Track subresources with cert errors separately from mixed content

chrome/browser/ssl/ssl_browser_tests.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <utility>
 
 #include "base/base_switches.h"
 #include "base/bind.h"
 #include "base/bind_helpers.h"
 #include "base/callback.h"
@@ skipping 307 matching lines @@
                             net::GetWebSocketTestDataDirectory()) {
     https_server_.AddDefaultHandlers(base::FilePath(kDocRoot));
 
     https_server_expired_.SetSSLConfig(net::EmbeddedTestServer::CERT_EXPIRED);
     https_server_expired_.AddDefaultHandlers(base::FilePath(kDocRoot));
 
     https_server_mismatched_.SetSSLConfig(
         net::EmbeddedTestServer::CERT_MISMATCHED_NAME);
     https_server_mismatched_.AddDefaultHandlers(base::FilePath(kDocRoot));
 
-    // TODO(estark): once http://crbug.com/634171 is fixed and certificate
-    // errors for subresources don't generate DISPLAYED_INSECURE_CONTENT remove
-    // these filters.
+    // Sometimes favicons load before tests check the authentication
+    // state, and sometimes they load after. This is problematic on
+    // tests that load pages with certificate errors, because the page
+    // will be marked as having displayed subresources with certificate
+    // errors only if the favicon loads before the test checks the
+    // authentication state. To avoid this non-determinism, add an
+    // interceptor to hang all favicon requests.
     std::unique_ptr<net::URLRequestInterceptor> interceptor(new FaviconFilter);
     net::URLRequestFilter::GetInstance()->AddHostnameInterceptor(
         "https", "127.0.0.1", std::move(interceptor));
     interceptor.reset(new FaviconFilter);
     net::URLRequestFilter::GetInstance()->AddHostnameInterceptor(
         "https", "localhost", std::move(interceptor));
   }
 
   void SetUpCommandLine(base::CommandLine* command_line) override {
     // Browser will both run and display insecure content.
@@ skipping 592 matching lines @@
   GURL url = https_server_.GetURL("/ssl/page_with_subresource.html");
   GURL::Replacements replacements;
   std::string new_host("localhost");
   replacements.SetHostStr(new_host);
   url = url.ReplaceComponents(replacements);
 
   ui_test_utils::NavigateToURL(browser(), url);
 
   // We should see no interstitial, but we should have an error
   // (red-crossed-out-https) in the URL bar.
-  // TODO(estark): once http://crbug.com/634171 is fixed and certificate
-  // errors for subresources don't generate
-  // DISPLAYED/RAN_INSECURE_CONTENT switch this back to AuthState::NONE.
   CheckAuthenticationBrokenState(tab, net::CERT_STATUS_COMMON_NAME_INVALID,
-                                 AuthState::RAN_INSECURE_CONTENT);
+                                 AuthState::NONE);
 
   // We should see that the script tag in the page loaded and ran (and
   // wasn't blocked by the certificate error).
   base::string16 title;
   base::string16 expected_title = base::ASCIIToUTF16("This script has loaded");
   ui_test_utils::GetCurrentTabTitle(browser(), &title);
   EXPECT_EQ(title, expected_title);
 }
 
 IN_PROC_BROWSER_TEST_F(SSLUITest, TestHTTPSErrorCausedByClockUsingBuildTime) {
@@ skipping 1266 matching lines @@
         content::NOTIFICATION_LOAD_STOP,
         content::Source<NavigationController>(&tab->GetController()));
   EXPECT_TRUE(content::ExecuteScriptAndExtractBool(
       tab,
       "window.domAutomationController.send(clickLink('goodHTTPSLink'));",
       &success));
   ASSERT_TRUE(success);
   observer.Wait();
 
   // We should still be authentication broken.
-  // TODO(estark): once http://crbug.com/634171 is fixed and certificate
-  // errors for subresources don't generate
-  // DISPLAYED/RAN_INSECURE_CONTENT switch this back to AuthState::NONE.
   CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID,
-                                 AuthState::RAN_INSECURE_CONTENT);
+                                 AuthState::NONE);
 }
 
 // From an HTTP top frame, navigate to good and bad HTTPS (security state should
 // stay unauthenticated).
 IN_PROC_BROWSER_TEST_F(SSLUITest, TestUnauthenticatedFrameNavigation) {
   ASSERT_TRUE(embedded_test_server()->Start());
   ASSERT_TRUE(https_server_.Start());
   ASSERT_TRUE(https_server_expired_.Start());
 
   std::string top_frame_path;
@@ skipping 85 matching lines @@
   // the user approves the bad certificate.
   ui_test_utils::NavigateToURL(
       browser(), https_server_mismatched_.GetURL("/ssl/blank_page.html"));
   WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
   CheckAuthenticationBrokenState(tab, net::CERT_STATUS_COMMON_NAME_INVALID,
                                  AuthState::SHOWING_INTERSTITIAL);
   ProceedThroughInterstitial(tab);
   CheckAuthenticationBrokenState(tab, net::CERT_STATUS_COMMON_NAME_INVALID,
                                  AuthState::NONE);
 
+  ChromeSecurityStateModelClient* client =
+      ChromeSecurityStateModelClient::FromWebContents(tab);
+  ASSERT_TRUE(client);
+  EXPECT_EQ(security_state::SecurityStateModel::CONTENT_STATUS_NONE,
+            client->GetSecurityInfo().mixed_content_status);
+  EXPECT_EQ(security_state::SecurityStateModel::CONTENT_STATUS_NONE,
+            client->GetSecurityInfo().content_with_cert_errors_status);
+
   // Navigate to safe page that has Worker loading unsafe content.
   // Expect content to load but be marked as auth broken due to running insecure
   // content.
   std::string page_with_unsafe_worker_path;
   GetPageWithUnsafeWorkerPath(https_server_mismatched_,
                               &page_with_unsafe_worker_path);
   ui_test_utils::NavigateToURL(
       browser(), https_server_.GetURL(page_with_unsafe_worker_path));
   CheckWorkerLoadResult(tab, true);  // Worker loads insecure content
-  CheckAuthenticationBrokenState(tab, CertError::NONE,
-                                 AuthState::RAN_INSECURE_CONTENT);
+  CheckAuthenticationBrokenState(tab, CertError::NONE, AuthState::NONE);
+
+  EXPECT_EQ(security_state::SecurityStateModel::CONTENT_STATUS_NONE,
+            client->GetSecurityInfo().mixed_content_status);
+  EXPECT_EQ(security_state::SecurityStateModel::CONTENT_STATUS_RAN,
+            client->GetSecurityInfo().content_with_cert_errors_status);
 }
 
 // Visits a page with unsafe content and makes sure that if a user exception to
 // the certificate error is present, the image is loaded and script executes.
 IN_PROC_BROWSER_TEST_F(SSLUITest, TestUnsafeContentsWithUserException) {
   WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
   ASSERT_NO_FATAL_FAILURE(SetUpUnsafeContentsWithUserException(
       "/ssl/page_with_unsafe_contents.html"));
-  CheckAuthenticationBrokenState(
-      tab, CertError::NONE,
-      AuthState::RAN_INSECURE_CONTENT | AuthState::DISPLAYED_INSECURE_CONTENT);
+  CheckAuthenticationBrokenState(tab, CertError::NONE, AuthState::NONE);
+
+  ChromeSecurityStateModelClient* client =
+      ChromeSecurityStateModelClient::FromWebContents(tab);
+  ASSERT_TRUE(client);
+  EXPECT_EQ(security_state::SecurityStateModel::CONTENT_STATUS_NONE,
+            client->GetSecurityInfo().mixed_content_status);
+  EXPECT_EQ(
+      security_state::SecurityStateModel::CONTENT_STATUS_DISPLAYED_AND_RAN,
+      client->GetSecurityInfo().content_with_cert_errors_status);
 
   int img_width;
   EXPECT_TRUE(content::ExecuteScriptAndExtractInt(
       tab, "window.domAutomationController.send(ImageWidth());", &img_width));
   // In order to check that the image was loaded, we check its width.
   // The actual image (Google logo) is 114 pixels wide, so we assume a good
   // image is greater than 100.
   EXPECT_GT(img_width, 100);
 
   bool js_result = false;
   EXPECT_TRUE(content::ExecuteScriptAndExtractBool(
       tab, "window.domAutomationController.send(IsFooSet());", &js_result));
   EXPECT_TRUE(js_result);
 
   // Test that active subresources with the same certificate errors as
-  // the main resources don't cause mixed content UI downgrades. (Such
-  // errors would be confusing and duplicative.)
+  // the main resources also get noted in |content_with_cert_errors_status|.
   std::string replacement_path;
   GetFilePathWithHostAndPortReplacement(
       "/ssl/page_with_unsafe_contents.html",
       https_server_mismatched_.host_port_pair(), &replacement_path);
   ui_test_utils::NavigateToURL(
       browser(), https_server_mismatched_.GetURL(replacement_path));
   js_result = false;
   EXPECT_TRUE(content::ExecuteScriptAndExtractBool(
       tab, "window.domAutomationController.send(IsFooSet());", &js_result));
   EXPECT_TRUE(js_result);
-  // TODO(estark): once http://crbug.com/634171 is fixed and certificate
-  // errors for subresources don't generate
-  // DISPLAYED/RAN_INSECURE_CONTENT switch this back to AuthState::NONE.
-  CheckAuthenticationBrokenState(
-      tab, net::CERT_STATUS_COMMON_NAME_INVALID,
-      AuthState::DISPLAYED_INSECURE_CONTENT | AuthState::RAN_INSECURE_CONTENT);
+  CheckAuthenticationBrokenState(tab, net::CERT_STATUS_COMMON_NAME_INVALID,
+                                 AuthState::NONE);
+
+  EXPECT_EQ(security_state::SecurityStateModel::CONTENT_STATUS_NONE,
+            client->GetSecurityInfo().mixed_content_status);
+  EXPECT_EQ(
+      security_state::SecurityStateModel::CONTENT_STATUS_DISPLAYED_AND_RAN,
+      client->GetSecurityInfo().content_with_cert_errors_status);
 }
 
 // Like the test above, but only displaying inactive content (an image).
 IN_PROC_BROWSER_TEST_F(SSLUITest, TestUnsafeImageWithUserException) {
   WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
   ASSERT_NO_FATAL_FAILURE(
       SetUpUnsafeContentsWithUserException("/ssl/page_with_unsafe_image.html"));
-  CheckAuthenticatedState(tab, AuthState::DISPLAYED_INSECURE_CONTENT);
+  CheckAuthenticatedState(tab, AuthState::NONE);
+
+  ChromeSecurityStateModelClient* client =
+      ChromeSecurityStateModelClient::FromWebContents(tab);
+  ASSERT_TRUE(client);
+  EXPECT_EQ(security_state::SecurityStateModel::CONTENT_STATUS_NONE,
+            client->GetSecurityInfo().mixed_content_status);
+  EXPECT_EQ(security_state::SecurityStateModel::CONTENT_STATUS_DISPLAYED,
+            client->GetSecurityInfo().content_with_cert_errors_status);
 
   int img_width;
   EXPECT_TRUE(content::ExecuteScriptAndExtractInt(
       tab, "window.domAutomationController.send(ImageWidth());", &img_width));
   // In order to check that the image was loaded, we check its width.
   // The actual image (Google logo) is 114 pixels wide, so we assume a good
   // image is greater than 100.
   EXPECT_GT(img_width, 100);
 }
 
@@ skipping 653 matching lines @@
 
 // Visit a page over https that contains a frame with a redirect.
 
 // XMLHttpRequest insecure content in synchronous mode.
 
 // XMLHttpRequest insecure content in asynchronous mode.
 
 // XMLHttpRequest over bad ssl in synchronous mode.
 
 // XMLHttpRequest over OK ssl in synchronous mode.