OLD | NEW |
---|---|
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "ios/web/net/cert_verifier_block_adapter.h" | 5 #include "ios/web/net/cert_verifier_block_adapter.h" |
6 | 6 |
7 #include "base/message_loop/message_loop.h" | |
7 #include "base/test/ios/wait_util.h" | 8 #include "base/test/ios/wait_util.h" |
9 #include "ios/web/public/test/test_web_thread_bundle.h" | |
8 #include "net/base/net_errors.h" | 10 #include "net/base/net_errors.h" |
11 #include "net/base/test_data_directory.h" | |
12 #include "net/cert/cert_verifier.h" | |
9 #include "net/cert/cert_verify_result.h" | 13 #include "net/cert/cert_verify_result.h" |
10 #include "net/cert/crl_set.h" | 14 #include "net/cert/crl_set.h" |
15 #include "net/cert/mock_cert_verifier.h" | |
11 #include "net/cert/x509_certificate.h" | 16 #include "net/cert/x509_certificate.h" |
12 #include "testing/gmock/include/gmock/gmock.h" | 17 #include "net/log/net_log.h" |
18 #include "net/test/cert_test_util.h" | |
13 #include "testing/platform_test.h" | 19 #include "testing/platform_test.h" |
14 | 20 |
15 namespace net { | 21 namespace web { |
16 | |
17 using testing::_; | |
18 | 22 |
19 namespace { | 23 namespace { |
20 | 24 // Test cert filename. |
25 const char kCertFileName[] = "ok_cert.pem"; | |
21 // Test hostname for CertVerifier. | 26 // Test hostname for CertVerifier. |
22 const char kHostName[] = "chromium.org"; | 27 const char kHostName[] = "www.example.com"; |
23 // Test OCSP response for CertVerifier. | |
24 const char kOcspResponse[] = "ocsp"; | |
25 | |
26 // Mocks CertVerifier for CertVerifierBlockAdapter testing. | |
27 class CertVerifierMock : public CertVerifier { | |
28 public: | |
29 MOCK_METHOD9(Verify, | |
30 int(X509Certificate* cert, | |
31 const std::string& hostname, | |
32 const std::string& ocsp_response, | |
33 int flags, | |
34 CRLSet* crl_set, | |
35 CertVerifyResult* verify_result, | |
36 const CompletionCallback& callback, | |
37 scoped_ptr<Request>* out_req, | |
38 const BoundNetLog& net_log)); | |
39 }; | |
40 | |
41 // Sets CertVerifyResult to emulate CertVerifier behavior. | |
42 ACTION_P(SetVerifyResult, result) { | |
43 *arg5 = result; | |
44 } | |
45 | |
46 // Calls CompletionCallback to emulate CertVerifier behavior. | |
47 ACTION(RunCallback) { | |
48 arg6.Run(0); | |
49 } | |
50 | 28 |
51 } // namespace | 29 } // namespace |
52 | 30 |
53 // Test fixture to test CertVerifierBlockAdapter class. | 31 // Test fixture to test CertVerifierBlockAdapter class. |
54 class CertVerifierBlockAdapterTest : public PlatformTest { | 32 class CertVerifierBlockAdapterTest : public PlatformTest { |
55 protected: | 33 protected: |
56 void SetUp() override { | 34 void SetUp() override { |
57 PlatformTest::SetUp(); | 35 PlatformTest::SetUp(); |
58 | 36 cert_ = |
59 cert_ = new X509Certificate("test", "test", base::Time(), base::Time()); | 37 net::ImportCertFromFile(net::GetTestCertsDirectory(), kCertFileName); |
60 scoped_ptr<CertVerifierMock> cert_verifier_mock(new CertVerifierMock()); | 38 ASSERT_TRUE(cert_); |
61 cert_verifier_mock_ = cert_verifier_mock.get(); | |
62 test_adapter_.reset( | |
63 new CertVerifierBlockAdapter(cert_verifier_mock.Pass())); | |
64 } | 39 } |
65 | 40 |
66 // Performs synchronous verification. | 41 // Performs synchronous verification. |
67 void Verify(CertVerifierBlockAdapter::Params params, | 42 void Verify(CertVerifierBlockAdapter* cert_verifier_adapter, |
68 scoped_ptr<net::CertVerifyResult>* result, | 43 CertVerifierBlockAdapter::Params params, |
69 int* status) { | 44 net::CertVerifyResult* result, |
45 int* error) { | |
70 __block bool verification_completed = false; | 46 __block bool verification_completed = false; |
71 test_adapter_->Verify(params, | 47 cert_verifier_adapter->Verify( |
72 ^(scoped_ptr<net::CertVerifyResult> callback_result, | 48 params, ^(net::CertVerifyResult callback_result, int callback_error) { |
73 int callback_status) { | 49 *result = callback_result; |
74 *result = callback_result.Pass(); | 50 *error = callback_error; |
75 *status = callback_status; | 51 verification_completed = true; |
76 verification_completed = true; | 52 }); |
77 }); | |
78 base::test::ios::WaitUntilCondition(^{ | 53 base::test::ios::WaitUntilCondition(^{ |
79 return verification_completed; | 54 return verification_completed; |
80 }); | 55 }, base::MessageLoop::current(), base::TimeDelta()); |
81 } | 56 } |
82 | 57 |
83 // Fake certificate created for testing. | 58 web::TestWebThreadBundle thread_bundle_; |
84 scoped_refptr<X509Certificate> cert_; | 59 scoped_refptr<net::X509Certificate> cert_; |
85 // Testable |CertVerifierBlockAdapter| object. | 60 net::NetLog net_log_; |
86 scoped_ptr<CertVerifierBlockAdapter> test_adapter_; | |
87 // CertVerifier mock owned by |test_adapter_|. | |
88 CertVerifierMock* cert_verifier_mock_; | |
89 }; | 61 }; |
90 | 62 |
91 // Tests |Verify| with default params and synchronous verification. | 63 // Tests |Verify| with default params and synchronous verification. |
92 TEST_F(CertVerifierBlockAdapterTest, DefaultParamsAndSync) { | 64 TEST_F(CertVerifierBlockAdapterTest, DefaultParamsAndSync) { |
93 // Set up expectation. | 65 // Set up verifier mock. |
94 net::CertVerifyResult expectedResult; | 66 net::MockCertVerifier verifier; |
95 expectedResult.cert_status = net::CERT_STATUS_AUTHORITY_INVALID; | 67 CertVerifierBlockAdapter test_adapter(&verifier, &net_log_); |
96 const int kExpectedStatus = 0; | 68 const int kExpectedError = net::ERR_CERT_AUTHORITY_INVALID; |
97 EXPECT_CALL(*cert_verifier_mock_, | 69 net::CertVerifyResult expected_result; |
98 Verify(cert_.get(), kHostName, "", 0, nullptr, _, _, _, _)) | 70 expected_result.cert_status = net::CERT_STATUS_AUTHORITY_INVALID; |
99 .Times(1) | 71 expected_result.verified_cert = cert_; |
100 .WillOnce(testing::DoAll(SetVerifyResult(expectedResult), | 72 verifier.AddResultForCertAndHost(cert_.get(), kHostName, expected_result, |
101 testing::Return(kExpectedStatus))); | 73 kExpectedError); |
102 | 74 |
103 // Call |Verify|. | 75 // Call |Verify|. |
104 scoped_ptr<CertVerifyResult> actualResult; | 76 net::CertVerifyResult actual_result; |
105 int actualStatus = -1; | 77 int actual_error = -1; |
106 CertVerifierBlockAdapter::Params params(cert_.get(), kHostName); | 78 CertVerifierBlockAdapter::Params params(cert_.get(), kHostName); |
107 Verify(params, &actualResult, &actualStatus); | 79 Verify(&test_adapter, params, &actual_result, &actual_error); |
108 | 80 |
109 // Ensure that Verification results are correct. | 81 // Ensure that Verification results are correct. |
110 EXPECT_EQ(kExpectedStatus, actualStatus); | 82 EXPECT_EQ(kExpectedError, actual_error); |
111 EXPECT_EQ(expectedResult.cert_status, actualResult->cert_status); | 83 EXPECT_EQ(expected_result.cert_status, actual_result.cert_status); |
112 } | 84 } |
113 | 85 |
114 // Tests |Verify| with default params and asynchronous verification. | 86 // Tests |Verify| with default params and asynchronous verification using real |
87 // net::CertVerifier and ok_cert.pem cert. | |
115 TEST_F(CertVerifierBlockAdapterTest, DefaultParamsAndAsync) { | 88 TEST_F(CertVerifierBlockAdapterTest, DefaultParamsAndAsync) { |
89 // Call |Verify|. | |
90 scoped_ptr<net::CertVerifier> verifier(net::CertVerifier::CreateDefault()); | |
Ryan Sleevi
2015/09/03 23:48:03
There's no guarantee this will be async;
I just m
Eugene But (OOO till 7-30)
2015/09/03 23:55:37
This test takes 15 ms on Simulator, slower that Mo
Ryan Sleevi
2015/09/04 00:01:07
Yup; preferably for a follow-up CL :)
Eugene But (OOO till 7-30)
2015/09/04 00:04:35
Definitely in a follow up CL and a little bit late
| |
91 CertVerifierBlockAdapter test_adapter(verifier.get(), &net_log_); | |
92 CertVerifierBlockAdapter::Params params(cert_.get(), kHostName); | |
93 net::CertVerifyResult actual_result; | |
94 int actual_error = -1; | |
95 Verify(&test_adapter, params, &actual_result, &actual_error); | |
96 | |
97 // Ensure that Verification results are correct. | |
98 EXPECT_FALSE(actual_result.is_issued_by_known_root); | |
99 EXPECT_EQ(net::ERR_CERT_AUTHORITY_INVALID, actual_error); | |
100 } | |
101 | |
102 // Tests |Verify| with invalid cert argument. | |
103 TEST_F(CertVerifierBlockAdapterTest, InvalidCert) { | |
104 // Call |Verify|. | |
105 net::MockCertVerifier verifier; | |
106 CertVerifierBlockAdapter test_adapter(&verifier, &net_log_); | |
107 net::CertVerifyResult actual_result; | |
108 int actual_error = -1; | |
109 CertVerifierBlockAdapter::Params params(nullptr, kHostName); | |
110 Verify(&test_adapter, params, &actual_result, &actual_error); | |
111 | |
112 // Ensure that Verification results are correct. | |
113 EXPECT_EQ(net::ERR_INVALID_ARGUMENT, actual_error); | |
114 } | |
115 | |
116 // Tests |Verify| with invalid hostname argument. | |
117 TEST_F(CertVerifierBlockAdapterTest, InvalidHostname) { | |
118 // Call |Verify|. | |
119 net::MockCertVerifier verifier; | |
120 CertVerifierBlockAdapter test_adapter(&verifier, &net_log_); | |
121 net::CertVerifyResult actual_result; | |
122 int actual_error = -1; | |
123 CertVerifierBlockAdapter::Params params(cert_.get(), std::string()); | |
124 Verify(&test_adapter, params, &actual_result, &actual_error); | |
125 | |
126 // Ensure that Verification results are correct. | |
127 EXPECT_EQ(net::ERR_INVALID_ARGUMENT, actual_error); | |
128 } | |
129 | |
130 // Tests |Verify| with synchronous error. | |
131 TEST_F(CertVerifierBlockAdapterTest, DefaultParamsAndSyncError) { | |
116 // Set up expectation. | 132 // Set up expectation. |
117 net::CertVerifyResult expectedResult; | 133 net::MockCertVerifier verifier; |
118 expectedResult.is_issued_by_known_root = true; | 134 CertVerifierBlockAdapter test_adapter(&verifier, &net_log_); |
119 const int kExpectedStatus = 0; | 135 const int kExpectedError = net::ERR_INSUFFICIENT_RESOURCES; |
120 EXPECT_CALL(*cert_verifier_mock_, | 136 net::CertVerifyResult expected_result; |
121 Verify(cert_.get(), kHostName, "", 0, nullptr, _, _, _, _)) | 137 expected_result.verified_cert = cert_; |
122 .Times(1) | 138 verifier.AddResultForCertAndHost(cert_.get(), kHostName, expected_result, |
123 .WillOnce(testing::DoAll(SetVerifyResult(expectedResult), RunCallback(), | 139 kExpectedError); |
124 testing::Return(ERR_IO_PENDING))); | |
125 | 140 |
126 // Call |Verify|. | 141 // Call |Verify|. |
127 scoped_ptr<CertVerifyResult> actualResult; | 142 net::CertVerifyResult actual_result; |
128 int actualStatus = -1; | 143 int actual_error = -1; |
129 CertVerifierBlockAdapter::Params params(cert_.get(), kHostName); | 144 CertVerifierBlockAdapter::Params params(cert_.get(), kHostName); |
130 Verify(params, &actualResult, &actualStatus); | 145 Verify(&test_adapter, params, &actual_result, &actual_error); |
131 | 146 |
132 // Ensure that Verification results are correct. | 147 // Ensure that Verification results are correct. |
133 EXPECT_EQ(kExpectedStatus, actualStatus); | 148 EXPECT_EQ(kExpectedError, actual_error); |
134 EXPECT_EQ(expectedResult.is_issued_by_known_root, | |
135 actualResult->is_issued_by_known_root); | |
136 } | 149 } |
137 | 150 |
138 // Tests |Verify| with invalid arguments. | 151 } // namespace web |
139 TEST_F(CertVerifierBlockAdapterTest, InvalidParamsAndError) { | |
140 // Set up expectation. | |
141 const int kExpectedStatus = ERR_INVALID_ARGUMENT; | |
142 EXPECT_CALL(*cert_verifier_mock_, | |
143 Verify(nullptr, "", "", 0, nullptr, _, _, _, _)) | |
144 .Times(1) | |
145 .WillOnce(testing::Return(kExpectedStatus)); | |
146 | |
147 // Call |Verify|. | |
148 scoped_ptr<CertVerifyResult> actualResult; | |
149 int actualStatus = -1; | |
150 CertVerifierBlockAdapter::Params params(nullptr, ""); | |
151 Verify(params, &actualResult, &actualStatus); | |
152 | |
153 // Ensure that Verification results are correct. | |
154 EXPECT_EQ(kExpectedStatus, actualStatus); | |
155 EXPECT_FALSE(actualResult); | |
156 } | |
157 | |
158 // Tests |Verify| with error. | |
159 TEST_F(CertVerifierBlockAdapterTest, DefaultParamsAndError) { | |
160 // Set up expectation. | |
161 const int kExpectedStatus = ERR_INSUFFICIENT_RESOURCES; | |
162 EXPECT_CALL(*cert_verifier_mock_, | |
163 Verify(cert_.get(), kHostName, "", 0, nullptr, _, _, _, _)) | |
164 .Times(1) | |
165 .WillOnce(testing::Return(kExpectedStatus)); | |
166 | |
167 // Call |Verify|. | |
168 scoped_ptr<CertVerifyResult> actualResult; | |
169 int actualStatus = -1; | |
170 CertVerifierBlockAdapter::Params params(cert_.get(), kHostName); | |
171 Verify(params, &actualResult, &actualStatus); | |
172 | |
173 // Ensure that Verification results are correct. | |
174 EXPECT_EQ(kExpectedStatus, actualStatus); | |
175 EXPECT_FALSE(actualResult); | |
176 } | |
177 | |
178 // Tests |Verify| with all params and synchronous verification. | |
179 TEST_F(CertVerifierBlockAdapterTest, AllParamsAndSync) { | |
180 // Set up expectation. | |
181 net::CertVerifyResult expectedResult; | |
182 expectedResult.verified_cert = cert_; | |
183 const int kExpectedStatus = 0; | |
184 scoped_refptr<CRLSet> crl_set(CRLSet::EmptyCRLSetForTesting()); | |
185 EXPECT_CALL(*cert_verifier_mock_, | |
186 Verify(cert_.get(), kHostName, kOcspResponse, | |
187 CertVerifier::VERIFY_EV_CERT, crl_set.get(), _, _, _, _)) | |
188 .Times(1) | |
189 .WillOnce(testing::DoAll(SetVerifyResult(expectedResult), | |
190 testing::Return(kExpectedStatus))); | |
191 | |
192 // Call |Verify|. | |
193 scoped_ptr<CertVerifyResult> actualResult; | |
194 int actualStatus = -1; | |
195 CertVerifierBlockAdapter::Params params(cert_.get(), kHostName); | |
196 params.ocsp_response = kOcspResponse; | |
197 params.flags = CertVerifier::VERIFY_EV_CERT; | |
198 params.crl_set = crl_set; | |
199 Verify(params, &actualResult, &actualStatus); | |
200 | |
201 // Ensure that Verification results are correct. | |
202 EXPECT_EQ(kExpectedStatus, actualStatus); | |
203 EXPECT_EQ(expectedResult.verified_cert, actualResult->verified_cert); | |
204 } | |
205 | |
206 } // namespace | |
OLD | NEW |