ssl_error_classification_unittest.cc revision 6e8cce623b6e4fe0c9e4af605d675dd9d0338c38 
1// Copyright 2014 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "chrome/browser/ssl/ssl_error_classification.h"
6
7#include "base/files/file_path.h"
8#include "base/strings/string_split.h"
9#include "base/time/time.h"
10#include "net/base/test_data_directory.h"
11#include "net/cert/x509_cert_types.h"
12#include "net/cert/x509_certificate.h"
13#include "net/test/cert_test_util.h"
14#include "net/test/test_certificate_data.h"
15#include "testing/gtest/include/gtest/gtest.h"
16#include "url/gurl.h"
17
18using base::Time;
19
20TEST(SSLErrorClassificationTest, TestDateInvalidScore) {
21  base::FilePath certs_dir = net::GetTestCertsDirectory();
22  scoped_refptr<net::X509Certificate> expired_cert =
23      net::ImportCertFromFile(certs_dir, "expired_cert.pem");
24  base::Time time;
25  GURL origin("https://example.com");
26
27  {
28    EXPECT_TRUE(base::Time::FromString("Wed, 03 Jan 2007 12:00:00 GMT", &time));
29    SSLErrorClassification ssl_error(time, origin, *expired_cert);
30    EXPECT_FLOAT_EQ(0.2f, ssl_error.CalculateScoreTimePassedSinceExpiry());
31  }
32
33  {
34    EXPECT_TRUE(base::Time::FromString("Sat, 06 Jan 2007 12:00:00 GMT", &time));
35    SSLErrorClassification ssl_error(time, origin, *expired_cert);
36    EXPECT_FLOAT_EQ(0.3f, ssl_error.CalculateScoreTimePassedSinceExpiry());
37  }
38
39  {
40    EXPECT_TRUE(base::Time::FromString("Mon, 08 Jan 2007 12:00:00 GMT", &time));
41    SSLErrorClassification ssl_error(time, origin, *expired_cert);
42    EXPECT_FLOAT_EQ(0.4f, ssl_error.CalculateScoreTimePassedSinceExpiry());
43  }
44}
45
46TEST(SSLErrorClassificationTest, TestNameMismatch) {
47  scoped_refptr<net::X509Certificate> google_cert(
48      net::X509Certificate::CreateFromBytes(
49          reinterpret_cast<const char*>(google_der), sizeof(google_der)));
50  ASSERT_NE(static_cast<net::X509Certificate*>(NULL), google_cert);
51  base::Time time = base::Time::NowFromSystemTime();
52  std::vector<std::string> dns_names_google;
53  dns_names_google.push_back("www");
54  dns_names_google.push_back("google");
55  dns_names_google.push_back("com");
56  std::vector<std::vector<std::string>> dns_name_tokens_google;
57  dns_name_tokens_google.push_back(dns_names_google);
58  {
59    GURL origin("https://google.com");
60    std::string host_name = origin.host();
61    std::vector<std::string> host_name_tokens;
62    base::SplitStringDontTrim(host_name, '.', &host_name_tokens);
63    SSLErrorClassification ssl_error(time, origin, *google_cert);
64    EXPECT_TRUE(ssl_error.IsWWWSubDomainMatch());
65    EXPECT_FALSE(ssl_error.NameUnderAnyNames(host_name_tokens,
66                                             dns_name_tokens_google));
67    EXPECT_FALSE(ssl_error.AnyNamesUnderName(dns_name_tokens_google,
68                                             host_name_tokens));
69    EXPECT_FALSE(ssl_error.IsSubDomainOutsideWildcard(host_name_tokens));
70    EXPECT_FALSE(ssl_error.IsCertLikelyFromMultiTenantHosting());
71  }
72
73  {
74    GURL origin("https://foo.blah.google.com");
75    std::string host_name = origin.host();
76    std::vector<std::string> host_name_tokens;
77    base::SplitStringDontTrim(host_name, '.', &host_name_tokens);
78    SSLErrorClassification ssl_error(time, origin, *google_cert);
79    EXPECT_FALSE(ssl_error.IsWWWSubDomainMatch());
80    EXPECT_FALSE(ssl_error.NameUnderAnyNames(host_name_tokens,
81                                             dns_name_tokens_google));
82    EXPECT_FALSE(ssl_error.AnyNamesUnderName(dns_name_tokens_google,
83                                             host_name_tokens));
84  }
85
86  {
87    GURL origin("https://foo.www.google.com");
88    std::string host_name = origin.host();
89    std::vector<std::string> host_name_tokens;
90    base::SplitStringDontTrim(host_name, '.', &host_name_tokens);
91    SSLErrorClassification ssl_error(time, origin, *google_cert);
92    EXPECT_FALSE(ssl_error.IsWWWSubDomainMatch());
93    EXPECT_TRUE(ssl_error.NameUnderAnyNames(host_name_tokens,
94                                            dns_name_tokens_google));
95    EXPECT_FALSE(ssl_error.AnyNamesUnderName(dns_name_tokens_google,
96                                             host_name_tokens));
97  }
98
99  {
100     GURL origin("https://www.google.com.foo");
101     std::string host_name = origin.host();
102     std::vector<std::string> host_name_tokens;
103     base::SplitStringDontTrim(host_name, '.', &host_name_tokens);
104     SSLErrorClassification ssl_error(time, origin, *google_cert);
105     EXPECT_FALSE(ssl_error.IsWWWSubDomainMatch());
106     EXPECT_FALSE(ssl_error.NameUnderAnyNames(host_name_tokens,
107                                              dns_name_tokens_google));
108     EXPECT_FALSE(ssl_error.AnyNamesUnderName(dns_name_tokens_google,
109                                              host_name_tokens));
110  }
111
112  {
113    GURL origin("https://www.foogoogle.com.");
114    std::string host_name = origin.host();
115    std::vector<std::string> host_name_tokens;
116    base::SplitStringDontTrim(host_name, '.', &host_name_tokens);
117    SSLErrorClassification ssl_error(time, origin, *google_cert);
118    EXPECT_FALSE(ssl_error.IsWWWSubDomainMatch());
119    EXPECT_FALSE(ssl_error.NameUnderAnyNames(host_name_tokens,
120                                             dns_name_tokens_google));
121    EXPECT_FALSE(ssl_error.AnyNamesUnderName(dns_name_tokens_google,
122                                             host_name_tokens));
123  }
124
125  scoped_refptr<net::X509Certificate> webkit_cert(
126      net::X509Certificate::CreateFromBytes(
127          reinterpret_cast<const char*>(webkit_der), sizeof(webkit_der)));
128  ASSERT_NE(static_cast<net::X509Certificate*>(NULL), webkit_cert);
129  std::vector<std::string> dns_names_webkit;
130  dns_names_webkit.push_back("webkit");
131  dns_names_webkit.push_back("org");
132  std::vector<std::vector<std::string>> dns_name_tokens_webkit;
133  dns_name_tokens_webkit.push_back(dns_names_webkit);
134  {
135    GURL origin("https://a.b.webkit.org");
136    std::string host_name = origin.host();
137    std::vector<std::string> host_name_tokens;
138    base::SplitStringDontTrim(host_name, '.', &host_name_tokens);
139    SSLErrorClassification ssl_error(time, origin, *webkit_cert);
140    EXPECT_FALSE(ssl_error.IsWWWSubDomainMatch());
141    EXPECT_FALSE(ssl_error.NameUnderAnyNames(host_name_tokens,
142                                             dns_name_tokens_webkit));
143    EXPECT_FALSE(ssl_error.AnyNamesUnderName(dns_name_tokens_webkit,
144                                             host_name_tokens));
145    EXPECT_TRUE(ssl_error.IsSubDomainOutsideWildcard(host_name_tokens));
146    EXPECT_FALSE(ssl_error.IsCertLikelyFromMultiTenantHosting());
147  }
148}
149
150TEST(SSLErrorClassificationTest, TestHostNameHasKnownTLD) {
151  std::string url1 = "www.google.com";
152  std::string url2 = "b.appspot.com";
153  std::string url3 = "a.private";
154  EXPECT_TRUE(SSLErrorClassification::IsHostNameKnownTLD(url1));
155  EXPECT_TRUE(SSLErrorClassification::IsHostNameKnownTLD(url2));
156  EXPECT_FALSE(SSLErrorClassification::IsHostNameKnownTLD(url3));
157}
158