OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <utility> | 5 #include <utility> |
6 | 6 |
7 #include "base/base64.h" | |
7 #include "base/base_switches.h" | 8 #include "base/base_switches.h" |
8 #include "base/bind.h" | 9 #include "base/bind.h" |
9 #include "base/bind_helpers.h" | 10 #include "base/bind_helpers.h" |
10 #include "base/callback.h" | 11 #include "base/callback.h" |
11 #include "base/command_line.h" | 12 #include "base/command_line.h" |
12 #include "base/location.h" | 13 #include "base/location.h" |
13 #include "base/macros.h" | 14 #include "base/macros.h" |
14 #include "base/metrics/field_trial.h" | 15 #include "base/metrics/field_trial.h" |
15 #include "base/single_thread_task_runner.h" | 16 #include "base/single_thread_task_runner.h" |
16 #include "base/strings/string_split.h" | 17 #include "base/strings/string_split.h" |
(...skipping 29 matching lines...) Expand all Loading... | |
46 #include "chrome/browser/ui/browser_commands.h" | 47 #include "chrome/browser/ui/browser_commands.h" |
47 #include "chrome/browser/ui/browser_finder.h" | 48 #include "chrome/browser/ui/browser_finder.h" |
48 #include "chrome/browser/ui/browser_navigator.h" | 49 #include "chrome/browser/ui/browser_navigator.h" |
49 #include "chrome/browser/ui/browser_navigator_params.h" | 50 #include "chrome/browser/ui/browser_navigator_params.h" |
50 #include "chrome/browser/ui/browser_tabstrip.h" | 51 #include "chrome/browser/ui/browser_tabstrip.h" |
51 #include "chrome/browser/ui/tabs/tab_strip_model.h" | 52 #include "chrome/browser/ui/tabs/tab_strip_model.h" |
52 #include "chrome/common/chrome_paths.h" | 53 #include "chrome/common/chrome_paths.h" |
53 #include "chrome/common/chrome_switches.h" | 54 #include "chrome/common/chrome_switches.h" |
54 #include "chrome/common/pref_names.h" | 55 #include "chrome/common/pref_names.h" |
55 #include "chrome/test/base/in_process_browser_test.h" | 56 #include "chrome/test/base/in_process_browser_test.h" |
57 #include "chrome/test/base/test_launcher_utils.h" | |
56 #include "chrome/test/base/ui_test_utils.h" | 58 #include "chrome/test/base/ui_test_utils.h" |
57 #include "components/content_settings/core/browser/host_content_settings_map.h" | 59 #include "components/content_settings/core/browser/host_content_settings_map.h" |
58 #include "components/network_time/network_time_test_utils.h" | 60 #include "components/network_time/network_time_test_utils.h" |
59 #include "components/network_time/network_time_tracker.h" | 61 #include "components/network_time/network_time_tracker.h" |
60 #include "components/prefs/testing_pref_service.h" | 62 #include "components/prefs/testing_pref_service.h" |
61 #include "components/security_interstitials/core/controller_client.h" | 63 #include "components/security_interstitials/core/controller_client.h" |
62 #include "components/security_interstitials/core/metrics_helper.h" | 64 #include "components/security_interstitials/core/metrics_helper.h" |
63 #include "components/security_state/core/security_state.h" | 65 #include "components/security_state/core/security_state.h" |
64 #include "components/security_state/core/switches.h" | 66 #include "components/security_state/core/switches.h" |
65 #include "components/ssl_errors/error_classification.h" | 67 #include "components/ssl_errors/error_classification.h" |
(...skipping 244 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
310 } // namespace | 312 } // namespace |
311 | 313 |
312 class SSLUITest : public InProcessBrowserTest { | 314 class SSLUITest : public InProcessBrowserTest { |
313 public: | 315 public: |
314 SSLUITest() | 316 SSLUITest() |
315 : https_server_(net::EmbeddedTestServer::TYPE_HTTPS), | 317 : https_server_(net::EmbeddedTestServer::TYPE_HTTPS), |
316 https_server_expired_(net::EmbeddedTestServer::TYPE_HTTPS), | 318 https_server_expired_(net::EmbeddedTestServer::TYPE_HTTPS), |
317 https_server_mismatched_(net::EmbeddedTestServer::TYPE_HTTPS), | 319 https_server_mismatched_(net::EmbeddedTestServer::TYPE_HTTPS), |
318 wss_server_expired_(net::SpawnedTestServer::TYPE_WSS, | 320 wss_server_expired_(net::SpawnedTestServer::TYPE_WSS, |
319 SSLOptions(SSLOptions::CERT_EXPIRED), | 321 SSLOptions(SSLOptions::CERT_EXPIRED), |
320 net::GetWebSocketTestDataDirectory()) { | 322 net::GetWebSocketTestDataDirectory()), |
323 wss_server_mismatched_(net::SpawnedTestServer::TYPE_WSS, | |
324 SSLOptions(SSLOptions::CERT_MISMATCHED_NAME), | |
325 net::GetWebSocketTestDataDirectory()) { | |
321 https_server_.AddDefaultHandlers(base::FilePath(kDocRoot)); | 326 https_server_.AddDefaultHandlers(base::FilePath(kDocRoot)); |
322 | 327 |
323 https_server_expired_.SetSSLConfig(net::EmbeddedTestServer::CERT_EXPIRED); | 328 https_server_expired_.SetSSLConfig(net::EmbeddedTestServer::CERT_EXPIRED); |
324 https_server_expired_.AddDefaultHandlers(base::FilePath(kDocRoot)); | 329 https_server_expired_.AddDefaultHandlers(base::FilePath(kDocRoot)); |
325 | 330 |
326 https_server_mismatched_.SetSSLConfig( | 331 https_server_mismatched_.SetSSLConfig( |
327 net::EmbeddedTestServer::CERT_MISMATCHED_NAME); | 332 net::EmbeddedTestServer::CERT_MISMATCHED_NAME); |
328 https_server_mismatched_.AddDefaultHandlers(base::FilePath(kDocRoot)); | 333 https_server_mismatched_.AddDefaultHandlers(base::FilePath(kDocRoot)); |
329 | 334 |
330 // Sometimes favicons load before tests check the authentication | 335 // Sometimes favicons load before tests check the authentication |
(...skipping 293 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
624 } else { | 629 } else { |
625 base::RunLoop().RunUntilIdle(); | 630 base::RunLoop().RunUntilIdle(); |
626 EXPECT_EQ(std::string(), reporter_callback.GetLatestHostnameReported()); | 631 EXPECT_EQ(std::string(), reporter_callback.GetLatestHostnameReported()); |
627 } | 632 } |
628 } | 633 } |
629 | 634 |
630 net::EmbeddedTestServer https_server_; | 635 net::EmbeddedTestServer https_server_; |
631 net::EmbeddedTestServer https_server_expired_; | 636 net::EmbeddedTestServer https_server_expired_; |
632 net::EmbeddedTestServer https_server_mismatched_; | 637 net::EmbeddedTestServer https_server_mismatched_; |
633 net::SpawnedTestServer wss_server_expired_; | 638 net::SpawnedTestServer wss_server_expired_; |
639 net::SpawnedTestServer wss_server_mismatched_; | |
634 | 640 |
635 protected: | 641 protected: |
636 // Navigates to an interstitial and clicks through the certificate | 642 // Navigates to an interstitial and clicks through the certificate |
637 // error; then navigates to a page at |path| that loads unsafe content. | 643 // error; then navigates to a page at |path| that loads unsafe content. |
638 void SetUpUnsafeContentsWithUserException(const std::string& path) { | 644 void SetUpUnsafeContentsWithUserException(const std::string& path) { |
639 ASSERT_TRUE(https_server_.Start()); | 645 ASSERT_TRUE(https_server_.Start()); |
640 // Note that it is necessary to user https_server_mismatched_ here over the | 646 // Note that it is necessary to user https_server_mismatched_ here over the |
641 // other invalid cert servers. This is because the test relies on the two | 647 // other invalid cert servers. This is because the test relies on the two |
642 // servers having different hosts since SSL exceptions are per-host, not per | 648 // servers having different hosts since SSL exceptions are per-host, not per |
643 // origin, and https_server_mismatched_ uses 'localhost' rather than | 649 // origin, and https_server_mismatched_ uses 'localhost' rather than |
(...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
682 class SSLUITestIgnoreCertErrors : public SSLUITest { | 688 class SSLUITestIgnoreCertErrors : public SSLUITest { |
683 public: | 689 public: |
684 SSLUITestIgnoreCertErrors() : SSLUITest() {} | 690 SSLUITestIgnoreCertErrors() : SSLUITest() {} |
685 | 691 |
686 void SetUpCommandLine(base::CommandLine* command_line) override { | 692 void SetUpCommandLine(base::CommandLine* command_line) override { |
687 // Browser will ignore certificate errors. | 693 // Browser will ignore certificate errors. |
688 command_line->AppendSwitch(switches::kIgnoreCertificateErrors); | 694 command_line->AppendSwitch(switches::kIgnoreCertificateErrors); |
689 } | 695 } |
690 }; | 696 }; |
691 | 697 |
698 static std::string MakeCertSPKIFingerprint(net::X509Certificate* cert) { | |
699 net::HashValue hash = GetSPKIHash(cert); | |
700 std::string hash_base64; | |
701 base::Base64Encode( | |
702 base::StringPiece(reinterpret_cast<const char*>(hash.data()), | |
703 hash.size()), | |
704 &hash_base64); | |
705 return hash_base64; | |
706 } | |
707 | |
708 class SSLUITestIgnoreCertErrorsBySPKIHTTPS : public SSLUITest { | |
709 protected: | |
710 void SetUpCommandLine(base::CommandLine* command_line) override { | |
711 std::string whitelist_flag = MakeCertSPKIFingerprint( | |
712 https_server_mismatched_.GetCertificate().get()); | |
713 command_line->AppendSwitchASCII(switches::kIgnoreCertificateErrorsSPKIList, | |
714 whitelist_flag); | |
715 } | |
716 }; | |
717 | |
718 class SSLUITestIgnoreCertErrorsBySPKIWSS : public SSLUITest { | |
719 public: | |
720 SSLUITestIgnoreCertErrorsBySPKIWSS() : SSLUITest() {} | |
721 | |
722 void SetUpCommandLine(base::CommandLine* command_line) override { | |
723 std::string whitelist_flag = | |
724 MakeCertSPKIFingerprint(wss_server_expired_.GetCertificate().get()); | |
725 // Browser will ignore certificate errors for chains matching one of the | |
726 // public keys from the list. | |
estark
2017/05/17 18:04:18
optional nit: just for consistency, include this c
martinkr
2017/05/23 18:30:43
Done.
| |
727 command_line->AppendSwitchASCII(switches::kIgnoreCertificateErrorsSPKIList, | |
728 whitelist_flag); | |
729 } | |
730 }; | |
731 | |
692 class SSLUITestIgnoreLocalhostCertErrors : public SSLUITest { | 732 class SSLUITestIgnoreLocalhostCertErrors : public SSLUITest { |
693 public: | 733 public: |
694 SSLUITestIgnoreLocalhostCertErrors() : SSLUITest() {} | 734 SSLUITestIgnoreLocalhostCertErrors() : SSLUITest() {} |
695 | 735 |
696 void SetUpCommandLine(base::CommandLine* command_line) override { | 736 void SetUpCommandLine(base::CommandLine* command_line) override { |
697 // Browser will ignore certificate errors on localhost. | 737 // Browser will ignore certificate errors on localhost. |
698 command_line->AppendSwitch(switches::kAllowInsecureLocalhost); | 738 command_line->AppendSwitch(switches::kAllowInsecureLocalhost); |
699 } | 739 } |
700 }; | 740 }; |
701 | 741 |
(...skipping 1955 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
2657 .ReplaceComponents(replacements)); | 2697 .ReplaceComponents(replacements)); |
2658 | 2698 |
2659 // We shouldn't have an interstitial page showing here. | 2699 // We shouldn't have an interstitial page showing here. |
2660 | 2700 |
2661 // Test page run a WebSocket wss connection test. The result will be shown | 2701 // Test page run a WebSocket wss connection test. The result will be shown |
2662 // as page title. | 2702 // as page title. |
2663 const base::string16 result = watcher.WaitAndGetTitle(); | 2703 const base::string16 result = watcher.WaitAndGetTitle(); |
2664 EXPECT_TRUE(base::LowerCaseEqualsASCII(result, "pass")); | 2704 EXPECT_TRUE(base::LowerCaseEqualsASCII(result, "pass")); |
2665 } | 2705 } |
2666 | 2706 |
2707 // Visit a page and establish a WebSocket connection over bad https with | |
estark
2017/05/17 18:04:18
Question: are you testing WebSockets because they
martinkr
2017/05/23 18:30:43
I was actually just aping SSLUITestIgnoreCertError
| |
2708 // --disable-certificate-errors-spki-list. The connection should be established | |
estark
2017/05/17 18:04:18
nit: s/disable/ignore? (same on line 2735)
martinkr
2017/05/23 18:30:43
Done.
| |
2709 // without interstitial page showing. | |
2710 IN_PROC_BROWSER_TEST_F(SSLUITestIgnoreCertErrorsBySPKIWSS, TestWSSExpired) { | |
2711 ASSERT_TRUE(embedded_test_server()->Start()); | |
estark
2017/05/17 18:04:19
Do you need this? Doesn't look like you use it unl
martinkr
2017/05/23 18:30:43
Done.
| |
2712 ASSERT_TRUE(wss_server_expired_.Start()); | |
2713 | |
2714 // Setup page title observer. | |
2715 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); | |
2716 content::TitleWatcher watcher(tab, ASCIIToUTF16("PASS")); | |
2717 watcher.AlsoWaitForTitle(ASCIIToUTF16("FAIL")); | |
2718 | |
2719 // Visit bad HTTPS page. | |
2720 GURL::Replacements replacements; | |
2721 replacements.SetSchemeStr("https"); | |
2722 ui_test_utils::NavigateToURL(browser(), | |
2723 wss_server_expired_.GetURL("connect_check.html") | |
2724 .ReplaceComponents(replacements)); | |
2725 | |
2726 // We shouldn't have an interstitial page showing here. | |
2727 | |
2728 // Test page run a WebSocket wss connection test. The result will be shown | |
2729 // as page title. | |
2730 const base::string16 result = watcher.WaitAndGetTitle(); | |
2731 EXPECT_TRUE(base::LowerCaseEqualsASCII(result, "pass")); | |
2732 } | |
2733 | |
2734 // Test that HTTPS pages with a bad certificate don't show an interstitial if | |
2735 // the public key matches a value from --disable-certificate-errors-spki-list. | |
2736 IN_PROC_BROWSER_TEST_F(SSLUITestIgnoreCertErrorsBySPKIHTTPS, TestHTTPS) { | |
2737 ASSERT_TRUE(https_server_mismatched_.Start()); | |
2738 | |
2739 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); | |
2740 | |
2741 ui_test_utils::NavigateToURL( | |
2742 browser(), | |
2743 https_server_mismatched_.GetURL("/ssl/page_with_subresource.html")); | |
2744 | |
2745 // We should see no interstitial. The script tag in the page should have | |
2746 // loaded and ran (and wasn't blocked by the certificate error). | |
2747 CheckAuthenticatedState(tab, AuthState::NONE); | |
2748 base::string16 title; | |
2749 ui_test_utils::GetCurrentTabTitle(browser(), &title); | |
2750 EXPECT_EQ(title, base::ASCIIToUTF16("This script has loaded")); | |
2751 } | |
2752 | |
2667 // Verifies that the interstitial can proceed, even if JavaScript is disabled. | 2753 // Verifies that the interstitial can proceed, even if JavaScript is disabled. |
2668 // http://crbug.com/322948 | 2754 // http://crbug.com/322948 |
2669 #if defined(OS_LINUX) | 2755 #if defined(OS_LINUX) |
2670 // flaky http://crbug.com/396458 | 2756 // flaky http://crbug.com/396458 |
2671 #define MAYBE_TestInterstitialJavaScriptProceeds \ | 2757 #define MAYBE_TestInterstitialJavaScriptProceeds \ |
2672 DISABLED_TestInterstitialJavaScriptProceeds | 2758 DISABLED_TestInterstitialJavaScriptProceeds |
2673 #else | 2759 #else |
2674 #define MAYBE_TestInterstitialJavaScriptProceeds \ | 2760 #define MAYBE_TestInterstitialJavaScriptProceeds \ |
2675 TestInterstitialJavaScriptProceeds | 2761 TestInterstitialJavaScriptProceeds |
2676 #endif | 2762 #endif |
(...skipping 1730 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
4407 | 4493 |
4408 // Visit a page over https that contains a frame with a redirect. | 4494 // Visit a page over https that contains a frame with a redirect. |
4409 | 4495 |
4410 // XMLHttpRequest insecure content in synchronous mode. | 4496 // XMLHttpRequest insecure content in synchronous mode. |
4411 | 4497 |
4412 // XMLHttpRequest insecure content in asynchronous mode. | 4498 // XMLHttpRequest insecure content in asynchronous mode. |
4413 | 4499 |
4414 // XMLHttpRequest over bad ssl in synchronous mode. | 4500 // XMLHttpRequest over bad ssl in synchronous mode. |
4415 | 4501 |
4416 // XMLHttpRequest over OK ssl in synchronous mode. | 4502 // XMLHttpRequest over OK ssl in synchronous mode. |
OLD | NEW |