| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "chrome/browser/ssl/security_state_model.h" | |
| 6 | |
| 7 #include "base/command_line.h" | |
| 8 #include "base/files/file_path.h" | |
| 9 #include "base/macros.h" | |
| 10 #include "base/prefs/pref_service.h" | |
| 11 #include "base/strings/string_split.h" | |
| 12 #include "chrome/browser/ssl/cert_verifier_browser_test.h" | |
| 13 #include "chrome/browser/ssl/ssl_blocking_page.h" | |
| 14 #include "chrome/browser/ui/browser.h" | |
| 15 #include "chrome/browser/ui/tabs/tab_strip_model.h" | |
| 16 #include "chrome/common/chrome_paths.h" | |
| 17 #include "chrome/common/chrome_switches.h" | |
| 18 #include "chrome/common/pref_names.h" | |
| 19 #include "chrome/test/base/in_process_browser_test.h" | |
| 20 #include "chrome/test/base/ui_test_utils.h" | |
| 21 #include "content/public/browser/cert_store.h" | |
| 22 #include "content/public/browser/interstitial_page.h" | |
| 23 #include "content/public/browser/navigation_controller.h" | |
| 24 #include "content/public/browser/notification_service.h" | |
| 25 #include "content/public/browser/notification_types.h" | |
| 26 #include "content/public/browser/web_contents.h" | |
| 27 #include "content/public/common/referrer.h" | |
| 28 #include "content/public/test/browser_test_utils.h" | |
| 29 #include "net/base/net_errors.h" | |
| 30 #include "net/cert/cert_status_flags.h" | |
| 31 #include "net/cert/cert_verify_result.h" | |
| 32 #include "net/cert/mock_cert_verifier.h" | |
| 33 #include "net/cert/x509_certificate.h" | |
| 34 #include "net/dns/mock_host_resolver.h" | |
| 35 #include "net/test/embedded_test_server/embedded_test_server.h" | |
| 36 #include "net/test/embedded_test_server/request_handler_util.h" | |
| 37 #include "net/test/url_request/url_request_failed_job.h" | |
| 38 #include "net/url_request/url_request_filter.h" | |
| 39 | |
| 40 namespace { | |
| 41 | |
| 42 const base::FilePath::CharType kDocRoot[] = | |
| 43 FILE_PATH_LITERAL("chrome/test/data"); | |
| 44 | |
| 45 void CheckSecurityInfoForSecure( | |
| 46 content::WebContents* contents, | |
| 47 SecurityStateModel::SecurityLevel expect_security_level, | |
| 48 SecurityStateModel::SHA1DeprecationStatus expect_sha1_status, | |
| 49 SecurityStateModel::MixedContentStatus expect_mixed_content_status, | |
| 50 bool expect_cert_error) { | |
| 51 ASSERT_TRUE(contents); | |
| 52 | |
| 53 SecurityStateModel* model = SecurityStateModel::FromWebContents(contents); | |
| 54 ASSERT_TRUE(model); | |
| 55 const SecurityStateModel::SecurityInfo& security_info = | |
| 56 model->GetSecurityInfo(); | |
| 57 EXPECT_EQ(expect_security_level, security_info.security_level); | |
| 58 EXPECT_EQ(expect_sha1_status, security_info.sha1_deprecation_status); | |
| 59 EXPECT_EQ(expect_mixed_content_status, security_info.mixed_content_status); | |
| 60 EXPECT_TRUE(security_info.sct_verify_statuses.empty()); | |
| 61 EXPECT_TRUE(security_info.scheme_is_cryptographic); | |
| 62 EXPECT_EQ(expect_cert_error, | |
| 63 net::IsCertStatusError(security_info.cert_status)); | |
| 64 EXPECT_GT(security_info.security_bits, 0); | |
| 65 | |
| 66 content::CertStore* cert_store = content::CertStore::GetInstance(); | |
| 67 scoped_refptr<net::X509Certificate> cert; | |
| 68 EXPECT_TRUE(cert_store->RetrieveCert(security_info.cert_id, &cert)); | |
| 69 } | |
| 70 | |
| 71 void CheckSecurityInfoForNonSecure(content::WebContents* contents) { | |
| 72 ASSERT_TRUE(contents); | |
| 73 | |
| 74 SecurityStateModel* model = SecurityStateModel::FromWebContents(contents); | |
| 75 ASSERT_TRUE(model); | |
| 76 const SecurityStateModel::SecurityInfo& security_info = | |
| 77 model->GetSecurityInfo(); | |
| 78 EXPECT_EQ(SecurityStateModel::NONE, security_info.security_level); | |
| 79 EXPECT_EQ(SecurityStateModel::NO_DEPRECATED_SHA1, | |
| 80 security_info.sha1_deprecation_status); | |
| 81 EXPECT_EQ(SecurityStateModel::NO_MIXED_CONTENT, | |
| 82 security_info.mixed_content_status); | |
| 83 EXPECT_TRUE(security_info.sct_verify_statuses.empty()); | |
| 84 EXPECT_FALSE(security_info.scheme_is_cryptographic); | |
| 85 EXPECT_FALSE(net::IsCertStatusError(security_info.cert_status)); | |
| 86 EXPECT_EQ(-1, security_info.security_bits); | |
| 87 EXPECT_EQ(0, security_info.cert_id); | |
| 88 } | |
| 89 | |
| 90 class SecurityStateModelTest : public CertVerifierBrowserTest { | |
| 91 public: | |
| 92 SecurityStateModelTest() | |
| 93 : https_server_(net::EmbeddedTestServer::TYPE_HTTPS) { | |
| 94 https_server_.ServeFilesFromSourceDirectory(base::FilePath(kDocRoot)); | |
| 95 } | |
| 96 | |
| 97 void SetUpCommandLine(base::CommandLine* command_line) override { | |
| 98 // Browser will both run and display insecure content. | |
| 99 command_line->AppendSwitch(switches::kAllowRunningInsecureContent); | |
| 100 } | |
| 101 | |
| 102 void ProceedThroughInterstitial(content::WebContents* tab) { | |
| 103 content::InterstitialPage* interstitial_page = tab->GetInterstitialPage(); | |
| 104 ASSERT_TRUE(interstitial_page); | |
| 105 ASSERT_EQ(SSLBlockingPage::kTypeForTesting, | |
| 106 interstitial_page->GetDelegateForTesting()->GetTypeForTesting()); | |
| 107 content::WindowedNotificationObserver observer( | |
| 108 content::NOTIFICATION_LOAD_STOP, | |
| 109 content::Source<content::NavigationController>(&tab->GetController())); | |
| 110 interstitial_page->Proceed(); | |
| 111 observer.Wait(); | |
| 112 } | |
| 113 | |
| 114 static void GetFilePathWithHostAndPortReplacement( | |
| 115 const std::string& original_file_path, | |
| 116 const net::HostPortPair& host_port_pair, | |
| 117 std::string* replacement_path) { | |
| 118 base::StringPairs replacement_text; | |
| 119 replacement_text.push_back( | |
| 120 make_pair("REPLACE_WITH_HOST_AND_PORT", host_port_pair.ToString())); | |
| 121 net::test_server::GetFilePathWithReplacements( | |
| 122 original_file_path, replacement_text, replacement_path); | |
| 123 } | |
| 124 | |
| 125 protected: | |
| 126 void SetUpMockCertVerifierForHttpsServer(net::CertStatus cert_status, | |
| 127 int net_result) { | |
| 128 scoped_refptr<net::X509Certificate> cert(https_server_.GetCertificate()); | |
| 129 net::CertVerifyResult verify_result; | |
| 130 verify_result.is_issued_by_known_root = true; | |
| 131 verify_result.verified_cert = cert; | |
| 132 verify_result.cert_status = cert_status; | |
| 133 | |
| 134 mock_cert_verifier()->AddResultForCert(cert.get(), verify_result, | |
| 135 net_result); | |
| 136 } | |
| 137 | |
| 138 net::EmbeddedTestServer https_server_; | |
| 139 | |
| 140 private: | |
| 141 DISALLOW_COPY_AND_ASSIGN(SecurityStateModelTest); | |
| 142 }; | |
| 143 | |
| 144 IN_PROC_BROWSER_TEST_F(SecurityStateModelTest, HttpPage) { | |
| 145 ASSERT_TRUE(embedded_test_server()->Start()); | |
| 146 ui_test_utils::NavigateToURL( | |
| 147 browser(), embedded_test_server()->GetURL("/ssl/google.html")); | |
| 148 content::WebContents* contents = | |
| 149 browser()->tab_strip_model()->GetActiveWebContents(); | |
| 150 ASSERT_TRUE(contents); | |
| 151 | |
| 152 SecurityStateModel* model = SecurityStateModel::FromWebContents(contents); | |
| 153 ASSERT_TRUE(model); | |
| 154 const SecurityStateModel::SecurityInfo& security_info = | |
| 155 model->GetSecurityInfo(); | |
| 156 EXPECT_EQ(SecurityStateModel::NONE, security_info.security_level); | |
| 157 EXPECT_EQ(SecurityStateModel::NO_DEPRECATED_SHA1, | |
| 158 security_info.sha1_deprecation_status); | |
| 159 EXPECT_EQ(SecurityStateModel::NO_MIXED_CONTENT, | |
| 160 security_info.mixed_content_status); | |
| 161 EXPECT_TRUE(security_info.sct_verify_statuses.empty()); | |
| 162 EXPECT_FALSE(security_info.scheme_is_cryptographic); | |
| 163 EXPECT_FALSE(net::IsCertStatusError(security_info.cert_status)); | |
| 164 EXPECT_EQ(0, security_info.cert_id); | |
| 165 EXPECT_EQ(-1, security_info.security_bits); | |
| 166 EXPECT_EQ(0, security_info.connection_status); | |
| 167 } | |
| 168 | |
| 169 IN_PROC_BROWSER_TEST_F(SecurityStateModelTest, HttpsPage) { | |
| 170 ASSERT_TRUE(https_server_.Start()); | |
| 171 SetUpMockCertVerifierForHttpsServer(0, net::OK); | |
| 172 | |
| 173 ui_test_utils::NavigateToURL(browser(), | |
| 174 https_server_.GetURL("/ssl/google.html")); | |
| 175 CheckSecurityInfoForSecure( | |
| 176 browser()->tab_strip_model()->GetActiveWebContents(), | |
| 177 SecurityStateModel::SECURE, SecurityStateModel::NO_DEPRECATED_SHA1, | |
| 178 SecurityStateModel::NO_MIXED_CONTENT, | |
| 179 false /* expect cert status error */); | |
| 180 } | |
| 181 | |
| 182 IN_PROC_BROWSER_TEST_F(SecurityStateModelTest, SHA1Broken) { | |
| 183 ASSERT_TRUE(https_server_.Start()); | |
| 184 // The test server uses a long-lived cert by default, so a SHA1 | |
| 185 // signature in it will register as a "broken" condition rather than | |
| 186 // "warning". | |
| 187 SetUpMockCertVerifierForHttpsServer(net::CERT_STATUS_SHA1_SIGNATURE_PRESENT, | |
| 188 net::OK); | |
| 189 | |
| 190 ui_test_utils::NavigateToURL(browser(), | |
| 191 https_server_.GetURL("/ssl/google.html")); | |
| 192 CheckSecurityInfoForSecure( | |
| 193 browser()->tab_strip_model()->GetActiveWebContents(), | |
| 194 SecurityStateModel::SECURITY_ERROR, | |
| 195 SecurityStateModel::DEPRECATED_SHA1_MAJOR, | |
| 196 SecurityStateModel::NO_MIXED_CONTENT, | |
| 197 false /* expect cert status error */); | |
| 198 } | |
| 199 | |
| 200 IN_PROC_BROWSER_TEST_F(SecurityStateModelTest, MixedContent) { | |
| 201 ASSERT_TRUE(embedded_test_server()->Start()); | |
| 202 ASSERT_TRUE(https_server_.Start()); | |
| 203 SetUpMockCertVerifierForHttpsServer(0, net::OK); | |
| 204 | |
| 205 // Navigate to an HTTPS page that displays mixed content. | |
| 206 std::string replacement_path; | |
| 207 GetFilePathWithHostAndPortReplacement( | |
| 208 "/ssl/page_displays_insecure_content.html", | |
| 209 embedded_test_server()->host_port_pair(), &replacement_path); | |
| 210 ui_test_utils::NavigateToURL(browser(), | |
| 211 https_server_.GetURL(replacement_path)); | |
| 212 CheckSecurityInfoForSecure( | |
| 213 browser()->tab_strip_model()->GetActiveWebContents(), | |
| 214 SecurityStateModel::NONE, SecurityStateModel::NO_DEPRECATED_SHA1, | |
| 215 SecurityStateModel::DISPLAYED_MIXED_CONTENT, | |
| 216 false /* expect cert status error */); | |
| 217 | |
| 218 // Navigate to an HTTPS page that displays mixed content dynamically. | |
| 219 GetFilePathWithHostAndPortReplacement( | |
| 220 "/ssl/page_with_dynamic_insecure_content.html", | |
| 221 embedded_test_server()->host_port_pair(), &replacement_path); | |
| 222 ui_test_utils::NavigateToURL(browser(), | |
| 223 https_server_.GetURL(replacement_path)); | |
| 224 CheckSecurityInfoForSecure( | |
| 225 browser()->tab_strip_model()->GetActiveWebContents(), | |
| 226 SecurityStateModel::SECURE, SecurityStateModel::NO_DEPRECATED_SHA1, | |
| 227 SecurityStateModel::NO_MIXED_CONTENT, | |
| 228 false /* expect cert status error */); | |
| 229 // Load the insecure image. | |
| 230 bool js_result = false; | |
| 231 EXPECT_TRUE(content::ExecuteScriptAndExtractBool( | |
| 232 browser()->tab_strip_model()->GetActiveWebContents(), "loadBadImage();", | |
| 233 &js_result)); | |
| 234 EXPECT_TRUE(js_result); | |
| 235 CheckSecurityInfoForSecure( | |
| 236 browser()->tab_strip_model()->GetActiveWebContents(), | |
| 237 SecurityStateModel::NONE, SecurityStateModel::NO_DEPRECATED_SHA1, | |
| 238 SecurityStateModel::DISPLAYED_MIXED_CONTENT, | |
| 239 false /* expect cert status error */); | |
| 240 | |
| 241 // Navigate to an HTTPS page that runs mixed content. | |
| 242 GetFilePathWithHostAndPortReplacement( | |
| 243 "/ssl/page_runs_insecure_content.html", | |
| 244 embedded_test_server()->host_port_pair(), &replacement_path); | |
| 245 ui_test_utils::NavigateToURL(browser(), | |
| 246 https_server_.GetURL(replacement_path)); | |
| 247 CheckSecurityInfoForSecure( | |
| 248 browser()->tab_strip_model()->GetActiveWebContents(), | |
| 249 SecurityStateModel::SECURITY_ERROR, | |
| 250 SecurityStateModel::NO_DEPRECATED_SHA1, | |
| 251 SecurityStateModel::RAN_MIXED_CONTENT, | |
| 252 false /* expect cert status error */); | |
| 253 | |
| 254 // Navigate to an HTTPS page that runs and displays mixed content. | |
| 255 GetFilePathWithHostAndPortReplacement( | |
| 256 "/ssl/page_runs_and_displays_insecure_content.html", | |
| 257 embedded_test_server()->host_port_pair(), &replacement_path); | |
| 258 ui_test_utils::NavigateToURL(browser(), | |
| 259 https_server_.GetURL(replacement_path)); | |
| 260 CheckSecurityInfoForSecure( | |
| 261 browser()->tab_strip_model()->GetActiveWebContents(), | |
| 262 SecurityStateModel::SECURITY_ERROR, | |
| 263 SecurityStateModel::NO_DEPRECATED_SHA1, | |
| 264 SecurityStateModel::RAN_AND_DISPLAYED_MIXED_CONTENT, | |
| 265 false /* expect cert status error */); | |
| 266 | |
| 267 // Navigate to an HTTPS page that runs mixed content in an iframe. | |
| 268 net::HostPortPair host_port_pair = | |
| 269 net::HostPortPair::FromURL(https_server_.GetURL("/")); | |
| 270 host_port_pair.set_host("different-host.test"); | |
| 271 host_resolver()->AddRule("different-host.test", | |
| 272 https_server_.GetURL("/").host()); | |
| 273 host_resolver()->AddRule("different-http-host.test", | |
| 274 embedded_test_server()->GetURL("/").host()); | |
| 275 GetFilePathWithHostAndPortReplacement( | |
| 276 "/ssl/page_runs_insecure_content_in_iframe.html", host_port_pair, | |
| 277 &replacement_path); | |
| 278 ui_test_utils::NavigateToURL(browser(), | |
| 279 https_server_.GetURL(replacement_path)); | |
| 280 CheckSecurityInfoForSecure( | |
| 281 browser()->tab_strip_model()->GetActiveWebContents(), | |
| 282 SecurityStateModel::SECURITY_ERROR, | |
| 283 SecurityStateModel::NO_DEPRECATED_SHA1, | |
| 284 SecurityStateModel::RAN_MIXED_CONTENT, | |
| 285 false /* expect cert status error */); | |
| 286 } | |
| 287 | |
| 288 // Same as the test above but with a long-lived SHA1 cert. | |
| 289 IN_PROC_BROWSER_TEST_F(SecurityStateModelTest, MixedContentWithBrokenSHA1) { | |
| 290 ASSERT_TRUE(embedded_test_server()->Start()); | |
| 291 ASSERT_TRUE(https_server_.Start()); | |
| 292 // The test server uses a long-lived cert by default, so a SHA1 | |
| 293 // signature in it will register as a "broken" condition rather than | |
| 294 // "warning". | |
| 295 SetUpMockCertVerifierForHttpsServer(net::CERT_STATUS_SHA1_SIGNATURE_PRESENT, | |
| 296 net::OK); | |
| 297 | |
| 298 // Navigate to an HTTPS page that displays mixed content. | |
| 299 std::string replacement_path; | |
| 300 GetFilePathWithHostAndPortReplacement( | |
| 301 "/ssl/page_displays_insecure_content.html", | |
| 302 embedded_test_server()->host_port_pair(), &replacement_path); | |
| 303 ui_test_utils::NavigateToURL(browser(), | |
| 304 https_server_.GetURL(replacement_path)); | |
| 305 CheckSecurityInfoForSecure( | |
| 306 browser()->tab_strip_model()->GetActiveWebContents(), | |
| 307 SecurityStateModel::SECURITY_ERROR, | |
| 308 SecurityStateModel::DEPRECATED_SHA1_MAJOR, | |
| 309 SecurityStateModel::DISPLAYED_MIXED_CONTENT, | |
| 310 false /* expect cert status error */); | |
| 311 | |
| 312 // Navigate to an HTTPS page that displays mixed content dynamically. | |
| 313 GetFilePathWithHostAndPortReplacement( | |
| 314 "/ssl/page_with_dynamic_insecure_content.html", | |
| 315 embedded_test_server()->host_port_pair(), &replacement_path); | |
| 316 ui_test_utils::NavigateToURL(browser(), | |
| 317 https_server_.GetURL(replacement_path)); | |
| 318 CheckSecurityInfoForSecure( | |
| 319 browser()->tab_strip_model()->GetActiveWebContents(), | |
| 320 SecurityStateModel::SECURITY_ERROR, | |
| 321 SecurityStateModel::DEPRECATED_SHA1_MAJOR, | |
| 322 SecurityStateModel::NO_MIXED_CONTENT, | |
| 323 false /* expect cert status error */); | |
| 324 // Load the insecure image. | |
| 325 bool js_result = false; | |
| 326 EXPECT_TRUE(content::ExecuteScriptAndExtractBool( | |
| 327 browser()->tab_strip_model()->GetActiveWebContents(), "loadBadImage();", | |
| 328 &js_result)); | |
| 329 EXPECT_TRUE(js_result); | |
| 330 CheckSecurityInfoForSecure( | |
| 331 browser()->tab_strip_model()->GetActiveWebContents(), | |
| 332 SecurityStateModel::SECURITY_ERROR, | |
| 333 SecurityStateModel::DEPRECATED_SHA1_MAJOR, | |
| 334 SecurityStateModel::DISPLAYED_MIXED_CONTENT, | |
| 335 false /* expect cert status error */); | |
| 336 | |
| 337 // Navigate to an HTTPS page that runs mixed content. | |
| 338 GetFilePathWithHostAndPortReplacement( | |
| 339 "/ssl/page_runs_insecure_content.html", | |
| 340 embedded_test_server()->host_port_pair(), &replacement_path); | |
| 341 ui_test_utils::NavigateToURL(browser(), | |
| 342 https_server_.GetURL(replacement_path)); | |
| 343 CheckSecurityInfoForSecure( | |
| 344 browser()->tab_strip_model()->GetActiveWebContents(), | |
| 345 SecurityStateModel::SECURITY_ERROR, | |
| 346 SecurityStateModel::DEPRECATED_SHA1_MAJOR, | |
| 347 SecurityStateModel::RAN_MIXED_CONTENT, | |
| 348 false /* expect cert status error */); | |
| 349 | |
| 350 // Navigate to an HTTPS page that runs and displays mixed content. | |
| 351 GetFilePathWithHostAndPortReplacement( | |
| 352 "/ssl/page_runs_and_displays_insecure_content.html", | |
| 353 embedded_test_server()->host_port_pair(), &replacement_path); | |
| 354 ui_test_utils::NavigateToURL(browser(), | |
| 355 https_server_.GetURL(replacement_path)); | |
| 356 CheckSecurityInfoForSecure( | |
| 357 browser()->tab_strip_model()->GetActiveWebContents(), | |
| 358 SecurityStateModel::SECURITY_ERROR, | |
| 359 SecurityStateModel::DEPRECATED_SHA1_MAJOR, | |
| 360 SecurityStateModel::RAN_AND_DISPLAYED_MIXED_CONTENT, | |
| 361 false /* expect cert status error */); | |
| 362 } | |
| 363 | |
| 364 IN_PROC_BROWSER_TEST_F(SecurityStateModelTest, BrokenHTTPS) { | |
| 365 ASSERT_TRUE(embedded_test_server()->Start()); | |
| 366 ASSERT_TRUE(https_server_.Start()); | |
| 367 SetUpMockCertVerifierForHttpsServer(net::CERT_STATUS_DATE_INVALID, | |
| 368 net::ERR_CERT_DATE_INVALID); | |
| 369 | |
| 370 ui_test_utils::NavigateToURL(browser(), | |
| 371 https_server_.GetURL("/ssl/google.html")); | |
| 372 CheckSecurityInfoForSecure( | |
| 373 browser()->tab_strip_model()->GetActiveWebContents(), | |
| 374 SecurityStateModel::SECURITY_ERROR, | |
| 375 SecurityStateModel::NO_DEPRECATED_SHA1, | |
| 376 SecurityStateModel::NO_MIXED_CONTENT, | |
| 377 true /* expect cert status error */); | |
| 378 | |
| 379 ProceedThroughInterstitial( | |
| 380 browser()->tab_strip_model()->GetActiveWebContents()); | |
| 381 | |
| 382 CheckSecurityInfoForSecure( | |
| 383 browser()->tab_strip_model()->GetActiveWebContents(), | |
| 384 SecurityStateModel::SECURITY_ERROR, | |
| 385 SecurityStateModel::NO_DEPRECATED_SHA1, | |
| 386 SecurityStateModel::NO_MIXED_CONTENT, | |
| 387 true /* expect cert status error */); | |
| 388 | |
| 389 // Navigate to a broken HTTPS page that displays mixed content. | |
| 390 std::string replacement_path; | |
| 391 GetFilePathWithHostAndPortReplacement( | |
| 392 "/ssl/page_displays_insecure_content.html", | |
| 393 embedded_test_server()->host_port_pair(), &replacement_path); | |
| 394 ui_test_utils::NavigateToURL(browser(), | |
| 395 https_server_.GetURL(replacement_path)); | |
| 396 CheckSecurityInfoForSecure( | |
| 397 browser()->tab_strip_model()->GetActiveWebContents(), | |
| 398 SecurityStateModel::SECURITY_ERROR, | |
| 399 SecurityStateModel::NO_DEPRECATED_SHA1, | |
| 400 SecurityStateModel::DISPLAYED_MIXED_CONTENT, | |
| 401 true /* expect cert status error */); | |
| 402 } | |
| 403 | |
| 404 // Fails requests with ERR_IO_PENDING. Can be used to simulate a navigation | |
| 405 // that never stops loading. | |
| 406 class PendingJobInterceptor : public net::URLRequestInterceptor { | |
| 407 public: | |
| 408 PendingJobInterceptor() {} | |
| 409 ~PendingJobInterceptor() override {} | |
| 410 | |
| 411 // URLRequestInterceptor implementation | |
| 412 net::URLRequestJob* MaybeInterceptRequest( | |
| 413 net::URLRequest* request, | |
| 414 net::NetworkDelegate* network_delegate) const override { | |
| 415 return new net::URLRequestFailedJob(request, network_delegate, | |
| 416 net::ERR_IO_PENDING); | |
| 417 } | |
| 418 | |
| 419 private: | |
| 420 DISALLOW_COPY_AND_ASSIGN(PendingJobInterceptor); | |
| 421 }; | |
| 422 | |
| 423 void InstallLoadingInterceptor(const std::string& host) { | |
| 424 net::URLRequestFilter* filter = net::URLRequestFilter::GetInstance(); | |
| 425 filter->AddHostnameInterceptor( | |
| 426 "http", host, | |
| 427 scoped_ptr<net::URLRequestInterceptor>(new PendingJobInterceptor())); | |
| 428 } | |
| 429 | |
| 430 class SecurityStateModelLoadingTest : public SecurityStateModelTest { | |
| 431 public: | |
| 432 SecurityStateModelLoadingTest() : SecurityStateModelTest() {} | |
| 433 ~SecurityStateModelLoadingTest() override{}; | |
| 434 | |
| 435 protected: | |
| 436 void SetUpOnMainThread() override { | |
| 437 ASSERT_TRUE(embedded_test_server()->Start()); | |
| 438 | |
| 439 content::BrowserThread::PostTask( | |
| 440 content::BrowserThread::IO, FROM_HERE, | |
| 441 base::Bind(&InstallLoadingInterceptor, | |
| 442 embedded_test_server()->GetURL("/").host())); | |
| 443 } | |
| 444 | |
| 445 DISALLOW_COPY_AND_ASSIGN(SecurityStateModelLoadingTest); | |
| 446 }; | |
| 447 | |
| 448 // Tests that navigation state changes cause the security state to be | |
| 449 // updated. | |
| 450 IN_PROC_BROWSER_TEST_F(SecurityStateModelLoadingTest, NavigationStateChanges) { | |
| 451 ASSERT_TRUE(https_server_.Start()); | |
| 452 SetUpMockCertVerifierForHttpsServer(0, net::OK); | |
| 453 | |
| 454 // Navigate to an HTTPS page. | |
| 455 ui_test_utils::NavigateToURL(browser(), | |
| 456 https_server_.GetURL("/ssl/google.html")); | |
| 457 CheckSecurityInfoForSecure( | |
| 458 browser()->tab_strip_model()->GetActiveWebContents(), | |
| 459 SecurityStateModel::SECURE, SecurityStateModel::NO_DEPRECATED_SHA1, | |
| 460 SecurityStateModel::NO_MIXED_CONTENT, | |
| 461 false /* expect cert status error */); | |
| 462 | |
| 463 // Navigate to a page that doesn't finish loading. Test that the | |
| 464 // security state is neutral while the page is loading. | |
| 465 browser()->OpenURL(content::OpenURLParams(embedded_test_server()->GetURL("/"), | |
| 466 content::Referrer(), CURRENT_TAB, | |
| 467 ui::PAGE_TRANSITION_TYPED, false)); | |
| 468 CheckSecurityInfoForNonSecure( | |
| 469 browser()->tab_strip_model()->GetActiveWebContents()); | |
| 470 } | |
| 471 | |
| 472 // Tests that the SecurityStateModel for a WebContents is up-to-date | |
| 473 // when the WebContents is inserted into a Browser's TabStripModel. | |
| 474 IN_PROC_BROWSER_TEST_F(SecurityStateModelTest, AddedTab) { | |
| 475 ASSERT_TRUE(https_server_.Start()); | |
| 476 SetUpMockCertVerifierForHttpsServer(0, net::OK); | |
| 477 | |
| 478 content::WebContents* tab = | |
| 479 browser()->tab_strip_model()->GetActiveWebContents(); | |
| 480 ASSERT_TRUE(tab); | |
| 481 | |
| 482 content::WebContents* new_contents = content::WebContents::Create( | |
| 483 content::WebContents::CreateParams(tab->GetBrowserContext())); | |
| 484 content::NavigationController& controller = new_contents->GetController(); | |
| 485 SecurityStateModel::CreateForWebContents(new_contents); | |
| 486 CheckSecurityInfoForNonSecure(new_contents); | |
| 487 controller.LoadURL(https_server_.GetURL("/"), content::Referrer(), | |
| 488 ui::PAGE_TRANSITION_TYPED, std::string()); | |
| 489 EXPECT_TRUE(content::WaitForLoadStop(new_contents)); | |
| 490 CheckSecurityInfoForSecure(new_contents, SecurityStateModel::SECURE, | |
| 491 SecurityStateModel::NO_DEPRECATED_SHA1, | |
| 492 SecurityStateModel::NO_MIXED_CONTENT, | |
| 493 false /* expect cert status error */); | |
| 494 | |
| 495 browser()->tab_strip_model()->InsertWebContentsAt(0, new_contents, | |
| 496 TabStripModel::ADD_NONE); | |
| 497 CheckSecurityInfoForSecure(new_contents, SecurityStateModel::SECURE, | |
| 498 SecurityStateModel::NO_DEPRECATED_SHA1, | |
| 499 SecurityStateModel::NO_MIXED_CONTENT, | |
| 500 false /* expect cert status error */); | |
| 501 } | |
| 502 | |
| 503 } // namespace | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1440303002:
Componentize SecurityStateModel (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master