OLD | NEW |
---|---|
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/ssl/chrome_security_state_model_client.h" | 5 #include "chrome/browser/ssl/chrome_security_state_model_client.h" |
6 | 6 |
7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
8 #include "base/files/file_path.h" | 8 #include "base/files/file_path.h" |
9 #include "base/macros.h" | 9 #include "base/macros.h" |
10 #include "base/strings/string_split.h" | 10 #include "base/strings/string_split.h" |
(...skipping 92 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
103 void CheckBrokenSecurityStyle(const SecurityStyleTestObserver& observer, | 103 void CheckBrokenSecurityStyle(const SecurityStyleTestObserver& observer, |
104 int error, | 104 int error, |
105 Browser* browser) { | 105 Browser* browser) { |
106 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATION_BROKEN, | 106 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATION_BROKEN, |
107 observer.latest_security_style()); | 107 observer.latest_security_style()); |
108 | 108 |
109 const content::SecurityStyleExplanations& expired_explanation = | 109 const content::SecurityStyleExplanations& expired_explanation = |
110 observer.latest_explanations(); | 110 observer.latest_explanations(); |
111 EXPECT_EQ(0u, expired_explanation.unauthenticated_explanations.size()); | 111 EXPECT_EQ(0u, expired_explanation.unauthenticated_explanations.size()); |
112 ASSERT_EQ(1u, expired_explanation.broken_explanations.size()); | 112 ASSERT_EQ(1u, expired_explanation.broken_explanations.size()); |
113 EXPECT_FALSE(expired_explanation.pkp_bypassed); | |
113 | 114 |
114 // Check that the summary and description are as expected. | 115 // Check that the summary and description are as expected. |
115 EXPECT_EQ(l10n_util::GetStringUTF8(IDS_CERTIFICATE_CHAIN_ERROR), | 116 EXPECT_EQ(l10n_util::GetStringUTF8(IDS_CERTIFICATE_CHAIN_ERROR), |
116 expired_explanation.broken_explanations[0].summary); | 117 expired_explanation.broken_explanations[0].summary); |
117 | 118 |
118 base::string16 error_string = base::UTF8ToUTF16(net::ErrorToString(error)); | 119 base::string16 error_string = base::UTF8ToUTF16(net::ErrorToString(error)); |
119 EXPECT_EQ(l10n_util::GetStringFUTF8( | 120 EXPECT_EQ(l10n_util::GetStringFUTF8( |
120 IDS_CERTIFICATE_CHAIN_ERROR_DESCRIPTION_FORMAT, error_string), | 121 IDS_CERTIFICATE_CHAIN_ERROR_DESCRIPTION_FORMAT, error_string), |
121 expired_explanation.broken_explanations[0].description); | 122 expired_explanation.broken_explanations[0].description); |
122 | 123 |
(...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
158 EXPECT_EQ( | 159 EXPECT_EQ( |
159 l10n_util::GetStringUTF8(IDS_SECURE_PROTOCOL_AND_CIPHERSUITE_DESCRIPTION), | 160 l10n_util::GetStringUTF8(IDS_SECURE_PROTOCOL_AND_CIPHERSUITE_DESCRIPTION), |
160 secure_explanations.back().description); | 161 secure_explanations.back().description); |
161 } | 162 } |
162 | 163 |
163 void CheckSecurityInfoForSecure( | 164 void CheckSecurityInfoForSecure( |
164 content::WebContents* contents, | 165 content::WebContents* contents, |
165 SecurityStateModel::SecurityLevel expect_security_level, | 166 SecurityStateModel::SecurityLevel expect_security_level, |
166 SecurityStateModel::SHA1DeprecationStatus expect_sha1_status, | 167 SecurityStateModel::SHA1DeprecationStatus expect_sha1_status, |
167 SecurityStateModel::MixedContentStatus expect_mixed_content_status, | 168 SecurityStateModel::MixedContentStatus expect_mixed_content_status, |
169 bool pkp_bypassed, | |
168 bool expect_cert_error) { | 170 bool expect_cert_error) { |
169 ASSERT_TRUE(contents); | 171 ASSERT_TRUE(contents); |
170 | 172 |
171 ChromeSecurityStateModelClient* model_client = | 173 ChromeSecurityStateModelClient* model_client = |
172 ChromeSecurityStateModelClient::FromWebContents(contents); | 174 ChromeSecurityStateModelClient::FromWebContents(contents); |
173 ASSERT_TRUE(model_client); | 175 ASSERT_TRUE(model_client); |
174 const SecurityStateModel::SecurityInfo& security_info = | 176 const SecurityStateModel::SecurityInfo& security_info = |
175 model_client->GetSecurityInfo(); | 177 model_client->GetSecurityInfo(); |
176 EXPECT_EQ(expect_security_level, security_info.security_level); | 178 EXPECT_EQ(expect_security_level, security_info.security_level); |
177 EXPECT_EQ(expect_sha1_status, security_info.sha1_deprecation_status); | 179 EXPECT_EQ(expect_sha1_status, security_info.sha1_deprecation_status); |
178 EXPECT_EQ(expect_mixed_content_status, security_info.mixed_content_status); | 180 EXPECT_EQ(expect_mixed_content_status, security_info.mixed_content_status); |
179 EXPECT_TRUE(security_info.sct_verify_statuses.empty()); | 181 EXPECT_TRUE(security_info.sct_verify_statuses.empty()); |
180 EXPECT_TRUE(security_info.scheme_is_cryptographic); | 182 EXPECT_TRUE(security_info.scheme_is_cryptographic); |
183 EXPECT_EQ(pkp_bypassed, security_info.pkp_bypassed); | |
181 EXPECT_EQ(expect_cert_error, | 184 EXPECT_EQ(expect_cert_error, |
182 net::IsCertStatusError(security_info.cert_status)); | 185 net::IsCertStatusError(security_info.cert_status)); |
183 EXPECT_GT(security_info.security_bits, 0); | 186 EXPECT_GT(security_info.security_bits, 0); |
184 | 187 |
185 content::CertStore* cert_store = content::CertStore::GetInstance(); | 188 content::CertStore* cert_store = content::CertStore::GetInstance(); |
186 scoped_refptr<net::X509Certificate> cert; | 189 scoped_refptr<net::X509Certificate> cert; |
187 EXPECT_TRUE(cert_store->RetrieveCert(security_info.cert_id, &cert)); | 190 EXPECT_TRUE(cert_store->RetrieveCert(security_info.cert_id, &cert)); |
188 } | 191 } |
189 | 192 |
190 void CheckSecurityInfoForNonSecure(content::WebContents* contents) { | 193 void CheckSecurityInfoForNonSecure(content::WebContents* contents) { |
(...skipping 117 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
308 | 311 |
309 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, HttpsPage) { | 312 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, HttpsPage) { |
310 ASSERT_TRUE(https_server_.Start()); | 313 ASSERT_TRUE(https_server_.Start()); |
311 SetUpMockCertVerifierForHttpsServer(0, net::OK); | 314 SetUpMockCertVerifierForHttpsServer(0, net::OK); |
312 | 315 |
313 ui_test_utils::NavigateToURL(browser(), | 316 ui_test_utils::NavigateToURL(browser(), |
314 https_server_.GetURL("/ssl/google.html")); | 317 https_server_.GetURL("/ssl/google.html")); |
315 CheckSecurityInfoForSecure( | 318 CheckSecurityInfoForSecure( |
316 browser()->tab_strip_model()->GetActiveWebContents(), | 319 browser()->tab_strip_model()->GetActiveWebContents(), |
317 SecurityStateModel::SECURE, SecurityStateModel::NO_DEPRECATED_SHA1, | 320 SecurityStateModel::SECURE, SecurityStateModel::NO_DEPRECATED_SHA1, |
318 SecurityStateModel::NO_MIXED_CONTENT, | 321 SecurityStateModel::NO_MIXED_CONTENT, false, |
319 false /* expect cert status error */); | 322 false /* expect cert status error */); |
320 } | 323 } |
321 | 324 |
322 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, SHA1Broken) { | 325 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, SHA1Broken) { |
323 ASSERT_TRUE(https_server_.Start()); | 326 ASSERT_TRUE(https_server_.Start()); |
324 // The test server uses a long-lived cert by default, so a SHA1 | 327 // The test server uses a long-lived cert by default, so a SHA1 |
325 // signature in it will register as a "broken" condition rather than | 328 // signature in it will register as a "broken" condition rather than |
326 // "warning". | 329 // "warning". |
327 SetUpMockCertVerifierForHttpsServer(net::CERT_STATUS_SHA1_SIGNATURE_PRESENT, | 330 SetUpMockCertVerifierForHttpsServer(net::CERT_STATUS_SHA1_SIGNATURE_PRESENT, |
328 net::OK); | 331 net::OK); |
329 | 332 |
330 ui_test_utils::NavigateToURL(browser(), | 333 ui_test_utils::NavigateToURL(browser(), |
331 https_server_.GetURL("/ssl/google.html")); | 334 https_server_.GetURL("/ssl/google.html")); |
332 CheckSecurityInfoForSecure( | 335 CheckSecurityInfoForSecure( |
333 browser()->tab_strip_model()->GetActiveWebContents(), | 336 browser()->tab_strip_model()->GetActiveWebContents(), |
334 SecurityStateModel::SECURITY_ERROR, | 337 SecurityStateModel::SECURITY_ERROR, |
335 SecurityStateModel::DEPRECATED_SHA1_MAJOR, | 338 SecurityStateModel::DEPRECATED_SHA1_MAJOR, |
336 SecurityStateModel::NO_MIXED_CONTENT, | 339 SecurityStateModel::NO_MIXED_CONTENT, false, |
337 false /* expect cert status error */); | 340 false /* expect cert status error */); |
338 } | 341 } |
339 | 342 |
340 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, MixedContent) { | 343 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, MixedContent) { |
341 ASSERT_TRUE(embedded_test_server()->Start()); | 344 ASSERT_TRUE(embedded_test_server()->Start()); |
342 ASSERT_TRUE(https_server_.Start()); | 345 ASSERT_TRUE(https_server_.Start()); |
343 SetUpMockCertVerifierForHttpsServer(0, net::OK); | 346 SetUpMockCertVerifierForHttpsServer(0, net::OK); |
344 host_resolver()->AddRule("example.test", | 347 host_resolver()->AddRule("example.test", |
345 https_server_.GetURL("/").host()); | 348 https_server_.GetURL("/").host()); |
346 | 349 |
347 net::HostPortPair replacement_pair = embedded_test_server()->host_port_pair(); | 350 net::HostPortPair replacement_pair = embedded_test_server()->host_port_pair(); |
348 replacement_pair.set_host("example.test"); | 351 replacement_pair.set_host("example.test"); |
349 | 352 |
350 // Navigate to an HTTPS page that displays mixed content. | 353 // Navigate to an HTTPS page that displays mixed content. |
351 std::string replacement_path; | 354 std::string replacement_path; |
352 GetFilePathWithHostAndPortReplacement( | 355 GetFilePathWithHostAndPortReplacement( |
353 "/ssl/page_displays_insecure_content.html", | 356 "/ssl/page_displays_insecure_content.html", |
354 replacement_pair, &replacement_path); | 357 replacement_pair, &replacement_path); |
355 ui_test_utils::NavigateToURL(browser(), | 358 ui_test_utils::NavigateToURL(browser(), |
356 https_server_.GetURL(replacement_path)); | 359 https_server_.GetURL(replacement_path)); |
357 CheckSecurityInfoForSecure( | 360 CheckSecurityInfoForSecure( |
358 browser()->tab_strip_model()->GetActiveWebContents(), | 361 browser()->tab_strip_model()->GetActiveWebContents(), |
359 SecurityStateModel::NONE, SecurityStateModel::NO_DEPRECATED_SHA1, | 362 SecurityStateModel::NONE, SecurityStateModel::NO_DEPRECATED_SHA1, |
360 SecurityStateModel::DISPLAYED_MIXED_CONTENT, | 363 SecurityStateModel::DISPLAYED_MIXED_CONTENT, false, |
361 false /* expect cert status error */); | 364 false /* expect cert status error */); |
362 | 365 |
363 // Navigate to an HTTPS page that displays mixed content dynamically. | 366 // Navigate to an HTTPS page that displays mixed content dynamically. |
364 GetFilePathWithHostAndPortReplacement( | 367 GetFilePathWithHostAndPortReplacement( |
365 "/ssl/page_with_dynamic_insecure_content.html", | 368 "/ssl/page_with_dynamic_insecure_content.html", |
366 replacement_pair, &replacement_path); | 369 replacement_pair, &replacement_path); |
367 ui_test_utils::NavigateToURL(browser(), | 370 ui_test_utils::NavigateToURL(browser(), |
368 https_server_.GetURL(replacement_path)); | 371 https_server_.GetURL(replacement_path)); |
369 CheckSecurityInfoForSecure( | 372 CheckSecurityInfoForSecure( |
370 browser()->tab_strip_model()->GetActiveWebContents(), | 373 browser()->tab_strip_model()->GetActiveWebContents(), |
371 SecurityStateModel::SECURE, SecurityStateModel::NO_DEPRECATED_SHA1, | 374 SecurityStateModel::SECURE, SecurityStateModel::NO_DEPRECATED_SHA1, |
372 SecurityStateModel::NO_MIXED_CONTENT, | 375 SecurityStateModel::NO_MIXED_CONTENT, false, |
373 false /* expect cert status error */); | 376 false /* expect cert status error */); |
374 // Load the insecure image. | 377 // Load the insecure image. |
375 bool js_result = false; | 378 bool js_result = false; |
376 EXPECT_TRUE(content::ExecuteScriptAndExtractBool( | 379 EXPECT_TRUE(content::ExecuteScriptAndExtractBool( |
377 browser()->tab_strip_model()->GetActiveWebContents(), "loadBadImage();", | 380 browser()->tab_strip_model()->GetActiveWebContents(), "loadBadImage();", |
378 &js_result)); | 381 &js_result)); |
379 EXPECT_TRUE(js_result); | 382 EXPECT_TRUE(js_result); |
380 CheckSecurityInfoForSecure( | 383 CheckSecurityInfoForSecure( |
381 browser()->tab_strip_model()->GetActiveWebContents(), | 384 browser()->tab_strip_model()->GetActiveWebContents(), |
382 SecurityStateModel::NONE, SecurityStateModel::NO_DEPRECATED_SHA1, | 385 SecurityStateModel::NONE, SecurityStateModel::NO_DEPRECATED_SHA1, |
383 SecurityStateModel::DISPLAYED_MIXED_CONTENT, | 386 SecurityStateModel::DISPLAYED_MIXED_CONTENT, false, |
384 false /* expect cert status error */); | 387 false /* expect cert status error */); |
385 | 388 |
386 // Navigate to an HTTPS page that runs mixed content. | 389 // Navigate to an HTTPS page that runs mixed content. |
387 GetFilePathWithHostAndPortReplacement( | 390 GetFilePathWithHostAndPortReplacement( |
388 "/ssl/page_runs_insecure_content.html", | 391 "/ssl/page_runs_insecure_content.html", |
389 replacement_pair, &replacement_path); | 392 replacement_pair, &replacement_path); |
390 ui_test_utils::NavigateToURL(browser(), | 393 ui_test_utils::NavigateToURL(browser(), |
391 https_server_.GetURL(replacement_path)); | 394 https_server_.GetURL(replacement_path)); |
392 CheckSecurityInfoForSecure( | 395 CheckSecurityInfoForSecure( |
393 browser()->tab_strip_model()->GetActiveWebContents(), | 396 browser()->tab_strip_model()->GetActiveWebContents(), |
394 SecurityStateModel::SECURITY_ERROR, | 397 SecurityStateModel::SECURITY_ERROR, |
395 SecurityStateModel::NO_DEPRECATED_SHA1, | 398 SecurityStateModel::NO_DEPRECATED_SHA1, |
396 SecurityStateModel::RAN_MIXED_CONTENT, | 399 SecurityStateModel::RAN_MIXED_CONTENT, false, |
397 false /* expect cert status error */); | 400 false /* expect cert status error */); |
398 | 401 |
399 // Navigate to an HTTPS page that runs and displays mixed content. | 402 // Navigate to an HTTPS page that runs and displays mixed content. |
400 GetFilePathWithHostAndPortReplacement( | 403 GetFilePathWithHostAndPortReplacement( |
401 "/ssl/page_runs_and_displays_insecure_content.html", | 404 "/ssl/page_runs_and_displays_insecure_content.html", |
402 replacement_pair, &replacement_path); | 405 replacement_pair, &replacement_path); |
403 ui_test_utils::NavigateToURL(browser(), | 406 ui_test_utils::NavigateToURL(browser(), |
404 https_server_.GetURL(replacement_path)); | 407 https_server_.GetURL(replacement_path)); |
405 CheckSecurityInfoForSecure( | 408 CheckSecurityInfoForSecure( |
406 browser()->tab_strip_model()->GetActiveWebContents(), | 409 browser()->tab_strip_model()->GetActiveWebContents(), |
407 SecurityStateModel::SECURITY_ERROR, | 410 SecurityStateModel::SECURITY_ERROR, |
408 SecurityStateModel::NO_DEPRECATED_SHA1, | 411 SecurityStateModel::NO_DEPRECATED_SHA1, |
409 SecurityStateModel::RAN_AND_DISPLAYED_MIXED_CONTENT, | 412 SecurityStateModel::RAN_AND_DISPLAYED_MIXED_CONTENT, false, |
410 false /* expect cert status error */); | 413 false /* expect cert status error */); |
411 | 414 |
412 // Navigate to an HTTPS page that runs mixed content in an iframe. | 415 // Navigate to an HTTPS page that runs mixed content in an iframe. |
413 net::HostPortPair host_port_pair = | 416 net::HostPortPair host_port_pair = |
414 net::HostPortPair::FromURL(https_server_.GetURL("/")); | 417 net::HostPortPair::FromURL(https_server_.GetURL("/")); |
415 host_port_pair.set_host("different-host.test"); | 418 host_port_pair.set_host("different-host.test"); |
416 host_resolver()->AddRule("different-host.test", | 419 host_resolver()->AddRule("different-host.test", |
417 https_server_.GetURL("/").host()); | 420 https_server_.GetURL("/").host()); |
418 host_resolver()->AddRule("different-http-host.test", | 421 host_resolver()->AddRule("different-http-host.test", |
419 embedded_test_server()->GetURL("/").host()); | 422 embedded_test_server()->GetURL("/").host()); |
420 GetFilePathWithHostAndPortReplacement( | 423 GetFilePathWithHostAndPortReplacement( |
421 "/ssl/page_runs_insecure_content_in_iframe.html", host_port_pair, | 424 "/ssl/page_runs_insecure_content_in_iframe.html", host_port_pair, |
422 &replacement_path); | 425 &replacement_path); |
423 ui_test_utils::NavigateToURL(browser(), | 426 ui_test_utils::NavigateToURL(browser(), |
424 https_server_.GetURL(replacement_path)); | 427 https_server_.GetURL(replacement_path)); |
425 CheckSecurityInfoForSecure( | 428 CheckSecurityInfoForSecure( |
426 browser()->tab_strip_model()->GetActiveWebContents(), | 429 browser()->tab_strip_model()->GetActiveWebContents(), |
427 SecurityStateModel::SECURITY_ERROR, | 430 SecurityStateModel::SECURITY_ERROR, |
428 SecurityStateModel::NO_DEPRECATED_SHA1, | 431 SecurityStateModel::NO_DEPRECATED_SHA1, |
429 SecurityStateModel::RAN_MIXED_CONTENT, | 432 SecurityStateModel::RAN_MIXED_CONTENT, false, |
430 false /* expect cert status error */); | 433 false /* expect cert status error */); |
431 } | 434 } |
432 | 435 |
433 // Same as the test above but with a long-lived SHA1 cert. | 436 // Same as the test above but with a long-lived SHA1 cert. |
434 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, | 437 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, |
435 MixedContentWithBrokenSHA1) { | 438 MixedContentWithBrokenSHA1) { |
436 ASSERT_TRUE(embedded_test_server()->Start()); | 439 ASSERT_TRUE(embedded_test_server()->Start()); |
437 ASSERT_TRUE(https_server_.Start()); | 440 ASSERT_TRUE(https_server_.Start()); |
438 // The test server uses a long-lived cert by default, so a SHA1 | 441 // The test server uses a long-lived cert by default, so a SHA1 |
439 // signature in it will register as a "broken" condition rather than | 442 // signature in it will register as a "broken" condition rather than |
(...skipping 11 matching lines...) Expand all Loading... | |
451 std::string replacement_path; | 454 std::string replacement_path; |
452 GetFilePathWithHostAndPortReplacement( | 455 GetFilePathWithHostAndPortReplacement( |
453 "/ssl/page_displays_insecure_content.html", | 456 "/ssl/page_displays_insecure_content.html", |
454 replacement_pair, &replacement_path); | 457 replacement_pair, &replacement_path); |
455 ui_test_utils::NavigateToURL(browser(), | 458 ui_test_utils::NavigateToURL(browser(), |
456 https_server_.GetURL(replacement_path)); | 459 https_server_.GetURL(replacement_path)); |
457 CheckSecurityInfoForSecure( | 460 CheckSecurityInfoForSecure( |
458 browser()->tab_strip_model()->GetActiveWebContents(), | 461 browser()->tab_strip_model()->GetActiveWebContents(), |
459 SecurityStateModel::SECURITY_ERROR, | 462 SecurityStateModel::SECURITY_ERROR, |
460 SecurityStateModel::DEPRECATED_SHA1_MAJOR, | 463 SecurityStateModel::DEPRECATED_SHA1_MAJOR, |
461 SecurityStateModel::DISPLAYED_MIXED_CONTENT, | 464 SecurityStateModel::DISPLAYED_MIXED_CONTENT, false, |
462 false /* expect cert status error */); | 465 false /* expect cert status error */); |
463 | 466 |
464 // Navigate to an HTTPS page that displays mixed content dynamically. | 467 // Navigate to an HTTPS page that displays mixed content dynamically. |
465 GetFilePathWithHostAndPortReplacement( | 468 GetFilePathWithHostAndPortReplacement( |
466 "/ssl/page_with_dynamic_insecure_content.html", | 469 "/ssl/page_with_dynamic_insecure_content.html", |
467 replacement_pair, &replacement_path); | 470 replacement_pair, &replacement_path); |
468 ui_test_utils::NavigateToURL(browser(), | 471 ui_test_utils::NavigateToURL(browser(), |
469 https_server_.GetURL(replacement_path)); | 472 https_server_.GetURL(replacement_path)); |
470 CheckSecurityInfoForSecure( | 473 CheckSecurityInfoForSecure( |
471 browser()->tab_strip_model()->GetActiveWebContents(), | 474 browser()->tab_strip_model()->GetActiveWebContents(), |
472 SecurityStateModel::SECURITY_ERROR, | 475 SecurityStateModel::SECURITY_ERROR, |
473 SecurityStateModel::DEPRECATED_SHA1_MAJOR, | 476 SecurityStateModel::DEPRECATED_SHA1_MAJOR, |
474 SecurityStateModel::NO_MIXED_CONTENT, | 477 SecurityStateModel::NO_MIXED_CONTENT, false, |
475 false /* expect cert status error */); | 478 false /* expect cert status error */); |
476 // Load the insecure image. | 479 // Load the insecure image. |
477 bool js_result = false; | 480 bool js_result = false; |
478 EXPECT_TRUE(content::ExecuteScriptAndExtractBool( | 481 EXPECT_TRUE(content::ExecuteScriptAndExtractBool( |
479 browser()->tab_strip_model()->GetActiveWebContents(), "loadBadImage();", | 482 browser()->tab_strip_model()->GetActiveWebContents(), "loadBadImage();", |
480 &js_result)); | 483 &js_result)); |
481 EXPECT_TRUE(js_result); | 484 EXPECT_TRUE(js_result); |
482 CheckSecurityInfoForSecure( | 485 CheckSecurityInfoForSecure( |
483 browser()->tab_strip_model()->GetActiveWebContents(), | 486 browser()->tab_strip_model()->GetActiveWebContents(), |
484 SecurityStateModel::SECURITY_ERROR, | 487 SecurityStateModel::SECURITY_ERROR, |
485 SecurityStateModel::DEPRECATED_SHA1_MAJOR, | 488 SecurityStateModel::DEPRECATED_SHA1_MAJOR, |
486 SecurityStateModel::DISPLAYED_MIXED_CONTENT, | 489 SecurityStateModel::DISPLAYED_MIXED_CONTENT, false, |
487 false /* expect cert status error */); | 490 false /* expect cert status error */); |
488 | 491 |
489 // Navigate to an HTTPS page that runs mixed content. | 492 // Navigate to an HTTPS page that runs mixed content. |
490 GetFilePathWithHostAndPortReplacement( | 493 GetFilePathWithHostAndPortReplacement( |
491 "/ssl/page_runs_insecure_content.html", | 494 "/ssl/page_runs_insecure_content.html", |
492 replacement_pair, &replacement_path); | 495 replacement_pair, &replacement_path); |
493 ui_test_utils::NavigateToURL(browser(), | 496 ui_test_utils::NavigateToURL(browser(), |
494 https_server_.GetURL(replacement_path)); | 497 https_server_.GetURL(replacement_path)); |
495 CheckSecurityInfoForSecure( | 498 CheckSecurityInfoForSecure( |
496 browser()->tab_strip_model()->GetActiveWebContents(), | 499 browser()->tab_strip_model()->GetActiveWebContents(), |
497 SecurityStateModel::SECURITY_ERROR, | 500 SecurityStateModel::SECURITY_ERROR, |
498 SecurityStateModel::DEPRECATED_SHA1_MAJOR, | 501 SecurityStateModel::DEPRECATED_SHA1_MAJOR, |
499 SecurityStateModel::RAN_MIXED_CONTENT, | 502 SecurityStateModel::RAN_MIXED_CONTENT, false, |
500 false /* expect cert status error */); | 503 false /* expect cert status error */); |
501 | 504 |
502 // Navigate to an HTTPS page that runs and displays mixed content. | 505 // Navigate to an HTTPS page that runs and displays mixed content. |
503 GetFilePathWithHostAndPortReplacement( | 506 GetFilePathWithHostAndPortReplacement( |
504 "/ssl/page_runs_and_displays_insecure_content.html", | 507 "/ssl/page_runs_and_displays_insecure_content.html", |
505 replacement_pair, &replacement_path); | 508 replacement_pair, &replacement_path); |
506 ui_test_utils::NavigateToURL(browser(), | 509 ui_test_utils::NavigateToURL(browser(), |
507 https_server_.GetURL(replacement_path)); | 510 https_server_.GetURL(replacement_path)); |
508 CheckSecurityInfoForSecure( | 511 CheckSecurityInfoForSecure( |
509 browser()->tab_strip_model()->GetActiveWebContents(), | 512 browser()->tab_strip_model()->GetActiveWebContents(), |
510 SecurityStateModel::SECURITY_ERROR, | 513 SecurityStateModel::SECURITY_ERROR, |
511 SecurityStateModel::DEPRECATED_SHA1_MAJOR, | 514 SecurityStateModel::DEPRECATED_SHA1_MAJOR, |
512 SecurityStateModel::RAN_AND_DISPLAYED_MIXED_CONTENT, | 515 SecurityStateModel::RAN_AND_DISPLAYED_MIXED_CONTENT, false, |
513 false /* expect cert status error */); | 516 false /* expect cert status error */); |
514 } | 517 } |
515 | 518 |
516 // Tests that the Content Security Policy block-all-mixed-content | 519 // Tests that the Content Security Policy block-all-mixed-content |
517 // directive stops mixed content from running. | 520 // directive stops mixed content from running. |
518 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, | 521 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, |
519 MixedContentStrictBlocking) { | 522 MixedContentStrictBlocking) { |
520 ASSERT_TRUE(https_server_.Start()); | 523 ASSERT_TRUE(https_server_.Start()); |
521 SetUpMockCertVerifierForHttpsServer(0, net::OK); | 524 SetUpMockCertVerifierForHttpsServer(0, net::OK); |
522 | 525 |
523 // Navigate to an HTTPS page that tries to run mixed content in an | 526 // Navigate to an HTTPS page that tries to run mixed content in an |
524 // iframe, with strict mixed content blocking. | 527 // iframe, with strict mixed content blocking. |
525 std::string replacement_path; | 528 std::string replacement_path; |
526 net::HostPortPair host_port_pair = | 529 net::HostPortPair host_port_pair = |
527 net::HostPortPair::FromURL(https_server_.GetURL("/")); | 530 net::HostPortPair::FromURL(https_server_.GetURL("/")); |
528 host_port_pair.set_host("different-host.test"); | 531 host_port_pair.set_host("different-host.test"); |
529 host_resolver()->AddRule("different-host.test", | 532 host_resolver()->AddRule("different-host.test", |
530 https_server_.GetURL("/").host()); | 533 https_server_.GetURL("/").host()); |
531 GetFilePathWithHostAndPortReplacement( | 534 GetFilePathWithHostAndPortReplacement( |
532 "/ssl/page_runs_insecure_content_in_iframe_with_strict_blocking.html", | 535 "/ssl/page_runs_insecure_content_in_iframe_with_strict_blocking.html", |
533 host_port_pair, &replacement_path); | 536 host_port_pair, &replacement_path); |
534 ui_test_utils::NavigateToURL(browser(), | 537 ui_test_utils::NavigateToURL(browser(), |
535 https_server_.GetURL(replacement_path)); | 538 https_server_.GetURL(replacement_path)); |
536 CheckSecurityInfoForSecure( | 539 CheckSecurityInfoForSecure( |
537 browser()->tab_strip_model()->GetActiveWebContents(), | 540 browser()->tab_strip_model()->GetActiveWebContents(), |
538 SecurityStateModel::SECURE, SecurityStateModel::NO_DEPRECATED_SHA1, | 541 SecurityStateModel::SECURE, SecurityStateModel::NO_DEPRECATED_SHA1, |
539 SecurityStateModel::NO_MIXED_CONTENT, | 542 SecurityStateModel::NO_MIXED_CONTENT, false, |
540 false /* expect cert status error */); | 543 false /* expect cert status error */); |
541 } | 544 } |
542 | 545 |
543 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, BrokenHTTPS) { | 546 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, BrokenHTTPS) { |
544 ASSERT_TRUE(embedded_test_server()->Start()); | 547 ASSERT_TRUE(embedded_test_server()->Start()); |
545 ASSERT_TRUE(https_server_.Start()); | 548 ASSERT_TRUE(https_server_.Start()); |
546 SetUpMockCertVerifierForHttpsServer(net::CERT_STATUS_DATE_INVALID, | 549 SetUpMockCertVerifierForHttpsServer(net::CERT_STATUS_DATE_INVALID, |
547 net::ERR_CERT_DATE_INVALID); | 550 net::ERR_CERT_DATE_INVALID); |
548 | 551 |
549 ui_test_utils::NavigateToURL(browser(), | 552 ui_test_utils::NavigateToURL(browser(), |
550 https_server_.GetURL("/ssl/google.html")); | 553 https_server_.GetURL("/ssl/google.html")); |
551 CheckSecurityInfoForSecure( | 554 CheckSecurityInfoForSecure( |
552 browser()->tab_strip_model()->GetActiveWebContents(), | 555 browser()->tab_strip_model()->GetActiveWebContents(), |
553 SecurityStateModel::SECURITY_ERROR, | 556 SecurityStateModel::SECURITY_ERROR, |
554 SecurityStateModel::NO_DEPRECATED_SHA1, | 557 SecurityStateModel::NO_DEPRECATED_SHA1, |
555 SecurityStateModel::NO_MIXED_CONTENT, | 558 SecurityStateModel::NO_MIXED_CONTENT, false, |
556 true /* expect cert status error */); | 559 true /* expect cert status error */); |
557 | 560 |
558 ProceedThroughInterstitial( | 561 ProceedThroughInterstitial( |
559 browser()->tab_strip_model()->GetActiveWebContents()); | 562 browser()->tab_strip_model()->GetActiveWebContents()); |
560 | 563 |
561 CheckSecurityInfoForSecure( | 564 CheckSecurityInfoForSecure( |
562 browser()->tab_strip_model()->GetActiveWebContents(), | 565 browser()->tab_strip_model()->GetActiveWebContents(), |
563 SecurityStateModel::SECURITY_ERROR, | 566 SecurityStateModel::SECURITY_ERROR, |
564 SecurityStateModel::NO_DEPRECATED_SHA1, | 567 SecurityStateModel::NO_DEPRECATED_SHA1, |
565 SecurityStateModel::NO_MIXED_CONTENT, | 568 SecurityStateModel::NO_MIXED_CONTENT, false, |
566 true /* expect cert status error */); | 569 true /* expect cert status error */); |
567 | 570 |
568 // Navigate to a broken HTTPS page that displays mixed content. | 571 // Navigate to a broken HTTPS page that displays mixed content. |
569 std::string replacement_path; | 572 std::string replacement_path; |
570 GetFilePathWithHostAndPortReplacement( | 573 GetFilePathWithHostAndPortReplacement( |
571 "/ssl/page_displays_insecure_content.html", | 574 "/ssl/page_displays_insecure_content.html", |
572 embedded_test_server()->host_port_pair(), &replacement_path); | 575 embedded_test_server()->host_port_pair(), &replacement_path); |
573 ui_test_utils::NavigateToURL(browser(), | 576 ui_test_utils::NavigateToURL(browser(), |
574 https_server_.GetURL(replacement_path)); | 577 https_server_.GetURL(replacement_path)); |
575 CheckSecurityInfoForSecure( | 578 CheckSecurityInfoForSecure( |
576 browser()->tab_strip_model()->GetActiveWebContents(), | 579 browser()->tab_strip_model()->GetActiveWebContents(), |
577 SecurityStateModel::SECURITY_ERROR, | 580 SecurityStateModel::SECURITY_ERROR, |
578 SecurityStateModel::NO_DEPRECATED_SHA1, | 581 SecurityStateModel::NO_DEPRECATED_SHA1, |
579 SecurityStateModel::DISPLAYED_MIXED_CONTENT, | 582 SecurityStateModel::DISPLAYED_MIXED_CONTENT, false, |
580 true /* expect cert status error */); | 583 true /* expect cert status error */); |
581 } | 584 } |
582 | 585 |
586 const char kReportURI[] = "https://report-hpkp.test"; | |
587 | |
588 class PKPModelClientTest : public ChromeSecurityStateModelClientTest { | |
589 public: | |
590 void SetUpOnMainThread() override { | |
591 ASSERT_TRUE(https_server_.Start()); | |
592 url_request_context_getter_ = browser()->profile()->GetRequestContext(); | |
593 content::BrowserThread::PostTask( | |
594 content::BrowserThread::IO, FROM_HERE, | |
595 base::Bind(&PKPModelClientTest::SetUpOnIOThread, this)); | |
596 // io_loop_finished_event_.Wait(); | |
estark
2016/06/28 02:43:52
delete instead of commenting (same on line 616)
dadrian
2016/06/28 18:45:58
Done.
| |
597 } | |
598 | |
599 void SetUpOnIOThread() { | |
600 net::URLRequestContext* request_context = | |
601 url_request_context_getter_->GetURLRequestContext(); | |
602 net::TransportSecurityState* security_state = | |
603 request_context->transport_security_state(); | |
604 | |
605 base::Time expiration = | |
606 base::Time::Now() + base::TimeDelta::FromSeconds(10000); | |
607 | |
608 net::HashValue hash(net::HASH_VALUE_SHA256); | |
609 memset(hash.data(), 0x99, hash.size()); | |
610 net::HashValueVector hashes; | |
611 hashes.push_back(hash); | |
612 | |
613 security_state->AddHPKP(https_server_.host_port_pair().host(), expiration, | |
614 true, hashes, GURL(kReportURI)); | |
615 | |
616 // io_loop_finished_event_.Signal(); | |
617 } | |
618 | |
619 protected: | |
620 scoped_refptr<net::URLRequestContextGetter> url_request_context_getter_; | |
621 }; | |
622 | |
623 IN_PROC_BROWSER_TEST_F(PKPModelClientTest, PKPBypass) { | |
estark
2016/06/28 02:43:52
There should probably also be a test (either in th
dadrian
2016/06/28 18:45:58
Done.
| |
624 // Need a local trust anchor | |
estark
2016/06/28 02:43:52
Belongs above line 627, I think (and make it a ful
dadrian
2016/06/28 18:45:58
Done.
| |
625 scoped_refptr<net::X509Certificate> cert(https_server_.GetCertificate()); | |
626 net::CertVerifyResult verify_result; | |
627 verify_result.is_issued_by_known_root = false; | |
628 verify_result.verified_cert = cert; | |
629 net::HashValue hash(net::HASH_VALUE_SHA256); | |
630 memset(hash.data(), 1, hash.size()); | |
631 verify_result.public_key_hashes.push_back(hash); | |
632 | |
633 mock_cert_verifier()->AddResultForCert(cert.get(), verify_result, net::OK); | |
634 | |
635 ui_test_utils::NavigateToURL(browser(), | |
636 https_server_.GetURL("/ssl/google.html")); | |
637 | |
638 // Page should be secure | |
estark
2016/06/28 02:43:52
unnecessary comment IMO
dadrian
2016/06/28 18:45:58
Done.
| |
639 CheckSecurityInfoForSecure( | |
640 browser()->tab_strip_model()->GetActiveWebContents(), | |
641 SecurityStateModel::SECURE, SecurityStateModel::NO_DEPRECATED_SHA1, | |
642 SecurityStateModel::NO_MIXED_CONTENT, true, false); | |
643 } | |
644 | |
645 IN_PROC_BROWSER_TEST_F(PKPModelClientTest, PKPEnforced) { | |
646 content::WebContents* web_contents = | |
647 browser()->tab_strip_model()->GetActiveWebContents(); | |
648 SecurityStyleTestObserver observer(web_contents); | |
649 | |
650 // Need a local trust anchor | |
estark
2016/06/28 02:43:52
inaccurate, right? (this one's a known root)
dadrian
2016/06/28 18:45:58
Done.
| |
651 scoped_refptr<net::X509Certificate> cert(https_server_.GetCertificate()); | |
652 net::CertVerifyResult verify_result; | |
653 verify_result.is_issued_by_known_root = true; | |
654 verify_result.verified_cert = cert; | |
655 net::HashValue hash(net::HASH_VALUE_SHA256); | |
656 memset(hash.data(), 1, hash.size()); | |
657 verify_result.public_key_hashes.push_back(hash); | |
658 | |
659 mock_cert_verifier()->AddResultForCert(cert.get(), verify_result, net::OK); | |
660 | |
661 ui_test_utils::NavigateToURL(browser(), | |
662 https_server_.GetURL("/ssl/google.html")); | |
663 | |
664 // Page should be secure | |
665 CheckBrokenSecurityStyle(observer, net::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN, | |
666 browser()); | |
667 } | |
668 | |
583 // Fails requests with ERR_IO_PENDING. Can be used to simulate a navigation | 669 // Fails requests with ERR_IO_PENDING. Can be used to simulate a navigation |
584 // that never stops loading. | 670 // that never stops loading. |
585 class PendingJobInterceptor : public net::URLRequestInterceptor { | 671 class PendingJobInterceptor : public net::URLRequestInterceptor { |
586 public: | 672 public: |
587 PendingJobInterceptor() {} | 673 PendingJobInterceptor() {} |
588 ~PendingJobInterceptor() override {} | 674 ~PendingJobInterceptor() override {} |
589 | 675 |
590 // URLRequestInterceptor implementation | 676 // URLRequestInterceptor implementation |
591 net::URLRequestJob* MaybeInterceptRequest( | 677 net::URLRequestJob* MaybeInterceptRequest( |
592 net::URLRequest* request, | 678 net::URLRequest* request, |
(...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
630 IN_PROC_BROWSER_TEST_F(SecurityStateModelLoadingTest, NavigationStateChanges) { | 716 IN_PROC_BROWSER_TEST_F(SecurityStateModelLoadingTest, NavigationStateChanges) { |
631 ASSERT_TRUE(https_server_.Start()); | 717 ASSERT_TRUE(https_server_.Start()); |
632 SetUpMockCertVerifierForHttpsServer(0, net::OK); | 718 SetUpMockCertVerifierForHttpsServer(0, net::OK); |
633 | 719 |
634 // Navigate to an HTTPS page. | 720 // Navigate to an HTTPS page. |
635 ui_test_utils::NavigateToURL(browser(), | 721 ui_test_utils::NavigateToURL(browser(), |
636 https_server_.GetURL("/ssl/google.html")); | 722 https_server_.GetURL("/ssl/google.html")); |
637 CheckSecurityInfoForSecure( | 723 CheckSecurityInfoForSecure( |
638 browser()->tab_strip_model()->GetActiveWebContents(), | 724 browser()->tab_strip_model()->GetActiveWebContents(), |
639 SecurityStateModel::SECURE, SecurityStateModel::NO_DEPRECATED_SHA1, | 725 SecurityStateModel::SECURE, SecurityStateModel::NO_DEPRECATED_SHA1, |
640 SecurityStateModel::NO_MIXED_CONTENT, | 726 SecurityStateModel::NO_MIXED_CONTENT, false, |
641 false /* expect cert status error */); | 727 false /* expect cert status error */); |
642 | 728 |
643 // Navigate to a page that doesn't finish loading. Test that the | 729 // Navigate to a page that doesn't finish loading. Test that the |
644 // security state is neutral while the page is loading. | 730 // security state is neutral while the page is loading. |
645 browser()->OpenURL(content::OpenURLParams(embedded_test_server()->GetURL("/"), | 731 browser()->OpenURL(content::OpenURLParams(embedded_test_server()->GetURL("/"), |
646 content::Referrer(), CURRENT_TAB, | 732 content::Referrer(), CURRENT_TAB, |
647 ui::PAGE_TRANSITION_TYPED, false)); | 733 ui::PAGE_TRANSITION_TYPED, false)); |
648 CheckSecurityInfoForNonSecure( | 734 CheckSecurityInfoForNonSecure( |
649 browser()->tab_strip_model()->GetActiveWebContents()); | 735 browser()->tab_strip_model()->GetActiveWebContents()); |
650 } | 736 } |
(...skipping 11 matching lines...) Expand all Loading... | |
662 content::WebContents* new_contents = content::WebContents::Create( | 748 content::WebContents* new_contents = content::WebContents::Create( |
663 content::WebContents::CreateParams(tab->GetBrowserContext())); | 749 content::WebContents::CreateParams(tab->GetBrowserContext())); |
664 content::NavigationController& controller = new_contents->GetController(); | 750 content::NavigationController& controller = new_contents->GetController(); |
665 ChromeSecurityStateModelClient::CreateForWebContents(new_contents); | 751 ChromeSecurityStateModelClient::CreateForWebContents(new_contents); |
666 CheckSecurityInfoForNonSecure(new_contents); | 752 CheckSecurityInfoForNonSecure(new_contents); |
667 controller.LoadURL(https_server_.GetURL("/"), content::Referrer(), | 753 controller.LoadURL(https_server_.GetURL("/"), content::Referrer(), |
668 ui::PAGE_TRANSITION_TYPED, std::string()); | 754 ui::PAGE_TRANSITION_TYPED, std::string()); |
669 EXPECT_TRUE(content::WaitForLoadStop(new_contents)); | 755 EXPECT_TRUE(content::WaitForLoadStop(new_contents)); |
670 CheckSecurityInfoForSecure(new_contents, SecurityStateModel::SECURE, | 756 CheckSecurityInfoForSecure(new_contents, SecurityStateModel::SECURE, |
671 SecurityStateModel::NO_DEPRECATED_SHA1, | 757 SecurityStateModel::NO_DEPRECATED_SHA1, |
672 SecurityStateModel::NO_MIXED_CONTENT, | 758 SecurityStateModel::NO_MIXED_CONTENT, false, |
673 false /* expect cert status error */); | 759 false /* expect cert status error */); |
674 | 760 |
675 browser()->tab_strip_model()->InsertWebContentsAt(0, new_contents, | 761 browser()->tab_strip_model()->InsertWebContentsAt(0, new_contents, |
676 TabStripModel::ADD_NONE); | 762 TabStripModel::ADD_NONE); |
677 CheckSecurityInfoForSecure(new_contents, SecurityStateModel::SECURE, | 763 CheckSecurityInfoForSecure(new_contents, SecurityStateModel::SECURE, |
678 SecurityStateModel::NO_DEPRECATED_SHA1, | 764 SecurityStateModel::NO_DEPRECATED_SHA1, |
679 SecurityStateModel::NO_MIXED_CONTENT, | 765 SecurityStateModel::NO_MIXED_CONTENT, false, |
680 false /* expect cert status error */); | 766 false /* expect cert status error */); |
681 } | 767 } |
682 | 768 |
683 // Tests that the WebContentsObserver::SecurityStyleChanged event fires | 769 // Tests that the WebContentsObserver::SecurityStyleChanged event fires |
684 // with the current style on HTTP, broken HTTPS, and valid HTTPS pages. | 770 // with the current style on HTTP, broken HTTPS, and valid HTTPS pages. |
685 IN_PROC_BROWSER_TEST_F(SecurityStyleChangedTest, SecurityStyleChangedObserver) { | 771 IN_PROC_BROWSER_TEST_F(SecurityStyleChangedTest, SecurityStyleChangedObserver) { |
686 ASSERT_TRUE(https_server_.Start()); | 772 ASSERT_TRUE(https_server_.Start()); |
687 ASSERT_TRUE(embedded_test_server()->Start()); | 773 ASSERT_TRUE(embedded_test_server()->Start()); |
688 | 774 |
689 net::EmbeddedTestServer https_test_server_expired( | 775 net::EmbeddedTestServer https_test_server_expired( |
(...skipping 10 matching lines...) Expand all Loading... | |
700 // Visit an HTTP url. | 786 // Visit an HTTP url. |
701 GURL http_url(embedded_test_server()->GetURL("/")); | 787 GURL http_url(embedded_test_server()->GetURL("/")); |
702 ui_test_utils::NavigateToURL(browser(), http_url); | 788 ui_test_utils::NavigateToURL(browser(), http_url); |
703 EXPECT_EQ(content::SECURITY_STYLE_UNAUTHENTICATED, | 789 EXPECT_EQ(content::SECURITY_STYLE_UNAUTHENTICATED, |
704 observer.latest_security_style()); | 790 observer.latest_security_style()); |
705 EXPECT_EQ(0u, | 791 EXPECT_EQ(0u, |
706 observer.latest_explanations().unauthenticated_explanations.size()); | 792 observer.latest_explanations().unauthenticated_explanations.size()); |
707 EXPECT_EQ(0u, observer.latest_explanations().broken_explanations.size()); | 793 EXPECT_EQ(0u, observer.latest_explanations().broken_explanations.size()); |
708 EXPECT_EQ(0u, observer.latest_explanations().secure_explanations.size()); | 794 EXPECT_EQ(0u, observer.latest_explanations().secure_explanations.size()); |
709 EXPECT_FALSE(observer.latest_explanations().scheme_is_cryptographic); | 795 EXPECT_FALSE(observer.latest_explanations().scheme_is_cryptographic); |
796 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); | |
710 EXPECT_FALSE(observer.latest_explanations().ran_insecure_content); | 797 EXPECT_FALSE(observer.latest_explanations().ran_insecure_content); |
711 EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content); | 798 EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content); |
712 | 799 |
713 // Visit an (otherwise valid) HTTPS page that displays mixed content. | 800 // Visit an (otherwise valid) HTTPS page that displays mixed content. |
714 std::string replacement_path; | 801 std::string replacement_path; |
715 GetFilePathWithHostAndPortReplacement( | 802 GetFilePathWithHostAndPortReplacement( |
716 "/ssl/page_displays_insecure_content.html", | 803 "/ssl/page_displays_insecure_content.html", |
717 embedded_test_server()->host_port_pair(), &replacement_path); | 804 embedded_test_server()->host_port_pair(), &replacement_path); |
718 | 805 |
719 GURL mixed_content_url(https_server_.GetURL(replacement_path)); | 806 GURL mixed_content_url(https_server_.GetURL(replacement_path)); |
720 ui_test_utils::NavigateToURL(browser(), mixed_content_url); | 807 ui_test_utils::NavigateToURL(browser(), mixed_content_url); |
721 EXPECT_EQ(content::SECURITY_STYLE_UNAUTHENTICATED, | 808 EXPECT_EQ(content::SECURITY_STYLE_UNAUTHENTICATED, |
722 observer.latest_security_style()); | 809 observer.latest_security_style()); |
723 | 810 |
724 const content::SecurityStyleExplanations& mixed_content_explanation = | 811 const content::SecurityStyleExplanations& mixed_content_explanation = |
725 observer.latest_explanations(); | 812 observer.latest_explanations(); |
726 ASSERT_EQ(0u, mixed_content_explanation.unauthenticated_explanations.size()); | 813 ASSERT_EQ(0u, mixed_content_explanation.unauthenticated_explanations.size()); |
727 ASSERT_EQ(0u, mixed_content_explanation.broken_explanations.size()); | 814 ASSERT_EQ(0u, mixed_content_explanation.broken_explanations.size()); |
728 CheckSecureExplanations(mixed_content_explanation.secure_explanations, | 815 CheckSecureExplanations(mixed_content_explanation.secure_explanations, |
729 VALID_CERTIFICATE, browser()); | 816 VALID_CERTIFICATE, browser()); |
730 EXPECT_TRUE(mixed_content_explanation.scheme_is_cryptographic); | 817 EXPECT_TRUE(mixed_content_explanation.scheme_is_cryptographic); |
818 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); | |
731 EXPECT_TRUE(mixed_content_explanation.displayed_insecure_content); | 819 EXPECT_TRUE(mixed_content_explanation.displayed_insecure_content); |
732 EXPECT_FALSE(mixed_content_explanation.ran_insecure_content); | 820 EXPECT_FALSE(mixed_content_explanation.ran_insecure_content); |
733 EXPECT_EQ(content::SECURITY_STYLE_UNAUTHENTICATED, | 821 EXPECT_EQ(content::SECURITY_STYLE_UNAUTHENTICATED, |
734 mixed_content_explanation.displayed_insecure_content_style); | 822 mixed_content_explanation.displayed_insecure_content_style); |
735 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATION_BROKEN, | 823 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATION_BROKEN, |
736 mixed_content_explanation.ran_insecure_content_style); | 824 mixed_content_explanation.ran_insecure_content_style); |
737 | 825 |
738 // Visit a broken HTTPS url. | 826 // Visit a broken HTTPS url. |
739 GURL expired_url(https_test_server_expired.GetURL(std::string("/"))); | 827 GURL expired_url(https_test_server_expired.GetURL(std::string("/"))); |
740 ui_test_utils::NavigateToURL(browser(), expired_url); | 828 ui_test_utils::NavigateToURL(browser(), expired_url); |
741 | 829 |
742 // An interstitial should show, and an event for the lock icon on the | 830 // An interstitial should show, and an event for the lock icon on the |
743 // interstitial should fire. | 831 // interstitial should fire. |
744 content::WaitForInterstitialAttach(web_contents); | 832 content::WaitForInterstitialAttach(web_contents); |
745 EXPECT_TRUE(web_contents->ShowingInterstitialPage()); | 833 EXPECT_TRUE(web_contents->ShowingInterstitialPage()); |
746 CheckBrokenSecurityStyle(observer, net::ERR_CERT_DATE_INVALID, browser()); | 834 CheckBrokenSecurityStyle(observer, net::ERR_CERT_DATE_INVALID, browser()); |
747 CheckSecureExplanations(observer.latest_explanations().secure_explanations, | 835 CheckSecureExplanations(observer.latest_explanations().secure_explanations, |
748 INVALID_CERTIFICATE, browser()); | 836 INVALID_CERTIFICATE, browser()); |
749 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); | 837 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); |
838 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); | |
750 EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content); | 839 EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content); |
751 EXPECT_FALSE(observer.latest_explanations().ran_insecure_content); | 840 EXPECT_FALSE(observer.latest_explanations().ran_insecure_content); |
752 | 841 |
753 // Before clicking through, navigate to a different page, and then go | 842 // Before clicking through, navigate to a different page, and then go |
754 // back to the interstitial. | 843 // back to the interstitial. |
755 GURL valid_https_url(https_server_.GetURL(std::string("/"))); | 844 GURL valid_https_url(https_server_.GetURL(std::string("/"))); |
756 ui_test_utils::NavigateToURL(browser(), valid_https_url); | 845 ui_test_utils::NavigateToURL(browser(), valid_https_url); |
757 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATED, | 846 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATED, |
758 observer.latest_security_style()); | 847 observer.latest_security_style()); |
759 EXPECT_EQ(0u, | 848 EXPECT_EQ(0u, |
760 observer.latest_explanations().unauthenticated_explanations.size()); | 849 observer.latest_explanations().unauthenticated_explanations.size()); |
761 EXPECT_EQ(0u, observer.latest_explanations().broken_explanations.size()); | 850 EXPECT_EQ(0u, observer.latest_explanations().broken_explanations.size()); |
762 CheckSecureExplanations(observer.latest_explanations().secure_explanations, | 851 CheckSecureExplanations(observer.latest_explanations().secure_explanations, |
763 VALID_CERTIFICATE, browser()); | 852 VALID_CERTIFICATE, browser()); |
764 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); | 853 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); |
854 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); | |
765 EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content); | 855 EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content); |
766 EXPECT_FALSE(observer.latest_explanations().ran_insecure_content); | 856 EXPECT_FALSE(observer.latest_explanations().ran_insecure_content); |
767 | 857 |
768 // After going back to the interstitial, an event for a broken lock | 858 // After going back to the interstitial, an event for a broken lock |
769 // icon should fire again. | 859 // icon should fire again. |
770 ui_test_utils::NavigateToURL(browser(), expired_url); | 860 ui_test_utils::NavigateToURL(browser(), expired_url); |
771 content::WaitForInterstitialAttach(web_contents); | 861 content::WaitForInterstitialAttach(web_contents); |
772 EXPECT_TRUE(web_contents->ShowingInterstitialPage()); | 862 EXPECT_TRUE(web_contents->ShowingInterstitialPage()); |
773 CheckBrokenSecurityStyle(observer, net::ERR_CERT_DATE_INVALID, browser()); | 863 CheckBrokenSecurityStyle(observer, net::ERR_CERT_DATE_INVALID, browser()); |
774 CheckSecureExplanations(observer.latest_explanations().secure_explanations, | 864 CheckSecureExplanations(observer.latest_explanations().secure_explanations, |
775 INVALID_CERTIFICATE, browser()); | 865 INVALID_CERTIFICATE, browser()); |
776 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); | 866 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); |
867 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); | |
777 EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content); | 868 EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content); |
778 EXPECT_FALSE(observer.latest_explanations().ran_insecure_content); | 869 EXPECT_FALSE(observer.latest_explanations().ran_insecure_content); |
779 | 870 |
780 // Since the next expected style is the same as the previous, clear | 871 // Since the next expected style is the same as the previous, clear |
781 // the observer (to make sure that the event fires twice and we don't | 872 // the observer (to make sure that the event fires twice and we don't |
782 // just see the previous event's style). | 873 // just see the previous event's style). |
783 observer.ClearLatestSecurityStyleAndExplanations(); | 874 observer.ClearLatestSecurityStyleAndExplanations(); |
784 | 875 |
785 // Other conditions cannot be tested on this host after clicking | 876 // Other conditions cannot be tested on this host after clicking |
786 // through because once the interstitial is clicked through, all URLs | 877 // through because once the interstitial is clicked through, all URLs |
787 // for this host will remain in a broken state. | 878 // for this host will remain in a broken state. |
788 ProceedThroughInterstitial(web_contents); | 879 ProceedThroughInterstitial(web_contents); |
789 CheckBrokenSecurityStyle(observer, net::ERR_CERT_DATE_INVALID, browser()); | 880 CheckBrokenSecurityStyle(observer, net::ERR_CERT_DATE_INVALID, browser()); |
790 CheckSecureExplanations(observer.latest_explanations().secure_explanations, | 881 CheckSecureExplanations(observer.latest_explanations().secure_explanations, |
791 INVALID_CERTIFICATE, browser()); | 882 INVALID_CERTIFICATE, browser()); |
792 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); | 883 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); |
884 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); | |
793 EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content); | 885 EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content); |
794 EXPECT_FALSE(observer.latest_explanations().ran_insecure_content); | 886 EXPECT_FALSE(observer.latest_explanations().ran_insecure_content); |
795 } | 887 } |
796 | 888 |
797 // Visit a valid HTTPS page, then a broken HTTPS page, and then go back, | 889 // Visit a valid HTTPS page, then a broken HTTPS page, and then go back, |
798 // and test that the observed security style matches. | 890 // and test that the observed security style matches. |
799 IN_PROC_BROWSER_TEST_F(SecurityStyleChangedTest, | 891 IN_PROC_BROWSER_TEST_F(SecurityStyleChangedTest, |
800 SecurityStyleChangedObserverGoBack) { | 892 SecurityStyleChangedObserverGoBack) { |
801 ASSERT_TRUE(https_server_.Start()); | 893 ASSERT_TRUE(https_server_.Start()); |
802 | 894 |
(...skipping 12 matching lines...) Expand all Loading... | |
815 GURL valid_https_url(https_server_.GetURL(std::string("/"))); | 907 GURL valid_https_url(https_server_.GetURL(std::string("/"))); |
816 ui_test_utils::NavigateToURL(browser(), valid_https_url); | 908 ui_test_utils::NavigateToURL(browser(), valid_https_url); |
817 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATED, | 909 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATED, |
818 observer.latest_security_style()); | 910 observer.latest_security_style()); |
819 EXPECT_EQ(0u, | 911 EXPECT_EQ(0u, |
820 observer.latest_explanations().unauthenticated_explanations.size()); | 912 observer.latest_explanations().unauthenticated_explanations.size()); |
821 EXPECT_EQ(0u, observer.latest_explanations().broken_explanations.size()); | 913 EXPECT_EQ(0u, observer.latest_explanations().broken_explanations.size()); |
822 CheckSecureExplanations(observer.latest_explanations().secure_explanations, | 914 CheckSecureExplanations(observer.latest_explanations().secure_explanations, |
823 VALID_CERTIFICATE, browser()); | 915 VALID_CERTIFICATE, browser()); |
824 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); | 916 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); |
917 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); | |
825 EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content); | 918 EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content); |
826 EXPECT_FALSE(observer.latest_explanations().ran_insecure_content); | 919 EXPECT_FALSE(observer.latest_explanations().ran_insecure_content); |
827 | 920 |
828 // Navigate to a bad HTTPS page on a different host, and then click | 921 // Navigate to a bad HTTPS page on a different host, and then click |
829 // Back to verify that the previous good security style is seen again. | 922 // Back to verify that the previous good security style is seen again. |
830 GURL expired_https_url(https_test_server_expired.GetURL(std::string("/"))); | 923 GURL expired_https_url(https_test_server_expired.GetURL(std::string("/"))); |
831 host_resolver()->AddRule("www.example_broken.test", "127.0.0.1"); | 924 host_resolver()->AddRule("www.example_broken.test", "127.0.0.1"); |
832 GURL::Replacements replace_host; | 925 GURL::Replacements replace_host; |
833 replace_host.SetHostStr("www.example_broken.test"); | 926 replace_host.SetHostStr("www.example_broken.test"); |
834 GURL https_url_different_host = | 927 GURL https_url_different_host = |
835 expired_https_url.ReplaceComponents(replace_host); | 928 expired_https_url.ReplaceComponents(replace_host); |
836 | 929 |
837 ui_test_utils::NavigateToURL(browser(), https_url_different_host); | 930 ui_test_utils::NavigateToURL(browser(), https_url_different_host); |
838 | 931 |
839 content::WaitForInterstitialAttach(web_contents); | 932 content::WaitForInterstitialAttach(web_contents); |
840 EXPECT_TRUE(web_contents->ShowingInterstitialPage()); | 933 EXPECT_TRUE(web_contents->ShowingInterstitialPage()); |
841 CheckBrokenSecurityStyle(observer, net::ERR_CERT_COMMON_NAME_INVALID, | 934 CheckBrokenSecurityStyle(observer, net::ERR_CERT_COMMON_NAME_INVALID, |
842 browser()); | 935 browser()); |
843 ProceedThroughInterstitial(web_contents); | 936 ProceedThroughInterstitial(web_contents); |
844 CheckBrokenSecurityStyle(observer, net::ERR_CERT_COMMON_NAME_INVALID, | 937 CheckBrokenSecurityStyle(observer, net::ERR_CERT_COMMON_NAME_INVALID, |
845 browser()); | 938 browser()); |
846 CheckSecureExplanations(observer.latest_explanations().secure_explanations, | 939 CheckSecureExplanations(observer.latest_explanations().secure_explanations, |
847 INVALID_CERTIFICATE, browser()); | 940 INVALID_CERTIFICATE, browser()); |
848 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); | 941 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); |
942 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); | |
849 EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content); | 943 EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content); |
850 EXPECT_FALSE(observer.latest_explanations().ran_insecure_content); | 944 EXPECT_FALSE(observer.latest_explanations().ran_insecure_content); |
851 | 945 |
852 content::WindowedNotificationObserver back_nav_load_observer( | 946 content::WindowedNotificationObserver back_nav_load_observer( |
853 content::NOTIFICATION_LOAD_STOP, | 947 content::NOTIFICATION_LOAD_STOP, |
854 content::Source<content::NavigationController>( | 948 content::Source<content::NavigationController>( |
855 &web_contents->GetController())); | 949 &web_contents->GetController())); |
856 chrome::GoBack(browser(), CURRENT_TAB); | 950 chrome::GoBack(browser(), CURRENT_TAB); |
857 back_nav_load_observer.Wait(); | 951 back_nav_load_observer.Wait(); |
858 | 952 |
859 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATED, | 953 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATED, |
860 observer.latest_security_style()); | 954 observer.latest_security_style()); |
861 EXPECT_EQ(0u, | 955 EXPECT_EQ(0u, |
862 observer.latest_explanations().unauthenticated_explanations.size()); | 956 observer.latest_explanations().unauthenticated_explanations.size()); |
863 EXPECT_EQ(0u, observer.latest_explanations().broken_explanations.size()); | 957 EXPECT_EQ(0u, observer.latest_explanations().broken_explanations.size()); |
864 CheckSecureExplanations(observer.latest_explanations().secure_explanations, | 958 CheckSecureExplanations(observer.latest_explanations().secure_explanations, |
865 VALID_CERTIFICATE, browser()); | 959 VALID_CERTIFICATE, browser()); |
866 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); | 960 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); |
961 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); | |
867 EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content); | 962 EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content); |
868 EXPECT_FALSE(observer.latest_explanations().ran_insecure_content); | 963 EXPECT_FALSE(observer.latest_explanations().ran_insecure_content); |
869 } | 964 } |
870 | 965 |
871 // After AddNonsecureUrlHandler() is called, requests to this hostname | 966 // After AddNonsecureUrlHandler() is called, requests to this hostname |
872 // will use obsolete TLS settings. | 967 // will use obsolete TLS settings. |
873 const char kMockNonsecureHostname[] = "example-nonsecure.test"; | 968 const char kMockNonsecureHostname[] = "example-nonsecure.test"; |
874 | 969 |
875 // A URLRequestMockHTTPJob that mocks a TLS connection with an obsolete | 970 // A URLRequestMockHTTPJob that mocks a TLS connection with an obsolete |
876 // protocol version. | 971 // protocol version. |
(...skipping 122 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
999 // downgraded: SECURE_PROTOCOL_AND_CIPHERSUITE should not show up when | 1094 // downgraded: SECURE_PROTOCOL_AND_CIPHERSUITE should not show up when |
1000 // the TLS settings are obsolete. | 1095 // the TLS settings are obsolete. |
1001 for (const auto& explanation : | 1096 for (const auto& explanation : |
1002 observer.latest_explanations().secure_explanations) { | 1097 observer.latest_explanations().secure_explanations) { |
1003 EXPECT_NE(l10n_util::GetStringUTF8(IDS_SECURE_PROTOCOL_AND_CIPHERSUITE), | 1098 EXPECT_NE(l10n_util::GetStringUTF8(IDS_SECURE_PROTOCOL_AND_CIPHERSUITE), |
1004 explanation.summary); | 1099 explanation.summary); |
1005 } | 1100 } |
1006 } | 1101 } |
1007 | 1102 |
1008 } // namespace | 1103 } // namespace |
OLD | NEW |