search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Give names to all utility processes.
[chromium-blink-merge.git] / chrome / browser / ssl / ssl_browser_tests.cc
blob69250187282974e3ec866bc800dccb76cbab1596
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "base/bind.h"
6 #include "base/bind_helpers.h"
7 #include "base/callback.h"
8 #include "base/command_line.h"
9 #include "base/metrics/field_trial.h"
10 #include "base/prefs/pref_service.h"
11 #include "base/strings/string_util.h"
12 #include "base/strings/stringprintf.h"
13 #include "base/strings/utf_string_conversions.h"
14 #include "base/time/time.h"
15 #include "chrome/app/chrome_command_ids.h"
16 #include "chrome/browser/browser_process.h"
17 #include "chrome/browser/chrome_notification_types.h"
18 #include "chrome/browser/interstitials/security_interstitial_page_test_utils.h"
19 #include "chrome/browser/net/certificate_error_reporter.h"
20 #include "chrome/browser/profiles/profile.h"
21 #include "chrome/browser/safe_browsing/ping_manager.h"
22 #include "chrome/browser/safe_browsing/safe_browsing_service.h"
23 #include "chrome/browser/ssl/ssl_blocking_page.h"
24 #include "chrome/browser/ui/browser.h"
25 #include "chrome/browser/ui/browser_commands.h"
26 #include "chrome/browser/ui/browser_navigator.h"
27 #include "chrome/browser/ui/browser_tabstrip.h"
28 #include "chrome/browser/ui/tabs/tab_strip_model.h"
29 #include "chrome/common/chrome_paths.h"
30 #include "chrome/common/chrome_switches.h"
31 #include "chrome/common/pref_names.h"
32 #include "chrome/test/base/in_process_browser_test.h"
33 #include "chrome/test/base/ui_test_utils.h"
34 #include "components/content_settings/core/browser/host_content_settings_map.h"
35 #include "components/variations/variations_associated_data.h"
36 #include "components/web_modal/web_contents_modal_dialog_manager.h"
37 #include "content/public/browser/browser_context.h"
38 #include "content/public/browser/interstitial_page.h"
39 #include "content/public/browser/navigation_controller.h"
40 #include "content/public/browser/navigation_entry.h"
41 #include "content/public/browser/notification_service.h"
42 #include "content/public/browser/render_frame_host.h"
43 #include "content/public/browser/render_view_host.h"
44 #include "content/public/browser/render_widget_host_view.h"
45 #include "content/public/browser/web_contents.h"
46 #include "content/public/browser/web_contents_observer.h"
47 #include "content/public/common/security_style.h"
48 #include "content/public/common/ssl_status.h"
49 #include "content/public/test/browser_test_utils.h"
50 #include "content/public/test/download_test_observer.h"
51 #include "content/public/test/test_renderer_host.h"
52 #include "net/base/net_errors.h"
53 #include "net/base/test_data_directory.h"
54 #include "net/cert/cert_status_flags.h"
55 #include "net/cert/x509_certificate.h"
56 #include "net/ssl/ssl_info.h"
57 #include "net/test/spawned_test_server/spawned_test_server.h"
58 #include "net/url_request/url_request_context.h"
59
60 #if defined(USE_NSS)
61 #include "chrome/browser/net/nss_context.h"
62 #include "net/base/crypto_module.h"
63 #include "net/cert/nss_cert_database.h"
64 #endif // defined(USE_NSS)
65
66 using base::ASCIIToUTF16;
67 using chrome_browser_interstitials::SecurityInterstitialIDNTest;
68 using chrome_browser_net::CertificateErrorReporter;
69 using content::InterstitialPage;
70 using content::NavigationController;
71 using content::NavigationEntry;
72 using content::SSLStatus;
73 using content::WebContents;
74 using web_modal::WebContentsModalDialogManager;
75
76 const base::FilePath::CharType kDocRoot[] =
77 FILE_PATH_LITERAL("chrome/test/data");
78
79 // Const for the Finch group DontShowDontSend
80 const char kHTTPSErrorReporterFinchGroupDontShowDontSend[] =
81 "DontShowAndDontSend";
82
83 namespace {
84
85 class ProvisionalLoadWaiter : public content::WebContentsObserver {
86 public:
87 explicit ProvisionalLoadWaiter(WebContents* tab)
88 : WebContentsObserver(tab), waiting_(false), seen_(false) {}
89
90 void Wait() {
91 if (seen_)
92 return;
93
94 waiting_ = true;
95 content::RunMessageLoop();
96 }
97
98 void DidFailProvisionalLoad(
99 content::RenderFrameHost* render_frame_host,
100 const GURL& validated_url,
101 int error_code,
102 const base::string16& error_description) override {
103 seen_ = true;
104 if (waiting_)
105 base::MessageLoopForUI::current()->Quit();
106 }
107
108 private:
109 bool waiting_;
110 bool seen_;
111 };
112
113 namespace AuthState {
114
115 enum AuthStateFlags {
116 NONE = 0,
117 DISPLAYED_INSECURE_CONTENT = 1 << 0,
118 RAN_INSECURE_CONTENT = 1 << 1,
119 SHOWING_INTERSTITIAL = 1 << 2,
120 SHOWING_ERROR = 1 << 3
121 };
122
123 void Check(const NavigationEntry& entry, int expected_authentication_state) {
124 if (expected_authentication_state == AuthState::SHOWING_ERROR) {
125 EXPECT_EQ(content::PAGE_TYPE_ERROR, entry.GetPageType());
126 } else {
127 EXPECT_EQ(
128 !!(expected_authentication_state & AuthState::SHOWING_INTERSTITIAL)
129 ? content::PAGE_TYPE_INTERSTITIAL
130 : content::PAGE_TYPE_NORMAL,
131 entry.GetPageType());
132 }
133
134 bool displayed_insecure_content =
135 !!(entry.GetSSL().content_status & SSLStatus::DISPLAYED_INSECURE_CONTENT);
136 EXPECT_EQ(
137 !!(expected_authentication_state & AuthState::DISPLAYED_INSECURE_CONTENT),
138 displayed_insecure_content);
139
140 bool ran_insecure_content =
141 !!(entry.GetSSL().content_status & SSLStatus::RAN_INSECURE_CONTENT);
142 EXPECT_EQ(!!(expected_authentication_state & AuthState::RAN_INSECURE_CONTENT),
143 ran_insecure_content);
144 }
145
146 } // namespace AuthState
147
148 namespace SecurityStyle {
149
150 void Check(const NavigationEntry& entry,
151 content::SecurityStyle expected_security_style) {
152 EXPECT_EQ(expected_security_style, entry.GetSSL().security_style);
153 }
154
155 } // namespace SecurityStyle
156
157 namespace CertError {
158
159 enum CertErrorFlags {
160 NONE = 0
161 };
162
163 void Check(const NavigationEntry& entry, net::CertStatus error) {
164 if (error) {
165 EXPECT_EQ(error, entry.GetSSL().cert_status & error);
166 net::CertStatus extra_cert_errors =
167 error ^ (entry.GetSSL().cert_status & net::CERT_STATUS_ALL_ERRORS);
168 if (extra_cert_errors)
169 LOG(WARNING) << "Got unexpected cert error: " << extra_cert_errors;
170 } else {
171 EXPECT_EQ(0U, entry.GetSSL().cert_status & net::CERT_STATUS_ALL_ERRORS);
172 }
173 }
174
175 } // namespace CertError
176
177 void CheckSecurityState(WebContents* tab,
178 net::CertStatus error,
179 content::SecurityStyle expected_security_style,
180 int expected_authentication_state) {
181 ASSERT_FALSE(tab->IsCrashed());
182 NavigationEntry* entry = tab->GetController().GetActiveEntry();
183 ASSERT_TRUE(entry);
184 CertError::Check(*entry, error);
185 SecurityStyle::Check(*entry, expected_security_style);
186 AuthState::Check(*entry, expected_authentication_state);
187 }
188
189 namespace CertificateReporting {
190
191 enum OptIn { EXTENDED_REPORTING_OPT_IN, EXTENDED_REPORTING_DO_NOT_OPT_IN };
192
193 enum Proceed { SSL_INTERSTITIAL_PROCEED, SSL_INTERSTITIAL_DO_NOT_PROCEED };
194
195 enum ExpectReport { CERT_REPORT_EXPECTED, CERT_REPORT_NOT_EXPECTED };
196
197 // This class is used to test invalid certificate chain reporting when
198 // the user opts in to do so on the interstitial.
199 class MockReporter : public CertificateErrorReporter {
200 public:
201 explicit MockReporter(net::URLRequestContext* request_context,
202 const GURL& upload_url,
203 CookiesPreference cookies_preference)
204 : CertificateErrorReporter(request_context,
205 upload_url,
206 cookies_preference) {}
207
208 void SendReport(CertificateErrorReporter::ReportType type,
209 const std::string& hostname,
210 const net::SSLInfo& ssl_info) override {
211 EXPECT_EQ(CertificateErrorReporter::REPORT_TYPE_EXTENDED_REPORTING, type);
212 latest_hostname_reported_ = hostname;
213 }
214
215 const std::string& latest_hostname_reported() {
216 return latest_hostname_reported_;
217 }
218
219 private:
220 std::string latest_hostname_reported_;
221 };
222
223 void SetUpMockReporter(SafeBrowsingService* safe_browsing_service,
224 MockReporter* reporter) {
225 safe_browsing_service->ping_manager()->SetCertificateErrorReporterForTesting(
226 scoped_ptr<CertificateErrorReporter>(reporter));
227 }
228
229 } // namespace CertificateReporting
230
231 } // namespace
232
233 class SSLUITest : public InProcessBrowserTest {
234 public:
235 SSLUITest()
236 : https_server_(net::SpawnedTestServer::TYPE_HTTPS,
237 SSLOptions(SSLOptions::CERT_OK),
238 base::FilePath(kDocRoot)),
239 https_server_expired_(net::SpawnedTestServer::TYPE_HTTPS,
240 SSLOptions(SSLOptions::CERT_EXPIRED),
241 base::FilePath(kDocRoot)),
242 https_server_mismatched_(net::SpawnedTestServer::TYPE_HTTPS,
243 SSLOptions(SSLOptions::CERT_MISMATCHED_NAME),
244 base::FilePath(kDocRoot)),
245 wss_server_expired_(net::SpawnedTestServer::TYPE_WSS,
246 SSLOptions(SSLOptions::CERT_EXPIRED),
247 net::GetWebSocketTestDataDirectory()) {}
248
249 void SetUpOnMainThread() override {
250 // Set up the mock reporter to track the hostnames that reports get
251 // sent for. The request_context argument is NULL here
252 // because the MockReporter doesn't actually use a
253 // request_context. (In order to pass a real request_context, the
254 // reporter would have to be constructed on the IO thread.)
255 reporter_ = new CertificateReporting::MockReporter(
256 NULL, GURL("http://example.test"),
257 CertificateReporting::MockReporter::DO_NOT_SEND_COOKIES);
258 scoped_refptr<SafeBrowsingService> safe_browsing_service =
259 g_browser_process->safe_browsing_service();
260 ASSERT_TRUE(safe_browsing_service);
261 content::BrowserThread::PostTask(
262 content::BrowserThread::IO, FROM_HERE,
263 base::Bind(CertificateReporting::SetUpMockReporter,
264 safe_browsing_service, reporter_));
265 }
266
267 void SetUpCommandLine(base::CommandLine* command_line) override {
268 // Browser will both run and display insecure content.
269 command_line->AppendSwitch(switches::kAllowRunningInsecureContent);
270 // Use process-per-site so that navigating to a same-site page in a
271 // new tab will use the same process.
272 command_line->AppendSwitch(switches::kProcessPerSite);
273 }
274
275 void CheckAuthenticatedState(WebContents* tab,
276 int expected_authentication_state) {
277 CheckSecurityState(tab,
278 CertError::NONE,
279 content::SECURITY_STYLE_AUTHENTICATED,
280 expected_authentication_state);
281 }
282
283 void CheckUnauthenticatedState(WebContents* tab,
284 int expected_authentication_state) {
285 CheckSecurityState(tab,
286 CertError::NONE,
287 content::SECURITY_STYLE_UNAUTHENTICATED,
288 expected_authentication_state);
289 }
290
291 void CheckAuthenticationBrokenState(WebContents* tab,
292 net::CertStatus error,
293 int expected_authentication_state) {
294 CheckSecurityState(tab,
295 error,
296 content::SECURITY_STYLE_AUTHENTICATION_BROKEN,
297 expected_authentication_state);
298 // CERT_STATUS_UNABLE_TO_CHECK_REVOCATION doesn't lower the security style
299 // to SECURITY_STYLE_AUTHENTICATION_BROKEN.
300 ASSERT_NE(net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION, error);
301 }
302
303 void CheckWorkerLoadResult(WebContents* tab, bool expected_load) {
304 // Workers are async and we don't have notifications for them passing
305 // messages since they do it between renderer and worker processes.
306 // So have a polling loop, check every 200ms, timeout at 30s.
307 const int kTimeoutMS = 200;
308 base::Time time_to_quit = base::Time::Now() +
309 base::TimeDelta::FromMilliseconds(30000);
310
311 while (base::Time::Now() < time_to_quit) {
312 bool worker_finished = false;
313 ASSERT_TRUE(content::ExecuteScriptAndExtractBool(
314 tab,
315 "window.domAutomationController.send(IsWorkerFinished());",
316 &worker_finished));
317
318 if (worker_finished)
319 break;
320
321 // Wait a bit.
322 base::MessageLoop::current()->PostDelayedTask(
323 FROM_HERE,
324 base::MessageLoop::QuitClosure(),
325 base::TimeDelta::FromMilliseconds(kTimeoutMS));
326 content::RunMessageLoop();
327 }
328
329 bool actually_loaded_content = false;
330 ASSERT_TRUE(content::ExecuteScriptAndExtractBool(
331 tab,
332 "window.domAutomationController.send(IsContentLoaded());",
333 &actually_loaded_content));
334 EXPECT_EQ(expected_load, actually_loaded_content);
335 }
336
337 void ProceedThroughInterstitial(WebContents* tab) {
338 InterstitialPage* interstitial_page = tab->GetInterstitialPage();
339 ASSERT_TRUE(interstitial_page);
340 ASSERT_EQ(SSLBlockingPage::kTypeForTesting,
341 interstitial_page->GetDelegateForTesting()->GetTypeForTesting());
342 content::WindowedNotificationObserver observer(
343 content::NOTIFICATION_LOAD_STOP,
344 content::Source<NavigationController>(&tab->GetController()));
345 interstitial_page->Proceed();
346 observer.Wait();
347 }
348
349 bool IsShowingWebContentsModalDialog() const {
350 return WebContentsModalDialogManager::FromWebContents(
351 browser()->tab_strip_model()->GetActiveWebContents())->
352 IsDialogActive();
353 }
354
355 static bool GetFilePathWithHostAndPortReplacement(
356 const std::string& original_file_path,
357 const net::HostPortPair& host_port_pair,
358 std::string* replacement_path) {
359 std::vector<net::SpawnedTestServer::StringPair> replacement_text;
360 replacement_text.push_back(
361 make_pair("REPLACE_WITH_HOST_AND_PORT", host_port_pair.ToString()));
362 return net::SpawnedTestServer::GetFilePathWithReplacements(
363 original_file_path, replacement_text, replacement_path);
364 }
365
366 static bool GetTopFramePath(const net::SpawnedTestServer& http_server,
367 const net::SpawnedTestServer& good_https_server,
368 const net::SpawnedTestServer& bad_https_server,
369 std::string* top_frame_path) {
370 // The "frame_left.html" page contained in the top_frame.html page contains
371 // <a href>'s to three different servers. This sets up all of the
372 // replacement text to work with test servers which listen on ephemeral
373 // ports.
374 GURL http_url = http_server.GetURL("files/ssl/google.html");
375 GURL good_https_url = good_https_server.GetURL("files/ssl/google.html");
376 GURL bad_https_url = bad_https_server.GetURL(
377 "files/ssl/bad_iframe.html");
378
379 std::vector<net::SpawnedTestServer::StringPair> replacement_text_frame_left;
380 replacement_text_frame_left.push_back(
381 make_pair("REPLACE_WITH_HTTP_PAGE", http_url.spec()));
382 replacement_text_frame_left.push_back(
383 make_pair("REPLACE_WITH_GOOD_HTTPS_PAGE", good_https_url.spec()));
384 replacement_text_frame_left.push_back(
385 make_pair("REPLACE_WITH_BAD_HTTPS_PAGE", bad_https_url.spec()));
386 std::string frame_left_path;
387 if (!net::SpawnedTestServer::GetFilePathWithReplacements(
388 "frame_left.html",
389 replacement_text_frame_left,
390 &frame_left_path))
391 return false;
392
393 // Substitute the generated frame_left URL into the top_frame page.
394 std::vector<net::SpawnedTestServer::StringPair> replacement_text_top_frame;
395 replacement_text_top_frame.push_back(
396 make_pair("REPLACE_WITH_FRAME_LEFT_PATH", frame_left_path));
397 return net::SpawnedTestServer::GetFilePathWithReplacements(
398 "files/ssl/top_frame.html",
399 replacement_text_top_frame,
400 top_frame_path);
401 }
402
403 static bool GetPageWithUnsafeWorkerPath(
404 const net::SpawnedTestServer& expired_https_server,
405 std::string* page_with_unsafe_worker_path) {
406 // Get the "imported.js" URL from the expired https server and
407 // substitute it into the unsafe_worker.js file.
408 GURL imported_js_url = expired_https_server.GetURL("files/ssl/imported.js");
409 std::vector<net::SpawnedTestServer::StringPair>
410 replacement_text_for_unsafe_worker;
411 replacement_text_for_unsafe_worker.push_back(
412 make_pair("REPLACE_WITH_IMPORTED_JS_URL", imported_js_url.spec()));
413 std::string unsafe_worker_path;
414 if (!net::SpawnedTestServer::GetFilePathWithReplacements(
415 "unsafe_worker.js",
416 replacement_text_for_unsafe_worker,
417 &unsafe_worker_path))
418 return false;
419
420 // Now, substitute this into the page with unsafe worker.
421 std::vector<net::SpawnedTestServer::StringPair>
422 replacement_text_for_page_with_unsafe_worker;
423 replacement_text_for_page_with_unsafe_worker.push_back(
424 make_pair("REPLACE_WITH_UNSAFE_WORKER_PATH", unsafe_worker_path));
425 return net::SpawnedTestServer::GetFilePathWithReplacements(
426 "files/ssl/page_with_unsafe_worker.html",
427 replacement_text_for_page_with_unsafe_worker,
428 page_with_unsafe_worker_path);
429 }
430
431 // Helper function for testing invalid certificate chain reporting.
432 void TestBrokenHTTPSReporting(
433 CertificateReporting::OptIn opt_in,
434 CertificateReporting::Proceed proceed,
435 CertificateReporting::ExpectReport expect_report,
436 Browser* browser) {
437 ASSERT_TRUE(https_server_expired_.Start());
438
439 // Opt in to sending reports for invalid certificate chains.
440 browser->profile()->GetPrefs()->SetBoolean(
441 prefs::kSafeBrowsingExtendedReportingEnabled,
442 opt_in == CertificateReporting::EXTENDED_REPORTING_OPT_IN);
443
444 ui_test_utils::NavigateToURL(browser, https_server_expired_.GetURL("/"));
445
446 WebContents* tab = browser->tab_strip_model()->GetActiveWebContents();
447 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID,
448 AuthState::SHOWING_INTERSTITIAL);
449
450 // Set up a callback so that the test is notified when the report
451 // has been sent on the IO thread (or not sent).
452 base::RunLoop report_run_loop;
453 base::Closure report_callback = report_run_loop.QuitClosure();
454 SSLBlockingPage* interstitial_page = static_cast<SSLBlockingPage*>(
455 tab->GetInterstitialPage()->GetDelegateForTesting());
456 interstitial_page->SetCertificateReportCallbackForTesting(report_callback);
457
458 EXPECT_EQ(std::string(), reporter_->latest_hostname_reported());
459
460 // Leave the interstitial (either by proceeding or going back)
461 if (proceed == CertificateReporting::SSL_INTERSTITIAL_PROCEED) {
462 ProceedThroughInterstitial(tab);
463 } else {
464 // Click "Take me back"
465 InterstitialPage* interstitial_page = tab->GetInterstitialPage();
466 ASSERT_TRUE(interstitial_page);
467 interstitial_page->DontProceed();
468 }
469
470 // Wait until the report has been sent on the IO thread.
471 report_run_loop.Run();
472
473 if (expect_report == CertificateReporting::CERT_REPORT_EXPECTED) {
474 // Check that the mock reporter received a request to send a report.
475 EXPECT_EQ(https_server_expired_.GetURL("/").host(),
476 reporter_->latest_hostname_reported());
477 } else {
478 EXPECT_EQ(std::string(), reporter_->latest_hostname_reported());
479 }
480 }
481
482 // Helper function to set the Finch options
483 void SetCertReportingFinchConfig(const std::string& group_name,
484 const std::string& param_value) {
485 base::FieldTrialList::CreateFieldTrial(
486 kHTTPSErrorReporterFinchExperimentName, group_name);
487 if (!param_value.empty()) {
488 std::map<std::string, std::string> params;
489 params[kHTTPSErrorReporterFinchParamName] = param_value;
490 variations::AssociateVariationParams(
491 kHTTPSErrorReporterFinchExperimentName, group_name, params);
492 }
493 }
494
495 // Helper function to set the Finch options in case we have no parameter
496 void SetCertReportingFinchConfig(const std::string& group_name) {
497 SetCertReportingFinchConfig(group_name, std::string());
498 }
499
500 net::SpawnedTestServer https_server_;
501 net::SpawnedTestServer https_server_expired_;
502 net::SpawnedTestServer https_server_mismatched_;
503 net::SpawnedTestServer wss_server_expired_;
504
505 private:
506 typedef net::SpawnedTestServer::SSLOptions SSLOptions;
507 CertificateReporting::MockReporter* reporter_;
508
509 DISALLOW_COPY_AND_ASSIGN(SSLUITest);
510 };
511
512 class SSLUITestBlock : public SSLUITest {
513 public:
514 SSLUITestBlock() : SSLUITest() {}
515
516 // Browser will neither run nor display insecure content.
517 void SetUpCommandLine(base::CommandLine* command_line) override {
518 command_line->AppendSwitch(switches::kNoDisplayingInsecureContent);
519 }
520 };
521
522 class SSLUITestIgnoreCertErrors : public SSLUITest {
523 public:
524 SSLUITestIgnoreCertErrors() : SSLUITest() {}
525
526 void SetUpCommandLine(base::CommandLine* command_line) override {
527 // Browser will ignore certificate errors.
528 command_line->AppendSwitch(switches::kIgnoreCertificateErrors);
529 }
530 };
531
532 class SSLUITestIgnoreLocalhostCertErrors : public SSLUITest {
533 public:
534 SSLUITestIgnoreLocalhostCertErrors() : SSLUITest() {}
535
536 void SetUpCommandLine(base::CommandLine* command_line) override {
537 // Browser will ignore certificate errors on localhost.
538 command_line->AppendSwitch(switches::kAllowInsecureLocalhost);
539 }
540 };
541
542 class SSLUITestWithExtendedReporting : public SSLUITest {
543 public:
544 SSLUITestWithExtendedReporting() : SSLUITest() {}
545 };
546
547 // Visits a regular page over http.
548 IN_PROC_BROWSER_TEST_F(SSLUITest, TestHTTP) {
549 ASSERT_TRUE(test_server()->Start());
550
551 ui_test_utils::NavigateToURL(browser(),
552 test_server()->GetURL("files/ssl/google.html"));
553
554 CheckUnauthenticatedState(
555 browser()->tab_strip_model()->GetActiveWebContents(), AuthState::NONE);
556 }
557
558 // Visits a page over http which includes broken https resources (status should
559 // be OK).
560 // TODO(jcampan): test that bad HTTPS content is blocked (otherwise we'll give
561 // the secure cookies away!).
562 IN_PROC_BROWSER_TEST_F(SSLUITest, TestHTTPWithBrokenHTTPSResource) {
563 ASSERT_TRUE(test_server()->Start());
564 ASSERT_TRUE(https_server_expired_.Start());
565
566 std::string replacement_path;
567 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement(
568 "files/ssl/page_with_unsafe_contents.html",
569 https_server_expired_.host_port_pair(),
570 &replacement_path));
571
572 ui_test_utils::NavigateToURL(
573 browser(), test_server()->GetURL(replacement_path));
574
575 CheckUnauthenticatedState(
576 browser()->tab_strip_model()->GetActiveWebContents(), AuthState::NONE);
577 }
578
579 IN_PROC_BROWSER_TEST_F(SSLUITest, TestBrokenHTTPSWithInsecureContent) {
580 ASSERT_TRUE(test_server()->Start());
581 ASSERT_TRUE(https_server_expired_.Start());
582
583 std::string replacement_path;
584 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement(
585 "files/ssl/page_displays_insecure_content.html",
586 test_server()->host_port_pair(),
587 &replacement_path));
588
589 ui_test_utils::NavigateToURL(browser(),
590 https_server_expired_.GetURL(replacement_path));
591
592 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
593 CheckAuthenticationBrokenState(
594 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
595
596 ProceedThroughInterstitial(tab);
597
598 CheckAuthenticationBrokenState(tab,
599 net::CERT_STATUS_DATE_INVALID,
600 AuthState::DISPLAYED_INSECURE_CONTENT);
601 }
602
603 // http://crbug.com/91745
604 #if defined(OS_CHROMEOS)
605 #define MAYBE_TestOKHTTPS DISABLED_TestOKHTTPS
606 #else
607 #define MAYBE_TestOKHTTPS TestOKHTTPS
608 #endif
609
610 // Visits a page over OK https:
611 IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestOKHTTPS) {
612 ASSERT_TRUE(https_server_.Start());
613
614 ui_test_utils::NavigateToURL(browser(),
615 https_server_.GetURL("files/ssl/google.html"));
616
617 CheckAuthenticatedState(browser()->tab_strip_model()->GetActiveWebContents(),
618 AuthState::NONE);
619 }
620
621 // Visits a page with https error and proceed:
622 #if defined(OS_LINUX)
623 // flaky http://crbug.com/396462
624 #define MAYBE_TestHTTPSExpiredCertAndProceed \
625 DISABLED_TestHTTPSExpiredCertAndProceed
626 #else
627 #define MAYBE_TestHTTPSExpiredCertAndProceed TestHTTPSExpiredCertAndProceed
628 #endif
629 IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestHTTPSExpiredCertAndProceed) {
630 ASSERT_TRUE(https_server_expired_.Start());
631
632 ui_test_utils::NavigateToURL(browser(),
633 https_server_expired_.GetURL("files/ssl/google.html"));
634
635 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
636 CheckAuthenticationBrokenState(
637 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
638
639 ProceedThroughInterstitial(tab);
640
641 CheckAuthenticationBrokenState(
642 tab, net::CERT_STATUS_DATE_INVALID, AuthState::NONE);
643 }
644
645 #ifndef NEDBUG
646 // Flaky on Windows debug (http://crbug.com/280537).
647 #define MAYBE_TestHTTPSExpiredCertAndDontProceed \
648 DISABLED_TestHTTPSExpiredCertAndDontProceed
649 #else
650 #define MAYBE_TestHTTPSExpiredCertAndDontProceed \
651 TestHTTPSExpiredCertAndDontProceed
652 #endif
653
654 // Visits a page with https error and don't proceed (and ensure we can still
655 // navigate at that point):
656 IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestHTTPSExpiredCertAndDontProceed) {
657 ASSERT_TRUE(test_server()->Start());
658 ASSERT_TRUE(https_server_.Start());
659 ASSERT_TRUE(https_server_expired_.Start());
660
661 // First navigate to an OK page.
662 ui_test_utils::NavigateToURL(browser(),
663 https_server_.GetURL("files/ssl/google.html"));
664
665 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
666 NavigationEntry* entry = tab->GetController().GetActiveEntry();
667 ASSERT_TRUE(entry);
668
669 GURL cross_site_url =
670 https_server_expired_.GetURL("files/ssl/google.html");
671 // Change the host name from 127.0.0.1 to localhost so it triggers a
672 // cross-site navigation so we can test http://crbug.com/5800 is gone.
673 ASSERT_EQ("127.0.0.1", cross_site_url.host());
674 GURL::Replacements replacements;
675 replacements.SetHostStr("localhost");
676 cross_site_url = cross_site_url.ReplaceComponents(replacements);
677
678 // Now go to a bad HTTPS page.
679 ui_test_utils::NavigateToURL(browser(), cross_site_url);
680
681 // An interstitial should be showing.
682 CheckAuthenticationBrokenState(tab,
683 net::CERT_STATUS_COMMON_NAME_INVALID,
684 AuthState::SHOWING_INTERSTITIAL);
685
686 // Simulate user clicking "Take me back".
687 InterstitialPage* interstitial_page = tab->GetInterstitialPage();
688 ASSERT_TRUE(interstitial_page);
689 ASSERT_EQ(SSLBlockingPage::kTypeForTesting,
690 interstitial_page->GetDelegateForTesting()->GetTypeForTesting());
691 interstitial_page->DontProceed();
692
693 // We should be back to the original good page.
694 CheckAuthenticatedState(tab, AuthState::NONE);
695
696 // Try to navigate to a new page. (to make sure bug 5800 is fixed).
697 ui_test_utils::NavigateToURL(browser(),
698 test_server()->GetURL("files/ssl/google.html"));
699 CheckUnauthenticatedState(tab, AuthState::NONE);
700 }
701
702 // Test that localhost pages don't show an interstitial.
703 IN_PROC_BROWSER_TEST_F(SSLUITestIgnoreLocalhostCertErrors,
704 TestNoInterstitialOnLocalhost) {
705 ASSERT_TRUE(https_server_.Start());
706
707 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
708
709 // Navigate to a localhost page.
710 GURL url = https_server_.GetURL("files/ssl/page_with_subresource.html");
711 GURL::Replacements replacements;
712 std::string new_host("localhost");
713 replacements.SetHostStr(new_host);
714 url = url.ReplaceComponents(replacements);
715
716 ui_test_utils::NavigateToURL(browser(), url);
717
718 // We should see no interstitial, but we should have an error
719 // (red-crossed-out-https) in the URL bar.
720 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_COMMON_NAME_INVALID,
721 AuthState::NONE);
722
723 // We should see that the script tag in the page loaded and ran (and
724 // wasn't blocked by the certificate error).
725 base::string16 title;
726 base::string16 expected_title = base::ASCIIToUTF16("This script has loaded");
727 ui_test_utils::GetCurrentTabTitle(browser(), &title);
728 EXPECT_EQ(title, expected_title);
729 }
730
731 // Visits a page with https error and then goes back using Browser::GoBack.
732 IN_PROC_BROWSER_TEST_F(SSLUITest,
733 TestHTTPSExpiredCertAndGoBackViaButton) {
734 ASSERT_TRUE(test_server()->Start());
735 ASSERT_TRUE(https_server_expired_.Start());
736
737 // First navigate to an HTTP page.
738 ui_test_utils::NavigateToURL(browser(),
739 test_server()->GetURL("files/ssl/google.html"));
740 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
741 NavigationEntry* entry = tab->GetController().GetActiveEntry();
742 ASSERT_TRUE(entry);
743
744 // Now go to a bad HTTPS page that shows an interstitial.
745 ui_test_utils::NavigateToURL(browser(),
746 https_server_expired_.GetURL("files/ssl/google.html"));
747 CheckAuthenticationBrokenState(
748 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
749
750 ProvisionalLoadWaiter load_failed_observer(tab);
751
752 // Simulate user clicking on back button (crbug.com/39248).
753 chrome::GoBack(browser(), CURRENT_TAB);
754
755 // Wait until we hear the load failure, and make sure we haven't swapped out
756 // the previous page. Prevents regression of http://crbug.com/82667.
757 // TODO(creis/nick): Move the swapped-out part of this test into content
758 // and remove IsRenderViewHostSwappedOut from the public API.
759 load_failed_observer.Wait();
760 EXPECT_FALSE(content::RenderFrameHostTester::IsRenderFrameHostSwappedOut(
761 tab->GetMainFrame()));
762
763 // We should be back at the original good page.
764 EXPECT_FALSE(browser()->tab_strip_model()->GetActiveWebContents()->
765 GetInterstitialPage());
766 CheckUnauthenticatedState(tab, AuthState::NONE);
767 }
768
769 // Visits a page with https error and then goes back using GoToOffset.
770 // Disabled because its flaky: http://crbug.com/40932, http://crbug.com/43575.
771 IN_PROC_BROWSER_TEST_F(SSLUITest,
772 TestHTTPSExpiredCertAndGoBackViaMenu) {
773 ASSERT_TRUE(test_server()->Start());
774 ASSERT_TRUE(https_server_expired_.Start());
775
776 // First navigate to an HTTP page.
777 ui_test_utils::NavigateToURL(browser(),
778 test_server()->GetURL("files/ssl/google.html"));
779 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
780 NavigationEntry* entry = tab->GetController().GetActiveEntry();
781 ASSERT_TRUE(entry);
782
783 // Now go to a bad HTTPS page that shows an interstitial.
784 ui_test_utils::NavigateToURL(browser(),
785 https_server_expired_.GetURL("files/ssl/google.html"));
786 CheckAuthenticationBrokenState(
787 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
788
789 // Simulate user clicking and holding on back button (crbug.com/37215).
790 tab->GetController().GoToOffset(-1);
791
792 // We should be back at the original good page.
793 EXPECT_FALSE(browser()->tab_strip_model()->GetActiveWebContents()->
794 GetInterstitialPage());
795 CheckUnauthenticatedState(tab, AuthState::NONE);
796 }
797
798 // Visits a page with https error and then goes forward using GoToOffset.
799 IN_PROC_BROWSER_TEST_F(SSLUITest, TestHTTPSExpiredCertAndGoForward) {
800 ASSERT_TRUE(test_server()->Start());
801 ASSERT_TRUE(https_server_expired_.Start());
802
803 // First navigate to two HTTP pages.
804 ui_test_utils::NavigateToURL(browser(),
805 test_server()->GetURL("files/ssl/google.html"));
806 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
807 NavigationEntry* entry1 = tab->GetController().GetActiveEntry();
808 ASSERT_TRUE(entry1);
809 ui_test_utils::NavigateToURL(browser(),
810 test_server()->GetURL("files/ssl/blank_page.html"));
811 NavigationEntry* entry2 = tab->GetController().GetActiveEntry();
812 ASSERT_TRUE(entry2);
813
814 // Now go back so that a page is in the forward history.
815 {
816 content::WindowedNotificationObserver observer(
817 content::NOTIFICATION_LOAD_STOP,
818 content::Source<NavigationController>(&tab->GetController()));
819 tab->GetController().GoBack();
820 observer.Wait();
821 }
822 ASSERT_TRUE(tab->GetController().CanGoForward());
823 NavigationEntry* entry3 = tab->GetController().GetActiveEntry();
824 ASSERT_TRUE(entry1 == entry3);
825
826 // Now go to a bad HTTPS page that shows an interstitial.
827 ui_test_utils::NavigateToURL(browser(),
828 https_server_expired_.GetURL("files/ssl/google.html"));
829 CheckAuthenticationBrokenState(
830 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
831
832 // Simulate user clicking and holding on forward button.
833 {
834 content::WindowedNotificationObserver observer(
835 content::NOTIFICATION_LOAD_STOP,
836 content::Source<NavigationController>(&tab->GetController()));
837 tab->GetController().GoToOffset(1);
838 observer.Wait();
839 }
840
841 // We should be showing the second good page.
842 EXPECT_FALSE(browser()->tab_strip_model()->GetActiveWebContents()->
843 GetInterstitialPage());
844 CheckUnauthenticatedState(tab, AuthState::NONE);
845 EXPECT_FALSE(tab->GetController().CanGoForward());
846 NavigationEntry* entry4 = tab->GetController().GetActiveEntry();
847 EXPECT_TRUE(entry2 == entry4);
848 }
849
850 // Visit a HTTP page which request WSS connection to a server providing invalid
851 // certificate. Close the page while WSS connection waits for SSLManager's
852 // response from UI thread.
853 // Disabled on Windows because it was flaking on XP Tests (1). crbug.com/165258
854 #if defined(OS_WIN)
855 #define MAYBE_TestWSSInvalidCertAndClose DISABLED_TestWSSInvalidCertAndClose
856 #else
857 #define MAYBE_TestWSSInvalidCertAndClose TestWSSInvalidCertAndClose
858 #endif
859 IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestWSSInvalidCertAndClose) {
860 ASSERT_TRUE(test_server()->Start());
861 ASSERT_TRUE(wss_server_expired_.Start());
862
863 // Setup page title observer.
864 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
865 content::TitleWatcher watcher(tab, ASCIIToUTF16("PASS"));
866 watcher.AlsoWaitForTitle(ASCIIToUTF16("FAIL"));
867
868 // Create GURLs to test pages.
869 std::string master_url_path = base::StringPrintf("%s?%d",
870 test_server()->GetURL("files/ssl/wss_close.html").spec().c_str(),
871 wss_server_expired_.host_port_pair().port());
872 GURL master_url(master_url_path);
873 std::string slave_url_path = base::StringPrintf("%s?%d",
874 test_server()->GetURL("files/ssl/wss_close_slave.html").spec().c_str(),
875 wss_server_expired_.host_port_pair().port());
876 GURL slave_url(slave_url_path);
877
878 // Create tabs and visit pages which keep on creating wss connections.
879 WebContents* tabs[16];
880 for (int i = 0; i < 16; ++i) {
881 tabs[i] = chrome::AddSelectedTabWithURL(browser(), slave_url,
882 ui::PAGE_TRANSITION_LINK);
883 }
884 chrome::SelectNextTab(browser());
885
886 // Visit a page which waits for one TLS handshake failure.
887 // The title will be changed to 'PASS'.
888 ui_test_utils::NavigateToURL(browser(), master_url);
889 const base::string16 result = watcher.WaitAndGetTitle();
890 EXPECT_TRUE(LowerCaseEqualsASCII(result, "pass"));
891
892 // Close tabs which contains the test page.
893 for (int i = 0; i < 16; ++i)
894 chrome::CloseWebContents(browser(), tabs[i], false);
895 chrome::CloseWebContents(browser(), tab, false);
896 }
897
898 // Visit a HTTPS page and proceeds despite an invalid certificate. The page
899 // requests WSS connection to the same origin host to check if WSS connection
900 // share certificates policy with HTTPS correcly.
901 IN_PROC_BROWSER_TEST_F(SSLUITest, TestWSSInvalidCertAndGoForward) {
902 ASSERT_TRUE(test_server()->Start());
903 ASSERT_TRUE(wss_server_expired_.Start());
904
905 // Setup page title observer.
906 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
907 content::TitleWatcher watcher(tab, ASCIIToUTF16("PASS"));
908 watcher.AlsoWaitForTitle(ASCIIToUTF16("FAIL"));
909
910 // Visit bad HTTPS page.
911 GURL::Replacements replacements;
912 replacements.SetSchemeStr("https");
913 ui_test_utils::NavigateToURL(
914 browser(),
915 wss_server_expired_.GetURL(
916 "connect_check.html").ReplaceComponents(replacements));
917 CheckAuthenticationBrokenState(
918 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
919
920 // Proceed anyway.
921 ProceedThroughInterstitial(tab);
922
923 // Test page run a WebSocket wss connection test. The result will be shown
924 // as page title.
925 const base::string16 result = watcher.WaitAndGetTitle();
926 EXPECT_TRUE(LowerCaseEqualsASCII(result, "pass"));
927 }
928
929 #if defined(USE_NSS)
930 class SSLUITestWithClientCert : public SSLUITest {
931 public:
932 SSLUITestWithClientCert() : cert_db_(NULL) {}
933
934 void SetUpOnMainThread() override {
935 SSLUITest::SetUpOnMainThread();
936
937 base::RunLoop loop;
938 GetNSSCertDatabaseForProfile(
939 browser()->profile(),
940 base::Bind(&SSLUITestWithClientCert::DidGetCertDatabase,
941 base::Unretained(this),
942 &loop));
943 loop.Run();
944 }
945
946 protected:
947 void DidGetCertDatabase(base::RunLoop* loop, net::NSSCertDatabase* cert_db) {
948 cert_db_ = cert_db;
949 loop->Quit();
950 }
951
952 net::NSSCertDatabase* cert_db_;
953 };
954
955 // SSL client certificate tests are only enabled when using NSS for private key
956 // storage, as only NSS can avoid modifying global machine state when testing.
957 // See http://crbug.com/51132
958
959 // Visit a HTTPS page which requires client cert authentication. The client
960 // cert will be selected automatically, then a test which uses WebSocket runs.
961 IN_PROC_BROWSER_TEST_F(SSLUITestWithClientCert, TestWSSClientCert) {
962 // Import a client cert for test.
963 scoped_refptr<net::CryptoModule> crypt_module = cert_db_->GetPublicModule();
964 std::string pkcs12_data;
965 base::FilePath cert_path = net::GetTestCertsDirectory().Append(
966 FILE_PATH_LITERAL("websocket_client_cert.p12"));
967 EXPECT_TRUE(base::ReadFileToString(cert_path, &pkcs12_data));
968 EXPECT_EQ(net::OK,
969 cert_db_->ImportFromPKCS12(
970 crypt_module.get(), pkcs12_data, base::string16(), true, NULL));
971
972 // Start WebSocket test server with TLS and client cert authentication.
973 net::SpawnedTestServer::SSLOptions options(
974 net::SpawnedTestServer::SSLOptions::CERT_OK);
975 options.request_client_certificate = true;
976 base::FilePath ca_path = net::GetTestCertsDirectory().Append(
977 FILE_PATH_LITERAL("websocket_cacert.pem"));
978 options.client_authorities.push_back(ca_path);
979 net::SpawnedTestServer wss_server(net::SpawnedTestServer::TYPE_WSS,
980 options,
981 net::GetWebSocketTestDataDirectory());
982 ASSERT_TRUE(wss_server.Start());
983 GURL::Replacements replacements;
984 replacements.SetSchemeStr("https");
985 GURL url = wss_server.GetURL("connect_check.html").ReplaceComponents(
986 replacements);
987
988 // Setup page title observer.
989 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
990 content::TitleWatcher watcher(tab, ASCIIToUTF16("PASS"));
991 watcher.AlsoWaitForTitle(ASCIIToUTF16("FAIL"));
992
993 // Add an entry into AutoSelectCertificateForUrls policy for automatic client
994 // cert selection.
995 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext());
996 DCHECK(profile);
997 scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
998 dict->SetString("ISSUER.CN", "pywebsocket");
999 profile->GetHostContentSettingsMap()->SetWebsiteSetting(
1000 ContentSettingsPattern::FromURL(url),
1001 ContentSettingsPattern::FromURL(url),
1002 CONTENT_SETTINGS_TYPE_AUTO_SELECT_CERTIFICATE,
1003 std::string(),
1004 dict.release());
1005
1006 // Visit a HTTPS page which requires client certs.
1007 ui_test_utils::NavigateToURL(browser(), url);
1008 CheckAuthenticatedState(tab, AuthState::NONE);
1009
1010 // Test page runs a WebSocket wss connection test. The result will be shown
1011 // as page title.
1012 const base::string16 result = watcher.WaitAndGetTitle();
1013 EXPECT_TRUE(LowerCaseEqualsASCII(result, "pass"));
1014 }
1015 #endif // defined(USE_NSS)
1016
1017 // Flaky on CrOS http://crbug.com/92292
1018 #if defined(OS_CHROMEOS)
1019 #define MAYBE_TestHTTPSErrorWithNoNavEntry \
1020 DISABLED_TestHTTPSErrorWithNoNavEntry
1021 #else
1022 #define MAYBE_TestHTTPSErrorWithNoNavEntry TestHTTPSErrorWithNoNavEntry
1023 #endif // defined(OS_CHROMEOS)
1024
1025 // Open a page with a HTTPS error in a tab with no prior navigation (through a
1026 // link with a blank target). This is to test that the lack of navigation entry
1027 // does not cause any problems (it was causing a crasher, see
1028 // http://crbug.com/19941).
1029 IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestHTTPSErrorWithNoNavEntry) {
1030 ASSERT_TRUE(https_server_expired_.Start());
1031
1032 GURL url = https_server_expired_.GetURL("files/ssl/google.htm");
1033 WebContents* tab2 = chrome::AddSelectedTabWithURL(
1034 browser(), url, ui::PAGE_TRANSITION_TYPED);
1035 content::WaitForLoadStop(tab2);
1036
1037 // Verify our assumption that there was no prior navigation.
1038 EXPECT_FALSE(chrome::CanGoBack(browser()));
1039
1040 // We should have an interstitial page showing.
1041 ASSERT_TRUE(tab2->GetInterstitialPage());
1042 ASSERT_EQ(SSLBlockingPage::kTypeForTesting, tab2->GetInterstitialPage()
1043 ->GetDelegateForTesting()
1044 ->GetTypeForTesting());
1045 }
1046
1047 IN_PROC_BROWSER_TEST_F(SSLUITest, TestBadHTTPSDownload) {
1048 ASSERT_TRUE(test_server()->Start());
1049 ASSERT_TRUE(https_server_expired_.Start());
1050 GURL url_non_dangerous = test_server()->GetURL(std::string());
1051 GURL url_dangerous =
1052 https_server_expired_.GetURL("files/downloads/dangerous/dangerous.exe");
1053 base::ScopedTempDir downloads_directory_;
1054
1055 // Need empty temp dir to avoid having Chrome ask us for a new filename
1056 // when we've downloaded dangerous.exe one hundred times.
1057 ASSERT_TRUE(downloads_directory_.CreateUniqueTempDir());
1058
1059 browser()->profile()->GetPrefs()->SetFilePath(
1060 prefs::kDownloadDefaultDirectory,
1061 downloads_directory_.path());
1062
1063 // Visit a non-dangerous page.
1064 ui_test_utils::NavigateToURL(browser(), url_non_dangerous);
1065
1066 // Now, start a transition to dangerous download.
1067 {
1068 content::WindowedNotificationObserver observer(
1069 content::NOTIFICATION_LOAD_STOP,
1070 content::NotificationService::AllSources());
1071 chrome::NavigateParams navigate_params(browser(), url_dangerous,
1072 ui::PAGE_TRANSITION_TYPED);
1073 chrome::Navigate(&navigate_params);
1074 observer.Wait();
1075 }
1076
1077 // To exit the browser cleanly (and this test) we need to complete the
1078 // download after completing this test.
1079 content::DownloadTestObserverTerminal dangerous_download_observer(
1080 content::BrowserContext::GetDownloadManager(browser()->profile()),
1081 1,
1082 content::DownloadTestObserver::ON_DANGEROUS_DOWNLOAD_ACCEPT);
1083
1084 // Proceed through the SSL interstitial. This doesn't use
1085 // |ProceedThroughInterstitial| since no page load will commit.
1086 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
1087 ASSERT_TRUE(tab != NULL);
1088 ASSERT_TRUE(tab->GetInterstitialPage() != NULL);
1089 ASSERT_EQ(
1090 SSLBlockingPage::kTypeForTesting,
1091 tab->GetInterstitialPage()->GetDelegateForTesting()->GetTypeForTesting());
1092 {
1093 content::WindowedNotificationObserver observer(
1094 chrome::NOTIFICATION_DOWNLOAD_INITIATED,
1095 content::NotificationService::AllSources());
1096 tab->GetInterstitialPage()->Proceed();
1097 observer.Wait();
1098 }
1099
1100 // There should still be an interstitial at this point. Press the
1101 // back button on the browser. Note that this doesn't wait for a
1102 // NAV_ENTRY_COMMITTED notification because going back with an
1103 // active interstitial simply hides the interstitial.
1104 ASSERT_TRUE(tab->GetInterstitialPage() != NULL);
1105 ASSERT_EQ(
1106 SSLBlockingPage::kTypeForTesting,
1107 tab->GetInterstitialPage()->GetDelegateForTesting()->GetTypeForTesting());
1108 EXPECT_TRUE(chrome::CanGoBack(browser()));
1109 chrome::GoBack(browser(), CURRENT_TAB);
1110
1111 dangerous_download_observer.WaitForFinished();
1112 }
1113
1114 //
1115 // Insecure content
1116 //
1117
1118 #if defined(OS_WIN)
1119 // http://crbug.com/152940 Flaky on win.
1120 #define MAYBE_TestDisplaysInsecureContent DISABLED_TestDisplaysInsecureContent
1121 #else
1122 #define MAYBE_TestDisplaysInsecureContent TestDisplaysInsecureContent
1123 #endif
1124
1125 // Visits a page that displays insecure content.
1126 IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestDisplaysInsecureContent) {
1127 ASSERT_TRUE(test_server()->Start());
1128 ASSERT_TRUE(https_server_.Start());
1129
1130 std::string replacement_path;
1131 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement(
1132 "files/ssl/page_displays_insecure_content.html",
1133 test_server()->host_port_pair(),
1134 &replacement_path));
1135
1136 // Load a page that displays insecure content.
1137 ui_test_utils::NavigateToURL(browser(),
1138 https_server_.GetURL(replacement_path));
1139
1140 CheckAuthenticatedState(browser()->tab_strip_model()->GetActiveWebContents(),
1141 AuthState::DISPLAYED_INSECURE_CONTENT);
1142 }
1143
1144 // User proceeds, checkbox is shown and checked, Finch parameter is set
1145 // -> we expect a report.
1146 IN_PROC_BROWSER_TEST_F(
1147 SSLUITestWithExtendedReporting,
1148 TestBrokenHTTPSProceedWithShowYesCheckYesParamYesReportYes) {
1149 SetCertReportingFinchConfig(kHTTPSErrorReporterFinchGroupShowPossiblySend,
1150 "1.0");
1151 TestBrokenHTTPSReporting(CertificateReporting::EXTENDED_REPORTING_OPT_IN,
1152 CertificateReporting::SSL_INTERSTITIAL_PROCEED,
1153 CertificateReporting::CERT_REPORT_EXPECTED,
1154 browser());
1155 }
1156
1157 // User goes back, checkbox is shown and checked, Finch parameter is set
1158 // -> we expect a report.
1159 IN_PROC_BROWSER_TEST_F(
1160 SSLUITestWithExtendedReporting,
1161 TestBrokenHTTPSGoBackWithShowYesCheckYesParamYesReportYes) {
1162 SetCertReportingFinchConfig(kHTTPSErrorReporterFinchGroupShowPossiblySend,
1163 "1.0");
1164 TestBrokenHTTPSReporting(
1165 CertificateReporting::EXTENDED_REPORTING_OPT_IN,
1166 CertificateReporting::SSL_INTERSTITIAL_DO_NOT_PROCEED,
1167 CertificateReporting::CERT_REPORT_EXPECTED, browser());
1168 }
1169
1170 // User proceeds, checkbox is shown but unchecked, Finch parameter is set
1171 // -> we expect no report.
1172 IN_PROC_BROWSER_TEST_F(
1173 SSLUITestWithExtendedReporting,
1174 TestBrokenHTTPSProceedWithShowYesCheckNoParamYesReportNo) {
1175 SetCertReportingFinchConfig(kHTTPSErrorReporterFinchGroupShowPossiblySend,
1176 "1.0");
1177 TestBrokenHTTPSReporting(
1178 CertificateReporting::EXTENDED_REPORTING_DO_NOT_OPT_IN,
1179 CertificateReporting::SSL_INTERSTITIAL_PROCEED,
1180 CertificateReporting::CERT_REPORT_NOT_EXPECTED, browser());
1181 }
1182
1183 // User goes back, checkbox is shown but unchecked, Finch parameter is set
1184 // -> we expect no report.
1185 IN_PROC_BROWSER_TEST_F(SSLUITestWithExtendedReporting,
1186 TestBrokenHTTPSGoBackShowYesCheckNoParamYesReportNo) {
1187 SetCertReportingFinchConfig(kHTTPSErrorReporterFinchGroupShowPossiblySend,
1188 "1.0");
1189 TestBrokenHTTPSReporting(
1190 CertificateReporting::EXTENDED_REPORTING_DO_NOT_OPT_IN,
1191 CertificateReporting::SSL_INTERSTITIAL_DO_NOT_PROCEED,
1192 CertificateReporting::CERT_REPORT_NOT_EXPECTED, browser());
1193 }
1194
1195 // User proceeds, checkbox is shown and checked, Finch parameter is not
1196 // set -> we expect no report.
1197 IN_PROC_BROWSER_TEST_F(SSLUITestWithExtendedReporting,
1198 TestBrokenHTTPSProceedShowYesCheckYesParamNoReportNo) {
1199 SetCertReportingFinchConfig(kHTTPSErrorReporterFinchGroupShowPossiblySend,
1200 "-1.0");
1201 TestBrokenHTTPSReporting(CertificateReporting::EXTENDED_REPORTING_OPT_IN,
1202 CertificateReporting::SSL_INTERSTITIAL_PROCEED,
1203 CertificateReporting::CERT_REPORT_NOT_EXPECTED,
1204 browser());
1205 }
1206
1207 // User goes back, checkbox is shown and checked, Finch parameter is not set
1208 // -> we expect no report.
1209 IN_PROC_BROWSER_TEST_F(SSLUITestWithExtendedReporting,
1210 TestBrokenHTTPSGoBackShowYesCheckYesParamNoReportNo) {
1211 SetCertReportingFinchConfig(kHTTPSErrorReporterFinchGroupShowPossiblySend,
1212 "-1.0");
1213 TestBrokenHTTPSReporting(
1214 CertificateReporting::EXTENDED_REPORTING_OPT_IN,
1215 CertificateReporting::SSL_INTERSTITIAL_DO_NOT_PROCEED,
1216 CertificateReporting::CERT_REPORT_NOT_EXPECTED, browser());
1217 }
1218
1219 // User proceeds, checkbox is not shown but checked -> we expect no report
1220 IN_PROC_BROWSER_TEST_F(SSLUITestWithExtendedReporting,
1221 TestBrokenHTTPSProceedShowNoCheckYesReportNo) {
1222 SetCertReportingFinchConfig(kHTTPSErrorReporterFinchGroupDontShowDontSend);
1223 TestBrokenHTTPSReporting(CertificateReporting::EXTENDED_REPORTING_OPT_IN,
1224 CertificateReporting::SSL_INTERSTITIAL_PROCEED,
1225 CertificateReporting::CERT_REPORT_NOT_EXPECTED,
1226 browser());
1227 }
1228
1229 // Browser is incognito, user proceeds, checkbox is shown and checked, Finch
1230 // parameter is set -> we expect no report
1231 IN_PROC_BROWSER_TEST_F(SSLUITestWithExtendedReporting,
1232 TestBrokenHTTPSInIncognitoReportNo) {
1233 SetCertReportingFinchConfig(kHTTPSErrorReporterFinchGroupShowPossiblySend,
1234 "1.0");
1235 TestBrokenHTTPSReporting(CertificateReporting::EXTENDED_REPORTING_OPT_IN,
1236 CertificateReporting::SSL_INTERSTITIAL_PROCEED,
1237 CertificateReporting::CERT_REPORT_NOT_EXPECTED,
1238 CreateIncognitoBrowser());
1239 }
1240
1241 // User proceeds, checkbox is shown and checked, Finch parameter is invalid
1242 // -> we expect no report.
1243 IN_PROC_BROWSER_TEST_F(
1244 SSLUITestWithExtendedReporting,
1245 TestBrokenHTTPSProceedWithShowYesCheckYesParamInvalidReportNo) {
1246 SetCertReportingFinchConfig(kHTTPSErrorReporterFinchGroupShowPossiblySend,
1247 "abcdef");
1248 TestBrokenHTTPSReporting(CertificateReporting::EXTENDED_REPORTING_OPT_IN,
1249 CertificateReporting::SSL_INTERSTITIAL_PROCEED,
1250 CertificateReporting::CERT_REPORT_NOT_EXPECTED,
1251 browser());
1252 }
1253
1254 // Visits a page that runs insecure content and tries to suppress the insecure
1255 // content warnings by randomizing location.hash.
1256 // Based on http://crbug.com/8706
1257 IN_PROC_BROWSER_TEST_F(SSLUITest,
1258 TestRunsInsecuredContentRandomizeHash) {
1259 ASSERT_TRUE(test_server()->Start());
1260 ASSERT_TRUE(https_server_.Start());
1261
1262 ui_test_utils::NavigateToURL(browser(), https_server_.GetURL(
1263 "files/ssl/page_runs_insecure_content.html"));
1264
1265 CheckAuthenticationBrokenState(
1266 browser()->tab_strip_model()->GetActiveWebContents(),
1267 CertError::NONE,
1268 AuthState::DISPLAYED_INSECURE_CONTENT | AuthState::RAN_INSECURE_CONTENT);
1269 }
1270
1271 // Visits a page with unsafe content and make sure that:
1272 // - frames content is replaced with warning
1273 // - images and scripts are filtered out entirely
1274 IN_PROC_BROWSER_TEST_F(SSLUITest, TestUnsafeContents) {
1275 ASSERT_TRUE(https_server_.Start());
1276 ASSERT_TRUE(https_server_expired_.Start());
1277
1278 std::string replacement_path;
1279 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement(
1280 "files/ssl/page_with_unsafe_contents.html",
1281 https_server_expired_.host_port_pair(),
1282 &replacement_path));
1283 ui_test_utils::NavigateToURL(browser(),
1284 https_server_.GetURL(replacement_path));
1285
1286 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
1287 // When the bad content is filtered, the state is expected to be
1288 // authenticated.
1289 CheckAuthenticatedState(tab, AuthState::NONE);
1290
1291 // Because of cross-frame scripting restrictions, we cannot access the iframe
1292 // content. So to know if the frame was loaded, we just check if a popup was
1293 // opened (the iframe content opens one).
1294 // Note: because of bug 1115868, no web contents modal dialog is opened right
1295 // now. Once the bug is fixed, this will do the real check.
1296 EXPECT_FALSE(IsShowingWebContentsModalDialog());
1297
1298 int img_width;
1299 EXPECT_TRUE(content::ExecuteScriptAndExtractInt(
1300 tab,
1301 "window.domAutomationController.send(ImageWidth());",
1302 &img_width));
1303 // In order to check that the image was not loaded, we check its width.
1304 // The actual image (Google logo) is 114 pixels wide, we assume the broken
1305 // image is less than 100.
1306 EXPECT_LT(img_width, 100);
1307
1308 bool js_result = false;
1309 EXPECT_TRUE(content::ExecuteScriptAndExtractBool(
1310 tab,
1311 "window.domAutomationController.send(IsFooSet());",
1312 &js_result));
1313 EXPECT_FALSE(js_result);
1314 }
1315
1316 // Visits a page with insecure content loaded by JS (after the initial page
1317 // load).
1318 #if defined(OS_LINUX)
1319 // flaky http://crbug.com/396462
1320 #define MAYBE_TestDisplaysInsecureContentLoadedFromJS \
1321 DISABLED_TestDisplaysInsecureContentLoadedFromJS
1322 #else
1323 #define MAYBE_TestDisplaysInsecureContentLoadedFromJS \
1324 TestDisplaysInsecureContentLoadedFromJS
1325 #endif
1326 IN_PROC_BROWSER_TEST_F(SSLUITest,
1327 MAYBE_TestDisplaysInsecureContentLoadedFromJS) {
1328 ASSERT_TRUE(test_server()->Start());
1329 ASSERT_TRUE(https_server_.Start());
1330
1331 std::string replacement_path;
1332 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement(
1333 "files/ssl/page_with_dynamic_insecure_content.html",
1334 test_server()->host_port_pair(),
1335 &replacement_path));
1336 ui_test_utils::NavigateToURL(browser(), https_server_.GetURL(
1337 replacement_path));
1338
1339 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
1340 CheckAuthenticatedState(tab, AuthState::NONE);
1341
1342 // Load the insecure image.
1343 bool js_result = false;
1344 EXPECT_TRUE(content::ExecuteScriptAndExtractBool(
1345 tab,
1346 "loadBadImage();",
1347 &js_result));
1348 EXPECT_TRUE(js_result);
1349
1350 // We should now have insecure content.
1351 CheckAuthenticatedState(tab, AuthState::DISPLAYED_INSECURE_CONTENT);
1352 }
1353
1354 // Visits two pages from the same origin: one that displays insecure content and
1355 // one that doesn't. The test checks that we do not propagate the insecure
1356 // content state from one to the other.
1357 IN_PROC_BROWSER_TEST_F(SSLUITest, TestDisplaysInsecureContentTwoTabs) {
1358 ASSERT_TRUE(test_server()->Start());
1359 ASSERT_TRUE(https_server_.Start());
1360
1361 ui_test_utils::NavigateToURL(browser(),
1362 https_server_.GetURL("files/ssl/blank_page.html"));
1363
1364 WebContents* tab1 = browser()->tab_strip_model()->GetActiveWebContents();
1365
1366 // This tab should be fine.
1367 CheckAuthenticatedState(tab1, AuthState::NONE);
1368
1369 // Create a new tab.
1370 std::string replacement_path;
1371 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement(
1372 "files/ssl/page_displays_insecure_content.html",
1373 test_server()->host_port_pair(),
1374 &replacement_path));
1375
1376 GURL url = https_server_.GetURL(replacement_path);
1377 chrome::NavigateParams params(browser(), url, ui::PAGE_TRANSITION_TYPED);
1378 params.disposition = NEW_FOREGROUND_TAB;
1379 params.tabstrip_index = 0;
1380 params.source_contents = tab1;
1381 content::WindowedNotificationObserver observer(
1382 content::NOTIFICATION_LOAD_STOP,
1383 content::NotificationService::AllSources());
1384 chrome::Navigate(&params);
1385 WebContents* tab2 = params.target_contents;
1386 observer.Wait();
1387
1388 // The new tab has insecure content.
1389 CheckAuthenticatedState(tab2, AuthState::DISPLAYED_INSECURE_CONTENT);
1390
1391 // The original tab should not be contaminated.
1392 CheckAuthenticatedState(tab1, AuthState::NONE);
1393 }
1394
1395 // Visits two pages from the same origin: one that runs insecure content and one
1396 // that doesn't. The test checks that we propagate the insecure content state
1397 // from one to the other.
1398 IN_PROC_BROWSER_TEST_F(SSLUITest, TestRunsInsecureContentTwoTabs) {
1399 ASSERT_TRUE(test_server()->Start());
1400 ASSERT_TRUE(https_server_.Start());
1401
1402 ui_test_utils::NavigateToURL(browser(),
1403 https_server_.GetURL("files/ssl/blank_page.html"));
1404
1405 WebContents* tab1 = browser()->tab_strip_model()->GetActiveWebContents();
1406
1407 // This tab should be fine.
1408 CheckAuthenticatedState(tab1, AuthState::NONE);
1409
1410 std::string replacement_path;
1411 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement(
1412 "files/ssl/page_runs_insecure_content.html",
1413 test_server()->host_port_pair(),
1414 &replacement_path));
1415
1416 // Create a new tab in the same process. Using a NEW_FOREGROUND_TAB
1417 // disposition won't usually stay in the same process, but this works
1418 // because we are using process-per-site in SetUpCommandLine.
1419 GURL url = https_server_.GetURL(replacement_path);
1420 chrome::NavigateParams params(browser(), url, ui::PAGE_TRANSITION_TYPED);
1421 params.disposition = NEW_FOREGROUND_TAB;
1422 params.source_contents = tab1;
1423 content::WindowedNotificationObserver observer(
1424 content::NOTIFICATION_LOAD_STOP,
1425 content::NotificationService::AllSources());
1426 chrome::Navigate(&params);
1427 WebContents* tab2 = params.target_contents;
1428 observer.Wait();
1429
1430 // Both tabs should have the same process.
1431 EXPECT_EQ(tab1->GetRenderProcessHost(), tab2->GetRenderProcessHost());
1432
1433 // The new tab has insecure content.
1434 CheckAuthenticationBrokenState(
1435 tab2,
1436 CertError::NONE,
1437 AuthState::DISPLAYED_INSECURE_CONTENT | AuthState::RAN_INSECURE_CONTENT);
1438
1439 // Which means the origin for the first tab has also been contaminated with
1440 // insecure content.
1441 CheckAuthenticationBrokenState(
1442 tab1, CertError::NONE, AuthState::RAN_INSECURE_CONTENT);
1443 }
1444
1445 // Visits a page with an image over http. Visits another page over https
1446 // referencing that same image over http (hoping it is coming from the webcore
1447 // memory cache).
1448 IN_PROC_BROWSER_TEST_F(SSLUITest, TestDisplaysCachedInsecureContent) {
1449 ASSERT_TRUE(test_server()->Start());
1450 ASSERT_TRUE(https_server_.Start());
1451
1452 std::string replacement_path;
1453 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement(
1454 "files/ssl/page_displays_insecure_content.html",
1455 test_server()->host_port_pair(),
1456 &replacement_path));
1457
1458 // Load original page over HTTP.
1459 const GURL url_http = test_server()->GetURL(replacement_path);
1460 ui_test_utils::NavigateToURL(browser(), url_http);
1461 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
1462 CheckUnauthenticatedState(tab, AuthState::NONE);
1463
1464 // Load again but over SSL. It should be marked as displaying insecure
1465 // content (even though the image comes from the WebCore memory cache).
1466 const GURL url_https = https_server_.GetURL(replacement_path);
1467 ui_test_utils::NavigateToURL(browser(), url_https);
1468 CheckAuthenticatedState(tab, AuthState::DISPLAYED_INSECURE_CONTENT);
1469 }
1470
1471 // http://crbug.com/84729
1472 #if defined(OS_CHROMEOS)
1473 #define MAYBE_TestRunsCachedInsecureContent \
1474 DISABLED_TestRunsCachedInsecureContent
1475 #else
1476 #define MAYBE_TestRunsCachedInsecureContent TestRunsCachedInsecureContent
1477 #endif // defined(OS_CHROMEOS)
1478
1479 // Visits a page with script over http. Visits another page over https
1480 // referencing that same script over http (hoping it is coming from the webcore
1481 // memory cache).
1482 IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestRunsCachedInsecureContent) {
1483 ASSERT_TRUE(test_server()->Start());
1484 ASSERT_TRUE(https_server_.Start());
1485
1486 std::string replacement_path;
1487 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement(
1488 "files/ssl/page_runs_insecure_content.html",
1489 test_server()->host_port_pair(),
1490 &replacement_path));
1491
1492 // Load original page over HTTP.
1493 const GURL url_http = test_server()->GetURL(replacement_path);
1494 ui_test_utils::NavigateToURL(browser(), url_http);
1495 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
1496 CheckUnauthenticatedState(tab, AuthState::NONE);
1497
1498 // Load again but over SSL. It should be marked as displaying insecure
1499 // content (even though the image comes from the WebCore memory cache).
1500 const GURL url_https = https_server_.GetURL(replacement_path);
1501 ui_test_utils::NavigateToURL(browser(), url_https);
1502 CheckAuthenticationBrokenState(
1503 tab,
1504 CertError::NONE,
1505 AuthState::DISPLAYED_INSECURE_CONTENT | AuthState::RAN_INSECURE_CONTENT);
1506 }
1507
1508 // This test ensures the CN invalid status does not 'stick' to a certificate
1509 // (see bug #1044942) and that it depends on the host-name.
1510 // Test if disabled due to flakiness http://crbug.com/368280 .
1511 IN_PROC_BROWSER_TEST_F(SSLUITest, DISABLED_TestCNInvalidStickiness) {
1512 ASSERT_TRUE(https_server_.Start());
1513 ASSERT_TRUE(https_server_mismatched_.Start());
1514
1515 // First we hit the server with hostname, this generates an invalid policy
1516 // error.
1517 ui_test_utils::NavigateToURL(browser(),
1518 https_server_mismatched_.GetURL("files/ssl/google.html"));
1519
1520 // We get an interstitial page as a result.
1521 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
1522 CheckAuthenticationBrokenState(tab,
1523 net::CERT_STATUS_COMMON_NAME_INVALID,
1524 AuthState::SHOWING_INTERSTITIAL);
1525 ProceedThroughInterstitial(tab);
1526 CheckAuthenticationBrokenState(
1527 tab, net::CERT_STATUS_COMMON_NAME_INVALID, AuthState::NONE);
1528
1529 // Now we try again with the right host name this time.
1530 GURL url(https_server_.GetURL("files/ssl/google.html"));
1531 ui_test_utils::NavigateToURL(browser(), url);
1532
1533 // Security state should be OK.
1534 CheckAuthenticatedState(tab, AuthState::NONE);
1535
1536 // Now try again the broken one to make sure it is still broken.
1537 ui_test_utils::NavigateToURL(browser(),
1538 https_server_mismatched_.GetURL("files/ssl/google.html"));
1539
1540 // Since we OKed the interstitial last time, we get right to the page.
1541 CheckAuthenticationBrokenState(
1542 tab, net::CERT_STATUS_COMMON_NAME_INVALID, AuthState::NONE);
1543 }
1544
1545 #if defined(OS_CHROMEOS)
1546 // This test seems to be flaky and hang on chromiumos.
1547 // http://crbug.com/84419
1548 #define MAYBE_TestRefNavigation DISABLED_TestRefNavigation
1549 #else
1550 #define MAYBE_TestRefNavigation TestRefNavigation
1551 #endif
1552
1553 // Test that navigating to a #ref does not change a bad security state.
1554 IN_PROC_BROWSER_TEST_F(SSLUITest, TestRefNavigation) {
1555 ASSERT_TRUE(https_server_expired_.Start());
1556
1557 ui_test_utils::NavigateToURL(browser(),
1558 https_server_expired_.GetURL("files/ssl/page_with_refs.html"));
1559
1560 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
1561 CheckAuthenticationBrokenState(
1562 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
1563
1564 ProceedThroughInterstitial(tab);
1565
1566 CheckAuthenticationBrokenState(
1567 tab, net::CERT_STATUS_DATE_INVALID, AuthState::NONE);
1568 // Now navigate to a ref in the page, the security state should not have
1569 // changed.
1570 ui_test_utils::NavigateToURL(browser(),
1571 https_server_expired_.GetURL("files/ssl/page_with_refs.html#jp"));
1572
1573 CheckAuthenticationBrokenState(
1574 tab, net::CERT_STATUS_DATE_INVALID, AuthState::NONE);
1575 }
1576
1577 // Tests that closing a page that has a unsafe pop-up does not crash the
1578 // browser (bug #1966).
1579 // TODO(jcampan): http://crbug.com/2136 disabled because the popup is not
1580 // opened as it is not initiated by a user gesture.
1581 IN_PROC_BROWSER_TEST_F(SSLUITest, DISABLED_TestCloseTabWithUnsafePopup) {
1582 ASSERT_TRUE(test_server()->Start());
1583 ASSERT_TRUE(https_server_expired_.Start());
1584
1585 std::string replacement_path;
1586 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement(
1587 "files/ssl/page_with_unsafe_popup.html",
1588 https_server_expired_.host_port_pair(),
1589 &replacement_path));
1590
1591 ui_test_utils::NavigateToURL(browser(),
1592 test_server()->GetURL(replacement_path));
1593
1594 WebContents* tab1 = browser()->tab_strip_model()->GetActiveWebContents();
1595 // It is probably overkill to add a notification for a popup-opening, let's
1596 // just poll.
1597 for (int i = 0; i < 10; i++) {
1598 if (IsShowingWebContentsModalDialog())
1599 break;
1600 base::MessageLoop::current()->PostDelayedTask(
1601 FROM_HERE,
1602 base::MessageLoop::QuitClosure(),
1603 base::TimeDelta::FromSeconds(1));
1604 content::RunMessageLoop();
1605 }
1606 ASSERT_TRUE(IsShowingWebContentsModalDialog());
1607
1608 // Let's add another tab to make sure the browser does not exit when we close
1609 // the first tab.
1610 GURL url = test_server()->GetURL("files/ssl/google.html");
1611 content::WindowedNotificationObserver observer(
1612 content::NOTIFICATION_LOAD_STOP,
1613 content::NotificationService::AllSources());
1614 chrome::AddSelectedTabWithURL(browser(), url, ui::PAGE_TRANSITION_TYPED);
1615 observer.Wait();
1616
1617 // Close the first tab.
1618 chrome::CloseWebContents(browser(), tab1, false);
1619 }
1620
1621 // Visit a page over bad https that is a redirect to a page with good https.
1622 IN_PROC_BROWSER_TEST_F(SSLUITest, TestRedirectBadToGoodHTTPS) {
1623 ASSERT_TRUE(https_server_.Start());
1624 ASSERT_TRUE(https_server_expired_.Start());
1625
1626 GURL url1 = https_server_expired_.GetURL("server-redirect?");
1627 GURL url2 = https_server_.GetURL("files/ssl/google.html");
1628
1629 ui_test_utils::NavigateToURL(browser(), GURL(url1.spec() + url2.spec()));
1630
1631 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
1632
1633 CheckAuthenticationBrokenState(
1634 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
1635
1636 ProceedThroughInterstitial(tab);
1637
1638 // We have been redirected to the good page.
1639 CheckAuthenticatedState(tab, AuthState::NONE);
1640 }
1641
1642 // Flaky on Linux. http://crbug.com/368280.
1643 #if defined(OS_LINUX)
1644 #define MAYBE_TestRedirectGoodToBadHTTPS DISABLED_TestRedirectGoodToBadHTTPS
1645 #else
1646 #define MAYBE_TestRedirectGoodToBadHTTPS TestRedirectGoodToBadHTTPS
1647 #endif
1648
1649 // Visit a page over good https that is a redirect to a page with bad https.
1650 IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestRedirectGoodToBadHTTPS) {
1651 ASSERT_TRUE(https_server_.Start());
1652 ASSERT_TRUE(https_server_expired_.Start());
1653
1654 GURL url1 = https_server_.GetURL("server-redirect?");
1655 GURL url2 = https_server_expired_.GetURL("files/ssl/google.html");
1656 ui_test_utils::NavigateToURL(browser(), GURL(url1.spec() + url2.spec()));
1657
1658 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
1659 CheckAuthenticationBrokenState(
1660 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
1661
1662 ProceedThroughInterstitial(tab);
1663
1664 CheckAuthenticationBrokenState(
1665 tab, net::CERT_STATUS_DATE_INVALID, AuthState::NONE);
1666 }
1667
1668 // Visit a page over http that is a redirect to a page with good HTTPS.
1669 IN_PROC_BROWSER_TEST_F(SSLUITest, TestRedirectHTTPToGoodHTTPS) {
1670 ASSERT_TRUE(test_server()->Start());
1671 ASSERT_TRUE(https_server_.Start());
1672
1673 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
1674
1675 // HTTP redirects to good HTTPS.
1676 GURL http_url = test_server()->GetURL("server-redirect?");
1677 GURL good_https_url =
1678 https_server_.GetURL("files/ssl/google.html");
1679
1680 ui_test_utils::NavigateToURL(browser(),
1681 GURL(http_url.spec() + good_https_url.spec()));
1682 CheckAuthenticatedState(tab, AuthState::NONE);
1683 }
1684
1685 // Flaky on Linux. http://crbug.com/368280.
1686 #if defined(OS_LINUX)
1687 #define MAYBE_TestRedirectHTTPToBadHTTPS DISABLED_TestRedirectHTTPToBadHTTPS
1688 #else
1689 #define MAYBE_TestRedirectHTTPToBadHTTPS TestRedirectHTTPToBadHTTPS
1690 #endif
1691
1692 // Visit a page over http that is a redirect to a page with bad HTTPS.
1693 IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestRedirectHTTPToBadHTTPS) {
1694 ASSERT_TRUE(test_server()->Start());
1695 ASSERT_TRUE(https_server_expired_.Start());
1696
1697 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
1698
1699 GURL http_url = test_server()->GetURL("server-redirect?");
1700 GURL bad_https_url =
1701 https_server_expired_.GetURL("files/ssl/google.html");
1702 ui_test_utils::NavigateToURL(browser(),
1703 GURL(http_url.spec() + bad_https_url.spec()));
1704 CheckAuthenticationBrokenState(
1705 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
1706
1707 ProceedThroughInterstitial(tab);
1708
1709 CheckAuthenticationBrokenState(
1710 tab, net::CERT_STATUS_DATE_INVALID, AuthState::NONE);
1711 }
1712
1713 // Visit a page over https that is a redirect to a page with http (to make sure
1714 // we don't keep the secure state).
1715 IN_PROC_BROWSER_TEST_F(SSLUITest, TestRedirectHTTPSToHTTP) {
1716 ASSERT_TRUE(test_server()->Start());
1717 ASSERT_TRUE(https_server_.Start());
1718
1719 GURL https_url = https_server_.GetURL("server-redirect?");
1720 GURL http_url = test_server()->GetURL("files/ssl/google.html");
1721
1722 ui_test_utils::NavigateToURL(browser(),
1723 GURL(https_url.spec() + http_url.spec()));
1724 CheckUnauthenticatedState(
1725 browser()->tab_strip_model()->GetActiveWebContents(), AuthState::NONE);
1726 }
1727
1728 // Visits a page to which we could not connect (bad port) over http and https
1729 // and make sure the security style is correct.
1730 IN_PROC_BROWSER_TEST_F(SSLUITest, TestConnectToBadPort) {
1731 ui_test_utils::NavigateToURL(browser(), GURL("http://localhost:17"));
1732 CheckUnauthenticatedState(
1733 browser()->tab_strip_model()->GetActiveWebContents(),
1734 AuthState::SHOWING_ERROR);
1735
1736 // Same thing over HTTPS.
1737 ui_test_utils::NavigateToURL(browser(), GURL("https://localhost:17"));
1738 CheckUnauthenticatedState(
1739 browser()->tab_strip_model()->GetActiveWebContents(),
1740 AuthState::SHOWING_ERROR);
1741 }
1742
1743 //
1744 // Frame navigation
1745 //
1746
1747 // From a good HTTPS top frame:
1748 // - navigate to an OK HTTPS frame
1749 // - navigate to a bad HTTPS (expect unsafe content and filtered frame), then
1750 // back
1751 // - navigate to HTTP (expect insecure content), then back
1752 IN_PROC_BROWSER_TEST_F(SSLUITest, TestGoodFrameNavigation) {
1753 ASSERT_TRUE(test_server()->Start());
1754 ASSERT_TRUE(https_server_.Start());
1755 ASSERT_TRUE(https_server_expired_.Start());
1756
1757 std::string top_frame_path;
1758 ASSERT_TRUE(GetTopFramePath(*test_server(),
1759 https_server_,
1760 https_server_expired_,
1761 &top_frame_path));
1762
1763 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
1764 ui_test_utils::NavigateToURL(browser(),
1765 https_server_.GetURL(top_frame_path));
1766
1767 CheckAuthenticatedState(tab, AuthState::NONE);
1768
1769 bool success = false;
1770 // Now navigate inside the frame.
1771 {
1772 content::WindowedNotificationObserver observer(
1773 content::NOTIFICATION_LOAD_STOP,
1774 content::Source<NavigationController>(&tab->GetController()));
1775 EXPECT_TRUE(content::ExecuteScriptAndExtractBool(
1776 tab,
1777 "window.domAutomationController.send(clickLink('goodHTTPSLink'));",
1778 &success));
1779 ASSERT_TRUE(success);
1780 observer.Wait();
1781 }
1782
1783 // We should still be fine.
1784 CheckAuthenticatedState(tab, AuthState::NONE);
1785
1786 // Now let's hit a bad page.
1787 {
1788 content::WindowedNotificationObserver observer(
1789 content::NOTIFICATION_LOAD_STOP,
1790 content::Source<NavigationController>(&tab->GetController()));
1791 EXPECT_TRUE(content::ExecuteScriptAndExtractBool(
1792 tab,
1793 "window.domAutomationController.send(clickLink('badHTTPSLink'));",
1794 &success));
1795 ASSERT_TRUE(success);
1796 observer.Wait();
1797 }
1798
1799 // The security style should still be secure.
1800 CheckAuthenticatedState(tab, AuthState::NONE);
1801
1802 // And the frame should be blocked.
1803 bool is_content_evil = true;
1804 content::RenderFrameHost* content_frame = content::FrameMatchingPredicate(
1805 tab, base::Bind(&content::FrameMatchesName, "contentFrame"));
1806 std::string is_evil_js("window.domAutomationController.send("
1807 "document.getElementById('evilDiv') != null);");
1808 EXPECT_TRUE(content::ExecuteScriptAndExtractBool(content_frame,
1809 is_evil_js,
1810 &is_content_evil));
1811 EXPECT_FALSE(is_content_evil);
1812
1813 // Now go back, our state should still be OK.
1814 {
1815 content::WindowedNotificationObserver observer(
1816 content::NOTIFICATION_LOAD_STOP,
1817 content::Source<NavigationController>(&tab->GetController()));
1818 tab->GetController().GoBack();
1819 observer.Wait();
1820 }
1821 CheckAuthenticatedState(tab, AuthState::NONE);
1822
1823 // Navigate to a page served over HTTP.
1824 {
1825 content::WindowedNotificationObserver observer(
1826 content::NOTIFICATION_LOAD_STOP,
1827 content::Source<NavigationController>(&tab->GetController()));
1828 EXPECT_TRUE(content::ExecuteScriptAndExtractBool(
1829 tab,
1830 "window.domAutomationController.send(clickLink('HTTPLink'));",
1831 &success));
1832 ASSERT_TRUE(success);
1833 observer.Wait();
1834 }
1835
1836 // Our state should be unathenticated (in the ran mixed script sense)
1837 CheckAuthenticationBrokenState(
1838 tab,
1839 CertError::NONE,
1840 AuthState::DISPLAYED_INSECURE_CONTENT | AuthState::RAN_INSECURE_CONTENT);
1841
1842 // Go back, our state should be unchanged.
1843 {
1844 content::WindowedNotificationObserver observer(
1845 content::NOTIFICATION_LOAD_STOP,
1846 content::Source<NavigationController>(&tab->GetController()));
1847 tab->GetController().GoBack();
1848 observer.Wait();
1849 }
1850
1851 CheckAuthenticationBrokenState(
1852 tab,
1853 CertError::NONE,
1854 AuthState::DISPLAYED_INSECURE_CONTENT | AuthState::RAN_INSECURE_CONTENT);
1855 }
1856
1857 // From a bad HTTPS top frame:
1858 // - navigate to an OK HTTPS frame (expected to be still authentication broken).
1859 IN_PROC_BROWSER_TEST_F(SSLUITest, TestBadFrameNavigation) {
1860 ASSERT_TRUE(https_server_.Start());
1861 ASSERT_TRUE(https_server_expired_.Start());
1862
1863 std::string top_frame_path;
1864 ASSERT_TRUE(GetTopFramePath(*test_server(),
1865 https_server_,
1866 https_server_expired_,
1867 &top_frame_path));
1868
1869 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
1870 ui_test_utils::NavigateToURL(browser(),
1871 https_server_expired_.GetURL(top_frame_path));
1872 CheckAuthenticationBrokenState(
1873 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
1874
1875 ProceedThroughInterstitial(tab);
1876
1877 // Navigate to a good frame.
1878 bool success = false;
1879 content::WindowedNotificationObserver observer(
1880 content::NOTIFICATION_LOAD_STOP,
1881 content::Source<NavigationController>(&tab->GetController()));
1882 EXPECT_TRUE(content::ExecuteScriptAndExtractBool(
1883 tab,
1884 "window.domAutomationController.send(clickLink('goodHTTPSLink'));",
1885 &success));
1886 ASSERT_TRUE(success);
1887 observer.Wait();
1888
1889 // We should still be authentication broken.
1890 CheckAuthenticationBrokenState(
1891 tab, net::CERT_STATUS_DATE_INVALID, AuthState::NONE);
1892 }
1893
1894 // From an HTTP top frame, navigate to good and bad HTTPS (security state should
1895 // stay unauthenticated).
1896 // Disabled, flakily exceeds test timeout, http://crbug.com/43437.
1897 IN_PROC_BROWSER_TEST_F(SSLUITest, DISABLED_TestUnauthenticatedFrameNavigation) {
1898 ASSERT_TRUE(test_server()->Start());
1899 ASSERT_TRUE(https_server_.Start());
1900 ASSERT_TRUE(https_server_expired_.Start());
1901
1902 std::string top_frame_path;
1903 ASSERT_TRUE(GetTopFramePath(*test_server(),
1904 https_server_,
1905 https_server_expired_,
1906 &top_frame_path));
1907
1908 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
1909 ui_test_utils::NavigateToURL(browser(),
1910 test_server()->GetURL(top_frame_path));
1911 CheckUnauthenticatedState(tab, AuthState::NONE);
1912
1913 // Now navigate inside the frame to a secure HTTPS frame.
1914 {
1915 bool success = false;
1916 content::WindowedNotificationObserver observer(
1917 content::NOTIFICATION_LOAD_STOP,
1918 content::Source<NavigationController>(&tab->GetController()));
1919 EXPECT_TRUE(content::ExecuteScriptAndExtractBool(
1920 tab,
1921 "window.domAutomationController.send(clickLink('goodHTTPSLink'));",
1922 &success));
1923 ASSERT_TRUE(success);
1924 observer.Wait();
1925 }
1926
1927 // We should still be unauthenticated.
1928 CheckUnauthenticatedState(tab, AuthState::NONE);
1929
1930 // Now navigate to a bad HTTPS frame.
1931 {
1932 bool success = false;
1933 content::WindowedNotificationObserver observer(
1934 content::NOTIFICATION_LOAD_STOP,
1935 content::Source<NavigationController>(&tab->GetController()));
1936 EXPECT_TRUE(content::ExecuteScriptAndExtractBool(
1937 tab,
1938 "window.domAutomationController.send(clickLink('badHTTPSLink'));",
1939 &success));
1940 ASSERT_TRUE(success);
1941 observer.Wait();
1942 }
1943
1944 // State should not have changed.
1945 CheckUnauthenticatedState(tab, AuthState::NONE);
1946
1947 // And the frame should have been blocked (see bug #2316).
1948 bool is_content_evil = true;
1949 content::RenderFrameHost* content_frame = content::FrameMatchingPredicate(
1950 tab, base::Bind(&content::FrameMatchesName, "contentFrame"));
1951 std::string is_evil_js("window.domAutomationController.send("
1952 "document.getElementById('evilDiv') != null);");
1953 EXPECT_TRUE(content::ExecuteScriptAndExtractBool(content_frame,
1954 is_evil_js,
1955 &is_content_evil));
1956 EXPECT_FALSE(is_content_evil);
1957 }
1958
1959 IN_PROC_BROWSER_TEST_F(SSLUITest, TestUnsafeContentsInWorkerFiltered) {
1960 ASSERT_TRUE(https_server_.Start());
1961 ASSERT_TRUE(https_server_expired_.Start());
1962
1963 // This page will spawn a Worker which will try to load content from
1964 // BadCertServer.
1965 std::string page_with_unsafe_worker_path;
1966 ASSERT_TRUE(GetPageWithUnsafeWorkerPath(https_server_expired_,
1967 &page_with_unsafe_worker_path));
1968 ui_test_utils::NavigateToURL(browser(), https_server_.GetURL(
1969 page_with_unsafe_worker_path));
1970 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
1971 // Expect Worker not to load insecure content.
1972 CheckWorkerLoadResult(tab, false);
1973 // The bad content is filtered, expect the state to be authenticated.
1974 CheckAuthenticatedState(tab, AuthState::NONE);
1975 }
1976
1977 IN_PROC_BROWSER_TEST_F(SSLUITest, TestUnsafeContentsInWorker) {
1978 ASSERT_TRUE(https_server_.Start());
1979 ASSERT_TRUE(https_server_expired_.Start());
1980
1981 // Navigate to an unsafe site. Proceed with interstitial page to indicate
1982 // the user approves the bad certificate.
1983 ui_test_utils::NavigateToURL(browser(),
1984 https_server_expired_.GetURL("files/ssl/blank_page.html"));
1985 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
1986 CheckAuthenticationBrokenState(
1987 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
1988 ProceedThroughInterstitial(tab);
1989 CheckAuthenticationBrokenState(
1990 tab, net::CERT_STATUS_DATE_INVALID, AuthState::NONE);
1991
1992 // Navigate to safe page that has Worker loading unsafe content.
1993 // Expect content to load but be marked as auth broken due to running insecure
1994 // content.
1995 std::string page_with_unsafe_worker_path;
1996 ASSERT_TRUE(GetPageWithUnsafeWorkerPath(https_server_expired_,
1997 &page_with_unsafe_worker_path));
1998 ui_test_utils::NavigateToURL(browser(), https_server_.GetURL(
1999 page_with_unsafe_worker_path));
2000 CheckWorkerLoadResult(tab, true); // Worker loads insecure content
2001 CheckAuthenticationBrokenState(
2002 tab, CertError::NONE, AuthState::RAN_INSECURE_CONTENT);
2003 }
2004
2005 // Test that when the browser blocks displaying insecure content (images), the
2006 // indicator shows a secure page, because the blocking made the otherwise
2007 // unsafe page safe (the notification of this state is handled by other means).
2008 IN_PROC_BROWSER_TEST_F(SSLUITestBlock, TestBlockDisplayingInsecureImage) {
2009 ASSERT_TRUE(test_server()->Start());
2010 ASSERT_TRUE(https_server_.Start());
2011
2012 std::string replacement_path;
2013 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement(
2014 "files/ssl/page_displays_insecure_content.html",
2015 test_server()->host_port_pair(),
2016 &replacement_path));
2017
2018 ui_test_utils::NavigateToURL(browser(),
2019 https_server_.GetURL(replacement_path));
2020
2021 CheckAuthenticatedState(browser()->tab_strip_model()->GetActiveWebContents(),
2022 AuthState::NONE);
2023 }
2024
2025 // Test that when the browser blocks displaying insecure content (iframes), the
2026 // indicator shows a secure page, because the blocking made the otherwise
2027 // unsafe page safe (the notification of this state is handled by other means)
2028 IN_PROC_BROWSER_TEST_F(SSLUITestBlock, TestBlockDisplayingInsecureIframe) {
2029 ASSERT_TRUE(test_server()->Start());
2030 ASSERT_TRUE(https_server_.Start());
2031
2032 std::string replacement_path;
2033 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement(
2034 "files/ssl/page_displays_insecure_iframe.html",
2035 test_server()->host_port_pair(),
2036 &replacement_path));
2037
2038 ui_test_utils::NavigateToURL(browser(),
2039 https_server_.GetURL(replacement_path));
2040
2041 CheckAuthenticatedState(browser()->tab_strip_model()->GetActiveWebContents(),
2042 AuthState::NONE);
2043 }
2044
2045 // Test that when the browser blocks running insecure content, the
2046 // indicator shows a secure page, because the blocking made the otherwise
2047 // unsafe page safe (the notification of this state is handled by other means).
2048 IN_PROC_BROWSER_TEST_F(SSLUITestBlock, TestBlockRunningInsecureContent) {
2049 ASSERT_TRUE(test_server()->Start());
2050 ASSERT_TRUE(https_server_.Start());
2051
2052 std::string replacement_path;
2053 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement(
2054 "files/ssl/page_runs_insecure_content.html",
2055 test_server()->host_port_pair(),
2056 &replacement_path));
2057
2058 ui_test_utils::NavigateToURL(browser(),
2059 https_server_.GetURL(replacement_path));
2060
2061 CheckAuthenticatedState(browser()->tab_strip_model()->GetActiveWebContents(),
2062 AuthState::NONE);
2063 }
2064
2065 // Visit a page and establish a WebSocket connection over bad https with
2066 // --ignore-certificate-errors. The connection should be established without
2067 // interstitial page showing.
2068 IN_PROC_BROWSER_TEST_F(SSLUITestIgnoreCertErrors, TestWSS) {
2069 ASSERT_TRUE(test_server()->Start());
2070 ASSERT_TRUE(wss_server_expired_.Start());
2071
2072 // Setup page title observer.
2073 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
2074 content::TitleWatcher watcher(tab, ASCIIToUTF16("PASS"));
2075 watcher.AlsoWaitForTitle(ASCIIToUTF16("FAIL"));
2076
2077 // Visit bad HTTPS page.
2078 GURL::Replacements replacements;
2079 replacements.SetSchemeStr("https");
2080 ui_test_utils::NavigateToURL(
2081 browser(),
2082 wss_server_expired_.GetURL(
2083 "connect_check.html").ReplaceComponents(replacements));
2084
2085 // We shouldn't have an interstitial page showing here.
2086
2087 // Test page run a WebSocket wss connection test. The result will be shown
2088 // as page title.
2089 const base::string16 result = watcher.WaitAndGetTitle();
2090 EXPECT_TRUE(LowerCaseEqualsASCII(result, "pass"));
2091 }
2092
2093 // Verifies that the interstitial can proceed, even if JavaScript is disabled.
2094 // http://crbug.com/322948
2095 #if defined(OS_LINUX)
2096 // flaky http://crbug.com/396458
2097 #define MAYBE_TestInterstitialJavaScriptProceeds \
2098 DISABLED_TestInterstitialJavaScriptProceeds
2099 #else
2100 #define MAYBE_TestInterstitialJavaScriptProceeds \
2101 TestInterstitialJavaScriptProceeds
2102 #endif
2103 IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestInterstitialJavaScriptProceeds) {
2104 browser()->profile()->GetHostContentSettingsMap()->SetDefaultContentSetting(
2105 CONTENT_SETTINGS_TYPE_JAVASCRIPT, CONTENT_SETTING_BLOCK);
2106
2107 ASSERT_TRUE(https_server_expired_.Start());
2108 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
2109 ui_test_utils::NavigateToURL(browser(),
2110 https_server_expired_.GetURL("files/ssl/google.html"));
2111 CheckAuthenticationBrokenState(
2112 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
2113
2114 content::WindowedNotificationObserver observer(
2115 content::NOTIFICATION_LOAD_STOP,
2116 content::Source<NavigationController>(&tab->GetController()));
2117 InterstitialPage* interstitial_page = tab->GetInterstitialPage();
2118 ASSERT_EQ(SSLBlockingPage::kTypeForTesting,
2119 interstitial_page->GetDelegateForTesting()->GetTypeForTesting());
2120 content::RenderViewHost* interstitial_rvh =
2121 interstitial_page->GetMainFrame()->GetRenderViewHost();
2122 int result = -1;
2123 std::string javascript = base::StringPrintf(
2124 "window.domAutomationController.send(%d);",
2125 SecurityInterstitialPage::CMD_PROCEED);
2126 ASSERT_TRUE(content::ExecuteScriptAndExtractInt(
2127 interstitial_rvh, javascript, &result));
2128 // The above will hang without the fix.
2129 EXPECT_EQ(1, result);
2130 observer.Wait();
2131 CheckAuthenticationBrokenState(
2132 tab, net::CERT_STATUS_DATE_INVALID, AuthState::NONE);
2133 }
2134
2135 // Verifies that the interstitial can go back, even if JavaScript is disabled.
2136 // http://crbug.com/322948
2137 IN_PROC_BROWSER_TEST_F(SSLUITest, TestInterstitialJavaScriptGoesBack) {
2138 browser()->profile()->GetHostContentSettingsMap()->SetDefaultContentSetting(
2139 CONTENT_SETTINGS_TYPE_JAVASCRIPT, CONTENT_SETTING_BLOCK);
2140
2141 ASSERT_TRUE(https_server_expired_.Start());
2142 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
2143 ui_test_utils::NavigateToURL(browser(),
2144 https_server_expired_.GetURL("files/ssl/google.html"));
2145 CheckAuthenticationBrokenState(
2146 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
2147
2148 content::WindowedNotificationObserver observer(
2149 content::NOTIFICATION_RENDER_WIDGET_HOST_DESTROYED,
2150 content::NotificationService::AllSources());
2151 InterstitialPage* interstitial_page = tab->GetInterstitialPage();
2152 ASSERT_EQ(SSLBlockingPage::kTypeForTesting,
2153 interstitial_page->GetDelegateForTesting()->GetTypeForTesting());
2154 content::RenderViewHost* interstitial_rvh =
2155 interstitial_page->GetMainFrame()->GetRenderViewHost();
2156 int result = -1;
2157 std::string javascript = base::StringPrintf(
2158 "window.domAutomationController.send(%d);",
2159 SecurityInterstitialPage::CMD_DONT_PROCEED);
2160 ASSERT_TRUE(content::ExecuteScriptAndExtractInt(
2161 interstitial_rvh, javascript, &result));
2162 // The above will hang without the fix.
2163 EXPECT_EQ(0, result);
2164 observer.Wait();
2165 EXPECT_EQ("about:blank", tab->GetVisibleURL().spec());
2166 }
2167
2168 // Verifies that switching tabs, while showing interstitial page, will not
2169 // affect the visibility of the interestitial.
2170 // https://crbug.com/381439
2171 IN_PROC_BROWSER_TEST_F(SSLUITest, InterstitialNotAffectedByHideShow) {
2172 ASSERT_TRUE(https_server_expired_.Start());
2173 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
2174 EXPECT_TRUE(tab->GetRenderWidgetHostView()->IsShowing());
2175 ui_test_utils::NavigateToURL(
2176 browser(), https_server_expired_.GetURL("files/ssl/google.html"));
2177 CheckAuthenticationBrokenState(
2178 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
2179 EXPECT_TRUE(tab->GetRenderWidgetHostView()->IsShowing());
2180
2181 AddTabAtIndex(0,
2182 https_server_.GetURL("files/ssl/google.html"),
2183 ui::PAGE_TRANSITION_TYPED);
2184 EXPECT_EQ(2, browser()->tab_strip_model()->count());
2185 EXPECT_EQ(0, browser()->tab_strip_model()->active_index());
2186 EXPECT_EQ(tab, browser()->tab_strip_model()->GetWebContentsAt(1));
2187 EXPECT_FALSE(tab->GetRenderWidgetHostView()->IsShowing());
2188
2189 browser()->tab_strip_model()->ActivateTabAt(1, true);
2190 EXPECT_TRUE(tab->GetRenderWidgetHostView()->IsShowing());
2191 }
2192
2193 class SSLBlockingPageIDNTest : public SecurityInterstitialIDNTest {
2194 protected:
2195 // SecurityInterstitialIDNTest implementation
2196 SecurityInterstitialPage* CreateInterstitial(
2197 content::WebContents* contents,
2198 const GURL& request_url) const override {
2199 net::SSLInfo ssl_info;
2200 ssl_info.cert = new net::X509Certificate(
2201 request_url.host(), "CA", base::Time::Max(), base::Time::Max());
2202 return new SSLBlockingPage(
2203 contents, net::ERR_CERT_CONTAINS_ERRORS, ssl_info, request_url, 0,
2204 base::Time::NowFromSystemTime(), nullptr, base::Callback<void(bool)>());
2205 }
2206 };
2207
2208 IN_PROC_BROWSER_TEST_F(SSLBlockingPageIDNTest, SSLBlockingPageDecodesIDN) {
2209 EXPECT_TRUE(VerifyIDNDecoded());
2210 }
2211
2212 // TODO(jcampan): more tests to do below.
2213
2214 // Visit a page over https that contains a frame with a redirect.
2215
2216 // XMLHttpRequest insecure content in synchronous mode.
2217
2218 // XMLHttpRequest insecure content in asynchronous mode.
2219
2220 // XMLHttpRequest over bad ssl in synchronous mode.
2221
2222 // XMLHttpRequest over OK ssl in synchronous mode.