| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "chrome/browser/website_settings_model.h" |
| 6 |
| 7 #include "base/at_exit.h" |
| 8 #include "base/utf_string_conversions.h" |
| 9 #include "chrome/test/base/testing_profile.h" |
| 10 #include "content/browser/cert_store.h" |
| 11 #include "content/public/common/ssl_status.h" |
| 12 #include "net/base/cert_status_flags.h" |
| 13 #include "net/base/ssl_connection_status_flags.h" |
| 14 #include "net/base/test_certificate_data.h" |
| 15 #include "net/base/x509_certificate.h" |
| 16 #include "testing/gmock/include/gmock/gmock.h" |
| 17 #include "testing/gtest/include/gtest/gtest.h" |
| 18 |
| 19 using content::SSLStatus; |
| 20 using namespace testing; |
| 21 |
| 22 namespace { |
| 23 |
| 24 // SSL cipher suite like specified in RFC5246 Appendix A.5. "The Cipher Suite". |
| 25 static int TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x3D; |
| 26 |
| 27 int SetSSLVersion(int connection_status, int version) { |
| 28 // Clear SSL version bits (Bits 20, 21 and 22). |
| 29 connection_status &= |
| 30 ~(net::SSL_CONNECTION_VERSION_MASK << net::SSL_CONNECTION_VERSION_SHIFT); |
| 31 int bitmask = version << net::SSL_CONNECTION_VERSION_SHIFT; |
| 32 return bitmask | connection_status; |
| 33 } |
| 34 |
| 35 int SetSSLCipherSuite(int connection_status, int cipher_suite) { |
| 36 // Clear cipher suite bits (the 16 lowest bits). |
| 37 connection_status &= ~net::SSL_CONNECTION_CIPHERSUITE_MASK; |
| 38 return cipher_suite | connection_status; |
| 39 } |
| 40 |
| 41 class MockCertStore : public CertStore { |
| 42 public: |
| 43 virtual ~MockCertStore() {} |
| 44 MOCK_METHOD2(StoreCert, int(net::X509Certificate*, int)); |
| 45 MOCK_METHOD2(RetrieveCert, bool(int, scoped_refptr<net::X509Certificate>*)); |
| 46 MOCK_METHOD1(RemoveCertsForRenderProcesHost, void(int)); |
| 47 }; |
| 48 |
| 49 class WebsiteSettingsModelTest : public testing::Test { |
| 50 public: |
| 51 WebsiteSettingsModelTest() : testing::Test(), |
| 52 profile_(new TestingProfile()), |
| 53 cert_id_(0) { |
| 54 } |
| 55 |
| 56 virtual ~WebsiteSettingsModelTest() { |
| 57 } |
| 58 |
| 59 virtual void SetUp() { |
| 60 cert_id_ = 1; |
| 61 |
| 62 base::Time start_date = base::Time::Now(); |
| 63 base::Time expiration_date = base::Time::FromInternalValue( |
| 64 start_date.ToInternalValue() + base::Time::kMicrosecondsPerWeek); |
| 65 cert_ = new net::X509Certificate("subject", |
| 66 "issuer", |
| 67 start_date, |
| 68 expiration_date); |
| 69 |
| 70 EXPECT_CALL(cert_store_, RetrieveCert(cert_id_, _) ) |
| 71 .Times(AnyNumber()) |
| 72 .WillRepeatedly(DoAll(SetArgPointee<1>(cert_), Return(true))); |
| 73 } |
| 74 |
| 75 virtual void TearDown() OVERRIDE { |
| 76 EXPECT_TRUE(Mock::VerifyAndClear(&cert_store_)); |
| 77 } |
| 78 |
| 79 Profile* profile() const { return profile_.get(); } |
| 80 |
| 81 scoped_ptr<Profile> profile_; |
| 82 int cert_id_; |
| 83 scoped_refptr<net::X509Certificate> cert_; |
| 84 MockCertStore cert_store_; |
| 85 }; |
| 86 |
| 87 } // namespace |
| 88 |
| 89 TEST_F(WebsiteSettingsModelTest, HTTPConnection) { |
| 90 GURL url = GURL("http://www.example.com"); |
| 91 SSLStatus ssl; |
| 92 ssl.security_style = content::SECURITY_STYLE_UNAUTHENTICATED; |
| 93 |
| 94 scoped_ptr<WebsiteSettingsModel> model( |
| 95 new WebsiteSettingsModel(profile(), url, ssl, &cert_store_)); |
| 96 EXPECT_EQ(WebsiteSettingsModel::SITE_CONNECTION_STATUS_UNENCRYPTED, |
| 97 model->site_connection_status()); |
| 98 EXPECT_EQ(WebsiteSettingsModel::SITE_IDENTITY_STATUS_NO_CERT, |
| 99 model->site_identity_status()); |
| 100 EXPECT_EQ(string16(), model->organization_name()); |
| 101 } |
| 102 |
| 103 TEST_F(WebsiteSettingsModelTest, HTTPSConnection) { |
| 104 GURL url = GURL("https://www.example.com"); |
| 105 |
| 106 SSLStatus ssl; |
| 107 ssl.security_style = content::SECURITY_STYLE_AUTHENTICATED; |
| 108 ssl.cert_id = cert_id_; |
| 109 ssl.cert_status = 0; |
| 110 ssl.security_bits = 81; // No error if > 80. |
| 111 int status = 0; |
| 112 status = SetSSLVersion(status, net::SSL_CONNECTION_VERSION_TLS1); |
| 113 status = SetSSLCipherSuite(status, TLS_RSA_WITH_AES_256_CBC_SHA256); |
| 114 ssl.connection_status = status; |
| 115 |
| 116 scoped_ptr<WebsiteSettingsModel> model( |
| 117 new WebsiteSettingsModel(profile(), url, ssl, &cert_store_)); |
| 118 EXPECT_EQ(WebsiteSettingsModel::SITE_CONNECTION_STATUS_ENCRYPTED, |
| 119 model->site_connection_status()); |
| 120 EXPECT_EQ(WebsiteSettingsModel::SITE_IDENTITY_STATUS_CERT, |
| 121 model->site_identity_status()); |
| 122 EXPECT_EQ(string16(), model->organization_name()); |
| 123 } |
| 124 |
| 125 TEST_F(WebsiteSettingsModelTest, HTTPSMixedContent) { |
| 126 GURL url = GURL("https://www.example.com"); |
| 127 |
| 128 SSLStatus ssl; |
| 129 ssl.security_style = content::SECURITY_STYLE_AUTHENTICATED; |
| 130 ssl.cert_id = cert_id_; |
| 131 ssl.cert_status = 0; |
| 132 ssl.security_bits = 81; // No error if > 80. |
| 133 ssl.content_status = SSLStatus::DISPLAYED_INSECURE_CONTENT; |
| 134 int status = 0; |
| 135 status = SetSSLVersion(status, net::SSL_CONNECTION_VERSION_TLS1); |
| 136 status = SetSSLCipherSuite(status, TLS_RSA_WITH_AES_256_CBC_SHA256); |
| 137 ssl.connection_status = status; |
| 138 |
| 139 scoped_ptr<WebsiteSettingsModel> model( |
| 140 new WebsiteSettingsModel(profile(), url, ssl, &cert_store_)); |
| 141 EXPECT_EQ(WebsiteSettingsModel::SITE_CONNECTION_STATUS_MIXED_CONTENT, |
| 142 model->site_connection_status()); |
| 143 EXPECT_EQ(WebsiteSettingsModel::SITE_IDENTITY_STATUS_CERT, |
| 144 model->site_identity_status()); |
| 145 EXPECT_EQ(string16(), model->organization_name()); |
| 146 } |
| 147 |
| 148 TEST_F(WebsiteSettingsModelTest, HTTPSEVCert) { |
| 149 GURL url = GURL("https://www.example.com"); |
| 150 |
| 151 scoped_refptr<net::X509Certificate> ev_cert = |
| 152 net::X509Certificate::CreateFromBytes( |
| 153 reinterpret_cast<const char*>(google_der), |
| 154 sizeof(google_der)); |
| 155 int ev_cert_id = 1; |
| 156 MockCertStore tmp_cert_store; |
| 157 EXPECT_CALL(tmp_cert_store, RetrieveCert(ev_cert_id, _) ).WillRepeatedly( |
| 158 DoAll(SetArgPointee<1>(ev_cert), |
| 159 Return(true))); |
| 160 |
| 161 SSLStatus ssl; |
| 162 ssl.security_style = content::SECURITY_STYLE_AUTHENTICATED; |
| 163 ssl.cert_id = ev_cert_id; |
| 164 ssl.cert_status = net::CERT_STATUS_IS_EV; |
| 165 ssl.security_bits = 81; // No error if > 80. |
| 166 ssl.content_status = SSLStatus::DISPLAYED_INSECURE_CONTENT; |
| 167 int status = 0; |
| 168 status = SetSSLVersion(status, net::SSL_CONNECTION_VERSION_TLS1); |
| 169 status = SetSSLCipherSuite(status, TLS_RSA_WITH_AES_256_CBC_SHA256); |
| 170 ssl.connection_status = status; |
| 171 |
| 172 scoped_ptr<WebsiteSettingsModel> model( |
| 173 new WebsiteSettingsModel(profile(), url, ssl, &tmp_cert_store)); |
| 174 EXPECT_EQ(WebsiteSettingsModel::SITE_CONNECTION_STATUS_MIXED_CONTENT, |
| 175 model->site_connection_status()); |
| 176 EXPECT_EQ(WebsiteSettingsModel::SITE_IDENTITY_STATUS_EV_CERT, |
| 177 model->site_identity_status()); |
| 178 EXPECT_EQ(UTF8ToUTF16("Google Inc"), model->organization_name()); |
| 179 EXPECT_TRUE(Mock::VerifyAndClear(&tmp_cert_store)); |
| 180 } |
| 181 |
| 182 TEST_F(WebsiteSettingsModelTest, HTTPSRevocationError) { |
| 183 GURL url = GURL("https://www.example.com"); |
| 184 |
| 185 SSLStatus ssl; |
| 186 ssl.security_style = content::SECURITY_STYLE_AUTHENTICATED; |
| 187 ssl.cert_id = cert_id_; |
| 188 ssl.cert_status = net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION; |
| 189 ssl.security_bits = 81; // No error if > 80. |
| 190 int status = 0; |
| 191 status = SetSSLVersion(status, net::SSL_CONNECTION_VERSION_TLS1); |
| 192 status = SetSSLCipherSuite(status, TLS_RSA_WITH_AES_256_CBC_SHA256); |
| 193 ssl.connection_status = status; |
| 194 |
| 195 scoped_ptr<WebsiteSettingsModel> model( |
| 196 new WebsiteSettingsModel(profile(), url, ssl, &cert_store_)); |
| 197 EXPECT_EQ(WebsiteSettingsModel::SITE_CONNECTION_STATUS_ENCRYPTED, |
| 198 model->site_connection_status()); |
| 199 EXPECT_EQ(WebsiteSettingsModel::SITE_IDENTITY_STATUS_CERT_REVOCATION_UNKNOWN, |
| 200 model->site_identity_status()); |
| 201 EXPECT_EQ(string16(), model->organization_name()); |
| 202 } |
| 203 |
| 204 TEST_F(WebsiteSettingsModelTest, HTTPSConnectionError) { |
| 205 GURL url = GURL("https://www.example.com"); |
| 206 |
| 207 SSLStatus ssl; |
| 208 ssl.security_style = content::SECURITY_STYLE_AUTHENTICATED; |
| 209 ssl.cert_id = cert_id_; |
| 210 ssl.cert_status = 0; |
| 211 ssl.security_bits = 1; |
| 212 int status = 0; |
| 213 status = SetSSLVersion(status, net::SSL_CONNECTION_VERSION_TLS1); |
| 214 status = SetSSLCipherSuite(status, TLS_RSA_WITH_AES_256_CBC_SHA256); |
| 215 ssl.connection_status = status; |
| 216 |
| 217 scoped_ptr<WebsiteSettingsModel> model( |
| 218 new WebsiteSettingsModel(profile(), url, ssl, &cert_store_)); |
| 219 EXPECT_EQ(WebsiteSettingsModel::SITE_CONNECTION_STATUS_ENCRYPTED_ERROR, |
| 220 model->site_connection_status()); |
| 221 EXPECT_EQ(WebsiteSettingsModel::SITE_IDENTITY_STATUS_CERT, |
| 222 model->site_identity_status()); |
| 223 EXPECT_EQ(string16(), model->organization_name()); |
| 224 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 9378014:
Add website settings backend v 0.1 (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src