| Index: chrome/browser/ssl/ssl_browser_tests.cc
|
| diff --git a/chrome/browser/ssl/ssl_browser_tests.cc b/chrome/browser/ssl/ssl_browser_tests.cc
|
| index 2360705dbd73324ae3d23c14bd7bda92df460a2f..953dd9821ec90441e24b6b65b5c5d96a3b0ed233 100644
|
| --- a/chrome/browser/ssl/ssl_browser_tests.cc
|
| +++ b/chrome/browser/ssl/ssl_browser_tests.cc
|
| @@ -12,6 +12,7 @@
|
| #include "base/time/time.h"
|
| #include "chrome/app/chrome_command_ids.h"
|
| #include "chrome/browser/chrome_notification_types.h"
|
| +#include "chrome/browser/net/chrome_fraudulent_certificate_reporter.h"
|
| #include "chrome/browser/profiles/profile.h"
|
| #include "chrome/browser/ssl/ssl_blocking_page.h"
|
| #include "chrome/browser/ui/browser.h"
|
| @@ -45,6 +46,9 @@
|
| #include "net/base/test_data_directory.h"
|
| #include "net/cert/cert_status_flags.h"
|
| #include "net/test/spawned_test_server/spawned_test_server.h"
|
| +#include "net/url_request/fraudulent_certificate_reporter.h"
|
| +#include "net/url_request/url_request_context.h"
|
| +#include "net/url_request/url_request_context_getter.h"
|
|
|
| #if defined(USE_NSS)
|
| #include "chrome/browser/net/nss_context.h"
|
| @@ -53,11 +57,13 @@
|
| #endif // defined(USE_NSS)
|
|
|
| using base::ASCIIToUTF16;
|
| +using chrome_browser_net::ChromeFraudulentCertificateReporter;
|
| using content::InterstitialPage;
|
| using content::NavigationController;
|
| using content::NavigationEntry;
|
| using content::SSLStatus;
|
| using content::WebContents;
|
| +using net::FraudulentCertificateReporter;
|
| using web_modal::WebContentsModalDialogManager;
|
|
|
| const base::FilePath::CharType kDocRoot[] =
|
| @@ -193,6 +199,9 @@ class SSLUITest : public InProcessBrowserTest {
|
| // Use process-per-site so that navigating to a same-site page in a
|
| // new tab will use the same process.
|
| command_line->AppendSwitch(switches::kProcessPerSite);
|
| + // Enable a checkbox on SSL interstitials that allows users to opt
|
| + // in to reporting invalid certificate chains.
|
| + command_line->AppendSwitch(switches::kEnableInvalidCertCollection);
|
| }
|
|
|
| void CheckAuthenticatedState(WebContents* tab,
|
| @@ -349,6 +358,51 @@ class SSLUITest : public InProcessBrowserTest {
|
| page_with_unsafe_worker_path);
|
| }
|
|
|
| + // Helper function for the testing invalid certificate chain reporting.
|
| + void TestBrokenHTTPSReporting(bool opt_in, bool proceed) {
|
| + ASSERT_TRUE(https_server_expired_.Start());
|
| +
|
| + // Set up the mock reporter to track the hostnames that reports get
|
| + // sent for.
|
| + net::URLRequestContext* context =
|
| + browser()->profile()->GetRequestContext()->GetURLRequestContext();
|
| + MockReporter reporter(context);
|
| + FraudulentCertificateReporter* orig_reporter =
|
| + context->fraudulent_certificate_reporter();
|
| + context->set_fraudulent_certificate_reporter(&reporter);
|
| +
|
| + // Opt in to sending reports for invalid certificate chains.
|
| + browser()->profile()->GetPrefs()->SetBoolean(
|
| + prefs::kSafeBrowsingExtendedReportingEnabled, opt_in);
|
| +
|
| + EXPECT_EQ(reporter.GetLatestHostnameReported(), "");
|
| +
|
| + ui_test_utils::NavigateToURL(browser(), https_server_expired_.GetURL("/"));
|
| +
|
| + WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
|
| + CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID,
|
| + AuthState::SHOWING_INTERSTITIAL);
|
| +
|
| + if (proceed) {
|
| + ProceedThroughInterstitial(tab);
|
| + } else {
|
| + // Click "Take me back"
|
| + InterstitialPage* interstitial_page = tab->GetInterstitialPage();
|
| + ASSERT_TRUE(interstitial_page);
|
| + interstitial_page->DontProceed();
|
| + }
|
| +
|
| + if (opt_in) {
|
| + // Check that the mock reporter received a request to send a report.
|
| + EXPECT_EQ(reporter.GetLatestHostnameReported(),
|
| + https_server_expired_.GetURL("/").host());
|
| + } else {
|
| + EXPECT_EQ(reporter.GetLatestHostnameReported(), "");
|
| + }
|
| +
|
| + context->set_fraudulent_certificate_reporter(orig_reporter);
|
| + }
|
| +
|
| net::SpawnedTestServer https_server_;
|
| net::SpawnedTestServer https_server_expired_;
|
| net::SpawnedTestServer https_server_mismatched_;
|
| @@ -357,6 +411,28 @@ class SSLUITest : public InProcessBrowserTest {
|
| private:
|
| typedef net::SpawnedTestServer::SSLOptions SSLOptions;
|
|
|
| + // This class is used to test invalid certificate chain reporting when
|
| + // the user opts in to do so on the interstitial.
|
| + class MockReporter : public ChromeFraudulentCertificateReporter {
|
| + public:
|
| + explicit MockReporter(net::URLRequestContext* request_context)
|
| + : ChromeFraudulentCertificateReporter(request_context) {
|
| + latest_hostname_reported_ = "";
|
| + }
|
| +
|
| + void SendInvalidChainReport(const std::string& hostname,
|
| + const net::SSLInfo& ssl_info) override {
|
| + latest_hostname_reported_ = hostname;
|
| + }
|
| +
|
| + const std::string& GetLatestHostnameReported() {
|
| + return latest_hostname_reported_;
|
| + }
|
| +
|
| + private:
|
| + std::string latest_hostname_reported_;
|
| + };
|
| +
|
| DISALLOW_COPY_AND_ASSIGN(SSLUITest);
|
| };
|
|
|
| @@ -446,6 +522,34 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestBrokenHTTPSWithInsecureContent) {
|
| AuthState::DISPLAYED_INSECURE_CONTENT);
|
| }
|
|
|
| +// Test that when the checkbox is checked and the user proceeds through
|
| +// the interstitial, the FraudulentCertificateReporter sees a request to
|
| +// send a report.
|
| +IN_PROC_BROWSER_TEST_F(SSLUITest, TestBrokenHTTPSProceedWithReporting) {
|
| + TestBrokenHTTPSReporting(true, true);
|
| +}
|
| +
|
| +// Test that when the checkbox is checked and the user goes back (does
|
| +// not proceed through the interstitial), the
|
| +// FraudulentCertificateReporter sees a request to send a report.
|
| +IN_PROC_BROWSER_TEST_F(SSLUITest, TestBrokenHTTPSGoBackWithReporting) {
|
| + TestBrokenHTTPSReporting(true, false);
|
| +}
|
| +
|
| +// Test that when the checkbox is not checked and the user proceeds
|
| +// through the interstitial, the FraudulentCertificateReporter does not
|
| +// see a request to send a report.
|
| +IN_PROC_BROWSER_TEST_F(SSLUITest, TestBrokenHTTPSProceedWithNoReporting) {
|
| + TestBrokenHTTPSReporting(false, true);
|
| +}
|
| +
|
| +// Test that when the checkbox is not checked and the user does not proceed
|
| +// through the interstitial, the FraudulentCertificateReporter does not
|
| +// see a request to send a report.
|
| +IN_PROC_BROWSER_TEST_F(SSLUITest, TestBrokenHTTPSGoBackWithNoReporting) {
|
| + TestBrokenHTTPSReporting(false, false);
|
| +}
|
| +
|
| // http://crbug.com/91745
|
| #if defined(OS_CHROMEOS)
|
| #define MAYBE_TestOKHTTPS DISABLED_TestOKHTTPS
|
|
|
Chromium Code Reviews
Issue 935663004:
Add checkbox for reporting invalid TLS/SSL cert chains (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master