| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/ssl/chrome_ssl_host_state_delegate.h" | 5 #include "chrome/browser/ssl/chrome_ssl_host_state_delegate.h" |
| 6 | 6 |
| 7 #include <stdint.h> | 7 #include <stdint.h> |
| 8 | 8 |
| 9 #include "base/command_line.h" | 9 #include "base/command_line.h" |
| 10 #include "base/strings/string_number_conversions.h" | 10 #include "base/strings/string_number_conversions.h" |
| (...skipping 45 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 56 // QueryPolicy unit tests the expected behavior of calling QueryPolicy on the | 56 // QueryPolicy unit tests the expected behavior of calling QueryPolicy on the |
| 57 // SSLHostStateDelegate class after various SSL cert decisions have been made. | 57 // SSLHostStateDelegate class after various SSL cert decisions have been made. |
| 58 IN_PROC_BROWSER_TEST_F(ChromeSSLHostStateDelegateTest, QueryPolicy) { | 58 IN_PROC_BROWSER_TEST_F(ChromeSSLHostStateDelegateTest, QueryPolicy) { |
| 59 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); | 59 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); |
| 60 content::WebContents* tab = | 60 content::WebContents* tab = |
| 61 browser()->tab_strip_model()->GetActiveWebContents(); | 61 browser()->tab_strip_model()->GetActiveWebContents(); |
| 62 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); | 62 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
| 63 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); | 63 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); |
| 64 bool unused_value; | 64 bool unused_value; |
| 65 | 65 |
| 66 // Verifying that all three of the certs we will be looking at are unknown | 66 // Verifying that all three of the certs we will be looking at are denied |
| 67 // before any action has been taken. | 67 // before any action has been taken. |
| 68 EXPECT_EQ(net::CertPolicy::UNKNOWN, | 68 EXPECT_EQ(content::SSLHostStateDelegate::DENIED, |
| 69 state->QueryPolicy(kWWWGoogleHost, | 69 state->QueryPolicy(kWWWGoogleHost, |
| 70 *google_cert.get(), | 70 *google_cert.get(), |
| 71 net::CERT_STATUS_DATE_INVALID, | 71 net::CERT_STATUS_DATE_INVALID, |
| 72 &unused_value)); | 72 &unused_value)); |
| 73 EXPECT_EQ(net::CertPolicy::UNKNOWN, | 73 EXPECT_EQ(content::SSLHostStateDelegate::DENIED, |
| 74 state->QueryPolicy(kGoogleHost, | 74 state->QueryPolicy(kGoogleHost, |
| 75 *google_cert.get(), | 75 *google_cert.get(), |
| 76 net::CERT_STATUS_DATE_INVALID, | 76 net::CERT_STATUS_DATE_INVALID, |
| 77 &unused_value)); | 77 &unused_value)); |
| 78 EXPECT_EQ(net::CertPolicy::UNKNOWN, | 78 EXPECT_EQ(content::SSLHostStateDelegate::DENIED, |
| 79 state->QueryPolicy(kExampleHost, | 79 state->QueryPolicy(kExampleHost, |
| 80 *google_cert.get(), | 80 *google_cert.get(), |
| 81 net::CERT_STATUS_DATE_INVALID, | 81 net::CERT_STATUS_DATE_INVALID, |
| 82 &unused_value)); | 82 &unused_value)); |
| 83 | 83 |
| 84 // Simulate a user decision to allow an invalid certificate exception for | 84 // Simulate a user decision to allow an invalid certificate exception for |
| 85 // kWWWGoogleHost. | 85 // kWWWGoogleHost. |
| 86 state->AllowCert( | 86 state->AllowCert( |
| 87 kWWWGoogleHost, *google_cert.get(), net::CERT_STATUS_DATE_INVALID); | 87 kWWWGoogleHost, *google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
| 88 | 88 |
| 89 // Verify that only kWWWGoogleHost is allowed and that the other two certs | 89 // Verify that only kWWWGoogleHost is allowed and that the other two certs |
| 90 // being tested still have no decision associated with them. | 90 // being tested still are denied. |
| 91 EXPECT_EQ(net::CertPolicy::ALLOWED, | 91 EXPECT_EQ(content::SSLHostStateDelegate::ALLOWED, |
| 92 state->QueryPolicy(kWWWGoogleHost, | 92 state->QueryPolicy(kWWWGoogleHost, |
| 93 *google_cert.get(), | 93 *google_cert.get(), |
| 94 net::CERT_STATUS_DATE_INVALID, | 94 net::CERT_STATUS_DATE_INVALID, |
| 95 &unused_value)); | 95 &unused_value)); |
| 96 EXPECT_EQ(net::CertPolicy::UNKNOWN, | 96 EXPECT_EQ(content::SSLHostStateDelegate::DENIED, |
| 97 state->QueryPolicy(kGoogleHost, | 97 state->QueryPolicy(kGoogleHost, |
| 98 *google_cert.get(), | 98 *google_cert.get(), |
| 99 net::CERT_STATUS_DATE_INVALID, | 99 net::CERT_STATUS_DATE_INVALID, |
| 100 &unused_value)); | 100 &unused_value)); |
| 101 EXPECT_EQ(net::CertPolicy::UNKNOWN, | 101 EXPECT_EQ(content::SSLHostStateDelegate::DENIED, |
| 102 state->QueryPolicy(kExampleHost, | 102 state->QueryPolicy(kExampleHost, |
| 103 *google_cert.get(), | 103 *google_cert.get(), |
| 104 net::CERT_STATUS_DATE_INVALID, | 104 net::CERT_STATUS_DATE_INVALID, |
| 105 &unused_value)); | 105 &unused_value)); |
| 106 | 106 |
| 107 // Simulate a user decision to allow an invalid certificate exception for | 107 // Simulate a user decision to allow an invalid certificate exception for |
| 108 // kExampleHost. | 108 // kExampleHost. |
| 109 state->AllowCert( | 109 state->AllowCert( |
| 110 kExampleHost, *google_cert.get(), net::CERT_STATUS_DATE_INVALID); | 110 kExampleHost, *google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
| 111 | 111 |
| 112 // Verify that both kWWWGoogleHost and kExampleHost have allow exceptions | 112 // Verify that both kWWWGoogleHost and kExampleHost have allow exceptions |
| 113 // while kGoogleHost still has no associated decision. | 113 // while kGoogleHost still is denied. |
| 114 EXPECT_EQ(net::CertPolicy::ALLOWED, | 114 EXPECT_EQ(content::SSLHostStateDelegate::ALLOWED, |
| 115 state->QueryPolicy(kWWWGoogleHost, | 115 state->QueryPolicy(kWWWGoogleHost, |
| 116 *google_cert.get(), | 116 *google_cert.get(), |
| 117 net::CERT_STATUS_DATE_INVALID, | 117 net::CERT_STATUS_DATE_INVALID, |
| 118 &unused_value)); | 118 &unused_value)); |
| 119 EXPECT_EQ(net::CertPolicy::UNKNOWN, | 119 EXPECT_EQ(content::SSLHostStateDelegate::DENIED, |
| 120 state->QueryPolicy(kGoogleHost, | 120 state->QueryPolicy(kGoogleHost, |
| 121 *google_cert.get(), | 121 *google_cert.get(), |
| 122 net::CERT_STATUS_DATE_INVALID, | 122 net::CERT_STATUS_DATE_INVALID, |
| 123 &unused_value)); | 123 &unused_value)); |
| 124 EXPECT_EQ(net::CertPolicy::ALLOWED, | 124 EXPECT_EQ(content::SSLHostStateDelegate::ALLOWED, |
| 125 state->QueryPolicy(kExampleHost, | 125 state->QueryPolicy(kExampleHost, |
| 126 *google_cert.get(), | 126 *google_cert.get(), |
| 127 net::CERT_STATUS_DATE_INVALID, | 127 net::CERT_STATUS_DATE_INVALID, |
| 128 &unused_value)); | |
| 129 | |
| 130 // Simulate a user decision to deny an invalid certificate for kExampleHost. | |
| 131 state->DenyCert( | |
| 132 kExampleHost, *google_cert.get(), net::CERT_STATUS_DATE_INVALID); | |
| 133 | |
| 134 // Verify that kWWWGoogleHost is allowed and kExampleHost is denied while | |
| 135 // kGoogleHost still has no associated decision. | |
| 136 EXPECT_EQ(net::CertPolicy::ALLOWED, | |
| 137 state->QueryPolicy(kWWWGoogleHost, | |
| 138 *google_cert.get(), | |
| 139 net::CERT_STATUS_DATE_INVALID, | |
| 140 &unused_value)); | |
| 141 EXPECT_EQ(net::CertPolicy::UNKNOWN, | |
| 142 state->QueryPolicy(kGoogleHost, | |
| 143 *google_cert.get(), | |
| 144 net::CERT_STATUS_DATE_INVALID, | |
| 145 &unused_value)); | |
| 146 EXPECT_EQ(net::CertPolicy::DENIED, | |
| 147 state->QueryPolicy(kExampleHost, | |
| 148 *google_cert.get(), | |
| 149 net::CERT_STATUS_DATE_INVALID, | |
| 150 &unused_value)); | 128 &unused_value)); |
| 151 } | 129 } |
| 152 | 130 |
| 153 // HasPolicyAndRevoke unit tests the expected behavior of calling | 131 // HasPolicyAndRevoke unit tests the expected behavior of calling |
| 154 // HasUserDecision before and after calling RevokeUserDecisions on the | 132 // HasAllowException before and after calling RevokeUserAllowExceptions on the |
| 155 // SSLHostStateDelegate class. | 133 // SSLHostStateDelegate class. |
| 156 IN_PROC_BROWSER_TEST_F(ChromeSSLHostStateDelegateTest, HasPolicyAndRevoke) { | 134 IN_PROC_BROWSER_TEST_F(ChromeSSLHostStateDelegateTest, HasPolicyAndRevoke) { |
| 157 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); | 135 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); |
| 158 content::WebContents* tab = | 136 content::WebContents* tab = |
| 159 browser()->tab_strip_model()->GetActiveWebContents(); | 137 browser()->tab_strip_model()->GetActiveWebContents(); |
| 160 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); | 138 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
| 161 ChromeSSLHostStateDelegate* state = | 139 ChromeSSLHostStateDelegate* state = |
| 162 ChromeSSLHostStateDelegateFactory::GetForProfile(profile); | 140 ChromeSSLHostStateDelegateFactory::GetForProfile(profile); |
| 163 bool unused_value; | 141 bool unused_value; |
| 164 | 142 |
| 165 // Simulate a user decision to allow an invalid certificate exception for | 143 // Simulate a user decision to allow an invalid certificate exception for |
| 166 // kWWWGoogleHost and for kExampleHost. | 144 // kWWWGoogleHost and for kExampleHost. |
| 167 state->AllowCert( | 145 state->AllowCert( |
| 168 kWWWGoogleHost, *google_cert.get(), net::CERT_STATUS_DATE_INVALID); | 146 kWWWGoogleHost, *google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
| 169 state->AllowCert( | 147 state->AllowCert( |
| 170 kExampleHost, *google_cert.get(), net::CERT_STATUS_DATE_INVALID); | 148 kExampleHost, *google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
| 171 | 149 |
| 172 // Verify that HasUserDecision correctly acknowledges that a user decision has | 150 // Verify that HasAllowException correctly acknowledges that a user decision |
| 173 // been made about kWWWGoogleHost. Then verify that HasUserDecision correctly | 151 // has been made about kWWWGoogleHost. Then verify that HasAllowException |
| 174 // identifies that the decision has been revoked. | 152 // correctly identifies that the decision has been revoked. |
| 175 EXPECT_TRUE(state->HasUserDecision(kWWWGoogleHost)); | 153 EXPECT_TRUE(state->HasAllowException(kWWWGoogleHost)); |
| 176 state->RevokeUserDecisions(kWWWGoogleHost); | 154 state->RevokeUserAllowExceptions(kWWWGoogleHost); |
| 177 EXPECT_FALSE(state->HasUserDecision(kWWWGoogleHost)); | 155 EXPECT_FALSE(state->HasAllowException(kWWWGoogleHost)); |
| 178 EXPECT_EQ(net::CertPolicy::UNKNOWN, | 156 EXPECT_EQ(content::SSLHostStateDelegate::DENIED, |
| 179 state->QueryPolicy(kWWWGoogleHost, | 157 state->QueryPolicy(kWWWGoogleHost, |
| 180 *google_cert.get(), | 158 *google_cert.get(), |
| 181 net::CERT_STATUS_DATE_INVALID, | 159 net::CERT_STATUS_DATE_INVALID, |
| 182 &unused_value)); | 160 &unused_value)); |
| 183 | 161 |
| 184 // Verify that the revocation of the kWWWGoogleHost decision does not affect | 162 // Verify that the revocation of the kWWWGoogleHost decision does not affect |
| 185 // the Allow for kExampleHost. | 163 // the Allow for kExampleHost. |
| 186 EXPECT_TRUE(state->HasUserDecision(kExampleHost)); | 164 EXPECT_TRUE(state->HasAllowException(kExampleHost)); |
| 187 | 165 |
| 188 // Verify the revocation of the kWWWGoogleHost decision does not affect the | 166 // Verify the revocation of the kWWWGoogleHost decision does not affect the |
| 189 // non-decision for kGoogleHost. Then verify that a revocation of a URL with | 167 // non-decision for kGoogleHost. Then verify that a revocation of a URL with |
| 190 // no decision has no effect. | 168 // no decision has no effect. |
| 191 EXPECT_FALSE(state->HasUserDecision(kGoogleHost)); | 169 EXPECT_FALSE(state->HasAllowException(kGoogleHost)); |
| 192 state->RevokeUserDecisions(kGoogleHost); | 170 state->RevokeUserAllowExceptions(kGoogleHost); |
| 193 EXPECT_FALSE(state->HasUserDecision(kGoogleHost)); | 171 EXPECT_FALSE(state->HasAllowException(kGoogleHost)); |
| 194 } | 172 } |
| 195 | 173 |
| 196 // Clear unit tests the expected behavior of calling Clear to forget all cert | 174 // Clear unit tests the expected behavior of calling Clear to forget all cert |
| 197 // decision state on the SSLHostStateDelegate class. | 175 // decision state on the SSLHostStateDelegate class. |
| 198 IN_PROC_BROWSER_TEST_F(ChromeSSLHostStateDelegateTest, Clear) { | 176 IN_PROC_BROWSER_TEST_F(ChromeSSLHostStateDelegateTest, Clear) { |
| 199 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); | 177 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); |
| 200 content::WebContents* tab = | 178 content::WebContents* tab = |
| 201 browser()->tab_strip_model()->GetActiveWebContents(); | 179 browser()->tab_strip_model()->GetActiveWebContents(); |
| 202 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); | 180 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
| 203 ChromeSSLHostStateDelegate* state = | 181 ChromeSSLHostStateDelegate* state = |
| 204 ChromeSSLHostStateDelegateFactory::GetForProfile(profile); | 182 ChromeSSLHostStateDelegateFactory::GetForProfile(profile); |
| 205 bool unused_value; | 183 bool unused_value; |
| 206 | 184 |
| 207 // Simulate a user decision to allow an invalid certificate exception for | 185 // Simulate a user decision to allow an invalid certificate exception for |
| 208 // kWWWGoogleHost and for kExampleHost. | 186 // kWWWGoogleHost and for kExampleHost. |
| 209 state->AllowCert( | 187 state->AllowCert( |
| 210 kWWWGoogleHost, *google_cert.get(), net::CERT_STATUS_DATE_INVALID); | 188 kWWWGoogleHost, *google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
| 211 | 189 |
| 212 // Do a full clear, then make sure that both kWWWGoogleHost, which had a | 190 // Do a full clear, then make sure that both kWWWGoogleHost, which had a |
| 213 // decision made, and kExampleHost, which was untouched, are now in a | 191 // decision made, and kExampleHost, which was untouched, are now in a denied |
| 214 // non-decision state. | 192 // state. |
| 215 state->Clear(); | 193 state->Clear(); |
| 216 EXPECT_FALSE(state->HasUserDecision(kWWWGoogleHost)); | 194 EXPECT_FALSE(state->HasAllowException(kWWWGoogleHost)); |
| 217 EXPECT_EQ(net::CertPolicy::UNKNOWN, | 195 EXPECT_EQ(content::SSLHostStateDelegate::DENIED, |
| 218 state->QueryPolicy(kWWWGoogleHost, | 196 state->QueryPolicy(kWWWGoogleHost, |
| 219 *google_cert.get(), | 197 *google_cert.get(), |
| 220 net::CERT_STATUS_DATE_INVALID, | 198 net::CERT_STATUS_DATE_INVALID, |
| 221 &unused_value)); | 199 &unused_value)); |
| 222 EXPECT_FALSE(state->HasUserDecision(kExampleHost)); | 200 EXPECT_FALSE(state->HasAllowException(kExampleHost)); |
| 223 EXPECT_EQ(net::CertPolicy::UNKNOWN, | 201 EXPECT_EQ(content::SSLHostStateDelegate::DENIED, |
| 224 state->QueryPolicy(kExampleHost, | 202 state->QueryPolicy(kExampleHost, |
| 225 *google_cert.get(), | 203 *google_cert.get(), |
| 226 net::CERT_STATUS_DATE_INVALID, | 204 net::CERT_STATUS_DATE_INVALID, |
| 227 &unused_value)); | 205 &unused_value)); |
| 228 } | 206 } |
| 229 | 207 |
| 230 // DidHostRunInsecureContent unit tests the expected behavior of calling | 208 // DidHostRunInsecureContent unit tests the expected behavior of calling |
| 231 // DidHostRunInsecureContent as well as HostRanInsecureContent to check if | 209 // DidHostRunInsecureContent as well as HostRanInsecureContent to check if |
| 232 // insecure content has been run and to mark it as such. | 210 // insecure content has been run and to mark it as such. |
| 233 IN_PROC_BROWSER_TEST_F(ChromeSSLHostStateDelegateTest, | 211 IN_PROC_BROWSER_TEST_F(ChromeSSLHostStateDelegateTest, |
| (...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 275 | 253 |
| 276 // Add a cert exception to the profile and then verify that it still exists | 254 // Add a cert exception to the profile and then verify that it still exists |
| 277 // in the incognito profile. | 255 // in the incognito profile. |
| 278 state->AllowCert( | 256 state->AllowCert( |
| 279 kWWWGoogleHost, *google_cert.get(), net::CERT_STATUS_DATE_INVALID); | 257 kWWWGoogleHost, *google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
| 280 | 258 |
| 281 scoped_ptr<Profile> incognito(profile->CreateOffTheRecordProfile()); | 259 scoped_ptr<Profile> incognito(profile->CreateOffTheRecordProfile()); |
| 282 content::SSLHostStateDelegate* incognito_state = | 260 content::SSLHostStateDelegate* incognito_state = |
| 283 incognito->GetSSLHostStateDelegate(); | 261 incognito->GetSSLHostStateDelegate(); |
| 284 | 262 |
| 285 EXPECT_EQ(net::CertPolicy::ALLOWED, | 263 EXPECT_EQ(content::SSLHostStateDelegate::ALLOWED, |
| 286 incognito_state->QueryPolicy(kWWWGoogleHost, | 264 incognito_state->QueryPolicy(kWWWGoogleHost, |
| 287 *google_cert.get(), | 265 *google_cert.get(), |
| 288 net::CERT_STATUS_DATE_INVALID, | 266 net::CERT_STATUS_DATE_INVALID, |
| 289 &unused_value)); | 267 &unused_value)); |
| 290 | 268 |
| 291 // Add a cert exception to the incognito profile. It will be checked after | 269 // Add a cert exception to the incognito profile. It will be checked after |
| 292 // restart that this exception does not exist. Note the different cert URL and | 270 // restart that this exception does not exist. Note the different cert URL and |
| 293 // error than above thus mapping to a second exception. Also validate that it | 271 // error than above thus mapping to a second exception. Also validate that it |
| 294 // was not added as an exception to the regular profile. | 272 // was not added as an exception to the regular profile. |
| 295 incognito_state->AllowCert( | 273 incognito_state->AllowCert( |
| 296 kGoogleHost, *google_cert.get(), net::CERT_STATUS_COMMON_NAME_INVALID); | 274 kGoogleHost, *google_cert.get(), net::CERT_STATUS_COMMON_NAME_INVALID); |
| 297 | 275 |
| 298 EXPECT_EQ(net::CertPolicy::UNKNOWN, | 276 EXPECT_EQ(content::SSLHostStateDelegate::DENIED, |
| 299 state->QueryPolicy(kGoogleHost, | 277 state->QueryPolicy(kGoogleHost, |
| 300 *google_cert.get(), | 278 *google_cert.get(), |
| 301 net::CERT_STATUS_COMMON_NAME_INVALID, | 279 net::CERT_STATUS_COMMON_NAME_INVALID, |
| 302 &unused_value)); | 280 &unused_value)); |
| 303 } | 281 } |
| 304 | 282 |
| 305 // AfterRestart ensures that any cert decisions made in an incognito profile are | 283 // AfterRestart ensures that any cert decisions made in an incognito profile are |
| 306 // forgetten after a session restart even if given a command line flag to | 284 // forgetten after a session restart even if given a command line flag to |
| 307 // remember cert decisions after restart. | 285 // remember cert decisions after restart. |
| 308 IN_PROC_BROWSER_TEST_F(IncognitoSSLHostStateDelegateTest, AfterRestart) { | 286 IN_PROC_BROWSER_TEST_F(IncognitoSSLHostStateDelegateTest, AfterRestart) { |
| 309 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); | 287 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); |
| 310 content::WebContents* tab = | 288 content::WebContents* tab = |
| 311 browser()->tab_strip_model()->GetActiveWebContents(); | 289 browser()->tab_strip_model()->GetActiveWebContents(); |
| 312 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); | 290 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
| 313 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); | 291 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); |
| 314 bool unused_value; | 292 bool unused_value; |
| 315 | 293 |
| 316 // Verify that the exception added before restart to the regular | 294 // Verify that the exception added before restart to the regular |
| 317 // (non-incognito) profile still exists and was not cleared after the | 295 // (non-incognito) profile still exists and was not cleared after the |
| 318 // incognito session ended. | 296 // incognito session ended. |
| 319 EXPECT_EQ(net::CertPolicy::ALLOWED, | 297 EXPECT_EQ(content::SSLHostStateDelegate::ALLOWED, |
| 320 state->QueryPolicy(kWWWGoogleHost, | 298 state->QueryPolicy(kWWWGoogleHost, |
| 321 *google_cert.get(), | 299 *google_cert.get(), |
| 322 net::CERT_STATUS_DATE_INVALID, | 300 net::CERT_STATUS_DATE_INVALID, |
| 323 &unused_value)); | 301 &unused_value)); |
| 324 | 302 |
| 325 scoped_ptr<Profile> incognito(profile->CreateOffTheRecordProfile()); | 303 scoped_ptr<Profile> incognito(profile->CreateOffTheRecordProfile()); |
| 326 content::SSLHostStateDelegate* incognito_state = | 304 content::SSLHostStateDelegate* incognito_state = |
| 327 incognito->GetSSLHostStateDelegate(); | 305 incognito->GetSSLHostStateDelegate(); |
| 328 | 306 |
| 329 // Verify that the exception added before restart to the incognito profile was | 307 // Verify that the exception added before restart to the incognito profile was |
| 330 // cleared when the incognito session ended. | 308 // cleared when the incognito session ended. |
| 331 EXPECT_EQ(net::CertPolicy::UNKNOWN, | 309 EXPECT_EQ(content::SSLHostStateDelegate::DENIED, |
| 332 incognito_state->QueryPolicy(kGoogleHost, | 310 incognito_state->QueryPolicy(kGoogleHost, |
| 333 *google_cert.get(), | 311 *google_cert.get(), |
| 334 net::CERT_STATUS_COMMON_NAME_INVALID, | 312 net::CERT_STATUS_COMMON_NAME_INVALID, |
| 335 &unused_value)); | 313 &unused_value)); |
| 336 } | 314 } |
| 337 | 315 |
| 338 // Tests to make sure that if the remember value is set to -1, any decisions | 316 // Tests to make sure that if the remember value is set to -1, any decisions |
| 339 // won't be remembered over a restart. | 317 // won't be remembered over a restart. |
| 340 class ForGetSSLHostStateDelegateTest : public ChromeSSLHostStateDelegateTest { | 318 class ForGetSSLHostStateDelegateTest : public ChromeSSLHostStateDelegateTest { |
| 341 protected: | 319 protected: |
| 342 virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE { | 320 virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE { |
| 343 ChromeSSLHostStateDelegateTest::SetUpCommandLine(command_line); | 321 ChromeSSLHostStateDelegateTest::SetUpCommandLine(command_line); |
| 344 command_line->AppendSwitchASCII(switches::kRememberCertErrorDecisions, | 322 command_line->AppendSwitchASCII(switches::kRememberCertErrorDecisions, |
| 345 kForgetAtSessionEnd); | 323 kForgetAtSessionEnd); |
| 346 } | 324 } |
| 347 }; | 325 }; |
| 348 | 326 |
| 349 IN_PROC_BROWSER_TEST_F(ForGetSSLHostStateDelegateTest, PRE_AfterRestart) { | 327 IN_PROC_BROWSER_TEST_F(ForGetSSLHostStateDelegateTest, PRE_AfterRestart) { |
| 350 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); | 328 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); |
| 351 content::WebContents* tab = | 329 content::WebContents* tab = |
| 352 browser()->tab_strip_model()->GetActiveWebContents(); | 330 browser()->tab_strip_model()->GetActiveWebContents(); |
| 353 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); | 331 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
| 354 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); | 332 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); |
| 355 bool unused_value; | 333 bool unused_value; |
| 356 | 334 |
| 357 state->AllowCert( | 335 state->AllowCert( |
| 358 kWWWGoogleHost, *google_cert.get(), net::CERT_STATUS_DATE_INVALID); | 336 kWWWGoogleHost, *google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
| 359 EXPECT_EQ(net::CertPolicy::ALLOWED, | 337 EXPECT_EQ(content::SSLHostStateDelegate::ALLOWED, |
| 360 state->QueryPolicy(kWWWGoogleHost, | 338 state->QueryPolicy(kWWWGoogleHost, |
| 361 *google_cert.get(), | 339 *google_cert.get(), |
| 362 net::CERT_STATUS_DATE_INVALID, | 340 net::CERT_STATUS_DATE_INVALID, |
| 363 &unused_value)); | 341 &unused_value)); |
| 364 } | 342 } |
| 365 | 343 |
| 366 IN_PROC_BROWSER_TEST_F(ForGetSSLHostStateDelegateTest, AfterRestart) { | 344 IN_PROC_BROWSER_TEST_F(ForGetSSLHostStateDelegateTest, AfterRestart) { |
| 367 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); | 345 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); |
| 368 content::WebContents* tab = | 346 content::WebContents* tab = |
| 369 browser()->tab_strip_model()->GetActiveWebContents(); | 347 browser()->tab_strip_model()->GetActiveWebContents(); |
| 370 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); | 348 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
| 371 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); | 349 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); |
| 372 bool unused_value; | 350 bool unused_value; |
| 373 | 351 |
| 374 // The cert should now be |UNKONWN| because the profile is set to forget cert | 352 // The cert should now be |DENIED| because the profile is set to forget cert |
| 375 // exceptions after session end. | 353 // exceptions after session end. |
| 376 EXPECT_EQ(net::CertPolicy::UNKNOWN, | 354 EXPECT_EQ(content::SSLHostStateDelegate::DENIED, |
| 377 state->QueryPolicy(kWWWGoogleHost, | 355 state->QueryPolicy(kWWWGoogleHost, |
| 378 *google_cert.get(), | 356 *google_cert.get(), |
| 379 net::CERT_STATUS_DATE_INVALID, | 357 net::CERT_STATUS_DATE_INVALID, |
| 380 &unused_value)); | 358 &unused_value)); |
| 381 } | 359 } |
| 382 | 360 |
| 383 // Tests to make sure that if the remember value is set to 0, any decisions made | 361 // Tests to make sure that if the remember value is set to 0, any decisions made |
| 384 // will be forgetten immediately. | 362 // will be forgetten immediately. |
| 385 class ForgetInstantlySSLHostStateDelegateTest | 363 class ForgetInstantlySSLHostStateDelegateTest |
| 386 : public ChromeSSLHostStateDelegateTest { | 364 : public ChromeSSLHostStateDelegateTest { |
| (...skipping 19 matching lines...) Expand all Loading... |
| 406 ChromeSSLHostStateDelegate* chrome_state = | 384 ChromeSSLHostStateDelegate* chrome_state = |
| 407 static_cast<ChromeSSLHostStateDelegate*>(state); | 385 static_cast<ChromeSSLHostStateDelegate*>(state); |
| 408 chrome_state->SetClock(scoped_ptr<base::Clock>(clock)); | 386 chrome_state->SetClock(scoped_ptr<base::Clock>(clock)); |
| 409 | 387 |
| 410 // Start the clock at standard system time but do not advance at all to | 388 // Start the clock at standard system time but do not advance at all to |
| 411 // emphasize that instant forget works. | 389 // emphasize that instant forget works. |
| 412 clock->SetNow(base::Time::NowFromSystemTime()); | 390 clock->SetNow(base::Time::NowFromSystemTime()); |
| 413 | 391 |
| 414 state->AllowCert( | 392 state->AllowCert( |
| 415 kWWWGoogleHost, *google_cert.get(), net::CERT_STATUS_DATE_INVALID); | 393 kWWWGoogleHost, *google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
| 416 EXPECT_EQ(net::CertPolicy::UNKNOWN, | 394 EXPECT_EQ(content::SSLHostStateDelegate::DENIED, |
| 417 state->QueryPolicy(kWWWGoogleHost, | 395 state->QueryPolicy(kWWWGoogleHost, |
| 418 *google_cert.get(), | 396 *google_cert.get(), |
| 419 net::CERT_STATUS_DATE_INVALID, | 397 net::CERT_STATUS_DATE_INVALID, |
| 420 &unused_value)); | 398 &unused_value)); |
| 421 } | 399 } |
| 422 | 400 |
| 423 // Tests to make sure that if the remember value is set to a non-zero value0, | 401 // Tests to make sure that if the remember value is set to a non-zero value, |
| 424 // any decisions will be remembered over a restart, but only for the length | 402 // any decisions will be remembered over a restart, but only for the length |
| 425 // specified. | 403 // specified. |
| 426 class RememberSSLHostStateDelegateTest : public ChromeSSLHostStateDelegateTest { | 404 class RememberSSLHostStateDelegateTest : public ChromeSSLHostStateDelegateTest { |
| 427 protected: | 405 protected: |
| 428 virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE { | 406 virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE { |
| 429 ChromeSSLHostStateDelegateTest::SetUpCommandLine(command_line); | 407 ChromeSSLHostStateDelegateTest::SetUpCommandLine(command_line); |
| 430 command_line->AppendSwitchASCII(switches::kRememberCertErrorDecisions, | 408 command_line->AppendSwitchASCII(switches::kRememberCertErrorDecisions, |
| 431 kDeltaSecondsString); | 409 kDeltaSecondsString); |
| 432 } | 410 } |
| 433 }; | 411 }; |
| 434 | 412 |
| 435 IN_PROC_BROWSER_TEST_F(RememberSSLHostStateDelegateTest, PRE_AfterRestart) { | 413 IN_PROC_BROWSER_TEST_F(RememberSSLHostStateDelegateTest, PRE_AfterRestart) { |
| 436 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); | 414 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); |
| 437 content::WebContents* tab = | 415 content::WebContents* tab = |
| 438 browser()->tab_strip_model()->GetActiveWebContents(); | 416 browser()->tab_strip_model()->GetActiveWebContents(); |
| 439 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); | 417 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
| 440 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); | 418 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); |
| 441 bool unused_value; | 419 bool unused_value; |
| 442 | 420 |
| 443 state->AllowCert( | 421 state->AllowCert( |
| 444 kWWWGoogleHost, *google_cert.get(), net::CERT_STATUS_DATE_INVALID); | 422 kWWWGoogleHost, *google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
| 445 EXPECT_EQ(net::CertPolicy::ALLOWED, | 423 EXPECT_EQ(content::SSLHostStateDelegate::ALLOWED, |
| 446 state->QueryPolicy(kWWWGoogleHost, | 424 state->QueryPolicy(kWWWGoogleHost, |
| 447 *google_cert.get(), | 425 *google_cert.get(), |
| 448 net::CERT_STATUS_DATE_INVALID, | 426 net::CERT_STATUS_DATE_INVALID, |
| 449 &unused_value)); | 427 &unused_value)); |
| 450 } | 428 } |
| 451 | 429 |
| 452 IN_PROC_BROWSER_TEST_F(RememberSSLHostStateDelegateTest, AfterRestart) { | 430 IN_PROC_BROWSER_TEST_F(RememberSSLHostStateDelegateTest, AfterRestart) { |
| 453 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); | 431 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); |
| 454 content::WebContents* tab = | 432 content::WebContents* tab = |
| 455 browser()->tab_strip_model()->GetActiveWebContents(); | 433 browser()->tab_strip_model()->GetActiveWebContents(); |
| 456 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); | 434 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
| 457 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); | 435 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); |
| 458 bool unused_value; | 436 bool unused_value; |
| 459 | 437 |
| 460 // chrome_state takes ownership of this clock | 438 // chrome_state takes ownership of this clock |
| 461 base::SimpleTestClock* clock = new base::SimpleTestClock(); | 439 base::SimpleTestClock* clock = new base::SimpleTestClock(); |
| 462 ChromeSSLHostStateDelegate* chrome_state = | 440 ChromeSSLHostStateDelegate* chrome_state = |
| 463 static_cast<ChromeSSLHostStateDelegate*>(state); | 441 static_cast<ChromeSSLHostStateDelegate*>(state); |
| 464 chrome_state->SetClock(scoped_ptr<base::Clock>(clock)); | 442 chrome_state->SetClock(scoped_ptr<base::Clock>(clock)); |
| 465 | 443 |
| 466 // Start the clock at standard system time. | 444 // Start the clock at standard system time. |
| 467 clock->SetNow(base::Time::NowFromSystemTime()); | 445 clock->SetNow(base::Time::NowFromSystemTime()); |
| 468 | 446 |
| 469 // This should only pass if the cert was allowed before the test was restart | 447 // This should only pass if the cert was allowed before the test was restart |
| 470 // and thus has now been rememebered across browser restarts. | 448 // and thus has now been rememebered across browser restarts. |
| 471 EXPECT_EQ(net::CertPolicy::ALLOWED, | 449 EXPECT_EQ(content::SSLHostStateDelegate::ALLOWED, |
| 472 state->QueryPolicy(kWWWGoogleHost, | 450 state->QueryPolicy(kWWWGoogleHost, |
| 473 *google_cert.get(), | 451 *google_cert.get(), |
| 474 net::CERT_STATUS_DATE_INVALID, | 452 net::CERT_STATUS_DATE_INVALID, |
| 475 &unused_value)); | 453 &unused_value)); |
| 476 | 454 |
| 477 // Simulate the clock advancing by the specified delta. | 455 // Simulate the clock advancing by the specified delta. |
| 478 clock->Advance(base::TimeDelta::FromSeconds(kDeltaOneDayInSeconds + 1)); | 456 clock->Advance(base::TimeDelta::FromSeconds(kDeltaOneDayInSeconds + 1)); |
| 479 | 457 |
| 480 // The cert should now be |UNKONWN| because the specified delta has passed. | 458 // The cert should now be |DENIED| because the specified delta has passed. |
| 481 EXPECT_EQ(net::CertPolicy::UNKNOWN, | 459 EXPECT_EQ(content::SSLHostStateDelegate::DENIED, |
| 482 state->QueryPolicy(kWWWGoogleHost, | 460 state->QueryPolicy(kWWWGoogleHost, |
| 483 *google_cert.get(), | 461 *google_cert.get(), |
| 484 net::CERT_STATUS_DATE_INVALID, | 462 net::CERT_STATUS_DATE_INVALID, |
| 485 &unused_value)); | 463 &unused_value)); |
| 486 } | 464 } |
| 487 | 465 |
| 488 // QueryPolicyExpired unit tests to make sure that if a certificate decision has | 466 // QueryPolicyExpired unit tests to make sure that if a certificate decision has |
| 489 // expired, the return value from QueryPolicy returns the correct vaule. | 467 // expired, the return value from QueryPolicy returns the correct vaule. |
| 490 IN_PROC_BROWSER_TEST_F(RememberSSLHostStateDelegateTest, QueryPolicyExpired) { | 468 IN_PROC_BROWSER_TEST_F(RememberSSLHostStateDelegateTest, QueryPolicyExpired) { |
| 491 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); | 469 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); |
| 492 content::WebContents* tab = | 470 content::WebContents* tab = |
| 493 browser()->tab_strip_model()->GetActiveWebContents(); | 471 browser()->tab_strip_model()->GetActiveWebContents(); |
| 494 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); | 472 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
| 495 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); | 473 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); |
| 496 bool expired_previous_decision; | 474 bool expired_previous_decision; |
| 497 | 475 |
| 498 // chrome_state takes ownership of this clock | 476 // chrome_state takes ownership of this clock |
| 499 base::SimpleTestClock* clock = new base::SimpleTestClock(); | 477 base::SimpleTestClock* clock = new base::SimpleTestClock(); |
| 500 ChromeSSLHostStateDelegate* chrome_state = | 478 ChromeSSLHostStateDelegate* chrome_state = |
| 501 static_cast<ChromeSSLHostStateDelegate*>(state); | 479 static_cast<ChromeSSLHostStateDelegate*>(state); |
| 502 chrome_state->SetClock(scoped_ptr<base::Clock>(clock)); | 480 chrome_state->SetClock(scoped_ptr<base::Clock>(clock)); |
| 503 | 481 |
| 504 // Start the clock at standard system time but do not advance at all to | 482 // Start the clock at standard system time but do not advance at all to |
| 505 // emphasize that instant forget works. | 483 // emphasize that instant forget works. |
| 506 clock->SetNow(base::Time::NowFromSystemTime()); | 484 clock->SetNow(base::Time::NowFromSystemTime()); |
| 507 | 485 |
| 508 // The certificate has never been seen before, so it should be UNKONWN and | 486 // The certificate has never been seen before, so it should be UNKONWN and |
| 509 // should also indicate that it hasn't expired. | 487 // should also indicate that it hasn't expired. |
| 510 EXPECT_EQ(net::CertPolicy::UNKNOWN, | 488 EXPECT_EQ(content::SSLHostStateDelegate::DENIED, |
| 511 state->QueryPolicy(kWWWGoogleHost, | 489 state->QueryPolicy(kWWWGoogleHost, |
| 512 *google_cert.get(), | 490 *google_cert.get(), |
| 513 net::CERT_STATUS_DATE_INVALID, | 491 net::CERT_STATUS_DATE_INVALID, |
| 514 &expired_previous_decision)); | 492 &expired_previous_decision)); |
| 515 EXPECT_FALSE(expired_previous_decision); | 493 EXPECT_FALSE(expired_previous_decision); |
| 516 | 494 |
| 517 // After allowing the certificate, a query should say that it is allowed and | 495 // After allowing the certificate, a query should say that it is allowed and |
| 518 // also specify that it hasn't expired. | 496 // also specify that it hasn't expired. |
| 519 state->AllowCert( | 497 state->AllowCert( |
| 520 kWWWGoogleHost, *google_cert.get(), net::CERT_STATUS_DATE_INVALID); | 498 kWWWGoogleHost, *google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
| 521 EXPECT_EQ(net::CertPolicy::ALLOWED, | 499 EXPECT_EQ(content::SSLHostStateDelegate::ALLOWED, |
| 522 state->QueryPolicy(kWWWGoogleHost, | 500 state->QueryPolicy(kWWWGoogleHost, |
| 523 *google_cert.get(), | 501 *google_cert.get(), |
| 524 net::CERT_STATUS_DATE_INVALID, | 502 net::CERT_STATUS_DATE_INVALID, |
| 525 &expired_previous_decision)); | 503 &expired_previous_decision)); |
| 526 EXPECT_FALSE(expired_previous_decision); | 504 EXPECT_FALSE(expired_previous_decision); |
| 527 | 505 |
| 528 // Simulate the clock advancing by the specified delta. | 506 // Simulate the clock advancing by the specified delta. |
| 529 clock->Advance(base::TimeDelta::FromSeconds(kDeltaOneDayInSeconds + 1)); | 507 clock->Advance(base::TimeDelta::FromSeconds(kDeltaOneDayInSeconds + 1)); |
| 530 | 508 |
| 531 // The decision expiration time has come, so it should indicate that the | 509 // The decision expiration time has come, so it should indicate that the |
| 532 // certificate and error are UNKOWN but also that they expired since the last | 510 // certificate and error are DENIED but also that they expired since the last |
| 533 // query. | 511 // query. |
| 534 EXPECT_EQ(net::CertPolicy::UNKNOWN, | 512 EXPECT_EQ(content::SSLHostStateDelegate::DENIED, |
| 535 state->QueryPolicy(kWWWGoogleHost, | 513 state->QueryPolicy(kWWWGoogleHost, |
| 536 *google_cert.get(), | 514 *google_cert.get(), |
| 537 net::CERT_STATUS_DATE_INVALID, | 515 net::CERT_STATUS_DATE_INVALID, |
| 538 &expired_previous_decision)); | 516 &expired_previous_decision)); |
| 539 EXPECT_TRUE(expired_previous_decision); | 517 EXPECT_TRUE(expired_previous_decision); |
| 540 | 518 |
| 541 // However, with a new query, it should indicate that no new expiration has | 519 // However, with a new query, it should indicate that no new expiration has |
| 542 // occurred. | 520 // occurred. |
| 543 EXPECT_EQ(net::CertPolicy::UNKNOWN, | 521 EXPECT_EQ(content::SSLHostStateDelegate::DENIED, |
| 544 state->QueryPolicy(kWWWGoogleHost, | 522 state->QueryPolicy(kWWWGoogleHost, |
| 545 *google_cert.get(), | 523 *google_cert.get(), |
| 546 net::CERT_STATUS_DATE_INVALID, | 524 net::CERT_STATUS_DATE_INVALID, |
| 547 &expired_previous_decision)); | 525 &expired_previous_decision)); |
| 548 EXPECT_FALSE(expired_previous_decision); | 526 EXPECT_FALSE(expired_previous_decision); |
| 549 } | 527 } |
| 550 | 528 |
| 551 // Tests to make sure that if the user deletes their browser history, SSL | 529 // Tests to make sure that if the user deletes their browser history, SSL |
| 552 // exceptions will be deleted as well. | 530 // exceptions will be deleted as well. |
| 553 class RemoveBrowsingHistorySSLHostStateDelegateTest | 531 class RemoveBrowsingHistorySSLHostStateDelegateTest |
| (...skipping 16 matching lines...) Expand all Loading... |
| 570 browser()->tab_strip_model()->GetActiveWebContents(); | 548 browser()->tab_strip_model()->GetActiveWebContents(); |
| 571 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); | 549 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
| 572 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); | 550 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); |
| 573 bool unused_value; | 551 bool unused_value; |
| 574 | 552 |
| 575 // Add an exception for an invalid certificate. Then remove the last hour's | 553 // Add an exception for an invalid certificate. Then remove the last hour's |
| 576 // worth of browsing history and verify that the exception has been deleted. | 554 // worth of browsing history and verify that the exception has been deleted. |
| 577 state->AllowCert( | 555 state->AllowCert( |
| 578 kGoogleHost, *google_cert.get(), net::CERT_STATUS_DATE_INVALID); | 556 kGoogleHost, *google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
| 579 RemoveAndWait(profile); | 557 RemoveAndWait(profile); |
| 580 EXPECT_EQ(net::CertPolicy::UNKNOWN, | 558 EXPECT_EQ(content::SSLHostStateDelegate::DENIED, |
| 581 state->QueryPolicy(kGoogleHost, | 559 state->QueryPolicy(kGoogleHost, |
| 582 *google_cert.get(), | 560 *google_cert.get(), |
| 583 net::CERT_STATUS_DATE_INVALID, | 561 net::CERT_STATUS_DATE_INVALID, |
| 584 &unused_value)); | 562 &unused_value)); |
| 585 } | 563 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 465133004:
Remove DenyCertForHost from SSLHostStateDelegate API. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src