Refactor SecurityStateModel/Clients for simplicity and reusability.

chrome/browser/ssl/chrome_security_state_model_client_browser_tests.cc

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/ssl/chrome_security_state_model_client.h"
 
 #include <openssl/ssl.h>
 
 #include "base/command_line.h"
 #include "base/files/file_path.h"
 #include "base/macros.h"
 #include "base/strings/string_split.h"
 #include "base/strings/utf_string_conversions.h"
 #include "chrome/browser/ssl/cert_verifier_browser_test.h"
 #include "chrome/browser/ssl/chrome_security_state_model_client.h"
 #include "chrome/browser/ssl/ssl_blocking_page.h"
 #include "chrome/browser/ui/browser.h"
 #include "chrome/browser/ui/browser_commands.h"
 #include "chrome/browser/ui/tabs/tab_strip_model.h"
 #include "chrome/common/chrome_paths.h"
 #include "chrome/common/chrome_switches.h"
 #include "chrome/common/pref_names.h"
-#include "chrome/grit/generated_resources.h"
 #include "chrome/test/base/in_process_browser_test.h"
 #include "chrome/test/base/ui_test_utils.h"
 #include "components/prefs/pref_service.h"
-#include "components/security_state/switches.h"
+#include "components/security_state/core/switches.h"
+#include "components/strings/grit/components_strings.h"
 #include "content/public/browser/interstitial_page.h"
 #include "content/public/browser/navigation_controller.h"
 #include "content/public/browser/navigation_entry.h"
 #include "content/public/browser/notification_service.h"
 #include "content/public/browser/notification_types.h"
 #include "content/public/browser/security_style_explanation.h"
 #include "content/public/browser/security_style_explanations.h"
 #include "content/public/browser/ssl_status.h"
 #include "content/public/browser/web_contents.h"
 #include "content/public/common/referrer.h"
@@ skipping 310 matching lines @@
     command_line->AppendSwitch(switches::kAllowRunningInsecureContent);
   }
 
  protected:
   net::EmbeddedTestServer https_server_;
 
  private:
   DISALLOW_COPY_AND_ASSIGN(SecurityStyleChangedTest);
 };
 
+}  // namespace
+
 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, HttpPage) {
   ASSERT_TRUE(embedded_test_server()->Start());
   ui_test_utils::NavigateToURL(
       browser(), embedded_test_server()->GetURL("/ssl/google.html"));
   content::WebContents* contents =
       browser()->tab_strip_model()->GetActiveWebContents();
   ASSERT_TRUE(contents);
 
   ChromeSecurityStateModelClient* model_client =
       ChromeSecurityStateModelClient::FromWebContents(contents);
@@ skipping 358 matching lines @@
       embedded_test_server()->host_port_pair(), &replacement_path);
   ui_test_utils::NavigateToURL(browser(),
                                https_server_.GetURL(replacement_path));
   CheckSecurityInfoForSecure(
       browser()->tab_strip_model()->GetActiveWebContents(),
       SecurityStateModel::DANGEROUS, SecurityStateModel::NO_DEPRECATED_SHA1,
       SecurityStateModel::CONTENT_STATUS_DISPLAYED, false,
       true /* expect cert status error */);
 }
 
+namespace {
+
 const char kReportURI[] = "https://report-hpkp.test";
 
 class PKPModelClientTest : public ChromeSecurityStateModelClientTest {
  public:
   void SetUpOnMainThread() override {
     ASSERT_TRUE(https_server_.Start());
     url_request_context_getter_ = browser()->profile()->GetRequestContext();
     content::BrowserThread::PostTask(
         content::BrowserThread::IO, FROM_HERE,
         base::Bind(&PKPModelClientTest::SetUpOnIOThread,
@@ skipping 15 matching lines @@
     hashes.push_back(hash);
 
     security_state->AddHPKP(https_server_.host_port_pair().host(), expiration,
                             true, hashes, GURL(kReportURI));
   }
 
  protected:
   scoped_refptr<net::URLRequestContextGetter> url_request_context_getter_;
 };
 
+}  // namespace
+
 IN_PROC_BROWSER_TEST_F(PKPModelClientTest, PKPBypass) {
   content::WebContents* web_contents =
       browser()->tab_strip_model()->GetActiveWebContents();
   SecurityStyleTestObserver observer(web_contents);
 
   scoped_refptr<net::X509Certificate> cert(https_server_.GetCertificate());
   net::CertVerifyResult verify_result;
   // PKP is bypassed when |is_issued_by_known_root| is false.
   verify_result.is_issued_by_known_root = false;
   verify_result.verified_cert = cert;
@@ skipping 32 matching lines @@
   verify_result.public_key_hashes.push_back(hash);
 
   mock_cert_verifier()->AddResultForCert(cert, verify_result, net::OK);
 
   ui_test_utils::NavigateToURL(browser(),
                                https_server_.GetURL("/ssl/google.html"));
   CheckBrokenSecurityStyle(observer, net::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN,
                            browser(), cert.get());
 }
 
+namespace {
+
 // Fails requests with ERR_IO_PENDING. Can be used to simulate a navigation
 // that never stops loading.
 class PendingJobInterceptor : public net::URLRequestInterceptor {
  public:
   PendingJobInterceptor() {}
   ~PendingJobInterceptor() override {}
 
   // URLRequestInterceptor implementation
   net::URLRequestJob* MaybeInterceptRequest(
       net::URLRequest* request,
@@ skipping 25 matching lines @@
 
     content::BrowserThread::PostTask(
         content::BrowserThread::IO, FROM_HERE,
         base::Bind(&InstallLoadingInterceptor,
                    embedded_test_server()->GetURL("/title1.html").host()));
   }
 
   DISALLOW_COPY_AND_ASSIGN(SecurityStateModelLoadingTest);
 };
 
+}  // namespace
+
 // Tests that navigation state changes cause the security state to be
 // updated.
 IN_PROC_BROWSER_TEST_F(SecurityStateModelLoadingTest, NavigationStateChanges) {
   ASSERT_TRUE(https_server_.Start());
   SetUpMockCertVerifierForHttpsServer(0, net::OK);
 
   // Navigate to an HTTPS page.
   ui_test_utils::NavigateToURL(browser(),
                                https_server_.GetURL("/ssl/google.html"));
   CheckSecurityInfoForSecure(
@@ skipping 30 matching lines @@
   // First, test that if the flags aren't set on the NavigationEntry,
   // then they also aren't set on the VisibleSecurityState.
   content::SSLStatus& ssl_status =
       contents->GetController().GetVisibleEntry()->GetSSL();
   ASSERT_FALSE(ssl_status.content_status &
                content::SSLStatus::DISPLAYED_PASSWORD_FIELD_ON_HTTP);
   ASSERT_FALSE(ssl_status.content_status &
                content::SSLStatus::DISPLAYED_CREDIT_CARD_FIELD_ON_HTTP);
   SecurityStateModel::VisibleSecurityState
       visible_security_state_no_sensitive_inputs;
-  model_client->GetVisibleSecurityState(
+  model_client->security_state_model_->GetVisibleSecurityState(
       &visible_security_state_no_sensitive_inputs);
   EXPECT_FALSE(visible_security_state_no_sensitive_inputs
                    .displayed_password_field_on_http);
   EXPECT_FALSE(visible_security_state_no_sensitive_inputs
                    .displayed_credit_card_field_on_http);
 
   // Now, set the flags on the NavigationEntry and test that they are
   // reflected in the VisibleSecurityState.
   ssl_status.content_status |=
       content::SSLStatus::DISPLAYED_PASSWORD_FIELD_ON_HTTP;
   ssl_status.content_status |=
       content::SSLStatus::DISPLAYED_CREDIT_CARD_FIELD_ON_HTTP;
   SecurityStateModel::VisibleSecurityState
       visible_security_state_sensitive_inputs;
-  model_client->GetVisibleSecurityState(
+  model_client->security_state_model_->GetVisibleSecurityState(
       &visible_security_state_sensitive_inputs);
   EXPECT_TRUE(
       visible_security_state_sensitive_inputs.displayed_password_field_on_http);
   EXPECT_TRUE(visible_security_state_sensitive_inputs
                   .displayed_credit_card_field_on_http);
 }
 
 // Tests that when a visible password field is detected on an HTTP page
 // load, and when the command-line flag is set, the security level is
 // downgraded to HTTP_SHOW_WARNING.
@@ skipping 168 matching lines @@
             security_info.security_level);
 
   // The SSLStatus flags should only be set if the top-level page load was HTTP,
   // which it was not in this case.
   content::NavigationEntry* entry = contents->GetController().GetVisibleEntry();
   ASSERT_TRUE(entry);
   EXPECT_FALSE(entry->GetSSL().content_status &
                content::SSLStatus::DISPLAYED_PASSWORD_FIELD_ON_HTTP);
 }
 
+namespace {
+
 // A Browser subclass that keeps track of messages that have been
 // added to the console. Messages can be retrieved or cleared with
 // console_messages() and ClearConsoleMessages(). The user of this class
 // can set a callback to run when the next console message notification
 // arrives.
 class ConsoleWebContentsDelegate : public Browser {
  public:
   explicit ConsoleWebContentsDelegate(const Browser::CreateParams& params)
       : Browser(params) {}
   ~ConsoleWebContentsDelegate() override {}
@@ skipping 45 matching lines @@
 // this just looks for keywords in the string rather than the exact
 // text.
 void CheckForOneFutureHttpWarningConsoleMessage(
     ConsoleWebContentsDelegate* delegate) {
   const std::vector<base::string16>& messages = delegate->console_messages();
   ASSERT_EQ(1u, messages.size());
   EXPECT_NE(base::string16::npos,
             messages[0].find(base::ASCIIToUTF16("warning will be added")));
 }
 
+}  // namespace
+
 // Tests that console messages are printed upon a call to
 // GetSecurityInfo() on an HTTP_SHOW_WARNING page, exactly once per
 // main-frame navigation.
 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTestWithPasswordCcSwitch,
                        ConsoleMessage) {
   ConsoleWebContentsDelegate* delegate = new ConsoleWebContentsDelegate(
       Browser::CreateParams(browser()->profile()));
   content::WebContents* original_contents =
       browser()->tab_strip_model()->GetActiveWebContents();
   content::WebContents* contents =
@@ skipping 546 matching lines @@
   CheckSecureExplanations(observer.latest_explanations().secure_explanations,
                           VALID_CERTIFICATE, browser(),
                           https_server_.GetCertificate().get());
   EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic);
   EXPECT_FALSE(observer.latest_explanations().pkp_bypassed);
   EXPECT_TRUE(observer.latest_explanations().info_explanations.empty());
   EXPECT_FALSE(observer.latest_explanations().displayed_mixed_content);
   EXPECT_FALSE(observer.latest_explanations().ran_mixed_content);
 }
 
+namespace {
+
 // After AddNonsecureUrlHandler() is called, requests to this hostname
 // will use obsolete TLS settings.
 const char kMockNonsecureHostname[] = "example-nonsecure.test";
 const int kObsoleteTLSVersion = net::SSL_CONNECTION_VERSION_TLS1_1;
 // ECDHE_RSA + AES_128_CBC with HMAC-SHA1
 const uint16_t kObsoleteCipherSuite = 0xc013;
 
 // A URLRequestMockHTTPJob that mocks a TLS connection with the obsolete
 // TLS settings specified in kObsoleteTLSVersion and
 // kObsoleteCipherSuite.
@@ skipping 94 matching lines @@
             &AddNonsecureUrlHandler, serve_file, cert_,
             make_scoped_refptr(content::BrowserThread::GetBlockingPool())));
   }
 
  private:
   scoped_refptr<net::X509Certificate> cert_;
 
   DISALLOW_COPY_AND_ASSIGN(BrowserTestNonsecureURLRequest);
 };
 
+}  // namespace
+
 // Tests that a connection with obsolete TLS settings does not get a
 // secure connection explanation.
 IN_PROC_BROWSER_TEST_F(BrowserTestNonsecureURLRequest,
                        SecurityStyleChangedObserverNonsecureConnection) {
   content::WebContents* web_contents =
       browser()->tab_strip_model()->GetActiveWebContents();
   SecurityStyleTestObserver observer(web_contents);
 
   ui_test_utils::NavigateToURL(
       browser(), GURL(std::string("https://") + kMockNonsecureHostname));
@@ skipping 27 matching lines @@
       base::ASCIIToUTF16("AES_128_CBC with HMAC-SHA1"));
   base::string16 obsolete_description = l10n_util::GetStringFUTF16(
       IDS_OBSOLETE_SSL_DESCRIPTION, description_replacements, nullptr);
 
   EXPECT_EQ(
       obsolete_description,
       base::ASCIIToUTF16(
           observer.latest_explanations().info_explanations[0].description));
 }
 
+namespace {
+
 // After AddSCTUrlHandler() is called, requests to this hostname
 // will be served with Signed Certificate Timestamps.
 const char kMockHostnameWithSCTs[] = "example-scts.test";
 
 // URLRequestJobWithSCTs mocks a connection that includes a set of dummy
 // SCTs with these statuses.
 const std::vector<net::ct::SCTVerifyStatus> kTestSCTStatuses{
     net::ct::SCT_STATUS_OK, net::ct::SCT_STATUS_LOG_UNKNOWN,
     net::ct::SCT_STATUS_OK};
 
@@ skipping 97 matching lines @@
             &AddSCTUrlHandler, serve_file, cert_,
             make_scoped_refptr(content::BrowserThread::GetBlockingPool())));
   }
 
  private:
   scoped_refptr<net::X509Certificate> cert_;
 
   DISALLOW_COPY_AND_ASSIGN(BrowserTestURLRequestWithSCTs);
 };
 
+}  // namespace
+
 // Tests that, when Signed Certificate Timestamps (SCTs) are served on a
 // connection, the SCTs verification statuses are exposed on the
 // SecurityInfo.
 IN_PROC_BROWSER_TEST_F(BrowserTestURLRequestWithSCTs,
                        SecurityInfoWithSCTsAttached) {
   ui_test_utils::NavigateToURL(
       browser(), GURL(std::string("https://") + kMockHostnameWithSCTs));
 
   content::WebContents* web_contents =
       browser()->tab_strip_model()->GetActiveWebContents();
   ASSERT_TRUE(web_contents);
   ChromeSecurityStateModelClient* model_client =
       ChromeSecurityStateModelClient::FromWebContents(web_contents);
   ASSERT_TRUE(model_client);
   SecurityStateModel::SecurityInfo security_info;
   model_client->GetSecurityInfo(&security_info);
   EXPECT_EQ(SecurityStateModel::SECURE, security_info.security_level);
   EXPECT_EQ(kTestSCTStatuses, security_info.sct_verify_statuses);
 }
-
-}  // namespace