OLD | NEW |
---|---|
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "ios/web/net/cert_verifier_block_adapter.h" | 5 #include "ios/web/net/cert_verifier_block_adapter.h" |
6 | 6 |
7 #include "base/location.h" | |
7 #include "base/test/ios/wait_util.h" | 8 #include "base/test/ios/wait_util.h" |
9 #include "ios/web/public/test/test_web_thread_bundle.h" | |
10 #include "ios/web/public/web_thread.h" | |
8 #include "net/base/net_errors.h" | 11 #include "net/base/net_errors.h" |
12 #include "net/base/test_data_directory.h" | |
13 #include "net/cert/cert_verifier.h" | |
9 #include "net/cert/cert_verify_result.h" | 14 #include "net/cert/cert_verify_result.h" |
10 #include "net/cert/crl_set.h" | 15 #include "net/cert/crl_set.h" |
11 #include "net/cert/x509_certificate.h" | 16 #include "net/cert/x509_certificate.h" |
17 #include "net/log/net_log.h" | |
18 #include "net/test/cert_test_util.h" | |
12 #include "testing/gmock/include/gmock/gmock.h" | 19 #include "testing/gmock/include/gmock/gmock.h" |
13 #include "testing/platform_test.h" | 20 #include "testing/platform_test.h" |
14 | 21 |
15 namespace net { | 22 namespace net { |
16 | 23 |
17 using testing::_; | 24 using testing::_; |
18 | 25 |
19 namespace { | 26 namespace { |
20 | 27 // Test cert filename. |
28 const char kCertFileName[] = "2029_globalsign_com_cert.pem"; | |
21 // Test hostname for CertVerifier. | 29 // Test hostname for CertVerifier. |
22 const char kHostName[] = "chromium.org"; | 30 const char kHostName[] = "2029.globalsign.com"; |
Ryan Sleevi
2015/08/14 02:29:44
use ok_cert.pem, if you're just looking for a rand
Eugene But (OOO till 7-30)
2015/08/14 21:18:20
Done. ok_cert.pem works for me.
| |
23 // Test OCSP response for CertVerifier. | 31 // Test OCSP response for CertVerifier. |
24 const char kOcspResponse[] = "ocsp"; | 32 const char kOcspResponse[] = "ocsp"; |
25 | 33 |
26 // Mocks CertVerifier for CertVerifierBlockAdapter testing. | 34 // Mocks CertVerifier for CertVerifierBlockAdapter testing. |
27 class CertVerifierMock : public CertVerifier { | 35 class CertVerifierMock : public CertVerifier { |
28 public: | 36 public: |
29 MOCK_METHOD9(Verify, | 37 MOCK_METHOD9(Verify, |
30 int(X509Certificate* cert, | 38 int(X509Certificate* cert, |
31 const std::string& hostname, | 39 const std::string& hostname, |
32 const std::string& ocsp_response, | 40 const std::string& ocsp_response, |
33 int flags, | 41 int flags, |
34 CRLSet* crl_set, | 42 CRLSet* crl_set, |
35 CertVerifyResult* verify_result, | 43 CertVerifyResult* verify_result, |
36 const CompletionCallback& callback, | 44 const CompletionCallback& callback, |
37 scoped_ptr<Request>* out_req, | 45 scoped_ptr<Request>* out_req, |
38 const BoundNetLog& net_log)); | 46 const BoundNetLog& net_log)); |
39 }; | 47 }; |
40 | 48 |
41 // Sets CertVerifyResult to emulate CertVerifier behavior. | 49 // Sets CertVerifyResult to emulate CertVerifier behavior. |
42 ACTION_P(SetVerifyResult, result) { | 50 ACTION_P(SetVerifyResult, result) { |
43 *arg5 = result; | 51 *arg5 = result; |
44 } | 52 } |
45 | 53 |
46 // Calls CompletionCallback to emulate CertVerifier behavior. | 54 // Calls CompletionCallback to emulate CertVerifier behavior. |
47 ACTION(RunCallback) { | 55 ACTION_P(RunCallback, status_result) { |
48 arg6.Run(0); | 56 web::WebThread::PostTask(web::WebThread::IO, FROM_HERE, |
Ryan Sleevi
2015/08/14 02:29:44
This doesn't seem right. Nothing in your test asse
Eugene But (OOO till 7-30)
2015/08/14 21:18:20
Done.
| |
57 base::Bind(arg6, status_result)); | |
49 } | 58 } |
50 | 59 |
51 } // namespace | 60 } // namespace |
52 | 61 |
53 // Test fixture to test CertVerifierBlockAdapter class. | 62 // Test fixture to test CertVerifierBlockAdapter class. |
54 class CertVerifierBlockAdapterTest : public PlatformTest { | 63 class CertVerifierBlockAdapterTest : public PlatformTest { |
55 protected: | 64 protected: |
56 void SetUp() override { | 65 CertVerifierBlockAdapterTest() |
57 PlatformTest::SetUp(); | 66 : thread_bundle_(web::TestWebThreadBundle::REAL_IO_THREAD), |
58 | 67 cert_(ImportCertFromFile(GetTestCertsDirectory(), kCertFileName)), |
Ryan Sleevi
2015/08/14 02:29:43
Shouldn't this be in SetUp() so that you can ASSER
Eugene But (OOO till 7-30)
2015/08/14 21:18:20
I added DCHECK to constructor. In GTest Constructo
Ryan Sleevi
2015/08/14 21:43:53
I specifically said SetUp because that's what it's
Eugene But (OOO till 7-30)
2015/08/19 17:57:36
Done.
| |
59 cert_ = new X509Certificate("test", "test", base::Time(), base::Time()); | 68 test_adapter_( |
60 scoped_ptr<CertVerifierMock> cert_verifier_mock(new CertVerifierMock()); | 69 new CertVerifierBlockAdapter(&cert_verifier_mock_, &net_log_)) {} |
61 cert_verifier_mock_ = cert_verifier_mock.get(); | |
62 test_adapter_.reset( | |
63 new CertVerifierBlockAdapter(cert_verifier_mock.Pass())); | |
64 } | |
65 | 70 |
66 // Performs synchronous verification. | 71 // Performs synchronous verification. |
67 void Verify(CertVerifierBlockAdapter::Params params, | 72 void Verify(CertVerifierBlockAdapter::Params params, |
68 scoped_ptr<net::CertVerifyResult>* result, | 73 net::CertVerifyResult* cert_verify_result, |
69 int* status) { | 74 int* status_result) { |
70 __block bool verification_completed = false; | 75 __block bool verification_completed = false; |
71 test_adapter_->Verify(params, | 76 test_adapter_->Verify(params, |
72 ^(scoped_ptr<net::CertVerifyResult> callback_result, | 77 ^(net::CertVerifyResult callback_cert_verify_result, |
73 int callback_status) { | 78 int callback_status_result) { |
74 *result = callback_result.Pass(); | 79 *cert_verify_result = callback_cert_verify_result; |
75 *status = callback_status; | 80 *status_result = callback_status_result; |
76 verification_completed = true; | 81 verification_completed = true; |
77 }); | 82 }); |
78 base::test::ios::WaitUntilCondition(^{ | 83 base::test::ios::WaitUntilCondition(^{ |
79 return verification_completed; | 84 return verification_completed; |
80 }); | 85 }); |
81 } | 86 } |
82 | 87 // IO Thread bundle. |
Ryan Sleevi
2015/08/14 02:29:44
Seems unnecessarily verbose
Eugene But (OOO till 7-30)
2015/08/14 21:18:20
Done.
| |
88 web::TestWebThreadBundle thread_bundle_; | |
83 // Fake certificate created for testing. | 89 // Fake certificate created for testing. |
Ryan Sleevi
2015/08/14 02:29:43
It's not really a fake certificate, is it?
Eugene But (OOO till 7-30)
2015/08/14 21:18:20
Removed.
| |
84 scoped_refptr<X509Certificate> cert_; | 90 scoped_refptr<X509Certificate> cert_; |
91 // CertVerifier mock. | |
Ryan Sleevi
2015/08/14 02:29:44
As does this
Eugene But (OOO till 7-30)
2015/08/14 21:18:20
Done.
| |
92 CertVerifierMock cert_verifier_mock_; | |
93 // NetLog object required by CertVerifierBlockAdapter. | |
Ryan Sleevi
2015/08/14 02:29:43
As does this
Eugene But (OOO till 7-30)
2015/08/14 21:18:20
Done.
| |
94 NetLog net_log_; | |
85 // Testable |CertVerifierBlockAdapter| object. | 95 // Testable |CertVerifierBlockAdapter| object. |
Ryan Sleevi
2015/08/14 02:29:44
As does this
Eugene But (OOO till 7-30)
2015/08/14 21:18:20
Done.
| |
86 scoped_ptr<CertVerifierBlockAdapter> test_adapter_; | 96 scoped_ptr<CertVerifierBlockAdapter> test_adapter_; |
87 // CertVerifier mock owned by |test_adapter_|. | |
88 CertVerifierMock* cert_verifier_mock_; | |
89 }; | 97 }; |
90 | 98 |
91 // Tests |Verify| with default params and synchronous verification. | 99 // Tests |Verify| with default params and synchronous verification. |
92 TEST_F(CertVerifierBlockAdapterTest, DefaultParamsAndSync) { | 100 TEST_F(CertVerifierBlockAdapterTest, DefaultParamsAndSync) { |
93 // Set up expectation. | 101 // Set up expectation. |
94 net::CertVerifyResult expectedResult; | 102 net::CertVerifyResult expected_cert_verify_result; |
95 expectedResult.cert_status = net::CERT_STATUS_AUTHORITY_INVALID; | 103 expected_cert_verify_result.cert_status = net::CERT_STATUS_AUTHORITY_INVALID; |
96 const int kExpectedStatus = 0; | 104 const int kExpectedStatus = OK; |
97 EXPECT_CALL(*cert_verifier_mock_, | 105 EXPECT_CALL(cert_verifier_mock_, Verify(cert_.get(), kHostName, std::string(), |
98 Verify(cert_.get(), kHostName, "", 0, nullptr, _, _, _, _)) | 106 0, nullptr, _, _, _, _)) |
99 .Times(1) | 107 .Times(1) |
100 .WillOnce(testing::DoAll(SetVerifyResult(expectedResult), | 108 .WillOnce(testing::DoAll(SetVerifyResult(expected_cert_verify_result), |
101 testing::Return(kExpectedStatus))); | 109 testing::Return(kExpectedStatus))); |
102 | 110 |
103 // Call |Verify|. | 111 // Call |Verify|. |
104 scoped_ptr<CertVerifyResult> actualResult; | 112 CertVerifyResult actual_cert_verify_result; |
105 int actualStatus = -1; | 113 int actualStatus = -1; |
106 CertVerifierBlockAdapter::Params params(cert_.get(), kHostName); | 114 CertVerifierBlockAdapter::Params params(cert_.get(), kHostName); |
107 Verify(params, &actualResult, &actualStatus); | 115 Verify(params, &actual_cert_verify_result, &actualStatus); |
108 | 116 |
109 // Ensure that Verification results are correct. | 117 // Ensure that Verification results are correct. |
110 EXPECT_EQ(kExpectedStatus, actualStatus); | 118 EXPECT_EQ(kExpectedStatus, actualStatus); |
111 EXPECT_EQ(expectedResult.cert_status, actualResult->cert_status); | 119 EXPECT_EQ(expected_cert_verify_result.cert_status, |
120 actual_cert_verify_result.cert_status); | |
112 } | 121 } |
113 | 122 |
114 // Tests |Verify| with default params and asynchronous verification. | 123 // Tests |Verify| with default params and asynchronous verification. |
115 TEST_F(CertVerifierBlockAdapterTest, DefaultParamsAndAsync) { | 124 TEST_F(CertVerifierBlockAdapterTest, DefaultParamsAndAsync) { |
116 // Set up expectation. | 125 // Set up expectation. |
117 net::CertVerifyResult expectedResult; | 126 net::CertVerifyResult expected_cert_verify_result; |
118 expectedResult.is_issued_by_known_root = true; | 127 expected_cert_verify_result.is_issued_by_known_root = true; |
119 const int kExpectedStatus = 0; | 128 const int kExpectedStatus = OK; |
120 EXPECT_CALL(*cert_verifier_mock_, | 129 EXPECT_CALL(cert_verifier_mock_, Verify(cert_.get(), kHostName, std::string(), |
121 Verify(cert_.get(), kHostName, "", 0, nullptr, _, _, _, _)) | 130 0, nullptr, _, _, _, _)) |
122 .Times(1) | 131 .Times(1) |
123 .WillOnce(testing::DoAll(SetVerifyResult(expectedResult), RunCallback(), | 132 .WillOnce(testing::DoAll(SetVerifyResult(expected_cert_verify_result), |
133 RunCallback(kExpectedStatus), | |
124 testing::Return(ERR_IO_PENDING))); | 134 testing::Return(ERR_IO_PENDING))); |
125 | 135 |
126 // Call |Verify|. | 136 // Call |Verify|. |
127 scoped_ptr<CertVerifyResult> actualResult; | 137 CertVerifyResult actual_cert_verify_result; |
128 int actualStatus = -1; | 138 int actualStatus = -1; |
129 CertVerifierBlockAdapter::Params params(cert_.get(), kHostName); | 139 CertVerifierBlockAdapter::Params params(cert_.get(), kHostName); |
130 Verify(params, &actualResult, &actualStatus); | 140 Verify(params, &actual_cert_verify_result, &actualStatus); |
131 | 141 |
132 // Ensure that Verification results are correct. | 142 // Ensure that Verification results are correct. |
133 EXPECT_EQ(kExpectedStatus, actualStatus); | 143 EXPECT_EQ(kExpectedStatus, actualStatus); |
134 EXPECT_EQ(expectedResult.is_issued_by_known_root, | 144 EXPECT_EQ(expected_cert_verify_result.is_issued_by_known_root, |
135 actualResult->is_issued_by_known_root); | 145 actual_cert_verify_result.is_issued_by_known_root); |
136 } | 146 } |
137 | 147 |
138 // Tests |Verify| with invalid arguments. | 148 // Tests |Verify| with invalid cert argument. |
139 TEST_F(CertVerifierBlockAdapterTest, InvalidParamsAndError) { | 149 TEST_F(CertVerifierBlockAdapterTest, InvalidCert) { |
150 // Call |Verify|. | |
151 CertVerifyResult actual_cert_verify_result; | |
152 int actualStatus = -1; | |
Ryan Sleevi
2015/08/14 02:29:44
naming (throughout this file) doesn't follow the C
Eugene But (OOO till 7-30)
2015/08/14 21:18:20
Fixed actual_status name. I believe other names ar
| |
153 CertVerifierBlockAdapter::Params params(nullptr, kHostName); | |
154 Verify(params, &actual_cert_verify_result, &actualStatus); | |
155 | |
156 // Ensure that Verification results are correct. | |
157 EXPECT_EQ(ERR_INVALID_ARGUMENT, actualStatus); | |
158 } | |
159 | |
160 // Tests |Verify| with invalid hostname argument. | |
161 TEST_F(CertVerifierBlockAdapterTest, InvalidHostname) { | |
162 // Call |Verify|. | |
163 CertVerifyResult actual_cert_verify_result; | |
164 int actualStatus = -1; | |
165 CertVerifierBlockAdapter::Params params(cert_.get(), std::string()); | |
166 Verify(params, &actual_cert_verify_result, &actualStatus); | |
167 | |
168 // Ensure that Verification results are correct. | |
169 EXPECT_EQ(ERR_INVALID_ARGUMENT, actualStatus); | |
170 } | |
171 | |
172 // Tests |Verify| with synchronous error. | |
173 TEST_F(CertVerifierBlockAdapterTest, DefaultParamsAndSyncError) { | |
140 // Set up expectation. | 174 // Set up expectation. |
141 const int kExpectedStatus = ERR_INVALID_ARGUMENT; | 175 const int kExpectedStatus = ERR_INSUFFICIENT_RESOURCES; |
142 EXPECT_CALL(*cert_verifier_mock_, | 176 EXPECT_CALL(cert_verifier_mock_, Verify(cert_.get(), kHostName, std::string(), |
143 Verify(nullptr, "", "", 0, nullptr, _, _, _, _)) | 177 0, nullptr, _, _, _, _)) |
144 .Times(1) | 178 .Times(1) |
145 .WillOnce(testing::Return(kExpectedStatus)); | 179 .WillOnce(testing::Return(kExpectedStatus)); |
146 | 180 |
147 // Call |Verify|. | 181 // Call |Verify|. |
148 scoped_ptr<CertVerifyResult> actualResult; | 182 CertVerifyResult actual_cert_verify_result; |
149 int actualStatus = -1; | 183 int actualStatus = -1; |
150 CertVerifierBlockAdapter::Params params(nullptr, ""); | 184 CertVerifierBlockAdapter::Params params(cert_.get(), kHostName); |
151 Verify(params, &actualResult, &actualStatus); | 185 Verify(params, &actual_cert_verify_result, &actualStatus); |
152 | 186 |
153 // Ensure that Verification results are correct. | 187 // Ensure that Verification results are correct. |
154 EXPECT_EQ(kExpectedStatus, actualStatus); | 188 EXPECT_EQ(kExpectedStatus, actualStatus); |
155 EXPECT_FALSE(actualResult); | |
156 } | 189 } |
157 | 190 |
158 // Tests |Verify| with error. | 191 // Tests |Verify| with asynchronous error. |
159 TEST_F(CertVerifierBlockAdapterTest, DefaultParamsAndError) { | 192 TEST_F(CertVerifierBlockAdapterTest, DefaultParamsAndAsyncError) { |
160 // Set up expectation. | 193 // Set up expectation. |
161 const int kExpectedStatus = ERR_INSUFFICIENT_RESOURCES; | 194 net::CertVerifyResult expected_cert_verify_result; |
162 EXPECT_CALL(*cert_verifier_mock_, | 195 expected_cert_verify_result.is_issued_by_known_root = true; |
163 Verify(cert_.get(), kHostName, "", 0, nullptr, _, _, _, _)) | 196 const int kExpectedStatus = ERR_ACCESS_DENIED; |
197 EXPECT_CALL(cert_verifier_mock_, Verify(cert_.get(), kHostName, std::string(), | |
198 0, nullptr, _, _, _, _)) | |
164 .Times(1) | 199 .Times(1) |
165 .WillOnce(testing::Return(kExpectedStatus)); | 200 .WillOnce(testing::DoAll(SetVerifyResult(expected_cert_verify_result), |
201 RunCallback(kExpectedStatus), | |
202 testing::Return(ERR_IO_PENDING))); | |
166 | 203 |
167 // Call |Verify|. | 204 // Call |Verify|. |
168 scoped_ptr<CertVerifyResult> actualResult; | 205 CertVerifyResult actual_cert_verify_result; |
169 int actualStatus = -1; | 206 int actualStatus = -1; |
170 CertVerifierBlockAdapter::Params params(cert_.get(), kHostName); | 207 CertVerifierBlockAdapter::Params params(cert_.get(), kHostName); |
171 Verify(params, &actualResult, &actualStatus); | 208 Verify(params, &actual_cert_verify_result, &actualStatus); |
172 | 209 |
173 // Ensure that Verification results are correct. | 210 // Ensure that Verification results are correct. |
174 EXPECT_EQ(kExpectedStatus, actualStatus); | 211 EXPECT_EQ(kExpectedStatus, actualStatus); |
175 EXPECT_FALSE(actualResult); | 212 EXPECT_EQ(expected_cert_verify_result.is_issued_by_known_root, |
213 actual_cert_verify_result.is_issued_by_known_root); | |
176 } | 214 } |
177 | 215 |
178 // Tests |Verify| with all params and synchronous verification. | 216 // Tests |Verify| with all params and synchronous verification. |
179 TEST_F(CertVerifierBlockAdapterTest, AllParamsAndSync) { | 217 TEST_F(CertVerifierBlockAdapterTest, AllParamsAndSync) { |
180 // Set up expectation. | 218 // Set up expectation. |
181 net::CertVerifyResult expectedResult; | 219 net::CertVerifyResult expected_cert_verify_result; |
182 expectedResult.verified_cert = cert_; | 220 expected_cert_verify_result.verified_cert = cert_; |
183 const int kExpectedStatus = 0; | 221 const int kExpectedStatus = OK; |
184 scoped_refptr<CRLSet> crl_set(CRLSet::EmptyCRLSetForTesting()); | 222 scoped_refptr<CRLSet> crl_set(CRLSet::EmptyCRLSetForTesting()); |
185 EXPECT_CALL(*cert_verifier_mock_, | 223 EXPECT_CALL(cert_verifier_mock_, |
186 Verify(cert_.get(), kHostName, kOcspResponse, | 224 Verify(cert_.get(), kHostName, kOcspResponse, |
187 CertVerifier::VERIFY_EV_CERT, crl_set.get(), _, _, _, _)) | 225 CertVerifier::VERIFY_EV_CERT, crl_set.get(), _, _, _, _)) |
188 .Times(1) | 226 .Times(1) |
189 .WillOnce(testing::DoAll(SetVerifyResult(expectedResult), | 227 .WillOnce(testing::DoAll(SetVerifyResult(expected_cert_verify_result), |
190 testing::Return(kExpectedStatus))); | 228 testing::Return(kExpectedStatus))); |
191 | 229 |
192 // Call |Verify|. | 230 // Call |Verify|. |
193 scoped_ptr<CertVerifyResult> actualResult; | 231 CertVerifyResult actual_cert_verify_result; |
194 int actualStatus = -1; | 232 int actualStatus = -1; |
195 CertVerifierBlockAdapter::Params params(cert_.get(), kHostName); | 233 CertVerifierBlockAdapter::Params params(cert_.get(), kHostName); |
196 params.ocsp_response = kOcspResponse; | 234 params.ocsp_response = kOcspResponse; |
197 params.flags = CertVerifier::VERIFY_EV_CERT; | 235 params.flags = CertVerifier::VERIFY_EV_CERT; |
198 params.crl_set = crl_set; | 236 params.crl_set = crl_set; |
199 Verify(params, &actualResult, &actualStatus); | 237 Verify(params, &actual_cert_verify_result, &actualStatus); |
200 | 238 |
201 // Ensure that Verification results are correct. | 239 // Ensure that Verification results are correct. |
202 EXPECT_EQ(kExpectedStatus, actualStatus); | 240 EXPECT_EQ(kExpectedStatus, actualStatus); |
203 EXPECT_EQ(expectedResult.verified_cert, actualResult->verified_cert); | 241 EXPECT_EQ(expected_cert_verify_result.verified_cert, |
242 actual_cert_verify_result.verified_cert); | |
204 } | 243 } |
205 | 244 |
206 } // namespace | 245 } // namespace |
OLD | NEW |