Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(58)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: ios/web/net/crw_cert_verification_controller_unittest.mm

Issue 1322193003: WKWebView(iOS9): correctly update SSL status for current navigation item (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@reland_cert_verification
Patch Set: Minor comments update. Created 5 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« ios/web/net/crw_cert_verification_controller.mm ('K') | « ios/web/net/crw_cert_verification_controller.mm ('k') | ios/web/web_state/ui/crw_wk_web_view_web_controller.mm » ('j') | ios/web/web_state/ui/crw_wk_web_view_web_controller.mm » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: ios/web/net/crw_cert_verification_controller_unittest.mm
diff --git a/ios/web/net/crw_cert_verification_controller_unittest.mm b/ios/web/net/crw_cert_verification_controller_unittest.mm
index ad3a7f3eb9c6311e11650e2e855eccbf099e54bb..616462b38a455b2aac944d940f5edffe40e2fbe1 100644
--- a/ios/web/net/crw_cert_verification_controller_unittest.mm
+++ b/ios/web/net/crw_cert_verification_controller_unittest.mm
@@ -19,10 +19,12 @@
namespace web {
namespace {
-// Generated cert filename.
+// Test certs filenames.
const char kCertFileName[] = "ok_cert.pem";
-// Test hostname for cert verification.
+const char kValidCertFileName[] = "twitter-chain.pem";
+// Test hostnames for cert verification.
NSString* const kHostName = @"www.example.com";
+NSString* const kValidCertHostName = @"twitter.com";
} // namespace
// Test fixture to test CRWCertVerificationController class.
@@ -39,8 +41,12 @@ class CRWCertVerificationControllerTest : public web::WebTest {
controller_.reset([[CRWCertVerificationController alloc]
initWithBrowserState:browser_state]);
- cert_ =
+ valid_cert_ = net::ImportCertFromFile(net::GetTestCertsDirectory(),
+ kValidCertFileName);
+ ASSERT_TRUE(valid_cert_);
+ invalid_cert_ =
net::ImportCertFromFile(net::GetTestCertsDirectory(), kCertFileName);
+ ASSERT_TRUE(invalid_cert_);
}
void TearDown() override {
@@ -48,6 +54,16 @@ class CRWCertVerificationControllerTest : public web::WebTest {
web::WebTest::TearDown();
}
+ // Returns NSArray of SecCertificateRef objects for the given |cert|.
+ NSArray* GetChain(const scoped_refptr<net::X509Certificate>& cert) const {
+ NSMutableArray* result = [NSMutableArray
+ arrayWithObject:static_cast<id>(cert->os_cert_handle())];
+ for (SecCertificateRef intermiiate : cert->GetIntermediateCertificates()) {
stuartmorgan 2015/09/22 20:30:27 intermediate
Eugene But (OOO till 7-30) 2015/09/22 22:43:04 Done.
+ [result addObject:static_cast<id>(intermiiate)];
+ }
+ return result;
+ }
+
// Synchronously returns result of decidePolicyForCert:host:completionHandler:
// call.
void DecidePolicy(const scoped_refptr<net::X509Certificate>& cert,
@@ -68,35 +84,56 @@ class CRWCertVerificationControllerTest : public web::WebTest {
}, base::MessageLoop::current(), base::TimeDelta());
}
- scoped_refptr<net::X509Certificate> cert_;
+ // Synchronously returns result of
+ // querySSLStatusForCertChain:host:completionHandler: call.
+ void QueryStatus(NSArray* chain,
+ NSString* host,
+ SecurityStyle* style,
+ net::CertStatus* status) {
+ __block bool completion_handler_called = false;
+ [controller_ querySSLStatusForCertChain:chain
+ host:host
+ completionHandler:^(SecurityStyle callback_style,
+ net::CertStatus callback_status) {
+ *style = callback_style;
+ *status = callback_status;
+ completion_handler_called = true;
+ }];
+ base::test::ios::WaitUntilCondition(^{
+ return completion_handler_called;
+ }, base::MessageLoop::current(), base::TimeDelta());
+ }
+
+ scoped_refptr<net::X509Certificate> valid_cert_;
+ scoped_refptr<net::X509Certificate> invalid_cert_;
net::MockCertVerifier cert_verifier_;
base::scoped_nsobject<CRWCertVerificationController> controller_;
};
// Tests cert policy with a valid cert.
-TEST_F(CRWCertVerificationControllerTest, ValidCert) {
+TEST_F(CRWCertVerificationControllerTest, PolicyForValidCert) {
net::CertVerifyResult verify_result;
verify_result.cert_status = net::CERT_STATUS_NO_REVOCATION_MECHANISM;
- verify_result.verified_cert = cert_;
- cert_verifier_.AddResultForCertAndHost(cert_.get(), [kHostName UTF8String],
- verify_result, net::OK);
+ verify_result.verified_cert = invalid_cert_;
+ cert_verifier_.AddResultForCertAndHost(
+ invalid_cert_.get(), kHostName.UTF8String, verify_result, net::OK);
web::CertAcceptPolicy policy = CERT_ACCEPT_POLICY_NON_RECOVERABLE_ERROR;
net::CertStatus status;
- DecidePolicy(cert_, kHostName, &policy, &status);
+ DecidePolicy(invalid_cert_, kHostName, &policy, &status);
EXPECT_EQ(CERT_ACCEPT_POLICY_ALLOW, policy);
EXPECT_EQ(verify_result.cert_status, status);
}
// Tests cert policy with an invalid cert.
-TEST_F(CRWCertVerificationControllerTest, InvalidCert) {
+TEST_F(CRWCertVerificationControllerTest, PolicyForInvalidCert) {
web::CertAcceptPolicy policy = CERT_ACCEPT_POLICY_NON_RECOVERABLE_ERROR;
net::CertStatus status;
- DecidePolicy(cert_, kHostName, &policy, &status);
+ DecidePolicy(invalid_cert_, kHostName, &policy, &status);
EXPECT_EQ(CERT_ACCEPT_POLICY_RECOVERABLE_ERROR, policy);
}
// Tests cert policy with null cert.
-TEST_F(CRWCertVerificationControllerTest, NullCert) {
+TEST_F(CRWCertVerificationControllerTest, PolicyForNullCert) {
web::CertAcceptPolicy policy = CERT_ACCEPT_POLICY_NON_RECOVERABLE_ERROR;
net::CertStatus status;
DecidePolicy(nullptr, kHostName, &policy, &status);
@@ -104,11 +141,73 @@ TEST_F(CRWCertVerificationControllerTest, NullCert) {
}
// Tests cert policy with null cert and null host.
-TEST_F(CRWCertVerificationControllerTest, NullHost) {
+TEST_F(CRWCertVerificationControllerTest, PolicyForNullHost) {
web::CertAcceptPolicy policy = CERT_ACCEPT_POLICY_NON_RECOVERABLE_ERROR;
net::CertStatus status;
- DecidePolicy(cert_, nil, &policy, &status);
+ DecidePolicy(invalid_cert_, nil, &policy, &status);
EXPECT_EQ(CERT_ACCEPT_POLICY_NON_RECOVERABLE_ERROR, policy);
}
+// Tests SSL status with valid chain.
+TEST_F(CRWCertVerificationControllerTest, SSLStatusForValidChain) {
+ SecurityStyle style = SECURITY_STYLE_UNKNOWN;
+ net::CertStatus status = net::CERT_STATUS_ALL_ERRORS;
+
+ QueryStatus(GetChain(valid_cert_), kValidCertHostName, &style, &status);
+ EXPECT_EQ(SECURITY_STYLE_AUTHENTICATED, style);
+ EXPECT_FALSE(status);
+}
+
+// Tests SSL status with valid chain and SHA-1 signature.
+TEST_F(CRWCertVerificationControllerTest, SSLStatusForValidChainWithSHA1) {
+ net::CertVerifyResult result;
+ result.cert_status =
+ net::CERT_STATUS_ALL_ERRORS | net::CERT_STATUS_SHA1_SIGNATURE_PRESENT;
+ result.verified_cert = valid_cert_;
+ cert_verifier_.AddResultForCertAndHost(valid_cert_.get(),
+ kValidCertHostName.UTF8String, result,
+ net::ERR_CERT_INVALID);
+
+ SecurityStyle style = SECURITY_STYLE_UNKNOWN;
+ net::CertStatus status = net::CERT_STATUS_ALL_ERRORS;
+
+ QueryStatus(GetChain(valid_cert_), kValidCertHostName, &style, &status);
+ EXPECT_EQ(SECURITY_STYLE_AUTHENTICATED, style);
+ EXPECT_EQ(status, net::CERT_STATUS_SHA1_SIGNATURE_PRESENT);
+}
+
+// Tests SSL status with invalid host.
+TEST_F(CRWCertVerificationControllerTest, SSLStatusForInvalidHost) {
+ net::CertVerifyResult result;
+ result.cert_status = net::CERT_STATUS_COMMON_NAME_INVALID;
+ result.verified_cert = invalid_cert_;
+ cert_verifier_.AddResultForCertAndHost(invalid_cert_.get(),
+ kHostName.UTF8String, result,
+ net::ERR_CERT_COMMON_NAME_INVALID);
+
+ SecurityStyle style = SECURITY_STYLE_UNKNOWN;
+ net::CertStatus status = net::CERT_STATUS_ALL_ERRORS;
+
+ QueryStatus(GetChain(invalid_cert_), kHostName, &style, &status);
+ EXPECT_EQ(SECURITY_STYLE_AUTHENTICATION_BROKEN, style);
+ EXPECT_EQ(status, net::CERT_STATUS_COMMON_NAME_INVALID);
+}
+
+// Tests SSL status with expired cert chain.
+TEST_F(CRWCertVerificationControllerTest, SSLStatusForExpiredCertChain) {
+ net::CertVerifyResult result;
+ result.cert_status = net::CERT_STATUS_DATE_INVALID;
+ result.verified_cert = invalid_cert_;
+ cert_verifier_.AddResultForCertAndHost(invalid_cert_.get(),
+ kHostName.UTF8String, result,
+ net::ERR_CERT_DATE_INVALID);
+
+ SecurityStyle style = SECURITY_STYLE_UNKNOWN;
+ net::CertStatus status = net::CERT_STATUS_ALL_ERRORS;
+
+ QueryStatus(GetChain(invalid_cert_), kHostName, &style, &status);
+ EXPECT_EQ(SECURITY_STYLE_AUTHENTICATION_BROKEN, style);
+ EXPECT_EQ(net::CERT_STATUS_DATE_INVALID, status);
+}
+
} // namespace web
« ios/web/net/crw_cert_verification_controller.mm ('K') | « ios/web/net/crw_cert_verification_controller.mm ('k') | ios/web/web_state/ui/crw_wk_web_view_web_controller.mm » ('j') | ios/web/web_state/ui/crw_wk_web_view_web_controller.mm » ('J')

Powered by Google App Engine
This is Rietveld 408576698