diff options
Diffstat (limited to 'Tools/TestWebKitAPI/Tests/WebKit2Gtk/TestSSL.cpp')
| -rw-r--r-- | Tools/TestWebKitAPI/Tests/WebKit2Gtk/TestSSL.cpp | 210 |
1 files changed, 159 insertions, 51 deletions
diff --git a/Tools/TestWebKitAPI/Tests/WebKit2Gtk/TestSSL.cpp b/Tools/TestWebKitAPI/Tests/WebKit2Gtk/TestSSL.cpp index c3075b697..10c5e73b6 100644 --- a/Tools/TestWebKitAPI/Tests/WebKit2Gtk/TestSSL.cpp +++ b/Tools/TestWebKitAPI/Tests/WebKit2Gtk/TestSSL.cpp @@ -67,6 +67,10 @@ public: static void testSSL(SSLTest* test, gconstpointer) { + WebKitWebContext* context = webkit_web_view_get_context(test->m_webView); + WebKitTLSErrorsPolicy originalPolicy = webkit_web_context_get_tls_errors_policy(context); + webkit_web_context_set_tls_errors_policy(context, WEBKIT_TLS_ERRORS_POLICY_IGNORE); + test->loadURI(kHttpsServer->getURIForPath("/").data()); test->waitUntilLoadFinished(); g_assert(test->m_certificate); @@ -80,6 +84,8 @@ static void testSSL(SSLTest* test, gconstpointer) test->waitUntilLoadFinished(); g_assert(!test->m_certificate); g_assert(!test->m_tlsErrors); + + webkit_web_context_set_tls_errors_policy(context, originalPolicy); } class InsecureContentTest: public WebViewTest { @@ -110,38 +116,64 @@ public: static void testInsecureContent(InsecureContentTest* test, gconstpointer) { + WebKitWebContext* context = webkit_web_view_get_context(test->m_webView); + WebKitTLSErrorsPolicy originalPolicy = webkit_web_context_get_tls_errors_policy(context); + webkit_web_context_set_tls_errors_policy(context, WEBKIT_TLS_ERRORS_POLICY_IGNORE); + test->loadURI(kHttpsServer->getURIForPath("/insecure-content/").data()); test->waitUntilLoadFinished(); - g_assert(test->m_insecureContentRun); + g_assert(!test->m_insecureContentRun); + // Images are currently always displayed, even bypassing mixed content settings. Check + // https://bugs.webkit.org/show_bug.cgi?id=142469 g_assert(test->m_insecureContentDisplayed); + + webkit_web_context_set_tls_errors_policy(context, originalPolicy); } +static bool assertIfSSLRequestProcessed = false; + static void testTLSErrorsPolicy(SSLTest* test, gconstpointer) { WebKitWebContext* context = webkit_web_view_get_context(test->m_webView); - // TLS errors are ignored by default. - g_assert(webkit_web_context_get_tls_errors_policy(context) == WEBKIT_TLS_ERRORS_POLICY_IGNORE); - test->loadURI(kHttpsServer->getURIForPath("/").data()); - test->waitUntilLoadFinished(); - g_assert(!test->m_loadFailed); + // TLS errors are treated as transport failures by default. + g_assert(webkit_web_context_get_tls_errors_policy(context) == WEBKIT_TLS_ERRORS_POLICY_FAIL); - webkit_web_context_set_tls_errors_policy(context, WEBKIT_TLS_ERRORS_POLICY_FAIL); + assertIfSSLRequestProcessed = true; test->loadURI(kHttpsServer->getURIForPath("/").data()); test->waitUntilLoadFinished(); g_assert(test->m_loadFailed); g_assert(test->m_loadEvents.contains(LoadTrackingTest::ProvisionalLoadFailed)); g_assert(!test->m_loadEvents.contains(LoadTrackingTest::LoadCommitted)); + assertIfSSLRequestProcessed = false; + + webkit_web_context_set_tls_errors_policy(context, WEBKIT_TLS_ERRORS_POLICY_IGNORE); + g_assert(webkit_web_context_get_tls_errors_policy(context) == WEBKIT_TLS_ERRORS_POLICY_IGNORE); + + test->m_loadFailed = false; + test->loadURI(kHttpsServer->getURIForPath("/").data()); + test->waitUntilLoadFinished(); + g_assert(!test->m_loadFailed); + + webkit_web_context_set_tls_errors_policy(context, WEBKIT_TLS_ERRORS_POLICY_FAIL); + g_assert(webkit_web_context_get_tls_errors_policy(context) == WEBKIT_TLS_ERRORS_POLICY_FAIL); } static void testTLSErrorsRedirect(SSLTest* test, gconstpointer) { - webkit_web_context_set_tls_errors_policy(webkit_web_view_get_context(test->m_webView), WEBKIT_TLS_ERRORS_POLICY_FAIL); + WebKitWebContext* context = webkit_web_view_get_context(test->m_webView); + WebKitTLSErrorsPolicy originalPolicy = webkit_web_context_get_tls_errors_policy(context); + webkit_web_context_set_tls_errors_policy(context, WEBKIT_TLS_ERRORS_POLICY_FAIL); + + assertIfSSLRequestProcessed = true; test->loadURI(kHttpsServer->getURIForPath("/redirect").data()); test->waitUntilLoadFinished(); g_assert(test->m_loadFailed); g_assert(test->m_loadEvents.contains(LoadTrackingTest::ProvisionalLoadFailed)); g_assert(!test->m_loadEvents.contains(LoadTrackingTest::LoadCommitted)); + assertIfSSLRequestProcessed = false; + + webkit_web_context_set_tls_errors_policy(context, originalPolicy); } static gboolean webViewAuthenticationCallback(WebKitWebView*, WebKitAuthenticationRequest* request) @@ -153,13 +185,20 @@ static gboolean webViewAuthenticationCallback(WebKitWebView*, WebKitAuthenticati static void testTLSErrorsHTTPAuth(SSLTest* test, gconstpointer) { - webkit_web_context_set_tls_errors_policy(webkit_web_view_get_context(test->m_webView), WEBKIT_TLS_ERRORS_POLICY_FAIL); + WebKitWebContext* context = webkit_web_view_get_context(test->m_webView); + WebKitTLSErrorsPolicy originalPolicy = webkit_web_context_get_tls_errors_policy(context); + webkit_web_context_set_tls_errors_policy(context, WEBKIT_TLS_ERRORS_POLICY_FAIL); + + assertIfSSLRequestProcessed = true; g_signal_connect(test->m_webView, "authenticate", G_CALLBACK(webViewAuthenticationCallback), NULL); test->loadURI(kHttpsServer->getURIForPath("/auth").data()); test->waitUntilLoadFinished(); g_assert(test->m_loadFailed); g_assert(test->m_loadEvents.contains(LoadTrackingTest::ProvisionalLoadFailed)); g_assert(!test->m_loadEvents.contains(LoadTrackingTest::LoadCommitted)); + assertIfSSLRequestProcessed = false; + + webkit_web_context_set_tls_errors_policy(context, originalPolicy); } class TLSErrorsTest: public SSLTest { @@ -167,69 +206,60 @@ public: MAKE_GLIB_TEST_FIXTURE(TLSErrorsTest); TLSErrorsTest() + : m_tlsErrors(static_cast<GTlsCertificateFlags>(0)) + , m_failingURI(nullptr) { - g_signal_connect(m_webView, "load-failed-with-tls-errors", G_CALLBACK(runLoadFailedWithTLSErrorsCallback), this); } ~TLSErrorsTest() { - g_signal_handlers_disconnect_matched(m_webView, G_SIGNAL_MATCH_DATA, 0, 0, 0, 0, this); - if (m_certificateInfo) - webkit_certificate_info_free(m_certificateInfo); - } - - static gboolean runLoadFailedWithTLSErrorsCallback(WebKitWebView*, WebKitCertificateInfo* info, const char* host, TLSErrorsTest* test) - { - test->runLoadFailedWithTLSErrors(info, host); - return TRUE; - } - - void runLoadFailedWithTLSErrors(WebKitCertificateInfo* info, const char* host) - { - if (m_certificateInfo) - webkit_certificate_info_free(m_certificateInfo); - m_certificateInfo = webkit_certificate_info_copy(info); - m_host.reset(g_strdup(host)); - g_main_loop_quit(m_mainLoop); + if (m_failingURI) + soup_uri_free(m_failingURI); } - void waitUntilLoadFailedWithTLSErrors() + bool loadFailedWithTLSErrors(const char* failingURI, GTlsCertificate* certificate, GTlsCertificateFlags tlsErrors) override { - g_main_loop_run(m_mainLoop); - } + LoadTrackingTest::loadFailedWithTLSErrors(failingURI, certificate, tlsErrors); - WebKitCertificateInfo* certificateInfo() - { - return m_certificateInfo; + assertObjectIsDeletedWhenTestFinishes(G_OBJECT(certificate)); + m_certificate = certificate; + m_tlsErrors = tlsErrors; + if (m_failingURI) + soup_uri_free(m_failingURI); + m_failingURI = soup_uri_new(failingURI); + return true; } - const char* host() - { - return m_host.get(); - } + GTlsCertificate* certificate() const { return m_certificate.get(); } + GTlsCertificateFlags tlsErrors() const { return m_tlsErrors; } + const char* host() const { return m_failingURI->host; } private: - WebKitCertificateInfo* m_certificateInfo; - GUniquePtr<char> m_host; + GRefPtr<GTlsCertificate> m_certificate; + GTlsCertificateFlags m_tlsErrors; + SoupURI* m_failingURI; }; static void testLoadFailedWithTLSErrors(TLSErrorsTest* test, gconstpointer) { WebKitWebContext* context = webkit_web_view_get_context(test->m_webView); + WebKitTLSErrorsPolicy originalPolicy = webkit_web_context_get_tls_errors_policy(context); webkit_web_context_set_tls_errors_policy(context, WEBKIT_TLS_ERRORS_POLICY_FAIL); + assertIfSSLRequestProcessed = true; // The load-failed-with-tls-errors signal should be emitted when there is a TLS failure. test->loadURI(kHttpsServer->getURIForPath("/test-tls/").data()); - test->waitUntilLoadFailedWithTLSErrors(); - // Test the WebKitCertificateInfo API. - g_assert(G_IS_TLS_CERTIFICATE(webkit_certificate_info_get_tls_certificate(test->certificateInfo()))); - g_assert_cmpuint(webkit_certificate_info_get_tls_errors(test->certificateInfo()), ==, G_TLS_CERTIFICATE_UNKNOWN_CA); + test->waitUntilLoadFinished(); + g_assert(G_IS_TLS_CERTIFICATE(test->certificate())); + g_assert_cmpuint(test->tlsErrors(), ==, G_TLS_CERTIFICATE_UNKNOWN_CA); g_assert_cmpstr(test->host(), ==, soup_uri_get_host(kHttpsServer->baseURI())); g_assert_cmpint(test->m_loadEvents[0], ==, LoadTrackingTest::ProvisionalLoadStarted); - g_assert_cmpint(test->m_loadEvents[1], ==, LoadTrackingTest::LoadFinished); + g_assert_cmpint(test->m_loadEvents[1], ==, LoadTrackingTest::LoadFailedWithTLSErrors); + g_assert_cmpint(test->m_loadEvents[2], ==, LoadTrackingTest::LoadFinished); + assertIfSSLRequestProcessed = false; // Test allowing an exception for this certificate on this host. - webkit_web_context_allow_tls_certificate_for_host(context, test->certificateInfo(), test->host()); + webkit_web_context_allow_tls_certificate_for_host(context, test->certificate(), test->host()); // The page should now load without errors. test->loadURI(kHttpsServer->getURIForPath("/test-tls/").data()); test->waitUntilLoadFinished(); @@ -238,8 +268,76 @@ static void testLoadFailedWithTLSErrors(TLSErrorsTest* test, gconstpointer) g_assert_cmpint(test->m_loadEvents[1], ==, LoadTrackingTest::LoadCommitted); g_assert_cmpint(test->m_loadEvents[2], ==, LoadTrackingTest::LoadFinished); g_assert_cmpstr(webkit_web_view_get_title(test->m_webView), ==, TLSExpectedSuccessTitle); + + webkit_web_context_set_tls_errors_policy(context, originalPolicy); } +class TLSSubresourceTest : public WebViewTest { +public: + MAKE_GLIB_TEST_FIXTURE(TLSSubresourceTest); + + static void resourceLoadStartedCallback(WebKitWebView* webView, WebKitWebResource* resource, WebKitURIRequest* request, TLSSubresourceTest* test) + { + if (webkit_web_view_get_main_resource(test->m_webView) == resource) + return; + + // Ignore favicons. + if (g_str_has_suffix(webkit_uri_request_get_uri(request), "favicon.ico")) + return; + + test->subresourceLoadStarted(resource); + } + + TLSSubresourceTest() + : m_tlsErrors(static_cast<GTlsCertificateFlags>(0)) + { + g_signal_connect(m_webView, "resource-load-started", G_CALLBACK(resourceLoadStartedCallback), this); + } + + static void subresourceFailedCallback(WebKitWebResource*, GError*) + { + g_assert_not_reached(); + } + + static void subresourceFailedWithTLSErrorsCallback(WebKitWebResource* resource, GTlsCertificate* certificate, GTlsCertificateFlags tlsErrors, TLSSubresourceTest* test) + { + test->subresourceFailedWithTLSErrors(resource, certificate, tlsErrors); + } + + void subresourceLoadStarted(WebKitWebResource* resource) + { + g_signal_connect(resource, "failed", G_CALLBACK(subresourceFailedCallback), nullptr); + g_signal_connect(resource, "failed-with-tls-errors", G_CALLBACK(subresourceFailedWithTLSErrorsCallback), this); + } + + void subresourceFailedWithTLSErrors(WebKitWebResource* resource, GTlsCertificate* certificate, GTlsCertificateFlags tlsErrors) + { + m_certificate = certificate; + m_tlsErrors = tlsErrors; + g_main_loop_quit(m_mainLoop); + } + + void waitUntilSubresourceLoadFail() + { + g_main_loop_run(m_mainLoop); + } + + GRefPtr<GTlsCertificate> m_certificate; + GTlsCertificateFlags m_tlsErrors; +}; + +static void testSubresourceLoadFailedWithTLSErrors(TLSSubresourceTest* test, gconstpointer) +{ + WebKitWebContext* context = webkit_web_view_get_context(test->m_webView); + webkit_web_context_set_tls_errors_policy(context, WEBKIT_TLS_ERRORS_POLICY_FAIL); + + assertIfSSLRequestProcessed = true; + test->loadURI(kHttpServer->getURIForPath("/").data()); + test->waitUntilSubresourceLoadFail(); + g_assert(G_IS_TLS_CERTIFICATE(test->m_certificate.get())); + g_assert_cmpuint(test->m_tlsErrors, ==, G_TLS_CERTIFICATE_UNKNOWN_CA); + assertIfSSLRequestProcessed = false; +} static void httpsServerCallback(SoupServer* server, SoupMessage* message, const char* path, GHashTable*, SoupClientContext*, gpointer) { @@ -248,6 +346,8 @@ static void httpsServerCallback(SoupServer* server, SoupMessage* message, const return; } + g_assert(!assertIfSSLRequestProcessed); + if (g_str_equal(path, "/")) { soup_message_set_status(message, SOUP_STATUS_OK); soup_message_body_append(message->response_body, SOUP_MEMORY_STATIC, indexHTML, strlen(indexHTML)); @@ -267,6 +367,10 @@ static void httpsServerCallback(SoupServer* server, SoupMessage* message, const } else if (g_str_equal(path, "/auth")) { soup_message_set_status(message, SOUP_STATUS_UNAUTHORIZED); soup_message_headers_append(message->response_headers, "WWW-Authenticate", "Basic realm=\"HTTPS auth\""); + } else if (g_str_equal(path, "/style.css")) { + soup_message_set_status(message, SOUP_STATUS_OK); + static const char* styleCSS = "body { color: black; }"; + soup_message_body_append(message->response_body, SOUP_MEMORY_STATIC, styleCSS, strlen(styleCSS)); } else soup_message_set_status(message, SOUP_STATUS_NOT_FOUND); } @@ -279,7 +383,7 @@ static void httpServerCallback(SoupServer* server, SoupMessage* message, const c } if (g_str_equal(path, "/test-script")) { - GUniquePtr<char> pathToFile(g_build_filename(Test::getResourcesDir().data(), "link-title.js", NULL)); + GUniquePtr<char> pathToFile(g_build_filename(Test::getResourcesDir().data(), "link-title.js", nullptr)); char* contents; gsize length; g_file_get_contents(pathToFile.get(), &contents, &length, 0); @@ -288,7 +392,7 @@ static void httpServerCallback(SoupServer* server, SoupMessage* message, const c soup_message_set_status(message, SOUP_STATUS_OK); soup_message_body_complete(message->response_body); } else if (g_str_equal(path, "/test-image")) { - GUniquePtr<char> pathToFile(g_build_filename(Test::getWebKit1TestResoucesDir().data(), "blank.ico", NULL)); + GUniquePtr<char> pathToFile(g_build_filename(Test::getResourcesDir().data(), "blank.ico", nullptr)); char* contents; gsize length; g_file_get_contents(pathToFile.get(), &contents, &length, 0); @@ -296,6 +400,12 @@ static void httpServerCallback(SoupServer* server, SoupMessage* message, const c soup_message_body_append(message->response_body, SOUP_MEMORY_TAKE, contents, length); soup_message_set_status(message, SOUP_STATUS_OK); soup_message_body_complete(message->response_body); + } else if (g_str_equal(path, "/")) { + soup_message_set_status(message, SOUP_STATUS_OK); + char* responseHTML = g_strdup_printf("<html><head><link rel='stylesheet' href='%s' type='text/css'></head><body>SSL subresource test</body></html>", + kHttpsServer->getURIForPath("/style.css").data()); + soup_message_body_append(message->response_body, SOUP_MEMORY_TAKE, responseHTML, strlen(responseHTML)); + soup_message_body_complete(message->response_body); } else soup_message_set_status(message, SOUP_STATUS_NOT_FOUND); } @@ -310,12 +420,10 @@ void beforeAll() SSLTest::add("WebKitWebView", "ssl", testSSL); InsecureContentTest::add("WebKitWebView", "insecure-content", testInsecureContent); - // In this case the order of the tests does matter because tls-errors-policy tests the default policy, - // and expects that no exception will have been added for this certificate and host pair as is - // done in the tls-permission-request test. SSLTest::add("WebKitWebView", "tls-errors-policy", testTLSErrorsPolicy); SSLTest::add("WebKitWebView", "tls-errors-redirect-to-http", testTLSErrorsRedirect); SSLTest::add("WebKitWebView", "tls-http-auth", testTLSErrorsHTTPAuth); + TLSSubresourceTest::add("WebKitWebView", "tls-subresource", testSubresourceLoadFailedWithTLSErrors); TLSErrorsTest::add("WebKitWebView", "load-failed-with-tls-errors", testLoadFailedWithTLSErrors); } |