OLD | NEW |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/ssl/chrome_security_state_model_client.h" | 5 #include "chrome/browser/ssl/chrome_security_state_model_client.h" |
6 | 6 |
7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
8 #include "base/files/file_path.h" | 8 #include "base/files/file_path.h" |
9 #include "base/macros.h" | 9 #include "base/macros.h" |
10 #include "base/strings/string_split.h" | 10 #include "base/strings/string_split.h" |
11 #include "base/strings/utf_string_conversions.h" | 11 #include "base/strings/utf_string_conversions.h" |
12 #include "chrome/browser/ssl/cert_verifier_browser_test.h" | 12 #include "chrome/browser/ssl/cert_verifier_browser_test.h" |
13 #include "chrome/browser/ssl/chrome_security_state_model_client.h" | 13 #include "chrome/browser/ssl/chrome_security_state_model_client.h" |
14 #include "chrome/browser/ssl/ssl_blocking_page.h" | 14 #include "chrome/browser/ssl/ssl_blocking_page.h" |
15 #include "chrome/browser/ui/browser.h" | 15 #include "chrome/browser/ui/browser.h" |
16 #include "chrome/browser/ui/browser_commands.h" | 16 #include "chrome/browser/ui/browser_commands.h" |
17 #include "chrome/browser/ui/tabs/tab_strip_model.h" | 17 #include "chrome/browser/ui/tabs/tab_strip_model.h" |
18 #include "chrome/common/chrome_paths.h" | 18 #include "chrome/common/chrome_paths.h" |
19 #include "chrome/common/chrome_switches.h" | 19 #include "chrome/common/chrome_switches.h" |
20 #include "chrome/common/pref_names.h" | 20 #include "chrome/common/pref_names.h" |
21 #include "chrome/grit/generated_resources.h" | 21 #include "chrome/grit/generated_resources.h" |
22 #include "chrome/test/base/in_process_browser_test.h" | 22 #include "chrome/test/base/in_process_browser_test.h" |
23 #include "chrome/test/base/ui_test_utils.h" | 23 #include "chrome/test/base/ui_test_utils.h" |
24 #include "components/prefs/pref_service.h" | 24 #include "components/prefs/pref_service.h" |
25 #include "content/public/browser/cert_store.h" | |
26 #include "content/public/browser/interstitial_page.h" | 25 #include "content/public/browser/interstitial_page.h" |
27 #include "content/public/browser/navigation_controller.h" | 26 #include "content/public/browser/navigation_controller.h" |
28 #include "content/public/browser/navigation_entry.h" | 27 #include "content/public/browser/navigation_entry.h" |
29 #include "content/public/browser/notification_service.h" | 28 #include "content/public/browser/notification_service.h" |
30 #include "content/public/browser/notification_types.h" | 29 #include "content/public/browser/notification_types.h" |
31 #include "content/public/browser/security_style_explanation.h" | 30 #include "content/public/browser/security_style_explanation.h" |
32 #include "content/public/browser/security_style_explanations.h" | 31 #include "content/public/browser/security_style_explanations.h" |
33 #include "content/public/browser/web_contents.h" | 32 #include "content/public/browser/web_contents.h" |
34 #include "content/public/common/referrer.h" | 33 #include "content/public/common/referrer.h" |
35 #include "content/public/common/ssl_status.h" | 34 #include "content/public/common/ssl_status.h" |
(...skipping 62 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
98 content::SecurityStyle latest_security_style_; | 97 content::SecurityStyle latest_security_style_; |
99 content::SecurityStyleExplanations latest_explanations_; | 98 content::SecurityStyleExplanations latest_explanations_; |
100 | 99 |
101 DISALLOW_COPY_AND_ASSIGN(SecurityStyleTestObserver); | 100 DISALLOW_COPY_AND_ASSIGN(SecurityStyleTestObserver); |
102 }; | 101 }; |
103 | 102 |
104 // Check that |observer|'s latest event was for an expired certificate | 103 // Check that |observer|'s latest event was for an expired certificate |
105 // and that it saw the proper SecurityStyle and explanations. | 104 // and that it saw the proper SecurityStyle and explanations. |
106 void CheckBrokenSecurityStyle(const SecurityStyleTestObserver& observer, | 105 void CheckBrokenSecurityStyle(const SecurityStyleTestObserver& observer, |
107 int error, | 106 int error, |
108 Browser* browser) { | 107 Browser* browser, |
| 108 net::X509Certificate* expected_cert) { |
109 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATION_BROKEN, | 109 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATION_BROKEN, |
110 observer.latest_security_style()); | 110 observer.latest_security_style()); |
111 | 111 |
112 const content::SecurityStyleExplanations& expired_explanation = | 112 const content::SecurityStyleExplanations& expired_explanation = |
113 observer.latest_explanations(); | 113 observer.latest_explanations(); |
114 EXPECT_EQ(0u, expired_explanation.unauthenticated_explanations.size()); | 114 EXPECT_EQ(0u, expired_explanation.unauthenticated_explanations.size()); |
115 ASSERT_EQ(1u, expired_explanation.broken_explanations.size()); | 115 ASSERT_EQ(1u, expired_explanation.broken_explanations.size()); |
116 EXPECT_FALSE(expired_explanation.pkp_bypassed); | 116 EXPECT_FALSE(expired_explanation.pkp_bypassed); |
117 EXPECT_TRUE(expired_explanation.info_explanations.empty()); | 117 EXPECT_TRUE(expired_explanation.info_explanations.empty()); |
118 | 118 |
119 // Check that the summary and description are as expected. | 119 // Check that the summary and description are as expected. |
120 EXPECT_EQ(l10n_util::GetStringUTF8(IDS_CERTIFICATE_CHAIN_ERROR), | 120 EXPECT_EQ(l10n_util::GetStringUTF8(IDS_CERTIFICATE_CHAIN_ERROR), |
121 expired_explanation.broken_explanations[0].summary); | 121 expired_explanation.broken_explanations[0].summary); |
122 | 122 |
123 base::string16 error_string = base::UTF8ToUTF16(net::ErrorToString(error)); | 123 base::string16 error_string = base::UTF8ToUTF16(net::ErrorToString(error)); |
124 EXPECT_EQ(l10n_util::GetStringFUTF8( | 124 EXPECT_EQ(l10n_util::GetStringFUTF8( |
125 IDS_CERTIFICATE_CHAIN_ERROR_DESCRIPTION_FORMAT, error_string), | 125 IDS_CERTIFICATE_CHAIN_ERROR_DESCRIPTION_FORMAT, error_string), |
126 expired_explanation.broken_explanations[0].description); | 126 expired_explanation.broken_explanations[0].description); |
127 | 127 |
128 // Check the associated certificate id. | 128 // Check the associated certificate. |
129 int cert_id = browser->tab_strip_model() | 129 net::X509Certificate* cert = browser->tab_strip_model() |
130 ->GetActiveWebContents() | 130 ->GetActiveWebContents() |
131 ->GetController() | 131 ->GetController() |
132 .GetActiveEntry() | 132 .GetActiveEntry() |
133 ->GetSSL() | 133 ->GetSSL() |
134 .cert_id; | 134 .certificate.get(); |
135 EXPECT_EQ(cert_id, expired_explanation.broken_explanations[0].cert_id); | 135 EXPECT_TRUE(cert->Equals(expected_cert)); |
| 136 EXPECT_TRUE(expired_explanation.broken_explanations[0].has_certificate); |
136 } | 137 } |
137 | 138 |
138 // Checks that the given |secure_explanations| contains an appropriate | 139 // Checks that the given |secure_explanations| contains an appropriate |
139 // explanation if the certificate status is valid. | 140 // explanation if the certificate status is valid. |
140 void CheckSecureExplanations( | 141 void CheckSecureExplanations( |
141 const std::vector<content::SecurityStyleExplanation>& secure_explanations, | 142 const std::vector<content::SecurityStyleExplanation>& secure_explanations, |
142 CertificateStatus cert_status, | 143 CertificateStatus cert_status, |
143 Browser* browser) { | 144 Browser* browser, |
| 145 net::X509Certificate* expected_cert) { |
144 ASSERT_EQ(cert_status == VALID_CERTIFICATE ? 2u : 1u, | 146 ASSERT_EQ(cert_status == VALID_CERTIFICATE ? 2u : 1u, |
145 secure_explanations.size()); | 147 secure_explanations.size()); |
146 if (cert_status == VALID_CERTIFICATE) { | 148 if (cert_status == VALID_CERTIFICATE) { |
147 EXPECT_EQ(l10n_util::GetStringUTF8(IDS_VALID_SERVER_CERTIFICATE), | 149 EXPECT_EQ(l10n_util::GetStringUTF8(IDS_VALID_SERVER_CERTIFICATE), |
148 secure_explanations[0].summary); | 150 secure_explanations[0].summary); |
149 EXPECT_EQ( | 151 EXPECT_EQ( |
150 l10n_util::GetStringUTF8(IDS_VALID_SERVER_CERTIFICATE_DESCRIPTION), | 152 l10n_util::GetStringUTF8(IDS_VALID_SERVER_CERTIFICATE_DESCRIPTION), |
151 secure_explanations[0].description); | 153 secure_explanations[0].description); |
152 int cert_id = browser->tab_strip_model() | 154 net::X509Certificate* cert = browser->tab_strip_model() |
153 ->GetActiveWebContents() | 155 ->GetActiveWebContents() |
154 ->GetController() | 156 ->GetController() |
155 .GetActiveEntry() | 157 .GetActiveEntry() |
156 ->GetSSL() | 158 ->GetSSL() |
157 .cert_id; | 159 .certificate.get(); |
158 EXPECT_EQ(cert_id, secure_explanations[0].cert_id); | 160 EXPECT_TRUE(cert->Equals(expected_cert)); |
| 161 EXPECT_TRUE(secure_explanations[0].has_certificate); |
159 } | 162 } |
160 | 163 |
161 EXPECT_EQ(l10n_util::GetStringUTF8(IDS_STRONG_SSL_SUMMARY), | 164 EXPECT_EQ(l10n_util::GetStringUTF8(IDS_STRONG_SSL_SUMMARY), |
162 secure_explanations.back().summary); | 165 secure_explanations.back().summary); |
163 | 166 |
164 content::WebContents* web_contents = | 167 content::WebContents* web_contents = |
165 browser->tab_strip_model()->GetActiveWebContents(); | 168 browser->tab_strip_model()->GetActiveWebContents(); |
166 const SecurityStateModel::SecurityInfo& security_info = | 169 const SecurityStateModel::SecurityInfo& security_info = |
167 ChromeSecurityStateModelClient::FromWebContents(web_contents) | 170 ChromeSecurityStateModelClient::FromWebContents(web_contents) |
168 ->GetSecurityInfo(); | 171 ->GetSecurityInfo(); |
(...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
206 model_client->GetSecurityInfo(); | 209 model_client->GetSecurityInfo(); |
207 EXPECT_EQ(expect_security_level, security_info.security_level); | 210 EXPECT_EQ(expect_security_level, security_info.security_level); |
208 EXPECT_EQ(expect_sha1_status, security_info.sha1_deprecation_status); | 211 EXPECT_EQ(expect_sha1_status, security_info.sha1_deprecation_status); |
209 EXPECT_EQ(expect_mixed_content_status, security_info.mixed_content_status); | 212 EXPECT_EQ(expect_mixed_content_status, security_info.mixed_content_status); |
210 EXPECT_TRUE(security_info.sct_verify_statuses.empty()); | 213 EXPECT_TRUE(security_info.sct_verify_statuses.empty()); |
211 EXPECT_TRUE(security_info.scheme_is_cryptographic); | 214 EXPECT_TRUE(security_info.scheme_is_cryptographic); |
212 EXPECT_EQ(pkp_bypassed, security_info.pkp_bypassed); | 215 EXPECT_EQ(pkp_bypassed, security_info.pkp_bypassed); |
213 EXPECT_EQ(expect_cert_error, | 216 EXPECT_EQ(expect_cert_error, |
214 net::IsCertStatusError(security_info.cert_status)); | 217 net::IsCertStatusError(security_info.cert_status)); |
215 EXPECT_GT(security_info.security_bits, 0); | 218 EXPECT_GT(security_info.security_bits, 0); |
216 | 219 EXPECT_TRUE(!!security_info.certificate); |
217 content::CertStore* cert_store = content::CertStore::GetInstance(); | |
218 scoped_refptr<net::X509Certificate> cert; | |
219 EXPECT_TRUE(cert_store->RetrieveCert(security_info.cert_id, &cert)); | |
220 } | 220 } |
221 | 221 |
222 void CheckSecurityInfoForNonSecure(content::WebContents* contents) { | 222 void CheckSecurityInfoForNonSecure(content::WebContents* contents) { |
223 ASSERT_TRUE(contents); | 223 ASSERT_TRUE(contents); |
224 | 224 |
225 ChromeSecurityStateModelClient* model_client = | 225 ChromeSecurityStateModelClient* model_client = |
226 ChromeSecurityStateModelClient::FromWebContents(contents); | 226 ChromeSecurityStateModelClient::FromWebContents(contents); |
227 ASSERT_TRUE(model_client); | 227 ASSERT_TRUE(model_client); |
228 const SecurityStateModel::SecurityInfo& security_info = | 228 const SecurityStateModel::SecurityInfo& security_info = |
229 model_client->GetSecurityInfo(); | 229 model_client->GetSecurityInfo(); |
230 EXPECT_EQ(SecurityStateModel::NONE, security_info.security_level); | 230 EXPECT_EQ(SecurityStateModel::NONE, security_info.security_level); |
231 EXPECT_EQ(SecurityStateModel::NO_DEPRECATED_SHA1, | 231 EXPECT_EQ(SecurityStateModel::NO_DEPRECATED_SHA1, |
232 security_info.sha1_deprecation_status); | 232 security_info.sha1_deprecation_status); |
233 EXPECT_EQ(SecurityStateModel::CONTENT_STATUS_NONE, | 233 EXPECT_EQ(SecurityStateModel::CONTENT_STATUS_NONE, |
234 security_info.mixed_content_status); | 234 security_info.mixed_content_status); |
235 EXPECT_TRUE(security_info.sct_verify_statuses.empty()); | 235 EXPECT_TRUE(security_info.sct_verify_statuses.empty()); |
236 EXPECT_FALSE(security_info.scheme_is_cryptographic); | 236 EXPECT_FALSE(security_info.scheme_is_cryptographic); |
237 EXPECT_FALSE(net::IsCertStatusError(security_info.cert_status)); | 237 EXPECT_FALSE(net::IsCertStatusError(security_info.cert_status)); |
238 EXPECT_EQ(-1, security_info.security_bits); | 238 EXPECT_EQ(-1, security_info.security_bits); |
239 EXPECT_EQ(0, security_info.cert_id); | 239 EXPECT_FALSE(!!security_info.certificate); |
240 } | 240 } |
241 | 241 |
242 void ProceedThroughInterstitial(content::WebContents* tab) { | 242 void ProceedThroughInterstitial(content::WebContents* tab) { |
243 content::InterstitialPage* interstitial_page = tab->GetInterstitialPage(); | 243 content::InterstitialPage* interstitial_page = tab->GetInterstitialPage(); |
244 ASSERT_TRUE(interstitial_page); | 244 ASSERT_TRUE(interstitial_page); |
245 ASSERT_EQ(SSLBlockingPage::kTypeForTesting, | 245 ASSERT_EQ(SSLBlockingPage::kTypeForTesting, |
246 interstitial_page->GetDelegateForTesting()->GetTypeForTesting()); | 246 interstitial_page->GetDelegateForTesting()->GetTypeForTesting()); |
247 content::WindowedNotificationObserver observer( | 247 content::WindowedNotificationObserver observer( |
248 content::NOTIFICATION_LOAD_STOP, | 248 content::NOTIFICATION_LOAD_STOP, |
249 content::Source<content::NavigationController>(&tab->GetController())); | 249 content::Source<content::NavigationController>(&tab->GetController())); |
(...skipping 26 matching lines...) Expand all Loading... |
276 | 276 |
277 protected: | 277 protected: |
278 void SetUpMockCertVerifierForHttpsServer(net::CertStatus cert_status, | 278 void SetUpMockCertVerifierForHttpsServer(net::CertStatus cert_status, |
279 int net_result) { | 279 int net_result) { |
280 scoped_refptr<net::X509Certificate> cert(https_server_.GetCertificate()); | 280 scoped_refptr<net::X509Certificate> cert(https_server_.GetCertificate()); |
281 net::CertVerifyResult verify_result; | 281 net::CertVerifyResult verify_result; |
282 verify_result.is_issued_by_known_root = true; | 282 verify_result.is_issued_by_known_root = true; |
283 verify_result.verified_cert = cert; | 283 verify_result.verified_cert = cert; |
284 verify_result.cert_status = cert_status; | 284 verify_result.cert_status = cert_status; |
285 | 285 |
286 mock_cert_verifier()->AddResultForCert(cert.get(), verify_result, | 286 mock_cert_verifier()->AddResultForCert(cert, verify_result, net_result); |
287 net_result); | |
288 } | 287 } |
289 | 288 |
290 net::EmbeddedTestServer https_server_; | 289 net::EmbeddedTestServer https_server_; |
291 | 290 |
292 private: | 291 private: |
293 DISALLOW_COPY_AND_ASSIGN(ChromeSecurityStateModelClientTest); | 292 DISALLOW_COPY_AND_ASSIGN(ChromeSecurityStateModelClientTest); |
294 }; | 293 }; |
295 | 294 |
296 class SecurityStyleChangedTest : public InProcessBrowserTest { | 295 class SecurityStyleChangedTest : public InProcessBrowserTest { |
297 public: | 296 public: |
(...skipping 28 matching lines...) Expand all Loading... |
326 const SecurityStateModel::SecurityInfo& security_info = | 325 const SecurityStateModel::SecurityInfo& security_info = |
327 model_client->GetSecurityInfo(); | 326 model_client->GetSecurityInfo(); |
328 EXPECT_EQ(SecurityStateModel::NONE, security_info.security_level); | 327 EXPECT_EQ(SecurityStateModel::NONE, security_info.security_level); |
329 EXPECT_EQ(SecurityStateModel::NO_DEPRECATED_SHA1, | 328 EXPECT_EQ(SecurityStateModel::NO_DEPRECATED_SHA1, |
330 security_info.sha1_deprecation_status); | 329 security_info.sha1_deprecation_status); |
331 EXPECT_EQ(SecurityStateModel::CONTENT_STATUS_NONE, | 330 EXPECT_EQ(SecurityStateModel::CONTENT_STATUS_NONE, |
332 security_info.mixed_content_status); | 331 security_info.mixed_content_status); |
333 EXPECT_TRUE(security_info.sct_verify_statuses.empty()); | 332 EXPECT_TRUE(security_info.sct_verify_statuses.empty()); |
334 EXPECT_FALSE(security_info.scheme_is_cryptographic); | 333 EXPECT_FALSE(security_info.scheme_is_cryptographic); |
335 EXPECT_FALSE(net::IsCertStatusError(security_info.cert_status)); | 334 EXPECT_FALSE(net::IsCertStatusError(security_info.cert_status)); |
336 EXPECT_EQ(0, security_info.cert_id); | 335 EXPECT_FALSE(!!security_info.certificate); |
337 EXPECT_EQ(-1, security_info.security_bits); | 336 EXPECT_EQ(-1, security_info.security_bits); |
338 EXPECT_EQ(0, security_info.connection_status); | 337 EXPECT_EQ(0, security_info.connection_status); |
339 } | 338 } |
340 | 339 |
341 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, HttpsPage) { | 340 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, HttpsPage) { |
342 ASSERT_TRUE(https_server_.Start()); | 341 ASSERT_TRUE(https_server_.Start()); |
343 SetUpMockCertVerifierForHttpsServer(0, net::OK); | 342 SetUpMockCertVerifierForHttpsServer(0, net::OK); |
344 | 343 |
345 ui_test_utils::NavigateToURL(browser(), | 344 ui_test_utils::NavigateToURL(browser(), |
346 https_server_.GetURL("/ssl/google.html")); | 345 https_server_.GetURL("/ssl/google.html")); |
(...skipping 397 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
744 | 743 |
745 scoped_refptr<net::X509Certificate> cert(https_server_.GetCertificate()); | 744 scoped_refptr<net::X509Certificate> cert(https_server_.GetCertificate()); |
746 net::CertVerifyResult verify_result; | 745 net::CertVerifyResult verify_result; |
747 // PKP is bypassed when |is_issued_by_known_root| is false. | 746 // PKP is bypassed when |is_issued_by_known_root| is false. |
748 verify_result.is_issued_by_known_root = false; | 747 verify_result.is_issued_by_known_root = false; |
749 verify_result.verified_cert = cert; | 748 verify_result.verified_cert = cert; |
750 net::HashValue hash(net::HASH_VALUE_SHA256); | 749 net::HashValue hash(net::HASH_VALUE_SHA256); |
751 memset(hash.data(), 1, hash.size()); | 750 memset(hash.data(), 1, hash.size()); |
752 verify_result.public_key_hashes.push_back(hash); | 751 verify_result.public_key_hashes.push_back(hash); |
753 | 752 |
754 mock_cert_verifier()->AddResultForCert(cert.get(), verify_result, net::OK); | 753 mock_cert_verifier()->AddResultForCert(cert, verify_result, net::OK); |
755 | 754 |
756 ui_test_utils::NavigateToURL(browser(), | 755 ui_test_utils::NavigateToURL(browser(), |
757 https_server_.GetURL("/ssl/google.html")); | 756 https_server_.GetURL("/ssl/google.html")); |
758 | 757 |
759 CheckSecurityInfoForSecure( | 758 CheckSecurityInfoForSecure( |
760 browser()->tab_strip_model()->GetActiveWebContents(), | 759 browser()->tab_strip_model()->GetActiveWebContents(), |
761 SecurityStateModel::SECURE, SecurityStateModel::NO_DEPRECATED_SHA1, | 760 SecurityStateModel::SECURE, SecurityStateModel::NO_DEPRECATED_SHA1, |
762 SecurityStateModel::CONTENT_STATUS_NONE, true, false); | 761 SecurityStateModel::CONTENT_STATUS_NONE, true, false); |
763 | 762 |
764 const content::SecurityStyleExplanations& explanation = | 763 const content::SecurityStyleExplanations& explanation = |
765 observer.latest_explanations(); | 764 observer.latest_explanations(); |
766 EXPECT_TRUE(explanation.pkp_bypassed); | 765 EXPECT_TRUE(explanation.pkp_bypassed); |
767 EXPECT_FALSE(explanation.info_explanations.empty()); | 766 EXPECT_FALSE(explanation.info_explanations.empty()); |
768 } | 767 } |
769 | 768 |
770 IN_PROC_BROWSER_TEST_F(PKPModelClientTest, PKPEnforced) { | 769 IN_PROC_BROWSER_TEST_F(PKPModelClientTest, PKPEnforced) { |
771 content::WebContents* web_contents = | 770 content::WebContents* web_contents = |
772 browser()->tab_strip_model()->GetActiveWebContents(); | 771 browser()->tab_strip_model()->GetActiveWebContents(); |
773 SecurityStyleTestObserver observer(web_contents); | 772 SecurityStyleTestObserver observer(web_contents); |
774 | 773 |
775 scoped_refptr<net::X509Certificate> cert(https_server_.GetCertificate()); | 774 scoped_refptr<net::X509Certificate> cert(https_server_.GetCertificate()); |
776 net::CertVerifyResult verify_result; | 775 net::CertVerifyResult verify_result; |
777 // PKP requires |is_issued_by_known_root| to be true. | 776 // PKP requires |is_issued_by_known_root| to be true. |
778 verify_result.is_issued_by_known_root = true; | 777 verify_result.is_issued_by_known_root = true; |
779 verify_result.verified_cert = cert; | 778 verify_result.verified_cert = cert; |
780 net::HashValue hash(net::HASH_VALUE_SHA256); | 779 net::HashValue hash(net::HASH_VALUE_SHA256); |
781 memset(hash.data(), 1, hash.size()); | 780 memset(hash.data(), 1, hash.size()); |
782 verify_result.public_key_hashes.push_back(hash); | 781 verify_result.public_key_hashes.push_back(hash); |
783 | 782 |
784 mock_cert_verifier()->AddResultForCert(cert.get(), verify_result, net::OK); | 783 mock_cert_verifier()->AddResultForCert(cert, verify_result, net::OK); |
785 | 784 |
786 ui_test_utils::NavigateToURL(browser(), | 785 ui_test_utils::NavigateToURL(browser(), |
787 https_server_.GetURL("/ssl/google.html")); | 786 https_server_.GetURL("/ssl/google.html")); |
788 CheckBrokenSecurityStyle(observer, net::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN, | 787 CheckBrokenSecurityStyle(observer, net::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN, |
789 browser()); | 788 browser(), cert.get()); |
790 } | 789 } |
791 | 790 |
792 // Fails requests with ERR_IO_PENDING. Can be used to simulate a navigation | 791 // Fails requests with ERR_IO_PENDING. Can be used to simulate a navigation |
793 // that never stops loading. | 792 // that never stops loading. |
794 class PendingJobInterceptor : public net::URLRequestInterceptor { | 793 class PendingJobInterceptor : public net::URLRequestInterceptor { |
795 public: | 794 public: |
796 PendingJobInterceptor() {} | 795 PendingJobInterceptor() {} |
797 ~PendingJobInterceptor() override {} | 796 ~PendingJobInterceptor() override {} |
798 | 797 |
799 // URLRequestInterceptor implementation | 798 // URLRequestInterceptor implementation |
(...skipping 130 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
930 GURL mixed_content_url(https_server_.GetURL(replacement_path)); | 929 GURL mixed_content_url(https_server_.GetURL(replacement_path)); |
931 ui_test_utils::NavigateToURL(browser(), mixed_content_url); | 930 ui_test_utils::NavigateToURL(browser(), mixed_content_url); |
932 EXPECT_EQ(content::SECURITY_STYLE_UNAUTHENTICATED, | 931 EXPECT_EQ(content::SECURITY_STYLE_UNAUTHENTICATED, |
933 observer.latest_security_style()); | 932 observer.latest_security_style()); |
934 | 933 |
935 const content::SecurityStyleExplanations& mixed_content_explanation = | 934 const content::SecurityStyleExplanations& mixed_content_explanation = |
936 observer.latest_explanations(); | 935 observer.latest_explanations(); |
937 ASSERT_EQ(0u, mixed_content_explanation.unauthenticated_explanations.size()); | 936 ASSERT_EQ(0u, mixed_content_explanation.unauthenticated_explanations.size()); |
938 ASSERT_EQ(0u, mixed_content_explanation.broken_explanations.size()); | 937 ASSERT_EQ(0u, mixed_content_explanation.broken_explanations.size()); |
939 CheckSecureExplanations(mixed_content_explanation.secure_explanations, | 938 CheckSecureExplanations(mixed_content_explanation.secure_explanations, |
940 VALID_CERTIFICATE, browser()); | 939 VALID_CERTIFICATE, browser(), |
| 940 https_server_.GetCertificate().get()); |
941 EXPECT_TRUE(mixed_content_explanation.scheme_is_cryptographic); | 941 EXPECT_TRUE(mixed_content_explanation.scheme_is_cryptographic); |
942 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); | 942 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); |
943 EXPECT_TRUE(observer.latest_explanations().info_explanations.empty()); | 943 EXPECT_TRUE(observer.latest_explanations().info_explanations.empty()); |
944 EXPECT_TRUE(mixed_content_explanation.displayed_mixed_content); | 944 EXPECT_TRUE(mixed_content_explanation.displayed_mixed_content); |
945 EXPECT_FALSE(mixed_content_explanation.ran_mixed_content); | 945 EXPECT_FALSE(mixed_content_explanation.ran_mixed_content); |
946 EXPECT_EQ(content::SECURITY_STYLE_UNAUTHENTICATED, | 946 EXPECT_EQ(content::SECURITY_STYLE_UNAUTHENTICATED, |
947 mixed_content_explanation.displayed_insecure_content_style); | 947 mixed_content_explanation.displayed_insecure_content_style); |
948 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATION_BROKEN, | 948 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATION_BROKEN, |
949 mixed_content_explanation.ran_insecure_content_style); | 949 mixed_content_explanation.ran_insecure_content_style); |
950 | 950 |
951 // Visit a broken HTTPS url. | 951 // Visit a broken HTTPS url. |
952 GURL expired_url(https_test_server_expired.GetURL("/title1.html")); | 952 GURL expired_url(https_test_server_expired.GetURL("/title1.html")); |
953 ui_test_utils::NavigateToURL(browser(), expired_url); | 953 ui_test_utils::NavigateToURL(browser(), expired_url); |
954 | 954 |
955 // An interstitial should show, and an event for the lock icon on the | 955 // An interstitial should show, and an event for the lock icon on the |
956 // interstitial should fire. | 956 // interstitial should fire. |
957 content::WaitForInterstitialAttach(web_contents); | 957 content::WaitForInterstitialAttach(web_contents); |
958 EXPECT_TRUE(web_contents->ShowingInterstitialPage()); | 958 EXPECT_TRUE(web_contents->ShowingInterstitialPage()); |
959 CheckBrokenSecurityStyle(observer, net::ERR_CERT_DATE_INVALID, browser()); | 959 CheckBrokenSecurityStyle(observer, net::ERR_CERT_DATE_INVALID, browser(), |
| 960 https_test_server_expired.GetCertificate().get()); |
960 CheckSecureExplanations(observer.latest_explanations().secure_explanations, | 961 CheckSecureExplanations(observer.latest_explanations().secure_explanations, |
961 INVALID_CERTIFICATE, browser()); | 962 INVALID_CERTIFICATE, browser(), |
| 963 https_test_server_expired.GetCertificate().get()); |
962 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); | 964 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); |
963 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); | 965 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); |
964 EXPECT_TRUE(observer.latest_explanations().info_explanations.empty()); | 966 EXPECT_TRUE(observer.latest_explanations().info_explanations.empty()); |
965 EXPECT_FALSE(observer.latest_explanations().displayed_mixed_content); | 967 EXPECT_FALSE(observer.latest_explanations().displayed_mixed_content); |
966 EXPECT_FALSE(observer.latest_explanations().ran_mixed_content); | 968 EXPECT_FALSE(observer.latest_explanations().ran_mixed_content); |
967 | 969 |
968 // Before clicking through, navigate to a different page, and then go | 970 // Before clicking through, navigate to a different page, and then go |
969 // back to the interstitial. | 971 // back to the interstitial. |
970 GURL valid_https_url(https_server_.GetURL("/title1.html")); | 972 GURL valid_https_url(https_server_.GetURL("/title1.html")); |
971 ui_test_utils::NavigateToURL(browser(), valid_https_url); | 973 ui_test_utils::NavigateToURL(browser(), valid_https_url); |
972 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATED, | 974 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATED, |
973 observer.latest_security_style()); | 975 observer.latest_security_style()); |
974 EXPECT_EQ(0u, | 976 EXPECT_EQ(0u, |
975 observer.latest_explanations().unauthenticated_explanations.size()); | 977 observer.latest_explanations().unauthenticated_explanations.size()); |
976 EXPECT_EQ(0u, observer.latest_explanations().broken_explanations.size()); | 978 EXPECT_EQ(0u, observer.latest_explanations().broken_explanations.size()); |
977 CheckSecureExplanations(observer.latest_explanations().secure_explanations, | 979 CheckSecureExplanations(observer.latest_explanations().secure_explanations, |
978 VALID_CERTIFICATE, browser()); | 980 VALID_CERTIFICATE, browser(), |
| 981 https_server_.GetCertificate().get()); |
979 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); | 982 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); |
980 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); | 983 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); |
981 EXPECT_TRUE(observer.latest_explanations().info_explanations.empty()); | 984 EXPECT_TRUE(observer.latest_explanations().info_explanations.empty()); |
982 EXPECT_FALSE(observer.latest_explanations().displayed_mixed_content); | 985 EXPECT_FALSE(observer.latest_explanations().displayed_mixed_content); |
983 EXPECT_FALSE(observer.latest_explanations().ran_mixed_content); | 986 EXPECT_FALSE(observer.latest_explanations().ran_mixed_content); |
984 | 987 |
985 // After going back to the interstitial, an event for a broken lock | 988 // After going back to the interstitial, an event for a broken lock |
986 // icon should fire again. | 989 // icon should fire again. |
987 ui_test_utils::NavigateToURL(browser(), expired_url); | 990 ui_test_utils::NavigateToURL(browser(), expired_url); |
988 content::WaitForInterstitialAttach(web_contents); | 991 content::WaitForInterstitialAttach(web_contents); |
989 EXPECT_TRUE(web_contents->ShowingInterstitialPage()); | 992 EXPECT_TRUE(web_contents->ShowingInterstitialPage()); |
990 CheckBrokenSecurityStyle(observer, net::ERR_CERT_DATE_INVALID, browser()); | 993 CheckBrokenSecurityStyle(observer, net::ERR_CERT_DATE_INVALID, browser(), |
| 994 https_test_server_expired.GetCertificate().get()); |
991 CheckSecureExplanations(observer.latest_explanations().secure_explanations, | 995 CheckSecureExplanations(observer.latest_explanations().secure_explanations, |
992 INVALID_CERTIFICATE, browser()); | 996 INVALID_CERTIFICATE, browser(), |
| 997 https_test_server_expired.GetCertificate().get()); |
993 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); | 998 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); |
994 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); | 999 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); |
995 EXPECT_TRUE(observer.latest_explanations().info_explanations.empty()); | 1000 EXPECT_TRUE(observer.latest_explanations().info_explanations.empty()); |
996 EXPECT_FALSE(observer.latest_explanations().displayed_mixed_content); | 1001 EXPECT_FALSE(observer.latest_explanations().displayed_mixed_content); |
997 EXPECT_FALSE(observer.latest_explanations().ran_mixed_content); | 1002 EXPECT_FALSE(observer.latest_explanations().ran_mixed_content); |
998 | 1003 |
999 // Since the next expected style is the same as the previous, clear | 1004 // Since the next expected style is the same as the previous, clear |
1000 // the observer (to make sure that the event fires twice and we don't | 1005 // the observer (to make sure that the event fires twice and we don't |
1001 // just see the previous event's style). | 1006 // just see the previous event's style). |
1002 observer.ClearLatestSecurityStyleAndExplanations(); | 1007 observer.ClearLatestSecurityStyleAndExplanations(); |
1003 | 1008 |
1004 // Other conditions cannot be tested on this host after clicking | 1009 // Other conditions cannot be tested on this host after clicking |
1005 // through because once the interstitial is clicked through, all URLs | 1010 // through because once the interstitial is clicked through, all URLs |
1006 // for this host will remain in a broken state. | 1011 // for this host will remain in a broken state. |
1007 ProceedThroughInterstitial(web_contents); | 1012 ProceedThroughInterstitial(web_contents); |
1008 CheckBrokenSecurityStyle(observer, net::ERR_CERT_DATE_INVALID, browser()); | 1013 CheckBrokenSecurityStyle(observer, net::ERR_CERT_DATE_INVALID, browser(), |
| 1014 https_test_server_expired.GetCertificate().get()); |
1009 CheckSecureExplanations(observer.latest_explanations().secure_explanations, | 1015 CheckSecureExplanations(observer.latest_explanations().secure_explanations, |
1010 INVALID_CERTIFICATE, browser()); | 1016 INVALID_CERTIFICATE, browser(), |
| 1017 https_test_server_expired.GetCertificate().get()); |
1011 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); | 1018 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); |
1012 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); | 1019 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); |
1013 EXPECT_TRUE(observer.latest_explanations().info_explanations.empty()); | 1020 EXPECT_TRUE(observer.latest_explanations().info_explanations.empty()); |
1014 EXPECT_FALSE(observer.latest_explanations().displayed_mixed_content); | 1021 EXPECT_FALSE(observer.latest_explanations().displayed_mixed_content); |
1015 EXPECT_FALSE(observer.latest_explanations().ran_mixed_content); | 1022 EXPECT_FALSE(observer.latest_explanations().ran_mixed_content); |
1016 } | 1023 } |
1017 | 1024 |
1018 // Visit a valid HTTPS page, then a broken HTTPS page, and then go back, | 1025 // Visit a valid HTTPS page, then a broken HTTPS page, and then go back, |
1019 // and test that the observed security style matches. | 1026 // and test that the observed security style matches. |
1020 #if defined(OS_CHROMEOS) | 1027 #if defined(OS_CHROMEOS) |
(...skipping 21 matching lines...) Expand all Loading... |
1042 | 1049 |
1043 // Visit a valid HTTPS url. | 1050 // Visit a valid HTTPS url. |
1044 GURL valid_https_url(https_server_.GetURL("/title1.html")); | 1051 GURL valid_https_url(https_server_.GetURL("/title1.html")); |
1045 ui_test_utils::NavigateToURL(browser(), valid_https_url); | 1052 ui_test_utils::NavigateToURL(browser(), valid_https_url); |
1046 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATED, | 1053 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATED, |
1047 observer.latest_security_style()); | 1054 observer.latest_security_style()); |
1048 EXPECT_EQ(0u, | 1055 EXPECT_EQ(0u, |
1049 observer.latest_explanations().unauthenticated_explanations.size()); | 1056 observer.latest_explanations().unauthenticated_explanations.size()); |
1050 EXPECT_EQ(0u, observer.latest_explanations().broken_explanations.size()); | 1057 EXPECT_EQ(0u, observer.latest_explanations().broken_explanations.size()); |
1051 CheckSecureExplanations(observer.latest_explanations().secure_explanations, | 1058 CheckSecureExplanations(observer.latest_explanations().secure_explanations, |
1052 VALID_CERTIFICATE, browser()); | 1059 VALID_CERTIFICATE, browser(), |
| 1060 https_server_.GetCertificate().get()); |
1053 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); | 1061 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); |
1054 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); | 1062 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); |
1055 EXPECT_TRUE(observer.latest_explanations().info_explanations.empty()); | 1063 EXPECT_TRUE(observer.latest_explanations().info_explanations.empty()); |
1056 EXPECT_FALSE(observer.latest_explanations().displayed_mixed_content); | 1064 EXPECT_FALSE(observer.latest_explanations().displayed_mixed_content); |
1057 EXPECT_FALSE(observer.latest_explanations().ran_mixed_content); | 1065 EXPECT_FALSE(observer.latest_explanations().ran_mixed_content); |
1058 | 1066 |
1059 // Navigate to a bad HTTPS page on a different host, and then click | 1067 // Navigate to a bad HTTPS page on a different host, and then click |
1060 // Back to verify that the previous good security style is seen again. | 1068 // Back to verify that the previous good security style is seen again. |
1061 GURL expired_https_url(https_test_server_expired.GetURL("/title1.html")); | 1069 GURL expired_https_url(https_test_server_expired.GetURL("/title1.html")); |
1062 host_resolver()->AddRule("www.example_broken.test", "127.0.0.1"); | 1070 host_resolver()->AddRule("www.example_broken.test", "127.0.0.1"); |
1063 GURL::Replacements replace_host; | 1071 GURL::Replacements replace_host; |
1064 replace_host.SetHostStr("www.example_broken.test"); | 1072 replace_host.SetHostStr("www.example_broken.test"); |
1065 GURL https_url_different_host = | 1073 GURL https_url_different_host = |
1066 expired_https_url.ReplaceComponents(replace_host); | 1074 expired_https_url.ReplaceComponents(replace_host); |
1067 | 1075 |
1068 ui_test_utils::NavigateToURL(browser(), https_url_different_host); | 1076 ui_test_utils::NavigateToURL(browser(), https_url_different_host); |
1069 | 1077 |
1070 content::WaitForInterstitialAttach(web_contents); | 1078 content::WaitForInterstitialAttach(web_contents); |
1071 EXPECT_TRUE(web_contents->ShowingInterstitialPage()); | 1079 EXPECT_TRUE(web_contents->ShowingInterstitialPage()); |
1072 CheckBrokenSecurityStyle(observer, net::ERR_CERT_COMMON_NAME_INVALID, | 1080 CheckBrokenSecurityStyle(observer, net::ERR_CERT_COMMON_NAME_INVALID, |
1073 browser()); | 1081 browser(), |
| 1082 https_test_server_expired.GetCertificate().get()); |
1074 ProceedThroughInterstitial(web_contents); | 1083 ProceedThroughInterstitial(web_contents); |
1075 CheckBrokenSecurityStyle(observer, net::ERR_CERT_COMMON_NAME_INVALID, | 1084 CheckBrokenSecurityStyle(observer, net::ERR_CERT_COMMON_NAME_INVALID, |
1076 browser()); | 1085 browser(), |
| 1086 https_test_server_expired.GetCertificate().get()); |
1077 CheckSecureExplanations(observer.latest_explanations().secure_explanations, | 1087 CheckSecureExplanations(observer.latest_explanations().secure_explanations, |
1078 INVALID_CERTIFICATE, browser()); | 1088 INVALID_CERTIFICATE, browser(), |
| 1089 https_test_server_expired.GetCertificate().get()); |
1079 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); | 1090 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); |
1080 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); | 1091 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); |
1081 EXPECT_TRUE(observer.latest_explanations().info_explanations.empty()); | 1092 EXPECT_TRUE(observer.latest_explanations().info_explanations.empty()); |
1082 EXPECT_FALSE(observer.latest_explanations().displayed_mixed_content); | 1093 EXPECT_FALSE(observer.latest_explanations().displayed_mixed_content); |
1083 EXPECT_FALSE(observer.latest_explanations().ran_mixed_content); | 1094 EXPECT_FALSE(observer.latest_explanations().ran_mixed_content); |
1084 | 1095 |
1085 content::WindowedNotificationObserver back_nav_load_observer( | 1096 content::WindowedNotificationObserver back_nav_load_observer( |
1086 content::NOTIFICATION_LOAD_STOP, | 1097 content::NOTIFICATION_LOAD_STOP, |
1087 content::Source<content::NavigationController>( | 1098 content::Source<content::NavigationController>( |
1088 &web_contents->GetController())); | 1099 &web_contents->GetController())); |
1089 chrome::GoBack(browser(), WindowOpenDisposition::CURRENT_TAB); | 1100 chrome::GoBack(browser(), WindowOpenDisposition::CURRENT_TAB); |
1090 back_nav_load_observer.Wait(); | 1101 back_nav_load_observer.Wait(); |
1091 | 1102 |
1092 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATED, | 1103 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATED, |
1093 observer.latest_security_style()); | 1104 observer.latest_security_style()); |
1094 EXPECT_EQ(0u, | 1105 EXPECT_EQ(0u, |
1095 observer.latest_explanations().unauthenticated_explanations.size()); | 1106 observer.latest_explanations().unauthenticated_explanations.size()); |
1096 EXPECT_EQ(0u, observer.latest_explanations().broken_explanations.size()); | 1107 EXPECT_EQ(0u, observer.latest_explanations().broken_explanations.size()); |
1097 CheckSecureExplanations(observer.latest_explanations().secure_explanations, | 1108 CheckSecureExplanations(observer.latest_explanations().secure_explanations, |
1098 VALID_CERTIFICATE, browser()); | 1109 VALID_CERTIFICATE, browser(), |
| 1110 https_server_.GetCertificate().get()); |
1099 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); | 1111 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); |
1100 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); | 1112 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); |
1101 EXPECT_TRUE(observer.latest_explanations().info_explanations.empty()); | 1113 EXPECT_TRUE(observer.latest_explanations().info_explanations.empty()); |
1102 EXPECT_FALSE(observer.latest_explanations().displayed_mixed_content); | 1114 EXPECT_FALSE(observer.latest_explanations().displayed_mixed_content); |
1103 EXPECT_FALSE(observer.latest_explanations().ran_mixed_content); | 1115 EXPECT_FALSE(observer.latest_explanations().ran_mixed_content); |
1104 } | 1116 } |
1105 | 1117 |
1106 // After AddNonsecureUrlHandler() is called, requests to this hostname | 1118 // After AddNonsecureUrlHandler() is called, requests to this hostname |
1107 // will use obsolete TLS settings. | 1119 // will use obsolete TLS settings. |
1108 const char kMockNonsecureHostname[] = "example-nonsecure.test"; | 1120 const char kMockNonsecureHostname[] = "example-nonsecure.test"; |
(...skipping 286 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1395 ChromeSecurityStateModelClient* model_client = | 1407 ChromeSecurityStateModelClient* model_client = |
1396 ChromeSecurityStateModelClient::FromWebContents(web_contents); | 1408 ChromeSecurityStateModelClient::FromWebContents(web_contents); |
1397 ASSERT_TRUE(model_client); | 1409 ASSERT_TRUE(model_client); |
1398 const SecurityStateModel::SecurityInfo& security_info = | 1410 const SecurityStateModel::SecurityInfo& security_info = |
1399 model_client->GetSecurityInfo(); | 1411 model_client->GetSecurityInfo(); |
1400 EXPECT_EQ(SecurityStateModel::SECURE, security_info.security_level); | 1412 EXPECT_EQ(SecurityStateModel::SECURE, security_info.security_level); |
1401 EXPECT_EQ(kTestSCTStatuses, security_info.sct_verify_statuses); | 1413 EXPECT_EQ(kTestSCTStatuses, security_info.sct_verify_statuses); |
1402 } | 1414 } |
1403 | 1415 |
1404 } // namespace | 1416 } // namespace |
OLD | NEW |