Chromium Code Reviews Chromium Code Reviews
Issue 2620203003:
Add initial version of captive portal list checking. (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/ssl/ssl_error_handler.h" | 5 #include "chrome/browser/ssl/ssl_error_handler.h" |
| 6 | 6 |
| 7 #include "base/callback.h" | 7 #include "base/callback.h" |
| 8 #include "base/macros.h" | 8 #include "base/macros.h" |
| 9 #include "base/memory/ptr_util.h" | 9 #include "base/memory/ptr_util.h" |
| 10 #include "base/metrics/field_trial.h" | 10 #include "base/metrics/field_trial.h" |
| 11 #include "base/run_loop.h" | 11 #include "base/run_loop.h" |
| 12 #include "base/test/histogram_tester.h" | 12 #include "base/test/histogram_tester.h" |
| 13 #include "base/test/simple_test_clock.h" | 13 #include "base/test/simple_test_clock.h" |
| 14 #include "base/test/simple_test_tick_clock.h" | 14 #include "base/test/simple_test_tick_clock.h" |
| 15 #include "base/time/time.h" | 15 #include "base/time/time.h" |
| 16 #include "chrome/browser/captive_portal/captive_portal_service.h" | 16 #include "chrome/browser/captive_portal/captive_portal_service.h" |
| 17 #include "chrome/browser/profiles/profile.h" | 17 #include "chrome/browser/profiles/profile.h" |
| 18 #include "chrome/browser/ssl/common_name_mismatch_handler.h" | 18 #include "chrome/browser/ssl/common_name_mismatch_handler.h" |
| 19 #include "chrome/browser/ssl/tls_error_assistant.pb.h" | |
| 19 #include "chrome/common/features.h" | 20 #include "chrome/common/features.h" |
| 20 #include "chrome/test/base/chrome_render_view_host_test_harness.h" | 21 #include "chrome/test/base/chrome_render_view_host_test_harness.h" |
| 21 #include "chrome/test/base/testing_profile.h" | 22 #include "chrome/test/base/testing_profile.h" |
| 22 #include "components/captive_portal/captive_portal_testing_utils.h" | 23 #include "components/captive_portal/captive_portal_testing_utils.h" |
| 23 #include "components/network_time/network_time_test_utils.h" | 24 #include "components/network_time/network_time_test_utils.h" |
| 24 #include "components/network_time/network_time_tracker.h" | 25 #include "components/network_time/network_time_tracker.h" |
| 25 #include "components/prefs/testing_pref_service.h" | 26 #include "components/prefs/testing_pref_service.h" |
| 26 #include "content/public/browser/browser_thread.h" | 27 #include "content/public/browser/browser_thread.h" |
| 27 #include "content/public/browser/notification_service.h" | 28 #include "content/public/browser/notification_service.h" |
| 28 #include "net/base/net_errors.h" | 29 #include "net/base/net_errors.h" |
| 29 #include "net/cert/cert_status_flags.h" | 30 #include "net/cert/cert_status_flags.h" |
| 30 #include "net/cert/x509_certificate.h" | 31 #include "net/cert/x509_certificate.h" |
| 31 #include "net/http/http_response_headers.h" | 32 #include "net/http/http_response_headers.h" |
| 32 #include "net/ssl/ssl_info.h" | 33 #include "net/ssl/ssl_info.h" |
| 33 #include "net/test/cert_test_util.h" | 34 #include "net/test/cert_test_util.h" |
| 34 #include "net/test/embedded_test_server/embedded_test_server.h" | 35 #include "net/test/embedded_test_server/embedded_test_server.h" |
| 35 #include "net/test/embedded_test_server/http_response.h" | 36 #include "net/test/embedded_test_server/http_response.h" |
| 36 #include "net/test/test_certificate_data.h" | 37 #include "net/test/test_certificate_data.h" |
| 37 #include "net/test/test_data_directory.h" | 38 #include "net/test/test_data_directory.h" |
| 38 #include "net/url_request/url_request_test_util.h" | 39 #include "net/url_request/url_request_test_util.h" |
| 39 #include "testing/gtest/include/gtest/gtest.h" | 40 #include "testing/gtest/include/gtest/gtest.h" |
| 40 | 41 |
| 41 namespace { | 42 namespace { |
| 42 | 43 |
| 43 const char kCertDateErrorHistogram[] = | 44 const char kCertDateErrorHistogram[] = |
| 44 "interstitial.ssl_error_handler.cert_date_error_delay"; | 45 "interstitial.ssl_error_handler.cert_date_error_delay"; |
| 45 | 46 |
| 47 const net::SHA256HashValue kCertPublicKeyHashValue = {{0x01, 0x02}}; | |
| 48 | |
| 46 } // namespace | 49 } // namespace |
| 47 | 50 |
| 48 class SSLErrorHandlerForTest : public SSLErrorHandler { | 51 class SSLErrorHandlerForTest : public SSLErrorHandler { |
| 49 public: | 52 public: |
| 50 SSLErrorHandlerForTest(Profile* profile, | 53 SSLErrorHandlerForTest(Profile* profile, |
| 51 content::WebContents* web_contents, | 54 content::WebContents* web_contents, |
| 52 const net::SSLInfo& ssl_info) | 55 const net::SSLInfo& ssl_info) |
| 53 : SSLErrorHandler( | 56 : SSLErrorHandler( |
| 54 web_contents, | 57 web_contents, |
| 55 net::MapCertStatusToNetError(ssl_info.cert_status), | 58 net::MapCertStatusToNetError(ssl_info.cert_status), |
| (...skipping 108 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 164 class SSLErrorHandlerNameMismatchTest : public ChromeRenderViewHostTestHarness { | 167 class SSLErrorHandlerNameMismatchTest : public ChromeRenderViewHostTestHarness { |
| 165 public: | 168 public: |
| 166 SSLErrorHandlerNameMismatchTest() : field_trial_list_(nullptr) {} | 169 SSLErrorHandlerNameMismatchTest() : field_trial_list_(nullptr) {} |
| 167 | 170 |
| 168 void SetUp() override { | 171 void SetUp() override { |
| 169 ChromeRenderViewHostTestHarness::SetUp(); | 172 ChromeRenderViewHostTestHarness::SetUp(); |
| 170 SSLErrorHandler::SetInterstitialDelayForTesting(base::TimeDelta()); | 173 SSLErrorHandler::SetInterstitialDelayForTesting(base::TimeDelta()); |
| 171 ssl_info_.cert = | 174 ssl_info_.cert = |
| 172 net::ImportCertFromFile(net::GetTestCertsDirectory(), "ok_cert.pem"); | 175 net::ImportCertFromFile(net::GetTestCertsDirectory(), "ok_cert.pem"); |
| 173 ssl_info_.cert_status = net::CERT_STATUS_COMMON_NAME_INVALID; | 176 ssl_info_.cert_status = net::CERT_STATUS_COMMON_NAME_INVALID; |
| 177 ssl_info_.public_key_hashes.push_back( | |
| 178 net::HashValue(kCertPublicKeyHashValue)); | |
| 174 error_handler_.reset( | 179 error_handler_.reset( |
| 175 new SSLErrorHandlerForTest(profile(), web_contents(), ssl_info_)); | 180 new SSLErrorHandlerForTest(profile(), web_contents(), ssl_info_)); |
| 176 // Enable finch experiment for captive portal interstitials. | 181 // Enable finch experiment for captive portal interstitials. |
| 177 ASSERT_TRUE(base::FieldTrialList::CreateFieldTrial( | 182 ASSERT_TRUE(base::FieldTrialList::CreateFieldTrial( |
| 178 "CaptivePortalInterstitial", "Enabled")); | 183 "CaptivePortalInterstitial", "Enabled")); |
| 179 // Enable finch experiment for SSL common name mismatch handling. | 184 // Enable finch experiment for SSL common name mismatch handling. |
| 180 ASSERT_TRUE(base::FieldTrialList::CreateFieldTrial( | 185 ASSERT_TRUE(base::FieldTrialList::CreateFieldTrial( |
| 181 "SSLCommonNameMismatchHandling", "Enabled")); | 186 "SSLCommonNameMismatchHandling", "Enabled")); |
| 182 } | 187 } |
| 183 | 188 |
| 184 void TearDown() override { | 189 void TearDown() override { |
| 185 EXPECT_FALSE(error_handler()->IsTimerRunning()); | 190 EXPECT_FALSE(error_handler()->IsTimerRunning()); |
| 186 error_handler_.reset(nullptr); | 191 error_handler_.reset(nullptr); |
| 187 ChromeRenderViewHostTestHarness::TearDown(); | 192 ChromeRenderViewHostTestHarness::TearDown(); |
| 188 } | 193 } |
| 189 | 194 |
| 190 SSLErrorHandlerForTest* error_handler() { return error_handler_.get(); } | 195 SSLErrorHandlerForTest* error_handler() { return error_handler_.get(); } |
| 191 | 196 |
| 197 const net::SSLInfo& ssl_info() { return ssl_info_; } | |
| 198 | |
| 192 private: | 199 private: |
| 193 net::SSLInfo ssl_info_; | 200 net::SSLInfo ssl_info_; |
| 194 std::unique_ptr<SSLErrorHandlerForTest> error_handler_; | 201 std::unique_ptr<SSLErrorHandlerForTest> error_handler_; |
| 195 base::FieldTrialList field_trial_list_; | 202 base::FieldTrialList field_trial_list_; |
| 196 | 203 |
| 197 DISALLOW_COPY_AND_ASSIGN(SSLErrorHandlerNameMismatchTest); | 204 DISALLOW_COPY_AND_ASSIGN(SSLErrorHandlerNameMismatchTest); |
| 198 }; | 205 }; |
| 199 | 206 |
| 200 class SSLErrorHandlerDateInvalidTest : public ChromeRenderViewHostTestHarness { | 207 class SSLErrorHandlerDateInvalidTest : public ChromeRenderViewHostTestHarness { |
| 201 public: | 208 public: |
| (...skipping 340 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 542 // Check that the histogram for the delay was recorded. | 549 // Check that the histogram for the delay was recorded. |
| 543 histograms.ExpectTotalCount(kCertDateErrorHistogram, 1); | 550 histograms.ExpectTotalCount(kCertDateErrorHistogram, 1); |
| 544 | 551 |
| 545 // Clear the error handler to test that, when the request completes, | 552 // Clear the error handler to test that, when the request completes, |
| 546 // it doesn't try to call a callback on a deleted SSLErrorHandler. | 553 // it doesn't try to call a callback on a deleted SSLErrorHandler. |
| 547 ClearErrorHandler(); | 554 ClearErrorHandler(); |
| 548 | 555 |
| 549 // Shut down the server to cancel the pending request. | 556 // Shut down the server to cancel the pending request. |
| 550 ASSERT_TRUE(test_server()->ShutdownAndWaitUntilComplete()); | 557 ASSERT_TRUE(test_server()->ShutdownAndWaitUntilComplete()); |
| 551 } | 558 } |
| 559 | |
| 560 TEST_F(SSLErrorHandlerNameMismatchTest, KnownCaptivePortal) { | |
| 561 base::HistogramTester histograms; | |
| 562 | |
| 563 EXPECT_FALSE(error_handler()->IsTimerRunning()); | |
| 564 EXPECT_EQ(1u, ssl_info().public_key_hashes.size()); | |
|
estark
2017/01/12 18:54:44
nit: might want to add a test case for when there'
meacer
2017/01/20 21:30:00
Changed this test to use multiple hashes.
| |
| 565 | |
| 566 chrome_browser_ssl::TLSErrorAssistantConfig config_proto; | |
| 567 config_proto.add_captive_portal_cert()->set_sha256_hash( | |
| 568 ssl_info().public_key_hashes[0].ToString()); | |
| 569 SSLErrorHandler::SetErrorAssistantProtoForTesting(config_proto); | |
| 570 | |
| 571 error_handler()->StartHandlingError(); | |
| 572 | |
| 573 // Timer shouldn't start for a known captive portal certificate. | |
| 574 EXPECT_FALSE(error_handler()->IsTimerRunning()); | |
| 575 EXPECT_FALSE(error_handler()->captive_portal_checked()); | |
| 576 EXPECT_FALSE(error_handler()->ssl_interstitial_shown()); | |
| 577 EXPECT_TRUE(error_handler()->captive_portal_interstitial_shown()); | |
| 578 | |
| 579 base::RunLoop().RunUntilIdle(); | |
|
estark
2017/01/12 18:54:43
This is a little confusing, why do we run the run
meacer
2017/01/12 23:54:03
This is in case SSLErrorHandler incorrectly starts
meacer
2017/01/20 21:30:00
Added a comment.
| |
| 580 | |
| 581 EXPECT_FALSE(error_handler()->IsTimerRunning()); | |
| 582 EXPECT_FALSE(error_handler()->captive_portal_checked()); | |
| 583 EXPECT_FALSE(error_handler()->ssl_interstitial_shown()); | |
| 584 EXPECT_TRUE(error_handler()->captive_portal_interstitial_shown()); | |
| 585 | |
| 586 // Check that the histogram for the captive portal cert was recorded. | |
| 587 histograms.ExpectBucketCount(SSLErrorHandler::GetHistogramNameForTesting(), | |
| 588 SSLErrorHandler::HANDLE_ALL, 1); | |
| 589 histograms.ExpectBucketCount(SSLErrorHandler::GetHistogramNameForTesting(), | |
| 590 SSLErrorHandler::CAPTIVE_PORTAL_CERT_FOUND, 1); | |
| 591 } | |
| OLD | NEW |
