| Index: chrome/browser/ssl/chrome_ssl_host_state_delegate_test.cc
|
| diff --git a/chrome/browser/ssl/chrome_ssl_host_state_delegate_test.cc b/chrome/browser/ssl/chrome_ssl_host_state_delegate_test.cc
|
| index 4daef7ec4ba438c61099bf351310a3754d5b767c..dfa4f512084ceff114b5c184e2d86b3c66ed34ff 100644
|
| --- a/chrome/browser/ssl/chrome_ssl_host_state_delegate_test.cc
|
| +++ b/chrome/browser/ssl/chrome_ssl_host_state_delegate_test.cc
|
| @@ -60,20 +60,25 @@ IN_PROC_BROWSER_TEST_F(ChromeSSLHostStateDelegateTest, QueryPolicy) {
|
| browser()->tab_strip_model()->GetActiveWebContents();
|
| Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext());
|
| content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate();
|
| + bool unused_value;
|
|
|
| // Verifying that all three of the certs we will be looking at are unknown
|
| // before any action has been taken.
|
| - EXPECT_EQ(
|
| - net::CertPolicy::UNKNOWN,
|
| - state->QueryPolicy(
|
| - kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
|
| EXPECT_EQ(net::CertPolicy::UNKNOWN,
|
| - state->QueryPolicy(
|
| - kGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
|
| - EXPECT_EQ(
|
| - net::CertPolicy::UNKNOWN,
|
| - state->QueryPolicy(
|
| - kExampleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
|
| + state->QueryPolicy(kWWWGoogleHost,
|
| + google_cert.get(),
|
| + net::CERT_STATUS_DATE_INVALID,
|
| + &unused_value));
|
| + EXPECT_EQ(net::CertPolicy::UNKNOWN,
|
| + state->QueryPolicy(kGoogleHost,
|
| + google_cert.get(),
|
| + net::CERT_STATUS_DATE_INVALID,
|
| + &unused_value));
|
| + EXPECT_EQ(net::CertPolicy::UNKNOWN,
|
| + state->QueryPolicy(kExampleHost,
|
| + google_cert.get(),
|
| + net::CERT_STATUS_DATE_INVALID,
|
| + &unused_value));
|
|
|
| // Simulate a user decision to allow an invalid certificate exception for
|
| // kWWWGoogleHost.
|
| @@ -82,17 +87,21 @@ IN_PROC_BROWSER_TEST_F(ChromeSSLHostStateDelegateTest, QueryPolicy) {
|
|
|
| // Verify that only kWWWGoogleHost is allowed and that the other two certs
|
| // being tested still have no decision associated with them.
|
| - EXPECT_EQ(
|
| - net::CertPolicy::ALLOWED,
|
| - state->QueryPolicy(
|
| - kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
|
| + EXPECT_EQ(net::CertPolicy::ALLOWED,
|
| + state->QueryPolicy(kWWWGoogleHost,
|
| + google_cert.get(),
|
| + net::CERT_STATUS_DATE_INVALID,
|
| + &unused_value));
|
| + EXPECT_EQ(net::CertPolicy::UNKNOWN,
|
| + state->QueryPolicy(kGoogleHost,
|
| + google_cert.get(),
|
| + net::CERT_STATUS_DATE_INVALID,
|
| + &unused_value));
|
| EXPECT_EQ(net::CertPolicy::UNKNOWN,
|
| - state->QueryPolicy(
|
| - kGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
|
| - EXPECT_EQ(
|
| - net::CertPolicy::UNKNOWN,
|
| - state->QueryPolicy(
|
| - kExampleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
|
| + state->QueryPolicy(kExampleHost,
|
| + google_cert.get(),
|
| + net::CERT_STATUS_DATE_INVALID,
|
| + &unused_value));
|
|
|
| // Simulate a user decision to allow an invalid certificate exception for
|
| // kExampleHost.
|
| @@ -101,17 +110,21 @@ IN_PROC_BROWSER_TEST_F(ChromeSSLHostStateDelegateTest, QueryPolicy) {
|
|
|
| // Verify that both kWWWGoogleHost and kExampleHost have allow exceptions
|
| // while kGoogleHost still has no associated decision.
|
| - EXPECT_EQ(
|
| - net::CertPolicy::ALLOWED,
|
| - state->QueryPolicy(
|
| - kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
|
| + EXPECT_EQ(net::CertPolicy::ALLOWED,
|
| + state->QueryPolicy(kWWWGoogleHost,
|
| + google_cert.get(),
|
| + net::CERT_STATUS_DATE_INVALID,
|
| + &unused_value));
|
| EXPECT_EQ(net::CertPolicy::UNKNOWN,
|
| - state->QueryPolicy(
|
| - kGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
|
| - EXPECT_EQ(
|
| - net::CertPolicy::ALLOWED,
|
| - state->QueryPolicy(
|
| - kExampleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
|
| + state->QueryPolicy(kGoogleHost,
|
| + google_cert.get(),
|
| + net::CERT_STATUS_DATE_INVALID,
|
| + &unused_value));
|
| + EXPECT_EQ(net::CertPolicy::ALLOWED,
|
| + state->QueryPolicy(kExampleHost,
|
| + google_cert.get(),
|
| + net::CERT_STATUS_DATE_INVALID,
|
| + &unused_value));
|
|
|
| // Simulate a user decision to deny an invalid certificate for kExampleHost.
|
| state->DenyCert(
|
| @@ -119,17 +132,21 @@ IN_PROC_BROWSER_TEST_F(ChromeSSLHostStateDelegateTest, QueryPolicy) {
|
|
|
| // Verify that kWWWGoogleHost is allowed and kExampleHost is denied while
|
| // kGoogleHost still has no associated decision.
|
| - EXPECT_EQ(
|
| - net::CertPolicy::ALLOWED,
|
| - state->QueryPolicy(
|
| - kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
|
| + EXPECT_EQ(net::CertPolicy::ALLOWED,
|
| + state->QueryPolicy(kWWWGoogleHost,
|
| + google_cert.get(),
|
| + net::CERT_STATUS_DATE_INVALID,
|
| + &unused_value));
|
| EXPECT_EQ(net::CertPolicy::UNKNOWN,
|
| - state->QueryPolicy(
|
| - kGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
|
| - EXPECT_EQ(
|
| - net::CertPolicy::DENIED,
|
| - state->QueryPolicy(
|
| - kExampleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
|
| + state->QueryPolicy(kGoogleHost,
|
| + google_cert.get(),
|
| + net::CERT_STATUS_DATE_INVALID,
|
| + &unused_value));
|
| + EXPECT_EQ(net::CertPolicy::DENIED,
|
| + state->QueryPolicy(kExampleHost,
|
| + google_cert.get(),
|
| + net::CERT_STATUS_DATE_INVALID,
|
| + &unused_value));
|
| }
|
|
|
| // HasPolicyAndRevoke unit tests the expected behavior of calling
|
| @@ -142,6 +159,7 @@ IN_PROC_BROWSER_TEST_F(ChromeSSLHostStateDelegateTest, HasPolicyAndRevoke) {
|
| Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext());
|
| ChromeSSLHostStateDelegate* state =
|
| ChromeSSLHostStateDelegateFactory::GetForProfile(profile);
|
| + bool unused_value;
|
|
|
| // Simulate a user decision to allow an invalid certificate exception for
|
| // kWWWGoogleHost and for kExampleHost.
|
| @@ -156,10 +174,11 @@ IN_PROC_BROWSER_TEST_F(ChromeSSLHostStateDelegateTest, HasPolicyAndRevoke) {
|
| EXPECT_TRUE(state->HasUserDecision(kWWWGoogleHost));
|
| state->RevokeUserDecisions(kWWWGoogleHost);
|
| EXPECT_FALSE(state->HasUserDecision(kWWWGoogleHost));
|
| - EXPECT_EQ(
|
| - net::CertPolicy::UNKNOWN,
|
| - state->QueryPolicy(
|
| - kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
|
| + EXPECT_EQ(net::CertPolicy::UNKNOWN,
|
| + state->QueryPolicy(kWWWGoogleHost,
|
| + google_cert.get(),
|
| + net::CERT_STATUS_DATE_INVALID,
|
| + &unused_value));
|
|
|
| // Verify that the revocation of the kWWWGoogleHost decision does not affect
|
| // the Allow for kExampleHost.
|
| @@ -182,6 +201,7 @@ IN_PROC_BROWSER_TEST_F(ChromeSSLHostStateDelegateTest, Clear) {
|
| Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext());
|
| ChromeSSLHostStateDelegate* state =
|
| ChromeSSLHostStateDelegateFactory::GetForProfile(profile);
|
| + bool unused_value;
|
|
|
| // Simulate a user decision to allow an invalid certificate exception for
|
| // kWWWGoogleHost and for kExampleHost.
|
| @@ -193,15 +213,17 @@ IN_PROC_BROWSER_TEST_F(ChromeSSLHostStateDelegateTest, Clear) {
|
| // non-decision state.
|
| state->Clear();
|
| EXPECT_FALSE(state->HasUserDecision(kWWWGoogleHost));
|
| - EXPECT_EQ(
|
| - net::CertPolicy::UNKNOWN,
|
| - state->QueryPolicy(
|
| - kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
|
| + EXPECT_EQ(net::CertPolicy::UNKNOWN,
|
| + state->QueryPolicy(kWWWGoogleHost,
|
| + google_cert.get(),
|
| + net::CERT_STATUS_DATE_INVALID,
|
| + &unused_value));
|
| EXPECT_FALSE(state->HasUserDecision(kExampleHost));
|
| - EXPECT_EQ(
|
| - net::CertPolicy::UNKNOWN,
|
| - state->QueryPolicy(
|
| - kExampleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
|
| + EXPECT_EQ(net::CertPolicy::UNKNOWN,
|
| + state->QueryPolicy(kExampleHost,
|
| + google_cert.get(),
|
| + net::CERT_STATUS_DATE_INVALID,
|
| + &unused_value));
|
| }
|
|
|
| // DidHostRunInsecureContent unit tests the expected behavior of calling
|
| @@ -248,6 +270,7 @@ IN_PROC_BROWSER_TEST_F(IncognitoSSLHostStateDelegateTest, PRE_AfterRestart) {
|
| browser()->tab_strip_model()->GetActiveWebContents();
|
| Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext());
|
| content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate();
|
| + bool unused_value;
|
|
|
| // Add a cert exception to the profile and then verify that it still exists
|
| // in the incognito profile.
|
| @@ -258,10 +281,11 @@ IN_PROC_BROWSER_TEST_F(IncognitoSSLHostStateDelegateTest, PRE_AfterRestart) {
|
| content::SSLHostStateDelegate* incognito_state =
|
| incognito->GetSSLHostStateDelegate();
|
|
|
| - EXPECT_EQ(
|
| - net::CertPolicy::ALLOWED,
|
| - incognito_state->QueryPolicy(
|
| - kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
|
| + EXPECT_EQ(net::CertPolicy::ALLOWED,
|
| + incognito_state->QueryPolicy(kWWWGoogleHost,
|
| + google_cert.get(),
|
| + net::CERT_STATUS_DATE_INVALID,
|
| + &unused_value));
|
|
|
| // Add a cert exception to the incognito profile. It will be checked after
|
| // restart that this exception does not exist. Note the different cert URL and
|
| @@ -273,7 +297,8 @@ IN_PROC_BROWSER_TEST_F(IncognitoSSLHostStateDelegateTest, PRE_AfterRestart) {
|
| EXPECT_EQ(net::CertPolicy::UNKNOWN,
|
| state->QueryPolicy(kGoogleHost,
|
| google_cert.get(),
|
| - net::CERT_STATUS_COMMON_NAME_INVALID));
|
| + net::CERT_STATUS_COMMON_NAME_INVALID,
|
| + &unused_value));
|
| }
|
|
|
| // AfterRestart ensures that any cert decisions made in an incognito profile are
|
| @@ -285,14 +310,16 @@ IN_PROC_BROWSER_TEST_F(IncognitoSSLHostStateDelegateTest, AfterRestart) {
|
| browser()->tab_strip_model()->GetActiveWebContents();
|
| Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext());
|
| content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate();
|
| + bool unused_value;
|
|
|
| // Verify that the exception added before restart to the regular
|
| // (non-incognito) profile still exists and was not cleared after the
|
| // incognito session ended.
|
| - EXPECT_EQ(
|
| - net::CertPolicy::ALLOWED,
|
| - state->QueryPolicy(
|
| - kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
|
| + EXPECT_EQ(net::CertPolicy::ALLOWED,
|
| + state->QueryPolicy(kWWWGoogleHost,
|
| + google_cert.get(),
|
| + net::CERT_STATUS_DATE_INVALID,
|
| + &unused_value));
|
|
|
| scoped_ptr<Profile> incognito(profile->CreateOffTheRecordProfile());
|
| content::SSLHostStateDelegate* incognito_state =
|
| @@ -303,7 +330,8 @@ IN_PROC_BROWSER_TEST_F(IncognitoSSLHostStateDelegateTest, AfterRestart) {
|
| EXPECT_EQ(net::CertPolicy::UNKNOWN,
|
| incognito_state->QueryPolicy(kGoogleHost,
|
| google_cert.get(),
|
| - net::CERT_STATUS_COMMON_NAME_INVALID));
|
| + net::CERT_STATUS_COMMON_NAME_INVALID,
|
| + &unused_value));
|
| }
|
|
|
| // Tests to make sure that if the remember value is set to -1, any decisions
|
| @@ -323,13 +351,15 @@ IN_PROC_BROWSER_TEST_F(ForGetSSLHostStateDelegateTest, PRE_AfterRestart) {
|
| browser()->tab_strip_model()->GetActiveWebContents();
|
| Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext());
|
| content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate();
|
| + bool unused_value;
|
|
|
| state->AllowCert(
|
| kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID);
|
| - EXPECT_EQ(
|
| - net::CertPolicy::ALLOWED,
|
| - state->QueryPolicy(
|
| - kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
|
| + EXPECT_EQ(net::CertPolicy::ALLOWED,
|
| + state->QueryPolicy(kWWWGoogleHost,
|
| + google_cert.get(),
|
| + net::CERT_STATUS_DATE_INVALID,
|
| + &unused_value));
|
| }
|
|
|
| IN_PROC_BROWSER_TEST_F(ForGetSSLHostStateDelegateTest, AfterRestart) {
|
| @@ -338,13 +368,15 @@ IN_PROC_BROWSER_TEST_F(ForGetSSLHostStateDelegateTest, AfterRestart) {
|
| browser()->tab_strip_model()->GetActiveWebContents();
|
| Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext());
|
| content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate();
|
| + bool unused_value;
|
|
|
| // The cert should now be |UNKONWN| because the profile is set to forget cert
|
| // exceptions after session end.
|
| - EXPECT_EQ(
|
| - net::CertPolicy::UNKNOWN,
|
| - state->QueryPolicy(
|
| - kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
|
| + EXPECT_EQ(net::CertPolicy::UNKNOWN,
|
| + state->QueryPolicy(kWWWGoogleHost,
|
| + google_cert.get(),
|
| + net::CERT_STATUS_DATE_INVALID,
|
| + &unused_value));
|
| }
|
|
|
| // Tests to make sure that if the remember value is set to 0, any decisions made
|
| @@ -366,6 +398,7 @@ IN_PROC_BROWSER_TEST_F(ForgetInstantlySSLHostStateDelegateTest,
|
| browser()->tab_strip_model()->GetActiveWebContents();
|
| Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext());
|
| content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate();
|
| + bool unused_value;
|
|
|
| // chrome_state takes ownership of this clock
|
| base::SimpleTestClock* clock = new base::SimpleTestClock();
|
| @@ -379,10 +412,11 @@ IN_PROC_BROWSER_TEST_F(ForgetInstantlySSLHostStateDelegateTest,
|
|
|
| state->AllowCert(
|
| kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID);
|
| - EXPECT_EQ(
|
| - net::CertPolicy::UNKNOWN,
|
| - state->QueryPolicy(
|
| - kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
|
| + EXPECT_EQ(net::CertPolicy::UNKNOWN,
|
| + state->QueryPolicy(kWWWGoogleHost,
|
| + google_cert.get(),
|
| + net::CERT_STATUS_DATE_INVALID,
|
| + &unused_value));
|
| }
|
|
|
| // Tests to make sure that if the remember value is set to a non-zero value0,
|
| @@ -403,13 +437,15 @@ IN_PROC_BROWSER_TEST_F(RememberSSLHostStateDelegateTest, PRE_AfterRestart) {
|
| browser()->tab_strip_model()->GetActiveWebContents();
|
| Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext());
|
| content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate();
|
| + bool unused_value;
|
|
|
| state->AllowCert(
|
| kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID);
|
| - EXPECT_EQ(
|
| - net::CertPolicy::ALLOWED,
|
| - state->QueryPolicy(
|
| - kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
|
| + EXPECT_EQ(net::CertPolicy::ALLOWED,
|
| + state->QueryPolicy(kWWWGoogleHost,
|
| + google_cert.get(),
|
| + net::CERT_STATUS_DATE_INVALID,
|
| + &unused_value));
|
| }
|
|
|
| IN_PROC_BROWSER_TEST_F(RememberSSLHostStateDelegateTest, AfterRestart) {
|
| @@ -418,6 +454,7 @@ IN_PROC_BROWSER_TEST_F(RememberSSLHostStateDelegateTest, AfterRestart) {
|
| browser()->tab_strip_model()->GetActiveWebContents();
|
| Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext());
|
| content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate();
|
| + bool unused_value;
|
|
|
| // chrome_state takes ownership of this clock
|
| base::SimpleTestClock* clock = new base::SimpleTestClock();
|
| @@ -430,19 +467,84 @@ IN_PROC_BROWSER_TEST_F(RememberSSLHostStateDelegateTest, AfterRestart) {
|
|
|
| // This should only pass if the cert was allowed before the test was restart
|
| // and thus has now been rememebered across browser restarts.
|
| - EXPECT_EQ(
|
| - net::CertPolicy::ALLOWED,
|
| - state->QueryPolicy(
|
| - kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
|
| + EXPECT_EQ(net::CertPolicy::ALLOWED,
|
| + state->QueryPolicy(kWWWGoogleHost,
|
| + google_cert.get(),
|
| + net::CERT_STATUS_DATE_INVALID,
|
| + &unused_value));
|
|
|
| // Simulate the clock advancing by the specified delta.
|
| clock->Advance(base::TimeDelta::FromSeconds(kDeltaOneDayInSeconds + 1));
|
|
|
| // The cert should now be |UNKONWN| because the specified delta has passed.
|
| - EXPECT_EQ(
|
| - net::CertPolicy::UNKNOWN,
|
| - state->QueryPolicy(
|
| - kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
|
| + EXPECT_EQ(net::CertPolicy::UNKNOWN,
|
| + state->QueryPolicy(kWWWGoogleHost,
|
| + google_cert.get(),
|
| + net::CERT_STATUS_DATE_INVALID,
|
| + &unused_value));
|
| +}
|
| +
|
| +// QueryPolicyExpired unit tests to make sure that if a certificate decision has
|
| +// expired, the return value from QueryPolicy returns the correct vaule.
|
| +IN_PROC_BROWSER_TEST_F(RememberSSLHostStateDelegateTest, QueryPolicyExpired) {
|
| + scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert();
|
| + content::WebContents* tab =
|
| + browser()->tab_strip_model()->GetActiveWebContents();
|
| + Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext());
|
| + content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate();
|
| + bool expired_previous_decision;
|
| +
|
| + // chrome_state takes ownership of this clock
|
| + base::SimpleTestClock* clock = new base::SimpleTestClock();
|
| + ChromeSSLHostStateDelegate* chrome_state =
|
| + static_cast<ChromeSSLHostStateDelegate*>(state);
|
| + chrome_state->SetClock(scoped_ptr<base::Clock>(clock));
|
| +
|
| + // Start the clock at standard system time but do not advance at all to
|
| + // emphasize that instant forget works.
|
| + clock->SetNow(base::Time::NowFromSystemTime());
|
| +
|
| + // The certificate has never been seen before, so it should be UNKONWN and
|
| + // should also indicate that it hasn't expired.
|
| + EXPECT_EQ(net::CertPolicy::UNKNOWN,
|
| + state->QueryPolicy(kWWWGoogleHost,
|
| + google_cert.get(),
|
| + net::CERT_STATUS_DATE_INVALID,
|
| + &expired_previous_decision));
|
| + EXPECT_FALSE(expired_previous_decision);
|
| +
|
| + // After allowing the certificate, a query should say that it is allowed and
|
| + // also specify that it hasn't expired.
|
| + state->AllowCert(
|
| + kWWWGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID);
|
| + EXPECT_EQ(net::CertPolicy::ALLOWED,
|
| + state->QueryPolicy(kWWWGoogleHost,
|
| + google_cert.get(),
|
| + net::CERT_STATUS_DATE_INVALID,
|
| + &expired_previous_decision));
|
| + EXPECT_FALSE(expired_previous_decision);
|
| +
|
| + // Simulate the clock advancing by the specified delta.
|
| + clock->Advance(base::TimeDelta::FromSeconds(kDeltaOneDayInSeconds + 1));
|
| +
|
| + // The decision expiration time has come, so it should indicate that the
|
| + // certificate and error are UNKOWN but also that they expired since the last
|
| + // query.
|
| + EXPECT_EQ(net::CertPolicy::UNKNOWN,
|
| + state->QueryPolicy(kWWWGoogleHost,
|
| + google_cert.get(),
|
| + net::CERT_STATUS_DATE_INVALID,
|
| + &expired_previous_decision));
|
| + EXPECT_TRUE(expired_previous_decision);
|
| +
|
| + // However, with a new query, it should indicate that no new expiration has
|
| + // occurred.
|
| + EXPECT_EQ(net::CertPolicy::UNKNOWN,
|
| + state->QueryPolicy(kWWWGoogleHost,
|
| + google_cert.get(),
|
| + net::CERT_STATUS_DATE_INVALID,
|
| + &expired_previous_decision));
|
| + EXPECT_FALSE(expired_previous_decision);
|
| }
|
|
|
| // Tests to make sure that if the user deletes their browser history, SSL
|
| @@ -467,6 +569,7 @@ IN_PROC_BROWSER_TEST_F(RemoveBrowsingHistorySSLHostStateDelegateTest,
|
| browser()->tab_strip_model()->GetActiveWebContents();
|
| Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext());
|
| content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate();
|
| + bool unused_value;
|
|
|
| // Add an exception for an invalid certificate. Then remove the last hour's
|
| // worth of browsing history and verify that the exception has been deleted.
|
| @@ -474,6 +577,8 @@ IN_PROC_BROWSER_TEST_F(RemoveBrowsingHistorySSLHostStateDelegateTest,
|
| kGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID);
|
| RemoveAndWait(profile);
|
| EXPECT_EQ(net::CertPolicy::UNKNOWN,
|
| - state->QueryPolicy(
|
| - kGoogleHost, google_cert.get(), net::CERT_STATUS_DATE_INVALID));
|
| + state->QueryPolicy(kGoogleHost,
|
| + google_cert.get(),
|
| + net::CERT_STATUS_DATE_INVALID,
|
| + &unused_value));
|
| }
|
|
|
Chromium Code Reviews
Issue 450833002:
Add additional UMA stats for remembering certificate decisions. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src