| Index: ios/web/net/cert_verifier_block_adapter_unittest.cc
|
| diff --git a/ios/web/net/cert_verifier_block_adapter_unittest.cc b/ios/web/net/cert_verifier_block_adapter_unittest.cc
|
| index f05acf68945f1b15ab00435c5b0a28ad1dec6555..1380045e16e79eee8386043d1cbf9474262a776e 100644
|
| --- a/ios/web/net/cert_verifier_block_adapter_unittest.cc
|
| +++ b/ios/web/net/cert_verifier_block_adapter_unittest.cc
|
| @@ -4,27 +4,49 @@
|
|
|
| #include "ios/web/net/cert_verifier_block_adapter.h"
|
|
|
| -#include "base/message_loop/message_loop.h"
|
| #include "base/test/ios/wait_util.h"
|
| -#include "ios/web/public/test/test_web_thread_bundle.h"
|
| #include "net/base/net_errors.h"
|
| -#include "net/base/test_data_directory.h"
|
| -#include "net/cert/cert_verifier.h"
|
| #include "net/cert/cert_verify_result.h"
|
| #include "net/cert/crl_set.h"
|
| -#include "net/cert/mock_cert_verifier.h"
|
| #include "net/cert/x509_certificate.h"
|
| -#include "net/log/net_log.h"
|
| -#include "net/test/cert_test_util.h"
|
| +#include "testing/gmock/include/gmock/gmock.h"
|
| #include "testing/platform_test.h"
|
|
|
| -namespace web {
|
| +namespace net {
|
| +
|
| +using testing::_;
|
|
|
| namespace {
|
| -// Test cert filename.
|
| -const char kCertFileName[] = "ok_cert.pem";
|
| +
|
| // Test hostname for CertVerifier.
|
| -const char kHostName[] = "www.example.com";
|
| +const char kHostName[] = "chromium.org";
|
| +// Test OCSP response for CertVerifier.
|
| +const char kOcspResponse[] = "ocsp";
|
| +
|
| +// Mocks CertVerifier for CertVerifierBlockAdapter testing.
|
| +class CertVerifierMock : public CertVerifier {
|
| + public:
|
| + MOCK_METHOD9(Verify,
|
| + int(X509Certificate* cert,
|
| + const std::string& hostname,
|
| + const std::string& ocsp_response,
|
| + int flags,
|
| + CRLSet* crl_set,
|
| + CertVerifyResult* verify_result,
|
| + const CompletionCallback& callback,
|
| + scoped_ptr<Request>* out_req,
|
| + const BoundNetLog& net_log));
|
| +};
|
| +
|
| +// Sets CertVerifyResult to emulate CertVerifier behavior.
|
| +ACTION_P(SetVerifyResult, result) {
|
| + *arg5 = result;
|
| +}
|
| +
|
| +// Calls CompletionCallback to emulate CertVerifier behavior.
|
| +ACTION(RunCallback) {
|
| + arg6.Run(0);
|
| +}
|
|
|
| } // namespace
|
|
|
| @@ -33,119 +55,152 @@
|
| protected:
|
| void SetUp() override {
|
| PlatformTest::SetUp();
|
| - cert_ =
|
| - net::ImportCertFromFile(net::GetTestCertsDirectory(), kCertFileName);
|
| - ASSERT_TRUE(cert_);
|
| +
|
| + cert_ = new X509Certificate("test", "test", base::Time(), base::Time());
|
| + scoped_ptr<CertVerifierMock> cert_verifier_mock(new CertVerifierMock());
|
| + cert_verifier_mock_ = cert_verifier_mock.get();
|
| + test_adapter_.reset(
|
| + new CertVerifierBlockAdapter(cert_verifier_mock.Pass()));
|
| }
|
|
|
| // Performs synchronous verification.
|
| - void Verify(CertVerifierBlockAdapter* cert_verifier_adapter,
|
| - CertVerifierBlockAdapter::Params params,
|
| - net::CertVerifyResult* result,
|
| - int* error) {
|
| + void Verify(CertVerifierBlockAdapter::Params params,
|
| + scoped_ptr<net::CertVerifyResult>* result,
|
| + int* status) {
|
| __block bool verification_completed = false;
|
| - cert_verifier_adapter->Verify(
|
| - params, ^(net::CertVerifyResult callback_result, int callback_error) {
|
| - *result = callback_result;
|
| - *error = callback_error;
|
| - verification_completed = true;
|
| - });
|
| + test_adapter_->Verify(params,
|
| + ^(scoped_ptr<net::CertVerifyResult> callback_result,
|
| + int callback_status) {
|
| + *result = callback_result.Pass();
|
| + *status = callback_status;
|
| + verification_completed = true;
|
| + });
|
| base::test::ios::WaitUntilCondition(^{
|
| return verification_completed;
|
| - }, base::MessageLoop::current(), base::TimeDelta());
|
| + });
|
| }
|
|
|
| - web::TestWebThreadBundle thread_bundle_;
|
| - scoped_refptr<net::X509Certificate> cert_;
|
| - net::NetLog net_log_;
|
| + // Fake certificate created for testing.
|
| + scoped_refptr<X509Certificate> cert_;
|
| + // Testable |CertVerifierBlockAdapter| object.
|
| + scoped_ptr<CertVerifierBlockAdapter> test_adapter_;
|
| + // CertVerifier mock owned by |test_adapter_|.
|
| + CertVerifierMock* cert_verifier_mock_;
|
| };
|
|
|
| // Tests |Verify| with default params and synchronous verification.
|
| TEST_F(CertVerifierBlockAdapterTest, DefaultParamsAndSync) {
|
| - // Set up verifier mock.
|
| - net::MockCertVerifier verifier;
|
| - CertVerifierBlockAdapter test_adapter(&verifier, &net_log_);
|
| - const int kExpectedError = net::ERR_CERT_AUTHORITY_INVALID;
|
| - net::CertVerifyResult expected_result;
|
| - expected_result.cert_status = net::CERT_STATUS_AUTHORITY_INVALID;
|
| - expected_result.verified_cert = cert_;
|
| - verifier.AddResultForCertAndHost(cert_.get(), kHostName, expected_result,
|
| - kExpectedError);
|
| -
|
| - // Call |Verify|.
|
| - net::CertVerifyResult actual_result;
|
| - int actual_error = -1;
|
| - CertVerifierBlockAdapter::Params params(cert_.get(), kHostName);
|
| - Verify(&test_adapter, params, &actual_result, &actual_error);
|
| -
|
| - // Ensure that Verification results are correct.
|
| - EXPECT_EQ(kExpectedError, actual_error);
|
| - EXPECT_EQ(expected_result.cert_status, actual_result.cert_status);
|
| -}
|
| -
|
| -// Tests |Verify| with default params and asynchronous verification using real
|
| -// net::CertVerifier and ok_cert.pem cert.
|
| + // Set up expectation.
|
| + net::CertVerifyResult expectedResult;
|
| + expectedResult.cert_status = net::CERT_STATUS_AUTHORITY_INVALID;
|
| + const int kExpectedStatus = 0;
|
| + EXPECT_CALL(*cert_verifier_mock_,
|
| + Verify(cert_.get(), kHostName, "", 0, nullptr, _, _, _, _))
|
| + .Times(1)
|
| + .WillOnce(testing::DoAll(SetVerifyResult(expectedResult),
|
| + testing::Return(kExpectedStatus)));
|
| +
|
| + // Call |Verify|.
|
| + scoped_ptr<CertVerifyResult> actualResult;
|
| + int actualStatus = -1;
|
| + CertVerifierBlockAdapter::Params params(cert_.get(), kHostName);
|
| + Verify(params, &actualResult, &actualStatus);
|
| +
|
| + // Ensure that Verification results are correct.
|
| + EXPECT_EQ(kExpectedStatus, actualStatus);
|
| + EXPECT_EQ(expectedResult.cert_status, actualResult->cert_status);
|
| +}
|
| +
|
| +// Tests |Verify| with default params and asynchronous verification.
|
| TEST_F(CertVerifierBlockAdapterTest, DefaultParamsAndAsync) {
|
| - // Call |Verify|.
|
| - scoped_ptr<net::CertVerifier> verifier(net::CertVerifier::CreateDefault());
|
| - CertVerifierBlockAdapter test_adapter(verifier.get(), &net_log_);
|
| - CertVerifierBlockAdapter::Params params(cert_.get(), kHostName);
|
| - net::CertVerifyResult actual_result;
|
| - int actual_error = -1;
|
| - Verify(&test_adapter, params, &actual_result, &actual_error);
|
| -
|
| - // Ensure that Verification results are correct.
|
| - EXPECT_FALSE(actual_result.is_issued_by_known_root);
|
| - EXPECT_EQ(net::ERR_CERT_AUTHORITY_INVALID, actual_error);
|
| -}
|
| -
|
| -// Tests |Verify| with invalid cert argument.
|
| -TEST_F(CertVerifierBlockAdapterTest, InvalidCert) {
|
| - // Call |Verify|.
|
| - net::MockCertVerifier verifier;
|
| - CertVerifierBlockAdapter test_adapter(&verifier, &net_log_);
|
| - net::CertVerifyResult actual_result;
|
| - int actual_error = -1;
|
| - CertVerifierBlockAdapter::Params params(nullptr, kHostName);
|
| - Verify(&test_adapter, params, &actual_result, &actual_error);
|
| -
|
| - // Ensure that Verification results are correct.
|
| - EXPECT_EQ(net::ERR_INVALID_ARGUMENT, actual_error);
|
| -}
|
| -
|
| -// Tests |Verify| with invalid hostname argument.
|
| -TEST_F(CertVerifierBlockAdapterTest, InvalidHostname) {
|
| - // Call |Verify|.
|
| - net::MockCertVerifier verifier;
|
| - CertVerifierBlockAdapter test_adapter(&verifier, &net_log_);
|
| - net::CertVerifyResult actual_result;
|
| - int actual_error = -1;
|
| - CertVerifierBlockAdapter::Params params(cert_.get(), std::string());
|
| - Verify(&test_adapter, params, &actual_result, &actual_error);
|
| -
|
| - // Ensure that Verification results are correct.
|
| - EXPECT_EQ(net::ERR_INVALID_ARGUMENT, actual_error);
|
| -}
|
| -
|
| -// Tests |Verify| with synchronous error.
|
| -TEST_F(CertVerifierBlockAdapterTest, DefaultParamsAndSyncError) {
|
| - // Set up expectation.
|
| - net::MockCertVerifier verifier;
|
| - CertVerifierBlockAdapter test_adapter(&verifier, &net_log_);
|
| - const int kExpectedError = net::ERR_INSUFFICIENT_RESOURCES;
|
| - net::CertVerifyResult expected_result;
|
| - expected_result.verified_cert = cert_;
|
| - verifier.AddResultForCertAndHost(cert_.get(), kHostName, expected_result,
|
| - kExpectedError);
|
| -
|
| - // Call |Verify|.
|
| - net::CertVerifyResult actual_result;
|
| - int actual_error = -1;
|
| - CertVerifierBlockAdapter::Params params(cert_.get(), kHostName);
|
| - Verify(&test_adapter, params, &actual_result, &actual_error);
|
| -
|
| - // Ensure that Verification results are correct.
|
| - EXPECT_EQ(kExpectedError, actual_error);
|
| -}
|
| -
|
| -} // namespace web
|
| + // Set up expectation.
|
| + net::CertVerifyResult expectedResult;
|
| + expectedResult.is_issued_by_known_root = true;
|
| + const int kExpectedStatus = 0;
|
| + EXPECT_CALL(*cert_verifier_mock_,
|
| + Verify(cert_.get(), kHostName, "", 0, nullptr, _, _, _, _))
|
| + .Times(1)
|
| + .WillOnce(testing::DoAll(SetVerifyResult(expectedResult), RunCallback(),
|
| + testing::Return(ERR_IO_PENDING)));
|
| +
|
| + // Call |Verify|.
|
| + scoped_ptr<CertVerifyResult> actualResult;
|
| + int actualStatus = -1;
|
| + CertVerifierBlockAdapter::Params params(cert_.get(), kHostName);
|
| + Verify(params, &actualResult, &actualStatus);
|
| +
|
| + // Ensure that Verification results are correct.
|
| + EXPECT_EQ(kExpectedStatus, actualStatus);
|
| + EXPECT_EQ(expectedResult.is_issued_by_known_root,
|
| + actualResult->is_issued_by_known_root);
|
| +}
|
| +
|
| +// Tests |Verify| with invalid arguments.
|
| +TEST_F(CertVerifierBlockAdapterTest, InvalidParamsAndError) {
|
| + // Set up expectation.
|
| + const int kExpectedStatus = ERR_INVALID_ARGUMENT;
|
| + EXPECT_CALL(*cert_verifier_mock_,
|
| + Verify(nullptr, "", "", 0, nullptr, _, _, _, _))
|
| + .Times(1)
|
| + .WillOnce(testing::Return(kExpectedStatus));
|
| +
|
| + // Call |Verify|.
|
| + scoped_ptr<CertVerifyResult> actualResult;
|
| + int actualStatus = -1;
|
| + CertVerifierBlockAdapter::Params params(nullptr, "");
|
| + Verify(params, &actualResult, &actualStatus);
|
| +
|
| + // Ensure that Verification results are correct.
|
| + EXPECT_EQ(kExpectedStatus, actualStatus);
|
| + EXPECT_FALSE(actualResult);
|
| +}
|
| +
|
| +// Tests |Verify| with error.
|
| +TEST_F(CertVerifierBlockAdapterTest, DefaultParamsAndError) {
|
| + // Set up expectation.
|
| + const int kExpectedStatus = ERR_INSUFFICIENT_RESOURCES;
|
| + EXPECT_CALL(*cert_verifier_mock_,
|
| + Verify(cert_.get(), kHostName, "", 0, nullptr, _, _, _, _))
|
| + .Times(1)
|
| + .WillOnce(testing::Return(kExpectedStatus));
|
| +
|
| + // Call |Verify|.
|
| + scoped_ptr<CertVerifyResult> actualResult;
|
| + int actualStatus = -1;
|
| + CertVerifierBlockAdapter::Params params(cert_.get(), kHostName);
|
| + Verify(params, &actualResult, &actualStatus);
|
| +
|
| + // Ensure that Verification results are correct.
|
| + EXPECT_EQ(kExpectedStatus, actualStatus);
|
| + EXPECT_FALSE(actualResult);
|
| +}
|
| +
|
| +// Tests |Verify| with all params and synchronous verification.
|
| +TEST_F(CertVerifierBlockAdapterTest, AllParamsAndSync) {
|
| + // Set up expectation.
|
| + net::CertVerifyResult expectedResult;
|
| + expectedResult.verified_cert = cert_;
|
| + const int kExpectedStatus = 0;
|
| + scoped_refptr<CRLSet> crl_set(CRLSet::EmptyCRLSetForTesting());
|
| + EXPECT_CALL(*cert_verifier_mock_,
|
| + Verify(cert_.get(), kHostName, kOcspResponse,
|
| + CertVerifier::VERIFY_EV_CERT, crl_set.get(), _, _, _, _))
|
| + .Times(1)
|
| + .WillOnce(testing::DoAll(SetVerifyResult(expectedResult),
|
| + testing::Return(kExpectedStatus)));
|
| +
|
| + // Call |Verify|.
|
| + scoped_ptr<CertVerifyResult> actualResult;
|
| + int actualStatus = -1;
|
| + CertVerifierBlockAdapter::Params params(cert_.get(), kHostName);
|
| + params.ocsp_response = kOcspResponse;
|
| + params.flags = CertVerifier::VERIFY_EV_CERT;
|
| + params.crl_set = crl_set;
|
| + Verify(params, &actualResult, &actualStatus);
|
| +
|
| + // Ensure that Verification results are correct.
|
| + EXPECT_EQ(kExpectedStatus, actualStatus);
|
| + EXPECT_EQ(expectedResult.verified_cert, actualResult->verified_cert);
|
| +}
|
| +
|
| +} // namespace
|
|
|
Chromium Code Reviews
Issue 1306733006:
Revert of WKWebView: Added cert verification API to web controller. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master