErrorClassification ssl_error(time, *expired_cert);	39 SSLErrorClassification ssl_error(time, origin, *expired_cert);

38 EXPECT_FLOAT_EQ(0.4f, ssl_error.CalculateScoreTimePassedSinceExpiry());	40 EXPECT_FLOAT_EQ(0.4f, ssl_error.CalculateScoreTimePassedSinceExpiry());

39 }	41 }

	42 }

40	43

	44 TEST(SSLErrorClassification, TestNameMismatch) {

	45 scoped_refptr<net::X509Certificate> google_cert(

	46 net::X509Certificate::CreateFromBytes(

	47 reinterpret_cast<const char*>(google_der), sizeof(google_der)));

	48 ASSERT_NE(static_cast<net::X509Certificate*>(NULL), google_cert);

	49 base::Time time = base::Time::NowFromSystemTime();

	50

	51 {

	52 GURL origin("https://google.com");

	53 SSLErrorClassification ssl_error(time, origin, *google_cert);

	54 EXPECT_TRUE(ssl_error.IsWWWDifference());

	55 EXPECT_FALSE(ssl_error.IsRegisteredDomainMatch());

	56 EXPECT_FALSE(ssl_error.IsRegisteredDomainInverseMatch());

	57 EXPECT_FALSE(ssl_error.IsHostNameTooBroad());

	58 EXPECT_FALSE(ssl_error.IsSelfSigned());

	59 }

	60

	61 {

	62 GURL origin("https://foo.blah.google.com");

	63 SSLErrorClassification ssl_error(time, origin, *google_cert);

	64 EXPECT_FALSE(ssl_error.IsWWWDifference());

	65 EXPECT_FALSE(ssl_error.IsRegisteredDomainMatch());

	66 EXPECT_FALSE(ssl_error.IsRegisteredDomainInverseMatch());

	67 EXPECT_FALSE(ssl_error.IsHostNameTooBroad());

	68 }

	69

	70 {

	71 GURL origin("https://foo.www.google.com");
	felt 2014/07/15 00:52:44 can you also test https://www.google.com.foo to ma can you also test https://www.google.com.foo to make sure it is right aligning? radhikabhar 2014/07/15 17:34:09 The expected behaviour is false right now. Wouldn' Show quoted text On 2014/07/15 00:52:44, felt wrote: > can you also test https://www.google.com.foo to make sure it is right aligning? The expected behaviour is false right now. Wouldn't www.google.com.foo be an attack for www.google.com and shouldn't it be rejected? Or should we consider it as a false positive? felt 2014/07/15 20:44:33 yes that is what I mean, can you check that IsWWWD Show quoted text On 2014/07/15 17:34:09, radhikabhar wrote: > On 2014/07/15 00:52:44, felt wrote: > > can you also test https://www.google.com.foo to make sure it is right > aligning? > > The expected behaviour is false right now. Wouldn't http://www.google.com.foo be an > attack for http://www.google.com and shouldn't it be rejected? Or should we consider it > as a false positive? yes that is what I mean, can you check that IsWWWDifference will return false for www.google.com.foo when compared to google.com?
	72 SSLErrorClassification ssl_error(time, origin, *google_cert);

	73 EXPECT_FALSE(ssl_error.IsWWWDifference());

	74 EXPECT_TRUE(ssl_error.IsRegisteredDomainMatch());

	75 EXPECT_FALSE(ssl_error.IsRegisteredDomainInverseMatch());

	76 EXPECT_FALSE(ssl_error.IsHostNameTooBroad());

	77 }

	78

	79 scoped_refptr<net::X509Certificate> webkit_cert(

	80 net::X509Certificate::CreateFromBytes(

	81 reinterpret_cast<const char*>(webkit_der), sizeof(webkit_der)));

	82 ASSERT_NE(static_cast<net::X509Certificate*>(NULL), webkit_cert);

	83 {

	84 GURL origin("https://a.b.webkit.org");

	85 SSLErrorClassification ssl_error(time, origin, *webkit_cert);

	86 EXPECT_FALSE(ssl_error.IsWWWDifference());

	87 EXPECT_FALSE(ssl_error.IsRegisteredDomainMatch());

	88 EXPECT_FALSE(ssl_error.IsRegisteredDomainInverseMatch());

	89 EXPECT_TRUE(ssl_error.IsHostNameTooBroad());

	90 EXPECT_FALSE(ssl_error.IsSelfSigned());

	91 }

	92

	93 {

	94 GURL origin("https://org");

	95 SSLErrorClassification ssl_error(time, origin, *webkit_cert);

	96 EXPECT_FALSE(ssl_error.IsWWWDifference());

	97 EXPECT_FALSE(ssl_error.IsRegisteredDomainMatch());

	98 EXPECT_TRUE(ssl_error.IsRegisteredDomainInverseMatch());

	99 EXPECT_FALSE(ssl_error.IsHostNameTooBroad());

	100 }

	101

	102 scoped_refptr<net::X509Certificate> self_signed_cert =

	103 net::ImportCertFromFile(net::GetTestCertsDirectory(),

	104 "unittest.selfsigned.der");

	105 ASSERT_NE(static_cast<net::X509Certificate*>(NULL), self_signed_cert);

	106 {

	107 GURL origin("https://example.com");

	108 SSLErrorClassification ssl_error(time, origin, *self_signed_cert);

	109 EXPECT_TRUE(ssl_error.IsSelfSigned());

	110 }

41 }	111 }

OLD	NEW

« chrome/browser/ssl/ssl_error_classification.cc ('K') | « chrome/browser/ssl/ssl_error_classification.cc ('k') | no next file » | no next file with comments »