OLD | NEW |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "ios/web/net/cert_verifier_block_adapter.h" | 5 #include "ios/web/net/cert_verifier_block_adapter.h" |
6 | 6 |
7 #include "base/message_loop/message_loop.h" | |
8 #include "base/test/ios/wait_util.h" | 7 #include "base/test/ios/wait_util.h" |
9 #include "ios/web/public/test/test_web_thread_bundle.h" | |
10 #include "net/base/net_errors.h" | 8 #include "net/base/net_errors.h" |
11 #include "net/base/test_data_directory.h" | |
12 #include "net/cert/cert_verifier.h" | |
13 #include "net/cert/cert_verify_result.h" | 9 #include "net/cert/cert_verify_result.h" |
14 #include "net/cert/crl_set.h" | 10 #include "net/cert/crl_set.h" |
15 #include "net/cert/mock_cert_verifier.h" | |
16 #include "net/cert/x509_certificate.h" | 11 #include "net/cert/x509_certificate.h" |
17 #include "net/log/net_log.h" | 12 #include "testing/gmock/include/gmock/gmock.h" |
18 #include "net/test/cert_test_util.h" | |
19 #include "testing/platform_test.h" | 13 #include "testing/platform_test.h" |
20 | 14 |
21 namespace web { | 15 namespace net { |
| 16 |
| 17 using testing::_; |
22 | 18 |
23 namespace { | 19 namespace { |
24 // Test cert filename. | 20 |
25 const char kCertFileName[] = "ok_cert.pem"; | |
26 // Test hostname for CertVerifier. | 21 // Test hostname for CertVerifier. |
27 const char kHostName[] = "www.example.com"; | 22 const char kHostName[] = "chromium.org"; |
| 23 // Test OCSP response for CertVerifier. |
| 24 const char kOcspResponse[] = "ocsp"; |
| 25 |
| 26 // Mocks CertVerifier for CertVerifierBlockAdapter testing. |
| 27 class CertVerifierMock : public CertVerifier { |
| 28 public: |
| 29 MOCK_METHOD9(Verify, |
| 30 int(X509Certificate* cert, |
| 31 const std::string& hostname, |
| 32 const std::string& ocsp_response, |
| 33 int flags, |
| 34 CRLSet* crl_set, |
| 35 CertVerifyResult* verify_result, |
| 36 const CompletionCallback& callback, |
| 37 scoped_ptr<Request>* out_req, |
| 38 const BoundNetLog& net_log)); |
| 39 }; |
| 40 |
| 41 // Sets CertVerifyResult to emulate CertVerifier behavior. |
| 42 ACTION_P(SetVerifyResult, result) { |
| 43 *arg5 = result; |
| 44 } |
| 45 |
| 46 // Calls CompletionCallback to emulate CertVerifier behavior. |
| 47 ACTION(RunCallback) { |
| 48 arg6.Run(0); |
| 49 } |
28 | 50 |
29 } // namespace | 51 } // namespace |
30 | 52 |
31 // Test fixture to test CertVerifierBlockAdapter class. | 53 // Test fixture to test CertVerifierBlockAdapter class. |
32 class CertVerifierBlockAdapterTest : public PlatformTest { | 54 class CertVerifierBlockAdapterTest : public PlatformTest { |
33 protected: | 55 protected: |
34 void SetUp() override { | 56 void SetUp() override { |
35 PlatformTest::SetUp(); | 57 PlatformTest::SetUp(); |
36 cert_ = | 58 |
37 net::ImportCertFromFile(net::GetTestCertsDirectory(), kCertFileName); | 59 cert_ = new X509Certificate("test", "test", base::Time(), base::Time()); |
38 ASSERT_TRUE(cert_); | 60 scoped_ptr<CertVerifierMock> cert_verifier_mock(new CertVerifierMock()); |
| 61 cert_verifier_mock_ = cert_verifier_mock.get(); |
| 62 test_adapter_.reset( |
| 63 new CertVerifierBlockAdapter(cert_verifier_mock.Pass())); |
39 } | 64 } |
40 | 65 |
41 // Performs synchronous verification. | 66 // Performs synchronous verification. |
42 void Verify(CertVerifierBlockAdapter* cert_verifier_adapter, | 67 void Verify(CertVerifierBlockAdapter::Params params, |
43 CertVerifierBlockAdapter::Params params, | 68 scoped_ptr<net::CertVerifyResult>* result, |
44 net::CertVerifyResult* result, | 69 int* status) { |
45 int* error) { | |
46 __block bool verification_completed = false; | 70 __block bool verification_completed = false; |
47 cert_verifier_adapter->Verify( | 71 test_adapter_->Verify(params, |
48 params, ^(net::CertVerifyResult callback_result, int callback_error) { | 72 ^(scoped_ptr<net::CertVerifyResult> callback_result, |
49 *result = callback_result; | 73 int callback_status) { |
50 *error = callback_error; | 74 *result = callback_result.Pass(); |
51 verification_completed = true; | 75 *status = callback_status; |
52 }); | 76 verification_completed = true; |
| 77 }); |
53 base::test::ios::WaitUntilCondition(^{ | 78 base::test::ios::WaitUntilCondition(^{ |
54 return verification_completed; | 79 return verification_completed; |
55 }, base::MessageLoop::current(), base::TimeDelta()); | 80 }); |
56 } | 81 } |
57 | 82 |
58 web::TestWebThreadBundle thread_bundle_; | 83 // Fake certificate created for testing. |
59 scoped_refptr<net::X509Certificate> cert_; | 84 scoped_refptr<X509Certificate> cert_; |
60 net::NetLog net_log_; | 85 // Testable |CertVerifierBlockAdapter| object. |
| 86 scoped_ptr<CertVerifierBlockAdapter> test_adapter_; |
| 87 // CertVerifier mock owned by |test_adapter_|. |
| 88 CertVerifierMock* cert_verifier_mock_; |
61 }; | 89 }; |
62 | 90 |
63 // Tests |Verify| with default params and synchronous verification. | 91 // Tests |Verify| with default params and synchronous verification. |
64 TEST_F(CertVerifierBlockAdapterTest, DefaultParamsAndSync) { | 92 TEST_F(CertVerifierBlockAdapterTest, DefaultParamsAndSync) { |
65 // Set up verifier mock. | 93 // Set up expectation. |
66 net::MockCertVerifier verifier; | 94 net::CertVerifyResult expectedResult; |
67 CertVerifierBlockAdapter test_adapter(&verifier, &net_log_); | 95 expectedResult.cert_status = net::CERT_STATUS_AUTHORITY_INVALID; |
68 const int kExpectedError = net::ERR_CERT_AUTHORITY_INVALID; | 96 const int kExpectedStatus = 0; |
69 net::CertVerifyResult expected_result; | 97 EXPECT_CALL(*cert_verifier_mock_, |
70 expected_result.cert_status = net::CERT_STATUS_AUTHORITY_INVALID; | 98 Verify(cert_.get(), kHostName, "", 0, nullptr, _, _, _, _)) |
71 expected_result.verified_cert = cert_; | 99 .Times(1) |
72 verifier.AddResultForCertAndHost(cert_.get(), kHostName, expected_result, | 100 .WillOnce(testing::DoAll(SetVerifyResult(expectedResult), |
73 kExpectedError); | 101 testing::Return(kExpectedStatus))); |
74 | 102 |
75 // Call |Verify|. | 103 // Call |Verify|. |
76 net::CertVerifyResult actual_result; | 104 scoped_ptr<CertVerifyResult> actualResult; |
77 int actual_error = -1; | 105 int actualStatus = -1; |
78 CertVerifierBlockAdapter::Params params(cert_.get(), kHostName); | 106 CertVerifierBlockAdapter::Params params(cert_.get(), kHostName); |
79 Verify(&test_adapter, params, &actual_result, &actual_error); | 107 Verify(params, &actualResult, &actualStatus); |
80 | 108 |
81 // Ensure that Verification results are correct. | 109 // Ensure that Verification results are correct. |
82 EXPECT_EQ(kExpectedError, actual_error); | 110 EXPECT_EQ(kExpectedStatus, actualStatus); |
83 EXPECT_EQ(expected_result.cert_status, actual_result.cert_status); | 111 EXPECT_EQ(expectedResult.cert_status, actualResult->cert_status); |
84 } | 112 } |
85 | 113 |
86 // Tests |Verify| with default params and asynchronous verification using real | 114 // Tests |Verify| with default params and asynchronous verification. |
87 // net::CertVerifier and ok_cert.pem cert. | |
88 TEST_F(CertVerifierBlockAdapterTest, DefaultParamsAndAsync) { | 115 TEST_F(CertVerifierBlockAdapterTest, DefaultParamsAndAsync) { |
| 116 // Set up expectation. |
| 117 net::CertVerifyResult expectedResult; |
| 118 expectedResult.is_issued_by_known_root = true; |
| 119 const int kExpectedStatus = 0; |
| 120 EXPECT_CALL(*cert_verifier_mock_, |
| 121 Verify(cert_.get(), kHostName, "", 0, nullptr, _, _, _, _)) |
| 122 .Times(1) |
| 123 .WillOnce(testing::DoAll(SetVerifyResult(expectedResult), RunCallback(), |
| 124 testing::Return(ERR_IO_PENDING))); |
| 125 |
89 // Call |Verify|. | 126 // Call |Verify|. |
90 scoped_ptr<net::CertVerifier> verifier(net::CertVerifier::CreateDefault()); | 127 scoped_ptr<CertVerifyResult> actualResult; |
91 CertVerifierBlockAdapter test_adapter(verifier.get(), &net_log_); | 128 int actualStatus = -1; |
92 CertVerifierBlockAdapter::Params params(cert_.get(), kHostName); | 129 CertVerifierBlockAdapter::Params params(cert_.get(), kHostName); |
93 net::CertVerifyResult actual_result; | 130 Verify(params, &actualResult, &actualStatus); |
94 int actual_error = -1; | |
95 Verify(&test_adapter, params, &actual_result, &actual_error); | |
96 | 131 |
97 // Ensure that Verification results are correct. | 132 // Ensure that Verification results are correct. |
98 EXPECT_FALSE(actual_result.is_issued_by_known_root); | 133 EXPECT_EQ(kExpectedStatus, actualStatus); |
99 EXPECT_EQ(net::ERR_CERT_AUTHORITY_INVALID, actual_error); | 134 EXPECT_EQ(expectedResult.is_issued_by_known_root, |
| 135 actualResult->is_issued_by_known_root); |
100 } | 136 } |
101 | 137 |
102 // Tests |Verify| with invalid cert argument. | 138 // Tests |Verify| with invalid arguments. |
103 TEST_F(CertVerifierBlockAdapterTest, InvalidCert) { | 139 TEST_F(CertVerifierBlockAdapterTest, InvalidParamsAndError) { |
| 140 // Set up expectation. |
| 141 const int kExpectedStatus = ERR_INVALID_ARGUMENT; |
| 142 EXPECT_CALL(*cert_verifier_mock_, |
| 143 Verify(nullptr, "", "", 0, nullptr, _, _, _, _)) |
| 144 .Times(1) |
| 145 .WillOnce(testing::Return(kExpectedStatus)); |
| 146 |
104 // Call |Verify|. | 147 // Call |Verify|. |
105 net::MockCertVerifier verifier; | 148 scoped_ptr<CertVerifyResult> actualResult; |
106 CertVerifierBlockAdapter test_adapter(&verifier, &net_log_); | 149 int actualStatus = -1; |
107 net::CertVerifyResult actual_result; | 150 CertVerifierBlockAdapter::Params params(nullptr, ""); |
108 int actual_error = -1; | 151 Verify(params, &actualResult, &actualStatus); |
109 CertVerifierBlockAdapter::Params params(nullptr, kHostName); | |
110 Verify(&test_adapter, params, &actual_result, &actual_error); | |
111 | 152 |
112 // Ensure that Verification results are correct. | 153 // Ensure that Verification results are correct. |
113 EXPECT_EQ(net::ERR_INVALID_ARGUMENT, actual_error); | 154 EXPECT_EQ(kExpectedStatus, actualStatus); |
| 155 EXPECT_FALSE(actualResult); |
114 } | 156 } |
115 | 157 |
116 // Tests |Verify| with invalid hostname argument. | 158 // Tests |Verify| with error. |
117 TEST_F(CertVerifierBlockAdapterTest, InvalidHostname) { | 159 TEST_F(CertVerifierBlockAdapterTest, DefaultParamsAndError) { |
| 160 // Set up expectation. |
| 161 const int kExpectedStatus = ERR_INSUFFICIENT_RESOURCES; |
| 162 EXPECT_CALL(*cert_verifier_mock_, |
| 163 Verify(cert_.get(), kHostName, "", 0, nullptr, _, _, _, _)) |
| 164 .Times(1) |
| 165 .WillOnce(testing::Return(kExpectedStatus)); |
| 166 |
118 // Call |Verify|. | 167 // Call |Verify|. |
119 net::MockCertVerifier verifier; | 168 scoped_ptr<CertVerifyResult> actualResult; |
120 CertVerifierBlockAdapter test_adapter(&verifier, &net_log_); | 169 int actualStatus = -1; |
121 net::CertVerifyResult actual_result; | 170 CertVerifierBlockAdapter::Params params(cert_.get(), kHostName); |
122 int actual_error = -1; | 171 Verify(params, &actualResult, &actualStatus); |
123 CertVerifierBlockAdapter::Params params(cert_.get(), std::string()); | |
124 Verify(&test_adapter, params, &actual_result, &actual_error); | |
125 | 172 |
126 // Ensure that Verification results are correct. | 173 // Ensure that Verification results are correct. |
127 EXPECT_EQ(net::ERR_INVALID_ARGUMENT, actual_error); | 174 EXPECT_EQ(kExpectedStatus, actualStatus); |
| 175 EXPECT_FALSE(actualResult); |
128 } | 176 } |
129 | 177 |
130 // Tests |Verify| with synchronous error. | 178 // Tests |Verify| with all params and synchronous verification. |
131 TEST_F(CertVerifierBlockAdapterTest, DefaultParamsAndSyncError) { | 179 TEST_F(CertVerifierBlockAdapterTest, AllParamsAndSync) { |
132 // Set up expectation. | 180 // Set up expectation. |
133 net::MockCertVerifier verifier; | 181 net::CertVerifyResult expectedResult; |
134 CertVerifierBlockAdapter test_adapter(&verifier, &net_log_); | 182 expectedResult.verified_cert = cert_; |
135 const int kExpectedError = net::ERR_INSUFFICIENT_RESOURCES; | 183 const int kExpectedStatus = 0; |
136 net::CertVerifyResult expected_result; | 184 scoped_refptr<CRLSet> crl_set(CRLSet::EmptyCRLSetForTesting()); |
137 expected_result.verified_cert = cert_; | 185 EXPECT_CALL(*cert_verifier_mock_, |
138 verifier.AddResultForCertAndHost(cert_.get(), kHostName, expected_result, | 186 Verify(cert_.get(), kHostName, kOcspResponse, |
139 kExpectedError); | 187 CertVerifier::VERIFY_EV_CERT, crl_set.get(), _, _, _, _)) |
| 188 .Times(1) |
| 189 .WillOnce(testing::DoAll(SetVerifyResult(expectedResult), |
| 190 testing::Return(kExpectedStatus))); |
140 | 191 |
141 // Call |Verify|. | 192 // Call |Verify|. |
142 net::CertVerifyResult actual_result; | 193 scoped_ptr<CertVerifyResult> actualResult; |
143 int actual_error = -1; | 194 int actualStatus = -1; |
144 CertVerifierBlockAdapter::Params params(cert_.get(), kHostName); | 195 CertVerifierBlockAdapter::Params params(cert_.get(), kHostName); |
145 Verify(&test_adapter, params, &actual_result, &actual_error); | 196 params.ocsp_response = kOcspResponse; |
| 197 params.flags = CertVerifier::VERIFY_EV_CERT; |
| 198 params.crl_set = crl_set; |
| 199 Verify(params, &actualResult, &actualStatus); |
146 | 200 |
147 // Ensure that Verification results are correct. | 201 // Ensure that Verification results are correct. |
148 EXPECT_EQ(kExpectedError, actual_error); | 202 EXPECT_EQ(kExpectedStatus, actualStatus); |
| 203 EXPECT_EQ(expectedResult.verified_cert, actualResult->verified_cert); |
149 } | 204 } |
150 | 205 |
151 } // namespace web | 206 } // namespace |
OLD | NEW |