Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(894)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: ios/web/web_state/wk_web_view_security_util_unittest.mm

Issue 1322193003: WKWebView(iOS9): correctly update SSL status for current navigation item (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@reland_cert_verification
Patch Set: Do not use CertVerifier for good certs Created 5 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« ios/web/web_state/wk_web_view_security_util.mm ('K') | « ios/web/web_state/wk_web_view_security_util.mm ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: ios/web/web_state/wk_web_view_security_util_unittest.mm
diff --git a/ios/web/web_state/wk_web_view_security_util_unittest.mm b/ios/web/web_state/wk_web_view_security_util_unittest.mm
index 88e7701efc0a0c8b06062710acc4c54e4cd51320..30b360a760c62c154b2fa3d5347e53f12cb39b0f 100644
--- a/ios/web/web_state/wk_web_view_security_util_unittest.mm
+++ b/ios/web/web_state/wk_web_view_security_util_unittest.mm
@@ -16,12 +16,15 @@
#include "net/cert/x509_util.h"
#include "net/ssl/ssl_info.h"
#include "testing/gtest/include/gtest/gtest.h"
+#include "testing/gtest_mac.h"
#include "testing/platform_test.h"
namespace web {
namespace {
// Subject for testing self-signed certificate.
const char kTestSubject[] = "self-signed";
+// Hostname for testing SecTrustRef objects.
+NSString* const kTestHost = @"www.example.com";
// Returns an autoreleased certificate chain for testing. Chain will contain a
// single self-signed cert with |subject| as a subject.
@@ -100,6 +103,46 @@ TEST_F(WKWebViewSecurityUtilTest, CreationCertFromNilTrust) {
EXPECT_FALSE(CreateCertFromTrust(nil));
}
+// Tests CreateServerTrustFromChain with valid input.
+TEST_F(WKWebViewSecurityUtilTest, CreationServerTrust) {
+ // Create server trust.
+ NSArray* chain = MakeTestCertChain(kTestSubject);
+ base::ScopedCFTypeRef<SecTrustRef> server_trust(
+ CreateServerTrustFromChain(chain, kTestHost));
+ EXPECT_TRUE(server_trust);
+
+ // Verify chain.
+ EXPECT_EQ(static_cast<CFIndex>(chain.count),
+ SecTrustGetCertificateCount(server_trust));
+ [chain enumerateObjectsUsingBlock:^(id expected_cert, NSUInteger i, BOOL*) {
+ id actual_cert = static_cast<id>(SecTrustGetCertificateAtIndex(
+ server_trust.get(), static_cast<CFIndex>(i)));
+ EXPECT_EQ(expected_cert, actual_cert);
+ }];
+
+ // Verify policies.
+ CFArrayRef policies = nullptr;
+ EXPECT_EQ(errSecSuccess, SecTrustCopyPolicies(server_trust.get(), &policies));
+ EXPECT_EQ(1, CFArrayGetCount(policies));
+ SecPolicyRef policy = (SecPolicyRef)CFArrayGetValueAtIndex(policies, 0);
+ base::ScopedCFTypeRef<CFDictionaryRef> properties(
+ SecPolicyCopyProperties(policy));
+ NSString* name = static_cast<NSString*>(
+ CFDictionaryGetValue(properties.get(), kSecPolicyName));
+ EXPECT_NSEQ(kTestHost, name);
+ CFRelease(policies);
+}
+
+// Tests CreateServerTrustFromChain with nil chain.
+TEST_F(WKWebViewSecurityUtilTest, CreationServerTrustFromNilChain) {
+ EXPECT_FALSE(CreateServerTrustFromChain(nil, kTestHost));
+}
+
+// Tests CreateServerTrustFromChain with empty chain.
+TEST_F(WKWebViewSecurityUtilTest, CreationServerTrustFromEmptyChain) {
+ EXPECT_FALSE(CreateServerTrustFromChain(@[], kTestHost));
+}
+
// Tests that IsWKWebViewSSLError returns true for NSError with NSURLErrorDomain
// domain and NSURLErrorSecureConnectionFailed error code.
TEST_F(WKWebViewSecurityUtilTest, CheckSecureConnectionFailedError) {
@@ -207,4 +250,31 @@ TEST_F(WKWebViewSecurityUtilTest, SSLInfoFromErrorWithCert) {
EXPECT_TRUE(info.cert->subject().GetDisplayName() == kTestSubject);
}
+// Tests GetSecurityStyleFromTrustResult with bad SecTrustResultType result.
+TEST_F(WKWebViewSecurityUtilTest, GetSecurityStyleFromBadResult) {
+ EXPECT_EQ(SECURITY_STYLE_AUTHENTICATION_BROKEN,
+ GetSecurityStyleFromTrustResult(kSecTrustResultDeny));
+ EXPECT_EQ(
+ SECURITY_STYLE_AUTHENTICATION_BROKEN,
+ GetSecurityStyleFromTrustResult(kSecTrustResultRecoverableTrustFailure));
+ EXPECT_EQ(SECURITY_STYLE_AUTHENTICATION_BROKEN,
+ GetSecurityStyleFromTrustResult(kSecTrustResultFatalTrustFailure));
+ EXPECT_EQ(SECURITY_STYLE_AUTHENTICATION_BROKEN,
+ GetSecurityStyleFromTrustResult(kSecTrustResultOtherError));
+}
+
+// Tests GetSecurityStyleFromTrustResult with good SecTrustResultType result.
+TEST_F(WKWebViewSecurityUtilTest, GetSecurityStyleFromGoodResult) {
+ EXPECT_EQ(SECURITY_STYLE_AUTHENTICATED,
+ GetSecurityStyleFromTrustResult(kSecTrustResultProceed));
+ EXPECT_EQ(SECURITY_STYLE_AUTHENTICATED,
+ GetSecurityStyleFromTrustResult(kSecTrustResultUnspecified));
+}
+
+// Tests GetSecurityStyleFromTrustResult with invalid SecTrustResultType result.
+TEST_F(WKWebViewSecurityUtilTest, GetSecurityStyleFromInvalidResult) {
+ EXPECT_EQ(SECURITY_STYLE_UNKNOWN,
+ GetSecurityStyleFromTrustResult(kSecTrustResultInvalid));
+}
+
} // namespace web
« ios/web/web_state/wk_web_view_security_util.mm ('K') | « ios/web/web_state/wk_web_view_security_util.mm ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698