WKWebView(iOS9): correctly update SSL status for current navigation item

ios/web/net/crw_cert_verification_controller_unittest.mm

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "ios/web/net/crw_cert_verification_controller.h"
 
 #include "base/mac/bind_objc_block.h"
 #include "base/message_loop/message_loop.h"
 #include "base/test/ios/wait_util.h"
 #include "ios/web/public/web_thread.h"
@@ skipping 56 matching lines @@
       return completion_handler_called;
     }, base::MessageLoop::current(), base::TimeDelta());
   }
 
   scoped_refptr<net::X509Certificate> cert_;
   net::MockCertVerifier cert_verifier_;
   base::scoped_nsobject<CRWCertVerificationController> controller_;
 };
 
 // Tests cert policy with a valid cert.
-TEST_F(CRWCertVerificationControllerTest, ValidCert) {
+TEST_F(CRWCertVerificationControllerTest, PolicyForValidCert) {
   net::CertVerifyResult verify_result;
   verify_result.cert_status = net::CERT_STATUS_NO_REVOCATION_MECHANISM;
   verify_result.verified_cert = cert_;
   cert_verifier_.AddResultForCertAndHost(cert_.get(), [kHostName UTF8String],
                                          verify_result, net::OK);
   web::CertAcceptPolicy policy = CERT_ACCEPT_POLICY_NON_RECOVERABLE_ERROR;
   net::CertStatus status;
   DecidePolicy(cert_, kHostName, &policy, &status);
   EXPECT_EQ(CERT_ACCEPT_POLICY_ALLOW, policy);
   EXPECT_EQ(verify_result.cert_status, status);
 }
 
 // Tests cert policy with an invalid cert.
-TEST_F(CRWCertVerificationControllerTest, InvalidCert) {
+TEST_F(CRWCertVerificationControllerTest, PolicyForInvalidCert) {
   web::CertAcceptPolicy policy = CERT_ACCEPT_POLICY_NON_RECOVERABLE_ERROR;
   net::CertStatus status;
   DecidePolicy(cert_, kHostName, &policy, &status);
   EXPECT_EQ(CERT_ACCEPT_POLICY_RECOVERABLE_ERROR, policy);
 }
 
 // Tests cert policy with null cert.
-TEST_F(CRWCertVerificationControllerTest, NullCert) {
+TEST_F(CRWCertVerificationControllerTest, PolicyForNullCert) {
   web::CertAcceptPolicy policy = CERT_ACCEPT_POLICY_NON_RECOVERABLE_ERROR;
   net::CertStatus status;
   DecidePolicy(nullptr, kHostName, &policy, &status);
   EXPECT_EQ(CERT_ACCEPT_POLICY_NON_RECOVERABLE_ERROR, policy);
 }
 
 // Tests cert policy with null cert and null host.
-TEST_F(CRWCertVerificationControllerTest, NullHost) {
+TEST_F(CRWCertVerificationControllerTest, PolicyForNullHost) {
   web::CertAcceptPolicy policy = CERT_ACCEPT_POLICY_NON_RECOVERABLE_ERROR;
   net::CertStatus status;
   DecidePolicy(cert_, nil, &policy, &status);
   EXPECT_EQ(CERT_ACCEPT_POLICY_NON_RECOVERABLE_ERROR, policy);
 }
 
+// Tests SSL status with invalid cert.
+TEST_F(CRWCertVerificationControllerTest, SSLStatusForInvalidCert) {

[jww, 2015/09/19 02:16:34]

Shouldn't we have tests for various kinds of invalid certs? And shouldn't we
have a test for valid certs?

[Eugene But (OOO till 7-30), 2015/09/21 17:23:40]

Updated with the following test cases:
 - valid chain, no errors
 - valid chain, SHA-1 signature, all CertVerifier errors are ignored
 - invalid chain, expired cert
 - invalid chain, hostname mismatch 

I believe there is no need to add more test cases for invalid cert, because
these tests use MockCertVerifier.

+  __block bool completion_handler_called = false;
+  [controller_
+      querySSLStatusForCertChain:@[ static_cast<id>(cert_->os_cert_handle()) ]
+                            host:kHostName
+               completionHandler:^(SecurityStyle style,
+                                   net::CertStatus status) {
+                 EXPECT_EQ(SECURITY_STYLE_AUTHENTICATION_BROKEN, style);
+                 EXPECT_TRUE(status && net::CERT_STATUS_INVALID);
+                 completion_handler_called = true;
+               }];
+  base::test::ios::WaitUntilCondition(^{
+    return completion_handler_called;
+  }, base::MessageLoop::current(), base::TimeDelta());
+}
+
 }  // namespace web