OLD | NEW |
---|---|
1 // Copyright 2012 The Chromium Authors. All rights reserved. | 1 // Copyright 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/ui/browser.h" | 5 #include "chrome/browser/ui/browser.h" |
6 | 6 |
7 #include <stddef.h> | 7 #include <stddef.h> |
8 #include <stdint.h> | 8 #include <stdint.h> |
9 | 9 |
10 #include <memory> | 10 #include <memory> |
(...skipping 87 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
98 #include "content/public/common/url_constants.h" | 98 #include "content/public/common/url_constants.h" |
99 #include "content/public/test/browser_test_utils.h" | 99 #include "content/public/test/browser_test_utils.h" |
100 #include "content/public/test/test_navigation_observer.h" | 100 #include "content/public/test/test_navigation_observer.h" |
101 #include "extensions/browser/extension_registry.h" | 101 #include "extensions/browser/extension_registry.h" |
102 #include "extensions/browser/extension_system.h" | 102 #include "extensions/browser/extension_system.h" |
103 #include "extensions/browser/uninstall_reason.h" | 103 #include "extensions/browser/uninstall_reason.h" |
104 #include "extensions/common/constants.h" | 104 #include "extensions/common/constants.h" |
105 #include "extensions/common/extension.h" | 105 #include "extensions/common/extension.h" |
106 #include "extensions/common/extension_set.h" | 106 #include "extensions/common/extension_set.h" |
107 #include "net/base/net_errors.h" | 107 #include "net/base/net_errors.h" |
108 #include "net/base/test_data_directory.h" | |
108 #include "net/dns/mock_host_resolver.h" | 109 #include "net/dns/mock_host_resolver.h" |
110 #include "net/ssl/ssl_cipher_suite_names.h" | |
111 #include "net/ssl/ssl_connection_status_flags.h" | |
112 #include "net/test/cert_test_util.h" | |
109 #include "net/test/embedded_test_server/embedded_test_server.h" | 113 #include "net/test/embedded_test_server/embedded_test_server.h" |
110 #include "net/test/embedded_test_server/request_handler_util.h" | 114 #include "net/test/embedded_test_server/request_handler_util.h" |
111 #include "net/test/spawned_test_server/spawned_test_server.h" | 115 #include "net/test/spawned_test_server/spawned_test_server.h" |
112 #include "net/test/url_request/url_request_mock_http_job.h" | 116 #include "net/test/url_request/url_request_mock_http_job.h" |
113 #include "net/url_request/url_request_filter.h" | 117 #include "net/url_request/url_request_filter.h" |
114 #include "net/url_request/url_request_test_util.h" | 118 #include "net/url_request/url_request_test_util.h" |
115 #include "ui/base/l10n/l10n_util.h" | 119 #include "ui/base/l10n/l10n_util.h" |
116 #include "ui/base/page_transition_types.h" | 120 #include "ui/base/page_transition_types.h" |
117 | 121 |
118 #if defined(OS_MACOSX) | 122 #if defined(OS_MACOSX) |
(...skipping 2967 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
3086 EXPECT_EQ(0u, observer.latest_explanations().broken_explanations.size()); | 3090 EXPECT_EQ(0u, observer.latest_explanations().broken_explanations.size()); |
3087 CheckSecureExplanations(observer.latest_explanations().secure_explanations, | 3091 CheckSecureExplanations(observer.latest_explanations().secure_explanations, |
3088 VALID_CERTIFICATE, browser()); | 3092 VALID_CERTIFICATE, browser()); |
3089 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); | 3093 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); |
3090 EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content); | 3094 EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content); |
3091 EXPECT_FALSE(observer.latest_explanations().ran_insecure_content); | 3095 EXPECT_FALSE(observer.latest_explanations().ran_insecure_content); |
3092 } | 3096 } |
3093 | 3097 |
3094 namespace { | 3098 namespace { |
3095 | 3099 |
3100 // After AddNonsecureUrlHandlers() is called, requests to this hostname | |
3101 // will use obsolete TLS settings. | |
3102 const char kMockNonsecureHostname[] = "example-nonsecure.test"; | |
3103 | |
3104 // A URLRequestMockHTTPJob that mocks a TLS connection with an obsolete | |
3105 // protocol version. | |
3106 class URLRequestNonsecureConnection : public net::URLRequestMockHTTPJob { | |
mmenke
2016/04/27 20:19:44
While you're here, mind renaming this to "URLReque
estark
2016/04/27 22:39:36
Done.
| |
3107 public: | |
3108 URLRequestNonsecureConnection( | |
3109 net::URLRequest* request, | |
3110 net::NetworkDelegate* network_delegate, | |
3111 const base::FilePath& file_path, | |
3112 const scoped_refptr<net::X509Certificate>& cert, | |
3113 const scoped_refptr<base::TaskRunner>& task_runner) | |
3114 : net::URLRequestMockHTTPJob(request, | |
3115 network_delegate, | |
3116 file_path, | |
3117 task_runner), | |
3118 cert_(cert) {} | |
3119 | |
3120 void GetResponseInfo(net::HttpResponseInfo* info) override { | |
3121 net::URLRequestMockHTTPJob::GetResponseInfo(info); | |
3122 info->ssl_info.connection_status = (net::SSL_CONNECTION_VERSION_TLS1_1 | |
3123 << net::SSL_CONNECTION_VERSION_SHIFT); | |
3124 const uint16_t kTLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0xc02f; | |
mmenke
2016/04/27 20:19:44
naming style here is wrong.
As a constant, should
estark
2016/04/27 22:39:36
Done.
| |
3125 net::SSLConnectionStatusSetCipherSuite( | |
3126 kTLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, | |
3127 &info->ssl_info.connection_status); | |
3128 info->ssl_info.cert = cert_; | |
3129 } | |
3130 | |
3131 protected: | |
3132 ~URLRequestNonsecureConnection() override {} | |
3133 | |
3134 private: | |
3135 const scoped_refptr<net::X509Certificate> cert_; | |
mmenke
2016/04/27 20:19:44
include ref_counted.h and net/cert/x509_certificat
estark
2016/04/27 22:39:35
Done.
| |
3136 DISALLOW_COPY_AND_ASSIGN(URLRequestNonsecureConnection); | |
mmenke
2016/04/27 20:19:44
nit: Blank line before DISALLOW_COPY_AND_ASSIGN
estark
2016/04/27 22:39:35
Done.
| |
3137 }; | |
3138 | |
3139 // A URLRequestInterceptor that handles requests with | |
3140 // URLRequestNonsecureConnection jobs. | |
3141 class URLRequestNonsecureInterceptor : public net::URLRequestInterceptor { | |
3142 public: | |
3143 URLRequestNonsecureInterceptor( | |
3144 const base::FilePath& base_path, | |
3145 const scoped_refptr<base::SequencedWorkerPool>& worker_pool, | |
3146 const scoped_refptr<net::X509Certificate>& cert) | |
3147 : base_path_(base_path), worker_pool_(worker_pool), cert_(cert) {} | |
3148 | |
3149 ~URLRequestNonsecureInterceptor() override {} | |
3150 | |
3151 // net::URLRequestInterceptor: | |
3152 net::URLRequestJob* MaybeInterceptRequest( | |
3153 net::URLRequest* request, | |
3154 net::NetworkDelegate* network_delegate) const override { | |
3155 return new URLRequestNonsecureConnection( | |
3156 request, network_delegate, base_path_, cert_, | |
3157 worker_pool_->GetTaskRunnerWithShutdownBehavior( | |
3158 base::SequencedWorkerPool::SKIP_ON_SHUTDOWN)); | |
3159 } | |
3160 | |
3161 private: | |
3162 base::FilePath base_path_; | |
mmenke
2016/04/27 20:19:44
const?
mmenke
2016/04/27 20:19:44
need to include file_path.h
estark
2016/04/27 22:39:35
it's already included
estark
2016/04/27 22:39:36
Done.
| |
3163 const scoped_refptr<base::SequencedWorkerPool> worker_pool_; | |
mmenke
2016/04/27 20:19:44
Should include the SequencedWorkerPool header
estark
2016/04/27 22:39:35
Done.
| |
3164 const scoped_refptr<net::X509Certificate> cert_; | |
3165 DISALLOW_COPY_AND_ASSIGN(URLRequestNonsecureInterceptor); | |
mmenke
2016/04/27 20:19:44
nit: Blank line before DISALLOW_COPY_AND_ASSIGN
estark
2016/04/27 22:39:35
Done.
| |
3166 }; | |
3167 | |
3168 // Installs a handler to serve HTTPS requests to | |
3169 // |kMockNonsecureHostname| with connections that have obsolete TLS | |
3170 // settings. | |
3171 void AddNonsecureUrlHandlers( | |
mmenke
2016/04/27 20:19:44
nit: Handlers -> Handler
estark
2016/04/27 22:39:35
Done.
| |
3172 const base::FilePath& base_path, | |
3173 const scoped_refptr<net::X509Certificate>& cert, | |
3174 const scoped_refptr<base::SequencedWorkerPool>& worker_pool) { | |
3175 net::URLRequestFilter* filter = net::URLRequestFilter::GetInstance(); | |
3176 filter->AddHostnameInterceptor( | |
3177 "https", kMockNonsecureHostname, | |
3178 std::unique_ptr<net::URLRequestInterceptor>( | |
3179 new URLRequestNonsecureInterceptor(base_path, worker_pool, cert))); | |
3180 } | |
3181 | |
3096 class BrowserTestNonsecureURLRequest : public BrowserTest { | 3182 class BrowserTestNonsecureURLRequest : public BrowserTest { |
3097 public: | 3183 public: |
3098 BrowserTestNonsecureURLRequest() : BrowserTest() {} | 3184 BrowserTestNonsecureURLRequest() : BrowserTest(), cert_(nullptr) {} |
3185 | |
3186 void SetUpInProcessBrowserTestFixture() override { | |
3187 cert_ = | |
3188 net::ImportCertFromFile(net::GetTestCertsDirectory(), "ok_cert.pem"); | |
mmenke
2016/04/27 20:19:44
Is there some reason this can't just be done in th
estark
2016/04/27 22:39:35
Yeah, I did it this way because it complained abou
| |
3189 } | |
3190 | |
3099 void SetUpOnMainThread() override { | 3191 void SetUpOnMainThread() override { |
3100 base::FilePath root_http; | 3192 base::FilePath serve_file; |
3101 PathService::Get(chrome::DIR_TEST_DATA, &root_http); | 3193 PathService::Get(chrome::DIR_TEST_DATA, &serve_file); |
3194 serve_file = serve_file.Append(FILE_PATH_LITERAL("title1.html")); | |
3102 content::BrowserThread::PostTask( | 3195 content::BrowserThread::PostTask( |
3103 content::BrowserThread::IO, FROM_HERE, | 3196 content::BrowserThread::IO, FROM_HERE, |
3104 base::Bind( | 3197 base::Bind( |
3105 &net::URLRequestMockHTTPJob::AddUrlHandlers, root_http, | 3198 &AddNonsecureUrlHandlers, serve_file, cert_, |
3106 make_scoped_refptr(content::BrowserThread::GetBlockingPool()))); | 3199 make_scoped_refptr(content::BrowserThread::GetBlockingPool()))); |
3107 } | 3200 } |
3108 | 3201 |
3109 private: | 3202 private: |
3203 scoped_refptr<net::X509Certificate> cert_; | |
3110 DISALLOW_COPY_AND_ASSIGN(BrowserTestNonsecureURLRequest); | 3204 DISALLOW_COPY_AND_ASSIGN(BrowserTestNonsecureURLRequest); |
3111 }; | 3205 }; |
3112 | 3206 |
3113 } // namespace | 3207 } // namespace |
3114 | 3208 |
3115 // Tests that a nonsecure connection does not get a secure connection | 3209 // Tests that a connection with obsolete TLS settings does not get a |
3116 // explanation. | 3210 // secure connection explanation. |
3117 IN_PROC_BROWSER_TEST_F(BrowserTestNonsecureURLRequest, | 3211 IN_PROC_BROWSER_TEST_F(BrowserTestNonsecureURLRequest, |
3118 SecurityStyleChangedObserverNonsecureConnection) { | 3212 SecurityStyleChangedObserverNonsecureConnection) { |
3119 content::WebContents* web_contents = | 3213 content::WebContents* web_contents = |
3120 browser()->tab_strip_model()->GetActiveWebContents(); | 3214 browser()->tab_strip_model()->GetActiveWebContents(); |
3121 SecurityStyleTestObserver observer(web_contents); | 3215 SecurityStyleTestObserver observer(web_contents); |
3122 | 3216 |
3123 ui_test_utils::NavigateToURL( | 3217 ui_test_utils::NavigateToURL( |
3124 browser(), net::URLRequestMockHTTPJob::GetMockHttpsUrl(std::string())); | 3218 browser(), GURL(std::string("https://") + kMockNonsecureHostname)); |
3219 | |
3220 // The security style of the page doesn't get downgraded for obsolete | |
3221 // TLS settings, so it should remain at SECURITY_STYLE_AUTHENTICATED. | |
3222 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATED, | |
3223 observer.latest_security_style()); | |
mmenke
2016/04/27 20:19:44
I think you really need to have an SSL expert revi
| |
3224 | |
3225 // The messages explaining the security style do, however, get | |
3226 // downgraded: SECURE_PROTOCOL_AND_CIPHERSUITE should not show up when | |
3227 // the TLS settings are obsolete. | |
3125 for (const auto& explanation : | 3228 for (const auto& explanation : |
3126 observer.latest_explanations().secure_explanations) { | 3229 observer.latest_explanations().secure_explanations) { |
3127 EXPECT_NE(l10n_util::GetStringUTF8(IDS_SECURE_PROTOCOL_AND_CIPHERSUITE), | 3230 EXPECT_NE(l10n_util::GetStringUTF8(IDS_SECURE_PROTOCOL_AND_CIPHERSUITE), |
3128 explanation.summary); | 3231 explanation.summary); |
3129 } | 3232 } |
3130 } | 3233 } |
3131 | 3234 |
3132 namespace { | 3235 namespace { |
3133 class JSBooleanResultGetter { | 3236 class JSBooleanResultGetter { |
3134 public: | 3237 public: |
(...skipping 142 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
3277 Browser* browser = new Browser(params); | 3380 Browser* browser = new Browser(params); |
3278 gfx::Rect bounds = browser->window()->GetBounds(); | 3381 gfx::Rect bounds = browser->window()->GetBounds(); |
3279 | 3382 |
3280 // Should be EXPECT_EQ, but this width is inconsistent across platforms. | 3383 // Should be EXPECT_EQ, but this width is inconsistent across platforms. |
3281 // See https://crbug.com/567925. | 3384 // See https://crbug.com/567925. |
3282 EXPECT_GE(bounds.width(), 100); | 3385 EXPECT_GE(bounds.width(), 100); |
3283 EXPECT_EQ(122, bounds.height()); | 3386 EXPECT_EQ(122, bounds.height()); |
3284 browser->window()->Close(); | 3387 browser->window()->Close(); |
3285 } | 3388 } |
3286 } | 3389 } |
OLD | NEW |