| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/ssl/ssl_error_classification.h" | 5 #include "chrome/browser/ssl/ssl_error_classification.h" |
| 6 | 6 |
| 7 #include "base/files/file_path.h" | 7 #include "base/files/file_path.h" |
| 8 #include "base/time/time.h" | 8 #include "base/time/time.h" |
| 9 #include "net/base/test_data_directory.h" | 9 #include "net/base/test_data_directory.h" |
| 10 #include "net/cert/x509_certificate.h" | 10 #include "net/cert/x509_certificate.h" |
| 11 #include "net/test/cert_test_util.h" | 11 #include "net/test/cert_test_util.h" |
| 12 #include "net/test/test_certificate_data.h" | 12 #include "net/test/test_certificate_data.h" |
| 13 #include "testing/gtest/include/gtest/gtest.h" | 13 #include "testing/gtest/include/gtest/gtest.h" |
| 14 #include "url/gurl.h" |
| 14 | 15 |
| 15 using base::Time; | 16 using base::Time; |
| 16 | 17 |
| 17 TEST(SSLErrorClassification, TestDateInvalidScore) { | 18 TEST(SSLErrorClassification, TestDateInvalidScore) { |
| 18 base::FilePath certs_dir = net::GetTestCertsDirectory(); | 19 base::FilePath certs_dir = net::GetTestCertsDirectory(); |
| 19 scoped_refptr<net::X509Certificate> expired_cert = | 20 scoped_refptr<net::X509Certificate> expired_cert = |
| 20 net::ImportCertFromFile(certs_dir, "expired_cert.pem"); | 21 net::ImportCertFromFile(certs_dir, "expired_cert.pem"); |
| 21 base::Time time; | 22 base::Time time; |
| 23 GURL origin("https://example.com"); |
| 22 | 24 |
| 23 { | 25 { |
| 24 EXPECT_TRUE(base::Time::FromString("Wed, 03 Jan 2007 12:00:00 GMT", &time)); | 26 EXPECT_TRUE(base::Time::FromString("Wed, 03 Jan 2007 12:00:00 GMT", &time)); |
| 25 SSLErrorClassification ssl_error(time, *expired_cert); | 27 SSLErrorClassification ssl_error(time, origin, *expired_cert); |
| 26 EXPECT_FLOAT_EQ(0.2f, ssl_error.CalculateScoreTimePassedSinceExpiry()); | 28 EXPECT_FLOAT_EQ(0.2f, ssl_error.CalculateScoreTimePassedSinceExpiry()); |
| 27 } | 29 } |
| 28 | 30 |
| 29 { | 31 { |
| 30 EXPECT_TRUE(base::Time::FromString("Sat, 06 Jan 2007 12:00:00 GMT", &time)); | 32 EXPECT_TRUE(base::Time::FromString("Sat, 06 Jan 2007 12:00:00 GMT", &time)); |
| 31 SSLErrorClassification ssl_error(time, *expired_cert); | 33 SSLErrorClassification ssl_error(time, origin, *expired_cert); |
| 32 EXPECT_FLOAT_EQ(0.3f, ssl_error.CalculateScoreTimePassedSinceExpiry()); | 34 EXPECT_FLOAT_EQ(0.3f, ssl_error.CalculateScoreTimePassedSinceExpiry()); |
| 33 } | 35 } |
| 34 | 36 |
| 35 { | 37 { |
| 36 EXPECT_TRUE(base::Time::FromString("Mon, 08 Jan 2007 12:00:00 GMT", &time)); | 38 EXPECT_TRUE(base::Time::FromString("Mon, 08 Jan 2007 12:00:00 GMT", &time)); |
| 37 SSLErrorClassification ssl_error(time, *expired_cert); | 39 SSLErrorClassification ssl_error(time, origin, *expired_cert); |
| 38 EXPECT_FLOAT_EQ(0.4f, ssl_error.CalculateScoreTimePassedSinceExpiry()); | 40 EXPECT_FLOAT_EQ(0.4f, ssl_error.CalculateScoreTimePassedSinceExpiry()); |
| 39 } | 41 } |
| 42 } |
| 40 | 43 |
| 44 TEST(SSLErrorClassification, TestNameMismatch) { |
| 45 scoped_refptr<net::X509Certificate> google_cert( |
| 46 net::X509Certificate::CreateFromBytes( |
| 47 reinterpret_cast<const char*>(google_der), sizeof(google_der))); |
| 48 ASSERT_NE(static_cast<net::X509Certificate*>(NULL), google_cert); |
| 49 base::Time time = base::Time::NowFromSystemTime(); |
| 50 |
| 51 { |
| 52 GURL origin("https://google.com"); |
| 53 SSLErrorClassification ssl_error(time, origin, *google_cert); |
| 54 EXPECT_TRUE(ssl_error.IsWWWSubDomainMatch()); |
| 55 EXPECT_FALSE(ssl_error.IsSubDomainMatch()); |
| 56 EXPECT_FALSE(ssl_error.IsSubDomainInverseMatch()); |
| 57 EXPECT_FALSE(ssl_error.IsSubDomainOutsideWildcard()); |
| 58 EXPECT_FALSE(ssl_error.IsSelfSigned()); |
| 59 } |
| 60 |
| 61 { |
| 62 GURL origin("https://foo.blah.google.com"); |
| 63 SSLErrorClassification ssl_error(time, origin, *google_cert); |
| 64 EXPECT_FALSE(ssl_error.IsWWWSubDomainMatch()); |
| 65 EXPECT_FALSE(ssl_error.IsSubDomainMatch()); |
| 66 EXPECT_FALSE(ssl_error.IsSubDomainInverseMatch()); |
| 67 } |
| 68 |
| 69 { |
| 70 GURL origin("https://foo.www.google.com"); |
| 71 SSLErrorClassification ssl_error(time, origin, *google_cert); |
| 72 EXPECT_FALSE(ssl_error.IsWWWSubDomainMatch()); |
| 73 EXPECT_TRUE(ssl_error.IsSubDomainMatch()); |
| 74 EXPECT_FALSE(ssl_error.IsSubDomainInverseMatch()); |
| 75 } |
| 76 |
| 77 { |
| 78 GURL origin("https://www.google.com.foo"); |
| 79 SSLErrorClassification ssl_error(time, origin, *google_cert); |
| 80 EXPECT_FALSE(ssl_error.IsWWWSubDomainMatch()); |
| 81 EXPECT_FALSE(ssl_error.IsSubDomainMatch()); |
| 82 EXPECT_FALSE(ssl_error.IsSubDomainInverseMatch()); |
| 83 } |
| 84 |
| 85 { |
| 86 GURL origin("https://www.foogoogle.com."); |
| 87 SSLErrorClassification ssl_error(time, origin, *google_cert); |
| 88 EXPECT_FALSE(ssl_error.IsWWWSubDomainMatch()); |
| 89 EXPECT_FALSE(ssl_error.IsSubDomainMatch()); |
| 90 EXPECT_FALSE(ssl_error.IsSubDomainInverseMatch()); |
| 91 } |
| 92 |
| 93 scoped_refptr<net::X509Certificate> webkit_cert( |
| 94 net::X509Certificate::CreateFromBytes( |
| 95 reinterpret_cast<const char*>(webkit_der), sizeof(webkit_der))); |
| 96 ASSERT_NE(static_cast<net::X509Certificate*>(NULL), webkit_cert); |
| 97 { |
| 98 GURL origin("https://a.b.webkit.org"); |
| 99 SSLErrorClassification ssl_error(time, origin, *webkit_cert); |
| 100 EXPECT_FALSE(ssl_error.IsWWWSubDomainMatch()); |
| 101 EXPECT_FALSE(ssl_error.IsSubDomainMatch()); |
| 102 EXPECT_FALSE(ssl_error.IsSubDomainInverseMatch()); |
| 103 EXPECT_TRUE(ssl_error.IsSubDomainOutsideWildcard()); |
| 104 } |
| 105 |
| 106 scoped_refptr<net::X509Certificate> self_signed_cert = |
| 107 net::ImportCertFromFile(net::GetTestCertsDirectory(), |
| 108 "unittest.selfsigned.der"); |
| 109 ASSERT_NE(static_cast<net::X509Certificate*>(NULL), self_signed_cert); |
| 110 { |
| 111 GURL origin("https://example.com"); |
| 112 SSLErrorClassification ssl_error(time, origin, *self_signed_cert); |
| 113 EXPECT_TRUE(ssl_error.IsSelfSigned()); |
| 114 } |
| 41 } | 115 } |
| 116 |
| 117 TEST(SSLErrorClassification, ValidURLTest) { |
| 118 GURL gurl1("https://www.google.com"); |
| 119 GURL gurl2("https://b.appspot.com"); |
| 120 GURL gurl3("https://a.private"); |
| 121 EXPECT_FALSE(SSLErrorClassification::IsNotValidURL(gurl1)); |
| 122 EXPECT_FALSE(SSLErrorClassification::IsNotValidURL(gurl2)); |
| 123 EXPECT_TRUE(SSLErrorClassification::IsNotValidURL(gurl3)); |
| 124 } |
| 125 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 376333003:
Find reasons for the SSL common name invalid error. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master