OLD | NEW |
---|---|
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/ssl/ssl_error_handler.h" | 5 #include "chrome/browser/ssl/ssl_error_handler.h" |
6 | 6 |
7 #include "base/callback.h" | 7 #include "base/callback.h" |
8 #include "base/macros.h" | 8 #include "base/macros.h" |
9 #include "base/memory/ptr_util.h" | 9 #include "base/memory/ptr_util.h" |
10 #include "base/metrics/field_trial.h" | 10 #include "base/metrics/field_trial.h" |
(...skipping 178 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
189 DISALLOW_COPY_AND_ASSIGN(TestSSLErrorHandlerDelegate); | 189 DISALLOW_COPY_AND_ASSIGN(TestSSLErrorHandlerDelegate); |
190 }; | 190 }; |
191 | 191 |
192 } // namespace | 192 } // namespace |
193 | 193 |
194 // A class to test name mismatch errors. Creates an error handler with a name | 194 // A class to test name mismatch errors. Creates an error handler with a name |
195 // mismatch error. | 195 // mismatch error. |
196 class SSLErrorHandlerNameMismatchTest : public ChromeRenderViewHostTestHarness { | 196 class SSLErrorHandlerNameMismatchTest : public ChromeRenderViewHostTestHarness { |
197 public: | 197 public: |
198 SSLErrorHandlerNameMismatchTest() : field_trial_list_(nullptr) {} | 198 SSLErrorHandlerNameMismatchTest() : field_trial_list_(nullptr) {} |
199 ~SSLErrorHandlerNameMismatchTest() override {} | |
199 | 200 |
200 void SetUp() override { | 201 void SetUp() override { |
201 ChromeRenderViewHostTestHarness::SetUp(); | 202 ChromeRenderViewHostTestHarness::SetUp(); |
202 SSLErrorHandler::ResetConfigForTesting(); | 203 SSLErrorHandler::ResetConfigForTesting(); |
203 SSLErrorHandler::SetInterstitialDelayForTesting(base::TimeDelta()); | 204 SSLErrorHandler::SetInterstitialDelayForTesting(base::TimeDelta()); |
204 ssl_info_.cert = | 205 ssl_info_.cert = GetCertificate(); |
205 net::ImportCertFromFile(net::GetTestCertsDirectory(), "ok_cert.pem"); | |
206 ssl_info_.cert_status = net::CERT_STATUS_COMMON_NAME_INVALID; | 206 ssl_info_.cert_status = net::CERT_STATUS_COMMON_NAME_INVALID; |
207 ssl_info_.public_key_hashes.push_back( | 207 ssl_info_.public_key_hashes.push_back( |
208 net::HashValue(kCertPublicKeyHashValue)); | 208 net::HashValue(kCertPublicKeyHashValue)); |
209 | 209 |
210 delegate_ = | 210 delegate_ = |
211 new TestSSLErrorHandlerDelegate(profile(), web_contents(), ssl_info_); | 211 new TestSSLErrorHandlerDelegate(profile(), web_contents(), ssl_info_); |
212 error_handler_.reset(new TestSSLErrorHandler( | 212 error_handler_.reset(new TestSSLErrorHandler( |
213 std::unique_ptr<SSLErrorHandler::Delegate>(delegate_), web_contents(), | 213 std::unique_ptr<SSLErrorHandler::Delegate>(delegate_), web_contents(), |
214 profile(), net::MapCertStatusToNetError(ssl_info_.cert_status), | 214 profile(), net::MapCertStatusToNetError(ssl_info_.cert_status), |
215 ssl_info_, | 215 ssl_info_, |
216 GURL(), // request_url | 216 GURL(), // request_url |
217 base::Callback<void(content::CertificateRequestResultType)>())); | 217 base::Callback<void(content::CertificateRequestResultType)>())); |
218 } | 218 } |
219 | 219 |
220 void TearDown() override { | 220 void TearDown() override { |
221 EXPECT_FALSE(error_handler()->IsTimerRunningForTesting()); | 221 EXPECT_FALSE(error_handler()->IsTimerRunningForTesting()); |
222 error_handler_.reset(nullptr); | 222 error_handler_.reset(nullptr); |
223 SSLErrorHandler::ResetConfigForTesting(); | 223 SSLErrorHandler::ResetConfigForTesting(); |
224 ChromeRenderViewHostTestHarness::TearDown(); | 224 ChromeRenderViewHostTestHarness::TearDown(); |
225 } | 225 } |
226 | 226 |
227 TestSSLErrorHandler* error_handler() { return error_handler_.get(); } | 227 TestSSLErrorHandler* error_handler() { return error_handler_.get(); } |
228 TestSSLErrorHandlerDelegate* delegate() { return delegate_; } | 228 TestSSLErrorHandlerDelegate* delegate() { return delegate_; } |
229 | 229 |
230 const net::SSLInfo& ssl_info() { return ssl_info_; } | 230 const net::SSLInfo& ssl_info() { return ssl_info_; } |
231 | 231 |
232 private: | 232 private: |
233 // Returns a certificate for the test. Virtual to allow derived fixtures to | |
234 // use a certificate with different characteristics. | |
235 virtual scoped_refptr<net::X509Certificate> GetCertificate() { | |
236 return net::ImportCertFromFile(net::GetTestCertsDirectory(), | |
237 "subjectAltName_www_example_com.pem"); | |
238 } | |
239 | |
233 net::SSLInfo ssl_info_; | 240 net::SSLInfo ssl_info_; |
234 std::unique_ptr<TestSSLErrorHandler> error_handler_; | 241 std::unique_ptr<TestSSLErrorHandler> error_handler_; |
235 TestSSLErrorHandlerDelegate* delegate_; | 242 TestSSLErrorHandlerDelegate* delegate_; |
236 base::FieldTrialList field_trial_list_; | 243 base::FieldTrialList field_trial_list_; |
237 | 244 |
238 DISALLOW_COPY_AND_ASSIGN(SSLErrorHandlerNameMismatchTest); | 245 DISALLOW_COPY_AND_ASSIGN(SSLErrorHandlerNameMismatchTest); |
239 }; | 246 }; |
240 | 247 |
248 // A class to test name mismatch errors, where the certificate lacks a | |
249 // SubjectAltName. Creates an error handler with a name mismatch error. | |
250 class SSLErrorHandlerNameMismatchNoSANTest | |
251 : public SSLErrorHandlerNameMismatchTest { | |
252 public: | |
253 SSLErrorHandlerNameMismatchNoSANTest() {} | |
254 | |
255 // Return a certificate that contains no SubjectAltName field. | |
256 scoped_refptr<net::X509Certificate> GetCertificate() override { | |
estark
2017/04/05 03:37:41
this should be private too
elawrence
2017/04/05 14:51:39
Done.
| |
257 return net::ImportCertFromFile(net::GetTestCertsDirectory(), "ok_cert.pem"); | |
258 } | |
259 | |
260 DISALLOW_COPY_AND_ASSIGN(SSLErrorHandlerNameMismatchNoSANTest); | |
261 }; | |
262 | |
241 // A class to test the captive portal certificate list feature. Creates an error | 263 // A class to test the captive portal certificate list feature. Creates an error |
242 // handler with a name mismatch error by default. The error handler can be | 264 // handler with a name mismatch error by default. The error handler can be |
243 // recreated by calling ResetErrorHandler() with an appropriate cert status. | 265 // recreated by calling ResetErrorHandler() with an appropriate cert status. |
244 class SSLErrorHandlerCaptivePortalCertListTest | 266 class SSLErrorHandlerCaptivePortalCertListTest |
245 : public ChromeRenderViewHostTestHarness { | 267 : public ChromeRenderViewHostTestHarness { |
246 public: | 268 public: |
247 SSLErrorHandlerCaptivePortalCertListTest() : field_trial_list_(nullptr) {} | 269 SSLErrorHandlerCaptivePortalCertListTest() : field_trial_list_(nullptr) {} |
248 | 270 |
249 void SetUp() override { | 271 void SetUp() override { |
250 ChromeRenderViewHostTestHarness::SetUp(); | 272 ChromeRenderViewHostTestHarness::SetUp(); |
(...skipping 317 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
568 | 590 |
569 EXPECT_FALSE(error_handler()->IsTimerRunningForTesting()); | 591 EXPECT_FALSE(error_handler()->IsTimerRunningForTesting()); |
570 EXPECT_TRUE(delegate()->ssl_interstitial_shown()); | 592 EXPECT_TRUE(delegate()->ssl_interstitial_shown()); |
571 | 593 |
572 // Note that the suggested URL check is never completed, so there is no entry | 594 // Note that the suggested URL check is never completed, so there is no entry |
573 // for WWW_MISMATCH_URL_AVAILABLE or WWW_MISMATCH_URL_NOT_AVAILABLE. | 595 // for WWW_MISMATCH_URL_AVAILABLE or WWW_MISMATCH_URL_NOT_AVAILABLE. |
574 histograms.ExpectTotalCount(SSLErrorHandler::GetHistogramNameForTesting(), 3); | 596 histograms.ExpectTotalCount(SSLErrorHandler::GetHistogramNameForTesting(), 3); |
575 histograms.ExpectBucketCount(SSLErrorHandler::GetHistogramNameForTesting(), | 597 histograms.ExpectBucketCount(SSLErrorHandler::GetHistogramNameForTesting(), |
576 SSLErrorHandler::HANDLE_ALL, 1); | 598 SSLErrorHandler::HANDLE_ALL, 1); |
577 histograms.ExpectBucketCount(SSLErrorHandler::GetHistogramNameForTesting(), | 599 histograms.ExpectBucketCount(SSLErrorHandler::GetHistogramNameForTesting(), |
578 SSLErrorHandler::WWW_MISMATCH_FOUND, 1); | 600 SSLErrorHandler::WWW_MISMATCH_FOUND_IN_SAN, 1); |
579 histograms.ExpectBucketCount( | 601 histograms.ExpectBucketCount( |
580 SSLErrorHandler::GetHistogramNameForTesting(), | 602 SSLErrorHandler::GetHistogramNameForTesting(), |
581 SSLErrorHandler::SHOW_SSL_INTERSTITIAL_OVERRIDABLE, 1); | 603 SSLErrorHandler::SHOW_SSL_INTERSTITIAL_OVERRIDABLE, 1); |
582 } | 604 } |
583 | 605 |
584 TEST_F(SSLErrorHandlerNameMismatchTest, | 606 TEST_F(SSLErrorHandlerNameMismatchTest, |
585 ShouldNotHandleNameMismatchOnNonOverridableError) { | 607 ShouldNotHandleNameMismatchOnNonOverridableError) { |
586 base::HistogramTester histograms; | 608 base::HistogramTester histograms; |
587 delegate()->set_non_overridable_error(); | 609 delegate()->set_non_overridable_error(); |
588 delegate()->set_suggested_url_exists(); | 610 delegate()->set_suggested_url_exists(); |
(...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
642 EXPECT_FALSE(error_handler()->IsTimerRunningForTesting()); | 664 EXPECT_FALSE(error_handler()->IsTimerRunningForTesting()); |
643 EXPECT_TRUE(delegate()->ssl_interstitial_shown()); | 665 EXPECT_TRUE(delegate()->ssl_interstitial_shown()); |
644 EXPECT_FALSE(delegate()->redirected_to_suggested_url()); | 666 EXPECT_FALSE(delegate()->redirected_to_suggested_url()); |
645 | 667 |
646 // Note that the suggested URL check is never completed, so there is no entry | 668 // Note that the suggested URL check is never completed, so there is no entry |
647 // for WWW_MISMATCH_URL_AVAILABLE or WWW_MISMATCH_URL_NOT_AVAILABLE. | 669 // for WWW_MISMATCH_URL_AVAILABLE or WWW_MISMATCH_URL_NOT_AVAILABLE. |
648 histograms.ExpectTotalCount(SSLErrorHandler::GetHistogramNameForTesting(), 3); | 670 histograms.ExpectTotalCount(SSLErrorHandler::GetHistogramNameForTesting(), 3); |
649 histograms.ExpectBucketCount(SSLErrorHandler::GetHistogramNameForTesting(), | 671 histograms.ExpectBucketCount(SSLErrorHandler::GetHistogramNameForTesting(), |
650 SSLErrorHandler::HANDLE_ALL, 1); | 672 SSLErrorHandler::HANDLE_ALL, 1); |
651 histograms.ExpectBucketCount(SSLErrorHandler::GetHistogramNameForTesting(), | 673 histograms.ExpectBucketCount(SSLErrorHandler::GetHistogramNameForTesting(), |
652 SSLErrorHandler::WWW_MISMATCH_FOUND, 1); | 674 SSLErrorHandler::WWW_MISMATCH_FOUND_IN_SAN, 1); |
653 histograms.ExpectBucketCount( | 675 histograms.ExpectBucketCount( |
654 SSLErrorHandler::GetHistogramNameForTesting(), | 676 SSLErrorHandler::GetHistogramNameForTesting(), |
655 SSLErrorHandler::SHOW_SSL_INTERSTITIAL_OVERRIDABLE, 1); | 677 SSLErrorHandler::SHOW_SSL_INTERSTITIAL_OVERRIDABLE, 1); |
656 } | 678 } |
657 | 679 |
658 TEST_F(SSLErrorHandlerNameMismatchTest, | 680 TEST_F(SSLErrorHandlerNameMismatchTest, |
659 ShouldRedirectOnSuggestedUrlCheckResult) { | 681 ShouldRedirectOnSuggestedUrlCheckResult) { |
660 base::HistogramTester histograms; | 682 base::HistogramTester histograms; |
661 delegate()->set_suggested_url_exists(); | 683 delegate()->set_suggested_url_exists(); |
662 error_handler()->StartHandlingError(); | 684 error_handler()->StartHandlingError(); |
(...skipping 11 matching lines...) Expand all Loading... | |
674 GURL("https://random.example.com")); | 696 GURL("https://random.example.com")); |
675 | 697 |
676 EXPECT_FALSE(error_handler()->IsTimerRunningForTesting()); | 698 EXPECT_FALSE(error_handler()->IsTimerRunningForTesting()); |
677 EXPECT_FALSE(delegate()->ssl_interstitial_shown()); | 699 EXPECT_FALSE(delegate()->ssl_interstitial_shown()); |
678 EXPECT_TRUE(delegate()->redirected_to_suggested_url()); | 700 EXPECT_TRUE(delegate()->redirected_to_suggested_url()); |
679 | 701 |
680 histograms.ExpectTotalCount(SSLErrorHandler::GetHistogramNameForTesting(), 3); | 702 histograms.ExpectTotalCount(SSLErrorHandler::GetHistogramNameForTesting(), 3); |
681 histograms.ExpectBucketCount(SSLErrorHandler::GetHistogramNameForTesting(), | 703 histograms.ExpectBucketCount(SSLErrorHandler::GetHistogramNameForTesting(), |
682 SSLErrorHandler::HANDLE_ALL, 1); | 704 SSLErrorHandler::HANDLE_ALL, 1); |
683 histograms.ExpectBucketCount(SSLErrorHandler::GetHistogramNameForTesting(), | 705 histograms.ExpectBucketCount(SSLErrorHandler::GetHistogramNameForTesting(), |
684 SSLErrorHandler::WWW_MISMATCH_FOUND, 1); | 706 SSLErrorHandler::WWW_MISMATCH_FOUND_IN_SAN, 1); |
685 histograms.ExpectBucketCount(SSLErrorHandler::GetHistogramNameForTesting(), | 707 histograms.ExpectBucketCount(SSLErrorHandler::GetHistogramNameForTesting(), |
686 SSLErrorHandler::WWW_MISMATCH_URL_AVAILABLE, 1); | 708 SSLErrorHandler::WWW_MISMATCH_URL_AVAILABLE, 1); |
687 } | 709 } |
688 | 710 |
711 // No suggestions should be requested if certificate lacks a SubjectAltName. | |
712 TEST_F(SSLErrorHandlerNameMismatchNoSANTest, | |
713 SSLCommonNameMismatchHandlingRequiresSubjectAltName) { | |
714 base::HistogramTester histograms; | |
715 EXPECT_FALSE(error_handler()->IsTimerRunningForTesting()); | |
716 delegate()->set_suggested_url_exists(); | |
717 error_handler()->StartHandlingError(); | |
718 | |
719 EXPECT_FALSE(delegate()->suggested_url_checked()); | |
720 base::RunLoop().RunUntilIdle(); | |
721 | |
722 EXPECT_TRUE(delegate()->ssl_interstitial_shown()); | |
723 EXPECT_FALSE(delegate()->redirected_to_suggested_url()); | |
724 | |
725 histograms.ExpectTotalCount(SSLErrorHandler::GetHistogramNameForTesting(), 2); | |
726 histograms.ExpectBucketCount(SSLErrorHandler::GetHistogramNameForTesting(), | |
727 SSLErrorHandler::HANDLE_ALL, 1); | |
728 histograms.ExpectBucketCount(SSLErrorHandler::GetHistogramNameForTesting(), | |
729 SSLErrorHandler::WWW_MISMATCH_FOUND_IN_SAN, 0); | |
730 histograms.ExpectBucketCount( | |
731 SSLErrorHandler::GetHistogramNameForTesting(), | |
732 SSLErrorHandler::SHOW_SSL_INTERSTITIAL_OVERRIDABLE, 1); | |
733 } | |
734 | |
689 TEST_F(SSLErrorHandlerNameMismatchTest, | 735 TEST_F(SSLErrorHandlerNameMismatchTest, |
690 ShouldShowSSLInterstitialOnInvalidUrlCheckResult) { | 736 ShouldShowSSLInterstitialOnInvalidUrlCheckResult) { |
691 base::HistogramTester histograms; | 737 base::HistogramTester histograms; |
692 delegate()->set_suggested_url_exists(); | 738 delegate()->set_suggested_url_exists(); |
693 error_handler()->StartHandlingError(); | 739 error_handler()->StartHandlingError(); |
694 | 740 |
695 EXPECT_TRUE(error_handler()->IsTimerRunningForTesting()); | 741 EXPECT_TRUE(error_handler()->IsTimerRunningForTesting()); |
696 EXPECT_TRUE(delegate()->suggested_url_checked()); | 742 EXPECT_TRUE(delegate()->suggested_url_checked()); |
697 EXPECT_FALSE(delegate()->ssl_interstitial_shown()); | 743 EXPECT_FALSE(delegate()->ssl_interstitial_shown()); |
698 EXPECT_FALSE(delegate()->redirected_to_suggested_url()); | 744 EXPECT_FALSE(delegate()->redirected_to_suggested_url()); |
699 // Fake an Invalid Suggested URL Check result. | 745 // Fake an Invalid Suggested URL Check result. |
700 delegate()->SendSuggestedUrlCheckResult( | 746 delegate()->SendSuggestedUrlCheckResult( |
701 CommonNameMismatchHandler::SuggestedUrlCheckResult:: | 747 CommonNameMismatchHandler::SuggestedUrlCheckResult:: |
702 SUGGESTED_URL_NOT_AVAILABLE, | 748 SUGGESTED_URL_NOT_AVAILABLE, |
703 GURL()); | 749 GURL()); |
704 | 750 |
705 EXPECT_FALSE(error_handler()->IsTimerRunningForTesting()); | 751 EXPECT_FALSE(error_handler()->IsTimerRunningForTesting()); |
706 EXPECT_TRUE(delegate()->ssl_interstitial_shown()); | 752 EXPECT_TRUE(delegate()->ssl_interstitial_shown()); |
707 EXPECT_FALSE(delegate()->redirected_to_suggested_url()); | 753 EXPECT_FALSE(delegate()->redirected_to_suggested_url()); |
708 | 754 |
709 histograms.ExpectTotalCount(SSLErrorHandler::GetHistogramNameForTesting(), 4); | 755 histograms.ExpectTotalCount(SSLErrorHandler::GetHistogramNameForTesting(), 4); |
710 histograms.ExpectBucketCount(SSLErrorHandler::GetHistogramNameForTesting(), | 756 histograms.ExpectBucketCount(SSLErrorHandler::GetHistogramNameForTesting(), |
711 SSLErrorHandler::HANDLE_ALL, 1); | 757 SSLErrorHandler::HANDLE_ALL, 1); |
712 histograms.ExpectBucketCount(SSLErrorHandler::GetHistogramNameForTesting(), | 758 histograms.ExpectBucketCount(SSLErrorHandler::GetHistogramNameForTesting(), |
713 SSLErrorHandler::WWW_MISMATCH_FOUND, 1); | 759 SSLErrorHandler::WWW_MISMATCH_FOUND_IN_SAN, 1); |
714 histograms.ExpectBucketCount(SSLErrorHandler::GetHistogramNameForTesting(), | 760 histograms.ExpectBucketCount(SSLErrorHandler::GetHistogramNameForTesting(), |
715 SSLErrorHandler::WWW_MISMATCH_URL_NOT_AVAILABLE, | 761 SSLErrorHandler::WWW_MISMATCH_URL_NOT_AVAILABLE, |
716 1); | 762 1); |
717 histograms.ExpectBucketCount( | 763 histograms.ExpectBucketCount( |
718 SSLErrorHandler::GetHistogramNameForTesting(), | 764 SSLErrorHandler::GetHistogramNameForTesting(), |
719 SSLErrorHandler::SHOW_SSL_INTERSTITIAL_OVERRIDABLE, 1); | 765 SSLErrorHandler::SHOW_SSL_INTERSTITIAL_OVERRIDABLE, 1); |
720 } | 766 } |
721 | 767 |
722 TEST_F(SSLErrorHandlerDateInvalidTest, TimeQueryStarted) { | 768 TEST_F(SSLErrorHandlerDateInvalidTest, TimeQueryStarted) { |
723 base::HistogramTester histograms; | 769 base::HistogramTester histograms; |
(...skipping 230 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
954 | 1000 |
955 histograms.ExpectTotalCount(SSLErrorHandler::GetHistogramNameForTesting(), 2); | 1001 histograms.ExpectTotalCount(SSLErrorHandler::GetHistogramNameForTesting(), 2); |
956 histograms.ExpectBucketCount(SSLErrorHandler::GetHistogramNameForTesting(), | 1002 histograms.ExpectBucketCount(SSLErrorHandler::GetHistogramNameForTesting(), |
957 SSLErrorHandler::HANDLE_ALL, 1); | 1003 SSLErrorHandler::HANDLE_ALL, 1); |
958 histograms.ExpectBucketCount( | 1004 histograms.ExpectBucketCount( |
959 SSLErrorHandler::GetHistogramNameForTesting(), | 1005 SSLErrorHandler::GetHistogramNameForTesting(), |
960 SSLErrorHandler::SHOW_SSL_INTERSTITIAL_OVERRIDABLE, 1); | 1006 SSLErrorHandler::SHOW_SSL_INTERSTITIAL_OVERRIDABLE, 1); |
961 } | 1007 } |
962 | 1008 |
963 #endif // BUILDFLAG(ENABLE_CAPTIVE_PORTAL_DETECTION) | 1009 #endif // BUILDFLAG(ENABLE_CAPTIVE_PORTAL_DETECTION) |
OLD | NEW |