Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(2620)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/ssl/chrome_ssl_host_state_delegate_test.cc

Issue 610063002: Fix UMA stat for expiration of certificate memory decisions (Closed) Base URL: https://chromium.googlesource.com/chromium/src@master
Patch Set: Updated comment Created 6 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« chrome/browser/ssl/chrome_ssl_host_state_delegate.h ('K') | « chrome/browser/ssl/chrome_ssl_host_state_delegate.cc ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/ssl/chrome_ssl_host_state_delegate_test.cc
diff --git a/chrome/browser/ssl/chrome_ssl_host_state_delegate_test.cc b/chrome/browser/ssl/chrome_ssl_host_state_delegate_test.cc
index 23c184f7ec1216181f3be3e2415b08d0a68d049e..d850c6b40ce5c5c95515e1147a09b0686fa0b6c6 100644
--- a/chrome/browser/ssl/chrome_ssl_host_state_delegate_test.cc
+++ b/chrome/browser/ssl/chrome_ssl_host_state_delegate_test.cc
@@ -232,6 +232,68 @@ IN_PROC_BROWSER_TEST_F(ChromeSSLHostStateDelegateTest,
EXPECT_TRUE(state->DidHostRunInsecureContent("example.com", 42));
}
+// QueryPolicyExpired unit tests to make sure that if a certificate decision has
+// expired, the return value from QueryPolicy returns the correct vaule.
+IN_PROC_BROWSER_TEST_F(ChromeSSLHostStateDelegateTest, PRE_QueryPolicyExpired) {
+ scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert();
+ content::WebContents* tab =
+ browser()->tab_strip_model()->GetActiveWebContents();
+ Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext());
+ content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate();
+ bool expired_previous_decision;
+
+ // The certificate has never been seen before, so it should be UNKONWN and
+ // should also indicate that it hasn't expired.
+ EXPECT_EQ(content::SSLHostStateDelegate::DENIED,
+ state->QueryPolicy(kWWWGoogleHost,
+ *google_cert.get(),
+ net::CERT_STATUS_DATE_INVALID,
+ &expired_previous_decision));
+ EXPECT_FALSE(expired_previous_decision);
+
+ // After allowing the certificate, a query should say that it is allowed and
+ // also specify that it hasn't expired.
+ state->AllowCert(
+ kWWWGoogleHost, *google_cert.get(), net::CERT_STATUS_DATE_INVALID);
+ EXPECT_EQ(content::SSLHostStateDelegate::ALLOWED,
+ state->QueryPolicy(kWWWGoogleHost,
+ *google_cert.get(),
+ net::CERT_STATUS_DATE_INVALID,
+ &expired_previous_decision));
+ EXPECT_FALSE(expired_previous_decision);
+}
+
+// Since this is being checked on a browser instance that forgets security
+// decisions after restart, we wait until after a restart to see if the decision
+// has expired.
+IN_PROC_BROWSER_TEST_F(ChromeSSLHostStateDelegateTest, QueryPolicyExpired) {
+ scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert();
+ content::WebContents* tab =
+ browser()->tab_strip_model()->GetActiveWebContents();
+ Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext());
+ content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate();
+ bool expired_previous_decision;
+
+ // The browser content has restart thus expiring the user decision made above,
+ // so it should indicate that the certificate and error are DENIED but also
+ // that they expired since the last query.
+ EXPECT_EQ(content::SSLHostStateDelegate::DENIED,
+ state->QueryPolicy(kWWWGoogleHost,
+ *google_cert.get(),
+ net::CERT_STATUS_DATE_INVALID,
+ &expired_previous_decision));
+ EXPECT_TRUE(expired_previous_decision);
+
+ // However, with a new query, it should indicate that no new expiration has
+ // occurred.
+ EXPECT_EQ(content::SSLHostStateDelegate::DENIED,
+ state->QueryPolicy(kWWWGoogleHost,
+ *google_cert.get(),
+ net::CERT_STATUS_DATE_INVALID,
+ &expired_previous_decision));
+ EXPECT_FALSE(expired_previous_decision);
+}
+
// Tests the basic behavior of cert memory in incognito.
class IncognitoSSLHostStateDelegateTest
: public ChromeSSLHostStateDelegateTest {
@@ -463,8 +525,10 @@ IN_PROC_BROWSER_TEST_F(RememberSSLHostStateDelegateTest, AfterRestart) {
&unused_value));
}
-// QueryPolicyExpired unit tests to make sure that if a certificate decision has
-// expired, the return value from QueryPolicy returns the correct vaule.
+// The same test as ChromeSSLHostStateDelegateTest.QueryPolicyExpired but now
+// applied to a browser context that expires based on time, not restart. This
+// unit tests to make sure that if a certificate decision has expired, the
+// return value from QueryPolicy returns the correct vaule.
IN_PROC_BROWSER_TEST_F(RememberSSLHostStateDelegateTest, QueryPolicyExpired) {
scoped_refptr<net::X509Certificate> google_cert = GetGoogleCert();
content::WebContents* tab =
« chrome/browser/ssl/chrome_ssl_host_state_delegate.h ('K') | « chrome/browser/ssl/chrome_ssl_host_state_delegate.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698