Index: chrome/browser/ssl/chrome_ssl_host_state_decisions_test.cc |
diff --git a/chrome/browser/ssl/chrome_ssl_host_state_decisions_test.cc b/chrome/browser/ssl/chrome_ssl_host_state_decisions_test.cc |
new file mode 100644 |
index 0000000000000000000000000000000000000000..5574978ac57c6ec02937fa0eabfb8dc59faaf253 |
--- /dev/null |
+++ b/chrome/browser/ssl/chrome_ssl_host_state_decisions_test.cc |
@@ -0,0 +1,417 @@ |
+// Copyright (c) 2014 The Chromium Authors. All rights reserved. |
+// Use of this source code is governed by a BSD-style license that can be |
+// found in the LICENSE file. |
+ |
+#include "base/command_line.h" |
+#include "base/strings/string_number_conversions.h" |
+#include "base/test/simple_test_clock.h" |
+#include "chrome/browser/profiles/profile.h" |
+#include "chrome/browser/ssl/chrome_ssl_host_state_decisions.h" |
+#include "chrome/browser/ui/browser.h" |
+#include "chrome/browser/ui/tabs/tab_strip_model.h" |
+#include "chrome/common/chrome_switches.h" |
+#include "chrome/test/base/in_process_browser_test.h" |
+#include "content/public/browser/ssl_host_state_decisions.h" |
+#include "content/public/browser/web_contents.h" |
+#include "content/public/test/browser_test_utils.h" |
+#include "testing/gtest/include/gtest/gtest.h" |
+#include "url/gurl.h" |
+ |
+namespace { |
+ |
+// Certificate for test data. It is obtained with: |
+// |
+// $ openssl s_client -connect [host]:443 -showcerts |
+// $ openssl x509 -inform PEM -outform DER > /tmp/host.der |
+// $ xxd -i /tmp/host.der |
+ |
+// Google's cert. |
+ |
+unsigned char google_der[] = { |
Ryan Sleevi
2014/07/08 23:53:29
Use the net test data. Don't hardcode files into t
jww
2014/07/11 00:08:41
Done.
|
+ 0x30, 0x82, 0x03, 0x21, 0x30, 0x82, 0x02, 0x8a, 0xa0, 0x03, 0x02, 0x01, |
+ 0x02, 0x02, 0x10, 0x3c, 0x8d, 0x3a, 0x64, 0xee, 0x18, 0xdd, 0x1b, 0x73, |
+ 0x0b, 0xa1, 0x92, 0xee, 0xf8, 0x98, 0x1b, 0x30, 0x0d, 0x06, 0x09, 0x2a, |
+ 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x4c, |
+ 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x5a, |
+ 0x41, 0x31, 0x25, 0x30, 0x23, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x1c, |
+ 0x54, 0x68, 0x61, 0x77, 0x74, 0x65, 0x20, 0x43, 0x6f, 0x6e, 0x73, 0x75, |
+ 0x6c, 0x74, 0x69, 0x6e, 0x67, 0x20, 0x28, 0x50, 0x74, 0x79, 0x29, 0x20, |
+ 0x4c, 0x74, 0x64, 0x2e, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, |
+ 0x03, 0x13, 0x0d, 0x54, 0x68, 0x61, 0x77, 0x74, 0x65, 0x20, 0x53, 0x47, |
+ 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x30, 0x38, 0x30, 0x35, |
+ 0x30, 0x32, 0x31, 0x37, 0x30, 0x32, 0x35, 0x35, 0x5a, 0x17, 0x0d, 0x30, |
+ 0x39, 0x30, 0x35, 0x30, 0x32, 0x31, 0x37, 0x30, 0x32, 0x35, 0x35, 0x5a, |
+ 0x30, 0x68, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, |
+ 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, |
+ 0x13, 0x0a, 0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f, 0x72, 0x6e, 0x69, 0x61, |
+ 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x0d, 0x4d, |
+ 0x6f, 0x75, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x20, 0x56, 0x69, 0x65, 0x77, |
+ 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0a, 0x47, |
+ 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x20, 0x49, 0x6e, 0x63, 0x31, 0x17, 0x30, |
+ 0x15, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0e, 0x77, 0x77, 0x77, 0x2e, |
+ 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x81, |
+ 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, |
+ 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, |
+ 0x81, 0x81, 0x00, 0x9b, 0x19, 0xed, 0x5d, 0xa5, 0x56, 0xaf, 0x49, 0x66, |
+ 0xdb, 0x79, 0xfd, 0xc2, 0x1c, 0x78, 0x4e, 0x4f, 0x11, 0xa5, 0x8a, 0xac, |
+ 0xe2, 0x94, 0xee, 0xe3, 0xe2, 0x4b, 0xc0, 0x03, 0x25, 0xa7, 0x99, 0xcc, |
+ 0x65, 0xe1, 0xec, 0x94, 0xae, 0xae, 0xf0, 0xa7, 0x99, 0xbc, 0x10, 0xd7, |
+ 0xed, 0x87, 0x30, 0x47, 0xcd, 0x50, 0xf9, 0xaf, 0xd3, 0xd3, 0xf4, 0x0b, |
+ 0x8d, 0x47, 0x8a, 0x2e, 0xe2, 0xce, 0x53, 0x9b, 0x91, 0x99, 0x7f, 0x1e, |
+ 0x5c, 0xf9, 0x1b, 0xd6, 0xe9, 0x93, 0x67, 0xe3, 0x4a, 0xf8, 0xcf, 0xc4, |
+ 0x8c, 0x0c, 0x68, 0xd1, 0x97, 0x54, 0x47, 0x0e, 0x0a, 0x24, 0x30, 0xa7, |
+ 0x82, 0x94, 0xae, 0xde, 0xae, 0x3f, 0xbf, 0xba, 0x14, 0xc6, 0xf8, 0xb2, |
+ 0x90, 0x8e, 0x36, 0xad, 0xe1, 0xd0, 0xbe, 0x16, 0x9a, 0xb3, 0x5e, 0x72, |
+ 0x38, 0x49, 0xda, 0x74, 0xa1, 0x3f, 0xff, 0xd2, 0x87, 0x81, 0xed, 0x02, |
+ 0x03, 0x01, 0x00, 0x01, 0xa3, 0x81, 0xe7, 0x30, 0x81, 0xe4, 0x30, 0x28, |
+ 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x21, 0x30, 0x1f, 0x06, 0x08, 0x2b, |
+ 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, |
+ 0x05, 0x05, 0x07, 0x03, 0x02, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x86, |
+ 0xf8, 0x42, 0x04, 0x01, 0x30, 0x36, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, |
+ 0x2f, 0x30, 0x2d, 0x30, 0x2b, 0xa0, 0x29, 0xa0, 0x27, 0x86, 0x25, 0x68, |
+ 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x74, 0x68, |
+ 0x61, 0x77, 0x74, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x54, 0x68, 0x61, |
+ 0x77, 0x74, 0x65, 0x53, 0x47, 0x43, 0x43, 0x41, 0x2e, 0x63, 0x72, 0x6c, |
+ 0x30, 0x72, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, |
+ 0x04, 0x66, 0x30, 0x64, 0x30, 0x22, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, |
+ 0x05, 0x07, 0x30, 0x01, 0x86, 0x16, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, |
+ 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, |
+ 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x3e, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, |
+ 0x05, 0x07, 0x30, 0x02, 0x86, 0x32, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, |
+ 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2e, |
+ 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x65, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x6f, |
+ 0x72, 0x79, 0x2f, 0x54, 0x68, 0x61, 0x77, 0x74, 0x65, 0x5f, 0x53, 0x47, |
+ 0x43, 0x5f, 0x43, 0x41, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x0c, 0x06, 0x03, |
+ 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x02, 0x30, 0x00, 0x30, 0x0d, |
+ 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, |
+ 0x00, 0x03, 0x81, 0x81, 0x00, 0x31, 0x0a, 0x6c, 0xa2, 0x9e, 0xe9, 0x54, |
+ 0x19, 0x16, 0x68, 0x99, 0x91, 0xd6, 0x43, 0xcb, 0x6b, 0xb4, 0xcc, 0x6c, |
+ 0xcc, 0xb0, 0xfb, 0xf1, 0xee, 0x81, 0xbf, 0x00, 0x2b, 0x6f, 0x50, 0x12, |
+ 0xc6, 0xaf, 0x02, 0x2a, 0x36, 0xc1, 0x28, 0xde, 0xc5, 0x4c, 0x56, 0x20, |
+ 0x6d, 0xf5, 0x3d, 0x42, 0xb9, 0x18, 0x81, 0x20, 0xb2, 0xdd, 0x57, 0x5d, |
+ 0xeb, 0xbe, 0x32, 0x84, 0x50, 0x45, 0x51, 0x6e, 0xcd, 0xe4, 0x2e, 0x2a, |
+ 0x38, 0x88, 0x9f, 0x52, 0xed, 0x28, 0xff, 0xfc, 0x8d, 0x57, 0xb5, 0xad, |
+ 0x64, 0xae, 0x4d, 0x0e, 0x0e, 0xd9, 0x3d, 0xac, 0xb8, 0xfe, 0x66, 0x4c, |
+ 0x15, 0x8f, 0x44, 0x52, 0xfa, 0x7c, 0x3c, 0x04, 0xed, 0x7f, 0x37, 0x61, |
+ 0x04, 0xfe, 0xd5, 0xe9, 0xb9, 0xb0, 0x9e, 0xfe, 0xa5, 0x11, 0x69, 0xc9, |
+ 0x63, 0xd6, 0x46, 0x81, 0x6f, 0x00, 0xd8, 0x72, 0x2f, 0x82, 0x37, 0x44, |
+ 0xc1}; |
+ |
+GURL www_google_url("https://www.google.com"); |
+GURL google_url("https://google.com"); |
+GURL example_url("https://example.com"); |
+ |
+const char* kDeltaSecondsString = "86400"; |
+ |
+} // namespace |
+ |
+class ChromeSSLHostStateDecisionsTest : public InProcessBrowserTest { |
+ public: |
+ ChromeSSLHostStateDecisionsTest() {}; |
+ virtual ~ChromeSSLHostStateDecisionsTest() {}; |
+ |
+ // InProcessBrowserTest: |
+ virtual void SetUpInProcessBrowserTestFixture() OVERRIDE{}; |
+ virtual void SetUpOnMainThread() OVERRIDE{}; |
+ virtual void CleanUpOnMainThread() OVERRIDE{}; |
Ryan Sleevi
2014/07/08 23:53:29
1) spaces between OVERRIDE and {}
2) Um, why are y
jww
2014/07/11 00:08:41
I actually had a space initially, but git-cl forma
|
+ |
+ virtual void SetUpOnIOThread() {}; |
+ virtual void CleanUpOnIOThread() {}; |
+}; |
+ |
+// This tests basic unit test functionality of the SSLHostStateDecisions class. |
+// For example, tests that if a certificate is accepted, then it is added to |
+// queryable, and if it is revoked, it is not queryable. |
+IN_PROC_BROWSER_TEST_F(ChromeSSLHostStateDecisionsTest, QueryPolicy) { |
+ scoped_refptr<net::X509Certificate> google_cert( |
+ net::X509Certificate::CreateFromBytes( |
+ reinterpret_cast<const char*>(google_der), sizeof(google_der))); |
+ content::WebContents* tab = |
+ browser()->tab_strip_model()->GetActiveWebContents(); |
+ Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
+ content::SSLHostStateDecisions* state = profile->GetSSLHostStateDecisions(); |
Ryan Sleevi
2014/07/08 23:53:29
Seems like all of this could be done as a simple T
jww
2014/07/11 00:08:41
I think you're right that these basic unit tests c
jww
2014/07/11 00:08:41
Perhaps I don't quite understand how TEST_F works,
Ryan Sleevi
2014/07/11 00:48:49
Correct, there won't be an associated Profile in a
jww
2014/07/11 01:52:07
Sorry for my density, I still think that doesn't m
Ryan Sleevi
2014/07/11 19:43:27
Bah, I missed *Decisions rather than just SSLHostS
jww
2014/07/14 21:21:15
Acknowledged.
|
+ |
+ EXPECT_EQ( |
+ net::CertPolicy::UNKNOWN, |
+ state->QueryPolicy( |
+ www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
+ EXPECT_EQ(net::CertPolicy::UNKNOWN, |
+ state->QueryPolicy( |
+ google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
+ EXPECT_EQ(net::CertPolicy::UNKNOWN, |
+ state->QueryPolicy( |
+ example_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
Ryan Sleevi
2014/07/11 19:43:27
Document the precondition you're testing on line 1
jww
2014/07/14 21:21:15
Done.
|
+ |
+ state->AllowCert( |
Ryan Sleevi
2014/07/11 19:43:27
Document what you're doing, and then on line 147,
jww
2014/07/14 21:21:15
Done.
|
+ www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
+ |
+ EXPECT_EQ( |
+ net::CertPolicy::ALLOWED, |
+ state->QueryPolicy( |
+ www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
+ EXPECT_EQ(net::CertPolicy::UNKNOWN, |
+ state->QueryPolicy( |
+ google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
+ EXPECT_EQ(net::CertPolicy::UNKNOWN, |
+ state->QueryPolicy( |
+ example_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
+ |
+ state->AllowCert( |
Ryan Sleevi
2014/07/11 19:43:27
Document what you're doing, and what you're verify
jww
2014/07/14 21:21:15
Done.
|
+ example_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
+ |
+ EXPECT_EQ( |
+ net::CertPolicy::ALLOWED, |
+ state->QueryPolicy( |
+ www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
+ EXPECT_EQ(net::CertPolicy::UNKNOWN, |
+ state->QueryPolicy( |
+ google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
+ EXPECT_EQ(net::CertPolicy::ALLOWED, |
+ state->QueryPolicy( |
+ example_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
+ |
+ state->DenyCert( |
Ryan Sleevi
2014/07/11 19:43:27
Document what you're doing, and what you're verify
jww
2014/07/14 21:21:15
Done.
|
+ example_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
+ |
+ EXPECT_EQ( |
+ net::CertPolicy::ALLOWED, |
+ state->QueryPolicy( |
+ www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
+ EXPECT_EQ(net::CertPolicy::UNKNOWN, |
+ state->QueryPolicy( |
+ google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
+ EXPECT_EQ(net::CertPolicy::DENIED, |
+ state->QueryPolicy( |
+ example_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
+ |
+ EXPECT_TRUE(state->HasAllowedOrDeniedCert(www_google_url)); |
Ryan Sleevi
2014/07/11 19:43:27
Seems like 187-193 should be their own, hermetic t
jww
2014/07/14 21:21:15
Done.
|
+ state->RevokeAllowAndDenyPreferences(www_google_url); |
+ EXPECT_FALSE(state->HasAllowedOrDeniedCert(www_google_url)); |
+ EXPECT_EQ( |
+ net::CertPolicy::UNKNOWN, |
+ state->QueryPolicy( |
+ www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
+ |
+ EXPECT_FALSE(state->HasAllowedOrDeniedCert(google_url)); |
Ryan Sleevi
2014/07/11 19:43:27
What is this testing that is different than what y
jww
2014/07/14 21:21:15
187-193 tests that HasAllowedOrDeniedCert works fo
|
+ state->RevokeAllowAndDenyPreferences(google_url); |
+ EXPECT_FALSE(state->HasAllowedOrDeniedCert(google_url)); |
+ EXPECT_EQ(net::CertPolicy::UNKNOWN, |
+ state->QueryPolicy( |
+ google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
+ |
+ EXPECT_TRUE(state->HasAllowedOrDeniedCert(example_url)); |
Ryan Sleevi
2014/07/11 19:43:27
How is this a different test than the previous two
jww
2014/07/14 21:21:15
Yeah, this was a silly test. I'm going to modify i
|
+ state->RevokeAllowAndDenyPreferences(example_url); |
+ EXPECT_FALSE(state->HasAllowedOrDeniedCert(example_url)); |
+ EXPECT_EQ(net::CertPolicy::UNKNOWN, |
+ state->QueryPolicy( |
+ example_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
+ |
+ state->Clear(); |
+ |
+ EXPECT_EQ( |
+ net::CertPolicy::UNKNOWN, |
+ state->QueryPolicy( |
+ www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
+ EXPECT_EQ(net::CertPolicy::UNKNOWN, |
+ state->QueryPolicy( |
+ google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
+ EXPECT_EQ(net::CertPolicy::UNKNOWN, |
+ state->QueryPolicy( |
+ example_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
Ryan Sleevi
2014/07/11 19:43:27
How does this actually test that Clear() worked, c
jww
2014/07/14 21:21:15
Done.
|
+} |
+ |
+// Tests the basic behavior of cert memory in incognito |
+class IncognitoSSLHostStateDecisionsTest |
+ : public ChromeSSLHostStateDecisionsTest { |
+ protected: |
+ virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE { |
+ ChromeSSLHostStateDecisionsTest::SetUpCommandLine(command_line); |
+ // Setting the kRememberCertErrorDecisions flag to positive, non "0" values |
+ // indicates that certificate decisions should be remembered even across |
+ // browser session restarts for the given length of time, in seconds. |
+ command_line->AppendSwitchASCII(switches::kRememberCertErrorDecisions, |
+ kDeltaSecondsString); |
+ } |
+}; |
+ |
+IN_PROC_BROWSER_TEST_F(IncognitoSSLHostStateDecisionsTest, PRE_AfterRestart) { |
+ scoped_refptr<net::X509Certificate> google_cert( |
+ net::X509Certificate::CreateFromBytes( |
+ reinterpret_cast<const char*>(google_der), sizeof(google_der))); |
+ content::WebContents* tab = |
+ browser()->tab_strip_model()->GetActiveWebContents(); |
+ Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
+ content::SSLHostStateDecisions* state = profile->GetSSLHostStateDecisions(); |
+ |
+ // Add a cert exception to the profile and then verify that it still exists |
+ // in the incognito profile. |
+ state->AllowCert( |
+ www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
+ |
+ scoped_ptr<Profile> incognito(profile->CreateOffTheRecordProfile()); |
+ content::SSLHostStateDecisions* incognito_state = |
+ incognito->GetSSLHostStateDecisions(); |
+ |
+ EXPECT_EQ( |
+ net::CertPolicy::ALLOWED, |
+ incognito_state->QueryPolicy( |
+ www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
+ |
+ // Add a cert exception to the incognito profile. It will be checked after |
+ // restart that this exception does not exist. Note the different cert URL and |
+ // error than above thus mapping to a second exception. Also validate that it |
+ // was not added as an exception to the regular profile. |
+ incognito_state->AllowCert( |
+ google_url, google_cert.get(), net::CERT_STATUS_COMMON_NAME_INVALID); |
+ |
+ EXPECT_EQ( |
+ net::CertPolicy::UNKNOWN, |
+ state->QueryPolicy( |
+ google_url, google_cert.get(), net::CERT_STATUS_COMMON_NAME_INVALID)); |
+} |
+ |
+IN_PROC_BROWSER_TEST_F(IncognitoSSLHostStateDecisionsTest, AfterRestart) { |
+ scoped_refptr<net::X509Certificate> google_cert( |
+ net::X509Certificate::CreateFromBytes( |
+ reinterpret_cast<const char*>(google_der), sizeof(google_der))); |
+ content::WebContents* tab = |
+ browser()->tab_strip_model()->GetActiveWebContents(); |
+ Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
+ content::SSLHostStateDecisions* state = profile->GetSSLHostStateDecisions(); |
+ |
+ // Verify that the exception added before restart to the regular |
+ // (non-incognito) profile still exists and was not cleared after the |
+ // incognito session ended. |
+ EXPECT_EQ( |
+ net::CertPolicy::ALLOWED, |
+ state->QueryPolicy( |
+ www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
+ |
+ scoped_ptr<Profile> incognito(profile->CreateOffTheRecordProfile()); |
+ content::SSLHostStateDecisions* incognito_state = |
+ incognito->GetSSLHostStateDecisions(); |
+ |
+ // Verify that the exception added before restart to the incognito profile was |
+ // cleared when the incognito session ended. |
+ EXPECT_EQ( |
+ net::CertPolicy::UNKNOWN, |
+ incognito_state->QueryPolicy( |
+ google_url, google_cert.get(), net::CERT_STATUS_COMMON_NAME_INVALID)); |
+} |
+ |
+// Tests to make sure that if the remember value is set to 0, any decisions |
+// won't be remembered over a restart. |
+class ForgetSSLHostStateDecisionsTest : public ChromeSSLHostStateDecisionsTest { |
+ protected: |
+ virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE { |
+ ChromeSSLHostStateDecisionsTest::SetUpCommandLine(command_line); |
+ // Setting the kRememberCertErrorDecisions flag to a value of "0" indicates |
+ // that certificate decisions should not be remembered across browser |
+ // session restarts. |
+ command_line->AppendSwitchASCII(switches::kRememberCertErrorDecisions, "0"); |
+ } |
+}; |
+ |
+IN_PROC_BROWSER_TEST_F(ForgetSSLHostStateDecisionsTest, PRE_AfterRestart) { |
+ scoped_refptr<net::X509Certificate> google_cert( |
+ net::X509Certificate::CreateFromBytes( |
+ reinterpret_cast<const char*>(google_der), sizeof(google_der))); |
+ content::WebContents* tab = |
+ browser()->tab_strip_model()->GetActiveWebContents(); |
+ Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
+ content::SSLHostStateDecisions* state = profile->GetSSLHostStateDecisions(); |
+ |
+ state->AllowCert( |
+ www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
+ EXPECT_EQ( |
+ net::CertPolicy::ALLOWED, |
+ state->QueryPolicy( |
+ www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
+} |
+ |
+IN_PROC_BROWSER_TEST_F(ForgetSSLHostStateDecisionsTest, AfterRestart) { |
+ scoped_refptr<net::X509Certificate> google_cert( |
+ net::X509Certificate::CreateFromBytes( |
+ reinterpret_cast<const char*>(google_der), sizeof(google_der))); |
+ content::WebContents* tab = |
+ browser()->tab_strip_model()->GetActiveWebContents(); |
+ Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
+ content::SSLHostStateDecisions* state = profile->GetSSLHostStateDecisions(); |
+ |
+ // The cert should now be |UNKONWN| because the profile is set to forget cert |
+ // exceptions after session end. |
+ EXPECT_EQ( |
+ net::CertPolicy::UNKNOWN, |
+ state->QueryPolicy( |
+ www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
+} |
+ |
+// Tests to make sure that if the remember value is set to a non-zero value0, |
+// any decisions will be remembered over a restart, but only for the length |
+// specified. |
+class RememberSSLHostStateDecisionsTest |
+ : public ChromeSSLHostStateDecisionsTest { |
+ protected: |
+ virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE { |
+ ChromeSSLHostStateDecisionsTest::SetUpCommandLine(command_line); |
+ // Setting the kRememberCertErrorDecisions flag to positive, non "0" values |
+ // indicates that certificate decisions should be remembered even across |
+ // browser session restarts for the given length of time, in seconds. |
+ command_line->AppendSwitchASCII(switches::kRememberCertErrorDecisions, |
+ kDeltaSecondsString); |
+ } |
+}; |
+ |
+IN_PROC_BROWSER_TEST_F(RememberSSLHostStateDecisionsTest, PRE_AfterRestart) { |
+ scoped_refptr<net::X509Certificate> google_cert( |
+ net::X509Certificate::CreateFromBytes( |
+ reinterpret_cast<const char*>(google_der), sizeof(google_der))); |
+ content::WebContents* tab = |
+ browser()->tab_strip_model()->GetActiveWebContents(); |
+ Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
+ content::SSLHostStateDecisions* state = profile->GetSSLHostStateDecisions(); |
+ |
+ state->AllowCert( |
+ www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
+ EXPECT_EQ( |
+ net::CertPolicy::ALLOWED, |
+ state->QueryPolicy( |
+ www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
+} |
+ |
+IN_PROC_BROWSER_TEST_F(RememberSSLHostStateDecisionsTest, AfterRestart) { |
+ scoped_refptr<net::X509Certificate> google_cert( |
+ net::X509Certificate::CreateFromBytes( |
+ reinterpret_cast<const char*>(google_der), sizeof(google_der))); |
+ content::WebContents* tab = |
+ browser()->tab_strip_model()->GetActiveWebContents(); |
+ Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
+ content::SSLHostStateDecisions* state = profile->GetSSLHostStateDecisions(); |
+ |
+ // chrome_state takes ownership of this clock |
+ base::SimpleTestClock* clock = new base::SimpleTestClock(); |
+ ChromeSSLHostStateDecisions* chrome_state = |
+ static_cast<ChromeSSLHostStateDecisions*>(state); |
+ chrome_state->SetClock(scoped_ptr<base::Clock>(clock)); |
+ |
+ // Start the clock at standard system time. |
+ clock->SetNow(base::Time::NowFromSystemTime()); |
+ |
+ // This should only pass if the cert was allowed before the test was restart |
+ // and thus has now been rememebered across browser restarts. |
+ EXPECT_EQ( |
+ net::CertPolicy::ALLOWED, |
+ state->QueryPolicy( |
+ www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
+ |
+ // Simulate the clock advancing by the specified delta. |
+ int64 delta; |
+ base::StringToInt64(kDeltaSecondsString, &delta); |
+ clock->Advance(base::TimeDelta::FromSeconds(delta + 1)); |
+ |
+ // The cert should now be |UNKONWN| because the specified delta has passed. |
+ EXPECT_EQ( |
+ net::CertPolicy::UNKNOWN, |
+ state->QueryPolicy( |
+ www_google_url, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
+} |