ssl_browser_tests.cc revision dc0f95d653279beabeb9817299e2902918ba123e
1// Copyright (c) 2010 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "base/time.h" 6#include "chrome/app/chrome_command_ids.h" 7#include "chrome/browser/tabs/tab_strip_model.h" 8#include "chrome/browser/ui/browser.h" 9#include "chrome/browser/ui/browser_navigator.h" 10#include "chrome/browser/ui/tab_contents/tab_contents_wrapper.h" 11#include "chrome/test/in_process_browser_test.h" 12#include "chrome/test/ui_test_utils.h" 13#include "content/browser/tab_contents/interstitial_page.h" 14#include "content/browser/tab_contents/navigation_entry.h" 15#include "content/browser/tab_contents/tab_contents.h" 16#include "net/base/cert_status_flags.h" 17#include "net/test/test_server.h" 18 19const FilePath::CharType kDocRoot[] = FILE_PATH_LITERAL("chrome/test/data"); 20 21class SSLUITest : public InProcessBrowserTest { 22 typedef net::TestServer::HTTPSOptions HTTPSOptions; 23 24 public: 25 SSLUITest() 26 : https_server_( 27 HTTPSOptions(HTTPSOptions::CERT_OK), FilePath(kDocRoot)), 28 https_server_expired_( 29 HTTPSOptions(HTTPSOptions::CERT_EXPIRED), FilePath(kDocRoot)), 30 https_server_mismatched_( 31 HTTPSOptions(HTTPSOptions::CERT_MISMATCHED_NAME), 32 FilePath(kDocRoot)) { 33 EnableDOMAutomation(); 34 } 35 36 void CheckAuthenticatedState(TabContents* tab, 37 bool displayed_insecure_content) { 38 NavigationEntry* entry = tab->controller().GetActiveEntry(); 39 ASSERT_TRUE(entry); 40 EXPECT_EQ(NORMAL_PAGE, entry->page_type()); 41 EXPECT_EQ(SECURITY_STYLE_AUTHENTICATED, entry->ssl().security_style()); 42 EXPECT_EQ(0, entry->ssl().cert_status() & net::CERT_STATUS_ALL_ERRORS); 43 EXPECT_EQ(displayed_insecure_content, 44 entry->ssl().displayed_insecure_content()); 45 EXPECT_FALSE(entry->ssl().ran_insecure_content()); 46 } 47 48 void CheckUnauthenticatedState(TabContents* tab) { 49 NavigationEntry* entry = tab->controller().GetActiveEntry(); 50 ASSERT_TRUE(entry); 51 EXPECT_EQ(NORMAL_PAGE, entry->page_type()); 52 EXPECT_EQ(SECURITY_STYLE_UNAUTHENTICATED, entry->ssl().security_style()); 53 EXPECT_EQ(0, entry->ssl().cert_status() & net::CERT_STATUS_ALL_ERRORS); 54 EXPECT_FALSE(entry->ssl().displayed_insecure_content()); 55 EXPECT_FALSE(entry->ssl().ran_insecure_content()); 56 } 57 58 void CheckAuthenticationBrokenState(TabContents* tab, 59 int error, 60 bool ran_insecure_content, 61 bool interstitial) { 62 NavigationEntry* entry = tab->controller().GetActiveEntry(); 63 ASSERT_TRUE(entry); 64 EXPECT_EQ(interstitial ? INTERSTITIAL_PAGE : NORMAL_PAGE, 65 entry->page_type()); 66 EXPECT_EQ(SECURITY_STYLE_AUTHENTICATION_BROKEN, 67 entry->ssl().security_style()); 68 // CERT_STATUS_UNABLE_TO_CHECK_REVOCATION doesn't lower the security style 69 // to SECURITY_STYLE_AUTHENTICATION_BROKEN. 70 ASSERT_NE(net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION, error); 71 EXPECT_EQ(error, entry->ssl().cert_status() & net::CERT_STATUS_ALL_ERRORS); 72 EXPECT_FALSE(entry->ssl().displayed_insecure_content()); 73 EXPECT_EQ(ran_insecure_content, entry->ssl().ran_insecure_content()); 74 } 75 76 void CheckWorkerLoadResult(TabContents* tab, bool expectLoaded) { 77 // Workers are async and we don't have notifications for them passing 78 // messages since they do it between renderer and worker processes. 79 // So have a polling loop, check every 200ms, timeout at 30s. 80 const int timeout_ms = 200; 81 base::Time timeToQuit = base::Time::Now() + 82 base::TimeDelta::FromMilliseconds(30000); 83 84 while (base::Time::Now() < timeToQuit) { 85 bool workerFinished = false; 86 ASSERT_TRUE(ui_test_utils::ExecuteJavaScriptAndExtractBool( 87 tab->render_view_host(), std::wstring(), 88 L"window.domAutomationController.send(IsWorkerFinished());", 89 &workerFinished)); 90 91 if (workerFinished) 92 break; 93 94 // Wait a bit. 95 MessageLoop::current()->PostDelayedTask( 96 FROM_HERE, new MessageLoop::QuitTask, timeout_ms); 97 ui_test_utils::RunMessageLoop(); 98 } 99 100 bool actuallyLoadedContent = false; 101 ASSERT_TRUE(ui_test_utils::ExecuteJavaScriptAndExtractBool( 102 tab->render_view_host(), std::wstring(), 103 L"window.domAutomationController.send(IsContentLoaded());", 104 &actuallyLoadedContent)); 105 EXPECT_EQ(expectLoaded, actuallyLoadedContent); 106 } 107 108 void ProceedThroughInterstitial(TabContents* tab) { 109 InterstitialPage* interstitial_page = tab->interstitial_page(); 110 ASSERT_TRUE(interstitial_page); 111 interstitial_page->Proceed(); 112 // Wait for the navigation to be done. 113 ui_test_utils::WaitForNavigation(&(tab->controller())); 114 } 115 116 static bool GetFilePathWithHostAndPortReplacement( 117 const std::string& original_file_path, 118 const net::HostPortPair& host_port_pair, 119 std::string* replacement_path) { 120 std::vector<net::TestServer::StringPair> replacement_text; 121 replacement_text.push_back( 122 make_pair("REPLACE_WITH_HOST_AND_PORT", host_port_pair.ToString())); 123 return net::TestServer::GetFilePathWithReplacements( 124 original_file_path, replacement_text, replacement_path); 125 } 126 127 static bool GetTopFramePath(const net::TestServer& http_server, 128 const net::TestServer& good_https_server, 129 const net::TestServer& bad_https_server, 130 std::string* top_frame_path) { 131 // The "frame_left.html" page contained in the top_frame.html page contains 132 // <a href>'s to three different servers. This sets up all of the 133 // replacement text to work with test servers which listen on ephemeral 134 // ports. 135 GURL http_url = http_server.GetURL("files/ssl/google.html"); 136 GURL good_https_url = good_https_server.GetURL("files/ssl/google.html"); 137 GURL bad_https_url = bad_https_server.GetURL( 138 "files/ssl/bad_iframe.html"); 139 140 std::vector<net::TestServer::StringPair> replacement_text_frame_left; 141 replacement_text_frame_left.push_back( 142 make_pair("REPLACE_WITH_HTTP_PAGE", http_url.spec())); 143 replacement_text_frame_left.push_back( 144 make_pair("REPLACE_WITH_GOOD_HTTPS_PAGE", good_https_url.spec())); 145 replacement_text_frame_left.push_back( 146 make_pair("REPLACE_WITH_BAD_HTTPS_PAGE", bad_https_url.spec())); 147 std::string frame_left_path; 148 if (!net::TestServer::GetFilePathWithReplacements( 149 "frame_left.html", 150 replacement_text_frame_left, 151 &frame_left_path)) 152 return false; 153 154 // Substitute the generated frame_left URL into the top_frame page. 155 std::vector<net::TestServer::StringPair> replacement_text_top_frame; 156 replacement_text_top_frame.push_back( 157 make_pair("REPLACE_WITH_FRAME_LEFT_PATH", frame_left_path)); 158 return net::TestServer::GetFilePathWithReplacements( 159 "files/ssl/top_frame.html", 160 replacement_text_top_frame, 161 top_frame_path); 162 } 163 164 static bool GetPageWithUnsafeWorkerPath( 165 const net::TestServer& expired_https_server, 166 std::string* page_with_unsafe_worker_path) { 167 // Get the "imported.js" URL from the expired https server and 168 // substitute it into the unsafe_worker.js file. 169 GURL imported_js_url = expired_https_server.GetURL("files/ssl/imported.js"); 170 std::vector<net::TestServer::StringPair> replacement_text_for_unsafe_worker; 171 replacement_text_for_unsafe_worker.push_back( 172 make_pair("REPLACE_WITH_IMPORTED_JS_URL", imported_js_url.spec())); 173 std::string unsafe_worker_path; 174 if (!net::TestServer::GetFilePathWithReplacements( 175 "unsafe_worker.js", 176 replacement_text_for_unsafe_worker, 177 &unsafe_worker_path)) 178 return false; 179 180 // Now, substitute this into the page with unsafe worker. 181 std::vector<net::TestServer::StringPair> 182 replacement_text_for_page_with_unsafe_worker; 183 replacement_text_for_page_with_unsafe_worker.push_back( 184 make_pair("REPLACE_WITH_UNSAFE_WORKER_PATH", unsafe_worker_path)); 185 return net::TestServer::GetFilePathWithReplacements( 186 "files/ssl/page_with_unsafe_worker.html", 187 replacement_text_for_page_with_unsafe_worker, 188 page_with_unsafe_worker_path); 189 } 190 191 net::TestServer https_server_; 192 net::TestServer https_server_expired_; 193 net::TestServer https_server_mismatched_; 194 195 private: 196 DISALLOW_COPY_AND_ASSIGN(SSLUITest); 197}; 198 199// Visits a regular page over http. 200IN_PROC_BROWSER_TEST_F(SSLUITest, TestHTTP) { 201 ASSERT_TRUE(test_server()->Start()); 202 203 ui_test_utils::NavigateToURL(browser(), 204 test_server()->GetURL("files/ssl/google.html")); 205 206 CheckUnauthenticatedState(browser()->GetSelectedTabContents()); 207} 208 209// Visits a page over http which includes broken https resources (status should 210// be OK). 211// TODO(jcampan): test that bad HTTPS content is blocked (otherwise we'll give 212// the secure cookies away!). 213IN_PROC_BROWSER_TEST_F(SSLUITest, TestHTTPWithBrokenHTTPSResource) { 214 ASSERT_TRUE(test_server()->Start()); 215 ASSERT_TRUE(https_server_expired_.Start()); 216 217 std::string replacement_path; 218 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement( 219 "files/ssl/page_with_unsafe_contents.html", 220 https_server_expired_.host_port_pair(), 221 &replacement_path)); 222 223 ui_test_utils::NavigateToURL( 224 browser(), test_server()->GetURL(replacement_path)); 225 226 CheckUnauthenticatedState(browser()->GetSelectedTabContents()); 227} 228 229// Visits a page over OK https: 230IN_PROC_BROWSER_TEST_F(SSLUITest, TestOKHTTPS) { 231 ASSERT_TRUE(https_server_.Start()); 232 233 ui_test_utils::NavigateToURL(browser(), 234 https_server_.GetURL("files/ssl/google.html")); 235 236 CheckAuthenticatedState(browser()->GetSelectedTabContents(), false); 237} 238 239// Visits a page with https error and proceed: 240// Disabled, http://crbug.com/68448. 241IN_PROC_BROWSER_TEST_F(SSLUITest, DISABLED_TestHTTPSExpiredCertAndProceed) { 242 ASSERT_TRUE(https_server_expired_.Start()); 243 244 ui_test_utils::NavigateToURL(browser(), 245 https_server_expired_.GetURL("files/ssl/google.html")); 246 247 TabContents* tab = browser()->GetSelectedTabContents(); 248 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, 249 true); // Interstitial showing 250 251 ProceedThroughInterstitial(tab); 252 253 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, 254 false); // No interstitial showing 255} 256 257// Visits a page with https error and don't proceed (and ensure we can still 258// navigate at that point): 259#if defined(OS_WIN) 260// Disabled, flakily exceeds test timeout, http://crbug.com/43575. 261#define MAYBE_TestHTTPSExpiredCertAndDontProceed \ 262 DISABLED_TestHTTPSExpiredCertAndDontProceed 263#else 264// Marked as flaky, see bug 40932. 265#define MAYBE_TestHTTPSExpiredCertAndDontProceed \ 266 FLAKY_TestHTTPSExpiredCertAndDontProceed 267#endif 268IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestHTTPSExpiredCertAndDontProceed) { 269 ASSERT_TRUE(test_server()->Start()); 270 ASSERT_TRUE(https_server_.Start()); 271 ASSERT_TRUE(https_server_expired_.Start()); 272 273 // First navigate to an OK page. 274 ui_test_utils::NavigateToURL(browser(), 275 https_server_.GetURL("files/ssl/google.html")); 276 277 TabContents* tab = browser()->GetSelectedTabContents(); 278 NavigationEntry* entry = tab->controller().GetActiveEntry(); 279 ASSERT_TRUE(entry); 280 281 GURL cross_site_url = 282 https_server_expired_.GetURL("files/ssl/google.html"); 283 // Change the host name from 127.0.0.1 to localhost so it triggers a 284 // cross-site navigation so we can test http://crbug.com/5800 is gone. 285 ASSERT_EQ("127.0.0.1", cross_site_url.host()); 286 GURL::Replacements replacements; 287 std::string new_host("localhost"); 288 replacements.SetHostStr(new_host); 289 cross_site_url = cross_site_url.ReplaceComponents(replacements); 290 291 // Now go to a bad HTTPS page. 292 ui_test_utils::NavigateToURL(browser(), cross_site_url); 293 294 // An interstitial should be showing. 295 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_COMMON_NAME_INVALID, 296 false, true); 297 298 // Simulate user clicking "Take me back". 299 InterstitialPage* interstitial_page = tab->interstitial_page(); 300 ASSERT_TRUE(interstitial_page); 301 interstitial_page->DontProceed(); 302 303 // We should be back to the original good page. 304 CheckAuthenticatedState(tab, false); 305 306 // Try to navigate to a new page. (to make sure bug 5800 is fixed). 307 ui_test_utils::NavigateToURL(browser(), 308 test_server()->GetURL("files/ssl/google.html")); 309 CheckUnauthenticatedState(tab); 310} 311 312// Visits a page with https error and then goes back using Browser::GoBack. 313IN_PROC_BROWSER_TEST_F(SSLUITest, TestHTTPSExpiredCertAndGoBackViaButton) { 314 ASSERT_TRUE(test_server()->Start()); 315 ASSERT_TRUE(https_server_expired_.Start()); 316 317 // First navigate to an HTTP page. 318 ui_test_utils::NavigateToURL(browser(), 319 test_server()->GetURL("files/ssl/google.html")); 320 TabContents* tab = browser()->GetSelectedTabContents(); 321 NavigationEntry* entry = tab->controller().GetActiveEntry(); 322 ASSERT_TRUE(entry); 323 324 // Now go to a bad HTTPS page that shows an interstitial. 325 ui_test_utils::NavigateToURL(browser(), 326 https_server_expired_.GetURL("files/ssl/google.html")); 327 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, 328 true); // Interstitial showing 329 330 // Simulate user clicking on back button (crbug.com/39248). 331 browser()->GoBack(CURRENT_TAB); 332 333 // We should be back at the original good page. 334 EXPECT_FALSE(browser()->GetSelectedTabContents()->interstitial_page()); 335 CheckUnauthenticatedState(tab); 336} 337 338// Visits a page with https error and then goes back using GoToOffset. 339// Marked as flaky, see bug 40932. 340IN_PROC_BROWSER_TEST_F(SSLUITest, FLAKY_TestHTTPSExpiredCertAndGoBackViaMenu) { 341 ASSERT_TRUE(test_server()->Start()); 342 ASSERT_TRUE(https_server_expired_.Start()); 343 344 // First navigate to an HTTP page. 345 ui_test_utils::NavigateToURL(browser(), 346 test_server()->GetURL("files/ssl/google.html")); 347 TabContents* tab = browser()->GetSelectedTabContents(); 348 NavigationEntry* entry = tab->controller().GetActiveEntry(); 349 ASSERT_TRUE(entry); 350 351 // Now go to a bad HTTPS page that shows an interstitial. 352 ui_test_utils::NavigateToURL(browser(), 353 https_server_expired_.GetURL("files/ssl/google.html")); 354 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, 355 true); // Interstitial showing 356 357 // Simulate user clicking and holding on back button (crbug.com/37215). 358 tab->controller().GoToOffset(-1); 359 360 // We should be back at the original good page. 361 EXPECT_FALSE(browser()->GetSelectedTabContents()->interstitial_page()); 362 CheckUnauthenticatedState(tab); 363} 364 365// Visits a page with https error and then goes forward using GoToOffset. 366// Marked as flaky, see bug 40932. 367IN_PROC_BROWSER_TEST_F(SSLUITest, FLAKY_TestHTTPSExpiredCertAndGoForward) { 368 ASSERT_TRUE(test_server()->Start()); 369 ASSERT_TRUE(https_server_expired_.Start()); 370 371 // First navigate to two HTTP pages. 372 ui_test_utils::NavigateToURL(browser(), 373 test_server()->GetURL("files/ssl/google.html")); 374 TabContents* tab = browser()->GetSelectedTabContents(); 375 NavigationEntry* entry1 = tab->controller().GetActiveEntry(); 376 ASSERT_TRUE(entry1); 377 ui_test_utils::NavigateToURL(browser(), 378 test_server()->GetURL("files/ssl/blank_page.html")); 379 NavigationEntry* entry2 = tab->controller().GetActiveEntry(); 380 ASSERT_TRUE(entry2); 381 382 // Now go back so that a page is in the forward history. 383 tab->controller().GoBack(); 384 ui_test_utils::WaitForNavigation(&(tab->controller())); 385 ASSERT_TRUE(tab->controller().CanGoForward()); 386 NavigationEntry* entry3 = tab->controller().GetActiveEntry(); 387 ASSERT_TRUE(entry1 == entry3); 388 389 // Now go to a bad HTTPS page that shows an interstitial. 390 ui_test_utils::NavigateToURL(browser(), 391 https_server_expired_.GetURL("files/ssl/google.html")); 392 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, 393 true); // Interstitial showing 394 395 // Simulate user clicking and holding on forward button. 396 tab->controller().GoToOffset(1); 397 ui_test_utils::WaitForNavigation(&(tab->controller())); 398 399 // We should be showing the second good page. 400 EXPECT_FALSE(browser()->GetSelectedTabContents()->interstitial_page()); 401 CheckUnauthenticatedState(tab); 402 EXPECT_FALSE(tab->controller().CanGoForward()); 403 NavigationEntry* entry4 = tab->controller().GetActiveEntry(); 404 EXPECT_TRUE(entry2 == entry4); 405} 406 407// Open a page with a HTTPS error in a tab with no prior navigation (through a 408// link with a blank target). This is to test that the lack of navigation entry 409// does not cause any problems (it was causing a crasher, see 410// http://crbug.com/19941). 411IN_PROC_BROWSER_TEST_F(SSLUITest, TestHTTPSErrorWithNoNavEntry) { 412 ASSERT_TRUE(https_server_expired_.Start()); 413 414 GURL url = https_server_expired_.GetURL("files/ssl/google.htm"); 415 TabContentsWrapper* tab2 = 416 browser()->AddSelectedTabWithURL(url, PageTransition::TYPED); 417 ui_test_utils::WaitForLoadStop(&(tab2->controller())); 418 419 // Verify our assumption that there was no prior navigation. 420 EXPECT_FALSE(browser()->command_updater()->IsCommandEnabled(IDC_BACK)); 421 422 // We should have an interstitial page showing. 423 ASSERT_TRUE(tab2->tab_contents()->interstitial_page()); 424} 425 426// 427// Insecure content 428// 429 430// Visits a page that displays insecure content. 431IN_PROC_BROWSER_TEST_F(SSLUITest, TestDisplaysInsecureContent) { 432 ASSERT_TRUE(test_server()->Start()); 433 ASSERT_TRUE(https_server_.Start()); 434 435 std::string replacement_path; 436 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement( 437 "files/ssl/page_displays_insecure_content.html", 438 test_server()->host_port_pair(), 439 &replacement_path)); 440 441 // Load a page that displays insecure content. 442 ui_test_utils::NavigateToURL(browser(), 443 https_server_.GetURL(replacement_path)); 444 445 CheckAuthenticatedState(browser()->GetSelectedTabContents(), true); 446} 447 448// Visits a page that runs insecure content and tries to suppress the insecure 449// content warnings by randomizing location.hash. 450// Based on http://crbug.com/8706 451IN_PROC_BROWSER_TEST_F(SSLUITest, TestRunsInsecuredContentRandomizeHash) { 452 ASSERT_TRUE(test_server()->Start()); 453 ASSERT_TRUE(https_server_.Start()); 454 455 ui_test_utils::NavigateToURL(browser(), https_server_.GetURL( 456 "files/ssl/page_runs_insecure_content.html")); 457 458 CheckAuthenticationBrokenState(browser()->GetSelectedTabContents(), 0, true, 459 false); 460} 461 462// Visits a page with unsafe content and make sure that: 463// - frames content is replaced with warning 464// - images and scripts are filtered out entirely 465// Marked as flaky, see bug 40932. 466IN_PROC_BROWSER_TEST_F(SSLUITest, FLAKY_TestUnsafeContents) { 467 ASSERT_TRUE(https_server_.Start()); 468 ASSERT_TRUE(https_server_expired_.Start()); 469 470 std::string replacement_path; 471 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement( 472 "files/ssl/page_with_unsafe_contents.html", 473 https_server_expired_.host_port_pair(), 474 &replacement_path)); 475 ui_test_utils::NavigateToURL(browser(), 476 https_server_.GetURL(replacement_path)); 477 478 TabContents* tab = browser()->GetSelectedTabContents(); 479 // When the bad content is filtered, the state is expected to be 480 // authenticated. 481 CheckAuthenticatedState(tab, false); 482 483 // Because of cross-frame scripting restrictions, we cannot access the iframe 484 // content. So to know if the frame was loaded, we just check if a popup was 485 // opened (the iframe content opens one). 486 // Note: because of bug 1115868, no constrained window is opened right now. 487 // Once the bug is fixed, this will do the real check. 488 EXPECT_EQ(0, static_cast<int>(tab->constrained_window_count())); 489 490 int img_width; 491 EXPECT_TRUE(ui_test_utils::ExecuteJavaScriptAndExtractInt( 492 tab->render_view_host(), std::wstring(), 493 L"window.domAutomationController.send(ImageWidth());", &img_width)); 494 // In order to check that the image was not loaded, we check its width. 495 // The actual image (Google logo) is 114 pixels wide, we assume the broken 496 // image is less than 100. 497 EXPECT_LT(img_width, 100); 498 499 bool js_result = false; 500 EXPECT_TRUE(ui_test_utils::ExecuteJavaScriptAndExtractBool( 501 tab->render_view_host(), std::wstring(), 502 L"window.domAutomationController.send(IsFooSet());", &js_result)); 503 EXPECT_FALSE(js_result); 504} 505 506// Visits a page with insecure content loaded by JS (after the initial page 507// load). 508IN_PROC_BROWSER_TEST_F(SSLUITest, TestDisplaysInsecureContentLoadedFromJS) { 509 ASSERT_TRUE(test_server()->Start()); 510 ASSERT_TRUE(https_server_.Start()); 511 512 std::string replacement_path; 513 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement( 514 "files/ssl/page_with_dynamic_insecure_content.html", 515 test_server()->host_port_pair(), 516 &replacement_path)); 517 ui_test_utils::NavigateToURL(browser(), https_server_.GetURL( 518 replacement_path)); 519 520 TabContents* tab = browser()->GetSelectedTabContents(); 521 CheckAuthenticatedState(tab, false); 522 523 // Load the insecure image. 524 bool js_result = false; 525 EXPECT_TRUE(ui_test_utils::ExecuteJavaScriptAndExtractBool( 526 tab->render_view_host(), std::wstring(), L"loadBadImage();", &js_result)); 527 EXPECT_TRUE(js_result); 528 529 // We should now have insecure content. 530 CheckAuthenticatedState(tab, true); 531} 532 533// Visits two pages from the same origin: one that displays insecure content and 534// one that doesn't. The test checks that we do not propagate the insecure 535// content state from one to the other. 536IN_PROC_BROWSER_TEST_F(SSLUITest, TestDisplaysInsecureContentTwoTabs) { 537 ASSERT_TRUE(test_server()->Start()); 538 ASSERT_TRUE(https_server_.Start()); 539 540 ui_test_utils::NavigateToURL(browser(), 541 https_server_.GetURL("files/ssl/blank_page.html")); 542 543 TabContentsWrapper* tab1 = browser()->GetSelectedTabContentsWrapper(); 544 545 // This tab should be fine. 546 CheckAuthenticatedState(tab1->tab_contents(), false); 547 548 // Create a new tab. 549 std::string replacement_path; 550 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement( 551 "files/ssl/page_displays_insecure_content.html", 552 test_server()->host_port_pair(), 553 &replacement_path)); 554 555 GURL url = https_server_.GetURL(replacement_path); 556 browser::NavigateParams params(browser(), url, PageTransition::TYPED); 557 params.disposition = NEW_FOREGROUND_TAB; 558 params.tabstrip_index = 0; 559 params.source_contents = tab1; 560 browser::Navigate(¶ms); 561 TabContentsWrapper* tab2 = params.target_contents; 562 ui_test_utils::WaitForNavigation(&(tab2->controller())); 563 564 // The new tab has insecure content. 565 CheckAuthenticatedState(tab2->tab_contents(), true); 566 567 // The original tab should not be contaminated. 568 CheckAuthenticatedState(tab1->tab_contents(), false); 569} 570 571// Visits two pages from the same origin: one that runs insecure content and one 572// that doesn't. The test checks that we propagate the insecure content state 573// from one to the other. 574IN_PROC_BROWSER_TEST_F(SSLUITest, TestRunsInsecureContentTwoTabs) { 575 ASSERT_TRUE(test_server()->Start()); 576 ASSERT_TRUE(https_server_.Start()); 577 578 ui_test_utils::NavigateToURL(browser(), 579 https_server_.GetURL("files/ssl/blank_page.html")); 580 581 TabContentsWrapper* tab1 = browser()->GetSelectedTabContentsWrapper(); 582 583 // This tab should be fine. 584 CheckAuthenticatedState(tab1->tab_contents(), false); 585 586 std::string replacement_path; 587 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement( 588 "files/ssl/page_runs_insecure_content.html", 589 test_server()->host_port_pair(), 590 &replacement_path)); 591 592 // Create a new tab. 593 GURL url = https_server_.GetURL(replacement_path); 594 browser::NavigateParams params(browser(), url, PageTransition::TYPED); 595 params.disposition = NEW_FOREGROUND_TAB; 596 params.source_contents = tab1; 597 browser::Navigate(¶ms); 598 TabContentsWrapper* tab2 = params.target_contents; 599 ui_test_utils::WaitForNavigation(&(tab2->controller())); 600 601 // The new tab has insecure content. 602 CheckAuthenticationBrokenState(tab2->tab_contents(), 0, true, false); 603 604 // Which means the origin for the first tab has also been contaminated with 605 // insecure content. 606 CheckAuthenticationBrokenState(tab1->tab_contents(), 0, true, false); 607} 608 609// Visits a page with an image over http. Visits another page over https 610// referencing that same image over http (hoping it is coming from the webcore 611// memory cache). 612IN_PROC_BROWSER_TEST_F(SSLUITest, TestDisplaysCachedInsecureContent) { 613 ASSERT_TRUE(test_server()->Start()); 614 ASSERT_TRUE(https_server_.Start()); 615 616 std::string replacement_path; 617 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement( 618 "files/ssl/page_displays_insecure_content.html", 619 test_server()->host_port_pair(), 620 &replacement_path)); 621 622 // Load original page over HTTP. 623 const GURL url_http = test_server()->GetURL(replacement_path); 624 ui_test_utils::NavigateToURL(browser(), url_http); 625 TabContents* tab = browser()->GetSelectedTabContents(); 626 CheckUnauthenticatedState(tab); 627 628 // Load again but over SSL. It should be marked as displaying insecure 629 // content (even though the image comes from the WebCore memory cache). 630 const GURL url_https = https_server_.GetURL(replacement_path); 631 ui_test_utils::NavigateToURL(browser(), url_https); 632 CheckAuthenticatedState(tab, true); 633} 634 635// Visits a page with script over http. Visits another page over https 636// referencing that same script over http (hoping it is coming from the webcore 637// memory cache). 638IN_PROC_BROWSER_TEST_F(SSLUITest, TestRunsCachedInsecureContent) { 639 ASSERT_TRUE(test_server()->Start()); 640 ASSERT_TRUE(https_server_.Start()); 641 642 std::string replacement_path; 643 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement( 644 "files/ssl/page_runs_insecure_content.html", 645 test_server()->host_port_pair(), 646 &replacement_path)); 647 648 // Load original page over HTTP. 649 const GURL url_http = test_server()->GetURL(replacement_path); 650 ui_test_utils::NavigateToURL(browser(), url_http); 651 TabContents* tab = browser()->GetSelectedTabContents(); 652 CheckUnauthenticatedState(tab); 653 654 // Load again but over SSL. It should be marked as displaying insecure 655 // content (even though the image comes from the WebCore memory cache). 656 const GURL url_https = https_server_.GetURL(replacement_path); 657 ui_test_utils::NavigateToURL(browser(), url_https); 658 CheckAuthenticationBrokenState(tab, 0, true, false); 659} 660 661// This test ensures the CN invalid status does not 'stick' to a certificate 662// (see bug #1044942) and that it depends on the host-name. 663// Disabled, see http://crbug.com/68448 and http://crbug.com/49377. 664IN_PROC_BROWSER_TEST_F(SSLUITest, DISABLED_TestCNInvalidStickiness) { 665 ASSERT_TRUE(https_server_.Start()); 666 ASSERT_TRUE(https_server_mismatched_.Start()); 667 668 // First we hit the server with hostname, this generates an invalid policy 669 // error. 670 ui_test_utils::NavigateToURL(browser(), 671 https_server_mismatched_.GetURL("files/ssl/google.html")); 672 673 // We get an interstitial page as a result. 674 TabContents* tab = browser()->GetSelectedTabContents(); 675 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_COMMON_NAME_INVALID, 676 false, true); // Interstitial showing. 677 ProceedThroughInterstitial(tab); 678 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_COMMON_NAME_INVALID, 679 false, false); // No interstitial showing. 680 681 // Now we try again with the right host name this time. 682 GURL url(https_server_.GetURL("files/ssl/google.html")); 683 ui_test_utils::NavigateToURL(browser(), url); 684 685 // Security state should be OK. 686 CheckAuthenticatedState(tab, false); 687 688 // Now try again the broken one to make sure it is still broken. 689 ui_test_utils::NavigateToURL(browser(), 690 https_server_mismatched_.GetURL("files/ssl/google.html")); 691 692 // Since we OKed the interstitial last time, we get right to the page. 693 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_COMMON_NAME_INVALID, 694 false, false); // No interstitial showing. 695} 696 697// Test that navigating to a #ref does not change a bad security state. 698IN_PROC_BROWSER_TEST_F(SSLUITest, TestRefNavigation) { 699 ASSERT_TRUE(https_server_expired_.Start()); 700 701 ui_test_utils::NavigateToURL(browser(), 702 https_server_expired_.GetURL("files/ssl/page_with_refs.html")); 703 704 TabContents* tab = browser()->GetSelectedTabContents(); 705 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, 706 true); // Interstitial showing. 707 708 ProceedThroughInterstitial(tab); 709 710 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, 711 false); // No interstitial showing. 712 713 // Now navigate to a ref in the page, the security state should not have 714 // changed. 715 ui_test_utils::NavigateToURL(browser(), 716 https_server_expired_.GetURL("files/ssl/page_with_refs.html#jp")); 717 718 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, 719 false); // No interstitial showing. 720} 721 722// Tests that closing a page that has a unsafe pop-up does not crash the 723// browser (bug #1966). 724// TODO(jcampan): http://crbug.com/2136 disabled because the popup is not 725// opened as it is not initiated by a user gesture. 726IN_PROC_BROWSER_TEST_F(SSLUITest, DISABLED_TestCloseTabWithUnsafePopup) { 727 ASSERT_TRUE(test_server()->Start()); 728 ASSERT_TRUE(https_server_expired_.Start()); 729 730 std::string replacement_path; 731 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement( 732 "files/ssl/page_with_unsafe_popup.html", 733 https_server_expired_.host_port_pair(), 734 &replacement_path)); 735 736 ui_test_utils::NavigateToURL(browser(), 737 test_server()->GetURL(replacement_path)); 738 739 TabContents* tab1 = browser()->GetSelectedTabContents(); 740 // It is probably overkill to add a notification for a popup-opening, let's 741 // just poll. 742 for (int i = 0; i < 10; i++) { 743 if (static_cast<int>(tab1->constrained_window_count()) > 0) 744 break; 745 MessageLoop::current()->PostDelayedTask(FROM_HERE, 746 new MessageLoop::QuitTask(), 1000); 747 ui_test_utils::RunMessageLoop(); 748 } 749 ASSERT_EQ(1, static_cast<int>(tab1->constrained_window_count())); 750 751 // Let's add another tab to make sure the browser does not exit when we close 752 // the first tab. 753 GURL url = test_server()->GetURL("files/ssl/google.html"); 754 TabContentsWrapper* tab2 = 755 browser()->AddSelectedTabWithURL(url, PageTransition::TYPED); 756 ui_test_utils::WaitForNavigation(&(tab2->controller())); 757 758 // Close the first tab. 759 browser()->CloseTabContents(tab1); 760} 761 762// Visit a page over bad https that is a redirect to a page with good https. 763// Marked as flaky, see bug 40932. 764IN_PROC_BROWSER_TEST_F(SSLUITest, FLAKY_TestRedirectBadToGoodHTTPS) { 765 ASSERT_TRUE(https_server_.Start()); 766 ASSERT_TRUE(https_server_expired_.Start()); 767 768 GURL url1 = https_server_expired_.GetURL("server-redirect?"); 769 GURL url2 = https_server_.GetURL("files/ssl/google.html"); 770 771 ui_test_utils::NavigateToURL(browser(), GURL(url1.spec() + url2.spec())); 772 773 TabContents* tab = browser()->GetSelectedTabContents(); 774 775 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, 776 true); // Interstitial showing. 777 778 ProceedThroughInterstitial(tab); 779 780 // We have been redirected to the good page. 781 CheckAuthenticatedState(tab, false); 782} 783 784// Visit a page over good https that is a redirect to a page with bad https. 785// Marked as flaky, see bug 40932. 786IN_PROC_BROWSER_TEST_F(SSLUITest, FLAKY_TestRedirectGoodToBadHTTPS) { 787 ASSERT_TRUE(https_server_.Start()); 788 ASSERT_TRUE(https_server_expired_.Start()); 789 790 GURL url1 = https_server_.GetURL("server-redirect?"); 791 GURL url2 = https_server_expired_.GetURL("files/ssl/google.html"); 792 ui_test_utils::NavigateToURL(browser(), GURL(url1.spec() + url2.spec())); 793 794 TabContents* tab = browser()->GetSelectedTabContents(); 795 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, 796 true); // Interstitial showing. 797 798 ProceedThroughInterstitial(tab); 799 800 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, 801 false); // No interstitial showing. 802} 803 804// Visit a page over http that is a redirect to a page with good HTTPS. 805// Disabled, http://crbug.com/70216. 806IN_PROC_BROWSER_TEST_F(SSLUITest, DISABLED_TestRedirectHTTPToGoodHTTPS) { 807 ASSERT_TRUE(test_server()->Start()); 808 ASSERT_TRUE(https_server_.Start()); 809 810 TabContents* tab = browser()->GetSelectedTabContents(); 811 812 // HTTP redirects to good HTTPS. 813 GURL http_url = test_server()->GetURL("server-redirect?"); 814 GURL good_https_url = 815 https_server_.GetURL("files/ssl/google.html"); 816 817 ui_test_utils::NavigateToURL(browser(), 818 GURL(http_url.spec() + good_https_url.spec())); 819 CheckAuthenticatedState(tab, false); 820} 821 822// Visit a page over http that is a redirect to a page with bad HTTPS. 823IN_PROC_BROWSER_TEST_F(SSLUITest, FLAKY_TestRedirectHTTPToBadHTTPS) { 824 ASSERT_TRUE(test_server()->Start()); 825 ASSERT_TRUE(https_server_expired_.Start()); 826 827 TabContents* tab = browser()->GetSelectedTabContents(); 828 829 GURL http_url = test_server()->GetURL("server-redirect?"); 830 GURL bad_https_url = 831 https_server_expired_.GetURL("files/ssl/google.html"); 832 ui_test_utils::NavigateToURL(browser(), 833 GURL(http_url.spec() + bad_https_url.spec())); 834 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, 835 true); // Interstitial showing. 836 837 ProceedThroughInterstitial(tab); 838 839 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, 840 false); // No interstitial showing. 841} 842 843// Visit a page over https that is a redirect to a page with http (to make sure 844// we don't keep the secure state). 845// Marked as flaky, see bug 40932. 846IN_PROC_BROWSER_TEST_F(SSLUITest, FLAKY_TestRedirectHTTPSToHTTP) { 847 ASSERT_TRUE(test_server()->Start()); 848 ASSERT_TRUE(https_server_.Start()); 849 850 GURL https_url = https_server_.GetURL("server-redirect?"); 851 GURL http_url = test_server()->GetURL("files/ssl/google.html"); 852 853 ui_test_utils::NavigateToURL(browser(), 854 GURL(https_url.spec() + http_url.spec())); 855 CheckUnauthenticatedState(browser()->GetSelectedTabContents()); 856} 857 858// Visits a page to which we could not connect (bad port) over http and https 859// and make sure the security style is correct. 860IN_PROC_BROWSER_TEST_F(SSLUITest, TestConnectToBadPort) { 861 ui_test_utils::NavigateToURL(browser(), GURL("http://localhost:17")); 862 CheckUnauthenticatedState(browser()->GetSelectedTabContents()); 863 864 // Same thing over HTTPS. 865 ui_test_utils::NavigateToURL(browser(), GURL("https://localhost:17")); 866 CheckUnauthenticatedState(browser()->GetSelectedTabContents()); 867} 868 869// 870// Frame navigation 871// 872 873// From a good HTTPS top frame: 874// - navigate to an OK HTTPS frame 875// - navigate to a bad HTTPS (expect unsafe content and filtered frame), then 876// back 877// - navigate to HTTP (expect insecure content), then back 878// Disabled, http://crbug.com/18626. 879IN_PROC_BROWSER_TEST_F(SSLUITest, DISABLED_TestGoodFrameNavigation) { 880 ASSERT_TRUE(test_server()->Start()); 881 ASSERT_TRUE(https_server_.Start()); 882 ASSERT_TRUE(https_server_expired_.Start()); 883 884 std::string top_frame_path; 885 ASSERT_TRUE(GetTopFramePath(*test_server(), 886 https_server_, 887 https_server_expired_, 888 &top_frame_path)); 889 890 TabContents* tab = browser()->GetSelectedTabContents(); 891 ui_test_utils::NavigateToURL(browser(), 892 https_server_.GetURL(top_frame_path)); 893 894 CheckAuthenticatedState(tab, false); 895 896 bool success = false; 897 // Now navigate inside the frame. 898 EXPECT_TRUE(ui_test_utils::ExecuteJavaScriptAndExtractBool( 899 tab->render_view_host(), std::wstring(), 900 L"window.domAutomationController.send(clickLink('goodHTTPSLink'));", 901 &success)); 902 EXPECT_TRUE(success); 903 ui_test_utils::WaitForNavigation(&tab->controller()); 904 905 // We should still be fine. 906 CheckAuthenticatedState(tab, false); 907 908 // Now let's hit a bad page. 909 EXPECT_TRUE(ui_test_utils::ExecuteJavaScriptAndExtractBool( 910 tab->render_view_host(), std::wstring(), 911 L"window.domAutomationController.send(clickLink('badHTTPSLink'));", 912 &success)); 913 EXPECT_TRUE(success); 914 ui_test_utils::WaitForNavigation(&tab->controller()); 915 916 // The security style should still be secure. 917 CheckAuthenticatedState(tab, false); 918 919 // And the frame should be blocked. 920 bool is_content_evil = true; 921 std::wstring content_frame_xpath(L"html/frameset/frame[2]"); 922 std::wstring is_evil_js(L"window.domAutomationController.send(" 923 L"document.getElementById('evilDiv') != null);"); 924 EXPECT_TRUE(ui_test_utils::ExecuteJavaScriptAndExtractBool( 925 tab->render_view_host(), content_frame_xpath, is_evil_js, 926 &is_content_evil)); 927 EXPECT_FALSE(is_content_evil); 928 929 // Now go back, our state should still be OK. 930 tab->controller().GoBack(); 931 ui_test_utils::WaitForNavigation(&tab->controller()); 932 CheckAuthenticatedState(tab, false); 933 934 // Navigate to a page served over HTTP. 935 EXPECT_TRUE(ui_test_utils::ExecuteJavaScriptAndExtractBool( 936 tab->render_view_host(), std::wstring(), 937 L"window.domAutomationController.send(clickLink('HTTPLink'));", 938 &success)); 939 EXPECT_TRUE(success); 940 ui_test_utils::WaitForNavigation(&tab->controller()); 941 942 // Our state should be insecure. 943 CheckAuthenticatedState(tab, true); 944 945 // Go back, our state should be unchanged. 946 tab->controller().GoBack(); 947 ui_test_utils::WaitForNavigation(&tab->controller()); 948 CheckAuthenticatedState(tab, true); 949} 950 951// From a bad HTTPS top frame: 952// - navigate to an OK HTTPS frame (expected to be still authentication broken). 953// Marked as flaky, see bug 40932. 954IN_PROC_BROWSER_TEST_F(SSLUITest, FLAKY_TestBadFrameNavigation) { 955 ASSERT_TRUE(https_server_.Start()); 956 ASSERT_TRUE(https_server_expired_.Start()); 957 958 std::string top_frame_path; 959 ASSERT_TRUE(GetTopFramePath(*test_server(), 960 https_server_, 961 https_server_expired_, 962 &top_frame_path)); 963 964 TabContents* tab = browser()->GetSelectedTabContents(); 965 ui_test_utils::NavigateToURL(browser(), 966 https_server_expired_.GetURL(top_frame_path)); 967 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, 968 true); // Interstitial showing 969 970 ProceedThroughInterstitial(tab); 971 972 // Navigate to a good frame. 973 bool success = false; 974 EXPECT_TRUE(ui_test_utils::ExecuteJavaScriptAndExtractBool( 975 tab->render_view_host(), std::wstring(), 976 L"window.domAutomationController.send(clickLink('goodHTTPSLink'));", 977 &success)); 978 EXPECT_TRUE(success); 979 ui_test_utils::WaitForNavigation(&tab->controller()); 980 981 // We should still be authentication broken. 982 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, 983 false); 984} 985 986// From an HTTP top frame, navigate to good and bad HTTPS (security state should 987// stay unauthenticated). 988#if defined(OS_WIN) || defined(OS_CHROMEOS) || defined(OS_LINUX) 989// Disabled, flakily exceeds test timeout, http://crbug.com/43437. 990#define MAYBE_TestUnauthenticatedFrameNavigation \ 991 DISABLED_TestUnauthenticatedFrameNavigation 992#else 993// Marked as flaky, see bug 40932. 994#define MAYBE_TestUnauthenticatedFrameNavigation \ 995 FLAKY_TestUnauthenticatedFrameNavigation 996#endif 997IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestUnauthenticatedFrameNavigation) { 998 ASSERT_TRUE(test_server()->Start()); 999 ASSERT_TRUE(https_server_.Start()); 1000 ASSERT_TRUE(https_server_expired_.Start()); 1001 1002 std::string top_frame_path; 1003 ASSERT_TRUE(GetTopFramePath(*test_server(), 1004 https_server_, 1005 https_server_expired_, 1006 &top_frame_path)); 1007 1008 TabContents* tab = browser()->GetSelectedTabContents(); 1009 ui_test_utils::NavigateToURL(browser(), 1010 test_server()->GetURL(top_frame_path)); 1011 CheckUnauthenticatedState(tab); 1012 1013 // Now navigate inside the frame to a secure HTTPS frame. 1014 bool success = false; 1015 EXPECT_TRUE(ui_test_utils::ExecuteJavaScriptAndExtractBool( 1016 tab->render_view_host(), std::wstring(), 1017 L"window.domAutomationController.send(clickLink('goodHTTPSLink'));", 1018 &success)); 1019 EXPECT_TRUE(success); 1020 ui_test_utils::WaitForNavigation(&tab->controller()); 1021 1022 // We should still be unauthenticated. 1023 CheckUnauthenticatedState(tab); 1024 1025 // Now navigate to a bad HTTPS frame. 1026 EXPECT_TRUE(ui_test_utils::ExecuteJavaScriptAndExtractBool( 1027 tab->render_view_host(), std::wstring(), 1028 L"window.domAutomationController.send(clickLink('badHTTPSLink'));", 1029 &success)); 1030 EXPECT_TRUE(success); 1031 ui_test_utils::WaitForNavigation(&tab->controller()); 1032 1033 // State should not have changed. 1034 CheckUnauthenticatedState(tab); 1035 1036 // And the frame should have been blocked (see bug #2316). 1037 bool is_content_evil = true; 1038 std::wstring content_frame_xpath(L"html/frameset/frame[2]"); 1039 std::wstring is_evil_js(L"window.domAutomationController.send(" 1040 L"document.getElementById('evilDiv') != null);"); 1041 EXPECT_TRUE(ui_test_utils::ExecuteJavaScriptAndExtractBool( 1042 tab->render_view_host(), content_frame_xpath, is_evil_js, 1043 &is_content_evil)); 1044 EXPECT_FALSE(is_content_evil); 1045} 1046 1047// Marked as flaky, see bug 40932. 1048IN_PROC_BROWSER_TEST_F(SSLUITest, FLAKY_TestUnsafeContentsInWorkerFiltered) { 1049 ASSERT_TRUE(https_server_.Start()); 1050 ASSERT_TRUE(https_server_expired_.Start()); 1051 1052 // This page will spawn a Worker which will try to load content from 1053 // BadCertServer. 1054 std::string page_with_unsafe_worker_path; 1055 ASSERT_TRUE(GetPageWithUnsafeWorkerPath(https_server_expired_, 1056 &page_with_unsafe_worker_path)); 1057 ui_test_utils::NavigateToURL(browser(), https_server_.GetURL( 1058 page_with_unsafe_worker_path)); 1059 TabContents* tab = browser()->GetSelectedTabContents(); 1060 // Expect Worker not to load insecure content. 1061 CheckWorkerLoadResult(tab, false); 1062 // The bad content is filtered, expect the state to be authenticated. 1063 CheckAuthenticatedState(tab, false); 1064} 1065 1066// Marked as flaky, see bug 40932. 1067IN_PROC_BROWSER_TEST_F(SSLUITest, FLAKY_TestUnsafeContentsInWorker) { 1068 ASSERT_TRUE(https_server_.Start()); 1069 ASSERT_TRUE(https_server_expired_.Start()); 1070 1071 // Navigate to an unsafe site. Proceed with interstitial page to indicate 1072 // the user approves the bad certificate. 1073 ui_test_utils::NavigateToURL(browser(), 1074 https_server_expired_.GetURL("files/ssl/blank_page.html")); 1075 TabContents* tab = browser()->GetSelectedTabContents(); 1076 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, 1077 true); // Interstitial showing 1078 ProceedThroughInterstitial(tab); 1079 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, 1080 false); // No Interstitial 1081 1082 // Navigate to safe page that has Worker loading unsafe content. 1083 // Expect content to load but be marked as auth broken due to running insecure 1084 // content. 1085 std::string page_with_unsafe_worker_path; 1086 ASSERT_TRUE(GetPageWithUnsafeWorkerPath(https_server_expired_, 1087 &page_with_unsafe_worker_path)); 1088 ui_test_utils::NavigateToURL(browser(), https_server_.GetURL( 1089 page_with_unsafe_worker_path)); 1090 CheckWorkerLoadResult(tab, true); // Worker loads insecure content 1091 CheckAuthenticationBrokenState(tab, 0, true, false); 1092} 1093 1094// TODO(jcampan): more tests to do below. 1095 1096// Visit a page over https that contains a frame with a redirect. 1097 1098// XMLHttpRequest insecure content in synchronous mode. 1099 1100// XMLHttpRequest insecure content in asynchronous mode. 1101 1102// XMLHttpRequest over bad ssl in synchronous mode. 1103 1104// XMLHttpRequest over OK ssl in synchronous mode. 1105