ssl_browser_tests.cc revision 90dce4d38c5ff5333bea97d859d4e484e27edf0c
1// Copyright (c) 2012 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "base/command_line.h" 6#include "base/path_service.h" 7#include "base/prefs/pref_service.h" 8#include "base/string_util.h" 9#include "base/stringprintf.h" 10#include "base/time.h" 11#include "base/utf_string_conversions.h" 12#include "chrome/app/chrome_command_ids.h" 13#include "chrome/browser/content_settings/host_content_settings_map.h" 14#include "chrome/browser/profiles/profile.h" 15#include "chrome/browser/ui/browser.h" 16#include "chrome/browser/ui/browser_commands.h" 17#include "chrome/browser/ui/browser_navigator.h" 18#include "chrome/browser/ui/browser_tabstrip.h" 19#include "chrome/browser/ui/tabs/tab_strip_model.h" 20#include "chrome/common/chrome_notification_types.h" 21#include "chrome/common/chrome_paths.h" 22#include "chrome/common/chrome_switches.h" 23#include "chrome/common/pref_names.h" 24#include "chrome/test/base/in_process_browser_test.h" 25#include "chrome/test/base/ui_test_utils.h" 26#include "components/web_modal/web_contents_modal_dialog_manager.h" 27#include "content/public/browser/browser_context.h" 28#include "content/public/browser/interstitial_page.h" 29#include "content/public/browser/navigation_controller.h" 30#include "content/public/browser/navigation_entry.h" 31#include "content/public/browser/notification_service.h" 32#include "content/public/browser/render_view_host.h" 33#include "content/public/browser/web_contents.h" 34#include "content/public/browser/web_contents_observer.h" 35#include "content/public/common/security_style.h" 36#include "content/public/common/ssl_status.h" 37#include "content/public/test/browser_test_utils.h" 38#include "content/public/test/download_test_observer.h" 39#include "content/public/test/test_renderer_host.h" 40#include "crypto/nss_util.h" 41#include "net/base/crypto_module.h" 42#include "net/base/net_errors.h" 43#include "net/base/test_data_directory.h" 44#include "net/cert/cert_status_flags.h" 45#include "net/test/spawned_test_server/spawned_test_server.h" 46 47#if defined(USE_NSS) 48#include "net/cert/nss_cert_database.h" 49#endif // defined(USE_NSS) 50 51using content::InterstitialPage; 52using content::NavigationController; 53using content::NavigationEntry; 54using content::SSLStatus; 55using content::WebContents; 56using web_modal::WebContentsModalDialogManager; 57 58const base::FilePath::CharType kDocRoot[] = 59 FILE_PATH_LITERAL("chrome/test/data"); 60 61namespace { 62 63class ProvisionalLoadWaiter : public content::WebContentsObserver { 64 public: 65 explicit ProvisionalLoadWaiter(WebContents* tab) 66 : WebContentsObserver(tab), waiting_(false), seen_(false) {} 67 68 void Wait() { 69 if (seen_) 70 return; 71 72 waiting_ = true; 73 content::RunMessageLoop(); 74 } 75 76 virtual void DidFailProvisionalLoad( 77 int64 frame_id, 78 bool is_main_frame, 79 const GURL& validated_url, 80 int error_code, 81 const string16& error_description, 82 content::RenderViewHost* render_view_host) OVERRIDE { 83 seen_ = true; 84 if (waiting_) 85 base::MessageLoopForUI::current()->Quit(); 86 } 87 88 private: 89 bool waiting_; 90 bool seen_; 91}; 92 93} // namespace 94 95class SSLUITest : public InProcessBrowserTest { 96 public: 97 SSLUITest() 98 : https_server_(net::SpawnedTestServer::TYPE_HTTPS, 99 SSLOptions(SSLOptions::CERT_OK), 100 base::FilePath(kDocRoot)), 101 https_server_expired_(net::SpawnedTestServer::TYPE_HTTPS, 102 SSLOptions(SSLOptions::CERT_EXPIRED), 103 base::FilePath(kDocRoot)), 104 https_server_mismatched_(net::SpawnedTestServer::TYPE_HTTPS, 105 SSLOptions(SSLOptions::CERT_MISMATCHED_NAME), 106 base::FilePath(kDocRoot)), 107 wss_server_expired_(net::SpawnedTestServer::TYPE_WSS, 108 SSLOptions(SSLOptions::CERT_EXPIRED), 109 net::GetWebSocketTestDataDirectory()) {} 110 111 virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE { 112 // Browser will both run and display insecure content. 113 command_line->AppendSwitch(switches::kAllowRunningInsecureContent); 114 // Use process-per-site so that navigating to a same-site page in a 115 // new tab will use the same process. 116 command_line->AppendSwitch(switches::kProcessPerSite); 117 } 118 119 void CheckAuthenticatedState(WebContents* tab, 120 bool displayed_insecure_content) { 121 ASSERT_FALSE(tab->IsCrashed()); 122 NavigationEntry* entry = tab->GetController().GetActiveEntry(); 123 ASSERT_TRUE(entry); 124 EXPECT_EQ(content::PAGE_TYPE_NORMAL, entry->GetPageType()); 125 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATED, 126 entry->GetSSL().security_style); 127 EXPECT_EQ(0U, entry->GetSSL().cert_status & net::CERT_STATUS_ALL_ERRORS); 128 EXPECT_EQ(displayed_insecure_content, 129 !!(entry->GetSSL().content_status & 130 SSLStatus::DISPLAYED_INSECURE_CONTENT)); 131 EXPECT_FALSE( 132 !!(entry->GetSSL().content_status & SSLStatus::RAN_INSECURE_CONTENT)); 133 } 134 135 void CheckUnauthenticatedState(WebContents* tab) { 136 ASSERT_FALSE(tab->IsCrashed()); 137 NavigationEntry* entry = tab->GetController().GetActiveEntry(); 138 ASSERT_TRUE(entry); 139 EXPECT_EQ(content::PAGE_TYPE_NORMAL, entry->GetPageType()); 140 EXPECT_EQ(content::SECURITY_STYLE_UNAUTHENTICATED, 141 entry->GetSSL().security_style); 142 EXPECT_EQ(0U, entry->GetSSL().cert_status & net::CERT_STATUS_ALL_ERRORS); 143 EXPECT_FALSE(!!(entry->GetSSL().content_status & 144 SSLStatus::DISPLAYED_INSECURE_CONTENT)); 145 EXPECT_FALSE( 146 !!(entry->GetSSL().content_status & SSLStatus::RAN_INSECURE_CONTENT)); 147 } 148 149 void CheckAuthenticationBrokenState(WebContents* tab, 150 net::CertStatus error, 151 bool ran_insecure_content, 152 bool interstitial) { 153 ASSERT_FALSE(tab->IsCrashed()); 154 NavigationEntry* entry = tab->GetController().GetActiveEntry(); 155 ASSERT_TRUE(entry); 156 EXPECT_EQ(interstitial ? 157 content::PAGE_TYPE_INTERSTITIAL : content::PAGE_TYPE_NORMAL, 158 entry->GetPageType()); 159 EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATION_BROKEN, 160 entry->GetSSL().security_style); 161 // CERT_STATUS_UNABLE_TO_CHECK_REVOCATION doesn't lower the security style 162 // to SECURITY_STYLE_AUTHENTICATION_BROKEN. 163 ASSERT_NE(net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION, error); 164 EXPECT_EQ(error, entry->GetSSL().cert_status & error); 165 EXPECT_FALSE(!!(entry->GetSSL().content_status & 166 SSLStatus::DISPLAYED_INSECURE_CONTENT)); 167 EXPECT_EQ(ran_insecure_content, 168 !!(entry->GetSSL().content_status & SSLStatus::RAN_INSECURE_CONTENT)); 169 net::CertStatus extra_cert_errors = error ^ (entry->GetSSL().cert_status & 170 net::CERT_STATUS_ALL_ERRORS); 171 if (extra_cert_errors) 172 LOG(WARNING) << "Got unexpected cert error: " << extra_cert_errors; 173 } 174 175 void CheckWorkerLoadResult(WebContents* tab, bool expectLoaded) { 176 // Workers are async and we don't have notifications for them passing 177 // messages since they do it between renderer and worker processes. 178 // So have a polling loop, check every 200ms, timeout at 30s. 179 const int timeout_ms = 200; 180 base::Time timeToQuit = base::Time::Now() + 181 base::TimeDelta::FromMilliseconds(30000); 182 183 while (base::Time::Now() < timeToQuit) { 184 bool workerFinished = false; 185 ASSERT_TRUE(content::ExecuteScriptAndExtractBool( 186 tab, 187 "window.domAutomationController.send(IsWorkerFinished());", 188 &workerFinished)); 189 190 if (workerFinished) 191 break; 192 193 // Wait a bit. 194 base::MessageLoop::current()->PostDelayedTask( 195 FROM_HERE, 196 base::MessageLoop::QuitClosure(), 197 base::TimeDelta::FromMilliseconds(timeout_ms)); 198 content::RunMessageLoop(); 199 } 200 201 bool actuallyLoadedContent = false; 202 ASSERT_TRUE(content::ExecuteScriptAndExtractBool( 203 tab, 204 "window.domAutomationController.send(IsContentLoaded());", 205 &actuallyLoadedContent)); 206 EXPECT_EQ(expectLoaded, actuallyLoadedContent); 207 } 208 209 void ProceedThroughInterstitial(WebContents* tab) { 210 InterstitialPage* interstitial_page = tab->GetInterstitialPage(); 211 ASSERT_TRUE(interstitial_page); 212 content::WindowedNotificationObserver observer( 213 content::NOTIFICATION_LOAD_STOP, 214 content::Source<NavigationController>(&tab->GetController())); 215 interstitial_page->Proceed(); 216 observer.Wait(); 217 } 218 219 bool IsShowingWebContentsModalDialog() const { 220 return WebContentsModalDialogManager::FromWebContents( 221 browser()->tab_strip_model()->GetActiveWebContents())-> 222 IsShowingDialog(); 223 } 224 225 static bool GetFilePathWithHostAndPortReplacement( 226 const std::string& original_file_path, 227 const net::HostPortPair& host_port_pair, 228 std::string* replacement_path) { 229 std::vector<net::SpawnedTestServer::StringPair> replacement_text; 230 replacement_text.push_back( 231 make_pair("REPLACE_WITH_HOST_AND_PORT", host_port_pair.ToString())); 232 return net::SpawnedTestServer::GetFilePathWithReplacements( 233 original_file_path, replacement_text, replacement_path); 234 } 235 236 static bool GetTopFramePath(const net::SpawnedTestServer& http_server, 237 const net::SpawnedTestServer& good_https_server, 238 const net::SpawnedTestServer& bad_https_server, 239 std::string* top_frame_path) { 240 // The "frame_left.html" page contained in the top_frame.html page contains 241 // <a href>'s to three different servers. This sets up all of the 242 // replacement text to work with test servers which listen on ephemeral 243 // ports. 244 GURL http_url = http_server.GetURL("files/ssl/google.html"); 245 GURL good_https_url = good_https_server.GetURL("files/ssl/google.html"); 246 GURL bad_https_url = bad_https_server.GetURL( 247 "files/ssl/bad_iframe.html"); 248 249 std::vector<net::SpawnedTestServer::StringPair> replacement_text_frame_left; 250 replacement_text_frame_left.push_back( 251 make_pair("REPLACE_WITH_HTTP_PAGE", http_url.spec())); 252 replacement_text_frame_left.push_back( 253 make_pair("REPLACE_WITH_GOOD_HTTPS_PAGE", good_https_url.spec())); 254 replacement_text_frame_left.push_back( 255 make_pair("REPLACE_WITH_BAD_HTTPS_PAGE", bad_https_url.spec())); 256 std::string frame_left_path; 257 if (!net::SpawnedTestServer::GetFilePathWithReplacements( 258 "frame_left.html", 259 replacement_text_frame_left, 260 &frame_left_path)) 261 return false; 262 263 // Substitute the generated frame_left URL into the top_frame page. 264 std::vector<net::SpawnedTestServer::StringPair> replacement_text_top_frame; 265 replacement_text_top_frame.push_back( 266 make_pair("REPLACE_WITH_FRAME_LEFT_PATH", frame_left_path)); 267 return net::SpawnedTestServer::GetFilePathWithReplacements( 268 "files/ssl/top_frame.html", 269 replacement_text_top_frame, 270 top_frame_path); 271 } 272 273 static bool GetPageWithUnsafeWorkerPath( 274 const net::SpawnedTestServer& expired_https_server, 275 std::string* page_with_unsafe_worker_path) { 276 // Get the "imported.js" URL from the expired https server and 277 // substitute it into the unsafe_worker.js file. 278 GURL imported_js_url = expired_https_server.GetURL("files/ssl/imported.js"); 279 std::vector<net::SpawnedTestServer::StringPair> 280 replacement_text_for_unsafe_worker; 281 replacement_text_for_unsafe_worker.push_back( 282 make_pair("REPLACE_WITH_IMPORTED_JS_URL", imported_js_url.spec())); 283 std::string unsafe_worker_path; 284 if (!net::SpawnedTestServer::GetFilePathWithReplacements( 285 "unsafe_worker.js", 286 replacement_text_for_unsafe_worker, 287 &unsafe_worker_path)) 288 return false; 289 290 // Now, substitute this into the page with unsafe worker. 291 std::vector<net::SpawnedTestServer::StringPair> 292 replacement_text_for_page_with_unsafe_worker; 293 replacement_text_for_page_with_unsafe_worker.push_back( 294 make_pair("REPLACE_WITH_UNSAFE_WORKER_PATH", unsafe_worker_path)); 295 return net::SpawnedTestServer::GetFilePathWithReplacements( 296 "files/ssl/page_with_unsafe_worker.html", 297 replacement_text_for_page_with_unsafe_worker, 298 page_with_unsafe_worker_path); 299 } 300 301 net::SpawnedTestServer https_server_; 302 net::SpawnedTestServer https_server_expired_; 303 net::SpawnedTestServer https_server_mismatched_; 304 net::SpawnedTestServer wss_server_expired_; 305 306 private: 307 typedef net::SpawnedTestServer::SSLOptions SSLOptions; 308 309 DISALLOW_COPY_AND_ASSIGN(SSLUITest); 310}; 311 312class SSLUITestBlock : public SSLUITest { 313 public: 314 SSLUITestBlock() : SSLUITest() {} 315 316 // Browser will neither run nor display insecure content. 317 virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE { 318 command_line->AppendSwitch(switches::kNoDisplayingInsecureContent); 319 } 320}; 321 322class SSLUITestIgnoreCertErrors : public SSLUITest { 323 public: 324 SSLUITestIgnoreCertErrors() : SSLUITest() {} 325 326 virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE { 327 // Browser will ignore certificate errors. 328 command_line->AppendSwitch(switches::kIgnoreCertificateErrors); 329 } 330}; 331 332// Visits a regular page over http. 333IN_PROC_BROWSER_TEST_F(SSLUITest, TestHTTP) { 334 ASSERT_TRUE(test_server()->Start()); 335 336 ui_test_utils::NavigateToURL(browser(), 337 test_server()->GetURL("files/ssl/google.html")); 338 339 CheckUnauthenticatedState( 340 browser()->tab_strip_model()->GetActiveWebContents()); 341} 342 343// Visits a page over http which includes broken https resources (status should 344// be OK). 345// TODO(jcampan): test that bad HTTPS content is blocked (otherwise we'll give 346// the secure cookies away!). 347IN_PROC_BROWSER_TEST_F(SSLUITest, TestHTTPWithBrokenHTTPSResource) { 348 ASSERT_TRUE(test_server()->Start()); 349 ASSERT_TRUE(https_server_expired_.Start()); 350 351 std::string replacement_path; 352 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement( 353 "files/ssl/page_with_unsafe_contents.html", 354 https_server_expired_.host_port_pair(), 355 &replacement_path)); 356 357 ui_test_utils::NavigateToURL( 358 browser(), test_server()->GetURL(replacement_path)); 359 360 CheckUnauthenticatedState( 361 browser()->tab_strip_model()->GetActiveWebContents()); 362} 363 364// http://crbug.com/91745 365#if defined(OS_CHROMEOS) 366#define MAYBE_TestOKHTTPS DISABLED_TestOKHTTPS 367#else 368#define MAYBE_TestOKHTTPS TestOKHTTPS 369#endif 370 371// Visits a page over OK https: 372IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestOKHTTPS) { 373 ASSERT_TRUE(https_server_.Start()); 374 375 ui_test_utils::NavigateToURL(browser(), 376 https_server_.GetURL("files/ssl/google.html")); 377 378 CheckAuthenticatedState( 379 browser()->tab_strip_model()->GetActiveWebContents(), false); 380} 381 382// Visits a page with https error and proceed: 383IN_PROC_BROWSER_TEST_F(SSLUITest, TestHTTPSExpiredCertAndProceed) { 384 ASSERT_TRUE(https_server_expired_.Start()); 385 386 ui_test_utils::NavigateToURL(browser(), 387 https_server_expired_.GetURL("files/ssl/google.html")); 388 389 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); 390 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, 391 true); // Interstitial showing 392 393 ProceedThroughInterstitial(tab); 394 395 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, 396 false); // No interstitial showing 397} 398 399// Visits a page with https error and don't proceed (and ensure we can still 400// navigate at that point): 401IN_PROC_BROWSER_TEST_F(SSLUITest, TestHTTPSExpiredCertAndDontProceed) { 402 ASSERT_TRUE(test_server()->Start()); 403 ASSERT_TRUE(https_server_.Start()); 404 ASSERT_TRUE(https_server_expired_.Start()); 405 406 // First navigate to an OK page. 407 ui_test_utils::NavigateToURL(browser(), 408 https_server_.GetURL("files/ssl/google.html")); 409 410 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); 411 NavigationEntry* entry = tab->GetController().GetActiveEntry(); 412 ASSERT_TRUE(entry); 413 414 GURL cross_site_url = 415 https_server_expired_.GetURL("files/ssl/google.html"); 416 // Change the host name from 127.0.0.1 to localhost so it triggers a 417 // cross-site navigation so we can test http://crbug.com/5800 is gone. 418 ASSERT_EQ("127.0.0.1", cross_site_url.host()); 419 GURL::Replacements replacements; 420 std::string new_host("localhost"); 421 replacements.SetHostStr(new_host); 422 cross_site_url = cross_site_url.ReplaceComponents(replacements); 423 424 // Now go to a bad HTTPS page. 425 ui_test_utils::NavigateToURL(browser(), cross_site_url); 426 427 // An interstitial should be showing. 428 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_COMMON_NAME_INVALID, 429 false, true); 430 431 // Simulate user clicking "Take me back". 432 InterstitialPage* interstitial_page = tab->GetInterstitialPage(); 433 ASSERT_TRUE(interstitial_page); 434 interstitial_page->DontProceed(); 435 436 // We should be back to the original good page. 437 CheckAuthenticatedState(tab, false); 438 439 // Try to navigate to a new page. (to make sure bug 5800 is fixed). 440 ui_test_utils::NavigateToURL(browser(), 441 test_server()->GetURL("files/ssl/google.html")); 442 CheckUnauthenticatedState(tab); 443} 444 445// Visits a page with https error and then goes back using Browser::GoBack. 446IN_PROC_BROWSER_TEST_F(SSLUITest, 447 TestHTTPSExpiredCertAndGoBackViaButton) { 448 ASSERT_TRUE(test_server()->Start()); 449 ASSERT_TRUE(https_server_expired_.Start()); 450 451 // First navigate to an HTTP page. 452 ui_test_utils::NavigateToURL(browser(), 453 test_server()->GetURL("files/ssl/google.html")); 454 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); 455 NavigationEntry* entry = tab->GetController().GetActiveEntry(); 456 ASSERT_TRUE(entry); 457 458 // Now go to a bad HTTPS page that shows an interstitial. 459 ui_test_utils::NavigateToURL(browser(), 460 https_server_expired_.GetURL("files/ssl/google.html")); 461 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, 462 true); // Interstitial showing 463 464 ProvisionalLoadWaiter load_failed_observer(tab); 465 466 // Simulate user clicking on back button (crbug.com/39248). 467 chrome::GoBack(browser(), CURRENT_TAB); 468 469 // Wait until we hear the load failure, and make sure we haven't swapped out 470 // the previous page. Prevents regression of http://crbug.com/82667. 471 load_failed_observer.Wait(); 472 EXPECT_FALSE(content::RenderViewHostTester::IsRenderViewHostSwappedOut( 473 tab->GetRenderViewHost())); 474 475 // We should be back at the original good page. 476 EXPECT_FALSE(browser()->tab_strip_model()->GetActiveWebContents()-> 477 GetInterstitialPage()); 478 CheckUnauthenticatedState(tab); 479} 480 481// Visits a page with https error and then goes back using GoToOffset. 482// Disabled because its flaky: http://crbug.com/40932, http://crbug.com/43575. 483IN_PROC_BROWSER_TEST_F(SSLUITest, 484 TestHTTPSExpiredCertAndGoBackViaMenu) { 485 ASSERT_TRUE(test_server()->Start()); 486 ASSERT_TRUE(https_server_expired_.Start()); 487 488 // First navigate to an HTTP page. 489 ui_test_utils::NavigateToURL(browser(), 490 test_server()->GetURL("files/ssl/google.html")); 491 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); 492 NavigationEntry* entry = tab->GetController().GetActiveEntry(); 493 ASSERT_TRUE(entry); 494 495 // Now go to a bad HTTPS page that shows an interstitial. 496 ui_test_utils::NavigateToURL(browser(), 497 https_server_expired_.GetURL("files/ssl/google.html")); 498 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, 499 true); // Interstitial showing 500 501 // Simulate user clicking and holding on back button (crbug.com/37215). 502 tab->GetController().GoToOffset(-1); 503 504 // We should be back at the original good page. 505 EXPECT_FALSE(browser()->tab_strip_model()->GetActiveWebContents()-> 506 GetInterstitialPage()); 507 CheckUnauthenticatedState(tab); 508} 509 510// Visits a page with https error and then goes forward using GoToOffset. 511IN_PROC_BROWSER_TEST_F(SSLUITest, TestHTTPSExpiredCertAndGoForward) { 512 ASSERT_TRUE(test_server()->Start()); 513 ASSERT_TRUE(https_server_expired_.Start()); 514 515 // First navigate to two HTTP pages. 516 ui_test_utils::NavigateToURL(browser(), 517 test_server()->GetURL("files/ssl/google.html")); 518 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); 519 NavigationEntry* entry1 = tab->GetController().GetActiveEntry(); 520 ASSERT_TRUE(entry1); 521 ui_test_utils::NavigateToURL(browser(), 522 test_server()->GetURL("files/ssl/blank_page.html")); 523 NavigationEntry* entry2 = tab->GetController().GetActiveEntry(); 524 ASSERT_TRUE(entry2); 525 526 // Now go back so that a page is in the forward history. 527 { 528 content::WindowedNotificationObserver observer( 529 content::NOTIFICATION_LOAD_STOP, 530 content::Source<NavigationController>(&tab->GetController())); 531 tab->GetController().GoBack(); 532 observer.Wait(); 533 } 534 ASSERT_TRUE(tab->GetController().CanGoForward()); 535 NavigationEntry* entry3 = tab->GetController().GetActiveEntry(); 536 ASSERT_TRUE(entry1 == entry3); 537 538 // Now go to a bad HTTPS page that shows an interstitial. 539 ui_test_utils::NavigateToURL(browser(), 540 https_server_expired_.GetURL("files/ssl/google.html")); 541 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, 542 true); // Interstitial showing 543 544 // Simulate user clicking and holding on forward button. 545 { 546 content::WindowedNotificationObserver observer( 547 content::NOTIFICATION_LOAD_STOP, 548 content::Source<NavigationController>(&tab->GetController())); 549 tab->GetController().GoToOffset(1); 550 observer.Wait(); 551 } 552 553 // We should be showing the second good page. 554 EXPECT_FALSE(browser()->tab_strip_model()->GetActiveWebContents()-> 555 GetInterstitialPage()); 556 CheckUnauthenticatedState(tab); 557 EXPECT_FALSE(tab->GetController().CanGoForward()); 558 NavigationEntry* entry4 = tab->GetController().GetActiveEntry(); 559 EXPECT_TRUE(entry2 == entry4); 560} 561 562// Visit a HTTP page which request WSS connection to a server providing invalid 563// certificate. Close the page while WSS connection waits for SSLManager's 564// response from UI thread. 565// Disabled on Windows because it was flaking on XP Tests (1). crbug.com/165258 566#if defined(OS_WIN) 567#define MAYBE_TestWSSInvalidCertAndClose DISABLED_TestWSSInvalidCertAndClose 568#else 569#define MAYBE_TestWSSInvalidCertAndClose TestWSSInvalidCertAndClose 570#endif 571IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestWSSInvalidCertAndClose) { 572 ASSERT_TRUE(test_server()->Start()); 573 ASSERT_TRUE(wss_server_expired_.Start()); 574 575 // Setup page title observer. 576 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); 577 content::TitleWatcher watcher(tab, ASCIIToUTF16("PASS")); 578 watcher.AlsoWaitForTitle(ASCIIToUTF16("FAIL")); 579 580 // Create GURLs to test pages. 581 std::string masterUrlPath = base::StringPrintf("%s?%d", 582 test_server()->GetURL("files/ssl/wss_close.html").spec().c_str(), 583 wss_server_expired_.host_port_pair().port()); 584 GURL masterUrl(masterUrlPath); 585 std::string slaveUrlPath = base::StringPrintf("%s?%d", 586 test_server()->GetURL("files/ssl/wss_close_slave.html").spec().c_str(), 587 wss_server_expired_.host_port_pair().port()); 588 GURL slaveUrl(slaveUrlPath); 589 590 // Create tabs and visit pages which keep on creating wss connections. 591 WebContents* tabs[16]; 592 for (int i = 0; i < 16; ++i) { 593 tabs[i] = chrome::AddSelectedTabWithURL(browser(), slaveUrl, 594 content::PAGE_TRANSITION_LINK); 595 } 596 chrome::SelectNextTab(browser()); 597 598 // Visit a page which waits for one TLS handshake failure. 599 // The title will be changed to 'PASS'. 600 ui_test_utils::NavigateToURL(browser(), masterUrl); 601 const string16 result = watcher.WaitAndGetTitle(); 602 EXPECT_TRUE(LowerCaseEqualsASCII(result, "pass")); 603 604 // Close tabs which contains the test page. 605 for (int i = 0; i < 16; ++i) 606 chrome::CloseWebContents(browser(), tabs[i], false); 607 chrome::CloseWebContents(browser(), tab, false); 608} 609 610// Visit a HTTPS page and proceeds despite an invalid certificate. The page 611// requests WSS connection to the same origin host to check if WSS connection 612// share certificates policy with HTTPS correcly. 613IN_PROC_BROWSER_TEST_F(SSLUITest, TestWSSInvalidCertAndGoForward) { 614 ASSERT_TRUE(test_server()->Start()); 615 ASSERT_TRUE(wss_server_expired_.Start()); 616 617 // Setup page title observer. 618 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); 619 content::TitleWatcher watcher(tab, ASCIIToUTF16("PASS")); 620 watcher.AlsoWaitForTitle(ASCIIToUTF16("FAIL")); 621 622 // Visit bad HTTPS page. 623 std::string scheme("https"); 624 GURL::Replacements replacements; 625 replacements.SetSchemeStr(scheme); 626 ui_test_utils::NavigateToURL( 627 browser(), 628 wss_server_expired_.GetURL( 629 "connect_check.html").ReplaceComponents(replacements)); 630 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, 631 true); // Interstitial showing 632 633 // Proceed anyway. 634 ProceedThroughInterstitial(tab); 635 636 // Test page run a WebSocket wss connection test. The result will be shown 637 // as page title. 638 const string16 result = watcher.WaitAndGetTitle(); 639 EXPECT_TRUE(LowerCaseEqualsASCII(result, "pass")); 640} 641 642#if defined(USE_NSS) 643// SSL client certificate tests are only enabled when using NSS for private key 644// storage, as only NSS can avoid modifying global machine state when testing. 645// See http://crbug.com/51132 646 647// Visit a HTTPS page which requires client cert authentication. The client 648// cert will be selected automatically, then a test which uses WebSocket runs. 649// Disabled: http://crbug.com/159985 650IN_PROC_BROWSER_TEST_F(SSLUITest, DISABLED_TestWSSClientCert) { 651 // Open a temporary NSS DB for testing. 652 crypto::ScopedTestNSSDB test_nssdb; 653 ASSERT_TRUE(test_nssdb.is_open()); 654 655 // Import client cert for test. These interfaces require NSS. 656 net::NSSCertDatabase* cert_db = net::NSSCertDatabase::GetInstance(); 657 scoped_refptr<net::CryptoModule> crypt_module = cert_db->GetPublicModule(); 658 std::string pkcs12_data; 659 base::FilePath cert_path = net::GetTestCertsDirectory().Append( 660 FILE_PATH_LITERAL("websocket_client_cert.p12")); 661 EXPECT_TRUE(file_util::ReadFileToString(cert_path, &pkcs12_data)); 662 EXPECT_EQ(net::OK, cert_db->ImportFromPKCS12(crypt_module, 663 pkcs12_data, 664 string16(), 665 true, 666 NULL)); 667 668 // Start WebSocket test server with TLS and client cert authentication. 669 net::SpawnedTestServer::SSLOptions options( 670 net::SpawnedTestServer::SSLOptions::CERT_OK); 671 options.request_client_certificate = true; 672 base::FilePath ca_path = net::GetTestCertsDirectory().Append( 673 FILE_PATH_LITERAL("websocket_cacert.pem")); 674 options.client_authorities.push_back(ca_path); 675 net::SpawnedTestServer wss_server(net::SpawnedTestServer::TYPE_WSS, 676 options, 677 net::GetWebSocketTestDataDirectory()); 678 ASSERT_TRUE(wss_server.Start()); 679 std::string scheme("https"); 680 GURL::Replacements replacements; 681 replacements.SetSchemeStr(scheme); 682 GURL url = wss_server.GetURL("connect_check.html").ReplaceComponents( 683 replacements); 684 685 // Setup page title observer. 686 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); 687 content::TitleWatcher watcher(tab, ASCIIToUTF16("PASS")); 688 watcher.AlsoWaitForTitle(ASCIIToUTF16("FAIL")); 689 690 // Add an entry into AutoSelectCertificateForUrls policy for automatic client 691 // cert selection. 692 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); 693 DCHECK(profile); 694 scoped_ptr<DictionaryValue> dict(new DictionaryValue()); 695 dict->SetString("ISSUER.CN", "pywebsocket"); 696 profile->GetHostContentSettingsMap()->SetWebsiteSetting( 697 ContentSettingsPattern::FromURL(url), 698 ContentSettingsPattern::FromURL(url), 699 CONTENT_SETTINGS_TYPE_AUTO_SELECT_CERTIFICATE, 700 std::string(), 701 dict.release()); 702 703 // Visit a HTTPS page which requires client certs. 704 ui_test_utils::NavigateToURL(browser(), url); 705 CheckAuthenticatedState(tab, false); 706 707 // Test page runs a WebSocket wss connection test. The result will be shown 708 // as page title. 709 const string16 result = watcher.WaitAndGetTitle(); 710 EXPECT_TRUE(LowerCaseEqualsASCII(result, "pass")); 711} 712#endif // defined(USE_NSS) 713 714// Flaky on CrOS http://crbug.com/92292 715#if defined(OS_CHROMEOS) 716#define MAYBE_TestHTTPSErrorWithNoNavEntry \ 717 DISABLED_TestHTTPSErrorWithNoNavEntry 718#else 719#define MAYBE_TestHTTPSErrorWithNoNavEntry TestHTTPSErrorWithNoNavEntry 720#endif // defined(OS_CHROMEOS) 721 722// Open a page with a HTTPS error in a tab with no prior navigation (through a 723// link with a blank target). This is to test that the lack of navigation entry 724// does not cause any problems (it was causing a crasher, see 725// http://crbug.com/19941). 726IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestHTTPSErrorWithNoNavEntry) { 727 ASSERT_TRUE(https_server_expired_.Start()); 728 729 GURL url = https_server_expired_.GetURL("files/ssl/google.htm"); 730 WebContents* tab2 = chrome::AddSelectedTabWithURL( 731 browser(), url, content::PAGE_TRANSITION_TYPED); 732 content::WaitForLoadStop(tab2); 733 734 // Verify our assumption that there was no prior navigation. 735 EXPECT_FALSE(chrome::CanGoBack(browser())); 736 737 // We should have an interstitial page showing. 738 ASSERT_TRUE(tab2->GetInterstitialPage()); 739} 740 741IN_PROC_BROWSER_TEST_F(SSLUITest, TestBadHTTPSDownload) { 742 ASSERT_TRUE(test_server()->Start()); 743 ASSERT_TRUE(https_server_expired_.Start()); 744 GURL url_non_dangerous = test_server()->GetURL(std::string()); 745 GURL url_dangerous = 746 https_server_expired_.GetURL("files/downloads/dangerous/dangerous.exe"); 747 base::ScopedTempDir downloads_directory_; 748 749 // Need empty temp dir to avoid having Chrome ask us for a new filename 750 // when we've downloaded dangerous.exe one hundred times. 751 ASSERT_TRUE(downloads_directory_.CreateUniqueTempDir()); 752 753 browser()->profile()->GetPrefs()->SetFilePath( 754 prefs::kDownloadDefaultDirectory, 755 downloads_directory_.path()); 756 757 // Visit a non-dangerous page. 758 ui_test_utils::NavigateToURL(browser(), url_non_dangerous); 759 760 // Now, start a transition to dangerous download. 761 { 762 content::WindowedNotificationObserver observer( 763 content::NOTIFICATION_LOAD_STOP, 764 content::NotificationService::AllSources()); 765 chrome::NavigateParams navigate_params(browser(), url_dangerous, 766 content::PAGE_TRANSITION_TYPED); 767 chrome::Navigate(&navigate_params); 768 observer.Wait(); 769 } 770 771 // To exit the browser cleanly (and this test) we need to complete the 772 // download after completing this test. 773 content::DownloadTestObserverTerminal dangerous_download_observer( 774 content::BrowserContext::GetDownloadManager(browser()->profile()), 775 1, 776 content::DownloadTestObserver::ON_DANGEROUS_DOWNLOAD_ACCEPT); 777 778 // Proceed through the SSL interstitial. This doesn't use 779 // |ProceedThroughInterstitial| since no page load will commit. 780 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); 781 ASSERT_TRUE(tab != NULL); 782 ASSERT_TRUE(tab->GetInterstitialPage() != NULL); 783 { 784 content::WindowedNotificationObserver observer( 785 chrome::NOTIFICATION_DOWNLOAD_INITIATED, 786 content::NotificationService::AllSources()); 787 tab->GetInterstitialPage()->Proceed(); 788 observer.Wait(); 789 } 790 791 // There should still be an interstitial at this point. Press the 792 // back button on the browser. Note that this doesn't wait for a 793 // NAV_ENTRY_COMMITTED notification because going back with an 794 // active interstitial simply hides the interstitial. 795 ASSERT_TRUE(tab->GetInterstitialPage() != NULL); 796 EXPECT_TRUE(chrome::CanGoBack(browser())); 797 chrome::GoBack(browser(), CURRENT_TAB); 798 799 dangerous_download_observer.WaitForFinished(); 800} 801 802// 803// Insecure content 804// 805 806#if defined(OS_WIN) 807// http://crbug.com/152940 Flaky on win. 808#define MAYBE_TestDisplaysInsecureContent DISABLED_TestDisplaysInsecureContent 809#else 810#define MAYBE_TestDisplaysInsecureContent TestDisplaysInsecureContent 811#endif 812 813// Visits a page that displays insecure content. 814IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestDisplaysInsecureContent) { 815 ASSERT_TRUE(test_server()->Start()); 816 ASSERT_TRUE(https_server_.Start()); 817 818 std::string replacement_path; 819 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement( 820 "files/ssl/page_displays_insecure_content.html", 821 test_server()->host_port_pair(), 822 &replacement_path)); 823 824 // Load a page that displays insecure content. 825 ui_test_utils::NavigateToURL(browser(), 826 https_server_.GetURL(replacement_path)); 827 828 CheckAuthenticatedState( 829 browser()->tab_strip_model()->GetActiveWebContents(), true); 830} 831 832// Visits a page that runs insecure content and tries to suppress the insecure 833// content warnings by randomizing location.hash. 834// Based on http://crbug.com/8706 835IN_PROC_BROWSER_TEST_F(SSLUITest, 836 TestRunsInsecuredContentRandomizeHash) { 837 ASSERT_TRUE(test_server()->Start()); 838 ASSERT_TRUE(https_server_.Start()); 839 840 ui_test_utils::NavigateToURL(browser(), https_server_.GetURL( 841 "files/ssl/page_runs_insecure_content.html")); 842 843 CheckAuthenticationBrokenState( 844 browser()->tab_strip_model()->GetActiveWebContents(), 0, true, false); 845} 846 847// Visits a page with unsafe content and make sure that: 848// - frames content is replaced with warning 849// - images and scripts are filtered out entirely 850IN_PROC_BROWSER_TEST_F(SSLUITest, TestUnsafeContents) { 851 ASSERT_TRUE(https_server_.Start()); 852 ASSERT_TRUE(https_server_expired_.Start()); 853 854 std::string replacement_path; 855 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement( 856 "files/ssl/page_with_unsafe_contents.html", 857 https_server_expired_.host_port_pair(), 858 &replacement_path)); 859 ui_test_utils::NavigateToURL(browser(), 860 https_server_.GetURL(replacement_path)); 861 862 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); 863 // When the bad content is filtered, the state is expected to be 864 // authenticated. 865 CheckAuthenticatedState(tab, false); 866 867 // Because of cross-frame scripting restrictions, we cannot access the iframe 868 // content. So to know if the frame was loaded, we just check if a popup was 869 // opened (the iframe content opens one). 870 // Note: because of bug 1115868, no web contents modal dialog is opened right 871 // now. Once the bug is fixed, this will do the real check. 872 EXPECT_FALSE(IsShowingWebContentsModalDialog()); 873 874 int img_width; 875 EXPECT_TRUE(content::ExecuteScriptAndExtractInt( 876 tab, 877 "window.domAutomationController.send(ImageWidth());", 878 &img_width)); 879 // In order to check that the image was not loaded, we check its width. 880 // The actual image (Google logo) is 114 pixels wide, we assume the broken 881 // image is less than 100. 882 EXPECT_LT(img_width, 100); 883 884 bool js_result = false; 885 EXPECT_TRUE(content::ExecuteScriptAndExtractBool( 886 tab, 887 "window.domAutomationController.send(IsFooSet());", 888 &js_result)); 889 EXPECT_FALSE(js_result); 890} 891 892// Visits a page with insecure content loaded by JS (after the initial page 893// load). 894IN_PROC_BROWSER_TEST_F(SSLUITest, TestDisplaysInsecureContentLoadedFromJS) { 895 ASSERT_TRUE(test_server()->Start()); 896 ASSERT_TRUE(https_server_.Start()); 897 898 std::string replacement_path; 899 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement( 900 "files/ssl/page_with_dynamic_insecure_content.html", 901 test_server()->host_port_pair(), 902 &replacement_path)); 903 ui_test_utils::NavigateToURL(browser(), https_server_.GetURL( 904 replacement_path)); 905 906 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); 907 CheckAuthenticatedState(tab, false); 908 909 // Load the insecure image. 910 bool js_result = false; 911 EXPECT_TRUE(content::ExecuteScriptAndExtractBool( 912 tab, 913 "loadBadImage();", 914 &js_result)); 915 EXPECT_TRUE(js_result); 916 917 // We should now have insecure content. 918 CheckAuthenticatedState(tab, true); 919} 920 921// Visits two pages from the same origin: one that displays insecure content and 922// one that doesn't. The test checks that we do not propagate the insecure 923// content state from one to the other. 924IN_PROC_BROWSER_TEST_F(SSLUITest, TestDisplaysInsecureContentTwoTabs) { 925 ASSERT_TRUE(test_server()->Start()); 926 ASSERT_TRUE(https_server_.Start()); 927 928 ui_test_utils::NavigateToURL(browser(), 929 https_server_.GetURL("files/ssl/blank_page.html")); 930 931 WebContents* tab1 = browser()->tab_strip_model()->GetActiveWebContents(); 932 933 // This tab should be fine. 934 CheckAuthenticatedState(tab1, false); 935 936 // Create a new tab. 937 std::string replacement_path; 938 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement( 939 "files/ssl/page_displays_insecure_content.html", 940 test_server()->host_port_pair(), 941 &replacement_path)); 942 943 GURL url = https_server_.GetURL(replacement_path); 944 chrome::NavigateParams params(browser(), url, content::PAGE_TRANSITION_TYPED); 945 params.disposition = NEW_FOREGROUND_TAB; 946 params.tabstrip_index = 0; 947 params.source_contents = tab1; 948 content::WindowedNotificationObserver observer( 949 content::NOTIFICATION_LOAD_STOP, 950 content::NotificationService::AllSources()); 951 chrome::Navigate(¶ms); 952 WebContents* tab2 = params.target_contents; 953 observer.Wait(); 954 955 // The new tab has insecure content. 956 CheckAuthenticatedState(tab2, true); 957 958 // The original tab should not be contaminated. 959 CheckAuthenticatedState(tab1, false); 960} 961 962// Visits two pages from the same origin: one that runs insecure content and one 963// that doesn't. The test checks that we propagate the insecure content state 964// from one to the other. 965IN_PROC_BROWSER_TEST_F(SSLUITest, TestRunsInsecureContentTwoTabs) { 966 ASSERT_TRUE(test_server()->Start()); 967 ASSERT_TRUE(https_server_.Start()); 968 969 ui_test_utils::NavigateToURL(browser(), 970 https_server_.GetURL("files/ssl/blank_page.html")); 971 972 WebContents* tab1 = browser()->tab_strip_model()->GetActiveWebContents(); 973 974 // This tab should be fine. 975 CheckAuthenticatedState(tab1, false); 976 977 std::string replacement_path; 978 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement( 979 "files/ssl/page_runs_insecure_content.html", 980 test_server()->host_port_pair(), 981 &replacement_path)); 982 983 // Create a new tab in the same process. Using a NEW_FOREGROUND_TAB 984 // disposition won't usually stay in the same process, but this works 985 // because we are using process-per-site in SetUpCommandLine. 986 GURL url = https_server_.GetURL(replacement_path); 987 chrome::NavigateParams params(browser(), url, content::PAGE_TRANSITION_TYPED); 988 params.disposition = NEW_FOREGROUND_TAB; 989 params.source_contents = tab1; 990 content::WindowedNotificationObserver observer( 991 content::NOTIFICATION_LOAD_STOP, 992 content::NotificationService::AllSources()); 993 chrome::Navigate(¶ms); 994 WebContents* tab2 = params.target_contents; 995 observer.Wait(); 996 997 // Both tabs should have the same process. 998 EXPECT_EQ(tab1->GetRenderProcessHost(), 999 tab2->GetRenderProcessHost()); 1000 1001 // The new tab has insecure content. 1002 CheckAuthenticationBrokenState(tab2, 0, true, false); 1003 1004 // Which means the origin for the first tab has also been contaminated with 1005 // insecure content. 1006 CheckAuthenticationBrokenState(tab1, 0, true, false); 1007} 1008 1009// Visits a page with an image over http. Visits another page over https 1010// referencing that same image over http (hoping it is coming from the webcore 1011// memory cache). 1012IN_PROC_BROWSER_TEST_F(SSLUITest, TestDisplaysCachedInsecureContent) { 1013 ASSERT_TRUE(test_server()->Start()); 1014 ASSERT_TRUE(https_server_.Start()); 1015 1016 std::string replacement_path; 1017 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement( 1018 "files/ssl/page_displays_insecure_content.html", 1019 test_server()->host_port_pair(), 1020 &replacement_path)); 1021 1022 // Load original page over HTTP. 1023 const GURL url_http = test_server()->GetURL(replacement_path); 1024 ui_test_utils::NavigateToURL(browser(), url_http); 1025 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); 1026 CheckUnauthenticatedState(tab); 1027 1028 // Load again but over SSL. It should be marked as displaying insecure 1029 // content (even though the image comes from the WebCore memory cache). 1030 const GURL url_https = https_server_.GetURL(replacement_path); 1031 ui_test_utils::NavigateToURL(browser(), url_https); 1032 CheckAuthenticatedState(tab, true); 1033} 1034 1035// http://crbug.com/84729 1036#if defined(OS_CHROMEOS) 1037#define MAYBE_TestRunsCachedInsecureContent \ 1038 DISABLED_TestRunsCachedInsecureContent 1039#else 1040#define MAYBE_TestRunsCachedInsecureContent TestRunsCachedInsecureContent 1041#endif // defined(OS_CHROMEOS) 1042 1043// Visits a page with script over http. Visits another page over https 1044// referencing that same script over http (hoping it is coming from the webcore 1045// memory cache). 1046IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestRunsCachedInsecureContent) { 1047 ASSERT_TRUE(test_server()->Start()); 1048 ASSERT_TRUE(https_server_.Start()); 1049 1050 std::string replacement_path; 1051 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement( 1052 "files/ssl/page_runs_insecure_content.html", 1053 test_server()->host_port_pair(), 1054 &replacement_path)); 1055 1056 // Load original page over HTTP. 1057 const GURL url_http = test_server()->GetURL(replacement_path); 1058 ui_test_utils::NavigateToURL(browser(), url_http); 1059 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); 1060 CheckUnauthenticatedState(tab); 1061 1062 // Load again but over SSL. It should be marked as displaying insecure 1063 // content (even though the image comes from the WebCore memory cache). 1064 const GURL url_https = https_server_.GetURL(replacement_path); 1065 ui_test_utils::NavigateToURL(browser(), url_https); 1066 CheckAuthenticationBrokenState(tab, 0, true, false); 1067} 1068 1069// This test ensures the CN invalid status does not 'stick' to a certificate 1070// (see bug #1044942) and that it depends on the host-name. 1071IN_PROC_BROWSER_TEST_F(SSLUITest, TestCNInvalidStickiness) { 1072 ASSERT_TRUE(https_server_.Start()); 1073 ASSERT_TRUE(https_server_mismatched_.Start()); 1074 1075 // First we hit the server with hostname, this generates an invalid policy 1076 // error. 1077 ui_test_utils::NavigateToURL(browser(), 1078 https_server_mismatched_.GetURL("files/ssl/google.html")); 1079 1080 // We get an interstitial page as a result. 1081 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); 1082 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_COMMON_NAME_INVALID, 1083 false, true); // Interstitial showing. 1084 ProceedThroughInterstitial(tab); 1085 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_COMMON_NAME_INVALID, 1086 false, false); // No interstitial showing. 1087 1088 // Now we try again with the right host name this time. 1089 GURL url(https_server_.GetURL("files/ssl/google.html")); 1090 ui_test_utils::NavigateToURL(browser(), url); 1091 1092 // Security state should be OK. 1093 CheckAuthenticatedState(tab, false); 1094 1095 // Now try again the broken one to make sure it is still broken. 1096 ui_test_utils::NavigateToURL(browser(), 1097 https_server_mismatched_.GetURL("files/ssl/google.html")); 1098 1099 // Since we OKed the interstitial last time, we get right to the page. 1100 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_COMMON_NAME_INVALID, 1101 false, false); // No interstitial showing. 1102} 1103 1104#if defined(OS_CHROMEOS) 1105// This test seems to be flaky and hang on chromiumos. 1106// http://crbug.com/84419 1107#define MAYBE_TestRefNavigation DISABLED_TestRefNavigation 1108#else 1109#define MAYBE_TestRefNavigation TestRefNavigation 1110#endif 1111 1112// Test that navigating to a #ref does not change a bad security state. 1113IN_PROC_BROWSER_TEST_F(SSLUITest, TestRefNavigation) { 1114 ASSERT_TRUE(https_server_expired_.Start()); 1115 1116 ui_test_utils::NavigateToURL(browser(), 1117 https_server_expired_.GetURL("files/ssl/page_with_refs.html")); 1118 1119 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); 1120 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, 1121 true); // Interstitial showing. 1122 1123 ProceedThroughInterstitial(tab); 1124 1125 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, 1126 false); // No interstitial showing. 1127 1128 // Now navigate to a ref in the page, the security state should not have 1129 // changed. 1130 ui_test_utils::NavigateToURL(browser(), 1131 https_server_expired_.GetURL("files/ssl/page_with_refs.html#jp")); 1132 1133 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, 1134 false); // No interstitial showing. 1135} 1136 1137// Tests that closing a page that has a unsafe pop-up does not crash the 1138// browser (bug #1966). 1139// TODO(jcampan): http://crbug.com/2136 disabled because the popup is not 1140// opened as it is not initiated by a user gesture. 1141IN_PROC_BROWSER_TEST_F(SSLUITest, DISABLED_TestCloseTabWithUnsafePopup) { 1142 ASSERT_TRUE(test_server()->Start()); 1143 ASSERT_TRUE(https_server_expired_.Start()); 1144 1145 std::string replacement_path; 1146 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement( 1147 "files/ssl/page_with_unsafe_popup.html", 1148 https_server_expired_.host_port_pair(), 1149 &replacement_path)); 1150 1151 ui_test_utils::NavigateToURL(browser(), 1152 test_server()->GetURL(replacement_path)); 1153 1154 WebContents* tab1 = browser()->tab_strip_model()->GetActiveWebContents(); 1155 // It is probably overkill to add a notification for a popup-opening, let's 1156 // just poll. 1157 for (int i = 0; i < 10; i++) { 1158 if (IsShowingWebContentsModalDialog()) 1159 break; 1160 base::MessageLoop::current()->PostDelayedTask( 1161 FROM_HERE, 1162 base::MessageLoop::QuitClosure(), 1163 base::TimeDelta::FromSeconds(1)); 1164 content::RunMessageLoop(); 1165 } 1166 ASSERT_TRUE(IsShowingWebContentsModalDialog()); 1167 1168 // Let's add another tab to make sure the browser does not exit when we close 1169 // the first tab. 1170 GURL url = test_server()->GetURL("files/ssl/google.html"); 1171 content::WindowedNotificationObserver observer( 1172 content::NOTIFICATION_LOAD_STOP, 1173 content::NotificationService::AllSources()); 1174 chrome::AddSelectedTabWithURL(browser(), url, content::PAGE_TRANSITION_TYPED); 1175 observer.Wait(); 1176 1177 // Close the first tab. 1178 chrome::CloseWebContents(browser(), tab1, false); 1179} 1180 1181// Visit a page over bad https that is a redirect to a page with good https. 1182IN_PROC_BROWSER_TEST_F(SSLUITest, TestRedirectBadToGoodHTTPS) { 1183 ASSERT_TRUE(https_server_.Start()); 1184 ASSERT_TRUE(https_server_expired_.Start()); 1185 1186 GURL url1 = https_server_expired_.GetURL("server-redirect?"); 1187 GURL url2 = https_server_.GetURL("files/ssl/google.html"); 1188 1189 ui_test_utils::NavigateToURL(browser(), GURL(url1.spec() + url2.spec())); 1190 1191 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); 1192 1193 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, 1194 true); // Interstitial showing. 1195 1196 ProceedThroughInterstitial(tab); 1197 1198 // We have been redirected to the good page. 1199 CheckAuthenticatedState(tab, false); 1200} 1201 1202// Visit a page over good https that is a redirect to a page with bad https. 1203IN_PROC_BROWSER_TEST_F(SSLUITest, TestRedirectGoodToBadHTTPS) { 1204 ASSERT_TRUE(https_server_.Start()); 1205 ASSERT_TRUE(https_server_expired_.Start()); 1206 1207 GURL url1 = https_server_.GetURL("server-redirect?"); 1208 GURL url2 = https_server_expired_.GetURL("files/ssl/google.html"); 1209 ui_test_utils::NavigateToURL(browser(), GURL(url1.spec() + url2.spec())); 1210 1211 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); 1212 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, 1213 true); // Interstitial showing. 1214 1215 ProceedThroughInterstitial(tab); 1216 1217 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, 1218 false); // No interstitial showing. 1219} 1220 1221// Visit a page over http that is a redirect to a page with good HTTPS. 1222IN_PROC_BROWSER_TEST_F(SSLUITest, TestRedirectHTTPToGoodHTTPS) { 1223 ASSERT_TRUE(test_server()->Start()); 1224 ASSERT_TRUE(https_server_.Start()); 1225 1226 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); 1227 1228 // HTTP redirects to good HTTPS. 1229 GURL http_url = test_server()->GetURL("server-redirect?"); 1230 GURL good_https_url = 1231 https_server_.GetURL("files/ssl/google.html"); 1232 1233 ui_test_utils::NavigateToURL(browser(), 1234 GURL(http_url.spec() + good_https_url.spec())); 1235 CheckAuthenticatedState(tab, false); 1236} 1237 1238// Visit a page over http that is a redirect to a page with bad HTTPS. 1239IN_PROC_BROWSER_TEST_F(SSLUITest, TestRedirectHTTPToBadHTTPS) { 1240 ASSERT_TRUE(test_server()->Start()); 1241 ASSERT_TRUE(https_server_expired_.Start()); 1242 1243 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); 1244 1245 GURL http_url = test_server()->GetURL("server-redirect?"); 1246 GURL bad_https_url = 1247 https_server_expired_.GetURL("files/ssl/google.html"); 1248 ui_test_utils::NavigateToURL(browser(), 1249 GURL(http_url.spec() + bad_https_url.spec())); 1250 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, 1251 true); // Interstitial showing. 1252 1253 ProceedThroughInterstitial(tab); 1254 1255 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, 1256 false); // No interstitial showing. 1257} 1258 1259// Visit a page over https that is a redirect to a page with http (to make sure 1260// we don't keep the secure state). 1261IN_PROC_BROWSER_TEST_F(SSLUITest, TestRedirectHTTPSToHTTP) { 1262 ASSERT_TRUE(test_server()->Start()); 1263 ASSERT_TRUE(https_server_.Start()); 1264 1265 GURL https_url = https_server_.GetURL("server-redirect?"); 1266 GURL http_url = test_server()->GetURL("files/ssl/google.html"); 1267 1268 ui_test_utils::NavigateToURL(browser(), 1269 GURL(https_url.spec() + http_url.spec())); 1270 CheckUnauthenticatedState( 1271 browser()->tab_strip_model()->GetActiveWebContents()); 1272} 1273 1274// Visits a page to which we could not connect (bad port) over http and https 1275// and make sure the security style is correct. 1276IN_PROC_BROWSER_TEST_F(SSLUITest, TestConnectToBadPort) { 1277 ui_test_utils::NavigateToURL(browser(), GURL("http://localhost:17")); 1278 CheckUnauthenticatedState( 1279 browser()->tab_strip_model()->GetActiveWebContents()); 1280 1281 // Same thing over HTTPS. 1282 ui_test_utils::NavigateToURL(browser(), GURL("https://localhost:17")); 1283 CheckUnauthenticatedState( 1284 browser()->tab_strip_model()->GetActiveWebContents()); 1285} 1286 1287// 1288// Frame navigation 1289// 1290 1291// From a good HTTPS top frame: 1292// - navigate to an OK HTTPS frame 1293// - navigate to a bad HTTPS (expect unsafe content and filtered frame), then 1294// back 1295// - navigate to HTTP (expect insecure content), then back 1296IN_PROC_BROWSER_TEST_F(SSLUITest, DISABLED_TestGoodFrameNavigation) { 1297 ASSERT_TRUE(test_server()->Start()); 1298 ASSERT_TRUE(https_server_.Start()); 1299 ASSERT_TRUE(https_server_expired_.Start()); 1300 1301 std::string top_frame_path; 1302 ASSERT_TRUE(GetTopFramePath(*test_server(), 1303 https_server_, 1304 https_server_expired_, 1305 &top_frame_path)); 1306 1307 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); 1308 ui_test_utils::NavigateToURL(browser(), 1309 https_server_.GetURL(top_frame_path)); 1310 1311 CheckAuthenticatedState(tab, false); 1312 1313 bool success = false; 1314 // Now navigate inside the frame. 1315 { 1316 content::WindowedNotificationObserver observer( 1317 content::NOTIFICATION_LOAD_STOP, 1318 content::Source<NavigationController>(&tab->GetController())); 1319 EXPECT_TRUE(content::ExecuteScriptAndExtractBool( 1320 tab, 1321 "window.domAutomationController.send(clickLink('goodHTTPSLink'));", 1322 &success)); 1323 ASSERT_TRUE(success); 1324 observer.Wait(); 1325 } 1326 1327 // We should still be fine. 1328 CheckAuthenticatedState(tab, false); 1329 1330 // Now let's hit a bad page. 1331 { 1332 content::WindowedNotificationObserver observer( 1333 content::NOTIFICATION_LOAD_STOP, 1334 content::Source<NavigationController>(&tab->GetController())); 1335 EXPECT_TRUE(content::ExecuteScriptAndExtractBool( 1336 tab, 1337 "window.domAutomationController.send(clickLink('badHTTPSLink'));", 1338 &success)); 1339 ASSERT_TRUE(success); 1340 observer.Wait(); 1341 } 1342 1343 // The security style should still be secure. 1344 CheckAuthenticatedState(tab, false); 1345 1346 // And the frame should be blocked. 1347 bool is_content_evil = true; 1348 std::string content_frame_xpath("html/frameset/frame[2]"); 1349 std::string is_evil_js("window.domAutomationController.send(" 1350 "document.getElementById('evilDiv') != null);"); 1351 EXPECT_TRUE(content::ExecuteScriptInFrameAndExtractBool( 1352 tab, 1353 content_frame_xpath, 1354 is_evil_js, 1355 &is_content_evil)); 1356 EXPECT_FALSE(is_content_evil); 1357 1358 // Now go back, our state should still be OK. 1359 { 1360 content::WindowedNotificationObserver observer( 1361 content::NOTIFICATION_LOAD_STOP, 1362 content::Source<NavigationController>(&tab->GetController())); 1363 tab->GetController().GoBack(); 1364 observer.Wait(); 1365 } 1366 CheckAuthenticatedState(tab, false); 1367 1368 // Navigate to a page served over HTTP. 1369 { 1370 content::WindowedNotificationObserver observer( 1371 content::NOTIFICATION_LOAD_STOP, 1372 content::Source<NavigationController>(&tab->GetController())); 1373 EXPECT_TRUE(content::ExecuteScriptAndExtractBool( 1374 tab, 1375 "window.domAutomationController.send(clickLink('HTTPLink'));", 1376 &success)); 1377 ASSERT_TRUE(success); 1378 observer.Wait(); 1379 } 1380 1381 // Our state should be insecure. 1382 CheckAuthenticatedState(tab, true); 1383 1384 // Go back, our state should be unchanged. 1385 { 1386 content::WindowedNotificationObserver observer( 1387 content::NOTIFICATION_LOAD_STOP, 1388 content::Source<NavigationController>(&tab->GetController())); 1389 tab->GetController().GoBack(); 1390 observer.Wait(); 1391 } 1392 CheckAuthenticatedState(tab, true); 1393} 1394 1395// From a bad HTTPS top frame: 1396// - navigate to an OK HTTPS frame (expected to be still authentication broken). 1397IN_PROC_BROWSER_TEST_F(SSLUITest, TestBadFrameNavigation) { 1398 ASSERT_TRUE(https_server_.Start()); 1399 ASSERT_TRUE(https_server_expired_.Start()); 1400 1401 std::string top_frame_path; 1402 ASSERT_TRUE(GetTopFramePath(*test_server(), 1403 https_server_, 1404 https_server_expired_, 1405 &top_frame_path)); 1406 1407 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); 1408 ui_test_utils::NavigateToURL(browser(), 1409 https_server_expired_.GetURL(top_frame_path)); 1410 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, 1411 true); // Interstitial showing 1412 1413 ProceedThroughInterstitial(tab); 1414 1415 // Navigate to a good frame. 1416 bool success = false; 1417 content::WindowedNotificationObserver observer( 1418 content::NOTIFICATION_LOAD_STOP, 1419 content::Source<NavigationController>(&tab->GetController())); 1420 EXPECT_TRUE(content::ExecuteScriptAndExtractBool( 1421 tab, 1422 "window.domAutomationController.send(clickLink('goodHTTPSLink'));", 1423 &success)); 1424 ASSERT_TRUE(success); 1425 observer.Wait(); 1426 1427 // We should still be authentication broken. 1428 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, 1429 false); 1430} 1431 1432// From an HTTP top frame, navigate to good and bad HTTPS (security state should 1433// stay unauthenticated). 1434// Disabled, flakily exceeds test timeout, http://crbug.com/43437. 1435IN_PROC_BROWSER_TEST_F(SSLUITest, DISABLED_TestUnauthenticatedFrameNavigation) { 1436 ASSERT_TRUE(test_server()->Start()); 1437 ASSERT_TRUE(https_server_.Start()); 1438 ASSERT_TRUE(https_server_expired_.Start()); 1439 1440 std::string top_frame_path; 1441 ASSERT_TRUE(GetTopFramePath(*test_server(), 1442 https_server_, 1443 https_server_expired_, 1444 &top_frame_path)); 1445 1446 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); 1447 ui_test_utils::NavigateToURL(browser(), 1448 test_server()->GetURL(top_frame_path)); 1449 CheckUnauthenticatedState(tab); 1450 1451 // Now navigate inside the frame to a secure HTTPS frame. 1452 { 1453 bool success = false; 1454 content::WindowedNotificationObserver observer( 1455 content::NOTIFICATION_LOAD_STOP, 1456 content::Source<NavigationController>(&tab->GetController())); 1457 EXPECT_TRUE(content::ExecuteScriptAndExtractBool( 1458 tab, 1459 "window.domAutomationController.send(clickLink('goodHTTPSLink'));", 1460 &success)); 1461 ASSERT_TRUE(success); 1462 observer.Wait(); 1463 } 1464 1465 // We should still be unauthenticated. 1466 CheckUnauthenticatedState(tab); 1467 1468 // Now navigate to a bad HTTPS frame. 1469 { 1470 bool success = false; 1471 content::WindowedNotificationObserver observer( 1472 content::NOTIFICATION_LOAD_STOP, 1473 content::Source<NavigationController>(&tab->GetController())); 1474 EXPECT_TRUE(content::ExecuteScriptAndExtractBool( 1475 tab, 1476 "window.domAutomationController.send(clickLink('badHTTPSLink'));", 1477 &success)); 1478 ASSERT_TRUE(success); 1479 observer.Wait(); 1480 } 1481 1482 // State should not have changed. 1483 CheckUnauthenticatedState(tab); 1484 1485 // And the frame should have been blocked (see bug #2316). 1486 bool is_content_evil = true; 1487 std::string content_frame_xpath("html/frameset/frame[2]"); 1488 std::string is_evil_js("window.domAutomationController.send(" 1489 "document.getElementById('evilDiv') != null);"); 1490 EXPECT_TRUE(content::ExecuteScriptInFrameAndExtractBool( 1491 tab, 1492 content_frame_xpath, 1493 is_evil_js, 1494 &is_content_evil)); 1495 EXPECT_FALSE(is_content_evil); 1496} 1497 1498IN_PROC_BROWSER_TEST_F(SSLUITest, TestUnsafeContentsInWorkerFiltered) { 1499 ASSERT_TRUE(https_server_.Start()); 1500 ASSERT_TRUE(https_server_expired_.Start()); 1501 1502 // This page will spawn a Worker which will try to load content from 1503 // BadCertServer. 1504 std::string page_with_unsafe_worker_path; 1505 ASSERT_TRUE(GetPageWithUnsafeWorkerPath(https_server_expired_, 1506 &page_with_unsafe_worker_path)); 1507 ui_test_utils::NavigateToURL(browser(), https_server_.GetURL( 1508 page_with_unsafe_worker_path)); 1509 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); 1510 // Expect Worker not to load insecure content. 1511 CheckWorkerLoadResult(tab, false); 1512 // The bad content is filtered, expect the state to be authenticated. 1513 CheckAuthenticatedState(tab, false); 1514} 1515 1516IN_PROC_BROWSER_TEST_F(SSLUITest, TestUnsafeContentsInWorker) { 1517 ASSERT_TRUE(https_server_.Start()); 1518 ASSERT_TRUE(https_server_expired_.Start()); 1519 1520 // Navigate to an unsafe site. Proceed with interstitial page to indicate 1521 // the user approves the bad certificate. 1522 ui_test_utils::NavigateToURL(browser(), 1523 https_server_expired_.GetURL("files/ssl/blank_page.html")); 1524 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); 1525 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, 1526 true); // Interstitial showing 1527 ProceedThroughInterstitial(tab); 1528 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, 1529 false); // No Interstitial 1530 1531 // Navigate to safe page that has Worker loading unsafe content. 1532 // Expect content to load but be marked as auth broken due to running insecure 1533 // content. 1534 std::string page_with_unsafe_worker_path; 1535 ASSERT_TRUE(GetPageWithUnsafeWorkerPath(https_server_expired_, 1536 &page_with_unsafe_worker_path)); 1537 ui_test_utils::NavigateToURL(browser(), https_server_.GetURL( 1538 page_with_unsafe_worker_path)); 1539 CheckWorkerLoadResult(tab, true); // Worker loads insecure content 1540 CheckAuthenticationBrokenState(tab, 0, true, false); 1541} 1542 1543// Test that when the browser blocks displaying insecure content (images), the 1544// indicator shows a secure page, because the blocking made the otherwise 1545// unsafe page safe (the notification of this state is handled by other means). 1546IN_PROC_BROWSER_TEST_F(SSLUITestBlock, TestBlockDisplayingInsecureImage) { 1547 ASSERT_TRUE(test_server()->Start()); 1548 ASSERT_TRUE(https_server_.Start()); 1549 1550 std::string replacement_path; 1551 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement( 1552 "files/ssl/page_displays_insecure_content.html", 1553 test_server()->host_port_pair(), 1554 &replacement_path)); 1555 1556 ui_test_utils::NavigateToURL(browser(), 1557 https_server_.GetURL(replacement_path)); 1558 1559 CheckAuthenticatedState( 1560 browser()->tab_strip_model()->GetActiveWebContents(), false); 1561} 1562 1563// Test that when the browser blocks displaying insecure content (iframes), the 1564// indicator shows a secure page, because the blocking made the otherwise 1565// unsafe page safe (the notification of this state is handled by other means) 1566IN_PROC_BROWSER_TEST_F(SSLUITestBlock, TestBlockDisplayingInsecureIframe) { 1567 ASSERT_TRUE(test_server()->Start()); 1568 ASSERT_TRUE(https_server_.Start()); 1569 1570 std::string replacement_path; 1571 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement( 1572 "files/ssl/page_displays_insecure_iframe.html", 1573 test_server()->host_port_pair(), 1574 &replacement_path)); 1575 1576 ui_test_utils::NavigateToURL(browser(), 1577 https_server_.GetURL(replacement_path)); 1578 1579 CheckAuthenticatedState( 1580 browser()->tab_strip_model()->GetActiveWebContents(), false); 1581} 1582 1583 1584// Test that when the browser blocks running insecure content, the 1585// indicator shows a secure page, because the blocking made the otherwise 1586// unsafe page safe (the notification of this state is handled by other means). 1587IN_PROC_BROWSER_TEST_F(SSLUITestBlock, TestBlockRunningInsecureContent) { 1588 ASSERT_TRUE(test_server()->Start()); 1589 ASSERT_TRUE(https_server_.Start()); 1590 1591 std::string replacement_path; 1592 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement( 1593 "files/ssl/page_runs_insecure_content.html", 1594 test_server()->host_port_pair(), 1595 &replacement_path)); 1596 1597 ui_test_utils::NavigateToURL(browser(), 1598 https_server_.GetURL(replacement_path)); 1599 1600 CheckAuthenticatedState( 1601 browser()->tab_strip_model()->GetActiveWebContents(), false); 1602} 1603 1604// Visit a page and establish a WebSocket connection over bad https with 1605// --ignore-certificate-errors. The connection should be established without 1606// interstitial page showing. 1607IN_PROC_BROWSER_TEST_F(SSLUITestIgnoreCertErrors, TestWSS) { 1608 ASSERT_TRUE(test_server()->Start()); 1609 ASSERT_TRUE(wss_server_expired_.Start()); 1610 1611 // Setup page title observer. 1612 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); 1613 content::TitleWatcher watcher(tab, ASCIIToUTF16("PASS")); 1614 watcher.AlsoWaitForTitle(ASCIIToUTF16("FAIL")); 1615 1616 // Visit bad HTTPS page. 1617 std::string scheme("https"); 1618 GURL::Replacements replacements; 1619 replacements.SetSchemeStr(scheme); 1620 ui_test_utils::NavigateToURL( 1621 browser(), 1622 wss_server_expired_.GetURL( 1623 "connect_check.html").ReplaceComponents(replacements)); 1624 1625 // We shouldn't have an interstitial page showing here. 1626 1627 // Test page run a WebSocket wss connection test. The result will be shown 1628 // as page title. 1629 const string16 result = watcher.WaitAndGetTitle(); 1630 EXPECT_TRUE(LowerCaseEqualsASCII(result, "pass")); 1631} 1632 1633// TODO(jcampan): more tests to do below. 1634 1635// Visit a page over https that contains a frame with a redirect. 1636 1637// XMLHttpRequest insecure content in synchronous mode. 1638 1639// XMLHttpRequest insecure content in asynchronous mode. 1640 1641// XMLHttpRequest over bad ssl in synchronous mode. 1642 1643// XMLHttpRequest over OK ssl in synchronous mode. 1644