OLD | NEW |
1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #import "ios/web/net/crw_ssl_status_updater.h" | 5 #import "ios/web/net/crw_ssl_status_updater.h" |
6 | 6 |
7 #include "base/mac/scoped_block.h" | 7 #include "base/mac/scoped_block.h" |
8 #include "base/strings/sys_string_conversions.h" | 8 #include "base/strings/sys_string_conversions.h" |
9 #import "ios/web/navigation/crw_session_controller+private_constructors.h" | 9 #import "ios/web/navigation/crw_session_controller+private_constructors.h" |
10 #import "ios/web/navigation/crw_session_controller.h" | 10 #import "ios/web/navigation/crw_session_controller.h" |
11 #import "ios/web/navigation/navigation_manager_impl.h" | 11 #import "ios/web/navigation/navigation_manager_impl.h" |
12 #include "ios/web/public/cert_store.h" | |
13 #include "ios/web/public/navigation_item.h" | 12 #include "ios/web/public/navigation_item.h" |
14 #include "ios/web/public/ssl_status.h" | 13 #include "ios/web/public/ssl_status.h" |
15 #include "ios/web/public/test/web_test.h" | 14 #include "ios/web/public/test/web_test.h" |
16 #import "ios/web/web_state/wk_web_view_security_util.h" | 15 #import "ios/web/web_state/wk_web_view_security_util.h" |
17 #include "net/test/cert_test_util.h" | 16 #include "net/test/cert_test_util.h" |
18 #include "net/test/test_data_directory.h" | 17 #include "net/test/test_data_directory.h" |
19 #include "third_party/ocmock/OCMock/OCMock.h" | 18 #include "third_party/ocmock/OCMock/OCMock.h" |
20 #include "third_party/ocmock/gtest_support.h" | 19 #include "third_party/ocmock/gtest_support.h" |
21 | 20 |
22 // Mocks CRWSSLStatusUpdaterTestDataSource. | 21 // Mocks CRWSSLStatusUpdaterTestDataSource. |
(...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
62 | 61 |
63 namespace { | 62 namespace { |
64 // Generated cert filename. | 63 // Generated cert filename. |
65 const char kCertFileName[] = "ok_cert.pem"; | 64 const char kCertFileName[] = "ok_cert.pem"; |
66 // Test hostname for cert verification. | 65 // Test hostname for cert verification. |
67 NSString* const kHostName = @"www.example.com"; | 66 NSString* const kHostName = @"www.example.com"; |
68 // Test https url for cert verification. | 67 // Test https url for cert verification. |
69 const char kHttpsUrl[] = "https://www.example.com"; | 68 const char kHttpsUrl[] = "https://www.example.com"; |
70 // Test http url for cert verification. | 69 // Test http url for cert verification. |
71 const char kHttpUrl[] = "http://www.example.com"; | 70 const char kHttpUrl[] = "http://www.example.com"; |
72 // Test cert group ID. | |
73 const int kCertGroupID = 1; | |
74 } // namespace | 71 } // namespace |
75 | 72 |
76 // Test fixture to test CRWSSLStatusUpdater class. | 73 // Test fixture to test CRWSSLStatusUpdater class. |
77 class CRWSSLStatusUpdaterTest : public web::WebTest { | 74 class CRWSSLStatusUpdaterTest : public web::WebTest { |
78 protected: | 75 protected: |
79 void SetUp() override { | 76 void SetUp() override { |
80 web::WebTest::SetUp(); | 77 web::WebTest::SetUp(); |
81 | 78 |
82 data_source_.reset([[CRWSSLStatusUpdaterTestDataSource alloc] init]); | 79 data_source_.reset([[CRWSSLStatusUpdaterTestDataSource alloc] init]); |
83 delegate_.reset([[OCMockObject | 80 delegate_.reset([[OCMockObject |
84 mockForProtocol:@protocol(CRWSSLStatusUpdaterDelegate)] retain]); | 81 mockForProtocol:@protocol(CRWSSLStatusUpdaterDelegate)] retain]); |
85 | 82 |
86 nav_manager_.reset(new NavigationManagerImpl(nullptr, GetBrowserState())); | 83 nav_manager_.reset(new NavigationManagerImpl(nullptr, GetBrowserState())); |
87 | 84 |
88 ssl_status_updater_.reset([[CRWSSLStatusUpdater alloc] | 85 ssl_status_updater_.reset([[CRWSSLStatusUpdater alloc] |
89 initWithDataSource:data_source_ | 86 initWithDataSource:data_source_ |
90 navigationManager:nav_manager_.get() | 87 navigationManager:nav_manager_.get()]); |
91 certGroupID:kCertGroupID]); | |
92 [ssl_status_updater_ setDelegate:delegate_]; | 88 [ssl_status_updater_ setDelegate:delegate_]; |
93 | 89 |
94 // Create test cert chain. | 90 // Create test cert chain. |
95 scoped_refptr<net::X509Certificate> cert = | 91 scoped_refptr<net::X509Certificate> cert = |
96 net::ImportCertFromFile(net::GetTestCertsDirectory(), kCertFileName); | 92 net::ImportCertFromFile(net::GetTestCertsDirectory(), kCertFileName); |
97 ASSERT_TRUE(cert); | 93 ASSERT_TRUE(cert); |
98 NSArray* chain = @[ static_cast<id>(cert->os_cert_handle()) ]; | 94 NSArray* chain = @[ static_cast<id>(cert->os_cert_handle()) ]; |
99 trust_ = CreateServerTrustFromChain(chain, kHostName); | 95 trust_ = CreateServerTrustFromChain(chain, kHostName); |
100 } | 96 } |
101 | 97 |
(...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
140 // Make sure that item change callback was called. | 136 // Make sure that item change callback was called. |
141 [[delegate_ expect] SSLStatusUpdater:ssl_status_updater_ | 137 [[delegate_ expect] SSLStatusUpdater:ssl_status_updater_ |
142 didChangeSSLStatusForNavigationItem:item]; | 138 didChangeSSLStatusForNavigationItem:item]; |
143 | 139 |
144 [ssl_status_updater_ updateSSLStatusForNavigationItem:item | 140 [ssl_status_updater_ updateSSLStatusForNavigationItem:item |
145 withCertHost:kHostName | 141 withCertHost:kHostName |
146 trust:trust_ | 142 trust:trust_ |
147 hasOnlySecureContent:NO]; | 143 hasOnlySecureContent:NO]; |
148 | 144 |
149 // No certificate for http. | 145 // No certificate for http. |
150 EXPECT_FALSE(item->GetSSL().cert_id); | 146 EXPECT_FALSE(!!item->GetSSL().certificate); |
151 // Make sure that security style and content status did change. | 147 // Make sure that security style and content status did change. |
152 EXPECT_EQ(web::SECURITY_STYLE_UNAUTHENTICATED, item->GetSSL().security_style); | 148 EXPECT_EQ(web::SECURITY_STYLE_UNAUTHENTICATED, item->GetSSL().security_style); |
153 EXPECT_EQ(web::SSLStatus::DISPLAYED_INSECURE_CONTENT, | 149 EXPECT_EQ(web::SSLStatus::DISPLAYED_INSECURE_CONTENT, |
154 item->GetSSL().content_status); | 150 item->GetSSL().content_status); |
155 } | 151 } |
156 | 152 |
157 // Tests that delegate callback is not called if no changes were made to http | 153 // Tests that delegate callback is not called if no changes were made to http |
158 // navigation item. | 154 // navigation item. |
159 TEST_F(CRWSSLStatusUpdaterTest, NoChangesToHttpItem) { | 155 TEST_F(CRWSSLStatusUpdaterTest, NoChangesToHttpItem) { |
160 nav_manager_->SetSessionController(SessionControllerWithEntry(kHttpUrl)); | 156 nav_manager_->SetSessionController(SessionControllerWithEntry(kHttpUrl)); |
161 web::NavigationItem* item = nav_manager_->GetLastCommittedItem(); | 157 web::NavigationItem* item = nav_manager_->GetLastCommittedItem(); |
162 item->GetSSL().security_style = SECURITY_STYLE_UNAUTHENTICATED; | 158 item->GetSSL().security_style = SECURITY_STYLE_UNAUTHENTICATED; |
163 | 159 |
164 [ssl_status_updater_ updateSSLStatusForNavigationItem:item | 160 [ssl_status_updater_ updateSSLStatusForNavigationItem:item |
165 withCertHost:kHostName | 161 withCertHost:kHostName |
166 trust:trust_ | 162 trust:trust_ |
167 hasOnlySecureContent:YES]; | 163 hasOnlySecureContent:YES]; |
168 // No certificate for http. | 164 // No certificate for http. |
169 EXPECT_FALSE(item->GetSSL().cert_id); | 165 EXPECT_FALSE(!!item->GetSSL().certificate); |
170 // Make sure that security style did not change. | 166 // Make sure that security style did not change. |
171 EXPECT_EQ(web::SECURITY_STYLE_UNAUTHENTICATED, item->GetSSL().security_style); | 167 EXPECT_EQ(web::SECURITY_STYLE_UNAUTHENTICATED, item->GetSSL().security_style); |
172 } | 168 } |
173 | 169 |
174 // Tests updating https navigation item without cert. | 170 // Tests updating https navigation item without cert. |
175 TEST_F(CRWSSLStatusUpdaterTest, HttpsItemNoCert) { | 171 TEST_F(CRWSSLStatusUpdaterTest, HttpsItemNoCert) { |
176 nav_manager_->SetSessionController(SessionControllerWithEntry(kHttpsUrl)); | 172 nav_manager_->SetSessionController(SessionControllerWithEntry(kHttpsUrl)); |
177 web::NavigationItem* item = nav_manager_->GetLastCommittedItem(); | 173 web::NavigationItem* item = nav_manager_->GetLastCommittedItem(); |
178 // Change default value to test that |item| is actually changed. | 174 // Change default value to test that |item| is actually changed. |
179 item->GetSSL().security_style = SECURITY_STYLE_UNAUTHENTICATED; | 175 item->GetSSL().security_style = SECURITY_STYLE_UNAUTHENTICATED; |
180 | 176 |
181 // Make sure that item change callback was called. | 177 // Make sure that item change callback was called. |
182 [[delegate_ expect] SSLStatusUpdater:ssl_status_updater_ | 178 [[delegate_ expect] SSLStatusUpdater:ssl_status_updater_ |
183 didChangeSSLStatusForNavigationItem:item]; | 179 didChangeSSLStatusForNavigationItem:item]; |
184 | 180 |
185 [ssl_status_updater_ | 181 [ssl_status_updater_ |
186 updateSSLStatusForNavigationItem:item | 182 updateSSLStatusForNavigationItem:item |
187 withCertHost:kHostName | 183 withCertHost:kHostName |
188 trust:base::ScopedCFTypeRef<SecTrustRef>() | 184 trust:base::ScopedCFTypeRef<SecTrustRef>() |
189 hasOnlySecureContent:YES]; | 185 hasOnlySecureContent:YES]; |
190 // No certificate. | 186 // No certificate. |
191 EXPECT_FALSE(item->GetSSL().cert_id); | 187 EXPECT_FALSE(!!item->GetSSL().certificate); |
192 // Make sure that security style did change. | 188 // Make sure that security style did change. |
193 EXPECT_EQ(web::SECURITY_STYLE_UNKNOWN, item->GetSSL().security_style); | 189 EXPECT_EQ(web::SECURITY_STYLE_UNKNOWN, item->GetSSL().security_style); |
194 EXPECT_EQ(web::SSLStatus::NORMAL_CONTENT, item->GetSSL().content_status); | 190 EXPECT_EQ(web::SSLStatus::NORMAL_CONTENT, item->GetSSL().content_status); |
195 } | 191 } |
196 | 192 |
197 // Tests that unnecessary cert verification does not happen if SSL status has | 193 // Tests that unnecessary cert verification does not happen if SSL status has |
198 // already been calculated and the only change was appearing of mixed content. | 194 // already been calculated and the only change was appearing of mixed content. |
199 TEST_F(CRWSSLStatusUpdaterTest, HttpsItemNoCertReverification) { | 195 TEST_F(CRWSSLStatusUpdaterTest, HttpsItemNoCertReverification) { |
200 nav_manager_->SetSessionController(SessionControllerWithEntry(kHttpsUrl)); | 196 nav_manager_->SetSessionController(SessionControllerWithEntry(kHttpsUrl)); |
201 web::NavigationItem* item = nav_manager_->GetLastCommittedItem(); | 197 web::NavigationItem* item = nav_manager_->GetLastCommittedItem(); |
202 // Set SSL status manually in the way so cert re-verification is not run. | 198 // Set SSL status manually in the way so cert re-verification is not run. |
203 item->GetSSL().cert_status_host = base::SysNSStringToUTF8(kHostName); | 199 item->GetSSL().cert_status_host = base::SysNSStringToUTF8(kHostName); |
204 item->GetSSL().cert_id = web::CertStore::GetInstance()->StoreCert( | 200 item->GetSSL().certificate = web::CreateCertFromTrust(trust_); |
205 web::CreateCertFromTrust(trust_).get(), kCertGroupID); | |
206 | 201 |
207 // Make sure that item change callback was called. | 202 // Make sure that item change callback was called. |
208 [[delegate_ expect] SSLStatusUpdater:ssl_status_updater_ | 203 [[delegate_ expect] SSLStatusUpdater:ssl_status_updater_ |
209 didChangeSSLStatusForNavigationItem:item]; | 204 didChangeSSLStatusForNavigationItem:item]; |
210 | 205 |
211 [ssl_status_updater_ updateSSLStatusForNavigationItem:item | 206 [ssl_status_updater_ updateSSLStatusForNavigationItem:item |
212 withCertHost:kHostName | 207 withCertHost:kHostName |
213 trust:trust_ | 208 trust:trust_ |
214 hasOnlySecureContent:NO]; | 209 hasOnlySecureContent:NO]; |
215 // Make sure that cert verification did not run. | 210 // Make sure that cert verification did not run. |
(...skipping 132 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
348 | 343 |
349 // Make sure that cert verification was requested. | 344 // Make sure that cert verification was requested. |
350 EXPECT_TRUE([data_source_ certVerificationRequested]); | 345 EXPECT_TRUE([data_source_ certVerificationRequested]); |
351 | 346 |
352 // Make sure that security style and cert status are reset during | 347 // Make sure that security style and cert status are reset during |
353 // verification. | 348 // verification. |
354 EXPECT_EQ(web::SECURITY_STYLE_UNKNOWN, item->GetSSL().security_style); | 349 EXPECT_EQ(web::SECURITY_STYLE_UNKNOWN, item->GetSSL().security_style); |
355 EXPECT_FALSE(item->GetSSL().cert_status); | 350 EXPECT_FALSE(item->GetSSL().cert_status); |
356 | 351 |
357 // Change the cert. | 352 // Change the cert. |
358 item->GetSSL().cert_id = -1; | 353 item->GetSSL().certificate = nullptr; |
359 | 354 |
360 // Reply with calculated cert verification status. | 355 // Reply with calculated cert verification status. |
361 [data_source_ | 356 [data_source_ |
362 finishVerificationWithCertStatus:0 | 357 finishVerificationWithCertStatus:0 |
363 securityStyle:web::SECURITY_STYLE_AUTHENTICATED]; | 358 securityStyle:web::SECURITY_STYLE_AUTHENTICATED]; |
364 | 359 |
365 // Make sure that security style and content status did change. | 360 // Make sure that security style and content status did change. |
366 EXPECT_EQ(web::SECURITY_STYLE_UNKNOWN, item->GetSSL().security_style); | 361 EXPECT_EQ(web::SECURITY_STYLE_UNKNOWN, item->GetSSL().security_style); |
367 EXPECT_EQ(web::SSLStatus::NORMAL_CONTENT, item->GetSSL().content_status); | 362 EXPECT_EQ(web::SSLStatus::NORMAL_CONTENT, item->GetSSL().content_status); |
368 } | 363 } |
369 | 364 |
370 } // namespace web | 365 } // namespace web |
OLD | NEW |