| Index: chrome/browser/ssl/chrome_ssl_host_state_delegate_test.cc
|
| diff --git a/chrome/browser/ssl/chrome_ssl_host_state_delegate_test.cc b/chrome/browser/ssl/chrome_ssl_host_state_delegate_test.cc
|
| new file mode 100644
|
| index 0000000000000000000000000000000000000000..cd24bef1a75537ac13cf22ec3b8766066e1c9df5
|
| --- /dev/null
|
| +++ b/chrome/browser/ssl/chrome_ssl_host_state_delegate_test.cc
|
| @@ -0,0 +1,450 @@
|
| +// Copyright (c) 2014 The Chromium Authors. All rights reserved.
|
| +// Use of this source code is governed by a BSD-style license that can be
|
| +// found in the LICENSE file.
|
| +
|
| +#include <stdint.h>
|
| +
|
| +#include "base/command_line.h"
|
| +#include "base/strings/string_number_conversions.h"
|
| +#include "base/test/simple_test_clock.h"
|
| +#include "chrome/browser/browsing_data/browsing_data_helper.h"
|
| +#include "chrome/browser/browsing_data/browsing_data_remover.h"
|
| +#include "chrome/browser/browsing_data/browsing_data_remover_test_util.h"
|
| +#include "chrome/browser/profiles/profile.h"
|
| +#include "chrome/browser/ssl/chrome_ssl_host_state_delegate.h"
|
| +#include "chrome/browser/ui/browser.h"
|
| +#include "chrome/browser/ui/tabs/tab_strip_model.h"
|
| +#include "chrome/common/chrome_switches.h"
|
| +#include "chrome/test/base/in_process_browser_test.h"
|
| +#include "content/public/browser/ssl_host_state_delegate.h"
|
| +#include "content/public/browser/web_contents.h"
|
| +#include "content/public/test/browser_test_utils.h"
|
| +#include "net/base/test_data_directory.h"
|
| +#include "net/test/cert_test_util.h"
|
| +#include "testing/gtest/include/gtest/gtest.h"
|
| +
|
| +namespace {
|
| +
|
| +const char kGoogleCertFile[] = "google.single.der";
|
| +
|
| +const char kWWWGoogleHost[] = "www.google.com";
|
| +const char kGoogleHost[] = "google.com";
|
| +const char kExampleHost[] = "example.com";
|
| +
|
| +const char* kForgetAtSessionEnd = "-1";
|
| +const char* kForgetInstantly = "0";
|
| +const char* kDeltaSecondsString = "86400";
|
| +const uint64_t kDeltaOneDayInSeconds = UINT64_C(86400);
|
| +
|
| +scoped_refptr<net::X509Certificate> GetGoogleCert() {
|
| + return net::ImportCertFromFile(net::GetTestCertsDirectory(), kGoogleCertFile);
|
| +}
|
| +
|
| +} // namespace
|
| +
|
| +class ChromeSSLHostStateDelegateTest : public InProcessBrowserTest {};
|
| +
|
| +// ChromeSSLHostStateDelegateTest tests basic unit test functionality of the
|
| +// SSLHostStateDelegate class. For example, tests that if a certificate is
|
| +// accepted, then it is added to queryable, and if it is revoked, it is not
|
| +// queryable. Even though it is effectively a unit test, in needs to be an
|
| +// InProcessBrowserTest because the actual functionality is provided by
|
| +// ChromeSSLHostStateDelegate which is provided per-profile.
|
| +//
|
| +// QueryPolicy unit tests the expected behavior of calling QueryPolicy on the
|
| +// SSLHostStateDelegate class after various SSL cert decisions have been made.
|
| +IN_PROC_BROWSER_TEST_F(ChromeSSLHostStateDelegateTest, QueryPolicy) {
|
| + scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert();
|
| + content::WebContents* tab =
|
| + browser()->tab_strip_model()->GetActiveWebContents();
|
| + Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext());
|
| + content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate();
|
| +
|
| + // Verifying that all three of the certs we will be looking at are unknown
|
| + // before any action has been taken.
|
| + EXPECT_EQ(
|
| + net::CertPolicy::UNKNOWN,
|
| + state->QueryPolicy(
|
| + kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
|
| + EXPECT_EQ(net::CertPolicy::UNKNOWN,
|
| + state->QueryPolicy(
|
| + kGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
|
| + EXPECT_EQ(
|
| + net::CertPolicy::UNKNOWN,
|
| + state->QueryPolicy(
|
| + kExampleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
|
| +
|
| + // Simulate a user decision to allow an invalid certificate exception for
|
| + // kWWWGoogleHost.
|
| + state->AllowCert(
|
| + kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID);
|
| +
|
| + // Verify that only kWWWGoogleHost is allowed and that the other two certs
|
| + // being tested still have no decision associated with them.
|
| + EXPECT_EQ(
|
| + net::CertPolicy::ALLOWED,
|
| + state->QueryPolicy(
|
| + kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
|
| + EXPECT_EQ(net::CertPolicy::UNKNOWN,
|
| + state->QueryPolicy(
|
| + kGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
|
| + EXPECT_EQ(
|
| + net::CertPolicy::UNKNOWN,
|
| + state->QueryPolicy(
|
| + kExampleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
|
| +
|
| + // Simulate a user decision to allow an invalid certificate exception for
|
| + // kExampleHost.
|
| + state->AllowCert(
|
| + kExampleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID);
|
| +
|
| + // Verify that both kWWWGoogleHost and kExampleHost have allow exceptions
|
| + // while kGoogleHost still has no associated decision.
|
| + EXPECT_EQ(
|
| + net::CertPolicy::ALLOWED,
|
| + state->QueryPolicy(
|
| + kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
|
| + EXPECT_EQ(net::CertPolicy::UNKNOWN,
|
| + state->QueryPolicy(
|
| + kGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
|
| + EXPECT_EQ(
|
| + net::CertPolicy::ALLOWED,
|
| + state->QueryPolicy(
|
| + kExampleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
|
| +
|
| + // Simulate a user decision to deny an invalid certificate for kExampleHost.
|
| + state->DenyCert(
|
| + kExampleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID);
|
| +
|
| + // Verify that kWWWGoogleHost is allowed and kExampleHost is denied while
|
| + // kGoogleHost still has no associated decision.
|
| + EXPECT_EQ(
|
| + net::CertPolicy::ALLOWED,
|
| + state->QueryPolicy(
|
| + kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
|
| + EXPECT_EQ(net::CertPolicy::UNKNOWN,
|
| + state->QueryPolicy(
|
| + kGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
|
| + EXPECT_EQ(
|
| + net::CertPolicy::DENIED,
|
| + state->QueryPolicy(
|
| + kExampleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
|
| +}
|
| +
|
| +// HasPolicyAndRevoke unit tests the expected behavior of calling
|
| +// HasAllowedOrDeniedCert before and after calling RevokeAllowAndDenyPreferences
|
| +// on the SSLHostStateDelegate class.
|
| +IN_PROC_BROWSER_TEST_F(ChromeSSLHostStateDelegateTest, HasPolicyAndRevoke) {
|
| + scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert();
|
| + content::WebContents* tab =
|
| + browser()->tab_strip_model()->GetActiveWebContents();
|
| + Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext());
|
| + content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate();
|
| +
|
| + // Simulate a user decision to allow an invalid certificate exception for
|
| + // kWWWGoogleHost and for kExampleHost.
|
| + state->AllowCert(
|
| + kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID);
|
| + state->AllowCert(
|
| + kExampleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID);
|
| +
|
| + // Verify that HasAllowedOrDeniedCert correctly acknowledges that a user
|
| + // decision has been made about kWWWGoogleHost. Then verify that
|
| + // HasAllowedOrDeniedCert correctly identifies that the decision has been
|
| + // revoked.
|
| + EXPECT_TRUE(state->HasAllowedOrDeniedCert(kWWWGoogleHost));
|
| + state->RevokeAllowAndDenyPreferences(kWWWGoogleHost);
|
| + EXPECT_FALSE(state->HasAllowedOrDeniedCert(kWWWGoogleHost));
|
| + EXPECT_EQ(
|
| + net::CertPolicy::UNKNOWN,
|
| + state->QueryPolicy(
|
| + kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
|
| +
|
| + // Verify that the revocation of the kWWWGoogleHost decision does not affect
|
| + // the Allow for kExampleHost.
|
| + EXPECT_TRUE(state->HasAllowedOrDeniedCert(kExampleHost));
|
| +
|
| + // Verify the revocation of the kWWWGoogleHost decision does not affect the
|
| + // non-decision for kGoogleHost. Then verify that a revocation of a URL with
|
| + // no decision has no effect.
|
| + EXPECT_FALSE(state->HasAllowedOrDeniedCert(kGoogleHost));
|
| + state->RevokeAllowAndDenyPreferences(kGoogleHost);
|
| + EXPECT_FALSE(state->HasAllowedOrDeniedCert(kGoogleHost));
|
| +}
|
| +
|
| +// Clear unit tests the expected behavior of calling Clear to forget all cert
|
| +// decision state on the SSLHostStateDelegate class.
|
| +IN_PROC_BROWSER_TEST_F(ChromeSSLHostStateDelegateTest, Clear) {
|
| + scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert();
|
| + content::WebContents* tab =
|
| + browser()->tab_strip_model()->GetActiveWebContents();
|
| + Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext());
|
| + content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate();
|
| +
|
| + // Simulate a user decision to allow an invalid certificate exception for
|
| + // kWWWGoogleHost and for kExampleHost.
|
| + state->AllowCert(
|
| + kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID);
|
| +
|
| + // Do a full clear, then make sure that both kWWWGoogleHost, which had a
|
| + // decision made, and kExampleHost, which was untouched, are now in a
|
| + // non-decision state.
|
| + state->Clear();
|
| + EXPECT_FALSE(state->HasAllowedOrDeniedCert(kWWWGoogleHost));
|
| + EXPECT_EQ(
|
| + net::CertPolicy::UNKNOWN,
|
| + state->QueryPolicy(
|
| + kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
|
| + EXPECT_FALSE(state->HasAllowedOrDeniedCert(kExampleHost));
|
| + EXPECT_EQ(
|
| + net::CertPolicy::UNKNOWN,
|
| + state->QueryPolicy(
|
| + kExampleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
|
| +}
|
| +
|
| +// Tests the basic behavior of cert memory in incognito.
|
| +class IncognitoSSLHostStateDelegateTest
|
| + : public ChromeSSLHostStateDelegateTest {
|
| + protected:
|
| + virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE {
|
| + ChromeSSLHostStateDelegateTest::SetUpCommandLine(command_line);
|
| + command_line->AppendSwitchASCII(switches::kRememberCertErrorDecisions,
|
| + kDeltaSecondsString);
|
| + }
|
| +};
|
| +
|
| +IN_PROC_BROWSER_TEST_F(IncognitoSSLHostStateDelegateTest, PRE_AfterRestart) {
|
| + scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert();
|
| + content::WebContents* tab =
|
| + browser()->tab_strip_model()->GetActiveWebContents();
|
| + Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext());
|
| + content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate();
|
| +
|
| + // Add a cert exception to the profile and then verify that it still exists
|
| + // in the incognito profile.
|
| + state->AllowCert(
|
| + kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID);
|
| +
|
| + scoped_ptr<Profile> incognito(profile->CreateOffTheRecordProfile());
|
| + content::SSLHostStateDelegate* incognito_state =
|
| + incognito->GetSSLHostStateDelegate();
|
| +
|
| + EXPECT_EQ(
|
| + net::CertPolicy::ALLOWED,
|
| + incognito_state->QueryPolicy(
|
| + kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
|
| +
|
| + // Add a cert exception to the incognito profile. It will be checked after
|
| + // restart that this exception does not exist. Note the different cert URL and
|
| + // error than above thus mapping to a second exception. Also validate that it
|
| + // was not added as an exception to the regular profile.
|
| + incognito_state->AllowCert(
|
| + kGoogleHost, google_cert.get(), net::CERT_STATUS_COMMON_NAME_INVALID);
|
| +
|
| + EXPECT_EQ(net::CertPolicy::UNKNOWN,
|
| + state->QueryPolicy(kGoogleHost,
|
| + google_cert.get(),
|
| + net::CERT_STATUS_COMMON_NAME_INVALID));
|
| +}
|
| +
|
| +// AfterRestart ensures that any cert decisions made in an incognito profile are
|
| +// forgetten after a session restart even if given a command line flag to
|
| +// remember cert decisions after restart.
|
| +IN_PROC_BROWSER_TEST_F(IncognitoSSLHostStateDelegateTest, AfterRestart) {
|
| + scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert();
|
| + content::WebContents* tab =
|
| + browser()->tab_strip_model()->GetActiveWebContents();
|
| + Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext());
|
| + content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate();
|
| +
|
| + // Verify that the exception added before restart to the regular
|
| + // (non-incognito) profile still exists and was not cleared after the
|
| + // incognito session ended.
|
| + EXPECT_EQ(
|
| + net::CertPolicy::ALLOWED,
|
| + state->QueryPolicy(
|
| + kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
|
| +
|
| + scoped_ptr<Profile> incognito(profile->CreateOffTheRecordProfile());
|
| + content::SSLHostStateDelegate* incognito_state =
|
| + incognito->GetSSLHostStateDelegate();
|
| +
|
| + // Verify that the exception added before restart to the incognito profile was
|
| + // cleared when the incognito session ended.
|
| + EXPECT_EQ(net::CertPolicy::UNKNOWN,
|
| + incognito_state->QueryPolicy(kGoogleHost,
|
| + google_cert.get(),
|
| + net::CERT_STATUS_COMMON_NAME_INVALID));
|
| +}
|
| +
|
| +// Tests to make sure that if the remember value is set to -1, any decisions
|
| +// won't be remembered over a restart.
|
| +class ForGetSSLHostStateDelegateTest : public ChromeSSLHostStateDelegateTest {
|
| + protected:
|
| + virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE {
|
| + ChromeSSLHostStateDelegateTest::SetUpCommandLine(command_line);
|
| + command_line->AppendSwitchASCII(switches::kRememberCertErrorDecisions,
|
| + kForgetAtSessionEnd);
|
| + }
|
| +};
|
| +
|
| +IN_PROC_BROWSER_TEST_F(ForGetSSLHostStateDelegateTest, PRE_AfterRestart) {
|
| + scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert();
|
| + content::WebContents* tab =
|
| + browser()->tab_strip_model()->GetActiveWebContents();
|
| + Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext());
|
| + content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate();
|
| +
|
| + state->AllowCert(
|
| + kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID);
|
| + EXPECT_EQ(
|
| + net::CertPolicy::ALLOWED,
|
| + state->QueryPolicy(
|
| + kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
|
| +}
|
| +
|
| +IN_PROC_BROWSER_TEST_F(ForGetSSLHostStateDelegateTest, AfterRestart) {
|
| + scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert();
|
| + content::WebContents* tab =
|
| + browser()->tab_strip_model()->GetActiveWebContents();
|
| + Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext());
|
| + content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate();
|
| +
|
| + // The cert should now be |UNKONWN| because the profile is set to forget cert
|
| + // exceptions after session end.
|
| + EXPECT_EQ(
|
| + net::CertPolicy::UNKNOWN,
|
| + state->QueryPolicy(
|
| + kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
|
| +}
|
| +
|
| +// Tests to make sure that if the remember value is set to 0, any decisions made
|
| +// will be forgetten immediately.
|
| +class ForgetInstantlySSLHostStateDelegateTest
|
| + : public ChromeSSLHostStateDelegateTest {
|
| + protected:
|
| + virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE {
|
| + ChromeSSLHostStateDelegateTest::SetUpCommandLine(command_line);
|
| + command_line->AppendSwitchASCII(switches::kRememberCertErrorDecisions,
|
| + kForgetInstantly);
|
| + }
|
| +};
|
| +
|
| +IN_PROC_BROWSER_TEST_F(ForgetInstantlySSLHostStateDelegateTest,
|
| + MakeAndForgetException) {
|
| + scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert();
|
| + content::WebContents* tab =
|
| + browser()->tab_strip_model()->GetActiveWebContents();
|
| + Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext());
|
| + content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate();
|
| +
|
| + // chrome_state takes ownership of this clock
|
| + base::SimpleTestClock* clock = new base::SimpleTestClock();
|
| + ChromeSSLHostStateDelegate* chrome_state =
|
| + static_cast<ChromeSSLHostStateDelegate*>(state);
|
| + chrome_state->SetClock(scoped_ptr<base::Clock>(clock));
|
| +
|
| + // Start the clock at standard system time but do not advance at all to
|
| + // emphasize that instant forget works.
|
| + clock->SetNow(base::Time::NowFromSystemTime());
|
| +
|
| + state->AllowCert(
|
| + kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID);
|
| + EXPECT_EQ(
|
| + net::CertPolicy::UNKNOWN,
|
| + state->QueryPolicy(
|
| + kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
|
| +}
|
| +
|
| +// Tests to make sure that if the remember value is set to a non-zero value0,
|
| +// any decisions will be remembered over a restart, but only for the length
|
| +// specified.
|
| +class RememberSSLHostStateDelegateTest : public ChromeSSLHostStateDelegateTest {
|
| + protected:
|
| + virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE {
|
| + ChromeSSLHostStateDelegateTest::SetUpCommandLine(command_line);
|
| + command_line->AppendSwitchASCII(switches::kRememberCertErrorDecisions,
|
| + kDeltaSecondsString);
|
| + }
|
| +};
|
| +
|
| +IN_PROC_BROWSER_TEST_F(RememberSSLHostStateDelegateTest, PRE_AfterRestart) {
|
| + scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert();
|
| + content::WebContents* tab =
|
| + browser()->tab_strip_model()->GetActiveWebContents();
|
| + Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext());
|
| + content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate();
|
| +
|
| + state->AllowCert(
|
| + kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID);
|
| + EXPECT_EQ(
|
| + net::CertPolicy::ALLOWED,
|
| + state->QueryPolicy(
|
| + kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
|
| +}
|
| +
|
| +IN_PROC_BROWSER_TEST_F(RememberSSLHostStateDelegateTest, AfterRestart) {
|
| + scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert();
|
| + content::WebContents* tab =
|
| + browser()->tab_strip_model()->GetActiveWebContents();
|
| + Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext());
|
| + content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate();
|
| +
|
| + // chrome_state takes ownership of this clock
|
| + base::SimpleTestClock* clock = new base::SimpleTestClock();
|
| + ChromeSSLHostStateDelegate* chrome_state =
|
| + static_cast<ChromeSSLHostStateDelegate*>(state);
|
| + chrome_state->SetClock(scoped_ptr<base::Clock>(clock));
|
| +
|
| + // Start the clock at standard system time.
|
| + clock->SetNow(base::Time::NowFromSystemTime());
|
| +
|
| + // This should only pass if the cert was allowed before the test was restart
|
| + // and thus has now been rememebered across browser restarts.
|
| + EXPECT_EQ(
|
| + net::CertPolicy::ALLOWED,
|
| + state->QueryPolicy(
|
| + kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
|
| +
|
| + // Simulate the clock advancing by the specified delta.
|
| + clock->Advance(base::TimeDelta::FromSeconds(kDeltaOneDayInSeconds + 1));
|
| +
|
| + // The cert should now be |UNKONWN| because the specified delta has passed.
|
| + EXPECT_EQ(
|
| + net::CertPolicy::UNKNOWN,
|
| + state->QueryPolicy(
|
| + kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
|
| +}
|
| +
|
| +// Tests to make sure that if the user deletes their browser history, SSL
|
| +// exceptions will be deleted as well.
|
| +class RemoveBrowsingHistorySSLHostStateDelegateTest
|
| + : public ChromeSSLHostStateDelegateTest {
|
| + public:
|
| + void RemoveAndWait(Profile* profile) {
|
| + BrowsingDataRemover* remover = BrowsingDataRemover::CreateForPeriod(
|
| + profile, BrowsingDataRemover::LAST_HOUR);
|
| + BrowsingDataRemoverCompletionObserver completion_observer(remover);
|
| + remover->Remove(BrowsingDataRemover::REMOVE_HISTORY,
|
| + BrowsingDataHelper::UNPROTECTED_WEB);
|
| + completion_observer.BlockUntilCompletion();
|
| + }
|
| +};
|
| +
|
| +IN_PROC_BROWSER_TEST_F(RemoveBrowsingHistorySSLHostStateDelegateTest,
|
| + DeleteHistory) {
|
| + scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert();
|
| + content::WebContents* tab =
|
| + browser()->tab_strip_model()->GetActiveWebContents();
|
| + Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext());
|
| + content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate();
|
| +
|
| + // Add an exception for an invalid certificate. Then remove the last hour's
|
| + // worth of browsing history and verify that the exception has been deleted.
|
| + state->AllowCert(
|
| + kGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID);
|
| + RemoveAndWait(profile);
|
| + EXPECT_EQ(net::CertPolicy::UNKNOWN,
|
| + state->QueryPolicy(
|
| + kGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
|
| +}
|
|
|
Chromium Code Reviews
Issue 369703002:
Remember user decisions on invalid certificates behind a flag (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src