Set SSL info when an HTTP auth dialog is triggered by direct navigation.

chrome/browser/ui/login/login_prompt_browsertest.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <algorithm>
 #include <list>
 #include <map>
 
 #include "base/metrics/field_trial.h"
+#include "base/strings/stringprintf.h"
 #include "base/strings/utf_string_conversions.h"
 #include "chrome/browser/chrome_notification_types.h"
 #include "chrome/browser/prerender/prerender_manager.h"
 #include "chrome/browser/ssl/ssl_blocking_page.h"
 #include "chrome/browser/ui/browser.h"
 #include "chrome/browser/ui/browser_commands.h"
 #include "chrome/browser/ui/login/login_interstitial_delegate.h"
 #include "chrome/browser/ui/login/login_prompt.h"
 #include "chrome/browser/ui/login/login_prompt_test_utils.h"
 #include "chrome/browser/ui/tabs/tab_strip_model.h"
 #include "chrome/test/base/in_process_browser_test.h"
 #include "chrome/test/base/ui_test_utils.h"
 #include "content/public/browser/interstitial_page.h"
+#include "content/public/browser/navigation_entry.h"
 #include "content/public/browser/notification_details.h"
 #include "content/public/browser/notification_source.h"
 #include "content/public/browser/web_contents.h"
+#include "content/public/common/ssl_status.h"
 #include "content/public/test/browser_test_utils.h"
 #include "content/public/test/test_navigation_observer.h"
 #include "net/base/auth.h"
+#include "net/base/filename_util.h"
 #include "net/dns/mock_host_resolver.h"
 #include "net/test/spawned_test_server/spawned_test_server.h"
 
 using content::NavigationController;
 using content::OpenURLParams;
 using content::Referrer;
 
 namespace {
 
+enum ExpectedSSLStatus { SSL_STATUS_NONE, SSL_STATUS_OK, SSL_STATUS_BROKEN };
+
 class LoginPromptBrowserTest : public InProcessBrowserTest {
  public:
   LoginPromptBrowserTest()
       : bad_password_("incorrect"),
         bad_username_("nouser"),
         password_("secret"),
         username_basic_("basicuser"),
         username_digest_("digestuser") {
     auth_map_["foo"] = AuthInfo("testuser", "foopassword");
     auth_map_["bar"] = AuthInfo("testuser", "barpassword");
     auth_map_["testrealm"] = AuthInfo(username_basic_, password_);
   }
 
  protected:
   struct AuthInfo {
     std::string username_;
     std::string password_;
 
     AuthInfo() {}
 
     AuthInfo(const std::string& username,
              const std::string& password)
         : username_(username), password_(password) {}
   };
 
   typedef std::map<std::string, AuthInfo> AuthMap;
 
-  void SetAuthFor(LoginHandler* handler);
+  void SetAuthFor(LoginHandler* handler) const;
 
   void TestCrossOriginPrompt(const GURL& visit_url,
                              const std::string& landing_host) const;
 
+  void TestSSLState(Browser* browser,
+                    const GURL& test_page,
+                    bool has_redirect,
+                    int expected_ssl_status) const;
+
   AuthMap auth_map_;
   std::string bad_password_;
   std::string bad_username_;
   std::string password_;
   std::string username_basic_;
   std::string username_digest_;
 };
 
-void LoginPromptBrowserTest::SetAuthFor(LoginHandler* handler) {
+void LoginPromptBrowserTest::SetAuthFor(LoginHandler* handler) const {
   const net::AuthChallengeInfo* challenge = handler->auth_info();
 
   ASSERT_TRUE(challenge);
-  AuthMap::iterator i = auth_map_.find(challenge->realm);
+  AuthMap::const_iterator i = auth_map_.find(challenge->realm);
   EXPECT_TRUE(auth_map_.end() != i);
   if (i != auth_map_.end()) {
     const AuthInfo& info = i->second;
     handler->SetAuth(base::UTF8ToUTF16(info.username_),
                      base::UTF8ToUTF16(info.password_));
   }
 }
 
+void CheckSSLState(content::WebContents* contents, int expected_ssl_status) {
+  NavigationController* controller = &contents->GetController();
+  content::NavigationEntry* entry = controller->GetVisibleEntry();
+  const content::SSLStatus& ssl_status = entry->GetSSL();
+  EXPECT_EQ(content::SSLStatus::NORMAL_CONTENT, ssl_status.content_status);
+  EXPECT_EQ(128, ssl_status.security_bits);
+  switch (expected_ssl_status) {
+    case SSL_STATUS_OK:
+      EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATED,
+                ssl_status.security_style);
+      break;
+    case SSL_STATUS_BROKEN:
+      EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATION_BROKEN,
+                ssl_status.security_style);
+      break;
+    default:
+      NOTREACHED();
+  }
+}
+
+void CancelAndWaitForInterstitialDetach(LoginHandler* handler,
+                                        content::WebContents* contents) {
+  RunTaskAndWaitForInterstitialDetach(
+      contents, base::Bind(&LoginHandler::CancelAuth, handler));
+}
+
 const char kPrefetchAuthPage[] = "files/login/prefetch.html";
 
 const char kMultiRealmTestPage[] = "files/login/multi_realm.html";
 const int  kMultiRealmTestRealmCount = 2;
 
 const char kSingleRealmTestPage[] = "files/login/single_realm.html";
 
 const char* kAuthBasicPage = "auth-basic";
 const char* kAuthDigestPage = "auth-digest";
 
@@ skipping 1267 matching lines @@
     auth_needed_waiter.Wait();
     ASSERT_EQ(1u, observer.handlers().size());
     content::WaitForInterstitialAttach(contents);
     EXPECT_EQ(LoginInterstitialDelegate::kTypeForTesting,
               contents->GetInterstitialPage()
                   ->GetDelegateForTesting()
                   ->GetTypeForTesting());
   }
 }
 
+void LoginPromptBrowserTest::TestSSLState(Browser* browser,
+                                          const GURL& test_page,
+                                          bool has_redirect,
+                                          int expected_ssl_status) const {
+  content::WebContents* contents =
+      browser->tab_strip_model()->GetActiveWebContents();
+  NavigationController* controller = &contents->GetController();
+  LoginPromptBrowserTestObserver observer;
+
+  observer.Register(content::Source<NavigationController>(controller));
+  {
+    WindowedAuthNeededObserver auth_needed_waiter(controller);
+    ui_test_utils::NavigateToURLBlockUntilNavigationsComplete(
+        browser, test_page, has_redirect ? 2 : 1);
+    // After redirects etc., the page should end up at the HTTPS url.
+    ASSERT_EQ("127.0.0.1", contents->GetURL().host());
+    if (expected_ssl_status == SSL_STATUS_BROKEN) {
+      // Wait for the broken SSL interstitial and proceed through it.
+      WaitForInterstitialAttach(contents);
+      EXPECT_TRUE(contents->ShowingInterstitialPage());
+      EXPECT_EQ(SSLBlockingPage::kTypeForTesting,
+                contents->GetInterstitialPage()
+                    ->GetDelegateForTesting()
+                    ->GetTypeForTesting());
+      contents->GetInterstitialPage()->Proceed();
+    }
+
+    // The auth prompt should show with the blank login interstitial, and the
+    // SSL status should be available (but broken).
+    auth_needed_waiter.Wait();
+    ASSERT_EQ(1u, observer.handlers().size());
+    WaitForInterstitialAttach(contents);
+    EXPECT_TRUE(contents->ShowingInterstitialPage());
+    EXPECT_EQ(LoginInterstitialDelegate::kTypeForTesting,
+              contents->GetInterstitialPage()
+                  ->GetDelegateForTesting()
+                  ->GetTypeForTesting());
+    // Navigation not committed yet when the auth dialog is displayed.
+    EXPECT_EQ("", contents->GetLastCommittedURL().host());
+    EXPECT_EQ("127.0.0.1", contents->GetVisibleURL().host());
+    CheckSSLState(contents, expected_ssl_status);
+
+    // Cancelling the login prompt should detach the interstitial while keeping
+    // the correct origin and SSL state.
+    CancelAndWaitForInterstitialDetach(*observer.handlers().begin(), contents);
+    EXPECT_EQ("127.0.0.1", contents->GetVisibleURL().host());
+    EXPECT_EQ("127.0.0.1", contents->GetLastCommittedURL().host());
+    EXPECT_FALSE(contents->ShowingInterstitialPage());
+    CheckSSLState(contents, expected_ssl_status);
+  }
+}
+
+// Omnibox and connection tab should reflect the correct SSL State when login
+// prompt is displayed in the main frame.
+// This is simply the scenario where the user enters an HTTPS url that ends up
+// with an HTTP auth dialog.
+IN_PROC_BROWSER_TEST_F(LoginPromptBrowserTest,
+                       SSLStateShouldUpdateOnDirectNavigation) {
+  net::SpawnedTestServer https_server(
+      net::SpawnedTestServer::TYPE_HTTPS,
+      net::SpawnedTestServer::SSLOptions(
+          net::SpawnedTestServer::SSLOptions::CERT_OK),
+      base::FilePath());
+  ASSERT_TRUE(https_server.Start());
+  GURL test_page = https_server.GetURL(kAuthBasicPage);
+  ASSERT_EQ("127.0.0.1", test_page.host());
+  TestSSLState(browser(), test_page, false, SSL_STATUS_OK);
+}
+
+// Same as above, except the HTTPS url has a cert error. When the user proceeds
+// through the SSL interstitial, HTTP auth dialog should be displayed with the
+// correct (i.e. broken) SSL information.
+IN_PROC_BROWSER_TEST_F(LoginPromptBrowserTest,
+                       SSLStateShouldUpdateOnDirectNavigation_BrokenSSL) {
+  net::SpawnedTestServer https_server(
+      net::SpawnedTestServer::TYPE_HTTPS,
+      net::SpawnedTestServer::SSLOptions(
+          net::SpawnedTestServer::SSLOptions::CERT_CHAIN_WRONG_ROOT),
+      base::FilePath());
+  ASSERT_TRUE(https_server.Start());
+  GURL test_page = https_server.GetURL(kAuthBasicPage);
+  ASSERT_EQ("127.0.0.1", test_page.host());
+  TestSSLState(browser(), test_page, false, SSL_STATUS_BROKEN);
+}
+
+// Same as |SSLStateShouldUpdateOnDirectNavigation|, except the user doesn't
+// navigate directly to the HTTPS page. Instead, another page redirects to the
+// HTTPS page.
+IN_PROC_BROWSER_TEST_F(LoginPromptBrowserTest, SSLStateShouldUpdateOnRedirect) {
+  net::SpawnedTestServer https_server(
+      net::SpawnedTestServer::TYPE_HTTPS,
+      net::SpawnedTestServer::SSLOptions(
+          net::SpawnedTestServer::SSLOptions::CERT_OK),
+      base::FilePath());
+  ASSERT_TRUE(https_server.Start());
+  GURL https_url = https_server.GetURL(kAuthBasicPage);
+  ASSERT_EQ("127.0.0.1", https_url.host());
+
+  // Write an HTML file that redirects to the HTTPS url above.
+  base::ScopedTempDir temp_directory;
+  ASSERT_TRUE(temp_directory.CreateUniqueTempDir());
+  base::FilePath temp_file;
+  ASSERT_TRUE(
+      base::CreateTemporaryFileInDir(temp_directory.path(), &temp_file));
+  std::string html = base::StringPrintf(
+      "<html>"
+      "<script>window.location = '%s';</script>"
+      "</html>",
+      https_url.spec().c_str());
+  ASSERT_EQ(static_cast<int>(html.size()),
+            base::WriteFile(temp_file, html.data(), html.size()));
+  TestSSLState(browser(), net::FilePathToFileURL(temp_file), true,
+               SSL_STATUS_OK);
+}
+
+// Same as |SSLStateShouldUpdateOnDirectNavigation_BrokenSSL|, except the user
+// doesn't navigate directly to the HTTPS page. Instead, another page redirects
+// to the HTTPS page.
+IN_PROC_BROWSER_TEST_F(LoginPromptBrowserTest,
+                       SSLStateShouldUpdateOnRedirect_BrokenSSL) {
+  net::SpawnedTestServer https_server(
+      net::SpawnedTestServer::TYPE_HTTPS,
+      net::SpawnedTestServer::SSLOptions(
+          net::SpawnedTestServer::SSLOptions::CERT_CHAIN_WRONG_ROOT),
+      base::FilePath());
+  ASSERT_TRUE(https_server.Start());
+  GURL https_url = https_server.GetURL(kAuthBasicPage);
+  ASSERT_EQ("127.0.0.1", https_url.host());
+
+  // Write an HTML file that redirects to the HTTPS url above.
+  base::ScopedTempDir temp_directory;
+  ASSERT_TRUE(temp_directory.CreateUniqueTempDir());
+  base::FilePath temp_file;
+  ASSERT_TRUE(
+      base::CreateTemporaryFileInDir(temp_directory.path(), &temp_file));
+  std::string html = base::StringPrintf(
+      "<html>"
+      "<script>window.location = '%s';</script>"
+      "</html>",
+      https_url.spec().c_str());
+  ASSERT_EQ(static_cast<int>(html.size()),
+            base::WriteFile(temp_file, html.data(), html.size()));
+  TestSSLState(browser(), net::FilePathToFileURL(temp_file), true,
+               SSL_STATUS_BROKEN);
+}
+
 }  // namespace