Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(513)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/browser/ssl/ssl_browser_tests.cc

Issue 184483002: Set insecure content status also when there are other security issues. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Review follow up: remove bool arguments, introduce enums. Created 6 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | content/browser/ssl/ssl_policy.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "base/command_line.h" 5 #include "base/command_line.h"
6 #include "base/path_service.h" 6 #include "base/path_service.h"
7 #include "base/prefs/pref_service.h" 7 #include "base/prefs/pref_service.h"
8 #include "base/strings/string_util.h" 8 #include "base/strings/string_util.h"
9 #include "base/strings/stringprintf.h" 9 #include "base/strings/stringprintf.h"
10 #include "base/strings/utf_string_conversions.h" 10 #include "base/strings/utf_string_conversions.h"
(...skipping 74 matching lines...) Expand 10 before | Expand all | Expand 10 after
85 seen_ = true; 85 seen_ = true;
86 if (waiting_) 86 if (waiting_)
87 base::MessageLoopForUI::current()->Quit(); 87 base::MessageLoopForUI::current()->Quit();
88 } 88 }
89 89
90 private: 90 private:
91 bool waiting_; 91 bool waiting_;
92 bool seen_; 92 bool seen_;
93 }; 93 };
94 94
95 namespace AuthState {
96
97 enum AuthStateFlags {
98 NONE = 0,
99 DISPLAYED_INSECURE_CONTENT = 1 << 0,
100 RAN_INSECURE_CONTENT = 1 << 1,
101 SHOWING_INTERSTITIAL = 1 << 2
102 };
103
104 void Check(const NavigationEntry& entry, int expected_authentication_state) {
105 EXPECT_EQ(!!(expected_authentication_state & AuthState::SHOWING_INTERSTITIAL)
106 ? content::PAGE_TYPE_INTERSTITIAL
107 : content::PAGE_TYPE_NORMAL,
108 entry.GetPageType());
109
110 bool displayed_insecure_content =
111 !!(entry.GetSSL().content_status & SSLStatus::DISPLAYED_INSECURE_CONTENT);
112 EXPECT_EQ(
113 !!(expected_authentication_state & AuthState::DISPLAYED_INSECURE_CONTENT),
114 displayed_insecure_content);
115
116 bool ran_insecure_content =
117 !!(entry.GetSSL().content_status & SSLStatus::RAN_INSECURE_CONTENT);
118 EXPECT_EQ(!!(expected_authentication_state & AuthState::RAN_INSECURE_CONTENT),
119 ran_insecure_content);
120 }
121
122 } // namespace AuthState
123
124 namespace SecurityStyle {
125
126 void Check(const NavigationEntry& entry,
127 content::SecurityStyle expected_security_style) {
128 EXPECT_EQ(expected_security_style, entry.GetSSL().security_style);
129 }
130
131 } // namespace SecurityStyle
132
133 namespace CertError {
134
135 enum CertErrorFlags {
136 NONE = 0
137 };
138
139 void Check(const NavigationEntry& entry, net::CertStatus error) {
140 if (error) {
141 EXPECT_EQ(error, entry.GetSSL().cert_status & error);
142 net::CertStatus extra_cert_errors =
143 error ^ (entry.GetSSL().cert_status & net::CERT_STATUS_ALL_ERRORS);
144 if (extra_cert_errors)
145 LOG(WARNING) << "Got unexpected cert error: " << extra_cert_errors;
146 } else {
147 EXPECT_EQ(0U, entry.GetSSL().cert_status & net::CERT_STATUS_ALL_ERRORS);
148 }
149 }
150
151 } // namespace CertError
152
153 void CheckSecurityState(WebContents* tab,
154 net::CertStatus error,
155 content::SecurityStyle expected_security_style,
156 int expected_authentication_state) {
157 ASSERT_FALSE(tab->IsCrashed());
158 NavigationEntry* entry = tab->GetController().GetActiveEntry();
159 ASSERT_TRUE(entry);
160 CertError::Check(*entry, error);
161 SecurityStyle::Check(*entry, expected_security_style);
162 AuthState::Check(*entry, expected_authentication_state);
163 }
164
95 } // namespace 165 } // namespace
96 166
97 class SSLUITest : public InProcessBrowserTest { 167 class SSLUITest : public InProcessBrowserTest {
98 public: 168 public:
99 SSLUITest() 169 SSLUITest()
100 : https_server_(net::SpawnedTestServer::TYPE_HTTPS, 170 : https_server_(net::SpawnedTestServer::TYPE_HTTPS,
101 SSLOptions(SSLOptions::CERT_OK), 171 SSLOptions(SSLOptions::CERT_OK),
102 base::FilePath(kDocRoot)), 172 base::FilePath(kDocRoot)),
103 https_server_expired_(net::SpawnedTestServer::TYPE_HTTPS, 173 https_server_expired_(net::SpawnedTestServer::TYPE_HTTPS,
104 SSLOptions(SSLOptions::CERT_EXPIRED), 174 SSLOptions(SSLOptions::CERT_EXPIRED),
105 base::FilePath(kDocRoot)), 175 base::FilePath(kDocRoot)),
106 https_server_mismatched_(net::SpawnedTestServer::TYPE_HTTPS, 176 https_server_mismatched_(net::SpawnedTestServer::TYPE_HTTPS,
107 SSLOptions(SSLOptions::CERT_MISMATCHED_NAME), 177 SSLOptions(SSLOptions::CERT_MISMATCHED_NAME),
108 base::FilePath(kDocRoot)), 178 base::FilePath(kDocRoot)),
109 wss_server_expired_(net::SpawnedTestServer::TYPE_WSS, 179 wss_server_expired_(net::SpawnedTestServer::TYPE_WSS,
110 SSLOptions(SSLOptions::CERT_EXPIRED), 180 SSLOptions(SSLOptions::CERT_EXPIRED),
111 net::GetWebSocketTestDataDirectory()) {} 181 net::GetWebSocketTestDataDirectory()) {}
112 182
113 virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE { 183 virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE {
114 // Browser will both run and display insecure content. 184 // Browser will both run and display insecure content.
115 command_line->AppendSwitch(switches::kAllowRunningInsecureContent); 185 command_line->AppendSwitch(switches::kAllowRunningInsecureContent);
116 // Use process-per-site so that navigating to a same-site page in a 186 // Use process-per-site so that navigating to a same-site page in a
117 // new tab will use the same process. 187 // new tab will use the same process.
118 command_line->AppendSwitch(switches::kProcessPerSite); 188 command_line->AppendSwitch(switches::kProcessPerSite);
119 } 189 }
120 190
121 void CheckState(WebContents* tab,
122 content::SecurityStyle expected_security_style,
123 bool expected_displayed_insecure_content,
124 bool expected_ran_insecure_content) {
125 ASSERT_FALSE(tab->IsCrashed());
126 NavigationEntry* entry = tab->GetController().GetActiveEntry();
127 ASSERT_TRUE(entry);
128 EXPECT_EQ(content::PAGE_TYPE_NORMAL, entry->GetPageType());
129 EXPECT_EQ(expected_security_style, entry->GetSSL().security_style);
130 EXPECT_EQ(0U, entry->GetSSL().cert_status & net::CERT_STATUS_ALL_ERRORS);
131 bool displayed_insecure_content =
132 entry->GetSSL().content_status & SSLStatus::DISPLAYED_INSECURE_CONTENT;
133 EXPECT_EQ(expected_displayed_insecure_content, displayed_insecure_content);
134 bool ran_insecure_content =
135 entry->GetSSL().content_status & SSLStatus::RAN_INSECURE_CONTENT;
136 EXPECT_EQ(expected_ran_insecure_content, ran_insecure_content);
137 }
138
139 void CheckAuthenticatedState(WebContents* tab, 191 void CheckAuthenticatedState(WebContents* tab,
140 bool expected_displayed_insecure_content) { 192 int expected_authentication_state) {
141 CheckState(tab, content::SECURITY_STYLE_AUTHENTICATED, 193 CheckSecurityState(tab,
142 expected_displayed_insecure_content, false); 194 CertError::NONE,
195 content::SECURITY_STYLE_AUTHENTICATED,
196 expected_authentication_state);
143 } 197 }
144 198
145 void CheckUnauthenticatedState(WebContents* tab) { 199 void CheckUnauthenticatedState(WebContents* tab) {
146 CheckState(tab, content::SECURITY_STYLE_UNAUTHENTICATED, false, false); 200 CheckSecurityState(tab,
147 } 201 CertError::NONE,
148 202 content::SECURITY_STYLE_UNAUTHENTICATED,
149 void CheckBrokenAuthenticatedState(WebContents* tab) { 203 AuthState::NONE);
150 CheckState(tab, content::SECURITY_STYLE_AUTHENTICATION_BROKEN, false, true);
151 } 204 }
152 205
153 void CheckAuthenticationBrokenState(WebContents* tab, 206 void CheckAuthenticationBrokenState(WebContents* tab,
154 net::CertStatus error, 207 net::CertStatus error,
155 bool ran_insecure_content, 208 int expected_authentication_state) {
156 bool interstitial) { 209 CheckSecurityState(tab,
157 ASSERT_FALSE(tab->IsCrashed()); 210 error,
158 NavigationEntry* entry = tab->GetController().GetActiveEntry(); 211 content::SECURITY_STYLE_AUTHENTICATION_BROKEN,
159 ASSERT_TRUE(entry); 212 expected_authentication_state);
160 EXPECT_EQ(interstitial ?
161 content::PAGE_TYPE_INTERSTITIAL : content::PAGE_TYPE_NORMAL,
162 entry->GetPageType());
163 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATION_BROKEN,
164 entry->GetSSL().security_style);
165 // CERT_STATUS_UNABLE_TO_CHECK_REVOCATION doesn't lower the security style 213 // CERT_STATUS_UNABLE_TO_CHECK_REVOCATION doesn't lower the security style
166 // to SECURITY_STYLE_AUTHENTICATION_BROKEN. 214 // to SECURITY_STYLE_AUTHENTICATION_BROKEN.
167 ASSERT_NE(net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION, error); 215 ASSERT_NE(net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION, error);
168 EXPECT_EQ(error, entry->GetSSL().cert_status & error);
169 EXPECT_FALSE(!!(entry->GetSSL().content_status &
170 SSLStatus::DISPLAYED_INSECURE_CONTENT));
171 EXPECT_EQ(ran_insecure_content,
172 !!(entry->GetSSL().content_status & SSLStatus::RAN_INSECURE_CONTENT));
173 net::CertStatus extra_cert_errors = error ^ (entry->GetSSL().cert_status &
174 net::CERT_STATUS_ALL_ERRORS);
175 if (extra_cert_errors)
176 LOG(WARNING) << "Got unexpected cert error: " << extra_cert_errors;
177 } 216 }
178 217
179 void CheckWorkerLoadResult(WebContents* tab, bool expected_load) { 218 void CheckWorkerLoadResult(WebContents* tab, bool expected_load) {
180 // Workers are async and we don't have notifications for them passing 219 // Workers are async and we don't have notifications for them passing
181 // messages since they do it between renderer and worker processes. 220 // messages since they do it between renderer and worker processes.
182 // So have a polling loop, check every 200ms, timeout at 30s. 221 // So have a polling loop, check every 200ms, timeout at 30s.
183 const int kTimeoutMS = 200; 222 const int kTimeoutMS = 200;
184 base::Time time_to_quit = base::Time::Now() + 223 base::Time time_to_quit = base::Time::Now() +
185 base::TimeDelta::FromMilliseconds(30000); 224 base::TimeDelta::FromMilliseconds(30000);
186 225
(...skipping 171 matching lines...) Expand 10 before | Expand all | Expand 10 after
358 https_server_expired_.host_port_pair(), 397 https_server_expired_.host_port_pair(),
359 &replacement_path)); 398 &replacement_path));
360 399
361 ui_test_utils::NavigateToURL( 400 ui_test_utils::NavigateToURL(
362 browser(), test_server()->GetURL(replacement_path)); 401 browser(), test_server()->GetURL(replacement_path));
363 402
364 CheckUnauthenticatedState( 403 CheckUnauthenticatedState(
365 browser()->tab_strip_model()->GetActiveWebContents()); 404 browser()->tab_strip_model()->GetActiveWebContents());
366 } 405 }
367 406
407 IN_PROC_BROWSER_TEST_F(SSLUITest, TestBrokenHTTPSWithInsecureContent) {
408 ASSERT_TRUE(test_server()->Start());
409 ASSERT_TRUE(https_server_expired_.Start());
410
411 std::string replacement_path;
412 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement(
413 "files/ssl/page_displays_insecure_content.html",
414 test_server()->host_port_pair(),
415 &replacement_path));
416
417 ui_test_utils::NavigateToURL(browser(),
418 https_server_expired_.GetURL(replacement_path));
419
420 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
421 CheckAuthenticationBrokenState(
422 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
423
424 ProceedThroughInterstitial(tab);
425
426 CheckAuthenticationBrokenState(tab,
427 net::CERT_STATUS_DATE_INVALID,
428 AuthState::DISPLAYED_INSECURE_CONTENT);
429 }
430
368 // http://crbug.com/91745 431 // http://crbug.com/91745
369 #if defined(OS_CHROMEOS) 432 #if defined(OS_CHROMEOS)
370 #define MAYBE_TestOKHTTPS DISABLED_TestOKHTTPS 433 #define MAYBE_TestOKHTTPS DISABLED_TestOKHTTPS
371 #else 434 #else
372 #define MAYBE_TestOKHTTPS TestOKHTTPS 435 #define MAYBE_TestOKHTTPS TestOKHTTPS
373 #endif 436 #endif
374 437
375 // Visits a page over OK https: 438 // Visits a page over OK https:
376 IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestOKHTTPS) { 439 IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestOKHTTPS) {
377 ASSERT_TRUE(https_server_.Start()); 440 ASSERT_TRUE(https_server_.Start());
378 441
379 ui_test_utils::NavigateToURL(browser(), 442 ui_test_utils::NavigateToURL(browser(),
380 https_server_.GetURL("files/ssl/google.html")); 443 https_server_.GetURL("files/ssl/google.html"));
381 444
382 CheckAuthenticatedState( 445 CheckAuthenticatedState(browser()->tab_strip_model()->GetActiveWebContents(),
383 browser()->tab_strip_model()->GetActiveWebContents(), false); 446 AuthState::NONE);
384 } 447 }
385 448
386 // Visits a page with https error and proceed: 449 // Visits a page with https error and proceed:
387 IN_PROC_BROWSER_TEST_F(SSLUITest, TestHTTPSExpiredCertAndProceed) { 450 IN_PROC_BROWSER_TEST_F(SSLUITest, TestHTTPSExpiredCertAndProceed) {
388 ASSERT_TRUE(https_server_expired_.Start()); 451 ASSERT_TRUE(https_server_expired_.Start());
389 452
390 ui_test_utils::NavigateToURL(browser(), 453 ui_test_utils::NavigateToURL(browser(),
391 https_server_expired_.GetURL("files/ssl/google.html")); 454 https_server_expired_.GetURL("files/ssl/google.html"));
392 455
393 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); 456 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
394 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, 457 CheckAuthenticationBrokenState(
395 true); // Interstitial showing 458 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
396 459
397 ProceedThroughInterstitial(tab); 460 ProceedThroughInterstitial(tab);
398 461
399 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, 462 CheckAuthenticationBrokenState(
400 false); // No interstitial showing 463 tab, net::CERT_STATUS_DATE_INVALID, AuthState::NONE);
401 } 464 }
402 465
403 #ifndef NEDBUG 466 #ifndef NEDBUG
404 // Flaky on Windows debug (http://crbug.com/280537). 467 // Flaky on Windows debug (http://crbug.com/280537).
405 #define MAYBE_TestHTTPSExpiredCertAndDontProceed \ 468 #define MAYBE_TestHTTPSExpiredCertAndDontProceed \
406 DISABLED_TestHTTPSExpiredCertAndDontProceed 469 DISABLED_TestHTTPSExpiredCertAndDontProceed
407 #else 470 #else
408 #define MAYBE_TestHTTPSExpiredCertAndDontProceed \ 471 #define MAYBE_TestHTTPSExpiredCertAndDontProceed \
409 TestHTTPSExpiredCertAndDontProceed 472 TestHTTPSExpiredCertAndDontProceed
410 #endif 473 #endif
(...skipping 20 matching lines...) Expand all
431 ASSERT_EQ("127.0.0.1", cross_site_url.host()); 494 ASSERT_EQ("127.0.0.1", cross_site_url.host());
432 GURL::Replacements replacements; 495 GURL::Replacements replacements;
433 std::string new_host("localhost"); 496 std::string new_host("localhost");
434 replacements.SetHostStr(new_host); 497 replacements.SetHostStr(new_host);
435 cross_site_url = cross_site_url.ReplaceComponents(replacements); 498 cross_site_url = cross_site_url.ReplaceComponents(replacements);
436 499
437 // Now go to a bad HTTPS page. 500 // Now go to a bad HTTPS page.
438 ui_test_utils::NavigateToURL(browser(), cross_site_url); 501 ui_test_utils::NavigateToURL(browser(), cross_site_url);
439 502
440 // An interstitial should be showing. 503 // An interstitial should be showing.
441 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_COMMON_NAME_INVALID, 504 CheckAuthenticationBrokenState(tab,
442 false, true); 505 net::CERT_STATUS_COMMON_NAME_INVALID,
506 AuthState::SHOWING_INTERSTITIAL);
443 507
444 // Simulate user clicking "Take me back". 508 // Simulate user clicking "Take me back".
445 InterstitialPage* interstitial_page = tab->GetInterstitialPage(); 509 InterstitialPage* interstitial_page = tab->GetInterstitialPage();
446 ASSERT_TRUE(interstitial_page); 510 ASSERT_TRUE(interstitial_page);
447 interstitial_page->DontProceed(); 511 interstitial_page->DontProceed();
448 512
449 // We should be back to the original good page. 513 // We should be back to the original good page.
450 CheckAuthenticatedState(tab, false); 514 CheckAuthenticatedState(tab, AuthState::NONE);
451 515
452 // Try to navigate to a new page. (to make sure bug 5800 is fixed). 516 // Try to navigate to a new page. (to make sure bug 5800 is fixed).
453 ui_test_utils::NavigateToURL(browser(), 517 ui_test_utils::NavigateToURL(browser(),
454 test_server()->GetURL("files/ssl/google.html")); 518 test_server()->GetURL("files/ssl/google.html"));
455 CheckUnauthenticatedState(tab); 519 CheckUnauthenticatedState(tab);
456 } 520 }
457 521
458 // Visits a page with https error and then goes back using Browser::GoBack. 522 // Visits a page with https error and then goes back using Browser::GoBack.
459 IN_PROC_BROWSER_TEST_F(SSLUITest, 523 IN_PROC_BROWSER_TEST_F(SSLUITest,
460 TestHTTPSExpiredCertAndGoBackViaButton) { 524 TestHTTPSExpiredCertAndGoBackViaButton) {
461 ASSERT_TRUE(test_server()->Start()); 525 ASSERT_TRUE(test_server()->Start());
462 ASSERT_TRUE(https_server_expired_.Start()); 526 ASSERT_TRUE(https_server_expired_.Start());
463 527
464 // First navigate to an HTTP page. 528 // First navigate to an HTTP page.
465 ui_test_utils::NavigateToURL(browser(), 529 ui_test_utils::NavigateToURL(browser(),
466 test_server()->GetURL("files/ssl/google.html")); 530 test_server()->GetURL("files/ssl/google.html"));
467 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); 531 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
468 NavigationEntry* entry = tab->GetController().GetActiveEntry(); 532 NavigationEntry* entry = tab->GetController().GetActiveEntry();
469 ASSERT_TRUE(entry); 533 ASSERT_TRUE(entry);
470 534
471 // Now go to a bad HTTPS page that shows an interstitial. 535 // Now go to a bad HTTPS page that shows an interstitial.
472 ui_test_utils::NavigateToURL(browser(), 536 ui_test_utils::NavigateToURL(browser(),
473 https_server_expired_.GetURL("files/ssl/google.html")); 537 https_server_expired_.GetURL("files/ssl/google.html"));
474 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, 538 CheckAuthenticationBrokenState(
475 true); // Interstitial showing 539 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
476 540
477 ProvisionalLoadWaiter load_failed_observer(tab); 541 ProvisionalLoadWaiter load_failed_observer(tab);
478 542
479 // Simulate user clicking on back button (crbug.com/39248). 543 // Simulate user clicking on back button (crbug.com/39248).
480 chrome::GoBack(browser(), CURRENT_TAB); 544 chrome::GoBack(browser(), CURRENT_TAB);
481 545
482 // Wait until we hear the load failure, and make sure we haven't swapped out 546 // Wait until we hear the load failure, and make sure we haven't swapped out
483 // the previous page. Prevents regression of http://crbug.com/82667. 547 // the previous page. Prevents regression of http://crbug.com/82667.
484 load_failed_observer.Wait(); 548 load_failed_observer.Wait();
485 EXPECT_FALSE(content::RenderViewHostTester::IsRenderViewHostSwappedOut( 549 EXPECT_FALSE(content::RenderViewHostTester::IsRenderViewHostSwappedOut(
(...skipping 15 matching lines...) Expand all
501 // First navigate to an HTTP page. 565 // First navigate to an HTTP page.
502 ui_test_utils::NavigateToURL(browser(), 566 ui_test_utils::NavigateToURL(browser(),
503 test_server()->GetURL("files/ssl/google.html")); 567 test_server()->GetURL("files/ssl/google.html"));
504 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); 568 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
505 NavigationEntry* entry = tab->GetController().GetActiveEntry(); 569 NavigationEntry* entry = tab->GetController().GetActiveEntry();
506 ASSERT_TRUE(entry); 570 ASSERT_TRUE(entry);
507 571
508 // Now go to a bad HTTPS page that shows an interstitial. 572 // Now go to a bad HTTPS page that shows an interstitial.
509 ui_test_utils::NavigateToURL(browser(), 573 ui_test_utils::NavigateToURL(browser(),
510 https_server_expired_.GetURL("files/ssl/google.html")); 574 https_server_expired_.GetURL("files/ssl/google.html"));
511 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, 575 CheckAuthenticationBrokenState(
512 true); // Interstitial showing 576 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
513 577
514 // Simulate user clicking and holding on back button (crbug.com/37215). 578 // Simulate user clicking and holding on back button (crbug.com/37215).
515 tab->GetController().GoToOffset(-1); 579 tab->GetController().GoToOffset(-1);
516 580
517 // We should be back at the original good page. 581 // We should be back at the original good page.
518 EXPECT_FALSE(browser()->tab_strip_model()->GetActiveWebContents()-> 582 EXPECT_FALSE(browser()->tab_strip_model()->GetActiveWebContents()->
519 GetInterstitialPage()); 583 GetInterstitialPage());
520 CheckUnauthenticatedState(tab); 584 CheckUnauthenticatedState(tab);
521 } 585 }
522 586
(...skipping 21 matching lines...) Expand all
544 tab->GetController().GoBack(); 608 tab->GetController().GoBack();
545 observer.Wait(); 609 observer.Wait();
546 } 610 }
547 ASSERT_TRUE(tab->GetController().CanGoForward()); 611 ASSERT_TRUE(tab->GetController().CanGoForward());
548 NavigationEntry* entry3 = tab->GetController().GetActiveEntry(); 612 NavigationEntry* entry3 = tab->GetController().GetActiveEntry();
549 ASSERT_TRUE(entry1 == entry3); 613 ASSERT_TRUE(entry1 == entry3);
550 614
551 // Now go to a bad HTTPS page that shows an interstitial. 615 // Now go to a bad HTTPS page that shows an interstitial.
552 ui_test_utils::NavigateToURL(browser(), 616 ui_test_utils::NavigateToURL(browser(),
553 https_server_expired_.GetURL("files/ssl/google.html")); 617 https_server_expired_.GetURL("files/ssl/google.html"));
554 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, 618 CheckAuthenticationBrokenState(
555 true); // Interstitial showing 619 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
556 620
557 // Simulate user clicking and holding on forward button. 621 // Simulate user clicking and holding on forward button.
558 { 622 {
559 content::WindowedNotificationObserver observer( 623 content::WindowedNotificationObserver observer(
560 content::NOTIFICATION_LOAD_STOP, 624 content::NOTIFICATION_LOAD_STOP,
561 content::Source<NavigationController>(&tab->GetController())); 625 content::Source<NavigationController>(&tab->GetController()));
562 tab->GetController().GoToOffset(1); 626 tab->GetController().GoToOffset(1);
563 observer.Wait(); 627 observer.Wait();
564 } 628 }
565 629
(...skipping 67 matching lines...) Expand 10 before | Expand all | Expand 10 after
633 watcher.AlsoWaitForTitle(ASCIIToUTF16("FAIL")); 697 watcher.AlsoWaitForTitle(ASCIIToUTF16("FAIL"));
634 698
635 // Visit bad HTTPS page. 699 // Visit bad HTTPS page.
636 std::string scheme("https"); 700 std::string scheme("https");
637 GURL::Replacements replacements; 701 GURL::Replacements replacements;
638 replacements.SetSchemeStr(scheme); 702 replacements.SetSchemeStr(scheme);
639 ui_test_utils::NavigateToURL( 703 ui_test_utils::NavigateToURL(
640 browser(), 704 browser(),
641 wss_server_expired_.GetURL( 705 wss_server_expired_.GetURL(
642 "connect_check.html").ReplaceComponents(replacements)); 706 "connect_check.html").ReplaceComponents(replacements));
643 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, 707 CheckAuthenticationBrokenState(
644 true); // Interstitial showing 708 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
645 709
646 // Proceed anyway. 710 // Proceed anyway.
647 ProceedThroughInterstitial(tab); 711 ProceedThroughInterstitial(tab);
648 712
649 // Test page run a WebSocket wss connection test. The result will be shown 713 // Test page run a WebSocket wss connection test. The result will be shown
650 // as page title. 714 // as page title.
651 const base::string16 result = watcher.WaitAndGetTitle(); 715 const base::string16 result = watcher.WaitAndGetTitle();
652 EXPECT_TRUE(LowerCaseEqualsASCII(result, "pass")); 716 EXPECT_TRUE(LowerCaseEqualsASCII(result, "pass"));
653 } 717 }
654 718
(...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after
706 dict->SetString("ISSUER.CN", "pywebsocket"); 770 dict->SetString("ISSUER.CN", "pywebsocket");
707 profile->GetHostContentSettingsMap()->SetWebsiteSetting( 771 profile->GetHostContentSettingsMap()->SetWebsiteSetting(
708 ContentSettingsPattern::FromURL(url), 772 ContentSettingsPattern::FromURL(url),
709 ContentSettingsPattern::FromURL(url), 773 ContentSettingsPattern::FromURL(url),
710 CONTENT_SETTINGS_TYPE_AUTO_SELECT_CERTIFICATE, 774 CONTENT_SETTINGS_TYPE_AUTO_SELECT_CERTIFICATE,
711 std::string(), 775 std::string(),
712 dict.release()); 776 dict.release());
713 777
714 // Visit a HTTPS page which requires client certs. 778 // Visit a HTTPS page which requires client certs.
715 ui_test_utils::NavigateToURL(browser(), url); 779 ui_test_utils::NavigateToURL(browser(), url);
716 CheckAuthenticatedState(tab, false); 780 CheckAuthenticatedState(tab, AuthState::NONE);
717 781
718 // Test page runs a WebSocket wss connection test. The result will be shown 782 // Test page runs a WebSocket wss connection test. The result will be shown
719 // as page title. 783 // as page title.
720 const base::string16 result = watcher.WaitAndGetTitle(); 784 const base::string16 result = watcher.WaitAndGetTitle();
721 EXPECT_TRUE(LowerCaseEqualsASCII(result, "pass")); 785 EXPECT_TRUE(LowerCaseEqualsASCII(result, "pass"));
722 } 786 }
723 #endif // defined(USE_NSS) 787 #endif // defined(USE_NSS)
724 788
725 // Flaky on CrOS http://crbug.com/92292 789 // Flaky on CrOS http://crbug.com/92292
726 #if defined(OS_CHROMEOS) 790 #if defined(OS_CHROMEOS)
(...skipping 102 matching lines...) Expand 10 before | Expand all | Expand 10 after
829 std::string replacement_path; 893 std::string replacement_path;
830 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement( 894 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement(
831 "files/ssl/page_displays_insecure_content.html", 895 "files/ssl/page_displays_insecure_content.html",
832 test_server()->host_port_pair(), 896 test_server()->host_port_pair(),
833 &replacement_path)); 897 &replacement_path));
834 898
835 // Load a page that displays insecure content. 899 // Load a page that displays insecure content.
836 ui_test_utils::NavigateToURL(browser(), 900 ui_test_utils::NavigateToURL(browser(),
837 https_server_.GetURL(replacement_path)); 901 https_server_.GetURL(replacement_path));
838 902
839 CheckAuthenticatedState( 903 CheckAuthenticatedState(browser()->tab_strip_model()->GetActiveWebContents(),
840 browser()->tab_strip_model()->GetActiveWebContents(), true); 904 AuthState::DISPLAYED_INSECURE_CONTENT);
841 } 905 }
842 906
843 // Visits a page that runs insecure content and tries to suppress the insecure 907 // Visits a page that runs insecure content and tries to suppress the insecure
844 // content warnings by randomizing location.hash. 908 // content warnings by randomizing location.hash.
845 // Based on http://crbug.com/8706 909 // Based on http://crbug.com/8706
846 IN_PROC_BROWSER_TEST_F(SSLUITest, 910 IN_PROC_BROWSER_TEST_F(SSLUITest,
847 TestRunsInsecuredContentRandomizeHash) { 911 TestRunsInsecuredContentRandomizeHash) {
848 ASSERT_TRUE(test_server()->Start()); 912 ASSERT_TRUE(test_server()->Start());
849 ASSERT_TRUE(https_server_.Start()); 913 ASSERT_TRUE(https_server_.Start());
850 914
851 ui_test_utils::NavigateToURL(browser(), https_server_.GetURL( 915 ui_test_utils::NavigateToURL(browser(), https_server_.GetURL(
852 "files/ssl/page_runs_insecure_content.html")); 916 "files/ssl/page_runs_insecure_content.html"));
853 917
854 CheckAuthenticationBrokenState( 918 CheckAuthenticationBrokenState(
855 browser()->tab_strip_model()->GetActiveWebContents(), 0, true, false); 919 browser()->tab_strip_model()->GetActiveWebContents(),
920 CertError::NONE,
921 AuthState::DISPLAYED_INSECURE_CONTENT | AuthState::RAN_INSECURE_CONTENT);
856 } 922 }
857 923
858 // Visits a page with unsafe content and make sure that: 924 // Visits a page with unsafe content and make sure that:
859 // - frames content is replaced with warning 925 // - frames content is replaced with warning
860 // - images and scripts are filtered out entirely 926 // - images and scripts are filtered out entirely
861 IN_PROC_BROWSER_TEST_F(SSLUITest, TestUnsafeContents) { 927 IN_PROC_BROWSER_TEST_F(SSLUITest, TestUnsafeContents) {
862 ASSERT_TRUE(https_server_.Start()); 928 ASSERT_TRUE(https_server_.Start());
863 ASSERT_TRUE(https_server_expired_.Start()); 929 ASSERT_TRUE(https_server_expired_.Start());
864 930
865 std::string replacement_path; 931 std::string replacement_path;
866 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement( 932 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement(
867 "files/ssl/page_with_unsafe_contents.html", 933 "files/ssl/page_with_unsafe_contents.html",
868 https_server_expired_.host_port_pair(), 934 https_server_expired_.host_port_pair(),
869 &replacement_path)); 935 &replacement_path));
870 ui_test_utils::NavigateToURL(browser(), 936 ui_test_utils::NavigateToURL(browser(),
871 https_server_.GetURL(replacement_path)); 937 https_server_.GetURL(replacement_path));
872 938
873 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); 939 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
874 // When the bad content is filtered, the state is expected to be 940 // When the bad content is filtered, the state is expected to be
875 // authenticated. 941 // authenticated.
876 CheckAuthenticatedState(tab, false); 942 CheckAuthenticatedState(tab, AuthState::NONE);
877 943
878 // Because of cross-frame scripting restrictions, we cannot access the iframe 944 // Because of cross-frame scripting restrictions, we cannot access the iframe
879 // content. So to know if the frame was loaded, we just check if a popup was 945 // content. So to know if the frame was loaded, we just check if a popup was
880 // opened (the iframe content opens one). 946 // opened (the iframe content opens one).
881 // Note: because of bug 1115868, no web contents modal dialog is opened right 947 // Note: because of bug 1115868, no web contents modal dialog is opened right
882 // now. Once the bug is fixed, this will do the real check. 948 // now. Once the bug is fixed, this will do the real check.
883 EXPECT_FALSE(IsShowingWebContentsModalDialog()); 949 EXPECT_FALSE(IsShowingWebContentsModalDialog());
884 950
885 int img_width; 951 int img_width;
886 EXPECT_TRUE(content::ExecuteScriptAndExtractInt( 952 EXPECT_TRUE(content::ExecuteScriptAndExtractInt(
(...skipping 21 matching lines...) Expand all
908 974
909 std::string replacement_path; 975 std::string replacement_path;
910 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement( 976 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement(
911 "files/ssl/page_with_dynamic_insecure_content.html", 977 "files/ssl/page_with_dynamic_insecure_content.html",
912 test_server()->host_port_pair(), 978 test_server()->host_port_pair(),
913 &replacement_path)); 979 &replacement_path));
914 ui_test_utils::NavigateToURL(browser(), https_server_.GetURL( 980 ui_test_utils::NavigateToURL(browser(), https_server_.GetURL(
915 replacement_path)); 981 replacement_path));
916 982
917 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); 983 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
918 CheckAuthenticatedState(tab, false); 984 CheckAuthenticatedState(tab, AuthState::NONE);
919 985
920 // Load the insecure image. 986 // Load the insecure image.
921 bool js_result = false; 987 bool js_result = false;
922 EXPECT_TRUE(content::ExecuteScriptAndExtractBool( 988 EXPECT_TRUE(content::ExecuteScriptAndExtractBool(
923 tab, 989 tab,
924 "loadBadImage();", 990 "loadBadImage();",
925 &js_result)); 991 &js_result));
926 EXPECT_TRUE(js_result); 992 EXPECT_TRUE(js_result);
927 993
928 // We should now have insecure content. 994 // We should now have insecure content.
929 CheckAuthenticatedState(tab, true); 995 CheckAuthenticatedState(tab, AuthState::DISPLAYED_INSECURE_CONTENT);
930 } 996 }
931 997
932 // Visits two pages from the same origin: one that displays insecure content and 998 // Visits two pages from the same origin: one that displays insecure content and
933 // one that doesn't. The test checks that we do not propagate the insecure 999 // one that doesn't. The test checks that we do not propagate the insecure
934 // content state from one to the other. 1000 // content state from one to the other.
935 IN_PROC_BROWSER_TEST_F(SSLUITest, TestDisplaysInsecureContentTwoTabs) { 1001 IN_PROC_BROWSER_TEST_F(SSLUITest, TestDisplaysInsecureContentTwoTabs) {
936 ASSERT_TRUE(test_server()->Start()); 1002 ASSERT_TRUE(test_server()->Start());
937 ASSERT_TRUE(https_server_.Start()); 1003 ASSERT_TRUE(https_server_.Start());
938 1004
939 ui_test_utils::NavigateToURL(browser(), 1005 ui_test_utils::NavigateToURL(browser(),
940 https_server_.GetURL("files/ssl/blank_page.html")); 1006 https_server_.GetURL("files/ssl/blank_page.html"));
941 1007
942 WebContents* tab1 = browser()->tab_strip_model()->GetActiveWebContents(); 1008 WebContents* tab1 = browser()->tab_strip_model()->GetActiveWebContents();
943 1009
944 // This tab should be fine. 1010 // This tab should be fine.
945 CheckAuthenticatedState(tab1, false); 1011 CheckAuthenticatedState(tab1, AuthState::NONE);
946 1012
947 // Create a new tab. 1013 // Create a new tab.
948 std::string replacement_path; 1014 std::string replacement_path;
949 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement( 1015 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement(
950 "files/ssl/page_displays_insecure_content.html", 1016 "files/ssl/page_displays_insecure_content.html",
951 test_server()->host_port_pair(), 1017 test_server()->host_port_pair(),
952 &replacement_path)); 1018 &replacement_path));
953 1019
954 GURL url = https_server_.GetURL(replacement_path); 1020 GURL url = https_server_.GetURL(replacement_path);
955 chrome::NavigateParams params(browser(), url, content::PAGE_TRANSITION_TYPED); 1021 chrome::NavigateParams params(browser(), url, content::PAGE_TRANSITION_TYPED);
956 params.disposition = NEW_FOREGROUND_TAB; 1022 params.disposition = NEW_FOREGROUND_TAB;
957 params.tabstrip_index = 0; 1023 params.tabstrip_index = 0;
958 params.source_contents = tab1; 1024 params.source_contents = tab1;
959 content::WindowedNotificationObserver observer( 1025 content::WindowedNotificationObserver observer(
960 content::NOTIFICATION_LOAD_STOP, 1026 content::NOTIFICATION_LOAD_STOP,
961 content::NotificationService::AllSources()); 1027 content::NotificationService::AllSources());
962 chrome::Navigate(&params); 1028 chrome::Navigate(&params);
963 WebContents* tab2 = params.target_contents; 1029 WebContents* tab2 = params.target_contents;
964 observer.Wait(); 1030 observer.Wait();
965 1031
966 // The new tab has insecure content. 1032 // The new tab has insecure content.
967 CheckAuthenticatedState(tab2, true); 1033 CheckAuthenticatedState(tab2, AuthState::DISPLAYED_INSECURE_CONTENT);
968 1034
969 // The original tab should not be contaminated. 1035 // The original tab should not be contaminated.
970 CheckAuthenticatedState(tab1, false); 1036 CheckAuthenticatedState(tab1, AuthState::NONE);
971 } 1037 }
972 1038
973 // Visits two pages from the same origin: one that runs insecure content and one 1039 // Visits two pages from the same origin: one that runs insecure content and one
974 // that doesn't. The test checks that we propagate the insecure content state 1040 // that doesn't. The test checks that we propagate the insecure content state
975 // from one to the other. 1041 // from one to the other.
976 IN_PROC_BROWSER_TEST_F(SSLUITest, TestRunsInsecureContentTwoTabs) { 1042 IN_PROC_BROWSER_TEST_F(SSLUITest, TestRunsInsecureContentTwoTabs) {
977 ASSERT_TRUE(test_server()->Start()); 1043 ASSERT_TRUE(test_server()->Start());
978 ASSERT_TRUE(https_server_.Start()); 1044 ASSERT_TRUE(https_server_.Start());
979 1045
980 ui_test_utils::NavigateToURL(browser(), 1046 ui_test_utils::NavigateToURL(browser(),
981 https_server_.GetURL("files/ssl/blank_page.html")); 1047 https_server_.GetURL("files/ssl/blank_page.html"));
982 1048
983 WebContents* tab1 = browser()->tab_strip_model()->GetActiveWebContents(); 1049 WebContents* tab1 = browser()->tab_strip_model()->GetActiveWebContents();
984 1050
985 // This tab should be fine. 1051 // This tab should be fine.
986 CheckAuthenticatedState(tab1, false); 1052 CheckAuthenticatedState(tab1, AuthState::NONE);
987 1053
988 std::string replacement_path; 1054 std::string replacement_path;
989 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement( 1055 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement(
990 "files/ssl/page_runs_insecure_content.html", 1056 "files/ssl/page_runs_insecure_content.html",
991 test_server()->host_port_pair(), 1057 test_server()->host_port_pair(),
992 &replacement_path)); 1058 &replacement_path));
993 1059
994 // Create a new tab in the same process. Using a NEW_FOREGROUND_TAB 1060 // Create a new tab in the same process. Using a NEW_FOREGROUND_TAB
995 // disposition won't usually stay in the same process, but this works 1061 // disposition won't usually stay in the same process, but this works
996 // because we are using process-per-site in SetUpCommandLine. 1062 // because we are using process-per-site in SetUpCommandLine.
997 GURL url = https_server_.GetURL(replacement_path); 1063 GURL url = https_server_.GetURL(replacement_path);
998 chrome::NavigateParams params(browser(), url, content::PAGE_TRANSITION_TYPED); 1064 chrome::NavigateParams params(browser(), url, content::PAGE_TRANSITION_TYPED);
999 params.disposition = NEW_FOREGROUND_TAB; 1065 params.disposition = NEW_FOREGROUND_TAB;
1000 params.source_contents = tab1; 1066 params.source_contents = tab1;
1001 content::WindowedNotificationObserver observer( 1067 content::WindowedNotificationObserver observer(
1002 content::NOTIFICATION_LOAD_STOP, 1068 content::NOTIFICATION_LOAD_STOP,
1003 content::NotificationService::AllSources()); 1069 content::NotificationService::AllSources());
1004 chrome::Navigate(&params); 1070 chrome::Navigate(&params);
1005 WebContents* tab2 = params.target_contents; 1071 WebContents* tab2 = params.target_contents;
1006 observer.Wait(); 1072 observer.Wait();
1007 1073
1008 // Both tabs should have the same process. 1074 // Both tabs should have the same process.
1009 EXPECT_EQ(tab1->GetRenderProcessHost(), tab2->GetRenderProcessHost()); 1075 EXPECT_EQ(tab1->GetRenderProcessHost(), tab2->GetRenderProcessHost());
1010 1076
1011 // The new tab has insecure content. 1077 // The new tab has insecure content.
1012 CheckAuthenticationBrokenState(tab2, 0, true, false); 1078 CheckAuthenticationBrokenState(
1079 tab2,
1080 CertError::NONE,
1081 AuthState::DISPLAYED_INSECURE_CONTENT | AuthState::RAN_INSECURE_CONTENT);
1013 1082
1014 // Which means the origin for the first tab has also been contaminated with 1083 // Which means the origin for the first tab has also been contaminated with
1015 // insecure content. 1084 // insecure content.
1016 CheckAuthenticationBrokenState(tab1, 0, true, false); 1085 CheckAuthenticationBrokenState(
1086 tab1, CertError::NONE, AuthState::RAN_INSECURE_CONTENT);
1017 } 1087 }
1018 1088
1019 // Visits a page with an image over http. Visits another page over https 1089 // Visits a page with an image over http. Visits another page over https
1020 // referencing that same image over http (hoping it is coming from the webcore 1090 // referencing that same image over http (hoping it is coming from the webcore
1021 // memory cache). 1091 // memory cache).
1022 IN_PROC_BROWSER_TEST_F(SSLUITest, TestDisplaysCachedInsecureContent) { 1092 IN_PROC_BROWSER_TEST_F(SSLUITest, TestDisplaysCachedInsecureContent) {
1023 ASSERT_TRUE(test_server()->Start()); 1093 ASSERT_TRUE(test_server()->Start());
1024 ASSERT_TRUE(https_server_.Start()); 1094 ASSERT_TRUE(https_server_.Start());
1025 1095
1026 std::string replacement_path; 1096 std::string replacement_path;
1027 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement( 1097 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement(
1028 "files/ssl/page_displays_insecure_content.html", 1098 "files/ssl/page_displays_insecure_content.html",
1029 test_server()->host_port_pair(), 1099 test_server()->host_port_pair(),
1030 &replacement_path)); 1100 &replacement_path));
1031 1101
1032 // Load original page over HTTP. 1102 // Load original page over HTTP.
1033 const GURL url_http = test_server()->GetURL(replacement_path); 1103 const GURL url_http = test_server()->GetURL(replacement_path);
1034 ui_test_utils::NavigateToURL(browser(), url_http); 1104 ui_test_utils::NavigateToURL(browser(), url_http);
1035 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); 1105 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
1036 CheckUnauthenticatedState(tab); 1106 CheckUnauthenticatedState(tab);
1037 1107
1038 // Load again but over SSL. It should be marked as displaying insecure 1108 // Load again but over SSL. It should be marked as displaying insecure
1039 // content (even though the image comes from the WebCore memory cache). 1109 // content (even though the image comes from the WebCore memory cache).
1040 const GURL url_https = https_server_.GetURL(replacement_path); 1110 const GURL url_https = https_server_.GetURL(replacement_path);
1041 ui_test_utils::NavigateToURL(browser(), url_https); 1111 ui_test_utils::NavigateToURL(browser(), url_https);
1042 CheckAuthenticatedState(tab, true); 1112 CheckAuthenticatedState(tab, AuthState::DISPLAYED_INSECURE_CONTENT);
1043 } 1113 }
1044 1114
1045 // http://crbug.com/84729 1115 // http://crbug.com/84729
1046 #if defined(OS_CHROMEOS) 1116 #if defined(OS_CHROMEOS)
1047 #define MAYBE_TestRunsCachedInsecureContent \ 1117 #define MAYBE_TestRunsCachedInsecureContent \
1048 DISABLED_TestRunsCachedInsecureContent 1118 DISABLED_TestRunsCachedInsecureContent
1049 #else 1119 #else
1050 #define MAYBE_TestRunsCachedInsecureContent TestRunsCachedInsecureContent 1120 #define MAYBE_TestRunsCachedInsecureContent TestRunsCachedInsecureContent
1051 #endif // defined(OS_CHROMEOS) 1121 #endif // defined(OS_CHROMEOS)
1052 1122
(...skipping 13 matching lines...) Expand all
1066 // Load original page over HTTP. 1136 // Load original page over HTTP.
1067 const GURL url_http = test_server()->GetURL(replacement_path); 1137 const GURL url_http = test_server()->GetURL(replacement_path);
1068 ui_test_utils::NavigateToURL(browser(), url_http); 1138 ui_test_utils::NavigateToURL(browser(), url_http);
1069 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); 1139 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
1070 CheckUnauthenticatedState(tab); 1140 CheckUnauthenticatedState(tab);
1071 1141
1072 // Load again but over SSL. It should be marked as displaying insecure 1142 // Load again but over SSL. It should be marked as displaying insecure
1073 // content (even though the image comes from the WebCore memory cache). 1143 // content (even though the image comes from the WebCore memory cache).
1074 const GURL url_https = https_server_.GetURL(replacement_path); 1144 const GURL url_https = https_server_.GetURL(replacement_path);
1075 ui_test_utils::NavigateToURL(browser(), url_https); 1145 ui_test_utils::NavigateToURL(browser(), url_https);
1076 CheckAuthenticationBrokenState(tab, 0, true, false); 1146 CheckAuthenticationBrokenState(
1147 tab,
1148 CertError::NONE,
1149 AuthState::DISPLAYED_INSECURE_CONTENT | AuthState::RAN_INSECURE_CONTENT);
1077 } 1150 }
1078 1151
1079 // This test ensures the CN invalid status does not 'stick' to a certificate 1152 // This test ensures the CN invalid status does not 'stick' to a certificate
1080 // (see bug #1044942) and that it depends on the host-name. 1153 // (see bug #1044942) and that it depends on the host-name.
1081 IN_PROC_BROWSER_TEST_F(SSLUITest, TestCNInvalidStickiness) { 1154 IN_PROC_BROWSER_TEST_F(SSLUITest, TestCNInvalidStickiness) {
1082 ASSERT_TRUE(https_server_.Start()); 1155 ASSERT_TRUE(https_server_.Start());
1083 ASSERT_TRUE(https_server_mismatched_.Start()); 1156 ASSERT_TRUE(https_server_mismatched_.Start());
1084 1157
1085 // First we hit the server with hostname, this generates an invalid policy 1158 // First we hit the server with hostname, this generates an invalid policy
1086 // error. 1159 // error.
1087 ui_test_utils::NavigateToURL(browser(), 1160 ui_test_utils::NavigateToURL(browser(),
1088 https_server_mismatched_.GetURL("files/ssl/google.html")); 1161 https_server_mismatched_.GetURL("files/ssl/google.html"));
1089 1162
1090 // We get an interstitial page as a result. 1163 // We get an interstitial page as a result.
1091 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); 1164 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
1092 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_COMMON_NAME_INVALID, 1165 CheckAuthenticationBrokenState(tab,
1093 false, true); // Interstitial showing. 1166 net::CERT_STATUS_COMMON_NAME_INVALID,
1167 AuthState::SHOWING_INTERSTITIAL);
1094 ProceedThroughInterstitial(tab); 1168 ProceedThroughInterstitial(tab);
1095 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_COMMON_NAME_INVALID, 1169 CheckAuthenticationBrokenState(
1096 false, false); // No interstitial showing. 1170 tab, net::CERT_STATUS_COMMON_NAME_INVALID, AuthState::NONE);
1097 1171
1098 // Now we try again with the right host name this time. 1172 // Now we try again with the right host name this time.
1099 GURL url(https_server_.GetURL("files/ssl/google.html")); 1173 GURL url(https_server_.GetURL("files/ssl/google.html"));
1100 ui_test_utils::NavigateToURL(browser(), url); 1174 ui_test_utils::NavigateToURL(browser(), url);
1101 1175
1102 // Security state should be OK. 1176 // Security state should be OK.
1103 CheckAuthenticatedState(tab, false); 1177 CheckAuthenticatedState(tab, AuthState::NONE);
1104 1178
1105 // Now try again the broken one to make sure it is still broken. 1179 // Now try again the broken one to make sure it is still broken.
1106 ui_test_utils::NavigateToURL(browser(), 1180 ui_test_utils::NavigateToURL(browser(),
1107 https_server_mismatched_.GetURL("files/ssl/google.html")); 1181 https_server_mismatched_.GetURL("files/ssl/google.html"));
1108 1182
1109 // Since we OKed the interstitial last time, we get right to the page. 1183 // Since we OKed the interstitial last time, we get right to the page.
1110 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_COMMON_NAME_INVALID, 1184 CheckAuthenticationBrokenState(
1111 false, false); // No interstitial showing. 1185 tab, net::CERT_STATUS_COMMON_NAME_INVALID, AuthState::NONE);
1112 } 1186 }
1113 1187
1114 #if defined(OS_CHROMEOS) 1188 #if defined(OS_CHROMEOS)
1115 // This test seems to be flaky and hang on chromiumos. 1189 // This test seems to be flaky and hang on chromiumos.
1116 // http://crbug.com/84419 1190 // http://crbug.com/84419
1117 #define MAYBE_TestRefNavigation DISABLED_TestRefNavigation 1191 #define MAYBE_TestRefNavigation DISABLED_TestRefNavigation
1118 #else 1192 #else
1119 #define MAYBE_TestRefNavigation TestRefNavigation 1193 #define MAYBE_TestRefNavigation TestRefNavigation
1120 #endif 1194 #endif
1121 1195
1122 // Test that navigating to a #ref does not change a bad security state. 1196 // Test that navigating to a #ref does not change a bad security state.
1123 IN_PROC_BROWSER_TEST_F(SSLUITest, TestRefNavigation) { 1197 IN_PROC_BROWSER_TEST_F(SSLUITest, TestRefNavigation) {
1124 ASSERT_TRUE(https_server_expired_.Start()); 1198 ASSERT_TRUE(https_server_expired_.Start());
1125 1199
1126 ui_test_utils::NavigateToURL(browser(), 1200 ui_test_utils::NavigateToURL(browser(),
1127 https_server_expired_.GetURL("files/ssl/page_with_refs.html")); 1201 https_server_expired_.GetURL("files/ssl/page_with_refs.html"));
1128 1202
1129 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); 1203 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
1130 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, 1204 CheckAuthenticationBrokenState(
1131 true); // Interstitial showing. 1205 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
1132 1206
1133 ProceedThroughInterstitial(tab); 1207 ProceedThroughInterstitial(tab);
1134 1208
1135 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, 1209 CheckAuthenticationBrokenState(
1136 false); // No interstitial showing. 1210 tab, net::CERT_STATUS_DATE_INVALID, AuthState::NONE);
1137
1138 // Now navigate to a ref in the page, the security state should not have 1211 // Now navigate to a ref in the page, the security state should not have
1139 // changed. 1212 // changed.
1140 ui_test_utils::NavigateToURL(browser(), 1213 ui_test_utils::NavigateToURL(browser(),
1141 https_server_expired_.GetURL("files/ssl/page_with_refs.html#jp")); 1214 https_server_expired_.GetURL("files/ssl/page_with_refs.html#jp"));
1142 1215
1143 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, 1216 CheckAuthenticationBrokenState(
1144 false); // No interstitial showing. 1217 tab, net::CERT_STATUS_DATE_INVALID, AuthState::NONE);
1145 } 1218 }
1146 1219
1147 // Tests that closing a page that has a unsafe pop-up does not crash the 1220 // Tests that closing a page that has a unsafe pop-up does not crash the
1148 // browser (bug #1966). 1221 // browser (bug #1966).
1149 // TODO(jcampan): http://crbug.com/2136 disabled because the popup is not 1222 // TODO(jcampan): http://crbug.com/2136 disabled because the popup is not
1150 // opened as it is not initiated by a user gesture. 1223 // opened as it is not initiated by a user gesture.
1151 IN_PROC_BROWSER_TEST_F(SSLUITest, DISABLED_TestCloseTabWithUnsafePopup) { 1224 IN_PROC_BROWSER_TEST_F(SSLUITest, DISABLED_TestCloseTabWithUnsafePopup) {
1152 ASSERT_TRUE(test_server()->Start()); 1225 ASSERT_TRUE(test_server()->Start());
1153 ASSERT_TRUE(https_server_expired_.Start()); 1226 ASSERT_TRUE(https_server_expired_.Start());
1154 1227
(...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after
1193 ASSERT_TRUE(https_server_.Start()); 1266 ASSERT_TRUE(https_server_.Start());
1194 ASSERT_TRUE(https_server_expired_.Start()); 1267 ASSERT_TRUE(https_server_expired_.Start());
1195 1268
1196 GURL url1 = https_server_expired_.GetURL("server-redirect?"); 1269 GURL url1 = https_server_expired_.GetURL("server-redirect?");
1197 GURL url2 = https_server_.GetURL("files/ssl/google.html"); 1270 GURL url2 = https_server_.GetURL("files/ssl/google.html");
1198 1271
1199 ui_test_utils::NavigateToURL(browser(), GURL(url1.spec() + url2.spec())); 1272 ui_test_utils::NavigateToURL(browser(), GURL(url1.spec() + url2.spec()));
1200 1273
1201 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); 1274 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
1202 1275
1203 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, 1276 CheckAuthenticationBrokenState(
1204 true); // Interstitial showing. 1277 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
1205 1278
1206 ProceedThroughInterstitial(tab); 1279 ProceedThroughInterstitial(tab);
1207 1280
1208 // We have been redirected to the good page. 1281 // We have been redirected to the good page.
1209 CheckAuthenticatedState(tab, false); 1282 CheckAuthenticatedState(tab, AuthState::NONE);
1210 } 1283 }
1211 1284
1212 // Visit a page over good https that is a redirect to a page with bad https. 1285 // Visit a page over good https that is a redirect to a page with bad https.
1213 IN_PROC_BROWSER_TEST_F(SSLUITest, TestRedirectGoodToBadHTTPS) { 1286 IN_PROC_BROWSER_TEST_F(SSLUITest, TestRedirectGoodToBadHTTPS) {
1214 ASSERT_TRUE(https_server_.Start()); 1287 ASSERT_TRUE(https_server_.Start());
1215 ASSERT_TRUE(https_server_expired_.Start()); 1288 ASSERT_TRUE(https_server_expired_.Start());
1216 1289
1217 GURL url1 = https_server_.GetURL("server-redirect?"); 1290 GURL url1 = https_server_.GetURL("server-redirect?");
1218 GURL url2 = https_server_expired_.GetURL("files/ssl/google.html"); 1291 GURL url2 = https_server_expired_.GetURL("files/ssl/google.html");
1219 ui_test_utils::NavigateToURL(browser(), GURL(url1.spec() + url2.spec())); 1292 ui_test_utils::NavigateToURL(browser(), GURL(url1.spec() + url2.spec()));
1220 1293
1221 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); 1294 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
1222 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, 1295 CheckAuthenticationBrokenState(
1223 true); // Interstitial showing. 1296 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
1224 1297
1225 ProceedThroughInterstitial(tab); 1298 ProceedThroughInterstitial(tab);
1226 1299
1227 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, 1300 CheckAuthenticationBrokenState(
1228 false); // No interstitial showing. 1301 tab, net::CERT_STATUS_DATE_INVALID, AuthState::NONE);
1229 } 1302 }
1230 1303
1231 // Visit a page over http that is a redirect to a page with good HTTPS. 1304 // Visit a page over http that is a redirect to a page with good HTTPS.
1232 IN_PROC_BROWSER_TEST_F(SSLUITest, TestRedirectHTTPToGoodHTTPS) { 1305 IN_PROC_BROWSER_TEST_F(SSLUITest, TestRedirectHTTPToGoodHTTPS) {
1233 ASSERT_TRUE(test_server()->Start()); 1306 ASSERT_TRUE(test_server()->Start());
1234 ASSERT_TRUE(https_server_.Start()); 1307 ASSERT_TRUE(https_server_.Start());
1235 1308
1236 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); 1309 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
1237 1310
1238 // HTTP redirects to good HTTPS. 1311 // HTTP redirects to good HTTPS.
1239 GURL http_url = test_server()->GetURL("server-redirect?"); 1312 GURL http_url = test_server()->GetURL("server-redirect?");
1240 GURL good_https_url = 1313 GURL good_https_url =
1241 https_server_.GetURL("files/ssl/google.html"); 1314 https_server_.GetURL("files/ssl/google.html");
1242 1315
1243 ui_test_utils::NavigateToURL(browser(), 1316 ui_test_utils::NavigateToURL(browser(),
1244 GURL(http_url.spec() + good_https_url.spec())); 1317 GURL(http_url.spec() + good_https_url.spec()));
1245 CheckAuthenticatedState(tab, false); 1318 CheckAuthenticatedState(tab, AuthState::NONE);
1246 } 1319 }
1247 1320
1248 // Visit a page over http that is a redirect to a page with bad HTTPS. 1321 // Visit a page over http that is a redirect to a page with bad HTTPS.
1249 IN_PROC_BROWSER_TEST_F(SSLUITest, TestRedirectHTTPToBadHTTPS) { 1322 IN_PROC_BROWSER_TEST_F(SSLUITest, TestRedirectHTTPToBadHTTPS) {
1250 ASSERT_TRUE(test_server()->Start()); 1323 ASSERT_TRUE(test_server()->Start());
1251 ASSERT_TRUE(https_server_expired_.Start()); 1324 ASSERT_TRUE(https_server_expired_.Start());
1252 1325
1253 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); 1326 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
1254 1327
1255 GURL http_url = test_server()->GetURL("server-redirect?"); 1328 GURL http_url = test_server()->GetURL("server-redirect?");
1256 GURL bad_https_url = 1329 GURL bad_https_url =
1257 https_server_expired_.GetURL("files/ssl/google.html"); 1330 https_server_expired_.GetURL("files/ssl/google.html");
1258 ui_test_utils::NavigateToURL(browser(), 1331 ui_test_utils::NavigateToURL(browser(),
1259 GURL(http_url.spec() + bad_https_url.spec())); 1332 GURL(http_url.spec() + bad_https_url.spec()));
1260 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, 1333 CheckAuthenticationBrokenState(
1261 true); // Interstitial showing. 1334 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
1262 1335
1263 ProceedThroughInterstitial(tab); 1336 ProceedThroughInterstitial(tab);
1264 1337
1265 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, 1338 CheckAuthenticationBrokenState(
1266 false); // No interstitial showing. 1339 tab, net::CERT_STATUS_DATE_INVALID, AuthState::NONE);
1267 } 1340 }
1268 1341
1269 // Visit a page over https that is a redirect to a page with http (to make sure 1342 // Visit a page over https that is a redirect to a page with http (to make sure
1270 // we don't keep the secure state). 1343 // we don't keep the secure state).
1271 IN_PROC_BROWSER_TEST_F(SSLUITest, TestRedirectHTTPSToHTTP) { 1344 IN_PROC_BROWSER_TEST_F(SSLUITest, TestRedirectHTTPSToHTTP) {
1272 ASSERT_TRUE(test_server()->Start()); 1345 ASSERT_TRUE(test_server()->Start());
1273 ASSERT_TRUE(https_server_.Start()); 1346 ASSERT_TRUE(https_server_.Start());
1274 1347
1275 GURL https_url = https_server_.GetURL("server-redirect?"); 1348 GURL https_url = https_server_.GetURL("server-redirect?");
1276 GURL http_url = test_server()->GetURL("files/ssl/google.html"); 1349 GURL http_url = test_server()->GetURL("files/ssl/google.html");
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after
1311 std::string top_frame_path; 1384 std::string top_frame_path;
1312 ASSERT_TRUE(GetTopFramePath(*test_server(), 1385 ASSERT_TRUE(GetTopFramePath(*test_server(),
1313 https_server_, 1386 https_server_,
1314 https_server_expired_, 1387 https_server_expired_,
1315 &top_frame_path)); 1388 &top_frame_path));
1316 1389
1317 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); 1390 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
1318 ui_test_utils::NavigateToURL(browser(), 1391 ui_test_utils::NavigateToURL(browser(),
1319 https_server_.GetURL(top_frame_path)); 1392 https_server_.GetURL(top_frame_path));
1320 1393
1321 CheckAuthenticatedState(tab, false); 1394 CheckAuthenticatedState(tab, AuthState::NONE);
1322 1395
1323 bool success = false; 1396 bool success = false;
1324 // Now navigate inside the frame. 1397 // Now navigate inside the frame.
1325 { 1398 {
1326 content::WindowedNotificationObserver observer( 1399 content::WindowedNotificationObserver observer(
1327 content::NOTIFICATION_LOAD_STOP, 1400 content::NOTIFICATION_LOAD_STOP,
1328 content::Source<NavigationController>(&tab->GetController())); 1401 content::Source<NavigationController>(&tab->GetController()));
1329 EXPECT_TRUE(content::ExecuteScriptAndExtractBool( 1402 EXPECT_TRUE(content::ExecuteScriptAndExtractBool(
1330 tab, 1403 tab,
1331 "window.domAutomationController.send(clickLink('goodHTTPSLink'));", 1404 "window.domAutomationController.send(clickLink('goodHTTPSLink'));",
1332 &success)); 1405 &success));
1333 ASSERT_TRUE(success); 1406 ASSERT_TRUE(success);
1334 observer.Wait(); 1407 observer.Wait();
1335 } 1408 }
1336 1409
1337 // We should still be fine. 1410 // We should still be fine.
1338 CheckAuthenticatedState(tab, false); 1411 CheckAuthenticatedState(tab, AuthState::NONE);
1339 1412
1340 // Now let's hit a bad page. 1413 // Now let's hit a bad page.
1341 { 1414 {
1342 content::WindowedNotificationObserver observer( 1415 content::WindowedNotificationObserver observer(
1343 content::NOTIFICATION_LOAD_STOP, 1416 content::NOTIFICATION_LOAD_STOP,
1344 content::Source<NavigationController>(&tab->GetController())); 1417 content::Source<NavigationController>(&tab->GetController()));
1345 EXPECT_TRUE(content::ExecuteScriptAndExtractBool( 1418 EXPECT_TRUE(content::ExecuteScriptAndExtractBool(
1346 tab, 1419 tab,
1347 "window.domAutomationController.send(clickLink('badHTTPSLink'));", 1420 "window.domAutomationController.send(clickLink('badHTTPSLink'));",
1348 &success)); 1421 &success));
1349 ASSERT_TRUE(success); 1422 ASSERT_TRUE(success);
1350 observer.Wait(); 1423 observer.Wait();
1351 } 1424 }
1352 1425
1353 // The security style should still be secure. 1426 // The security style should still be secure.
1354 CheckAuthenticatedState(tab, false); 1427 CheckAuthenticatedState(tab, AuthState::NONE);
1355 1428
1356 // And the frame should be blocked. 1429 // And the frame should be blocked.
1357 bool is_content_evil = true; 1430 bool is_content_evil = true;
1358 std::string content_frame_xpath("html/frameset/frame[2]"); 1431 std::string content_frame_xpath("html/frameset/frame[2]");
1359 std::string is_evil_js("window.domAutomationController.send(" 1432 std::string is_evil_js("window.domAutomationController.send("
1360 "document.getElementById('evilDiv') != null);"); 1433 "document.getElementById('evilDiv') != null);");
1361 EXPECT_TRUE(content::ExecuteScriptInFrameAndExtractBool( 1434 EXPECT_TRUE(content::ExecuteScriptInFrameAndExtractBool(
1362 tab, 1435 tab,
1363 content_frame_xpath, 1436 content_frame_xpath,
1364 is_evil_js, 1437 is_evil_js,
1365 &is_content_evil)); 1438 &is_content_evil));
1366 EXPECT_FALSE(is_content_evil); 1439 EXPECT_FALSE(is_content_evil);
1367 1440
1368 // Now go back, our state should still be OK. 1441 // Now go back, our state should still be OK.
1369 { 1442 {
1370 content::WindowedNotificationObserver observer( 1443 content::WindowedNotificationObserver observer(
1371 content::NOTIFICATION_LOAD_STOP, 1444 content::NOTIFICATION_LOAD_STOP,
1372 content::Source<NavigationController>(&tab->GetController())); 1445 content::Source<NavigationController>(&tab->GetController()));
1373 tab->GetController().GoBack(); 1446 tab->GetController().GoBack();
1374 observer.Wait(); 1447 observer.Wait();
1375 } 1448 }
1376 CheckAuthenticatedState(tab, false); 1449 CheckAuthenticatedState(tab, AuthState::NONE);
1377 1450
1378 // Navigate to a page served over HTTP. 1451 // Navigate to a page served over HTTP.
1379 { 1452 {
1380 content::WindowedNotificationObserver observer( 1453 content::WindowedNotificationObserver observer(
1381 content::NOTIFICATION_LOAD_STOP, 1454 content::NOTIFICATION_LOAD_STOP,
1382 content::Source<NavigationController>(&tab->GetController())); 1455 content::Source<NavigationController>(&tab->GetController()));
1383 EXPECT_TRUE(content::ExecuteScriptAndExtractBool( 1456 EXPECT_TRUE(content::ExecuteScriptAndExtractBool(
1384 tab, 1457 tab,
1385 "window.domAutomationController.send(clickLink('HTTPLink'));", 1458 "window.domAutomationController.send(clickLink('HTTPLink'));",
1386 &success)); 1459 &success));
1387 ASSERT_TRUE(success); 1460 ASSERT_TRUE(success);
1388 observer.Wait(); 1461 observer.Wait();
1389 } 1462 }
1390 1463
1391 // Our state should be unathenticated (in the ran mixed script sense) 1464 // Our state should be unathenticated (in the ran mixed script sense)
1392 CheckBrokenAuthenticatedState(tab); 1465 CheckAuthenticationBrokenState(
1466 tab,
1467 CertError::NONE,
1468 AuthState::DISPLAYED_INSECURE_CONTENT | AuthState::RAN_INSECURE_CONTENT);
1393 1469
1394 // Go back, our state should be unchanged. 1470 // Go back, our state should be unchanged.
1395 { 1471 {
1396 content::WindowedNotificationObserver observer( 1472 content::WindowedNotificationObserver observer(
1397 content::NOTIFICATION_LOAD_STOP, 1473 content::NOTIFICATION_LOAD_STOP,
1398 content::Source<NavigationController>(&tab->GetController())); 1474 content::Source<NavigationController>(&tab->GetController()));
1399 tab->GetController().GoBack(); 1475 tab->GetController().GoBack();
1400 observer.Wait(); 1476 observer.Wait();
1401 } 1477 }
1402 1478
1403 CheckBrokenAuthenticatedState(tab); 1479 CheckAuthenticationBrokenState(
1480 tab,
1481 CertError::NONE,
1482 AuthState::DISPLAYED_INSECURE_CONTENT | AuthState::RAN_INSECURE_CONTENT);
1404 } 1483 }
1405 1484
1406 // From a bad HTTPS top frame: 1485 // From a bad HTTPS top frame:
1407 // - navigate to an OK HTTPS frame (expected to be still authentication broken). 1486 // - navigate to an OK HTTPS frame (expected to be still authentication broken).
1408 IN_PROC_BROWSER_TEST_F(SSLUITest, TestBadFrameNavigation) { 1487 IN_PROC_BROWSER_TEST_F(SSLUITest, TestBadFrameNavigation) {
1409 ASSERT_TRUE(https_server_.Start()); 1488 ASSERT_TRUE(https_server_.Start());
1410 ASSERT_TRUE(https_server_expired_.Start()); 1489 ASSERT_TRUE(https_server_expired_.Start());
1411 1490
1412 std::string top_frame_path; 1491 std::string top_frame_path;
1413 ASSERT_TRUE(GetTopFramePath(*test_server(), 1492 ASSERT_TRUE(GetTopFramePath(*test_server(),
1414 https_server_, 1493 https_server_,
1415 https_server_expired_, 1494 https_server_expired_,
1416 &top_frame_path)); 1495 &top_frame_path));
1417 1496
1418 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); 1497 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
1419 ui_test_utils::NavigateToURL(browser(), 1498 ui_test_utils::NavigateToURL(browser(),
1420 https_server_expired_.GetURL(top_frame_path)); 1499 https_server_expired_.GetURL(top_frame_path));
1421 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, 1500 CheckAuthenticationBrokenState(
1422 true); // Interstitial showing 1501 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
1423 1502
1424 ProceedThroughInterstitial(tab); 1503 ProceedThroughInterstitial(tab);
1425 1504
1426 // Navigate to a good frame. 1505 // Navigate to a good frame.
1427 bool success = false; 1506 bool success = false;
1428 content::WindowedNotificationObserver observer( 1507 content::WindowedNotificationObserver observer(
1429 content::NOTIFICATION_LOAD_STOP, 1508 content::NOTIFICATION_LOAD_STOP,
1430 content::Source<NavigationController>(&tab->GetController())); 1509 content::Source<NavigationController>(&tab->GetController()));
1431 EXPECT_TRUE(content::ExecuteScriptAndExtractBool( 1510 EXPECT_TRUE(content::ExecuteScriptAndExtractBool(
1432 tab, 1511 tab,
1433 "window.domAutomationController.send(clickLink('goodHTTPSLink'));", 1512 "window.domAutomationController.send(clickLink('goodHTTPSLink'));",
1434 &success)); 1513 &success));
1435 ASSERT_TRUE(success); 1514 ASSERT_TRUE(success);
1436 observer.Wait(); 1515 observer.Wait();
1437 1516
1438 // We should still be authentication broken. 1517 // We should still be authentication broken.
1439 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, 1518 CheckAuthenticationBrokenState(
1440 false); 1519 tab, net::CERT_STATUS_DATE_INVALID, AuthState::NONE);
1441 } 1520 }
1442 1521
1443 // From an HTTP top frame, navigate to good and bad HTTPS (security state should 1522 // From an HTTP top frame, navigate to good and bad HTTPS (security state should
1444 // stay unauthenticated). 1523 // stay unauthenticated).
1445 // Disabled, flakily exceeds test timeout, http://crbug.com/43437. 1524 // Disabled, flakily exceeds test timeout, http://crbug.com/43437.
1446 IN_PROC_BROWSER_TEST_F(SSLUITest, DISABLED_TestUnauthenticatedFrameNavigation) { 1525 IN_PROC_BROWSER_TEST_F(SSLUITest, DISABLED_TestUnauthenticatedFrameNavigation) {
1447 ASSERT_TRUE(test_server()->Start()); 1526 ASSERT_TRUE(test_server()->Start());
1448 ASSERT_TRUE(https_server_.Start()); 1527 ASSERT_TRUE(https_server_.Start());
1449 ASSERT_TRUE(https_server_expired_.Start()); 1528 ASSERT_TRUE(https_server_expired_.Start());
1450 1529
(...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after
1514 // BadCertServer. 1593 // BadCertServer.
1515 std::string page_with_unsafe_worker_path; 1594 std::string page_with_unsafe_worker_path;
1516 ASSERT_TRUE(GetPageWithUnsafeWorkerPath(https_server_expired_, 1595 ASSERT_TRUE(GetPageWithUnsafeWorkerPath(https_server_expired_,
1517 &page_with_unsafe_worker_path)); 1596 &page_with_unsafe_worker_path));
1518 ui_test_utils::NavigateToURL(browser(), https_server_.GetURL( 1597 ui_test_utils::NavigateToURL(browser(), https_server_.GetURL(
1519 page_with_unsafe_worker_path)); 1598 page_with_unsafe_worker_path));
1520 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); 1599 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
1521 // Expect Worker not to load insecure content. 1600 // Expect Worker not to load insecure content.
1522 CheckWorkerLoadResult(tab, false); 1601 CheckWorkerLoadResult(tab, false);
1523 // The bad content is filtered, expect the state to be authenticated. 1602 // The bad content is filtered, expect the state to be authenticated.
1524 CheckAuthenticatedState(tab, false); 1603 CheckAuthenticatedState(tab, AuthState::NONE);
1525 } 1604 }
1526 1605
1527 IN_PROC_BROWSER_TEST_F(SSLUITest, TestUnsafeContentsInWorker) { 1606 IN_PROC_BROWSER_TEST_F(SSLUITest, TestUnsafeContentsInWorker) {
1528 ASSERT_TRUE(https_server_.Start()); 1607 ASSERT_TRUE(https_server_.Start());
1529 ASSERT_TRUE(https_server_expired_.Start()); 1608 ASSERT_TRUE(https_server_expired_.Start());
1530 1609
1531 // Navigate to an unsafe site. Proceed with interstitial page to indicate 1610 // Navigate to an unsafe site. Proceed with interstitial page to indicate
1532 // the user approves the bad certificate. 1611 // the user approves the bad certificate.
1533 ui_test_utils::NavigateToURL(browser(), 1612 ui_test_utils::NavigateToURL(browser(),
1534 https_server_expired_.GetURL("files/ssl/blank_page.html")); 1613 https_server_expired_.GetURL("files/ssl/blank_page.html"));
1535 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); 1614 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
1536 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, 1615 CheckAuthenticationBrokenState(
1537 true); // Interstitial showing 1616 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
1538 ProceedThroughInterstitial(tab); 1617 ProceedThroughInterstitial(tab);
1539 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, 1618 CheckAuthenticationBrokenState(
1540 false); // No Interstitial 1619 tab, net::CERT_STATUS_DATE_INVALID, AuthState::NONE);
1541 1620
1542 // Navigate to safe page that has Worker loading unsafe content. 1621 // Navigate to safe page that has Worker loading unsafe content.
1543 // Expect content to load but be marked as auth broken due to running insecure 1622 // Expect content to load but be marked as auth broken due to running insecure
1544 // content. 1623 // content.
1545 std::string page_with_unsafe_worker_path; 1624 std::string page_with_unsafe_worker_path;
1546 ASSERT_TRUE(GetPageWithUnsafeWorkerPath(https_server_expired_, 1625 ASSERT_TRUE(GetPageWithUnsafeWorkerPath(https_server_expired_,
1547 &page_with_unsafe_worker_path)); 1626 &page_with_unsafe_worker_path));
1548 ui_test_utils::NavigateToURL(browser(), https_server_.GetURL( 1627 ui_test_utils::NavigateToURL(browser(), https_server_.GetURL(
1549 page_with_unsafe_worker_path)); 1628 page_with_unsafe_worker_path));
1550 CheckWorkerLoadResult(tab, true); // Worker loads insecure content 1629 CheckWorkerLoadResult(tab, true); // Worker loads insecure content
1551 CheckAuthenticationBrokenState(tab, 0, true, false); 1630 CheckAuthenticationBrokenState(
1631 tab, CertError::NONE, AuthState::RAN_INSECURE_CONTENT);
1552 } 1632 }
1553 1633
1554 // Test that when the browser blocks displaying insecure content (images), the 1634 // Test that when the browser blocks displaying insecure content (images), the
1555 // indicator shows a secure page, because the blocking made the otherwise 1635 // indicator shows a secure page, because the blocking made the otherwise
1556 // unsafe page safe (the notification of this state is handled by other means). 1636 // unsafe page safe (the notification of this state is handled by other means).
1557 IN_PROC_BROWSER_TEST_F(SSLUITestBlock, TestBlockDisplayingInsecureImage) { 1637 IN_PROC_BROWSER_TEST_F(SSLUITestBlock, TestBlockDisplayingInsecureImage) {
1558 ASSERT_TRUE(test_server()->Start()); 1638 ASSERT_TRUE(test_server()->Start());
1559 ASSERT_TRUE(https_server_.Start()); 1639 ASSERT_TRUE(https_server_.Start());
1560 1640
1561 std::string replacement_path; 1641 std::string replacement_path;
1562 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement( 1642 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement(
1563 "files/ssl/page_displays_insecure_content.html", 1643 "files/ssl/page_displays_insecure_content.html",
1564 test_server()->host_port_pair(), 1644 test_server()->host_port_pair(),
1565 &replacement_path)); 1645 &replacement_path));
1566 1646
1567 ui_test_utils::NavigateToURL(browser(), 1647 ui_test_utils::NavigateToURL(browser(),
1568 https_server_.GetURL(replacement_path)); 1648 https_server_.GetURL(replacement_path));
1569 1649
1570 CheckAuthenticatedState( 1650 CheckAuthenticatedState(browser()->tab_strip_model()->GetActiveWebContents(),
1571 browser()->tab_strip_model()->GetActiveWebContents(), false); 1651 AuthState::NONE);
1572 } 1652 }
1573 1653
1574 // Test that when the browser blocks displaying insecure content (iframes), the 1654 // Test that when the browser blocks displaying insecure content (iframes), the
1575 // indicator shows a secure page, because the blocking made the otherwise 1655 // indicator shows a secure page, because the blocking made the otherwise
1576 // unsafe page safe (the notification of this state is handled by other means) 1656 // unsafe page safe (the notification of this state is handled by other means)
1577 IN_PROC_BROWSER_TEST_F(SSLUITestBlock, TestBlockDisplayingInsecureIframe) { 1657 IN_PROC_BROWSER_TEST_F(SSLUITestBlock, TestBlockDisplayingInsecureIframe) {
1578 ASSERT_TRUE(test_server()->Start()); 1658 ASSERT_TRUE(test_server()->Start());
1579 ASSERT_TRUE(https_server_.Start()); 1659 ASSERT_TRUE(https_server_.Start());
1580 1660
1581 std::string replacement_path; 1661 std::string replacement_path;
1582 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement( 1662 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement(
1583 "files/ssl/page_displays_insecure_iframe.html", 1663 "files/ssl/page_displays_insecure_iframe.html",
1584 test_server()->host_port_pair(), 1664 test_server()->host_port_pair(),
1585 &replacement_path)); 1665 &replacement_path));
1586 1666
1587 ui_test_utils::NavigateToURL(browser(), 1667 ui_test_utils::NavigateToURL(browser(),
1588 https_server_.GetURL(replacement_path)); 1668 https_server_.GetURL(replacement_path));
1589 1669
1590 CheckAuthenticatedState( 1670 CheckAuthenticatedState(browser()->tab_strip_model()->GetActiveWebContents(),
1591 browser()->tab_strip_model()->GetActiveWebContents(), false); 1671 AuthState::NONE);
1592 } 1672 }
1593 1673
1594
1595 // Test that when the browser blocks running insecure content, the 1674 // Test that when the browser blocks running insecure content, the
1596 // indicator shows a secure page, because the blocking made the otherwise 1675 // indicator shows a secure page, because the blocking made the otherwise
1597 // unsafe page safe (the notification of this state is handled by other means). 1676 // unsafe page safe (the notification of this state is handled by other means).
1598 IN_PROC_BROWSER_TEST_F(SSLUITestBlock, TestBlockRunningInsecureContent) { 1677 IN_PROC_BROWSER_TEST_F(SSLUITestBlock, TestBlockRunningInsecureContent) {
1599 ASSERT_TRUE(test_server()->Start()); 1678 ASSERT_TRUE(test_server()->Start());
1600 ASSERT_TRUE(https_server_.Start()); 1679 ASSERT_TRUE(https_server_.Start());
1601 1680
1602 std::string replacement_path; 1681 std::string replacement_path;
1603 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement( 1682 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement(
1604 "files/ssl/page_runs_insecure_content.html", 1683 "files/ssl/page_runs_insecure_content.html",
1605 test_server()->host_port_pair(), 1684 test_server()->host_port_pair(),
1606 &replacement_path)); 1685 &replacement_path));
1607 1686
1608 ui_test_utils::NavigateToURL(browser(), 1687 ui_test_utils::NavigateToURL(browser(),
1609 https_server_.GetURL(replacement_path)); 1688 https_server_.GetURL(replacement_path));
1610 1689
1611 CheckAuthenticatedState( 1690 CheckAuthenticatedState(browser()->tab_strip_model()->GetActiveWebContents(),
1612 browser()->tab_strip_model()->GetActiveWebContents(), false); 1691 AuthState::NONE);
1613 } 1692 }
1614 1693
1615 // Visit a page and establish a WebSocket connection over bad https with 1694 // Visit a page and establish a WebSocket connection over bad https with
1616 // --ignore-certificate-errors. The connection should be established without 1695 // --ignore-certificate-errors. The connection should be established without
1617 // interstitial page showing. 1696 // interstitial page showing.
1618 IN_PROC_BROWSER_TEST_F(SSLUITestIgnoreCertErrors, TestWSS) { 1697 IN_PROC_BROWSER_TEST_F(SSLUITestIgnoreCertErrors, TestWSS) {
1619 ASSERT_TRUE(test_server()->Start()); 1698 ASSERT_TRUE(test_server()->Start());
1620 ASSERT_TRUE(wss_server_expired_.Start()); 1699 ASSERT_TRUE(wss_server_expired_.Start());
1621 1700
1622 // Setup page title observer. 1701 // Setup page title observer.
(...skipping 21 matching lines...) Expand all
1644 // Verifies that if JavaScript is disabled interstitials aren't affected. 1723 // Verifies that if JavaScript is disabled interstitials aren't affected.
1645 // http://crbug.com/322948 1724 // http://crbug.com/322948
1646 IN_PROC_BROWSER_TEST_F(SSLUITest, InterstitialNotAffectedByContentSettings) { 1725 IN_PROC_BROWSER_TEST_F(SSLUITest, InterstitialNotAffectedByContentSettings) {
1647 browser()->profile()->GetHostContentSettingsMap()->SetDefaultContentSetting( 1726 browser()->profile()->GetHostContentSettingsMap()->SetDefaultContentSetting(
1648 CONTENT_SETTINGS_TYPE_JAVASCRIPT, CONTENT_SETTING_BLOCK); 1727 CONTENT_SETTINGS_TYPE_JAVASCRIPT, CONTENT_SETTING_BLOCK);
1649 1728
1650 ASSERT_TRUE(https_server_expired_.Start()); 1729 ASSERT_TRUE(https_server_expired_.Start());
1651 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); 1730 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
1652 ui_test_utils::NavigateToURL(browser(), 1731 ui_test_utils::NavigateToURL(browser(),
1653 https_server_expired_.GetURL("files/ssl/google.html")); 1732 https_server_expired_.GetURL("files/ssl/google.html"));
1654 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, 1733 CheckAuthenticationBrokenState(
1655 true); // Interstitial showing 1734 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
1656 1735
1657 InterstitialPage* interstitial_page = tab->GetInterstitialPage(); 1736 InterstitialPage* interstitial_page = tab->GetInterstitialPage();
1658 content::RenderViewHost* interstitial_rvh = 1737 content::RenderViewHost* interstitial_rvh =
1659 interstitial_page->GetRenderViewHostForTesting(); 1738 interstitial_page->GetRenderViewHostForTesting();
1660 bool result = false; 1739 bool result = false;
1661 ASSERT_TRUE(content::ExecuteScriptAndExtractBool( 1740 ASSERT_TRUE(content::ExecuteScriptAndExtractBool(
1662 interstitial_rvh, 1741 interstitial_rvh,
1663 "window.domAutomationController.send(true);", 1742 "window.domAutomationController.send(true);",
1664 &result)); 1743 &result));
1665 // The above will hang without the fix. 1744 // The above will hang without the fix.
1666 ASSERT_TRUE(result); 1745 ASSERT_TRUE(result);
1667 } 1746 }
1668 1747
1669 // TODO(jcampan): more tests to do below. 1748 // TODO(jcampan): more tests to do below.
1670 1749
1671 // Visit a page over https that contains a frame with a redirect. 1750 // Visit a page over https that contains a frame with a redirect.
1672 1751
1673 // XMLHttpRequest insecure content in synchronous mode. 1752 // XMLHttpRequest insecure content in synchronous mode.
1674 1753
1675 // XMLHttpRequest insecure content in asynchronous mode. 1754 // XMLHttpRequest insecure content in asynchronous mode.
1676 1755
1677 // XMLHttpRequest over bad ssl in synchronous mode. 1756 // XMLHttpRequest over bad ssl in synchronous mode.
1678 1757
1679 // XMLHttpRequest over OK ssl in synchronous mode. 1758 // XMLHttpRequest over OK ssl in synchronous mode.
OLDNEW
« no previous file with comments | « no previous file | content/browser/ssl/ssl_policy.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698