Remember user decisions on invalid certificates behind a flag

chrome/browser/ssl/chrome_ssl_host_state_decisions_test.cc

Index: chrome/browser/ssl/chrome_ssl_host_state_decisions_test.cc
diff --git a/chrome/browser/ssl/chrome_ssl_host_state_decisions_test.cc b/chrome/browser/ssl/chrome_ssl_host_state_decisions_test.cc
new file mode 100644
index 0000000000000000000000000000000000000000..4a4e12b68a1d5b3df6338fc24b9d78ae0f8bf00f
--- /dev/null
+++ b/chrome/browser/ssl/chrome_ssl_host_state_decisions_test.cc
@@ -0,0 +1,404 @@
+// Copyright (c) 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "base/command_line.h"
+#include "base/strings/string_number_conversions.h"
+#include "base/test/simple_test_clock.h"
+#include "chrome/browser/profiles/profile.h"
+#include "chrome/browser/ssl/chrome_ssl_host_state_decisions.h"
+#include "chrome/browser/ui/browser.h"
+#include "chrome/browser/ui/tabs/tab_strip_model.h"
+#include "chrome/common/chrome_switches.h"
+#include "chrome/test/base/in_process_browser_test.h"
+#include "content/public/browser/ssl_host_state_decisions.h"
+#include "content/public/browser/web_contents.h"
+#include "content/public/test/browser_test_utils.h"
+#include "net/test/test_certificate_data.h"
+#include "testing/gtest/include/gtest/gtest.h"
+#include "url/gurl.h"
+
+namespace {
+
+GURL www_google_url("https://www.google.com");
+GURL google_url("https://google.com");
+GURL example_url("https://example.com");

[Ryan Sleevi, 2014/07/17 23:19:36]

Don't use static variables in tests. You're invoking static initializers here.

Use const char[] for the URLs, create GURLs on demand.

[jww, 2014/07/21 23:39:33]

Done.

+
+const uint64 kDeltaOneDayInSeconds = 86400;

[Ryan Sleevi, 2014/07/17 23:19:36]

TYPES: uint64_t ?
COMPILE: UINT64_C(86400) (ensures proper suffix - ULL vs UI64, for example). SEe
https://code.google.com/p/chromium/codesearch#chromium/src/base/port.h&rcl=14...

[jww, 2014/07/21 23:39:33]

Done.

+
+}  // namespace
+
+class ChromeSSLHostStateDecisionsTest : public InProcessBrowserTest {};
+
+// These tests basic unit test functionality of the SSLHostStateDecisions class.
+// For example, tests that if a certificate is accepted, then it is added to
+// queryable, and if it is revoked, it is not queryable. Even though it is
+// effectively a unit test, in needs to be an InProcessBrowserTest because the
+// actual functionality is provided by ChromeSSLHostStateDecisions which is
+// provided per-profile.

[Ryan Sleevi, 2014/07/17 23:19:36]

Line break, then document what *this* test does.

If this is the documentation, then add simple one or two sentence explanations
for line 115 & 155

[jww, 2014/07/21 23:39:33]

Done.

+IN_PROC_BROWSER_TEST_F(ChromeSSLHostStateDecisionsTest, QueryPolicy) {
+  scoped_refptr<net::X509Certificate> google_cert(
+      net::X509Certificate::CreateFromBytes(
+          reinterpret_cast<const char*>(google_der), sizeof(google_der)));
+  content::WebContents* tab =
+      browser()->tab_strip_model()->GetActiveWebContents();
+  Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext());
+  content::SSLHostStateDecisions* state = profile->GetSSLHostStateDecisions();
+
+  // Verifying that all three of the certs we will be looking at are unknown
+  // before any action has been taken.
+  EXPECT_EQ(
+      net::CertPolicy::UNKNOWN,
+      state->QueryPolicy(
+          www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
+  EXPECT_EQ(net::CertPolicy::UNKNOWN,
+            state->QueryPolicy(
+                google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
+  EXPECT_EQ(net::CertPolicy::UNKNOWN,
+            state->QueryPolicy(
+                example_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
+
+  // Simulate a user decision to allow an invalid certificate exception for
+  // www_google_url.
+  state->AllowCert(
+      www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID);
+
+  // Verify that only www_google_url is allowed and that the other two certs
+  // being tested still have no decision associated with them.
+  EXPECT_EQ(
+      net::CertPolicy::ALLOWED,
+      state->QueryPolicy(
+          www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
+  EXPECT_EQ(net::CertPolicy::UNKNOWN,
+            state->QueryPolicy(
+                google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
+  EXPECT_EQ(net::CertPolicy::UNKNOWN,
+            state->QueryPolicy(
+                example_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
+
+  // Simulate a user decision to allow an invalid certificate exception for
+  // example_url.
+  state->AllowCert(
+      example_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID);
+
+  // Verify that both www_google_url and example_url have allow exceptions while
+  // google_url still has no associated decision.
+  EXPECT_EQ(
+      net::CertPolicy::ALLOWED,
+      state->QueryPolicy(
+          www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
+  EXPECT_EQ(net::CertPolicy::UNKNOWN,
+            state->QueryPolicy(
+                google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
+  EXPECT_EQ(net::CertPolicy::ALLOWED,
+            state->QueryPolicy(
+                example_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
+
+  // Simulate a user decision to deny an invalid certificate for example_url.
+  state->DenyCert(
+      example_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID);
+
+  // Verify that www_google_url is allowed and example_url is denied while
+  // google_url still has no associated decision.
+  EXPECT_EQ(
+      net::CertPolicy::ALLOWED,
+      state->QueryPolicy(
+          www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
+  EXPECT_EQ(net::CertPolicy::UNKNOWN,
+            state->QueryPolicy(
+                google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
+  EXPECT_EQ(net::CertPolicy::DENIED,
+            state->QueryPolicy(
+                example_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
+}
+
+IN_PROC_BROWSER_TEST_F(ChromeSSLHostStateDecisionsTest, HasPolicyAndRevoke) {
+  scoped_refptr<net::X509Certificate> google_cert(
+      net::X509Certificate::CreateFromBytes(
+          reinterpret_cast<const char*>(google_der), sizeof(google_der)));
+  content::WebContents* tab =
+      browser()->tab_strip_model()->GetActiveWebContents();
+  Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext());
+  content::SSLHostStateDecisions* state = profile->GetSSLHostStateDecisions();
+
+  // Simulate a user decision to allow an invalid certificate exception for
+  // www_google_url and for example_url.
+  state->AllowCert(
+      www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID);
+  state->AllowCert(
+      example_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID);
+
+  // Verify that HasAllowedOrDeniedCert correctly acknowledges that a user
+  // decision has been made about www_google_url. Then verify that
+  // HasAllowedOrDeniedCert correctly identifies that the decision has been
+  // revoked.
+  EXPECT_TRUE(state->HasAllowedOrDeniedCert(www_google_url));
+  state->RevokeAllowAndDenyPreferences(www_google_url);
+  EXPECT_FALSE(state->HasAllowedOrDeniedCert(www_google_url));
+  EXPECT_EQ(
+      net::CertPolicy::UNKNOWN,
+      state->QueryPolicy(
+          www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
+
+  // Verify that the revocation of the www_google_url decision does not affect
+  // the Allow for example_url.
+  EXPECT_TRUE(state->HasAllowedOrDeniedCert(example_url));
+
+  // Verify the rovaction of the www_google_url decision does not affect the
+  // non-decision for google_url. Then verify that a revocation of a URL with no
+  // decision has no effect.
+  EXPECT_FALSE(state->HasAllowedOrDeniedCert(google_url));
+  state->RevokeAllowAndDenyPreferences(google_url);
+  EXPECT_FALSE(state->HasAllowedOrDeniedCert(google_url));
+}
+
+IN_PROC_BROWSER_TEST_F(ChromeSSLHostStateDecisionsTest, Clear) {
+  scoped_refptr<net::X509Certificate> google_cert(
+      net::X509Certificate::CreateFromBytes(
+          reinterpret_cast<const char*>(google_der), sizeof(google_der)));
+  content::WebContents* tab =
+      browser()->tab_strip_model()->GetActiveWebContents();
+  Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext());
+  content::SSLHostStateDecisions* state = profile->GetSSLHostStateDecisions();
+
+  // Simulate a user decision to allow an invalid certificate exception for
+  // www_google_url and for example_url.
+  state->AllowCert(
+      www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID);
+
+  // Do a full clear, then make sure that both www_google_url, which had a
+  // decision made, and example_url, which was untouched, are now in a
+  // non-decision state.
+  state->Clear();
+  EXPECT_FALSE(state->HasAllowedOrDeniedCert(www_google_url));
+  EXPECT_EQ(
+      net::CertPolicy::UNKNOWN,
+      state->QueryPolicy(
+          www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
+  EXPECT_FALSE(state->HasAllowedOrDeniedCert(example_url));
+  EXPECT_EQ(net::CertPolicy::UNKNOWN,
+            state->QueryPolicy(
+                example_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
+}
+
+// Tests the basic behavior of cert memory in incognito
+class IncognitoSSLHostStateDecisionsTest
+    : public ChromeSSLHostStateDecisionsTest {
+ protected:
+  virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE {
+    ChromeSSLHostStateDecisionsTest::SetUpCommandLine(command_line);
+    command_line->AppendSwitch(switches::kRememberCertErrorDecisionsOneDay);
+  }
+};
+
+IN_PROC_BROWSER_TEST_F(IncognitoSSLHostStateDecisionsTest, PRE_AfterRestart) {
+  scoped_refptr<net::X509Certificate> google_cert(
+      net::X509Certificate::CreateFromBytes(
+          reinterpret_cast<const char*>(google_der), sizeof(google_der)));
+  content::WebContents* tab =
+      browser()->tab_strip_model()->GetActiveWebContents();
+  Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext());
+  content::SSLHostStateDecisions* state = profile->GetSSLHostStateDecisions();
+
+  // Add a cert exception to the profile and then verify that it still exists
+  // in the incognito profile.
+  state->AllowCert(
+      www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID);
+
+  scoped_ptr<Profile> incognito(profile->CreateOffTheRecordProfile());
+  content::SSLHostStateDecisions* incognito_state =
+      incognito->GetSSLHostStateDecisions();
+
+  EXPECT_EQ(
+      net::CertPolicy::ALLOWED,
+      incognito_state->QueryPolicy(
+          www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
+
+  // Add a cert exception to the incognito profile. It will be checked after
+  // restart that this exception does not exist. Note the different cert URL and
+  // error than above thus mapping to a second exception. Also validate that it
+  // was not added as an exception to the regular profile.
+  incognito_state->AllowCert(
+      google_url, google_cert.get(), net::CERT_STATUS_COMMON_NAME_INVALID);
+
+  EXPECT_EQ(
+      net::CertPolicy::UNKNOWN,
+      state->QueryPolicy(
+          google_url, google_cert.get(), net::CERT_STATUS_COMMON_NAME_INVALID));
+}
+
+IN_PROC_BROWSER_TEST_F(IncognitoSSLHostStateDecisionsTest, AfterRestart) {

[Ryan Sleevi, 2014/07/17 23:19:36]

Document a bit of the test

// Decisions made in an incognito profile should be forgotten after the profile
is closed or the user restarts the browser.

[jww, 2014/07/21 23:39:33]

Done.

+  scoped_refptr<net::X509Certificate> google_cert(
+      net::X509Certificate::CreateFromBytes(
+          reinterpret_cast<const char*>(google_der), sizeof(google_der)));
+  content::WebContents* tab =
+      browser()->tab_strip_model()->GetActiveWebContents();
+  Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext());
+  content::SSLHostStateDecisions* state = profile->GetSSLHostStateDecisions();
+
+  // Verify that the exception added before restart to the regular
+  // (non-incognito) profile still exists and was not cleared after the
+  // incognito session ended.
+  EXPECT_EQ(
+      net::CertPolicy::ALLOWED,
+      state->QueryPolicy(
+          www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
+
+  scoped_ptr<Profile> incognito(profile->CreateOffTheRecordProfile());
+  content::SSLHostStateDecisions* incognito_state =
+      incognito->GetSSLHostStateDecisions();
+
+  // Verify that the exception added before restart to the incognito profile was
+  // cleared when the incognito session ended.
+  EXPECT_EQ(
+      net::CertPolicy::UNKNOWN,
+      incognito_state->QueryPolicy(
+          google_url, google_cert.get(), net::CERT_STATUS_COMMON_NAME_INVALID));
+}
+
+// Tests to make sure that if the remember value is set to -1, any decisions
+// won't be remembered over a restart.
+class ForgetSSLHostStateDecisionsTest : public ChromeSSLHostStateDecisionsTest {
+ protected:
+  virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE {
+    ChromeSSLHostStateDecisionsTest::SetUpCommandLine(command_line);
+    command_line->AppendSwitch(switches::kRememberCertErrorDecisionsDisable);
+  }
+};
+
+IN_PROC_BROWSER_TEST_F(ForgetSSLHostStateDecisionsTest, PRE_AfterRestart) {
+  scoped_refptr<net::X509Certificate> google_cert(
+      net::X509Certificate::CreateFromBytes(
+          reinterpret_cast<const char*>(google_der), sizeof(google_der)));
+  content::WebContents* tab =
+      browser()->tab_strip_model()->GetActiveWebContents();
+  Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext());
+  content::SSLHostStateDecisions* state = profile->GetSSLHostStateDecisions();
+
+  state->AllowCert(
+      www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID);
+  EXPECT_EQ(
+      net::CertPolicy::ALLOWED,
+      state->QueryPolicy(
+          www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
+}
+
+IN_PROC_BROWSER_TEST_F(ForgetSSLHostStateDecisionsTest, AfterRestart) {
+  scoped_refptr<net::X509Certificate> google_cert(
+      net::X509Certificate::CreateFromBytes(
+          reinterpret_cast<const char*>(google_der), sizeof(google_der)));
+  content::WebContents* tab =
+      browser()->tab_strip_model()->GetActiveWebContents();
+  Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext());
+  content::SSLHostStateDecisions* state = profile->GetSSLHostStateDecisions();
+
+  // The cert should now be |UNKONWN| because the profile is set to forget cert
+  // exceptions after session end.
+  EXPECT_EQ(
+      net::CertPolicy::UNKNOWN,
+      state->QueryPolicy(
+          www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
+}
+
+// Tests to make sure that if the remember value is set to 0, any decisions made
+// will be forgetten immediately.
+class ForgetInstantlySSLHostStateDecisionsTest
+    : public ChromeSSLHostStateDecisionsTest {
+ protected:
+  virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE {
+    ChromeSSLHostStateDecisionsTest::SetUpCommandLine(command_line);
+    command_line->AppendSwitch(switches::kRememberCertErrorDecisionsNone);
+  }
+};
+
+IN_PROC_BROWSER_TEST_F(ForgetInstantlySSLHostStateDecisionsTest,
+                       MakeAndForgetException) {
+  scoped_refptr<net::X509Certificate> google_cert(
+      net::X509Certificate::CreateFromBytes(
+          reinterpret_cast<const char*>(google_der), sizeof(google_der)));
+  content::WebContents* tab =
+      browser()->tab_strip_model()->GetActiveWebContents();
+  Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext());
+  content::SSLHostStateDecisions* state = profile->GetSSLHostStateDecisions();
+
+  // chrome_state takes ownership of this clock
+  base::SimpleTestClock* clock = new base::SimpleTestClock();
+  ChromeSSLHostStateDecisions* chrome_state =
+      static_cast<ChromeSSLHostStateDecisions*>(state);
+  chrome_state->SetClock(scoped_ptr<base::Clock>(clock));
+
+  // Start the clock at standard system time but do not advance at all to
+  // emphasize that instant forget works.
+  clock->SetNow(base::Time::NowFromSystemTime());
+
+  state->AllowCert(
+      www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID);
+  EXPECT_EQ(
+      net::CertPolicy::UNKNOWN,
+      state->QueryPolicy(
+          www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
+}
+
+// Tests to make sure that if the remember value is set to a non-zero value0,
+// any decisions will be remembered over a restart, but only for the length
+// specified.
+class RememberSSLHostStateDecisionsTest
+    : public ChromeSSLHostStateDecisionsTest {
+ protected:
+  virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE {
+    ChromeSSLHostStateDecisionsTest::SetUpCommandLine(command_line);
+    command_line->AppendSwitch(switches::kRememberCertErrorDecisionsOneDay);
+  }
+};
+
+IN_PROC_BROWSER_TEST_F(RememberSSLHostStateDecisionsTest, PRE_AfterRestart) {
+  scoped_refptr<net::X509Certificate> google_cert(
+      net::X509Certificate::CreateFromBytes(
+          reinterpret_cast<const char*>(google_der), sizeof(google_der)));
+  content::WebContents* tab =
+      browser()->tab_strip_model()->GetActiveWebContents();
+  Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext());
+  content::SSLHostStateDecisions* state = profile->GetSSLHostStateDecisions();
+
+  state->AllowCert(
+      www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID);
+  EXPECT_EQ(
+      net::CertPolicy::ALLOWED,
+      state->QueryPolicy(
+          www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
+}
+
+IN_PROC_BROWSER_TEST_F(RememberSSLHostStateDecisionsTest, AfterRestart) {
+  scoped_refptr<net::X509Certificate> google_cert(
+      net::X509Certificate::CreateFromBytes(
+          reinterpret_cast<const char*>(google_der), sizeof(google_der)));
+  content::WebContents* tab =
+      browser()->tab_strip_model()->GetActiveWebContents();
+  Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext());
+  content::SSLHostStateDecisions* state = profile->GetSSLHostStateDecisions();
+
+  // chrome_state takes ownership of this clock
+  base::SimpleTestClock* clock = new base::SimpleTestClock();
+  ChromeSSLHostStateDecisions* chrome_state =
+      static_cast<ChromeSSLHostStateDecisions*>(state);
+  chrome_state->SetClock(scoped_ptr<base::Clock>(clock));
+
+  // Start the clock at standard system time.
+  clock->SetNow(base::Time::NowFromSystemTime());
+
+  // This should only pass if the cert was allowed before the test was restart
+  // and thus has now been rememebered across browser restarts.
+  EXPECT_EQ(
+      net::CertPolicy::ALLOWED,
+      state->QueryPolicy(
+          www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
+
+  // Simulate the clock advancing by the specified delta.
+  clock->Advance(base::TimeDelta::FromSeconds(kDeltaOneDayInSeconds + 1));
+
+  // The cert should now be |UNKONWN| because the specified delta has passed.
+  EXPECT_EQ(
+      net::CertPolicy::UNKNOWN,
+      state->QueryPolicy(
+          www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
+}