Index: chrome/browser/ssl/ssl_browser_tests.cc |
diff --git a/chrome/browser/ssl/ssl_browser_tests.cc b/chrome/browser/ssl/ssl_browser_tests.cc |
index 32b4d43abc944208fec11558033aabe4e21608b9..fb07e9f1a57b927e6a943154c496b15c7320d926 100644 |
--- a/chrome/browser/ssl/ssl_browser_tests.cc |
+++ b/chrome/browser/ssl/ssl_browser_tests.cc |
@@ -12,6 +12,7 @@ |
#include "base/time/time.h" |
#include "chrome/app/chrome_command_ids.h" |
#include "chrome/browser/chrome_notification_types.h" |
+#include "chrome/browser/net/certificate_error_reporter.h" |
#include "chrome/browser/profiles/profile.h" |
#include "chrome/browser/ssl/ssl_blocking_page.h" |
#include "chrome/browser/ui/browser.h" |
@@ -45,6 +46,7 @@ |
#include "net/base/test_data_directory.h" |
#include "net/cert/cert_status_flags.h" |
#include "net/test/spawned_test_server/spawned_test_server.h" |
+#include "net/url_request/url_request_context.h" |
#if defined(USE_NSS) |
#include "chrome/browser/net/nss_context.h" |
@@ -53,6 +55,7 @@ |
#endif // defined(USE_NSS) |
using base::ASCIIToUTF16; |
+using chrome_browser_net::CertificateErrorReporter; |
using content::InterstitialPage; |
using content::NavigationController; |
using content::NavigationEntry; |
@@ -169,6 +172,29 @@ void CheckSecurityState(WebContents* tab, |
AuthState::Check(*entry, expected_authentication_state); |
} |
+// This class is used to test invalid certificate chain reporting when |
+// the user opts in to do so on the interstitial. |
+class MockReporter : public CertificateErrorReporter { |
+ public: |
+ explicit MockReporter(const GURL& upload_url) |
+ : CertificateErrorReporter(upload_url) {} |
+ |
+ void SendReport(CertificateErrorReporter::ReportType type, |
+ net::URLRequestContext* request_context, |
+ const std::string& hostname, |
+ const net::SSLInfo& ssl_info) override { |
+ EXPECT_EQ(CertificateErrorReporter::REPORT_TYPE_EXTENDED_REPORTING, type); |
+ latest_hostname_reported_ = hostname; |
+ } |
+ |
+ const std::string& latest_hostname_reported() { |
+ return latest_hostname_reported_; |
+ } |
+ |
+ private: |
+ ~MockReporter() override {} |
+ std::string latest_hostname_reported_; |
+}; |
} // namespace |
class SSLUITest : public InProcessBrowserTest { |
@@ -351,6 +377,64 @@ class SSLUITest : public InProcessBrowserTest { |
page_with_unsafe_worker_path); |
} |
+ // Helper function for testing invalid certificate chain reporting. |
+ void TestBrokenHTTPSReporting(bool opt_in, |
+ bool proceed, |
+ bool switch_enabled, |
+ bool expect_report, |
+ Browser* browser) { |
+ ASSERT_TRUE(https_server_expired_.Start()); |
+ |
+ // Opt in to sending reports for invalid certificate chains. |
+ browser->profile()->GetPrefs()->SetBoolean( |
+ prefs::kSafeBrowsingExtendedReportingEnabled, opt_in); |
+ |
+ ui_test_utils::NavigateToURL(browser, https_server_expired_.GetURL("/")); |
+ |
+ WebContents* tab = browser->tab_strip_model()->GetActiveWebContents(); |
+ CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, |
+ AuthState::SHOWING_INTERSTITIAL); |
+ |
+ // Set up a callback so that the test is notified when the report |
+ // has been sent on the IO thread (or not sent). |
+ base::RunLoop report_run_loop; |
+ base::Callback<void()> report_callback = report_run_loop.QuitClosure(); |
Bernhard Bauer
2015/03/13 13:48:48
This is typedef'd as base::Closure.
estark
2015/03/13 16:21:17
Done.
|
+ SSLBlockingPage* interstitial_page = static_cast<SSLBlockingPage*>( |
+ tab->GetInterstitialPage()->GetDelegateForTesting()); |
+ interstitial_page->SetCertificateReportCallbackForTesting(report_callback); |
+ // Set up the mock reporter to track the hostnames that reports get |
+ // sent for. The request_context argument is not present here |
+ // because the MockReporter doesn't actually use a |
+ // request_context. (In order to pass a real request_context, the |
+ // reporter would have to be constructed on the IO thread.) |
+ scoped_refptr<MockReporter> reporter = |
+ new MockReporter(GURL("http://example.test")); |
+ interstitial_page->SetCertificateErrorReporterForTesting(reporter); |
+ |
+ EXPECT_EQ(std::string(), reporter->latest_hostname_reported()); |
+ |
+ // Leave the interstitial (either by proceeding or going back) |
+ if (proceed) { |
+ ProceedThroughInterstitial(tab); |
+ } else { |
+ // Click "Take me back" |
+ InterstitialPage* interstitial_page = tab->GetInterstitialPage(); |
+ ASSERT_TRUE(interstitial_page); |
+ interstitial_page->DontProceed(); |
+ } |
+ |
+ // Wait until the report has been sent on the IO thread. |
+ report_run_loop.Run(); |
+ |
+ if (expect_report) { |
+ // Check that the mock reporter received a request to send a report. |
+ EXPECT_EQ(https_server_expired_.GetURL("/").host(), |
+ reporter->latest_hostname_reported()); |
+ } else { |
+ EXPECT_EQ(std::string(), reporter->latest_hostname_reported()); |
+ } |
+ } |
+ |
net::SpawnedTestServer https_server_; |
net::SpawnedTestServer https_server_expired_; |
net::SpawnedTestServer https_server_mismatched_; |
@@ -392,6 +476,17 @@ class SSLUITestIgnoreLocalhostCertErrors : public SSLUITest { |
} |
}; |
+class SSLUITestWithExtendedReporting : public SSLUITest { |
+ public: |
+ SSLUITestWithExtendedReporting() : SSLUITest() {} |
+ |
+ void SetUpCommandLine(base::CommandLine* command_line) override { |
+ // Enable a checkbox on SSL interstitials that allows users to opt |
+ // in to reporting invalid certificate chains. |
+ command_line->AppendSwitch(switches::kEnableInvalidCertCollection); |
+ } |
+}; |
+ |
// Visits a regular page over http. |
IN_PROC_BROWSER_TEST_F(SSLUITest, TestHTTP) { |
ASSERT_TRUE(test_server()->Start()); |
@@ -448,6 +543,55 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestBrokenHTTPSWithInsecureContent) { |
AuthState::DISPLAYED_INSECURE_CONTENT); |
} |
+// Test that when the checkbox is checked and the user proceeds through |
+// the interstitial, the FraudulentCertificateReporter sees a request to |
+// send a report. |
+IN_PROC_BROWSER_TEST_F(SSLUITestWithExtendedReporting, |
+ TestBrokenHTTPSProceedWithReporting) { |
+ TestBrokenHTTPSReporting(true, true, true, true, browser()); |
+} |
+ |
+// Test that when the checkbox is checked and the user goes back (does |
+// not proceed through the interstitial), the |
+// FraudulentCertificateReporter sees a request to send a report. |
+IN_PROC_BROWSER_TEST_F(SSLUITestWithExtendedReporting, |
+ TestBrokenHTTPSGoBackWithReporting) { |
+ TestBrokenHTTPSReporting(true, false, true, true, browser()); |
+} |
+ |
+// Test that when the checkbox is not checked and the user proceeds |
+// through the interstitial, the FraudulentCertificateReporter does not |
+// see a request to send a report. |
+IN_PROC_BROWSER_TEST_F(SSLUITestWithExtendedReporting, |
+ TestBrokenHTTPSProceedWithNoReporting) { |
+ TestBrokenHTTPSReporting(false, true, true, false, browser()); |
+} |
+ |
+// Test that when the checkbox is not checked and the user does not proceed |
+// through the interstitial, the FraudulentCertificateReporter does not |
+// see a request to send a report. |
+IN_PROC_BROWSER_TEST_F(SSLUITestWithExtendedReporting, |
+ TestBrokenHTTPSGoBackWithNoReporting) { |
+ TestBrokenHTTPSReporting(false, false, true, false, browser()); |
+} |
+ |
+// Test that when the command-line switch for reporting invalid cert |
+// chains is not enabled, reports don't get sent, even if the opt-in |
+// preference is set. (i.e. if a user enables invalid cert collection in |
+// chrome://flags, checks the box on an interstitial, and then disables |
+// the flag in chrome://flags, reports shouldn't be sent on the next |
+// interstitial). |
+IN_PROC_BROWSER_TEST_F(SSLUITest, TestBrokenHTTPSNoReportingWithoutSwitch) { |
+ TestBrokenHTTPSReporting(true, true, false, false, browser()); |
+} |
+ |
+// Test that reports don't get sent in incognito mode even if the opt-in |
+// preference is set and the command-line switch is enabled. |
+IN_PROC_BROWSER_TEST_F(SSLUITestWithExtendedReporting, |
+ TestBrokenHTTPSNoReportingInIncognito) { |
+ TestBrokenHTTPSReporting(true, true, true, false, CreateIncognitoBrowser()); |
+} |
+ |
// http://crbug.com/91745 |
#if defined(OS_CHROMEOS) |
#define MAYBE_TestOKHTTPS DISABLED_TestOKHTTPS |