OLD | NEW |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/ssl/security_state_tab_helper.h" | 5 #include "chrome/browser/ssl/security_state_tab_helper.h" |
6 | 6 |
7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
8 #include "base/files/file_path.h" | 8 #include "base/files/file_path.h" |
9 #include "base/macros.h" | 9 #include "base/macros.h" |
10 #include "base/strings/string_split.h" | 10 #include "base/strings/string_split.h" |
(...skipping 283 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
294 class SecurityStateTabHelperTest : public CertVerifierBrowserTest { | 294 class SecurityStateTabHelperTest : public CertVerifierBrowserTest { |
295 public: | 295 public: |
296 SecurityStateTabHelperTest() | 296 SecurityStateTabHelperTest() |
297 : https_server_(net::EmbeddedTestServer::TYPE_HTTPS) { | 297 : https_server_(net::EmbeddedTestServer::TYPE_HTTPS) { |
298 https_server_.ServeFilesFromSourceDirectory(base::FilePath(kDocRoot)); | 298 https_server_.ServeFilesFromSourceDirectory(base::FilePath(kDocRoot)); |
299 } | 299 } |
300 | 300 |
301 void SetUpOnMainThread() override { | 301 void SetUpOnMainThread() override { |
302 ASSERT_TRUE(embedded_test_server()->Start()); | 302 ASSERT_TRUE(embedded_test_server()->Start()); |
303 ASSERT_TRUE(https_server_.Start()); | 303 ASSERT_TRUE(https_server_.Start()); |
304 host_resolver()->AddRule("*", embedded_test_server()->GetURL("/").host()); | 304 host_resolver()->AddRule("*", "127.0.0.1"); |
305 } | 305 } |
306 | 306 |
307 void SetUpCommandLine(base::CommandLine* command_line) override { | 307 void SetUpCommandLine(base::CommandLine* command_line) override { |
308 // Browser will both run and display insecure content. | 308 // Browser will both run and display insecure content. |
309 command_line->AppendSwitch(switches::kAllowRunningInsecureContent); | 309 command_line->AppendSwitch(switches::kAllowRunningInsecureContent); |
310 } | 310 } |
311 | 311 |
312 protected: | 312 protected: |
313 void SetUpMockCertVerifierForHttpsServer(net::CertStatus cert_status, | 313 void SetUpMockCertVerifierForHttpsServer(net::CertStatus cert_status, |
314 int net_result) { | 314 int net_result) { |
(...skipping 62 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
377 DidChangeVisibleSecurityStateTest() | 377 DidChangeVisibleSecurityStateTest() |
378 : https_server_(net::EmbeddedTestServer::TYPE_HTTPS) { | 378 : https_server_(net::EmbeddedTestServer::TYPE_HTTPS) { |
379 https_server_.ServeFilesFromSourceDirectory(base::FilePath(kDocRoot)); | 379 https_server_.ServeFilesFromSourceDirectory(base::FilePath(kDocRoot)); |
380 } | 380 } |
381 | 381 |
382 void SetUpCommandLine(base::CommandLine* command_line) override { | 382 void SetUpCommandLine(base::CommandLine* command_line) override { |
383 // Browser will both run and display insecure content. | 383 // Browser will both run and display insecure content. |
384 command_line->AppendSwitch(switches::kAllowRunningInsecureContent); | 384 command_line->AppendSwitch(switches::kAllowRunningInsecureContent); |
385 } | 385 } |
386 | 386 |
| 387 void SetUpOnMainThread() override { |
| 388 host_resolver()->AddRule("*", "127.0.0.1"); |
| 389 } |
| 390 |
387 protected: | 391 protected: |
388 net::EmbeddedTestServer https_server_; | 392 net::EmbeddedTestServer https_server_; |
389 | 393 |
390 private: | 394 private: |
391 DISALLOW_COPY_AND_ASSIGN(DidChangeVisibleSecurityStateTest); | 395 DISALLOW_COPY_AND_ASSIGN(DidChangeVisibleSecurityStateTest); |
392 }; | 396 }; |
393 | 397 |
394 IN_PROC_BROWSER_TEST_F(SecurityStateTabHelperTest, HttpPage) { | 398 IN_PROC_BROWSER_TEST_F(SecurityStateTabHelperTest, HttpPage) { |
395 ui_test_utils::NavigateToURL( | 399 ui_test_utils::NavigateToURL( |
396 browser(), embedded_test_server()->GetURL("/ssl/google.html")); | 400 browser(), embedded_test_server()->GetURL("/ssl/google.html")); |
(...skipping 88 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
485 observer.latest_explanations(); | 489 observer.latest_explanations(); |
486 | 490 |
487 ASSERT_EQ(0u, explanation.insecure_explanations.size()); | 491 ASSERT_EQ(0u, explanation.insecure_explanations.size()); |
488 ASSERT_EQ(1u, explanation.neutral_explanations.size()); | 492 ASSERT_EQ(1u, explanation.neutral_explanations.size()); |
489 EXPECT_EQ(l10n_util::GetStringUTF8(IDS_SHA1), | 493 EXPECT_EQ(l10n_util::GetStringUTF8(IDS_SHA1), |
490 explanation.neutral_explanations[0].summary); | 494 explanation.neutral_explanations[0].summary); |
491 } | 495 } |
492 | 496 |
493 IN_PROC_BROWSER_TEST_F(SecurityStateTabHelperTest, MixedContent) { | 497 IN_PROC_BROWSER_TEST_F(SecurityStateTabHelperTest, MixedContent) { |
494 SetUpMockCertVerifierForHttpsServer(0, net::OK); | 498 SetUpMockCertVerifierForHttpsServer(0, net::OK); |
495 host_resolver()->AddRule("example.test", | |
496 https_server_.GetURL("/title1.html").host()); | |
497 | 499 |
498 net::HostPortPair replacement_pair = embedded_test_server()->host_port_pair(); | 500 net::HostPortPair replacement_pair = embedded_test_server()->host_port_pair(); |
499 replacement_pair.set_host("example.test"); | 501 replacement_pair.set_host("example.test"); |
500 | 502 |
501 // Navigate to an HTTPS page that displays mixed content. | 503 // Navigate to an HTTPS page that displays mixed content. |
502 std::string replacement_path; | 504 std::string replacement_path; |
503 GetFilePathWithHostAndPortReplacement( | 505 GetFilePathWithHostAndPortReplacement( |
504 "/ssl/page_displays_insecure_content.html", replacement_pair, | 506 "/ssl/page_displays_insecure_content.html", replacement_pair, |
505 &replacement_path); | 507 &replacement_path); |
506 ui_test_utils::NavigateToURL(browser(), | 508 ui_test_utils::NavigateToURL(browser(), |
(...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
550 CheckSecurityInfoForSecure( | 552 CheckSecurityInfoForSecure( |
551 browser()->tab_strip_model()->GetActiveWebContents(), | 553 browser()->tab_strip_model()->GetActiveWebContents(), |
552 security_state::DANGEROUS, false, | 554 security_state::DANGEROUS, false, |
553 security_state::CONTENT_STATUS_DISPLAYED_AND_RAN, false, | 555 security_state::CONTENT_STATUS_DISPLAYED_AND_RAN, false, |
554 false /* expect cert status error */); | 556 false /* expect cert status error */); |
555 | 557 |
556 // Navigate to an HTTPS page that runs mixed content in an iframe. | 558 // Navigate to an HTTPS page that runs mixed content in an iframe. |
557 net::HostPortPair host_port_pair = | 559 net::HostPortPair host_port_pair = |
558 net::HostPortPair::FromURL(https_server_.GetURL("/title1.html")); | 560 net::HostPortPair::FromURL(https_server_.GetURL("/title1.html")); |
559 host_port_pair.set_host("different-host.test"); | 561 host_port_pair.set_host("different-host.test"); |
560 host_resolver()->AddRule("different-host.test", | |
561 https_server_.GetURL("/title1.html").host()); | |
562 host_resolver()->AddRule( | |
563 "different-http-host.test", | |
564 embedded_test_server()->GetURL("/title1.html").host()); | |
565 GetFilePathWithHostAndPortReplacement( | 562 GetFilePathWithHostAndPortReplacement( |
566 "/ssl/page_runs_insecure_content_in_iframe.html", host_port_pair, | 563 "/ssl/page_runs_insecure_content_in_iframe.html", host_port_pair, |
567 &replacement_path); | 564 &replacement_path); |
568 ui_test_utils::NavigateToURL(browser(), | 565 ui_test_utils::NavigateToURL(browser(), |
569 https_server_.GetURL(replacement_path)); | 566 https_server_.GetURL(replacement_path)); |
570 CheckSecurityInfoForSecure( | 567 CheckSecurityInfoForSecure( |
571 browser()->tab_strip_model()->GetActiveWebContents(), | 568 browser()->tab_strip_model()->GetActiveWebContents(), |
572 security_state::DANGEROUS, false, security_state::CONTENT_STATUS_RAN, | 569 security_state::DANGEROUS, false, security_state::CONTENT_STATUS_RAN, |
573 false, false /* expect cert status error */); | 570 false, false /* expect cert status error */); |
574 } | 571 } |
(...skipping 83 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
658 EXPECT_EQ(security_state::CONTENT_STATUS_DISPLAYED_AND_RAN, | 655 EXPECT_EQ(security_state::CONTENT_STATUS_DISPLAYED_AND_RAN, |
659 security_info.content_with_cert_errors_status); | 656 security_info.content_with_cert_errors_status); |
660 } | 657 } |
661 | 658 |
662 // Same as SecurityStateTabHelperTest.ActiveAndPassiveContentWithCertErrors but | 659 // Same as SecurityStateTabHelperTest.ActiveAndPassiveContentWithCertErrors but |
663 // with a SHA1 cert. | 660 // with a SHA1 cert. |
664 IN_PROC_BROWSER_TEST_F(SecurityStateTabHelperTest, MixedContentWithSHA1Cert) { | 661 IN_PROC_BROWSER_TEST_F(SecurityStateTabHelperTest, MixedContentWithSHA1Cert) { |
665 SetUpMockCertVerifierForHttpsServer(net::CERT_STATUS_SHA1_SIGNATURE_PRESENT, | 662 SetUpMockCertVerifierForHttpsServer(net::CERT_STATUS_SHA1_SIGNATURE_PRESENT, |
666 net::OK); | 663 net::OK); |
667 | 664 |
668 host_resolver()->AddRule("example.test", | |
669 https_server_.GetURL("/title1.html").host()); | |
670 | |
671 net::HostPortPair replacement_pair = embedded_test_server()->host_port_pair(); | 665 net::HostPortPair replacement_pair = embedded_test_server()->host_port_pair(); |
672 replacement_pair.set_host("example.test"); | 666 replacement_pair.set_host("example.test"); |
673 | 667 |
674 // Navigate to an HTTPS page that displays mixed content. | 668 // Navigate to an HTTPS page that displays mixed content. |
675 std::string replacement_path; | 669 std::string replacement_path; |
676 GetFilePathWithHostAndPortReplacement( | 670 GetFilePathWithHostAndPortReplacement( |
677 "/ssl/page_displays_insecure_content.html", replacement_pair, | 671 "/ssl/page_displays_insecure_content.html", replacement_pair, |
678 &replacement_path); | 672 &replacement_path); |
679 ui_test_utils::NavigateToURL(browser(), | 673 ui_test_utils::NavigateToURL(browser(), |
680 https_server_.GetURL(replacement_path)); | 674 https_server_.GetURL(replacement_path)); |
(...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
731 // directive stops mixed content from running. | 725 // directive stops mixed content from running. |
732 IN_PROC_BROWSER_TEST_F(SecurityStateTabHelperTest, MixedContentStrictBlocking) { | 726 IN_PROC_BROWSER_TEST_F(SecurityStateTabHelperTest, MixedContentStrictBlocking) { |
733 SetUpMockCertVerifierForHttpsServer(0, net::OK); | 727 SetUpMockCertVerifierForHttpsServer(0, net::OK); |
734 | 728 |
735 // Navigate to an HTTPS page that tries to run mixed content in an | 729 // Navigate to an HTTPS page that tries to run mixed content in an |
736 // iframe, with strict mixed content blocking. | 730 // iframe, with strict mixed content blocking. |
737 std::string replacement_path; | 731 std::string replacement_path; |
738 net::HostPortPair host_port_pair = | 732 net::HostPortPair host_port_pair = |
739 net::HostPortPair::FromURL(https_server_.GetURL("/title1.html")); | 733 net::HostPortPair::FromURL(https_server_.GetURL("/title1.html")); |
740 host_port_pair.set_host("different-host.test"); | 734 host_port_pair.set_host("different-host.test"); |
741 host_resolver()->AddRule("different-host.test", | |
742 https_server_.GetURL("/title1.html").host()); | |
743 GetFilePathWithHostAndPortReplacement( | 735 GetFilePathWithHostAndPortReplacement( |
744 "/ssl/page_runs_insecure_content_in_iframe_with_strict_blocking.html", | 736 "/ssl/page_runs_insecure_content_in_iframe_with_strict_blocking.html", |
745 host_port_pair, &replacement_path); | 737 host_port_pair, &replacement_path); |
746 ui_test_utils::NavigateToURL(browser(), | 738 ui_test_utils::NavigateToURL(browser(), |
747 https_server_.GetURL(replacement_path)); | 739 https_server_.GetURL(replacement_path)); |
748 CheckSecurityInfoForSecure( | 740 CheckSecurityInfoForSecure( |
749 browser()->tab_strip_model()->GetActiveWebContents(), | 741 browser()->tab_strip_model()->GetActiveWebContents(), |
750 security_state::SECURE, false, security_state::CONTENT_STATUS_NONE, false, | 742 security_state::SECURE, false, security_state::CONTENT_STATUS_NONE, false, |
751 false /* expect cert status error */); | 743 false /* expect cert status error */); |
752 } | 744 } |
(...skipping 905 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1658 https_server_.GetCertificate().get()); | 1650 https_server_.GetCertificate().get()); |
1659 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); | 1651 EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic); |
1660 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); | 1652 EXPECT_FALSE(observer.latest_explanations().pkp_bypassed); |
1661 EXPECT_TRUE(observer.latest_explanations().info_explanations.empty()); | 1653 EXPECT_TRUE(observer.latest_explanations().info_explanations.empty()); |
1662 EXPECT_FALSE(observer.latest_explanations().displayed_mixed_content); | 1654 EXPECT_FALSE(observer.latest_explanations().displayed_mixed_content); |
1663 EXPECT_FALSE(observer.latest_explanations().ran_mixed_content); | 1655 EXPECT_FALSE(observer.latest_explanations().ran_mixed_content); |
1664 | 1656 |
1665 // Navigate to a bad HTTPS page on a different host, and then click | 1657 // Navigate to a bad HTTPS page on a different host, and then click |
1666 // Back to verify that the previous good security style is seen again. | 1658 // Back to verify that the previous good security style is seen again. |
1667 GURL expired_https_url(https_test_server_expired.GetURL("/title1.html")); | 1659 GURL expired_https_url(https_test_server_expired.GetURL("/title1.html")); |
1668 host_resolver()->AddRule("www.example_broken.test", "127.0.0.1"); | |
1669 GURL::Replacements replace_host; | 1660 GURL::Replacements replace_host; |
1670 replace_host.SetHostStr("www.example_broken.test"); | 1661 replace_host.SetHostStr("www.example_broken.test"); |
1671 GURL https_url_different_host = | 1662 GURL https_url_different_host = |
1672 expired_https_url.ReplaceComponents(replace_host); | 1663 expired_https_url.ReplaceComponents(replace_host); |
1673 | 1664 |
1674 ui_test_utils::NavigateToURL(browser(), https_url_different_host); | 1665 ui_test_utils::NavigateToURL(browser(), https_url_different_host); |
1675 | 1666 |
1676 content::WaitForInterstitialAttach(web_contents); | 1667 content::WaitForInterstitialAttach(web_contents); |
1677 EXPECT_TRUE(web_contents->ShowingInterstitialPage()); | 1668 EXPECT_TRUE(web_contents->ShowingInterstitialPage()); |
1678 CheckBrokenSecurityStyle(observer, net::ERR_CERT_COMMON_NAME_INVALID, | 1669 CheckBrokenSecurityStyle(observer, net::ERR_CERT_COMMON_NAME_INVALID, |
(...skipping 187 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1866 base::string16 obsolete_description = l10n_util::GetStringFUTF16( | 1857 base::string16 obsolete_description = l10n_util::GetStringFUTF16( |
1867 IDS_OBSOLETE_SSL_DESCRIPTION, description_replacements, nullptr); | 1858 IDS_OBSOLETE_SSL_DESCRIPTION, description_replacements, nullptr); |
1868 | 1859 |
1869 EXPECT_EQ( | 1860 EXPECT_EQ( |
1870 obsolete_description, | 1861 obsolete_description, |
1871 base::ASCIIToUTF16( | 1862 base::ASCIIToUTF16( |
1872 observer.latest_explanations().info_explanations[0].description)); | 1863 observer.latest_explanations().info_explanations[0].description)); |
1873 } | 1864 } |
1874 | 1865 |
1875 } // namespace | 1866 } // namespace |
OLD | NEW |