Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(79)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/browser/ssl/ssl_error_classification_unittest.cc

Issue 376333003: Find reasons for the SSL common name invalid error. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Addressed Comments Created 6 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« chrome/browser/ssl/ssl_error_classification.cc ('K') | « chrome/browser/ssl/ssl_error_classification.cc ('k') | tools/metrics/histograms/histograms.xml » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/browser/ssl/ssl_error_classification.h" 5 #include "chrome/browser/ssl/ssl_error_classification.h"
6 6
7 #include "base/files/file_path.h" 7 #include "base/files/file_path.h"
8 #include "base/strings/string_split.h"
8 #include "base/time/time.h" 9 #include "base/time/time.h"
9 #include "net/base/test_data_directory.h" 10 #include "net/base/test_data_directory.h"
11 #include "net/cert/x509_cert_types.h"
10 #include "net/cert/x509_certificate.h" 12 #include "net/cert/x509_certificate.h"
11 #include "net/test/cert_test_util.h" 13 #include "net/test/cert_test_util.h"
12 #include "net/test/test_certificate_data.h" 14 #include "net/test/test_certificate_data.h"
13 #include "testing/gtest/include/gtest/gtest.h" 15 #include "testing/gtest/include/gtest/gtest.h"
16 #include "url/gurl.h"
14 17
15 using base::Time; 18 using base::Time;
16 19
17 TEST(SSLErrorClassification, TestDateInvalidScore) { 20 TEST(SSLErrorClassificationTest, TestDateInvalidScore) {
18 base::FilePath certs_dir = net::GetTestCertsDirectory(); 21 base::FilePath certs_dir = net::GetTestCertsDirectory();
19 scoped_refptr<net::X509Certificate> expired_cert = 22 scoped_refptr<net::X509Certificate> expired_cert =
20 net::ImportCertFromFile(certs_dir, "expired_cert.pem"); 23 net::ImportCertFromFile(certs_dir, "expired_cert.pem");
21 base::Time time; 24 base::Time time;
25 GURL origin("https://example.com");
22 26
23 { 27 {
24 EXPECT_TRUE(base::Time::FromString("Wed, 03 Jan 2007 12:00:00 GMT", &time)); 28 EXPECT_TRUE(base::Time::FromString("Wed, 03 Jan 2007 12:00:00 GMT", &time));
25 SSLErrorClassification ssl_error(time, *expired_cert); 29 SSLErrorClassification ssl_error(time, origin, *expired_cert);
26 EXPECT_FLOAT_EQ(0.2f, ssl_error.CalculateScoreTimePassedSinceExpiry()); 30 EXPECT_FLOAT_EQ(0.2f, ssl_error.CalculateScoreTimePassedSinceExpiry());
27 } 31 }
28 32
29 { 33 {
30 EXPECT_TRUE(base::Time::FromString("Sat, 06 Jan 2007 12:00:00 GMT", &time)); 34 EXPECT_TRUE(base::Time::FromString("Sat, 06 Jan 2007 12:00:00 GMT", &time));
31 SSLErrorClassification ssl_error(time, *expired_cert); 35 SSLErrorClassification ssl_error(time, origin, *expired_cert);
32 EXPECT_FLOAT_EQ(0.3f, ssl_error.CalculateScoreTimePassedSinceExpiry()); 36 EXPECT_FLOAT_EQ(0.3f, ssl_error.CalculateScoreTimePassedSinceExpiry());
33 } 37 }
34 38
35 { 39 {
36 EXPECT_TRUE(base::Time::FromString("Mon, 08 Jan 2007 12:00:00 GMT", &time)); 40 EXPECT_TRUE(base::Time::FromString("Mon, 08 Jan 2007 12:00:00 GMT", &time));
37 SSLErrorClassification ssl_error(time, *expired_cert); 41 SSLErrorClassification ssl_error(time, origin, *expired_cert);
38 EXPECT_FLOAT_EQ(0.4f, ssl_error.CalculateScoreTimePassedSinceExpiry()); 42 EXPECT_FLOAT_EQ(0.4f, ssl_error.CalculateScoreTimePassedSinceExpiry());
39 } 43 }
44 }
40 45
46 TEST(SSLErrorClassificationTest, TestNameMismatch) {
47 scoped_refptr<net::X509Certificate> google_cert(
48 net::X509Certificate::CreateFromBytes(
49 reinterpret_cast<const char*>(google_der), sizeof(google_der)));
50 ASSERT_NE(static_cast<net::X509Certificate*>(NULL), google_cert);
51 base::Time time = base::Time::NowFromSystemTime();
52 std::vector<std::string> dns_names_google;
53 dns_names_google.push_back("www");
54 dns_names_google.push_back("google");
55 dns_names_google.push_back("com");
56 std::vector<std::vector<std::string>> dns_name_tokens_google;
57 dns_name_tokens_google.push_back(dns_names_google);
58 {
59 GURL origin("https://google.com");
60 std::string host_name = origin.host();
61 std::vector<std::string> host_name_tokens;
62 base::SplitStringDontTrim(host_name, '.', &host_name_tokens);
63 SSLErrorClassification ssl_error(time, origin, *google_cert);
64 EXPECT_TRUE(ssl_error.IsWWWSubDomainMatch());
65 EXPECT_FALSE(ssl_error.IsSubDomainMatch(host_name_tokens,
66 dns_name_tokens_google));
67 EXPECT_FALSE(ssl_error.IsSubDomainInverseMatch(host_name_tokens,
68 dns_name_tokens_google));
69 EXPECT_FALSE(ssl_error.IsSubDomainOutsideWildcard(host_name_tokens));
70 EXPECT_FALSE(ssl_error.IsSelfSigned());
71 }
72
73 {
74 GURL origin("https://foo.blah.google.com");
75 std::string host_name = origin.host();
76 std::vector<std::string> host_name_tokens;
77 base::SplitStringDontTrim(host_name, '.', &host_name_tokens);
78 SSLErrorClassification ssl_error(time, origin, *google_cert);
79 EXPECT_FALSE(ssl_error.IsWWWSubDomainMatch());
80 EXPECT_FALSE(ssl_error.IsSubDomainMatch(host_name_tokens,
81 dns_name_tokens_google));
82 EXPECT_FALSE(ssl_error.IsSubDomainInverseMatch(host_name_tokens,
83 dns_name_tokens_google));
84 }
85
86 {
87 GURL origin("https://foo.www.google.com");
88 std::string host_name = origin.host();
89 std::vector<std::string> host_name_tokens;
90 base::SplitStringDontTrim(host_name, '.', &host_name_tokens);
91 SSLErrorClassification ssl_error(time, origin, *google_cert);
92 EXPECT_FALSE(ssl_error.IsWWWSubDomainMatch());
93 EXPECT_TRUE(ssl_error.IsSubDomainMatch(host_name_tokens,
94 dns_name_tokens_google));
95 EXPECT_FALSE(ssl_error.IsSubDomainInverseMatch(host_name_tokens,
96 dns_name_tokens_google));
97 }
98
99 {
100 GURL origin("https://www.google.com.foo");
101 std::string host_name = origin.host();
102 std::vector<std::string> host_name_tokens;
103 base::SplitStringDontTrim(host_name, '.', &host_name_tokens);
104 SSLErrorClassification ssl_error(time, origin, *google_cert);
105 EXPECT_FALSE(ssl_error.IsWWWSubDomainMatch());
106 EXPECT_FALSE(ssl_error.IsSubDomainMatch(host_name_tokens,
107 dns_name_tokens_google));
108 EXPECT_FALSE(ssl_error.IsSubDomainInverseMatch(host_name_tokens,
109 dns_name_tokens_google));
110 }
111
112 {
113 GURL origin("https://www.foogoogle.com.");
114 std::string host_name = origin.host();
115 std::vector<std::string> host_name_tokens;
116 base::SplitStringDontTrim(host_name, '.', &host_name_tokens);
117 SSLErrorClassification ssl_error(time, origin, *google_cert);
118 EXPECT_FALSE(ssl_error.IsWWWSubDomainMatch());
119 EXPECT_FALSE(ssl_error.IsSubDomainMatch(host_name_tokens,
120 dns_name_tokens_google));
121 EXPECT_FALSE(ssl_error.IsSubDomainInverseMatch(host_name_tokens,
122 dns_name_tokens_google));
123 }
124
125 scoped_refptr<net::X509Certificate> webkit_cert(
126 net::X509Certificate::CreateFromBytes(
127 reinterpret_cast<const char*>(webkit_der), sizeof(webkit_der)));
128 ASSERT_NE(static_cast<net::X509Certificate*>(NULL), webkit_cert);
129 std::vector<std::string> dns_names_webkit;
130 dns_names_webkit.push_back("webkit");
131 dns_names_webkit.push_back("org");
132 std::vector<std::vector<std::string>> dns_name_tokens_webkit;
133 dns_name_tokens_webkit.push_back(dns_names_webkit);
134 {
135 GURL origin("https://a.b.webkit.org");
136 std::string host_name = origin.host();
137 std::vector<std::string> host_name_tokens;
138 base::SplitStringDontTrim(host_name, '.', &host_name_tokens);
139 SSLErrorClassification ssl_error(time, origin, *webkit_cert);
140 EXPECT_FALSE(ssl_error.IsWWWSubDomainMatch());
141 EXPECT_FALSE(ssl_error.IsSubDomainMatch(host_name_tokens,
142 dns_name_tokens_webkit));
143 EXPECT_FALSE(ssl_error.IsSubDomainInverseMatch(host_name_tokens,
144 dns_name_tokens_webkit));
145 EXPECT_TRUE(ssl_error.IsSubDomainOutsideWildcard(host_name_tokens));
146 }
147
148 scoped_refptr<net::X509Certificate> self_signed_cert =
149 net::ImportCertFromFile(net::GetTestCertsDirectory(),
150 "unittest.selfsigned.der");
151 ASSERT_NE(static_cast<net::X509Certificate*>(NULL), self_signed_cert);
152 {
153 GURL origin("https://example.com");
154 SSLErrorClassification ssl_error(time, origin, *self_signed_cert);
155 EXPECT_TRUE(ssl_error.IsSelfSigned());
156 }
41 } 157 }
158
159 TEST(SSLErrorClassificationTest, TestHostNameHasKnownTLD) {
160 std::string url1 = "www.google.com";
161 std::string url2 = "b.appspot.com";
162 std::string url3 = "a.private";
163 EXPECT_TRUE(SSLErrorClassification::IsHostNameKnownTLD(url1));
164 EXPECT_TRUE(SSLErrorClassification::IsHostNameKnownTLD(url2));
165 EXPECT_FALSE(SSLErrorClassification::IsHostNameKnownTLD(url3));
166 }
167
OLDNEW
« chrome/browser/ssl/ssl_error_classification.cc ('K') | « chrome/browser/ssl/ssl_error_classification.cc ('k') | tools/metrics/histograms/histograms.xml » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698