chrome/browser/ssl/ssl_error_classification_unittest.cc - Issue 376333003: Find reasons for the SSL common name invalid error.

Side by Side Diff: chrome/browser/ssl/ssl_error_classification_unittest.cc

Issue 376333003: Find reasons for the SSL common name invalid error. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Addressed comments Created 6 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright 2014 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2014 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "chrome/browser/ssl/ssl_error_classification.h"	5 #include "chrome/browser/ssl/ssl_error_classification.h"

6	6

7 #include "base/files/file_path.h"	7 #include "base/files/file_path.h"

8 #include "base/time/time.h"	8 #include "base/time/time.h"

9 #include "net/base/test_data_directory.h"	9 #include "net/base/test_data_directory.h"

10 #include "net/cert/x509_certificate.h"	10 #include "net/cert/x509_certificate.h"

11 #include "net/test/cert_test_util.h"	11 #include "net/test/cert_test_util.h"

12 #include "net/test/test_certificate_data.h"	12 #include "net/test/test_certificate_data.h"

13 #include "testing/gtest/include/gtest/gtest.h"	13 #include "testing/gtest/include/gtest/gtest.h"

	14 #include "url/gurl.h"

14	15

15 using base::Time;	16 using base::Time;

16	17

17 TEST(SSLErrorClassification, TestDateInvalidScore) {	18 TEST(SSLErrorClassification, TestDateInvalidScore) {

18 base::FilePath certs_dir = net::GetTestCertsDirectory();	19 base::FilePath certs_dir = net::GetTestCertsDirectory();

19 scoped_refptr<net::X509Certificate> expired_cert =	20 scoped_refptr<net::X509Certificate> expired_cert =

20 net::ImportCertFromFile(certs_dir, "expired_cert.pem");	21 net::ImportCertFromFile(certs_dir, "expired_cert.pem");

21 base::Time time;	22 base::Time time;

	23 GURL origin("https://example.com");

22	24

23 {	25 {

24 EXPECT_TRUE(base::Time::FromString("Wed, 03 Jan 2007 12:00:00 GMT", &time));	26 EXPECT_TRUE(base::Time::FromString("Wed, 03 Jan 2007 12:00:00 GMT", &time));

25 SSLErrorClassification ssl_error(time, *expired_cert);	27 SSLErrorClassification ssl_error(time, origin, *expired_cert);

26 EXPECT_FLOAT_EQ(0.2f, ssl_error.CalculateScoreTimePassedSinceExpiry());	28 EXPECT_FLOAT_EQ(0.2f, ssl_error.CalculateScoreTimePassedSinceExpiry());

27 }	29 }

28	30

29 {	31 {

30 EXPECT_TRUE(base::Time::FromString("Sat, 06 Jan 2007 12:00:00 GMT", &time));	32 EXPECT_TRUE(base::Time::FromString("Sat, 06 Jan 2007 12:00:00 GMT", &time));

31 SSLErrorClassification ssl_error(time, *expired_cert);	33 SSLErrorClassification ssl_error(time, origin, *expired_cert);

32 EXPECT_FLOAT_EQ(0.3f, ssl_error.CalculateScoreTimePassedSinceExpiry());	34 EXPECT_FLOAT_EQ(0.3f, ssl_error.CalculateScoreTimePassedSinceExpiry());

33 }	35 }

34	36

35 {	37 {

36 EXPECT_TRUE(base::Time::FromString("Mon, 08 Jan 2007 12:00:00 GMT", &time));	38 EXPECT_TRUE(base::Time::FromString("Mon, 08 Jan 2007 12:00:00 GMT", &time));

37 SSLErrorClassification ssl_error(time, *expired_cert);	39 SSLErrorClassification ssl_error(time, origin, *expired_cert);

38 EXPECT_FLOAT_EQ(0.4f, ssl_error.CalculateScoreTimePassedSinceExpiry());	40 EXPECT_FLOAT_EQ(0.4f, ssl_error.CalculateScoreTimePassedSinceExpiry());

39 }	41 }

	42 }

40	43

	44 TEST(SSLErrorClassification, TestNameMismatch) {

	45 scoped_refptr<net::X509Certificate> google_cert(

	46 net::X509Certificate::CreateFromBytes(

	47 reinterpret_cast<const char*>(google_der), sizeof(google_der)));

	48 ASSERT_NE(static_cast<net::X509Certificate*>(NULL), google_cert);

	49 base::Time time = base::Time::NowFromSystemTime();

	50

	51 {

	52 GURL origin("https://google.com");

	53 SSLErrorClassification ssl_error(time, origin, *google_cert);

	54 EXPECT_TRUE(ssl_error.IsWWWDifference());

	55 EXPECT_FALSE(ssl_error.IsSubDomainMatch());

	56 EXPECT_FALSE(ssl_error.IsSubDomainInverseMatch());

	57 EXPECT_FALSE(ssl_error.IsHostNameTooBroad());

	58 EXPECT_FALSE(ssl_error.IsSelfSigned());

	59 }

	60

	61 {

	62 GURL origin("https://foo.blah.google.com");

	63 SSLErrorClassification ssl_error(time, origin, *google_cert);

	64 EXPECT_FALSE(ssl_error.IsWWWDifference());

	65 EXPECT_FALSE(ssl_error.IsSubDomainMatch());

	66 EXPECT_FALSE(ssl_error.IsSubDomainInverseMatch());

	67 EXPECT_FALSE(ssl_error.IsHostNameTooBroad());

	68 }

	69

	70 {

	71 GURL origin("https://foo.www.google.com");

	72 SSLErrorClassification ssl_error(time, origin, *google_cert);

	73 EXPECT_FALSE(ssl_error.IsWWWDifference());

	74 EXPECT_TRUE(ssl_error.IsSubDomainMatch());

	75 EXPECT_FALSE(ssl_error.IsSubDomainInverseMatch());

	76 EXPECT_FALSE(ssl_error.IsHostNameTooBroad());

	77 }

	78

	79 {

	80 GURL origin("https://www.google.com.foo");

	81 SSLErrorClassification ssl_error(time, origin, *google_cert);

	82 EXPECT_FALSE(ssl_error.IsWWWDifference());

	83 EXPECT_FALSE(ssl_error.IsSubDomainMatch());

	84 EXPECT_FALSE(ssl_error.IsSubDomainInverseMatch());

	85 EXPECT_FALSE(ssl_error.IsHostNameTooBroad());

	86 }

	87

	88

	89 scoped_refptr<net::X509Certificate> webkit_cert(

	90 net::X509Certificate::CreateFromBytes(

	91 reinterpret_cast<const char*>(webkit_der), sizeof(webkit_der)));

	92 ASSERT_NE(static_cast<net::X509Certificate*>(NULL), webkit_cert);

	93 {

	94 GURL origin("https://a.b.webkit.org");

	95 SSLErrorClassification ssl_error(time, origin, *webkit_cert);

	96 EXPECT_FALSE(ssl_error.IsWWWDifference());

	97 EXPECT_FALSE(ssl_error.IsSubDomainMatch());

	98 EXPECT_FALSE(ssl_error.IsSubDomainInverseMatch());

	99 EXPECT_TRUE(ssl_error.IsHostNameTooBroad());

	100 EXPECT_FALSE(ssl_error.IsSelfSigned());

	101 }

	102

	103 {

	104 GURL origin("https://org");

	105 SSLErrorClassification ssl_error(time, origin, *webkit_cert);

	106 EXPECT_FALSE(ssl_error.IsWWWDifference());

	107 EXPECT_FALSE(ssl_error.IsSubDomainMatch());

	108 EXPECT_TRUE(ssl_error.IsSubDomainInverseMatch());
	radhikabhar 2014/07/16 22:35:16 This check will be false for everything because th This check will be false for everything because the function GetRegistryList that I am using to check whether it is a known top level domain returns 0 if the host name is the tld only. felt 2014/07/16 23:31:47 can you add a comment that says that this part of Show quoted text On 2014/07/16 22:35:16, radhikabhar wrote: > This check will be false for everything because the function GetRegistryList > that I am using to check whether it is a known top level domain returns 0 if the > host name is the tld only. can you add a comment that says that this part of the test is essentially checking that everything abides by the GetRegistryList TLD restriction?
	109 EXPECT_FALSE(ssl_error.IsHostNameTooBroad());

	110 }

	111

	112 scoped_refptr<net::X509Certificate> self_signed_cert =

	113 net::ImportCertFromFile(net::GetTestCertsDirectory(),

	114 "unittest.selfsigned.der");

	115 ASSERT_NE(static_cast<net::X509Certificate*>(NULL), self_signed_cert);

	116 {

	117 GURL origin("https://example.com");

	118 SSLErrorClassification ssl_error(time, origin, *self_signed_cert);

	119 EXPECT_TRUE(ssl_error.IsSelfSigned());

	120 }

41 }	121 }

OLD	NEW

« chrome/browser/ssl/ssl_error_classification.cc ('K') | « chrome/browser/ssl/ssl_error_classification.cc ('k') | no next file » | no next file with comments »