Chromium Code Reviews Chromium Code Reviews
Issue 1919773005:
Fix SecurityStyleChangedObserverNonsecureConnection test (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2012 The Chromium Authors. All rights reserved. | 1 // Copyright 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/ui/browser.h" | 5 #include "chrome/browser/ui/browser.h" |
| 6 | 6 |
| 7 #include <stddef.h> | 7 #include <stddef.h> |
| 8 #include <stdint.h> | 8 #include <stdint.h> |
| 9 | 9 |
| 10 #include <memory> | 10 #include <memory> |
| 11 #include <string> | 11 #include <string> |
| 12 | 12 |
| 13 #include "base/bind.h" | 13 #include "base/bind.h" |
| 14 #include "base/command_line.h" | 14 #include "base/command_line.h" |
| 15 #include "base/compiler_specific.h" | 15 #include "base/compiler_specific.h" |
| 16 #include "base/files/file_path.h" | 16 #include "base/files/file_path.h" |
| 17 #include "base/location.h" | 17 #include "base/location.h" |
| 18 #include "base/macros.h" | 18 #include "base/macros.h" |
| 19 #include "base/memory/ref_counted.h" | |
| 19 #include "base/message_loop/message_loop.h" | 20 #include "base/message_loop/message_loop.h" |
| 20 #include "base/strings/string_split.h" | 21 #include "base/strings/string_split.h" |
| 21 #include "base/strings/utf_string_conversions.h" | 22 #include "base/strings/utf_string_conversions.h" |
| 22 #include "base/sys_info.h" | 23 #include "base/sys_info.h" |
| 24 #include "base/threading/sequenced_worker_pool.h" | |
| 23 #include "build/build_config.h" | 25 #include "build/build_config.h" |
| 24 #include "chrome/app/chrome_command_ids.h" | 26 #include "chrome/app/chrome_command_ids.h" |
| 25 #include "chrome/browser/chrome_content_browser_client.h" | 27 #include "chrome/browser/chrome_content_browser_client.h" |
| 26 #include "chrome/browser/chrome_notification_types.h" | 28 #include "chrome/browser/chrome_notification_types.h" |
| 27 #include "chrome/browser/command_updater.h" | 29 #include "chrome/browser/command_updater.h" |
| 28 #include "chrome/browser/defaults.h" | 30 #include "chrome/browser/defaults.h" |
| 29 #include "chrome/browser/devtools/devtools_window_testing.h" | 31 #include "chrome/browser/devtools/devtools_window_testing.h" |
| 30 #include "chrome/browser/extensions/extension_browsertest.h" | 32 #include "chrome/browser/extensions/extension_browsertest.h" |
| 31 #include "chrome/browser/extensions/extension_service.h" | 33 #include "chrome/browser/extensions/extension_service.h" |
| 32 #include "chrome/browser/extensions/extension_util.h" | 34 #include "chrome/browser/extensions/extension_util.h" |
| (...skipping 65 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 98 #include "content/public/common/url_constants.h" | 100 #include "content/public/common/url_constants.h" |
| 99 #include "content/public/test/browser_test_utils.h" | 101 #include "content/public/test/browser_test_utils.h" |
| 100 #include "content/public/test/test_navigation_observer.h" | 102 #include "content/public/test/test_navigation_observer.h" |
| 101 #include "extensions/browser/extension_registry.h" | 103 #include "extensions/browser/extension_registry.h" |
| 102 #include "extensions/browser/extension_system.h" | 104 #include "extensions/browser/extension_system.h" |
| 103 #include "extensions/browser/uninstall_reason.h" | 105 #include "extensions/browser/uninstall_reason.h" |
| 104 #include "extensions/common/constants.h" | 106 #include "extensions/common/constants.h" |
| 105 #include "extensions/common/extension.h" | 107 #include "extensions/common/extension.h" |
| 106 #include "extensions/common/extension_set.h" | 108 #include "extensions/common/extension_set.h" |
| 107 #include "net/base/net_errors.h" | 109 #include "net/base/net_errors.h" |
| 110 #include "net/base/test_data_directory.h" | |
| 111 #include "net/cert/x509_certificate.h" | |
| 108 #include "net/dns/mock_host_resolver.h" | 112 #include "net/dns/mock_host_resolver.h" |
| 113 #include "net/ssl/ssl_cipher_suite_names.h" | |
| 114 #include "net/ssl/ssl_connection_status_flags.h" | |
| 115 #include "net/test/cert_test_util.h" | |
| 109 #include "net/test/embedded_test_server/embedded_test_server.h" | 116 #include "net/test/embedded_test_server/embedded_test_server.h" |
| 110 #include "net/test/embedded_test_server/request_handler_util.h" | 117 #include "net/test/embedded_test_server/request_handler_util.h" |
| 111 #include "net/test/spawned_test_server/spawned_test_server.h" | 118 #include "net/test/spawned_test_server/spawned_test_server.h" |
| 112 #include "net/test/url_request/url_request_mock_http_job.h" | 119 #include "net/test/url_request/url_request_mock_http_job.h" |
| 113 #include "net/url_request/url_request_filter.h" | 120 #include "net/url_request/url_request_filter.h" |
| 114 #include "net/url_request/url_request_test_util.h" | 121 #include "net/url_request/url_request_test_util.h" |
| 115 #include "ui/base/l10n/l10n_util.h" | 122 #include "ui/base/l10n/l10n_util.h" |
| 116 #include "ui/base/page_transition_types.h" | 123 #include "ui/base/page_transition_types.h" |
| 117 | 124 |
| 118 #if defined(OS_MACOSX) | 125 #if defined(OS_MACOSX) |
| (...skipping 2967 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 3086 EXPECT_EQ(0u, observer.latest_explanations().broken_explanations.size()); | 3093 EXPECT_EQ(0u, observer.latest_explanations().broken_explanations.size()); |
| 3087 CheckSecureExplanations(observer.latest_explanations().secure_explanations, | 3094 CheckSecureExplanations(observer.latest_explanations().secure_explanations, |
| 3088 VALID_CERTIFICATE, browser()); | 3095 VALID_CERTIFICATE, browser()); |
| 3089 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); | 3096 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); |
| 3090 EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content); | 3097 EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content); |
| 3091 EXPECT_FALSE(observer.latest_explanations().ran_insecure_content); | 3098 EXPECT_FALSE(observer.latest_explanations().ran_insecure_content); |
| 3092 } | 3099 } |
| 3093 | 3100 |
| 3094 namespace { | 3101 namespace { |
| 3095 | 3102 |
| 3103 // After AddNonsecureUrlHandler() is called, requests to this hostname | |
| 3104 // will use obsolete TLS settings. | |
| 3105 const char kMockNonsecureHostname[] = "example-nonsecure.test"; | |
| 3106 | |
| 3107 // A URLRequestMockHTTPJob that mocks a TLS connection with an obsolete | |
| 3108 // protocol version. | |
| 3109 class URLRequestObsoleteTLSJob : public net::URLRequestMockHTTPJob { | |
| 3110 public: | |
| 3111 URLRequestObsoleteTLSJob(net::URLRequest* request, | |
| 3112 net::NetworkDelegate* network_delegate, | |
| 3113 const base::FilePath& file_path, | |
| 3114 const scoped_refptr<net::X509Certificate>& cert, | |
| 3115 const scoped_refptr<base::TaskRunner>& task_runner) | |
|
davidben
2016/04/29 21:22:49
As of recently, const scoped_refptr<T>& is dead!!!
estark
2016/04/29 22:09:56
Done.
| |
| 3116 : net::URLRequestMockHTTPJob(request, | |
| 3117 network_delegate, | |
| 3118 file_path, | |
| 3119 task_runner), | |
| 3120 cert_(cert) {} | |
| 3121 | |
| 3122 void GetResponseInfo(net::HttpResponseInfo* info) override { | |
| 3123 net::URLRequestMockHTTPJob::GetResponseInfo(info); | |
| 3124 info->ssl_info.connection_status = (net::SSL_CONNECTION_VERSION_TLS1_1 | |
| 3125 << net::SSL_CONNECTION_VERSION_SHIFT); | |
|
davidben
2016/04/29 21:22:49
net::SSLConnectionStatusSetVersion?
estark
2016/04/29 22:09:56
Done.
| |
| 3126 const uint16_t kTlsEcdheRsaWithAes128GcmSha256 = 0xc02f; | |
| 3127 net::SSLConnectionStatusSetCipherSuite(kTlsEcdheRsaWithAes128GcmSha256, | |
| 3128 &info->ssl_info.connection_status); | |
|
davidben
2016/04/29 21:22:49
This is kind of weird. That pair isn't actually po
estark
2016/04/29 22:09:56
Done.
| |
| 3129 info->ssl_info.cert = cert_; | |
| 3130 } | |
| 3131 | |
| 3132 protected: | |
| 3133 ~URLRequestObsoleteTLSJob() override {} | |
| 3134 | |
| 3135 private: | |
| 3136 const scoped_refptr<net::X509Certificate> cert_; | |
| 3137 | |
| 3138 DISALLOW_COPY_AND_ASSIGN(URLRequestObsoleteTLSJob); | |
| 3139 }; | |
| 3140 | |
| 3141 // A URLRequestInterceptor that handles requests with | |
| 3142 // URLRequestObsoleteTLSJob jobs. | |
| 3143 class URLRequestNonsecureInterceptor : public net::URLRequestInterceptor { | |
|
davidben
2016/04/29 21:22:49
I'm not especially familiar with all the mess arou
mmenke
2016/04/29 21:26:49
Yea, I reviewed this mess. And certainly agree it
| |
| 3144 public: | |
| 3145 URLRequestNonsecureInterceptor( | |
| 3146 const base::FilePath& base_path, | |
| 3147 const scoped_refptr<base::SequencedWorkerPool>& worker_pool, | |
|
davidben
2016/04/29 21:22:49
Ditto about const-ref of scoped_refptr nightmares.
estark
2016/04/29 22:09:56
Done.
| |
| 3148 const scoped_refptr<net::X509Certificate>& cert) | |
| 3149 : base_path_(base_path), worker_pool_(worker_pool), cert_(cert) {} | |
| 3150 | |
| 3151 ~URLRequestNonsecureInterceptor() override {} | |
| 3152 | |
| 3153 // net::URLRequestInterceptor: | |
| 3154 net::URLRequestJob* MaybeInterceptRequest( | |
| 3155 net::URLRequest* request, | |
| 3156 net::NetworkDelegate* network_delegate) const override { | |
| 3157 return new URLRequestObsoleteTLSJob( | |
| 3158 request, network_delegate, base_path_, cert_, | |
| 3159 worker_pool_->GetTaskRunnerWithShutdownBehavior( | |
| 3160 base::SequencedWorkerPool::SKIP_ON_SHUTDOWN)); | |
| 3161 } | |
| 3162 | |
| 3163 private: | |
| 3164 const base::FilePath base_path_; | |
| 3165 const scoped_refptr<base::SequencedWorkerPool> worker_pool_; | |
| 3166 const scoped_refptr<net::X509Certificate> cert_; | |
| 3167 | |
| 3168 DISALLOW_COPY_AND_ASSIGN(URLRequestNonsecureInterceptor); | |
| 3169 }; | |
| 3170 | |
| 3171 // Installs a handler to serve HTTPS requests to | |
| 3172 // |kMockNonsecureHostname| with connections that have obsolete TLS | |
| 3173 // settings. | |
| 3174 void AddNonsecureUrlHandler( | |
| 3175 const base::FilePath& base_path, | |
| 3176 const scoped_refptr<net::X509Certificate>& cert, | |
| 3177 const scoped_refptr<base::SequencedWorkerPool>& worker_pool) { | |
| 3178 net::URLRequestFilter* filter = net::URLRequestFilter::GetInstance(); | |
| 3179 filter->AddHostnameInterceptor( | |
| 3180 "https", kMockNonsecureHostname, | |
| 3181 std::unique_ptr<net::URLRequestInterceptor>( | |
| 3182 new URLRequestNonsecureInterceptor(base_path, worker_pool, cert))); | |
| 3183 } | |
| 3184 | |
| 3096 class BrowserTestNonsecureURLRequest : public BrowserTest { | 3185 class BrowserTestNonsecureURLRequest : public BrowserTest { |
| 3097 public: | 3186 public: |
| 3098 BrowserTestNonsecureURLRequest() : BrowserTest() {} | 3187 BrowserTestNonsecureURLRequest() : BrowserTest(), cert_(nullptr) {} |
| 3188 | |
| 3189 void SetUpInProcessBrowserTestFixture() override { | |
| 3190 cert_ = | |
| 3191 net::ImportCertFromFile(net::GetTestCertsDirectory(), "ok_cert.pem"); | |
|
davidben
2016/04/29 21:22:49
Nit: Might be worth an ASSERT_TRUE(cert_) since th
estark
2016/04/29 22:09:56
Done.
| |
| 3192 } | |
| 3193 | |
| 3099 void SetUpOnMainThread() override { | 3194 void SetUpOnMainThread() override { |
| 3100 base::FilePath root_http; | 3195 base::FilePath serve_file; |
| 3101 PathService::Get(chrome::DIR_TEST_DATA, &root_http); | 3196 PathService::Get(chrome::DIR_TEST_DATA, &serve_file); |
| 3197 serve_file = serve_file.Append(FILE_PATH_LITERAL("title1.html")); | |
| 3102 content::BrowserThread::PostTask( | 3198 content::BrowserThread::PostTask( |
| 3103 content::BrowserThread::IO, FROM_HERE, | 3199 content::BrowserThread::IO, FROM_HERE, |
| 3104 base::Bind( | 3200 base::Bind( |
| 3105 &net::URLRequestMockHTTPJob::AddUrlHandlers, root_http, | 3201 &AddNonsecureUrlHandler, serve_file, cert_, |
| 3106 make_scoped_refptr(content::BrowserThread::GetBlockingPool()))); | 3202 make_scoped_refptr(content::BrowserThread::GetBlockingPool()))); |
| 3107 } | 3203 } |
| 3108 | 3204 |
| 3109 private: | 3205 private: |
| 3206 scoped_refptr<net::X509Certificate> cert_; | |
| 3207 | |
| 3110 DISALLOW_COPY_AND_ASSIGN(BrowserTestNonsecureURLRequest); | 3208 DISALLOW_COPY_AND_ASSIGN(BrowserTestNonsecureURLRequest); |
| 3111 }; | 3209 }; |
| 3112 | 3210 |
| 3113 } // namespace | 3211 } // namespace |
| 3114 | 3212 |
| 3115 // Tests that a nonsecure connection does not get a secure connection | 3213 // Tests that a connection with obsolete TLS settings does not get a |
| 3116 // explanation. | 3214 // secure connection explanation. |
| 3117 IN_PROC_BROWSER_TEST_F(BrowserTestNonsecureURLRequest, | 3215 IN_PROC_BROWSER_TEST_F(BrowserTestNonsecureURLRequest, |
| 3118 SecurityStyleChangedObserverNonsecureConnection) { | 3216 SecurityStyleChangedObserverNonsecureConnection) { |
| 3119 content::WebContents* web_contents = | 3217 content::WebContents* web_contents = |
| 3120 browser()->tab_strip_model()->GetActiveWebContents(); | 3218 browser()->tab_strip_model()->GetActiveWebContents(); |
| 3121 SecurityStyleTestObserver observer(web_contents); | 3219 SecurityStyleTestObserver observer(web_contents); |
| 3122 | 3220 |
| 3123 ui_test_utils::NavigateToURL( | 3221 ui_test_utils::NavigateToURL( |
| 3124 browser(), net::URLRequestMockHTTPJob::GetMockHttpsUrl(std::string())); | 3222 browser(), GURL(std::string("https://") + kMockNonsecureHostname)); |
| 3223 | |
| 3224 // The security style of the page doesn't get downgraded for obsolete | |
| 3225 // TLS settings, so it should remain at SECURITY_STYLE_AUTHENTICATED. | |
| 3226 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATED, | |
| 3227 observer.latest_security_style()); | |
| 3228 | |
| 3229 // The messages explaining the security style do, however, get | |
| 3230 // downgraded: SECURE_PROTOCOL_AND_CIPHERSUITE should not show up when | |
| 3231 // the TLS settings are obsolete. | |
| 3125 for (const auto& explanation : | 3232 for (const auto& explanation : |
| 3126 observer.latest_explanations().secure_explanations) { | 3233 observer.latest_explanations().secure_explanations) { |
| 3127 EXPECT_NE(l10n_util::GetStringUTF8(IDS_SECURE_PROTOCOL_AND_CIPHERSUITE), | 3234 EXPECT_NE(l10n_util::GetStringUTF8(IDS_SECURE_PROTOCOL_AND_CIPHERSUITE), |
| 3128 explanation.summary); | 3235 explanation.summary); |
| 3129 } | 3236 } |
| 3130 } | 3237 } |
| 3131 | 3238 |
| 3132 namespace { | 3239 namespace { |
| 3133 class JSBooleanResultGetter { | 3240 class JSBooleanResultGetter { |
| 3134 public: | 3241 public: |
| (...skipping 142 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 3277 Browser* browser = new Browser(params); | 3384 Browser* browser = new Browser(params); |
| 3278 gfx::Rect bounds = browser->window()->GetBounds(); | 3385 gfx::Rect bounds = browser->window()->GetBounds(); |
| 3279 | 3386 |
| 3280 // Should be EXPECT_EQ, but this width is inconsistent across platforms. | 3387 // Should be EXPECT_EQ, but this width is inconsistent across platforms. |
| 3281 // See https://crbug.com/567925. | 3388 // See https://crbug.com/567925. |
| 3282 EXPECT_GE(bounds.width(), 100); | 3389 EXPECT_GE(bounds.width(), 100); |
| 3283 EXPECT_EQ(122, bounds.height()); | 3390 EXPECT_EQ(122, bounds.height()); |
| 3284 browser->window()->Close(); | 3391 browser->window()->Close(); |
| 3285 } | 3392 } |
| 3286 } | 3393 } |
| OLD | NEW |
