Index: chrome/browser/ssl/ssl_browser_tests.cc |
diff --git a/chrome/browser/ssl/ssl_browser_tests.cc b/chrome/browser/ssl/ssl_browser_tests.cc |
index 2360705dbd73324ae3d23c14bd7bda92df460a2f..953dd9821ec90441e24b6b65b5c5d96a3b0ed233 100644 |
--- a/chrome/browser/ssl/ssl_browser_tests.cc |
+++ b/chrome/browser/ssl/ssl_browser_tests.cc |
@@ -12,6 +12,7 @@ |
#include "base/time/time.h" |
#include "chrome/app/chrome_command_ids.h" |
#include "chrome/browser/chrome_notification_types.h" |
+#include "chrome/browser/net/chrome_fraudulent_certificate_reporter.h" |
#include "chrome/browser/profiles/profile.h" |
#include "chrome/browser/ssl/ssl_blocking_page.h" |
#include "chrome/browser/ui/browser.h" |
@@ -45,6 +46,9 @@ |
#include "net/base/test_data_directory.h" |
#include "net/cert/cert_status_flags.h" |
#include "net/test/spawned_test_server/spawned_test_server.h" |
+#include "net/url_request/fraudulent_certificate_reporter.h" |
+#include "net/url_request/url_request_context.h" |
+#include "net/url_request/url_request_context_getter.h" |
#if defined(USE_NSS) |
#include "chrome/browser/net/nss_context.h" |
@@ -53,11 +57,13 @@ |
#endif // defined(USE_NSS) |
using base::ASCIIToUTF16; |
+using chrome_browser_net::ChromeFraudulentCertificateReporter; |
using content::InterstitialPage; |
using content::NavigationController; |
using content::NavigationEntry; |
using content::SSLStatus; |
using content::WebContents; |
+using net::FraudulentCertificateReporter; |
using web_modal::WebContentsModalDialogManager; |
const base::FilePath::CharType kDocRoot[] = |
@@ -193,6 +199,9 @@ class SSLUITest : public InProcessBrowserTest { |
// Use process-per-site so that navigating to a same-site page in a |
// new tab will use the same process. |
command_line->AppendSwitch(switches::kProcessPerSite); |
+ // Enable a checkbox on SSL interstitials that allows users to opt |
+ // in to reporting invalid certificate chains. |
+ command_line->AppendSwitch(switches::kEnableInvalidCertCollection); |
} |
void CheckAuthenticatedState(WebContents* tab, |
@@ -349,6 +358,51 @@ class SSLUITest : public InProcessBrowserTest { |
page_with_unsafe_worker_path); |
} |
+ // Helper function for the testing invalid certificate chain reporting. |
+ void TestBrokenHTTPSReporting(bool opt_in, bool proceed) { |
+ ASSERT_TRUE(https_server_expired_.Start()); |
+ |
+ // Set up the mock reporter to track the hostnames that reports get |
+ // sent for. |
+ net::URLRequestContext* context = |
+ browser()->profile()->GetRequestContext()->GetURLRequestContext(); |
+ MockReporter reporter(context); |
+ FraudulentCertificateReporter* orig_reporter = |
+ context->fraudulent_certificate_reporter(); |
+ context->set_fraudulent_certificate_reporter(&reporter); |
+ |
+ // Opt in to sending reports for invalid certificate chains. |
+ browser()->profile()->GetPrefs()->SetBoolean( |
+ prefs::kSafeBrowsingExtendedReportingEnabled, opt_in); |
+ |
+ EXPECT_EQ(reporter.GetLatestHostnameReported(), ""); |
+ |
+ ui_test_utils::NavigateToURL(browser(), https_server_expired_.GetURL("/")); |
+ |
+ WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); |
+ CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, |
+ AuthState::SHOWING_INTERSTITIAL); |
+ |
+ if (proceed) { |
+ ProceedThroughInterstitial(tab); |
+ } else { |
+ // Click "Take me back" |
+ InterstitialPage* interstitial_page = tab->GetInterstitialPage(); |
+ ASSERT_TRUE(interstitial_page); |
+ interstitial_page->DontProceed(); |
+ } |
+ |
+ if (opt_in) { |
+ // Check that the mock reporter received a request to send a report. |
+ EXPECT_EQ(reporter.GetLatestHostnameReported(), |
+ https_server_expired_.GetURL("/").host()); |
+ } else { |
+ EXPECT_EQ(reporter.GetLatestHostnameReported(), ""); |
+ } |
+ |
+ context->set_fraudulent_certificate_reporter(orig_reporter); |
+ } |
+ |
net::SpawnedTestServer https_server_; |
net::SpawnedTestServer https_server_expired_; |
net::SpawnedTestServer https_server_mismatched_; |
@@ -357,6 +411,28 @@ class SSLUITest : public InProcessBrowserTest { |
private: |
typedef net::SpawnedTestServer::SSLOptions SSLOptions; |
+ // This class is used to test invalid certificate chain reporting when |
+ // the user opts in to do so on the interstitial. |
+ class MockReporter : public ChromeFraudulentCertificateReporter { |
+ public: |
+ explicit MockReporter(net::URLRequestContext* request_context) |
+ : ChromeFraudulentCertificateReporter(request_context) { |
+ latest_hostname_reported_ = ""; |
+ } |
+ |
+ void SendInvalidChainReport(const std::string& hostname, |
+ const net::SSLInfo& ssl_info) override { |
+ latest_hostname_reported_ = hostname; |
+ } |
+ |
+ const std::string& GetLatestHostnameReported() { |
+ return latest_hostname_reported_; |
+ } |
+ |
+ private: |
+ std::string latest_hostname_reported_; |
+ }; |
+ |
DISALLOW_COPY_AND_ASSIGN(SSLUITest); |
}; |
@@ -446,6 +522,34 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestBrokenHTTPSWithInsecureContent) { |
AuthState::DISPLAYED_INSECURE_CONTENT); |
} |
+// Test that when the checkbox is checked and the user proceeds through |
+// the interstitial, the FraudulentCertificateReporter sees a request to |
+// send a report. |
+IN_PROC_BROWSER_TEST_F(SSLUITest, TestBrokenHTTPSProceedWithReporting) { |
+ TestBrokenHTTPSReporting(true, true); |
+} |
+ |
+// Test that when the checkbox is checked and the user goes back (does |
+// not proceed through the interstitial), the |
+// FraudulentCertificateReporter sees a request to send a report. |
+IN_PROC_BROWSER_TEST_F(SSLUITest, TestBrokenHTTPSGoBackWithReporting) { |
+ TestBrokenHTTPSReporting(true, false); |
+} |
+ |
+// Test that when the checkbox is not checked and the user proceeds |
+// through the interstitial, the FraudulentCertificateReporter does not |
+// see a request to send a report. |
+IN_PROC_BROWSER_TEST_F(SSLUITest, TestBrokenHTTPSProceedWithNoReporting) { |
+ TestBrokenHTTPSReporting(false, true); |
+} |
+ |
+// Test that when the checkbox is not checked and the user does not proceed |
+// through the interstitial, the FraudulentCertificateReporter does not |
+// see a request to send a report. |
+IN_PROC_BROWSER_TEST_F(SSLUITest, TestBrokenHTTPSGoBackWithNoReporting) { |
+ TestBrokenHTTPSReporting(false, false); |
+} |
+ |
// http://crbug.com/91745 |
#if defined(OS_CHROMEOS) |
#define MAYBE_TestOKHTTPS DISABLED_TestOKHTTPS |