Adding SSL ETS Tests

chrome/browser/ssl/ssl_browser_tests.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "base/base_switches.h"
 #include "base/bind.h"
 #include "base/bind_helpers.h"
 #include "base/callback.h"
 #include "base/command_line.h"
 #include "base/location.h"
 #include "base/metrics/field_trial.h"
 #include "base/prefs/pref_service.h"
 #include "base/single_thread_task_runner.h"
+#include "base/strings/string_split.h"
 #include "base/strings/string_util.h"
 #include "base/strings/stringprintf.h"
 #include "base/strings/utf_string_conversions.h"
 #include "base/test/histogram_tester.h"
 #include "base/test/simple_test_clock.h"
 #include "base/thread_task_runner_handle.h"
 #include "base/time/time.h"
 #include "chrome/app/chrome_command_ids.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/chrome_notification_types.h"
@@ skipping 45 matching lines @@
 #include "content/public/test/test_renderer_host.h"
 #include "net/base/host_port_pair.h"
 #include "net/base/net_errors.h"
 #include "net/base/test_data_directory.h"
 #include "net/cert/cert_status_flags.h"
 #include "net/cert/mock_cert_verifier.h"
 #include "net/cert/x509_certificate.h"
 #include "net/dns/mock_host_resolver.h"
 #include "net/ssl/ssl_info.h"
 #include "net/test/cert_test_util.h"
-#include "net/test/spawned_test_server/spawned_test_server.h"
+#include "net/test/embedded_test_server/embedded_test_server.h"
+#include "net/test/embedded_test_server/request_handler_util.h"
 #include "net/test/test_certificate_data.h"
 #include "net/url_request/url_request_context.h"
 
 #if defined(USE_NSS_CERTS)
 #include "chrome/browser/net/nss_context.h"
 #include "net/base/crypto_module.h"
 #include "net/cert/nss_cert_database.h"
 #endif  // defined(USE_NSS_CERTS)
 
 using base::ASCIIToUTF16;
@@ skipping 171 matching lines @@
   two_without_cert_id.cert_id = 0;
   EXPECT_TRUE(one_without_cert_id.Equals(two_without_cert_id));
 }
 
 }  // namespace
 
 class SSLUITest
     : public certificate_reporting_test_utils::CertificateReportingTest {
  public:
   SSLUITest()
-      : https_server_(net::SpawnedTestServer::TYPE_HTTPS,
-                      SSLOptions(SSLOptions::CERT_OK),
-                      base::FilePath(kDocRoot)),
-        https_server_expired_(net::SpawnedTestServer::TYPE_HTTPS,
-                              SSLOptions(SSLOptions::CERT_EXPIRED),
-                              base::FilePath(kDocRoot)),
-        https_server_mismatched_(net::SpawnedTestServer::TYPE_HTTPS,
-                                 SSLOptions(SSLOptions::CERT_MISMATCHED_NAME),
-                                 base::FilePath(kDocRoot)),
+      : https_server_(net::EmbeddedTestServer::TYPE_HTTPS),
+        https_server_expired_(net::EmbeddedTestServer::TYPE_HTTPS),
+        https_server_mismatched_(net::EmbeddedTestServer::TYPE_HTTPS),
         wss_server_expired_(net::SpawnedTestServer::TYPE_WSS,
                             SSLOptions(SSLOptions::CERT_EXPIRED),
-                            net::GetWebSocketTestDataDirectory()) {}
+                            net::GetWebSocketTestDataDirectory()) {
+    https_server_.AddDefaultHandlers(base::FilePath(kDocRoot));
+
+    https_server_expired_.SetSSLConfig(net::EmbeddedTestServer::CERT_EXPIRED);
+    https_server_expired_.AddDefaultHandlers(base::FilePath(kDocRoot));
+
+    https_server_mismatched_.SetSSLConfig(
+        net::EmbeddedTestServer::CERT_MISMATCHED_NAME);
+    https_server_mismatched_.AddDefaultHandlers(base::FilePath(kDocRoot));
+  }
 
   void SetUpCommandLine(base::CommandLine* command_line) override {
     // Browser will both run and display insecure content.
     command_line->AppendSwitch(switches::kAllowRunningInsecureContent);
     // Use process-per-site so that navigating to a same-site page in a
     // new tab will use the same process.
     command_line->AppendSwitch(switches::kProcessPerSite);
   }
 
   void CheckAuthenticatedState(WebContents* tab,
@@ skipping 68 matching lines @@
     interstitial_page->Proceed();
     observer.Wait();
   }
 
   bool IsShowingWebContentsModalDialog() const {
     return WebContentsModalDialogManager::FromWebContents(
         browser()->tab_strip_model()->GetActiveWebContents())->
             IsDialogActive();
   }
 
-  static bool GetFilePathWithHostAndPortReplacement(
+  static void GetFilePathWithHostAndPortReplacement(
       const std::string& original_file_path,
       const net::HostPortPair& host_port_pair,
       std::string* replacement_path) {
-    std::vector<net::SpawnedTestServer::StringPair> replacement_text;
+    base::StringPairs replacement_text;
     replacement_text.push_back(
         make_pair("REPLACE_WITH_HOST_AND_PORT", host_port_pair.ToString()));
-    return net::SpawnedTestServer::GetFilePathWithReplacements(
+    net::test_server::GetFilePathWithReplacements(
         original_file_path, replacement_text, replacement_path);
   }
 
-  static bool GetTopFramePath(const net::SpawnedTestServer& http_server,
-                              const net::SpawnedTestServer& good_https_server,
-                              const net::SpawnedTestServer& bad_https_server,
+  static void GetTopFramePath(const net::EmbeddedTestServer& http_server,
+                              const net::EmbeddedTestServer& good_https_server,
+                              const net::EmbeddedTestServer& bad_https_server,
                               std::string* top_frame_path) {
     // The "frame_left.html" page contained in the top_frame.html page contains
     // <a href>'s to three different servers. This sets up all of the
     // replacement text to work with test servers which listen on ephemeral
     // ports.
-    GURL http_url = http_server.GetURL("files/ssl/google.html");
-    GURL good_https_url = good_https_server.GetURL("files/ssl/google.html");
-    GURL bad_https_url = bad_https_server.GetURL(
-        "files/ssl/bad_iframe.html");
+    GURL http_url = http_server.GetURL("/ssl/google.html");
+    GURL good_https_url = good_https_server.GetURL("/ssl/google.html");
+    GURL bad_https_url = bad_https_server.GetURL("/ssl/bad_iframe.html");
 
-    std::vector<net::SpawnedTestServer::StringPair> replacement_text_frame_left;
+    base::StringPairs replacement_text_frame_left;
     replacement_text_frame_left.push_back(
         make_pair("REPLACE_WITH_HTTP_PAGE", http_url.spec()));
     replacement_text_frame_left.push_back(
         make_pair("REPLACE_WITH_GOOD_HTTPS_PAGE", good_https_url.spec()));
     replacement_text_frame_left.push_back(
         make_pair("REPLACE_WITH_BAD_HTTPS_PAGE", bad_https_url.spec()));
     std::string frame_left_path;
-    if (!net::SpawnedTestServer::GetFilePathWithReplacements(
-            "frame_left.html",
-            replacement_text_frame_left,
-            &frame_left_path))
-      return false;
+    net::test_server::GetFilePathWithReplacements(
+        "frame_left.html", replacement_text_frame_left, &frame_left_path);
 
     // Substitute the generated frame_left URL into the top_frame page.
-    std::vector<net::SpawnedTestServer::StringPair> replacement_text_top_frame;
+    base::StringPairs replacement_text_top_frame;
     replacement_text_top_frame.push_back(
         make_pair("REPLACE_WITH_FRAME_LEFT_PATH", frame_left_path));
-    return net::SpawnedTestServer::GetFilePathWithReplacements(
-        "files/ssl/top_frame.html",
-        replacement_text_top_frame,
-        top_frame_path);
+    net::test_server::GetFilePathWithReplacements(
+        "/ssl/top_frame.html", replacement_text_top_frame, top_frame_path);
   }
 
-  static bool GetPageWithUnsafeWorkerPath(
-      const net::SpawnedTestServer& https_server,
+  static void GetPageWithUnsafeWorkerPath(
+      const net::EmbeddedTestServer& https_server,
       std::string* page_with_unsafe_worker_path) {
     // Get the "imported.js" URL from the expired https server and
     // substitute it into the unsafe_worker.js file.
-    GURL imported_js_url = https_server.GetURL("files/ssl/imported.js");
-    std::vector<net::SpawnedTestServer::StringPair>
-        replacement_text_for_unsafe_worker;
+    GURL imported_js_url = https_server.GetURL("/ssl/imported.js");
+    base::StringPairs replacement_text_for_unsafe_worker;
     replacement_text_for_unsafe_worker.push_back(
         make_pair("REPLACE_WITH_IMPORTED_JS_URL", imported_js_url.spec()));
     std::string unsafe_worker_path;
-    if (!net::SpawnedTestServer::GetFilePathWithReplacements(
-        "unsafe_worker.js",
-        replacement_text_for_unsafe_worker,
-        &unsafe_worker_path))
-      return false;
+    net::test_server::GetFilePathWithReplacements(
+        "unsafe_worker.js", replacement_text_for_unsafe_worker,
+        &unsafe_worker_path);
 
     // Now, substitute this into the page with unsafe worker.
-    std::vector<net::SpawnedTestServer::StringPair>
-        replacement_text_for_page_with_unsafe_worker;
+    base::StringPairs replacement_text_for_page_with_unsafe_worker;
     replacement_text_for_page_with_unsafe_worker.push_back(
         make_pair("REPLACE_WITH_UNSAFE_WORKER_PATH", unsafe_worker_path));
-    return net::SpawnedTestServer::GetFilePathWithReplacements(
-        "files/ssl/page_with_unsafe_worker.html",
+    net::test_server::GetFilePathWithReplacements(
+        "/ssl/page_with_unsafe_worker.html",
         replacement_text_for_page_with_unsafe_worker,
         page_with_unsafe_worker_path);
   }
 
   // Helper function for testing invalid certificate chain reporting.
   void TestBrokenHTTPSReporting(
       certificate_reporting_test_utils::OptIn opt_in,
       ProceedDecision proceed,
       certificate_reporting_test_utils::ExpectReport expect_report,
       Browser* browser) {
@@ skipping 90 matching lines @@
       // Check that the mock reporter received a request to send a report.
       run_loop.Run();
       EXPECT_EQ(https_server_expired_.GetURL("/").host(),
                 GetLatestHostnameReported());
     } else {
       base::RunLoop().RunUntilIdle();
       EXPECT_EQ(std::string(), GetLatestHostnameReported());
     }
   }
 
-  net::SpawnedTestServer https_server_;
-  net::SpawnedTestServer https_server_expired_;
-  net::SpawnedTestServer https_server_mismatched_;
+  net::EmbeddedTestServer https_server_;
+  net::EmbeddedTestServer https_server_expired_;
+  net::EmbeddedTestServer https_server_mismatched_;
   net::SpawnedTestServer wss_server_expired_;
 
  private:
   typedef net::SpawnedTestServer::SSLOptions SSLOptions;
 
   DISALLOW_COPY_AND_ASSIGN(SSLUITest);
 };
 
 class SSLUITestBlock : public SSLUITest {
  public:
@@ skipping 25 matching lines @@
   }
 };
 
 class SSLUITestWithExtendedReporting : public SSLUITest {
  public:
   SSLUITestWithExtendedReporting() : SSLUITest() {}
 };
 
 // Visits a regular page over http.
 IN_PROC_BROWSER_TEST_F(SSLUITest, TestHTTP) {
-  ASSERT_TRUE(test_server()->Start());
+  ASSERT_TRUE(embedded_test_server()->Start());
 
-  ui_test_utils::NavigateToURL(browser(),
-                               test_server()->GetURL("files/ssl/google.html"));
+  ui_test_utils::NavigateToURL(
+      browser(), embedded_test_server()->GetURL("/ssl/google.html"));
 
   CheckUnauthenticatedState(
       browser()->tab_strip_model()->GetActiveWebContents(), AuthState::NONE);
 }
 
 // Visits a page over http which includes broken https resources (status should
 // be OK).
 // TODO(jcampan): test that bad HTTPS content is blocked (otherwise we'll give
 //                the secure cookies away!).
 IN_PROC_BROWSER_TEST_F(SSLUITest, TestHTTPWithBrokenHTTPSResource) {
-  ASSERT_TRUE(test_server()->Start());
+  ASSERT_TRUE(embedded_test_server()->Start());
   ASSERT_TRUE(https_server_expired_.Start());
 
   std::string replacement_path;
-  ASSERT_TRUE(GetFilePathWithHostAndPortReplacement(
-      "files/ssl/page_with_unsafe_contents.html",
-      https_server_expired_.host_port_pair(),
-      &replacement_path));
+  GetFilePathWithHostAndPortReplacement("/ssl/page_with_unsafe_contents.html",
+                                        https_server_expired_.host_port_pair(),
+                                        &replacement_path);
 
   ui_test_utils::NavigateToURL(
-      browser(), test_server()->GetURL(replacement_path));
+      browser(), embedded_test_server()->GetURL(replacement_path));
 
   CheckUnauthenticatedState(
       browser()->tab_strip_model()->GetActiveWebContents(), AuthState::NONE);
 }
 
 IN_PROC_BROWSER_TEST_F(SSLUITest, TestBrokenHTTPSWithInsecureContent) {
-  ASSERT_TRUE(test_server()->Start());
+  ASSERT_TRUE(embedded_test_server()->Start());
   ASSERT_TRUE(https_server_expired_.Start());
 
   std::string replacement_path;
-  ASSERT_TRUE(GetFilePathWithHostAndPortReplacement(
-      "files/ssl/page_displays_insecure_content.html",
-      test_server()->host_port_pair(),
-      &replacement_path));
+  GetFilePathWithHostAndPortReplacement(
+      "/ssl/page_displays_insecure_content.html",
+      embedded_test_server()->host_port_pair(), &replacement_path);
 
   ui_test_utils::NavigateToURL(browser(),
                                https_server_expired_.GetURL(replacement_path));
 
   WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
   CheckAuthenticationBrokenState(
       tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
 
   ProceedThroughInterstitial(tab);
 
@@ skipping 85 matching lines @@
 #define MAYBE_TestOKHTTPS DISABLED_TestOKHTTPS
 #else
 #define MAYBE_TestOKHTTPS TestOKHTTPS
 #endif
 
 // Visits a page over OK https:
 IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestOKHTTPS) {
   ASSERT_TRUE(https_server_.Start());
 
   ui_test_utils::NavigateToURL(browser(),
-                               https_server_.GetURL("files/ssl/google.html"));
+                               https_server_.GetURL("/ssl/google.html"));
 
   CheckAuthenticatedState(browser()->tab_strip_model()->GetActiveWebContents(),
                           AuthState::NONE);
 }
 
 // Visits a page with https error and proceed:
 #if defined(OS_LINUX)
 // flaky http://crbug.com/396462
 #define MAYBE_TestHTTPSExpiredCertAndProceed \
     DISABLED_TestHTTPSExpiredCertAndProceed
 #else
 #define MAYBE_TestHTTPSExpiredCertAndProceed TestHTTPSExpiredCertAndProceed
 #endif
 IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestHTTPSExpiredCertAndProceed) {
   ASSERT_TRUE(https_server_expired_.Start());
 
-  ui_test_utils::NavigateToURL(browser(),
-      https_server_expired_.GetURL("files/ssl/google.html"));
+  ui_test_utils::NavigateToURL(
+      browser(), https_server_expired_.GetURL("/ssl/google.html"));
 
   WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
   CheckAuthenticationBrokenState(
       tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
 
   ProceedThroughInterstitial(tab);
 
   CheckAuthenticationBrokenState(
       tab, net::CERT_STATUS_DATE_INVALID, AuthState::NONE);
 }
 
 #ifndef NEDBUG
 // Flaky on Windows debug (http://crbug.com/280537).
 #define MAYBE_TestHTTPSExpiredCertAndDontProceed \
         DISABLED_TestHTTPSExpiredCertAndDontProceed
 #else
 #define MAYBE_TestHTTPSExpiredCertAndDontProceed \
         TestHTTPSExpiredCertAndDontProceed
 #endif
 
 // Visits a page with https error and don't proceed (and ensure we can still
 // navigate at that point):
 IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestHTTPSExpiredCertAndDontProceed) {
-  ASSERT_TRUE(test_server()->Start());
+  ASSERT_TRUE(embedded_test_server()->Start());
   ASSERT_TRUE(https_server_.Start());
   ASSERT_TRUE(https_server_expired_.Start());
 
   // First navigate to an OK page.
   ui_test_utils::NavigateToURL(browser(),
-                               https_server_.GetURL("files/ssl/google.html"));
+                               https_server_.GetURL("/ssl/google.html"));
 
   WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
   NavigationEntry* entry = tab->GetController().GetActiveEntry();
   ASSERT_TRUE(entry);
 
-  GURL cross_site_url =
-      https_server_expired_.GetURL("files/ssl/google.html");
+  GURL cross_site_url = https_server_expired_.GetURL("/ssl/google.html");
   // Change the host name from 127.0.0.1 to localhost so it triggers a
   // cross-site navigation so we can test http://crbug.com/5800 is gone.
   ASSERT_EQ("127.0.0.1", cross_site_url.host());
   GURL::Replacements replacements;
   replacements.SetHostStr("localhost");
   cross_site_url = cross_site_url.ReplaceComponents(replacements);
 
   // Now go to a bad HTTPS page.
   ui_test_utils::NavigateToURL(browser(), cross_site_url);
 
   // An interstitial should be showing.
   CheckAuthenticationBrokenState(tab,
                                  net::CERT_STATUS_COMMON_NAME_INVALID,
                                  AuthState::SHOWING_INTERSTITIAL);
 
   // Simulate user clicking "Take me back".
   InterstitialPage* interstitial_page = tab->GetInterstitialPage();
   ASSERT_TRUE(interstitial_page);
   ASSERT_EQ(SSLBlockingPage::kTypeForTesting,
             interstitial_page->GetDelegateForTesting()->GetTypeForTesting());
   interstitial_page->DontProceed();
 
   // We should be back to the original good page.
   CheckAuthenticatedState(tab, AuthState::NONE);
 
   // Try to navigate to a new page. (to make sure bug 5800 is fixed).
-  ui_test_utils::NavigateToURL(browser(),
-                               test_server()->GetURL("files/ssl/google.html"));
+  ui_test_utils::NavigateToURL(
+      browser(), embedded_test_server()->GetURL("/ssl/google.html"));
   CheckUnauthenticatedState(tab, AuthState::NONE);
 }
 
 // Test that localhost pages don't show an interstitial.
 IN_PROC_BROWSER_TEST_F(SSLUITestIgnoreLocalhostCertErrors,
                        TestNoInterstitialOnLocalhost) {
   ASSERT_TRUE(https_server_.Start());
 
   WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
 
   // Navigate to a localhost page.
-  GURL url = https_server_.GetURL("files/ssl/page_with_subresource.html");
+  GURL url = https_server_.GetURL("/ssl/page_with_subresource.html");
   GURL::Replacements replacements;
   std::string new_host("localhost");
   replacements.SetHostStr(new_host);
   url = url.ReplaceComponents(replacements);
 
   ui_test_utils::NavigateToURL(browser(), url);
 
   // We should see no interstitial, but we should have an error
   // (red-crossed-out-https) in the URL bar.
   CheckAuthenticationBrokenState(tab, net::CERT_STATUS_COMMON_NAME_INVALID,
@@ skipping 23 matching lines @@
   content::WaitForInterstitialAttach(clock_tab);
   InterstitialPage* clock_interstitial = clock_tab->GetInterstitialPage();
   ASSERT_TRUE(clock_interstitial);
   EXPECT_EQ(BadClockBlockingPage::kTypeForTesting,
             clock_interstitial->GetDelegateForTesting()->GetTypeForTesting());
 }
 
 // Visits a page with https error and then goes back using Browser::GoBack.
 IN_PROC_BROWSER_TEST_F(SSLUITest,
                        TestHTTPSExpiredCertAndGoBackViaButton) {
-  ASSERT_TRUE(test_server()->Start());
+  ASSERT_TRUE(embedded_test_server()->Start());
   ASSERT_TRUE(https_server_expired_.Start());
 
   // First navigate to an HTTP page.
-  ui_test_utils::NavigateToURL(browser(),
-      test_server()->GetURL("files/ssl/google.html"));
+  ui_test_utils::NavigateToURL(
+      browser(), embedded_test_server()->GetURL("/ssl/google.html"));
   WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
   NavigationEntry* entry = tab->GetController().GetActiveEntry();
   ASSERT_TRUE(entry);
 
   // Now go to a bad HTTPS page that shows an interstitial.
-  ui_test_utils::NavigateToURL(browser(),
-      https_server_expired_.GetURL("files/ssl/google.html"));
+  ui_test_utils::NavigateToURL(
+      browser(), https_server_expired_.GetURL("/ssl/google.html"));
   CheckAuthenticationBrokenState(
       tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
 
   ProvisionalLoadWaiter load_failed_observer(tab);
 
   // Simulate user clicking on back button (crbug.com/39248).
   chrome::GoBack(browser(), CURRENT_TAB);
 
   // Wait until we hear the load failure, and make sure we haven't swapped out
   // the previous page.  Prevents regression of http://crbug.com/82667.
   // TODO(creis/nick): Move the swapped-out part of this test into content
   // and remove IsRenderViewHostSwappedOut from the public API.
   load_failed_observer.Wait();
   EXPECT_FALSE(content::RenderFrameHostTester::IsRenderFrameHostSwappedOut(
       tab->GetMainFrame()));
 
   // We should be back at the original good page.
   EXPECT_FALSE(browser()->tab_strip_model()->GetActiveWebContents()->
                    GetInterstitialPage());
   CheckUnauthenticatedState(tab, AuthState::NONE);
 }
 
 // Visits a page with https error and then goes back using GoToOffset.
 // Disabled because its flaky: http://crbug.com/40932, http://crbug.com/43575.
 IN_PROC_BROWSER_TEST_F(SSLUITest,
                        TestHTTPSExpiredCertAndGoBackViaMenu) {
-  ASSERT_TRUE(test_server()->Start());
+  ASSERT_TRUE(embedded_test_server()->Start());
   ASSERT_TRUE(https_server_expired_.Start());
 
   // First navigate to an HTTP page.
-  ui_test_utils::NavigateToURL(browser(),
-      test_server()->GetURL("files/ssl/google.html"));
+  ui_test_utils::NavigateToURL(
+      browser(), embedded_test_server()->GetURL("/ssl/google.html"));
   WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
   NavigationEntry* entry = tab->GetController().GetActiveEntry();
   ASSERT_TRUE(entry);
 
   // Now go to a bad HTTPS page that shows an interstitial.
-  ui_test_utils::NavigateToURL(browser(),
-      https_server_expired_.GetURL("files/ssl/google.html"));
+  ui_test_utils::NavigateToURL(
+      browser(), https_server_expired_.GetURL("/ssl/google.html"));
   CheckAuthenticationBrokenState(
       tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
 
   // Simulate user clicking and holding on back button (crbug.com/37215).
   tab->GetController().GoToOffset(-1);
 
   // We should be back at the original good page.
   EXPECT_FALSE(browser()->tab_strip_model()->GetActiveWebContents()->
                    GetInterstitialPage());
   CheckUnauthenticatedState(tab, AuthState::NONE);
 }
 
 // Visits a page with https error and then goes forward using GoToOffset.
 IN_PROC_BROWSER_TEST_F(SSLUITest, TestHTTPSExpiredCertAndGoForward) {
-  ASSERT_TRUE(test_server()->Start());
+  ASSERT_TRUE(embedded_test_server()->Start());
   ASSERT_TRUE(https_server_expired_.Start());
 
   // First navigate to two HTTP pages.
-  ui_test_utils::NavigateToURL(browser(),
-      test_server()->GetURL("files/ssl/google.html"));
+  ui_test_utils::NavigateToURL(
+      browser(), embedded_test_server()->GetURL("/ssl/google.html"));
   WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
   NavigationEntry* entry1 = tab->GetController().GetActiveEntry();
   ASSERT_TRUE(entry1);
-  ui_test_utils::NavigateToURL(browser(),
-      test_server()->GetURL("files/ssl/blank_page.html"));
+  ui_test_utils::NavigateToURL(
+      browser(), embedded_test_server()->GetURL("/ssl/blank_page.html"));
   NavigationEntry* entry2 = tab->GetController().GetActiveEntry();
   ASSERT_TRUE(entry2);
 
   // Now go back so that a page is in the forward history.
   {
     content::WindowedNotificationObserver observer(
         content::NOTIFICATION_LOAD_STOP,
         content::Source<NavigationController>(&tab->GetController()));
     tab->GetController().GoBack();
     observer.Wait();
   }
   ASSERT_TRUE(tab->GetController().CanGoForward());
   NavigationEntry* entry3 = tab->GetController().GetActiveEntry();
   ASSERT_TRUE(entry1 == entry3);
 
   // Now go to a bad HTTPS page that shows an interstitial.
-  ui_test_utils::NavigateToURL(browser(),
-      https_server_expired_.GetURL("files/ssl/google.html"));
+  ui_test_utils::NavigateToURL(
+      browser(), https_server_expired_.GetURL("/ssl/google.html"));
   CheckAuthenticationBrokenState(
       tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
 
   // Simulate user clicking and holding on forward button.
   {
     content::WindowedNotificationObserver observer(
         content::NOTIFICATION_LOAD_STOP,
         content::Source<NavigationController>(&tab->GetController()));
     tab->GetController().GoToOffset(1);
     observer.Wait();
@@ skipping 11 matching lines @@
 // Visit a HTTP page which request WSS connection to a server providing invalid
 // certificate. Close the page while WSS connection waits for SSLManager's
 // response from UI thread.
 // Disabled on Windows because it was flaking on XP Tests (1). crbug.com/165258
 #if defined(OS_WIN)
 #define MAYBE_TestWSSInvalidCertAndClose DISABLED_TestWSSInvalidCertAndClose
 #else
 #define MAYBE_TestWSSInvalidCertAndClose TestWSSInvalidCertAndClose
 #endif
 IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestWSSInvalidCertAndClose) {
-  ASSERT_TRUE(test_server()->Start());
+  ASSERT_TRUE(embedded_test_server()->Start());
   ASSERT_TRUE(wss_server_expired_.Start());
 
   // Setup page title observer.
   WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
   content::TitleWatcher watcher(tab, ASCIIToUTF16("PASS"));
   watcher.AlsoWaitForTitle(ASCIIToUTF16("FAIL"));
 
   // Create GURLs to test pages.
-  std::string master_url_path = base::StringPrintf("%s?%d",
-      test_server()->GetURL("files/ssl/wss_close.html").spec().c_str(),
+  std::string master_url_path = base::StringPrintf(
+      "%s?%d",
+      embedded_test_server()->GetURL("/ssl/wss_close.html").spec().c_str(),
       wss_server_expired_.host_port_pair().port());
   GURL master_url(master_url_path);
-  std::string slave_url_path = base::StringPrintf("%s?%d",
-      test_server()->GetURL("files/ssl/wss_close_slave.html").spec().c_str(),
-      wss_server_expired_.host_port_pair().port());
+  std::string slave_url_path =
+      base::StringPrintf("%s?%d", embedded_test_server()
+                                      ->GetURL("/ssl/wss_close_slave.html")
+                                      .spec()
+                                      .c_str(),
+                         wss_server_expired_.host_port_pair().port());
   GURL slave_url(slave_url_path);
 
   // Create tabs and visit pages which keep on creating wss connections.
   WebContents* tabs[16];
   for (int i = 0; i < 16; ++i) {
     tabs[i] = chrome::AddSelectedTabWithURL(browser(), slave_url,
                                             ui::PAGE_TRANSITION_LINK);
   }
   chrome::SelectNextTab(browser());
 
   // Visit a page which waits for one TLS handshake failure.
   // The title will be changed to 'PASS'.
   ui_test_utils::NavigateToURL(browser(), master_url);
   const base::string16 result = watcher.WaitAndGetTitle();
   EXPECT_TRUE(base::LowerCaseEqualsASCII(result, "pass"));
 
   // Close tabs which contains the test page.
   for (int i = 0; i < 16; ++i)
     chrome::CloseWebContents(browser(), tabs[i], false);
   chrome::CloseWebContents(browser(), tab, false);
 }
 
 // Visit a HTTPS page and proceeds despite an invalid certificate. The page
 // requests WSS connection to the same origin host to check if WSS connection
 // share certificates policy with HTTPS correcly.
 IN_PROC_BROWSER_TEST_F(SSLUITest, TestWSSInvalidCertAndGoForward) {
-  ASSERT_TRUE(test_server()->Start());
+  ASSERT_TRUE(embedded_test_server()->Start());
   ASSERT_TRUE(wss_server_expired_.Start());
 
   // Setup page title observer.
   WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
   content::TitleWatcher watcher(tab, ASCIIToUTF16("PASS"));
   watcher.AlsoWaitForTitle(ASCIIToUTF16("FAIL"));
 
   // Visit bad HTTPS page.
   GURL::Replacements replacements;
   replacements.SetSchemeStr("https");
-  ui_test_utils::NavigateToURL(
-      browser(),
-      wss_server_expired_.GetURL(
-          "connect_check.html").ReplaceComponents(replacements));
+  ui_test_utils::NavigateToURL(browser(),
+                               wss_server_expired_.GetURL("connect_check.html")
+                                   .ReplaceComponents(replacements));
   CheckAuthenticationBrokenState(
       tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
 
   // Proceed anyway.
   ProceedThroughInterstitial(tab);
 
   // Test page run a WebSocket wss connection test. The result will be shown
   // as page title.
   const base::string16 result = watcher.WaitAndGetTitle();
   EXPECT_TRUE(base::LowerCaseEqualsASCII(result, "pass"));
@@ skipping 77 matching lines @@
   options.request_client_certificate = true;
   base::FilePath ca_path = net::GetTestCertsDirectory().Append(
       FILE_PATH_LITERAL("websocket_cacert.pem"));
   options.client_authorities.push_back(ca_path);
   net::SpawnedTestServer wss_server(net::SpawnedTestServer::TYPE_WSS,
                              options,
                              net::GetWebSocketTestDataDirectory());
   ASSERT_TRUE(wss_server.Start());
   GURL::Replacements replacements;
   replacements.SetSchemeStr("https");
-  GURL url = wss_server.GetURL("connect_check.html").ReplaceComponents(
-      replacements);
+  GURL url =
+      wss_server.GetURL("connect_check.html").ReplaceComponents(replacements);
 
   // Setup page title observer.
   WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
   content::TitleWatcher watcher(tab, ASCIIToUTF16("PASS"));
   watcher.AlsoWaitForTitle(ASCIIToUTF16("FAIL"));
 
   // Add an entry into AutoSelectCertificateForUrls policy for automatic client
   // cert selection.
   Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext());
   DCHECK(profile);
@@ skipping 25 matching lines @@
 #define MAYBE_TestHTTPSErrorWithNoNavEntry TestHTTPSErrorWithNoNavEntry
 #endif  // defined(OS_CHROMEOS)
 
 // Open a page with a HTTPS error in a tab with no prior navigation (through a
 // link with a blank target).  This is to test that the lack of navigation entry
 // does not cause any problems (it was causing a crasher, see
 // http://crbug.com/19941).
 IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestHTTPSErrorWithNoNavEntry) {
   ASSERT_TRUE(https_server_expired_.Start());
 
-  GURL url = https_server_expired_.GetURL("files/ssl/google.htm");
+  GURL url = https_server_expired_.GetURL("/ssl/google.htm");
   WebContents* tab2 = chrome::AddSelectedTabWithURL(
       browser(), url, ui::PAGE_TRANSITION_TYPED);
   content::WaitForLoadStop(tab2);
 
   // Verify our assumption that there was no prior navigation.
   EXPECT_FALSE(chrome::CanGoBack(browser()));
 
   // We should have an interstitial page showing.
   ASSERT_TRUE(tab2->GetInterstitialPage());
   ASSERT_EQ(SSLBlockingPage::kTypeForTesting, tab2->GetInterstitialPage()
                                                   ->GetDelegateForTesting()
                                                   ->GetTypeForTesting());
 }
 
 IN_PROC_BROWSER_TEST_F(SSLUITest, TestBadHTTPSDownload) {
-  ASSERT_TRUE(test_server()->Start());
+  ASSERT_TRUE(embedded_test_server()->Start());
   ASSERT_TRUE(https_server_expired_.Start());
-  GURL url_non_dangerous = test_server()->GetURL(std::string());
+  GURL url_non_dangerous = embedded_test_server()->GetURL("/");
   GURL url_dangerous =
-      https_server_expired_.GetURL("files/downloads/dangerous/dangerous.exe");
+      https_server_expired_.GetURL("/downloads/dangerous/dangerous.exe");
   base::ScopedTempDir downloads_directory_;
 
   // Need empty temp dir to avoid having Chrome ask us for a new filename
   // when we've downloaded dangerous.exe one hundred times.
   ASSERT_TRUE(downloads_directory_.CreateUniqueTempDir());
 
   browser()->profile()->GetPrefs()->SetFilePath(
       prefs::kDownloadDefaultDirectory,
       downloads_directory_.path());
 
@@ skipping 54 matching lines @@
 
 #if defined(OS_WIN)
 // http://crbug.com/152940 Flaky on win.
 #define MAYBE_TestDisplaysInsecureContent DISABLED_TestDisplaysInsecureContent
 #else
 #define MAYBE_TestDisplaysInsecureContent TestDisplaysInsecureContent
 #endif
 
 // Visits a page that displays insecure content.
 IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestDisplaysInsecureContent) {
-  ASSERT_TRUE(test_server()->Start());
+  ASSERT_TRUE(embedded_test_server()->Start());
   ASSERT_TRUE(https_server_.Start());
 
   std::string replacement_path;
-  ASSERT_TRUE(GetFilePathWithHostAndPortReplacement(
-      "files/ssl/page_displays_insecure_content.html",
-      test_server()->host_port_pair(),
-      &replacement_path));
+  GetFilePathWithHostAndPortReplacement(
+      "/ssl/page_displays_insecure_content.html",
+      embedded_test_server()->host_port_pair(), &replacement_path);
 
   // Load a page that displays insecure content.
   ui_test_utils::NavigateToURL(browser(),
                                https_server_.GetURL(replacement_path));
 
   CheckAuthenticatedState(browser()->tab_strip_model()->GetActiveWebContents(),
                           AuthState::DISPLAYED_INSECURE_CONTENT);
 }
 
 // Test that if the user proceeds and the checkbox is checked, a report
@@ skipping 93 matching lines @@
   TestBadClockReporting(
       certificate_reporting_test_utils::EXTENDED_REPORTING_OPT_IN,
       expect_report, browser());
 }
 
 // Visits a page that runs insecure content and tries to suppress the insecure
 // content warnings by randomizing location.hash.
 // Based on http://crbug.com/8706
 IN_PROC_BROWSER_TEST_F(SSLUITest,
                        TestRunsInsecuredContentRandomizeHash) {
-  ASSERT_TRUE(test_server()->Start());
+  ASSERT_TRUE(embedded_test_server()->Start());
   ASSERT_TRUE(https_server_.Start());
 
-  ui_test_utils::NavigateToURL(browser(), https_server_.GetURL(
-      "files/ssl/page_runs_insecure_content.html"));
+  ui_test_utils::NavigateToURL(
+      browser(), https_server_.GetURL("/ssl/page_runs_insecure_content.html"));
 
   CheckAuthenticationBrokenState(
       browser()->tab_strip_model()->GetActiveWebContents(), CertError::NONE,
       AuthState::RAN_INSECURE_CONTENT);
 }
 
 // Visits a page with unsafe content and make sure that:
 // - frames content is replaced with warning
 // - images and scripts are filtered out entirely
 IN_PROC_BROWSER_TEST_F(SSLUITest, TestUnsafeContents) {
   ASSERT_TRUE(https_server_.Start());
   ASSERT_TRUE(https_server_expired_.Start());
 
   std::string replacement_path;
-  ASSERT_TRUE(GetFilePathWithHostAndPortReplacement(
-      "files/ssl/page_with_unsafe_contents.html",
-      https_server_expired_.host_port_pair(),
-      &replacement_path));
+  GetFilePathWithHostAndPortReplacement("/ssl/page_with_unsafe_contents.html",
+                                        https_server_expired_.host_port_pair(),
+                                        &replacement_path);
   ui_test_utils::NavigateToURL(browser(),
                                https_server_.GetURL(replacement_path));
 
   WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
   // When the bad content is filtered, the state is expected to be
   // authenticated.
   CheckAuthenticatedState(tab, AuthState::NONE);
 
   // Because of cross-frame scripting restrictions, we cannot access the iframe
   // content.  So to know if the frame was loaded, we just check if a popup was
@@ skipping 25 matching lines @@
 #if defined(OS_LINUX)
 // flaky http://crbug.com/396462
 #define MAYBE_TestDisplaysInsecureContentLoadedFromJS \
     DISABLED_TestDisplaysInsecureContentLoadedFromJS
 #else
 #define MAYBE_TestDisplaysInsecureContentLoadedFromJS \
     TestDisplaysInsecureContentLoadedFromJS
 #endif
 IN_PROC_BROWSER_TEST_F(SSLUITest,
                        MAYBE_TestDisplaysInsecureContentLoadedFromJS) {
-  ASSERT_TRUE(test_server()->Start());
+  ASSERT_TRUE(embedded_test_server()->Start());
   ASSERT_TRUE(https_server_.Start());
 
   std::string replacement_path;
-  ASSERT_TRUE(GetFilePathWithHostAndPortReplacement(
-      "files/ssl/page_with_dynamic_insecure_content.html",
-      test_server()->host_port_pair(),
-      &replacement_path));
+  GetFilePathWithHostAndPortReplacement(
+      "/ssl/page_with_dynamic_insecure_content.html",
+      embedded_test_server()->host_port_pair(), &replacement_path);
   ui_test_utils::NavigateToURL(browser(), https_server_.GetURL(
       replacement_path));
 
   WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
   CheckAuthenticatedState(tab, AuthState::NONE);
 
   // Load the insecure image.
   bool js_result = false;
   EXPECT_TRUE(content::ExecuteScriptAndExtractBool(
       tab,
       "loadBadImage();",
       &js_result));
   EXPECT_TRUE(js_result);
 
   // We should now have insecure content.
   CheckAuthenticatedState(tab, AuthState::DISPLAYED_INSECURE_CONTENT);
 }
 
 // Visits two pages from the same origin: one that displays insecure content and
 // one that doesn't.  The test checks that we do not propagate the insecure
 // content state from one to the other.
 IN_PROC_BROWSER_TEST_F(SSLUITest, TestDisplaysInsecureContentTwoTabs) {
-  ASSERT_TRUE(test_server()->Start());
+  ASSERT_TRUE(embedded_test_server()->Start());
   ASSERT_TRUE(https_server_.Start());
 
   ui_test_utils::NavigateToURL(browser(),
-      https_server_.GetURL("files/ssl/blank_page.html"));
+                               https_server_.GetURL("/ssl/blank_page.html"));
 
   WebContents* tab1 = browser()->tab_strip_model()->GetActiveWebContents();
 
   // This tab should be fine.
   CheckAuthenticatedState(tab1, AuthState::NONE);
 
   // Create a new tab.
   std::string replacement_path;
-  ASSERT_TRUE(GetFilePathWithHostAndPortReplacement(
-      "files/ssl/page_displays_insecure_content.html",
-      test_server()->host_port_pair(),
-      &replacement_path));
+  GetFilePathWithHostAndPortReplacement(
+      "/ssl/page_displays_insecure_content.html",
+      embedded_test_server()->host_port_pair(), &replacement_path);
 
   GURL url = https_server_.GetURL(replacement_path);
   chrome::NavigateParams params(browser(), url, ui::PAGE_TRANSITION_TYPED);
   params.disposition = NEW_FOREGROUND_TAB;
   params.tabstrip_index = 0;
   params.source_contents = tab1;
   content::WindowedNotificationObserver observer(
       content::NOTIFICATION_LOAD_STOP,
       content::NotificationService::AllSources());
   chrome::Navigate(&params);
   WebContents* tab2 = params.target_contents;
   observer.Wait();
 
   // The new tab has insecure content.
   CheckAuthenticatedState(tab2, AuthState::DISPLAYED_INSECURE_CONTENT);
 
   // The original tab should not be contaminated.
   CheckAuthenticatedState(tab1, AuthState::NONE);
 }
 
 // Visits two pages from the same origin: one that runs insecure content and one
 // that doesn't.  The test checks that we propagate the insecure content state
 // from one to the other.
 IN_PROC_BROWSER_TEST_F(SSLUITest, TestRunsInsecureContentTwoTabs) {
-  ASSERT_TRUE(test_server()->Start());
+  ASSERT_TRUE(embedded_test_server()->Start());
   ASSERT_TRUE(https_server_.Start());
 
   ui_test_utils::NavigateToURL(browser(),
-      https_server_.GetURL("files/ssl/blank_page.html"));
+                               https_server_.GetURL("/ssl/blank_page.html"));
 
   WebContents* tab1 = browser()->tab_strip_model()->GetActiveWebContents();
 
   // This tab should be fine.
   CheckAuthenticatedState(tab1, AuthState::NONE);
 
   std::string replacement_path;
-  ASSERT_TRUE(GetFilePathWithHostAndPortReplacement(
-      "files/ssl/page_runs_insecure_content.html",
-      test_server()->host_port_pair(),
-      &replacement_path));
+  GetFilePathWithHostAndPortReplacement(
+      "/ssl/page_runs_insecure_content.html",
+      embedded_test_server()->host_port_pair(), &replacement_path);
 
   // Create a new tab in the same process.  Using a NEW_FOREGROUND_TAB
   // disposition won't usually stay in the same process, but this works
   // because we are using process-per-site in SetUpCommandLine.
   GURL url = https_server_.GetURL(replacement_path);
   chrome::NavigateParams params(browser(), url, ui::PAGE_TRANSITION_TYPED);
   params.disposition = NEW_FOREGROUND_TAB;
   params.source_contents = tab1;
   content::WindowedNotificationObserver observer(
       content::NOTIFICATION_LOAD_STOP,
@@ skipping 12 matching lines @@
   // Which means the origin for the first tab has also been contaminated with
   // insecure content.
   CheckAuthenticationBrokenState(
       tab1, CertError::NONE, AuthState::RAN_INSECURE_CONTENT);
 }
 
 // Visits a page with an image over http.  Visits another page over https
 // referencing that same image over http (hoping it is coming from the webcore
 // memory cache).
 IN_PROC_BROWSER_TEST_F(SSLUITest, TestDisplaysCachedInsecureContent) {
-  ASSERT_TRUE(test_server()->Start());
+  ASSERT_TRUE(embedded_test_server()->Start());
   ASSERT_TRUE(https_server_.Start());
 
   std::string replacement_path;
-  ASSERT_TRUE(GetFilePathWithHostAndPortReplacement(
-      "files/ssl/page_displays_insecure_content.html",
-      test_server()->host_port_pair(),
-      &replacement_path));
+  GetFilePathWithHostAndPortReplacement(
+      "/ssl/page_displays_insecure_content.html",
+      embedded_test_server()->host_port_pair(), &replacement_path);
 
   // Load original page over HTTP.
-  const GURL url_http = test_server()->GetURL(replacement_path);
+  const GURL url_http = embedded_test_server()->GetURL(replacement_path);
   ui_test_utils::NavigateToURL(browser(), url_http);
   WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
   CheckUnauthenticatedState(tab, AuthState::NONE);
 
   // Load again but over SSL.  It should be marked as displaying insecure
   // content (even though the image comes from the WebCore memory cache).
   const GURL url_https = https_server_.GetURL(replacement_path);
   ui_test_utils::NavigateToURL(browser(), url_https);
   CheckAuthenticatedState(tab, AuthState::DISPLAYED_INSECURE_CONTENT);
 }
 
 // http://crbug.com/84729
 #if defined(OS_CHROMEOS)
 #define MAYBE_TestRunsCachedInsecureContent \
     DISABLED_TestRunsCachedInsecureContent
 #else
 #define MAYBE_TestRunsCachedInsecureContent TestRunsCachedInsecureContent
 #endif  // defined(OS_CHROMEOS)
 
 // Visits a page with script over http.  Visits another page over https
 // referencing that same script over http (hoping it is coming from the webcore
 // memory cache).
 IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestRunsCachedInsecureContent) {
-  ASSERT_TRUE(test_server()->Start());
+  ASSERT_TRUE(embedded_test_server()->Start());
   ASSERT_TRUE(https_server_.Start());
 
   std::string replacement_path;
-  ASSERT_TRUE(GetFilePathWithHostAndPortReplacement(
-      "files/ssl/page_runs_insecure_content.html",
-      test_server()->host_port_pair(),
-      &replacement_path));
+  GetFilePathWithHostAndPortReplacement(
+      "/ssl/page_runs_insecure_content.html",
+      embedded_test_server()->host_port_pair(), &replacement_path);
 
   // Load original page over HTTP.
-  const GURL url_http = test_server()->GetURL(replacement_path);
+  const GURL url_http = embedded_test_server()->GetURL(replacement_path);
   ui_test_utils::NavigateToURL(browser(), url_http);
   WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
   CheckUnauthenticatedState(tab, AuthState::NONE);
 
   // Load again but over SSL.  It should be marked as displaying insecure
   // content (even though the image comes from the WebCore memory cache).
   const GURL url_https = https_server_.GetURL(replacement_path);
   ui_test_utils::NavigateToURL(browser(), url_https);
   CheckAuthenticationBrokenState(tab, CertError::NONE,
                                  AuthState::RAN_INSECURE_CONTENT);
 }
 
 // This test ensures the CN invalid status does not 'stick' to a certificate
 // (see bug #1044942) and that it depends on the host-name.
 // Test if disabled due to flakiness http://crbug.com/368280 .
 IN_PROC_BROWSER_TEST_F(SSLUITest, DISABLED_TestCNInvalidStickiness) {
   ASSERT_TRUE(https_server_.Start());
   ASSERT_TRUE(https_server_mismatched_.Start());
 
   // First we hit the server with hostname, this generates an invalid policy
   // error.
-  ui_test_utils::NavigateToURL(browser(),
-      https_server_mismatched_.GetURL("files/ssl/google.html"));
+  ui_test_utils::NavigateToURL(
+      browser(), https_server_mismatched_.GetURL("/ssl/google.html"));
 
   // We get an interstitial page as a result.
   WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
   CheckAuthenticationBrokenState(tab,
                                  net::CERT_STATUS_COMMON_NAME_INVALID,
                                  AuthState::SHOWING_INTERSTITIAL);
   ProceedThroughInterstitial(tab);
   CheckAuthenticationBrokenState(
       tab, net::CERT_STATUS_COMMON_NAME_INVALID, AuthState::NONE);
 
   // Now we try again with the right host name this time.
-  GURL url(https_server_.GetURL("files/ssl/google.html"));
+  GURL url(https_server_.GetURL("/ssl/google.html"));
   ui_test_utils::NavigateToURL(browser(), url);
 
   // Security state should be OK.
   CheckAuthenticatedState(tab, AuthState::NONE);
 
   // Now try again the broken one to make sure it is still broken.
-  ui_test_utils::NavigateToURL(browser(),
-      https_server_mismatched_.GetURL("files/ssl/google.html"));
+  ui_test_utils::NavigateToURL(
+      browser(), https_server_mismatched_.GetURL("/ssl/google.html"));
 
   // Since we OKed the interstitial last time, we get right to the page.
   CheckAuthenticationBrokenState(
       tab, net::CERT_STATUS_COMMON_NAME_INVALID, AuthState::NONE);
 }
 
 #if defined(OS_CHROMEOS)
 // This test seems to be flaky and hang on chromiumos.
 // http://crbug.com/84419
 #define MAYBE_TestRefNavigation DISABLED_TestRefNavigation
 #else
 #define MAYBE_TestRefNavigation TestRefNavigation
 #endif
 
 // Test that navigating to a #ref does not change a bad security state.
 IN_PROC_BROWSER_TEST_F(SSLUITest, TestRefNavigation) {
   ASSERT_TRUE(https_server_expired_.Start());
 
-  ui_test_utils::NavigateToURL(browser(),
-      https_server_expired_.GetURL("files/ssl/page_with_refs.html"));
+  ui_test_utils::NavigateToURL(
+      browser(), https_server_expired_.GetURL("/ssl/page_with_refs.html"));
 
   WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
   CheckAuthenticationBrokenState(
       tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
 
   ProceedThroughInterstitial(tab);
 
   CheckAuthenticationBrokenState(
       tab, net::CERT_STATUS_DATE_INVALID, AuthState::NONE);
   // Now navigate to a ref in the page, the security state should not have
   // changed.
-  ui_test_utils::NavigateToURL(browser(),
-      https_server_expired_.GetURL("files/ssl/page_with_refs.html#jp"));
+  ui_test_utils::NavigateToURL(
+      browser(), https_server_expired_.GetURL("/ssl/page_with_refs.html#jp"));
 
   CheckAuthenticationBrokenState(
       tab, net::CERT_STATUS_DATE_INVALID, AuthState::NONE);
 }
 
 // Tests that closing a page that has a unsafe pop-up does not crash the
 // browser (bug #1966).
 // TODO(jcampan): http://crbug.com/2136 disabled because the popup is not
 //                opened as it is not initiated by a user gesture.
 IN_PROC_BROWSER_TEST_F(SSLUITest, DISABLED_TestCloseTabWithUnsafePopup) {
-  ASSERT_TRUE(test_server()->Start());
+  ASSERT_TRUE(embedded_test_server()->Start());
   ASSERT_TRUE(https_server_expired_.Start());
 
   std::string replacement_path;
-  ASSERT_TRUE(GetFilePathWithHostAndPortReplacement(
-      "files/ssl/page_with_unsafe_popup.html",
-      https_server_expired_.host_port_pair(),
-      &replacement_path));
+  GetFilePathWithHostAndPortReplacement("/ssl/page_with_unsafe_popup.html",
+                                        https_server_expired_.host_port_pair(),
+                                        &replacement_path);
 
-  ui_test_utils::NavigateToURL(browser(),
-                               test_server()->GetURL(replacement_path));
+  ui_test_utils::NavigateToURL(
+      browser(), embedded_test_server()->GetURL(replacement_path));
 
   WebContents* tab1 = browser()->tab_strip_model()->GetActiveWebContents();
   // It is probably overkill to add a notification for a popup-opening, let's
   // just poll.
   for (int i = 0; i < 10; i++) {
     if (IsShowingWebContentsModalDialog())
       break;
     base::ThreadTaskRunnerHandle::Get()->PostDelayedTask(
         FROM_HERE, base::MessageLoop::QuitWhenIdleClosure(),
         base::TimeDelta::FromSeconds(1));
     content::RunMessageLoop();
   }
   ASSERT_TRUE(IsShowingWebContentsModalDialog());
 
   // Let's add another tab to make sure the browser does not exit when we close
   // the first tab.
-  GURL url = test_server()->GetURL("files/ssl/google.html");
+  GURL url = embedded_test_server()->GetURL("/ssl/google.html");
   content::WindowedNotificationObserver observer(
       content::NOTIFICATION_LOAD_STOP,
       content::NotificationService::AllSources());
   chrome::AddSelectedTabWithURL(browser(), url, ui::PAGE_TRANSITION_TYPED);
   observer.Wait();
 
   // Close the first tab.
   chrome::CloseWebContents(browser(), tab1, false);
 }
 
 // Visit a page over bad https that is a redirect to a page with good https.
 IN_PROC_BROWSER_TEST_F(SSLUITest, TestRedirectBadToGoodHTTPS) {
   ASSERT_TRUE(https_server_.Start());
   ASSERT_TRUE(https_server_expired_.Start());
 
-  GURL url1 = https_server_expired_.GetURL("server-redirect?");
-  GURL url2 = https_server_.GetURL("files/ssl/google.html");
+  GURL url1 = https_server_expired_.GetURL("/server-redirect?");
+  GURL url2 = https_server_.GetURL("/ssl/google.html");
 
   ui_test_utils::NavigateToURL(browser(), GURL(url1.spec() + url2.spec()));
 
   WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
 
   CheckAuthenticationBrokenState(
       tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
 
   ProceedThroughInterstitial(tab);
 
   // We have been redirected to the good page.
   CheckAuthenticatedState(tab, AuthState::NONE);
 }
 
 // Flaky on Linux. http://crbug.com/368280.
 #if defined(OS_LINUX)
 #define MAYBE_TestRedirectGoodToBadHTTPS DISABLED_TestRedirectGoodToBadHTTPS
 #else
 #define MAYBE_TestRedirectGoodToBadHTTPS TestRedirectGoodToBadHTTPS
 #endif
 
 // Visit a page over good https that is a redirect to a page with bad https.
 IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestRedirectGoodToBadHTTPS) {
   ASSERT_TRUE(https_server_.Start());
   ASSERT_TRUE(https_server_expired_.Start());
 
-  GURL url1 = https_server_.GetURL("server-redirect?");
-  GURL url2 = https_server_expired_.GetURL("files/ssl/google.html");
+  GURL url1 = https_server_.GetURL("/server-redirect?");
+  GURL url2 = https_server_expired_.GetURL("/ssl/google.html");
   ui_test_utils::NavigateToURL(browser(), GURL(url1.spec() + url2.spec()));
 
   WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
   CheckAuthenticationBrokenState(
       tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
 
   ProceedThroughInterstitial(tab);
 
   CheckAuthenticationBrokenState(
       tab, net::CERT_STATUS_DATE_INVALID, AuthState::NONE);
 }
 
 // Visit a page over http that is a redirect to a page with good HTTPS.
 IN_PROC_BROWSER_TEST_F(SSLUITest, TestRedirectHTTPToGoodHTTPS) {
-  ASSERT_TRUE(test_server()->Start());
+  ASSERT_TRUE(embedded_test_server()->Start());
   ASSERT_TRUE(https_server_.Start());
 
   WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
 
   // HTTP redirects to good HTTPS.
-  GURL http_url = test_server()->GetURL("server-redirect?");
-  GURL good_https_url =
-      https_server_.GetURL("files/ssl/google.html");
+  GURL http_url = embedded_test_server()->GetURL("/server-redirect?");
+  GURL good_https_url = https_server_.GetURL("/ssl/google.html");
 
   ui_test_utils::NavigateToURL(browser(),
                                GURL(http_url.spec() + good_https_url.spec()));
   CheckAuthenticatedState(tab, AuthState::NONE);
 }
 
 // Flaky on Linux. http://crbug.com/368280.
 #if defined(OS_LINUX)
 #define MAYBE_TestRedirectHTTPToBadHTTPS DISABLED_TestRedirectHTTPToBadHTTPS
 #else
 #define MAYBE_TestRedirectHTTPToBadHTTPS TestRedirectHTTPToBadHTTPS
 #endif
 
 // Visit a page over http that is a redirect to a page with bad HTTPS.
 IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestRedirectHTTPToBadHTTPS) {
-  ASSERT_TRUE(test_server()->Start());
+  ASSERT_TRUE(embedded_test_server()->Start());
   ASSERT_TRUE(https_server_expired_.Start());
 
   WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
 
-  GURL http_url = test_server()->GetURL("server-redirect?");
-  GURL bad_https_url =
-      https_server_expired_.GetURL("files/ssl/google.html");
+  GURL http_url = embedded_test_server()->GetURL("/server-redirect?");
+  GURL bad_https_url = https_server_expired_.GetURL("/ssl/google.html");
   ui_test_utils::NavigateToURL(browser(),
                                GURL(http_url.spec() + bad_https_url.spec()));
   CheckAuthenticationBrokenState(
       tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
 
   ProceedThroughInterstitial(tab);
 
   CheckAuthenticationBrokenState(
       tab, net::CERT_STATUS_DATE_INVALID, AuthState::NONE);
 }
 
 // Visit a page over https that is a redirect to a page with http (to make sure
 // we don't keep the secure state).
 IN_PROC_BROWSER_TEST_F(SSLUITest, TestRedirectHTTPSToHTTP) {
-  ASSERT_TRUE(test_server()->Start());
+  ASSERT_TRUE(embedded_test_server()->Start());
   ASSERT_TRUE(https_server_.Start());
 
-  GURL https_url = https_server_.GetURL("server-redirect?");
-  GURL http_url = test_server()->GetURL("files/ssl/google.html");
+  GURL https_url = https_server_.GetURL("/server-redirect?");
+  GURL http_url = embedded_test_server()->GetURL("/ssl/google.html");
 
   ui_test_utils::NavigateToURL(browser(),
                                GURL(https_url.spec() + http_url.spec()));
   CheckUnauthenticatedState(
       browser()->tab_strip_model()->GetActiveWebContents(), AuthState::NONE);
 }
 
 // Visits a page to which we could not connect (bad port) over http and https
 // and make sure the security style is correct.
 IN_PROC_BROWSER_TEST_F(SSLUITest, TestConnectToBadPort) {
@@ skipping 12 matching lines @@
 //
 // Frame navigation
 //
 
 // From a good HTTPS top frame:
 // - navigate to an OK HTTPS frame
 // - navigate to a bad HTTPS (expect unsafe content and filtered frame), then
 //   back
 // - navigate to HTTP (expect insecure content), then back
 IN_PROC_BROWSER_TEST_F(SSLUITest, TestGoodFrameNavigation) {
-  ASSERT_TRUE(test_server()->Start());
+  ASSERT_TRUE(embedded_test_server()->Start());
   ASSERT_TRUE(https_server_.Start());
   ASSERT_TRUE(https_server_expired_.Start());
 
   std::string top_frame_path;
-  ASSERT_TRUE(GetTopFramePath(*test_server(),
-                              https_server_,
-                              https_server_expired_,
-                              &top_frame_path));
+  GetTopFramePath(*embedded_test_server(), https_server_, https_server_expired_,
+                  &top_frame_path);
 
   WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
   ui_test_utils::NavigateToURL(browser(),
                                https_server_.GetURL(top_frame_path));
 
   CheckAuthenticatedState(tab, AuthState::NONE);
 
   bool success = false;
   // Now navigate inside the frame.
   {
@@ skipping 78 matching lines @@
 
   CheckAuthenticationBrokenState(
       tab,
       CertError::NONE,
       AuthState::DISPLAYED_INSECURE_CONTENT | AuthState::RAN_INSECURE_CONTENT);
 }
 
 // From a bad HTTPS top frame:
 // - navigate to an OK HTTPS frame (expected to be still authentication broken).
 IN_PROC_BROWSER_TEST_F(SSLUITest, TestBadFrameNavigation) {
+  ASSERT_TRUE(embedded_test_server()->Start());
   ASSERT_TRUE(https_server_.Start());
   ASSERT_TRUE(https_server_expired_.Start());
 
   std::string top_frame_path;
-  ASSERT_TRUE(GetTopFramePath(*test_server(),
-                              https_server_,
-                              https_server_expired_,
-                              &top_frame_path));
+  GetTopFramePath(*embedded_test_server(), https_server_, https_server_expired_,
+                  &top_frame_path);
 
   WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
   ui_test_utils::NavigateToURL(browser(),
                                https_server_expired_.GetURL(top_frame_path));
   CheckAuthenticationBrokenState(
       tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
 
   ProceedThroughInterstitial(tab);
 
   // Navigate to a good frame.
@@ skipping 10 matching lines @@
 
   // We should still be authentication broken.
   CheckAuthenticationBrokenState(
       tab, net::CERT_STATUS_DATE_INVALID, AuthState::NONE);
 }
 
 // From an HTTP top frame, navigate to good and bad HTTPS (security state should
 // stay unauthenticated).
 // Disabled, flakily exceeds test timeout, http://crbug.com/43437.
 IN_PROC_BROWSER_TEST_F(SSLUITest, DISABLED_TestUnauthenticatedFrameNavigation) {
-  ASSERT_TRUE(test_server()->Start());
+  ASSERT_TRUE(embedded_test_server()->Start());
   ASSERT_TRUE(https_server_.Start());
   ASSERT_TRUE(https_server_expired_.Start());
 
   std::string top_frame_path;
-  ASSERT_TRUE(GetTopFramePath(*test_server(),
-                              https_server_,
-                              https_server_expired_,
-                              &top_frame_path));
+  GetTopFramePath(*embedded_test_server(), https_server_, https_server_expired_,
+                  &top_frame_path);
 
   WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
   ui_test_utils::NavigateToURL(browser(),
-                               test_server()->GetURL(top_frame_path));
+                               embedded_test_server()->GetURL(top_frame_path));
   CheckUnauthenticatedState(tab, AuthState::NONE);
 
   // Now navigate inside the frame to a secure HTTPS frame.
   {
     bool success = false;
     content::WindowedNotificationObserver observer(
         content::NOTIFICATION_LOAD_STOP,
         content::Source<NavigationController>(&tab->GetController()));
     EXPECT_TRUE(content::ExecuteScriptAndExtractBool(
         tab,
@@ skipping 35 matching lines @@
   EXPECT_FALSE(is_content_evil);
 }
 
 IN_PROC_BROWSER_TEST_F(SSLUITest, TestUnsafeContentsInWorkerFiltered) {
   ASSERT_TRUE(https_server_.Start());
   ASSERT_TRUE(https_server_expired_.Start());
 
   // This page will spawn a Worker which will try to load content from
   // BadCertServer.
   std::string page_with_unsafe_worker_path;
-  ASSERT_TRUE(GetPageWithUnsafeWorkerPath(https_server_expired_,
-                                          &page_with_unsafe_worker_path));
+  GetPageWithUnsafeWorkerPath(https_server_expired_,
+                              &page_with_unsafe_worker_path);
   ui_test_utils::NavigateToURL(browser(), https_server_.GetURL(
       page_with_unsafe_worker_path));
   WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
   // Expect Worker not to load insecure content.
   CheckWorkerLoadResult(tab, false);
   // The bad content is filtered, expect the state to be authenticated.
   CheckAuthenticatedState(tab, AuthState::NONE);
 }
 
 // This test, and the related test TestUnsafeContentsWithUserException, verify
 // that if unsafe content is loaded but the host of that unsafe content has a
 // user exception, the content runs and the security style remains
 // authenticated. This is not necessarily the behavior that should exist, but it
 // is verification that it does behave that way. See https://crbug.com/477868
 // for more inforamtion on this.
 IN_PROC_BROWSER_TEST_F(SSLUITest, TestUnsafeContentsInWorkerWithUserException) {
   ASSERT_TRUE(https_server_.Start());
   // Note that it is necessary to user https_server_mismatched_ here over the
   // other invalid cert servers. This is because the test relies on the two
   // servers having different hosts since SSL exceptions are per-host, not per
   // origin, and https_server_mismatched_ uses 'localhost' rather than
   // '127.0.0.1'.
   ASSERT_TRUE(https_server_mismatched_.Start());
 
   // Navigate to an unsafe site. Proceed with interstitial page to indicate
   // the user approves the bad certificate.
   ui_test_utils::NavigateToURL(
-      browser(), https_server_mismatched_.GetURL("files/ssl/blank_page.html"));
+      browser(), https_server_mismatched_.GetURL("/ssl/blank_page.html"));
   WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
   CheckAuthenticationBrokenState(tab, net::CERT_STATUS_COMMON_NAME_INVALID,
                                  AuthState::SHOWING_INTERSTITIAL);
   ProceedThroughInterstitial(tab);
   CheckAuthenticationBrokenState(tab, net::CERT_STATUS_COMMON_NAME_INVALID,
                                  AuthState::NONE);
 
   // Navigate to safe page that has Worker loading unsafe content.
   // Expect content to load but be marked as auth broken due to running insecure
   // content.
   std::string page_with_unsafe_worker_path;
-  ASSERT_TRUE(GetPageWithUnsafeWorkerPath(https_server_mismatched_,
-                                          &page_with_unsafe_worker_path));
+  GetPageWithUnsafeWorkerPath(https_server_mismatched_,
+                              &page_with_unsafe_worker_path);
   ui_test_utils::NavigateToURL(
       browser(), https_server_.GetURL(page_with_unsafe_worker_path));
   CheckWorkerLoadResult(tab, true);  // Worker loads insecure content
   CheckAuthenticatedState(tab, CertError::NONE);
 }
 
 // Visits a page with unsafe content and makes sure that if a user exception to
 // the certificate error is present, the image is loaded and script executes.
 //
 // See the comment above SSLUITest.TestUnsafeContentsInWorkerWithUserException
 // for a discussion about the desired behavior.
 IN_PROC_BROWSER_TEST_F(SSLUITest, TestUnsafeContentsWithUserException) {
   ASSERT_TRUE(https_server_.Start());
   // Note that it is necessary to user https_server_mismatched_ here over the
   // other invalid cert servers. This is because the test relies on the two
   // servers having different hosts since SSL exceptions are per-host, not per
   // origin, and https_server_mismatched_ uses 'localhost' rather than
   // '127.0.0.1'.
   ASSERT_TRUE(https_server_mismatched_.Start());
 
   // Navigate to an unsafe site. Proceed with interstitial page to indicate
   // the user approves the bad certificate.
   ui_test_utils::NavigateToURL(
-      browser(), https_server_mismatched_.GetURL("files/ssl/blank_page.html"));
+      browser(), https_server_mismatched_.GetURL("/ssl/blank_page.html"));
   WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
   CheckAuthenticationBrokenState(tab, net::CERT_STATUS_COMMON_NAME_INVALID,
                                  AuthState::SHOWING_INTERSTITIAL);
   ProceedThroughInterstitial(tab);
   CheckAuthenticationBrokenState(tab, net::CERT_STATUS_COMMON_NAME_INVALID,
                                  AuthState::NONE);
 
   std::string replacement_path;
-  ASSERT_TRUE(GetFilePathWithHostAndPortReplacement(
-      "files/ssl/page_with_unsafe_contents.html",
-      https_server_mismatched_.host_port_pair(), &replacement_path));
+  GetFilePathWithHostAndPortReplacement(
+      "/ssl/page_with_unsafe_contents.html",
+      https_server_mismatched_.host_port_pair(), &replacement_path);
   ui_test_utils::NavigateToURL(browser(),
                                https_server_.GetURL(replacement_path));
 
   // When the bad content is filtered, the state is expected to be
   // authenticated.
   CheckAuthenticatedState(tab, AuthState::NONE);
 
   int img_width;
   EXPECT_TRUE(content::ExecuteScriptAndExtractInt(
       tab, "window.domAutomationController.send(ImageWidth());", &img_width));
   // In order to check that the image was loaded, we check its width.
   // The actual image (Google logo) is 114 pixels wide, so we assume a good
   // image is greater than 100.
   EXPECT_GT(img_width, 100);
 
   bool js_result = false;
   EXPECT_TRUE(content::ExecuteScriptAndExtractBool(
       tab, "window.domAutomationController.send(IsFooSet());", &js_result));
   EXPECT_TRUE(js_result);
   CheckAuthenticatedState(tab, CertError::NONE);
 }
 
 // Test that when the browser blocks displaying insecure content (images), the
 // indicator shows a secure page, because the blocking made the otherwise
 // unsafe page safe (the notification of this state is handled by other means).
 IN_PROC_BROWSER_TEST_F(SSLUITestBlock, TestBlockDisplayingInsecureImage) {
-  ASSERT_TRUE(test_server()->Start());
+  ASSERT_TRUE(embedded_test_server()->Start());
   ASSERT_TRUE(https_server_.Start());
 
   std::string replacement_path;
-  ASSERT_TRUE(GetFilePathWithHostAndPortReplacement(
-      "files/ssl/page_displays_insecure_content.html",
-      test_server()->host_port_pair(),
-      &replacement_path));
+  GetFilePathWithHostAndPortReplacement(
+      "/ssl/page_displays_insecure_content.html",
+      embedded_test_server()->host_port_pair(), &replacement_path);
 
   ui_test_utils::NavigateToURL(browser(),
                                https_server_.GetURL(replacement_path));
 
   CheckAuthenticatedState(browser()->tab_strip_model()->GetActiveWebContents(),
                           AuthState::NONE);
 }
 
 // Test that when the browser blocks displaying insecure content (iframes), the
 // indicator shows a secure page, because the blocking made the otherwise
 // unsafe page safe (the notification of this state is handled by other means)
 IN_PROC_BROWSER_TEST_F(SSLUITestBlock, TestBlockDisplayingInsecureIframe) {
-  ASSERT_TRUE(test_server()->Start());
+  ASSERT_TRUE(embedded_test_server()->Start());
   ASSERT_TRUE(https_server_.Start());
 
   std::string replacement_path;
-  ASSERT_TRUE(GetFilePathWithHostAndPortReplacement(
-      "files/ssl/page_displays_insecure_iframe.html",
-      test_server()->host_port_pair(),
-      &replacement_path));
+  GetFilePathWithHostAndPortReplacement(
+      "/ssl/page_displays_insecure_iframe.html",
+      embedded_test_server()->host_port_pair(), &replacement_path);
 
   ui_test_utils::NavigateToURL(browser(),
                                https_server_.GetURL(replacement_path));
 
   CheckAuthenticatedState(browser()->tab_strip_model()->GetActiveWebContents(),
                           AuthState::NONE);
 }
 
 // Test that when the browser blocks running insecure content, the
 // indicator shows a secure page, because the blocking made the otherwise
 // unsafe page safe (the notification of this state is handled by other means).
 IN_PROC_BROWSER_TEST_F(SSLUITestBlock, TestBlockRunningInsecureContent) {
-  ASSERT_TRUE(test_server()->Start());
+  ASSERT_TRUE(embedded_test_server()->Start());
   ASSERT_TRUE(https_server_.Start());
 
   std::string replacement_path;
-  ASSERT_TRUE(GetFilePathWithHostAndPortReplacement(
-      "files/ssl/page_runs_insecure_content.html",
-      test_server()->host_port_pair(),
-      &replacement_path));
+  GetFilePathWithHostAndPortReplacement(
+      "/ssl/page_runs_insecure_content.html",
+      embedded_test_server()->host_port_pair(), &replacement_path);
 
   ui_test_utils::NavigateToURL(browser(),
                                https_server_.GetURL(replacement_path));
 
   CheckAuthenticatedState(browser()->tab_strip_model()->GetActiveWebContents(),
                           AuthState::NONE);
 }
 
 // Visit a page and establish a WebSocket connection over bad https with
 // --ignore-certificate-errors. The connection should be established without
 // interstitial page showing.
 IN_PROC_BROWSER_TEST_F(SSLUITestIgnoreCertErrors, TestWSS) {
-  ASSERT_TRUE(test_server()->Start());
+  ASSERT_TRUE(embedded_test_server()->Start());
   ASSERT_TRUE(wss_server_expired_.Start());
 
   // Setup page title observer.
   WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
   content::TitleWatcher watcher(tab, ASCIIToUTF16("PASS"));
   watcher.AlsoWaitForTitle(ASCIIToUTF16("FAIL"));
 
   // Visit bad HTTPS page.
   GURL::Replacements replacements;
   replacements.SetSchemeStr("https");
-  ui_test_utils::NavigateToURL(
-      browser(),
-      wss_server_expired_.GetURL(
-          "connect_check.html").ReplaceComponents(replacements));
+  ui_test_utils::NavigateToURL(browser(),
+                               wss_server_expired_.GetURL("connect_check.html")
+                                   .ReplaceComponents(replacements));
 
   // We shouldn't have an interstitial page showing here.
 
   // Test page run a WebSocket wss connection test. The result will be shown
   // as page title.
   const base::string16 result = watcher.WaitAndGetTitle();
   EXPECT_TRUE(base::LowerCaseEqualsASCII(result, "pass"));
 }
 
 // Verifies that the interstitial can proceed, even if JavaScript is disabled.
 // http://crbug.com/322948
 #if defined(OS_LINUX)
 // flaky http://crbug.com/396458
 #define MAYBE_TestInterstitialJavaScriptProceeds \
     DISABLED_TestInterstitialJavaScriptProceeds
 #else
 #define MAYBE_TestInterstitialJavaScriptProceeds \
     TestInterstitialJavaScriptProceeds
 #endif
 IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestInterstitialJavaScriptProceeds) {
   HostContentSettingsMapFactory::GetForProfile(browser()->profile())
       ->SetDefaultContentSetting(CONTENT_SETTINGS_TYPE_JAVASCRIPT,
                                  CONTENT_SETTING_BLOCK);
 
   ASSERT_TRUE(https_server_expired_.Start());
   WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
-  ui_test_utils::NavigateToURL(browser(),
-      https_server_expired_.GetURL("files/ssl/google.html"));
+  ui_test_utils::NavigateToURL(
+      browser(), https_server_expired_.GetURL("/ssl/google.html"));
   CheckAuthenticationBrokenState(
       tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
 
   content::WindowedNotificationObserver observer(
       content::NOTIFICATION_LOAD_STOP,
       content::Source<NavigationController>(&tab->GetController()));
   InterstitialPage* interstitial_page = tab->GetInterstitialPage();
   ASSERT_EQ(SSLBlockingPage::kTypeForTesting,
             interstitial_page->GetDelegateForTesting()->GetTypeForTesting());
   content::RenderViewHost* interstitial_rvh =
@@ skipping 13 matching lines @@
 
 // Verifies that the interstitial can go back, even if JavaScript is disabled.
 // http://crbug.com/322948
 IN_PROC_BROWSER_TEST_F(SSLUITest, TestInterstitialJavaScriptGoesBack) {
   HostContentSettingsMapFactory::GetForProfile(browser()->profile())
       ->SetDefaultContentSetting(CONTENT_SETTINGS_TYPE_JAVASCRIPT,
                                  CONTENT_SETTING_BLOCK);
 
   ASSERT_TRUE(https_server_expired_.Start());
   WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
-  ui_test_utils::NavigateToURL(browser(),
-      https_server_expired_.GetURL("files/ssl/google.html"));
+  ui_test_utils::NavigateToURL(
+      browser(), https_server_expired_.GetURL("/ssl/google.html"));
   CheckAuthenticationBrokenState(
       tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
 
   content::WindowedNotificationObserver observer(
       content::NOTIFICATION_RENDER_WIDGET_HOST_DESTROYED,
       content::NotificationService::AllSources());
   InterstitialPage* interstitial_page = tab->GetInterstitialPage();
   ASSERT_EQ(SSLBlockingPage::kTypeForTesting,
             interstitial_page->GetDelegateForTesting()->GetTypeForTesting());
   content::RenderViewHost* interstitial_rvh =
       interstitial_page->GetMainFrame()->GetRenderViewHost();
   int result = -1;
   std::string javascript = base::StringPrintf(
       "window.domAutomationController.send(%d);",
       SecurityInterstitialPage::CMD_DONT_PROCEED);
   ASSERT_TRUE(content::ExecuteScriptAndExtractInt(
       interstitial_rvh, javascript, &result));
   // The above will hang without the fix.
   EXPECT_EQ(0, result);
   observer.Wait();
   EXPECT_EQ("about:blank", tab->GetVisibleURL().spec());
 }
 
 // Verifies that switching tabs, while showing interstitial page, will not
 // affect the visibility of the interestitial.
 // https://crbug.com/381439
 IN_PROC_BROWSER_TEST_F(SSLUITest, InterstitialNotAffectedByHideShow) {
   ASSERT_TRUE(https_server_expired_.Start());
+  ASSERT_TRUE(https_server_.Start());
+
   WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
   EXPECT_TRUE(tab->GetRenderWidgetHostView()->IsShowing());
   ui_test_utils::NavigateToURL(
-      browser(), https_server_expired_.GetURL("files/ssl/google.html"));
+      browser(), https_server_expired_.GetURL("/ssl/google.html"));
   CheckAuthenticationBrokenState(
       tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
   EXPECT_TRUE(tab->GetRenderWidgetHostView()->IsShowing());
 
-  AddTabAtIndex(0,
-                https_server_.GetURL("files/ssl/google.html"),
+  AddTabAtIndex(0, https_server_.GetURL("/ssl/google.html"),
                 ui::PAGE_TRANSITION_TYPED);
   EXPECT_EQ(2, browser()->tab_strip_model()->count());
   EXPECT_EQ(0, browser()->tab_strip_model()->active_index());
   EXPECT_EQ(tab, browser()->tab_strip_model()->GetWebContentsAt(1));
   EXPECT_FALSE(tab->GetRenderWidgetHostView()->IsShowing());
 
   browser()->tab_strip_model()->ActivateTabAt(1, true);
   EXPECT_TRUE(tab->GetRenderWidgetHostView()->IsShowing());
 }
 
 // Verifies that if a bad certificate is seen for a host and the user proceeds
 // through the interstitial, the decision to proceed is initially remembered.
 // However, if this is followed by another visit, and a good certificate
 // is seen for the same host, the original exception is forgotten.
 IN_PROC_BROWSER_TEST_F(SSLUITest, BadCertFollowedByGoodCert) {
   // It is necessary to use |https_server_expired_| rather than
   // |https_server_mismatched| because the former shares a host with
   // |https_server_| and cert exceptions are per host.
   ASSERT_TRUE(https_server_expired_.Start());
   ASSERT_TRUE(https_server_.Start());
 
   std::string https_server_expired_host =
-      https_server_.GetURL("files/ssl/google.html").host();
+      https_server_.GetURL("/ssl/google.html").host();
   std::string https_server_host =
-      https_server_.GetURL("files/ssl/google.html").host();
+      https_server_.GetURL("/ssl/google.html").host();
   ASSERT_EQ(https_server_expired_host, https_server_host);
 
   WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
 
   Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext());
   ChromeSSLHostStateDelegate* state =
       reinterpret_cast<ChromeSSLHostStateDelegate*>(
           profile->GetSSLHostStateDelegate());
 
   ui_test_utils::NavigateToURL(
-      browser(), https_server_expired_.GetURL("files/ssl/google.html"));
+      browser(), https_server_expired_.GetURL("/ssl/google.html"));
 
   ProceedThroughInterstitial(tab);
   EXPECT_TRUE(state->HasAllowException(https_server_host));
 
   ui_test_utils::NavigateToURL(browser(),
-                               https_server_.GetURL("files/ssl/google.html"));
+                               https_server_.GetURL("/ssl/google.html"));
   ASSERT_FALSE(tab->GetInterstitialPage());
   EXPECT_FALSE(state->HasAllowException(https_server_host));
 }
 
 // Tests that the SSLStatus of a navigation entry for an SSL
 // interstitial matches the navigation entry once the interstitial is
 // clicked through. https://crbug.com/529456
 IN_PROC_BROWSER_TEST_F(SSLUITest,
                        SSLStatusMatchesOnInterstitialAndAfterProceed) {
   ASSERT_TRUE(https_server_expired_.Start());
   WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
   ASSERT_TRUE(tab);
 
   ui_test_utils::NavigateToURL(
-      browser(), https_server_expired_.GetURL("files/ssl/google.html"));
+      browser(), https_server_expired_.GetURL("/ssl/google.html"));
   content::WaitForInterstitialAttach(tab);
   EXPECT_TRUE(tab->ShowingInterstitialPage());
 
   content::NavigationEntry* entry = tab->GetController().GetActiveEntry();
   ASSERT_TRUE(entry);
   content::SSLStatus interstitial_ssl_status = entry->GetSSL();
 
   ProceedThroughInterstitial(tab);
   EXPECT_FALSE(tab->ShowingInterstitialPage());
   entry = tab->GetController().GetActiveEntry();
@@ skipping 64 matching lines @@
     command_line->AppendSwitchASCII(switches::kForceFieldTrials,
                                     "SSLCommonNameMismatchHandling/Enabled/");
   }
 };
 
 // Visit the URL www.mail.example.com on a server that presents a valid
 // certificate for mail.example.com. Verify that the page navigates to
 // mail.example.com.
 IN_PROC_BROWSER_TEST_F(CommonNameMismatchBrowserTest,
                        ShouldShowWWWSubdomainMismatchInterstitial) {
-  net::SpawnedTestServer https_server_example_domain_(
-      net::SpawnedTestServer::TYPE_HTTPS,
-      net::SpawnedTestServer::SSLOptions(
-          net::SpawnedTestServer::SSLOptions::CERT_OK),
+  net::EmbeddedTestServer https_server_example_domain_(
+      net::EmbeddedTestServer::TYPE_HTTPS);
+  https_server_example_domain_.ServeFilesFromSourceDirectory(
       base::FilePath(kDocRoot));
   ASSERT_TRUE(https_server_example_domain_.Start());
 
   host_resolver()->AddRule(
       "mail.example.com", https_server_example_domain_.host_port_pair().host());
   host_resolver()->AddRule(
       "www.mail.example.com",
       https_server_example_domain_.host_port_pair().host());
 
   scoped_refptr<net::X509Certificate> cert =
@@ skipping 15 matching lines @@
   net::CertVerifyResult verify_result_valid;
   verify_result_valid.verified_cert =
       net::ImportCertFromFile(net::GetTestCertsDirectory(), "spdy_pooling.pem");
   // Request to "www.mail.example.com" should not result in any error.
   mock_cert_verifier()->AddResultForCertAndHost(cert.get(), "mail.example.com",
                                                 verify_result_valid, net::OK);
 
   // Use a complex URL to ensure the path, etc., are preserved. The path itself
   // does not matter.
   GURL https_server_url =
-      https_server_example_domain_.GetURL("files/ssl/google.html?a=b#anchor");
+      https_server_example_domain_.GetURL("/ssl/google.html?a=b#anchor");
   GURL::Replacements replacements;
   replacements.SetHostStr("www.mail.example.com");
   GURL https_server_mismatched_url =
       https_server_url.ReplaceComponents(replacements);
 
   WebContents* contents = browser()->tab_strip_model()->GetActiveWebContents();
   content::TestNavigationObserver observer(contents, 2);
   ui_test_utils::NavigateToURL(browser(), https_server_mismatched_url);
   observer.Wait();
 
   CheckSecurityState(contents, CertError::NONE,
                      content::SECURITY_STYLE_AUTHENTICATED, AuthState::NONE);
   replacements.SetHostStr("mail.example.com");
   GURL https_server_new_url = https_server_url.ReplaceComponents(replacements);
   // Verify that the current URL is the suggested URL.
   EXPECT_EQ(https_server_new_url.spec(),
             contents->GetLastCommittedURL().spec());
 }
 
 // Visit the URL example.org on a server that presents a valid certificate
 // for www.example.org. Verify that the page redirects to www.example.org.
 IN_PROC_BROWSER_TEST_F(CommonNameMismatchBrowserTest,
                        CheckWWWSubdomainMismatchInverse) {
-  net::SpawnedTestServer https_server_example_domain_(
-      net::SpawnedTestServer::TYPE_HTTPS,
-      net::SpawnedTestServer::SSLOptions(
-          net::SpawnedTestServer::SSLOptions::CERT_OK),
+  net::EmbeddedTestServer https_server_example_domain_(
+      net::EmbeddedTestServer::TYPE_HTTPS);
+  https_server_example_domain_.ServeFilesFromSourceDirectory(
       base::FilePath(kDocRoot));
   ASSERT_TRUE(https_server_example_domain_.Start());
 
   host_resolver()->AddRule(
       "www.example.org", https_server_example_domain_.host_port_pair().host());
   host_resolver()->AddRule(
       "example.org", https_server_example_domain_.host_port_pair().host());
 
   scoped_refptr<net::X509Certificate> cert =
       https_server_example_domain_.GetCertificate();
 
   net::CertVerifyResult verify_result;
   verify_result.verified_cert =
       net::ImportCertFromFile(net::GetTestCertsDirectory(), "spdy_pooling.pem");
   verify_result.cert_status = net::CERT_STATUS_COMMON_NAME_INVALID;
 
   mock_cert_verifier()->AddResultForCertAndHost(
       cert.get(), "example.org", verify_result,
       net::ERR_CERT_COMMON_NAME_INVALID);
 
   net::CertVerifyResult verify_result_valid;
   verify_result_valid.verified_cert =
       net::ImportCertFromFile(net::GetTestCertsDirectory(), "spdy_pooling.pem");
   mock_cert_verifier()->AddResultForCertAndHost(cert.get(), "www.example.org",
                                                 verify_result_valid, net::OK);
 
   GURL https_server_url =
-      https_server_example_domain_.GetURL("files/ssl/google.html?a=b");
+      https_server_example_domain_.GetURL("/ssl/google.html?a=b");
   GURL::Replacements replacements;
   replacements.SetHostStr("example.org");
   GURL https_server_mismatched_url =
       https_server_url.ReplaceComponents(replacements);
 
   WebContents* contents = browser()->tab_strip_model()->GetActiveWebContents();
   content::TestNavigationObserver observer(contents, 2);
   ui_test_utils::NavigateToURL(browser(), https_server_mismatched_url);
   observer.Wait();
 
   CheckSecurityState(contents, CertError::NONE,
                      content::SECURITY_STYLE_AUTHENTICATED, AuthState::NONE);
 }
 
 // Tests this scenario:
 // - |CommonNameMismatchHandler| does not give a callback as it's set into the
 //   state |IGNORE_REQUESTS_FOR_TESTING|. So no suggested URL check result can
 //   arrive.
 // - A cert error triggers an interstitial timer with a very long timeout.
 // - No suggested URL check results arrive, causing the tab to appear as loading
 //   indefinitely (also because the timer has a long timeout).
 // - Stopping the page load shouldn't result in any interstitials.
 IN_PROC_BROWSER_TEST_F(CommonNameMismatchBrowserTest,
                        InterstitialStopNavigationWhileLoading) {
-  net::SpawnedTestServer https_server_example_domain_(
-      net::SpawnedTestServer::TYPE_HTTPS,
-      net::SpawnedTestServer::SSLOptions(
-          net::SpawnedTestServer::SSLOptions::CERT_OK),
+  net::EmbeddedTestServer https_server_example_domain_(
+      net::EmbeddedTestServer::TYPE_HTTPS);
+  https_server_example_domain_.ServeFilesFromSourceDirectory(
       base::FilePath(kDocRoot));
   ASSERT_TRUE(https_server_example_domain_.Start());
 
   host_resolver()->AddRule(
       "mail.example.com", https_server_example_domain_.host_port_pair().host());
   host_resolver()->AddRule(
       "www.mail.example.com",
       https_server_example_domain_.host_port_pair().host());
 
   scoped_refptr<net::X509Certificate> cert =
       https_server_example_domain_.GetCertificate();
 
   net::CertVerifyResult verify_result;
   verify_result.verified_cert =
       net::ImportCertFromFile(net::GetTestCertsDirectory(), "spdy_pooling.pem");
   verify_result.cert_status = net::CERT_STATUS_COMMON_NAME_INVALID;
 
   mock_cert_verifier()->AddResultForCertAndHost(
       cert.get(), "www.mail.example.com", verify_result,
       net::ERR_CERT_COMMON_NAME_INVALID);
 
   net::CertVerifyResult verify_result_valid;
   verify_result_valid.verified_cert =
       net::ImportCertFromFile(net::GetTestCertsDirectory(), "spdy_pooling.pem");
   mock_cert_verifier()->AddResultForCertAndHost(cert.get(), "mail.example.com",
                                                 verify_result_valid, net::OK);
 
   GURL https_server_url =
-      https_server_example_domain_.GetURL("files/ssl/google.html?a=b");
+      https_server_example_domain_.GetURL("/ssl/google.html?a=b");
   GURL::Replacements replacements;
   replacements.SetHostStr("www.mail.example.com");
   GURL https_server_mismatched_url =
       https_server_url.ReplaceComponents(replacements);
 
   WebContents* contents = browser()->tab_strip_model()->GetActiveWebContents();
   CommonNameMismatchHandler::set_state_for_testing(
       CommonNameMismatchHandler::IGNORE_REQUESTS_FOR_TESTING);
   // Set delay long enough so that the page appears loading.
   SSLErrorHandler::SetInterstitialDelayForTest(base::TimeDelta::FromHours(1));
@@ skipping 16 matching lines @@
   // Make sure that the |SSLErrorHandler| is deleted.
   EXPECT_FALSE(ssl_error_handler);
   EXPECT_FALSE(contents->ShowingInterstitialPage());
   EXPECT_FALSE(contents->IsLoading());
 }
 
 // Same as above, but instead of stopping, the loading page is reloaded. The end
 // result is the same. (i.e. page load stops, no interstitials shown)
 IN_PROC_BROWSER_TEST_F(CommonNameMismatchBrowserTest,
                        InterstitialReloadNavigationWhileLoading) {
-  net::SpawnedTestServer https_server_example_domain_(
-      net::SpawnedTestServer::TYPE_HTTPS,
-      net::SpawnedTestServer::SSLOptions(
-          net::SpawnedTestServer::SSLOptions::CERT_OK),
+  net::EmbeddedTestServer https_server_example_domain_(
+      net::EmbeddedTestServer::TYPE_HTTPS);
+  https_server_example_domain_.ServeFilesFromSourceDirectory(
       base::FilePath(kDocRoot));
   ASSERT_TRUE(https_server_example_domain_.Start());
 
   host_resolver()->AddRule(
       "mail.example.com", https_server_example_domain_.host_port_pair().host());
   host_resolver()->AddRule(
       "www.mail.example.com",
       https_server_example_domain_.host_port_pair().host());
 
   scoped_refptr<net::X509Certificate> cert =
       https_server_example_domain_.GetCertificate();
 
   net::CertVerifyResult verify_result;
   verify_result.verified_cert =
       net::ImportCertFromFile(net::GetTestCertsDirectory(), "spdy_pooling.pem");
   verify_result.cert_status = net::CERT_STATUS_COMMON_NAME_INVALID;
 
   mock_cert_verifier()->AddResultForCertAndHost(
       cert.get(), "www.mail.example.com", verify_result,
       net::ERR_CERT_COMMON_NAME_INVALID);
 
   net::CertVerifyResult verify_result_valid;
   verify_result_valid.verified_cert =
       net::ImportCertFromFile(net::GetTestCertsDirectory(), "spdy_pooling.pem");
   mock_cert_verifier()->AddResultForCertAndHost(cert.get(), "mail.example.com",
                                                 verify_result_valid, net::OK);
 
   GURL https_server_url =
-      https_server_example_domain_.GetURL("files/ssl/google.html?a=b");
+      https_server_example_domain_.GetURL("/ssl/google.html?a=b");
   GURL::Replacements replacements;
   replacements.SetHostStr("www.mail.example.com");
   GURL https_server_mismatched_url =
       https_server_url.ReplaceComponents(replacements);
 
   WebContents* contents = browser()->tab_strip_model()->GetActiveWebContents();
   CommonNameMismatchHandler::set_state_for_testing(
       CommonNameMismatchHandler::IGNORE_REQUESTS_FOR_TESTING);
   // Set delay long enough so that the page appears loading.
   SSLErrorHandler::SetInterstitialDelayForTest(base::TimeDelta::FromHours(1));
@@ skipping 14 matching lines @@
   // Make sure that the |SSLErrorHandler| is deleted.
   EXPECT_FALSE(ssl_error_handler);
   EXPECT_FALSE(contents->ShowingInterstitialPage());
   EXPECT_FALSE(contents->IsLoading());
 }
 
 // Same as above, but instead of reloading, the page is navigated away. The
 // new page should load, and no interstitials should be shown.
 IN_PROC_BROWSER_TEST_F(CommonNameMismatchBrowserTest,
                        InterstitialNavigateAwayWhileLoading) {
-  net::SpawnedTestServer https_server_example_domain_(
-      net::SpawnedTestServer::TYPE_HTTPS,
-      net::SpawnedTestServer::SSLOptions(
-          net::SpawnedTestServer::SSLOptions::CERT_OK),
+  net::EmbeddedTestServer https_server_example_domain_(
+      net::EmbeddedTestServer::TYPE_HTTPS);
+  https_server_example_domain_.ServeFilesFromSourceDirectory(
       base::FilePath(kDocRoot));
   ASSERT_TRUE(https_server_example_domain_.Start());
 
   host_resolver()->AddRule(
       "mail.example.com", https_server_example_domain_.host_port_pair().host());
   host_resolver()->AddRule(
       "www.mail.example.com",
       https_server_example_domain_.host_port_pair().host());
 
   scoped_refptr<net::X509Certificate> cert =
       https_server_example_domain_.GetCertificate();
 
   net::CertVerifyResult verify_result;
   verify_result.verified_cert =
       net::ImportCertFromFile(net::GetTestCertsDirectory(), "spdy_pooling.pem");
   verify_result.cert_status = net::CERT_STATUS_COMMON_NAME_INVALID;
 
   mock_cert_verifier()->AddResultForCertAndHost(
       cert.get(), "www.mail.example.com", verify_result,
       net::ERR_CERT_COMMON_NAME_INVALID);
 
   net::CertVerifyResult verify_result_valid;
   verify_result_valid.verified_cert =
       net::ImportCertFromFile(net::GetTestCertsDirectory(), "spdy_pooling.pem");
   mock_cert_verifier()->AddResultForCertAndHost(cert.get(), "mail.example.com",
                                                 verify_result_valid, net::OK);
 
   GURL https_server_url =
-      https_server_example_domain_.GetURL("files/ssl/google.html?a=b");
+      https_server_example_domain_.GetURL("/ssl/google.html?a=b");
   GURL::Replacements replacements;
   replacements.SetHostStr("www.mail.example.com");
   GURL https_server_mismatched_url =
       https_server_url.ReplaceComponents(replacements);
 
   WebContents* contents = browser()->tab_strip_model()->GetActiveWebContents();
   CommonNameMismatchHandler::set_state_for_testing(
       CommonNameMismatchHandler::IGNORE_REQUESTS_FOR_TESTING);
   // Set delay long enough so that the page appears loading.
   SSLErrorHandler::SetInterstitialDelayForTest(base::TimeDelta::FromHours(1));
@@ skipping 32 matching lines @@
         contents, net::ERR_CERT_CONTAINS_ERRORS, ssl_info, request_url, 0,
         base::Time::NowFromSystemTime(), nullptr, base::Callback<void(bool)>());
   }
 };
 
 IN_PROC_BROWSER_TEST_F(SSLBlockingPageIDNTest, SSLBlockingPageDecodesIDN) {
   EXPECT_TRUE(VerifyIDNDecoded());
 }
 
 IN_PROC_BROWSER_TEST_F(CertVerifierBrowserTest, MockCertVerifierSmokeTest) {
-  net::SpawnedTestServer https_server(
-      net::SpawnedTestServer::TYPE_HTTPS,
-      net::SpawnedTestServer::SSLOptions(
-          net::SpawnedTestServer::SSLOptions::CERT_OK),
-      base::FilePath(kDocRoot));
+  net::EmbeddedTestServer https_server(net::EmbeddedTestServer::TYPE_HTTPS);
+  https_server.ServeFilesFromSourceDirectory(base::FilePath(kDocRoot));
   ASSERT_TRUE(https_server.Start());
 
   mock_cert_verifier()->set_default_result(
       net::ERR_CERT_NAME_CONSTRAINT_VIOLATION);
 
   ui_test_utils::NavigateToURL(browser(),
-                               https_server.GetURL("files/ssl/google.html"));
+                               https_server.GetURL("/ssl/google.html"));
 
   CheckSecurityState(browser()->tab_strip_model()->GetActiveWebContents(),
                      net::CERT_STATUS_NAME_CONSTRAINT_VIOLATION,
                      content::SECURITY_STYLE_AUTHENTICATION_BROKEN,
                      AuthState::SHOWING_INTERSTITIAL);
 }
 
 // TODO(jcampan): more tests to do below.
 
 // Visit a page over https that contains a frame with a redirect.
 
 // XMLHttpRequest insecure content in synchronous mode.
 
 // XMLHttpRequest insecure content in asynchronous mode.
 
 // XMLHttpRequest over bad ssl in synchronous mode.
 
 // XMLHttpRequest over OK ssl in synchronous mode.