| Index: chrome/browser/ssl/chrome_security_state_model_client_browser_tests.cc
|
| diff --git a/chrome/browser/ssl/chrome_security_state_model_client_browser_tests.cc b/chrome/browser/ssl/chrome_security_state_model_client_browser_tests.cc
|
| index 359ed9504b16d6f4ed64be8b0af85059fcced898..f2dd0ea562c88f9c22ea39f239af4fd39a473030 100644
|
| --- a/chrome/browser/ssl/chrome_security_state_model_client_browser_tests.cc
|
| +++ b/chrome/browser/ssl/chrome_security_state_model_client_browser_tests.cc
|
| @@ -22,7 +22,6 @@
|
| #include "chrome/test/base/in_process_browser_test.h"
|
| #include "chrome/test/base/ui_test_utils.h"
|
| #include "components/prefs/pref_service.h"
|
| -#include "content/public/browser/cert_store.h"
|
| #include "content/public/browser/interstitial_page.h"
|
| #include "content/public/browser/navigation_controller.h"
|
| #include "content/public/browser/navigation_entry.h"
|
| @@ -105,7 +104,8 @@ class SecurityStyleTestObserver : public content::WebContentsObserver {
|
| // and that it saw the proper SecurityStyle and explanations.
|
| void CheckBrokenSecurityStyle(const SecurityStyleTestObserver& observer,
|
| int error,
|
| - Browser* browser) {
|
| + Browser* browser,
|
| + net::X509Certificate* expected_cert) {
|
| EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATION_BROKEN,
|
| observer.latest_security_style());
|
|
|
| @@ -125,14 +125,15 @@ void CheckBrokenSecurityStyle(const SecurityStyleTestObserver& observer,
|
| IDS_CERTIFICATE_CHAIN_ERROR_DESCRIPTION_FORMAT, error_string),
|
| expired_explanation.broken_explanations[0].description);
|
|
|
| - // Check the associated certificate id.
|
| - int cert_id = browser->tab_strip_model()
|
| - ->GetActiveWebContents()
|
| - ->GetController()
|
| - .GetActiveEntry()
|
| - ->GetSSL()
|
| - .cert_id;
|
| - EXPECT_EQ(cert_id, expired_explanation.broken_explanations[0].cert_id);
|
| + // Check the associated certificate.
|
| + net::X509Certificate* cert = browser->tab_strip_model()
|
| + ->GetActiveWebContents()
|
| + ->GetController()
|
| + .GetActiveEntry()
|
| + ->GetSSL()
|
| + .certificate.get();
|
| + EXPECT_TRUE(cert->Equals(expected_cert));
|
| + EXPECT_TRUE(expired_explanation.broken_explanations[0].has_certificate);
|
| }
|
|
|
| // Checks that the given |secure_explanations| contains an appropriate
|
| @@ -140,7 +141,8 @@ void CheckBrokenSecurityStyle(const SecurityStyleTestObserver& observer,
|
| void CheckSecureExplanations(
|
| const std::vector<content::SecurityStyleExplanation>& secure_explanations,
|
| CertificateStatus cert_status,
|
| - Browser* browser) {
|
| + Browser* browser,
|
| + net::X509Certificate* expected_cert) {
|
| ASSERT_EQ(cert_status == VALID_CERTIFICATE ? 2u : 1u,
|
| secure_explanations.size());
|
| if (cert_status == VALID_CERTIFICATE) {
|
| @@ -149,13 +151,14 @@ void CheckSecureExplanations(
|
| EXPECT_EQ(
|
| l10n_util::GetStringUTF8(IDS_VALID_SERVER_CERTIFICATE_DESCRIPTION),
|
| secure_explanations[0].description);
|
| - int cert_id = browser->tab_strip_model()
|
| - ->GetActiveWebContents()
|
| - ->GetController()
|
| - .GetActiveEntry()
|
| - ->GetSSL()
|
| - .cert_id;
|
| - EXPECT_EQ(cert_id, secure_explanations[0].cert_id);
|
| + net::X509Certificate* cert = browser->tab_strip_model()
|
| + ->GetActiveWebContents()
|
| + ->GetController()
|
| + .GetActiveEntry()
|
| + ->GetSSL()
|
| + .certificate.get();
|
| + EXPECT_TRUE(cert->Equals(expected_cert));
|
| + EXPECT_TRUE(secure_explanations[0].has_certificate);
|
| }
|
|
|
| EXPECT_EQ(l10n_util::GetStringUTF8(IDS_STRONG_SSL_SUMMARY),
|
| @@ -213,10 +216,7 @@ void CheckSecurityInfoForSecure(
|
| EXPECT_EQ(expect_cert_error,
|
| net::IsCertStatusError(security_info.cert_status));
|
| EXPECT_GT(security_info.security_bits, 0);
|
| -
|
| - content::CertStore* cert_store = content::CertStore::GetInstance();
|
| - scoped_refptr<net::X509Certificate> cert;
|
| - EXPECT_TRUE(cert_store->RetrieveCert(security_info.cert_id, &cert));
|
| + EXPECT_TRUE(!!security_info.certificate);
|
| }
|
|
|
| void CheckSecurityInfoForNonSecure(content::WebContents* contents) {
|
| @@ -236,7 +236,7 @@ void CheckSecurityInfoForNonSecure(content::WebContents* contents) {
|
| EXPECT_FALSE(security_info.scheme_is_cryptographic);
|
| EXPECT_FALSE(net::IsCertStatusError(security_info.cert_status));
|
| EXPECT_EQ(-1, security_info.security_bits);
|
| - EXPECT_EQ(0, security_info.cert_id);
|
| + EXPECT_FALSE(!!security_info.certificate);
|
| }
|
|
|
| void ProceedThroughInterstitial(content::WebContents* tab) {
|
| @@ -283,8 +283,7 @@ class ChromeSecurityStateModelClientTest : public CertVerifierBrowserTest {
|
| verify_result.verified_cert = cert;
|
| verify_result.cert_status = cert_status;
|
|
|
| - mock_cert_verifier()->AddResultForCert(cert.get(), verify_result,
|
| - net_result);
|
| + mock_cert_verifier()->AddResultForCert(cert, verify_result, net_result);
|
| }
|
|
|
| net::EmbeddedTestServer https_server_;
|
| @@ -333,7 +332,7 @@ IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, HttpPage) {
|
| EXPECT_TRUE(security_info.sct_verify_statuses.empty());
|
| EXPECT_FALSE(security_info.scheme_is_cryptographic);
|
| EXPECT_FALSE(net::IsCertStatusError(security_info.cert_status));
|
| - EXPECT_EQ(0, security_info.cert_id);
|
| + EXPECT_FALSE(!!security_info.certificate);
|
| EXPECT_EQ(-1, security_info.security_bits);
|
| EXPECT_EQ(0, security_info.connection_status);
|
| }
|
| @@ -751,7 +750,7 @@ IN_PROC_BROWSER_TEST_F(PKPModelClientTest, PKPBypass) {
|
| memset(hash.data(), 1, hash.size());
|
| verify_result.public_key_hashes.push_back(hash);
|
|
|
| - mock_cert_verifier()->AddResultForCert(cert.get(), verify_result, net::OK);
|
| + mock_cert_verifier()->AddResultForCert(cert, verify_result, net::OK);
|
|
|
| ui_test_utils::NavigateToURL(browser(),
|
| https_server_.GetURL("/ssl/google.html"));
|
| @@ -781,12 +780,12 @@ IN_PROC_BROWSER_TEST_F(PKPModelClientTest, PKPEnforced) {
|
| memset(hash.data(), 1, hash.size());
|
| verify_result.public_key_hashes.push_back(hash);
|
|
|
| - mock_cert_verifier()->AddResultForCert(cert.get(), verify_result, net::OK);
|
| + mock_cert_verifier()->AddResultForCert(cert, verify_result, net::OK);
|
|
|
| ui_test_utils::NavigateToURL(browser(),
|
| https_server_.GetURL("/ssl/google.html"));
|
| CheckBrokenSecurityStyle(observer, net::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN,
|
| - browser());
|
| + browser(), cert.get());
|
| }
|
|
|
| // Fails requests with ERR_IO_PENDING. Can be used to simulate a navigation
|
| @@ -937,7 +936,8 @@ IN_PROC_BROWSER_TEST_F(SecurityStyleChangedTest, SecurityStyleChangedObserver) {
|
| ASSERT_EQ(0u, mixed_content_explanation.unauthenticated_explanations.size());
|
| ASSERT_EQ(0u, mixed_content_explanation.broken_explanations.size());
|
| CheckSecureExplanations(mixed_content_explanation.secure_explanations,
|
| - VALID_CERTIFICATE, browser());
|
| + VALID_CERTIFICATE, browser(),
|
| + https_server_.GetCertificate().get());
|
| EXPECT_TRUE(mixed_content_explanation.scheme_is_cryptographic);
|
| EXPECT_FALSE(observer.latest_explanations().pkp_bypassed);
|
| EXPECT_TRUE(observer.latest_explanations().info_explanations.empty());
|
| @@ -956,9 +956,11 @@ IN_PROC_BROWSER_TEST_F(SecurityStyleChangedTest, SecurityStyleChangedObserver) {
|
| // interstitial should fire.
|
| content::WaitForInterstitialAttach(web_contents);
|
| EXPECT_TRUE(web_contents->ShowingInterstitialPage());
|
| - CheckBrokenSecurityStyle(observer, net::ERR_CERT_DATE_INVALID, browser());
|
| + CheckBrokenSecurityStyle(observer, net::ERR_CERT_DATE_INVALID, browser(),
|
| + https_test_server_expired.GetCertificate().get());
|
| CheckSecureExplanations(observer.latest_explanations().secure_explanations,
|
| - INVALID_CERTIFICATE, browser());
|
| + INVALID_CERTIFICATE, browser(),
|
| + https_test_server_expired.GetCertificate().get());
|
| EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic);
|
| EXPECT_FALSE(observer.latest_explanations().pkp_bypassed);
|
| EXPECT_TRUE(observer.latest_explanations().info_explanations.empty());
|
| @@ -975,7 +977,8 @@ IN_PROC_BROWSER_TEST_F(SecurityStyleChangedTest, SecurityStyleChangedObserver) {
|
| observer.latest_explanations().unauthenticated_explanations.size());
|
| EXPECT_EQ(0u, observer.latest_explanations().broken_explanations.size());
|
| CheckSecureExplanations(observer.latest_explanations().secure_explanations,
|
| - VALID_CERTIFICATE, browser());
|
| + VALID_CERTIFICATE, browser(),
|
| + https_server_.GetCertificate().get());
|
| EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic);
|
| EXPECT_FALSE(observer.latest_explanations().pkp_bypassed);
|
| EXPECT_TRUE(observer.latest_explanations().info_explanations.empty());
|
| @@ -987,9 +990,11 @@ IN_PROC_BROWSER_TEST_F(SecurityStyleChangedTest, SecurityStyleChangedObserver) {
|
| ui_test_utils::NavigateToURL(browser(), expired_url);
|
| content::WaitForInterstitialAttach(web_contents);
|
| EXPECT_TRUE(web_contents->ShowingInterstitialPage());
|
| - CheckBrokenSecurityStyle(observer, net::ERR_CERT_DATE_INVALID, browser());
|
| + CheckBrokenSecurityStyle(observer, net::ERR_CERT_DATE_INVALID, browser(),
|
| + https_test_server_expired.GetCertificate().get());
|
| CheckSecureExplanations(observer.latest_explanations().secure_explanations,
|
| - INVALID_CERTIFICATE, browser());
|
| + INVALID_CERTIFICATE, browser(),
|
| + https_test_server_expired.GetCertificate().get());
|
| EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic);
|
| EXPECT_FALSE(observer.latest_explanations().pkp_bypassed);
|
| EXPECT_TRUE(observer.latest_explanations().info_explanations.empty());
|
| @@ -1005,9 +1010,11 @@ IN_PROC_BROWSER_TEST_F(SecurityStyleChangedTest, SecurityStyleChangedObserver) {
|
| // through because once the interstitial is clicked through, all URLs
|
| // for this host will remain in a broken state.
|
| ProceedThroughInterstitial(web_contents);
|
| - CheckBrokenSecurityStyle(observer, net::ERR_CERT_DATE_INVALID, browser());
|
| + CheckBrokenSecurityStyle(observer, net::ERR_CERT_DATE_INVALID, browser(),
|
| + https_test_server_expired.GetCertificate().get());
|
| CheckSecureExplanations(observer.latest_explanations().secure_explanations,
|
| - INVALID_CERTIFICATE, browser());
|
| + INVALID_CERTIFICATE, browser(),
|
| + https_test_server_expired.GetCertificate().get());
|
| EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic);
|
| EXPECT_FALSE(observer.latest_explanations().pkp_bypassed);
|
| EXPECT_TRUE(observer.latest_explanations().info_explanations.empty());
|
| @@ -1049,7 +1056,8 @@ IN_PROC_BROWSER_TEST_F(SecurityStyleChangedTest,
|
| observer.latest_explanations().unauthenticated_explanations.size());
|
| EXPECT_EQ(0u, observer.latest_explanations().broken_explanations.size());
|
| CheckSecureExplanations(observer.latest_explanations().secure_explanations,
|
| - VALID_CERTIFICATE, browser());
|
| + VALID_CERTIFICATE, browser(),
|
| + https_server_.GetCertificate().get());
|
| EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic);
|
| EXPECT_FALSE(observer.latest_explanations().pkp_bypassed);
|
| EXPECT_TRUE(observer.latest_explanations().info_explanations.empty());
|
| @@ -1070,12 +1078,15 @@ IN_PROC_BROWSER_TEST_F(SecurityStyleChangedTest,
|
| content::WaitForInterstitialAttach(web_contents);
|
| EXPECT_TRUE(web_contents->ShowingInterstitialPage());
|
| CheckBrokenSecurityStyle(observer, net::ERR_CERT_COMMON_NAME_INVALID,
|
| - browser());
|
| + browser(),
|
| + https_test_server_expired.GetCertificate().get());
|
| ProceedThroughInterstitial(web_contents);
|
| CheckBrokenSecurityStyle(observer, net::ERR_CERT_COMMON_NAME_INVALID,
|
| - browser());
|
| + browser(),
|
| + https_test_server_expired.GetCertificate().get());
|
| CheckSecureExplanations(observer.latest_explanations().secure_explanations,
|
| - INVALID_CERTIFICATE, browser());
|
| + INVALID_CERTIFICATE, browser(),
|
| + https_test_server_expired.GetCertificate().get());
|
| EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic);
|
| EXPECT_FALSE(observer.latest_explanations().pkp_bypassed);
|
| EXPECT_TRUE(observer.latest_explanations().info_explanations.empty());
|
| @@ -1095,7 +1106,8 @@ IN_PROC_BROWSER_TEST_F(SecurityStyleChangedTest,
|
| observer.latest_explanations().unauthenticated_explanations.size());
|
| EXPECT_EQ(0u, observer.latest_explanations().broken_explanations.size());
|
| CheckSecureExplanations(observer.latest_explanations().secure_explanations,
|
| - VALID_CERTIFICATE, browser());
|
| + VALID_CERTIFICATE, browser(),
|
| + https_server_.GetCertificate().get());
|
| EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic);
|
| EXPECT_FALSE(observer.latest_explanations().pkp_bypassed);
|
| EXPECT_TRUE(observer.latest_explanations().info_explanations.empty());
|
|
|
Chromium Code Reviews
Issue 2327433002:
Stop using CertStore which is not compatible with PlzNavigate. (Closed)
