OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <utility> | 5 #include <utility> |
6 | 6 |
7 #include "base/base_switches.h" | 7 #include "base/base_switches.h" |
8 #include "base/bind.h" | 8 #include "base/bind.h" |
9 #include "base/bind_helpers.h" | 9 #include "base/bind_helpers.h" |
10 #include "base/callback.h" | 10 #include "base/callback.h" |
(...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
74 #include "content/public/browser/notification_details.h" | 74 #include "content/public/browser/notification_details.h" |
75 #include "content/public/browser/notification_service.h" | 75 #include "content/public/browser/notification_service.h" |
76 #include "content/public/browser/render_frame_host.h" | 76 #include "content/public/browser/render_frame_host.h" |
77 #include "content/public/browser/render_view_host.h" | 77 #include "content/public/browser/render_view_host.h" |
78 #include "content/public/browser/render_widget_host_view.h" | 78 #include "content/public/browser/render_widget_host_view.h" |
79 #include "content/public/browser/restore_type.h" | 79 #include "content/public/browser/restore_type.h" |
80 #include "content/public/browser/ssl_status.h" | 80 #include "content/public/browser/ssl_status.h" |
81 #include "content/public/browser/web_contents.h" | 81 #include "content/public/browser/web_contents.h" |
82 #include "content/public/browser/web_contents_observer.h" | 82 #include "content/public/browser/web_contents_observer.h" |
83 #include "content/public/common/browser_side_navigation_policy.h" | 83 #include "content/public/common/browser_side_navigation_policy.h" |
84 #include "content/public/common/content_features.h" | |
84 #include "content/public/common/content_switches.h" | 85 #include "content/public/common/content_switches.h" |
85 #include "content/public/common/page_state.h" | 86 #include "content/public/common/page_state.h" |
86 #include "content/public/test/browser_test_utils.h" | 87 #include "content/public/test/browser_test_utils.h" |
87 #include "content/public/test/download_test_observer.h" | 88 #include "content/public/test/download_test_observer.h" |
88 #include "content/public/test/test_navigation_observer.h" | 89 #include "content/public/test/test_navigation_observer.h" |
89 #include "content/public/test/test_renderer_host.h" | 90 #include "content/public/test/test_renderer_host.h" |
90 #include "content/public/test/test_utils.h" | 91 #include "content/public/test/test_utils.h" |
91 #include "crypto/sha2.h" | 92 #include "crypto/sha2.h" |
92 #include "net/base/host_port_pair.h" | 93 #include "net/base/host_port_pair.h" |
93 #include "net/base/io_buffer.h" | 94 #include "net/base/io_buffer.h" |
(...skipping 384 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
478 | 479 |
479 // Substitute the generated frame_left URL into the top_frame page. | 480 // Substitute the generated frame_left URL into the top_frame page. |
480 base::StringPairs replacement_text_top_frame; | 481 base::StringPairs replacement_text_top_frame; |
481 replacement_text_top_frame.push_back( | 482 replacement_text_top_frame.push_back( |
482 make_pair("REPLACE_WITH_FRAME_LEFT_PATH", frame_left_path)); | 483 make_pair("REPLACE_WITH_FRAME_LEFT_PATH", frame_left_path)); |
483 net::test_server::GetFilePathWithReplacements( | 484 net::test_server::GetFilePathWithReplacements( |
484 "/ssl/top_frame.html", replacement_text_top_frame, top_frame_path); | 485 "/ssl/top_frame.html", replacement_text_top_frame, top_frame_path); |
485 } | 486 } |
486 | 487 |
487 static void GetPageWithUnsafeWorkerPath( | 488 static void GetPageWithUnsafeWorkerPath( |
488 const net::EmbeddedTestServer& https_server, | 489 const std::string& unsafe_worker_path, |
489 std::string* page_with_unsafe_worker_path) { | 490 std::string* page_with_unsafe_worker_path) { |
490 // Get the "imported.js" URL from the expired https server and | |
491 // substitute it into the unsafe_worker.js file. | |
492 GURL imported_js_url = https_server.GetURL("/ssl/imported.js"); | |
493 base::StringPairs replacement_text_for_unsafe_worker; | |
494 replacement_text_for_unsafe_worker.push_back( | |
495 make_pair("REPLACE_WITH_IMPORTED_JS_URL", imported_js_url.spec())); | |
496 std::string unsafe_worker_path; | |
497 net::test_server::GetFilePathWithReplacements( | |
498 "unsafe_worker.js", replacement_text_for_unsafe_worker, | |
499 &unsafe_worker_path); | |
500 | |
501 // Now, substitute this into the page with unsafe worker. | 491 // Now, substitute this into the page with unsafe worker. |
502 base::StringPairs replacement_text_for_page_with_unsafe_worker; | 492 base::StringPairs replacement_text_for_page_with_unsafe_worker; |
503 replacement_text_for_page_with_unsafe_worker.push_back( | 493 replacement_text_for_page_with_unsafe_worker.push_back( |
504 make_pair("REPLACE_WITH_UNSAFE_WORKER_PATH", unsafe_worker_path)); | 494 make_pair("REPLACE_WITH_UNSAFE_WORKER_PATH", unsafe_worker_path)); |
505 net::test_server::GetFilePathWithReplacements( | 495 net::test_server::GetFilePathWithReplacements( |
506 "/ssl/page_with_unsafe_worker.html", | 496 "/ssl/page_with_unsafe_worker.html", |
507 replacement_text_for_page_with_unsafe_worker, | 497 replacement_text_for_page_with_unsafe_worker, |
508 page_with_unsafe_worker_path); | 498 page_with_unsafe_worker_path); |
509 } | 499 } |
510 | 500 |
501 static void GetPageWithUnsafeImportingWorkerPath( | |
502 const net::EmbeddedTestServer& https_server, | |
503 std::string* page_with_unsafe_importing_worker_path) { | |
504 // Get the "imported.js" URL from the expired https server and | |
505 // substitute it into the unsafe_importing_worker.js file. | |
506 GURL imported_js_url = https_server.GetURL("/ssl/imported.js"); | |
507 base::StringPairs replacement_text_for_unsafe_worker; | |
508 replacement_text_for_unsafe_worker.push_back( | |
509 make_pair("REPLACE_WITH_IMPORTED_JS_URL", imported_js_url.spec())); | |
510 std::string unsafe_importing_worker_path; | |
511 net::test_server::GetFilePathWithReplacements( | |
512 "unsafe_importing_worker.js", replacement_text_for_unsafe_worker, | |
513 &unsafe_importing_worker_path); | |
514 GetPageWithUnsafeWorkerPath(unsafe_importing_worker_path, | |
515 page_with_unsafe_importing_worker_path); | |
516 } | |
517 | |
518 static void GetPageWithUnsafeFetchingWorkerPath( | |
519 const net::EmbeddedTestServer& https_server, | |
520 std::string* page_with_unsafe_fetching_worker_path) { | |
521 // Get the "imported.js" URL from the expired https server and | |
522 // substitute it into the unsafe_importing_worker.js file. | |
kinuko
2017/05/18 14:30:21
unsafe_importing_worker -> unsafe_fetching_worker
horo
2017/05/18 14:45:37
Done.
| |
523 GURL test_file_url = https_server.GetURL("/ssl/imported.js"); | |
524 base::StringPairs replacement_text_for_unsafe_worker; | |
525 replacement_text_for_unsafe_worker.push_back( | |
526 make_pair("REPLACE_WITH_TEST_FILE_URL", test_file_url.spec())); | |
527 std::string unsafe_fetcing_worker_path; | |
528 net::test_server::GetFilePathWithReplacements( | |
529 "unsafe_fetching_worker.js", replacement_text_for_unsafe_worker, | |
530 &unsafe_fetcing_worker_path); | |
531 GetPageWithUnsafeWorkerPath(unsafe_fetcing_worker_path, | |
532 page_with_unsafe_fetching_worker_path); | |
533 } | |
534 | |
511 // Helper function for testing invalid certificate chain reporting. | 535 // Helper function for testing invalid certificate chain reporting. |
512 void TestBrokenHTTPSReporting( | 536 void TestBrokenHTTPSReporting( |
513 certificate_reporting_test_utils::OptIn opt_in, | 537 certificate_reporting_test_utils::OptIn opt_in, |
514 ProceedDecision proceed, | 538 ProceedDecision proceed, |
515 certificate_reporting_test_utils::ExpectReport expect_report, | 539 certificate_reporting_test_utils::ExpectReport expect_report, |
516 Browser* browser) { | 540 Browser* browser) { |
517 ASSERT_TRUE(https_server_expired_.Start()); | 541 ASSERT_TRUE(https_server_expired_.Start()); |
518 | 542 |
519 base::RunLoop run_loop; | 543 base::RunLoop run_loop; |
520 certificate_reporting_test_utils::SSLCertReporterCallback reporter_callback( | 544 certificate_reporting_test_utils::SSLCertReporterCallback reporter_callback( |
(...skipping 1926 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
2447 content::RenderFrameHost* content_frame = content::FrameMatchingPredicate( | 2471 content::RenderFrameHost* content_frame = content::FrameMatchingPredicate( |
2448 tab, base::Bind(&content::FrameMatchesName, "contentFrame")); | 2472 tab, base::Bind(&content::FrameMatchesName, "contentFrame")); |
2449 std::string is_evil_js("window.domAutomationController.send(" | 2473 std::string is_evil_js("window.domAutomationController.send(" |
2450 "document.getElementById('evilDiv') != null);"); | 2474 "document.getElementById('evilDiv') != null);"); |
2451 EXPECT_TRUE(content::ExecuteScriptAndExtractBool(content_frame, | 2475 EXPECT_TRUE(content::ExecuteScriptAndExtractBool(content_frame, |
2452 is_evil_js, | 2476 is_evil_js, |
2453 &is_content_evil)); | 2477 &is_content_evil)); |
2454 EXPECT_FALSE(is_content_evil); | 2478 EXPECT_FALSE(is_content_evil); |
2455 } | 2479 } |
2456 | 2480 |
2457 IN_PROC_BROWSER_TEST_F(SSLUITest, TestUnsafeContentsInWorkerFiltered) { | 2481 enum class OffMainThreadFetchMode { Enabled, Disabled }; |
2482 enum class SSLUIWorkerFetchTestType { UseFetch, UseImportScripts }; | |
kinuko
2017/05/18 14:30:21
kEnabled, kDisabled
kUseFetch, kUseImportScripts
?
horo
2017/05/18 14:45:37
Done.
| |
2483 | |
2484 class SSLUIWorkerFetchTest | |
2485 : public testing::WithParamInterface< | |
2486 std::pair<OffMainThreadFetchMode, SSLUIWorkerFetchTestType>>, | |
2487 public SSLUITest { | |
2488 public: | |
2489 ~SSLUIWorkerFetchTest() override {} | |
2490 void SetUpCommandLine(base::CommandLine* command_line) override { | |
2491 SSLUITest::SetUpCommandLine(command_line); | |
2492 if (GetParam().first == OffMainThreadFetchMode::Enabled) { | |
2493 command_line->AppendSwitchASCII(switches::kEnableFeatures, | |
2494 features::kOffMainThreadFetch.name); | |
2495 } else { | |
2496 command_line->AppendSwitchASCII(switches::kDisableFeatures, | |
2497 features::kOffMainThreadFetch.name); | |
2498 } | |
2499 } | |
2500 | |
2501 protected: | |
2502 void GetTestWorkerPagePath(const net::EmbeddedTestServer& https_server, | |
2503 std::string* test_worker_page_path) { | |
2504 switch (GetParam().second) { | |
2505 case SSLUIWorkerFetchTestType::UseFetch: | |
2506 GetPageWithUnsafeFetchingWorkerPath(https_server, | |
2507 test_worker_page_path); | |
2508 break; | |
2509 case SSLUIWorkerFetchTestType::UseImportScripts: | |
2510 GetPageWithUnsafeImportingWorkerPath(https_server, | |
2511 test_worker_page_path); | |
2512 break; | |
2513 } | |
2514 } | |
2515 }; | |
2516 | |
2517 IN_PROC_BROWSER_TEST_P(SSLUIWorkerFetchTest, | |
2518 TestUnsafeContentsInWorkerFiltered) { | |
2458 ASSERT_TRUE(https_server_.Start()); | 2519 ASSERT_TRUE(https_server_.Start()); |
2459 ASSERT_TRUE(https_server_expired_.Start()); | 2520 ASSERT_TRUE(https_server_expired_.Start()); |
2460 | 2521 |
2461 // This page will spawn a Worker which will try to load content from | 2522 // This page will spawn a Worker which will try to load content from |
2462 // BadCertServer. | 2523 // BadCertServer. |
2463 std::string page_with_unsafe_worker_path; | 2524 std::string test_worker_page_path; |
2464 GetPageWithUnsafeWorkerPath(https_server_expired_, | 2525 GetTestWorkerPagePath(https_server_expired_, &test_worker_page_path); |
2465 &page_with_unsafe_worker_path); | 2526 ui_test_utils::NavigateToURL(browser(), |
2466 ui_test_utils::NavigateToURL(browser(), https_server_.GetURL( | 2527 https_server_.GetURL(test_worker_page_path)); |
2467 page_with_unsafe_worker_path)); | |
2468 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); | 2528 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); |
2469 // Expect Worker not to load insecure content. | 2529 // Expect Worker not to load insecure content. |
2470 CheckWorkerLoadResult(tab, false); | 2530 CheckWorkerLoadResult(tab, false); |
2471 // The bad content is filtered, expect the state to be authenticated. | 2531 // The bad content is filtered, expect the state to be authenticated. |
2472 CheckAuthenticatedState(tab, AuthState::NONE); | 2532 CheckAuthenticatedState(tab, AuthState::NONE); |
2473 } | 2533 } |
2474 | 2534 |
2475 // This test, and the related test TestUnsafeContentsWithUserException, verify | 2535 // This test, and the related test TestUnsafeContentsWithUserException, verify |
2476 // that if unsafe content is loaded but the host of that unsafe content has a | 2536 // that if unsafe content is loaded but the host of that unsafe content has a |
2477 // user exception, the content runs and the security style is downgraded. | 2537 // user exception, the content runs and the security style is downgraded. |
2478 IN_PROC_BROWSER_TEST_F(SSLUITest, TestUnsafeContentsInWorkerWithUserException) { | 2538 IN_PROC_BROWSER_TEST_P(SSLUIWorkerFetchTest, |
2539 TestUnsafeContentsInWorkerWithUserException) { | |
2479 ASSERT_TRUE(https_server_.Start()); | 2540 ASSERT_TRUE(https_server_.Start()); |
2480 // Note that it is necessary to user https_server_mismatched_ here over the | 2541 // Note that it is necessary to user https_server_mismatched_ here over the |
2481 // other invalid cert servers. This is because the test relies on the two | 2542 // other invalid cert servers. This is because the test relies on the two |
2482 // servers having different hosts since SSL exceptions are per-host, not per | 2543 // servers having different hosts since SSL exceptions are per-host, not per |
2483 // origin, and https_server_mismatched_ uses 'localhost' rather than | 2544 // origin, and https_server_mismatched_ uses 'localhost' rather than |
2484 // '127.0.0.1'. | 2545 // '127.0.0.1'. |
2485 ASSERT_TRUE(https_server_mismatched_.Start()); | 2546 ASSERT_TRUE(https_server_mismatched_.Start()); |
2486 | 2547 |
2487 // Navigate to an unsafe site. Proceed with interstitial page to indicate | 2548 // Navigate to an unsafe site. Proceed with interstitial page to indicate |
2488 // the user approves the bad certificate. | 2549 // the user approves the bad certificate. |
(...skipping 11 matching lines...) Expand all Loading... | |
2500 security_state::SecurityInfo security_info; | 2561 security_state::SecurityInfo security_info; |
2501 helper->GetSecurityInfo(&security_info); | 2562 helper->GetSecurityInfo(&security_info); |
2502 EXPECT_EQ(security_state::CONTENT_STATUS_NONE, | 2563 EXPECT_EQ(security_state::CONTENT_STATUS_NONE, |
2503 security_info.mixed_content_status); | 2564 security_info.mixed_content_status); |
2504 EXPECT_EQ(security_state::CONTENT_STATUS_NONE, | 2565 EXPECT_EQ(security_state::CONTENT_STATUS_NONE, |
2505 security_info.content_with_cert_errors_status); | 2566 security_info.content_with_cert_errors_status); |
2506 | 2567 |
2507 // Navigate to safe page that has Worker loading unsafe content. | 2568 // Navigate to safe page that has Worker loading unsafe content. |
2508 // Expect content to load but be marked as auth broken due to running insecure | 2569 // Expect content to load but be marked as auth broken due to running insecure |
2509 // content. | 2570 // content. |
2510 std::string page_with_unsafe_worker_path; | 2571 std::string test_worker_page_path; |
2511 GetPageWithUnsafeWorkerPath(https_server_mismatched_, | 2572 GetTestWorkerPagePath(https_server_mismatched_, &test_worker_page_path); |
2512 &page_with_unsafe_worker_path); | 2573 |
2513 ui_test_utils::NavigateToURL( | 2574 ui_test_utils::NavigateToURL(browser(), |
2514 browser(), https_server_.GetURL(page_with_unsafe_worker_path)); | 2575 https_server_.GetURL(test_worker_page_path)); |
2515 CheckWorkerLoadResult(tab, true); // Worker loads insecure content | 2576 CheckWorkerLoadResult(tab, true); // Worker loads insecure content |
2516 CheckAuthenticationBrokenState(tab, CertError::NONE, AuthState::NONE); | 2577 CheckAuthenticationBrokenState(tab, CertError::NONE, AuthState::NONE); |
2517 | 2578 |
2518 helper->GetSecurityInfo(&security_info); | 2579 helper->GetSecurityInfo(&security_info); |
2519 EXPECT_EQ(security_state::CONTENT_STATUS_NONE, | 2580 EXPECT_EQ(security_state::CONTENT_STATUS_NONE, |
2520 security_info.mixed_content_status); | 2581 security_info.mixed_content_status); |
2521 EXPECT_EQ(security_state::CONTENT_STATUS_RAN, | 2582 EXPECT_EQ(security_state::CONTENT_STATUS_RAN, |
2522 security_info.content_with_cert_errors_status); | 2583 security_info.content_with_cert_errors_status); |
2523 } | 2584 } |
2524 | 2585 |
2586 INSTANTIATE_TEST_CASE_P( | |
2587 /* no prefix */, | |
2588 SSLUIWorkerFetchTest, | |
2589 ::testing::Values( | |
2590 std::make_pair(OffMainThreadFetchMode::Disabled, | |
2591 SSLUIWorkerFetchTestType::UseFetch), | |
2592 std::make_pair(OffMainThreadFetchMode::Disabled, | |
2593 SSLUIWorkerFetchTestType::UseImportScripts), | |
2594 std::make_pair(OffMainThreadFetchMode::Enabled, | |
2595 SSLUIWorkerFetchTestType::UseFetch), | |
2596 std::make_pair(OffMainThreadFetchMode::Enabled, | |
2597 SSLUIWorkerFetchTestType::UseImportScripts))); | |
2598 | |
2525 // Visits a page with unsafe content and makes sure that if a user exception to | 2599 // Visits a page with unsafe content and makes sure that if a user exception to |
2526 // the certificate error is present, the image is loaded and script executes. | 2600 // the certificate error is present, the image is loaded and script executes. |
2527 IN_PROC_BROWSER_TEST_F(SSLUITest, TestUnsafeContentsWithUserException) { | 2601 IN_PROC_BROWSER_TEST_F(SSLUITest, TestUnsafeContentsWithUserException) { |
2528 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); | 2602 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); |
2529 ASSERT_NO_FATAL_FAILURE(SetUpUnsafeContentsWithUserException( | 2603 ASSERT_NO_FATAL_FAILURE(SetUpUnsafeContentsWithUserException( |
2530 "/ssl/page_with_unsafe_contents.html")); | 2604 "/ssl/page_with_unsafe_contents.html")); |
2531 CheckAuthenticationBrokenState(tab, CertError::NONE, AuthState::NONE); | 2605 CheckAuthenticationBrokenState(tab, CertError::NONE, AuthState::NONE); |
2532 | 2606 |
2533 SecurityStateTabHelper* helper = SecurityStateTabHelper::FromWebContents(tab); | 2607 SecurityStateTabHelper* helper = SecurityStateTabHelper::FromWebContents(tab); |
2534 ASSERT_TRUE(helper); | 2608 ASSERT_TRUE(helper); |
(...skipping 1873 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
4408 | 4482 |
4409 // Visit a page over https that contains a frame with a redirect. | 4483 // Visit a page over https that contains a frame with a redirect. |
4410 | 4484 |
4411 // XMLHttpRequest insecure content in synchronous mode. | 4485 // XMLHttpRequest insecure content in synchronous mode. |
4412 | 4486 |
4413 // XMLHttpRequest insecure content in asynchronous mode. | 4487 // XMLHttpRequest insecure content in asynchronous mode. |
4414 | 4488 |
4415 // XMLHttpRequest over bad ssl in synchronous mode. | 4489 // XMLHttpRequest over bad ssl in synchronous mode. |
4416 | 4490 |
4417 // XMLHttpRequest over OK ssl in synchronous mode. | 4491 // XMLHttpRequest over OK ssl in synchronous mode. |
OLD | NEW |