| Index: chrome/browser/ssl/ssl_browser_tests.cc
|
| diff --git a/chrome/browser/ssl/ssl_browser_tests.cc b/chrome/browser/ssl/ssl_browser_tests.cc
|
| index bcf8cf123c4db3449f87c32ae54814fd4562e198..9ef5fd9e7de9e6f8708fe3e2e202b6a747bd4b84 100644
|
| --- a/chrome/browser/ssl/ssl_browser_tests.cc
|
| +++ b/chrome/browser/ssl/ssl_browser_tests.cc
|
| @@ -92,6 +92,76 @@ class ProvisionalLoadWaiter : public content::WebContentsObserver {
|
| bool seen_;
|
| };
|
|
|
| +namespace AuthState {
|
| +
|
| +enum AuthStateFlags {
|
| + NONE = 0,
|
| + DISPLAYED_INSECURE_CONTENT = 1 << 0,
|
| + RAN_INSECURE_CONTENT = 1 << 1,
|
| + SHOWING_INTERSTITIAL = 1 << 2
|
| +};
|
| +
|
| +void Check(const NavigationEntry& entry, int expected_authentication_state) {
|
| + EXPECT_EQ(!!(expected_authentication_state & AuthState::SHOWING_INTERSTITIAL)
|
| + ? content::PAGE_TYPE_INTERSTITIAL
|
| + : content::PAGE_TYPE_NORMAL,
|
| + entry.GetPageType());
|
| +
|
| + bool displayed_insecure_content =
|
| + !!(entry.GetSSL().content_status & SSLStatus::DISPLAYED_INSECURE_CONTENT);
|
| + EXPECT_EQ(
|
| + !!(expected_authentication_state & AuthState::DISPLAYED_INSECURE_CONTENT),
|
| + displayed_insecure_content);
|
| +
|
| + bool ran_insecure_content =
|
| + !!(entry.GetSSL().content_status & SSLStatus::RAN_INSECURE_CONTENT);
|
| + EXPECT_EQ(!!(expected_authentication_state & AuthState::RAN_INSECURE_CONTENT),
|
| + ran_insecure_content);
|
| +}
|
| +
|
| +} // namespace AuthState
|
| +
|
| +namespace SecurityStyle {
|
| +
|
| +void Check(const NavigationEntry& entry,
|
| + content::SecurityStyle expected_security_style) {
|
| + EXPECT_EQ(expected_security_style, entry.GetSSL().security_style);
|
| +}
|
| +
|
| +} // namespace SecurityStyle
|
| +
|
| +namespace CertError {
|
| +
|
| +enum CertErrorFlags {
|
| + NONE = 0
|
| +};
|
| +
|
| +void Check(const NavigationEntry& entry, net::CertStatus error) {
|
| + if (error) {
|
| + EXPECT_EQ(error, entry.GetSSL().cert_status & error);
|
| + net::CertStatus extra_cert_errors =
|
| + error ^ (entry.GetSSL().cert_status & net::CERT_STATUS_ALL_ERRORS);
|
| + if (extra_cert_errors)
|
| + LOG(WARNING) << "Got unexpected cert error: " << extra_cert_errors;
|
| + } else {
|
| + EXPECT_EQ(0U, entry.GetSSL().cert_status & net::CERT_STATUS_ALL_ERRORS);
|
| + }
|
| +}
|
| +
|
| +} // namespace CertError
|
| +
|
| +void CheckSecurityState(WebContents* tab,
|
| + net::CertStatus error,
|
| + content::SecurityStyle expected_security_style,
|
| + int expected_authentication_state) {
|
| + ASSERT_FALSE(tab->IsCrashed());
|
| + NavigationEntry* entry = tab->GetController().GetActiveEntry();
|
| + ASSERT_TRUE(entry);
|
| + CertError::Check(*entry, error);
|
| + SecurityStyle::Check(*entry, expected_security_style);
|
| + AuthState::Check(*entry, expected_authentication_state);
|
| +}
|
| +
|
| } // namespace
|
|
|
| class SSLUITest : public InProcessBrowserTest {
|
| @@ -118,62 +188,31 @@ class SSLUITest : public InProcessBrowserTest {
|
| command_line->AppendSwitch(switches::kProcessPerSite);
|
| }
|
|
|
| - void CheckState(WebContents* tab,
|
| - content::SecurityStyle expected_security_style,
|
| - bool expected_displayed_insecure_content,
|
| - bool expected_ran_insecure_content) {
|
| - ASSERT_FALSE(tab->IsCrashed());
|
| - NavigationEntry* entry = tab->GetController().GetActiveEntry();
|
| - ASSERT_TRUE(entry);
|
| - EXPECT_EQ(content::PAGE_TYPE_NORMAL, entry->GetPageType());
|
| - EXPECT_EQ(expected_security_style, entry->GetSSL().security_style);
|
| - EXPECT_EQ(0U, entry->GetSSL().cert_status & net::CERT_STATUS_ALL_ERRORS);
|
| - bool displayed_insecure_content =
|
| - entry->GetSSL().content_status & SSLStatus::DISPLAYED_INSECURE_CONTENT;
|
| - EXPECT_EQ(expected_displayed_insecure_content, displayed_insecure_content);
|
| - bool ran_insecure_content =
|
| - entry->GetSSL().content_status & SSLStatus::RAN_INSECURE_CONTENT;
|
| - EXPECT_EQ(expected_ran_insecure_content, ran_insecure_content);
|
| - }
|
| -
|
| void CheckAuthenticatedState(WebContents* tab,
|
| - bool expected_displayed_insecure_content) {
|
| - CheckState(tab, content::SECURITY_STYLE_AUTHENTICATED,
|
| - expected_displayed_insecure_content, false);
|
| + int expected_authentication_state) {
|
| + CheckSecurityState(tab,
|
| + CertError::NONE,
|
| + content::SECURITY_STYLE_AUTHENTICATED,
|
| + expected_authentication_state);
|
| }
|
|
|
| void CheckUnauthenticatedState(WebContents* tab) {
|
| - CheckState(tab, content::SECURITY_STYLE_UNAUTHENTICATED, false, false);
|
| - }
|
| -
|
| - void CheckBrokenAuthenticatedState(WebContents* tab) {
|
| - CheckState(tab, content::SECURITY_STYLE_AUTHENTICATION_BROKEN, false, true);
|
| + CheckSecurityState(tab,
|
| + CertError::NONE,
|
| + content::SECURITY_STYLE_UNAUTHENTICATED,
|
| + AuthState::NONE);
|
| }
|
|
|
| void CheckAuthenticationBrokenState(WebContents* tab,
|
| net::CertStatus error,
|
| - bool ran_insecure_content,
|
| - bool interstitial) {
|
| - ASSERT_FALSE(tab->IsCrashed());
|
| - NavigationEntry* entry = tab->GetController().GetActiveEntry();
|
| - ASSERT_TRUE(entry);
|
| - EXPECT_EQ(interstitial ?
|
| - content::PAGE_TYPE_INTERSTITIAL : content::PAGE_TYPE_NORMAL,
|
| - entry->GetPageType());
|
| - EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATION_BROKEN,
|
| - entry->GetSSL().security_style);
|
| + int expected_authentication_state) {
|
| + CheckSecurityState(tab,
|
| + error,
|
| + content::SECURITY_STYLE_AUTHENTICATION_BROKEN,
|
| + expected_authentication_state);
|
| // CERT_STATUS_UNABLE_TO_CHECK_REVOCATION doesn't lower the security style
|
| // to SECURITY_STYLE_AUTHENTICATION_BROKEN.
|
| ASSERT_NE(net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION, error);
|
| - EXPECT_EQ(error, entry->GetSSL().cert_status & error);
|
| - EXPECT_FALSE(!!(entry->GetSSL().content_status &
|
| - SSLStatus::DISPLAYED_INSECURE_CONTENT));
|
| - EXPECT_EQ(ran_insecure_content,
|
| - !!(entry->GetSSL().content_status & SSLStatus::RAN_INSECURE_CONTENT));
|
| - net::CertStatus extra_cert_errors = error ^ (entry->GetSSL().cert_status &
|
| - net::CERT_STATUS_ALL_ERRORS);
|
| - if (extra_cert_errors)
|
| - LOG(WARNING) << "Got unexpected cert error: " << extra_cert_errors;
|
| }
|
|
|
| void CheckWorkerLoadResult(WebContents* tab, bool expected_load) {
|
| @@ -365,6 +404,30 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestHTTPWithBrokenHTTPSResource) {
|
| browser()->tab_strip_model()->GetActiveWebContents());
|
| }
|
|
|
| +IN_PROC_BROWSER_TEST_F(SSLUITest, TestBrokenHTTPSWithInsecureContent) {
|
| + ASSERT_TRUE(test_server()->Start());
|
| + ASSERT_TRUE(https_server_expired_.Start());
|
| +
|
| + std::string replacement_path;
|
| + ASSERT_TRUE(GetFilePathWithHostAndPortReplacement(
|
| + "files/ssl/page_displays_insecure_content.html",
|
| + test_server()->host_port_pair(),
|
| + &replacement_path));
|
| +
|
| + ui_test_utils::NavigateToURL(browser(),
|
| + https_server_expired_.GetURL(replacement_path));
|
| +
|
| + WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
|
| + CheckAuthenticationBrokenState(
|
| + tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
|
| +
|
| + ProceedThroughInterstitial(tab);
|
| +
|
| + CheckAuthenticationBrokenState(tab,
|
| + net::CERT_STATUS_DATE_INVALID,
|
| + AuthState::DISPLAYED_INSECURE_CONTENT);
|
| +}
|
| +
|
| // http://crbug.com/91745
|
| #if defined(OS_CHROMEOS)
|
| #define MAYBE_TestOKHTTPS DISABLED_TestOKHTTPS
|
| @@ -379,8 +442,8 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestOKHTTPS) {
|
| ui_test_utils::NavigateToURL(browser(),
|
| https_server_.GetURL("files/ssl/google.html"));
|
|
|
| - CheckAuthenticatedState(
|
| - browser()->tab_strip_model()->GetActiveWebContents(), false);
|
| + CheckAuthenticatedState(browser()->tab_strip_model()->GetActiveWebContents(),
|
| + AuthState::NONE);
|
| }
|
|
|
| // Visits a page with https error and proceed:
|
| @@ -391,13 +454,13 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestHTTPSExpiredCertAndProceed) {
|
| https_server_expired_.GetURL("files/ssl/google.html"));
|
|
|
| WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
|
| - CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false,
|
| - true); // Interstitial showing
|
| + CheckAuthenticationBrokenState(
|
| + tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
|
|
|
| ProceedThroughInterstitial(tab);
|
|
|
| - CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false,
|
| - false); // No interstitial showing
|
| + CheckAuthenticationBrokenState(
|
| + tab, net::CERT_STATUS_DATE_INVALID, AuthState::NONE);
|
| }
|
|
|
| #ifndef NEDBUG
|
| @@ -438,8 +501,9 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestHTTPSExpiredCertAndDontProceed) {
|
| ui_test_utils::NavigateToURL(browser(), cross_site_url);
|
|
|
| // An interstitial should be showing.
|
| - CheckAuthenticationBrokenState(tab, net::CERT_STATUS_COMMON_NAME_INVALID,
|
| - false, true);
|
| + CheckAuthenticationBrokenState(tab,
|
| + net::CERT_STATUS_COMMON_NAME_INVALID,
|
| + AuthState::SHOWING_INTERSTITIAL);
|
|
|
| // Simulate user clicking "Take me back".
|
| InterstitialPage* interstitial_page = tab->GetInterstitialPage();
|
| @@ -447,7 +511,7 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestHTTPSExpiredCertAndDontProceed) {
|
| interstitial_page->DontProceed();
|
|
|
| // We should be back to the original good page.
|
| - CheckAuthenticatedState(tab, false);
|
| + CheckAuthenticatedState(tab, AuthState::NONE);
|
|
|
| // Try to navigate to a new page. (to make sure bug 5800 is fixed).
|
| ui_test_utils::NavigateToURL(browser(),
|
| @@ -471,8 +535,8 @@ IN_PROC_BROWSER_TEST_F(SSLUITest,
|
| // Now go to a bad HTTPS page that shows an interstitial.
|
| ui_test_utils::NavigateToURL(browser(),
|
| https_server_expired_.GetURL("files/ssl/google.html"));
|
| - CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false,
|
| - true); // Interstitial showing
|
| + CheckAuthenticationBrokenState(
|
| + tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
|
|
|
| ProvisionalLoadWaiter load_failed_observer(tab);
|
|
|
| @@ -508,8 +572,8 @@ IN_PROC_BROWSER_TEST_F(SSLUITest,
|
| // Now go to a bad HTTPS page that shows an interstitial.
|
| ui_test_utils::NavigateToURL(browser(),
|
| https_server_expired_.GetURL("files/ssl/google.html"));
|
| - CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false,
|
| - true); // Interstitial showing
|
| + CheckAuthenticationBrokenState(
|
| + tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
|
|
|
| // Simulate user clicking and holding on back button (crbug.com/37215).
|
| tab->GetController().GoToOffset(-1);
|
| @@ -551,8 +615,8 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestHTTPSExpiredCertAndGoForward) {
|
| // Now go to a bad HTTPS page that shows an interstitial.
|
| ui_test_utils::NavigateToURL(browser(),
|
| https_server_expired_.GetURL("files/ssl/google.html"));
|
| - CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false,
|
| - true); // Interstitial showing
|
| + CheckAuthenticationBrokenState(
|
| + tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
|
|
|
| // Simulate user clicking and holding on forward button.
|
| {
|
| @@ -640,8 +704,8 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestWSSInvalidCertAndGoForward) {
|
| browser(),
|
| wss_server_expired_.GetURL(
|
| "connect_check.html").ReplaceComponents(replacements));
|
| - CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false,
|
| - true); // Interstitial showing
|
| + CheckAuthenticationBrokenState(
|
| + tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
|
|
|
| // Proceed anyway.
|
| ProceedThroughInterstitial(tab);
|
| @@ -713,7 +777,7 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, DISABLED_TestWSSClientCert) {
|
|
|
| // Visit a HTTPS page which requires client certs.
|
| ui_test_utils::NavigateToURL(browser(), url);
|
| - CheckAuthenticatedState(tab, false);
|
| + CheckAuthenticatedState(tab, AuthState::NONE);
|
|
|
| // Test page runs a WebSocket wss connection test. The result will be shown
|
| // as page title.
|
| @@ -836,8 +900,8 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestDisplaysInsecureContent) {
|
| ui_test_utils::NavigateToURL(browser(),
|
| https_server_.GetURL(replacement_path));
|
|
|
| - CheckAuthenticatedState(
|
| - browser()->tab_strip_model()->GetActiveWebContents(), true);
|
| + CheckAuthenticatedState(browser()->tab_strip_model()->GetActiveWebContents(),
|
| + AuthState::DISPLAYED_INSECURE_CONTENT);
|
| }
|
|
|
| // Visits a page that runs insecure content and tries to suppress the insecure
|
| @@ -852,7 +916,9 @@ IN_PROC_BROWSER_TEST_F(SSLUITest,
|
| "files/ssl/page_runs_insecure_content.html"));
|
|
|
| CheckAuthenticationBrokenState(
|
| - browser()->tab_strip_model()->GetActiveWebContents(), 0, true, false);
|
| + browser()->tab_strip_model()->GetActiveWebContents(),
|
| + CertError::NONE,
|
| + AuthState::DISPLAYED_INSECURE_CONTENT | AuthState::RAN_INSECURE_CONTENT);
|
| }
|
|
|
| // Visits a page with unsafe content and make sure that:
|
| @@ -873,7 +939,7 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestUnsafeContents) {
|
| WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
|
| // When the bad content is filtered, the state is expected to be
|
| // authenticated.
|
| - CheckAuthenticatedState(tab, false);
|
| + CheckAuthenticatedState(tab, AuthState::NONE);
|
|
|
| // Because of cross-frame scripting restrictions, we cannot access the iframe
|
| // content. So to know if the frame was loaded, we just check if a popup was
|
| @@ -915,7 +981,7 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestDisplaysInsecureContentLoadedFromJS) {
|
| replacement_path));
|
|
|
| WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
|
| - CheckAuthenticatedState(tab, false);
|
| + CheckAuthenticatedState(tab, AuthState::NONE);
|
|
|
| // Load the insecure image.
|
| bool js_result = false;
|
| @@ -926,7 +992,7 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestDisplaysInsecureContentLoadedFromJS) {
|
| EXPECT_TRUE(js_result);
|
|
|
| // We should now have insecure content.
|
| - CheckAuthenticatedState(tab, true);
|
| + CheckAuthenticatedState(tab, AuthState::DISPLAYED_INSECURE_CONTENT);
|
| }
|
|
|
| // Visits two pages from the same origin: one that displays insecure content and
|
| @@ -942,7 +1008,7 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestDisplaysInsecureContentTwoTabs) {
|
| WebContents* tab1 = browser()->tab_strip_model()->GetActiveWebContents();
|
|
|
| // This tab should be fine.
|
| - CheckAuthenticatedState(tab1, false);
|
| + CheckAuthenticatedState(tab1, AuthState::NONE);
|
|
|
| // Create a new tab.
|
| std::string replacement_path;
|
| @@ -964,10 +1030,10 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestDisplaysInsecureContentTwoTabs) {
|
| observer.Wait();
|
|
|
| // The new tab has insecure content.
|
| - CheckAuthenticatedState(tab2, true);
|
| + CheckAuthenticatedState(tab2, AuthState::DISPLAYED_INSECURE_CONTENT);
|
|
|
| // The original tab should not be contaminated.
|
| - CheckAuthenticatedState(tab1, false);
|
| + CheckAuthenticatedState(tab1, AuthState::NONE);
|
| }
|
|
|
| // Visits two pages from the same origin: one that runs insecure content and one
|
| @@ -983,7 +1049,7 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestRunsInsecureContentTwoTabs) {
|
| WebContents* tab1 = browser()->tab_strip_model()->GetActiveWebContents();
|
|
|
| // This tab should be fine.
|
| - CheckAuthenticatedState(tab1, false);
|
| + CheckAuthenticatedState(tab1, AuthState::NONE);
|
|
|
| std::string replacement_path;
|
| ASSERT_TRUE(GetFilePathWithHostAndPortReplacement(
|
| @@ -1009,11 +1075,15 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestRunsInsecureContentTwoTabs) {
|
| EXPECT_EQ(tab1->GetRenderProcessHost(), tab2->GetRenderProcessHost());
|
|
|
| // The new tab has insecure content.
|
| - CheckAuthenticationBrokenState(tab2, 0, true, false);
|
| + CheckAuthenticationBrokenState(
|
| + tab2,
|
| + CertError::NONE,
|
| + AuthState::DISPLAYED_INSECURE_CONTENT | AuthState::RAN_INSECURE_CONTENT);
|
|
|
| // Which means the origin for the first tab has also been contaminated with
|
| // insecure content.
|
| - CheckAuthenticationBrokenState(tab1, 0, true, false);
|
| + CheckAuthenticationBrokenState(
|
| + tab1, CertError::NONE, AuthState::RAN_INSECURE_CONTENT);
|
| }
|
|
|
| // Visits a page with an image over http. Visits another page over https
|
| @@ -1039,7 +1109,7 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestDisplaysCachedInsecureContent) {
|
| // content (even though the image comes from the WebCore memory cache).
|
| const GURL url_https = https_server_.GetURL(replacement_path);
|
| ui_test_utils::NavigateToURL(browser(), url_https);
|
| - CheckAuthenticatedState(tab, true);
|
| + CheckAuthenticatedState(tab, AuthState::DISPLAYED_INSECURE_CONTENT);
|
| }
|
|
|
| // http://crbug.com/84729
|
| @@ -1073,7 +1143,10 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestRunsCachedInsecureContent) {
|
| // content (even though the image comes from the WebCore memory cache).
|
| const GURL url_https = https_server_.GetURL(replacement_path);
|
| ui_test_utils::NavigateToURL(browser(), url_https);
|
| - CheckAuthenticationBrokenState(tab, 0, true, false);
|
| + CheckAuthenticationBrokenState(
|
| + tab,
|
| + CertError::NONE,
|
| + AuthState::DISPLAYED_INSECURE_CONTENT | AuthState::RAN_INSECURE_CONTENT);
|
| }
|
|
|
| // This test ensures the CN invalid status does not 'stick' to a certificate
|
| @@ -1089,26 +1162,27 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestCNInvalidStickiness) {
|
|
|
| // We get an interstitial page as a result.
|
| WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
|
| - CheckAuthenticationBrokenState(tab, net::CERT_STATUS_COMMON_NAME_INVALID,
|
| - false, true); // Interstitial showing.
|
| + CheckAuthenticationBrokenState(tab,
|
| + net::CERT_STATUS_COMMON_NAME_INVALID,
|
| + AuthState::SHOWING_INTERSTITIAL);
|
| ProceedThroughInterstitial(tab);
|
| - CheckAuthenticationBrokenState(tab, net::CERT_STATUS_COMMON_NAME_INVALID,
|
| - false, false); // No interstitial showing.
|
| + CheckAuthenticationBrokenState(
|
| + tab, net::CERT_STATUS_COMMON_NAME_INVALID, AuthState::NONE);
|
|
|
| // Now we try again with the right host name this time.
|
| GURL url(https_server_.GetURL("files/ssl/google.html"));
|
| ui_test_utils::NavigateToURL(browser(), url);
|
|
|
| // Security state should be OK.
|
| - CheckAuthenticatedState(tab, false);
|
| + CheckAuthenticatedState(tab, AuthState::NONE);
|
|
|
| // Now try again the broken one to make sure it is still broken.
|
| ui_test_utils::NavigateToURL(browser(),
|
| https_server_mismatched_.GetURL("files/ssl/google.html"));
|
|
|
| // Since we OKed the interstitial last time, we get right to the page.
|
| - CheckAuthenticationBrokenState(tab, net::CERT_STATUS_COMMON_NAME_INVALID,
|
| - false, false); // No interstitial showing.
|
| + CheckAuthenticationBrokenState(
|
| + tab, net::CERT_STATUS_COMMON_NAME_INVALID, AuthState::NONE);
|
| }
|
|
|
| #if defined(OS_CHROMEOS)
|
| @@ -1127,21 +1201,20 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestRefNavigation) {
|
| https_server_expired_.GetURL("files/ssl/page_with_refs.html"));
|
|
|
| WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
|
| - CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false,
|
| - true); // Interstitial showing.
|
| + CheckAuthenticationBrokenState(
|
| + tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
|
|
|
| ProceedThroughInterstitial(tab);
|
|
|
| - CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false,
|
| - false); // No interstitial showing.
|
| -
|
| + CheckAuthenticationBrokenState(
|
| + tab, net::CERT_STATUS_DATE_INVALID, AuthState::NONE);
|
| // Now navigate to a ref in the page, the security state should not have
|
| // changed.
|
| ui_test_utils::NavigateToURL(browser(),
|
| https_server_expired_.GetURL("files/ssl/page_with_refs.html#jp"));
|
|
|
| - CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false,
|
| - false); // No interstitial showing.
|
| + CheckAuthenticationBrokenState(
|
| + tab, net::CERT_STATUS_DATE_INVALID, AuthState::NONE);
|
| }
|
|
|
| // Tests that closing a page that has a unsafe pop-up does not crash the
|
| @@ -1200,13 +1273,13 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestRedirectBadToGoodHTTPS) {
|
|
|
| WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
|
|
|
| - CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false,
|
| - true); // Interstitial showing.
|
| + CheckAuthenticationBrokenState(
|
| + tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
|
|
|
| ProceedThroughInterstitial(tab);
|
|
|
| // We have been redirected to the good page.
|
| - CheckAuthenticatedState(tab, false);
|
| + CheckAuthenticatedState(tab, AuthState::NONE);
|
| }
|
|
|
| // Visit a page over good https that is a redirect to a page with bad https.
|
| @@ -1219,13 +1292,13 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestRedirectGoodToBadHTTPS) {
|
| ui_test_utils::NavigateToURL(browser(), GURL(url1.spec() + url2.spec()));
|
|
|
| WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
|
| - CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false,
|
| - true); // Interstitial showing.
|
| + CheckAuthenticationBrokenState(
|
| + tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
|
|
|
| ProceedThroughInterstitial(tab);
|
|
|
| - CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false,
|
| - false); // No interstitial showing.
|
| + CheckAuthenticationBrokenState(
|
| + tab, net::CERT_STATUS_DATE_INVALID, AuthState::NONE);
|
| }
|
|
|
| // Visit a page over http that is a redirect to a page with good HTTPS.
|
| @@ -1242,7 +1315,7 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestRedirectHTTPToGoodHTTPS) {
|
|
|
| ui_test_utils::NavigateToURL(browser(),
|
| GURL(http_url.spec() + good_https_url.spec()));
|
| - CheckAuthenticatedState(tab, false);
|
| + CheckAuthenticatedState(tab, AuthState::NONE);
|
| }
|
|
|
| // Visit a page over http that is a redirect to a page with bad HTTPS.
|
| @@ -1257,13 +1330,13 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestRedirectHTTPToBadHTTPS) {
|
| https_server_expired_.GetURL("files/ssl/google.html");
|
| ui_test_utils::NavigateToURL(browser(),
|
| GURL(http_url.spec() + bad_https_url.spec()));
|
| - CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false,
|
| - true); // Interstitial showing.
|
| + CheckAuthenticationBrokenState(
|
| + tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
|
|
|
| ProceedThroughInterstitial(tab);
|
|
|
| - CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false,
|
| - false); // No interstitial showing.
|
| + CheckAuthenticationBrokenState(
|
| + tab, net::CERT_STATUS_DATE_INVALID, AuthState::NONE);
|
| }
|
|
|
| // Visit a page over https that is a redirect to a page with http (to make sure
|
| @@ -1318,7 +1391,7 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestGoodFrameNavigation) {
|
| ui_test_utils::NavigateToURL(browser(),
|
| https_server_.GetURL(top_frame_path));
|
|
|
| - CheckAuthenticatedState(tab, false);
|
| + CheckAuthenticatedState(tab, AuthState::NONE);
|
|
|
| bool success = false;
|
| // Now navigate inside the frame.
|
| @@ -1335,7 +1408,7 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestGoodFrameNavigation) {
|
| }
|
|
|
| // We should still be fine.
|
| - CheckAuthenticatedState(tab, false);
|
| + CheckAuthenticatedState(tab, AuthState::NONE);
|
|
|
| // Now let's hit a bad page.
|
| {
|
| @@ -1351,7 +1424,7 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestGoodFrameNavigation) {
|
| }
|
|
|
| // The security style should still be secure.
|
| - CheckAuthenticatedState(tab, false);
|
| + CheckAuthenticatedState(tab, AuthState::NONE);
|
|
|
| // And the frame should be blocked.
|
| bool is_content_evil = true;
|
| @@ -1373,7 +1446,7 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestGoodFrameNavigation) {
|
| tab->GetController().GoBack();
|
| observer.Wait();
|
| }
|
| - CheckAuthenticatedState(tab, false);
|
| + CheckAuthenticatedState(tab, AuthState::NONE);
|
|
|
| // Navigate to a page served over HTTP.
|
| {
|
| @@ -1389,7 +1462,10 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestGoodFrameNavigation) {
|
| }
|
|
|
| // Our state should be unathenticated (in the ran mixed script sense)
|
| - CheckBrokenAuthenticatedState(tab);
|
| + CheckAuthenticationBrokenState(
|
| + tab,
|
| + CertError::NONE,
|
| + AuthState::DISPLAYED_INSECURE_CONTENT | AuthState::RAN_INSECURE_CONTENT);
|
|
|
| // Go back, our state should be unchanged.
|
| {
|
| @@ -1400,7 +1476,10 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestGoodFrameNavigation) {
|
| observer.Wait();
|
| }
|
|
|
| - CheckBrokenAuthenticatedState(tab);
|
| + CheckAuthenticationBrokenState(
|
| + tab,
|
| + CertError::NONE,
|
| + AuthState::DISPLAYED_INSECURE_CONTENT | AuthState::RAN_INSECURE_CONTENT);
|
| }
|
|
|
| // From a bad HTTPS top frame:
|
| @@ -1418,8 +1497,8 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestBadFrameNavigation) {
|
| WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
|
| ui_test_utils::NavigateToURL(browser(),
|
| https_server_expired_.GetURL(top_frame_path));
|
| - CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false,
|
| - true); // Interstitial showing
|
| + CheckAuthenticationBrokenState(
|
| + tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
|
|
|
| ProceedThroughInterstitial(tab);
|
|
|
| @@ -1436,8 +1515,8 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestBadFrameNavigation) {
|
| observer.Wait();
|
|
|
| // We should still be authentication broken.
|
| - CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false,
|
| - false);
|
| + CheckAuthenticationBrokenState(
|
| + tab, net::CERT_STATUS_DATE_INVALID, AuthState::NONE);
|
| }
|
|
|
| // From an HTTP top frame, navigate to good and bad HTTPS (security state should
|
| @@ -1521,7 +1600,7 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestUnsafeContentsInWorkerFiltered) {
|
| // Expect Worker not to load insecure content.
|
| CheckWorkerLoadResult(tab, false);
|
| // The bad content is filtered, expect the state to be authenticated.
|
| - CheckAuthenticatedState(tab, false);
|
| + CheckAuthenticatedState(tab, AuthState::NONE);
|
| }
|
|
|
| IN_PROC_BROWSER_TEST_F(SSLUITest, TestUnsafeContentsInWorker) {
|
| @@ -1533,11 +1612,11 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestUnsafeContentsInWorker) {
|
| ui_test_utils::NavigateToURL(browser(),
|
| https_server_expired_.GetURL("files/ssl/blank_page.html"));
|
| WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
|
| - CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false,
|
| - true); // Interstitial showing
|
| + CheckAuthenticationBrokenState(
|
| + tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
|
| ProceedThroughInterstitial(tab);
|
| - CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false,
|
| - false); // No Interstitial
|
| + CheckAuthenticationBrokenState(
|
| + tab, net::CERT_STATUS_DATE_INVALID, AuthState::NONE);
|
|
|
| // Navigate to safe page that has Worker loading unsafe content.
|
| // Expect content to load but be marked as auth broken due to running insecure
|
| @@ -1548,7 +1627,8 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestUnsafeContentsInWorker) {
|
| ui_test_utils::NavigateToURL(browser(), https_server_.GetURL(
|
| page_with_unsafe_worker_path));
|
| CheckWorkerLoadResult(tab, true); // Worker loads insecure content
|
| - CheckAuthenticationBrokenState(tab, 0, true, false);
|
| + CheckAuthenticationBrokenState(
|
| + tab, CertError::NONE, AuthState::RAN_INSECURE_CONTENT);
|
| }
|
|
|
| // Test that when the browser blocks displaying insecure content (images), the
|
| @@ -1567,8 +1647,8 @@ IN_PROC_BROWSER_TEST_F(SSLUITestBlock, TestBlockDisplayingInsecureImage) {
|
| ui_test_utils::NavigateToURL(browser(),
|
| https_server_.GetURL(replacement_path));
|
|
|
| - CheckAuthenticatedState(
|
| - browser()->tab_strip_model()->GetActiveWebContents(), false);
|
| + CheckAuthenticatedState(browser()->tab_strip_model()->GetActiveWebContents(),
|
| + AuthState::NONE);
|
| }
|
|
|
| // Test that when the browser blocks displaying insecure content (iframes), the
|
| @@ -1587,11 +1667,10 @@ IN_PROC_BROWSER_TEST_F(SSLUITestBlock, TestBlockDisplayingInsecureIframe) {
|
| ui_test_utils::NavigateToURL(browser(),
|
| https_server_.GetURL(replacement_path));
|
|
|
| - CheckAuthenticatedState(
|
| - browser()->tab_strip_model()->GetActiveWebContents(), false);
|
| + CheckAuthenticatedState(browser()->tab_strip_model()->GetActiveWebContents(),
|
| + AuthState::NONE);
|
| }
|
|
|
| -
|
| // Test that when the browser blocks running insecure content, the
|
| // indicator shows a secure page, because the blocking made the otherwise
|
| // unsafe page safe (the notification of this state is handled by other means).
|
| @@ -1608,8 +1687,8 @@ IN_PROC_BROWSER_TEST_F(SSLUITestBlock, TestBlockRunningInsecureContent) {
|
| ui_test_utils::NavigateToURL(browser(),
|
| https_server_.GetURL(replacement_path));
|
|
|
| - CheckAuthenticatedState(
|
| - browser()->tab_strip_model()->GetActiveWebContents(), false);
|
| + CheckAuthenticatedState(browser()->tab_strip_model()->GetActiveWebContents(),
|
| + AuthState::NONE);
|
| }
|
|
|
| // Visit a page and establish a WebSocket connection over bad https with
|
| @@ -1651,8 +1730,8 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, InterstitialNotAffectedByContentSettings) {
|
| WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
|
| ui_test_utils::NavigateToURL(browser(),
|
| https_server_expired_.GetURL("files/ssl/google.html"));
|
| - CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false,
|
| - true); // Interstitial showing
|
| + CheckAuthenticationBrokenState(
|
| + tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
|
|
|
| InterstitialPage* interstitial_page = tab->GetInterstitialPage();
|
| content::RenderViewHost* interstitial_rvh =
|
|
|
Chromium Code Reviews
Issue 184483002:
Set insecure content status also when there are other security issues. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master