Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(9)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/browser/ssl/chrome_ssl_host_state_delegate_test.cc

Issue 913573003: Use *cert instead of *cert.get() in ChromeSSLHostStateDelegateTests (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: rebase Created 5 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/browser/ssl/chrome_ssl_host_state_delegate.h" 5 #include "chrome/browser/ssl/chrome_ssl_host_state_delegate.h"
6 6
7 #include <stdint.h> 7 #include <stdint.h>
8 8
9 #include "base/command_line.h" 9 #include "base/command_line.h"
10 #include "base/strings/string_number_conversions.h" 10 #include "base/strings/string_number_conversions.h"
(...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after
59 scoped_refptr<net::X509Certificate> cert = GetOkCert(); 59 scoped_refptr<net::X509Certificate> cert = GetOkCert();
60 content::WebContents* tab = 60 content::WebContents* tab =
61 browser()->tab_strip_model()->GetActiveWebContents(); 61 browser()->tab_strip_model()->GetActiveWebContents();
62 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); 62 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext());
63 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); 63 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate();
64 bool unused_value; 64 bool unused_value;
65 65
66 // Verifying that all three of the certs we will be looking at are denied 66 // Verifying that all three of the certs we will be looking at are denied
67 // before any action has been taken. 67 // before any action has been taken.
68 EXPECT_EQ(content::SSLHostStateDelegate::DENIED, 68 EXPECT_EQ(content::SSLHostStateDelegate::DENIED,
69 state->QueryPolicy(kWWWGoogleHost, 69 state->QueryPolicy(kWWWGoogleHost, *cert,
70 *cert.get(), 70 net::CERT_STATUS_DATE_INVALID, &unused_value));
71 net::CERT_STATUS_DATE_INVALID,
72 &unused_value));
73 EXPECT_EQ(content::SSLHostStateDelegate::DENIED, 71 EXPECT_EQ(content::SSLHostStateDelegate::DENIED,
74 state->QueryPolicy(kGoogleHost, 72 state->QueryPolicy(kGoogleHost, *cert,
75 *cert.get(), 73 net::CERT_STATUS_DATE_INVALID, &unused_value));
76 net::CERT_STATUS_DATE_INVALID,
77 &unused_value));
78 EXPECT_EQ(content::SSLHostStateDelegate::DENIED, 74 EXPECT_EQ(content::SSLHostStateDelegate::DENIED,
79 state->QueryPolicy(kExampleHost, 75 state->QueryPolicy(kExampleHost, *cert,
80 *cert.get(), 76 net::CERT_STATUS_DATE_INVALID, &unused_value));
81 net::CERT_STATUS_DATE_INVALID,
82 &unused_value));
83 77
84 // Simulate a user decision to allow an invalid certificate exception for 78 // Simulate a user decision to allow an invalid certificate exception for
85 // kWWWGoogleHost. 79 // kWWWGoogleHost.
86 state->AllowCert( 80 state->AllowCert(kWWWGoogleHost, *cert, net::CERT_STATUS_DATE_INVALID);
87 kWWWGoogleHost, *cert.get(), net::CERT_STATUS_DATE_INVALID);
88 81
89 // Verify that only kWWWGoogleHost is allowed and that the other two certs 82 // Verify that only kWWWGoogleHost is allowed and that the other two certs
90 // being tested still are denied. 83 // being tested still are denied.
91 EXPECT_EQ(content::SSLHostStateDelegate::ALLOWED, 84 EXPECT_EQ(content::SSLHostStateDelegate::ALLOWED,
92 state->QueryPolicy(kWWWGoogleHost, 85 state->QueryPolicy(kWWWGoogleHost, *cert,
93 *cert.get(), 86 net::CERT_STATUS_DATE_INVALID, &unused_value));
94 net::CERT_STATUS_DATE_INVALID,
95 &unused_value));
96 EXPECT_EQ(content::SSLHostStateDelegate::DENIED, 87 EXPECT_EQ(content::SSLHostStateDelegate::DENIED,
97 state->QueryPolicy(kGoogleHost, 88 state->QueryPolicy(kGoogleHost, *cert,
98 *cert.get(), 89 net::CERT_STATUS_DATE_INVALID, &unused_value));
99 net::CERT_STATUS_DATE_INVALID,
100 &unused_value));
101 EXPECT_EQ(content::SSLHostStateDelegate::DENIED, 90 EXPECT_EQ(content::SSLHostStateDelegate::DENIED,
102 state->QueryPolicy(kExampleHost, 91 state->QueryPolicy(kExampleHost, *cert,
103 *cert.get(), 92 net::CERT_STATUS_DATE_INVALID, &unused_value));
104 net::CERT_STATUS_DATE_INVALID,
105 &unused_value));
106 93
107 // Simulate a user decision to allow an invalid certificate exception for 94 // Simulate a user decision to allow an invalid certificate exception for
108 // kExampleHost. 95 // kExampleHost.
109 state->AllowCert( 96 state->AllowCert(kExampleHost, *cert, net::CERT_STATUS_DATE_INVALID);
110 kExampleHost, *cert.get(), net::CERT_STATUS_DATE_INVALID);
111 97
112 // Verify that both kWWWGoogleHost and kExampleHost have allow exceptions 98 // Verify that both kWWWGoogleHost and kExampleHost have allow exceptions
113 // while kGoogleHost still is denied. 99 // while kGoogleHost still is denied.
114 EXPECT_EQ(content::SSLHostStateDelegate::ALLOWED, 100 EXPECT_EQ(content::SSLHostStateDelegate::ALLOWED,
115 state->QueryPolicy(kWWWGoogleHost, 101 state->QueryPolicy(kWWWGoogleHost, *cert,
116 *cert.get(), 102 net::CERT_STATUS_DATE_INVALID, &unused_value));
117 net::CERT_STATUS_DATE_INVALID,
118 &unused_value));
119 EXPECT_EQ(content::SSLHostStateDelegate::DENIED, 103 EXPECT_EQ(content::SSLHostStateDelegate::DENIED,
120 state->QueryPolicy(kGoogleHost, 104 state->QueryPolicy(kGoogleHost, *cert,
121 *cert.get(), 105 net::CERT_STATUS_DATE_INVALID, &unused_value));
122 net::CERT_STATUS_DATE_INVALID,
123 &unused_value));
124 EXPECT_EQ(content::SSLHostStateDelegate::ALLOWED, 106 EXPECT_EQ(content::SSLHostStateDelegate::ALLOWED,
125 state->QueryPolicy(kExampleHost, 107 state->QueryPolicy(kExampleHost, *cert,
126 *cert.get(), 108 net::CERT_STATUS_DATE_INVALID, &unused_value));
127 net::CERT_STATUS_DATE_INVALID,
128 &unused_value));
129 } 109 }
130 110
131 // HasPolicyAndRevoke unit tests the expected behavior of calling 111 // HasPolicyAndRevoke unit tests the expected behavior of calling
132 // HasAllowException before and after calling RevokeUserAllowExceptions on the 112 // HasAllowException before and after calling RevokeUserAllowExceptions on the
133 // SSLHostStateDelegate class. 113 // SSLHostStateDelegate class.
134 IN_PROC_BROWSER_TEST_F(ChromeSSLHostStateDelegateTest, HasPolicyAndRevoke) { 114 IN_PROC_BROWSER_TEST_F(ChromeSSLHostStateDelegateTest, HasPolicyAndRevoke) {
135 scoped_refptr<net::X509Certificate> cert = GetOkCert(); 115 scoped_refptr<net::X509Certificate> cert = GetOkCert();
136 content::WebContents* tab = 116 content::WebContents* tab =
137 browser()->tab_strip_model()->GetActiveWebContents(); 117 browser()->tab_strip_model()->GetActiveWebContents();
138 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); 118 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext());
139 ChromeSSLHostStateDelegate* state = 119 ChromeSSLHostStateDelegate* state =
140 ChromeSSLHostStateDelegateFactory::GetForProfile(profile); 120 ChromeSSLHostStateDelegateFactory::GetForProfile(profile);
141 bool unused_value; 121 bool unused_value;
142 122
143 // Simulate a user decision to allow an invalid certificate exception for 123 // Simulate a user decision to allow an invalid certificate exception for
144 // kWWWGoogleHost and for kExampleHost. 124 // kWWWGoogleHost and for kExampleHost.
145 state->AllowCert( 125 state->AllowCert(kWWWGoogleHost, *cert, net::CERT_STATUS_DATE_INVALID);
146 kWWWGoogleHost, *cert.get(), net::CERT_STATUS_DATE_INVALID); 126 state->AllowCert(kExampleHost, *cert, net::CERT_STATUS_DATE_INVALID);
147 state->AllowCert(
148 kExampleHost, *cert.get(), net::CERT_STATUS_DATE_INVALID);
149 127
150 // Verify that HasAllowException correctly acknowledges that a user decision 128 // Verify that HasAllowException correctly acknowledges that a user decision
151 // has been made about kWWWGoogleHost. Then verify that HasAllowException 129 // has been made about kWWWGoogleHost. Then verify that HasAllowException
152 // correctly identifies that the decision has been revoked. 130 // correctly identifies that the decision has been revoked.
153 EXPECT_TRUE(state->HasAllowException(kWWWGoogleHost)); 131 EXPECT_TRUE(state->HasAllowException(kWWWGoogleHost));
154 state->RevokeUserAllowExceptions(kWWWGoogleHost); 132 state->RevokeUserAllowExceptions(kWWWGoogleHost);
155 EXPECT_FALSE(state->HasAllowException(kWWWGoogleHost)); 133 EXPECT_FALSE(state->HasAllowException(kWWWGoogleHost));
156 EXPECT_EQ(content::SSLHostStateDelegate::DENIED, 134 EXPECT_EQ(content::SSLHostStateDelegate::DENIED,
157 state->QueryPolicy(kWWWGoogleHost, 135 state->QueryPolicy(kWWWGoogleHost, *cert,
158 *cert.get(), 136 net::CERT_STATUS_DATE_INVALID, &unused_value));
159 net::CERT_STATUS_DATE_INVALID,
160 &unused_value));
161 137
162 // Verify that the revocation of the kWWWGoogleHost decision does not affect 138 // Verify that the revocation of the kWWWGoogleHost decision does not affect
163 // the Allow for kExampleHost. 139 // the Allow for kExampleHost.
164 EXPECT_TRUE(state->HasAllowException(kExampleHost)); 140 EXPECT_TRUE(state->HasAllowException(kExampleHost));
165 141
166 // Verify the revocation of the kWWWGoogleHost decision does not affect the 142 // Verify the revocation of the kWWWGoogleHost decision does not affect the
167 // non-decision for kGoogleHost. Then verify that a revocation of a URL with 143 // non-decision for kGoogleHost. Then verify that a revocation of a URL with
168 // no decision has no effect. 144 // no decision has no effect.
169 EXPECT_FALSE(state->HasAllowException(kGoogleHost)); 145 EXPECT_FALSE(state->HasAllowException(kGoogleHost));
170 state->RevokeUserAllowExceptions(kGoogleHost); 146 state->RevokeUserAllowExceptions(kGoogleHost);
171 EXPECT_FALSE(state->HasAllowException(kGoogleHost)); 147 EXPECT_FALSE(state->HasAllowException(kGoogleHost));
172 } 148 }
173 149
174 // Clear unit tests the expected behavior of calling Clear to forget all cert 150 // Clear unit tests the expected behavior of calling Clear to forget all cert
175 // decision state on the SSLHostStateDelegate class. 151 // decision state on the SSLHostStateDelegate class.
176 IN_PROC_BROWSER_TEST_F(ChromeSSLHostStateDelegateTest, Clear) { 152 IN_PROC_BROWSER_TEST_F(ChromeSSLHostStateDelegateTest, Clear) {
177 scoped_refptr<net::X509Certificate> cert = GetOkCert(); 153 scoped_refptr<net::X509Certificate> cert = GetOkCert();
178 content::WebContents* tab = 154 content::WebContents* tab =
179 browser()->tab_strip_model()->GetActiveWebContents(); 155 browser()->tab_strip_model()->GetActiveWebContents();
180 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); 156 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext());
181 ChromeSSLHostStateDelegate* state = 157 ChromeSSLHostStateDelegate* state =
182 ChromeSSLHostStateDelegateFactory::GetForProfile(profile); 158 ChromeSSLHostStateDelegateFactory::GetForProfile(profile);
183 bool unused_value; 159 bool unused_value;
184 160
185 // Simulate a user decision to allow an invalid certificate exception for 161 // Simulate a user decision to allow an invalid certificate exception for
186 // kWWWGoogleHost and for kExampleHost. 162 // kWWWGoogleHost and for kExampleHost.
187 state->AllowCert( 163 state->AllowCert(kWWWGoogleHost, *cert, net::CERT_STATUS_DATE_INVALID);
188 kWWWGoogleHost, *cert.get(), net::CERT_STATUS_DATE_INVALID);
189 164
190 // Do a full clear, then make sure that both kWWWGoogleHost, which had a 165 // Do a full clear, then make sure that both kWWWGoogleHost, which had a
191 // decision made, and kExampleHost, which was untouched, are now in a denied 166 // decision made, and kExampleHost, which was untouched, are now in a denied
192 // state. 167 // state.
193 state->Clear(); 168 state->Clear();
194 EXPECT_FALSE(state->HasAllowException(kWWWGoogleHost)); 169 EXPECT_FALSE(state->HasAllowException(kWWWGoogleHost));
195 EXPECT_EQ(content::SSLHostStateDelegate::DENIED, 170 EXPECT_EQ(content::SSLHostStateDelegate::DENIED,
196 state->QueryPolicy(kWWWGoogleHost, 171 state->QueryPolicy(kWWWGoogleHost, *cert,
197 *cert.get(), 172 net::CERT_STATUS_DATE_INVALID, &unused_value));
198 net::CERT_STATUS_DATE_INVALID,
199 &unused_value));
200 EXPECT_FALSE(state->HasAllowException(kExampleHost)); 173 EXPECT_FALSE(state->HasAllowException(kExampleHost));
201 EXPECT_EQ(content::SSLHostStateDelegate::DENIED, 174 EXPECT_EQ(content::SSLHostStateDelegate::DENIED,
202 state->QueryPolicy(kExampleHost, 175 state->QueryPolicy(kExampleHost, *cert,
203 *cert.get(), 176 net::CERT_STATUS_DATE_INVALID, &unused_value));
204 net::CERT_STATUS_DATE_INVALID,
205 &unused_value));
206 } 177 }
207 178
208 // DidHostRunInsecureContent unit tests the expected behavior of calling 179 // DidHostRunInsecureContent unit tests the expected behavior of calling
209 // DidHostRunInsecureContent as well as HostRanInsecureContent to check if 180 // DidHostRunInsecureContent as well as HostRanInsecureContent to check if
210 // insecure content has been run and to mark it as such. 181 // insecure content has been run and to mark it as such.
211 IN_PROC_BROWSER_TEST_F(ChromeSSLHostStateDelegateTest, 182 IN_PROC_BROWSER_TEST_F(ChromeSSLHostStateDelegateTest,
212 DidHostRunInsecureContent) { 183 DidHostRunInsecureContent) {
213 content::WebContents* tab = 184 content::WebContents* tab =
214 browser()->tab_strip_model()->GetActiveWebContents(); 185 browser()->tab_strip_model()->GetActiveWebContents();
215 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); 186 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext());
(...skipping 21 matching lines...) Expand all
237 IN_PROC_BROWSER_TEST_F(ChromeSSLHostStateDelegateTest, PRE_QueryPolicyExpired) { 208 IN_PROC_BROWSER_TEST_F(ChromeSSLHostStateDelegateTest, PRE_QueryPolicyExpired) {
238 scoped_refptr<net::X509Certificate> cert = GetOkCert(); 209 scoped_refptr<net::X509Certificate> cert = GetOkCert();
239 content::WebContents* tab = 210 content::WebContents* tab =
240 browser()->tab_strip_model()->GetActiveWebContents(); 211 browser()->tab_strip_model()->GetActiveWebContents();
241 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); 212 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext());
242 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); 213 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate();
243 bool expired_previous_decision; 214 bool expired_previous_decision;
244 215
245 // The certificate has never been seen before, so it should be UNKNOWN and 216 // The certificate has never been seen before, so it should be UNKNOWN and
246 // should also indicate that it hasn't expired. 217 // should also indicate that it hasn't expired.
247 EXPECT_EQ(content::SSLHostStateDelegate::DENIED, 218 EXPECT_EQ(
248 state->QueryPolicy(kWWWGoogleHost, 219 content::SSLHostStateDelegate::DENIED,
249 *cert.get(), 220 state->QueryPolicy(kWWWGoogleHost, *cert, net::CERT_STATUS_DATE_INVALID,
250 net::CERT_STATUS_DATE_INVALID, 221 &expired_previous_decision));
251 &expired_previous_decision));
252 EXPECT_FALSE(expired_previous_decision); 222 EXPECT_FALSE(expired_previous_decision);
253 223
254 // After allowing the certificate, a query should say that it is allowed and 224 // After allowing the certificate, a query should say that it is allowed and
255 // also specify that it hasn't expired. 225 // also specify that it hasn't expired.
256 state->AllowCert( 226 state->AllowCert(kWWWGoogleHost, *cert, net::CERT_STATUS_DATE_INVALID);
257 kWWWGoogleHost, *cert.get(), net::CERT_STATUS_DATE_INVALID); 227 EXPECT_EQ(
258 EXPECT_EQ(content::SSLHostStateDelegate::ALLOWED, 228 content::SSLHostStateDelegate::ALLOWED,
259 state->QueryPolicy(kWWWGoogleHost, 229 state->QueryPolicy(kWWWGoogleHost, *cert, net::CERT_STATUS_DATE_INVALID,
260 *cert.get(), 230 &expired_previous_decision));
261 net::CERT_STATUS_DATE_INVALID,
262 &expired_previous_decision));
263 EXPECT_FALSE(expired_previous_decision); 231 EXPECT_FALSE(expired_previous_decision);
264 } 232 }
265 233
266 // Since this is being checked on a browser instance that expires security 234 // Since this is being checked on a browser instance that expires security
267 // decisions after restart, the test needs to wait until after a restart to 235 // decisions after restart, the test needs to wait until after a restart to
268 // verify that the expiration state is correct. 236 // verify that the expiration state is correct.
269 IN_PROC_BROWSER_TEST_F(ChromeSSLHostStateDelegateTest, QueryPolicyExpired) { 237 IN_PROC_BROWSER_TEST_F(ChromeSSLHostStateDelegateTest, QueryPolicyExpired) {
270 scoped_refptr<net::X509Certificate> cert = GetOkCert(); 238 scoped_refptr<net::X509Certificate> cert = GetOkCert();
271 content::WebContents* tab = 239 content::WebContents* tab =
272 browser()->tab_strip_model()->GetActiveWebContents(); 240 browser()->tab_strip_model()->GetActiveWebContents();
273 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); 241 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext());
274 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); 242 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate();
275 bool expired_previous_decision; 243 bool expired_previous_decision;
276 244
277 // The browser content has restart thus expiring the user decision made above, 245 // The browser content has restart thus expiring the user decision made above,
278 // so it should indicate that the certificate and error are DENIED but also 246 // so it should indicate that the certificate and error are DENIED but also
279 // that they expired since the last query. 247 // that they expired since the last query.
280 EXPECT_EQ(content::SSLHostStateDelegate::DENIED, 248 EXPECT_EQ(
281 state->QueryPolicy(kWWWGoogleHost, 249 content::SSLHostStateDelegate::DENIED,
282 *cert.get(), 250 state->QueryPolicy(kWWWGoogleHost, *cert, net::CERT_STATUS_DATE_INVALID,
283 net::CERT_STATUS_DATE_INVALID, 251 &expired_previous_decision));
284 &expired_previous_decision));
285 EXPECT_TRUE(expired_previous_decision); 252 EXPECT_TRUE(expired_previous_decision);
286 253
287 // However, with a new query, it should indicate that no new expiration has 254 // However, with a new query, it should indicate that no new expiration has
288 // occurred. 255 // occurred.
289 EXPECT_EQ(content::SSLHostStateDelegate::DENIED, 256 EXPECT_EQ(
290 state->QueryPolicy(kWWWGoogleHost, 257 content::SSLHostStateDelegate::DENIED,
291 *cert.get(), 258 state->QueryPolicy(kWWWGoogleHost, *cert, net::CERT_STATUS_DATE_INVALID,
292 net::CERT_STATUS_DATE_INVALID, 259 &expired_previous_decision));
293 &expired_previous_decision));
294 EXPECT_FALSE(expired_previous_decision); 260 EXPECT_FALSE(expired_previous_decision);
295 } 261 }
296 262
297 // Tests the basic behavior of cert memory in incognito. 263 // Tests the basic behavior of cert memory in incognito.
298 class IncognitoSSLHostStateDelegateTest 264 class IncognitoSSLHostStateDelegateTest
299 : public ChromeSSLHostStateDelegateTest { 265 : public ChromeSSLHostStateDelegateTest {
300 protected: 266 protected:
301 void SetUpCommandLine(base::CommandLine* command_line) override { 267 void SetUpCommandLine(base::CommandLine* command_line) override {
302 ChromeSSLHostStateDelegateTest::SetUpCommandLine(command_line); 268 ChromeSSLHostStateDelegateTest::SetUpCommandLine(command_line);
303 command_line->AppendSwitchASCII(switches::kRememberCertErrorDecisions, 269 command_line->AppendSwitchASCII(switches::kRememberCertErrorDecisions,
304 kDeltaSecondsString); 270 kDeltaSecondsString);
305 } 271 }
306 }; 272 };
307 273
308 IN_PROC_BROWSER_TEST_F(IncognitoSSLHostStateDelegateTest, PRE_AfterRestart) { 274 IN_PROC_BROWSER_TEST_F(IncognitoSSLHostStateDelegateTest, PRE_AfterRestart) {
309 scoped_refptr<net::X509Certificate> cert = GetOkCert(); 275 scoped_refptr<net::X509Certificate> cert = GetOkCert();
310 content::WebContents* tab = 276 content::WebContents* tab =
311 browser()->tab_strip_model()->GetActiveWebContents(); 277 browser()->tab_strip_model()->GetActiveWebContents();
312 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); 278 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext());
313 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); 279 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate();
314 bool unused_value; 280 bool unused_value;
315 281
316 // Add a cert exception to the profile and then verify that it still exists 282 // Add a cert exception to the profile and then verify that it still exists
317 // in the incognito profile. 283 // in the incognito profile.
318 state->AllowCert( 284 state->AllowCert(kWWWGoogleHost, *cert, net::CERT_STATUS_DATE_INVALID);
319 kWWWGoogleHost, *cert.get(), net::CERT_STATUS_DATE_INVALID);
320 285
321 scoped_ptr<Profile> incognito(profile->CreateOffTheRecordProfile()); 286 scoped_ptr<Profile> incognito(profile->CreateOffTheRecordProfile());
322 content::SSLHostStateDelegate* incognito_state = 287 content::SSLHostStateDelegate* incognito_state =
323 incognito->GetSSLHostStateDelegate(); 288 incognito->GetSSLHostStateDelegate();
324 289
325 EXPECT_EQ(content::SSLHostStateDelegate::ALLOWED, 290 EXPECT_EQ(
326 incognito_state->QueryPolicy(kWWWGoogleHost, 291 content::SSLHostStateDelegate::ALLOWED,
327 *cert.get(), 292 incognito_state->QueryPolicy(
328 net::CERT_STATUS_DATE_INVALID, 293 kWWWGoogleHost, *cert, net::CERT_STATUS_DATE_INVALID, &unused_value));
329 &unused_value));
330 294
331 // Add a cert exception to the incognito profile. It will be checked after 295 // Add a cert exception to the incognito profile. It will be checked after
332 // restart that this exception does not exist. Note the different cert URL and 296 // restart that this exception does not exist. Note the different cert URL and
333 // error than above thus mapping to a second exception. Also validate that it 297 // error than above thus mapping to a second exception. Also validate that it
334 // was not added as an exception to the regular profile. 298 // was not added as an exception to the regular profile.
335 incognito_state->AllowCert( 299 incognito_state->AllowCert(kGoogleHost, *cert,
336 kGoogleHost, *cert.get(), net::CERT_STATUS_COMMON_NAME_INVALID); 300 net::CERT_STATUS_COMMON_NAME_INVALID);
337 301
338 EXPECT_EQ(content::SSLHostStateDelegate::DENIED, 302 EXPECT_EQ(
339 state->QueryPolicy(kGoogleHost, 303 content::SSLHostStateDelegate::DENIED,
340 *cert.get(), 304 state->QueryPolicy(kGoogleHost, *cert,
341 net::CERT_STATUS_COMMON_NAME_INVALID, 305 net::CERT_STATUS_COMMON_NAME_INVALID, &unused_value));
342 &unused_value));
343 } 306 }
344 307
345 // AfterRestart ensures that any cert decisions made in an incognito profile are 308 // AfterRestart ensures that any cert decisions made in an incognito profile are
346 // forgetten after a session restart even if given a command line flag to 309 // forgetten after a session restart even if given a command line flag to
347 // remember cert decisions after restart. 310 // remember cert decisions after restart.
348 IN_PROC_BROWSER_TEST_F(IncognitoSSLHostStateDelegateTest, AfterRestart) { 311 IN_PROC_BROWSER_TEST_F(IncognitoSSLHostStateDelegateTest, AfterRestart) {
349 scoped_refptr<net::X509Certificate> cert = GetOkCert(); 312 scoped_refptr<net::X509Certificate> cert = GetOkCert();
350 content::WebContents* tab = 313 content::WebContents* tab =
351 browser()->tab_strip_model()->GetActiveWebContents(); 314 browser()->tab_strip_model()->GetActiveWebContents();
352 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); 315 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext());
353 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); 316 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate();
354 bool unused_value; 317 bool unused_value;
355 318
356 // Verify that the exception added before restart to the regular 319 // Verify that the exception added before restart to the regular
357 // (non-incognito) profile still exists and was not cleared after the 320 // (non-incognito) profile still exists and was not cleared after the
358 // incognito session ended. 321 // incognito session ended.
359 EXPECT_EQ(content::SSLHostStateDelegate::ALLOWED, 322 EXPECT_EQ(content::SSLHostStateDelegate::ALLOWED,
360 state->QueryPolicy(kWWWGoogleHost, 323 state->QueryPolicy(kWWWGoogleHost, *cert,
361 *cert.get(), 324 net::CERT_STATUS_DATE_INVALID, &unused_value));
362 net::CERT_STATUS_DATE_INVALID,
363 &unused_value));
364 325
365 scoped_ptr<Profile> incognito(profile->CreateOffTheRecordProfile()); 326 scoped_ptr<Profile> incognito(profile->CreateOffTheRecordProfile());
366 content::SSLHostStateDelegate* incognito_state = 327 content::SSLHostStateDelegate* incognito_state =
367 incognito->GetSSLHostStateDelegate(); 328 incognito->GetSSLHostStateDelegate();
368 329
369 // Verify that the exception added before restart to the incognito profile was 330 // Verify that the exception added before restart to the incognito profile was
370 // cleared when the incognito session ended. 331 // cleared when the incognito session ended.
371 EXPECT_EQ(content::SSLHostStateDelegate::DENIED, 332 EXPECT_EQ(content::SSLHostStateDelegate::DENIED,
372 incognito_state->QueryPolicy(kGoogleHost, 333 incognito_state->QueryPolicy(kGoogleHost, *cert,
373 *cert.get(),
374 net::CERT_STATUS_COMMON_NAME_INVALID, 334 net::CERT_STATUS_COMMON_NAME_INVALID,
375 &unused_value)); 335 &unused_value));
376 } 336 }
377 337
378 // Tests to make sure that if the remember value is set to -1, any decisions 338 // Tests to make sure that if the remember value is set to -1, any decisions
379 // won't be remembered over a restart. 339 // won't be remembered over a restart.
380 class ForGetSSLHostStateDelegateTest : public ChromeSSLHostStateDelegateTest { 340 class ForGetSSLHostStateDelegateTest : public ChromeSSLHostStateDelegateTest {
381 protected: 341 protected:
382 void SetUpCommandLine(base::CommandLine* command_line) override { 342 void SetUpCommandLine(base::CommandLine* command_line) override {
383 ChromeSSLHostStateDelegateTest::SetUpCommandLine(command_line); 343 ChromeSSLHostStateDelegateTest::SetUpCommandLine(command_line);
384 command_line->AppendSwitchASCII(switches::kRememberCertErrorDecisions, 344 command_line->AppendSwitchASCII(switches::kRememberCertErrorDecisions,
385 kForgetAtSessionEnd); 345 kForgetAtSessionEnd);
386 } 346 }
387 }; 347 };
388 348
389 IN_PROC_BROWSER_TEST_F(ForGetSSLHostStateDelegateTest, PRE_AfterRestart) { 349 IN_PROC_BROWSER_TEST_F(ForGetSSLHostStateDelegateTest, PRE_AfterRestart) {
390 scoped_refptr<net::X509Certificate> cert = GetOkCert(); 350 scoped_refptr<net::X509Certificate> cert = GetOkCert();
391 content::WebContents* tab = 351 content::WebContents* tab =
392 browser()->tab_strip_model()->GetActiveWebContents(); 352 browser()->tab_strip_model()->GetActiveWebContents();
393 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); 353 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext());
394 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); 354 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate();
395 bool unused_value; 355 bool unused_value;
396 356
397 state->AllowCert( 357 state->AllowCert(kWWWGoogleHost, *cert, net::CERT_STATUS_DATE_INVALID);
398 kWWWGoogleHost, *cert.get(), net::CERT_STATUS_DATE_INVALID);
399 EXPECT_EQ(content::SSLHostStateDelegate::ALLOWED, 358 EXPECT_EQ(content::SSLHostStateDelegate::ALLOWED,
400 state->QueryPolicy(kWWWGoogleHost, 359 state->QueryPolicy(kWWWGoogleHost, *cert,
401 *cert.get(), 360 net::CERT_STATUS_DATE_INVALID, &unused_value));
402 net::CERT_STATUS_DATE_INVALID,
403 &unused_value));
404 } 361 }
405 362
406 IN_PROC_BROWSER_TEST_F(ForGetSSLHostStateDelegateTest, AfterRestart) { 363 IN_PROC_BROWSER_TEST_F(ForGetSSLHostStateDelegateTest, AfterRestart) {
407 scoped_refptr<net::X509Certificate> cert = GetOkCert(); 364 scoped_refptr<net::X509Certificate> cert = GetOkCert();
408 content::WebContents* tab = 365 content::WebContents* tab =
409 browser()->tab_strip_model()->GetActiveWebContents(); 366 browser()->tab_strip_model()->GetActiveWebContents();
410 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); 367 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext());
411 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); 368 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate();
412 bool unused_value; 369 bool unused_value;
413 370
414 // The cert should now be |DENIED| because the profile is set to forget cert 371 // The cert should now be |DENIED| because the profile is set to forget cert
415 // exceptions after session end. 372 // exceptions after session end.
416 EXPECT_EQ(content::SSLHostStateDelegate::DENIED, 373 EXPECT_EQ(content::SSLHostStateDelegate::DENIED,
417 state->QueryPolicy(kWWWGoogleHost, 374 state->QueryPolicy(kWWWGoogleHost, *cert,
418 *cert.get(), 375 net::CERT_STATUS_DATE_INVALID, &unused_value));
419 net::CERT_STATUS_DATE_INVALID,
420 &unused_value));
421 } 376 }
422 377
423 // Tests to make sure that if the remember value is set to 0, any decisions made 378 // Tests to make sure that if the remember value is set to 0, any decisions made
424 // will be forgetten immediately. 379 // will be forgetten immediately.
425 class ForgetInstantlySSLHostStateDelegateTest 380 class ForgetInstantlySSLHostStateDelegateTest
426 : public ChromeSSLHostStateDelegateTest { 381 : public ChromeSSLHostStateDelegateTest {
427 protected: 382 protected:
428 void SetUpCommandLine(base::CommandLine* command_line) override { 383 void SetUpCommandLine(base::CommandLine* command_line) override {
429 ChromeSSLHostStateDelegateTest::SetUpCommandLine(command_line); 384 ChromeSSLHostStateDelegateTest::SetUpCommandLine(command_line);
430 command_line->AppendSwitchASCII(switches::kRememberCertErrorDecisions, 385 command_line->AppendSwitchASCII(switches::kRememberCertErrorDecisions,
(...skipping 13 matching lines...) Expand all
444 // chrome_state takes ownership of this clock 399 // chrome_state takes ownership of this clock
445 base::SimpleTestClock* clock = new base::SimpleTestClock(); 400 base::SimpleTestClock* clock = new base::SimpleTestClock();
446 ChromeSSLHostStateDelegate* chrome_state = 401 ChromeSSLHostStateDelegate* chrome_state =
447 static_cast<ChromeSSLHostStateDelegate*>(state); 402 static_cast<ChromeSSLHostStateDelegate*>(state);
448 chrome_state->SetClock(scoped_ptr<base::Clock>(clock)); 403 chrome_state->SetClock(scoped_ptr<base::Clock>(clock));
449 404
450 // Start the clock at standard system time but do not advance at all to 405 // Start the clock at standard system time but do not advance at all to
451 // emphasize that instant forget works. 406 // emphasize that instant forget works.
452 clock->SetNow(base::Time::NowFromSystemTime()); 407 clock->SetNow(base::Time::NowFromSystemTime());
453 408
454 state->AllowCert( 409 state->AllowCert(kWWWGoogleHost, *cert, net::CERT_STATUS_DATE_INVALID);
455 kWWWGoogleHost, *cert.get(), net::CERT_STATUS_DATE_INVALID);
456 EXPECT_EQ(content::SSLHostStateDelegate::DENIED, 410 EXPECT_EQ(content::SSLHostStateDelegate::DENIED,
457 state->QueryPolicy(kWWWGoogleHost, 411 state->QueryPolicy(kWWWGoogleHost, *cert,
458 *cert.get(), 412 net::CERT_STATUS_DATE_INVALID, &unused_value));
459 net::CERT_STATUS_DATE_INVALID,
460 &unused_value));
461 } 413 }
462 414
463 // Tests to make sure that if the remember value is set to a non-zero value, 415 // Tests to make sure that if the remember value is set to a non-zero value,
464 // any decisions will be remembered over a restart, but only for the length 416 // any decisions will be remembered over a restart, but only for the length
465 // specified. 417 // specified.
466 class RememberSSLHostStateDelegateTest : public ChromeSSLHostStateDelegateTest { 418 class RememberSSLHostStateDelegateTest : public ChromeSSLHostStateDelegateTest {
467 protected: 419 protected:
468 void SetUpCommandLine(base::CommandLine* command_line) override { 420 void SetUpCommandLine(base::CommandLine* command_line) override {
469 ChromeSSLHostStateDelegateTest::SetUpCommandLine(command_line); 421 ChromeSSLHostStateDelegateTest::SetUpCommandLine(command_line);
470 command_line->AppendSwitchASCII(switches::kRememberCertErrorDecisions, 422 command_line->AppendSwitchASCII(switches::kRememberCertErrorDecisions,
471 kDeltaSecondsString); 423 kDeltaSecondsString);
472 } 424 }
473 }; 425 };
474 426
475 IN_PROC_BROWSER_TEST_F(RememberSSLHostStateDelegateTest, PRE_AfterRestart) { 427 IN_PROC_BROWSER_TEST_F(RememberSSLHostStateDelegateTest, PRE_AfterRestart) {
476 scoped_refptr<net::X509Certificate> cert = GetOkCert(); 428 scoped_refptr<net::X509Certificate> cert = GetOkCert();
477 content::WebContents* tab = 429 content::WebContents* tab =
478 browser()->tab_strip_model()->GetActiveWebContents(); 430 browser()->tab_strip_model()->GetActiveWebContents();
479 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); 431 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext());
480 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); 432 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate();
481 bool unused_value; 433 bool unused_value;
482 434
483 state->AllowCert( 435 state->AllowCert(kWWWGoogleHost, *cert, net::CERT_STATUS_DATE_INVALID);
484 kWWWGoogleHost, *cert.get(), net::CERT_STATUS_DATE_INVALID);
485 EXPECT_EQ(content::SSLHostStateDelegate::ALLOWED, 436 EXPECT_EQ(content::SSLHostStateDelegate::ALLOWED,
486 state->QueryPolicy(kWWWGoogleHost, 437 state->QueryPolicy(kWWWGoogleHost, *cert,
487 *cert.get(), 438 net::CERT_STATUS_DATE_INVALID, &unused_value));
488 net::CERT_STATUS_DATE_INVALID,
489 &unused_value));
490 } 439 }
491 440
492 IN_PROC_BROWSER_TEST_F(RememberSSLHostStateDelegateTest, AfterRestart) { 441 IN_PROC_BROWSER_TEST_F(RememberSSLHostStateDelegateTest, AfterRestart) {
493 scoped_refptr<net::X509Certificate> cert = GetOkCert(); 442 scoped_refptr<net::X509Certificate> cert = GetOkCert();
494 content::WebContents* tab = 443 content::WebContents* tab =
495 browser()->tab_strip_model()->GetActiveWebContents(); 444 browser()->tab_strip_model()->GetActiveWebContents();
496 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); 445 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext());
497 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); 446 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate();
498 bool unused_value; 447 bool unused_value;
499 448
500 // chrome_state takes ownership of this clock 449 // chrome_state takes ownership of this clock
501 base::SimpleTestClock* clock = new base::SimpleTestClock(); 450 base::SimpleTestClock* clock = new base::SimpleTestClock();
502 ChromeSSLHostStateDelegate* chrome_state = 451 ChromeSSLHostStateDelegate* chrome_state =
503 static_cast<ChromeSSLHostStateDelegate*>(state); 452 static_cast<ChromeSSLHostStateDelegate*>(state);
504 chrome_state->SetClock(scoped_ptr<base::Clock>(clock)); 453 chrome_state->SetClock(scoped_ptr<base::Clock>(clock));
505 454
506 // Start the clock at standard system time. 455 // Start the clock at standard system time.
507 clock->SetNow(base::Time::NowFromSystemTime()); 456 clock->SetNow(base::Time::NowFromSystemTime());
508 457
509 // This should only pass if the cert was allowed before the test was restart 458 // This should only pass if the cert was allowed before the test was restart
510 // and thus has now been rememebered across browser restarts. 459 // and thus has now been rememebered across browser restarts.
511 EXPECT_EQ(content::SSLHostStateDelegate::ALLOWED, 460 EXPECT_EQ(content::SSLHostStateDelegate::ALLOWED,
512 state->QueryPolicy(kWWWGoogleHost, 461 state->QueryPolicy(kWWWGoogleHost, *cert,
513 *cert.get(), 462 net::CERT_STATUS_DATE_INVALID, &unused_value));
514 net::CERT_STATUS_DATE_INVALID,
515 &unused_value));
516 463
517 // Simulate the clock advancing by the specified delta. 464 // Simulate the clock advancing by the specified delta.
518 clock->Advance(base::TimeDelta::FromSeconds(kDeltaOneDayInSeconds + 1)); 465 clock->Advance(base::TimeDelta::FromSeconds(kDeltaOneDayInSeconds + 1));
519 466
520 // The cert should now be |DENIED| because the specified delta has passed. 467 // The cert should now be |DENIED| because the specified delta has passed.
521 EXPECT_EQ(content::SSLHostStateDelegate::DENIED, 468 EXPECT_EQ(content::SSLHostStateDelegate::DENIED,
522 state->QueryPolicy(kWWWGoogleHost, 469 state->QueryPolicy(kWWWGoogleHost, *cert,
523 *cert.get(), 470 net::CERT_STATUS_DATE_INVALID, &unused_value));
524 net::CERT_STATUS_DATE_INVALID,
525 &unused_value));
526 } 471 }
527 472
528 // The same test as ChromeSSLHostStateDelegateTest.QueryPolicyExpired but now 473 // The same test as ChromeSSLHostStateDelegateTest.QueryPolicyExpired but now
529 // applied to a browser context that expires based on time, not restart. This 474 // applied to a browser context that expires based on time, not restart. This
530 // unit tests to make sure that if a certificate decision has expired, the 475 // unit tests to make sure that if a certificate decision has expired, the
531 // return value from QueryPolicy returns the correct vaule. 476 // return value from QueryPolicy returns the correct vaule.
532 IN_PROC_BROWSER_TEST_F(RememberSSLHostStateDelegateTest, QueryPolicyExpired) { 477 IN_PROC_BROWSER_TEST_F(RememberSSLHostStateDelegateTest, QueryPolicyExpired) {
533 scoped_refptr<net::X509Certificate> cert = GetOkCert(); 478 scoped_refptr<net::X509Certificate> cert = GetOkCert();
534 content::WebContents* tab = 479 content::WebContents* tab =
535 browser()->tab_strip_model()->GetActiveWebContents(); 480 browser()->tab_strip_model()->GetActiveWebContents();
536 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); 481 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext());
537 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); 482 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate();
538 bool expired_previous_decision; 483 bool expired_previous_decision;
539 484
540 // chrome_state takes ownership of this clock 485 // chrome_state takes ownership of this clock
541 base::SimpleTestClock* clock = new base::SimpleTestClock(); 486 base::SimpleTestClock* clock = new base::SimpleTestClock();
542 ChromeSSLHostStateDelegate* chrome_state = 487 ChromeSSLHostStateDelegate* chrome_state =
543 static_cast<ChromeSSLHostStateDelegate*>(state); 488 static_cast<ChromeSSLHostStateDelegate*>(state);
544 chrome_state->SetClock(scoped_ptr<base::Clock>(clock)); 489 chrome_state->SetClock(scoped_ptr<base::Clock>(clock));
545 490
546 // Start the clock at standard system time but do not advance at all to 491 // Start the clock at standard system time but do not advance at all to
547 // emphasize that instant forget works. 492 // emphasize that instant forget works.
548 clock->SetNow(base::Time::NowFromSystemTime()); 493 clock->SetNow(base::Time::NowFromSystemTime());
549 494
550 // The certificate has never been seen before, so it should be UNKONWN and 495 // The certificate has never been seen before, so it should be UNKONWN and
551 // should also indicate that it hasn't expired. 496 // should also indicate that it hasn't expired.
552 EXPECT_EQ(content::SSLHostStateDelegate::DENIED, 497 EXPECT_EQ(
553 state->QueryPolicy(kWWWGoogleHost, 498 content::SSLHostStateDelegate::DENIED,
554 *cert.get(), 499 state->QueryPolicy(kWWWGoogleHost, *cert, net::CERT_STATUS_DATE_INVALID,
555 net::CERT_STATUS_DATE_INVALID, 500 &expired_previous_decision));
556 &expired_previous_decision));
557 EXPECT_FALSE(expired_previous_decision); 501 EXPECT_FALSE(expired_previous_decision);
558 502
559 // After allowing the certificate, a query should say that it is allowed and 503 // After allowing the certificate, a query should say that it is allowed and
560 // also specify that it hasn't expired. 504 // also specify that it hasn't expired.
561 state->AllowCert( 505 state->AllowCert(kWWWGoogleHost, *cert, net::CERT_STATUS_DATE_INVALID);
562 kWWWGoogleHost, *cert.get(), net::CERT_STATUS_DATE_INVALID); 506 EXPECT_EQ(
563 EXPECT_EQ(content::SSLHostStateDelegate::ALLOWED, 507 content::SSLHostStateDelegate::ALLOWED,
564 state->QueryPolicy(kWWWGoogleHost, 508 state->QueryPolicy(kWWWGoogleHost, *cert, net::CERT_STATUS_DATE_INVALID,
565 *cert.get(), 509 &expired_previous_decision));
566 net::CERT_STATUS_DATE_INVALID,
567 &expired_previous_decision));
568 EXPECT_FALSE(expired_previous_decision); 510 EXPECT_FALSE(expired_previous_decision);
569 511
570 // Simulate the clock advancing by the specified delta. 512 // Simulate the clock advancing by the specified delta.
571 clock->Advance(base::TimeDelta::FromSeconds(kDeltaOneDayInSeconds + 1)); 513 clock->Advance(base::TimeDelta::FromSeconds(kDeltaOneDayInSeconds + 1));
572 514
573 // The decision expiration time has come, so it should indicate that the 515 // The decision expiration time has come, so it should indicate that the
574 // certificate and error are DENIED but also that they expired since the last 516 // certificate and error are DENIED but also that they expired since the last
575 // query. 517 // query.
576 EXPECT_EQ(content::SSLHostStateDelegate::DENIED, 518 EXPECT_EQ(
577 state->QueryPolicy(kWWWGoogleHost, 519 content::SSLHostStateDelegate::DENIED,
578 *cert.get(), 520 state->QueryPolicy(kWWWGoogleHost, *cert, net::CERT_STATUS_DATE_INVALID,
579 net::CERT_STATUS_DATE_INVALID, 521 &expired_previous_decision));
580 &expired_previous_decision));
581 EXPECT_TRUE(expired_previous_decision); 522 EXPECT_TRUE(expired_previous_decision);
582 523
583 // However, with a new query, it should indicate that no new expiration has 524 // However, with a new query, it should indicate that no new expiration has
584 // occurred. 525 // occurred.
585 EXPECT_EQ(content::SSLHostStateDelegate::DENIED, 526 EXPECT_EQ(
586 state->QueryPolicy(kWWWGoogleHost, 527 content::SSLHostStateDelegate::DENIED,
587 *cert.get(), 528 state->QueryPolicy(kWWWGoogleHost, *cert, net::CERT_STATUS_DATE_INVALID,
588 net::CERT_STATUS_DATE_INVALID, 529 &expired_previous_decision));
589 &expired_previous_decision));
590 EXPECT_FALSE(expired_previous_decision); 530 EXPECT_FALSE(expired_previous_decision);
591 } 531 }
592 532
593 // Tests to make sure that if the user deletes their browser history, SSL 533 // Tests to make sure that if the user deletes their browser history, SSL
594 // exceptions will be deleted as well. 534 // exceptions will be deleted as well.
595 class RemoveBrowsingHistorySSLHostStateDelegateTest 535 class RemoveBrowsingHistorySSLHostStateDelegateTest
596 : public ChromeSSLHostStateDelegateTest { 536 : public ChromeSSLHostStateDelegateTest {
597 public: 537 public:
598 void RemoveAndWait(Profile* profile) { 538 void RemoveAndWait(Profile* profile) {
599 BrowsingDataRemover* remover = BrowsingDataRemover::CreateForPeriod( 539 BrowsingDataRemover* remover = BrowsingDataRemover::CreateForPeriod(
600 profile, BrowsingDataRemover::LAST_HOUR); 540 profile, BrowsingDataRemover::LAST_HOUR);
601 BrowsingDataRemoverCompletionObserver completion_observer(remover); 541 BrowsingDataRemoverCompletionObserver completion_observer(remover);
602 remover->Remove(BrowsingDataRemover::REMOVE_HISTORY, 542 remover->Remove(BrowsingDataRemover::REMOVE_HISTORY,
603 BrowsingDataHelper::UNPROTECTED_WEB); 543 BrowsingDataHelper::UNPROTECTED_WEB);
604 completion_observer.BlockUntilCompletion(); 544 completion_observer.BlockUntilCompletion();
605 } 545 }
606 }; 546 };
607 547
608 IN_PROC_BROWSER_TEST_F(RemoveBrowsingHistorySSLHostStateDelegateTest, 548 IN_PROC_BROWSER_TEST_F(RemoveBrowsingHistorySSLHostStateDelegateTest,
609 DeleteHistory) { 549 DeleteHistory) {
610 scoped_refptr<net::X509Certificate> cert = GetOkCert(); 550 scoped_refptr<net::X509Certificate> cert = GetOkCert();
611 content::WebContents* tab = 551 content::WebContents* tab =
612 browser()->tab_strip_model()->GetActiveWebContents(); 552 browser()->tab_strip_model()->GetActiveWebContents();
613 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); 553 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext());
614 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); 554 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate();
615 bool unused_value; 555 bool unused_value;
616 556
617 // Add an exception for an invalid certificate. Then remove the last hour's 557 // Add an exception for an invalid certificate. Then remove the last hour's
618 // worth of browsing history and verify that the exception has been deleted. 558 // worth of browsing history and verify that the exception has been deleted.
619 state->AllowCert( 559 state->AllowCert(kGoogleHost, *cert, net::CERT_STATUS_DATE_INVALID);
620 kGoogleHost, *cert.get(), net::CERT_STATUS_DATE_INVALID);
621 RemoveAndWait(profile); 560 RemoveAndWait(profile);
622 EXPECT_EQ(content::SSLHostStateDelegate::DENIED, 561 EXPECT_EQ(content::SSLHostStateDelegate::DENIED,
623 state->QueryPolicy(kGoogleHost, 562 state->QueryPolicy(kGoogleHost, *cert,
624 *cert.get(), 563 net::CERT_STATUS_DATE_INVALID, &unused_value));
625 net::CERT_STATUS_DATE_INVALID,
626 &unused_value));
627 } 564 }
628 565
629 // Tests to make sure that localhost certificate errors are treated as 566 // Tests to make sure that localhost certificate errors are treated as
630 // normal errors or ignored, depending on whether the 567 // normal errors or ignored, depending on whether the
631 // kAllowInsecureLocalhost flag is set. 568 // kAllowInsecureLocalhost flag is set.
632 569
633 // When the flag isn't set, requests to localhost with invalid 570 // When the flag isn't set, requests to localhost with invalid
634 // certificates should be denied. 571 // certificates should be denied.
635 IN_PROC_BROWSER_TEST_F(ChromeSSLHostStateDelegateTest, 572 IN_PROC_BROWSER_TEST_F(ChromeSSLHostStateDelegateTest,
636 LocalhostErrorWithoutFlag) { 573 LocalhostErrorWithoutFlag) {
637 // Serve the Google cert for localhost to generate an error. 574 // Serve the Google cert for localhost to generate an error.
638 scoped_refptr<net::X509Certificate> cert = GetOkCert(); 575 scoped_refptr<net::X509Certificate> cert = GetOkCert();
639 content::WebContents* tab = 576 content::WebContents* tab =
640 browser()->tab_strip_model()->GetActiveWebContents(); 577 browser()->tab_strip_model()->GetActiveWebContents();
641 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); 578 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext());
642 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); 579 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate();
643 bool unused_value; 580 bool unused_value;
644 581
645 EXPECT_EQ(content::SSLHostStateDelegate::DENIED, 582 EXPECT_EQ(
646 state->QueryPolicy("localhost", 583 content::SSLHostStateDelegate::DENIED,
647 *cert.get(), 584 state->QueryPolicy("localhost", *cert,
648 net::CERT_STATUS_COMMON_NAME_INVALID, 585 net::CERT_STATUS_COMMON_NAME_INVALID, &unused_value));
649 &unused_value));
650 586
651 EXPECT_EQ(content::SSLHostStateDelegate::DENIED, 587 EXPECT_EQ(
652 state->QueryPolicy("127.0.0.1", 588 content::SSLHostStateDelegate::DENIED,
653 *cert.get(), 589 state->QueryPolicy("127.0.0.1", *cert,
654 net::CERT_STATUS_COMMON_NAME_INVALID, 590 net::CERT_STATUS_COMMON_NAME_INVALID, &unused_value));
655 &unused_value));
656 } 591 }
657 592
658 // When the flag is set, requests to localhost with invalid certificates 593 // When the flag is set, requests to localhost with invalid certificates
659 // should be allowed. 594 // should be allowed.
660 class AllowLocalhostErrorsSSLHostStateDelegateTest 595 class AllowLocalhostErrorsSSLHostStateDelegateTest
661 : public ChromeSSLHostStateDelegateTest { 596 : public ChromeSSLHostStateDelegateTest {
662 protected: 597 protected:
663 void SetUpCommandLine(base::CommandLine* command_line) override { 598 void SetUpCommandLine(base::CommandLine* command_line) override {
664 ChromeSSLHostStateDelegateTest::SetUpCommandLine(command_line); 599 ChromeSSLHostStateDelegateTest::SetUpCommandLine(command_line);
665 command_line->AppendSwitch(switches::kAllowInsecureLocalhost); 600 command_line->AppendSwitch(switches::kAllowInsecureLocalhost);
666 } 601 }
667 }; 602 };
668 603
669 IN_PROC_BROWSER_TEST_F(AllowLocalhostErrorsSSLHostStateDelegateTest, 604 IN_PROC_BROWSER_TEST_F(AllowLocalhostErrorsSSLHostStateDelegateTest,
670 LocalhostErrorWithFlag) { 605 LocalhostErrorWithFlag) {
671 // Serve the Google cert for localhost to generate an error. 606 // Serve the Google cert for localhost to generate an error.
672 scoped_refptr<net::X509Certificate> cert = GetOkCert(); 607 scoped_refptr<net::X509Certificate> cert = GetOkCert();
673 content::WebContents* tab = 608 content::WebContents* tab =
674 browser()->tab_strip_model()->GetActiveWebContents(); 609 browser()->tab_strip_model()->GetActiveWebContents();
675 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); 610 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext());
676 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate(); 611 content::SSLHostStateDelegate* state = profile->GetSSLHostStateDelegate();
677 bool unused_value; 612 bool unused_value;
678 613
679 EXPECT_EQ(content::SSLHostStateDelegate::ALLOWED, 614 EXPECT_EQ(
680 state->QueryPolicy("localhost", 615 content::SSLHostStateDelegate::ALLOWED,
681 *cert.get(), 616 state->QueryPolicy("localhost", *cert,
682 net::CERT_STATUS_COMMON_NAME_INVALID, 617 net::CERT_STATUS_COMMON_NAME_INVALID, &unused_value));
683 &unused_value));
684 618
685 EXPECT_EQ(content::SSLHostStateDelegate::ALLOWED, 619 EXPECT_EQ(
686 state->QueryPolicy("127.0.0.1", 620 content::SSLHostStateDelegate::ALLOWED,
687 *cert.get(), 621 state->QueryPolicy("127.0.0.1", *cert,
688 net::CERT_STATUS_COMMON_NAME_INVALID, 622 net::CERT_STATUS_COMMON_NAME_INVALID, &unused_value));
689 &unused_value));
690 } 623 }
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698