| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/ssl/chrome_security_state_model_client.h" | 5 #include "chrome/browser/ssl/chrome_security_state_model_client.h" |
| 6 | 6 |
| 7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
| 8 #include "base/files/file_path.h" | 8 #include "base/files/file_path.h" |
| 9 #include "base/macros.h" | 9 #include "base/macros.h" |
| 10 #include "base/strings/string_split.h" | 10 #include "base/strings/string_split.h" |
| 11 #include "base/strings/utf_string_conversions.h" | 11 #include "base/strings/utf_string_conversions.h" |
| 12 #include "chrome/browser/ssl/cert_verifier_browser_test.h" | 12 #include "chrome/browser/ssl/cert_verifier_browser_test.h" |
| 13 #include "chrome/browser/ssl/chrome_security_state_model_client.h" | 13 #include "chrome/browser/ssl/chrome_security_state_model_client.h" |
| 14 #include "chrome/browser/ssl/ssl_blocking_page.h" | 14 #include "chrome/browser/ssl/ssl_blocking_page.h" |
| 15 #include "chrome/browser/ui/browser.h" | 15 #include "chrome/browser/ui/browser.h" |
| 16 #include "chrome/browser/ui/browser_commands.h" | 16 #include "chrome/browser/ui/browser_commands.h" |
| 17 #include "chrome/browser/ui/tabs/tab_strip_model.h" | 17 #include "chrome/browser/ui/tabs/tab_strip_model.h" |
| 18 #include "chrome/common/chrome_paths.h" | 18 #include "chrome/common/chrome_paths.h" |
| 19 #include "chrome/common/chrome_switches.h" | 19 #include "chrome/common/chrome_switches.h" |
| 20 #include "chrome/common/pref_names.h" | 20 #include "chrome/common/pref_names.h" |
| 21 #include "chrome/grit/generated_resources.h" | 21 #include "chrome/grit/generated_resources.h" |
| 22 #include "chrome/test/base/in_process_browser_test.h" | 22 #include "chrome/test/base/in_process_browser_test.h" |
| 23 #include "chrome/test/base/ui_test_utils.h" | 23 #include "chrome/test/base/ui_test_utils.h" |
| 24 #include "components/prefs/pref_service.h" | 24 #include "components/prefs/pref_service.h" |
| 25 #include "content/public/browser/cert_store.h" | |
| 26 #include "content/public/browser/interstitial_page.h" | 25 #include "content/public/browser/interstitial_page.h" |
| 27 #include "content/public/browser/navigation_controller.h" | 26 #include "content/public/browser/navigation_controller.h" |
| 28 #include "content/public/browser/navigation_entry.h" | 27 #include "content/public/browser/navigation_entry.h" |
| 29 #include "content/public/browser/notification_service.h" | 28 #include "content/public/browser/notification_service.h" |
| 30 #include "content/public/browser/notification_types.h" | 29 #include "content/public/browser/notification_types.h" |
| 31 #include "content/public/browser/security_style_explanation.h" | 30 #include "content/public/browser/security_style_explanation.h" |
| 32 #include "content/public/browser/security_style_explanations.h" | 31 #include "content/public/browser/security_style_explanations.h" |
| 33 #include "content/public/browser/web_contents.h" | 32 #include "content/public/browser/web_contents.h" |
| 34 #include "content/public/common/referrer.h" | 33 #include "content/public/common/referrer.h" |
| 35 #include "content/public/common/ssl_status.h" | 34 #include "content/public/common/ssl_status.h" |
| (...skipping 62 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 98 content::SecurityStyle latest_security_style_; | 97 content::SecurityStyle latest_security_style_; |
| 99 content::SecurityStyleExplanations latest_explanations_; | 98 content::SecurityStyleExplanations latest_explanations_; |
| 100 | 99 |
| 101 DISALLOW_COPY_AND_ASSIGN(SecurityStyleTestObserver); | 100 DISALLOW_COPY_AND_ASSIGN(SecurityStyleTestObserver); |
| 102 }; | 101 }; |
| 103 | 102 |
| 104 // Check that |observer|'s latest event was for an expired certificate | 103 // Check that |observer|'s latest event was for an expired certificate |
| 105 // and that it saw the proper SecurityStyle and explanations. | 104 // and that it saw the proper SecurityStyle and explanations. |
| 106 void CheckBrokenSecurityStyle(const SecurityStyleTestObserver& observer, | 105 void CheckBrokenSecurityStyle(const SecurityStyleTestObserver& observer, |
| 107 int error, | 106 int error, |
| 108 Browser* browser) { | 107 Browser* browser, |
| 108 net::X509Certificate* expected_cert) { |
| 109 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATION_BROKEN, | 109 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATION_BROKEN, |
| 110 observer.latest_security_style()); | 110 observer.latest_security_style()); |
| 111 | 111 |
| 112 const content::SecurityStyleExplanations& expired_explanation = | 112 const content::SecurityStyleExplanations& expired_explanation = |
| 113 observer.latest_explanations(); | 113 observer.latest_explanations(); |
| 114 EXPECT_EQ(0u, expired_explanation.unauthenticated_explanations.size()); | 114 EXPECT_EQ(0u, expired_explanation.unauthenticated_explanations.size()); |
| 115 ASSERT_EQ(1u, expired_explanation.broken_explanations.size()); | 115 ASSERT_EQ(1u, expired_explanation.broken_explanations.size()); |
| 116 EXPECT_FALSE(expired_explanation.pkp_bypassed); | 116 EXPECT_FALSE(expired_explanation.pkp_bypassed); |
| 117 EXPECT_TRUE(expired_explanation.info_explanations.empty()); | 117 EXPECT_TRUE(expired_explanation.info_explanations.empty()); |
| 118 | 118 |
| 119 // Check that the summary and description are as expected. | 119 // Check that the summary and description are as expected. |
| 120 EXPECT_EQ(l10n_util::GetStringUTF8(IDS_CERTIFICATE_CHAIN_ERROR), | 120 EXPECT_EQ(l10n_util::GetStringUTF8(IDS_CERTIFICATE_CHAIN_ERROR), |
| 121 expired_explanation.broken_explanations[0].summary); | 121 expired_explanation.broken_explanations[0].summary); |
| 122 | 122 |
| 123 base::string16 error_string = base::UTF8ToUTF16(net::ErrorToString(error)); | 123 base::string16 error_string = base::UTF8ToUTF16(net::ErrorToString(error)); |
| 124 EXPECT_EQ(l10n_util::GetStringFUTF8( | 124 EXPECT_EQ(l10n_util::GetStringFUTF8( |
| 125 IDS_CERTIFICATE_CHAIN_ERROR_DESCRIPTION_FORMAT, error_string), | 125 IDS_CERTIFICATE_CHAIN_ERROR_DESCRIPTION_FORMAT, error_string), |
| 126 expired_explanation.broken_explanations[0].description); | 126 expired_explanation.broken_explanations[0].description); |
| 127 | 127 |
| 128 // Check the associated certificate id. | 128 // Check the associated certificate. |
| 129 int cert_id = browser->tab_strip_model() | 129 net::X509Certificate* cert = browser->tab_strip_model() |
| 130 ->GetActiveWebContents() | 130 ->GetActiveWebContents() |
| 131 ->GetController() | 131 ->GetController() |
| 132 .GetActiveEntry() | 132 .GetActiveEntry() |
| 133 ->GetSSL() | 133 ->GetSSL() |
| 134 .cert_id; | 134 .certificate.get(); |
| 135 EXPECT_EQ(cert_id, expired_explanation.broken_explanations[0].cert_id); | 135 EXPECT_TRUE(cert->Equals(expected_cert)); |
| 136 EXPECT_TRUE(expired_explanation.broken_explanations[0].has_certificate); |
| 136 } | 137 } |
| 137 | 138 |
| 138 // Checks that the given |secure_explanations| contains an appropriate | 139 // Checks that the given |secure_explanations| contains an appropriate |
| 139 // explanation if the certificate status is valid. | 140 // explanation if the certificate status is valid. |
| 140 void CheckSecureExplanations( | 141 void CheckSecureExplanations( |
| 141 const std::vector<content::SecurityStyleExplanation>& secure_explanations, | 142 const std::vector<content::SecurityStyleExplanation>& secure_explanations, |
| 142 CertificateStatus cert_status, | 143 CertificateStatus cert_status, |
| 143 Browser* browser) { | 144 Browser* browser, |
| 145 net::X509Certificate* expected_cert) { |
| 144 ASSERT_EQ(cert_status == VALID_CERTIFICATE ? 2u : 1u, | 146 ASSERT_EQ(cert_status == VALID_CERTIFICATE ? 2u : 1u, |
| 145 secure_explanations.size()); | 147 secure_explanations.size()); |
| 146 if (cert_status == VALID_CERTIFICATE) { | 148 if (cert_status == VALID_CERTIFICATE) { |
| 147 EXPECT_EQ(l10n_util::GetStringUTF8(IDS_VALID_SERVER_CERTIFICATE), | 149 EXPECT_EQ(l10n_util::GetStringUTF8(IDS_VALID_SERVER_CERTIFICATE), |
| 148 secure_explanations[0].summary); | 150 secure_explanations[0].summary); |
| 149 EXPECT_EQ( | 151 EXPECT_EQ( |
| 150 l10n_util::GetStringUTF8(IDS_VALID_SERVER_CERTIFICATE_DESCRIPTION), | 152 l10n_util::GetStringUTF8(IDS_VALID_SERVER_CERTIFICATE_DESCRIPTION), |
| 151 secure_explanations[0].description); | 153 secure_explanations[0].description); |
| 152 int cert_id = browser->tab_strip_model() | 154 net::X509Certificate* cert = browser->tab_strip_model() |
| 153 ->GetActiveWebContents() | 155 ->GetActiveWebContents() |
| 154 ->GetController() | 156 ->GetController() |
| 155 .GetActiveEntry() | 157 .GetActiveEntry() |
| 156 ->GetSSL() | 158 ->GetSSL() |
| 157 .cert_id; | 159 .certificate.get(); |
| 158 EXPECT_EQ(cert_id, secure_explanations[0].cert_id); | 160 EXPECT_TRUE(cert->Equals(expected_cert)); |
| 161 EXPECT_TRUE(secure_explanations[0].has_certificate); |
| 159 } | 162 } |
| 160 | 163 |
| 161 EXPECT_EQ(l10n_util::GetStringUTF8(IDS_STRONG_SSL_SUMMARY), | 164 EXPECT_EQ(l10n_util::GetStringUTF8(IDS_STRONG_SSL_SUMMARY), |
| 162 secure_explanations.back().summary); | 165 secure_explanations.back().summary); |
| 163 | 166 |
| 164 content::WebContents* web_contents = | 167 content::WebContents* web_contents = |
| 165 browser->tab_strip_model()->GetActiveWebContents(); | 168 browser->tab_strip_model()->GetActiveWebContents(); |
| 166 const SecurityStateModel::SecurityInfo& security_info = | 169 const SecurityStateModel::SecurityInfo& security_info = |
| 167 ChromeSecurityStateModelClient::FromWebContents(web_contents) | 170 ChromeSecurityStateModelClient::FromWebContents(web_contents) |
| 168 ->GetSecurityInfo(); | 171 ->GetSecurityInfo(); |
| (...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 206 model_client->GetSecurityInfo(); | 209 model_client->GetSecurityInfo(); |
| 207 EXPECT_EQ(expect_security_level, security_info.security_level); | 210 EXPECT_EQ(expect_security_level, security_info.security_level); |
| 208 EXPECT_EQ(expect_sha1_status, security_info.sha1_deprecation_status); | 211 EXPECT_EQ(expect_sha1_status, security_info.sha1_deprecation_status); |
| 209 EXPECT_EQ(expect_mixed_content_status, security_info.mixed_content_status); | 212 EXPECT_EQ(expect_mixed_content_status, security_info.mixed_content_status); |
| 210 EXPECT_TRUE(security_info.sct_verify_statuses.empty()); | 213 EXPECT_TRUE(security_info.sct_verify_statuses.empty()); |
| 211 EXPECT_TRUE(security_info.scheme_is_cryptographic); | 214 EXPECT_TRUE(security_info.scheme_is_cryptographic); |
| 212 EXPECT_EQ(pkp_bypassed, security_info.pkp_bypassed); | 215 EXPECT_EQ(pkp_bypassed, security_info.pkp_bypassed); |
| 213 EXPECT_EQ(expect_cert_error, | 216 EXPECT_EQ(expect_cert_error, |
| 214 net::IsCertStatusError(security_info.cert_status)); | 217 net::IsCertStatusError(security_info.cert_status)); |
| 215 EXPECT_GT(security_info.security_bits, 0); | 218 EXPECT_GT(security_info.security_bits, 0); |
| 216 | 219 EXPECT_TRUE(!!security_info.certificate); |
| 217 content::CertStore* cert_store = content::CertStore::GetInstance(); | |
| 218 scoped_refptr<net::X509Certificate> cert; | |
| 219 EXPECT_TRUE(cert_store->RetrieveCert(security_info.cert_id, &cert)); | |
| 220 } | 220 } |
| 221 | 221 |
| 222 void CheckSecurityInfoForNonSecure(content::WebContents* contents) { | 222 void CheckSecurityInfoForNonSecure(content::WebContents* contents) { |
| 223 ASSERT_TRUE(contents); | 223 ASSERT_TRUE(contents); |
| 224 | 224 |
| 225 ChromeSecurityStateModelClient* model_client = | 225 ChromeSecurityStateModelClient* model_client = |
| 226 ChromeSecurityStateModelClient::FromWebContents(contents); | 226 ChromeSecurityStateModelClient::FromWebContents(contents); |
| 227 ASSERT_TRUE(model_client); | 227 ASSERT_TRUE(model_client); |
| 228 const SecurityStateModel::SecurityInfo& security_info = | 228 const SecurityStateModel::SecurityInfo& security_info = |
| 229 model_client->GetSecurityInfo(); | 229 model_client->GetSecurityInfo(); |
| 230 EXPECT_EQ(SecurityStateModel::NONE, security_info.security_level); | 230 EXPECT_EQ(SecurityStateModel::NONE, security_info.security_level); |
| 231 EXPECT_EQ(SecurityStateModel::NO_DEPRECATED_SHA1, | 231 EXPECT_EQ(SecurityStateModel::NO_DEPRECATED_SHA1, |
| 232 security_info.sha1_deprecation_status); | 232 security_info.sha1_deprecation_status); |
| 233 EXPECT_EQ(SecurityStateModel::CONTENT_STATUS_NONE, | 233 EXPECT_EQ(SecurityStateModel::CONTENT_STATUS_NONE, |
| 234 security_info.mixed_content_status); | 234 security_info.mixed_content_status); |
| 235 EXPECT_TRUE(security_info.sct_verify_statuses.empty()); | 235 EXPECT_TRUE(security_info.sct_verify_statuses.empty()); |
| 236 EXPECT_FALSE(security_info.scheme_is_cryptographic); | 236 EXPECT_FALSE(security_info.scheme_is_cryptographic); |
| 237 EXPECT_FALSE(net::IsCertStatusError(security_info.cert_status)); | 237 EXPECT_FALSE(net::IsCertStatusError(security_info.cert_status)); |
| 238 EXPECT_EQ(-1, security_info.security_bits); | 238 EXPECT_EQ(-1, security_info.security_bits); |
| 239 EXPECT_EQ(0, security_info.cert_id); | 239 EXPECT_FALSE(!!security_info.certificate); |
| 240 } | 240 } |
| 241 | 241 |
| 242 void ProceedThroughInterstitial(content::WebContents* tab) { | 242 void ProceedThroughInterstitial(content::WebContents* tab) { |
| 243 content::InterstitialPage* interstitial_page = tab->GetInterstitialPage(); | 243 content::InterstitialPage* interstitial_page = tab->GetInterstitialPage(); |
| 244 ASSERT_TRUE(interstitial_page); | 244 ASSERT_TRUE(interstitial_page); |
| 245 ASSERT_EQ(SSLBlockingPage::kTypeForTesting, | 245 ASSERT_EQ(SSLBlockingPage::kTypeForTesting, |
| 246 interstitial_page->GetDelegateForTesting()->GetTypeForTesting()); | 246 interstitial_page->GetDelegateForTesting()->GetTypeForTesting()); |
| 247 content::WindowedNotificationObserver observer( | 247 content::WindowedNotificationObserver observer( |
| 248 content::NOTIFICATION_LOAD_STOP, | 248 content::NOTIFICATION_LOAD_STOP, |
| 249 content::Source<content::NavigationController>(&tab->GetController())); | 249 content::Source<content::NavigationController>(&tab->GetController())); |
| (...skipping 26 matching lines...) Expand all Loading... |
| 276 | 276 |
| 277 protected: | 277 protected: |
| 278 void SetUpMockCertVerifierForHttpsServer(net::CertStatus cert_status, | 278 void SetUpMockCertVerifierForHttpsServer(net::CertStatus cert_status, |
| 279 int net_result) { | 279 int net_result) { |
| 280 scoped_refptr<net::X509Certificate> cert(https_server_.GetCertificate()); | 280 scoped_refptr<net::X509Certificate> cert(https_server_.GetCertificate()); |
| 281 net::CertVerifyResult verify_result; | 281 net::CertVerifyResult verify_result; |
| 282 verify_result.is_issued_by_known_root = true; | 282 verify_result.is_issued_by_known_root = true; |
| 283 verify_result.verified_cert = cert; | 283 verify_result.verified_cert = cert; |
| 284 verify_result.cert_status = cert_status; | 284 verify_result.cert_status = cert_status; |
| 285 | 285 |
| 286 mock_cert_verifier()->AddResultForCert(cert.get(), verify_result, | 286 mock_cert_verifier()->AddResultForCert(cert, verify_result, net_result); |
| 287 net_result); | |
| 288 } | 287 } |
| 289 | 288 |
| 290 net::EmbeddedTestServer https_server_; | 289 net::EmbeddedTestServer https_server_; |
| 291 | 290 |
| 292 private: | 291 private: |
| 293 DISALLOW_COPY_AND_ASSIGN(ChromeSecurityStateModelClientTest); | 292 DISALLOW_COPY_AND_ASSIGN(ChromeSecurityStateModelClientTest); |
| 294 }; | 293 }; |
| 295 | 294 |
| 296 class SecurityStyleChangedTest : public InProcessBrowserTest { | 295 class SecurityStyleChangedTest : public InProcessBrowserTest { |
| 297 public: | 296 public: |
| (...skipping 28 matching lines...) Expand all Loading... |
| 326 const SecurityStateModel::SecurityInfo& security_info = | 325 const SecurityStateModel::SecurityInfo& security_info = |
| 327 model_client->GetSecurityInfo(); | 326 model_client->GetSecurityInfo(); |
| 328 EXPECT_EQ(SecurityStateModel::NONE, security_info.security_level); | 327 EXPECT_EQ(SecurityStateModel::NONE, security_info.security_level); |
| 329 EXPECT_EQ(SecurityStateModel::NO_DEPRECATED_SHA1, | 328 EXPECT_EQ(SecurityStateModel::NO_DEPRECATED_SHA1, |
| 330 security_info.sha1_deprecation_status); | 329 security_info.sha1_deprecation_status); |
| 331 EXPECT_EQ(SecurityStateModel::CONTENT_STATUS_NONE, | 330 EXPECT_EQ(SecurityStateModel::CONTENT_STATUS_NONE, |
| 332 security_info.mixed_content_status); | 331 security_info.mixed_content_status); |
| 333 EXPECT_TRUE(security_info.sct_verify_statuses.empty()); | 332 EXPECT_TRUE(security_info.sct_verify_statuses.empty()); |
| 334 EXPECT_FALSE(security_info.scheme_is_cryptographic); | 333 EXPECT_FALSE(security_info.scheme_is_cryptographic); |
| 335 EXPECT_FALSE(net::IsCertStatusError(security_info.cert_status)); | 334 EXPECT_FALSE(net::IsCertStatusError(security_info.cert_status)); |
| 336 EXPECT_EQ(0, security_info.cert_id); | 335 EXPECT_FALSE(!!security_info.certificate); |
| 337 EXPECT_EQ(-1, security_info.security_bits); | 336 EXPECT_EQ(-1, security_info.security_bits); |
| 338 EXPECT_EQ(0, security_info.connection_status); | 337 EXPECT_EQ(0, security_info.connection_status); |
| 339 } | 338 } |
| 340 | 339 |
| 341 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, HttpsPage) { | 340 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, HttpsPage) { |
| 342 ASSERT_TRUE(https_server_.Start()); | 341 ASSERT_TRUE(https_server_.Start()); |
| 343 SetUpMockCertVerifierForHttpsServer(0, net::OK); | 342 SetUpMockCertVerifierForHttpsServer(0, net::OK); |
| 344 | 343 |
| 345 ui_test_utils::NavigateToURL(browser(), | 344 ui_test_utils::NavigateToURL(browser(), |
| 346 https_server_.GetURL("/ssl/google.html")); | 345 https_server_.GetURL("/ssl/google.html")); |
| (...skipping 397 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 744 | 743 |
| 745 scoped_refptr<net::X509Certificate> cert(https_server_.GetCertificate()); | 744 scoped_refptr<net::X509Certificate> cert(https_server_.GetCertificate()); |
| 746 net::CertVerifyResult verify_result; | 745 net::CertVerifyResult verify_result; |
| 747 // PKP is bypassed when |is_issued_by_known_root| is false. | 746 // PKP is bypassed when |is_issued_by_known_root| is false. |
| 748 verify_result.is_issued_by_known_root = false; | 747 verify_result.is_issued_by_known_root = false; |
| 749 verify_result.verified_cert = cert; | 748 verify_result.verified_cert = cert; |
| 750 net::HashValue hash(net::HASH_VALUE_SHA256); | 749 net::HashValue hash(net::HASH_VALUE_SHA256); |
| 751 memset(hash.data(), 1, hash.size()); | 750 memset(hash.data(), 1, hash.size()); |
| 752 verify_result.public_key_hashes.push_back(hash); | 751 verify_result.public_key_hashes.push_back(hash); |
| 753 | 752 |
| 754 mock_cert_verifier()->AddResultForCert(cert.get(), verify_result, net::OK); | 753 mock_cert_verifier()->AddResultForCert(cert, verify_result, net::OK); |
| 755 | 754 |
| 756 ui_test_utils::NavigateToURL(browser(), | 755 ui_test_utils::NavigateToURL(browser(), |
| 757 https_server_.GetURL("/ssl/google.html")); | 756 https_server_.GetURL("/ssl/google.html")); |
| 758 | 757 |
| 759 CheckSecurityInfoForSecure( | 758 CheckSecurityInfoForSecure( |
| 760 browser()->tab_strip_model()->GetActiveWebContents(), | 759 browser()->tab_strip_model()->GetActiveWebContents(), |
| 761 SecurityStateModel::SECURE, SecurityStateModel::NO_DEPRECATED_SHA1, | 760 SecurityStateModel::SECURE, SecurityStateModel::NO_DEPRECATED_SHA1, |
| 762 SecurityStateModel::CONTENT_STATUS_NONE, true, false); | 761 SecurityStateModel::CONTENT_STATUS_NONE, true, false); |
| 763 | 762 |
| 764 const content::SecurityStyleExplanations& explanation = | 763 const content::SecurityStyleExplanations& explanation = |
| 765 observer.latest_explanations(); | 764 observer.latest_explanations(); |
| 766 EXPECT_TRUE(explanation.pkp_bypassed); | 765 EXPECT_TRUE(explanation.pkp_bypassed); |
| 767 EXPECT_FALSE(explanation.info_explanations.empty()); | 766 EXPECT_FALSE(explanation.info_explanations.empty()); |
| 768 } | 767 } |
| 769 | 768 |
| 770 IN_PROC_BROWSER_TEST_F(PKPModelClientTest, PKPEnforced) { | 769 IN_PROC_BROWSER_TEST_F(PKPModelClientTest, PKPEnforced) { |
| 771 content::WebContents* web_contents = | 770 content::WebContents* web_contents = |
| 772 browser()->tab_strip_model()->GetActiveWebContents(); | 771 browser()->tab_strip_model()->GetActiveWebContents(); |
| 773 SecurityStyleTestObserver observer(web_contents); | 772 SecurityStyleTestObserver observer(web_contents); |
| 774 | 773 |
| 775 scoped_refptr<net::X509Certificate> cert(https_server_.GetCertificate()); | 774 scoped_refptr<net::X509Certificate> cert(https_server_.GetCertificate()); |
| 776 net::CertVerifyResult verify_result; | 775 net::CertVerifyResult verify_result; |
| 777 // PKP requires |is_issued_by_known_root| to be true. | 776 // PKP requires |is_issued_by_known_root| to be true. |
| 778 verify_result.is_issued_by_known_root = true; | 777 verify_result.is_issued_by_known_root = true; |
| 779 verify_result.verified_cert = cert; | 778 verify_result.verified_cert = cert; |
| 780 net::HashValue hash(net::HASH_VALUE_SHA256); | 779 net::HashValue hash(net::HASH_VALUE_SHA256); |
| 781 memset(hash.data(), 1, hash.size()); | 780 memset(hash.data(), 1, hash.size()); |
| 782 verify_result.public_key_hashes.push_back(hash); | 781 verify_result.public_key_hashes.push_back(hash); |
| 783 | 782 |
| 784 mock_cert_verifier()->AddResultForCert(cert.get(), verify_result, net::OK); | 783 mock_cert_verifier()->AddResultForCert(cert, verify_result, net::OK); |
| 785 | 784 |
| 786 ui_test_utils::NavigateToURL(browser(), | 785 ui_test_utils::NavigateToURL(browser(), |
| 787 https_server_.GetURL("/ssl/google.html")); | 786 https_server_.GetURL("/ssl/google.html")); |
| 788 CheckBrokenSecurityStyle(observer, net::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN, | 787 CheckBrokenSecurityStyle(observer, net::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN, |
| 789 browser()); | 788 browser(), cert.get()); |
| 790 } | 789 } |
| 791 | 790 |
| 792 // Fails requests with ERR_IO_PENDING. Can be used to simulate a navigation | 791 // Fails requests with ERR_IO_PENDING. Can be used to simulate a navigation |
| 793 // that never stops loading. | 792 // that never stops loading. |
| 794 class PendingJobInterceptor : public net::URLRequestInterceptor { | 793 class PendingJobInterceptor : public net::URLRequestInterceptor { |
| 795 public: | 794 public: |
| 796 PendingJobInterceptor() {} | 795 PendingJobInterceptor() {} |
| 797 ~PendingJobInterceptor() override {} | 796 ~PendingJobInterceptor() override {} |
| 798 | 797 |
| 799 // URLRequestInterceptor implementation | 798 // URLRequestInterceptor implementation |
| (...skipping 130 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 930 GURL mixed_content_url(https_server_.GetURL(replacement_path)); | 929 GURL mixed_content_url(https_server_.GetURL(replacement_path)); |
| 931 ui_test_utils::NavigateToURL(browser(), mixed_content_url); | 930 ui_test_utils::NavigateToURL(browser(), mixed_content_url); |
| 932 EXPECT_EQ(content::SECURITY_STYLE_UNAUTHENTICATED, | 931 EXPECT_EQ(content::SECURITY_STYLE_UNAUTHENTICATED, |
| 933 observer.latest_security_style()); | 932 observer.latest_security_style()); |
| 934 | 933 |
| 935 const content::SecurityStyleExplanations& mixed_content_explanation = | 934 const content::SecurityStyleExplanations& mixed_content_explanation = |
| 936 observer.latest_explanations(); | 935 observer.latest_explanations(); |
| 937 ASSERT_EQ(0u, mixed_content_explanation.unauthenticated_explanations.size()); | 936 ASSERT_EQ(0u, mixed_content_explanation.unauthenticated_explanations.size()); |
| 938 ASSERT_EQ(0u, mixed_content_explanation.broken_explanations.size()); | 937 ASSERT_EQ(0u, mixed_content_explanation.broken_explanations.size()); |
| 939 CheckSecureExplanations(mixed_content_explanation.secure_explanations, | 938 CheckSecureExplanations(mixed_content_explanation.secure_explanations, |
| 940 VALID_CERTIFICATE, browser()); | 939 VALID_CERTIFICATE, browser(), |
| 940 https_server_.GetCertificate().get()); |
| 941 EXPECT_TRUE(mixed_content_explanation.scheme_is_cryptographic); | 941 EXPECT_TRUE(mixed_content_explanation.scheme_is_cryptographic); |
| 942 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); | 942 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); |
| 943 EXPECT_TRUE(observer.latest_explanations().info_explanations.empty()); | 943 EXPECT_TRUE(observer.latest_explanations().info_explanations.empty()); |
| 944 EXPECT_TRUE(mixed_content_explanation.displayed_mixed_content); | 944 EXPECT_TRUE(mixed_content_explanation.displayed_mixed_content); |
| 945 EXPECT_FALSE(mixed_content_explanation.ran_mixed_content); | 945 EXPECT_FALSE(mixed_content_explanation.ran_mixed_content); |
| 946 EXPECT_EQ(content::SECURITY_STYLE_UNAUTHENTICATED, | 946 EXPECT_EQ(content::SECURITY_STYLE_UNAUTHENTICATED, |
| 947 mixed_content_explanation.displayed_insecure_content_style); | 947 mixed_content_explanation.displayed_insecure_content_style); |
| 948 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATION_BROKEN, | 948 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATION_BROKEN, |
| 949 mixed_content_explanation.ran_insecure_content_style); | 949 mixed_content_explanation.ran_insecure_content_style); |
| 950 | 950 |
| 951 // Visit a broken HTTPS url. | 951 // Visit a broken HTTPS url. |
| 952 GURL expired_url(https_test_server_expired.GetURL("/title1.html")); | 952 GURL expired_url(https_test_server_expired.GetURL("/title1.html")); |
| 953 ui_test_utils::NavigateToURL(browser(), expired_url); | 953 ui_test_utils::NavigateToURL(browser(), expired_url); |
| 954 | 954 |
| 955 // An interstitial should show, and an event for the lock icon on the | 955 // An interstitial should show, and an event for the lock icon on the |
| 956 // interstitial should fire. | 956 // interstitial should fire. |
| 957 content::WaitForInterstitialAttach(web_contents); | 957 content::WaitForInterstitialAttach(web_contents); |
| 958 EXPECT_TRUE(web_contents->ShowingInterstitialPage()); | 958 EXPECT_TRUE(web_contents->ShowingInterstitialPage()); |
| 959 CheckBrokenSecurityStyle(observer, net::ERR_CERT_DATE_INVALID, browser()); | 959 CheckBrokenSecurityStyle(observer, net::ERR_CERT_DATE_INVALID, browser(), |
| 960 https_test_server_expired.GetCertificate().get()); |
| 960 CheckSecureExplanations(observer.latest_explanations().secure_explanations, | 961 CheckSecureExplanations(observer.latest_explanations().secure_explanations, |
| 961 INVALID_CERTIFICATE, browser()); | 962 INVALID_CERTIFICATE, browser(), |
| 963 https_test_server_expired.GetCertificate().get()); |
| 962 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); | 964 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); |
| 963 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); | 965 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); |
| 964 EXPECT_TRUE(observer.latest_explanations().info_explanations.empty()); | 966 EXPECT_TRUE(observer.latest_explanations().info_explanations.empty()); |
| 965 EXPECT_FALSE(observer.latest_explanations().displayed_mixed_content); | 967 EXPECT_FALSE(observer.latest_explanations().displayed_mixed_content); |
| 966 EXPECT_FALSE(observer.latest_explanations().ran_mixed_content); | 968 EXPECT_FALSE(observer.latest_explanations().ran_mixed_content); |
| 967 | 969 |
| 968 // Before clicking through, navigate to a different page, and then go | 970 // Before clicking through, navigate to a different page, and then go |
| 969 // back to the interstitial. | 971 // back to the interstitial. |
| 970 GURL valid_https_url(https_server_.GetURL("/title1.html")); | 972 GURL valid_https_url(https_server_.GetURL("/title1.html")); |
| 971 ui_test_utils::NavigateToURL(browser(), valid_https_url); | 973 ui_test_utils::NavigateToURL(browser(), valid_https_url); |
| 972 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATED, | 974 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATED, |
| 973 observer.latest_security_style()); | 975 observer.latest_security_style()); |
| 974 EXPECT_EQ(0u, | 976 EXPECT_EQ(0u, |
| 975 observer.latest_explanations().unauthenticated_explanations.size()); | 977 observer.latest_explanations().unauthenticated_explanations.size()); |
| 976 EXPECT_EQ(0u, observer.latest_explanations().broken_explanations.size()); | 978 EXPECT_EQ(0u, observer.latest_explanations().broken_explanations.size()); |
| 977 CheckSecureExplanations(observer.latest_explanations().secure_explanations, | 979 CheckSecureExplanations(observer.latest_explanations().secure_explanations, |
| 978 VALID_CERTIFICATE, browser()); | 980 VALID_CERTIFICATE, browser(), |
| 981 https_server_.GetCertificate().get()); |
| 979 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); | 982 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); |
| 980 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); | 983 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); |
| 981 EXPECT_TRUE(observer.latest_explanations().info_explanations.empty()); | 984 EXPECT_TRUE(observer.latest_explanations().info_explanations.empty()); |
| 982 EXPECT_FALSE(observer.latest_explanations().displayed_mixed_content); | 985 EXPECT_FALSE(observer.latest_explanations().displayed_mixed_content); |
| 983 EXPECT_FALSE(observer.latest_explanations().ran_mixed_content); | 986 EXPECT_FALSE(observer.latest_explanations().ran_mixed_content); |
| 984 | 987 |
| 985 // After going back to the interstitial, an event for a broken lock | 988 // After going back to the interstitial, an event for a broken lock |
| 986 // icon should fire again. | 989 // icon should fire again. |
| 987 ui_test_utils::NavigateToURL(browser(), expired_url); | 990 ui_test_utils::NavigateToURL(browser(), expired_url); |
| 988 content::WaitForInterstitialAttach(web_contents); | 991 content::WaitForInterstitialAttach(web_contents); |
| 989 EXPECT_TRUE(web_contents->ShowingInterstitialPage()); | 992 EXPECT_TRUE(web_contents->ShowingInterstitialPage()); |
| 990 CheckBrokenSecurityStyle(observer, net::ERR_CERT_DATE_INVALID, browser()); | 993 CheckBrokenSecurityStyle(observer, net::ERR_CERT_DATE_INVALID, browser(), |
| 994 https_test_server_expired.GetCertificate().get()); |
| 991 CheckSecureExplanations(observer.latest_explanations().secure_explanations, | 995 CheckSecureExplanations(observer.latest_explanations().secure_explanations, |
| 992 INVALID_CERTIFICATE, browser()); | 996 INVALID_CERTIFICATE, browser(), |
| 997 https_test_server_expired.GetCertificate().get()); |
| 993 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); | 998 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); |
| 994 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); | 999 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); |
| 995 EXPECT_TRUE(observer.latest_explanations().info_explanations.empty()); | 1000 EXPECT_TRUE(observer.latest_explanations().info_explanations.empty()); |
| 996 EXPECT_FALSE(observer.latest_explanations().displayed_mixed_content); | 1001 EXPECT_FALSE(observer.latest_explanations().displayed_mixed_content); |
| 997 EXPECT_FALSE(observer.latest_explanations().ran_mixed_content); | 1002 EXPECT_FALSE(observer.latest_explanations().ran_mixed_content); |
| 998 | 1003 |
| 999 // Since the next expected style is the same as the previous, clear | 1004 // Since the next expected style is the same as the previous, clear |
| 1000 // the observer (to make sure that the event fires twice and we don't | 1005 // the observer (to make sure that the event fires twice and we don't |
| 1001 // just see the previous event's style). | 1006 // just see the previous event's style). |
| 1002 observer.ClearLatestSecurityStyleAndExplanations(); | 1007 observer.ClearLatestSecurityStyleAndExplanations(); |
| 1003 | 1008 |
| 1004 // Other conditions cannot be tested on this host after clicking | 1009 // Other conditions cannot be tested on this host after clicking |
| 1005 // through because once the interstitial is clicked through, all URLs | 1010 // through because once the interstitial is clicked through, all URLs |
| 1006 // for this host will remain in a broken state. | 1011 // for this host will remain in a broken state. |
| 1007 ProceedThroughInterstitial(web_contents); | 1012 ProceedThroughInterstitial(web_contents); |
| 1008 CheckBrokenSecurityStyle(observer, net::ERR_CERT_DATE_INVALID, browser()); | 1013 CheckBrokenSecurityStyle(observer, net::ERR_CERT_DATE_INVALID, browser(), |
| 1014 https_test_server_expired.GetCertificate().get()); |
| 1009 CheckSecureExplanations(observer.latest_explanations().secure_explanations, | 1015 CheckSecureExplanations(observer.latest_explanations().secure_explanations, |
| 1010 INVALID_CERTIFICATE, browser()); | 1016 INVALID_CERTIFICATE, browser(), |
| 1017 https_test_server_expired.GetCertificate().get()); |
| 1011 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); | 1018 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); |
| 1012 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); | 1019 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); |
| 1013 EXPECT_TRUE(observer.latest_explanations().info_explanations.empty()); | 1020 EXPECT_TRUE(observer.latest_explanations().info_explanations.empty()); |
| 1014 EXPECT_FALSE(observer.latest_explanations().displayed_mixed_content); | 1021 EXPECT_FALSE(observer.latest_explanations().displayed_mixed_content); |
| 1015 EXPECT_FALSE(observer.latest_explanations().ran_mixed_content); | 1022 EXPECT_FALSE(observer.latest_explanations().ran_mixed_content); |
| 1016 } | 1023 } |
| 1017 | 1024 |
| 1018 // Visit a valid HTTPS page, then a broken HTTPS page, and then go back, | 1025 // Visit a valid HTTPS page, then a broken HTTPS page, and then go back, |
| 1019 // and test that the observed security style matches. | 1026 // and test that the observed security style matches. |
| 1020 #if defined(OS_CHROMEOS) | 1027 #if defined(OS_CHROMEOS) |
| (...skipping 21 matching lines...) Expand all Loading... |
| 1042 | 1049 |
| 1043 // Visit a valid HTTPS url. | 1050 // Visit a valid HTTPS url. |
| 1044 GURL valid_https_url(https_server_.GetURL("/title1.html")); | 1051 GURL valid_https_url(https_server_.GetURL("/title1.html")); |
| 1045 ui_test_utils::NavigateToURL(browser(), valid_https_url); | 1052 ui_test_utils::NavigateToURL(browser(), valid_https_url); |
| 1046 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATED, | 1053 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATED, |
| 1047 observer.latest_security_style()); | 1054 observer.latest_security_style()); |
| 1048 EXPECT_EQ(0u, | 1055 EXPECT_EQ(0u, |
| 1049 observer.latest_explanations().unauthenticated_explanations.size()); | 1056 observer.latest_explanations().unauthenticated_explanations.size()); |
| 1050 EXPECT_EQ(0u, observer.latest_explanations().broken_explanations.size()); | 1057 EXPECT_EQ(0u, observer.latest_explanations().broken_explanations.size()); |
| 1051 CheckSecureExplanations(observer.latest_explanations().secure_explanations, | 1058 CheckSecureExplanations(observer.latest_explanations().secure_explanations, |
| 1052 VALID_CERTIFICATE, browser()); | 1059 VALID_CERTIFICATE, browser(), |
| 1060 https_server_.GetCertificate().get()); |
| 1053 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); | 1061 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); |
| 1054 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); | 1062 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); |
| 1055 EXPECT_TRUE(observer.latest_explanations().info_explanations.empty()); | 1063 EXPECT_TRUE(observer.latest_explanations().info_explanations.empty()); |
| 1056 EXPECT_FALSE(observer.latest_explanations().displayed_mixed_content); | 1064 EXPECT_FALSE(observer.latest_explanations().displayed_mixed_content); |
| 1057 EXPECT_FALSE(observer.latest_explanations().ran_mixed_content); | 1065 EXPECT_FALSE(observer.latest_explanations().ran_mixed_content); |
| 1058 | 1066 |
| 1059 // Navigate to a bad HTTPS page on a different host, and then click | 1067 // Navigate to a bad HTTPS page on a different host, and then click |
| 1060 // Back to verify that the previous good security style is seen again. | 1068 // Back to verify that the previous good security style is seen again. |
| 1061 GURL expired_https_url(https_test_server_expired.GetURL("/title1.html")); | 1069 GURL expired_https_url(https_test_server_expired.GetURL("/title1.html")); |
| 1062 host_resolver()->AddRule("www.example_broken.test", "127.0.0.1"); | 1070 host_resolver()->AddRule("www.example_broken.test", "127.0.0.1"); |
| 1063 GURL::Replacements replace_host; | 1071 GURL::Replacements replace_host; |
| 1064 replace_host.SetHostStr("www.example_broken.test"); | 1072 replace_host.SetHostStr("www.example_broken.test"); |
| 1065 GURL https_url_different_host = | 1073 GURL https_url_different_host = |
| 1066 expired_https_url.ReplaceComponents(replace_host); | 1074 expired_https_url.ReplaceComponents(replace_host); |
| 1067 | 1075 |
| 1068 ui_test_utils::NavigateToURL(browser(), https_url_different_host); | 1076 ui_test_utils::NavigateToURL(browser(), https_url_different_host); |
| 1069 | 1077 |
| 1070 content::WaitForInterstitialAttach(web_contents); | 1078 content::WaitForInterstitialAttach(web_contents); |
| 1071 EXPECT_TRUE(web_contents->ShowingInterstitialPage()); | 1079 EXPECT_TRUE(web_contents->ShowingInterstitialPage()); |
| 1072 CheckBrokenSecurityStyle(observer, net::ERR_CERT_COMMON_NAME_INVALID, | 1080 CheckBrokenSecurityStyle(observer, net::ERR_CERT_COMMON_NAME_INVALID, |
| 1073 browser()); | 1081 browser(), |
| 1082 https_test_server_expired.GetCertificate().get()); |
| 1074 ProceedThroughInterstitial(web_contents); | 1083 ProceedThroughInterstitial(web_contents); |
| 1075 CheckBrokenSecurityStyle(observer, net::ERR_CERT_COMMON_NAME_INVALID, | 1084 CheckBrokenSecurityStyle(observer, net::ERR_CERT_COMMON_NAME_INVALID, |
| 1076 browser()); | 1085 browser(), |
| 1086 https_test_server_expired.GetCertificate().get()); |
| 1077 CheckSecureExplanations(observer.latest_explanations().secure_explanations, | 1087 CheckSecureExplanations(observer.latest_explanations().secure_explanations, |
| 1078 INVALID_CERTIFICATE, browser()); | 1088 INVALID_CERTIFICATE, browser(), |
| 1089 https_test_server_expired.GetCertificate().get()); |
| 1079 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); | 1090 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); |
| 1080 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); | 1091 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); |
| 1081 EXPECT_TRUE(observer.latest_explanations().info_explanations.empty()); | 1092 EXPECT_TRUE(observer.latest_explanations().info_explanations.empty()); |
| 1082 EXPECT_FALSE(observer.latest_explanations().displayed_mixed_content); | 1093 EXPECT_FALSE(observer.latest_explanations().displayed_mixed_content); |
| 1083 EXPECT_FALSE(observer.latest_explanations().ran_mixed_content); | 1094 EXPECT_FALSE(observer.latest_explanations().ran_mixed_content); |
| 1084 | 1095 |
| 1085 content::WindowedNotificationObserver back_nav_load_observer( | 1096 content::WindowedNotificationObserver back_nav_load_observer( |
| 1086 content::NOTIFICATION_LOAD_STOP, | 1097 content::NOTIFICATION_LOAD_STOP, |
| 1087 content::Source<content::NavigationController>( | 1098 content::Source<content::NavigationController>( |
| 1088 &web_contents->GetController())); | 1099 &web_contents->GetController())); |
| 1089 chrome::GoBack(browser(), WindowOpenDisposition::CURRENT_TAB); | 1100 chrome::GoBack(browser(), WindowOpenDisposition::CURRENT_TAB); |
| 1090 back_nav_load_observer.Wait(); | 1101 back_nav_load_observer.Wait(); |
| 1091 | 1102 |
| 1092 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATED, | 1103 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATED, |
| 1093 observer.latest_security_style()); | 1104 observer.latest_security_style()); |
| 1094 EXPECT_EQ(0u, | 1105 EXPECT_EQ(0u, |
| 1095 observer.latest_explanations().unauthenticated_explanations.size()); | 1106 observer.latest_explanations().unauthenticated_explanations.size()); |
| 1096 EXPECT_EQ(0u, observer.latest_explanations().broken_explanations.size()); | 1107 EXPECT_EQ(0u, observer.latest_explanations().broken_explanations.size()); |
| 1097 CheckSecureExplanations(observer.latest_explanations().secure_explanations, | 1108 CheckSecureExplanations(observer.latest_explanations().secure_explanations, |
| 1098 VALID_CERTIFICATE, browser()); | 1109 VALID_CERTIFICATE, browser(), |
| 1110 https_server_.GetCertificate().get()); |
| 1099 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); | 1111 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); |
| 1100 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); | 1112 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); |
| 1101 EXPECT_TRUE(observer.latest_explanations().info_explanations.empty()); | 1113 EXPECT_TRUE(observer.latest_explanations().info_explanations.empty()); |
| 1102 EXPECT_FALSE(observer.latest_explanations().displayed_mixed_content); | 1114 EXPECT_FALSE(observer.latest_explanations().displayed_mixed_content); |
| 1103 EXPECT_FALSE(observer.latest_explanations().ran_mixed_content); | 1115 EXPECT_FALSE(observer.latest_explanations().ran_mixed_content); |
| 1104 } | 1116 } |
| 1105 | 1117 |
| 1106 // After AddNonsecureUrlHandler() is called, requests to this hostname | 1118 // After AddNonsecureUrlHandler() is called, requests to this hostname |
| 1107 // will use obsolete TLS settings. | 1119 // will use obsolete TLS settings. |
| 1108 const char kMockNonsecureHostname[] = "example-nonsecure.test"; | 1120 const char kMockNonsecureHostname[] = "example-nonsecure.test"; |
| (...skipping 286 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1395 ChromeSecurityStateModelClient* model_client = | 1407 ChromeSecurityStateModelClient* model_client = |
| 1396 ChromeSecurityStateModelClient::FromWebContents(web_contents); | 1408 ChromeSecurityStateModelClient::FromWebContents(web_contents); |
| 1397 ASSERT_TRUE(model_client); | 1409 ASSERT_TRUE(model_client); |
| 1398 const SecurityStateModel::SecurityInfo& security_info = | 1410 const SecurityStateModel::SecurityInfo& security_info = |
| 1399 model_client->GetSecurityInfo(); | 1411 model_client->GetSecurityInfo(); |
| 1400 EXPECT_EQ(SecurityStateModel::SECURE, security_info.security_level); | 1412 EXPECT_EQ(SecurityStateModel::SECURE, security_info.security_level); |
| 1401 EXPECT_EQ(kTestSCTStatuses, security_info.sct_verify_statuses); | 1413 EXPECT_EQ(kTestSCTStatuses, security_info.sct_verify_statuses); |
| 1402 } | 1414 } |
| 1403 | 1415 |
| 1404 } // namespace | 1416 } // namespace |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2327433002:
Stop using CertStore which is not compatible with PlzNavigate. (Closed)
