| Index: ios/web/net/crw_cert_verification_controller_unittest.mm
|
| diff --git a/ios/web/net/crw_cert_verification_controller_unittest.mm b/ios/web/net/crw_cert_verification_controller_unittest.mm
|
| index 9aa8869445b9e5f0a5e5298280c11b14201f588c..ccf0a9b857821662239bc0adf53dc539231dbb89 100644
|
| --- a/ios/web/net/crw_cert_verification_controller_unittest.mm
|
| +++ b/ios/web/net/crw_cert_verification_controller_unittest.mm
|
| @@ -9,6 +9,7 @@
|
| #include "base/test/ios/wait_util.h"
|
| #include "ios/web/public/web_thread.h"
|
| #include "ios/web/test/web_test.h"
|
| +#import "ios/web/web_state/wk_web_view_security_util.h"
|
| #include "net/base/test_data_directory.h"
|
| #include "net/cert/mock_cert_verifier.h"
|
| #include "net/cert/x509_certificate.h"
|
| @@ -47,6 +48,10 @@ class CRWCertVerificationControllerTest : public web::WebTest {
|
| invalid_cert_ =
|
| net::ImportCertFromFile(net::GetTestCertsDirectory(), kCertFileName);
|
| ASSERT_TRUE(invalid_cert_);
|
| + valid_trust_ = web::CreateServerTrustFromChain(GetChain(valid_cert_),
|
| + kValidCertHostName);
|
| + invalid_trust_ =
|
| + web::CreateServerTrustFromChain(GetChain(invalid_cert_), kHostName);
|
| }
|
|
|
| void TearDown() override {
|
| @@ -64,21 +69,22 @@ class CRWCertVerificationControllerTest : public web::WebTest {
|
| return result;
|
| }
|
|
|
| - // Synchronously returns result of decidePolicyForCert:host:completionHandler:
|
| - // call.
|
| - void DecidePolicy(const scoped_refptr<net::X509Certificate>& cert,
|
| + // Synchronously returns result of
|
| + // decideLoadPolicyForTrust:host:completionHandler: call.
|
| + void DecidePolicy(SecTrustRef server_trust,
|
| NSString* host,
|
| web::CertAcceptPolicy* policy,
|
| net::CertStatus* status) {
|
| __block bool completion_handler_called = false;
|
| - [controller_ decidePolicyForCert:cert
|
| - host:host
|
| - completionHandler:^(web::CertAcceptPolicy callback_policy,
|
| - net::CertStatus callback_status) {
|
| - *policy = callback_policy;
|
| - *status = callback_status;
|
| - completion_handler_called = true;
|
| - }];
|
| + [controller_
|
| + decideLoadPolicyForTrust:server_trust
|
| + host:host
|
| + completionHandler:^(web::CertAcceptPolicy callback_policy,
|
| + net::CertStatus callback_status) {
|
| + *policy = callback_policy;
|
| + *status = callback_status;
|
| + completion_handler_called = true;
|
| + }];
|
| base::test::ios::WaitUntilCondition(^{
|
| return completion_handler_called;
|
| }, base::MessageLoop::current(), base::TimeDelta());
|
| @@ -106,46 +112,78 @@ class CRWCertVerificationControllerTest : public web::WebTest {
|
|
|
| scoped_refptr<net::X509Certificate> valid_cert_;
|
| scoped_refptr<net::X509Certificate> invalid_cert_;
|
| + base::ScopedCFTypeRef<SecTrustRef> valid_trust_;
|
| + base::ScopedCFTypeRef<SecTrustRef> invalid_trust_;
|
| net::MockCertVerifier cert_verifier_;
|
| base::scoped_nsobject<CRWCertVerificationController> controller_;
|
| };
|
|
|
| -// Tests cert policy with a valid cert.
|
| -TEST_F(CRWCertVerificationControllerTest, PolicyForValidCert) {
|
| +// Tests cert policy with a valid trust.
|
| +TEST_F(CRWCertVerificationControllerTest, PolicyForValidTrust) {
|
| net::CertVerifyResult verify_result;
|
| verify_result.cert_status = net::CERT_STATUS_NO_REVOCATION_MECHANISM;
|
| verify_result.verified_cert = invalid_cert_;
|
| cert_verifier_.AddResultForCertAndHost(
|
| invalid_cert_.get(), kHostName.UTF8String, verify_result, net::OK);
|
| +
|
| web::CertAcceptPolicy policy = CERT_ACCEPT_POLICY_NON_RECOVERABLE_ERROR;
|
| net::CertStatus status;
|
| - DecidePolicy(invalid_cert_, kHostName, &policy, &status);
|
| + DecidePolicy(valid_trust_, kValidCertHostName, &policy, &status);
|
| EXPECT_EQ(CERT_ACCEPT_POLICY_ALLOW, policy);
|
| - EXPECT_EQ(verify_result.cert_status, status);
|
| + EXPECT_FALSE(status);
|
| }
|
|
|
| -// Tests cert policy with an invalid cert.
|
| -TEST_F(CRWCertVerificationControllerTest, PolicyForInvalidCert) {
|
| +// Tests cert policy with an invalid trust not accepted by user.
|
| +TEST_F(CRWCertVerificationControllerTest, PolicyForInvalidTrust) {
|
| + net::CertVerifyResult result;
|
| + result.cert_status = net::CERT_STATUS_COMMON_NAME_INVALID;
|
| + result.verified_cert = invalid_cert_;
|
| + cert_verifier_.AddResultForCertAndHost(invalid_cert_.get(),
|
| + [kHostName UTF8String], result,
|
| + net::ERR_CERT_COMMON_NAME_INVALID);
|
| +
|
| web::CertAcceptPolicy policy = CERT_ACCEPT_POLICY_NON_RECOVERABLE_ERROR;
|
| net::CertStatus status;
|
| - DecidePolicy(invalid_cert_, kHostName, &policy, &status);
|
| - EXPECT_EQ(CERT_ACCEPT_POLICY_RECOVERABLE_ERROR, policy);
|
| + DecidePolicy(invalid_trust_, kHostName, &policy, &status);
|
| + EXPECT_EQ(CERT_ACCEPT_POLICY_RECOVERABLE_ERROR_NOT_ACCEPTED_BY_USER, policy);
|
| + EXPECT_EQ(net::CERT_STATUS_COMMON_NAME_INVALID, status);
|
| }
|
|
|
| -// Tests cert policy with null cert.
|
| -TEST_F(CRWCertVerificationControllerTest, PolicyForNullCert) {
|
| +// Tests cert policy with an invalid trust accepted by user.
|
| +TEST_F(CRWCertVerificationControllerTest, PolicyForInvalidTrustAcceptedByUser) {
|
| + net::CertVerifyResult result;
|
| + result.cert_status = net::CERT_STATUS_DATE_INVALID;
|
| + result.verified_cert = invalid_cert_;
|
| + cert_verifier_.AddResultForCertAndHost(invalid_cert_.get(),
|
| + [kHostName UTF8String], result,
|
| + net::ERR_CERT_DATE_INVALID);
|
| +
|
| + [controller_ allowCert:invalid_cert_.get()
|
| + forHost:kHostName
|
| + status:net::CERT_STATUS_ALL_ERRORS];
|
| web::CertAcceptPolicy policy = CERT_ACCEPT_POLICY_NON_RECOVERABLE_ERROR;
|
| net::CertStatus status;
|
| + DecidePolicy(invalid_trust_, kHostName, &policy, &status);
|
| + EXPECT_EQ(CERT_ACCEPT_POLICY_RECOVERABLE_ERROR_ACCEPTED_BY_USER, policy);
|
| + EXPECT_EQ(net::CERT_STATUS_DATE_INVALID, status);
|
| +}
|
| +
|
| +// Tests cert policy with null trust.
|
| +TEST_F(CRWCertVerificationControllerTest, PolicyForNullTrust) {
|
| + web::CertAcceptPolicy policy = CERT_ACCEPT_POLICY_ALLOW;
|
| + net::CertStatus status;
|
| DecidePolicy(nullptr, kHostName, &policy, &status);
|
| EXPECT_EQ(CERT_ACCEPT_POLICY_NON_RECOVERABLE_ERROR, policy);
|
| + EXPECT_FALSE(status);
|
| }
|
|
|
| -// Tests cert policy with null cert and null host.
|
| +// Tests cert policy with invalid trust and null host.
|
| TEST_F(CRWCertVerificationControllerTest, PolicyForNullHost) {
|
| web::CertAcceptPolicy policy = CERT_ACCEPT_POLICY_NON_RECOVERABLE_ERROR;
|
| net::CertStatus status;
|
| - DecidePolicy(invalid_cert_, nil, &policy, &status);
|
| - EXPECT_EQ(CERT_ACCEPT_POLICY_NON_RECOVERABLE_ERROR, policy);
|
| + DecidePolicy(invalid_trust_, nil, &policy, &status);
|
| + EXPECT_EQ(CERT_ACCEPT_POLICY_RECOVERABLE_ERROR_NOT_ACCEPTED_BY_USER, policy);
|
| + EXPECT_FALSE(status);
|
| }
|
|
|
| // Tests SSL status with valid chain.
|
|
|
Chromium Code Reviews
Issue 1357773002:
WKWebView: Implemented recoverable SSL interstitials. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@lock_coloring