OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "base/bind.h" | 5 #include "base/bind.h" |
6 #include "base/bind_helpers.h" | 6 #include "base/bind_helpers.h" |
7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
8 #include "base/prefs/pref_service.h" | 8 #include "base/prefs/pref_service.h" |
9 #include "base/strings/string_util.h" | 9 #include "base/strings/string_util.h" |
10 #include "base/strings/stringprintf.h" | 10 #include "base/strings/stringprintf.h" |
11 #include "base/strings/utf_string_conversions.h" | 11 #include "base/strings/utf_string_conversions.h" |
12 #include "base/time/time.h" | 12 #include "base/time/time.h" |
13 #include "chrome/app/chrome_command_ids.h" | 13 #include "chrome/app/chrome_command_ids.h" |
14 #include "chrome/browser/chrome_notification_types.h" | 14 #include "chrome/browser/chrome_notification_types.h" |
| 15 #include "chrome/browser/net/chrome_fraudulent_certificate_reporter.h" |
15 #include "chrome/browser/profiles/profile.h" | 16 #include "chrome/browser/profiles/profile.h" |
16 #include "chrome/browser/ssl/ssl_blocking_page.h" | 17 #include "chrome/browser/ssl/ssl_blocking_page.h" |
17 #include "chrome/browser/ui/browser.h" | 18 #include "chrome/browser/ui/browser.h" |
18 #include "chrome/browser/ui/browser_commands.h" | 19 #include "chrome/browser/ui/browser_commands.h" |
19 #include "chrome/browser/ui/browser_navigator.h" | 20 #include "chrome/browser/ui/browser_navigator.h" |
20 #include "chrome/browser/ui/browser_tabstrip.h" | 21 #include "chrome/browser/ui/browser_tabstrip.h" |
21 #include "chrome/browser/ui/tabs/tab_strip_model.h" | 22 #include "chrome/browser/ui/tabs/tab_strip_model.h" |
22 #include "chrome/common/chrome_paths.h" | 23 #include "chrome/common/chrome_paths.h" |
23 #include "chrome/common/chrome_switches.h" | 24 #include "chrome/common/chrome_switches.h" |
24 #include "chrome/common/pref_names.h" | 25 #include "chrome/common/pref_names.h" |
(...skipping 13 matching lines...) Expand all Loading... |
38 #include "content/public/browser/web_contents_observer.h" | 39 #include "content/public/browser/web_contents_observer.h" |
39 #include "content/public/common/security_style.h" | 40 #include "content/public/common/security_style.h" |
40 #include "content/public/common/ssl_status.h" | 41 #include "content/public/common/ssl_status.h" |
41 #include "content/public/test/browser_test_utils.h" | 42 #include "content/public/test/browser_test_utils.h" |
42 #include "content/public/test/download_test_observer.h" | 43 #include "content/public/test/download_test_observer.h" |
43 #include "content/public/test/test_renderer_host.h" | 44 #include "content/public/test/test_renderer_host.h" |
44 #include "net/base/net_errors.h" | 45 #include "net/base/net_errors.h" |
45 #include "net/base/test_data_directory.h" | 46 #include "net/base/test_data_directory.h" |
46 #include "net/cert/cert_status_flags.h" | 47 #include "net/cert/cert_status_flags.h" |
47 #include "net/test/spawned_test_server/spawned_test_server.h" | 48 #include "net/test/spawned_test_server/spawned_test_server.h" |
| 49 #include "net/url_request/fraudulent_certificate_reporter.h" |
| 50 #include "net/url_request/url_request_context.h" |
| 51 #include "net/url_request/url_request_context_getter.h" |
48 | 52 |
49 #if defined(USE_NSS) | 53 #if defined(USE_NSS) |
50 #include "chrome/browser/net/nss_context.h" | 54 #include "chrome/browser/net/nss_context.h" |
51 #include "net/base/crypto_module.h" | 55 #include "net/base/crypto_module.h" |
52 #include "net/cert/nss_cert_database.h" | 56 #include "net/cert/nss_cert_database.h" |
53 #endif // defined(USE_NSS) | 57 #endif // defined(USE_NSS) |
54 | 58 |
55 using base::ASCIIToUTF16; | 59 using base::ASCIIToUTF16; |
| 60 using chrome_browser_net::ChromeFraudulentCertificateReporter; |
56 using content::InterstitialPage; | 61 using content::InterstitialPage; |
57 using content::NavigationController; | 62 using content::NavigationController; |
58 using content::NavigationEntry; | 63 using content::NavigationEntry; |
59 using content::SSLStatus; | 64 using content::SSLStatus; |
60 using content::WebContents; | 65 using content::WebContents; |
| 66 using net::FraudulentCertificateReporter; |
61 using web_modal::WebContentsModalDialogManager; | 67 using web_modal::WebContentsModalDialogManager; |
62 | 68 |
63 const base::FilePath::CharType kDocRoot[] = | 69 const base::FilePath::CharType kDocRoot[] = |
64 FILE_PATH_LITERAL("chrome/test/data"); | 70 FILE_PATH_LITERAL("chrome/test/data"); |
65 | 71 |
66 namespace { | 72 namespace { |
67 | 73 |
68 class ProvisionalLoadWaiter : public content::WebContentsObserver { | 74 class ProvisionalLoadWaiter : public content::WebContentsObserver { |
69 public: | 75 public: |
70 explicit ProvisionalLoadWaiter(WebContents* tab) | 76 explicit ProvisionalLoadWaiter(WebContents* tab) |
(...skipping 115 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
186 wss_server_expired_(net::SpawnedTestServer::TYPE_WSS, | 192 wss_server_expired_(net::SpawnedTestServer::TYPE_WSS, |
187 SSLOptions(SSLOptions::CERT_EXPIRED), | 193 SSLOptions(SSLOptions::CERT_EXPIRED), |
188 net::GetWebSocketTestDataDirectory()) {} | 194 net::GetWebSocketTestDataDirectory()) {} |
189 | 195 |
190 void SetUpCommandLine(base::CommandLine* command_line) override { | 196 void SetUpCommandLine(base::CommandLine* command_line) override { |
191 // Browser will both run and display insecure content. | 197 // Browser will both run and display insecure content. |
192 command_line->AppendSwitch(switches::kAllowRunningInsecureContent); | 198 command_line->AppendSwitch(switches::kAllowRunningInsecureContent); |
193 // Use process-per-site so that navigating to a same-site page in a | 199 // Use process-per-site so that navigating to a same-site page in a |
194 // new tab will use the same process. | 200 // new tab will use the same process. |
195 command_line->AppendSwitch(switches::kProcessPerSite); | 201 command_line->AppendSwitch(switches::kProcessPerSite); |
| 202 // Enable a checkbox on SSL interstitials that allows users to opt |
| 203 // in to reporting invalid certificate chains. |
| 204 command_line->AppendSwitch(switches::kEnableInvalidCertCollection); |
196 } | 205 } |
197 | 206 |
198 void CheckAuthenticatedState(WebContents* tab, | 207 void CheckAuthenticatedState(WebContents* tab, |
199 int expected_authentication_state) { | 208 int expected_authentication_state) { |
200 CheckSecurityState(tab, | 209 CheckSecurityState(tab, |
201 CertError::NONE, | 210 CertError::NONE, |
202 content::SECURITY_STYLE_AUTHENTICATED, | 211 content::SECURITY_STYLE_AUTHENTICATED, |
203 expected_authentication_state); | 212 expected_authentication_state); |
204 } | 213 } |
205 | 214 |
(...skipping 136 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
342 std::vector<net::SpawnedTestServer::StringPair> | 351 std::vector<net::SpawnedTestServer::StringPair> |
343 replacement_text_for_page_with_unsafe_worker; | 352 replacement_text_for_page_with_unsafe_worker; |
344 replacement_text_for_page_with_unsafe_worker.push_back( | 353 replacement_text_for_page_with_unsafe_worker.push_back( |
345 make_pair("REPLACE_WITH_UNSAFE_WORKER_PATH", unsafe_worker_path)); | 354 make_pair("REPLACE_WITH_UNSAFE_WORKER_PATH", unsafe_worker_path)); |
346 return net::SpawnedTestServer::GetFilePathWithReplacements( | 355 return net::SpawnedTestServer::GetFilePathWithReplacements( |
347 "files/ssl/page_with_unsafe_worker.html", | 356 "files/ssl/page_with_unsafe_worker.html", |
348 replacement_text_for_page_with_unsafe_worker, | 357 replacement_text_for_page_with_unsafe_worker, |
349 page_with_unsafe_worker_path); | 358 page_with_unsafe_worker_path); |
350 } | 359 } |
351 | 360 |
| 361 // Helper function for the testing invalid certificate chain reporting. |
| 362 void TestBrokenHTTPSReporting(bool opt_in, bool proceed) { |
| 363 ASSERT_TRUE(https_server_expired_.Start()); |
| 364 |
| 365 // Set up the mock reporter to track the hostnames that reports get |
| 366 // sent for. |
| 367 net::URLRequestContext* context = |
| 368 browser()->profile()->GetRequestContext()->GetURLRequestContext(); |
| 369 MockReporter reporter(context); |
| 370 FraudulentCertificateReporter* orig_reporter = |
| 371 context->fraudulent_certificate_reporter(); |
| 372 context->set_fraudulent_certificate_reporter(&reporter); |
| 373 |
| 374 // Opt in to sending reports for invalid certificate chains. |
| 375 browser()->profile()->GetPrefs()->SetBoolean( |
| 376 prefs::kSafeBrowsingExtendedReportingEnabled, opt_in); |
| 377 |
| 378 EXPECT_EQ(reporter.GetLatestHostnameReported(), ""); |
| 379 |
| 380 ui_test_utils::NavigateToURL(browser(), https_server_expired_.GetURL("/")); |
| 381 |
| 382 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); |
| 383 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, |
| 384 AuthState::SHOWING_INTERSTITIAL); |
| 385 |
| 386 if (proceed) { |
| 387 ProceedThroughInterstitial(tab); |
| 388 } else { |
| 389 // Click "Take me back" |
| 390 InterstitialPage* interstitial_page = tab->GetInterstitialPage(); |
| 391 ASSERT_TRUE(interstitial_page); |
| 392 interstitial_page->DontProceed(); |
| 393 } |
| 394 |
| 395 if (opt_in) { |
| 396 // Check that the mock reporter received a request to send a report. |
| 397 EXPECT_EQ(reporter.GetLatestHostnameReported(), |
| 398 https_server_expired_.GetURL("/").host()); |
| 399 } else { |
| 400 EXPECT_EQ(reporter.GetLatestHostnameReported(), ""); |
| 401 } |
| 402 |
| 403 context->set_fraudulent_certificate_reporter(orig_reporter); |
| 404 } |
| 405 |
352 net::SpawnedTestServer https_server_; | 406 net::SpawnedTestServer https_server_; |
353 net::SpawnedTestServer https_server_expired_; | 407 net::SpawnedTestServer https_server_expired_; |
354 net::SpawnedTestServer https_server_mismatched_; | 408 net::SpawnedTestServer https_server_mismatched_; |
355 net::SpawnedTestServer wss_server_expired_; | 409 net::SpawnedTestServer wss_server_expired_; |
356 | 410 |
357 private: | 411 private: |
358 typedef net::SpawnedTestServer::SSLOptions SSLOptions; | 412 typedef net::SpawnedTestServer::SSLOptions SSLOptions; |
359 | 413 |
| 414 // This class is used to test invalid certificate chain reporting when |
| 415 // the user opts in to do so on the interstitial. |
| 416 class MockReporter : public ChromeFraudulentCertificateReporter { |
| 417 public: |
| 418 explicit MockReporter(net::URLRequestContext* request_context) |
| 419 : ChromeFraudulentCertificateReporter(request_context) { |
| 420 latest_hostname_reported_ = ""; |
| 421 } |
| 422 |
| 423 void SendInvalidChainReport(const std::string& hostname, |
| 424 const net::SSLInfo& ssl_info) override { |
| 425 latest_hostname_reported_ = hostname; |
| 426 } |
| 427 |
| 428 const std::string& GetLatestHostnameReported() { |
| 429 return latest_hostname_reported_; |
| 430 } |
| 431 |
| 432 private: |
| 433 std::string latest_hostname_reported_; |
| 434 }; |
| 435 |
360 DISALLOW_COPY_AND_ASSIGN(SSLUITest); | 436 DISALLOW_COPY_AND_ASSIGN(SSLUITest); |
361 }; | 437 }; |
362 | 438 |
363 class SSLUITestBlock : public SSLUITest { | 439 class SSLUITestBlock : public SSLUITest { |
364 public: | 440 public: |
365 SSLUITestBlock() : SSLUITest() {} | 441 SSLUITestBlock() : SSLUITest() {} |
366 | 442 |
367 // Browser will neither run nor display insecure content. | 443 // Browser will neither run nor display insecure content. |
368 void SetUpCommandLine(base::CommandLine* command_line) override { | 444 void SetUpCommandLine(base::CommandLine* command_line) override { |
369 command_line->AppendSwitch(switches::kNoDisplayingInsecureContent); | 445 command_line->AppendSwitch(switches::kNoDisplayingInsecureContent); |
(...skipping 69 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
439 CheckAuthenticationBrokenState( | 515 CheckAuthenticationBrokenState( |
440 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL); | 516 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL); |
441 | 517 |
442 ProceedThroughInterstitial(tab); | 518 ProceedThroughInterstitial(tab); |
443 | 519 |
444 CheckAuthenticationBrokenState(tab, | 520 CheckAuthenticationBrokenState(tab, |
445 net::CERT_STATUS_DATE_INVALID, | 521 net::CERT_STATUS_DATE_INVALID, |
446 AuthState::DISPLAYED_INSECURE_CONTENT); | 522 AuthState::DISPLAYED_INSECURE_CONTENT); |
447 } | 523 } |
448 | 524 |
| 525 // Test that when the checkbox is checked and the user proceeds through |
| 526 // the interstitial, the FraudulentCertificateReporter sees a request to |
| 527 // send a report. |
| 528 IN_PROC_BROWSER_TEST_F(SSLUITest, TestBrokenHTTPSProceedWithReporting) { |
| 529 TestBrokenHTTPSReporting(true, true); |
| 530 } |
| 531 |
| 532 // Test that when the checkbox is checked and the user goes back (does |
| 533 // not proceed through the interstitial), the |
| 534 // FraudulentCertificateReporter sees a request to send a report. |
| 535 IN_PROC_BROWSER_TEST_F(SSLUITest, TestBrokenHTTPSGoBackWithReporting) { |
| 536 TestBrokenHTTPSReporting(true, false); |
| 537 } |
| 538 |
| 539 // Test that when the checkbox is not checked and the user proceeds |
| 540 // through the interstitial, the FraudulentCertificateReporter does not |
| 541 // see a request to send a report. |
| 542 IN_PROC_BROWSER_TEST_F(SSLUITest, TestBrokenHTTPSProceedWithNoReporting) { |
| 543 TestBrokenHTTPSReporting(false, true); |
| 544 } |
| 545 |
| 546 // Test that when the checkbox is not checked and the user does not proceed |
| 547 // through the interstitial, the FraudulentCertificateReporter does not |
| 548 // see a request to send a report. |
| 549 IN_PROC_BROWSER_TEST_F(SSLUITest, TestBrokenHTTPSGoBackWithNoReporting) { |
| 550 TestBrokenHTTPSReporting(false, false); |
| 551 } |
| 552 |
449 // http://crbug.com/91745 | 553 // http://crbug.com/91745 |
450 #if defined(OS_CHROMEOS) | 554 #if defined(OS_CHROMEOS) |
451 #define MAYBE_TestOKHTTPS DISABLED_TestOKHTTPS | 555 #define MAYBE_TestOKHTTPS DISABLED_TestOKHTTPS |
452 #else | 556 #else |
453 #define MAYBE_TestOKHTTPS TestOKHTTPS | 557 #define MAYBE_TestOKHTTPS TestOKHTTPS |
454 #endif | 558 #endif |
455 | 559 |
456 // Visits a page over OK https: | 560 // Visits a page over OK https: |
457 IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestOKHTTPS) { | 561 IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestOKHTTPS) { |
458 ASSERT_TRUE(https_server_.Start()); | 562 ASSERT_TRUE(https_server_.Start()); |
(...skipping 1456 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1915 | 2019 |
1916 // Visit a page over https that contains a frame with a redirect. | 2020 // Visit a page over https that contains a frame with a redirect. |
1917 | 2021 |
1918 // XMLHttpRequest insecure content in synchronous mode. | 2022 // XMLHttpRequest insecure content in synchronous mode. |
1919 | 2023 |
1920 // XMLHttpRequest insecure content in asynchronous mode. | 2024 // XMLHttpRequest insecure content in asynchronous mode. |
1921 | 2025 |
1922 // XMLHttpRequest over bad ssl in synchronous mode. | 2026 // XMLHttpRequest over bad ssl in synchronous mode. |
1923 | 2027 |
1924 // XMLHttpRequest over OK ssl in synchronous mode. | 2028 // XMLHttpRequest over OK ssl in synchronous mode. |
OLD | NEW |