| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/ssl/chrome_ssl_host_state_delegate.h" |
| 6 |
| 5 #include <stdint.h> | 7 #include <stdint.h> |
| 6 | 8 |
| 7 #include "base/command_line.h" | 9 #include "base/command_line.h" |
| 8 #include "base/strings/string_number_conversions.h" | 10 #include "base/strings/string_number_conversions.h" |
| 9 #include "base/test/simple_test_clock.h" | 11 #include "base/test/simple_test_clock.h" |
| 10 #include "chrome/browser/browsing_data/browsing_data_helper.h" | 12 #include "chrome/browser/browsing_data/browsing_data_helper.h" |
| 11 #include "chrome/browser/browsing_data/browsing_data_remover.h" | 13 #include "chrome/browser/browsing_data/browsing_data_remover.h" |
| 12 #include "chrome/browser/browsing_data/browsing_data_remover_test_util.h" | 14 #include "chrome/browser/browsing_data/browsing_data_remover_test_util.h" |
| 13 #include "chrome/browser/profiles/profile.h" | 15 #include "chrome/browser/profiles/profile.h" |
| 14 #include "chrome/browser/ssl/chrome_ssl_host_state_delegate.h" | |
| 15 #include "chrome/browser/ssl/chrome_ssl_host_state_delegate_factory.h" | 16 #include "chrome/browser/ssl/chrome_ssl_host_state_delegate_factory.h" |
| 16 #include "chrome/browser/ui/browser.h" | 17 #include "chrome/browser/ui/browser.h" |
| 17 #include "chrome/browser/ui/tabs/tab_strip_model.h" | 18 #include "chrome/browser/ui/tabs/tab_strip_model.h" |
| 18 #include "chrome/common/chrome_switches.h" | 19 #include "chrome/common/chrome_switches.h" |
| 19 #include "chrome/test/base/in_process_browser_test.h" | 20 #include "chrome/test/base/in_process_browser_test.h" |
| 20 #include "content/public/browser/ssl_host_state_delegate.h" | 21 #include "content/public/browser/ssl_host_state_delegate.h" |
| 21 #include "content/public/browser/web_contents.h" | 22 #include "content/public/browser/web_contents.h" |
| 22 #include "content/public/test/browser_test_utils.h" | 23 #include "content/public/test/browser_test_utils.h" |
| 23 #include "net/base/test_data_directory.h" | 24 #include "net/base/test_data_directory.h" |
| 24 #include "net/test/cert_test_util.h" | 25 #include "net/test/cert_test_util.h" |
| 25 #include "testing/gtest/include/gtest/gtest.h" | 26 #include "testing/gtest/include/gtest/gtest.h" |
| 26 | 27 |
| 27 namespace { | 28 namespace { |
| 28 | 29 |
| 29 const char kGoogleCertFile[] = "google.single.der"; | 30 const char kGoogleCertFile[] = "google.single.der"; |
| 30 | 31 |
| 31 const char kWWWGoogleHost[] = "www.google.com"; | 32 const char kWWWGoogleHost[] = "www.google.com"; |
| 32 const char kGoogleHost[] = "google.com"; | 33 const char kGoogleHost[] = "google.com"; |
| 33 const char kExampleHost[] = "example.com"; | 34 const char kExampleHost[] = "example.com"; |
| 34 | 35 |
| 35 const char* kForgetAtSessionEnd = "-1"; | 36 const char kForgetAtSessionEnd[] = "-1"; |
| 36 const char* kForgetInstantly = "0"; | 37 const char kForgetInstantly[] = "0"; |
| 37 const char* kDeltaSecondsString = "86400"; | 38 const char kDeltaSecondsString[] = "86400"; |
| 38 const uint64_t kDeltaOneDayInSeconds = UINT64_C(86400); | 39 const uint64_t kDeltaOneDayInSeconds = UINT64_C(86400); |
| 39 | 40 |
| 40 scoped_refptr<net::X509Certificate> GetGoogleCert() { | 41 scoped_refptr<net::X509Certificate> GetGoogleCert() { |
| 41 return net::ImportCertFromFile(net::GetTestCertsDirectory(), kGoogleCertFile); | 42 return net::ImportCertFromFile(net::GetTestCertsDirectory(), kGoogleCertFile); |
| 42 } | 43 } |
| 43 | 44 |
| 44 } // namespace | 45 } // namespace |
| 45 | 46 |
| 46 class ChromeSSLHostStateDelegateTest : public InProcessBrowserTest {}; | 47 class ChromeSSLHostStateDelegateTest : public InProcessBrowserTest {}; |
| 47 | 48 |
| (...skipping 11 matching lines...) Expand all Loading... |
| 59 content::WebContents* tab = | 60 content::WebContents* tab = |
| 60 browser()->tab_strip_model()->GetActiveWebContents(); | 61 browser()->tab_strip_model()->GetActiveWebContents(); |
| 61 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); | 62 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
| 62 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); | 63 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); |
| 63 bool unused_value; | 64 bool unused_value; |
| 64 | 65 |
| 65 // Verifying that all three of the certs we will be looking at are unknown | 66 // Verifying that all three of the certs we will be looking at are unknown |
| 66 // before any action has been taken. | 67 // before any action has been taken. |
| 67 EXPECT_EQ(net::CertPolicy::UNKNOWN, | 68 EXPECT_EQ(net::CertPolicy::UNKNOWN, |
| 68 state->QueryPolicy(kWWWGoogleHost, | 69 state->QueryPolicy(kWWWGoogleHost, |
| 69 google_cert.get(), | 70 *google_cert.get(), |
| 70 net::CERT_STATUS_DATE_INVALID, | 71 net::CERT_STATUS_DATE_INVALID, |
| 71 &unused_value)); | 72 &unused_value)); |
| 72 EXPECT_EQ(net::CertPolicy::UNKNOWN, | 73 EXPECT_EQ(net::CertPolicy::UNKNOWN, |
| 73 state->QueryPolicy(kGoogleHost, | 74 state->QueryPolicy(kGoogleHost, |
| 74 google_cert.get(), | 75 *google_cert.get(), |
| 75 net::CERT_STATUS_DATE_INVALID, | 76 net::CERT_STATUS_DATE_INVALID, |
| 76 &unused_value)); | 77 &unused_value)); |
| 77 EXPECT_EQ(net::CertPolicy::UNKNOWN, | 78 EXPECT_EQ(net::CertPolicy::UNKNOWN, |
| 78 state->QueryPolicy(kExampleHost, | 79 state->QueryPolicy(kExampleHost, |
| 79 google_cert.get(), | 80 *google_cert.get(), |
| 80 net::CERT_STATUS_DATE_INVALID, | 81 net::CERT_STATUS_DATE_INVALID, |
| 81 &unused_value)); | 82 &unused_value)); |
| 82 | 83 |
| 83 // Simulate a user decision to allow an invalid certificate exception for | 84 // Simulate a user decision to allow an invalid certificate exception for |
| 84 // kWWWGoogleHost. | 85 // kWWWGoogleHost. |
| 85 state->AllowCert( | 86 state->AllowCert( |
| 86 kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID); | 87 kWWWGoogleHost, *google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
| 87 | 88 |
| 88 // Verify that only kWWWGoogleHost is allowed and that the other two certs | 89 // Verify that only kWWWGoogleHost is allowed and that the other two certs |
| 89 // being tested still have no decision associated with them. | 90 // being tested still have no decision associated with them. |
| 90 EXPECT_EQ(net::CertPolicy::ALLOWED, | 91 EXPECT_EQ(net::CertPolicy::ALLOWED, |
| 91 state->QueryPolicy(kWWWGoogleHost, | 92 state->QueryPolicy(kWWWGoogleHost, |
| 92 google_cert.get(), | 93 *google_cert.get(), |
| 93 net::CERT_STATUS_DATE_INVALID, | 94 net::CERT_STATUS_DATE_INVALID, |
| 94 &unused_value)); | 95 &unused_value)); |
| 95 EXPECT_EQ(net::CertPolicy::UNKNOWN, | 96 EXPECT_EQ(net::CertPolicy::UNKNOWN, |
| 96 state->QueryPolicy(kGoogleHost, | 97 state->QueryPolicy(kGoogleHost, |
| 97 google_cert.get(), | 98 *google_cert.get(), |
| 98 net::CERT_STATUS_DATE_INVALID, | 99 net::CERT_STATUS_DATE_INVALID, |
| 99 &unused_value)); | 100 &unused_value)); |
| 100 EXPECT_EQ(net::CertPolicy::UNKNOWN, | 101 EXPECT_EQ(net::CertPolicy::UNKNOWN, |
| 101 state->QueryPolicy(kExampleHost, | 102 state->QueryPolicy(kExampleHost, |
| 102 google_cert.get(), | 103 *google_cert.get(), |
| 103 net::CERT_STATUS_DATE_INVALID, | 104 net::CERT_STATUS_DATE_INVALID, |
| 104 &unused_value)); | 105 &unused_value)); |
| 105 | 106 |
| 106 // Simulate a user decision to allow an invalid certificate exception for | 107 // Simulate a user decision to allow an invalid certificate exception for |
| 107 // kExampleHost. | 108 // kExampleHost. |
| 108 state->AllowCert( | 109 state->AllowCert( |
| 109 kExampleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID); | 110 kExampleHost, *google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
| 110 | 111 |
| 111 // Verify that both kWWWGoogleHost and kExampleHost have allow exceptions | 112 // Verify that both kWWWGoogleHost and kExampleHost have allow exceptions |
| 112 // while kGoogleHost still has no associated decision. | 113 // while kGoogleHost still has no associated decision. |
| 113 EXPECT_EQ(net::CertPolicy::ALLOWED, | 114 EXPECT_EQ(net::CertPolicy::ALLOWED, |
| 114 state->QueryPolicy(kWWWGoogleHost, | 115 state->QueryPolicy(kWWWGoogleHost, |
| 115 google_cert.get(), | 116 *google_cert.get(), |
| 116 net::CERT_STATUS_DATE_INVALID, | 117 net::CERT_STATUS_DATE_INVALID, |
| 117 &unused_value)); | 118 &unused_value)); |
| 118 EXPECT_EQ(net::CertPolicy::UNKNOWN, | 119 EXPECT_EQ(net::CertPolicy::UNKNOWN, |
| 119 state->QueryPolicy(kGoogleHost, | 120 state->QueryPolicy(kGoogleHost, |
| 120 google_cert.get(), | 121 *google_cert.get(), |
| 121 net::CERT_STATUS_DATE_INVALID, | 122 net::CERT_STATUS_DATE_INVALID, |
| 122 &unused_value)); | 123 &unused_value)); |
| 123 EXPECT_EQ(net::CertPolicy::ALLOWED, | 124 EXPECT_EQ(net::CertPolicy::ALLOWED, |
| 124 state->QueryPolicy(kExampleHost, | 125 state->QueryPolicy(kExampleHost, |
| 125 google_cert.get(), | 126 *google_cert.get(), |
| 126 net::CERT_STATUS_DATE_INVALID, | 127 net::CERT_STATUS_DATE_INVALID, |
| 127 &unused_value)); | 128 &unused_value)); |
| 128 | 129 |
| 129 // Simulate a user decision to deny an invalid certificate for kExampleHost. | 130 // Simulate a user decision to deny an invalid certificate for kExampleHost. |
| 130 state->DenyCert( | 131 state->DenyCert( |
| 131 kExampleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID); | 132 kExampleHost, *google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
| 132 | 133 |
| 133 // Verify that kWWWGoogleHost is allowed and kExampleHost is denied while | 134 // Verify that kWWWGoogleHost is allowed and kExampleHost is denied while |
| 134 // kGoogleHost still has no associated decision. | 135 // kGoogleHost still has no associated decision. |
| 135 EXPECT_EQ(net::CertPolicy::ALLOWED, | 136 EXPECT_EQ(net::CertPolicy::ALLOWED, |
| 136 state->QueryPolicy(kWWWGoogleHost, | 137 state->QueryPolicy(kWWWGoogleHost, |
| 137 google_cert.get(), | 138 *google_cert.get(), |
| 138 net::CERT_STATUS_DATE_INVALID, | 139 net::CERT_STATUS_DATE_INVALID, |
| 139 &unused_value)); | 140 &unused_value)); |
| 140 EXPECT_EQ(net::CertPolicy::UNKNOWN, | 141 EXPECT_EQ(net::CertPolicy::UNKNOWN, |
| 141 state->QueryPolicy(kGoogleHost, | 142 state->QueryPolicy(kGoogleHost, |
| 142 google_cert.get(), | 143 *google_cert.get(), |
| 143 net::CERT_STATUS_DATE_INVALID, | 144 net::CERT_STATUS_DATE_INVALID, |
| 144 &unused_value)); | 145 &unused_value)); |
| 145 EXPECT_EQ(net::CertPolicy::DENIED, | 146 EXPECT_EQ(net::CertPolicy::DENIED, |
| 146 state->QueryPolicy(kExampleHost, | 147 state->QueryPolicy(kExampleHost, |
| 147 google_cert.get(), | 148 *google_cert.get(), |
| 148 net::CERT_STATUS_DATE_INVALID, | 149 net::CERT_STATUS_DATE_INVALID, |
| 149 &unused_value)); | 150 &unused_value)); |
| 150 } | 151 } |
| 151 | 152 |
| 152 // HasPolicyAndRevoke unit tests the expected behavior of calling | 153 // HasPolicyAndRevoke unit tests the expected behavior of calling |
| 153 // HasUserDecision before and after calling RevokeUserDecisions on the | 154 // HasUserDecision before and after calling RevokeUserDecisions on the |
| 154 // SSLHostStateDelegate class. | 155 // SSLHostStateDelegate class. |
| 155 IN_PROC_BROWSER_TEST_F(ChromeSSLHostStateDelegateTest, HasPolicyAndRevoke) { | 156 IN_PROC_BROWSER_TEST_F(ChromeSSLHostStateDelegateTest, HasPolicyAndRevoke) { |
| 156 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); | 157 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); |
| 157 content::WebContents* tab = | 158 content::WebContents* tab = |
| 158 browser()->tab_strip_model()->GetActiveWebContents(); | 159 browser()->tab_strip_model()->GetActiveWebContents(); |
| 159 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); | 160 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
| 160 ChromeSSLHostStateDelegate* state = | 161 ChromeSSLHostStateDelegate* state = |
| 161 ChromeSSLHostStateDelegateFactory::GetForProfile(profile); | 162 ChromeSSLHostStateDelegateFactory::GetForProfile(profile); |
| 162 bool unused_value; | 163 bool unused_value; |
| 163 | 164 |
| 164 // Simulate a user decision to allow an invalid certificate exception for | 165 // Simulate a user decision to allow an invalid certificate exception for |
| 165 // kWWWGoogleHost and for kExampleHost. | 166 // kWWWGoogleHost and for kExampleHost. |
| 166 state->AllowCert( | 167 state->AllowCert( |
| 167 kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID); | 168 kWWWGoogleHost, *google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
| 168 state->AllowCert( | 169 state->AllowCert( |
| 169 kExampleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID); | 170 kExampleHost, *google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
| 170 | 171 |
| 171 // Verify that HasUserDecision correctly acknowledges that a user decision has | 172 // Verify that HasUserDecision correctly acknowledges that a user decision has |
| 172 // been made about kWWWGoogleHost. Then verify that HasUserDecision correctly | 173 // been made about kWWWGoogleHost. Then verify that HasUserDecision correctly |
| 173 // identifies that the decision has been revoked. | 174 // identifies that the decision has been revoked. |
| 174 EXPECT_TRUE(state->HasUserDecision(kWWWGoogleHost)); | 175 EXPECT_TRUE(state->HasUserDecision(kWWWGoogleHost)); |
| 175 state->RevokeUserDecisions(kWWWGoogleHost); | 176 state->RevokeUserDecisions(kWWWGoogleHost); |
| 176 EXPECT_FALSE(state->HasUserDecision(kWWWGoogleHost)); | 177 EXPECT_FALSE(state->HasUserDecision(kWWWGoogleHost)); |
| 177 EXPECT_EQ(net::CertPolicy::UNKNOWN, | 178 EXPECT_EQ(net::CertPolicy::UNKNOWN, |
| 178 state->QueryPolicy(kWWWGoogleHost, | 179 state->QueryPolicy(kWWWGoogleHost, |
| 179 google_cert.get(), | 180 *google_cert.get(), |
| 180 net::CERT_STATUS_DATE_INVALID, | 181 net::CERT_STATUS_DATE_INVALID, |
| 181 &unused_value)); | 182 &unused_value)); |
| 182 | 183 |
| 183 // Verify that the revocation of the kWWWGoogleHost decision does not affect | 184 // Verify that the revocation of the kWWWGoogleHost decision does not affect |
| 184 // the Allow for kExampleHost. | 185 // the Allow for kExampleHost. |
| 185 EXPECT_TRUE(state->HasUserDecision(kExampleHost)); | 186 EXPECT_TRUE(state->HasUserDecision(kExampleHost)); |
| 186 | 187 |
| 187 // Verify the revocation of the kWWWGoogleHost decision does not affect the | 188 // Verify the revocation of the kWWWGoogleHost decision does not affect the |
| 188 // non-decision for kGoogleHost. Then verify that a revocation of a URL with | 189 // non-decision for kGoogleHost. Then verify that a revocation of a URL with |
| 189 // no decision has no effect. | 190 // no decision has no effect. |
| 190 EXPECT_FALSE(state->HasUserDecision(kGoogleHost)); | 191 EXPECT_FALSE(state->HasUserDecision(kGoogleHost)); |
| 191 state->RevokeUserDecisions(kGoogleHost); | 192 state->RevokeUserDecisions(kGoogleHost); |
| 192 EXPECT_FALSE(state->HasUserDecision(kGoogleHost)); | 193 EXPECT_FALSE(state->HasUserDecision(kGoogleHost)); |
| 193 } | 194 } |
| 194 | 195 |
| 195 // Clear unit tests the expected behavior of calling Clear to forget all cert | 196 // Clear unit tests the expected behavior of calling Clear to forget all cert |
| 196 // decision state on the SSLHostStateDelegate class. | 197 // decision state on the SSLHostStateDelegate class. |
| 197 IN_PROC_BROWSER_TEST_F(ChromeSSLHostStateDelegateTest, Clear) { | 198 IN_PROC_BROWSER_TEST_F(ChromeSSLHostStateDelegateTest, Clear) { |
| 198 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); | 199 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); |
| 199 content::WebContents* tab = | 200 content::WebContents* tab = |
| 200 browser()->tab_strip_model()->GetActiveWebContents(); | 201 browser()->tab_strip_model()->GetActiveWebContents(); |
| 201 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); | 202 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
| 202 ChromeSSLHostStateDelegate* state = | 203 ChromeSSLHostStateDelegate* state = |
| 203 ChromeSSLHostStateDelegateFactory::GetForProfile(profile); | 204 ChromeSSLHostStateDelegateFactory::GetForProfile(profile); |
| 204 bool unused_value; | 205 bool unused_value; |
| 205 | 206 |
| 206 // Simulate a user decision to allow an invalid certificate exception for | 207 // Simulate a user decision to allow an invalid certificate exception for |
| 207 // kWWWGoogleHost and for kExampleHost. | 208 // kWWWGoogleHost and for kExampleHost. |
| 208 state->AllowCert( | 209 state->AllowCert( |
| 209 kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID); | 210 kWWWGoogleHost, *google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
| 210 | 211 |
| 211 // Do a full clear, then make sure that both kWWWGoogleHost, which had a | 212 // Do a full clear, then make sure that both kWWWGoogleHost, which had a |
| 212 // decision made, and kExampleHost, which was untouched, are now in a | 213 // decision made, and kExampleHost, which was untouched, are now in a |
| 213 // non-decision state. | 214 // non-decision state. |
| 214 state->Clear(); | 215 state->Clear(); |
| 215 EXPECT_FALSE(state->HasUserDecision(kWWWGoogleHost)); | 216 EXPECT_FALSE(state->HasUserDecision(kWWWGoogleHost)); |
| 216 EXPECT_EQ(net::CertPolicy::UNKNOWN, | 217 EXPECT_EQ(net::CertPolicy::UNKNOWN, |
| 217 state->QueryPolicy(kWWWGoogleHost, | 218 state->QueryPolicy(kWWWGoogleHost, |
| 218 google_cert.get(), | 219 *google_cert.get(), |
| 219 net::CERT_STATUS_DATE_INVALID, | 220 net::CERT_STATUS_DATE_INVALID, |
| 220 &unused_value)); | 221 &unused_value)); |
| 221 EXPECT_FALSE(state->HasUserDecision(kExampleHost)); | 222 EXPECT_FALSE(state->HasUserDecision(kExampleHost)); |
| 222 EXPECT_EQ(net::CertPolicy::UNKNOWN, | 223 EXPECT_EQ(net::CertPolicy::UNKNOWN, |
| 223 state->QueryPolicy(kExampleHost, | 224 state->QueryPolicy(kExampleHost, |
| 224 google_cert.get(), | 225 *google_cert.get(), |
| 225 net::CERT_STATUS_DATE_INVALID, | 226 net::CERT_STATUS_DATE_INVALID, |
| 226 &unused_value)); | 227 &unused_value)); |
| 227 } | 228 } |
| 228 | 229 |
| 229 // DidHostRunInsecureContent unit tests the expected behavior of calling | 230 // DidHostRunInsecureContent unit tests the expected behavior of calling |
| 230 // DidHostRunInsecureContent as well as HostRanInsecureContent to check if | 231 // DidHostRunInsecureContent as well as HostRanInsecureContent to check if |
| 231 // insecure content has been run and to mark it as such. | 232 // insecure content has been run and to mark it as such. |
| 232 IN_PROC_BROWSER_TEST_F(ChromeSSLHostStateDelegateTest, | 233 IN_PROC_BROWSER_TEST_F(ChromeSSLHostStateDelegateTest, |
| 233 DidHostRunInsecureContent) { | 234 DidHostRunInsecureContent) { |
| 234 content::WebContents* tab = | 235 content::WebContents* tab = |
| (...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 268 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); | 269 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); |
| 269 content::WebContents* tab = | 270 content::WebContents* tab = |
| 270 browser()->tab_strip_model()->GetActiveWebContents(); | 271 browser()->tab_strip_model()->GetActiveWebContents(); |
| 271 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); | 272 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
| 272 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); | 273 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); |
| 273 bool unused_value; | 274 bool unused_value; |
| 274 | 275 |
| 275 // Add a cert exception to the profile and then verify that it still exists | 276 // Add a cert exception to the profile and then verify that it still exists |
| 276 // in the incognito profile. | 277 // in the incognito profile. |
| 277 state->AllowCert( | 278 state->AllowCert( |
| 278 kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID); | 279 kWWWGoogleHost, *google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
| 279 | 280 |
| 280 scoped_ptr<Profile> incognito(profile->CreateOffTheRecordProfile()); | 281 scoped_ptr<Profile> incognito(profile->CreateOffTheRecordProfile()); |
| 281 content::SSLHostStateDelegate* incognito_state = | 282 content::SSLHostStateDelegate* incognito_state = |
| 282 incognito->GetSSLHostStateDelegate(); | 283 incognito->GetSSLHostStateDelegate(); |
| 283 | 284 |
| 284 EXPECT_EQ(net::CertPolicy::ALLOWED, | 285 EXPECT_EQ(net::CertPolicy::ALLOWED, |
| 285 incognito_state->QueryPolicy(kWWWGoogleHost, | 286 incognito_state->QueryPolicy(kWWWGoogleHost, |
| 286 google_cert.get(), | 287 *google_cert.get(), |
| 287 net::CERT_STATUS_DATE_INVALID, | 288 net::CERT_STATUS_DATE_INVALID, |
| 288 &unused_value)); | 289 &unused_value)); |
| 289 | 290 |
| 290 // Add a cert exception to the incognito profile. It will be checked after | 291 // Add a cert exception to the incognito profile. It will be checked after |
| 291 // restart that this exception does not exist. Note the different cert URL and | 292 // restart that this exception does not exist. Note the different cert URL and |
| 292 // error than above thus mapping to a second exception. Also validate that it | 293 // error than above thus mapping to a second exception. Also validate that it |
| 293 // was not added as an exception to the regular profile. | 294 // was not added as an exception to the regular profile. |
| 294 incognito_state->AllowCert( | 295 incognito_state->AllowCert( |
| 295 kGoogleHost, google_cert.get(), net::CERT_STATUS_COMMON_NAME_INVALID); | 296 kGoogleHost, *google_cert.get(), net::CERT_STATUS_COMMON_NAME_INVALID); |
| 296 | 297 |
| 297 EXPECT_EQ(net::CertPolicy::UNKNOWN, | 298 EXPECT_EQ(net::CertPolicy::UNKNOWN, |
| 298 state->QueryPolicy(kGoogleHost, | 299 state->QueryPolicy(kGoogleHost, |
| 299 google_cert.get(), | 300 *google_cert.get(), |
| 300 net::CERT_STATUS_COMMON_NAME_INVALID, | 301 net::CERT_STATUS_COMMON_NAME_INVALID, |
| 301 &unused_value)); | 302 &unused_value)); |
| 302 } | 303 } |
| 303 | 304 |
| 304 // AfterRestart ensures that any cert decisions made in an incognito profile are | 305 // AfterRestart ensures that any cert decisions made in an incognito profile are |
| 305 // forgetten after a session restart even if given a command line flag to | 306 // forgetten after a session restart even if given a command line flag to |
| 306 // remember cert decisions after restart. | 307 // remember cert decisions after restart. |
| 307 IN_PROC_BROWSER_TEST_F(IncognitoSSLHostStateDelegateTest, AfterRestart) { | 308 IN_PROC_BROWSER_TEST_F(IncognitoSSLHostStateDelegateTest, AfterRestart) { |
| 308 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); | 309 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); |
| 309 content::WebContents* tab = | 310 content::WebContents* tab = |
| 310 browser()->tab_strip_model()->GetActiveWebContents(); | 311 browser()->tab_strip_model()->GetActiveWebContents(); |
| 311 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); | 312 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
| 312 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); | 313 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); |
| 313 bool unused_value; | 314 bool unused_value; |
| 314 | 315 |
| 315 // Verify that the exception added before restart to the regular | 316 // Verify that the exception added before restart to the regular |
| 316 // (non-incognito) profile still exists and was not cleared after the | 317 // (non-incognito) profile still exists and was not cleared after the |
| 317 // incognito session ended. | 318 // incognito session ended. |
| 318 EXPECT_EQ(net::CertPolicy::ALLOWED, | 319 EXPECT_EQ(net::CertPolicy::ALLOWED, |
| 319 state->QueryPolicy(kWWWGoogleHost, | 320 state->QueryPolicy(kWWWGoogleHost, |
| 320 google_cert.get(), | 321 *google_cert.get(), |
| 321 net::CERT_STATUS_DATE_INVALID, | 322 net::CERT_STATUS_DATE_INVALID, |
| 322 &unused_value)); | 323 &unused_value)); |
| 323 | 324 |
| 324 scoped_ptr<Profile> incognito(profile->CreateOffTheRecordProfile()); | 325 scoped_ptr<Profile> incognito(profile->CreateOffTheRecordProfile()); |
| 325 content::SSLHostStateDelegate* incognito_state = | 326 content::SSLHostStateDelegate* incognito_state = |
| 326 incognito->GetSSLHostStateDelegate(); | 327 incognito->GetSSLHostStateDelegate(); |
| 327 | 328 |
| 328 // Verify that the exception added before restart to the incognito profile was | 329 // Verify that the exception added before restart to the incognito profile was |
| 329 // cleared when the incognito session ended. | 330 // cleared when the incognito session ended. |
| 330 EXPECT_EQ(net::CertPolicy::UNKNOWN, | 331 EXPECT_EQ(net::CertPolicy::UNKNOWN, |
| 331 incognito_state->QueryPolicy(kGoogleHost, | 332 incognito_state->QueryPolicy(kGoogleHost, |
| 332 google_cert.get(), | 333 *google_cert.get(), |
| 333 net::CERT_STATUS_COMMON_NAME_INVALID, | 334 net::CERT_STATUS_COMMON_NAME_INVALID, |
| 334 &unused_value)); | 335 &unused_value)); |
| 335 } | 336 } |
| 336 | 337 |
| 337 // Tests to make sure that if the remember value is set to -1, any decisions | 338 // Tests to make sure that if the remember value is set to -1, any decisions |
| 338 // won't be remembered over a restart. | 339 // won't be remembered over a restart. |
| 339 class ForGetSSLHostStateDelegateTest : public ChromeSSLHostStateDelegateTest { | 340 class ForGetSSLHostStateDelegateTest : public ChromeSSLHostStateDelegateTest { |
| 340 protected: | 341 protected: |
| 341 virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE { | 342 virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE { |
| 342 ChromeSSLHostStateDelegateTest::SetUpCommandLine(command_line); | 343 ChromeSSLHostStateDelegateTest::SetUpCommandLine(command_line); |
| 343 command_line->AppendSwitchASCII(switches::kRememberCertErrorDecisions, | 344 command_line->AppendSwitchASCII(switches::kRememberCertErrorDecisions, |
| 344 kForgetAtSessionEnd); | 345 kForgetAtSessionEnd); |
| 345 } | 346 } |
| 346 }; | 347 }; |
| 347 | 348 |
| 348 IN_PROC_BROWSER_TEST_F(ForGetSSLHostStateDelegateTest, PRE_AfterRestart) { | 349 IN_PROC_BROWSER_TEST_F(ForGetSSLHostStateDelegateTest, PRE_AfterRestart) { |
| 349 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); | 350 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); |
| 350 content::WebContents* tab = | 351 content::WebContents* tab = |
| 351 browser()->tab_strip_model()->GetActiveWebContents(); | 352 browser()->tab_strip_model()->GetActiveWebContents(); |
| 352 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); | 353 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
| 353 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); | 354 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); |
| 354 bool unused_value; | 355 bool unused_value; |
| 355 | 356 |
| 356 state->AllowCert( | 357 state->AllowCert( |
| 357 kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID); | 358 kWWWGoogleHost, *google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
| 358 EXPECT_EQ(net::CertPolicy::ALLOWED, | 359 EXPECT_EQ(net::CertPolicy::ALLOWED, |
| 359 state->QueryPolicy(kWWWGoogleHost, | 360 state->QueryPolicy(kWWWGoogleHost, |
| 360 google_cert.get(), | 361 *google_cert.get(), |
| 361 net::CERT_STATUS_DATE_INVALID, | 362 net::CERT_STATUS_DATE_INVALID, |
| 362 &unused_value)); | 363 &unused_value)); |
| 363 } | 364 } |
| 364 | 365 |
| 365 IN_PROC_BROWSER_TEST_F(ForGetSSLHostStateDelegateTest, AfterRestart) { | 366 IN_PROC_BROWSER_TEST_F(ForGetSSLHostStateDelegateTest, AfterRestart) { |
| 366 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); | 367 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); |
| 367 content::WebContents* tab = | 368 content::WebContents* tab = |
| 368 browser()->tab_strip_model()->GetActiveWebContents(); | 369 browser()->tab_strip_model()->GetActiveWebContents(); |
| 369 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); | 370 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
| 370 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); | 371 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); |
| 371 bool unused_value; | 372 bool unused_value; |
| 372 | 373 |
| 373 // The cert should now be |UNKONWN| because the profile is set to forget cert | 374 // The cert should now be |UNKONWN| because the profile is set to forget cert |
| 374 // exceptions after session end. | 375 // exceptions after session end. |
| 375 EXPECT_EQ(net::CertPolicy::UNKNOWN, | 376 EXPECT_EQ(net::CertPolicy::UNKNOWN, |
| 376 state->QueryPolicy(kWWWGoogleHost, | 377 state->QueryPolicy(kWWWGoogleHost, |
| 377 google_cert.get(), | 378 *google_cert.get(), |
| 378 net::CERT_STATUS_DATE_INVALID, | 379 net::CERT_STATUS_DATE_INVALID, |
| 379 &unused_value)); | 380 &unused_value)); |
| 380 } | 381 } |
| 381 | 382 |
| 382 // Tests to make sure that if the remember value is set to 0, any decisions made | 383 // Tests to make sure that if the remember value is set to 0, any decisions made |
| 383 // will be forgetten immediately. | 384 // will be forgetten immediately. |
| 384 class ForgetInstantlySSLHostStateDelegateTest | 385 class ForgetInstantlySSLHostStateDelegateTest |
| 385 : public ChromeSSLHostStateDelegateTest { | 386 : public ChromeSSLHostStateDelegateTest { |
| 386 protected: | 387 protected: |
| 387 virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE { | 388 virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE { |
| (...skipping 16 matching lines...) Expand all Loading... |
| 404 base::SimpleTestClock* clock = new base::SimpleTestClock(); | 405 base::SimpleTestClock* clock = new base::SimpleTestClock(); |
| 405 ChromeSSLHostStateDelegate* chrome_state = | 406 ChromeSSLHostStateDelegate* chrome_state = |
| 406 static_cast<ChromeSSLHostStateDelegate*>(state); | 407 static_cast<ChromeSSLHostStateDelegate*>(state); |
| 407 chrome_state->SetClock(scoped_ptr<base::Clock>(clock)); | 408 chrome_state->SetClock(scoped_ptr<base::Clock>(clock)); |
| 408 | 409 |
| 409 // Start the clock at standard system time but do not advance at all to | 410 // Start the clock at standard system time but do not advance at all to |
| 410 // emphasize that instant forget works. | 411 // emphasize that instant forget works. |
| 411 clock->SetNow(base::Time::NowFromSystemTime()); | 412 clock->SetNow(base::Time::NowFromSystemTime()); |
| 412 | 413 |
| 413 state->AllowCert( | 414 state->AllowCert( |
| 414 kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID); | 415 kWWWGoogleHost, *google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
| 415 EXPECT_EQ(net::CertPolicy::UNKNOWN, | 416 EXPECT_EQ(net::CertPolicy::UNKNOWN, |
| 416 state->QueryPolicy(kWWWGoogleHost, | 417 state->QueryPolicy(kWWWGoogleHost, |
| 417 google_cert.get(), | 418 *google_cert.get(), |
| 418 net::CERT_STATUS_DATE_INVALID, | 419 net::CERT_STATUS_DATE_INVALID, |
| 419 &unused_value)); | 420 &unused_value)); |
| 420 } | 421 } |
| 421 | 422 |
| 422 // Tests to make sure that if the remember value is set to a non-zero value0, | 423 // Tests to make sure that if the remember value is set to a non-zero value0, |
| 423 // any decisions will be remembered over a restart, but only for the length | 424 // any decisions will be remembered over a restart, but only for the length |
| 424 // specified. | 425 // specified. |
| 425 class RememberSSLHostStateDelegateTest : public ChromeSSLHostStateDelegateTest { | 426 class RememberSSLHostStateDelegateTest : public ChromeSSLHostStateDelegateTest { |
| 426 protected: | 427 protected: |
| 427 virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE { | 428 virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE { |
| 428 ChromeSSLHostStateDelegateTest::SetUpCommandLine(command_line); | 429 ChromeSSLHostStateDelegateTest::SetUpCommandLine(command_line); |
| 429 command_line->AppendSwitchASCII(switches::kRememberCertErrorDecisions, | 430 command_line->AppendSwitchASCII(switches::kRememberCertErrorDecisions, |
| 430 kDeltaSecondsString); | 431 kDeltaSecondsString); |
| 431 } | 432 } |
| 432 }; | 433 }; |
| 433 | 434 |
| 434 IN_PROC_BROWSER_TEST_F(RememberSSLHostStateDelegateTest, PRE_AfterRestart) { | 435 IN_PROC_BROWSER_TEST_F(RememberSSLHostStateDelegateTest, PRE_AfterRestart) { |
| 435 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); | 436 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); |
| 436 content::WebContents* tab = | 437 content::WebContents* tab = |
| 437 browser()->tab_strip_model()->GetActiveWebContents(); | 438 browser()->tab_strip_model()->GetActiveWebContents(); |
| 438 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); | 439 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
| 439 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); | 440 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); |
| 440 bool unused_value; | 441 bool unused_value; |
| 441 | 442 |
| 442 state->AllowCert( | 443 state->AllowCert( |
| 443 kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID); | 444 kWWWGoogleHost, *google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
| 444 EXPECT_EQ(net::CertPolicy::ALLOWED, | 445 EXPECT_EQ(net::CertPolicy::ALLOWED, |
| 445 state->QueryPolicy(kWWWGoogleHost, | 446 state->QueryPolicy(kWWWGoogleHost, |
| 446 google_cert.get(), | 447 *google_cert.get(), |
| 447 net::CERT_STATUS_DATE_INVALID, | 448 net::CERT_STATUS_DATE_INVALID, |
| 448 &unused_value)); | 449 &unused_value)); |
| 449 } | 450 } |
| 450 | 451 |
| 451 IN_PROC_BROWSER_TEST_F(RememberSSLHostStateDelegateTest, AfterRestart) { | 452 IN_PROC_BROWSER_TEST_F(RememberSSLHostStateDelegateTest, AfterRestart) { |
| 452 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); | 453 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); |
| 453 content::WebContents* tab = | 454 content::WebContents* tab = |
| 454 browser()->tab_strip_model()->GetActiveWebContents(); | 455 browser()->tab_strip_model()->GetActiveWebContents(); |
| 455 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); | 456 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
| 456 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); | 457 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); |
| 457 bool unused_value; | 458 bool unused_value; |
| 458 | 459 |
| 459 // chrome_state takes ownership of this clock | 460 // chrome_state takes ownership of this clock |
| 460 base::SimpleTestClock* clock = new base::SimpleTestClock(); | 461 base::SimpleTestClock* clock = new base::SimpleTestClock(); |
| 461 ChromeSSLHostStateDelegate* chrome_state = | 462 ChromeSSLHostStateDelegate* chrome_state = |
| 462 static_cast<ChromeSSLHostStateDelegate*>(state); | 463 static_cast<ChromeSSLHostStateDelegate*>(state); |
| 463 chrome_state->SetClock(scoped_ptr<base::Clock>(clock)); | 464 chrome_state->SetClock(scoped_ptr<base::Clock>(clock)); |
| 464 | 465 |
| 465 // Start the clock at standard system time. | 466 // Start the clock at standard system time. |
| 466 clock->SetNow(base::Time::NowFromSystemTime()); | 467 clock->SetNow(base::Time::NowFromSystemTime()); |
| 467 | 468 |
| 468 // This should only pass if the cert was allowed before the test was restart | 469 // This should only pass if the cert was allowed before the test was restart |
| 469 // and thus has now been rememebered across browser restarts. | 470 // and thus has now been rememebered across browser restarts. |
| 470 EXPECT_EQ(net::CertPolicy::ALLOWED, | 471 EXPECT_EQ(net::CertPolicy::ALLOWED, |
| 471 state->QueryPolicy(kWWWGoogleHost, | 472 state->QueryPolicy(kWWWGoogleHost, |
| 472 google_cert.get(), | 473 *google_cert.get(), |
| 473 net::CERT_STATUS_DATE_INVALID, | 474 net::CERT_STATUS_DATE_INVALID, |
| 474 &unused_value)); | 475 &unused_value)); |
| 475 | 476 |
| 476 // Simulate the clock advancing by the specified delta. | 477 // Simulate the clock advancing by the specified delta. |
| 477 clock->Advance(base::TimeDelta::FromSeconds(kDeltaOneDayInSeconds + 1)); | 478 clock->Advance(base::TimeDelta::FromSeconds(kDeltaOneDayInSeconds + 1)); |
| 478 | 479 |
| 479 // The cert should now be |UNKONWN| because the specified delta has passed. | 480 // The cert should now be |UNKONWN| because the specified delta has passed. |
| 480 EXPECT_EQ(net::CertPolicy::UNKNOWN, | 481 EXPECT_EQ(net::CertPolicy::UNKNOWN, |
| 481 state->QueryPolicy(kWWWGoogleHost, | 482 state->QueryPolicy(kWWWGoogleHost, |
| 482 google_cert.get(), | 483 *google_cert.get(), |
| 483 net::CERT_STATUS_DATE_INVALID, | 484 net::CERT_STATUS_DATE_INVALID, |
| 484 &unused_value)); | 485 &unused_value)); |
| 485 } | 486 } |
| 486 | 487 |
| 487 // QueryPolicyExpired unit tests to make sure that if a certificate decision has | 488 // QueryPolicyExpired unit tests to make sure that if a certificate decision has |
| 488 // expired, the return value from QueryPolicy returns the correct vaule. | 489 // expired, the return value from QueryPolicy returns the correct vaule. |
| 489 IN_PROC_BROWSER_TEST_F(RememberSSLHostStateDelegateTest, QueryPolicyExpired) { | 490 IN_PROC_BROWSER_TEST_F(RememberSSLHostStateDelegateTest, QueryPolicyExpired) { |
| 490 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); | 491 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); |
| 491 content::WebContents* tab = | 492 content::WebContents* tab = |
| 492 browser()->tab_strip_model()->GetActiveWebContents(); | 493 browser()->tab_strip_model()->GetActiveWebContents(); |
| 493 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); | 494 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
| 494 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); | 495 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); |
| 495 bool expired_previous_decision; | 496 bool expired_previous_decision; |
| 496 | 497 |
| 497 // chrome_state takes ownership of this clock | 498 // chrome_state takes ownership of this clock |
| 498 base::SimpleTestClock* clock = new base::SimpleTestClock(); | 499 base::SimpleTestClock* clock = new base::SimpleTestClock(); |
| 499 ChromeSSLHostStateDelegate* chrome_state = | 500 ChromeSSLHostStateDelegate* chrome_state = |
| 500 static_cast<ChromeSSLHostStateDelegate*>(state); | 501 static_cast<ChromeSSLHostStateDelegate*>(state); |
| 501 chrome_state->SetClock(scoped_ptr<base::Clock>(clock)); | 502 chrome_state->SetClock(scoped_ptr<base::Clock>(clock)); |
| 502 | 503 |
| 503 // Start the clock at standard system time but do not advance at all to | 504 // Start the clock at standard system time but do not advance at all to |
| 504 // emphasize that instant forget works. | 505 // emphasize that instant forget works. |
| 505 clock->SetNow(base::Time::NowFromSystemTime()); | 506 clock->SetNow(base::Time::NowFromSystemTime()); |
| 506 | 507 |
| 507 // The certificate has never been seen before, so it should be UNKONWN and | 508 // The certificate has never been seen before, so it should be UNKONWN and |
| 508 // should also indicate that it hasn't expired. | 509 // should also indicate that it hasn't expired. |
| 509 EXPECT_EQ(net::CertPolicy::UNKNOWN, | 510 EXPECT_EQ(net::CertPolicy::UNKNOWN, |
| 510 state->QueryPolicy(kWWWGoogleHost, | 511 state->QueryPolicy(kWWWGoogleHost, |
| 511 google_cert.get(), | 512 *google_cert.get(), |
| 512 net::CERT_STATUS_DATE_INVALID, | 513 net::CERT_STATUS_DATE_INVALID, |
| 513 &expired_previous_decision)); | 514 &expired_previous_decision)); |
| 514 EXPECT_FALSE(expired_previous_decision); | 515 EXPECT_FALSE(expired_previous_decision); |
| 515 | 516 |
| 516 // After allowing the certificate, a query should say that it is allowed and | 517 // After allowing the certificate, a query should say that it is allowed and |
| 517 // also specify that it hasn't expired. | 518 // also specify that it hasn't expired. |
| 518 state->AllowCert( | 519 state->AllowCert( |
| 519 kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID); | 520 kWWWGoogleHost, *google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
| 520 EXPECT_EQ(net::CertPolicy::ALLOWED, | 521 EXPECT_EQ(net::CertPolicy::ALLOWED, |
| 521 state->QueryPolicy(kWWWGoogleHost, | 522 state->QueryPolicy(kWWWGoogleHost, |
| 522 google_cert.get(), | 523 *google_cert.get(), |
| 523 net::CERT_STATUS_DATE_INVALID, | 524 net::CERT_STATUS_DATE_INVALID, |
| 524 &expired_previous_decision)); | 525 &expired_previous_decision)); |
| 525 EXPECT_FALSE(expired_previous_decision); | 526 EXPECT_FALSE(expired_previous_decision); |
| 526 | 527 |
| 527 // Simulate the clock advancing by the specified delta. | 528 // Simulate the clock advancing by the specified delta. |
| 528 clock->Advance(base::TimeDelta::FromSeconds(kDeltaOneDayInSeconds + 1)); | 529 clock->Advance(base::TimeDelta::FromSeconds(kDeltaOneDayInSeconds + 1)); |
| 529 | 530 |
| 530 // The decision expiration time has come, so it should indicate that the | 531 // The decision expiration time has come, so it should indicate that the |
| 531 // certificate and error are UNKOWN but also that they expired since the last | 532 // certificate and error are UNKOWN but also that they expired since the last |
| 532 // query. | 533 // query. |
| 533 EXPECT_EQ(net::CertPolicy::UNKNOWN, | 534 EXPECT_EQ(net::CertPolicy::UNKNOWN, |
| 534 state->QueryPolicy(kWWWGoogleHost, | 535 state->QueryPolicy(kWWWGoogleHost, |
| 535 google_cert.get(), | 536 *google_cert.get(), |
| 536 net::CERT_STATUS_DATE_INVALID, | 537 net::CERT_STATUS_DATE_INVALID, |
| 537 &expired_previous_decision)); | 538 &expired_previous_decision)); |
| 538 EXPECT_TRUE(expired_previous_decision); | 539 EXPECT_TRUE(expired_previous_decision); |
| 539 | 540 |
| 540 // However, with a new query, it should indicate that no new expiration has | 541 // However, with a new query, it should indicate that no new expiration has |
| 541 // occurred. | 542 // occurred. |
| 542 EXPECT_EQ(net::CertPolicy::UNKNOWN, | 543 EXPECT_EQ(net::CertPolicy::UNKNOWN, |
| 543 state->QueryPolicy(kWWWGoogleHost, | 544 state->QueryPolicy(kWWWGoogleHost, |
| 544 google_cert.get(), | 545 *google_cert.get(), |
| 545 net::CERT_STATUS_DATE_INVALID, | 546 net::CERT_STATUS_DATE_INVALID, |
| 546 &expired_previous_decision)); | 547 &expired_previous_decision)); |
| 547 EXPECT_FALSE(expired_previous_decision); | 548 EXPECT_FALSE(expired_previous_decision); |
| 548 } | 549 } |
| 549 | 550 |
| 550 // Tests to make sure that if the user deletes their browser history, SSL | 551 // Tests to make sure that if the user deletes their browser history, SSL |
| 551 // exceptions will be deleted as well. | 552 // exceptions will be deleted as well. |
| 552 class RemoveBrowsingHistorySSLHostStateDelegateTest | 553 class RemoveBrowsingHistorySSLHostStateDelegateTest |
| 553 : public ChromeSSLHostStateDelegateTest { | 554 : public ChromeSSLHostStateDelegateTest { |
| 554 public: | 555 public: |
| (...skipping 12 matching lines...) Expand all Loading... |
| 567 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); | 568 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); |
| 568 content::WebContents* tab = | 569 content::WebContents* tab = |
| 569 browser()->tab_strip_model()->GetActiveWebContents(); | 570 browser()->tab_strip_model()->GetActiveWebContents(); |
| 570 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); | 571 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
| 571 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); | 572 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); |
| 572 bool unused_value; | 573 bool unused_value; |
| 573 | 574 |
| 574 // Add an exception for an invalid certificate. Then remove the last hour's | 575 // Add an exception for an invalid certificate. Then remove the last hour's |
| 575 // worth of browsing history and verify that the exception has been deleted. | 576 // worth of browsing history and verify that the exception has been deleted. |
| 576 state->AllowCert( | 577 state->AllowCert( |
| 577 kGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID); | 578 kGoogleHost, *google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
| 578 RemoveAndWait(profile); | 579 RemoveAndWait(profile); |
| 579 EXPECT_EQ(net::CertPolicy::UNKNOWN, | 580 EXPECT_EQ(net::CertPolicy::UNKNOWN, |
| 580 state->QueryPolicy(kGoogleHost, | 581 state->QueryPolicy(kGoogleHost, |
| 581 google_cert.get(), | 582 *google_cert.get(), |
| 582 net::CERT_STATUS_DATE_INVALID, | 583 net::CERT_STATUS_DATE_INVALID, |
| 583 &unused_value)); | 584 &unused_value)); |
| 584 } | 585 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 441043005:
Cleanup of SSLHostStateDelegate and related code (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src