Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(526)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: ios/web/net/crw_cert_verification_controller_unittest.mm

Issue 1357773002: WKWebView: Implemented recoverable SSL interstitials. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@lock_coloring
Patch Set: Merged with origin/master Created 5 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« ios/web/net/crw_cert_verification_controller.mm ('K') | « ios/web/net/crw_cert_verification_controller.mm ('k') | ios/web/web_state/ui/crw_web_controller_unittest.mm » ('j') | ios/web/web_state/ui/crw_wk_web_view_web_controller.mm » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: ios/web/net/crw_cert_verification_controller_unittest.mm
diff --git a/ios/web/net/crw_cert_verification_controller_unittest.mm b/ios/web/net/crw_cert_verification_controller_unittest.mm
index 6015b5ed8a88c7e3d9a79882a185815c98eb43b2..f0bddc6a85dcf6b57d9dff29ba568054a86ba3aa 100644
--- a/ios/web/net/crw_cert_verification_controller_unittest.mm
+++ b/ios/web/net/crw_cert_verification_controller_unittest.mm
@@ -65,21 +65,22 @@ class CRWCertVerificationControllerTest : public web::WebTest {
return result;
}
- // Synchronously returns result of decidePolicyForCert:host:completionHandler:
- // call.
- void DecidePolicy(const scoped_refptr<net::X509Certificate>& cert,
+ // Synchronously returns result of
+ // decideLoadPolicyForTrust:host:completionHandler: call.
+ void DecidePolicy(const base::ScopedCFTypeRef<SecTrustRef>& trust,
NSString* host,
web::CertAcceptPolicy* policy,
net::CertStatus* status) {
__block bool completion_handler_called = false;
- [controller_ decidePolicyForCert:cert
- host:host
- completionHandler:^(web::CertAcceptPolicy callback_policy,
- net::CertStatus callback_status) {
- *policy = callback_policy;
- *status = callback_status;
- completion_handler_called = true;
- }];
+ [controller_
+ decideLoadPolicyForTrust:trust
+ host:host
+ completionHandler:^(web::CertAcceptPolicy callback_policy,
+ net::CertStatus callback_status) {
+ *policy = callback_policy;
+ *status = callback_status;
+ completion_handler_called = true;
+ }];
base::test::ios::WaitUntilCondition(^{
return completion_handler_called;
}, base::MessageLoop::current(), base::TimeDelta());
@@ -112,8 +113,8 @@ class CRWCertVerificationControllerTest : public web::WebTest {
base::scoped_nsobject<CRWCertVerificationController> controller_;
};
-// Tests cert policy with a valid cert.
-TEST_F(CRWCertVerificationControllerTest, PolicyForValidCert) {
+// Tests cert policy with a valid trust.
+TEST_F(CRWCertVerificationControllerTest, PolicyForValidTrust) {
net::CertVerifyResult verify_result;
verify_result.cert_status = net::CERT_STATUS_NO_REVOCATION_MECHANISM;
verify_result.verified_cert = cert_;
@@ -121,33 +122,83 @@ TEST_F(CRWCertVerificationControllerTest, PolicyForValidCert) {
verify_result, net::OK);
web::CertAcceptPolicy policy = CERT_ACCEPT_POLICY_NON_RECOVERABLE_ERROR;
net::CertStatus status;
- DecidePolicy(cert_, kHostName, &policy, &status);
+ DecidePolicy(valid_trust_, kHostName, &policy, &status);
EXPECT_EQ(CERT_ACCEPT_POLICY_ALLOW, policy);
- EXPECT_EQ(verify_result.cert_status, status);
+ EXPECT_FALSE(status);
}
-// Tests cert policy with an invalid cert.
-TEST_F(CRWCertVerificationControllerTest, PolicyForInvalidCert) {
+// Tests cert policy with an invalid trust not accepted by user.
+TEST_F(CRWCertVerificationControllerTest, PolicyForInvalidTrust) {
+ net::CertVerifyResult result;
+ result.cert_status = net::CERT_STATUS_COMMON_NAME_INVALID;
+ result.verified_cert = cert_;
+ cert_verifier_.AddResultForCertAndHost(cert_.get(), kHostName.UTF8String,
+ result,
+ net::ERR_CERT_COMMON_NAME_INVALID);
+
web::CertAcceptPolicy policy = CERT_ACCEPT_POLICY_NON_RECOVERABLE_ERROR;
net::CertStatus status;
- DecidePolicy(cert_, kHostName, &policy, &status);
- EXPECT_EQ(CERT_ACCEPT_POLICY_RECOVERABLE_ERROR, policy);
+ DecidePolicy(invalid_trust_, kHostName, &policy, &status);
+ EXPECT_EQ(CERT_ACCEPT_POLICY_RECOVERABLE_ERROR_NOT_ACCEPTED_BY_USER, policy);
+ EXPECT_EQ(net::CERT_STATUS_COMMON_NAME_INVALID, status);
}
-// Tests cert policy with null cert.
-TEST_F(CRWCertVerificationControllerTest, PolicyForNullCert) {
+// Tests cert policy with an invalid trust accepted by user.
+TEST_F(CRWCertVerificationControllerTest, PolicyForInvalidTrustAcceptedByUser) {
+ net::CertVerifyResult result;
+ result.cert_status = net::CERT_STATUS_DATE_INVALID;
+ result.verified_cert = cert_;
+ cert_verifier_.AddResultForCertAndHost(cert_.get(), kHostName.UTF8String,
+ result, net::ERR_CERT_DATE_INVALID);
+
+ [controller_ allowCert:cert_.get()
+ forHost:kHostName
+ status:net::CERT_STATUS_ALL_ERRORS];
web::CertAcceptPolicy policy = CERT_ACCEPT_POLICY_NON_RECOVERABLE_ERROR;
net::CertStatus status;
- DecidePolicy(nullptr, kHostName, &policy, &status);
+ DecidePolicy(invalid_trust_, kHostName, &policy, &status);
+ EXPECT_EQ(CERT_ACCEPT_POLICY_RECOVERABLE_ERROR_ACCEPTED_BY_USER, policy);
+ EXPECT_EQ(net::CERT_STATUS_DATE_INVALID, status);
+}
+
+// Tests that allowCert:forHost:status: strips all intermidiate certs.
+TEST_F(CRWCertVerificationControllerTest, AllowCertIgnoresIntermidiateCerts) {
+ scoped_refptr<net::X509Certificate> cert(
+ net::X509Certificate::CreateFromHandle(cert_->os_cert_handle(),
+ {cert_->os_cert_handle()}));
+ net::CertVerifyResult result;
+ result.cert_status = net::CERT_STATUS_DATE_INVALID;
+ result.verified_cert = cert_;
+ cert_verifier_.AddResultForCertAndHost(cert_.get(), kHostName.UTF8String,
+ result, net::ERR_CERT_DATE_INVALID);
+
+ [controller_ allowCert:cert.get()
+ forHost:kHostName
+ status:net::CERT_STATUS_ALL_ERRORS];
+ web::CertAcceptPolicy policy = CERT_ACCEPT_POLICY_NON_RECOVERABLE_ERROR;
+ net::CertStatus status;
+ DecidePolicy(invalid_trust_, kHostName, &policy, &status);
+ EXPECT_EQ(CERT_ACCEPT_POLICY_RECOVERABLE_ERROR_ACCEPTED_BY_USER, policy);
+ EXPECT_EQ(net::CERT_STATUS_DATE_INVALID, status);
+}
+
+// Tests cert policy with null trust.
+TEST_F(CRWCertVerificationControllerTest, PolicyForNullTrust) {
+ web::CertAcceptPolicy policy = CERT_ACCEPT_POLICY_ALLOW;
+ net::CertStatus status;
+ base::ScopedCFTypeRef<SecTrustRef> null_trust;
+ DecidePolicy(null_trust, kHostName, &policy, &status);
EXPECT_EQ(CERT_ACCEPT_POLICY_NON_RECOVERABLE_ERROR, policy);
+ EXPECT_FALSE(status);
}
-// Tests cert policy with null cert and null host.
+// Tests cert policy with invalid trust and null host.
TEST_F(CRWCertVerificationControllerTest, PolicyForNullHost) {
web::CertAcceptPolicy policy = CERT_ACCEPT_POLICY_NON_RECOVERABLE_ERROR;
net::CertStatus status;
- DecidePolicy(cert_, nil, &policy, &status);
- EXPECT_EQ(CERT_ACCEPT_POLICY_NON_RECOVERABLE_ERROR, policy);
+ DecidePolicy(invalid_trust_, nil, &policy, &status);
+ EXPECT_EQ(CERT_ACCEPT_POLICY_RECOVERABLE_ERROR_NOT_ACCEPTED_BY_USER, policy);
+ EXPECT_FALSE(status);
}
// Tests SSL status with valid trust.
« ios/web/net/crw_cert_verification_controller.mm ('K') | « ios/web/net/crw_cert_verification_controller.mm ('k') | ios/web/web_state/ui/crw_web_controller_unittest.mm » ('j') | ios/web/web_state/ui/crw_wk_web_view_web_controller.mm » ('J')

Powered by Google App Engine
This is Rietveld 408576698