Stop using CertStore which is not compatible with PlzNavigate.

ios/web/net/crw_ssl_status_updater_unittest.mm

 // Copyright 2016 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #import "ios/web/net/crw_ssl_status_updater.h"
 
 #include "base/mac/scoped_block.h"
 #include "base/strings/sys_string_conversions.h"
 #import "ios/web/navigation/crw_session_controller+private_constructors.h"
 #import "ios/web/navigation/crw_session_controller.h"
 #import "ios/web/navigation/navigation_manager_impl.h"
-#include "ios/web/public/cert_store.h"
 #include "ios/web/public/navigation_item.h"
 #include "ios/web/public/ssl_status.h"
 #include "ios/web/public/test/web_test.h"
 #import "ios/web/web_state/wk_web_view_security_util.h"
 #include "net/test/cert_test_util.h"
 #include "net/test/test_data_directory.h"
 #include "third_party/ocmock/OCMock/OCMock.h"
 #include "third_party/ocmock/gtest_support.h"
 
 // Mocks CRWSSLStatusUpdaterTestDataSource.
@@ skipping 39 matching lines @@
 
 namespace {
 // Generated cert filename.
 const char kCertFileName[] = "ok_cert.pem";
 // Test hostname for cert verification.
 NSString* const kHostName = @"www.example.com";
 // Test https url for cert verification.
 const char kHttpsUrl[] = "https://www.example.com";
 // Test http url for cert verification.
 const char kHttpUrl[] = "http://www.example.com";
-// Test cert group ID.
-const int kCertGroupID = 1;
 }  // namespace
 
 // Test fixture to test CRWSSLStatusUpdater class.
 class CRWSSLStatusUpdaterTest : public web::WebTest {
  protected:
   void SetUp() override {
     web::WebTest::SetUp();
 
     data_source_.reset([[CRWSSLStatusUpdaterTestDataSource alloc] init]);
     delegate_.reset([[OCMockObject
         mockForProtocol:@protocol(CRWSSLStatusUpdaterDelegate)] retain]);
 
     nav_manager_.reset(new NavigationManagerImpl(nullptr, GetBrowserState()));
 
     ssl_status_updater_.reset([[CRWSSLStatusUpdater alloc]
         initWithDataSource:data_source_
-         navigationManager:nav_manager_.get()
-               certGroupID:kCertGroupID]);
+         navigationManager:nav_manager_.get()]);
     [ssl_status_updater_ setDelegate:delegate_];
 
     // Create test cert chain.
     scoped_refptr<net::X509Certificate> cert =
         net::ImportCertFromFile(net::GetTestCertsDirectory(), kCertFileName);
     ASSERT_TRUE(cert);
     NSArray* chain = @[ static_cast<id>(cert->os_cert_handle()) ];
     trust_ = CreateServerTrustFromChain(chain, kHostName);
   }
 
@@ skipping 38 matching lines @@
   // Make sure that item change callback was called.
   [[delegate_ expect] SSLStatusUpdater:ssl_status_updater_
       didChangeSSLStatusForNavigationItem:item];
 
   [ssl_status_updater_ updateSSLStatusForNavigationItem:item
                                            withCertHost:kHostName
                                                   trust:trust_
                                    hasOnlySecureContent:NO];
 
   // No certificate for http.
-  EXPECT_FALSE(item->GetSSL().cert_id);
+  EXPECT_FALSE(!!item->GetSSL().certificate);
   // Make sure that security style and content status did change.
   EXPECT_EQ(web::SECURITY_STYLE_UNAUTHENTICATED, item->GetSSL().security_style);
   EXPECT_EQ(web::SSLStatus::DISPLAYED_INSECURE_CONTENT,
             item->GetSSL().content_status);
 }
 
 // Tests that delegate callback is not called if no changes were made to http
 // navigation item.
 TEST_F(CRWSSLStatusUpdaterTest, NoChangesToHttpItem) {
   nav_manager_->SetSessionController(SessionControllerWithEntry(kHttpUrl));
   web::NavigationItem* item = nav_manager_->GetLastCommittedItem();
   item->GetSSL().security_style = SECURITY_STYLE_UNAUTHENTICATED;
 
   [ssl_status_updater_ updateSSLStatusForNavigationItem:item
                                            withCertHost:kHostName
                                                   trust:trust_
                                    hasOnlySecureContent:YES];
   // No certificate for http.
-  EXPECT_FALSE(item->GetSSL().cert_id);
+  EXPECT_FALSE(!!item->GetSSL().certificate);
   // Make sure that security style did not change.
   EXPECT_EQ(web::SECURITY_STYLE_UNAUTHENTICATED, item->GetSSL().security_style);
 }
 
 // Tests updating https navigation item without cert.
 TEST_F(CRWSSLStatusUpdaterTest, HttpsItemNoCert) {
   nav_manager_->SetSessionController(SessionControllerWithEntry(kHttpsUrl));
   web::NavigationItem* item = nav_manager_->GetLastCommittedItem();
   // Change default value to test that |item| is actually changed.
   item->GetSSL().security_style = SECURITY_STYLE_UNAUTHENTICATED;
 
   // Make sure that item change callback was called.
   [[delegate_ expect] SSLStatusUpdater:ssl_status_updater_
       didChangeSSLStatusForNavigationItem:item];
 
   [ssl_status_updater_
       updateSSLStatusForNavigationItem:item
                           withCertHost:kHostName
                                  trust:base::ScopedCFTypeRef<SecTrustRef>()
                   hasOnlySecureContent:YES];
   // No certificate.
-  EXPECT_FALSE(item->GetSSL().cert_id);
+  EXPECT_FALSE(!!item->GetSSL().certificate);
   // Make sure that security style did change.
   EXPECT_EQ(web::SECURITY_STYLE_UNKNOWN, item->GetSSL().security_style);
   EXPECT_EQ(web::SSLStatus::NORMAL_CONTENT, item->GetSSL().content_status);
 }
 
 // Tests that unnecessary cert verification does not happen if SSL status has
 // already been calculated and the only change was appearing of mixed content.
 TEST_F(CRWSSLStatusUpdaterTest, HttpsItemNoCertReverification) {
   nav_manager_->SetSessionController(SessionControllerWithEntry(kHttpsUrl));
   web::NavigationItem* item = nav_manager_->GetLastCommittedItem();
   // Set SSL status manually in the way so cert re-verification is not run.
   item->GetSSL().cert_status_host = base::SysNSStringToUTF8(kHostName);
-  item->GetSSL().cert_id = web::CertStore::GetInstance()->StoreCert(
-      web::CreateCertFromTrust(trust_).get(), kCertGroupID);
+  item->GetSSL().certificate = web::CreateCertFromTrust(trust_);
 
   // Make sure that item change callback was called.
   [[delegate_ expect] SSLStatusUpdater:ssl_status_updater_
       didChangeSSLStatusForNavigationItem:item];
 
   [ssl_status_updater_ updateSSLStatusForNavigationItem:item
                                            withCertHost:kHostName
                                                   trust:trust_
                                    hasOnlySecureContent:NO];
   // Make sure that cert verification did not run.
@@ skipping 132 matching lines @@
 
   // Make sure that cert verification was requested.
   EXPECT_TRUE([data_source_ certVerificationRequested]);
 
   // Make sure that security style and cert status are reset during
   // verification.
   EXPECT_EQ(web::SECURITY_STYLE_UNKNOWN, item->GetSSL().security_style);
   EXPECT_FALSE(item->GetSSL().cert_status);
 
   // Change the cert.
-  item->GetSSL().cert_id = -1;
+  item->GetSSL().certificate = nullptr;
 
   // Reply with calculated cert verification status.
   [data_source_
       finishVerificationWithCertStatus:0
                          securityStyle:web::SECURITY_STYLE_AUTHENTICATED];
 
   // Make sure that security style and content status did change.
   EXPECT_EQ(web::SECURITY_STYLE_UNKNOWN, item->GetSSL().security_style);
   EXPECT_EQ(web::SSLStatus::NORMAL_CONTENT, item->GetSSL().content_status);
 }
 
 }  // namespace web