Index: chrome/browser/ssl/chrome_ssl_host_state_decisions_test.cc |
diff --git a/chrome/browser/ssl/chrome_ssl_host_state_decisions_test.cc b/chrome/browser/ssl/chrome_ssl_host_state_decisions_test.cc |
new file mode 100644 |
index 0000000000000000000000000000000000000000..c08911b51ca589eab0d7f0fdd4e2e79e23657830 |
--- /dev/null |
+++ b/chrome/browser/ssl/chrome_ssl_host_state_decisions_test.cc |
@@ -0,0 +1,485 @@ |
+// Copyright (c) 2014 The Chromium Authors. All rights reserved. |
+// Use of this source code is governed by a BSD-style license that can be |
+// found in the LICENSE file. |
+ |
+#include <stdint.h> |
+ |
+#include "base/command_line.h" |
+#include "base/strings/string_number_conversions.h" |
+#include "base/test/simple_test_clock.h" |
+#include "chrome/browser/browsing_data/browsing_data_helper.h" |
+#include "chrome/browser/browsing_data/browsing_data_remover.h" |
+#include "chrome/browser/browsing_data/browsing_data_remover_test_util.h" |
+#include "chrome/browser/profiles/profile.h" |
+#include "chrome/browser/ssl/chrome_ssl_host_state_decisions.h" |
+#include "chrome/browser/ui/browser.h" |
+#include "chrome/browser/ui/tabs/tab_strip_model.h" |
+#include "chrome/common/chrome_switches.h" |
+#include "chrome/test/base/in_process_browser_test.h" |
+#include "content/public/browser/ssl_host_state_decisions.h" |
+#include "content/public/browser/web_contents.h" |
+#include "content/public/test/browser_test_utils.h" |
+#include "net/test/test_certificate_data.h" |
+#include "testing/gtest/include/gtest/gtest.h" |
+#include "url/gurl.h" |
+ |
+namespace { |
+ |
+const char www_google_url[] = "https://www.google.com"; |
+const char google_url[] = "https://google.com"; |
+const char example_url[] = "https://example.com"; |
+ |
+const char* kForgetAtSessionEnd = "-1"; |
+const char* kForgetInstantly = "0"; |
+const char* kDeltaSecondsString = "86400"; |
+const uint64_t kDeltaOneDayInSeconds = UINT64_C(86400); |
+ |
+} // namespace |
+ |
+class ChromeSSLHostStateDecisionsTest : public InProcessBrowserTest {}; |
+ |
+// ChromeSSLHostStateDecisionsTest tests basic unit test functionality of the |
+// SSLHostStateDecisions class. For example, tests that if a certificate is |
+// accepted, then it is added to queryable, and if it is revoked, it is not |
+// queryable. Even though it is effectively a unit test, in needs to be an |
+// InProcessBrowserTest because the actual functionality is provided by |
+// ChromeSSLHostStateDecisions which is provided per-profile. |
+// |
+// QueryPolicy unit tests the expected behavior of calling QueryPolicy on the |
+// SSLHostStateDecisions class after various SSL cert decisions have been made. |
+IN_PROC_BROWSER_TEST_F(ChromeSSLHostStateDecisionsTest, QueryPolicy) { |
+ GURL www_google_gurl(www_google_url); |
+ GURL google_gurl(google_url); |
+ GURL example_gurl(example_url); |
+ scoped_refptr<net::X509Certificate> google_cert( |
+ net::X509Certificate::CreateFromBytes( |
+ reinterpret_cast<const char*>(google_der), sizeof(google_der))); |
Ryan Sleevi
2014/07/31 00:31:28
Not your fault, but bonus points if you want to us
jww
2014/07/31 05:57:00
Done.
|
+ content::WebContents* tab = |
+ browser()->tab_strip_model()->GetActiveWebContents(); |
+ Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
+ content::SSLHostStateDecisions* state = profile->GetSSLHostStateDecisions(); |
+ |
+ // Verifying that all three of the certs we will be looking at are unknown |
+ // before any action has been taken. |
+ EXPECT_EQ( |
+ net::CertPolicy::UNKNOWN, |
+ state->QueryPolicy( |
+ www_google_gurl, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
+ EXPECT_EQ(net::CertPolicy::UNKNOWN, |
+ state->QueryPolicy( |
+ google_gurl, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
+ EXPECT_EQ( |
+ net::CertPolicy::UNKNOWN, |
+ state->QueryPolicy( |
+ example_gurl, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
+ |
+ // Simulate a user decision to allow an invalid certificate exception for |
+ // www_google_url. |
+ state->AllowCert( |
+ www_google_gurl, google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
+ |
+ // Verify that only www_google_url is allowed and that the other two certs |
+ // being tested still have no decision associated with them. |
+ EXPECT_EQ( |
+ net::CertPolicy::ALLOWED, |
+ state->QueryPolicy( |
+ www_google_gurl, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
+ EXPECT_EQ(net::CertPolicy::UNKNOWN, |
+ state->QueryPolicy( |
+ google_gurl, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
+ EXPECT_EQ( |
+ net::CertPolicy::UNKNOWN, |
+ state->QueryPolicy( |
+ example_gurl, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
+ |
+ // Simulate a user decision to allow an invalid certificate exception for |
+ // example_url. |
+ state->AllowCert( |
+ example_gurl, google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
+ |
+ // Verify that both www_google_url and example_url have allow exceptions while |
+ // google_url still has no associated decision. |
+ EXPECT_EQ( |
+ net::CertPolicy::ALLOWED, |
+ state->QueryPolicy( |
+ www_google_gurl, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
+ EXPECT_EQ(net::CertPolicy::UNKNOWN, |
+ state->QueryPolicy( |
+ google_gurl, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
+ EXPECT_EQ( |
+ net::CertPolicy::ALLOWED, |
+ state->QueryPolicy( |
+ example_gurl, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
+ |
+ // Simulate a user decision to deny an invalid certificate for example_url. |
+ state->DenyCert( |
+ example_gurl, google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
+ |
+ // Verify that www_google_url is allowed and example_url is denied while |
+ // google_url still has no associated decision. |
+ EXPECT_EQ( |
+ net::CertPolicy::ALLOWED, |
+ state->QueryPolicy( |
+ www_google_gurl, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
+ EXPECT_EQ(net::CertPolicy::UNKNOWN, |
+ state->QueryPolicy( |
+ google_gurl, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
+ EXPECT_EQ( |
+ net::CertPolicy::DENIED, |
+ state->QueryPolicy( |
+ example_gurl, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
+} |
+ |
+// HasPolicyAndRevoke unit tests the expected behavior of calling |
+// HasAllowedOrDeniedCert before and after calling RevokeAllowAndDenyPreferences |
+// on the SSLHostStateDecisions class. |
+IN_PROC_BROWSER_TEST_F(ChromeSSLHostStateDecisionsTest, HasPolicyAndRevoke) { |
+ GURL www_google_gurl(www_google_url); |
+ GURL google_gurl(google_url); |
+ GURL example_gurl(example_url); |
+ scoped_refptr<net::X509Certificate> google_cert( |
+ net::X509Certificate::CreateFromBytes( |
+ reinterpret_cast<const char*>(google_der), sizeof(google_der))); |
+ content::WebContents* tab = |
+ browser()->tab_strip_model()->GetActiveWebContents(); |
+ Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
+ content::SSLHostStateDecisions* state = profile->GetSSLHostStateDecisions(); |
+ |
+ // Simulate a user decision to allow an invalid certificate exception for |
+ // www_google_url and for example_url. |
+ state->AllowCert( |
+ www_google_gurl, google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
+ state->AllowCert( |
+ example_gurl, google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
+ |
+ // Verify that HasAllowedOrDeniedCert correctly acknowledges that a user |
+ // decision has been made about www_google_url. Then verify that |
+ // HasAllowedOrDeniedCert correctly identifies that the decision has been |
+ // revoked. |
+ EXPECT_TRUE(state->HasAllowedOrDeniedCert(www_google_gurl)); |
+ state->RevokeAllowAndDenyPreferences(www_google_gurl); |
+ EXPECT_FALSE(state->HasAllowedOrDeniedCert(www_google_gurl)); |
+ EXPECT_EQ( |
+ net::CertPolicy::UNKNOWN, |
+ state->QueryPolicy( |
+ www_google_gurl, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
+ |
+ // Verify that the revocation of the www_google_url decision does not affect |
+ // the Allow for example_url. |
+ EXPECT_TRUE(state->HasAllowedOrDeniedCert(example_gurl)); |
+ |
+ // Verify the rovaction of the www_google_url decision does not affect the |
Ryan Sleevi
2014/07/31 00:31:28
Revocation
jww
2014/07/31 05:57:00
Done.
|
+ // non-decision for google_url. Then verify that a revocation of a URL with no |
+ // decision has no effect. |
+ EXPECT_FALSE(state->HasAllowedOrDeniedCert(google_gurl)); |
+ state->RevokeAllowAndDenyPreferences(google_gurl); |
+ EXPECT_FALSE(state->HasAllowedOrDeniedCert(google_gurl)); |
+} |
+ |
+// Clear unit tests the expected behavior of calling Clear to forget all cert |
+// decision state on the SSLHostStateDecisions class. |
+IN_PROC_BROWSER_TEST_F(ChromeSSLHostStateDecisionsTest, Clear) { |
+ GURL www_google_gurl(www_google_url); |
+ GURL example_gurl(example_url); |
+ scoped_refptr<net::X509Certificate> google_cert( |
+ net::X509Certificate::CreateFromBytes( |
+ reinterpret_cast<const char*>(google_der), sizeof(google_der))); |
+ content::WebContents* tab = |
+ browser()->tab_strip_model()->GetActiveWebContents(); |
+ Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
+ content::SSLHostStateDecisions* state = profile->GetSSLHostStateDecisions(); |
+ |
+ // Simulate a user decision to allow an invalid certificate exception for |
+ // www_google_url and for example_url. |
+ state->AllowCert( |
+ www_google_gurl, google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
+ |
+ // Do a full clear, then make sure that both www_google_url, which had a |
+ // decision made, and example_url, which was untouched, are now in a |
+ // non-decision state. |
+ state->Clear(); |
+ EXPECT_FALSE(state->HasAllowedOrDeniedCert(www_google_gurl)); |
+ EXPECT_EQ( |
+ net::CertPolicy::UNKNOWN, |
+ state->QueryPolicy( |
+ www_google_gurl, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
+ EXPECT_FALSE(state->HasAllowedOrDeniedCert(example_gurl)); |
+ EXPECT_EQ( |
+ net::CertPolicy::UNKNOWN, |
+ state->QueryPolicy( |
+ example_gurl, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
+} |
+ |
+// Tests the basic behavior of cert memory in incognito. |
+class IncognitoSSLHostStateDecisionsTest |
+ : public ChromeSSLHostStateDecisionsTest { |
+ protected: |
+ virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE { |
+ ChromeSSLHostStateDecisionsTest::SetUpCommandLine(command_line); |
+ command_line->AppendSwitchASCII(switches::kRememberCertErrorDecisions, |
+ kDeltaSecondsString); |
+ } |
+}; |
+ |
+IN_PROC_BROWSER_TEST_F(IncognitoSSLHostStateDecisionsTest, PRE_AfterRestart) { |
+ GURL www_google_gurl(www_google_url); |
+ GURL google_gurl(google_url); |
+ scoped_refptr<net::X509Certificate> google_cert( |
+ net::X509Certificate::CreateFromBytes( |
+ reinterpret_cast<const char*>(google_der), sizeof(google_der))); |
+ content::WebContents* tab = |
+ browser()->tab_strip_model()->GetActiveWebContents(); |
+ Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
+ content::SSLHostStateDecisions* state = profile->GetSSLHostStateDecisions(); |
+ |
+ // Add a cert exception to the profile and then verify that it still exists |
+ // in the incognito profile. |
+ state->AllowCert( |
+ www_google_gurl, google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
+ |
+ scoped_ptr<Profile> incognito(profile->CreateOffTheRecordProfile()); |
+ content::SSLHostStateDecisions* incognito_state = |
+ incognito->GetSSLHostStateDecisions(); |
+ |
+ EXPECT_EQ( |
+ net::CertPolicy::ALLOWED, |
+ incognito_state->QueryPolicy( |
+ www_google_gurl, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
+ |
+ // Add a cert exception to the incognito profile. It will be checked after |
+ // restart that this exception does not exist. Note the different cert URL and |
+ // error than above thus mapping to a second exception. Also validate that it |
+ // was not added as an exception to the regular profile. |
+ incognito_state->AllowCert( |
+ google_gurl, google_cert.get(), net::CERT_STATUS_COMMON_NAME_INVALID); |
+ |
+ EXPECT_EQ(net::CertPolicy::UNKNOWN, |
+ state->QueryPolicy(google_gurl, |
+ google_cert.get(), |
+ net::CERT_STATUS_COMMON_NAME_INVALID)); |
+} |
+ |
+// AfterRestart ensures that any cert decisions made in an incognito profile are |
+// forgetten after a session restart even if given a command line flag to |
+// remember cert decisions after restart. |
+IN_PROC_BROWSER_TEST_F(IncognitoSSLHostStateDecisionsTest, AfterRestart) { |
+ GURL www_google_gurl(www_google_url); |
+ GURL google_gurl(google_url); |
+ scoped_refptr<net::X509Certificate> google_cert( |
+ net::X509Certificate::CreateFromBytes( |
+ reinterpret_cast<const char*>(google_der), sizeof(google_der))); |
+ content::WebContents* tab = |
+ browser()->tab_strip_model()->GetActiveWebContents(); |
+ Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
+ content::SSLHostStateDecisions* state = profile->GetSSLHostStateDecisions(); |
+ |
+ // Verify that the exception added before restart to the regular |
+ // (non-incognito) profile still exists and was not cleared after the |
+ // incognito session ended. |
+ EXPECT_EQ( |
+ net::CertPolicy::ALLOWED, |
+ state->QueryPolicy( |
+ www_google_gurl, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
+ |
+ scoped_ptr<Profile> incognito(profile->CreateOffTheRecordProfile()); |
+ content::SSLHostStateDecisions* incognito_state = |
+ incognito->GetSSLHostStateDecisions(); |
+ |
+ // Verify that the exception added before restart to the incognito profile was |
+ // cleared when the incognito session ended. |
+ EXPECT_EQ(net::CertPolicy::UNKNOWN, |
+ incognito_state->QueryPolicy(google_gurl, |
+ google_cert.get(), |
+ net::CERT_STATUS_COMMON_NAME_INVALID)); |
+} |
+ |
+// Tests to make sure that if the remember value is set to -1, any decisions |
+// won't be remembered over a restart. |
+class ForgetSSLHostStateDecisionsTest : public ChromeSSLHostStateDecisionsTest { |
+ protected: |
+ virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE { |
+ ChromeSSLHostStateDecisionsTest::SetUpCommandLine(command_line); |
+ command_line->AppendSwitchASCII(switches::kRememberCertErrorDecisions, |
+ kForgetAtSessionEnd); |
+ } |
+}; |
+ |
+IN_PROC_BROWSER_TEST_F(ForgetSSLHostStateDecisionsTest, PRE_AfterRestart) { |
+ GURL www_google_gurl(www_google_url); |
+ scoped_refptr<net::X509Certificate> google_cert( |
+ net::X509Certificate::CreateFromBytes( |
+ reinterpret_cast<const char*>(google_der), sizeof(google_der))); |
+ content::WebContents* tab = |
+ browser()->tab_strip_model()->GetActiveWebContents(); |
+ Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
+ content::SSLHostStateDecisions* state = profile->GetSSLHostStateDecisions(); |
+ |
+ state->AllowCert( |
+ www_google_gurl, google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
+ EXPECT_EQ( |
+ net::CertPolicy::ALLOWED, |
+ state->QueryPolicy( |
+ www_google_gurl, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
+} |
+ |
+IN_PROC_BROWSER_TEST_F(ForgetSSLHostStateDecisionsTest, AfterRestart) { |
+ GURL www_google_gurl(www_google_url); |
+ scoped_refptr<net::X509Certificate> google_cert( |
+ net::X509Certificate::CreateFromBytes( |
+ reinterpret_cast<const char*>(google_der), sizeof(google_der))); |
+ content::WebContents* tab = |
+ browser()->tab_strip_model()->GetActiveWebContents(); |
+ Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
+ content::SSLHostStateDecisions* state = profile->GetSSLHostStateDecisions(); |
+ |
+ // The cert should now be |UNKONWN| because the profile is set to forget cert |
+ // exceptions after session end. |
+ EXPECT_EQ( |
+ net::CertPolicy::UNKNOWN, |
+ state->QueryPolicy( |
+ www_google_gurl, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
+} |
+ |
+// Tests to make sure that if the remember value is set to 0, any decisions made |
+// will be forgetten immediately. |
+class ForgetInstantlySSLHostStateDecisionsTest |
+ : public ChromeSSLHostStateDecisionsTest { |
+ protected: |
+ virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE { |
+ ChromeSSLHostStateDecisionsTest::SetUpCommandLine(command_line); |
+ command_line->AppendSwitchASCII(switches::kRememberCertErrorDecisions, |
+ kForgetInstantly); |
+ } |
+}; |
+ |
+IN_PROC_BROWSER_TEST_F(ForgetInstantlySSLHostStateDecisionsTest, |
+ MakeAndForgetException) { |
+ GURL www_google_gurl(www_google_url); |
+ scoped_refptr<net::X509Certificate> google_cert( |
+ net::X509Certificate::CreateFromBytes( |
+ reinterpret_cast<const char*>(google_der), sizeof(google_der))); |
+ content::WebContents* tab = |
+ browser()->tab_strip_model()->GetActiveWebContents(); |
+ Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
+ content::SSLHostStateDecisions* state = profile->GetSSLHostStateDecisions(); |
+ |
+ // chrome_state takes ownership of this clock |
+ base::SimpleTestClock* clock = new base::SimpleTestClock(); |
+ ChromeSSLHostStateDecisions* chrome_state = |
+ static_cast<ChromeSSLHostStateDecisions*>(state); |
+ chrome_state->SetClock(scoped_ptr<base::Clock>(clock)); |
+ |
+ // Start the clock at standard system time but do not advance at all to |
+ // emphasize that instant forget works. |
+ clock->SetNow(base::Time::NowFromSystemTime()); |
+ |
+ state->AllowCert( |
+ www_google_gurl, google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
+ EXPECT_EQ( |
+ net::CertPolicy::UNKNOWN, |
+ state->QueryPolicy( |
+ www_google_gurl, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
+} |
+ |
+// Tests to make sure that if the remember value is set to a non-zero value0, |
+// any decisions will be remembered over a restart, but only for the length |
+// specified. |
+class RememberSSLHostStateDecisionsTest |
+ : public ChromeSSLHostStateDecisionsTest { |
+ protected: |
+ virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE { |
+ ChromeSSLHostStateDecisionsTest::SetUpCommandLine(command_line); |
+ command_line->AppendSwitchASCII(switches::kRememberCertErrorDecisions, |
+ kDeltaSecondsString); |
+ } |
+}; |
+ |
+IN_PROC_BROWSER_TEST_F(RememberSSLHostStateDecisionsTest, PRE_AfterRestart) { |
+ GURL www_google_gurl(www_google_url); |
+ scoped_refptr<net::X509Certificate> google_cert( |
+ net::X509Certificate::CreateFromBytes( |
+ reinterpret_cast<const char*>(google_der), sizeof(google_der))); |
+ content::WebContents* tab = |
+ browser()->tab_strip_model()->GetActiveWebContents(); |
+ Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
+ content::SSLHostStateDecisions* state = profile->GetSSLHostStateDecisions(); |
+ |
+ state->AllowCert( |
+ www_google_gurl, google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
+ EXPECT_EQ( |
+ net::CertPolicy::ALLOWED, |
+ state->QueryPolicy( |
+ www_google_gurl, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
+} |
+ |
+IN_PROC_BROWSER_TEST_F(RememberSSLHostStateDecisionsTest, AfterRestart) { |
+ GURL www_google_gurl(www_google_url); |
+ scoped_refptr<net::X509Certificate> google_cert( |
+ net::X509Certificate::CreateFromBytes( |
+ reinterpret_cast<const char*>(google_der), sizeof(google_der))); |
+ content::WebContents* tab = |
+ browser()->tab_strip_model()->GetActiveWebContents(); |
+ Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
+ content::SSLHostStateDecisions* state = profile->GetSSLHostStateDecisions(); |
+ |
+ // chrome_state takes ownership of this clock |
+ base::SimpleTestClock* clock = new base::SimpleTestClock(); |
+ ChromeSSLHostStateDecisions* chrome_state = |
+ static_cast<ChromeSSLHostStateDecisions*>(state); |
+ chrome_state->SetClock(scoped_ptr<base::Clock>(clock)); |
+ |
+ // Start the clock at standard system time. |
+ clock->SetNow(base::Time::NowFromSystemTime()); |
+ |
+ // This should only pass if the cert was allowed before the test was restart |
+ // and thus has now been rememebered across browser restarts. |
+ EXPECT_EQ( |
+ net::CertPolicy::ALLOWED, |
+ state->QueryPolicy( |
+ www_google_gurl, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
+ |
+ // Simulate the clock advancing by the specified delta. |
+ clock->Advance(base::TimeDelta::FromSeconds(kDeltaOneDayInSeconds + 1)); |
+ |
+ // The cert should now be |UNKONWN| because the specified delta has passed. |
+ EXPECT_EQ( |
+ net::CertPolicy::UNKNOWN, |
+ state->QueryPolicy( |
+ www_google_gurl, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
+} |
+ |
+// Tests to make sure that if the user deletes their browser history, SSL |
+// exceptions will be deleted as well. |
+class RemoveBrowsingHistorySSLHostStateDecisionsTest |
+ : public ChromeSSLHostStateDecisionsTest { |
+ public: |
+ void RemoveAndWait(Profile* profile) { |
+ BrowsingDataRemover* remover = BrowsingDataRemover::CreateForPeriod( |
+ profile, BrowsingDataRemover::LAST_HOUR); |
+ BrowsingDataRemoverCompletionObserver completion_observer(remover); |
+ remover->Remove(BrowsingDataRemover::REMOVE_HISTORY, |
+ BrowsingDataHelper::UNPROTECTED_WEB); |
+ completion_observer.BlockUntilCompletion(); |
+ } |
+}; |
+ |
+IN_PROC_BROWSER_TEST_F(RemoveBrowsingHistorySSLHostStateDecisionsTest, |
+ DeleteHistory) { |
+ GURL google_gurl(google_url); |
+ scoped_refptr<net::X509Certificate> google_cert( |
+ net::X509Certificate::CreateFromBytes( |
+ reinterpret_cast<const char*>(google_der), sizeof(google_der))); |
+ content::WebContents* tab = |
+ browser()->tab_strip_model()->GetActiveWebContents(); |
+ Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
+ content::SSLHostStateDecisions* state = profile->GetSSLHostStateDecisions(); |
+ |
+ // Add an exception for an invalid certificate. Then remove the last hour's |
+ // worth of browsing history and verify that the exception has been deleted. |
+ state->AllowCert( |
+ google_gurl, google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
+ RemoveAndWait(profile); |
+ EXPECT_EQ(net::CertPolicy::UNKNOWN, |
+ state->QueryPolicy( |
+ google_gurl, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); |
+} |