Chromium Code Reviews Chromium Code Reviews
Issue 376333003:
Find reasons for the SSL common name invalid error. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: chrome/browser/ssl/ssl_error_classification_unittest.cc |
| diff --git a/chrome/browser/ssl/ssl_error_classification_unittest.cc b/chrome/browser/ssl/ssl_error_classification_unittest.cc |
| index fc4e23fc615da4cdc43ef2f237f4c90126c9d22e..d1bbedd91113f520fc37f20251b30384b1c818c9 100644 |
| --- a/chrome/browser/ssl/ssl_error_classification_unittest.cc |
| +++ b/chrome/browser/ssl/ssl_error_classification_unittest.cc |
| @@ -1,4 +1,4 @@ |
| -// Copyright 2014 The Chromium Authors. All rights reserved. |
| +// Copyright (c) 2014 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| @@ -11,6 +11,7 @@ |
| #include "net/test/cert_test_util.h" |
| #include "net/test/test_certificate_data.h" |
| #include "testing/gtest/include/gtest/gtest.h" |
| +#include "url/gurl.h" |
| using base::Time; |
| @@ -19,23 +20,102 @@ TEST(SSLErrorClassification, TestDateInvalidScore) { |
| scoped_refptr<net::X509Certificate> expired_cert = |
| net::ImportCertFromFile(certs_dir, "expired_cert.pem"); |
| base::Time time; |
| + GURL origin("https://example.com"); |
| { |
| EXPECT_TRUE(base::Time::FromString("Wed, 03 Jan 2007 12:00:00 GMT", &time)); |
| - SSLErrorClassification ssl_error(time, *expired_cert); |
| + SSLErrorClassification ssl_error(time, origin, *expired_cert); |
| EXPECT_FLOAT_EQ(0.2f, ssl_error.CalculateScoreTimePassedSinceExpiry()); |
| } |
| { |
| EXPECT_TRUE(base::Time::FromString("Sat, 06 Jan 2007 12:00:00 GMT", &time)); |
| - SSLErrorClassification ssl_error(time, *expired_cert); |
| + SSLErrorClassification ssl_error(time, origin, *expired_cert); |
| EXPECT_FLOAT_EQ(0.3f, ssl_error.CalculateScoreTimePassedSinceExpiry()); |
| } |
| { |
| EXPECT_TRUE(base::Time::FromString("Mon, 08 Jan 2007 12:00:00 GMT", &time)); |
| - SSLErrorClassification ssl_error(time, *expired_cert); |
| + SSLErrorClassification ssl_error(time, origin, *expired_cert); |
| EXPECT_FLOAT_EQ(0.4f, ssl_error.CalculateScoreTimePassedSinceExpiry()); |
| } |
| +} |
| + |
| +TEST(SSLErrorClassification, TestNameMismatch) { |
| + scoped_refptr<net::X509Certificate> google_cert( |
| + net::X509Certificate::CreateFromBytes( |
| + reinterpret_cast<const char*>(google_der), sizeof(google_der))); |
| + ASSERT_NE(static_cast<net::X509Certificate*>(NULL), google_cert); |
| + base::Time time = base::Time::NowFromSystemTime(); |
| + |
| + { |
| + GURL origin("https://google.com"); |
| + SSLErrorClassification ssl_error(time, origin, *google_cert); |
| + EXPECT_TRUE(ssl_error.IsWWWDifference()); |
| + EXPECT_FALSE(ssl_error.IsSubDomainMatch()); |
| + EXPECT_FALSE(ssl_error.IsSubDomainInverseMatch()); |
| + EXPECT_FALSE(ssl_error.IsHostNameTooBroad()); |
| + EXPECT_FALSE(ssl_error.IsSelfSigned()); |
| + } |
| + |
| + { |
| + GURL origin("https://foo.blah.google.com"); |
| + SSLErrorClassification ssl_error(time, origin, *google_cert); |
| + EXPECT_FALSE(ssl_error.IsWWWDifference()); |
| + EXPECT_FALSE(ssl_error.IsSubDomainMatch()); |
| + EXPECT_FALSE(ssl_error.IsSubDomainInverseMatch()); |
| + EXPECT_FALSE(ssl_error.IsHostNameTooBroad()); |
| + } |
| + |
| + { |
| + GURL origin("https://foo.www.google.com"); |
| + SSLErrorClassification ssl_error(time, origin, *google_cert); |
| + EXPECT_FALSE(ssl_error.IsWWWDifference()); |
| + EXPECT_TRUE(ssl_error.IsSubDomainMatch()); |
| + EXPECT_FALSE(ssl_error.IsSubDomainInverseMatch()); |
| + EXPECT_FALSE(ssl_error.IsHostNameTooBroad()); |
| + } |
| + { |
| + GURL origin("https://www.google.com.foo"); |
| + SSLErrorClassification ssl_error(time, origin, *google_cert); |
| + EXPECT_FALSE(ssl_error.IsWWWDifference()); |
| + EXPECT_FALSE(ssl_error.IsSubDomainMatch()); |
| + EXPECT_FALSE(ssl_error.IsSubDomainInverseMatch()); |
| + EXPECT_FALSE(ssl_error.IsHostNameTooBroad()); |
| + } |
| + |
| + |
| + scoped_refptr<net::X509Certificate> webkit_cert( |
| + net::X509Certificate::CreateFromBytes( |
| + reinterpret_cast<const char*>(webkit_der), sizeof(webkit_der))); |
| + ASSERT_NE(static_cast<net::X509Certificate*>(NULL), webkit_cert); |
| + { |
| + GURL origin("https://a.b.webkit.org"); |
| + SSLErrorClassification ssl_error(time, origin, *webkit_cert); |
| + EXPECT_FALSE(ssl_error.IsWWWDifference()); |
| + EXPECT_FALSE(ssl_error.IsSubDomainMatch()); |
| + EXPECT_FALSE(ssl_error.IsSubDomainInverseMatch()); |
| + EXPECT_TRUE(ssl_error.IsHostNameTooBroad()); |
| + EXPECT_FALSE(ssl_error.IsSelfSigned()); |
| + } |
| + |
| + { |
| + GURL origin("https://org"); |
| + SSLErrorClassification ssl_error(time, origin, *webkit_cert); |
| + EXPECT_FALSE(ssl_error.IsWWWDifference()); |
| + EXPECT_FALSE(ssl_error.IsSubDomainMatch()); |
| + EXPECT_TRUE(ssl_error.IsSubDomainInverseMatch()); |
|
radhikabhar
2014/07/16 22:35:16
This check will be false for everything because th
felt
2014/07/16 23:31:47
can you add a comment that says that this part of
|
| + EXPECT_FALSE(ssl_error.IsHostNameTooBroad()); |
| + } |
| + |
| + scoped_refptr<net::X509Certificate> self_signed_cert = |
| + net::ImportCertFromFile(net::GetTestCertsDirectory(), |
| + "unittest.selfsigned.der"); |
| + ASSERT_NE(static_cast<net::X509Certificate*>(NULL), self_signed_cert); |
| + { |
| + GURL origin("https://example.com"); |
| + SSLErrorClassification ssl_error(time, origin, *self_signed_cert); |
| + EXPECT_TRUE(ssl_error.IsSelfSigned()); |
| + } |
| } |
