net/cert/cert_verify_proc_ios_unittest.cc - Issue 2225483002: [ios] Removed CertVerifierBlockAdapter.

Side by Side Diff: net/cert/cert_verify_proc_ios_unittest.cc

Issue 2225483002: [ios] Removed CertVerifierBlockAdapter. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Updated includes Created 4 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
(Empty)
	1 // Copyright 2016 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #include "net/cert/cert_verify_proc_ios.h"

	6

	7 #include <CoreFoundation/CoreFoundation.h>

	8 #include <Security/Security.h>

	9

	10 #include "base/mac/scoped_cftyperef.h"

	11 #include "base/memory/ref_counted.h"

	12 #include "net/cert/x509_certificate.h"

	13 #include "net/test/cert_test_util.h"

	14 #include "net/test/test_data_directory.h"

	15 #include "testing/gtest/include/gtest/gtest.h"

	16

	17 namespace {

	18

	19 // Creates new SecTrustRef object backed up by cert from \|cert_file\|.

	20 base::ScopedCFTypeRef<SecTrustRef> CreateSecTrust(

	21 const std::string& cert_file) {

	22 base::ScopedCFTypeRef<SecTrustRef> scoped_result;

	23

	24 scoped_refptr<net::X509Certificate> cert =

	25 net::ImportCertFromFile(net::GetTestCertsDirectory(), cert_file);

	26 base::ScopedCFTypeRef<CFMutableArrayRef> certs(

	27 CFArrayCreateMutable(kCFAllocatorDefault, 1, &kCFTypeArrayCallBacks));

	28 CFArrayAppendValue(certs, cert->os_cert_handle());

	29

	30 base::ScopedCFTypeRef<SecPolicyRef> policy(

	31 SecPolicyCreateSSL(TRUE, CFSTR("chromium.org")));

	32 SecTrustRef result = nullptr;

	33 if (SecTrustCreateWithCertificates(certs, policy, &result) == errSecSuccess) {

	34 scoped_result.reset(result);

	35 }

	36 return scoped_result;

	37 }

	38

	39 } // namespace

	40

	41 namespace net {

	42

	43 // Tests \|GetCertFailureStatusFromTrust\| with null trust object.

	44 TEST(CertVerifyProcIOSTest, StatusForNullTrust) {

	45 EXPECT_EQ(CERT_STATUS_INVALID,

	46 CertVerifyProcIOS::GetCertFailureStatusFromTrust(nullptr));

	47 }

	48

	49 // Tests \|GetCertFailureStatusFromTrust\| with trust object that has not been

	50 // evaluated backed by ok_cert.pem cert.

	51 TEST(CertVerifyProcIOSTest, StatusForNotEvaluatedTrust) {

	52 CertStatus status = CertVerifyProcIOS::GetCertFailureStatusFromTrust(

	53 CreateSecTrust("ok_cert.pem"));

	54 EXPECT_TRUE(status & CERT_STATUS_INVALID);

	55 EXPECT_TRUE(status & CERT_STATUS_AUTHORITY_INVALID);

	56 EXPECT_FALSE(status & CERT_STATUS_DATE_INVALID);

	57 }

	58

	59 // Tests \|GetCertFailureStatusFromTrust\| with evaluated trust object backed by

	60 // expired_cert.pem cert.

	61 TEST(CertVerifyProcIOSTest, StatusForEvaluatedTrust) {

	62 base::ScopedCFTypeRef<SecTrustRef> trust(CreateSecTrust("expired_cert.pem"));

	63 ASSERT_TRUE(trust);

	64 SecTrustEvaluate(trust, nullptr);

	65

	66 CertStatus status = CertVerifyProcIOS::GetCertFailureStatusFromTrust(trust);

	67 EXPECT_TRUE(status & CERT_STATUS_INVALID);
	Ryan Sleevi 2016/08/12 00:16:23 This surprises me - have you debugged into why we' This surprises me - have you debugged into why we're setting CERT_STATUS_INVALID here? I would not expect this. Eugene But (OOO till 7-30) 2016/08/12 16:16:40 I actually debugged it and wanted to ask about thi Show quoted text On 2016/08/12 00:16:23, Ryan Sleevi (slow) wrote: > This surprises me - have you debugged into why we're setting CERT_STATUS_INVALID > here? I would not expect this. I actually debugged it and wanted to ask about this, but then I forgot :( so thanks for reminding me. We do not handle "Hostname mismatch." error and defaulting to CERT_STATUS_INVALID. Should we handle it? Ryan Sleevi 2016/08/12 16:28:33 If iOS tells us the hostname is mismatched, we cer Show quoted text On 2016/08/12 16:16:40, Eugene But wrote: > On 2016/08/12 00:16:23, Ryan Sleevi (slow) wrote: > > This surprises me - have you debugged into why we're setting > CERT_STATUS_INVALID > > here? I would not expect this. > I actually debugged it and wanted to ask about this, but then I forgot :( so > thanks for reminding me. > We do not handle "Hostname mismatch." error and defaulting to > CERT_STATUS_INVALID. Should we handle it? If iOS tells us the hostname is mismatched, we certainly should add code to the CVPIOS to handle that, yeah. Eugene But (OOO till 7-30) 2016/08/12 22:33:02 Used COMMON_NAME_INVALID for this error. Show quoted text On 2016/08/12 16:28:33, Ryan Sleevi (slow) wrote: > On 2016/08/12 16:16:40, Eugene But wrote: > > On 2016/08/12 00:16:23, Ryan Sleevi (slow) wrote: > > > This surprises me - have you debugged into why we're setting > > CERT_STATUS_INVALID > > > here? I would not expect this. > > I actually debugged it and wanted to ask about this, but then I forgot :( so > > thanks for reminding me. > > We do not handle "Hostname mismatch." error and defaulting to > > CERT_STATUS_INVALID. Should we handle it? > > If iOS tells us the hostname is mismatched, we certainly should add code to the > CVPIOS to handle that, yeah. Used COMMON_NAME_INVALID for this error.
	68 EXPECT_TRUE(status & CERT_STATUS_AUTHORITY_INVALID);

	69 EXPECT_TRUE(status & CERT_STATUS_DATE_INVALID);

	70 }

	71

	72 } // namespace net

OLD	NEW

« net/cert/cert_verify_proc_ios.cc ('K') | « net/cert/cert_verify_proc_ios.cc ('k') | net/net.gypi » ('j') | no next file with comments »