Chromium Code Reviews Chromium Code Reviews
Issue 1223233002:
Common Name Mismatch Handler For WWW Subdomain Mismatch case (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/ssl/ssl_error_handler.h" | 5 #include "chrome/browser/ssl/ssl_error_handler.h" |
| 6 | 6 |
| 7 #include "base/callback.h" | 7 #include "base/callback.h" |
| 8 #include "base/message_loop/message_loop.h" | 8 #include "base/message_loop/message_loop.h" |
| 9 #include "base/metrics/field_trial.h" | 9 #include "base/metrics/field_trial.h" |
| 10 #include "base/run_loop.h" | 10 #include "base/run_loop.h" |
| 11 #include "base/time/time.h" | 11 #include "base/time/time.h" |
| 12 #include "chrome/browser/captive_portal/captive_portal_service.h" | 12 #include "chrome/browser/captive_portal/captive_portal_service.h" |
| 13 #include "chrome/browser/profiles/profile.h" | 13 #include "chrome/browser/profiles/profile.h" |
| 14 #include "chrome/browser/ssl/common_name_mismatch_handler.h" | |
| 14 #include "chrome/test/base/chrome_render_view_host_test_harness.h" | 15 #include "chrome/test/base/chrome_render_view_host_test_harness.h" |
| 15 #include "chrome/test/base/testing_profile.h" | 16 #include "chrome/test/base/testing_profile.h" |
| 16 #include "components/captive_portal/captive_portal_testing_utils.h" | 17 #include "components/captive_portal/captive_portal_testing_utils.h" |
| 17 #include "content/public/browser/notification_service.h" | 18 #include "content/public/browser/notification_service.h" |
| 18 #include "net/base/net_errors.h" | 19 #include "net/base/net_errors.h" |
| 20 #include "net/cert/x509_certificate.h" | |
| 19 #include "net/ssl/ssl_info.h" | 21 #include "net/ssl/ssl_info.h" |
| 22 #include "net/test/test_certificate_data.h" | |
| 20 #include "testing/gtest/include/gtest/gtest.h" | 23 #include "testing/gtest/include/gtest/gtest.h" |
| 21 | 24 |
| 22 class TestSSLErrorHandler : public SSLErrorHandler { | 25 class TestSSLErrorHandler : public SSLErrorHandler { |
| 23 public: | 26 public: |
| 24 TestSSLErrorHandler(Profile* profile, | 27 TestSSLErrorHandler(Profile* profile, |
| 25 content::WebContents* web_contents, | 28 content::WebContents* web_contents, |
| 26 const net::SSLInfo& ssl_info) | 29 const net::SSLInfo& ssl_info) |
| 27 : SSLErrorHandler(web_contents, | 30 : SSLErrorHandler(web_contents, |
| 28 net::ERR_CERT_COMMON_NAME_INVALID, | 31 net::ERR_CERT_COMMON_NAME_INVALID, |
| 29 ssl_info, | 32 ssl_info, |
| 30 GURL(), | 33 GURL(), |
| 31 0, | 34 0, |
| 32 nullptr, | 35 nullptr, |
| 33 base::Callback<void(bool)>()), | 36 base::Callback<void(bool)>()), |
| 34 profile_(profile), | 37 profile_(profile), |
| 35 captive_portal_checked_(false), | 38 captive_portal_checked_(false), |
| 39 suggested_url_exists_(false), | |
| 40 suggested_url_checked_(false), | |
| 36 ssl_interstitial_shown_(false), | 41 ssl_interstitial_shown_(false), |
| 37 captive_portal_interstitial_shown_(false) {} | 42 captive_portal_interstitial_shown_(false), |
| 43 common_name_mismatch_interstitial_shown_(false) {} | |
| 38 | 44 |
| 39 ~TestSSLErrorHandler() override { | 45 ~TestSSLErrorHandler() override { |
| 40 } | 46 } |
| 41 | 47 |
| 42 using SSLErrorHandler::StartHandlingError; | 48 using SSLErrorHandler::StartHandlingError; |
| 43 | 49 |
| 44 void SendCaptivePortalNotification( | 50 void SendCaptivePortalNotification( |
| 45 captive_portal::CaptivePortalResult result) { | 51 captive_portal::CaptivePortalResult result) { |
| 46 CaptivePortalService::Results results; | 52 CaptivePortalService::Results results; |
| 47 results.previous_result = captive_portal::RESULT_INTERNET_CONNECTED; | 53 results.previous_result = captive_portal::RESULT_INTERNET_CONNECTED; |
| 48 results.result = result; | 54 results.result = result; |
| 49 content::NotificationService::current()->Notify( | 55 content::NotificationService::current()->Notify( |
| 50 chrome::NOTIFICATION_CAPTIVE_PORTAL_CHECK_RESULT, | 56 chrome::NOTIFICATION_CAPTIVE_PORTAL_CHECK_RESULT, |
| 51 content::Source<Profile>(profile_), | 57 content::Source<Profile>(profile_), |
| 52 content::Details<CaptivePortalService::Results>(&results)); | 58 content::Details<CaptivePortalService::Results>(&results)); |
| 53 } | 59 } |
| 54 | 60 |
| 61 void SendSuggestedUrlCheckResult( | |
| 62 const CommonNameMismatchHandler::SuggestedUrlCheckResult& result, | |
| 63 const GURL& suggested_url) { | |
| 64 CommonNameMismatchHandler::Results results; | |
| 65 results.result = result; | |
| 66 results.suggested_url = suggested_url; | |
| 67 CommonNameMismatchHandlerCallback(results); | |
| 68 } | |
| 69 | |
| 55 bool IsTimerRunning() const { | 70 bool IsTimerRunning() const { |
| 56 return get_timer().IsRunning(); | 71 return get_timer().IsRunning(); |
| 57 } | 72 } |
| 58 | 73 |
| 59 int captive_portal_checked() const { | 74 int captive_portal_checked() const { |
| 60 return captive_portal_checked_; | 75 return captive_portal_checked_; |
| 61 } | 76 } |
| 62 | 77 |
| 63 int ssl_interstitial_shown() const { | 78 int ssl_interstitial_shown() const { |
| 64 return ssl_interstitial_shown_; | 79 return ssl_interstitial_shown_; |
| 65 } | 80 } |
| 66 | 81 |
| 67 int captive_portal_interstitial_shown() const { | 82 int captive_portal_interstitial_shown() const { |
| 68 return captive_portal_interstitial_shown_; | 83 return captive_portal_interstitial_shown_; |
| 69 } | 84 } |
| 70 | 85 |
| 86 void SetSuggestedUrl(bool suggested_url_exists) { | |
|
meacer
2015/07/28 01:18:07
SetSuggestedUrl -> SetSuggestedUrlExists
Bhanu Dev
2015/07/30 02:39:10
Done.
| |
| 87 suggested_url_exists_ = suggested_url_exists; | |
| 88 } | |
| 89 | |
| 90 bool GetSuggestedUrl(const GURL& request_url, | |
| 91 const std::vector<std::string>& dns_names, | |
| 92 GURL* suggested_url) override { | |
| 93 if (!suggested_url_exists_) | |
| 94 return false; | |
| 95 *suggested_url = GURL("www.example.com"); | |
| 96 return true; | |
| 97 } | |
| 98 | |
| 99 bool suggested_url_checked() const { return suggested_url_checked_; } | |
| 100 | |
| 101 bool common_name_mismatch_interstitial_shown() const { | |
| 102 return common_name_mismatch_interstitial_shown_; | |
| 103 } | |
| 104 | |
| 71 void Reset() { | 105 void Reset() { |
| 72 captive_portal_checked_ = false; | 106 captive_portal_checked_ = false; |
| 107 suggested_url_exists_ = false; | |
| 108 suggested_url_checked_ = false; | |
| 73 ssl_interstitial_shown_ = false; | 109 ssl_interstitial_shown_ = false; |
| 74 captive_portal_interstitial_shown_ = false; | 110 captive_portal_interstitial_shown_ = false; |
| 111 common_name_mismatch_interstitial_shown_ = false; | |
| 75 } | 112 } |
| 76 | 113 |
| 77 private: | 114 private: |
| 78 void CheckForCaptivePortal() override { | 115 void CheckForCaptivePortal() override { |
| 79 captive_portal_checked_ = true; | 116 captive_portal_checked_ = true; |
| 80 } | 117 } |
| 81 | 118 |
| 82 void ShowSSLInterstitial() override { | 119 void ShowSSLInterstitial(const GURL& suggested_url) override { |
| 83 ssl_interstitial_shown_ = true; | 120 if (!suggested_url.is_empty()) |
| 121 common_name_mismatch_interstitial_shown_ = true; | |
| 122 else | |
| 123 ssl_interstitial_shown_ = true; | |
| 84 } | 124 } |
| 85 | 125 |
| 86 void ShowCaptivePortalInterstitial(const GURL& landing_url) override { | 126 void ShowCaptivePortalInterstitial(const GURL& landing_url) override { |
| 87 captive_portal_interstitial_shown_ = true; | 127 captive_portal_interstitial_shown_ = true; |
| 88 } | 128 } |
| 89 | 129 |
| 130 void CheckSuggestedUrl(const GURL& suggested_url) override { | |
| 131 suggested_url_checked_ = true; | |
| 132 } | |
| 133 | |
| 90 Profile* profile_; | 134 Profile* profile_; |
| 91 bool captive_portal_checked_; | 135 bool captive_portal_checked_; |
| 136 bool suggested_url_exists_; | |
| 137 bool suggested_url_checked_; | |
| 92 bool ssl_interstitial_shown_; | 138 bool ssl_interstitial_shown_; |
| 93 bool captive_portal_interstitial_shown_; | 139 bool captive_portal_interstitial_shown_; |
| 140 bool common_name_mismatch_interstitial_shown_; | |
| 94 | 141 |
| 95 DISALLOW_COPY_AND_ASSIGN(TestSSLErrorHandler); | 142 DISALLOW_COPY_AND_ASSIGN(TestSSLErrorHandler); |
| 96 }; | 143 }; |
| 97 | 144 |
| 98 class SSLErrorHandlerTest : public ChromeRenderViewHostTestHarness { | 145 class SSLErrorHandlerTest : public ChromeRenderViewHostTestHarness { |
| 99 public: | 146 public: |
| 100 SSLErrorHandlerTest() | 147 SSLErrorHandlerTest() |
| 101 : field_trial_list_(NULL) { | 148 : field_trial_list_(NULL) { |
| 102 } | 149 } |
| 103 | 150 |
| 104 void SetUp() override { | 151 void SetUp() override { |
| 105 ChromeRenderViewHostTestHarness::SetUp(); | 152 ChromeRenderViewHostTestHarness::SetUp(); |
| 106 SSLErrorHandler::SetInterstitialDelayTypeForTest(SSLErrorHandler::NONE); | 153 SSLErrorHandler::SetInterstitialDelayTypeForTest(SSLErrorHandler::NONE); |
| 154 ssl_info_.cert = net::X509Certificate::CreateFromBytes( | |
| 155 reinterpret_cast<const char*>(google_der), sizeof(google_der)); | |
| 156 ssl_info_.cert_status = net::CERT_STATUS_COMMON_NAME_INVALID; | |
| 107 error_handler_.reset(new TestSSLErrorHandler(profile(), | 157 error_handler_.reset(new TestSSLErrorHandler(profile(), |
| 108 web_contents(), | 158 web_contents(), |
| 109 ssl_info_)); | 159 ssl_info_)); |
| 110 // Enable finch experiment for captive portal interstitials. | 160 // Enable finch experiment for captive portal interstitials. |
| 111 ASSERT_TRUE(base::FieldTrialList::CreateFieldTrial( | 161 ASSERT_TRUE(base::FieldTrialList::CreateFieldTrial( |
| 112 "CaptivePortalInterstitial", "Enabled")); | 162 "CaptivePortalInterstitial", "Enabled")); |
| 113 } | 163 } |
| 114 | 164 |
| 115 void TearDown() override { | 165 void TearDown() override { |
| 116 EXPECT_FALSE(error_handler()->IsTimerRunning()); | 166 EXPECT_FALSE(error_handler()->IsTimerRunning()); |
| 117 error_handler_.reset(NULL); | 167 error_handler_.reset(NULL); |
| 118 ChromeRenderViewHostTestHarness::TearDown(); | 168 ChromeRenderViewHostTestHarness::TearDown(); |
| 119 } | 169 } |
| 120 | 170 |
| 121 TestSSLErrorHandler* error_handler() { return error_handler_.get(); } | 171 TestSSLErrorHandler* error_handler() { return error_handler_.get(); } |
| 122 | 172 |
| 123 private: | 173 private: |
| (...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 184 error_handler()->SendCaptivePortalNotification( | 234 error_handler()->SendCaptivePortalNotification( |
| 185 captive_portal::RESULT_INTERNET_CONNECTED); | 235 captive_portal::RESULT_INTERNET_CONNECTED); |
| 186 base::MessageLoop::current()->RunUntilIdle(); | 236 base::MessageLoop::current()->RunUntilIdle(); |
| 187 | 237 |
| 188 EXPECT_FALSE(error_handler()->IsTimerRunning()); | 238 EXPECT_FALSE(error_handler()->IsTimerRunning()); |
| 189 EXPECT_FALSE(error_handler()->captive_portal_checked()); | 239 EXPECT_FALSE(error_handler()->captive_portal_checked()); |
| 190 EXPECT_TRUE(error_handler()->ssl_interstitial_shown()); | 240 EXPECT_TRUE(error_handler()->ssl_interstitial_shown()); |
| 191 EXPECT_FALSE(error_handler()->captive_portal_interstitial_shown()); | 241 EXPECT_FALSE(error_handler()->captive_portal_interstitial_shown()); |
| 192 } | 242 } |
| 193 | 243 |
| 244 TEST_F(SSLErrorHandlerTest, ShouldNotCheckSuggestedUrlIfNoSuggestedUrl) { | |
| 245 EXPECT_FALSE(error_handler()->IsTimerRunning()); | |
| 246 error_handler()->SetSuggestedUrl(false); | |
| 247 error_handler()->StartHandlingError(); | |
| 248 | |
| 249 EXPECT_TRUE(error_handler()->IsTimerRunning()); | |
| 250 EXPECT_FALSE(error_handler()->suggested_url_checked()); | |
| 251 base::MessageLoop::current()->RunUntilIdle(); | |
| 252 | |
| 253 EXPECT_FALSE(error_handler()->IsTimerRunning()); | |
| 254 EXPECT_TRUE(error_handler()->ssl_interstitial_shown()); | |
| 255 } | |
| 256 | |
| 257 TEST_F(SSLErrorHandlerTest, ShouldNotCheckCaptivePortalIfSuggestedUrlExists) { | |
| 258 EXPECT_FALSE(error_handler()->IsTimerRunning()); | |
| 259 error_handler()->SetSuggestedUrl(true); | |
| 260 error_handler()->StartHandlingError(); | |
| 261 | |
| 262 EXPECT_TRUE(error_handler()->IsTimerRunning()); | |
| 263 EXPECT_TRUE(error_handler()->suggested_url_checked()); | |
| 264 EXPECT_FALSE(error_handler()->captive_portal_checked()); | |
| 265 base::MessageLoop::current()->RunUntilIdle(); | |
| 266 | |
| 267 EXPECT_FALSE(error_handler()->IsTimerRunning()); | |
| 268 EXPECT_TRUE(error_handler()->ssl_interstitial_shown()); | |
| 269 } | |
| 270 | |
| 194 #else // #if !defined(ENABLE_CAPTIVE_PORTAL_DETECTION) | 271 #else // #if !defined(ENABLE_CAPTIVE_PORTAL_DETECTION) |
| 195 | 272 |
| 196 TEST_F(SSLErrorHandlerTest, | 273 TEST_F(SSLErrorHandlerTest, |
| 197 ShouldShowSSLInterstitialOnCaptivePortalDetectionDisabled) { | 274 ShouldShowSSLInterstitialOnCaptivePortalDetectionDisabled) { |
| 198 EXPECT_FALSE(error_handler()->IsTimerRunning()); | 275 EXPECT_FALSE(error_handler()->IsTimerRunning()); |
| 276 error_handler()->SetSuggestedUrl(false); | |
| 199 error_handler()->StartHandlingError(); | 277 error_handler()->StartHandlingError(); |
| 200 EXPECT_FALSE(error_handler()->IsTimerRunning()); | 278 EXPECT_FALSE(error_handler()->IsTimerRunning()); |
| 201 EXPECT_FALSE(error_handler()->captive_portal_checked()); | 279 EXPECT_FALSE(error_handler()->captive_portal_checked()); |
| 202 EXPECT_TRUE(error_handler()->ssl_interstitial_shown()); | 280 EXPECT_TRUE(error_handler()->ssl_interstitial_shown()); |
| 203 EXPECT_FALSE(error_handler()->captive_portal_interstitial_shown()); | 281 EXPECT_FALSE(error_handler()->captive_portal_interstitial_shown()); |
| 204 } | 282 } |
| 205 | 283 |
| 206 #endif // defined(ENABLE_CAPTIVE_PORTAL_DETECTION) | 284 #endif // defined(ENABLE_CAPTIVE_PORTAL_DETECTION) |
| 285 | |
| 286 TEST_F(SSLErrorHandlerTest, | |
| 287 ShouldShowSSLInterstitialOnTimerExpiredWhenSuggestedUrlExists) { | |
| 288 EXPECT_FALSE(error_handler()->IsTimerRunning()); | |
| 289 error_handler()->SetSuggestedUrl(true); | |
| 290 error_handler()->StartHandlingError(); | |
| 291 | |
| 292 EXPECT_TRUE(error_handler()->IsTimerRunning()); | |
| 293 EXPECT_TRUE(error_handler()->suggested_url_checked()); | |
| 294 EXPECT_FALSE(error_handler()->ssl_interstitial_shown()); | |
| 295 EXPECT_FALSE(error_handler()->common_name_mismatch_interstitial_shown()); | |
| 296 | |
| 297 base::MessageLoop::current()->RunUntilIdle(); | |
| 298 | |
| 299 EXPECT_FALSE(error_handler()->IsTimerRunning()); | |
| 300 EXPECT_TRUE(error_handler()->ssl_interstitial_shown()); | |
| 301 EXPECT_FALSE(error_handler()->common_name_mismatch_interstitial_shown()); | |
| 302 } | |
| 303 | |
| 304 TEST_F(SSLErrorHandlerTest, | |
| 305 ShouldShowCommonNameMismatchInterstitialOnSuggestedUrlCheckResult) { | |
| 306 EXPECT_FALSE(error_handler()->IsTimerRunning()); | |
| 307 error_handler()->SetSuggestedUrl(true); | |
| 308 error_handler()->StartHandlingError(); | |
| 309 | |
| 310 EXPECT_TRUE(error_handler()->IsTimerRunning()); | |
| 311 EXPECT_TRUE(error_handler()->suggested_url_checked()); | |
| 312 EXPECT_FALSE(error_handler()->ssl_interstitial_shown()); | |
| 313 EXPECT_FALSE(error_handler()->common_name_mismatch_interstitial_shown()); | |
| 314 // Fake a valid suggested URL check result. | |
| 315 // The URL returned by |SuggestedUrlCheckResult| can be different from | |
| 316 // |suggested_url|, if there is a redirect. | |
| 317 error_handler()->SendSuggestedUrlCheckResult( | |
| 318 CommonNameMismatchHandler::SuggestedUrlCheckResult:: | |
| 319 RESULT_SUGGESTED_URL_VALID, | |
| 320 GURL("https://random.example.com")); | |
| 321 | |
| 322 EXPECT_FALSE(error_handler()->IsTimerRunning()); | |
| 323 EXPECT_FALSE(error_handler()->ssl_interstitial_shown()); | |
| 324 EXPECT_TRUE(error_handler()->common_name_mismatch_interstitial_shown()); | |
| 325 } | |
| 326 | |
| 327 TEST_F(SSLErrorHandlerTest, ShouldShowSSLInterstitialOnInvalidUrlCheckResult) { | |
| 328 EXPECT_FALSE(error_handler()->IsTimerRunning()); | |
| 329 error_handler()->SetSuggestedUrl(true); | |
| 330 error_handler()->StartHandlingError(); | |
| 331 | |
| 332 EXPECT_TRUE(error_handler()->IsTimerRunning()); | |
| 333 EXPECT_TRUE(error_handler()->suggested_url_checked()); | |
| 334 EXPECT_FALSE(error_handler()->ssl_interstitial_shown()); | |
| 335 EXPECT_FALSE(error_handler()->common_name_mismatch_interstitial_shown()); | |
| 336 // Fake an Invalid Suggested URL Check result. | |
| 337 error_handler()->SendSuggestedUrlCheckResult( | |
| 338 CommonNameMismatchHandler::SuggestedUrlCheckResult:: | |
| 339 RESULT_SUGGESTED_URL_INVALID, | |
| 340 GURL()); | |
| 341 | |
| 342 EXPECT_FALSE(error_handler()->IsTimerRunning()); | |
| 343 EXPECT_TRUE(error_handler()->ssl_interstitial_shown()); | |
| 344 EXPECT_FALSE(error_handler()->common_name_mismatch_interstitial_shown()); | |
| 345 } | |
| OLD | NEW |
