Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1514)

Unified Diff: chrome/browser/ssl/chrome_ssl_host_state_decisions_test.cc

Issue 369703002: Remember user decisions on invalid certificates behind a flag (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Updated with experimental groups Created 6 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: chrome/browser/ssl/chrome_ssl_host_state_decisions_test.cc
diff --git a/chrome/browser/ssl/chrome_ssl_host_state_decisions_test.cc b/chrome/browser/ssl/chrome_ssl_host_state_decisions_test.cc
new file mode 100644
index 0000000000000000000000000000000000000000..c08911b51ca589eab0d7f0fdd4e2e79e23657830
--- /dev/null
+++ b/chrome/browser/ssl/chrome_ssl_host_state_decisions_test.cc
@@ -0,0 +1,485 @@
+// Copyright (c) 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include <stdint.h>
+
+#include "base/command_line.h"
+#include "base/strings/string_number_conversions.h"
+#include "base/test/simple_test_clock.h"
+#include "chrome/browser/browsing_data/browsing_data_helper.h"
+#include "chrome/browser/browsing_data/browsing_data_remover.h"
+#include "chrome/browser/browsing_data/browsing_data_remover_test_util.h"
+#include "chrome/browser/profiles/profile.h"
+#include "chrome/browser/ssl/chrome_ssl_host_state_decisions.h"
+#include "chrome/browser/ui/browser.h"
+#include "chrome/browser/ui/tabs/tab_strip_model.h"
+#include "chrome/common/chrome_switches.h"
+#include "chrome/test/base/in_process_browser_test.h"
+#include "content/public/browser/ssl_host_state_decisions.h"
+#include "content/public/browser/web_contents.h"
+#include "content/public/test/browser_test_utils.h"
+#include "net/test/test_certificate_data.h"
+#include "testing/gtest/include/gtest/gtest.h"
+#include "url/gurl.h"
+
+namespace {
+
+const char www_google_url[] = "https://www.google.com";
+const char google_url[] = "https://google.com";
+const char example_url[] = "https://example.com";
+
+const char* kForgetAtSessionEnd = "-1";
+const char* kForgetInstantly = "0";
+const char* kDeltaSecondsString = "86400";
+const uint64_t kDeltaOneDayInSeconds = UINT64_C(86400);
+
+} // namespace
+
+class ChromeSSLHostStateDecisionsTest : public InProcessBrowserTest {};
+
+// ChromeSSLHostStateDecisionsTest tests basic unit test functionality of the
+// SSLHostStateDecisions class. For example, tests that if a certificate is
+// accepted, then it is added to queryable, and if it is revoked, it is not
+// queryable. Even though it is effectively a unit test, in needs to be an
+// InProcessBrowserTest because the actual functionality is provided by
+// ChromeSSLHostStateDecisions which is provided per-profile.
+//
+// QueryPolicy unit tests the expected behavior of calling QueryPolicy on the
+// SSLHostStateDecisions class after various SSL cert decisions have been made.
+IN_PROC_BROWSER_TEST_F(ChromeSSLHostStateDecisionsTest, QueryPolicy) {
+ GURL www_google_gurl(www_google_url);
+ GURL google_gurl(google_url);
+ GURL example_gurl(example_url);
+ scoped_refptr<net::X509Certificate> google_cert(
+ net::X509Certificate::CreateFromBytes(
+ reinterpret_cast<const char*>(google_der), sizeof(google_der)));
Ryan Sleevi 2014/07/31 00:31:28 Not your fault, but bonus points if you want to us
jww 2014/07/31 05:57:00 Done.
+ content::WebContents* tab =
+ browser()->tab_strip_model()->GetActiveWebContents();
+ Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext());
+ content::SSLHostStateDecisions* state = profile->GetSSLHostStateDecisions();
+
+ // Verifying that all three of the certs we will be looking at are unknown
+ // before any action has been taken.
+ EXPECT_EQ(
+ net::CertPolicy::UNKNOWN,
+ state->QueryPolicy(
+ www_google_gurl, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
+ EXPECT_EQ(net::CertPolicy::UNKNOWN,
+ state->QueryPolicy(
+ google_gurl, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
+ EXPECT_EQ(
+ net::CertPolicy::UNKNOWN,
+ state->QueryPolicy(
+ example_gurl, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
+
+ // Simulate a user decision to allow an invalid certificate exception for
+ // www_google_url.
+ state->AllowCert(
+ www_google_gurl, google_cert.get(), net::CERT_STATUS_DATE_INVALID);
+
+ // Verify that only www_google_url is allowed and that the other two certs
+ // being tested still have no decision associated with them.
+ EXPECT_EQ(
+ net::CertPolicy::ALLOWED,
+ state->QueryPolicy(
+ www_google_gurl, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
+ EXPECT_EQ(net::CertPolicy::UNKNOWN,
+ state->QueryPolicy(
+ google_gurl, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
+ EXPECT_EQ(
+ net::CertPolicy::UNKNOWN,
+ state->QueryPolicy(
+ example_gurl, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
+
+ // Simulate a user decision to allow an invalid certificate exception for
+ // example_url.
+ state->AllowCert(
+ example_gurl, google_cert.get(), net::CERT_STATUS_DATE_INVALID);
+
+ // Verify that both www_google_url and example_url have allow exceptions while
+ // google_url still has no associated decision.
+ EXPECT_EQ(
+ net::CertPolicy::ALLOWED,
+ state->QueryPolicy(
+ www_google_gurl, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
+ EXPECT_EQ(net::CertPolicy::UNKNOWN,
+ state->QueryPolicy(
+ google_gurl, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
+ EXPECT_EQ(
+ net::CertPolicy::ALLOWED,
+ state->QueryPolicy(
+ example_gurl, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
+
+ // Simulate a user decision to deny an invalid certificate for example_url.
+ state->DenyCert(
+ example_gurl, google_cert.get(), net::CERT_STATUS_DATE_INVALID);
+
+ // Verify that www_google_url is allowed and example_url is denied while
+ // google_url still has no associated decision.
+ EXPECT_EQ(
+ net::CertPolicy::ALLOWED,
+ state->QueryPolicy(
+ www_google_gurl, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
+ EXPECT_EQ(net::CertPolicy::UNKNOWN,
+ state->QueryPolicy(
+ google_gurl, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
+ EXPECT_EQ(
+ net::CertPolicy::DENIED,
+ state->QueryPolicy(
+ example_gurl, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
+}
+
+// HasPolicyAndRevoke unit tests the expected behavior of calling
+// HasAllowedOrDeniedCert before and after calling RevokeAllowAndDenyPreferences
+// on the SSLHostStateDecisions class.
+IN_PROC_BROWSER_TEST_F(ChromeSSLHostStateDecisionsTest, HasPolicyAndRevoke) {
+ GURL www_google_gurl(www_google_url);
+ GURL google_gurl(google_url);
+ GURL example_gurl(example_url);
+ scoped_refptr<net::X509Certificate> google_cert(
+ net::X509Certificate::CreateFromBytes(
+ reinterpret_cast<const char*>(google_der), sizeof(google_der)));
+ content::WebContents* tab =
+ browser()->tab_strip_model()->GetActiveWebContents();
+ Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext());
+ content::SSLHostStateDecisions* state = profile->GetSSLHostStateDecisions();
+
+ // Simulate a user decision to allow an invalid certificate exception for
+ // www_google_url and for example_url.
+ state->AllowCert(
+ www_google_gurl, google_cert.get(), net::CERT_STATUS_DATE_INVALID);
+ state->AllowCert(
+ example_gurl, google_cert.get(), net::CERT_STATUS_DATE_INVALID);
+
+ // Verify that HasAllowedOrDeniedCert correctly acknowledges that a user
+ // decision has been made about www_google_url. Then verify that
+ // HasAllowedOrDeniedCert correctly identifies that the decision has been
+ // revoked.
+ EXPECT_TRUE(state->HasAllowedOrDeniedCert(www_google_gurl));
+ state->RevokeAllowAndDenyPreferences(www_google_gurl);
+ EXPECT_FALSE(state->HasAllowedOrDeniedCert(www_google_gurl));
+ EXPECT_EQ(
+ net::CertPolicy::UNKNOWN,
+ state->QueryPolicy(
+ www_google_gurl, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
+
+ // Verify that the revocation of the www_google_url decision does not affect
+ // the Allow for example_url.
+ EXPECT_TRUE(state->HasAllowedOrDeniedCert(example_gurl));
+
+ // Verify the rovaction of the www_google_url decision does not affect the
Ryan Sleevi 2014/07/31 00:31:28 Revocation
jww 2014/07/31 05:57:00 Done.
+ // non-decision for google_url. Then verify that a revocation of a URL with no
+ // decision has no effect.
+ EXPECT_FALSE(state->HasAllowedOrDeniedCert(google_gurl));
+ state->RevokeAllowAndDenyPreferences(google_gurl);
+ EXPECT_FALSE(state->HasAllowedOrDeniedCert(google_gurl));
+}
+
+// Clear unit tests the expected behavior of calling Clear to forget all cert
+// decision state on the SSLHostStateDecisions class.
+IN_PROC_BROWSER_TEST_F(ChromeSSLHostStateDecisionsTest, Clear) {
+ GURL www_google_gurl(www_google_url);
+ GURL example_gurl(example_url);
+ scoped_refptr<net::X509Certificate> google_cert(
+ net::X509Certificate::CreateFromBytes(
+ reinterpret_cast<const char*>(google_der), sizeof(google_der)));
+ content::WebContents* tab =
+ browser()->tab_strip_model()->GetActiveWebContents();
+ Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext());
+ content::SSLHostStateDecisions* state = profile->GetSSLHostStateDecisions();
+
+ // Simulate a user decision to allow an invalid certificate exception for
+ // www_google_url and for example_url.
+ state->AllowCert(
+ www_google_gurl, google_cert.get(), net::CERT_STATUS_DATE_INVALID);
+
+ // Do a full clear, then make sure that both www_google_url, which had a
+ // decision made, and example_url, which was untouched, are now in a
+ // non-decision state.
+ state->Clear();
+ EXPECT_FALSE(state->HasAllowedOrDeniedCert(www_google_gurl));
+ EXPECT_EQ(
+ net::CertPolicy::UNKNOWN,
+ state->QueryPolicy(
+ www_google_gurl, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
+ EXPECT_FALSE(state->HasAllowedOrDeniedCert(example_gurl));
+ EXPECT_EQ(
+ net::CertPolicy::UNKNOWN,
+ state->QueryPolicy(
+ example_gurl, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
+}
+
+// Tests the basic behavior of cert memory in incognito.
+class IncognitoSSLHostStateDecisionsTest
+ : public ChromeSSLHostStateDecisionsTest {
+ protected:
+ virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE {
+ ChromeSSLHostStateDecisionsTest::SetUpCommandLine(command_line);
+ command_line->AppendSwitchASCII(switches::kRememberCertErrorDecisions,
+ kDeltaSecondsString);
+ }
+};
+
+IN_PROC_BROWSER_TEST_F(IncognitoSSLHostStateDecisionsTest, PRE_AfterRestart) {
+ GURL www_google_gurl(www_google_url);
+ GURL google_gurl(google_url);
+ scoped_refptr<net::X509Certificate> google_cert(
+ net::X509Certificate::CreateFromBytes(
+ reinterpret_cast<const char*>(google_der), sizeof(google_der)));
+ content::WebContents* tab =
+ browser()->tab_strip_model()->GetActiveWebContents();
+ Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext());
+ content::SSLHostStateDecisions* state = profile->GetSSLHostStateDecisions();
+
+ // Add a cert exception to the profile and then verify that it still exists
+ // in the incognito profile.
+ state->AllowCert(
+ www_google_gurl, google_cert.get(), net::CERT_STATUS_DATE_INVALID);
+
+ scoped_ptr<Profile> incognito(profile->CreateOffTheRecordProfile());
+ content::SSLHostStateDecisions* incognito_state =
+ incognito->GetSSLHostStateDecisions();
+
+ EXPECT_EQ(
+ net::CertPolicy::ALLOWED,
+ incognito_state->QueryPolicy(
+ www_google_gurl, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
+
+ // Add a cert exception to the incognito profile. It will be checked after
+ // restart that this exception does not exist. Note the different cert URL and
+ // error than above thus mapping to a second exception. Also validate that it
+ // was not added as an exception to the regular profile.
+ incognito_state->AllowCert(
+ google_gurl, google_cert.get(), net::CERT_STATUS_COMMON_NAME_INVALID);
+
+ EXPECT_EQ(net::CertPolicy::UNKNOWN,
+ state->QueryPolicy(google_gurl,
+ google_cert.get(),
+ net::CERT_STATUS_COMMON_NAME_INVALID));
+}
+
+// AfterRestart ensures that any cert decisions made in an incognito profile are
+// forgetten after a session restart even if given a command line flag to
+// remember cert decisions after restart.
+IN_PROC_BROWSER_TEST_F(IncognitoSSLHostStateDecisionsTest, AfterRestart) {
+ GURL www_google_gurl(www_google_url);
+ GURL google_gurl(google_url);
+ scoped_refptr<net::X509Certificate> google_cert(
+ net::X509Certificate::CreateFromBytes(
+ reinterpret_cast<const char*>(google_der), sizeof(google_der)));
+ content::WebContents* tab =
+ browser()->tab_strip_model()->GetActiveWebContents();
+ Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext());
+ content::SSLHostStateDecisions* state = profile->GetSSLHostStateDecisions();
+
+ // Verify that the exception added before restart to the regular
+ // (non-incognito) profile still exists and was not cleared after the
+ // incognito session ended.
+ EXPECT_EQ(
+ net::CertPolicy::ALLOWED,
+ state->QueryPolicy(
+ www_google_gurl, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
+
+ scoped_ptr<Profile> incognito(profile->CreateOffTheRecordProfile());
+ content::SSLHostStateDecisions* incognito_state =
+ incognito->GetSSLHostStateDecisions();
+
+ // Verify that the exception added before restart to the incognito profile was
+ // cleared when the incognito session ended.
+ EXPECT_EQ(net::CertPolicy::UNKNOWN,
+ incognito_state->QueryPolicy(google_gurl,
+ google_cert.get(),
+ net::CERT_STATUS_COMMON_NAME_INVALID));
+}
+
+// Tests to make sure that if the remember value is set to -1, any decisions
+// won't be remembered over a restart.
+class ForgetSSLHostStateDecisionsTest : public ChromeSSLHostStateDecisionsTest {
+ protected:
+ virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE {
+ ChromeSSLHostStateDecisionsTest::SetUpCommandLine(command_line);
+ command_line->AppendSwitchASCII(switches::kRememberCertErrorDecisions,
+ kForgetAtSessionEnd);
+ }
+};
+
+IN_PROC_BROWSER_TEST_F(ForgetSSLHostStateDecisionsTest, PRE_AfterRestart) {
+ GURL www_google_gurl(www_google_url);
+ scoped_refptr<net::X509Certificate> google_cert(
+ net::X509Certificate::CreateFromBytes(
+ reinterpret_cast<const char*>(google_der), sizeof(google_der)));
+ content::WebContents* tab =
+ browser()->tab_strip_model()->GetActiveWebContents();
+ Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext());
+ content::SSLHostStateDecisions* state = profile->GetSSLHostStateDecisions();
+
+ state->AllowCert(
+ www_google_gurl, google_cert.get(), net::CERT_STATUS_DATE_INVALID);
+ EXPECT_EQ(
+ net::CertPolicy::ALLOWED,
+ state->QueryPolicy(
+ www_google_gurl, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
+}
+
+IN_PROC_BROWSER_TEST_F(ForgetSSLHostStateDecisionsTest, AfterRestart) {
+ GURL www_google_gurl(www_google_url);
+ scoped_refptr<net::X509Certificate> google_cert(
+ net::X509Certificate::CreateFromBytes(
+ reinterpret_cast<const char*>(google_der), sizeof(google_der)));
+ content::WebContents* tab =
+ browser()->tab_strip_model()->GetActiveWebContents();
+ Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext());
+ content::SSLHostStateDecisions* state = profile->GetSSLHostStateDecisions();
+
+ // The cert should now be |UNKONWN| because the profile is set to forget cert
+ // exceptions after session end.
+ EXPECT_EQ(
+ net::CertPolicy::UNKNOWN,
+ state->QueryPolicy(
+ www_google_gurl, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
+}
+
+// Tests to make sure that if the remember value is set to 0, any decisions made
+// will be forgetten immediately.
+class ForgetInstantlySSLHostStateDecisionsTest
+ : public ChromeSSLHostStateDecisionsTest {
+ protected:
+ virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE {
+ ChromeSSLHostStateDecisionsTest::SetUpCommandLine(command_line);
+ command_line->AppendSwitchASCII(switches::kRememberCertErrorDecisions,
+ kForgetInstantly);
+ }
+};
+
+IN_PROC_BROWSER_TEST_F(ForgetInstantlySSLHostStateDecisionsTest,
+ MakeAndForgetException) {
+ GURL www_google_gurl(www_google_url);
+ scoped_refptr<net::X509Certificate> google_cert(
+ net::X509Certificate::CreateFromBytes(
+ reinterpret_cast<const char*>(google_der), sizeof(google_der)));
+ content::WebContents* tab =
+ browser()->tab_strip_model()->GetActiveWebContents();
+ Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext());
+ content::SSLHostStateDecisions* state = profile->GetSSLHostStateDecisions();
+
+ // chrome_state takes ownership of this clock
+ base::SimpleTestClock* clock = new base::SimpleTestClock();
+ ChromeSSLHostStateDecisions* chrome_state =
+ static_cast<ChromeSSLHostStateDecisions*>(state);
+ chrome_state->SetClock(scoped_ptr<base::Clock>(clock));
+
+ // Start the clock at standard system time but do not advance at all to
+ // emphasize that instant forget works.
+ clock->SetNow(base::Time::NowFromSystemTime());
+
+ state->AllowCert(
+ www_google_gurl, google_cert.get(), net::CERT_STATUS_DATE_INVALID);
+ EXPECT_EQ(
+ net::CertPolicy::UNKNOWN,
+ state->QueryPolicy(
+ www_google_gurl, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
+}
+
+// Tests to make sure that if the remember value is set to a non-zero value0,
+// any decisions will be remembered over a restart, but only for the length
+// specified.
+class RememberSSLHostStateDecisionsTest
+ : public ChromeSSLHostStateDecisionsTest {
+ protected:
+ virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE {
+ ChromeSSLHostStateDecisionsTest::SetUpCommandLine(command_line);
+ command_line->AppendSwitchASCII(switches::kRememberCertErrorDecisions,
+ kDeltaSecondsString);
+ }
+};
+
+IN_PROC_BROWSER_TEST_F(RememberSSLHostStateDecisionsTest, PRE_AfterRestart) {
+ GURL www_google_gurl(www_google_url);
+ scoped_refptr<net::X509Certificate> google_cert(
+ net::X509Certificate::CreateFromBytes(
+ reinterpret_cast<const char*>(google_der), sizeof(google_der)));
+ content::WebContents* tab =
+ browser()->tab_strip_model()->GetActiveWebContents();
+ Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext());
+ content::SSLHostStateDecisions* state = profile->GetSSLHostStateDecisions();
+
+ state->AllowCert(
+ www_google_gurl, google_cert.get(), net::CERT_STATUS_DATE_INVALID);
+ EXPECT_EQ(
+ net::CertPolicy::ALLOWED,
+ state->QueryPolicy(
+ www_google_gurl, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
+}
+
+IN_PROC_BROWSER_TEST_F(RememberSSLHostStateDecisionsTest, AfterRestart) {
+ GURL www_google_gurl(www_google_url);
+ scoped_refptr<net::X509Certificate> google_cert(
+ net::X509Certificate::CreateFromBytes(
+ reinterpret_cast<const char*>(google_der), sizeof(google_der)));
+ content::WebContents* tab =
+ browser()->tab_strip_model()->GetActiveWebContents();
+ Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext());
+ content::SSLHostStateDecisions* state = profile->GetSSLHostStateDecisions();
+
+ // chrome_state takes ownership of this clock
+ base::SimpleTestClock* clock = new base::SimpleTestClock();
+ ChromeSSLHostStateDecisions* chrome_state =
+ static_cast<ChromeSSLHostStateDecisions*>(state);
+ chrome_state->SetClock(scoped_ptr<base::Clock>(clock));
+
+ // Start the clock at standard system time.
+ clock->SetNow(base::Time::NowFromSystemTime());
+
+ // This should only pass if the cert was allowed before the test was restart
+ // and thus has now been rememebered across browser restarts.
+ EXPECT_EQ(
+ net::CertPolicy::ALLOWED,
+ state->QueryPolicy(
+ www_google_gurl, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
+
+ // Simulate the clock advancing by the specified delta.
+ clock->Advance(base::TimeDelta::FromSeconds(kDeltaOneDayInSeconds + 1));
+
+ // The cert should now be |UNKONWN| because the specified delta has passed.
+ EXPECT_EQ(
+ net::CertPolicy::UNKNOWN,
+ state->QueryPolicy(
+ www_google_gurl, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
+}
+
+// Tests to make sure that if the user deletes their browser history, SSL
+// exceptions will be deleted as well.
+class RemoveBrowsingHistorySSLHostStateDecisionsTest
+ : public ChromeSSLHostStateDecisionsTest {
+ public:
+ void RemoveAndWait(Profile* profile) {
+ BrowsingDataRemover* remover = BrowsingDataRemover::CreateForPeriod(
+ profile, BrowsingDataRemover::LAST_HOUR);
+ BrowsingDataRemoverCompletionObserver completion_observer(remover);
+ remover->Remove(BrowsingDataRemover::REMOVE_HISTORY,
+ BrowsingDataHelper::UNPROTECTED_WEB);
+ completion_observer.BlockUntilCompletion();
+ }
+};
+
+IN_PROC_BROWSER_TEST_F(RemoveBrowsingHistorySSLHostStateDecisionsTest,
+ DeleteHistory) {
+ GURL google_gurl(google_url);
+ scoped_refptr<net::X509Certificate> google_cert(
+ net::X509Certificate::CreateFromBytes(
+ reinterpret_cast<const char*>(google_der), sizeof(google_der)));
+ content::WebContents* tab =
+ browser()->tab_strip_model()->GetActiveWebContents();
+ Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext());
+ content::SSLHostStateDecisions* state = profile->GetSSLHostStateDecisions();
+
+ // Add an exception for an invalid certificate. Then remove the last hour's
+ // worth of browsing history and verify that the exception has been deleted.
+ state->AllowCert(
+ google_gurl, google_cert.get(), net::CERT_STATUS_DATE_INVALID);
+ RemoveAndWait(profile);
+ EXPECT_EQ(net::CertPolicy::UNKNOWN,
+ state->QueryPolicy(
+ google_gurl, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
+}

Powered by Google App Engine
This is Rietveld 408576698