| Index: ios/web/net/crw_cert_verification_controller_unittest.mm
|
| diff --git a/ios/web/net/crw_cert_verification_controller_unittest.mm b/ios/web/net/crw_cert_verification_controller_unittest.mm
|
| index 017f2717775911baa00bc81d032212ec3668527e..d6ed88455ed88e0de6921789c002a0de5d2c8e6f 100644
|
| --- a/ios/web/net/crw_cert_verification_controller_unittest.mm
|
| +++ b/ios/web/net/crw_cert_verification_controller_unittest.mm
|
| @@ -11,12 +11,9 @@
|
| #include "ios/web/public/test/web_test.h"
|
| #include "ios/web/public/web_thread.h"
|
| #import "ios/web/web_state/wk_web_view_security_util.h"
|
| -#include "net/cert/mock_cert_verifier.h"
|
| #include "net/cert/x509_certificate.h"
|
| #include "net/test/cert_test_util.h"
|
| #include "net/test/test_data_directory.h"
|
| -#include "net/url_request/url_request_context.h"
|
| -#include "net/url_request/url_request_context_getter.h"
|
|
|
| namespace web {
|
|
|
| @@ -33,14 +30,8 @@ class CRWCertVerificationControllerTest : public web::WebTest {
|
| void SetUp() override {
|
| web::WebTest::SetUp();
|
|
|
| - web::BrowserState* browser_state = GetBrowserState();
|
| - net::URLRequestContextGetter* getter = browser_state->GetRequestContext();
|
| - web::WebThread::PostTask(web::WebThread::IO, FROM_HERE, base::BindBlock(^{
|
| - getter->GetURLRequestContext()->set_cert_verifier(&cert_verifier_);
|
| - }));
|
| -
|
| controller_.reset([[CRWCertVerificationController alloc]
|
| - initWithBrowserState:browser_state]);
|
| + initWithBrowserState:GetBrowserState()]);
|
| cert_ =
|
| net::ImportCertFromFile(net::GetTestCertsDirectory(), kCertFileName);
|
| ASSERT_TRUE(cert_);
|
| @@ -51,11 +42,6 @@ class CRWCertVerificationControllerTest : public web::WebTest {
|
| invalid_trust_ = web::CreateServerTrustFromChain(chain, kHostName);
|
| }
|
|
|
| - void TearDown() override {
|
| - [controller_ shutDown];
|
| - web::WebTest::TearDown();
|
| - }
|
| -
|
| // Returns NSArray of SecCertificateRef objects for the given |cert|.
|
| NSArray* GetChain(const scoped_refptr<net::X509Certificate>& cert) const {
|
| NSMutableArray* result = [NSMutableArray
|
| @@ -110,17 +96,11 @@ class CRWCertVerificationControllerTest : public web::WebTest {
|
| scoped_refptr<net::X509Certificate> cert_;
|
| base::ScopedCFTypeRef<SecTrustRef> valid_trust_;
|
| base::ScopedCFTypeRef<SecTrustRef> invalid_trust_;
|
| - net::MockCertVerifier cert_verifier_;
|
| base::scoped_nsobject<CRWCertVerificationController> controller_;
|
| };
|
|
|
| // Tests cert policy with a valid trust.
|
| TEST_F(CRWCertVerificationControllerTest, PolicyForValidTrust) {
|
| - net::CertVerifyResult verify_result;
|
| - verify_result.cert_status = net::CERT_STATUS_NO_REVOCATION_MECHANISM;
|
| - verify_result.verified_cert = cert_;
|
| - cert_verifier_.AddResultForCertAndHost(cert_.get(), kHostName.UTF8String,
|
| - verify_result, net::OK);
|
| web::CertAcceptPolicy policy = CERT_ACCEPT_POLICY_NON_RECOVERABLE_ERROR;
|
| net::CertStatus status;
|
| DecidePolicy(valid_trust_, kHostName, &policy, &status);
|
| @@ -130,28 +110,16 @@ TEST_F(CRWCertVerificationControllerTest, PolicyForValidTrust) {
|
|
|
| // Tests cert policy with an invalid trust not accepted by user.
|
| TEST_F(CRWCertVerificationControllerTest, PolicyForInvalidTrust) {
|
| - net::CertVerifyResult result;
|
| - result.cert_status = net::CERT_STATUS_COMMON_NAME_INVALID;
|
| - result.verified_cert = cert_;
|
| - cert_verifier_.AddResultForCertAndHost(cert_.get(), kHostName.UTF8String,
|
| - result,
|
| - net::ERR_CERT_COMMON_NAME_INVALID);
|
| -
|
| web::CertAcceptPolicy policy = CERT_ACCEPT_POLICY_NON_RECOVERABLE_ERROR;
|
| net::CertStatus status;
|
| DecidePolicy(invalid_trust_, kHostName, &policy, &status);
|
| EXPECT_EQ(CERT_ACCEPT_POLICY_RECOVERABLE_ERROR_UNDECIDED_BY_USER, policy);
|
| - EXPECT_EQ(net::CERT_STATUS_COMMON_NAME_INVALID, status);
|
| + EXPECT_TRUE(net::CERT_STATUS_AUTHORITY_INVALID & status);
|
| + EXPECT_TRUE(net::CERT_STATUS_INVALID & status);
|
| }
|
|
|
| // Tests cert policy with an invalid trust accepted by user.
|
| TEST_F(CRWCertVerificationControllerTest, PolicyForInvalidTrustAcceptedByUser) {
|
| - net::CertVerifyResult result;
|
| - result.cert_status = net::CERT_STATUS_DATE_INVALID;
|
| - result.verified_cert = cert_;
|
| - cert_verifier_.AddResultForCertAndHost(cert_.get(), kHostName.UTF8String,
|
| - result, net::ERR_CERT_DATE_INVALID);
|
| -
|
| [controller_ allowCert:cert_.get()
|
| forHost:kHostName
|
| status:net::CERT_STATUS_ALL_ERRORS];
|
| @@ -159,36 +127,15 @@ TEST_F(CRWCertVerificationControllerTest, PolicyForInvalidTrustAcceptedByUser) {
|
| net::CertStatus status;
|
| DecidePolicy(invalid_trust_, kHostName, &policy, &status);
|
| EXPECT_EQ(CERT_ACCEPT_POLICY_RECOVERABLE_ERROR_ACCEPTED_BY_USER, policy);
|
| - EXPECT_EQ(net::CERT_STATUS_DATE_INVALID, status);
|
| -}
|
| -
|
| -// Tests cert policy with an invalid trust when CertVerifier considers cert as
|
| -// valid.
|
| -TEST_F(CRWCertVerificationControllerTest,
|
| - PolicyForInvalidTrustWithNoErrorFromCertVerifier) {
|
| - net::CertVerifyResult result;
|
| - result.verified_cert = cert_;
|
| - cert_verifier_.AddResultForCertAndHost(cert_.get(), kHostName.UTF8String,
|
| - result, net::OK);
|
| -
|
| - web::CertAcceptPolicy policy = CERT_ACCEPT_POLICY_NON_RECOVERABLE_ERROR;
|
| - net::CertStatus status;
|
| - DecidePolicy(invalid_trust_, kHostName, &policy, &status);
|
| - EXPECT_EQ(CERT_ACCEPT_POLICY_RECOVERABLE_ERROR_UNDECIDED_BY_USER, policy);
|
| - EXPECT_EQ(net::CERT_STATUS_INVALID, status);
|
| + EXPECT_TRUE(net::CERT_STATUS_AUTHORITY_INVALID & status);
|
| + EXPECT_TRUE(net::CERT_STATUS_INVALID & status);
|
| }
|
|
|
| -// Tests that allowCert:forHost:status: strips all intermidiate certs.
|
| -TEST_F(CRWCertVerificationControllerTest, AllowCertIgnoresIntermidiateCerts) {
|
| +// Tests that allowCert:forHost:status: strips all intermediate certs.
|
| +TEST_F(CRWCertVerificationControllerTest, AllowCertIgnoresIntermediateCerts) {
|
| scoped_refptr<net::X509Certificate> cert(
|
| net::X509Certificate::CreateFromHandle(cert_->os_cert_handle(),
|
| {cert_->os_cert_handle()}));
|
| - net::CertVerifyResult result;
|
| - result.cert_status = net::CERT_STATUS_DATE_INVALID;
|
| - result.verified_cert = cert_;
|
| - cert_verifier_.AddResultForCertAndHost(cert_.get(), kHostName.UTF8String,
|
| - result, net::ERR_CERT_DATE_INVALID);
|
| -
|
| [controller_ allowCert:cert.get()
|
| forHost:kHostName
|
| status:net::CERT_STATUS_ALL_ERRORS];
|
| @@ -196,7 +143,8 @@ TEST_F(CRWCertVerificationControllerTest, AllowCertIgnoresIntermidiateCerts) {
|
| net::CertStatus status;
|
| DecidePolicy(invalid_trust_, kHostName, &policy, &status);
|
| EXPECT_EQ(CERT_ACCEPT_POLICY_RECOVERABLE_ERROR_ACCEPTED_BY_USER, policy);
|
| - EXPECT_EQ(net::CERT_STATUS_DATE_INVALID, status);
|
| + EXPECT_TRUE(net::CERT_STATUS_AUTHORITY_INVALID & status);
|
| + EXPECT_TRUE(net::CERT_STATUS_INVALID & status);
|
| }
|
|
|
| // Tests cert policy with null trust.
|
| @@ -215,7 +163,8 @@ TEST_F(CRWCertVerificationControllerTest, PolicyForNullHost) {
|
| net::CertStatus status;
|
| DecidePolicy(invalid_trust_, nil, &policy, &status);
|
| EXPECT_EQ(CERT_ACCEPT_POLICY_RECOVERABLE_ERROR_UNDECIDED_BY_USER, policy);
|
| - EXPECT_EQ(net::CERT_STATUS_INVALID, status);
|
| + EXPECT_TRUE(net::CERT_STATUS_AUTHORITY_INVALID & status);
|
| + EXPECT_TRUE(net::CERT_STATUS_INVALID & status);
|
| }
|
|
|
| // Tests SSL status with valid trust.
|
| @@ -229,36 +178,14 @@ TEST_F(CRWCertVerificationControllerTest, SSLStatusForValidTrust) {
|
| }
|
|
|
| // Tests SSL status with invalid host.
|
| -TEST_F(CRWCertVerificationControllerTest, SSLStatusForInvalidHost) {
|
| - net::CertVerifyResult result;
|
| - result.cert_status = net::CERT_STATUS_COMMON_NAME_INVALID;
|
| - result.verified_cert = cert_;
|
| - cert_verifier_.AddResultForCertAndHost(cert_.get(), kHostName.UTF8String,
|
| - result,
|
| - net::ERR_CERT_COMMON_NAME_INVALID);
|
| -
|
| - SecurityStyle style = SECURITY_STYLE_UNKNOWN;
|
| - net::CertStatus status = net::CERT_STATUS_ALL_ERRORS;
|
| -
|
| - QueryStatus(invalid_trust_, kHostName, &style, &status);
|
| - EXPECT_EQ(SECURITY_STYLE_AUTHENTICATION_BROKEN, style);
|
| - EXPECT_EQ(status, net::CERT_STATUS_COMMON_NAME_INVALID);
|
| -}
|
| -
|
| -// Tests SSL status with expired cert.
|
| -TEST_F(CRWCertVerificationControllerTest, SSLStatusForExpiredTrust) {
|
| - net::CertVerifyResult result;
|
| - result.cert_status = net::CERT_STATUS_DATE_INVALID;
|
| - result.verified_cert = cert_;
|
| - cert_verifier_.AddResultForCertAndHost(cert_.get(), kHostName.UTF8String,
|
| - result, net::ERR_CERT_DATE_INVALID);
|
| -
|
| +TEST_F(CRWCertVerificationControllerTest, SSLStatusForInvalidTrust) {
|
| SecurityStyle style = SECURITY_STYLE_UNKNOWN;
|
| net::CertStatus status = net::CERT_STATUS_ALL_ERRORS;
|
|
|
| QueryStatus(invalid_trust_, kHostName, &style, &status);
|
| EXPECT_EQ(SECURITY_STYLE_AUTHENTICATION_BROKEN, style);
|
| - EXPECT_EQ(net::CERT_STATUS_DATE_INVALID, status);
|
| + EXPECT_TRUE(net::CERT_STATUS_AUTHORITY_INVALID & status);
|
| + EXPECT_TRUE(net::CERT_STATUS_INVALID & status);
|
| }
|
|
|
| } // namespace web
|
|
|
Chromium Code Reviews
Issue 2225483002:
[ios] Removed CertVerifierBlockAdapter. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master