ssl_browser_tests.cc revision effb81e5f8246d0db0270817048dc992db66e9fb
1// Copyright (c) 2012 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "base/command_line.h" 6#include "base/path_service.h" 7#include "base/prefs/pref_service.h" 8#include "base/strings/string_util.h" 9#include "base/strings/stringprintf.h" 10#include "base/strings/utf_string_conversions.h" 11#include "base/time/time.h" 12#include "chrome/app/chrome_command_ids.h" 13#include "chrome/browser/chrome_notification_types.h" 14#include "chrome/browser/content_settings/host_content_settings_map.h" 15#include "chrome/browser/profiles/profile.h" 16#include "chrome/browser/ui/browser.h" 17#include "chrome/browser/ui/browser_commands.h" 18#include "chrome/browser/ui/browser_navigator.h" 19#include "chrome/browser/ui/browser_tabstrip.h" 20#include "chrome/browser/ui/tabs/tab_strip_model.h" 21#include "chrome/common/chrome_paths.h" 22#include "chrome/common/chrome_switches.h" 23#include "chrome/common/pref_names.h" 24#include "chrome/test/base/in_process_browser_test.h" 25#include "chrome/test/base/ui_test_utils.h" 26#include "components/web_modal/web_contents_modal_dialog_manager.h" 27#include "content/public/browser/browser_context.h" 28#include "content/public/browser/interstitial_page.h" 29#include "content/public/browser/navigation_controller.h" 30#include "content/public/browser/navigation_entry.h" 31#include "content/public/browser/notification_service.h" 32#include "content/public/browser/render_view_host.h" 33#include "content/public/browser/web_contents.h" 34#include "content/public/browser/web_contents_observer.h" 35#include "content/public/common/security_style.h" 36#include "content/public/common/ssl_status.h" 37#include "content/public/test/browser_test_utils.h" 38#include "content/public/test/download_test_observer.h" 39#include "content/public/test/test_renderer_host.h" 40#include "crypto/nss_util.h" 41#include "net/base/crypto_module.h" 42#include "net/base/net_errors.h" 43#include "net/base/test_data_directory.h" 44#include "net/cert/cert_status_flags.h" 45#include "net/test/spawned_test_server/spawned_test_server.h" 46 47#if defined(USE_NSS) 48#include "net/cert/nss_cert_database.h" 49#endif // defined(USE_NSS) 50 51using base::ASCIIToUTF16; 52using content::InterstitialPage; 53using content::NavigationController; 54using content::NavigationEntry; 55using content::SSLStatus; 56using content::WebContents; 57using web_modal::WebContentsModalDialogManager; 58 59const base::FilePath::CharType kDocRoot[] = 60 FILE_PATH_LITERAL("chrome/test/data"); 61 62namespace { 63 64class ProvisionalLoadWaiter : public content::WebContentsObserver { 65 public: 66 explicit ProvisionalLoadWaiter(WebContents* tab) 67 : WebContentsObserver(tab), waiting_(false), seen_(false) {} 68 69 void Wait() { 70 if (seen_) 71 return; 72 73 waiting_ = true; 74 content::RunMessageLoop(); 75 } 76 77 virtual void DidFailProvisionalLoad( 78 int64 frame_id, 79 const base::string16& frame_unique_name, 80 bool is_main_frame, 81 const GURL& validated_url, 82 int error_code, 83 const base::string16& error_description, 84 content::RenderViewHost* render_view_host) OVERRIDE { 85 seen_ = true; 86 if (waiting_) 87 base::MessageLoopForUI::current()->Quit(); 88 } 89 90 private: 91 bool waiting_; 92 bool seen_; 93}; 94 95namespace AuthState { 96 97enum AuthStateFlags { 98 NONE = 0, 99 DISPLAYED_INSECURE_CONTENT = 1 << 0, 100 RAN_INSECURE_CONTENT = 1 << 1, 101 SHOWING_INTERSTITIAL = 1 << 2 102}; 103 104void Check(const NavigationEntry& entry, int expected_authentication_state) { 105 EXPECT_EQ(!!(expected_authentication_state & AuthState::SHOWING_INTERSTITIAL) 106 ? content::PAGE_TYPE_INTERSTITIAL 107 : content::PAGE_TYPE_NORMAL, 108 entry.GetPageType()); 109 110 bool displayed_insecure_content = 111 !!(entry.GetSSL().content_status & SSLStatus::DISPLAYED_INSECURE_CONTENT); 112 EXPECT_EQ( 113 !!(expected_authentication_state & AuthState::DISPLAYED_INSECURE_CONTENT), 114 displayed_insecure_content); 115 116 bool ran_insecure_content = 117 !!(entry.GetSSL().content_status & SSLStatus::RAN_INSECURE_CONTENT); 118 EXPECT_EQ(!!(expected_authentication_state & AuthState::RAN_INSECURE_CONTENT), 119 ran_insecure_content); 120} 121 122} // namespace AuthState 123 124namespace SecurityStyle { 125 126void Check(const NavigationEntry& entry, 127 content::SecurityStyle expected_security_style) { 128 EXPECT_EQ(expected_security_style, entry.GetSSL().security_style); 129} 130 131} // namespace SecurityStyle 132 133namespace CertError { 134 135enum CertErrorFlags { 136 NONE = 0 137}; 138 139void Check(const NavigationEntry& entry, net::CertStatus error) { 140 if (error) { 141 EXPECT_EQ(error, entry.GetSSL().cert_status & error); 142 net::CertStatus extra_cert_errors = 143 error ^ (entry.GetSSL().cert_status & net::CERT_STATUS_ALL_ERRORS); 144 if (extra_cert_errors) 145 LOG(WARNING) << "Got unexpected cert error: " << extra_cert_errors; 146 } else { 147 EXPECT_EQ(0U, entry.GetSSL().cert_status & net::CERT_STATUS_ALL_ERRORS); 148 } 149} 150 151} // namespace CertError 152 153void CheckSecurityState(WebContents* tab, 154 net::CertStatus error, 155 content::SecurityStyle expected_security_style, 156 int expected_authentication_state) { 157 ASSERT_FALSE(tab->IsCrashed()); 158 NavigationEntry* entry = tab->GetController().GetActiveEntry(); 159 ASSERT_TRUE(entry); 160 CertError::Check(*entry, error); 161 SecurityStyle::Check(*entry, expected_security_style); 162 AuthState::Check(*entry, expected_authentication_state); 163} 164 165} // namespace 166 167class SSLUITest : public InProcessBrowserTest { 168 public: 169 SSLUITest() 170 : https_server_(net::SpawnedTestServer::TYPE_HTTPS, 171 SSLOptions(SSLOptions::CERT_OK), 172 base::FilePath(kDocRoot)), 173 https_server_expired_(net::SpawnedTestServer::TYPE_HTTPS, 174 SSLOptions(SSLOptions::CERT_EXPIRED), 175 base::FilePath(kDocRoot)), 176 https_server_mismatched_(net::SpawnedTestServer::TYPE_HTTPS, 177 SSLOptions(SSLOptions::CERT_MISMATCHED_NAME), 178 base::FilePath(kDocRoot)), 179 wss_server_expired_(net::SpawnedTestServer::TYPE_WSS, 180 SSLOptions(SSLOptions::CERT_EXPIRED), 181 net::GetWebSocketTestDataDirectory()) {} 182 183 virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE { 184 // Browser will both run and display insecure content. 185 command_line->AppendSwitch(switches::kAllowRunningInsecureContent); 186 // Use process-per-site so that navigating to a same-site page in a 187 // new tab will use the same process. 188 command_line->AppendSwitch(switches::kProcessPerSite); 189 } 190 191 void CheckAuthenticatedState(WebContents* tab, 192 int expected_authentication_state) { 193 CheckSecurityState(tab, 194 CertError::NONE, 195 content::SECURITY_STYLE_AUTHENTICATED, 196 expected_authentication_state); 197 } 198 199 void CheckUnauthenticatedState(WebContents* tab) { 200 CheckSecurityState(tab, 201 CertError::NONE, 202 content::SECURITY_STYLE_UNAUTHENTICATED, 203 AuthState::NONE); 204 } 205 206 void CheckAuthenticationBrokenState(WebContents* tab, 207 net::CertStatus error, 208 int expected_authentication_state) { 209 CheckSecurityState(tab, 210 error, 211 content::SECURITY_STYLE_AUTHENTICATION_BROKEN, 212 expected_authentication_state); 213 // CERT_STATUS_UNABLE_TO_CHECK_REVOCATION doesn't lower the security style 214 // to SECURITY_STYLE_AUTHENTICATION_BROKEN. 215 ASSERT_NE(net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION, error); 216 } 217 218 void CheckWorkerLoadResult(WebContents* tab, bool expected_load) { 219 // Workers are async and we don't have notifications for them passing 220 // messages since they do it between renderer and worker processes. 221 // So have a polling loop, check every 200ms, timeout at 30s. 222 const int kTimeoutMS = 200; 223 base::Time time_to_quit = base::Time::Now() + 224 base::TimeDelta::FromMilliseconds(30000); 225 226 while (base::Time::Now() < time_to_quit) { 227 bool worker_finished = false; 228 ASSERT_TRUE(content::ExecuteScriptAndExtractBool( 229 tab, 230 "window.domAutomationController.send(IsWorkerFinished());", 231 &worker_finished)); 232 233 if (worker_finished) 234 break; 235 236 // Wait a bit. 237 base::MessageLoop::current()->PostDelayedTask( 238 FROM_HERE, 239 base::MessageLoop::QuitClosure(), 240 base::TimeDelta::FromMilliseconds(kTimeoutMS)); 241 content::RunMessageLoop(); 242 } 243 244 bool actually_loaded_content = false; 245 ASSERT_TRUE(content::ExecuteScriptAndExtractBool( 246 tab, 247 "window.domAutomationController.send(IsContentLoaded());", 248 &actually_loaded_content)); 249 EXPECT_EQ(expected_load, actually_loaded_content); 250 } 251 252 void ProceedThroughInterstitial(WebContents* tab) { 253 InterstitialPage* interstitial_page = tab->GetInterstitialPage(); 254 ASSERT_TRUE(interstitial_page); 255 content::WindowedNotificationObserver observer( 256 content::NOTIFICATION_LOAD_STOP, 257 content::Source<NavigationController>(&tab->GetController())); 258 interstitial_page->Proceed(); 259 observer.Wait(); 260 } 261 262 bool IsShowingWebContentsModalDialog() const { 263 return WebContentsModalDialogManager::FromWebContents( 264 browser()->tab_strip_model()->GetActiveWebContents())-> 265 IsDialogActive(); 266 } 267 268 static bool GetFilePathWithHostAndPortReplacement( 269 const std::string& original_file_path, 270 const net::HostPortPair& host_port_pair, 271 std::string* replacement_path) { 272 std::vector<net::SpawnedTestServer::StringPair> replacement_text; 273 replacement_text.push_back( 274 make_pair("REPLACE_WITH_HOST_AND_PORT", host_port_pair.ToString())); 275 return net::SpawnedTestServer::GetFilePathWithReplacements( 276 original_file_path, replacement_text, replacement_path); 277 } 278 279 static bool GetTopFramePath(const net::SpawnedTestServer& http_server, 280 const net::SpawnedTestServer& good_https_server, 281 const net::SpawnedTestServer& bad_https_server, 282 std::string* top_frame_path) { 283 // The "frame_left.html" page contained in the top_frame.html page contains 284 // <a href>'s to three different servers. This sets up all of the 285 // replacement text to work with test servers which listen on ephemeral 286 // ports. 287 GURL http_url = http_server.GetURL("files/ssl/google.html"); 288 GURL good_https_url = good_https_server.GetURL("files/ssl/google.html"); 289 GURL bad_https_url = bad_https_server.GetURL( 290 "files/ssl/bad_iframe.html"); 291 292 std::vector<net::SpawnedTestServer::StringPair> replacement_text_frame_left; 293 replacement_text_frame_left.push_back( 294 make_pair("REPLACE_WITH_HTTP_PAGE", http_url.spec())); 295 replacement_text_frame_left.push_back( 296 make_pair("REPLACE_WITH_GOOD_HTTPS_PAGE", good_https_url.spec())); 297 replacement_text_frame_left.push_back( 298 make_pair("REPLACE_WITH_BAD_HTTPS_PAGE", bad_https_url.spec())); 299 std::string frame_left_path; 300 if (!net::SpawnedTestServer::GetFilePathWithReplacements( 301 "frame_left.html", 302 replacement_text_frame_left, 303 &frame_left_path)) 304 return false; 305 306 // Substitute the generated frame_left URL into the top_frame page. 307 std::vector<net::SpawnedTestServer::StringPair> replacement_text_top_frame; 308 replacement_text_top_frame.push_back( 309 make_pair("REPLACE_WITH_FRAME_LEFT_PATH", frame_left_path)); 310 return net::SpawnedTestServer::GetFilePathWithReplacements( 311 "files/ssl/top_frame.html", 312 replacement_text_top_frame, 313 top_frame_path); 314 } 315 316 static bool GetPageWithUnsafeWorkerPath( 317 const net::SpawnedTestServer& expired_https_server, 318 std::string* page_with_unsafe_worker_path) { 319 // Get the "imported.js" URL from the expired https server and 320 // substitute it into the unsafe_worker.js file. 321 GURL imported_js_url = expired_https_server.GetURL("files/ssl/imported.js"); 322 std::vector<net::SpawnedTestServer::StringPair> 323 replacement_text_for_unsafe_worker; 324 replacement_text_for_unsafe_worker.push_back( 325 make_pair("REPLACE_WITH_IMPORTED_JS_URL", imported_js_url.spec())); 326 std::string unsafe_worker_path; 327 if (!net::SpawnedTestServer::GetFilePathWithReplacements( 328 "unsafe_worker.js", 329 replacement_text_for_unsafe_worker, 330 &unsafe_worker_path)) 331 return false; 332 333 // Now, substitute this into the page with unsafe worker. 334 std::vector<net::SpawnedTestServer::StringPair> 335 replacement_text_for_page_with_unsafe_worker; 336 replacement_text_for_page_with_unsafe_worker.push_back( 337 make_pair("REPLACE_WITH_UNSAFE_WORKER_PATH", unsafe_worker_path)); 338 return net::SpawnedTestServer::GetFilePathWithReplacements( 339 "files/ssl/page_with_unsafe_worker.html", 340 replacement_text_for_page_with_unsafe_worker, 341 page_with_unsafe_worker_path); 342 } 343 344 net::SpawnedTestServer https_server_; 345 net::SpawnedTestServer https_server_expired_; 346 net::SpawnedTestServer https_server_mismatched_; 347 net::SpawnedTestServer wss_server_expired_; 348 349 private: 350 typedef net::SpawnedTestServer::SSLOptions SSLOptions; 351 352 DISALLOW_COPY_AND_ASSIGN(SSLUITest); 353}; 354 355class SSLUITestBlock : public SSLUITest { 356 public: 357 SSLUITestBlock() : SSLUITest() {} 358 359 // Browser will neither run nor display insecure content. 360 virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE { 361 command_line->AppendSwitch(switches::kNoDisplayingInsecureContent); 362 } 363}; 364 365class SSLUITestIgnoreCertErrors : public SSLUITest { 366 public: 367 SSLUITestIgnoreCertErrors() : SSLUITest() {} 368 369 virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE { 370 // Browser will ignore certificate errors. 371 command_line->AppendSwitch(switches::kIgnoreCertificateErrors); 372 } 373}; 374 375// Visits a regular page over http. 376IN_PROC_BROWSER_TEST_F(SSLUITest, TestHTTP) { 377 ASSERT_TRUE(test_server()->Start()); 378 379 ui_test_utils::NavigateToURL(browser(), 380 test_server()->GetURL("files/ssl/google.html")); 381 382 CheckUnauthenticatedState( 383 browser()->tab_strip_model()->GetActiveWebContents()); 384} 385 386// Visits a page over http which includes broken https resources (status should 387// be OK). 388// TODO(jcampan): test that bad HTTPS content is blocked (otherwise we'll give 389// the secure cookies away!). 390IN_PROC_BROWSER_TEST_F(SSLUITest, TestHTTPWithBrokenHTTPSResource) { 391 ASSERT_TRUE(test_server()->Start()); 392 ASSERT_TRUE(https_server_expired_.Start()); 393 394 std::string replacement_path; 395 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement( 396 "files/ssl/page_with_unsafe_contents.html", 397 https_server_expired_.host_port_pair(), 398 &replacement_path)); 399 400 ui_test_utils::NavigateToURL( 401 browser(), test_server()->GetURL(replacement_path)); 402 403 CheckUnauthenticatedState( 404 browser()->tab_strip_model()->GetActiveWebContents()); 405} 406 407IN_PROC_BROWSER_TEST_F(SSLUITest, TestBrokenHTTPSWithInsecureContent) { 408 ASSERT_TRUE(test_server()->Start()); 409 ASSERT_TRUE(https_server_expired_.Start()); 410 411 std::string replacement_path; 412 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement( 413 "files/ssl/page_displays_insecure_content.html", 414 test_server()->host_port_pair(), 415 &replacement_path)); 416 417 ui_test_utils::NavigateToURL(browser(), 418 https_server_expired_.GetURL(replacement_path)); 419 420 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); 421 CheckAuthenticationBrokenState( 422 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL); 423 424 ProceedThroughInterstitial(tab); 425 426 CheckAuthenticationBrokenState(tab, 427 net::CERT_STATUS_DATE_INVALID, 428 AuthState::DISPLAYED_INSECURE_CONTENT); 429} 430 431// http://crbug.com/91745 432#if defined(OS_CHROMEOS) 433#define MAYBE_TestOKHTTPS DISABLED_TestOKHTTPS 434#else 435#define MAYBE_TestOKHTTPS TestOKHTTPS 436#endif 437 438// Visits a page over OK https: 439IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestOKHTTPS) { 440 ASSERT_TRUE(https_server_.Start()); 441 442 ui_test_utils::NavigateToURL(browser(), 443 https_server_.GetURL("files/ssl/google.html")); 444 445 CheckAuthenticatedState(browser()->tab_strip_model()->GetActiveWebContents(), 446 AuthState::NONE); 447} 448 449// Visits a page with https error and proceed: 450IN_PROC_BROWSER_TEST_F(SSLUITest, TestHTTPSExpiredCertAndProceed) { 451 ASSERT_TRUE(https_server_expired_.Start()); 452 453 ui_test_utils::NavigateToURL(browser(), 454 https_server_expired_.GetURL("files/ssl/google.html")); 455 456 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); 457 CheckAuthenticationBrokenState( 458 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL); 459 460 ProceedThroughInterstitial(tab); 461 462 CheckAuthenticationBrokenState( 463 tab, net::CERT_STATUS_DATE_INVALID, AuthState::NONE); 464} 465 466#ifndef NEDBUG 467// Flaky on Windows debug (http://crbug.com/280537). 468#define MAYBE_TestHTTPSExpiredCertAndDontProceed \ 469 DISABLED_TestHTTPSExpiredCertAndDontProceed 470#else 471#define MAYBE_TestHTTPSExpiredCertAndDontProceed \ 472 TestHTTPSExpiredCertAndDontProceed 473#endif 474 475// Visits a page with https error and don't proceed (and ensure we can still 476// navigate at that point): 477IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestHTTPSExpiredCertAndDontProceed) { 478 ASSERT_TRUE(test_server()->Start()); 479 ASSERT_TRUE(https_server_.Start()); 480 ASSERT_TRUE(https_server_expired_.Start()); 481 482 // First navigate to an OK page. 483 ui_test_utils::NavigateToURL(browser(), 484 https_server_.GetURL("files/ssl/google.html")); 485 486 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); 487 NavigationEntry* entry = tab->GetController().GetActiveEntry(); 488 ASSERT_TRUE(entry); 489 490 GURL cross_site_url = 491 https_server_expired_.GetURL("files/ssl/google.html"); 492 // Change the host name from 127.0.0.1 to localhost so it triggers a 493 // cross-site navigation so we can test http://crbug.com/5800 is gone. 494 ASSERT_EQ("127.0.0.1", cross_site_url.host()); 495 GURL::Replacements replacements; 496 std::string new_host("localhost"); 497 replacements.SetHostStr(new_host); 498 cross_site_url = cross_site_url.ReplaceComponents(replacements); 499 500 // Now go to a bad HTTPS page. 501 ui_test_utils::NavigateToURL(browser(), cross_site_url); 502 503 // An interstitial should be showing. 504 CheckAuthenticationBrokenState(tab, 505 net::CERT_STATUS_COMMON_NAME_INVALID, 506 AuthState::SHOWING_INTERSTITIAL); 507 508 // Simulate user clicking "Take me back". 509 InterstitialPage* interstitial_page = tab->GetInterstitialPage(); 510 ASSERT_TRUE(interstitial_page); 511 interstitial_page->DontProceed(); 512 513 // We should be back to the original good page. 514 CheckAuthenticatedState(tab, AuthState::NONE); 515 516 // Try to navigate to a new page. (to make sure bug 5800 is fixed). 517 ui_test_utils::NavigateToURL(browser(), 518 test_server()->GetURL("files/ssl/google.html")); 519 CheckUnauthenticatedState(tab); 520} 521 522// Visits a page with https error and then goes back using Browser::GoBack. 523IN_PROC_BROWSER_TEST_F(SSLUITest, 524 TestHTTPSExpiredCertAndGoBackViaButton) { 525 ASSERT_TRUE(test_server()->Start()); 526 ASSERT_TRUE(https_server_expired_.Start()); 527 528 // First navigate to an HTTP page. 529 ui_test_utils::NavigateToURL(browser(), 530 test_server()->GetURL("files/ssl/google.html")); 531 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); 532 NavigationEntry* entry = tab->GetController().GetActiveEntry(); 533 ASSERT_TRUE(entry); 534 535 // Now go to a bad HTTPS page that shows an interstitial. 536 ui_test_utils::NavigateToURL(browser(), 537 https_server_expired_.GetURL("files/ssl/google.html")); 538 CheckAuthenticationBrokenState( 539 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL); 540 541 ProvisionalLoadWaiter load_failed_observer(tab); 542 543 // Simulate user clicking on back button (crbug.com/39248). 544 chrome::GoBack(browser(), CURRENT_TAB); 545 546 // Wait until we hear the load failure, and make sure we haven't swapped out 547 // the previous page. Prevents regression of http://crbug.com/82667. 548 load_failed_observer.Wait(); 549 EXPECT_FALSE(content::RenderViewHostTester::IsRenderViewHostSwappedOut( 550 tab->GetRenderViewHost())); 551 552 // We should be back at the original good page. 553 EXPECT_FALSE(browser()->tab_strip_model()->GetActiveWebContents()-> 554 GetInterstitialPage()); 555 CheckUnauthenticatedState(tab); 556} 557 558// Visits a page with https error and then goes back using GoToOffset. 559// Disabled because its flaky: http://crbug.com/40932, http://crbug.com/43575. 560IN_PROC_BROWSER_TEST_F(SSLUITest, 561 TestHTTPSExpiredCertAndGoBackViaMenu) { 562 ASSERT_TRUE(test_server()->Start()); 563 ASSERT_TRUE(https_server_expired_.Start()); 564 565 // First navigate to an HTTP page. 566 ui_test_utils::NavigateToURL(browser(), 567 test_server()->GetURL("files/ssl/google.html")); 568 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); 569 NavigationEntry* entry = tab->GetController().GetActiveEntry(); 570 ASSERT_TRUE(entry); 571 572 // Now go to a bad HTTPS page that shows an interstitial. 573 ui_test_utils::NavigateToURL(browser(), 574 https_server_expired_.GetURL("files/ssl/google.html")); 575 CheckAuthenticationBrokenState( 576 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL); 577 578 // Simulate user clicking and holding on back button (crbug.com/37215). 579 tab->GetController().GoToOffset(-1); 580 581 // We should be back at the original good page. 582 EXPECT_FALSE(browser()->tab_strip_model()->GetActiveWebContents()-> 583 GetInterstitialPage()); 584 CheckUnauthenticatedState(tab); 585} 586 587// Visits a page with https error and then goes forward using GoToOffset. 588IN_PROC_BROWSER_TEST_F(SSLUITest, TestHTTPSExpiredCertAndGoForward) { 589 ASSERT_TRUE(test_server()->Start()); 590 ASSERT_TRUE(https_server_expired_.Start()); 591 592 // First navigate to two HTTP pages. 593 ui_test_utils::NavigateToURL(browser(), 594 test_server()->GetURL("files/ssl/google.html")); 595 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); 596 NavigationEntry* entry1 = tab->GetController().GetActiveEntry(); 597 ASSERT_TRUE(entry1); 598 ui_test_utils::NavigateToURL(browser(), 599 test_server()->GetURL("files/ssl/blank_page.html")); 600 NavigationEntry* entry2 = tab->GetController().GetActiveEntry(); 601 ASSERT_TRUE(entry2); 602 603 // Now go back so that a page is in the forward history. 604 { 605 content::WindowedNotificationObserver observer( 606 content::NOTIFICATION_LOAD_STOP, 607 content::Source<NavigationController>(&tab->GetController())); 608 tab->GetController().GoBack(); 609 observer.Wait(); 610 } 611 ASSERT_TRUE(tab->GetController().CanGoForward()); 612 NavigationEntry* entry3 = tab->GetController().GetActiveEntry(); 613 ASSERT_TRUE(entry1 == entry3); 614 615 // Now go to a bad HTTPS page that shows an interstitial. 616 ui_test_utils::NavigateToURL(browser(), 617 https_server_expired_.GetURL("files/ssl/google.html")); 618 CheckAuthenticationBrokenState( 619 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL); 620 621 // Simulate user clicking and holding on forward button. 622 { 623 content::WindowedNotificationObserver observer( 624 content::NOTIFICATION_LOAD_STOP, 625 content::Source<NavigationController>(&tab->GetController())); 626 tab->GetController().GoToOffset(1); 627 observer.Wait(); 628 } 629 630 // We should be showing the second good page. 631 EXPECT_FALSE(browser()->tab_strip_model()->GetActiveWebContents()-> 632 GetInterstitialPage()); 633 CheckUnauthenticatedState(tab); 634 EXPECT_FALSE(tab->GetController().CanGoForward()); 635 NavigationEntry* entry4 = tab->GetController().GetActiveEntry(); 636 EXPECT_TRUE(entry2 == entry4); 637} 638 639// Visit a HTTP page which request WSS connection to a server providing invalid 640// certificate. Close the page while WSS connection waits for SSLManager's 641// response from UI thread. 642// Disabled on Windows because it was flaking on XP Tests (1). crbug.com/165258 643// Disabled under LeakSanitizer due to memory leaks. http://crbug.com/317363 644#if defined(OS_WIN) || defined(LEAK_SANITIZER) 645#define MAYBE_TestWSSInvalidCertAndClose DISABLED_TestWSSInvalidCertAndClose 646#else 647#define MAYBE_TestWSSInvalidCertAndClose TestWSSInvalidCertAndClose 648#endif 649IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestWSSInvalidCertAndClose) { 650 ASSERT_TRUE(test_server()->Start()); 651 ASSERT_TRUE(wss_server_expired_.Start()); 652 653 // Setup page title observer. 654 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); 655 content::TitleWatcher watcher(tab, ASCIIToUTF16("PASS")); 656 watcher.AlsoWaitForTitle(ASCIIToUTF16("FAIL")); 657 658 // Create GURLs to test pages. 659 std::string master_url_path = base::StringPrintf("%s?%d", 660 test_server()->GetURL("files/ssl/wss_close.html").spec().c_str(), 661 wss_server_expired_.host_port_pair().port()); 662 GURL master_url(master_url_path); 663 std::string slave_url_path = base::StringPrintf("%s?%d", 664 test_server()->GetURL("files/ssl/wss_close_slave.html").spec().c_str(), 665 wss_server_expired_.host_port_pair().port()); 666 GURL slave_url(slave_url_path); 667 668 // Create tabs and visit pages which keep on creating wss connections. 669 WebContents* tabs[16]; 670 for (int i = 0; i < 16; ++i) { 671 tabs[i] = chrome::AddSelectedTabWithURL(browser(), slave_url, 672 content::PAGE_TRANSITION_LINK); 673 } 674 chrome::SelectNextTab(browser()); 675 676 // Visit a page which waits for one TLS handshake failure. 677 // The title will be changed to 'PASS'. 678 ui_test_utils::NavigateToURL(browser(), master_url); 679 const base::string16 result = watcher.WaitAndGetTitle(); 680 EXPECT_TRUE(LowerCaseEqualsASCII(result, "pass")); 681 682 // Close tabs which contains the test page. 683 for (int i = 0; i < 16; ++i) 684 chrome::CloseWebContents(browser(), tabs[i], false); 685 chrome::CloseWebContents(browser(), tab, false); 686} 687 688// Visit a HTTPS page and proceeds despite an invalid certificate. The page 689// requests WSS connection to the same origin host to check if WSS connection 690// share certificates policy with HTTPS correcly. 691IN_PROC_BROWSER_TEST_F(SSLUITest, TestWSSInvalidCertAndGoForward) { 692 ASSERT_TRUE(test_server()->Start()); 693 ASSERT_TRUE(wss_server_expired_.Start()); 694 695 // Setup page title observer. 696 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); 697 content::TitleWatcher watcher(tab, ASCIIToUTF16("PASS")); 698 watcher.AlsoWaitForTitle(ASCIIToUTF16("FAIL")); 699 700 // Visit bad HTTPS page. 701 std::string scheme("https"); 702 GURL::Replacements replacements; 703 replacements.SetSchemeStr(scheme); 704 ui_test_utils::NavigateToURL( 705 browser(), 706 wss_server_expired_.GetURL( 707 "connect_check.html").ReplaceComponents(replacements)); 708 CheckAuthenticationBrokenState( 709 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL); 710 711 // Proceed anyway. 712 ProceedThroughInterstitial(tab); 713 714 // Test page run a WebSocket wss connection test. The result will be shown 715 // as page title. 716 const base::string16 result = watcher.WaitAndGetTitle(); 717 EXPECT_TRUE(LowerCaseEqualsASCII(result, "pass")); 718} 719 720#if defined(USE_NSS) 721// SSL client certificate tests are only enabled when using NSS for private key 722// storage, as only NSS can avoid modifying global machine state when testing. 723// See http://crbug.com/51132 724 725// Visit a HTTPS page which requires client cert authentication. The client 726// cert will be selected automatically, then a test which uses WebSocket runs. 727// Disabled: http://crbug.com/159985 728IN_PROC_BROWSER_TEST_F(SSLUITest, DISABLED_TestWSSClientCert) { 729 // Open a temporary NSS DB for testing. 730 crypto::ScopedTestNSSDB test_nssdb; 731 ASSERT_TRUE(test_nssdb.is_open()); 732 733 // Import client cert for test. These interfaces require NSS. 734 net::NSSCertDatabase* cert_db = net::NSSCertDatabase::GetInstance(); 735 scoped_refptr<net::CryptoModule> crypt_module = cert_db->GetPublicModule(); 736 std::string pkcs12_data; 737 base::FilePath cert_path = net::GetTestCertsDirectory().Append( 738 FILE_PATH_LITERAL("websocket_client_cert.p12")); 739 EXPECT_TRUE(base::ReadFileToString(cert_path, &pkcs12_data)); 740 EXPECT_EQ(net::OK, 741 cert_db->ImportFromPKCS12( 742 crypt_module.get(), pkcs12_data, base::string16(), true, NULL)); 743 744 // Start WebSocket test server with TLS and client cert authentication. 745 net::SpawnedTestServer::SSLOptions options( 746 net::SpawnedTestServer::SSLOptions::CERT_OK); 747 options.request_client_certificate = true; 748 base::FilePath ca_path = net::GetTestCertsDirectory().Append( 749 FILE_PATH_LITERAL("websocket_cacert.pem")); 750 options.client_authorities.push_back(ca_path); 751 net::SpawnedTestServer wss_server(net::SpawnedTestServer::TYPE_WSS, 752 options, 753 net::GetWebSocketTestDataDirectory()); 754 ASSERT_TRUE(wss_server.Start()); 755 std::string scheme("https"); 756 GURL::Replacements replacements; 757 replacements.SetSchemeStr(scheme); 758 GURL url = wss_server.GetURL("connect_check.html").ReplaceComponents( 759 replacements); 760 761 // Setup page title observer. 762 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); 763 content::TitleWatcher watcher(tab, ASCIIToUTF16("PASS")); 764 watcher.AlsoWaitForTitle(ASCIIToUTF16("FAIL")); 765 766 // Add an entry into AutoSelectCertificateForUrls policy for automatic client 767 // cert selection. 768 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); 769 DCHECK(profile); 770 scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue()); 771 dict->SetString("ISSUER.CN", "pywebsocket"); 772 profile->GetHostContentSettingsMap()->SetWebsiteSetting( 773 ContentSettingsPattern::FromURL(url), 774 ContentSettingsPattern::FromURL(url), 775 CONTENT_SETTINGS_TYPE_AUTO_SELECT_CERTIFICATE, 776 std::string(), 777 dict.release()); 778 779 // Visit a HTTPS page which requires client certs. 780 ui_test_utils::NavigateToURL(browser(), url); 781 CheckAuthenticatedState(tab, AuthState::NONE); 782 783 // Test page runs a WebSocket wss connection test. The result will be shown 784 // as page title. 785 const base::string16 result = watcher.WaitAndGetTitle(); 786 EXPECT_TRUE(LowerCaseEqualsASCII(result, "pass")); 787} 788#endif // defined(USE_NSS) 789 790// Flaky on CrOS http://crbug.com/92292 791#if defined(OS_CHROMEOS) 792#define MAYBE_TestHTTPSErrorWithNoNavEntry \ 793 DISABLED_TestHTTPSErrorWithNoNavEntry 794#else 795#define MAYBE_TestHTTPSErrorWithNoNavEntry TestHTTPSErrorWithNoNavEntry 796#endif // defined(OS_CHROMEOS) 797 798// Open a page with a HTTPS error in a tab with no prior navigation (through a 799// link with a blank target). This is to test that the lack of navigation entry 800// does not cause any problems (it was causing a crasher, see 801// http://crbug.com/19941). 802IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestHTTPSErrorWithNoNavEntry) { 803 ASSERT_TRUE(https_server_expired_.Start()); 804 805 GURL url = https_server_expired_.GetURL("files/ssl/google.htm"); 806 WebContents* tab2 = chrome::AddSelectedTabWithURL( 807 browser(), url, content::PAGE_TRANSITION_TYPED); 808 content::WaitForLoadStop(tab2); 809 810 // Verify our assumption that there was no prior navigation. 811 EXPECT_FALSE(chrome::CanGoBack(browser())); 812 813 // We should have an interstitial page showing. 814 ASSERT_TRUE(tab2->GetInterstitialPage()); 815} 816 817IN_PROC_BROWSER_TEST_F(SSLUITest, TestBadHTTPSDownload) { 818 ASSERT_TRUE(test_server()->Start()); 819 ASSERT_TRUE(https_server_expired_.Start()); 820 GURL url_non_dangerous = test_server()->GetURL(std::string()); 821 GURL url_dangerous = 822 https_server_expired_.GetURL("files/downloads/dangerous/dangerous.exe"); 823 base::ScopedTempDir downloads_directory_; 824 825 // Need empty temp dir to avoid having Chrome ask us for a new filename 826 // when we've downloaded dangerous.exe one hundred times. 827 ASSERT_TRUE(downloads_directory_.CreateUniqueTempDir()); 828 829 browser()->profile()->GetPrefs()->SetFilePath( 830 prefs::kDownloadDefaultDirectory, 831 downloads_directory_.path()); 832 833 // Visit a non-dangerous page. 834 ui_test_utils::NavigateToURL(browser(), url_non_dangerous); 835 836 // Now, start a transition to dangerous download. 837 { 838 content::WindowedNotificationObserver observer( 839 content::NOTIFICATION_LOAD_STOP, 840 content::NotificationService::AllSources()); 841 chrome::NavigateParams navigate_params(browser(), url_dangerous, 842 content::PAGE_TRANSITION_TYPED); 843 chrome::Navigate(&navigate_params); 844 observer.Wait(); 845 } 846 847 // To exit the browser cleanly (and this test) we need to complete the 848 // download after completing this test. 849 content::DownloadTestObserverTerminal dangerous_download_observer( 850 content::BrowserContext::GetDownloadManager(browser()->profile()), 851 1, 852 content::DownloadTestObserver::ON_DANGEROUS_DOWNLOAD_ACCEPT); 853 854 // Proceed through the SSL interstitial. This doesn't use 855 // |ProceedThroughInterstitial| since no page load will commit. 856 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); 857 ASSERT_TRUE(tab != NULL); 858 ASSERT_TRUE(tab->GetInterstitialPage() != NULL); 859 { 860 content::WindowedNotificationObserver observer( 861 chrome::NOTIFICATION_DOWNLOAD_INITIATED, 862 content::NotificationService::AllSources()); 863 tab->GetInterstitialPage()->Proceed(); 864 observer.Wait(); 865 } 866 867 // There should still be an interstitial at this point. Press the 868 // back button on the browser. Note that this doesn't wait for a 869 // NAV_ENTRY_COMMITTED notification because going back with an 870 // active interstitial simply hides the interstitial. 871 ASSERT_TRUE(tab->GetInterstitialPage() != NULL); 872 EXPECT_TRUE(chrome::CanGoBack(browser())); 873 chrome::GoBack(browser(), CURRENT_TAB); 874 875 dangerous_download_observer.WaitForFinished(); 876} 877 878// 879// Insecure content 880// 881 882#if defined(OS_WIN) 883// http://crbug.com/152940 Flaky on win. 884#define MAYBE_TestDisplaysInsecureContent DISABLED_TestDisplaysInsecureContent 885#else 886#define MAYBE_TestDisplaysInsecureContent TestDisplaysInsecureContent 887#endif 888 889// Visits a page that displays insecure content. 890IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestDisplaysInsecureContent) { 891 ASSERT_TRUE(test_server()->Start()); 892 ASSERT_TRUE(https_server_.Start()); 893 894 std::string replacement_path; 895 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement( 896 "files/ssl/page_displays_insecure_content.html", 897 test_server()->host_port_pair(), 898 &replacement_path)); 899 900 // Load a page that displays insecure content. 901 ui_test_utils::NavigateToURL(browser(), 902 https_server_.GetURL(replacement_path)); 903 904 CheckAuthenticatedState(browser()->tab_strip_model()->GetActiveWebContents(), 905 AuthState::DISPLAYED_INSECURE_CONTENT); 906} 907 908// Visits a page that runs insecure content and tries to suppress the insecure 909// content warnings by randomizing location.hash. 910// Based on http://crbug.com/8706 911IN_PROC_BROWSER_TEST_F(SSLUITest, 912 TestRunsInsecuredContentRandomizeHash) { 913 ASSERT_TRUE(test_server()->Start()); 914 ASSERT_TRUE(https_server_.Start()); 915 916 ui_test_utils::NavigateToURL(browser(), https_server_.GetURL( 917 "files/ssl/page_runs_insecure_content.html")); 918 919 CheckAuthenticationBrokenState( 920 browser()->tab_strip_model()->GetActiveWebContents(), 921 CertError::NONE, 922 AuthState::DISPLAYED_INSECURE_CONTENT | AuthState::RAN_INSECURE_CONTENT); 923} 924 925// Visits a page with unsafe content and make sure that: 926// - frames content is replaced with warning 927// - images and scripts are filtered out entirely 928IN_PROC_BROWSER_TEST_F(SSLUITest, TestUnsafeContents) { 929 ASSERT_TRUE(https_server_.Start()); 930 ASSERT_TRUE(https_server_expired_.Start()); 931 932 std::string replacement_path; 933 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement( 934 "files/ssl/page_with_unsafe_contents.html", 935 https_server_expired_.host_port_pair(), 936 &replacement_path)); 937 ui_test_utils::NavigateToURL(browser(), 938 https_server_.GetURL(replacement_path)); 939 940 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); 941 // When the bad content is filtered, the state is expected to be 942 // authenticated. 943 CheckAuthenticatedState(tab, AuthState::NONE); 944 945 // Because of cross-frame scripting restrictions, we cannot access the iframe 946 // content. So to know if the frame was loaded, we just check if a popup was 947 // opened (the iframe content opens one). 948 // Note: because of bug 1115868, no web contents modal dialog is opened right 949 // now. Once the bug is fixed, this will do the real check. 950 EXPECT_FALSE(IsShowingWebContentsModalDialog()); 951 952 int img_width; 953 EXPECT_TRUE(content::ExecuteScriptAndExtractInt( 954 tab, 955 "window.domAutomationController.send(ImageWidth());", 956 &img_width)); 957 // In order to check that the image was not loaded, we check its width. 958 // The actual image (Google logo) is 114 pixels wide, we assume the broken 959 // image is less than 100. 960 EXPECT_LT(img_width, 100); 961 962 bool js_result = false; 963 EXPECT_TRUE(content::ExecuteScriptAndExtractBool( 964 tab, 965 "window.domAutomationController.send(IsFooSet());", 966 &js_result)); 967 EXPECT_FALSE(js_result); 968} 969 970// Visits a page with insecure content loaded by JS (after the initial page 971// load). 972IN_PROC_BROWSER_TEST_F(SSLUITest, TestDisplaysInsecureContentLoadedFromJS) { 973 ASSERT_TRUE(test_server()->Start()); 974 ASSERT_TRUE(https_server_.Start()); 975 976 std::string replacement_path; 977 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement( 978 "files/ssl/page_with_dynamic_insecure_content.html", 979 test_server()->host_port_pair(), 980 &replacement_path)); 981 ui_test_utils::NavigateToURL(browser(), https_server_.GetURL( 982 replacement_path)); 983 984 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); 985 CheckAuthenticatedState(tab, AuthState::NONE); 986 987 // Load the insecure image. 988 bool js_result = false; 989 EXPECT_TRUE(content::ExecuteScriptAndExtractBool( 990 tab, 991 "loadBadImage();", 992 &js_result)); 993 EXPECT_TRUE(js_result); 994 995 // We should now have insecure content. 996 CheckAuthenticatedState(tab, AuthState::DISPLAYED_INSECURE_CONTENT); 997} 998 999// Visits two pages from the same origin: one that displays insecure content and 1000// one that doesn't. The test checks that we do not propagate the insecure 1001// content state from one to the other. 1002IN_PROC_BROWSER_TEST_F(SSLUITest, TestDisplaysInsecureContentTwoTabs) { 1003 ASSERT_TRUE(test_server()->Start()); 1004 ASSERT_TRUE(https_server_.Start()); 1005 1006 ui_test_utils::NavigateToURL(browser(), 1007 https_server_.GetURL("files/ssl/blank_page.html")); 1008 1009 WebContents* tab1 = browser()->tab_strip_model()->GetActiveWebContents(); 1010 1011 // This tab should be fine. 1012 CheckAuthenticatedState(tab1, AuthState::NONE); 1013 1014 // Create a new tab. 1015 std::string replacement_path; 1016 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement( 1017 "files/ssl/page_displays_insecure_content.html", 1018 test_server()->host_port_pair(), 1019 &replacement_path)); 1020 1021 GURL url = https_server_.GetURL(replacement_path); 1022 chrome::NavigateParams params(browser(), url, content::PAGE_TRANSITION_TYPED); 1023 params.disposition = NEW_FOREGROUND_TAB; 1024 params.tabstrip_index = 0; 1025 params.source_contents = tab1; 1026 content::WindowedNotificationObserver observer( 1027 content::NOTIFICATION_LOAD_STOP, 1028 content::NotificationService::AllSources()); 1029 chrome::Navigate(¶ms); 1030 WebContents* tab2 = params.target_contents; 1031 observer.Wait(); 1032 1033 // The new tab has insecure content. 1034 CheckAuthenticatedState(tab2, AuthState::DISPLAYED_INSECURE_CONTENT); 1035 1036 // The original tab should not be contaminated. 1037 CheckAuthenticatedState(tab1, AuthState::NONE); 1038} 1039 1040// Visits two pages from the same origin: one that runs insecure content and one 1041// that doesn't. The test checks that we propagate the insecure content state 1042// from one to the other. 1043IN_PROC_BROWSER_TEST_F(SSLUITest, TestRunsInsecureContentTwoTabs) { 1044 ASSERT_TRUE(test_server()->Start()); 1045 ASSERT_TRUE(https_server_.Start()); 1046 1047 ui_test_utils::NavigateToURL(browser(), 1048 https_server_.GetURL("files/ssl/blank_page.html")); 1049 1050 WebContents* tab1 = browser()->tab_strip_model()->GetActiveWebContents(); 1051 1052 // This tab should be fine. 1053 CheckAuthenticatedState(tab1, AuthState::NONE); 1054 1055 std::string replacement_path; 1056 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement( 1057 "files/ssl/page_runs_insecure_content.html", 1058 test_server()->host_port_pair(), 1059 &replacement_path)); 1060 1061 // Create a new tab in the same process. Using a NEW_FOREGROUND_TAB 1062 // disposition won't usually stay in the same process, but this works 1063 // because we are using process-per-site in SetUpCommandLine. 1064 GURL url = https_server_.GetURL(replacement_path); 1065 chrome::NavigateParams params(browser(), url, content::PAGE_TRANSITION_TYPED); 1066 params.disposition = NEW_FOREGROUND_TAB; 1067 params.source_contents = tab1; 1068 content::WindowedNotificationObserver observer( 1069 content::NOTIFICATION_LOAD_STOP, 1070 content::NotificationService::AllSources()); 1071 chrome::Navigate(¶ms); 1072 WebContents* tab2 = params.target_contents; 1073 observer.Wait(); 1074 1075 // Both tabs should have the same process. 1076 EXPECT_EQ(tab1->GetRenderProcessHost(), tab2->GetRenderProcessHost()); 1077 1078 // The new tab has insecure content. 1079 CheckAuthenticationBrokenState( 1080 tab2, 1081 CertError::NONE, 1082 AuthState::DISPLAYED_INSECURE_CONTENT | AuthState::RAN_INSECURE_CONTENT); 1083 1084 // Which means the origin for the first tab has also been contaminated with 1085 // insecure content. 1086 CheckAuthenticationBrokenState( 1087 tab1, CertError::NONE, AuthState::RAN_INSECURE_CONTENT); 1088} 1089 1090// Visits a page with an image over http. Visits another page over https 1091// referencing that same image over http (hoping it is coming from the webcore 1092// memory cache). 1093IN_PROC_BROWSER_TEST_F(SSLUITest, TestDisplaysCachedInsecureContent) { 1094 ASSERT_TRUE(test_server()->Start()); 1095 ASSERT_TRUE(https_server_.Start()); 1096 1097 std::string replacement_path; 1098 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement( 1099 "files/ssl/page_displays_insecure_content.html", 1100 test_server()->host_port_pair(), 1101 &replacement_path)); 1102 1103 // Load original page over HTTP. 1104 const GURL url_http = test_server()->GetURL(replacement_path); 1105 ui_test_utils::NavigateToURL(browser(), url_http); 1106 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); 1107 CheckUnauthenticatedState(tab); 1108 1109 // Load again but over SSL. It should be marked as displaying insecure 1110 // content (even though the image comes from the WebCore memory cache). 1111 const GURL url_https = https_server_.GetURL(replacement_path); 1112 ui_test_utils::NavigateToURL(browser(), url_https); 1113 CheckAuthenticatedState(tab, AuthState::DISPLAYED_INSECURE_CONTENT); 1114} 1115 1116// http://crbug.com/84729 1117#if defined(OS_CHROMEOS) 1118#define MAYBE_TestRunsCachedInsecureContent \ 1119 DISABLED_TestRunsCachedInsecureContent 1120#else 1121#define MAYBE_TestRunsCachedInsecureContent TestRunsCachedInsecureContent 1122#endif // defined(OS_CHROMEOS) 1123 1124// Visits a page with script over http. Visits another page over https 1125// referencing that same script over http (hoping it is coming from the webcore 1126// memory cache). 1127IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestRunsCachedInsecureContent) { 1128 ASSERT_TRUE(test_server()->Start()); 1129 ASSERT_TRUE(https_server_.Start()); 1130 1131 std::string replacement_path; 1132 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement( 1133 "files/ssl/page_runs_insecure_content.html", 1134 test_server()->host_port_pair(), 1135 &replacement_path)); 1136 1137 // Load original page over HTTP. 1138 const GURL url_http = test_server()->GetURL(replacement_path); 1139 ui_test_utils::NavigateToURL(browser(), url_http); 1140 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); 1141 CheckUnauthenticatedState(tab); 1142 1143 // Load again but over SSL. It should be marked as displaying insecure 1144 // content (even though the image comes from the WebCore memory cache). 1145 const GURL url_https = https_server_.GetURL(replacement_path); 1146 ui_test_utils::NavigateToURL(browser(), url_https); 1147 CheckAuthenticationBrokenState( 1148 tab, 1149 CertError::NONE, 1150 AuthState::DISPLAYED_INSECURE_CONTENT | AuthState::RAN_INSECURE_CONTENT); 1151} 1152 1153// This test ensures the CN invalid status does not 'stick' to a certificate 1154// (see bug #1044942) and that it depends on the host-name. 1155IN_PROC_BROWSER_TEST_F(SSLUITest, TestCNInvalidStickiness) { 1156 ASSERT_TRUE(https_server_.Start()); 1157 ASSERT_TRUE(https_server_mismatched_.Start()); 1158 1159 // First we hit the server with hostname, this generates an invalid policy 1160 // error. 1161 ui_test_utils::NavigateToURL(browser(), 1162 https_server_mismatched_.GetURL("files/ssl/google.html")); 1163 1164 // We get an interstitial page as a result. 1165 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); 1166 CheckAuthenticationBrokenState(tab, 1167 net::CERT_STATUS_COMMON_NAME_INVALID, 1168 AuthState::SHOWING_INTERSTITIAL); 1169 ProceedThroughInterstitial(tab); 1170 CheckAuthenticationBrokenState( 1171 tab, net::CERT_STATUS_COMMON_NAME_INVALID, AuthState::NONE); 1172 1173 // Now we try again with the right host name this time. 1174 GURL url(https_server_.GetURL("files/ssl/google.html")); 1175 ui_test_utils::NavigateToURL(browser(), url); 1176 1177 // Security state should be OK. 1178 CheckAuthenticatedState(tab, AuthState::NONE); 1179 1180 // Now try again the broken one to make sure it is still broken. 1181 ui_test_utils::NavigateToURL(browser(), 1182 https_server_mismatched_.GetURL("files/ssl/google.html")); 1183 1184 // Since we OKed the interstitial last time, we get right to the page. 1185 CheckAuthenticationBrokenState( 1186 tab, net::CERT_STATUS_COMMON_NAME_INVALID, AuthState::NONE); 1187} 1188 1189#if defined(OS_CHROMEOS) 1190// This test seems to be flaky and hang on chromiumos. 1191// http://crbug.com/84419 1192#define MAYBE_TestRefNavigation DISABLED_TestRefNavigation 1193#else 1194#define MAYBE_TestRefNavigation TestRefNavigation 1195#endif 1196 1197// Test that navigating to a #ref does not change a bad security state. 1198IN_PROC_BROWSER_TEST_F(SSLUITest, TestRefNavigation) { 1199 ASSERT_TRUE(https_server_expired_.Start()); 1200 1201 ui_test_utils::NavigateToURL(browser(), 1202 https_server_expired_.GetURL("files/ssl/page_with_refs.html")); 1203 1204 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); 1205 CheckAuthenticationBrokenState( 1206 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL); 1207 1208 ProceedThroughInterstitial(tab); 1209 1210 CheckAuthenticationBrokenState( 1211 tab, net::CERT_STATUS_DATE_INVALID, AuthState::NONE); 1212 // Now navigate to a ref in the page, the security state should not have 1213 // changed. 1214 ui_test_utils::NavigateToURL(browser(), 1215 https_server_expired_.GetURL("files/ssl/page_with_refs.html#jp")); 1216 1217 CheckAuthenticationBrokenState( 1218 tab, net::CERT_STATUS_DATE_INVALID, AuthState::NONE); 1219} 1220 1221// Tests that closing a page that has a unsafe pop-up does not crash the 1222// browser (bug #1966). 1223// TODO(jcampan): http://crbug.com/2136 disabled because the popup is not 1224// opened as it is not initiated by a user gesture. 1225IN_PROC_BROWSER_TEST_F(SSLUITest, DISABLED_TestCloseTabWithUnsafePopup) { 1226 ASSERT_TRUE(test_server()->Start()); 1227 ASSERT_TRUE(https_server_expired_.Start()); 1228 1229 std::string replacement_path; 1230 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement( 1231 "files/ssl/page_with_unsafe_popup.html", 1232 https_server_expired_.host_port_pair(), 1233 &replacement_path)); 1234 1235 ui_test_utils::NavigateToURL(browser(), 1236 test_server()->GetURL(replacement_path)); 1237 1238 WebContents* tab1 = browser()->tab_strip_model()->GetActiveWebContents(); 1239 // It is probably overkill to add a notification for a popup-opening, let's 1240 // just poll. 1241 for (int i = 0; i < 10; i++) { 1242 if (IsShowingWebContentsModalDialog()) 1243 break; 1244 base::MessageLoop::current()->PostDelayedTask( 1245 FROM_HERE, 1246 base::MessageLoop::QuitClosure(), 1247 base::TimeDelta::FromSeconds(1)); 1248 content::RunMessageLoop(); 1249 } 1250 ASSERT_TRUE(IsShowingWebContentsModalDialog()); 1251 1252 // Let's add another tab to make sure the browser does not exit when we close 1253 // the first tab. 1254 GURL url = test_server()->GetURL("files/ssl/google.html"); 1255 content::WindowedNotificationObserver observer( 1256 content::NOTIFICATION_LOAD_STOP, 1257 content::NotificationService::AllSources()); 1258 chrome::AddSelectedTabWithURL(browser(), url, content::PAGE_TRANSITION_TYPED); 1259 observer.Wait(); 1260 1261 // Close the first tab. 1262 chrome::CloseWebContents(browser(), tab1, false); 1263} 1264 1265// Visit a page over bad https that is a redirect to a page with good https. 1266IN_PROC_BROWSER_TEST_F(SSLUITest, TestRedirectBadToGoodHTTPS) { 1267 ASSERT_TRUE(https_server_.Start()); 1268 ASSERT_TRUE(https_server_expired_.Start()); 1269 1270 GURL url1 = https_server_expired_.GetURL("server-redirect?"); 1271 GURL url2 = https_server_.GetURL("files/ssl/google.html"); 1272 1273 ui_test_utils::NavigateToURL(browser(), GURL(url1.spec() + url2.spec())); 1274 1275 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); 1276 1277 CheckAuthenticationBrokenState( 1278 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL); 1279 1280 ProceedThroughInterstitial(tab); 1281 1282 // We have been redirected to the good page. 1283 CheckAuthenticatedState(tab, AuthState::NONE); 1284} 1285 1286// Visit a page over good https that is a redirect to a page with bad https. 1287IN_PROC_BROWSER_TEST_F(SSLUITest, TestRedirectGoodToBadHTTPS) { 1288 ASSERT_TRUE(https_server_.Start()); 1289 ASSERT_TRUE(https_server_expired_.Start()); 1290 1291 GURL url1 = https_server_.GetURL("server-redirect?"); 1292 GURL url2 = https_server_expired_.GetURL("files/ssl/google.html"); 1293 ui_test_utils::NavigateToURL(browser(), GURL(url1.spec() + url2.spec())); 1294 1295 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); 1296 CheckAuthenticationBrokenState( 1297 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL); 1298 1299 ProceedThroughInterstitial(tab); 1300 1301 CheckAuthenticationBrokenState( 1302 tab, net::CERT_STATUS_DATE_INVALID, AuthState::NONE); 1303} 1304 1305// Visit a page over http that is a redirect to a page with good HTTPS. 1306IN_PROC_BROWSER_TEST_F(SSLUITest, TestRedirectHTTPToGoodHTTPS) { 1307 ASSERT_TRUE(test_server()->Start()); 1308 ASSERT_TRUE(https_server_.Start()); 1309 1310 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); 1311 1312 // HTTP redirects to good HTTPS. 1313 GURL http_url = test_server()->GetURL("server-redirect?"); 1314 GURL good_https_url = 1315 https_server_.GetURL("files/ssl/google.html"); 1316 1317 ui_test_utils::NavigateToURL(browser(), 1318 GURL(http_url.spec() + good_https_url.spec())); 1319 CheckAuthenticatedState(tab, AuthState::NONE); 1320} 1321 1322// Visit a page over http that is a redirect to a page with bad HTTPS. 1323IN_PROC_BROWSER_TEST_F(SSLUITest, TestRedirectHTTPToBadHTTPS) { 1324 ASSERT_TRUE(test_server()->Start()); 1325 ASSERT_TRUE(https_server_expired_.Start()); 1326 1327 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); 1328 1329 GURL http_url = test_server()->GetURL("server-redirect?"); 1330 GURL bad_https_url = 1331 https_server_expired_.GetURL("files/ssl/google.html"); 1332 ui_test_utils::NavigateToURL(browser(), 1333 GURL(http_url.spec() + bad_https_url.spec())); 1334 CheckAuthenticationBrokenState( 1335 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL); 1336 1337 ProceedThroughInterstitial(tab); 1338 1339 CheckAuthenticationBrokenState( 1340 tab, net::CERT_STATUS_DATE_INVALID, AuthState::NONE); 1341} 1342 1343// Visit a page over https that is a redirect to a page with http (to make sure 1344// we don't keep the secure state). 1345IN_PROC_BROWSER_TEST_F(SSLUITest, TestRedirectHTTPSToHTTP) { 1346 ASSERT_TRUE(test_server()->Start()); 1347 ASSERT_TRUE(https_server_.Start()); 1348 1349 GURL https_url = https_server_.GetURL("server-redirect?"); 1350 GURL http_url = test_server()->GetURL("files/ssl/google.html"); 1351 1352 ui_test_utils::NavigateToURL(browser(), 1353 GURL(https_url.spec() + http_url.spec())); 1354 CheckUnauthenticatedState( 1355 browser()->tab_strip_model()->GetActiveWebContents()); 1356} 1357 1358// Visits a page to which we could not connect (bad port) over http and https 1359// and make sure the security style is correct. 1360IN_PROC_BROWSER_TEST_F(SSLUITest, TestConnectToBadPort) { 1361 ui_test_utils::NavigateToURL(browser(), GURL("http://localhost:17")); 1362 CheckUnauthenticatedState( 1363 browser()->tab_strip_model()->GetActiveWebContents()); 1364 1365 // Same thing over HTTPS. 1366 ui_test_utils::NavigateToURL(browser(), GURL("https://localhost:17")); 1367 CheckUnauthenticatedState( 1368 browser()->tab_strip_model()->GetActiveWebContents()); 1369} 1370 1371// 1372// Frame navigation 1373// 1374 1375// From a good HTTPS top frame: 1376// - navigate to an OK HTTPS frame 1377// - navigate to a bad HTTPS (expect unsafe content and filtered frame), then 1378// back 1379// - navigate to HTTP (expect insecure content), then back 1380IN_PROC_BROWSER_TEST_F(SSLUITest, TestGoodFrameNavigation) { 1381 ASSERT_TRUE(test_server()->Start()); 1382 ASSERT_TRUE(https_server_.Start()); 1383 ASSERT_TRUE(https_server_expired_.Start()); 1384 1385 std::string top_frame_path; 1386 ASSERT_TRUE(GetTopFramePath(*test_server(), 1387 https_server_, 1388 https_server_expired_, 1389 &top_frame_path)); 1390 1391 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); 1392 ui_test_utils::NavigateToURL(browser(), 1393 https_server_.GetURL(top_frame_path)); 1394 1395 CheckAuthenticatedState(tab, AuthState::NONE); 1396 1397 bool success = false; 1398 // Now navigate inside the frame. 1399 { 1400 content::WindowedNotificationObserver observer( 1401 content::NOTIFICATION_LOAD_STOP, 1402 content::Source<NavigationController>(&tab->GetController())); 1403 EXPECT_TRUE(content::ExecuteScriptAndExtractBool( 1404 tab, 1405 "window.domAutomationController.send(clickLink('goodHTTPSLink'));", 1406 &success)); 1407 ASSERT_TRUE(success); 1408 observer.Wait(); 1409 } 1410 1411 // We should still be fine. 1412 CheckAuthenticatedState(tab, AuthState::NONE); 1413 1414 // Now let's hit a bad page. 1415 { 1416 content::WindowedNotificationObserver observer( 1417 content::NOTIFICATION_LOAD_STOP, 1418 content::Source<NavigationController>(&tab->GetController())); 1419 EXPECT_TRUE(content::ExecuteScriptAndExtractBool( 1420 tab, 1421 "window.domAutomationController.send(clickLink('badHTTPSLink'));", 1422 &success)); 1423 ASSERT_TRUE(success); 1424 observer.Wait(); 1425 } 1426 1427 // The security style should still be secure. 1428 CheckAuthenticatedState(tab, AuthState::NONE); 1429 1430 // And the frame should be blocked. 1431 bool is_content_evil = true; 1432 content::RenderFrameHost* content_frame = content::FrameMatchingPredicate( 1433 tab, base::Bind(&content::FrameMatchesName, "contentFrame")); 1434 std::string is_evil_js("window.domAutomationController.send(" 1435 "document.getElementById('evilDiv') != null);"); 1436 EXPECT_TRUE(content::ExecuteScriptAndExtractBool(content_frame, 1437 is_evil_js, 1438 &is_content_evil)); 1439 EXPECT_FALSE(is_content_evil); 1440 1441 // Now go back, our state should still be OK. 1442 { 1443 content::WindowedNotificationObserver observer( 1444 content::NOTIFICATION_LOAD_STOP, 1445 content::Source<NavigationController>(&tab->GetController())); 1446 tab->GetController().GoBack(); 1447 observer.Wait(); 1448 } 1449 CheckAuthenticatedState(tab, AuthState::NONE); 1450 1451 // Navigate to a page served over HTTP. 1452 { 1453 content::WindowedNotificationObserver observer( 1454 content::NOTIFICATION_LOAD_STOP, 1455 content::Source<NavigationController>(&tab->GetController())); 1456 EXPECT_TRUE(content::ExecuteScriptAndExtractBool( 1457 tab, 1458 "window.domAutomationController.send(clickLink('HTTPLink'));", 1459 &success)); 1460 ASSERT_TRUE(success); 1461 observer.Wait(); 1462 } 1463 1464 // Our state should be unathenticated (in the ran mixed script sense) 1465 CheckAuthenticationBrokenState( 1466 tab, 1467 CertError::NONE, 1468 AuthState::DISPLAYED_INSECURE_CONTENT | AuthState::RAN_INSECURE_CONTENT); 1469 1470 // Go back, our state should be unchanged. 1471 { 1472 content::WindowedNotificationObserver observer( 1473 content::NOTIFICATION_LOAD_STOP, 1474 content::Source<NavigationController>(&tab->GetController())); 1475 tab->GetController().GoBack(); 1476 observer.Wait(); 1477 } 1478 1479 CheckAuthenticationBrokenState( 1480 tab, 1481 CertError::NONE, 1482 AuthState::DISPLAYED_INSECURE_CONTENT | AuthState::RAN_INSECURE_CONTENT); 1483} 1484 1485// From a bad HTTPS top frame: 1486// - navigate to an OK HTTPS frame (expected to be still authentication broken). 1487IN_PROC_BROWSER_TEST_F(SSLUITest, TestBadFrameNavigation) { 1488 ASSERT_TRUE(https_server_.Start()); 1489 ASSERT_TRUE(https_server_expired_.Start()); 1490 1491 std::string top_frame_path; 1492 ASSERT_TRUE(GetTopFramePath(*test_server(), 1493 https_server_, 1494 https_server_expired_, 1495 &top_frame_path)); 1496 1497 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); 1498 ui_test_utils::NavigateToURL(browser(), 1499 https_server_expired_.GetURL(top_frame_path)); 1500 CheckAuthenticationBrokenState( 1501 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL); 1502 1503 ProceedThroughInterstitial(tab); 1504 1505 // Navigate to a good frame. 1506 bool success = false; 1507 content::WindowedNotificationObserver observer( 1508 content::NOTIFICATION_LOAD_STOP, 1509 content::Source<NavigationController>(&tab->GetController())); 1510 EXPECT_TRUE(content::ExecuteScriptAndExtractBool( 1511 tab, 1512 "window.domAutomationController.send(clickLink('goodHTTPSLink'));", 1513 &success)); 1514 ASSERT_TRUE(success); 1515 observer.Wait(); 1516 1517 // We should still be authentication broken. 1518 CheckAuthenticationBrokenState( 1519 tab, net::CERT_STATUS_DATE_INVALID, AuthState::NONE); 1520} 1521 1522// From an HTTP top frame, navigate to good and bad HTTPS (security state should 1523// stay unauthenticated). 1524// Disabled, flakily exceeds test timeout, http://crbug.com/43437. 1525IN_PROC_BROWSER_TEST_F(SSLUITest, DISABLED_TestUnauthenticatedFrameNavigation) { 1526 ASSERT_TRUE(test_server()->Start()); 1527 ASSERT_TRUE(https_server_.Start()); 1528 ASSERT_TRUE(https_server_expired_.Start()); 1529 1530 std::string top_frame_path; 1531 ASSERT_TRUE(GetTopFramePath(*test_server(), 1532 https_server_, 1533 https_server_expired_, 1534 &top_frame_path)); 1535 1536 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); 1537 ui_test_utils::NavigateToURL(browser(), 1538 test_server()->GetURL(top_frame_path)); 1539 CheckUnauthenticatedState(tab); 1540 1541 // Now navigate inside the frame to a secure HTTPS frame. 1542 { 1543 bool success = false; 1544 content::WindowedNotificationObserver observer( 1545 content::NOTIFICATION_LOAD_STOP, 1546 content::Source<NavigationController>(&tab->GetController())); 1547 EXPECT_TRUE(content::ExecuteScriptAndExtractBool( 1548 tab, 1549 "window.domAutomationController.send(clickLink('goodHTTPSLink'));", 1550 &success)); 1551 ASSERT_TRUE(success); 1552 observer.Wait(); 1553 } 1554 1555 // We should still be unauthenticated. 1556 CheckUnauthenticatedState(tab); 1557 1558 // Now navigate to a bad HTTPS frame. 1559 { 1560 bool success = false; 1561 content::WindowedNotificationObserver observer( 1562 content::NOTIFICATION_LOAD_STOP, 1563 content::Source<NavigationController>(&tab->GetController())); 1564 EXPECT_TRUE(content::ExecuteScriptAndExtractBool( 1565 tab, 1566 "window.domAutomationController.send(clickLink('badHTTPSLink'));", 1567 &success)); 1568 ASSERT_TRUE(success); 1569 observer.Wait(); 1570 } 1571 1572 // State should not have changed. 1573 CheckUnauthenticatedState(tab); 1574 1575 // And the frame should have been blocked (see bug #2316). 1576 bool is_content_evil = true; 1577 content::RenderFrameHost* content_frame = content::FrameMatchingPredicate( 1578 tab, base::Bind(&content::FrameMatchesName, "contentFrame")); 1579 std::string is_evil_js("window.domAutomationController.send(" 1580 "document.getElementById('evilDiv') != null);"); 1581 EXPECT_TRUE(content::ExecuteScriptAndExtractBool(content_frame, 1582 is_evil_js, 1583 &is_content_evil)); 1584 EXPECT_FALSE(is_content_evil); 1585} 1586 1587IN_PROC_BROWSER_TEST_F(SSLUITest, TestUnsafeContentsInWorkerFiltered) { 1588 ASSERT_TRUE(https_server_.Start()); 1589 ASSERT_TRUE(https_server_expired_.Start()); 1590 1591 // This page will spawn a Worker which will try to load content from 1592 // BadCertServer. 1593 std::string page_with_unsafe_worker_path; 1594 ASSERT_TRUE(GetPageWithUnsafeWorkerPath(https_server_expired_, 1595 &page_with_unsafe_worker_path)); 1596 ui_test_utils::NavigateToURL(browser(), https_server_.GetURL( 1597 page_with_unsafe_worker_path)); 1598 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); 1599 // Expect Worker not to load insecure content. 1600 CheckWorkerLoadResult(tab, false); 1601 // The bad content is filtered, expect the state to be authenticated. 1602 CheckAuthenticatedState(tab, AuthState::NONE); 1603} 1604 1605IN_PROC_BROWSER_TEST_F(SSLUITest, TestUnsafeContentsInWorker) { 1606 ASSERT_TRUE(https_server_.Start()); 1607 ASSERT_TRUE(https_server_expired_.Start()); 1608 1609 // Navigate to an unsafe site. Proceed with interstitial page to indicate 1610 // the user approves the bad certificate. 1611 ui_test_utils::NavigateToURL(browser(), 1612 https_server_expired_.GetURL("files/ssl/blank_page.html")); 1613 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); 1614 CheckAuthenticationBrokenState( 1615 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL); 1616 ProceedThroughInterstitial(tab); 1617 CheckAuthenticationBrokenState( 1618 tab, net::CERT_STATUS_DATE_INVALID, AuthState::NONE); 1619 1620 // Navigate to safe page that has Worker loading unsafe content. 1621 // Expect content to load but be marked as auth broken due to running insecure 1622 // content. 1623 std::string page_with_unsafe_worker_path; 1624 ASSERT_TRUE(GetPageWithUnsafeWorkerPath(https_server_expired_, 1625 &page_with_unsafe_worker_path)); 1626 ui_test_utils::NavigateToURL(browser(), https_server_.GetURL( 1627 page_with_unsafe_worker_path)); 1628 CheckWorkerLoadResult(tab, true); // Worker loads insecure content 1629 CheckAuthenticationBrokenState( 1630 tab, CertError::NONE, AuthState::RAN_INSECURE_CONTENT); 1631} 1632 1633// Test that when the browser blocks displaying insecure content (images), the 1634// indicator shows a secure page, because the blocking made the otherwise 1635// unsafe page safe (the notification of this state is handled by other means). 1636IN_PROC_BROWSER_TEST_F(SSLUITestBlock, TestBlockDisplayingInsecureImage) { 1637 ASSERT_TRUE(test_server()->Start()); 1638 ASSERT_TRUE(https_server_.Start()); 1639 1640 std::string replacement_path; 1641 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement( 1642 "files/ssl/page_displays_insecure_content.html", 1643 test_server()->host_port_pair(), 1644 &replacement_path)); 1645 1646 ui_test_utils::NavigateToURL(browser(), 1647 https_server_.GetURL(replacement_path)); 1648 1649 CheckAuthenticatedState(browser()->tab_strip_model()->GetActiveWebContents(), 1650 AuthState::NONE); 1651} 1652 1653// Test that when the browser blocks displaying insecure content (iframes), the 1654// indicator shows a secure page, because the blocking made the otherwise 1655// unsafe page safe (the notification of this state is handled by other means) 1656IN_PROC_BROWSER_TEST_F(SSLUITestBlock, TestBlockDisplayingInsecureIframe) { 1657 ASSERT_TRUE(test_server()->Start()); 1658 ASSERT_TRUE(https_server_.Start()); 1659 1660 std::string replacement_path; 1661 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement( 1662 "files/ssl/page_displays_insecure_iframe.html", 1663 test_server()->host_port_pair(), 1664 &replacement_path)); 1665 1666 ui_test_utils::NavigateToURL(browser(), 1667 https_server_.GetURL(replacement_path)); 1668 1669 CheckAuthenticatedState(browser()->tab_strip_model()->GetActiveWebContents(), 1670 AuthState::NONE); 1671} 1672 1673// Test that when the browser blocks running insecure content, the 1674// indicator shows a secure page, because the blocking made the otherwise 1675// unsafe page safe (the notification of this state is handled by other means). 1676IN_PROC_BROWSER_TEST_F(SSLUITestBlock, TestBlockRunningInsecureContent) { 1677 ASSERT_TRUE(test_server()->Start()); 1678 ASSERT_TRUE(https_server_.Start()); 1679 1680 std::string replacement_path; 1681 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement( 1682 "files/ssl/page_runs_insecure_content.html", 1683 test_server()->host_port_pair(), 1684 &replacement_path)); 1685 1686 ui_test_utils::NavigateToURL(browser(), 1687 https_server_.GetURL(replacement_path)); 1688 1689 CheckAuthenticatedState(browser()->tab_strip_model()->GetActiveWebContents(), 1690 AuthState::NONE); 1691} 1692 1693// Visit a page and establish a WebSocket connection over bad https with 1694// --ignore-certificate-errors. The connection should be established without 1695// interstitial page showing. 1696IN_PROC_BROWSER_TEST_F(SSLUITestIgnoreCertErrors, TestWSS) { 1697 ASSERT_TRUE(test_server()->Start()); 1698 ASSERT_TRUE(wss_server_expired_.Start()); 1699 1700 // Setup page title observer. 1701 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); 1702 content::TitleWatcher watcher(tab, ASCIIToUTF16("PASS")); 1703 watcher.AlsoWaitForTitle(ASCIIToUTF16("FAIL")); 1704 1705 // Visit bad HTTPS page. 1706 std::string scheme("https"); 1707 GURL::Replacements replacements; 1708 replacements.SetSchemeStr(scheme); 1709 ui_test_utils::NavigateToURL( 1710 browser(), 1711 wss_server_expired_.GetURL( 1712 "connect_check.html").ReplaceComponents(replacements)); 1713 1714 // We shouldn't have an interstitial page showing here. 1715 1716 // Test page run a WebSocket wss connection test. The result will be shown 1717 // as page title. 1718 const base::string16 result = watcher.WaitAndGetTitle(); 1719 EXPECT_TRUE(LowerCaseEqualsASCII(result, "pass")); 1720} 1721 1722// Verifies that if JavaScript is disabled interstitials aren't affected. 1723// http://crbug.com/322948 1724IN_PROC_BROWSER_TEST_F(SSLUITest, InterstitialNotAffectedByContentSettings) { 1725 browser()->profile()->GetHostContentSettingsMap()->SetDefaultContentSetting( 1726 CONTENT_SETTINGS_TYPE_JAVASCRIPT, CONTENT_SETTING_BLOCK); 1727 1728 ASSERT_TRUE(https_server_expired_.Start()); 1729 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); 1730 ui_test_utils::NavigateToURL(browser(), 1731 https_server_expired_.GetURL("files/ssl/google.html")); 1732 CheckAuthenticationBrokenState( 1733 tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL); 1734 1735 InterstitialPage* interstitial_page = tab->GetInterstitialPage(); 1736 content::RenderViewHost* interstitial_rvh = 1737 interstitial_page->GetRenderViewHostForTesting(); 1738 bool result = false; 1739 ASSERT_TRUE(content::ExecuteScriptAndExtractBool( 1740 interstitial_rvh, 1741 "window.domAutomationController.send(true);", 1742 &result)); 1743 // The above will hang without the fix. 1744 ASSERT_TRUE(result); 1745} 1746 1747// TODO(jcampan): more tests to do below. 1748 1749// Visit a page over https that contains a frame with a redirect. 1750 1751// XMLHttpRequest insecure content in synchronous mode. 1752 1753// XMLHttpRequest insecure content in asynchronous mode. 1754 1755// XMLHttpRequest over bad ssl in synchronous mode. 1756 1757// XMLHttpRequest over OK ssl in synchronous mode. 1758