| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <stdint.h> | 5 #include <stdint.h> |
| 6 | 6 |
| 7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
| 8 #include "base/strings/string_number_conversions.h" | 8 #include "base/strings/string_number_conversions.h" |
| 9 #include "base/test/simple_test_clock.h" | 9 #include "base/test/simple_test_clock.h" |
| 10 #include "chrome/browser/browsing_data/browsing_data_helper.h" | 10 #include "chrome/browser/browsing_data/browsing_data_helper.h" |
| (...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 53 // ChromeSSLHostStateDelegate which is provided per-profile. | 53 // ChromeSSLHostStateDelegate which is provided per-profile. |
| 54 // | 54 // |
| 55 // QueryPolicy unit tests the expected behavior of calling QueryPolicy on the | 55 // QueryPolicy unit tests the expected behavior of calling QueryPolicy on the |
| 56 // SSLHostStateDelegate class after various SSL cert decisions have been made. | 56 // SSLHostStateDelegate class after various SSL cert decisions have been made. |
| 57 IN_PROC_BROWSER_TEST_F(ChromeSSLHostStateDelegateTest, QueryPolicy) { | 57 IN_PROC_BROWSER_TEST_F(ChromeSSLHostStateDelegateTest, QueryPolicy) { |
| 58 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); | 58 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); |
| 59 content::WebContents* tab = | 59 content::WebContents* tab = |
| 60 browser()->tab_strip_model()->GetActiveWebContents(); | 60 browser()->tab_strip_model()->GetActiveWebContents(); |
| 61 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); | 61 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
| 62 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); | 62 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); |
| 63 bool unused_value; |
| 63 | 64 |
| 64 // Verifying that all three of the certs we will be looking at are unknown | 65 // Verifying that all three of the certs we will be looking at are unknown |
| 65 // before any action has been taken. | 66 // before any action has been taken. |
| 66 EXPECT_EQ( | |
| 67 net::CertPolicy::UNKNOWN, | |
| 68 state->QueryPolicy( | |
| 69 kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | |
| 70 EXPECT_EQ(net::CertPolicy::UNKNOWN, | 67 EXPECT_EQ(net::CertPolicy::UNKNOWN, |
| 71 state->QueryPolicy( | 68 state->QueryPolicy(kWWWGoogleHost, |
| 72 kGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | 69 google_cert.get(), |
| 73 EXPECT_EQ( | 70 net::CERT_STATUS_DATE_INVALID, |
| 74 net::CertPolicy::UNKNOWN, | 71 &unused_value)); |
| 75 state->QueryPolicy( | 72 EXPECT_EQ(net::CertPolicy::UNKNOWN, |
| 76 kExampleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | 73 state->QueryPolicy(kGoogleHost, |
| 74 google_cert.get(), |
| 75 net::CERT_STATUS_DATE_INVALID, |
| 76 &unused_value)); |
| 77 EXPECT_EQ(net::CertPolicy::UNKNOWN, |
| 78 state->QueryPolicy(kExampleHost, |
| 79 google_cert.get(), |
| 80 net::CERT_STATUS_DATE_INVALID, |
| 81 &unused_value)); |
| 77 | 82 |
| 78 // Simulate a user decision to allow an invalid certificate exception for | 83 // Simulate a user decision to allow an invalid certificate exception for |
| 79 // kWWWGoogleHost. | 84 // kWWWGoogleHost. |
| 80 state->AllowCert( | 85 state->AllowCert( |
| 81 kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID); | 86 kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
| 82 | 87 |
| 83 // Verify that only kWWWGoogleHost is allowed and that the other two certs | 88 // Verify that only kWWWGoogleHost is allowed and that the other two certs |
| 84 // being tested still have no decision associated with them. | 89 // being tested still have no decision associated with them. |
| 85 EXPECT_EQ( | 90 EXPECT_EQ(net::CertPolicy::ALLOWED, |
| 86 net::CertPolicy::ALLOWED, | 91 state->QueryPolicy(kWWWGoogleHost, |
| 87 state->QueryPolicy( | 92 google_cert.get(), |
| 88 kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | 93 net::CERT_STATUS_DATE_INVALID, |
| 94 &unused_value)); |
| 89 EXPECT_EQ(net::CertPolicy::UNKNOWN, | 95 EXPECT_EQ(net::CertPolicy::UNKNOWN, |
| 90 state->QueryPolicy( | 96 state->QueryPolicy(kGoogleHost, |
| 91 kGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | 97 google_cert.get(), |
| 92 EXPECT_EQ( | 98 net::CERT_STATUS_DATE_INVALID, |
| 93 net::CertPolicy::UNKNOWN, | 99 &unused_value)); |
| 94 state->QueryPolicy( | 100 EXPECT_EQ(net::CertPolicy::UNKNOWN, |
| 95 kExampleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | 101 state->QueryPolicy(kExampleHost, |
| 102 google_cert.get(), |
| 103 net::CERT_STATUS_DATE_INVALID, |
| 104 &unused_value)); |
| 96 | 105 |
| 97 // Simulate a user decision to allow an invalid certificate exception for | 106 // Simulate a user decision to allow an invalid certificate exception for |
| 98 // kExampleHost. | 107 // kExampleHost. |
| 99 state->AllowCert( | 108 state->AllowCert( |
| 100 kExampleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID); | 109 kExampleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
| 101 | 110 |
| 102 // Verify that both kWWWGoogleHost and kExampleHost have allow exceptions | 111 // Verify that both kWWWGoogleHost and kExampleHost have allow exceptions |
| 103 // while kGoogleHost still has no associated decision. | 112 // while kGoogleHost still has no associated decision. |
| 104 EXPECT_EQ( | 113 EXPECT_EQ(net::CertPolicy::ALLOWED, |
| 105 net::CertPolicy::ALLOWED, | 114 state->QueryPolicy(kWWWGoogleHost, |
| 106 state->QueryPolicy( | 115 google_cert.get(), |
| 107 kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | 116 net::CERT_STATUS_DATE_INVALID, |
| 117 &unused_value)); |
| 108 EXPECT_EQ(net::CertPolicy::UNKNOWN, | 118 EXPECT_EQ(net::CertPolicy::UNKNOWN, |
| 109 state->QueryPolicy( | 119 state->QueryPolicy(kGoogleHost, |
| 110 kGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | 120 google_cert.get(), |
| 111 EXPECT_EQ( | 121 net::CERT_STATUS_DATE_INVALID, |
| 112 net::CertPolicy::ALLOWED, | 122 &unused_value)); |
| 113 state->QueryPolicy( | 123 EXPECT_EQ(net::CertPolicy::ALLOWED, |
| 114 kExampleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | 124 state->QueryPolicy(kExampleHost, |
| 125 google_cert.get(), |
| 126 net::CERT_STATUS_DATE_INVALID, |
| 127 &unused_value)); |
| 115 | 128 |
| 116 // Simulate a user decision to deny an invalid certificate for kExampleHost. | 129 // Simulate a user decision to deny an invalid certificate for kExampleHost. |
| 117 state->DenyCert( | 130 state->DenyCert( |
| 118 kExampleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID); | 131 kExampleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
| 119 | 132 |
| 120 // Verify that kWWWGoogleHost is allowed and kExampleHost is denied while | 133 // Verify that kWWWGoogleHost is allowed and kExampleHost is denied while |
| 121 // kGoogleHost still has no associated decision. | 134 // kGoogleHost still has no associated decision. |
| 122 EXPECT_EQ( | 135 EXPECT_EQ(net::CertPolicy::ALLOWED, |
| 123 net::CertPolicy::ALLOWED, | 136 state->QueryPolicy(kWWWGoogleHost, |
| 124 state->QueryPolicy( | 137 google_cert.get(), |
| 125 kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | 138 net::CERT_STATUS_DATE_INVALID, |
| 139 &unused_value)); |
| 126 EXPECT_EQ(net::CertPolicy::UNKNOWN, | 140 EXPECT_EQ(net::CertPolicy::UNKNOWN, |
| 127 state->QueryPolicy( | 141 state->QueryPolicy(kGoogleHost, |
| 128 kGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | 142 google_cert.get(), |
| 129 EXPECT_EQ( | 143 net::CERT_STATUS_DATE_INVALID, |
| 130 net::CertPolicy::DENIED, | 144 &unused_value)); |
| 131 state->QueryPolicy( | 145 EXPECT_EQ(net::CertPolicy::DENIED, |
| 132 kExampleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | 146 state->QueryPolicy(kExampleHost, |
| 147 google_cert.get(), |
| 148 net::CERT_STATUS_DATE_INVALID, |
| 149 &unused_value)); |
| 133 } | 150 } |
| 134 | 151 |
| 135 // HasPolicyAndRevoke unit tests the expected behavior of calling | 152 // HasPolicyAndRevoke unit tests the expected behavior of calling |
| 136 // HasUserDecision before and after calling RevokeUserDecisions on the | 153 // HasUserDecision before and after calling RevokeUserDecisions on the |
| 137 // SSLHostStateDelegate class. | 154 // SSLHostStateDelegate class. |
| 138 IN_PROC_BROWSER_TEST_F(ChromeSSLHostStateDelegateTest, HasPolicyAndRevoke) { | 155 IN_PROC_BROWSER_TEST_F(ChromeSSLHostStateDelegateTest, HasPolicyAndRevoke) { |
| 139 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); | 156 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); |
| 140 content::WebContents* tab = | 157 content::WebContents* tab = |
| 141 browser()->tab_strip_model()->GetActiveWebContents(); | 158 browser()->tab_strip_model()->GetActiveWebContents(); |
| 142 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); | 159 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
| 143 ChromeSSLHostStateDelegate* state = | 160 ChromeSSLHostStateDelegate* state = |
| 144 ChromeSSLHostStateDelegateFactory::GetForProfile(profile); | 161 ChromeSSLHostStateDelegateFactory::GetForProfile(profile); |
| 162 bool unused_value; |
| 145 | 163 |
| 146 // Simulate a user decision to allow an invalid certificate exception for | 164 // Simulate a user decision to allow an invalid certificate exception for |
| 147 // kWWWGoogleHost and for kExampleHost. | 165 // kWWWGoogleHost and for kExampleHost. |
| 148 state->AllowCert( | 166 state->AllowCert( |
| 149 kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID); | 167 kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
| 150 state->AllowCert( | 168 state->AllowCert( |
| 151 kExampleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID); | 169 kExampleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
| 152 | 170 |
| 153 // Verify that HasUserDecision correctly acknowledges that a user decision has | 171 // Verify that HasUserDecision correctly acknowledges that a user decision has |
| 154 // been made about kWWWGoogleHost. Then verify that HasUserDecision correctly | 172 // been made about kWWWGoogleHost. Then verify that HasUserDecision correctly |
| 155 // identifies that the decision has been revoked. | 173 // identifies that the decision has been revoked. |
| 156 EXPECT_TRUE(state->HasUserDecision(kWWWGoogleHost)); | 174 EXPECT_TRUE(state->HasUserDecision(kWWWGoogleHost)); |
| 157 state->RevokeUserDecisions(kWWWGoogleHost); | 175 state->RevokeUserDecisions(kWWWGoogleHost); |
| 158 EXPECT_FALSE(state->HasUserDecision(kWWWGoogleHost)); | 176 EXPECT_FALSE(state->HasUserDecision(kWWWGoogleHost)); |
| 159 EXPECT_EQ( | 177 EXPECT_EQ(net::CertPolicy::UNKNOWN, |
| 160 net::CertPolicy::UNKNOWN, | 178 state->QueryPolicy(kWWWGoogleHost, |
| 161 state->QueryPolicy( | 179 google_cert.get(), |
| 162 kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | 180 net::CERT_STATUS_DATE_INVALID, |
| 181 &unused_value)); |
| 163 | 182 |
| 164 // Verify that the revocation of the kWWWGoogleHost decision does not affect | 183 // Verify that the revocation of the kWWWGoogleHost decision does not affect |
| 165 // the Allow for kExampleHost. | 184 // the Allow for kExampleHost. |
| 166 EXPECT_TRUE(state->HasUserDecision(kExampleHost)); | 185 EXPECT_TRUE(state->HasUserDecision(kExampleHost)); |
| 167 | 186 |
| 168 // Verify the revocation of the kWWWGoogleHost decision does not affect the | 187 // Verify the revocation of the kWWWGoogleHost decision does not affect the |
| 169 // non-decision for kGoogleHost. Then verify that a revocation of a URL with | 188 // non-decision for kGoogleHost. Then verify that a revocation of a URL with |
| 170 // no decision has no effect. | 189 // no decision has no effect. |
| 171 EXPECT_FALSE(state->HasUserDecision(kGoogleHost)); | 190 EXPECT_FALSE(state->HasUserDecision(kGoogleHost)); |
| 172 state->RevokeUserDecisions(kGoogleHost); | 191 state->RevokeUserDecisions(kGoogleHost); |
| 173 EXPECT_FALSE(state->HasUserDecision(kGoogleHost)); | 192 EXPECT_FALSE(state->HasUserDecision(kGoogleHost)); |
| 174 } | 193 } |
| 175 | 194 |
| 176 // Clear unit tests the expected behavior of calling Clear to forget all cert | 195 // Clear unit tests the expected behavior of calling Clear to forget all cert |
| 177 // decision state on the SSLHostStateDelegate class. | 196 // decision state on the SSLHostStateDelegate class. |
| 178 IN_PROC_BROWSER_TEST_F(ChromeSSLHostStateDelegateTest, Clear) { | 197 IN_PROC_BROWSER_TEST_F(ChromeSSLHostStateDelegateTest, Clear) { |
| 179 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); | 198 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); |
| 180 content::WebContents* tab = | 199 content::WebContents* tab = |
| 181 browser()->tab_strip_model()->GetActiveWebContents(); | 200 browser()->tab_strip_model()->GetActiveWebContents(); |
| 182 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); | 201 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
| 183 ChromeSSLHostStateDelegate* state = | 202 ChromeSSLHostStateDelegate* state = |
| 184 ChromeSSLHostStateDelegateFactory::GetForProfile(profile); | 203 ChromeSSLHostStateDelegateFactory::GetForProfile(profile); |
| 204 bool unused_value; |
| 185 | 205 |
| 186 // Simulate a user decision to allow an invalid certificate exception for | 206 // Simulate a user decision to allow an invalid certificate exception for |
| 187 // kWWWGoogleHost and for kExampleHost. | 207 // kWWWGoogleHost and for kExampleHost. |
| 188 state->AllowCert( | 208 state->AllowCert( |
| 189 kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID); | 209 kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
| 190 | 210 |
| 191 // Do a full clear, then make sure that both kWWWGoogleHost, which had a | 211 // Do a full clear, then make sure that both kWWWGoogleHost, which had a |
| 192 // decision made, and kExampleHost, which was untouched, are now in a | 212 // decision made, and kExampleHost, which was untouched, are now in a |
| 193 // non-decision state. | 213 // non-decision state. |
| 194 state->Clear(); | 214 state->Clear(); |
| 195 EXPECT_FALSE(state->HasUserDecision(kWWWGoogleHost)); | 215 EXPECT_FALSE(state->HasUserDecision(kWWWGoogleHost)); |
| 196 EXPECT_EQ( | 216 EXPECT_EQ(net::CertPolicy::UNKNOWN, |
| 197 net::CertPolicy::UNKNOWN, | 217 state->QueryPolicy(kWWWGoogleHost, |
| 198 state->QueryPolicy( | 218 google_cert.get(), |
| 199 kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | 219 net::CERT_STATUS_DATE_INVALID, |
| 220 &unused_value)); |
| 200 EXPECT_FALSE(state->HasUserDecision(kExampleHost)); | 221 EXPECT_FALSE(state->HasUserDecision(kExampleHost)); |
| 201 EXPECT_EQ( | 222 EXPECT_EQ(net::CertPolicy::UNKNOWN, |
| 202 net::CertPolicy::UNKNOWN, | 223 state->QueryPolicy(kExampleHost, |
| 203 state->QueryPolicy( | 224 google_cert.get(), |
| 204 kExampleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | 225 net::CERT_STATUS_DATE_INVALID, |
| 226 &unused_value)); |
| 205 } | 227 } |
| 206 | 228 |
| 207 // DidHostRunInsecureContent unit tests the expected behavior of calling | 229 // DidHostRunInsecureContent unit tests the expected behavior of calling |
| 208 // DidHostRunInsecureContent as well as HostRanInsecureContent to check if | 230 // DidHostRunInsecureContent as well as HostRanInsecureContent to check if |
| 209 // insecure content has been run and to mark it as such. | 231 // insecure content has been run and to mark it as such. |
| 210 IN_PROC_BROWSER_TEST_F(ChromeSSLHostStateDelegateTest, | 232 IN_PROC_BROWSER_TEST_F(ChromeSSLHostStateDelegateTest, |
| 211 DidHostRunInsecureContent) { | 233 DidHostRunInsecureContent) { |
| 212 content::WebContents* tab = | 234 content::WebContents* tab = |
| 213 browser()->tab_strip_model()->GetActiveWebContents(); | 235 browser()->tab_strip_model()->GetActiveWebContents(); |
| 214 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); | 236 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
| (...skipping 26 matching lines...) Expand all Loading... |
| 241 kDeltaSecondsString); | 263 kDeltaSecondsString); |
| 242 } | 264 } |
| 243 }; | 265 }; |
| 244 | 266 |
| 245 IN_PROC_BROWSER_TEST_F(IncognitoSSLHostStateDelegateTest, PRE_AfterRestart) { | 267 IN_PROC_BROWSER_TEST_F(IncognitoSSLHostStateDelegateTest, PRE_AfterRestart) { |
| 246 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); | 268 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); |
| 247 content::WebContents* tab = | 269 content::WebContents* tab = |
| 248 browser()->tab_strip_model()->GetActiveWebContents(); | 270 browser()->tab_strip_model()->GetActiveWebContents(); |
| 249 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); | 271 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
| 250 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); | 272 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); |
| 273 bool unused_value; |
| 251 | 274 |
| 252 // Add a cert exception to the profile and then verify that it still exists | 275 // Add a cert exception to the profile and then verify that it still exists |
| 253 // in the incognito profile. | 276 // in the incognito profile. |
| 254 state->AllowCert( | 277 state->AllowCert( |
| 255 kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID); | 278 kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
| 256 | 279 |
| 257 scoped_ptr<Profile> incognito(profile->CreateOffTheRecordProfile()); | 280 scoped_ptr<Profile> incognito(profile->CreateOffTheRecordProfile()); |
| 258 content::SSLHostStateDelegate* incognito_state = | 281 content::SSLHostStateDelegate* incognito_state = |
| 259 incognito->GetSSLHostStateDelegate(); | 282 incognito->GetSSLHostStateDelegate(); |
| 260 | 283 |
| 261 EXPECT_EQ( | 284 EXPECT_EQ(net::CertPolicy::ALLOWED, |
| 262 net::CertPolicy::ALLOWED, | 285 incognito_state->QueryPolicy(kWWWGoogleHost, |
| 263 incognito_state->QueryPolicy( | 286 google_cert.get(), |
| 264 kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | 287 net::CERT_STATUS_DATE_INVALID, |
| 288 &unused_value)); |
| 265 | 289 |
| 266 // Add a cert exception to the incognito profile. It will be checked after | 290 // Add a cert exception to the incognito profile. It will be checked after |
| 267 // restart that this exception does not exist. Note the different cert URL and | 291 // restart that this exception does not exist. Note the different cert URL and |
| 268 // error than above thus mapping to a second exception. Also validate that it | 292 // error than above thus mapping to a second exception. Also validate that it |
| 269 // was not added as an exception to the regular profile. | 293 // was not added as an exception to the regular profile. |
| 270 incognito_state->AllowCert( | 294 incognito_state->AllowCert( |
| 271 kGoogleHost, google_cert.get(), net::CERT_STATUS_COMMON_NAME_INVALID); | 295 kGoogleHost, google_cert.get(), net::CERT_STATUS_COMMON_NAME_INVALID); |
| 272 | 296 |
| 273 EXPECT_EQ(net::CertPolicy::UNKNOWN, | 297 EXPECT_EQ(net::CertPolicy::UNKNOWN, |
| 274 state->QueryPolicy(kGoogleHost, | 298 state->QueryPolicy(kGoogleHost, |
| 275 google_cert.get(), | 299 google_cert.get(), |
| 276 net::CERT_STATUS_COMMON_NAME_INVALID)); | 300 net::CERT_STATUS_COMMON_NAME_INVALID, |
| 301 &unused_value)); |
| 277 } | 302 } |
| 278 | 303 |
| 279 // AfterRestart ensures that any cert decisions made in an incognito profile are | 304 // AfterRestart ensures that any cert decisions made in an incognito profile are |
| 280 // forgetten after a session restart even if given a command line flag to | 305 // forgetten after a session restart even if given a command line flag to |
| 281 // remember cert decisions after restart. | 306 // remember cert decisions after restart. |
| 282 IN_PROC_BROWSER_TEST_F(IncognitoSSLHostStateDelegateTest, AfterRestart) { | 307 IN_PROC_BROWSER_TEST_F(IncognitoSSLHostStateDelegateTest, AfterRestart) { |
| 283 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); | 308 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); |
| 284 content::WebContents* tab = | 309 content::WebContents* tab = |
| 285 browser()->tab_strip_model()->GetActiveWebContents(); | 310 browser()->tab_strip_model()->GetActiveWebContents(); |
| 286 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); | 311 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
| 287 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); | 312 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); |
| 313 bool unused_value; |
| 288 | 314 |
| 289 // Verify that the exception added before restart to the regular | 315 // Verify that the exception added before restart to the regular |
| 290 // (non-incognito) profile still exists and was not cleared after the | 316 // (non-incognito) profile still exists and was not cleared after the |
| 291 // incognito session ended. | 317 // incognito session ended. |
| 292 EXPECT_EQ( | 318 EXPECT_EQ(net::CertPolicy::ALLOWED, |
| 293 net::CertPolicy::ALLOWED, | 319 state->QueryPolicy(kWWWGoogleHost, |
| 294 state->QueryPolicy( | 320 google_cert.get(), |
| 295 kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | 321 net::CERT_STATUS_DATE_INVALID, |
| 322 &unused_value)); |
| 296 | 323 |
| 297 scoped_ptr<Profile> incognito(profile->CreateOffTheRecordProfile()); | 324 scoped_ptr<Profile> incognito(profile->CreateOffTheRecordProfile()); |
| 298 content::SSLHostStateDelegate* incognito_state = | 325 content::SSLHostStateDelegate* incognito_state = |
| 299 incognito->GetSSLHostStateDelegate(); | 326 incognito->GetSSLHostStateDelegate(); |
| 300 | 327 |
| 301 // Verify that the exception added before restart to the incognito profile was | 328 // Verify that the exception added before restart to the incognito profile was |
| 302 // cleared when the incognito session ended. | 329 // cleared when the incognito session ended. |
| 303 EXPECT_EQ(net::CertPolicy::UNKNOWN, | 330 EXPECT_EQ(net::CertPolicy::UNKNOWN, |
| 304 incognito_state->QueryPolicy(kGoogleHost, | 331 incognito_state->QueryPolicy(kGoogleHost, |
| 305 google_cert.get(), | 332 google_cert.get(), |
| 306 net::CERT_STATUS_COMMON_NAME_INVALID)); | 333 net::CERT_STATUS_COMMON_NAME_INVALID, |
| 334 &unused_value)); |
| 307 } | 335 } |
| 308 | 336 |
| 309 // Tests to make sure that if the remember value is set to -1, any decisions | 337 // Tests to make sure that if the remember value is set to -1, any decisions |
| 310 // won't be remembered over a restart. | 338 // won't be remembered over a restart. |
| 311 class ForGetSSLHostStateDelegateTest : public ChromeSSLHostStateDelegateTest { | 339 class ForGetSSLHostStateDelegateTest : public ChromeSSLHostStateDelegateTest { |
| 312 protected: | 340 protected: |
| 313 virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE { | 341 virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE { |
| 314 ChromeSSLHostStateDelegateTest::SetUpCommandLine(command_line); | 342 ChromeSSLHostStateDelegateTest::SetUpCommandLine(command_line); |
| 315 command_line->AppendSwitchASCII(switches::kRememberCertErrorDecisions, | 343 command_line->AppendSwitchASCII(switches::kRememberCertErrorDecisions, |
| 316 kForgetAtSessionEnd); | 344 kForgetAtSessionEnd); |
| 317 } | 345 } |
| 318 }; | 346 }; |
| 319 | 347 |
| 320 IN_PROC_BROWSER_TEST_F(ForGetSSLHostStateDelegateTest, PRE_AfterRestart) { | 348 IN_PROC_BROWSER_TEST_F(ForGetSSLHostStateDelegateTest, PRE_AfterRestart) { |
| 321 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); | 349 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); |
| 322 content::WebContents* tab = | 350 content::WebContents* tab = |
| 323 browser()->tab_strip_model()->GetActiveWebContents(); | 351 browser()->tab_strip_model()->GetActiveWebContents(); |
| 324 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); | 352 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
| 325 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); | 353 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); |
| 354 bool unused_value; |
| 326 | 355 |
| 327 state->AllowCert( | 356 state->AllowCert( |
| 328 kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID); | 357 kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
| 329 EXPECT_EQ( | 358 EXPECT_EQ(net::CertPolicy::ALLOWED, |
| 330 net::CertPolicy::ALLOWED, | 359 state->QueryPolicy(kWWWGoogleHost, |
| 331 state->QueryPolicy( | 360 google_cert.get(), |
| 332 kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | 361 net::CERT_STATUS_DATE_INVALID, |
| 362 &unused_value)); |
| 333 } | 363 } |
| 334 | 364 |
| 335 IN_PROC_BROWSER_TEST_F(ForGetSSLHostStateDelegateTest, AfterRestart) { | 365 IN_PROC_BROWSER_TEST_F(ForGetSSLHostStateDelegateTest, AfterRestart) { |
| 336 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); | 366 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); |
| 337 content::WebContents* tab = | 367 content::WebContents* tab = |
| 338 browser()->tab_strip_model()->GetActiveWebContents(); | 368 browser()->tab_strip_model()->GetActiveWebContents(); |
| 339 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); | 369 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
| 340 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); | 370 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); |
| 371 bool unused_value; |
| 341 | 372 |
| 342 // The cert should now be |UNKONWN| because the profile is set to forget cert | 373 // The cert should now be |UNKONWN| because the profile is set to forget cert |
| 343 // exceptions after session end. | 374 // exceptions after session end. |
| 344 EXPECT_EQ( | 375 EXPECT_EQ(net::CertPolicy::UNKNOWN, |
| 345 net::CertPolicy::UNKNOWN, | 376 state->QueryPolicy(kWWWGoogleHost, |
| 346 state->QueryPolicy( | 377 google_cert.get(), |
| 347 kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | 378 net::CERT_STATUS_DATE_INVALID, |
| 379 &unused_value)); |
| 348 } | 380 } |
| 349 | 381 |
| 350 // Tests to make sure that if the remember value is set to 0, any decisions made | 382 // Tests to make sure that if the remember value is set to 0, any decisions made |
| 351 // will be forgetten immediately. | 383 // will be forgetten immediately. |
| 352 class ForgetInstantlySSLHostStateDelegateTest | 384 class ForgetInstantlySSLHostStateDelegateTest |
| 353 : public ChromeSSLHostStateDelegateTest { | 385 : public ChromeSSLHostStateDelegateTest { |
| 354 protected: | 386 protected: |
| 355 virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE { | 387 virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE { |
| 356 ChromeSSLHostStateDelegateTest::SetUpCommandLine(command_line); | 388 ChromeSSLHostStateDelegateTest::SetUpCommandLine(command_line); |
| 357 command_line->AppendSwitchASCII(switches::kRememberCertErrorDecisions, | 389 command_line->AppendSwitchASCII(switches::kRememberCertErrorDecisions, |
| 358 kForgetInstantly); | 390 kForgetInstantly); |
| 359 } | 391 } |
| 360 }; | 392 }; |
| 361 | 393 |
| 362 IN_PROC_BROWSER_TEST_F(ForgetInstantlySSLHostStateDelegateTest, | 394 IN_PROC_BROWSER_TEST_F(ForgetInstantlySSLHostStateDelegateTest, |
| 363 MakeAndForgetException) { | 395 MakeAndForgetException) { |
| 364 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); | 396 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); |
| 365 content::WebContents* tab = | 397 content::WebContents* tab = |
| 366 browser()->tab_strip_model()->GetActiveWebContents(); | 398 browser()->tab_strip_model()->GetActiveWebContents(); |
| 367 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); | 399 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
| 368 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); | 400 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); |
| 401 bool unused_value; |
| 369 | 402 |
| 370 // chrome_state takes ownership of this clock | 403 // chrome_state takes ownership of this clock |
| 371 base::SimpleTestClock* clock = new base::SimpleTestClock(); | 404 base::SimpleTestClock* clock = new base::SimpleTestClock(); |
| 372 ChromeSSLHostStateDelegate* chrome_state = | 405 ChromeSSLHostStateDelegate* chrome_state = |
| 373 static_cast<ChromeSSLHostStateDelegate*>(state); | 406 static_cast<ChromeSSLHostStateDelegate*>(state); |
| 374 chrome_state->SetClock(scoped_ptr<base::Clock>(clock)); | 407 chrome_state->SetClock(scoped_ptr<base::Clock>(clock)); |
| 375 | 408 |
| 376 // Start the clock at standard system time but do not advance at all to | 409 // Start the clock at standard system time but do not advance at all to |
| 377 // emphasize that instant forget works. | 410 // emphasize that instant forget works. |
| 378 clock->SetNow(base::Time::NowFromSystemTime()); | 411 clock->SetNow(base::Time::NowFromSystemTime()); |
| 379 | 412 |
| 380 state->AllowCert( | 413 state->AllowCert( |
| 381 kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID); | 414 kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
| 382 EXPECT_EQ( | 415 EXPECT_EQ(net::CertPolicy::UNKNOWN, |
| 383 net::CertPolicy::UNKNOWN, | 416 state->QueryPolicy(kWWWGoogleHost, |
| 384 state->QueryPolicy( | 417 google_cert.get(), |
| 385 kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | 418 net::CERT_STATUS_DATE_INVALID, |
| 419 &unused_value)); |
| 386 } | 420 } |
| 387 | 421 |
| 388 // Tests to make sure that if the remember value is set to a non-zero value0, | 422 // Tests to make sure that if the remember value is set to a non-zero value0, |
| 389 // any decisions will be remembered over a restart, but only for the length | 423 // any decisions will be remembered over a restart, but only for the length |
| 390 // specified. | 424 // specified. |
| 391 class RememberSSLHostStateDelegateTest : public ChromeSSLHostStateDelegateTest { | 425 class RememberSSLHostStateDelegateTest : public ChromeSSLHostStateDelegateTest { |
| 392 protected: | 426 protected: |
| 393 virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE { | 427 virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE { |
| 394 ChromeSSLHostStateDelegateTest::SetUpCommandLine(command_line); | 428 ChromeSSLHostStateDelegateTest::SetUpCommandLine(command_line); |
| 395 command_line->AppendSwitchASCII(switches::kRememberCertErrorDecisions, | 429 command_line->AppendSwitchASCII(switches::kRememberCertErrorDecisions, |
| 396 kDeltaSecondsString); | 430 kDeltaSecondsString); |
| 397 } | 431 } |
| 398 }; | 432 }; |
| 399 | 433 |
| 400 IN_PROC_BROWSER_TEST_F(RememberSSLHostStateDelegateTest, PRE_AfterRestart) { | 434 IN_PROC_BROWSER_TEST_F(RememberSSLHostStateDelegateTest, PRE_AfterRestart) { |
| 401 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); | 435 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); |
| 402 content::WebContents* tab = | 436 content::WebContents* tab = |
| 403 browser()->tab_strip_model()->GetActiveWebContents(); | 437 browser()->tab_strip_model()->GetActiveWebContents(); |
| 404 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); | 438 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
| 405 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); | 439 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); |
| 440 bool unused_value; |
| 406 | 441 |
| 407 state->AllowCert( | 442 state->AllowCert( |
| 408 kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID); | 443 kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
| 409 EXPECT_EQ( | 444 EXPECT_EQ(net::CertPolicy::ALLOWED, |
| 410 net::CertPolicy::ALLOWED, | 445 state->QueryPolicy(kWWWGoogleHost, |
| 411 state->QueryPolicy( | 446 google_cert.get(), |
| 412 kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | 447 net::CERT_STATUS_DATE_INVALID, |
| 448 &unused_value)); |
| 413 } | 449 } |
| 414 | 450 |
| 415 IN_PROC_BROWSER_TEST_F(RememberSSLHostStateDelegateTest, AfterRestart) { | 451 IN_PROC_BROWSER_TEST_F(RememberSSLHostStateDelegateTest, AfterRestart) { |
| 416 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); | 452 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); |
| 417 content::WebContents* tab = | 453 content::WebContents* tab = |
| 418 browser()->tab_strip_model()->GetActiveWebContents(); | 454 browser()->tab_strip_model()->GetActiveWebContents(); |
| 419 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); | 455 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
| 420 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); | 456 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); |
| 457 bool unused_value; |
| 421 | 458 |
| 422 // chrome_state takes ownership of this clock | 459 // chrome_state takes ownership of this clock |
| 423 base::SimpleTestClock* clock = new base::SimpleTestClock(); | 460 base::SimpleTestClock* clock = new base::SimpleTestClock(); |
| 424 ChromeSSLHostStateDelegate* chrome_state = | 461 ChromeSSLHostStateDelegate* chrome_state = |
| 425 static_cast<ChromeSSLHostStateDelegate*>(state); | 462 static_cast<ChromeSSLHostStateDelegate*>(state); |
| 426 chrome_state->SetClock(scoped_ptr<base::Clock>(clock)); | 463 chrome_state->SetClock(scoped_ptr<base::Clock>(clock)); |
| 427 | 464 |
| 428 // Start the clock at standard system time. | 465 // Start the clock at standard system time. |
| 429 clock->SetNow(base::Time::NowFromSystemTime()); | 466 clock->SetNow(base::Time::NowFromSystemTime()); |
| 430 | 467 |
| 431 // This should only pass if the cert was allowed before the test was restart | 468 // This should only pass if the cert was allowed before the test was restart |
| 432 // and thus has now been rememebered across browser restarts. | 469 // and thus has now been rememebered across browser restarts. |
| 433 EXPECT_EQ( | 470 EXPECT_EQ(net::CertPolicy::ALLOWED, |
| 434 net::CertPolicy::ALLOWED, | 471 state->QueryPolicy(kWWWGoogleHost, |
| 435 state->QueryPolicy( | 472 google_cert.get(), |
| 436 kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | 473 net::CERT_STATUS_DATE_INVALID, |
| 474 &unused_value)); |
| 437 | 475 |
| 438 // Simulate the clock advancing by the specified delta. | 476 // Simulate the clock advancing by the specified delta. |
| 439 clock->Advance(base::TimeDelta::FromSeconds(kDeltaOneDayInSeconds + 1)); | 477 clock->Advance(base::TimeDelta::FromSeconds(kDeltaOneDayInSeconds + 1)); |
| 440 | 478 |
| 441 // The cert should now be |UNKONWN| because the specified delta has passed. | 479 // The cert should now be |UNKONWN| because the specified delta has passed. |
| 442 EXPECT_EQ( | 480 EXPECT_EQ(net::CertPolicy::UNKNOWN, |
| 443 net::CertPolicy::UNKNOWN, | 481 state->QueryPolicy(kWWWGoogleHost, |
| 444 state->QueryPolicy( | 482 google_cert.get(), |
| 445 kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | 483 net::CERT_STATUS_DATE_INVALID, |
| 484 &unused_value)); |
| 485 } |
| 486 |
| 487 // QueryPolicyExpired unit tests to make sure that if a certificate decision has |
| 488 // expired, the return value from QueryPolicy returns the correct vaule. |
| 489 IN_PROC_BROWSER_TEST_F(RememberSSLHostStateDelegateTest, QueryPolicyExpired) { |
| 490 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); |
| 491 content::WebContents* tab = |
| 492 browser()->tab_strip_model()->GetActiveWebContents(); |
| 493 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
| 494 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); |
| 495 bool expired_previous_decision; |
| 496 |
| 497 // chrome_state takes ownership of this clock |
| 498 base::SimpleTestClock* clock = new base::SimpleTestClock(); |
| 499 ChromeSSLHostStateDelegate* chrome_state = |
| 500 static_cast<ChromeSSLHostStateDelegate*>(state); |
| 501 chrome_state->SetClock(scoped_ptr<base::Clock>(clock)); |
| 502 |
| 503 // Start the clock at standard system time but do not advance at all to |
| 504 // emphasize that instant forget works. |
| 505 clock->SetNow(base::Time::NowFromSystemTime()); |
| 506 |
| 507 // The certificate has never been seen before, so it should be UNKONWN and |
| 508 // should also indicate that it hasn't expired. |
| 509 EXPECT_EQ(net::CertPolicy::UNKNOWN, |
| 510 state->QueryPolicy(kWWWGoogleHost, |
| 511 google_cert.get(), |
| 512 net::CERT_STATUS_DATE_INVALID, |
| 513 &expired_previous_decision)); |
| 514 EXPECT_FALSE(expired_previous_decision); |
| 515 |
| 516 // After allowing the certificate, a query should say that it is allowed and |
| 517 // also specify that it hasn't expired. |
| 518 state->AllowCert( |
| 519 kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
| 520 EXPECT_EQ(net::CertPolicy::ALLOWED, |
| 521 state->QueryPolicy(kWWWGoogleHost, |
| 522 google_cert.get(), |
| 523 net::CERT_STATUS_DATE_INVALID, |
| 524 &expired_previous_decision)); |
| 525 EXPECT_FALSE(expired_previous_decision); |
| 526 |
| 527 // Simulate the clock advancing by the specified delta. |
| 528 clock->Advance(base::TimeDelta::FromSeconds(kDeltaOneDayInSeconds + 1)); |
| 529 |
| 530 // The decision expiration time has come, so it should indicate that the |
| 531 // certificate and error are UNKOWN but also that they expired since the last |
| 532 // query. |
| 533 EXPECT_EQ(net::CertPolicy::UNKNOWN, |
| 534 state->QueryPolicy(kWWWGoogleHost, |
| 535 google_cert.get(), |
| 536 net::CERT_STATUS_DATE_INVALID, |
| 537 &expired_previous_decision)); |
| 538 EXPECT_TRUE(expired_previous_decision); |
| 539 |
| 540 // However, with a new query, it should indicate that no new expiration has |
| 541 // occurred. |
| 542 EXPECT_EQ(net::CertPolicy::UNKNOWN, |
| 543 state->QueryPolicy(kWWWGoogleHost, |
| 544 google_cert.get(), |
| 545 net::CERT_STATUS_DATE_INVALID, |
| 546 &expired_previous_decision)); |
| 547 EXPECT_FALSE(expired_previous_decision); |
| 446 } | 548 } |
| 447 | 549 |
| 448 // Tests to make sure that if the user deletes their browser history, SSL | 550 // Tests to make sure that if the user deletes their browser history, SSL |
| 449 // exceptions will be deleted as well. | 551 // exceptions will be deleted as well. |
| 450 class RemoveBrowsingHistorySSLHostStateDelegateTest | 552 class RemoveBrowsingHistorySSLHostStateDelegateTest |
| 451 : public ChromeSSLHostStateDelegateTest { | 553 : public ChromeSSLHostStateDelegateTest { |
| 452 public: | 554 public: |
| 453 void RemoveAndWait(Profile* profile) { | 555 void RemoveAndWait(Profile* profile) { |
| 454 BrowsingDataRemover* remover = BrowsingDataRemover::CreateForPeriod( | 556 BrowsingDataRemover* remover = BrowsingDataRemover::CreateForPeriod( |
| 455 profile, BrowsingDataRemover::LAST_HOUR); | 557 profile, BrowsingDataRemover::LAST_HOUR); |
| 456 BrowsingDataRemoverCompletionObserver completion_observer(remover); | 558 BrowsingDataRemoverCompletionObserver completion_observer(remover); |
| 457 remover->Remove(BrowsingDataRemover::REMOVE_HISTORY, | 559 remover->Remove(BrowsingDataRemover::REMOVE_HISTORY, |
| 458 BrowsingDataHelper::UNPROTECTED_WEB); | 560 BrowsingDataHelper::UNPROTECTED_WEB); |
| 459 completion_observer.BlockUntilCompletion(); | 561 completion_observer.BlockUntilCompletion(); |
| 460 } | 562 } |
| 461 }; | 563 }; |
| 462 | 564 |
| 463 IN_PROC_BROWSER_TEST_F(RemoveBrowsingHistorySSLHostStateDelegateTest, | 565 IN_PROC_BROWSER_TEST_F(RemoveBrowsingHistorySSLHostStateDelegateTest, |
| 464 DeleteHistory) { | 566 DeleteHistory) { |
| 465 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); | 567 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); |
| 466 content::WebContents* tab = | 568 content::WebContents* tab = |
| 467 browser()->tab_strip_model()->GetActiveWebContents(); | 569 browser()->tab_strip_model()->GetActiveWebContents(); |
| 468 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); | 570 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
| 469 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); | 571 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); |
| 572 bool unused_value; |
| 470 | 573 |
| 471 // Add an exception for an invalid certificate. Then remove the last hour's | 574 // Add an exception for an invalid certificate. Then remove the last hour's |
| 472 // worth of browsing history and verify that the exception has been deleted. | 575 // worth of browsing history and verify that the exception has been deleted. |
| 473 state->AllowCert( | 576 state->AllowCert( |
| 474 kGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID); | 577 kGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
| 475 RemoveAndWait(profile); | 578 RemoveAndWait(profile); |
| 476 EXPECT_EQ(net::CertPolicy::UNKNOWN, | 579 EXPECT_EQ(net::CertPolicy::UNKNOWN, |
| 477 state->QueryPolicy( | 580 state->QueryPolicy(kGoogleHost, |
| 478 kGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | 581 google_cert.get(), |
| 582 net::CERT_STATUS_DATE_INVALID, |
| 583 &unused_value)); |
| 479 } | 584 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 450833002:
Add additional UMA stats for remembering certificate decisions. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src