| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright (c) 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "base/command_line.h" |
| 6 #include "base/strings/string_number_conversions.h" |
| 7 #include "base/test/simple_test_clock.h" |
| 8 #include "chrome/browser/profiles/profile.h" |
| 9 #include "chrome/browser/ssl/chrome_ssl_host_state_decisions.h" |
| 10 #include "chrome/browser/ui/browser.h" |
| 11 #include "chrome/browser/ui/tabs/tab_strip_model.h" |
| 12 #include "chrome/common/chrome_switches.h" |
| 13 #include "chrome/test/base/in_process_browser_test.h" |
| 14 #include "content/public/browser/ssl_host_state_decisions.h" |
| 15 #include "content/public/browser/web_contents.h" |
| 16 #include "content/public/test/browser_test_utils.h" |
| 17 #include "testing/gtest/include/gtest/gtest.h" |
| 18 #include "url/gurl.h" |
| 19 |
| 20 namespace { |
| 21 |
| 22 // Certificate for test data. It is obtained with: |
| 23 // |
| 24 // $ openssl s_client -connect [host]:443 -showcerts |
| 25 // $ openssl x509 -inform PEM -outform DER > /tmp/host.der |
| 26 // $ xxd -i /tmp/host.der |
| 27 |
| 28 // Google's cert. |
| 29 |
| 30 unsigned char google_der[] = { |
| 31 0x30, 0x82, 0x03, 0x21, 0x30, 0x82, 0x02, 0x8a, 0xa0, 0x03, 0x02, 0x01, |
| 32 0x02, 0x02, 0x10, 0x3c, 0x8d, 0x3a, 0x64, 0xee, 0x18, 0xdd, 0x1b, 0x73, |
| 33 0x0b, 0xa1, 0x92, 0xee, 0xf8, 0x98, 0x1b, 0x30, 0x0d, 0x06, 0x09, 0x2a, |
| 34 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x4c, |
| 35 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x5a, |
| 36 0x41, 0x31, 0x25, 0x30, 0x23, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x1c, |
| 37 0x54, 0x68, 0x61, 0x77, 0x74, 0x65, 0x20, 0x43, 0x6f, 0x6e, 0x73, 0x75, |
| 38 0x6c, 0x74, 0x69, 0x6e, 0x67, 0x20, 0x28, 0x50, 0x74, 0x79, 0x29, 0x20, |
| 39 0x4c, 0x74, 0x64, 0x2e, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, |
| 40 0x03, 0x13, 0x0d, 0x54, 0x68, 0x61, 0x77, 0x74, 0x65, 0x20, 0x53, 0x47, |
| 41 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x30, 0x38, 0x30, 0x35, |
| 42 0x30, 0x32, 0x31, 0x37, 0x30, 0x32, 0x35, 0x35, 0x5a, 0x17, 0x0d, 0x30, |
| 43 0x39, 0x30, 0x35, 0x30, 0x32, 0x31, 0x37, 0x30, 0x32, 0x35, 0x35, 0x5a, |
| 44 0x30, 0x68, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, |
| 45 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, |
| 46 0x13, 0x0a, 0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f, 0x72, 0x6e, 0x69, 0x61, |
| 47 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x0d, 0x4d, |
| 48 0x6f, 0x75, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x20, 0x56, 0x69, 0x65, 0x77, |
| 49 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0a, 0x47, |
| 50 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x20, 0x49, 0x6e, 0x63, 0x31, 0x17, 0x30, |
| 51 0x15, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0e, 0x77, 0x77, 0x77, 0x2e, |
| 52 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x81, |
| 53 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, |
| 54 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, |
| 55 0x81, 0x81, 0x00, 0x9b, 0x19, 0xed, 0x5d, 0xa5, 0x56, 0xaf, 0x49, 0x66, |
| 56 0xdb, 0x79, 0xfd, 0xc2, 0x1c, 0x78, 0x4e, 0x4f, 0x11, 0xa5, 0x8a, 0xac, |
| 57 0xe2, 0x94, 0xee, 0xe3, 0xe2, 0x4b, 0xc0, 0x03, 0x25, 0xa7, 0x99, 0xcc, |
| 58 0x65, 0xe1, 0xec, 0x94, 0xae, 0xae, 0xf0, 0xa7, 0x99, 0xbc, 0x10, 0xd7, |
| 59 0xed, 0x87, 0x30, 0x47, 0xcd, 0x50, 0xf9, 0xaf, 0xd3, 0xd3, 0xf4, 0x0b, |
| 60 0x8d, 0x47, 0x8a, 0x2e, 0xe2, 0xce, 0x53, 0x9b, 0x91, 0x99, 0x7f, 0x1e, |
| 61 0x5c, 0xf9, 0x1b, 0xd6, 0xe9, 0x93, 0x67, 0xe3, 0x4a, 0xf8, 0xcf, 0xc4, |
| 62 0x8c, 0x0c, 0x68, 0xd1, 0x97, 0x54, 0x47, 0x0e, 0x0a, 0x24, 0x30, 0xa7, |
| 63 0x82, 0x94, 0xae, 0xde, 0xae, 0x3f, 0xbf, 0xba, 0x14, 0xc6, 0xf8, 0xb2, |
| 64 0x90, 0x8e, 0x36, 0xad, 0xe1, 0xd0, 0xbe, 0x16, 0x9a, 0xb3, 0x5e, 0x72, |
| 65 0x38, 0x49, 0xda, 0x74, 0xa1, 0x3f, 0xff, 0xd2, 0x87, 0x81, 0xed, 0x02, |
| 66 0x03, 0x01, 0x00, 0x01, 0xa3, 0x81, 0xe7, 0x30, 0x81, 0xe4, 0x30, 0x28, |
| 67 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x21, 0x30, 0x1f, 0x06, 0x08, 0x2b, |
| 68 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, |
| 69 0x05, 0x05, 0x07, 0x03, 0x02, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x86, |
| 70 0xf8, 0x42, 0x04, 0x01, 0x30, 0x36, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, |
| 71 0x2f, 0x30, 0x2d, 0x30, 0x2b, 0xa0, 0x29, 0xa0, 0x27, 0x86, 0x25, 0x68, |
| 72 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x74, 0x68, |
| 73 0x61, 0x77, 0x74, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x54, 0x68, 0x61, |
| 74 0x77, 0x74, 0x65, 0x53, 0x47, 0x43, 0x43, 0x41, 0x2e, 0x63, 0x72, 0x6c, |
| 75 0x30, 0x72, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, |
| 76 0x04, 0x66, 0x30, 0x64, 0x30, 0x22, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, |
| 77 0x05, 0x07, 0x30, 0x01, 0x86, 0x16, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, |
| 78 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, |
| 79 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x3e, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, |
| 80 0x05, 0x07, 0x30, 0x02, 0x86, 0x32, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, |
| 81 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2e, |
| 82 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x65, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x6f, |
| 83 0x72, 0x79, 0x2f, 0x54, 0x68, 0x61, 0x77, 0x74, 0x65, 0x5f, 0x53, 0x47, |
| 84 0x43, 0x5f, 0x43, 0x41, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x0c, 0x06, 0x03, |
| 85 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x02, 0x30, 0x00, 0x30, 0x0d, |
| 86 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, |
| 87 0x00, 0x03, 0x81, 0x81, 0x00, 0x31, 0x0a, 0x6c, 0xa2, 0x9e, 0xe9, 0x54, |
| 88 0x19, 0x16, 0x68, 0x99, 0x91, 0xd6, 0x43, 0xcb, 0x6b, 0xb4, 0xcc, 0x6c, |
| 89 0xcc, 0xb0, 0xfb, 0xf1, 0xee, 0x81, 0xbf, 0x00, 0x2b, 0x6f, 0x50, 0x12, |
| 90 0xc6, 0xaf, 0x02, 0x2a, 0x36, 0xc1, 0x28, 0xde, 0xc5, 0x4c, 0x56, 0x20, |
| 91 0x6d, 0xf5, 0x3d, 0x42, 0xb9, 0x18, 0x81, 0x20, 0xb2, 0xdd, 0x57, 0x5d, |
| 92 0xeb, 0xbe, 0x32, 0x84, 0x50, 0x45, 0x51, 0x6e, 0xcd, 0xe4, 0x2e, 0x2a, |
| 93 0x38, 0x88, 0x9f, 0x52, 0xed, 0x28, 0xff, 0xfc, 0x8d, 0x57, 0xb5, 0xad, |
| 94 0x64, 0xae, 0x4d, 0x0e, 0x0e, 0xd9, 0x3d, 0xac, 0xb8, 0xfe, 0x66, 0x4c, |
| 95 0x15, 0x8f, 0x44, 0x52, 0xfa, 0x7c, 0x3c, 0x04, 0xed, 0x7f, 0x37, 0x61, |
| 96 0x04, 0xfe, 0xd5, 0xe9, 0xb9, 0xb0, 0x9e, 0xfe, 0xa5, 0x11, 0x69, 0xc9, |
| 97 0x63, 0xd6, 0x46, 0x81, 0x6f, 0x00, 0xd8, 0x72, 0x2f, 0x82, 0x37, 0x44, |
| 98 0xc1}; |
| 99 |
| 100 GURL www_google_url("https://www.google.com"); |
| 101 GURL google_url("https://google.com"); |
| 102 GURL example_url("https://example.com"); |
| 103 |
| 104 const uint64 kDeltaOneDayInSeconds = 86400; |
| 105 |
| 106 } // namespace |
| 107 |
| 108 class ChromeSSLHostStateDecisionsTest : public InProcessBrowserTest { |
| 109 public: |
| 110 ChromeSSLHostStateDecisionsTest() {}; |
| 111 virtual ~ChromeSSLHostStateDecisionsTest() {}; |
| 112 |
| 113 // InProcessBrowserTest: |
| 114 virtual void SetUpInProcessBrowserTestFixture() OVERRIDE{}; |
| 115 virtual void SetUpOnMainThread() OVERRIDE{}; |
| 116 virtual void CleanUpOnMainThread() OVERRIDE{}; |
| 117 |
| 118 virtual void SetUpOnIOThread() {}; |
| 119 virtual void CleanUpOnIOThread() {}; |
| 120 }; |
| 121 |
| 122 // This tests basic unit test functionality of the SSLHostStateDecisions class. |
| 123 // For example, tests that if a certificate is accepted, then it is added to |
| 124 // queryable, and if it is revoked, it is not queryable. |
| 125 IN_PROC_BROWSER_TEST_F(ChromeSSLHostStateDecisionsTest, QueryPolicy) { |
| 126 scoped_refptr<net::X509Certificate> google_cert( |
| 127 net::X509Certificate::CreateFromBytes( |
| 128 reinterpret_cast<const char*>(google_der), sizeof(google_der))); |
| 129 content::WebContents* tab = |
| 130 browser()->tab_strip_model()->GetActiveWebContents(); |
| 131 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
| 132 content::SSLHostStateDecisions* state = profile->GetSSLHostStateDecisions(); |
| 133 |
| 134 EXPECT_EQ( |
| 135 net::CertPolicy::UNKNOWN, |
| 136 state->QueryPolicy( |
| 137 www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
| 138 EXPECT_EQ(net::CertPolicy::UNKNOWN, |
| 139 state->QueryPolicy( |
| 140 google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
| 141 EXPECT_EQ(net::CertPolicy::UNKNOWN, |
| 142 state->QueryPolicy( |
| 143 example_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
| 144 |
| 145 state->AllowCert( |
| 146 www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
| 147 |
| 148 EXPECT_EQ( |
| 149 net::CertPolicy::ALLOWED, |
| 150 state->QueryPolicy( |
| 151 www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
| 152 EXPECT_EQ(net::CertPolicy::UNKNOWN, |
| 153 state->QueryPolicy( |
| 154 google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
| 155 EXPECT_EQ(net::CertPolicy::UNKNOWN, |
| 156 state->QueryPolicy( |
| 157 example_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
| 158 |
| 159 state->AllowCert( |
| 160 example_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
| 161 |
| 162 EXPECT_EQ( |
| 163 net::CertPolicy::ALLOWED, |
| 164 state->QueryPolicy( |
| 165 www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
| 166 EXPECT_EQ(net::CertPolicy::UNKNOWN, |
| 167 state->QueryPolicy( |
| 168 google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
| 169 EXPECT_EQ(net::CertPolicy::ALLOWED, |
| 170 state->QueryPolicy( |
| 171 example_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
| 172 |
| 173 state->DenyCert( |
| 174 example_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
| 175 |
| 176 EXPECT_EQ( |
| 177 net::CertPolicy::ALLOWED, |
| 178 state->QueryPolicy( |
| 179 www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
| 180 EXPECT_EQ(net::CertPolicy::UNKNOWN, |
| 181 state->QueryPolicy( |
| 182 google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
| 183 EXPECT_EQ(net::CertPolicy::DENIED, |
| 184 state->QueryPolicy( |
| 185 example_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
| 186 |
| 187 EXPECT_TRUE(state->HasAllowedOrDeniedCert(www_google_url)); |
| 188 state->RevokeAllowAndDenyPreferences(www_google_url); |
| 189 EXPECT_FALSE(state->HasAllowedOrDeniedCert(www_google_url)); |
| 190 EXPECT_EQ( |
| 191 net::CertPolicy::UNKNOWN, |
| 192 state->QueryPolicy( |
| 193 www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
| 194 |
| 195 EXPECT_FALSE(state->HasAllowedOrDeniedCert(google_url)); |
| 196 state->RevokeAllowAndDenyPreferences(google_url); |
| 197 EXPECT_FALSE(state->HasAllowedOrDeniedCert(google_url)); |
| 198 EXPECT_EQ(net::CertPolicy::UNKNOWN, |
| 199 state->QueryPolicy( |
| 200 google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
| 201 |
| 202 EXPECT_TRUE(state->HasAllowedOrDeniedCert(example_url)); |
| 203 state->RevokeAllowAndDenyPreferences(example_url); |
| 204 EXPECT_FALSE(state->HasAllowedOrDeniedCert(example_url)); |
| 205 EXPECT_EQ(net::CertPolicy::UNKNOWN, |
| 206 state->QueryPolicy( |
| 207 example_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
| 208 |
| 209 state->Clear(); |
| 210 |
| 211 EXPECT_EQ( |
| 212 net::CertPolicy::UNKNOWN, |
| 213 state->QueryPolicy( |
| 214 www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
| 215 EXPECT_EQ(net::CertPolicy::UNKNOWN, |
| 216 state->QueryPolicy( |
| 217 google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
| 218 EXPECT_EQ(net::CertPolicy::UNKNOWN, |
| 219 state->QueryPolicy( |
| 220 example_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
| 221 } |
| 222 |
| 223 // Tests the basic behavior of cert memory in incognito |
| 224 class IncognitoSSLHostStateDecisionsTest |
| 225 : public ChromeSSLHostStateDecisionsTest { |
| 226 protected: |
| 227 virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE { |
| 228 ChromeSSLHostStateDecisionsTest::SetUpCommandLine(command_line); |
| 229 command_line->AppendSwitch(switches::kRememberCertErrorDecisionsOneDay); |
| 230 } |
| 231 }; |
| 232 |
| 233 IN_PROC_BROWSER_TEST_F(IncognitoSSLHostStateDecisionsTest, PRE_AfterRestart) { |
| 234 scoped_refptr<net::X509Certificate> google_cert( |
| 235 net::X509Certificate::CreateFromBytes( |
| 236 reinterpret_cast<const char*>(google_der), sizeof(google_der))); |
| 237 content::WebContents* tab = |
| 238 browser()->tab_strip_model()->GetActiveWebContents(); |
| 239 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
| 240 content::SSLHostStateDecisions* state = profile->GetSSLHostStateDecisions(); |
| 241 |
| 242 // Add a cert exception to the profile and then verify that it still exists |
| 243 // in the incognito profile. |
| 244 state->AllowCert( |
| 245 www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
| 246 |
| 247 scoped_ptr<Profile> incognito(profile->CreateOffTheRecordProfile()); |
| 248 content::SSLHostStateDecisions* incognito_state = |
| 249 incognito->GetSSLHostStateDecisions(); |
| 250 |
| 251 EXPECT_EQ( |
| 252 net::CertPolicy::ALLOWED, |
| 253 incognito_state->QueryPolicy( |
| 254 www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
| 255 |
| 256 // Add a cert exception to the incognito profile. It will be checked after |
| 257 // restart that this exception does not exist. Note the different cert URL and |
| 258 // error than above thus mapping to a second exception. Also validate that it |
| 259 // was not added as an exception to the regular profile. |
| 260 incognito_state->AllowCert( |
| 261 google_url, google_cert.get(), net::CERT_STATUS_COMMON_NAME_INVALID); |
| 262 |
| 263 EXPECT_EQ( |
| 264 net::CertPolicy::UNKNOWN, |
| 265 state->QueryPolicy( |
| 266 google_url, google_cert.get(), net::CERT_STATUS_COMMON_NAME_INVALID)); |
| 267 } |
| 268 |
| 269 IN_PROC_BROWSER_TEST_F(IncognitoSSLHostStateDecisionsTest, AfterRestart) { |
| 270 scoped_refptr<net::X509Certificate> google_cert( |
| 271 net::X509Certificate::CreateFromBytes( |
| 272 reinterpret_cast<const char*>(google_der), sizeof(google_der))); |
| 273 content::WebContents* tab = |
| 274 browser()->tab_strip_model()->GetActiveWebContents(); |
| 275 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
| 276 content::SSLHostStateDecisions* state = profile->GetSSLHostStateDecisions(); |
| 277 |
| 278 // Verify that the exception added before restart to the regular |
| 279 // (non-incognito) profile still exists and was not cleared after the |
| 280 // incognito session ended. |
| 281 EXPECT_EQ( |
| 282 net::CertPolicy::ALLOWED, |
| 283 state->QueryPolicy( |
| 284 www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
| 285 |
| 286 scoped_ptr<Profile> incognito(profile->CreateOffTheRecordProfile()); |
| 287 content::SSLHostStateDecisions* incognito_state = |
| 288 incognito->GetSSLHostStateDecisions(); |
| 289 |
| 290 // Verify that the exception added before restart to the incognito profile was |
| 291 // cleared when the incognito session ended. |
| 292 EXPECT_EQ( |
| 293 net::CertPolicy::UNKNOWN, |
| 294 incognito_state->QueryPolicy( |
| 295 google_url, google_cert.get(), net::CERT_STATUS_COMMON_NAME_INVALID)); |
| 296 } |
| 297 |
| 298 // Tests to make sure that if the remember value is set to -1, any decisions |
| 299 // won't be remembered over a restart. |
| 300 class ForgetSSLHostStateDecisionsTest : public ChromeSSLHostStateDecisionsTest { |
| 301 protected: |
| 302 virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE { |
| 303 ChromeSSLHostStateDecisionsTest::SetUpCommandLine(command_line); |
| 304 command_line->AppendSwitch(switches::kRememberCertErrorDecisionsDisable); |
| 305 } |
| 306 }; |
| 307 |
| 308 IN_PROC_BROWSER_TEST_F(ForgetSSLHostStateDecisionsTest, PRE_AfterRestart) { |
| 309 scoped_refptr<net::X509Certificate> google_cert( |
| 310 net::X509Certificate::CreateFromBytes( |
| 311 reinterpret_cast<const char*>(google_der), sizeof(google_der))); |
| 312 content::WebContents* tab = |
| 313 browser()->tab_strip_model()->GetActiveWebContents(); |
| 314 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
| 315 content::SSLHostStateDecisions* state = profile->GetSSLHostStateDecisions(); |
| 316 |
| 317 state->AllowCert( |
| 318 www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
| 319 EXPECT_EQ( |
| 320 net::CertPolicy::ALLOWED, |
| 321 state->QueryPolicy( |
| 322 www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
| 323 } |
| 324 |
| 325 IN_PROC_BROWSER_TEST_F(ForgetSSLHostStateDecisionsTest, AfterRestart) { |
| 326 scoped_refptr<net::X509Certificate> google_cert( |
| 327 net::X509Certificate::CreateFromBytes( |
| 328 reinterpret_cast<const char*>(google_der), sizeof(google_der))); |
| 329 content::WebContents* tab = |
| 330 browser()->tab_strip_model()->GetActiveWebContents(); |
| 331 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
| 332 content::SSLHostStateDecisions* state = profile->GetSSLHostStateDecisions(); |
| 333 |
| 334 // The cert should now be |UNKONWN| because the profile is set to forget cert |
| 335 // exceptions after session end. |
| 336 EXPECT_EQ( |
| 337 net::CertPolicy::UNKNOWN, |
| 338 state->QueryPolicy( |
| 339 www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
| 340 } |
| 341 |
| 342 // Tests to make sure that if the remember value is set to 0, any decisions made |
| 343 // will be forgetten immediately. |
| 344 class ForgetInstantlySSLHostStateDecisionsTest |
| 345 : public ChromeSSLHostStateDecisionsTest { |
| 346 protected: |
| 347 virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE { |
| 348 ChromeSSLHostStateDecisionsTest::SetUpCommandLine(command_line); |
| 349 command_line->AppendSwitch(switches::kRememberCertErrorDecisionsNone); |
| 350 } |
| 351 }; |
| 352 |
| 353 IN_PROC_BROWSER_TEST_F(ForgetInstantlySSLHostStateDecisionsTest, |
| 354 MakeAndForgetException) { |
| 355 scoped_refptr<net::X509Certificate> google_cert( |
| 356 net::X509Certificate::CreateFromBytes( |
| 357 reinterpret_cast<const char*>(google_der), sizeof(google_der))); |
| 358 content::WebContents* tab = |
| 359 browser()->tab_strip_model()->GetActiveWebContents(); |
| 360 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
| 361 content::SSLHostStateDecisions* state = profile->GetSSLHostStateDecisions(); |
| 362 |
| 363 // chrome_state takes ownership of this clock |
| 364 base::SimpleTestClock* clock = new base::SimpleTestClock(); |
| 365 ChromeSSLHostStateDecisions* chrome_state = |
| 366 static_cast<ChromeSSLHostStateDecisions*>(state); |
| 367 chrome_state->SetClock(scoped_ptr<base::Clock>(clock)); |
| 368 |
| 369 // Start the clock at standard system time but do not advance at all to |
| 370 // emphasize that instant forget works. |
| 371 clock->SetNow(base::Time::NowFromSystemTime()); |
| 372 |
| 373 state->AllowCert( |
| 374 www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
| 375 EXPECT_EQ( |
| 376 net::CertPolicy::UNKNOWN, |
| 377 state->QueryPolicy( |
| 378 www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
| 379 } |
| 380 |
| 381 // Tests to make sure that if the remember value is set to a non-zero value0, |
| 382 // any decisions will be remembered over a restart, but only for the length |
| 383 // specified. |
| 384 class RememberSSLHostStateDecisionsTest |
| 385 : public ChromeSSLHostStateDecisionsTest { |
| 386 protected: |
| 387 virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE { |
| 388 ChromeSSLHostStateDecisionsTest::SetUpCommandLine(command_line); |
| 389 command_line->AppendSwitch(switches::kRememberCertErrorDecisionsOneDay); |
| 390 } |
| 391 }; |
| 392 |
| 393 IN_PROC_BROWSER_TEST_F(RememberSSLHostStateDecisionsTest, PRE_AfterRestart) { |
| 394 scoped_refptr<net::X509Certificate> google_cert( |
| 395 net::X509Certificate::CreateFromBytes( |
| 396 reinterpret_cast<const char*>(google_der), sizeof(google_der))); |
| 397 content::WebContents* tab = |
| 398 browser()->tab_strip_model()->GetActiveWebContents(); |
| 399 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
| 400 content::SSLHostStateDecisions* state = profile->GetSSLHostStateDecisions(); |
| 401 |
| 402 state->AllowCert( |
| 403 www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
| 404 EXPECT_EQ( |
| 405 net::CertPolicy::ALLOWED, |
| 406 state->QueryPolicy( |
| 407 www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
| 408 } |
| 409 |
| 410 IN_PROC_BROWSER_TEST_F(RememberSSLHostStateDecisionsTest, AfterRestart) { |
| 411 scoped_refptr<net::X509Certificate> google_cert( |
| 412 net::X509Certificate::CreateFromBytes( |
| 413 reinterpret_cast<const char*>(google_der), sizeof(google_der))); |
| 414 content::WebContents* tab = |
| 415 browser()->tab_strip_model()->GetActiveWebContents(); |
| 416 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
| 417 content::SSLHostStateDecisions* state = profile->GetSSLHostStateDecisions(); |
| 418 |
| 419 // chrome_state takes ownership of this clock |
| 420 base::SimpleTestClock* clock = new base::SimpleTestClock(); |
| 421 ChromeSSLHostStateDecisions* chrome_state = |
| 422 static_cast<ChromeSSLHostStateDecisions*>(state); |
| 423 chrome_state->SetClock(scoped_ptr<base::Clock>(clock)); |
| 424 |
| 425 // Start the clock at standard system time. |
| 426 clock->SetNow(base::Time::NowFromSystemTime()); |
| 427 |
| 428 // This should only pass if the cert was allowed before the test was restart |
| 429 // and thus has now been rememebered across browser restarts. |
| 430 EXPECT_EQ( |
| 431 net::CertPolicy::ALLOWED, |
| 432 state->QueryPolicy( |
| 433 www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
| 434 |
| 435 // Simulate the clock advancing by the specified delta. |
| 436 clock->Advance(base::TimeDelta::FromSeconds(kDeltaOneDayInSeconds + 1)); |
| 437 |
| 438 // The cert should now be |UNKONWN| because the specified delta has passed. |
| 439 EXPECT_EQ( |
| 440 net::CertPolicy::UNKNOWN, |
| 441 state->QueryPolicy( |
| 442 www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
| 443 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 369703002:
Remember user decisions on invalid certificates behind a flag (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src