OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <utility> | 5 #include <utility> |
6 | 6 |
7 #include "base/base_switches.h" | 7 #include "base/base_switches.h" |
8 #include "base/bind.h" | 8 #include "base/bind.h" |
9 #include "base/bind_helpers.h" | 9 #include "base/bind_helpers.h" |
10 #include "base/callback.h" | 10 #include "base/callback.h" |
(...skipping 290 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
301 } // namespace | 301 } // namespace |
302 | 302 |
303 class SSLUITest : public InProcessBrowserTest { | 303 class SSLUITest : public InProcessBrowserTest { |
304 public: | 304 public: |
305 SSLUITest() | 305 SSLUITest() |
306 : https_server_(net::EmbeddedTestServer::TYPE_HTTPS), | 306 : https_server_(net::EmbeddedTestServer::TYPE_HTTPS), |
307 https_server_expired_(net::EmbeddedTestServer::TYPE_HTTPS), | 307 https_server_expired_(net::EmbeddedTestServer::TYPE_HTTPS), |
308 https_server_mismatched_(net::EmbeddedTestServer::TYPE_HTTPS), | 308 https_server_mismatched_(net::EmbeddedTestServer::TYPE_HTTPS), |
309 wss_server_expired_(net::SpawnedTestServer::TYPE_WSS, | 309 wss_server_expired_(net::SpawnedTestServer::TYPE_WSS, |
310 SSLOptions(SSLOptions::CERT_EXPIRED), | 310 SSLOptions(SSLOptions::CERT_EXPIRED), |
311 net::GetWebSocketTestDataDirectory()) { | 311 net::GetWebSocketTestDataDirectory()), |
| 312 wss_server_mismatched_(net::SpawnedTestServer::TYPE_WSS, |
| 313 SSLOptions(SSLOptions::CERT_MISMATCHED_NAME), |
| 314 net::GetWebSocketTestDataDirectory()) { |
312 https_server_.AddDefaultHandlers(base::FilePath(kDocRoot)); | 315 https_server_.AddDefaultHandlers(base::FilePath(kDocRoot)); |
313 | 316 |
314 https_server_expired_.SetSSLConfig(net::EmbeddedTestServer::CERT_EXPIRED); | 317 https_server_expired_.SetSSLConfig(net::EmbeddedTestServer::CERT_EXPIRED); |
315 https_server_expired_.AddDefaultHandlers(base::FilePath(kDocRoot)); | 318 https_server_expired_.AddDefaultHandlers(base::FilePath(kDocRoot)); |
316 | 319 |
317 https_server_mismatched_.SetSSLConfig( | 320 https_server_mismatched_.SetSSLConfig( |
318 net::EmbeddedTestServer::CERT_MISMATCHED_NAME); | 321 net::EmbeddedTestServer::CERT_MISMATCHED_NAME); |
319 https_server_mismatched_.AddDefaultHandlers(base::FilePath(kDocRoot)); | 322 https_server_mismatched_.AddDefaultHandlers(base::FilePath(kDocRoot)); |
320 | 323 |
321 // Sometimes favicons load before tests check the authentication | 324 // Sometimes favicons load before tests check the authentication |
(...skipping 289 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
611 } else { | 614 } else { |
612 base::RunLoop().RunUntilIdle(); | 615 base::RunLoop().RunUntilIdle(); |
613 EXPECT_EQ(std::string(), reporter_callback.GetLatestHostnameReported()); | 616 EXPECT_EQ(std::string(), reporter_callback.GetLatestHostnameReported()); |
614 } | 617 } |
615 } | 618 } |
616 | 619 |
617 net::EmbeddedTestServer https_server_; | 620 net::EmbeddedTestServer https_server_; |
618 net::EmbeddedTestServer https_server_expired_; | 621 net::EmbeddedTestServer https_server_expired_; |
619 net::EmbeddedTestServer https_server_mismatched_; | 622 net::EmbeddedTestServer https_server_mismatched_; |
620 net::SpawnedTestServer wss_server_expired_; | 623 net::SpawnedTestServer wss_server_expired_; |
| 624 net::SpawnedTestServer wss_server_mismatched_; |
621 | 625 |
622 protected: | 626 protected: |
623 // Navigates to an interstitial and clicks through the certificate | 627 // Navigates to an interstitial and clicks through the certificate |
624 // error; then navigates to a page at |path| that loads unsafe content. | 628 // error; then navigates to a page at |path| that loads unsafe content. |
625 void SetUpUnsafeContentsWithUserException(const std::string& path) { | 629 void SetUpUnsafeContentsWithUserException(const std::string& path) { |
626 ASSERT_TRUE(https_server_.Start()); | 630 ASSERT_TRUE(https_server_.Start()); |
627 // Note that it is necessary to user https_server_mismatched_ here over the | 631 // Note that it is necessary to user https_server_mismatched_ here over the |
628 // other invalid cert servers. This is because the test relies on the two | 632 // other invalid cert servers. This is because the test relies on the two |
629 // servers having different hosts since SSL exceptions are per-host, not per | 633 // servers having different hosts since SSL exceptions are per-host, not per |
630 // origin, and https_server_mismatched_ uses 'localhost' rather than | 634 // origin, and https_server_mismatched_ uses 'localhost' rather than |
(...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
669 class SSLUITestIgnoreCertErrors : public SSLUITest { | 673 class SSLUITestIgnoreCertErrors : public SSLUITest { |
670 public: | 674 public: |
671 SSLUITestIgnoreCertErrors() : SSLUITest() {} | 675 SSLUITestIgnoreCertErrors() : SSLUITest() {} |
672 | 676 |
673 void SetUpCommandLine(base::CommandLine* command_line) override { | 677 void SetUpCommandLine(base::CommandLine* command_line) override { |
674 // Browser will ignore certificate errors. | 678 // Browser will ignore certificate errors. |
675 command_line->AppendSwitch(switches::kIgnoreCertificateErrors); | 679 command_line->AppendSwitch(switches::kIgnoreCertificateErrors); |
676 } | 680 } |
677 }; | 681 }; |
678 | 682 |
| 683 class SSLUITestIgnoreCertErrorsBySPKI : public SSLUITest { |
| 684 public: |
| 685 SSLUITestIgnoreCertErorsBySPKI() : SSLUITest() {} |
| 686 |
| 687 void SetUpCommandLine(base::CommandLine* command_line) override { |
| 688 // Browser will ignore certificate errors for chains matching one of the |
| 689 // public keys from the list. |
| 690 command_line->AppendSwitchASCII( |
| 691 switches::kIgnoreCertificateErrorsSPKIList, |
| 692 "2zCMVDKgnKec0721Sp1zVh2yiHeW/LJK4STkNnEa1og=," // wss_mismatched_ |
| 693 "gTjFgaNzSnz5cxMlIfW1WfGGJVzf11v+YePflME9WSU=" // wss_expired_ |
| 694 ); |
| 695 } |
| 696 }; |
| 697 |
679 class SSLUITestIgnoreLocalhostCertErrors : public SSLUITest { | 698 class SSLUITestIgnoreLocalhostCertErrors : public SSLUITest { |
680 public: | 699 public: |
681 SSLUITestIgnoreLocalhostCertErrors() : SSLUITest() {} | 700 SSLUITestIgnoreLocalhostCertErrors() : SSLUITest() {} |
682 | 701 |
683 void SetUpCommandLine(base::CommandLine* command_line) override { | 702 void SetUpCommandLine(base::CommandLine* command_line) override { |
684 // Browser will ignore certificate errors on localhost. | 703 // Browser will ignore certificate errors on localhost. |
685 command_line->AppendSwitch(switches::kAllowInsecureLocalhost); | 704 command_line->AppendSwitch(switches::kAllowInsecureLocalhost); |
686 } | 705 } |
687 }; | 706 }; |
688 | 707 |
(...skipping 1961 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2650 .ReplaceComponents(replacements)); | 2669 .ReplaceComponents(replacements)); |
2651 | 2670 |
2652 // We shouldn't have an interstitial page showing here. | 2671 // We shouldn't have an interstitial page showing here. |
2653 | 2672 |
2654 // Test page run a WebSocket wss connection test. The result will be shown | 2673 // Test page run a WebSocket wss connection test. The result will be shown |
2655 // as page title. | 2674 // as page title. |
2656 const base::string16 result = watcher.WaitAndGetTitle(); | 2675 const base::string16 result = watcher.WaitAndGetTitle(); |
2657 EXPECT_TRUE(base::LowerCaseEqualsASCII(result, "pass")); | 2676 EXPECT_TRUE(base::LowerCaseEqualsASCII(result, "pass")); |
2658 } | 2677 } |
2659 | 2678 |
| 2679 // Visit a page and establish a WebSocket connection over bad https with |
| 2680 // --disable-certificate-errors-spki-list. The connection should be established |
| 2681 // without interstitial page showing. |
| 2682 IN_PROC_BROWSER_TEST_F(SSLUITestIgnoreCertErrorsBySPKI, TestWSSMismatched) { |
| 2683 ASSERT_TRUE(embedded_test_server()->Start()); |
| 2684 ASSERT_TRUE(wss_server_mismatched_.Start()); |
| 2685 |
| 2686 // Setup page title observer. |
| 2687 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); |
| 2688 content::TitleWatcher watcher(tab, ASCIIToUTF16("PASS")); |
| 2689 watcher.AlsoWaitForTitle(ASCIIToUTF16("FAIL")); |
| 2690 |
| 2691 // Visit bad HTTPS page. |
| 2692 GURL::Replacements replacements; |
| 2693 replacements.SetSchemeStr("https"); |
| 2694 ui_test_utils::NavigateToURL( |
| 2695 browser(), wss_server_mismatched_.GetURL("connect_check.html") |
| 2696 .ReplaceComponents(replacements)); |
| 2697 |
| 2698 // We shouldn't have an interstitial page showing here. |
| 2699 |
| 2700 // Test page run a WebSocket wss connection test. The result will be shown |
| 2701 // as page title. |
| 2702 const base::string16 result = watcher.WaitAndGetTitle(); |
| 2703 EXPECT_TRUE(base::LowerCaseEqualsASCII(result, "pass")); |
| 2704 } |
| 2705 |
| 2706 IN_PROC_BROWSER_TEST_F(SSLUITestIgnoreCertErrorsBySPKI, TestWSSExpired) { |
| 2707 ASSERT_TRUE(embedded_test_server()->Start()); |
| 2708 ASSERT_TRUE(wss_server_expired_.Start()); |
| 2709 |
| 2710 // Setup page title observer. |
| 2711 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); |
| 2712 content::TitleWatcher watcher(tab, ASCIIToUTF16("PASS")); |
| 2713 watcher.AlsoWaitForTitle(ASCIIToUTF16("FAIL")); |
| 2714 |
| 2715 // Visit bad HTTPS page. |
| 2716 GURL::Replacements replacements; |
| 2717 replacements.SetSchemeStr("https"); |
| 2718 ui_test_utils::NavigateToURL(browser(), |
| 2719 wss_server_expired_.GetURL("connect_check.html") |
| 2720 .ReplaceComponents(replacements)); |
| 2721 |
| 2722 // We shouldn't have an interstitial page showing here. |
| 2723 |
| 2724 // Test page run a WebSocket wss connection test. The result will be shown |
| 2725 // as page title. |
| 2726 const base::string16 result = watcher.WaitAndGetTitle(); |
| 2727 EXPECT_TRUE(base::LowerCaseEqualsASCII(result, "pass")); |
| 2728 } |
| 2729 |
2660 // Verifies that the interstitial can proceed, even if JavaScript is disabled. | 2730 // Verifies that the interstitial can proceed, even if JavaScript is disabled. |
2661 // http://crbug.com/322948 | 2731 // http://crbug.com/322948 |
2662 #if defined(OS_LINUX) | 2732 #if defined(OS_LINUX) |
2663 // flaky http://crbug.com/396458 | 2733 // flaky http://crbug.com/396458 |
2664 #define MAYBE_TestInterstitialJavaScriptProceeds \ | 2734 #define MAYBE_TestInterstitialJavaScriptProceeds \ |
2665 DISABLED_TestInterstitialJavaScriptProceeds | 2735 DISABLED_TestInterstitialJavaScriptProceeds |
2666 #else | 2736 #else |
2667 #define MAYBE_TestInterstitialJavaScriptProceeds \ | 2737 #define MAYBE_TestInterstitialJavaScriptProceeds \ |
2668 TestInterstitialJavaScriptProceeds | 2738 TestInterstitialJavaScriptProceeds |
2669 #endif | 2739 #endif |
(...skipping 1753 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
4423 | 4493 |
4424 // Visit a page over https that contains a frame with a redirect. | 4494 // Visit a page over https that contains a frame with a redirect. |
4425 | 4495 |
4426 // XMLHttpRequest insecure content in synchronous mode. | 4496 // XMLHttpRequest insecure content in synchronous mode. |
4427 | 4497 |
4428 // XMLHttpRequest insecure content in asynchronous mode. | 4498 // XMLHttpRequest insecure content in asynchronous mode. |
4429 | 4499 |
4430 // XMLHttpRequest over bad ssl in synchronous mode. | 4500 // XMLHttpRequest over bad ssl in synchronous mode. |
4431 | 4501 |
4432 // XMLHttpRequest over OK ssl in synchronous mode. | 4502 // XMLHttpRequest over OK ssl in synchronous mode. |
OLD | NEW |