OLD | NEW |
---|---|
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/ssl/chrome_security_state_model_client.h" | 5 #include "chrome/browser/ssl/chrome_security_state_model_client.h" |
6 | 6 |
7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
8 #include "base/files/file_path.h" | 8 #include "base/files/file_path.h" |
9 #include "base/macros.h" | 9 #include "base/macros.h" |
10 #include "base/strings/string_split.h" | 10 #include "base/strings/string_split.h" |
(...skipping 147 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
158 EXPECT_EQ( | 158 EXPECT_EQ( |
159 l10n_util::GetStringUTF8(IDS_SECURE_PROTOCOL_AND_CIPHERSUITE_DESCRIPTION), | 159 l10n_util::GetStringUTF8(IDS_SECURE_PROTOCOL_AND_CIPHERSUITE_DESCRIPTION), |
160 secure_explanations.back().description); | 160 secure_explanations.back().description); |
161 } | 161 } |
162 | 162 |
163 void CheckSecurityInfoForSecure( | 163 void CheckSecurityInfoForSecure( |
164 content::WebContents* contents, | 164 content::WebContents* contents, |
165 SecurityStateModel::SecurityLevel expect_security_level, | 165 SecurityStateModel::SecurityLevel expect_security_level, |
166 SecurityStateModel::SHA1DeprecationStatus expect_sha1_status, | 166 SecurityStateModel::SHA1DeprecationStatus expect_sha1_status, |
167 SecurityStateModel::MixedContentStatus expect_mixed_content_status, | 167 SecurityStateModel::MixedContentStatus expect_mixed_content_status, |
168 bool pkp_bypassed, | |
168 bool expect_cert_error) { | 169 bool expect_cert_error) { |
169 ASSERT_TRUE(contents); | 170 ASSERT_TRUE(contents); |
170 | 171 |
171 ChromeSecurityStateModelClient* model_client = | 172 ChromeSecurityStateModelClient* model_client = |
172 ChromeSecurityStateModelClient::FromWebContents(contents); | 173 ChromeSecurityStateModelClient::FromWebContents(contents); |
173 ASSERT_TRUE(model_client); | 174 ASSERT_TRUE(model_client); |
174 const SecurityStateModel::SecurityInfo& security_info = | 175 const SecurityStateModel::SecurityInfo& security_info = |
175 model_client->GetSecurityInfo(); | 176 model_client->GetSecurityInfo(); |
176 EXPECT_EQ(expect_security_level, security_info.security_level); | 177 EXPECT_EQ(expect_security_level, security_info.security_level); |
177 EXPECT_EQ(expect_sha1_status, security_info.sha1_deprecation_status); | 178 EXPECT_EQ(expect_sha1_status, security_info.sha1_deprecation_status); |
178 EXPECT_EQ(expect_mixed_content_status, security_info.mixed_content_status); | 179 EXPECT_EQ(expect_mixed_content_status, security_info.mixed_content_status); |
179 EXPECT_TRUE(security_info.sct_verify_statuses.empty()); | 180 EXPECT_TRUE(security_info.sct_verify_statuses.empty()); |
180 EXPECT_TRUE(security_info.scheme_is_cryptographic); | 181 EXPECT_TRUE(security_info.scheme_is_cryptographic); |
182 EXPECT_EQ(pkp_bypassed, security_info.pkp_bypassed); | |
181 EXPECT_EQ(expect_cert_error, | 183 EXPECT_EQ(expect_cert_error, |
182 net::IsCertStatusError(security_info.cert_status)); | 184 net::IsCertStatusError(security_info.cert_status)); |
183 EXPECT_GT(security_info.security_bits, 0); | 185 EXPECT_GT(security_info.security_bits, 0); |
184 | 186 |
185 content::CertStore* cert_store = content::CertStore::GetInstance(); | 187 content::CertStore* cert_store = content::CertStore::GetInstance(); |
186 scoped_refptr<net::X509Certificate> cert; | 188 scoped_refptr<net::X509Certificate> cert; |
187 EXPECT_TRUE(cert_store->RetrieveCert(security_info.cert_id, &cert)); | 189 EXPECT_TRUE(cert_store->RetrieveCert(security_info.cert_id, &cert)); |
188 } | 190 } |
189 | 191 |
190 void CheckSecurityInfoForNonSecure(content::WebContents* contents) { | 192 void CheckSecurityInfoForNonSecure(content::WebContents* contents) { |
(...skipping 117 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
308 | 310 |
309 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, HttpsPage) { | 311 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, HttpsPage) { |
310 ASSERT_TRUE(https_server_.Start()); | 312 ASSERT_TRUE(https_server_.Start()); |
311 SetUpMockCertVerifierForHttpsServer(0, net::OK); | 313 SetUpMockCertVerifierForHttpsServer(0, net::OK); |
312 | 314 |
313 ui_test_utils::NavigateToURL(browser(), | 315 ui_test_utils::NavigateToURL(browser(), |
314 https_server_.GetURL("/ssl/google.html")); | 316 https_server_.GetURL("/ssl/google.html")); |
315 CheckSecurityInfoForSecure( | 317 CheckSecurityInfoForSecure( |
316 browser()->tab_strip_model()->GetActiveWebContents(), | 318 browser()->tab_strip_model()->GetActiveWebContents(), |
317 SecurityStateModel::SECURE, SecurityStateModel::NO_DEPRECATED_SHA1, | 319 SecurityStateModel::SECURE, SecurityStateModel::NO_DEPRECATED_SHA1, |
318 SecurityStateModel::NO_MIXED_CONTENT, | 320 SecurityStateModel::NO_MIXED_CONTENT, false, |
319 false /* expect cert status error */); | 321 false /* expect cert status error */); |
320 } | 322 } |
321 | 323 |
322 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, SHA1Broken) { | 324 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, SHA1Broken) { |
323 ASSERT_TRUE(https_server_.Start()); | 325 ASSERT_TRUE(https_server_.Start()); |
324 // The test server uses a long-lived cert by default, so a SHA1 | 326 // The test server uses a long-lived cert by default, so a SHA1 |
325 // signature in it will register as a "broken" condition rather than | 327 // signature in it will register as a "broken" condition rather than |
326 // "warning". | 328 // "warning". |
327 SetUpMockCertVerifierForHttpsServer(net::CERT_STATUS_SHA1_SIGNATURE_PRESENT, | 329 SetUpMockCertVerifierForHttpsServer(net::CERT_STATUS_SHA1_SIGNATURE_PRESENT, |
328 net::OK); | 330 net::OK); |
329 | 331 |
330 ui_test_utils::NavigateToURL(browser(), | 332 ui_test_utils::NavigateToURL(browser(), |
331 https_server_.GetURL("/ssl/google.html")); | 333 https_server_.GetURL("/ssl/google.html")); |
332 CheckSecurityInfoForSecure( | 334 CheckSecurityInfoForSecure( |
333 browser()->tab_strip_model()->GetActiveWebContents(), | 335 browser()->tab_strip_model()->GetActiveWebContents(), |
334 SecurityStateModel::SECURITY_ERROR, | 336 SecurityStateModel::SECURITY_ERROR, |
335 SecurityStateModel::DEPRECATED_SHA1_MAJOR, | 337 SecurityStateModel::DEPRECATED_SHA1_MAJOR, |
336 SecurityStateModel::NO_MIXED_CONTENT, | 338 SecurityStateModel::NO_MIXED_CONTENT, false, |
337 false /* expect cert status error */); | 339 false /* expect cert status error */); |
338 } | 340 } |
339 | 341 |
340 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, MixedContent) { | 342 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, MixedContent) { |
341 ASSERT_TRUE(embedded_test_server()->Start()); | 343 ASSERT_TRUE(embedded_test_server()->Start()); |
342 ASSERT_TRUE(https_server_.Start()); | 344 ASSERT_TRUE(https_server_.Start()); |
343 SetUpMockCertVerifierForHttpsServer(0, net::OK); | 345 SetUpMockCertVerifierForHttpsServer(0, net::OK); |
344 host_resolver()->AddRule("example.test", | 346 host_resolver()->AddRule("example.test", |
345 https_server_.GetURL("/").host()); | 347 https_server_.GetURL("/").host()); |
346 | 348 |
347 net::HostPortPair replacement_pair = embedded_test_server()->host_port_pair(); | 349 net::HostPortPair replacement_pair = embedded_test_server()->host_port_pair(); |
348 replacement_pair.set_host("example.test"); | 350 replacement_pair.set_host("example.test"); |
349 | 351 |
350 // Navigate to an HTTPS page that displays mixed content. | 352 // Navigate to an HTTPS page that displays mixed content. |
351 std::string replacement_path; | 353 std::string replacement_path; |
352 GetFilePathWithHostAndPortReplacement( | 354 GetFilePathWithHostAndPortReplacement( |
353 "/ssl/page_displays_insecure_content.html", | 355 "/ssl/page_displays_insecure_content.html", |
354 replacement_pair, &replacement_path); | 356 replacement_pair, &replacement_path); |
355 ui_test_utils::NavigateToURL(browser(), | 357 ui_test_utils::NavigateToURL(browser(), |
356 https_server_.GetURL(replacement_path)); | 358 https_server_.GetURL(replacement_path)); |
357 CheckSecurityInfoForSecure( | 359 CheckSecurityInfoForSecure( |
358 browser()->tab_strip_model()->GetActiveWebContents(), | 360 browser()->tab_strip_model()->GetActiveWebContents(), |
359 SecurityStateModel::NONE, SecurityStateModel::NO_DEPRECATED_SHA1, | 361 SecurityStateModel::NONE, SecurityStateModel::NO_DEPRECATED_SHA1, |
360 SecurityStateModel::DISPLAYED_MIXED_CONTENT, | 362 SecurityStateModel::DISPLAYED_MIXED_CONTENT, false, |
361 false /* expect cert status error */); | 363 false /* expect cert status error */); |
362 | 364 |
363 // Navigate to an HTTPS page that displays mixed content dynamically. | 365 // Navigate to an HTTPS page that displays mixed content dynamically. |
364 GetFilePathWithHostAndPortReplacement( | 366 GetFilePathWithHostAndPortReplacement( |
365 "/ssl/page_with_dynamic_insecure_content.html", | 367 "/ssl/page_with_dynamic_insecure_content.html", |
366 replacement_pair, &replacement_path); | 368 replacement_pair, &replacement_path); |
367 ui_test_utils::NavigateToURL(browser(), | 369 ui_test_utils::NavigateToURL(browser(), |
368 https_server_.GetURL(replacement_path)); | 370 https_server_.GetURL(replacement_path)); |
369 CheckSecurityInfoForSecure( | 371 CheckSecurityInfoForSecure( |
370 browser()->tab_strip_model()->GetActiveWebContents(), | 372 browser()->tab_strip_model()->GetActiveWebContents(), |
371 SecurityStateModel::SECURE, SecurityStateModel::NO_DEPRECATED_SHA1, | 373 SecurityStateModel::SECURE, SecurityStateModel::NO_DEPRECATED_SHA1, |
372 SecurityStateModel::NO_MIXED_CONTENT, | 374 SecurityStateModel::NO_MIXED_CONTENT, false, |
373 false /* expect cert status error */); | 375 false /* expect cert status error */); |
374 // Load the insecure image. | 376 // Load the insecure image. |
375 bool js_result = false; | 377 bool js_result = false; |
376 EXPECT_TRUE(content::ExecuteScriptAndExtractBool( | 378 EXPECT_TRUE(content::ExecuteScriptAndExtractBool( |
377 browser()->tab_strip_model()->GetActiveWebContents(), "loadBadImage();", | 379 browser()->tab_strip_model()->GetActiveWebContents(), "loadBadImage();", |
378 &js_result)); | 380 &js_result)); |
379 EXPECT_TRUE(js_result); | 381 EXPECT_TRUE(js_result); |
380 CheckSecurityInfoForSecure( | 382 CheckSecurityInfoForSecure( |
381 browser()->tab_strip_model()->GetActiveWebContents(), | 383 browser()->tab_strip_model()->GetActiveWebContents(), |
382 SecurityStateModel::NONE, SecurityStateModel::NO_DEPRECATED_SHA1, | 384 SecurityStateModel::NONE, SecurityStateModel::NO_DEPRECATED_SHA1, |
383 SecurityStateModel::DISPLAYED_MIXED_CONTENT, | 385 SecurityStateModel::DISPLAYED_MIXED_CONTENT, false, |
384 false /* expect cert status error */); | 386 false /* expect cert status error */); |
385 | 387 |
386 // Navigate to an HTTPS page that runs mixed content. | 388 // Navigate to an HTTPS page that runs mixed content. |
387 GetFilePathWithHostAndPortReplacement( | 389 GetFilePathWithHostAndPortReplacement( |
388 "/ssl/page_runs_insecure_content.html", | 390 "/ssl/page_runs_insecure_content.html", |
389 replacement_pair, &replacement_path); | 391 replacement_pair, &replacement_path); |
390 ui_test_utils::NavigateToURL(browser(), | 392 ui_test_utils::NavigateToURL(browser(), |
391 https_server_.GetURL(replacement_path)); | 393 https_server_.GetURL(replacement_path)); |
392 CheckSecurityInfoForSecure( | 394 CheckSecurityInfoForSecure( |
393 browser()->tab_strip_model()->GetActiveWebContents(), | 395 browser()->tab_strip_model()->GetActiveWebContents(), |
394 SecurityStateModel::SECURITY_ERROR, | 396 SecurityStateModel::SECURITY_ERROR, |
395 SecurityStateModel::NO_DEPRECATED_SHA1, | 397 SecurityStateModel::NO_DEPRECATED_SHA1, |
396 SecurityStateModel::RAN_MIXED_CONTENT, | 398 SecurityStateModel::RAN_MIXED_CONTENT, false, |
397 false /* expect cert status error */); | 399 false /* expect cert status error */); |
398 | 400 |
399 // Navigate to an HTTPS page that runs and displays mixed content. | 401 // Navigate to an HTTPS page that runs and displays mixed content. |
400 GetFilePathWithHostAndPortReplacement( | 402 GetFilePathWithHostAndPortReplacement( |
401 "/ssl/page_runs_and_displays_insecure_content.html", | 403 "/ssl/page_runs_and_displays_insecure_content.html", |
402 replacement_pair, &replacement_path); | 404 replacement_pair, &replacement_path); |
403 ui_test_utils::NavigateToURL(browser(), | 405 ui_test_utils::NavigateToURL(browser(), |
404 https_server_.GetURL(replacement_path)); | 406 https_server_.GetURL(replacement_path)); |
405 CheckSecurityInfoForSecure( | 407 CheckSecurityInfoForSecure( |
406 browser()->tab_strip_model()->GetActiveWebContents(), | 408 browser()->tab_strip_model()->GetActiveWebContents(), |
407 SecurityStateModel::SECURITY_ERROR, | 409 SecurityStateModel::SECURITY_ERROR, |
408 SecurityStateModel::NO_DEPRECATED_SHA1, | 410 SecurityStateModel::NO_DEPRECATED_SHA1, |
409 SecurityStateModel::RAN_AND_DISPLAYED_MIXED_CONTENT, | 411 SecurityStateModel::RAN_AND_DISPLAYED_MIXED_CONTENT, false, |
410 false /* expect cert status error */); | 412 false /* expect cert status error */); |
411 | 413 |
412 // Navigate to an HTTPS page that runs mixed content in an iframe. | 414 // Navigate to an HTTPS page that runs mixed content in an iframe. |
413 net::HostPortPair host_port_pair = | 415 net::HostPortPair host_port_pair = |
414 net::HostPortPair::FromURL(https_server_.GetURL("/")); | 416 net::HostPortPair::FromURL(https_server_.GetURL("/")); |
415 host_port_pair.set_host("different-host.test"); | 417 host_port_pair.set_host("different-host.test"); |
416 host_resolver()->AddRule("different-host.test", | 418 host_resolver()->AddRule("different-host.test", |
417 https_server_.GetURL("/").host()); | 419 https_server_.GetURL("/").host()); |
418 host_resolver()->AddRule("different-http-host.test", | 420 host_resolver()->AddRule("different-http-host.test", |
419 embedded_test_server()->GetURL("/").host()); | 421 embedded_test_server()->GetURL("/").host()); |
420 GetFilePathWithHostAndPortReplacement( | 422 GetFilePathWithHostAndPortReplacement( |
421 "/ssl/page_runs_insecure_content_in_iframe.html", host_port_pair, | 423 "/ssl/page_runs_insecure_content_in_iframe.html", host_port_pair, |
422 &replacement_path); | 424 &replacement_path); |
423 ui_test_utils::NavigateToURL(browser(), | 425 ui_test_utils::NavigateToURL(browser(), |
424 https_server_.GetURL(replacement_path)); | 426 https_server_.GetURL(replacement_path)); |
425 CheckSecurityInfoForSecure( | 427 CheckSecurityInfoForSecure( |
426 browser()->tab_strip_model()->GetActiveWebContents(), | 428 browser()->tab_strip_model()->GetActiveWebContents(), |
427 SecurityStateModel::SECURITY_ERROR, | 429 SecurityStateModel::SECURITY_ERROR, |
428 SecurityStateModel::NO_DEPRECATED_SHA1, | 430 SecurityStateModel::NO_DEPRECATED_SHA1, |
429 SecurityStateModel::RAN_MIXED_CONTENT, | 431 SecurityStateModel::RAN_MIXED_CONTENT, false, |
430 false /* expect cert status error */); | 432 false /* expect cert status error */); |
431 } | 433 } |
432 | 434 |
433 // Same as the test above but with a long-lived SHA1 cert. | 435 // Same as the test above but with a long-lived SHA1 cert. |
434 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, | 436 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, |
435 MixedContentWithBrokenSHA1) { | 437 MixedContentWithBrokenSHA1) { |
436 ASSERT_TRUE(embedded_test_server()->Start()); | 438 ASSERT_TRUE(embedded_test_server()->Start()); |
437 ASSERT_TRUE(https_server_.Start()); | 439 ASSERT_TRUE(https_server_.Start()); |
438 // The test server uses a long-lived cert by default, so a SHA1 | 440 // The test server uses a long-lived cert by default, so a SHA1 |
439 // signature in it will register as a "broken" condition rather than | 441 // signature in it will register as a "broken" condition rather than |
(...skipping 11 matching lines...) Expand all Loading... | |
451 std::string replacement_path; | 453 std::string replacement_path; |
452 GetFilePathWithHostAndPortReplacement( | 454 GetFilePathWithHostAndPortReplacement( |
453 "/ssl/page_displays_insecure_content.html", | 455 "/ssl/page_displays_insecure_content.html", |
454 replacement_pair, &replacement_path); | 456 replacement_pair, &replacement_path); |
455 ui_test_utils::NavigateToURL(browser(), | 457 ui_test_utils::NavigateToURL(browser(), |
456 https_server_.GetURL(replacement_path)); | 458 https_server_.GetURL(replacement_path)); |
457 CheckSecurityInfoForSecure( | 459 CheckSecurityInfoForSecure( |
458 browser()->tab_strip_model()->GetActiveWebContents(), | 460 browser()->tab_strip_model()->GetActiveWebContents(), |
459 SecurityStateModel::SECURITY_ERROR, | 461 SecurityStateModel::SECURITY_ERROR, |
460 SecurityStateModel::DEPRECATED_SHA1_MAJOR, | 462 SecurityStateModel::DEPRECATED_SHA1_MAJOR, |
461 SecurityStateModel::DISPLAYED_MIXED_CONTENT, | 463 SecurityStateModel::DISPLAYED_MIXED_CONTENT, false, |
462 false /* expect cert status error */); | 464 false /* expect cert status error */); |
463 | 465 |
464 // Navigate to an HTTPS page that displays mixed content dynamically. | 466 // Navigate to an HTTPS page that displays mixed content dynamically. |
465 GetFilePathWithHostAndPortReplacement( | 467 GetFilePathWithHostAndPortReplacement( |
466 "/ssl/page_with_dynamic_insecure_content.html", | 468 "/ssl/page_with_dynamic_insecure_content.html", |
467 replacement_pair, &replacement_path); | 469 replacement_pair, &replacement_path); |
468 ui_test_utils::NavigateToURL(browser(), | 470 ui_test_utils::NavigateToURL(browser(), |
469 https_server_.GetURL(replacement_path)); | 471 https_server_.GetURL(replacement_path)); |
470 CheckSecurityInfoForSecure( | 472 CheckSecurityInfoForSecure( |
471 browser()->tab_strip_model()->GetActiveWebContents(), | 473 browser()->tab_strip_model()->GetActiveWebContents(), |
472 SecurityStateModel::SECURITY_ERROR, | 474 SecurityStateModel::SECURITY_ERROR, |
473 SecurityStateModel::DEPRECATED_SHA1_MAJOR, | 475 SecurityStateModel::DEPRECATED_SHA1_MAJOR, |
474 SecurityStateModel::NO_MIXED_CONTENT, | 476 SecurityStateModel::NO_MIXED_CONTENT, false, |
475 false /* expect cert status error */); | 477 false /* expect cert status error */); |
476 // Load the insecure image. | 478 // Load the insecure image. |
477 bool js_result = false; | 479 bool js_result = false; |
478 EXPECT_TRUE(content::ExecuteScriptAndExtractBool( | 480 EXPECT_TRUE(content::ExecuteScriptAndExtractBool( |
479 browser()->tab_strip_model()->GetActiveWebContents(), "loadBadImage();", | 481 browser()->tab_strip_model()->GetActiveWebContents(), "loadBadImage();", |
480 &js_result)); | 482 &js_result)); |
481 EXPECT_TRUE(js_result); | 483 EXPECT_TRUE(js_result); |
482 CheckSecurityInfoForSecure( | 484 CheckSecurityInfoForSecure( |
483 browser()->tab_strip_model()->GetActiveWebContents(), | 485 browser()->tab_strip_model()->GetActiveWebContents(), |
484 SecurityStateModel::SECURITY_ERROR, | 486 SecurityStateModel::SECURITY_ERROR, |
485 SecurityStateModel::DEPRECATED_SHA1_MAJOR, | 487 SecurityStateModel::DEPRECATED_SHA1_MAJOR, |
486 SecurityStateModel::DISPLAYED_MIXED_CONTENT, | 488 SecurityStateModel::DISPLAYED_MIXED_CONTENT, false, |
487 false /* expect cert status error */); | 489 false /* expect cert status error */); |
488 | 490 |
489 // Navigate to an HTTPS page that runs mixed content. | 491 // Navigate to an HTTPS page that runs mixed content. |
490 GetFilePathWithHostAndPortReplacement( | 492 GetFilePathWithHostAndPortReplacement( |
491 "/ssl/page_runs_insecure_content.html", | 493 "/ssl/page_runs_insecure_content.html", |
492 replacement_pair, &replacement_path); | 494 replacement_pair, &replacement_path); |
493 ui_test_utils::NavigateToURL(browser(), | 495 ui_test_utils::NavigateToURL(browser(), |
494 https_server_.GetURL(replacement_path)); | 496 https_server_.GetURL(replacement_path)); |
495 CheckSecurityInfoForSecure( | 497 CheckSecurityInfoForSecure( |
496 browser()->tab_strip_model()->GetActiveWebContents(), | 498 browser()->tab_strip_model()->GetActiveWebContents(), |
497 SecurityStateModel::SECURITY_ERROR, | 499 SecurityStateModel::SECURITY_ERROR, |
498 SecurityStateModel::DEPRECATED_SHA1_MAJOR, | 500 SecurityStateModel::DEPRECATED_SHA1_MAJOR, |
499 SecurityStateModel::RAN_MIXED_CONTENT, | 501 SecurityStateModel::RAN_MIXED_CONTENT, false, |
500 false /* expect cert status error */); | 502 false /* expect cert status error */); |
501 | 503 |
502 // Navigate to an HTTPS page that runs and displays mixed content. | 504 // Navigate to an HTTPS page that runs and displays mixed content. |
503 GetFilePathWithHostAndPortReplacement( | 505 GetFilePathWithHostAndPortReplacement( |
504 "/ssl/page_runs_and_displays_insecure_content.html", | 506 "/ssl/page_runs_and_displays_insecure_content.html", |
505 replacement_pair, &replacement_path); | 507 replacement_pair, &replacement_path); |
506 ui_test_utils::NavigateToURL(browser(), | 508 ui_test_utils::NavigateToURL(browser(), |
507 https_server_.GetURL(replacement_path)); | 509 https_server_.GetURL(replacement_path)); |
508 CheckSecurityInfoForSecure( | 510 CheckSecurityInfoForSecure( |
509 browser()->tab_strip_model()->GetActiveWebContents(), | 511 browser()->tab_strip_model()->GetActiveWebContents(), |
510 SecurityStateModel::SECURITY_ERROR, | 512 SecurityStateModel::SECURITY_ERROR, |
511 SecurityStateModel::DEPRECATED_SHA1_MAJOR, | 513 SecurityStateModel::DEPRECATED_SHA1_MAJOR, |
512 SecurityStateModel::RAN_AND_DISPLAYED_MIXED_CONTENT, | 514 SecurityStateModel::RAN_AND_DISPLAYED_MIXED_CONTENT, false, |
513 false /* expect cert status error */); | 515 false /* expect cert status error */); |
514 } | 516 } |
515 | 517 |
516 // Tests that the Content Security Policy block-all-mixed-content | 518 // Tests that the Content Security Policy block-all-mixed-content |
517 // directive stops mixed content from running. | 519 // directive stops mixed content from running. |
518 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, | 520 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, |
519 MixedContentStrictBlocking) { | 521 MixedContentStrictBlocking) { |
520 ASSERT_TRUE(https_server_.Start()); | 522 ASSERT_TRUE(https_server_.Start()); |
521 SetUpMockCertVerifierForHttpsServer(0, net::OK); | 523 SetUpMockCertVerifierForHttpsServer(0, net::OK); |
522 | 524 |
523 // Navigate to an HTTPS page that tries to run mixed content in an | 525 // Navigate to an HTTPS page that tries to run mixed content in an |
524 // iframe, with strict mixed content blocking. | 526 // iframe, with strict mixed content blocking. |
525 std::string replacement_path; | 527 std::string replacement_path; |
526 net::HostPortPair host_port_pair = | 528 net::HostPortPair host_port_pair = |
527 net::HostPortPair::FromURL(https_server_.GetURL("/")); | 529 net::HostPortPair::FromURL(https_server_.GetURL("/")); |
528 host_port_pair.set_host("different-host.test"); | 530 host_port_pair.set_host("different-host.test"); |
529 host_resolver()->AddRule("different-host.test", | 531 host_resolver()->AddRule("different-host.test", |
530 https_server_.GetURL("/").host()); | 532 https_server_.GetURL("/").host()); |
531 GetFilePathWithHostAndPortReplacement( | 533 GetFilePathWithHostAndPortReplacement( |
532 "/ssl/page_runs_insecure_content_in_iframe_with_strict_blocking.html", | 534 "/ssl/page_runs_insecure_content_in_iframe_with_strict_blocking.html", |
533 host_port_pair, &replacement_path); | 535 host_port_pair, &replacement_path); |
534 ui_test_utils::NavigateToURL(browser(), | 536 ui_test_utils::NavigateToURL(browser(), |
535 https_server_.GetURL(replacement_path)); | 537 https_server_.GetURL(replacement_path)); |
536 CheckSecurityInfoForSecure( | 538 CheckSecurityInfoForSecure( |
537 browser()->tab_strip_model()->GetActiveWebContents(), | 539 browser()->tab_strip_model()->GetActiveWebContents(), |
538 SecurityStateModel::SECURE, SecurityStateModel::NO_DEPRECATED_SHA1, | 540 SecurityStateModel::SECURE, SecurityStateModel::NO_DEPRECATED_SHA1, |
539 SecurityStateModel::NO_MIXED_CONTENT, | 541 SecurityStateModel::NO_MIXED_CONTENT, false, |
540 false /* expect cert status error */); | 542 false /* expect cert status error */); |
541 } | 543 } |
542 | 544 |
543 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, BrokenHTTPS) { | 545 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, BrokenHTTPS) { |
544 ASSERT_TRUE(embedded_test_server()->Start()); | 546 ASSERT_TRUE(embedded_test_server()->Start()); |
545 ASSERT_TRUE(https_server_.Start()); | 547 ASSERT_TRUE(https_server_.Start()); |
546 SetUpMockCertVerifierForHttpsServer(net::CERT_STATUS_DATE_INVALID, | 548 SetUpMockCertVerifierForHttpsServer(net::CERT_STATUS_DATE_INVALID, |
547 net::ERR_CERT_DATE_INVALID); | 549 net::ERR_CERT_DATE_INVALID); |
548 | 550 |
549 ui_test_utils::NavigateToURL(browser(), | 551 ui_test_utils::NavigateToURL(browser(), |
550 https_server_.GetURL("/ssl/google.html")); | 552 https_server_.GetURL("/ssl/google.html")); |
551 CheckSecurityInfoForSecure( | 553 CheckSecurityInfoForSecure( |
552 browser()->tab_strip_model()->GetActiveWebContents(), | 554 browser()->tab_strip_model()->GetActiveWebContents(), |
553 SecurityStateModel::SECURITY_ERROR, | 555 SecurityStateModel::SECURITY_ERROR, |
554 SecurityStateModel::NO_DEPRECATED_SHA1, | 556 SecurityStateModel::NO_DEPRECATED_SHA1, |
555 SecurityStateModel::NO_MIXED_CONTENT, | 557 SecurityStateModel::NO_MIXED_CONTENT, false, |
556 true /* expect cert status error */); | 558 true /* expect cert status error */); |
557 | 559 |
558 ProceedThroughInterstitial( | 560 ProceedThroughInterstitial( |
559 browser()->tab_strip_model()->GetActiveWebContents()); | 561 browser()->tab_strip_model()->GetActiveWebContents()); |
560 | 562 |
561 CheckSecurityInfoForSecure( | 563 CheckSecurityInfoForSecure( |
562 browser()->tab_strip_model()->GetActiveWebContents(), | 564 browser()->tab_strip_model()->GetActiveWebContents(), |
563 SecurityStateModel::SECURITY_ERROR, | 565 SecurityStateModel::SECURITY_ERROR, |
564 SecurityStateModel::NO_DEPRECATED_SHA1, | 566 SecurityStateModel::NO_DEPRECATED_SHA1, |
565 SecurityStateModel::NO_MIXED_CONTENT, | 567 SecurityStateModel::NO_MIXED_CONTENT, false, |
566 true /* expect cert status error */); | 568 true /* expect cert status error */); |
567 | 569 |
568 // Navigate to a broken HTTPS page that displays mixed content. | 570 // Navigate to a broken HTTPS page that displays mixed content. |
569 std::string replacement_path; | 571 std::string replacement_path; |
570 GetFilePathWithHostAndPortReplacement( | 572 GetFilePathWithHostAndPortReplacement( |
571 "/ssl/page_displays_insecure_content.html", | 573 "/ssl/page_displays_insecure_content.html", |
572 embedded_test_server()->host_port_pair(), &replacement_path); | 574 embedded_test_server()->host_port_pair(), &replacement_path); |
573 ui_test_utils::NavigateToURL(browser(), | 575 ui_test_utils::NavigateToURL(browser(), |
574 https_server_.GetURL(replacement_path)); | 576 https_server_.GetURL(replacement_path)); |
575 CheckSecurityInfoForSecure( | 577 CheckSecurityInfoForSecure( |
576 browser()->tab_strip_model()->GetActiveWebContents(), | 578 browser()->tab_strip_model()->GetActiveWebContents(), |
577 SecurityStateModel::SECURITY_ERROR, | 579 SecurityStateModel::SECURITY_ERROR, |
578 SecurityStateModel::NO_DEPRECATED_SHA1, | 580 SecurityStateModel::NO_DEPRECATED_SHA1, |
579 SecurityStateModel::DISPLAYED_MIXED_CONTENT, | 581 SecurityStateModel::DISPLAYED_MIXED_CONTENT, false, |
580 true /* expect cert status error */); | 582 true /* expect cert status error */); |
581 } | 583 } |
582 | 584 |
585 const char kReportURI[] = "https://report-hpkp.test"; | |
586 | |
587 class PKPModelClientTest : public ChromeSecurityStateModelClientTest { | |
588 public: | |
589 PKPModelClientTest() | |
590 : io_loop_finished_event_( | |
591 base::WaitableEvent::ResetPolicy::AUTOMATIC, | |
592 base::WaitableEvent::InitialState::NOT_SIGNALED) {} | |
593 | |
594 void SetUpOnMainThread() override { | |
595 url_request_context_getter_ = browser()->profile()->GetRequestContext(); | |
596 content::BrowserThread::PostTask( | |
597 content::BrowserThread::IO, FROM_HERE, | |
598 base::Bind(&PKPModelClientTest::SetUpOnIOThread, this)); | |
599 io_loop_finished_event_.Wait(); | |
600 } | |
601 | |
602 void SetUpOnIOThread() { | |
603 net::URLRequestContext* request_context = | |
604 url_request_context_getter_->GetURLRequestContext(); | |
605 net::TransportSecurityState* security_state = | |
606 request_context->transport_security_state(); | |
607 | |
608 base::Time expiration = | |
609 base::Time::Now() + base::TimeDelta::FromSeconds(10000); | |
610 | |
611 net::HashValue hash(net::HASH_VALUE_SHA256); | |
612 memset(hash.data(), 0x99, hash.size()); | |
613 net::HashValueVector hashes; | |
614 hashes.push_back(hash); | |
615 | |
616 security_state->AddHPKP(https_server_.host_port_pair().host(), expiration, | |
estark
2016/06/24 20:31:11
Aha, looks like host() is empty at this point beca
dadrian
2016/06/24 21:19:56
Nice catch! I usually only resort to gdb when thin
| |
617 true, hashes, GURL(kReportURI)); | |
618 | |
619 io_loop_finished_event_.Signal(); | |
620 } | |
621 | |
622 protected: | |
623 scoped_refptr<net::URLRequestContextGetter> url_request_context_getter_; | |
624 base::WaitableEvent io_loop_finished_event_; | |
625 }; | |
626 | |
627 IN_PROC_BROWSER_TEST_F(PKPModelClientTest, PKPBypass) { | |
628 ASSERT_TRUE(https_server_.Start()); | |
629 | |
630 // Need a local trust anchor | |
631 scoped_refptr<net::X509Certificate> cert(https_server_.GetCertificate()); | |
632 net::CertVerifyResult verify_result; | |
633 verify_result.is_issued_by_known_root = false; | |
634 verify_result.verified_cert = cert; | |
635 net::HashValue hash(net::HASH_VALUE_SHA256); | |
636 memset(hash.data(), 1, hash.size()); | |
637 verify_result.public_key_hashes.push_back(hash); | |
638 | |
639 mock_cert_verifier()->AddResultForCert(cert.get(), verify_result, net::OK); | |
640 | |
641 ui_test_utils::NavigateToURL(browser(), | |
642 https_server_.GetURL("/ssl/google.html")); | |
643 | |
644 // Page should be secure | |
645 CheckSecurityInfoForSecure( | |
646 browser()->tab_strip_model()->GetActiveWebContents(), | |
647 SecurityStateModel::SECURE, SecurityStateModel::NO_DEPRECATED_SHA1, | |
648 SecurityStateModel::NO_MIXED_CONTENT, true, false); | |
649 } | |
650 | |
583 // Fails requests with ERR_IO_PENDING. Can be used to simulate a navigation | 651 // Fails requests with ERR_IO_PENDING. Can be used to simulate a navigation |
584 // that never stops loading. | 652 // that never stops loading. |
585 class PendingJobInterceptor : public net::URLRequestInterceptor { | 653 class PendingJobInterceptor : public net::URLRequestInterceptor { |
586 public: | 654 public: |
587 PendingJobInterceptor() {} | 655 PendingJobInterceptor() {} |
588 ~PendingJobInterceptor() override {} | 656 ~PendingJobInterceptor() override {} |
589 | 657 |
590 // URLRequestInterceptor implementation | 658 // URLRequestInterceptor implementation |
591 net::URLRequestJob* MaybeInterceptRequest( | 659 net::URLRequestJob* MaybeInterceptRequest( |
592 net::URLRequest* request, | 660 net::URLRequest* request, |
(...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
630 IN_PROC_BROWSER_TEST_F(SecurityStateModelLoadingTest, NavigationStateChanges) { | 698 IN_PROC_BROWSER_TEST_F(SecurityStateModelLoadingTest, NavigationStateChanges) { |
631 ASSERT_TRUE(https_server_.Start()); | 699 ASSERT_TRUE(https_server_.Start()); |
632 SetUpMockCertVerifierForHttpsServer(0, net::OK); | 700 SetUpMockCertVerifierForHttpsServer(0, net::OK); |
633 | 701 |
634 // Navigate to an HTTPS page. | 702 // Navigate to an HTTPS page. |
635 ui_test_utils::NavigateToURL(browser(), | 703 ui_test_utils::NavigateToURL(browser(), |
636 https_server_.GetURL("/ssl/google.html")); | 704 https_server_.GetURL("/ssl/google.html")); |
637 CheckSecurityInfoForSecure( | 705 CheckSecurityInfoForSecure( |
638 browser()->tab_strip_model()->GetActiveWebContents(), | 706 browser()->tab_strip_model()->GetActiveWebContents(), |
639 SecurityStateModel::SECURE, SecurityStateModel::NO_DEPRECATED_SHA1, | 707 SecurityStateModel::SECURE, SecurityStateModel::NO_DEPRECATED_SHA1, |
640 SecurityStateModel::NO_MIXED_CONTENT, | 708 SecurityStateModel::NO_MIXED_CONTENT, false, |
641 false /* expect cert status error */); | 709 false /* expect cert status error */); |
642 | 710 |
643 // Navigate to a page that doesn't finish loading. Test that the | 711 // Navigate to a page that doesn't finish loading. Test that the |
644 // security state is neutral while the page is loading. | 712 // security state is neutral while the page is loading. |
645 browser()->OpenURL(content::OpenURLParams(embedded_test_server()->GetURL("/"), | 713 browser()->OpenURL(content::OpenURLParams(embedded_test_server()->GetURL("/"), |
646 content::Referrer(), CURRENT_TAB, | 714 content::Referrer(), CURRENT_TAB, |
647 ui::PAGE_TRANSITION_TYPED, false)); | 715 ui::PAGE_TRANSITION_TYPED, false)); |
648 CheckSecurityInfoForNonSecure( | 716 CheckSecurityInfoForNonSecure( |
649 browser()->tab_strip_model()->GetActiveWebContents()); | 717 browser()->tab_strip_model()->GetActiveWebContents()); |
650 } | 718 } |
(...skipping 11 matching lines...) Expand all Loading... | |
662 content::WebContents* new_contents = content::WebContents::Create( | 730 content::WebContents* new_contents = content::WebContents::Create( |
663 content::WebContents::CreateParams(tab->GetBrowserContext())); | 731 content::WebContents::CreateParams(tab->GetBrowserContext())); |
664 content::NavigationController& controller = new_contents->GetController(); | 732 content::NavigationController& controller = new_contents->GetController(); |
665 ChromeSecurityStateModelClient::CreateForWebContents(new_contents); | 733 ChromeSecurityStateModelClient::CreateForWebContents(new_contents); |
666 CheckSecurityInfoForNonSecure(new_contents); | 734 CheckSecurityInfoForNonSecure(new_contents); |
667 controller.LoadURL(https_server_.GetURL("/"), content::Referrer(), | 735 controller.LoadURL(https_server_.GetURL("/"), content::Referrer(), |
668 ui::PAGE_TRANSITION_TYPED, std::string()); | 736 ui::PAGE_TRANSITION_TYPED, std::string()); |
669 EXPECT_TRUE(content::WaitForLoadStop(new_contents)); | 737 EXPECT_TRUE(content::WaitForLoadStop(new_contents)); |
670 CheckSecurityInfoForSecure(new_contents, SecurityStateModel::SECURE, | 738 CheckSecurityInfoForSecure(new_contents, SecurityStateModel::SECURE, |
671 SecurityStateModel::NO_DEPRECATED_SHA1, | 739 SecurityStateModel::NO_DEPRECATED_SHA1, |
672 SecurityStateModel::NO_MIXED_CONTENT, | 740 SecurityStateModel::NO_MIXED_CONTENT, false, |
673 false /* expect cert status error */); | 741 false /* expect cert status error */); |
674 | 742 |
675 browser()->tab_strip_model()->InsertWebContentsAt(0, new_contents, | 743 browser()->tab_strip_model()->InsertWebContentsAt(0, new_contents, |
676 TabStripModel::ADD_NONE); | 744 TabStripModel::ADD_NONE); |
677 CheckSecurityInfoForSecure(new_contents, SecurityStateModel::SECURE, | 745 CheckSecurityInfoForSecure(new_contents, SecurityStateModel::SECURE, |
678 SecurityStateModel::NO_DEPRECATED_SHA1, | 746 SecurityStateModel::NO_DEPRECATED_SHA1, |
679 SecurityStateModel::NO_MIXED_CONTENT, | 747 SecurityStateModel::NO_MIXED_CONTENT, false, |
680 false /* expect cert status error */); | 748 false /* expect cert status error */); |
681 } | 749 } |
682 | 750 |
683 // Tests that the WebContentsObserver::SecurityStyleChanged event fires | 751 // Tests that the WebContentsObserver::SecurityStyleChanged event fires |
684 // with the current style on HTTP, broken HTTPS, and valid HTTPS pages. | 752 // with the current style on HTTP, broken HTTPS, and valid HTTPS pages. |
685 IN_PROC_BROWSER_TEST_F(SecurityStyleChangedTest, SecurityStyleChangedObserver) { | 753 IN_PROC_BROWSER_TEST_F(SecurityStyleChangedTest, SecurityStyleChangedObserver) { |
686 ASSERT_TRUE(https_server_.Start()); | 754 ASSERT_TRUE(https_server_.Start()); |
687 ASSERT_TRUE(embedded_test_server()->Start()); | 755 ASSERT_TRUE(embedded_test_server()->Start()); |
688 | 756 |
689 net::EmbeddedTestServer https_test_server_expired( | 757 net::EmbeddedTestServer https_test_server_expired( |
(...skipping 10 matching lines...) Expand all Loading... | |
700 // Visit an HTTP url. | 768 // Visit an HTTP url. |
701 GURL http_url(embedded_test_server()->GetURL("/")); | 769 GURL http_url(embedded_test_server()->GetURL("/")); |
702 ui_test_utils::NavigateToURL(browser(), http_url); | 770 ui_test_utils::NavigateToURL(browser(), http_url); |
703 EXPECT_EQ(content::SECURITY_STYLE_UNAUTHENTICATED, | 771 EXPECT_EQ(content::SECURITY_STYLE_UNAUTHENTICATED, |
704 observer.latest_security_style()); | 772 observer.latest_security_style()); |
705 EXPECT_EQ(0u, | 773 EXPECT_EQ(0u, |
706 observer.latest_explanations().unauthenticated_explanations.size()); | 774 observer.latest_explanations().unauthenticated_explanations.size()); |
707 EXPECT_EQ(0u, observer.latest_explanations().broken_explanations.size()); | 775 EXPECT_EQ(0u, observer.latest_explanations().broken_explanations.size()); |
708 EXPECT_EQ(0u, observer.latest_explanations().secure_explanations.size()); | 776 EXPECT_EQ(0u, observer.latest_explanations().secure_explanations.size()); |
709 EXPECT_FALSE(observer.latest_explanations().scheme_is_cryptographic); | 777 EXPECT_FALSE(observer.latest_explanations().scheme_is_cryptographic); |
778 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); | |
710 EXPECT_FALSE(observer.latest_explanations().ran_insecure_content); | 779 EXPECT_FALSE(observer.latest_explanations().ran_insecure_content); |
711 EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content); | 780 EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content); |
712 | 781 |
713 // Visit an (otherwise valid) HTTPS page that displays mixed content. | 782 // Visit an (otherwise valid) HTTPS page that displays mixed content. |
714 std::string replacement_path; | 783 std::string replacement_path; |
715 GetFilePathWithHostAndPortReplacement( | 784 GetFilePathWithHostAndPortReplacement( |
716 "/ssl/page_displays_insecure_content.html", | 785 "/ssl/page_displays_insecure_content.html", |
717 embedded_test_server()->host_port_pair(), &replacement_path); | 786 embedded_test_server()->host_port_pair(), &replacement_path); |
718 | 787 |
719 GURL mixed_content_url(https_server_.GetURL(replacement_path)); | 788 GURL mixed_content_url(https_server_.GetURL(replacement_path)); |
720 ui_test_utils::NavigateToURL(browser(), mixed_content_url); | 789 ui_test_utils::NavigateToURL(browser(), mixed_content_url); |
721 EXPECT_EQ(content::SECURITY_STYLE_UNAUTHENTICATED, | 790 EXPECT_EQ(content::SECURITY_STYLE_UNAUTHENTICATED, |
722 observer.latest_security_style()); | 791 observer.latest_security_style()); |
723 | 792 |
724 const content::SecurityStyleExplanations& mixed_content_explanation = | 793 const content::SecurityStyleExplanations& mixed_content_explanation = |
725 observer.latest_explanations(); | 794 observer.latest_explanations(); |
726 ASSERT_EQ(0u, mixed_content_explanation.unauthenticated_explanations.size()); | 795 ASSERT_EQ(0u, mixed_content_explanation.unauthenticated_explanations.size()); |
727 ASSERT_EQ(0u, mixed_content_explanation.broken_explanations.size()); | 796 ASSERT_EQ(0u, mixed_content_explanation.broken_explanations.size()); |
728 CheckSecureExplanations(mixed_content_explanation.secure_explanations, | 797 CheckSecureExplanations(mixed_content_explanation.secure_explanations, |
729 VALID_CERTIFICATE, browser()); | 798 VALID_CERTIFICATE, browser()); |
730 EXPECT_TRUE(mixed_content_explanation.scheme_is_cryptographic); | 799 EXPECT_TRUE(mixed_content_explanation.scheme_is_cryptographic); |
800 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); | |
731 EXPECT_TRUE(mixed_content_explanation.displayed_insecure_content); | 801 EXPECT_TRUE(mixed_content_explanation.displayed_insecure_content); |
732 EXPECT_FALSE(mixed_content_explanation.ran_insecure_content); | 802 EXPECT_FALSE(mixed_content_explanation.ran_insecure_content); |
733 EXPECT_EQ(content::SECURITY_STYLE_UNAUTHENTICATED, | 803 EXPECT_EQ(content::SECURITY_STYLE_UNAUTHENTICATED, |
734 mixed_content_explanation.displayed_insecure_content_style); | 804 mixed_content_explanation.displayed_insecure_content_style); |
735 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATION_BROKEN, | 805 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATION_BROKEN, |
736 mixed_content_explanation.ran_insecure_content_style); | 806 mixed_content_explanation.ran_insecure_content_style); |
737 | 807 |
738 // Visit a broken HTTPS url. | 808 // Visit a broken HTTPS url. |
739 GURL expired_url(https_test_server_expired.GetURL(std::string("/"))); | 809 GURL expired_url(https_test_server_expired.GetURL(std::string("/"))); |
740 ui_test_utils::NavigateToURL(browser(), expired_url); | 810 ui_test_utils::NavigateToURL(browser(), expired_url); |
741 | 811 |
742 // An interstitial should show, and an event for the lock icon on the | 812 // An interstitial should show, and an event for the lock icon on the |
743 // interstitial should fire. | 813 // interstitial should fire. |
744 content::WaitForInterstitialAttach(web_contents); | 814 content::WaitForInterstitialAttach(web_contents); |
745 EXPECT_TRUE(web_contents->ShowingInterstitialPage()); | 815 EXPECT_TRUE(web_contents->ShowingInterstitialPage()); |
746 CheckBrokenSecurityStyle(observer, net::ERR_CERT_DATE_INVALID, browser()); | 816 CheckBrokenSecurityStyle(observer, net::ERR_CERT_DATE_INVALID, browser()); |
747 CheckSecureExplanations(observer.latest_explanations().secure_explanations, | 817 CheckSecureExplanations(observer.latest_explanations().secure_explanations, |
748 INVALID_CERTIFICATE, browser()); | 818 INVALID_CERTIFICATE, browser()); |
749 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); | 819 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); |
820 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); | |
750 EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content); | 821 EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content); |
751 EXPECT_FALSE(observer.latest_explanations().ran_insecure_content); | 822 EXPECT_FALSE(observer.latest_explanations().ran_insecure_content); |
752 | 823 |
753 // Before clicking through, navigate to a different page, and then go | 824 // Before clicking through, navigate to a different page, and then go |
754 // back to the interstitial. | 825 // back to the interstitial. |
755 GURL valid_https_url(https_server_.GetURL(std::string("/"))); | 826 GURL valid_https_url(https_server_.GetURL(std::string("/"))); |
756 ui_test_utils::NavigateToURL(browser(), valid_https_url); | 827 ui_test_utils::NavigateToURL(browser(), valid_https_url); |
757 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATED, | 828 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATED, |
758 observer.latest_security_style()); | 829 observer.latest_security_style()); |
759 EXPECT_EQ(0u, | 830 EXPECT_EQ(0u, |
760 observer.latest_explanations().unauthenticated_explanations.size()); | 831 observer.latest_explanations().unauthenticated_explanations.size()); |
761 EXPECT_EQ(0u, observer.latest_explanations().broken_explanations.size()); | 832 EXPECT_EQ(0u, observer.latest_explanations().broken_explanations.size()); |
762 CheckSecureExplanations(observer.latest_explanations().secure_explanations, | 833 CheckSecureExplanations(observer.latest_explanations().secure_explanations, |
763 VALID_CERTIFICATE, browser()); | 834 VALID_CERTIFICATE, browser()); |
764 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); | 835 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); |
836 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); | |
765 EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content); | 837 EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content); |
766 EXPECT_FALSE(observer.latest_explanations().ran_insecure_content); | 838 EXPECT_FALSE(observer.latest_explanations().ran_insecure_content); |
767 | 839 |
768 // After going back to the interstitial, an event for a broken lock | 840 // After going back to the interstitial, an event for a broken lock |
769 // icon should fire again. | 841 // icon should fire again. |
770 ui_test_utils::NavigateToURL(browser(), expired_url); | 842 ui_test_utils::NavigateToURL(browser(), expired_url); |
771 content::WaitForInterstitialAttach(web_contents); | 843 content::WaitForInterstitialAttach(web_contents); |
772 EXPECT_TRUE(web_contents->ShowingInterstitialPage()); | 844 EXPECT_TRUE(web_contents->ShowingInterstitialPage()); |
773 CheckBrokenSecurityStyle(observer, net::ERR_CERT_DATE_INVALID, browser()); | 845 CheckBrokenSecurityStyle(observer, net::ERR_CERT_DATE_INVALID, browser()); |
774 CheckSecureExplanations(observer.latest_explanations().secure_explanations, | 846 CheckSecureExplanations(observer.latest_explanations().secure_explanations, |
775 INVALID_CERTIFICATE, browser()); | 847 INVALID_CERTIFICATE, browser()); |
776 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); | 848 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); |
849 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); | |
777 EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content); | 850 EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content); |
778 EXPECT_FALSE(observer.latest_explanations().ran_insecure_content); | 851 EXPECT_FALSE(observer.latest_explanations().ran_insecure_content); |
779 | 852 |
780 // Since the next expected style is the same as the previous, clear | 853 // Since the next expected style is the same as the previous, clear |
781 // the observer (to make sure that the event fires twice and we don't | 854 // the observer (to make sure that the event fires twice and we don't |
782 // just see the previous event's style). | 855 // just see the previous event's style). |
783 observer.ClearLatestSecurityStyleAndExplanations(); | 856 observer.ClearLatestSecurityStyleAndExplanations(); |
784 | 857 |
785 // Other conditions cannot be tested on this host after clicking | 858 // Other conditions cannot be tested on this host after clicking |
786 // through because once the interstitial is clicked through, all URLs | 859 // through because once the interstitial is clicked through, all URLs |
787 // for this host will remain in a broken state. | 860 // for this host will remain in a broken state. |
788 ProceedThroughInterstitial(web_contents); | 861 ProceedThroughInterstitial(web_contents); |
789 CheckBrokenSecurityStyle(observer, net::ERR_CERT_DATE_INVALID, browser()); | 862 CheckBrokenSecurityStyle(observer, net::ERR_CERT_DATE_INVALID, browser()); |
790 CheckSecureExplanations(observer.latest_explanations().secure_explanations, | 863 CheckSecureExplanations(observer.latest_explanations().secure_explanations, |
791 INVALID_CERTIFICATE, browser()); | 864 INVALID_CERTIFICATE, browser()); |
792 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); | 865 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); |
866 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); | |
793 EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content); | 867 EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content); |
794 EXPECT_FALSE(observer.latest_explanations().ran_insecure_content); | 868 EXPECT_FALSE(observer.latest_explanations().ran_insecure_content); |
795 } | 869 } |
796 | 870 |
797 // Visit a valid HTTPS page, then a broken HTTPS page, and then go back, | 871 // Visit a valid HTTPS page, then a broken HTTPS page, and then go back, |
798 // and test that the observed security style matches. | 872 // and test that the observed security style matches. |
799 IN_PROC_BROWSER_TEST_F(SecurityStyleChangedTest, | 873 IN_PROC_BROWSER_TEST_F(SecurityStyleChangedTest, |
800 SecurityStyleChangedObserverGoBack) { | 874 SecurityStyleChangedObserverGoBack) { |
801 ASSERT_TRUE(https_server_.Start()); | 875 ASSERT_TRUE(https_server_.Start()); |
802 | 876 |
(...skipping 12 matching lines...) Expand all Loading... | |
815 GURL valid_https_url(https_server_.GetURL(std::string("/"))); | 889 GURL valid_https_url(https_server_.GetURL(std::string("/"))); |
816 ui_test_utils::NavigateToURL(browser(), valid_https_url); | 890 ui_test_utils::NavigateToURL(browser(), valid_https_url); |
817 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATED, | 891 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATED, |
818 observer.latest_security_style()); | 892 observer.latest_security_style()); |
819 EXPECT_EQ(0u, | 893 EXPECT_EQ(0u, |
820 observer.latest_explanations().unauthenticated_explanations.size()); | 894 observer.latest_explanations().unauthenticated_explanations.size()); |
821 EXPECT_EQ(0u, observer.latest_explanations().broken_explanations.size()); | 895 EXPECT_EQ(0u, observer.latest_explanations().broken_explanations.size()); |
822 CheckSecureExplanations(observer.latest_explanations().secure_explanations, | 896 CheckSecureExplanations(observer.latest_explanations().secure_explanations, |
823 VALID_CERTIFICATE, browser()); | 897 VALID_CERTIFICATE, browser()); |
824 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); | 898 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); |
899 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); | |
825 EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content); | 900 EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content); |
826 EXPECT_FALSE(observer.latest_explanations().ran_insecure_content); | 901 EXPECT_FALSE(observer.latest_explanations().ran_insecure_content); |
827 | 902 |
828 // Navigate to a bad HTTPS page on a different host, and then click | 903 // Navigate to a bad HTTPS page on a different host, and then click |
829 // Back to verify that the previous good security style is seen again. | 904 // Back to verify that the previous good security style is seen again. |
830 GURL expired_https_url(https_test_server_expired.GetURL(std::string("/"))); | 905 GURL expired_https_url(https_test_server_expired.GetURL(std::string("/"))); |
831 host_resolver()->AddRule("www.example_broken.test", "127.0.0.1"); | 906 host_resolver()->AddRule("www.example_broken.test", "127.0.0.1"); |
832 GURL::Replacements replace_host; | 907 GURL::Replacements replace_host; |
833 replace_host.SetHostStr("www.example_broken.test"); | 908 replace_host.SetHostStr("www.example_broken.test"); |
834 GURL https_url_different_host = | 909 GURL https_url_different_host = |
835 expired_https_url.ReplaceComponents(replace_host); | 910 expired_https_url.ReplaceComponents(replace_host); |
836 | 911 |
837 ui_test_utils::NavigateToURL(browser(), https_url_different_host); | 912 ui_test_utils::NavigateToURL(browser(), https_url_different_host); |
838 | 913 |
839 content::WaitForInterstitialAttach(web_contents); | 914 content::WaitForInterstitialAttach(web_contents); |
840 EXPECT_TRUE(web_contents->ShowingInterstitialPage()); | 915 EXPECT_TRUE(web_contents->ShowingInterstitialPage()); |
841 CheckBrokenSecurityStyle(observer, net::ERR_CERT_COMMON_NAME_INVALID, | 916 CheckBrokenSecurityStyle(observer, net::ERR_CERT_COMMON_NAME_INVALID, |
842 browser()); | 917 browser()); |
843 ProceedThroughInterstitial(web_contents); | 918 ProceedThroughInterstitial(web_contents); |
844 CheckBrokenSecurityStyle(observer, net::ERR_CERT_COMMON_NAME_INVALID, | 919 CheckBrokenSecurityStyle(observer, net::ERR_CERT_COMMON_NAME_INVALID, |
845 browser()); | 920 browser()); |
846 CheckSecureExplanations(observer.latest_explanations().secure_explanations, | 921 CheckSecureExplanations(observer.latest_explanations().secure_explanations, |
847 INVALID_CERTIFICATE, browser()); | 922 INVALID_CERTIFICATE, browser()); |
848 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); | 923 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); |
924 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); | |
849 EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content); | 925 EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content); |
850 EXPECT_FALSE(observer.latest_explanations().ran_insecure_content); | 926 EXPECT_FALSE(observer.latest_explanations().ran_insecure_content); |
851 | 927 |
852 content::WindowedNotificationObserver back_nav_load_observer( | 928 content::WindowedNotificationObserver back_nav_load_observer( |
853 content::NOTIFICATION_LOAD_STOP, | 929 content::NOTIFICATION_LOAD_STOP, |
854 content::Source<content::NavigationController>( | 930 content::Source<content::NavigationController>( |
855 &web_contents->GetController())); | 931 &web_contents->GetController())); |
856 chrome::GoBack(browser(), CURRENT_TAB); | 932 chrome::GoBack(browser(), CURRENT_TAB); |
857 back_nav_load_observer.Wait(); | 933 back_nav_load_observer.Wait(); |
858 | 934 |
859 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATED, | 935 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATED, |
860 observer.latest_security_style()); | 936 observer.latest_security_style()); |
861 EXPECT_EQ(0u, | 937 EXPECT_EQ(0u, |
862 observer.latest_explanations().unauthenticated_explanations.size()); | 938 observer.latest_explanations().unauthenticated_explanations.size()); |
863 EXPECT_EQ(0u, observer.latest_explanations().broken_explanations.size()); | 939 EXPECT_EQ(0u, observer.latest_explanations().broken_explanations.size()); |
864 CheckSecureExplanations(observer.latest_explanations().secure_explanations, | 940 CheckSecureExplanations(observer.latest_explanations().secure_explanations, |
865 VALID_CERTIFICATE, browser()); | 941 VALID_CERTIFICATE, browser()); |
866 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); | 942 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); |
943 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); | |
867 EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content); | 944 EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content); |
868 EXPECT_FALSE(observer.latest_explanations().ran_insecure_content); | 945 EXPECT_FALSE(observer.latest_explanations().ran_insecure_content); |
869 } | 946 } |
870 | 947 |
871 // After AddNonsecureUrlHandler() is called, requests to this hostname | 948 // After AddNonsecureUrlHandler() is called, requests to this hostname |
872 // will use obsolete TLS settings. | 949 // will use obsolete TLS settings. |
873 const char kMockNonsecureHostname[] = "example-nonsecure.test"; | 950 const char kMockNonsecureHostname[] = "example-nonsecure.test"; |
874 | 951 |
875 // A URLRequestMockHTTPJob that mocks a TLS connection with an obsolete | 952 // A URLRequestMockHTTPJob that mocks a TLS connection with an obsolete |
876 // protocol version. | 953 // protocol version. |
(...skipping 122 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
999 // downgraded: SECURE_PROTOCOL_AND_CIPHERSUITE should not show up when | 1076 // downgraded: SECURE_PROTOCOL_AND_CIPHERSUITE should not show up when |
1000 // the TLS settings are obsolete. | 1077 // the TLS settings are obsolete. |
1001 for (const auto& explanation : | 1078 for (const auto& explanation : |
1002 observer.latest_explanations().secure_explanations) { | 1079 observer.latest_explanations().secure_explanations) { |
1003 EXPECT_NE(l10n_util::GetStringUTF8(IDS_SECURE_PROTOCOL_AND_CIPHERSUITE), | 1080 EXPECT_NE(l10n_util::GetStringUTF8(IDS_SECURE_PROTOCOL_AND_CIPHERSUITE), |
1004 explanation.summary); | 1081 explanation.summary); |
1005 } | 1082 } |
1006 } | 1083 } |
1007 | 1084 |
1008 } // namespace | 1085 } // namespace |
OLD | NEW |