OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "base/bind.h" | 5 #include "base/bind.h" |
6 #include "base/bind_helpers.h" | 6 #include "base/bind_helpers.h" |
7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
8 #include "base/prefs/pref_service.h" | 8 #include "base/prefs/pref_service.h" |
9 #include "base/strings/string_util.h" | 9 #include "base/strings/string_util.h" |
10 #include "base/strings/stringprintf.h" | 10 #include "base/strings/stringprintf.h" |
11 #include "base/strings/utf_string_conversions.h" | 11 #include "base/strings/utf_string_conversions.h" |
12 #include "base/time/time.h" | 12 #include "base/time/time.h" |
13 #include "chrome/app/chrome_command_ids.h" | 13 #include "chrome/app/chrome_command_ids.h" |
14 #include "chrome/browser/chrome_notification_types.h" | 14 #include "chrome/browser/chrome_notification_types.h" |
| 15 #include "chrome/browser/net/certificate_error_reporter.h" |
15 #include "chrome/browser/profiles/profile.h" | 16 #include "chrome/browser/profiles/profile.h" |
16 #include "chrome/browser/ssl/ssl_blocking_page.h" | 17 #include "chrome/browser/ssl/ssl_blocking_page.h" |
17 #include "chrome/browser/ui/browser.h" | 18 #include "chrome/browser/ui/browser.h" |
18 #include "chrome/browser/ui/browser_commands.h" | 19 #include "chrome/browser/ui/browser_commands.h" |
19 #include "chrome/browser/ui/browser_navigator.h" | 20 #include "chrome/browser/ui/browser_navigator.h" |
20 #include "chrome/browser/ui/browser_tabstrip.h" | 21 #include "chrome/browser/ui/browser_tabstrip.h" |
21 #include "chrome/browser/ui/tabs/tab_strip_model.h" | 22 #include "chrome/browser/ui/tabs/tab_strip_model.h" |
22 #include "chrome/common/chrome_paths.h" | 23 #include "chrome/common/chrome_paths.h" |
23 #include "chrome/common/chrome_switches.h" | 24 #include "chrome/common/chrome_switches.h" |
24 #include "chrome/common/pref_names.h" | 25 #include "chrome/common/pref_names.h" |
(...skipping 13 matching lines...) Expand all Loading... |
38 #include "content/public/browser/web_contents_observer.h" | 39 #include "content/public/browser/web_contents_observer.h" |
39 #include "content/public/common/security_style.h" | 40 #include "content/public/common/security_style.h" |
40 #include "content/public/common/ssl_status.h" | 41 #include "content/public/common/ssl_status.h" |
41 #include "content/public/test/browser_test_utils.h" | 42 #include "content/public/test/browser_test_utils.h" |
42 #include "content/public/test/download_test_observer.h" | 43 #include "content/public/test/download_test_observer.h" |
43 #include "content/public/test/test_renderer_host.h" | 44 #include "content/public/test/test_renderer_host.h" |
44 #include "net/base/net_errors.h" | 45 #include "net/base/net_errors.h" |
45 #include "net/base/test_data_directory.h" | 46 #include "net/base/test_data_directory.h" |
46 #include "net/cert/cert_status_flags.h" | 47 #include "net/cert/cert_status_flags.h" |
47 #include "net/test/spawned_test_server/spawned_test_server.h" | 48 #include "net/test/spawned_test_server/spawned_test_server.h" |
| 49 #include "net/url_request/url_request_context.h" |
48 | 50 |
49 #if defined(USE_NSS) | 51 #if defined(USE_NSS) |
50 #include "chrome/browser/net/nss_context.h" | 52 #include "chrome/browser/net/nss_context.h" |
51 #include "net/base/crypto_module.h" | 53 #include "net/base/crypto_module.h" |
52 #include "net/cert/nss_cert_database.h" | 54 #include "net/cert/nss_cert_database.h" |
53 #endif // defined(USE_NSS) | 55 #endif // defined(USE_NSS) |
54 | 56 |
55 using base::ASCIIToUTF16; | 57 using base::ASCIIToUTF16; |
| 58 using chrome_browser_net::CertificateErrorReporter; |
56 using content::InterstitialPage; | 59 using content::InterstitialPage; |
57 using content::NavigationController; | 60 using content::NavigationController; |
58 using content::NavigationEntry; | 61 using content::NavigationEntry; |
59 using content::SSLStatus; | 62 using content::SSLStatus; |
60 using content::WebContents; | 63 using content::WebContents; |
61 using web_modal::WebContentsModalDialogManager; | 64 using web_modal::WebContentsModalDialogManager; |
62 | 65 |
63 const base::FilePath::CharType kDocRoot[] = | 66 const base::FilePath::CharType kDocRoot[] = |
64 FILE_PATH_LITERAL("chrome/test/data"); | 67 FILE_PATH_LITERAL("chrome/test/data"); |
65 | 68 |
(...skipping 96 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
162 content::SecurityStyle expected_security_style, | 165 content::SecurityStyle expected_security_style, |
163 int expected_authentication_state) { | 166 int expected_authentication_state) { |
164 ASSERT_FALSE(tab->IsCrashed()); | 167 ASSERT_FALSE(tab->IsCrashed()); |
165 NavigationEntry* entry = tab->GetController().GetActiveEntry(); | 168 NavigationEntry* entry = tab->GetController().GetActiveEntry(); |
166 ASSERT_TRUE(entry); | 169 ASSERT_TRUE(entry); |
167 CertError::Check(*entry, error); | 170 CertError::Check(*entry, error); |
168 SecurityStyle::Check(*entry, expected_security_style); | 171 SecurityStyle::Check(*entry, expected_security_style); |
169 AuthState::Check(*entry, expected_authentication_state); | 172 AuthState::Check(*entry, expected_authentication_state); |
170 } | 173 } |
171 | 174 |
| 175 // This class is used to test invalid certificate chain reporting when |
| 176 // the user opts in to do so on the interstitial. |
| 177 class MockReporter : public CertificateErrorReporter { |
| 178 public: |
| 179 explicit MockReporter(const GURL& upload_url) |
| 180 : CertificateErrorReporter(upload_url) {} |
| 181 |
| 182 void SendReport(CertificateErrorReporter::ReportType type, |
| 183 net::URLRequestContext* request_context, |
| 184 const std::string& hostname, |
| 185 const net::SSLInfo& ssl_info) override { |
| 186 EXPECT_EQ(CertificateErrorReporter::REPORT_TYPE_EXTENDED_REPORTING, type); |
| 187 latest_hostname_reported_ = hostname; |
| 188 } |
| 189 |
| 190 const std::string& latest_hostname_reported() { |
| 191 return latest_hostname_reported_; |
| 192 } |
| 193 |
| 194 private: |
| 195 ~MockReporter() override {} |
| 196 std::string latest_hostname_reported_; |
| 197 }; |
172 } // namespace | 198 } // namespace |
173 | 199 |
174 class SSLUITest : public InProcessBrowserTest { | 200 class SSLUITest : public InProcessBrowserTest { |
175 public: | 201 public: |
176 SSLUITest() | 202 SSLUITest() |
177 : https_server_(net::SpawnedTestServer::TYPE_HTTPS, | 203 : https_server_(net::SpawnedTestServer::TYPE_HTTPS, |
178 SSLOptions(SSLOptions::CERT_OK), | 204 SSLOptions(SSLOptions::CERT_OK), |
179 base::FilePath(kDocRoot)), | 205 base::FilePath(kDocRoot)), |
180 https_server_expired_(net::SpawnedTestServer::TYPE_HTTPS, | 206 https_server_expired_(net::SpawnedTestServer::TYPE_HTTPS, |
181 SSLOptions(SSLOptions::CERT_EXPIRED), | 207 SSLOptions(SSLOptions::CERT_EXPIRED), |
(...skipping 162 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
344 std::vector<net::SpawnedTestServer::StringPair> | 370 std::vector<net::SpawnedTestServer::StringPair> |
345 replacement_text_for_page_with_unsafe_worker; | 371 replacement_text_for_page_with_unsafe_worker; |
346 replacement_text_for_page_with_unsafe_worker.push_back( | 372 replacement_text_for_page_with_unsafe_worker.push_back( |
347 make_pair("REPLACE_WITH_UNSAFE_WORKER_PATH", unsafe_worker_path)); | 373 make_pair("REPLACE_WITH_UNSAFE_WORKER_PATH", unsafe_worker_path)); |
348 return net::SpawnedTestServer::GetFilePathWithReplacements( | 374 return net::SpawnedTestServer::GetFilePathWithReplacements( |
349 "files/ssl/page_with_unsafe_worker.html", | 375 "files/ssl/page_with_unsafe_worker.html", |
350 replacement_text_for_page_with_unsafe_worker, | 376 replacement_text_for_page_with_unsafe_worker, |
351 page_with_unsafe_worker_path); | 377 page_with_unsafe_worker_path); |
352 } | 378 } |
353 | 379 |
| 380 // Helper function for testing invalid certificate chain reporting. |
| 381 void TestBrokenHTTPSReporting(bool opt_in, |
| 382 bool proceed, |
| 383 bool switch_enabled, |
| 384 bool expect_report, |
| 385 Browser* browser) { |
| 386 ASSERT_TRUE(https_server_expired_.Start()); |
| 387 |
| 388 // Opt in to sending reports for invalid certificate chains. |
| 389 browser->profile()->GetPrefs()->SetBoolean( |
| 390 prefs::kSafeBrowsingExtendedReportingEnabled, opt_in); |
| 391 |
| 392 ui_test_utils::NavigateToURL(browser, https_server_expired_.GetURL("/")); |
| 393 |
| 394 WebContents* tab = browser->tab_strip_model()->GetActiveWebContents(); |
| 395 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, |
| 396 AuthState::SHOWING_INTERSTITIAL); |
| 397 |
| 398 // Set up a callback so that the test is notified when the report |
| 399 // has been sent on the IO thread (or not sent). |
| 400 base::RunLoop report_run_loop; |
| 401 base::Closure report_callback = report_run_loop.QuitClosure(); |
| 402 SSLBlockingPage* interstitial_page = static_cast<SSLBlockingPage*>( |
| 403 tab->GetInterstitialPage()->GetDelegateForTesting()); |
| 404 interstitial_page->SetCertificateReportCallbackForTesting(report_callback); |
| 405 // Set up the mock reporter to track the hostnames that reports get |
| 406 // sent for. The request_context argument is not present here |
| 407 // because the MockReporter doesn't actually use a |
| 408 // request_context. (In order to pass a real request_context, the |
| 409 // reporter would have to be constructed on the IO thread.) |
| 410 scoped_refptr<MockReporter> reporter = |
| 411 new MockReporter(GURL("http://example.test")); |
| 412 interstitial_page->SetCertificateErrorReporterForTesting(reporter); |
| 413 |
| 414 EXPECT_EQ(std::string(), reporter->latest_hostname_reported()); |
| 415 |
| 416 // Leave the interstitial (either by proceeding or going back) |
| 417 if (proceed) { |
| 418 ProceedThroughInterstitial(tab); |
| 419 } else { |
| 420 // Click "Take me back" |
| 421 InterstitialPage* interstitial_page = tab->GetInterstitialPage(); |
| 422 ASSERT_TRUE(interstitial_page); |
| 423 interstitial_page->DontProceed(); |
| 424 } |
| 425 |
| 426 // Wait until the report has been sent on the IO thread. |
| 427 report_run_loop.Run(); |
| 428 |
| 429 if (expect_report) { |
| 430 // Check that the mock reporter received a request to send a report. |
| 431 EXPECT_EQ(https_server_expired_.GetURL("/").host(), |
| 432 reporter->latest_hostname_reported()); |
| 433 } else { |
| 434 EXPECT_EQ(std::string(), reporter->latest_hostname_reported()); |
| 435 } |
| 436 } |
| 437 |
354 net::SpawnedTestServer https_server_; | 438 net::SpawnedTestServer https_server_; |
355 net::SpawnedTestServer https_server_expired_; | 439 net::SpawnedTestServer https_server_expired_; |
356 net::SpawnedTestServer https_server_mismatched_; | 440 net::SpawnedTestServer https_server_mismatched_; |
357 net::SpawnedTestServer wss_server_expired_; | 441 net::SpawnedTestServer wss_server_expired_; |
358 | 442 |
359 private: | 443 private: |
360 typedef net::SpawnedTestServer::SSLOptions SSLOptions; | 444 typedef net::SpawnedTestServer::SSLOptions SSLOptions; |
361 | 445 |
362 DISALLOW_COPY_AND_ASSIGN(SSLUITest); | 446 DISALLOW_COPY_AND_ASSIGN(SSLUITest); |
363 }; | 447 }; |
(...skipping 21 matching lines...) Expand all Loading... |
385 class SSLUITestIgnoreLocalhostCertErrors : public SSLUITest { | 469 class SSLUITestIgnoreLocalhostCertErrors : public SSLUITest { |
386 public: | 470 public: |
387 SSLUITestIgnoreLocalhostCertErrors() : SSLUITest() {} | 471 SSLUITestIgnoreLocalhostCertErrors() : SSLUITest() {} |
388 | 472 |
389 void SetUpCommandLine(base::CommandLine* command_line) override { | 473 void SetUpCommandLine(base::CommandLine* command_line) override { |
390 // Browser will ignore certificate errors on localhost. | 474 // Browser will ignore certificate errors on localhost. |
391 command_line->AppendSwitch(switches::kAllowInsecureLocalhost); | 475 command_line->AppendSwitch(switches::kAllowInsecureLocalhost); |
392 } | 476 } |
393 }; | 477 }; |
394 | 478 |
| 479 class SSLUITestWithExtendedReporting : public SSLUITest { |
| 480 public: |
| 481 SSLUITestWithExtendedReporting() : SSLUITest() {} |
| 482 |
| 483 void SetUpCommandLine(base::CommandLine* command_line) override { |
| 484 // Enable a checkbox on SSL interstitials that allows users to opt |
| 485 // in to reporting invalid certificate chains. |
| 486 command_line->AppendSwitch(switches::kEnableInvalidCertCollection); |
| 487 } |
| 488 }; |
| 489 |
395 // Visits a regular page over http. | 490 // Visits a regular page over http. |
396 IN_PROC_BROWSER_TEST_F(SSLUITest, TestHTTP) { | 491 IN_PROC_BROWSER_TEST_F(SSLUITest, TestHTTP) { |
397 ASSERT_TRUE(test_server()->Start()); | 492 ASSERT_TRUE(test_server()->Start()); |
398 | 493 |
399 ui_test_utils::NavigateToURL(browser(), | 494 ui_test_utils::NavigateToURL(browser(), |
400 test_server()->GetURL("files/ssl/google.html")); | 495 test_server()->GetURL("files/ssl/google.html")); |
401 | 496 |
402 CheckUnauthenticatedState( | 497 CheckUnauthenticatedState( |
403 browser()->tab_strip_model()->GetActiveWebContents(), AuthState::NONE); | 498 browser()->tab_strip_model()->GetActiveWebContents(), AuthState::NONE); |
404 } | 499 } |
(...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
441 CheckAuthenticationBrokenState( | 536 CheckAuthenticationBrokenState( |
442 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL); | 537 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL); |
443 | 538 |
444 ProceedThroughInterstitial(tab); | 539 ProceedThroughInterstitial(tab); |
445 | 540 |
446 CheckAuthenticationBrokenState(tab, | 541 CheckAuthenticationBrokenState(tab, |
447 net::CERT_STATUS_DATE_INVALID, | 542 net::CERT_STATUS_DATE_INVALID, |
448 AuthState::DISPLAYED_INSECURE_CONTENT); | 543 AuthState::DISPLAYED_INSECURE_CONTENT); |
449 } | 544 } |
450 | 545 |
| 546 // Test that when the checkbox is checked and the user proceeds through |
| 547 // the interstitial, the FraudulentCertificateReporter sees a request to |
| 548 // send a report. |
| 549 IN_PROC_BROWSER_TEST_F(SSLUITestWithExtendedReporting, |
| 550 TestBrokenHTTPSProceedWithReporting) { |
| 551 TestBrokenHTTPSReporting(true, true, true, true, browser()); |
| 552 } |
| 553 |
| 554 // Test that when the checkbox is checked and the user goes back (does |
| 555 // not proceed through the interstitial), the |
| 556 // FraudulentCertificateReporter sees a request to send a report. |
| 557 IN_PROC_BROWSER_TEST_F(SSLUITestWithExtendedReporting, |
| 558 TestBrokenHTTPSGoBackWithReporting) { |
| 559 TestBrokenHTTPSReporting(true, false, true, true, browser()); |
| 560 } |
| 561 |
| 562 // Test that when the checkbox is not checked and the user proceeds |
| 563 // through the interstitial, the FraudulentCertificateReporter does not |
| 564 // see a request to send a report. |
| 565 IN_PROC_BROWSER_TEST_F(SSLUITestWithExtendedReporting, |
| 566 TestBrokenHTTPSProceedWithNoReporting) { |
| 567 TestBrokenHTTPSReporting(false, true, true, false, browser()); |
| 568 } |
| 569 |
| 570 // Test that when the checkbox is not checked and the user does not proceed |
| 571 // through the interstitial, the FraudulentCertificateReporter does not |
| 572 // see a request to send a report. |
| 573 IN_PROC_BROWSER_TEST_F(SSLUITestWithExtendedReporting, |
| 574 TestBrokenHTTPSGoBackWithNoReporting) { |
| 575 TestBrokenHTTPSReporting(false, false, true, false, browser()); |
| 576 } |
| 577 |
| 578 // Test that when the command-line switch for reporting invalid cert |
| 579 // chains is not enabled, reports don't get sent, even if the opt-in |
| 580 // preference is set. (i.e. if a user enables invalid cert collection in |
| 581 // chrome://flags, checks the box on an interstitial, and then disables |
| 582 // the flag in chrome://flags, reports shouldn't be sent on the next |
| 583 // interstitial). |
| 584 IN_PROC_BROWSER_TEST_F(SSLUITest, TestBrokenHTTPSNoReportingWithoutSwitch) { |
| 585 TestBrokenHTTPSReporting(true, true, false, false, browser()); |
| 586 } |
| 587 |
| 588 // Test that reports don't get sent in incognito mode even if the opt-in |
| 589 // preference is set and the command-line switch is enabled. |
| 590 IN_PROC_BROWSER_TEST_F(SSLUITestWithExtendedReporting, |
| 591 TestBrokenHTTPSNoReportingInIncognito) { |
| 592 TestBrokenHTTPSReporting(true, true, true, false, CreateIncognitoBrowser()); |
| 593 } |
| 594 |
451 // http://crbug.com/91745 | 595 // http://crbug.com/91745 |
452 #if defined(OS_CHROMEOS) | 596 #if defined(OS_CHROMEOS) |
453 #define MAYBE_TestOKHTTPS DISABLED_TestOKHTTPS | 597 #define MAYBE_TestOKHTTPS DISABLED_TestOKHTTPS |
454 #else | 598 #else |
455 #define MAYBE_TestOKHTTPS TestOKHTTPS | 599 #define MAYBE_TestOKHTTPS TestOKHTTPS |
456 #endif | 600 #endif |
457 | 601 |
458 // Visits a page over OK https: | 602 // Visits a page over OK https: |
459 IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestOKHTTPS) { | 603 IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestOKHTTPS) { |
460 ASSERT_TRUE(https_server_.Start()); | 604 ASSERT_TRUE(https_server_.Start()); |
(...skipping 1471 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1932 | 2076 |
1933 // Visit a page over https that contains a frame with a redirect. | 2077 // Visit a page over https that contains a frame with a redirect. |
1934 | 2078 |
1935 // XMLHttpRequest insecure content in synchronous mode. | 2079 // XMLHttpRequest insecure content in synchronous mode. |
1936 | 2080 |
1937 // XMLHttpRequest insecure content in asynchronous mode. | 2081 // XMLHttpRequest insecure content in asynchronous mode. |
1938 | 2082 |
1939 // XMLHttpRequest over bad ssl in synchronous mode. | 2083 // XMLHttpRequest over bad ssl in synchronous mode. |
1940 | 2084 |
1941 // XMLHttpRequest over OK ssl in synchronous mode. | 2085 // XMLHttpRequest over OK ssl in synchronous mode. |
OLD | NEW |