OLD | NEW |
---|---|
1 // Copyright 2012 The Chromium Authors. All rights reserved. | 1 // Copyright 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/ui/browser.h" | 5 #include "chrome/browser/ui/browser.h" |
6 | 6 |
7 #include <stddef.h> | 7 #include <stddef.h> |
8 #include <stdint.h> | 8 #include <stdint.h> |
9 | 9 |
10 #include <memory> | 10 #include <memory> |
11 #include <string> | 11 #include <string> |
12 | 12 |
13 #include "base/bind.h" | 13 #include "base/bind.h" |
14 #include "base/command_line.h" | 14 #include "base/command_line.h" |
15 #include "base/compiler_specific.h" | 15 #include "base/compiler_specific.h" |
16 #include "base/files/file_path.h" | 16 #include "base/files/file_path.h" |
17 #include "base/location.h" | 17 #include "base/location.h" |
18 #include "base/macros.h" | 18 #include "base/macros.h" |
19 #include "base/memory/ref_counted.h" | |
19 #include "base/message_loop/message_loop.h" | 20 #include "base/message_loop/message_loop.h" |
20 #include "base/strings/string_split.h" | 21 #include "base/strings/string_split.h" |
21 #include "base/strings/utf_string_conversions.h" | 22 #include "base/strings/utf_string_conversions.h" |
22 #include "base/sys_info.h" | 23 #include "base/sys_info.h" |
24 #include "base/threading/sequenced_worker_pool.h" | |
23 #include "build/build_config.h" | 25 #include "build/build_config.h" |
24 #include "chrome/app/chrome_command_ids.h" | 26 #include "chrome/app/chrome_command_ids.h" |
25 #include "chrome/browser/chrome_content_browser_client.h" | 27 #include "chrome/browser/chrome_content_browser_client.h" |
26 #include "chrome/browser/chrome_notification_types.h" | 28 #include "chrome/browser/chrome_notification_types.h" |
27 #include "chrome/browser/command_updater.h" | 29 #include "chrome/browser/command_updater.h" |
28 #include "chrome/browser/defaults.h" | 30 #include "chrome/browser/defaults.h" |
29 #include "chrome/browser/devtools/devtools_window_testing.h" | 31 #include "chrome/browser/devtools/devtools_window_testing.h" |
30 #include "chrome/browser/extensions/extension_browsertest.h" | 32 #include "chrome/browser/extensions/extension_browsertest.h" |
31 #include "chrome/browser/extensions/extension_service.h" | 33 #include "chrome/browser/extensions/extension_service.h" |
32 #include "chrome/browser/extensions/extension_util.h" | 34 #include "chrome/browser/extensions/extension_util.h" |
(...skipping 65 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
98 #include "content/public/common/url_constants.h" | 100 #include "content/public/common/url_constants.h" |
99 #include "content/public/test/browser_test_utils.h" | 101 #include "content/public/test/browser_test_utils.h" |
100 #include "content/public/test/test_navigation_observer.h" | 102 #include "content/public/test/test_navigation_observer.h" |
101 #include "extensions/browser/extension_registry.h" | 103 #include "extensions/browser/extension_registry.h" |
102 #include "extensions/browser/extension_system.h" | 104 #include "extensions/browser/extension_system.h" |
103 #include "extensions/browser/uninstall_reason.h" | 105 #include "extensions/browser/uninstall_reason.h" |
104 #include "extensions/common/constants.h" | 106 #include "extensions/common/constants.h" |
105 #include "extensions/common/extension.h" | 107 #include "extensions/common/extension.h" |
106 #include "extensions/common/extension_set.h" | 108 #include "extensions/common/extension_set.h" |
107 #include "net/base/net_errors.h" | 109 #include "net/base/net_errors.h" |
110 #include "net/base/test_data_directory.h" | |
111 #include "net/cert/x509_certificate.h" | |
108 #include "net/dns/mock_host_resolver.h" | 112 #include "net/dns/mock_host_resolver.h" |
113 #include "net/ssl/ssl_cipher_suite_names.h" | |
114 #include "net/ssl/ssl_connection_status_flags.h" | |
115 #include "net/test/cert_test_util.h" | |
109 #include "net/test/embedded_test_server/embedded_test_server.h" | 116 #include "net/test/embedded_test_server/embedded_test_server.h" |
110 #include "net/test/embedded_test_server/request_handler_util.h" | 117 #include "net/test/embedded_test_server/request_handler_util.h" |
111 #include "net/test/spawned_test_server/spawned_test_server.h" | 118 #include "net/test/spawned_test_server/spawned_test_server.h" |
112 #include "net/test/url_request/url_request_mock_http_job.h" | 119 #include "net/test/url_request/url_request_mock_http_job.h" |
113 #include "net/url_request/url_request_filter.h" | 120 #include "net/url_request/url_request_filter.h" |
114 #include "net/url_request/url_request_test_util.h" | 121 #include "net/url_request/url_request_test_util.h" |
115 #include "ui/base/l10n/l10n_util.h" | 122 #include "ui/base/l10n/l10n_util.h" |
116 #include "ui/base/page_transition_types.h" | 123 #include "ui/base/page_transition_types.h" |
117 | 124 |
118 #if defined(OS_MACOSX) | 125 #if defined(OS_MACOSX) |
(...skipping 2967 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
3086 EXPECT_EQ(0u, observer.latest_explanations().broken_explanations.size()); | 3093 EXPECT_EQ(0u, observer.latest_explanations().broken_explanations.size()); |
3087 CheckSecureExplanations(observer.latest_explanations().secure_explanations, | 3094 CheckSecureExplanations(observer.latest_explanations().secure_explanations, |
3088 VALID_CERTIFICATE, browser()); | 3095 VALID_CERTIFICATE, browser()); |
3089 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); | 3096 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); |
3090 EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content); | 3097 EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content); |
3091 EXPECT_FALSE(observer.latest_explanations().ran_insecure_content); | 3098 EXPECT_FALSE(observer.latest_explanations().ran_insecure_content); |
3092 } | 3099 } |
3093 | 3100 |
3094 namespace { | 3101 namespace { |
3095 | 3102 |
3103 // After AddNonsecureUrlHandler() is called, requests to this hostname | |
3104 // will use obsolete TLS settings. | |
3105 const char kMockNonsecureHostname[] = "example-nonsecure.test"; | |
3106 | |
3107 // A URLRequestMockHTTPJob that mocks a TLS connection with an obsolete | |
3108 // protocol version. | |
3109 class URLRequestObsoleteTLSJob : public net::URLRequestMockHTTPJob { | |
3110 public: | |
3111 URLRequestObsoleteTLSJob(net::URLRequest* request, | |
3112 net::NetworkDelegate* network_delegate, | |
3113 const base::FilePath& file_path, | |
3114 const scoped_refptr<net::X509Certificate>& cert, | |
3115 const scoped_refptr<base::TaskRunner>& task_runner) | |
davidben
2016/04/29 21:22:49
As of recently, const scoped_refptr<T>& is dead!!!
estark
2016/04/29 22:09:56
Done.
| |
3116 : net::URLRequestMockHTTPJob(request, | |
3117 network_delegate, | |
3118 file_path, | |
3119 task_runner), | |
3120 cert_(cert) {} | |
3121 | |
3122 void GetResponseInfo(net::HttpResponseInfo* info) override { | |
3123 net::URLRequestMockHTTPJob::GetResponseInfo(info); | |
3124 info->ssl_info.connection_status = (net::SSL_CONNECTION_VERSION_TLS1_1 | |
3125 << net::SSL_CONNECTION_VERSION_SHIFT); | |
davidben
2016/04/29 21:22:49
net::SSLConnectionStatusSetVersion?
estark
2016/04/29 22:09:56
Done.
| |
3126 const uint16_t kTlsEcdheRsaWithAes128GcmSha256 = 0xc02f; | |
3127 net::SSLConnectionStatusSetCipherSuite(kTlsEcdheRsaWithAes128GcmSha256, | |
3128 &info->ssl_info.connection_status); | |
davidben
2016/04/29 21:22:49
This is kind of weird. That pair isn't actually po
estark
2016/04/29 22:09:56
Done.
| |
3129 info->ssl_info.cert = cert_; | |
3130 } | |
3131 | |
3132 protected: | |
3133 ~URLRequestObsoleteTLSJob() override {} | |
3134 | |
3135 private: | |
3136 const scoped_refptr<net::X509Certificate> cert_; | |
3137 | |
3138 DISALLOW_COPY_AND_ASSIGN(URLRequestObsoleteTLSJob); | |
3139 }; | |
3140 | |
3141 // A URLRequestInterceptor that handles requests with | |
3142 // URLRequestObsoleteTLSJob jobs. | |
3143 class URLRequestNonsecureInterceptor : public net::URLRequestInterceptor { | |
davidben
2016/04/29 21:22:49
I'm not especially familiar with all the mess arou
mmenke
2016/04/29 21:26:49
Yea, I reviewed this mess. And certainly agree it
| |
3144 public: | |
3145 URLRequestNonsecureInterceptor( | |
3146 const base::FilePath& base_path, | |
3147 const scoped_refptr<base::SequencedWorkerPool>& worker_pool, | |
davidben
2016/04/29 21:22:49
Ditto about const-ref of scoped_refptr nightmares.
estark
2016/04/29 22:09:56
Done.
| |
3148 const scoped_refptr<net::X509Certificate>& cert) | |
3149 : base_path_(base_path), worker_pool_(worker_pool), cert_(cert) {} | |
3150 | |
3151 ~URLRequestNonsecureInterceptor() override {} | |
3152 | |
3153 // net::URLRequestInterceptor: | |
3154 net::URLRequestJob* MaybeInterceptRequest( | |
3155 net::URLRequest* request, | |
3156 net::NetworkDelegate* network_delegate) const override { | |
3157 return new URLRequestObsoleteTLSJob( | |
3158 request, network_delegate, base_path_, cert_, | |
3159 worker_pool_->GetTaskRunnerWithShutdownBehavior( | |
3160 base::SequencedWorkerPool::SKIP_ON_SHUTDOWN)); | |
3161 } | |
3162 | |
3163 private: | |
3164 const base::FilePath base_path_; | |
3165 const scoped_refptr<base::SequencedWorkerPool> worker_pool_; | |
3166 const scoped_refptr<net::X509Certificate> cert_; | |
3167 | |
3168 DISALLOW_COPY_AND_ASSIGN(URLRequestNonsecureInterceptor); | |
3169 }; | |
3170 | |
3171 // Installs a handler to serve HTTPS requests to | |
3172 // |kMockNonsecureHostname| with connections that have obsolete TLS | |
3173 // settings. | |
3174 void AddNonsecureUrlHandler( | |
3175 const base::FilePath& base_path, | |
3176 const scoped_refptr<net::X509Certificate>& cert, | |
3177 const scoped_refptr<base::SequencedWorkerPool>& worker_pool) { | |
3178 net::URLRequestFilter* filter = net::URLRequestFilter::GetInstance(); | |
3179 filter->AddHostnameInterceptor( | |
3180 "https", kMockNonsecureHostname, | |
3181 std::unique_ptr<net::URLRequestInterceptor>( | |
3182 new URLRequestNonsecureInterceptor(base_path, worker_pool, cert))); | |
3183 } | |
3184 | |
3096 class BrowserTestNonsecureURLRequest : public BrowserTest { | 3185 class BrowserTestNonsecureURLRequest : public BrowserTest { |
3097 public: | 3186 public: |
3098 BrowserTestNonsecureURLRequest() : BrowserTest() {} | 3187 BrowserTestNonsecureURLRequest() : BrowserTest(), cert_(nullptr) {} |
3188 | |
3189 void SetUpInProcessBrowserTestFixture() override { | |
3190 cert_ = | |
3191 net::ImportCertFromFile(net::GetTestCertsDirectory(), "ok_cert.pem"); | |
davidben
2016/04/29 21:22:49
Nit: Might be worth an ASSERT_TRUE(cert_) since th
estark
2016/04/29 22:09:56
Done.
| |
3192 } | |
3193 | |
3099 void SetUpOnMainThread() override { | 3194 void SetUpOnMainThread() override { |
3100 base::FilePath root_http; | 3195 base::FilePath serve_file; |
3101 PathService::Get(chrome::DIR_TEST_DATA, &root_http); | 3196 PathService::Get(chrome::DIR_TEST_DATA, &serve_file); |
3197 serve_file = serve_file.Append(FILE_PATH_LITERAL("title1.html")); | |
3102 content::BrowserThread::PostTask( | 3198 content::BrowserThread::PostTask( |
3103 content::BrowserThread::IO, FROM_HERE, | 3199 content::BrowserThread::IO, FROM_HERE, |
3104 base::Bind( | 3200 base::Bind( |
3105 &net::URLRequestMockHTTPJob::AddUrlHandlers, root_http, | 3201 &AddNonsecureUrlHandler, serve_file, cert_, |
3106 make_scoped_refptr(content::BrowserThread::GetBlockingPool()))); | 3202 make_scoped_refptr(content::BrowserThread::GetBlockingPool()))); |
3107 } | 3203 } |
3108 | 3204 |
3109 private: | 3205 private: |
3206 scoped_refptr<net::X509Certificate> cert_; | |
3207 | |
3110 DISALLOW_COPY_AND_ASSIGN(BrowserTestNonsecureURLRequest); | 3208 DISALLOW_COPY_AND_ASSIGN(BrowserTestNonsecureURLRequest); |
3111 }; | 3209 }; |
3112 | 3210 |
3113 } // namespace | 3211 } // namespace |
3114 | 3212 |
3115 // Tests that a nonsecure connection does not get a secure connection | 3213 // Tests that a connection with obsolete TLS settings does not get a |
3116 // explanation. | 3214 // secure connection explanation. |
3117 IN_PROC_BROWSER_TEST_F(BrowserTestNonsecureURLRequest, | 3215 IN_PROC_BROWSER_TEST_F(BrowserTestNonsecureURLRequest, |
3118 SecurityStyleChangedObserverNonsecureConnection) { | 3216 SecurityStyleChangedObserverNonsecureConnection) { |
3119 content::WebContents* web_contents = | 3217 content::WebContents* web_contents = |
3120 browser()->tab_strip_model()->GetActiveWebContents(); | 3218 browser()->tab_strip_model()->GetActiveWebContents(); |
3121 SecurityStyleTestObserver observer(web_contents); | 3219 SecurityStyleTestObserver observer(web_contents); |
3122 | 3220 |
3123 ui_test_utils::NavigateToURL( | 3221 ui_test_utils::NavigateToURL( |
3124 browser(), net::URLRequestMockHTTPJob::GetMockHttpsUrl(std::string())); | 3222 browser(), GURL(std::string("https://") + kMockNonsecureHostname)); |
3223 | |
3224 // The security style of the page doesn't get downgraded for obsolete | |
3225 // TLS settings, so it should remain at SECURITY_STYLE_AUTHENTICATED. | |
3226 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATED, | |
3227 observer.latest_security_style()); | |
3228 | |
3229 // The messages explaining the security style do, however, get | |
3230 // downgraded: SECURE_PROTOCOL_AND_CIPHERSUITE should not show up when | |
3231 // the TLS settings are obsolete. | |
3125 for (const auto& explanation : | 3232 for (const auto& explanation : |
3126 observer.latest_explanations().secure_explanations) { | 3233 observer.latest_explanations().secure_explanations) { |
3127 EXPECT_NE(l10n_util::GetStringUTF8(IDS_SECURE_PROTOCOL_AND_CIPHERSUITE), | 3234 EXPECT_NE(l10n_util::GetStringUTF8(IDS_SECURE_PROTOCOL_AND_CIPHERSUITE), |
3128 explanation.summary); | 3235 explanation.summary); |
3129 } | 3236 } |
3130 } | 3237 } |
3131 | 3238 |
3132 namespace { | 3239 namespace { |
3133 class JSBooleanResultGetter { | 3240 class JSBooleanResultGetter { |
3134 public: | 3241 public: |
(...skipping 142 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
3277 Browser* browser = new Browser(params); | 3384 Browser* browser = new Browser(params); |
3278 gfx::Rect bounds = browser->window()->GetBounds(); | 3385 gfx::Rect bounds = browser->window()->GetBounds(); |
3279 | 3386 |
3280 // Should be EXPECT_EQ, but this width is inconsistent across platforms. | 3387 // Should be EXPECT_EQ, but this width is inconsistent across platforms. |
3281 // See https://crbug.com/567925. | 3388 // See https://crbug.com/567925. |
3282 EXPECT_GE(bounds.width(), 100); | 3389 EXPECT_GE(bounds.width(), 100); |
3283 EXPECT_EQ(122, bounds.height()); | 3390 EXPECT_EQ(122, bounds.height()); |
3284 browser->window()->Close(); | 3391 browser->window()->Close(); |
3285 } | 3392 } |
3286 } | 3393 } |
OLD | NEW |