OLD | NEW |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/ssl/chrome_security_state_model_client.h" | 5 #include "chrome/browser/ssl/chrome_security_state_model_client.h" |
6 | 6 |
7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
8 #include "base/files/file_path.h" | 8 #include "base/files/file_path.h" |
9 #include "base/macros.h" | 9 #include "base/macros.h" |
10 #include "base/strings/string_split.h" | 10 #include "base/strings/string_split.h" |
(...skipping 92 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
103 void CheckBrokenSecurityStyle(const SecurityStyleTestObserver& observer, | 103 void CheckBrokenSecurityStyle(const SecurityStyleTestObserver& observer, |
104 int error, | 104 int error, |
105 Browser* browser) { | 105 Browser* browser) { |
106 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATION_BROKEN, | 106 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATION_BROKEN, |
107 observer.latest_security_style()); | 107 observer.latest_security_style()); |
108 | 108 |
109 const content::SecurityStyleExplanations& expired_explanation = | 109 const content::SecurityStyleExplanations& expired_explanation = |
110 observer.latest_explanations(); | 110 observer.latest_explanations(); |
111 EXPECT_EQ(0u, expired_explanation.unauthenticated_explanations.size()); | 111 EXPECT_EQ(0u, expired_explanation.unauthenticated_explanations.size()); |
112 ASSERT_EQ(1u, expired_explanation.broken_explanations.size()); | 112 ASSERT_EQ(1u, expired_explanation.broken_explanations.size()); |
| 113 EXPECT_FALSE(expired_explanation.pkp_bypassed); |
113 | 114 |
114 // Check that the summary and description are as expected. | 115 // Check that the summary and description are as expected. |
115 EXPECT_EQ(l10n_util::GetStringUTF8(IDS_CERTIFICATE_CHAIN_ERROR), | 116 EXPECT_EQ(l10n_util::GetStringUTF8(IDS_CERTIFICATE_CHAIN_ERROR), |
116 expired_explanation.broken_explanations[0].summary); | 117 expired_explanation.broken_explanations[0].summary); |
117 | 118 |
118 base::string16 error_string = base::UTF8ToUTF16(net::ErrorToString(error)); | 119 base::string16 error_string = base::UTF8ToUTF16(net::ErrorToString(error)); |
119 EXPECT_EQ(l10n_util::GetStringFUTF8( | 120 EXPECT_EQ(l10n_util::GetStringFUTF8( |
120 IDS_CERTIFICATE_CHAIN_ERROR_DESCRIPTION_FORMAT, error_string), | 121 IDS_CERTIFICATE_CHAIN_ERROR_DESCRIPTION_FORMAT, error_string), |
121 expired_explanation.broken_explanations[0].description); | 122 expired_explanation.broken_explanations[0].description); |
122 | 123 |
(...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
158 EXPECT_EQ( | 159 EXPECT_EQ( |
159 l10n_util::GetStringUTF8(IDS_SECURE_PROTOCOL_AND_CIPHERSUITE_DESCRIPTION), | 160 l10n_util::GetStringUTF8(IDS_SECURE_PROTOCOL_AND_CIPHERSUITE_DESCRIPTION), |
160 secure_explanations.back().description); | 161 secure_explanations.back().description); |
161 } | 162 } |
162 | 163 |
163 void CheckSecurityInfoForSecure( | 164 void CheckSecurityInfoForSecure( |
164 content::WebContents* contents, | 165 content::WebContents* contents, |
165 SecurityStateModel::SecurityLevel expect_security_level, | 166 SecurityStateModel::SecurityLevel expect_security_level, |
166 SecurityStateModel::SHA1DeprecationStatus expect_sha1_status, | 167 SecurityStateModel::SHA1DeprecationStatus expect_sha1_status, |
167 SecurityStateModel::MixedContentStatus expect_mixed_content_status, | 168 SecurityStateModel::MixedContentStatus expect_mixed_content_status, |
| 169 bool pkp_bypassed, |
168 bool expect_cert_error) { | 170 bool expect_cert_error) { |
169 ASSERT_TRUE(contents); | 171 ASSERT_TRUE(contents); |
170 | 172 |
171 ChromeSecurityStateModelClient* model_client = | 173 ChromeSecurityStateModelClient* model_client = |
172 ChromeSecurityStateModelClient::FromWebContents(contents); | 174 ChromeSecurityStateModelClient::FromWebContents(contents); |
173 ASSERT_TRUE(model_client); | 175 ASSERT_TRUE(model_client); |
174 const SecurityStateModel::SecurityInfo& security_info = | 176 const SecurityStateModel::SecurityInfo& security_info = |
175 model_client->GetSecurityInfo(); | 177 model_client->GetSecurityInfo(); |
176 EXPECT_EQ(expect_security_level, security_info.security_level); | 178 EXPECT_EQ(expect_security_level, security_info.security_level); |
177 EXPECT_EQ(expect_sha1_status, security_info.sha1_deprecation_status); | 179 EXPECT_EQ(expect_sha1_status, security_info.sha1_deprecation_status); |
178 EXPECT_EQ(expect_mixed_content_status, security_info.mixed_content_status); | 180 EXPECT_EQ(expect_mixed_content_status, security_info.mixed_content_status); |
179 EXPECT_TRUE(security_info.sct_verify_statuses.empty()); | 181 EXPECT_TRUE(security_info.sct_verify_statuses.empty()); |
180 EXPECT_TRUE(security_info.scheme_is_cryptographic); | 182 EXPECT_TRUE(security_info.scheme_is_cryptographic); |
| 183 EXPECT_EQ(pkp_bypassed, security_info.pkp_bypassed); |
181 EXPECT_EQ(expect_cert_error, | 184 EXPECT_EQ(expect_cert_error, |
182 net::IsCertStatusError(security_info.cert_status)); | 185 net::IsCertStatusError(security_info.cert_status)); |
183 EXPECT_GT(security_info.security_bits, 0); | 186 EXPECT_GT(security_info.security_bits, 0); |
184 | 187 |
185 content::CertStore* cert_store = content::CertStore::GetInstance(); | 188 content::CertStore* cert_store = content::CertStore::GetInstance(); |
186 scoped_refptr<net::X509Certificate> cert; | 189 scoped_refptr<net::X509Certificate> cert; |
187 EXPECT_TRUE(cert_store->RetrieveCert(security_info.cert_id, &cert)); | 190 EXPECT_TRUE(cert_store->RetrieveCert(security_info.cert_id, &cert)); |
188 } | 191 } |
189 | 192 |
190 void CheckSecurityInfoForNonSecure(content::WebContents* contents) { | 193 void CheckSecurityInfoForNonSecure(content::WebContents* contents) { |
(...skipping 117 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
308 | 311 |
309 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, HttpsPage) { | 312 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, HttpsPage) { |
310 ASSERT_TRUE(https_server_.Start()); | 313 ASSERT_TRUE(https_server_.Start()); |
311 SetUpMockCertVerifierForHttpsServer(0, net::OK); | 314 SetUpMockCertVerifierForHttpsServer(0, net::OK); |
312 | 315 |
313 ui_test_utils::NavigateToURL(browser(), | 316 ui_test_utils::NavigateToURL(browser(), |
314 https_server_.GetURL("/ssl/google.html")); | 317 https_server_.GetURL("/ssl/google.html")); |
315 CheckSecurityInfoForSecure( | 318 CheckSecurityInfoForSecure( |
316 browser()->tab_strip_model()->GetActiveWebContents(), | 319 browser()->tab_strip_model()->GetActiveWebContents(), |
317 SecurityStateModel::SECURE, SecurityStateModel::NO_DEPRECATED_SHA1, | 320 SecurityStateModel::SECURE, SecurityStateModel::NO_DEPRECATED_SHA1, |
318 SecurityStateModel::NO_MIXED_CONTENT, | 321 SecurityStateModel::NO_MIXED_CONTENT, false, |
319 false /* expect cert status error */); | 322 false /* expect cert status error */); |
320 } | 323 } |
321 | 324 |
322 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, SHA1Broken) { | 325 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, SHA1Broken) { |
323 ASSERT_TRUE(https_server_.Start()); | 326 ASSERT_TRUE(https_server_.Start()); |
324 // The test server uses a long-lived cert by default, so a SHA1 | 327 // The test server uses a long-lived cert by default, so a SHA1 |
325 // signature in it will register as a "broken" condition rather than | 328 // signature in it will register as a "broken" condition rather than |
326 // "warning". | 329 // "warning". |
327 SetUpMockCertVerifierForHttpsServer(net::CERT_STATUS_SHA1_SIGNATURE_PRESENT, | 330 SetUpMockCertVerifierForHttpsServer(net::CERT_STATUS_SHA1_SIGNATURE_PRESENT, |
328 net::OK); | 331 net::OK); |
329 | 332 |
330 ui_test_utils::NavigateToURL(browser(), | 333 ui_test_utils::NavigateToURL(browser(), |
331 https_server_.GetURL("/ssl/google.html")); | 334 https_server_.GetURL("/ssl/google.html")); |
332 CheckSecurityInfoForSecure( | 335 CheckSecurityInfoForSecure( |
333 browser()->tab_strip_model()->GetActiveWebContents(), | 336 browser()->tab_strip_model()->GetActiveWebContents(), |
334 SecurityStateModel::SECURITY_ERROR, | 337 SecurityStateModel::SECURITY_ERROR, |
335 SecurityStateModel::DEPRECATED_SHA1_MAJOR, | 338 SecurityStateModel::DEPRECATED_SHA1_MAJOR, |
336 SecurityStateModel::NO_MIXED_CONTENT, | 339 SecurityStateModel::NO_MIXED_CONTENT, false, |
337 false /* expect cert status error */); | 340 false /* expect cert status error */); |
338 } | 341 } |
339 | 342 |
340 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, MixedContent) { | 343 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, MixedContent) { |
341 ASSERT_TRUE(embedded_test_server()->Start()); | 344 ASSERT_TRUE(embedded_test_server()->Start()); |
342 ASSERT_TRUE(https_server_.Start()); | 345 ASSERT_TRUE(https_server_.Start()); |
343 SetUpMockCertVerifierForHttpsServer(0, net::OK); | 346 SetUpMockCertVerifierForHttpsServer(0, net::OK); |
344 host_resolver()->AddRule("example.test", | 347 host_resolver()->AddRule("example.test", |
345 https_server_.GetURL("/").host()); | 348 https_server_.GetURL("/").host()); |
346 | 349 |
347 net::HostPortPair replacement_pair = embedded_test_server()->host_port_pair(); | 350 net::HostPortPair replacement_pair = embedded_test_server()->host_port_pair(); |
348 replacement_pair.set_host("example.test"); | 351 replacement_pair.set_host("example.test"); |
349 | 352 |
350 // Navigate to an HTTPS page that displays mixed content. | 353 // Navigate to an HTTPS page that displays mixed content. |
351 std::string replacement_path; | 354 std::string replacement_path; |
352 GetFilePathWithHostAndPortReplacement( | 355 GetFilePathWithHostAndPortReplacement( |
353 "/ssl/page_displays_insecure_content.html", | 356 "/ssl/page_displays_insecure_content.html", |
354 replacement_pair, &replacement_path); | 357 replacement_pair, &replacement_path); |
355 ui_test_utils::NavigateToURL(browser(), | 358 ui_test_utils::NavigateToURL(browser(), |
356 https_server_.GetURL(replacement_path)); | 359 https_server_.GetURL(replacement_path)); |
357 CheckSecurityInfoForSecure( | 360 CheckSecurityInfoForSecure( |
358 browser()->tab_strip_model()->GetActiveWebContents(), | 361 browser()->tab_strip_model()->GetActiveWebContents(), |
359 SecurityStateModel::NONE, SecurityStateModel::NO_DEPRECATED_SHA1, | 362 SecurityStateModel::NONE, SecurityStateModel::NO_DEPRECATED_SHA1, |
360 SecurityStateModel::DISPLAYED_MIXED_CONTENT, | 363 SecurityStateModel::DISPLAYED_MIXED_CONTENT, false, |
361 false /* expect cert status error */); | 364 false /* expect cert status error */); |
362 | 365 |
363 // Navigate to an HTTPS page that displays mixed content dynamically. | 366 // Navigate to an HTTPS page that displays mixed content dynamically. |
364 GetFilePathWithHostAndPortReplacement( | 367 GetFilePathWithHostAndPortReplacement( |
365 "/ssl/page_with_dynamic_insecure_content.html", | 368 "/ssl/page_with_dynamic_insecure_content.html", |
366 replacement_pair, &replacement_path); | 369 replacement_pair, &replacement_path); |
367 ui_test_utils::NavigateToURL(browser(), | 370 ui_test_utils::NavigateToURL(browser(), |
368 https_server_.GetURL(replacement_path)); | 371 https_server_.GetURL(replacement_path)); |
369 CheckSecurityInfoForSecure( | 372 CheckSecurityInfoForSecure( |
370 browser()->tab_strip_model()->GetActiveWebContents(), | 373 browser()->tab_strip_model()->GetActiveWebContents(), |
371 SecurityStateModel::SECURE, SecurityStateModel::NO_DEPRECATED_SHA1, | 374 SecurityStateModel::SECURE, SecurityStateModel::NO_DEPRECATED_SHA1, |
372 SecurityStateModel::NO_MIXED_CONTENT, | 375 SecurityStateModel::NO_MIXED_CONTENT, false, |
373 false /* expect cert status error */); | 376 false /* expect cert status error */); |
374 // Load the insecure image. | 377 // Load the insecure image. |
375 bool js_result = false; | 378 bool js_result = false; |
376 EXPECT_TRUE(content::ExecuteScriptAndExtractBool( | 379 EXPECT_TRUE(content::ExecuteScriptAndExtractBool( |
377 browser()->tab_strip_model()->GetActiveWebContents(), "loadBadImage();", | 380 browser()->tab_strip_model()->GetActiveWebContents(), "loadBadImage();", |
378 &js_result)); | 381 &js_result)); |
379 EXPECT_TRUE(js_result); | 382 EXPECT_TRUE(js_result); |
380 CheckSecurityInfoForSecure( | 383 CheckSecurityInfoForSecure( |
381 browser()->tab_strip_model()->GetActiveWebContents(), | 384 browser()->tab_strip_model()->GetActiveWebContents(), |
382 SecurityStateModel::NONE, SecurityStateModel::NO_DEPRECATED_SHA1, | 385 SecurityStateModel::NONE, SecurityStateModel::NO_DEPRECATED_SHA1, |
383 SecurityStateModel::DISPLAYED_MIXED_CONTENT, | 386 SecurityStateModel::DISPLAYED_MIXED_CONTENT, false, |
384 false /* expect cert status error */); | 387 false /* expect cert status error */); |
385 | 388 |
386 // Navigate to an HTTPS page that runs mixed content. | 389 // Navigate to an HTTPS page that runs mixed content. |
387 GetFilePathWithHostAndPortReplacement( | 390 GetFilePathWithHostAndPortReplacement( |
388 "/ssl/page_runs_insecure_content.html", | 391 "/ssl/page_runs_insecure_content.html", |
389 replacement_pair, &replacement_path); | 392 replacement_pair, &replacement_path); |
390 ui_test_utils::NavigateToURL(browser(), | 393 ui_test_utils::NavigateToURL(browser(), |
391 https_server_.GetURL(replacement_path)); | 394 https_server_.GetURL(replacement_path)); |
392 CheckSecurityInfoForSecure( | 395 CheckSecurityInfoForSecure( |
393 browser()->tab_strip_model()->GetActiveWebContents(), | 396 browser()->tab_strip_model()->GetActiveWebContents(), |
394 SecurityStateModel::SECURITY_ERROR, | 397 SecurityStateModel::SECURITY_ERROR, |
395 SecurityStateModel::NO_DEPRECATED_SHA1, | 398 SecurityStateModel::NO_DEPRECATED_SHA1, |
396 SecurityStateModel::RAN_MIXED_CONTENT, | 399 SecurityStateModel::RAN_MIXED_CONTENT, false, |
397 false /* expect cert status error */); | 400 false /* expect cert status error */); |
398 | 401 |
399 // Navigate to an HTTPS page that runs and displays mixed content. | 402 // Navigate to an HTTPS page that runs and displays mixed content. |
400 GetFilePathWithHostAndPortReplacement( | 403 GetFilePathWithHostAndPortReplacement( |
401 "/ssl/page_runs_and_displays_insecure_content.html", | 404 "/ssl/page_runs_and_displays_insecure_content.html", |
402 replacement_pair, &replacement_path); | 405 replacement_pair, &replacement_path); |
403 ui_test_utils::NavigateToURL(browser(), | 406 ui_test_utils::NavigateToURL(browser(), |
404 https_server_.GetURL(replacement_path)); | 407 https_server_.GetURL(replacement_path)); |
405 CheckSecurityInfoForSecure( | 408 CheckSecurityInfoForSecure( |
406 browser()->tab_strip_model()->GetActiveWebContents(), | 409 browser()->tab_strip_model()->GetActiveWebContents(), |
407 SecurityStateModel::SECURITY_ERROR, | 410 SecurityStateModel::SECURITY_ERROR, |
408 SecurityStateModel::NO_DEPRECATED_SHA1, | 411 SecurityStateModel::NO_DEPRECATED_SHA1, |
409 SecurityStateModel::RAN_AND_DISPLAYED_MIXED_CONTENT, | 412 SecurityStateModel::RAN_AND_DISPLAYED_MIXED_CONTENT, false, |
410 false /* expect cert status error */); | 413 false /* expect cert status error */); |
411 | 414 |
412 // Navigate to an HTTPS page that runs mixed content in an iframe. | 415 // Navigate to an HTTPS page that runs mixed content in an iframe. |
413 net::HostPortPair host_port_pair = | 416 net::HostPortPair host_port_pair = |
414 net::HostPortPair::FromURL(https_server_.GetURL("/")); | 417 net::HostPortPair::FromURL(https_server_.GetURL("/")); |
415 host_port_pair.set_host("different-host.test"); | 418 host_port_pair.set_host("different-host.test"); |
416 host_resolver()->AddRule("different-host.test", | 419 host_resolver()->AddRule("different-host.test", |
417 https_server_.GetURL("/").host()); | 420 https_server_.GetURL("/").host()); |
418 host_resolver()->AddRule("different-http-host.test", | 421 host_resolver()->AddRule("different-http-host.test", |
419 embedded_test_server()->GetURL("/").host()); | 422 embedded_test_server()->GetURL("/").host()); |
420 GetFilePathWithHostAndPortReplacement( | 423 GetFilePathWithHostAndPortReplacement( |
421 "/ssl/page_runs_insecure_content_in_iframe.html", host_port_pair, | 424 "/ssl/page_runs_insecure_content_in_iframe.html", host_port_pair, |
422 &replacement_path); | 425 &replacement_path); |
423 ui_test_utils::NavigateToURL(browser(), | 426 ui_test_utils::NavigateToURL(browser(), |
424 https_server_.GetURL(replacement_path)); | 427 https_server_.GetURL(replacement_path)); |
425 CheckSecurityInfoForSecure( | 428 CheckSecurityInfoForSecure( |
426 browser()->tab_strip_model()->GetActiveWebContents(), | 429 browser()->tab_strip_model()->GetActiveWebContents(), |
427 SecurityStateModel::SECURITY_ERROR, | 430 SecurityStateModel::SECURITY_ERROR, |
428 SecurityStateModel::NO_DEPRECATED_SHA1, | 431 SecurityStateModel::NO_DEPRECATED_SHA1, |
429 SecurityStateModel::RAN_MIXED_CONTENT, | 432 SecurityStateModel::RAN_MIXED_CONTENT, false, |
430 false /* expect cert status error */); | 433 false /* expect cert status error */); |
431 } | 434 } |
432 | 435 |
433 // Same as the test above but with a long-lived SHA1 cert. | 436 // Same as the test above but with a long-lived SHA1 cert. |
434 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, | 437 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, |
435 MixedContentWithBrokenSHA1) { | 438 MixedContentWithBrokenSHA1) { |
436 ASSERT_TRUE(embedded_test_server()->Start()); | 439 ASSERT_TRUE(embedded_test_server()->Start()); |
437 ASSERT_TRUE(https_server_.Start()); | 440 ASSERT_TRUE(https_server_.Start()); |
438 // The test server uses a long-lived cert by default, so a SHA1 | 441 // The test server uses a long-lived cert by default, so a SHA1 |
439 // signature in it will register as a "broken" condition rather than | 442 // signature in it will register as a "broken" condition rather than |
(...skipping 11 matching lines...) Expand all Loading... |
451 std::string replacement_path; | 454 std::string replacement_path; |
452 GetFilePathWithHostAndPortReplacement( | 455 GetFilePathWithHostAndPortReplacement( |
453 "/ssl/page_displays_insecure_content.html", | 456 "/ssl/page_displays_insecure_content.html", |
454 replacement_pair, &replacement_path); | 457 replacement_pair, &replacement_path); |
455 ui_test_utils::NavigateToURL(browser(), | 458 ui_test_utils::NavigateToURL(browser(), |
456 https_server_.GetURL(replacement_path)); | 459 https_server_.GetURL(replacement_path)); |
457 CheckSecurityInfoForSecure( | 460 CheckSecurityInfoForSecure( |
458 browser()->tab_strip_model()->GetActiveWebContents(), | 461 browser()->tab_strip_model()->GetActiveWebContents(), |
459 SecurityStateModel::SECURITY_ERROR, | 462 SecurityStateModel::SECURITY_ERROR, |
460 SecurityStateModel::DEPRECATED_SHA1_MAJOR, | 463 SecurityStateModel::DEPRECATED_SHA1_MAJOR, |
461 SecurityStateModel::DISPLAYED_MIXED_CONTENT, | 464 SecurityStateModel::DISPLAYED_MIXED_CONTENT, false, |
462 false /* expect cert status error */); | 465 false /* expect cert status error */); |
463 | 466 |
464 // Navigate to an HTTPS page that displays mixed content dynamically. | 467 // Navigate to an HTTPS page that displays mixed content dynamically. |
465 GetFilePathWithHostAndPortReplacement( | 468 GetFilePathWithHostAndPortReplacement( |
466 "/ssl/page_with_dynamic_insecure_content.html", | 469 "/ssl/page_with_dynamic_insecure_content.html", |
467 replacement_pair, &replacement_path); | 470 replacement_pair, &replacement_path); |
468 ui_test_utils::NavigateToURL(browser(), | 471 ui_test_utils::NavigateToURL(browser(), |
469 https_server_.GetURL(replacement_path)); | 472 https_server_.GetURL(replacement_path)); |
470 CheckSecurityInfoForSecure( | 473 CheckSecurityInfoForSecure( |
471 browser()->tab_strip_model()->GetActiveWebContents(), | 474 browser()->tab_strip_model()->GetActiveWebContents(), |
472 SecurityStateModel::SECURITY_ERROR, | 475 SecurityStateModel::SECURITY_ERROR, |
473 SecurityStateModel::DEPRECATED_SHA1_MAJOR, | 476 SecurityStateModel::DEPRECATED_SHA1_MAJOR, |
474 SecurityStateModel::NO_MIXED_CONTENT, | 477 SecurityStateModel::NO_MIXED_CONTENT, false, |
475 false /* expect cert status error */); | 478 false /* expect cert status error */); |
476 // Load the insecure image. | 479 // Load the insecure image. |
477 bool js_result = false; | 480 bool js_result = false; |
478 EXPECT_TRUE(content::ExecuteScriptAndExtractBool( | 481 EXPECT_TRUE(content::ExecuteScriptAndExtractBool( |
479 browser()->tab_strip_model()->GetActiveWebContents(), "loadBadImage();", | 482 browser()->tab_strip_model()->GetActiveWebContents(), "loadBadImage();", |
480 &js_result)); | 483 &js_result)); |
481 EXPECT_TRUE(js_result); | 484 EXPECT_TRUE(js_result); |
482 CheckSecurityInfoForSecure( | 485 CheckSecurityInfoForSecure( |
483 browser()->tab_strip_model()->GetActiveWebContents(), | 486 browser()->tab_strip_model()->GetActiveWebContents(), |
484 SecurityStateModel::SECURITY_ERROR, | 487 SecurityStateModel::SECURITY_ERROR, |
485 SecurityStateModel::DEPRECATED_SHA1_MAJOR, | 488 SecurityStateModel::DEPRECATED_SHA1_MAJOR, |
486 SecurityStateModel::DISPLAYED_MIXED_CONTENT, | 489 SecurityStateModel::DISPLAYED_MIXED_CONTENT, false, |
487 false /* expect cert status error */); | 490 false /* expect cert status error */); |
488 | 491 |
489 // Navigate to an HTTPS page that runs mixed content. | 492 // Navigate to an HTTPS page that runs mixed content. |
490 GetFilePathWithHostAndPortReplacement( | 493 GetFilePathWithHostAndPortReplacement( |
491 "/ssl/page_runs_insecure_content.html", | 494 "/ssl/page_runs_insecure_content.html", |
492 replacement_pair, &replacement_path); | 495 replacement_pair, &replacement_path); |
493 ui_test_utils::NavigateToURL(browser(), | 496 ui_test_utils::NavigateToURL(browser(), |
494 https_server_.GetURL(replacement_path)); | 497 https_server_.GetURL(replacement_path)); |
495 CheckSecurityInfoForSecure( | 498 CheckSecurityInfoForSecure( |
496 browser()->tab_strip_model()->GetActiveWebContents(), | 499 browser()->tab_strip_model()->GetActiveWebContents(), |
497 SecurityStateModel::SECURITY_ERROR, | 500 SecurityStateModel::SECURITY_ERROR, |
498 SecurityStateModel::DEPRECATED_SHA1_MAJOR, | 501 SecurityStateModel::DEPRECATED_SHA1_MAJOR, |
499 SecurityStateModel::RAN_MIXED_CONTENT, | 502 SecurityStateModel::RAN_MIXED_CONTENT, false, |
500 false /* expect cert status error */); | 503 false /* expect cert status error */); |
501 | 504 |
502 // Navigate to an HTTPS page that runs and displays mixed content. | 505 // Navigate to an HTTPS page that runs and displays mixed content. |
503 GetFilePathWithHostAndPortReplacement( | 506 GetFilePathWithHostAndPortReplacement( |
504 "/ssl/page_runs_and_displays_insecure_content.html", | 507 "/ssl/page_runs_and_displays_insecure_content.html", |
505 replacement_pair, &replacement_path); | 508 replacement_pair, &replacement_path); |
506 ui_test_utils::NavigateToURL(browser(), | 509 ui_test_utils::NavigateToURL(browser(), |
507 https_server_.GetURL(replacement_path)); | 510 https_server_.GetURL(replacement_path)); |
508 CheckSecurityInfoForSecure( | 511 CheckSecurityInfoForSecure( |
509 browser()->tab_strip_model()->GetActiveWebContents(), | 512 browser()->tab_strip_model()->GetActiveWebContents(), |
510 SecurityStateModel::SECURITY_ERROR, | 513 SecurityStateModel::SECURITY_ERROR, |
511 SecurityStateModel::DEPRECATED_SHA1_MAJOR, | 514 SecurityStateModel::DEPRECATED_SHA1_MAJOR, |
512 SecurityStateModel::RAN_AND_DISPLAYED_MIXED_CONTENT, | 515 SecurityStateModel::RAN_AND_DISPLAYED_MIXED_CONTENT, false, |
513 false /* expect cert status error */); | 516 false /* expect cert status error */); |
514 } | 517 } |
515 | 518 |
516 // Tests that the Content Security Policy block-all-mixed-content | 519 // Tests that the Content Security Policy block-all-mixed-content |
517 // directive stops mixed content from running. | 520 // directive stops mixed content from running. |
518 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, | 521 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, |
519 MixedContentStrictBlocking) { | 522 MixedContentStrictBlocking) { |
520 ASSERT_TRUE(https_server_.Start()); | 523 ASSERT_TRUE(https_server_.Start()); |
521 SetUpMockCertVerifierForHttpsServer(0, net::OK); | 524 SetUpMockCertVerifierForHttpsServer(0, net::OK); |
522 | 525 |
523 // Navigate to an HTTPS page that tries to run mixed content in an | 526 // Navigate to an HTTPS page that tries to run mixed content in an |
524 // iframe, with strict mixed content blocking. | 527 // iframe, with strict mixed content blocking. |
525 std::string replacement_path; | 528 std::string replacement_path; |
526 net::HostPortPair host_port_pair = | 529 net::HostPortPair host_port_pair = |
527 net::HostPortPair::FromURL(https_server_.GetURL("/")); | 530 net::HostPortPair::FromURL(https_server_.GetURL("/")); |
528 host_port_pair.set_host("different-host.test"); | 531 host_port_pair.set_host("different-host.test"); |
529 host_resolver()->AddRule("different-host.test", | 532 host_resolver()->AddRule("different-host.test", |
530 https_server_.GetURL("/").host()); | 533 https_server_.GetURL("/").host()); |
531 GetFilePathWithHostAndPortReplacement( | 534 GetFilePathWithHostAndPortReplacement( |
532 "/ssl/page_runs_insecure_content_in_iframe_with_strict_blocking.html", | 535 "/ssl/page_runs_insecure_content_in_iframe_with_strict_blocking.html", |
533 host_port_pair, &replacement_path); | 536 host_port_pair, &replacement_path); |
534 ui_test_utils::NavigateToURL(browser(), | 537 ui_test_utils::NavigateToURL(browser(), |
535 https_server_.GetURL(replacement_path)); | 538 https_server_.GetURL(replacement_path)); |
536 CheckSecurityInfoForSecure( | 539 CheckSecurityInfoForSecure( |
537 browser()->tab_strip_model()->GetActiveWebContents(), | 540 browser()->tab_strip_model()->GetActiveWebContents(), |
538 SecurityStateModel::SECURE, SecurityStateModel::NO_DEPRECATED_SHA1, | 541 SecurityStateModel::SECURE, SecurityStateModel::NO_DEPRECATED_SHA1, |
539 SecurityStateModel::NO_MIXED_CONTENT, | 542 SecurityStateModel::NO_MIXED_CONTENT, false, |
540 false /* expect cert status error */); | 543 false /* expect cert status error */); |
541 } | 544 } |
542 | 545 |
543 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, BrokenHTTPS) { | 546 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, BrokenHTTPS) { |
544 ASSERT_TRUE(embedded_test_server()->Start()); | 547 ASSERT_TRUE(embedded_test_server()->Start()); |
545 ASSERT_TRUE(https_server_.Start()); | 548 ASSERT_TRUE(https_server_.Start()); |
546 SetUpMockCertVerifierForHttpsServer(net::CERT_STATUS_DATE_INVALID, | 549 SetUpMockCertVerifierForHttpsServer(net::CERT_STATUS_DATE_INVALID, |
547 net::ERR_CERT_DATE_INVALID); | 550 net::ERR_CERT_DATE_INVALID); |
548 | 551 |
549 ui_test_utils::NavigateToURL(browser(), | 552 ui_test_utils::NavigateToURL(browser(), |
550 https_server_.GetURL("/ssl/google.html")); | 553 https_server_.GetURL("/ssl/google.html")); |
551 CheckSecurityInfoForSecure( | 554 CheckSecurityInfoForSecure( |
552 browser()->tab_strip_model()->GetActiveWebContents(), | 555 browser()->tab_strip_model()->GetActiveWebContents(), |
553 SecurityStateModel::SECURITY_ERROR, | 556 SecurityStateModel::SECURITY_ERROR, |
554 SecurityStateModel::NO_DEPRECATED_SHA1, | 557 SecurityStateModel::NO_DEPRECATED_SHA1, |
555 SecurityStateModel::NO_MIXED_CONTENT, | 558 SecurityStateModel::NO_MIXED_CONTENT, false, |
556 true /* expect cert status error */); | 559 true /* expect cert status error */); |
557 | 560 |
558 ProceedThroughInterstitial( | 561 ProceedThroughInterstitial( |
559 browser()->tab_strip_model()->GetActiveWebContents()); | 562 browser()->tab_strip_model()->GetActiveWebContents()); |
560 | 563 |
561 CheckSecurityInfoForSecure( | 564 CheckSecurityInfoForSecure( |
562 browser()->tab_strip_model()->GetActiveWebContents(), | 565 browser()->tab_strip_model()->GetActiveWebContents(), |
563 SecurityStateModel::SECURITY_ERROR, | 566 SecurityStateModel::SECURITY_ERROR, |
564 SecurityStateModel::NO_DEPRECATED_SHA1, | 567 SecurityStateModel::NO_DEPRECATED_SHA1, |
565 SecurityStateModel::NO_MIXED_CONTENT, | 568 SecurityStateModel::NO_MIXED_CONTENT, false, |
566 true /* expect cert status error */); | 569 true /* expect cert status error */); |
567 | 570 |
568 // Navigate to a broken HTTPS page that displays mixed content. | 571 // Navigate to a broken HTTPS page that displays mixed content. |
569 std::string replacement_path; | 572 std::string replacement_path; |
570 GetFilePathWithHostAndPortReplacement( | 573 GetFilePathWithHostAndPortReplacement( |
571 "/ssl/page_displays_insecure_content.html", | 574 "/ssl/page_displays_insecure_content.html", |
572 embedded_test_server()->host_port_pair(), &replacement_path); | 575 embedded_test_server()->host_port_pair(), &replacement_path); |
573 ui_test_utils::NavigateToURL(browser(), | 576 ui_test_utils::NavigateToURL(browser(), |
574 https_server_.GetURL(replacement_path)); | 577 https_server_.GetURL(replacement_path)); |
575 CheckSecurityInfoForSecure( | 578 CheckSecurityInfoForSecure( |
576 browser()->tab_strip_model()->GetActiveWebContents(), | 579 browser()->tab_strip_model()->GetActiveWebContents(), |
577 SecurityStateModel::SECURITY_ERROR, | 580 SecurityStateModel::SECURITY_ERROR, |
578 SecurityStateModel::NO_DEPRECATED_SHA1, | 581 SecurityStateModel::NO_DEPRECATED_SHA1, |
579 SecurityStateModel::DISPLAYED_MIXED_CONTENT, | 582 SecurityStateModel::DISPLAYED_MIXED_CONTENT, false, |
580 true /* expect cert status error */); | 583 true /* expect cert status error */); |
581 } | 584 } |
582 | 585 |
| 586 const char kReportURI[] = "https://report-hpkp.test"; |
| 587 |
| 588 class PKPModelClientTest : public ChromeSecurityStateModelClientTest { |
| 589 public: |
| 590 void SetUpOnMainThread() override { |
| 591 ASSERT_TRUE(https_server_.Start()); |
| 592 url_request_context_getter_ = browser()->profile()->GetRequestContext(); |
| 593 content::BrowserThread::PostTask( |
| 594 content::BrowserThread::IO, FROM_HERE, |
| 595 base::Bind(&PKPModelClientTest::SetUpOnIOThread, this)); |
| 596 } |
| 597 |
| 598 void SetUpOnIOThread() { |
| 599 net::URLRequestContext* request_context = |
| 600 url_request_context_getter_->GetURLRequestContext(); |
| 601 net::TransportSecurityState* security_state = |
| 602 request_context->transport_security_state(); |
| 603 |
| 604 base::Time expiration = |
| 605 base::Time::Now() + base::TimeDelta::FromSeconds(10000); |
| 606 |
| 607 net::HashValue hash(net::HASH_VALUE_SHA256); |
| 608 memset(hash.data(), 0x99, hash.size()); |
| 609 net::HashValueVector hashes; |
| 610 hashes.push_back(hash); |
| 611 |
| 612 security_state->AddHPKP(https_server_.host_port_pair().host(), expiration, |
| 613 true, hashes, GURL(kReportURI)); |
| 614 } |
| 615 |
| 616 protected: |
| 617 scoped_refptr<net::URLRequestContextGetter> url_request_context_getter_; |
| 618 }; |
| 619 |
| 620 IN_PROC_BROWSER_TEST_F(PKPModelClientTest, PKPBypass) { |
| 621 content::WebContents* web_contents = |
| 622 browser()->tab_strip_model()->GetActiveWebContents(); |
| 623 SecurityStyleTestObserver observer(web_contents); |
| 624 |
| 625 scoped_refptr<net::X509Certificate> cert(https_server_.GetCertificate()); |
| 626 net::CertVerifyResult verify_result; |
| 627 // PKP is bypassed when |is_issued_by_known_root| is false. |
| 628 verify_result.is_issued_by_known_root = false; |
| 629 verify_result.verified_cert = cert; |
| 630 net::HashValue hash(net::HASH_VALUE_SHA256); |
| 631 memset(hash.data(), 1, hash.size()); |
| 632 verify_result.public_key_hashes.push_back(hash); |
| 633 |
| 634 mock_cert_verifier()->AddResultForCert(cert.get(), verify_result, net::OK); |
| 635 |
| 636 ui_test_utils::NavigateToURL(browser(), |
| 637 https_server_.GetURL("/ssl/google.html")); |
| 638 |
| 639 CheckSecurityInfoForSecure( |
| 640 browser()->tab_strip_model()->GetActiveWebContents(), |
| 641 SecurityStateModel::SECURE, SecurityStateModel::NO_DEPRECATED_SHA1, |
| 642 SecurityStateModel::NO_MIXED_CONTENT, true, false); |
| 643 |
| 644 const content::SecurityStyleExplanations& explanation = |
| 645 observer.latest_explanations(); |
| 646 EXPECT_TRUE(explanation.pkp_bypassed); |
| 647 } |
| 648 |
| 649 IN_PROC_BROWSER_TEST_F(PKPModelClientTest, PKPEnforced) { |
| 650 content::WebContents* web_contents = |
| 651 browser()->tab_strip_model()->GetActiveWebContents(); |
| 652 SecurityStyleTestObserver observer(web_contents); |
| 653 |
| 654 scoped_refptr<net::X509Certificate> cert(https_server_.GetCertificate()); |
| 655 net::CertVerifyResult verify_result; |
| 656 // PKP requires |is_issued_by_known_root| to be true. |
| 657 verify_result.is_issued_by_known_root = true; |
| 658 verify_result.verified_cert = cert; |
| 659 net::HashValue hash(net::HASH_VALUE_SHA256); |
| 660 memset(hash.data(), 1, hash.size()); |
| 661 verify_result.public_key_hashes.push_back(hash); |
| 662 |
| 663 mock_cert_verifier()->AddResultForCert(cert.get(), verify_result, net::OK); |
| 664 |
| 665 ui_test_utils::NavigateToURL(browser(), |
| 666 https_server_.GetURL("/ssl/google.html")); |
| 667 CheckBrokenSecurityStyle(observer, net::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN, |
| 668 browser()); |
| 669 } |
| 670 |
583 // Fails requests with ERR_IO_PENDING. Can be used to simulate a navigation | 671 // Fails requests with ERR_IO_PENDING. Can be used to simulate a navigation |
584 // that never stops loading. | 672 // that never stops loading. |
585 class PendingJobInterceptor : public net::URLRequestInterceptor { | 673 class PendingJobInterceptor : public net::URLRequestInterceptor { |
586 public: | 674 public: |
587 PendingJobInterceptor() {} | 675 PendingJobInterceptor() {} |
588 ~PendingJobInterceptor() override {} | 676 ~PendingJobInterceptor() override {} |
589 | 677 |
590 // URLRequestInterceptor implementation | 678 // URLRequestInterceptor implementation |
591 net::URLRequestJob* MaybeInterceptRequest( | 679 net::URLRequestJob* MaybeInterceptRequest( |
592 net::URLRequest* request, | 680 net::URLRequest* request, |
(...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
630 IN_PROC_BROWSER_TEST_F(SecurityStateModelLoadingTest, NavigationStateChanges) { | 718 IN_PROC_BROWSER_TEST_F(SecurityStateModelLoadingTest, NavigationStateChanges) { |
631 ASSERT_TRUE(https_server_.Start()); | 719 ASSERT_TRUE(https_server_.Start()); |
632 SetUpMockCertVerifierForHttpsServer(0, net::OK); | 720 SetUpMockCertVerifierForHttpsServer(0, net::OK); |
633 | 721 |
634 // Navigate to an HTTPS page. | 722 // Navigate to an HTTPS page. |
635 ui_test_utils::NavigateToURL(browser(), | 723 ui_test_utils::NavigateToURL(browser(), |
636 https_server_.GetURL("/ssl/google.html")); | 724 https_server_.GetURL("/ssl/google.html")); |
637 CheckSecurityInfoForSecure( | 725 CheckSecurityInfoForSecure( |
638 browser()->tab_strip_model()->GetActiveWebContents(), | 726 browser()->tab_strip_model()->GetActiveWebContents(), |
639 SecurityStateModel::SECURE, SecurityStateModel::NO_DEPRECATED_SHA1, | 727 SecurityStateModel::SECURE, SecurityStateModel::NO_DEPRECATED_SHA1, |
640 SecurityStateModel::NO_MIXED_CONTENT, | 728 SecurityStateModel::NO_MIXED_CONTENT, false, |
641 false /* expect cert status error */); | 729 false /* expect cert status error */); |
642 | 730 |
643 // Navigate to a page that doesn't finish loading. Test that the | 731 // Navigate to a page that doesn't finish loading. Test that the |
644 // security state is neutral while the page is loading. | 732 // security state is neutral while the page is loading. |
645 browser()->OpenURL(content::OpenURLParams(embedded_test_server()->GetURL("/"), | 733 browser()->OpenURL(content::OpenURLParams(embedded_test_server()->GetURL("/"), |
646 content::Referrer(), CURRENT_TAB, | 734 content::Referrer(), CURRENT_TAB, |
647 ui::PAGE_TRANSITION_TYPED, false)); | 735 ui::PAGE_TRANSITION_TYPED, false)); |
648 CheckSecurityInfoForNonSecure( | 736 CheckSecurityInfoForNonSecure( |
649 browser()->tab_strip_model()->GetActiveWebContents()); | 737 browser()->tab_strip_model()->GetActiveWebContents()); |
650 } | 738 } |
(...skipping 11 matching lines...) Expand all Loading... |
662 content::WebContents* new_contents = content::WebContents::Create( | 750 content::WebContents* new_contents = content::WebContents::Create( |
663 content::WebContents::CreateParams(tab->GetBrowserContext())); | 751 content::WebContents::CreateParams(tab->GetBrowserContext())); |
664 content::NavigationController& controller = new_contents->GetController(); | 752 content::NavigationController& controller = new_contents->GetController(); |
665 ChromeSecurityStateModelClient::CreateForWebContents(new_contents); | 753 ChromeSecurityStateModelClient::CreateForWebContents(new_contents); |
666 CheckSecurityInfoForNonSecure(new_contents); | 754 CheckSecurityInfoForNonSecure(new_contents); |
667 controller.LoadURL(https_server_.GetURL("/"), content::Referrer(), | 755 controller.LoadURL(https_server_.GetURL("/"), content::Referrer(), |
668 ui::PAGE_TRANSITION_TYPED, std::string()); | 756 ui::PAGE_TRANSITION_TYPED, std::string()); |
669 EXPECT_TRUE(content::WaitForLoadStop(new_contents)); | 757 EXPECT_TRUE(content::WaitForLoadStop(new_contents)); |
670 CheckSecurityInfoForSecure(new_contents, SecurityStateModel::SECURE, | 758 CheckSecurityInfoForSecure(new_contents, SecurityStateModel::SECURE, |
671 SecurityStateModel::NO_DEPRECATED_SHA1, | 759 SecurityStateModel::NO_DEPRECATED_SHA1, |
672 SecurityStateModel::NO_MIXED_CONTENT, | 760 SecurityStateModel::NO_MIXED_CONTENT, false, |
673 false /* expect cert status error */); | 761 false /* expect cert status error */); |
674 | 762 |
675 browser()->tab_strip_model()->InsertWebContentsAt(0, new_contents, | 763 browser()->tab_strip_model()->InsertWebContentsAt(0, new_contents, |
676 TabStripModel::ADD_NONE); | 764 TabStripModel::ADD_NONE); |
677 CheckSecurityInfoForSecure(new_contents, SecurityStateModel::SECURE, | 765 CheckSecurityInfoForSecure(new_contents, SecurityStateModel::SECURE, |
678 SecurityStateModel::NO_DEPRECATED_SHA1, | 766 SecurityStateModel::NO_DEPRECATED_SHA1, |
679 SecurityStateModel::NO_MIXED_CONTENT, | 767 SecurityStateModel::NO_MIXED_CONTENT, false, |
680 false /* expect cert status error */); | 768 false /* expect cert status error */); |
681 } | 769 } |
682 | 770 |
683 // Tests that the WebContentsObserver::SecurityStyleChanged event fires | 771 // Tests that the WebContentsObserver::SecurityStyleChanged event fires |
684 // with the current style on HTTP, broken HTTPS, and valid HTTPS pages. | 772 // with the current style on HTTP, broken HTTPS, and valid HTTPS pages. |
685 IN_PROC_BROWSER_TEST_F(SecurityStyleChangedTest, SecurityStyleChangedObserver) { | 773 IN_PROC_BROWSER_TEST_F(SecurityStyleChangedTest, SecurityStyleChangedObserver) { |
686 ASSERT_TRUE(https_server_.Start()); | 774 ASSERT_TRUE(https_server_.Start()); |
687 ASSERT_TRUE(embedded_test_server()->Start()); | 775 ASSERT_TRUE(embedded_test_server()->Start()); |
688 | 776 |
689 net::EmbeddedTestServer https_test_server_expired( | 777 net::EmbeddedTestServer https_test_server_expired( |
(...skipping 10 matching lines...) Expand all Loading... |
700 // Visit an HTTP url. | 788 // Visit an HTTP url. |
701 GURL http_url(embedded_test_server()->GetURL("/")); | 789 GURL http_url(embedded_test_server()->GetURL("/")); |
702 ui_test_utils::NavigateToURL(browser(), http_url); | 790 ui_test_utils::NavigateToURL(browser(), http_url); |
703 EXPECT_EQ(content::SECURITY_STYLE_UNAUTHENTICATED, | 791 EXPECT_EQ(content::SECURITY_STYLE_UNAUTHENTICATED, |
704 observer.latest_security_style()); | 792 observer.latest_security_style()); |
705 EXPECT_EQ(0u, | 793 EXPECT_EQ(0u, |
706 observer.latest_explanations().unauthenticated_explanations.size()); | 794 observer.latest_explanations().unauthenticated_explanations.size()); |
707 EXPECT_EQ(0u, observer.latest_explanations().broken_explanations.size()); | 795 EXPECT_EQ(0u, observer.latest_explanations().broken_explanations.size()); |
708 EXPECT_EQ(0u, observer.latest_explanations().secure_explanations.size()); | 796 EXPECT_EQ(0u, observer.latest_explanations().secure_explanations.size()); |
709 EXPECT_FALSE(observer.latest_explanations().scheme_is_cryptographic); | 797 EXPECT_FALSE(observer.latest_explanations().scheme_is_cryptographic); |
| 798 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); |
710 EXPECT_FALSE(observer.latest_explanations().ran_insecure_content); | 799 EXPECT_FALSE(observer.latest_explanations().ran_insecure_content); |
711 EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content); | 800 EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content); |
712 | 801 |
713 // Visit an (otherwise valid) HTTPS page that displays mixed content. | 802 // Visit an (otherwise valid) HTTPS page that displays mixed content. |
714 std::string replacement_path; | 803 std::string replacement_path; |
715 GetFilePathWithHostAndPortReplacement( | 804 GetFilePathWithHostAndPortReplacement( |
716 "/ssl/page_displays_insecure_content.html", | 805 "/ssl/page_displays_insecure_content.html", |
717 embedded_test_server()->host_port_pair(), &replacement_path); | 806 embedded_test_server()->host_port_pair(), &replacement_path); |
718 | 807 |
719 GURL mixed_content_url(https_server_.GetURL(replacement_path)); | 808 GURL mixed_content_url(https_server_.GetURL(replacement_path)); |
720 ui_test_utils::NavigateToURL(browser(), mixed_content_url); | 809 ui_test_utils::NavigateToURL(browser(), mixed_content_url); |
721 EXPECT_EQ(content::SECURITY_STYLE_UNAUTHENTICATED, | 810 EXPECT_EQ(content::SECURITY_STYLE_UNAUTHENTICATED, |
722 observer.latest_security_style()); | 811 observer.latest_security_style()); |
723 | 812 |
724 const content::SecurityStyleExplanations& mixed_content_explanation = | 813 const content::SecurityStyleExplanations& mixed_content_explanation = |
725 observer.latest_explanations(); | 814 observer.latest_explanations(); |
726 ASSERT_EQ(0u, mixed_content_explanation.unauthenticated_explanations.size()); | 815 ASSERT_EQ(0u, mixed_content_explanation.unauthenticated_explanations.size()); |
727 ASSERT_EQ(0u, mixed_content_explanation.broken_explanations.size()); | 816 ASSERT_EQ(0u, mixed_content_explanation.broken_explanations.size()); |
728 CheckSecureExplanations(mixed_content_explanation.secure_explanations, | 817 CheckSecureExplanations(mixed_content_explanation.secure_explanations, |
729 VALID_CERTIFICATE, browser()); | 818 VALID_CERTIFICATE, browser()); |
730 EXPECT_TRUE(mixed_content_explanation.scheme_is_cryptographic); | 819 EXPECT_TRUE(mixed_content_explanation.scheme_is_cryptographic); |
| 820 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); |
731 EXPECT_TRUE(mixed_content_explanation.displayed_insecure_content); | 821 EXPECT_TRUE(mixed_content_explanation.displayed_insecure_content); |
732 EXPECT_FALSE(mixed_content_explanation.ran_insecure_content); | 822 EXPECT_FALSE(mixed_content_explanation.ran_insecure_content); |
733 EXPECT_EQ(content::SECURITY_STYLE_UNAUTHENTICATED, | 823 EXPECT_EQ(content::SECURITY_STYLE_UNAUTHENTICATED, |
734 mixed_content_explanation.displayed_insecure_content_style); | 824 mixed_content_explanation.displayed_insecure_content_style); |
735 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATION_BROKEN, | 825 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATION_BROKEN, |
736 mixed_content_explanation.ran_insecure_content_style); | 826 mixed_content_explanation.ran_insecure_content_style); |
737 | 827 |
738 // Visit a broken HTTPS url. | 828 // Visit a broken HTTPS url. |
739 GURL expired_url(https_test_server_expired.GetURL(std::string("/"))); | 829 GURL expired_url(https_test_server_expired.GetURL(std::string("/"))); |
740 ui_test_utils::NavigateToURL(browser(), expired_url); | 830 ui_test_utils::NavigateToURL(browser(), expired_url); |
741 | 831 |
742 // An interstitial should show, and an event for the lock icon on the | 832 // An interstitial should show, and an event for the lock icon on the |
743 // interstitial should fire. | 833 // interstitial should fire. |
744 content::WaitForInterstitialAttach(web_contents); | 834 content::WaitForInterstitialAttach(web_contents); |
745 EXPECT_TRUE(web_contents->ShowingInterstitialPage()); | 835 EXPECT_TRUE(web_contents->ShowingInterstitialPage()); |
746 CheckBrokenSecurityStyle(observer, net::ERR_CERT_DATE_INVALID, browser()); | 836 CheckBrokenSecurityStyle(observer, net::ERR_CERT_DATE_INVALID, browser()); |
747 CheckSecureExplanations(observer.latest_explanations().secure_explanations, | 837 CheckSecureExplanations(observer.latest_explanations().secure_explanations, |
748 INVALID_CERTIFICATE, browser()); | 838 INVALID_CERTIFICATE, browser()); |
749 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); | 839 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); |
| 840 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); |
750 EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content); | 841 EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content); |
751 EXPECT_FALSE(observer.latest_explanations().ran_insecure_content); | 842 EXPECT_FALSE(observer.latest_explanations().ran_insecure_content); |
752 | 843 |
753 // Before clicking through, navigate to a different page, and then go | 844 // Before clicking through, navigate to a different page, and then go |
754 // back to the interstitial. | 845 // back to the interstitial. |
755 GURL valid_https_url(https_server_.GetURL(std::string("/"))); | 846 GURL valid_https_url(https_server_.GetURL(std::string("/"))); |
756 ui_test_utils::NavigateToURL(browser(), valid_https_url); | 847 ui_test_utils::NavigateToURL(browser(), valid_https_url); |
757 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATED, | 848 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATED, |
758 observer.latest_security_style()); | 849 observer.latest_security_style()); |
759 EXPECT_EQ(0u, | 850 EXPECT_EQ(0u, |
760 observer.latest_explanations().unauthenticated_explanations.size()); | 851 observer.latest_explanations().unauthenticated_explanations.size()); |
761 EXPECT_EQ(0u, observer.latest_explanations().broken_explanations.size()); | 852 EXPECT_EQ(0u, observer.latest_explanations().broken_explanations.size()); |
762 CheckSecureExplanations(observer.latest_explanations().secure_explanations, | 853 CheckSecureExplanations(observer.latest_explanations().secure_explanations, |
763 VALID_CERTIFICATE, browser()); | 854 VALID_CERTIFICATE, browser()); |
764 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); | 855 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); |
| 856 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); |
765 EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content); | 857 EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content); |
766 EXPECT_FALSE(observer.latest_explanations().ran_insecure_content); | 858 EXPECT_FALSE(observer.latest_explanations().ran_insecure_content); |
767 | 859 |
768 // After going back to the interstitial, an event for a broken lock | 860 // After going back to the interstitial, an event for a broken lock |
769 // icon should fire again. | 861 // icon should fire again. |
770 ui_test_utils::NavigateToURL(browser(), expired_url); | 862 ui_test_utils::NavigateToURL(browser(), expired_url); |
771 content::WaitForInterstitialAttach(web_contents); | 863 content::WaitForInterstitialAttach(web_contents); |
772 EXPECT_TRUE(web_contents->ShowingInterstitialPage()); | 864 EXPECT_TRUE(web_contents->ShowingInterstitialPage()); |
773 CheckBrokenSecurityStyle(observer, net::ERR_CERT_DATE_INVALID, browser()); | 865 CheckBrokenSecurityStyle(observer, net::ERR_CERT_DATE_INVALID, browser()); |
774 CheckSecureExplanations(observer.latest_explanations().secure_explanations, | 866 CheckSecureExplanations(observer.latest_explanations().secure_explanations, |
775 INVALID_CERTIFICATE, browser()); | 867 INVALID_CERTIFICATE, browser()); |
776 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); | 868 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); |
| 869 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); |
777 EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content); | 870 EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content); |
778 EXPECT_FALSE(observer.latest_explanations().ran_insecure_content); | 871 EXPECT_FALSE(observer.latest_explanations().ran_insecure_content); |
779 | 872 |
780 // Since the next expected style is the same as the previous, clear | 873 // Since the next expected style is the same as the previous, clear |
781 // the observer (to make sure that the event fires twice and we don't | 874 // the observer (to make sure that the event fires twice and we don't |
782 // just see the previous event's style). | 875 // just see the previous event's style). |
783 observer.ClearLatestSecurityStyleAndExplanations(); | 876 observer.ClearLatestSecurityStyleAndExplanations(); |
784 | 877 |
785 // Other conditions cannot be tested on this host after clicking | 878 // Other conditions cannot be tested on this host after clicking |
786 // through because once the interstitial is clicked through, all URLs | 879 // through because once the interstitial is clicked through, all URLs |
787 // for this host will remain in a broken state. | 880 // for this host will remain in a broken state. |
788 ProceedThroughInterstitial(web_contents); | 881 ProceedThroughInterstitial(web_contents); |
789 CheckBrokenSecurityStyle(observer, net::ERR_CERT_DATE_INVALID, browser()); | 882 CheckBrokenSecurityStyle(observer, net::ERR_CERT_DATE_INVALID, browser()); |
790 CheckSecureExplanations(observer.latest_explanations().secure_explanations, | 883 CheckSecureExplanations(observer.latest_explanations().secure_explanations, |
791 INVALID_CERTIFICATE, browser()); | 884 INVALID_CERTIFICATE, browser()); |
792 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); | 885 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); |
| 886 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); |
793 EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content); | 887 EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content); |
794 EXPECT_FALSE(observer.latest_explanations().ran_insecure_content); | 888 EXPECT_FALSE(observer.latest_explanations().ran_insecure_content); |
795 } | 889 } |
796 | 890 |
797 // Visit a valid HTTPS page, then a broken HTTPS page, and then go back, | 891 // Visit a valid HTTPS page, then a broken HTTPS page, and then go back, |
798 // and test that the observed security style matches. | 892 // and test that the observed security style matches. |
799 IN_PROC_BROWSER_TEST_F(SecurityStyleChangedTest, | 893 IN_PROC_BROWSER_TEST_F(SecurityStyleChangedTest, |
800 SecurityStyleChangedObserverGoBack) { | 894 SecurityStyleChangedObserverGoBack) { |
801 ASSERT_TRUE(https_server_.Start()); | 895 ASSERT_TRUE(https_server_.Start()); |
802 | 896 |
(...skipping 12 matching lines...) Expand all Loading... |
815 GURL valid_https_url(https_server_.GetURL(std::string("/"))); | 909 GURL valid_https_url(https_server_.GetURL(std::string("/"))); |
816 ui_test_utils::NavigateToURL(browser(), valid_https_url); | 910 ui_test_utils::NavigateToURL(browser(), valid_https_url); |
817 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATED, | 911 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATED, |
818 observer.latest_security_style()); | 912 observer.latest_security_style()); |
819 EXPECT_EQ(0u, | 913 EXPECT_EQ(0u, |
820 observer.latest_explanations().unauthenticated_explanations.size()); | 914 observer.latest_explanations().unauthenticated_explanations.size()); |
821 EXPECT_EQ(0u, observer.latest_explanations().broken_explanations.size()); | 915 EXPECT_EQ(0u, observer.latest_explanations().broken_explanations.size()); |
822 CheckSecureExplanations(observer.latest_explanations().secure_explanations, | 916 CheckSecureExplanations(observer.latest_explanations().secure_explanations, |
823 VALID_CERTIFICATE, browser()); | 917 VALID_CERTIFICATE, browser()); |
824 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); | 918 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); |
| 919 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); |
825 EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content); | 920 EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content); |
826 EXPECT_FALSE(observer.latest_explanations().ran_insecure_content); | 921 EXPECT_FALSE(observer.latest_explanations().ran_insecure_content); |
827 | 922 |
828 // Navigate to a bad HTTPS page on a different host, and then click | 923 // Navigate to a bad HTTPS page on a different host, and then click |
829 // Back to verify that the previous good security style is seen again. | 924 // Back to verify that the previous good security style is seen again. |
830 GURL expired_https_url(https_test_server_expired.GetURL(std::string("/"))); | 925 GURL expired_https_url(https_test_server_expired.GetURL(std::string("/"))); |
831 host_resolver()->AddRule("www.example_broken.test", "127.0.0.1"); | 926 host_resolver()->AddRule("www.example_broken.test", "127.0.0.1"); |
832 GURL::Replacements replace_host; | 927 GURL::Replacements replace_host; |
833 replace_host.SetHostStr("www.example_broken.test"); | 928 replace_host.SetHostStr("www.example_broken.test"); |
834 GURL https_url_different_host = | 929 GURL https_url_different_host = |
835 expired_https_url.ReplaceComponents(replace_host); | 930 expired_https_url.ReplaceComponents(replace_host); |
836 | 931 |
837 ui_test_utils::NavigateToURL(browser(), https_url_different_host); | 932 ui_test_utils::NavigateToURL(browser(), https_url_different_host); |
838 | 933 |
839 content::WaitForInterstitialAttach(web_contents); | 934 content::WaitForInterstitialAttach(web_contents); |
840 EXPECT_TRUE(web_contents->ShowingInterstitialPage()); | 935 EXPECT_TRUE(web_contents->ShowingInterstitialPage()); |
841 CheckBrokenSecurityStyle(observer, net::ERR_CERT_COMMON_NAME_INVALID, | 936 CheckBrokenSecurityStyle(observer, net::ERR_CERT_COMMON_NAME_INVALID, |
842 browser()); | 937 browser()); |
843 ProceedThroughInterstitial(web_contents); | 938 ProceedThroughInterstitial(web_contents); |
844 CheckBrokenSecurityStyle(observer, net::ERR_CERT_COMMON_NAME_INVALID, | 939 CheckBrokenSecurityStyle(observer, net::ERR_CERT_COMMON_NAME_INVALID, |
845 browser()); | 940 browser()); |
846 CheckSecureExplanations(observer.latest_explanations().secure_explanations, | 941 CheckSecureExplanations(observer.latest_explanations().secure_explanations, |
847 INVALID_CERTIFICATE, browser()); | 942 INVALID_CERTIFICATE, browser()); |
848 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); | 943 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); |
| 944 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); |
849 EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content); | 945 EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content); |
850 EXPECT_FALSE(observer.latest_explanations().ran_insecure_content); | 946 EXPECT_FALSE(observer.latest_explanations().ran_insecure_content); |
851 | 947 |
852 content::WindowedNotificationObserver back_nav_load_observer( | 948 content::WindowedNotificationObserver back_nav_load_observer( |
853 content::NOTIFICATION_LOAD_STOP, | 949 content::NOTIFICATION_LOAD_STOP, |
854 content::Source<content::NavigationController>( | 950 content::Source<content::NavigationController>( |
855 &web_contents->GetController())); | 951 &web_contents->GetController())); |
856 chrome::GoBack(browser(), CURRENT_TAB); | 952 chrome::GoBack(browser(), CURRENT_TAB); |
857 back_nav_load_observer.Wait(); | 953 back_nav_load_observer.Wait(); |
858 | 954 |
859 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATED, | 955 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATED, |
860 observer.latest_security_style()); | 956 observer.latest_security_style()); |
861 EXPECT_EQ(0u, | 957 EXPECT_EQ(0u, |
862 observer.latest_explanations().unauthenticated_explanations.size()); | 958 observer.latest_explanations().unauthenticated_explanations.size()); |
863 EXPECT_EQ(0u, observer.latest_explanations().broken_explanations.size()); | 959 EXPECT_EQ(0u, observer.latest_explanations().broken_explanations.size()); |
864 CheckSecureExplanations(observer.latest_explanations().secure_explanations, | 960 CheckSecureExplanations(observer.latest_explanations().secure_explanations, |
865 VALID_CERTIFICATE, browser()); | 961 VALID_CERTIFICATE, browser()); |
866 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); | 962 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); |
| 963 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); |
867 EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content); | 964 EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content); |
868 EXPECT_FALSE(observer.latest_explanations().ran_insecure_content); | 965 EXPECT_FALSE(observer.latest_explanations().ran_insecure_content); |
869 } | 966 } |
870 | 967 |
871 // After AddNonsecureUrlHandler() is called, requests to this hostname | 968 // After AddNonsecureUrlHandler() is called, requests to this hostname |
872 // will use obsolete TLS settings. | 969 // will use obsolete TLS settings. |
873 const char kMockNonsecureHostname[] = "example-nonsecure.test"; | 970 const char kMockNonsecureHostname[] = "example-nonsecure.test"; |
874 | 971 |
875 // A URLRequestMockHTTPJob that mocks a TLS connection with an obsolete | 972 // A URLRequestMockHTTPJob that mocks a TLS connection with an obsolete |
876 // protocol version. | 973 // protocol version. |
(...skipping 122 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
999 // downgraded: SECURE_PROTOCOL_AND_CIPHERSUITE should not show up when | 1096 // downgraded: SECURE_PROTOCOL_AND_CIPHERSUITE should not show up when |
1000 // the TLS settings are obsolete. | 1097 // the TLS settings are obsolete. |
1001 for (const auto& explanation : | 1098 for (const auto& explanation : |
1002 observer.latest_explanations().secure_explanations) { | 1099 observer.latest_explanations().secure_explanations) { |
1003 EXPECT_NE(l10n_util::GetStringUTF8(IDS_SECURE_PROTOCOL_AND_CIPHERSUITE), | 1100 EXPECT_NE(l10n_util::GetStringUTF8(IDS_SECURE_PROTOCOL_AND_CIPHERSUITE), |
1004 explanation.summary); | 1101 explanation.summary); |
1005 } | 1102 } |
1006 } | 1103 } |
1007 | 1104 |
1008 } // namespace | 1105 } // namespace |
OLD | NEW |