ssl_error_classification_unittest.cc revision 6e8cce623b6e4fe0c9e4af605d675dd9d0338c38
1// Copyright 2014 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "chrome/browser/ssl/ssl_error_classification.h" 6 7#include "base/files/file_path.h" 8#include "base/strings/string_split.h" 9#include "base/time/time.h" 10#include "net/base/test_data_directory.h" 11#include "net/cert/x509_cert_types.h" 12#include "net/cert/x509_certificate.h" 13#include "net/test/cert_test_util.h" 14#include "net/test/test_certificate_data.h" 15#include "testing/gtest/include/gtest/gtest.h" 16#include "url/gurl.h" 17 18using base::Time; 19 20TEST(SSLErrorClassificationTest, TestDateInvalidScore) { 21 base::FilePath certs_dir = net::GetTestCertsDirectory(); 22 scoped_refptr<net::X509Certificate> expired_cert = 23 net::ImportCertFromFile(certs_dir, "expired_cert.pem"); 24 base::Time time; 25 GURL origin("https://example.com"); 26 27 { 28 EXPECT_TRUE(base::Time::FromString("Wed, 03 Jan 2007 12:00:00 GMT", &time)); 29 SSLErrorClassification ssl_error(time, origin, *expired_cert); 30 EXPECT_FLOAT_EQ(0.2f, ssl_error.CalculateScoreTimePassedSinceExpiry()); 31 } 32 33 { 34 EXPECT_TRUE(base::Time::FromString("Sat, 06 Jan 2007 12:00:00 GMT", &time)); 35 SSLErrorClassification ssl_error(time, origin, *expired_cert); 36 EXPECT_FLOAT_EQ(0.3f, ssl_error.CalculateScoreTimePassedSinceExpiry()); 37 } 38 39 { 40 EXPECT_TRUE(base::Time::FromString("Mon, 08 Jan 2007 12:00:00 GMT", &time)); 41 SSLErrorClassification ssl_error(time, origin, *expired_cert); 42 EXPECT_FLOAT_EQ(0.4f, ssl_error.CalculateScoreTimePassedSinceExpiry()); 43 } 44} 45 46TEST(SSLErrorClassificationTest, TestNameMismatch) { 47 scoped_refptr<net::X509Certificate> google_cert( 48 net::X509Certificate::CreateFromBytes( 49 reinterpret_cast<const char*>(google_der), sizeof(google_der))); 50 ASSERT_NE(static_cast<net::X509Certificate*>(NULL), google_cert); 51 base::Time time = base::Time::NowFromSystemTime(); 52 std::vector<std::string> dns_names_google; 53 dns_names_google.push_back("www"); 54 dns_names_google.push_back("google"); 55 dns_names_google.push_back("com"); 56 std::vector<std::vector<std::string>> dns_name_tokens_google; 57 dns_name_tokens_google.push_back(dns_names_google); 58 { 59 GURL origin("https://google.com"); 60 std::string host_name = origin.host(); 61 std::vector<std::string> host_name_tokens; 62 base::SplitStringDontTrim(host_name, '.', &host_name_tokens); 63 SSLErrorClassification ssl_error(time, origin, *google_cert); 64 EXPECT_TRUE(ssl_error.IsWWWSubDomainMatch()); 65 EXPECT_FALSE(ssl_error.NameUnderAnyNames(host_name_tokens, 66 dns_name_tokens_google)); 67 EXPECT_FALSE(ssl_error.AnyNamesUnderName(dns_name_tokens_google, 68 host_name_tokens)); 69 EXPECT_FALSE(ssl_error.IsSubDomainOutsideWildcard(host_name_tokens)); 70 EXPECT_FALSE(ssl_error.IsCertLikelyFromMultiTenantHosting()); 71 } 72 73 { 74 GURL origin("https://foo.blah.google.com"); 75 std::string host_name = origin.host(); 76 std::vector<std::string> host_name_tokens; 77 base::SplitStringDontTrim(host_name, '.', &host_name_tokens); 78 SSLErrorClassification ssl_error(time, origin, *google_cert); 79 EXPECT_FALSE(ssl_error.IsWWWSubDomainMatch()); 80 EXPECT_FALSE(ssl_error.NameUnderAnyNames(host_name_tokens, 81 dns_name_tokens_google)); 82 EXPECT_FALSE(ssl_error.AnyNamesUnderName(dns_name_tokens_google, 83 host_name_tokens)); 84 } 85 86 { 87 GURL origin("https://foo.www.google.com"); 88 std::string host_name = origin.host(); 89 std::vector<std::string> host_name_tokens; 90 base::SplitStringDontTrim(host_name, '.', &host_name_tokens); 91 SSLErrorClassification ssl_error(time, origin, *google_cert); 92 EXPECT_FALSE(ssl_error.IsWWWSubDomainMatch()); 93 EXPECT_TRUE(ssl_error.NameUnderAnyNames(host_name_tokens, 94 dns_name_tokens_google)); 95 EXPECT_FALSE(ssl_error.AnyNamesUnderName(dns_name_tokens_google, 96 host_name_tokens)); 97 } 98 99 { 100 GURL origin("https://www.google.com.foo"); 101 std::string host_name = origin.host(); 102 std::vector<std::string> host_name_tokens; 103 base::SplitStringDontTrim(host_name, '.', &host_name_tokens); 104 SSLErrorClassification ssl_error(time, origin, *google_cert); 105 EXPECT_FALSE(ssl_error.IsWWWSubDomainMatch()); 106 EXPECT_FALSE(ssl_error.NameUnderAnyNames(host_name_tokens, 107 dns_name_tokens_google)); 108 EXPECT_FALSE(ssl_error.AnyNamesUnderName(dns_name_tokens_google, 109 host_name_tokens)); 110 } 111 112 { 113 GURL origin("https://www.foogoogle.com."); 114 std::string host_name = origin.host(); 115 std::vector<std::string> host_name_tokens; 116 base::SplitStringDontTrim(host_name, '.', &host_name_tokens); 117 SSLErrorClassification ssl_error(time, origin, *google_cert); 118 EXPECT_FALSE(ssl_error.IsWWWSubDomainMatch()); 119 EXPECT_FALSE(ssl_error.NameUnderAnyNames(host_name_tokens, 120 dns_name_tokens_google)); 121 EXPECT_FALSE(ssl_error.AnyNamesUnderName(dns_name_tokens_google, 122 host_name_tokens)); 123 } 124 125 scoped_refptr<net::X509Certificate> webkit_cert( 126 net::X509Certificate::CreateFromBytes( 127 reinterpret_cast<const char*>(webkit_der), sizeof(webkit_der))); 128 ASSERT_NE(static_cast<net::X509Certificate*>(NULL), webkit_cert); 129 std::vector<std::string> dns_names_webkit; 130 dns_names_webkit.push_back("webkit"); 131 dns_names_webkit.push_back("org"); 132 std::vector<std::vector<std::string>> dns_name_tokens_webkit; 133 dns_name_tokens_webkit.push_back(dns_names_webkit); 134 { 135 GURL origin("https://a.b.webkit.org"); 136 std::string host_name = origin.host(); 137 std::vector<std::string> host_name_tokens; 138 base::SplitStringDontTrim(host_name, '.', &host_name_tokens); 139 SSLErrorClassification ssl_error(time, origin, *webkit_cert); 140 EXPECT_FALSE(ssl_error.IsWWWSubDomainMatch()); 141 EXPECT_FALSE(ssl_error.NameUnderAnyNames(host_name_tokens, 142 dns_name_tokens_webkit)); 143 EXPECT_FALSE(ssl_error.AnyNamesUnderName(dns_name_tokens_webkit, 144 host_name_tokens)); 145 EXPECT_TRUE(ssl_error.IsSubDomainOutsideWildcard(host_name_tokens)); 146 EXPECT_FALSE(ssl_error.IsCertLikelyFromMultiTenantHosting()); 147 } 148} 149 150TEST(SSLErrorClassificationTest, TestHostNameHasKnownTLD) { 151 std::string url1 = "www.google.com"; 152 std::string url2 = "b.appspot.com"; 153 std::string url3 = "a.private"; 154 EXPECT_TRUE(SSLErrorClassification::IsHostNameKnownTLD(url1)); 155 EXPECT_TRUE(SSLErrorClassification::IsHostNameKnownTLD(url2)); 156 EXPECT_FALSE(SSLErrorClassification::IsHostNameKnownTLD(url3)); 157} 158