OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "base/bind.h" | 5 #include "base/bind.h" |
6 #include "base/bind_helpers.h" | 6 #include "base/bind_helpers.h" |
7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
8 #include "base/prefs/pref_service.h" | 8 #include "base/prefs/pref_service.h" |
9 #include "base/strings/string_util.h" | 9 #include "base/strings/string_util.h" |
10 #include "base/strings/stringprintf.h" | 10 #include "base/strings/stringprintf.h" |
11 #include "base/strings/utf_string_conversions.h" | 11 #include "base/strings/utf_string_conversions.h" |
12 #include "base/time/time.h" | 12 #include "base/time/time.h" |
13 #include "chrome/app/chrome_command_ids.h" | 13 #include "chrome/app/chrome_command_ids.h" |
14 #include "chrome/browser/chrome_notification_types.h" | 14 #include "chrome/browser/chrome_notification_types.h" |
15 #include "chrome/browser/net/certificate_error_reporter.h" | |
15 #include "chrome/browser/profiles/profile.h" | 16 #include "chrome/browser/profiles/profile.h" |
17 #include "chrome/browser/profiles/profile_io_data.h" | |
16 #include "chrome/browser/ssl/ssl_blocking_page.h" | 18 #include "chrome/browser/ssl/ssl_blocking_page.h" |
17 #include "chrome/browser/ui/browser.h" | 19 #include "chrome/browser/ui/browser.h" |
18 #include "chrome/browser/ui/browser_commands.h" | 20 #include "chrome/browser/ui/browser_commands.h" |
19 #include "chrome/browser/ui/browser_navigator.h" | 21 #include "chrome/browser/ui/browser_navigator.h" |
20 #include "chrome/browser/ui/browser_tabstrip.h" | 22 #include "chrome/browser/ui/browser_tabstrip.h" |
21 #include "chrome/browser/ui/tabs/tab_strip_model.h" | 23 #include "chrome/browser/ui/tabs/tab_strip_model.h" |
22 #include "chrome/common/chrome_paths.h" | 24 #include "chrome/common/chrome_paths.h" |
23 #include "chrome/common/chrome_switches.h" | 25 #include "chrome/common/chrome_switches.h" |
24 #include "chrome/common/pref_names.h" | 26 #include "chrome/common/pref_names.h" |
25 #include "chrome/test/base/in_process_browser_test.h" | 27 #include "chrome/test/base/in_process_browser_test.h" |
(...skipping 12 matching lines...) Expand all Loading... | |
38 #include "content/public/browser/web_contents_observer.h" | 40 #include "content/public/browser/web_contents_observer.h" |
39 #include "content/public/common/security_style.h" | 41 #include "content/public/common/security_style.h" |
40 #include "content/public/common/ssl_status.h" | 42 #include "content/public/common/ssl_status.h" |
41 #include "content/public/test/browser_test_utils.h" | 43 #include "content/public/test/browser_test_utils.h" |
42 #include "content/public/test/download_test_observer.h" | 44 #include "content/public/test/download_test_observer.h" |
43 #include "content/public/test/test_renderer_host.h" | 45 #include "content/public/test/test_renderer_host.h" |
44 #include "net/base/net_errors.h" | 46 #include "net/base/net_errors.h" |
45 #include "net/base/test_data_directory.h" | 47 #include "net/base/test_data_directory.h" |
46 #include "net/cert/cert_status_flags.h" | 48 #include "net/cert/cert_status_flags.h" |
47 #include "net/test/spawned_test_server/spawned_test_server.h" | 49 #include "net/test/spawned_test_server/spawned_test_server.h" |
50 #include "net/url_request/url_request_context.h" | |
48 | 51 |
49 #if defined(USE_NSS) | 52 #if defined(USE_NSS) |
50 #include "chrome/browser/net/nss_context.h" | 53 #include "chrome/browser/net/nss_context.h" |
51 #include "net/base/crypto_module.h" | 54 #include "net/base/crypto_module.h" |
52 #include "net/cert/nss_cert_database.h" | 55 #include "net/cert/nss_cert_database.h" |
53 #endif // defined(USE_NSS) | 56 #endif // defined(USE_NSS) |
54 | 57 |
55 using base::ASCIIToUTF16; | 58 using base::ASCIIToUTF16; |
59 using chrome_browser_net::CertificateErrorReporter; | |
56 using content::InterstitialPage; | 60 using content::InterstitialPage; |
57 using content::NavigationController; | 61 using content::NavigationController; |
58 using content::NavigationEntry; | 62 using content::NavigationEntry; |
59 using content::SSLStatus; | 63 using content::SSLStatus; |
60 using content::WebContents; | 64 using content::WebContents; |
61 using web_modal::WebContentsModalDialogManager; | 65 using web_modal::WebContentsModalDialogManager; |
62 | 66 |
63 const base::FilePath::CharType kDocRoot[] = | 67 const base::FilePath::CharType kDocRoot[] = |
64 FILE_PATH_LITERAL("chrome/test/data"); | 68 FILE_PATH_LITERAL("chrome/test/data"); |
65 | 69 |
(...skipping 96 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
162 content::SecurityStyle expected_security_style, | 166 content::SecurityStyle expected_security_style, |
163 int expected_authentication_state) { | 167 int expected_authentication_state) { |
164 ASSERT_FALSE(tab->IsCrashed()); | 168 ASSERT_FALSE(tab->IsCrashed()); |
165 NavigationEntry* entry = tab->GetController().GetActiveEntry(); | 169 NavigationEntry* entry = tab->GetController().GetActiveEntry(); |
166 ASSERT_TRUE(entry); | 170 ASSERT_TRUE(entry); |
167 CertError::Check(*entry, error); | 171 CertError::Check(*entry, error); |
168 SecurityStyle::Check(*entry, expected_security_style); | 172 SecurityStyle::Check(*entry, expected_security_style); |
169 AuthState::Check(*entry, expected_authentication_state); | 173 AuthState::Check(*entry, expected_authentication_state); |
170 } | 174 } |
171 | 175 |
176 // This class is used to test invalid certificate chain reporting when | |
177 // the user opts in to do so on the interstitial. | |
178 class MockReporter : public CertificateErrorReporter { | |
179 public: | |
180 explicit MockReporter(net::URLRequestContext* request_context, | |
181 const GURL& upload_url) | |
182 : CertificateErrorReporter(request_context, upload_url) {} | |
183 | |
184 void SendReport(CertificateErrorReporter::ReportType type, | |
185 const std::string& hostname, | |
186 const net::SSLInfo& ssl_info) override { | |
187 EXPECT_EQ(CertificateErrorReporter::REPORT_TYPE_EXTENDED_REPORTING, type); | |
188 latest_hostname_reported_ = hostname; | |
189 } | |
190 | |
191 const std::string& latest_hostname_reported() { | |
192 return latest_hostname_reported_; | |
193 } | |
194 | |
195 private: | |
196 std::string latest_hostname_reported_; | |
197 }; | |
198 | |
172 } // namespace | 199 } // namespace |
173 | 200 |
174 class SSLUITest : public InProcessBrowserTest { | 201 class SSLUITest : public InProcessBrowserTest { |
175 public: | 202 public: |
176 SSLUITest() | 203 SSLUITest() |
177 : https_server_(net::SpawnedTestServer::TYPE_HTTPS, | 204 : https_server_(net::SpawnedTestServer::TYPE_HTTPS, |
178 SSLOptions(SSLOptions::CERT_OK), | 205 SSLOptions(SSLOptions::CERT_OK), |
179 base::FilePath(kDocRoot)), | 206 base::FilePath(kDocRoot)), |
180 https_server_expired_(net::SpawnedTestServer::TYPE_HTTPS, | 207 https_server_expired_(net::SpawnedTestServer::TYPE_HTTPS, |
181 SSLOptions(SSLOptions::CERT_EXPIRED), | 208 SSLOptions(SSLOptions::CERT_EXPIRED), |
(...skipping 162 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
344 std::vector<net::SpawnedTestServer::StringPair> | 371 std::vector<net::SpawnedTestServer::StringPair> |
345 replacement_text_for_page_with_unsafe_worker; | 372 replacement_text_for_page_with_unsafe_worker; |
346 replacement_text_for_page_with_unsafe_worker.push_back( | 373 replacement_text_for_page_with_unsafe_worker.push_back( |
347 make_pair("REPLACE_WITH_UNSAFE_WORKER_PATH", unsafe_worker_path)); | 374 make_pair("REPLACE_WITH_UNSAFE_WORKER_PATH", unsafe_worker_path)); |
348 return net::SpawnedTestServer::GetFilePathWithReplacements( | 375 return net::SpawnedTestServer::GetFilePathWithReplacements( |
349 "files/ssl/page_with_unsafe_worker.html", | 376 "files/ssl/page_with_unsafe_worker.html", |
350 replacement_text_for_page_with_unsafe_worker, | 377 replacement_text_for_page_with_unsafe_worker, |
351 page_with_unsafe_worker_path); | 378 page_with_unsafe_worker_path); |
352 } | 379 } |
353 | 380 |
381 // Helper function for testing invalid certificate chain reporting. | |
382 void TestBrokenHTTPSReporting(bool opt_in, | |
383 bool proceed, | |
384 bool switch_enabled, | |
385 bool expect_report, | |
386 Browser* browser) { | |
387 ASSERT_TRUE(https_server_expired_.Start()); | |
388 | |
389 // Opt in to sending reports for invalid certificate chains. | |
390 browser->profile()->GetPrefs()->SetBoolean( | |
391 prefs::kSafeBrowsingExtendedReportingEnabled, opt_in); | |
392 | |
393 ui_test_utils::NavigateToURL(browser, https_server_expired_.GetURL("/")); | |
394 | |
395 WebContents* tab = browser->tab_strip_model()->GetActiveWebContents(); | |
396 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, | |
397 AuthState::SHOWING_INTERSTITIAL); | |
398 | |
399 // Set up a callback so that the test is notified when the report | |
400 // has been sent on the IO thread (or not sent). | |
401 base::RunLoop report_run_loop; | |
402 base::Closure report_callback = report_run_loop.QuitClosure(); | |
403 SSLBlockingPage* interstitial_page = static_cast<SSLBlockingPage*>( | |
404 tab->GetInterstitialPage()->GetDelegateForTesting()); | |
405 interstitial_page->SetCertificateReportCallbackForTesting(report_callback); | |
406 // Set up the mock reporter to track the hostnames that reports get | |
407 // sent for. The request_context argument is NULL here | |
408 // because the MockReporter doesn't actually use a | |
409 // request_context. (In order to pass a real request_context, the | |
410 // reporter would have to be constructed on the IO thread.) | |
411 MockReporter* reporter = | |
412 new MockReporter(NULL, GURL("http://example.test")); | |
413 ProfileIOData* profile_io_data = ProfileIOData::FromResourceContext( | |
414 tab->GetBrowserContext()->GetResourceContext()); | |
415 profile_io_data->set_certificate_error_reporter_for_testing(reporter); | |
416 EXPECT_EQ(std::string(), reporter->latest_hostname_reported()); | |
417 | |
418 // Leave the interstitial (either by proceeding or going back) | |
419 if (proceed) { | |
420 ProceedThroughInterstitial(tab); | |
421 } else { | |
422 // Click "Take me back" | |
423 InterstitialPage* interstitial_page = tab->GetInterstitialPage(); | |
424 ASSERT_TRUE(interstitial_page); | |
425 interstitial_page->DontProceed(); | |
426 } | |
427 | |
428 // Wait until the report has been sent on the IO thread. | |
429 report_run_loop.Run(); | |
430 | |
431 if (expect_report) { | |
432 // Check that the mock reporter received a request to send a report. | |
433 EXPECT_EQ(https_server_expired_.GetURL("/").host(), | |
434 reporter->latest_hostname_reported()); | |
435 } else { | |
436 EXPECT_EQ(std::string(), reporter->latest_hostname_reported()); | |
437 } | |
438 } | |
439 | |
354 net::SpawnedTestServer https_server_; | 440 net::SpawnedTestServer https_server_; |
355 net::SpawnedTestServer https_server_expired_; | 441 net::SpawnedTestServer https_server_expired_; |
356 net::SpawnedTestServer https_server_mismatched_; | 442 net::SpawnedTestServer https_server_mismatched_; |
357 net::SpawnedTestServer wss_server_expired_; | 443 net::SpawnedTestServer wss_server_expired_; |
358 | 444 |
359 private: | 445 private: |
360 typedef net::SpawnedTestServer::SSLOptions SSLOptions; | 446 typedef net::SpawnedTestServer::SSLOptions SSLOptions; |
361 | 447 |
362 DISALLOW_COPY_AND_ASSIGN(SSLUITest); | 448 DISALLOW_COPY_AND_ASSIGN(SSLUITest); |
363 }; | 449 }; |
(...skipping 21 matching lines...) Expand all Loading... | |
385 class SSLUITestIgnoreLocalhostCertErrors : public SSLUITest { | 471 class SSLUITestIgnoreLocalhostCertErrors : public SSLUITest { |
386 public: | 472 public: |
387 SSLUITestIgnoreLocalhostCertErrors() : SSLUITest() {} | 473 SSLUITestIgnoreLocalhostCertErrors() : SSLUITest() {} |
388 | 474 |
389 void SetUpCommandLine(base::CommandLine* command_line) override { | 475 void SetUpCommandLine(base::CommandLine* command_line) override { |
390 // Browser will ignore certificate errors on localhost. | 476 // Browser will ignore certificate errors on localhost. |
391 command_line->AppendSwitch(switches::kAllowInsecureLocalhost); | 477 command_line->AppendSwitch(switches::kAllowInsecureLocalhost); |
392 } | 478 } |
393 }; | 479 }; |
394 | 480 |
481 class SSLUITestWithExtendedReporting : public SSLUITest { | |
482 public: | |
483 SSLUITestWithExtendedReporting() : SSLUITest() {} | |
484 | |
485 void SetUpCommandLine(base::CommandLine* command_line) override { | |
486 // Enable a checkbox on SSL interstitials that allows users to opt | |
487 // in to reporting invalid certificate chains. | |
488 command_line->AppendSwitch(switches::kEnableInvalidCertCollection); | |
489 } | |
490 }; | |
491 | |
395 // Visits a regular page over http. | 492 // Visits a regular page over http. |
396 IN_PROC_BROWSER_TEST_F(SSLUITest, TestHTTP) { | 493 IN_PROC_BROWSER_TEST_F(SSLUITest, TestHTTP) { |
397 ASSERT_TRUE(test_server()->Start()); | 494 ASSERT_TRUE(test_server()->Start()); |
398 | 495 |
399 ui_test_utils::NavigateToURL(browser(), | 496 ui_test_utils::NavigateToURL(browser(), |
400 test_server()->GetURL("files/ssl/google.html")); | 497 test_server()->GetURL("files/ssl/google.html")); |
401 | 498 |
402 CheckUnauthenticatedState( | 499 CheckUnauthenticatedState( |
403 browser()->tab_strip_model()->GetActiveWebContents(), AuthState::NONE); | 500 browser()->tab_strip_model()->GetActiveWebContents(), AuthState::NONE); |
404 } | 501 } |
(...skipping 577 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
982 &replacement_path)); | 1079 &replacement_path)); |
983 | 1080 |
984 // Load a page that displays insecure content. | 1081 // Load a page that displays insecure content. |
985 ui_test_utils::NavigateToURL(browser(), | 1082 ui_test_utils::NavigateToURL(browser(), |
986 https_server_.GetURL(replacement_path)); | 1083 https_server_.GetURL(replacement_path)); |
987 | 1084 |
988 CheckAuthenticatedState(browser()->tab_strip_model()->GetActiveWebContents(), | 1085 CheckAuthenticatedState(browser()->tab_strip_model()->GetActiveWebContents(), |
989 AuthState::DISPLAYED_INSECURE_CONTENT); | 1086 AuthState::DISPLAYED_INSECURE_CONTENT); |
990 } | 1087 } |
991 | 1088 |
1089 // Test that when the checkbox is checked and the user proceeds through | |
1090 // the interstitial, the FraudulentCertificateReporter sees a request to | |
1091 // send a report. | |
1092 IN_PROC_BROWSER_TEST_F(SSLUITestWithExtendedReporting, | |
1093 TestBrokenHTTPSProceedWithReporting) { | |
1094 TestBrokenHTTPSReporting(true, true, true, true, browser()); | |
mattm
2015/03/17 20:58:13
Use enums with self-descriptive value names instea
estark
2015/03/18 15:57:18
Done.
| |
1095 } | |
1096 | |
1097 // Test that when the checkbox is checked and the user goes back (does | |
1098 // not proceed through the interstitial), the | |
1099 // FraudulentCertificateReporter sees a request to send a report. | |
1100 IN_PROC_BROWSER_TEST_F(SSLUITestWithExtendedReporting, | |
1101 TestBrokenHTTPSGoBackWithReporting) { | |
1102 TestBrokenHTTPSReporting(true, false, true, true, browser()); | |
1103 } | |
1104 | |
1105 // Test that when the checkbox is not checked and the user proceeds | |
1106 // through the interstitial, the FraudulentCertificateReporter does not | |
1107 // see a request to send a report. | |
1108 IN_PROC_BROWSER_TEST_F(SSLUITestWithExtendedReporting, | |
1109 TestBrokenHTTPSProceedWithNoReporting) { | |
1110 TestBrokenHTTPSReporting(false, true, true, false, browser()); | |
1111 } | |
1112 | |
1113 // Test that when the checkbox is not checked and the user does not proceed | |
1114 // through the interstitial, the FraudulentCertificateReporter does not | |
1115 // see a request to send a report. | |
1116 IN_PROC_BROWSER_TEST_F(SSLUITestWithExtendedReporting, | |
1117 TestBrokenHTTPSGoBackWithNoReporting) { | |
1118 TestBrokenHTTPSReporting(false, false, true, false, browser()); | |
1119 } | |
1120 | |
1121 // Test that when the command-line switch for reporting invalid cert | |
1122 // chains is not enabled, reports don't get sent, even if the opt-in | |
1123 // preference is set. (i.e. if a user enables invalid cert collection in | |
1124 // chrome://flags, checks the box on an interstitial, and then disables | |
1125 // the flag in chrome://flags, reports shouldn't be sent on the next | |
1126 // interstitial). | |
1127 IN_PROC_BROWSER_TEST_F(SSLUITest, TestBrokenHTTPSNoReportingWithoutSwitch) { | |
1128 TestBrokenHTTPSReporting(true, true, false, false, browser()); | |
1129 } | |
1130 | |
1131 // Test that reports don't get sent in incognito mode even if the opt-in | |
1132 // preference is set and the command-line switch is enabled. | |
1133 IN_PROC_BROWSER_TEST_F(SSLUITestWithExtendedReporting, | |
1134 TestBrokenHTTPSNoReportingInIncognito) { | |
1135 TestBrokenHTTPSReporting(true, true, true, false, CreateIncognitoBrowser()); | |
1136 } | |
1137 | |
992 // Visits a page that runs insecure content and tries to suppress the insecure | 1138 // Visits a page that runs insecure content and tries to suppress the insecure |
993 // content warnings by randomizing location.hash. | 1139 // content warnings by randomizing location.hash. |
994 // Based on http://crbug.com/8706 | 1140 // Based on http://crbug.com/8706 |
995 IN_PROC_BROWSER_TEST_F(SSLUITest, | 1141 IN_PROC_BROWSER_TEST_F(SSLUITest, |
996 TestRunsInsecuredContentRandomizeHash) { | 1142 TestRunsInsecuredContentRandomizeHash) { |
997 ASSERT_TRUE(test_server()->Start()); | 1143 ASSERT_TRUE(test_server()->Start()); |
998 ASSERT_TRUE(https_server_.Start()); | 1144 ASSERT_TRUE(https_server_.Start()); |
999 | 1145 |
1000 ui_test_utils::NavigateToURL(browser(), https_server_.GetURL( | 1146 ui_test_utils::NavigateToURL(browser(), https_server_.GetURL( |
1001 "files/ssl/page_runs_insecure_content.html")); | 1147 "files/ssl/page_runs_insecure_content.html")); |
(...skipping 930 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1932 | 2078 |
1933 // Visit a page over https that contains a frame with a redirect. | 2079 // Visit a page over https that contains a frame with a redirect. |
1934 | 2080 |
1935 // XMLHttpRequest insecure content in synchronous mode. | 2081 // XMLHttpRequest insecure content in synchronous mode. |
1936 | 2082 |
1937 // XMLHttpRequest insecure content in asynchronous mode. | 2083 // XMLHttpRequest insecure content in asynchronous mode. |
1938 | 2084 |
1939 // XMLHttpRequest over bad ssl in synchronous mode. | 2085 // XMLHttpRequest over bad ssl in synchronous mode. |
1940 | 2086 |
1941 // XMLHttpRequest over OK ssl in synchronous mode. | 2087 // XMLHttpRequest over OK ssl in synchronous mode. |
OLD | NEW |