Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(383)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: ios/web/net/crw_cert_verification_controller_unittest.mm

Issue 1322193003: WKWebView(iOS9): correctly update SSL status for current navigation item (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@reland_cert_verification
Patch Set: Updated comments Created 5 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« ios/web/net/crw_cert_verification_controller.mm ('K') | « ios/web/net/crw_cert_verification_controller.mm ('k') | ios/web/web_state/ui/crw_wk_web_view_web_controller.mm » ('j') | ios/web/web_state/ui/crw_wk_web_view_web_controller.mm » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: ios/web/net/crw_cert_verification_controller_unittest.mm
diff --git a/ios/web/net/crw_cert_verification_controller_unittest.mm b/ios/web/net/crw_cert_verification_controller_unittest.mm
index ad3a7f3eb9c6311e11650e2e855eccbf099e54bb..6015b5ed8a88c7e3d9a79882a185815c98eb43b2 100644
--- a/ios/web/net/crw_cert_verification_controller_unittest.mm
+++ b/ios/web/net/crw_cert_verification_controller_unittest.mm
@@ -9,6 +9,7 @@
#include "base/test/ios/wait_util.h"
#include "ios/web/public/web_thread.h"
#include "ios/web/test/web_test.h"
+#import "ios/web/web_state/wk_web_view_security_util.h"
#include "net/base/test_data_directory.h"
#include "net/cert/mock_cert_verifier.h"
#include "net/cert/x509_certificate.h"
@@ -41,6 +42,12 @@ class CRWCertVerificationControllerTest : public web::WebTest {
initWithBrowserState:browser_state]);
cert_ =
net::ImportCertFromFile(net::GetTestCertsDirectory(), kCertFileName);
+ ASSERT_TRUE(cert_);
+
+ NSArray* chain = GetChain(cert_);
+ valid_trust_ = web::CreateServerTrustFromChain(chain, kHostName);
+ web::EnsureFutureTrustEvaluationSucceeds(valid_trust_.get());
+ invalid_trust_ = web::CreateServerTrustFromChain(chain, kHostName);
}
void TearDown() override {
@@ -48,6 +55,16 @@ class CRWCertVerificationControllerTest : public web::WebTest {
web::WebTest::TearDown();
}
+ // Returns NSArray of SecCertificateRef objects for the given |cert|.
+ NSArray* GetChain(const scoped_refptr<net::X509Certificate>& cert) const {
+ NSMutableArray* result = [NSMutableArray
+ arrayWithObject:static_cast<id>(cert->os_cert_handle())];
+ for (SecCertificateRef intermediate : cert->GetIntermediateCertificates()) {
+ [result addObject:static_cast<id>(intermediate)];
+ }
+ return result;
+ }
+
// Synchronously returns result of decidePolicyForCert:host:completionHandler:
// call.
void DecidePolicy(const scoped_refptr<net::X509Certificate>& cert,
@@ -68,17 +85,39 @@ class CRWCertVerificationControllerTest : public web::WebTest {
}, base::MessageLoop::current(), base::TimeDelta());
}
+ // Synchronously returns result of
+ // querySSLStatusForTrust:host:completionHandler: call.
+ void QueryStatus(const base::ScopedCFTypeRef<SecTrustRef>& trust,
+ NSString* host,
+ SecurityStyle* style,
+ net::CertStatus* status) {
+ __block bool completion_handler_called = false;
+ [controller_ querySSLStatusForTrust:trust
+ host:host
+ completionHandler:^(SecurityStyle callback_style,
+ net::CertStatus callback_status) {
+ *style = callback_style;
+ *status = callback_status;
+ completion_handler_called = true;
+ }];
+ base::test::ios::WaitUntilCondition(^{
+ return completion_handler_called;
+ }, base::MessageLoop::current(), base::TimeDelta());
+ }
+
scoped_refptr<net::X509Certificate> cert_;
+ base::ScopedCFTypeRef<SecTrustRef> valid_trust_;
+ base::ScopedCFTypeRef<SecTrustRef> invalid_trust_;
net::MockCertVerifier cert_verifier_;
base::scoped_nsobject<CRWCertVerificationController> controller_;
};
// Tests cert policy with a valid cert.
-TEST_F(CRWCertVerificationControllerTest, ValidCert) {
+TEST_F(CRWCertVerificationControllerTest, PolicyForValidCert) {
net::CertVerifyResult verify_result;
verify_result.cert_status = net::CERT_STATUS_NO_REVOCATION_MECHANISM;
verify_result.verified_cert = cert_;
- cert_verifier_.AddResultForCertAndHost(cert_.get(), [kHostName UTF8String],
+ cert_verifier_.AddResultForCertAndHost(cert_.get(), kHostName.UTF8String,
verify_result, net::OK);
web::CertAcceptPolicy policy = CERT_ACCEPT_POLICY_NON_RECOVERABLE_ERROR;
net::CertStatus status;
@@ -88,7 +127,7 @@ TEST_F(CRWCertVerificationControllerTest, ValidCert) {
}
// Tests cert policy with an invalid cert.
-TEST_F(CRWCertVerificationControllerTest, InvalidCert) {
+TEST_F(CRWCertVerificationControllerTest, PolicyForInvalidCert) {
web::CertAcceptPolicy policy = CERT_ACCEPT_POLICY_NON_RECOVERABLE_ERROR;
net::CertStatus status;
DecidePolicy(cert_, kHostName, &policy, &status);
@@ -96,7 +135,7 @@ TEST_F(CRWCertVerificationControllerTest, InvalidCert) {
}
// Tests cert policy with null cert.
-TEST_F(CRWCertVerificationControllerTest, NullCert) {
+TEST_F(CRWCertVerificationControllerTest, PolicyForNullCert) {
web::CertAcceptPolicy policy = CERT_ACCEPT_POLICY_NON_RECOVERABLE_ERROR;
net::CertStatus status;
DecidePolicy(nullptr, kHostName, &policy, &status);
@@ -104,11 +143,54 @@ TEST_F(CRWCertVerificationControllerTest, NullCert) {
}
// Tests cert policy with null cert and null host.
-TEST_F(CRWCertVerificationControllerTest, NullHost) {
+TEST_F(CRWCertVerificationControllerTest, PolicyForNullHost) {
web::CertAcceptPolicy policy = CERT_ACCEPT_POLICY_NON_RECOVERABLE_ERROR;
net::CertStatus status;
DecidePolicy(cert_, nil, &policy, &status);
EXPECT_EQ(CERT_ACCEPT_POLICY_NON_RECOVERABLE_ERROR, policy);
}
+// Tests SSL status with valid trust.
+TEST_F(CRWCertVerificationControllerTest, SSLStatusForValidTrust) {
+ SecurityStyle style = SECURITY_STYLE_UNKNOWN;
+ net::CertStatus status = net::CERT_STATUS_ALL_ERRORS;
+
+ QueryStatus(valid_trust_, kHostName, &style, &status);
+ EXPECT_EQ(SECURITY_STYLE_AUTHENTICATED, style);
+ EXPECT_FALSE(status);
+}
+
+// Tests SSL status with invalid host.
+TEST_F(CRWCertVerificationControllerTest, SSLStatusForInvalidHost) {
+ net::CertVerifyResult result;
+ result.cert_status = net::CERT_STATUS_COMMON_NAME_INVALID;
+ result.verified_cert = cert_;
+ cert_verifier_.AddResultForCertAndHost(cert_.get(), kHostName.UTF8String,
+ result,
+ net::ERR_CERT_COMMON_NAME_INVALID);
+
+ SecurityStyle style = SECURITY_STYLE_UNKNOWN;
+ net::CertStatus status = net::CERT_STATUS_ALL_ERRORS;
+
+ QueryStatus(invalid_trust_, kHostName, &style, &status);
+ EXPECT_EQ(SECURITY_STYLE_AUTHENTICATION_BROKEN, style);
+ EXPECT_EQ(status, net::CERT_STATUS_COMMON_NAME_INVALID);
+}
+
+// Tests SSL status with expired cert.
+TEST_F(CRWCertVerificationControllerTest, SSLStatusForExpiredTrust) {
+ net::CertVerifyResult result;
+ result.cert_status = net::CERT_STATUS_DATE_INVALID;
+ result.verified_cert = cert_;
+ cert_verifier_.AddResultForCertAndHost(cert_.get(), kHostName.UTF8String,
+ result, net::ERR_CERT_DATE_INVALID);
+
+ SecurityStyle style = SECURITY_STYLE_UNKNOWN;
+ net::CertStatus status = net::CERT_STATUS_ALL_ERRORS;
+
+ QueryStatus(invalid_trust_, kHostName, &style, &status);
+ EXPECT_EQ(SECURITY_STYLE_AUTHENTICATION_BROKEN, style);
+ EXPECT_EQ(net::CERT_STATUS_DATE_INVALID, status);
+}
+
} // namespace web
« ios/web/net/crw_cert_verification_controller.mm ('K') | « ios/web/net/crw_cert_verification_controller.mm ('k') | ios/web/web_state/ui/crw_wk_web_view_web_controller.mm » ('j') | ios/web/web_state/ui/crw_wk_web_view_web_controller.mm » ('J')

Powered by Google App Engine
This is Rietveld 408576698