| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #import "ios/web/net/crw_cert_verification_controller.h" | 5 #import "ios/web/net/crw_cert_verification_controller.h" |
| 6 | 6 |
| 7 #import "base/mac/bind_objc_block.h" | 7 #import "base/mac/bind_objc_block.h" |
| 8 #import "base/mac/scoped_nsobject.h" | 8 #import "base/mac/scoped_nsobject.h" |
| 9 #include "base/message_loop/message_loop.h" | 9 #include "base/message_loop/message_loop.h" |
| 10 #import "base/test/ios/wait_util.h" | 10 #import "base/test/ios/wait_util.h" |
| 11 #include "ios/web/public/test/web_test.h" | 11 #include "ios/web/public/test/web_test.h" |
| 12 #include "ios/web/public/web_thread.h" | 12 #include "ios/web/public/web_thread.h" |
| 13 #import "ios/web/web_state/wk_web_view_security_util.h" | 13 #import "ios/web/web_state/wk_web_view_security_util.h" |
| 14 #include "net/cert/x509_certificate.h" | 14 #include "net/cert/x509_certificate.h" |
| 15 #include "net/cert/x509_util_ios_and_mac.h" |
| 15 #include "net/test/cert_test_util.h" | 16 #include "net/test/cert_test_util.h" |
| 16 #include "net/test/test_data_directory.h" | 17 #include "net/test/test_data_directory.h" |
| 17 | 18 |
| 18 namespace web { | 19 namespace web { |
| 19 | 20 |
| 20 namespace { | 21 namespace { |
| 21 // Generated cert filename. | 22 // Generated cert filename. |
| 22 const char kCertFileName[] = "ok_cert.pem"; | 23 const char kCertFileName[] = "ok_cert.pem"; |
| 23 // Test hostname for cert verification. | 24 // Test hostname for cert verification. |
| 24 NSString* const kHostName = @"www.example.com"; | 25 NSString* const kHostName = @"www.example.com"; |
| 25 } // namespace | 26 } // namespace |
| 26 | 27 |
| 27 // Test fixture to test CRWCertVerificationController class. | 28 // Test fixture to test CRWCertVerificationController class. |
| 28 class CRWCertVerificationControllerTest : public web::WebTest { | 29 class CRWCertVerificationControllerTest : public web::WebTest { |
| 29 protected: | 30 protected: |
| 30 void SetUp() override { | 31 void SetUp() override { |
| 31 web::WebTest::SetUp(); | 32 web::WebTest::SetUp(); |
| 32 | 33 |
| 33 controller_.reset([[CRWCertVerificationController alloc] | 34 controller_.reset([[CRWCertVerificationController alloc] |
| 34 initWithBrowserState:GetBrowserState()]); | 35 initWithBrowserState:GetBrowserState()]); |
| 35 cert_ = | 36 cert_ = |
| 36 net::ImportCertFromFile(net::GetTestCertsDirectory(), kCertFileName); | 37 net::ImportCertFromFile(net::GetTestCertsDirectory(), kCertFileName); |
| 37 ASSERT_TRUE(cert_); | 38 ASSERT_TRUE(cert_); |
| 38 | 39 |
| 39 NSArray* chain = GetChain(cert_); | 40 base::ScopedCFTypeRef<CFMutableArrayRef> chain( |
| 40 valid_trust_ = web::CreateServerTrustFromChain(chain, kHostName); | 41 net::x509_util::CreateSecCertificateArrayForX509Certificate( |
| 42 cert_.get())); |
| 43 ASSERT_TRUE(chain); |
| 44 valid_trust_ = web::CreateServerTrustFromChain( |
| 45 static_cast<NSArray*>(chain.get()), kHostName); |
| 41 web::EnsureFutureTrustEvaluationSucceeds(valid_trust_.get()); | 46 web::EnsureFutureTrustEvaluationSucceeds(valid_trust_.get()); |
| 42 invalid_trust_ = web::CreateServerTrustFromChain(chain, kHostName); | 47 invalid_trust_ = web::CreateServerTrustFromChain( |
| 43 } | 48 static_cast<NSArray*>(chain.get()), kHostName); |
| 44 | |
| 45 // Returns NSArray of SecCertificateRef objects for the given |cert|. | |
| 46 NSArray* GetChain(const scoped_refptr<net::X509Certificate>& cert) const { | |
| 47 NSMutableArray* result = [NSMutableArray | |
| 48 arrayWithObject:static_cast<id>(cert->os_cert_handle())]; | |
| 49 for (SecCertificateRef intermediate : cert->GetIntermediateCertificates()) { | |
| 50 [result addObject:static_cast<id>(intermediate)]; | |
| 51 } | |
| 52 return result; | |
| 53 } | 49 } |
| 54 | 50 |
| 55 // Synchronously returns result of | 51 // Synchronously returns result of |
| 56 // decideLoadPolicyForTrust:host:completionHandler: call. | 52 // decideLoadPolicyForTrust:host:completionHandler: call. |
| 57 void DecidePolicy(const base::ScopedCFTypeRef<SecTrustRef>& trust, | 53 void DecidePolicy(const base::ScopedCFTypeRef<SecTrustRef>& trust, |
| 58 NSString* host, | 54 NSString* host, |
| 59 web::CertAcceptPolicy* policy, | 55 web::CertAcceptPolicy* policy, |
| 60 net::CertStatus* status) { | 56 net::CertStatus* status) { |
| 61 __block bool completion_handler_called = false; | 57 __block bool completion_handler_called = false; |
| 62 [controller_ | 58 [controller_ |
| (...skipping 124 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 187 SecurityStyle style = SECURITY_STYLE_UNKNOWN; | 183 SecurityStyle style = SECURITY_STYLE_UNKNOWN; |
| 188 net::CertStatus status = net::CERT_STATUS_ALL_ERRORS; | 184 net::CertStatus status = net::CERT_STATUS_ALL_ERRORS; |
| 189 | 185 |
| 190 QueryStatus(invalid_trust_, kHostName, &style, &status); | 186 QueryStatus(invalid_trust_, kHostName, &style, &status); |
| 191 EXPECT_EQ(SECURITY_STYLE_AUTHENTICATION_BROKEN, style); | 187 EXPECT_EQ(SECURITY_STYLE_AUTHENTICATION_BROKEN, style); |
| 192 EXPECT_TRUE(net::CERT_STATUS_AUTHORITY_INVALID & status); | 188 EXPECT_TRUE(net::CERT_STATUS_AUTHORITY_INVALID & status); |
| 193 EXPECT_TRUE(net::CERT_STATUS_COMMON_NAME_INVALID & status); | 189 EXPECT_TRUE(net::CERT_STATUS_COMMON_NAME_INVALID & status); |
| 194 } | 190 } |
| 195 | 191 |
| 196 } // namespace web | 192 } // namespace web |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2864133002:
Convert iOS to use X509CertificateBytes. (Closed)
