| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <utility> | 5 #include <utility> |
| 6 | 6 |
| 7 #include "base/base_switches.h" | 7 #include "base/base_switches.h" |
| 8 #include "base/bind.h" | 8 #include "base/bind.h" |
| 9 #include "base/bind_helpers.h" | 9 #include "base/bind_helpers.h" |
| 10 #include "base/callback.h" | 10 #include "base/callback.h" |
| (...skipping 74 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 85 #include "net/cert/x509_certificate.h" | 85 #include "net/cert/x509_certificate.h" |
| 86 #include "net/dns/mock_host_resolver.h" | 86 #include "net/dns/mock_host_resolver.h" |
| 87 #include "net/ssl/ssl_info.h" | 87 #include "net/ssl/ssl_info.h" |
| 88 #include "net/test/cert_test_util.h" | 88 #include "net/test/cert_test_util.h" |
| 89 #include "net/test/embedded_test_server/embedded_test_server.h" | 89 #include "net/test/embedded_test_server/embedded_test_server.h" |
| 90 #include "net/test/embedded_test_server/request_handler_util.h" | 90 #include "net/test/embedded_test_server/request_handler_util.h" |
| 91 #include "net/test/spawned_test_server/spawned_test_server.h" | 91 #include "net/test/spawned_test_server/spawned_test_server.h" |
| 92 #include "net/test/test_certificate_data.h" | 92 #include "net/test/test_certificate_data.h" |
| 93 #include "net/test/test_data_directory.h" | 93 #include "net/test/test_data_directory.h" |
| 94 #include "net/url_request/url_request_context.h" | 94 #include "net/url_request/url_request_context.h" |
| 95 #include "net/url_request/url_request_filter.h" |
| 96 #include "net/url_request/url_request_job.h" |
| 95 | 97 |
| 96 #if defined(USE_NSS_CERTS) | 98 #if defined(USE_NSS_CERTS) |
| 97 #include "chrome/browser/net/nss_context.h" | 99 #include "chrome/browser/net/nss_context.h" |
| 98 #include "net/base/crypto_module.h" | 100 #include "net/base/crypto_module.h" |
| 99 #include "net/cert/nss_cert_database.h" | 101 #include "net/cert/nss_cert_database.h" |
| 100 #endif // defined(USE_NSS_CERTS) | 102 #endif // defined(USE_NSS_CERTS) |
| 101 | 103 |
| 102 using base::ASCIIToUTF16; | 104 using base::ASCIIToUTF16; |
| 103 using chrome_browser_interstitials::SecurityInterstitialIDNTest; | 105 using chrome_browser_interstitials::SecurityInterstitialIDNTest; |
| 104 using content::InterstitialPage; | 106 using content::InterstitialPage; |
| (...skipping 163 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 268 EXPECT_TRUE(cert1 && cert2); | 270 EXPECT_TRUE(cert1 && cert2); |
| 269 EXPECT_TRUE(cert1->Equals(cert2.get())); | 271 EXPECT_TRUE(cert1->Equals(cert2.get())); |
| 270 | 272 |
| 271 SSLStatus one_without_cert_id = one; | 273 SSLStatus one_without_cert_id = one; |
| 272 one_without_cert_id.cert_id = 0; | 274 one_without_cert_id.cert_id = 0; |
| 273 SSLStatus two_without_cert_id = two; | 275 SSLStatus two_without_cert_id = two; |
| 274 two_without_cert_id.cert_id = 0; | 276 two_without_cert_id.cert_id = 0; |
| 275 EXPECT_TRUE(one_without_cert_id.Equals(two_without_cert_id)); | 277 EXPECT_TRUE(one_without_cert_id.Equals(two_without_cert_id)); |
| 276 } | 278 } |
| 277 | 279 |
| 280 class HungJob : public net::URLRequestJob { |
| 281 public: |
| 282 HungJob(net::URLRequest* request, net::NetworkDelegate* network_delegate) |
| 283 : net::URLRequestJob(request, network_delegate) {} |
| 284 |
| 285 void Start() override { |
| 286 } |
| 287 }; |
| 288 |
| 289 class FaviconFilter : public net::URLRequestInterceptor { |
| 290 public: |
| 291 FaviconFilter() {} |
| 292 ~FaviconFilter() override {} |
| 293 |
| 294 // net::URLRequestInterceptor implementation |
| 295 net::URLRequestJob* MaybeInterceptRequest( |
| 296 net::URLRequest* request, |
| 297 net::NetworkDelegate* network_delegate) const override { |
| 298 if (request->url().path() == "/favicon.ico") |
| 299 return new HungJob(request, network_delegate); |
| 300 return nullptr; |
| 301 } |
| 302 |
| 303 private: |
| 304 DISALLOW_COPY_AND_ASSIGN(FaviconFilter); |
| 305 }; |
| 306 |
| 278 } // namespace | 307 } // namespace |
| 279 | 308 |
| 280 class SSLUITest | 309 class SSLUITest |
| 281 : public certificate_reporting_test_utils::CertificateReportingTest { | 310 : public certificate_reporting_test_utils::CertificateReportingTest { |
| 282 public: | 311 public: |
| 283 SSLUITest() | 312 SSLUITest() |
| 284 : https_server_(net::EmbeddedTestServer::TYPE_HTTPS), | 313 : https_server_(net::EmbeddedTestServer::TYPE_HTTPS), |
| 285 https_server_expired_(net::EmbeddedTestServer::TYPE_HTTPS), | 314 https_server_expired_(net::EmbeddedTestServer::TYPE_HTTPS), |
| 286 https_server_mismatched_(net::EmbeddedTestServer::TYPE_HTTPS), | 315 https_server_mismatched_(net::EmbeddedTestServer::TYPE_HTTPS), |
| 287 wss_server_expired_(net::SpawnedTestServer::TYPE_WSS, | 316 wss_server_expired_(net::SpawnedTestServer::TYPE_WSS, |
| 288 SSLOptions(SSLOptions::CERT_EXPIRED), | 317 SSLOptions(SSLOptions::CERT_EXPIRED), |
| 289 net::GetWebSocketTestDataDirectory()) { | 318 net::GetWebSocketTestDataDirectory()) { |
| 290 https_server_.AddDefaultHandlers(base::FilePath(kDocRoot)); | 319 https_server_.AddDefaultHandlers(base::FilePath(kDocRoot)); |
| 291 | 320 |
| 292 https_server_expired_.SetSSLConfig(net::EmbeddedTestServer::CERT_EXPIRED); | 321 https_server_expired_.SetSSLConfig(net::EmbeddedTestServer::CERT_EXPIRED); |
| 293 https_server_expired_.AddDefaultHandlers(base::FilePath(kDocRoot)); | 322 https_server_expired_.AddDefaultHandlers(base::FilePath(kDocRoot)); |
| 294 | 323 |
| 295 https_server_mismatched_.SetSSLConfig( | 324 https_server_mismatched_.SetSSLConfig( |
| 296 net::EmbeddedTestServer::CERT_MISMATCHED_NAME); | 325 net::EmbeddedTestServer::CERT_MISMATCHED_NAME); |
| 297 https_server_mismatched_.AddDefaultHandlers(base::FilePath(kDocRoot)); | 326 https_server_mismatched_.AddDefaultHandlers(base::FilePath(kDocRoot)); |
| 327 |
| 328 // TODO(estark): once http://crbug.com/634171 is fixed and certificate |
| 329 // errors for subresources don't generate DISPLAYED_INSECURE_CONTENT remove |
| 330 // these filters. |
| 331 std::unique_ptr<net::URLRequestInterceptor> interceptor(new FaviconFilter); |
| 332 net::URLRequestFilter::GetInstance()->AddHostnameInterceptor( |
| 333 "https", "127.0.0.1", std::move(interceptor)); |
| 334 interceptor.reset(new FaviconFilter); |
| 335 net::URLRequestFilter::GetInstance()->AddHostnameInterceptor( |
| 336 "https", "localhost", std::move(interceptor)); |
| 298 } | 337 } |
| 299 | 338 |
| 300 void SetUpCommandLine(base::CommandLine* command_line) override { | 339 void SetUpCommandLine(base::CommandLine* command_line) override { |
| 301 // Browser will both run and display insecure content. | 340 // Browser will both run and display insecure content. |
| 302 command_line->AppendSwitch(switches::kAllowRunningInsecureContent); | 341 command_line->AppendSwitch(switches::kAllowRunningInsecureContent); |
| 303 // Use process-per-site so that navigating to a same-site page in a | 342 // Use process-per-site so that navigating to a same-site page in a |
| 304 // new tab will use the same process. | 343 // new tab will use the same process. |
| 305 command_line->AppendSwitch(switches::kProcessPerSite); | 344 command_line->AppendSwitch(switches::kProcessPerSite); |
| 306 } | 345 } |
| 307 | 346 |
| (...skipping 1513 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1821 | 1860 |
| 1822 // Now try again the broken one to make sure it is still broken. | 1861 // Now try again the broken one to make sure it is still broken. |
| 1823 ui_test_utils::NavigateToURL( | 1862 ui_test_utils::NavigateToURL( |
| 1824 browser(), https_server_mismatched_.GetURL("/ssl/google.html")); | 1863 browser(), https_server_mismatched_.GetURL("/ssl/google.html")); |
| 1825 | 1864 |
| 1826 // Since we OKed the interstitial last time, we get right to the page. | 1865 // Since we OKed the interstitial last time, we get right to the page. |
| 1827 CheckAuthenticationBrokenState( | 1866 CheckAuthenticationBrokenState( |
| 1828 tab, net::CERT_STATUS_COMMON_NAME_INVALID, AuthState::NONE); | 1867 tab, net::CERT_STATUS_COMMON_NAME_INVALID, AuthState::NONE); |
| 1829 } | 1868 } |
| 1830 | 1869 |
| 1831 #if defined(OS_CHROMEOS) | |
| 1832 // This test seems to be flaky and hang on chromiumos. | |
| 1833 // http://crbug.com/84419 | |
| 1834 #define MAYBE_TestRefNavigation DISABLED_TestRefNavigation | |
| 1835 #else | |
| 1836 #define MAYBE_TestRefNavigation TestRefNavigation | |
| 1837 #endif | |
| 1838 | |
| 1839 // Test that navigating to a #ref does not change a bad security state. | 1870 // Test that navigating to a #ref does not change a bad security state. |
| 1840 IN_PROC_BROWSER_TEST_F(SSLUITest, TestRefNavigation) { | 1871 IN_PROC_BROWSER_TEST_F(SSLUITest, TestRefNavigation) { |
| 1841 ASSERT_TRUE(https_server_expired_.Start()); | 1872 ASSERT_TRUE(https_server_expired_.Start()); |
| 1842 | 1873 |
| 1843 ui_test_utils::NavigateToURL( | 1874 ui_test_utils::NavigateToURL( |
| 1844 browser(), https_server_expired_.GetURL("/ssl/page_with_refs.html")); | 1875 browser(), https_server_expired_.GetURL("/ssl/page_with_refs.html")); |
| 1845 | 1876 |
| 1846 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); | 1877 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); |
| 1847 CheckAuthenticationBrokenState( | 1878 CheckAuthenticationBrokenState( |
| 1848 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL); | 1879 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL); |
| (...skipping 474 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2323 std::string replacement_path; | 2354 std::string replacement_path; |
| 2324 GetFilePathWithHostAndPortReplacement( | 2355 GetFilePathWithHostAndPortReplacement( |
| 2325 "/ssl/page_with_unsafe_contents.html", | 2356 "/ssl/page_with_unsafe_contents.html", |
| 2326 https_server_mismatched_.host_port_pair(), &replacement_path); | 2357 https_server_mismatched_.host_port_pair(), &replacement_path); |
| 2327 ui_test_utils::NavigateToURL( | 2358 ui_test_utils::NavigateToURL( |
| 2328 browser(), https_server_mismatched_.GetURL(replacement_path)); | 2359 browser(), https_server_mismatched_.GetURL(replacement_path)); |
| 2329 js_result = false; | 2360 js_result = false; |
| 2330 EXPECT_TRUE(content::ExecuteScriptAndExtractBool( | 2361 EXPECT_TRUE(content::ExecuteScriptAndExtractBool( |
| 2331 tab, "window.domAutomationController.send(IsFooSet());", &js_result)); | 2362 tab, "window.domAutomationController.send(IsFooSet());", &js_result)); |
| 2332 EXPECT_TRUE(js_result); | 2363 EXPECT_TRUE(js_result); |
| 2364 // TODO(estark): once http://crbug.com/634171 is fixed and certificate errors |
| 2365 // for subresources don't generate DISPLAYED_INSECURE_CONTENT switch this back |
| 2366 // to AuthState::NONE. |
| 2333 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_COMMON_NAME_INVALID, | 2367 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_COMMON_NAME_INVALID, |
| 2334 AuthState::NONE); | 2368 AuthState::DISPLAYED_INSECURE_CONTENT); |
| 2335 } | 2369 } |
| 2336 | 2370 |
| 2337 // Like the test above, but only displaying inactive content (an image). | 2371 // Like the test above, but only displaying inactive content (an image). |
| 2338 IN_PROC_BROWSER_TEST_F(SSLUITest, TestUnsafeImageWithUserException) { | 2372 IN_PROC_BROWSER_TEST_F(SSLUITest, TestUnsafeImageWithUserException) { |
| 2339 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); | 2373 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); |
| 2340 ASSERT_NO_FATAL_FAILURE( | 2374 ASSERT_NO_FATAL_FAILURE( |
| 2341 SetUpUnsafeContentsWithUserException("/ssl/page_with_unsafe_image.html")); | 2375 SetUpUnsafeContentsWithUserException("/ssl/page_with_unsafe_image.html")); |
| 2342 CheckAuthenticatedState(tab, AuthState::DISPLAYED_INSECURE_CONTENT); | 2376 CheckAuthenticatedState(tab, AuthState::DISPLAYED_INSECURE_CONTENT); |
| 2343 | 2377 |
| 2344 int img_width; | 2378 int img_width; |
| (...skipping 660 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3005 | 3039 |
| 3006 // Visit a page over https that contains a frame with a redirect. | 3040 // Visit a page over https that contains a frame with a redirect. |
| 3007 | 3041 |
| 3008 // XMLHttpRequest insecure content in synchronous mode. | 3042 // XMLHttpRequest insecure content in synchronous mode. |
| 3009 | 3043 |
| 3010 // XMLHttpRequest insecure content in asynchronous mode. | 3044 // XMLHttpRequest insecure content in asynchronous mode. |
| 3011 | 3045 |
| 3012 // XMLHttpRequest over bad ssl in synchronous mode. | 3046 // XMLHttpRequest over bad ssl in synchronous mode. |
| 3013 | 3047 |
| 3014 // XMLHttpRequest over OK ssl in synchronous mode. | 3048 // XMLHttpRequest over OK ssl in synchronous mode. |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2191113002:
Remove usage of SSLStatus in RenderFrameImpl. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master