// Copyright 2014 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "components/security_interstitials/content/stateful_ssl_host_state_delegate.h" #include <stdint.h> #include <utility> #include "base/command_line.h" #include "base/functional/bind.h" #include "base/functional/callback.h" #include "base/strings/string_number_conversions.h" #include "base/test/simple_test_clock.h" #include "build/build_config.h" #include "chrome/browser/browsing_data/chrome_browsing_data_remover_constants.h" #include "chrome/browser/content_settings/host_content_settings_map_factory.h" #include "chrome/browser/extensions/chrome_test_extension_loader.h" #include "chrome/browser/extensions/extension_browsertest.h" #include "chrome/browser/profiles/profile.h" #include "chrome/browser/ssl/stateful_ssl_host_state_delegate_factory.h" #include "chrome/browser/ui/browser.h" #include "chrome/browser/ui/tabs/tab_strip_model.h" #include "chrome/test/base/in_process_browser_test.h" #include "chrome/test/base/ui_test_utils.h" #include "components/browsing_data/core/browsing_data_utils.h" #include "components/content_settings/core/browser/host_content_settings_map.h" #include "components/content_settings/core/common/content_settings_pattern.h" #include "components/guest_view/browser/guest_view_base.h" #include "components/guest_view/browser/test_guest_view_manager.h" #include "content/public/browser/browsing_data_remover.h" #include "content/public/browser/ssl_host_state_delegate.h" #include "content/public/browser/web_contents.h" #include "content/public/common/content_switches.h" #include "content/public/test/browser_test.h" #include "content/public/test/browser_test_utils.h" #include "content/public/test/browsing_data_remover_test_util.h" #include "extensions/browser/app_window/app_window.h" #include "extensions/browser/app_window/app_window_registry.h" #include "extensions/common/switches.h" #include "net/test/cert_test_util.h" #include "net/test/test_data_directory.h" #include "testing/gtest/include/gtest/gtest.h" namespace { const char kOkCertFile[] = …; const char kWWWGoogleHost[] = …; const char kGoogleHost[] = …; const char kExampleHost[] = …; const uint64_t kDeltaOneDayInSeconds = …86400); const uint64_t kDeltaOneWeekInSeconds = …604800); const uint64_t kDeltaFifteenDaysInSeconds = …1296000); scoped_refptr<net::X509Certificate> GetOkCert() { … } bool CStrStringMatcher(const char* a, const std::string& b) { … } } // namespace class StatefulSSLHostStateDelegateTest : public InProcessBrowserTest { … }; // StatefulSSLHostStateDelegateTest tests basic unit test functionality of the // SSLHostStateDelegate class. For example, tests that if a certificate is // accepted, then it is added to queryable, and if it is revoked, it is not // queryable. Even though it is effectively a unit test, in needs to be an // InProcessBrowserTest because the actual functionality is provided by // StatefulSSLHostStateDelegate which is provided per-profile. // // QueryPolicy unit tests the expected behavior of calling QueryPolicy on the // SSLHostStateDelegate class after various SSL cert decisions have been made. IN_PROC_BROWSER_TEST_F(StatefulSSLHostStateDelegateTest, QueryPolicy) { … } // Tests the expected behavior of calling HasAllowExceptionForAnyHost on the // SSLHostStateDelegate class after setting website settings for // different ContentSettingsType. IN_PROC_BROWSER_TEST_F(StatefulSSLHostStateDelegateTest, HasAllowExceptionForAnyHost) { … } // Tests the expected behavior of calling IsHttpAllowedForHost on the // SSLHostStateDelegate class after various HTTP decisions have been made. IN_PROC_BROWSER_TEST_F(StatefulSSLHostStateDelegateTest, HttpAllowlisting) { … } // HasPolicyAndRevoke unit tests the expected behavior of calling // HasAllowException before and after calling RevokeUserAllowExceptions on the // SSLHostStateDelegate class. IN_PROC_BROWSER_TEST_F(StatefulSSLHostStateDelegateTest, HasPolicyAndRevoke) { … } // Clear unit tests the expected behavior of calling Clear to forget all cert // decision state and HTTP allowlist state on the SSLHostStateDelegate class. IN_PROC_BROWSER_TEST_F(StatefulSSLHostStateDelegateTest, Clear) { … } // DidHostRunInsecureContent unit tests the expected behavior of calling // DidHostRunInsecureContent as well as HostRanInsecureContent to check if // insecure content has been run and to mark it as such. IN_PROC_BROWSER_TEST_F(StatefulSSLHostStateDelegateTest, DidHostRunInsecureContent) { … } // Tests that StatefulSSLHostStateDelegate::HasSeenRecurrentErrors returns true // after seeing an error of interest multiple times, in the default mode in // which error occurrences are stored in-memory. IN_PROC_BROWSER_TEST_F(StatefulSSLHostStateDelegateTest, HasSeenRecurrentErrors) { … } // Tests that StatefulSSLHostStateDelegate::HasSeenRecurrentErrors returns true // after seeing an error of interest multiple times in pref mode (where the // count of each error is persisted across browsing sessions). IN_PROC_BROWSER_TEST_F(StatefulSSLHostStateDelegateTest, HasSeenRecurrentErrorsPref) { … } // Tests that StatefulSSLHostStateDelegate::HasSeenRecurrentErrors handles // clocks going backwards in pref mode. IN_PROC_BROWSER_TEST_F(StatefulSSLHostStateDelegateTest, HasSeenRecurrentErrorsPrefClockGoesBackwards) { … } // Tests that StatefulSSLHostStateDelegate::HasSeenRecurrentErrors in pref mode // ignores errors that occurred too far in the past. Note that this test uses a // threshold of 3 errors, unlike previous tests which use a threshold of 2. IN_PROC_BROWSER_TEST_F(StatefulSSLHostStateDelegateTest, HasSeenRecurrentErrorsPrefErrorsInPast) { … } // Tests the basic behavior of cert memory in incognito. class IncognitoSSLHostStateDelegateTest : public StatefulSSLHostStateDelegateTest { … }; IN_PROC_BROWSER_TEST_F(IncognitoSSLHostStateDelegateTest, PRE_AfterRestart) { … } // AfterRestart ensures that any cert decisions made in an incognito profile are // forgetten after a session restart even if the field trial group parameter // specifies to remember cert decisions after restart. IN_PROC_BROWSER_TEST_F(IncognitoSSLHostStateDelegateTest, AfterRestart) { … } // TODO(crbug.com/40787070): Disabled for brokenness. IN_PROC_BROWSER_TEST_F(IncognitoSSLHostStateDelegateTest, DISABLED_PRE_AfterRestartHttp) { … } // AfterRestartHttp ensures that any HTTP decisions made in an incognito profile // are forgetten after a session restart. // TODO(crbug.com/40787070): Disabled for brokenness. IN_PROC_BROWSER_TEST_F(IncognitoSSLHostStateDelegateTest, DISABLED_AfterRestartHttp) { … } // Tests the default certificate memory, which is one week. class DefaultMemorySSLHostStateDelegateTest : public StatefulSSLHostStateDelegateTest { … }; IN_PROC_BROWSER_TEST_F(DefaultMemorySSLHostStateDelegateTest, PRE_AfterRestart) { … } IN_PROC_BROWSER_TEST_F(DefaultMemorySSLHostStateDelegateTest, AfterRestart) { … } IN_PROC_BROWSER_TEST_F(DefaultMemorySSLHostStateDelegateTest, PRE_AfterRestartHttp) { … } IN_PROC_BROWSER_TEST_F(DefaultMemorySSLHostStateDelegateTest, AfterRestartHttp) { … } // The same test as StatefulSSLHostStateDelegateTest.QueryPolicyExpired but now // applied to a browser context that expires based on time, not restart. This // unit tests to make sure that if a certificate decision has expired, the // return value from QueryPolicy returns the correct value. IN_PROC_BROWSER_TEST_F(DefaultMemorySSLHostStateDelegateTest, QueryPolicyExpired) { … } // Tests that if an HTTP allowlist decision has expired, then the return value // from IsHttpAllowedForHost returns false. Similar to the test // DefaultMemorySSLHostStateDelegateTest.AfterRestartHttp but does not involve // restarting the browser. IN_PROC_BROWSER_TEST_F(DefaultMemorySSLHostStateDelegateTest, HttpDecisionExpires) { … } // Tests to make sure that if the user deletes their browser history, SSL // exceptions will be deleted as well. class RemoveBrowsingHistorySSLHostStateDelegateTest : public StatefulSSLHostStateDelegateTest { … }; IN_PROC_BROWSER_TEST_F(RemoveBrowsingHistorySSLHostStateDelegateTest, DeleteHistory) { … } IN_PROC_BROWSER_TEST_F(RemoveBrowsingHistorySSLHostStateDelegateTest, DeleteHistoryClearsHttpAllowlistDecision) { … } // Tests to make sure that localhost certificate errors are treated as // normal errors or ignored, depending on whether the // kAllowInsecureLocalhost flag is set. // // When the flag isn't set, requests to localhost with invalid // certificates should be denied. IN_PROC_BROWSER_TEST_F(StatefulSSLHostStateDelegateTest, LocalhostErrorWithoutFlag) { … } class StatefulSSLHostStateDelegateExtensionTest : public extensions::ExtensionBrowserTest { … }; // Tests that certificate decisions are isolated by storage partition. In // particular, clicking through a certificate error in a <webview> in a Chrome // App shouldn't affect normal browsing. See https://crbug.com/639173. IN_PROC_BROWSER_TEST_F(StatefulSSLHostStateDelegateExtensionTest, StoragePartitionIsolation) { … } // Tests that HTTP warning decisions are isolated by storage partition. In // particular, clicking through an HTTP warning in a <webview> in a Chrome // App shouldn't affect normal browsing. IN_PROC_BROWSER_TEST_F(StatefulSSLHostStateDelegateExtensionTest, StoragePartitionIsolationHttp) { … }
Codebase Browser
chromium