OLD | NEW |
---|---|
(Empty) | |
1 // Copyright (c) 2014 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "base/command_line.h" | |
6 #include "base/strings/string_number_conversions.h" | |
7 #include "base/test/simple_test_clock.h" | |
8 #include "chrome/browser/profiles/profile.h" | |
9 #include "chrome/browser/ssl/chrome_ssl_host_state_decisions.h" | |
10 #include "chrome/browser/ui/browser.h" | |
11 #include "chrome/browser/ui/tabs/tab_strip_model.h" | |
12 #include "chrome/common/chrome_switches.h" | |
13 #include "chrome/test/base/in_process_browser_test.h" | |
14 #include "content/public/browser/ssl_host_state_decisions.h" | |
15 #include "content/public/browser/web_contents.h" | |
16 #include "content/public/test/browser_test_utils.h" | |
17 #include "testing/gtest/include/gtest/gtest.h" | |
18 #include "url/gurl.h" | |
19 | |
20 namespace { | |
21 | |
22 // Certificate for test data. It is obtained with: | |
23 // | |
24 // $ openssl s_client -connect [host]:443 -showcerts | |
25 // $ openssl x509 -inform PEM -outform DER > /tmp/host.der | |
26 // $ xxd -i /tmp/host.der | |
27 | |
28 // Google's cert. | |
29 | |
30 unsigned char google_der[] = { | |
Ryan Sleevi
2014/07/08 23:53:29
Use the net test data. Don't hardcode files into t
jww
2014/07/11 00:08:41
Done.
| |
31 0x30, 0x82, 0x03, 0x21, 0x30, 0x82, 0x02, 0x8a, 0xa0, 0x03, 0x02, 0x01, | |
32 0x02, 0x02, 0x10, 0x3c, 0x8d, 0x3a, 0x64, 0xee, 0x18, 0xdd, 0x1b, 0x73, | |
33 0x0b, 0xa1, 0x92, 0xee, 0xf8, 0x98, 0x1b, 0x30, 0x0d, 0x06, 0x09, 0x2a, | |
34 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x4c, | |
35 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x5a, | |
36 0x41, 0x31, 0x25, 0x30, 0x23, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x1c, | |
37 0x54, 0x68, 0x61, 0x77, 0x74, 0x65, 0x20, 0x43, 0x6f, 0x6e, 0x73, 0x75, | |
38 0x6c, 0x74, 0x69, 0x6e, 0x67, 0x20, 0x28, 0x50, 0x74, 0x79, 0x29, 0x20, | |
39 0x4c, 0x74, 0x64, 0x2e, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, | |
40 0x03, 0x13, 0x0d, 0x54, 0x68, 0x61, 0x77, 0x74, 0x65, 0x20, 0x53, 0x47, | |
41 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x30, 0x38, 0x30, 0x35, | |
42 0x30, 0x32, 0x31, 0x37, 0x30, 0x32, 0x35, 0x35, 0x5a, 0x17, 0x0d, 0x30, | |
43 0x39, 0x30, 0x35, 0x30, 0x32, 0x31, 0x37, 0x30, 0x32, 0x35, 0x35, 0x5a, | |
44 0x30, 0x68, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, | |
45 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, | |
46 0x13, 0x0a, 0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f, 0x72, 0x6e, 0x69, 0x61, | |
47 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x0d, 0x4d, | |
48 0x6f, 0x75, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x20, 0x56, 0x69, 0x65, 0x77, | |
49 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0a, 0x47, | |
50 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x20, 0x49, 0x6e, 0x63, 0x31, 0x17, 0x30, | |
51 0x15, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0e, 0x77, 0x77, 0x77, 0x2e, | |
52 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x81, | |
53 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, | |
54 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, | |
55 0x81, 0x81, 0x00, 0x9b, 0x19, 0xed, 0x5d, 0xa5, 0x56, 0xaf, 0x49, 0x66, | |
56 0xdb, 0x79, 0xfd, 0xc2, 0x1c, 0x78, 0x4e, 0x4f, 0x11, 0xa5, 0x8a, 0xac, | |
57 0xe2, 0x94, 0xee, 0xe3, 0xe2, 0x4b, 0xc0, 0x03, 0x25, 0xa7, 0x99, 0xcc, | |
58 0x65, 0xe1, 0xec, 0x94, 0xae, 0xae, 0xf0, 0xa7, 0x99, 0xbc, 0x10, 0xd7, | |
59 0xed, 0x87, 0x30, 0x47, 0xcd, 0x50, 0xf9, 0xaf, 0xd3, 0xd3, 0xf4, 0x0b, | |
60 0x8d, 0x47, 0x8a, 0x2e, 0xe2, 0xce, 0x53, 0x9b, 0x91, 0x99, 0x7f, 0x1e, | |
61 0x5c, 0xf9, 0x1b, 0xd6, 0xe9, 0x93, 0x67, 0xe3, 0x4a, 0xf8, 0xcf, 0xc4, | |
62 0x8c, 0x0c, 0x68, 0xd1, 0x97, 0x54, 0x47, 0x0e, 0x0a, 0x24, 0x30, 0xa7, | |
63 0x82, 0x94, 0xae, 0xde, 0xae, 0x3f, 0xbf, 0xba, 0x14, 0xc6, 0xf8, 0xb2, | |
64 0x90, 0x8e, 0x36, 0xad, 0xe1, 0xd0, 0xbe, 0x16, 0x9a, 0xb3, 0x5e, 0x72, | |
65 0x38, 0x49, 0xda, 0x74, 0xa1, 0x3f, 0xff, 0xd2, 0x87, 0x81, 0xed, 0x02, | |
66 0x03, 0x01, 0x00, 0x01, 0xa3, 0x81, 0xe7, 0x30, 0x81, 0xe4, 0x30, 0x28, | |
67 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x21, 0x30, 0x1f, 0x06, 0x08, 0x2b, | |
68 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, | |
69 0x05, 0x05, 0x07, 0x03, 0x02, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x86, | |
70 0xf8, 0x42, 0x04, 0x01, 0x30, 0x36, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, | |
71 0x2f, 0x30, 0x2d, 0x30, 0x2b, 0xa0, 0x29, 0xa0, 0x27, 0x86, 0x25, 0x68, | |
72 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x74, 0x68, | |
73 0x61, 0x77, 0x74, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x54, 0x68, 0x61, | |
74 0x77, 0x74, 0x65, 0x53, 0x47, 0x43, 0x43, 0x41, 0x2e, 0x63, 0x72, 0x6c, | |
75 0x30, 0x72, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, | |
76 0x04, 0x66, 0x30, 0x64, 0x30, 0x22, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, | |
77 0x05, 0x07, 0x30, 0x01, 0x86, 0x16, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, | |
78 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, | |
79 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x3e, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, | |
80 0x05, 0x07, 0x30, 0x02, 0x86, 0x32, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, | |
81 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2e, | |
82 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x65, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x6f, | |
83 0x72, 0x79, 0x2f, 0x54, 0x68, 0x61, 0x77, 0x74, 0x65, 0x5f, 0x53, 0x47, | |
84 0x43, 0x5f, 0x43, 0x41, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x0c, 0x06, 0x03, | |
85 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x02, 0x30, 0x00, 0x30, 0x0d, | |
86 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, | |
87 0x00, 0x03, 0x81, 0x81, 0x00, 0x31, 0x0a, 0x6c, 0xa2, 0x9e, 0xe9, 0x54, | |
88 0x19, 0x16, 0x68, 0x99, 0x91, 0xd6, 0x43, 0xcb, 0x6b, 0xb4, 0xcc, 0x6c, | |
89 0xcc, 0xb0, 0xfb, 0xf1, 0xee, 0x81, 0xbf, 0x00, 0x2b, 0x6f, 0x50, 0x12, | |
90 0xc6, 0xaf, 0x02, 0x2a, 0x36, 0xc1, 0x28, 0xde, 0xc5, 0x4c, 0x56, 0x20, | |
91 0x6d, 0xf5, 0x3d, 0x42, 0xb9, 0x18, 0x81, 0x20, 0xb2, 0xdd, 0x57, 0x5d, | |
92 0xeb, 0xbe, 0x32, 0x84, 0x50, 0x45, 0x51, 0x6e, 0xcd, 0xe4, 0x2e, 0x2a, | |
93 0x38, 0x88, 0x9f, 0x52, 0xed, 0x28, 0xff, 0xfc, 0x8d, 0x57, 0xb5, 0xad, | |
94 0x64, 0xae, 0x4d, 0x0e, 0x0e, 0xd9, 0x3d, 0xac, 0xb8, 0xfe, 0x66, 0x4c, | |
95 0x15, 0x8f, 0x44, 0x52, 0xfa, 0x7c, 0x3c, 0x04, 0xed, 0x7f, 0x37, 0x61, | |
96 0x04, 0xfe, 0xd5, 0xe9, 0xb9, 0xb0, 0x9e, 0xfe, 0xa5, 0x11, 0x69, 0xc9, | |
97 0x63, 0xd6, 0x46, 0x81, 0x6f, 0x00, 0xd8, 0x72, 0x2f, 0x82, 0x37, 0x44, | |
98 0xc1}; | |
99 | |
100 GURL www_google_url("https://www.google.com"); | |
101 GURL google_url("https://google.com"); | |
102 GURL example_url("https://example.com"); | |
103 | |
104 const char* kDeltaSecondsString = "86400"; | |
105 | |
106 } // namespace | |
107 | |
108 class ChromeSSLHostStateDecisionsTest : public InProcessBrowserTest { | |
109 public: | |
110 ChromeSSLHostStateDecisionsTest() {}; | |
111 virtual ~ChromeSSLHostStateDecisionsTest() {}; | |
112 | |
113 // InProcessBrowserTest: | |
114 virtual void SetUpInProcessBrowserTestFixture() OVERRIDE{}; | |
115 virtual void SetUpOnMainThread() OVERRIDE{}; | |
116 virtual void CleanUpOnMainThread() OVERRIDE{}; | |
Ryan Sleevi
2014/07/08 23:53:29
1) spaces between OVERRIDE and {}
2) Um, why are y
jww
2014/07/11 00:08:41
I actually had a space initially, but git-cl forma
| |
117 | |
118 virtual void SetUpOnIOThread() {}; | |
119 virtual void CleanUpOnIOThread() {}; | |
120 }; | |
121 | |
122 // This tests basic unit test functionality of the SSLHostStateDecisions class. | |
123 // For example, tests that if a certificate is accepted, then it is added to | |
124 // queryable, and if it is revoked, it is not queryable. | |
125 IN_PROC_BROWSER_TEST_F(ChromeSSLHostStateDecisionsTest, QueryPolicy) { | |
126 scoped_refptr<net::X509Certificate> google_cert( | |
127 net::X509Certificate::CreateFromBytes( | |
128 reinterpret_cast<const char*>(google_der), sizeof(google_der))); | |
129 content::WebContents* tab = | |
130 browser()->tab_strip_model()->GetActiveWebContents(); | |
131 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); | |
132 content::SSLHostStateDecisions* state = profile->GetSSLHostStateDecisions(); | |
Ryan Sleevi
2014/07/08 23:53:29
Seems like all of this could be done as a simple T
jww
2014/07/11 00:08:41
I think you're right that these basic unit tests c
jww
2014/07/11 00:08:41
Perhaps I don't quite understand how TEST_F works,
Ryan Sleevi
2014/07/11 00:48:49
Correct, there won't be an associated Profile in a
jww
2014/07/11 01:52:07
Sorry for my density, I still think that doesn't m
Ryan Sleevi
2014/07/11 19:43:27
Bah, I missed *Decisions rather than just SSLHostS
jww
2014/07/14 21:21:15
Acknowledged.
| |
133 | |
134 EXPECT_EQ( | |
135 net::CertPolicy::UNKNOWN, | |
136 state->QueryPolicy( | |
137 www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | |
138 EXPECT_EQ(net::CertPolicy::UNKNOWN, | |
139 state->QueryPolicy( | |
140 google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | |
141 EXPECT_EQ(net::CertPolicy::UNKNOWN, | |
142 state->QueryPolicy( | |
143 example_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | |
Ryan Sleevi
2014/07/11 19:43:27
Document the precondition you're testing on line 1
jww
2014/07/14 21:21:15
Done.
| |
144 | |
145 state->AllowCert( | |
Ryan Sleevi
2014/07/11 19:43:27
Document what you're doing, and then on line 147,
jww
2014/07/14 21:21:15
Done.
| |
146 www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID); | |
147 | |
148 EXPECT_EQ( | |
149 net::CertPolicy::ALLOWED, | |
150 state->QueryPolicy( | |
151 www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | |
152 EXPECT_EQ(net::CertPolicy::UNKNOWN, | |
153 state->QueryPolicy( | |
154 google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | |
155 EXPECT_EQ(net::CertPolicy::UNKNOWN, | |
156 state->QueryPolicy( | |
157 example_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | |
158 | |
159 state->AllowCert( | |
Ryan Sleevi
2014/07/11 19:43:27
Document what you're doing, and what you're verify
jww
2014/07/14 21:21:15
Done.
| |
160 example_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID); | |
161 | |
162 EXPECT_EQ( | |
163 net::CertPolicy::ALLOWED, | |
164 state->QueryPolicy( | |
165 www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | |
166 EXPECT_EQ(net::CertPolicy::UNKNOWN, | |
167 state->QueryPolicy( | |
168 google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | |
169 EXPECT_EQ(net::CertPolicy::ALLOWED, | |
170 state->QueryPolicy( | |
171 example_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | |
172 | |
173 state->DenyCert( | |
Ryan Sleevi
2014/07/11 19:43:27
Document what you're doing, and what you're verify
jww
2014/07/14 21:21:15
Done.
| |
174 example_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID); | |
175 | |
176 EXPECT_EQ( | |
177 net::CertPolicy::ALLOWED, | |
178 state->QueryPolicy( | |
179 www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | |
180 EXPECT_EQ(net::CertPolicy::UNKNOWN, | |
181 state->QueryPolicy( | |
182 google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | |
183 EXPECT_EQ(net::CertPolicy::DENIED, | |
184 state->QueryPolicy( | |
185 example_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | |
186 | |
187 EXPECT_TRUE(state->HasAllowedOrDeniedCert(www_google_url)); | |
Ryan Sleevi
2014/07/11 19:43:27
Seems like 187-193 should be their own, hermetic t
jww
2014/07/14 21:21:15
Done.
| |
188 state->RevokeAllowAndDenyPreferences(www_google_url); | |
189 EXPECT_FALSE(state->HasAllowedOrDeniedCert(www_google_url)); | |
190 EXPECT_EQ( | |
191 net::CertPolicy::UNKNOWN, | |
192 state->QueryPolicy( | |
193 www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | |
194 | |
195 EXPECT_FALSE(state->HasAllowedOrDeniedCert(google_url)); | |
Ryan Sleevi
2014/07/11 19:43:27
What is this testing that is different than what y
jww
2014/07/14 21:21:15
187-193 tests that HasAllowedOrDeniedCert works fo
| |
196 state->RevokeAllowAndDenyPreferences(google_url); | |
197 EXPECT_FALSE(state->HasAllowedOrDeniedCert(google_url)); | |
198 EXPECT_EQ(net::CertPolicy::UNKNOWN, | |
199 state->QueryPolicy( | |
200 google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | |
201 | |
202 EXPECT_TRUE(state->HasAllowedOrDeniedCert(example_url)); | |
Ryan Sleevi
2014/07/11 19:43:27
How is this a different test than the previous two
jww
2014/07/14 21:21:15
Yeah, this was a silly test. I'm going to modify i
| |
203 state->RevokeAllowAndDenyPreferences(example_url); | |
204 EXPECT_FALSE(state->HasAllowedOrDeniedCert(example_url)); | |
205 EXPECT_EQ(net::CertPolicy::UNKNOWN, | |
206 state->QueryPolicy( | |
207 example_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | |
208 | |
209 state->Clear(); | |
210 | |
211 EXPECT_EQ( | |
212 net::CertPolicy::UNKNOWN, | |
213 state->QueryPolicy( | |
214 www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | |
215 EXPECT_EQ(net::CertPolicy::UNKNOWN, | |
216 state->QueryPolicy( | |
217 google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | |
218 EXPECT_EQ(net::CertPolicy::UNKNOWN, | |
219 state->QueryPolicy( | |
220 example_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | |
Ryan Sleevi
2014/07/11 19:43:27
How does this actually test that Clear() worked, c
jww
2014/07/14 21:21:15
Done.
| |
221 } | |
222 | |
223 // Tests the basic behavior of cert memory in incognito | |
224 class IncognitoSSLHostStateDecisionsTest | |
225 : public ChromeSSLHostStateDecisionsTest { | |
226 protected: | |
227 virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE { | |
228 ChromeSSLHostStateDecisionsTest::SetUpCommandLine(command_line); | |
229 // Setting the kRememberCertErrorDecisions flag to positive, non "0" values | |
230 // indicates that certificate decisions should be remembered even across | |
231 // browser session restarts for the given length of time, in seconds. | |
232 command_line->AppendSwitchASCII(switches::kRememberCertErrorDecisions, | |
233 kDeltaSecondsString); | |
234 } | |
235 }; | |
236 | |
237 IN_PROC_BROWSER_TEST_F(IncognitoSSLHostStateDecisionsTest, PRE_AfterRestart) { | |
238 scoped_refptr<net::X509Certificate> google_cert( | |
239 net::X509Certificate::CreateFromBytes( | |
240 reinterpret_cast<const char*>(google_der), sizeof(google_der))); | |
241 content::WebContents* tab = | |
242 browser()->tab_strip_model()->GetActiveWebContents(); | |
243 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); | |
244 content::SSLHostStateDecisions* state = profile->GetSSLHostStateDecisions(); | |
245 | |
246 // Add a cert exception to the profile and then verify that it still exists | |
247 // in the incognito profile. | |
248 state->AllowCert( | |
249 www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID); | |
250 | |
251 scoped_ptr<Profile> incognito(profile->CreateOffTheRecordProfile()); | |
252 content::SSLHostStateDecisions* incognito_state = | |
253 incognito->GetSSLHostStateDecisions(); | |
254 | |
255 EXPECT_EQ( | |
256 net::CertPolicy::ALLOWED, | |
257 incognito_state->QueryPolicy( | |
258 www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | |
259 | |
260 // Add a cert exception to the incognito profile. It will be checked after | |
261 // restart that this exception does not exist. Note the different cert URL and | |
262 // error than above thus mapping to a second exception. Also validate that it | |
263 // was not added as an exception to the regular profile. | |
264 incognito_state->AllowCert( | |
265 google_url, google_cert.get(), net::CERT_STATUS_COMMON_NAME_INVALID); | |
266 | |
267 EXPECT_EQ( | |
268 net::CertPolicy::UNKNOWN, | |
269 state->QueryPolicy( | |
270 google_url, google_cert.get(), net::CERT_STATUS_COMMON_NAME_INVALID)); | |
271 } | |
272 | |
273 IN_PROC_BROWSER_TEST_F(IncognitoSSLHostStateDecisionsTest, AfterRestart) { | |
274 scoped_refptr<net::X509Certificate> google_cert( | |
275 net::X509Certificate::CreateFromBytes( | |
276 reinterpret_cast<const char*>(google_der), sizeof(google_der))); | |
277 content::WebContents* tab = | |
278 browser()->tab_strip_model()->GetActiveWebContents(); | |
279 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); | |
280 content::SSLHostStateDecisions* state = profile->GetSSLHostStateDecisions(); | |
281 | |
282 // Verify that the exception added before restart to the regular | |
283 // (non-incognito) profile still exists and was not cleared after the | |
284 // incognito session ended. | |
285 EXPECT_EQ( | |
286 net::CertPolicy::ALLOWED, | |
287 state->QueryPolicy( | |
288 www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | |
289 | |
290 scoped_ptr<Profile> incognito(profile->CreateOffTheRecordProfile()); | |
291 content::SSLHostStateDecisions* incognito_state = | |
292 incognito->GetSSLHostStateDecisions(); | |
293 | |
294 // Verify that the exception added before restart to the incognito profile was | |
295 // cleared when the incognito session ended. | |
296 EXPECT_EQ( | |
297 net::CertPolicy::UNKNOWN, | |
298 incognito_state->QueryPolicy( | |
299 google_url, google_cert.get(), net::CERT_STATUS_COMMON_NAME_INVALID)); | |
300 } | |
301 | |
302 // Tests to make sure that if the remember value is set to 0, any decisions | |
303 // won't be remembered over a restart. | |
304 class ForgetSSLHostStateDecisionsTest : public ChromeSSLHostStateDecisionsTest { | |
305 protected: | |
306 virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE { | |
307 ChromeSSLHostStateDecisionsTest::SetUpCommandLine(command_line); | |
308 // Setting the kRememberCertErrorDecisions flag to a value of "0" indicates | |
309 // that certificate decisions should not be remembered across browser | |
310 // session restarts. | |
311 command_line->AppendSwitchASCII(switches::kRememberCertErrorDecisions, "0"); | |
312 } | |
313 }; | |
314 | |
315 IN_PROC_BROWSER_TEST_F(ForgetSSLHostStateDecisionsTest, PRE_AfterRestart) { | |
316 scoped_refptr<net::X509Certificate> google_cert( | |
317 net::X509Certificate::CreateFromBytes( | |
318 reinterpret_cast<const char*>(google_der), sizeof(google_der))); | |
319 content::WebContents* tab = | |
320 browser()->tab_strip_model()->GetActiveWebContents(); | |
321 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); | |
322 content::SSLHostStateDecisions* state = profile->GetSSLHostStateDecisions(); | |
323 | |
324 state->AllowCert( | |
325 www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID); | |
326 EXPECT_EQ( | |
327 net::CertPolicy::ALLOWED, | |
328 state->QueryPolicy( | |
329 www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | |
330 } | |
331 | |
332 IN_PROC_BROWSER_TEST_F(ForgetSSLHostStateDecisionsTest, AfterRestart) { | |
333 scoped_refptr<net::X509Certificate> google_cert( | |
334 net::X509Certificate::CreateFromBytes( | |
335 reinterpret_cast<const char*>(google_der), sizeof(google_der))); | |
336 content::WebContents* tab = | |
337 browser()->tab_strip_model()->GetActiveWebContents(); | |
338 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); | |
339 content::SSLHostStateDecisions* state = profile->GetSSLHostStateDecisions(); | |
340 | |
341 // The cert should now be |UNKONWN| because the profile is set to forget cert | |
342 // exceptions after session end. | |
343 EXPECT_EQ( | |
344 net::CertPolicy::UNKNOWN, | |
345 state->QueryPolicy( | |
346 www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | |
347 } | |
348 | |
349 // Tests to make sure that if the remember value is set to a non-zero value0, | |
350 // any decisions will be remembered over a restart, but only for the length | |
351 // specified. | |
352 class RememberSSLHostStateDecisionsTest | |
353 : public ChromeSSLHostStateDecisionsTest { | |
354 protected: | |
355 virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE { | |
356 ChromeSSLHostStateDecisionsTest::SetUpCommandLine(command_line); | |
357 // Setting the kRememberCertErrorDecisions flag to positive, non "0" values | |
358 // indicates that certificate decisions should be remembered even across | |
359 // browser session restarts for the given length of time, in seconds. | |
360 command_line->AppendSwitchASCII(switches::kRememberCertErrorDecisions, | |
361 kDeltaSecondsString); | |
362 } | |
363 }; | |
364 | |
365 IN_PROC_BROWSER_TEST_F(RememberSSLHostStateDecisionsTest, PRE_AfterRestart) { | |
366 scoped_refptr<net::X509Certificate> google_cert( | |
367 net::X509Certificate::CreateFromBytes( | |
368 reinterpret_cast<const char*>(google_der), sizeof(google_der))); | |
369 content::WebContents* tab = | |
370 browser()->tab_strip_model()->GetActiveWebContents(); | |
371 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); | |
372 content::SSLHostStateDecisions* state = profile->GetSSLHostStateDecisions(); | |
373 | |
374 state->AllowCert( | |
375 www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID); | |
376 EXPECT_EQ( | |
377 net::CertPolicy::ALLOWED, | |
378 state->QueryPolicy( | |
379 www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | |
380 } | |
381 | |
382 IN_PROC_BROWSER_TEST_F(RememberSSLHostStateDecisionsTest, AfterRestart) { | |
383 scoped_refptr<net::X509Certificate> google_cert( | |
384 net::X509Certificate::CreateFromBytes( | |
385 reinterpret_cast<const char*>(google_der), sizeof(google_der))); | |
386 content::WebContents* tab = | |
387 browser()->tab_strip_model()->GetActiveWebContents(); | |
388 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); | |
389 content::SSLHostStateDecisions* state = profile->GetSSLHostStateDecisions(); | |
390 | |
391 // chrome_state takes ownership of this clock | |
392 base::SimpleTestClock* clock = new base::SimpleTestClock(); | |
393 ChromeSSLHostStateDecisions* chrome_state = | |
394 static_cast<ChromeSSLHostStateDecisions*>(state); | |
395 chrome_state->SetClock(scoped_ptr<base::Clock>(clock)); | |
396 | |
397 // Start the clock at standard system time. | |
398 clock->SetNow(base::Time::NowFromSystemTime()); | |
399 | |
400 // This should only pass if the cert was allowed before the test was restart | |
401 // and thus has now been rememebered across browser restarts. | |
402 EXPECT_EQ( | |
403 net::CertPolicy::ALLOWED, | |
404 state->QueryPolicy( | |
405 www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | |
406 | |
407 // Simulate the clock advancing by the specified delta. | |
408 int64 delta; | |
409 base::StringToInt64(kDeltaSecondsString, &delta); | |
410 clock->Advance(base::TimeDelta::FromSeconds(delta + 1)); | |
411 | |
412 // The cert should now be |UNKONWN| because the specified delta has passed. | |
413 EXPECT_EQ( | |
414 net::CertPolicy::UNKNOWN, | |
415 state->QueryPolicy( | |
416 www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | |
417 } | |
OLD | NEW |