| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/ssl/chrome_ssl_host_state_delegate.h" | 5 #include "chrome/browser/ssl/chrome_ssl_host_state_delegate.h" |
| 6 | 6 |
| 7 #include <stdint.h> | 7 #include <stdint.h> |
| 8 | 8 |
| 9 #include "base/command_line.h" | 9 #include "base/command_line.h" |
| 10 #include "base/strings/string_number_conversions.h" | 10 #include "base/strings/string_number_conversions.h" |
| (...skipping 214 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 225 EXPECT_FALSE(state->DidHostRunInsecureContent("www.google.com", 191)); | 225 EXPECT_FALSE(state->DidHostRunInsecureContent("www.google.com", 191)); |
| 226 EXPECT_FALSE(state->DidHostRunInsecureContent("example.com", 42)); | 226 EXPECT_FALSE(state->DidHostRunInsecureContent("example.com", 42)); |
| 227 | 227 |
| 228 state->HostRanInsecureContent("example.com", 42); | 228 state->HostRanInsecureContent("example.com", 42); |
| 229 | 229 |
| 230 EXPECT_TRUE(state->DidHostRunInsecureContent("www.google.com", 42)); | 230 EXPECT_TRUE(state->DidHostRunInsecureContent("www.google.com", 42)); |
| 231 EXPECT_FALSE(state->DidHostRunInsecureContent("www.google.com", 191)); | 231 EXPECT_FALSE(state->DidHostRunInsecureContent("www.google.com", 191)); |
| 232 EXPECT_TRUE(state->DidHostRunInsecureContent("example.com", 42)); | 232 EXPECT_TRUE(state->DidHostRunInsecureContent("example.com", 42)); |
| 233 } | 233 } |
| 234 | 234 |
| 235 // QueryPolicyExpired unit tests to make sure that if a certificate decision has |
| 236 // expired, the return value from QueryPolicy returns the correct vaule. |
| 237 IN_PROC_BROWSER_TEST_F(ChromeSSLHostStateDelegateTest, PRE_QueryPolicyExpired) { |
| 238 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); |
| 239 content::WebContents* tab = |
| 240 browser()->tab_strip_model()->GetActiveWebContents(); |
| 241 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
| 242 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); |
| 243 bool expired_previous_decision; |
| 244 |
| 245 // The certificate has never been seen before, so it should be UNKNOWN and |
| 246 // should also indicate that it hasn't expired. |
| 247 EXPECT_EQ(content::SSLHostStateDelegate::DENIED, |
| 248 state->QueryPolicy(kWWWGoogleHost, |
| 249 *google_cert.get(), |
| 250 net::CERT_STATUS_DATE_INVALID, |
| 251 &expired_previous_decision)); |
| 252 EXPECT_FALSE(expired_previous_decision); |
| 253 |
| 254 // After allowing the certificate, a query should say that it is allowed and |
| 255 // also specify that it hasn't expired. |
| 256 state->AllowCert( |
| 257 kWWWGoogleHost, *google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
| 258 EXPECT_EQ(content::SSLHostStateDelegate::ALLOWED, |
| 259 state->QueryPolicy(kWWWGoogleHost, |
| 260 *google_cert.get(), |
| 261 net::CERT_STATUS_DATE_INVALID, |
| 262 &expired_previous_decision)); |
| 263 EXPECT_FALSE(expired_previous_decision); |
| 264 } |
| 265 |
| 266 // Since this is being checked on a browser instance that expires security |
| 267 // decisions after restart, the test needs to wait until after a restart to |
| 268 // verify that the expiration state is correct. |
| 269 IN_PROC_BROWSER_TEST_F(ChromeSSLHostStateDelegateTest, QueryPolicyExpired) { |
| 270 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); |
| 271 content::WebContents* tab = |
| 272 browser()->tab_strip_model()->GetActiveWebContents(); |
| 273 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
| 274 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); |
| 275 bool expired_previous_decision; |
| 276 |
| 277 // The browser content has restart thus expiring the user decision made above, |
| 278 // so it should indicate that the certificate and error are DENIED but also |
| 279 // that they expired since the last query. |
| 280 EXPECT_EQ(content::SSLHostStateDelegate::DENIED, |
| 281 state->QueryPolicy(kWWWGoogleHost, |
| 282 *google_cert.get(), |
| 283 net::CERT_STATUS_DATE_INVALID, |
| 284 &expired_previous_decision)); |
| 285 EXPECT_TRUE(expired_previous_decision); |
| 286 |
| 287 // However, with a new query, it should indicate that no new expiration has |
| 288 // occurred. |
| 289 EXPECT_EQ(content::SSLHostStateDelegate::DENIED, |
| 290 state->QueryPolicy(kWWWGoogleHost, |
| 291 *google_cert.get(), |
| 292 net::CERT_STATUS_DATE_INVALID, |
| 293 &expired_previous_decision)); |
| 294 EXPECT_FALSE(expired_previous_decision); |
| 295 } |
| 296 |
| 235 // Tests the basic behavior of cert memory in incognito. | 297 // Tests the basic behavior of cert memory in incognito. |
| 236 class IncognitoSSLHostStateDelegateTest | 298 class IncognitoSSLHostStateDelegateTest |
| 237 : public ChromeSSLHostStateDelegateTest { | 299 : public ChromeSSLHostStateDelegateTest { |
| 238 protected: | 300 protected: |
| 239 virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE { | 301 virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE { |
| 240 ChromeSSLHostStateDelegateTest::SetUpCommandLine(command_line); | 302 ChromeSSLHostStateDelegateTest::SetUpCommandLine(command_line); |
| 241 command_line->AppendSwitchASCII(switches::kRememberCertErrorDecisions, | 303 command_line->AppendSwitchASCII(switches::kRememberCertErrorDecisions, |
| 242 kDeltaSecondsString); | 304 kDeltaSecondsString); |
| 243 } | 305 } |
| 244 }; | 306 }; |
| (...skipping 211 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 456 clock->Advance(base::TimeDelta::FromSeconds(kDeltaOneDayInSeconds + 1)); | 518 clock->Advance(base::TimeDelta::FromSeconds(kDeltaOneDayInSeconds + 1)); |
| 457 | 519 |
| 458 // The cert should now be |DENIED| because the specified delta has passed. | 520 // The cert should now be |DENIED| because the specified delta has passed. |
| 459 EXPECT_EQ(content::SSLHostStateDelegate::DENIED, | 521 EXPECT_EQ(content::SSLHostStateDelegate::DENIED, |
| 460 state->QueryPolicy(kWWWGoogleHost, | 522 state->QueryPolicy(kWWWGoogleHost, |
| 461 *google_cert.get(), | 523 *google_cert.get(), |
| 462 net::CERT_STATUS_DATE_INVALID, | 524 net::CERT_STATUS_DATE_INVALID, |
| 463 &unused_value)); | 525 &unused_value)); |
| 464 } | 526 } |
| 465 | 527 |
| 466 // QueryPolicyExpired unit tests to make sure that if a certificate decision has | 528 // The same test as ChromeSSLHostStateDelegateTest.QueryPolicyExpired but now |
| 467 // expired, the return value from QueryPolicy returns the correct vaule. | 529 // applied to a browser context that expires based on time, not restart. This |
| 530 // unit tests to make sure that if a certificate decision has expired, the |
| 531 // return value from QueryPolicy returns the correct vaule. |
| 468 IN_PROC_BROWSER_TEST_F(RememberSSLHostStateDelegateTest, QueryPolicyExpired) { | 532 IN_PROC_BROWSER_TEST_F(RememberSSLHostStateDelegateTest, QueryPolicyExpired) { |
| 469 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); | 533 scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert(); |
| 470 content::WebContents* tab = | 534 content::WebContents* tab = |
| 471 browser()->tab_strip_model()->GetActiveWebContents(); | 535 browser()->tab_strip_model()->GetActiveWebContents(); |
| 472 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); | 536 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); |
| 473 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); | 537 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); |
| 474 bool expired_previous_decision; | 538 bool expired_previous_decision; |
| 475 | 539 |
| 476 // chrome_state takes ownership of this clock | 540 // chrome_state takes ownership of this clock |
| 477 base::SimpleTestClock* clock = new base::SimpleTestClock(); | 541 base::SimpleTestClock* clock = new base::SimpleTestClock(); |
| (...skipping 76 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 554 // worth of browsing history and verify that the exception has been deleted. | 618 // worth of browsing history and verify that the exception has been deleted. |
| 555 state->AllowCert( | 619 state->AllowCert( |
| 556 kGoogleHost, *google_cert.get(), net::CERT_STATUS_DATE_INVALID); | 620 kGoogleHost, *google_cert.get(), net::CERT_STATUS_DATE_INVALID); |
| 557 RemoveAndWait(profile); | 621 RemoveAndWait(profile); |
| 558 EXPECT_EQ(content::SSLHostStateDelegate::DENIED, | 622 EXPECT_EQ(content::SSLHostStateDelegate::DENIED, |
| 559 state->QueryPolicy(kGoogleHost, | 623 state->QueryPolicy(kGoogleHost, |
| 560 *google_cert.get(), | 624 *google_cert.get(), |
| 561 net::CERT_STATUS_DATE_INVALID, | 625 net::CERT_STATUS_DATE_INVALID, |
| 562 &unused_value)); | 626 &unused_value)); |
| 563 } | 627 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 610063002:
Fix UMA stat for expiration of certificate memory decisions (Closed)
Base URL: https://chromium.googlesource.com/chromium/src@master