Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(3661)

Unified Diff: chrome/browser/ssl/ssl_browser_tests.cc

Issue 184483002: Set insecure content status also when there are other security issues. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Review follow up: remove bool arguments, introduce enums. Created 6 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | content/browser/ssl/ssl_policy.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/ssl/ssl_browser_tests.cc
diff --git a/chrome/browser/ssl/ssl_browser_tests.cc b/chrome/browser/ssl/ssl_browser_tests.cc
index bcf8cf123c4db3449f87c32ae54814fd4562e198..9ef5fd9e7de9e6f8708fe3e2e202b6a747bd4b84 100644
--- a/chrome/browser/ssl/ssl_browser_tests.cc
+++ b/chrome/browser/ssl/ssl_browser_tests.cc
@@ -92,6 +92,76 @@ class ProvisionalLoadWaiter : public content::WebContentsObserver {
bool seen_;
};
+namespace AuthState {
+
+enum AuthStateFlags {
+ NONE = 0,
+ DISPLAYED_INSECURE_CONTENT = 1 << 0,
+ RAN_INSECURE_CONTENT = 1 << 1,
+ SHOWING_INTERSTITIAL = 1 << 2
+};
+
+void Check(const NavigationEntry& entry, int expected_authentication_state) {
+ EXPECT_EQ(!!(expected_authentication_state & AuthState::SHOWING_INTERSTITIAL)
+ ? content::PAGE_TYPE_INTERSTITIAL
+ : content::PAGE_TYPE_NORMAL,
+ entry.GetPageType());
+
+ bool displayed_insecure_content =
+ !!(entry.GetSSL().content_status & SSLStatus::DISPLAYED_INSECURE_CONTENT);
+ EXPECT_EQ(
+ !!(expected_authentication_state & AuthState::DISPLAYED_INSECURE_CONTENT),
+ displayed_insecure_content);
+
+ bool ran_insecure_content =
+ !!(entry.GetSSL().content_status & SSLStatus::RAN_INSECURE_CONTENT);
+ EXPECT_EQ(!!(expected_authentication_state & AuthState::RAN_INSECURE_CONTENT),
+ ran_insecure_content);
+}
+
+} // namespace AuthState
+
+namespace SecurityStyle {
+
+void Check(const NavigationEntry& entry,
+ content::SecurityStyle expected_security_style) {
+ EXPECT_EQ(expected_security_style, entry.GetSSL().security_style);
+}
+
+} // namespace SecurityStyle
+
+namespace CertError {
+
+enum CertErrorFlags {
+ NONE = 0
+};
+
+void Check(const NavigationEntry& entry, net::CertStatus error) {
+ if (error) {
+ EXPECT_EQ(error, entry.GetSSL().cert_status & error);
+ net::CertStatus extra_cert_errors =
+ error ^ (entry.GetSSL().cert_status & net::CERT_STATUS_ALL_ERRORS);
+ if (extra_cert_errors)
+ LOG(WARNING) << "Got unexpected cert error: " << extra_cert_errors;
+ } else {
+ EXPECT_EQ(0U, entry.GetSSL().cert_status & net::CERT_STATUS_ALL_ERRORS);
+ }
+}
+
+} // namespace CertError
+
+void CheckSecurityState(WebContents* tab,
+ net::CertStatus error,
+ content::SecurityStyle expected_security_style,
+ int expected_authentication_state) {
+ ASSERT_FALSE(tab->IsCrashed());
+ NavigationEntry* entry = tab->GetController().GetActiveEntry();
+ ASSERT_TRUE(entry);
+ CertError::Check(*entry, error);
+ SecurityStyle::Check(*entry, expected_security_style);
+ AuthState::Check(*entry, expected_authentication_state);
+}
+
} // namespace
class SSLUITest : public InProcessBrowserTest {
@@ -118,62 +188,31 @@ class SSLUITest : public InProcessBrowserTest {
command_line->AppendSwitch(switches::kProcessPerSite);
}
- void CheckState(WebContents* tab,
- content::SecurityStyle expected_security_style,
- bool expected_displayed_insecure_content,
- bool expected_ran_insecure_content) {
- ASSERT_FALSE(tab->IsCrashed());
- NavigationEntry* entry = tab->GetController().GetActiveEntry();
- ASSERT_TRUE(entry);
- EXPECT_EQ(content::PAGE_TYPE_NORMAL, entry->GetPageType());
- EXPECT_EQ(expected_security_style, entry->GetSSL().security_style);
- EXPECT_EQ(0U, entry->GetSSL().cert_status & net::CERT_STATUS_ALL_ERRORS);
- bool displayed_insecure_content =
- entry->GetSSL().content_status & SSLStatus::DISPLAYED_INSECURE_CONTENT;
- EXPECT_EQ(expected_displayed_insecure_content, displayed_insecure_content);
- bool ran_insecure_content =
- entry->GetSSL().content_status & SSLStatus::RAN_INSECURE_CONTENT;
- EXPECT_EQ(expected_ran_insecure_content, ran_insecure_content);
- }
-
void CheckAuthenticatedState(WebContents* tab,
- bool expected_displayed_insecure_content) {
- CheckState(tab, content::SECURITY_STYLE_AUTHENTICATED,
- expected_displayed_insecure_content, false);
+ int expected_authentication_state) {
+ CheckSecurityState(tab,
+ CertError::NONE,
+ content::SECURITY_STYLE_AUTHENTICATED,
+ expected_authentication_state);
}
void CheckUnauthenticatedState(WebContents* tab) {
- CheckState(tab, content::SECURITY_STYLE_UNAUTHENTICATED, false, false);
- }
-
- void CheckBrokenAuthenticatedState(WebContents* tab) {
- CheckState(tab, content::SECURITY_STYLE_AUTHENTICATION_BROKEN, false, true);
+ CheckSecurityState(tab,
+ CertError::NONE,
+ content::SECURITY_STYLE_UNAUTHENTICATED,
+ AuthState::NONE);
}
void CheckAuthenticationBrokenState(WebContents* tab,
net::CertStatus error,
- bool ran_insecure_content,
- bool interstitial) {
- ASSERT_FALSE(tab->IsCrashed());
- NavigationEntry* entry = tab->GetController().GetActiveEntry();
- ASSERT_TRUE(entry);
- EXPECT_EQ(interstitial ?
- content::PAGE_TYPE_INTERSTITIAL : content::PAGE_TYPE_NORMAL,
- entry->GetPageType());
- EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATION_BROKEN,
- entry->GetSSL().security_style);
+ int expected_authentication_state) {
+ CheckSecurityState(tab,
+ error,
+ content::SECURITY_STYLE_AUTHENTICATION_BROKEN,
+ expected_authentication_state);
// CERT_STATUS_UNABLE_TO_CHECK_REVOCATION doesn't lower the security style
// to SECURITY_STYLE_AUTHENTICATION_BROKEN.
ASSERT_NE(net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION, error);
- EXPECT_EQ(error, entry->GetSSL().cert_status & error);
- EXPECT_FALSE(!!(entry->GetSSL().content_status &
- SSLStatus::DISPLAYED_INSECURE_CONTENT));
- EXPECT_EQ(ran_insecure_content,
- !!(entry->GetSSL().content_status & SSLStatus::RAN_INSECURE_CONTENT));
- net::CertStatus extra_cert_errors = error ^ (entry->GetSSL().cert_status &
- net::CERT_STATUS_ALL_ERRORS);
- if (extra_cert_errors)
- LOG(WARNING) << "Got unexpected cert error: " << extra_cert_errors;
}
void CheckWorkerLoadResult(WebContents* tab, bool expected_load) {
@@ -365,6 +404,30 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestHTTPWithBrokenHTTPSResource) {
browser()->tab_strip_model()->GetActiveWebContents());
}
+IN_PROC_BROWSER_TEST_F(SSLUITest, TestBrokenHTTPSWithInsecureContent) {
+ ASSERT_TRUE(test_server()->Start());
+ ASSERT_TRUE(https_server_expired_.Start());
+
+ std::string replacement_path;
+ ASSERT_TRUE(GetFilePathWithHostAndPortReplacement(
+ "files/ssl/page_displays_insecure_content.html",
+ test_server()->host_port_pair(),
+ &replacement_path));
+
+ ui_test_utils::NavigateToURL(browser(),
+ https_server_expired_.GetURL(replacement_path));
+
+ WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
+ CheckAuthenticationBrokenState(
+ tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
+
+ ProceedThroughInterstitial(tab);
+
+ CheckAuthenticationBrokenState(tab,
+ net::CERT_STATUS_DATE_INVALID,
+ AuthState::DISPLAYED_INSECURE_CONTENT);
+}
+
// http://crbug.com/91745
#if defined(OS_CHROMEOS)
#define MAYBE_TestOKHTTPS DISABLED_TestOKHTTPS
@@ -379,8 +442,8 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestOKHTTPS) {
ui_test_utils::NavigateToURL(browser(),
https_server_.GetURL("files/ssl/google.html"));
- CheckAuthenticatedState(
- browser()->tab_strip_model()->GetActiveWebContents(), false);
+ CheckAuthenticatedState(browser()->tab_strip_model()->GetActiveWebContents(),
+ AuthState::NONE);
}
// Visits a page with https error and proceed:
@@ -391,13 +454,13 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestHTTPSExpiredCertAndProceed) {
https_server_expired_.GetURL("files/ssl/google.html"));
WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
- CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false,
- true); // Interstitial showing
+ CheckAuthenticationBrokenState(
+ tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
ProceedThroughInterstitial(tab);
- CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false,
- false); // No interstitial showing
+ CheckAuthenticationBrokenState(
+ tab, net::CERT_STATUS_DATE_INVALID, AuthState::NONE);
}
#ifndef NEDBUG
@@ -438,8 +501,9 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestHTTPSExpiredCertAndDontProceed) {
ui_test_utils::NavigateToURL(browser(), cross_site_url);
// An interstitial should be showing.
- CheckAuthenticationBrokenState(tab, net::CERT_STATUS_COMMON_NAME_INVALID,
- false, true);
+ CheckAuthenticationBrokenState(tab,
+ net::CERT_STATUS_COMMON_NAME_INVALID,
+ AuthState::SHOWING_INTERSTITIAL);
// Simulate user clicking "Take me back".
InterstitialPage* interstitial_page = tab->GetInterstitialPage();
@@ -447,7 +511,7 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestHTTPSExpiredCertAndDontProceed) {
interstitial_page->DontProceed();
// We should be back to the original good page.
- CheckAuthenticatedState(tab, false);
+ CheckAuthenticatedState(tab, AuthState::NONE);
// Try to navigate to a new page. (to make sure bug 5800 is fixed).
ui_test_utils::NavigateToURL(browser(),
@@ -471,8 +535,8 @@ IN_PROC_BROWSER_TEST_F(SSLUITest,
// Now go to a bad HTTPS page that shows an interstitial.
ui_test_utils::NavigateToURL(browser(),
https_server_expired_.GetURL("files/ssl/google.html"));
- CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false,
- true); // Interstitial showing
+ CheckAuthenticationBrokenState(
+ tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
ProvisionalLoadWaiter load_failed_observer(tab);
@@ -508,8 +572,8 @@ IN_PROC_BROWSER_TEST_F(SSLUITest,
// Now go to a bad HTTPS page that shows an interstitial.
ui_test_utils::NavigateToURL(browser(),
https_server_expired_.GetURL("files/ssl/google.html"));
- CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false,
- true); // Interstitial showing
+ CheckAuthenticationBrokenState(
+ tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
// Simulate user clicking and holding on back button (crbug.com/37215).
tab->GetController().GoToOffset(-1);
@@ -551,8 +615,8 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestHTTPSExpiredCertAndGoForward) {
// Now go to a bad HTTPS page that shows an interstitial.
ui_test_utils::NavigateToURL(browser(),
https_server_expired_.GetURL("files/ssl/google.html"));
- CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false,
- true); // Interstitial showing
+ CheckAuthenticationBrokenState(
+ tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
// Simulate user clicking and holding on forward button.
{
@@ -640,8 +704,8 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestWSSInvalidCertAndGoForward) {
browser(),
wss_server_expired_.GetURL(
"connect_check.html").ReplaceComponents(replacements));
- CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false,
- true); // Interstitial showing
+ CheckAuthenticationBrokenState(
+ tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
// Proceed anyway.
ProceedThroughInterstitial(tab);
@@ -713,7 +777,7 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, DISABLED_TestWSSClientCert) {
// Visit a HTTPS page which requires client certs.
ui_test_utils::NavigateToURL(browser(), url);
- CheckAuthenticatedState(tab, false);
+ CheckAuthenticatedState(tab, AuthState::NONE);
// Test page runs a WebSocket wss connection test. The result will be shown
// as page title.
@@ -836,8 +900,8 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestDisplaysInsecureContent) {
ui_test_utils::NavigateToURL(browser(),
https_server_.GetURL(replacement_path));
- CheckAuthenticatedState(
- browser()->tab_strip_model()->GetActiveWebContents(), true);
+ CheckAuthenticatedState(browser()->tab_strip_model()->GetActiveWebContents(),
+ AuthState::DISPLAYED_INSECURE_CONTENT);
}
// Visits a page that runs insecure content and tries to suppress the insecure
@@ -852,7 +916,9 @@ IN_PROC_BROWSER_TEST_F(SSLUITest,
"files/ssl/page_runs_insecure_content.html"));
CheckAuthenticationBrokenState(
- browser()->tab_strip_model()->GetActiveWebContents(), 0, true, false);
+ browser()->tab_strip_model()->GetActiveWebContents(),
+ CertError::NONE,
+ AuthState::DISPLAYED_INSECURE_CONTENT | AuthState::RAN_INSECURE_CONTENT);
}
// Visits a page with unsafe content and make sure that:
@@ -873,7 +939,7 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestUnsafeContents) {
WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
// When the bad content is filtered, the state is expected to be
// authenticated.
- CheckAuthenticatedState(tab, false);
+ CheckAuthenticatedState(tab, AuthState::NONE);
// Because of cross-frame scripting restrictions, we cannot access the iframe
// content. So to know if the frame was loaded, we just check if a popup was
@@ -915,7 +981,7 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestDisplaysInsecureContentLoadedFromJS) {
replacement_path));
WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
- CheckAuthenticatedState(tab, false);
+ CheckAuthenticatedState(tab, AuthState::NONE);
// Load the insecure image.
bool js_result = false;
@@ -926,7 +992,7 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestDisplaysInsecureContentLoadedFromJS) {
EXPECT_TRUE(js_result);
// We should now have insecure content.
- CheckAuthenticatedState(tab, true);
+ CheckAuthenticatedState(tab, AuthState::DISPLAYED_INSECURE_CONTENT);
}
// Visits two pages from the same origin: one that displays insecure content and
@@ -942,7 +1008,7 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestDisplaysInsecureContentTwoTabs) {
WebContents* tab1 = browser()->tab_strip_model()->GetActiveWebContents();
// This tab should be fine.
- CheckAuthenticatedState(tab1, false);
+ CheckAuthenticatedState(tab1, AuthState::NONE);
// Create a new tab.
std::string replacement_path;
@@ -964,10 +1030,10 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestDisplaysInsecureContentTwoTabs) {
observer.Wait();
// The new tab has insecure content.
- CheckAuthenticatedState(tab2, true);
+ CheckAuthenticatedState(tab2, AuthState::DISPLAYED_INSECURE_CONTENT);
// The original tab should not be contaminated.
- CheckAuthenticatedState(tab1, false);
+ CheckAuthenticatedState(tab1, AuthState::NONE);
}
// Visits two pages from the same origin: one that runs insecure content and one
@@ -983,7 +1049,7 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestRunsInsecureContentTwoTabs) {
WebContents* tab1 = browser()->tab_strip_model()->GetActiveWebContents();
// This tab should be fine.
- CheckAuthenticatedState(tab1, false);
+ CheckAuthenticatedState(tab1, AuthState::NONE);
std::string replacement_path;
ASSERT_TRUE(GetFilePathWithHostAndPortReplacement(
@@ -1009,11 +1075,15 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestRunsInsecureContentTwoTabs) {
EXPECT_EQ(tab1->GetRenderProcessHost(), tab2->GetRenderProcessHost());
// The new tab has insecure content.
- CheckAuthenticationBrokenState(tab2, 0, true, false);
+ CheckAuthenticationBrokenState(
+ tab2,
+ CertError::NONE,
+ AuthState::DISPLAYED_INSECURE_CONTENT | AuthState::RAN_INSECURE_CONTENT);
// Which means the origin for the first tab has also been contaminated with
// insecure content.
- CheckAuthenticationBrokenState(tab1, 0, true, false);
+ CheckAuthenticationBrokenState(
+ tab1, CertError::NONE, AuthState::RAN_INSECURE_CONTENT);
}
// Visits a page with an image over http. Visits another page over https
@@ -1039,7 +1109,7 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestDisplaysCachedInsecureContent) {
// content (even though the image comes from the WebCore memory cache).
const GURL url_https = https_server_.GetURL(replacement_path);
ui_test_utils::NavigateToURL(browser(), url_https);
- CheckAuthenticatedState(tab, true);
+ CheckAuthenticatedState(tab, AuthState::DISPLAYED_INSECURE_CONTENT);
}
// http://crbug.com/84729
@@ -1073,7 +1143,10 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestRunsCachedInsecureContent) {
// content (even though the image comes from the WebCore memory cache).
const GURL url_https = https_server_.GetURL(replacement_path);
ui_test_utils::NavigateToURL(browser(), url_https);
- CheckAuthenticationBrokenState(tab, 0, true, false);
+ CheckAuthenticationBrokenState(
+ tab,
+ CertError::NONE,
+ AuthState::DISPLAYED_INSECURE_CONTENT | AuthState::RAN_INSECURE_CONTENT);
}
// This test ensures the CN invalid status does not 'stick' to a certificate
@@ -1089,26 +1162,27 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestCNInvalidStickiness) {
// We get an interstitial page as a result.
WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
- CheckAuthenticationBrokenState(tab, net::CERT_STATUS_COMMON_NAME_INVALID,
- false, true); // Interstitial showing.
+ CheckAuthenticationBrokenState(tab,
+ net::CERT_STATUS_COMMON_NAME_INVALID,
+ AuthState::SHOWING_INTERSTITIAL);
ProceedThroughInterstitial(tab);
- CheckAuthenticationBrokenState(tab, net::CERT_STATUS_COMMON_NAME_INVALID,
- false, false); // No interstitial showing.
+ CheckAuthenticationBrokenState(
+ tab, net::CERT_STATUS_COMMON_NAME_INVALID, AuthState::NONE);
// Now we try again with the right host name this time.
GURL url(https_server_.GetURL("files/ssl/google.html"));
ui_test_utils::NavigateToURL(browser(), url);
// Security state should be OK.
- CheckAuthenticatedState(tab, false);
+ CheckAuthenticatedState(tab, AuthState::NONE);
// Now try again the broken one to make sure it is still broken.
ui_test_utils::NavigateToURL(browser(),
https_server_mismatched_.GetURL("files/ssl/google.html"));
// Since we OKed the interstitial last time, we get right to the page.
- CheckAuthenticationBrokenState(tab, net::CERT_STATUS_COMMON_NAME_INVALID,
- false, false); // No interstitial showing.
+ CheckAuthenticationBrokenState(
+ tab, net::CERT_STATUS_COMMON_NAME_INVALID, AuthState::NONE);
}
#if defined(OS_CHROMEOS)
@@ -1127,21 +1201,20 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestRefNavigation) {
https_server_expired_.GetURL("files/ssl/page_with_refs.html"));
WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
- CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false,
- true); // Interstitial showing.
+ CheckAuthenticationBrokenState(
+ tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
ProceedThroughInterstitial(tab);
- CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false,
- false); // No interstitial showing.
-
+ CheckAuthenticationBrokenState(
+ tab, net::CERT_STATUS_DATE_INVALID, AuthState::NONE);
// Now navigate to a ref in the page, the security state should not have
// changed.
ui_test_utils::NavigateToURL(browser(),
https_server_expired_.GetURL("files/ssl/page_with_refs.html#jp"));
- CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false,
- false); // No interstitial showing.
+ CheckAuthenticationBrokenState(
+ tab, net::CERT_STATUS_DATE_INVALID, AuthState::NONE);
}
// Tests that closing a page that has a unsafe pop-up does not crash the
@@ -1200,13 +1273,13 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestRedirectBadToGoodHTTPS) {
WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
- CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false,
- true); // Interstitial showing.
+ CheckAuthenticationBrokenState(
+ tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
ProceedThroughInterstitial(tab);
// We have been redirected to the good page.
- CheckAuthenticatedState(tab, false);
+ CheckAuthenticatedState(tab, AuthState::NONE);
}
// Visit a page over good https that is a redirect to a page with bad https.
@@ -1219,13 +1292,13 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestRedirectGoodToBadHTTPS) {
ui_test_utils::NavigateToURL(browser(), GURL(url1.spec() + url2.spec()));
WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
- CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false,
- true); // Interstitial showing.
+ CheckAuthenticationBrokenState(
+ tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
ProceedThroughInterstitial(tab);
- CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false,
- false); // No interstitial showing.
+ CheckAuthenticationBrokenState(
+ tab, net::CERT_STATUS_DATE_INVALID, AuthState::NONE);
}
// Visit a page over http that is a redirect to a page with good HTTPS.
@@ -1242,7 +1315,7 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestRedirectHTTPToGoodHTTPS) {
ui_test_utils::NavigateToURL(browser(),
GURL(http_url.spec() + good_https_url.spec()));
- CheckAuthenticatedState(tab, false);
+ CheckAuthenticatedState(tab, AuthState::NONE);
}
// Visit a page over http that is a redirect to a page with bad HTTPS.
@@ -1257,13 +1330,13 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestRedirectHTTPToBadHTTPS) {
https_server_expired_.GetURL("files/ssl/google.html");
ui_test_utils::NavigateToURL(browser(),
GURL(http_url.spec() + bad_https_url.spec()));
- CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false,
- true); // Interstitial showing.
+ CheckAuthenticationBrokenState(
+ tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
ProceedThroughInterstitial(tab);
- CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false,
- false); // No interstitial showing.
+ CheckAuthenticationBrokenState(
+ tab, net::CERT_STATUS_DATE_INVALID, AuthState::NONE);
}
// Visit a page over https that is a redirect to a page with http (to make sure
@@ -1318,7 +1391,7 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestGoodFrameNavigation) {
ui_test_utils::NavigateToURL(browser(),
https_server_.GetURL(top_frame_path));
- CheckAuthenticatedState(tab, false);
+ CheckAuthenticatedState(tab, AuthState::NONE);
bool success = false;
// Now navigate inside the frame.
@@ -1335,7 +1408,7 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestGoodFrameNavigation) {
}
// We should still be fine.
- CheckAuthenticatedState(tab, false);
+ CheckAuthenticatedState(tab, AuthState::NONE);
// Now let's hit a bad page.
{
@@ -1351,7 +1424,7 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestGoodFrameNavigation) {
}
// The security style should still be secure.
- CheckAuthenticatedState(tab, false);
+ CheckAuthenticatedState(tab, AuthState::NONE);
// And the frame should be blocked.
bool is_content_evil = true;
@@ -1373,7 +1446,7 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestGoodFrameNavigation) {
tab->GetController().GoBack();
observer.Wait();
}
- CheckAuthenticatedState(tab, false);
+ CheckAuthenticatedState(tab, AuthState::NONE);
// Navigate to a page served over HTTP.
{
@@ -1389,7 +1462,10 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestGoodFrameNavigation) {
}
// Our state should be unathenticated (in the ran mixed script sense)
- CheckBrokenAuthenticatedState(tab);
+ CheckAuthenticationBrokenState(
+ tab,
+ CertError::NONE,
+ AuthState::DISPLAYED_INSECURE_CONTENT | AuthState::RAN_INSECURE_CONTENT);
// Go back, our state should be unchanged.
{
@@ -1400,7 +1476,10 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestGoodFrameNavigation) {
observer.Wait();
}
- CheckBrokenAuthenticatedState(tab);
+ CheckAuthenticationBrokenState(
+ tab,
+ CertError::NONE,
+ AuthState::DISPLAYED_INSECURE_CONTENT | AuthState::RAN_INSECURE_CONTENT);
}
// From a bad HTTPS top frame:
@@ -1418,8 +1497,8 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestBadFrameNavigation) {
WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
ui_test_utils::NavigateToURL(browser(),
https_server_expired_.GetURL(top_frame_path));
- CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false,
- true); // Interstitial showing
+ CheckAuthenticationBrokenState(
+ tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
ProceedThroughInterstitial(tab);
@@ -1436,8 +1515,8 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestBadFrameNavigation) {
observer.Wait();
// We should still be authentication broken.
- CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false,
- false);
+ CheckAuthenticationBrokenState(
+ tab, net::CERT_STATUS_DATE_INVALID, AuthState::NONE);
}
// From an HTTP top frame, navigate to good and bad HTTPS (security state should
@@ -1521,7 +1600,7 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestUnsafeContentsInWorkerFiltered) {
// Expect Worker not to load insecure content.
CheckWorkerLoadResult(tab, false);
// The bad content is filtered, expect the state to be authenticated.
- CheckAuthenticatedState(tab, false);
+ CheckAuthenticatedState(tab, AuthState::NONE);
}
IN_PROC_BROWSER_TEST_F(SSLUITest, TestUnsafeContentsInWorker) {
@@ -1533,11 +1612,11 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestUnsafeContentsInWorker) {
ui_test_utils::NavigateToURL(browser(),
https_server_expired_.GetURL("files/ssl/blank_page.html"));
WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
- CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false,
- true); // Interstitial showing
+ CheckAuthenticationBrokenState(
+ tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
ProceedThroughInterstitial(tab);
- CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false,
- false); // No Interstitial
+ CheckAuthenticationBrokenState(
+ tab, net::CERT_STATUS_DATE_INVALID, AuthState::NONE);
// Navigate to safe page that has Worker loading unsafe content.
// Expect content to load but be marked as auth broken due to running insecure
@@ -1548,7 +1627,8 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestUnsafeContentsInWorker) {
ui_test_utils::NavigateToURL(browser(), https_server_.GetURL(
page_with_unsafe_worker_path));
CheckWorkerLoadResult(tab, true); // Worker loads insecure content
- CheckAuthenticationBrokenState(tab, 0, true, false);
+ CheckAuthenticationBrokenState(
+ tab, CertError::NONE, AuthState::RAN_INSECURE_CONTENT);
}
// Test that when the browser blocks displaying insecure content (images), the
@@ -1567,8 +1647,8 @@ IN_PROC_BROWSER_TEST_F(SSLUITestBlock, TestBlockDisplayingInsecureImage) {
ui_test_utils::NavigateToURL(browser(),
https_server_.GetURL(replacement_path));
- CheckAuthenticatedState(
- browser()->tab_strip_model()->GetActiveWebContents(), false);
+ CheckAuthenticatedState(browser()->tab_strip_model()->GetActiveWebContents(),
+ AuthState::NONE);
}
// Test that when the browser blocks displaying insecure content (iframes), the
@@ -1587,11 +1667,10 @@ IN_PROC_BROWSER_TEST_F(SSLUITestBlock, TestBlockDisplayingInsecureIframe) {
ui_test_utils::NavigateToURL(browser(),
https_server_.GetURL(replacement_path));
- CheckAuthenticatedState(
- browser()->tab_strip_model()->GetActiveWebContents(), false);
+ CheckAuthenticatedState(browser()->tab_strip_model()->GetActiveWebContents(),
+ AuthState::NONE);
}
-
// Test that when the browser blocks running insecure content, the
// indicator shows a secure page, because the blocking made the otherwise
// unsafe page safe (the notification of this state is handled by other means).
@@ -1608,8 +1687,8 @@ IN_PROC_BROWSER_TEST_F(SSLUITestBlock, TestBlockRunningInsecureContent) {
ui_test_utils::NavigateToURL(browser(),
https_server_.GetURL(replacement_path));
- CheckAuthenticatedState(
- browser()->tab_strip_model()->GetActiveWebContents(), false);
+ CheckAuthenticatedState(browser()->tab_strip_model()->GetActiveWebContents(),
+ AuthState::NONE);
}
// Visit a page and establish a WebSocket connection over bad https with
@@ -1651,8 +1730,8 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, InterstitialNotAffectedByContentSettings) {
WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
ui_test_utils::NavigateToURL(browser(),
https_server_expired_.GetURL("files/ssl/google.html"));
- CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false,
- true); // Interstitial showing
+ CheckAuthenticationBrokenState(
+ tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
InterstitialPage* interstitial_page = tab->GetInterstitialPage();
content::RenderViewHost* interstitial_rvh =
« no previous file with comments | « no previous file | content/browser/ssl/ssl_policy.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698