| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/ssl/chrome_security_state_model_client.h" | 5 #include "chrome/browser/ssl/chrome_security_state_model_client.h" |
| 6 | 6 |
| 7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
| 8 #include "base/files/file_path.h" | 8 #include "base/files/file_path.h" |
| 9 #include "base/macros.h" | 9 #include "base/macros.h" |
| 10 #include "base/strings/string_split.h" | 10 #include "base/strings/string_split.h" |
| 11 #include "base/strings/utf_string_conversions.h" | 11 #include "base/strings/utf_string_conversions.h" |
| 12 #include "chrome/browser/ssl/cert_verifier_browser_test.h" | 12 #include "chrome/browser/ssl/cert_verifier_browser_test.h" |
| 13 #include "chrome/browser/ssl/chrome_security_state_model_client.h" | 13 #include "chrome/browser/ssl/chrome_security_state_model_client.h" |
| 14 #include "chrome/browser/ssl/ssl_blocking_page.h" | 14 #include "chrome/browser/ssl/ssl_blocking_page.h" |
| 15 #include "chrome/browser/ui/browser.h" | 15 #include "chrome/browser/ui/browser.h" |
| 16 #include "chrome/browser/ui/browser_commands.h" | 16 #include "chrome/browser/ui/browser_commands.h" |
| 17 #include "chrome/browser/ui/tabs/tab_strip_model.h" | 17 #include "chrome/browser/ui/tabs/tab_strip_model.h" |
| 18 #include "chrome/common/chrome_paths.h" | 18 #include "chrome/common/chrome_paths.h" |
| 19 #include "chrome/common/chrome_switches.h" | 19 #include "chrome/common/chrome_switches.h" |
| 20 #include "chrome/common/pref_names.h" | 20 #include "chrome/common/pref_names.h" |
| 21 #include "chrome/grit/generated_resources.h" | 21 #include "chrome/grit/generated_resources.h" |
| 22 #include "chrome/test/base/in_process_browser_test.h" | 22 #include "chrome/test/base/in_process_browser_test.h" |
| 23 #include "chrome/test/base/ui_test_utils.h" | 23 #include "chrome/test/base/ui_test_utils.h" |
| 24 #include "components/prefs/pref_service.h" | 24 #include "components/prefs/pref_service.h" |
| 25 #include "content/public/browser/cert_store.h" | |
| 26 #include "content/public/browser/interstitial_page.h" | 25 #include "content/public/browser/interstitial_page.h" |
| 27 #include "content/public/browser/navigation_controller.h" | 26 #include "content/public/browser/navigation_controller.h" |
| 28 #include "content/public/browser/navigation_entry.h" | 27 #include "content/public/browser/navigation_entry.h" |
| 29 #include "content/public/browser/notification_service.h" | 28 #include "content/public/browser/notification_service.h" |
| 30 #include "content/public/browser/notification_types.h" | 29 #include "content/public/browser/notification_types.h" |
| 31 #include "content/public/browser/security_style_explanation.h" | 30 #include "content/public/browser/security_style_explanation.h" |
| 32 #include "content/public/browser/security_style_explanations.h" | 31 #include "content/public/browser/security_style_explanations.h" |
| 33 #include "content/public/browser/web_contents.h" | 32 #include "content/public/browser/web_contents.h" |
| 34 #include "content/public/common/referrer.h" | 33 #include "content/public/common/referrer.h" |
| 35 #include "content/public/common/ssl_status.h" | 34 #include "content/public/common/ssl_status.h" |
| (...skipping 62 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 98 content::SecurityStyle latest_security_style_; | 97 content::SecurityStyle latest_security_style_; |
| 99 content::SecurityStyleExplanations latest_explanations_; | 98 content::SecurityStyleExplanations latest_explanations_; |
| 100 | 99 |
| 101 DISALLOW_COPY_AND_ASSIGN(SecurityStyleTestObserver); | 100 DISALLOW_COPY_AND_ASSIGN(SecurityStyleTestObserver); |
| 102 }; | 101 }; |
| 103 | 102 |
| 104 // Check that |observer|'s latest event was for an expired certificate | 103 // Check that |observer|'s latest event was for an expired certificate |
| 105 // and that it saw the proper SecurityStyle and explanations. | 104 // and that it saw the proper SecurityStyle and explanations. |
| 106 void CheckBrokenSecurityStyle(const SecurityStyleTestObserver& observer, | 105 void CheckBrokenSecurityStyle(const SecurityStyleTestObserver& observer, |
| 107 int error, | 106 int error, |
| 108 Browser* browser) { | 107 Browser* browser, |
| 108 net::X509Certificate* expected_cert) { |
| 109 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATION_BROKEN, | 109 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATION_BROKEN, |
| 110 observer.latest_security_style()); | 110 observer.latest_security_style()); |
| 111 | 111 |
| 112 const content::SecurityStyleExplanations& expired_explanation = | 112 const content::SecurityStyleExplanations& expired_explanation = |
| 113 observer.latest_explanations(); | 113 observer.latest_explanations(); |
| 114 EXPECT_EQ(0u, expired_explanation.unauthenticated_explanations.size()); | 114 EXPECT_EQ(0u, expired_explanation.unauthenticated_explanations.size()); |
| 115 ASSERT_EQ(1u, expired_explanation.broken_explanations.size()); | 115 ASSERT_EQ(1u, expired_explanation.broken_explanations.size()); |
| 116 EXPECT_FALSE(expired_explanation.pkp_bypassed); | 116 EXPECT_FALSE(expired_explanation.pkp_bypassed); |
| 117 EXPECT_TRUE(expired_explanation.info_explanations.empty()); | 117 EXPECT_TRUE(expired_explanation.info_explanations.empty()); |
| 118 | 118 |
| 119 // Check that the summary and description are as expected. | 119 // Check that the summary and description are as expected. |
| 120 EXPECT_EQ(l10n_util::GetStringUTF8(IDS_CERTIFICATE_CHAIN_ERROR), | 120 EXPECT_EQ(l10n_util::GetStringUTF8(IDS_CERTIFICATE_CHAIN_ERROR), |
| 121 expired_explanation.broken_explanations[0].summary); | 121 expired_explanation.broken_explanations[0].summary); |
| 122 | 122 |
| 123 base::string16 error_string = base::UTF8ToUTF16(net::ErrorToString(error)); | 123 base::string16 error_string = base::UTF8ToUTF16(net::ErrorToString(error)); |
| 124 EXPECT_EQ(l10n_util::GetStringFUTF8( | 124 EXPECT_EQ(l10n_util::GetStringFUTF8( |
| 125 IDS_CERTIFICATE_CHAIN_ERROR_DESCRIPTION_FORMAT, error_string), | 125 IDS_CERTIFICATE_CHAIN_ERROR_DESCRIPTION_FORMAT, error_string), |
| 126 expired_explanation.broken_explanations[0].description); | 126 expired_explanation.broken_explanations[0].description); |
| 127 | 127 |
| 128 // Check the associated certificate id. | 128 // Check the associated certificate. |
| 129 int cert_id = browser->tab_strip_model() | 129 net::X509Certificate* cert = browser->tab_strip_model() |
| 130 ->GetActiveWebContents() | 130 ->GetActiveWebContents() |
| 131 ->GetController() | 131 ->GetController() |
| 132 .GetActiveEntry() | 132 .GetActiveEntry() |
| 133 ->GetSSL() | 133 ->GetSSL() |
| 134 .cert_id; | 134 .certificate.get(); |
| 135 EXPECT_EQ(cert_id, expired_explanation.broken_explanations[0].cert_id); | 135 EXPECT_TRUE(cert->Equals(expected_cert)); |
| 136 EXPECT_TRUE(expired_explanation.broken_explanations[0].has_certificate); |
| 136 } | 137 } |
| 137 | 138 |
| 138 // Checks that the given |secure_explanations| contains an appropriate | 139 // Checks that the given |secure_explanations| contains an appropriate |
| 139 // explanation if the certificate status is valid. | 140 // explanation if the certificate status is valid. |
| 140 void CheckSecureExplanations( | 141 void CheckSecureExplanations( |
| 141 const std::vector<content::SecurityStyleExplanation>& secure_explanations, | 142 const std::vector<content::SecurityStyleExplanation>& secure_explanations, |
| 142 CertificateStatus cert_status, | 143 CertificateStatus cert_status, |
| 143 Browser* browser) { | 144 Browser* browser, |
| 145 net::X509Certificate* expected_cert) { |
| 144 ASSERT_EQ(cert_status == VALID_CERTIFICATE ? 2u : 1u, | 146 ASSERT_EQ(cert_status == VALID_CERTIFICATE ? 2u : 1u, |
| 145 secure_explanations.size()); | 147 secure_explanations.size()); |
| 146 if (cert_status == VALID_CERTIFICATE) { | 148 if (cert_status == VALID_CERTIFICATE) { |
| 147 EXPECT_EQ(l10n_util::GetStringUTF8(IDS_VALID_SERVER_CERTIFICATE), | 149 EXPECT_EQ(l10n_util::GetStringUTF8(IDS_VALID_SERVER_CERTIFICATE), |
| 148 secure_explanations[0].summary); | 150 secure_explanations[0].summary); |
| 149 EXPECT_EQ( | 151 EXPECT_EQ( |
| 150 l10n_util::GetStringUTF8(IDS_VALID_SERVER_CERTIFICATE_DESCRIPTION), | 152 l10n_util::GetStringUTF8(IDS_VALID_SERVER_CERTIFICATE_DESCRIPTION), |
| 151 secure_explanations[0].description); | 153 secure_explanations[0].description); |
| 152 int cert_id = browser->tab_strip_model() | 154 net::X509Certificate* cert = browser->tab_strip_model() |
| 153 ->GetActiveWebContents() | 155 ->GetActiveWebContents() |
| 154 ->GetController() | 156 ->GetController() |
| 155 .GetActiveEntry() | 157 .GetActiveEntry() |
| 156 ->GetSSL() | 158 ->GetSSL() |
| 157 .cert_id; | 159 .certificate.get(); |
| 158 EXPECT_EQ(cert_id, secure_explanations[0].cert_id); | 160 EXPECT_TRUE(cert->Equals(expected_cert)); |
| 161 EXPECT_TRUE(secure_explanations[0].has_certificate); |
| 159 } | 162 } |
| 160 | 163 |
| 161 EXPECT_EQ(l10n_util::GetStringUTF8(IDS_STRONG_SSL_SUMMARY), | 164 EXPECT_EQ(l10n_util::GetStringUTF8(IDS_STRONG_SSL_SUMMARY), |
| 162 secure_explanations.back().summary); | 165 secure_explanations.back().summary); |
| 163 | 166 |
| 164 content::WebContents* web_contents = | 167 content::WebContents* web_contents = |
| 165 browser->tab_strip_model()->GetActiveWebContents(); | 168 browser->tab_strip_model()->GetActiveWebContents(); |
| 166 const SecurityStateModel::SecurityInfo& security_info = | 169 const SecurityStateModel::SecurityInfo& security_info = |
| 167 ChromeSecurityStateModelClient::FromWebContents(web_contents) | 170 ChromeSecurityStateModelClient::FromWebContents(web_contents) |
| 168 ->GetSecurityInfo(); | 171 ->GetSecurityInfo(); |
| (...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 206 model_client->GetSecurityInfo(); | 209 model_client->GetSecurityInfo(); |
| 207 EXPECT_EQ(expect_security_level, security_info.security_level); | 210 EXPECT_EQ(expect_security_level, security_info.security_level); |
| 208 EXPECT_EQ(expect_sha1_status, security_info.sha1_deprecation_status); | 211 EXPECT_EQ(expect_sha1_status, security_info.sha1_deprecation_status); |
| 209 EXPECT_EQ(expect_mixed_content_status, security_info.mixed_content_status); | 212 EXPECT_EQ(expect_mixed_content_status, security_info.mixed_content_status); |
| 210 EXPECT_TRUE(security_info.sct_verify_statuses.empty()); | 213 EXPECT_TRUE(security_info.sct_verify_statuses.empty()); |
| 211 EXPECT_TRUE(security_info.scheme_is_cryptographic); | 214 EXPECT_TRUE(security_info.scheme_is_cryptographic); |
| 212 EXPECT_EQ(pkp_bypassed, security_info.pkp_bypassed); | 215 EXPECT_EQ(pkp_bypassed, security_info.pkp_bypassed); |
| 213 EXPECT_EQ(expect_cert_error, | 216 EXPECT_EQ(expect_cert_error, |
| 214 net::IsCertStatusError(security_info.cert_status)); | 217 net::IsCertStatusError(security_info.cert_status)); |
| 215 EXPECT_GT(security_info.security_bits, 0); | 218 EXPECT_GT(security_info.security_bits, 0); |
| 216 | 219 EXPECT_TRUE(!!security_info.certificate.get()); |
| 217 content::CertStore* cert_store = content::CertStore::GetInstance(); | |
| 218 scoped_refptr<net::X509Certificate> cert; | |
| 219 EXPECT_TRUE(cert_store->RetrieveCert(security_info.cert_id, &cert)); | |
| 220 } | 220 } |
| 221 | 221 |
| 222 void CheckSecurityInfoForNonSecure(content::WebContents* contents) { | 222 void CheckSecurityInfoForNonSecure(content::WebContents* contents) { |
| 223 ASSERT_TRUE(contents); | 223 ASSERT_TRUE(contents); |
| 224 | 224 |
| 225 ChromeSecurityStateModelClient* model_client = | 225 ChromeSecurityStateModelClient* model_client = |
| 226 ChromeSecurityStateModelClient::FromWebContents(contents); | 226 ChromeSecurityStateModelClient::FromWebContents(contents); |
| 227 ASSERT_TRUE(model_client); | 227 ASSERT_TRUE(model_client); |
| 228 const SecurityStateModel::SecurityInfo& security_info = | 228 const SecurityStateModel::SecurityInfo& security_info = |
| 229 model_client->GetSecurityInfo(); | 229 model_client->GetSecurityInfo(); |
| 230 EXPECT_EQ(SecurityStateModel::NONE, security_info.security_level); | 230 EXPECT_EQ(SecurityStateModel::NONE, security_info.security_level); |
| 231 EXPECT_EQ(SecurityStateModel::NO_DEPRECATED_SHA1, | 231 EXPECT_EQ(SecurityStateModel::NO_DEPRECATED_SHA1, |
| 232 security_info.sha1_deprecation_status); | 232 security_info.sha1_deprecation_status); |
| 233 EXPECT_EQ(SecurityStateModel::CONTENT_STATUS_NONE, | 233 EXPECT_EQ(SecurityStateModel::CONTENT_STATUS_NONE, |
| 234 security_info.mixed_content_status); | 234 security_info.mixed_content_status); |
| 235 EXPECT_TRUE(security_info.sct_verify_statuses.empty()); | 235 EXPECT_TRUE(security_info.sct_verify_statuses.empty()); |
| 236 EXPECT_FALSE(security_info.scheme_is_cryptographic); | 236 EXPECT_FALSE(security_info.scheme_is_cryptographic); |
| 237 EXPECT_FALSE(net::IsCertStatusError(security_info.cert_status)); | 237 EXPECT_FALSE(net::IsCertStatusError(security_info.cert_status)); |
| 238 EXPECT_EQ(-1, security_info.security_bits); | 238 EXPECT_EQ(-1, security_info.security_bits); |
| 239 EXPECT_EQ(0, security_info.cert_id); | 239 EXPECT_FALSE(!!security_info.certificate.get()); |
| 240 } | 240 } |
| 241 | 241 |
| 242 void ProceedThroughInterstitial(content::WebContents* tab) { | 242 void ProceedThroughInterstitial(content::WebContents* tab) { |
| 243 content::InterstitialPage* interstitial_page = tab->GetInterstitialPage(); | 243 content::InterstitialPage* interstitial_page = tab->GetInterstitialPage(); |
| 244 ASSERT_TRUE(interstitial_page); | 244 ASSERT_TRUE(interstitial_page); |
| 245 ASSERT_EQ(SSLBlockingPage::kTypeForTesting, | 245 ASSERT_EQ(SSLBlockingPage::kTypeForTesting, |
| 246 interstitial_page->GetDelegateForTesting()->GetTypeForTesting()); | 246 interstitial_page->GetDelegateForTesting()->GetTypeForTesting()); |
| 247 content::WindowedNotificationObserver observer( | 247 content::WindowedNotificationObserver observer( |
| 248 content::NOTIFICATION_LOAD_STOP, | 248 content::NOTIFICATION_LOAD_STOP, |
| 249 content::Source<content::NavigationController>(&tab->GetController())); | 249 content::Source<content::NavigationController>(&tab->GetController())); |
| (...skipping 76 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 326 const SecurityStateModel::SecurityInfo& security_info = | 326 const SecurityStateModel::SecurityInfo& security_info = |
| 327 model_client->GetSecurityInfo(); | 327 model_client->GetSecurityInfo(); |
| 328 EXPECT_EQ(SecurityStateModel::NONE, security_info.security_level); | 328 EXPECT_EQ(SecurityStateModel::NONE, security_info.security_level); |
| 329 EXPECT_EQ(SecurityStateModel::NO_DEPRECATED_SHA1, | 329 EXPECT_EQ(SecurityStateModel::NO_DEPRECATED_SHA1, |
| 330 security_info.sha1_deprecation_status); | 330 security_info.sha1_deprecation_status); |
| 331 EXPECT_EQ(SecurityStateModel::CONTENT_STATUS_NONE, | 331 EXPECT_EQ(SecurityStateModel::CONTENT_STATUS_NONE, |
| 332 security_info.mixed_content_status); | 332 security_info.mixed_content_status); |
| 333 EXPECT_TRUE(security_info.sct_verify_statuses.empty()); | 333 EXPECT_TRUE(security_info.sct_verify_statuses.empty()); |
| 334 EXPECT_FALSE(security_info.scheme_is_cryptographic); | 334 EXPECT_FALSE(security_info.scheme_is_cryptographic); |
| 335 EXPECT_FALSE(net::IsCertStatusError(security_info.cert_status)); | 335 EXPECT_FALSE(net::IsCertStatusError(security_info.cert_status)); |
| 336 EXPECT_EQ(0, security_info.cert_id); | 336 EXPECT_FALSE(!!security_info.certificate.get()); |
| 337 EXPECT_EQ(-1, security_info.security_bits); | 337 EXPECT_EQ(-1, security_info.security_bits); |
| 338 EXPECT_EQ(0, security_info.connection_status); | 338 EXPECT_EQ(0, security_info.connection_status); |
| 339 } | 339 } |
| 340 | 340 |
| 341 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, HttpsPage) { | 341 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, HttpsPage) { |
| 342 ASSERT_TRUE(https_server_.Start()); | 342 ASSERT_TRUE(https_server_.Start()); |
| 343 SetUpMockCertVerifierForHttpsServer(0, net::OK); | 343 SetUpMockCertVerifierForHttpsServer(0, net::OK); |
| 344 | 344 |
| 345 ui_test_utils::NavigateToURL(browser(), | 345 ui_test_utils::NavigateToURL(browser(), |
| 346 https_server_.GetURL("/ssl/google.html")); | 346 https_server_.GetURL("/ssl/google.html")); |
| (...skipping 432 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 779 verify_result.verified_cert = cert; | 779 verify_result.verified_cert = cert; |
| 780 net::HashValue hash(net::HASH_VALUE_SHA256); | 780 net::HashValue hash(net::HASH_VALUE_SHA256); |
| 781 memset(hash.data(), 1, hash.size()); | 781 memset(hash.data(), 1, hash.size()); |
| 782 verify_result.public_key_hashes.push_back(hash); | 782 verify_result.public_key_hashes.push_back(hash); |
| 783 | 783 |
| 784 mock_cert_verifier()->AddResultForCert(cert.get(), verify_result, net::OK); | 784 mock_cert_verifier()->AddResultForCert(cert.get(), verify_result, net::OK); |
| 785 | 785 |
| 786 ui_test_utils::NavigateToURL(browser(), | 786 ui_test_utils::NavigateToURL(browser(), |
| 787 https_server_.GetURL("/ssl/google.html")); | 787 https_server_.GetURL("/ssl/google.html")); |
| 788 CheckBrokenSecurityStyle(observer, net::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN, | 788 CheckBrokenSecurityStyle(observer, net::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN, |
| 789 browser()); | 789 browser(), cert.get()); |
| 790 } | 790 } |
| 791 | 791 |
| 792 // Fails requests with ERR_IO_PENDING. Can be used to simulate a navigation | 792 // Fails requests with ERR_IO_PENDING. Can be used to simulate a navigation |
| 793 // that never stops loading. | 793 // that never stops loading. |
| 794 class PendingJobInterceptor : public net::URLRequestInterceptor { | 794 class PendingJobInterceptor : public net::URLRequestInterceptor { |
| 795 public: | 795 public: |
| 796 PendingJobInterceptor() {} | 796 PendingJobInterceptor() {} |
| 797 ~PendingJobInterceptor() override {} | 797 ~PendingJobInterceptor() override {} |
| 798 | 798 |
| 799 // URLRequestInterceptor implementation | 799 // URLRequestInterceptor implementation |
| (...skipping 130 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 930 GURL mixed_content_url(https_server_.GetURL(replacement_path)); | 930 GURL mixed_content_url(https_server_.GetURL(replacement_path)); |
| 931 ui_test_utils::NavigateToURL(browser(), mixed_content_url); | 931 ui_test_utils::NavigateToURL(browser(), mixed_content_url); |
| 932 EXPECT_EQ(content::SECURITY_STYLE_UNAUTHENTICATED, | 932 EXPECT_EQ(content::SECURITY_STYLE_UNAUTHENTICATED, |
| 933 observer.latest_security_style()); | 933 observer.latest_security_style()); |
| 934 | 934 |
| 935 const content::SecurityStyleExplanations& mixed_content_explanation = | 935 const content::SecurityStyleExplanations& mixed_content_explanation = |
| 936 observer.latest_explanations(); | 936 observer.latest_explanations(); |
| 937 ASSERT_EQ(0u, mixed_content_explanation.unauthenticated_explanations.size()); | 937 ASSERT_EQ(0u, mixed_content_explanation.unauthenticated_explanations.size()); |
| 938 ASSERT_EQ(0u, mixed_content_explanation.broken_explanations.size()); | 938 ASSERT_EQ(0u, mixed_content_explanation.broken_explanations.size()); |
| 939 CheckSecureExplanations(mixed_content_explanation.secure_explanations, | 939 CheckSecureExplanations(mixed_content_explanation.secure_explanations, |
| 940 VALID_CERTIFICATE, browser()); | 940 VALID_CERTIFICATE, browser(), |
| 941 https_server_.GetCertificate().get()); |
| 941 EXPECT_TRUE(mixed_content_explanation.scheme_is_cryptographic); | 942 EXPECT_TRUE(mixed_content_explanation.scheme_is_cryptographic); |
| 942 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); | 943 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); |
| 943 EXPECT_TRUE(observer.latest_explanations().info_explanations.empty()); | 944 EXPECT_TRUE(observer.latest_explanations().info_explanations.empty()); |
| 944 EXPECT_TRUE(mixed_content_explanation.displayed_mixed_content); | 945 EXPECT_TRUE(mixed_content_explanation.displayed_mixed_content); |
| 945 EXPECT_FALSE(mixed_content_explanation.ran_mixed_content); | 946 EXPECT_FALSE(mixed_content_explanation.ran_mixed_content); |
| 946 EXPECT_EQ(content::SECURITY_STYLE_UNAUTHENTICATED, | 947 EXPECT_EQ(content::SECURITY_STYLE_UNAUTHENTICATED, |
| 947 mixed_content_explanation.displayed_insecure_content_style); | 948 mixed_content_explanation.displayed_insecure_content_style); |
| 948 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATION_BROKEN, | 949 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATION_BROKEN, |
| 949 mixed_content_explanation.ran_insecure_content_style); | 950 mixed_content_explanation.ran_insecure_content_style); |
| 950 | 951 |
| 951 // Visit a broken HTTPS url. | 952 // Visit a broken HTTPS url. |
| 952 GURL expired_url(https_test_server_expired.GetURL("/title1.html")); | 953 GURL expired_url(https_test_server_expired.GetURL("/title1.html")); |
| 953 ui_test_utils::NavigateToURL(browser(), expired_url); | 954 ui_test_utils::NavigateToURL(browser(), expired_url); |
| 954 | 955 |
| 955 // An interstitial should show, and an event for the lock icon on the | 956 // An interstitial should show, and an event for the lock icon on the |
| 956 // interstitial should fire. | 957 // interstitial should fire. |
| 957 content::WaitForInterstitialAttach(web_contents); | 958 content::WaitForInterstitialAttach(web_contents); |
| 958 EXPECT_TRUE(web_contents->ShowingInterstitialPage()); | 959 EXPECT_TRUE(web_contents->ShowingInterstitialPage()); |
| 959 CheckBrokenSecurityStyle(observer, net::ERR_CERT_DATE_INVALID, browser()); | 960 CheckBrokenSecurityStyle(observer, net::ERR_CERT_DATE_INVALID, browser(), |
| 961 https_test_server_expired.GetCertificate().get()); |
| 960 CheckSecureExplanations(observer.latest_explanations().secure_explanations, | 962 CheckSecureExplanations(observer.latest_explanations().secure_explanations, |
| 961 INVALID_CERTIFICATE, browser()); | 963 INVALID_CERTIFICATE, browser(), |
| 964 https_test_server_expired.GetCertificate().get()); |
| 962 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); | 965 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); |
| 963 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); | 966 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); |
| 964 EXPECT_TRUE(observer.latest_explanations().info_explanations.empty()); | 967 EXPECT_TRUE(observer.latest_explanations().info_explanations.empty()); |
| 965 EXPECT_FALSE(observer.latest_explanations().displayed_mixed_content); | 968 EXPECT_FALSE(observer.latest_explanations().displayed_mixed_content); |
| 966 EXPECT_FALSE(observer.latest_explanations().ran_mixed_content); | 969 EXPECT_FALSE(observer.latest_explanations().ran_mixed_content); |
| 967 | 970 |
| 968 // Before clicking through, navigate to a different page, and then go | 971 // Before clicking through, navigate to a different page, and then go |
| 969 // back to the interstitial. | 972 // back to the interstitial. |
| 970 GURL valid_https_url(https_server_.GetURL("/title1.html")); | 973 GURL valid_https_url(https_server_.GetURL("/title1.html")); |
| 971 ui_test_utils::NavigateToURL(browser(), valid_https_url); | 974 ui_test_utils::NavigateToURL(browser(), valid_https_url); |
| 972 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATED, | 975 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATED, |
| 973 observer.latest_security_style()); | 976 observer.latest_security_style()); |
| 974 EXPECT_EQ(0u, | 977 EXPECT_EQ(0u, |
| 975 observer.latest_explanations().unauthenticated_explanations.size()); | 978 observer.latest_explanations().unauthenticated_explanations.size()); |
| 976 EXPECT_EQ(0u, observer.latest_explanations().broken_explanations.size()); | 979 EXPECT_EQ(0u, observer.latest_explanations().broken_explanations.size()); |
| 977 CheckSecureExplanations(observer.latest_explanations().secure_explanations, | 980 CheckSecureExplanations(observer.latest_explanations().secure_explanations, |
| 978 VALID_CERTIFICATE, browser()); | 981 VALID_CERTIFICATE, browser(), |
| 982 https_server_.GetCertificate().get()); |
| 979 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); | 983 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); |
| 980 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); | 984 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); |
| 981 EXPECT_TRUE(observer.latest_explanations().info_explanations.empty()); | 985 EXPECT_TRUE(observer.latest_explanations().info_explanations.empty()); |
| 982 EXPECT_FALSE(observer.latest_explanations().displayed_mixed_content); | 986 EXPECT_FALSE(observer.latest_explanations().displayed_mixed_content); |
| 983 EXPECT_FALSE(observer.latest_explanations().ran_mixed_content); | 987 EXPECT_FALSE(observer.latest_explanations().ran_mixed_content); |
| 984 | 988 |
| 985 // After going back to the interstitial, an event for a broken lock | 989 // After going back to the interstitial, an event for a broken lock |
| 986 // icon should fire again. | 990 // icon should fire again. |
| 987 ui_test_utils::NavigateToURL(browser(), expired_url); | 991 ui_test_utils::NavigateToURL(browser(), expired_url); |
| 988 content::WaitForInterstitialAttach(web_contents); | 992 content::WaitForInterstitialAttach(web_contents); |
| 989 EXPECT_TRUE(web_contents->ShowingInterstitialPage()); | 993 EXPECT_TRUE(web_contents->ShowingInterstitialPage()); |
| 990 CheckBrokenSecurityStyle(observer, net::ERR_CERT_DATE_INVALID, browser()); | 994 CheckBrokenSecurityStyle(observer, net::ERR_CERT_DATE_INVALID, browser(), |
| 995 https_test_server_expired.GetCertificate().get()); |
| 991 CheckSecureExplanations(observer.latest_explanations().secure_explanations, | 996 CheckSecureExplanations(observer.latest_explanations().secure_explanations, |
| 992 INVALID_CERTIFICATE, browser()); | 997 INVALID_CERTIFICATE, browser(), |
| 998 https_test_server_expired.GetCertificate().get()); |
| 993 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); | 999 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); |
| 994 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); | 1000 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); |
| 995 EXPECT_TRUE(observer.latest_explanations().info_explanations.empty()); | 1001 EXPECT_TRUE(observer.latest_explanations().info_explanations.empty()); |
| 996 EXPECT_FALSE(observer.latest_explanations().displayed_mixed_content); | 1002 EXPECT_FALSE(observer.latest_explanations().displayed_mixed_content); |
| 997 EXPECT_FALSE(observer.latest_explanations().ran_mixed_content); | 1003 EXPECT_FALSE(observer.latest_explanations().ran_mixed_content); |
| 998 | 1004 |
| 999 // Since the next expected style is the same as the previous, clear | 1005 // Since the next expected style is the same as the previous, clear |
| 1000 // the observer (to make sure that the event fires twice and we don't | 1006 // the observer (to make sure that the event fires twice and we don't |
| 1001 // just see the previous event's style). | 1007 // just see the previous event's style). |
| 1002 observer.ClearLatestSecurityStyleAndExplanations(); | 1008 observer.ClearLatestSecurityStyleAndExplanations(); |
| 1003 | 1009 |
| 1004 // Other conditions cannot be tested on this host after clicking | 1010 // Other conditions cannot be tested on this host after clicking |
| 1005 // through because once the interstitial is clicked through, all URLs | 1011 // through because once the interstitial is clicked through, all URLs |
| 1006 // for this host will remain in a broken state. | 1012 // for this host will remain in a broken state. |
| 1007 ProceedThroughInterstitial(web_contents); | 1013 ProceedThroughInterstitial(web_contents); |
| 1008 CheckBrokenSecurityStyle(observer, net::ERR_CERT_DATE_INVALID, browser()); | 1014 CheckBrokenSecurityStyle(observer, net::ERR_CERT_DATE_INVALID, browser(), |
| 1015 https_test_server_expired.GetCertificate().get()); |
| 1009 CheckSecureExplanations(observer.latest_explanations().secure_explanations, | 1016 CheckSecureExplanations(observer.latest_explanations().secure_explanations, |
| 1010 INVALID_CERTIFICATE, browser()); | 1017 INVALID_CERTIFICATE, browser(), |
| 1018 https_test_server_expired.GetCertificate().get()); |
| 1011 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); | 1019 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); |
| 1012 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); | 1020 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); |
| 1013 EXPECT_TRUE(observer.latest_explanations().info_explanations.empty()); | 1021 EXPECT_TRUE(observer.latest_explanations().info_explanations.empty()); |
| 1014 EXPECT_FALSE(observer.latest_explanations().displayed_mixed_content); | 1022 EXPECT_FALSE(observer.latest_explanations().displayed_mixed_content); |
| 1015 EXPECT_FALSE(observer.latest_explanations().ran_mixed_content); | 1023 EXPECT_FALSE(observer.latest_explanations().ran_mixed_content); |
| 1016 } | 1024 } |
| 1017 | 1025 |
| 1018 // Visit a valid HTTPS page, then a broken HTTPS page, and then go back, | 1026 // Visit a valid HTTPS page, then a broken HTTPS page, and then go back, |
| 1019 // and test that the observed security style matches. | 1027 // and test that the observed security style matches. |
| 1020 #if defined(OS_CHROMEOS) | 1028 #if defined(OS_CHROMEOS) |
| (...skipping 21 matching lines...) Expand all Loading... |
| 1042 | 1050 |
| 1043 // Visit a valid HTTPS url. | 1051 // Visit a valid HTTPS url. |
| 1044 GURL valid_https_url(https_server_.GetURL("/title1.html")); | 1052 GURL valid_https_url(https_server_.GetURL("/title1.html")); |
| 1045 ui_test_utils::NavigateToURL(browser(), valid_https_url); | 1053 ui_test_utils::NavigateToURL(browser(), valid_https_url); |
| 1046 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATED, | 1054 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATED, |
| 1047 observer.latest_security_style()); | 1055 observer.latest_security_style()); |
| 1048 EXPECT_EQ(0u, | 1056 EXPECT_EQ(0u, |
| 1049 observer.latest_explanations().unauthenticated_explanations.size()); | 1057 observer.latest_explanations().unauthenticated_explanations.size()); |
| 1050 EXPECT_EQ(0u, observer.latest_explanations().broken_explanations.size()); | 1058 EXPECT_EQ(0u, observer.latest_explanations().broken_explanations.size()); |
| 1051 CheckSecureExplanations(observer.latest_explanations().secure_explanations, | 1059 CheckSecureExplanations(observer.latest_explanations().secure_explanations, |
| 1052 VALID_CERTIFICATE, browser()); | 1060 VALID_CERTIFICATE, browser(), |
| 1061 https_server_.GetCertificate().get()); |
| 1053 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); | 1062 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); |
| 1054 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); | 1063 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); |
| 1055 EXPECT_TRUE(observer.latest_explanations().info_explanations.empty()); | 1064 EXPECT_TRUE(observer.latest_explanations().info_explanations.empty()); |
| 1056 EXPECT_FALSE(observer.latest_explanations().displayed_mixed_content); | 1065 EXPECT_FALSE(observer.latest_explanations().displayed_mixed_content); |
| 1057 EXPECT_FALSE(observer.latest_explanations().ran_mixed_content); | 1066 EXPECT_FALSE(observer.latest_explanations().ran_mixed_content); |
| 1058 | 1067 |
| 1059 // Navigate to a bad HTTPS page on a different host, and then click | 1068 // Navigate to a bad HTTPS page on a different host, and then click |
| 1060 // Back to verify that the previous good security style is seen again. | 1069 // Back to verify that the previous good security style is seen again. |
| 1061 GURL expired_https_url(https_test_server_expired.GetURL("/title1.html")); | 1070 GURL expired_https_url(https_test_server_expired.GetURL("/title1.html")); |
| 1062 host_resolver()->AddRule("www.example_broken.test", "127.0.0.1"); | 1071 host_resolver()->AddRule("www.example_broken.test", "127.0.0.1"); |
| 1063 GURL::Replacements replace_host; | 1072 GURL::Replacements replace_host; |
| 1064 replace_host.SetHostStr("www.example_broken.test"); | 1073 replace_host.SetHostStr("www.example_broken.test"); |
| 1065 GURL https_url_different_host = | 1074 GURL https_url_different_host = |
| 1066 expired_https_url.ReplaceComponents(replace_host); | 1075 expired_https_url.ReplaceComponents(replace_host); |
| 1067 | 1076 |
| 1068 ui_test_utils::NavigateToURL(browser(), https_url_different_host); | 1077 ui_test_utils::NavigateToURL(browser(), https_url_different_host); |
| 1069 | 1078 |
| 1070 content::WaitForInterstitialAttach(web_contents); | 1079 content::WaitForInterstitialAttach(web_contents); |
| 1071 EXPECT_TRUE(web_contents->ShowingInterstitialPage()); | 1080 EXPECT_TRUE(web_contents->ShowingInterstitialPage()); |
| 1072 CheckBrokenSecurityStyle(observer, net::ERR_CERT_COMMON_NAME_INVALID, | 1081 CheckBrokenSecurityStyle(observer, net::ERR_CERT_COMMON_NAME_INVALID, |
| 1073 browser()); | 1082 browser(), |
| 1083 https_test_server_expired.GetCertificate().get()); |
| 1074 ProceedThroughInterstitial(web_contents); | 1084 ProceedThroughInterstitial(web_contents); |
| 1075 CheckBrokenSecurityStyle(observer, net::ERR_CERT_COMMON_NAME_INVALID, | 1085 CheckBrokenSecurityStyle(observer, net::ERR_CERT_COMMON_NAME_INVALID, |
| 1076 browser()); | 1086 browser(), |
| 1087 https_test_server_expired.GetCertificate().get()); |
| 1077 CheckSecureExplanations(observer.latest_explanations().secure_explanations, | 1088 CheckSecureExplanations(observer.latest_explanations().secure_explanations, |
| 1078 INVALID_CERTIFICATE, browser()); | 1089 INVALID_CERTIFICATE, browser(), |
| 1090 https_test_server_expired.GetCertificate().get()); |
| 1079 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); | 1091 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); |
| 1080 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); | 1092 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); |
| 1081 EXPECT_TRUE(observer.latest_explanations().info_explanations.empty()); | 1093 EXPECT_TRUE(observer.latest_explanations().info_explanations.empty()); |
| 1082 EXPECT_FALSE(observer.latest_explanations().displayed_mixed_content); | 1094 EXPECT_FALSE(observer.latest_explanations().displayed_mixed_content); |
| 1083 EXPECT_FALSE(observer.latest_explanations().ran_mixed_content); | 1095 EXPECT_FALSE(observer.latest_explanations().ran_mixed_content); |
| 1084 | 1096 |
| 1085 content::WindowedNotificationObserver back_nav_load_observer( | 1097 content::WindowedNotificationObserver back_nav_load_observer( |
| 1086 content::NOTIFICATION_LOAD_STOP, | 1098 content::NOTIFICATION_LOAD_STOP, |
| 1087 content::Source<content::NavigationController>( | 1099 content::Source<content::NavigationController>( |
| 1088 &web_contents->GetController())); | 1100 &web_contents->GetController())); |
| 1089 chrome::GoBack(browser(), WindowOpenDisposition::CURRENT_TAB); | 1101 chrome::GoBack(browser(), WindowOpenDisposition::CURRENT_TAB); |
| 1090 back_nav_load_observer.Wait(); | 1102 back_nav_load_observer.Wait(); |
| 1091 | 1103 |
| 1092 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATED, | 1104 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATED, |
| 1093 observer.latest_security_style()); | 1105 observer.latest_security_style()); |
| 1094 EXPECT_EQ(0u, | 1106 EXPECT_EQ(0u, |
| 1095 observer.latest_explanations().unauthenticated_explanations.size()); | 1107 observer.latest_explanations().unauthenticated_explanations.size()); |
| 1096 EXPECT_EQ(0u, observer.latest_explanations().broken_explanations.size()); | 1108 EXPECT_EQ(0u, observer.latest_explanations().broken_explanations.size()); |
| 1097 CheckSecureExplanations(observer.latest_explanations().secure_explanations, | 1109 CheckSecureExplanations(observer.latest_explanations().secure_explanations, |
| 1098 VALID_CERTIFICATE, browser()); | 1110 VALID_CERTIFICATE, browser(), |
| 1111 https_server_.GetCertificate().get()); |
| 1099 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); | 1112 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); |
| 1100 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); | 1113 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); |
| 1101 EXPECT_TRUE(observer.latest_explanations().info_explanations.empty()); | 1114 EXPECT_TRUE(observer.latest_explanations().info_explanations.empty()); |
| 1102 EXPECT_FALSE(observer.latest_explanations().displayed_mixed_content); | 1115 EXPECT_FALSE(observer.latest_explanations().displayed_mixed_content); |
| 1103 EXPECT_FALSE(observer.latest_explanations().ran_mixed_content); | 1116 EXPECT_FALSE(observer.latest_explanations().ran_mixed_content); |
| 1104 } | 1117 } |
| 1105 | 1118 |
| 1106 // After AddNonsecureUrlHandler() is called, requests to this hostname | 1119 // After AddNonsecureUrlHandler() is called, requests to this hostname |
| 1107 // will use obsolete TLS settings. | 1120 // will use obsolete TLS settings. |
| 1108 const char kMockNonsecureHostname[] = "example-nonsecure.test"; | 1121 const char kMockNonsecureHostname[] = "example-nonsecure.test"; |
| (...skipping 286 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1395 ChromeSecurityStateModelClient* model_client = | 1408 ChromeSecurityStateModelClient* model_client = |
| 1396 ChromeSecurityStateModelClient::FromWebContents(web_contents); | 1409 ChromeSecurityStateModelClient::FromWebContents(web_contents); |
| 1397 ASSERT_TRUE(model_client); | 1410 ASSERT_TRUE(model_client); |
| 1398 const SecurityStateModel::SecurityInfo& security_info = | 1411 const SecurityStateModel::SecurityInfo& security_info = |
| 1399 model_client->GetSecurityInfo(); | 1412 model_client->GetSecurityInfo(); |
| 1400 EXPECT_EQ(SecurityStateModel::SECURE, security_info.security_level); | 1413 EXPECT_EQ(SecurityStateModel::SECURE, security_info.security_level); |
| 1401 EXPECT_EQ(kTestSCTStatuses, security_info.sct_verify_statuses); | 1414 EXPECT_EQ(kTestSCTStatuses, security_info.sct_verify_statuses); |
| 1402 } | 1415 } |
| 1403 | 1416 |
| 1404 } // namespace | 1417 } // namespace |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2327433002:
Stop using CertStore which is not compatible with PlzNavigate. (Closed)
