Third time's a charm?...

chrome/browser/ssl_uitest.cc

 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <Windows.h>
 #include <Wincrypt.h>
 
 #include <string>
 
 #include "chrome/common/pref_names.h"
 #include "chrome/test/automation/browser_proxy.h"
 #include "chrome/test/automation/tab_proxy.h"
 #include "chrome/test/ui/ui_test.h"
+#include "net/base/ssl_test_util.h"
 #include "net/url_request/url_request_unittest.h"
 
 namespace {
 
 const wchar_t kDocRoot[] = L"chrome/test/data";
-const char kHostName[] = "127.0.0.1";
-
-const int kOKHTTPSPort = 9443;
-const int kBadHTTPSPort = 9666;
-
-// The issuer name of the cert that should be trusted for the test to work.
-const wchar_t kCertIssuerName[] = L"Test CA";
 
 class SSLUITest : public UITest {
  protected:
   SSLUITest() {
-    CheckCATrusted();
     dom_automation_enabled_ = true;
-    PathService::Get(base::DIR_SOURCE_ROOT, &cert_dir_);
-    cert_dir_ += L"/chrome/test/data/ssl/certificates/";
-    std::replace(cert_dir_.begin(), cert_dir_.end(),
-                 L'/', FilePath::kSeparators[0]);
+    EXPECT_TRUE(util_.CheckCATrusted());
   }
 
   TabProxy* GetActiveTabProxy() {
     scoped_ptr<BrowserProxy> browser_proxy(automation()->GetBrowserWindow(0));
     EXPECT_TRUE(browser_proxy.get());
     return browser_proxy->GetActiveTab();
   }
 
   void NavigateTab(TabProxy* tab_proxy, const GURL& url) {
     ASSERT_TRUE(tab_proxy->NavigateToURL(url));
   }
 
   void AppendTab(const GURL& url) {
     scoped_ptr<BrowserProxy> browser_proxy(automation()->GetBrowserWindow(0));
     EXPECT_TRUE(browser_proxy.get());
     EXPECT_TRUE(browser_proxy->AppendTab(url));
   }
 
-  std::wstring GetOKCertPath() {
-    std::wstring path(cert_dir_);
-    file_util::AppendToPath(&path, L"ok_cert.pem");
-    return path;
+  TestServer* PlainServer() {
+    return new TestServer(kDocRoot);
   }
 
-  std::wstring GetInvalidCertPath() {
-    std::wstring path(cert_dir_);
-    file_util::AppendToPath(&path, L"invalid_cert.pem");
-    return path;
+  HTTPSTestServer* GoodCertServer() {
+    return new HTTPSTestServer(util_.kHostName, util_.kOKHTTPSPort,
+        kDocRoot, util_.GetOKCertPath().ToWStringHack());
   }
 
-  std::wstring GetExpiredCertPath() {
-    std::wstring path(cert_dir_);
-    file_util::AppendToPath(&path, L"expired_cert.pem");
-    return path;
+  HTTPSTestServer* BadCertServer() {
+    return new HTTPSTestServer(util_.kHostName, util_.kBadHTTPSPort,
+        kDocRoot, util_.GetExpiredCertPath().ToWStringHack());
   }
 
-  HTTPSTestServer GoodServer() {
-    return HTTPSTestServer(kHostName, kOKHTTPSPort, kDocRoot, GetOKCertPath());
-  }
+ protected:
+  SSLTestUtil util_;
 
-  HTTPSTestServer BadServer() {
-    return HTTPSTestServer(kHostName, kBadHTTPSPort, kDocRoot, 
-                           GetExpiredCertPath());
-  }
-
- private:
-  void CheckCATrusted() {
-    HCERTSTORE cert_store = CertOpenSystemStore(NULL, L"ROOT");
-    if (!cert_store) {
-      FAIL() << " could not open trusted root CA store";
-      return;
-    }
-    PCCERT_CONTEXT cert =
-        CertFindCertificateInStore(cert_store,
-                                   X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
-                                   0,
-                                   CERT_FIND_ISSUER_STR,
-                                   kCertIssuerName,
-                                   NULL);
-    if (cert)
-      CertFreeCertificateContext(cert);
-    CertCloseStore(cert_store, 0);
-
-    if (!cert) {
-      FAIL() << " TEST CONFIGURATION ERROR: you need to import the test ca "
-          "certificate to your trusted roots for this test to work. For more "
-          "info visit:\n"
-          "http://wiki.corp.google.com/twiki/bin/view/Main/ChromeUnitUITests\n";
-    }
-  }
-
-  std::wstring cert_dir_;
+  DISALLOW_COPY_AND_ASSIGN(SSLUITest);
 };
 
 }  // namespace
 
 // Visits a regular page over http.
 TEST_F(SSLUITest, TestHTTP) {
-  TestServer server(kDocRoot);
+  scoped_ptr<TestServer> server(PlainServer());
 
   scoped_ptr<TabProxy> tab(GetActiveTabProxy());
-  NavigateTab(tab.get(), server.TestServerPageW(L"files/ssl/google.html"));
+  NavigateTab(tab.get(), server->TestServerPageW(L"files/ssl/google.html"));
 
   NavigationEntry::PageType page_type;
   EXPECT_TRUE(tab->GetPageType(&page_type));
   EXPECT_EQ(NavigationEntry::NORMAL_PAGE, page_type);
 
   SecurityStyle security_style;
   int cert_status;
   int mixed_content_state;
   EXPECT_TRUE(tab->GetSecurityState(&security_style, &cert_status,
                                     &mixed_content_state));
   EXPECT_EQ(SECURITY_STYLE_UNAUTHENTICATED, security_style);
   EXPECT_EQ(0, cert_status);
   EXPECT_EQ(NavigationEntry::SSLStatus::NORMAL_CONTENT, mixed_content_state);
 }
 
 // Visits a page over http which includes broken https resources (status should
 // be OK).
 TEST_F(SSLUITest, TestHTTPWithBrokenHTTPSResource) {
-  TestServer http_server(kDocRoot);
-  HTTPSTestServer httpsServer(kHostName, kBadHTTPSPort,
-                              kDocRoot, GetExpiredCertPath());
+  scoped_ptr<TestServer> http_server(PlainServer());
+  scoped_ptr<HTTPSTestServer> bad_https_server(BadCertServer());
   scoped_ptr<TabProxy> tab(GetActiveTabProxy());
 
   NavigateTab(tab.get(),
-      http_server.TestServerPageW(L"files/ssl/page_with_unsafe_contents.html"));
+      http_server->TestServerPageW(L"files/ssl/page_with_unsafe_contents.html"));
 
   SecurityStyle security_style;
   int cert_status;
   int mixed_content_state;
   EXPECT_TRUE(tab->GetSecurityState(&security_style, &cert_status,
     &mixed_content_state));
   EXPECT_EQ(SECURITY_STYLE_UNAUTHENTICATED, security_style);
   EXPECT_EQ(0, cert_status);
   EXPECT_EQ(NavigationEntry::SSLStatus::NORMAL_CONTENT, mixed_content_state);
 }
 
 // Visits a page over OK https:
 TEST_F(SSLUITest, TestOKHTTPS) {
-  HTTPSTestServer https_server = GoodServer();
+  scoped_ptr<HTTPSTestServer> https_server(GoodCertServer());
   scoped_ptr<TabProxy> tab(GetActiveTabProxy());
   NavigateTab(tab.get(),
-              https_server.TestServerPageW(L"files/ssl/google.html"));
+              https_server->TestServerPageW(L"files/ssl/google.html"));
 
   NavigationEntry::PageType page_type;
   EXPECT_TRUE(tab->GetPageType(&page_type));
   EXPECT_EQ(NavigationEntry::NORMAL_PAGE, page_type);
 
   SecurityStyle security_style;
   int cert_status;
   int mixed_content_state;
   EXPECT_TRUE(tab->GetSecurityState(&security_style, &cert_status,
                                     &mixed_content_state));
   EXPECT_EQ(SECURITY_STYLE_AUTHENTICATED, security_style);
   EXPECT_EQ(0, cert_status & net::CERT_STATUS_ALL_ERRORS);
   EXPECT_EQ(NavigationEntry::SSLStatus::NORMAL_CONTENT, mixed_content_state);
 }
 
 // Visits a page with https error:
 TEST_F(SSLUITest, TestHTTPSExpiredCert) {
-  HTTPSTestServer https_server = BadServer();
+  scoped_ptr<HTTPSTestServer> bad_https_server(BadCertServer());
   scoped_ptr<TabProxy> tab(GetActiveTabProxy());
   NavigateTab(tab.get(),
-              https_server.TestServerPageW(L"files/ssl/google.html"));
+              bad_https_server->TestServerPageW(L"files/ssl/google.html"));
 
   NavigationEntry::PageType page_type;
   EXPECT_TRUE(tab->GetPageType(&page_type));
   EXPECT_EQ(NavigationEntry::INTERSTITIAL_PAGE, page_type);
 
   SecurityStyle security_style;
   int cert_status;
   int mixed_content_state;
   EXPECT_TRUE(tab->GetSecurityState(&security_style, &cert_status,
                                     &mixed_content_state));
@@ skipping 12 matching lines @@
             cert_status & net::CERT_STATUS_ALL_ERRORS);
   EXPECT_EQ(NavigationEntry::SSLStatus::NORMAL_CONTENT, mixed_content_state);
 }
 
 //
 // Mixed contents
 //
 
 // Visits a page with mixed content.
 TEST_F(SSLUITest, TestMixedContents) {
-  HTTPSTestServer https_server = GoodServer();
-  TestServer http_server(kDocRoot);
+  scoped_ptr<HTTPSTestServer> https_server(GoodCertServer());
+  scoped_ptr<TestServer> http_server(PlainServer());
 
   // Load a page with mixed-content, the default behavior is to show the mixed
   // content.
   scoped_ptr<TabProxy> tab(GetActiveTabProxy());
   NavigateTab(tab.get(),
-      https_server.TestServerPageW(L"files/ssl/page_with_mixed_contents.html"));
+      https_server->TestServerPageW(L"files/ssl/page_with_mixed_contents.html"));
   NavigationEntry::PageType page_type;
   EXPECT_TRUE(tab->GetPageType(&page_type));
   EXPECT_EQ(NavigationEntry::NORMAL_PAGE, page_type);
 
   SecurityStyle security_style;
   int cert_status;
   int mixed_content_state;
   EXPECT_TRUE(tab->GetSecurityState(&security_style, &cert_status,
                                     &mixed_content_state));
   EXPECT_EQ(SECURITY_STYLE_AUTHENTICATED, security_style);
@@ skipping 44 matching lines @@
                                     &mixed_content_state));
   EXPECT_EQ(SECURITY_STYLE_AUTHENTICATED, security_style);
   EXPECT_EQ(0, cert_status & net::CERT_STATUS_ALL_ERRORS);
   EXPECT_EQ(NavigationEntry::SSLStatus::MIXED_CONTENT, mixed_content_state);
 }
 
 // Visits a page with unsafe content and make sure that:
 // - frames content is replaced with warning
 // - images and scripts are filtered out entirely
 TEST_F(SSLUITest, TestUnsafeContents) {
-  HTTPSTestServer good_https_server = GoodServer();
-  HTTPSTestServer bad_https_server = BadServer();
+  scoped_ptr<HTTPSTestServer> good_https_server(GoodCertServer());
+  scoped_ptr<HTTPSTestServer> bad_https_server(BadCertServer());
 
   scoped_ptr<TabProxy> tab(GetActiveTabProxy());
   NavigateTab(tab.get(),
-      good_https_server.TestServerPageW(
+      good_https_server->TestServerPageW(
           L"files/ssl/page_with_unsafe_contents.html"));
   NavigationEntry::PageType page_type;
   EXPECT_TRUE(tab->GetPageType(&page_type));
   EXPECT_EQ(NavigationEntry::NORMAL_PAGE, page_type);
 
   SecurityStyle security_style;
   int cert_status;
   int mixed_content_state;
   // When the bad content is filtered, the state is expected to be
   // authenticated.
@@ skipping 24 matching lines @@
 
   bool js_result = false;
   EXPECT_TRUE(tab->ExecuteAndExtractBool(L"",
       L"window.domAutomationController.send(IsFooSet());",
       &js_result));
   EXPECT_FALSE(js_result);
 }
 
 // Visits a page with mixed content loaded by JS (after the initial page load).
 TEST_F(SSLUITest, TestMixedContentsLoadedFromJS) {
-  HTTPSTestServer https_server = GoodServer();
-  TestServer http_server(kDocRoot);
+  scoped_ptr<HTTPSTestServer> https_server(GoodCertServer());
+  scoped_ptr<TestServer> http_server(PlainServer());
 
   scoped_ptr<TabProxy> tab(GetActiveTabProxy());
-  NavigateTab(tab.get(), https_server.TestServerPageW(
+  NavigateTab(tab.get(), https_server->TestServerPageW(
       L"files/ssl/page_with_dynamic_mixed_contents.html"));
   NavigationEntry::PageType page_type;
   EXPECT_TRUE(tab->GetPageType(&page_type));
   EXPECT_EQ(NavigationEntry::NORMAL_PAGE, page_type);
   SecurityStyle security_style;
   int cert_status;
   int mixed_content_state;
   EXPECT_TRUE(tab->GetSecurityState(&security_style, &cert_status,
                                     &mixed_content_state));
   EXPECT_EQ(SECURITY_STYLE_AUTHENTICATED, security_style);
@@ skipping 14 matching lines @@
   EXPECT_EQ(SECURITY_STYLE_AUTHENTICATED, security_style);
   EXPECT_EQ(0,
             cert_status & net::CERT_STATUS_ALL_ERRORS);  // No errors expected.
   EXPECT_EQ(NavigationEntry::SSLStatus::MIXED_CONTENT, mixed_content_state);
 }
 
 // Visits a page with an image over http.  Visits another page over https
 // referencing that same image over http (hoping it is coming from the webcore
 // memory cache).
 TEST_F(SSLUITest, TestCachedMixedContents) {
-  HTTPSTestServer https_server = GoodServer();
-  TestServer http_server(kDocRoot);
+  scoped_ptr<HTTPSTestServer> https_server(GoodCertServer());
+  scoped_ptr<TestServer> http_server(PlainServer());
 
   scoped_ptr<TabProxy> tab(GetActiveTabProxy());
-  NavigateTab(tab.get(), http_server.TestServerPageW(
+  NavigateTab(tab.get(), http_server->TestServerPageW(
       L"files/ssl/page_with_mixed_contents.html"));
 
   NavigationEntry::PageType page_type;
   EXPECT_TRUE(tab->GetPageType(&page_type));
   EXPECT_EQ(NavigationEntry::NORMAL_PAGE, page_type);
   SecurityStyle security_style;
   int cert_status;
   int mixed_content_state;
   EXPECT_TRUE(tab->GetSecurityState(&security_style, &cert_status,
     &mixed_content_state));
   EXPECT_EQ(SECURITY_STYLE_UNAUTHENTICATED, security_style);
   EXPECT_EQ(0,
             cert_status & net::CERT_STATUS_ALL_ERRORS);  // No errors expected.
   EXPECT_EQ(NavigationEntry::SSLStatus::NORMAL_CONTENT, mixed_content_state);
 
   // Load again but over SSL.  It should have mixed-contents (even though the
   // image comes from the WebCore memory cache).
-  NavigateTab(tab.get(), https_server.TestServerPageW(
+  NavigateTab(tab.get(), https_server->TestServerPageW(
       L"files/ssl/page_with_mixed_contents.html"));
 
   EXPECT_TRUE(tab->GetSecurityState(&security_style, &cert_status,
                                     &mixed_content_state));
   EXPECT_TRUE(tab->GetPageType(&page_type));
   EXPECT_EQ(NavigationEntry::NORMAL_PAGE, page_type);
   EXPECT_EQ(SECURITY_STYLE_AUTHENTICATED, security_style);
   EXPECT_EQ(0,
             cert_status & net::CERT_STATUS_ALL_ERRORS);  // No errors expected.
   EXPECT_EQ(NavigationEntry::SSLStatus::MIXED_CONTENT, mixed_content_state);
 }
 
 // This test ensures the CN invalid status does not 'stick' to a certificate
 // (see bug #1044942) and that it depends on the host-name.
-// TODO (jcampan): this test is flacky and fails sometimes (bug #1065095)
+// TODO(jcampan): this test is flacky and fails sometimes (bug #1065095)
 TEST_F(SSLUITest, DISABLED_TestCNInvalidStickiness) {
   const std::string kLocalHost = "localhost";
-  HTTPSTestServer https_server(kLocalHost, kOKHTTPSPort,
-                               kDocRoot, GetOKCertPath());
+  scoped_ptr<HTTPSTestServer> https_server(
+    new HTTPSTestServer(kLocalHost, util_.kOKHTTPSPort,
+    kDocRoot, util_.GetOKCertPath().ToWStringHack()));
 
   // First we hit the server with hostname, this generates an invalid policy
   // error.
   scoped_ptr<TabProxy> tab(GetActiveTabProxy());
-  NavigateTab(tab.get(), https_server.TestServerPageW(
+  NavigateTab(tab.get(), https_server->TestServerPageW(
       L"files/ssl/google.html"));
 
   // We get an interstitial page as a result.
   NavigationEntry::PageType page_type;
   EXPECT_TRUE(tab->GetPageType(&page_type));
   EXPECT_EQ(NavigationEntry::INTERSTITIAL_PAGE, page_type);
 
   SecurityStyle security_style;
   int cert_status;
   int mixed_content_state;
   EXPECT_TRUE(tab->GetSecurityState(&security_style, &cert_status,
                                     &mixed_content_state));
   EXPECT_EQ(SECURITY_STYLE_AUTHENTICATION_BROKEN, security_style);
   EXPECT_EQ(net::CERT_STATUS_COMMON_NAME_INVALID,
             cert_status & net::CERT_STATUS_ALL_ERRORS);
   EXPECT_EQ(NavigationEntry::SSLStatus::NORMAL_CONTENT, mixed_content_state);
 
   // We proceed through the interstitial page.
   EXPECT_TRUE(tab->TakeActionOnSSLBlockingPage(true));
   EXPECT_TRUE(tab->GetPageType(&page_type));
   EXPECT_EQ(NavigationEntry::NORMAL_PAGE, page_type);
 
   // Now we try again with the right host name this time.
 
   // Let's change the host-name in the url.
-  GURL url = https_server.TestServerPageW(L"files/ssl/google.html");
+  GURL url = https_server->TestServerPageW(L"files/ssl/google.html");
   std::string::size_type hostname_index = url.spec().find(kLocalHost);
   ASSERT_TRUE(hostname_index != std::string::npos);  // Test sanity check.
   std::string new_url;
   new_url.append(url.spec().substr(0, hostname_index));
-  new_url.append(kHostName);
+  new_url.append(util_.kHostName);
   new_url.append(url.spec().substr(hostname_index + kLocalHost.size()));
 
   NavigateTab(tab.get(), GURL(new_url));
 
   // Security state should be OK.
   EXPECT_TRUE(tab->GetSecurityState(&security_style, &cert_status,
                                     &mixed_content_state));
   EXPECT_EQ(SECURITY_STYLE_AUTHENTICATED, security_style);
   EXPECT_EQ(0,
             cert_status & net::CERT_STATUS_ALL_ERRORS);  // No errors expected.
   EXPECT_EQ(NavigationEntry::SSLStatus::NORMAL_CONTENT, mixed_content_state);
 
   // Now try again the broken one to make sure it is still broken.
-  NavigateTab(tab.get(), https_server.TestServerPageW(
+  NavigateTab(tab.get(), https_server->TestServerPageW(
       L"files/ssl/google.html"));
 
   EXPECT_TRUE(tab->GetPageType(&page_type));
   // Since we OKed the interstitial last time, we get right to the page.
   EXPECT_EQ(NavigationEntry::NORMAL_PAGE, page_type);
   EXPECT_TRUE(tab->GetSecurityState(&security_style, &cert_status,
                                     &mixed_content_state));
   EXPECT_EQ(SECURITY_STYLE_AUTHENTICATION_BROKEN, security_style);
   EXPECT_EQ(net::CERT_STATUS_COMMON_NAME_INVALID,
             cert_status & net::CERT_STATUS_ALL_ERRORS);
   EXPECT_EQ(NavigationEntry::SSLStatus::NORMAL_CONTENT, mixed_content_state);
 }
 
 // Test that navigating to a #ref does not change a bad security state.
 TEST_F(SSLUITest, TestRefNavigation) {
-  HTTPSTestServer https_server = BadServer();
+  scoped_ptr<HTTPSTestServer> bad_https_server(BadCertServer());
   scoped_ptr<TabProxy> tab(GetActiveTabProxy());
   NavigateTab(tab.get(),
-              https_server.TestServerPageW(L"files/ssl/page_with_refs.html"));
+              bad_https_server->TestServerPageW(L"files/ssl/page_with_refs.html"));
 
   NavigationEntry::PageType page_type;
   EXPECT_TRUE(tab->GetPageType(&page_type));
   EXPECT_EQ(page_type, NavigationEntry::INTERSTITIAL_PAGE);
 
   SecurityStyle security_style;
   int cert_status;
   int mixed_content_state;
   EXPECT_TRUE(tab->GetSecurityState(&security_style, &cert_status,
                                     &mixed_content_state));
   EXPECT_EQ(SECURITY_STYLE_AUTHENTICATION_BROKEN, security_style);
   EXPECT_EQ(net::CERT_STATUS_DATE_INVALID, cert_status);
   EXPECT_EQ(NavigationEntry::SSLStatus::NORMAL_CONTENT, mixed_content_state);
 
   EXPECT_TRUE(tab->TakeActionOnSSLBlockingPage(true));
   EXPECT_TRUE(tab->GetPageType(&page_type));
   EXPECT_EQ(NavigationEntry::NORMAL_PAGE, page_type);
   EXPECT_TRUE(tab->GetSecurityState(&security_style, &cert_status,
                                     &mixed_content_state));
   EXPECT_EQ(SECURITY_STYLE_AUTHENTICATION_BROKEN, security_style);
   EXPECT_EQ(net::CERT_STATUS_DATE_INVALID,
             cert_status & net::CERT_STATUS_ALL_ERRORS);
   EXPECT_EQ(NavigationEntry::SSLStatus::NORMAL_CONTENT, mixed_content_state);
 
   // Now navigate to a ref in the page.
   NavigateTab(tab.get(),
-      https_server.TestServerPageW(L"files/ssl/page_with_refs.html#jp"));
+      bad_https_server->TestServerPageW(L"files/ssl/page_with_refs.html#jp"));
   EXPECT_TRUE(tab->GetSecurityState(&security_style, &cert_status,
                                     &mixed_content_state));
   EXPECT_EQ(SECURITY_STYLE_AUTHENTICATION_BROKEN, security_style);
   EXPECT_EQ(net::CERT_STATUS_DATE_INVALID,
             cert_status & net::CERT_STATUS_ALL_ERRORS);
   EXPECT_EQ(NavigationEntry::SSLStatus::NORMAL_CONTENT, mixed_content_state);
 }
 
 // Tests that closing a page that has a unsafe pop-up does not crash the browser
 // (bug #1966).
 // Disabled because flaky (bug #2136).
 TEST_F(SSLUITest, DISABLED_TestCloseTabWithUnsafePopup) {
-  TestServer http_server(kDocRoot);
-  HTTPSTestServer bad_https_server = BadServer();
+  scoped_ptr<TestServer> http_server(PlainServer());
+  scoped_ptr<HTTPSTestServer> bad_https_server(BadCertServer());
 
   scoped_ptr<TabProxy> tab(GetActiveTabProxy());
   NavigateTab(tab.get(),
-              http_server.TestServerPageW(
+              http_server->TestServerPageW(
                   L"files/ssl/page_with_unsafe_popup.html"));
 
   int popup_count = 0;
   EXPECT_TRUE(tab->GetConstrainedWindowCount(&popup_count));
   EXPECT_EQ(1, popup_count);
 
   // Let's add another tab to make sure the browser does not exit when we close
   // the first tab.
   scoped_ptr<BrowserProxy> browser_proxy(automation()->GetBrowserWindow(0));
   EXPECT_TRUE(browser_proxy.get());
   browser_proxy->AppendTab(
-      http_server.TestServerPageW(L"files/ssl/google.html"));
+      http_server->TestServerPageW(L"files/ssl/google.html"));
 
   // Close the first tab.
   tab->Close();
 }
 
 // Visit a page over bad https that is a redirect to a page with good https.
 TEST_F(SSLUITest, TestRedirectBadToGoodHTTPS) {
-  HTTPSTestServer good_https_server = GoodServer();
-  HTTPSTestServer bad_https_server = BadServer();
+  scoped_ptr<HTTPSTestServer> good_https_server(GoodCertServer());
+  scoped_ptr<HTTPSTestServer> bad_https_server(BadCertServer());
 
   scoped_ptr<TabProxy> tab(GetActiveTabProxy());
-  GURL url1 = bad_https_server.TestServerPageW(L"server-redirect?");
-  GURL url2 = good_https_server.TestServerPageW(L"files/ssl/google.html");
+  GURL url1 = bad_https_server->TestServerPageW(L"server-redirect?");
+  GURL url2 = good_https_server->TestServerPageW(L"files/ssl/google.html");
   NavigateTab(tab.get(), GURL(url1.spec() + url2.spec()));
 
   NavigationEntry::PageType page_type;
   EXPECT_TRUE(tab->GetPageType(&page_type));
   EXPECT_EQ(page_type, NavigationEntry::INTERSTITIAL_PAGE);
 
   SecurityStyle security_style;
   int cert_status;
   int mixed_content_state;
   EXPECT_TRUE(tab->GetSecurityState(&security_style, &cert_status,
                                     &mixed_content_state));
   EXPECT_EQ(SECURITY_STYLE_AUTHENTICATION_BROKEN, security_style);
   EXPECT_EQ(net::CERT_STATUS_DATE_INVALID, cert_status);
   EXPECT_EQ(NavigationEntry::SSLStatus::NORMAL_CONTENT, mixed_content_state);
 
   EXPECT_TRUE(tab->TakeActionOnSSLBlockingPage(true));
   // We have been redirected to the good page.
   EXPECT_TRUE(tab->GetSecurityState(&security_style, &cert_status,
                                     &mixed_content_state));
   EXPECT_EQ(SECURITY_STYLE_AUTHENTICATED, security_style);
   EXPECT_EQ(0,
             cert_status & net::CERT_STATUS_ALL_ERRORS);  // No errors expected.
   EXPECT_EQ(NavigationEntry::SSLStatus::NORMAL_CONTENT, mixed_content_state);
 }
 
 // Visit a page over good https that is a redirect to a page with bad https.
 TEST_F(SSLUITest, TestRedirectGoodToBadHTTPS) {
-  HTTPSTestServer good_https_server = GoodServer();
-  HTTPSTestServer bad_https_server = BadServer();
+  scoped_ptr<HTTPSTestServer> good_https_server(GoodCertServer());
+  scoped_ptr<HTTPSTestServer> bad_https_server(BadCertServer());
 
   scoped_ptr<TabProxy> tab(GetActiveTabProxy());
-  GURL url1 = good_https_server.TestServerPageW(L"server-redirect?");
-  GURL url2 = bad_https_server.TestServerPageW(L"files/ssl/google.html");
+  GURL url1 = good_https_server->TestServerPageW(L"server-redirect?");
+  GURL url2 = bad_https_server->TestServerPageW(L"files/ssl/google.html");
   NavigateTab(tab.get(), GURL(url1.spec() + url2.spec()));
 
   NavigationEntry::PageType page_type;
   EXPECT_TRUE(tab->GetPageType(&page_type));
   EXPECT_EQ(page_type, NavigationEntry::INTERSTITIAL_PAGE);
 
   EXPECT_TRUE(tab->TakeActionOnSSLBlockingPage(true));
 
   SecurityStyle security_style;
   int cert_status;
   int mixed_content_state;
   EXPECT_TRUE(tab->GetSecurityState(&security_style, &cert_status,
                                     &mixed_content_state));
   EXPECT_EQ(SECURITY_STYLE_AUTHENTICATION_BROKEN, security_style);
   EXPECT_EQ(net::CERT_STATUS_DATE_INVALID,
             cert_status & net::CERT_STATUS_ALL_ERRORS);
   EXPECT_EQ(NavigationEntry::SSLStatus::NORMAL_CONTENT, mixed_content_state);
 }
 
 // Visit a page over http that is a redirect to a page with https (good and
 // bad).
 TEST_F(SSLUITest, TestRedirectHTTPToHTTPS) {
-  TestServer http_server(kDocRoot);
-  HTTPSTestServer good_https_server = GoodServer();
-  HTTPSTestServer bad_https_server = BadServer();
+  scoped_ptr<TestServer> http_server(PlainServer());
+  scoped_ptr<HTTPSTestServer> good_https_server(GoodCertServer());
+  scoped_ptr<HTTPSTestServer> bad_https_server(BadCertServer());
 
   // HTTP redirects to good HTTPS.
   scoped_ptr<TabProxy> tab(GetActiveTabProxy());
-  GURL http_url = http_server.TestServerPageW(L"server-redirect?");
+  GURL http_url = http_server->TestServerPageW(L"server-redirect?");
   GURL good_https_url =
-      good_https_server.TestServerPageW(L"files/ssl/google.html");
+      good_https_server->TestServerPageW(L"files/ssl/google.html");
   NavigateTab(tab.get(), GURL(http_url.spec() + good_https_url.spec()));
 
   SecurityStyle security_style;
   int cert_status;
   int mixed_content_state;
   EXPECT_TRUE(tab->GetSecurityState(&security_style, &cert_status,
                                     &mixed_content_state));
   EXPECT_EQ(SECURITY_STYLE_AUTHENTICATED, security_style);
   EXPECT_EQ(0, cert_status & net::CERT_STATUS_ALL_ERRORS);
   EXPECT_EQ(NavigationEntry::SSLStatus::NORMAL_CONTENT, mixed_content_state);
 
   // HTTP redirects to bad HTTPS.
   GURL bad_https_url =
-      bad_https_server.TestServerPageW(L"files/ssl/google.html");
+      bad_https_server->TestServerPageW(L"files/ssl/google.html");
   NavigateTab(tab.get(), GURL(http_url.spec() + bad_https_url.spec()));
 
   NavigationEntry::PageType page_type;
   EXPECT_TRUE(tab->GetPageType(&page_type));
   EXPECT_EQ(page_type, NavigationEntry::INTERSTITIAL_PAGE);
 
   // Continue on the interstitial.
   EXPECT_TRUE(tab->TakeActionOnSSLBlockingPage(true));
 
   EXPECT_TRUE(tab->GetSecurityState(&security_style, &cert_status,
                                     &mixed_content_state));
   EXPECT_EQ(SECURITY_STYLE_AUTHENTICATION_BROKEN, security_style);
   EXPECT_EQ(net::CERT_STATUS_DATE_INVALID,
             cert_status & net::CERT_STATUS_ALL_ERRORS);
   EXPECT_EQ(NavigationEntry::SSLStatus::NORMAL_CONTENT, mixed_content_state);
 }
 
 // Visit a page over https that is a redirect to a page with http (to make sure
 // we don't keep the secure state).
 TEST_F(SSLUITest, TestRedirectHTTPSToHTTP) {
-  TestServer http_server(kDocRoot);
-  HTTPSTestServer https_server = GoodServer();
+  scoped_ptr<TestServer> http_server(PlainServer());
+  scoped_ptr<HTTPSTestServer> https_server(GoodCertServer());
 
   scoped_ptr<TabProxy> tab(GetActiveTabProxy());
-  GURL https_url = https_server.TestServerPageW(L"server-redirect?");
-  GURL http_url = http_server.TestServerPageW(L"files/ssl/google.html");
+  GURL https_url = https_server->TestServerPageW(L"server-redirect?");
+  GURL http_url = http_server->TestServerPageW(L"files/ssl/google.html");
   NavigateTab(tab.get(), GURL(https_url.spec() + http_url.spec()));
 
   SecurityStyle security_style;
   int cert_status;
   int mixed_content_state;
   EXPECT_TRUE(tab->GetSecurityState(&security_style, &cert_status,
                                     &mixed_content_state));
   EXPECT_EQ(SECURITY_STYLE_UNAUTHENTICATED, security_style);
   EXPECT_EQ(0, cert_status & net::CERT_STATUS_ALL_ERRORS);
   EXPECT_EQ(NavigationEntry::SSLStatus::NORMAL_CONTENT, mixed_content_state);
@@ skipping 27 matching lines @@
   EXPECT_EQ(NavigationEntry::SSLStatus::NORMAL_CONTENT, mixed_content_state);
 }
 
 //
 // Frame navigation
 //
 
 // From a good HTTPS top frame:
 // - navigate to an OK HTTPS frame
 // - navigate to a bad HTTPS (expect unsafe content and filtered frame), then
-//   back 
+//   back
 // - navigate to HTTP (expect mixed content), then back
 TEST_F(SSLUITest, TestGoodFrameNavigation) {
-  TestServer http_server(kDocRoot);
-  HTTPSTestServer good_https_server = GoodServer();
-  HTTPSTestServer bad_https_server = BadServer();
-  
+  scoped_ptr<TestServer> http_server(PlainServer());
+  scoped_ptr<HTTPSTestServer> good_https_server(GoodCertServer());
+  scoped_ptr<HTTPSTestServer> bad_https_server(BadCertServer());
+
   scoped_ptr<TabProxy> tab(GetActiveTabProxy());
   NavigateTab(tab.get(),
-              good_https_server.TestServerPageW(L"files/ssl/top_frame.html"));
+              good_https_server->TestServerPageW(L"files/ssl/top_frame.html"));
 
   SecurityStyle security_style;
   int cert_status;
   int mixed_content_state;
   EXPECT_TRUE(tab->GetSecurityState(&security_style, &cert_status,
                                     &mixed_content_state));
   EXPECT_EQ(SECURITY_STYLE_AUTHENTICATED, security_style);
   EXPECT_EQ(0, cert_status & net::CERT_STATUS_ALL_ERRORS);
   EXPECT_EQ(NavigationEntry::SSLStatus::NORMAL_CONTENT, mixed_content_state);
 
@@ skipping 69 matching lines @@
   EXPECT_TRUE(tab->GetSecurityState(&security_style, &cert_status,
                                     &mixed_content_state));
   EXPECT_EQ(SECURITY_STYLE_AUTHENTICATED, security_style);
   EXPECT_EQ(0, cert_status & net::CERT_STATUS_ALL_ERRORS);
   EXPECT_EQ(NavigationEntry::SSLStatus::NORMAL_CONTENT, mixed_content_state);
 }
 
 // From a bad HTTPS top frame:
 // - navigate to an OK HTTPS frame (expected to be still authentication broken).
 TEST_F(SSLUITest, TestBadFrameNavigation) {
-  HTTPSTestServer good_https_server = GoodServer();
-  HTTPSTestServer bad_https_server = BadServer();
-  
+  scoped_ptr<HTTPSTestServer> good_https_server(GoodCertServer());
+  scoped_ptr<HTTPSTestServer> bad_https_server(BadCertServer());
+
   scoped_ptr<TabProxy> tab(GetActiveTabProxy());
   NavigateTab(tab.get(),
-              bad_https_server.TestServerPageW(L"files/ssl/top_frame.html"));
+              bad_https_server->TestServerPageW(L"files/ssl/top_frame.html"));
 
   SecurityStyle security_style;
   int cert_status;
   int mixed_content_state;
   EXPECT_TRUE(tab->GetSecurityState(&security_style, &cert_status,
                                     &mixed_content_state));
   EXPECT_EQ(SECURITY_STYLE_AUTHENTICATION_BROKEN, security_style);
   EXPECT_EQ(net::CERT_STATUS_DATE_INVALID,
             cert_status & net::CERT_STATUS_ALL_ERRORS);
   EXPECT_EQ(NavigationEntry::SSLStatus::NORMAL_CONTENT, mixed_content_state);
 
   // Continue on the interstitial.
   EXPECT_TRUE(tab->TakeActionOnSSLBlockingPage(true));
 
   // Navigate to a good frame.
-   bool success = false;
+  bool success = false;
   int64 last_nav_time = 0;
   EXPECT_TRUE(tab->GetLastNavigationTime(&last_nav_time));
   EXPECT_TRUE(tab->ExecuteAndExtractBool(L"",
       L"window.domAutomationController.send(clickLink('goodHTTPSLink'));",
       &success));
   EXPECT_TRUE(success);
   EXPECT_TRUE(tab->WaitForNavigation(last_nav_time));
 
   // We should still be authentication broken.
   EXPECT_TRUE(tab->GetSecurityState(&security_style, &cert_status,
                                     &mixed_content_state));
   EXPECT_EQ(SECURITY_STYLE_AUTHENTICATION_BROKEN, security_style);
   EXPECT_EQ(net::CERT_STATUS_DATE_INVALID,
             cert_status & net::CERT_STATUS_ALL_ERRORS);
   EXPECT_EQ(NavigationEntry::SSLStatus::NORMAL_CONTENT, mixed_content_state);
 }
 
 // From an HTTP top frame, navigate to good and bad HTTPS (security state should
 // stay unauthenticated).
 TEST_F(SSLUITest, TestUnauthenticatedFrameNavigation) {
-  TestServer http_server(kDocRoot);
-  HTTPSTestServer good_https_server = GoodServer();
-  HTTPSTestServer bad_https_server = BadServer();
-  
+  scoped_ptr<TestServer> http_server(PlainServer());
+  scoped_ptr<HTTPSTestServer> good_https_server(GoodCertServer());
+  scoped_ptr<HTTPSTestServer> bad_https_server(BadCertServer());
+
   scoped_ptr<TabProxy> tab(GetActiveTabProxy());
   NavigateTab(tab.get(),
-              http_server.TestServerPageW(L"files/ssl/top_frame.html"));
+              http_server->TestServerPageW(L"files/ssl/top_frame.html"));
 
   SecurityStyle security_style;
   int cert_status;
   int mixed_content_state;
   EXPECT_TRUE(tab->GetSecurityState(&security_style, &cert_status,
                                     &mixed_content_state));
   EXPECT_EQ(SECURITY_STYLE_UNAUTHENTICATED, security_style);
   EXPECT_EQ(0, cert_status & net::CERT_STATUS_ALL_ERRORS);
   EXPECT_EQ(NavigationEntry::SSLStatus::NORMAL_CONTENT, mixed_content_state);
 
@@ skipping 35 matching lines @@
   std::wstring is_frame_evil_js(
       L"window.domAutomationController"
       L".send(document.getElementById('evilDiv') != null);");
   EXPECT_TRUE(tab->ExecuteAndExtractBool(content_frame_xpath,
                                          is_frame_evil_js,
                                          &is_content_evil));
   EXPECT_FALSE(is_content_evil);
 }
 
 
-// TODO (jcampan): more tests to do below.
+// TODO(jcampan): more tests to do below.
 
 // Visit a page over https that contains a frame with a redirect.
 
 // XMLHttpRequest mixed in synchronous mode.
 
 // XMLHttpRequest mixed in asynchronous mode.
 
 // XMLHttpRequest over bad ssl in synchronous mode.
 
 // XMLHttpRequest over OK ssl in synchronous mode.