| Index: chrome/browser/ssl/ssl_browser_tests.cc
|
| ===================================================================
|
| --- chrome/browser/ssl/ssl_browser_tests.cc (revision 14738)
|
| +++ chrome/browser/ssl/ssl_browser_tests.cc (working copy)
|
| @@ -2,19 +2,774 @@
|
| // Use of this source code is governed by a BSD-style license that can be
|
| // found in the LICENSE file.
|
|
|
| -#include "net/base/ssl_test_util.h"
|
| -
|
| +#include "chrome/browser/browser.h"
|
| +#include "chrome/browser/tab_contents/interstitial_page.h"
|
| +#include "chrome/browser/tab_contents/navigation_entry.h"
|
| +#include "chrome/browser/tab_contents/tab_contents.h"
|
| +#include "chrome/browser/tab_contents/web_contents.h"
|
| +#include "chrome/common/pref_names.h"
|
| +#include "chrome/common/pref_service.h"
|
| #include "chrome/test/in_process_browser_test.h"
|
| +#include "chrome/test/ui_test_utils.h"
|
|
|
| -namespace {
|
| +const wchar_t kDocRoot[] = L"chrome/test/data";
|
|
|
| -const wchar_t* const kDocRoot = L"chrome/test/data";
|
| +class SSLUITest : public InProcessBrowserTest {
|
| + public:
|
| + SSLUITest() {
|
| + EnableDOMAutomation();
|
| + }
|
|
|
| -class SSLBrowserTest : public InProcessBrowserTest {
|
| + scoped_refptr<HTTPTestServer> PlainServer() {
|
| + return HTTPTestServer::CreateServer(kDocRoot, NULL);
|
| + }
|
| +
|
| + scoped_refptr<HTTPSTestServer> GoodCertServer() {
|
| + return HTTPSTestServer::CreateGoodServer(kDocRoot);
|
| + }
|
| +
|
| + scoped_refptr<HTTPSTestServer> BadCertServer() {
|
| + return HTTPSTestServer::CreateExpiredServer(kDocRoot);
|
| + }
|
| +
|
| + void CheckAuthenticatedState(TabContents* tab,
|
| + bool mixed_content,
|
| + bool unsafe_content) {
|
| + NavigationEntry* entry = tab->controller().GetActiveEntry();
|
| + ASSERT_TRUE(entry);
|
| + EXPECT_EQ(NavigationEntry::NORMAL_PAGE, entry->page_type());
|
| + EXPECT_EQ(SECURITY_STYLE_AUTHENTICATED, entry->ssl().security_style());
|
| + EXPECT_EQ(0, entry->ssl().cert_status() & net::CERT_STATUS_ALL_ERRORS);
|
| + EXPECT_EQ(mixed_content, entry->ssl().has_mixed_content());
|
| + EXPECT_EQ(unsafe_content, entry->ssl().has_unsafe_content());
|
| + }
|
| +
|
| + void CheckUnauthenticatedState(TabContents* tab) {
|
| + NavigationEntry* entry = tab->controller().GetActiveEntry();
|
| + ASSERT_TRUE(entry);
|
| + EXPECT_EQ(NavigationEntry::NORMAL_PAGE, entry->page_type());
|
| + EXPECT_EQ(SECURITY_STYLE_UNAUTHENTICATED, entry->ssl().security_style());
|
| + EXPECT_EQ(0, entry->ssl().cert_status() & net::CERT_STATUS_ALL_ERRORS);
|
| + EXPECT_FALSE(entry->ssl().has_mixed_content());
|
| + EXPECT_FALSE(entry->ssl().has_unsafe_content());
|
| + }
|
| +
|
| + void CheckAuthenticationBrokenState(TabContents* tab,
|
| + int error,
|
| + bool interstitial) {
|
| + NavigationEntry* entry = tab->controller().GetActiveEntry();
|
| + ASSERT_TRUE(entry);
|
| + EXPECT_EQ(interstitial ? NavigationEntry::INTERSTITIAL_PAGE :
|
| + NavigationEntry::NORMAL_PAGE,
|
| + entry->page_type());
|
| + EXPECT_EQ(SECURITY_STYLE_AUTHENTICATION_BROKEN,
|
| + entry->ssl().security_style());
|
| + EXPECT_EQ(error, entry->ssl().cert_status() & net::CERT_STATUS_ALL_ERRORS);
|
| + EXPECT_FALSE(entry->ssl().has_mixed_content());
|
| + EXPECT_FALSE(entry->ssl().has_unsafe_content());
|
| + }
|
| +
|
| + private:
|
| + DISALLOW_COPY_AND_ASSIGN(SSLUITest);
|
| };
|
|
|
| -} // namespace
|
| +// Visits a regular page over http.
|
| +IN_PROC_BROWSER_TEST_F(SSLUITest, TestHTTP) {
|
| + scoped_refptr<HTTPTestServer> server = PlainServer();
|
|
|
| -// TODO(jcampan): port SSLUITest to SSLBrowserTest.
|
| -IN_PROC_BROWSER_TEST_F(SSLBrowserTest, TestHTTP) {
|
| + ui_test_utils::NavigateToURL(browser(),
|
| + server->TestServerPageW(L"files/ssl/google.html"));
|
| +
|
| + CheckUnauthenticatedState(browser()->GetSelectedTabContents());
|
| }
|
| +
|
| +// Visits a page over http which includes broken https resources (status should
|
| +// be OK).
|
| +// TODO(jcampan): test that bad HTTPS content is blocked (otherwise we'll give
|
| +// the secure cookies away!).
|
| +IN_PROC_BROWSER_TEST_F(SSLUITest, TestHTTPWithBrokenHTTPSResource) {
|
| + scoped_refptr<HTTPTestServer> http_server = PlainServer();
|
| + scoped_refptr<HTTPSTestServer> bad_https_server = BadCertServer();
|
| +
|
| + ui_test_utils::NavigateToURL(browser(), http_server->TestServerPageW(
|
| + L"files/ssl/page_with_unsafe_contents.html"));
|
| +
|
| + CheckUnauthenticatedState(browser()->GetSelectedTabContents());
|
| +}
|
| +
|
| +// Visits a page over OK https:
|
| +IN_PROC_BROWSER_TEST_F(SSLUITest, TestOKHTTPS) {
|
| + scoped_refptr<HTTPSTestServer> https_server = GoodCertServer();
|
| +
|
| + ui_test_utils::NavigateToURL(browser(),
|
| + https_server->TestServerPageW(L"files/ssl/google.html"));
|
| +
|
| + CheckAuthenticatedState(browser()->GetSelectedTabContents(),
|
| + false, false); // No mixed/unsafe content.
|
| +}
|
| +
|
| +// Visits a page with https error and proceed:
|
| +IN_PROC_BROWSER_TEST_F(SSLUITest, TestHTTPSExpiredCertAndProceed) {
|
| + scoped_refptr<HTTPSTestServer> bad_https_server = BadCertServer();
|
| +
|
| + ui_test_utils::NavigateToURL(browser(),
|
| + bad_https_server->TestServerPageW(L"files/ssl/google.html"));
|
| +
|
| + TabContents* tab = browser()->GetSelectedTabContents();
|
| + CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID,
|
| + true); // Interstitial showing
|
| +
|
| + // Proceed through the interstitial.
|
| + InterstitialPage* interstitial_page = tab->interstitial_page();
|
| + ASSERT_TRUE(interstitial_page);
|
| + interstitial_page->Proceed();
|
| + // Wait for the navigation to be done.
|
| + ui_test_utils::WaitForNavigation(&(tab->controller()));
|
| +
|
| + CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID,
|
| + false); // No interstitial showing
|
| +}
|
| +
|
| +// Visits a page with https error and don't proceed (and ensure we can still
|
| +// navigate at that point):
|
| +IN_PROC_BROWSER_TEST_F(SSLUITest, TestHTTPSExpiredCertAndDontProceed) {
|
| + scoped_refptr<HTTPTestServer> http_server = PlainServer();
|
| + scoped_refptr<HTTPSTestServer> good_https_server = GoodCertServer();
|
| + scoped_refptr<HTTPSTestServer> bad_https_server = BadCertServer();
|
| +
|
| + // First navigate to an OK page.
|
| + ui_test_utils::NavigateToURL(browser(), good_https_server->TestServerPageW(
|
| + L"files/ssl/google.html"));
|
| +
|
| + TabContents* tab = browser()->GetSelectedTabContents();
|
| + NavigationEntry* entry = tab->controller().GetActiveEntry();
|
| + ASSERT_TRUE(entry);
|
| +
|
| + GURL cross_site_url =
|
| + bad_https_server->TestServerPageW(L"files/ssl/google.html");
|
| + // Change the host name from 127.0.0.1 to localhost so it triggers a
|
| + // cross-site navigation so we can test http://crbug.com/5800 is gone.
|
| + ASSERT_EQ("127.0.0.1", cross_site_url.host());
|
| + GURL::Replacements replacements;
|
| + std::string new_host("localhost");
|
| + replacements.SetHostStr(new_host);
|
| + cross_site_url = cross_site_url.ReplaceComponents(replacements);
|
| +
|
| + // Now go to a bad HTTPS page.
|
| + ui_test_utils::NavigateToURL(browser(), cross_site_url);
|
| +
|
| + // An interstitial should be showing.
|
| + CheckAuthenticationBrokenState(tab, net::CERT_STATUS_COMMON_NAME_INVALID,
|
| + true); // Interstitial showing.
|
| +
|
| + // Simulate user clicking "Take me back".
|
| + InterstitialPage* interstitial_page = tab->interstitial_page();
|
| + ASSERT_TRUE(interstitial_page);
|
| + interstitial_page->DontProceed();
|
| +
|
| + // We should be back to the original good page.
|
| + CheckAuthenticatedState(tab, false, false);
|
| +
|
| + // Try to navigate to a new page. (to make sure bug 5800 is fixed).
|
| + ui_test_utils::NavigateToURL(browser(),
|
| + http_server->TestServerPageW(L"files/ssl/google.html"));
|
| + CheckUnauthenticatedState(tab);
|
| +}
|
| +
|
| +//
|
| +// Mixed contents
|
| +//
|
| +
|
| +// Visits a page with mixed content.
|
| +IN_PROC_BROWSER_TEST_F(SSLUITest, TestMixedContents) {
|
| + scoped_refptr<HTTPSTestServer> https_server = GoodCertServer();
|
| + scoped_refptr<HTTPTestServer> http_server = PlainServer();
|
| +
|
| + // Load a page with mixed-content, the default behavior is to show the mixed
|
| + // content.
|
| + ui_test_utils::NavigateToURL(browser(), https_server->TestServerPageW(
|
| + L"files/ssl/page_with_mixed_contents.html"));
|
| +
|
| + CheckAuthenticatedState(browser()->GetSelectedTabContents(),
|
| + true /* mixed-content */, false);
|
| +}
|
| +
|
| +// Visits a page with mixed content.
|
| +IN_PROC_BROWSER_TEST_F(SSLUITest, TestMixedContentsFilterAll) {
|
| + scoped_refptr<HTTPSTestServer> https_server = GoodCertServer();
|
| + scoped_refptr<HTTPTestServer> http_server = PlainServer();
|
| +
|
| + // Set the "block mixed-content" preference.
|
| + browser()->profile()->GetPrefs()->SetInteger(prefs::kMixedContentFiltering,
|
| + FilterPolicy::FILTER_ALL);
|
| +
|
| + // Load a page with mixed-content, the mixed content shouldn't load.
|
| + ui_test_utils::NavigateToURL(browser(), https_server->TestServerPageW(
|
| + L"files/ssl/page_with_mixed_contents.html"));
|
| +
|
| + TabContents* tab = browser()->GetSelectedTabContents();
|
| + NavigationEntry* entry = tab->controller().GetActiveEntry();
|
| + ASSERT_TRUE(entry);
|
| + EXPECT_EQ(NavigationEntry::NORMAL_PAGE, entry->page_type());
|
| +
|
| + // The image should be filtered.
|
| + int img_width = 0;
|
| + EXPECT_TRUE(ui_test_utils::ExecuteJavaScriptAndExtractInt(
|
| + tab, L"", L"window.domAutomationController.send(ImageWidth());",
|
| + &img_width));
|
| + // In order to check that the image was not loaded, we check its width.
|
| + // The actual image (Google logo) is 114 pixels wide, we assume the broken
|
| + // image is less than 100.
|
| + EXPECT_GT(100, img_width);
|
| +
|
| + // The state should be OK since we are not showing the resource.
|
| + CheckAuthenticatedState(tab, false, false);
|
| +
|
| + // There should be one info-bar to show the mixed-content.
|
| + EXPECT_EQ(1, tab->infobar_delegate_count());
|
| +
|
| + // Activate the link on the info-bar to show the mixed-content.
|
| + InfoBarDelegate* delegate = tab->GetInfoBarDelegateAt(0);
|
| + ASSERT_TRUE(delegate->AsConfirmInfoBarDelegate());
|
| + delegate->AsConfirmInfoBarDelegate()->Accept();
|
| + // Showing the mixed-contents triggered a page reload, let's wait for it to
|
| + // finish.
|
| + ui_test_utils::WaitForNavigation(&(tab->controller()));
|
| +
|
| + // The image should show now.
|
| + EXPECT_TRUE(ui_test_utils::ExecuteJavaScriptAndExtractInt(
|
| + tab, L"", L"window.domAutomationController.send(ImageWidth());",
|
| + &img_width));
|
| + EXPECT_LT(100, img_width);
|
| +
|
| + // And our status should be mixed-content.
|
| + CheckAuthenticatedState(tab, true /* mixed-content */, false);
|
| +}
|
| +
|
| +// Visits a page with an http script that tries to suppress our mixed content
|
| +// warnings by randomize location.hash.
|
| +// Based on http://crbug.com/8706
|
| +IN_PROC_BROWSER_TEST_F(SSLUITest, TestMixedContentsRandomizeHash) {
|
| + scoped_refptr<HTTPSTestServer> https_server = GoodCertServer();
|
| + scoped_refptr<HTTPTestServer> http_server = PlainServer();
|
| +
|
| + ui_test_utils::NavigateToURL(browser(), https_server->TestServerPageW(
|
| + L"files/ssl/page_with_http_script.html"));
|
| +
|
| + CheckAuthenticatedState(browser()->GetSelectedTabContents(),
|
| + true /* mixed-content */, false);
|
| +}
|
| +
|
| +// Visits a page with unsafe content and make sure that:
|
| +// - frames content is replaced with warning
|
| +// - images and scripts are filtered out entirely
|
| +IN_PROC_BROWSER_TEST_F(SSLUITest, TestUnsafeContents) {
|
| + scoped_refptr<HTTPSTestServer> good_https_server = GoodCertServer();
|
| + scoped_refptr<HTTPSTestServer> bad_https_server = BadCertServer();
|
| +
|
| + ui_test_utils::NavigateToURL(browser(), good_https_server->TestServerPageW(
|
| + L"files/ssl/page_with_unsafe_contents.html"));
|
| +
|
| + TabContents* tab = browser()->GetSelectedTabContents();
|
| + // When the bad content is filtered, the state is expected to be
|
| + // authenticated.
|
| + CheckAuthenticatedState(tab, false, false);
|
| +
|
| + // Because of cross-frame scripting restrictions, we cannot access the iframe
|
| + // content. So to know if the frame was loaded, we just check if a popup was
|
| + // opened (the iframe content opens one).
|
| + // Note: because of bug 1115868, no constrained window is opened right now.
|
| + // Once the bug is fixed, this will do the real check.
|
| + EXPECT_EQ(0, tab->constrained_window_count());
|
| +
|
| + int img_width;
|
| + EXPECT_TRUE(ui_test_utils::ExecuteJavaScriptAndExtractInt(
|
| + tab, L"", L"window.domAutomationController.send(ImageWidth());",
|
| + &img_width));
|
| + // In order to check that the image was not loaded, we check its width.
|
| + // The actual image (Google logo) is 114 pixels wide, we assume the broken
|
| + // image is less than 100.
|
| + EXPECT_GT(100, img_width);
|
| +
|
| + bool js_result = false;
|
| + EXPECT_TRUE(ui_test_utils::ExecuteJavaScriptAndExtractBool(
|
| + tab, L"", L"window.domAutomationController.send(IsFooSet());",
|
| + &js_result));
|
| + EXPECT_FALSE(js_result);
|
| +}
|
| +
|
| +// Visits a page with mixed content loaded by JS (after the initial page load).
|
| +IN_PROC_BROWSER_TEST_F(SSLUITest, TestMixedContentsLoadedFromJS) {
|
| + scoped_refptr<HTTPSTestServer> https_server = GoodCertServer();
|
| + scoped_refptr<HTTPTestServer> http_server = PlainServer();
|
| +
|
| + ui_test_utils::NavigateToURL(browser(), https_server->TestServerPageW(
|
| + L"files/ssl/page_with_dynamic_mixed_contents.html"));
|
| +
|
| + TabContents* tab = browser()->GetSelectedTabContents();
|
| + CheckAuthenticatedState(tab, false, false);
|
| +
|
| + // Load the insecure image.
|
| + bool js_result = false;
|
| + EXPECT_TRUE(ui_test_utils::ExecuteJavaScriptAndExtractBool(
|
| + tab, L"", L"loadBadImage();", &js_result));
|
| + EXPECT_TRUE(js_result);
|
| +
|
| + // We should now have mixed-contents.
|
| + CheckAuthenticatedState(tab, true /* mixed-content */, false);
|
| +}
|
| +
|
| +// Visits two pages from the same origin: one with mixed content and one
|
| +// without. The test checks that we propagate the mixed content state from one
|
| +// to the other.
|
| +IN_PROC_BROWSER_TEST_F(SSLUITest, TestMixedContentsTwoTabs) {
|
| + scoped_refptr<HTTPSTestServer> https_server = GoodCertServer();
|
| + scoped_refptr<HTTPTestServer> http_server = PlainServer();
|
| +
|
| + ui_test_utils::NavigateToURL(browser(),
|
| + https_server->TestServerPageW(L"files/ssl/blank_page.html"));
|
| +
|
| + TabContents* tab1 = browser()->GetSelectedTabContents();
|
| +
|
| + // This tab should be fine.
|
| + CheckAuthenticatedState(tab1, false, false);
|
| +
|
| + // Create a new tab.
|
| + GURL url =
|
| + https_server->TestServerPageW(L"files/ssl/page_with_http_script.html");
|
| + TabContents* tab2 = browser()->AddTabWithURL(url,
|
| + GURL(),
|
| + PageTransition::TYPED, true, 0,
|
| + NULL);
|
| + ui_test_utils::WaitForNavigation(&(tab2->controller()));
|
| +
|
| + // The new tab has mixed content.
|
| + CheckAuthenticatedState(tab2, true /* mixed-content */, false);
|
| +
|
| + // Which means the origin for the first tab has also been contaminated with
|
| + // mixed content.
|
| + CheckAuthenticatedState(tab1, true /* mixed-content */, false);
|
| +}
|
| +
|
| +// Visits a page with an image over http. Visits another page over https
|
| +// referencing that same image over http (hoping it is coming from the webcore
|
| +// memory cache).
|
| +IN_PROC_BROWSER_TEST_F(SSLUITest, TestCachedMixedContents) {
|
| + scoped_refptr<HTTPSTestServer> https_server = GoodCertServer();
|
| + scoped_refptr<HTTPTestServer> http_server = PlainServer();
|
| +
|
| + ui_test_utils::NavigateToURL(browser(), http_server->TestServerPageW(
|
| + L"files/ssl/page_with_mixed_contents.html"));
|
| + TabContents* tab = browser()->GetSelectedTabContents();
|
| + CheckUnauthenticatedState(tab);
|
| +
|
| + // Load again but over SSL. It should have mixed-contents (even though the
|
| + // image comes from the WebCore memory cache).
|
| + ui_test_utils::NavigateToURL(browser(), https_server->TestServerPageW(
|
| + L"files/ssl/page_with_mixed_contents.html"));
|
| + CheckAuthenticatedState(tab, true /* mixed-content */, false);
|
| +}
|
| +
|
| +// This test ensures the CN invalid status does not 'stick' to a certificate
|
| +// (see bug #1044942) and that it depends on the host-name.
|
| +IN_PROC_BROWSER_TEST_F(SSLUITest, TestCNInvalidStickiness) {
|
| + const std::string kLocalHost = "localhost";
|
| + scoped_refptr<HTTPSTestServer> https_server =
|
| + HTTPSTestServer::CreateMismatchedServer(kDocRoot);
|
| + ASSERT_TRUE(NULL != https_server.get());
|
| +
|
| + // First we hit the server with hostname, this generates an invalid policy
|
| + // error.
|
| + ui_test_utils::NavigateToURL(browser(),
|
| + https_server->TestServerPageW(L"files/ssl/google.html"));
|
| +
|
| + // We get an interstitial page as a result.
|
| + TabContents* tab = browser()->GetSelectedTabContents();
|
| + CheckAuthenticationBrokenState(tab, net::CERT_STATUS_COMMON_NAME_INVALID,
|
| + true); // Interstitial showing.
|
| +
|
| + // We proceed through the interstitial page.
|
| + InterstitialPage* interstitial_page = tab->interstitial_page();
|
| + ASSERT_TRUE(interstitial_page);
|
| + interstitial_page->Proceed();
|
| + // Wait for the navigation to be done.
|
| + ui_test_utils::WaitForNavigation(&(tab->controller()));
|
| +
|
| + CheckAuthenticationBrokenState(tab, net::CERT_STATUS_COMMON_NAME_INVALID,
|
| + false); // No interstitial showing.
|
| +
|
| + // Now we try again with the right host name this time.
|
| +
|
| + // Let's change the host-name in the url.
|
| + GURL url = https_server->TestServerPageW(L"files/ssl/google.html");
|
| + std::string::size_type hostname_index = url.spec().find(kLocalHost);
|
| + ASSERT_TRUE(hostname_index != std::string::npos); // Test sanity check.
|
| + std::string new_url;
|
| + new_url.append(url.spec().substr(0, hostname_index));
|
| + new_url.append(net::TestServerLauncher::kHostName);
|
| + new_url.append(url.spec().substr(hostname_index + kLocalHost.size()));
|
| +
|
| + ui_test_utils::NavigateToURL(browser(), GURL(new_url));
|
| +
|
| + // Security state should be OK.
|
| + CheckAuthenticatedState(tab, false, false);
|
| +
|
| + // Now try again the broken one to make sure it is still broken.
|
| + ui_test_utils::NavigateToURL(browser(),
|
| + https_server->TestServerPageW(L"files/ssl/google.html"));
|
| +
|
| + // Since we OKed the interstitial last time, we get right to the page.
|
| + CheckAuthenticationBrokenState(tab, net::CERT_STATUS_COMMON_NAME_INVALID,
|
| + false); // No interstitial showing.
|
| +}
|
| +
|
| +// Test that navigating to a #ref does not change a bad security state.
|
| +IN_PROC_BROWSER_TEST_F(SSLUITest, TestRefNavigation) {
|
| + scoped_refptr<HTTPSTestServer> bad_https_server = BadCertServer();
|
| +
|
| + ui_test_utils::NavigateToURL(browser(),
|
| + bad_https_server->TestServerPageW(L"files/ssl/page_with_refs.html"));
|
| +
|
| + TabContents* tab = browser()->GetSelectedTabContents();
|
| + CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID,
|
| + true); // Interstitial showing.
|
| +
|
| + InterstitialPage* interstitial_page = tab->interstitial_page();
|
| + ASSERT_TRUE(interstitial_page);
|
| + interstitial_page->Proceed();
|
| + // Wait for the navigation to be done.
|
| + ui_test_utils::WaitForNavigation(&(tab->controller()));
|
| +
|
| + CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID,
|
| + false); // No interstitial showing.
|
| +
|
| + // Now navigate to a ref in the page, the security state should not have
|
| + // changed.
|
| + ui_test_utils::NavigateToURL(browser(),
|
| + bad_https_server->TestServerPageW(L"files/ssl/page_with_refs.html#jp"));
|
| +
|
| + CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID,
|
| + false); // No interstitial showing.
|
| +}
|
| +
|
| +// Tests that closing a page that has a unsafe pop-up does not crash the browser
|
| +// (bug #1966).
|
| +IN_PROC_BROWSER_TEST_F(SSLUITest, TestCloseTabWithUnsafePopup) {
|
| + scoped_refptr<HTTPTestServer> http_server = PlainServer();
|
| + scoped_refptr<HTTPSTestServer> bad_https_server = BadCertServer();
|
| +
|
| + ui_test_utils::NavigateToURL(browser(), http_server->TestServerPageW(
|
| + L"files/ssl/page_with_unsafe_popup.html"));
|
| +
|
| + TabContents* tab1 = browser()->GetSelectedTabContents();
|
| + // It is probably overkill to add a notification for a popup-opening, let's
|
| + // just poll.
|
| + for (int i = 0; i < 10; i++) {
|
| + if (tab1->constrained_window_count() > 0)
|
| + break;
|
| + MessageLoop::current()->PostDelayedTask(FROM_HERE,
|
| + new MessageLoop::QuitTask(), 1000);
|
| + ui_test_utils::RunMessageLoop();
|
| + }
|
| + ASSERT_EQ(1, tab1->constrained_window_count());
|
| +
|
| + // Let's add another tab to make sure the browser does not exit when we close
|
| + // the first tab.
|
| + GURL url = http_server->TestServerPageW(L"files/ssl/google.html");
|
| + TabContents* tab2 = browser()->AddTabWithURL(url,
|
| + GURL(),
|
| + PageTransition::TYPED,
|
| + true, 0, NULL);
|
| + ui_test_utils::WaitForNavigation(&(tab2->controller()));
|
| +
|
| + // Close the first tab.
|
| + browser()->CloseTabContents(tab1);
|
| +}
|
| +
|
| +// Visit a page over bad https that is a redirect to a page with good https.
|
| +IN_PROC_BROWSER_TEST_F(SSLUITest, TestRedirectBadToGoodHTTPS) {
|
| + scoped_refptr<HTTPSTestServer> good_https_server = GoodCertServer();
|
| + scoped_refptr<HTTPSTestServer> bad_https_server = BadCertServer();
|
| +
|
| + GURL url1 = bad_https_server->TestServerPageW(L"server-redirect?");
|
| + GURL url2 = good_https_server->TestServerPageW(L"files/ssl/google.html");
|
| +
|
| + ui_test_utils::NavigateToURL(browser(), GURL(url1.spec() + url2.spec()));
|
| +
|
| + TabContents* tab = browser()->GetSelectedTabContents();
|
| +
|
| + CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID,
|
| + true); // Interstitial showing.
|
| +
|
| + // We proceed through the interstitial page.
|
| + InterstitialPage* interstitial_page = tab->interstitial_page();
|
| + ASSERT_TRUE(interstitial_page);
|
| + interstitial_page->Proceed();
|
| + // Wait for the navigation to be done.
|
| + ui_test_utils::WaitForNavigation(&(tab->controller()));
|
| +
|
| + // We have been redirected to the good page.
|
| + CheckAuthenticatedState(tab, false, false); // No mixed/unsafe content.
|
| +}
|
| +
|
| +// Visit a page over good https that is a redirect to a page with bad https.
|
| +IN_PROC_BROWSER_TEST_F(SSLUITest, TestRedirectGoodToBadHTTPS) {
|
| + scoped_refptr<HTTPSTestServer> good_https_server = GoodCertServer();
|
| + scoped_refptr<HTTPSTestServer> bad_https_server = BadCertServer();
|
| +
|
| + GURL url1 = good_https_server->TestServerPageW(L"server-redirect?");
|
| + GURL url2 = bad_https_server->TestServerPageW(L"files/ssl/google.html");
|
| + ui_test_utils::NavigateToURL(browser(), GURL(url1.spec() + url2.spec()));
|
| +
|
| + TabContents* tab = browser()->GetSelectedTabContents();
|
| + CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID,
|
| + true); // Interstitial showing.
|
| +
|
| + // We proceed through the interstitial page.
|
| + InterstitialPage* interstitial_page = tab->interstitial_page();
|
| + ASSERT_TRUE(interstitial_page);
|
| + interstitial_page->Proceed();
|
| + // Wait for the navigation to be done.
|
| + ui_test_utils::WaitForNavigation(&(tab->controller()));
|
| +
|
| + CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID,
|
| + false); // No interstitial showing.
|
| +}
|
| +
|
| +// Visit a page over http that is a redirect to a page with good HTTPS.
|
| +IN_PROC_BROWSER_TEST_F(SSLUITest, TestRedirectHTTPToGoodHTTPS) {
|
| + scoped_refptr<HTTPTestServer> http_server = PlainServer();
|
| + scoped_refptr<HTTPSTestServer> good_https_server = GoodCertServer();
|
| +
|
| + TabContents* tab = browser()->GetSelectedTabContents();
|
| +
|
| + // HTTP redirects to good HTTPS.
|
| + GURL http_url = http_server->TestServerPageW(L"server-redirect?");
|
| + GURL good_https_url =
|
| + good_https_server->TestServerPageW(L"files/ssl/google.html");
|
| +
|
| + ui_test_utils::NavigateToURL(browser(),
|
| + GURL(http_url.spec() + good_https_url.spec()));
|
| + CheckAuthenticatedState(tab, false, false); // No mixed/unsafe content.
|
| +}
|
| +
|
| +// Visit a page over http that is a redirect to a page with bad HTTPS.
|
| +IN_PROC_BROWSER_TEST_F(SSLUITest, TestRedirectHTTPToBadHTTPS) {
|
| + scoped_refptr<HTTPTestServer> http_server = PlainServer();
|
| + scoped_refptr<HTTPSTestServer> bad_https_server = BadCertServer();
|
| +
|
| + TabContents* tab = browser()->GetSelectedTabContents();
|
| +
|
| + GURL http_url = http_server->TestServerPageW(L"server-redirect?");
|
| + GURL bad_https_url =
|
| + bad_https_server->TestServerPageW(L"files/ssl/google.html");
|
| + ui_test_utils::NavigateToURL(browser(),
|
| + GURL(http_url.spec() + bad_https_url.spec()));
|
| + CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID,
|
| + true); // Interstitial showing.
|
| +
|
| + // Continue on the interstitial.
|
| + InterstitialPage* interstitial_page = tab->interstitial_page();
|
| + ASSERT_TRUE(interstitial_page);
|
| + interstitial_page->Proceed();
|
| + // Wait for the navigation to be done.
|
| + ui_test_utils::WaitForNavigation(&(tab->controller()));
|
| +
|
| + CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID,
|
| + false); // No interstitial showing.
|
| +}
|
| +
|
| +// Visit a page over https that is a redirect to a page with http (to make sure
|
| +// we don't keep the secure state).
|
| +IN_PROC_BROWSER_TEST_F(SSLUITest, TestRedirectHTTPSToHTTP) {
|
| + scoped_refptr<HTTPTestServer> http_server = PlainServer();
|
| + scoped_refptr<HTTPSTestServer> https_server = GoodCertServer();
|
| +
|
| + GURL https_url = https_server->TestServerPageW(L"server-redirect?");
|
| + GURL http_url = http_server->TestServerPageW(L"files/ssl/google.html");
|
| +
|
| + ui_test_utils::NavigateToURL(browser(),
|
| + GURL(https_url.spec() + http_url.spec()));
|
| + CheckUnauthenticatedState(browser()->GetSelectedTabContents());
|
| +}
|
| +
|
| +// Visits a page to which we could not connect (bad port) over http and https
|
| +// and make sure the security style is correct.
|
| +IN_PROC_BROWSER_TEST_F(SSLUITest, TestConnectToBadPort) {
|
| + ui_test_utils::NavigateToURL(browser(), GURL("http://localhost:17"));
|
| + CheckUnauthenticatedState(browser()->GetSelectedTabContents());
|
| +
|
| + // Same thing over HTTPS.
|
| + ui_test_utils::NavigateToURL(browser(), GURL("https://localhost:17"));
|
| + CheckUnauthenticatedState(browser()->GetSelectedTabContents());
|
| +}
|
| +
|
| +//
|
| +// Frame navigation
|
| +//
|
| +
|
| +// From a good HTTPS top frame:
|
| +// - navigate to an OK HTTPS frame
|
| +// - navigate to a bad HTTPS (expect unsafe content and filtered frame), then
|
| +// back
|
| +// - navigate to HTTP (expect mixed content), then back
|
| +IN_PROC_BROWSER_TEST_F(SSLUITest, TestGoodFrameNavigation) {
|
| + scoped_refptr<HTTPTestServer> http_server = PlainServer();
|
| + scoped_refptr<HTTPSTestServer> good_https_server = GoodCertServer();
|
| + scoped_refptr<HTTPSTestServer> bad_https_server = BadCertServer();
|
| +
|
| + TabContents* tab = browser()->GetSelectedTabContents();
|
| + ui_test_utils::NavigateToURL(
|
| + browser(),
|
| + good_https_server->TestServerPageW(L"files/ssl/top_frame.html"));
|
| +
|
| + CheckAuthenticatedState(tab, false, false);
|
| +
|
| + bool success = false;
|
| + // Now navigate inside the frame.
|
| + EXPECT_TRUE(ui_test_utils::ExecuteJavaScriptAndExtractBool(tab,
|
| + L"",
|
| + L"window.domAutomationController.send(clickLink('goodHTTPSLink'));",
|
| + &success));
|
| + EXPECT_TRUE(success);
|
| + ui_test_utils::WaitForNavigation(&tab->controller());
|
| +
|
| + // We should still be fine.
|
| + CheckAuthenticatedState(tab, false, false);
|
| +
|
| + // Now let's hit a bad page.
|
| + EXPECT_TRUE(ui_test_utils::ExecuteJavaScriptAndExtractBool(tab,
|
| + L"",
|
| + L"window.domAutomationController.send(clickLink('badHTTPSLink'));",
|
| + &success));
|
| + EXPECT_TRUE(success);
|
| + ui_test_utils::WaitForNavigation(&tab->controller());
|
| +
|
| + // The security style should still be secure.
|
| + CheckAuthenticatedState(tab, false, false);
|
| +
|
| + // And the frame should be blocked.
|
| + bool is_content_evil = true;
|
| + std::wstring content_frame_xpath(L"html/frameset/frame[2]");
|
| + std::wstring is_frame_evil_js(
|
| + L"window.domAutomationController"
|
| + L".send(document.getElementById('evilDiv') != null);");
|
| + EXPECT_TRUE(ui_test_utils::ExecuteJavaScriptAndExtractBool(tab,
|
| + content_frame_xpath,
|
| + is_frame_evil_js,
|
| + &is_content_evil));
|
| + EXPECT_FALSE(is_content_evil);
|
| +
|
| + // Now go back, our state should still be OK.
|
| + tab->controller().GoBack();
|
| + ui_test_utils::WaitForNavigation(&tab->controller());
|
| + CheckAuthenticatedState(tab, false, false);
|
| +
|
| + // Navigate to a page served over HTTP.
|
| + EXPECT_TRUE(ui_test_utils::ExecuteJavaScriptAndExtractBool(tab,
|
| + L"",
|
| + L"window.domAutomationController.send(clickLink('HTTPLink'));",
|
| + &success));
|
| + EXPECT_TRUE(success);
|
| + ui_test_utils::WaitForNavigation(&tab->controller());
|
| +
|
| + // Our state should be mixed-content.
|
| + CheckAuthenticatedState(tab, true, false);
|
| +
|
| + // Go back, our state should be unchanged.
|
| + tab->controller().GoBack();
|
| + ui_test_utils::WaitForNavigation(&tab->controller());
|
| + CheckAuthenticatedState(tab, true, false);
|
| +}
|
| +
|
| +// From a bad HTTPS top frame:
|
| +// - navigate to an OK HTTPS frame (expected to be still authentication broken).
|
| +IN_PROC_BROWSER_TEST_F(SSLUITest, TestBadFrameNavigation) {
|
| + scoped_refptr<HTTPSTestServer> good_https_server = GoodCertServer();
|
| + scoped_refptr<HTTPSTestServer> bad_https_server = BadCertServer();
|
| +
|
| + TabContents* tab = browser()->GetSelectedTabContents();
|
| + ui_test_utils::NavigateToURL(
|
| + browser(),
|
| + bad_https_server->TestServerPageW(L"files/ssl/top_frame.html"));
|
| + CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID,
|
| + true); // Interstitial showing
|
| +
|
| + // Continue on the interstitial.
|
| + InterstitialPage* interstitial_page = tab->interstitial_page();
|
| + ASSERT_TRUE(interstitial_page);
|
| + interstitial_page->Proceed();
|
| + // Wait for the navigation to be done.
|
| + ui_test_utils::WaitForNavigation(&(tab->controller()));
|
| +
|
| + // Navigate to a good frame.
|
| + bool success = false;
|
| + EXPECT_TRUE(ui_test_utils::ExecuteJavaScriptAndExtractBool(tab,
|
| + L"",
|
| + L"window.domAutomationController.send(clickLink('goodHTTPSLink'));",
|
| + &success));
|
| + EXPECT_TRUE(success);
|
| + ui_test_utils::WaitForNavigation(&tab->controller());
|
| +
|
| + // We should still be authentication broken.
|
| + CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false);
|
| +}
|
| +
|
| +// From an HTTP top frame, navigate to good and bad HTTPS (security state should
|
| +// stay unauthenticated).
|
| +IN_PROC_BROWSER_TEST_F(SSLUITest, TestUnauthenticatedFrameNavigation) {
|
| + scoped_refptr<HTTPTestServer> http_server = PlainServer();
|
| + scoped_refptr<HTTPSTestServer> good_https_server = GoodCertServer();
|
| + scoped_refptr<HTTPSTestServer> bad_https_server = BadCertServer();
|
| +
|
| + TabContents* tab = browser()->GetSelectedTabContents();
|
| + ui_test_utils::NavigateToURL(
|
| + browser(),
|
| + http_server->TestServerPageW(L"files/ssl/top_frame.html"));
|
| + CheckUnauthenticatedState(tab);
|
| +
|
| + // Now navigate inside the frame to a secure HTTPS frame.
|
| + bool success = false;
|
| + EXPECT_TRUE(ui_test_utils::ExecuteJavaScriptAndExtractBool(tab,
|
| + L"",
|
| + L"window.domAutomationController.send(clickLink('goodHTTPSLink'));",
|
| + &success));
|
| + EXPECT_TRUE(success);
|
| + ui_test_utils::WaitForNavigation(&tab->controller());
|
| +
|
| + // We should still be unauthenticated.
|
| + CheckUnauthenticatedState(tab);
|
| +
|
| + // Now navigate to a bad HTTPS frame.
|
| + EXPECT_TRUE(ui_test_utils::ExecuteJavaScriptAndExtractBool(tab,
|
| + L"",
|
| + L"window.domAutomationController.send(clickLink('badHTTPSLink'));",
|
| + &success));
|
| + EXPECT_TRUE(success);
|
| + ui_test_utils::WaitForNavigation(&tab->controller());
|
| +
|
| + // State should not have changed.
|
| + CheckUnauthenticatedState(tab);
|
| +
|
| + // And the frame should have been blocked (see bug #2316).
|
| + bool is_content_evil = true;
|
| + std::wstring content_frame_xpath(L"html/frameset/frame[2]");
|
| + std::wstring is_frame_evil_js(
|
| + L"window.domAutomationController"
|
| + L".send(document.getElementById('evilDiv') != null);");
|
| + EXPECT_TRUE(ui_test_utils::ExecuteJavaScriptAndExtractBool(tab,
|
| + content_frame_xpath, is_frame_evil_js, &is_content_evil));
|
| + EXPECT_FALSE(is_content_evil);
|
| +}
|
| +
|
| +// TODO(jcampan): more tests to do below.
|
| +
|
| +// Visit a page over https that contains a frame with a redirect.
|
| +
|
| +// XMLHttpRequest mixed in synchronous mode.
|
| +
|
| +// XMLHttpRequest mixed in asynchronous mode.
|
| +
|
| +// XMLHttpRequest over bad ssl in synchronous mode.
|
| +
|
| +// XMLHttpRequest over OK ssl in synchronous mode.
|
|
|
Chromium Code Reviews
Issue 101013:
Migrating the SSL UI tests to be browser tests (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/