search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Revert of Add button to add new FSP services to Files app. (patchset #8 id:140001...
[chromium-blink-merge.git] / chrome / browser / ssl / ssl_browser_tests.cc
blobba69fe78eb8b47aee9d8ebc1bb8ecb8fff4a3cc8
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "base/bind.h"
6 #include "base/bind_helpers.h"
7 #include "base/callback.h"
8 #include "base/command_line.h"
9 #include "base/prefs/pref_service.h"
10 #include "base/strings/string_util.h"
11 #include "base/strings/stringprintf.h"
12 #include "base/strings/utf_string_conversions.h"
13 #include "base/time/time.h"
14 #include "chrome/app/chrome_command_ids.h"
15 #include "chrome/browser/browser_process.h"
16 #include "chrome/browser/chrome_notification_types.h"
17 #include "chrome/browser/interstitials/security_interstitial_page_test_utils.h"
18 #include "chrome/browser/net/certificate_error_reporter.h"
19 #include "chrome/browser/profiles/profile.h"
20 #include "chrome/browser/safe_browsing/ping_manager.h"
21 #include "chrome/browser/safe_browsing/safe_browsing_service.h"
22 #include "chrome/browser/ssl/ssl_blocking_page.h"
23 #include "chrome/browser/ui/browser.h"
24 #include "chrome/browser/ui/browser_commands.h"
25 #include "chrome/browser/ui/browser_navigator.h"
26 #include "chrome/browser/ui/browser_tabstrip.h"
27 #include "chrome/browser/ui/tabs/tab_strip_model.h"
28 #include "chrome/common/chrome_paths.h"
29 #include "chrome/common/chrome_switches.h"
30 #include "chrome/common/pref_names.h"
31 #include "chrome/test/base/in_process_browser_test.h"
32 #include "chrome/test/base/ui_test_utils.h"
33 #include "components/content_settings/core/browser/host_content_settings_map.h"
34 #include "components/web_modal/web_contents_modal_dialog_manager.h"
35 #include "content/public/browser/browser_context.h"
36 #include "content/public/browser/interstitial_page.h"
37 #include "content/public/browser/navigation_controller.h"
38 #include "content/public/browser/navigation_entry.h"
39 #include "content/public/browser/notification_service.h"
40 #include "content/public/browser/render_frame_host.h"
41 #include "content/public/browser/render_view_host.h"
42 #include "content/public/browser/render_widget_host_view.h"
43 #include "content/public/browser/web_contents.h"
44 #include "content/public/browser/web_contents_observer.h"
45 #include "content/public/common/security_style.h"
46 #include "content/public/common/ssl_status.h"
47 #include "content/public/test/browser_test_utils.h"
48 #include "content/public/test/download_test_observer.h"
49 #include "content/public/test/test_renderer_host.h"
50 #include "net/base/net_errors.h"
51 #include "net/base/test_data_directory.h"
52 #include "net/cert/cert_status_flags.h"
53 #include "net/cert/x509_certificate.h"
54 #include "net/ssl/ssl_info.h"
55 #include "net/test/spawned_test_server/spawned_test_server.h"
56 #include "net/url_request/url_request_context.h"
57
58 #if defined(USE_NSS)
59 #include "chrome/browser/net/nss_context.h"
60 #include "net/base/crypto_module.h"
61 #include "net/cert/nss_cert_database.h"
62 #endif // defined(USE_NSS)
63
64 using base::ASCIIToUTF16;
65 using chrome_browser_interstitials::SecurityInterstitialIDNTest;
66 using chrome_browser_net::CertificateErrorReporter;
67 using content::InterstitialPage;
68 using content::NavigationController;
69 using content::NavigationEntry;
70 using content::SSLStatus;
71 using content::WebContents;
72 using web_modal::WebContentsModalDialogManager;
73
74 const base::FilePath::CharType kDocRoot[] =
75 FILE_PATH_LITERAL("chrome/test/data");
76
77 namespace {
78
79 class ProvisionalLoadWaiter : public content::WebContentsObserver {
80 public:
81 explicit ProvisionalLoadWaiter(WebContents* tab)
82 : WebContentsObserver(tab), waiting_(false), seen_(false) {}
83
84 void Wait() {
85 if (seen_)
86 return;
87
88 waiting_ = true;
89 content::RunMessageLoop();
90 }
91
92 void DidFailProvisionalLoad(
93 content::RenderFrameHost* render_frame_host,
94 const GURL& validated_url,
95 int error_code,
96 const base::string16& error_description) override {
97 seen_ = true;
98 if (waiting_)
99 base::MessageLoopForUI::current()->Quit();
100 }
101
102 private:
103 bool waiting_;
104 bool seen_;
105 };
106
107 namespace AuthState {
108
109 enum AuthStateFlags {
110 NONE = 0,
111 DISPLAYED_INSECURE_CONTENT = 1 << 0,
112 RAN_INSECURE_CONTENT = 1 << 1,
113 SHOWING_INTERSTITIAL = 1 << 2,
114 SHOWING_ERROR = 1 << 3
115 };
116
117 void Check(const NavigationEntry& entry, int expected_authentication_state) {
118 if (expected_authentication_state == AuthState::SHOWING_ERROR) {
119 EXPECT_EQ(content::PAGE_TYPE_ERROR, entry.GetPageType());
120 } else {
121 EXPECT_EQ(
122 !!(expected_authentication_state & AuthState::SHOWING_INTERSTITIAL)
123 ? content::PAGE_TYPE_INTERSTITIAL
124 : content::PAGE_TYPE_NORMAL,
125 entry.GetPageType());
126 }
127
128 bool displayed_insecure_content =
129 !!(entry.GetSSL().content_status & SSLStatus::DISPLAYED_INSECURE_CONTENT);
130 EXPECT_EQ(
131 !!(expected_authentication_state & AuthState::DISPLAYED_INSECURE_CONTENT),
132 displayed_insecure_content);
133
134 bool ran_insecure_content =
135 !!(entry.GetSSL().content_status & SSLStatus::RAN_INSECURE_CONTENT);
136 EXPECT_EQ(!!(expected_authentication_state & AuthState::RAN_INSECURE_CONTENT),
137 ran_insecure_content);
138 }
139
140 } // namespace AuthState
141
142 namespace SecurityStyle {
143
144 void Check(const NavigationEntry& entry,
145 content::SecurityStyle expected_security_style) {
146 EXPECT_EQ(expected_security_style, entry.GetSSL().security_style);
147 }
148
149 } // namespace SecurityStyle
150
151 namespace CertError {
152
153 enum CertErrorFlags {
154 NONE = 0
155 };
156
157 void Check(const NavigationEntry& entry, net::CertStatus error) {
158 if (error) {
159 EXPECT_EQ(error, entry.GetSSL().cert_status & error);
160 net::CertStatus extra_cert_errors =
161 error ^ (entry.GetSSL().cert_status & net::CERT_STATUS_ALL_ERRORS);
162 if (extra_cert_errors)
163 LOG(WARNING) << "Got unexpected cert error: " << extra_cert_errors;
164 } else {
165 EXPECT_EQ(0U, entry.GetSSL().cert_status & net::CERT_STATUS_ALL_ERRORS);
166 }
167 }
168
169 } // namespace CertError
170
171 void CheckSecurityState(WebContents* tab,
172 net::CertStatus error,
173 content::SecurityStyle expected_security_style,
174 int expected_authentication_state) {
175 ASSERT_FALSE(tab->IsCrashed());
176 NavigationEntry* entry = tab->GetController().GetActiveEntry();
177 ASSERT_TRUE(entry);
178 CertError::Check(*entry, error);
179 SecurityStyle::Check(*entry, expected_security_style);
180 AuthState::Check(*entry, expected_authentication_state);
181 }
182
183 namespace CertificateReporting {
184
185 enum OptIn { EXTENDED_REPORTING_OPT_IN, EXTENDED_REPORTING_DO_NOT_OPT_IN };
186
187 enum Proceed { SSL_INTERSTITIAL_PROCEED, SSL_INTERSTITIAL_DO_NOT_PROCEED };
188
189 enum ExpectReport { CERT_REPORT_EXPECTED, CERT_REPORT_NOT_EXPECTED };
190
191 // This class is used to test invalid certificate chain reporting when
192 // the user opts in to do so on the interstitial.
193 class MockReporter : public CertificateErrorReporter {
194 public:
195 explicit MockReporter(net::URLRequestContext* request_context,
196 const GURL& upload_url,
197 CookiesPreference cookies_preference)
198 : CertificateErrorReporter(request_context,
199 upload_url,
200 cookies_preference) {}
201
202 void SendReport(CertificateErrorReporter::ReportType type,
203 const std::string& hostname,
204 const net::SSLInfo& ssl_info) override {
205 EXPECT_EQ(CertificateErrorReporter::REPORT_TYPE_EXTENDED_REPORTING, type);
206 latest_hostname_reported_ = hostname;
207 }
208
209 const std::string& latest_hostname_reported() {
210 return latest_hostname_reported_;
211 }
212
213 private:
214 std::string latest_hostname_reported_;
215 };
216
217 void SetUpMockReporter(SafeBrowsingService* safe_browsing_service,
218 MockReporter* reporter) {
219 safe_browsing_service->ping_manager()->SetCertificateErrorReporterForTesting(
220 scoped_ptr<CertificateErrorReporter>(reporter));
221 }
222
223 } // namespace CertificateReporting
224
225 } // namespace
226
227 class SSLUITest : public InProcessBrowserTest {
228 public:
229 SSLUITest()
230 : https_server_(net::SpawnedTestServer::TYPE_HTTPS,
231 SSLOptions(SSLOptions::CERT_OK),
232 base::FilePath(kDocRoot)),
233 https_server_expired_(net::SpawnedTestServer::TYPE_HTTPS,
234 SSLOptions(SSLOptions::CERT_EXPIRED),
235 base::FilePath(kDocRoot)),
236 https_server_mismatched_(net::SpawnedTestServer::TYPE_HTTPS,
237 SSLOptions(SSLOptions::CERT_MISMATCHED_NAME),
238 base::FilePath(kDocRoot)),
239 wss_server_expired_(net::SpawnedTestServer::TYPE_WSS,
240 SSLOptions(SSLOptions::CERT_EXPIRED),
241 net::GetWebSocketTestDataDirectory()) {}
242
243 void SetUpOnMainThread() override {
244 // Set up the mock reporter to track the hostnames that reports get
245 // sent for. The request_context argument is NULL here
246 // because the MockReporter doesn't actually use a
247 // request_context. (In order to pass a real request_context, the
248 // reporter would have to be constructed on the IO thread.)
249 reporter_ = new CertificateReporting::MockReporter(
250 NULL, GURL("http://example.test"),
251 CertificateReporting::MockReporter::DO_NOT_SEND_COOKIES);
252 scoped_refptr<SafeBrowsingService> safe_browsing_service =
253 g_browser_process->safe_browsing_service();
254 ASSERT_TRUE(safe_browsing_service);
255 content::BrowserThread::PostTask(
256 content::BrowserThread::IO, FROM_HERE,
257 base::Bind(CertificateReporting::SetUpMockReporter,
258 safe_browsing_service, reporter_));
259 }
260
261 void SetUpCommandLine(base::CommandLine* command_line) override {
262 // Browser will both run and display insecure content.
263 command_line->AppendSwitch(switches::kAllowRunningInsecureContent);
264 // Use process-per-site so that navigating to a same-site page in a
265 // new tab will use the same process.
266 command_line->AppendSwitch(switches::kProcessPerSite);
267 }
268
269 void CheckAuthenticatedState(WebContents* tab,
270 int expected_authentication_state) {
271 CheckSecurityState(tab,
272 CertError::NONE,
273 content::SECURITY_STYLE_AUTHENTICATED,
274 expected_authentication_state);
275 }
276
277 void CheckUnauthenticatedState(WebContents* tab,
278 int expected_authentication_state) {
279 CheckSecurityState(tab,
280 CertError::NONE,
281 content::SECURITY_STYLE_UNAUTHENTICATED,
282 expected_authentication_state);
283 }
284
285 void CheckAuthenticationBrokenState(WebContents* tab,
286 net::CertStatus error,
287 int expected_authentication_state) {
288 CheckSecurityState(tab,
289 error,
290 content::SECURITY_STYLE_AUTHENTICATION_BROKEN,
291 expected_authentication_state);
292 // CERT_STATUS_UNABLE_TO_CHECK_REVOCATION doesn't lower the security style
293 // to SECURITY_STYLE_AUTHENTICATION_BROKEN.
294 ASSERT_NE(net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION, error);
295 }
296
297 void CheckWorkerLoadResult(WebContents* tab, bool expected_load) {
298 // Workers are async and we don't have notifications for them passing
299 // messages since they do it between renderer and worker processes.
300 // So have a polling loop, check every 200ms, timeout at 30s.
301 const int kTimeoutMS = 200;
302 base::Time time_to_quit = base::Time::Now() +
303 base::TimeDelta::FromMilliseconds(30000);
304
305 while (base::Time::Now() < time_to_quit) {
306 bool worker_finished = false;
307 ASSERT_TRUE(content::ExecuteScriptAndExtractBool(
308 tab,
309 "window.domAutomationController.send(IsWorkerFinished());",
310 &worker_finished));
311
312 if (worker_finished)
313 break;
314
315 // Wait a bit.
316 base::MessageLoop::current()->PostDelayedTask(
317 FROM_HERE,
318 base::MessageLoop::QuitClosure(),
319 base::TimeDelta::FromMilliseconds(kTimeoutMS));
320 content::RunMessageLoop();
321 }
322
323 bool actually_loaded_content = false;
324 ASSERT_TRUE(content::ExecuteScriptAndExtractBool(
325 tab,
326 "window.domAutomationController.send(IsContentLoaded());",
327 &actually_loaded_content));
328 EXPECT_EQ(expected_load, actually_loaded_content);
329 }
330
331 void ProceedThroughInterstitial(WebContents* tab) {
332 InterstitialPage* interstitial_page = tab->GetInterstitialPage();
333 ASSERT_TRUE(interstitial_page);
334 ASSERT_EQ(SSLBlockingPage::kTypeForTesting,
335 interstitial_page->GetDelegateForTesting()->GetTypeForTesting());
336 content::WindowedNotificationObserver observer(
337 content::NOTIFICATION_LOAD_STOP,
338 content::Source<NavigationController>(&tab->GetController()));
339 interstitial_page->Proceed();
340 observer.Wait();
341 }
342
343 bool IsShowingWebContentsModalDialog() const {
344 return WebContentsModalDialogManager::FromWebContents(
345 browser()->tab_strip_model()->GetActiveWebContents())->
346 IsDialogActive();
347 }
348
349 static bool GetFilePathWithHostAndPortReplacement(
350 const std::string& original_file_path,
351 const net::HostPortPair& host_port_pair,
352 std::string* replacement_path) {
353 std::vector<net::SpawnedTestServer::StringPair> replacement_text;
354 replacement_text.push_back(
355 make_pair("REPLACE_WITH_HOST_AND_PORT", host_port_pair.ToString()));
356 return net::SpawnedTestServer::GetFilePathWithReplacements(
357 original_file_path, replacement_text, replacement_path);
358 }
359
360 static bool GetTopFramePath(const net::SpawnedTestServer& http_server,
361 const net::SpawnedTestServer& good_https_server,
362 const net::SpawnedTestServer& bad_https_server,
363 std::string* top_frame_path) {
364 // The "frame_left.html" page contained in the top_frame.html page contains
365 // <a href>'s to three different servers. This sets up all of the
366 // replacement text to work with test servers which listen on ephemeral
367 // ports.
368 GURL http_url = http_server.GetURL("files/ssl/google.html");
369 GURL good_https_url = good_https_server.GetURL("files/ssl/google.html");
370 GURL bad_https_url = bad_https_server.GetURL(
371 "files/ssl/bad_iframe.html");
372
373 std::vector<net::SpawnedTestServer::StringPair> replacement_text_frame_left;
374 replacement_text_frame_left.push_back(
375 make_pair("REPLACE_WITH_HTTP_PAGE", http_url.spec()));
376 replacement_text_frame_left.push_back(
377 make_pair("REPLACE_WITH_GOOD_HTTPS_PAGE", good_https_url.spec()));
378 replacement_text_frame_left.push_back(
379 make_pair("REPLACE_WITH_BAD_HTTPS_PAGE", bad_https_url.spec()));
380 std::string frame_left_path;
381 if (!net::SpawnedTestServer::GetFilePathWithReplacements(
382 "frame_left.html",
383 replacement_text_frame_left,
384 &frame_left_path))
385 return false;
386
387 // Substitute the generated frame_left URL into the top_frame page.
388 std::vector<net::SpawnedTestServer::StringPair> replacement_text_top_frame;
389 replacement_text_top_frame.push_back(
390 make_pair("REPLACE_WITH_FRAME_LEFT_PATH", frame_left_path));
391 return net::SpawnedTestServer::GetFilePathWithReplacements(
392 "files/ssl/top_frame.html",
393 replacement_text_top_frame,
394 top_frame_path);
395 }
396
397 static bool GetPageWithUnsafeWorkerPath(
398 const net::SpawnedTestServer& expired_https_server,
399 std::string* page_with_unsafe_worker_path) {
400 // Get the "imported.js" URL from the expired https server and
401 // substitute it into the unsafe_worker.js file.
402 GURL imported_js_url = expired_https_server.GetURL("files/ssl/imported.js");
403 std::vector<net::SpawnedTestServer::StringPair>
404 replacement_text_for_unsafe_worker;
405 replacement_text_for_unsafe_worker.push_back(
406 make_pair("REPLACE_WITH_IMPORTED_JS_URL", imported_js_url.spec()));
407 std::string unsafe_worker_path;
408 if (!net::SpawnedTestServer::GetFilePathWithReplacements(
409 "unsafe_worker.js",
410 replacement_text_for_unsafe_worker,
411 &unsafe_worker_path))
412 return false;
413
414 // Now, substitute this into the page with unsafe worker.
415 std::vector<net::SpawnedTestServer::StringPair>
416 replacement_text_for_page_with_unsafe_worker;
417 replacement_text_for_page_with_unsafe_worker.push_back(
418 make_pair("REPLACE_WITH_UNSAFE_WORKER_PATH", unsafe_worker_path));
419 return net::SpawnedTestServer::GetFilePathWithReplacements(
420 "files/ssl/page_with_unsafe_worker.html",
421 replacement_text_for_page_with_unsafe_worker,
422 page_with_unsafe_worker_path);
423 }
424
425 // Helper function for testing invalid certificate chain reporting.
426 void TestBrokenHTTPSReporting(
427 CertificateReporting::OptIn opt_in,
428 CertificateReporting::Proceed proceed,
429 CertificateReporting::ExpectReport expect_report,
430 Browser* browser) {
431 ASSERT_TRUE(https_server_expired_.Start());
432
433 // Opt in to sending reports for invalid certificate chains.
434 browser->profile()->GetPrefs()->SetBoolean(
435 prefs::kSafeBrowsingExtendedReportingEnabled,
436 opt_in == CertificateReporting::EXTENDED_REPORTING_OPT_IN);
437
438 ui_test_utils::NavigateToURL(browser, https_server_expired_.GetURL("/"));
439
440 WebContents* tab = browser->tab_strip_model()->GetActiveWebContents();
441 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID,
442 AuthState::SHOWING_INTERSTITIAL);
443
444 // Set up a callback so that the test is notified when the report
445 // has been sent on the IO thread (or not sent).
446 base::RunLoop report_run_loop;
447 base::Closure report_callback = report_run_loop.QuitClosure();
448 SSLBlockingPage* interstitial_page = static_cast<SSLBlockingPage*>(
449 tab->GetInterstitialPage()->GetDelegateForTesting());
450 interstitial_page->SetCertificateReportCallbackForTesting(report_callback);
451
452 EXPECT_EQ(std::string(), reporter_->latest_hostname_reported());
453
454 // Leave the interstitial (either by proceeding or going back)
455 if (proceed == CertificateReporting::SSL_INTERSTITIAL_PROCEED) {
456 ProceedThroughInterstitial(tab);
457 } else {
458 // Click "Take me back"
459 InterstitialPage* interstitial_page = tab->GetInterstitialPage();
460 ASSERT_TRUE(interstitial_page);
461 interstitial_page->DontProceed();
462 }
463
464 // Wait until the report has been sent on the IO thread.
465 report_run_loop.Run();
466
467 if (expect_report == CertificateReporting::CERT_REPORT_EXPECTED) {
468 // Check that the mock reporter received a request to send a report.
469 EXPECT_EQ(https_server_expired_.GetURL("/").host(),
470 reporter_->latest_hostname_reported());
471 } else {
472 EXPECT_EQ(std::string(), reporter_->latest_hostname_reported());
473 }
474 }
475
476 net::SpawnedTestServer https_server_;
477 net::SpawnedTestServer https_server_expired_;
478 net::SpawnedTestServer https_server_mismatched_;
479 net::SpawnedTestServer wss_server_expired_;
480
481 private:
482 typedef net::SpawnedTestServer::SSLOptions SSLOptions;
483 CertificateReporting::MockReporter* reporter_;
484
485 DISALLOW_COPY_AND_ASSIGN(SSLUITest);
486 };
487
488 class SSLUITestBlock : public SSLUITest {
489 public:
490 SSLUITestBlock() : SSLUITest() {}
491
492 // Browser will neither run nor display insecure content.
493 void SetUpCommandLine(base::CommandLine* command_line) override {
494 command_line->AppendSwitch(switches::kNoDisplayingInsecureContent);
495 }
496 };
497
498 class SSLUITestIgnoreCertErrors : public SSLUITest {
499 public:
500 SSLUITestIgnoreCertErrors() : SSLUITest() {}
501
502 void SetUpCommandLine(base::CommandLine* command_line) override {
503 // Browser will ignore certificate errors.
504 command_line->AppendSwitch(switches::kIgnoreCertificateErrors);
505 }
506 };
507
508 class SSLUITestIgnoreLocalhostCertErrors : public SSLUITest {
509 public:
510 SSLUITestIgnoreLocalhostCertErrors() : SSLUITest() {}
511
512 void SetUpCommandLine(base::CommandLine* command_line) override {
513 // Browser will ignore certificate errors on localhost.
514 command_line->AppendSwitch(switches::kAllowInsecureLocalhost);
515 }
516 };
517
518 class SSLUITestWithExtendedReporting : public SSLUITest {
519 public:
520 SSLUITestWithExtendedReporting() : SSLUITest() {}
521
522 void SetUpCommandLine(base::CommandLine* command_line) override {
523 // Enable a checkbox on SSL interstitials that allows users to opt
524 // in to reporting invalid certificate chains.
525 command_line->AppendSwitch(switches::kEnableInvalidCertCollection);
526 }
527 };
528
529 // Visits a regular page over http.
530 IN_PROC_BROWSER_TEST_F(SSLUITest, TestHTTP) {
531 ASSERT_TRUE(test_server()->Start());
532
533 ui_test_utils::NavigateToURL(browser(),
534 test_server()->GetURL("files/ssl/google.html"));
535
536 CheckUnauthenticatedState(
537 browser()->tab_strip_model()->GetActiveWebContents(), AuthState::NONE);
538 }
539
540 // Visits a page over http which includes broken https resources (status should
541 // be OK).
542 // TODO(jcampan): test that bad HTTPS content is blocked (otherwise we'll give
543 // the secure cookies away!).
544 IN_PROC_BROWSER_TEST_F(SSLUITest, TestHTTPWithBrokenHTTPSResource) {
545 ASSERT_TRUE(test_server()->Start());
546 ASSERT_TRUE(https_server_expired_.Start());
547
548 std::string replacement_path;
549 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement(
550 "files/ssl/page_with_unsafe_contents.html",
551 https_server_expired_.host_port_pair(),
552 &replacement_path));
553
554 ui_test_utils::NavigateToURL(
555 browser(), test_server()->GetURL(replacement_path));
556
557 CheckUnauthenticatedState(
558 browser()->tab_strip_model()->GetActiveWebContents(), AuthState::NONE);
559 }
560
561 IN_PROC_BROWSER_TEST_F(SSLUITest, TestBrokenHTTPSWithInsecureContent) {
562 ASSERT_TRUE(test_server()->Start());
563 ASSERT_TRUE(https_server_expired_.Start());
564
565 std::string replacement_path;
566 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement(
567 "files/ssl/page_displays_insecure_content.html",
568 test_server()->host_port_pair(),
569 &replacement_path));
570
571 ui_test_utils::NavigateToURL(browser(),
572 https_server_expired_.GetURL(replacement_path));
573
574 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
575 CheckAuthenticationBrokenState(
576 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
577
578 ProceedThroughInterstitial(tab);
579
580 CheckAuthenticationBrokenState(tab,
581 net::CERT_STATUS_DATE_INVALID,
582 AuthState::DISPLAYED_INSECURE_CONTENT);
583 }
584
585 // http://crbug.com/91745
586 #if defined(OS_CHROMEOS)
587 #define MAYBE_TestOKHTTPS DISABLED_TestOKHTTPS
588 #else
589 #define MAYBE_TestOKHTTPS TestOKHTTPS
590 #endif
591
592 // Visits a page over OK https:
593 IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestOKHTTPS) {
594 ASSERT_TRUE(https_server_.Start());
595
596 ui_test_utils::NavigateToURL(browser(),
597 https_server_.GetURL("files/ssl/google.html"));
598
599 CheckAuthenticatedState(browser()->tab_strip_model()->GetActiveWebContents(),
600 AuthState::NONE);
601 }
602
603 // Visits a page with https error and proceed:
604 #if defined(OS_LINUX)
605 // flaky http://crbug.com/396462
606 #define MAYBE_TestHTTPSExpiredCertAndProceed \
607 DISABLED_TestHTTPSExpiredCertAndProceed
608 #else
609 #define MAYBE_TestHTTPSExpiredCertAndProceed TestHTTPSExpiredCertAndProceed
610 #endif
611 IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestHTTPSExpiredCertAndProceed) {
612 ASSERT_TRUE(https_server_expired_.Start());
613
614 ui_test_utils::NavigateToURL(browser(),
615 https_server_expired_.GetURL("files/ssl/google.html"));
616
617 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
618 CheckAuthenticationBrokenState(
619 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
620
621 ProceedThroughInterstitial(tab);
622
623 CheckAuthenticationBrokenState(
624 tab, net::CERT_STATUS_DATE_INVALID, AuthState::NONE);
625 }
626
627 #ifndef NEDBUG
628 // Flaky on Windows debug (http://crbug.com/280537).
629 #define MAYBE_TestHTTPSExpiredCertAndDontProceed \
630 DISABLED_TestHTTPSExpiredCertAndDontProceed
631 #else
632 #define MAYBE_TestHTTPSExpiredCertAndDontProceed \
633 TestHTTPSExpiredCertAndDontProceed
634 #endif
635
636 // Visits a page with https error and don't proceed (and ensure we can still
637 // navigate at that point):
638 IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestHTTPSExpiredCertAndDontProceed) {
639 ASSERT_TRUE(test_server()->Start());
640 ASSERT_TRUE(https_server_.Start());
641 ASSERT_TRUE(https_server_expired_.Start());
642
643 // First navigate to an OK page.
644 ui_test_utils::NavigateToURL(browser(),
645 https_server_.GetURL("files/ssl/google.html"));
646
647 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
648 NavigationEntry* entry = tab->GetController().GetActiveEntry();
649 ASSERT_TRUE(entry);
650
651 GURL cross_site_url =
652 https_server_expired_.GetURL("files/ssl/google.html");
653 // Change the host name from 127.0.0.1 to localhost so it triggers a
654 // cross-site navigation so we can test http://crbug.com/5800 is gone.
655 ASSERT_EQ("127.0.0.1", cross_site_url.host());
656 GURL::Replacements replacements;
657 replacements.SetHostStr("localhost");
658 cross_site_url = cross_site_url.ReplaceComponents(replacements);
659
660 // Now go to a bad HTTPS page.
661 ui_test_utils::NavigateToURL(browser(), cross_site_url);
662
663 // An interstitial should be showing.
664 CheckAuthenticationBrokenState(tab,
665 net::CERT_STATUS_COMMON_NAME_INVALID,
666 AuthState::SHOWING_INTERSTITIAL);
667
668 // Simulate user clicking "Take me back".
669 InterstitialPage* interstitial_page = tab->GetInterstitialPage();
670 ASSERT_TRUE(interstitial_page);
671 ASSERT_EQ(SSLBlockingPage::kTypeForTesting,
672 interstitial_page->GetDelegateForTesting()->GetTypeForTesting());
673 interstitial_page->DontProceed();
674
675 // We should be back to the original good page.
676 CheckAuthenticatedState(tab, AuthState::NONE);
677
678 // Try to navigate to a new page. (to make sure bug 5800 is fixed).
679 ui_test_utils::NavigateToURL(browser(),
680 test_server()->GetURL("files/ssl/google.html"));
681 CheckUnauthenticatedState(tab, AuthState::NONE);
682 }
683
684 // Test that localhost pages don't show an interstitial.
685 IN_PROC_BROWSER_TEST_F(SSLUITestIgnoreLocalhostCertErrors,
686 TestNoInterstitialOnLocalhost) {
687 ASSERT_TRUE(https_server_.Start());
688
689 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
690
691 // Navigate to a localhost page.
692 GURL url = https_server_.GetURL("files/ssl/page_with_subresource.html");
693 GURL::Replacements replacements;
694 std::string new_host("localhost");
695 replacements.SetHostStr(new_host);
696 url = url.ReplaceComponents(replacements);
697
698 ui_test_utils::NavigateToURL(browser(), url);
699
700 // We should see no interstitial, but we should have an error
701 // (red-crossed-out-https) in the URL bar.
702 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_COMMON_NAME_INVALID,
703 AuthState::NONE);
704
705 // We should see that the script tag in the page loaded and ran (and
706 // wasn't blocked by the certificate error).
707 base::string16 title;
708 base::string16 expected_title = base::ASCIIToUTF16("This script has loaded");
709 ui_test_utils::GetCurrentTabTitle(browser(), &title);
710 EXPECT_EQ(title, expected_title);
711 }
712
713 // Visits a page with https error and then goes back using Browser::GoBack.
714 IN_PROC_BROWSER_TEST_F(SSLUITest,
715 TestHTTPSExpiredCertAndGoBackViaButton) {
716 ASSERT_TRUE(test_server()->Start());
717 ASSERT_TRUE(https_server_expired_.Start());
718
719 // First navigate to an HTTP page.
720 ui_test_utils::NavigateToURL(browser(),
721 test_server()->GetURL("files/ssl/google.html"));
722 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
723 NavigationEntry* entry = tab->GetController().GetActiveEntry();
724 ASSERT_TRUE(entry);
725
726 // Now go to a bad HTTPS page that shows an interstitial.
727 ui_test_utils::NavigateToURL(browser(),
728 https_server_expired_.GetURL("files/ssl/google.html"));
729 CheckAuthenticationBrokenState(
730 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
731
732 ProvisionalLoadWaiter load_failed_observer(tab);
733
734 // Simulate user clicking on back button (crbug.com/39248).
735 chrome::GoBack(browser(), CURRENT_TAB);
736
737 // Wait until we hear the load failure, and make sure we haven't swapped out
738 // the previous page. Prevents regression of http://crbug.com/82667.
739 // TODO(creis/nick): Move the swapped-out part of this test into content
740 // and remove IsRenderViewHostSwappedOut from the public API.
741 load_failed_observer.Wait();
742 EXPECT_FALSE(content::RenderFrameHostTester::IsRenderFrameHostSwappedOut(
743 tab->GetMainFrame()));
744
745 // We should be back at the original good page.
746 EXPECT_FALSE(browser()->tab_strip_model()->GetActiveWebContents()->
747 GetInterstitialPage());
748 CheckUnauthenticatedState(tab, AuthState::NONE);
749 }
750
751 // Visits a page with https error and then goes back using GoToOffset.
752 // Disabled because its flaky: http://crbug.com/40932, http://crbug.com/43575.
753 IN_PROC_BROWSER_TEST_F(SSLUITest,
754 TestHTTPSExpiredCertAndGoBackViaMenu) {
755 ASSERT_TRUE(test_server()->Start());
756 ASSERT_TRUE(https_server_expired_.Start());
757
758 // First navigate to an HTTP page.
759 ui_test_utils::NavigateToURL(browser(),
760 test_server()->GetURL("files/ssl/google.html"));
761 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
762 NavigationEntry* entry = tab->GetController().GetActiveEntry();
763 ASSERT_TRUE(entry);
764
765 // Now go to a bad HTTPS page that shows an interstitial.
766 ui_test_utils::NavigateToURL(browser(),
767 https_server_expired_.GetURL("files/ssl/google.html"));
768 CheckAuthenticationBrokenState(
769 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
770
771 // Simulate user clicking and holding on back button (crbug.com/37215).
772 tab->GetController().GoToOffset(-1);
773
774 // We should be back at the original good page.
775 EXPECT_FALSE(browser()->tab_strip_model()->GetActiveWebContents()->
776 GetInterstitialPage());
777 CheckUnauthenticatedState(tab, AuthState::NONE);
778 }
779
780 // Visits a page with https error and then goes forward using GoToOffset.
781 IN_PROC_BROWSER_TEST_F(SSLUITest, TestHTTPSExpiredCertAndGoForward) {
782 ASSERT_TRUE(test_server()->Start());
783 ASSERT_TRUE(https_server_expired_.Start());
784
785 // First navigate to two HTTP pages.
786 ui_test_utils::NavigateToURL(browser(),
787 test_server()->GetURL("files/ssl/google.html"));
788 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
789 NavigationEntry* entry1 = tab->GetController().GetActiveEntry();
790 ASSERT_TRUE(entry1);
791 ui_test_utils::NavigateToURL(browser(),
792 test_server()->GetURL("files/ssl/blank_page.html"));
793 NavigationEntry* entry2 = tab->GetController().GetActiveEntry();
794 ASSERT_TRUE(entry2);
795
796 // Now go back so that a page is in the forward history.
797 {
798 content::WindowedNotificationObserver observer(
799 content::NOTIFICATION_LOAD_STOP,
800 content::Source<NavigationController>(&tab->GetController()));
801 tab->GetController().GoBack();
802 observer.Wait();
803 }
804 ASSERT_TRUE(tab->GetController().CanGoForward());
805 NavigationEntry* entry3 = tab->GetController().GetActiveEntry();
806 ASSERT_TRUE(entry1 == entry3);
807
808 // Now go to a bad HTTPS page that shows an interstitial.
809 ui_test_utils::NavigateToURL(browser(),
810 https_server_expired_.GetURL("files/ssl/google.html"));
811 CheckAuthenticationBrokenState(
812 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
813
814 // Simulate user clicking and holding on forward button.
815 {
816 content::WindowedNotificationObserver observer(
817 content::NOTIFICATION_LOAD_STOP,
818 content::Source<NavigationController>(&tab->GetController()));
819 tab->GetController().GoToOffset(1);
820 observer.Wait();
821 }
822
823 // We should be showing the second good page.
824 EXPECT_FALSE(browser()->tab_strip_model()->GetActiveWebContents()->
825 GetInterstitialPage());
826 CheckUnauthenticatedState(tab, AuthState::NONE);
827 EXPECT_FALSE(tab->GetController().CanGoForward());
828 NavigationEntry* entry4 = tab->GetController().GetActiveEntry();
829 EXPECT_TRUE(entry2 == entry4);
830 }
831
832 // Visit a HTTP page which request WSS connection to a server providing invalid
833 // certificate. Close the page while WSS connection waits for SSLManager's
834 // response from UI thread.
835 // Disabled on Windows because it was flaking on XP Tests (1). crbug.com/165258
836 #if defined(OS_WIN)
837 #define MAYBE_TestWSSInvalidCertAndClose DISABLED_TestWSSInvalidCertAndClose
838 #else
839 #define MAYBE_TestWSSInvalidCertAndClose TestWSSInvalidCertAndClose
840 #endif
841 IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestWSSInvalidCertAndClose) {
842 ASSERT_TRUE(test_server()->Start());
843 ASSERT_TRUE(wss_server_expired_.Start());
844
845 // Setup page title observer.
846 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
847 content::TitleWatcher watcher(tab, ASCIIToUTF16("PASS"));
848 watcher.AlsoWaitForTitle(ASCIIToUTF16("FAIL"));
849
850 // Create GURLs to test pages.
851 std::string master_url_path = base::StringPrintf("%s?%d",
852 test_server()->GetURL("files/ssl/wss_close.html").spec().c_str(),
853 wss_server_expired_.host_port_pair().port());
854 GURL master_url(master_url_path);
855 std::string slave_url_path = base::StringPrintf("%s?%d",
856 test_server()->GetURL("files/ssl/wss_close_slave.html").spec().c_str(),
857 wss_server_expired_.host_port_pair().port());
858 GURL slave_url(slave_url_path);
859
860 // Create tabs and visit pages which keep on creating wss connections.
861 WebContents* tabs[16];
862 for (int i = 0; i < 16; ++i) {
863 tabs[i] = chrome::AddSelectedTabWithURL(browser(), slave_url,
864 ui::PAGE_TRANSITION_LINK);
865 }
866 chrome::SelectNextTab(browser());
867
868 // Visit a page which waits for one TLS handshake failure.
869 // The title will be changed to 'PASS'.
870 ui_test_utils::NavigateToURL(browser(), master_url);
871 const base::string16 result = watcher.WaitAndGetTitle();
872 EXPECT_TRUE(LowerCaseEqualsASCII(result, "pass"));
873
874 // Close tabs which contains the test page.
875 for (int i = 0; i < 16; ++i)
876 chrome::CloseWebContents(browser(), tabs[i], false);
877 chrome::CloseWebContents(browser(), tab, false);
878 }
879
880 // Visit a HTTPS page and proceeds despite an invalid certificate. The page
881 // requests WSS connection to the same origin host to check if WSS connection
882 // share certificates policy with HTTPS correcly.
883 IN_PROC_BROWSER_TEST_F(SSLUITest, TestWSSInvalidCertAndGoForward) {
884 ASSERT_TRUE(test_server()->Start());
885 ASSERT_TRUE(wss_server_expired_.Start());
886
887 // Setup page title observer.
888 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
889 content::TitleWatcher watcher(tab, ASCIIToUTF16("PASS"));
890 watcher.AlsoWaitForTitle(ASCIIToUTF16("FAIL"));
891
892 // Visit bad HTTPS page.
893 GURL::Replacements replacements;
894 replacements.SetSchemeStr("https");
895 ui_test_utils::NavigateToURL(
896 browser(),
897 wss_server_expired_.GetURL(
898 "connect_check.html").ReplaceComponents(replacements));
899 CheckAuthenticationBrokenState(
900 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
901
902 // Proceed anyway.
903 ProceedThroughInterstitial(tab);
904
905 // Test page run a WebSocket wss connection test. The result will be shown
906 // as page title.
907 const base::string16 result = watcher.WaitAndGetTitle();
908 EXPECT_TRUE(LowerCaseEqualsASCII(result, "pass"));
909 }
910
911 #if defined(USE_NSS)
912 class SSLUITestWithClientCert : public SSLUITest {
913 public:
914 SSLUITestWithClientCert() : cert_db_(NULL) {}
915
916 void SetUpOnMainThread() override {
917 SSLUITest::SetUpOnMainThread();
918
919 base::RunLoop loop;
920 GetNSSCertDatabaseForProfile(
921 browser()->profile(),
922 base::Bind(&SSLUITestWithClientCert::DidGetCertDatabase,
923 base::Unretained(this),
924 &loop));
925 loop.Run();
926 }
927
928 protected:
929 void DidGetCertDatabase(base::RunLoop* loop, net::NSSCertDatabase* cert_db) {
930 cert_db_ = cert_db;
931 loop->Quit();
932 }
933
934 net::NSSCertDatabase* cert_db_;
935 };
936
937 // SSL client certificate tests are only enabled when using NSS for private key
938 // storage, as only NSS can avoid modifying global machine state when testing.
939 // See http://crbug.com/51132
940
941 // Visit a HTTPS page which requires client cert authentication. The client
942 // cert will be selected automatically, then a test which uses WebSocket runs.
943 IN_PROC_BROWSER_TEST_F(SSLUITestWithClientCert, TestWSSClientCert) {
944 // Import a client cert for test.
945 scoped_refptr<net::CryptoModule> crypt_module = cert_db_->GetPublicModule();
946 std::string pkcs12_data;
947 base::FilePath cert_path = net::GetTestCertsDirectory().Append(
948 FILE_PATH_LITERAL("websocket_client_cert.p12"));
949 EXPECT_TRUE(base::ReadFileToString(cert_path, &pkcs12_data));
950 EXPECT_EQ(net::OK,
951 cert_db_->ImportFromPKCS12(
952 crypt_module.get(), pkcs12_data, base::string16(), true, NULL));
953
954 // Start WebSocket test server with TLS and client cert authentication.
955 net::SpawnedTestServer::SSLOptions options(
956 net::SpawnedTestServer::SSLOptions::CERT_OK);
957 options.request_client_certificate = true;
958 base::FilePath ca_path = net::GetTestCertsDirectory().Append(
959 FILE_PATH_LITERAL("websocket_cacert.pem"));
960 options.client_authorities.push_back(ca_path);
961 net::SpawnedTestServer wss_server(net::SpawnedTestServer::TYPE_WSS,
962 options,
963 net::GetWebSocketTestDataDirectory());
964 ASSERT_TRUE(wss_server.Start());
965 GURL::Replacements replacements;
966 replacements.SetSchemeStr("https");
967 GURL url = wss_server.GetURL("connect_check.html").ReplaceComponents(
968 replacements);
969
970 // Setup page title observer.
971 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
972 content::TitleWatcher watcher(tab, ASCIIToUTF16("PASS"));
973 watcher.AlsoWaitForTitle(ASCIIToUTF16("FAIL"));
974
975 // Add an entry into AutoSelectCertificateForUrls policy for automatic client
976 // cert selection.
977 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext());
978 DCHECK(profile);
979 scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
980 dict->SetString("ISSUER.CN", "pywebsocket");
981 profile->GetHostContentSettingsMap()->SetWebsiteSetting(
982 ContentSettingsPattern::FromURL(url),
983 ContentSettingsPattern::FromURL(url),
984 CONTENT_SETTINGS_TYPE_AUTO_SELECT_CERTIFICATE,
985 std::string(),
986 dict.release());
987
988 // Visit a HTTPS page which requires client certs.
989 ui_test_utils::NavigateToURL(browser(), url);
990 CheckAuthenticatedState(tab, AuthState::NONE);
991
992 // Test page runs a WebSocket wss connection test. The result will be shown
993 // as page title.
994 const base::string16 result = watcher.WaitAndGetTitle();
995 EXPECT_TRUE(LowerCaseEqualsASCII(result, "pass"));
996 }
997 #endif // defined(USE_NSS)
998
999 // Flaky on CrOS http://crbug.com/92292
1000 #if defined(OS_CHROMEOS)
1001 #define MAYBE_TestHTTPSErrorWithNoNavEntry \
1002 DISABLED_TestHTTPSErrorWithNoNavEntry
1003 #else
1004 #define MAYBE_TestHTTPSErrorWithNoNavEntry TestHTTPSErrorWithNoNavEntry
1005 #endif // defined(OS_CHROMEOS)
1006
1007 // Open a page with a HTTPS error in a tab with no prior navigation (through a
1008 // link with a blank target). This is to test that the lack of navigation entry
1009 // does not cause any problems (it was causing a crasher, see
1010 // http://crbug.com/19941).
1011 IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestHTTPSErrorWithNoNavEntry) {
1012 ASSERT_TRUE(https_server_expired_.Start());
1013
1014 GURL url = https_server_expired_.GetURL("files/ssl/google.htm");
1015 WebContents* tab2 = chrome::AddSelectedTabWithURL(
1016 browser(), url, ui::PAGE_TRANSITION_TYPED);
1017 content::WaitForLoadStop(tab2);
1018
1019 // Verify our assumption that there was no prior navigation.
1020 EXPECT_FALSE(chrome::CanGoBack(browser()));
1021
1022 // We should have an interstitial page showing.
1023 ASSERT_TRUE(tab2->GetInterstitialPage());
1024 ASSERT_EQ(SSLBlockingPage::kTypeForTesting, tab2->GetInterstitialPage()
1025 ->GetDelegateForTesting()
1026 ->GetTypeForTesting());
1027 }
1028
1029 IN_PROC_BROWSER_TEST_F(SSLUITest, TestBadHTTPSDownload) {
1030 ASSERT_TRUE(test_server()->Start());
1031 ASSERT_TRUE(https_server_expired_.Start());
1032 GURL url_non_dangerous = test_server()->GetURL(std::string());
1033 GURL url_dangerous =
1034 https_server_expired_.GetURL("files/downloads/dangerous/dangerous.exe");
1035 base::ScopedTempDir downloads_directory_;
1036
1037 // Need empty temp dir to avoid having Chrome ask us for a new filename
1038 // when we've downloaded dangerous.exe one hundred times.
1039 ASSERT_TRUE(downloads_directory_.CreateUniqueTempDir());
1040
1041 browser()->profile()->GetPrefs()->SetFilePath(
1042 prefs::kDownloadDefaultDirectory,
1043 downloads_directory_.path());
1044
1045 // Visit a non-dangerous page.
1046 ui_test_utils::NavigateToURL(browser(), url_non_dangerous);
1047
1048 // Now, start a transition to dangerous download.
1049 {
1050 content::WindowedNotificationObserver observer(
1051 content::NOTIFICATION_LOAD_STOP,
1052 content::NotificationService::AllSources());
1053 chrome::NavigateParams navigate_params(browser(), url_dangerous,
1054 ui::PAGE_TRANSITION_TYPED);
1055 chrome::Navigate(&navigate_params);
1056 observer.Wait();
1057 }
1058
1059 // To exit the browser cleanly (and this test) we need to complete the
1060 // download after completing this test.
1061 content::DownloadTestObserverTerminal dangerous_download_observer(
1062 content::BrowserContext::GetDownloadManager(browser()->profile()),
1063 1,
1064 content::DownloadTestObserver::ON_DANGEROUS_DOWNLOAD_ACCEPT);
1065
1066 // Proceed through the SSL interstitial. This doesn't use
1067 // |ProceedThroughInterstitial| since no page load will commit.
1068 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
1069 ASSERT_TRUE(tab != NULL);
1070 ASSERT_TRUE(tab->GetInterstitialPage() != NULL);
1071 ASSERT_EQ(
1072 SSLBlockingPage::kTypeForTesting,
1073 tab->GetInterstitialPage()->GetDelegateForTesting()->GetTypeForTesting());
1074 {
1075 content::WindowedNotificationObserver observer(
1076 chrome::NOTIFICATION_DOWNLOAD_INITIATED,
1077 content::NotificationService::AllSources());
1078 tab->GetInterstitialPage()->Proceed();
1079 observer.Wait();
1080 }
1081
1082 // There should still be an interstitial at this point. Press the
1083 // back button on the browser. Note that this doesn't wait for a
1084 // NAV_ENTRY_COMMITTED notification because going back with an
1085 // active interstitial simply hides the interstitial.
1086 ASSERT_TRUE(tab->GetInterstitialPage() != NULL);
1087 ASSERT_EQ(
1088 SSLBlockingPage::kTypeForTesting,
1089 tab->GetInterstitialPage()->GetDelegateForTesting()->GetTypeForTesting());
1090 EXPECT_TRUE(chrome::CanGoBack(browser()));
1091 chrome::GoBack(browser(), CURRENT_TAB);
1092
1093 dangerous_download_observer.WaitForFinished();
1094 }
1095
1096 //
1097 // Insecure content
1098 //
1099
1100 #if defined(OS_WIN)
1101 // http://crbug.com/152940 Flaky on win.
1102 #define MAYBE_TestDisplaysInsecureContent DISABLED_TestDisplaysInsecureContent
1103 #else
1104 #define MAYBE_TestDisplaysInsecureContent TestDisplaysInsecureContent
1105 #endif
1106
1107 // Visits a page that displays insecure content.
1108 IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestDisplaysInsecureContent) {
1109 ASSERT_TRUE(test_server()->Start());
1110 ASSERT_TRUE(https_server_.Start());
1111
1112 std::string replacement_path;
1113 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement(
1114 "files/ssl/page_displays_insecure_content.html",
1115 test_server()->host_port_pair(),
1116 &replacement_path));
1117
1118 // Load a page that displays insecure content.
1119 ui_test_utils::NavigateToURL(browser(),
1120 https_server_.GetURL(replacement_path));
1121
1122 CheckAuthenticatedState(browser()->tab_strip_model()->GetActiveWebContents(),
1123 AuthState::DISPLAYED_INSECURE_CONTENT);
1124 }
1125
1126 // Test that when the checkbox is checked and the user proceeds through
1127 // the interstitial, the FraudulentCertificateReporter sees a request to
1128 // send a report.
1129 IN_PROC_BROWSER_TEST_F(SSLUITestWithExtendedReporting,
1130 TestBrokenHTTPSProceedWithReporting) {
1131 TestBrokenHTTPSReporting(CertificateReporting::EXTENDED_REPORTING_OPT_IN,
1132 CertificateReporting::SSL_INTERSTITIAL_PROCEED,
1133 CertificateReporting::CERT_REPORT_EXPECTED,
1134 browser());
1135 }
1136
1137 // Test that when the checkbox is checked and the user goes back (does
1138 // not proceed through the interstitial), the
1139 // FraudulentCertificateReporter sees a request to send a report.
1140 IN_PROC_BROWSER_TEST_F(SSLUITestWithExtendedReporting,
1141 TestBrokenHTTPSGoBackWithReporting) {
1142 TestBrokenHTTPSReporting(
1143 CertificateReporting::EXTENDED_REPORTING_OPT_IN,
1144 CertificateReporting::SSL_INTERSTITIAL_DO_NOT_PROCEED,
1145 CertificateReporting::CERT_REPORT_EXPECTED, browser());
1146 }
1147
1148 // Test that when the checkbox is not checked and the user proceeds
1149 // through the interstitial, the FraudulentCertificateReporter does not
1150 // see a request to send a report.
1151 IN_PROC_BROWSER_TEST_F(SSLUITestWithExtendedReporting,
1152 TestBrokenHTTPSProceedWithNoReporting) {
1153 TestBrokenHTTPSReporting(
1154 CertificateReporting::EXTENDED_REPORTING_DO_NOT_OPT_IN,
1155 CertificateReporting::SSL_INTERSTITIAL_PROCEED,
1156 CertificateReporting::CERT_REPORT_NOT_EXPECTED, browser());
1157 }
1158
1159 // Test that when the checkbox is not checked and the user does not proceed
1160 // through the interstitial, the FraudulentCertificateReporter does not
1161 // see a request to send a report.
1162 IN_PROC_BROWSER_TEST_F(SSLUITestWithExtendedReporting,
1163 TestBrokenHTTPSGoBackWithNoReporting) {
1164 TestBrokenHTTPSReporting(
1165 CertificateReporting::EXTENDED_REPORTING_DO_NOT_OPT_IN,
1166 CertificateReporting::SSL_INTERSTITIAL_DO_NOT_PROCEED,
1167 CertificateReporting::CERT_REPORT_NOT_EXPECTED, browser());
1168 }
1169
1170 // Test that when the command-line switch for reporting invalid cert
1171 // chains is not enabled, reports don't get sent, even if the opt-in
1172 // preference is set. (i.e. if a user enables invalid cert collection in
1173 // chrome://flags, checks the box on an interstitial, and then disables
1174 // the flag in chrome://flags, reports shouldn't be sent on the next
1175 // interstitial).
1176 IN_PROC_BROWSER_TEST_F(SSLUITest, TestBrokenHTTPSNoReportingWithoutSwitch) {
1177 TestBrokenHTTPSReporting(CertificateReporting::EXTENDED_REPORTING_OPT_IN,
1178 CertificateReporting::SSL_INTERSTITIAL_PROCEED,
1179 CertificateReporting::CERT_REPORT_NOT_EXPECTED,
1180 browser());
1181 }
1182
1183 // Test that reports don't get sent in incognito mode even if the opt-in
1184 // preference is set and the command-line switch is enabled.
1185 IN_PROC_BROWSER_TEST_F(SSLUITestWithExtendedReporting,
1186 TestBrokenHTTPSNoReportingInIncognito) {
1187 TestBrokenHTTPSReporting(CertificateReporting::EXTENDED_REPORTING_OPT_IN,
1188 CertificateReporting::SSL_INTERSTITIAL_PROCEED,
1189 CertificateReporting::CERT_REPORT_NOT_EXPECTED,
1190 CreateIncognitoBrowser());
1191 }
1192
1193 // Visits a page that runs insecure content and tries to suppress the insecure
1194 // content warnings by randomizing location.hash.
1195 // Based on http://crbug.com/8706
1196 IN_PROC_BROWSER_TEST_F(SSLUITest,
1197 TestRunsInsecuredContentRandomizeHash) {
1198 ASSERT_TRUE(test_server()->Start());
1199 ASSERT_TRUE(https_server_.Start());
1200
1201 ui_test_utils::NavigateToURL(browser(), https_server_.GetURL(
1202 "files/ssl/page_runs_insecure_content.html"));
1203
1204 CheckAuthenticationBrokenState(
1205 browser()->tab_strip_model()->GetActiveWebContents(),
1206 CertError::NONE,
1207 AuthState::DISPLAYED_INSECURE_CONTENT | AuthState::RAN_INSECURE_CONTENT);
1208 }
1209
1210 // Visits a page with unsafe content and make sure that:
1211 // - frames content is replaced with warning
1212 // - images and scripts are filtered out entirely
1213 IN_PROC_BROWSER_TEST_F(SSLUITest, TestUnsafeContents) {
1214 ASSERT_TRUE(https_server_.Start());
1215 ASSERT_TRUE(https_server_expired_.Start());
1216
1217 std::string replacement_path;
1218 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement(
1219 "files/ssl/page_with_unsafe_contents.html",
1220 https_server_expired_.host_port_pair(),
1221 &replacement_path));
1222 ui_test_utils::NavigateToURL(browser(),
1223 https_server_.GetURL(replacement_path));
1224
1225 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
1226 // When the bad content is filtered, the state is expected to be
1227 // authenticated.
1228 CheckAuthenticatedState(tab, AuthState::NONE);
1229
1230 // Because of cross-frame scripting restrictions, we cannot access the iframe
1231 // content. So to know if the frame was loaded, we just check if a popup was
1232 // opened (the iframe content opens one).
1233 // Note: because of bug 1115868, no web contents modal dialog is opened right
1234 // now. Once the bug is fixed, this will do the real check.
1235 EXPECT_FALSE(IsShowingWebContentsModalDialog());
1236
1237 int img_width;
1238 EXPECT_TRUE(content::ExecuteScriptAndExtractInt(
1239 tab,
1240 "window.domAutomationController.send(ImageWidth());",
1241 &img_width));
1242 // In order to check that the image was not loaded, we check its width.
1243 // The actual image (Google logo) is 114 pixels wide, we assume the broken
1244 // image is less than 100.
1245 EXPECT_LT(img_width, 100);
1246
1247 bool js_result = false;
1248 EXPECT_TRUE(content::ExecuteScriptAndExtractBool(
1249 tab,
1250 "window.domAutomationController.send(IsFooSet());",
1251 &js_result));
1252 EXPECT_FALSE(js_result);
1253 }
1254
1255 // Visits a page with insecure content loaded by JS (after the initial page
1256 // load).
1257 #if defined(OS_LINUX)
1258 // flaky http://crbug.com/396462
1259 #define MAYBE_TestDisplaysInsecureContentLoadedFromJS \
1260 DISABLED_TestDisplaysInsecureContentLoadedFromJS
1261 #else
1262 #define MAYBE_TestDisplaysInsecureContentLoadedFromJS \
1263 TestDisplaysInsecureContentLoadedFromJS
1264 #endif
1265 IN_PROC_BROWSER_TEST_F(SSLUITest,
1266 MAYBE_TestDisplaysInsecureContentLoadedFromJS) {
1267 ASSERT_TRUE(test_server()->Start());
1268 ASSERT_TRUE(https_server_.Start());
1269
1270 std::string replacement_path;
1271 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement(
1272 "files/ssl/page_with_dynamic_insecure_content.html",
1273 test_server()->host_port_pair(),
1274 &replacement_path));
1275 ui_test_utils::NavigateToURL(browser(), https_server_.GetURL(
1276 replacement_path));
1277
1278 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
1279 CheckAuthenticatedState(tab, AuthState::NONE);
1280
1281 // Load the insecure image.
1282 bool js_result = false;
1283 EXPECT_TRUE(content::ExecuteScriptAndExtractBool(
1284 tab,
1285 "loadBadImage();",
1286 &js_result));
1287 EXPECT_TRUE(js_result);
1288
1289 // We should now have insecure content.
1290 CheckAuthenticatedState(tab, AuthState::DISPLAYED_INSECURE_CONTENT);
1291 }
1292
1293 // Visits two pages from the same origin: one that displays insecure content and
1294 // one that doesn't. The test checks that we do not propagate the insecure
1295 // content state from one to the other.
1296 IN_PROC_BROWSER_TEST_F(SSLUITest, TestDisplaysInsecureContentTwoTabs) {
1297 ASSERT_TRUE(test_server()->Start());
1298 ASSERT_TRUE(https_server_.Start());
1299
1300 ui_test_utils::NavigateToURL(browser(),
1301 https_server_.GetURL("files/ssl/blank_page.html"));
1302
1303 WebContents* tab1 = browser()->tab_strip_model()->GetActiveWebContents();
1304
1305 // This tab should be fine.
1306 CheckAuthenticatedState(tab1, AuthState::NONE);
1307
1308 // Create a new tab.
1309 std::string replacement_path;
1310 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement(
1311 "files/ssl/page_displays_insecure_content.html",
1312 test_server()->host_port_pair(),
1313 &replacement_path));
1314
1315 GURL url = https_server_.GetURL(replacement_path);
1316 chrome::NavigateParams params(browser(), url, ui::PAGE_TRANSITION_TYPED);
1317 params.disposition = NEW_FOREGROUND_TAB;
1318 params.tabstrip_index = 0;
1319 params.source_contents = tab1;
1320 content::WindowedNotificationObserver observer(
1321 content::NOTIFICATION_LOAD_STOP,
1322 content::NotificationService::AllSources());
1323 chrome::Navigate(&params);
1324 WebContents* tab2 = params.target_contents;
1325 observer.Wait();
1326
1327 // The new tab has insecure content.
1328 CheckAuthenticatedState(tab2, AuthState::DISPLAYED_INSECURE_CONTENT);
1329
1330 // The original tab should not be contaminated.
1331 CheckAuthenticatedState(tab1, AuthState::NONE);
1332 }
1333
1334 // Visits two pages from the same origin: one that runs insecure content and one
1335 // that doesn't. The test checks that we propagate the insecure content state
1336 // from one to the other.
1337 IN_PROC_BROWSER_TEST_F(SSLUITest, TestRunsInsecureContentTwoTabs) {
1338 ASSERT_TRUE(test_server()->Start());
1339 ASSERT_TRUE(https_server_.Start());
1340
1341 ui_test_utils::NavigateToURL(browser(),
1342 https_server_.GetURL("files/ssl/blank_page.html"));
1343
1344 WebContents* tab1 = browser()->tab_strip_model()->GetActiveWebContents();
1345
1346 // This tab should be fine.
1347 CheckAuthenticatedState(tab1, AuthState::NONE);
1348
1349 std::string replacement_path;
1350 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement(
1351 "files/ssl/page_runs_insecure_content.html",
1352 test_server()->host_port_pair(),
1353 &replacement_path));
1354
1355 // Create a new tab in the same process. Using a NEW_FOREGROUND_TAB
1356 // disposition won't usually stay in the same process, but this works
1357 // because we are using process-per-site in SetUpCommandLine.
1358 GURL url = https_server_.GetURL(replacement_path);
1359 chrome::NavigateParams params(browser(), url, ui::PAGE_TRANSITION_TYPED);
1360 params.disposition = NEW_FOREGROUND_TAB;
1361 params.source_contents = tab1;
1362 content::WindowedNotificationObserver observer(
1363 content::NOTIFICATION_LOAD_STOP,
1364 content::NotificationService::AllSources());
1365 chrome::Navigate(&params);
1366 WebContents* tab2 = params.target_contents;
1367 observer.Wait();
1368
1369 // Both tabs should have the same process.
1370 EXPECT_EQ(tab1->GetRenderProcessHost(), tab2->GetRenderProcessHost());
1371
1372 // The new tab has insecure content.
1373 CheckAuthenticationBrokenState(
1374 tab2,
1375 CertError::NONE,
1376 AuthState::DISPLAYED_INSECURE_CONTENT | AuthState::RAN_INSECURE_CONTENT);
1377
1378 // Which means the origin for the first tab has also been contaminated with
1379 // insecure content.
1380 CheckAuthenticationBrokenState(
1381 tab1, CertError::NONE, AuthState::RAN_INSECURE_CONTENT);
1382 }
1383
1384 // Visits a page with an image over http. Visits another page over https
1385 // referencing that same image over http (hoping it is coming from the webcore
1386 // memory cache).
1387 IN_PROC_BROWSER_TEST_F(SSLUITest, TestDisplaysCachedInsecureContent) {
1388 ASSERT_TRUE(test_server()->Start());
1389 ASSERT_TRUE(https_server_.Start());
1390
1391 std::string replacement_path;
1392 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement(
1393 "files/ssl/page_displays_insecure_content.html",
1394 test_server()->host_port_pair(),
1395 &replacement_path));
1396
1397 // Load original page over HTTP.
1398 const GURL url_http = test_server()->GetURL(replacement_path);
1399 ui_test_utils::NavigateToURL(browser(), url_http);
1400 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
1401 CheckUnauthenticatedState(tab, AuthState::NONE);
1402
1403 // Load again but over SSL. It should be marked as displaying insecure
1404 // content (even though the image comes from the WebCore memory cache).
1405 const GURL url_https = https_server_.GetURL(replacement_path);
1406 ui_test_utils::NavigateToURL(browser(), url_https);
1407 CheckAuthenticatedState(tab, AuthState::DISPLAYED_INSECURE_CONTENT);
1408 }
1409
1410 // http://crbug.com/84729
1411 #if defined(OS_CHROMEOS)
1412 #define MAYBE_TestRunsCachedInsecureContent \
1413 DISABLED_TestRunsCachedInsecureContent
1414 #else
1415 #define MAYBE_TestRunsCachedInsecureContent TestRunsCachedInsecureContent
1416 #endif // defined(OS_CHROMEOS)
1417
1418 // Visits a page with script over http. Visits another page over https
1419 // referencing that same script over http (hoping it is coming from the webcore
1420 // memory cache).
1421 IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestRunsCachedInsecureContent) {
1422 ASSERT_TRUE(test_server()->Start());
1423 ASSERT_TRUE(https_server_.Start());
1424
1425 std::string replacement_path;
1426 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement(
1427 "files/ssl/page_runs_insecure_content.html",
1428 test_server()->host_port_pair(),
1429 &replacement_path));
1430
1431 // Load original page over HTTP.
1432 const GURL url_http = test_server()->GetURL(replacement_path);
1433 ui_test_utils::NavigateToURL(browser(), url_http);
1434 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
1435 CheckUnauthenticatedState(tab, AuthState::NONE);
1436
1437 // Load again but over SSL. It should be marked as displaying insecure
1438 // content (even though the image comes from the WebCore memory cache).
1439 const GURL url_https = https_server_.GetURL(replacement_path);
1440 ui_test_utils::NavigateToURL(browser(), url_https);
1441 CheckAuthenticationBrokenState(
1442 tab,
1443 CertError::NONE,
1444 AuthState::DISPLAYED_INSECURE_CONTENT | AuthState::RAN_INSECURE_CONTENT);
1445 }
1446
1447 // This test ensures the CN invalid status does not 'stick' to a certificate
1448 // (see bug #1044942) and that it depends on the host-name.
1449 // Test if disabled due to flakiness http://crbug.com/368280 .
1450 IN_PROC_BROWSER_TEST_F(SSLUITest, DISABLED_TestCNInvalidStickiness) {
1451 ASSERT_TRUE(https_server_.Start());
1452 ASSERT_TRUE(https_server_mismatched_.Start());
1453
1454 // First we hit the server with hostname, this generates an invalid policy
1455 // error.
1456 ui_test_utils::NavigateToURL(browser(),
1457 https_server_mismatched_.GetURL("files/ssl/google.html"));
1458
1459 // We get an interstitial page as a result.
1460 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
1461 CheckAuthenticationBrokenState(tab,
1462 net::CERT_STATUS_COMMON_NAME_INVALID,
1463 AuthState::SHOWING_INTERSTITIAL);
1464 ProceedThroughInterstitial(tab);
1465 CheckAuthenticationBrokenState(
1466 tab, net::CERT_STATUS_COMMON_NAME_INVALID, AuthState::NONE);
1467
1468 // Now we try again with the right host name this time.
1469 GURL url(https_server_.GetURL("files/ssl/google.html"));
1470 ui_test_utils::NavigateToURL(browser(), url);
1471
1472 // Security state should be OK.
1473 CheckAuthenticatedState(tab, AuthState::NONE);
1474
1475 // Now try again the broken one to make sure it is still broken.
1476 ui_test_utils::NavigateToURL(browser(),
1477 https_server_mismatched_.GetURL("files/ssl/google.html"));
1478
1479 // Since we OKed the interstitial last time, we get right to the page.
1480 CheckAuthenticationBrokenState(
1481 tab, net::CERT_STATUS_COMMON_NAME_INVALID, AuthState::NONE);
1482 }
1483
1484 #if defined(OS_CHROMEOS)
1485 // This test seems to be flaky and hang on chromiumos.
1486 // http://crbug.com/84419
1487 #define MAYBE_TestRefNavigation DISABLED_TestRefNavigation
1488 #else
1489 #define MAYBE_TestRefNavigation TestRefNavigation
1490 #endif
1491
1492 // Test that navigating to a #ref does not change a bad security state.
1493 IN_PROC_BROWSER_TEST_F(SSLUITest, TestRefNavigation) {
1494 ASSERT_TRUE(https_server_expired_.Start());
1495
1496 ui_test_utils::NavigateToURL(browser(),
1497 https_server_expired_.GetURL("files/ssl/page_with_refs.html"));
1498
1499 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
1500 CheckAuthenticationBrokenState(
1501 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
1502
1503 ProceedThroughInterstitial(tab);
1504
1505 CheckAuthenticationBrokenState(
1506 tab, net::CERT_STATUS_DATE_INVALID, AuthState::NONE);
1507 // Now navigate to a ref in the page, the security state should not have
1508 // changed.
1509 ui_test_utils::NavigateToURL(browser(),
1510 https_server_expired_.GetURL("files/ssl/page_with_refs.html#jp"));
1511
1512 CheckAuthenticationBrokenState(
1513 tab, net::CERT_STATUS_DATE_INVALID, AuthState::NONE);
1514 }
1515
1516 // Tests that closing a page that has a unsafe pop-up does not crash the
1517 // browser (bug #1966).
1518 // TODO(jcampan): http://crbug.com/2136 disabled because the popup is not
1519 // opened as it is not initiated by a user gesture.
1520 IN_PROC_BROWSER_TEST_F(SSLUITest, DISABLED_TestCloseTabWithUnsafePopup) {
1521 ASSERT_TRUE(test_server()->Start());
1522 ASSERT_TRUE(https_server_expired_.Start());
1523
1524 std::string replacement_path;
1525 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement(
1526 "files/ssl/page_with_unsafe_popup.html",
1527 https_server_expired_.host_port_pair(),
1528 &replacement_path));
1529
1530 ui_test_utils::NavigateToURL(browser(),
1531 test_server()->GetURL(replacement_path));
1532
1533 WebContents* tab1 = browser()->tab_strip_model()->GetActiveWebContents();
1534 // It is probably overkill to add a notification for a popup-opening, let's
1535 // just poll.
1536 for (int i = 0; i < 10; i++) {
1537 if (IsShowingWebContentsModalDialog())
1538 break;
1539 base::MessageLoop::current()->PostDelayedTask(
1540 FROM_HERE,
1541 base::MessageLoop::QuitClosure(),
1542 base::TimeDelta::FromSeconds(1));
1543 content::RunMessageLoop();
1544 }
1545 ASSERT_TRUE(IsShowingWebContentsModalDialog());
1546
1547 // Let's add another tab to make sure the browser does not exit when we close
1548 // the first tab.
1549 GURL url = test_server()->GetURL("files/ssl/google.html");
1550 content::WindowedNotificationObserver observer(
1551 content::NOTIFICATION_LOAD_STOP,
1552 content::NotificationService::AllSources());
1553 chrome::AddSelectedTabWithURL(browser(), url, ui::PAGE_TRANSITION_TYPED);
1554 observer.Wait();
1555
1556 // Close the first tab.
1557 chrome::CloseWebContents(browser(), tab1, false);
1558 }
1559
1560 // Visit a page over bad https that is a redirect to a page with good https.
1561 IN_PROC_BROWSER_TEST_F(SSLUITest, TestRedirectBadToGoodHTTPS) {
1562 ASSERT_TRUE(https_server_.Start());
1563 ASSERT_TRUE(https_server_expired_.Start());
1564
1565 GURL url1 = https_server_expired_.GetURL("server-redirect?");
1566 GURL url2 = https_server_.GetURL("files/ssl/google.html");
1567
1568 ui_test_utils::NavigateToURL(browser(), GURL(url1.spec() + url2.spec()));
1569
1570 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
1571
1572 CheckAuthenticationBrokenState(
1573 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
1574
1575 ProceedThroughInterstitial(tab);
1576
1577 // We have been redirected to the good page.
1578 CheckAuthenticatedState(tab, AuthState::NONE);
1579 }
1580
1581 // Flaky on Linux. http://crbug.com/368280.
1582 #if defined(OS_LINUX)
1583 #define MAYBE_TestRedirectGoodToBadHTTPS DISABLED_TestRedirectGoodToBadHTTPS
1584 #else
1585 #define MAYBE_TestRedirectGoodToBadHTTPS TestRedirectGoodToBadHTTPS
1586 #endif
1587
1588 // Visit a page over good https that is a redirect to a page with bad https.
1589 IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestRedirectGoodToBadHTTPS) {
1590 ASSERT_TRUE(https_server_.Start());
1591 ASSERT_TRUE(https_server_expired_.Start());
1592
1593 GURL url1 = https_server_.GetURL("server-redirect?");
1594 GURL url2 = https_server_expired_.GetURL("files/ssl/google.html");
1595 ui_test_utils::NavigateToURL(browser(), GURL(url1.spec() + url2.spec()));
1596
1597 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
1598 CheckAuthenticationBrokenState(
1599 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
1600
1601 ProceedThroughInterstitial(tab);
1602
1603 CheckAuthenticationBrokenState(
1604 tab, net::CERT_STATUS_DATE_INVALID, AuthState::NONE);
1605 }
1606
1607 // Visit a page over http that is a redirect to a page with good HTTPS.
1608 IN_PROC_BROWSER_TEST_F(SSLUITest, TestRedirectHTTPToGoodHTTPS) {
1609 ASSERT_TRUE(test_server()->Start());
1610 ASSERT_TRUE(https_server_.Start());
1611
1612 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
1613
1614 // HTTP redirects to good HTTPS.
1615 GURL http_url = test_server()->GetURL("server-redirect?");
1616 GURL good_https_url =
1617 https_server_.GetURL("files/ssl/google.html");
1618
1619 ui_test_utils::NavigateToURL(browser(),
1620 GURL(http_url.spec() + good_https_url.spec()));
1621 CheckAuthenticatedState(tab, AuthState::NONE);
1622 }
1623
1624 // Flaky on Linux. http://crbug.com/368280.
1625 #if defined(OS_LINUX)
1626 #define MAYBE_TestRedirectHTTPToBadHTTPS DISABLED_TestRedirectHTTPToBadHTTPS
1627 #else
1628 #define MAYBE_TestRedirectHTTPToBadHTTPS TestRedirectHTTPToBadHTTPS
1629 #endif
1630
1631 // Visit a page over http that is a redirect to a page with bad HTTPS.
1632 IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestRedirectHTTPToBadHTTPS) {
1633 ASSERT_TRUE(test_server()->Start());
1634 ASSERT_TRUE(https_server_expired_.Start());
1635
1636 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
1637
1638 GURL http_url = test_server()->GetURL("server-redirect?");
1639 GURL bad_https_url =
1640 https_server_expired_.GetURL("files/ssl/google.html");
1641 ui_test_utils::NavigateToURL(browser(),
1642 GURL(http_url.spec() + bad_https_url.spec()));
1643 CheckAuthenticationBrokenState(
1644 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
1645
1646 ProceedThroughInterstitial(tab);
1647
1648 CheckAuthenticationBrokenState(
1649 tab, net::CERT_STATUS_DATE_INVALID, AuthState::NONE);
1650 }
1651
1652 // Visit a page over https that is a redirect to a page with http (to make sure
1653 // we don't keep the secure state).
1654 IN_PROC_BROWSER_TEST_F(SSLUITest, TestRedirectHTTPSToHTTP) {
1655 ASSERT_TRUE(test_server()->Start());
1656 ASSERT_TRUE(https_server_.Start());
1657
1658 GURL https_url = https_server_.GetURL("server-redirect?");
1659 GURL http_url = test_server()->GetURL("files/ssl/google.html");
1660
1661 ui_test_utils::NavigateToURL(browser(),
1662 GURL(https_url.spec() + http_url.spec()));
1663 CheckUnauthenticatedState(
1664 browser()->tab_strip_model()->GetActiveWebContents(), AuthState::NONE);
1665 }
1666
1667 // Visits a page to which we could not connect (bad port) over http and https
1668 // and make sure the security style is correct.
1669 IN_PROC_BROWSER_TEST_F(SSLUITest, TestConnectToBadPort) {
1670 ui_test_utils::NavigateToURL(browser(), GURL("http://localhost:17"));
1671 CheckUnauthenticatedState(
1672 browser()->tab_strip_model()->GetActiveWebContents(),
1673 AuthState::SHOWING_ERROR);
1674
1675 // Same thing over HTTPS.
1676 ui_test_utils::NavigateToURL(browser(), GURL("https://localhost:17"));
1677 CheckUnauthenticatedState(
1678 browser()->tab_strip_model()->GetActiveWebContents(),
1679 AuthState::SHOWING_ERROR);
1680 }
1681
1682 //
1683 // Frame navigation
1684 //
1685
1686 // From a good HTTPS top frame:
1687 // - navigate to an OK HTTPS frame
1688 // - navigate to a bad HTTPS (expect unsafe content and filtered frame), then
1689 // back
1690 // - navigate to HTTP (expect insecure content), then back
1691 IN_PROC_BROWSER_TEST_F(SSLUITest, TestGoodFrameNavigation) {
1692 ASSERT_TRUE(test_server()->Start());
1693 ASSERT_TRUE(https_server_.Start());
1694 ASSERT_TRUE(https_server_expired_.Start());
1695
1696 std::string top_frame_path;
1697 ASSERT_TRUE(GetTopFramePath(*test_server(),
1698 https_server_,
1699 https_server_expired_,
1700 &top_frame_path));
1701
1702 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
1703 ui_test_utils::NavigateToURL(browser(),
1704 https_server_.GetURL(top_frame_path));
1705
1706 CheckAuthenticatedState(tab, AuthState::NONE);
1707
1708 bool success = false;
1709 // Now navigate inside the frame.
1710 {
1711 content::WindowedNotificationObserver observer(
1712 content::NOTIFICATION_LOAD_STOP,
1713 content::Source<NavigationController>(&tab->GetController()));
1714 EXPECT_TRUE(content::ExecuteScriptAndExtractBool(
1715 tab,
1716 "window.domAutomationController.send(clickLink('goodHTTPSLink'));",
1717 &success));
1718 ASSERT_TRUE(success);
1719 observer.Wait();
1720 }
1721
1722 // We should still be fine.
1723 CheckAuthenticatedState(tab, AuthState::NONE);
1724
1725 // Now let's hit a bad page.
1726 {
1727 content::WindowedNotificationObserver observer(
1728 content::NOTIFICATION_LOAD_STOP,
1729 content::Source<NavigationController>(&tab->GetController()));
1730 EXPECT_TRUE(content::ExecuteScriptAndExtractBool(
1731 tab,
1732 "window.domAutomationController.send(clickLink('badHTTPSLink'));",
1733 &success));
1734 ASSERT_TRUE(success);
1735 observer.Wait();
1736 }
1737
1738 // The security style should still be secure.
1739 CheckAuthenticatedState(tab, AuthState::NONE);
1740
1741 // And the frame should be blocked.
1742 bool is_content_evil = true;
1743 content::RenderFrameHost* content_frame = content::FrameMatchingPredicate(
1744 tab, base::Bind(&content::FrameMatchesName, "contentFrame"));
1745 std::string is_evil_js("window.domAutomationController.send("
1746 "document.getElementById('evilDiv') != null);");
1747 EXPECT_TRUE(content::ExecuteScriptAndExtractBool(content_frame,
1748 is_evil_js,
1749 &is_content_evil));
1750 EXPECT_FALSE(is_content_evil);
1751
1752 // Now go back, our state should still be OK.
1753 {
1754 content::WindowedNotificationObserver observer(
1755 content::NOTIFICATION_LOAD_STOP,
1756 content::Source<NavigationController>(&tab->GetController()));
1757 tab->GetController().GoBack();
1758 observer.Wait();
1759 }
1760 CheckAuthenticatedState(tab, AuthState::NONE);
1761
1762 // Navigate to a page served over HTTP.
1763 {
1764 content::WindowedNotificationObserver observer(
1765 content::NOTIFICATION_LOAD_STOP,
1766 content::Source<NavigationController>(&tab->GetController()));
1767 EXPECT_TRUE(content::ExecuteScriptAndExtractBool(
1768 tab,
1769 "window.domAutomationController.send(clickLink('HTTPLink'));",
1770 &success));
1771 ASSERT_TRUE(success);
1772 observer.Wait();
1773 }
1774
1775 // Our state should be unathenticated (in the ran mixed script sense)
1776 CheckAuthenticationBrokenState(
1777 tab,
1778 CertError::NONE,
1779 AuthState::DISPLAYED_INSECURE_CONTENT | AuthState::RAN_INSECURE_CONTENT);
1780
1781 // Go back, our state should be unchanged.
1782 {
1783 content::WindowedNotificationObserver observer(
1784 content::NOTIFICATION_LOAD_STOP,
1785 content::Source<NavigationController>(&tab->GetController()));
1786 tab->GetController().GoBack();
1787 observer.Wait();
1788 }
1789
1790 CheckAuthenticationBrokenState(
1791 tab,
1792 CertError::NONE,
1793 AuthState::DISPLAYED_INSECURE_CONTENT | AuthState::RAN_INSECURE_CONTENT);
1794 }
1795
1796 // From a bad HTTPS top frame:
1797 // - navigate to an OK HTTPS frame (expected to be still authentication broken).
1798 IN_PROC_BROWSER_TEST_F(SSLUITest, TestBadFrameNavigation) {
1799 ASSERT_TRUE(https_server_.Start());
1800 ASSERT_TRUE(https_server_expired_.Start());
1801
1802 std::string top_frame_path;
1803 ASSERT_TRUE(GetTopFramePath(*test_server(),
1804 https_server_,
1805 https_server_expired_,
1806 &top_frame_path));
1807
1808 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
1809 ui_test_utils::NavigateToURL(browser(),
1810 https_server_expired_.GetURL(top_frame_path));
1811 CheckAuthenticationBrokenState(
1812 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
1813
1814 ProceedThroughInterstitial(tab);
1815
1816 // Navigate to a good frame.
1817 bool success = false;
1818 content::WindowedNotificationObserver observer(
1819 content::NOTIFICATION_LOAD_STOP,
1820 content::Source<NavigationController>(&tab->GetController()));
1821 EXPECT_TRUE(content::ExecuteScriptAndExtractBool(
1822 tab,
1823 "window.domAutomationController.send(clickLink('goodHTTPSLink'));",
1824 &success));
1825 ASSERT_TRUE(success);
1826 observer.Wait();
1827
1828 // We should still be authentication broken.
1829 CheckAuthenticationBrokenState(
1830 tab, net::CERT_STATUS_DATE_INVALID, AuthState::NONE);
1831 }
1832
1833 // From an HTTP top frame, navigate to good and bad HTTPS (security state should
1834 // stay unauthenticated).
1835 // Disabled, flakily exceeds test timeout, http://crbug.com/43437.
1836 IN_PROC_BROWSER_TEST_F(SSLUITest, DISABLED_TestUnauthenticatedFrameNavigation) {
1837 ASSERT_TRUE(test_server()->Start());
1838 ASSERT_TRUE(https_server_.Start());
1839 ASSERT_TRUE(https_server_expired_.Start());
1840
1841 std::string top_frame_path;
1842 ASSERT_TRUE(GetTopFramePath(*test_server(),
1843 https_server_,
1844 https_server_expired_,
1845 &top_frame_path));
1846
1847 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
1848 ui_test_utils::NavigateToURL(browser(),
1849 test_server()->GetURL(top_frame_path));
1850 CheckUnauthenticatedState(tab, AuthState::NONE);
1851
1852 // Now navigate inside the frame to a secure HTTPS frame.
1853 {
1854 bool success = false;
1855 content::WindowedNotificationObserver observer(
1856 content::NOTIFICATION_LOAD_STOP,
1857 content::Source<NavigationController>(&tab->GetController()));
1858 EXPECT_TRUE(content::ExecuteScriptAndExtractBool(
1859 tab,
1860 "window.domAutomationController.send(clickLink('goodHTTPSLink'));",
1861 &success));
1862 ASSERT_TRUE(success);
1863 observer.Wait();
1864 }
1865
1866 // We should still be unauthenticated.
1867 CheckUnauthenticatedState(tab, AuthState::NONE);
1868
1869 // Now navigate to a bad HTTPS frame.
1870 {
1871 bool success = false;
1872 content::WindowedNotificationObserver observer(
1873 content::NOTIFICATION_LOAD_STOP,
1874 content::Source<NavigationController>(&tab->GetController()));
1875 EXPECT_TRUE(content::ExecuteScriptAndExtractBool(
1876 tab,
1877 "window.domAutomationController.send(clickLink('badHTTPSLink'));",
1878 &success));
1879 ASSERT_TRUE(success);
1880 observer.Wait();
1881 }
1882
1883 // State should not have changed.
1884 CheckUnauthenticatedState(tab, AuthState::NONE);
1885
1886 // And the frame should have been blocked (see bug #2316).
1887 bool is_content_evil = true;
1888 content::RenderFrameHost* content_frame = content::FrameMatchingPredicate(
1889 tab, base::Bind(&content::FrameMatchesName, "contentFrame"));
1890 std::string is_evil_js("window.domAutomationController.send("
1891 "document.getElementById('evilDiv') != null);");
1892 EXPECT_TRUE(content::ExecuteScriptAndExtractBool(content_frame,
1893 is_evil_js,
1894 &is_content_evil));
1895 EXPECT_FALSE(is_content_evil);
1896 }
1897
1898 IN_PROC_BROWSER_TEST_F(SSLUITest, TestUnsafeContentsInWorkerFiltered) {
1899 ASSERT_TRUE(https_server_.Start());
1900 ASSERT_TRUE(https_server_expired_.Start());
1901
1902 // This page will spawn a Worker which will try to load content from
1903 // BadCertServer.
1904 std::string page_with_unsafe_worker_path;
1905 ASSERT_TRUE(GetPageWithUnsafeWorkerPath(https_server_expired_,
1906 &page_with_unsafe_worker_path));
1907 ui_test_utils::NavigateToURL(browser(), https_server_.GetURL(
1908 page_with_unsafe_worker_path));
1909 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
1910 // Expect Worker not to load insecure content.
1911 CheckWorkerLoadResult(tab, false);
1912 // The bad content is filtered, expect the state to be authenticated.
1913 CheckAuthenticatedState(tab, AuthState::NONE);
1914 }
1915
1916 IN_PROC_BROWSER_TEST_F(SSLUITest, TestUnsafeContentsInWorker) {
1917 ASSERT_TRUE(https_server_.Start());
1918 ASSERT_TRUE(https_server_expired_.Start());
1919
1920 // Navigate to an unsafe site. Proceed with interstitial page to indicate
1921 // the user approves the bad certificate.
1922 ui_test_utils::NavigateToURL(browser(),
1923 https_server_expired_.GetURL("files/ssl/blank_page.html"));
1924 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
1925 CheckAuthenticationBrokenState(
1926 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
1927 ProceedThroughInterstitial(tab);
1928 CheckAuthenticationBrokenState(
1929 tab, net::CERT_STATUS_DATE_INVALID, AuthState::NONE);
1930
1931 // Navigate to safe page that has Worker loading unsafe content.
1932 // Expect content to load but be marked as auth broken due to running insecure
1933 // content.
1934 std::string page_with_unsafe_worker_path;
1935 ASSERT_TRUE(GetPageWithUnsafeWorkerPath(https_server_expired_,
1936 &page_with_unsafe_worker_path));
1937 ui_test_utils::NavigateToURL(browser(), https_server_.GetURL(
1938 page_with_unsafe_worker_path));
1939 CheckWorkerLoadResult(tab, true); // Worker loads insecure content
1940 CheckAuthenticationBrokenState(
1941 tab, CertError::NONE, AuthState::RAN_INSECURE_CONTENT);
1942 }
1943
1944 // Test that when the browser blocks displaying insecure content (images), the
1945 // indicator shows a secure page, because the blocking made the otherwise
1946 // unsafe page safe (the notification of this state is handled by other means).
1947 IN_PROC_BROWSER_TEST_F(SSLUITestBlock, TestBlockDisplayingInsecureImage) {
1948 ASSERT_TRUE(test_server()->Start());
1949 ASSERT_TRUE(https_server_.Start());
1950
1951 std::string replacement_path;
1952 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement(
1953 "files/ssl/page_displays_insecure_content.html",
1954 test_server()->host_port_pair(),
1955 &replacement_path));
1956
1957 ui_test_utils::NavigateToURL(browser(),
1958 https_server_.GetURL(replacement_path));
1959
1960 CheckAuthenticatedState(browser()->tab_strip_model()->GetActiveWebContents(),
1961 AuthState::NONE);
1962 }
1963
1964 // Test that when the browser blocks displaying insecure content (iframes), the
1965 // indicator shows a secure page, because the blocking made the otherwise
1966 // unsafe page safe (the notification of this state is handled by other means)
1967 IN_PROC_BROWSER_TEST_F(SSLUITestBlock, TestBlockDisplayingInsecureIframe) {
1968 ASSERT_TRUE(test_server()->Start());
1969 ASSERT_TRUE(https_server_.Start());
1970
1971 std::string replacement_path;
1972 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement(
1973 "files/ssl/page_displays_insecure_iframe.html",
1974 test_server()->host_port_pair(),
1975 &replacement_path));
1976
1977 ui_test_utils::NavigateToURL(browser(),
1978 https_server_.GetURL(replacement_path));
1979
1980 CheckAuthenticatedState(browser()->tab_strip_model()->GetActiveWebContents(),
1981 AuthState::NONE);
1982 }
1983
1984 // Test that when the browser blocks running insecure content, the
1985 // indicator shows a secure page, because the blocking made the otherwise
1986 // unsafe page safe (the notification of this state is handled by other means).
1987 IN_PROC_BROWSER_TEST_F(SSLUITestBlock, TestBlockRunningInsecureContent) {
1988 ASSERT_TRUE(test_server()->Start());
1989 ASSERT_TRUE(https_server_.Start());
1990
1991 std::string replacement_path;
1992 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement(
1993 "files/ssl/page_runs_insecure_content.html",
1994 test_server()->host_port_pair(),
1995 &replacement_path));
1996
1997 ui_test_utils::NavigateToURL(browser(),
1998 https_server_.GetURL(replacement_path));
1999
2000 CheckAuthenticatedState(browser()->tab_strip_model()->GetActiveWebContents(),
2001 AuthState::NONE);
2002 }
2003
2004 // Visit a page and establish a WebSocket connection over bad https with
2005 // --ignore-certificate-errors. The connection should be established without
2006 // interstitial page showing.
2007 IN_PROC_BROWSER_TEST_F(SSLUITestIgnoreCertErrors, TestWSS) {
2008 ASSERT_TRUE(test_server()->Start());
2009 ASSERT_TRUE(wss_server_expired_.Start());
2010
2011 // Setup page title observer.
2012 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
2013 content::TitleWatcher watcher(tab, ASCIIToUTF16("PASS"));
2014 watcher.AlsoWaitForTitle(ASCIIToUTF16("FAIL"));
2015
2016 // Visit bad HTTPS page.
2017 GURL::Replacements replacements;
2018 replacements.SetSchemeStr("https");
2019 ui_test_utils::NavigateToURL(
2020 browser(),
2021 wss_server_expired_.GetURL(
2022 "connect_check.html").ReplaceComponents(replacements));
2023
2024 // We shouldn't have an interstitial page showing here.
2025
2026 // Test page run a WebSocket wss connection test. The result will be shown
2027 // as page title.
2028 const base::string16 result = watcher.WaitAndGetTitle();
2029 EXPECT_TRUE(LowerCaseEqualsASCII(result, "pass"));
2030 }
2031
2032 // Verifies that the interstitial can proceed, even if JavaScript is disabled.
2033 // http://crbug.com/322948
2034 #if defined(OS_LINUX)
2035 // flaky http://crbug.com/396458
2036 #define MAYBE_TestInterstitialJavaScriptProceeds \
2037 DISABLED_TestInterstitialJavaScriptProceeds
2038 #else
2039 #define MAYBE_TestInterstitialJavaScriptProceeds \
2040 TestInterstitialJavaScriptProceeds
2041 #endif
2042 IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestInterstitialJavaScriptProceeds) {
2043 browser()->profile()->GetHostContentSettingsMap()->SetDefaultContentSetting(
2044 CONTENT_SETTINGS_TYPE_JAVASCRIPT, CONTENT_SETTING_BLOCK);
2045
2046 ASSERT_TRUE(https_server_expired_.Start());
2047 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
2048 ui_test_utils::NavigateToURL(browser(),
2049 https_server_expired_.GetURL("files/ssl/google.html"));
2050 CheckAuthenticationBrokenState(
2051 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
2052
2053 content::WindowedNotificationObserver observer(
2054 content::NOTIFICATION_LOAD_STOP,
2055 content::Source<NavigationController>(&tab->GetController()));
2056 InterstitialPage* interstitial_page = tab->GetInterstitialPage();
2057 ASSERT_EQ(SSLBlockingPage::kTypeForTesting,
2058 interstitial_page->GetDelegateForTesting()->GetTypeForTesting());
2059 content::RenderViewHost* interstitial_rvh =
2060 interstitial_page->GetMainFrame()->GetRenderViewHost();
2061 int result = -1;
2062 std::string javascript = base::StringPrintf(
2063 "window.domAutomationController.send(%d);",
2064 SecurityInterstitialPage::CMD_PROCEED);
2065 ASSERT_TRUE(content::ExecuteScriptAndExtractInt(
2066 interstitial_rvh, javascript, &result));
2067 // The above will hang without the fix.
2068 EXPECT_EQ(1, result);
2069 observer.Wait();
2070 CheckAuthenticationBrokenState(
2071 tab, net::CERT_STATUS_DATE_INVALID, AuthState::NONE);
2072 }
2073
2074 // Verifies that the interstitial can go back, even if JavaScript is disabled.
2075 // http://crbug.com/322948
2076 IN_PROC_BROWSER_TEST_F(SSLUITest, TestInterstitialJavaScriptGoesBack) {
2077 browser()->profile()->GetHostContentSettingsMap()->SetDefaultContentSetting(
2078 CONTENT_SETTINGS_TYPE_JAVASCRIPT, CONTENT_SETTING_BLOCK);
2079
2080 ASSERT_TRUE(https_server_expired_.Start());
2081 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
2082 ui_test_utils::NavigateToURL(browser(),
2083 https_server_expired_.GetURL("files/ssl/google.html"));
2084 CheckAuthenticationBrokenState(
2085 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
2086
2087 content::WindowedNotificationObserver observer(
2088 content::NOTIFICATION_RENDER_WIDGET_HOST_DESTROYED,
2089 content::NotificationService::AllSources());
2090 InterstitialPage* interstitial_page = tab->GetInterstitialPage();
2091 ASSERT_EQ(SSLBlockingPage::kTypeForTesting,
2092 interstitial_page->GetDelegateForTesting()->GetTypeForTesting());
2093 content::RenderViewHost* interstitial_rvh =
2094 interstitial_page->GetMainFrame()->GetRenderViewHost();
2095 int result = -1;
2096 std::string javascript = base::StringPrintf(
2097 "window.domAutomationController.send(%d);",
2098 SecurityInterstitialPage::CMD_DONT_PROCEED);
2099 ASSERT_TRUE(content::ExecuteScriptAndExtractInt(
2100 interstitial_rvh, javascript, &result));
2101 // The above will hang without the fix.
2102 EXPECT_EQ(0, result);
2103 observer.Wait();
2104 EXPECT_EQ("about:blank", tab->GetVisibleURL().spec());
2105 }
2106
2107 // Verifies that switching tabs, while showing interstitial page, will not
2108 // affect the visibility of the interestitial.
2109 // https://crbug.com/381439
2110 IN_PROC_BROWSER_TEST_F(SSLUITest, InterstitialNotAffectedByHideShow) {
2111 ASSERT_TRUE(https_server_expired_.Start());
2112 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
2113 EXPECT_TRUE(tab->GetRenderWidgetHostView()->IsShowing());
2114 ui_test_utils::NavigateToURL(
2115 browser(), https_server_expired_.GetURL("files/ssl/google.html"));
2116 CheckAuthenticationBrokenState(
2117 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
2118 EXPECT_TRUE(tab->GetRenderWidgetHostView()->IsShowing());
2119
2120 AddTabAtIndex(0,
2121 https_server_.GetURL("files/ssl/google.html"),
2122 ui::PAGE_TRANSITION_TYPED);
2123 EXPECT_EQ(2, browser()->tab_strip_model()->count());
2124 EXPECT_EQ(0, browser()->tab_strip_model()->active_index());
2125 EXPECT_EQ(tab, browser()->tab_strip_model()->GetWebContentsAt(1));
2126 EXPECT_FALSE(tab->GetRenderWidgetHostView()->IsShowing());
2127
2128 browser()->tab_strip_model()->ActivateTabAt(1, true);
2129 EXPECT_TRUE(tab->GetRenderWidgetHostView()->IsShowing());
2130 }
2131
2132 class SSLBlockingPageIDNTest : public SecurityInterstitialIDNTest {
2133 protected:
2134 // SecurityInterstitialIDNTest implementation
2135 SecurityInterstitialPage* CreateInterstitial(
2136 content::WebContents* contents,
2137 const GURL& request_url) const override {
2138 net::SSLInfo ssl_info;
2139 ssl_info.cert = new net::X509Certificate(
2140 request_url.host(), "CA", base::Time::Max(), base::Time::Max());
2141 return new SSLBlockingPage(
2142 contents, net::ERR_CERT_CONTAINS_ERRORS, ssl_info, request_url, 0,
2143 base::Time::NowFromSystemTime(), nullptr, base::Callback<void(bool)>());
2144 }
2145 };
2146
2147 IN_PROC_BROWSER_TEST_F(SSLBlockingPageIDNTest, SSLBlockingPageDecodesIDN) {
2148 EXPECT_TRUE(VerifyIDNDecoded());
2149 }
2150
2151 // TODO(jcampan): more tests to do below.
2152
2153 // Visit a page over https that contains a frame with a redirect.
2154
2155 // XMLHttpRequest insecure content in synchronous mode.
2156
2157 // XMLHttpRequest insecure content in asynchronous mode.
2158
2159 // XMLHttpRequest over bad ssl in synchronous mode.
2160
2161 // XMLHttpRequest over OK ssl in synchronous mode.