| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <stdint.h> | 5 #include <stdint.h> |
| 6 | 6 |
| 7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
| 8 #include "base/strings/string_number_conversions.h" | 8 #include "base/strings/string_number_conversions.h" |
| 9 #include "base/test/simple_test_clock.h" | 9 #include "base/test/simple_test_clock.h" |
| 10 #include "chrome/browser/browsing_data/browsing_data_helper.h" | 10 #include "chrome/browser/browsing_data/browsing_data_helper.h" |
| (...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 52 // ChromeSSLHostStateDelegate which is provided per-profile. | 52 // ChromeSSLHostStateDelegate which is provided per-profile. |
| 53 // | 53 // |
| 54 // QueryPolicy unit tests the expected behavior of calling QueryPolicy on the | 54 // QueryPolicy unit tests the expected behavior of calling QueryPolicy on the |
| 55 // SSLHostStateDelegate class after various SSL cert decisions have been made. | 55 // SSLHostStateDelegate class after various SSL cert decisions have been made. |
| 56 IN_PROC_BROWSER_TEST_F(ChromeSSLHostStateDelegateTest, QueryPolicy) { | 56 IN_PROC_BROWSER_TEST_F(ChromeSSLHostStateDelegateTest, QueryPolicy) { |
| 57 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); | 57 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); |
| 58 content::WebContents* tab = | 58 content::WebContents* tab = |
| 59 browser()->tab_strip_model()->GetActiveWebContents(); | 59 browser()->tab_strip_model()->GetActiveWebContents(); |
| 60 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); | 60 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
| 61 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); | 61 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); |
| 62 bool unused_value; |
| 62 | 63 |
| 63 // Verifying that all three of the certs we will be looking at are unknown | 64 // Verifying that all three of the certs we will be looking at are unknown |
| 64 // before any action has been taken. | 65 // before any action has been taken. |
| 65 EXPECT_EQ( | |
| 66 net::CertPolicy::UNKNOWN, | |
| 67 state->QueryPolicy( | |
| 68 kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | |
| 69 EXPECT_EQ(net::CertPolicy::UNKNOWN, | 66 EXPECT_EQ(net::CertPolicy::UNKNOWN, |
| 70 state->QueryPolicy( | 67 state->QueryPolicy(kWWWGoogleHost, |
| 71 kGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | 68 google_cert.get(), |
| 72 EXPECT_EQ( | 69 net::CERT_STATUS_DATE_INVALID, |
| 73 net::CertPolicy::UNKNOWN, | 70 &unused_value)); |
| 74 state->QueryPolicy( | 71 EXPECT_EQ(net::CertPolicy::UNKNOWN, |
| 75 kExampleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | 72 state->QueryPolicy(kGoogleHost, |
| 73 google_cert.get(), |
| 74 net::CERT_STATUS_DATE_INVALID, |
| 75 &unused_value)); |
| 76 EXPECT_EQ(net::CertPolicy::UNKNOWN, |
| 77 state->QueryPolicy(kExampleHost, |
| 78 google_cert.get(), |
| 79 net::CERT_STATUS_DATE_INVALID, |
| 80 &unused_value)); |
| 76 | 81 |
| 77 // Simulate a user decision to allow an invalid certificate exception for | 82 // Simulate a user decision to allow an invalid certificate exception for |
| 78 // kWWWGoogleHost. | 83 // kWWWGoogleHost. |
| 79 state->AllowCert( | 84 state->AllowCert( |
| 80 kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID); | 85 kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
| 81 | 86 |
| 82 // Verify that only kWWWGoogleHost is allowed and that the other two certs | 87 // Verify that only kWWWGoogleHost is allowed and that the other two certs |
| 83 // being tested still have no decision associated with them. | 88 // being tested still have no decision associated with them. |
| 84 EXPECT_EQ( | 89 EXPECT_EQ(net::CertPolicy::ALLOWED, |
| 85 net::CertPolicy::ALLOWED, | 90 state->QueryPolicy(kWWWGoogleHost, |
| 86 state->QueryPolicy( | 91 google_cert.get(), |
| 87 kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | 92 net::CERT_STATUS_DATE_INVALID, |
| 93 &unused_value)); |
| 88 EXPECT_EQ(net::CertPolicy::UNKNOWN, | 94 EXPECT_EQ(net::CertPolicy::UNKNOWN, |
| 89 state->QueryPolicy( | 95 state->QueryPolicy(kGoogleHost, |
| 90 kGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | 96 google_cert.get(), |
| 91 EXPECT_EQ( | 97 net::CERT_STATUS_DATE_INVALID, |
| 92 net::CertPolicy::UNKNOWN, | 98 &unused_value)); |
| 93 state->QueryPolicy( | 99 EXPECT_EQ(net::CertPolicy::UNKNOWN, |
| 94 kExampleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | 100 state->QueryPolicy(kExampleHost, |
| 101 google_cert.get(), |
| 102 net::CERT_STATUS_DATE_INVALID, |
| 103 &unused_value)); |
| 95 | 104 |
| 96 // Simulate a user decision to allow an invalid certificate exception for | 105 // Simulate a user decision to allow an invalid certificate exception for |
| 97 // kExampleHost. | 106 // kExampleHost. |
| 98 state->AllowCert( | 107 state->AllowCert( |
| 99 kExampleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID); | 108 kExampleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
| 100 | 109 |
| 101 // Verify that both kWWWGoogleHost and kExampleHost have allow exceptions | 110 // Verify that both kWWWGoogleHost and kExampleHost have allow exceptions |
| 102 // while kGoogleHost still has no associated decision. | 111 // while kGoogleHost still has no associated decision. |
| 103 EXPECT_EQ( | 112 EXPECT_EQ(net::CertPolicy::ALLOWED, |
| 104 net::CertPolicy::ALLOWED, | 113 state->QueryPolicy(kWWWGoogleHost, |
| 105 state->QueryPolicy( | 114 google_cert.get(), |
| 106 kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | 115 net::CERT_STATUS_DATE_INVALID, |
| 116 &unused_value)); |
| 107 EXPECT_EQ(net::CertPolicy::UNKNOWN, | 117 EXPECT_EQ(net::CertPolicy::UNKNOWN, |
| 108 state->QueryPolicy( | 118 state->QueryPolicy(kGoogleHost, |
| 109 kGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | 119 google_cert.get(), |
| 110 EXPECT_EQ( | 120 net::CERT_STATUS_DATE_INVALID, |
| 111 net::CertPolicy::ALLOWED, | 121 &unused_value)); |
| 112 state->QueryPolicy( | 122 EXPECT_EQ(net::CertPolicy::ALLOWED, |
| 113 kExampleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | 123 state->QueryPolicy(kExampleHost, |
| 124 google_cert.get(), |
| 125 net::CERT_STATUS_DATE_INVALID, |
| 126 &unused_value)); |
| 114 | 127 |
| 115 // Simulate a user decision to deny an invalid certificate for kExampleHost. | 128 // Simulate a user decision to deny an invalid certificate for kExampleHost. |
| 116 state->DenyCert( | 129 state->DenyCert( |
| 117 kExampleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID); | 130 kExampleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
| 118 | 131 |
| 119 // Verify that kWWWGoogleHost is allowed and kExampleHost is denied while | 132 // Verify that kWWWGoogleHost is allowed and kExampleHost is denied while |
| 120 // kGoogleHost still has no associated decision. | 133 // kGoogleHost still has no associated decision. |
| 121 EXPECT_EQ( | 134 EXPECT_EQ(net::CertPolicy::ALLOWED, |
| 122 net::CertPolicy::ALLOWED, | 135 state->QueryPolicy(kWWWGoogleHost, |
| 123 state->QueryPolicy( | 136 google_cert.get(), |
| 124 kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | 137 net::CERT_STATUS_DATE_INVALID, |
| 138 &unused_value)); |
| 125 EXPECT_EQ(net::CertPolicy::UNKNOWN, | 139 EXPECT_EQ(net::CertPolicy::UNKNOWN, |
| 126 state->QueryPolicy( | 140 state->QueryPolicy(kGoogleHost, |
| 127 kGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | 141 google_cert.get(), |
| 128 EXPECT_EQ( | 142 net::CERT_STATUS_DATE_INVALID, |
| 129 net::CertPolicy::DENIED, | 143 &unused_value)); |
| 130 state->QueryPolicy( | 144 EXPECT_EQ(net::CertPolicy::DENIED, |
| 131 kExampleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | 145 state->QueryPolicy(kExampleHost, |
| 146 google_cert.get(), |
| 147 net::CERT_STATUS_DATE_INVALID, |
| 148 &unused_value)); |
| 132 } | 149 } |
| 133 | 150 |
| 134 // HasPolicyAndRevoke unit tests the expected behavior of calling | 151 // HasPolicyAndRevoke unit tests the expected behavior of calling |
| 135 // HasAllowedOrDeniedCert before and after calling RevokeAllowAndDenyPreferences | 152 // HasAllowedOrDeniedCert before and after calling RevokeAllowAndDenyPreferences |
| 136 // on the SSLHostStateDelegate class. | 153 // on the SSLHostStateDelegate class. |
| 137 IN_PROC_BROWSER_TEST_F(ChromeSSLHostStateDelegateTest, HasPolicyAndRevoke) { | 154 IN_PROC_BROWSER_TEST_F(ChromeSSLHostStateDelegateTest, HasPolicyAndRevoke) { |
| 138 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); | 155 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); |
| 139 content::WebContents* tab = | 156 content::WebContents* tab = |
| 140 browser()->tab_strip_model()->GetActiveWebContents(); | 157 browser()->tab_strip_model()->GetActiveWebContents(); |
| 141 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); | 158 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
| 142 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); | 159 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); |
| 160 bool unused_value; |
| 143 | 161 |
| 144 // Simulate a user decision to allow an invalid certificate exception for | 162 // Simulate a user decision to allow an invalid certificate exception for |
| 145 // kWWWGoogleHost and for kExampleHost. | 163 // kWWWGoogleHost and for kExampleHost. |
| 146 state->AllowCert( | 164 state->AllowCert( |
| 147 kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID); | 165 kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
| 148 state->AllowCert( | 166 state->AllowCert( |
| 149 kExampleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID); | 167 kExampleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
| 150 | 168 |
| 151 // Verify that HasAllowedOrDeniedCert correctly acknowledges that a user | 169 // Verify that HasAllowedOrDeniedCert correctly acknowledges that a user |
| 152 // decision has been made about kWWWGoogleHost. Then verify that | 170 // decision has been made about kWWWGoogleHost. Then verify that |
| 153 // HasAllowedOrDeniedCert correctly identifies that the decision has been | 171 // HasAllowedOrDeniedCert correctly identifies that the decision has been |
| 154 // revoked. | 172 // revoked. |
| 155 EXPECT_TRUE(state->HasAllowedOrDeniedCert(kWWWGoogleHost)); | 173 EXPECT_TRUE(state->HasAllowedOrDeniedCert(kWWWGoogleHost)); |
| 156 state->RevokeAllowAndDenyPreferences(kWWWGoogleHost); | 174 state->RevokeAllowAndDenyPreferences(kWWWGoogleHost); |
| 157 EXPECT_FALSE(state->HasAllowedOrDeniedCert(kWWWGoogleHost)); | 175 EXPECT_FALSE(state->HasAllowedOrDeniedCert(kWWWGoogleHost)); |
| 158 EXPECT_EQ( | 176 EXPECT_EQ(net::CertPolicy::UNKNOWN, |
| 159 net::CertPolicy::UNKNOWN, | 177 state->QueryPolicy(kWWWGoogleHost, |
| 160 state->QueryPolicy( | 178 google_cert.get(), |
| 161 kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | 179 net::CERT_STATUS_DATE_INVALID, |
| 180 &unused_value)); |
| 162 | 181 |
| 163 // Verify that the revocation of the kWWWGoogleHost decision does not affect | 182 // Verify that the revocation of the kWWWGoogleHost decision does not affect |
| 164 // the Allow for kExampleHost. | 183 // the Allow for kExampleHost. |
| 165 EXPECT_TRUE(state->HasAllowedOrDeniedCert(kExampleHost)); | 184 EXPECT_TRUE(state->HasAllowedOrDeniedCert(kExampleHost)); |
| 166 | 185 |
| 167 // Verify the revocation of the kWWWGoogleHost decision does not affect the | 186 // Verify the revocation of the kWWWGoogleHost decision does not affect the |
| 168 // non-decision for kGoogleHost. Then verify that a revocation of a URL with | 187 // non-decision for kGoogleHost. Then verify that a revocation of a URL with |
| 169 // no decision has no effect. | 188 // no decision has no effect. |
| 170 EXPECT_FALSE(state->HasAllowedOrDeniedCert(kGoogleHost)); | 189 EXPECT_FALSE(state->HasAllowedOrDeniedCert(kGoogleHost)); |
| 171 state->RevokeAllowAndDenyPreferences(kGoogleHost); | 190 state->RevokeAllowAndDenyPreferences(kGoogleHost); |
| 172 EXPECT_FALSE(state->HasAllowedOrDeniedCert(kGoogleHost)); | 191 EXPECT_FALSE(state->HasAllowedOrDeniedCert(kGoogleHost)); |
| 173 } | 192 } |
| 174 | 193 |
| 175 // Clear unit tests the expected behavior of calling Clear to forget all cert | 194 // Clear unit tests the expected behavior of calling Clear to forget all cert |
| 176 // decision state on the SSLHostStateDelegate class. | 195 // decision state on the SSLHostStateDelegate class. |
| 177 IN_PROC_BROWSER_TEST_F(ChromeSSLHostStateDelegateTest, Clear) { | 196 IN_PROC_BROWSER_TEST_F(ChromeSSLHostStateDelegateTest, Clear) { |
| 178 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); | 197 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); |
| 179 content::WebContents* tab = | 198 content::WebContents* tab = |
| 180 browser()->tab_strip_model()->GetActiveWebContents(); | 199 browser()->tab_strip_model()->GetActiveWebContents(); |
| 181 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); | 200 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
| 182 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); | 201 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); |
| 202 bool unused_value; |
| 183 | 203 |
| 184 // Simulate a user decision to allow an invalid certificate exception for | 204 // Simulate a user decision to allow an invalid certificate exception for |
| 185 // kWWWGoogleHost and for kExampleHost. | 205 // kWWWGoogleHost and for kExampleHost. |
| 186 state->AllowCert( | 206 state->AllowCert( |
| 187 kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID); | 207 kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
| 188 | 208 |
| 189 // Do a full clear, then make sure that both kWWWGoogleHost, which had a | 209 // Do a full clear, then make sure that both kWWWGoogleHost, which had a |
| 190 // decision made, and kExampleHost, which was untouched, are now in a | 210 // decision made, and kExampleHost, which was untouched, are now in a |
| 191 // non-decision state. | 211 // non-decision state. |
| 192 state->Clear(); | 212 state->Clear(); |
| 193 EXPECT_FALSE(state->HasAllowedOrDeniedCert(kWWWGoogleHost)); | 213 EXPECT_FALSE(state->HasAllowedOrDeniedCert(kWWWGoogleHost)); |
| 194 EXPECT_EQ( | 214 EXPECT_EQ(net::CertPolicy::UNKNOWN, |
| 195 net::CertPolicy::UNKNOWN, | 215 state->QueryPolicy(kWWWGoogleHost, |
| 196 state->QueryPolicy( | 216 google_cert.get(), |
| 197 kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | 217 net::CERT_STATUS_DATE_INVALID, |
| 218 &unused_value)); |
| 198 EXPECT_FALSE(state->HasAllowedOrDeniedCert(kExampleHost)); | 219 EXPECT_FALSE(state->HasAllowedOrDeniedCert(kExampleHost)); |
| 199 EXPECT_EQ( | 220 EXPECT_EQ(net::CertPolicy::UNKNOWN, |
| 200 net::CertPolicy::UNKNOWN, | 221 state->QueryPolicy(kExampleHost, |
| 201 state->QueryPolicy( | 222 google_cert.get(), |
| 202 kExampleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | 223 net::CERT_STATUS_DATE_INVALID, |
| 224 &unused_value)); |
| 203 } | 225 } |
| 204 | 226 |
| 205 // Tests the basic behavior of cert memory in incognito. | 227 // Tests the basic behavior of cert memory in incognito. |
| 206 class IncognitoSSLHostStateDelegateTest | 228 class IncognitoSSLHostStateDelegateTest |
| 207 : public ChromeSSLHostStateDelegateTest { | 229 : public ChromeSSLHostStateDelegateTest { |
| 208 protected: | 230 protected: |
| 209 virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE { | 231 virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE { |
| 210 ChromeSSLHostStateDelegateTest::SetUpCommandLine(command_line); | 232 ChromeSSLHostStateDelegateTest::SetUpCommandLine(command_line); |
| 211 command_line->AppendSwitchASCII(switches::kRememberCertErrorDecisions, | 233 command_line->AppendSwitchASCII(switches::kRememberCertErrorDecisions, |
| 212 kDeltaSecondsString); | 234 kDeltaSecondsString); |
| 213 } | 235 } |
| 214 }; | 236 }; |
| 215 | 237 |
| 216 IN_PROC_BROWSER_TEST_F(IncognitoSSLHostStateDelegateTest, PRE_AfterRestart) { | 238 IN_PROC_BROWSER_TEST_F(IncognitoSSLHostStateDelegateTest, PRE_AfterRestart) { |
| 217 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); | 239 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); |
| 218 content::WebContents* tab = | 240 content::WebContents* tab = |
| 219 browser()->tab_strip_model()->GetActiveWebContents(); | 241 browser()->tab_strip_model()->GetActiveWebContents(); |
| 220 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); | 242 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
| 221 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); | 243 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); |
| 244 bool unused_value; |
| 222 | 245 |
| 223 // Add a cert exception to the profile and then verify that it still exists | 246 // Add a cert exception to the profile and then verify that it still exists |
| 224 // in the incognito profile. | 247 // in the incognito profile. |
| 225 state->AllowCert( | 248 state->AllowCert( |
| 226 kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID); | 249 kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
| 227 | 250 |
| 228 scoped_ptr<Profile> incognito(profile->CreateOffTheRecordProfile()); | 251 scoped_ptr<Profile> incognito(profile->CreateOffTheRecordProfile()); |
| 229 content::SSLHostStateDelegate* incognito_state = | 252 content::SSLHostStateDelegate* incognito_state = |
| 230 incognito->GetSSLHostStateDelegate(); | 253 incognito->GetSSLHostStateDelegate(); |
| 231 | 254 |
| 232 EXPECT_EQ( | 255 EXPECT_EQ(net::CertPolicy::ALLOWED, |
| 233 net::CertPolicy::ALLOWED, | 256 incognito_state->QueryPolicy(kWWWGoogleHost, |
| 234 incognito_state->QueryPolicy( | 257 google_cert.get(), |
| 235 kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | 258 net::CERT_STATUS_DATE_INVALID, |
| 259 &unused_value)); |
| 236 | 260 |
| 237 // Add a cert exception to the incognito profile. It will be checked after | 261 // Add a cert exception to the incognito profile. It will be checked after |
| 238 // restart that this exception does not exist. Note the different cert URL and | 262 // restart that this exception does not exist. Note the different cert URL and |
| 239 // error than above thus mapping to a second exception. Also validate that it | 263 // error than above thus mapping to a second exception. Also validate that it |
| 240 // was not added as an exception to the regular profile. | 264 // was not added as an exception to the regular profile. |
| 241 incognito_state->AllowCert( | 265 incognito_state->AllowCert( |
| 242 kGoogleHost, google_cert.get(), net::CERT_STATUS_COMMON_NAME_INVALID); | 266 kGoogleHost, google_cert.get(), net::CERT_STATUS_COMMON_NAME_INVALID); |
| 243 | 267 |
| 244 EXPECT_EQ(net::CertPolicy::UNKNOWN, | 268 EXPECT_EQ(net::CertPolicy::UNKNOWN, |
| 245 state->QueryPolicy(kGoogleHost, | 269 state->QueryPolicy(kGoogleHost, |
| 246 google_cert.get(), | 270 google_cert.get(), |
| 247 net::CERT_STATUS_COMMON_NAME_INVALID)); | 271 net::CERT_STATUS_COMMON_NAME_INVALID, |
| 272 &unused_value)); |
| 248 } | 273 } |
| 249 | 274 |
| 250 // AfterRestart ensures that any cert decisions made in an incognito profile are | 275 // AfterRestart ensures that any cert decisions made in an incognito profile are |
| 251 // forgetten after a session restart even if given a command line flag to | 276 // forgetten after a session restart even if given a command line flag to |
| 252 // remember cert decisions after restart. | 277 // remember cert decisions after restart. |
| 253 IN_PROC_BROWSER_TEST_F(IncognitoSSLHostStateDelegateTest, AfterRestart) { | 278 IN_PROC_BROWSER_TEST_F(IncognitoSSLHostStateDelegateTest, AfterRestart) { |
| 254 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); | 279 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); |
| 255 content::WebContents* tab = | 280 content::WebContents* tab = |
| 256 browser()->tab_strip_model()->GetActiveWebContents(); | 281 browser()->tab_strip_model()->GetActiveWebContents(); |
| 257 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); | 282 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
| 258 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); | 283 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); |
| 284 bool unused_value; |
| 259 | 285 |
| 260 // Verify that the exception added before restart to the regular | 286 // Verify that the exception added before restart to the regular |
| 261 // (non-incognito) profile still exists and was not cleared after the | 287 // (non-incognito) profile still exists and was not cleared after the |
| 262 // incognito session ended. | 288 // incognito session ended. |
| 263 EXPECT_EQ( | 289 EXPECT_EQ(net::CertPolicy::ALLOWED, |
| 264 net::CertPolicy::ALLOWED, | 290 state->QueryPolicy(kWWWGoogleHost, |
| 265 state->QueryPolicy( | 291 google_cert.get(), |
| 266 kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | 292 net::CERT_STATUS_DATE_INVALID, |
| 293 &unused_value)); |
| 267 | 294 |
| 268 scoped_ptr<Profile> incognito(profile->CreateOffTheRecordProfile()); | 295 scoped_ptr<Profile> incognito(profile->CreateOffTheRecordProfile()); |
| 269 content::SSLHostStateDelegate* incognito_state = | 296 content::SSLHostStateDelegate* incognito_state = |
| 270 incognito->GetSSLHostStateDelegate(); | 297 incognito->GetSSLHostStateDelegate(); |
| 271 | 298 |
| 272 // Verify that the exception added before restart to the incognito profile was | 299 // Verify that the exception added before restart to the incognito profile was |
| 273 // cleared when the incognito session ended. | 300 // cleared when the incognito session ended. |
| 274 EXPECT_EQ(net::CertPolicy::UNKNOWN, | 301 EXPECT_EQ(net::CertPolicy::UNKNOWN, |
| 275 incognito_state->QueryPolicy(kGoogleHost, | 302 incognito_state->QueryPolicy(kGoogleHost, |
| 276 google_cert.get(), | 303 google_cert.get(), |
| 277 net::CERT_STATUS_COMMON_NAME_INVALID)); | 304 net::CERT_STATUS_COMMON_NAME_INVALID, |
| 305 &unused_value)); |
| 278 } | 306 } |
| 279 | 307 |
| 280 // Tests to make sure that if the remember value is set to -1, any decisions | 308 // Tests to make sure that if the remember value is set to -1, any decisions |
| 281 // won't be remembered over a restart. | 309 // won't be remembered over a restart. |
| 282 class ForGetSSLHostStateDelegateTest : public ChromeSSLHostStateDelegateTest { | 310 class ForGetSSLHostStateDelegateTest : public ChromeSSLHostStateDelegateTest { |
| 283 protected: | 311 protected: |
| 284 virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE { | 312 virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE { |
| 285 ChromeSSLHostStateDelegateTest::SetUpCommandLine(command_line); | 313 ChromeSSLHostStateDelegateTest::SetUpCommandLine(command_line); |
| 286 command_line->AppendSwitchASCII(switches::kRememberCertErrorDecisions, | 314 command_line->AppendSwitchASCII(switches::kRememberCertErrorDecisions, |
| 287 kForgetAtSessionEnd); | 315 kForgetAtSessionEnd); |
| 288 } | 316 } |
| 289 }; | 317 }; |
| 290 | 318 |
| 291 IN_PROC_BROWSER_TEST_F(ForGetSSLHostStateDelegateTest, PRE_AfterRestart) { | 319 IN_PROC_BROWSER_TEST_F(ForGetSSLHostStateDelegateTest, PRE_AfterRestart) { |
| 292 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); | 320 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); |
| 293 content::WebContents* tab = | 321 content::WebContents* tab = |
| 294 browser()->tab_strip_model()->GetActiveWebContents(); | 322 browser()->tab_strip_model()->GetActiveWebContents(); |
| 295 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); | 323 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
| 296 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); | 324 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); |
| 325 bool unused_value; |
| 297 | 326 |
| 298 state->AllowCert( | 327 state->AllowCert( |
| 299 kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID); | 328 kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
| 300 EXPECT_EQ( | 329 EXPECT_EQ(net::CertPolicy::ALLOWED, |
| 301 net::CertPolicy::ALLOWED, | 330 state->QueryPolicy(kWWWGoogleHost, |
| 302 state->QueryPolicy( | 331 google_cert.get(), |
| 303 kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | 332 net::CERT_STATUS_DATE_INVALID, |
| 333 &unused_value)); |
| 304 } | 334 } |
| 305 | 335 |
| 306 IN_PROC_BROWSER_TEST_F(ForGetSSLHostStateDelegateTest, AfterRestart) { | 336 IN_PROC_BROWSER_TEST_F(ForGetSSLHostStateDelegateTest, AfterRestart) { |
| 307 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); | 337 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); |
| 308 content::WebContents* tab = | 338 content::WebContents* tab = |
| 309 browser()->tab_strip_model()->GetActiveWebContents(); | 339 browser()->tab_strip_model()->GetActiveWebContents(); |
| 310 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); | 340 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
| 311 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); | 341 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); |
| 342 bool unused_value; |
| 312 | 343 |
| 313 // The cert should now be |UNKONWN| because the profile is set to forget cert | 344 // The cert should now be |UNKONWN| because the profile is set to forget cert |
| 314 // exceptions after session end. | 345 // exceptions after session end. |
| 315 EXPECT_EQ( | 346 EXPECT_EQ(net::CertPolicy::UNKNOWN, |
| 316 net::CertPolicy::UNKNOWN, | 347 state->QueryPolicy(kWWWGoogleHost, |
| 317 state->QueryPolicy( | 348 google_cert.get(), |
| 318 kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | 349 net::CERT_STATUS_DATE_INVALID, |
| 350 &unused_value)); |
| 319 } | 351 } |
| 320 | 352 |
| 321 // Tests to make sure that if the remember value is set to 0, any decisions made | 353 // Tests to make sure that if the remember value is set to 0, any decisions made |
| 322 // will be forgetten immediately. | 354 // will be forgetten immediately. |
| 323 class ForgetInstantlySSLHostStateDelegateTest | 355 class ForgetInstantlySSLHostStateDelegateTest |
| 324 : public ChromeSSLHostStateDelegateTest { | 356 : public ChromeSSLHostStateDelegateTest { |
| 325 protected: | 357 protected: |
| 326 virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE { | 358 virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE { |
| 327 ChromeSSLHostStateDelegateTest::SetUpCommandLine(command_line); | 359 ChromeSSLHostStateDelegateTest::SetUpCommandLine(command_line); |
| 328 command_line->AppendSwitchASCII(switches::kRememberCertErrorDecisions, | 360 command_line->AppendSwitchASCII(switches::kRememberCertErrorDecisions, |
| 329 kForgetInstantly); | 361 kForgetInstantly); |
| 330 } | 362 } |
| 331 }; | 363 }; |
| 332 | 364 |
| 333 IN_PROC_BROWSER_TEST_F(ForgetInstantlySSLHostStateDelegateTest, | 365 IN_PROC_BROWSER_TEST_F(ForgetInstantlySSLHostStateDelegateTest, |
| 334 MakeAndForgetException) { | 366 MakeAndForgetException) { |
| 335 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); | 367 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); |
| 336 content::WebContents* tab = | 368 content::WebContents* tab = |
| 337 browser()->tab_strip_model()->GetActiveWebContents(); | 369 browser()->tab_strip_model()->GetActiveWebContents(); |
| 338 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); | 370 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
| 339 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); | 371 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); |
| 372 bool unused_value; |
| 340 | 373 |
| 341 // chrome_state takes ownership of this clock | 374 // chrome_state takes ownership of this clock |
| 342 base::SimpleTestClock* clock = new base::SimpleTestClock(); | 375 base::SimpleTestClock* clock = new base::SimpleTestClock(); |
| 343 ChromeSSLHostStateDelegate* chrome_state = | 376 ChromeSSLHostStateDelegate* chrome_state = |
| 344 static_cast<ChromeSSLHostStateDelegate*>(state); | 377 static_cast<ChromeSSLHostStateDelegate*>(state); |
| 345 chrome_state->SetClock(scoped_ptr<base::Clock>(clock)); | 378 chrome_state->SetClock(scoped_ptr<base::Clock>(clock)); |
| 346 | 379 |
| 347 // Start the clock at standard system time but do not advance at all to | 380 // Start the clock at standard system time but do not advance at all to |
| 348 // emphasize that instant forget works. | 381 // emphasize that instant forget works. |
| 349 clock->SetNow(base::Time::NowFromSystemTime()); | 382 clock->SetNow(base::Time::NowFromSystemTime()); |
| 350 | 383 |
| 351 state->AllowCert( | 384 state->AllowCert( |
| 352 kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID); | 385 kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
| 353 EXPECT_EQ( | 386 EXPECT_EQ(net::CertPolicy::UNKNOWN, |
| 354 net::CertPolicy::UNKNOWN, | 387 state->QueryPolicy(kWWWGoogleHost, |
| 355 state->QueryPolicy( | 388 google_cert.get(), |
| 356 kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | 389 net::CERT_STATUS_DATE_INVALID, |
| 390 &unused_value)); |
| 357 } | 391 } |
| 358 | 392 |
| 359 // Tests to make sure that if the remember value is set to a non-zero value0, | 393 // Tests to make sure that if the remember value is set to a non-zero value0, |
| 360 // any decisions will be remembered over a restart, but only for the length | 394 // any decisions will be remembered over a restart, but only for the length |
| 361 // specified. | 395 // specified. |
| 362 class RememberSSLHostStateDelegateTest : public ChromeSSLHostStateDelegateTest { | 396 class RememberSSLHostStateDelegateTest : public ChromeSSLHostStateDelegateTest { |
| 363 protected: | 397 protected: |
| 364 virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE { | 398 virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE { |
| 365 ChromeSSLHostStateDelegateTest::SetUpCommandLine(command_line); | 399 ChromeSSLHostStateDelegateTest::SetUpCommandLine(command_line); |
| 366 command_line->AppendSwitchASCII(switches::kRememberCertErrorDecisions, | 400 command_line->AppendSwitchASCII(switches::kRememberCertErrorDecisions, |
| 367 kDeltaSecondsString); | 401 kDeltaSecondsString); |
| 368 } | 402 } |
| 369 }; | 403 }; |
| 370 | 404 |
| 371 IN_PROC_BROWSER_TEST_F(RememberSSLHostStateDelegateTest, PRE_AfterRestart) { | 405 IN_PROC_BROWSER_TEST_F(RememberSSLHostStateDelegateTest, PRE_AfterRestart) { |
| 372 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); | 406 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); |
| 373 content::WebContents* tab = | 407 content::WebContents* tab = |
| 374 browser()->tab_strip_model()->GetActiveWebContents(); | 408 browser()->tab_strip_model()->GetActiveWebContents(); |
| 375 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); | 409 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
| 376 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); | 410 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); |
| 411 bool unused_value; |
| 377 | 412 |
| 378 state->AllowCert( | 413 state->AllowCert( |
| 379 kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID); | 414 kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
| 380 EXPECT_EQ( | 415 EXPECT_EQ(net::CertPolicy::ALLOWED, |
| 381 net::CertPolicy::ALLOWED, | 416 state->QueryPolicy(kWWWGoogleHost, |
| 382 state->QueryPolicy( | 417 google_cert.get(), |
| 383 kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | 418 net::CERT_STATUS_DATE_INVALID, |
| 419 &unused_value)); |
| 384 } | 420 } |
| 385 | 421 |
| 386 IN_PROC_BROWSER_TEST_F(RememberSSLHostStateDelegateTest, AfterRestart) { | 422 IN_PROC_BROWSER_TEST_F(RememberSSLHostStateDelegateTest, AfterRestart) { |
| 387 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); | 423 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); |
| 388 content::WebContents* tab = | 424 content::WebContents* tab = |
| 389 browser()->tab_strip_model()->GetActiveWebContents(); | 425 browser()->tab_strip_model()->GetActiveWebContents(); |
| 390 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); | 426 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
| 391 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); | 427 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); |
| 428 bool unused_value; |
| 392 | 429 |
| 393 // chrome_state takes ownership of this clock | 430 // chrome_state takes ownership of this clock |
| 394 base::SimpleTestClock* clock = new base::SimpleTestClock(); | 431 base::SimpleTestClock* clock = new base::SimpleTestClock(); |
| 395 ChromeSSLHostStateDelegate* chrome_state = | 432 ChromeSSLHostStateDelegate* chrome_state = |
| 396 static_cast<ChromeSSLHostStateDelegate*>(state); | 433 static_cast<ChromeSSLHostStateDelegate*>(state); |
| 397 chrome_state->SetClock(scoped_ptr<base::Clock>(clock)); | 434 chrome_state->SetClock(scoped_ptr<base::Clock>(clock)); |
| 398 | 435 |
| 399 // Start the clock at standard system time. | 436 // Start the clock at standard system time. |
| 400 clock->SetNow(base::Time::NowFromSystemTime()); | 437 clock->SetNow(base::Time::NowFromSystemTime()); |
| 401 | 438 |
| 402 // This should only pass if the cert was allowed before the test was restart | 439 // This should only pass if the cert was allowed before the test was restart |
| 403 // and thus has now been rememebered across browser restarts. | 440 // and thus has now been rememebered across browser restarts. |
| 404 EXPECT_EQ( | 441 EXPECT_EQ(net::CertPolicy::ALLOWED, |
| 405 net::CertPolicy::ALLOWED, | 442 state->QueryPolicy(kWWWGoogleHost, |
| 406 state->QueryPolicy( | 443 google_cert.get(), |
| 407 kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | 444 net::CERT_STATUS_DATE_INVALID, |
| 445 &unused_value)); |
| 408 | 446 |
| 409 // Simulate the clock advancing by the specified delta. | 447 // Simulate the clock advancing by the specified delta. |
| 410 clock->Advance(base::TimeDelta::FromSeconds(kDeltaOneDayInSeconds + 1)); | 448 clock->Advance(base::TimeDelta::FromSeconds(kDeltaOneDayInSeconds + 1)); |
| 411 | 449 |
| 412 // The cert should now be |UNKONWN| because the specified delta has passed. | 450 // The cert should now be |UNKONWN| because the specified delta has passed. |
| 413 EXPECT_EQ( | 451 EXPECT_EQ(net::CertPolicy::UNKNOWN, |
| 414 net::CertPolicy::UNKNOWN, | 452 state->QueryPolicy(kWWWGoogleHost, |
| 415 state->QueryPolicy( | 453 google_cert.get(), |
| 416 kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | 454 net::CERT_STATUS_DATE_INVALID, |
| 455 &unused_value)); |
| 456 } |
| 457 |
| 458 // QueryPolicyExpired unit tests to make sure that if a certificate decision has |
| 459 // expired, the return value from QueryPolicy returns the correct vaule. |
| 460 IN_PROC_BROWSER_TEST_F(RememberSSLHostStateDelegateTest, QueryPolicyExpired) { |
| 461 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); |
| 462 content::WebContents* tab = |
| 463 browser()->tab_strip_model()->GetActiveWebContents(); |
| 464 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
| 465 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); |
| 466 bool expired_previous_decision; |
| 467 |
| 468 // chrome_state takes ownership of this clock |
| 469 base::SimpleTestClock* clock = new base::SimpleTestClock(); |
| 470 ChromeSSLHostStateDelegate* chrome_state = |
| 471 static_cast<ChromeSSLHostStateDelegate*>(state); |
| 472 chrome_state->SetClock(scoped_ptr<base::Clock>(clock)); |
| 473 |
| 474 // Start the clock at standard system time but do not advance at all to |
| 475 // emphasize that instant forget works. |
| 476 clock->SetNow(base::Time::NowFromSystemTime()); |
| 477 |
| 478 // The certificate has never been seen before, so it should be UNKONWN and |
| 479 // should also indicate that it hasn't expired. |
| 480 EXPECT_EQ(net::CertPolicy::UNKNOWN, |
| 481 state->QueryPolicy(kWWWGoogleHost, |
| 482 google_cert.get(), |
| 483 net::CERT_STATUS_DATE_INVALID, |
| 484 &expired_previous_decision)); |
| 485 EXPECT_FALSE(expired_previous_decision); |
| 486 |
| 487 // After allowing the certificate, a query should say that it is allowed and |
| 488 // also specify that it hasn't expired. |
| 489 state->AllowCert( |
| 490 kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
| 491 EXPECT_EQ(net::CertPolicy::ALLOWED, |
| 492 state->QueryPolicy(kWWWGoogleHost, |
| 493 google_cert.get(), |
| 494 net::CERT_STATUS_DATE_INVALID, |
| 495 &expired_previous_decision)); |
| 496 EXPECT_FALSE(expired_previous_decision); |
| 497 |
| 498 // Simulate the clock advancing by the specified delta. |
| 499 clock->Advance(base::TimeDelta::FromSeconds(kDeltaOneDayInSeconds + 1)); |
| 500 |
| 501 // The decision expiration time has come, so it should indicate that the |
| 502 // certificate and error are UNKOWN but also that they expired since the last |
| 503 // query. |
| 504 EXPECT_EQ(net::CertPolicy::UNKNOWN, |
| 505 state->QueryPolicy(kWWWGoogleHost, |
| 506 google_cert.get(), |
| 507 net::CERT_STATUS_DATE_INVALID, |
| 508 &expired_previous_decision)); |
| 509 EXPECT_TRUE(expired_previous_decision); |
| 510 |
| 511 // However, with a new query, it should indicate that no new expiration has |
| 512 // occurred. |
| 513 EXPECT_EQ(net::CertPolicy::UNKNOWN, |
| 514 state->QueryPolicy(kWWWGoogleHost, |
| 515 google_cert.get(), |
| 516 net::CERT_STATUS_DATE_INVALID, |
| 517 &expired_previous_decision)); |
| 518 EXPECT_FALSE(expired_previous_decision); |
| 417 } | 519 } |
| 418 | 520 |
| 419 // Tests to make sure that if the user deletes their browser history, SSL | 521 // Tests to make sure that if the user deletes their browser history, SSL |
| 420 // exceptions will be deleted as well. | 522 // exceptions will be deleted as well. |
| 421 class RemoveBrowsingHistorySSLHostStateDelegateTest | 523 class RemoveBrowsingHistorySSLHostStateDelegateTest |
| 422 : public ChromeSSLHostStateDelegateTest { | 524 : public ChromeSSLHostStateDelegateTest { |
| 423 public: | 525 public: |
| 424 void RemoveAndWait(Profile* profile) { | 526 void RemoveAndWait(Profile* profile) { |
| 425 BrowsingDataRemover* remover = BrowsingDataRemover::CreateForPeriod( | 527 BrowsingDataRemover* remover = BrowsingDataRemover::CreateForPeriod( |
| 426 profile, BrowsingDataRemover::LAST_HOUR); | 528 profile, BrowsingDataRemover::LAST_HOUR); |
| 427 BrowsingDataRemoverCompletionObserver completion_observer(remover); | 529 BrowsingDataRemoverCompletionObserver completion_observer(remover); |
| 428 remover->Remove(BrowsingDataRemover::REMOVE_HISTORY, | 530 remover->Remove(BrowsingDataRemover::REMOVE_HISTORY, |
| 429 BrowsingDataHelper::UNPROTECTED_WEB); | 531 BrowsingDataHelper::UNPROTECTED_WEB); |
| 430 completion_observer.BlockUntilCompletion(); | 532 completion_observer.BlockUntilCompletion(); |
| 431 } | 533 } |
| 432 }; | 534 }; |
| 433 | 535 |
| 434 IN_PROC_BROWSER_TEST_F(RemoveBrowsingHistorySSLHostStateDelegateTest, | 536 IN_PROC_BROWSER_TEST_F(RemoveBrowsingHistorySSLHostStateDelegateTest, |
| 435 DeleteHistory) { | 537 DeleteHistory) { |
| 436 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); | 538 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); |
| 437 content::WebContents* tab = | 539 content::WebContents* tab = |
| 438 browser()->tab_strip_model()->GetActiveWebContents(); | 540 browser()->tab_strip_model()->GetActiveWebContents(); |
| 439 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); | 541 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
| 440 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); | 542 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); |
| 543 bool unused_value; |
| 441 | 544 |
| 442 // Add an exception for an invalid certificate. Then remove the last hour's | 545 // Add an exception for an invalid certificate. Then remove the last hour's |
| 443 // worth of browsing history and verify that the exception has been deleted. | 546 // worth of browsing history and verify that the exception has been deleted. |
| 444 state->AllowCert( | 547 state->AllowCert( |
| 445 kGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID); | 548 kGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
| 446 RemoveAndWait(profile); | 549 RemoveAndWait(profile); |
| 447 EXPECT_EQ(net::CertPolicy::UNKNOWN, | 550 EXPECT_EQ(net::CertPolicy::UNKNOWN, |
| 448 state->QueryPolicy( | 551 state->QueryPolicy(kGoogleHost, |
| 449 kGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID)); | 552 google_cert.get(), |
| 553 net::CERT_STATUS_DATE_INVALID, |
| 554 &unused_value)); |
| 450 } | 555 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 450833002:
Add additional UMA stats for remembering certificate decisions. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src