Index: chrome/browser/ssl/ssl_browser_tests.cc |
diff --git a/chrome/browser/ssl/ssl_browser_tests.cc b/chrome/browser/ssl/ssl_browser_tests.cc |
index 2360705dbd73324ae3d23c14bd7bda92df460a2f..e79c1c560c1c3c27baee2717da572f1baec69533 100644 |
--- a/chrome/browser/ssl/ssl_browser_tests.cc |
+++ b/chrome/browser/ssl/ssl_browser_tests.cc |
@@ -12,6 +12,7 @@ |
#include "base/time/time.h" |
#include "chrome/app/chrome_command_ids.h" |
#include "chrome/browser/chrome_notification_types.h" |
+#include "chrome/browser/net/chrome_fraudulent_certificate_reporter.h" |
#include "chrome/browser/profiles/profile.h" |
#include "chrome/browser/ssl/ssl_blocking_page.h" |
#include "chrome/browser/ui/browser.h" |
@@ -45,6 +46,9 @@ |
#include "net/base/test_data_directory.h" |
#include "net/cert/cert_status_flags.h" |
#include "net/test/spawned_test_server/spawned_test_server.h" |
+#include "net/url_request/fraudulent_certificate_reporter.h" |
+#include "net/url_request/url_request_context.h" |
+#include "net/url_request/url_request_context_getter.h" |
#if defined(USE_NSS) |
#include "chrome/browser/net/nss_context.h" |
@@ -53,11 +57,13 @@ |
#endif // defined(USE_NSS) |
using base::ASCIIToUTF16; |
+using chrome_browser_net::ChromeFraudulentCertificateReporter; |
using content::InterstitialPage; |
using content::NavigationController; |
using content::NavigationEntry; |
using content::SSLStatus; |
using content::WebContents; |
+using net::FraudulentCertificateReporter; |
using web_modal::WebContentsModalDialogManager; |
const base::FilePath::CharType kDocRoot[] = |
@@ -349,6 +355,59 @@ class SSLUITest : public InProcessBrowserTest { |
page_with_unsafe_worker_path); |
} |
+ // Helper function for the testing invalid certificate chain reporting. |
+ void TestBrokenHTTPSReporting(bool opt_in, |
+ bool proceed, |
+ bool switch_enabled = true) { |
+ ASSERT_TRUE(https_server_expired_.Start()); |
+ |
+ // Set up the mock reporter to track the hostnames that reports get |
+ // sent for. |
+ net::URLRequestContext* context = |
+ browser()->profile()->GetRequestContext()->GetURLRequestContext(); |
+ MockReporter reporter(context); |
+ FraudulentCertificateReporter* orig_reporter = |
+ context->fraudulent_certificate_reporter(); |
+ context->set_fraudulent_certificate_reporter(&reporter); |
+ |
+ // Opt in to sending reports for invalid certificate chains. |
+ browser()->profile()->GetPrefs()->SetBoolean( |
+ prefs::kSafeBrowsingExtendedReportingEnabled, opt_in); |
+ |
+ EXPECT_EQ(reporter.GetLatestHostnameReported(), ""); |
+ |
+ ui_test_utils::NavigateToURL(browser(), https_server_expired_.GetURL("/")); |
+ |
+ WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); |
+ CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, |
+ AuthState::SHOWING_INTERSTITIAL); |
+ |
+ if (proceed) { |
+ ProceedThroughInterstitial(tab); |
+ } else { |
+ // Click "Take me back" |
+ InterstitialPage* interstitial_page = tab->GetInterstitialPage(); |
+ ASSERT_TRUE(interstitial_page); |
+ interstitial_page->DontProceed(); |
+ } |
+ |
+ base::RunLoop().RunUntilIdle(); |
Ryan Sleevi
2015/02/27 00:46:33
May want a comment explaining why this is.
estark
2015/02/27 02:49:37
Done.
|
+ |
+ if (opt_in) { |
+ // Check that the mock reporter received a request to send a report. |
+ if (switch_enabled) { |
+ EXPECT_EQ(reporter.GetLatestHostnameReported(), |
+ https_server_expired_.GetURL("/").host()); |
+ } else { |
+ EXPECT_EQ(reporter.GetLatestHostnameReported(), ""); |
+ } |
+ } else { |
+ EXPECT_EQ(reporter.GetLatestHostnameReported(), ""); |
+ } |
+ |
+ context->set_fraudulent_certificate_reporter(orig_reporter); |
+ } |
+ |
net::SpawnedTestServer https_server_; |
net::SpawnedTestServer https_server_expired_; |
net::SpawnedTestServer https_server_mismatched_; |
@@ -357,6 +416,30 @@ class SSLUITest : public InProcessBrowserTest { |
private: |
typedef net::SpawnedTestServer::SSLOptions SSLOptions; |
+ // This class is used to test invalid certificate chain reporting when |
+ // the user opts in to do so on the interstitial. |
+ class MockReporter : public ChromeFraudulentCertificateReporter { |
Ryan Sleevi
2015/02/27 00:46:33
Since you're not relying on this class being able
estark
2015/02/27 02:49:37
Done.
|
+ public: |
+ explicit MockReporter(net::URLRequestContext* request_context) |
+ : ChromeFraudulentCertificateReporter(request_context) { |
+ latest_hostname_reported_ = ""; |
Ryan Sleevi
2015/02/27 00:46:33
This is not necessary. Strings are default initial
estark
2015/02/27 02:49:37
Done.
|
+ } |
+ |
+ void SendReport(ReportType type, |
+ const std::string& hostname, |
+ const net::SSLInfo& ssl_info) override { |
+ latest_hostname_reported_ = hostname; |
+ EXPECT_EQ(type, REPORT_TYPE_EXTENDED_REPORTING); |
+ } |
+ |
+ const std::string& GetLatestHostnameReported() { |
+ return latest_hostname_reported_; |
+ } |
+ |
+ private: |
+ std::string latest_hostname_reported_; |
+ }; |
+ |
DISALLOW_COPY_AND_ASSIGN(SSLUITest); |
}; |
@@ -390,6 +473,17 @@ class SSLUITestIgnoreLocalhostCertErrors : public SSLUITest { |
} |
}; |
+class SSLUITestWithExtendedReporting : public SSLUITest { |
+ public: |
+ SSLUITestWithExtendedReporting() : SSLUITest() {} |
+ |
+ void SetUpCommandLine(base::CommandLine* command_line) override { |
+ // Enable a checkbox on SSL interstitials that allows users to opt |
+ // in to reporting invalid certificate chains. |
+ command_line->AppendSwitch(switches::kEnableInvalidCertCollection); |
+ } |
+}; |
+ |
// Visits a regular page over http. |
IN_PROC_BROWSER_TEST_F(SSLUITest, TestHTTP) { |
ASSERT_TRUE(test_server()->Start()); |
@@ -446,6 +540,48 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestBrokenHTTPSWithInsecureContent) { |
AuthState::DISPLAYED_INSECURE_CONTENT); |
} |
+// Test that when the checkbox is checked and the user proceeds through |
+// the interstitial, the FraudulentCertificateReporter sees a request to |
+// send a report. |
+IN_PROC_BROWSER_TEST_F(SSLUITestWithExtendedReporting, |
+ TestBrokenHTTPSProceedWithReporting) { |
+ TestBrokenHTTPSReporting(true, true); |
+} |
+ |
+// Test that when the checkbox is checked and the user goes back (does |
+// not proceed through the interstitial), the |
+// FraudulentCertificateReporter sees a request to send a report. |
+IN_PROC_BROWSER_TEST_F(SSLUITestWithExtendedReporting, |
+ TestBrokenHTTPSGoBackWithReporting) { |
+ TestBrokenHTTPSReporting(true, false); |
+} |
+ |
+// Test that when the checkbox is not checked and the user proceeds |
+// through the interstitial, the FraudulentCertificateReporter does not |
+// see a request to send a report. |
+IN_PROC_BROWSER_TEST_F(SSLUITestWithExtendedReporting, |
+ TestBrokenHTTPSProceedWithNoReporting) { |
+ TestBrokenHTTPSReporting(false, true); |
+} |
+ |
+// Test that when the checkbox is not checked and the user does not proceed |
+// through the interstitial, the FraudulentCertificateReporter does not |
+// see a request to send a report. |
+IN_PROC_BROWSER_TEST_F(SSLUITestWithExtendedReporting, |
+ TestBrokenHTTPSGoBackWithNoReporting) { |
+ TestBrokenHTTPSReporting(false, false); |
+} |
+ |
+// Test that when the command-line switch for reporting invalid cert |
+// chains is not enabled, reports don't get sent, even if the opt-in |
+// preference is set. (i.e. if a user enables invalid cert collection in |
+// chrome://flags, checks the box on an interstitial, and then disables |
+// the flag in chrome://flags, reports shouldn't be sent on the next |
+// interstitial). |
+IN_PROC_BROWSER_TEST_F(SSLUITest, TestBrokenHTTPSNoReportingWithoutSwitch) { |
+ TestBrokenHTTPSReporting(true, true, false); |
+} |
+ |
// http://crbug.com/91745 |
#if defined(OS_CHROMEOS) |
#define MAYBE_TestOKHTTPS DISABLED_TestOKHTTPS |