Chromium Code Reviews Chromium Code Reviews
Issue 1058003004:
Forget SSL error exceptions when good certs seen for regular requests. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "base/bind.h" | 5 #include "base/bind.h" |
| 6 #include "base/bind_helpers.h" | 6 #include "base/bind_helpers.h" |
| 7 #include "base/callback.h" | 7 #include "base/callback.h" |
| 8 #include "base/command_line.h" | 8 #include "base/command_line.h" |
| 9 #include "base/prefs/pref_service.h" | 9 #include "base/prefs/pref_service.h" |
| 10 #include "base/strings/string_util.h" | 10 #include "base/strings/string_util.h" |
| 11 #include "base/strings/stringprintf.h" | 11 #include "base/strings/stringprintf.h" |
| 12 #include "base/strings/utf_string_conversions.h" | 12 #include "base/strings/utf_string_conversions.h" |
| 13 #include "base/time/time.h" | 13 #include "base/time/time.h" |
| 14 #include "chrome/app/chrome_command_ids.h" | 14 #include "chrome/app/chrome_command_ids.h" |
| 15 #include "chrome/browser/browser_process.h" | 15 #include "chrome/browser/browser_process.h" |
| 16 #include "chrome/browser/chrome_notification_types.h" | 16 #include "chrome/browser/chrome_notification_types.h" |
| 17 #include "chrome/browser/interstitials/security_interstitial_page_test_utils.h" | 17 #include "chrome/browser/interstitials/security_interstitial_page_test_utils.h" |
| 18 #include "chrome/browser/net/certificate_error_reporter.h" | 18 #include "chrome/browser/net/certificate_error_reporter.h" |
| 19 #include "chrome/browser/profiles/profile.h" | 19 #include "chrome/browser/profiles/profile.h" |
| 20 #include "chrome/browser/safe_browsing/ping_manager.h" | 20 #include "chrome/browser/safe_browsing/ping_manager.h" |
| 21 #include "chrome/browser/safe_browsing/safe_browsing_service.h" | 21 #include "chrome/browser/safe_browsing/safe_browsing_service.h" |
| 22 #include "chrome/browser/ssl/chrome_ssl_host_state_delegate.h" | |
| 22 #include "chrome/browser/ssl/ssl_blocking_page.h" | 23 #include "chrome/browser/ssl/ssl_blocking_page.h" |
| 23 #include "chrome/browser/ui/browser.h" | 24 #include "chrome/browser/ui/browser.h" |
| 24 #include "chrome/browser/ui/browser_commands.h" | 25 #include "chrome/browser/ui/browser_commands.h" |
| 25 #include "chrome/browser/ui/browser_navigator.h" | 26 #include "chrome/browser/ui/browser_navigator.h" |
| 26 #include "chrome/browser/ui/browser_tabstrip.h" | 27 #include "chrome/browser/ui/browser_tabstrip.h" |
| 27 #include "chrome/browser/ui/tabs/tab_strip_model.h" | 28 #include "chrome/browser/ui/tabs/tab_strip_model.h" |
| 28 #include "chrome/common/chrome_paths.h" | 29 #include "chrome/common/chrome_paths.h" |
| 29 #include "chrome/common/chrome_switches.h" | 30 #include "chrome/common/chrome_switches.h" |
| 30 #include "chrome/common/pref_names.h" | 31 #include "chrome/common/pref_names.h" |
| 31 #include "chrome/test/base/in_process_browser_test.h" | 32 #include "chrome/test/base/in_process_browser_test.h" |
| (...skipping 2090 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 2122 ui::PAGE_TRANSITION_TYPED); | 2123 ui::PAGE_TRANSITION_TYPED); |
| 2123 EXPECT_EQ(2, browser()->tab_strip_model()->count()); | 2124 EXPECT_EQ(2, browser()->tab_strip_model()->count()); |
| 2124 EXPECT_EQ(0, browser()->tab_strip_model()->active_index()); | 2125 EXPECT_EQ(0, browser()->tab_strip_model()->active_index()); |
| 2125 EXPECT_EQ(tab, browser()->tab_strip_model()->GetWebContentsAt(1)); | 2126 EXPECT_EQ(tab, browser()->tab_strip_model()->GetWebContentsAt(1)); |
| 2126 EXPECT_FALSE(tab->GetRenderWidgetHostView()->IsShowing()); | 2127 EXPECT_FALSE(tab->GetRenderWidgetHostView()->IsShowing()); |
| 2127 | 2128 |
| 2128 browser()->tab_strip_model()->ActivateTabAt(1, true); | 2129 browser()->tab_strip_model()->ActivateTabAt(1, true); |
| 2129 EXPECT_TRUE(tab->GetRenderWidgetHostView()->IsShowing()); | 2130 EXPECT_TRUE(tab->GetRenderWidgetHostView()->IsShowing()); |
| 2130 } | 2131 } |
| 2131 | 2132 |
| 2133 // Verifies that if a bad certificate is seen for a host and the user proceeds | |
| 2134 // through the interstitial, the decision to proceed is initially remembered. | |
| 2135 // However, if this is followed by another visit, and a good certificate | |
| 2136 // is seen for the same host, the original exception is forgotten. | |
| 2137 IN_PROC_BROWSER_TEST_F(SSLUITest, BadCertFollowedByGoodCert) { | |
| 2138 ASSERT_TRUE(https_server_mismatched_.Start()); | |
| 2139 | |
| 2140 ui_test_utils::NavigateToURL( | |
| 2141 browser(), https_server_mismatched_.GetURL("files/ssl/google.html")); | |
| 2142 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); | |
| 2143 | |
| 2144 ChromeSSLHostStateDelegate* state = | |
| 2145 reinterpret_cast<ChromeSSLHostStateDelegate*>( | |
| 2146 Profile::FromBrowserContext(tab->GetBrowserContext()) | |
| 2147 ->GetSSLHostStateDelegate()); | |
| 2148 | |
| 2149 ProceedThroughInterstitial(tab); | |
| 2150 | |
| 2151 EXPECT_TRUE(state->HasAllowException(tab->GetURL().host())); | |
| 2152 | |
|
davidben
2015/04/07 21:08:43
You should probably flush the socket pools here fo
jww
2015/04/08 00:57:40
Done.
| |
| 2153 net::SpawnedTestServer::SSLOptions new_options( | |
| 2154 net::SpawnedTestServer::SSLOptions::CERT_OK); | |
| 2155 https_server_mismatched_.set_ssl_options(new_options); | |
| 2156 ui_test_utils::NavigateToURL( | |
| 2157 browser(), https_server_mismatched_.GetURL("files/ssl/google.html")); | |
| 2158 tab = browser()->tab_strip_model()->GetActiveWebContents(); | |
| 2159 | |
| 2160 EXPECT_FALSE(state->HasAllowException(tab->GetURL().host())); | |
| 2161 } | |
| 2162 | |
| 2132 class SSLBlockingPageIDNTest : public SecurityInterstitialIDNTest { | 2163 class SSLBlockingPageIDNTest : public SecurityInterstitialIDNTest { |
| 2133 protected: | 2164 protected: |
| 2134 // SecurityInterstitialIDNTest implementation | 2165 // SecurityInterstitialIDNTest implementation |
| 2135 SecurityInterstitialPage* CreateInterstitial( | 2166 SecurityInterstitialPage* CreateInterstitial( |
| 2136 content::WebContents* contents, | 2167 content::WebContents* contents, |
| 2137 const GURL& request_url) const override { | 2168 const GURL& request_url) const override { |
| 2138 net::SSLInfo ssl_info; | 2169 net::SSLInfo ssl_info; |
| 2139 ssl_info.cert = new net::X509Certificate( | 2170 ssl_info.cert = new net::X509Certificate( |
| 2140 request_url.host(), "CA", base::Time::Max(), base::Time::Max()); | 2171 request_url.host(), "CA", base::Time::Max(), base::Time::Max()); |
| 2141 return new SSLBlockingPage( | 2172 return new SSLBlockingPage( |
| (...skipping 10 matching lines...) Expand all Loading... | |
| 2152 | 2183 |
| 2153 // Visit a page over https that contains a frame with a redirect. | 2184 // Visit a page over https that contains a frame with a redirect. |
| 2154 | 2185 |
| 2155 // XMLHttpRequest insecure content in synchronous mode. | 2186 // XMLHttpRequest insecure content in synchronous mode. |
| 2156 | 2187 |
| 2157 // XMLHttpRequest insecure content in asynchronous mode. | 2188 // XMLHttpRequest insecure content in asynchronous mode. |
| 2158 | 2189 |
| 2159 // XMLHttpRequest over bad ssl in synchronous mode. | 2190 // XMLHttpRequest over bad ssl in synchronous mode. |
| 2160 | 2191 |
| 2161 // XMLHttpRequest over OK ssl in synchronous mode. | 2192 // XMLHttpRequest over OK ssl in synchronous mode. |
| OLD | NEW |
