OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <utility> | 5 #include <utility> |
6 | 6 |
7 #include "base/base64.h" | 7 #include "base/base64.h" |
8 #include "base/base_switches.h" | 8 #include "base/base_switches.h" |
9 #include "base/bind.h" | 9 #include "base/bind.h" |
10 #include "base/bind_helpers.h" | 10 #include "base/bind_helpers.h" |
(...skipping 88 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
99 #include "net/base/net_errors.h" | 99 #include "net/base/net_errors.h" |
100 #include "net/cert/asn1_util.h" | 100 #include "net/cert/asn1_util.h" |
101 #include "net/cert/cert_status_flags.h" | 101 #include "net/cert/cert_status_flags.h" |
102 #include "net/cert/mock_cert_verifier.h" | 102 #include "net/cert/mock_cert_verifier.h" |
103 #include "net/cert/x509_certificate.h" | 103 #include "net/cert/x509_certificate.h" |
104 #include "net/dns/mock_host_resolver.h" | 104 #include "net/dns/mock_host_resolver.h" |
105 #include "net/http/http_response_headers.h" | 105 #include "net/http/http_response_headers.h" |
106 #include "net/ssl/ssl_info.h" | 106 #include "net/ssl/ssl_info.h" |
107 #include "net/test/cert_test_util.h" | 107 #include "net/test/cert_test_util.h" |
108 #include "net/test/embedded_test_server/embedded_test_server.h" | 108 #include "net/test/embedded_test_server/embedded_test_server.h" |
| 109 #include "net/test/embedded_test_server/http_request.h" |
109 #include "net/test/embedded_test_server/request_handler_util.h" | 110 #include "net/test/embedded_test_server/request_handler_util.h" |
110 #include "net/test/spawned_test_server/spawned_test_server.h" | 111 #include "net/test/spawned_test_server/spawned_test_server.h" |
111 #include "net/test/test_certificate_data.h" | 112 #include "net/test/test_certificate_data.h" |
112 #include "net/test/test_data_directory.h" | 113 #include "net/test/test_data_directory.h" |
113 #include "net/url_request/url_request_context.h" | 114 #include "net/url_request/url_request_context.h" |
114 #include "net/url_request/url_request_filter.h" | 115 #include "net/url_request/url_request_filter.h" |
115 #include "net/url_request/url_request_job.h" | 116 #include "net/url_request/url_request_job.h" |
116 #include "net/url_request/url_request_test_util.h" | 117 #include "net/url_request/url_request_test_util.h" |
117 | 118 |
118 #if BUILDFLAG(ENABLE_CAPTIVE_PORTAL_DETECTION) | 119 #if BUILDFLAG(ENABLE_CAPTIVE_PORTAL_DETECTION) |
(...skipping 3477 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
3596 | 3597 |
3597 // Open a second tab, close the first, and then trigger the network time | 3598 // Open a second tab, close the first, and then trigger the network time |
3598 // response and wait for the response; no crash should occur. | 3599 // response and wait for the response; no crash should occur. |
3599 ASSERT_TRUE(https_server_.Start()); | 3600 ASSERT_TRUE(https_server_.Start()); |
3600 AddTabAtIndex(1, https_server_.GetURL("/"), ui::PAGE_TRANSITION_TYPED); | 3601 AddTabAtIndex(1, https_server_.GetURL("/"), ui::PAGE_TRANSITION_TYPED); |
3601 chrome::CloseWebContents(browser(), contents, false); | 3602 chrome::CloseWebContents(browser(), contents, false); |
3602 ASSERT_NO_FATAL_FAILURE(CheckTimeQueryPending()); | 3603 ASSERT_NO_FATAL_FAILURE(CheckTimeQueryPending()); |
3603 TriggerTimeResponse(); | 3604 TriggerTimeResponse(); |
3604 } | 3605 } |
3605 | 3606 |
| 3607 namespace { |
| 3608 |
| 3609 // Fails with a CHECK for all requests over HTTP except for favicons. This is to |
| 3610 // ensure that name mismatch redirect feature's suggest URL ping stops on |
| 3611 // redirects and never hits an HTTP URL. |
| 3612 class HttpNameMismatchPingInterceptor : public net::URLRequestInterceptor { |
| 3613 public: |
| 3614 HttpNameMismatchPingInterceptor() {} |
| 3615 ~HttpNameMismatchPingInterceptor() override {} |
| 3616 |
| 3617 net::URLRequestJob* MaybeInterceptRequest( |
| 3618 net::URLRequest* request, |
| 3619 net::NetworkDelegate* delegate) const override { |
| 3620 if (request->url().path() == "/favicon.ico") { |
| 3621 // When a page doesn't list a favicon, a favicon request is automatically |
| 3622 // made over HTTP. These are harmless and don't leak the original page's |
| 3623 // URL, so ignore them. |
| 3624 return nullptr; |
| 3625 } |
| 3626 |
| 3627 EXPECT_TRUE(false) |
| 3628 << "Name mismatch pings must never be over HTTP. This request was for " |
| 3629 << request->url(); |
| 3630 return nullptr; |
| 3631 } |
| 3632 |
| 3633 private: |
| 3634 DISALLOW_COPY_AND_ASSIGN(HttpNameMismatchPingInterceptor); |
| 3635 }; |
| 3636 |
| 3637 void SetUpHttpNameMismatchPingInterceptorOnIOThread() { |
| 3638 DCHECK_CURRENTLY_ON(content::BrowserThread::IO); |
| 3639 // Add interceptors for HTTP versions of example.org and www.example.org. |
| 3640 // These are the hostnames used in the tests, and we never want them to be |
| 3641 // contacted over HTTP. |
| 3642 net::URLRequestFilter::GetInstance()->AddHostnameInterceptor( |
| 3643 "http", "example.org", |
| 3644 std::unique_ptr<HttpNameMismatchPingInterceptor>( |
| 3645 new HttpNameMismatchPingInterceptor())); |
| 3646 net::URLRequestFilter::GetInstance()->AddHostnameInterceptor( |
| 3647 "http", "www.example.org", |
| 3648 std::unique_ptr<HttpNameMismatchPingInterceptor>( |
| 3649 new HttpNameMismatchPingInterceptor())); |
| 3650 } |
| 3651 |
| 3652 } // namespace |
| 3653 |
3606 class CommonNameMismatchBrowserTest : public CertVerifierBrowserTest { | 3654 class CommonNameMismatchBrowserTest : public CertVerifierBrowserTest { |
3607 public: | 3655 public: |
3608 CommonNameMismatchBrowserTest() : CertVerifierBrowserTest() {} | 3656 CommonNameMismatchBrowserTest() : CertVerifierBrowserTest() {} |
3609 ~CommonNameMismatchBrowserTest() override {} | |
3610 | 3657 |
3611 void SetUpCommandLine(base::CommandLine* command_line) override { | 3658 void SetUpCommandLine(base::CommandLine* command_line) override { |
3612 // Enable finch experiment for SSL common name mismatch handling. | 3659 // Enable finch experiment for SSL common name mismatch handling. |
3613 command_line->AppendSwitchASCII(switches::kForceFieldTrials, | 3660 command_line->AppendSwitchASCII(switches::kForceFieldTrials, |
3614 "SSLCommonNameMismatchHandling/Enabled/"); | 3661 "SSLCommonNameMismatchHandling/Enabled/"); |
3615 } | 3662 } |
3616 | 3663 |
3617 void SetUpOnMainThread() override { | 3664 void SetUpOnMainThread() override { |
3618 CertVerifierBrowserTest::SetUpOnMainThread(); | 3665 CertVerifierBrowserTest::SetUpOnMainThread(); |
3619 host_resolver()->AddRule("*", "127.0.0.1"); | 3666 host_resolver()->AddRule("*", "127.0.0.1"); |
| 3667 content::BrowserThread::PostTask( |
| 3668 content::BrowserThread::IO, FROM_HERE, |
| 3669 base::Bind(&SetUpHttpNameMismatchPingInterceptorOnIOThread)); |
| 3670 } |
| 3671 |
| 3672 void TearDownOnMainThread() override { |
| 3673 content::BrowserThread::PostTask(content::BrowserThread::IO, FROM_HERE, |
| 3674 base::Bind(&CleanUpOnIOThread)); |
| 3675 CertVerifierBrowserTest::TearDownOnMainThread(); |
3620 } | 3676 } |
3621 }; | 3677 }; |
3622 | 3678 |
3623 // Visit the URL www.mail.example.com on a server that presents a valid | 3679 // Visit the URL www.mail.example.com on a server that presents a valid |
3624 // certificate for mail.example.com. Verify that the page navigates to | 3680 // certificate for mail.example.com. Verify that the page navigates to |
3625 // mail.example.com. | 3681 // mail.example.com. |
3626 IN_PROC_BROWSER_TEST_F(CommonNameMismatchBrowserTest, | 3682 IN_PROC_BROWSER_TEST_F(CommonNameMismatchBrowserTest, |
3627 ShouldShowWWWSubdomainMismatchInterstitial) { | 3683 ShouldShowWWWSubdomainMismatchInterstitial) { |
3628 net::EmbeddedTestServer https_server_example_domain_( | 3684 net::EmbeddedTestServer https_server_example_domain( |
3629 net::EmbeddedTestServer::TYPE_HTTPS); | 3685 net::EmbeddedTestServer::TYPE_HTTPS); |
3630 https_server_example_domain_.ServeFilesFromSourceDirectory( | 3686 https_server_example_domain.ServeFilesFromSourceDirectory( |
3631 base::FilePath(kDocRoot)); | 3687 base::FilePath(kDocRoot)); |
3632 ASSERT_TRUE(https_server_example_domain_.Start()); | 3688 ASSERT_TRUE(https_server_example_domain.Start()); |
3633 | 3689 |
3634 scoped_refptr<net::X509Certificate> cert = | 3690 scoped_refptr<net::X509Certificate> cert = |
3635 https_server_example_domain_.GetCertificate(); | 3691 https_server_example_domain.GetCertificate(); |
3636 | 3692 |
3637 // Use the "spdy_pooling.pem" cert which has "mail.example.com" | 3693 // Use the "spdy_pooling.pem" cert which has "mail.example.com" |
3638 // as one of its SANs. | 3694 // as one of its SANs. |
3639 net::CertVerifyResult verify_result; | 3695 net::CertVerifyResult verify_result; |
3640 verify_result.verified_cert = | 3696 verify_result.verified_cert = |
3641 net::ImportCertFromFile(net::GetTestCertsDirectory(), "spdy_pooling.pem"); | 3697 net::ImportCertFromFile(net::GetTestCertsDirectory(), "spdy_pooling.pem"); |
3642 verify_result.cert_status = net::CERT_STATUS_COMMON_NAME_INVALID; | 3698 verify_result.cert_status = net::CERT_STATUS_COMMON_NAME_INVALID; |
3643 | 3699 |
3644 // Request to "www.mail.example.com" should result in | 3700 // Request to "www.mail.example.com" should result in |
3645 // |net::ERR_CERT_COMMON_NAME_INVALID| error. | 3701 // |net::ERR_CERT_COMMON_NAME_INVALID| error. |
3646 mock_cert_verifier()->AddResultForCertAndHost( | 3702 mock_cert_verifier()->AddResultForCertAndHost( |
3647 cert.get(), "www.mail.example.com", verify_result, | 3703 cert.get(), "www.mail.example.com", verify_result, |
3648 net::ERR_CERT_COMMON_NAME_INVALID); | 3704 net::ERR_CERT_COMMON_NAME_INVALID); |
3649 | 3705 |
3650 net::CertVerifyResult verify_result_valid; | 3706 net::CertVerifyResult verify_result_valid; |
3651 verify_result_valid.verified_cert = | 3707 verify_result_valid.verified_cert = |
3652 net::ImportCertFromFile(net::GetTestCertsDirectory(), "spdy_pooling.pem"); | 3708 net::ImportCertFromFile(net::GetTestCertsDirectory(), "spdy_pooling.pem"); |
3653 // Request to "www.mail.example.com" should not result in any error. | 3709 // Request to "www.mail.example.com" should not result in any error. |
3654 mock_cert_verifier()->AddResultForCertAndHost(cert.get(), "mail.example.com", | 3710 mock_cert_verifier()->AddResultForCertAndHost(cert.get(), "mail.example.com", |
3655 verify_result_valid, net::OK); | 3711 verify_result_valid, net::OK); |
3656 | 3712 |
3657 // Use a complex URL to ensure the path, etc., are preserved. The path itself | 3713 // Use a complex URL to ensure the path, etc., are preserved. The path itself |
3658 // does not matter. | 3714 // does not matter. |
3659 GURL https_server_url = | 3715 const GURL https_server_url = |
3660 https_server_example_domain_.GetURL("/ssl/google.html?a=b#anchor"); | 3716 https_server_example_domain.GetURL("/ssl/google.html?a=b#anchor"); |
3661 GURL::Replacements replacements; | 3717 GURL::Replacements replacements; |
3662 replacements.SetHostStr("www.mail.example.com"); | 3718 replacements.SetHostStr("www.mail.example.com"); |
3663 GURL https_server_mismatched_url = | 3719 const GURL https_server_mismatched_url = |
3664 https_server_url.ReplaceComponents(replacements); | 3720 https_server_url.ReplaceComponents(replacements); |
3665 | 3721 |
3666 WebContents* contents = browser()->tab_strip_model()->GetActiveWebContents(); | 3722 WebContents* contents = browser()->tab_strip_model()->GetActiveWebContents(); |
3667 content::TestNavigationObserver observer( | 3723 content::TestNavigationObserver observer( |
3668 contents, | 3724 contents, |
3669 // With PlzNavigate, the renderer only sees one navigation (i.e. not the | 3725 // With PlzNavigate, the renderer only sees one navigation (i.e. not the |
3670 // redirect, since that happens in the browser). | 3726 // redirect, since that happens in the browser). |
3671 content::IsBrowserSideNavigationEnabled() ? 1 : 2); | 3727 content::IsBrowserSideNavigationEnabled() ? 1 : 2); |
3672 ui_test_utils::NavigateToURL(browser(), https_server_mismatched_url); | 3728 ui_test_utils::NavigateToURL(browser(), https_server_mismatched_url); |
3673 observer.Wait(); | 3729 observer.Wait(); |
3674 | 3730 |
3675 CheckSecurityState(contents, CertError::NONE, security_state::SECURE, | 3731 CheckSecurityState(contents, CertError::NONE, security_state::SECURE, |
3676 AuthState::NONE); | 3732 AuthState::NONE); |
3677 replacements.SetHostStr("mail.example.com"); | 3733 replacements.SetHostStr("mail.example.com"); |
3678 GURL https_server_new_url = https_server_url.ReplaceComponents(replacements); | 3734 GURL https_server_new_url = https_server_url.ReplaceComponents(replacements); |
3679 // Verify that the current URL is the suggested URL. | 3735 // Verify that the current URL is the suggested URL. |
3680 EXPECT_EQ(https_server_new_url.spec(), | 3736 EXPECT_EQ(https_server_new_url.spec(), |
3681 contents->GetLastCommittedURL().spec()); | 3737 contents->GetLastCommittedURL().spec()); |
3682 } | 3738 } |
3683 | 3739 |
3684 // Visit the URL example.org on a server that presents a valid certificate | 3740 // Visit the URL example.org on a server that presents a valid certificate |
3685 // for www.example.org. Verify that the page redirects to www.example.org. | 3741 // for www.example.org. Verify that the page redirects to www.example.org. |
3686 IN_PROC_BROWSER_TEST_F(CommonNameMismatchBrowserTest, | 3742 IN_PROC_BROWSER_TEST_F(CommonNameMismatchBrowserTest, |
3687 CheckWWWSubdomainMismatchInverse) { | 3743 CheckWWWSubdomainMismatchInverse) { |
3688 net::EmbeddedTestServer https_server_example_domain_( | 3744 net::EmbeddedTestServer https_server_example_domain( |
3689 net::EmbeddedTestServer::TYPE_HTTPS); | 3745 net::EmbeddedTestServer::TYPE_HTTPS); |
3690 https_server_example_domain_.ServeFilesFromSourceDirectory( | 3746 https_server_example_domain.ServeFilesFromSourceDirectory( |
3691 base::FilePath(kDocRoot)); | 3747 base::FilePath(kDocRoot)); |
3692 ASSERT_TRUE(https_server_example_domain_.Start()); | 3748 ASSERT_TRUE(https_server_example_domain.Start()); |
3693 | 3749 |
3694 scoped_refptr<net::X509Certificate> cert = | 3750 scoped_refptr<net::X509Certificate> cert = |
3695 https_server_example_domain_.GetCertificate(); | 3751 https_server_example_domain.GetCertificate(); |
3696 | 3752 |
3697 net::CertVerifyResult verify_result; | 3753 net::CertVerifyResult verify_result; |
3698 verify_result.verified_cert = | 3754 verify_result.verified_cert = |
3699 net::ImportCertFromFile(net::GetTestCertsDirectory(), "spdy_pooling.pem"); | 3755 net::ImportCertFromFile(net::GetTestCertsDirectory(), "spdy_pooling.pem"); |
3700 verify_result.cert_status = net::CERT_STATUS_COMMON_NAME_INVALID; | 3756 verify_result.cert_status = net::CERT_STATUS_COMMON_NAME_INVALID; |
3701 | 3757 |
3702 mock_cert_verifier()->AddResultForCertAndHost( | 3758 mock_cert_verifier()->AddResultForCertAndHost( |
3703 cert.get(), "example.org", verify_result, | 3759 cert.get(), "example.org", verify_result, |
3704 net::ERR_CERT_COMMON_NAME_INVALID); | 3760 net::ERR_CERT_COMMON_NAME_INVALID); |
3705 | 3761 |
3706 net::CertVerifyResult verify_result_valid; | 3762 net::CertVerifyResult verify_result_valid; |
3707 verify_result_valid.verified_cert = | 3763 verify_result_valid.verified_cert = |
3708 net::ImportCertFromFile(net::GetTestCertsDirectory(), "spdy_pooling.pem"); | 3764 net::ImportCertFromFile(net::GetTestCertsDirectory(), "spdy_pooling.pem"); |
3709 mock_cert_verifier()->AddResultForCertAndHost(cert.get(), "www.example.org", | 3765 mock_cert_verifier()->AddResultForCertAndHost(cert.get(), "www.example.org", |
3710 verify_result_valid, net::OK); | 3766 verify_result_valid, net::OK); |
3711 | 3767 |
3712 GURL https_server_url = | 3768 const GURL https_server_url = |
3713 https_server_example_domain_.GetURL("/ssl/google.html?a=b"); | 3769 https_server_example_domain.GetURL("/ssl/google.html?a=b"); |
3714 GURL::Replacements replacements; | 3770 GURL::Replacements replacements; |
3715 replacements.SetHostStr("example.org"); | 3771 replacements.SetHostStr("example.org"); |
3716 GURL https_server_mismatched_url = | 3772 const GURL https_server_mismatched_url = |
3717 https_server_url.ReplaceComponents(replacements); | 3773 https_server_url.ReplaceComponents(replacements); |
3718 | 3774 |
3719 WebContents* contents = browser()->tab_strip_model()->GetActiveWebContents(); | 3775 WebContents* contents = browser()->tab_strip_model()->GetActiveWebContents(); |
3720 content::TestNavigationObserver observer( | 3776 content::TestNavigationObserver observer( |
3721 contents, | 3777 contents, |
3722 // With PlzNavigate, the renderer only sees one navigation (i.e. not the | 3778 // With PlzNavigate, the renderer only sees one navigation (i.e. not the |
3723 // redirect, since that happens in the browser). | 3779 // redirect, since that happens in the browser). |
3724 content::IsBrowserSideNavigationEnabled() ? 1 : 2); | 3780 content::IsBrowserSideNavigationEnabled() ? 1 : 2); |
3725 ui_test_utils::NavigateToURL(browser(), https_server_mismatched_url); | 3781 ui_test_utils::NavigateToURL(browser(), https_server_mismatched_url); |
3726 observer.Wait(); | 3782 observer.Wait(); |
3727 | 3783 |
3728 CheckSecurityState(contents, CertError::NONE, security_state::SECURE, | 3784 CheckSecurityState(contents, CertError::NONE, security_state::SECURE, |
3729 AuthState::NONE); | 3785 AuthState::NONE); |
3730 } | 3786 } |
3731 | 3787 |
| 3788 namespace { |
| 3789 // Redirects incoming request to http://example.org. |
| 3790 std::unique_ptr<net::test_server::HttpResponse> HTTPSToHTTPRedirectHandler( |
| 3791 const net::EmbeddedTestServer* test_server, |
| 3792 const net::test_server::HttpRequest& request) { |
| 3793 GURL::Replacements replacements; |
| 3794 replacements.SetHostStr("example.org"); |
| 3795 replacements.SetSchemeStr("http"); |
| 3796 const GURL redirect_url = |
| 3797 test_server->base_url().ReplaceComponents(replacements); |
| 3798 |
| 3799 std::unique_ptr<net::test_server::BasicHttpResponse> http_response( |
| 3800 new net::test_server::BasicHttpResponse); |
| 3801 http_response->set_code(net::HTTP_MOVED_PERMANENTLY); |
| 3802 http_response->AddCustomHeader("Location", redirect_url.spec()); |
| 3803 return std::move(http_response); |
| 3804 } |
| 3805 } // namespace |
| 3806 |
| 3807 // Common name mismatch handling feature should ignore redirects when pinging |
| 3808 // the suggested hostname. Visit the URL example.org on a server that presents a |
| 3809 // valid certificate for www.example.org. In this case, www.example.org |
| 3810 // redirects to http://example.org, and the SSL error should not be redirected |
| 3811 // to this URL. |
| 3812 IN_PROC_BROWSER_TEST_F(CommonNameMismatchBrowserTest, |
| 3813 WWWSubdomainMismatch_StopOnRedirects) { |
| 3814 net::EmbeddedTestServer https_server_example_domain( |
| 3815 net::EmbeddedTestServer::TYPE_HTTPS); |
| 3816 |
| 3817 // Redirect all URLs to http://example.org. Since this test will trigger only |
| 3818 // one request to check the suggested URL, redirecting all requests is OK. |
| 3819 // We would normally use content::SetupCrossSiteRedirector here, but that |
| 3820 // function does not support https to http redirects. |
| 3821 // This must be done before ServeFilesFromSourceDirectory(), otherwise the |
| 3822 // test server will serve files instead of redirecting requests to them. |
| 3823 https_server_example_domain.RegisterRequestHandler( |
| 3824 base::Bind(&HTTPSToHTTPRedirectHandler, &https_server_example_domain)); |
| 3825 |
| 3826 https_server_example_domain.ServeFilesFromSourceDirectory( |
| 3827 base::FilePath(kDocRoot)); |
| 3828 |
| 3829 ASSERT_TRUE(https_server_example_domain.Start()); |
| 3830 |
| 3831 scoped_refptr<net::X509Certificate> cert = |
| 3832 https_server_example_domain.GetCertificate(); |
| 3833 |
| 3834 net::CertVerifyResult verify_result; |
| 3835 verify_result.verified_cert = |
| 3836 net::ImportCertFromFile(net::GetTestCertsDirectory(), "spdy_pooling.pem"); |
| 3837 verify_result.cert_status = net::CERT_STATUS_COMMON_NAME_INVALID; |
| 3838 |
| 3839 mock_cert_verifier()->AddResultForCertAndHost( |
| 3840 cert.get(), "example.org", verify_result, |
| 3841 net::ERR_CERT_COMMON_NAME_INVALID); |
| 3842 |
| 3843 net::CertVerifyResult verify_result_valid; |
| 3844 verify_result_valid.verified_cert = |
| 3845 net::ImportCertFromFile(net::GetTestCertsDirectory(), "spdy_pooling.pem"); |
| 3846 mock_cert_verifier()->AddResultForCertAndHost(cert.get(), "www.example.org", |
| 3847 verify_result_valid, net::OK); |
| 3848 |
| 3849 // The user will visit https://example.org:port/ssl/blank.html. |
| 3850 GURL::Replacements replacements; |
| 3851 replacements.SetHostStr("example.org"); |
| 3852 const GURL https_server_mismatched_url = |
| 3853 https_server_example_domain.GetURL("/ssl/blank.html") |
| 3854 .ReplaceComponents(replacements); |
| 3855 |
| 3856 // Should simply show an interstitial, because the suggested URL |
| 3857 // (https://www.example.org) redirected to http://example.org. |
| 3858 WebContents* contents = browser()->tab_strip_model()->GetActiveWebContents(); |
| 3859 ui_test_utils::NavigateToURL(browser(), https_server_mismatched_url); |
| 3860 WaitForInterstitialAttach(contents); |
| 3861 |
| 3862 CheckSecurityState(contents, net::CERT_STATUS_COMMON_NAME_INVALID, |
| 3863 security_state::DANGEROUS, |
| 3864 AuthState::SHOWING_INTERSTITIAL); |
| 3865 } |
| 3866 |
3732 // Tests this scenario: | 3867 // Tests this scenario: |
3733 // - |CommonNameMismatchHandler| does not give a callback as it's set into the | 3868 // - |CommonNameMismatchHandler| does not give a callback as it's set into the |
3734 // state |IGNORE_REQUESTS_FOR_TESTING|. So no suggested URL check result can | 3869 // state |IGNORE_REQUESTS_FOR_TESTING|. So no suggested URL check result can |
3735 // arrive. | 3870 // arrive. |
3736 // - A cert error triggers an interstitial timer with a very long timeout. | 3871 // - A cert error triggers an interstitial timer with a very long timeout. |
3737 // - No suggested URL check results arrive, causing the tab to appear as loading | 3872 // - No suggested URL check results arrive, causing the tab to appear as loading |
3738 // indefinitely (also because the timer has a long timeout). | 3873 // indefinitely (also because the timer has a long timeout). |
3739 // - Stopping the page load shouldn't result in any interstitials. | 3874 // - Stopping the page load shouldn't result in any interstitials. |
3740 IN_PROC_BROWSER_TEST_F(CommonNameMismatchBrowserTest, | 3875 IN_PROC_BROWSER_TEST_F(CommonNameMismatchBrowserTest, |
3741 InterstitialStopNavigationWhileLoading) { | 3876 InterstitialStopNavigationWhileLoading) { |
3742 net::EmbeddedTestServer https_server_example_domain_( | 3877 net::EmbeddedTestServer https_server_example_domain( |
3743 net::EmbeddedTestServer::TYPE_HTTPS); | 3878 net::EmbeddedTestServer::TYPE_HTTPS); |
3744 https_server_example_domain_.ServeFilesFromSourceDirectory( | 3879 https_server_example_domain.ServeFilesFromSourceDirectory( |
3745 base::FilePath(kDocRoot)); | 3880 base::FilePath(kDocRoot)); |
3746 ASSERT_TRUE(https_server_example_domain_.Start()); | 3881 ASSERT_TRUE(https_server_example_domain.Start()); |
3747 | 3882 |
3748 scoped_refptr<net::X509Certificate> cert = | 3883 scoped_refptr<net::X509Certificate> cert = |
3749 https_server_example_domain_.GetCertificate(); | 3884 https_server_example_domain.GetCertificate(); |
3750 | 3885 |
3751 net::CertVerifyResult verify_result; | 3886 net::CertVerifyResult verify_result; |
3752 verify_result.verified_cert = | 3887 verify_result.verified_cert = |
3753 net::ImportCertFromFile(net::GetTestCertsDirectory(), "spdy_pooling.pem"); | 3888 net::ImportCertFromFile(net::GetTestCertsDirectory(), "spdy_pooling.pem"); |
3754 verify_result.cert_status = net::CERT_STATUS_COMMON_NAME_INVALID; | 3889 verify_result.cert_status = net::CERT_STATUS_COMMON_NAME_INVALID; |
3755 | 3890 |
3756 mock_cert_verifier()->AddResultForCertAndHost( | 3891 mock_cert_verifier()->AddResultForCertAndHost( |
3757 cert.get(), "www.mail.example.com", verify_result, | 3892 cert.get(), "www.mail.example.com", verify_result, |
3758 net::ERR_CERT_COMMON_NAME_INVALID); | 3893 net::ERR_CERT_COMMON_NAME_INVALID); |
3759 | 3894 |
3760 net::CertVerifyResult verify_result_valid; | 3895 net::CertVerifyResult verify_result_valid; |
3761 verify_result_valid.verified_cert = | 3896 verify_result_valid.verified_cert = |
3762 net::ImportCertFromFile(net::GetTestCertsDirectory(), "spdy_pooling.pem"); | 3897 net::ImportCertFromFile(net::GetTestCertsDirectory(), "spdy_pooling.pem"); |
3763 mock_cert_verifier()->AddResultForCertAndHost(cert.get(), "mail.example.com", | 3898 mock_cert_verifier()->AddResultForCertAndHost(cert.get(), "mail.example.com", |
3764 verify_result_valid, net::OK); | 3899 verify_result_valid, net::OK); |
3765 | 3900 |
3766 GURL https_server_url = | 3901 const GURL https_server_url = |
3767 https_server_example_domain_.GetURL("/ssl/google.html?a=b"); | 3902 https_server_example_domain.GetURL("/ssl/google.html?a=b"); |
3768 GURL::Replacements replacements; | 3903 GURL::Replacements replacements; |
3769 replacements.SetHostStr("www.mail.example.com"); | 3904 replacements.SetHostStr("www.mail.example.com"); |
3770 GURL https_server_mismatched_url = | 3905 const GURL https_server_mismatched_url = |
3771 https_server_url.ReplaceComponents(replacements); | 3906 https_server_url.ReplaceComponents(replacements); |
3772 | 3907 |
3773 WebContents* contents = browser()->tab_strip_model()->GetActiveWebContents(); | 3908 WebContents* contents = browser()->tab_strip_model()->GetActiveWebContents(); |
3774 CommonNameMismatchHandler::set_state_for_testing( | 3909 CommonNameMismatchHandler::set_state_for_testing( |
3775 CommonNameMismatchHandler::IGNORE_REQUESTS_FOR_TESTING); | 3910 CommonNameMismatchHandler::IGNORE_REQUESTS_FOR_TESTING); |
3776 // Set delay long enough so that the page appears loading. | 3911 // Set delay long enough so that the page appears loading. |
3777 SSLErrorHandler::SetInterstitialDelayForTesting( | 3912 SSLErrorHandler::SetInterstitialDelayForTesting( |
3778 base::TimeDelta::FromHours(1)); | 3913 base::TimeDelta::FromHours(1)); |
3779 SSLInterstitialTimerObserver interstitial_timer_observer(contents); | 3914 SSLInterstitialTimerObserver interstitial_timer_observer(contents); |
3780 | 3915 |
(...skipping 14 matching lines...) Expand all Loading... |
3795 // Make sure that the |SSLErrorHandler| is deleted. | 3930 // Make sure that the |SSLErrorHandler| is deleted. |
3796 EXPECT_FALSE(ssl_error_handler); | 3931 EXPECT_FALSE(ssl_error_handler); |
3797 EXPECT_FALSE(contents->ShowingInterstitialPage()); | 3932 EXPECT_FALSE(contents->ShowingInterstitialPage()); |
3798 EXPECT_FALSE(contents->IsLoading()); | 3933 EXPECT_FALSE(contents->IsLoading()); |
3799 } | 3934 } |
3800 | 3935 |
3801 // Same as above, but instead of stopping, the loading page is reloaded. The end | 3936 // Same as above, but instead of stopping, the loading page is reloaded. The end |
3802 // result is the same. (i.e. page load stops, no interstitials shown) | 3937 // result is the same. (i.e. page load stops, no interstitials shown) |
3803 IN_PROC_BROWSER_TEST_F(CommonNameMismatchBrowserTest, | 3938 IN_PROC_BROWSER_TEST_F(CommonNameMismatchBrowserTest, |
3804 InterstitialReloadNavigationWhileLoading) { | 3939 InterstitialReloadNavigationWhileLoading) { |
3805 net::EmbeddedTestServer https_server_example_domain_( | 3940 net::EmbeddedTestServer https_server_example_domain( |
3806 net::EmbeddedTestServer::TYPE_HTTPS); | 3941 net::EmbeddedTestServer::TYPE_HTTPS); |
3807 https_server_example_domain_.ServeFilesFromSourceDirectory( | 3942 https_server_example_domain.ServeFilesFromSourceDirectory( |
3808 base::FilePath(kDocRoot)); | 3943 base::FilePath(kDocRoot)); |
3809 ASSERT_TRUE(https_server_example_domain_.Start()); | 3944 ASSERT_TRUE(https_server_example_domain.Start()); |
3810 | 3945 |
3811 scoped_refptr<net::X509Certificate> cert = | 3946 scoped_refptr<net::X509Certificate> cert = |
3812 https_server_example_domain_.GetCertificate(); | 3947 https_server_example_domain.GetCertificate(); |
3813 | 3948 |
3814 net::CertVerifyResult verify_result; | 3949 net::CertVerifyResult verify_result; |
3815 verify_result.verified_cert = | 3950 verify_result.verified_cert = |
3816 net::ImportCertFromFile(net::GetTestCertsDirectory(), "spdy_pooling.pem"); | 3951 net::ImportCertFromFile(net::GetTestCertsDirectory(), "spdy_pooling.pem"); |
3817 verify_result.cert_status = net::CERT_STATUS_COMMON_NAME_INVALID; | 3952 verify_result.cert_status = net::CERT_STATUS_COMMON_NAME_INVALID; |
3818 | 3953 |
3819 mock_cert_verifier()->AddResultForCertAndHost( | 3954 mock_cert_verifier()->AddResultForCertAndHost( |
3820 cert.get(), "www.mail.example.com", verify_result, | 3955 cert.get(), "www.mail.example.com", verify_result, |
3821 net::ERR_CERT_COMMON_NAME_INVALID); | 3956 net::ERR_CERT_COMMON_NAME_INVALID); |
3822 | 3957 |
3823 net::CertVerifyResult verify_result_valid; | 3958 net::CertVerifyResult verify_result_valid; |
3824 verify_result_valid.verified_cert = | 3959 verify_result_valid.verified_cert = |
3825 net::ImportCertFromFile(net::GetTestCertsDirectory(), "spdy_pooling.pem"); | 3960 net::ImportCertFromFile(net::GetTestCertsDirectory(), "spdy_pooling.pem"); |
3826 mock_cert_verifier()->AddResultForCertAndHost(cert.get(), "mail.example.com", | 3961 mock_cert_verifier()->AddResultForCertAndHost(cert.get(), "mail.example.com", |
3827 verify_result_valid, net::OK); | 3962 verify_result_valid, net::OK); |
3828 | 3963 |
3829 GURL https_server_url = | 3964 const GURL https_server_url = |
3830 https_server_example_domain_.GetURL("/ssl/google.html?a=b"); | 3965 https_server_example_domain.GetURL("/ssl/google.html?a=b"); |
3831 GURL::Replacements replacements; | 3966 GURL::Replacements replacements; |
3832 replacements.SetHostStr("www.mail.example.com"); | 3967 replacements.SetHostStr("www.mail.example.com"); |
3833 GURL https_server_mismatched_url = | 3968 const GURL https_server_mismatched_url = |
3834 https_server_url.ReplaceComponents(replacements); | 3969 https_server_url.ReplaceComponents(replacements); |
3835 | 3970 |
3836 WebContents* contents = browser()->tab_strip_model()->GetActiveWebContents(); | 3971 WebContents* contents = browser()->tab_strip_model()->GetActiveWebContents(); |
3837 CommonNameMismatchHandler::set_state_for_testing( | 3972 CommonNameMismatchHandler::set_state_for_testing( |
3838 CommonNameMismatchHandler::IGNORE_REQUESTS_FOR_TESTING); | 3973 CommonNameMismatchHandler::IGNORE_REQUESTS_FOR_TESTING); |
3839 // Set delay long enough so that the page appears loading. | 3974 // Set delay long enough so that the page appears loading. |
3840 SSLErrorHandler::SetInterstitialDelayForTesting( | 3975 SSLErrorHandler::SetInterstitialDelayForTesting( |
3841 base::TimeDelta::FromHours(1)); | 3976 base::TimeDelta::FromHours(1)); |
3842 SSLInterstitialTimerObserver interstitial_timer_observer(contents); | 3977 SSLInterstitialTimerObserver interstitial_timer_observer(contents); |
3843 | 3978 |
(...skipping 12 matching lines...) Expand all Loading... |
3856 // Make sure that the |SSLErrorHandler| is deleted. | 3991 // Make sure that the |SSLErrorHandler| is deleted. |
3857 EXPECT_FALSE(ssl_error_handler); | 3992 EXPECT_FALSE(ssl_error_handler); |
3858 EXPECT_FALSE(contents->ShowingInterstitialPage()); | 3993 EXPECT_FALSE(contents->ShowingInterstitialPage()); |
3859 EXPECT_FALSE(contents->IsLoading()); | 3994 EXPECT_FALSE(contents->IsLoading()); |
3860 } | 3995 } |
3861 | 3996 |
3862 // Same as above, but instead of reloading, the page is navigated away. The | 3997 // Same as above, but instead of reloading, the page is navigated away. The |
3863 // new page should load, and no interstitials should be shown. | 3998 // new page should load, and no interstitials should be shown. |
3864 IN_PROC_BROWSER_TEST_F(CommonNameMismatchBrowserTest, | 3999 IN_PROC_BROWSER_TEST_F(CommonNameMismatchBrowserTest, |
3865 InterstitialNavigateAwayWhileLoading) { | 4000 InterstitialNavigateAwayWhileLoading) { |
3866 net::EmbeddedTestServer https_server_example_domain_( | 4001 net::EmbeddedTestServer https_server_example_domain( |
3867 net::EmbeddedTestServer::TYPE_HTTPS); | 4002 net::EmbeddedTestServer::TYPE_HTTPS); |
3868 https_server_example_domain_.ServeFilesFromSourceDirectory( | 4003 https_server_example_domain.ServeFilesFromSourceDirectory( |
3869 base::FilePath(kDocRoot)); | 4004 base::FilePath(kDocRoot)); |
3870 ASSERT_TRUE(https_server_example_domain_.Start()); | 4005 ASSERT_TRUE(https_server_example_domain.Start()); |
3871 | 4006 |
3872 scoped_refptr<net::X509Certificate> cert = | 4007 scoped_refptr<net::X509Certificate> cert = |
3873 https_server_example_domain_.GetCertificate(); | 4008 https_server_example_domain.GetCertificate(); |
3874 | 4009 |
3875 net::CertVerifyResult verify_result; | 4010 net::CertVerifyResult verify_result; |
3876 verify_result.verified_cert = | 4011 verify_result.verified_cert = |
3877 net::ImportCertFromFile(net::GetTestCertsDirectory(), "spdy_pooling.pem"); | 4012 net::ImportCertFromFile(net::GetTestCertsDirectory(), "spdy_pooling.pem"); |
3878 verify_result.cert_status = net::CERT_STATUS_COMMON_NAME_INVALID; | 4013 verify_result.cert_status = net::CERT_STATUS_COMMON_NAME_INVALID; |
3879 | 4014 |
3880 mock_cert_verifier()->AddResultForCertAndHost( | 4015 mock_cert_verifier()->AddResultForCertAndHost( |
3881 cert.get(), "www.mail.example.com", verify_result, | 4016 cert.get(), "www.mail.example.com", verify_result, |
3882 net::ERR_CERT_COMMON_NAME_INVALID); | 4017 net::ERR_CERT_COMMON_NAME_INVALID); |
3883 | 4018 |
3884 net::CertVerifyResult verify_result_valid; | 4019 net::CertVerifyResult verify_result_valid; |
3885 verify_result_valid.verified_cert = | 4020 verify_result_valid.verified_cert = |
3886 net::ImportCertFromFile(net::GetTestCertsDirectory(), "spdy_pooling.pem"); | 4021 net::ImportCertFromFile(net::GetTestCertsDirectory(), "spdy_pooling.pem"); |
3887 mock_cert_verifier()->AddResultForCertAndHost(cert.get(), "mail.example.com", | 4022 mock_cert_verifier()->AddResultForCertAndHost(cert.get(), "mail.example.com", |
3888 verify_result_valid, net::OK); | 4023 verify_result_valid, net::OK); |
3889 | 4024 |
3890 GURL https_server_url = | 4025 const GURL https_server_url = |
3891 https_server_example_domain_.GetURL("/ssl/google.html?a=b"); | 4026 https_server_example_domain.GetURL("/ssl/google.html?a=b"); |
3892 GURL::Replacements replacements; | 4027 GURL::Replacements replacements; |
3893 replacements.SetHostStr("www.mail.example.com"); | 4028 replacements.SetHostStr("www.mail.example.com"); |
3894 GURL https_server_mismatched_url = | 4029 const GURL https_server_mismatched_url = |
3895 https_server_url.ReplaceComponents(replacements); | 4030 https_server_url.ReplaceComponents(replacements); |
3896 | 4031 |
3897 WebContents* contents = browser()->tab_strip_model()->GetActiveWebContents(); | 4032 WebContents* contents = browser()->tab_strip_model()->GetActiveWebContents(); |
3898 CommonNameMismatchHandler::set_state_for_testing( | 4033 CommonNameMismatchHandler::set_state_for_testing( |
3899 CommonNameMismatchHandler::IGNORE_REQUESTS_FOR_TESTING); | 4034 CommonNameMismatchHandler::IGNORE_REQUESTS_FOR_TESTING); |
3900 // Set delay long enough so that the page appears loading. | 4035 // Set delay long enough so that the page appears loading. |
3901 SSLErrorHandler::SetInterstitialDelayForTesting( | 4036 SSLErrorHandler::SetInterstitialDelayForTesting( |
3902 base::TimeDelta::FromHours(1)); | 4037 base::TimeDelta::FromHours(1)); |
3903 SSLInterstitialTimerObserver interstitial_timer_observer(contents); | 4038 SSLInterstitialTimerObserver interstitial_timer_observer(contents); |
3904 | 4039 |
(...skipping 851 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
4756 | 4891 |
4757 // Visit a page over https that contains a frame with a redirect. | 4892 // Visit a page over https that contains a frame with a redirect. |
4758 | 4893 |
4759 // XMLHttpRequest insecure content in synchronous mode. | 4894 // XMLHttpRequest insecure content in synchronous mode. |
4760 | 4895 |
4761 // XMLHttpRequest insecure content in asynchronous mode. | 4896 // XMLHttpRequest insecure content in asynchronous mode. |
4762 | 4897 |
4763 // XMLHttpRequest over bad ssl in synchronous mode. | 4898 // XMLHttpRequest over bad ssl in synchronous mode. |
4764 | 4899 |
4765 // XMLHttpRequest over OK ssl in synchronous mode. | 4900 // XMLHttpRequest over OK ssl in synchronous mode. |
OLD | NEW |