diff options
Diffstat (limited to 'chrome/browser/ssl_uitest.cc')
| -rw-r--r-- | chrome/browser/ssl_uitest.cc | 216 |
1 files changed, 85 insertions, 131 deletions
diff --git a/chrome/browser/ssl_uitest.cc b/chrome/browser/ssl_uitest.cc index 906c28c..ccef280 100644 --- a/chrome/browser/ssl_uitest.cc +++ b/chrome/browser/ssl_uitest.cc @@ -11,28 +11,18 @@ #include "chrome/test/automation/browser_proxy.h" #include "chrome/test/automation/tab_proxy.h" #include "chrome/test/ui/ui_test.h" +#include "net/base/ssl_test_util.h" #include "net/url_request/url_request_unittest.h" namespace { const wchar_t kDocRoot[] = L"chrome/test/data"; -const char kHostName[] = "127.0.0.1"; - -const int kOKHTTPSPort = 9443; -const int kBadHTTPSPort = 9666; - -// The issuer name of the cert that should be trusted for the test to work. -const wchar_t kCertIssuerName[] = L"Test CA"; class SSLUITest : public UITest { protected: SSLUITest() { - CheckCATrusted(); dom_automation_enabled_ = true; - PathService::Get(base::DIR_SOURCE_ROOT, &cert_dir_); - cert_dir_ += L"/chrome/test/data/ssl/certificates/"; - std::replace(cert_dir_.begin(), cert_dir_.end(), - L'/', FilePath::kSeparators[0]); + EXPECT_TRUE(util_.CheckCATrusted()); } TabProxy* GetActiveTabProxy() { @@ -51,70 +41,34 @@ class SSLUITest : public UITest { EXPECT_TRUE(browser_proxy->AppendTab(url)); } - std::wstring GetOKCertPath() { - std::wstring path(cert_dir_); - file_util::AppendToPath(&path, L"ok_cert.pem"); - return path; - } - - std::wstring GetInvalidCertPath() { - std::wstring path(cert_dir_); - file_util::AppendToPath(&path, L"invalid_cert.pem"); - return path; - } - - std::wstring GetExpiredCertPath() { - std::wstring path(cert_dir_); - file_util::AppendToPath(&path, L"expired_cert.pem"); - return path; + TestServer* PlainServer() { + return new TestServer(kDocRoot); } - HTTPSTestServer GoodServer() { - return HTTPSTestServer(kHostName, kOKHTTPSPort, kDocRoot, GetOKCertPath()); + HTTPSTestServer* GoodCertServer() { + return new HTTPSTestServer(util_.kHostName, util_.kOKHTTPSPort, + kDocRoot, util_.GetOKCertPath().ToWStringHack()); } - HTTPSTestServer BadServer() { - return HTTPSTestServer(kHostName, kBadHTTPSPort, kDocRoot, - GetExpiredCertPath()); + HTTPSTestServer* BadCertServer() { + return new HTTPSTestServer(util_.kHostName, util_.kBadHTTPSPort, + kDocRoot, util_.GetExpiredCertPath().ToWStringHack()); } - private: - void CheckCATrusted() { - HCERTSTORE cert_store = CertOpenSystemStore(NULL, L"ROOT"); - if (!cert_store) { - FAIL() << " could not open trusted root CA store"; - return; - } - PCCERT_CONTEXT cert = - CertFindCertificateInStore(cert_store, - X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, - 0, - CERT_FIND_ISSUER_STR, - kCertIssuerName, - NULL); - if (cert) - CertFreeCertificateContext(cert); - CertCloseStore(cert_store, 0); - - if (!cert) { - FAIL() << " TEST CONFIGURATION ERROR: you need to import the test ca " - "certificate to your trusted roots for this test to work. For more " - "info visit:\n" - "http://wiki.corp.google.com/twiki/bin/view/Main/ChromeUnitUITests\n"; - } - } + protected: + SSLTestUtil util_; - std::wstring cert_dir_; + DISALLOW_COPY_AND_ASSIGN(SSLUITest); }; } // namespace // Visits a regular page over http. TEST_F(SSLUITest, TestHTTP) { - TestServer server(kDocRoot); + scoped_ptr<TestServer> server(PlainServer()); scoped_ptr<TabProxy> tab(GetActiveTabProxy()); - NavigateTab(tab.get(), server.TestServerPageW(L"files/ssl/google.html")); + NavigateTab(tab.get(), server->TestServerPageW(L"files/ssl/google.html")); NavigationEntry::PageType page_type; EXPECT_TRUE(tab->GetPageType(&page_type)); @@ -133,13 +87,12 @@ TEST_F(SSLUITest, TestHTTP) { // Visits a page over http which includes broken https resources (status should // be OK). TEST_F(SSLUITest, TestHTTPWithBrokenHTTPSResource) { - TestServer http_server(kDocRoot); - HTTPSTestServer httpsServer(kHostName, kBadHTTPSPort, - kDocRoot, GetExpiredCertPath()); + scoped_ptr<TestServer> http_server(PlainServer()); + scoped_ptr<HTTPSTestServer> bad_https_server(BadCertServer()); scoped_ptr<TabProxy> tab(GetActiveTabProxy()); NavigateTab(tab.get(), - http_server.TestServerPageW(L"files/ssl/page_with_unsafe_contents.html")); + http_server->TestServerPageW(L"files/ssl/page_with_unsafe_contents.html")); SecurityStyle security_style; int cert_status; @@ -153,10 +106,10 @@ TEST_F(SSLUITest, TestHTTPWithBrokenHTTPSResource) { // Visits a page over OK https: TEST_F(SSLUITest, TestOKHTTPS) { - HTTPSTestServer https_server = GoodServer(); + scoped_ptr<HTTPSTestServer> https_server(GoodCertServer()); scoped_ptr<TabProxy> tab(GetActiveTabProxy()); NavigateTab(tab.get(), - https_server.TestServerPageW(L"files/ssl/google.html")); + https_server->TestServerPageW(L"files/ssl/google.html")); NavigationEntry::PageType page_type; EXPECT_TRUE(tab->GetPageType(&page_type)); @@ -174,10 +127,10 @@ TEST_F(SSLUITest, TestOKHTTPS) { // Visits a page with https error: TEST_F(SSLUITest, TestHTTPSExpiredCert) { - HTTPSTestServer https_server = BadServer(); + scoped_ptr<HTTPSTestServer> bad_https_server(BadCertServer()); scoped_ptr<TabProxy> tab(GetActiveTabProxy()); NavigateTab(tab.get(), - https_server.TestServerPageW(L"files/ssl/google.html")); + bad_https_server->TestServerPageW(L"files/ssl/google.html")); NavigationEntry::PageType page_type; EXPECT_TRUE(tab->GetPageType(&page_type)); @@ -210,14 +163,14 @@ TEST_F(SSLUITest, TestHTTPSExpiredCert) { // Visits a page with mixed content. TEST_F(SSLUITest, TestMixedContents) { - HTTPSTestServer https_server = GoodServer(); - TestServer http_server(kDocRoot); + scoped_ptr<HTTPSTestServer> https_server(GoodCertServer()); + scoped_ptr<TestServer> http_server(PlainServer()); // Load a page with mixed-content, the default behavior is to show the mixed // content. scoped_ptr<TabProxy> tab(GetActiveTabProxy()); NavigateTab(tab.get(), - https_server.TestServerPageW(L"files/ssl/page_with_mixed_contents.html")); + https_server->TestServerPageW(L"files/ssl/page_with_mixed_contents.html")); NavigationEntry::PageType page_type; EXPECT_TRUE(tab->GetPageType(&page_type)); EXPECT_EQ(NavigationEntry::NORMAL_PAGE, page_type); @@ -282,12 +235,12 @@ TEST_F(SSLUITest, TestMixedContents) { // - frames content is replaced with warning // - images and scripts are filtered out entirely TEST_F(SSLUITest, TestUnsafeContents) { - HTTPSTestServer good_https_server = GoodServer(); - HTTPSTestServer bad_https_server = BadServer(); + scoped_ptr<HTTPSTestServer> good_https_server(GoodCertServer()); + scoped_ptr<HTTPSTestServer> bad_https_server(BadCertServer()); scoped_ptr<TabProxy> tab(GetActiveTabProxy()); NavigateTab(tab.get(), - good_https_server.TestServerPageW( + good_https_server->TestServerPageW( L"files/ssl/page_with_unsafe_contents.html")); NavigationEntry::PageType page_type; EXPECT_TRUE(tab->GetPageType(&page_type)); @@ -332,11 +285,11 @@ TEST_F(SSLUITest, TestUnsafeContents) { // Visits a page with mixed content loaded by JS (after the initial page load). TEST_F(SSLUITest, TestMixedContentsLoadedFromJS) { - HTTPSTestServer https_server = GoodServer(); - TestServer http_server(kDocRoot); + scoped_ptr<HTTPSTestServer> https_server(GoodCertServer()); + scoped_ptr<TestServer> http_server(PlainServer()); scoped_ptr<TabProxy> tab(GetActiveTabProxy()); - NavigateTab(tab.get(), https_server.TestServerPageW( + NavigateTab(tab.get(), https_server->TestServerPageW( L"files/ssl/page_with_dynamic_mixed_contents.html")); NavigationEntry::PageType page_type; EXPECT_TRUE(tab->GetPageType(&page_type)); @@ -371,11 +324,11 @@ TEST_F(SSLUITest, TestMixedContentsLoadedFromJS) { // referencing that same image over http (hoping it is coming from the webcore // memory cache). TEST_F(SSLUITest, TestCachedMixedContents) { - HTTPSTestServer https_server = GoodServer(); - TestServer http_server(kDocRoot); + scoped_ptr<HTTPSTestServer> https_server(GoodCertServer()); + scoped_ptr<TestServer> http_server(PlainServer()); scoped_ptr<TabProxy> tab(GetActiveTabProxy()); - NavigateTab(tab.get(), http_server.TestServerPageW( + NavigateTab(tab.get(), http_server->TestServerPageW( L"files/ssl/page_with_mixed_contents.html")); NavigationEntry::PageType page_type; @@ -393,7 +346,7 @@ TEST_F(SSLUITest, TestCachedMixedContents) { // Load again but over SSL. It should have mixed-contents (even though the // image comes from the WebCore memory cache). - NavigateTab(tab.get(), https_server.TestServerPageW( + NavigateTab(tab.get(), https_server->TestServerPageW( L"files/ssl/page_with_mixed_contents.html")); EXPECT_TRUE(tab->GetSecurityState(&security_style, &cert_status, @@ -408,16 +361,17 @@ TEST_F(SSLUITest, TestCachedMixedContents) { // This test ensures the CN invalid status does not 'stick' to a certificate // (see bug #1044942) and that it depends on the host-name. -// TODO (jcampan): this test is flacky and fails sometimes (bug #1065095) +// TODO(jcampan): this test is flacky and fails sometimes (bug #1065095) TEST_F(SSLUITest, DISABLED_TestCNInvalidStickiness) { const std::string kLocalHost = "localhost"; - HTTPSTestServer https_server(kLocalHost, kOKHTTPSPort, - kDocRoot, GetOKCertPath()); + scoped_ptr<HTTPSTestServer> https_server( + new HTTPSTestServer(kLocalHost, util_.kOKHTTPSPort, + kDocRoot, util_.GetOKCertPath().ToWStringHack())); // First we hit the server with hostname, this generates an invalid policy // error. scoped_ptr<TabProxy> tab(GetActiveTabProxy()); - NavigateTab(tab.get(), https_server.TestServerPageW( + NavigateTab(tab.get(), https_server->TestServerPageW( L"files/ssl/google.html")); // We get an interstitial page as a result. @@ -443,12 +397,12 @@ TEST_F(SSLUITest, DISABLED_TestCNInvalidStickiness) { // Now we try again with the right host name this time. // Let's change the host-name in the url. - GURL url = https_server.TestServerPageW(L"files/ssl/google.html"); + GURL url = https_server->TestServerPageW(L"files/ssl/google.html"); std::string::size_type hostname_index = url.spec().find(kLocalHost); ASSERT_TRUE(hostname_index != std::string::npos); // Test sanity check. std::string new_url; new_url.append(url.spec().substr(0, hostname_index)); - new_url.append(kHostName); + new_url.append(util_.kHostName); new_url.append(url.spec().substr(hostname_index + kLocalHost.size())); NavigateTab(tab.get(), GURL(new_url)); @@ -462,7 +416,7 @@ TEST_F(SSLUITest, DISABLED_TestCNInvalidStickiness) { EXPECT_EQ(NavigationEntry::SSLStatus::NORMAL_CONTENT, mixed_content_state); // Now try again the broken one to make sure it is still broken. - NavigateTab(tab.get(), https_server.TestServerPageW( + NavigateTab(tab.get(), https_server->TestServerPageW( L"files/ssl/google.html")); EXPECT_TRUE(tab->GetPageType(&page_type)); @@ -478,10 +432,10 @@ TEST_F(SSLUITest, DISABLED_TestCNInvalidStickiness) { // Test that navigating to a #ref does not change a bad security state. TEST_F(SSLUITest, TestRefNavigation) { - HTTPSTestServer https_server = BadServer(); + scoped_ptr<HTTPSTestServer> bad_https_server(BadCertServer()); scoped_ptr<TabProxy> tab(GetActiveTabProxy()); NavigateTab(tab.get(), - https_server.TestServerPageW(L"files/ssl/page_with_refs.html")); + bad_https_server->TestServerPageW(L"files/ssl/page_with_refs.html")); NavigationEntry::PageType page_type; EXPECT_TRUE(tab->GetPageType(&page_type)); @@ -508,7 +462,7 @@ TEST_F(SSLUITest, TestRefNavigation) { // Now navigate to a ref in the page. NavigateTab(tab.get(), - https_server.TestServerPageW(L"files/ssl/page_with_refs.html#jp")); + bad_https_server->TestServerPageW(L"files/ssl/page_with_refs.html#jp")); EXPECT_TRUE(tab->GetSecurityState(&security_style, &cert_status, &mixed_content_state)); EXPECT_EQ(SECURITY_STYLE_AUTHENTICATION_BROKEN, security_style); @@ -521,12 +475,12 @@ TEST_F(SSLUITest, TestRefNavigation) { // (bug #1966). // Disabled because flaky (bug #2136). TEST_F(SSLUITest, DISABLED_TestCloseTabWithUnsafePopup) { - TestServer http_server(kDocRoot); - HTTPSTestServer bad_https_server = BadServer(); + scoped_ptr<TestServer> http_server(PlainServer()); + scoped_ptr<HTTPSTestServer> bad_https_server(BadCertServer()); scoped_ptr<TabProxy> tab(GetActiveTabProxy()); NavigateTab(tab.get(), - http_server.TestServerPageW( + http_server->TestServerPageW( L"files/ssl/page_with_unsafe_popup.html")); int popup_count = 0; @@ -538,7 +492,7 @@ TEST_F(SSLUITest, DISABLED_TestCloseTabWithUnsafePopup) { scoped_ptr<BrowserProxy> browser_proxy(automation()->GetBrowserWindow(0)); EXPECT_TRUE(browser_proxy.get()); browser_proxy->AppendTab( - http_server.TestServerPageW(L"files/ssl/google.html")); + http_server->TestServerPageW(L"files/ssl/google.html")); // Close the first tab. tab->Close(); @@ -546,12 +500,12 @@ TEST_F(SSLUITest, DISABLED_TestCloseTabWithUnsafePopup) { // Visit a page over bad https that is a redirect to a page with good https. TEST_F(SSLUITest, TestRedirectBadToGoodHTTPS) { - HTTPSTestServer good_https_server = GoodServer(); - HTTPSTestServer bad_https_server = BadServer(); + scoped_ptr<HTTPSTestServer> good_https_server(GoodCertServer()); + scoped_ptr<HTTPSTestServer> bad_https_server(BadCertServer()); scoped_ptr<TabProxy> tab(GetActiveTabProxy()); - GURL url1 = bad_https_server.TestServerPageW(L"server-redirect?"); - GURL url2 = good_https_server.TestServerPageW(L"files/ssl/google.html"); + GURL url1 = bad_https_server->TestServerPageW(L"server-redirect?"); + GURL url2 = good_https_server->TestServerPageW(L"files/ssl/google.html"); NavigateTab(tab.get(), GURL(url1.spec() + url2.spec())); NavigationEntry::PageType page_type; @@ -579,12 +533,12 @@ TEST_F(SSLUITest, TestRedirectBadToGoodHTTPS) { // Visit a page over good https that is a redirect to a page with bad https. TEST_F(SSLUITest, TestRedirectGoodToBadHTTPS) { - HTTPSTestServer good_https_server = GoodServer(); - HTTPSTestServer bad_https_server = BadServer(); + scoped_ptr<HTTPSTestServer> good_https_server(GoodCertServer()); + scoped_ptr<HTTPSTestServer> bad_https_server(BadCertServer()); scoped_ptr<TabProxy> tab(GetActiveTabProxy()); - GURL url1 = good_https_server.TestServerPageW(L"server-redirect?"); - GURL url2 = bad_https_server.TestServerPageW(L"files/ssl/google.html"); + GURL url1 = good_https_server->TestServerPageW(L"server-redirect?"); + GURL url2 = bad_https_server->TestServerPageW(L"files/ssl/google.html"); NavigateTab(tab.get(), GURL(url1.spec() + url2.spec())); NavigationEntry::PageType page_type; @@ -607,15 +561,15 @@ TEST_F(SSLUITest, TestRedirectGoodToBadHTTPS) { // Visit a page over http that is a redirect to a page with https (good and // bad). TEST_F(SSLUITest, TestRedirectHTTPToHTTPS) { - TestServer http_server(kDocRoot); - HTTPSTestServer good_https_server = GoodServer(); - HTTPSTestServer bad_https_server = BadServer(); + scoped_ptr<TestServer> http_server(PlainServer()); + scoped_ptr<HTTPSTestServer> good_https_server(GoodCertServer()); + scoped_ptr<HTTPSTestServer> bad_https_server(BadCertServer()); // HTTP redirects to good HTTPS. scoped_ptr<TabProxy> tab(GetActiveTabProxy()); - GURL http_url = http_server.TestServerPageW(L"server-redirect?"); + GURL http_url = http_server->TestServerPageW(L"server-redirect?"); GURL good_https_url = - good_https_server.TestServerPageW(L"files/ssl/google.html"); + good_https_server->TestServerPageW(L"files/ssl/google.html"); NavigateTab(tab.get(), GURL(http_url.spec() + good_https_url.spec())); SecurityStyle security_style; @@ -629,7 +583,7 @@ TEST_F(SSLUITest, TestRedirectHTTPToHTTPS) { // HTTP redirects to bad HTTPS. GURL bad_https_url = - bad_https_server.TestServerPageW(L"files/ssl/google.html"); + bad_https_server->TestServerPageW(L"files/ssl/google.html"); NavigateTab(tab.get(), GURL(http_url.spec() + bad_https_url.spec())); NavigationEntry::PageType page_type; @@ -650,12 +604,12 @@ TEST_F(SSLUITest, TestRedirectHTTPToHTTPS) { // Visit a page over https that is a redirect to a page with http (to make sure // we don't keep the secure state). TEST_F(SSLUITest, TestRedirectHTTPSToHTTP) { - TestServer http_server(kDocRoot); - HTTPSTestServer https_server = GoodServer(); + scoped_ptr<TestServer> http_server(PlainServer()); + scoped_ptr<HTTPSTestServer> https_server(GoodCertServer()); scoped_ptr<TabProxy> tab(GetActiveTabProxy()); - GURL https_url = https_server.TestServerPageW(L"server-redirect?"); - GURL http_url = http_server.TestServerPageW(L"files/ssl/google.html"); + GURL https_url = https_server->TestServerPageW(L"server-redirect?"); + GURL http_url = http_server->TestServerPageW(L"files/ssl/google.html"); NavigateTab(tab.get(), GURL(https_url.spec() + http_url.spec())); SecurityStyle security_style; @@ -703,16 +657,16 @@ TEST_F(SSLUITest, TestConnectToBadPort) { // From a good HTTPS top frame: // - navigate to an OK HTTPS frame // - navigate to a bad HTTPS (expect unsafe content and filtered frame), then -// back +// back // - navigate to HTTP (expect mixed content), then back TEST_F(SSLUITest, TestGoodFrameNavigation) { - TestServer http_server(kDocRoot); - HTTPSTestServer good_https_server = GoodServer(); - HTTPSTestServer bad_https_server = BadServer(); - + scoped_ptr<TestServer> http_server(PlainServer()); + scoped_ptr<HTTPSTestServer> good_https_server(GoodCertServer()); + scoped_ptr<HTTPSTestServer> bad_https_server(BadCertServer()); + scoped_ptr<TabProxy> tab(GetActiveTabProxy()); NavigateTab(tab.get(), - good_https_server.TestServerPageW(L"files/ssl/top_frame.html")); + good_https_server->TestServerPageW(L"files/ssl/top_frame.html")); SecurityStyle security_style; int cert_status; @@ -802,12 +756,12 @@ TEST_F(SSLUITest, TestGoodFrameNavigation) { // From a bad HTTPS top frame: // - navigate to an OK HTTPS frame (expected to be still authentication broken). TEST_F(SSLUITest, TestBadFrameNavigation) { - HTTPSTestServer good_https_server = GoodServer(); - HTTPSTestServer bad_https_server = BadServer(); - + scoped_ptr<HTTPSTestServer> good_https_server(GoodCertServer()); + scoped_ptr<HTTPSTestServer> bad_https_server(BadCertServer()); + scoped_ptr<TabProxy> tab(GetActiveTabProxy()); NavigateTab(tab.get(), - bad_https_server.TestServerPageW(L"files/ssl/top_frame.html")); + bad_https_server->TestServerPageW(L"files/ssl/top_frame.html")); SecurityStyle security_style; int cert_status; @@ -823,7 +777,7 @@ TEST_F(SSLUITest, TestBadFrameNavigation) { EXPECT_TRUE(tab->TakeActionOnSSLBlockingPage(true)); // Navigate to a good frame. - bool success = false; + bool success = false; int64 last_nav_time = 0; EXPECT_TRUE(tab->GetLastNavigationTime(&last_nav_time)); EXPECT_TRUE(tab->ExecuteAndExtractBool(L"", @@ -844,13 +798,13 @@ TEST_F(SSLUITest, TestBadFrameNavigation) { // From an HTTP top frame, navigate to good and bad HTTPS (security state should // stay unauthenticated). TEST_F(SSLUITest, TestUnauthenticatedFrameNavigation) { - TestServer http_server(kDocRoot); - HTTPSTestServer good_https_server = GoodServer(); - HTTPSTestServer bad_https_server = BadServer(); - + scoped_ptr<TestServer> http_server(PlainServer()); + scoped_ptr<HTTPSTestServer> good_https_server(GoodCertServer()); + scoped_ptr<HTTPSTestServer> bad_https_server(BadCertServer()); + scoped_ptr<TabProxy> tab(GetActiveTabProxy()); NavigateTab(tab.get(), - http_server.TestServerPageW(L"files/ssl/top_frame.html")); + http_server->TestServerPageW(L"files/ssl/top_frame.html")); SecurityStyle security_style; int cert_status; @@ -906,7 +860,7 @@ TEST_F(SSLUITest, TestUnauthenticatedFrameNavigation) { } -// TODO (jcampan): more tests to do below. +// TODO(jcampan): more tests to do below. // Visit a page over https that contains a frame with a redirect. |