1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "base/time.h" 6 #include "chrome/app/chrome_command_ids.h" 7 #include "chrome/browser/tabs/tab_strip_model.h" 8 #include "chrome/browser/ui/browser.h" 9 #include "chrome/browser/ui/browser_navigator.h" 10 #include "chrome/browser/ui/tab_contents/tab_contents_wrapper.h" 11 #include "chrome/test/in_process_browser_test.h" 12 #include "chrome/test/ui_test_utils.h" 13 #include "content/browser/tab_contents/interstitial_page.h" 14 #include "content/browser/tab_contents/navigation_entry.h" 15 #include "content/browser/tab_contents/tab_contents.h" 16 #include "net/base/cert_status_flags.h" 17 #include "net/test/test_server.h" 18 19 const FilePath::CharType kDocRoot[] = FILE_PATH_LITERAL("chrome/test/data"); 20 21 class SSLUITest : public InProcessBrowserTest { 22 typedef net::TestServer::HTTPSOptions HTTPSOptions; 23 24 public: 25 SSLUITest() 26 : https_server_( 27 HTTPSOptions(HTTPSOptions::CERT_OK), FilePath(kDocRoot)), 28 https_server_expired_( 29 HTTPSOptions(HTTPSOptions::CERT_EXPIRED), FilePath(kDocRoot)), 30 https_server_mismatched_( 31 HTTPSOptions(HTTPSOptions::CERT_MISMATCHED_NAME), 32 FilePath(kDocRoot)) { 33 EnableDOMAutomation(); 34 } 35 36 void CheckAuthenticatedState(TabContents* tab, 37 bool displayed_insecure_content) { 38 NavigationEntry* entry = tab->controller().GetActiveEntry(); 39 ASSERT_TRUE(entry); 40 EXPECT_EQ(NORMAL_PAGE, entry->page_type()); 41 EXPECT_EQ(SECURITY_STYLE_AUTHENTICATED, entry->ssl().security_style()); 42 EXPECT_EQ(0, entry->ssl().cert_status() & net::CERT_STATUS_ALL_ERRORS); 43 EXPECT_EQ(displayed_insecure_content, 44 entry->ssl().displayed_insecure_content()); 45 EXPECT_FALSE(entry->ssl().ran_insecure_content()); 46 } 47 48 void CheckUnauthenticatedState(TabContents* tab) { 49 NavigationEntry* entry = tab->controller().GetActiveEntry(); 50 ASSERT_TRUE(entry); 51 EXPECT_EQ(NORMAL_PAGE, entry->page_type()); 52 EXPECT_EQ(SECURITY_STYLE_UNAUTHENTICATED, entry->ssl().security_style()); 53 EXPECT_EQ(0, entry->ssl().cert_status() & net::CERT_STATUS_ALL_ERRORS); 54 EXPECT_FALSE(entry->ssl().displayed_insecure_content()); 55 EXPECT_FALSE(entry->ssl().ran_insecure_content()); 56 } 57 58 void CheckAuthenticationBrokenState(TabContents* tab, 59 int error, 60 bool ran_insecure_content, 61 bool interstitial) { 62 NavigationEntry* entry = tab->controller().GetActiveEntry(); 63 ASSERT_TRUE(entry); 64 EXPECT_EQ(interstitial ? INTERSTITIAL_PAGE : NORMAL_PAGE, 65 entry->page_type()); 66 EXPECT_EQ(SECURITY_STYLE_AUTHENTICATION_BROKEN, 67 entry->ssl().security_style()); 68 // CERT_STATUS_UNABLE_TO_CHECK_REVOCATION doesn't lower the security style 69 // to SECURITY_STYLE_AUTHENTICATION_BROKEN. 70 ASSERT_NE(net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION, error); 71 EXPECT_EQ(error, entry->ssl().cert_status() & net::CERT_STATUS_ALL_ERRORS); 72 EXPECT_FALSE(entry->ssl().displayed_insecure_content()); 73 EXPECT_EQ(ran_insecure_content, entry->ssl().ran_insecure_content()); 74 } 75 76 void CheckWorkerLoadResult(TabContents* tab, bool expectLoaded) { 77 // Workers are async and we don't have notifications for them passing 78 // messages since they do it between renderer and worker processes. 79 // So have a polling loop, check every 200ms, timeout at 30s. 80 const int timeout_ms = 200; 81 base::Time timeToQuit = base::Time::Now() + 82 base::TimeDelta::FromMilliseconds(30000); 83 84 while (base::Time::Now() < timeToQuit) { 85 bool workerFinished = false; 86 ASSERT_TRUE(ui_test_utils::ExecuteJavaScriptAndExtractBool( 87 tab->render_view_host(), std::wstring(), 88 L"window.domAutomationController.send(IsWorkerFinished());", 89 &workerFinished)); 90 91 if (workerFinished) 92 break; 93 94 // Wait a bit. 95 MessageLoop::current()->PostDelayedTask( 96 FROM_HERE, new MessageLoop::QuitTask, timeout_ms); 97 ui_test_utils::RunMessageLoop(); 98 } 99 100 bool actuallyLoadedContent = false; 101 ASSERT_TRUE(ui_test_utils::ExecuteJavaScriptAndExtractBool( 102 tab->render_view_host(), std::wstring(), 103 L"window.domAutomationController.send(IsContentLoaded());", 104 &actuallyLoadedContent)); 105 EXPECT_EQ(expectLoaded, actuallyLoadedContent); 106 } 107 108 void ProceedThroughInterstitial(TabContents* tab) { 109 InterstitialPage* interstitial_page = tab->interstitial_page(); 110 ASSERT_TRUE(interstitial_page); 111 interstitial_page->Proceed(); 112 // Wait for the navigation to be done. 113 ui_test_utils::WaitForNavigation(&(tab->controller())); 114 } 115 116 static bool GetFilePathWithHostAndPortReplacement( 117 const std::string& original_file_path, 118 const net::HostPortPair& host_port_pair, 119 std::string* replacement_path) { 120 std::vector<net::TestServer::StringPair> replacement_text; 121 replacement_text.push_back( 122 make_pair("REPLACE_WITH_HOST_AND_PORT", host_port_pair.ToString())); 123 return net::TestServer::GetFilePathWithReplacements( 124 original_file_path, replacement_text, replacement_path); 125 } 126 127 static bool GetTopFramePath(const net::TestServer& http_server, 128 const net::TestServer& good_https_server, 129 const net::TestServer& bad_https_server, 130 std::string* top_frame_path) { 131 // The "frame_left.html" page contained in the top_frame.html page contains 132 // <a href>'s to three different servers. This sets up all of the 133 // replacement text to work with test servers which listen on ephemeral 134 // ports. 135 GURL http_url = http_server.GetURL("files/ssl/google.html"); 136 GURL good_https_url = good_https_server.GetURL("files/ssl/google.html"); 137 GURL bad_https_url = bad_https_server.GetURL( 138 "files/ssl/bad_iframe.html"); 139 140 std::vector<net::TestServer::StringPair> replacement_text_frame_left; 141 replacement_text_frame_left.push_back( 142 make_pair("REPLACE_WITH_HTTP_PAGE", http_url.spec())); 143 replacement_text_frame_left.push_back( 144 make_pair("REPLACE_WITH_GOOD_HTTPS_PAGE", good_https_url.spec())); 145 replacement_text_frame_left.push_back( 146 make_pair("REPLACE_WITH_BAD_HTTPS_PAGE", bad_https_url.spec())); 147 std::string frame_left_path; 148 if (!net::TestServer::GetFilePathWithReplacements( 149 "frame_left.html", 150 replacement_text_frame_left, 151 &frame_left_path)) 152 return false; 153 154 // Substitute the generated frame_left URL into the top_frame page. 155 std::vector<net::TestServer::StringPair> replacement_text_top_frame; 156 replacement_text_top_frame.push_back( 157 make_pair("REPLACE_WITH_FRAME_LEFT_PATH", frame_left_path)); 158 return net::TestServer::GetFilePathWithReplacements( 159 "files/ssl/top_frame.html", 160 replacement_text_top_frame, 161 top_frame_path); 162 } 163 164 static bool GetPageWithUnsafeWorkerPath( 165 const net::TestServer& expired_https_server, 166 std::string* page_with_unsafe_worker_path) { 167 // Get the "imported.js" URL from the expired https server and 168 // substitute it into the unsafe_worker.js file. 169 GURL imported_js_url = expired_https_server.GetURL("files/ssl/imported.js"); 170 std::vector<net::TestServer::StringPair> replacement_text_for_unsafe_worker; 171 replacement_text_for_unsafe_worker.push_back( 172 make_pair("REPLACE_WITH_IMPORTED_JS_URL", imported_js_url.spec())); 173 std::string unsafe_worker_path; 174 if (!net::TestServer::GetFilePathWithReplacements( 175 "unsafe_worker.js", 176 replacement_text_for_unsafe_worker, 177 &unsafe_worker_path)) 178 return false; 179 180 // Now, substitute this into the page with unsafe worker. 181 std::vector<net::TestServer::StringPair> 182 replacement_text_for_page_with_unsafe_worker; 183 replacement_text_for_page_with_unsafe_worker.push_back( 184 make_pair("REPLACE_WITH_UNSAFE_WORKER_PATH", unsafe_worker_path)); 185 return net::TestServer::GetFilePathWithReplacements( 186 "files/ssl/page_with_unsafe_worker.html", 187 replacement_text_for_page_with_unsafe_worker, 188 page_with_unsafe_worker_path); 189 } 190 191 net::TestServer https_server_; 192 net::TestServer https_server_expired_; 193 net::TestServer https_server_mismatched_; 194 195 private: 196 DISALLOW_COPY_AND_ASSIGN(SSLUITest); 197 }; 198 199 // Visits a regular page over http. 200 IN_PROC_BROWSER_TEST_F(SSLUITest, TestHTTP) { 201 ASSERT_TRUE(test_server()->Start()); 202 203 ui_test_utils::NavigateToURL(browser(), 204 test_server()->GetURL("files/ssl/google.html")); 205 206 CheckUnauthenticatedState(browser()->GetSelectedTabContents()); 207 } 208 209 // Visits a page over http which includes broken https resources (status should 210 // be OK). 211 // TODO(jcampan): test that bad HTTPS content is blocked (otherwise we'll give 212 // the secure cookies away!). 213 IN_PROC_BROWSER_TEST_F(SSLUITest, TestHTTPWithBrokenHTTPSResource) { 214 ASSERT_TRUE(test_server()->Start()); 215 ASSERT_TRUE(https_server_expired_.Start()); 216 217 std::string replacement_path; 218 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement( 219 "files/ssl/page_with_unsafe_contents.html", 220 https_server_expired_.host_port_pair(), 221 &replacement_path)); 222 223 ui_test_utils::NavigateToURL( 224 browser(), test_server()->GetURL(replacement_path)); 225 226 CheckUnauthenticatedState(browser()->GetSelectedTabContents()); 227 } 228 229 // Visits a page over OK https: 230 IN_PROC_BROWSER_TEST_F(SSLUITest, TestOKHTTPS) { 231 ASSERT_TRUE(https_server_.Start()); 232 233 ui_test_utils::NavigateToURL(browser(), 234 https_server_.GetURL("files/ssl/google.html")); 235 236 CheckAuthenticatedState(browser()->GetSelectedTabContents(), false); 237 } 238 239 // Visits a page with https error and proceed: 240 // Disabled, http://crbug.com/68448. 241 IN_PROC_BROWSER_TEST_F(SSLUITest, DISABLED_TestHTTPSExpiredCertAndProceed) { 242 ASSERT_TRUE(https_server_expired_.Start()); 243 244 ui_test_utils::NavigateToURL(browser(), 245 https_server_expired_.GetURL("files/ssl/google.html")); 246 247 TabContents* tab = browser()->GetSelectedTabContents(); 248 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, 249 true); // Interstitial showing 250 251 ProceedThroughInterstitial(tab); 252 253 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, 254 false); // No interstitial showing 255 } 256 257 // Visits a page with https error and don't proceed (and ensure we can still 258 // navigate at that point): 259 #if defined(OS_WIN) 260 // Disabled, flakily exceeds test timeout, http://crbug.com/43575. 261 #define MAYBE_TestHTTPSExpiredCertAndDontProceed \ 262 DISABLED_TestHTTPSExpiredCertAndDontProceed 263 #else 264 // Marked as flaky, see bug 40932. 265 #define MAYBE_TestHTTPSExpiredCertAndDontProceed \ 266 FLAKY_TestHTTPSExpiredCertAndDontProceed 267 #endif 268 IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestHTTPSExpiredCertAndDontProceed) { 269 ASSERT_TRUE(test_server()->Start()); 270 ASSERT_TRUE(https_server_.Start()); 271 ASSERT_TRUE(https_server_expired_.Start()); 272 273 // First navigate to an OK page. 274 ui_test_utils::NavigateToURL(browser(), 275 https_server_.GetURL("files/ssl/google.html")); 276 277 TabContents* tab = browser()->GetSelectedTabContents(); 278 NavigationEntry* entry = tab->controller().GetActiveEntry(); 279 ASSERT_TRUE(entry); 280 281 GURL cross_site_url = 282 https_server_expired_.GetURL("files/ssl/google.html"); 283 // Change the host name from 127.0.0.1 to localhost so it triggers a 284 // cross-site navigation so we can test http://crbug.com/5800 is gone. 285 ASSERT_EQ("127.0.0.1", cross_site_url.host()); 286 GURL::Replacements replacements; 287 std::string new_host("localhost"); 288 replacements.SetHostStr(new_host); 289 cross_site_url = cross_site_url.ReplaceComponents(replacements); 290 291 // Now go to a bad HTTPS page. 292 ui_test_utils::NavigateToURL(browser(), cross_site_url); 293 294 // An interstitial should be showing. 295 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_COMMON_NAME_INVALID, 296 false, true); 297 298 // Simulate user clicking "Take me back". 299 InterstitialPage* interstitial_page = tab->interstitial_page(); 300 ASSERT_TRUE(interstitial_page); 301 interstitial_page->DontProceed(); 302 303 // We should be back to the original good page. 304 CheckAuthenticatedState(tab, false); 305 306 // Try to navigate to a new page. (to make sure bug 5800 is fixed). 307 ui_test_utils::NavigateToURL(browser(), 308 test_server()->GetURL("files/ssl/google.html")); 309 CheckUnauthenticatedState(tab); 310 } 311 312 // Visits a page with https error and then goes back using Browser::GoBack. 313 IN_PROC_BROWSER_TEST_F(SSLUITest, TestHTTPSExpiredCertAndGoBackViaButton) { 314 ASSERT_TRUE(test_server()->Start()); 315 ASSERT_TRUE(https_server_expired_.Start()); 316 317 // First navigate to an HTTP page. 318 ui_test_utils::NavigateToURL(browser(), 319 test_server()->GetURL("files/ssl/google.html")); 320 TabContents* tab = browser()->GetSelectedTabContents(); 321 NavigationEntry* entry = tab->controller().GetActiveEntry(); 322 ASSERT_TRUE(entry); 323 324 // Now go to a bad HTTPS page that shows an interstitial. 325 ui_test_utils::NavigateToURL(browser(), 326 https_server_expired_.GetURL("files/ssl/google.html")); 327 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, 328 true); // Interstitial showing 329 330 // Simulate user clicking on back button (crbug.com/39248). 331 browser()->GoBack(CURRENT_TAB); 332 333 // We should be back at the original good page. 334 EXPECT_FALSE(browser()->GetSelectedTabContents()->interstitial_page()); 335 CheckUnauthenticatedState(tab); 336 } 337 338 // Visits a page with https error and then goes back using GoToOffset. 339 // Marked as flaky, see bug 40932. 340 IN_PROC_BROWSER_TEST_F(SSLUITest, FLAKY_TestHTTPSExpiredCertAndGoBackViaMenu) { 341 ASSERT_TRUE(test_server()->Start()); 342 ASSERT_TRUE(https_server_expired_.Start()); 343 344 // First navigate to an HTTP page. 345 ui_test_utils::NavigateToURL(browser(), 346 test_server()->GetURL("files/ssl/google.html")); 347 TabContents* tab = browser()->GetSelectedTabContents(); 348 NavigationEntry* entry = tab->controller().GetActiveEntry(); 349 ASSERT_TRUE(entry); 350 351 // Now go to a bad HTTPS page that shows an interstitial. 352 ui_test_utils::NavigateToURL(browser(), 353 https_server_expired_.GetURL("files/ssl/google.html")); 354 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, 355 true); // Interstitial showing 356 357 // Simulate user clicking and holding on back button (crbug.com/37215). 358 tab->controller().GoToOffset(-1); 359 360 // We should be back at the original good page. 361 EXPECT_FALSE(browser()->GetSelectedTabContents()->interstitial_page()); 362 CheckUnauthenticatedState(tab); 363 } 364 365 // Visits a page with https error and then goes forward using GoToOffset. 366 // Marked as flaky, see bug 40932. 367 IN_PROC_BROWSER_TEST_F(SSLUITest, FLAKY_TestHTTPSExpiredCertAndGoForward) { 368 ASSERT_TRUE(test_server()->Start()); 369 ASSERT_TRUE(https_server_expired_.Start()); 370 371 // First navigate to two HTTP pages. 372 ui_test_utils::NavigateToURL(browser(), 373 test_server()->GetURL("files/ssl/google.html")); 374 TabContents* tab = browser()->GetSelectedTabContents(); 375 NavigationEntry* entry1 = tab->controller().GetActiveEntry(); 376 ASSERT_TRUE(entry1); 377 ui_test_utils::NavigateToURL(browser(), 378 test_server()->GetURL("files/ssl/blank_page.html")); 379 NavigationEntry* entry2 = tab->controller().GetActiveEntry(); 380 ASSERT_TRUE(entry2); 381 382 // Now go back so that a page is in the forward history. 383 tab->controller().GoBack(); 384 ui_test_utils::WaitForNavigation(&(tab->controller())); 385 ASSERT_TRUE(tab->controller().CanGoForward()); 386 NavigationEntry* entry3 = tab->controller().GetActiveEntry(); 387 ASSERT_TRUE(entry1 == entry3); 388 389 // Now go to a bad HTTPS page that shows an interstitial. 390 ui_test_utils::NavigateToURL(browser(), 391 https_server_expired_.GetURL("files/ssl/google.html")); 392 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, 393 true); // Interstitial showing 394 395 // Simulate user clicking and holding on forward button. 396 tab->controller().GoToOffset(1); 397 ui_test_utils::WaitForNavigation(&(tab->controller())); 398 399 // We should be showing the second good page. 400 EXPECT_FALSE(browser()->GetSelectedTabContents()->interstitial_page()); 401 CheckUnauthenticatedState(tab); 402 EXPECT_FALSE(tab->controller().CanGoForward()); 403 NavigationEntry* entry4 = tab->controller().GetActiveEntry(); 404 EXPECT_TRUE(entry2 == entry4); 405 } 406 407 // Open a page with a HTTPS error in a tab with no prior navigation (through a 408 // link with a blank target). This is to test that the lack of navigation entry 409 // does not cause any problems (it was causing a crasher, see 410 // http://crbug.com/19941). 411 IN_PROC_BROWSER_TEST_F(SSLUITest, TestHTTPSErrorWithNoNavEntry) { 412 ASSERT_TRUE(https_server_expired_.Start()); 413 414 GURL url = https_server_expired_.GetURL("files/ssl/google.htm"); 415 TabContentsWrapper* tab2 = 416 browser()->AddSelectedTabWithURL(url, PageTransition::TYPED); 417 ui_test_utils::WaitForLoadStop(tab2->tab_contents()); 418 419 // Verify our assumption that there was no prior navigation. 420 EXPECT_FALSE(browser()->command_updater()->IsCommandEnabled(IDC_BACK)); 421 422 // We should have an interstitial page showing. 423 ASSERT_TRUE(tab2->tab_contents()->interstitial_page()); 424 } 425 426 // 427 // Insecure content 428 // 429 430 // Visits a page that displays insecure content. 431 IN_PROC_BROWSER_TEST_F(SSLUITest, TestDisplaysInsecureContent) { 432 ASSERT_TRUE(test_server()->Start()); 433 ASSERT_TRUE(https_server_.Start()); 434 435 std::string replacement_path; 436 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement( 437 "files/ssl/page_displays_insecure_content.html", 438 test_server()->host_port_pair(), 439 &replacement_path)); 440 441 // Load a page that displays insecure content. 442 ui_test_utils::NavigateToURL(browser(), 443 https_server_.GetURL(replacement_path)); 444 445 CheckAuthenticatedState(browser()->GetSelectedTabContents(), true); 446 } 447 448 // Visits a page that runs insecure content and tries to suppress the insecure 449 // content warnings by randomizing location.hash. 450 // Based on http://crbug.com/8706 451 IN_PROC_BROWSER_TEST_F(SSLUITest, TestRunsInsecuredContentRandomizeHash) { 452 ASSERT_TRUE(test_server()->Start()); 453 ASSERT_TRUE(https_server_.Start()); 454 455 ui_test_utils::NavigateToURL(browser(), https_server_.GetURL( 456 "files/ssl/page_runs_insecure_content.html")); 457 458 CheckAuthenticationBrokenState(browser()->GetSelectedTabContents(), 0, true, 459 false); 460 } 461 462 // Visits a page with unsafe content and make sure that: 463 // - frames content is replaced with warning 464 // - images and scripts are filtered out entirely 465 // Marked as flaky, see bug 40932. 466 IN_PROC_BROWSER_TEST_F(SSLUITest, FLAKY_TestUnsafeContents) { 467 ASSERT_TRUE(https_server_.Start()); 468 ASSERT_TRUE(https_server_expired_.Start()); 469 470 std::string replacement_path; 471 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement( 472 "files/ssl/page_with_unsafe_contents.html", 473 https_server_expired_.host_port_pair(), 474 &replacement_path)); 475 ui_test_utils::NavigateToURL(browser(), 476 https_server_.GetURL(replacement_path)); 477 478 TabContents* tab = browser()->GetSelectedTabContents(); 479 // When the bad content is filtered, the state is expected to be 480 // authenticated. 481 CheckAuthenticatedState(tab, false); 482 483 // Because of cross-frame scripting restrictions, we cannot access the iframe 484 // content. So to know if the frame was loaded, we just check if a popup was 485 // opened (the iframe content opens one). 486 // Note: because of bug 1115868, no constrained window is opened right now. 487 // Once the bug is fixed, this will do the real check. 488 EXPECT_EQ(0, static_cast<int>(tab->constrained_window_count())); 489 490 int img_width; 491 EXPECT_TRUE(ui_test_utils::ExecuteJavaScriptAndExtractInt( 492 tab->render_view_host(), std::wstring(), 493 L"window.domAutomationController.send(ImageWidth());", &img_width)); 494 // In order to check that the image was not loaded, we check its width. 495 // The actual image (Google logo) is 114 pixels wide, we assume the broken 496 // image is less than 100. 497 EXPECT_LT(img_width, 100); 498 499 bool js_result = false; 500 EXPECT_TRUE(ui_test_utils::ExecuteJavaScriptAndExtractBool( 501 tab->render_view_host(), std::wstring(), 502 L"window.domAutomationController.send(IsFooSet());", &js_result)); 503 EXPECT_FALSE(js_result); 504 } 505 506 // Visits a page with insecure content loaded by JS (after the initial page 507 // load). 508 IN_PROC_BROWSER_TEST_F(SSLUITest, TestDisplaysInsecureContentLoadedFromJS) { 509 ASSERT_TRUE(test_server()->Start()); 510 ASSERT_TRUE(https_server_.Start()); 511 512 std::string replacement_path; 513 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement( 514 "files/ssl/page_with_dynamic_insecure_content.html", 515 test_server()->host_port_pair(), 516 &replacement_path)); 517 ui_test_utils::NavigateToURL(browser(), https_server_.GetURL( 518 replacement_path)); 519 520 TabContents* tab = browser()->GetSelectedTabContents(); 521 CheckAuthenticatedState(tab, false); 522 523 // Load the insecure image. 524 bool js_result = false; 525 EXPECT_TRUE(ui_test_utils::ExecuteJavaScriptAndExtractBool( 526 tab->render_view_host(), std::wstring(), L"loadBadImage();", &js_result)); 527 EXPECT_TRUE(js_result); 528 529 // We should now have insecure content. 530 CheckAuthenticatedState(tab, true); 531 } 532 533 // Visits two pages from the same origin: one that displays insecure content and 534 // one that doesn't. The test checks that we do not propagate the insecure 535 // content state from one to the other. 536 IN_PROC_BROWSER_TEST_F(SSLUITest, TestDisplaysInsecureContentTwoTabs) { 537 ASSERT_TRUE(test_server()->Start()); 538 ASSERT_TRUE(https_server_.Start()); 539 540 ui_test_utils::NavigateToURL(browser(), 541 https_server_.GetURL("files/ssl/blank_page.html")); 542 543 TabContentsWrapper* tab1 = browser()->GetSelectedTabContentsWrapper(); 544 545 // This tab should be fine. 546 CheckAuthenticatedState(tab1->tab_contents(), false); 547 548 // Create a new tab. 549 std::string replacement_path; 550 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement( 551 "files/ssl/page_displays_insecure_content.html", 552 test_server()->host_port_pair(), 553 &replacement_path)); 554 555 GURL url = https_server_.GetURL(replacement_path); 556 browser::NavigateParams params(browser(), url, PageTransition::TYPED); 557 params.disposition = NEW_FOREGROUND_TAB; 558 params.tabstrip_index = 0; 559 params.source_contents = tab1; 560 browser::Navigate(¶ms); 561 TabContentsWrapper* tab2 = params.target_contents; 562 ui_test_utils::WaitForNavigation(&(tab2->controller())); 563 564 // The new tab has insecure content. 565 CheckAuthenticatedState(tab2->tab_contents(), true); 566 567 // The original tab should not be contaminated. 568 CheckAuthenticatedState(tab1->tab_contents(), false); 569 } 570 571 // Visits two pages from the same origin: one that runs insecure content and one 572 // that doesn't. The test checks that we propagate the insecure content state 573 // from one to the other. 574 IN_PROC_BROWSER_TEST_F(SSLUITest, TestRunsInsecureContentTwoTabs) { 575 ASSERT_TRUE(test_server()->Start()); 576 ASSERT_TRUE(https_server_.Start()); 577 578 ui_test_utils::NavigateToURL(browser(), 579 https_server_.GetURL("files/ssl/blank_page.html")); 580 581 TabContentsWrapper* tab1 = browser()->GetSelectedTabContentsWrapper(); 582 583 // This tab should be fine. 584 CheckAuthenticatedState(tab1->tab_contents(), false); 585 586 std::string replacement_path; 587 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement( 588 "files/ssl/page_runs_insecure_content.html", 589 test_server()->host_port_pair(), 590 &replacement_path)); 591 592 // Create a new tab. 593 GURL url = https_server_.GetURL(replacement_path); 594 browser::NavigateParams params(browser(), url, PageTransition::TYPED); 595 params.disposition = NEW_FOREGROUND_TAB; 596 params.source_contents = tab1; 597 browser::Navigate(¶ms); 598 TabContentsWrapper* tab2 = params.target_contents; 599 ui_test_utils::WaitForNavigation(&(tab2->controller())); 600 601 // The new tab has insecure content. 602 CheckAuthenticationBrokenState(tab2->tab_contents(), 0, true, false); 603 604 // Which means the origin for the first tab has also been contaminated with 605 // insecure content. 606 CheckAuthenticationBrokenState(tab1->tab_contents(), 0, true, false); 607 } 608 609 // Visits a page with an image over http. Visits another page over https 610 // referencing that same image over http (hoping it is coming from the webcore 611 // memory cache). 612 IN_PROC_BROWSER_TEST_F(SSLUITest, TestDisplaysCachedInsecureContent) { 613 ASSERT_TRUE(test_server()->Start()); 614 ASSERT_TRUE(https_server_.Start()); 615 616 std::string replacement_path; 617 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement( 618 "files/ssl/page_displays_insecure_content.html", 619 test_server()->host_port_pair(), 620 &replacement_path)); 621 622 // Load original page over HTTP. 623 const GURL url_http = test_server()->GetURL(replacement_path); 624 ui_test_utils::NavigateToURL(browser(), url_http); 625 TabContents* tab = browser()->GetSelectedTabContents(); 626 CheckUnauthenticatedState(tab); 627 628 // Load again but over SSL. It should be marked as displaying insecure 629 // content (even though the image comes from the WebCore memory cache). 630 const GURL url_https = https_server_.GetURL(replacement_path); 631 ui_test_utils::NavigateToURL(browser(), url_https); 632 CheckAuthenticatedState(tab, true); 633 } 634 635 // Visits a page with script over http. Visits another page over https 636 // referencing that same script over http (hoping it is coming from the webcore 637 // memory cache). 638 IN_PROC_BROWSER_TEST_F(SSLUITest, TestRunsCachedInsecureContent) { 639 ASSERT_TRUE(test_server()->Start()); 640 ASSERT_TRUE(https_server_.Start()); 641 642 std::string replacement_path; 643 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement( 644 "files/ssl/page_runs_insecure_content.html", 645 test_server()->host_port_pair(), 646 &replacement_path)); 647 648 // Load original page over HTTP. 649 const GURL url_http = test_server()->GetURL(replacement_path); 650 ui_test_utils::NavigateToURL(browser(), url_http); 651 TabContents* tab = browser()->GetSelectedTabContents(); 652 CheckUnauthenticatedState(tab); 653 654 // Load again but over SSL. It should be marked as displaying insecure 655 // content (even though the image comes from the WebCore memory cache). 656 const GURL url_https = https_server_.GetURL(replacement_path); 657 ui_test_utils::NavigateToURL(browser(), url_https); 658 CheckAuthenticationBrokenState(tab, 0, true, false); 659 } 660 661 // This test ensures the CN invalid status does not 'stick' to a certificate 662 // (see bug #1044942) and that it depends on the host-name. 663 // Disabled, see http://crbug.com/68448 and http://crbug.com/49377. 664 IN_PROC_BROWSER_TEST_F(SSLUITest, DISABLED_TestCNInvalidStickiness) { 665 ASSERT_TRUE(https_server_.Start()); 666 ASSERT_TRUE(https_server_mismatched_.Start()); 667 668 // First we hit the server with hostname, this generates an invalid policy 669 // error. 670 ui_test_utils::NavigateToURL(browser(), 671 https_server_mismatched_.GetURL("files/ssl/google.html")); 672 673 // We get an interstitial page as a result. 674 TabContents* tab = browser()->GetSelectedTabContents(); 675 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_COMMON_NAME_INVALID, 676 false, true); // Interstitial showing. 677 ProceedThroughInterstitial(tab); 678 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_COMMON_NAME_INVALID, 679 false, false); // No interstitial showing. 680 681 // Now we try again with the right host name this time. 682 GURL url(https_server_.GetURL("files/ssl/google.html")); 683 ui_test_utils::NavigateToURL(browser(), url); 684 685 // Security state should be OK. 686 CheckAuthenticatedState(tab, false); 687 688 // Now try again the broken one to make sure it is still broken. 689 ui_test_utils::NavigateToURL(browser(), 690 https_server_mismatched_.GetURL("files/ssl/google.html")); 691 692 // Since we OKed the interstitial last time, we get right to the page. 693 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_COMMON_NAME_INVALID, 694 false, false); // No interstitial showing. 695 } 696 697 // Test that navigating to a #ref does not change a bad security state. 698 IN_PROC_BROWSER_TEST_F(SSLUITest, TestRefNavigation) { 699 ASSERT_TRUE(https_server_expired_.Start()); 700 701 ui_test_utils::NavigateToURL(browser(), 702 https_server_expired_.GetURL("files/ssl/page_with_refs.html")); 703 704 TabContents* tab = browser()->GetSelectedTabContents(); 705 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, 706 true); // Interstitial showing. 707 708 ProceedThroughInterstitial(tab); 709 710 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, 711 false); // No interstitial showing. 712 713 // Now navigate to a ref in the page, the security state should not have 714 // changed. 715 ui_test_utils::NavigateToURL(browser(), 716 https_server_expired_.GetURL("files/ssl/page_with_refs.html#jp")); 717 718 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, 719 false); // No interstitial showing. 720 } 721 722 // Tests that closing a page that has a unsafe pop-up does not crash the 723 // browser (bug #1966). 724 // TODO(jcampan): http://crbug.com/2136 disabled because the popup is not 725 // opened as it is not initiated by a user gesture. 726 IN_PROC_BROWSER_TEST_F(SSLUITest, DISABLED_TestCloseTabWithUnsafePopup) { 727 ASSERT_TRUE(test_server()->Start()); 728 ASSERT_TRUE(https_server_expired_.Start()); 729 730 std::string replacement_path; 731 ASSERT_TRUE(GetFilePathWithHostAndPortReplacement( 732 "files/ssl/page_with_unsafe_popup.html", 733 https_server_expired_.host_port_pair(), 734 &replacement_path)); 735 736 ui_test_utils::NavigateToURL(browser(), 737 test_server()->GetURL(replacement_path)); 738 739 TabContents* tab1 = browser()->GetSelectedTabContents(); 740 // It is probably overkill to add a notification for a popup-opening, let's 741 // just poll. 742 for (int i = 0; i < 10; i++) { 743 if (static_cast<int>(tab1->constrained_window_count()) > 0) 744 break; 745 MessageLoop::current()->PostDelayedTask(FROM_HERE, 746 new MessageLoop::QuitTask(), 1000); 747 ui_test_utils::RunMessageLoop(); 748 } 749 ASSERT_EQ(1, static_cast<int>(tab1->constrained_window_count())); 750 751 // Let's add another tab to make sure the browser does not exit when we close 752 // the first tab. 753 GURL url = test_server()->GetURL("files/ssl/google.html"); 754 TabContentsWrapper* tab2 = 755 browser()->AddSelectedTabWithURL(url, PageTransition::TYPED); 756 ui_test_utils::WaitForNavigation(&(tab2->controller())); 757 758 // Close the first tab. 759 browser()->CloseTabContents(tab1); 760 } 761 762 // Visit a page over bad https that is a redirect to a page with good https. 763 // Crashes: http://crbug.com/77374 764 // Previously marked as flaky: http://crbug.com/40932 765 IN_PROC_BROWSER_TEST_F(SSLUITest, DISABLED_TestRedirectBadToGoodHTTPS) { 766 ASSERT_TRUE(https_server_.Start()); 767 ASSERT_TRUE(https_server_expired_.Start()); 768 769 GURL url1 = https_server_expired_.GetURL("server-redirect?"); 770 GURL url2 = https_server_.GetURL("files/ssl/google.html"); 771 772 ui_test_utils::NavigateToURL(browser(), GURL(url1.spec() + url2.spec())); 773 774 TabContents* tab = browser()->GetSelectedTabContents(); 775 776 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, 777 true); // Interstitial showing. 778 779 ProceedThroughInterstitial(tab); 780 781 // We have been redirected to the good page. 782 CheckAuthenticatedState(tab, false); 783 } 784 785 // Visit a page over good https that is a redirect to a page with bad https. 786 // Marked as flaky, see bug 40932. 787 IN_PROC_BROWSER_TEST_F(SSLUITest, FLAKY_TestRedirectGoodToBadHTTPS) { 788 ASSERT_TRUE(https_server_.Start()); 789 ASSERT_TRUE(https_server_expired_.Start()); 790 791 GURL url1 = https_server_.GetURL("server-redirect?"); 792 GURL url2 = https_server_expired_.GetURL("files/ssl/google.html"); 793 ui_test_utils::NavigateToURL(browser(), GURL(url1.spec() + url2.spec())); 794 795 TabContents* tab = browser()->GetSelectedTabContents(); 796 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, 797 true); // Interstitial showing. 798 799 ProceedThroughInterstitial(tab); 800 801 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, 802 false); // No interstitial showing. 803 } 804 805 // Visit a page over http that is a redirect to a page with good HTTPS. 806 // Disabled, http://crbug.com/70216. 807 IN_PROC_BROWSER_TEST_F(SSLUITest, DISABLED_TestRedirectHTTPToGoodHTTPS) { 808 ASSERT_TRUE(test_server()->Start()); 809 ASSERT_TRUE(https_server_.Start()); 810 811 TabContents* tab = browser()->GetSelectedTabContents(); 812 813 // HTTP redirects to good HTTPS. 814 GURL http_url = test_server()->GetURL("server-redirect?"); 815 GURL good_https_url = 816 https_server_.GetURL("files/ssl/google.html"); 817 818 ui_test_utils::NavigateToURL(browser(), 819 GURL(http_url.spec() + good_https_url.spec())); 820 CheckAuthenticatedState(tab, false); 821 } 822 823 // Visit a page over http that is a redirect to a page with bad HTTPS. 824 IN_PROC_BROWSER_TEST_F(SSLUITest, FLAKY_TestRedirectHTTPToBadHTTPS) { 825 ASSERT_TRUE(test_server()->Start()); 826 ASSERT_TRUE(https_server_expired_.Start()); 827 828 TabContents* tab = browser()->GetSelectedTabContents(); 829 830 GURL http_url = test_server()->GetURL("server-redirect?"); 831 GURL bad_https_url = 832 https_server_expired_.GetURL("files/ssl/google.html"); 833 ui_test_utils::NavigateToURL(browser(), 834 GURL(http_url.spec() + bad_https_url.spec())); 835 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, 836 true); // Interstitial showing. 837 838 ProceedThroughInterstitial(tab); 839 840 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, 841 false); // No interstitial showing. 842 } 843 844 // Visit a page over https that is a redirect to a page with http (to make sure 845 // we don't keep the secure state). 846 // Marked as flaky, see bug 40932. 847 IN_PROC_BROWSER_TEST_F(SSLUITest, FLAKY_TestRedirectHTTPSToHTTP) { 848 ASSERT_TRUE(test_server()->Start()); 849 ASSERT_TRUE(https_server_.Start()); 850 851 GURL https_url = https_server_.GetURL("server-redirect?"); 852 GURL http_url = test_server()->GetURL("files/ssl/google.html"); 853 854 ui_test_utils::NavigateToURL(browser(), 855 GURL(https_url.spec() + http_url.spec())); 856 CheckUnauthenticatedState(browser()->GetSelectedTabContents()); 857 } 858 859 // Visits a page to which we could not connect (bad port) over http and https 860 // and make sure the security style is correct. 861 IN_PROC_BROWSER_TEST_F(SSLUITest, TestConnectToBadPort) { 862 ui_test_utils::NavigateToURL(browser(), GURL("http://localhost:17")); 863 CheckUnauthenticatedState(browser()->GetSelectedTabContents()); 864 865 // Same thing over HTTPS. 866 ui_test_utils::NavigateToURL(browser(), GURL("https://localhost:17")); 867 CheckUnauthenticatedState(browser()->GetSelectedTabContents()); 868 } 869 870 // 871 // Frame navigation 872 // 873 874 // From a good HTTPS top frame: 875 // - navigate to an OK HTTPS frame 876 // - navigate to a bad HTTPS (expect unsafe content and filtered frame), then 877 // back 878 // - navigate to HTTP (expect insecure content), then back 879 // Disabled, http://crbug.com/18626. 880 IN_PROC_BROWSER_TEST_F(SSLUITest, DISABLED_TestGoodFrameNavigation) { 881 ASSERT_TRUE(test_server()->Start()); 882 ASSERT_TRUE(https_server_.Start()); 883 ASSERT_TRUE(https_server_expired_.Start()); 884 885 std::string top_frame_path; 886 ASSERT_TRUE(GetTopFramePath(*test_server(), 887 https_server_, 888 https_server_expired_, 889 &top_frame_path)); 890 891 TabContents* tab = browser()->GetSelectedTabContents(); 892 ui_test_utils::NavigateToURL(browser(), 893 https_server_.GetURL(top_frame_path)); 894 895 CheckAuthenticatedState(tab, false); 896 897 bool success = false; 898 // Now navigate inside the frame. 899 EXPECT_TRUE(ui_test_utils::ExecuteJavaScriptAndExtractBool( 900 tab->render_view_host(), std::wstring(), 901 L"window.domAutomationController.send(clickLink('goodHTTPSLink'));", 902 &success)); 903 EXPECT_TRUE(success); 904 ui_test_utils::WaitForNavigation(&tab->controller()); 905 906 // We should still be fine. 907 CheckAuthenticatedState(tab, false); 908 909 // Now let's hit a bad page. 910 EXPECT_TRUE(ui_test_utils::ExecuteJavaScriptAndExtractBool( 911 tab->render_view_host(), std::wstring(), 912 L"window.domAutomationController.send(clickLink('badHTTPSLink'));", 913 &success)); 914 EXPECT_TRUE(success); 915 ui_test_utils::WaitForNavigation(&tab->controller()); 916 917 // The security style should still be secure. 918 CheckAuthenticatedState(tab, false); 919 920 // And the frame should be blocked. 921 bool is_content_evil = true; 922 std::wstring content_frame_xpath(L"html/frameset/frame[2]"); 923 std::wstring is_evil_js(L"window.domAutomationController.send(" 924 L"document.getElementById('evilDiv') != null);"); 925 EXPECT_TRUE(ui_test_utils::ExecuteJavaScriptAndExtractBool( 926 tab->render_view_host(), content_frame_xpath, is_evil_js, 927 &is_content_evil)); 928 EXPECT_FALSE(is_content_evil); 929 930 // Now go back, our state should still be OK. 931 tab->controller().GoBack(); 932 ui_test_utils::WaitForNavigation(&tab->controller()); 933 CheckAuthenticatedState(tab, false); 934 935 // Navigate to a page served over HTTP. 936 EXPECT_TRUE(ui_test_utils::ExecuteJavaScriptAndExtractBool( 937 tab->render_view_host(), std::wstring(), 938 L"window.domAutomationController.send(clickLink('HTTPLink'));", 939 &success)); 940 EXPECT_TRUE(success); 941 ui_test_utils::WaitForNavigation(&tab->controller()); 942 943 // Our state should be insecure. 944 CheckAuthenticatedState(tab, true); 945 946 // Go back, our state should be unchanged. 947 tab->controller().GoBack(); 948 ui_test_utils::WaitForNavigation(&tab->controller()); 949 CheckAuthenticatedState(tab, true); 950 } 951 952 // From a bad HTTPS top frame: 953 // - navigate to an OK HTTPS frame (expected to be still authentication broken). 954 // Marked as flaky, see bug 40932. 955 IN_PROC_BROWSER_TEST_F(SSLUITest, FLAKY_TestBadFrameNavigation) { 956 ASSERT_TRUE(https_server_.Start()); 957 ASSERT_TRUE(https_server_expired_.Start()); 958 959 std::string top_frame_path; 960 ASSERT_TRUE(GetTopFramePath(*test_server(), 961 https_server_, 962 https_server_expired_, 963 &top_frame_path)); 964 965 TabContents* tab = browser()->GetSelectedTabContents(); 966 ui_test_utils::NavigateToURL(browser(), 967 https_server_expired_.GetURL(top_frame_path)); 968 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, 969 true); // Interstitial showing 970 971 ProceedThroughInterstitial(tab); 972 973 // Navigate to a good frame. 974 bool success = false; 975 EXPECT_TRUE(ui_test_utils::ExecuteJavaScriptAndExtractBool( 976 tab->render_view_host(), std::wstring(), 977 L"window.domAutomationController.send(clickLink('goodHTTPSLink'));", 978 &success)); 979 EXPECT_TRUE(success); 980 ui_test_utils::WaitForNavigation(&tab->controller()); 981 982 // We should still be authentication broken. 983 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, 984 false); 985 } 986 987 // From an HTTP top frame, navigate to good and bad HTTPS (security state should 988 // stay unauthenticated). 989 #if defined(OS_WIN) || defined(OS_CHROMEOS) || defined(OS_LINUX) 990 // Disabled, flakily exceeds test timeout, http://crbug.com/43437. 991 #define MAYBE_TestUnauthenticatedFrameNavigation \ 992 DISABLED_TestUnauthenticatedFrameNavigation 993 #else 994 // Marked as flaky, see bug 40932. 995 #define MAYBE_TestUnauthenticatedFrameNavigation \ 996 FLAKY_TestUnauthenticatedFrameNavigation 997 #endif 998 IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestUnauthenticatedFrameNavigation) { 999 ASSERT_TRUE(test_server()->Start()); 1000 ASSERT_TRUE(https_server_.Start()); 1001 ASSERT_TRUE(https_server_expired_.Start()); 1002 1003 std::string top_frame_path; 1004 ASSERT_TRUE(GetTopFramePath(*test_server(), 1005 https_server_, 1006 https_server_expired_, 1007 &top_frame_path)); 1008 1009 TabContents* tab = browser()->GetSelectedTabContents(); 1010 ui_test_utils::NavigateToURL(browser(), 1011 test_server()->GetURL(top_frame_path)); 1012 CheckUnauthenticatedState(tab); 1013 1014 // Now navigate inside the frame to a secure HTTPS frame. 1015 bool success = false; 1016 EXPECT_TRUE(ui_test_utils::ExecuteJavaScriptAndExtractBool( 1017 tab->render_view_host(), std::wstring(), 1018 L"window.domAutomationController.send(clickLink('goodHTTPSLink'));", 1019 &success)); 1020 EXPECT_TRUE(success); 1021 ui_test_utils::WaitForNavigation(&tab->controller()); 1022 1023 // We should still be unauthenticated. 1024 CheckUnauthenticatedState(tab); 1025 1026 // Now navigate to a bad HTTPS frame. 1027 EXPECT_TRUE(ui_test_utils::ExecuteJavaScriptAndExtractBool( 1028 tab->render_view_host(), std::wstring(), 1029 L"window.domAutomationController.send(clickLink('badHTTPSLink'));", 1030 &success)); 1031 EXPECT_TRUE(success); 1032 ui_test_utils::WaitForNavigation(&tab->controller()); 1033 1034 // State should not have changed. 1035 CheckUnauthenticatedState(tab); 1036 1037 // And the frame should have been blocked (see bug #2316). 1038 bool is_content_evil = true; 1039 std::wstring content_frame_xpath(L"html/frameset/frame[2]"); 1040 std::wstring is_evil_js(L"window.domAutomationController.send(" 1041 L"document.getElementById('evilDiv') != null);"); 1042 EXPECT_TRUE(ui_test_utils::ExecuteJavaScriptAndExtractBool( 1043 tab->render_view_host(), content_frame_xpath, is_evil_js, 1044 &is_content_evil)); 1045 EXPECT_FALSE(is_content_evil); 1046 } 1047 1048 // Marked as flaky, see bug 40932. 1049 IN_PROC_BROWSER_TEST_F(SSLUITest, FLAKY_TestUnsafeContentsInWorkerFiltered) { 1050 ASSERT_TRUE(https_server_.Start()); 1051 ASSERT_TRUE(https_server_expired_.Start()); 1052 1053 // This page will spawn a Worker which will try to load content from 1054 // BadCertServer. 1055 std::string page_with_unsafe_worker_path; 1056 ASSERT_TRUE(GetPageWithUnsafeWorkerPath(https_server_expired_, 1057 &page_with_unsafe_worker_path)); 1058 ui_test_utils::NavigateToURL(browser(), https_server_.GetURL( 1059 page_with_unsafe_worker_path)); 1060 TabContents* tab = browser()->GetSelectedTabContents(); 1061 // Expect Worker not to load insecure content. 1062 CheckWorkerLoadResult(tab, false); 1063 // The bad content is filtered, expect the state to be authenticated. 1064 CheckAuthenticatedState(tab, false); 1065 } 1066 1067 // Marked as flaky, see bug 40932. 1068 IN_PROC_BROWSER_TEST_F(SSLUITest, FLAKY_TestUnsafeContentsInWorker) { 1069 ASSERT_TRUE(https_server_.Start()); 1070 ASSERT_TRUE(https_server_expired_.Start()); 1071 1072 // Navigate to an unsafe site. Proceed with interstitial page to indicate 1073 // the user approves the bad certificate. 1074 ui_test_utils::NavigateToURL(browser(), 1075 https_server_expired_.GetURL("files/ssl/blank_page.html")); 1076 TabContents* tab = browser()->GetSelectedTabContents(); 1077 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, 1078 true); // Interstitial showing 1079 ProceedThroughInterstitial(tab); 1080 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false, 1081 false); // No Interstitial 1082 1083 // Navigate to safe page that has Worker loading unsafe content. 1084 // Expect content to load but be marked as auth broken due to running insecure 1085 // content. 1086 std::string page_with_unsafe_worker_path; 1087 ASSERT_TRUE(GetPageWithUnsafeWorkerPath(https_server_expired_, 1088 &page_with_unsafe_worker_path)); 1089 ui_test_utils::NavigateToURL(browser(), https_server_.GetURL( 1090 page_with_unsafe_worker_path)); 1091 CheckWorkerLoadResult(tab, true); // Worker loads insecure content 1092 CheckAuthenticationBrokenState(tab, 0, true, false); 1093 } 1094 1095 // TODO(jcampan): more tests to do below. 1096 1097 // Visit a page over https that contains a frame with a redirect. 1098 1099 // XMLHttpRequest insecure content in synchronous mode. 1100 1101 // XMLHttpRequest insecure content in asynchronous mode. 1102 1103 // XMLHttpRequest over bad ssl in synchronous mode. 1104 1105 // XMLHttpRequest over OK ssl in synchronous mode. 1106