OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "base/bind.h" | 5 #include "base/bind.h" |
6 #include "base/bind_helpers.h" | 6 #include "base/bind_helpers.h" |
7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
8 #include "base/prefs/pref_service.h" | 8 #include "base/prefs/pref_service.h" |
9 #include "base/strings/string_util.h" | 9 #include "base/strings/string_util.h" |
10 #include "base/strings/stringprintf.h" | 10 #include "base/strings/stringprintf.h" |
11 #include "base/strings/utf_string_conversions.h" | 11 #include "base/strings/utf_string_conversions.h" |
12 #include "base/time/time.h" | 12 #include "base/time/time.h" |
13 #include "chrome/app/chrome_command_ids.h" | 13 #include "chrome/app/chrome_command_ids.h" |
14 #include "chrome/browser/chrome_notification_types.h" | 14 #include "chrome/browser/chrome_notification_types.h" |
15 #include "chrome/browser/net/chrome_fraudulent_certificate_reporter.h" | |
15 #include "chrome/browser/profiles/profile.h" | 16 #include "chrome/browser/profiles/profile.h" |
16 #include "chrome/browser/ssl/ssl_blocking_page.h" | 17 #include "chrome/browser/ssl/ssl_blocking_page.h" |
17 #include "chrome/browser/ui/browser.h" | 18 #include "chrome/browser/ui/browser.h" |
18 #include "chrome/browser/ui/browser_commands.h" | 19 #include "chrome/browser/ui/browser_commands.h" |
19 #include "chrome/browser/ui/browser_navigator.h" | 20 #include "chrome/browser/ui/browser_navigator.h" |
20 #include "chrome/browser/ui/browser_tabstrip.h" | 21 #include "chrome/browser/ui/browser_tabstrip.h" |
21 #include "chrome/browser/ui/tabs/tab_strip_model.h" | 22 #include "chrome/browser/ui/tabs/tab_strip_model.h" |
22 #include "chrome/common/chrome_paths.h" | 23 #include "chrome/common/chrome_paths.h" |
23 #include "chrome/common/chrome_switches.h" | 24 #include "chrome/common/chrome_switches.h" |
24 #include "chrome/common/pref_names.h" | 25 #include "chrome/common/pref_names.h" |
(...skipping 13 matching lines...) Expand all Loading... | |
38 #include "content/public/browser/web_contents_observer.h" | 39 #include "content/public/browser/web_contents_observer.h" |
39 #include "content/public/common/security_style.h" | 40 #include "content/public/common/security_style.h" |
40 #include "content/public/common/ssl_status.h" | 41 #include "content/public/common/ssl_status.h" |
41 #include "content/public/test/browser_test_utils.h" | 42 #include "content/public/test/browser_test_utils.h" |
42 #include "content/public/test/download_test_observer.h" | 43 #include "content/public/test/download_test_observer.h" |
43 #include "content/public/test/test_renderer_host.h" | 44 #include "content/public/test/test_renderer_host.h" |
44 #include "net/base/net_errors.h" | 45 #include "net/base/net_errors.h" |
45 #include "net/base/test_data_directory.h" | 46 #include "net/base/test_data_directory.h" |
46 #include "net/cert/cert_status_flags.h" | 47 #include "net/cert/cert_status_flags.h" |
47 #include "net/test/spawned_test_server/spawned_test_server.h" | 48 #include "net/test/spawned_test_server/spawned_test_server.h" |
49 #include "net/url_request/fraudulent_certificate_reporter.h" | |
50 #include "net/url_request/url_request_context.h" | |
51 #include "net/url_request/url_request_context_getter.h" | |
48 | 52 |
49 #if defined(USE_NSS) | 53 #if defined(USE_NSS) |
50 #include "chrome/browser/net/nss_context.h" | 54 #include "chrome/browser/net/nss_context.h" |
51 #include "net/base/crypto_module.h" | 55 #include "net/base/crypto_module.h" |
52 #include "net/cert/nss_cert_database.h" | 56 #include "net/cert/nss_cert_database.h" |
53 #endif // defined(USE_NSS) | 57 #endif // defined(USE_NSS) |
54 | 58 |
55 using base::ASCIIToUTF16; | 59 using base::ASCIIToUTF16; |
60 using chrome_browser_net::ChromeFraudulentCertificateReporter; | |
56 using content::InterstitialPage; | 61 using content::InterstitialPage; |
57 using content::NavigationController; | 62 using content::NavigationController; |
58 using content::NavigationEntry; | 63 using content::NavigationEntry; |
59 using content::SSLStatus; | 64 using content::SSLStatus; |
60 using content::WebContents; | 65 using content::WebContents; |
66 using net::FraudulentCertificateReporter; | |
61 using web_modal::WebContentsModalDialogManager; | 67 using web_modal::WebContentsModalDialogManager; |
62 | 68 |
63 const base::FilePath::CharType kDocRoot[] = | 69 const base::FilePath::CharType kDocRoot[] = |
64 FILE_PATH_LITERAL("chrome/test/data"); | 70 FILE_PATH_LITERAL("chrome/test/data"); |
65 | 71 |
66 namespace { | 72 namespace { |
67 | 73 |
68 class ProvisionalLoadWaiter : public content::WebContentsObserver { | 74 class ProvisionalLoadWaiter : public content::WebContentsObserver { |
69 public: | 75 public: |
70 explicit ProvisionalLoadWaiter(WebContents* tab) | 76 explicit ProvisionalLoadWaiter(WebContents* tab) |
(...skipping 271 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
342 std::vector<net::SpawnedTestServer::StringPair> | 348 std::vector<net::SpawnedTestServer::StringPair> |
343 replacement_text_for_page_with_unsafe_worker; | 349 replacement_text_for_page_with_unsafe_worker; |
344 replacement_text_for_page_with_unsafe_worker.push_back( | 350 replacement_text_for_page_with_unsafe_worker.push_back( |
345 make_pair("REPLACE_WITH_UNSAFE_WORKER_PATH", unsafe_worker_path)); | 351 make_pair("REPLACE_WITH_UNSAFE_WORKER_PATH", unsafe_worker_path)); |
346 return net::SpawnedTestServer::GetFilePathWithReplacements( | 352 return net::SpawnedTestServer::GetFilePathWithReplacements( |
347 "files/ssl/page_with_unsafe_worker.html", | 353 "files/ssl/page_with_unsafe_worker.html", |
348 replacement_text_for_page_with_unsafe_worker, | 354 replacement_text_for_page_with_unsafe_worker, |
349 page_with_unsafe_worker_path); | 355 page_with_unsafe_worker_path); |
350 } | 356 } |
351 | 357 |
358 // Helper function for the testing invalid certificate chain reporting. | |
359 void TestBrokenHTTPSReporting(bool opt_in, | |
360 bool proceed, | |
361 bool switch_enabled = true) { | |
362 ASSERT_TRUE(https_server_expired_.Start()); | |
363 | |
364 // Set up the mock reporter to track the hostnames that reports get | |
365 // sent for. | |
366 net::URLRequestContext* context = | |
367 browser()->profile()->GetRequestContext()->GetURLRequestContext(); | |
368 MockReporter reporter(context); | |
369 FraudulentCertificateReporter* orig_reporter = | |
370 context->fraudulent_certificate_reporter(); | |
371 context->set_fraudulent_certificate_reporter(&reporter); | |
372 | |
373 // Opt in to sending reports for invalid certificate chains. | |
374 browser()->profile()->GetPrefs()->SetBoolean( | |
375 prefs::kSafeBrowsingExtendedReportingEnabled, opt_in); | |
376 | |
377 EXPECT_EQ(reporter.GetLatestHostnameReported(), ""); | |
378 | |
379 ui_test_utils::NavigateToURL(browser(), https_server_expired_.GetURL("/")); | |
380 | |
381 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); | |
382 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, | |
383 AuthState::SHOWING_INTERSTITIAL); | |
384 | |
385 if (proceed) { | |
386 ProceedThroughInterstitial(tab); | |
387 } else { | |
388 // Click "Take me back" | |
389 InterstitialPage* interstitial_page = tab->GetInterstitialPage(); | |
390 ASSERT_TRUE(interstitial_page); | |
391 interstitial_page->DontProceed(); | |
392 } | |
393 | |
394 base::RunLoop().RunUntilIdle(); | |
Ryan Sleevi
2015/02/27 00:46:33
May want a comment explaining why this is.
estark
2015/02/27 02:49:37
Done.
| |
395 | |
396 if (opt_in) { | |
397 // Check that the mock reporter received a request to send a report. | |
398 if (switch_enabled) { | |
399 EXPECT_EQ(reporter.GetLatestHostnameReported(), | |
400 https_server_expired_.GetURL("/").host()); | |
401 } else { | |
402 EXPECT_EQ(reporter.GetLatestHostnameReported(), ""); | |
403 } | |
404 } else { | |
405 EXPECT_EQ(reporter.GetLatestHostnameReported(), ""); | |
406 } | |
407 | |
408 context->set_fraudulent_certificate_reporter(orig_reporter); | |
409 } | |
410 | |
352 net::SpawnedTestServer https_server_; | 411 net::SpawnedTestServer https_server_; |
353 net::SpawnedTestServer https_server_expired_; | 412 net::SpawnedTestServer https_server_expired_; |
354 net::SpawnedTestServer https_server_mismatched_; | 413 net::SpawnedTestServer https_server_mismatched_; |
355 net::SpawnedTestServer wss_server_expired_; | 414 net::SpawnedTestServer wss_server_expired_; |
356 | 415 |
357 private: | 416 private: |
358 typedef net::SpawnedTestServer::SSLOptions SSLOptions; | 417 typedef net::SpawnedTestServer::SSLOptions SSLOptions; |
359 | 418 |
419 // This class is used to test invalid certificate chain reporting when | |
420 // the user opts in to do so on the interstitial. | |
421 class MockReporter : public ChromeFraudulentCertificateReporter { | |
Ryan Sleevi
2015/02/27 00:46:33
Since you're not relying on this class being able
estark
2015/02/27 02:49:37
Done.
| |
422 public: | |
423 explicit MockReporter(net::URLRequestContext* request_context) | |
424 : ChromeFraudulentCertificateReporter(request_context) { | |
425 latest_hostname_reported_ = ""; | |
Ryan Sleevi
2015/02/27 00:46:33
This is not necessary. Strings are default initial
estark
2015/02/27 02:49:37
Done.
| |
426 } | |
427 | |
428 void SendReport(ReportType type, | |
429 const std::string& hostname, | |
430 const net::SSLInfo& ssl_info) override { | |
431 latest_hostname_reported_ = hostname; | |
432 EXPECT_EQ(type, REPORT_TYPE_EXTENDED_REPORTING); | |
433 } | |
434 | |
435 const std::string& GetLatestHostnameReported() { | |
436 return latest_hostname_reported_; | |
437 } | |
438 | |
439 private: | |
440 std::string latest_hostname_reported_; | |
441 }; | |
442 | |
360 DISALLOW_COPY_AND_ASSIGN(SSLUITest); | 443 DISALLOW_COPY_AND_ASSIGN(SSLUITest); |
361 }; | 444 }; |
362 | 445 |
363 class SSLUITestBlock : public SSLUITest { | 446 class SSLUITestBlock : public SSLUITest { |
364 public: | 447 public: |
365 SSLUITestBlock() : SSLUITest() {} | 448 SSLUITestBlock() : SSLUITest() {} |
366 | 449 |
367 // Browser will neither run nor display insecure content. | 450 // Browser will neither run nor display insecure content. |
368 void SetUpCommandLine(base::CommandLine* command_line) override { | 451 void SetUpCommandLine(base::CommandLine* command_line) override { |
369 command_line->AppendSwitch(switches::kNoDisplayingInsecureContent); | 452 command_line->AppendSwitch(switches::kNoDisplayingInsecureContent); |
(...skipping 13 matching lines...) Expand all Loading... | |
383 class SSLUITestIgnoreLocalhostCertErrors : public SSLUITest { | 466 class SSLUITestIgnoreLocalhostCertErrors : public SSLUITest { |
384 public: | 467 public: |
385 SSLUITestIgnoreLocalhostCertErrors() : SSLUITest() {} | 468 SSLUITestIgnoreLocalhostCertErrors() : SSLUITest() {} |
386 | 469 |
387 void SetUpCommandLine(base::CommandLine* command_line) override { | 470 void SetUpCommandLine(base::CommandLine* command_line) override { |
388 // Browser will ignore certificate errors on localhost. | 471 // Browser will ignore certificate errors on localhost. |
389 command_line->AppendSwitch(switches::kAllowInsecureLocalhost); | 472 command_line->AppendSwitch(switches::kAllowInsecureLocalhost); |
390 } | 473 } |
391 }; | 474 }; |
392 | 475 |
476 class SSLUITestWithExtendedReporting : public SSLUITest { | |
477 public: | |
478 SSLUITestWithExtendedReporting() : SSLUITest() {} | |
479 | |
480 void SetUpCommandLine(base::CommandLine* command_line) override { | |
481 // Enable a checkbox on SSL interstitials that allows users to opt | |
482 // in to reporting invalid certificate chains. | |
483 command_line->AppendSwitch(switches::kEnableInvalidCertCollection); | |
484 } | |
485 }; | |
486 | |
393 // Visits a regular page over http. | 487 // Visits a regular page over http. |
394 IN_PROC_BROWSER_TEST_F(SSLUITest, TestHTTP) { | 488 IN_PROC_BROWSER_TEST_F(SSLUITest, TestHTTP) { |
395 ASSERT_TRUE(test_server()->Start()); | 489 ASSERT_TRUE(test_server()->Start()); |
396 | 490 |
397 ui_test_utils::NavigateToURL(browser(), | 491 ui_test_utils::NavigateToURL(browser(), |
398 test_server()->GetURL("files/ssl/google.html")); | 492 test_server()->GetURL("files/ssl/google.html")); |
399 | 493 |
400 CheckUnauthenticatedState( | 494 CheckUnauthenticatedState( |
401 browser()->tab_strip_model()->GetActiveWebContents(), AuthState::NONE); | 495 browser()->tab_strip_model()->GetActiveWebContents(), AuthState::NONE); |
402 } | 496 } |
(...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
439 CheckAuthenticationBrokenState( | 533 CheckAuthenticationBrokenState( |
440 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL); | 534 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL); |
441 | 535 |
442 ProceedThroughInterstitial(tab); | 536 ProceedThroughInterstitial(tab); |
443 | 537 |
444 CheckAuthenticationBrokenState(tab, | 538 CheckAuthenticationBrokenState(tab, |
445 net::CERT_STATUS_DATE_INVALID, | 539 net::CERT_STATUS_DATE_INVALID, |
446 AuthState::DISPLAYED_INSECURE_CONTENT); | 540 AuthState::DISPLAYED_INSECURE_CONTENT); |
447 } | 541 } |
448 | 542 |
543 // Test that when the checkbox is checked and the user proceeds through | |
544 // the interstitial, the FraudulentCertificateReporter sees a request to | |
545 // send a report. | |
546 IN_PROC_BROWSER_TEST_F(SSLUITestWithExtendedReporting, | |
547 TestBrokenHTTPSProceedWithReporting) { | |
548 TestBrokenHTTPSReporting(true, true); | |
549 } | |
550 | |
551 // Test that when the checkbox is checked and the user goes back (does | |
552 // not proceed through the interstitial), the | |
553 // FraudulentCertificateReporter sees a request to send a report. | |
554 IN_PROC_BROWSER_TEST_F(SSLUITestWithExtendedReporting, | |
555 TestBrokenHTTPSGoBackWithReporting) { | |
556 TestBrokenHTTPSReporting(true, false); | |
557 } | |
558 | |
559 // Test that when the checkbox is not checked and the user proceeds | |
560 // through the interstitial, the FraudulentCertificateReporter does not | |
561 // see a request to send a report. | |
562 IN_PROC_BROWSER_TEST_F(SSLUITestWithExtendedReporting, | |
563 TestBrokenHTTPSProceedWithNoReporting) { | |
564 TestBrokenHTTPSReporting(false, true); | |
565 } | |
566 | |
567 // Test that when the checkbox is not checked and the user does not proceed | |
568 // through the interstitial, the FraudulentCertificateReporter does not | |
569 // see a request to send a report. | |
570 IN_PROC_BROWSER_TEST_F(SSLUITestWithExtendedReporting, | |
571 TestBrokenHTTPSGoBackWithNoReporting) { | |
572 TestBrokenHTTPSReporting(false, false); | |
573 } | |
574 | |
575 // Test that when the command-line switch for reporting invalid cert | |
576 // chains is not enabled, reports don't get sent, even if the opt-in | |
577 // preference is set. (i.e. if a user enables invalid cert collection in | |
578 // chrome://flags, checks the box on an interstitial, and then disables | |
579 // the flag in chrome://flags, reports shouldn't be sent on the next | |
580 // interstitial). | |
581 IN_PROC_BROWSER_TEST_F(SSLUITest, TestBrokenHTTPSNoReportingWithoutSwitch) { | |
582 TestBrokenHTTPSReporting(true, true, false); | |
583 } | |
584 | |
449 // http://crbug.com/91745 | 585 // http://crbug.com/91745 |
450 #if defined(OS_CHROMEOS) | 586 #if defined(OS_CHROMEOS) |
451 #define MAYBE_TestOKHTTPS DISABLED_TestOKHTTPS | 587 #define MAYBE_TestOKHTTPS DISABLED_TestOKHTTPS |
452 #else | 588 #else |
453 #define MAYBE_TestOKHTTPS TestOKHTTPS | 589 #define MAYBE_TestOKHTTPS TestOKHTTPS |
454 #endif | 590 #endif |
455 | 591 |
456 // Visits a page over OK https: | 592 // Visits a page over OK https: |
457 IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestOKHTTPS) { | 593 IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestOKHTTPS) { |
458 ASSERT_TRUE(https_server_.Start()); | 594 ASSERT_TRUE(https_server_.Start()); |
(...skipping 1456 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1915 | 2051 |
1916 // Visit a page over https that contains a frame with a redirect. | 2052 // Visit a page over https that contains a frame with a redirect. |
1917 | 2053 |
1918 // XMLHttpRequest insecure content in synchronous mode. | 2054 // XMLHttpRequest insecure content in synchronous mode. |
1919 | 2055 |
1920 // XMLHttpRequest insecure content in asynchronous mode. | 2056 // XMLHttpRequest insecure content in asynchronous mode. |
1921 | 2057 |
1922 // XMLHttpRequest over bad ssl in synchronous mode. | 2058 // XMLHttpRequest over bad ssl in synchronous mode. |
1923 | 2059 |
1924 // XMLHttpRequest over OK ssl in synchronous mode. | 2060 // XMLHttpRequest over OK ssl in synchronous mode. |
OLD | NEW |