Downgrade security state after user clicks through SB interstitial

chrome/browser/safe_browsing/safe_browsing_blocking_page_test.cc

Index: chrome/browser/safe_browsing/safe_browsing_blocking_page_test.cc
diff --git a/chrome/browser/safe_browsing/safe_browsing_blocking_page_test.cc b/chrome/browser/safe_browsing/safe_browsing_blocking_page_test.cc
index 1b92c1e0d4ca5252bea38c4fabd24ae4dc91a756..4f91ff86f28121f534d5041fa0fe4ef98a4e9677 100644
--- a/chrome/browser/safe_browsing/safe_browsing_blocking_page_test.cc
+++ b/chrome/browser/safe_browsing/safe_browsing_blocking_page_test.cc
@@ -25,6 +25,8 @@
 #include "chrome/browser/safe_browsing/test_safe_browsing_service.h"
 #include "chrome/browser/safe_browsing/threat_details.h"
 #include "chrome/browser/safe_browsing/ui_manager.h"
+#include "chrome/browser/ssl/cert_verifier_browser_test.h"
+#include "chrome/browser/ssl/chrome_security_state_model_client.h"
 #include "chrome/browser/ui/browser.h"
 #include "chrome/browser/ui/browser_tabstrip.h"
 #include "chrome/browser/ui/tabs/tab_strip_model.h"
@@ -47,6 +49,9 @@
 #include "content/public/test/browser_test_utils.h"
 #include "content/public/test/test_browser_thread.h"
 #include "content/public/test/test_utils.h"
+#include "net/cert/cert_verify_result.h"
+#include "net/cert/mock_cert_verifier.h"
+#include "net/test/embedded_test_server/embedded_test_server.h"
 #include "net/test/url_request/url_request_mock_http_job.h"
 
 using chrome_browser_interstitials::SecurityInterstitialIDNTest;
@@ -270,7 +275,7 @@ class TestSafeBrowsingBlockingPageFactory
 
 // Tests the safe browsing blocking page in a browser.
 class SafeBrowsingBlockingPageBrowserTest
-    : public InProcessBrowserTest,
+    : public CertVerifierBrowserTest,
       public testing::WithParamInterface<testing::tuple<SBThreatType, bool>> {
  public:
   enum Visibility {
@@ -279,7 +284,8 @@ class SafeBrowsingBlockingPageBrowserTest
     VISIBLE = 1
   };
 
-  SafeBrowsingBlockingPageBrowserTest() {}
+  SafeBrowsingBlockingPageBrowserTest()
+      : https_server_(net::EmbeddedTestServer::TYPE_HTTPS) {}
 
   void SetUp() override {
     // Test UI manager and test database manager should be set before
@@ -532,12 +538,26 @@ class SafeBrowsingBlockingPageBrowserTest
     EXPECT_EQ(expected_tag_name, actual_resource.tag_name());
   }
 
+  void SetUpMockCertVerifierForHttpsServer(net::CertStatus cert_status,
+                                           int net_result) {
+    ASSERT_TRUE(https_server_.Start());
+    scoped_refptr<net::X509Certificate> cert(https_server_.GetCertificate());
+    net::CertVerifyResult verify_result;
+    verify_result.is_issued_by_known_root = true;
+    verify_result.verified_cert = cert;
+    verify_result.cert_status = cert_status;
+
+    mock_cert_verifier()->AddResultForCert(cert.get(), verify_result,
+                                           net_result);
+  }
+
  protected:
   TestThreatDetailsFactory details_factory_;
 
  private:
   TestSafeBrowsingServiceFactory factory_;
   TestSafeBrowsingBlockingPageFactory blocking_page_factory_;
+  net::EmbeddedTestServer https_server_;
 
   DISALLOW_COPY_AND_ASSIGN(SafeBrowsingBlockingPageBrowserTest);
 };
@@ -993,6 +1013,37 @@ IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest, WhitelistUnsaved) {
   AssertNoInterstitial(true);
 }
 
+IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest,
+                       SecurityStatePostInterstitial) {
+  SetupWarningAndNavigate();
+  EXPECT_TRUE(ClickAndWaitForDetach("proceed-link"));
+  AssertNoInterstitial(true);
+
+  WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
+  ASSERT_TRUE(tab);
+  ChromeSecurityStateModelClient* model_client =
+      ChromeSecurityStateModelClient::FromWebContents(tab);
+  ASSERT_TRUE(model_client);
+  EXPECT_EQ(security_state::SecurityStateModel::SECURITY_ERROR,
+            model_client->GetSecurityInfo().security_level);
+}
+
+IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest,
+                       HTTPSOverridePostInterstitial) {

[estark, 2016/08/24 05:15:39]

Either I'm missing something or this test is not testing what it's supposed to
be testing. Looks like it sets up an HTTPS server but then never makes any
requests to it.

[Jialiu Lin, 2016/08/24 06:27:20]

This test seems very similar to the previous one, except the following line
"SetUpMockCertVerifierForHttpsServer(0, net::OK);" 
Does this line mean there's be no cert error in this test case but only safe
browsing error?  If so, may be add another test case where cert error and safe
browsing error are both detected on the same url. 

and some comments maybe helpful?

[felt, 2016/08/24 19:27:19]

All of the existing SB tests, including SecurityStatePostInterstitial, are done
over HTTP. This tests adds a test over valid HTTPS.
Done.
Added comments.

[felt, 2016/08/24 19:27:19]

Whoops you're right, I was missing an if-statement. Fixed.

+  SetUpMockCertVerifierForHttpsServer(0, net::OK);
+  SetupWarningAndNavigate();
+  EXPECT_TRUE(ClickAndWaitForDetach("proceed-link"));
+  AssertNoInterstitial(true);
+
+  WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
+  ASSERT_TRUE(tab);
+  ChromeSecurityStateModelClient* model_client =
+      ChromeSecurityStateModelClient::FromWebContents(tab);
+  ASSERT_TRUE(model_client);
+  EXPECT_EQ(security_state::SecurityStateModel::SECURITY_ERROR,
+            model_client->GetSecurityInfo().security_level);
+}
+
 INSTANTIATE_TEST_CASE_P(
     SafeBrowsingBlockingPageBrowserTestWithThreatTypeAndIsolationSetting,
     SafeBrowsingBlockingPageBrowserTest,