OLD | NEW |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/ssl/chrome_security_state_model_client.h" | 5 #include "chrome/browser/ssl/chrome_security_state_model_client.h" |
6 | 6 |
7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
8 #include "base/files/file_path.h" | 8 #include "base/files/file_path.h" |
9 #include "base/macros.h" | 9 #include "base/macros.h" |
10 #include "base/strings/string_split.h" | 10 #include "base/strings/string_split.h" |
(...skipping 323 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
334 SecurityStateModel::SECURITY_ERROR, | 334 SecurityStateModel::SECURITY_ERROR, |
335 SecurityStateModel::DEPRECATED_SHA1_MAJOR, | 335 SecurityStateModel::DEPRECATED_SHA1_MAJOR, |
336 SecurityStateModel::NO_MIXED_CONTENT, | 336 SecurityStateModel::NO_MIXED_CONTENT, |
337 false /* expect cert status error */); | 337 false /* expect cert status error */); |
338 } | 338 } |
339 | 339 |
340 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, MixedContent) { | 340 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, MixedContent) { |
341 ASSERT_TRUE(embedded_test_server()->Start()); | 341 ASSERT_TRUE(embedded_test_server()->Start()); |
342 ASSERT_TRUE(https_server_.Start()); | 342 ASSERT_TRUE(https_server_.Start()); |
343 SetUpMockCertVerifierForHttpsServer(0, net::OK); | 343 SetUpMockCertVerifierForHttpsServer(0, net::OK); |
| 344 host_resolver()->AddRule("example.test", |
| 345 https_server_.GetURL("/").host()); |
| 346 |
| 347 net::HostPortPair replacement_pair = embedded_test_server()->host_port_pair(); |
| 348 replacement_pair.set_host("example.test"); |
344 | 349 |
345 // Navigate to an HTTPS page that displays mixed content. | 350 // Navigate to an HTTPS page that displays mixed content. |
346 std::string replacement_path; | 351 std::string replacement_path; |
347 GetFilePathWithHostAndPortReplacement( | 352 GetFilePathWithHostAndPortReplacement( |
348 "/ssl/page_displays_insecure_content.html", | 353 "/ssl/page_displays_insecure_content.html", |
349 embedded_test_server()->host_port_pair(), &replacement_path); | 354 replacement_pair, &replacement_path); |
350 ui_test_utils::NavigateToURL(browser(), | 355 ui_test_utils::NavigateToURL(browser(), |
351 https_server_.GetURL(replacement_path)); | 356 https_server_.GetURL(replacement_path)); |
352 CheckSecurityInfoForSecure( | 357 CheckSecurityInfoForSecure( |
353 browser()->tab_strip_model()->GetActiveWebContents(), | 358 browser()->tab_strip_model()->GetActiveWebContents(), |
354 SecurityStateModel::NONE, SecurityStateModel::NO_DEPRECATED_SHA1, | 359 SecurityStateModel::NONE, SecurityStateModel::NO_DEPRECATED_SHA1, |
355 SecurityStateModel::DISPLAYED_MIXED_CONTENT, | 360 SecurityStateModel::DISPLAYED_MIXED_CONTENT, |
356 false /* expect cert status error */); | 361 false /* expect cert status error */); |
357 | 362 |
358 // Navigate to an HTTPS page that displays mixed content dynamically. | 363 // Navigate to an HTTPS page that displays mixed content dynamically. |
359 GetFilePathWithHostAndPortReplacement( | 364 GetFilePathWithHostAndPortReplacement( |
360 "/ssl/page_with_dynamic_insecure_content.html", | 365 "/ssl/page_with_dynamic_insecure_content.html", |
361 embedded_test_server()->host_port_pair(), &replacement_path); | 366 replacement_pair, &replacement_path); |
362 ui_test_utils::NavigateToURL(browser(), | 367 ui_test_utils::NavigateToURL(browser(), |
363 https_server_.GetURL(replacement_path)); | 368 https_server_.GetURL(replacement_path)); |
364 CheckSecurityInfoForSecure( | 369 CheckSecurityInfoForSecure( |
365 browser()->tab_strip_model()->GetActiveWebContents(), | 370 browser()->tab_strip_model()->GetActiveWebContents(), |
366 SecurityStateModel::SECURE, SecurityStateModel::NO_DEPRECATED_SHA1, | 371 SecurityStateModel::SECURE, SecurityStateModel::NO_DEPRECATED_SHA1, |
367 SecurityStateModel::NO_MIXED_CONTENT, | 372 SecurityStateModel::NO_MIXED_CONTENT, |
368 false /* expect cert status error */); | 373 false /* expect cert status error */); |
369 // Load the insecure image. | 374 // Load the insecure image. |
370 bool js_result = false; | 375 bool js_result = false; |
371 EXPECT_TRUE(content::ExecuteScriptAndExtractBool( | 376 EXPECT_TRUE(content::ExecuteScriptAndExtractBool( |
372 browser()->tab_strip_model()->GetActiveWebContents(), "loadBadImage();", | 377 browser()->tab_strip_model()->GetActiveWebContents(), "loadBadImage();", |
373 &js_result)); | 378 &js_result)); |
374 EXPECT_TRUE(js_result); | 379 EXPECT_TRUE(js_result); |
375 CheckSecurityInfoForSecure( | 380 CheckSecurityInfoForSecure( |
376 browser()->tab_strip_model()->GetActiveWebContents(), | 381 browser()->tab_strip_model()->GetActiveWebContents(), |
377 SecurityStateModel::NONE, SecurityStateModel::NO_DEPRECATED_SHA1, | 382 SecurityStateModel::NONE, SecurityStateModel::NO_DEPRECATED_SHA1, |
378 SecurityStateModel::DISPLAYED_MIXED_CONTENT, | 383 SecurityStateModel::DISPLAYED_MIXED_CONTENT, |
379 false /* expect cert status error */); | 384 false /* expect cert status error */); |
380 | 385 |
381 // Navigate to an HTTPS page that runs mixed content. | 386 // Navigate to an HTTPS page that runs mixed content. |
382 GetFilePathWithHostAndPortReplacement( | 387 GetFilePathWithHostAndPortReplacement( |
383 "/ssl/page_runs_insecure_content.html", | 388 "/ssl/page_runs_insecure_content.html", |
384 embedded_test_server()->host_port_pair(), &replacement_path); | 389 replacement_pair, &replacement_path); |
385 ui_test_utils::NavigateToURL(browser(), | 390 ui_test_utils::NavigateToURL(browser(), |
386 https_server_.GetURL(replacement_path)); | 391 https_server_.GetURL(replacement_path)); |
387 CheckSecurityInfoForSecure( | 392 CheckSecurityInfoForSecure( |
388 browser()->tab_strip_model()->GetActiveWebContents(), | 393 browser()->tab_strip_model()->GetActiveWebContents(), |
389 SecurityStateModel::SECURITY_ERROR, | 394 SecurityStateModel::SECURITY_ERROR, |
390 SecurityStateModel::NO_DEPRECATED_SHA1, | 395 SecurityStateModel::NO_DEPRECATED_SHA1, |
391 SecurityStateModel::RAN_MIXED_CONTENT, | 396 SecurityStateModel::RAN_MIXED_CONTENT, |
392 false /* expect cert status error */); | 397 false /* expect cert status error */); |
393 | 398 |
394 // Navigate to an HTTPS page that runs and displays mixed content. | 399 // Navigate to an HTTPS page that runs and displays mixed content. |
395 GetFilePathWithHostAndPortReplacement( | 400 GetFilePathWithHostAndPortReplacement( |
396 "/ssl/page_runs_and_displays_insecure_content.html", | 401 "/ssl/page_runs_and_displays_insecure_content.html", |
397 embedded_test_server()->host_port_pair(), &replacement_path); | 402 replacement_pair, &replacement_path); |
398 ui_test_utils::NavigateToURL(browser(), | 403 ui_test_utils::NavigateToURL(browser(), |
399 https_server_.GetURL(replacement_path)); | 404 https_server_.GetURL(replacement_path)); |
400 CheckSecurityInfoForSecure( | 405 CheckSecurityInfoForSecure( |
401 browser()->tab_strip_model()->GetActiveWebContents(), | 406 browser()->tab_strip_model()->GetActiveWebContents(), |
402 SecurityStateModel::SECURITY_ERROR, | 407 SecurityStateModel::SECURITY_ERROR, |
403 SecurityStateModel::NO_DEPRECATED_SHA1, | 408 SecurityStateModel::NO_DEPRECATED_SHA1, |
404 SecurityStateModel::RAN_AND_DISPLAYED_MIXED_CONTENT, | 409 SecurityStateModel::RAN_AND_DISPLAYED_MIXED_CONTENT, |
405 false /* expect cert status error */); | 410 false /* expect cert status error */); |
406 | 411 |
407 // Navigate to an HTTPS page that runs mixed content in an iframe. | 412 // Navigate to an HTTPS page that runs mixed content in an iframe. |
(...skipping 21 matching lines...) Expand all Loading... |
429 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, | 434 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, |
430 MixedContentWithBrokenSHA1) { | 435 MixedContentWithBrokenSHA1) { |
431 ASSERT_TRUE(embedded_test_server()->Start()); | 436 ASSERT_TRUE(embedded_test_server()->Start()); |
432 ASSERT_TRUE(https_server_.Start()); | 437 ASSERT_TRUE(https_server_.Start()); |
433 // The test server uses a long-lived cert by default, so a SHA1 | 438 // The test server uses a long-lived cert by default, so a SHA1 |
434 // signature in it will register as a "broken" condition rather than | 439 // signature in it will register as a "broken" condition rather than |
435 // "warning". | 440 // "warning". |
436 SetUpMockCertVerifierForHttpsServer(net::CERT_STATUS_SHA1_SIGNATURE_PRESENT, | 441 SetUpMockCertVerifierForHttpsServer(net::CERT_STATUS_SHA1_SIGNATURE_PRESENT, |
437 net::OK); | 442 net::OK); |
438 | 443 |
| 444 host_resolver()->AddRule("example.test", |
| 445 https_server_.GetURL("/").host()); |
| 446 |
| 447 net::HostPortPair replacement_pair = embedded_test_server()->host_port_pair(); |
| 448 replacement_pair.set_host("example.test"); |
| 449 |
439 // Navigate to an HTTPS page that displays mixed content. | 450 // Navigate to an HTTPS page that displays mixed content. |
440 std::string replacement_path; | 451 std::string replacement_path; |
441 GetFilePathWithHostAndPortReplacement( | 452 GetFilePathWithHostAndPortReplacement( |
442 "/ssl/page_displays_insecure_content.html", | 453 "/ssl/page_displays_insecure_content.html", |
443 embedded_test_server()->host_port_pair(), &replacement_path); | 454 replacement_pair, &replacement_path); |
444 ui_test_utils::NavigateToURL(browser(), | 455 ui_test_utils::NavigateToURL(browser(), |
445 https_server_.GetURL(replacement_path)); | 456 https_server_.GetURL(replacement_path)); |
446 CheckSecurityInfoForSecure( | 457 CheckSecurityInfoForSecure( |
447 browser()->tab_strip_model()->GetActiveWebContents(), | 458 browser()->tab_strip_model()->GetActiveWebContents(), |
448 SecurityStateModel::SECURITY_ERROR, | 459 SecurityStateModel::SECURITY_ERROR, |
449 SecurityStateModel::DEPRECATED_SHA1_MAJOR, | 460 SecurityStateModel::DEPRECATED_SHA1_MAJOR, |
450 SecurityStateModel::DISPLAYED_MIXED_CONTENT, | 461 SecurityStateModel::DISPLAYED_MIXED_CONTENT, |
451 false /* expect cert status error */); | 462 false /* expect cert status error */); |
452 | 463 |
453 // Navigate to an HTTPS page that displays mixed content dynamically. | 464 // Navigate to an HTTPS page that displays mixed content dynamically. |
454 GetFilePathWithHostAndPortReplacement( | 465 GetFilePathWithHostAndPortReplacement( |
455 "/ssl/page_with_dynamic_insecure_content.html", | 466 "/ssl/page_with_dynamic_insecure_content.html", |
456 embedded_test_server()->host_port_pair(), &replacement_path); | 467 replacement_pair, &replacement_path); |
457 ui_test_utils::NavigateToURL(browser(), | 468 ui_test_utils::NavigateToURL(browser(), |
458 https_server_.GetURL(replacement_path)); | 469 https_server_.GetURL(replacement_path)); |
459 CheckSecurityInfoForSecure( | 470 CheckSecurityInfoForSecure( |
460 browser()->tab_strip_model()->GetActiveWebContents(), | 471 browser()->tab_strip_model()->GetActiveWebContents(), |
461 SecurityStateModel::SECURITY_ERROR, | 472 SecurityStateModel::SECURITY_ERROR, |
462 SecurityStateModel::DEPRECATED_SHA1_MAJOR, | 473 SecurityStateModel::DEPRECATED_SHA1_MAJOR, |
463 SecurityStateModel::NO_MIXED_CONTENT, | 474 SecurityStateModel::NO_MIXED_CONTENT, |
464 false /* expect cert status error */); | 475 false /* expect cert status error */); |
465 // Load the insecure image. | 476 // Load the insecure image. |
466 bool js_result = false; | 477 bool js_result = false; |
467 EXPECT_TRUE(content::ExecuteScriptAndExtractBool( | 478 EXPECT_TRUE(content::ExecuteScriptAndExtractBool( |
468 browser()->tab_strip_model()->GetActiveWebContents(), "loadBadImage();", | 479 browser()->tab_strip_model()->GetActiveWebContents(), "loadBadImage();", |
469 &js_result)); | 480 &js_result)); |
470 EXPECT_TRUE(js_result); | 481 EXPECT_TRUE(js_result); |
471 CheckSecurityInfoForSecure( | 482 CheckSecurityInfoForSecure( |
472 browser()->tab_strip_model()->GetActiveWebContents(), | 483 browser()->tab_strip_model()->GetActiveWebContents(), |
473 SecurityStateModel::SECURITY_ERROR, | 484 SecurityStateModel::SECURITY_ERROR, |
474 SecurityStateModel::DEPRECATED_SHA1_MAJOR, | 485 SecurityStateModel::DEPRECATED_SHA1_MAJOR, |
475 SecurityStateModel::DISPLAYED_MIXED_CONTENT, | 486 SecurityStateModel::DISPLAYED_MIXED_CONTENT, |
476 false /* expect cert status error */); | 487 false /* expect cert status error */); |
477 | 488 |
478 // Navigate to an HTTPS page that runs mixed content. | 489 // Navigate to an HTTPS page that runs mixed content. |
479 GetFilePathWithHostAndPortReplacement( | 490 GetFilePathWithHostAndPortReplacement( |
480 "/ssl/page_runs_insecure_content.html", | 491 "/ssl/page_runs_insecure_content.html", |
481 embedded_test_server()->host_port_pair(), &replacement_path); | 492 replacement_pair, &replacement_path); |
482 ui_test_utils::NavigateToURL(browser(), | 493 ui_test_utils::NavigateToURL(browser(), |
483 https_server_.GetURL(replacement_path)); | 494 https_server_.GetURL(replacement_path)); |
484 CheckSecurityInfoForSecure( | 495 CheckSecurityInfoForSecure( |
485 browser()->tab_strip_model()->GetActiveWebContents(), | 496 browser()->tab_strip_model()->GetActiveWebContents(), |
486 SecurityStateModel::SECURITY_ERROR, | 497 SecurityStateModel::SECURITY_ERROR, |
487 SecurityStateModel::DEPRECATED_SHA1_MAJOR, | 498 SecurityStateModel::DEPRECATED_SHA1_MAJOR, |
488 SecurityStateModel::RAN_MIXED_CONTENT, | 499 SecurityStateModel::RAN_MIXED_CONTENT, |
489 false /* expect cert status error */); | 500 false /* expect cert status error */); |
490 | 501 |
491 // Navigate to an HTTPS page that runs and displays mixed content. | 502 // Navigate to an HTTPS page that runs and displays mixed content. |
492 GetFilePathWithHostAndPortReplacement( | 503 GetFilePathWithHostAndPortReplacement( |
493 "/ssl/page_runs_and_displays_insecure_content.html", | 504 "/ssl/page_runs_and_displays_insecure_content.html", |
494 embedded_test_server()->host_port_pair(), &replacement_path); | 505 replacement_pair, &replacement_path); |
495 ui_test_utils::NavigateToURL(browser(), | 506 ui_test_utils::NavigateToURL(browser(), |
496 https_server_.GetURL(replacement_path)); | 507 https_server_.GetURL(replacement_path)); |
497 CheckSecurityInfoForSecure( | 508 CheckSecurityInfoForSecure( |
498 browser()->tab_strip_model()->GetActiveWebContents(), | 509 browser()->tab_strip_model()->GetActiveWebContents(), |
499 SecurityStateModel::SECURITY_ERROR, | 510 SecurityStateModel::SECURITY_ERROR, |
500 SecurityStateModel::DEPRECATED_SHA1_MAJOR, | 511 SecurityStateModel::DEPRECATED_SHA1_MAJOR, |
501 SecurityStateModel::RAN_AND_DISPLAYED_MIXED_CONTENT, | 512 SecurityStateModel::RAN_AND_DISPLAYED_MIXED_CONTENT, |
502 false /* expect cert status error */); | 513 false /* expect cert status error */); |
503 } | 514 } |
504 | 515 |
(...skipping 483 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
988 // downgraded: SECURE_PROTOCOL_AND_CIPHERSUITE should not show up when | 999 // downgraded: SECURE_PROTOCOL_AND_CIPHERSUITE should not show up when |
989 // the TLS settings are obsolete. | 1000 // the TLS settings are obsolete. |
990 for (const auto& explanation : | 1001 for (const auto& explanation : |
991 observer.latest_explanations().secure_explanations) { | 1002 observer.latest_explanations().secure_explanations) { |
992 EXPECT_NE(l10n_util::GetStringUTF8(IDS_SECURE_PROTOCOL_AND_CIPHERSUITE), | 1003 EXPECT_NE(l10n_util::GetStringUTF8(IDS_SECURE_PROTOCOL_AND_CIPHERSUITE), |
993 explanation.summary); | 1004 explanation.summary); |
994 } | 1005 } |
995 } | 1006 } |
996 | 1007 |
997 } // namespace | 1008 } // namespace |
OLD | NEW |