| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/ssl/chrome_security_state_model_client.h" | 5 #include "chrome/browser/ssl/chrome_security_state_model_client.h" |
| 6 | 6 |
| 7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
| 8 #include "base/files/file_path.h" | 8 #include "base/files/file_path.h" |
| 9 #include "base/macros.h" | 9 #include "base/macros.h" |
| 10 #include "base/strings/string_split.h" | 10 #include "base/strings/string_split.h" |
| (...skipping 323 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 334 SecurityStateModel::SECURITY_ERROR, | 334 SecurityStateModel::SECURITY_ERROR, |
| 335 SecurityStateModel::DEPRECATED_SHA1_MAJOR, | 335 SecurityStateModel::DEPRECATED_SHA1_MAJOR, |
| 336 SecurityStateModel::NO_MIXED_CONTENT, | 336 SecurityStateModel::NO_MIXED_CONTENT, |
| 337 false /* expect cert status error */); | 337 false /* expect cert status error */); |
| 338 } | 338 } |
| 339 | 339 |
| 340 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, MixedContent) { | 340 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, MixedContent) { |
| 341 ASSERT_TRUE(embedded_test_server()->Start()); | 341 ASSERT_TRUE(embedded_test_server()->Start()); |
| 342 ASSERT_TRUE(https_server_.Start()); | 342 ASSERT_TRUE(https_server_.Start()); |
| 343 SetUpMockCertVerifierForHttpsServer(0, net::OK); | 343 SetUpMockCertVerifierForHttpsServer(0, net::OK); |
| 344 host_resolver()->AddRule("example.test", |
| 345 https_server_.GetURL("/").host()); |
| 346 |
| 347 net::HostPortPair replacement_pair = embedded_test_server()->host_port_pair(); |
| 348 replacement_pair.set_host("example.test"); |
| 344 | 349 |
| 345 // Navigate to an HTTPS page that displays mixed content. | 350 // Navigate to an HTTPS page that displays mixed content. |
| 346 std::string replacement_path; | 351 std::string replacement_path; |
| 347 GetFilePathWithHostAndPortReplacement( | 352 GetFilePathWithHostAndPortReplacement( |
| 348 "/ssl/page_displays_insecure_content.html", | 353 "/ssl/page_displays_insecure_content.html", |
| 349 embedded_test_server()->host_port_pair(), &replacement_path); | 354 replacement_pair, &replacement_path); |
| 350 ui_test_utils::NavigateToURL(browser(), | 355 ui_test_utils::NavigateToURL(browser(), |
| 351 https_server_.GetURL(replacement_path)); | 356 https_server_.GetURL(replacement_path)); |
| 352 CheckSecurityInfoForSecure( | 357 CheckSecurityInfoForSecure( |
| 353 browser()->tab_strip_model()->GetActiveWebContents(), | 358 browser()->tab_strip_model()->GetActiveWebContents(), |
| 354 SecurityStateModel::NONE, SecurityStateModel::NO_DEPRECATED_SHA1, | 359 SecurityStateModel::NONE, SecurityStateModel::NO_DEPRECATED_SHA1, |
| 355 SecurityStateModel::DISPLAYED_MIXED_CONTENT, | 360 SecurityStateModel::DISPLAYED_MIXED_CONTENT, |
| 356 false /* expect cert status error */); | 361 false /* expect cert status error */); |
| 357 | 362 |
| 358 // Navigate to an HTTPS page that displays mixed content dynamically. | 363 // Navigate to an HTTPS page that displays mixed content dynamically. |
| 359 GetFilePathWithHostAndPortReplacement( | 364 GetFilePathWithHostAndPortReplacement( |
| 360 "/ssl/page_with_dynamic_insecure_content.html", | 365 "/ssl/page_with_dynamic_insecure_content.html", |
| 361 embedded_test_server()->host_port_pair(), &replacement_path); | 366 replacement_pair, &replacement_path); |
| 362 ui_test_utils::NavigateToURL(browser(), | 367 ui_test_utils::NavigateToURL(browser(), |
| 363 https_server_.GetURL(replacement_path)); | 368 https_server_.GetURL(replacement_path)); |
| 364 CheckSecurityInfoForSecure( | 369 CheckSecurityInfoForSecure( |
| 365 browser()->tab_strip_model()->GetActiveWebContents(), | 370 browser()->tab_strip_model()->GetActiveWebContents(), |
| 366 SecurityStateModel::SECURE, SecurityStateModel::NO_DEPRECATED_SHA1, | 371 SecurityStateModel::SECURE, SecurityStateModel::NO_DEPRECATED_SHA1, |
| 367 SecurityStateModel::NO_MIXED_CONTENT, | 372 SecurityStateModel::NO_MIXED_CONTENT, |
| 368 false /* expect cert status error */); | 373 false /* expect cert status error */); |
| 369 // Load the insecure image. | 374 // Load the insecure image. |
| 370 bool js_result = false; | 375 bool js_result = false; |
| 371 EXPECT_TRUE(content::ExecuteScriptAndExtractBool( | 376 EXPECT_TRUE(content::ExecuteScriptAndExtractBool( |
| 372 browser()->tab_strip_model()->GetActiveWebContents(), "loadBadImage();", | 377 browser()->tab_strip_model()->GetActiveWebContents(), "loadBadImage();", |
| 373 &js_result)); | 378 &js_result)); |
| 374 EXPECT_TRUE(js_result); | 379 EXPECT_TRUE(js_result); |
| 375 CheckSecurityInfoForSecure( | 380 CheckSecurityInfoForSecure( |
| 376 browser()->tab_strip_model()->GetActiveWebContents(), | 381 browser()->tab_strip_model()->GetActiveWebContents(), |
| 377 SecurityStateModel::NONE, SecurityStateModel::NO_DEPRECATED_SHA1, | 382 SecurityStateModel::NONE, SecurityStateModel::NO_DEPRECATED_SHA1, |
| 378 SecurityStateModel::DISPLAYED_MIXED_CONTENT, | 383 SecurityStateModel::DISPLAYED_MIXED_CONTENT, |
| 379 false /* expect cert status error */); | 384 false /* expect cert status error */); |
| 380 | 385 |
| 381 // Navigate to an HTTPS page that runs mixed content. | 386 // Navigate to an HTTPS page that runs mixed content. |
| 382 GetFilePathWithHostAndPortReplacement( | 387 GetFilePathWithHostAndPortReplacement( |
| 383 "/ssl/page_runs_insecure_content.html", | 388 "/ssl/page_runs_insecure_content.html", |
| 384 embedded_test_server()->host_port_pair(), &replacement_path); | 389 replacement_pair, &replacement_path); |
| 385 ui_test_utils::NavigateToURL(browser(), | 390 ui_test_utils::NavigateToURL(browser(), |
| 386 https_server_.GetURL(replacement_path)); | 391 https_server_.GetURL(replacement_path)); |
| 387 CheckSecurityInfoForSecure( | 392 CheckSecurityInfoForSecure( |
| 388 browser()->tab_strip_model()->GetActiveWebContents(), | 393 browser()->tab_strip_model()->GetActiveWebContents(), |
| 389 SecurityStateModel::SECURITY_ERROR, | 394 SecurityStateModel::SECURITY_ERROR, |
| 390 SecurityStateModel::NO_DEPRECATED_SHA1, | 395 SecurityStateModel::NO_DEPRECATED_SHA1, |
| 391 SecurityStateModel::RAN_MIXED_CONTENT, | 396 SecurityStateModel::RAN_MIXED_CONTENT, |
| 392 false /* expect cert status error */); | 397 false /* expect cert status error */); |
| 393 | 398 |
| 394 // Navigate to an HTTPS page that runs and displays mixed content. | 399 // Navigate to an HTTPS page that runs and displays mixed content. |
| 395 GetFilePathWithHostAndPortReplacement( | 400 GetFilePathWithHostAndPortReplacement( |
| 396 "/ssl/page_runs_and_displays_insecure_content.html", | 401 "/ssl/page_runs_and_displays_insecure_content.html", |
| 397 embedded_test_server()->host_port_pair(), &replacement_path); | 402 replacement_pair, &replacement_path); |
| 398 ui_test_utils::NavigateToURL(browser(), | 403 ui_test_utils::NavigateToURL(browser(), |
| 399 https_server_.GetURL(replacement_path)); | 404 https_server_.GetURL(replacement_path)); |
| 400 CheckSecurityInfoForSecure( | 405 CheckSecurityInfoForSecure( |
| 401 browser()->tab_strip_model()->GetActiveWebContents(), | 406 browser()->tab_strip_model()->GetActiveWebContents(), |
| 402 SecurityStateModel::SECURITY_ERROR, | 407 SecurityStateModel::SECURITY_ERROR, |
| 403 SecurityStateModel::NO_DEPRECATED_SHA1, | 408 SecurityStateModel::NO_DEPRECATED_SHA1, |
| 404 SecurityStateModel::RAN_AND_DISPLAYED_MIXED_CONTENT, | 409 SecurityStateModel::RAN_AND_DISPLAYED_MIXED_CONTENT, |
| 405 false /* expect cert status error */); | 410 false /* expect cert status error */); |
| 406 | 411 |
| 407 // Navigate to an HTTPS page that runs mixed content in an iframe. | 412 // Navigate to an HTTPS page that runs mixed content in an iframe. |
| (...skipping 21 matching lines...) Expand all Loading... |
| 429 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, | 434 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, |
| 430 MixedContentWithBrokenSHA1) { | 435 MixedContentWithBrokenSHA1) { |
| 431 ASSERT_TRUE(embedded_test_server()->Start()); | 436 ASSERT_TRUE(embedded_test_server()->Start()); |
| 432 ASSERT_TRUE(https_server_.Start()); | 437 ASSERT_TRUE(https_server_.Start()); |
| 433 // The test server uses a long-lived cert by default, so a SHA1 | 438 // The test server uses a long-lived cert by default, so a SHA1 |
| 434 // signature in it will register as a "broken" condition rather than | 439 // signature in it will register as a "broken" condition rather than |
| 435 // "warning". | 440 // "warning". |
| 436 SetUpMockCertVerifierForHttpsServer(net::CERT_STATUS_SHA1_SIGNATURE_PRESENT, | 441 SetUpMockCertVerifierForHttpsServer(net::CERT_STATUS_SHA1_SIGNATURE_PRESENT, |
| 437 net::OK); | 442 net::OK); |
| 438 | 443 |
| 444 host_resolver()->AddRule("example.test", |
| 445 https_server_.GetURL("/").host()); |
| 446 |
| 447 net::HostPortPair replacement_pair = embedded_test_server()->host_port_pair(); |
| 448 replacement_pair.set_host("example.test"); |
| 449 |
| 439 // Navigate to an HTTPS page that displays mixed content. | 450 // Navigate to an HTTPS page that displays mixed content. |
| 440 std::string replacement_path; | 451 std::string replacement_path; |
| 441 GetFilePathWithHostAndPortReplacement( | 452 GetFilePathWithHostAndPortReplacement( |
| 442 "/ssl/page_displays_insecure_content.html", | 453 "/ssl/page_displays_insecure_content.html", |
| 443 embedded_test_server()->host_port_pair(), &replacement_path); | 454 replacement_pair, &replacement_path); |
| 444 ui_test_utils::NavigateToURL(browser(), | 455 ui_test_utils::NavigateToURL(browser(), |
| 445 https_server_.GetURL(replacement_path)); | 456 https_server_.GetURL(replacement_path)); |
| 446 CheckSecurityInfoForSecure( | 457 CheckSecurityInfoForSecure( |
| 447 browser()->tab_strip_model()->GetActiveWebContents(), | 458 browser()->tab_strip_model()->GetActiveWebContents(), |
| 448 SecurityStateModel::SECURITY_ERROR, | 459 SecurityStateModel::SECURITY_ERROR, |
| 449 SecurityStateModel::DEPRECATED_SHA1_MAJOR, | 460 SecurityStateModel::DEPRECATED_SHA1_MAJOR, |
| 450 SecurityStateModel::DISPLAYED_MIXED_CONTENT, | 461 SecurityStateModel::DISPLAYED_MIXED_CONTENT, |
| 451 false /* expect cert status error */); | 462 false /* expect cert status error */); |
| 452 | 463 |
| 453 // Navigate to an HTTPS page that displays mixed content dynamically. | 464 // Navigate to an HTTPS page that displays mixed content dynamically. |
| 454 GetFilePathWithHostAndPortReplacement( | 465 GetFilePathWithHostAndPortReplacement( |
| 455 "/ssl/page_with_dynamic_insecure_content.html", | 466 "/ssl/page_with_dynamic_insecure_content.html", |
| 456 embedded_test_server()->host_port_pair(), &replacement_path); | 467 replacement_pair, &replacement_path); |
| 457 ui_test_utils::NavigateToURL(browser(), | 468 ui_test_utils::NavigateToURL(browser(), |
| 458 https_server_.GetURL(replacement_path)); | 469 https_server_.GetURL(replacement_path)); |
| 459 CheckSecurityInfoForSecure( | 470 CheckSecurityInfoForSecure( |
| 460 browser()->tab_strip_model()->GetActiveWebContents(), | 471 browser()->tab_strip_model()->GetActiveWebContents(), |
| 461 SecurityStateModel::SECURITY_ERROR, | 472 SecurityStateModel::SECURITY_ERROR, |
| 462 SecurityStateModel::DEPRECATED_SHA1_MAJOR, | 473 SecurityStateModel::DEPRECATED_SHA1_MAJOR, |
| 463 SecurityStateModel::NO_MIXED_CONTENT, | 474 SecurityStateModel::NO_MIXED_CONTENT, |
| 464 false /* expect cert status error */); | 475 false /* expect cert status error */); |
| 465 // Load the insecure image. | 476 // Load the insecure image. |
| 466 bool js_result = false; | 477 bool js_result = false; |
| 467 EXPECT_TRUE(content::ExecuteScriptAndExtractBool( | 478 EXPECT_TRUE(content::ExecuteScriptAndExtractBool( |
| 468 browser()->tab_strip_model()->GetActiveWebContents(), "loadBadImage();", | 479 browser()->tab_strip_model()->GetActiveWebContents(), "loadBadImage();", |
| 469 &js_result)); | 480 &js_result)); |
| 470 EXPECT_TRUE(js_result); | 481 EXPECT_TRUE(js_result); |
| 471 CheckSecurityInfoForSecure( | 482 CheckSecurityInfoForSecure( |
| 472 browser()->tab_strip_model()->GetActiveWebContents(), | 483 browser()->tab_strip_model()->GetActiveWebContents(), |
| 473 SecurityStateModel::SECURITY_ERROR, | 484 SecurityStateModel::SECURITY_ERROR, |
| 474 SecurityStateModel::DEPRECATED_SHA1_MAJOR, | 485 SecurityStateModel::DEPRECATED_SHA1_MAJOR, |
| 475 SecurityStateModel::DISPLAYED_MIXED_CONTENT, | 486 SecurityStateModel::DISPLAYED_MIXED_CONTENT, |
| 476 false /* expect cert status error */); | 487 false /* expect cert status error */); |
| 477 | 488 |
| 478 // Navigate to an HTTPS page that runs mixed content. | 489 // Navigate to an HTTPS page that runs mixed content. |
| 479 GetFilePathWithHostAndPortReplacement( | 490 GetFilePathWithHostAndPortReplacement( |
| 480 "/ssl/page_runs_insecure_content.html", | 491 "/ssl/page_runs_insecure_content.html", |
| 481 embedded_test_server()->host_port_pair(), &replacement_path); | 492 replacement_pair, &replacement_path); |
| 482 ui_test_utils::NavigateToURL(browser(), | 493 ui_test_utils::NavigateToURL(browser(), |
| 483 https_server_.GetURL(replacement_path)); | 494 https_server_.GetURL(replacement_path)); |
| 484 CheckSecurityInfoForSecure( | 495 CheckSecurityInfoForSecure( |
| 485 browser()->tab_strip_model()->GetActiveWebContents(), | 496 browser()->tab_strip_model()->GetActiveWebContents(), |
| 486 SecurityStateModel::SECURITY_ERROR, | 497 SecurityStateModel::SECURITY_ERROR, |
| 487 SecurityStateModel::DEPRECATED_SHA1_MAJOR, | 498 SecurityStateModel::DEPRECATED_SHA1_MAJOR, |
| 488 SecurityStateModel::RAN_MIXED_CONTENT, | 499 SecurityStateModel::RAN_MIXED_CONTENT, |
| 489 false /* expect cert status error */); | 500 false /* expect cert status error */); |
| 490 | 501 |
| 491 // Navigate to an HTTPS page that runs and displays mixed content. | 502 // Navigate to an HTTPS page that runs and displays mixed content. |
| 492 GetFilePathWithHostAndPortReplacement( | 503 GetFilePathWithHostAndPortReplacement( |
| 493 "/ssl/page_runs_and_displays_insecure_content.html", | 504 "/ssl/page_runs_and_displays_insecure_content.html", |
| 494 embedded_test_server()->host_port_pair(), &replacement_path); | 505 replacement_pair, &replacement_path); |
| 495 ui_test_utils::NavigateToURL(browser(), | 506 ui_test_utils::NavigateToURL(browser(), |
| 496 https_server_.GetURL(replacement_path)); | 507 https_server_.GetURL(replacement_path)); |
| 497 CheckSecurityInfoForSecure( | 508 CheckSecurityInfoForSecure( |
| 498 browser()->tab_strip_model()->GetActiveWebContents(), | 509 browser()->tab_strip_model()->GetActiveWebContents(), |
| 499 SecurityStateModel::SECURITY_ERROR, | 510 SecurityStateModel::SECURITY_ERROR, |
| 500 SecurityStateModel::DEPRECATED_SHA1_MAJOR, | 511 SecurityStateModel::DEPRECATED_SHA1_MAJOR, |
| 501 SecurityStateModel::RAN_AND_DISPLAYED_MIXED_CONTENT, | 512 SecurityStateModel::RAN_AND_DISPLAYED_MIXED_CONTENT, |
| 502 false /* expect cert status error */); | 513 false /* expect cert status error */); |
| 503 } | 514 } |
| 504 | 515 |
| (...skipping 483 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 988 // downgraded: SECURE_PROTOCOL_AND_CIPHERSUITE should not show up when | 999 // downgraded: SECURE_PROTOCOL_AND_CIPHERSUITE should not show up when |
| 989 // the TLS settings are obsolete. | 1000 // the TLS settings are obsolete. |
| 990 for (const auto& explanation : | 1001 for (const auto& explanation : |
| 991 observer.latest_explanations().secure_explanations) { | 1002 observer.latest_explanations().secure_explanations) { |
| 992 EXPECT_NE(l10n_util::GetStringUTF8(IDS_SECURE_PROTOCOL_AND_CIPHERSUITE), | 1003 EXPECT_NE(l10n_util::GetStringUTF8(IDS_SECURE_PROTOCOL_AND_CIPHERSUITE), |
| 993 explanation.summary); | 1004 explanation.summary); |
| 994 } | 1005 } |
| 995 } | 1006 } |
| 996 | 1007 |
| 997 } // namespace | 1008 } // namespace |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1931063004:
Stop blocking 'http://127.0.0.1/' as mixed content. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master