Attach a SecurityStyle to each request in ResourceLoader

content/browser/loader/resource_loader_unittest.cc

Index: content/browser/loader/resource_loader_unittest.cc
diff --git a/content/browser/loader/resource_loader_unittest.cc b/content/browser/loader/resource_loader_unittest.cc
index 7b4000e3e3344ff3dbb4114d3b5eae8c2c5f3c6c..14ee69b784479c82f7f7ee209f2011214209e94c 100644
--- a/content/browser/loader/resource_loader_unittest.cc
+++ b/content/browser/loader/resource_loader_unittest.cc
@@ -14,6 +14,8 @@
 #include "content/browser/browser_thread_impl.h"
 #include "content/browser/loader/redirect_to_file_resource_handler.h"
 #include "content/browser/loader/resource_loader_delegate.h"
+#include "content/common/ssl_status_serialization.h"
+#include "content/public/browser/cert_store.h"
 #include "content/public/browser/client_certificate_delegate.h"
 #include "content/public/browser/resource_request_info.h"
 #include "content/public/common/content_paths.h"
@@ -30,12 +32,16 @@
 #include "net/base/mock_file_stream.h"
 #include "net/base/net_errors.h"
 #include "net/base/request_priority.h"
+#include "net/base/test_data_directory.h"
 #include "net/base/upload_bytes_element_reader.h"
 #include "net/cert/x509_certificate.h"
 #include "net/ssl/client_cert_store.h"
 #include "net/ssl/ssl_cert_request_info.h"
+#include "net/test/cert_test_util.h"
 #include "net/test/embedded_test_server/embedded_test_server.h"
 #include "net/url_request/url_request.h"
+#include "net/url_request/url_request_filter.h"
+#include "net/url_request/url_request_interceptor.h"
 #include "net/url_request/url_request_job_factory.h"
 #include "net/url_request/url_request_job_factory_impl.h"
 #include "net/url_request/url_request_test_job.h"
@@ -164,6 +170,63 @@ class MockClientCertJobProtocolHandler
   }
 };
 
+// Set up dummy values to use in test HTTPS requests.
+
+scoped_refptr<net::X509Certificate> GetTestCert() {
+  return net::ImportCertFromFile(net::GetTestCertsDirectory(),
+                                 "test_mail_google_com.pem");
+}
+
+const net::CertStatus kTestCertError = net::CERT_STATUS_DATE_INVALID;
+const int kTestSecurityBits = 256;
+// SSL3 TLS_DHE_RSA_WITH_AES_256_CBC_SHA
+const int kTestConnectionStatus = 0x300039;
+
+// A mock URLRequestJob which simulates an HTTPS request.
+class MockHTTPSURLRequestJob : public net::URLRequestTestJob {
+ public:
+  MockHTTPSURLRequestJob(net::URLRequest* request,
+                         net::NetworkDelegate* network_delegate,
+                         const std::string& response_headers,
+                         const std::string& response_data,
+                         bool auto_advance)
+      : net::URLRequestTestJob(request,
+                               network_delegate,
+                               response_headers,
+                               response_data,
+                               auto_advance) {}
+
+  // net::URLRequestTestJob:
+  void GetResponseInfo(net::HttpResponseInfo* info) override {
+    // Get the original response info, but override the SSL info.
+    net::URLRequestJob::GetResponseInfo(info);
+    info->ssl_info.cert = GetTestCert();
+    info->ssl_info.cert_status = kTestCertError;
+    info->ssl_info.security_bits = kTestSecurityBits;
+    info->ssl_info.connection_status = kTestConnectionStatus;
+  }
+
+ private:
+  ~MockHTTPSURLRequestJob() override {}
+
+  DISALLOW_COPY_AND_ASSIGN(MockHTTPSURLRequestJob);
+};
+
+class MockHTTPSJobURLRequestInterceptor : public net::URLRequestInterceptor {
+ public:
+  MockHTTPSJobURLRequestInterceptor() {}
+  ~MockHTTPSJobURLRequestInterceptor() override {}
+
+  // net::URLRequestInterceptor:
+  net::URLRequestJob* MaybeInterceptRequest(
+      net::URLRequest* request,
+      net::NetworkDelegate* network_delegate) const override {
+    return new MockHTTPSURLRequestJob(request, network_delegate,
+                                      net::URLRequestTestJob::test_headers(),
+                                      "dummy response", true);
+  }
+};
+
 // Arbitrary read buffer size.
 const int kReadBufSize = 1024;
 
@@ -538,6 +601,29 @@ class ClientCertResourceLoaderTest : public ResourceLoaderTest {
   }
 };
 
+// A ResourceLoaderTest that intercepts https://example.test URLs and
+// sets SSL info on the responses.
+class HTTPSSecurityInfoResourceLoaderTest : public ResourceLoaderTest {
+ public:
+  HTTPSSecurityInfoResourceLoaderTest()
+      : ResourceLoaderTest(), test_https_url_("https://example.test") {}
+
+  ~HTTPSSecurityInfoResourceLoaderTest() override {}
+
+  const GURL& test_https_url() { return test_https_url_; }
+
+ protected:
+  void SetUp() override {
+    ResourceLoaderTest::SetUp();
+    net::URLRequestFilter::GetInstance()->AddHostnameInterceptor(
+        "https", "example.test", scoped_ptr<net::URLRequestInterceptor>(
+                                     new MockHTTPSJobURLRequestInterceptor));
+  }
+
+ private:
+  const GURL test_https_url_;
+};
+
 // Tests that client certificates are requested with ClientCertStore lookup.
 TEST_F(ClientCertResourceLoaderTest, WithStoreLookup) {
   // Set up the test client cert store.
@@ -993,4 +1079,42 @@ TEST_F(ResourceLoaderRedirectToFileTest, DownstreamDeferStart) {
   EXPECT_FALSE(base::PathExists(temp_path()));
 }
 
+// Test that an HTTPS resource has the expected security info attached
+// to it.
+TEST_F(HTTPSSecurityInfoResourceLoaderTest, SecurityInfoOnHTTPSResource) {
+  // Start the request and wait for it to finish.
+  scoped_ptr<net::URLRequest> request(
+      resource_context_.GetRequestContext()->CreateRequest(
+          test_https_url(), net::DEFAULT_PRIORITY, nullptr /* delegate */));
+  SetUpResourceLoader(request.Pass());
+
+  // Send the request and wait until it completes.
+  loader_->StartRequest();
+  base::RunLoop().RunUntilIdle();
+  ASSERT_EQ(net::URLRequestStatus::SUCCESS,
+            raw_ptr_to_request_->status().status());
+  ASSERT_TRUE(raw_ptr_resource_handler_->received_response_completed());
+
+  ResourceResponse* response = raw_ptr_resource_handler_->response();
+  ASSERT_TRUE(response);
+
+  // Deserialize the security info from the response and check that it
+  // is as expected.
+  SSLStatus deserialized;
+  ASSERT_TRUE(
+      DeserializeSecurityInfo(response->head.security_info, &deserialized));
+
+  // Expect a BROKEN security style because the cert status has errors.
+  EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATION_BROKEN,
+            deserialized.security_style);
+  scoped_refptr<net::X509Certificate> cert;
+  ASSERT_TRUE(
+      CertStore::GetInstance()->RetrieveCert(deserialized.cert_id, &cert));
+  EXPECT_TRUE(cert->Equals(GetTestCert().get()));
+
+  EXPECT_EQ(kTestCertError, deserialized.cert_status);
+  EXPECT_EQ(kTestConnectionStatus, deserialized.connection_status);
+  EXPECT_EQ(kTestSecurityBits, deserialized.security_bits);
+}
+
 }  // namespace content