| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/ssl/security_state_model.h" | 5 #include "chrome/browser/ssl/security_state_model.h" |
| 6 | 6 |
| 7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
| 8 #include "base/files/file_path.h" | 8 #include "base/files/file_path.h" |
| 9 #include "base/macros.h" | 9 #include "base/macros.h" |
| 10 #include "base/prefs/pref_service.h" | 10 #include "base/prefs/pref_service.h" |
| 11 #include "base/strings/string_split.h" |
| 11 #include "chrome/browser/ssl/cert_verifier_browser_test.h" | 12 #include "chrome/browser/ssl/cert_verifier_browser_test.h" |
| 12 #include "chrome/browser/ssl/ssl_blocking_page.h" | 13 #include "chrome/browser/ssl/ssl_blocking_page.h" |
| 13 #include "chrome/browser/ui/browser.h" | 14 #include "chrome/browser/ui/browser.h" |
| 14 #include "chrome/browser/ui/tabs/tab_strip_model.h" | 15 #include "chrome/browser/ui/tabs/tab_strip_model.h" |
| 15 #include "chrome/common/chrome_paths.h" | 16 #include "chrome/common/chrome_paths.h" |
| 16 #include "chrome/common/chrome_switches.h" | 17 #include "chrome/common/chrome_switches.h" |
| 17 #include "chrome/common/pref_names.h" | 18 #include "chrome/common/pref_names.h" |
| 18 #include "chrome/test/base/in_process_browser_test.h" | 19 #include "chrome/test/base/in_process_browser_test.h" |
| 19 #include "chrome/test/base/ui_test_utils.h" | 20 #include "chrome/test/base/ui_test_utils.h" |
| 20 #include "content/public/browser/cert_store.h" | 21 #include "content/public/browser/cert_store.h" |
| 21 #include "content/public/browser/interstitial_page.h" | 22 #include "content/public/browser/interstitial_page.h" |
| 22 #include "content/public/browser/navigation_controller.h" | 23 #include "content/public/browser/navigation_controller.h" |
| 23 #include "content/public/browser/notification_service.h" | 24 #include "content/public/browser/notification_service.h" |
| 24 #include "content/public/browser/notification_types.h" | 25 #include "content/public/browser/notification_types.h" |
| 25 #include "content/public/browser/web_contents.h" | 26 #include "content/public/browser/web_contents.h" |
| 26 #include "content/public/common/referrer.h" | 27 #include "content/public/common/referrer.h" |
| 27 #include "content/public/test/browser_test_utils.h" | 28 #include "content/public/test/browser_test_utils.h" |
| 28 #include "net/base/net_errors.h" | 29 #include "net/base/net_errors.h" |
| 29 #include "net/cert/cert_status_flags.h" | 30 #include "net/cert/cert_status_flags.h" |
| 30 #include "net/cert/cert_verify_result.h" | 31 #include "net/cert/cert_verify_result.h" |
| 31 #include "net/cert/mock_cert_verifier.h" | 32 #include "net/cert/mock_cert_verifier.h" |
| 32 #include "net/cert/x509_certificate.h" | 33 #include "net/cert/x509_certificate.h" |
| 33 #include "net/dns/mock_host_resolver.h" | 34 #include "net/dns/mock_host_resolver.h" |
| 35 #include "net/test/embedded_test_server/embedded_test_server.h" |
| 36 #include "net/test/embedded_test_server/request_handler_util.h" |
| 34 #include "net/test/url_request/url_request_failed_job.h" | 37 #include "net/test/url_request/url_request_failed_job.h" |
| 35 #include "net/url_request/url_request_filter.h" | 38 #include "net/url_request/url_request_filter.h" |
| 36 | 39 |
| 37 namespace { | 40 namespace { |
| 38 | 41 |
| 39 const base::FilePath::CharType kDocRoot[] = | 42 const base::FilePath::CharType kDocRoot[] = |
| 40 FILE_PATH_LITERAL("chrome/test/data"); | 43 FILE_PATH_LITERAL("chrome/test/data"); |
| 41 | 44 |
| 42 void CheckSecurityInfoForSecure( | 45 void CheckSecurityInfoForSecure( |
| 43 content::WebContents* contents, | 46 content::WebContents* contents, |
| (...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 80 EXPECT_TRUE(security_info.sct_verify_statuses.empty()); | 83 EXPECT_TRUE(security_info.sct_verify_statuses.empty()); |
| 81 EXPECT_FALSE(security_info.scheme_is_cryptographic); | 84 EXPECT_FALSE(security_info.scheme_is_cryptographic); |
| 82 EXPECT_FALSE(net::IsCertStatusError(security_info.cert_status)); | 85 EXPECT_FALSE(net::IsCertStatusError(security_info.cert_status)); |
| 83 EXPECT_EQ(-1, security_info.security_bits); | 86 EXPECT_EQ(-1, security_info.security_bits); |
| 84 EXPECT_EQ(0, security_info.cert_id); | 87 EXPECT_EQ(0, security_info.cert_id); |
| 85 } | 88 } |
| 86 | 89 |
| 87 class SecurityStateModelTest : public CertVerifierBrowserTest { | 90 class SecurityStateModelTest : public CertVerifierBrowserTest { |
| 88 public: | 91 public: |
| 89 SecurityStateModelTest() | 92 SecurityStateModelTest() |
| 90 : https_server_(net::SpawnedTestServer::TYPE_HTTPS, | 93 : https_server_(net::EmbeddedTestServer::TYPE_HTTPS) { |
| 91 SSLOptions(SSLOptions::CERT_OK), | 94 https_server_.ServeFilesFromSourceDirectory(base::FilePath(kDocRoot)); |
| 92 base::FilePath(kDocRoot)) {} | 95 } |
| 93 | 96 |
| 94 void SetUpCommandLine(base::CommandLine* command_line) override { | 97 void SetUpCommandLine(base::CommandLine* command_line) override { |
| 95 // Browser will both run and display insecure content. | 98 // Browser will both run and display insecure content. |
| 96 command_line->AppendSwitch(switches::kAllowRunningInsecureContent); | 99 command_line->AppendSwitch(switches::kAllowRunningInsecureContent); |
| 97 } | 100 } |
| 98 | 101 |
| 99 void ProceedThroughInterstitial(content::WebContents* tab) { | 102 void ProceedThroughInterstitial(content::WebContents* tab) { |
| 100 content::InterstitialPage* interstitial_page = tab->GetInterstitialPage(); | 103 content::InterstitialPage* interstitial_page = tab->GetInterstitialPage(); |
| 101 ASSERT_TRUE(interstitial_page); | 104 ASSERT_TRUE(interstitial_page); |
| 102 ASSERT_EQ(SSLBlockingPage::kTypeForTesting, | 105 ASSERT_EQ(SSLBlockingPage::kTypeForTesting, |
| 103 interstitial_page->GetDelegateForTesting()->GetTypeForTesting()); | 106 interstitial_page->GetDelegateForTesting()->GetTypeForTesting()); |
| 104 content::WindowedNotificationObserver observer( | 107 content::WindowedNotificationObserver observer( |
| 105 content::NOTIFICATION_LOAD_STOP, | 108 content::NOTIFICATION_LOAD_STOP, |
| 106 content::Source<content::NavigationController>(&tab->GetController())); | 109 content::Source<content::NavigationController>(&tab->GetController())); |
| 107 interstitial_page->Proceed(); | 110 interstitial_page->Proceed(); |
| 108 observer.Wait(); | 111 observer.Wait(); |
| 109 } | 112 } |
| 110 | 113 |
| 111 static bool GetFilePathWithHostAndPortReplacement( | 114 static void GetFilePathWithHostAndPortReplacement( |
| 112 const std::string& original_file_path, | 115 const std::string& original_file_path, |
| 113 const net::HostPortPair& host_port_pair, | 116 const net::HostPortPair& host_port_pair, |
| 114 std::string* replacement_path) { | 117 std::string* replacement_path) { |
| 115 std::vector<net::SpawnedTestServer::StringPair> replacement_text; | 118 base::StringPairs replacement_text; |
| 116 replacement_text.push_back( | 119 replacement_text.push_back( |
| 117 make_pair("REPLACE_WITH_HOST_AND_PORT", host_port_pair.ToString())); | 120 make_pair("REPLACE_WITH_HOST_AND_PORT", host_port_pair.ToString())); |
| 118 return net::SpawnedTestServer::GetFilePathWithReplacements( | 121 net::test_server::GetFilePathWithReplacements( |
| 119 original_file_path, replacement_text, replacement_path); | 122 original_file_path, replacement_text, replacement_path); |
| 120 } | 123 } |
| 121 | 124 |
| 122 protected: | 125 protected: |
| 123 void SetUpMockCertVerifierForHttpsServer(net::CertStatus cert_status, | 126 void SetUpMockCertVerifierForHttpsServer(net::CertStatus cert_status, |
| 124 int net_result) { | 127 int net_result) { |
| 125 scoped_refptr<net::X509Certificate> cert(https_server_.GetCertificate()); | 128 scoped_refptr<net::X509Certificate> cert(https_server_.GetCertificate()); |
| 126 net::CertVerifyResult verify_result; | 129 net::CertVerifyResult verify_result; |
| 127 verify_result.is_issued_by_known_root = true; | 130 verify_result.is_issued_by_known_root = true; |
| 128 verify_result.verified_cert = cert; | 131 verify_result.verified_cert = cert; |
| 129 verify_result.cert_status = cert_status; | 132 verify_result.cert_status = cert_status; |
| 130 | 133 |
| 131 mock_cert_verifier()->AddResultForCert(cert.get(), verify_result, | 134 mock_cert_verifier()->AddResultForCert(cert.get(), verify_result, |
| 132 net_result); | 135 net_result); |
| 133 } | 136 } |
| 134 | 137 |
| 135 net::SpawnedTestServer https_server_; | 138 net::EmbeddedTestServer https_server_; |
| 136 | |
| 137 private: | |
| 138 typedef net::SpawnedTestServer::SSLOptions SSLOptions; | |
| 139 | 139 |
| 140 DISALLOW_COPY_AND_ASSIGN(SecurityStateModelTest); | 140 DISALLOW_COPY_AND_ASSIGN(SecurityStateModelTest); |
| 141 }; | 141 }; |
| 142 | 142 |
| 143 IN_PROC_BROWSER_TEST_F(SecurityStateModelTest, HttpPage) { | 143 IN_PROC_BROWSER_TEST_F(SecurityStateModelTest, HttpPage) { |
| 144 ASSERT_TRUE(test_server()->Start()); | 144 ASSERT_TRUE(embedded_test_server()->Start()); |
| 145 ui_test_utils::NavigateToURL(browser(), | 145 ui_test_utils::NavigateToURL( |
| 146 test_server()->GetURL("files/ssl/google.html")); | 146 browser(), embedded_test_server()->GetURL("/ssl/google.html")); |
| 147 content::WebContents* contents = | 147 content::WebContents* contents = |
| 148 browser()->tab_strip_model()->GetActiveWebContents(); | 148 browser()->tab_strip_model()->GetActiveWebContents(); |
| 149 ASSERT_TRUE(contents); | 149 ASSERT_TRUE(contents); |
| 150 | 150 |
| 151 SecurityStateModel* model = SecurityStateModel::FromWebContents(contents); | 151 SecurityStateModel* model = SecurityStateModel::FromWebContents(contents); |
| 152 ASSERT_TRUE(model); | 152 ASSERT_TRUE(model); |
| 153 const SecurityStateModel::SecurityInfo& security_info = | 153 const SecurityStateModel::SecurityInfo& security_info = |
| 154 model->GetSecurityInfo(); | 154 model->GetSecurityInfo(); |
| 155 EXPECT_EQ(SecurityStateModel::NONE, security_info.security_level); | 155 EXPECT_EQ(SecurityStateModel::NONE, security_info.security_level); |
| 156 EXPECT_EQ(SecurityStateModel::NO_DEPRECATED_SHA1, | 156 EXPECT_EQ(SecurityStateModel::NO_DEPRECATED_SHA1, |
| 157 security_info.sha1_deprecation_status); | 157 security_info.sha1_deprecation_status); |
| 158 EXPECT_EQ(SecurityStateModel::NO_MIXED_CONTENT, | 158 EXPECT_EQ(SecurityStateModel::NO_MIXED_CONTENT, |
| 159 security_info.mixed_content_status); | 159 security_info.mixed_content_status); |
| 160 EXPECT_TRUE(security_info.sct_verify_statuses.empty()); | 160 EXPECT_TRUE(security_info.sct_verify_statuses.empty()); |
| 161 EXPECT_FALSE(security_info.scheme_is_cryptographic); | 161 EXPECT_FALSE(security_info.scheme_is_cryptographic); |
| 162 EXPECT_FALSE(net::IsCertStatusError(security_info.cert_status)); | 162 EXPECT_FALSE(net::IsCertStatusError(security_info.cert_status)); |
| 163 EXPECT_EQ(0, security_info.cert_id); | 163 EXPECT_EQ(0, security_info.cert_id); |
| 164 EXPECT_EQ(-1, security_info.security_bits); | 164 EXPECT_EQ(-1, security_info.security_bits); |
| 165 EXPECT_EQ(0, security_info.connection_status); | 165 EXPECT_EQ(0, security_info.connection_status); |
| 166 } | 166 } |
| 167 | 167 |
| 168 IN_PROC_BROWSER_TEST_F(SecurityStateModelTest, HttpsPage) { | 168 IN_PROC_BROWSER_TEST_F(SecurityStateModelTest, HttpsPage) { |
| 169 ASSERT_TRUE(https_server_.Start()); | 169 ASSERT_TRUE(https_server_.Start()); |
| 170 SetUpMockCertVerifierForHttpsServer(0, net::OK); | 170 SetUpMockCertVerifierForHttpsServer(0, net::OK); |
| 171 | 171 |
| 172 ui_test_utils::NavigateToURL(browser(), | 172 ui_test_utils::NavigateToURL(browser(), |
| 173 https_server_.GetURL("files/ssl/google.html")); | 173 https_server_.GetURL("/ssl/google.html")); |
| 174 CheckSecurityInfoForSecure( | 174 CheckSecurityInfoForSecure( |
| 175 browser()->tab_strip_model()->GetActiveWebContents(), | 175 browser()->tab_strip_model()->GetActiveWebContents(), |
| 176 SecurityStateModel::SECURE, SecurityStateModel::NO_DEPRECATED_SHA1, | 176 SecurityStateModel::SECURE, SecurityStateModel::NO_DEPRECATED_SHA1, |
| 177 SecurityStateModel::NO_MIXED_CONTENT, | 177 SecurityStateModel::NO_MIXED_CONTENT, |
| 178 false /* expect cert status error */); | 178 false /* expect cert status error */); |
| 179 } | 179 } |
| 180 | 180 |
| 181 IN_PROC_BROWSER_TEST_F(SecurityStateModelTest, SHA1Broken) { | 181 IN_PROC_BROWSER_TEST_F(SecurityStateModelTest, SHA1Broken) { |
| 182 ASSERT_TRUE(https_server_.Start()); | 182 ASSERT_TRUE(https_server_.Start()); |
| 183 // The test server uses a long-lived cert by default, so a SHA1 | 183 // The test server uses a long-lived cert by default, so a SHA1 |
| 184 // signature in it will register as a "broken" condition rather than | 184 // signature in it will register as a "broken" condition rather than |
| 185 // "warning". | 185 // "warning". |
| 186 SetUpMockCertVerifierForHttpsServer(net::CERT_STATUS_SHA1_SIGNATURE_PRESENT, | 186 SetUpMockCertVerifierForHttpsServer(net::CERT_STATUS_SHA1_SIGNATURE_PRESENT, |
| 187 net::OK); | 187 net::OK); |
| 188 | 188 |
| 189 ui_test_utils::NavigateToURL(browser(), | 189 ui_test_utils::NavigateToURL(browser(), |
| 190 https_server_.GetURL("files/ssl/google.html")); | 190 https_server_.GetURL("/ssl/google.html")); |
| 191 CheckSecurityInfoForSecure( | 191 CheckSecurityInfoForSecure( |
| 192 browser()->tab_strip_model()->GetActiveWebContents(), | 192 browser()->tab_strip_model()->GetActiveWebContents(), |
| 193 SecurityStateModel::SECURITY_ERROR, | 193 SecurityStateModel::SECURITY_ERROR, |
| 194 SecurityStateModel::DEPRECATED_SHA1_MAJOR, | 194 SecurityStateModel::DEPRECATED_SHA1_MAJOR, |
| 195 SecurityStateModel::NO_MIXED_CONTENT, | 195 SecurityStateModel::NO_MIXED_CONTENT, |
| 196 false /* expect cert status error */); | 196 false /* expect cert status error */); |
| 197 } | 197 } |
| 198 | 198 |
| 199 IN_PROC_BROWSER_TEST_F(SecurityStateModelTest, MixedContent) { | 199 IN_PROC_BROWSER_TEST_F(SecurityStateModelTest, MixedContent) { |
| 200 ASSERT_TRUE(test_server()->Start()); | 200 ASSERT_TRUE(embedded_test_server()->Start()); |
| 201 ASSERT_TRUE(https_server_.Start()); | 201 ASSERT_TRUE(https_server_.Start()); |
| 202 SetUpMockCertVerifierForHttpsServer(0, net::OK); | 202 SetUpMockCertVerifierForHttpsServer(0, net::OK); |
| 203 | 203 |
| 204 // Navigate to an HTTPS page that displays mixed content. | 204 // Navigate to an HTTPS page that displays mixed content. |
| 205 std::string replacement_path; | 205 std::string replacement_path; |
| 206 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement( | 206 GetFilePathWithHostAndPortReplacement( |
| 207 "files/ssl/page_displays_insecure_content.html", | 207 "/ssl/page_displays_insecure_content.html", |
| 208 test_server()->host_port_pair(), &replacement_path)); | 208 embedded_test_server()->host_port_pair(), &replacement_path); |
| 209 ui_test_utils::NavigateToURL(browser(), | 209 ui_test_utils::NavigateToURL(browser(), |
| 210 https_server_.GetURL(replacement_path)); | 210 https_server_.GetURL(replacement_path)); |
| 211 CheckSecurityInfoForSecure( | 211 CheckSecurityInfoForSecure( |
| 212 browser()->tab_strip_model()->GetActiveWebContents(), | 212 browser()->tab_strip_model()->GetActiveWebContents(), |
| 213 SecurityStateModel::NONE, SecurityStateModel::NO_DEPRECATED_SHA1, | 213 SecurityStateModel::NONE, SecurityStateModel::NO_DEPRECATED_SHA1, |
| 214 SecurityStateModel::DISPLAYED_MIXED_CONTENT, | 214 SecurityStateModel::DISPLAYED_MIXED_CONTENT, |
| 215 false /* expect cert status error */); | 215 false /* expect cert status error */); |
| 216 | 216 |
| 217 // Navigate to an HTTPS page that displays mixed content dynamically. | 217 // Navigate to an HTTPS page that displays mixed content dynamically. |
| 218 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement( | 218 GetFilePathWithHostAndPortReplacement( |
| 219 "files/ssl/page_with_dynamic_insecure_content.html", | 219 "/ssl/page_with_dynamic_insecure_content.html", |
| 220 test_server()->host_port_pair(), &replacement_path)); | 220 embedded_test_server()->host_port_pair(), &replacement_path); |
| 221 ui_test_utils::NavigateToURL(browser(), | 221 ui_test_utils::NavigateToURL(browser(), |
| 222 https_server_.GetURL(replacement_path)); | 222 https_server_.GetURL(replacement_path)); |
| 223 CheckSecurityInfoForSecure( | 223 CheckSecurityInfoForSecure( |
| 224 browser()->tab_strip_model()->GetActiveWebContents(), | 224 browser()->tab_strip_model()->GetActiveWebContents(), |
| 225 SecurityStateModel::SECURE, SecurityStateModel::NO_DEPRECATED_SHA1, | 225 SecurityStateModel::SECURE, SecurityStateModel::NO_DEPRECATED_SHA1, |
| 226 SecurityStateModel::NO_MIXED_CONTENT, | 226 SecurityStateModel::NO_MIXED_CONTENT, |
| 227 false /* expect cert status error */); | 227 false /* expect cert status error */); |
| 228 // Load the insecure image. | 228 // Load the insecure image. |
| 229 bool js_result = false; | 229 bool js_result = false; |
| 230 EXPECT_TRUE(content::ExecuteScriptAndExtractBool( | 230 EXPECT_TRUE(content::ExecuteScriptAndExtractBool( |
| 231 browser()->tab_strip_model()->GetActiveWebContents(), "loadBadImage();", | 231 browser()->tab_strip_model()->GetActiveWebContents(), "loadBadImage();", |
| 232 &js_result)); | 232 &js_result)); |
| 233 EXPECT_TRUE(js_result); | 233 EXPECT_TRUE(js_result); |
| 234 CheckSecurityInfoForSecure( | 234 CheckSecurityInfoForSecure( |
| 235 browser()->tab_strip_model()->GetActiveWebContents(), | 235 browser()->tab_strip_model()->GetActiveWebContents(), |
| 236 SecurityStateModel::NONE, SecurityStateModel::NO_DEPRECATED_SHA1, | 236 SecurityStateModel::NONE, SecurityStateModel::NO_DEPRECATED_SHA1, |
| 237 SecurityStateModel::DISPLAYED_MIXED_CONTENT, | 237 SecurityStateModel::DISPLAYED_MIXED_CONTENT, |
| 238 false /* expect cert status error */); | 238 false /* expect cert status error */); |
| 239 | 239 |
| 240 // Navigate to an HTTPS page that runs mixed content. | 240 // Navigate to an HTTPS page that runs mixed content. |
| 241 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement( | 241 GetFilePathWithHostAndPortReplacement( |
| 242 "files/ssl/page_runs_insecure_content.html", | 242 "/ssl/page_runs_insecure_content.html", |
| 243 test_server()->host_port_pair(), &replacement_path)); | 243 embedded_test_server()->host_port_pair(), &replacement_path); |
| 244 ui_test_utils::NavigateToURL(browser(), | 244 ui_test_utils::NavigateToURL(browser(), |
| 245 https_server_.GetURL(replacement_path)); | 245 https_server_.GetURL(replacement_path)); |
| 246 CheckSecurityInfoForSecure( | 246 CheckSecurityInfoForSecure( |
| 247 browser()->tab_strip_model()->GetActiveWebContents(), | 247 browser()->tab_strip_model()->GetActiveWebContents(), |
| 248 SecurityStateModel::SECURITY_ERROR, | 248 SecurityStateModel::SECURITY_ERROR, |
| 249 SecurityStateModel::NO_DEPRECATED_SHA1, | 249 SecurityStateModel::NO_DEPRECATED_SHA1, |
| 250 SecurityStateModel::RAN_MIXED_CONTENT, | 250 SecurityStateModel::RAN_MIXED_CONTENT, |
| 251 false /* expect cert status error */); | 251 false /* expect cert status error */); |
| 252 | 252 |
| 253 // Navigate to an HTTPS page that runs and displays mixed content. | 253 // Navigate to an HTTPS page that runs and displays mixed content. |
| 254 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement( | 254 GetFilePathWithHostAndPortReplacement( |
| 255 "files/ssl/page_runs_and_displays_insecure_content.html", | 255 "/ssl/page_runs_and_displays_insecure_content.html", |
| 256 test_server()->host_port_pair(), &replacement_path)); | 256 embedded_test_server()->host_port_pair(), &replacement_path); |
| 257 ui_test_utils::NavigateToURL(browser(), | 257 ui_test_utils::NavigateToURL(browser(), |
| 258 https_server_.GetURL(replacement_path)); | 258 https_server_.GetURL(replacement_path)); |
| 259 CheckSecurityInfoForSecure( | 259 CheckSecurityInfoForSecure( |
| 260 browser()->tab_strip_model()->GetActiveWebContents(), | 260 browser()->tab_strip_model()->GetActiveWebContents(), |
| 261 SecurityStateModel::SECURITY_ERROR, | 261 SecurityStateModel::SECURITY_ERROR, |
| 262 SecurityStateModel::NO_DEPRECATED_SHA1, | 262 SecurityStateModel::NO_DEPRECATED_SHA1, |
| 263 SecurityStateModel::RAN_AND_DISPLAYED_MIXED_CONTENT, | 263 SecurityStateModel::RAN_AND_DISPLAYED_MIXED_CONTENT, |
| 264 false /* expect cert status error */); | 264 false /* expect cert status error */); |
| 265 | 265 |
| 266 // Navigate to an HTTPS page that runs mixed content in an iframe. | 266 // Navigate to an HTTPS page that runs mixed content in an iframe. |
| 267 net::HostPortPair host_port_pair = | 267 net::HostPortPair host_port_pair = |
| 268 net::HostPortPair::FromURL(https_server_.GetURL("/")); | 268 net::HostPortPair::FromURL(https_server_.GetURL("/")); |
| 269 host_port_pair.set_host("different-host.test"); | 269 host_port_pair.set_host("different-host.test"); |
| 270 host_resolver()->AddRule("different-host.test", | 270 host_resolver()->AddRule("different-host.test", |
| 271 https_server_.GetURL("/").host()); | 271 https_server_.GetURL("/").host()); |
| 272 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement( | 272 host_resolver()->AddRule("different-http-host.test", |
| 273 "files/ssl/page_runs_insecure_content_in_iframe.html", host_port_pair, | 273 embedded_test_server()->GetURL("/").host()); |
| 274 &replacement_path)); | 274 GetFilePathWithHostAndPortReplacement( |
| 275 "/ssl/page_runs_insecure_content_in_iframe.html", host_port_pair, |
| 276 &replacement_path); |
| 275 ui_test_utils::NavigateToURL(browser(), | 277 ui_test_utils::NavigateToURL(browser(), |
| 276 https_server_.GetURL(replacement_path)); | 278 https_server_.GetURL(replacement_path)); |
| 277 CheckSecurityInfoForSecure( | 279 CheckSecurityInfoForSecure( |
| 278 browser()->tab_strip_model()->GetActiveWebContents(), | 280 browser()->tab_strip_model()->GetActiveWebContents(), |
| 279 SecurityStateModel::SECURITY_ERROR, | 281 SecurityStateModel::SECURITY_ERROR, |
| 280 SecurityStateModel::NO_DEPRECATED_SHA1, | 282 SecurityStateModel::NO_DEPRECATED_SHA1, |
| 281 SecurityStateModel::RAN_MIXED_CONTENT, | 283 SecurityStateModel::RAN_MIXED_CONTENT, |
| 282 false /* expect cert status error */); | 284 false /* expect cert status error */); |
| 283 } | 285 } |
| 284 | 286 |
| 285 // Same as the test above but with a long-lived SHA1 cert. | 287 // Same as the test above but with a long-lived SHA1 cert. |
| 286 IN_PROC_BROWSER_TEST_F(SecurityStateModelTest, MixedContentWithBrokenSHA1) { | 288 IN_PROC_BROWSER_TEST_F(SecurityStateModelTest, MixedContentWithBrokenSHA1) { |
| 287 ASSERT_TRUE(test_server()->Start()); | 289 ASSERT_TRUE(embedded_test_server()->Start()); |
| 288 ASSERT_TRUE(https_server_.Start()); | 290 ASSERT_TRUE(https_server_.Start()); |
| 289 // The test server uses a long-lived cert by default, so a SHA1 | 291 // The test server uses a long-lived cert by default, so a SHA1 |
| 290 // signature in it will register as a "broken" condition rather than | 292 // signature in it will register as a "broken" condition rather than |
| 291 // "warning". | 293 // "warning". |
| 292 SetUpMockCertVerifierForHttpsServer(net::CERT_STATUS_SHA1_SIGNATURE_PRESENT, | 294 SetUpMockCertVerifierForHttpsServer(net::CERT_STATUS_SHA1_SIGNATURE_PRESENT, |
| 293 net::OK); | 295 net::OK); |
| 294 | 296 |
| 295 // Navigate to an HTTPS page that displays mixed content. | 297 // Navigate to an HTTPS page that displays mixed content. |
| 296 std::string replacement_path; | 298 std::string replacement_path; |
| 297 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement( | 299 GetFilePathWithHostAndPortReplacement( |
| 298 "files/ssl/page_displays_insecure_content.html", | 300 "/ssl/page_displays_insecure_content.html", |
| 299 test_server()->host_port_pair(), &replacement_path)); | 301 embedded_test_server()->host_port_pair(), &replacement_path); |
| 300 ui_test_utils::NavigateToURL(browser(), | 302 ui_test_utils::NavigateToURL(browser(), |
| 301 https_server_.GetURL(replacement_path)); | 303 https_server_.GetURL(replacement_path)); |
| 302 CheckSecurityInfoForSecure( | 304 CheckSecurityInfoForSecure( |
| 303 browser()->tab_strip_model()->GetActiveWebContents(), | 305 browser()->tab_strip_model()->GetActiveWebContents(), |
| 304 SecurityStateModel::SECURITY_ERROR, | 306 SecurityStateModel::SECURITY_ERROR, |
| 305 SecurityStateModel::DEPRECATED_SHA1_MAJOR, | 307 SecurityStateModel::DEPRECATED_SHA1_MAJOR, |
| 306 SecurityStateModel::DISPLAYED_MIXED_CONTENT, | 308 SecurityStateModel::DISPLAYED_MIXED_CONTENT, |
| 307 false /* expect cert status error */); | 309 false /* expect cert status error */); |
| 308 | 310 |
| 309 // Navigate to an HTTPS page that displays mixed content dynamically. | 311 // Navigate to an HTTPS page that displays mixed content dynamically. |
| 310 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement( | 312 GetFilePathWithHostAndPortReplacement( |
| 311 "files/ssl/page_with_dynamic_insecure_content.html", | 313 "/ssl/page_with_dynamic_insecure_content.html", |
| 312 test_server()->host_port_pair(), &replacement_path)); | 314 embedded_test_server()->host_port_pair(), &replacement_path); |
| 313 ui_test_utils::NavigateToURL(browser(), | 315 ui_test_utils::NavigateToURL(browser(), |
| 314 https_server_.GetURL(replacement_path)); | 316 https_server_.GetURL(replacement_path)); |
| 315 CheckSecurityInfoForSecure( | 317 CheckSecurityInfoForSecure( |
| 316 browser()->tab_strip_model()->GetActiveWebContents(), | 318 browser()->tab_strip_model()->GetActiveWebContents(), |
| 317 SecurityStateModel::SECURITY_ERROR, | 319 SecurityStateModel::SECURITY_ERROR, |
| 318 SecurityStateModel::DEPRECATED_SHA1_MAJOR, | 320 SecurityStateModel::DEPRECATED_SHA1_MAJOR, |
| 319 SecurityStateModel::NO_MIXED_CONTENT, | 321 SecurityStateModel::NO_MIXED_CONTENT, |
| 320 false /* expect cert status error */); | 322 false /* expect cert status error */); |
| 321 // Load the insecure image. | 323 // Load the insecure image. |
| 322 bool js_result = false; | 324 bool js_result = false; |
| 323 EXPECT_TRUE(content::ExecuteScriptAndExtractBool( | 325 EXPECT_TRUE(content::ExecuteScriptAndExtractBool( |
| 324 browser()->tab_strip_model()->GetActiveWebContents(), "loadBadImage();", | 326 browser()->tab_strip_model()->GetActiveWebContents(), "loadBadImage();", |
| 325 &js_result)); | 327 &js_result)); |
| 326 EXPECT_TRUE(js_result); | 328 EXPECT_TRUE(js_result); |
| 327 CheckSecurityInfoForSecure( | 329 CheckSecurityInfoForSecure( |
| 328 browser()->tab_strip_model()->GetActiveWebContents(), | 330 browser()->tab_strip_model()->GetActiveWebContents(), |
| 329 SecurityStateModel::SECURITY_ERROR, | 331 SecurityStateModel::SECURITY_ERROR, |
| 330 SecurityStateModel::DEPRECATED_SHA1_MAJOR, | 332 SecurityStateModel::DEPRECATED_SHA1_MAJOR, |
| 331 SecurityStateModel::DISPLAYED_MIXED_CONTENT, | 333 SecurityStateModel::DISPLAYED_MIXED_CONTENT, |
| 332 false /* expect cert status error */); | 334 false /* expect cert status error */); |
| 333 | 335 |
| 334 // Navigate to an HTTPS page that runs mixed content. | 336 // Navigate to an HTTPS page that runs mixed content. |
| 335 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement( | 337 GetFilePathWithHostAndPortReplacement( |
| 336 "files/ssl/page_runs_insecure_content.html", | 338 "/ssl/page_runs_insecure_content.html", |
| 337 test_server()->host_port_pair(), &replacement_path)); | 339 embedded_test_server()->host_port_pair(), &replacement_path); |
| 338 ui_test_utils::NavigateToURL(browser(), | 340 ui_test_utils::NavigateToURL(browser(), |
| 339 https_server_.GetURL(replacement_path)); | 341 https_server_.GetURL(replacement_path)); |
| 340 CheckSecurityInfoForSecure( | 342 CheckSecurityInfoForSecure( |
| 341 browser()->tab_strip_model()->GetActiveWebContents(), | 343 browser()->tab_strip_model()->GetActiveWebContents(), |
| 342 SecurityStateModel::SECURITY_ERROR, | 344 SecurityStateModel::SECURITY_ERROR, |
| 343 SecurityStateModel::DEPRECATED_SHA1_MAJOR, | 345 SecurityStateModel::DEPRECATED_SHA1_MAJOR, |
| 344 SecurityStateModel::RAN_MIXED_CONTENT, | 346 SecurityStateModel::RAN_MIXED_CONTENT, |
| 345 false /* expect cert status error */); | 347 false /* expect cert status error */); |
| 346 | 348 |
| 347 // Navigate to an HTTPS page that runs and displays mixed content. | 349 // Navigate to an HTTPS page that runs and displays mixed content. |
| 348 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement( | 350 GetFilePathWithHostAndPortReplacement( |
| 349 "files/ssl/page_runs_and_displays_insecure_content.html", | 351 "/ssl/page_runs_and_displays_insecure_content.html", |
| 350 test_server()->host_port_pair(), &replacement_path)); | 352 embedded_test_server()->host_port_pair(), &replacement_path); |
| 351 ui_test_utils::NavigateToURL(browser(), | 353 ui_test_utils::NavigateToURL(browser(), |
| 352 https_server_.GetURL(replacement_path)); | 354 https_server_.GetURL(replacement_path)); |
| 353 CheckSecurityInfoForSecure( | 355 CheckSecurityInfoForSecure( |
| 354 browser()->tab_strip_model()->GetActiveWebContents(), | 356 browser()->tab_strip_model()->GetActiveWebContents(), |
| 355 SecurityStateModel::SECURITY_ERROR, | 357 SecurityStateModel::SECURITY_ERROR, |
| 356 SecurityStateModel::DEPRECATED_SHA1_MAJOR, | 358 SecurityStateModel::DEPRECATED_SHA1_MAJOR, |
| 357 SecurityStateModel::RAN_AND_DISPLAYED_MIXED_CONTENT, | 359 SecurityStateModel::RAN_AND_DISPLAYED_MIXED_CONTENT, |
| 358 false /* expect cert status error */); | 360 false /* expect cert status error */); |
| 359 } | 361 } |
| 360 | 362 |
| 361 IN_PROC_BROWSER_TEST_F(SecurityStateModelTest, BrokenHTTPS) { | 363 IN_PROC_BROWSER_TEST_F(SecurityStateModelTest, BrokenHTTPS) { |
| 362 ASSERT_TRUE(test_server()->Start()); | 364 ASSERT_TRUE(embedded_test_server()->Start()); |
| 363 ASSERT_TRUE(https_server_.Start()); | 365 ASSERT_TRUE(https_server_.Start()); |
| 364 SetUpMockCertVerifierForHttpsServer(net::CERT_STATUS_DATE_INVALID, | 366 SetUpMockCertVerifierForHttpsServer(net::CERT_STATUS_DATE_INVALID, |
| 365 net::ERR_CERT_DATE_INVALID); | 367 net::ERR_CERT_DATE_INVALID); |
| 366 | 368 |
| 367 ui_test_utils::NavigateToURL(browser(), | 369 ui_test_utils::NavigateToURL(browser(), |
| 368 https_server_.GetURL("files/ssl/google.html")); | 370 https_server_.GetURL("/ssl/google.html")); |
| 369 CheckSecurityInfoForSecure( | 371 CheckSecurityInfoForSecure( |
| 370 browser()->tab_strip_model()->GetActiveWebContents(), | 372 browser()->tab_strip_model()->GetActiveWebContents(), |
| 371 SecurityStateModel::SECURITY_ERROR, | 373 SecurityStateModel::SECURITY_ERROR, |
| 372 SecurityStateModel::NO_DEPRECATED_SHA1, | 374 SecurityStateModel::NO_DEPRECATED_SHA1, |
| 373 SecurityStateModel::NO_MIXED_CONTENT, | 375 SecurityStateModel::NO_MIXED_CONTENT, |
| 374 true /* expect cert status error */); | 376 true /* expect cert status error */); |
| 375 | 377 |
| 376 ProceedThroughInterstitial( | 378 ProceedThroughInterstitial( |
| 377 browser()->tab_strip_model()->GetActiveWebContents()); | 379 browser()->tab_strip_model()->GetActiveWebContents()); |
| 378 | 380 |
| 379 CheckSecurityInfoForSecure( | 381 CheckSecurityInfoForSecure( |
| 380 browser()->tab_strip_model()->GetActiveWebContents(), | 382 browser()->tab_strip_model()->GetActiveWebContents(), |
| 381 SecurityStateModel::SECURITY_ERROR, | 383 SecurityStateModel::SECURITY_ERROR, |
| 382 SecurityStateModel::NO_DEPRECATED_SHA1, | 384 SecurityStateModel::NO_DEPRECATED_SHA1, |
| 383 SecurityStateModel::NO_MIXED_CONTENT, | 385 SecurityStateModel::NO_MIXED_CONTENT, |
| 384 true /* expect cert status error */); | 386 true /* expect cert status error */); |
| 385 | 387 |
| 386 // Navigate to a broken HTTPS page that displays mixed content. | 388 // Navigate to a broken HTTPS page that displays mixed content. |
| 387 std::string replacement_path; | 389 std::string replacement_path; |
| 388 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement( | 390 GetFilePathWithHostAndPortReplacement( |
| 389 "files/ssl/page_displays_insecure_content.html", | 391 "/ssl/page_displays_insecure_content.html", |
| 390 test_server()->host_port_pair(), &replacement_path)); | 392 embedded_test_server()->host_port_pair(), &replacement_path); |
| 391 ui_test_utils::NavigateToURL(browser(), | 393 ui_test_utils::NavigateToURL(browser(), |
| 392 https_server_.GetURL(replacement_path)); | 394 https_server_.GetURL(replacement_path)); |
| 393 CheckSecurityInfoForSecure( | 395 CheckSecurityInfoForSecure( |
| 394 browser()->tab_strip_model()->GetActiveWebContents(), | 396 browser()->tab_strip_model()->GetActiveWebContents(), |
| 395 SecurityStateModel::SECURITY_ERROR, | 397 SecurityStateModel::SECURITY_ERROR, |
| 396 SecurityStateModel::NO_DEPRECATED_SHA1, | 398 SecurityStateModel::NO_DEPRECATED_SHA1, |
| 397 SecurityStateModel::DISPLAYED_MIXED_CONTENT, | 399 SecurityStateModel::DISPLAYED_MIXED_CONTENT, |
| 398 true /* expect cert status error */); | 400 true /* expect cert status error */); |
| 399 } | 401 } |
| 400 | 402 |
| (...skipping 23 matching lines...) Expand all Loading... |
| 424 scoped_ptr<net::URLRequestInterceptor>(new PendingJobInterceptor())); | 426 scoped_ptr<net::URLRequestInterceptor>(new PendingJobInterceptor())); |
| 425 } | 427 } |
| 426 | 428 |
| 427 class SecurityStateModelLoadingTest : public SecurityStateModelTest { | 429 class SecurityStateModelLoadingTest : public SecurityStateModelTest { |
| 428 public: | 430 public: |
| 429 SecurityStateModelLoadingTest() : SecurityStateModelTest() {} | 431 SecurityStateModelLoadingTest() : SecurityStateModelTest() {} |
| 430 ~SecurityStateModelLoadingTest() override{}; | 432 ~SecurityStateModelLoadingTest() override{}; |
| 431 | 433 |
| 432 protected: | 434 protected: |
| 433 void SetUpOnMainThread() override { | 435 void SetUpOnMainThread() override { |
| 436 embedded_test_server()->Start(); |
| 437 |
| 434 content::BrowserThread::PostTask( | 438 content::BrowserThread::PostTask( |
| 435 content::BrowserThread::IO, FROM_HERE, | 439 content::BrowserThread::IO, FROM_HERE, |
| 436 base::Bind(&InstallLoadingInterceptor, | 440 base::Bind(&InstallLoadingInterceptor, |
| 437 test_server()->GetURL("/").host())); | 441 embedded_test_server()->GetURL("/").host())); |
| 438 } | 442 } |
| 439 | 443 |
| 440 DISALLOW_COPY_AND_ASSIGN(SecurityStateModelLoadingTest); | 444 DISALLOW_COPY_AND_ASSIGN(SecurityStateModelLoadingTest); |
| 441 }; | 445 }; |
| 442 | 446 |
| 443 // Tests that navigation state changes cause the security state to be | 447 // Tests that navigation state changes cause the security state to be |
| 444 // updated. | 448 // updated. |
| 445 IN_PROC_BROWSER_TEST_F(SecurityStateModelLoadingTest, NavigationStateChanges) { | 449 IN_PROC_BROWSER_TEST_F(SecurityStateModelLoadingTest, NavigationStateChanges) { |
| 446 ASSERT_TRUE(https_server_.Start()); | 450 ASSERT_TRUE(https_server_.Start()); |
| 447 SetUpMockCertVerifierForHttpsServer(0, net::OK); | 451 SetUpMockCertVerifierForHttpsServer(0, net::OK); |
| 448 ASSERT_TRUE(test_server()->Start()); | |
| 449 | 452 |
| 450 // Navigate to an HTTPS page. | 453 // Navigate to an HTTPS page. |
| 451 ui_test_utils::NavigateToURL(browser(), | 454 ui_test_utils::NavigateToURL(browser(), |
| 452 https_server_.GetURL("files/ssl/google.html")); | 455 https_server_.GetURL("/ssl/google.html")); |
| 453 CheckSecurityInfoForSecure( | 456 CheckSecurityInfoForSecure( |
| 454 browser()->tab_strip_model()->GetActiveWebContents(), | 457 browser()->tab_strip_model()->GetActiveWebContents(), |
| 455 SecurityStateModel::SECURE, SecurityStateModel::NO_DEPRECATED_SHA1, | 458 SecurityStateModel::SECURE, SecurityStateModel::NO_DEPRECATED_SHA1, |
| 456 SecurityStateModel::NO_MIXED_CONTENT, | 459 SecurityStateModel::NO_MIXED_CONTENT, |
| 457 false /* expect cert status error */); | 460 false /* expect cert status error */); |
| 458 | 461 |
| 459 // Navigate to a page that doesn't finish loading. Test that the | 462 // Navigate to a page that doesn't finish loading. Test that the |
| 460 // security state is neutral while the page is loading. | 463 // security state is neutral while the page is loading. |
| 461 browser()->OpenURL(content::OpenURLParams(test_server()->GetURL("/"), | 464 browser()->OpenURL(content::OpenURLParams(embedded_test_server()->GetURL("/"), |
| 462 content::Referrer(), CURRENT_TAB, | 465 content::Referrer(), CURRENT_TAB, |
| 463 ui::PAGE_TRANSITION_TYPED, false)); | 466 ui::PAGE_TRANSITION_TYPED, false)); |
| 464 CheckSecurityInfoForNonSecure( | 467 CheckSecurityInfoForNonSecure( |
| 465 browser()->tab_strip_model()->GetActiveWebContents()); | 468 browser()->tab_strip_model()->GetActiveWebContents()); |
| 466 } | 469 } |
| 467 | 470 |
| 468 // Tests that the SecurityStateModel for a WebContents is up-to-date | 471 // Tests that the SecurityStateModel for a WebContents is up-to-date |
| 469 // when the WebContents is inserted into a Browser's TabStripModel. | 472 // when the WebContents is inserted into a Browser's TabStripModel. |
| 470 IN_PROC_BROWSER_TEST_F(SecurityStateModelTest, AddedTab) { | 473 IN_PROC_BROWSER_TEST_F(SecurityStateModelTest, AddedTab) { |
| 471 ASSERT_TRUE(https_server_.Start()); | 474 ASSERT_TRUE(https_server_.Start()); |
| (...skipping 18 matching lines...) Expand all Loading... |
| 490 | 493 |
| 491 browser()->tab_strip_model()->InsertWebContentsAt(0, new_contents, | 494 browser()->tab_strip_model()->InsertWebContentsAt(0, new_contents, |
| 492 TabStripModel::ADD_NONE); | 495 TabStripModel::ADD_NONE); |
| 493 CheckSecurityInfoForSecure(new_contents, SecurityStateModel::SECURE, | 496 CheckSecurityInfoForSecure(new_contents, SecurityStateModel::SECURE, |
| 494 SecurityStateModel::NO_DEPRECATED_SHA1, | 497 SecurityStateModel::NO_DEPRECATED_SHA1, |
| 495 SecurityStateModel::NO_MIXED_CONTENT, | 498 SecurityStateModel::NO_MIXED_CONTENT, |
| 496 false /* expect cert status error */); | 499 false /* expect cert status error */); |
| 497 } | 500 } |
| 498 | 501 |
| 499 } // namespace | 502 } // namespace |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1378123003:
Adding SSL ETS Tests (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@ets