Chromium Code Reviews Chromium Code Reviews
Issue 2620203003:
Add initial version of captive portal list checking. (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <utility> | 5 #include <utility> |
| 6 | 6 |
| 7 #include "base/base_switches.h" | 7 #include "base/base_switches.h" |
| 8 #include "base/bind.h" | 8 #include "base/bind.h" |
| 9 #include "base/bind_helpers.h" | 9 #include "base/bind_helpers.h" |
| 10 #include "base/callback.h" | 10 #include "base/callback.h" |
| (...skipping 13 matching lines...) Expand all Loading... | |
| 24 #include "base/time/default_tick_clock.h" | 24 #include "base/time/default_tick_clock.h" |
| 25 #include "base/time/time.h" | 25 #include "base/time/time.h" |
| 26 #include "build/build_config.h" | 26 #include "build/build_config.h" |
| 27 #include "chrome/app/chrome_command_ids.h" | 27 #include "chrome/app/chrome_command_ids.h" |
| 28 #include "chrome/browser/browser_process.h" | 28 #include "chrome/browser/browser_process.h" |
| 29 #include "chrome/browser/chrome_notification_types.h" | 29 #include "chrome/browser/chrome_notification_types.h" |
| 30 #include "chrome/browser/content_settings/host_content_settings_map_factory.h" | 30 #include "chrome/browser/content_settings/host_content_settings_map_factory.h" |
| 31 #include "chrome/browser/interstitials/security_interstitial_page_test_utils.h" | 31 #include "chrome/browser/interstitials/security_interstitial_page_test_utils.h" |
| 32 #include "chrome/browser/profiles/profile.h" | 32 #include "chrome/browser/profiles/profile.h" |
| 33 #include "chrome/browser/ssl/bad_clock_blocking_page.h" | 33 #include "chrome/browser/ssl/bad_clock_blocking_page.h" |
| 34 #include "chrome/browser/ssl/captive_portal_blocking_page.h" | |
| 34 #include "chrome/browser/ssl/cert_report_helper.h" | 35 #include "chrome/browser/ssl/cert_report_helper.h" |
| 35 #include "chrome/browser/ssl/cert_verifier_browser_test.h" | 36 #include "chrome/browser/ssl/cert_verifier_browser_test.h" |
| 36 #include "chrome/browser/ssl/certificate_reporting_test_utils.h" | 37 #include "chrome/browser/ssl/certificate_reporting_test_utils.h" |
| 37 #include "chrome/browser/ssl/chrome_ssl_host_state_delegate.h" | 38 #include "chrome/browser/ssl/chrome_ssl_host_state_delegate.h" |
| 38 #include "chrome/browser/ssl/common_name_mismatch_handler.h" | 39 #include "chrome/browser/ssl/common_name_mismatch_handler.h" |
| 39 #include "chrome/browser/ssl/security_state_tab_helper.h" | 40 #include "chrome/browser/ssl/security_state_tab_helper.h" |
| 40 #include "chrome/browser/ssl/ssl_blocking_page.h" | 41 #include "chrome/browser/ssl/ssl_blocking_page.h" |
| 41 #include "chrome/browser/ssl/ssl_error_handler.h" | 42 #include "chrome/browser/ssl/ssl_error_handler.h" |
| 43 #include "chrome/browser/ssl/tls_error_assistant.pb.h" | |
| 42 #include "chrome/browser/ui/browser.h" | 44 #include "chrome/browser/ui/browser.h" |
| 43 #include "chrome/browser/ui/browser_commands.h" | 45 #include "chrome/browser/ui/browser_commands.h" |
| 44 #include "chrome/browser/ui/browser_finder.h" | 46 #include "chrome/browser/ui/browser_finder.h" |
| 45 #include "chrome/browser/ui/browser_navigator.h" | 47 #include "chrome/browser/ui/browser_navigator.h" |
| 46 #include "chrome/browser/ui/browser_navigator_params.h" | 48 #include "chrome/browser/ui/browser_navigator_params.h" |
| 47 #include "chrome/browser/ui/browser_tabstrip.h" | 49 #include "chrome/browser/ui/browser_tabstrip.h" |
| 48 #include "chrome/browser/ui/tabs/tab_strip_model.h" | 50 #include "chrome/browser/ui/tabs/tab_strip_model.h" |
| 49 #include "chrome/common/chrome_paths.h" | 51 #include "chrome/common/chrome_paths.h" |
| 50 #include "chrome/common/chrome_switches.h" | 52 #include "chrome/common/chrome_switches.h" |
| 51 #include "chrome/common/pref_names.h" | 53 #include "chrome/common/pref_names.h" |
| (...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 115 using content::NavigationEntry; | 117 using content::NavigationEntry; |
| 116 using content::SSLStatus; | 118 using content::SSLStatus; |
| 117 using content::WebContents; | 119 using content::WebContents; |
| 118 using web_modal::WebContentsModalDialogManager; | 120 using web_modal::WebContentsModalDialogManager; |
| 119 | 121 |
| 120 const base::FilePath::CharType kDocRoot[] = | 122 const base::FilePath::CharType kDocRoot[] = |
| 121 FILE_PATH_LITERAL("chrome/test/data"); | 123 FILE_PATH_LITERAL("chrome/test/data"); |
| 122 | 124 |
| 123 namespace { | 125 namespace { |
| 124 | 126 |
| 127 // Sha256 fingerprint of okay.pem's Subject Public Key Information. | |
| 128 // Compute the hash as follows: | |
| 129 // openssl x509 -noout -in net/data/ssl/certificates/ok_cert.pem -pubkey | \ | |
| 130 // openssl asn1parse -noout -inform pem -out public.key; \ | |
| 131 // openssl dgst -sha256 -binary public.key | openssl enc -base64 | |
| 132 const char* kOkayPemSPKI = | |
| 133 "sha256/2zCMVDKgnKec0721Sp1zVh2yiHeW/LJK4STkNnEa1og="; | |
| 134 | |
| 125 enum ProceedDecision { | 135 enum ProceedDecision { |
| 126 SSL_INTERSTITIAL_PROCEED, | 136 SSL_INTERSTITIAL_PROCEED, |
| 127 SSL_INTERSTITIAL_DO_NOT_PROCEED | 137 SSL_INTERSTITIAL_DO_NOT_PROCEED |
| 128 }; | 138 }; |
| 129 | 139 |
| 130 namespace AuthState { | 140 namespace AuthState { |
| 131 | 141 |
| 132 enum AuthStateFlags { | 142 enum AuthStateFlags { |
| 133 NONE = 0, | 143 NONE = 0, |
| 134 DISPLAYED_INSECURE_CONTENT = 1 << 0, | 144 DISPLAYED_INSECURE_CONTENT = 1 << 0, |
| (...skipping 82 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 217 SSLErrorHandler::SetInterstitialTimerStartedCallbackForTesting(&callback_); | 227 SSLErrorHandler::SetInterstitialTimerStartedCallbackForTesting(&callback_); |
| 218 } | 228 } |
| 219 | 229 |
| 220 ~SSLInterstitialTimerObserver() { | 230 ~SSLInterstitialTimerObserver() { |
| 221 SSLErrorHandler::SetInterstitialTimerStartedCallbackForTesting(nullptr); | 231 SSLErrorHandler::SetInterstitialTimerStartedCallbackForTesting(nullptr); |
| 222 } | 232 } |
| 223 | 233 |
| 224 // Waits until the interstitial delay timer in SSLErrorHandler is started. | 234 // Waits until the interstitial delay timer in SSLErrorHandler is started. |
| 225 void WaitForTimerStarted() { message_loop_runner_->Run(); } | 235 void WaitForTimerStarted() { message_loop_runner_->Run(); } |
| 226 | 236 |
| 237 // Returns true if the timer has been started. | |
|
estark
2017/01/20 23:31:18
nit: "timer" => "interstitial delay timer"
(otherw
meacer
2017/01/31 00:22:46
Done.
| |
| 238 bool timer_started() const { return timer_started_; } | |
| 239 | |
| 227 private: | 240 private: |
| 228 void OnTimerStarted(content::WebContents* web_contents) { | 241 void OnTimerStarted(content::WebContents* web_contents) { |
| 242 timer_started_ = true; | |
| 229 if (web_contents_ == web_contents) | 243 if (web_contents_ == web_contents) |
| 230 message_loop_runner_->Quit(); | 244 message_loop_runner_->Quit(); |
| 231 } | 245 } |
| 232 | 246 |
| 247 bool timer_started_ = false; | |
| 233 const content::WebContents* web_contents_; | 248 const content::WebContents* web_contents_; |
| 234 SSLErrorHandler::TimerStartedCallback callback_; | 249 SSLErrorHandler::TimerStartedCallback callback_; |
| 235 | 250 |
| 236 std::unique_ptr<base::RunLoop> message_loop_runner_; | 251 std::unique_ptr<base::RunLoop> message_loop_runner_; |
| 237 | 252 |
| 238 DISALLOW_COPY_AND_ASSIGN(SSLInterstitialTimerObserver); | 253 DISALLOW_COPY_AND_ASSIGN(SSLInterstitialTimerObserver); |
| 239 }; | 254 }; |
| 240 | 255 |
| 241 class HungJob : public net::URLRequestJob { | 256 class HungJob : public net::URLRequestJob { |
| 242 public: | 257 public: |
| (...skipping 3634 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 3877 IN_PROC_BROWSER_TEST_F(SSLUITestIgnoreLocalhostCertErrors, | 3892 IN_PROC_BROWSER_TEST_F(SSLUITestIgnoreLocalhostCertErrors, |
| 3878 NoCrashOnLoadWithNoNavigationEntry) { | 3893 NoCrashOnLoadWithNoNavigationEntry) { |
| 3879 ASSERT_TRUE(embedded_test_server()->Start()); | 3894 ASSERT_TRUE(embedded_test_server()->Start()); |
| 3880 | 3895 |
| 3881 ui_test_utils::NavigateToURL( | 3896 ui_test_utils::NavigateToURL( |
| 3882 browser(), embedded_test_server()->GetURL("/ssl/google.html")); | 3897 browser(), embedded_test_server()->GetURL("/ssl/google.html")); |
| 3883 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); | 3898 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); |
| 3884 ASSERT_TRUE(content::ExecuteScript(tab, "window.open()")); | 3899 ASSERT_TRUE(content::ExecuteScript(tab, "window.open()")); |
| 3885 } | 3900 } |
| 3886 | 3901 |
| 3902 IN_PROC_BROWSER_TEST_F(SSLUITest, CaptivePortalListTest) { | |
| 3903 ASSERT_TRUE(https_server_mismatched_.Start()); | |
| 3904 base::HistogramTester histograms; | |
| 3905 | |
| 3906 // Mark the server's cert as a captive portal cert. | |
| 3907 chrome_browser_ssl::TLSErrorAssistantConfig config_proto; | |
| 3908 config_proto.add_captive_portal_cert()->set_sha256_hash(kOkayPemSPKI); | |
| 3909 SSLErrorHandler::SetErrorAssistantProtoForTesting(config_proto); | |
| 3910 | |
| 3911 // Navigate to an unsafe site. Proceed with interstitial page to indicate | |
|
estark
2017/01/20 23:31:18
The "Proceed with..." part doesn't apply, right? (
meacer
2017/01/31 00:22:46
Done.
| |
| 3912 // the user approves the bad certificate. | |
| 3913 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); | |
| 3914 SSLInterstitialTimerObserver interstitial_timer_observer(tab); | |
| 3915 ui_test_utils::NavigateToURL( | |
| 3916 browser(), https_server_mismatched_.GetURL("/ssl/blank_page.html")); | |
| 3917 content::WaitForInterstitialAttach(tab); | |
| 3918 | |
| 3919 InterstitialPage* interstitial_page = tab->GetInterstitialPage(); | |
| 3920 ASSERT_EQ(CaptivePortalBlockingPage::kTypeForTesting, | |
| 3921 interstitial_page->GetDelegateForTesting()->GetTypeForTesting()); | |
| 3922 EXPECT_FALSE(interstitial_timer_observer.timer_started()); | |
| 3923 | |
| 3924 // Check that the histogram for the captive portal cert was recorded. | |
|
estark
2017/01/20 23:31:18
optional nit: I usually throw in an ExpectTotalCou
meacer
2017/01/31 00:22:46
Done.
| |
| 3925 histograms.ExpectBucketCount(SSLErrorHandler::GetHistogramNameForTesting(), | |
| 3926 SSLErrorHandler::HANDLE_ALL, 1); | |
| 3927 histograms.ExpectBucketCount(SSLErrorHandler::GetHistogramNameForTesting(), | |
| 3928 SSLErrorHandler::CAPTIVE_PORTAL_CERT_FOUND, 1); | |
| 3929 } | |
| 3930 | |
| 3887 // TODO(jcampan): more tests to do below. | 3931 // TODO(jcampan): more tests to do below. |
| 3888 | 3932 |
| 3889 // Visit a page over https that contains a frame with a redirect. | 3933 // Visit a page over https that contains a frame with a redirect. |
| 3890 | 3934 |
| 3891 // XMLHttpRequest insecure content in synchronous mode. | 3935 // XMLHttpRequest insecure content in synchronous mode. |
| 3892 | 3936 |
| 3893 // XMLHttpRequest insecure content in asynchronous mode. | 3937 // XMLHttpRequest insecure content in asynchronous mode. |
| 3894 | 3938 |
| 3895 // XMLHttpRequest over bad ssl in synchronous mode. | 3939 // XMLHttpRequest over bad ssl in synchronous mode. |
| 3896 | 3940 |
| 3897 // XMLHttpRequest over OK ssl in synchronous mode. | 3941 // XMLHttpRequest over OK ssl in synchronous mode. |
| OLD | NEW |
