search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Cast: Stop logging kVideoFrameSentToEncoder and rename a couple events.
[chromium-blink-merge.git] / chrome / browser / ssl / ssl_browser_tests.cc
blob5ba3244b213f5aa5b7072afaacc7a7d879539b6f
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "base/command_line.h"
6 #include "base/path_service.h"
7 #include "base/prefs/pref_service.h"
8 #include "base/strings/string_util.h"
9 #include "base/strings/stringprintf.h"
10 #include "base/strings/utf_string_conversions.h"
11 #include "base/time/time.h"
12 #include "chrome/app/chrome_command_ids.h"
13 #include "chrome/browser/chrome_notification_types.h"
14 #include "chrome/browser/content_settings/host_content_settings_map.h"
15 #include "chrome/browser/profiles/profile.h"
16 #include "chrome/browser/ui/browser.h"
17 #include "chrome/browser/ui/browser_commands.h"
18 #include "chrome/browser/ui/browser_navigator.h"
19 #include "chrome/browser/ui/browser_tabstrip.h"
20 #include "chrome/browser/ui/tabs/tab_strip_model.h"
21 #include "chrome/common/chrome_paths.h"
22 #include "chrome/common/chrome_switches.h"
23 #include "chrome/common/pref_names.h"
24 #include "chrome/test/base/in_process_browser_test.h"
25 #include "chrome/test/base/ui_test_utils.h"
26 #include "components/web_modal/web_contents_modal_dialog_manager.h"
27 #include "content/public/browser/browser_context.h"
28 #include "content/public/browser/interstitial_page.h"
29 #include "content/public/browser/navigation_controller.h"
30 #include "content/public/browser/navigation_entry.h"
31 #include "content/public/browser/notification_service.h"
32 #include "content/public/browser/render_view_host.h"
33 #include "content/public/browser/web_contents.h"
34 #include "content/public/browser/web_contents_observer.h"
35 #include "content/public/common/security_style.h"
36 #include "content/public/common/ssl_status.h"
37 #include "content/public/test/browser_test_utils.h"
38 #include "content/public/test/download_test_observer.h"
39 #include "content/public/test/test_renderer_host.h"
40 #include "crypto/nss_util.h"
41 #include "net/base/crypto_module.h"
42 #include "net/base/net_errors.h"
43 #include "net/base/test_data_directory.h"
44 #include "net/cert/cert_status_flags.h"
45 #include "net/test/spawned_test_server/spawned_test_server.h"
46
47 #if defined(USE_NSS)
48 #include "net/cert/nss_cert_database.h"
49 #endif // defined(USE_NSS)
50
51 using base::ASCIIToUTF16;
52 using content::InterstitialPage;
53 using content::NavigationController;
54 using content::NavigationEntry;
55 using content::SSLStatus;
56 using content::WebContents;
57 using web_modal::WebContentsModalDialogManager;
58
59 const base::FilePath::CharType kDocRoot[] =
60 FILE_PATH_LITERAL("chrome/test/data");
61
62 namespace {
63
64 class ProvisionalLoadWaiter : public content::WebContentsObserver {
65 public:
66 explicit ProvisionalLoadWaiter(WebContents* tab)
67 : WebContentsObserver(tab), waiting_(false), seen_(false) {}
68
69 void Wait() {
70 if (seen_)
71 return;
72
73 waiting_ = true;
74 content::RunMessageLoop();
75 }
76
77 virtual void DidFailProvisionalLoad(
78 int64 frame_id,
79 const base::string16& frame_unique_name,
80 bool is_main_frame,
81 const GURL& validated_url,
82 int error_code,
83 const base::string16& error_description,
84 content::RenderViewHost* render_view_host) OVERRIDE {
85 seen_ = true;
86 if (waiting_)
87 base::MessageLoopForUI::current()->Quit();
88 }
89
90 private:
91 bool waiting_;
92 bool seen_;
93 };
94
95 namespace AuthState {
96
97 enum AuthStateFlags {
98 NONE = 0,
99 DISPLAYED_INSECURE_CONTENT = 1 << 0,
100 RAN_INSECURE_CONTENT = 1 << 1,
101 SHOWING_INTERSTITIAL = 1 << 2
102 };
103
104 void Check(const NavigationEntry& entry, int expected_authentication_state) {
105 EXPECT_EQ(!!(expected_authentication_state & AuthState::SHOWING_INTERSTITIAL)
106 ? content::PAGE_TYPE_INTERSTITIAL
107 : content::PAGE_TYPE_NORMAL,
108 entry.GetPageType());
109
110 bool displayed_insecure_content =
111 !!(entry.GetSSL().content_status & SSLStatus::DISPLAYED_INSECURE_CONTENT);
112 EXPECT_EQ(
113 !!(expected_authentication_state & AuthState::DISPLAYED_INSECURE_CONTENT),
114 displayed_insecure_content);
115
116 bool ran_insecure_content =
117 !!(entry.GetSSL().content_status & SSLStatus::RAN_INSECURE_CONTENT);
118 EXPECT_EQ(!!(expected_authentication_state & AuthState::RAN_INSECURE_CONTENT),
119 ran_insecure_content);
120 }
121
122 } // namespace AuthState
123
124 namespace SecurityStyle {
125
126 void Check(const NavigationEntry& entry,
127 content::SecurityStyle expected_security_style) {
128 EXPECT_EQ(expected_security_style, entry.GetSSL().security_style);
129 }
130
131 } // namespace SecurityStyle
132
133 namespace CertError {
134
135 enum CertErrorFlags {
136 NONE = 0
137 };
138
139 void Check(const NavigationEntry& entry, net::CertStatus error) {
140 if (error) {
141 EXPECT_EQ(error, entry.GetSSL().cert_status & error);
142 net::CertStatus extra_cert_errors =
143 error ^ (entry.GetSSL().cert_status & net::CERT_STATUS_ALL_ERRORS);
144 if (extra_cert_errors)
145 LOG(WARNING) << "Got unexpected cert error: " << extra_cert_errors;
146 } else {
147 EXPECT_EQ(0U, entry.GetSSL().cert_status & net::CERT_STATUS_ALL_ERRORS);
148 }
149 }
150
151 } // namespace CertError
152
153 void CheckSecurityState(WebContents* tab,
154 net::CertStatus error,
155 content::SecurityStyle expected_security_style,
156 int expected_authentication_state) {
157 ASSERT_FALSE(tab->IsCrashed());
158 NavigationEntry* entry = tab->GetController().GetActiveEntry();
159 ASSERT_TRUE(entry);
160 CertError::Check(*entry, error);
161 SecurityStyle::Check(*entry, expected_security_style);
162 AuthState::Check(*entry, expected_authentication_state);
163 }
164
165 } // namespace
166
167 class SSLUITest : public InProcessBrowserTest {
168 public:
169 SSLUITest()
170 : https_server_(net::SpawnedTestServer::TYPE_HTTPS,
171 SSLOptions(SSLOptions::CERT_OK),
172 base::FilePath(kDocRoot)),
173 https_server_expired_(net::SpawnedTestServer::TYPE_HTTPS,
174 SSLOptions(SSLOptions::CERT_EXPIRED),
175 base::FilePath(kDocRoot)),
176 https_server_mismatched_(net::SpawnedTestServer::TYPE_HTTPS,
177 SSLOptions(SSLOptions::CERT_MISMATCHED_NAME),
178 base::FilePath(kDocRoot)),
179 wss_server_expired_(net::SpawnedTestServer::TYPE_WSS,
180 SSLOptions(SSLOptions::CERT_EXPIRED),
181 net::GetWebSocketTestDataDirectory()) {}
182
183 virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE {
184 // Browser will both run and display insecure content.
185 command_line->AppendSwitch(switches::kAllowRunningInsecureContent);
186 // Use process-per-site so that navigating to a same-site page in a
187 // new tab will use the same process.
188 command_line->AppendSwitch(switches::kProcessPerSite);
189 }
190
191 void CheckAuthenticatedState(WebContents* tab,
192 int expected_authentication_state) {
193 CheckSecurityState(tab,
194 CertError::NONE,
195 content::SECURITY_STYLE_AUTHENTICATED,
196 expected_authentication_state);
197 }
198
199 void CheckUnauthenticatedState(WebContents* tab) {
200 CheckSecurityState(tab,
201 CertError::NONE,
202 content::SECURITY_STYLE_UNAUTHENTICATED,
203 AuthState::NONE);
204 }
205
206 void CheckAuthenticationBrokenState(WebContents* tab,
207 net::CertStatus error,
208 int expected_authentication_state) {
209 CheckSecurityState(tab,
210 error,
211 content::SECURITY_STYLE_AUTHENTICATION_BROKEN,
212 expected_authentication_state);
213 // CERT_STATUS_UNABLE_TO_CHECK_REVOCATION doesn't lower the security style
214 // to SECURITY_STYLE_AUTHENTICATION_BROKEN.
215 ASSERT_NE(net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION, error);
216 }
217
218 void CheckWorkerLoadResult(WebContents* tab, bool expected_load) {
219 // Workers are async and we don't have notifications for them passing
220 // messages since they do it between renderer and worker processes.
221 // So have a polling loop, check every 200ms, timeout at 30s.
222 const int kTimeoutMS = 200;
223 base::Time time_to_quit = base::Time::Now() +
224 base::TimeDelta::FromMilliseconds(30000);
225
226 while (base::Time::Now() < time_to_quit) {
227 bool worker_finished = false;
228 ASSERT_TRUE(content::ExecuteScriptAndExtractBool(
229 tab,
230 "window.domAutomationController.send(IsWorkerFinished());",
231 &worker_finished));
232
233 if (worker_finished)
234 break;
235
236 // Wait a bit.
237 base::MessageLoop::current()->PostDelayedTask(
238 FROM_HERE,
239 base::MessageLoop::QuitClosure(),
240 base::TimeDelta::FromMilliseconds(kTimeoutMS));
241 content::RunMessageLoop();
242 }
243
244 bool actually_loaded_content = false;
245 ASSERT_TRUE(content::ExecuteScriptAndExtractBool(
246 tab,
247 "window.domAutomationController.send(IsContentLoaded());",
248 &actually_loaded_content));
249 EXPECT_EQ(expected_load, actually_loaded_content);
250 }
251
252 void ProceedThroughInterstitial(WebContents* tab) {
253 InterstitialPage* interstitial_page = tab->GetInterstitialPage();
254 ASSERT_TRUE(interstitial_page);
255 content::WindowedNotificationObserver observer(
256 content::NOTIFICATION_LOAD_STOP,
257 content::Source<NavigationController>(&tab->GetController()));
258 interstitial_page->Proceed();
259 observer.Wait();
260 }
261
262 bool IsShowingWebContentsModalDialog() const {
263 return WebContentsModalDialogManager::FromWebContents(
264 browser()->tab_strip_model()->GetActiveWebContents())->
265 IsDialogActive();
266 }
267
268 static bool GetFilePathWithHostAndPortReplacement(
269 const std::string& original_file_path,
270 const net::HostPortPair& host_port_pair,
271 std::string* replacement_path) {
272 std::vector<net::SpawnedTestServer::StringPair> replacement_text;
273 replacement_text.push_back(
274 make_pair("REPLACE_WITH_HOST_AND_PORT", host_port_pair.ToString()));
275 return net::SpawnedTestServer::GetFilePathWithReplacements(
276 original_file_path, replacement_text, replacement_path);
277 }
278
279 static bool GetTopFramePath(const net::SpawnedTestServer& http_server,
280 const net::SpawnedTestServer& good_https_server,
281 const net::SpawnedTestServer& bad_https_server,
282 std::string* top_frame_path) {
283 // The "frame_left.html" page contained in the top_frame.html page contains
284 // <a href>'s to three different servers. This sets up all of the
285 // replacement text to work with test servers which listen on ephemeral
286 // ports.
287 GURL http_url = http_server.GetURL("files/ssl/google.html");
288 GURL good_https_url = good_https_server.GetURL("files/ssl/google.html");
289 GURL bad_https_url = bad_https_server.GetURL(
290 "files/ssl/bad_iframe.html");
291
292 std::vector<net::SpawnedTestServer::StringPair> replacement_text_frame_left;
293 replacement_text_frame_left.push_back(
294 make_pair("REPLACE_WITH_HTTP_PAGE", http_url.spec()));
295 replacement_text_frame_left.push_back(
296 make_pair("REPLACE_WITH_GOOD_HTTPS_PAGE", good_https_url.spec()));
297 replacement_text_frame_left.push_back(
298 make_pair("REPLACE_WITH_BAD_HTTPS_PAGE", bad_https_url.spec()));
299 std::string frame_left_path;
300 if (!net::SpawnedTestServer::GetFilePathWithReplacements(
301 "frame_left.html",
302 replacement_text_frame_left,
303 &frame_left_path))
304 return false;
305
306 // Substitute the generated frame_left URL into the top_frame page.
307 std::vector<net::SpawnedTestServer::StringPair> replacement_text_top_frame;
308 replacement_text_top_frame.push_back(
309 make_pair("REPLACE_WITH_FRAME_LEFT_PATH", frame_left_path));
310 return net::SpawnedTestServer::GetFilePathWithReplacements(
311 "files/ssl/top_frame.html",
312 replacement_text_top_frame,
313 top_frame_path);
314 }
315
316 static bool GetPageWithUnsafeWorkerPath(
317 const net::SpawnedTestServer& expired_https_server,
318 std::string* page_with_unsafe_worker_path) {
319 // Get the "imported.js" URL from the expired https server and
320 // substitute it into the unsafe_worker.js file.
321 GURL imported_js_url = expired_https_server.GetURL("files/ssl/imported.js");
322 std::vector<net::SpawnedTestServer::StringPair>
323 replacement_text_for_unsafe_worker;
324 replacement_text_for_unsafe_worker.push_back(
325 make_pair("REPLACE_WITH_IMPORTED_JS_URL", imported_js_url.spec()));
326 std::string unsafe_worker_path;
327 if (!net::SpawnedTestServer::GetFilePathWithReplacements(
328 "unsafe_worker.js",
329 replacement_text_for_unsafe_worker,
330 &unsafe_worker_path))
331 return false;
332
333 // Now, substitute this into the page with unsafe worker.
334 std::vector<net::SpawnedTestServer::StringPair>
335 replacement_text_for_page_with_unsafe_worker;
336 replacement_text_for_page_with_unsafe_worker.push_back(
337 make_pair("REPLACE_WITH_UNSAFE_WORKER_PATH", unsafe_worker_path));
338 return net::SpawnedTestServer::GetFilePathWithReplacements(
339 "files/ssl/page_with_unsafe_worker.html",
340 replacement_text_for_page_with_unsafe_worker,
341 page_with_unsafe_worker_path);
342 }
343
344 net::SpawnedTestServer https_server_;
345 net::SpawnedTestServer https_server_expired_;
346 net::SpawnedTestServer https_server_mismatched_;
347 net::SpawnedTestServer wss_server_expired_;
348
349 private:
350 typedef net::SpawnedTestServer::SSLOptions SSLOptions;
351
352 DISALLOW_COPY_AND_ASSIGN(SSLUITest);
353 };
354
355 class SSLUITestBlock : public SSLUITest {
356 public:
357 SSLUITestBlock() : SSLUITest() {}
358
359 // Browser will neither run nor display insecure content.
360 virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE {
361 command_line->AppendSwitch(switches::kNoDisplayingInsecureContent);
362 }
363 };
364
365 class SSLUITestIgnoreCertErrors : public SSLUITest {
366 public:
367 SSLUITestIgnoreCertErrors() : SSLUITest() {}
368
369 virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE {
370 // Browser will ignore certificate errors.
371 command_line->AppendSwitch(switches::kIgnoreCertificateErrors);
372 }
373 };
374
375 // Visits a regular page over http.
376 IN_PROC_BROWSER_TEST_F(SSLUITest, TestHTTP) {
377 ASSERT_TRUE(test_server()->Start());
378
379 ui_test_utils::NavigateToURL(browser(),
380 test_server()->GetURL("files/ssl/google.html"));
381
382 CheckUnauthenticatedState(
383 browser()->tab_strip_model()->GetActiveWebContents());
384 }
385
386 // Visits a page over http which includes broken https resources (status should
387 // be OK).
388 // TODO(jcampan): test that bad HTTPS content is blocked (otherwise we'll give
389 // the secure cookies away!).
390 IN_PROC_BROWSER_TEST_F(SSLUITest, TestHTTPWithBrokenHTTPSResource) {
391 ASSERT_TRUE(test_server()->Start());
392 ASSERT_TRUE(https_server_expired_.Start());
393
394 std::string replacement_path;
395 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement(
396 "files/ssl/page_with_unsafe_contents.html",
397 https_server_expired_.host_port_pair(),
398 &replacement_path));
399
400 ui_test_utils::NavigateToURL(
401 browser(), test_server()->GetURL(replacement_path));
402
403 CheckUnauthenticatedState(
404 browser()->tab_strip_model()->GetActiveWebContents());
405 }
406
407 IN_PROC_BROWSER_TEST_F(SSLUITest, TestBrokenHTTPSWithInsecureContent) {
408 ASSERT_TRUE(test_server()->Start());
409 ASSERT_TRUE(https_server_expired_.Start());
410
411 std::string replacement_path;
412 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement(
413 "files/ssl/page_displays_insecure_content.html",
414 test_server()->host_port_pair(),
415 &replacement_path));
416
417 ui_test_utils::NavigateToURL(browser(),
418 https_server_expired_.GetURL(replacement_path));
419
420 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
421 CheckAuthenticationBrokenState(
422 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
423
424 ProceedThroughInterstitial(tab);
425
426 CheckAuthenticationBrokenState(tab,
427 net::CERT_STATUS_DATE_INVALID,
428 AuthState::DISPLAYED_INSECURE_CONTENT);
429 }
430
431 // http://crbug.com/91745
432 #if defined(OS_CHROMEOS)
433 #define MAYBE_TestOKHTTPS DISABLED_TestOKHTTPS
434 #else
435 #define MAYBE_TestOKHTTPS TestOKHTTPS
436 #endif
437
438 // Visits a page over OK https:
439 IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestOKHTTPS) {
440 ASSERT_TRUE(https_server_.Start());
441
442 ui_test_utils::NavigateToURL(browser(),
443 https_server_.GetURL("files/ssl/google.html"));
444
445 CheckAuthenticatedState(browser()->tab_strip_model()->GetActiveWebContents(),
446 AuthState::NONE);
447 }
448
449 // Visits a page with https error and proceed:
450 IN_PROC_BROWSER_TEST_F(SSLUITest, TestHTTPSExpiredCertAndProceed) {
451 ASSERT_TRUE(https_server_expired_.Start());
452
453 ui_test_utils::NavigateToURL(browser(),
454 https_server_expired_.GetURL("files/ssl/google.html"));
455
456 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
457 CheckAuthenticationBrokenState(
458 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
459
460 ProceedThroughInterstitial(tab);
461
462 CheckAuthenticationBrokenState(
463 tab, net::CERT_STATUS_DATE_INVALID, AuthState::NONE);
464 }
465
466 #ifndef NEDBUG
467 // Flaky on Windows debug (http://crbug.com/280537).
468 #define MAYBE_TestHTTPSExpiredCertAndDontProceed \
469 DISABLED_TestHTTPSExpiredCertAndDontProceed
470 #else
471 #define MAYBE_TestHTTPSExpiredCertAndDontProceed \
472 TestHTTPSExpiredCertAndDontProceed
473 #endif
474
475 // Visits a page with https error and don't proceed (and ensure we can still
476 // navigate at that point):
477 IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestHTTPSExpiredCertAndDontProceed) {
478 ASSERT_TRUE(test_server()->Start());
479 ASSERT_TRUE(https_server_.Start());
480 ASSERT_TRUE(https_server_expired_.Start());
481
482 // First navigate to an OK page.
483 ui_test_utils::NavigateToURL(browser(),
484 https_server_.GetURL("files/ssl/google.html"));
485
486 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
487 NavigationEntry* entry = tab->GetController().GetActiveEntry();
488 ASSERT_TRUE(entry);
489
490 GURL cross_site_url =
491 https_server_expired_.GetURL("files/ssl/google.html");
492 // Change the host name from 127.0.0.1 to localhost so it triggers a
493 // cross-site navigation so we can test http://crbug.com/5800 is gone.
494 ASSERT_EQ("127.0.0.1", cross_site_url.host());
495 GURL::Replacements replacements;
496 std::string new_host("localhost");
497 replacements.SetHostStr(new_host);
498 cross_site_url = cross_site_url.ReplaceComponents(replacements);
499
500 // Now go to a bad HTTPS page.
501 ui_test_utils::NavigateToURL(browser(), cross_site_url);
502
503 // An interstitial should be showing.
504 CheckAuthenticationBrokenState(tab,
505 net::CERT_STATUS_COMMON_NAME_INVALID,
506 AuthState::SHOWING_INTERSTITIAL);
507
508 // Simulate user clicking "Take me back".
509 InterstitialPage* interstitial_page = tab->GetInterstitialPage();
510 ASSERT_TRUE(interstitial_page);
511 interstitial_page->DontProceed();
512
513 // We should be back to the original good page.
514 CheckAuthenticatedState(tab, AuthState::NONE);
515
516 // Try to navigate to a new page. (to make sure bug 5800 is fixed).
517 ui_test_utils::NavigateToURL(browser(),
518 test_server()->GetURL("files/ssl/google.html"));
519 CheckUnauthenticatedState(tab);
520 }
521
522 // Visits a page with https error and then goes back using Browser::GoBack.
523 IN_PROC_BROWSER_TEST_F(SSLUITest,
524 TestHTTPSExpiredCertAndGoBackViaButton) {
525 ASSERT_TRUE(test_server()->Start());
526 ASSERT_TRUE(https_server_expired_.Start());
527
528 // First navigate to an HTTP page.
529 ui_test_utils::NavigateToURL(browser(),
530 test_server()->GetURL("files/ssl/google.html"));
531 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
532 NavigationEntry* entry = tab->GetController().GetActiveEntry();
533 ASSERT_TRUE(entry);
534
535 // Now go to a bad HTTPS page that shows an interstitial.
536 ui_test_utils::NavigateToURL(browser(),
537 https_server_expired_.GetURL("files/ssl/google.html"));
538 CheckAuthenticationBrokenState(
539 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
540
541 ProvisionalLoadWaiter load_failed_observer(tab);
542
543 // Simulate user clicking on back button (crbug.com/39248).
544 chrome::GoBack(browser(), CURRENT_TAB);
545
546 // Wait until we hear the load failure, and make sure we haven't swapped out
547 // the previous page. Prevents regression of http://crbug.com/82667.
548 load_failed_observer.Wait();
549 EXPECT_FALSE(content::RenderViewHostTester::IsRenderViewHostSwappedOut(
550 tab->GetRenderViewHost()));
551
552 // We should be back at the original good page.
553 EXPECT_FALSE(browser()->tab_strip_model()->GetActiveWebContents()->
554 GetInterstitialPage());
555 CheckUnauthenticatedState(tab);
556 }
557
558 // Visits a page with https error and then goes back using GoToOffset.
559 // Disabled because its flaky: http://crbug.com/40932, http://crbug.com/43575.
560 IN_PROC_BROWSER_TEST_F(SSLUITest,
561 TestHTTPSExpiredCertAndGoBackViaMenu) {
562 ASSERT_TRUE(test_server()->Start());
563 ASSERT_TRUE(https_server_expired_.Start());
564
565 // First navigate to an HTTP page.
566 ui_test_utils::NavigateToURL(browser(),
567 test_server()->GetURL("files/ssl/google.html"));
568 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
569 NavigationEntry* entry = tab->GetController().GetActiveEntry();
570 ASSERT_TRUE(entry);
571
572 // Now go to a bad HTTPS page that shows an interstitial.
573 ui_test_utils::NavigateToURL(browser(),
574 https_server_expired_.GetURL("files/ssl/google.html"));
575 CheckAuthenticationBrokenState(
576 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
577
578 // Simulate user clicking and holding on back button (crbug.com/37215).
579 tab->GetController().GoToOffset(-1);
580
581 // We should be back at the original good page.
582 EXPECT_FALSE(browser()->tab_strip_model()->GetActiveWebContents()->
583 GetInterstitialPage());
584 CheckUnauthenticatedState(tab);
585 }
586
587 // Visits a page with https error and then goes forward using GoToOffset.
588 IN_PROC_BROWSER_TEST_F(SSLUITest, TestHTTPSExpiredCertAndGoForward) {
589 ASSERT_TRUE(test_server()->Start());
590 ASSERT_TRUE(https_server_expired_.Start());
591
592 // First navigate to two HTTP pages.
593 ui_test_utils::NavigateToURL(browser(),
594 test_server()->GetURL("files/ssl/google.html"));
595 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
596 NavigationEntry* entry1 = tab->GetController().GetActiveEntry();
597 ASSERT_TRUE(entry1);
598 ui_test_utils::NavigateToURL(browser(),
599 test_server()->GetURL("files/ssl/blank_page.html"));
600 NavigationEntry* entry2 = tab->GetController().GetActiveEntry();
601 ASSERT_TRUE(entry2);
602
603 // Now go back so that a page is in the forward history.
604 {
605 content::WindowedNotificationObserver observer(
606 content::NOTIFICATION_LOAD_STOP,
607 content::Source<NavigationController>(&tab->GetController()));
608 tab->GetController().GoBack();
609 observer.Wait();
610 }
611 ASSERT_TRUE(tab->GetController().CanGoForward());
612 NavigationEntry* entry3 = tab->GetController().GetActiveEntry();
613 ASSERT_TRUE(entry1 == entry3);
614
615 // Now go to a bad HTTPS page that shows an interstitial.
616 ui_test_utils::NavigateToURL(browser(),
617 https_server_expired_.GetURL("files/ssl/google.html"));
618 CheckAuthenticationBrokenState(
619 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
620
621 // Simulate user clicking and holding on forward button.
622 {
623 content::WindowedNotificationObserver observer(
624 content::NOTIFICATION_LOAD_STOP,
625 content::Source<NavigationController>(&tab->GetController()));
626 tab->GetController().GoToOffset(1);
627 observer.Wait();
628 }
629
630 // We should be showing the second good page.
631 EXPECT_FALSE(browser()->tab_strip_model()->GetActiveWebContents()->
632 GetInterstitialPage());
633 CheckUnauthenticatedState(tab);
634 EXPECT_FALSE(tab->GetController().CanGoForward());
635 NavigationEntry* entry4 = tab->GetController().GetActiveEntry();
636 EXPECT_TRUE(entry2 == entry4);
637 }
638
639 // Visit a HTTP page which request WSS connection to a server providing invalid
640 // certificate. Close the page while WSS connection waits for SSLManager's
641 // response from UI thread.
642 // Disabled on Windows because it was flaking on XP Tests (1). crbug.com/165258
643 // Disabled under LeakSanitizer due to memory leaks. http://crbug.com/317363
644 #if defined(OS_WIN) || defined(LEAK_SANITIZER)
645 #define MAYBE_TestWSSInvalidCertAndClose DISABLED_TestWSSInvalidCertAndClose
646 #else
647 #define MAYBE_TestWSSInvalidCertAndClose TestWSSInvalidCertAndClose
648 #endif
649 IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestWSSInvalidCertAndClose) {
650 ASSERT_TRUE(test_server()->Start());
651 ASSERT_TRUE(wss_server_expired_.Start());
652
653 // Setup page title observer.
654 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
655 content::TitleWatcher watcher(tab, ASCIIToUTF16("PASS"));
656 watcher.AlsoWaitForTitle(ASCIIToUTF16("FAIL"));
657
658 // Create GURLs to test pages.
659 std::string master_url_path = base::StringPrintf("%s?%d",
660 test_server()->GetURL("files/ssl/wss_close.html").spec().c_str(),
661 wss_server_expired_.host_port_pair().port());
662 GURL master_url(master_url_path);
663 std::string slave_url_path = base::StringPrintf("%s?%d",
664 test_server()->GetURL("files/ssl/wss_close_slave.html").spec().c_str(),
665 wss_server_expired_.host_port_pair().port());
666 GURL slave_url(slave_url_path);
667
668 // Create tabs and visit pages which keep on creating wss connections.
669 WebContents* tabs[16];
670 for (int i = 0; i < 16; ++i) {
671 tabs[i] = chrome::AddSelectedTabWithURL(browser(), slave_url,
672 content::PAGE_TRANSITION_LINK);
673 }
674 chrome::SelectNextTab(browser());
675
676 // Visit a page which waits for one TLS handshake failure.
677 // The title will be changed to 'PASS'.
678 ui_test_utils::NavigateToURL(browser(), master_url);
679 const base::string16 result = watcher.WaitAndGetTitle();
680 EXPECT_TRUE(LowerCaseEqualsASCII(result, "pass"));
681
682 // Close tabs which contains the test page.
683 for (int i = 0; i < 16; ++i)
684 chrome::CloseWebContents(browser(), tabs[i], false);
685 chrome::CloseWebContents(browser(), tab, false);
686 }
687
688 // Visit a HTTPS page and proceeds despite an invalid certificate. The page
689 // requests WSS connection to the same origin host to check if WSS connection
690 // share certificates policy with HTTPS correcly.
691 IN_PROC_BROWSER_TEST_F(SSLUITest, TestWSSInvalidCertAndGoForward) {
692 ASSERT_TRUE(test_server()->Start());
693 ASSERT_TRUE(wss_server_expired_.Start());
694
695 // Setup page title observer.
696 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
697 content::TitleWatcher watcher(tab, ASCIIToUTF16("PASS"));
698 watcher.AlsoWaitForTitle(ASCIIToUTF16("FAIL"));
699
700 // Visit bad HTTPS page.
701 std::string scheme("https");
702 GURL::Replacements replacements;
703 replacements.SetSchemeStr(scheme);
704 ui_test_utils::NavigateToURL(
705 browser(),
706 wss_server_expired_.GetURL(
707 "connect_check.html").ReplaceComponents(replacements));
708 CheckAuthenticationBrokenState(
709 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
710
711 // Proceed anyway.
712 ProceedThroughInterstitial(tab);
713
714 // Test page run a WebSocket wss connection test. The result will be shown
715 // as page title.
716 const base::string16 result = watcher.WaitAndGetTitle();
717 EXPECT_TRUE(LowerCaseEqualsASCII(result, "pass"));
718 }
719
720 #if defined(USE_NSS)
721 // SSL client certificate tests are only enabled when using NSS for private key
722 // storage, as only NSS can avoid modifying global machine state when testing.
723 // See http://crbug.com/51132
724
725 // Visit a HTTPS page which requires client cert authentication. The client
726 // cert will be selected automatically, then a test which uses WebSocket runs.
727 // Disabled: http://crbug.com/159985
728 IN_PROC_BROWSER_TEST_F(SSLUITest, DISABLED_TestWSSClientCert) {
729 // Open a temporary NSS DB for testing.
730 crypto::ScopedTestNSSDB test_nssdb;
731 ASSERT_TRUE(test_nssdb.is_open());
732
733 // Import client cert for test. These interfaces require NSS.
734 net::NSSCertDatabase* cert_db = net::NSSCertDatabase::GetInstance();
735 scoped_refptr<net::CryptoModule> crypt_module = cert_db->GetPublicModule();
736 std::string pkcs12_data;
737 base::FilePath cert_path = net::GetTestCertsDirectory().Append(
738 FILE_PATH_LITERAL("websocket_client_cert.p12"));
739 EXPECT_TRUE(base::ReadFileToString(cert_path, &pkcs12_data));
740 EXPECT_EQ(net::OK,
741 cert_db->ImportFromPKCS12(
742 crypt_module.get(), pkcs12_data, base::string16(), true, NULL));
743
744 // Start WebSocket test server with TLS and client cert authentication.
745 net::SpawnedTestServer::SSLOptions options(
746 net::SpawnedTestServer::SSLOptions::CERT_OK);
747 options.request_client_certificate = true;
748 base::FilePath ca_path = net::GetTestCertsDirectory().Append(
749 FILE_PATH_LITERAL("websocket_cacert.pem"));
750 options.client_authorities.push_back(ca_path);
751 net::SpawnedTestServer wss_server(net::SpawnedTestServer::TYPE_WSS,
752 options,
753 net::GetWebSocketTestDataDirectory());
754 ASSERT_TRUE(wss_server.Start());
755 std::string scheme("https");
756 GURL::Replacements replacements;
757 replacements.SetSchemeStr(scheme);
758 GURL url = wss_server.GetURL("connect_check.html").ReplaceComponents(
759 replacements);
760
761 // Setup page title observer.
762 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
763 content::TitleWatcher watcher(tab, ASCIIToUTF16("PASS"));
764 watcher.AlsoWaitForTitle(ASCIIToUTF16("FAIL"));
765
766 // Add an entry into AutoSelectCertificateForUrls policy for automatic client
767 // cert selection.
768 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext());
769 DCHECK(profile);
770 scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
771 dict->SetString("ISSUER.CN", "pywebsocket");
772 profile->GetHostContentSettingsMap()->SetWebsiteSetting(
773 ContentSettingsPattern::FromURL(url),
774 ContentSettingsPattern::FromURL(url),
775 CONTENT_SETTINGS_TYPE_AUTO_SELECT_CERTIFICATE,
776 std::string(),
777 dict.release());
778
779 // Visit a HTTPS page which requires client certs.
780 ui_test_utils::NavigateToURL(browser(), url);
781 CheckAuthenticatedState(tab, AuthState::NONE);
782
783 // Test page runs a WebSocket wss connection test. The result will be shown
784 // as page title.
785 const base::string16 result = watcher.WaitAndGetTitle();
786 EXPECT_TRUE(LowerCaseEqualsASCII(result, "pass"));
787 }
788 #endif // defined(USE_NSS)
789
790 // Flaky on CrOS http://crbug.com/92292
791 #if defined(OS_CHROMEOS)
792 #define MAYBE_TestHTTPSErrorWithNoNavEntry \
793 DISABLED_TestHTTPSErrorWithNoNavEntry
794 #else
795 #define MAYBE_TestHTTPSErrorWithNoNavEntry TestHTTPSErrorWithNoNavEntry
796 #endif // defined(OS_CHROMEOS)
797
798 // Open a page with a HTTPS error in a tab with no prior navigation (through a
799 // link with a blank target). This is to test that the lack of navigation entry
800 // does not cause any problems (it was causing a crasher, see
801 // http://crbug.com/19941).
802 IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestHTTPSErrorWithNoNavEntry) {
803 ASSERT_TRUE(https_server_expired_.Start());
804
805 GURL url = https_server_expired_.GetURL("files/ssl/google.htm");
806 WebContents* tab2 = chrome::AddSelectedTabWithURL(
807 browser(), url, content::PAGE_TRANSITION_TYPED);
808 content::WaitForLoadStop(tab2);
809
810 // Verify our assumption that there was no prior navigation.
811 EXPECT_FALSE(chrome::CanGoBack(browser()));
812
813 // We should have an interstitial page showing.
814 ASSERT_TRUE(tab2->GetInterstitialPage());
815 }
816
817 IN_PROC_BROWSER_TEST_F(SSLUITest, TestBadHTTPSDownload) {
818 ASSERT_TRUE(test_server()->Start());
819 ASSERT_TRUE(https_server_expired_.Start());
820 GURL url_non_dangerous = test_server()->GetURL(std::string());
821 GURL url_dangerous =
822 https_server_expired_.GetURL("files/downloads/dangerous/dangerous.exe");
823 base::ScopedTempDir downloads_directory_;
824
825 // Need empty temp dir to avoid having Chrome ask us for a new filename
826 // when we've downloaded dangerous.exe one hundred times.
827 ASSERT_TRUE(downloads_directory_.CreateUniqueTempDir());
828
829 browser()->profile()->GetPrefs()->SetFilePath(
830 prefs::kDownloadDefaultDirectory,
831 downloads_directory_.path());
832
833 // Visit a non-dangerous page.
834 ui_test_utils::NavigateToURL(browser(), url_non_dangerous);
835
836 // Now, start a transition to dangerous download.
837 {
838 content::WindowedNotificationObserver observer(
839 content::NOTIFICATION_LOAD_STOP,
840 content::NotificationService::AllSources());
841 chrome::NavigateParams navigate_params(browser(), url_dangerous,
842 content::PAGE_TRANSITION_TYPED);
843 chrome::Navigate(&navigate_params);
844 observer.Wait();
845 }
846
847 // To exit the browser cleanly (and this test) we need to complete the
848 // download after completing this test.
849 content::DownloadTestObserverTerminal dangerous_download_observer(
850 content::BrowserContext::GetDownloadManager(browser()->profile()),
851 1,
852 content::DownloadTestObserver::ON_DANGEROUS_DOWNLOAD_ACCEPT);
853
854 // Proceed through the SSL interstitial. This doesn't use
855 // |ProceedThroughInterstitial| since no page load will commit.
856 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
857 ASSERT_TRUE(tab != NULL);
858 ASSERT_TRUE(tab->GetInterstitialPage() != NULL);
859 {
860 content::WindowedNotificationObserver observer(
861 chrome::NOTIFICATION_DOWNLOAD_INITIATED,
862 content::NotificationService::AllSources());
863 tab->GetInterstitialPage()->Proceed();
864 observer.Wait();
865 }
866
867 // There should still be an interstitial at this point. Press the
868 // back button on the browser. Note that this doesn't wait for a
869 // NAV_ENTRY_COMMITTED notification because going back with an
870 // active interstitial simply hides the interstitial.
871 ASSERT_TRUE(tab->GetInterstitialPage() != NULL);
872 EXPECT_TRUE(chrome::CanGoBack(browser()));
873 chrome::GoBack(browser(), CURRENT_TAB);
874
875 dangerous_download_observer.WaitForFinished();
876 }
877
878 //
879 // Insecure content
880 //
881
882 #if defined(OS_WIN)
883 // http://crbug.com/152940 Flaky on win.
884 #define MAYBE_TestDisplaysInsecureContent DISABLED_TestDisplaysInsecureContent
885 #else
886 #define MAYBE_TestDisplaysInsecureContent TestDisplaysInsecureContent
887 #endif
888
889 // Visits a page that displays insecure content.
890 IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestDisplaysInsecureContent) {
891 ASSERT_TRUE(test_server()->Start());
892 ASSERT_TRUE(https_server_.Start());
893
894 std::string replacement_path;
895 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement(
896 "files/ssl/page_displays_insecure_content.html",
897 test_server()->host_port_pair(),
898 &replacement_path));
899
900 // Load a page that displays insecure content.
901 ui_test_utils::NavigateToURL(browser(),
902 https_server_.GetURL(replacement_path));
903
904 CheckAuthenticatedState(browser()->tab_strip_model()->GetActiveWebContents(),
905 AuthState::DISPLAYED_INSECURE_CONTENT);
906 }
907
908 // Visits a page that runs insecure content and tries to suppress the insecure
909 // content warnings by randomizing location.hash.
910 // Based on http://crbug.com/8706
911 IN_PROC_BROWSER_TEST_F(SSLUITest,
912 TestRunsInsecuredContentRandomizeHash) {
913 ASSERT_TRUE(test_server()->Start());
914 ASSERT_TRUE(https_server_.Start());
915
916 ui_test_utils::NavigateToURL(browser(), https_server_.GetURL(
917 "files/ssl/page_runs_insecure_content.html"));
918
919 CheckAuthenticationBrokenState(
920 browser()->tab_strip_model()->GetActiveWebContents(),
921 CertError::NONE,
922 AuthState::DISPLAYED_INSECURE_CONTENT | AuthState::RAN_INSECURE_CONTENT);
923 }
924
925 // Visits a page with unsafe content and make sure that:
926 // - frames content is replaced with warning
927 // - images and scripts are filtered out entirely
928 IN_PROC_BROWSER_TEST_F(SSLUITest, TestUnsafeContents) {
929 ASSERT_TRUE(https_server_.Start());
930 ASSERT_TRUE(https_server_expired_.Start());
931
932 std::string replacement_path;
933 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement(
934 "files/ssl/page_with_unsafe_contents.html",
935 https_server_expired_.host_port_pair(),
936 &replacement_path));
937 ui_test_utils::NavigateToURL(browser(),
938 https_server_.GetURL(replacement_path));
939
940 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
941 // When the bad content is filtered, the state is expected to be
942 // authenticated.
943 CheckAuthenticatedState(tab, AuthState::NONE);
944
945 // Because of cross-frame scripting restrictions, we cannot access the iframe
946 // content. So to know if the frame was loaded, we just check if a popup was
947 // opened (the iframe content opens one).
948 // Note: because of bug 1115868, no web contents modal dialog is opened right
949 // now. Once the bug is fixed, this will do the real check.
950 EXPECT_FALSE(IsShowingWebContentsModalDialog());
951
952 int img_width;
953 EXPECT_TRUE(content::ExecuteScriptAndExtractInt(
954 tab,
955 "window.domAutomationController.send(ImageWidth());",
956 &img_width));
957 // In order to check that the image was not loaded, we check its width.
958 // The actual image (Google logo) is 114 pixels wide, we assume the broken
959 // image is less than 100.
960 EXPECT_LT(img_width, 100);
961
962 bool js_result = false;
963 EXPECT_TRUE(content::ExecuteScriptAndExtractBool(
964 tab,
965 "window.domAutomationController.send(IsFooSet());",
966 &js_result));
967 EXPECT_FALSE(js_result);
968 }
969
970 // Visits a page with insecure content loaded by JS (after the initial page
971 // load).
972 IN_PROC_BROWSER_TEST_F(SSLUITest, TestDisplaysInsecureContentLoadedFromJS) {
973 ASSERT_TRUE(test_server()->Start());
974 ASSERT_TRUE(https_server_.Start());
975
976 std::string replacement_path;
977 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement(
978 "files/ssl/page_with_dynamic_insecure_content.html",
979 test_server()->host_port_pair(),
980 &replacement_path));
981 ui_test_utils::NavigateToURL(browser(), https_server_.GetURL(
982 replacement_path));
983
984 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
985 CheckAuthenticatedState(tab, AuthState::NONE);
986
987 // Load the insecure image.
988 bool js_result = false;
989 EXPECT_TRUE(content::ExecuteScriptAndExtractBool(
990 tab,
991 "loadBadImage();",
992 &js_result));
993 EXPECT_TRUE(js_result);
994
995 // We should now have insecure content.
996 CheckAuthenticatedState(tab, AuthState::DISPLAYED_INSECURE_CONTENT);
997 }
998
999 // Visits two pages from the same origin: one that displays insecure content and
1000 // one that doesn't. The test checks that we do not propagate the insecure
1001 // content state from one to the other.
1002 IN_PROC_BROWSER_TEST_F(SSLUITest, TestDisplaysInsecureContentTwoTabs) {
1003 ASSERT_TRUE(test_server()->Start());
1004 ASSERT_TRUE(https_server_.Start());
1005
1006 ui_test_utils::NavigateToURL(browser(),
1007 https_server_.GetURL("files/ssl/blank_page.html"));
1008
1009 WebContents* tab1 = browser()->tab_strip_model()->GetActiveWebContents();
1010
1011 // This tab should be fine.
1012 CheckAuthenticatedState(tab1, AuthState::NONE);
1013
1014 // Create a new tab.
1015 std::string replacement_path;
1016 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement(
1017 "files/ssl/page_displays_insecure_content.html",
1018 test_server()->host_port_pair(),
1019 &replacement_path));
1020
1021 GURL url = https_server_.GetURL(replacement_path);
1022 chrome::NavigateParams params(browser(), url, content::PAGE_TRANSITION_TYPED);
1023 params.disposition = NEW_FOREGROUND_TAB;
1024 params.tabstrip_index = 0;
1025 params.source_contents = tab1;
1026 content::WindowedNotificationObserver observer(
1027 content::NOTIFICATION_LOAD_STOP,
1028 content::NotificationService::AllSources());
1029 chrome::Navigate(&params);
1030 WebContents* tab2 = params.target_contents;
1031 observer.Wait();
1032
1033 // The new tab has insecure content.
1034 CheckAuthenticatedState(tab2, AuthState::DISPLAYED_INSECURE_CONTENT);
1035
1036 // The original tab should not be contaminated.
1037 CheckAuthenticatedState(tab1, AuthState::NONE);
1038 }
1039
1040 // Visits two pages from the same origin: one that runs insecure content and one
1041 // that doesn't. The test checks that we propagate the insecure content state
1042 // from one to the other.
1043 IN_PROC_BROWSER_TEST_F(SSLUITest, TestRunsInsecureContentTwoTabs) {
1044 ASSERT_TRUE(test_server()->Start());
1045 ASSERT_TRUE(https_server_.Start());
1046
1047 ui_test_utils::NavigateToURL(browser(),
1048 https_server_.GetURL("files/ssl/blank_page.html"));
1049
1050 WebContents* tab1 = browser()->tab_strip_model()->GetActiveWebContents();
1051
1052 // This tab should be fine.
1053 CheckAuthenticatedState(tab1, AuthState::NONE);
1054
1055 std::string replacement_path;
1056 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement(
1057 "files/ssl/page_runs_insecure_content.html",
1058 test_server()->host_port_pair(),
1059 &replacement_path));
1060
1061 // Create a new tab in the same process. Using a NEW_FOREGROUND_TAB
1062 // disposition won't usually stay in the same process, but this works
1063 // because we are using process-per-site in SetUpCommandLine.
1064 GURL url = https_server_.GetURL(replacement_path);
1065 chrome::NavigateParams params(browser(), url, content::PAGE_TRANSITION_TYPED);
1066 params.disposition = NEW_FOREGROUND_TAB;
1067 params.source_contents = tab1;
1068 content::WindowedNotificationObserver observer(
1069 content::NOTIFICATION_LOAD_STOP,
1070 content::NotificationService::AllSources());
1071 chrome::Navigate(&params);
1072 WebContents* tab2 = params.target_contents;
1073 observer.Wait();
1074
1075 // Both tabs should have the same process.
1076 EXPECT_EQ(tab1->GetRenderProcessHost(), tab2->GetRenderProcessHost());
1077
1078 // The new tab has insecure content.
1079 CheckAuthenticationBrokenState(
1080 tab2,
1081 CertError::NONE,
1082 AuthState::DISPLAYED_INSECURE_CONTENT | AuthState::RAN_INSECURE_CONTENT);
1083
1084 // Which means the origin for the first tab has also been contaminated with
1085 // insecure content.
1086 CheckAuthenticationBrokenState(
1087 tab1, CertError::NONE, AuthState::RAN_INSECURE_CONTENT);
1088 }
1089
1090 // Visits a page with an image over http. Visits another page over https
1091 // referencing that same image over http (hoping it is coming from the webcore
1092 // memory cache).
1093 IN_PROC_BROWSER_TEST_F(SSLUITest, TestDisplaysCachedInsecureContent) {
1094 ASSERT_TRUE(test_server()->Start());
1095 ASSERT_TRUE(https_server_.Start());
1096
1097 std::string replacement_path;
1098 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement(
1099 "files/ssl/page_displays_insecure_content.html",
1100 test_server()->host_port_pair(),
1101 &replacement_path));
1102
1103 // Load original page over HTTP.
1104 const GURL url_http = test_server()->GetURL(replacement_path);
1105 ui_test_utils::NavigateToURL(browser(), url_http);
1106 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
1107 CheckUnauthenticatedState(tab);
1108
1109 // Load again but over SSL. It should be marked as displaying insecure
1110 // content (even though the image comes from the WebCore memory cache).
1111 const GURL url_https = https_server_.GetURL(replacement_path);
1112 ui_test_utils::NavigateToURL(browser(), url_https);
1113 CheckAuthenticatedState(tab, AuthState::DISPLAYED_INSECURE_CONTENT);
1114 }
1115
1116 // http://crbug.com/84729
1117 #if defined(OS_CHROMEOS)
1118 #define MAYBE_TestRunsCachedInsecureContent \
1119 DISABLED_TestRunsCachedInsecureContent
1120 #else
1121 #define MAYBE_TestRunsCachedInsecureContent TestRunsCachedInsecureContent
1122 #endif // defined(OS_CHROMEOS)
1123
1124 // Visits a page with script over http. Visits another page over https
1125 // referencing that same script over http (hoping it is coming from the webcore
1126 // memory cache).
1127 IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestRunsCachedInsecureContent) {
1128 ASSERT_TRUE(test_server()->Start());
1129 ASSERT_TRUE(https_server_.Start());
1130
1131 std::string replacement_path;
1132 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement(
1133 "files/ssl/page_runs_insecure_content.html",
1134 test_server()->host_port_pair(),
1135 &replacement_path));
1136
1137 // Load original page over HTTP.
1138 const GURL url_http = test_server()->GetURL(replacement_path);
1139 ui_test_utils::NavigateToURL(browser(), url_http);
1140 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
1141 CheckUnauthenticatedState(tab);
1142
1143 // Load again but over SSL. It should be marked as displaying insecure
1144 // content (even though the image comes from the WebCore memory cache).
1145 const GURL url_https = https_server_.GetURL(replacement_path);
1146 ui_test_utils::NavigateToURL(browser(), url_https);
1147 CheckAuthenticationBrokenState(
1148 tab,
1149 CertError::NONE,
1150 AuthState::DISPLAYED_INSECURE_CONTENT | AuthState::RAN_INSECURE_CONTENT);
1151 }
1152
1153 #if defined(OS_WIN)
1154 // Flaky on Win7 debug (http://crbug.com/368280).
1155 #define MAYBE_TestCNInvalidStickiness DISABLED_TestCNInvalidStickiness
1156 #else
1157 #define MAYBE_TestCNInvalidStickiness TestCNInvalidStickiness
1158 #endif
1159 // This test ensures the CN invalid status does not 'stick' to a certificate
1160 // (see bug #1044942) and that it depends on the host-name.
1161 IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestCNInvalidStickiness) {
1162 ASSERT_TRUE(https_server_.Start());
1163 ASSERT_TRUE(https_server_mismatched_.Start());
1164
1165 // First we hit the server with hostname, this generates an invalid policy
1166 // error.
1167 ui_test_utils::NavigateToURL(browser(),
1168 https_server_mismatched_.GetURL("files/ssl/google.html"));
1169
1170 // We get an interstitial page as a result.
1171 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
1172 CheckAuthenticationBrokenState(tab,
1173 net::CERT_STATUS_COMMON_NAME_INVALID,
1174 AuthState::SHOWING_INTERSTITIAL);
1175 ProceedThroughInterstitial(tab);
1176 CheckAuthenticationBrokenState(
1177 tab, net::CERT_STATUS_COMMON_NAME_INVALID, AuthState::NONE);
1178
1179 // Now we try again with the right host name this time.
1180 GURL url(https_server_.GetURL("files/ssl/google.html"));
1181 ui_test_utils::NavigateToURL(browser(), url);
1182
1183 // Security state should be OK.
1184 CheckAuthenticatedState(tab, AuthState::NONE);
1185
1186 // Now try again the broken one to make sure it is still broken.
1187 ui_test_utils::NavigateToURL(browser(),
1188 https_server_mismatched_.GetURL("files/ssl/google.html"));
1189
1190 // Since we OKed the interstitial last time, we get right to the page.
1191 CheckAuthenticationBrokenState(
1192 tab, net::CERT_STATUS_COMMON_NAME_INVALID, AuthState::NONE);
1193 }
1194
1195 #if defined(OS_CHROMEOS)
1196 // This test seems to be flaky and hang on chromiumos.
1197 // http://crbug.com/84419
1198 #define MAYBE_TestRefNavigation DISABLED_TestRefNavigation
1199 #else
1200 #define MAYBE_TestRefNavigation TestRefNavigation
1201 #endif
1202
1203 // Test that navigating to a #ref does not change a bad security state.
1204 IN_PROC_BROWSER_TEST_F(SSLUITest, TestRefNavigation) {
1205 ASSERT_TRUE(https_server_expired_.Start());
1206
1207 ui_test_utils::NavigateToURL(browser(),
1208 https_server_expired_.GetURL("files/ssl/page_with_refs.html"));
1209
1210 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
1211 CheckAuthenticationBrokenState(
1212 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
1213
1214 ProceedThroughInterstitial(tab);
1215
1216 CheckAuthenticationBrokenState(
1217 tab, net::CERT_STATUS_DATE_INVALID, AuthState::NONE);
1218 // Now navigate to a ref in the page, the security state should not have
1219 // changed.
1220 ui_test_utils::NavigateToURL(browser(),
1221 https_server_expired_.GetURL("files/ssl/page_with_refs.html#jp"));
1222
1223 CheckAuthenticationBrokenState(
1224 tab, net::CERT_STATUS_DATE_INVALID, AuthState::NONE);
1225 }
1226
1227 // Tests that closing a page that has a unsafe pop-up does not crash the
1228 // browser (bug #1966).
1229 // TODO(jcampan): http://crbug.com/2136 disabled because the popup is not
1230 // opened as it is not initiated by a user gesture.
1231 IN_PROC_BROWSER_TEST_F(SSLUITest, DISABLED_TestCloseTabWithUnsafePopup) {
1232 ASSERT_TRUE(test_server()->Start());
1233 ASSERT_TRUE(https_server_expired_.Start());
1234
1235 std::string replacement_path;
1236 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement(
1237 "files/ssl/page_with_unsafe_popup.html",
1238 https_server_expired_.host_port_pair(),
1239 &replacement_path));
1240
1241 ui_test_utils::NavigateToURL(browser(),
1242 test_server()->GetURL(replacement_path));
1243
1244 WebContents* tab1 = browser()->tab_strip_model()->GetActiveWebContents();
1245 // It is probably overkill to add a notification for a popup-opening, let's
1246 // just poll.
1247 for (int i = 0; i < 10; i++) {
1248 if (IsShowingWebContentsModalDialog())
1249 break;
1250 base::MessageLoop::current()->PostDelayedTask(
1251 FROM_HERE,
1252 base::MessageLoop::QuitClosure(),
1253 base::TimeDelta::FromSeconds(1));
1254 content::RunMessageLoop();
1255 }
1256 ASSERT_TRUE(IsShowingWebContentsModalDialog());
1257
1258 // Let's add another tab to make sure the browser does not exit when we close
1259 // the first tab.
1260 GURL url = test_server()->GetURL("files/ssl/google.html");
1261 content::WindowedNotificationObserver observer(
1262 content::NOTIFICATION_LOAD_STOP,
1263 content::NotificationService::AllSources());
1264 chrome::AddSelectedTabWithURL(browser(), url, content::PAGE_TRANSITION_TYPED);
1265 observer.Wait();
1266
1267 // Close the first tab.
1268 chrome::CloseWebContents(browser(), tab1, false);
1269 }
1270
1271 // Visit a page over bad https that is a redirect to a page with good https.
1272 IN_PROC_BROWSER_TEST_F(SSLUITest, TestRedirectBadToGoodHTTPS) {
1273 ASSERT_TRUE(https_server_.Start());
1274 ASSERT_TRUE(https_server_expired_.Start());
1275
1276 GURL url1 = https_server_expired_.GetURL("server-redirect?");
1277 GURL url2 = https_server_.GetURL("files/ssl/google.html");
1278
1279 ui_test_utils::NavigateToURL(browser(), GURL(url1.spec() + url2.spec()));
1280
1281 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
1282
1283 CheckAuthenticationBrokenState(
1284 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
1285
1286 ProceedThroughInterstitial(tab);
1287
1288 // We have been redirected to the good page.
1289 CheckAuthenticatedState(tab, AuthState::NONE);
1290 }
1291
1292 // Visit a page over good https that is a redirect to a page with bad https.
1293 IN_PROC_BROWSER_TEST_F(SSLUITest, TestRedirectGoodToBadHTTPS) {
1294 ASSERT_TRUE(https_server_.Start());
1295 ASSERT_TRUE(https_server_expired_.Start());
1296
1297 GURL url1 = https_server_.GetURL("server-redirect?");
1298 GURL url2 = https_server_expired_.GetURL("files/ssl/google.html");
1299 ui_test_utils::NavigateToURL(browser(), GURL(url1.spec() + url2.spec()));
1300
1301 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
1302 CheckAuthenticationBrokenState(
1303 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
1304
1305 ProceedThroughInterstitial(tab);
1306
1307 CheckAuthenticationBrokenState(
1308 tab, net::CERT_STATUS_DATE_INVALID, AuthState::NONE);
1309 }
1310
1311 // Visit a page over http that is a redirect to a page with good HTTPS.
1312 IN_PROC_BROWSER_TEST_F(SSLUITest, TestRedirectHTTPToGoodHTTPS) {
1313 ASSERT_TRUE(test_server()->Start());
1314 ASSERT_TRUE(https_server_.Start());
1315
1316 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
1317
1318 // HTTP redirects to good HTTPS.
1319 GURL http_url = test_server()->GetURL("server-redirect?");
1320 GURL good_https_url =
1321 https_server_.GetURL("files/ssl/google.html");
1322
1323 ui_test_utils::NavigateToURL(browser(),
1324 GURL(http_url.spec() + good_https_url.spec()));
1325 CheckAuthenticatedState(tab, AuthState::NONE);
1326 }
1327
1328 // Visit a page over http that is a redirect to a page with bad HTTPS.
1329 IN_PROC_BROWSER_TEST_F(SSLUITest, TestRedirectHTTPToBadHTTPS) {
1330 ASSERT_TRUE(test_server()->Start());
1331 ASSERT_TRUE(https_server_expired_.Start());
1332
1333 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
1334
1335 GURL http_url = test_server()->GetURL("server-redirect?");
1336 GURL bad_https_url =
1337 https_server_expired_.GetURL("files/ssl/google.html");
1338 ui_test_utils::NavigateToURL(browser(),
1339 GURL(http_url.spec() + bad_https_url.spec()));
1340 CheckAuthenticationBrokenState(
1341 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
1342
1343 ProceedThroughInterstitial(tab);
1344
1345 CheckAuthenticationBrokenState(
1346 tab, net::CERT_STATUS_DATE_INVALID, AuthState::NONE);
1347 }
1348
1349 // Visit a page over https that is a redirect to a page with http (to make sure
1350 // we don't keep the secure state).
1351 IN_PROC_BROWSER_TEST_F(SSLUITest, TestRedirectHTTPSToHTTP) {
1352 ASSERT_TRUE(test_server()->Start());
1353 ASSERT_TRUE(https_server_.Start());
1354
1355 GURL https_url = https_server_.GetURL("server-redirect?");
1356 GURL http_url = test_server()->GetURL("files/ssl/google.html");
1357
1358 ui_test_utils::NavigateToURL(browser(),
1359 GURL(https_url.spec() + http_url.spec()));
1360 CheckUnauthenticatedState(
1361 browser()->tab_strip_model()->GetActiveWebContents());
1362 }
1363
1364 // Visits a page to which we could not connect (bad port) over http and https
1365 // and make sure the security style is correct.
1366 IN_PROC_BROWSER_TEST_F(SSLUITest, TestConnectToBadPort) {
1367 ui_test_utils::NavigateToURL(browser(), GURL("http://localhost:17"));
1368 CheckUnauthenticatedState(
1369 browser()->tab_strip_model()->GetActiveWebContents());
1370
1371 // Same thing over HTTPS.
1372 ui_test_utils::NavigateToURL(browser(), GURL("https://localhost:17"));
1373 CheckUnauthenticatedState(
1374 browser()->tab_strip_model()->GetActiveWebContents());
1375 }
1376
1377 //
1378 // Frame navigation
1379 //
1380
1381 // From a good HTTPS top frame:
1382 // - navigate to an OK HTTPS frame
1383 // - navigate to a bad HTTPS (expect unsafe content and filtered frame), then
1384 // back
1385 // - navigate to HTTP (expect insecure content), then back
1386 IN_PROC_BROWSER_TEST_F(SSLUITest, TestGoodFrameNavigation) {
1387 ASSERT_TRUE(test_server()->Start());
1388 ASSERT_TRUE(https_server_.Start());
1389 ASSERT_TRUE(https_server_expired_.Start());
1390
1391 std::string top_frame_path;
1392 ASSERT_TRUE(GetTopFramePath(*test_server(),
1393 https_server_,
1394 https_server_expired_,
1395 &top_frame_path));
1396
1397 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
1398 ui_test_utils::NavigateToURL(browser(),
1399 https_server_.GetURL(top_frame_path));
1400
1401 CheckAuthenticatedState(tab, AuthState::NONE);
1402
1403 bool success = false;
1404 // Now navigate inside the frame.
1405 {
1406 content::WindowedNotificationObserver observer(
1407 content::NOTIFICATION_LOAD_STOP,
1408 content::Source<NavigationController>(&tab->GetController()));
1409 EXPECT_TRUE(content::ExecuteScriptAndExtractBool(
1410 tab,
1411 "window.domAutomationController.send(clickLink('goodHTTPSLink'));",
1412 &success));
1413 ASSERT_TRUE(success);
1414 observer.Wait();
1415 }
1416
1417 // We should still be fine.
1418 CheckAuthenticatedState(tab, AuthState::NONE);
1419
1420 // Now let's hit a bad page.
1421 {
1422 content::WindowedNotificationObserver observer(
1423 content::NOTIFICATION_LOAD_STOP,
1424 content::Source<NavigationController>(&tab->GetController()));
1425 EXPECT_TRUE(content::ExecuteScriptAndExtractBool(
1426 tab,
1427 "window.domAutomationController.send(clickLink('badHTTPSLink'));",
1428 &success));
1429 ASSERT_TRUE(success);
1430 observer.Wait();
1431 }
1432
1433 // The security style should still be secure.
1434 CheckAuthenticatedState(tab, AuthState::NONE);
1435
1436 // And the frame should be blocked.
1437 bool is_content_evil = true;
1438 content::RenderFrameHost* content_frame = content::FrameMatchingPredicate(
1439 tab, base::Bind(&content::FrameMatchesName, "contentFrame"));
1440 std::string is_evil_js("window.domAutomationController.send("
1441 "document.getElementById('evilDiv') != null);");
1442 EXPECT_TRUE(content::ExecuteScriptAndExtractBool(content_frame,
1443 is_evil_js,
1444 &is_content_evil));
1445 EXPECT_FALSE(is_content_evil);
1446
1447 // Now go back, our state should still be OK.
1448 {
1449 content::WindowedNotificationObserver observer(
1450 content::NOTIFICATION_LOAD_STOP,
1451 content::Source<NavigationController>(&tab->GetController()));
1452 tab->GetController().GoBack();
1453 observer.Wait();
1454 }
1455 CheckAuthenticatedState(tab, AuthState::NONE);
1456
1457 // Navigate to a page served over HTTP.
1458 {
1459 content::WindowedNotificationObserver observer(
1460 content::NOTIFICATION_LOAD_STOP,
1461 content::Source<NavigationController>(&tab->GetController()));
1462 EXPECT_TRUE(content::ExecuteScriptAndExtractBool(
1463 tab,
1464 "window.domAutomationController.send(clickLink('HTTPLink'));",
1465 &success));
1466 ASSERT_TRUE(success);
1467 observer.Wait();
1468 }
1469
1470 // Our state should be unathenticated (in the ran mixed script sense)
1471 CheckAuthenticationBrokenState(
1472 tab,
1473 CertError::NONE,
1474 AuthState::DISPLAYED_INSECURE_CONTENT | AuthState::RAN_INSECURE_CONTENT);
1475
1476 // Go back, our state should be unchanged.
1477 {
1478 content::WindowedNotificationObserver observer(
1479 content::NOTIFICATION_LOAD_STOP,
1480 content::Source<NavigationController>(&tab->GetController()));
1481 tab->GetController().GoBack();
1482 observer.Wait();
1483 }
1484
1485 CheckAuthenticationBrokenState(
1486 tab,
1487 CertError::NONE,
1488 AuthState::DISPLAYED_INSECURE_CONTENT | AuthState::RAN_INSECURE_CONTENT);
1489 }
1490
1491 // From a bad HTTPS top frame:
1492 // - navigate to an OK HTTPS frame (expected to be still authentication broken).
1493 IN_PROC_BROWSER_TEST_F(SSLUITest, TestBadFrameNavigation) {
1494 ASSERT_TRUE(https_server_.Start());
1495 ASSERT_TRUE(https_server_expired_.Start());
1496
1497 std::string top_frame_path;
1498 ASSERT_TRUE(GetTopFramePath(*test_server(),
1499 https_server_,
1500 https_server_expired_,
1501 &top_frame_path));
1502
1503 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
1504 ui_test_utils::NavigateToURL(browser(),
1505 https_server_expired_.GetURL(top_frame_path));
1506 CheckAuthenticationBrokenState(
1507 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
1508
1509 ProceedThroughInterstitial(tab);
1510
1511 // Navigate to a good frame.
1512 bool success = false;
1513 content::WindowedNotificationObserver observer(
1514 content::NOTIFICATION_LOAD_STOP,
1515 content::Source<NavigationController>(&tab->GetController()));
1516 EXPECT_TRUE(content::ExecuteScriptAndExtractBool(
1517 tab,
1518 "window.domAutomationController.send(clickLink('goodHTTPSLink'));",
1519 &success));
1520 ASSERT_TRUE(success);
1521 observer.Wait();
1522
1523 // We should still be authentication broken.
1524 CheckAuthenticationBrokenState(
1525 tab, net::CERT_STATUS_DATE_INVALID, AuthState::NONE);
1526 }
1527
1528 // From an HTTP top frame, navigate to good and bad HTTPS (security state should
1529 // stay unauthenticated).
1530 // Disabled, flakily exceeds test timeout, http://crbug.com/43437.
1531 IN_PROC_BROWSER_TEST_F(SSLUITest, DISABLED_TestUnauthenticatedFrameNavigation) {
1532 ASSERT_TRUE(test_server()->Start());
1533 ASSERT_TRUE(https_server_.Start());
1534 ASSERT_TRUE(https_server_expired_.Start());
1535
1536 std::string top_frame_path;
1537 ASSERT_TRUE(GetTopFramePath(*test_server(),
1538 https_server_,
1539 https_server_expired_,
1540 &top_frame_path));
1541
1542 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
1543 ui_test_utils::NavigateToURL(browser(),
1544 test_server()->GetURL(top_frame_path));
1545 CheckUnauthenticatedState(tab);
1546
1547 // Now navigate inside the frame to a secure HTTPS frame.
1548 {
1549 bool success = false;
1550 content::WindowedNotificationObserver observer(
1551 content::NOTIFICATION_LOAD_STOP,
1552 content::Source<NavigationController>(&tab->GetController()));
1553 EXPECT_TRUE(content::ExecuteScriptAndExtractBool(
1554 tab,
1555 "window.domAutomationController.send(clickLink('goodHTTPSLink'));",
1556 &success));
1557 ASSERT_TRUE(success);
1558 observer.Wait();
1559 }
1560
1561 // We should still be unauthenticated.
1562 CheckUnauthenticatedState(tab);
1563
1564 // Now navigate to a bad HTTPS frame.
1565 {
1566 bool success = false;
1567 content::WindowedNotificationObserver observer(
1568 content::NOTIFICATION_LOAD_STOP,
1569 content::Source<NavigationController>(&tab->GetController()));
1570 EXPECT_TRUE(content::ExecuteScriptAndExtractBool(
1571 tab,
1572 "window.domAutomationController.send(clickLink('badHTTPSLink'));",
1573 &success));
1574 ASSERT_TRUE(success);
1575 observer.Wait();
1576 }
1577
1578 // State should not have changed.
1579 CheckUnauthenticatedState(tab);
1580
1581 // And the frame should have been blocked (see bug #2316).
1582 bool is_content_evil = true;
1583 content::RenderFrameHost* content_frame = content::FrameMatchingPredicate(
1584 tab, base::Bind(&content::FrameMatchesName, "contentFrame"));
1585 std::string is_evil_js("window.domAutomationController.send("
1586 "document.getElementById('evilDiv') != null);");
1587 EXPECT_TRUE(content::ExecuteScriptAndExtractBool(content_frame,
1588 is_evil_js,
1589 &is_content_evil));
1590 EXPECT_FALSE(is_content_evil);
1591 }
1592
1593 IN_PROC_BROWSER_TEST_F(SSLUITest, TestUnsafeContentsInWorkerFiltered) {
1594 ASSERT_TRUE(https_server_.Start());
1595 ASSERT_TRUE(https_server_expired_.Start());
1596
1597 // This page will spawn a Worker which will try to load content from
1598 // BadCertServer.
1599 std::string page_with_unsafe_worker_path;
1600 ASSERT_TRUE(GetPageWithUnsafeWorkerPath(https_server_expired_,
1601 &page_with_unsafe_worker_path));
1602 ui_test_utils::NavigateToURL(browser(), https_server_.GetURL(
1603 page_with_unsafe_worker_path));
1604 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
1605 // Expect Worker not to load insecure content.
1606 CheckWorkerLoadResult(tab, false);
1607 // The bad content is filtered, expect the state to be authenticated.
1608 CheckAuthenticatedState(tab, AuthState::NONE);
1609 }
1610
1611 IN_PROC_BROWSER_TEST_F(SSLUITest, TestUnsafeContentsInWorker) {
1612 ASSERT_TRUE(https_server_.Start());
1613 ASSERT_TRUE(https_server_expired_.Start());
1614
1615 // Navigate to an unsafe site. Proceed with interstitial page to indicate
1616 // the user approves the bad certificate.
1617 ui_test_utils::NavigateToURL(browser(),
1618 https_server_expired_.GetURL("files/ssl/blank_page.html"));
1619 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
1620 CheckAuthenticationBrokenState(
1621 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
1622 ProceedThroughInterstitial(tab);
1623 CheckAuthenticationBrokenState(
1624 tab, net::CERT_STATUS_DATE_INVALID, AuthState::NONE);
1625
1626 // Navigate to safe page that has Worker loading unsafe content.
1627 // Expect content to load but be marked as auth broken due to running insecure
1628 // content.
1629 std::string page_with_unsafe_worker_path;
1630 ASSERT_TRUE(GetPageWithUnsafeWorkerPath(https_server_expired_,
1631 &page_with_unsafe_worker_path));
1632 ui_test_utils::NavigateToURL(browser(), https_server_.GetURL(
1633 page_with_unsafe_worker_path));
1634 CheckWorkerLoadResult(tab, true); // Worker loads insecure content
1635 CheckAuthenticationBrokenState(
1636 tab, CertError::NONE, AuthState::RAN_INSECURE_CONTENT);
1637 }
1638
1639 // Test that when the browser blocks displaying insecure content (images), the
1640 // indicator shows a secure page, because the blocking made the otherwise
1641 // unsafe page safe (the notification of this state is handled by other means).
1642 IN_PROC_BROWSER_TEST_F(SSLUITestBlock, TestBlockDisplayingInsecureImage) {
1643 ASSERT_TRUE(test_server()->Start());
1644 ASSERT_TRUE(https_server_.Start());
1645
1646 std::string replacement_path;
1647 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement(
1648 "files/ssl/page_displays_insecure_content.html",
1649 test_server()->host_port_pair(),
1650 &replacement_path));
1651
1652 ui_test_utils::NavigateToURL(browser(),
1653 https_server_.GetURL(replacement_path));
1654
1655 CheckAuthenticatedState(browser()->tab_strip_model()->GetActiveWebContents(),
1656 AuthState::NONE);
1657 }
1658
1659 // Test that when the browser blocks displaying insecure content (iframes), the
1660 // indicator shows a secure page, because the blocking made the otherwise
1661 // unsafe page safe (the notification of this state is handled by other means)
1662 IN_PROC_BROWSER_TEST_F(SSLUITestBlock, TestBlockDisplayingInsecureIframe) {
1663 ASSERT_TRUE(test_server()->Start());
1664 ASSERT_TRUE(https_server_.Start());
1665
1666 std::string replacement_path;
1667 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement(
1668 "files/ssl/page_displays_insecure_iframe.html",
1669 test_server()->host_port_pair(),
1670 &replacement_path));
1671
1672 ui_test_utils::NavigateToURL(browser(),
1673 https_server_.GetURL(replacement_path));
1674
1675 CheckAuthenticatedState(browser()->tab_strip_model()->GetActiveWebContents(),
1676 AuthState::NONE);
1677 }
1678
1679 // Test that when the browser blocks running insecure content, the
1680 // indicator shows a secure page, because the blocking made the otherwise
1681 // unsafe page safe (the notification of this state is handled by other means).
1682 IN_PROC_BROWSER_TEST_F(SSLUITestBlock, TestBlockRunningInsecureContent) {
1683 ASSERT_TRUE(test_server()->Start());
1684 ASSERT_TRUE(https_server_.Start());
1685
1686 std::string replacement_path;
1687 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement(
1688 "files/ssl/page_runs_insecure_content.html",
1689 test_server()->host_port_pair(),
1690 &replacement_path));
1691
1692 ui_test_utils::NavigateToURL(browser(),
1693 https_server_.GetURL(replacement_path));
1694
1695 CheckAuthenticatedState(browser()->tab_strip_model()->GetActiveWebContents(),
1696 AuthState::NONE);
1697 }
1698
1699 // Visit a page and establish a WebSocket connection over bad https with
1700 // --ignore-certificate-errors. The connection should be established without
1701 // interstitial page showing.
1702 IN_PROC_BROWSER_TEST_F(SSLUITestIgnoreCertErrors, TestWSS) {
1703 ASSERT_TRUE(test_server()->Start());
1704 ASSERT_TRUE(wss_server_expired_.Start());
1705
1706 // Setup page title observer.
1707 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
1708 content::TitleWatcher watcher(tab, ASCIIToUTF16("PASS"));
1709 watcher.AlsoWaitForTitle(ASCIIToUTF16("FAIL"));
1710
1711 // Visit bad HTTPS page.
1712 std::string scheme("https");
1713 GURL::Replacements replacements;
1714 replacements.SetSchemeStr(scheme);
1715 ui_test_utils::NavigateToURL(
1716 browser(),
1717 wss_server_expired_.GetURL(
1718 "connect_check.html").ReplaceComponents(replacements));
1719
1720 // We shouldn't have an interstitial page showing here.
1721
1722 // Test page run a WebSocket wss connection test. The result will be shown
1723 // as page title.
1724 const base::string16 result = watcher.WaitAndGetTitle();
1725 EXPECT_TRUE(LowerCaseEqualsASCII(result, "pass"));
1726 }
1727
1728 // Verifies that if JavaScript is disabled interstitials aren't affected.
1729 // http://crbug.com/322948
1730 IN_PROC_BROWSER_TEST_F(SSLUITest, InterstitialNotAffectedByContentSettings) {
1731 browser()->profile()->GetHostContentSettingsMap()->SetDefaultContentSetting(
1732 CONTENT_SETTINGS_TYPE_JAVASCRIPT, CONTENT_SETTING_BLOCK);
1733
1734 ASSERT_TRUE(https_server_expired_.Start());
1735 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
1736 ui_test_utils::NavigateToURL(browser(),
1737 https_server_expired_.GetURL("files/ssl/google.html"));
1738 CheckAuthenticationBrokenState(
1739 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
1740
1741 InterstitialPage* interstitial_page = tab->GetInterstitialPage();
1742 content::RenderViewHost* interstitial_rvh =
1743 interstitial_page->GetRenderViewHostForTesting();
1744 bool result = false;
1745 ASSERT_TRUE(content::ExecuteScriptAndExtractBool(
1746 interstitial_rvh,
1747 "window.domAutomationController.send(true);",
1748 &result));
1749 // The above will hang without the fix.
1750 ASSERT_TRUE(result);
1751 }
1752
1753 // TODO(jcampan): more tests to do below.
1754
1755 // Visit a page over https that contains a frame with a redirect.
1756
1757 // XMLHttpRequest insecure content in synchronous mode.
1758
1759 // XMLHttpRequest insecure content in asynchronous mode.
1760
1761 // XMLHttpRequest over bad ssl in synchronous mode.
1762
1763 // XMLHttpRequest over OK ssl in synchronous mode.