| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "chrome/browser/ssl/security_state_model.h" | |
| 6 | |
| 7 #include "base/command_line.h" | |
| 8 #include "base/files/file_path.h" | |
| 9 #include "base/macros.h" | |
| 10 #include "base/prefs/pref_service.h" | |
| 11 #include "base/strings/string_split.h" | |
| 12 #include "chrome/browser/ssl/cert_verifier_browser_test.h" | |
| 13 #include "chrome/browser/ssl/chrome_security_state_model_client.h" | |
| 14 #include "chrome/browser/ssl/ssl_blocking_page.h" | |
| 15 #include "chrome/browser/ui/browser.h" | |
| 16 #include "chrome/browser/ui/tabs/tab_strip_model.h" | |
| 17 #include "chrome/common/chrome_paths.h" | |
| 18 #include "chrome/common/chrome_switches.h" | |
| 19 #include "chrome/common/pref_names.h" | |
| 20 #include "chrome/test/base/in_process_browser_test.h" | |
| 21 #include "chrome/test/base/ui_test_utils.h" | |
| 22 #include "content/public/browser/cert_store.h" | |
| 23 #include "content/public/browser/interstitial_page.h" | |
| 24 #include "content/public/browser/navigation_controller.h" | |
| 25 #include "content/public/browser/notification_service.h" | |
| 26 #include "content/public/browser/notification_types.h" | |
| 27 #include "content/public/browser/web_contents.h" | |
| 28 #include "content/public/common/referrer.h" | |
| 29 #include "content/public/test/browser_test_utils.h" | |
| 30 #include "net/base/net_errors.h" | |
| 31 #include "net/cert/cert_status_flags.h" | |
| 32 #include "net/cert/cert_verify_result.h" | |
| 33 #include "net/cert/mock_cert_verifier.h" | |
| 34 #include "net/cert/x509_certificate.h" | |
| 35 #include "net/dns/mock_host_resolver.h" | |
| 36 #include "net/test/embedded_test_server/embedded_test_server.h" | |
| 37 #include "net/test/embedded_test_server/request_handler_util.h" | |
| 38 #include "net/test/url_request/url_request_failed_job.h" | |
| 39 #include "net/url_request/url_request_filter.h" | |
| 40 | |
| 41 namespace { | |
| 42 | |
| 43 const base::FilePath::CharType kDocRoot[] = | |
| 44 FILE_PATH_LITERAL("chrome/test/data"); | |
| 45 | |
| 46 void CheckSecurityInfoForSecure( | |
| 47 content::WebContents* contents, | |
| 48 SecurityStateModel::SecurityLevel expect_security_level, | |
| 49 SecurityStateModel::SHA1DeprecationStatus expect_sha1_status, | |
| 50 SecurityStateModel::MixedContentStatus expect_mixed_content_status, | |
| 51 bool expect_cert_error) { | |
| 52 ASSERT_TRUE(contents); | |
| 53 | |
| 54 ChromeSecurityStateModelClient* model_client = | |
| 55 ChromeSecurityStateModelClient::FromWebContents(contents); | |
| 56 ASSERT_TRUE(model_client); | |
| 57 const SecurityStateModel::SecurityInfo& security_info = | |
| 58 model_client->GetSecurityInfo(); | |
| 59 EXPECT_EQ(expect_security_level, security_info.security_level); | |
| 60 EXPECT_EQ(expect_sha1_status, security_info.sha1_deprecation_status); | |
| 61 EXPECT_EQ(expect_mixed_content_status, security_info.mixed_content_status); | |
| 62 EXPECT_TRUE(security_info.sct_verify_statuses.empty()); | |
| 63 EXPECT_TRUE(security_info.scheme_is_cryptographic); | |
| 64 EXPECT_EQ(expect_cert_error, | |
| 65 net::IsCertStatusError(security_info.cert_status)); | |
| 66 EXPECT_GT(security_info.security_bits, 0); | |
| 67 | |
| 68 content::CertStore* cert_store = content::CertStore::GetInstance(); | |
| 69 scoped_refptr<net::X509Certificate> cert; | |
| 70 EXPECT_TRUE(cert_store->RetrieveCert(security_info.cert_id, &cert)); | |
| 71 } | |
| 72 | |
| 73 void CheckSecurityInfoForNonSecure(content::WebContents* contents) { | |
| 74 ASSERT_TRUE(contents); | |
| 75 | |
| 76 ChromeSecurityStateModelClient* model_client = | |
| 77 ChromeSecurityStateModelClient::FromWebContents(contents); | |
| 78 ASSERT_TRUE(model_client); | |
| 79 const SecurityStateModel::SecurityInfo& security_info = | |
| 80 model_client->GetSecurityInfo(); | |
| 81 EXPECT_EQ(SecurityStateModel::NONE, security_info.security_level); | |
| 82 EXPECT_EQ(SecurityStateModel::NO_DEPRECATED_SHA1, | |
| 83 security_info.sha1_deprecation_status); | |
| 84 EXPECT_EQ(SecurityStateModel::NO_MIXED_CONTENT, | |
| 85 security_info.mixed_content_status); | |
| 86 EXPECT_TRUE(security_info.sct_verify_statuses.empty()); | |
| 87 EXPECT_FALSE(security_info.scheme_is_cryptographic); | |
| 88 EXPECT_FALSE(net::IsCertStatusError(security_info.cert_status)); | |
| 89 EXPECT_EQ(-1, security_info.security_bits); | |
| 90 EXPECT_EQ(0, security_info.cert_id); | |
| 91 } | |
| 92 | |
| 93 class SecurityStateModelTest : public CertVerifierBrowserTest { | |
| 94 public: | |
| 95 SecurityStateModelTest() | |
| 96 : https_server_(net::EmbeddedTestServer::TYPE_HTTPS) { | |
| 97 https_server_.ServeFilesFromSourceDirectory(base::FilePath(kDocRoot)); | |
| 98 } | |
| 99 | |
| 100 void SetUpCommandLine(base::CommandLine* command_line) override { | |
| 101 // Browser will both run and display insecure content. | |
| 102 command_line->AppendSwitch(switches::kAllowRunningInsecureContent); | |
| 103 } | |
| 104 | |
| 105 void ProceedThroughInterstitial(content::WebContents* tab) { | |
| 106 content::InterstitialPage* interstitial_page = tab->GetInterstitialPage(); | |
| 107 ASSERT_TRUE(interstitial_page); | |
| 108 ASSERT_EQ(SSLBlockingPage::kTypeForTesting, | |
| 109 interstitial_page->GetDelegateForTesting()->GetTypeForTesting()); | |
| 110 content::WindowedNotificationObserver observer( | |
| 111 content::NOTIFICATION_LOAD_STOP, | |
| 112 content::Source<content::NavigationController>(&tab->GetController())); | |
| 113 interstitial_page->Proceed(); | |
| 114 observer.Wait(); | |
| 115 } | |
| 116 | |
| 117 static void GetFilePathWithHostAndPortReplacement( | |
| 118 const std::string& original_file_path, | |
| 119 const net::HostPortPair& host_port_pair, | |
| 120 std::string* replacement_path) { | |
| 121 base::StringPairs replacement_text; | |
| 122 replacement_text.push_back( | |
| 123 make_pair("REPLACE_WITH_HOST_AND_PORT", host_port_pair.ToString())); | |
| 124 net::test_server::GetFilePathWithReplacements( | |
| 125 original_file_path, replacement_text, replacement_path); | |
| 126 } | |
| 127 | |
| 128 protected: | |
| 129 void SetUpMockCertVerifierForHttpsServer(net::CertStatus cert_status, | |
| 130 int net_result) { | |
| 131 scoped_refptr<net::X509Certificate> cert(https_server_.GetCertificate()); | |
| 132 net::CertVerifyResult verify_result; | |
| 133 verify_result.is_issued_by_known_root = true; | |
| 134 verify_result.verified_cert = cert; | |
| 135 verify_result.cert_status = cert_status; | |
| 136 | |
| 137 mock_cert_verifier()->AddResultForCert(cert.get(), verify_result, | |
| 138 net_result); | |
| 139 } | |
| 140 | |
| 141 net::EmbeddedTestServer https_server_; | |
| 142 | |
| 143 private: | |
| 144 DISALLOW_COPY_AND_ASSIGN(SecurityStateModelTest); | |
| 145 }; | |
| 146 | |
| 147 IN_PROC_BROWSER_TEST_F(SecurityStateModelTest, HttpPage) { | |
| 148 ASSERT_TRUE(embedded_test_server()->Start()); | |
| 149 ui_test_utils::NavigateToURL( | |
| 150 browser(), embedded_test_server()->GetURL("/ssl/google.html")); | |
| 151 content::WebContents* contents = | |
| 152 browser()->tab_strip_model()->GetActiveWebContents(); | |
| 153 ASSERT_TRUE(contents); | |
| 154 | |
| 155 ChromeSecurityStateModelClient* model_client = | |
| 156 ChromeSecurityStateModelClient::FromWebContents(contents); | |
| 157 ASSERT_TRUE(model_client); | |
| 158 const SecurityStateModel::SecurityInfo& security_info = | |
| 159 model_client->GetSecurityInfo(); | |
| 160 EXPECT_EQ(SecurityStateModel::NONE, security_info.security_level); | |
| 161 EXPECT_EQ(SecurityStateModel::NO_DEPRECATED_SHA1, | |
| 162 security_info.sha1_deprecation_status); | |
| 163 EXPECT_EQ(SecurityStateModel::NO_MIXED_CONTENT, | |
| 164 security_info.mixed_content_status); | |
| 165 EXPECT_TRUE(security_info.sct_verify_statuses.empty()); | |
| 166 EXPECT_FALSE(security_info.scheme_is_cryptographic); | |
| 167 EXPECT_FALSE(net::IsCertStatusError(security_info.cert_status)); | |
| 168 EXPECT_EQ(0, security_info.cert_id); | |
| 169 EXPECT_EQ(-1, security_info.security_bits); | |
| 170 EXPECT_EQ(0, security_info.connection_status); | |
| 171 } | |
| 172 | |
| 173 IN_PROC_BROWSER_TEST_F(SecurityStateModelTest, HttpsPage) { | |
| 174 ASSERT_TRUE(https_server_.Start()); | |
| 175 SetUpMockCertVerifierForHttpsServer(0, net::OK); | |
| 176 | |
| 177 ui_test_utils::NavigateToURL(browser(), | |
| 178 https_server_.GetURL("/ssl/google.html")); | |
| 179 CheckSecurityInfoForSecure( | |
| 180 browser()->tab_strip_model()->GetActiveWebContents(), | |
| 181 SecurityStateModel::SECURE, SecurityStateModel::NO_DEPRECATED_SHA1, | |
| 182 SecurityStateModel::NO_MIXED_CONTENT, | |
| 183 false /* expect cert status error */); | |
| 184 } | |
| 185 | |
| 186 IN_PROC_BROWSER_TEST_F(SecurityStateModelTest, SHA1Broken) { | |
| 187 ASSERT_TRUE(https_server_.Start()); | |
| 188 // The test server uses a long-lived cert by default, so a SHA1 | |
| 189 // signature in it will register as a "broken" condition rather than | |
| 190 // "warning". | |
| 191 SetUpMockCertVerifierForHttpsServer(net::CERT_STATUS_SHA1_SIGNATURE_PRESENT, | |
| 192 net::OK); | |
| 193 | |
| 194 ui_test_utils::NavigateToURL(browser(), | |
| 195 https_server_.GetURL("/ssl/google.html")); | |
| 196 CheckSecurityInfoForSecure( | |
| 197 browser()->tab_strip_model()->GetActiveWebContents(), | |
| 198 SecurityStateModel::SECURITY_ERROR, | |
| 199 SecurityStateModel::DEPRECATED_SHA1_MAJOR, | |
| 200 SecurityStateModel::NO_MIXED_CONTENT, | |
| 201 false /* expect cert status error */); | |
| 202 } | |
| 203 | |
| 204 IN_PROC_BROWSER_TEST_F(SecurityStateModelTest, MixedContent) { | |
| 205 ASSERT_TRUE(embedded_test_server()->Start()); | |
| 206 ASSERT_TRUE(https_server_.Start()); | |
| 207 SetUpMockCertVerifierForHttpsServer(0, net::OK); | |
| 208 | |
| 209 // Navigate to an HTTPS page that displays mixed content. | |
| 210 std::string replacement_path; | |
| 211 GetFilePathWithHostAndPortReplacement( | |
| 212 "/ssl/page_displays_insecure_content.html", | |
| 213 embedded_test_server()->host_port_pair(), &replacement_path); | |
| 214 ui_test_utils::NavigateToURL(browser(), | |
| 215 https_server_.GetURL(replacement_path)); | |
| 216 CheckSecurityInfoForSecure( | |
| 217 browser()->tab_strip_model()->GetActiveWebContents(), | |
| 218 SecurityStateModel::NONE, SecurityStateModel::NO_DEPRECATED_SHA1, | |
| 219 SecurityStateModel::DISPLAYED_MIXED_CONTENT, | |
| 220 false /* expect cert status error */); | |
| 221 | |
| 222 // Navigate to an HTTPS page that displays mixed content dynamically. | |
| 223 GetFilePathWithHostAndPortReplacement( | |
| 224 "/ssl/page_with_dynamic_insecure_content.html", | |
| 225 embedded_test_server()->host_port_pair(), &replacement_path); | |
| 226 ui_test_utils::NavigateToURL(browser(), | |
| 227 https_server_.GetURL(replacement_path)); | |
| 228 CheckSecurityInfoForSecure( | |
| 229 browser()->tab_strip_model()->GetActiveWebContents(), | |
| 230 SecurityStateModel::SECURE, SecurityStateModel::NO_DEPRECATED_SHA1, | |
| 231 SecurityStateModel::NO_MIXED_CONTENT, | |
| 232 false /* expect cert status error */); | |
| 233 // Load the insecure image. | |
| 234 bool js_result = false; | |
| 235 EXPECT_TRUE(content::ExecuteScriptAndExtractBool( | |
| 236 browser()->tab_strip_model()->GetActiveWebContents(), "loadBadImage();", | |
| 237 &js_result)); | |
| 238 EXPECT_TRUE(js_result); | |
| 239 CheckSecurityInfoForSecure( | |
| 240 browser()->tab_strip_model()->GetActiveWebContents(), | |
| 241 SecurityStateModel::NONE, SecurityStateModel::NO_DEPRECATED_SHA1, | |
| 242 SecurityStateModel::DISPLAYED_MIXED_CONTENT, | |
| 243 false /* expect cert status error */); | |
| 244 | |
| 245 // Navigate to an HTTPS page that runs mixed content. | |
| 246 GetFilePathWithHostAndPortReplacement( | |
| 247 "/ssl/page_runs_insecure_content.html", | |
| 248 embedded_test_server()->host_port_pair(), &replacement_path); | |
| 249 ui_test_utils::NavigateToURL(browser(), | |
| 250 https_server_.GetURL(replacement_path)); | |
| 251 CheckSecurityInfoForSecure( | |
| 252 browser()->tab_strip_model()->GetActiveWebContents(), | |
| 253 SecurityStateModel::SECURITY_ERROR, | |
| 254 SecurityStateModel::NO_DEPRECATED_SHA1, | |
| 255 SecurityStateModel::RAN_MIXED_CONTENT, | |
| 256 false /* expect cert status error */); | |
| 257 | |
| 258 // Navigate to an HTTPS page that runs and displays mixed content. | |
| 259 GetFilePathWithHostAndPortReplacement( | |
| 260 "/ssl/page_runs_and_displays_insecure_content.html", | |
| 261 embedded_test_server()->host_port_pair(), &replacement_path); | |
| 262 ui_test_utils::NavigateToURL(browser(), | |
| 263 https_server_.GetURL(replacement_path)); | |
| 264 CheckSecurityInfoForSecure( | |
| 265 browser()->tab_strip_model()->GetActiveWebContents(), | |
| 266 SecurityStateModel::SECURITY_ERROR, | |
| 267 SecurityStateModel::NO_DEPRECATED_SHA1, | |
| 268 SecurityStateModel::RAN_AND_DISPLAYED_MIXED_CONTENT, | |
| 269 false /* expect cert status error */); | |
| 270 | |
| 271 // Navigate to an HTTPS page that runs mixed content in an iframe. | |
| 272 net::HostPortPair host_port_pair = | |
| 273 net::HostPortPair::FromURL(https_server_.GetURL("/")); | |
| 274 host_port_pair.set_host("different-host.test"); | |
| 275 host_resolver()->AddRule("different-host.test", | |
| 276 https_server_.GetURL("/").host()); | |
| 277 host_resolver()->AddRule("different-http-host.test", | |
| 278 embedded_test_server()->GetURL("/").host()); | |
| 279 GetFilePathWithHostAndPortReplacement( | |
| 280 "/ssl/page_runs_insecure_content_in_iframe.html", host_port_pair, | |
| 281 &replacement_path); | |
| 282 ui_test_utils::NavigateToURL(browser(), | |
| 283 https_server_.GetURL(replacement_path)); | |
| 284 CheckSecurityInfoForSecure( | |
| 285 browser()->tab_strip_model()->GetActiveWebContents(), | |
| 286 SecurityStateModel::SECURITY_ERROR, | |
| 287 SecurityStateModel::NO_DEPRECATED_SHA1, | |
| 288 SecurityStateModel::RAN_MIXED_CONTENT, | |
| 289 false /* expect cert status error */); | |
| 290 } | |
| 291 | |
| 292 // Same as the test above but with a long-lived SHA1 cert. | |
| 293 IN_PROC_BROWSER_TEST_F(SecurityStateModelTest, MixedContentWithBrokenSHA1) { | |
| 294 ASSERT_TRUE(embedded_test_server()->Start()); | |
| 295 ASSERT_TRUE(https_server_.Start()); | |
| 296 // The test server uses a long-lived cert by default, so a SHA1 | |
| 297 // signature in it will register as a "broken" condition rather than | |
| 298 // "warning". | |
| 299 SetUpMockCertVerifierForHttpsServer(net::CERT_STATUS_SHA1_SIGNATURE_PRESENT, | |
| 300 net::OK); | |
| 301 | |
| 302 // Navigate to an HTTPS page that displays mixed content. | |
| 303 std::string replacement_path; | |
| 304 GetFilePathWithHostAndPortReplacement( | |
| 305 "/ssl/page_displays_insecure_content.html", | |
| 306 embedded_test_server()->host_port_pair(), &replacement_path); | |
| 307 ui_test_utils::NavigateToURL(browser(), | |
| 308 https_server_.GetURL(replacement_path)); | |
| 309 CheckSecurityInfoForSecure( | |
| 310 browser()->tab_strip_model()->GetActiveWebContents(), | |
| 311 SecurityStateModel::SECURITY_ERROR, | |
| 312 SecurityStateModel::DEPRECATED_SHA1_MAJOR, | |
| 313 SecurityStateModel::DISPLAYED_MIXED_CONTENT, | |
| 314 false /* expect cert status error */); | |
| 315 | |
| 316 // Navigate to an HTTPS page that displays mixed content dynamically. | |
| 317 GetFilePathWithHostAndPortReplacement( | |
| 318 "/ssl/page_with_dynamic_insecure_content.html", | |
| 319 embedded_test_server()->host_port_pair(), &replacement_path); | |
| 320 ui_test_utils::NavigateToURL(browser(), | |
| 321 https_server_.GetURL(replacement_path)); | |
| 322 CheckSecurityInfoForSecure( | |
| 323 browser()->tab_strip_model()->GetActiveWebContents(), | |
| 324 SecurityStateModel::SECURITY_ERROR, | |
| 325 SecurityStateModel::DEPRECATED_SHA1_MAJOR, | |
| 326 SecurityStateModel::NO_MIXED_CONTENT, | |
| 327 false /* expect cert status error */); | |
| 328 // Load the insecure image. | |
| 329 bool js_result = false; | |
| 330 EXPECT_TRUE(content::ExecuteScriptAndExtractBool( | |
| 331 browser()->tab_strip_model()->GetActiveWebContents(), "loadBadImage();", | |
| 332 &js_result)); | |
| 333 EXPECT_TRUE(js_result); | |
| 334 CheckSecurityInfoForSecure( | |
| 335 browser()->tab_strip_model()->GetActiveWebContents(), | |
| 336 SecurityStateModel::SECURITY_ERROR, | |
| 337 SecurityStateModel::DEPRECATED_SHA1_MAJOR, | |
| 338 SecurityStateModel::DISPLAYED_MIXED_CONTENT, | |
| 339 false /* expect cert status error */); | |
| 340 | |
| 341 // Navigate to an HTTPS page that runs mixed content. | |
| 342 GetFilePathWithHostAndPortReplacement( | |
| 343 "/ssl/page_runs_insecure_content.html", | |
| 344 embedded_test_server()->host_port_pair(), &replacement_path); | |
| 345 ui_test_utils::NavigateToURL(browser(), | |
| 346 https_server_.GetURL(replacement_path)); | |
| 347 CheckSecurityInfoForSecure( | |
| 348 browser()->tab_strip_model()->GetActiveWebContents(), | |
| 349 SecurityStateModel::SECURITY_ERROR, | |
| 350 SecurityStateModel::DEPRECATED_SHA1_MAJOR, | |
| 351 SecurityStateModel::RAN_MIXED_CONTENT, | |
| 352 false /* expect cert status error */); | |
| 353 | |
| 354 // Navigate to an HTTPS page that runs and displays mixed content. | |
| 355 GetFilePathWithHostAndPortReplacement( | |
| 356 "/ssl/page_runs_and_displays_insecure_content.html", | |
| 357 embedded_test_server()->host_port_pair(), &replacement_path); | |
| 358 ui_test_utils::NavigateToURL(browser(), | |
| 359 https_server_.GetURL(replacement_path)); | |
| 360 CheckSecurityInfoForSecure( | |
| 361 browser()->tab_strip_model()->GetActiveWebContents(), | |
| 362 SecurityStateModel::SECURITY_ERROR, | |
| 363 SecurityStateModel::DEPRECATED_SHA1_MAJOR, | |
| 364 SecurityStateModel::RAN_AND_DISPLAYED_MIXED_CONTENT, | |
| 365 false /* expect cert status error */); | |
| 366 } | |
| 367 | |
| 368 IN_PROC_BROWSER_TEST_F(SecurityStateModelTest, BrokenHTTPS) { | |
| 369 ASSERT_TRUE(embedded_test_server()->Start()); | |
| 370 ASSERT_TRUE(https_server_.Start()); | |
| 371 SetUpMockCertVerifierForHttpsServer(net::CERT_STATUS_DATE_INVALID, | |
| 372 net::ERR_CERT_DATE_INVALID); | |
| 373 | |
| 374 ui_test_utils::NavigateToURL(browser(), | |
| 375 https_server_.GetURL("/ssl/google.html")); | |
| 376 CheckSecurityInfoForSecure( | |
| 377 browser()->tab_strip_model()->GetActiveWebContents(), | |
| 378 SecurityStateModel::SECURITY_ERROR, | |
| 379 SecurityStateModel::NO_DEPRECATED_SHA1, | |
| 380 SecurityStateModel::NO_MIXED_CONTENT, | |
| 381 true /* expect cert status error */); | |
| 382 | |
| 383 ProceedThroughInterstitial( | |
| 384 browser()->tab_strip_model()->GetActiveWebContents()); | |
| 385 | |
| 386 CheckSecurityInfoForSecure( | |
| 387 browser()->tab_strip_model()->GetActiveWebContents(), | |
| 388 SecurityStateModel::SECURITY_ERROR, | |
| 389 SecurityStateModel::NO_DEPRECATED_SHA1, | |
| 390 SecurityStateModel::NO_MIXED_CONTENT, | |
| 391 true /* expect cert status error */); | |
| 392 | |
| 393 // Navigate to a broken HTTPS page that displays mixed content. | |
| 394 std::string replacement_path; | |
| 395 GetFilePathWithHostAndPortReplacement( | |
| 396 "/ssl/page_displays_insecure_content.html", | |
| 397 embedded_test_server()->host_port_pair(), &replacement_path); | |
| 398 ui_test_utils::NavigateToURL(browser(), | |
| 399 https_server_.GetURL(replacement_path)); | |
| 400 CheckSecurityInfoForSecure( | |
| 401 browser()->tab_strip_model()->GetActiveWebContents(), | |
| 402 SecurityStateModel::SECURITY_ERROR, | |
| 403 SecurityStateModel::NO_DEPRECATED_SHA1, | |
| 404 SecurityStateModel::DISPLAYED_MIXED_CONTENT, | |
| 405 true /* expect cert status error */); | |
| 406 } | |
| 407 | |
| 408 // Fails requests with ERR_IO_PENDING. Can be used to simulate a navigation | |
| 409 // that never stops loading. | |
| 410 class PendingJobInterceptor : public net::URLRequestInterceptor { | |
| 411 public: | |
| 412 PendingJobInterceptor() {} | |
| 413 ~PendingJobInterceptor() override {} | |
| 414 | |
| 415 // URLRequestInterceptor implementation | |
| 416 net::URLRequestJob* MaybeInterceptRequest( | |
| 417 net::URLRequest* request, | |
| 418 net::NetworkDelegate* network_delegate) const override { | |
| 419 return new net::URLRequestFailedJob(request, network_delegate, | |
| 420 net::ERR_IO_PENDING); | |
| 421 } | |
| 422 | |
| 423 private: | |
| 424 DISALLOW_COPY_AND_ASSIGN(PendingJobInterceptor); | |
| 425 }; | |
| 426 | |
| 427 void InstallLoadingInterceptor(const std::string& host) { | |
| 428 net::URLRequestFilter* filter = net::URLRequestFilter::GetInstance(); | |
| 429 filter->AddHostnameInterceptor( | |
| 430 "http", host, | |
| 431 scoped_ptr<net::URLRequestInterceptor>(new PendingJobInterceptor())); | |
| 432 } | |
| 433 | |
| 434 class SecurityStateModelLoadingTest : public SecurityStateModelTest { | |
| 435 public: | |
| 436 SecurityStateModelLoadingTest() : SecurityStateModelTest() {} | |
| 437 ~SecurityStateModelLoadingTest() override{}; | |
| 438 | |
| 439 protected: | |
| 440 void SetUpOnMainThread() override { | |
| 441 ASSERT_TRUE(embedded_test_server()->Start()); | |
| 442 | |
| 443 content::BrowserThread::PostTask( | |
| 444 content::BrowserThread::IO, FROM_HERE, | |
| 445 base::Bind(&InstallLoadingInterceptor, | |
| 446 embedded_test_server()->GetURL("/").host())); | |
| 447 } | |
| 448 | |
| 449 DISALLOW_COPY_AND_ASSIGN(SecurityStateModelLoadingTest); | |
| 450 }; | |
| 451 | |
| 452 // Tests that navigation state changes cause the security state to be | |
| 453 // updated. | |
| 454 IN_PROC_BROWSER_TEST_F(SecurityStateModelLoadingTest, NavigationStateChanges) { | |
| 455 ASSERT_TRUE(https_server_.Start()); | |
| 456 SetUpMockCertVerifierForHttpsServer(0, net::OK); | |
| 457 | |
| 458 // Navigate to an HTTPS page. | |
| 459 ui_test_utils::NavigateToURL(browser(), | |
| 460 https_server_.GetURL("/ssl/google.html")); | |
| 461 CheckSecurityInfoForSecure( | |
| 462 browser()->tab_strip_model()->GetActiveWebContents(), | |
| 463 SecurityStateModel::SECURE, SecurityStateModel::NO_DEPRECATED_SHA1, | |
| 464 SecurityStateModel::NO_MIXED_CONTENT, | |
| 465 false /* expect cert status error */); | |
| 466 | |
| 467 // Navigate to a page that doesn't finish loading. Test that the | |
| 468 // security state is neutral while the page is loading. | |
| 469 browser()->OpenURL(content::OpenURLParams(embedded_test_server()->GetURL("/"), | |
| 470 content::Referrer(), CURRENT_TAB, | |
| 471 ui::PAGE_TRANSITION_TYPED, false)); | |
| 472 CheckSecurityInfoForNonSecure( | |
| 473 browser()->tab_strip_model()->GetActiveWebContents()); | |
| 474 } | |
| 475 | |
| 476 // Tests that the SecurityStateModel for a WebContents is up-to-date | |
| 477 // when the WebContents is inserted into a Browser's TabStripModel. | |
| 478 IN_PROC_BROWSER_TEST_F(SecurityStateModelTest, AddedTab) { | |
| 479 ASSERT_TRUE(https_server_.Start()); | |
| 480 SetUpMockCertVerifierForHttpsServer(0, net::OK); | |
| 481 | |
| 482 content::WebContents* tab = | |
| 483 browser()->tab_strip_model()->GetActiveWebContents(); | |
| 484 ASSERT_TRUE(tab); | |
| 485 | |
| 486 content::WebContents* new_contents = content::WebContents::Create( | |
| 487 content::WebContents::CreateParams(tab->GetBrowserContext())); | |
| 488 content::NavigationController& controller = new_contents->GetController(); | |
| 489 ChromeSecurityStateModelClient::CreateForWebContents(new_contents); | |
| 490 CheckSecurityInfoForNonSecure(new_contents); | |
| 491 controller.LoadURL(https_server_.GetURL("/"), content::Referrer(), | |
| 492 ui::PAGE_TRANSITION_TYPED, std::string()); | |
| 493 EXPECT_TRUE(content::WaitForLoadStop(new_contents)); | |
| 494 CheckSecurityInfoForSecure(new_contents, SecurityStateModel::SECURE, | |
| 495 SecurityStateModel::NO_DEPRECATED_SHA1, | |
| 496 SecurityStateModel::NO_MIXED_CONTENT, | |
| 497 false /* expect cert status error */); | |
| 498 | |
| 499 browser()->tab_strip_model()->InsertWebContentsAt(0, new_contents, | |
| 500 TabStripModel::ADD_NONE); | |
| 501 CheckSecurityInfoForSecure(new_contents, SecurityStateModel::SECURE, | |
| 502 SecurityStateModel::NO_DEPRECATED_SHA1, | |
| 503 SecurityStateModel::NO_MIXED_CONTENT, | |
| 504 false /* expect cert status error */); | |
| 505 } | |
| 506 | |
| 507 } // namespace | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1539043002:
Pull SecurityStateModel out into a component (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master