Chromium Code Reviews Chromium Code Reviews
Issue 2690333006:
Captive portal certificate list should be checked when name mismatch is the only error (Closed)
| Index: chrome/browser/ssl/ssl_error_handler_unittest.cc |
| diff --git a/chrome/browser/ssl/ssl_error_handler_unittest.cc b/chrome/browser/ssl/ssl_error_handler_unittest.cc |
| index 0beff0af2e4314be14bb1d2d44fcdd7d0d8df4bf..9384d88347d9c753469b75951a186fa8c6b4a38a 100644 |
| --- a/chrome/browser/ssl/ssl_error_handler_unittest.cc |
| +++ b/chrome/browser/ssl/ssl_error_handler_unittest.cc |
| @@ -191,16 +191,37 @@ class TestSSLErrorHandlerDelegate : public SSLErrorHandler::Delegate { |
| } // namespace |
| -template <net::CertStatus cert_status> |
| -class SSLErrorHandlerCertStatusTestBase |
| - : public ChromeRenderViewHostTestHarness { |
| +// A class to test name mismatch errors. Creates an error handler with a name |
| +// mismatch error by default. The error handler can be recreated by calling |
| +// ResetErrorHandler() with an appropriate cert status. |
| +class SSLErrorHandlerNameMismatchTest : public ChromeRenderViewHostTestHarness { |
|
estark
2017/02/25 01:33:18
It's a little weird that you use this fixture to t
meacer
2017/02/27 23:50:58
Done. Splitted captive portal tests into a separat
|
| public: |
| - SSLErrorHandlerCertStatusTestBase() : field_trial_list_(nullptr) {} |
| + SSLErrorHandlerNameMismatchTest() : field_trial_list_(nullptr) {} |
| void SetUp() override { |
| ChromeRenderViewHostTestHarness::SetUp(); |
| SSLErrorHandler::ResetConfigForTesting(); |
| SSLErrorHandler::SetInterstitialDelayForTesting(base::TimeDelta()); |
| + ResetErrorHandler(net::CERT_STATUS_COMMON_NAME_INVALID); |
| + } |
| + |
| + void TearDown() override { |
| + EXPECT_FALSE(error_handler()->IsTimerRunningForTesting()); |
| + error_handler_.reset(nullptr); |
| + SSLErrorHandler::ResetConfigForTesting(); |
| + ChromeRenderViewHostTestHarness::TearDown(); |
| + } |
| + |
| + TestSSLErrorHandler* error_handler() { return error_handler_.get(); } |
| + TestSSLErrorHandlerDelegate* delegate() { return delegate_; } |
| + |
| + const net::SSLInfo& ssl_info() { return ssl_info_; } |
| + |
| + protected: |
| + // Deletes the current error handler and creates a new one with the given |
| + // |cert_status|. |
| + void ResetErrorHandler(net::CertStatus cert_status) { |
| + ssl_info_.Reset(); |
| ssl_info_.cert = |
| net::ImportCertFromFile(net::GetTestCertsDirectory(), "ok_cert.pem"); |
| ssl_info_.cert_status = cert_status; |
| @@ -224,17 +245,48 @@ class SSLErrorHandlerCertStatusTestBase |
| "SSLCommonNameMismatchHandling", "Enabled")); |
| } |
| - void TearDown() override { |
| + void TestNoCaptivePortalInterstitial() { |
| + base::HistogramTester histograms; |
| + |
| EXPECT_FALSE(error_handler()->IsTimerRunningForTesting()); |
| - error_handler_.reset(nullptr); |
| - SSLErrorHandler::ResetConfigForTesting(); |
| - ChromeRenderViewHostTestHarness::TearDown(); |
| - } |
| + EXPECT_EQ(1u, ssl_info().public_key_hashes.size()); |
| - TestSSLErrorHandler* error_handler() { return error_handler_.get(); } |
| - TestSSLErrorHandlerDelegate* delegate() { return delegate_; } |
| + auto config_proto = |
| + base::MakeUnique<chrome_browser_ssl::SSLErrorAssistantConfig>(); |
| + config_proto->add_captive_portal_cert()->set_sha256_hash( |
| + "sha256/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"); |
| + config_proto->add_captive_portal_cert()->set_sha256_hash( |
| + ssl_info().public_key_hashes[0].ToString()); |
| + config_proto->add_captive_portal_cert()->set_sha256_hash( |
| + "sha256/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb"); |
| + SSLErrorHandler::SetErrorAssistantProto(std::move(config_proto)); |
| - const net::SSLInfo& ssl_info() { return ssl_info_; } |
| + error_handler()->StartHandlingError(); |
| + |
| + // Timer should start for captive portal detection. |
| + EXPECT_TRUE(error_handler()->IsTimerRunningForTesting()); |
| + EXPECT_TRUE(delegate()->captive_portal_checked()); |
| + EXPECT_FALSE(delegate()->ssl_interstitial_shown()); |
| + EXPECT_FALSE(delegate()->captive_portal_interstitial_shown()); |
| + EXPECT_FALSE(delegate()->suggested_url_checked()); |
| + |
| + base::RunLoop().RunUntilIdle(); |
| + |
| + EXPECT_FALSE(error_handler()->IsTimerRunningForTesting()); |
| + EXPECT_TRUE(delegate()->captive_portal_checked()); |
| + EXPECT_TRUE(delegate()->ssl_interstitial_shown()); |
| + EXPECT_FALSE(delegate()->captive_portal_interstitial_shown()); |
| + EXPECT_FALSE(delegate()->suggested_url_checked()); |
| + |
| + // Check that the histogram for the captive portal cert was recorded. |
| + histograms.ExpectTotalCount(SSLErrorHandler::GetHistogramNameForTesting(), |
| + 2); |
| + histograms.ExpectBucketCount(SSLErrorHandler::GetHistogramNameForTesting(), |
| + SSLErrorHandler::HANDLE_ALL, 1); |
| + histograms.ExpectBucketCount( |
| + SSLErrorHandler::GetHistogramNameForTesting(), |
| + SSLErrorHandler::SHOW_SSL_INTERSTITIAL_OVERRIDABLE, 1); |
| + } |
| private: |
| net::SSLInfo ssl_info_; |
| @@ -242,14 +294,9 @@ class SSLErrorHandlerCertStatusTestBase |
| TestSSLErrorHandlerDelegate* delegate_; |
| base::FieldTrialList field_trial_list_; |
| - DISALLOW_COPY_AND_ASSIGN(SSLErrorHandlerCertStatusTestBase); |
| + DISALLOW_COPY_AND_ASSIGN(SSLErrorHandlerNameMismatchTest); |
| }; |
| -using SSLErrorHandlerNameMismatchTest = |
| - SSLErrorHandlerCertStatusTestBase<net::CERT_STATUS_COMMON_NAME_INVALID>; |
| -using SSLErrorHandlerAuthorityInvalidTest = |
| - SSLErrorHandlerCertStatusTestBase<net::CERT_STATUS_AUTHORITY_INVALID>; |
| - |
| class SSLErrorHandlerDateInvalidTest : public ChromeRenderViewHostTestHarness { |
| public: |
| SSLErrorHandlerDateInvalidTest() |
| @@ -762,99 +809,42 @@ TEST_F(SSLErrorHandlerNameMismatchTest, CaptivePortalCertificateList_Disabled) { |
| std::string() /* enabled */, |
| "CaptivePortalCertificateList" /* disabled */); |
| - base::HistogramTester histograms; |
| - |
| - EXPECT_FALSE(error_handler()->IsTimerRunningForTesting()); |
| - EXPECT_EQ(1u, ssl_info().public_key_hashes.size()); |
| - |
| - auto config_proto = |
| - base::MakeUnique<chrome_browser_ssl::SSLErrorAssistantConfig>(); |
| - config_proto->add_captive_portal_cert()->set_sha256_hash( |
| - "sha256/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"); |
| - config_proto->add_captive_portal_cert()->set_sha256_hash( |
| - ssl_info().public_key_hashes[0].ToString()); |
| - config_proto->add_captive_portal_cert()->set_sha256_hash( |
| - "sha256/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb"); |
| - SSLErrorHandler::SetErrorAssistantProto(std::move(config_proto)); |
| - |
| - error_handler()->StartHandlingError(); |
| - |
| - // Timer should start since captive portal certificate list feature is |
| - // disabled. |
| - EXPECT_TRUE(error_handler()->IsTimerRunningForTesting()); |
| - EXPECT_TRUE(delegate()->captive_portal_checked()); |
| - EXPECT_FALSE(delegate()->ssl_interstitial_shown()); |
| - EXPECT_FALSE(delegate()->captive_portal_interstitial_shown()); |
| - EXPECT_FALSE(delegate()->suggested_url_checked()); |
| - |
| - // A buggy SSL error handler might have incorrectly started the timer. Run to |
| - // completion to ensure the timer is expired. |
| - base::RunLoop().RunUntilIdle(); |
| - |
| - EXPECT_FALSE(error_handler()->IsTimerRunningForTesting()); |
| - EXPECT_TRUE(delegate()->captive_portal_checked()); |
| - EXPECT_TRUE(delegate()->ssl_interstitial_shown()); |
| - EXPECT_FALSE(delegate()->captive_portal_interstitial_shown()); |
| - EXPECT_FALSE(delegate()->suggested_url_checked()); |
| - |
| - // Check that the histogram for the captive portal cert was recorded. |
| - histograms.ExpectTotalCount(SSLErrorHandler::GetHistogramNameForTesting(), 2); |
| - histograms.ExpectBucketCount(SSLErrorHandler::GetHistogramNameForTesting(), |
| - SSLErrorHandler::HANDLE_ALL, 1); |
| - histograms.ExpectBucketCount( |
| - SSLErrorHandler::GetHistogramNameForTesting(), |
| - SSLErrorHandler::SHOW_SSL_INTERSTITIAL_OVERRIDABLE, 1); |
| + // Default error for SSLErrorHandlerNameMismatchTest tests is name mismatch. |
| + TestNoCaptivePortalInterstitial(); |
| } |
| // Tests that an error other than name mismatch does not cause a captive portal |
| // interstitial to be shown, even if the certificate is marked as a known |
| // captive portal certificate. |
| -TEST_F(SSLErrorHandlerAuthorityInvalidTest, |
| - CaptivePortalCertificateList_ShouldShowGenericInterstitial) { |
| +TEST_F(SSLErrorHandlerNameMismatchTest, |
|
estark
2017/02/25 01:33:18
(see above, it's confusing that this is named Name
meacer
2017/02/27 23:50:58
Done.
|
| + CaptivePortalCertificateList_AuthorityInvalid) { |
| base::test::ScopedFeatureList scoped_feature_list; |
| scoped_feature_list.InitFromCommandLine( |
| "CaptivePortalCertificateList" /* enabled */, |
| std::string() /* disabled */); |
| - base::HistogramTester histograms; |
| - |
| - EXPECT_FALSE(error_handler()->IsTimerRunningForTesting()); |
| - EXPECT_EQ(1u, ssl_info().public_key_hashes.size()); |
| - |
| - auto config_proto = |
| - base::MakeUnique<chrome_browser_ssl::SSLErrorAssistantConfig>(); |
| - config_proto->add_captive_portal_cert()->set_sha256_hash( |
| - "sha256/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"); |
| - config_proto->add_captive_portal_cert()->set_sha256_hash( |
| - ssl_info().public_key_hashes[0].ToString()); |
| - config_proto->add_captive_portal_cert()->set_sha256_hash( |
| - "sha256/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb"); |
| - SSLErrorHandler::SetErrorAssistantProto(std::move(config_proto)); |
| - |
| - error_handler()->StartHandlingError(); |
| - |
| - // Timer should start for captive portal detection. |
| - EXPECT_TRUE(error_handler()->IsTimerRunningForTesting()); |
| - EXPECT_TRUE(delegate()->captive_portal_checked()); |
| - EXPECT_FALSE(delegate()->ssl_interstitial_shown()); |
| - EXPECT_FALSE(delegate()->captive_portal_interstitial_shown()); |
| - EXPECT_FALSE(delegate()->suggested_url_checked()); |
| - |
| - base::RunLoop().RunUntilIdle(); |
| + ResetErrorHandler(net::CERT_STATUS_AUTHORITY_INVALID); |
| + TestNoCaptivePortalInterstitial(); |
| +} |
| - EXPECT_FALSE(error_handler()->IsTimerRunningForTesting()); |
| - EXPECT_TRUE(delegate()->captive_portal_checked()); |
| - EXPECT_TRUE(delegate()->ssl_interstitial_shown()); |
| - EXPECT_FALSE(delegate()->captive_portal_interstitial_shown()); |
| - EXPECT_FALSE(delegate()->suggested_url_checked()); |
| +// Tests that another error in addition to name mismatch error does not cause a |
| +// captive portal interstitial to be shown, even if the certificate is marked as |
| +// a known captive portal certificate. This is similar to |
| +// SSLErrorHandlerNameMismatchTest.CaptivePortalCertificateList_AuthorityInvalid |
| +// except there are two errors here (name mismatch + weak key). |
| +TEST_F(SSLErrorHandlerNameMismatchTest, |
| + CaptivePortalCertificateList_NameMismatchAndWeakKey) { |
| + base::test::ScopedFeatureList scoped_feature_list; |
| + scoped_feature_list.InitFromCommandLine( |
| + "CaptivePortalCertificateList" /* enabled */, |
| + std::string() /* disabled */); |
| - // Check that the histogram for the captive portal cert was recorded. |
| - histograms.ExpectTotalCount(SSLErrorHandler::GetHistogramNameForTesting(), 2); |
| - histograms.ExpectBucketCount(SSLErrorHandler::GetHistogramNameForTesting(), |
| - SSLErrorHandler::HANDLE_ALL, 1); |
| - histograms.ExpectBucketCount( |
| - SSLErrorHandler::GetHistogramNameForTesting(), |
| - SSLErrorHandler::SHOW_SSL_INTERSTITIAL_OVERRIDABLE, 1); |
| + const net::CertStatus cert_status = |
| + net::CERT_STATUS_COMMON_NAME_INVALID | net::CERT_STATUS_WEAK_KEY; |
| + EXPECT_EQ(net::ERR_CERT_COMMON_NAME_INVALID, |
|
estark
2017/02/25 01:33:18
ditto nits about explaining what this is checking
meacer
2017/02/27 23:50:58
Done.
|
| + net::MapCertStatusToNetError(cert_status)); |
| + ResetErrorHandler(cert_status); |
| + TestNoCaptivePortalInterstitial(); |
| } |
| #endif // BUILDFLAG(ENABLE_CAPTIVE_PORTAL_DETECTION) |
