OLD | NEW |
---|---|
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/ssl/chrome_security_state_model_client.h" | 5 #include "chrome/browser/ssl/chrome_security_state_model_client.h" |
6 | 6 |
7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
8 #include "base/files/file_path.h" | 8 #include "base/files/file_path.h" |
9 #include "base/macros.h" | 9 #include "base/macros.h" |
10 #include "base/strings/string_split.h" | 10 #include "base/strings/string_split.h" |
(...skipping 147 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
158 EXPECT_EQ( | 158 EXPECT_EQ( |
159 l10n_util::GetStringUTF8(IDS_SECURE_PROTOCOL_AND_CIPHERSUITE_DESCRIPTION), | 159 l10n_util::GetStringUTF8(IDS_SECURE_PROTOCOL_AND_CIPHERSUITE_DESCRIPTION), |
160 secure_explanations.back().description); | 160 secure_explanations.back().description); |
161 } | 161 } |
162 | 162 |
163 void CheckSecurityInfoForSecure( | 163 void CheckSecurityInfoForSecure( |
164 content::WebContents* contents, | 164 content::WebContents* contents, |
165 SecurityStateModel::SecurityLevel expect_security_level, | 165 SecurityStateModel::SecurityLevel expect_security_level, |
166 SecurityStateModel::SHA1DeprecationStatus expect_sha1_status, | 166 SecurityStateModel::SHA1DeprecationStatus expect_sha1_status, |
167 SecurityStateModel::MixedContentStatus expect_mixed_content_status, | 167 SecurityStateModel::MixedContentStatus expect_mixed_content_status, |
168 bool pkp_bypassed, | |
168 bool expect_cert_error) { | 169 bool expect_cert_error) { |
169 ASSERT_TRUE(contents); | 170 ASSERT_TRUE(contents); |
170 | 171 |
171 ChromeSecurityStateModelClient* model_client = | 172 ChromeSecurityStateModelClient* model_client = |
172 ChromeSecurityStateModelClient::FromWebContents(contents); | 173 ChromeSecurityStateModelClient::FromWebContents(contents); |
173 ASSERT_TRUE(model_client); | 174 ASSERT_TRUE(model_client); |
174 const SecurityStateModel::SecurityInfo& security_info = | 175 const SecurityStateModel::SecurityInfo& security_info = |
175 model_client->GetSecurityInfo(); | 176 model_client->GetSecurityInfo(); |
176 EXPECT_EQ(expect_security_level, security_info.security_level); | 177 EXPECT_EQ(expect_security_level, security_info.security_level); |
177 EXPECT_EQ(expect_sha1_status, security_info.sha1_deprecation_status); | 178 EXPECT_EQ(expect_sha1_status, security_info.sha1_deprecation_status); |
178 EXPECT_EQ(expect_mixed_content_status, security_info.mixed_content_status); | 179 EXPECT_EQ(expect_mixed_content_status, security_info.mixed_content_status); |
179 EXPECT_TRUE(security_info.sct_verify_statuses.empty()); | 180 EXPECT_TRUE(security_info.sct_verify_statuses.empty()); |
180 EXPECT_TRUE(security_info.scheme_is_cryptographic); | 181 EXPECT_TRUE(security_info.scheme_is_cryptographic); |
182 EXPECT_EQ(pkp_bypassed, security_info.pkp_bypassed); | |
181 EXPECT_EQ(expect_cert_error, | 183 EXPECT_EQ(expect_cert_error, |
182 net::IsCertStatusError(security_info.cert_status)); | 184 net::IsCertStatusError(security_info.cert_status)); |
183 EXPECT_GT(security_info.security_bits, 0); | 185 EXPECT_GT(security_info.security_bits, 0); |
184 | 186 |
185 content::CertStore* cert_store = content::CertStore::GetInstance(); | 187 content::CertStore* cert_store = content::CertStore::GetInstance(); |
186 scoped_refptr<net::X509Certificate> cert; | 188 scoped_refptr<net::X509Certificate> cert; |
187 EXPECT_TRUE(cert_store->RetrieveCert(security_info.cert_id, &cert)); | 189 EXPECT_TRUE(cert_store->RetrieveCert(security_info.cert_id, &cert)); |
188 } | 190 } |
189 | 191 |
190 void CheckSecurityInfoForNonSecure(content::WebContents* contents) { | 192 void CheckSecurityInfoForNonSecure(content::WebContents* contents) { |
(...skipping 117 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
308 | 310 |
309 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, HttpsPage) { | 311 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, HttpsPage) { |
310 ASSERT_TRUE(https_server_.Start()); | 312 ASSERT_TRUE(https_server_.Start()); |
311 SetUpMockCertVerifierForHttpsServer(0, net::OK); | 313 SetUpMockCertVerifierForHttpsServer(0, net::OK); |
312 | 314 |
313 ui_test_utils::NavigateToURL(browser(), | 315 ui_test_utils::NavigateToURL(browser(), |
314 https_server_.GetURL("/ssl/google.html")); | 316 https_server_.GetURL("/ssl/google.html")); |
315 CheckSecurityInfoForSecure( | 317 CheckSecurityInfoForSecure( |
316 browser()->tab_strip_model()->GetActiveWebContents(), | 318 browser()->tab_strip_model()->GetActiveWebContents(), |
317 SecurityStateModel::SECURE, SecurityStateModel::NO_DEPRECATED_SHA1, | 319 SecurityStateModel::SECURE, SecurityStateModel::NO_DEPRECATED_SHA1, |
318 SecurityStateModel::NO_MIXED_CONTENT, | 320 SecurityStateModel::NO_MIXED_CONTENT, false, |
319 false /* expect cert status error */); | 321 false /* expect cert status error */); |
320 } | 322 } |
321 | 323 |
322 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, SHA1Broken) { | 324 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, SHA1Broken) { |
323 ASSERT_TRUE(https_server_.Start()); | 325 ASSERT_TRUE(https_server_.Start()); |
324 // The test server uses a long-lived cert by default, so a SHA1 | 326 // The test server uses a long-lived cert by default, so a SHA1 |
325 // signature in it will register as a "broken" condition rather than | 327 // signature in it will register as a "broken" condition rather than |
326 // "warning". | 328 // "warning". |
327 SetUpMockCertVerifierForHttpsServer(net::CERT_STATUS_SHA1_SIGNATURE_PRESENT, | 329 SetUpMockCertVerifierForHttpsServer(net::CERT_STATUS_SHA1_SIGNATURE_PRESENT, |
328 net::OK); | 330 net::OK); |
329 | 331 |
330 ui_test_utils::NavigateToURL(browser(), | 332 ui_test_utils::NavigateToURL(browser(), |
331 https_server_.GetURL("/ssl/google.html")); | 333 https_server_.GetURL("/ssl/google.html")); |
332 CheckSecurityInfoForSecure( | 334 CheckSecurityInfoForSecure( |
333 browser()->tab_strip_model()->GetActiveWebContents(), | 335 browser()->tab_strip_model()->GetActiveWebContents(), |
334 SecurityStateModel::SECURITY_ERROR, | 336 SecurityStateModel::SECURITY_ERROR, |
335 SecurityStateModel::DEPRECATED_SHA1_MAJOR, | 337 SecurityStateModel::DEPRECATED_SHA1_MAJOR, |
336 SecurityStateModel::NO_MIXED_CONTENT, | 338 SecurityStateModel::NO_MIXED_CONTENT, false, |
337 false /* expect cert status error */); | 339 false /* expect cert status error */); |
338 } | 340 } |
339 | 341 |
340 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, MixedContent) { | 342 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, MixedContent) { |
341 ASSERT_TRUE(embedded_test_server()->Start()); | 343 ASSERT_TRUE(embedded_test_server()->Start()); |
342 ASSERT_TRUE(https_server_.Start()); | 344 ASSERT_TRUE(https_server_.Start()); |
343 SetUpMockCertVerifierForHttpsServer(0, net::OK); | 345 SetUpMockCertVerifierForHttpsServer(0, net::OK); |
344 | 346 |
345 // Navigate to an HTTPS page that displays mixed content. | 347 // Navigate to an HTTPS page that displays mixed content. |
346 std::string replacement_path; | 348 std::string replacement_path; |
347 GetFilePathWithHostAndPortReplacement( | 349 GetFilePathWithHostAndPortReplacement( |
348 "/ssl/page_displays_insecure_content.html", | 350 "/ssl/page_displays_insecure_content.html", |
349 embedded_test_server()->host_port_pair(), &replacement_path); | 351 embedded_test_server()->host_port_pair(), &replacement_path); |
350 ui_test_utils::NavigateToURL(browser(), | 352 ui_test_utils::NavigateToURL(browser(), |
351 https_server_.GetURL(replacement_path)); | 353 https_server_.GetURL(replacement_path)); |
352 CheckSecurityInfoForSecure( | 354 CheckSecurityInfoForSecure( |
353 browser()->tab_strip_model()->GetActiveWebContents(), | 355 browser()->tab_strip_model()->GetActiveWebContents(), |
354 SecurityStateModel::NONE, SecurityStateModel::NO_DEPRECATED_SHA1, | 356 SecurityStateModel::NONE, SecurityStateModel::NO_DEPRECATED_SHA1, |
355 SecurityStateModel::DISPLAYED_MIXED_CONTENT, | 357 SecurityStateModel::DISPLAYED_MIXED_CONTENT, false, |
356 false /* expect cert status error */); | 358 false /* expect cert status error */); |
357 | 359 |
358 // Navigate to an HTTPS page that displays mixed content dynamically. | 360 // Navigate to an HTTPS page that displays mixed content dynamically. |
359 GetFilePathWithHostAndPortReplacement( | 361 GetFilePathWithHostAndPortReplacement( |
360 "/ssl/page_with_dynamic_insecure_content.html", | 362 "/ssl/page_with_dynamic_insecure_content.html", |
361 embedded_test_server()->host_port_pair(), &replacement_path); | 363 embedded_test_server()->host_port_pair(), &replacement_path); |
362 ui_test_utils::NavigateToURL(browser(), | 364 ui_test_utils::NavigateToURL(browser(), |
363 https_server_.GetURL(replacement_path)); | 365 https_server_.GetURL(replacement_path)); |
364 CheckSecurityInfoForSecure( | 366 CheckSecurityInfoForSecure( |
365 browser()->tab_strip_model()->GetActiveWebContents(), | 367 browser()->tab_strip_model()->GetActiveWebContents(), |
366 SecurityStateModel::SECURE, SecurityStateModel::NO_DEPRECATED_SHA1, | 368 SecurityStateModel::SECURE, SecurityStateModel::NO_DEPRECATED_SHA1, |
367 SecurityStateModel::NO_MIXED_CONTENT, | 369 SecurityStateModel::NO_MIXED_CONTENT, false, |
368 false /* expect cert status error */); | 370 false /* expect cert status error */); |
369 // Load the insecure image. | 371 // Load the insecure image. |
370 bool js_result = false; | 372 bool js_result = false; |
371 EXPECT_TRUE(content::ExecuteScriptAndExtractBool( | 373 EXPECT_TRUE(content::ExecuteScriptAndExtractBool( |
372 browser()->tab_strip_model()->GetActiveWebContents(), "loadBadImage();", | 374 browser()->tab_strip_model()->GetActiveWebContents(), "loadBadImage();", |
373 &js_result)); | 375 &js_result)); |
374 EXPECT_TRUE(js_result); | 376 EXPECT_TRUE(js_result); |
375 CheckSecurityInfoForSecure( | 377 CheckSecurityInfoForSecure( |
376 browser()->tab_strip_model()->GetActiveWebContents(), | 378 browser()->tab_strip_model()->GetActiveWebContents(), |
377 SecurityStateModel::NONE, SecurityStateModel::NO_DEPRECATED_SHA1, | 379 SecurityStateModel::NONE, SecurityStateModel::NO_DEPRECATED_SHA1, |
378 SecurityStateModel::DISPLAYED_MIXED_CONTENT, | 380 SecurityStateModel::DISPLAYED_MIXED_CONTENT, false, |
379 false /* expect cert status error */); | 381 false /* expect cert status error */); |
380 | 382 |
381 // Navigate to an HTTPS page that runs mixed content. | 383 // Navigate to an HTTPS page that runs mixed content. |
382 GetFilePathWithHostAndPortReplacement( | 384 GetFilePathWithHostAndPortReplacement( |
383 "/ssl/page_runs_insecure_content.html", | 385 "/ssl/page_runs_insecure_content.html", |
384 embedded_test_server()->host_port_pair(), &replacement_path); | 386 embedded_test_server()->host_port_pair(), &replacement_path); |
385 ui_test_utils::NavigateToURL(browser(), | 387 ui_test_utils::NavigateToURL(browser(), |
386 https_server_.GetURL(replacement_path)); | 388 https_server_.GetURL(replacement_path)); |
387 CheckSecurityInfoForSecure( | 389 CheckSecurityInfoForSecure( |
388 browser()->tab_strip_model()->GetActiveWebContents(), | 390 browser()->tab_strip_model()->GetActiveWebContents(), |
389 SecurityStateModel::SECURITY_ERROR, | 391 SecurityStateModel::SECURITY_ERROR, |
390 SecurityStateModel::NO_DEPRECATED_SHA1, | 392 SecurityStateModel::NO_DEPRECATED_SHA1, |
391 SecurityStateModel::RAN_MIXED_CONTENT, | 393 SecurityStateModel::RAN_MIXED_CONTENT, false, |
392 false /* expect cert status error */); | 394 false /* expect cert status error */); |
393 | 395 |
394 // Navigate to an HTTPS page that runs and displays mixed content. | 396 // Navigate to an HTTPS page that runs and displays mixed content. |
395 GetFilePathWithHostAndPortReplacement( | 397 GetFilePathWithHostAndPortReplacement( |
396 "/ssl/page_runs_and_displays_insecure_content.html", | 398 "/ssl/page_runs_and_displays_insecure_content.html", |
397 embedded_test_server()->host_port_pair(), &replacement_path); | 399 embedded_test_server()->host_port_pair(), &replacement_path); |
398 ui_test_utils::NavigateToURL(browser(), | 400 ui_test_utils::NavigateToURL(browser(), |
399 https_server_.GetURL(replacement_path)); | 401 https_server_.GetURL(replacement_path)); |
400 CheckSecurityInfoForSecure( | 402 CheckSecurityInfoForSecure( |
401 browser()->tab_strip_model()->GetActiveWebContents(), | 403 browser()->tab_strip_model()->GetActiveWebContents(), |
402 SecurityStateModel::SECURITY_ERROR, | 404 SecurityStateModel::SECURITY_ERROR, |
403 SecurityStateModel::NO_DEPRECATED_SHA1, | 405 SecurityStateModel::NO_DEPRECATED_SHA1, |
404 SecurityStateModel::RAN_AND_DISPLAYED_MIXED_CONTENT, | 406 SecurityStateModel::RAN_AND_DISPLAYED_MIXED_CONTENT, false, |
405 false /* expect cert status error */); | 407 false /* expect cert status error */); |
406 | 408 |
407 // Navigate to an HTTPS page that runs mixed content in an iframe. | 409 // Navigate to an HTTPS page that runs mixed content in an iframe. |
408 net::HostPortPair host_port_pair = | 410 net::HostPortPair host_port_pair = |
409 net::HostPortPair::FromURL(https_server_.GetURL("/")); | 411 net::HostPortPair::FromURL(https_server_.GetURL("/")); |
410 host_port_pair.set_host("different-host.test"); | 412 host_port_pair.set_host("different-host.test"); |
411 host_resolver()->AddRule("different-host.test", | 413 host_resolver()->AddRule("different-host.test", |
412 https_server_.GetURL("/").host()); | 414 https_server_.GetURL("/").host()); |
413 host_resolver()->AddRule("different-http-host.test", | 415 host_resolver()->AddRule("different-http-host.test", |
414 embedded_test_server()->GetURL("/").host()); | 416 embedded_test_server()->GetURL("/").host()); |
415 GetFilePathWithHostAndPortReplacement( | 417 GetFilePathWithHostAndPortReplacement( |
416 "/ssl/page_runs_insecure_content_in_iframe.html", host_port_pair, | 418 "/ssl/page_runs_insecure_content_in_iframe.html", host_port_pair, |
417 &replacement_path); | 419 &replacement_path); |
418 ui_test_utils::NavigateToURL(browser(), | 420 ui_test_utils::NavigateToURL(browser(), |
419 https_server_.GetURL(replacement_path)); | 421 https_server_.GetURL(replacement_path)); |
420 CheckSecurityInfoForSecure( | 422 CheckSecurityInfoForSecure( |
421 browser()->tab_strip_model()->GetActiveWebContents(), | 423 browser()->tab_strip_model()->GetActiveWebContents(), |
422 SecurityStateModel::SECURITY_ERROR, | 424 SecurityStateModel::SECURITY_ERROR, |
423 SecurityStateModel::NO_DEPRECATED_SHA1, | 425 SecurityStateModel::NO_DEPRECATED_SHA1, |
424 SecurityStateModel::RAN_MIXED_CONTENT, | 426 SecurityStateModel::RAN_MIXED_CONTENT, false, |
425 false /* expect cert status error */); | 427 false /* expect cert status error */); |
426 } | 428 } |
427 | 429 |
428 // Same as the test above but with a long-lived SHA1 cert. | 430 // Same as the test above but with a long-lived SHA1 cert. |
429 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, | 431 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, |
430 MixedContentWithBrokenSHA1) { | 432 MixedContentWithBrokenSHA1) { |
431 ASSERT_TRUE(embedded_test_server()->Start()); | 433 ASSERT_TRUE(embedded_test_server()->Start()); |
432 ASSERT_TRUE(https_server_.Start()); | 434 ASSERT_TRUE(https_server_.Start()); |
433 // The test server uses a long-lived cert by default, so a SHA1 | 435 // The test server uses a long-lived cert by default, so a SHA1 |
434 // signature in it will register as a "broken" condition rather than | 436 // signature in it will register as a "broken" condition rather than |
435 // "warning". | 437 // "warning". |
436 SetUpMockCertVerifierForHttpsServer(net::CERT_STATUS_SHA1_SIGNATURE_PRESENT, | 438 SetUpMockCertVerifierForHttpsServer(net::CERT_STATUS_SHA1_SIGNATURE_PRESENT, |
437 net::OK); | 439 net::OK); |
438 | 440 |
439 // Navigate to an HTTPS page that displays mixed content. | 441 // Navigate to an HTTPS page that displays mixed content. |
440 std::string replacement_path; | 442 std::string replacement_path; |
441 GetFilePathWithHostAndPortReplacement( | 443 GetFilePathWithHostAndPortReplacement( |
442 "/ssl/page_displays_insecure_content.html", | 444 "/ssl/page_displays_insecure_content.html", |
443 embedded_test_server()->host_port_pair(), &replacement_path); | 445 embedded_test_server()->host_port_pair(), &replacement_path); |
444 ui_test_utils::NavigateToURL(browser(), | 446 ui_test_utils::NavigateToURL(browser(), |
445 https_server_.GetURL(replacement_path)); | 447 https_server_.GetURL(replacement_path)); |
446 CheckSecurityInfoForSecure( | 448 CheckSecurityInfoForSecure( |
447 browser()->tab_strip_model()->GetActiveWebContents(), | 449 browser()->tab_strip_model()->GetActiveWebContents(), |
448 SecurityStateModel::SECURITY_ERROR, | 450 SecurityStateModel::SECURITY_ERROR, |
449 SecurityStateModel::DEPRECATED_SHA1_MAJOR, | 451 SecurityStateModel::DEPRECATED_SHA1_MAJOR, |
450 SecurityStateModel::DISPLAYED_MIXED_CONTENT, | 452 SecurityStateModel::DISPLAYED_MIXED_CONTENT, false, |
451 false /* expect cert status error */); | 453 false /* expect cert status error */); |
452 | 454 |
453 // Navigate to an HTTPS page that displays mixed content dynamically. | 455 // Navigate to an HTTPS page that displays mixed content dynamically. |
454 GetFilePathWithHostAndPortReplacement( | 456 GetFilePathWithHostAndPortReplacement( |
455 "/ssl/page_with_dynamic_insecure_content.html", | 457 "/ssl/page_with_dynamic_insecure_content.html", |
456 embedded_test_server()->host_port_pair(), &replacement_path); | 458 embedded_test_server()->host_port_pair(), &replacement_path); |
457 ui_test_utils::NavigateToURL(browser(), | 459 ui_test_utils::NavigateToURL(browser(), |
458 https_server_.GetURL(replacement_path)); | 460 https_server_.GetURL(replacement_path)); |
459 CheckSecurityInfoForSecure( | 461 CheckSecurityInfoForSecure( |
460 browser()->tab_strip_model()->GetActiveWebContents(), | 462 browser()->tab_strip_model()->GetActiveWebContents(), |
461 SecurityStateModel::SECURITY_ERROR, | 463 SecurityStateModel::SECURITY_ERROR, |
462 SecurityStateModel::DEPRECATED_SHA1_MAJOR, | 464 SecurityStateModel::DEPRECATED_SHA1_MAJOR, |
463 SecurityStateModel::NO_MIXED_CONTENT, | 465 SecurityStateModel::NO_MIXED_CONTENT, false, |
464 false /* expect cert status error */); | 466 false /* expect cert status error */); |
465 // Load the insecure image. | 467 // Load the insecure image. |
466 bool js_result = false; | 468 bool js_result = false; |
467 EXPECT_TRUE(content::ExecuteScriptAndExtractBool( | 469 EXPECT_TRUE(content::ExecuteScriptAndExtractBool( |
468 browser()->tab_strip_model()->GetActiveWebContents(), "loadBadImage();", | 470 browser()->tab_strip_model()->GetActiveWebContents(), "loadBadImage();", |
469 &js_result)); | 471 &js_result)); |
470 EXPECT_TRUE(js_result); | 472 EXPECT_TRUE(js_result); |
471 CheckSecurityInfoForSecure( | 473 CheckSecurityInfoForSecure( |
472 browser()->tab_strip_model()->GetActiveWebContents(), | 474 browser()->tab_strip_model()->GetActiveWebContents(), |
473 SecurityStateModel::SECURITY_ERROR, | 475 SecurityStateModel::SECURITY_ERROR, |
474 SecurityStateModel::DEPRECATED_SHA1_MAJOR, | 476 SecurityStateModel::DEPRECATED_SHA1_MAJOR, |
475 SecurityStateModel::DISPLAYED_MIXED_CONTENT, | 477 SecurityStateModel::DISPLAYED_MIXED_CONTENT, false, |
476 false /* expect cert status error */); | 478 false /* expect cert status error */); |
477 | 479 |
478 // Navigate to an HTTPS page that runs mixed content. | 480 // Navigate to an HTTPS page that runs mixed content. |
479 GetFilePathWithHostAndPortReplacement( | 481 GetFilePathWithHostAndPortReplacement( |
480 "/ssl/page_runs_insecure_content.html", | 482 "/ssl/page_runs_insecure_content.html", |
481 embedded_test_server()->host_port_pair(), &replacement_path); | 483 embedded_test_server()->host_port_pair(), &replacement_path); |
482 ui_test_utils::NavigateToURL(browser(), | 484 ui_test_utils::NavigateToURL(browser(), |
483 https_server_.GetURL(replacement_path)); | 485 https_server_.GetURL(replacement_path)); |
484 CheckSecurityInfoForSecure( | 486 CheckSecurityInfoForSecure( |
485 browser()->tab_strip_model()->GetActiveWebContents(), | 487 browser()->tab_strip_model()->GetActiveWebContents(), |
486 SecurityStateModel::SECURITY_ERROR, | 488 SecurityStateModel::SECURITY_ERROR, |
487 SecurityStateModel::DEPRECATED_SHA1_MAJOR, | 489 SecurityStateModel::DEPRECATED_SHA1_MAJOR, |
488 SecurityStateModel::RAN_MIXED_CONTENT, | 490 SecurityStateModel::RAN_MIXED_CONTENT, false, |
489 false /* expect cert status error */); | 491 false /* expect cert status error */); |
490 | 492 |
491 // Navigate to an HTTPS page that runs and displays mixed content. | 493 // Navigate to an HTTPS page that runs and displays mixed content. |
492 GetFilePathWithHostAndPortReplacement( | 494 GetFilePathWithHostAndPortReplacement( |
493 "/ssl/page_runs_and_displays_insecure_content.html", | 495 "/ssl/page_runs_and_displays_insecure_content.html", |
494 embedded_test_server()->host_port_pair(), &replacement_path); | 496 embedded_test_server()->host_port_pair(), &replacement_path); |
495 ui_test_utils::NavigateToURL(browser(), | 497 ui_test_utils::NavigateToURL(browser(), |
496 https_server_.GetURL(replacement_path)); | 498 https_server_.GetURL(replacement_path)); |
497 CheckSecurityInfoForSecure( | 499 CheckSecurityInfoForSecure( |
498 browser()->tab_strip_model()->GetActiveWebContents(), | 500 browser()->tab_strip_model()->GetActiveWebContents(), |
499 SecurityStateModel::SECURITY_ERROR, | 501 SecurityStateModel::SECURITY_ERROR, |
500 SecurityStateModel::DEPRECATED_SHA1_MAJOR, | 502 SecurityStateModel::DEPRECATED_SHA1_MAJOR, |
501 SecurityStateModel::RAN_AND_DISPLAYED_MIXED_CONTENT, | 503 SecurityStateModel::RAN_AND_DISPLAYED_MIXED_CONTENT, false, |
502 false /* expect cert status error */); | 504 false /* expect cert status error */); |
503 } | 505 } |
504 | 506 |
505 // Tests that the Content Security Policy block-all-mixed-content | 507 // Tests that the Content Security Policy block-all-mixed-content |
506 // directive stops mixed content from running. | 508 // directive stops mixed content from running. |
507 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, | 509 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, |
508 MixedContentStrictBlocking) { | 510 MixedContentStrictBlocking) { |
509 ASSERT_TRUE(https_server_.Start()); | 511 ASSERT_TRUE(https_server_.Start()); |
510 SetUpMockCertVerifierForHttpsServer(0, net::OK); | 512 SetUpMockCertVerifierForHttpsServer(0, net::OK); |
511 | 513 |
512 // Navigate to an HTTPS page that tries to run mixed content in an | 514 // Navigate to an HTTPS page that tries to run mixed content in an |
513 // iframe, with strict mixed content blocking. | 515 // iframe, with strict mixed content blocking. |
514 std::string replacement_path; | 516 std::string replacement_path; |
515 net::HostPortPair host_port_pair = | 517 net::HostPortPair host_port_pair = |
516 net::HostPortPair::FromURL(https_server_.GetURL("/")); | 518 net::HostPortPair::FromURL(https_server_.GetURL("/")); |
517 host_port_pair.set_host("different-host.test"); | 519 host_port_pair.set_host("different-host.test"); |
518 host_resolver()->AddRule("different-host.test", | 520 host_resolver()->AddRule("different-host.test", |
519 https_server_.GetURL("/").host()); | 521 https_server_.GetURL("/").host()); |
520 GetFilePathWithHostAndPortReplacement( | 522 GetFilePathWithHostAndPortReplacement( |
521 "/ssl/page_runs_insecure_content_in_iframe_with_strict_blocking.html", | 523 "/ssl/page_runs_insecure_content_in_iframe_with_strict_blocking.html", |
522 host_port_pair, &replacement_path); | 524 host_port_pair, &replacement_path); |
523 ui_test_utils::NavigateToURL(browser(), | 525 ui_test_utils::NavigateToURL(browser(), |
524 https_server_.GetURL(replacement_path)); | 526 https_server_.GetURL(replacement_path)); |
525 CheckSecurityInfoForSecure( | 527 CheckSecurityInfoForSecure( |
526 browser()->tab_strip_model()->GetActiveWebContents(), | 528 browser()->tab_strip_model()->GetActiveWebContents(), |
527 SecurityStateModel::SECURE, SecurityStateModel::NO_DEPRECATED_SHA1, | 529 SecurityStateModel::SECURE, SecurityStateModel::NO_DEPRECATED_SHA1, |
528 SecurityStateModel::NO_MIXED_CONTENT, | 530 SecurityStateModel::NO_MIXED_CONTENT, false, |
529 false /* expect cert status error */); | 531 false /* expect cert status error */); |
530 } | 532 } |
531 | 533 |
532 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, BrokenHTTPS) { | 534 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, BrokenHTTPS) { |
533 ASSERT_TRUE(embedded_test_server()->Start()); | 535 ASSERT_TRUE(embedded_test_server()->Start()); |
534 ASSERT_TRUE(https_server_.Start()); | 536 ASSERT_TRUE(https_server_.Start()); |
535 SetUpMockCertVerifierForHttpsServer(net::CERT_STATUS_DATE_INVALID, | 537 SetUpMockCertVerifierForHttpsServer(net::CERT_STATUS_DATE_INVALID, |
536 net::ERR_CERT_DATE_INVALID); | 538 net::ERR_CERT_DATE_INVALID); |
537 | 539 |
538 ui_test_utils::NavigateToURL(browser(), | 540 ui_test_utils::NavigateToURL(browser(), |
539 https_server_.GetURL("/ssl/google.html")); | 541 https_server_.GetURL("/ssl/google.html")); |
540 CheckSecurityInfoForSecure( | 542 CheckSecurityInfoForSecure( |
541 browser()->tab_strip_model()->GetActiveWebContents(), | 543 browser()->tab_strip_model()->GetActiveWebContents(), |
542 SecurityStateModel::SECURITY_ERROR, | 544 SecurityStateModel::SECURITY_ERROR, |
543 SecurityStateModel::NO_DEPRECATED_SHA1, | 545 SecurityStateModel::NO_DEPRECATED_SHA1, |
544 SecurityStateModel::NO_MIXED_CONTENT, | 546 SecurityStateModel::NO_MIXED_CONTENT, false, |
545 true /* expect cert status error */); | 547 true /* expect cert status error */); |
546 | 548 |
547 ProceedThroughInterstitial( | 549 ProceedThroughInterstitial( |
548 browser()->tab_strip_model()->GetActiveWebContents()); | 550 browser()->tab_strip_model()->GetActiveWebContents()); |
549 | 551 |
550 CheckSecurityInfoForSecure( | 552 CheckSecurityInfoForSecure( |
551 browser()->tab_strip_model()->GetActiveWebContents(), | 553 browser()->tab_strip_model()->GetActiveWebContents(), |
552 SecurityStateModel::SECURITY_ERROR, | 554 SecurityStateModel::SECURITY_ERROR, |
553 SecurityStateModel::NO_DEPRECATED_SHA1, | 555 SecurityStateModel::NO_DEPRECATED_SHA1, |
554 SecurityStateModel::NO_MIXED_CONTENT, | 556 SecurityStateModel::NO_MIXED_CONTENT, false, |
555 true /* expect cert status error */); | 557 true /* expect cert status error */); |
556 | 558 |
557 // Navigate to a broken HTTPS page that displays mixed content. | 559 // Navigate to a broken HTTPS page that displays mixed content. |
558 std::string replacement_path; | 560 std::string replacement_path; |
559 GetFilePathWithHostAndPortReplacement( | 561 GetFilePathWithHostAndPortReplacement( |
560 "/ssl/page_displays_insecure_content.html", | 562 "/ssl/page_displays_insecure_content.html", |
561 embedded_test_server()->host_port_pair(), &replacement_path); | 563 embedded_test_server()->host_port_pair(), &replacement_path); |
562 ui_test_utils::NavigateToURL(browser(), | 564 ui_test_utils::NavigateToURL(browser(), |
563 https_server_.GetURL(replacement_path)); | 565 https_server_.GetURL(replacement_path)); |
564 CheckSecurityInfoForSecure( | 566 CheckSecurityInfoForSecure( |
565 browser()->tab_strip_model()->GetActiveWebContents(), | 567 browser()->tab_strip_model()->GetActiveWebContents(), |
566 SecurityStateModel::SECURITY_ERROR, | 568 SecurityStateModel::SECURITY_ERROR, |
567 SecurityStateModel::NO_DEPRECATED_SHA1, | 569 SecurityStateModel::NO_DEPRECATED_SHA1, |
568 SecurityStateModel::DISPLAYED_MIXED_CONTENT, | 570 SecurityStateModel::DISPLAYED_MIXED_CONTENT, false, |
569 true /* expect cert status error */); | 571 true /* expect cert status error */); |
570 } | 572 } |
571 | 573 |
574 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, PKPBypass) { | |
575 ASSERT_TRUE(https_server_.Start()); | |
576 | |
577 // Need a local trust anchor | |
578 scoped_refptr<net::X509Certificate> cert(https_server_.GetCertificate()); | |
579 net::CertVerifyResult verify_result; | |
580 verify_result.is_issued_by_known_root = false; | |
581 verify_result.verified_cert = cert; | |
582 net::HashValue hash(net::HASH_VALUE_SHA256); | |
583 memset(hash.data(), 1, hash.size()); | |
584 verify_result.public_key_hashes.push_back(hash); | |
585 | |
586 mock_cert_verifier()->AddResultForCert(cert.get(), verify_result, net::OK); | |
587 | |
588 ui_test_utils::NavigateToURL( | |
589 browser(), https_server_.GetURL("/ssl/fuck-youhpkp-headers.html")); | |
estark
2016/06/15 20:36:48
I'm building with this patch to try to see what's
| |
590 | |
591 // Page should be secure | |
592 CheckSecurityInfoForSecure( | |
593 browser()->tab_strip_model()->GetActiveWebContents(), | |
594 SecurityStateModel::SECURE, SecurityStateModel::NO_DEPRECATED_SHA1, | |
595 SecurityStateModel::NO_MIXED_CONTENT, true, false); | |
596 ASSERT_TRUE(true); | |
597 } | |
598 | |
572 // Fails requests with ERR_IO_PENDING. Can be used to simulate a navigation | 599 // Fails requests with ERR_IO_PENDING. Can be used to simulate a navigation |
573 // that never stops loading. | 600 // that never stops loading. |
574 class PendingJobInterceptor : public net::URLRequestInterceptor { | 601 class PendingJobInterceptor : public net::URLRequestInterceptor { |
575 public: | 602 public: |
576 PendingJobInterceptor() {} | 603 PendingJobInterceptor() {} |
577 ~PendingJobInterceptor() override {} | 604 ~PendingJobInterceptor() override {} |
578 | 605 |
579 // URLRequestInterceptor implementation | 606 // URLRequestInterceptor implementation |
580 net::URLRequestJob* MaybeInterceptRequest( | 607 net::URLRequestJob* MaybeInterceptRequest( |
581 net::URLRequest* request, | 608 net::URLRequest* request, |
(...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
619 IN_PROC_BROWSER_TEST_F(SecurityStateModelLoadingTest, NavigationStateChanges) { | 646 IN_PROC_BROWSER_TEST_F(SecurityStateModelLoadingTest, NavigationStateChanges) { |
620 ASSERT_TRUE(https_server_.Start()); | 647 ASSERT_TRUE(https_server_.Start()); |
621 SetUpMockCertVerifierForHttpsServer(0, net::OK); | 648 SetUpMockCertVerifierForHttpsServer(0, net::OK); |
622 | 649 |
623 // Navigate to an HTTPS page. | 650 // Navigate to an HTTPS page. |
624 ui_test_utils::NavigateToURL(browser(), | 651 ui_test_utils::NavigateToURL(browser(), |
625 https_server_.GetURL("/ssl/google.html")); | 652 https_server_.GetURL("/ssl/google.html")); |
626 CheckSecurityInfoForSecure( | 653 CheckSecurityInfoForSecure( |
627 browser()->tab_strip_model()->GetActiveWebContents(), | 654 browser()->tab_strip_model()->GetActiveWebContents(), |
628 SecurityStateModel::SECURE, SecurityStateModel::NO_DEPRECATED_SHA1, | 655 SecurityStateModel::SECURE, SecurityStateModel::NO_DEPRECATED_SHA1, |
629 SecurityStateModel::NO_MIXED_CONTENT, | 656 SecurityStateModel::NO_MIXED_CONTENT, false, |
630 false /* expect cert status error */); | 657 false /* expect cert status error */); |
631 | 658 |
632 // Navigate to a page that doesn't finish loading. Test that the | 659 // Navigate to a page that doesn't finish loading. Test that the |
633 // security state is neutral while the page is loading. | 660 // security state is neutral while the page is loading. |
634 browser()->OpenURL(content::OpenURLParams(embedded_test_server()->GetURL("/"), | 661 browser()->OpenURL(content::OpenURLParams(embedded_test_server()->GetURL("/"), |
635 content::Referrer(), CURRENT_TAB, | 662 content::Referrer(), CURRENT_TAB, |
636 ui::PAGE_TRANSITION_TYPED, false)); | 663 ui::PAGE_TRANSITION_TYPED, false)); |
637 CheckSecurityInfoForNonSecure( | 664 CheckSecurityInfoForNonSecure( |
638 browser()->tab_strip_model()->GetActiveWebContents()); | 665 browser()->tab_strip_model()->GetActiveWebContents()); |
639 } | 666 } |
(...skipping 11 matching lines...) Expand all Loading... | |
651 content::WebContents* new_contents = content::WebContents::Create( | 678 content::WebContents* new_contents = content::WebContents::Create( |
652 content::WebContents::CreateParams(tab->GetBrowserContext())); | 679 content::WebContents::CreateParams(tab->GetBrowserContext())); |
653 content::NavigationController& controller = new_contents->GetController(); | 680 content::NavigationController& controller = new_contents->GetController(); |
654 ChromeSecurityStateModelClient::CreateForWebContents(new_contents); | 681 ChromeSecurityStateModelClient::CreateForWebContents(new_contents); |
655 CheckSecurityInfoForNonSecure(new_contents); | 682 CheckSecurityInfoForNonSecure(new_contents); |
656 controller.LoadURL(https_server_.GetURL("/"), content::Referrer(), | 683 controller.LoadURL(https_server_.GetURL("/"), content::Referrer(), |
657 ui::PAGE_TRANSITION_TYPED, std::string()); | 684 ui::PAGE_TRANSITION_TYPED, std::string()); |
658 EXPECT_TRUE(content::WaitForLoadStop(new_contents)); | 685 EXPECT_TRUE(content::WaitForLoadStop(new_contents)); |
659 CheckSecurityInfoForSecure(new_contents, SecurityStateModel::SECURE, | 686 CheckSecurityInfoForSecure(new_contents, SecurityStateModel::SECURE, |
660 SecurityStateModel::NO_DEPRECATED_SHA1, | 687 SecurityStateModel::NO_DEPRECATED_SHA1, |
661 SecurityStateModel::NO_MIXED_CONTENT, | 688 SecurityStateModel::NO_MIXED_CONTENT, false, |
662 false /* expect cert status error */); | 689 false /* expect cert status error */); |
663 | 690 |
664 browser()->tab_strip_model()->InsertWebContentsAt(0, new_contents, | 691 browser()->tab_strip_model()->InsertWebContentsAt(0, new_contents, |
665 TabStripModel::ADD_NONE); | 692 TabStripModel::ADD_NONE); |
666 CheckSecurityInfoForSecure(new_contents, SecurityStateModel::SECURE, | 693 CheckSecurityInfoForSecure(new_contents, SecurityStateModel::SECURE, |
667 SecurityStateModel::NO_DEPRECATED_SHA1, | 694 SecurityStateModel::NO_DEPRECATED_SHA1, |
668 SecurityStateModel::NO_MIXED_CONTENT, | 695 SecurityStateModel::NO_MIXED_CONTENT, false, |
669 false /* expect cert status error */); | 696 false /* expect cert status error */); |
670 } | 697 } |
671 | 698 |
672 // Tests that the WebContentsObserver::SecurityStyleChanged event fires | 699 // Tests that the WebContentsObserver::SecurityStyleChanged event fires |
673 // with the current style on HTTP, broken HTTPS, and valid HTTPS pages. | 700 // with the current style on HTTP, broken HTTPS, and valid HTTPS pages. |
674 IN_PROC_BROWSER_TEST_F(SecurityStyleChangedTest, SecurityStyleChangedObserver) { | 701 IN_PROC_BROWSER_TEST_F(SecurityStyleChangedTest, SecurityStyleChangedObserver) { |
675 ASSERT_TRUE(https_server_.Start()); | 702 ASSERT_TRUE(https_server_.Start()); |
676 ASSERT_TRUE(embedded_test_server()->Start()); | 703 ASSERT_TRUE(embedded_test_server()->Start()); |
677 | 704 |
678 net::EmbeddedTestServer https_test_server_expired( | 705 net::EmbeddedTestServer https_test_server_expired( |
(...skipping 10 matching lines...) Expand all Loading... | |
689 // Visit an HTTP url. | 716 // Visit an HTTP url. |
690 GURL http_url(embedded_test_server()->GetURL("/")); | 717 GURL http_url(embedded_test_server()->GetURL("/")); |
691 ui_test_utils::NavigateToURL(browser(), http_url); | 718 ui_test_utils::NavigateToURL(browser(), http_url); |
692 EXPECT_EQ(content::SECURITY_STYLE_UNAUTHENTICATED, | 719 EXPECT_EQ(content::SECURITY_STYLE_UNAUTHENTICATED, |
693 observer.latest_security_style()); | 720 observer.latest_security_style()); |
694 EXPECT_EQ(0u, | 721 EXPECT_EQ(0u, |
695 observer.latest_explanations().unauthenticated_explanations.size()); | 722 observer.latest_explanations().unauthenticated_explanations.size()); |
696 EXPECT_EQ(0u, observer.latest_explanations().broken_explanations.size()); | 723 EXPECT_EQ(0u, observer.latest_explanations().broken_explanations.size()); |
697 EXPECT_EQ(0u, observer.latest_explanations().secure_explanations.size()); | 724 EXPECT_EQ(0u, observer.latest_explanations().secure_explanations.size()); |
698 EXPECT_FALSE(observer.latest_explanations().scheme_is_cryptographic); | 725 EXPECT_FALSE(observer.latest_explanations().scheme_is_cryptographic); |
726 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); | |
699 EXPECT_FALSE(observer.latest_explanations().ran_insecure_content); | 727 EXPECT_FALSE(observer.latest_explanations().ran_insecure_content); |
700 EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content); | 728 EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content); |
701 | 729 |
702 // Visit an (otherwise valid) HTTPS page that displays mixed content. | 730 // Visit an (otherwise valid) HTTPS page that displays mixed content. |
703 std::string replacement_path; | 731 std::string replacement_path; |
704 GetFilePathWithHostAndPortReplacement( | 732 GetFilePathWithHostAndPortReplacement( |
705 "/ssl/page_displays_insecure_content.html", | 733 "/ssl/page_displays_insecure_content.html", |
706 embedded_test_server()->host_port_pair(), &replacement_path); | 734 embedded_test_server()->host_port_pair(), &replacement_path); |
707 | 735 |
708 GURL mixed_content_url(https_server_.GetURL(replacement_path)); | 736 GURL mixed_content_url(https_server_.GetURL(replacement_path)); |
709 ui_test_utils::NavigateToURL(browser(), mixed_content_url); | 737 ui_test_utils::NavigateToURL(browser(), mixed_content_url); |
710 EXPECT_EQ(content::SECURITY_STYLE_UNAUTHENTICATED, | 738 EXPECT_EQ(content::SECURITY_STYLE_UNAUTHENTICATED, |
711 observer.latest_security_style()); | 739 observer.latest_security_style()); |
712 | 740 |
713 const content::SecurityStyleExplanations& mixed_content_explanation = | 741 const content::SecurityStyleExplanations& mixed_content_explanation = |
714 observer.latest_explanations(); | 742 observer.latest_explanations(); |
715 ASSERT_EQ(0u, mixed_content_explanation.unauthenticated_explanations.size()); | 743 ASSERT_EQ(0u, mixed_content_explanation.unauthenticated_explanations.size()); |
716 ASSERT_EQ(0u, mixed_content_explanation.broken_explanations.size()); | 744 ASSERT_EQ(0u, mixed_content_explanation.broken_explanations.size()); |
717 CheckSecureExplanations(mixed_content_explanation.secure_explanations, | 745 CheckSecureExplanations(mixed_content_explanation.secure_explanations, |
718 VALID_CERTIFICATE, browser()); | 746 VALID_CERTIFICATE, browser()); |
719 EXPECT_TRUE(mixed_content_explanation.scheme_is_cryptographic); | 747 EXPECT_TRUE(mixed_content_explanation.scheme_is_cryptographic); |
748 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); | |
720 EXPECT_TRUE(mixed_content_explanation.displayed_insecure_content); | 749 EXPECT_TRUE(mixed_content_explanation.displayed_insecure_content); |
721 EXPECT_FALSE(mixed_content_explanation.ran_insecure_content); | 750 EXPECT_FALSE(mixed_content_explanation.ran_insecure_content); |
722 EXPECT_EQ(content::SECURITY_STYLE_UNAUTHENTICATED, | 751 EXPECT_EQ(content::SECURITY_STYLE_UNAUTHENTICATED, |
723 mixed_content_explanation.displayed_insecure_content_style); | 752 mixed_content_explanation.displayed_insecure_content_style); |
724 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATION_BROKEN, | 753 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATION_BROKEN, |
725 mixed_content_explanation.ran_insecure_content_style); | 754 mixed_content_explanation.ran_insecure_content_style); |
726 | 755 |
727 // Visit a broken HTTPS url. | 756 // Visit a broken HTTPS url. |
728 GURL expired_url(https_test_server_expired.GetURL(std::string("/"))); | 757 GURL expired_url(https_test_server_expired.GetURL(std::string("/"))); |
729 ui_test_utils::NavigateToURL(browser(), expired_url); | 758 ui_test_utils::NavigateToURL(browser(), expired_url); |
730 | 759 |
731 // An interstitial should show, and an event for the lock icon on the | 760 // An interstitial should show, and an event for the lock icon on the |
732 // interstitial should fire. | 761 // interstitial should fire. |
733 content::WaitForInterstitialAttach(web_contents); | 762 content::WaitForInterstitialAttach(web_contents); |
734 EXPECT_TRUE(web_contents->ShowingInterstitialPage()); | 763 EXPECT_TRUE(web_contents->ShowingInterstitialPage()); |
735 CheckBrokenSecurityStyle(observer, net::ERR_CERT_DATE_INVALID, browser()); | 764 CheckBrokenSecurityStyle(observer, net::ERR_CERT_DATE_INVALID, browser()); |
736 CheckSecureExplanations(observer.latest_explanations().secure_explanations, | 765 CheckSecureExplanations(observer.latest_explanations().secure_explanations, |
737 INVALID_CERTIFICATE, browser()); | 766 INVALID_CERTIFICATE, browser()); |
738 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); | 767 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); |
768 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); | |
739 EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content); | 769 EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content); |
740 EXPECT_FALSE(observer.latest_explanations().ran_insecure_content); | 770 EXPECT_FALSE(observer.latest_explanations().ran_insecure_content); |
741 | 771 |
742 // Before clicking through, navigate to a different page, and then go | 772 // Before clicking through, navigate to a different page, and then go |
743 // back to the interstitial. | 773 // back to the interstitial. |
744 GURL valid_https_url(https_server_.GetURL(std::string("/"))); | 774 GURL valid_https_url(https_server_.GetURL(std::string("/"))); |
745 ui_test_utils::NavigateToURL(browser(), valid_https_url); | 775 ui_test_utils::NavigateToURL(browser(), valid_https_url); |
746 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATED, | 776 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATED, |
747 observer.latest_security_style()); | 777 observer.latest_security_style()); |
748 EXPECT_EQ(0u, | 778 EXPECT_EQ(0u, |
749 observer.latest_explanations().unauthenticated_explanations.size()); | 779 observer.latest_explanations().unauthenticated_explanations.size()); |
750 EXPECT_EQ(0u, observer.latest_explanations().broken_explanations.size()); | 780 EXPECT_EQ(0u, observer.latest_explanations().broken_explanations.size()); |
751 CheckSecureExplanations(observer.latest_explanations().secure_explanations, | 781 CheckSecureExplanations(observer.latest_explanations().secure_explanations, |
752 VALID_CERTIFICATE, browser()); | 782 VALID_CERTIFICATE, browser()); |
753 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); | 783 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); |
784 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); | |
754 EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content); | 785 EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content); |
755 EXPECT_FALSE(observer.latest_explanations().ran_insecure_content); | 786 EXPECT_FALSE(observer.latest_explanations().ran_insecure_content); |
756 | 787 |
757 // After going back to the interstitial, an event for a broken lock | 788 // After going back to the interstitial, an event for a broken lock |
758 // icon should fire again. | 789 // icon should fire again. |
759 ui_test_utils::NavigateToURL(browser(), expired_url); | 790 ui_test_utils::NavigateToURL(browser(), expired_url); |
760 content::WaitForInterstitialAttach(web_contents); | 791 content::WaitForInterstitialAttach(web_contents); |
761 EXPECT_TRUE(web_contents->ShowingInterstitialPage()); | 792 EXPECT_TRUE(web_contents->ShowingInterstitialPage()); |
762 CheckBrokenSecurityStyle(observer, net::ERR_CERT_DATE_INVALID, browser()); | 793 CheckBrokenSecurityStyle(observer, net::ERR_CERT_DATE_INVALID, browser()); |
763 CheckSecureExplanations(observer.latest_explanations().secure_explanations, | 794 CheckSecureExplanations(observer.latest_explanations().secure_explanations, |
764 INVALID_CERTIFICATE, browser()); | 795 INVALID_CERTIFICATE, browser()); |
765 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); | 796 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); |
797 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); | |
766 EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content); | 798 EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content); |
767 EXPECT_FALSE(observer.latest_explanations().ran_insecure_content); | 799 EXPECT_FALSE(observer.latest_explanations().ran_insecure_content); |
768 | 800 |
769 // Since the next expected style is the same as the previous, clear | 801 // Since the next expected style is the same as the previous, clear |
770 // the observer (to make sure that the event fires twice and we don't | 802 // the observer (to make sure that the event fires twice and we don't |
771 // just see the previous event's style). | 803 // just see the previous event's style). |
772 observer.ClearLatestSecurityStyleAndExplanations(); | 804 observer.ClearLatestSecurityStyleAndExplanations(); |
773 | 805 |
774 // Other conditions cannot be tested on this host after clicking | 806 // Other conditions cannot be tested on this host after clicking |
775 // through because once the interstitial is clicked through, all URLs | 807 // through because once the interstitial is clicked through, all URLs |
776 // for this host will remain in a broken state. | 808 // for this host will remain in a broken state. |
777 ProceedThroughInterstitial(web_contents); | 809 ProceedThroughInterstitial(web_contents); |
778 CheckBrokenSecurityStyle(observer, net::ERR_CERT_DATE_INVALID, browser()); | 810 CheckBrokenSecurityStyle(observer, net::ERR_CERT_DATE_INVALID, browser()); |
779 CheckSecureExplanations(observer.latest_explanations().secure_explanations, | 811 CheckSecureExplanations(observer.latest_explanations().secure_explanations, |
780 INVALID_CERTIFICATE, browser()); | 812 INVALID_CERTIFICATE, browser()); |
781 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); | 813 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); |
814 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); | |
782 EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content); | 815 EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content); |
783 EXPECT_FALSE(observer.latest_explanations().ran_insecure_content); | 816 EXPECT_FALSE(observer.latest_explanations().ran_insecure_content); |
784 } | 817 } |
785 | 818 |
786 // Visit a valid HTTPS page, then a broken HTTPS page, and then go back, | 819 // Visit a valid HTTPS page, then a broken HTTPS page, and then go back, |
787 // and test that the observed security style matches. | 820 // and test that the observed security style matches. |
788 IN_PROC_BROWSER_TEST_F(SecurityStyleChangedTest, | 821 IN_PROC_BROWSER_TEST_F(SecurityStyleChangedTest, |
789 SecurityStyleChangedObserverGoBack) { | 822 SecurityStyleChangedObserverGoBack) { |
790 ASSERT_TRUE(https_server_.Start()); | 823 ASSERT_TRUE(https_server_.Start()); |
791 | 824 |
(...skipping 12 matching lines...) Expand all Loading... | |
804 GURL valid_https_url(https_server_.GetURL(std::string("/"))); | 837 GURL valid_https_url(https_server_.GetURL(std::string("/"))); |
805 ui_test_utils::NavigateToURL(browser(), valid_https_url); | 838 ui_test_utils::NavigateToURL(browser(), valid_https_url); |
806 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATED, | 839 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATED, |
807 observer.latest_security_style()); | 840 observer.latest_security_style()); |
808 EXPECT_EQ(0u, | 841 EXPECT_EQ(0u, |
809 observer.latest_explanations().unauthenticated_explanations.size()); | 842 observer.latest_explanations().unauthenticated_explanations.size()); |
810 EXPECT_EQ(0u, observer.latest_explanations().broken_explanations.size()); | 843 EXPECT_EQ(0u, observer.latest_explanations().broken_explanations.size()); |
811 CheckSecureExplanations(observer.latest_explanations().secure_explanations, | 844 CheckSecureExplanations(observer.latest_explanations().secure_explanations, |
812 VALID_CERTIFICATE, browser()); | 845 VALID_CERTIFICATE, browser()); |
813 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); | 846 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); |
847 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); | |
814 EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content); | 848 EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content); |
815 EXPECT_FALSE(observer.latest_explanations().ran_insecure_content); | 849 EXPECT_FALSE(observer.latest_explanations().ran_insecure_content); |
816 | 850 |
817 // Navigate to a bad HTTPS page on a different host, and then click | 851 // Navigate to a bad HTTPS page on a different host, and then click |
818 // Back to verify that the previous good security style is seen again. | 852 // Back to verify that the previous good security style is seen again. |
819 GURL expired_https_url(https_test_server_expired.GetURL(std::string("/"))); | 853 GURL expired_https_url(https_test_server_expired.GetURL(std::string("/"))); |
820 host_resolver()->AddRule("www.example_broken.test", "127.0.0.1"); | 854 host_resolver()->AddRule("www.example_broken.test", "127.0.0.1"); |
821 GURL::Replacements replace_host; | 855 GURL::Replacements replace_host; |
822 replace_host.SetHostStr("www.example_broken.test"); | 856 replace_host.SetHostStr("www.example_broken.test"); |
823 GURL https_url_different_host = | 857 GURL https_url_different_host = |
824 expired_https_url.ReplaceComponents(replace_host); | 858 expired_https_url.ReplaceComponents(replace_host); |
825 | 859 |
826 ui_test_utils::NavigateToURL(browser(), https_url_different_host); | 860 ui_test_utils::NavigateToURL(browser(), https_url_different_host); |
827 | 861 |
828 content::WaitForInterstitialAttach(web_contents); | 862 content::WaitForInterstitialAttach(web_contents); |
829 EXPECT_TRUE(web_contents->ShowingInterstitialPage()); | 863 EXPECT_TRUE(web_contents->ShowingInterstitialPage()); |
830 CheckBrokenSecurityStyle(observer, net::ERR_CERT_COMMON_NAME_INVALID, | 864 CheckBrokenSecurityStyle(observer, net::ERR_CERT_COMMON_NAME_INVALID, |
831 browser()); | 865 browser()); |
832 ProceedThroughInterstitial(web_contents); | 866 ProceedThroughInterstitial(web_contents); |
833 CheckBrokenSecurityStyle(observer, net::ERR_CERT_COMMON_NAME_INVALID, | 867 CheckBrokenSecurityStyle(observer, net::ERR_CERT_COMMON_NAME_INVALID, |
834 browser()); | 868 browser()); |
835 CheckSecureExplanations(observer.latest_explanations().secure_explanations, | 869 CheckSecureExplanations(observer.latest_explanations().secure_explanations, |
836 INVALID_CERTIFICATE, browser()); | 870 INVALID_CERTIFICATE, browser()); |
837 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); | 871 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); |
872 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); | |
838 EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content); | 873 EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content); |
839 EXPECT_FALSE(observer.latest_explanations().ran_insecure_content); | 874 EXPECT_FALSE(observer.latest_explanations().ran_insecure_content); |
840 | 875 |
841 content::WindowedNotificationObserver back_nav_load_observer( | 876 content::WindowedNotificationObserver back_nav_load_observer( |
842 content::NOTIFICATION_LOAD_STOP, | 877 content::NOTIFICATION_LOAD_STOP, |
843 content::Source<content::NavigationController>( | 878 content::Source<content::NavigationController>( |
844 &web_contents->GetController())); | 879 &web_contents->GetController())); |
845 chrome::GoBack(browser(), CURRENT_TAB); | 880 chrome::GoBack(browser(), CURRENT_TAB); |
846 back_nav_load_observer.Wait(); | 881 back_nav_load_observer.Wait(); |
847 | 882 |
848 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATED, | 883 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATED, |
849 observer.latest_security_style()); | 884 observer.latest_security_style()); |
850 EXPECT_EQ(0u, | 885 EXPECT_EQ(0u, |
851 observer.latest_explanations().unauthenticated_explanations.size()); | 886 observer.latest_explanations().unauthenticated_explanations.size()); |
852 EXPECT_EQ(0u, observer.latest_explanations().broken_explanations.size()); | 887 EXPECT_EQ(0u, observer.latest_explanations().broken_explanations.size()); |
853 CheckSecureExplanations(observer.latest_explanations().secure_explanations, | 888 CheckSecureExplanations(observer.latest_explanations().secure_explanations, |
854 VALID_CERTIFICATE, browser()); | 889 VALID_CERTIFICATE, browser()); |
855 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); | 890 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); |
891 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); | |
856 EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content); | 892 EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content); |
857 EXPECT_FALSE(observer.latest_explanations().ran_insecure_content); | 893 EXPECT_FALSE(observer.latest_explanations().ran_insecure_content); |
858 } | 894 } |
859 | 895 |
860 // After AddNonsecureUrlHandler() is called, requests to this hostname | 896 // After AddNonsecureUrlHandler() is called, requests to this hostname |
861 // will use obsolete TLS settings. | 897 // will use obsolete TLS settings. |
862 const char kMockNonsecureHostname[] = "example-nonsecure.test"; | 898 const char kMockNonsecureHostname[] = "example-nonsecure.test"; |
863 | 899 |
864 // A URLRequestMockHTTPJob that mocks a TLS connection with an obsolete | 900 // A URLRequestMockHTTPJob that mocks a TLS connection with an obsolete |
865 // protocol version. | 901 // protocol version. |
(...skipping 122 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
988 // downgraded: SECURE_PROTOCOL_AND_CIPHERSUITE should not show up when | 1024 // downgraded: SECURE_PROTOCOL_AND_CIPHERSUITE should not show up when |
989 // the TLS settings are obsolete. | 1025 // the TLS settings are obsolete. |
990 for (const auto& explanation : | 1026 for (const auto& explanation : |
991 observer.latest_explanations().secure_explanations) { | 1027 observer.latest_explanations().secure_explanations) { |
992 EXPECT_NE(l10n_util::GetStringUTF8(IDS_SECURE_PROTOCOL_AND_CIPHERSUITE), | 1028 EXPECT_NE(l10n_util::GetStringUTF8(IDS_SECURE_PROTOCOL_AND_CIPHERSUITE), |
993 explanation.summary); | 1029 explanation.summary); |
994 } | 1030 } |
995 } | 1031 } |
996 | 1032 |
997 } // namespace | 1033 } // namespace |
OLD | NEW |